pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mail/qmail-run Take steps toward running under other U...
details: https://anonhg.NetBSD.org/pkgsrc/rev/b8e9e49c1f41
branches: trunk
changeset: 444933:b8e9e49c1f41
user: schmonz <schmonz%pkgsrc.org@localhost>
date: Thu Jan 14 15:42:35 2021 +0000
description:
Take steps toward running under other UCSPI-TLS server implementations:
- Set CADIR in the environment.
- Prefer a separate keyfile for TLS. If it's not present, attempt to
generate it by copying out the private key from the certfile.
- Don't provide an affordance for overriding the compiled-in cipherlist.
- Be willing to enable TLS without a DH params file.
While here, invent control/localfilters. If it exists, it's a sequence
of filters for SMTP connections on localhost.
Bump version.
diffstat:
mail/qmail-run/Makefile | 4 ++--
mail/qmail-run/files/qmailofmipd.sh | 17 ++++++++---------
mail/qmail-run/files/qmailpop3d.sh | 17 ++++++++---------
mail/qmail-run/files/qmailsmtpd.sh | 17 ++++++++---------
mail/qmail-run/files/tcprules-smtp | 2 +-
5 files changed, 27 insertions(+), 30 deletions(-)
diffs (176 lines):
diff -r 94bf110b2e38 -r b8e9e49c1f41 mail/qmail-run/Makefile
--- a/mail/qmail-run/Makefile Thu Jan 14 15:26:00 2021 +0000
+++ b/mail/qmail-run/Makefile Thu Jan 14 15:42:35 2021 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.78 2020/12/14 11:59:45 schmonz Exp $
+# $NetBSD: Makefile,v 1.79 2021/01/14 15:42:35 schmonz Exp $
#
-DISTNAME= qmail-run-20201214
+DISTNAME= qmail-run-20210114
CATEGORIES= mail
MASTER_SITES= # empty
DISTFILES= # empty
diff -r 94bf110b2e38 -r b8e9e49c1f41 mail/qmail-run/files/qmailofmipd.sh
--- a/mail/qmail-run/files/qmailofmipd.sh Thu Jan 14 15:26:00 2021 +0000
+++ b/mail/qmail-run/files/qmailofmipd.sh Thu Jan 14 15:42:35 2021 +0000
@@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
-# $NetBSD: qmailofmipd.sh,v 1.26 2020/12/11 12:11:43 schmonz Exp $
+# $NetBSD: qmailofmipd.sh,v 1.27 2021/01/14 15:42:36 schmonz Exp $
#
# @PKGNAME@ script to control ofmipd (SMTP submission service).
#
@@ -31,8 +31,7 @@
: ${qmailofmipd_tls:="auto"}
: ${qmailofmipd_tls_dhparams:="@PKG_SYSCONFDIR@/control/dh2048.pem"}
: ${qmailofmipd_tls_cert:="@PKG_SYSCONFDIR@/control/servercert.pem"}
-: ${qmailofmipd_tls_key:=""}
-: ${qmailofmipd_tls_ciphers:=""}
+: ${qmailofmipd_tls_key:="@PKG_SYSCONFDIR@/control/serverkey.pem"}
if [ -f /etc/rc.subr ]; then
. /etc/rc.subr
@@ -57,7 +56,7 @@
qmailofmipd_configure_tls() {
if [ "auto" = "${qmailofmipd_tls}" ]; then
- if [ -f "${qmailofmipd_tls_dhparams}" ] && [ -f "${qmailofmipd_tls_cert}" ]; then
+ if [ -f "${qmailofmipd_tls_cert}" ]; then
qmailofmipd_enable_tls
else
qmailofmipd_disable_tls
@@ -74,16 +73,16 @@
}
qmailofmipd_enable_tls() {
+ qmailofmipd_postenv="CADIR=@SSLDIR@/certs ${qmailofmipd_postenv}"
