committing changes in /etc made by "-bash"

Package changes:

.etckeeper

@@ -298,7 +298,7 @@ maybe chmod 0644 'cron.d/csf-cron'
 maybe chmod 0600 'cron.d/csf_update'
 maybe chmod 0644 'cron.d/lfd-cron'
 maybe chmod 0644 'cron.d/maldet_pub'
-maybe chmod 0700 'cron.daily'
+maybe chmod 0755 'cron.daily'
 maybe chmod 0750 'cron.daily/aide'
 maybe chmod 0700 'cron.daily/csget'
 maybe chmod 0755 'cron.daily/etckeeper'
@@ -306,12 +306,12 @@ maybe chmod 0755 'cron.daily/logrotate'
 maybe chmod 0755 'cron.daily/maldet'
 maybe chmod 0755 'cron.daily/rkhunter'
 maybe chmod 0600 'cron.deny'
-maybe chmod 0700 'cron.hourly'
+maybe chmod 0755 'cron.hourly'
 maybe chmod 0755 'cron.hourly/0anacron'
-maybe chmod 0700 'cron.monthly'
+maybe chmod 0755 'cron.monthly'
 maybe chmod 0755 'cron.monthly/psacct'
-maybe chmod 0700 'cron.weekly'
+maybe chmod 0755 'cron.weekly'
-maybe chmod 0600 'crontab'
+maybe chmod 0644 'crontab'
 maybe chmod 0755 'crypto-policies'
 maybe chmod 0755 'crypto-policies/back-ends'
 maybe chmod 0644 'crypto-policies/back-ends/nss.config'
@@ -933,6 +933,7 @@ maybe chmod 0644 'httpd/conf.d/perl.conf'
 maybe chmod 0644 'httpd/conf.d/perl.conf.rpmnew'
 maybe chmod 0644 'httpd/conf.d/php.conf'
 maybe chmod 0644 'httpd/conf.d/phpmyadmin.conf'
+maybe chmod 0644 'httpd/conf.d/ssl.conf'
 maybe chmod 0644 'httpd/conf.d/ssl.conf_disabled'
 maybe chmod 0644 'httpd/conf.d/userdir.conf'
 maybe chmod 0644 'httpd/conf.d/welcome.conf'
@@ -977,23 +978,23 @@ maybe chmod 0644 'issue.net'
 maybe chmod 0644 'issue.rpmnew'
 maybe chmod 0755 'java'
 maybe chmod 0755 'java/java-1.8.0-openjdk'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/calendars.properties'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/calendars.properties'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/logging.properties'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/logging.properties'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/blacklisted.certs'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/blacklisted.certs'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/java.policy'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/java.policy'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/java.security'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/java.security'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/nss.cfg'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/nss.cfg'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/nss.fips.cfg'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/nss.fips.cfg'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/policy'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/policy/limited'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/limited'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/policy/limited/US_export_policy.jar'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/limited/US_export_policy.jar'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/policy/limited/local_policy.jar'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/limited/local_policy.jar'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/policy/unlimited'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/unlimited'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/policy/unlimited/US_export_policy.jar'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/unlimited/US_export_policy.jar'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/policy/unlimited/local_policy.jar'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/unlimited/local_policy.jar'
 maybe chmod 0755 'java/security'
 maybe chmod 0755 'java/security/security.d'
 maybe chmod 0755 'jvm'
@@ -1014,9 +1015,9 @@ maybe chmod 0755 'ld.so.conf.d'
 maybe chmod 0644 'ld.so.conf.d/bind-export-x86_64.conf'
 maybe chmod 0644 'ld.so.conf.d/dyninst-x86_64.conf'
 maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-193.6.3.el8_2.x86_64.conf'
-maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-240.10.1.el8_3.x86_64.conf'
 maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-240.15.1.el8_3.x86_64.conf'
 maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-240.22.1.el8_3.x86_64.conf'
+maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-305.3.1.el8.x86_64.conf'
 maybe chmod 0755 'letsencrypt'
 maybe chown 'setroubleshoot' 'letsencrypt/.updated-options-ssl-apache-conf-digest.txt'
 maybe chgrp 'setroubleshoot' 'letsencrypt/.updated-options-ssl-apache-conf-digest.txt'
@@ -2426,6 +2427,19 @@ maybe chmod 0640 'letsencrypt/renewal/zira.898.ro.conf'
 maybe chmod 0644 'letsencrypt/renewal/zira.go.ro.conf'
 maybe chmod 0640 'letsencrypt/ssl-dhparams.pem'
 maybe chmod 0640 'libaudit.conf'
+maybe chmod 0755 'libibverbs.d'
+maybe chmod 0644 'libibverbs.d/bnxt_re.driver'
+maybe chmod 0644 'libibverbs.d/cxgb4.driver'
+maybe chmod 0644 'libibverbs.d/efa.driver'
+maybe chmod 0644 'libibverbs.d/hfi1verbs.driver'
+maybe chmod 0644 'libibverbs.d/hns.driver'
+maybe chmod 0644 'libibverbs.d/i40iw.driver'
+maybe chmod 0644 'libibverbs.d/mlx4.driver'
+maybe chmod 0644 'libibverbs.d/mlx5.driver'
+maybe chmod 0644 'libibverbs.d/qedr.driver'
+maybe chmod 0644 'libibverbs.d/rxe.driver'
+maybe chmod 0644 'libibverbs.d/siw.driver'
+maybe chmod 0644 'libibverbs.d/vmw_pvrdma.driver'
 maybe chmod 0755 'libnl'
 maybe chmod 0644 'libnl/classid'
 maybe chmod 0644 'libnl/pktloc'
@@ -2454,6 +2468,7 @@ maybe chmod 0644 'logrotate.d/fail2ban'
 maybe chmod 0644 'logrotate.d/firewalld'
 maybe chmod 0644 'logrotate.d/httpd'
 maybe chmod 0644 'logrotate.d/iptraf-ng'
+maybe chmod 0644 'logrotate.d/kvm_stat'
 maybe chmod 0644 'logrotate.d/lfd'
 maybe chmod 0644 'logrotate.d/mysql'
 maybe chgrp 'named' 'logrotate.d/named'
@@ -2631,6 +2646,7 @@ maybe chmod 0644 'mail/spamassassin/v330.pre'
 maybe chmod 0644 'mail/spamassassin/v340.pre'
 maybe chmod 0644 'mail/spamassassin/v341.pre'
 maybe chmod 0644 'mail/spamassassin/v342.pre'
+maybe chmod 0644 'mail/spamassassin/v343.pre'
 maybe chmod 0644 'mail/spamassassin/wrongmx.pm'
 maybe chmod 0644 'mailcap'
 maybe chmod 0644 'man_db.conf'
@@ -3075,11 +3091,13 @@ maybe chmod 0644 'modprobe.d/blacklist-firewire.conf'
 maybe chmod 0640 'modprobe.d/cramfs.conf'
 maybe chmod 0644 'modprobe.d/firewalld-sysctls.conf'
 maybe chmod 0644 'modprobe.d/lockd.conf'
+maybe chmod 0644 'modprobe.d/mlx4.conf'
 maybe chmod 0644 'modprobe.d/nodccp.conf'
 maybe chmod 0644 'modprobe.d/rds.conf'
 maybe chmod 0644 'modprobe.d/sctp.conf'
 maybe chmod 0640 'modprobe.d/squashfs.conf'
 maybe chmod 0644 'modprobe.d/tipc.conf'
+maybe chmod 0644 'modprobe.d/truescale.conf'
 maybe chmod 0644 'modprobe.d/tuned.conf'
 maybe chmod 0640 'modprobe.d/udf.conf'
 maybe chmod 0640 'modprobe.d/vfat.conf'
@@ -3591,8 +3609,6 @@ maybe chmod 0644 'nginx/conf.d/mail.club3d.ro.conf'
 maybe chown 'nginx' 'nginx/conf.d/padmin.club3d.ro.conf'
 maybe chgrp 'nginx' 'nginx/conf.d/padmin.club3d.ro.conf'
 maybe chmod 0640 'nginx/conf.d/padmin.club3d.ro.conf'
-maybe chown 'nginx' 'nginx/conf.d/php-fpm.conf'
-maybe chgrp 'nginx' 'nginx/conf.d/php-fpm.conf'
 maybe chmod 0644 'nginx/conf.d/php-fpm.conf'
 maybe chown 'nginx' 'nginx/conf.d/rspamd.club3d.ro.conf'
 maybe chgrp 'nginx' 'nginx/conf.d/rspamd.club3d.ro.conf'
@@ -4028,6 +4044,7 @@ maybe chmod 0640 'postfix/_sql/mysql_virtual_mailbox_maps.cf'
 maybe chmod 0644 'postfix/access'
 maybe chgrp 'postfix' 'postfix/access.db'
 maybe chmod 0640 'postfix/access.db'
+maybe chmod 0644 'postfix/access.rpmnew'
 maybe chgrp 'postfix' 'postfix/blacklist'
 maybe chmod 0640 'postfix/blacklist'
 maybe chgrp 'postfix' 'postfix/blacklist.db'
@@ -4038,6 +4055,7 @@ maybe chgrp 'postfix' 'postfix/body_checks.db'
 maybe chmod 0640 'postfix/body_checks.db'
 maybe chmod 0640 'postfix/ca-certificates-2019.2.32-76.el7_7.noarch.rpm'
 maybe chmod 0644 'postfix/canonical'
+maybe chmod 0644 'postfix/canonical.rpmnew'
 maybe chgrp 'postfix' 'postfix/check_client_access'
 maybe chmod 0640 'postfix/check_client_access'
 maybe chgrp 'postfix' 'postfix/check_client_access.db'
@@ -4069,9 +4087,11 @@ maybe chgrp 'postfix' 'postfix/helo_access.pcre.db'
 maybe chmod 0640 'postfix/helo_access.pcre.db'
 maybe chmod 0644 'postfix/main.cf'
 maybe chmod 0644 'postfix/main.cf.proto'
+maybe chmod 0644 'postfix/main.cf.rpmnew'
 maybe chmod 0644 'postfix/master.cf'
 maybe chmod 0644 'postfix/master.cf.bkp'
 maybe chmod 0644 'postfix/master.cf.proto'
+maybe chmod 0644 'postfix/master.cf.rpmnew'
 maybe chgrp 'postfix' 'postfix/mime_header_checks'
 maybe chmod 0640 'postfix/mime_header_checks'
 maybe chgrp 'postfix' 'postfix/mynetworks'
@@ -4152,9 +4172,11 @@ maybe chmod 0640 'postfix/submission_header_cleanup'
 maybe chmod 0644 'postfix/transport'
 maybe chgrp 'postfix' 'postfix/transport.db'
 maybe chmod 0640 'postfix/transport.db'
+maybe chmod 0644 'postfix/transport.rpmnew'
 maybe chmod 0644 'postfix/virtual'
 maybe chgrp 'postfix' 'postfix/virtual.db'
 maybe chmod 0640 'postfix/virtual.db'
+maybe chmod 0644 'postfix/virtual.rpmnew'
 maybe chgrp 'postfix' 'postfix/virtual_regexp'
 maybe chmod 0640 'postfix/virtual_regexp'
 maybe chmod 0755 'ppp'
@@ -4286,6 +4308,7 @@ maybe chmod 0755 'pyzor'
 maybe chmod 0755 'qemu-ga'
 maybe chmod 0755 'qemu-ga/fsfreeze-hook'
 maybe chmod 0755 'qemu-ga/fsfreeze-hook.d'
+maybe chmod 0755 'qemu-kvm'
 maybe chmod 0755 'rc.d'
 maybe chmod 0755 'rc.d/init.d'
 maybe chmod 0644 'rc.d/init.d/README'
@@ -4303,6 +4326,14 @@ maybe chmod 0755 'rc.d/rc3.d'
 maybe chmod 0755 'rc.d/rc4.d'
 maybe chmod 0755 'rc.d/rc5.d'
 maybe chmod 0755 'rc.d/rc6.d'
+maybe chmod 0755 'rdma'
+maybe chmod 0644 'rdma/mlx4.conf'
+maybe chmod 0755 'rdma/modules'
+maybe chmod 0644 'rdma/modules/infiniband.conf'
+maybe chmod 0644 'rdma/modules/iwarp.conf'
+maybe chmod 0644 'rdma/modules/opa.conf'
+maybe chmod 0644 'rdma/modules/rdma.conf'
+maybe chmod 0644 'rdma/modules/roce.conf'
 maybe chmod 0644 'rearj.cfg'
 maybe chmod 0755 'redhat-lsb'
 maybe chmod 0755 'redhat-lsb/lsb_killproc'
@@ -4684,9 +4715,6 @@ maybe chmod 0644 'sysconfig/anaconda'
 maybe chmod 0644 'sysconfig/arpwatch'
 maybe chmod 0644 'sysconfig/atd'
 maybe chmod 0644 'sysconfig/authconfig'
-maybe chmod 0755 'sysconfig/cbq'
-maybe chmod 0644 'sysconfig/cbq/avpkt'
-maybe chmod 0644 'sysconfig/cbq/cbq-0000.example'
 maybe chmod 0644 'sysconfig/certbot'
 maybe chmod 0644 'sysconfig/chronyd'
 maybe chmod 0755 'sysconfig/console'
@@ -4811,9 +4839,8 @@ maybe chmod 0755 'systemd/system/vmtoolsd.service.requires'
 maybe chmod 0755 'systemd/user'
 maybe chmod 0644 'systemd/user.conf'
 maybe chmod 0755 'systemd/user/sockets.target.wants'
-maybe chown 'tss' 'tcsd.conf'
 maybe chgrp 'tss' 'tcsd.conf'
-maybe chmod 0600 'tcsd.conf'
+maybe chmod 0640 'tcsd.conf'
 maybe chmod 0755 'terminfo'
 maybe chmod 0755 'tmpfiles.d'
 maybe chmod 0644 'tmpfiles.d/clamav.conf'
@@ -4830,11 +4857,15 @@ maybe chmod 0755 'udev'
 maybe chmod 0444 'udev/hwdb.bin'
 maybe chmod 0755 'udev/hwdb.d'
 maybe chmod 0755 'udev/rules.d'
+maybe chmod 0644 'udev/rules.d/70-persistent-ipoib.rules'
 maybe chmod 0644 'udev/rules.d/70-snap.snapd.rules'
 maybe chmod 0644 'udev/rules.d/75-cd-aliases-generator.rules'
 maybe chmod 0644 'udev/rules.d/75-persistent-net-generator.rules'
 maybe chmod 0644 'udev/rules.d/90-bcrypt-device-permissions.rules'
 maybe chmod 0644 'udev/udev.conf'
+maybe chmod 0755 'unbound'
+maybe chmod 0644 'unbound/icannbundle.pem'
+maybe chmod 0644 'unbound/root.key'
 maybe chmod 0644 'updatedb.conf'
 maybe chmod 0644 'vconsole.conf'
 maybe chmod 0644 'vimrc'

alternatives/alt-java

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/alt-java
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/alt-java

alternatives/alt-java.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/alt-java-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
+/usr/share/man/man1/alt-java-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

alternatives/java

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/java
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/java

alternatives/java.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/java-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
+/usr/share/man/man1/java-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

alternatives/jjs

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/jjs
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/jjs

alternatives/jjs.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/jjs-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
+/usr/share/man/man1/jjs-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

alternatives/jre

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre

alternatives/jre_1.8.0

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre

alternatives/jre_1.8.0_openjdk

@@ -1 +1 @@
-/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64
+/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64

alternatives/jre_openjdk

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre

alternatives/keytool

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/keytool
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/keytool

alternatives/keytool.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/keytool-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
+/usr/share/man/man1/keytool-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

alternatives/orbd

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/orbd
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/orbd

alternatives/orbd.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/orbd-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
+/usr/share/man/man1/orbd-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

alternatives/pack200

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/pack200
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/pack200

alternatives/pack200.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/pack200-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
+/usr/share/man/man1/pack200-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

alternatives/policytool

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/policytool
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/policytool

alternatives/policytool.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/policytool-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
+/usr/share/man/man1/policytool-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

alternatives/rmid

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/rmid
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/rmid

alternatives/rmid.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/rmid-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
+/usr/share/man/man1/rmid-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

alternatives/rmiregistry

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/rmiregistry
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/rmiregistry

alternatives/rmiregistry.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/rmiregistry-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
+/usr/share/man/man1/rmiregistry-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

alternatives/servertool

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/servertool
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/servertool

alternatives/servertool.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/servertool-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
+/usr/share/man/man1/servertool-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

alternatives/tnameserv

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/tnameserv
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/tnameserv

alternatives/tnameserv.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/tnameserv-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
+/usr/share/man/man1/tnameserv-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

alternatives/unpack200

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/unpack200
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/unpack200

alternatives/unpack200.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/unpack200-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
+/usr/share/man/man1/unpack200-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

centos-release

@@ -1 +1 @@
-CentOS Linux release 8.3.2011
+CentOS Linux release 8.4.2105

centos-release-upstream

@@ -1 +1 @@
-Derived from Red Hat Enterprise Linux 8.3
+Derived from Red Hat Enterprise Linux 8.4

