pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/mail/qmail-run Extract most of MESSAGE to README.pkgsr...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/9354ca60f9a7
branches:  trunk
changeset: 316497:9354ca60f9a7
user:      schmonz <schmonz%pkgsrc.org@localhost>
date:      Fri Dec 14 06:49:30 2018 +0000

description:
Extract most of MESSAGE to README.pkgsrc. (MESSAGE was getting too long.)

Comment out qmail-qfilter-viruscan in control/smtpfilters. It's not a
very precise tool, so the cost (false positives) probably outweighs the
benefit (blocked malware attachments) for many users.

Also not a sensible default: rejecting incoming mail on SPF
explicit-fail. This needs to be an admin decision because, among other
reasons, it would also reject messages forwarded through servers that
haven't configured SRS. Document SPF setup, including how to reject
(with this caveat) and how to greylist SPF explicit-pass (which would
otherwise be exempted from greylisting).

Rename greylisting-spp-with-exemptions to greylisting-spp-wrapper. Add a
feature: to effectively omit IP from the (IP,sender,recipient) tuple,
add GL_WRAPPER_TCPREMOTEIP="127.127.127.127" to control/tcprules/smtp.

rc.d scripts:

- Location of tcprules file is configurable
- By default, CDB is auto-rebuilt as needed on service start
- CDB auto-rebuilding can be configured off

Bump version.

diffstat:

 mail/qmail-run/INSTALL                                  |  11 +---
 mail/qmail-run/MESSAGE                                  |  38 +++--------
 mail/qmail-run/Makefile                                 |  10 +-
 mail/qmail-run/PLIST                                    |   4 +-
 mail/qmail-run/files/README.pkgsrc                      |  55 +++++++++++++++++
 mail/qmail-run/files/greylisting-spp-with-exemptions.sh |  39 ------------
 mail/qmail-run/files/greylisting-spp-wrapper.sh         |  43 +++++++++++++
 mail/qmail-run/files/qmailofmipd.sh                     |  24 +++++--
 mail/qmail-run/files/qmailpop3d.sh                      |  24 +++++--
 mail/qmail-run/files/qmailsmtpd.sh                      |  24 +++++--
 mail/qmail-run/files/smtpfilters                        |   2 +-
 mail/qmail-run/files/smtpplugins                        |   2 +-
 mail/qmail-run/files/tcprules-smtp                      |   2 +-
 13 files changed, 170 insertions(+), 108 deletions(-)

diffs (truncated from 506 to 300 lines):

diff -r 907979550800 -r 9354ca60f9a7 mail/qmail-run/INSTALL
--- a/mail/qmail-run/INSTALL    Fri Dec 14 00:55:12 2018 +0000
+++ b/mail/qmail-run/INSTALL    Fri Dec 14 06:49:30 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: INSTALL,v 1.10 2018/12/11 17:49:40 schmonz Exp $
+# $NetBSD: INSTALL,v 1.11 2018/12/14 06:49:30 schmonz Exp $
 
 case "${STAGE}" in
 
@@ -12,13 +12,4 @@
 
        ;;
 
-POST-INSTALL)
-       cd ${PKG_SYSCONFDIR}/control/tcprules
-       for i in ofmip pop3 smtp; do
-               ${CHMOD} 644 ${i}
-               ${PREFIX}/bin/tcprules ${i}.cdb ${i}.tmp < ${i}
-               ${CHMOD} 644 ${i}.cdb
-       done
-
-       ;;
 esac
diff -r 907979550800 -r 9354ca60f9a7 mail/qmail-run/MESSAGE
--- a/mail/qmail-run/MESSAGE    Fri Dec 14 00:55:12 2018 +0000
+++ b/mail/qmail-run/MESSAGE    Fri Dec 14 06:49:30 2018 +0000
@@ -1,34 +1,16 @@
 ===========================================================================
-$NetBSD: MESSAGE,v 1.14 2018/11/14 16:46:58 schmonz Exp $
-
-Please read ${PREFIX}/share/doc/qmail-run/README.pkgsrc.
+$NetBSD: MESSAGE,v 1.15 2018/12/14 06:49:30 schmonz Exp $
 
