remove '/etc/postfix/master.cf: line x: using backwards-compatible default setting chroot=y' warning; set correct permission for dkim-public key as it should not be group or other writable

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
2018-01-27 11:14:22 +01:00
parent f896fe11a0
commit f034695290
2 changed files with 27 additions and 27 deletions
--- a/lib/configfiles/stretch.xml
+++ b/lib/configfiles/stretch.xml
@@ -2343,12 +2343,12 @@ virtual_mailbox_limit = 0
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (yes)   (never) (100)
 # ==========================================================================
-smtp      inet  n       -       -       -       -       smtpd
+smtp      inet  n       -       y       -       -       smtpd
-#smtp      inet  n       -       -       -       1       postscreen
+#smtp      inet  n       -       y       -       1       postscreen
-#smtpd     pass  -       -       -       -       -       smtpd
+#smtpd     pass  -       -       y       -       -       smtpd
-#dnsblog   unix  -       -       -       -       0       dnsblog
+#dnsblog   unix  -       -       y       -       0       dnsblog
-#tlsproxy  unix  -       -       -       -       0       tlsproxy
+#tlsproxy  unix  -       -       y       -       0       tlsproxy
-#submission inet n       -       -       -       -       smtpd
+#submission inet n       -       y       -       -       smtpd
 #  -o syslog_name=postfix/submission
 #  -o smtpd_tls_security_level=encrypt
 #  -o smtpd_sasl_auth_enable=yes
@@ -2359,7 +2359,7 @@ smtp      inet  n       -       -       -       -       smtpd
 #  -o smtpd_recipient_restrictions=
 #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
 #  -o milter_macro_daemon_name=ORIGINATING
-#smtps     inet  n       -       -       -       -       smtpd
+#smtps     inet  n       -       y       -       -       smtpd
 #  -o syslog_name=postfix/smtps
 #  -o smtpd_tls_wrappermode=yes
 #  -o smtpd_sasl_auth_enable=yes
@@ -2370,32 +2370,32 @@ smtp      inet  n       -       -       -       -       smtpd
 #  -o smtpd_recipient_restrictions=
 #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
 #  -o milter_macro_daemon_name=ORIGINATING
-#628       inet  n       -       -       -       -       qmqpd
+#628       inet  n       -       y       -       -       qmqpd
-pickup    unix  n       -       -       60      1       pickup
+pickup    unix  n       -       y       60      1       pickup
-cleanup   unix  n       -       -       -       0       cleanup
+cleanup   unix  n       -       y       -       0       cleanup
 qmgr      unix  n       -       n       300     1       qmgr
 #qmgr     unix  n       -       n       300     1       oqmgr
-tlsmgr    unix  -       -       -       1000?   1       tlsmgr
+tlsmgr    unix  -       -       y       1000?   1       tlsmgr
-rewrite   unix  -       -       -       -       -       trivial-rewrite
+rewrite   unix  -       -       y       -       -       trivial-rewrite
-bounce    unix  -       -       -       -       0       bounce
+bounce    unix  -       -       y       -       0       bounce
-defer     unix  -       -       -       -       0       bounce
+defer     unix  -       -       y       -       0       bounce
-trace     unix  -       -       -       -       0       bounce
+trace     unix  -       -       y       -       0       bounce
-verify    unix  -       -       -       -       1       verify
+verify    unix  -       -       y       -       1       verify
-flush     unix  n       -       -       1000?   0       flush
+flush     unix  n       -       y       1000?   0       flush
 proxymap  unix  -       -       n       -       -       proxymap
 proxywrite unix -       -       n       -       1       proxymap
-smtp      unix  -       -       -       -       -       smtp
+smtp      unix  -       -       y       -       -       smtp
-relay     unix  -       -       -       -       -       smtp
+relay     unix  -       -       y       -       -       smtp
 #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq     unix  n       -       -       -       -       showq
+showq     unix  n       -       y       -       -       showq
-error     unix  -       -       -       -       -       error
+error     unix  -       -       y       -       -       error
-retry     unix  -       -       -       -       -       error
+retry     unix  -       -       y       -       -       error
-discard   unix  -       -       -       -       -       discard
+discard   unix  -       -       y       -       -       discard
 local     unix  -       n       n       -       -       local
 virtual   unix  -       n       n       -       -       virtual
-lmtp      unix  -       -       -       -       -       lmtp
+lmtp      unix  -       -       y       -       -       lmtp
-anvil     unix  -       -       -       -       1       anvil
+anvil     unix  -       -       y       -       1       anvil
-scache    unix  -       -       -       -       1       scache
+scache    unix  -       -       y       -       1       scache
 #
 # ====================================================================
 # Interfaces to non-Postfix software. Be sure to examine the manual
--- a/scripts/classes/class.DnsBase.php
+++ b/scripts/classes/class.DnsBase.php
@@ -233,7 +233,7 @@ abstract class DnsBase
 					$pubkey_file_handler = fopen($pubkey_filename, "w");
 					fwrite($pubkey_file_handler, $domain['dkim_pubkey']);
 					fclose($pubkey_file_handler);
-					safe_exec("chmod 0664 " . escapeshellarg($pubkey_filename));
+					safe_exec("chmod 0644 " . escapeshellarg($pubkey_filename));
 				}
 				$dkimdomains .= $domain['domain'] . "\n";