httpd/conf.d/ssl.conf

@@ -0,0 +1,203 @@
+#
+# When we also provide SSL we have to listen to the 
+# standard HTTPS port in addition.
+#
+Listen 443 https
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
+
+#   Inter-Process Session Cache:
+#   Configure the SSL Session Cache: First the mechanism 
+#   to use and second the expiring timeout (in seconds).
+SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
+SSLSessionCacheTimeout  300
+
+#
+# Use "SSLCryptoDevice" to enable any supported hardware
+# accelerators. Use "openssl engine -v" to list supported
+# engine names.  NOTE: If you enable an accelerator and the
+# server does not start, consult the error logs and ensure
+# your accelerator is functioning properly. 
+#
+SSLCryptoDevice builtin
+#SSLCryptoDevice ubsec
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:443>
+
+# General setup for the virtual host, inherited from global configuration
+#DocumentRoot "/var/www/html"
+#ServerName www.example.com:443
+
+# Use separate log files for the SSL virtual host; note that LogLevel
+# is not inherited from httpd.conf.
+ErrorLog logs/ssl_error_log
+TransferLog logs/ssl_access_log
+LogLevel warn
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+#   List the protocol versions which clients are allowed to connect with.
+#   The OpenSSL system profile is used by default.  See
+#   update-crypto-policies(8) for more details.
+#SSLProtocol all -SSLv3
+#SSLProxyProtocol all -SSLv3
+
+#   User agents such as web browsers are not configured for the user's
+#   own preference of either security or performance, therefore this
+#   must be the prerogative of the web server administrator who manages
+#   cpu load versus confidentiality, so enforce the server's cipher order.
+SSLHonorCipherOrder on
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate.
+#   See the mod_ssl documentation for a complete list.
+#   The OpenSSL system profile is configured by default.  See
+#   update-crypto-policies(8) for more details.
+SSLCipherSuite PROFILE=SYSTEM
+SSLProxyCipherSuite PROFILE=SYSTEM
+
+#   Point SSLCertificateFile at a PEM encoded certificate.  If
+#   the certificate is encrypted, then you will be prompted for a
+#   pass phrase.  Note that restarting httpd will prompt again.  Keep
+#   in mind that if you have both an RSA and a DSA certificate you
+#   can configure both in parallel (to also allow the use of DSA
+#   ciphers, etc.)
+#   Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
+#   require an ECC certificate which can also be configured in
+#   parallel.
+SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+
+#   Server Private Key:
+#   If the key is not combined with the certificate, use this
+#   directive to point at the key file.  Keep in mind that if
+#   you've both a RSA and a DSA private key you can configure
+#   both in parallel (to also allow the use of DSA ciphers, etc.)
+#   ECC keys, when in use, can also be configured in parallel
+SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+
+#   Server Certificate Chain:
+#   Point SSLCertificateChainFile at a file containing the
+#   concatenation of PEM encoded CA certificates which form the
+#   certificate chain for the server certificate. Alternatively
+#   the referenced file can be the same as SSLCertificateFile
+#   when the CA certificates are directly appended to the server
+#   certificate for convenience.
+#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
+
+#   Certificate Authority (CA):
+#   Set the CA certificate verification path where to find CA
+#   certificates for client authentication or alternatively one
+#   huge file containing all of them (file must be PEM encoded)
+#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+
+#   Client Authentication (Type):
+#   Client certificate verification type and depth.  Types are
+#   none, optional, require and optional_no_ca.  Depth is a
+#   number which specifies how deeply to verify the certificate
+#   issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth  10
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_ssl documentation
+#   for more details.
+#<Location />
+#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<FilesMatch "\.(cgi|shtml|phtml|php)$">
+    SSLOptions +StdEnvVars
+</FilesMatch>
+<Directory "/var/www/cgi-bin">
+    SSLOptions +StdEnvVars
+</Directory>
+
+#   SSL Protocol Adjustments:
+#   The safe and default but still SSL/TLS standard compliant shutdown
+#   approach is that mod_ssl sends the close notify alert but doesn't wait for
+#   the close notify alert from client. When you need a different shutdown
+#   approach you can use one of the following variables:
+#   o ssl-unclean-shutdown:
+#     This forces an unclean shutdown when the connection is closed, i.e. no
+#     SSL close notify alert is sent or allowed to be received.  This violates
+#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
+#     this when you receive I/O errors because of the standard approach where
+#     mod_ssl sends the close notify alert.
+#   o ssl-accurate-shutdown:
+#     This forces an accurate shutdown when the connection is closed, i.e. a
+#     SSL close notify alert is sent and mod_ssl waits for the close notify
+#     alert of the client. This is 100% SSL/TLS standard compliant, but in
+#     practice often causes hanging connections with brain-dead browsers. Use
+#     this only for browsers where you know that their SSL implementation
+#     works correctly. 
+#   Notice: Most problems of broken clients are also related to the HTTP
+#   keep-alive facility, so you usually additionally want to disable
+#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+#   "force-response-1.0" for this.
+BrowserMatch "MSIE [2-5]" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+CustomLog logs/ssl_request_log \
+          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>
+

httpd/conf.d/welcome.conf.rpmnew

@@ -7,24 +7,13 @@
 #
 <LocationMatch "^/+$">
     Options -Indexes
-    ErrorDocument 403 /noindex/index.html
+    ErrorDocument 403 /.noindex.html
 </LocationMatch>
 
 <Directory /usr/share/httpd/noindex>
-    Options MultiViews
-    DirectoryIndex index.html
-
-    AddLanguage en-US .en-US
-    AddLanguage es-ES .es-ES
-    AddLanguage zh-CN .zh-CN
-    AddLanguage zh-HK .zh-HK
-    AddLanguage zh-TW .zh-TW
-
-    LanguagePriority en
-    ForceLanguagePriority Fallback
-
     AllowOverride None
     Require all granted
 </Directory>
 
-Alias /noindex /usr/share/httpd/noindex
+Alias /.noindex.html /usr/share/httpd/noindex/index.html
+Alias /poweredby.png /usr/share/httpd/icons/apache_pb2.png

iproute2/rt_protos

@@ -14,7 +14,8 @@
 13	dnrouted
 14	xorp
 15	ntk
-16      dhcp
+16	dhcp
+18	keepalived
 42	babel
 186	bgp
 187	isis

libibverbs.d/bnxt_re.driver

@@ -0,0 +1 @@
+driver bnxt_re

libibverbs.d/cxgb4.driver

@@ -0,0 +1 @@
+driver cxgb4

libibverbs.d/efa.driver

@@ -0,0 +1 @@
+driver efa

libibverbs.d/hfi1verbs.driver

@@ -0,0 +1 @@
+driver hfi1verbs

libibverbs.d/hns.driver

@@ -0,0 +1 @@
+driver hns

libibverbs.d/i40iw.driver

@@ -0,0 +1 @@
+driver i40iw

libibverbs.d/mlx4.driver

@@ -0,0 +1 @@
+driver mlx4

libibverbs.d/mlx5.driver

@@ -0,0 +1 @@
+driver mlx5

libibverbs.d/qedr.driver

@@ -0,0 +1 @@
+driver qedr

libibverbs.d/rxe.driver

@@ -0,0 +1 @@
+driver rxe

libibverbs.d/siw.driver

@@ -0,0 +1 @@
+driver siw

libibverbs.d/vmw_pvrdma.driver

@@ -0,0 +1 @@
+driver vmw_pvrdma

logrotate.d/dnf

@@ -1,15 +1,7 @@
-/var/log/dnf.librepo.log {
-    missingok
-    notifempty
-    rotate 4
-    weekly
-    create 0600 root root
-}
-
 /var/log/hawkey.log {
     missingok
     notifempty
     rotate 4
     weekly
-    create 0600 root root
+    create
 }

logrotate.d/kvm_stat

@@ -0,0 +1,11 @@
+/var/log/kvm_stat.csv {
+	size 10M
+	missingok
+	compress
+	maxage 30
+	rotate 5
+	nodateext
+	postrotate
+		/usr/bin/systemctl try-restart kvm_stat.service
+	endscript
+}

mail/spamassassin/init.pre.rpmnew

@@ -19,10 +19,6 @@
 #
 loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
 
-# Hashcash - perform hashcash verification.
-#
-loadplugin Mail::SpamAssassin::Plugin::Hashcash
-
 # SPF - perform SPF verification.
 #
 loadplugin Mail::SpamAssassin::Plugin::SPF

mail/spamassassin/v342.pre

@@ -3,7 +3,7 @@
 # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
 # tweaked.
 #
-# This file was installed during the installation of SpamAssassin 3.4.1,
+# This file was installed during the installation of SpamAssassin 3.4.2,
 # and contains plugin loading commands for the new plugins added in that
 # release.  It will not be overwritten during future SpamAssassin installs,
 # so you can modify it to enable some disabled-by-default plugins below,
@@ -16,10 +16,9 @@
 # added to new files, named according to the release they're added in.
 ###########################################################################
 
-# HashBL - Use EBL email blocklist
+# HashBL - Query hashed/unhashed strings, emails, uris etc from DNS lists
 # loadplugin Mail::SpamAssassin::Plugin::HashBL
 
-
 # FromNameSpoof - help stop spam that tries to spoof other domains using 
 # the from name
 # loadplugin Mail::SpamAssassin::Plugin::FromNameSpoof
@@ -28,5 +27,3 @@
 # OpenPhish or PhishTank feeds.
 # loadplugin Mail::SpamAssassin::Plugin::Phishing
 
-# allow URI rules to look at DKIM headers if they exist
-parse_dkim_uris 1

mail/spamassassin/v343.pre

@@ -0,0 +1,25 @@
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# This file was installed during the installation of SpamAssassin 4.0.0,
+# and contains plugin loading commands for the new plugins added in that
+# release.  It will not be overwritten during future SpamAssassin installs,
+# so you can modify it to enable some disabled-by-default plugins below,
+# if you so wish.
+#
+# There are now multiple files read to enable plugins in the
+# /etc/mail/spamassassin directory; previously only one, "init.pre" was
+# read.  Now both "init.pre", "v310.pre", and any other files ending in
+# ".pre" will be read.  As future releases are made, new plugins will be
+# added to new files, named according to the release they're added in.
+###########################################################################
+
+# OLEVBMacro - Detects both OLE macros and VB code inside Office documents
+#
+# It tries to discern between safe and malicious code but due to the threat
+# macros present to security, many places block these type of documents outright.
+#
+# For this plugin to work, Archive::Zip and IO::String modules are required.
+# loadplugin Mail::SpamAssassin::Plugin::OLEVBMacro

modprobe.d/mlx4.conf

@@ -0,0 +1,21 @@
+# This file is intended for users to select the various module options
+# they need for the mlx4 driver.  On upgrade of the rdma package,
+# any user made changes to this file are preserved.  Any changes made
+# to the libmlx4.conf file in this directory are overwritten on
+# pacakge upgrade.
+#
+# Some sample options and what they would do
+# Enable debugging output, device managed flow control, and disable SRIOV
+#options mlx4_core debug_level=1 log_num_mgm_entry_size=-1 probe_vf=0 num_vfs=0
+#
+# Enable debugging output and create SRIOV devices, but don't attach any of
+# the child devices to the host, only the parent device
+#options mlx4_core debug_level=1 probe_vf=0 num_vfs=7
+#
+# Enable debugging output, SRIOV, and attach one of the SRIOV child devices
+# in addition to the parent device to the host
+#options mlx4_core debug_level=1 probe_vf=1 num_vfs=7
+#
+# Enable per priority flow control for send and receive, setting both priority
+# 1 and 2 as no drop priorities
+#options mlx4_en pfctx=3 pfcrx=3

modprobe.d/truescale.conf

@@ -0,0 +1 @@
+install ib_qib modprobe -i ib_qib $CMDLINE_OPTS && /usr/libexec/truescale-serdes.cmds start

