Received: by mail.netbsd.org (Postfix, from userid 605) id 2D23A84D43; Fri, 14 Dec 2018 06:49:35 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 4EB3884D2B for ; Fri, 14 Dec 2018 06:49:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id O1i2JGPISnQk for ; Fri, 14 Dec 2018 06:49:31 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 990A884CDA for ; Fri, 14 Dec 2018 06:49:31 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 77CE9FB16; Fri, 14 Dec 2018 06:49:31 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1544770171136650" MIME-Version: 1.0 Date: Fri, 14 Dec 2018 06:49:31 +0000 From: "Amitai Schleier" Subject: CVS commit: pkgsrc/mail/qmail-run To: pkgsrc-changes@NetBSD.org Reply-To: schmonz@netbsd.org X-Mailer: log_accum Message-Id: <20181214064931.77CE9FB16@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1544770171136650 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: schmonz Date: Fri Dec 14 06:49:31 UTC 2018 Modified Files: pkgsrc/mail/qmail-run: INSTALL MESSAGE Makefile PLIST pkgsrc/mail/qmail-run/files: README.pkgsrc qmailofmipd.sh qmailpop3d.sh qmailsmtpd.sh smtpfilters smtpplugins tcprules-smtp Added Files: pkgsrc/mail/qmail-run/files: greylisting-spp-wrapper.sh Removed Files: pkgsrc/mail/qmail-run/files: greylisting-spp-with-exemptions.sh Log Message: Extract most of MESSAGE to README.pkgsrc. (MESSAGE was getting too long.) Comment out qmail-qfilter-viruscan in control/smtpfilters. It's not a very precise tool, so the cost (false positives) probably outweighs the benefit (blocked malware attachments) for many users. Also not a sensible default: rejecting incoming mail on SPF explicit-fail. This needs to be an admin decision because, among other reasons, it would also reject messages forwarded through servers that haven't configured SRS. Document SPF setup, including how to reject (with this caveat) and how to greylist SPF explicit-pass (which would otherwise be exempted from greylisting). Rename greylisting-spp-with-exemptions to greylisting-spp-wrapper. Add a feature: to effectively omit IP from the (IP,sender,recipient) tuple, add GL_WRAPPER_TCPREMOTEIP="127.127.127.127" to control/tcprules/smtp. rc.d scripts: - Location of tcprules file is configurable - By default, CDB is auto-rebuilt as needed on service start - CDB auto-rebuilding can be configured off Bump version. To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 pkgsrc/mail/qmail-run/INSTALL cvs rdiff -u -r1.14 -r1.15 pkgsrc/mail/qmail-run/MESSAGE cvs rdiff -u -r1.64 -r1.65 pkgsrc/mail/qmail-run/Makefile cvs rdiff -u -r1.19 -r1.20 pkgsrc/mail/qmail-run/PLIST cvs rdiff -u -r1.5 -r1.6 pkgsrc/mail/qmail-run/files/README.pkgsrc cvs rdiff -u -r1.1 -r0 \ pkgsrc/mail/qmail-run/files/greylisting-spp-with-exemptions.sh cvs rdiff -u -r0 -r1.1 pkgsrc/mail/qmail-run/files/greylisting-spp-wrapper.sh cvs rdiff -u -r1.19 -r1.20 pkgsrc/mail/qmail-run/files/qmailofmipd.sh cvs rdiff -u -r1.27 -r1.28 pkgsrc/mail/qmail-run/files/qmailpop3d.sh cvs rdiff -u -r1.24 -r1.25 pkgsrc/mail/qmail-run/files/qmailsmtpd.sh cvs rdiff -u -r1.2 -r1.3 pkgsrc/mail/qmail-run/files/smtpfilters cvs rdiff -u -r1.4 -r1.5 pkgsrc/mail/qmail-run/files/smtpplugins cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/qmail-run/files/tcprules-smtp Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1544770171136650 Content-Disposition: inline Content-Length: 20202 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/mail/qmail-run/INSTALL diff -u pkgsrc/mail/qmail-run/INSTALL:1.10 pkgsrc/mail/qmail-run/INSTALL:1.11 --- pkgsrc/mail/qmail-run/INSTALL:1.10 Tue Dec 11 17:49:40 2018 +++ pkgsrc/mail/qmail-run/INSTALL Fri Dec 14 06:49:30 2018 @@ -1,4 +1,4 @@ -# $NetBSD: INSTALL,v 1.10 2018/12/11 17:49:40 schmonz Exp $ +# $NetBSD: INSTALL,v 1.11 2018/12/14 06:49:30 schmonz Exp $ case "${STAGE}" in @@ -12,13 +12,4 @@ PRE-INSTALL) ;; -POST-INSTALL) - cd ${PKG_SYSCONFDIR}/control/tcprules - for i in ofmip pop3 smtp; do - ${CHMOD} 644 ${i} - ${PREFIX}/bin/tcprules ${i}.cdb ${i}.tmp < ${i} - ${CHMOD} 644 ${i}.cdb - done - - ;; esac Index: pkgsrc/mail/qmail-run/MESSAGE diff -u pkgsrc/mail/qmail-run/MESSAGE:1.14 pkgsrc/mail/qmail-run/MESSAGE:1.15 --- pkgsrc/mail/qmail-run/MESSAGE:1.14 Wed Nov 14 16:46:58 2018 +++ pkgsrc/mail/qmail-run/MESSAGE Fri Dec 14 06:49:30 2018 @@ -1,34 +1,16 @@ =========================================================================== -$NetBSD: MESSAGE,v 1.14 2018/11/14 16:46:58 schmonz Exp $ +$NetBSD: MESSAGE,v 1.15 2018/12/14 06:49:30 schmonz Exp $ -Please read ${PREFIX}/share/doc/qmail-run/README.pkgsrc. +Assuming NetBSD-style mailwrapper(8) and rc(8), to enable qmail for +local and outbound delivery: -Assuming NetBSD-style mailwrapper(8) and rc(8), to enable qmail for... - -Local and outbound delivery: +- Run "/etc/rc.d/postfix stop" and set postfix=NO in /etc/rc.conf. +- Replace /etc/mailer.conf with ${PREFIX}/share/examples/qmail-run/mailer.conf. - Check configuration in ${PKG_SYSCONFDIR} (especially alias/.qmail-*). -- Copy ${PREFIX}/share/examples/qmail-run/mailer.conf to /etc/mailer.conf. - Set qmailsend=YES and qmailqread=YES in /etc/rc.conf. +- Run "/etc/rc.d/qmail start". -Incoming SMTP on port 25: -- Add any qmail-rcptcheck programs to control/rcptchecks. -- Add any qmail-qfilter programs to control/smtpfilters. -- Add any qmail-spp programs (such as greylisting) to control/smtpplugins. -- Set qmailsmtpd=YES in /etc/rc.conf. - -Greylisting: -- Add any exempt recipient addresses to control/greylist/exemptrcpts. -- Add any exempt recipient domains to control/greylist/exemptrcpthosts. -- Uncomment "greylisting-spp-with-exemptions" in control/smtpplugins. - -Authenticated submission on port 587: -- Add any qmail-qfilter programs to control/ofmipfilters. -- Set qmailofmipd=YES in /etc/rc.conf. - -POP3 (for Maildirs only) on port 110: -- Set qmailpop3d=YES in /etc/rc.conf. - -TLS encryption everywhere applicable: -- Create cert and DH params as instructed by the qmail package. +For SMTP, TLS, and more, please read +${PREFIX}/share/doc/qmail-run/README.pkgsrc. =========================================================================== Index: pkgsrc/mail/qmail-run/Makefile diff -u pkgsrc/mail/qmail-run/Makefile:1.64 pkgsrc/mail/qmail-run/Makefile:1.65 --- pkgsrc/mail/qmail-run/Makefile:1.64 Wed Dec 12 01:08:30 2018 +++ pkgsrc/mail/qmail-run/Makefile Fri Dec 14 06:49:30 2018 @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.64 2018/12/12 01:08:30 schmonz Exp $ +# $NetBSD: Makefile,v 1.65 2018/12/14 06:49:30 schmonz Exp $ # -DISTNAME= qmail-run-20181211.1 +DISTNAME= qmail-run-20181214 CATEGORIES= mail MASTER_SITES= # empty DISTFILES= # empty @@ -78,7 +78,7 @@ MAKEVARS+= PKG_SYSCONFDIR.qmail-run SUBST_CLASSES+= paths SUBST_STAGE.paths= pre-configure SUBST_FILES.paths= mailer.conf -SUBST_FILES.paths+= greylisting-spp-with-exemptions ofmipd-with-user-cdb +SUBST_FILES.paths+= greylisting-spp-wrapper ofmipd-with-user-cdb SUBST_FILES.paths+= qmail-isspam-* qmail-procmail qmail-qread-client SUBST_FILES.paths+= rcptchecks ofmipfilters smtpfilters smtpplugins tcprules-* SUBST_VARS.paths= PKGNAME PKG_SYSCONFDIR PREFIX @@ -93,14 +93,14 @@ post-extract: tcprules-ofmip tcprules-pop3 tcprules-smtp; do \ ${CP} ${FILESDIR}/$$f ${WRKDIR}/$$f; \ done; \ - for f in greylisting-spp-with-exemptions ofmipd-with-user-cdb \ + for f in greylisting-spp-wrapper ofmipd-with-user-cdb \ qmail-isspam-rspamd qmail-isspam-spamassassin \ qmail-procmail qmail-qread-client; do \ ${CP} ${FILESDIR}/$$f.sh ${WRKDIR}/$$f; \ done do-install: - for f in greylisting-spp-with-exemptions ofmipd-with-user-cdb \ + for f in greylisting-spp-wrapper ofmipd-with-user-cdb \ qmail-isspam-rspamd qmail-isspam-spamassassin \ qmail-procmail qmail-qread-client; do \ ${INSTALL_SCRIPT} ${WRKDIR}/$$f ${DESTDIR}${PREFIX}/bin; \ Index: pkgsrc/mail/qmail-run/PLIST diff -u pkgsrc/mail/qmail-run/PLIST:1.19 pkgsrc/mail/qmail-run/PLIST:1.20 --- pkgsrc/mail/qmail-run/PLIST:1.19 Tue Dec 11 17:49:40 2018 +++ pkgsrc/mail/qmail-run/PLIST Fri Dec 14 06:49:30 2018 @@ -1,5 +1,5 @@ -@comment $NetBSD: PLIST,v 1.19 2018/12/11 17:49:40 schmonz Exp $ -bin/greylisting-spp-with-exemptions +@comment $NetBSD: PLIST,v 1.20 2018/12/14 06:49:30 schmonz Exp $ +bin/greylisting-spp-wrapper bin/ofmipd-with-user-cdb bin/qmail-isspam-rspamd bin/qmail-isspam-spamassassin Index: pkgsrc/mail/qmail-run/files/README.pkgsrc diff -u pkgsrc/mail/qmail-run/files/README.pkgsrc:1.5 pkgsrc/mail/qmail-run/files/README.pkgsrc:1.6 --- pkgsrc/mail/qmail-run/files/README.pkgsrc:1.5 Tue Dec 11 17:49:41 2018 +++ pkgsrc/mail/qmail-run/files/README.pkgsrc Fri Dec 14 06:49:31 2018 @@ -1,3 +1,58 @@ + Getting started + =============== + +Assuming NetBSD-style mailwrapper(8) and rc(8), to enable qmail for... + +Local and outbound delivery: +- Run "/etc/rc.d/postfix stop" and set postfix=NO in /etc/rc.conf. +- Replace /etc/mailer.conf with ${PREFIX}/share/examples/qmail-run/mailer.conf. +- Check configuration in ${PKG_SYSCONFDIR} (especially alias/.qmail-*). +- Set qmailsend=YES and qmailqread=YES in /etc/rc.conf. +- Run "/etc/rc.d/qmail start". + +Incoming SMTP on port 25: +- Set qmailsmtpd=YES in /etc/rc.conf. +- Add any qmail-rcptcheck programs to control/rcptchecks. +- Add any qmail-qfilter programs to control/smtpfilters. +- Add any qmail-spp programs (such as greylisting) to control/smtpplugins. +- Run "/etc/rc.d/qmailsmtpd start". + +Greylisting: +- Add any exempt recipient addresses to control/greylist/exemptrcpts. +- Add any exempt recipient domains to control/greylist/exemptrcpthosts. +- Tuples are (IP,sender,recipient). To effectively omit IP, add + GL_WRAPPER_TCPREMOTEIP="127.127.127.127" to control/tcprules/smtp, + then run "/etc/rc.d/qmailsmtpd cdb". +- Uncomment "greylisting-spp-wrapper" in control/smtpplugins. + +Authenticated message submission on port 587: +- Set qmailofmipd=YES in /etc/rc.conf. +- Add any qmail-qfilter programs to control/ofmipfilters. +- Run "/etc/rc.d/qmailofmipd start". + +POP3 (for Maildirs only) on port 110: +- Set qmailpop3d=YES in /etc/rc.conf. +- Run "/etc/rc.d/qmailpop3d start". + +TLS encryption for SMTP, submission, POP3, and remote delivery: +- Create cert and DH params (as instructed by the qmail package). +- Run "/etc/rc.d/qmail restart". + +Sender Policy Framework: +- Configure Sender Rewriting Scheme (as instructed by the qmail package) + so your auto-forwarded messages will reach servers that choose to + enforce the forwarded domains' SPF policies. +- Publish a DNS TXT record with your desired policy. +- Incoming messages that explicit-fail published policy are nonetheless + accepted. To reject -- including rejecting auto-forwarded messages + from servers that haven't configured SRS -- add + SPP_SPF_RESULT_FAIL="E550 spf_smtp_msg" to control/tcprules/smtp, + then run "/etc/rc.d/qmailsmtpd cdb". +- Messages that explicit-pass are not greylisted. To remove the + exemption, remove SPP_SPF_RESULT_PASS="SGL_WHITELISTED=1" from + control/tcprules/smtp, then run "/etc/rc.d/qmailsmtpd cdb". + + Getting help ============ Index: pkgsrc/mail/qmail-run/files/qmailofmipd.sh diff -u pkgsrc/mail/qmail-run/files/qmailofmipd.sh:1.19 pkgsrc/mail/qmail-run/files/qmailofmipd.sh:1.20 --- pkgsrc/mail/qmail-run/files/qmailofmipd.sh:1.19 Tue Dec 11 17:49:41 2018 +++ pkgsrc/mail/qmail-run/files/qmailofmipd.sh Fri Dec 14 06:49:31 2018 @@ -1,6 +1,6 @@ #!