anonymous / gist:1336575

Created November 03, 2011


    
    View gist:1336575 
  
  
      gistfile1.perl
    
    
        Raw
      
    
    File suppressed. Click to show.
  
  
            1
            2
            3
            4
            5
            6
            7
            8
            9
            10
            11
            12
            13
            14
            15
            16
            17
            18
            19
            20
            21
            22
            23
            24
            25
            26
            27
            28
            29
            30
            31
            32
            33
            34
            35
            36
            37
            38
          
          
            There are some significant differences between the Debian Postfix packages,
and the source from upstream:
 
1.  The Debian install is chrooted by default.
2.  Dynamically loadable map support.
3.  For policy reasons:
  a. SASL configuration goes in /etc/postfix/sasl
  b. myhostname=/path/to/file is supported (and used) in main.cf
4.  smtp_line_length_limit defaults to 0, instead of 990, in absolute
    violation of the RFC.  Note that mailers in the path will still
    potentially split the line, though.  This will be removed at some
    point in the future.
5.  IPV6 support is enabled: postfix listens on ipv6/ipv4 by default,
    (see: inet_protocols)
6.  TLS/SASL support is enabled.
7.  rmail comes from sendmail, not from postfix.
8.  The upstream main.cf is delivered as /usr/share/postfix/main.cf.dist,
    rather than cluttering /etc/postfix/main.cf with comments.
 
Known caveats:
1.  The dynamically loadable modules are not found in the chroot.
    Therefore, proxy maps may require you to copy the appropriate shared
    object into the chroot if you chroot the proxy service in master.cf.
2.  Some map types (and SASL support) require some extra configuration
    (beyond what upstream indicates) to run inside the chroot.  The simplest
    solution for the maps is to use the proxy service, which is not chrooted.
    SASL is a bit more complex, and is on the TODO list...
3.  Note that the chrooted daemons open /dev/log before chrooting, so if your
    syslog daemon is restarted, the daemons will be unable to reconnect to the
    syslog socket, and hence being unable to log.  The postfix package provides
    a config snipped for the rsyslog daemon in /etc/rsyslog.d/postfix.conf to
    also open a socket in /var/log/postfix/dev.  For other syslog daemons, you
    will also have to restart postfix after restarting the syslog daemon, or
    configure it to open an additional socket.
  a. For sysklogd (the default in Debian versions prior to Lenny), add
     SYSLOG="-a /var/spool/postfix/dev/log" to /etc/default/syslog.
  b. For inetutils-syslogd, add SYSLOGD_OPTS="-a /var/spool/postfix/dev/log" to
     /etc/default/inetutils-syslogd.