-Assuming NetBSD-style mailwrapper(8) and rc(8), to enable qmail for...
-
-Local and outbound delivery:
-- Check configuration in ${PKG_SYSCONFDIR} (especially alias/.qmail-*).
-- Copy ${PREFIX}/share/examples/qmail-run/mailer.conf to /etc/mailer.conf.
-- Set qmailsend=YES and qmailqread=YES in /etc/rc.conf.
+Assuming NetBSD-style mailwrapper(8) and rc(8), to enable qmail for
+local and outbound delivery:
 
-Incoming SMTP on port 25:
-- Add any qmail-rcptcheck programs to control/rcptchecks.
-- Add any qmail-qfilter programs to control/smtpfilters.
-- Add any qmail-spp programs (such as greylisting) to control/smtpplugins.
-- Set qmailsmtpd=YES in /etc/rc.conf.
+- Run "/etc/rc.d/postfix stop" and set postfix=NO in /etc/rc.conf.
+- Replace /etc/mailer.conf with ${PREFIX}/share/examples/qmail-run/mailer.conf.
+- Check configuration in ${PKG_SYSCONFDIR} (especially alias/.qmail-*).
+- Set qmailsend=YES and qmailqread=YES in /etc/rc.conf.
+- Run "/etc/rc.d/qmail start".
 
-Greylisting:
-- Add any exempt recipient addresses to control/greylist/exemptrcpts.
-- Add any exempt recipient domains to control/greylist/exemptrcpthosts.
-- Uncomment "greylisting-spp-with-exemptions" in control/smtpplugins.
-
-Authenticated submission on port 587:
-- Add any qmail-qfilter programs to control/ofmipfilters.
-- Set qmailofmipd=YES in /etc/rc.conf.
-
-POP3 (for Maildirs only) on port 110:
-- Set qmailpop3d=YES in /etc/rc.conf.
-
-TLS encryption everywhere applicable:
-- Create cert and DH params as instructed by the qmail package.
+For SMTP, TLS, and more, please read
+${PREFIX}/share/doc/qmail-run/README.pkgsrc.
 
 ===========================================================================
diff -r 907979550800 -r 9354ca60f9a7 mail/qmail-run/Makefile
--- a/mail/qmail-run/Makefile   Fri Dec 14 00:55:12 2018 +0000
+++ b/mail/qmail-run/Makefile   Fri Dec 14 06:49:30 2018 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.64 2018/12/12 01:08:30 schmonz Exp $
+# $NetBSD: Makefile,v 1.65 2018/12/14 06:49:30 schmonz Exp $
 #
 
-DISTNAME=              qmail-run-20181211.1
+DISTNAME=              qmail-run-20181214
 CATEGORIES=            mail
 MASTER_SITES=          # empty
 DISTFILES=             # empty
@@ -78,7 +78,7 @@
 SUBST_CLASSES+=                paths
 SUBST_STAGE.paths=     pre-configure
 SUBST_FILES.paths=     mailer.conf
-SUBST_FILES.paths+=    greylisting-spp-with-exemptions ofmipd-with-user-cdb
+SUBST_FILES.paths+=    greylisting-spp-wrapper ofmipd-with-user-cdb
 SUBST_FILES.paths+=    qmail-isspam-* qmail-procmail qmail-qread-client
 SUBST_FILES.paths+=    rcptchecks ofmipfilters smtpfilters smtpplugins tcprules-*
 SUBST_VARS.paths=      PKGNAME PKG_SYSCONFDIR PREFIX
@@ -93,14 +93,14 @@
                tcprules-ofmip tcprules-pop3 tcprules-smtp; do \
                ${CP} ${FILESDIR}/$$f ${WRKDIR}/$$f; \
        done; \
-       for f in greylisting-spp-with-exemptions ofmipd-with-user-cdb \
+       for f in greylisting-spp-wrapper ofmipd-with-user-cdb \
                qmail-isspam-rspamd qmail-isspam-spamassassin \
                qmail-procmail qmail-qread-client; do \
                ${CP} ${FILESDIR}/$$f.sh ${WRKDIR}/$$f; \
        done
 
