diff options
| author | jnemeth <jnemeth@pkgsrc.org> | 2019-07-15 04:32:49 +0000 |
|---|---|---|
| committer | jnemeth <jnemeth@pkgsrc.org> | 2019-07-15 04:32:49 +0000 |
| commit | e586ca6a323b5adbc1d27ad3db4bc906685b0aa8 (patch) | |
| tree | 92fd9a95041a58d44e56ded853de74b2b7ed9f75 | |
| parent | 56b73338d2b2780733a06ea03bd13810ebfb71c9 (diff) | |
| download | pkgsrc-e586ca6a323b5adbc1d27ad3db4bc906685b0aa8.tar.gz | |
Add support for working with blacklistd. These patches were
originally created for FreeBSD and were ported to pkgsrc by Hauke
Fath with some cleanup by myself.
These patches add a new "UseBlacklist" option to sendmail to have
it send authentication failure notices to blacklistd.
| -rw-r--r-- | mail/sendmail/Makefile | 7 | ||||
| -rw-r--r-- | mail/sendmail/distinfo | 14 | ||||
| -rw-r--r-- | mail/sendmail/files/site.config.m4-blacklistd | 5 | ||||
| -rw-r--r-- | mail/sendmail/files/site.config.m4-sasl2 | 7 | ||||
| -rw-r--r-- | mail/sendmail/options.mk | 15 | ||||
| -rw-r--r-- | mail/sendmail/patches/patch-an | 15 | ||||
| -rw-r--r-- | mail/sendmail/patches/patch-ar | 25 | ||||
| -rw-r--r-- | mail/sendmail/patches/patch-aw | 30 | ||||
| -rw-r--r-- | mail/sendmail/patches/patch-az | 52 | ||||
| -rw-r--r-- | mail/sendmail/patches/patch-bl | 62 | ||||
| -rw-r--r-- | mail/sendmail/patches/patch-bm | 62 | ||||
| -rw-r--r-- | mail/sendmail/patches/patch-bn | 16 | ||||
| -rw-r--r-- | mail/sendmail/patches/patch-bo | 24 |
13 files changed, 303 insertions, 31 deletions
diff --git a/mail/sendmail/Makefile b/mail/sendmail/Makefile index 4803b14b545..79d05bc984a 100644 --- a/mail/sendmail/Makefile +++ b/mail/sendmail/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.131 2019/07/15 02:06:42 jnemeth Exp $ +# $NetBSD: Makefile,v 1.132 2019/07/15 04:32:49 jnemeth Exp $ PKGNAME= sendmail-${DIST_VERS} -PKGREVISION= 3 +PKGREVISION= 4 COMMENT= The well known Mail Transport Agent CONFLICTS+= courier-mta-[0-9]* fastforward>=0.51nb2 postfix-[0-9]* @@ -106,6 +106,9 @@ post-patch: make-sendmail-siteconfig .if !empty(PKG_OPTIONS:Msendmail-ffr-badrcptshutdown) cat ${FILESDIR}/site.config.m4-ffr_badrcptshutdown >>${SITECONFIG} .endif +.if !empty(PKG_OPTIONS:Mblacklistd) + cat ${FILESDIR}/site.config.m4-blacklistd >>${SITECONFIG} +.endif post-extract: cp ${FILESDIR}/mailer.conf ${WRKDIR}/mailer.conf diff --git a/mail/sendmail/distinfo b/mail/sendmail/distinfo index 8846e1e4571..89fe07ac0cf 100644 --- a/mail/sendmail/distinfo +++ b/mail/sendmail/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.58 2018/12/05 12:10:21 bsiegert Exp $ +$NetBSD: distinfo,v 1.59 2019/07/15 04:32:49 jnemeth Exp $ SHA1 (sendmail.8.15.2.tar.gz) = 5801d4b06f4e38ef228a5954a44d17636eaa5a16 RMD160 (sendmail.8.15.2.tar.gz) = 1fe2210e1ded1fe2ee640fceb1de29f19ceaa8e4 @@ -10,19 +10,19 @@ SHA1 (patch-ag) = f76de45c7e8d16207670e151265b7edbca4c045c