ports/contrib (3.7): postfix-lmdb: change $mynetworks <-> localhost (remove acc. comm. vim file)

22 Feb 2022

commit 8325e08588e2d07720ae810982b48267b0abf384
Author: Steffen Nurpmeso <steffen@sdaoden.eu>
Date:   Mon Feb 21 19:51:43 2022 +0100

    postfix-lmdb: change $mynetworks <-> localhost (remove acc. comm. vim file)

diff --git a/postfix-lmdb/.Pkgfile.swp b/postfix-lmdb/.Pkgfile.swp
deleted file mode 100644
index 8e5e1a1e2..000000000
Binary files a/postfix-lmdb/.Pkgfile.swp and /dev/null differ
diff --git a/postfix-lmdb/.signature b/postfix-lmdb/.signature
index 3b3558f37..f19e49e29 100644
--- a/postfix-lmdb/.signature
+++ b/postfix-lmdb/.signature
@@ -1,6 +1,6 @@
 untrusted comment: verify with /etc/ports/contrib.pub
-RWSagIOpLGJF39FFLfzuP9sSTYucdaycYGZstsYaO6zDsmGx0vpABBxGTev1pv7xG6SvTbOMBGNLnQBceeHZUdwcTvkp2CO4UAA=
-SHA256 (Pkgfile) = 6877221db8e8534e9c78264f369338ef6ae5916806a3a13da4cbd9913d66fe6f
+RWSagIOpLGJF38rrseYPbhCN8cD92Tw7fGke1/WH4oAmNsnC8hrSZvwotu4lrW8OZA0OFow3hciSIRJlcTCidnBTJ6VXLUz2HAI=
+SHA256 (Pkgfile) = a993203a02ece29839c26820e0c3e061be3b8171466f3b7a8cc55293c38e089c
 SHA256 (.footprint) = c4bef46624508b9105e8c5816c322560a560c09e9c5507509eb95c886d52a387
 SHA256 (postfix-3.7.0.tar.gz) = 645c6a74959703f8dff5b696b2df2e8bc0c91ac530127a21c998e3defbb9528c
 SHA256 (lmdb-default.patch) = 11f42333ae0640a3ca579463ed28007973693b93bc734b5d82225fcb516bf05e
@@ -14,5 +14,5 @@ SHA256 (relay_clientcerts) = 2aa69a949c06826e2f5a760791fb5cebb37e6797613270fd113
 SHA256 (client_restrict) = 9496a99f6714625c5883a41f8a5f9db8aa43199ef2167c18d83a2b39469622e3
 SHA256 (sender_access) = c9b9b86c985facdc18e6bfe436c78340174fc315478e578d82c956e35355e678
 SHA256 (sender_restrict) = 9b672511eac1971f8cd72b045e200aac8e0fe6407f1a055085fc1b85c1f24ed7
-SHA256 (main-addon.cf) = 3ab7e6882fbd302a95cfe7476c162fe63e0989c2be235778daabd871184f1fbb
+SHA256 (main-addon.cf) = 3c8e601c90773a6b8dc35327651af1307201f703a3dea55db10ef5fd7171e0bf
 SHA256 (master.patch) = 062960dbabd1ae4890d7bb3dc364215f5755c04d1a2d6138f9871dbd66301009
diff --git a/postfix-lmdb/Pkgfile b/postfix-lmdb/Pkgfile
index 2914c3a00..386da95dd 100644
--- a/postfix-lmdb/Pkgfile
+++ b/postfix-lmdb/Pkgfile
@@ -7,7 +7,7 @@
 rname=postfix
 name=postfix-lmdb
 version=3.7.0
-release=1
+release=2
 source=(
    https://de.${rname}.org/ftpmirror/official/${rname}-${version}.tar.gz
    lmdb-default.patch
diff --git a/postfix-lmdb/main-addon.cf b/postfix-lmdb/main-addon.cf
index f3464f33d..8263183f8 100644
--- a/postfix-lmdb/main-addon.cf
+++ b/postfix-lmdb/main-addon.cf
@@ -9,19 +9,35 @@ alias_maps = $alias_database
 # all # or ipv4, ipv6 or ipv4 or ipv6
 inet_protocols = all
 