 do-install:
-       for f in greylisting-spp-with-exemptions ofmipd-with-user-cdb \
+       for f in greylisting-spp-wrapper ofmipd-with-user-cdb \
                qmail-isspam-rspamd qmail-isspam-spamassassin \
                qmail-procmail qmail-qread-client; do \
                ${INSTALL_SCRIPT} ${WRKDIR}/$$f ${DESTDIR}${PREFIX}/bin; \
diff -r 907979550800 -r 9354ca60f9a7 mail/qmail-run/PLIST
--- a/mail/qmail-run/PLIST      Fri Dec 14 00:55:12 2018 +0000
+++ b/mail/qmail-run/PLIST      Fri Dec 14 06:49:30 2018 +0000
@@ -1,5 +1,5 @@
-@comment $NetBSD: PLIST,v 1.19 2018/12/11 17:49:40 schmonz Exp $
-bin/greylisting-spp-with-exemptions
+@comment $NetBSD: PLIST,v 1.20 2018/12/14 06:49:30 schmonz Exp $
+bin/greylisting-spp-wrapper
 bin/ofmipd-with-user-cdb
 bin/qmail-isspam-rspamd
 bin/qmail-isspam-spamassassin
diff -r 907979550800 -r 9354ca60f9a7 mail/qmail-run/files/README.pkgsrc
--- a/mail/qmail-run/files/README.pkgsrc        Fri Dec 14 00:55:12 2018 +0000
+++ b/mail/qmail-run/files/README.pkgsrc        Fri Dec 14 06:49:30 2018 +0000
@@ -1,3 +1,58 @@
+ Getting started
+ ===============
+
+Assuming NetBSD-style mailwrapper(8) and rc(8), to enable qmail for...
+
+Local and outbound delivery:
+- Run "/etc/rc.d/postfix stop" and set postfix=NO in /etc/rc.conf.
+- Replace /etc/mailer.conf with ${PREFIX}/share/examples/qmail-run/mailer.conf.
+- Check configuration in ${PKG_SYSCONFDIR} (especially alias/.qmail-*).
+- Set qmailsend=YES and qmailqread=YES in /etc/rc.conf.
+- Run "/etc/rc.d/qmail start".
+
+Incoming SMTP on port 25:
+- Set qmailsmtpd=YES in /etc/rc.conf.
+- Add any qmail-rcptcheck programs to control/rcptchecks.
+- Add any qmail-qfilter programs to control/smtpfilters.
+- Add any qmail-spp programs (such as greylisting) to control/smtpplugins.
+- Run "/etc/rc.d/qmailsmtpd start".
+
+Greylisting:
+- Add any exempt recipient addresses to control/greylist/exemptrcpts.
+- Add any exempt recipient domains to control/greylist/exemptrcpthosts.
+- Tuples are (IP,sender,recipient). To effectively omit IP, add
+  GL_WRAPPER_TCPREMOTEIP="127.127.127.127" to control/tcprules/smtp,
+  then run "/etc/rc.d/qmailsmtpd cdb".
+- Uncomment "greylisting-spp-wrapper" in control/smtpplugins.
+
+Authenticated message submission on port 587:
+- Set qmailofmipd=YES in /etc/rc.conf.
+- Add any qmail-qfilter programs to control/ofmipfilters.
+- Run "/etc/rc.d/qmailofmipd start".
+
+POP3 (for Maildirs only) on port 110:
+- Set qmailpop3d=YES in /etc/rc.conf.
+- Run "/etc/rc.d/qmailpop3d start".
+
+TLS encryption for SMTP, submission, POP3, and remote delivery:
+- Create cert and DH params (as instructed by the qmail package).
+- Run "/etc/rc.d/qmail restart".
+
+Sender Policy Framework:
+- Configure Sender Rewriting Scheme (as instructed by the qmail package)
+  so your auto-forwarded messages will reach servers that choose to
+  enforce the forwarded domains' SPF policies.
+- Publish a DNS TXT record with your desired policy.
+- Incoming messages that explicit-fail published policy are nonetheless
+  accepted. To reject -- including rejecting auto-forwarded messages
+  from servers that haven't configured SRS -- add
+  SPP_SPF_RESULT_FAIL="E550 spf_smtp_msg" to control/tcprules/smtp,
+  then run "/etc/rc.d/qmailsmtpd cdb".
+- Messages that explicit-pass are not greylisted. To remove the
+  exemption, remove SPP_SPF_RESULT_PASS="SGL_WHITELISTED=1" from
+  control/tcprules/smtp, then run "/etc/rc.d/qmailsmtpd cdb".
+
+
  Getting help
  ============
 
