xref: /src/external/ibm-public/postfix/dist/conf/post-install

#!/bin/sh
#	$NetBSD: post-install,v 1.1.1.10 2025/02/25 19:11:35 christos Exp $
#

# To view the formatted manual page of this file, type:
#	POSTFIXSOURCE/mantools/srctoman - post-install | nroff -man

#++
# NAME
#	post-install
# SUMMARY
#	Postfix post-installation script
# SYNOPSIS
#	postfix post-install [name=value] command ...
# DESCRIPTION
#	The post-install script performs the finishing touch of a Postfix
#	installation, after the executable programs and configuration
#	files are installed. Usage is one of the following:
# .IP o
#	While installing Postfix from source code on the local machine, the
#	script is run by the postfix-install script to update selected file
#	or directory permissions and to update Postfix configuration files.
# .IP o
#	While installing Postfix from a pre-built package, the script is run
#	by the package management procedure to set all file or directory
#	permissions and to update Postfix configuration files.
# .IP o
#	The script can be used to change installation parameter settings such
#	as mail_owner or setgid_group after Postfix is already installed.
# .IP o
#	The script can be used to upgrade configuration files and to upgrade
#	file/directory permissions of a secondary Postfix instance.
# .IP o
#	At Postfix start-up time, the script is run from "postfix check" to
#	create missing queue directories.
# .PP
#	The post-install script is controlled by installation parameters.
#	Specific parameters are described at the end of this document.
#	All installation parameters must be specified ahead of time via
#	one of the methods described below.
#
#	Arguments
# .IP create-missing
#	Create missing queue directories with ownerships and permissions
#	according to the contents of $meta_directory/postfix-files
#	and optionally in $meta_directory/postfix-files.d/*, using
#	the mail_owner and setgid_group parameter settings from the
#	command line, process environment or from the installed
#	main.cf file.
#
#	This is required at Postfix start-up time.
# .IP set-permissions
#	Set all file/directory ownerships and permissions according to the
#	contents of $meta_directory/postfix-files and optionally
#	in $meta_directory/postfix-files.d/*, using the mail_owner
#	and setgid_group parameter settings from the command line,
#	process environment or from the installed main.cf file.
#	Implies create-missing.
#
#	This is required when installing Postfix from a pre-built package,
#	or when changing the mail_owner or setgid_group installation parameter
#	settings after Postfix is already installed.
# .IP upgrade-permissions
#	Update ownership and permission of existing files/directories as
#	specified in $meta_directory/postfix-files and optionally
#	in $meta_directory/postfix-files.d/*, using the mail_owner
#	and setgid_group parameter settings from the command line,
#	process environment or from the installed main.cf file.
#	Implies create-missing.
#
#	This is required when upgrading an existing Postfix instance.
# .IP upgrade-configuration
#	Edit the installed main.cf and master.cf files, in order to account
#	for missing services and to fix deprecated parameter settings.
#
#	This is required when upgrading an existing Postfix instance.
# .IP upgrade-source
#	Short-hand for: upgrade-permissions upgrade-configuration.
#
#	This is recommended when upgrading Postfix from source code.
# .IP upgrade-package
#	Short-hand for: set-permissions upgrade-configuration.
#
#	This is recommended when upgrading Postfix from a pre-built package.
# .IP first-install-reminder
#	Remind the user that they still need to configure main.cf and the
#	aliases file, and that newaliases still needs to be run.
#
#	This is recommended when Postfix is installed for the first time.
# MULTIPLE POSTFIX INSTANCES
# .ad
# .fi
#	Multiple Postfix instances on the same machine can share command and
#	daemon program files but must have separate configuration and queue
#	directories.
#
#	To create a secondary Postfix installation on the same machine,
#	copy the configuration files from the primary Postfix instance to
#	a secondary configuration directory and execute:
#
#	postfix post-install config_directory=secondary-config-directory \e
# .in +4
#		queue_directory=secondary-queue-directory \e
# .br
#		create-missing
# .PP
#	This creates secondary Postfix queue directories, sets their access
#	permissions, and saves the specified installation parameters to the
#	secondary main.cf file.
