Bump acceptutils dependency to get STARTTLS support in fixsmtpio(8) (obviating the need for qmail-smtpd(8) to be patched to link OpenSSL). Make TLS configurable for submission, POP3, and now also incoming SMTP: - "yes" (startup will fail if cert or DH params are missing) - "no" (even if they're present, don't offer TLS) - "auto" (the default: offer TLS iff they're present) Mention TLS setup in MESSAGE. Delay SMTP greeting by 2 seconds. Enable zen.spamhaus.org RBL. Bump version.diff -r1.11 -r1.12 pkgsrc/mail/qmail-run/MESSAGE
(schmonz)
@@ -1,32 +1,35 @@ | @@ -1,32 +1,35 @@ | |||
1 | =========================================================================== | 1 | =========================================================================== | |
2 | $NetBSD: MESSAGE,v 1.11 2018/10/28 15:01:57 schmonz Exp $ | 2 | $NetBSD: MESSAGE,v 1.12 2018/11/08 20:57:28 schmonz Exp $ | |
3 | 3 | |||
4 | Please read ${PREFIX}/share/doc/qmail-run/README.pkgsrc. | 4 | Please read ${PREFIX}/share/doc/qmail-run/README.pkgsrc. | |
5 | 5 | |||
6 | Assuming NetBSD-style mailwrapper(8) and rc(8), to enable qmail for... | 6 | Assuming NetBSD-style mailwrapper(8) and rc(8), to enable qmail for... | |
7 | 7 | |||
8 | Local and outgoing deliveries: | 8 | Local and outgoing deliveries: | |
9 | - Check configuration in ${PKG_SYSCONFDIR} (including alias/.qmail-*). | 9 | - Check configuration in ${PKG_SYSCONFDIR} (including alias/.qmail-*). | |
10 | - Replace /etc/mailer.conf with share/examples/qmail-run/mailer.conf. | 10 | - Replace /etc/mailer.conf with share/examples/qmail-run/mailer.conf. | |
11 | - Set qmailsend=YES in /etc/rc.conf. | 11 | - Set qmailsend=YES in /etc/rc.conf. | |
12 | 12 | |||
13 | Local non-root users to see the queue: | 13 | Local non-root users to see the queue: | |
14 | - Change the mailq entry in /etc/mailer.conf to qmail-qread-client. | 14 | - Change the mailq entry in /etc/mailer.conf to qmail-qread-client. | |
15 | - Set qmailqread=YES in /etc/rc.conf. | 15 | - Set qmailqread=YES in /etc/rc.conf. | |
16 | 16 | |||
17 | Incoming SMTP deliveries: | 17 | Incoming SMTP deliveries: | |
18 | - Set qmailsmtpd=YES in /etc/rc.conf. | 18 | - Set qmailsmtpd=YES in /etc/rc.conf. | |
19 | - Optionally list qmail-rcptcheck programs in control/rcptchecks. | 19 | - Optionally list qmail-rcptcheck programs in control/rcptchecks. | |
20 | - Optionally list qmail-qfilter programs in control/smtpfilters. | 20 | - Optionally list qmail-qfilter programs in control/smtpfilters. | |
21 | 21 | |||
22 | Outgoing submissions with SMTP AUTH over TLS: | 22 | Outgoing authentication-only submission: | |
23 | - Set qmailofmipd=YES in /etc/rc.conf. | 23 | - Set qmailofmipd=YES in /etc/rc.conf. | |
24 | - Optionally list qmail-qfilter programs in control/ofmipfilters. | 24 | - Optionally list qmail-qfilter programs in control/ofmipfilters. | |
25 | 25 | |||
26 | User-controlled ofmipd address rewriting: | 26 | User-controlled ofmipd address rewriting: | |
27 | - Set qmailofmipd_ofmipdcmd=${PREFIX}/bin/ofmipd-with-user-cdb in /etc/rc.conf. | 27 | - Set qmailofmipd_ofmipdcmd=${PREFIX}/bin/ofmipd-with-user-cdb in /etc/rc.conf. | |
28 | 28 | |||
29 | Fetching Maildirs via POP3: | 29 | Fetching Maildirs via POP3: | |
30 | - Set qmailpop3d=YES in /etc/rc.conf. | 30 | - Set qmailpop3d=YES in /etc/rc.conf. | |
31 | 31 | |||
32 | TLS for incoming and outgoing SMTP, submission, and POP3: | |||
33 | - Create cert and DH params as instructed by the qmail package. | |||
34 | ||||
32 | =========================================================================== | 35 | =========================================================================== |
@@ -1,29 +1,30 @@ | @@ -1,29 +1,30 @@ | |||
