pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mail/qmail-run Bump acceptutils dependency to get STAR...
details: https://anonhg.NetBSD.org/pkgsrc/rev/ff501a30cfda
branches: trunk
changeset: 325063:ff501a30cfda
user: schmonz <schmonz%pkgsrc.org@localhost>
date: Thu Nov 08 20:57:28 2018 +0000
description:
Bump acceptutils dependency to get STARTTLS support in fixsmtpio(8)
(obviating the need for qmail-smtpd(8) to be patched to link OpenSSL).
Make TLS configurable for submission, POP3, and now also incoming SMTP:
- "yes" (startup will fail if cert or DH params are missing)
- "no" (even if they're present, don't offer TLS)
- "auto" (the default: offer TLS iff they're present)
Mention TLS setup in MESSAGE.
Delay SMTP greeting by 2 seconds. Enable zen.spamhaus.org RBL.
Bump version.
diffstat:
mail/qmail-run/MESSAGE | 7 ++++-
mail/qmail-run/Makefile | 7 +++--
mail/qmail-run/files/fixsmtpio | 6 +----
mail/qmail-run/files/qmailofmipd.sh | 35 ++++++++++++++++++++++++----
mail/qmail-run/files/qmailpop3d.sh | 35 ++++++++++++++++++++++++----
mail/qmail-run/files/qmailsmtpd.sh | 46 +++++++++++++++++++++++++++++-------
mail/qmail-run/files/tcp.ofmip | 2 +-
mail/qmail-run/files/tcp.smtp | 2 +-
8 files changed, 109 insertions(+), 31 deletions(-)
diffs (truncated from 321 to 300 lines):
diff -r 819a82414cb6 -r ff501a30cfda mail/qmail-run/MESSAGE
--- a/mail/qmail-run/MESSAGE Thu Nov 08 20:55:01 2018 +0000
+++ b/mail/qmail-run/MESSAGE Thu Nov 08 20:57:28 2018 +0000
@@ -1,5 +1,5 @@
===========================================================================
-$NetBSD: MESSAGE,v 1.11 2018/10/28 15:01:57 schmonz Exp $
+$NetBSD: MESSAGE,v 1.12 2018/11/08 20:57:28 schmonz Exp $
Please read ${PREFIX}/share/doc/qmail-run/README.pkgsrc.
@@ -19,7 +19,7 @@
- Optionally list qmail-rcptcheck programs in control/rcptchecks.
- Optionally list qmail-qfilter programs in control/smtpfilters.
-Outgoing submissions with SMTP AUTH over TLS:
+Outgoing authentication-only submission:
- Set qmailofmipd=YES in /etc/rc.conf.
- Optionally list qmail-qfilter programs in control/ofmipfilters.
@@ -29,4 +29,7 @@
Fetching Maildirs via POP3:
- Set qmailpop3d=YES in /etc/rc.conf.
+TLS for incoming and outgoing SMTP, submission, and POP3:
+- Create cert and DH params as instructed by the qmail package.
+
===========================================================================
diff -r 819a82414cb6 -r ff501a30cfda mail/qmail-run/Makefile
--- a/mail/qmail-run/Makefile Thu Nov 08 20:55:01 2018 +0000
+++ b/mail/qmail-run/Makefile Thu Nov 08 20:57:28 2018 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.54 2018/11/03 17:08:26 schmonz Exp $
+# $NetBSD: Makefile,v 1.55 2018/11/08 20:57:28 schmonz Exp $
#
-DISTNAME= qmail-run-20181103
+DISTNAME= qmail-run-20181108
CATEGORIES= mail
MASTER_SITES= # empty
DISTFILES= # empty
@@ -10,10 +10,11 @@
COMMENT= Configures qmail to receive and deliver mail
LICENSE= 2-clause-bsd
+DEPENDS+= greetdelay-[0-9]*:../../mail/greetdelay
DEPENDS+= pkg_alternatives-[0-9]*:../../pkgtools/pkg_alternatives
DEPENDS_QMAIL= qmail>=1.03nb36:../../mail/qmail
DEPENDS+= ${DEPENDS_QMAIL}
-DEPENDS+= qmail-acceptutils>=20181027:../../mail/qmail-acceptutils
+DEPENDS+= qmail-acceptutils>=20181108:../../mail/qmail-acceptutils
DEPENDS+= qmail-qfilter>1.5nb1:../../mail/qmail-qfilter
DEPENDS+= qmail-rejectutils-[0-9]*:../../mail/qmail-rejectutils
diff -r 819a82414cb6 -r ff501a30cfda mail/qmail-run/files/fixsmtpio
--- a/mail/qmail-run/files/fixsmtpio Thu Nov 08 20:55:01 2018 +0000
+++ b/mail/qmail-run/files/fixsmtpio Thu Nov 08 20:57:28 2018 +0000
@@ -30,10 +30,6 @@
# If server times out, hide message, and tell authup to stop trying
AUTHUP_USER:timeout::*:16:
-# Don't permit server to advertise further AUTH or STARTTLS
+# Don't permit server to advertise or respond to further AUTH
AUTHUP_USER:ehlo::250?AUTH*::
-AUTHUP_USER:ehlo::250?STARTTLS::
-
-# Don't permit client to initiate further AUTH or STARTTLS
AUTHUP_USER:auth:NOOP :*::502 unimplemented (#5.5.1)
-AUTHUP_USER:starttls:NOOP :*::502 unimplemented (#5.5.1)