postfix/access.rpmnew

@@ -0,0 +1,484 @@
+# ACCESS(5)                                                            ACCESS(5)
+# 
+# NAME
+#        access - Postfix SMTP server access table
+# 
+# SYNOPSIS
+#        postmap /etc/postfix/access
+# 
+#        postmap -q "string" /etc/postfix/access
+# 
+#        postmap -q - /etc/postfix/access <inputfile
+# 
+# DESCRIPTION
+#        This  document  describes  access  control  on remote SMTP
+#        client information: host  names,  network  addresses,  and
+#        envelope  sender or recipient addresses; it is implemented
+#        by the  Postfix  SMTP  server.   See  header_checks(5)  or
+#        body_checks(5)  for access control on the content of email
+#        messages.
+# 
+#        Normally, the access(5) table is specified as a text  file
+#        that  serves  as  input  to  the  postmap(1) command.  The
+#        result, an indexed file in dbm or db format, is  used  for
+#        fast  searching  by  the  mail system. Execute the command
+#        "postmap /etc/postfix/access" to rebuild an  indexed  file
+#        after changing the corresponding text file.
+# 
+#        When  the  table  is provided via other means such as NIS,
+#        LDAP or SQL, the same lookups are  done  as  for  ordinary
+#        indexed files.
+# 
+#        Alternatively,  the  table  can  be  provided  as  a regu-
+#        lar-expression map where patterns  are  given  as  regular
+#        expressions,  or  lookups  can  be  directed  to TCP-based
+#        server. In those cases, the lookups are done in a slightly
+#        different way as described below under "REGULAR EXPRESSION
+#        TABLES" or "TCP-BASED TABLES".
+# 
+# CASE FOLDING
+#        The search string is folded to lowercase  before  database
+#        lookup.  As  of Postfix 2.3, the search string is not case
+#        folded with database types such as regexp: or pcre:  whose
+#        lookup fields can match both upper and lower case.
+# 
+# TABLE FORMAT
+#        The input format for the postmap(1) command is as follows:
+# 
+#        pattern action
+#               When pattern matches a mail address, domain or host
+#               address, perform the corresponding action.
+# 
+#        blank lines and comments
+#               Empty  lines and whitespace-only lines are ignored,
+#               as are lines whose first  non-whitespace  character
+#               is a `#'.
+# 
+#        multi-line text
+#               A  logical  line starts with non-whitespace text. A
+#               line that starts with whitespace continues a  logi-
+#               cal line.
+# 
+# EMAIL ADDRESS PATTERNS
+#        With lookups from indexed files such as DB or DBM, or from
+#        networked tables such as NIS, LDAP or  SQL,  patterns  are
+#        tried in the order as listed below:
+# 
+#        user@domain
+#               Matches the specified mail address.
+# 
+#        domain.tld
+#               Matches  domain.tld  as the domain part of an email
+#               address.
+# 
+#               The pattern domain.tld also matches subdomains, but
+#               only when the string smtpd_access_maps is listed in
+#               the Postfix  parent_domain_matches_subdomains  con-
+#               figuration setting.
+# 
+#        .domain.tld
+#               Matches subdomains of domain.tld, but only when the
+#               string smtpd_access_maps is not listed in the Post-
+#               fix  parent_domain_matches_subdomains configuration
+#               setting.
+# 
+#        user@  Matches all mail addresses with the specified  user
+#               part.
+# 
+#        Note:  lookup  of  the null sender address is not possible
+#        with some types of lookup table. By default, Postfix  uses
+#        <>  as  the  lookup  key  for such addresses. The value is
+#        specified with the smtpd_null_access_lookup_key  parameter
+#        in the Postfix main.cf file.
+# 
+# EMAIL ADDRESS EXTENSION
+#        When a mail address localpart contains the optional recip-
+#        ient delimiter (e.g., user+foo@domain), the  lookup  order
+#        becomes:  user+foo@domain, user@domain, domain, user+foo@,
+#        and user@.
+# 
+# HOST NAME/ADDRESS PATTERNS
+#        With lookups from indexed files such as DB or DBM, or from
+#        networked  tables  such as NIS, LDAP or SQL, the following
+#        lookup patterns are examined in the order as listed:
+# 
+#        domain.tld
+#               Matches domain.tld.
+# 
+#               The pattern domain.tld also matches subdomains, but
+#               only when the string smtpd_access_maps is listed in
+#               the Postfix  parent_domain_matches_subdomains  con-
+#               figuration setting.
+# 
+#        .domain.tld
+#               Matches subdomains of domain.tld, but only when the
+#               string smtpd_access_maps is not listed in the Post-
+#               fix  parent_domain_matches_subdomains configuration
+#               setting.
+# 
+#        net.work.addr.ess
+# 
+#        net.work.addr
+# 
+#        net.work
+# 
+#        net    Matches a  remote  IPv4  host  address  or  network
+#               address  range.  Specify one to four decimal octets
+#               separated by ".". Do not specify "[]" , "/",  lead-
+#               ing zeros, or hexadecimal forms.
+# 
+#               Network ranges are matched by repeatedly truncating
+#               the last ".octet" from a remote IPv4  host  address
+#               string, until a match is found in the access table,
+#               or until further truncation is not possible.
+# 
+#               NOTE: use the cidr lookup  table  type  to  specify
+#               network/netmask  patterns.  See  cidr_table(5)  for
+#               details.
+# 
+#        net:work:addr:ess
+# 
+#        net:work:addr
+# 
+#        net:work
+# 
+#        net    Matches a  remote  IPv6  host  address  or  network
+#               address  range.  Specify three to eight hexadecimal
+#               octet pairs separated by ":", using the  compressed
+#               form  "::"  for  a  sequence  of  zero-valued octet
+#               pairs. Do not specify "[]", "/", leading zeros,  or
+#               non-compressed forms.
+# 
+#               A network range is matched by repeatedly truncating
+#               the  last  ":octetpair"  from  the  compressed-form
+#               remote  IPv6  host address string, until a match is
+#               found in the access table, or until further trunca-
+#               tion is not possible.
+# 
+#               NOTE:  use  the  cidr  lookup table type to specify
+#               network/netmask  patterns.  See  cidr_table(5)  for
+#               details.
+# 
+#               IPv6 support is available in Postfix 2.2 and later.
+# 
+# ACCEPT ACTIONS
+#        OK     Accept the address etc. that matches the pattern.
+# 
+#        all-numerical
+#               An all-numerical result is treated as OK. This for-
+#               mat  is generated by address-based relay authoriza-
+#               tion schemes such as pop-before-smtp.
+# 
+#        For other accept actions, see "OTHER ACTIONS" below.
+# 
+# REJECT ACTIONS
+#        Postfix version 2.3  and  later  support  enhanced  status
+#        codes  as  defined in RFC 3463.  When no code is specified
+#        at the beginning of the  text  below,  Postfix  inserts  a
+#        default  enhanced  status  code  of "5.7.1" in the case of
+#        reject actions, and "4.7.1" in the case of defer  actions.
+#        See "ENHANCED STATUS CODES" below.
+# 
+#        4NN text
+# 
+#        5NN text
+#               Reject  the  address etc. that matches the pattern,
+#               and respond with the numerical three-digit code and
+#               text.  4NN means "try again later", while 5NN means
+#               "do not try again".
+# 
+#               The following responses have  special  meaning  for
+#               the Postfix SMTP server:
+# 
+#               421 text (Postfix 2.3 and later)
+# 
+#               521 text (Postfix 2.6 and later)
+#                      After    responding   with   the   numerical
+#                      three-digit code and text, disconnect  imme-
+#                      diately from the SMTP client.  This frees up
+#                      SMTP server resources so that  they  can  be
+#                      made available to another SMTP client.
+# 
+#                      Note: The "521" response should be used only
+#                      with botnets and other malware where  inter-
+#                      operability is of no concern.  The "send 521
+#                      and disconnect" behavior is NOT  defined  in
+#                      the SMTP standard.
+# 
+#        REJECT optional text...
+#               Reject  the  address etc. that matches the pattern.
+#               Reply   with   "$access_map_reject_code    optional
+#               text..."  when the optional text is specified, oth-
+#               erwise reply with a generic error response message.
+# 
+#        DEFER optional text...
+#               Reject  the  address etc. that matches the pattern.
+#               Reply   with    "$access_map_defer_code    optional
+#               text..."  when the optional text is specified, oth-
+#               erwise reply with a generic error response message.
+# 
+#               This feature is available in Postfix 2.6 and later.
+# 
+#        DEFER_IF_REJECT optional text...
+#               Defer the request if some later  restriction  would
+#               result    in    a   REJECT   action.   Reply   with
+#               "$access_map_defer_code  4.7.1  optional   text..."
+#               when  the  optional  text  is  specified, otherwise
+#               reply with a generic error response message.
+# 
+#               Prior to Postfix 2.6, the SMTP reply code is 450.
+# 
+#               This feature is available in Postfix 2.1 and later.
+# 
+#        DEFER_IF_PERMIT optional text...
+#               Defer  the  request if some later restriction would
+#               result in a an explicit or implicit PERMIT  action.
+#               Reply  with "$access_map_defer_code 4.7.1  optional
+#               text..." when the optional text is specified,  oth-
+#               erwise reply with a generic error response message.
+# 
+#               Prior to Postfix 2.6, the SMTP reply code is 450.
+# 
+#               This feature is available in Postfix 2.1 and later.
+# 
+#        For other reject actions, see "OTHER ACTIONS" below.
+# 
+# OTHER ACTIONS
+#        restriction...
+#               Apply the named UCE restriction(s) (permit, reject,
+#               reject_unauth_destination, and so on).
+# 
+#        BCC user@domain
+#               Send one copy  of  the  message  to  the  specified
+#               recipient.
+# 
+#               If  multiple  BCC  actions are specified within the
+#               same SMTP MAIL transaction, with Postfix  3.0  only
+#               the last action will be used.
+# 
+#               This feature is available in Postfix 3.0 and later.
+# 
+#        DISCARD optional text...
+#               Claim successful delivery and silently discard  the
+#               message.   Log the optional text if specified, oth-
+#               erwise log a generic message.
+# 
+#               Note: this action currently affects all  recipients
+#               of  the  message.   To  discard  only one recipient
+#               without discarding  the  entire  message,  use  the
+#               transport(5) table to direct mail to the discard(8)
+#               service.
+# 
+#               This feature is available in Postfix 2.0 and later.
+# 
+#        DUNNO  Pretend  that  the  lookup  key was not found. This
+#               prevents Postfix  from  trying  substrings  of  the
+#               lookup  key (such as a subdomain name, or a network
+#               address subnetwork).
+# 
+#               This feature is available in Postfix 2.0 and later.
+# 
+#        FILTER transport:destination
+#               After  the  message is queued, send the entire mes-
+#               sage through the specified external content filter.
+#               The  transport  name specifies the first field of a
+#               mail delivery agent definition  in  master.cf;  the
+#               syntax  of the next-hop destination is described in
+#               the  manual  page  of  the  corresponding  delivery
+#               agent.   More  information  about  external content
+#               filters is in the Postfix FILTER_README file.
+# 
+#               Note 1: do not use $number regular expression  sub-
+#               stitutions  for transport or destination unless you
+#               know that the information has a trusted origin.
+# 
+#               Note 2: this  action  overrides  the  main.cf  con-
+#               tent_filter  setting, and affects all recipients of
+#               the message.  In  the  case  that  multiple  FILTER
+#               actions fire, only the last one is executed.
+# 
+#               Note  3:  the  purpose  of the FILTER command is to
+#               override message routing.  To override the  recipi-
+#               ent's  transport  but not the next-hop destination,
+#               specify an empty filter  destination  (Postfix  2.7
+#               and later), or specify a transport:destination that
+#               delivers  through  a  different  Postfix   instance
+#               (Postfix  2.6 and earlier). Other options are using
+#               the recipient-dependent transport_maps or the  sen-
+#               der-dependent   sender_dependent_default_transport-
+#               _maps features.
+# 
+#               This feature is available in Postfix 2.0 and later.
+# 
+#        HOLD optional text...
+#               Place  the message on the hold queue, where it will
+#               sit until someone either deletes it or releases  it
+#               for  delivery.  Log the optional text if specified,
+#               otherwise log a generic message.
+# 
+#               Mail that is placed on hold can  be  examined  with
+#               the  postcat(1)  command,  and  can be destroyed or
+#               released with the postsuper(1) command.
+# 
+#               Note: use "postsuper -r" to release mail  that  was
+#               kept  on  hold for a significant fraction of $maxi-
+#               mal_queue_lifetime  or  $bounce_queue_lifetime,  or
+#               longer.  Use "postsuper -H" only for mail that will
+#               not expire within a few delivery attempts.
+# 
+#               Note: this action currently affects all  recipients
+#               of the message.
+# 
+#               This feature is available in Postfix 2.0 and later.
+# 
+#        PREPEND headername: headervalue
+#               Prepend the specified message header  to  the  mes-
+#               sage.   When more than one PREPEND action executes,
+#               the first prepended header appears before the  sec-
+#               ond etc. prepended header.
+# 
+#               Note:  this  action must execute before the message
+#               content is received; it cannot execute in the  con-
+#               text of smtpd_end_of_data_restrictions.
+# 
+#               This feature is available in Postfix 2.1 and later.
+# 
+#        REDIRECT user@domain
+#               After the message is queued, send  the  message  to
+#               the  specified  address  instead  of  the  intended
+#               recipient(s).  When multiple REDIRECT actions fire,
+#               only the last one takes effect.
+# 
+#               Note:  this action overrides the FILTER action, and
+#               currently overrides all recipients of the  message.
+# 
+#               This feature is available in Postfix 2.1 and later.
+# 
+#        INFO optional text...
+#               Log an informational record with the optional text,
+#               together  with client information and if available,
+#               with helo, sender, recipient and protocol  informa-
+#               tion.
+# 
+#               This feature is available in Postfix 3.0 and later.
+# 
+#        WARN optional text...
+#               Log a warning with the optional text, together with
+#               client  information  and  if  available, with helo,
+#               sender, recipient and protocol information.
+# 
+#               This feature is available in Postfix 2.1 and later.
+# 
+# ENHANCED STATUS CODES
+#        Postfix  version  2.3  and  later  support enhanced status
+#        codes as defined in RFC 3463.   When  an  enhanced  status
+#        code  is  specified  in  an access table, it is subject to
+#        modification. The  following  transformations  are  needed
+#        when  the  same  access  table  is  used for client, helo,
+#        sender, or  recipient  access  restrictions;  they  happen
+#        regardless of whether Postfix replies to a MAIL FROM, RCPT
+#        TO or other SMTP command.
+# 
+#        o      When a sender address matches a REJECT action,  the
+#               Postfix  SMTP server will transform a recipient DSN
+#               status (e.g., 4.1.1-4.1.6) into  the  corresponding
+#               sender DSN status, and vice versa.
+# 
+#        o      When   non-address  information  matches  a  REJECT
+#               action (such as the HELO command  argument  or  the
+#               client  hostname/address),  the Postfix SMTP server
+#               will transform a sender  or  recipient  DSN  status
+#               into   a  generic  non-address  DSN  status  (e.g.,
+#               4.0.0).
+# 
+# REGULAR EXPRESSION TABLES
+#        This section describes how the table lookups  change  when
+#        the table is given in the form of regular expressions. For
+#        a description of regular expression lookup  table  syntax,
+#        see regexp_table(5) or pcre_table(5).
+# 
+#        Each  pattern  is  a regular expression that is applied to
+#        the entire string being looked up. Depending on the appli-
+#        cation,  that  string  is  an  entire  client hostname, an
+#        entire client IP address, or an entire mail address. Thus,
+#        no  parent  domain  or  parent  network  search  is  done,
+#        user@domain mail addresses are not broken  up  into  their
+#        user@ and domain constituent parts, nor is user+foo broken
+#        up into user and foo.
+# 
+#        Patterns are applied in the order as specified in the  ta-
+#        ble,  until  a  pattern  is  found that matches the search
+#        string.
+# 
+#        Actions are the same as with indexed  file  lookups,  with
+#        the  additional feature that parenthesized substrings from
+#        the pattern can be interpolated as $1, $2 and so on.
+# 
+# TCP-BASED TABLES
+#        This section describes how the table lookups  change  when
+#        lookups are directed to a TCP-based server. For a descrip-
+#        tion of the TCP client/server lookup protocol, see tcp_ta-
+#        ble(5).  This feature is not available up to and including
+#        Postfix version 2.4.
+# 
+#        Each lookup operation uses the entire query  string  once.
+#        Depending  on  the  application,  that string is an entire
+#        client hostname, an entire client IP address, or an entire
+#        mail  address.   Thus,  no parent domain or parent network
+#        search is done, user@domain mail addresses are not  broken
+#        up  into  their user@ and domain constituent parts, nor is
+#        user+foo broken up into user and foo.
+# 
+#        Actions are the same as with indexed file lookups.
+# 
+# EXAMPLE
+#        The following example uses an indexed file,  so  that  the
+#        order  of  table entries does not matter. The example per-
+#        mits access by the client at address 1.2.3.4  but  rejects
+#        all  other  clients  in 1.2.3.0/24. Instead of hash lookup
+#        tables, some systems use dbm.  Use the  command  "postconf
+#        -m"  to  find  out  what lookup tables Postfix supports on
+#        your system.
+# 
+#        /etc/postfix/main.cf:
+#            smtpd_client_restrictions =
+#                check_client_access hash:/etc/postfix/access
+# 
+#        /etc/postfix/access:
+#            1.2.3   REJECT
+#            1.2.3.4 OK
+# 
+#        Execute the command  "postmap  /etc/postfix/access"  after
+#        editing the file.
+# 
+# BUGS
+#        The  table format does not understand quoting conventions.
+# 
+# SEE ALSO
+#        postmap(1), Postfix lookup table manager
+#        smtpd(8), SMTP server
+#        postconf(5), configuration parameters
+#        transport(5), transport:nexthop syntax
+# 
+# README FILES
+#        Use "postconf readme_directory" or  "postconf  html_direc-
+#        tory" to locate this information.
+#        SMTPD_ACCESS_README, built-in SMTP server access control
+#        DATABASE_README, Postfix lookup table overview
+# 
+# LICENSE
+#        The  Secure  Mailer  license must be distributed with this
+#        software.
+# 
+# AUTHOR(S)
+#        Wietse Venema
+#        IBM T.J. Watson Research
+#        P.O. Box 704
+#        Yorktown Heights, NY 10598, USA
+# 
+#        Wietse Venema
+#        Google, Inc.
+#        111 8th Avenue
+#        New York, NY 10011, USA
+# 
+#                                                                      ACCESS(5)

postfix/canonical.rpmnew

@@ -0,0 +1,307 @@
+# CANONICAL(5)                                                      CANONICAL(5)
+# 
+# NAME
+#        canonical - Postfix canonical table format
+# 
+# SYNOPSIS
+#        postmap /etc/postfix/canonical
+# 
+#        postmap -q "string" /etc/postfix/canonical
+# 
+#        postmap -q - /etc/postfix/canonical <inputfile
+# 
+# DESCRIPTION
+#        The  optional canonical(5) table specifies an address map-
+#        ping for local and non-local  addresses.  The  mapping  is
+#        used  by the cleanup(8) daemon, before mail is stored into
+#        the queue.  The address mapping is recursive.
+# 
+#        Normally, the canonical(5) table is specified  as  a  text
+#        file  that serves as input to the postmap(1) command.  The
+#        result, an indexed file in dbm or db format, is  used  for
+#        fast  searching  by  the  mail system. Execute the command
+#        "postmap /etc/postfix/canonical"  to  rebuild  an  indexed
+#        file after changing the corresponding text file.
+# 
+#        When  the  table  is provided via other means such as NIS,
+#        LDAP or SQL, the same lookups are  done  as  for  ordinary
+#        indexed files.
+# 
+#        Alternatively,  the  table  can  be  provided  as  a regu-
+#        lar-expression map where patterns  are  given  as  regular
+#        expressions,  or  lookups  can  be  directed  to TCP-based
+#        server. In those cases, the lookups are done in a slightly
+#        different way as described below under "REGULAR EXPRESSION
+#        TABLES" or "TCP-BASED TABLES".
+# 
+#        By default the canonical(5) mapping affects  both  message
+#        header  addresses  (i.e. addresses that appear inside mes-
+#        sages) and message envelope addresses  (for  example,  the
+#        addresses  that  are used in SMTP protocol commands). This
+#        is controlled with the canonical_classes parameter.
+# 
+#        NOTE: Postfix versions 2.2 and later rewrite message head-
+#        ers  from  remote  SMTP clients only if the client matches
+#        the  local_header_rewrite_clients  parameter,  or  if  the
+#        remote_header_rewrite_domain configuration parameter spec-
+#        ifies a non-empty value. To get the behavior before  Post-
+#        fix    2.2,    specify   "local_header_rewrite_clients   =
+#        static:all".
+# 
+#        Typically, one would use the canonical(5) table to replace
+#        login   names   by  Firstname.Lastname,  or  to  clean  up
+#        addresses produced by legacy mail systems.
+# 
+#        The canonical(5) mapping is not to be confused  with  vir-
+#        tual  alias  support or with local aliasing. To change the
+#        destination but not the headers,  use  the  virtual(5)  or
+#        aliases(5) map instead.
+# 
+# CASE FOLDING
+#        The  search  string is folded to lowercase before database
+#        lookup. As of Postfix 2.3, the search string is  not  case
+#        folded  with database types such as regexp: or pcre: whose
+#        lookup fields can match both upper and lower case.
+# 
+# TABLE FORMAT
+#        The input format for the postmap(1) command is as follows:
+# 
+#        pattern address
+#               When  pattern matches a mail address, replace it by
+#               the corresponding address.
+# 
+#        blank lines and comments
+#               Empty lines and whitespace-only lines are  ignored,
+#               as  are  lines whose first non-whitespace character
+#               is a `#'.
+# 
+#        multi-line text
+#               A logical line starts with non-whitespace  text.  A
+#               line  that starts with whitespace continues a logi-
+#               cal line.
+# 
+# TABLE SEARCH ORDER
+#        With lookups from indexed files such as DB or DBM, or from
+#        networked   tables   such   as  NIS,  LDAP  or  SQL,  each
+#        user@domain query produces a sequence of query patterns as
+#        described below.
+# 
+#        Each  query pattern is sent to each specified lookup table
+#        before trying the next query pattern,  until  a  match  is
+#        found.
+# 
+#        user@domain address
+#               Replace  user@domain  by address. This form has the
+#               highest precedence.
+# 
+#               This is useful to clean up  addresses  produced  by
+#               legacy  mail  systems.  It can also be used to pro-
+#               duce Firstname.Lastname style  addresses,  but  see
+#               below for a simpler solution.
+# 
+#        user address
+#               Replace  user@site by address when site is equal to
+#               $myorigin, when site is listed  in  $mydestination,
+#               or   when  it  is  listed  in  $inet_interfaces  or
+#               $proxy_interfaces.
+# 
+#               This form is useful for replacing  login  names  by
+#               Firstname.Lastname.
+# 
+#        @domain address
+#               Replace other addresses in domain by address.  This
+#               form has the lowest precedence.
+# 
+#               Note: @domain is a wild-card.  When  this  form  is
+#               applied  to  recipient  addresses, the Postfix SMTP
+#               server accepts mail for any  recipient  in  domain,
+#               regardless  of whether that recipient exists.  This
+#               may  turn  your  mail  system  into  a  backscatter
+#               source: Postfix first accepts mail for non-existent
+#               recipients and then tries to return  that  mail  as
+#               "undeliverable" to the often forged sender address.
+# 
+#               To avoid backscatter  with  mail  for  a  wild-card
+#               domain, replace the wild-card mapping with explicit
+#               1:1 mappings, or add a  reject_unverified_recipient
+#               restriction for that domain:
+# 
+#                   smtpd_recipient_restrictions =
+#                       ...
+#                       reject_unauth_destination
+#                       check_recipient_access
+#                           inline:{example.com=reject_unverified_recipient}
+#                   unverified_recipient_reject_code = 550
+# 
+#               In  the above example, Postfix may contact a remote
+#               server if the recipient is rewritten  to  a  remote
+#               address.
+# 
+# RESULT ADDRESS REWRITING
+#        The lookup result is subject to address rewriting:
+# 
+#        o      When  the  result  has  the  form @otherdomain, the
+#               result becomes the same user in otherdomain.
+# 
+#        o      When "append_at_myorigin=yes", append  "@$myorigin"
+#               to addresses without "@domain".
+# 
+#        o      When "append_dot_mydomain=yes", append ".$mydomain"
+#               to addresses without ".domain".
+# 
+# ADDRESS EXTENSION
+#        When a mail address localpart contains the optional recip-
+#        ient  delimiter  (e.g., user+foo@domain), the lookup order
+#        becomes: user+foo@domain, user@domain, user+foo, user, and
+#        @domain.
+# 
+#        The   propagate_unmatched_extensions   parameter  controls
+#        whether an unmatched address extension  (+foo)  is  propa-
+#        gated to the result of table lookup.
+# 
+# REGULAR EXPRESSION TABLES
+#        This  section  describes how the table lookups change when
+#        the table is given in the form of regular expressions. For
+#        a  description  of regular expression lookup table syntax,
+#        see regexp_table(5) or pcre_table(5).
+# 
+#        Each pattern is a regular expression that  is  applied  to
+#        the entire address being looked up. Thus, user@domain mail
+#        addresses are not broken up into their  user  and  @domain
+#        constituent parts, nor is user+foo broken up into user and
+#        foo.
+# 
+#        Patterns are applied in the order as specified in the  ta-
+#        ble,  until  a  pattern  is  found that matches the search
+#        string.
+# 
+#        Results are the same as with indexed  file  lookups,  with
+#        the  additional feature that parenthesized substrings from
+#        the pattern can be interpolated as $1, $2 and so on.
+# 
+# TCP-BASED TABLES
+#        This section describes how the table lookups  change  when
+#        lookups are directed to a TCP-based server. For a descrip-
+#        tion of the TCP client/server lookup protocol, see tcp_ta-
+#        ble(5).  This feature is not available up to and including
+#        Postfix version 2.4.
+# 
+#        Each lookup operation uses the entire address once.  Thus,
+#        user@domain  mail  addresses  are not broken up into their
+#        user and @domain constituent parts, nor is user+foo broken
+#        up into user and foo.
+# 
+#        Results are the same as with indexed file lookups.
+# 
+# BUGS
+#        The  table format does not understand quoting conventions.
+# 
+# CONFIGURATION PARAMETERS
+#        The following main.cf parameters are especially  relevant.
+#        The  text  below  provides  only  a parameter summary. See
+#        postconf(5) for more details including examples.
+# 
+#        canonical_classes  (envelope_sender,   envelope_recipient,
+#        header_sender, header_recipient)
+#               What  addresses  are  subject   to   canonical_maps
+#               address mapping.
+# 
+#        canonical_maps (empty)
+#               Optional  address mapping lookup tables for message
+#               headers and envelopes.
+# 
+#        recipient_canonical_maps (empty)
+#               Optional address mapping lookup tables for envelope
+#               and header recipient addresses.
+# 
+#        sender_canonical_maps (empty)
+#               Optional address mapping lookup tables for envelope
+#               and header sender addresses.
+# 
+#        propagate_unmatched_extensions (canonical, virtual)
+#               What address lookup tables copy an  address  exten-
+#               sion from the lookup key to the lookup result.
+# 
+#        Other parameters of interest:
+# 
+#        inet_interfaces (all)
+#               The network interface addresses that this mail sys-
+#               tem receives mail on.
+# 
+#        local_header_rewrite_clients (permit_inet_interfaces)
+#               Rewrite message header addresses in mail from these
+#               clients  and  update  incomplete addresses with the
+#               domain name in $myorigin or $mydomain; either don't
+#               rewrite  message headers from other clients at all,
+#               or rewrite message headers  and  update  incomplete
+#               addresses   with   the   domain  specified  in  the
+#               remote_header_rewrite_domain parameter.
+# 
+#        proxy_interfaces (empty)
+#               The network interface addresses that this mail sys-
+#               tem  receives  mail on by way of a proxy or network
+#               address translation unit.
+# 
+#        masquerade_classes    (envelope_sender,     header_sender,
+#        header_recipient)
+#               What addresses are subject to address masquerading.
+# 
+#        masquerade_domains (empty)
+#               Optional  list of domains whose subdomain structure
+#               will be stripped off in email addresses.
+# 
+#        masquerade_exceptions (empty)
+#               Optional list of user names that are not  subjected
+#               to  address  masquerading,  even when their address
+#               matches $masquerade_domains.
+# 
+#        mydestination  ($myhostname,  localhost.$mydomain,  local-
+#        host)
+#               The list of domains  that  are  delivered  via  the
+#               $local_transport mail delivery transport.
+# 
+#        myorigin ($myhostname)
+#               The domain name that locally-posted mail appears to
+#               come from, and that locally posted mail  is  deliv-
+#               ered to.
+# 
+#        owner_request_special (yes)
+#               Enable special treatment for owner-listname entries
+#               in the aliases(5) file, and don't split owner-list-
+#               name  and  listname-request address localparts when
+#               the recipient_delimiter is set to "-".
+# 
+#        remote_header_rewrite_domain (empty)
+#               Don't rewrite message headers from  remote  clients
+#               at all when this parameter is empty; otherwise, re-
+#               write message  headers  and  append  the  specified
+#               domain name to incomplete addresses.
+# 
+# SEE ALSO
+#        cleanup(8), canonicalize and enqueue mail
+#        postmap(1), Postfix lookup table manager
+#        postconf(5), configuration parameters
+#        virtual(5), virtual aliasing
+# 
+# README FILES
+#        Use  "postconf  readme_directory" or "postconf html_direc-
+#        tory" to locate this information.
+#        DATABASE_README, Postfix lookup table overview
+#        ADDRESS_REWRITING_README, address rewriting guide
+# 
+# LICENSE
+#        The Secure Mailer license must be  distributed  with  this
+#        software.
+# 
+# AUTHOR(S)
+#        Wietse Venema
+#        IBM T.J. Watson Research
+#        P.O. Box 704
+#        Yorktown Heights, NY 10598, USA
+# 
+#        Wietse Venema
+#        Google, Inc.
+#        111 8th Avenue
+#        New York, NY 10011, USA
+# 
+#                                                                   CANONICAL(5)