1 | # $NetBSD: Makefile,v 1.54 2018/11/03 17:08:26 schmonz Exp $ | 1 | # $NetBSD: Makefile,v 1.55 2018/11/08 20:57:28 schmonz Exp $ | |
2 | # | 2 | # | |
3 | 3 | |||
4 | DISTNAME= qmail-run-20181103 | 4 | DISTNAME= qmail-run-20181108 | |
5 | CATEGORIES= mail | 5 | CATEGORIES= mail | |
6 | MASTER_SITES= # empty | 6 | MASTER_SITES= # empty | |
7 | DISTFILES= # empty | 7 | DISTFILES= # empty | |
8 | 8 | |||
9 | MAINTAINER= schmonz@NetBSD.org | 9 | MAINTAINER= schmonz@NetBSD.org | |
10 | COMMENT= Configures qmail to receive and deliver mail | 10 | COMMENT= Configures qmail to receive and deliver mail | |
11 | LICENSE= 2-clause-bsd | 11 | LICENSE= 2-clause-bsd | |
12 | 12 | |||
13 | DEPENDS+= greetdelay-[0-9]*:../../mail/greetdelay | |||
13 | DEPENDS+= pkg_alternatives-[0-9]*:../../pkgtools/pkg_alternatives | 14 | DEPENDS+= pkg_alternatives-[0-9]*:../../pkgtools/pkg_alternatives | |
14 | DEPENDS_QMAIL= qmail>=1.03nb36:../../mail/qmail | 15 | DEPENDS_QMAIL= qmail>=1.03nb36:../../mail/qmail | |
15 | DEPENDS+= ${DEPENDS_QMAIL} | 16 | DEPENDS+= ${DEPENDS_QMAIL} | |
16 | DEPENDS+= qmail-acceptutils>=20181027:../../mail/qmail-acceptutils | 17 | DEPENDS+= qmail-acceptutils>=20181108:../../mail/qmail-acceptutils | |
17 | DEPENDS+= qmail-qfilter>1.5nb1:../../mail/qmail-qfilter | 18 | DEPENDS+= qmail-qfilter>1.5nb1:../../mail/qmail-qfilter | |
18 | DEPENDS+= qmail-rejectutils-[0-9]*:../../mail/qmail-rejectutils | 19 | DEPENDS+= qmail-rejectutils-[0-9]*:../../mail/qmail-rejectutils | |
19 | 20 | |||
20 | WRKSRC= ${WRKDIR} | 21 | WRKSRC= ${WRKDIR} | |
21 | NO_BUILD= yes | 22 | NO_BUILD= yes | |
22 | NO_CHECKSUM= yes | 23 | NO_CHECKSUM= yes | |
23 | 24 | |||
24 | FILES_SUBST+= QMAIL_DAEMON_USER=${QMAIL_DAEMON_USER:Q} | 25 | FILES_SUBST+= QMAIL_DAEMON_USER=${QMAIL_DAEMON_USER:Q} | |
25 | FILES_SUBST+= QMAIL_LOG_USER=${QMAIL_LOG_USER:Q} | 26 | FILES_SUBST+= QMAIL_LOG_USER=${QMAIL_LOG_USER:Q} | |
26 | FILES_SUBST+= QMAIL_SEND_USER=${QMAIL_SEND_USER:Q} | 27 | FILES_SUBST+= QMAIL_SEND_USER=${QMAIL_SEND_USER:Q} | |
27 | FILES_SUBST+= QMAIL_QUEUE_EXTRA=${QMAIL_QUEUE_EXTRA:Q} | 28 | FILES_SUBST+= QMAIL_QUEUE_EXTRA=${QMAIL_QUEUE_EXTRA:Q} | |
28 | FILES_SUBST+= PKGNAME=${PKGNAME:Q} | 29 | FILES_SUBST+= PKGNAME=${PKGNAME:Q} | |
29 | FILES_SUBST+= UCSPI_SSL_USER=${UCSPI_SSL_USER:Q} | 30 | FILES_SUBST+= UCSPI_SSL_USER=${UCSPI_SSL_USER:Q} |
@@ -20,20 +20,16 @@ | @@ -20,20 +20,16 @@ | |||
20 | # SMTP conversation already in progress, replace greeting | 20 | # SMTP conversation already in progress, replace greeting | |
21 | AUTHUP_USER:greeting::2*::235 ok, go ahead (#2.0.0) | 21 | AUTHUP_USER:greeting::2*::235 ok, go ahead (#2.0.0) | |
22 | 22 | |||
23 | # If client closes connection, tell authup the session succeeded | 23 | # If client closes connection, tell authup the session succeeded | |
24 | AUTHUP_USER:clienteof::*:0: | 24 | AUTHUP_USER:clienteof::*:0: | |
25 | 25 | |||
26 | # If server greets us unhappily, preserve message, and tell authup to stop trying | 26 | # If server greets us unhappily, preserve message, and tell authup to stop trying | |
27 | AUTHUP_USER:greeting::4*:14:&fixsmtpio_noop | 27 | AUTHUP_USER:greeting::4*:14:&fixsmtpio_noop | |
28 | AUTHUP_USER:greeting::5*:15:&fixsmtpio_noop | 28 | AUTHUP_USER:greeting::5*:15:&fixsmtpio_noop | |
29 | 29 | |||
30 | # If server times out, hide message, and tell authup to stop trying | 30 | # If server times out, hide message, and tell authup to stop trying | |
31 | AUTHUP_USER:timeout::*:16: | 31 | AUTHUP_USER:timeout::*:16: | |
32 | 32 | |||
33 | # Don't permit server to advertise further AUTH or STARTTLS | 33 | # Don't permit server to advertise or respond to further AUTH | |