@RCD_SCRIPTS_SHELL@ # -# $NetBSD: qmailofmipd.sh,v 1.19 2018/12/11 17:49:41 schmonz Exp $ +# $NetBSD: qmailofmipd.sh,v 1.20 2018/12/14 06:49:31 schmonz Exp $ # # @PKGNAME@ script to control ofmipd (SMTP submission service). # @@ -18,6 +18,8 @@ name="qmailofmipd" : ${qmailofmipd_tcpflags:="-ne -vRl0"} : ${qmailofmipd_tcphost:="0.0.0.0"} : ${qmailofmipd_tcpport:="587"} +: ${qmailofmipd_tcprules:="@PKG_SYSCONFDIR@/control/tcprules/ofmip"} +: ${qmailofmipd_autocdb:="YES"} : ${qmailofmipd_precheckpassword:="@PREFIX@/bin/reup -t 5 @PREFIX@/bin/authup smtp"} : ${qmailofmipd_checkpassword:="@PREFIX@/bin/nbcheckpassword"} : ${qmailofmipd_preofmipd:="@PREFIX@/bin/checknotroot @PREFIX@/bin/fixsmtpio"} @@ -41,7 +43,7 @@ required_files="${required_files} @PKG_S required_files="${required_files} @PKG_SYSCONFDIR@/control/rcpthosts" required_files="${required_files} @PKG_SYSCONFDIR@/control/smtpcapabilities" required_files="${required_files} @PKG_SYSCONFDIR@/control/fixsmtpio" -required_files="${required_files} @PKG_SYSCONFDIR@/control/tcprules/ofmip.cdb" +required_files="${required_files} ${qmailofmipd_tcprules}.cdb" command="${qmailofmipd_tcpserver}" procname=nb${name} start_precmd="qmailofmipd_precmd" @@ -84,13 +86,16 @@ qmailofmipd_precmd() qmailofmipd_logcmd=${qmailofmipd_nologcmd} fi qmailofmipd_configure_tls + if [ -f /etc/rc.subr ] && checkyesno qmailofmipd_autocdb; then + qmailofmipd_needcdb && qmailofmipd_cdb + fi # tcpserver(1) is akin to inetd(8), but runs one service per process. # We want to signal only the tcpserver process responsible for this # service. Use argv0(1) to set procname to "nbqmailofmipd". command="@PREFIX@/bin/pgrphack @SETENV@ - ${qmailofmipd_postenv} @PREFIX@/bin/softlimit -m ${qmailofmipd_datalimit} ${qmailofmipd_pretcpserver} @PREFIX@/bin/argv0 ${qmailofmipd_tcpserver} ${procname} -${qmailofmipd_tcpflags} -x @PKG_SYSCONFDIR@/control/tcprules/ofmip.cdb +${qmailofmipd_tcpflags} -x ${qmailofmipd_tcprules}.cdb -c `@HEAD@ -1 @PKG_SYSCONFDIR@/control/concurrencysubmission` ${qmailofmipd_tcphost} ${qmailofmipd_tcpport} ${qmailofmipd_precheckpassword} ${qmailofmipd_checkpassword} @@ -126,12 +131,17 @@ qmailofmipd_cont() kill -CONT $rc_pid } +qmailofmipd_needcdb() { + _src=${qmailofmipd_tcprules} + _dst=${qmailofmipd_tcprules}.cdb + [ -f "${_src}" -a "${_src}" -nt "${_dst}" ] || [ ! -f "${_dst}" ] +} + qmailofmipd_cdb() { - @ECHO@ "Reloading @PKG_SYSCONFDIR@/control/tcprules/ofmip" - cd @PKG_SYSCONFDIR@/control/tcprules - @PREFIX@/bin/tcprules ofmip.cdb ofmip.tmp < ofmip - @CHMOD@ 644 ofmip.cdb + @ECHO@ "Reloading ${qmailofmipd_tcprules}" + @PREFIX@/bin/tcprules ${qmailofmipd_tcprules}.cdb ${qmailofmipd_tcprules}.tmp < ${qmailofmipd_tcprules} + @CHMOD@ 644 ${qmailofmipd_tcprules}.cdb } if [ -f /etc/rc.subr ]; then Index: pkgsrc/mail/qmail-run/files/qmailpop3d.sh diff -u pkgsrc/mail/qmail-run/files/qmailpop3d.sh:1.27 pkgsrc/mail/qmail-run/files/qmailpop3d.sh:1.28 --- pkgsrc/mail/qmail-run/files/qmailpop3d.sh:1.27 Tue Dec 11 17:49:41 2018 +++ pkgsrc/mail/qmail-run/files/qmailpop3d.sh Fri Dec 14 06:49:31 2018 @@ -1,6 +1,6 @@ #!