initial import

postfix/PKGBUILD

@@ -0,0 +1,137 @@
+# Maintainer: Jesus E. <heckyel@riseup.net>
+
+pkgname=postfix
+pkgver=3.5.13
+_debver=$pkgver
+_debrel=0
+pkgrel=3
+pkgdesc="Fast, easy to administer, secure mail server"
+license=('IPL-1.0')
+arch=('i686' 'x86_64')
+url='http://www.postfix.org/'
+depends=('libressl' 'pcre' 'icu' 'libsasl' 'libldap' 'db' 'libnsl' 'postgresql-libs' 'sqlite' 'tinycdb')
+makedepends=('quilt')
+optdepends=('logger: message logging support')
+source=("https://archive.mgm51.com/mirrors/postfix-source/official/${pkgname}-${pkgver}.tar.gz"
+        "https://repo.hyperbola.info:50000/sources/${pkgname}/postfix_${_debver}-${_debrel}+deb11u1.debian.tar.xz"{,.sig}
+        "aliases.patch"
+        "libressl.patch"
+        "postfix.initd"
+        "postfix.run")
+sha512sums=('47aee05f92fca387533132f5227b82fbab4700f9bc3512a17abee1c3aeb2e54ce5a964189774c14489a99c5b53ef606d8d3f5aac44f32739265c1be47bd4a24c'
+            'bac745840ce5cffe9243aba71df4506e54910377025aeeb29db9c6b32ff88cee96caeace110c1eb69859c4888865929b73f11416227abf08c546bcc48945f7c4'
+            'SKIP'
+            '630cd85be341fbd82c5202fdfd6c3b1df906c0b77cff43ae44f665451d7ddc99e6a20a755ed970fff60d93ccbb3139ea28495f0b281232e8a97218319156a57f'
+            '1acedf7558b39f78943368c88ae551988a228ded81d37fd58160b6cbe665e1cc94a2abebad80fb0f15ca4a9cbbb8a5e0d880e36103a400789586095855a96b0c'
+            '2ad1b053bbb51d4f480dbf5a01252e8e99a82ec14a75ff49336b2b190ea55bc02400542b109fa0cc4ebfe6b42eaabbc45f70f2ea581f1eb9c4189c439b825592'
+            '8a7afca85aa864eeff052751a72cd81e094db188c689f5361d6acbf429bdbb2fbdcec95a743de9054dbe13e101b66e5d1047e6393bd3bafcbd40a4cffaa30563')
+validpgpkeys=('C92BAA713B8D53D3CAE63FC9E6974752F9704456') # André Silva
+
+backup=('etc/postfix/'{access,aliases,canonical,generic,header_checks,main.cf,master.cf,relocated,transport,virtual})
+
+conflicts=('smtp-server' 'smtp-forwarder' 'postfix-tools')
+provides=('smtp-server' 'smtp-forwarder' 'postfix-tools')
+replaces=('postfix-tools')
+
+install=postfix.install
+
+prepare() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+
+  if [[ ${pkgver%.*} = ${_debver%.*} ]]; then
+    # Debian patches
+    export QUILT_PATCHES=debian/patches
+    export QUILT_REFRESH_ARGS='-p ab --no-timestamps --no-index'
+    export QUILT_DIFF_ARGS='--no-timestamps'
+
+    mv "$srcdir"/debian .
+
+    # Doesn't apply
+    rm -v debian/patches/02_kfreebsd_support.diff || true
+    rm -v debian/patches/03_ldap3_by_default.diff || true
+    rm -v debian/patches/05_debian_defaults.diff || true
+    rm -v debian/patches/05_debian_manpage_differences.diff || true
+    rm -v debian/patches/05_debian_readme_differences.diff || true
