From 3ae907822ce89f7c2b2624ee6cd9bf21c01095a3 Mon Sep 17 00:00:00 2001
From: Vincent Pelletier <vincent@nexedi.com>
Date: Tue, 13 Jun 2017 12:43:24 +0900
Subject: [PATCH] stack.erp5: Accept relaying mail with addresses starting with
 a dash.

This simplistic mail setup does not pass address as command line arguments,
so it is not subject to the vulnerability protected against by this option.
---
 stack/erp5/buildout.hash.cfg  | 2 +-
 stack/erp5/postfix_main.cf.in | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/stack/erp5/buildout.hash.cfg b/stack/erp5/buildout.hash.cfg
index 3dd7b38c6..8ae4658fc 100644
--- a/stack/erp5/buildout.hash.cfg
+++ b/stack/erp5/buildout.hash.cfg
@@ -63,7 +63,7 @@ md5sum = 9ac81647368068a1a98a785d08074b43
 
 [template-postfix-main-cf]
 filename = postfix_main.cf.in
-md5sum = 4fe9bb5225b9d7650d2916a0945821bd
+md5sum = 886d1b004049c8dc1f89cbbfe4f95371
 
 [template-postfix-aliases]
 filename = postfix_aliases.in
diff --git a/stack/erp5/postfix_main.cf.in b/stack/erp5/postfix_main.cf.in
index 516bdb3a6..114072758 100644
--- a/stack/erp5/postfix_main.cf.in
+++ b/stack/erp5/postfix_main.cf.in
@@ -52,6 +52,10 @@ smtpd_relay_restrictions =
   permit_sasl_authenticated
   defer_unauth_destination
 
+# We do not pass mail address in command lines, so accept those starting with
+# a dash.
+allow_min_user = yes
+
 # Disable local delivery
 local_transport = error
 
-- 
2.30.9