postfix: new packages for Postfix MTA

[Shulyaka]

Signed-off-by: Denis Shulyaka [email protected]

[Shulyaka]

Hi,

I have merged Mike Petullo's patches for optional LDAP, SASL and TLS support.
However, the package still has some issues:

1. The postfix compilation and installation process implies executing of postconf binary. I have worked that around by recompiling the binary natively. However that means that if you want to build postfix with OpenSSL support then you will need an openssl library on your host sustem as additional dependency. I can try to fix that behavior by patching its installation scripts to avoid running the binary.
2. The postconf binary has some default configuration parameters built in which includes myhostname, mydomain and mynetworks, which are taken from the build host and don't correspond to the target system. I have removed them from conf/main.cf.default file, but they would still be present in postconf -d output. I don't think it's a big issue however and didn't try to investigate it yet.

Please advise if I need to fix them before the package can be merged, or if I can fix it later.

Best regards,
Denis Shulyaka

[Shulyaka]

Hi again,

Well, I've managed to compile postfix without recompiling postconf natively.
Now I would need your advices on the below issues:

1. 'postconf -d' still returns build host hostname and a list of IP addresses in the myhost, mydomain and mynetworks parameters. It does not affect the daily use so I'm not even sure it should be fixed, however if the user modifies his /etc/postfix/main.cf.default file (despite of the warning) and tries to recreate it with postconf -d (ignoring opkg), it wouldn't be able to do so. It could also be considered as a security issue for the build host (leak of network addresses). Can we leave it as is for now or have I try to investigate it?
2. Now postfix does not depend on tinycdb package because it links it statically (so we need to build it on the build system but we don't need to install it on the target system). Actually, no tinycdb *.ipk package is created because no files need to be installed on the target system. However the postfix package refuses to install without it. How can we correctly resolve that?
3. Postfix installs a sendmail-compatible interface into /usr/sbin/sendmail. It appears that busybox sendmail applet installs the same file, which creates a conflict. How can we correctly resolve that?
4. Could you please check the below paths if they are ok or not:

config_directory=/etc/postfix
sample_directory=/etc/postfix
command_directory=/usr/sbin
daemon_directory=/usr/libexec/postfix
data_directory=/usr/var/lib/postfix
queue_directory=/usr/var/spool/postfix
mail_spool_directory=/usr/var/mail
sendmail_path=/usr/sbin/sendmail
newaliases_path=/usr/bin/newaliases
mailq_path=/usr/bin/mailq

Best regards,
Denis Shulyaka

[thess]

Item 2 - Use PKG_BUILD_DEPENDS:=+tinycdb (Instead of DEPENDS)

Item 3 - You'll probably need postinst and prerm scripts to remove and replace the Busybox links respectively.

[Shulyaka]

Hi Ted,

2014-10-06 4:29 GMT+04:00 Ted Hess [email protected]:

Item 3 - You'll probably need postinst and prerm scripts to remove and
replace the Busybox links respectively.

I think that could be a problem because:

1. preinst/postinst scripts are executed every time you upgrade a package
   and it's hard to know if /usr/sbin/sendmail is from a previous postfix
   package or busybox or any other package that wishes to install this file
2. If user decides to remove, install, reinstall or upgrade busybox after
   installing postfix then opkg will use the wrong file

Does OpenWRT have anything similar to update-alternatives? Are there any
other packages with conflicting files in the repository and how are they
managed?

[schur]

Item 3 - The proper way to do this in the build environment, in my opinion, is to to set the appropriate conflict rules for menuconfig, so that if postfix is selected, sendmail gets deactivated in the busybox settings. I don't know enough about how to do this.

Item 4 -
data_directory should be changed from the default /usr/var/lib/postfix to /var/lib/postfix
queue_directory should be changed from the default /usr/var/spool/postfix to /var/spool/postfix

Reason: to keep temporary and frequently changing files away from what is likely flash memory in a typical OpenWRT system.