#
#	Be sure to list the secondary configuration directory in the
#	alternate_config_directories parameter in the primary main.cf file.
#
#	To upgrade a secondary Postfix installation on the same machine,
#	execute:
#
#	postfix post-install config_directory=secondary-config-directory \e
# .in +4
#		upgrade-permissions upgrade-configuration
# INSTALLATION PARAMETER INPUT METHODS
# .ad
# .fi
#	Parameter settings can be specified through a variety of
#	mechanisms.  In order of decreasing precedence these are:
# .IP "command line"
#	Parameter settings can be given as name=value arguments on
#	the post-install command line. These have the highest precedence.
#	Settings that override the installed main.cf file are saved.
# .IP "process environment"
#	Parameter settings can be given as name=value environment
#	variables.
#	Settings that override the installed main.cf file are saved.
# .IP "installed configuration files"
#	If a parameter is not specified via the command line or via the
#	process environment, post-install will attempt to extract its
#	value from the already installed Postfix main.cf configuration file.
#	These settings have the lowest precedence.
# INSTALLATION PARAMETER DESCRIPTION
# .ad
# .fi
#	The description of installation parameters is as follows:
# .IP config_directory
#	The directory for Postfix configuration files.
# .IP daemon_directory
#	The directory for Postfix daemon programs. This directory
#	should not be in the command search path of any users.
# .IP command_directory
#	The directory for Postfix administrative commands. This
#	directory should be in the command search path of administrative users.
# .IP queue_directory
#	The directory for Postfix queues.
# .IP data_directory
#	The directory for Postfix writable data files (caches, etc.).
# .IP sendmail_path
#	The full pathname for the Postfix sendmail command.
#	This is the Sendmail-compatible mail posting interface.
# .IP newaliases_path
#	The full pathname for the Postfix newaliases command.
#	This is the Sendmail-compatible command to build alias databases
#	for the Postfix local delivery agent.
# .IP mailq_path
#	The full pathname for the Postfix mailq command.
#	This is the Sendmail-compatible command to list the mail queue.
# .IP mail_owner
#	The owner of the Postfix queue. Its numerical user ID and group ID
#	must not be used by any other accounts on the system.
# .IP setgid_group
#	The group for mail submission and for queue management commands.
#	Its numerical group ID must not be used by any other accounts on the
#	system, not even by the mail_owner account.
# .IP html_directory
#	The directory for the Postfix HTML files.
# .IP manpage_directory
#	The directory for the Postfix on-line manual pages.
# .IP sample_directory
#	The directory for the Postfix sample configuration files.
#	This feature is obsolete as of Postfix 2.1.
# .IP readme_directory
#	The directory for the Postfix README files.
# .IP shlib_directory
#	The directory for the Postfix shared-library files, and for
#	the Postfix dabatase plugin files with a relative pathname
#	in the file dynamicmaps.cf.
# .IP meta_directory
#	The directory for non-executable files that are shared
#	among multiple Postfix instances, such as postfix-files,
#	dynamicmaps.cf, as well as the multi-instance template files
#	main.cf.proto and master.cf.proto.
# SEE ALSO
#	postfix-install(1) Postfix primary installation script.
# FILES
#	$config_directory/main.cf, Postfix installation parameters.
#	$meta_directory/postfix-files, installation control file.
#	$meta_directory/postfix-files.d/*, optional control files.
#	$config_directory/install.cf, obsolete configuration file.
# LICENSE
# .ad
# .fi
#	The Secure Mailer license must be distributed with this software.
# AUTHOR(S)
#	Wietse Venema
#	IBM T.J. Watson Research
#	P.O. Box 704
#	Yorktown Heights, NY 10598, USA
#
#	Wietse Venema
#	Google, Inc.
#	111 8th Avenue
#	New York, NY 10011, USA
#
#	Wietse Venema
#	porcupine.org
#	Amawalk, NY 10501, USA
#--