+    rm -v debian/patches/06_debian_paths.diff || true
+    rm -v debian/patches/07_sasl_config.diff || true
+    rm -v debian/patches/10_openssl_version_check.diff || true
+    rm -v debian/patches/30_shared_libs.diff || true
+
+    quilt push -av
+  fi
+
+  patch -Np1 -i "${srcdir}/libressl.patch"
+}
+
+build() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+
+  CCARGS='
+          -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl
+          -DHAS_LDAP
+          -DUSE_TLS
+          -DHAS_PGSQL -I/usr/include/postgresql
+          -DHAS_SQLITE
+          -DHAS_CDB
+          -DDEF_COMMAND_DIR=\"/usr/sbin\"
+          -DDEF_DAEMON_DIR=\"/usr/libexec/postfix\"
+          -DDEF_SENDMAIL_PATH=\"/usr/sbin/sendmail\"
+          -DDEF_README_DIR=\"/usr/share/doc/postfix\"
+          -DDEF_MANPAGE_DIR=\"/usr/share/man\"
+         '
+  AUXLIBS='
+          -lsasl2
+          -lldap -llber
+          -lssl -lcrypto
+          -lz -lm
+          -lpq
+          -lsqlite3 -lpthread
+          -lcdb
+          '
+  make makefiles \
+       DEBUG='' \
+       pie=yes \
+       shared=yes \
+       CCARGS="${CCARGS//$'\n'/}" \
+       AUXLIBS="${AUXLIBS//$'\n'/}" \
+       OPT="${CFLAGS} ${LDFLAGS}"
+
+  make
+}
+
+package() {
+  cd "${srcdir}/postfix-${pkgver}"
+
+  sed 's:bin/postconf -dhx:bin/postconf -c conf -dhx:g' -i postfix-install
+  LD_LIBRARY_PATH=lib:$LD_LIBRARY_PATH \
+                 sh postfix-install -non-interactive install_root="${pkgdir}"
+
+  install -Dm644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}"
+  install -Dm755 "${srcdir}/${pkgname}.initd" "${pkgdir}/etc/init.d/${pkgname}"
+  install -Dm755 "${srcdir}/${pkgname}.run" "${pkgdir}/etc/sv/${pkgname}/run"
+
+  for name in posttls-finger {smtp,qmqp}-{sink,source}; do
+    install -Dm644 "man/man1/${name}.1" "${pkgdir}/usr/share/man/man1/${name}.1"
+    install -Dm755 "bin/${name}" "${pkgdir}/usr/sbin/${name}"
+  done
+
+  # now set permissions right
+  sed -r \
+      -e '/override=1/d' \
+      -e '/absolute path name/d' \
+      -e 's/\$POSTCONF -/$POSTCONF -c .\/etc\/postfix -/g' \
+      -e '/(if \[|chmod|chown|find|mkdir|test)/s/\$path/.\/$path/g' \
+      libexec/post-install > ../hyperbola-post-install
+  cd "${pkgdir}"
+  LD_LIBRARY_PATH=usr/lib/postfix:$LD_LIBRARY_PATH \
+                 sh "${srcdir}/hyperbola-post-install" \
+                 command_directory=usr/sbin \
+                 config_directory=etc/postfix \
+                 meta_directory=etc/postfix \
+                 setgid_group=75 \
+                 mail_owner=73 \
+                 set-permissions
+
+  patch --no-backup-if-mismatch -p1 -i "${srcdir}"/aliases.patch
+  sed 's/^\(\$manpage[^:]*\):/\1.gz:/' -i "etc/postfix/postfix-files"
+}