34 | AUTHUP_USER:ehlo::250?AUTH*:: | 34 | AUTHUP_USER:ehlo::250?AUTH*:: | |
35 | AUTHUP_USER:ehlo::250?STARTTLS:: | |||
36 | ||||
37 | # Don't permit client to initiate further AUTH or STARTTLS | |||
38 | AUTHUP_USER:auth:NOOP :*::502 unimplemented (#5.5.1) | 35 | AUTHUP_USER:auth:NOOP :*::502 unimplemented (#5.5.1) | |
39 | AUTHUP_USER:starttls:NOOP :*::502 unimplemented (#5.5.1) |
@@ -1,2 +1,2 @@ | @@ -1,2 +1,2 @@ | |||
1 | 127.:allow,RELAYCLIENT="" | 1 | 127.:allow,RELAYCLIENT="" | |
2 | :allow,QMAILQUEUE="@PREFIX@/bin/qmail-qfilter-smtpd-queue",RCPTCHECK="@PREFIX@/bin/qmail-rcptcheck" | 2 | :allow,UCSPITLS="",GREETDELAY="2",QMAILQUEUE="@PREFIX@/bin/qmail-qfilter-smtpd-queue",RCPTCHECK="@PREFIX@/bin/qmail-rcptcheck" |
@@ -1,69 +1,94 @@ | @@ -1,69 +1,94 @@ | |||
1 | #!@RCD_SCRIPTS_SHELL@ | 1 | #!@RCD_SCRIPTS_SHELL@ | |
2 | # | 2 | # | |
3 | # $NetBSD: qmailofmipd.sh,v 1.14 2018/11/03 17:08:26 schmonz Exp $ | 3 | # $NetBSD: qmailofmipd.sh,v 1.15 2018/11/08 20:57:28 schmonz Exp $ | |
4 | # | 4 | # | |
5 | # @PKGNAME@ script to control ofmipd (SMTP submission service). | 5 | # @PKGNAME@ script to control ofmipd (SMTP submission service). | |
6 | # | 6 | # | |
7 | 7 | |||
8 | # PROVIDE: qmailofmipd mail | 8 | # PROVIDE: qmailofmipd mail | |
9 | # REQUIRE: qmailsend | 9 | # REQUIRE: qmailsend | |
10 | 10 | |||
11 | name="qmailofmipd" | 11 | name="qmailofmipd" | |
12 | 12 | |||
13 | # User-settable rc.conf variables and their default values: | 13 | # User-settable rc.conf variables and their default values: | |
14 | : ${qmailofmipd_postenv:="SSL_UID=$(@ID@ -u @UCSPI_SSL_USER@) SSL_GID=$(@ID@ -g @UCSPI_SSL_GROUP@) DHFILE=@PKG_SYSCONFDIR@/control/dh2048.pem CERTFILE=@PKG_SYSCONFDIR@/control/servercert.pem"} | 14 | : ${qmailofmipd_postenv:="SSL_UID=$(@ID@ -u @UCSPI_SSL_USER@) SSL_GID=$(@ID@ -g @UCSPI_SSL_GROUP@)"} | |
15 | : ${qmailofmipd_tcpflags:="-ne -vRl0"} | 15 | : ${qmailofmipd_tcpflags:="-ne -vRl0"} | |
16 | : ${qmailofmipd_tcphost:="0.0.0.0"} | 16 | : ${qmailofmipd_tcphost:="0.0.0.0"} | |
17 | : ${qmailofmipd_tcpport:="587"} | 17 | : ${qmailofmipd_tcpport:="587"} | |
18 | : ${qmailofmipd_datalimit:="360000000"} | 18 | : ${qmailofmipd_datalimit:="360000000"} | |
19 | : ${qmailofmipd_pretcpserver:=""} | 19 | : ${qmailofmipd_pretcpserver:=""} | |
20 | : ${qmailofmipd_tcpserver:="@PREFIX@/bin/sslserver"} | 20 | : ${qmailofmipd_tcpserver:="@PREFIX@/bin/sslserver"} | |
21 | : ${qmailofmipd_preofmipd:=""} | 21 | : ${qmailofmipd_preofmipd:=""} | |
22 | : ${qmailofmipd_ofmipdcmd:="@PREFIX@/bin/ofmipd"} | 22 | : ${qmailofmipd_ofmipdcmd:="@PREFIX@/bin/ofmipd"} | |
23 | : ${qmailofmipd_checkpassword:="@PREFIX@/bin/nbcheckpassword"} | 23 | : ${qmailofmipd_checkpassword:="@PREFIX@/bin/nbcheckpassword"} | |
24 | : ${qmailofmipd_postofmipd:=""} | 24 | : ${qmailofmipd_postofmipd:=""} | |
25 | : ${qmailofmipd_log:="YES"} | 25 | : ${qmailofmipd_log:="YES"} | |
26 | : ${qmailofmipd_logcmd:="logger -t nbqmail/ofmipd -p mail.info"} | 26 | : ${qmailofmipd_logcmd:="logger -t nbqmail/ofmipd -p mail.info"} | |
27 | : ${qmailofmipd_nologcmd:="@PREFIX@/bin/multilog -*"} | 27 | : ${qmailofmipd_nologcmd:="@PREFIX@/bin/multilog -*"} | |
28 | : ${qmailofmipd_tls:="auto"} | |||
29 | : ${qmailofmipd_tls_dhparams:="@PKG_SYSCONFDIR@/control/dh2048.pem"} | |||
30 | : ${qmailofmipd_tls_cert:="@PKG_SYSCONFDIR@/control/servercert.pem"} | |||
28 | 31 | |||
29 | if [ -f /etc/rc.subr ]; then | 32 | if [ -f /etc/rc.subr ]; then | |
30 | . /etc/rc.subr | 33 | . /etc/rc.subr | |
31 | fi | 34 | fi | |
32 | 35 | |||
33 | rcvar=${name} | 36 | rcvar=${name} | |
34 | required_files="@PKG_SYSCONFDIR@/control/dh2048.pem" | 37 | required_files="@PKG_SYSCONFDIR@/control/me" | |