diff -r 907979550800 -r 9354ca60f9a7 mail/qmail-run/files/greylisting-spp-with-exemptions.sh
--- a/mail/qmail-run/files/greylisting-spp-with-exemptions.sh   Fri Dec 14 00:55:12 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,39 +0,0 @@
-#!@SH@
-#
-# $NetBSD: greylisting-spp-with-exemptions.sh,v 1.1 2018/11/13 16:34:58 schmonz Exp $
-#
-# @PKGNAME@ wrapper to skip greylisting for certain recipient
-# addresses and domains.
-# Requires greylisting-spp.
-#
-
-EXEMPTRCPTS=@PKG_SYSCONFDIR@/control/greylist/exemptrcpts
-EXEMPTRCPTHOSTS=@PKG_SYSCONFDIR@/control/greylist/exemptrcpthosts
-
-is_exempt_recipient_address() {
-       [ -f "$EXEMPTRCPTS" ] \
-               && @GREP@ -qFx -- "$1" "$EXEMPTRCPTS"
-}
-
-is_exempt_recipient_domain() {
-       [ -f "$EXEMPTRCPTHOSTS" ] \
-               && @GREP@ -qFx -- "$1" "$EXEMPTRCPTHOSTS"
-}
-
-main() {
-       [ -n "$SMTPRCPTTO" ] || return
-
-       rcpt="$SMTPRCPTTO"
-       rcpthost=$(@ECHO@ "$rcpt" | @SED@ -e 's|.*@||')
-
-       if is_exempt_recipient_address "$rcpt"; then
-               @ECHO@ >&2 "greylisting skipped for recipient address: $rcpt"
-               export GL_WHITELISTED="1"
-       elif is_exempt_recipient_domain "$rcpthost"; then
-               @ECHO@ >&2 "greylisting skipped for recipient domain: $rcpthost"
-               export GL_WHITELISTED="1"
-       fi
-}
-
-main "$@"
-exec @PREFIX@/bin/greylisting-spp
diff -r 907979550800 -r 9354ca60f9a7 mail/qmail-run/files/greylisting-spp-wrapper.sh
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/qmail-run/files/greylisting-spp-wrapper.sh   Fri Dec 14 06:49:30 2018 +0000
@@ -0,0 +1,43 @@
+#!@SH@
+#
+# $NetBSD: greylisting-spp-wrapper.sh,v 1.1 2018/12/14 06:49:31 schmonz Exp $
+#
+# @PKGNAME@ wrapper for greylisting-spp.
+# Skips greylisting for configured recipient addresses and domains.
+# Optionally assigns a fixed "ip" in (ip,sender,recipient).
+#
+
+EXEMPTRCPTS=@PKG_SYSCONFDIR@/control/greylist/exemptrcpts
+EXEMPTRCPTHOSTS=@PKG_SYSCONFDIR@/control/greylist/exemptrcpthosts
+
+is_exempt_recipient_address() {
+       [ -f "$EXEMPTRCPTS" ] \
+               && @GREP@ -qFx -- "$1" "$EXEMPTRCPTS"
+}
+
+is_exempt_recipient_domain() {
+       [ -f "$EXEMPTRCPTHOSTS" ] \
