diff options
| author | manu <manu> | 2013-09-19 10:54:05 +0000 |
|---|---|---|
| committer | manu <manu> | 2013-09-19 10:54:05 +0000 |
| commit | 6baba59d14a481369d3e68005d91d087490da500 (patch) | |
| tree | 8ac0bfc291cdf43cf5aab279f9e1c5b771744f44 | |
| parent | 3641394a26c1867d959b3afab5ef990b247cad7b (diff) | |
| download | pkgsrc-6baba59d14a481369d3e68005d91d087490da500.tar.gz | |
Add a ffr_tls_1 option to sendmail, which enable the O CipherList
option for sendmail.cf. it is required in order to remove weak ciphers,
and enforce Forward Secrecy on modern MUA
Usage example:
O CipherList=DH@STRENGTH:HIGH:!MD5:!DES:!aNULL:!eNULL
| -rw-r--r-- | mail/sendmail/Makefile | 7 | ||||
| -rw-r--r-- | mail/sendmail/files/site.config.m4-ffr_tls_1 | 4 | ||||
| -rw-r--r-- | mail/sendmail/options.mk | 9 |
3 files changed, 16 insertions, 4 deletions
diff --git a/mail/sendmail/Makefile b/mail/sendmail/Makefile index dd1375d5023..b3dabdab001 100644 --- a/mail/sendmail/Makefile +++ b/mail/sendmail/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.116 2013/07/12 10:44:58 jperkin Exp $ +# $NetBSD: Makefile,v 1.117 2013/09/19 10:54:05 manu Exp $ PKGNAME= sendmail-${DIST_VERS} -PKGREVISION= 1 +PKGREVISION= 2 COMMENT= The well known Mail Transport Agent CONFLICTS+= courier-mta-[0-9]* fastforward>=0.51nb2 postfix-[0-9]* @@ -67,6 +67,9 @@ post-patch: make-sendmail-siteconfig .if !empty(PKG_OPTIONS:Mtls) cat ${FILESDIR}/site.config.m4-starttls >>${SITECONFIG} .endif +.if !empty(PKG_OPTIONS:Mffr_tls_1) + cat ${FILESDIR}/site.config.m4-ffr_tls_1 >>${SITECONFIG} +.endif .if !empty(PKG_OPTIONS:Msasl) cat ${FILESDIR}/site.config.m4-sasl2 >>${SITECONFIG} .endif diff --git a/mail/sendmail/files/site.config.m4-ffr_tls_1 b/mail/sendmail/files/site.config.m4-ffr_tls_1 new file mode 100644 index 00000000000..0d2ec4f6cde --- /dev/null +++ b/mail/sendmail/files/site.config.m4-ffr_tls_1 @@ -0,0 +1,4 @@ +# $NetBSD: site.config.m4-ffr_tls_1,v 1.1 2013/09/19 10:54:05 manu Exp $ + +# enable _FFR_TLS_1 +APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TLS_1') diff --git a/mail/sendmail/options.mk b/mail/sendmail/options.mk index 26e36ec3104..4205b114017 100644 --- a/mail/sendmail/options.mk +++ b/mail/sendmail/options.mk @@ -1,7 +1,7 @@ -# $NetBSD: options.mk,v 1.19 2012/12/28 05:27:06 jnemeth Exp $ +# $NetBSD: options.mk,v 1.20 2013/09/19 10:54:05 manu Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.sendmail -PKG_SUPPORTED_OPTIONS= inet6 db2 ldap sasl tls tcpwrappers +PKG_SUPPORTED_OPTIONS= inet6 db2 ldap sasl tls tcpwrappers ffr_tls_1 PKG_SUGGESTED_OPTIONS= inet6 tcpwrappers PKG_OPTIONS_LEGACY_OPTS+= starttls:tls @@ -37,6 +37,11 @@ PKG_OPTIONS_LEGACY_OPTS+= starttls:tls .endif ### +### 'For Future Release' FFR_TLS_1 options: CipherList, multiple certs +### +# Nothing to do here, activation is done in Makefile + +### ### Use tcpwrappers for network access control to sendmail ### .if !empty(PKG_OPTIONS:Mtcpwrappers) |