35 | required_files="${required_files} @PKG_SYSCONFDIR@/control/servercert.pem" | |||
36 | required_files="${required_files} @PKG_SYSCONFDIR@/control/me" | |||
37 | required_files="${required_files} @PKG_SYSCONFDIR@/control/concurrencysubmission" | 38 | required_files="${required_files} @PKG_SYSCONFDIR@/control/concurrencysubmission" | |
38 | required_files="${required_files} @PKG_SYSCONFDIR@/control/rcpthosts" | 39 | required_files="${required_files} @PKG_SYSCONFDIR@/control/rcpthosts" | |
39 | required_files="${required_files} @PKG_SYSCONFDIR@/control/smtpcapabilities" | 40 | required_files="${required_files} @PKG_SYSCONFDIR@/control/smtpcapabilities" | |
40 | required_files="${required_files} @PKG_SYSCONFDIR@/control/fixsmtpio" | 41 | required_files="${required_files} @PKG_SYSCONFDIR@/control/fixsmtpio" | |
41 | required_files="${required_files} @PKG_SYSCONFDIR@/tcp.ofmip.cdb" | 42 | required_files="${required_files} @PKG_SYSCONFDIR@/tcp.ofmip.cdb" | |
42 | command="${qmailofmipd_tcpserver}" | 43 | command="${qmailofmipd_tcpserver}" | |
43 | procname=nb${name} | 44 | procname=nb${name} | |
44 | start_precmd="qmailofmipd_precmd" | 45 | start_precmd="qmailofmipd_precmd" | |
45 | extra_commands="stat pause cont cdb reload" | 46 | extra_commands="stat pause cont cdb reload" | |
46 | stat_cmd="qmailofmipd_stat" | 47 | stat_cmd="qmailofmipd_stat" | |
47 | pause_cmd="qmailofmipd_pause" | 48 | pause_cmd="qmailofmipd_pause" | |
48 | cont_cmd="qmailofmipd_cont" | 49 | cont_cmd="qmailofmipd_cont" | |
49 | cdb_cmd="qmailofmipd_cdb" | 50 | cdb_cmd="qmailofmipd_cdb" | |
50 | reload_cmd=${cdb_cmd} | 51 | reload_cmd=${cdb_cmd} | |
51 | 52 | |||
53 | qmailofmipd_configure_tls() { | |||
54 | if [ "auto" = "${qmailofmipd_tls}" ]; then | |||
55 | if [ -f "${qmailofmipd_tls_dhparams}" ] && [ -f "${qmailofmipd_tls_cert}" ]; then | |||
56 | qmailofmipd_enable_tls | |||
57 | else | |||
58 | qmailofmipd_disable_tls | |||
59 | fi | |||
60 | elif [ -f /etc/rc.subr ] && checkyesno qmailofmipd_tls; then | |||
61 | qmailofmipd_enable_tls | |||
62 | else | |||
63 | qmailofmipd_disable_tls | |||
64 | fi | |||
65 | } | |||
66 | ||||
67 | qmailofmipd_disable_tls() { | |||
68 | qmailofmipd_postenv="${qmailofmipd_postenv} DISABLETLS=1" | |||
69 | } | |||
70 | ||||
71 | qmailofmipd_enable_tls() { | |||
72 | qmailofmipd_postenv="${qmailofmipd_postenv} DHFILE=${qmailofmipd_tls_dhparams}" | |||
73 | qmailofmipd_postenv="${qmailofmipd_postenv} CERTFILE=${qmailofmipd_tls_cert}" | |||
74 | } | |||
75 | ||||
52 | qmailofmipd_precmd() | 76 | qmailofmipd_precmd() | |
53 | { | 77 | { | |
54 | if [ -f /etc/rc.subr ] && ! checkyesno qmailofmipd_log; then | 78 | if [ -f /etc/rc.subr ] && ! checkyesno qmailofmipd_log; then | |
55 | qmailofmipd_logcmd=${qmailofmipd_nologcmd} | 79 | qmailofmipd_logcmd=${qmailofmipd_nologcmd} | |
56 | fi | 80 | fi | |
81 | qmailofmipd_configure_tls | |||
57 | # tcpserver(1) is akin to inetd(8), but runs one service per process. | 82 | # tcpserver(1) is akin to inetd(8), but runs one service per process. | |
58 | # We want to signal only the tcpserver process responsible for this | 83 | # We want to signal only the tcpserver process responsible for this | |
59 | # service. Use argv0(1) to set procname to "nbqmailofmipd". | 84 | # service. Use argv0(1) to set procname to "nbqmailofmipd". | |
60 | command="@PREFIX@/bin/pgrphack @SETENV@ - ${qmailofmipd_postenv} | 85 | command="@PREFIX@/bin/pgrphack @SETENV@ - ${qmailofmipd_postenv} | |
61 | @PREFIX@/bin/softlimit -m ${qmailofmipd_datalimit} ${qmailofmipd_pretcpserver} | 86 | @PREFIX@/bin/softlimit -m ${qmailofmipd_datalimit} ${qmailofmipd_pretcpserver} | |