umask 022

PATH=/bin:/usr/bin:/usr/sbin:/usr/etc:/sbin:/etc:/usr/contrib/bin:/usr/gnu/bin:/usr/ucb:/usr/bsd
SHELL=/bin/sh
IFS=" 	
"
BACKUP_IFS="$IFS"
debug=:
#debug=echo
MOST_PARAMETERS="command_directory daemon_directory data_directory
    html_directory mail_owner mailq_path manpage_directory
    newaliases_path queue_directory readme_directory sample_directory
    sendmail_path setgid_group shlib_directory meta_directory"
NON_SHARED="config_directory queue_directory data_directory"

USAGE="Usage: $0 [name=value] command
    create-missing          Create missing queue directories.
    upgrade-source          When installing or upgrading from source code.
    upgrade-package         When installing or upgrading from pre-built package.
    first-install-reminder  Remind of mandatory first-time configuration steps.
    name=value              Specify an installation parameter".

# Process command-line options and parameter settings. Work around
# brain damaged shells. "IFS=value command" should not make the
# IFS=value setting permanent. But some broken standard allows it.

create=; set_perms=; upgrade_perms=; upgrade_conf=; first_install_reminder=
obsolete=; keep_list=;

for arg
do
    case $arg in
	*[" 	"]*) echo $0: "Error: argument contains whitespace: '$arg'"
		     exit 1;;
                *=*) IFS= eval $arg; IFS="$BACKUP_IFS";;
     create-missing) create=1;;
	  set-perm*) create=1; set_perms=1;;
      upgrade-perm*) create=1; upgrade_perms=1;;
      upgrade-conf*) upgrade_conf=1;;
     upgrade-source) create=1; upgrade_conf=1; upgrade_perms=1;;
    upgrade-package) create=1; upgrade_conf=1; set_perms=1;;
     first-install*) first_install_reminder=1;;
		  *) echo "$0: Error: $USAGE" 1>&2; exit 1;;
    esac
    shift
done

# Sanity checks.

test -n "$create$upgrade_conf$first_install_reminder" || {
    echo "$0: Error: $USAGE" 1>&2
    exit 1
}

# Bootstrapping problem.

if [ -n "$command_directory" ]
then
    POSTCONF="$command_directory/postconf"
else
    POSTCONF="postconf"
fi

$POSTCONF -d mail_version >/dev/null 2>/dev/null || {
    echo $0: Error: no $POSTCONF command found. 1>&2
    echo Re-run this command as $0 command_directory=/some/where. 1>&2
    exit 1
}

# Also used to require license etc. files only in the default instance.

def_config_directory=`$POSTCONF -d -h config_directory` || exit 1
test -n "$config_directory" ||
    config_directory="$def_config_directory"

test -d "$config_directory" || {
    echo $0: Error: $config_directory is not a directory. 1>&2
    exit 1
}

# If this is a secondary instance, don't touch shared files.
# XXX Solaris does not have "test -e".

instances=`test ! -f $def_config_directory/main.cf || 
    $POSTCONF -qc $def_config_directory -h multi_instance_directories | 
	sed 'y/,/ /'` || exit 1

update_shared_files=1
for name in $instances
do
    case "$name" in
    "$def_config_directory") ;;
    "$config_directory") update_shared_files=; break;;
    esac
done

test -f $meta_directory/postfix-files || {
    echo $0: Error: $meta_directory/postfix-files is not a file. 1>&2
    exit 1
}

# SunOS5 fmt(1) truncates lines > 1000 characters.

fake_fmt() {
    sed '
    :top
	/^\(  *\)\([^ ][^ ]*\)  */{
	    s//\1\2\
\1/
	    P
	    D
	    b top
	}
    ' | fmt
}

case `uname -s` in
HP-UX*) FMT=cat;;
SunOS*) FMT=fake_fmt;;
     *) FMT=fmt;;
esac

# If a parameter is not set via the command line or environment,
# try to use settings from installed configuration files.

# Extract parameter settings from the obsolete install.cf file, as
# a transitional aid.

grep setgid_group $config_directory/main.cf >/dev/null 2>&1 || {
    test -f $config_directory/install.cf  && {
        for name in sendmail_path newaliases_path mailq_path setgid manpages
        do
	eval junk=\$$name
        case "$junk" in
        "") eval unset $name;;
        esac
	   eval : \${$name="\`. $config_directory/install.cf; echo \$$name\`"} \
		|| exit 1
        done
        : ${setgid_group=$setgid}
        : ${manpage_directory=$manpages}
    }
}

# Extract parameter settings from the installed main.cf file.

test -f $config_directory/main.cf && {
    for name in $MOST_PARAMETERS
    do
	eval junk=\$$name
        case "$junk" in
        "") eval unset $name;;
        esac
        eval : \${$name=\`$POSTCONF -qc $config_directory -h $name\`} || exit 1
    done
}

