|Summary:||mail/postfix-sasl-tls: Create Postfix port with SASL and TLS) support (Or enable SASL by default in mail/postfix)|
|Product:||Ports & Packages||Reporter:||Hans Fredrik Nordhaug <hans>|
|Component:||Individual Port(s)||Assignee:||Olli Hauer <ohauer>|
|Severity:||Affects Many People||CC:||alexandre, delphij, meyer.sydney, ohauer|
Description Hans Fredrik Nordhaug 2014-12-04 00:20:07 UTC
Currently you can select between postfix-2.11.3_2 and postfix-tls-2.11.3_2, but there is no postfix-tls-sasl2-2.11.3_2. This means that if you use Cyrus SASL with Postfix, you can't use pkg. See also https://forums.freebsd.org/threads/pkgng-usage-problem-with-postfix-options-sasl-tls.46220/ Please consider building also this version of postfix. PS! For reference: The error you see /var/log/maillog is: "warning: smtpd_sasl_auth_enable is true, but SASL support is not compiled in"
Comment 1 Mark Linimon 2014-12-04 15:59:00 UTC
Over to maintainer of mail/postfix.
Comment 2 Olli Hauer 2015-01-27 21:08:20 UTC
I think the postfix ports should have TLS enabled by default. More and more servers are expecting meanwhile TLS support and bigger ISP's having TLS only on the roadmap. If build with TLS but TLS is not used / configured in postfix main.cf / master.cf there is no impact since postfix has sane default values. $ postconf -d | grep use_tls lmtp_use_tls = no postscreen_use_tls = $smtpd_use_tls smtp_use_tls = no smtpd_use_tls = no tlsproxy_use_tls = $smtpd_use_tls So changing mail/postfix ports having TLS enabled by default and deprecating postfix-tls would be the best option (after Orwell and Snowden) even it doesn't protect the mail content on the next mail node (relay, final recipient, ...)
Comment 3 Xin LI 2015-03-03 07:27:26 UTC
Comment 4 Olli Hauer 2015-05-09 19:17:43 UTC
Take it, @Xin Li Was the +1 for a child port or switching on TLS by default?
Comment 5 Xin LI 2015-05-14 17:40:05 UTC
(In reply to Olli Hauer from comment #4) I think either way would work but ideally it would be the main port unless there is good reason not to do so.
Comment 6 Kubilay Kocak 2016-02-01 11:37:12 UTC
postfix ports appear to have TLS enabled by default now, but not SASL. The original scope of this request was for the creation of a sasl and tls enabled (slave?) port. I imagine this request would be satisfied if SASL was enabled by default, so I've modified the summary to include that option. What's needed to progress and close this issue?
Comment 7 Olli Hauer 2016-02-14 22:25:07 UTC
After doing some tests and study the postfix history I notice postfix has build in support for Dovecot SASL and if build direct from source (clean env.) Dovecot SASL is enabled by default. At the moment I'm rewriting the postfix ports so Dovecot SASL will be always supported, Cyrus will be additional/optional. Additional I'm planing to make postfix-current the new default postfix in the next weeks, some features will maybe be lost since there are no new patches for postfix 3.x e.g. VDA and native SPF so I assume those projects are no longer active.
Comment 8 Astaoth 2016-02-25 15:54:03 UTC
(In reply to Olli Hauer from comment #7) Hi Olli, I'm also interrested by having Dovecot SASL supported by Postfix. When do you think you will be able to release the new package with this ? Thank you !
Comment 9 Olli Hauer 2016-02-25 17:42:46 UTC
Hi, I will commit this evening a change to the postfix ports. Additional I'm planning to `svn cp postfix -> postfix211'. On the weekend postfix-3.0.4 will become the new default postfix release, and I hope until then a patch to pkg was committed (PR 207492). Without the pkg patch some of my systems had a broken postfix because som binaries where not replaced with the new one.
Comment 10 commit-hook 2016-02-25 20:10:33 UTC
A commit references this bug: Author: ohauer Date: Thu Feb 25 20:09:57 UTC 2016 New revision: 409551 URL: https://svnweb.freebsd.org/changeset/ports/409551 Log: - rework SASL OPTIONS Dovecot SASL does not need any dependency, from now it will be always build into postfix and the default SASL unless Cyrus is also added (there is no conflict between them) - add support for FreeBSD 10.3 mailwrapper (install mailer.conf into LOCALBASE/mail instead /etc/mail) - add better reload support to rc script - display correct path in pkg-message - add support for postfix-sasl slave port - bump PORTREVISION Many Thanks to all testers! PR: 195662 PR: 205162 Changes: head/mail/postfix/Makefile head/mail/postfix/files/pkg-install.in head/mail/postfix/files/pkg-message.in head/mail/postfix/files/postfix.in head/mail/postfix/pkg-help
Comment 11 commit-hook 2016-02-25 20:26:44 UTC
A commit references this bug: Author: ohauer Date: Thu Feb 25 20:26:09 UTC 2016 New revision: 409556 URL: https://svnweb.freebsd.org/changeset/ports/409556 Log: - update to 3.0.4 - rework SASL OPTIONS Dovecot SASL does not need any dependency, from now it will be always build into postfix - EAI is now mandantory, else mails can be lost - add support for FreeBSD 10.3 mailwrapper (install mailer.conf into LOCALBASE/mail instead /etc/mail) - add better reload support to rc script - display correct path in pkg-message - add support for postfix-sasl slave port - remove nativ SPF support, patch is no longer maintained and there are alternatives in the ports tree - remove VDA support (seems VDA project is dead and unmaintaned) Many Thanks to all testers! PR: 195662 PR: 205162 Changes: head/mail/postfix-current/Makefile head/mail/postfix-current/distinfo head/mail/postfix-current/files/pkg-install.in head/mail/postfix-current/files/pkg-message.in head/mail/postfix-current/files/postfix.in head/mail/postfix-current/pkg-help
Comment 12 commit-hook 2016-02-25 20:33:48 UTC
A commit references this bug: Author: ohauer Date: Thu Feb 25 20:33:43 UTC 2016 New revision: 409557 URL: https://svnweb.freebsd.org/changeset/ports/409557 Log: - add postfix SASL slave port to the tree Requested by many PR: 195662 PR: 205162 Changes: head/mail/Makefile head/mail/postfix-current-sasl/ head/mail/postfix-current-sasl/Makefile head/mail/postfix-sasl/ head/mail/postfix-sasl/Makefile
Comment 13 Olli Hauer 2016-02-25 20:44:54 UTC
Hope I haven't overlooked something! Thanks for your patience!
Comment 14 Astaoth 2016-02-25 22:04:30 UTC
That was quick, many thanks for your work !