@RCD_SCRIPTS_SHELL@ # -# $NetBSD: qmailpop3d.sh,v 1.27 2018/12/11 17:49:41 schmonz Exp $ +# $NetBSD: qmailpop3d.sh,v 1.28 2018/12/14 06:49:31 schmonz Exp $ # # @PKGNAME@ script to control qmail-pop3d (POP3 server for Maildirs). # @@ -17,6 +17,8 @@ name="qmailpop3d" : ${qmailpop3d_tcpflags:="-ne -vRl0"} : ${qmailpop3d_tcphost:="0.0.0.0"} : ${qmailpop3d_tcpport:="110"} +: ${qmailpop3d_tcprules:="@PKG_SYSCONFDIR@/control/tcprules/pop3"} +: ${qmailpop3d_autocdb:="YES"} : ${qmailpop3d_precheckpassword:="@PREFIX@/bin/authup pop3"} : ${qmailpop3d_checkpassword:="@PREFIX@/bin/nbcheckpassword"} : ${qmailpop3d_prepop3d:="@PREFIX@/bin/checknotroot"} @@ -38,7 +40,7 @@ rcvar=${name} required_files="@PKG_SYSCONFDIR@/control/me" required_files="${required_files} @PKG_SYSCONFDIR@/control/concurrencypop3" required_files="${required_files} @PKG_SYSCONFDIR@/control/pop3capabilities" -required_files="${required_files} @PKG_SYSCONFDIR@/control/tcprules/pop3.cdb" +required_files="${required_files} ${qmailpop3d_tcprules}.cdb" command="${qmailpop3d_tcpserver}" procname=nb${name} start_precmd="qmailpop3d_precmd" @@ -81,13 +83,16 @@ qmailpop3d_precmd() qmailpop3d_logcmd=${qmailpop3d_nologcmd} fi qmailpop3d_configure_tls + if [ -f /etc/rc.subr ] && checkyesno qmailpop3d_autocdb; then + qmailpop3d_needcdb && qmailpop3d_cdb + fi # tcpserver(1) is akin to inetd(8), but runs one service per process. # We want to signal only the tcpserver process responsible for this # service. Use argv0(1) to set procname to "nbqmailpop3d". command="@PREFIX@/bin/pgrphack @SETENV@ - ${qmailpop3d_postenv} @PREFIX@/bin/softlimit -m ${qmailpop3d_datalimit} ${qmailpop3d_pretcpserver} @PREFIX@/bin/argv0 ${qmailpop3d_tcpserver} ${procname} -${qmailpop3d_tcpflags} -x @PKG_SYSCONFDIR@/control/tcprules/pop3.cdb +${qmailpop3d_tcpflags} -x ${qmailpop3d_tcprules}.cdb -c `@HEAD@ -1 @PKG_SYSCONFDIR@/control/concurrencypop3` ${qmailpop3d_tcphost} ${qmailpop3d_tcpport} ${qmailpop3d_precheckpassword} ${qmailpop3d_checkpassword} @@ -123,12 +128,17 @@ qmailpop3d_cont() kill -CONT $rc_pid } +qmailpop3d_needcdb() { + _src=${qmailpop3d_tcprules} + _dst=${qmailpop3d_tcprules}.cdb + [ -f "${_src}" -a "${_src}" -nt "${_dst}" ] || [ ! -f "${_dst}" ] +} + qmailpop3d_cdb() { - @ECHO@ "Reloading @PKG_SYSCONFDIR@/control/tcprules/pop3." - cd @PKG_SYSCONFDIR@/control/tcprules - @PREFIX@/bin/tcprules pop3.cdb pop3.tmp < pop3 - @CHMOD@ 644 pop3.cdb + @ECHO@ "Reloading ${qmailpop3d_tcprules}." + @PREFIX@/bin/tcprules ${qmailpop3d_tcprules}.cdb ${qmailpop3d_tcprules}.tmp < ${qmailpop3d_tcprules} + @CHMOD@ 644 ${qmailpop3d_tcprules}.cdb } if [ -f /etc/rc.subr ]; then Index: pkgsrc/mail/qmail-run/files/qmailsmtpd.sh diff -u pkgsrc/mail/qmail-run/files/qmailsmtpd.sh:1.24 pkgsrc/mail/qmail-run/files/qmailsmtpd.sh:1.25 --- pkgsrc/mail/qmail-run/files/qmailsmtpd.sh:1.24 Tue Dec 11 17:49:41 2018 +++ pkgsrc/mail/qmail-run/files/qmailsmtpd.sh Fri Dec 14 06:49:31 2018 @@ -1,6 +1,6 @@ #!