TLS

See Chapter 13 for information on the TLS patches and Postfix. You can find the web site for the TLS patches from the “Add-on Software” page of the Postfix web site. Since this add-on modifies the Postfix source, make sure you get the correct download for your version of Postfix. For this example, assume the downloaded file is called pfixtls-0.8.13-2.0.10-0.9.7b.tar.gz. If the file you download is different, adjust the examples accordingly.

This add-on depends on the OpenSSL library, which you must install first if it’s not already on your system. Check the documentation that comes with the TLS distribu- tion to make sure you have the correct version of OpenSSL. For this example, assume that your OpenSSL libraries are installed in /usr/local/ssl/lib and the header files are in /usr/local/ssl/include. If your installation differs, adjust the example accordingly.

The TLS modifications to the Postfix source are all contained in the file pfixtls.diff, and you use the patch command to apply the differences to your Postfix source. You should uncompress and untar the TLS patch in a subdirectory that is at the same level as your Postfix directory such that if your current directory is the one above the Postfix source, you can see both the Postfix directory and the TLS patch directory:

$ pwd
/home/kdent
$ ls -ld pfixtls-0.8.13-2.0.10-0.9.7b postfix-2.0.10
drwxr-xr-x 5 kdent kdent 512 May 14 2002 pfixtls-0.8.13-2.0.10-0.9.7b
drwxr-xr-x 15 kdent kdent 1024 May 31 17:31 postfix-2.0.10

From that directory apply the patch as follows:

$ patch -p0 < pfixtls-0.8.13-2.0.10-0.9.7b/pfixtls.diff

patch reports the changes as it makes them until it finishes and displays “done” on your terminal.

Go back to the Postfix distribution directory to build Postfix with TLS support. You must define the HAS_SSL macro and specify the directories for the SSL libraries and header files. You must also link against the libssl.so (or libssl.a) and libcrypto.so (or libcrypto.a) library files. Run make tidy if necessary. Build your Makefile with the following options:

$ make makefiles CCARGS='-DHAS_SSL -I/usr/local/ssl/include' \
AUXLIBS='-L/usr/local/ssl/lib -lcrypto -lssl'

Remember that if you must provide the path to your libraries to the runtime linker, include the correct runtime search path argument:

$ make makefiles CCARGS='-DHAS_SSL -I/usr/local/ssl/include' \
AUXLIBS='-L/usr/local/ssl/lib -lcrypto -lssl -rpath /usr/local/ssl/lib'

If your linker uses an argument other than rpath , be sure to specify the correct one.

results matching ""

    No results matching ""