There is a very good TLS patch for Postfix available at ftp://ftp.aet.tu-cottbus.de/pub/pfixtls/, it would be great if this was added to the Redhat package. While you are at it, you might want to enable Cyrus SASL auth Below is a spec file which does both. It uses a modified postfix-chroot_setup.patch and a makedefs updated for Redhat 7.0 by the author of Postfix (the file should be available from the Postfix mailing list, message ID '20001115144419.591654563E.org'). I can send both on request. ------------------------------------ %define rel 0.1djm %define ver 20001030 %define tlsver 0.6.23 %define sslver 0.9.6 %define LDAP 1 Name: postfix Summary: Postfix Mail Transport Agent Group: System Environment/Daemons Version: %{ver} URL: http://www.postfix.org/ Source: http://postfixftp.eunet.fi/experimental/snapshot-%{version}.tar.gz Source1: postfix-README_rpm.txt Source2: postfix-README_maildrop_security.txt Source3: postfix-init_script.sh Source4: postfix-cron.daily.sh Source5: postfix-aliases Source6: makedefs Source100: ftp://ftp.aet.tu-cottbus.de/pub/pfixtls/pfixtls-%{tlsver}-snap%{ver}-%{sslver}.tar.gz Patch0: postfix-chroot_setup.patch Patch1: postfix-config.patch Patch2: postfix-chroot_chk.patch #Patch3: postfix-glibc22.patch Patch4: postfix-nonroot.patch Patch5: postfix-20000924-ulimit.patch Copyright: IBM Public License -- see LICENSE for details Prereq: /sbin/chkconfig , /sbin/service Provides: MTA smtpd smtpdaemon Conflicts: sendmail %define rel 1 %if %{LDAP} Release: %{rel}LDAP %else Release: %{rel} %endif BuildRoot: %{_tmppath}/%{name}-%{version}-root %if %{LDAP} BuildPrereq: openldap-devel Requires: openldap %endif %description Postfix, see http://www.postfix.org, aims to be an alternative to the widely-used sendmail program, which is responsible for 70 percent of all e-mail delivered on the Internet. Although IBM supported the Postfix development, it abstains from control over its evolution. The goal is to have Postfix installed on as many systems as possible. To this end, the software is given away with no strings attached, so that it can evolve with input from and under control of its users. Be sure to read http://www.moongroup.com/postfix-faq/c22.html which covers steps which should be taken prior to and after the installation of Postfix. %define config_directory /etc/postfix %define daemon_directory /usr/libexec/postfix %define command_directory /usr/sbin %define queue_directory /var/spool/postfix %define newaliases_path /usr/bin/newaliases %define mailq_path /usr/bin/mailq %define rmail_path /usr/bin/rmail %define init_directory /etc/rc.d/init.d %define sendmail_path /usr/sbin/sendmail %define cron_directory /etc/cron.daily %define whinge logger -p mail.info -t postfix/rpm %prep umask 022 %setup -q -n snapshot-%{version} -a 100 %patch1 -p1 -b .config %patch2 -p1 -b .chk #%patch3 -p1 -b .glibc22 %patch4 -p1 -b .nonroot %patch5 -p1 -b .ulimit # This is Wietse's updated makedefs for RH7 cp ${RPM_SOURCE_DIR}/makedefs . # Copy README files allowing us to just go %doc below, and have rpm(1) # automatically tuck it in alongside the READMEs and COPYRIGHTs. cp ${RPM_SOURCE_DIR}/postfix-README_rpm.txt README_rpm.txt cp ${RPM_SOURCE_DIR}/postfix-README_maildrop_security.txt \ README_maildrop_security.txt # Apply the Postfix TLS patch patch -p1 < pfixtls-%{tlsver}-snap%{ver}-%{sslver}/pfixtls.diff # Fix up an errant perl path perl -p -i -e "s/^\/usr\/local\/bin\/perl/\/usr\/bin\/perl/" \ pfixtls-%{tlsver}-snap%{ver}-%{sslver}/contributed/loadCAcert.pl # This needs to go in after pfixtls %patch0 -p1 -b .chroot %build umask 022 %if %{LDAP} make DEBUG="" OPT="$RPM_OPT_FLAGS -DHAS_LDAP -DHAS_PCRE -DHAS_SSL -DUSE_SASL_AUTH" \ AUXLIBS="-lldap -llber -lsasl -lpcre -lssl -lcrypto" %else make DEBUG="" OPT="$RPM_OPT_FLAGS -DHAS_PCRE -DHAS_SSL -DUSE_SASL_AUTH" \ AUXLIBS="-lpcre -lssl -lsasl -lcrypto" %endif %install umask 022 /bin/rm -rf ${RPM_BUILD_ROOT} mkdir -p ${RPM_BUILD_ROOT} strip -R .comment bin/* libexec/* # Move the TLS docs to something more readable mv pfixtls-%{tlsver}-snap%{ver}-%{sslver} pfixtls rm -f pfixtls/pfixtls.diff sh INSTALL.sh <<EOF ${RPM_BUILD_ROOT} %{config_directory} %{daemon_directory} %{command_directory} %{queue_directory} %{sendmail_path} %{newaliases_path} %{mailq_path} mail mail %{_mandir} EOF # Change the default directory for alias_maps and alias_database # to %{config_directory} bin/postconf -c ${RPM_BUILD_ROOT}%{config_directory} -e \ "alias_maps = hash:%{config_directory}/aliases" \ "alias_database = hash:%{config_directory}/aliases" \ || exit 1 # This installs into the /etc/rc.d/init.d directory mkdir -p ${RPM_BUILD_ROOT}%{init_directory} install -c ${RPM_SOURCE_DIR}/postfix-init_script.sh ${RPM_BUILD_ROOT}%{init_directory}/postfix # These set up the chroot directory structure mkdir -p ${RPM_BUILD_ROOT}%{queue_directory}/etc mkdir -p ${RPM_BUILD_ROOT}%{queue_directory}/lib mkdir -p ${RPM_BUILD_ROOT}%{queue_directory}/usr/lib/zoneinfo # This is the /etc/cron.daily directory mkdir -p ${RPM_BUILD_ROOT}%{cron_directory} install -c ${RPM_SOURCE_DIR}/postfix-cron.daily.sh ${RPM_BUILD_ROOT}%{cron_directory}/postfix install -c auxiliary/rmail/rmail ${RPM_BUILD_ROOT}%{rmail_path} gzip -9f ${RPM_BUILD_ROOT}%{_mandir}/man{1,5,8}/* ||: # # copy new aliases files and build the aliases.db (ghost) file # cp -f ${RPM_SOURCE_DIR}/postfix-aliases ${RPM_BUILD_ROOT}%{config_directory}/aliases chmod 644 ${RPM_BUILD_ROOT}%{config_directory}/aliases ${RPM_BUILD_ROOT}/%{command_directory}/postalias -c ${RPM_BUILD_ROOT}/%{config_directory} ${RPM_BUILD_ROOT}/%{config_directory}/aliases mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/active mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/bounce mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/corrupt mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/defer mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/deferred mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/incoming mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/pid mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/private mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/public mkdir -p $RPM_BUILD_ROOT/var/spool/postfix/saved %post /sbin/chkconfig --add postfix %{newaliases_path} %preun umask 022 if [ "$1" = 0 ]; then %{command_directory}/postfix stop /sbin/chkconfig --del postfix rm -f %{queue_directory}/etc/localtime rm -f %{queue_directory}/etc/services rm -f %{queue_directory}/etc/resolv.conf rm -f %{queue_directory}/usr/lib/zoneinfo/localtime rm -f %{queue_directory}/lib/libnss_dns.so.1 rm -f %{queue_directory}/lib/libnss_dns.so.2 fi %postun if [ "$1" != 0 ]; then (%{command_directory}/postfix stop && sleep 2 && %{command_directory}/postfix start) || true fi %clean rm -rf ${RPM_BUILD_ROOT} %files %defattr(-, root, root) %verify(not md5 size mtime) %config %dir %{config_directory} %attr(0755, root, root) %config %{config_directory}/postfix-script %attr(0644, root, root) %verify(not md5 size mtime) %config %{config_directory}/main.cf %attr(0644, root, root) %verify(not md5 size mtime) %config %{config_directory}/master.cf %attr(0644, root, root) %verify(not md5 size mtime) %config %{config_directory}/install.cf %attr(0644, root, root) %verify(not md5 size mtime) %config(noreplace) %{config_directory}/aliases %attr(0644, root, root) %verify(not md5 size mtime) %ghost %{config_directory}/aliases.db %attr(0755, root, root) %{init_directory}/postfix %dir %attr(-, root, root) %verify(not md5 size mtime) %{queue_directory} %dir %attr(-, root, root) %verify(not md5 size mtime) %{queue_directory}/etc %dir %attr(-, root, root) %verify(not md5 size mtime) %{queue_directory}/lib %dir %attr(-, root, root) %verify(not md5 size mtime) %{queue_directory}/usr/lib %dir %attr(-, root, root) %verify(not md5 size mtime) %{queue_directory}/usr/lib/zoneinfo %dir %attr(0700, mail, root) %verify(not md5 size mtime) %{queue_directory}/active %dir %attr(0700, mail, root) %verify(not md5 size mtime) %{queue_directory}/bounce %dir %attr(0700, mail, root) %verify(not md5 size mtime) %{queue_directory}/corrupt %dir %attr(0700, mail, root) %verify(not md5 size mtime) %{queue_directory}/defer %dir %attr(0700, mail, root) %verify(not md5 size mtime) %{queue_directory}/deferred %dir %attr(0700, mail, root) %verify(not md5 size mtime) %{queue_directory}/incoming %dir %attr(1730, mail, mail) %verify(not md5 size mtime) %{queue_directory}/maildrop %dir %attr(0755, mail, root) %verify(not md5 size mtime) %{queue_directory}/pid %dir %attr(0700, mail, root) %verify(not md5 size mtime) %{queue_directory}/private %dir %attr(0755, mail, root) %verify(not md5 size mtime) %{queue_directory}/public %dir %attr(0700, mail, root) %verify(not md5 size mtime) %{queue_directory}/saved %attr(0755, root, root) %{cron_directory}/postfix %doc 0README BEWARE COMPATIBILITY DEBUG_README HISTORY INSTALL INSTALL.sh %doc LDAP_README LICENSE MYSQL_README PCRE_README PORTING %doc README_maildrop_security.txt README_rpm.txt RELEASE_NOTES %doc RESTRICTION_CLASS TODO ULTRIX_README UUCP_README %doc README_rpm.txt README_maildrop_security.txt %doc conf/access conf/aliases conf/canonical conf/main.cf %doc conf/main.cf.default conf/master.cf conf/postfix-script %doc conf/postfix-script-nosgid conf/postfix-script-sgid conf/relocated %doc conf/sample-aliases.cf conf/sample-canonical.cf conf/sample-debug.cf %doc conf/sample-ldap.cf conf/sample-local.cf conf/sample-misc.cf %doc conf/sample-pcre.cf conf/sample-rate.cf conf/sample-regexp.cf %doc conf/sample-relocated.cf conf/sample-resource.cf %doc conf/sample-rewrite.cf conf/sample-smtp.cf conf/sample-smtpd.cf %doc conf/sample-transport.cf conf/sample-virtual.cf conf/transport %doc conf/virtual %doc html %dir %{daemon_directory} %{daemon_directory}/* %{command_directory}/postalias %{command_directory}/postcat %{command_directory}/postconf %attr(2755, root, mail) %{command_directory}/postdrop %{command_directory}/postfix %{command_directory}/postkick %{command_directory}/postlock %{command_directory}/postlog %{command_directory}/postmap %{command_directory}/postsuper %{sendmail_path} %{mailq_path} %{newaliases_path} %attr(0755, root, root) %{rmail_path} %{_mandir}/*/* %changelog * Fri Nov 17 2000 Damien Miller <djm.au> - Add Postfix TLS patch - Enable PCRE maps - Link with Cyrus SASL library - Modify init script to check chroot files at daemon start time - Cleanup patches to suit above * Fri Sep 29 2000 Bernhard Rosenkraenzer <bero> - Update to 20000924 - Run newaliases in %post (postfix doesn't run if it can't access the alias databases.) - Fix a relatively major glibc 2.2 interoperability problem - the maximum size of