diff -r 819a82414cb6 -r ff501a30cfda mail/qmail-run/files/qmailofmipd.sh
--- a/mail/qmail-run/files/qmailofmipd.sh Thu Nov 08 20:55:01 2018 +0000
+++ b/mail/qmail-run/files/qmailofmipd.sh Thu Nov 08 20:57:28 2018 +0000
@@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
-# $NetBSD: qmailofmipd.sh,v 1.14 2018/11/03 17:08:26 schmonz Exp $
+# $NetBSD: qmailofmipd.sh,v 1.15 2018/11/08 20:57:28 schmonz Exp $
#
# @PKGNAME@ script to control ofmipd (SMTP submission service).
#
@@ -11,7 +11,7 @@
name="qmailofmipd"
# User-settable rc.conf variables and their default values:
-: ${qmailofmipd_postenv:="SSL_UID=$(@ID@ -u @UCSPI_SSL_USER@) SSL_GID=$(@ID@ -g @UCSPI_SSL_GROUP@) DHFILE=@PKG_SYSCONFDIR@/control/dh2048.pem CERTFILE=@PKG_SYSCONFDIR@/control/servercert.pem"}
+: ${qmailofmipd_postenv:="SSL_UID=$(@ID@ -u @UCSPI_SSL_USER@) SSL_GID=$(@ID@ -g @UCSPI_SSL_GROUP@)"}
: ${qmailofmipd_tcpflags:="-ne -vRl0"}
: ${qmailofmipd_tcphost:="0.0.0.0"}
: ${qmailofmipd_tcpport:="587"}
@@ -25,15 +25,16 @@
: ${qmailofmipd_log:="YES"}
: ${qmailofmipd_logcmd:="logger -t nbqmail/ofmipd -p mail.info"}
: ${qmailofmipd_nologcmd:="@PREFIX@/bin/multilog -*"}
+: ${qmailofmipd_tls:="auto"}
+: ${qmailofmipd_tls_dhparams:="@PKG_SYSCONFDIR@/control/dh2048.pem"}
+: ${qmailofmipd_tls_cert:="@PKG_SYSCONFDIR@/control/servercert.pem"}
if [ -f /etc/rc.subr ]; then
. /etc/rc.subr
fi
rcvar=${name}
-required_files="@PKG_SYSCONFDIR@/control/dh2048.pem"
-required_files="${required_files} @PKG_SYSCONFDIR@/control/servercert.pem"
-required_files="${required_files} @PKG_SYSCONFDIR@/control/me"
+required_files="@PKG_SYSCONFDIR@/control/me"
required_files="${required_files} @PKG_SYSCONFDIR@/control/concurrencysubmission"
required_files="${required_files} @PKG_SYSCONFDIR@/control/rcpthosts"
required_files="${required_files} @PKG_SYSCONFDIR@/control/smtpcapabilities"
@@ -49,11 +50,35 @@
cdb_cmd="qmailofmipd_cdb"
reload_cmd=${cdb_cmd}
+qmailofmipd_configure_tls() {
+ if [ "auto" = "${qmailofmipd_tls}" ]; then
+ if [ -f "${qmailofmipd_tls_dhparams}" ] && [ -f "${qmailofmipd_tls_cert}" ]; then
+ qmailofmipd_enable_tls
+ else
+ qmailofmipd_disable_tls
+ fi
+ elif [ -f /etc/rc.subr ] && checkyesno qmailofmipd_tls; then
+ qmailofmipd_enable_tls
+ else
+ qmailofmipd_disable_tls
+ fi
+}
+
+qmailofmipd_disable_tls() {
+ qmailofmipd_postenv="${qmailofmipd_postenv} DISABLETLS=1"
+}
+
+qmailofmipd_enable_tls() {
+ qmailofmipd_postenv="${qmailofmipd_postenv} DHFILE=${qmailofmipd_tls_dhparams}"
+ qmailofmipd_postenv="${qmailofmipd_postenv} CERTFILE=${qmailofmipd_tls_cert}"
+}
+
qmailofmipd_precmd()