+               && @GREP@ -qFx -- "$1" "$EXEMPTRCPTHOSTS"
+}
+
+main() {
+       [ -n "$SMTPRCPTTO" ] || return
+
+       rcpt="$SMTPRCPTTO"
+       rcpthost=$(@ECHO@ "$rcpt" | @SED@ -e 's|.*@||')
+
+       if is_exempt_recipient_address "$rcpt"; then
+               @ECHO@ >&2 "greylisting skipped for recipient address: $rcpt"
+               GL_WHITELISTED="1"; export GL_WHITELISTED
+       elif is_exempt_recipient_domain "$rcpthost"; then
+               @ECHO@ >&2 "greylisting skipped for recipient domain: $rcpthost"
+               GL_WHITELISTED="1"; export GL_WHITELISTED
+       fi
+
+       if [ -n "$GL_WRAPPER_TCPREMOTEIP" ]; then
+               TCPREMOTEIP="$GL_WRAPPER_TCPREMOTEIP"; export TCPREMOTEIP
+       fi
+}
+
+main "$@"
+exec @PREFIX@/bin/greylisting-spp
diff -r 907979550800 -r 9354ca60f9a7 mail/qmail-run/files/qmailofmipd.sh
--- a/mail/qmail-run/files/qmailofmipd.sh       Fri Dec 14 00:55:12 2018 +0000
+++ b/mail/qmail-run/files/qmailofmipd.sh       Fri Dec 14 06:49:30 2018 +0000
@@ -1,6 +1,6 @@
 #!@RCD_SCRIPTS_SHELL@
 #
-# $NetBSD: qmailofmipd.sh,v 1.19 2018/12/11 17:49:41 schmonz Exp $
+# $NetBSD: qmailofmipd.sh,v 1.20 2018/12/14 06:49:31 schmonz Exp $
 #
 # @PKGNAME@ script to control ofmipd (SMTP submission service).
 #
@@ -18,6 +18,8 @@
 : ${qmailofmipd_tcpflags:="-ne -vRl0"}
 : ${qmailofmipd_tcphost:="0.0.0.0"}
 : ${qmailofmipd_tcpport:="587"}
+: ${qmailofmipd_tcprules:="@PKG_SYSCONFDIR@/control/tcprules/ofmip"}
+: ${qmailofmipd_autocdb:="YES"}
 : ${qmailofmipd_precheckpassword:="@PREFIX@/bin/reup -t 5 @PREFIX@/bin/authup smtp"}
 : ${qmailofmipd_checkpassword:="@PREFIX@/bin/nbcheckpassword"}
 : ${qmailofmipd_preofmipd:="@PREFIX@/bin/checknotroot @PREFIX@/bin/fixsmtpio"}
@@ -41,7 +43,7 @@
 required_files="${required_files} @PKG_SYSCONFDIR@/control/rcpthosts"
 required_files="${required_files} @PKG_SYSCONFDIR@/control/smtpcapabilities"
 required_files="${required_files} @PKG_SYSCONFDIR@/control/fixsmtpio"
-required_files="${required_files} @PKG_SYSCONFDIR@/control/tcprules/ofmip.cdb"
+required_files="${required_files} ${qmailofmipd_tcprules}.cdb"
 command="${qmailofmipd_tcpserver}"



Home | Main Index | Thread Index | Old Index