the mailspool is NOT supposed to be the maximum size of a message. * Thu Aug 17 2000 Than Ngo <than> - added missing directories (Bug #16404) * Thu Aug 3 2000 Bernhard Rosenkraenzer <bero> - Add optional LDAP support (Bug #14680), leave it disabled by default to avoid additional dependencies - Add nqmgr (Bug #14680) * Wed Aug 2 2000 Bernhard Rosenkraenzer <bero> - Add some missing directories (Bug #13667 and some non-reported issues) * Mon Jul 24 2000 Prospector <prospector> - rebuilt * Mon Jul 17 2000 Tim Powers <timp> - inits now in rc.d/init.d again * Thu Jul 06 2000 Tim Powers <timp> - fixed PreReq to PreReq /etc/init.d * Thu Jul 6 2000 Bernhard Rosenkraenzer <bero> - FHSify * Mon Jun 19 2000 Bernhard Rosenkraenzer <bero> - 20000531 - clean up the spec file - it's a huge mess... - FHSify - fix build as user - fix compilation with glibc 2.2 * Thu Jan 13 2000 Tim Powers <timp> - removing the whinge stuff from the pre and post sections to meet Red Hat policy - quiet setup - built for Powertools 6.2 * Thu Jan 13 2000 Simon Mudd <sjmudd> - fix the postalias command which needed the '-c' option specified. (Edward S. Marshall <emarshal>) - fix the rpm-3.x problem with defines not being commented out and comment that part of the spec file so that I don't get caught again. (It works on my platform with rpm-2.x!) * Tue Jan 04 2000 Simon Mudd <sjmudd> - update to work with postfix-19991231-pl02 * Tue Jan 04 2000 Simon Mudd <sjmudd> - update to work with postfix-19991231-pl01 - and the ghost parameter for aliases.db * Tue Jan 04 2000 Simon Mudd <sjmudd> - Fix BEWARE problem in doc - change man page compression to work on required files * Fri Dec 24 1999 Simon Mudd <sjmudd> - update for 19991223 snapshot - setup the alias_maps and alias_database parameters correctly - rebuild aliases on install (should fix this to only do this if required) - fix INSTALL.sh which didn't quite work * Thu Dec 23 1999 Simon Mudd <sjmudd> - modified the aliases file somewhat. - re-enabled the whinging after ensuring that output will NOT go to stderr, but only syslog. * Wed Dec 22 1999 Chuck Mead <chuck> - added an aliases file per discussions with Tim Powers * Wed Dec 22 1999 Tim Powers <timp> - changed group so that it's a valid Red Hat group - commented out the whinge stuff in the %pre and %post sections to conform with Red Hat policy - changed BuildRoot to be in /var/tmp - gzip man pages - changed %%{manpath} reference in %files section so that this package doesn't claim ownership of /usr/man - commented out the Patch99 stuff since we don't need it * Fri Dec 17 1999 Simon J Mudd <sjmudd> [19991216-1]: update for new snapshot * Mon Dec 13 1999 Simon J Mudd <sjmudd> [19991126-1]: update for new snapshot * Sat Dec 03 1999 Simon J Mudd <sjmudd> [19991126-1]: update for new snapshot * Fri Nov 26 1999 Simon J Mudd <sjmudd> [19991123-4]: /etc/cron.daily/postfix was installed as well as a crontab - remove the crontab entry as this isn't necessary [19991123-3]: add a small delay between postfix stop && postfix start [19991123-2]: Wietse's rbl code needed, patching - include the patch * Tue Nov 23 1999 Simon J Mudd <sjmudd> [19991123-1]: try the snapshot which looks nice (?) * Mon Nov 22 1999 Simon J Mudd <sjmudd> [19990906-pl07-1]: patch against pl07 * Thu Nov 17 1999 Simon J Mudd <sjmudd> [19990906-pl06-2]: tidy up spec file and include rmail
Beat you to it. ;) We integrated the patch on Nov 14. ;)
Where can I get the updated package? ftp://rawhide.redhat.com/rawhide/powertools/SRPMS/postfix-20000924-1.src.rpm is a bit old :)