postfix/main.cf

@@ -440,10 +440,12 @@ data_directory = /var/lib/postfix
 #shlib_directory = no
 #smtputf8_enable = yes
 postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
-readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
+readme_directory = /usr/share/doc/postfix/README_FILES
-sample_directory = /usr/share/doc/postfix-2.10.1/samples
+sample_directory = /usr/share/doc/postfix/samples
 newaliases_path = /usr/bin/newaliases
 smtp_tls_loglevel = 1
 
 compatibility_level = 2
 smtputf8_enable = no
+meta_directory = /etc/postfix
+shlib_directory = /usr/lib64/postfix

postfix/main.cf.proto

@@ -253,7 +253,7 @@ unknown_local_recipient_reject_code = 550
 #
 # By default (mynetworks_style = subnet), Postfix "trusts" SMTP
 # clients in the same IP subnetworks as the local machine.
-# On Linux, this does works correctly only with interfaces specified
+# On Linux, this works correctly only with interfaces specified
 # with the "ifconfig" command.
 # 
 # Specify "mynetworks_style = class" when Postfix should "trust" SMTP

postfix/main.cf.rpmnew

@@ -0,0 +1,738 @@
+# Global Postfix configuration file. This file lists only a subset
+# of all parameters. For the syntax, and for a complete parameter
+# list, see the postconf(5) manual page (command: "man 5 postconf").
+#
+# For common configuration examples, see BASIC_CONFIGURATION_README
+# and STANDARD_CONFIGURATION_README. To find these documents, use
+# the command "postconf html_directory readme_directory", or go to
+# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
+#
+# For best results, change no more than 2-3 parameters at a time,
+# and test if Postfix still works after every change.
+
+# COMPATIBILITY
+#
+# The compatibility_level determines what default settings Postfix
+# will use for main.cf and master.cf settings. These defaults will
+# change over time.
+#
+# To avoid breaking things, Postfix will use backwards-compatible
+# default settings and log where it uses those old backwards-compatible
+# default settings, until the system administrator has determined
+# if any backwards-compatible default settings need to be made
+# permanent in main.cf or master.cf.
+#
+# When this review is complete, update the compatibility_level setting
+# below as recommended in the RELEASE_NOTES file.
+#
+# The level below is what should be used with new (not upgrade) installs.
+#
+compatibility_level = 2
+
+# SOFT BOUNCE
+#
+# The soft_bounce parameter provides a limited safety net for
+# testing.  When soft_bounce is enabled, mail will remain queued that
+# would otherwise bounce. This parameter disables locally-generated
+# bounces, and prevents the SMTP server from rejecting mail permanently
+# (by changing 5xx replies into 4xx replies). However, soft_bounce
+# is no cure for address rewriting mistakes or mail routing mistakes.
+#
+#soft_bounce = no
+
+# LOCAL PATHNAME INFORMATION
+#
+# The queue_directory specifies the location of the Postfix queue.
+# This is also the root directory of Postfix daemons that run chrooted.
+# See the files in examples/chroot-setup for setting up Postfix chroot
+# environments on different UNIX systems.
+#
+queue_directory = /var/spool/postfix
+
+# The command_directory parameter specifies the location of all
+# postXXX commands.
+#
+command_directory = /usr/sbin
+
+# The daemon_directory parameter specifies the location of all Postfix
+# daemon programs (i.e. programs listed in the master.cf file). This
+# directory must be owned by root.
+#
+daemon_directory = /usr/libexec/postfix
+
+# The data_directory parameter specifies the location of Postfix-writable
+# data files (caches, random numbers). This directory must be owned
+# by the mail_owner account (see below).
+#
+data_directory = /var/lib/postfix
+
+# QUEUE AND PROCESS OWNERSHIP
+#
+# The mail_owner parameter specifies the owner of the Postfix queue
+# and of most Postfix daemon processes.  Specify the name of a user
+# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
+# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.  In
+# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
+# USER.
+#
+mail_owner = postfix
+
+# The default_privs parameter specifies the default rights used by
+# the local delivery agent for delivery to external file or command.
+# These rights are used in the absence of a recipient user context.
+# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
+#
+#default_privs = nobody
+
+# INTERNET HOST AND DOMAIN NAMES
+# 
+# The myhostname parameter specifies the internet hostname of this
+# mail system. The default is to use the fully-qualified domain name
+# from gethostname(). $myhostname is used as a default value for many
+# other configuration parameters.
+#
+#myhostname = host.domain.tld
+#myhostname = virtual.domain.tld
+
+# The mydomain parameter specifies the local internet domain name.
+# The default is to use $myhostname minus the first component.
+# $mydomain is used as a default value for many other configuration
+# parameters.
+#
+#mydomain = domain.tld
+
+# SENDING MAIL
+# 
+# The myorigin parameter specifies the domain that locally-posted
+# mail appears to come from. The default is to append $myhostname,
+# which is fine for small sites.  If you run a domain with multiple
+# machines, you should (1) change this to $mydomain and (2) set up
+# a domain-wide alias database that aliases each user to
+# user@that.users.mailhost.
+#
+# For the sake of consistency between sender and recipient addresses,
+# myorigin also specifies the default domain name that is appended
+# to recipient addresses that have no @domain part.
+#
+#myorigin = $myhostname
+#myorigin = $mydomain
+
+# RECEIVING MAIL
+
+# The inet_interfaces parameter specifies the network interface
+# addresses that this mail system receives mail on.  By default,
+# the software claims all active interfaces on the machine. The
+# parameter also controls delivery of mail to user@[ip.address].
+#
+# See also the proxy_interfaces parameter, for network addresses that
+# are forwarded to us via a proxy or network address translator.
+#
+# Note: you need to stop/start Postfix when this parameter changes.
+#
+#inet_interfaces = all
+#inet_interfaces = $myhostname
+#inet_interfaces = $myhostname, localhost
+inet_interfaces = localhost
+
+# Enable IPv4, and IPv6 if supported
+inet_protocols = all
+
+# The proxy_interfaces parameter specifies the network interface
+# addresses that this mail system receives mail on by way of a
+# proxy or network address translation unit. This setting extends
+# the address list specified with the inet_interfaces parameter.
+#
+# You must specify your proxy/NAT addresses when your system is a
+# backup MX host for other domains, otherwise mail delivery loops
+# will happen when the primary MX host is down.
+#
+#proxy_interfaces =
+#proxy_interfaces = 1.2.3.4
+
+# The mydestination parameter specifies the list of domains that this
+# machine considers itself the final destination for.
+#
+# These domains are routed to the delivery agent specified with the
+# local_transport parameter setting. By default, that is the UNIX
+# compatible delivery agent that lookups all recipients in /etc/passwd
+# and /etc/aliases or their equivalent.
+#
+# The default is $myhostname + localhost.$mydomain + localhost.  On
+# a mail domain gateway, you should also include $mydomain.
+#
+# Do not specify the names of virtual domains - those domains are
+# specified elsewhere (see VIRTUAL_README).
+#
+# Do not specify the names of domains that this machine is backup MX
+# host for. Specify those names via the relay_domains settings for
+# the SMTP server, or use permit_mx_backup if you are lazy (see
+# STANDARD_CONFIGURATION_README).
+#
+# The local machine is always the final destination for mail addressed
+# to user@[the.net.work.address] of an interface that the mail system
+# receives mail on (see the inet_interfaces parameter).
+#
+# Specify a list of host or domain names, /file/name or type:table
+# patterns, separated by commas and/or whitespace. A /file/name
+# pattern is replaced by its contents; a type:table is matched when
+# a name matches a lookup key (the right-hand side is ignored).
+# Continue long lines by starting the next line with whitespace.
+#
+# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
+#
+mydestination = $myhostname, localhost.$mydomain, localhost
+#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
+#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
+#	mail.$mydomain, www.$mydomain, ftp.$mydomain
+
+# REJECTING MAIL FOR UNKNOWN LOCAL USERS
+#
+# The local_recipient_maps parameter specifies optional lookup tables
+# with all names or addresses of users that are local with respect
+# to $mydestination, $inet_interfaces or $proxy_interfaces.
+#
+# If this parameter is defined, then the SMTP server will reject
+# mail for unknown local users. This parameter is defined by default.
+#
+# To turn off local recipient checking in the SMTP server, specify
+# local_recipient_maps = (i.e. empty).
+#
+# The default setting assumes that you use the default Postfix local
+# delivery agent for local delivery. You need to update the
+# local_recipient_maps setting if:
+#
+# - You define $mydestination domain recipients in files other than
+#   /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
+#   For example, you define $mydestination domain recipients in    
+#   the $virtual_mailbox_maps files.
+#
+# - You redefine the local delivery agent in master.cf.
+#
+# - You redefine the "local_transport" setting in main.cf.
+#
+# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
+#   feature of the Postfix local delivery agent (see local(8)).
+#
+# Details are described in the LOCAL_RECIPIENT_README file.
+#
+# Beware: if the Postfix SMTP server runs chrooted, you probably have
+# to access the passwd file via the proxymap service, in order to
+# overcome chroot restrictions. The alternative, having a copy of
+# the system passwd file in the chroot jail is just not practical.
+#
+# The right-hand side of the lookup tables is conveniently ignored.
+# In the left-hand side, specify a bare username, an @domain.tld
+# wild-card, or specify a user@domain.tld address.
+# 
+#local_recipient_maps = unix:passwd.byname $alias_maps
+#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
+#local_recipient_maps =
+
+# The unknown_local_recipient_reject_code specifies the SMTP server
+# response code when a recipient domain matches $mydestination or
+# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
+# and the recipient address or address local-part is not found.
+#
+# The default setting is 550 (reject mail) but it is safer to start
+# with 450 (try again later) until you are certain that your
+# local_recipient_maps settings are OK.
+#
+unknown_local_recipient_reject_code = 550
+
+# TRUST AND RELAY CONTROL
+
+# The mynetworks parameter specifies the list of "trusted" SMTP
+# clients that have more privileges than "strangers".
+#
+# In particular, "trusted" SMTP clients are allowed to relay mail
+# through Postfix.  See the smtpd_recipient_restrictions parameter
+# in postconf(5).
+#
+# You can specify the list of "trusted" network addresses by hand
+# or you can let Postfix do it for you (which is the default).
+#
+# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
+# clients in the same IP subnetworks as the local machine.
+# On Linux, this works correctly only with interfaces specified
+# with the "ifconfig" command.
+# 
+# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
+# clients in the same IP class A/B/C networks as the local machine.
+# Don't do this with a dialup site - it would cause Postfix to "trust"
+# your entire provider's network.  Instead, specify an explicit
+# mynetworks list by hand, as described below.
+#  
+# Specify "mynetworks_style = host" when Postfix should "trust"
+# only the local machine.
+# 
+#mynetworks_style = class
+#mynetworks_style = subnet
+#mynetworks_style = host
+
+# Alternatively, you can specify the mynetworks list by hand, in
+# which case Postfix ignores the mynetworks_style setting.
+#
+# Specify an explicit list of network/netmask patterns, where the
+# mask specifies the number of bits in the network part of a host
+# address.
+#
+# You can also specify the absolute pathname of a pattern file instead
+# of listing the patterns here. Specify type:table for table-based lookups
+# (the value on the table right-hand side is not used).
+#
+#mynetworks = 168.100.189.0/28, 127.0.0.0/8
+#mynetworks = $config_directory/mynetworks
+#mynetworks = hash:/etc/postfix/network_table
+
+# The relay_domains parameter restricts what destinations this system will
+# relay mail to.  See the smtpd_recipient_restrictions description in
+# postconf(5) for detailed information.
+#
+# By default, Postfix relays mail
+# - from "trusted" clients (IP address matches $mynetworks) to any destination,
+# - from "untrusted" clients to destinations that match $relay_domains or
+#   subdomains thereof, except addresses with sender-specified routing.
+# The default relay_domains value is $mydestination.
+# 
+# In addition to the above, the Postfix SMTP server by default accepts mail
+# that Postfix is final destination for:
+# - destinations that match $inet_interfaces or $proxy_interfaces,
+# - destinations that match $mydestination
+# - destinations that match $virtual_alias_domains,
+# - destinations that match $virtual_mailbox_domains.
+# These destinations do not need to be listed in $relay_domains.
+# 
+# Specify a list of hosts or domains, /file/name patterns or type:name
+# lookup tables, separated by commas and/or whitespace.  Continue
+# long lines by starting the next line with whitespace. A file name
+# is replaced by its contents; a type:name table is matched when a
+# (parent) domain appears as lookup key.
+#
+# NOTE: Postfix will not automatically forward mail for domains that
+# list this system as their primary or backup MX host. See the
+# permit_mx_backup restriction description in postconf(5).
+#
+#relay_domains = $mydestination
+
+# INTERNET OR INTRANET
+
+# The relayhost parameter specifies the default host to send mail to
+# when no entry is matched in the optional transport(5) table. When
+# no relayhost is given, mail is routed directly to the destination.
+#
+# On an intranet, specify the organizational domain name. If your
+# internal DNS uses no MX records, specify the name of the intranet
+# gateway host instead.
+#
+# In the case of SMTP, specify a domain, host, host:port, [host]:port,
+# [address] or [address]:port; the form [host] turns off MX lookups.
+#
+# If you're connected via UUCP, see also the default_transport parameter.
+#
+#relayhost = $mydomain
+#relayhost = [gateway.my.domain]
+#relayhost = [mailserver.isp.tld]
+#relayhost = uucphost
+#relayhost = [an.ip.add.ress]
+
+# REJECTING UNKNOWN RELAY USERS
+#
+# The relay_recipient_maps parameter specifies optional lookup tables
+# with all addresses in the domains that match $relay_domains.
+#
+# If this parameter is defined, then the SMTP server will reject
+# mail for unknown relay users. This feature is off by default.
+#
+# The right-hand side of the lookup tables is conveniently ignored.
+# In the left-hand side, specify an @domain.tld wild-card, or specify
+# a user@domain.tld address.
+# 
+#relay_recipient_maps = hash:/etc/postfix/relay_recipients
+
+# INPUT RATE CONTROL
+#
+# The in_flow_delay configuration parameter implements mail input
+# flow control. This feature is turned on by default, although it
+# still needs further development (it's disabled on SCO UNIX due
+# to an SCO bug).
+# 
+# A Postfix process will pause for $in_flow_delay seconds before
+# accepting a new message, when the message arrival rate exceeds the
+# message delivery rate. With the default 100 SMTP server process
+# limit, this limits the mail inflow to 100 messages a second more
+# than the number of messages delivered per second.
+# 
+# Specify 0 to disable the feature. Valid delays are 0..10.
+# 
+#in_flow_delay = 1s
+
+# ADDRESS REWRITING
+#
+# The ADDRESS_REWRITING_README document gives information about
+# address masquerading or other forms of address rewriting including
+# username->Firstname.Lastname mapping.
+
+# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
+#
+# The VIRTUAL_README document gives information about the many forms
+# of domain hosting that Postfix supports.
+
+# "USER HAS MOVED" BOUNCE MESSAGES
+#
+# See the discussion in the ADDRESS_REWRITING_README document.
+
+# TRANSPORT MAP
+#
+# See the discussion in the ADDRESS_REWRITING_README document.
+
+# ALIAS DATABASE
+#
+# The alias_maps parameter specifies the list of alias databases used
+# by the local delivery agent. The default list is system dependent.
+#
+# On systems with NIS, the default is to search the local alias
+# database, then the NIS alias database. See aliases(5) for syntax
+# details.
+# 
+# If you change the alias database, run "postalias /etc/aliases" (or
+# wherever your system stores the mail alias file), or simply run
+# "newaliases" to build the necessary DBM or DB file.
+#
+# It will take a minute or so before changes become visible.  Use
+# "postfix reload" to eliminate the delay.
+#
+#alias_maps = dbm:/etc/aliases
+alias_maps = hash:/etc/aliases
+#alias_maps = hash:/etc/aliases, nis:mail.aliases
+#alias_maps = netinfo:/aliases
+
+# The alias_database parameter specifies the alias database(s) that
+# are built with "newaliases" or "sendmail -bi".  This is a separate
+# configuration parameter, because alias_maps (see above) may specify
+# tables that are not necessarily all under control by Postfix.
+#
+#alias_database = dbm:/etc/aliases
+#alias_database = dbm:/etc/mail/aliases
+alias_database = hash:/etc/aliases
+#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
+
+# ADDRESS EXTENSIONS (e.g., user+foo)
+#
+# The recipient_delimiter parameter specifies the separator between
+# user names and address extensions (user+foo). See canonical(5),
+# local(8), relocated(5) and virtual(5) for the effects this has on
+# aliases, canonical, virtual, relocated and .forward file lookups.
+# Basically, the software tries user+foo and .forward+foo before
+# trying user and .forward.
+#
+#recipient_delimiter = +
+
+# DELIVERY TO MAILBOX
+#
+# The home_mailbox parameter specifies the optional pathname of a
+# mailbox file relative to a user's home directory. The default
+# mailbox file is /var/spool/mail/user or /var/mail/user.  Specify
+# "Maildir/" for qmail-style delivery (the / is required).
+#
+#home_mailbox = Mailbox
+#home_mailbox = Maildir/
+ 
+# The mail_spool_directory parameter specifies the directory where
+# UNIX-style mailboxes are kept. The default setting depends on the
+# system type.
+#
+#mail_spool_directory = /var/mail
+#mail_spool_directory = /var/spool/mail
+
+# The mailbox_command parameter specifies the optional external