postfix/aliases.patch

@@ -0,0 +1,20 @@
+diff --git a/etc/postfix/main.cf b/etc/postfix/main.cf
+index 60f33af8..f0f53b61 100644
+--- a/etc/postfix/main.cf
++++ b/etc/postfix/main.cf
+@@ -401,6 +401,7 @@ unknown_local_recipient_reject_code = 550
+ #alias_maps = hash:/etc/aliases
+ #alias_maps = hash:/etc/aliases, nis:mail.aliases
+ #alias_maps = netinfo:/aliases
++alias_maps = hash:/etc/postfix/aliases
+ 
+ # The alias_database parameter specifies the alias database(s) that
+ # are built with "newaliases" or "sendmail -bi".  This is a separate
+@@ -411,6 +412,7 @@ unknown_local_recipient_reject_code = 550
+ #alias_database = dbm:/etc/mail/aliases
+ #alias_database = hash:/etc/aliases
+ #alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
++alias_database = $alias_maps
+ 
+ # ADDRESS EXTENSIONS (e.g., user+foo)
+ #

postfix/libressl.patch

@@ -0,0 +1,233 @@
+diff --git a/src/global/mail_params.h b/src/global/mail_params.h
+index a6119f1b..e437b9cd 100644
+--- a/src/global/mail_params.h
++++ b/src/global/mail_params.h
+@@ -19,7 +19,7 @@ typedef int bool;
+ #ifdef USE_TLS
+ #include <openssl/opensslv.h>		/* OPENSSL_VERSION_NUMBER */
+ #include <openssl/objects.h>		/* SN_* and NID_* macros */
+-#if OPENSSL_VERSION_NUMBER < 0x1000200fUL
++#if OPENSSL_VERSION_NUMBER < 0x1010101fUL && !defined(LIBRESSL_VERSION_NUMBER)
+ #error "OpenSSL releases prior to 1.0.2 are no longer supported"
+ #endif
+ #endif
+diff --git a/src/posttls-finger/posttls-finger.c b/src/posttls-finger/posttls-finger.c
+index c142d43f..ee894327 100644
+--- a/src/posttls-finger/posttls-finger.c
++++ b/src/posttls-finger/posttls-finger.c
+@@ -1673,7 +1673,8 @@ static int finger(STATE *state)
+     return (0);
+ }
+ 
+-#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L
++#if defined(USE_TLS) && \
++    ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) )
+ 
+ /* ssl_cleanup - free memory allocated in the OpenSSL library */
+ 
+@@ -2156,7 +2157,8 @@ int     main(int argc, char *argv[])
+     cleanup(&state);
+ 
+     /* OpenSSL 1.1.0 and later (de)initialization is implicit */
+-#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L
++#if defined(USE_TLS) && \
++    ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) )
+     ssl_cleanup();
+ #endif
+ 
+diff --git a/src/tls/tls.h b/src/tls/tls.h
+index 2a8cc119..4c8dff11 100644
+--- a/src/tls/tls.h
++++ b/src/tls/tls.h
+@@ -84,12 +84,12 @@ extern const char *str_tls_level(int);
+ #define ssl_cipher_stack_t STACK_OF(SSL_CIPHER)
+ #define ssl_comp_stack_t STACK_OF(SSL_COMP)
+ 
+-#if (OPENSSL_VERSION_NUMBER < 0x1000200fUL)
++#if (OPENSSL_VERSION_NUMBER < 0x1000200fUL && !defined(LIBRESSL_VERSION_NUMBER))
+ #error "OpenSSL releases prior to 1.0.2 are no longer supported"
+ #endif
+ 
+  /* Backwards compatibility with OpenSSL < 1.1.0 */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define OpenSSL_version_num SSLeay
+ #define OpenSSL_version SSLeay_version
+ #define OPENSSL_VERSION SSLEAY_VERSION
+@@ -106,13 +106,16 @@ extern const char *str_tls_level(int);
+ #define ASN1_STRING_get0_data ASN1_STRING_data
+ #define X509_getm_notBefore X509_get_notBefore
+ #define X509_getm_notAfter X509_get_notAfter
++#endif
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define TLS_method SSLv23_method
+ #define TLS_client_method SSLv23_client_method
+ #define TLS_server_method SSLv23_server_method
+ #endif
+ 
+  /* Backwards compatibility with OpenSSL < 1.1.1 */
+-#if OPENSSL_VERSION_NUMBER < 0x1010100fUL
++#if OPENSSL_VERSION_NUMBER < 0x1010100fUL || defined(LIBRESSL_VERSION_NUMBER)
+ #define SSL_CTX_set_num_tickets(ctx, num) ((void)0)
+ #endif
+ 
+@@ -124,7 +127,7 @@ extern const char *str_tls_level(int);
+   * SSL_get_peer_tmp_key(), with the original name left behind as an alias.  We
+   * use the new name when available.
+   */
+-#if OPENSSL_VERSION_NUMBER < 0x1010101fUL
++#if OPENSSL_VERSION_NUMBER < 0x1010101fUL || defined(LIBRESSL_VERSION_NUMBER)
+ #undef SSL_get_signature_nid
+ #define SSL_get_signature_nid(ssl, pnid) (NID_undef)
+ #define tls_get_peer_dh_pubkey SSL_get_server_tmp_key
+diff --git a/src/tls/tls_certkey.c b/src/tls/tls_certkey.c
+index be8d4700..27a039c0 100644
+--- a/src/tls/tls_certkey.c
++++ b/src/tls/tls_certkey.c
+@@ -149,7 +149,7 @@ static void init_pem_load_state(pem_load_state_t *st, SSL_CTX *ctx, SSL *ssl,
+ 
+ /* use_chain - load cert, key and chain into ctx or ssl */
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x1010100fUL
++#if OPENSSL_VERSION_NUMBER >= 0x1010100fUL && !defined(LIBRESSL_VERSION_NUMBER)
+ static int use_chain(pem_load_state_t *st)
+ {
+     int     ret;
+@@ -697,7 +697,7 @@ int     main(int argc, char *argv[])