62 | @PREFIX@/bin/argv0 ${qmailofmipd_tcpserver} ${procname} | 87 | @PREFIX@/bin/argv0 ${qmailofmipd_tcpserver} ${procname} | |
63 | ${qmailofmipd_tcpflags} -x @PKG_SYSCONFDIR@/tcp.ofmip.cdb | 88 | ${qmailofmipd_tcpflags} -x @PKG_SYSCONFDIR@/tcp.ofmip.cdb | |
64 | -c `@HEAD@ -1 @PKG_SYSCONFDIR@/control/concurrencysubmission` | 89 | -c `@HEAD@ -1 @PKG_SYSCONFDIR@/control/concurrencysubmission` | |
65 | ${qmailofmipd_tcphost} ${qmailofmipd_tcpport} | 90 | ${qmailofmipd_tcphost} ${qmailofmipd_tcpport} | |
66 | @PREFIX@/bin/reup -t 5 @PREFIX@/bin/authup smtp | 91 | @PREFIX@/bin/reup -t 5 @PREFIX@/bin/authup smtp | |
67 | ${qmailofmipd_checkpassword} @PREFIX@/bin/checknotroot @PREFIX@/bin/fixsmtpio | 92 | ${qmailofmipd_checkpassword} @PREFIX@/bin/checknotroot @PREFIX@/bin/fixsmtpio | |
68 | ${qmailofmipd_preofmipd} ${qmailofmipd_ofmipdcmd} ${qmailofmipd_postofmipd} | 93 | ${qmailofmipd_preofmipd} ${qmailofmipd_ofmipdcmd} ${qmailofmipd_postofmipd} | |
69 | 2>&1 | | 94 | 2>&1 | |
@@ -1,66 +1,91 @@ | @@ -1,66 +1,91 @@ | |||
1 | #!@RCD_SCRIPTS_SHELL@ | 1 | #!@RCD_SCRIPTS_SHELL@ | |
2 | # | 2 | # | |
3 | # $NetBSD: qmailpop3d.sh,v 1.23 2018/11/03 17:08:26 schmonz Exp $ | 3 | # $NetBSD: qmailpop3d.sh,v 1.24 2018/11/08 20:57:28 schmonz Exp $ | |
4 | # | 4 | # | |
5 | # @PKGNAME@ script to control qmail-pop3d (POP3 server for Maildirs). | 5 | # @PKGNAME@ script to control qmail-pop3d (POP3 server for Maildirs). | |
6 | # | 6 | # | |
7 | 7 | |||
8 | # PROVIDE: qmailpop3d mail | 8 | # PROVIDE: qmailpop3d mail | |
9 | 9 | |||
10 | name="qmailpop3d" | 10 | name="qmailpop3d" | |
11 | 11 | |||
12 | # User-settable rc.conf variables and their default values: | 12 | # User-settable rc.conf variables and their default values: | |
13 | : ${qmailpop3d_postenv:="SSL_UID=$(@ID@ -u @UCSPI_SSL_USER@) SSL_GID=$(@ID@ -g @UCSPI_SSL_GROUP@) DHFILE=@PKG_SYSCONFDIR@/control/dh2048.pem CERTFILE=@PKG_SYSCONFDIR@/control/servercert.pem"} | 13 | : ${qmailpop3d_postenv:="SSL_UID=$(@ID@ -u @UCSPI_SSL_USER@) SSL_GID=$(@ID@ -g @UCSPI_SSL_GROUP@)"} | |
14 | : ${qmailpop3d_tcpflags:="-ne -vRl0"} | 14 | : ${qmailpop3d_tcpflags:="-ne -vRl0"} | |
15 | : ${qmailpop3d_tcphost:="0.0.0.0"} | 15 | : ${qmailpop3d_tcphost:="0.0.0.0"} | |
16 | : ${qmailpop3d_tcpport:="110"} | 16 | : ${qmailpop3d_tcpport:="110"} | |
17 | : ${qmailpop3d_datalimit:="180000000"} | 17 | : ${qmailpop3d_datalimit:="180000000"} | |
18 | : ${qmailpop3d_pretcpserver:=""} | 18 | : ${qmailpop3d_pretcpserver:=""} | |
19 | : ${qmailpop3d_tcpserver:="@PREFIX@/bin/sslserver"} | 19 | : ${qmailpop3d_tcpserver:="@PREFIX@/bin/sslserver"} | |
20 | : ${qmailpop3d_prepop3d:=""} | 20 | : ${qmailpop3d_prepop3d:=""} | |
21 | : ${qmailpop3d_pop3dcmd:="@PREFIX@/bin/qmail-pop3d"} | 21 | : ${qmailpop3d_pop3dcmd:="@PREFIX@/bin/qmail-pop3d"} | |
22 | : ${qmailpop3d_checkpassword:="@PREFIX@/bin/nbcheckpassword"} | 22 | : ${qmailpop3d_checkpassword:="@PREFIX@/bin/nbcheckpassword"} | |
23 | : ${qmailpop3d_maildirname:="Maildir"} | 23 | : ${qmailpop3d_maildirname:="Maildir"} | |
24 | : ${qmailpop3d_log:="YES"} | 24 | : ${qmailpop3d_log:="YES"} | |
25 | : ${qmailpop3d_logcmd:="logger -t nbqmail/pop3d -p mail.info"} | 25 | : ${qmailpop3d_logcmd:="logger -t nbqmail/pop3d -p mail.info"} | |
26 | : ${qmailpop3d_nologcmd:="@PREFIX@/bin/multilog -*"} | 26 | : ${qmailpop3d_nologcmd:="@PREFIX@/bin/multilog -*"} | |
27 | : ${qmailpop3d_tls:="auto"} | |||
28 | : ${qmailpop3pd_tls_dhparams:="@PKG_SYSCONFDIR@/control/dh2048.pem"} | |||
29 | : ${qmailpop3pd_tls_cert:="@PKG_SYSCONFDIR@/control/servercert.pem"} | |||
27 | 30 | |||
28 | if [ -f /etc/rc.subr ]; then | 31 | if [ -f /etc/rc.subr ]; then | |
29 | . /etc/rc.subr | 32 | . /etc/rc.subr | |
30 | fi | 33 | fi | |