+# command to use instead of mailbox delivery. The command is run as
+# the recipient with proper HOME, SHELL and LOGNAME environment settings.
+# Exception:  delivery for root is done as $default_user.
+#
+# Other environment variables of interest: USER (recipient username),
+# EXTENSION (address extension), DOMAIN (domain part of address),
+# and LOCAL (the address localpart).
+#
+# Unlike other Postfix configuration parameters, the mailbox_command
+# parameter is not subjected to $parameter substitutions. This is to
+# make it easier to specify shell syntax (see example below).
+#
+# Avoid shell meta characters because they will force Postfix to run
+# an expensive shell process. Procmail alone is expensive enough.
+#
+# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
+# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
+#
+#mailbox_command = /some/where/procmail
+#mailbox_command = /some/where/procmail -a "$EXTENSION"
+
+# The mailbox_transport specifies the optional transport in master.cf
+# to use after processing aliases and .forward files. This parameter
+# has precedence over the mailbox_command, fallback_transport and
+# luser_relay parameters.
+#
+# Specify a string of the form transport:nexthop, where transport is
+# the name of a mail delivery transport defined in master.cf.  The
+# :nexthop part is optional. For more details see the sample transport
+# configuration file.
+#
+# NOTE: if you use this feature for accounts not in the UNIX password
+# file, then you must update the "local_recipient_maps" setting in
+# the main.cf file, otherwise the SMTP server will reject mail for    
+# non-UNIX accounts with "User unknown in local recipient table".
+#
+# Cyrus IMAP over LMTP. Specify ``lmtpunix      cmd="lmtpd"
+# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
+#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
+
+# If using the cyrus-imapd IMAP server deliver local mail to the IMAP
+# server using LMTP (Local Mail Transport Protocol), this is prefered
+# over the older cyrus deliver program by setting the
+# mailbox_transport as below:
+#
+# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
+#
+# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via
+# these settings.
+#
+# local_destination_recipient_limit = 300
+# local_destination_concurrency_limit = 5
+#
+# Of course you should adjust these settings as appropriate for the
+# capacity of the hardware you are using. The recipient limit setting
+# can be used to take advantage of the single instance message store
+# capability of Cyrus. The concurrency limit can be used to control
+# how many simultaneous LMTP sessions will be permitted to the Cyrus
+# message store.
+#
+# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
+# subsequent line in master.cf.
+#mailbox_transport = cyrus
+
+# The fallback_transport specifies the optional transport in master.cf
+# to use for recipients that are not found in the UNIX passwd database.
+# This parameter has precedence over the luser_relay parameter.
+#
+# Specify a string of the form transport:nexthop, where transport is
+# the name of a mail delivery transport defined in master.cf.  The
+# :nexthop part is optional. For more details see the sample transport
+# configuration file.
+#
+# NOTE: if you use this feature for accounts not in the UNIX password
+# file, then you must update the "local_recipient_maps" setting in
+# the main.cf file, otherwise the SMTP server will reject mail for    
+# non-UNIX accounts with "User unknown in local recipient table".
+#
+#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
+#fallback_transport =
+
+# The luser_relay parameter specifies an optional destination address
+# for unknown recipients.  By default, mail for unknown@$mydestination,
+# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
+# as undeliverable.
+#
+# The following expansions are done on luser_relay: $user (recipient
+# username), $shell (recipient shell), $home (recipient home directory),
+# $recipient (full recipient address), $extension (recipient address
+# extension), $domain (recipient domain), $local (entire recipient
+# localpart), $recipient_delimiter. Specify ${name?value} or
+# ${name:value} to expand value only when $name does (does not) exist.
+#
+# luser_relay works only for the default Postfix local delivery agent.
+#
+# NOTE: if you use this feature for accounts not in the UNIX password
+# file, then you must specify "local_recipient_maps =" (i.e. empty) in
+# the main.cf file, otherwise the SMTP server will reject mail for    
+# non-UNIX accounts with "User unknown in local recipient table".
+#
+#luser_relay = $user@other.host
+#luser_relay = $local@other.host
+#luser_relay = admin+$local
+  
+# JUNK MAIL CONTROLS
+# 
+# The controls listed here are only a very small subset. The file
+# SMTPD_ACCESS_README provides an overview.
+
+# The header_checks parameter specifies an optional table with patterns
+# that each logical message header is matched against, including
+# headers that span multiple physical lines.
+#
+# By default, these patterns also apply to MIME headers and to the
+# headers of attached messages. With older Postfix versions, MIME and
+# attached message headers were treated as body text.
+#
+# For details, see "man header_checks".
+#
+#header_checks = regexp:/etc/postfix/header_checks
+
+# FAST ETRN SERVICE
+#
+# Postfix maintains per-destination logfiles with information about
+# deferred mail, so that mail can be flushed quickly with the SMTP
+# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
+# See the ETRN_README document for a detailed description.
+# 
+# The fast_flush_domains parameter controls what destinations are
+# eligible for this service. By default, they are all domains that
+# this server is willing to relay mail to.
+# 
+#fast_flush_domains = $relay_domains
+
+# SHOW SOFTWARE VERSION OR NOT
+#
+# The smtpd_banner parameter specifies the text that follows the 220
+# code in the SMTP server's greeting banner. Some people like to see
+# the mail version advertised. By default, Postfix shows no version.
+#
+# You MUST specify $myhostname at the start of the text. That is an
+# RFC requirement. Postfix itself does not care.
+#
+#smtpd_banner = $myhostname ESMTP $mail_name
+#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
+
+# PARALLEL DELIVERY TO THE SAME DESTINATION
+#
+# How many parallel deliveries to the same user or domain? With local
+# delivery, it does not make sense to do massively parallel delivery
+# to the same user, because mailbox updates must happen sequentially,
+# and expensive pipelines in .forward files can cause disasters when
+# too many are run at the same time. With SMTP deliveries, 10
+# simultaneous connections to the same domain could be sufficient to
+# raise eyebrows.
+# 
+# Each message delivery transport has its XXX_destination_concurrency_limit
+# parameter.  The default is $default_destination_concurrency_limit for
+# most delivery transports. For the local delivery agent the default is 2.
+
+#local_destination_concurrency_limit = 2
+#default_destination_concurrency_limit = 20
+
+# DEBUGGING CONTROL
+#
+# The debug_peer_level parameter specifies the increment in verbose
+# logging level when an SMTP client or server host name or address
+# matches a pattern in the debug_peer_list parameter.
+#
+debug_peer_level = 2
+
+# The debug_peer_list parameter specifies an optional list of domain
+# or network patterns, /file/name patterns or type:name tables. When
+# an SMTP client or server host name or address matches a pattern,
+# increase the verbose logging level by the amount specified in the
+# debug_peer_level parameter.
+#
+#debug_peer_list = 127.0.0.1
+#debug_peer_list = some.domain
+
+# The debugger_command specifies the external command that is executed
+# when a Postfix daemon program is run with the -D option.
+#
+# Use "command .. & sleep 5" so that the debugger can attach before
+# the process marches on. If you use an X-based debugger, be sure to
+# set up your XAUTHORITY environment variable before starting Postfix.
+#
+debugger_command =
+	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+	 ddd $daemon_directory/$process_name $process_id & sleep 5
+
+# If you can't use X, use this to capture the call stack when a
+# daemon crashes. The result is in a file in the configuration
+# directory, and is named after the process name and the process ID.
+#
+# debugger_command =
+#	PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
+#	echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
+#	>$config_directory/$process_name.$process_id.log & sleep 5
+#
+# Another possibility is to run gdb under a detached screen session.
+# To attach to the screen session, su root and run "screen -r
+# <id_string>" where <id_string> uniquely matches one of the detached
+# sessions (from "screen -list").
+#
+# debugger_command =
+#	PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
+#	-dmS $process_name gdb $daemon_directory/$process_name
+#	$process_id & sleep 1
+
+# INSTALL-TIME CONFIGURATION INFORMATION
+#
+# The following parameters are used when installing a new Postfix version.
+# 
+# sendmail_path: The full pathname of the Postfix sendmail command.
+# This is the Sendmail-compatible mail posting interface.
+# 
+sendmail_path = /usr/sbin/sendmail.postfix
+
+# newaliases_path: The full pathname of the Postfix newaliases command.
+# This is the Sendmail-compatible command to build alias databases.
+#
+newaliases_path = /usr/bin/newaliases.postfix
+
+# mailq_path: The full pathname of the Postfix mailq command.  This
+# is the Sendmail-compatible mail queue listing command.
+# 
+mailq_path = /usr/bin/mailq.postfix
+
+# setgid_group: The group for mail submission and queue management
+# commands.  This must be a group name with a numerical group ID that
+# is not shared with other accounts, not even with the Postfix account.
+#
+setgid_group = postdrop
+
+# html_directory: The location of the Postfix HTML documentation.
+#
+html_directory = no
+
+# manpage_directory: The location of the Postfix on-line manual pages.
+#
+manpage_directory = /usr/share/man
+
+# sample_directory: The location of the Postfix sample configuration files.
+# This parameter is obsolete as of Postfix 2.1.
+#
+sample_directory = /usr/share/doc/postfix/samples
+
+# readme_directory: The location of the Postfix README files.
+#
+readme_directory = /usr/share/doc/postfix/README_FILES
+
+# TLS CONFIGURATION
+#
+# Basic Postfix TLS configuration by default with self-signed certificate
+# for inbound SMTP and also opportunistic TLS for outbound SMTP.
+
+# The full pathname of a file with the Postfix SMTP server RSA certificate
+# in PEM format. Intermediate certificates should be included in general,
+# the server certificate first, then the issuing CA(s) (bottom-up order).
+#
+smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
+
+# The full pathname of a file with the Postfix SMTP server RSA private key
+# in PEM format. The private key must be accessible without a pass-phrase,
+# i.e. it must not be encrypted.
+#
+smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
+
+# Announce STARTTLS support to remote SMTP clients, but do not require that
+# clients use TLS encryption (opportunistic TLS inbound).
+#
+smtpd_tls_security_level = may
+
+# Directory with PEM format Certification Authority certificates that the
+# Postfix SMTP client uses to verify a remote SMTP server certificate.
+#
+smtp_tls_CApath = /etc/pki/tls/certs
+
+# The full pathname of a file containing CA certificates of root CAs
+# trusted to sign either remote SMTP server certificates or intermediate CA
+# certificates.
+#
+smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
+
+# Use TLS if this is supported by the remote SMTP server, otherwise use
+# plaintext (opportunistic TLS outbound).
+#
+smtp_tls_security_level = may
+meta_directory = /etc/postfix
+shlib_directory = /usr/lib64/postfix

postfix/master.cf

@@ -154,3 +154,5 @@ amavisfeed unix    -       -       n        -      2     lmtp
     -o local_recipient_maps=
     -o relay_recipient_maps=
 
+#smtpd     pass  -       -       n       -       -       smtpd
+postlog   unix-dgram n  -       n       -       1       postlogd

postfix/master.cf.proto

@@ -64,6 +64,7 @@ virtual   unix  -       n       n       -       -       virtual
 lmtp      unix  -       -       n       -       -       lmtp
 anvil     unix  -       -       n       -       1       anvil
 scache    unix  -       -       n       -       1       scache
+postlog   unix-dgram n  -       n       -       1       postlogd
 #
 # ====================================================================
 # Interfaces to non-Postfix software. Be sure to examine the manual
@@ -78,7 +79,7 @@ scache    unix  -       -       n       -       1       scache
 # Also specify in main.cf: maildrop_destination_recipient_limit=1
 #
 #maildrop  unix  -       n       n       -       -       pipe
-#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
+#  flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
 #
 # ====================================================================
 #
@@ -97,7 +98,7 @@ scache    unix  -       -       n       -       1       scache
 # Also specify in main.cf: cyrus_destination_recipient_limit=1
 #
 #cyrus     unix  -       n       n       -       -       pipe
-#  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
+#  flags=DRX user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
 #
 # ====================================================================
 #
@@ -128,5 +129,5 @@ scache    unix  -       -       n       -       1       scache
 #  ${nexthop} ${user} ${extension}
 #
 #mailman   unix  -       n       n       -       -       pipe
-#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+#  flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
 #  ${nexthop} ${user}

postfix/master.cf.rpmnew

@@ -0,0 +1,133 @@
+#
+# Postfix master process configuration file.  For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master" or
+# on-line: http://www.postfix.org/master.5.html).
+#
+# Do not forget to execute "postfix reload" after editing this file.
+#
+# ==========================================================================
+# service type  private unpriv  chroot  wakeup  maxproc command + args
+#               (yes)   (yes)   (no)    (never) (100)
+# ==========================================================================
+smtp      inet  n       -       n       -       -       smtpd
+#smtp      inet  n       -       n       -       1       postscreen
+#smtpd     pass  -       -       n       -       -       smtpd
+#dnsblog   unix  -       -       n       -       0       dnsblog
+#tlsproxy  unix  -       -       n       -       0       tlsproxy
+#submission inet n       -       n       -       -       smtpd
+#  -o syslog_name=postfix/submission
+#  -o smtpd_tls_security_level=encrypt
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_tls_auth_only=yes
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+#smtps     inet  n       -       n       -       -       smtpd
+#  -o syslog_name=postfix/smtps
+#  -o smtpd_tls_wrappermode=yes
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+#628       inet  n       -       n       -       -       qmqpd
+pickup    unix  n       -       n       60      1       pickup
+cleanup   unix  n       -       n       -       0       cleanup
+qmgr      unix  n       -       n       300     1       qmgr
+#qmgr     unix  n       -       n       300     1       oqmgr
+tlsmgr    unix  -       -       n       1000?   1       tlsmgr
+rewrite   unix  -       -       n       -       -       trivial-rewrite
+bounce    unix  -       -       n       -       0       bounce
+defer     unix  -       -       n       -       0       bounce
+trace     unix  -       -       n       -       0       bounce
+verify    unix  -       -       n       -       1       verify
+flush     unix  n       -       n       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+proxywrite unix -       -       n       -       1       proxymap
+smtp      unix  -       -       n       -       -       smtp
+relay     unix  -       -       n       -       -       smtp
+        -o syslog_name=postfix/$service_name
+#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq     unix  n       -       n       -       -       showq
+error     unix  -       -       n       -       -       error
+retry     unix  -       -       n       -       -       error
+discard   unix  -       -       n       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp      unix  -       -       n       -       -       lmtp
+anvil     unix  -       -       n       -       1       anvil
+scache    unix  -       -       n       -       1       scache
+postlog   unix-dgram n  -       n       -       1       postlogd
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent.  See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+#maildrop  unix  -       n       n       -       -       pipe
+#  flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
+#
+# ====================================================================
+#
+# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
+#
+# Specify in cyrus.conf:
+#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
+#
+# Specify in main.cf one or more of the following:
+#  mailbox_transport = lmtp:inet:localhost
+#  virtual_transport = lmtp:inet:localhost
+#
+# ====================================================================
+#
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+#
+#cyrus     unix  -       n       n       -       -       pipe
+#  flags=DRX user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# ====================================================================
+#
+# Old example of delivery via Cyrus.
+#
+#old-cyrus unix  -       n       n       -       -       pipe
+#  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
+#
+# ====================================================================
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+#uucp      unix  -       n       n       -       -       pipe
+#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# ====================================================================
+#
+# Other external delivery methods.
+#
+#ifmail    unix  -       n       n       -       -       pipe
+#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+#
+#bsmtp     unix  -       n       n       -       -       pipe
+#  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
+#
+#scalemail-backend unix -       n       n       -       2       pipe
+#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
+#  ${nexthop} ${user} ${extension}
+#
+#mailman   unix  -       n       n       -       -       pipe
+#  flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+#  ${nexthop} ${user}