{
if [ -f /etc/rc.subr ] && ! checkyesno qmailofmipd_log; then
qmailofmipd_logcmd=${qmailofmipd_nologcmd}
fi
+ qmailofmipd_configure_tls
# tcpserver(1) is akin to inetd(8), but runs one service per process.
# We want to signal only the tcpserver process responsible for this
# service. Use argv0(1) to set procname to "nbqmailofmipd".
diff -r 819a82414cb6 -r ff501a30cfda mail/qmail-run/files/qmailpop3d.sh
--- a/mail/qmail-run/files/qmailpop3d.sh Thu Nov 08 20:55:01 2018 +0000
+++ b/mail/qmail-run/files/qmailpop3d.sh Thu Nov 08 20:57:28 2018 +0000
@@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
-# $NetBSD: qmailpop3d.sh,v 1.23 2018/11/03 17:08:26 schmonz Exp $
+# $NetBSD: qmailpop3d.sh,v 1.24 2018/11/08 20:57:28 schmonz Exp $
#
# @PKGNAME@ script to control qmail-pop3d (POP3 server for Maildirs).
#
@@ -10,7 +10,7 @@
name="qmailpop3d"
# User-settable rc.conf variables and their default values:
-: ${qmailpop3d_postenv:="SSL_UID=$(@ID@ -u @UCSPI_SSL_USER@) SSL_GID=$(@ID@ -g @UCSPI_SSL_GROUP@) DHFILE=@PKG_SYSCONFDIR@/control/dh2048.pem CERTFILE=@PKG_SYSCONFDIR@/control/servercert.pem"}
+: ${qmailpop3d_postenv:="SSL_UID=$(@ID@ -u @UCSPI_SSL_USER@) SSL_GID=$(@ID@ -g @UCSPI_SSL_GROUP@)"}
: ${qmailpop3d_tcpflags:="-ne -vRl0"}
: ${qmailpop3d_tcphost:="0.0.0.0"}
: ${qmailpop3d_tcpport:="110"}
@@ -24,15 +24,16 @@
: ${qmailpop3d_log:="YES"}
: ${qmailpop3d_logcmd:="logger -t nbqmail/pop3d -p mail.info"}
: ${qmailpop3d_nologcmd:="@PREFIX@/bin/multilog -*"}
+: ${qmailpop3d_tls:="auto"}
+: ${qmailpop3pd_tls_dhparams:="@PKG_SYSCONFDIR@/control/dh2048.pem"}
+: ${qmailpop3pd_tls_cert:="@PKG_SYSCONFDIR@/control/servercert.pem"}
if [ -f /etc/rc.subr ]; then
. /etc/rc.subr
fi
rcvar=${name}
-required_files="@PKG_SYSCONFDIR@/control/dh2048.pem"
-required_files="${required_files} @PKG_SYSCONFDIR@/control/servercert.pem"
-required_files="${required_files} @PKG_SYSCONFDIR@/control/me"
+required_files="@PKG_SYSCONFDIR@/control/me"
required_files="${required_files} @PKG_SYSCONFDIR@/control/concurrencypop3"
required_files="${required_files} @PKG_SYSCONFDIR@/control/pop3capabilities"
required_files="${required_files} @PKG_SYSCONFDIR@/tcp.pop3.cdb"
@@ -46,11 +47,35 @@
cdb_cmd="qmailpop3d_cdb"
reload_cmd=${cdb_cmd}
+qmailpop3d_configure_tls() {
+ if [ "auto" = "${qmailpop3d_tls}" ]; then
+ if [ -f "${qmailpop3d_tls_dhparams}" ] && [ -f "${qmailpop3d_tls_cert}" ]; then
+ qmailpop3d_enable_tls
+ else
+ qmailpop3d_disable_tls
+ fi
+ elif [ -f /etc/rc.subr ] && checkyesno qmailpop3d_tls; then
+ qmailpop3d_enable_tls
+ else
+ qmailpop3d_disable_tls
+ fi
+}
+
+qmailpop3d_disable_tls() {
+ qmailpop3d_postenv="${qmailpop3d_postenv} DISABLETLS=1"
+}
+
+qmailpop3d_enable_tls() {
+ qmailpop3d_postenv="${qmailpop3d_postenv} DHFILE=${qmailpop3d_tls_dhparams}"
+ qmailpop3d_postenv="${qmailpop3d_postenv} CERTFILE=${qmailpop3d_tls_cert}"
+}
+
qmailpop3d_precmd()
