mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
a03adc928e
- Update from version 3.8.4 to 3.9.0 - Update of rootfile - With version 3.9.0 the option smtpd_forbid_bare_newline default value is now yes. With previous versions the default value was no but to prevent the possibility of an smtp smuggling attack the option should be yes. Previous version therefore actively set the value to yes and added it to the main.cf file when being installed. With version 3.9.0 the default value is now yes so the option no longer needs to be added into main.cf, so smtp smuggling attack is protected by default now. - Removed the section from the install.sh file that added the option into main.cf with version 3.8.4. From 3.9.0 onwards the default value is yes so no longer needs to be actively added into main.cf - Changelog is too large to paste here. It can be read in the file RELEASE_NOTES in the source tarball. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
132 lines
4.5 KiB
Plaintext
132 lines
4.5 KiB
Plaintext
###############################################################################
|
|
# #
|
|
# IPFire.org - A linux based firewall #
|
|
# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
|
|
# #
|
|
# This program is free software: you can redistribute it and/or modify #
|
|
# it under the terms of the GNU General Public License as published by #
|
|
# the Free Software Foundation, either version 3 of the License, or #
|
|
# (at your option) any later version. #
|
|
# #
|
|
# This program is distributed in the hope that it will be useful, #
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
|
|
# GNU General Public License for more details. #
|
|
# #
|
|
# You should have received a copy of the GNU General Public License #
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
|
|
# #
|
|
###############################################################################
|
|
|
|
###############################################################################
|
|
# Definitions
|
|
###############################################################################
|
|
|
|
include Config
|
|
|
|
SUMMARY = A fast, secure, and flexible mailer
|
|
|
|
VER = 3.9.0
|
|
|
|
THISAPP = postfix-$(VER)
|
|
DL_FILE = $(THISAPP).tar.gz
|
|
DL_FROM = $(URL_IPFIRE)
|
|
DIR_APP = $(DIR_SRC)/$(THISAPP)
|
|
TARGET = $(DIR_INFO)/$(THISAPP)
|
|
PROG = postfix
|
|
PAK_VER = 45
|
|
|
|
DEPS =
|
|
|
|
SERVICES = postfix
|
|
|
|
CCARGS = `getconf LFS_CFLAGS` \
|
|
-DDEF_DAEMON_DIR="'\"/usr/lib/postfix\"'" \
|
|
-DDEF_MANPAGE_DIR="'\"/usr/share/man\"'" \
|
|
-DNO_NIS
|
|
AUXLIBS =
|
|
|
|
# LDAP
|
|
CCARGS += -DHAS_LDAP -DLDAP_DEPRECATED=1
|
|
AUXLIBS += -lldap -llber
|
|
|
|
# PCRE
|
|
CCARGS += -DHAS_PCRE -I/usr/include/pcre
|
|
AUXLIBS += -lpcre
|
|
|
|
# SASL
|
|
CCARGS += -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl
|
|
AUXLIBS += -L/usr/lib/sasl2 -lsasl2
|
|
|
|
# TLS
|
|
CCARGS += -DUSE_TLS `pkg-config --cflags openssl`
|
|
AUXLIBS += `pkg-config --libs openssl`
|
|
|
|
###############################################################################
|
|
# Top-level Rules
|
|
###############################################################################
|
|
|
|
objects = $(DL_FILE)
|
|
|
|
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
|
|
|
|
$(DL_FILE)_BLAKE2 = e07a525d9cbea43d3ed11f3d672452cf94f88ca7bbaf3c3254bf5be4ef675a1797a5fff2444c0db60c6eb53e43734a388a91faed72bb2fb4e3e5a353535602b0
|
|
|
|
install : $(TARGET)
|
|
|
|
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
|
|
|
|
download :$(patsubst %,$(DIR_DL)/%,$(objects))
|
|
|
|
b2 : $(subst %,%_BLAKE2,$(objects))
|
|
|
|
dist:
|
|
@$(PAK)
|
|
|
|
###############################################################################
|
|
# Downloading, checking, b2sum
|
|
###############################################################################
|
|
|
|
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
|
|
@$(CHECK)
|
|
|
|
$(patsubst %,$(DIR_DL)/%,$(objects)) :
|
|
@$(LOAD)
|
|
|
|
$(subst %,%_BLAKE2,$(objects)) :
|
|
@$(B2SUM)
|
|
|
|
###############################################################################
|
|
# Installation Details
|
|
###############################################################################
|
|
|
|
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
|
|
@$(PREBUILD)
|
|
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
|
|
|
|
cd $(DIR_APP) && make -f Makefile.init makefiles \
|
|
DEBUG="" OPT="$(CFLAGS) -fno-strict-aliasing" CCARGS="$(CCARGS)" AUXLIBS="$(AUXLIBS)"
|
|
cd $(DIR_APP) && make $(MAKETUNING)
|
|
cd $(DIR_APP) && sh postfix-install -non-interactive
|
|
## Install configuration
|
|
rm -vf /etc/postfix/main.cf.default
|
|
|
|
# update main.cf parameters to prevent smtp smuggling attack
|
|
postconf -e 'smtpd_forbid_bare_newline = yes'
|
|
postconf -e 'smtpd_forbid_unauth_pipelining = yes'
|
|
postconf -e 'smtpd_data_restrictions = reject_unauth_pipelining'
|
|
postconf -e 'smtpd_discard_ehlo_keywords = chunking'
|
|
|
|
mkdir -p /var/lib/postfix
|
|
chown postfix.root /var/lib/postfix
|
|
|
|
install -v -m 644 $(DIR_SRC)/config/backup/includes/postfix \
|
|
/var/ipfire/backup/addons/includes/postfix
|
|
mv /usr/sbin/sendmail /usr/sbin/sendmail.postfix
|
|
|
|
#install initscripts
|
|
$(call INSTALL_INITSCRIPTS,$(SERVICES))
|
|
|
|
@rm -rf $(DIR_APP)
|
|
@$(POSTBUILD)
|