Postfix/TLS - Installing the patchkit

Prerequisits

This patchkit is prepared for

Postfix Version 19990601
http://www.postfix.org/ [POSTFIX]
The use of other versions might lead to patch conflicts or silent failures, as we directly change the source code.
OpenSSL Version 0.9.3a
http://www.openssl.org/ [OPENSSL]
We use OpenSSL as library (and some command line tools to create the certificates, if necessary). OpenSSL is the successor of SSLeay. Since version 0.9.2b the location of the header files has changed from <xxx.h> to <openssl/xxx.h>. You can change this back in global/pfixtls.c, but I would strongly recommend you to upgrade to version 0.9.3a, as the development is going on fast and the improvements are large. Postfix/TLS might not run with older versions of OpenSSL before 0.9.2b.

You may also need to update your "patch" utility (see below).

Patching

The changes to the postfix source code as well as the additional files are included in the "pfixtls.diff" in the main directory of the patch kit. It is a context diff.

To apply the patches, go to the directory one level below the original postfix source tree (you should see "postfix-xxxxxxx" when doing an "ls -al" at this point. The path is then applied with:

patch -p0 < path-to/pfixtls.diff

If you experience problems during the patch process, you might need to update your patch program, e.g. to an actual GNU-patch.

Compiling

After patching postfix will configure and compile as before. In order to enable the TLS functions, you must specify the path to the OpenSSL header files as well as the appropriate libraries, and you must define HAS_SSL. Your command for configuration might then be:

make makefiles CCARGS="-DHAS_SSL -I/usr/local/ssl/include" AUXLIBS="-L/usr/local/ssl/lib -lssl -lcrypto"

You might need additional customization e.g. for using Berkeley-DB as listed in the postfix INSTALL instructions. You can then continue in the usual way with:

make

and then follow the instructions in the postfix INSTALL file.