@RCD_SCRIPTS_SHELL@ # -# $NetBSD: qmailsmtpd.sh,v 1.24 2018/12/11 17:49:41 schmonz Exp $ +# $NetBSD: qmailsmtpd.sh,v 1.25 2018/12/14 06:49:31 schmonz Exp $ # # @PKGNAME@ script to control qmail-smtpd (SMTP service). # @@ -18,6 +18,8 @@ name="qmailsmtpd" : ${qmailsmtpd_tcpflags:="-ne -vRl0"} : ${qmailsmtpd_tcphost:="0.0.0.0"} : ${qmailsmtpd_tcpport:="25"} +: ${qmailsmtpd_tcprules:="@PKG_SYSCONFDIR@/control/tcprules/smtp"} +: ${qmailsmtpd_autocdb:="YES"} : ${qmailsmtpd_presmtpd:="@PREFIX@/bin/greetdelay @PREFIX@/bin/rblsmtpd -r zen.spamhaus.org @PREFIX@/bin/fixsmtpio"} : ${qmailsmtpd_smtpdcmd:="@PREFIX@/bin/qmail-smtpd"} : ${qmailsmtpd_postsmtpd:=""} @@ -37,7 +39,7 @@ rcvar=${name} required_files="@PKG_SYSCONFDIR@/control/me" required_files="${required_files} @PKG_SYSCONFDIR@/control/concurrencyincoming" required_files="${required_files} @PKG_SYSCONFDIR@/control/rcpthosts" -required_files="${required_files} @PKG_SYSCONFDIR@/control/tcprules/smtp.cdb" +required_files="${required_files} ${qmailsmtpd_tcprules}.cdb" command="${qmailsmtpd_tcpserver}" procname=nb${name} start_precmd="qmailsmtpd_precmd" @@ -80,13 +82,16 @@ qmailsmtpd_precmd() qmailsmtpd_logcmd=${qmailsmtpd_nologcmd} fi qmailsmtpd_configure_tls + if [ -f /etc/rc.subr ] && checkyesno qmailsmtpd_autocdb; then + qmailsmtpd_needcdb && qmailsmtpd_cdb + fi # tcpserver(1) is akin to inetd(8), but runs one service per process. # We want to signal only the tcpserver process responsible for this # service. Use argv0(1) to set procname to "nbqmailsmtpd". command="@PREFIX@/bin/pgrphack @SETENV@ - ${qmailsmtpd_postenv} @PREFIX@/bin/softlimit -m ${qmailsmtpd_datalimit} ${qmailsmtpd_pretcpserver} @PREFIX@/bin/argv0 ${qmailsmtpd_tcpserver} ${procname} -${qmailsmtpd_tcpflags} -x @PKG_SYSCONFDIR@/control/tcprules/smtp.cdb +${qmailsmtpd_tcpflags} -x ${qmailsmtpd_tcprules}.cdb -c `@HEAD@ -1 @PKG_SYSCONFDIR@/control/concurrencyincoming` -u `@ID@ -u @QMAIL_DAEMON_USER@` -g `@ID@ -g @QMAIL_DAEMON_USER@` ${qmailsmtpd_tcphost} ${qmailsmtpd_tcpport} @@ -122,12 +127,17 @@ qmailsmtpd_cont() kill -CONT $rc_pid } +qmailsmtpd_needcdb() { + _src=${qmailsmtpd_tcprules} + _dst=${qmailsmtpd_tcprules}.cdb + [ -f "${_src}" -a "${_src}" -nt "${_dst}" ] || [ ! -f "${_dst}" ] +} + qmailsmtpd_cdb() { - @ECHO@ "Reloading @PKG_SYSCONFDIR@/control/tcprules/smtp." - cd @PKG_SYSCONFDIR@/control/tcprules - @PREFIX@/bin/tcprules smtp.cdb smtp.tmp < smtp - @CHMOD@ 644 smtp.cdb + @ECHO@ "Reloading ${qmailsmtpd_tcprules}." + @PREFIX@/bin/tcprules ${qmailsmtpd_tcprules}.cdb ${qmailsmtpd_tcprules}.tmp < ${qmailsmtpd_tcprules} + @CHMOD@ 644 ${qmailsmtpd_tcprules}.cdb } if [ -f /etc/rc.subr ]; then Index: pkgsrc/mail/qmail-run/files/smtpfilters diff -u pkgsrc/mail/qmail-run/files/smtpfilters:1.2 pkgsrc/mail/qmail-run/files/smtpfilters:1.3 --- pkgsrc/mail/qmail-run/files/smtpfilters:1.2 Wed Nov 28 16:22:41 2018 +++ pkgsrc/mail/qmail-run/files/smtpfilters Fri Dec 14 06:49:31 2018 @@ -1,2 +1,2 @@ -@PREFIX@/bin/qmail-qfilter-viruscan +#@PREFIX@/bin/qmail-qfilter-viruscan @PREFIX@/bin/qmail-qfilter-addtlsheader Index: pkgsrc/mail/qmail-run/files/smtpplugins diff -u pkgsrc/mail/qmail-run/files/smtpplugins:1.4 pkgsrc/mail/qmail-run/files/smtpplugins:1.5 --- pkgsrc/mail/qmail-run/files/smtpplugins:1.4 Tue Dec 11 17:49:41 2018 +++ pkgsrc/mail/qmail-run/files/smtpplugins Fri Dec 14 06:49:31 2018 @@ -13,7 +13,7 @@ # plugins to execute on RCPT command [rcpt] @PREFIX@/bin/qmail-rcptcheck -#@PREFIX@/bin/greylisting-spp-with-exemptions +#@PREFIX@/bin/greylisting-spp-wrapper # plugins to execute on DATA command [data] Index: pkgsrc/mail/qmail-run/files/tcprules-smtp diff -u pkgsrc/mail/qmail-run/files/tcprules-smtp:1.1 pkgsrc/mail/qmail-run/files/tcprules-smtp:1.2 --- pkgsrc/mail/qmail-run/files/tcprules-smtp:1.1 Tue Dec 11 17:49:41 2018 +++ pkgsrc/mail/qmail-run/files/tcprules-smtp Fri Dec 14 06:49:31 2018 @@ -1,2 +1,2 @@ 127.:allow,RELAYCLIENT="" -:allow,UCSPITLS="",GREETDELAY="2",SPP_SPF_RESULT_FAIL="E550 spf_smtp_msg",SPP_SPF_RESULT_PASS="SGL_WHITELISTED=1",GL_DATABASE="@PKG_SYSCONFDIR@/control/greylist/database",GL_VERBOSE="1",QMAILQUEUE="@PREFIX@/bin/qmail-qfilter-queue",QMAILQUEUEFILTERS="control/smtpfilters" +:allow,UCSPITLS="",GREETDELAY="2",SPP_SPF_DONT_ALLOW_RANDOM_IP_PASS="1",SPP_SPF_RESULT_PASS="SGL_WHITELISTED=1",GL_DATABASE="@PKG_SYSCONFDIR@/control/greylist/database",GL_VERBOSE="1",QMAILQUEUE="@PREFIX@/bin/qmail-qfilter-queue",QMAILQUEUEFILTERS="control/smtpfilters" Added files: Index: pkgsrc/mail/qmail-run/files/greylisting-spp-wrapper.sh diff -u /dev/null pkgsrc/mail/qmail-run/files/greylisting-spp-wrapper.sh:1.1 --- /dev/null Fri Dec 14 06:49:31 2018 +++ pkgsrc/mail/qmail-run/files/greylisting-spp-wrapper.sh Fri Dec 14 06:49:31 2018 @@ -0,0 +1,43 @@ +#!@SH@ +# +# $NetBSD: greylisting-spp-wrapper.sh,v 1.1 2018/12/14 06:49:31 schmonz Exp $ +# +# @PKGNAME@ wrapper for greylisting-spp. +# Skips greylisting for configured recipient addresses and domains. +# Optionally assigns a fixed "ip" in (ip,sender,recipient). +# + +EXEMPTRCPTS=@PKG_SYSCONFDIR@/control/greylist/exemptrcpts +EXEMPTRCPTHOSTS=@PKG_SYSCONFDIR@/control/greylist/exemptrcpthosts + +is_exempt_recipient_address() { + [ -f "$EXEMPTRCPTS" ] \ + && @GREP@ -qFx -- "$1" "$EXEMPTRCPTS" +} + +is_exempt_recipient_domain() { + [ -f "$EXEMPTRCPTHOSTS" ] \ + && @GREP@ -qFx -- "$1" "$EXEMPTRCPTHOSTS" +} + +main() { + [ -n "$SMTPRCPTTO" ] || return + + rcpt="$SMTPRCPTTO" + rcpthost=$(@ECHO@ "$rcpt" | @SED@ -e 's|.*@||') + + if is_exempt_recipient_address "$rcpt"; then + @ECHO@ >&2 "greylisting skipped for recipient address: $rcpt" + GL_WHITELISTED="1"; export GL_WHITELISTED + elif is_exempt_recipient_domain "$rcpthost"; then + @ECHO@ >&2 "greylisting skipped for recipient domain: $rcpthost" + GL_WHITELISTED="1"; export GL_WHITELISTED + fi + + if [ -n "$GL_WRAPPER_TCPREMOTEIP" ]; then + TCPREMOTEIP="$GL_WRAPPER_TCPREMOTEIP"; export TCPREMOTEIP + fi +} + +main "$@" +exec @PREFIX@/bin/greylisting-spp --_----------=_1544770171136650--