# Sanity checks

case $manpage_directory in
 no) echo $0: Error: manpage_directory no longer accepts \"no\" values. 1>&2
     echo Try again with \"$0 manpage_directory=/pathname ...\". 1>&2; exit 1;;
esac

case $setgid_group in
 no) echo $0: Error: setgid_group no longer accepts \"no\" values. 1>&2
     echo Try again with \"$0 setgid_group=groupname ...\" 1>&2; exit 1;;
esac

for path in "$daemon_directory" "$command_directory" "$queue_directory" \
    "$sendmail_path" "$newaliases_path" "$mailq_path" "$manpage_directory" \
    "$meta_directory"
do
   case "$path" in
   /*) ;;
    *) echo $0: Error: \"$path\" should be an absolute path name. 1>&2; exit 1;;
   esac
done

for path in "$html_directory" "$readme_directory" "$shlib_directory"
do
   case "$path" in
   /*) ;;
   no) ;;
    *) echo $0: Error: \"$path\" should be \"no\" or an absolute path name. 1>&2; exit 1;;
   esac
done

# Find out what parameters were not specified via command line,
# via environment, or via installed configuration files.

missing=
for name in $MOST_PARAMETERS
do
    eval test -n \"\$$name\" || missing="$missing $name"
done

# All parameters must be specified at this point.

test -n "$non_interactive" -a -n "$missing" && {
    cat <<EOF | ${FMT} 1>&2
$0: Error: some required installation parameters are not defined.

- Either the parameters need to be given in the $config_directory/main.cf
file from a recent Postfix installation,

- Or the parameters need to be specified through the process
environment.

- Or the parameters need to be specified as name=value arguments
on the $0 command line,

The following parameters were missing:

    $missing

EOF
    exit 1
}

POSTCONF="$command_directory/postconf"

# Save settings, allowing command line/environment override.

# Undo MAIL_VERSION expansion at the end of a parameter value. If
# someone really wants the expanded mail version in main.cf, then
# we're sorry.

# Confine side effects from mail_version unexpansion within a subshell.

(case "$mail_version" in
"") mail_version="`$POSTCONF -dhx mail_version`" || exit 1
esac

for name in $MOST_PARAMETERS
do
    eval junk=\$$name
    case "$junk" in
    *"$mail_version"*) 
	case "$pattern" in
	"") pattern=`echo "$mail_version" | sed 's/\./\\\\./g'` || exit 1
	esac
	val=`echo "$junk" | sed "s/$pattern"'$/${mail_version}/g'` || exit 1
	eval ${name}='"$val"'
    esac
done

# XXX Maybe update main.cf only with first install, upgrade, set
# permissions, and what else? Should there be a warning otherwise?

override=
for name in $MOST_PARAMETERS
do
    eval junk=\"\$$name\"
    test "$junk" = "`$POSTCONF -qc $config_directory -h $name`" || {
	override=1
	break
    }
done

test -n "$override" && {
    $POSTCONF -qc $config_directory -e \
	"daemon_directory = $daemon_directory" \
	"command_directory = $command_directory" \
	"queue_directory = $queue_directory" \
	"data_directory = $data_directory" \
	"mail_owner = $mail_owner" \
	"setgid_group = $setgid_group" \
	"sendmail_path = $sendmail_path" \
	"mailq_path = $mailq_path" \
	"newaliases_path = $newaliases_path" \
	"html_directory = $html_directory" \
	"manpage_directory = $manpage_directory" \
	"sample_directory = $sample_directory" \
	"readme_directory = $readme_directory" \
	"shlib_directory = $shlib_directory" \
	"meta_directory = $meta_directory" \
    || exit 1
} || exit 0) || exit 1

