main.cf/master.cf user-defined parameters

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

main.cf/master.cf user-defined parameters

postfix-6
(1) To use -o smtpd_client_restrictions in master.cf for the submission
port, I have been using

main.cf:

submission_client_restrictions = ...

master.cf

submission ... -o smtpd_client_restrictions =
$submission_client_restrictions

This seems to be necessary because of the space in "reject_rbl_client RBL".

This has been working in postfix 2.11 as far as I know. I recently tried
it with postfix 2.6 (the version provided by Amazon Linux, sigh) and it
doesn't seem to be working, though the problem may be something else (it
isn't an identical config).

Were user-defined parameters supported back in 2.6? (I notice postconf
-C doesn't exist in 2.6)

(2) I am considering whether to build postfix 3.2 from source on Amazon
Linux. If I bother, I want it to use a modern openssl (1.0.2k) built
from source. I would appreciate it if someone would explain how to
specify to the build where to find openssl (it would install in
/usr/local/ssl/{bin,lib}).

(3) Other suggestions welcome.

-Earl


Reply | Threaded
Open this post in threaded view
|

Re: main.cf/master.cf user-defined parameters

Wietse Venema
Earl Killian:

> (1) To use -o smtpd_client_restrictions in master.cf for the submission
> port, I have been using
>
> main.cf:
>
> submission_client_restrictions = ...
>
> master.cf
>
> submission ... -o smtpd_client_restrictions =
> $submission_client_restrictions
>
> This seems to be necessary because of the space in "reject_rbl_client RBL".
>
> This has been working in postfix 2.11 as far as I know. I recently tried
> it with postfix 2.6 (the version provided by Amazon Linux, sigh) and it
> doesn't seem to be working, though the problem may be something else (it
> isn't an identical config).

You need to be more specific about the details if you want help.
>
> Were user-defined parameters supported back in 2.6? (I notice postconf
> -C doesn't exist in 2.6)

Supported long before Postfix was even released.

> (2) I am considering whether to build postfix 3.2 from source on Amazon
> Linux. If I bother, I want it to use a modern openssl (1.0.2k) built
> from source. I would appreciate it if someone would explain how to
> specify to the build where to find openssl (it would install in
> /usr/local/ssl/{bin,lib}).

http://www.postfix.org/TLS_README.html (for CCARGS and AUXLIBS)
http://www.postfix.org/INSTALL.html (for openssl_path)

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: main.cf/master.cf user-defined parameters

postfix-6
On 2017/3/5 09:14, Wietse Venema wrote:

> Earl Killian:
>> (1) To use -o smtpd_client_restrictions in master.cf for the submission
>> port, I have been using
>>
>> main.cf:
>>
>> submission_client_restrictions = ...
>>
>> master.cf
>>
>> submission ... -o smtpd_client_restrictions =
>> $submission_client_restrictions
>>
>> This seems to be necessary because of the space in "reject_rbl_client RBL".
>>
>> This has been working in postfix 2.11 as far as I know. I recently tried
>> it with postfix 2.6 (the version provided by Amazon Linux, sigh) and it
>> doesn't seem to be working, though the problem may be something else (it
>> isn't an identical config).
> You need to be more specific about the details if you want help.
You answered my question about user-defined parameters below. If I
decide to pursue what went wrong with my 2.6 attempts, I'll post a
proper query about what might have gone wrong, but I am inclined to try
building 3.2 from source, since 2.6 seems rather old.
>> Were user-defined parameters supported back in 2.6? (I notice postconf
>> -C doesn't exist in 2.6)
> Supported long before Postfix was even released.
Got it. Thanks.
>
>> (2) I am considering whether to build postfix 3.2 from source on Amazon
>> Linux. If I bother, I want it to use a modern openssl (1.0.2k) built
>> from source. I would appreciate it if someone would explain how to
>> specify to the build where to find openssl (it would install in
>> /usr/local/ssl/{bin,lib}).
> http://www.postfix.org/TLS_README.html (for CCARGS and AUXLIBS)
> http://www.postfix.org/INSTALL.html (for openssl_path)
>
Thank you! I had not noticed the stuff at the end of TLS_README.html,
which helps.

I take it from reading the documentation that there isn't the equivalent
of "prefix=/usr/local", so I need to specify all the paths mentioned in
INSTALL.html. Here is what I used:

make tidy
make makefiles \
     CCARGS='-DDEF_CONFIG_DIR=/usr/local/etc/postfix -DUSE_TLS
-I/usr/local/ssl/include -DNO_NIS -DNO_NISPLUS' \
     AUXLIBS='/usr/local/ssl/lib/libssl.a /usr/local/ssl/lib/libcrypto.a' \
     config_directory=/usr/local/etc/postfix \
     meta_directory=/usr/local/etc/postfix \
     command_directory=/usr/local/sbin \
     daemon_directory=/usr/local/libexec/postfix \
     mailq_path=/usr/local/bin/mailq \
     newaliases_path=/usr/local/bin/newaliases \
     openssl_path=/usr/local/ssl/bin/openssl \
     sendmail_path=/usr/local/sbin/sendmail \
     shlib_directory=/usr/local/lib/postfix

For others reading this thread, I found this generated these warnings:
<command-line>:0:0: warning: "DEF_CONFIG_DIR" redefined [enabled by default]
<command-line>:0:0: note: this is the location of the previous definition
<command-line>:0:0: warning: "DEF_SHLIB_DIR" redefined [enabled by default]
<command-line>:0:0: note: this is the location of the previous definition
presumably because the -DDEF_CONFIG_DIR in CCARGS was redundant with
config_directory= in the "make makefiles" (there was a line in
INSTALL.html that had me thinking the -DDEF_CONFIG_DIR was required).

