postfix-current is marked broken w.r.t SPF support, why?
Michael Grimm
trashcan at ellael.org
Mon Feb 15 18:27:36 UTC 2016
Hi Olli —
On 14.02.2016, at 22:37, olli hauer <ohauer at gmx.de> wrote:
> On 2016-02-08 20:13, Michael Grimm wrote:
>> I am wondering why postfix-current is still marked broken regarding SPF support:
>>
>> | poudriere build log file excerpt:
>> | Finished build of mail/postfix-current: Ignored: is marked as broken: At the moment, SPF support is unavailable for postfix-3.0-20151003
>>
>> Thus, I made a custom port removing this restriction in the Makefile, and that custom port compiles including SPF support:
>>
>> | mail> pkg query %do postfix-custom
>> | security/openssl
>> | devel/icu
>> | mail/dovecot2
>> | mail/libspf2
>> | devel/pcre
>>
>> | mail> pkg info | grep libspf
>> | libspf2-1.2.10_2 Sender Rewriting Scheme 2 C Implementation
>>
>> | mail> ldd `which postfix`
>> | /usr/local/sbin/postfix:
>> | ...
>> | libspf2.so.2 => /usr/local/lib/libspf2.so.2 (0x8024a8000)
>> | ...
>
>
> Hi Michael,
>
> until now the patch will not apply clean and there is no new patch available.
> If we remove the BROKEN message users getting perhaps no notification if current will become the new default postfix
>
>
> ===> Fetching all distfiles required by postfix-current-3.0.20151003_1,4 for building
> => SHA256 Checksum OK for postfix/postfix-3.0.3.tar.gz.
> => SHA256 Checksum OK for postfix/postfix-2.8.0-libspf2-1.2.x-0.patch.gz.
> ===> Patching for postfix-current-3.0.20151003_1,4
> ===> Applying distribution patches for postfix-current-3.0.20151003_1,4
> 1 out of 2 hunks failed--saving rejects to src/global/mail_params.c.rej
> 1 out of 7 hunks failed--saving rejects to src/smtpd/smtpd.c.rej
> 1 out of 3 hunks failed--saving rejects to src/smtpd/smtpd_check.c.rej
> *** Error code 1
Oh, I see. I didn't realize before that this SPF support will patch postfix and add functionality to deal with SPF in smptd, directly.
But that patch is old and made for a postfix version 2.8.x no longer supported upstream, and in addition, the author of postfix, Wietse, clearly states [1] that:
| Note: Postfix already ships with SPF support, in the form of a plug-in
| policy daemon. This is the preferred integration model, at least until
| SPF is mandated by standards.
And in postfix source's examples/smtpd-policy directory the README.SPF states:
| See http://www.openspf.org/Software for the current version of the
| SPF policy daemon for Postfix.
|
| SPF support is also available via MILTER plugins, such as sid-milter
| at http://sourceforge.net/projects/sid-milter/ which implements both
| SenderID and SPF.
Hmm, please don't get me wrong, but wouldn't it be "better" to create a postfix28 port including that SPF patch for those in need of a smtpd built-in SPF functionality and create a stable postfix port (next week it will be 3.1) with just including libspf2 library and advise users to go with Wietse's recommendations to leave that SPF part for policy delegation? Especially with two ports available (postfix-policyd-spf-perl-2.010_1 and py27-postfix-policyd-spf-python-1.3.2_1), already.
Again, that's just my personal opinion, you are the maintainer, and: I might have missed reasons why that might be a bad idea of mine. And, as mentioned above, I don't even use SPF. I was only wondering, why postfix stable is still 2.11 and came across postfix-current port with the BROKEN issue.
Thanks for all your work and regards,
Michael
[1] http://www.postfix.org/addon.html
More information about the freebsd-ports
mailing list