However, this means the directories need to be handled every time on startup and shutdown of postfix in the init.d script. The data directory needs exist before postfix starts, so it needs to be created on startup. The spool directory needs to be saved to flash on shutdown of postfix and read from flash on startup, otherwise queued mail will be lost on shutdown of postfix.

in /etc/init.d/postfix

start() {
mkdir -p /var/lib/postfix
mkdir -p /var/spool/postfix
postfix set-permissions
if [ -d /usr/var/spool/postfix ]; then
cp -a /usr/var/spool/postfix/* /var/spool/postfix/
fi
postfix start
}

stop() {
postfix stop
mkdir -p /usr/var/spool/postfix
rm -r /usr/var/spool/postfix/*
cp -af /var/spool/postfix/* /usr/var/spool/postfix/
}

It would be better to use rsync rather than rm/cp for saving and restroring the mail queue,because that would result in fewer file operations on the flash memory. But rsync is not part of the standard OpenWrt installation, so it would have to be made a runtime dependency just for the purpose of the init script.

[thess]

@Shulyaka - For an example of how to use postinst/prerm to remove/restore the bash link look at the utils/grep package.

@schur - This really cannot be handled at build time if the package is installed / removed on an operational system via opkg.

[schur]

@thess - I think both scenarios need to be covered. At build time, the conflict should be prevented in the first place my preventing busybox/sendmail and postfix being selected in config at the same time. At installation time via opkg, postint/prerm can be used as a workaround. The workaround will not kick-in on a properly built system, but it will cover the cases where the package is installed removed via opkg..

[sbyx]

This might be interesting: https://dev.openwrt.org/changeset/42770

[thess]

Interesting, yes - but I think nbd's change is for complete packages and not config options like those in busybox. It does prevent selection of conflicting packages in the menuconfig (like hostapd vs. wpad). I guess this feature could be extended to handle other CONFIG_xxx options?

Anyway, after a brief test build with the utils/grep package which has postinst/prerm scripts to deal with busybox -- I noticed that only /usr/bin/grep was present in the rootfs and there was no link to busybox in /bin/grep. I belive packages are acutally "installed" in image builds and even SDK builds.

I think it is a fair question to ask if one want just the alternative "full" package to quietly supercede others or to block build selections. There are cases for both types of behavior.

[sbyx]

Well feel free to merge then ;)

[Shulyaka]

Well, then I suggest another approach - install new file as /usr/sbin/sendmail.postfix and create a simlink in a postinst script. Let me do it to show you...

[Shulyaka]

Ok, done. Now the package installs /usr/sbin/sendmail.postfix, then in postinst script it creates a simlink to /usr/sbin/sendmail, and if that file is already present, it would back it up to /usr/sbin/sendmail.old. Please review and approve.

[Shulyaka]

Hi again,

I have changed the name of the /etc/init.d/postfix function that creates users from enable() to create_users(), because it appears that /etc/rc.common enable() function is not called if it is redefined in the script.

Best regards,
Denis Shulyaka

[sbyx]

Anymore comments from anybody or shall we merge it as is?

[flyn-org]

The only issue I see in this revision is that installing the package overwrites master.cf (unlike main.cf, which the package protects as a configuration file). I picked up on this because I just started using a custom master.cf.

That said, I would support merging as is and fixing this master.cf issue following the merge. I have been using Shulyaka's various Postfix packages to process flyn.org mail for a few weeks now.

This is not a simple package, and I greatly appreciate Shulyaka's work. Thank you!

[Shulyaka]

Hi Mike,

Thanks for the hint. Just fixed that.

Best regards,
Denis Shulyaka

[sbyx]

Thanks for the hard work.

[schur]

Well, for me there is still the issue that the postfix package does not compile in the OpenWRT Buildroot (fails with linker errors). This may be down to my ineptitude, but shouldn't a package compile seamlessly within the official buildroot?

[sbyx]

Guess we'll have a look at the buildbot logs once they do their next round and see if anything is broken.

[sbyx]

Just did a compile test myself, don't see any issues right now, but maybe its dependent on a specific architecture or so.

[Shulyaka]

Hi Reinhard,

Please make sure you have all dependencies in the package/ directory.
The dependencies are:

tinycdb
pcre
openssl
openldap
cyrus-sasl

Best regards,
Denis Shulyaka