qmailofmipd_postenv="SSL_UID=$(@ID@ -u @UCSPI_SSL_USER@) ${qmailofmipd_postenv}"
qmailofmipd_postenv="SSL_GID=$(@ID@ -g @UCSPI_SSL_GROUP@) ${qmailofmipd_postenv}"
qmailofmipd_postenv="DHFILE=${qmailofmipd_tls_dhparams} ${qmailofmipd_postenv}"
qmailofmipd_postenv="CERTFILE=${qmailofmipd_tls_cert} ${qmailofmipd_postenv}"
- if [ -f "${qmailofmipd_tls_key}" ]; then
- qmailofmipd_postenv="KEYFILE=${qmailofmipd_tls_key} ${qmailofmipd_postenv}"
+ if [ -n "${qmailofmipd_tls_key}" -a ! -f "${qmailofmipd_tls_key}" ]; then
+ openssl rsa -in ${qmailofmipd_tls_cert} -out ${qmailofmipd_tls_key}
+ @CHMOD@ 640 ${qmailofmipd_tls_key}
fi
- if [ -n "${qmailofmipd_tls_ciphers}" ]; then
- qmailofmipd_postenv="CIPHERS=${qmailofmipd_tls_ciphers} ${qmailofmipd_postenv}"
- fi
+ qmailofmipd_postenv="KEYFILE=${qmailofmipd_tls_key} ${qmailofmipd_postenv}"
}
qmailofmipd_precmd() {
diff -r 94bf110b2e38 -r b8e9e49c1f41 mail/qmail-run/files/qmailpop3d.sh
--- a/mail/qmail-run/files/qmailpop3d.sh Thu Jan 14 15:26:00 2021 +0000
+++ b/mail/qmail-run/files/qmailpop3d.sh Thu Jan 14 15:42:35 2021 +0000
@@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
-# $NetBSD: qmailpop3d.sh,v 1.33 2019/03/21 15:33:06 schmonz Exp $
+# $NetBSD: qmailpop3d.sh,v 1.34 2021/01/14 15:42:36 schmonz Exp $
#
# @PKGNAME@ script to control qmail-pop3d (POP3 server for Maildirs).
#
@@ -30,8 +30,7 @@
: ${qmailpop3d_tls:="auto"}
: ${qmailpop3d_tls_dhparams:="@PKG_SYSCONFDIR@/control/dh2048.pem"}
: ${qmailpop3d_tls_cert:="@PKG_SYSCONFDIR@/control/servercert.pem"}
-: ${qmailpop3d_tls_key:=""}
-: ${qmailpop3d_tls_ciphers:=""}
+: ${qmailpop3d_tls_key:="@PKG_SYSCONFDIR@/control/serverkey.pem"}
if [ -f /etc/rc.subr ]; then
. /etc/rc.subr
@@ -54,7 +53,7 @@
qmailpop3d_configure_tls() {
if [ "auto" = "${qmailpop3d_tls}" ]; then
- if [ -f "${qmailpop3d_tls_dhparams}" ] && [ -f "${qmailpop3d_tls_cert}" ]; then
+ if [ -f "${qmailpop3d_tls_cert}" ]; then
qmailpop3d_enable_tls
else
qmailpop3d_disable_tls
@@ -71,16 +70,16 @@
}
qmailpop3d_enable_tls() {
+ qmailpop3d_postenv="CADIR=@SSLDIR@/certs ${qmailpop3d_postenv}"
qmailpop3d_postenv="SSL_UID=$(@ID@ -u @UCSPI_SSL_USER@) ${qmailpop3d_postenv}"
qmailpop3d_postenv="SSL_GID=$(@ID@ -g @UCSPI_SSL_GROUP@) ${qmailpop3d_postenv}"
qmailpop3d_postenv="DHFILE=${qmailpop3d_tls_dhparams} ${qmailpop3d_postenv}"
qmailpop3d_postenv="CERTFILE=${qmailpop3d_tls_cert} ${qmailpop3d_postenv}"
- if [ -f "${qmailpop3d_tls_key}" ]; then
- qmailpop3d_postenv="KEYFILE=${qmailpop3d_tls_key} ${qmailpop3d_postenv}"
+ if [ -n "${qmailpop3d_tls_key}" -a ! -f "${qmailpop3d_tls_key}" ]; then
+ openssl rsa -in ${qmailpop3d_tls_cert} -out ${qmailpop3d_tls_key}
+ @CHMOD@ 640 ${qmailpop3d_tls_key}
fi
- if [ -n "${qmailpop3d_tls_ciphers}" ]; then
- qmailpop3d_postenv="CIPHERS=${qmailpop3d_tls_ciphers} ${qmailpop3d_postenv}"
- fi
+ qmailpop3d_postenv="KEYFILE=${qmailpop3d_tls_key} ${qmailpop3d_postenv}"