postfix/postfix-files

@@ -100,6 +100,7 @@ $daemon_directory/postfix-script:f:root:-:755
 $daemon_directory/postfix-tls-script:f:root:-:755
 $daemon_directory/postfix-wrapper:f:root:-:755
 $daemon_directory/postmulti-script:f:root:-:755
+$daemon_directory/postlogd:f:root:-:755
 $daemon_directory/postscreen:f:root:-:755
 $daemon_directory/proxymap:f:root:-:755
 $daemon_directory/qmgr:f:root:-:755
@@ -175,7 +176,6 @@ $manpage_directory/man5/cidr_table.5.gz:f:root:-:644
 $manpage_directory/man5/generics.5.gz:f:root:-:644:o
 $manpage_directory/man5/generic.5.gz:f:root:-:644
 $manpage_directory/man5/header_checks.5.gz:f:root:-:644
-$manpage_directory/man5/lmdb_table.5.gz:f:root:-:644
 $manpage_directory/man5/master.5.gz:f:root:-:644
 $manpage_directory/man5/memcache_table.5.gz:f:root:-:644
 $manpage_directory/man5/socketmap_table.5.gz:f:root:-:644
@@ -202,6 +202,7 @@ $manpage_directory/man8/nqmgr.8.gz:f:root:-:644:o
 $manpage_directory/man8/oqmgr.8.gz:f:root:-:644:
 $manpage_directory/man8/pickup.8.gz:f:root:-:644
 $manpage_directory/man8/pipe.8.gz:f:root:-:644
+$manpage_directory/man8/postlogd.8.gz:f:root:-:644
 $manpage_directory/man8/postscreen.8.gz:f:root:-:644
 $manpage_directory/man8/proxymap.8.gz:f:root:-:644
 $manpage_directory/man8/qmgr.8.gz:f:root:-:644
@@ -270,7 +271,6 @@ $readme_directory/HOSTING_README:f:root:-:644:o
 $readme_directory/INSTALL:f:root:-:644
 $readme_directory/IPV6_README:f:root:-:644
 $readme_directory/LINUX_README:f:root:-:644
-$readme_directory/LMDB_README:f:root:-:644
 $readme_directory/LOCAL_RECIPIENT_README:f:root:-:644
 $readme_directory/MACOSX_README:f:root:-:644:o
 $readme_directory/MAILDROP_README:f:root:-:644
@@ -403,6 +403,7 @@ $html_directory/postlock.1.html:f:root:-:644
 $html_directory/postlog.1.html:f:root:-:644
 $html_directory/postmap.1.html:f:root:-:644
 $html_directory/postmulti.1.html:f:root:-:644
+$html_directory/postlogd.8.html:f:root:-:644
 $html_directory/postqueue.1.html:f:root:-:644
 $html_directory/postscreen.8.html:f:root:-:644
 $html_directory/postsuper.1.html:f:root:-:644

postfix/transport.rpmnew

@@ -0,0 +1,317 @@
+# TRANSPORT(5)                                                      TRANSPORT(5)
+# 
+# NAME
+#        transport - Postfix transport table format
+# 
+# SYNOPSIS
+#        postmap /etc/postfix/transport
+# 
+#        postmap -q "string" /etc/postfix/transport
+# 
+#        postmap -q - /etc/postfix/transport <inputfile
+# 
+# DESCRIPTION
+#        The  optional  transport(5) table specifies a mapping from
+#        email  addresses  to  message  delivery   transports   and
+#        next-hop  destinations.   Message delivery transports such
+#        as local or smtp are defined in the  master.cf  file,  and
+#        next-hop destinations are typically hosts or domain names.
+#        The table is searched by the trivial-rewrite(8) daemon.
+# 
+#        This  mapping  overrides  the  default   transport:nexthop
+#        selection that is built into Postfix:
+# 
+#        local_transport (default: local:$myhostname)
+#               This  is  the default for final delivery to domains
+#               listed with mydestination, and for [ipaddress] des-
+#               tinations    that    match    $inet_interfaces   or
+#               $proxy_interfaces. The default nexthop  destination
+#               is the MTA hostname.
+# 
+#        virtual_transport (default: virtual:)
+#               This  is  the default for final delivery to domains
+#               listed with  virtual_mailbox_domains.  The  default
+#               nexthop destination is the recipient domain.
+# 
+#        relay_transport (default: relay:)
+#               This  is the default for remote delivery to domains
+#               listed with relay_domains. In order  of  decreasing
+#               precedence,  the  nexthop destination is taken from
+#               relay_transport,   sender_dependent_relayhost_maps,
+#               relayhost, or from the recipient domain.
+# 
+#        default_transport (default: smtp:)
+#               This  is  the  default for remote delivery to other
+#               destinations.  In order of  decreasing  precedence,
+#               the nexthop destination is taken from sender_depen-
+#               dent_default_transport_maps,     default_transport,
+#               sender_dependent_relayhost_maps, relayhost, or from
+#               the recipient domain.
+# 
+#        Normally, the transport(5) table is specified  as  a  text
+#        file  that serves as input to the postmap(1) command.  The
+#        result, an indexed file in dbm or db format, is  used  for
+#        fast  searching  by  the  mail system. Execute the command
+#        "postmap /etc/postfix/transport"  to  rebuild  an  indexed
+#        file after changing the corresponding transport table.
+# 
+#        When  the  table  is provided via other means such as NIS,
+#        LDAP or SQL, the same lookups are  done  as  for  ordinary
+#        indexed files.
+# 
+#        Alternatively,  the  table  can  be  provided  as  a regu-
+#        lar-expression map where patterns  are  given  as  regular
+#        expressions,  or  lookups  can  be  directed  to TCP-based
+#        server. In those case, the lookups are done in a  slightly
+#        different way as described below under "REGULAR EXPRESSION
+#        TABLES" or "TCP-BASED TABLES".
+# 
+# CASE FOLDING
+#        The search string is folded to lowercase  before  database
+#        lookup.  As  of Postfix 2.3, the search string is not case
+#        folded with database types such as regexp: or pcre:  whose
+#        lookup fields can match both upper and lower case.
+# 
+# TABLE FORMAT
+#        The input format for the postmap(1) command is as follows:
+# 
+#        pattern result
+#               When  pattern  matches  the  recipient  address  or
+#               domain, use the corresponding result.
+# 
+#        blank lines and comments
+#               Empty  lines and whitespace-only lines are ignored,
+#               as are lines whose first  non-whitespace  character
+#               is a `#'.
+# 
+#        multi-line text
+#               A  logical  line starts with non-whitespace text. A
+#               line that starts with whitespace continues a  logi-
+#               cal line.
+# 
+#        The  pattern specifies an email address, a domain name, or
+#        a domain name hierarchy, as described  in  section  "TABLE
+#        LOOKUP".
+# 
+#        The  result is of the form transport:nexthop and specifies
+#        how or where to deliver mail. This is described in section
+#        "RESULT FORMAT".
+# 
+# TABLE SEARCH ORDER
+#        With lookups from indexed files such as DB or DBM, or from
+#        networked tables such as NIS, LDAP or  SQL,  patterns  are
+#        tried in the order as listed below:
+# 
+#        user+extension@domain transport:nexthop
+#               Deliver   mail  for  user+extension@domain  through
+#               transport to nexthop.
+# 
+#        user@domain transport:nexthop
+#               Deliver mail for user@domain through  transport  to
+#               nexthop.
+# 
+#        domain transport:nexthop
+#               Deliver  mail  for domain through transport to nex-
+#               thop.
+# 
+#        .domain transport:nexthop
+#               Deliver mail for any subdomain  of  domain  through
+#               transport  to  nexthop.  This applies only when the
+#               string transport_maps is not  listed  in  the  par-
+#               ent_domain_matches_subdomains   configuration  set-
+#               ting.  Otherwise, a domain name matches itself  and
+#               its subdomains.
+# 
+#        * transport:nexthop
+#               The  special pattern * represents any address (i.e.
+#               it functions  as  the  wild-card  pattern,  and  is
+#               unique to Postfix transport tables).
+# 
+#        Note  1:  the  null  recipient  address  is  looked  up as
+#        $empty_address_recipient@$myhostname (default: mailer-dae-
+#        mon@hostname).
+# 
+#        Note  2:  user@domain  or  user+extension@domain lookup is
+#        available in Postfix 2.0 and later.
+# 
+# RESULT FORMAT
+#        The lookup result is of the form  transport:nexthop.   The
+#        transport  field  specifies a mail delivery transport such
+#        as smtp or local. The nexthop field  specifies  where  and
+#        how to deliver mail.
+# 
+#        The  transport field specifies the name of a mail delivery
+#        transport (the first name of a mail delivery service entry
+#        in the Postfix master.cf file).
+# 
+#        The  nexthop  field usually specifies one recipient domain
+#        or hostname. In the case of the Postfix SMTP/LMTP  client,
+#        the  nexthop  field may contain a list of nexthop destina-
+#        tions separated by comma or whitespace  (Postfix  3.5  and
+#        later).
+# 
+#        The  syntax  of  a nexthop destination is transport depen-
+#        dent.  With SMTP, specify a service on a non-default  port
+#        as  host:service,  and  disable  MX  (mail  exchanger) DNS
+#        lookups  with  [host]  or  [host]:port.  The  []  form  is
+#        required when you specify an IP address instead of a host-
+#        name.
+# 
+#        A null transport and null  nexthop  field  means  "do  not
+#        change":  use  the delivery transport and nexthop informa-
+#        tion that would be used when the  entire  transport  table
+#        did not exist.
+# 
+#        A  non-null  transport  field  with  a  null nexthop field
+#        resets the nexthop information to the recipient domain.
+# 
+#        A null transport field with non-null  nexthop  field  does
+#        not modify the transport information.
+# 
+# EXAMPLES
+#        In  order to deliver internal mail directly, while using a
+#        mail relay for all other mail, specify a  null  entry  for
+#        internal  destinations  (do not change the delivery trans-
+#        port or the nexthop information) and  specify  a  wildcard
+#        for all other destinations.
+# 
+#             my.domain    :
+#             .my.domain   :
+#             *            smtp:outbound-relay.my.domain
+# 
+#        In  order  to send mail for example.com and its subdomains
+#        via the uucp transport to the UUCP host named example:
+# 
+#             example.com      uucp:example
+#             .example.com     uucp:example
+# 
+#        When no nexthop host name is  specified,  the  destination
+#        domain  name  is  used instead. For example, the following
+#        directs mail for user@example.com via the  slow  transport
+#        to  a  mail exchanger for example.com.  The slow transport
+#        could be configured to run at most one delivery process at
+#        a time:
+# 
+#             example.com      slow:
+# 
+#        When no transport is specified, Postfix uses the transport
+#        that matches the address  domain  class  (see  DESCRIPTION
+#        above).   The following sends all mail for example.com and
+#        its subdomains to host gateway.example.com:
+# 
+#             example.com      :[gateway.example.com]
+#             .example.com     :[gateway.example.com]
+# 
+#        In the above example, the [] suppress  MX  lookups.   This
+#        prevents  mail  routing loops when your machine is primary
+#        MX host for example.com.
+# 
+#        In the case of delivery via SMTP or LMTP, one may  specify
+#        host:service instead of just a host:
+# 
+#             example.com      smtp:bar.example:2025
+# 
+#        This directs mail for user@example.com to host bar.example
+#        port 2025. Instead of a numerical port a symbolic name may
+#        be used. Specify [] around the hostname if MX lookups must
+#        be disabled.
+# 
+#        Deliveries via SMTP or LMTP support multiple  destinations
+#        (Postfix >= 3.5):
+# 
+#             example.com      smtp:bar.example, foo.example
+# 
+#        This  tries  to  deliver  to  bar.example before trying to
+#        deliver to foo.example.
+# 
+#        The error mailer can be used to bounce mail:
+# 
+#             .example.com     error:mail for *.example.com is not deliverable
+# 
+#        This causes all mail for user@anything.example.com  to  be
+#        bounced.
+# 
+# REGULAR EXPRESSION TABLES
+#        This  section  describes how the table lookups change when
+#        the table is given in the form of regular expressions. For
+#        a  description  of regular expression lookup table syntax,
+#        see regexp_table(5) or pcre_table(5).
+# 
+#        Each pattern is a regular expression that  is  applied  to
+#        the    entire    address    being    looked    up.   Thus,
+#        some.domain.hierarchy is not  looked  up  via  its  parent
+#        domains,  nor is user+foo@domain looked up as user@domain.
+# 
+#        Patterns are applied in the order as specified in the  ta-
+#        ble,  until  a  pattern  is  found that matches the search
+#        string.
+# 
+#        The trivial-rewrite(8) server disallows regular expression
+#        substitution  of  $1  etc.  in  regular  expression lookup
+#        tables, because that could open a security  hole  (Postfix
+#        version 2.3 and later).
+# 
+# TCP-BASED TABLES
+#        This  section  describes how the table lookups change when
+#        lookups are directed to a TCP-based server. For a descrip-
+#        tion of the TCP client/server lookup protocol, see tcp_ta-
+#        ble(5).  This feature is not available up to and including
+#        Postfix version 2.4.
+# 
+#        Each  lookup  operation  uses the entire recipient address
+#        once.  Thus, some.domain.hierarchy is not  looked  up  via
+#        its  parent  domains,  nor is user+foo@domain looked up as
+#        user@domain.
+# 
+#        Results are the same as with indexed file lookups.
+# 
+# CONFIGURATION PARAMETERS
+#        The following main.cf parameters are especially  relevant.
+#        The  text  below  provides  only  a parameter summary. See
+#        postconf(5) for more details including examples.
+# 
+#        empty_address_recipient (MAILER-DAEMON)
+#               The  recipient  of  mail  addressed  to  the   null
+#               address.
+# 
+#        parent_domain_matches_subdomains  (see  'postconf -d' out-
+#        put)
+#               A list of Postfix features where the pattern "exam-
+#               ple.com" also matches  subdomains  of  example.com,
+#               instead  of  requiring  an  explicit ".example.com"
+#               pattern.
+# 
+#        transport_maps (empty)
+#               Optional lookup tables with mappings from recipient
+#               address  to  (message  delivery transport, next-hop
+#               destination).
+# 
+# SEE ALSO
+#        trivial-rewrite(8), rewrite and resolve addresses
+#        master(5), master.cf file format
+#        postconf(5), configuration parameters
+#        postmap(1), Postfix lookup table manager
+# 
+# README FILES
+#        Use "postconf readme_directory" or  "postconf  html_direc-
+#        tory" to locate this information.
+#        ADDRESS_REWRITING_README, address rewriting guide
+#        DATABASE_README, Postfix lookup table overview
+#        FILTER_README, external content filter
+# 
+# LICENSE
+#        The  Secure  Mailer  license must be distributed with this
+#        software.
+# 
+# AUTHOR(S)
+#        Wietse Venema
+#        IBM T.J. Watson Research
+#        P.O. Box 704
+#        Yorktown Heights, NY 10598, USA
+# 
+#        Wietse Venema
+#        Google, Inc.
+#        111 8th Avenue
+#        New York, NY 10011, USA
+# 
+#                                                                   TRANSPORT(5)