31 | 34 | |||
32 | rcvar=${name} | 35 | rcvar=${name} | |
33 | required_files="@PKG_SYSCONFDIR@/control/dh2048.pem" | 36 | required_files="@PKG_SYSCONFDIR@/control/me" | |
34 | required_files="${required_files} @PKG_SYSCONFDIR@/control/servercert.pem" | |||
35 | required_files="${required_files} @PKG_SYSCONFDIR@/control/me" | |||
36 | required_files="${required_files} @PKG_SYSCONFDIR@/control/concurrencypop3" | 37 | required_files="${required_files} @PKG_SYSCONFDIR@/control/concurrencypop3" | |
37 | required_files="${required_files} @PKG_SYSCONFDIR@/control/pop3capabilities" | 38 | required_files="${required_files} @PKG_SYSCONFDIR@/control/pop3capabilities" | |
38 | required_files="${required_files} @PKG_SYSCONFDIR@/tcp.pop3.cdb" | 39 | required_files="${required_files} @PKG_SYSCONFDIR@/tcp.pop3.cdb" | |
39 | command="${qmailpop3d_tcpserver}" | 40 | command="${qmailpop3d_tcpserver}" | |
40 | procname=nb${name} | 41 | procname=nb${name} | |
41 | start_precmd="qmailpop3d_precmd" | 42 | start_precmd="qmailpop3d_precmd" | |
42 | extra_commands="stat pause cont cdb reload" | 43 | extra_commands="stat pause cont cdb reload" | |
43 | stat_cmd="qmailpop3d_stat" | 44 | stat_cmd="qmailpop3d_stat" | |
44 | pause_cmd="qmailpop3d_pause" | 45 | pause_cmd="qmailpop3d_pause" | |
45 | cont_cmd="qmailpop3d_cont" | 46 | cont_cmd="qmailpop3d_cont" | |
46 | cdb_cmd="qmailpop3d_cdb" | 47 | cdb_cmd="qmailpop3d_cdb" | |
47 | reload_cmd=${cdb_cmd} | 48 | reload_cmd=${cdb_cmd} | |
48 | 49 | |||
50 | qmailpop3d_configure_tls() { | |||
51 | if [ "auto" = "${qmailpop3d_tls}" ]; then | |||
52 | if [ -f "${qmailpop3d_tls_dhparams}" ] && [ -f "${qmailpop3d_tls_cert}" ]; then | |||
53 | qmailpop3d_enable_tls | |||
54 | else | |||
55 | qmailpop3d_disable_tls | |||
56 | fi | |||
57 | elif [ -f /etc/rc.subr ] && checkyesno qmailpop3d_tls; then | |||
58 | qmailpop3d_enable_tls | |||
59 | else | |||
60 | qmailpop3d_disable_tls | |||
61 | fi | |||
62 | } | |||
63 | ||||
64 | qmailpop3d_disable_tls() { | |||
65 | qmailpop3d_postenv="${qmailpop3d_postenv} DISABLETLS=1" | |||
66 | } | |||
67 | ||||
68 | qmailpop3d_enable_tls() { | |||
69 | qmailpop3d_postenv="${qmailpop3d_postenv} DHFILE=${qmailpop3d_tls_dhparams}" | |||
70 | qmailpop3d_postenv="${qmailpop3d_postenv} CERTFILE=${qmailpop3d_tls_cert}" | |||
71 | } | |||
72 | ||||
49 | qmailpop3d_precmd() | 73 | qmailpop3d_precmd() | |
50 | { | 74 | { | |
51 | if [ -f /etc/rc.subr ] && ! checkyesno qmailpop3d_log; then | 75 | if [ -f /etc/rc.subr ] && ! checkyesno qmailpop3d_log; then | |
52 | qmailpop3d_logcmd=${qmailpop3d_nologcmd} | 76 | qmailpop3d_logcmd=${qmailpop3d_nologcmd} | |
53 | fi | 77 | fi | |
78 | qmailpop3d_configure_tls | |||
54 | # tcpserver(1) is akin to inetd(8), but runs one service per process. | 79 | # tcpserver(1) is akin to inetd(8), but runs one service per process. | |
55 | # We want to signal only the tcpserver process responsible for this | 80 | # We want to signal only the tcpserver process responsible for this | |
56 | # service. Use argv0(1) to set procname to "nbqmailpop3d". | 81 | # service. Use argv0(1) to set procname to "nbqmailpop3d". | |
57 | command="@PREFIX@/bin/pgrphack @SETENV@ - ${qmailpop3d_postenv} | 82 | command="@PREFIX@/bin/pgrphack @SETENV@ - ${qmailpop3d_postenv} | |
58 | @PREFIX@/bin/softlimit -m ${qmailpop3d_datalimit} ${qmailpop3d_pretcpserver} | 83 | @PREFIX@/bin/softlimit -m ${qmailpop3d_datalimit} ${qmailpop3d_pretcpserver} | |
59 | @PREFIX@/bin/argv0 ${qmailpop3d_tcpserver} ${procname} | 84 | @PREFIX@/bin/argv0 ${qmailpop3d_tcpserver} ${procname} | |
60 | ${qmailpop3d_tcpflags} -x @PKG_SYSCONFDIR@/tcp.pop3.cdb | 85 | ${qmailpop3d_tcpflags} -x @PKG_SYSCONFDIR@/tcp.pop3.cdb | |