-#myhostname = crux-0306 # default: gethostname
+#myhostname = crux-box # default: gethostname
 #mydomain = localdomain # default: $myhostname less one component
 #myorigin = $mydomain
 # , lists.$myhostname
 mydestination = $myhostname, localhost.$mydomain, localhost
 mynetworks_style = host
-# One class A, 16 class B, 256 class C networks; loopback
+
+# mynetworks: which addresses we treat as belonging to "our network".
+# RFC 1918 defines several "address ranges for private internets",
+# one class A, 16 class B, 256 class C networks:
+#  10.0.0.0    - 10.255.255.255  (10/8 prefix)
+#  172.16.0.0  - 172.31.255.255  (172.16/12 prefix)
+#  192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
+# In practice these are used by WLAN and other such networks, which is not
+# "our" per se.  RFC 5737 defines several blocks "reserved for documentation"
+# that SHOULD NOT occur on the public internet, so they should be blocked on
+# ingress and better not leave on egress, but they can be assigned to local
+# namespaces etc., and be used within VPNs:
+#     192.0.2.0    - 192.0.2.255    (192.0.2.0/24, TEST-NET-1, from RFC 1166)
+#     198.51.100.0 - 198.51.100.255 (198.51.100.0/24, TEST-NET-2)
+#     203.0.113.0  - 203.0.113.255  (203.0.113.0/24, TEST-NET-3)
 # Dunno how to specify IPv6 link-local and site-local
-mynetworks = 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16  127.0.0.0/8
+#mynetworks = 192.0.2.0/24 198.51.100.0/24 203.0.113.0/24 127.0.0.0/8
+mynetworks = 127.0.0.0/8
+
 #inet_interfaces = localhost
 #inet_interfaces = $myhostname, localhost
 inet_interfaces = all
-#debug_peer_list = 10.0.0.1
+#debug_peer_list = localhost
 
 smtputf8_enable = no
 disable_vrfy_command = yes
@@ -67,10 +83,10 @@ smtpd_client_restrictions =
    permit_mynetworks,
 #RELAY   permit_tls_clientcerts,
 #[RELAY]  permit_sasl_authenticated,
-   check_client_access lmdb:/etc/postfix-lmdb/client_restrict,
    reject_unknown_client_hostname,
-   # in case you want reject DNS blacklists rather than greylist them
-   # with gross, exchange sleep (maybe) and uncomment the lines below
+   check_client_access lmdb:/etc/postfix-lmdb/client_restrict,
+   # in case you want reject DNS blacklists rather than greylist them,
+   # exchange sleep (maybe) and uncomment the lines below
    sleep 1,
     #reject_rbl_client cbl.abuseat.org,
     #reject_rbl_client sbl.spamhaus.org,
@@ -105,7 +121,6 @@ smtpd_sender_restrictions =
    check_sender_access lmdb:/etc/postfix-lmdb/sender_restrict,
    reject_unknown_sender_domain,
    permit
-
 smtpd_relay_before_recipient_restrictions = yes
 
 # RCPT TO checks, relay policy
@@ -129,19 +144,17 @@ smtpd_recipient_restrictions =
    permit_mynetworks,
 #RELAY   permit_tls_clientcerts,
 #[RELAY]  permit_sasl_authenticated,
-   reject_unknown_sender_domain,
-   reject_unknown_reverse_client_hostname,
    reject_unknown_recipient_domain,
    # (SMTPD_POLICY_README says
    #   reject_unauth_destination is not needed here if the mail relay policy is
    #   specified with smtpd_relay_restrictions (available with Postfix 2.10 and
    #   later))
-   reject_unauth_destination,
+   #reject_unauth_destination,
    # better not: reject_unverified_sender,
    # DB of MAIL FROM's without policy server checks (one way, or another)
    check_sender_access lmdb:/etc/postfix-lmdb/sender_access,
-   #check_policy_service unix:/run/greylistd.socket,
-   ##check_policy_service inet:127.0.0.1:5525,
+   #check_policy_service inet:127.0.0.1:5525,
+   #check_policy_service unix:private/postgray
    permit
 
 # i would turn that on..
@@ -211,7 +224,7 @@ smtp_tls_ciphers = $smtpd_tls_ciphers
 smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
 smtp_tls_connection_reuse = yes
 smtp_tls_session_cache_database = lmdb:/var/lib/postfix-lmdb/smtp_scache
-smtp_tls_session_cache_timeout = $smtpd_tls_session_cache_timeout 
+smtp_tls_session_cache_timeout = $smtpd_tls_session_cache_timeout
 
 #smtp_sasl_auth_enable = $smtpd_sasl_auth_enable
 #smtp_sasl_type = $smtpd_sasl_type

    

crux＠crux.nu

tags

participants (1)