postfix/virtual.rpmnew

@@ -0,0 +1,324 @@
+# VIRTUAL(5)                                                          VIRTUAL(5)
+# 
+# NAME
+#        virtual - Postfix virtual alias table format
+# 
+# SYNOPSIS
+#        postmap /etc/postfix/virtual
+# 
+#        postmap -q "string" /etc/postfix/virtual
+# 
+#        postmap -q - /etc/postfix/virtual <inputfile
+# 
+# DESCRIPTION
+#        The  optional  virtual(5)  alias  table rewrites recipient
+#        addresses for all local, all virtual, and all remote  mail
+#        destinations.   This  is unlike the aliases(5) table which
+#        is used only for local(8) delivery.  Virtual  aliasing  is
+#        recursive,  and  is  implemented by the Postfix cleanup(8)
+#        daemon before mail is queued.
+# 
+#        The main applications of virtual aliasing are:
+# 
+#        o      To redirect mail for one address  to  one  or  more
+#               addresses.
+# 
+#        o      To   implement  virtual  alias  domains  where  all
+#               addresses  are  aliased  to  addresses   in   other
+#               domains.
+# 
+#               Virtual  alias  domains are not to be confused with
+#               the virtual mailbox domains  that  are  implemented
+#               with  the  Postfix  virtual(8) mail delivery agent.
+#               With  virtual  mailbox  domains,   each   recipient
+#               address can have its own mailbox.
+# 
+#        Virtual  aliasing  is  applied  only to recipient envelope
+#        addresses, and  does  not  affect  message  headers.   Use
+#        canonical(5)   mapping  to  rewrite  header  and  envelope
+#        addresses in general.
+# 
+#        Normally, the virtual(5) alias table  is  specified  as  a
+#        text  file that serves as input to the postmap(1) command.
+#        The result, an indexed file in dbm or db format,  is  used
+#        for fast searching by the mail system. Execute the command
+#        "postmap /etc/postfix/virtual" to rebuild an indexed  file
+#        after changing the corresponding text file.
+# 
+#        When  the  table  is provided via other means such as NIS,
+#        LDAP or SQL, the same lookups are  done  as  for  ordinary
+#        indexed files.
+# 
+#        Alternatively,  the  table  can  be  provided  as  a regu-
+#        lar-expression map where patterns  are  given  as  regular
+#        expressions,  or  lookups  can  be  directed  to TCP-based
+#        server. In those case, the lookups are done in a  slightly
+#        different way as described below under "REGULAR EXPRESSION
+#        TABLES" or "TCP-BASED TABLES".
+# 
+# CASE FOLDING
+#        The search string is folded to lowercase  before  database
+#        lookup.  As  of Postfix 2.3, the search string is not case
+#        folded with database types such as regexp: or pcre:  whose
+#        lookup fields can match both upper and lower case.
+# 
+# TABLE FORMAT
+#        The input format for the postmap(1) command is as follows:
+# 
+#        pattern address, address, ...
+#               When pattern matches a mail address, replace it  by
+#               the corresponding address.
+# 
+#        blank lines and comments
+#               Empty  lines and whitespace-only lines are ignored,
+#               as are lines whose first  non-whitespace  character
+#               is a `#'.
+# 
+#        multi-line text
+#               A  logical  line starts with non-whitespace text. A
+#               line that starts with whitespace continues a  logi-
+#               cal line.
+# 
+# TABLE SEARCH ORDER
+#        With lookups from indexed files such as DB or DBM, or from
+#        networked  tables  such  as  NIS,  LDAP   or   SQL,   each
+#        user@domain query produces a sequence of query patterns as
+#        described below.
+# 
+#        Each query pattern is sent to each specified lookup  table
+#        before  trying  the  next  query pattern, until a match is
+#        found.
+# 
+#        user@domain address, address, ...
+#               Redirect mail for  user@domain  to  address.   This
+#               form has the highest precedence.
+# 
+#        user address, address, ...
+#               Redirect mail for user@site to address when site is
+#               equal to $myorigin, when site is listed in  $mydes-
+#               tination,  or when it is listed in $inet_interfaces
+#               or $proxy_interfaces.
+# 
+#               This functionality overlaps with  functionality  of
+#               the  local  aliases(5)  database. The difference is
+#               that virtual(5) mapping can be applied to non-local
+#               addresses.
+# 
+#        @domain address, address, ...
+#               Redirect mail for other users in domain to address.
+#               This form has the lowest precedence.
+# 
+#               Note: @domain is a wild-card. With this  form,  the
+#               Postfix  SMTP server accepts mail for any recipient
+#               in domain, regardless  of  whether  that  recipient
+#               exists.   This  may  turn  your  mail system into a
+#               backscatter source: Postfix first accepts mail  for
+#               non-existent  recipients  and  then tries to return
+#               that mail as "undeliverable" to  the  often  forged
+#               sender address.
+# 
+#               To  avoid  backscatter  with  mail  for a wild-card
+#               domain, replace the wild-card mapping with explicit
+#               1:1  mappings, or add a reject_unverified_recipient
+#               restriction for that domain:
+# 
+#                   smtpd_recipient_restrictions =
+#                       ...
+#                       reject_unauth_destination
+#                       check_recipient_access
+#                           inline:{example.com=reject_unverified_recipient}
+#                   unverified_recipient_reject_code = 550
+# 
+#               In the above example, Postfix may contact a  remote
+#               server  if  the  recipient  is  aliased to a remote
+#               address.
+# 
+# RESULT ADDRESS REWRITING
+#        The lookup result is subject to address rewriting:
+# 
+#        o      When the result  has  the  form  @otherdomain,  the
+#               result  becomes the same user in otherdomain.  This
+#               works only for the first address in a multi-address
+#               lookup result.
+# 
+#        o      When  "append_at_myorigin=yes", append "@$myorigin"
+#               to addresses without "@domain".
+# 
+#        o      When "append_dot_mydomain=yes", append ".$mydomain"
+#               to addresses without ".domain".
+# 
+# ADDRESS EXTENSION
+#        When a mail address localpart contains the optional recip-
+#        ient delimiter (e.g., user+foo@domain), the  lookup  order
+#        becomes: user+foo@domain, user@domain, user+foo, user, and
+#        @domain.
+# 
+#        The  propagate_unmatched_extensions   parameter   controls
+#        whether  an  unmatched  address extension (+foo) is propa-
+#        gated to the result of table lookup.
+# 
+# VIRTUAL ALIAS DOMAINS
+#        Besides virtual aliases, the virtual alias table can  also
+#        be used to implement virtual alias domains. With a virtual
+#        alias domain,  all  recipient  addresses  are  aliased  to
+#        addresses in other domains.
+# 
+#        Virtual alias domains are not to be confused with the vir-
+#        tual mailbox domains that are implemented with the Postfix
+#        virtual(8)  mail  delivery  agent.  With  virtual  mailbox
+#        domains, each recipient address can have its own  mailbox.
+# 
+#        With  a  virtual  alias domain, the virtual domain has its
+#        own user name space. Local  (i.e.  non-virtual)  usernames
+#        are  not visible in a virtual alias domain. In particular,
+#        local aliases(5) and local mailing lists are  not  visible
+#        as localname@virtual-alias.domain.
+# 
+#        Support for a virtual alias domain looks like:
+# 
+#        /etc/postfix/main.cf:
+#            virtual_alias_maps = hash:/etc/postfix/virtual
+# 
+#        Note: some systems use dbm databases instead of hash.  See
+#        the output  from  "postconf  -m"  for  available  database
+#        types.
+# 
+#        /etc/postfix/virtual:
+#            virtual-alias.domain    anything (right-hand content does not matter)
+#            postmaster@virtual-alias.domain postmaster
+#            user1@virtual-alias.domain      address1
+#            user2@virtual-alias.domain      address2, address3
+# 
+#        The  virtual-alias.domain anything entry is required for a
+#        virtual alias domain. Without this entry, mail is rejected
+#        with  "relay  access  denied", or bounces with "mail loops
+#        back to myself".
+# 
+#        Do not specify virtual alias domain names in  the  main.cf
+#        mydestination or relay_domains configuration parameters.
+# 
+#        With  a  virtual  alias  domain,  the  Postfix SMTP server
+#        accepts  mail  for  known-user@virtual-alias.domain,   and
+#        rejects   mail  for  unknown-user@virtual-alias.domain  as
+#        undeliverable.
+# 
+#        Instead of specifying the virtual alias  domain  name  via
+#        the  virtual_alias_maps table, you may also specify it via
+#        the main.cf virtual_alias_domains configuration parameter.
+#        This  latter parameter uses the same syntax as the main.cf
+#        mydestination configuration parameter.
+# 
+# REGULAR EXPRESSION TABLES
+#        This section describes how the table lookups  change  when
+#        the table is given in the form of regular expressions. For
+#        a description of regular expression lookup  table  syntax,
+#        see regexp_table(5) or pcre_table(5).
+# 
+#        Each  pattern  is  a regular expression that is applied to
+#        the entire address being looked up. Thus, user@domain mail
+#        addresses  are  not  broken up into their user and @domain
+#        constituent parts, nor is user+foo broken up into user and
+#        foo.
+# 
+#        Patterns  are applied in the order as specified in the ta-
+#        ble, until a pattern is  found  that  matches  the  search
+#        string.
+# 
+#        Results  are  the  same as with indexed file lookups, with
+#        the additional feature that parenthesized substrings  from
+#        the pattern can be interpolated as $1, $2 and so on.
+# 
+# TCP-BASED TABLES
+#        This  section  describes how the table lookups change when
+#        lookups are directed to a TCP-based server. For a descrip-
+#        tion of the TCP client/server lookup protocol, see tcp_ta-
+#        ble(5).  This feature is not available up to and including
+#        Postfix version 2.4.
+# 
+#        Each lookup operation uses the entire address once.  Thus,
+#        user@domain mail addresses are not broken  up  into  their
+#        user and @domain constituent parts, nor is user+foo broken
+#        up into user and foo.
+# 
+#        Results are the same as with indexed file lookups.
+# 
+# BUGS
+#        The table format does not understand quoting  conventions.
+# 
+# CONFIGURATION PARAMETERS
+#        The  following  main.cf parameters are especially relevant
+#        to this topic. See the Postfix  main.cf  file  for  syntax
+#        details  and  for default values. Use the "postfix reload"
+#        command after a configuration change.
+# 
+#        virtual_alias_maps ($virtual_maps)
+#               Optional lookup tables  that  alias  specific  mail
+#               addresses  or  domains  to  other  local  or remote
+#               address.
+# 
+#        virtual_alias_domains ($virtual_alias_maps)
+#               Postfix is final destination for the specified list
+#               of  virtual  alias  domains,  that  is, domains for
+#               which all addresses are  aliased  to  addresses  in
+#               other local or remote domains.
+# 
+#        propagate_unmatched_extensions (canonical, virtual)
+#               What  address  lookup tables copy an address exten-
+#               sion from the lookup key to the lookup result.
+# 
+#        Other parameters of interest:
+# 
+#        inet_interfaces (all)
+#               The network interface addresses that this mail sys-
+#               tem receives mail on.
+# 
+#        mydestination  ($myhostname,  localhost.$mydomain,  local-
+#        host)
+#               The  list  of  domains  that  are delivered via the
+#               $local_transport mail delivery transport.
+# 
+#        myorigin ($myhostname)
+#               The domain name that locally-posted mail appears to
+#               come  from,  and that locally posted mail is deliv-
+#               ered to.
+# 
+#        owner_request_special (yes)
+#               Enable special treatment for owner-listname entries
+#               in the aliases(5) file, and don't split owner-list-
+#               name and listname-request address  localparts  when
+#               the recipient_delimiter is set to "-".
+# 
+#        proxy_interfaces (empty)
+#               The network interface addresses that this mail sys-
+#               tem receives mail on by way of a proxy  or  network
+#               address translation unit.
+# 
+# SEE ALSO
+#        cleanup(8), canonicalize and enqueue mail
+#        postmap(1), Postfix lookup table manager
+#        postconf(5), configuration parameters
+#        canonical(5), canonical address mapping
+# 
+# README FILES
+#        Use  "postconf  readme_directory" or "postconf html_direc-
+#        tory" to locate this information.
+#        ADDRESS_REWRITING_README, address rewriting guide
+#        DATABASE_README, Postfix lookup table overview
+#        VIRTUAL_README, domain hosting guide
+# 
+# LICENSE
+#        The Secure Mailer license must be  distributed  with  this
+#        software.
+# 
+# AUTHOR(S)
+#        Wietse Venema
+#        IBM T.J. Watson Research
+#        P.O. Box 704
+#        Yorktown Heights, NY 10598, USA
+# 
+#        Wietse Venema
+#        Google, Inc.
+#        111 8th Avenue
+#        New York, NY 10011, USA
+# 
+#                                                                     VIRTUAL(5)

qemu-ga/fsfreeze-hook

@@ -8,7 +8,7 @@
 # request, it is issued with "thaw" argument after filesystem is thawed.
 
 LOGFILE=/var/log/qga-fsfreeze-hook.log
-FSFREEZE_D=$(dirname -- "$0")/fsfreeze-hook.d
+FSFREEZE_D=$(dirname -- "$(realpath $0)")/fsfreeze-hook.d
 
 # Check whether file $1 is a backup or rpm-generated file and should be ignored
 is_ignored_file() {

qemu-kvm/fsfreeze-hook

@@ -0,0 +1 @@
+/etc/qemu-ga/fsfreeze-hook

rc.d/init.d/functions

@@ -7,7 +7,7 @@
 TEXTDOMAIN=initscripts
 
 # Make sure umask is sane
-umask 027
+umask 022
 
 # Set up a default search path.
 PATH="/sbin:/usr/sbin:/bin:/usr/bin"

rdma/mlx4.conf

@@ -0,0 +1,27 @@
+# Config file for mlx4 hardware port settings
+# This file is read when the mlx4_core module is loaded and used to
+# set the port types for any hardware found.  If a card is not listed
+# in this file, then its port types are left alone.
+#
+# Format:
+# <pci_device_of_card> <port1_type> [port2_type]
+#
+# @port1 and @port2:
+#   One of auto, ib, or eth.  No checking is performed to make sure that
+#   combinations are valid.  Invalid inputs will result in the driver
+#   not setting the port to the type requested.  port1 is required at
+#   all times, port2 is required for dual port cards.
+#
+# Example:
+# 0000:0b:00.0 eth eth
+#
+# You can find the right pci device to use for any given card by loading
+# the mlx4_core module, then going to /sys/bus/pci/drivers/mlx4_core and
+# seeing what possible PCI devices are listed there.  The possible values
+# for ports are: ib, eth, and auto.  However, not all cards support all
+# types, so if you get messages from the kernel that your selected port
+# type isn't supported, there's nothing this script can do about it.  Also,
+# some cards don't support using different types on the two ports (aka,
+# both ports must be either eth or ib).  Again, we can't set what the kernel
+# or hardware won't support.
+#

rdma/modules/infiniband.conf

@@ -0,0 +1,12 @@
+# These modules are loaded by the system if any InfiniBand device is installed
+# InfiniBand over IP netdevice
+ib_ipoib
+
+# Access to fabric management SMPs and GMPs from userspace.
+ib_umad
+
+# SCSI Remote Protocol target support
+# ib_srpt
+
+# ib_ucm provides the obsolete /dev/infiniband/ucm0
+# ib_ucm

rdma/modules/iwarp.conf

@@ -0,0 +1 @@
+# These modules are loaded by the system if any iWarp device is installed

rdma/modules/opa.conf

@@ -0,0 +1,10 @@
+# These modules are loaded by the system if any OmniPath Architecture device
+# is installed
+# Infiniband over IP netdevice
+ib_ipoib
+
+# Access to fabric management SMPs and GMPs from userspace.
+ib_umad
+
+# Omnipath Ethernet Virtual NIC netdevice
+opa_vnic

rdma/modules/rdma.conf

@@ -0,0 +1,24 @@
+# These modules are loaded by the system if any RDMA devices is installed
+# iSCSI over RDMA client support
+ib_iser
+
+# iSCSI over RDMA target support
+ib_isert
+
+# SCSI RDMA Protocol target driver
+ib_srpt
+
+# User access to RDMA verbs (supports libibverbs)
+ib_uverbs
+
+# User access to RDMA connection management (supports librdmacm)
+rdma_ucm
+
+# RDS over RDMA support
+# rds_rdma
+
+# NFS over RDMA client support
+xprtrdma
+
+# NFS over RDMA server support
+svcrdma

rdma/modules/roce.conf

@@ -0,0 +1,2 @@
+# These modules are loaded by the system if any RDMA over Converged Ethernet
+# device is installed

rhsm/rhsm.conf

@@ -94,6 +94,12 @@ autoAttachInterval = 1440
 splay = 1
 # If set to 1, rhsmcertd will not execute.
 disable = 0
+# Set to 1, when rhsmcerd will try to do automatic registration.
+# Setting this option make sense only on machines running on public
+# clouds. Currently only AWS, Azure and GCP are supported
+auto_registration = 0
+# Interval to run auto-registration (in minutes):
+auto_registration_interval = 60
 
 [logging]
 default_log_level = INFO

security/pwquality.conf

@@ -54,6 +54,10 @@
 # The check is enabled if the value is not 0.
 # usercheck = 1
 #
+# Length of substrings from the username to check for in the password
+# The check is enabled if the value is greater than 0 and usercheck is enabled.
+# usersubstr = 0
+#
 # Whether the check is enforced by the PAM module and possibly other
 # applications.
 # The new password is rejected if it fails the check and the value is not 0.
@@ -61,3 +65,15 @@
 #
 # Path to the cracklib dictionaries. Default is to use the cracklib default.
 # dictpath =
+#
+# Prompt user at most N times before returning with error. The default is 1.
+# retry = 3
+#
+# Enforces pwquality checks on the root user password.
+# Enabled if the option is present.
+# enforce_for_root
+#
+# Skip testing the password quality for users that are not present in the
+# /etc/passwd file.
+# Enabled if the option is present.
+# local_users_only

selinux/semanage.conf

@@ -42,14 +42,16 @@ module-store = direct
 expand-check=0
 
 # usepasswd check tells semanage to scan all pass word records for home directories
-# and setup the labeling correctly.  If this is turned off, SELinux will label /home 
+# and setup the labeling correctly. If this is turned off, SELinux will label only /home
-# correctly only.  You will need to use semanage fcontext command.  
+# and home directories of users with SELinux login mappings defined, see
+# semanage login -l for the list of such users.
+# If you want to use a different home directory, you will need to use semanage fcontext command.
 # For example, if you had home dirs in /althome directory you would have to execute
 # semanage fcontext -a -e /home /althome
 usepasswd=False
 bzip-small=true
 bzip-blocksize=5
-ignoredirs=/root
+ignoredirs=/root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var
 