# Use file/directory status information in $meta_directory/postfix-files.

test -n "$create" && {
    postfix_files_d=$meta_directory/postfix-files.d
    for postfix_file in $meta_directory/postfix-files \
	`test -d $postfix_files_d && { find $postfix_files_d -type f | sort; }`
    do
	exec <$postfix_file || exit 1
	while IFS=: read path type owner group mode flags junk
	do
	    IFS="$BACKUP_IFS"
	    set_permission=
	    # Skip comments. Skip shared files, if updating a secondary instance.
	    case $path in
	    [$]*) case "$update_shared_files" in
		  1) $debug keep non-shared or shared $path;;
		  *) non_shared=
		     for name in $NON_SHARED
		     do
			 case $path in
			 "\$$name"*) non_shared=1; break;;
			 esac
		     done
		     case "$non_shared" in
		      1) $debug keep non-shared $path;;
		      *) $debug skip shared $path; continue;;
		     esac;;
		  esac;;
	       *) continue;;
	    esac
	    # Skip hard links and symbolic links.
	    case $type in
	    [hl]) continue;;
	    [df]) ;;
	       *) echo unknown type $type for $path in $postfix_file 1>&2; exit 1;;
	    esac
	    # Expand $name, and canonicalize null fields.
	    for name in path owner group flags
	    do
		eval junk=\${$name}
		case $junk in
		[$]*) eval $name=$junk;;
		   -) eval $name=;;
		   *) ;;
		esac
	    done
	    # Skip uninstalled files.
	    case $path in
	    no|no/*) continue;;
	    esac
	    # Pick up the flags.
	    case $flags in *u*) upgrade_flag=1;; *) upgrade_flag=;; esac
	    case $flags in *c*) create_flag=1;; *) create_flag=;; esac
	    case $flags in *r*) recursive="-R";; *) recursive=;; esac
	    case $flags in *o*) obsolete_flag=1;; *) obsolete_flag=;; esac
	    case $flags in *[1i]*) test ! -r "$path" -a "$config_directory" != \
				    "$def_config_directory" && continue;; esac
	    # Flag obsolete objects. XXX Solaris 2..9 does not have "test -e".
	    if [ -n "$obsolete_flag" ]
	    then
		test -r $path -a "$type" != "d" && obsolete="$obsolete $path"
		continue;
	    else
		keep_list="$keep_list $path"
	    fi
	    # Create missing directories with proper owner/group/mode settings.
	    if [ -n "$create" -a "$type" = "d" -a -n "$create_flag" -a ! -d "$path" ]
	    then
		mkdir $path || exit 1
		set_permission=1
	    # Update all owner/group/mode settings.
	    elif [ -n "$set_perms" ]
	    then
		set_permission=1
	    # Update obsolete owner/group/mode settings.
	    elif [ -n "$upgrade_perms" -a -n "$upgrade_flag" ]
	    then
		set_permission=1
	    fi
	    test -n "$set_permission" && {
		chown $recursive $owner $path || exit 1
		test -z "$group" || chgrp $recursive $group $path || exit 1
		# Don't "chmod -R"; queue file status is encoded in mode bits.
		if [ "$type" = "d" -a -n "$recursive" ]
		then
		    find $path -type d -exec chmod $mode "{}" ";"
		else
		    chmod $mode $path
		fi || exit 1
	    }
	done
	IFS="$BACKUP_IFS"
    done
}

# Upgrade existing Postfix configuration files if necessary.

test -n "$upgrade_conf" && {

    # Postfix 2.0.
    # Add missing relay service to master.cf.

    grep '^relay' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for relay service
	cat >>$config_directory/master.cf <<EOF || exit 1
relay	  unix	-	-	n	-	-	smtp
EOF
    }

    # Postfix 1.1.
    # Add missing flush service to master.cf.

    grep '^flush.*flush' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for flush service
	cat >>$config_directory/master.cf <<EOF || exit 1
flush     unix  -       -       n       1000?   0       flush
EOF
    }

    # Postfix 2.1.
    # Add missing trace service to master.cf.

    grep 'trace.*bounce' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for trace service
	cat >>$config_directory/master.cf <<EOF || exit 1
trace	  unix	-	-	n	-	0	bounce
EOF
    }

    # Postfix 2.1.
    # Add missing verify service to master.cf.

    grep '^verify.*verify' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for verify service
	cat >>$config_directory/master.cf <<EOF || exit 1
verify	  unix	-	-	n	-	1	verify
EOF
    }

    # Postfix 2.1.
    # Fix verify service process limit.

    grep '^verify.*[ 	]0[ 	]*verify' \
	$config_directory/master.cf >/dev/null && {
	    echo Editing $config_directory/master.cf, setting verify process limit to 1
	    ed $config_directory/master.cf <<EOF || exit 1
/^verify.*[ 	]0[ 	]*verify/
s/\([ 	]\)0\([ 	]\)/\11\2/
p
w
q
EOF
    }

    # Postfix 1.1.
    # Change privileged pickup service into unprivileged.

    grep "^pickup[ 	]*fifo[ 	]*n[ 	]*n" \
	$config_directory/master.cf >/dev/null && {
	    echo Editing $config_directory/master.cf, making the pickup service unprivileged
	    ed $config_directory/master.cf <<EOF || exit 1
/^pickup[ 	]*fifo[ 	]*n[ 	]*n/
s/\(n[ 	]*\)n/\1-/
p
w
q
EOF
    }

