Postfix/TLS - Installing the patchkit
Prerequisits
This patchkit is prepared for
- Postfix Version 19990601
http://www.postfix.org/
[POSTFIX]
The use of other versions might lead to patch conflicts or silent
failures, as we directly change the source code.
- OpenSSL Version 0.9.3a
http://www.openssl.org/
[OPENSSL]
We use OpenSSL as library (and some command line tools to create
the certificates, if necessary). OpenSSL is the successor of SSLeay.
Since version 0.9.2b the location of the header files has changed
from <xxx.h> to <openssl/xxx.h>. You can change this back in
global/pfixtls.c, but I would strongly recommend you to upgrade to
version 0.9.3a, as the development is going on fast and the improvements
are large. Postfix/TLS might not run with older versions of OpenSSL
before 0.9.2b.
You may also need to update your "patch" utility (see below).
Patching
The changes to the postfix source code as well as the additional files
are included in the "pfixtls.diff
" in the main directory
of the patch kit. It is a context diff.
To apply the patches, go to the directory one level
below the original postfix source tree (you should see
"postfix-xxxxxxx
" when doing an
"ls -al
" at this point.
The path is then applied with:
patch -p0 < path-to/pfixtls.diff
If you experience problems during the patch process, you might need to
update your patch program, e.g. to an actual GNU-patch.
Compiling
After patching postfix will configure and compile as before. In order to
enable the TLS functions, you must specify the path to the OpenSSL
header files as well as the appropriate libraries, and you must define
HAS_SSL
. Your command for configuration might then be:
make makefiles CCARGS="-DHAS_SSL -I/usr/local/ssl/include" AUXLIBS="-L/usr/local/ssl/lib -lssl -lcrypto"
You might need additional customization e.g. for using Berkeley-DB as listed
in the postfix INSTALL instructions. You can then continue in the
usual way with:
make
and then follow the instructions in the postfix INSTALL file.