 [sefcontext_compile]
 path = /usr/sbin/sefcontext_compile

selinux/targeted/.policy.sha512

@@ -1 +1 @@
-a22e33fcbb09d3c1722d49f584d554e7c9a887c3b1da8dc15f90e9d72884fd73191d410f6d4dbf9f0c7c99e8362393b218002ba9644eecb0d1e509bbc9132d04
+a3901cc0dc86321934577ebddea6d769230a49a9899939b0c78d693b1b1dd8bbf53fba876ba3c8c08bf7fe910a1a8d760bcf812026b8edac95389f7e9a13b4bb

selinux/targeted/contexts/files/file_contexts

@@ -530,6 +530,7 @@
 /dev/usbmon.+	-c	system_u:object_r:usbmon_device_t:s0
 /dev/mmcblk.*	-b	system_u:object_r:removable_device_t:s0
 /dev/mspblk.*	-b	system_u:object_r:removable_device_t:s0
+/etc/httpd/.*	-l	system_u:object_r:etc_t:s0
 /initrd\.img.*	-l	system_u:object_r:boot_t:s0
 /etc/bacula.*	system_u:object_r:bacula_etc_t:s0
 /etc/drupal.*	system_u:object_r:httpd_sys_rw_content_t:s0
@@ -1532,6 +1533,7 @@
 /boot/System\.map(-.*)?	--	system_u:object_r:system_map_t:s0
 /usr/sbin/crack_[a-z]*	--	system_u:object_r:crack_exec_t:s0
 /var/cache/swift(/.*)?	--	system_u:object_r:swift_var_cache_t:s0
+/dev/vhost-vdpa-[0-9]+	-c	system_u:object_r:vhost_device_t:s0
 /etc/MailScanner(/.*)?	system_u:object_r:mscan_etc_t:s0
 /etc/WebCalendar(/.*)?	system_u:object_r:httpd_sys_rw_content_t:s0
 /etc/dirsrv/dsgw(/.*)?	system_u:object_r:dirsrvadmin_config_t:s0
@@ -2068,6 +2070,7 @@
 /opt/google-earth/.*\.so.*	--	system_u:object_r:textrel_shlib_t:s0
 /usr/google-earth/.*\.so.*	--	system_u:object_r:textrel_shlib_t:s0
 /var/run/nm-xl2tpd.conf.*	--	system_u:object_r:NetworkManager_var_run_t:s0
+/var/run/pcsd-ruby.socket	-s	system_u:object_r:cluster_var_run_t:s0
 /etc/resolv-secure.conf.*	system_u:object_r:net_conf_t:s0
 /var/cache/tomcat6?(/.*)?	system_u:object_r:tomcat_cache_t:s0
 /var/lib/syslog-ng.persist	--	system_u:object_r:syslogd_var_lib_t:s0
@@ -2213,6 +2216,7 @@
 /var/run/postgresql(/.*)?	system_u:object_r:postgresql_var_run_t:s0
 /var/run/samba/nmbd(/.*)?	system_u:object_r:nmbd_var_run_t:s0
 /var/run/stickshift(/.*)?	system_u:object_r:openshift_var_run_t:s0
+/var/run/strongswan(/.*)?	system_u:object_r:ipsec_var_run_t:s0
 /var/run/timemaster(/.*)?	system_u:object_r:timemaster_var_run_t:s0
 /var/spool/asterisk(/.*)?	system_u:object_r:asterisk_spool_t:s0
 /var/spool/cups-pdf(/.*)?	system_u:object_r:print_spool_t:s0
@@ -2746,6 +2750,7 @@
 /var/spool/cron/crontabs/.*	--	<<none>>
 /etc/rc\.d/init\.d/dhcrelay(6)?	--	system_u:object_r:dhcpd_initrc_exec_t:s0
 /usr/share/awstats/tools/.+\.pl	--	system_u:object_r:awstats_exec_t:s0
+/var/run/systemd/machines.lock	--	system_u:object_r:systemd_machined_var_run_t:s0
 /etc/security/namespace\.d(/.*)?	--	system_u:object_r:namespace_init_exec_t:s0
 /usr/share/turboprint/lib(/.*)?	--	system_u:object_r:bin_t:s0
 /etc/pki/pki-tomcat/alias(/.*)?	system_u:object_r:pki_tomcat_cert_t:s0
@@ -4023,7 +4028,6 @@
 /var/run/\.zebra	-s	system_u:object_r:zebra_var_run_t:s0
 /var/run/\.zserv	-s	system_u:object_r:zebra_var_run_t:s0
 /var/run/zarafa	-s	system_u:object_r:zarafa_server_var_run_t:s0
-/etc/httpd/logs	system_u:object_r:httpd_log_t:s0
 /bin/dbus-daemon	--	system_u:object_r:dbusd_exec_t:s0
 /etc/fetchmailrc	--	system_u:object_r:fetchmail_etc_t:s0
 /etc/ld\.so\.cache	--	system_u:object_r:ld_so_cache_t:s0
@@ -4560,7 +4564,6 @@
 /dev/device-mapper	-c	system_u:object_r:fixed_disk_device_t:s0
 /dev/xen/hypercall	-c	system_u:object_r:xen_device_t:s0
 /var/run/gpsd\.sock	-s	system_u:object_r:gpsd_var_run_t:s0
-/etc/httpd/modules	system_u:object_r:httpd_modules_t:s0
 /usr/bin/pkidaemon	system_u:object_r:pki_tomcat_exec_t:s0
 /\.ismount-test-file	--	system_u:object_r:sosreport_tmp_t:s0
 /bin/systemd-notify	--	system_u:object_r:systemd_notify_exec_t:s0
@@ -4710,6 +4713,7 @@
 /var/log/lost\+found	-d	system_u:object_r:lost_found_t:s0
 /var/tmp/lost\+found	-d	system_u:object_r:lost_found_t:s0
 /var/tmp/vi\.recover	-d	system_u:object_r:tmp_t:s0
+/dev/isst_interface	-c	system_u:object_r:cpu_device_t:s0
 /dev/mapper/control	-c	system_u:object_r:lvm_control_t:s0
 /var/run/charon\.ctl	-s	system_u:object_r:ipsec_var_run_t:s0
 /var/run/dcc/dccifd	-s	system_u:object_r:dccifd_var_run_t:s0
@@ -5404,6 +5408,7 @@
 /usr/sbin/audisp-prelude	--	system_u:object_r:prelude_audisp_exec_t:s0
 /usr/sbin/avahi-dnsconfd	--	system_u:object_r:avahi_exec_t:s0
 /usr/sbin/cgconfigparser	--	system_u:object_r:cgconfig_exec_t:s0
+/usr/sbin/charon-systemd	--	system_u:object_r:ipsec_exec_t:s0
 /usr/sbin/condor_starter	--	system_u:object_r:condor_startd_exec_t:s0
 /usr/sbin/condor_vm-gahp	--	system_u:object_r:virtd_exec_t:s0
 /usr/sbin/dmsetup\.static	--	system_u:object_r:lvm_exec_t:s0
@@ -5525,6 +5530,8 @@
 /usr/libexec/news/nntpget	--	system_u:object_r:innd_exec_t:s0
 /usr/libexec/pcp/bin/pmcd	--	system_u:object_r:pcp_pmcd_exec_t:s0
 /usr/libexec/pcp/bin/pmie	--	system_u:object_r:pcp_pmie_exec_t:s0
+/usr/libexec/pcp/lib/pmcd	--	system_u:object_r:pcp_pmcd_initrc_exec_t:s0
+/usr/libexec/pcp/lib/pmie	--	system_u:object_r:pcp_pmie_initrc_exec_t:s0
 /usr/libexec/postfix/lmtp	--	system_u:object_r:postfix_smtp_exec_t:s0
 /usr/libexec/postfix/pipe	--	system_u:object_r:postfix_pipe_exec_t:s0
 /usr/libexec/postfix/smtp	--	system_u:object_r:postfix_smtp_exec_t:s0
@@ -5816,6 +5823,7 @@
 /usr/libexec/ntpdate-wrapper	--	system_u:object_r:ntpdate_exec_t:s0
 /usr/libexec/openipmi-helper	--	system_u:object_r:ipmievd_helper_exec_t:s0
 /usr/libexec/pcp/bin/pmproxy	--	system_u:object_r:pcp_pmproxy_exec_t:s0
+/usr/libexec/pcp/lib/pmproxy	--	system_u:object_r:pcp_pmproxy_initrc_exec_t:s0
 /usr/libexec/postfix/cleanup	--	system_u:object_r:postfix_cleanup_exec_t:s0
 /usr/libexec/postfix/virtual	--	system_u:object_r:postfix_virtual_exec_t:s0
 /usr/libexec/telepathy-rakia	--	system_u:object_r:telepathy_sofiasip_exec_t:s0
@@ -5870,6 +5878,7 @@
 /usr/lib/libstdc\+\+\.so\.2\.7\.2\.8	--	system_u:object_r:textrel_shlib_t:s0
 /usr/lib/mediawiki/math/texvc	--	system_u:object_r:mediawiki_script_exec_t:s0
 /usr/lib/systemd/systemd-fsck	--	system_u:object_r:fsadm_exec_t:s0
+/usr/lib/systemd/systemd-pull	--	system_u:object_r:systemd_importd_exec_t:s0
 /usr/lib/udisks/udisks-daemon	--	system_u:object_r:devicekit_disk_exec_t:s0
 /usr/lib/vmware/bin/vmware-ui	--	system_u:object_r:vmware_exec_t:s0
 /usr/lib/vte/gnome-pty-helper	--	system_u:object_r:bin_t:s0
@@ -5886,6 +5895,7 @@
 /usr/libexec/openafs/salvager	--	system_u:object_r:afs_fsserver_exec_t:s0
 /usr/libexec/openafs/vlserver	--	system_u:object_r:afs_vlserver_exec_t:s0
 /usr/libexec/pcp/bin/pmlogger	--	system_u:object_r:pcp_pmlogger_exec_t:s0
+/usr/libexec/pcp/lib/pmlogger	--	system_u:object_r:pcp_pmlogger_initrc_exec_t:s0
 /usr/libexec/ricci-modservice	--	system_u:object_r:ricci_modservice_exec_t:s0
 /usr/libexec/ricci-modstorage	--	system_u:object_r:ricci_modstorage_exec_t:s0
 /usr/libexec/sssd/sssd_autofs	--	system_u:object_r:sssd_exec_t:s0
@@ -5971,6 +5981,7 @@
 /var/run/pluto/ipsec_setup\.pid	--	system_u:object_r:ipsec_mgmt_var_run_t:s0
 /var/run/portmap\.upgrade-state	--	system_u:object_r:portmap_var_run_t:s0
 /var/run/samba/connections\.tdb	--	system_u:object_r:smbd_var_run_t:s0
+/var/spool/mail/\.fetchmail\.pid	--	system_u:object_r:fetchmail_uidl_cache_t:s0
 /var/www/apcupsd/upsfstats\.cgi	--	system_u:object_r:apcupsd_cgi_script_exec_t:s0
 /var/named/chroot_sdb/dev/null	-c	system_u:object_r:null_device_t:s0
 /var/named/chroot_sdb/dev/zero	-c	system_u:object_r:zero_device_t:s0
@@ -6016,7 +6027,6 @@
 /usr/share/texmf/web2c/mktexupd	--	system_u:object_r:bin_t:s0
 /usr/share/vdsm/supervdsmServer	--	system_u:object_r:virtd_exec_t:s0
 /var/lib/likewise/krb5ccr_lsass	--	system_u:object_r:lsassd_var_lib_t:s0
-/var/mail/\.fetchmail-UIDL-cache	--	system_u:object_r:fetchmail_uidl_cache_t:s0
 /var/named/chroot/etc/localtime	--	system_u:object_r:locale_t:s0
 /var/run/console-kit-daemon\.pid	--	system_u:object_r:consolekit_var_run_t:s0
 /var/www/nut-cgi-bin/upsset\.cgi	--	system_u:object_r:nutups_cgi_script_exec_t:s0
@@ -6220,6 +6230,7 @@
 /var/lib/likewise-open/db/registry\.db	--	system_u:object_r:lwregd_var_lib_t:s0
 /var/lib/likewise-open/run/rpcdep\.dat	--	system_u:object_r:dcerpcd_var_lib_t:s0
 /var/lib/likewise/db/lsass-adcache\.db	--	system_u:object_r:lsassd_var_lib_t:s0
+/var/spool/mail/\.fetchmail-UIDL-cache	--	system_u:object_r:fetchmail_uidl_cache_t:s0
 /usr/Zend/lib/ZendExtensionManager\.so	system_u:object_r:textrel_shlib_t:s0
 /etc/rc\.d/init\.d/mountall-bootclean\.sh	--	system_u:object_r:tmpreaper_exec_t:s0
 /etc/rc\.d/init\.d/mountnfs-bootclean\.sh	--	system_u:object_r:tmpreaper_exec_t:s0

sysconfig/cbq/avpkt

@@ -1 +0,0 @@
-AVPKT=3000

sysconfig/cbq/cbq-0000.example

@@ -1,5 +0,0 @@
-DEVICE=eth0,10Mbit,1Mbit
-RATE=128Kbit
-WEIGHT=10Kbit
-PRIO=5
-RULE=192.168.1.0/24

sysconfig/network-scripts/ifup

@@ -122,7 +122,7 @@ if [ "${VLAN}" = "yes" ] && [ "$ISALIAS" = "no" ] && [ -n "$DEVICE" ]; then
         }
 
         # Link on Physical device needs to be up but no ip required
-        check_device_down ${PHYSDEV} && { ip -o link set dev ${PHYSDEV} up; }
+        check_device_down ${PHYSDEV} && set_link_up ${PHYSDEV}
 
         if [ ! -f /proc/net/vlan/${DEVICE} ]; then
             if [ "${REORDER_HDR}" = "no" -o "${REORDER_HDR}" = "0" ]; then

sysconfig/network-scripts/ifup-aliases

@@ -280,8 +280,9 @@ function new_interface ()
 
         # update ARP cache of neighboring computers:
         if ! is_false "${ARPUPDATE}" && [ "${REALDEVICE}" != "lo" ]; then
-            /sbin/arping -q -A -c 1 -I ${parent_device} ${IPADDR}
+            /sbin/arping -q -A -c 1 -w ${ARPING_UPDATE_WAIT:-3} -I ${parent_device} ${IPADDR}
-            ( sleep 2; /sbin/arping -q -U -c 1 -I ${parent_device} ${IPADDR} ) > /dev/null 2>&1 < /dev/null &
+            ( sleep 2;
+            /sbin/arping -q -U -c 1 -w ${ARPING_UPDATE_WAIT:-3} -I ${parent_device} ${IPADDR} ) > /dev/null 2>&1 < /dev/null &
         fi
 
         ! is_false "$IPV6INIT" && \

sysconfig/network-scripts/ifup-eth

@@ -76,7 +76,7 @@ if [ "${TYPE}" = "Bridge" ]; then
     # set LINKDELAY (used as timeout when calling check_link_down())
     # to at least (${DELAY} * 2) + 7 if STP is enabled. This is the
     # minimum time required for /sys/class/net/$REALDEVICE/carrier to
-    # become 1 after "ip link set dev $DEVICE up" is called.
+    # become 1 after "set_link_up $DEVICE" is called.
     if is_true "${STP}"; then
         if [ -n "${DELAY}" ]; then
           forward_delay="${DELAY}"
@@ -164,7 +164,7 @@ fi
 # so it can actually get an IP.
 if [ "$ISALIAS" = no ] && is_bonding_device ${DEVICE} ; then
     install_bonding_driver ${DEVICE}
-    /sbin/ip link set dev ${DEVICE} up
+    set_link_up ${DEVICE}
     for device in $(LANG=C grep -l "^[[:space:]]*MASTER=['\"]\?${DEVICE}['\"]\?\([[:space:]#]\|$\)" /etc/sysconfig/network-scripts/ifcfg-*) ; do
         is_ignored_file "$device" && continue
         /sbin/ifup ${device##*/} || net_log "Unable to start slave device ${device##*/} for master ${DEVICE}." warning
@@ -188,7 +188,7 @@ if [ -n "${BRIDGE}" ]; then
         ip link add ${BRIDGE} type bridge 2>/dev/null
     fi
     /sbin/ip addr flush dev ${DEVICE} 2>/dev/null
-    /sbin/ip link set dev ${DEVICE} up
+    set_link_up ${DEVICE}
     ethtool_set
     [ -n "${LINKDELAY}" ] && /bin/sleep ${LINKDELAY}
     ip link set dev ${DEVICE} master ${BRIDGE}
@@ -243,7 +243,7 @@ if [ -n "${DYNCONFIG}" ] && [ -x /sbin/dhclient ]; then
 else 
     if [ -z "${IPADDR}" -a -z "${IPADDR0}" -a -z "${IPADDR1}" -a -z "${IPADDR2}" ]; then
         # enable device without IP, useful for e.g. PPPoE
-        ip link set dev ${REALDEVICE} up
+        set_link_up ${REALDEVICE}
         ethtool_set
         [ -n "${LINKDELAY}" ] && /bin/sleep ${LINKDELAY}
     else
@@ -253,7 +253,7 @@ else
         [ -n "${ARP}" ] && \
             ip link set dev ${REALDEVICE} $(toggle_value arp $ARP)
 
-        if ! ip link set dev ${REALDEVICE} up ; then
+        if ! set_link_up ${REALDEVICE} ; then
             net_log $"Failed to bring up ${DEVICE}."
             exit 1
         fi
@@ -302,9 +302,9 @@ else
 
             # update ARP cache of neighboring computers
             if ! is_false "${arpupdate[$idx]}" && [ "${REALDEVICE}" != "lo" ]; then
-                /sbin/arping -q -A -c 1 -I ${REALDEVICE} ${ipaddr[$idx]}
+                /sbin/arping -q -A -c 1 -w ${ARPING_UPDATE_WAIT:-3} -I ${REALDEVICE} ${ipaddr[$idx]}
                 ( sleep 2;
-                /sbin/arping -q -U -c 1 -I ${REALDEVICE} ${ipaddr[$idx]} ) > /dev/null 2>&1 < /dev/null &
+                /sbin/arping -q -U -c 1 -w ${ARPING_UPDATE_WAIT:-3} -I ${REALDEVICE} ${ipaddr[$idx]} ) > /dev/null 2>&1 < /dev/null &
             fi
 
             # set lifetime of address to forever

sysconfig/network-scripts/ifup-ippp

@@ -342,7 +342,7 @@ function addprovider()
     # activate ISDN device
     /usr/bin/logger -p daemon.info -t ifup-ippp "ip addr add $IPADDR peer $GATEWAY${pfx:/$pfx} dev $DEVICE"
     ip addr add $IPADDR peer $GATEWAY${pfx:/$pfx} dev $DEVICE
-    ip link set dev $DEVICE up
+    set_link_up $DEVICE
 
     if [ "$ENCAP" = "syncppp" ]; then
         # start ipppd daemon

sysconfig/network-scripts/ifup-plip

@@ -12,7 +12,7 @@ fi
 
 [ -z "$PREFIX" ] && eval $(/bin/ipcalc --prefix ${IPADDR} ${NETMASK})
 ip addr add ${IPADDR} peer ${REMIP}/${PREFIX} dev ${DEVICE}
-ip link set up dev ${DEVICE}
+set_link_up ${DEVICE}
 ip route add ${NETWORK} dev ${DEVICE}
 
 . /etc/sysconfig/network