-Earl

Reply | Threaded
Open this post in threaded view
|

Re: main.cf/master.cf user-defined parameters

Viktor Dukhovni

> On Mar 5, 2017, at 2:34 PM, Earl Killian <[hidden email]> wrote:
>
> make tidy
> make makefiles \

You might also consider:

        shared=yes dynamicmaps=yes

>    CCARGS='-DDEF_CONFIG_DIR=/usr/local/etc/postfix -DUSE_TLS -I/usr/local/ssl/include -DNO_NIS -DNO_NISPLUS' \

Since you're using "config_param=value" for the various paths, don't use "-DDEF_CONFIG_DIR",
that's the source of the conflict.

>    AUXLIBS='/usr/local/ssl/lib/libssl.a /usr/local/ssl/lib/libcrypto.a' \

More typically one uses shared libraries for OpenSSL:

        -L/usr/local/ssl/lib -Wl,-rpath,/usr/local/ssl/lib -lssl -lcrypto


>    config_directory=/usr/local/etc/postfix \
>    meta_directory=/usr/local/etc/postfix \
>    command_directory=/usr/local/sbin \
>    daemon_directory=/usr/local/libexec/postfix \
>    mailq_path=/usr/local/bin/mailq \
>    newaliases_path=/usr/local/bin/newaliases \
>    openssl_path=/usr/local/ssl/bin/openssl \
>    sendmail_path=/usr/local/sbin/sendmail \
>    shlib_directory=/usr/local/lib/postfix

For test builds with MacOS/X I use:

make -f Makefile.init shared=yes dynamicmaps=yes \
        shlib_directory=/var/tmp/postfix/lib/MAIL_VERSION \
        config_directory=/var/tmp/postfix/etc \
        queue_directory=/var/tmp/postfix/spool \
        data_directory=/var/tmp/postfix/data \
        command_directory=/var/tmp/postfix/sbin \
        daemon_directory=/var/tmp/postfix/libexec \
        html_directory=/var/tmp/postfix/html \
        manpage_directory=/var/tmp/postfix/man \
        readme_directory=/var/tmp/postfix/readme \
        sendmail_path=/var/tmp/postfix/sbin/sendmail \
        newaliases_path=/var/tmp/postfix/sbin/newaliases \
        mailq_path=/var/tmp/postfix/sbin/mailq \
        'CCARGS= -I/opt/openssl/1.1.0/include -DUSE_TLS -DHAS_PCRE -I/usr/local/include' \
        'AUXLIBS= -L/opt/openssl/1.1.0/lib -lssl -lcrypto -L/usr/local/lib -ldb' \
        'AUXLIBS_PCRE=-L/usr/local/lib -lpcre' \
        'OPT=-O -g' \
        makefiles

This has no RPATH-related flags, since those are not needed on MacOS/X, but would be
needed for Linux...  The command-line is actually in part machine-generated, using
Bash arrays:

opts=(
    config_directory=$DEST/etc
    queue_directory=$DEST/spool
    data_directory=$DEST/data
    command_directory=$DEST/sbin
    daemon_directory=$DEST/libexec
    html_directory=$DEST/html
    manpage_directory=$DEST/man
    readme_directory=$DEST/readme
    sendmail_path=$DEST/sbin/sendmail
    newaliases_path=$DEST/sbin/newaliases
    mailq_path=$DEST/sbin/mailq
)

make -f Makefile.init shared=yes dynamicmaps=yes "shlib_directory=$DEST/lib/MAIL_VERSION" "${opts[@]}" ...

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: main.cf/master.cf user-defined parameters

Peter Ajamian
In reply to this post by postfix-6
On 06/03/17 05:16, Earl Killian wrote:
> I recently tried
> it with postfix 2.6 (the version provided by Amazon Linux, sigh)
>
> (2) I am considering whether to build postfix 3.2 from source on Amazon
> Linux.

There is no need for this.  Amazon Linux is basically a rebuild of
CentOS / RHEL 6, so postfix packages that work for those should work in
Amazon Linux.  You should be able to use the postfix3 packages available
from GhettoForge:

http://ghettoforge.org/index.php/Postfix3

Note that currently GhettoForge offers 3.1.4 but 3.2.0 is being pushed
out to gf-testing soon (as in an hour or two from now).


Peter