{
if [ -f /etc/rc.subr ] && ! checkyesno qmailpop3d_log; then
qmailpop3d_logcmd=${qmailpop3d_nologcmd}
fi
+ qmailpop3d_configure_tls
# tcpserver(1) is akin to inetd(8), but runs one service per process.
# We want to signal only the tcpserver process responsible for this
# service. Use argv0(1) to set procname to "nbqmailpop3d".
diff -r 819a82414cb6 -r ff501a30cfda mail/qmail-run/files/qmailsmtpd.sh
--- a/mail/qmail-run/files/qmailsmtpd.sh Thu Nov 08 20:55:01 2018 +0000
+++ b/mail/qmail-run/files/qmailsmtpd.sh Thu Nov 08 20:57:28 2018 +0000
@@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
-# $NetBSD: qmailsmtpd.sh,v 1.19 2018/11/03 17:08:26 schmonz Exp $
+# $NetBSD: qmailsmtpd.sh,v 1.20 2018/11/08 20:57:28 schmonz Exp $
#
# @PKGNAME@ script to control qmail-smtpd (SMTP service).
#
@@ -11,28 +11,32 @@
name="qmailsmtpd"
# User-settable rc.conf variables and their default values:
-: ${qmailsmtpd_postenv:=""}
-: ${qmailsmtpd_tcpflags:="-vRl0"}
-: ${qmailsmtpd_tcphost:="0"}
+: ${qmailsmtpd_postenv:="SSL_UID=$(@ID@ -u @UCSPI_SSL_USER@) SSL_GID=$(@ID@ -g @UCSPI_SSL_GROUP@)"}
+: ${qmailsmtpd_tcpflags:="-ne -vRl0"}
+: ${qmailsmtpd_tcphost:="0.0.0.0"}
: ${qmailsmtpd_tcpport:="25"}
-: ${qmailsmtpd_datalimit:="180000000"}
+: ${qmailsmtpd_datalimit:="360000000"}
: ${qmailsmtpd_pretcpserver:=""}
-: ${qmailsmtpd_tcpserver:="@PREFIX@/bin/tcpserver"}
-: ${qmailsmtpd_presmtpd:=""}
+: ${qmailsmtpd_tcpserver:="@PREFIX@/bin/sslserver"}
+: ${qmailsmtpd_presmtpd:="@PREFIX@/bin/greetdelay @PREFIX@/bin/rblsmtpd -r zen.spamhaus.org @PREFIX@/bin/fixsmtpio"}
: ${qmailsmtpd_smtpdcmd:="@PREFIX@/bin/qmail-smtpd"}
: ${qmailsmtpd_postsmtpd:=""}
: ${qmailsmtpd_log:="YES"}
: ${qmailsmtpd_logcmd:="logger -t nbqmail/smtpd -p mail.info"}
: ${qmailsmtpd_nologcmd:="@PREFIX@/bin/multilog -*"}
+: ${qmailsmtpd_tls:="auto"}
+: ${qmailsmtpd_tls_dhparams:="@PKG_SYSCONFDIR@/control/dh2048.pem"}
+: ${qmailsmtpd_tls_cert:="@PKG_SYSCONFDIR@/control/servercert.pem"}
if [ -f /etc/rc.subr ]; then
. /etc/rc.subr
fi
rcvar=${name}
-required_files="@PKG_SYSCONFDIR@/control/concurrencyincoming"
+required_files="@PKG_SYSCONFDIR@/control/me"
+required_files="${required_files} @PKG_SYSCONFDIR@/control/concurrencyincoming"
+required_files="${required_files} @PKG_SYSCONFDIR@/control/rcpthosts"
required_files="${required_files} @PKG_SYSCONFDIR@/tcp.smtp.cdb"
-required_files="${required_files} @PKG_SYSCONFDIR@/control/rcpthosts"
command="${qmailsmtpd_tcpserver}"
procname=nb${name}
start_precmd="qmailsmtpd_precmd"
@@ -43,11 +47,35 @@
cdb_cmd="qmailsmtpd_cdb"
reload_cmd=${cdb_cmd}
+qmailsmtpd_configure_tls() {
+ if [ "auto" = "${qmailsmtpd_tls}" ]; then
+ if [ -f "${qmailsmtpd_tls_dhparams}" ] && [ -f "${qmailsmtpd_tls_cert}" ]; then
+ qmailsmtpd_enable_tls
+ else
+ qmailsmtpd_disable_tls
+ fi
+ elif [ -f /etc/rc.subr ] && checkyesno qmailsmtpd_tls; then
+ qmailsmtpd_enable_tls
+ else
+ qmailsmtpd_disable_tls
+ fi
+}
+
+qmailsmtpd_disable_tls() {
+ qmailsmtpd_postenv="${qmailsmtpd_postenv} DISABLETLS=1"
+}
+
+qmailsmtpd_enable_tls() {
+ qmailsmtpd_postenv="${qmailsmtpd_postenv} DHFILE=${qmailsmtpd_tls_dhparams}"
+ qmailsmtpd_postenv="${qmailsmtpd_postenv} CERTFILE=${qmailsmtpd_tls_cert}"
+}
+
qmailsmtpd_precmd()
Home |
Main Index |
Thread Index |
Old Index