+     char   *key_file = 0;
+     SSL_CTX *ctx;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 
+     /*
+      * Initialize the OpenSSL library by the book! To start with, we must
+diff --git a/src/tls/tls_client.c b/src/tls/tls_client.c
+index 135cea4b..955c5340 100644
+--- a/src/tls/tls_client.c
++++ b/src/tls/tls_client.c
+@@ -333,7 +333,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props)
+      */
+     tls_check_version();
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 
+     /*
+      * Initialize the OpenSSL library by the book! To start with, we must
+@@ -410,7 +410,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props)
+     SSL_CTX_set_options(client_ctx, off);
+ 
+     /* Enable all supported protocols */
+-#if OPENSSL_VERSION_NUMBER >= 0x1010000fUL
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fUL && !defined(LIBRESSL_VERSION_NUMBER)
+     SSL_CTX_set_min_proto_version(client_ctx, 0);
+ #endif
+ 
+@@ -473,7 +473,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props)
+     /*
+      * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+      */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 
+     /*
+      * According to the OpenSSL documentation, temporary RSA key is needed
+diff --git a/src/tls/tls_dane.c b/src/tls/tls_dane.c
+index 013426b1..5cbb74e3 100644
+--- a/src/tls/tls_dane.c
++++ b/src/tls/tls_dane.c
+@@ -2006,7 +2006,7 @@ static SSL_CTX *ctx_init(const char *CAfile)
+     tls_param_init();
+     tls_check_version();
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     SSL_load_error_strings();
+     SSL_library_init();
+ #endif
+diff --git a/src/tls/tls_dh.c b/src/tls/tls_dh.c
+index 70db8e9d..727e3a80 100644
+--- a/src/tls/tls_dh.c
++++ b/src/tls/tls_dh.c
+@@ -314,7 +314,7 @@ void    tls_auto_eecdh_curves(SSL_CTX *ctx, const char *configured)
+      * This is a NOP in OpenSSL 1.1.0 and later, where curves are always
+      * auto-negotiated.
+      */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000UL
++#if OPENSSL_VERSION_NUMBER < 0x10100000UL || defined(LIBRESSL_VERSION_NUMBER)
+     if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0) {
+ 	msg_warn("failed to enable automatic ECDHE curve selection");
+ 	tls_print_errors();
+diff --git a/src/tls/tls_rsa.c b/src/tls/tls_rsa.c
+index 67f2a2ee..c6a759e8 100644
+--- a/src/tls/tls_rsa.c
++++ b/src/tls/tls_rsa.c
+@@ -57,7 +57,7 @@
+  /*
+   * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+   */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 
+ /* tls_tmp_rsa_cb - call-back to generate ephemeral RSA key */
+ 
+@@ -103,7 +103,7 @@ int     main(int unused_argc, char *const argv[])
+     /*
+      * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+      */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+     RSA    *rsa;
+ 
+     msg_vstream_init(argv[0], VSTREAM_ERR);
+diff --git a/src/tls/tls_server.c b/src/tls/tls_server.c
+index 25d85ec7..b134d50d 100644
+--- a/src/tls/tls_server.c
++++ b/src/tls/tls_server.c
+@@ -167,7 +167,7 @@ static const char server_session_id_context[] = "Postfix/TLS";
+ #define GET_SID(s, v, lptr)	((v) = SSL_SESSION_get_id((s), (lptr)))
+ 
+  /* OpenSSL 1.1.0 bitrot */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ typedef const unsigned char *session_id_t;
+ 
+ #else
+@@ -370,7 +370,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
+      */
+     tls_check_version();
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 
+     /*
+      * Initialize the OpenSSL library by the book! To start with, we must
+@@ -487,7 +487,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
+      * incomplete.
+      */
+ #ifdef SSL_OP_NO_TICKET
+-#ifndef OPENSSL_NO_TLSEXT
++#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER >= 0x0090808fL && !defined(LIBRESSL_VERSION_NUMBER)
+     ticketable = (*var_tls_tkt_cipher && scache_timeout > 0
+ 		  && !(off & SSL_OP_NO_TICKET));
+     if (ticketable) {
+@@ -528,7 +528,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
+     SSL_CTX_set_options(server_ctx, off);
+ 
+     /* Enable all supported protocols */
+-#if OPENSSL_VERSION_NUMBER >= 0x1010000fUL
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fUL && !defined(LIBRESSL_VERSION_NUMBER)
+     SSL_CTX_set_min_proto_version(server_ctx, 0);
+     SSL_CTX_set_min_proto_version(sni_ctx, 0);
+ #endif
+@@ -616,7 +616,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
+     /*
+      * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev
+      */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 
+     /*
+      * According to OpenSSL documentation, a temporary RSA key is needed when