    # Postfix 1.1.
    # Change private cleanup and flush services into public.

    for name in cleanup flush
    do
	grep "^$name[ 	]*unix[ 	]*[-y]" \
	    $config_directory/master.cf >/dev/null && {
		echo Editing $config_directory/master.cf, making the $name service public
	    ed $config_directory/master.cf <<EOF || exit 1
/^$name[ 	]*unix[ 	]*[-y]/
s/[-y]/n/
p
w
q
EOF
	}
    done

    # Postfix 2.2.
    # File systems have improved since Postfix came out, and all we
    # require now is that defer and deferred are hashed because those
    # can contain lots of files.

    found=`$POSTCONF -qc $config_directory -h hash_queue_names`
    missing=
    (echo "$found" | grep defer >/dev/null)  || missing="$missing defer"
    (echo "$found" | grep deferred>/dev/null)|| missing="$missing deferred"
    test -n "$missing" && {
	echo fixing main.cf hash_queue_names for missing $missing
	$POSTCONF -qc $config_directory -e hash_queue_names="$found$missing" ||
	    exit 1
    }

    # Turn on safety nets for new features that could bounce mail that
    # would be accepted by a previous Postfix version.

    # [The "unknown_local_recipient_reject_code = 450" safety net,
    # introduced with Postfix 2.0 and deleted after Postfix 2.3.]

    # Postfix 2.0.
    # Add missing proxymap service to master.cf.

    grep '^proxymap.*proxymap' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for proxymap service
	cat >>$config_directory/master.cf <<EOF || exit 1
proxymap  unix	-	-	n	-	-	proxymap
EOF
    }

    # Postfix 2.1.
    # Add missing anvil service to master.cf.

    grep '^anvil.*anvil' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for anvil service
	cat >>$config_directory/master.cf <<EOF || exit 1
anvil	  unix	-	-	n	-	1	anvil
EOF
    }

    # Postfix 2.2.
    # Add missing scache service to master.cf.

    grep '^scache.*scache' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for scache service
	cat >>$config_directory/master.cf <<EOF || exit 1
scache	  unix	-	-	n	-	1	scache
EOF
    }

    # Postfix 2.2.
    # Add missing discard service to master.cf.

    grep '^discard.*discard' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for discard service
	cat >>$config_directory/master.cf <<EOF || exit 1
discard	  unix	-	-	n	-	-	discard
EOF
    }

    # Postfix 2.2.
    # Update the tlsmgr fifo->unix service.

    grep "^tlsmgr[ 	]*fifo[ 	]" \
	$config_directory/master.cf >/dev/null && {
	    echo Editing $config_directory/master.cf, updating the tlsmgr from fifo to unix service
	    ed $config_directory/master.cf <<EOF || exit 1
/^tlsmgr[ 	]*fifo[ 	]/
s/fifo/unix/
s/[0-9][0-9]*/&?/
p
w
q
EOF
    }

    # Postfix 2.2.
    # Add missing tlsmgr service to master.cf.

    grep '^tlsmgr.*tlsmgr' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for tlsmgr service
	cat >>$config_directory/master.cf <<EOF || exit 1
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
EOF
    }

    # Postfix 2.2.
    # Add missing retry service to master.cf.

    grep '^retry.*error' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for retry service
	cat >>$config_directory/master.cf <<EOF || exit 1
retry     unix  -       -       n       -       -       error
EOF
    }

    # Postfix 2.5.
    # Add missing proxywrite service to master.cf.

    grep '^proxywrite.*proxymap' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for proxywrite service
	cat >>$config_directory/master.cf <<EOF || exit 1
proxywrite unix -       -       n       -       1       proxymap
EOF
    }

    # Postfix 2.5.
    # Fix a typo in the default master.cf proxywrite entry.

    grep '^proxywrite.*-[ 	]*proxymap' $config_directory/master.cf >/dev/null && {
	echo Editing $config_directory/master.cf, setting proxywrite process limit to 1
	    ed $config_directory/master.cf <<EOF || exit 1
/^proxywrite.*-[ 	]*proxymap/
s/-\([ 	]*proxymap\)/1\1/
p
w
q
EOF
    }

    # Postfix 2.8.
    # Add missing postscreen service to master.cf.

    grep '^#*smtp.*postscreen' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for postscreen TCP service
	cat >>$config_directory/master.cf <<EOF || exit 1
#smtp      inet  n       -       n       -       1       postscreen
EOF
    }