61 | -c `@HEAD@ -1 @PKG_SYSCONFDIR@/control/concurrencypop3` | 86 | -c `@HEAD@ -1 @PKG_SYSCONFDIR@/control/concurrencypop3` | |
62 | ${qmailpop3d_tcphost} ${qmailpop3d_tcpport} | 87 | ${qmailpop3d_tcphost} ${qmailpop3d_tcpport} | |
63 | @PREFIX@/bin/authup pop3 | 88 | @PREFIX@/bin/authup pop3 | |
64 | ${qmailpop3d_checkpassword} @PREFIX@/bin/checknotroot | 89 | ${qmailpop3d_checkpassword} @PREFIX@/bin/checknotroot | |
65 | ${qmailpop3d_prepop3d} ${qmailpop3d_pop3dcmd} ${qmailpop3d_maildirname} | 90 | ${qmailpop3d_prepop3d} ${qmailpop3d_pop3dcmd} ${qmailpop3d_maildirname} | |
66 | 2>&1 | | 91 | 2>&1 | |
@@ -1,63 +1,91 @@ | @@ -1,63 +1,91 @@ | |||
1 | #!@RCD_SCRIPTS_SHELL@ | 1 | #!@RCD_SCRIPTS_SHELL@ | |
2 | # | 2 | # | |
3 | # $NetBSD: qmailsmtpd.sh,v 1.19 2018/11/03 17:08:26 schmonz Exp $ | 3 | # $NetBSD: qmailsmtpd.sh,v 1.20 2018/11/08 20:57:28 schmonz Exp $ | |
4 | # | 4 | # | |
5 | # @PKGNAME@ script to control qmail-smtpd (SMTP service). | 5 | # @PKGNAME@ script to control qmail-smtpd (SMTP service). | |
6 | # | 6 | # | |
7 | 7 | |||
8 | # PROVIDE: qmailsmtpd mail | 8 | # PROVIDE: qmailsmtpd mail | |
9 | # REQUIRE: qmailsend | 9 | # REQUIRE: qmailsend | |
10 | 10 | |||
11 | name="qmailsmtpd" | 11 | name="qmailsmtpd" | |
12 | 12 | |||
13 | # User-settable rc.conf variables and their default values: | 13 | # User-settable rc.conf variables and their default values: | |
14 | : ${qmailsmtpd_postenv:=""} | 14 | : ${qmailsmtpd_postenv:="SSL_UID=$(@ID@ -u @UCSPI_SSL_USER@) SSL_GID=$(@ID@ -g @UCSPI_SSL_GROUP@)"} | |
15 | : ${qmailsmtpd_tcpflags:="-vRl0"} | 15 | : ${qmailsmtpd_tcpflags:="-ne -vRl0"} | |
16 | : ${qmailsmtpd_tcphost:="0"} | 16 | : ${qmailsmtpd_tcphost:="0.0.0.0"} | |
17 | : ${qmailsmtpd_tcpport:="25"} | 17 | : ${qmailsmtpd_tcpport:="25"} | |
18 | : ${qmailsmtpd_datalimit:="180000000"} | 18 | : ${qmailsmtpd_datalimit:="360000000"} | |
19 | : ${qmailsmtpd_pretcpserver:=""} | 19 | : ${qmailsmtpd_pretcpserver:=""} | |
20 | : ${qmailsmtpd_tcpserver:="@PREFIX@/bin/tcpserver"} | 20 | : ${qmailsmtpd_tcpserver:="@PREFIX@/bin/sslserver"} | |
21 | : ${qmailsmtpd_presmtpd:=""} | 21 | : ${qmailsmtpd_presmtpd:="@PREFIX@/bin/greetdelay @PREFIX@/bin/rblsmtpd -r zen.spamhaus.org @PREFIX@/bin/fixsmtpio"} | |
22 | : ${qmailsmtpd_smtpdcmd:="@PREFIX@/bin/qmail-smtpd"} | 22 | : ${qmailsmtpd_smtpdcmd:="@PREFIX@/bin/qmail-smtpd"} | |
23 | : ${qmailsmtpd_postsmtpd:=""} | 23 | : ${qmailsmtpd_postsmtpd:=""} | |
24 | : ${qmailsmtpd_log:="YES"} | 24 | : ${qmailsmtpd_log:="YES"} | |
25 | : ${qmailsmtpd_logcmd:="logger -t nbqmail/smtpd -p mail.info"} | 25 | : ${qmailsmtpd_logcmd:="logger -t nbqmail/smtpd -p mail.info"} | |
26 | : ${qmailsmtpd_nologcmd:="@PREFIX@/bin/multilog -*"} | 26 | : ${qmailsmtpd_nologcmd:="@PREFIX@/bin/multilog -*"} | |
27 | : ${qmailsmtpd_tls:="auto"} | |||
28 | : ${qmailsmtpd_tls_dhparams:="@PKG_SYSCONFDIR@/control/dh2048.pem"} | |||
29 | : ${qmailsmtpd_tls_cert:="@PKG_SYSCONFDIR@/control/servercert.pem"} | |||
27 | 30 | |||
28 | if [ -f /etc/rc.subr ]; then | 31 | if [ -f /etc/rc.subr ]; then | |
29 | . /etc/rc.subr | 32 | . /etc/rc.subr | |
30 | fi | 33 | fi | |
31 | 34 | |||
32 | rcvar=${name} | 35 | rcvar=${name} | |
33 | required_files="@PKG_SYSCONFDIR@/control/concurrencyincoming" | 36 | required_files="@PKG_SYSCONFDIR@/control/me" | |
34 | required_files="${required_files} @PKG_SYSCONFDIR@/tcp.smtp.cdb" | 37 | required_files="${required_files} @PKG_SYSCONFDIR@/control/concurrencyincoming" | |
35 | required_files="${required_files} @PKG_SYSCONFDIR@/control/rcpthosts" | 38 | required_files="${required_files} @PKG_SYSCONFDIR@/control/rcpthosts" | |