postfix/postfix.initd

@@ -0,0 +1,85 @@
+#!/sbin/openrc-run
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_started_commands="reload abort flush"
+
+description_reload="Re-read configuration files. Running processes terminate at their earliest convenience."
+description_abort="Stop the Postfix mail system abruptly. Running processes are signaled to stop immediately."
+description_flush="Force delivery: attempt to deliver every message in the deferred mail queue."
+
+# Please read http://www.postfix.org/MULTI_INSTANCE_README.html for multi instance support
+CONF_DIR="/etc/postfix"
+CONF_OPT="${SVCNAME##*.}"
+if [ -n ${CONF_OPT} -a ${SVCNAME} != "postfix" ]; then
+	CONF_DIR="${CONF_DIR}.${CONF_OPT}"
+fi
+if [ "${CONF_DIR}" = "/etc/postfix" ]; then
+	CONF_PARAM=""
+	CONF_MESSAGE=""
+else
+	CONF_PARAM="-c ${CONF_DIR}"
+	CONF_MESSAGE="(${CONF_DIR})"
+fi
+
+depend() {
+	use logger dns ypbind amavisd antivirus postfix_greylist net saslauthd
+	if [ "${SVCNAME}" = "postfix" ]; then
+		provide mta
+	fi
+}
+
+start() {
+	if [ ! -z "${CONF_PARAM}" ]; then
+		einfo "Please consider updating your config for postmulti support."
+	fi
+	ebegin "Starting postfix ${CONF_MESSAGE}"
+	if [ ! -d ${CONF_DIR} ]; then
+		eend 1 "${CONF_DIR} does not exist"
+		return 1
+	fi
+	/usr/sbin/postfix ${CONF_PARAM} start >/dev/null 2>&1
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping postfix ${CONF_MESSAGE}"
+	/usr/sbin/postfix ${CONF_PARAM} stop >/dev/null 2>&1
+	eend
+}
+
+status() {
+	local _retval
+	einfon ""
+	/usr/sbin/postfix ${CONF_PARAM} status
+	_retval=$?
+	if [ x${_retval} = 'x0' ]; then
+		mark_service_started "${SVCNAME}"
+		eend 0
+	else
+		mark_service_stopped "${SVCNAME}"
+		eend 3
+	fi
+}
+
+reload() {
+	ebegin "Reloading postfix ${CONF_MESSAGE}"
+	/usr/sbin/postfix ${CONF_PARAM} reload >/dev/null 2>&1
+	eend $?
+}
+
+abort() {
+	ebegin "Aborting postfix ${CONF_MESSAGE}"
+
+	if service_started "${SVCNAME}"; then
+		mark_service_stopped "${SVCNAME}"
+	fi
+	/usr/sbin/postfix ${CONF_PARAM} abort >/dev/null 2>&1
+	eend $?
+}
+
+flush() {
+	ebegin "Flushing postfix ${CONF_MESSAGE}"
+	/usr/sbin/postfix ${CONF_PARAM} flush >/dev/null 2>&1
+	eend $?
+}

postfix/postfix.install

@@ -0,0 +1,44 @@
+post_install() {
+	if ! getent group postdrop &>/dev/null; then
+		groupadd -g 75 postdrop >/dev/null
+	fi
+	if ! getent group postfix &>/dev/null; then
+		groupadd -g 73 postfix >/dev/null
+	fi
+	if ! getent passwd postfix &>/dev/null; then
+		useradd -u 73 -d /var/spool/postfix -g postfix -G adm -s /bin/nologin postfix >/dev/null
+	fi
+	if ! groups postfix | grep adm &>/dev/null; then
+		gpasswd -a postfix adm >/dev/null
+	fi
+	postfix_shell=$(getent passwd postfix | cut -d: -f7)
+	if [ "$postfix_shell" != '/bin/nologin' ]; then
+		chsh -s /bin/nologin postfix &>/dev/null
+	fi
+	if [ ! -d /var/spool/postfix/public/pickup ]; then
+		mkfifo /var/spool/postfix/public/pickup
+	fi
+}
+
+post_upgrade() {
+	post_install
+	if [[ $(vercmp $2 3.0.0-3) -eq -1 ]]; then
+		echo '==> The postfix daemon binaries have moved.'
+		echo '==> Please restart postfix as soon as possible.'
+	elif [[ $(vercmp $2 3.0.1-1) -eq -1 ]]; then
+		echo '==> Several Postfix-internal protocols have changed.'
+		echo '==> Please restart postfix as soon as possible.'
+	fi
+}
+
+post_remove() {
+	if getent passwd postfix &>/dev/null; then
+		userdel postfix >/dev/null
+	fi
+	if getent group postfix &>/dev/null; then
+		groupdel postfix >/dev/null
+	fi
+	if getent group postdrop &>/dev/null; then
+		groupdel postdrop >/dev/null
+	fi
+}

postfix/postfix.run

@@ -0,0 +1,3 @@
+#!/bin/sh
+postfix check || exit 1
+exec /usr/libexec/postfix/master -d