}
qmailpop3d_precmd() {
diff -r 94bf110b2e38 -r b8e9e49c1f41 mail/qmail-run/files/qmailsmtpd.sh
--- a/mail/qmail-run/files/qmailsmtpd.sh Thu Jan 14 15:26:00 2021 +0000
+++ b/mail/qmail-run/files/qmailsmtpd.sh Thu Jan 14 15:42:35 2021 +0000
@@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
-# $NetBSD: qmailsmtpd.sh,v 1.30 2019/03/21 15:33:06 schmonz Exp $
+# $NetBSD: qmailsmtpd.sh,v 1.31 2021/01/14 15:42:36 schmonz Exp $
#
# @PKGNAME@ script to control qmail-smtpd (SMTP service).
#
@@ -29,8 +29,7 @@
: ${qmailsmtpd_tls:="auto"}
: ${qmailsmtpd_tls_dhparams:="@PKG_SYSCONFDIR@/control/dh2048.pem"}
: ${qmailsmtpd_tls_cert:="@PKG_SYSCONFDIR@/control/servercert.pem"}
-: ${qmailsmtpd_tls_key:=""}
-: ${qmailsmtpd_tls_ciphers:=""}
+: ${qmailsmtpd_tls_key:="@PKG_SYSCONFDIR@/control/serverkey.pem"}
if [ -f /etc/rc.subr ]; then
. /etc/rc.subr
@@ -53,7 +52,7 @@
qmailsmtpd_configure_tls() {
if [ "auto" = "${qmailsmtpd_tls}" ]; then
- if [ -f "${qmailsmtpd_tls_dhparams}" ] && [ -f "${qmailsmtpd_tls_cert}" ]; then
+ if [ -f "${qmailsmtpd_tls_cert}" ]; then
qmailsmtpd_enable_tls
else
qmailsmtpd_disable_tls
@@ -70,16 +69,16 @@
}
qmailsmtpd_enable_tls() {
+ qmailsmtpd_postenv="CADIR=@SSLDIR@/certs ${qmailsmtpd_postenv}"
qmailsmtpd_postenv="SSL_UID=$(@ID@ -u @UCSPI_SSL_USER@) ${qmailsmtpd_postenv}"
qmailsmtpd_postenv="SSL_GID=$(@ID@ -g @UCSPI_SSL_GROUP@) ${qmailsmtpd_postenv}"
qmailsmtpd_postenv="DHFILE=${qmailsmtpd_tls_dhparams} ${qmailsmtpd_postenv}"
qmailsmtpd_postenv="CERTFILE=${qmailsmtpd_tls_cert} ${qmailsmtpd_postenv}"
- if [ -f "${qmailsmtpd_tls_key}" ]; then
- qmailsmtpd_postenv="KEYFILE=${qmailsmtpd_tls_key} ${qmailsmtpd_postenv}"
+ if [ -n "${qmailsmtpd_tls_key}" -a ! -f "${qmailsmtpd_tls_key}" ]; then
+ openssl rsa -in ${qmailsmtpd_tls_cert} -out ${qmailsmtpd_tls_key}
+ @CHMOD@ 640 ${qmailsmtpd_tls_key}
fi
- if [ -n "${qmailsmtpd_tls_ciphers}" ]; then
- qmailsmtpd_postenv="CIPHERS=${qmailsmtpd_tls_ciphers} ${qmailsmtpd_postenv}"
- fi
+ qmailsmtpd_postenv="KEYFILE=${qmailsmtpd_tls_key} ${qmailsmtpd_postenv}"
}
qmailsmtpd_precmd() {
diff -r 94bf110b2e38 -r b8e9e49c1f41 mail/qmail-run/files/tcprules-smtp
--- a/mail/qmail-run/files/tcprules-smtp Thu Jan 14 15:26:00 2021 +0000
+++ b/mail/qmail-run/files/tcprules-smtp Thu Jan 14 15:42:35 2021 +0000
@@ -1,2 +1,2 @@
-127.:allow,RELAYCLIENT=""
+127.:allow,RELAYCLIENT="",QMAILQUEUE="/opt/pkg/bin/qmail-qfilter-queue",QMAILQUEUEFILTERS="control/localfilters"
:allow,UCSPITLS="",GREETDELAY="2",SPP_SPF_DONT_ALLOW_RANDOM_IP_PASS="1",SPP_SPF_RESULT_PASS="SGL_WHITELISTED=1",GL_DATABASE="@PKG_SYSCONFDIR@/control/greylist/database",GL_VERBOSE="1",QMAILQUEUE="@PREFIX@/bin/qmail-qfilter-queue",QMAILQUEUEFILTERS="control/smtpfilters"
Home |
Main Index |
Thread Index |
Old Index