39 | required_files="${required_files} @PKG_SYSCONFDIR@/tcp.smtp.cdb" | |||
36 | command="${qmailsmtpd_tcpserver}" | 40 | command="${qmailsmtpd_tcpserver}" | |
37 | procname=nb${name} | 41 | procname=nb${name} | |
38 | start_precmd="qmailsmtpd_precmd" | 42 | start_precmd="qmailsmtpd_precmd" | |
39 | extra_commands="stat pause cont cdb reload" | 43 | extra_commands="stat pause cont cdb reload" | |
40 | stat_cmd="qmailsmtpd_stat" | 44 | stat_cmd="qmailsmtpd_stat" | |
41 | pause_cmd="qmailsmtpd_pause" | 45 | pause_cmd="qmailsmtpd_pause" | |
42 | cont_cmd="qmailsmtpd_cont" | 46 | cont_cmd="qmailsmtpd_cont" | |
43 | cdb_cmd="qmailsmtpd_cdb" | 47 | cdb_cmd="qmailsmtpd_cdb" | |
44 | reload_cmd=${cdb_cmd} | 48 | reload_cmd=${cdb_cmd} | |
45 | 49 | |||
50 | qmailsmtpd_configure_tls() { | |||
51 | if [ "auto" = "${qmailsmtpd_tls}" ]; then | |||
52 | if [ -f "${qmailsmtpd_tls_dhparams}" ] && [ -f "${qmailsmtpd_tls_cert}" ]; then | |||
53 | qmailsmtpd_enable_tls | |||
54 | else | |||
55 | qmailsmtpd_disable_tls | |||
56 | fi | |||
57 | elif [ -f /etc/rc.subr ] && checkyesno qmailsmtpd_tls; then | |||
58 | qmailsmtpd_enable_tls | |||
59 | else | |||
60 | qmailsmtpd_disable_tls | |||
61 | fi | |||
62 | } | |||
63 | ||||
64 | qmailsmtpd_disable_tls() { | |||
65 | qmailsmtpd_postenv="${qmailsmtpd_postenv} DISABLETLS=1" | |||
66 | } | |||
67 | ||||
68 | qmailsmtpd_enable_tls() { | |||
69 | qmailsmtpd_postenv="${qmailsmtpd_postenv} DHFILE=${qmailsmtpd_tls_dhparams}" | |||
70 | qmailsmtpd_postenv="${qmailsmtpd_postenv} CERTFILE=${qmailsmtpd_tls_cert}" | |||
71 | } | |||
72 | ||||
46 | qmailsmtpd_precmd() | 73 | qmailsmtpd_precmd() | |
47 | { | 74 | { | |
48 | if [ -f /etc/rc.subr ] && ! checkyesno qmailsmtpd_log; then | 75 | if [ -f /etc/rc.subr ] && ! checkyesno qmailsmtpd_log; then | |
49 | qmailsmtpd_logcmd=${qmailsmtpd_nologcmd} | 76 | qmailsmtpd_logcmd=${qmailsmtpd_nologcmd} | |
50 | fi | 77 | fi | |
78 | qmailsmtpd_configure_tls | |||
51 | # tcpserver(1) is akin to inetd(8), but runs one service per process. | 79 | # tcpserver(1) is akin to inetd(8), but runs one service per process. | |
52 | # We want to signal only the tcpserver process responsible for this | 80 | # We want to signal only the tcpserver process responsible for this | |
53 | # service. Use argv0(1) to set procname to "nbqmailsmtpd". | 81 | # service. Use argv0(1) to set procname to "nbqmailsmtpd". | |
54 | command="@PREFIX@/bin/pgrphack @SETENV@ - ${qmailsmtpd_postenv} | 82 | command="@PREFIX@/bin/pgrphack @SETENV@ - ${qmailsmtpd_postenv} | |
55 | @PREFIX@/bin/softlimit -m ${qmailsmtpd_datalimit} ${qmailsmtpd_pretcpserver} | 83 | @PREFIX@/bin/softlimit -m ${qmailsmtpd_datalimit} ${qmailsmtpd_pretcpserver} | |
56 | @PREFIX@/bin/argv0 ${qmailsmtpd_tcpserver} ${procname} | 84 | @PREFIX@/bin/argv0 ${qmailsmtpd_tcpserver} ${procname} | |
57 | ${qmailsmtpd_tcpflags} -x @PKG_SYSCONFDIR@/tcp.smtp.cdb | 85 | ${qmailsmtpd_tcpflags} -x @PKG_SYSCONFDIR@/tcp.smtp.cdb | |
58 | -c `@HEAD@ -1 @PKG_SYSCONFDIR@/control/concurrencyincoming` | 86 | -c `@HEAD@ -1 @PKG_SYSCONFDIR@/control/concurrencyincoming` | |
59 | -u `@ID@ -u @QMAIL_DAEMON_USER@` -g `@ID@ -g @QMAIL_DAEMON_USER@` | 87 | -u `@ID@ -u @QMAIL_DAEMON_USER@` -g `@ID@ -g @QMAIL_DAEMON_USER@` | |
60 | ${qmailsmtpd_tcphost} ${qmailsmtpd_tcpport} | 88 | ${qmailsmtpd_tcphost} ${qmailsmtpd_tcpport} | |
61 | ${qmailsmtpd_presmtpd} ${qmailsmtpd_smtpdcmd} ${qmailsmtpd_postsmtpd} | 89 | ${qmailsmtpd_presmtpd} ${qmailsmtpd_smtpdcmd} ${qmailsmtpd_postsmtpd} | |
62 | 2>&1 | | 90 | 2>&1 | | |
63 | @PREFIX@/bin/pgrphack @PREFIX@/bin/setuidgid @QMAIL_LOG_USER@ ${qmailsmtpd_logcmd}" | 91 | @PREFIX@/bin/pgrphack @PREFIX@/bin/setuidgid @QMAIL_LOG_USER@ ${qmailsmtpd_logcmd}" |