    # Postfix 2.8.
    # Add missing smtpd (unix-domain) service to master.cf.

    grep '^#*smtpd.*smtpd' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for smtpd unix-domain service
	cat >>$config_directory/master.cf <<EOF || exit 1
#smtpd     pass  -       -       n       -       -       smtpd
EOF
    }

    # Postfix 2.8.
    # Add temporary dnsblog (unix-domain) service to master.cf.

    grep '^#*dnsblog.*dnsblog' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for dnsblog unix-domain service
	cat >>$config_directory/master.cf <<EOF || exit 1
#dnsblog   unix  -       -       n       -       0       dnsblog
EOF
    }

    # Postfix 2.8.
    # Add tlsproxy (unix-domain) service to master.cf.

    grep '^#*tlsproxy.*tlsproxy' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for tlsproxy unix-domain service
	cat >>$config_directory/master.cf <<EOF || exit 1
#tlsproxy  unix  -       -       n       -       0       tlsproxy
EOF
    }

    # Report (but do not remove) obsolete files.

    test -n "$obsolete" && {
	cat <<EOF | ${FMT}

    Note: the following files or directories still exist but are
    no longer part of Postfix:

    $obsolete

EOF
    }

    # Postfix 2.9.
    # Safety net for incompatible changes in IPv6 defaults.
    # PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO AVOID AN
    # UNEXPECTED DROP IN PERFORMANCE AFTER UPGRADING FROM POSTFIX
    # BEFORE 2.9.
    # This code assumes that the default is "inet_protocols = ipv4"
    # when IPv6 support is not compiled in. See util/sys_defs.h.

    test "`$POSTCONF -dh inet_protocols`" = "ipv4" ||
	test -n "`$POSTCONF -qc $config_directory -n inet_protocols`" || {
	cat <<EOF | ${FMT}
    COMPATIBILITY: editing $config_directory/main.cf, setting
    inet_protocols=ipv4.  Specify inet_protocols explicitly if you
    want to enable IPv6.
    In a future release IPv6 will be enabled by default.
EOF
	$POSTCONF -qc $config_directory inet_protocols=ipv4 || exit 1
    }

# Disabled because unhelpful down-stream maintainers disable the safety net.
#    # Postfix 2.10.
#    # Safety net for incompatible changes due to the introduction
#    # of the smtpd_relay_restrictions feature to separate the
#    # mail relay policy from the spam blocking policy.
#    # PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO PREVENT
#    # INBOUND MAIL FROM UNEXPECTEDLY BOUNCING AFTER UPGRADING FROM
#    # POSTFIX BEFORE 2.10.
#    test -n "`$POSTCONF -qc $config_directory -n smtpd_relay_restrictions`" || {
#	cat <<EOF | ${FMT}
#    COMPATIBILITY: editing $config_directory/main.cf, overriding
#    smtpd_relay_restrictions to prevent inbound mail from
#    unexpectedly bouncing.
#    Specify an empty smtpd_relay_restrictions value to keep using 
#    smtpd_recipient_restrictions as before.
#EOF
#	$POSTCONF -qc $config_directory "smtpd_relay_restrictions = \
#	    permit_mynetworks permit_sasl_authenticated \
#	    defer_unauth_destination" || exit 1
#    }

    # Postfix 3.4
    # Add a postlog service entry.

    grep '^postlog' $config_directory/master.cf >/dev/null || {
	echo Editing $config_directory/master.cf, adding missing entry for postlog unix-domain datagram service
	cat >>$config_directory/master.cf <<EOF || exit 1
postlog   unix-dgram n  -       n       -       1       postlogd
EOF
    }
}

# A reminder if this is the first time Postfix is being installed.

test -n "$first_install_reminder" && {

    ALIASES=`$POSTCONF -qc $config_directory -h alias_database | sed 's/^[^:]*://'`
    NEWALIASES_PATH=`$POSTCONF -qc $config_directory -h newaliases_path`
    cat <<EOF | ${FMT}

    Warning: you still need to edit myorigin/mydestination/mynetworks
    parameter settings in $config_directory/main.cf.

    See also https://www.postfix.org/STANDARD_CONFIGURATION_README.html
    for information about dialup sites or about sites inside a
    firewalled network.

    BTW: Check your $ALIASES file and be sure to set up aliases
    that send mail for root and postmaster to a real person, then
    run $NEWALIASES_PATH.

EOF

}

exit 0