SHA1 (patch-ah) = e6be09008b9230ffdd1560aaacbdbb2ee4fb8028 SHA1 (patch-ai) = 0bd3676dce988cf1167fae09443da0d1a1363abb SHA1 (patch-aj) = e65e6fe44380de2f9c397c1a97677eb4ad285433 -SHA1 (patch-an) = 739c9081979bdb3eb77b117fd905c2875a1fc064 +SHA1 (patch-an) = 56b8b82880b9ef8fefd7cbbe98dad30b8db753f1 SHA1 (patch-ao) = 88dd76b71ad57a8d0efdb6e8518ff01689ecf634 SHA1 (patch-ap) = 9c83d9ed1b4d8c851c106597638763515923a4ab SHA1 (patch-aq) = 722382daf085ac2f4a06d0c812bb00f49bcdfd2c -SHA1 (patch-ar) = d68984a057d7a0a674a8d46cf903585c8279f7a8 +SHA1 (patch-ar) = 1ecf39ddded8504079c5c446625bf9ad9497044f SHA1 (patch-as) = 652b107d5f68507a0b2fb7c5402186eff96c6bc0 SHA1 (patch-at) = 7c206df88d29671faef950276a5119ef2f525f4b SHA1 (patch-au) = 87e907f36482f3ca03754160bc1ee106e17e3aaa SHA1 (patch-av) = 1b6bd4547930507ab67427bcf8a390c0afce0fb0 -SHA1 (patch-aw) = 9077b9fc4063bd1a66500b203d246bcddae8eb0f +SHA1 (patch-aw) = 33066ae7770e7f8ea6520b3fc0ecbe46dd4d958d SHA1 (patch-ax) = adba9177404e10d5f461e1e8f0c4dd5840d78dd1 SHA1 (patch-ay) = 94f9c633c1d15037ddd0a6ed46a4f3aaec236fc2 -SHA1 (patch-az) = 592ec93f700723485a5969ae1f1836c64975d1d0 +SHA1 (patch-az) = 5885c524fcae3a314c07eadf661bbe6ae1c081e7 SHA1 (patch-ba) = c190b11b9874f00a18b9c75b6e734f4a9dd3f68f SHA1 (patch-bb) = 6c86a60af25b02fc0389f1d40f59c5031d9679f1 SHA1 (patch-bc) = 9e7346342dfe1ca5d84053b913df4be41a979683 @@ -31,3 +31,7 @@ SHA1 (patch-be) = d2f3397b7880f23f8cbd5d3c4eb5ccfe6a6ca75b SHA1 (patch-bf) = 9c5faf5b38c18623e5ce4ffafc00a4430965e41a SHA1 (patch-bg) = 17b750d84333eacd39a23aa313d5ba24dc7d2156 SHA1 (patch-bk) = 0b0b85fb6c5c80c8419c783dc3e35d28edbdb70b +SHA1 (patch-bl) = 4fff262691deb2fcacf5013bfeb5aede45783dcd +SHA1 (patch-bm) = a30f2152407a1f5ac84d95f5c28c506b5645f4bc +SHA1 (patch-bn) = 3af37c9d3523d6093181ae3b7d4c25bc8173b7f9 +SHA1 (patch-bo) = b92941be46a3dc86226a774b5df31ce62e9fbc17 diff --git a/mail/sendmail/files/site.config.m4-blacklistd b/mail/sendmail/files/site.config.m4-blacklistd new file mode 100644 index 00000000000..be6638891e6 --- /dev/null +++ b/mail/sendmail/files/site.config.m4-blacklistd @@ -0,0 +1,5 @@ +# $Id: site.config.m4-blacklistd,v 1.1 2019/07/15 04:32:49 jnemeth Exp $ + +APPENDDEF(`conf_sendmail_ENVDEF', `-DUSE_BLACKLIST') +APPENDDEF(`conf_sendmail_LIBS', `-lblacklist') + diff --git a/mail/sendmail/files/site.config.m4-sasl2 b/mail/sendmail/files/site.config.m4-sasl2 index 1d5a47c5502..3b2cc9d0d31 100644 --- a/mail/sendmail/files/site.config.m4-sasl2 +++ b/mail/sendmail/files/site.config.m4-sasl2 @@ -1,8 +1,9 @@ -# $NetBSD: site.config.m4-sasl2,v 1.3 2014/06/20 16:26:55 jnemeth Exp $ +# $NetBSD: site.config.m4-sasl2,v 1.4 2019/07/15 04:32:49 jnemeth Exp $ # enable SASL 2 APPENDDEF(`confENVDEF', `-DSASL=2') APPENDDEF(`conf_sendmail_LIBS', `-lsasl2') -# for some strange reason SASL, and NAMED_RESN and MILTER are incompatible -APPENDDEF(`confENVDEF', `-DNAMED_RESN=0') +# XXX JMN always enable NAMED_RESN for now +## for some strange reason SASL, and NAMED_RESN and MILTER are incompatible +#APPENDDEF(`confENVDEF', `-DNAMED_RESN=0') diff --git a/mail/sendmail/options.mk b/mail/sendmail/options.mk index 01537404c17..c9cb86bd9c7 100644 --- a/mail/sendmail/options.mk +++ b/mail/sendmail/options.mk @@ -1,10 +1,17 @@ -# $NetBSD: options.mk,v 1.24 2019/07/15 02:06:42 jnemeth Exp $ +# $NetBSD: options.mk,v 1.25 2019/07/15 04:32:49 jnemeth Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.sendmail PKG_SUPPORTED_OPTIONS= inet6 db2 db4 ldap sasl tls tcpwrappers PKG_SUPPORTED_OPTIONS+= sendmail-ffr-tls sendmail-ffr-badrcptshutdown PKG_SUGGESTED_OPTIONS= inet6 tcpwrappers tls +.include "../../mk/bsd.prefs.mk" + +.if ${OPSYS} == "NetBSD" || ${OPSYS} == "FreeBSD" +PKG_SUPPORTED_OPTIONS+= blacklistd +PKG_SUGGESTED_OPTIONS+= blacklistd +.endif + PKG_OPTIONS_LEGACY_OPTS+= starttls:tls ffr_tls_1:sendmail-ffr-tls .include "../../mk/bsd.options.mk" @@ -62,3 +69,9 @@ PKG_OPTIONS_LEGACY_OPTS+= starttls:tls ffr_tls_1:sendmail-ffr-tls ### .if !empty(PKG_OPTIONS:Minet6) .endif + +### +### NetBSD blacklistd(8) support. +### +# Nothing to do here, activation is done in Makefile + diff --git a/mail/sendmail/patches/patch-an b/mail/sendmail/patches/patch-an index 6be7e265c90..41d71c29f40 100644 --- a/mail/sendmail/patches/patch-an +++ b/mail/sendmail/patches/patch-an @@ -1,8 +1,8 @@ -$NetBSD: patch-an,v 1.2 2014/06/20 05:24:32 jnemeth Exp $ +$NetBSD: patch-an,v 1.3 2019/07/15 04:32:49 jnemeth Exp $ ---- sendmail/Makefile.m4.orig 2014-05-16 20:40:15.000000000 +0000 +--- sendmail/Makefile.m4.orig 2015-06-19 12:59:29.000000000 +0000 +++ sendmail/Makefile.m4 -@@ -4,7 +4,7 @@ include(confBUILDTOOLSDIR`/M4/switch.m4' +@@ -4,9 +4,10 @@ include(confBUILDTOOLSDIR`/M4/switch.m4' define(`confREQUIRE_LIBSM', `true') define(`confREQUIRE_SM_OS_H', `true') bldPRODUCT_START(`executable', `sendmail') @@ -10,8 +10,11 @@ $NetBSD: patch-an,v 1.2 2014/06/20 05:24:32 jnemeth Exp $ +dnl define(`bldBIN_TYPE', `G') define(`bldINSTALL_DIR', `') define(`bldSOURCES', `main.c alias.c arpadate.c bf.c collect.c conf.c control.c convtime.c daemon.c deliver.c domain.c envelope.c err.c headers.c macro.c map.c mci.c milter.c mime.c parseaddr.c queue.c ratectrl.c readcf.c recipient.c sasl.c savemail.c sfsasl.c shmticklib.c sm_resolve.c srvrsmtp.c stab.c stats.c sysexits.c timers.c tls.c trace.c udb.c usersmtp.c util.c version.c ') ++APPENDDEF(`bldSOURCES',`blacklist.c ') PREPENDDEF(`confENVDEF', `confMAPDEF') -@@ -68,7 +68,7 @@ ifdef(`confNO_STATISTICS_INSTALL',, `bld + bldPUSH_SMLIB(`sm') + bldPUSH_SMLIB(`smutil') +@@ -68,7 +69,7 @@ ifdef(`confNO_STATISTICS_INSTALL',, `bld divert(bldTARGETS_SECTION) install-set-user-id: bldCURRENT_PRODUCT ifdef(`confNO_HELPFILE_INSTALL',, `install-hf') ifdef(`confNO_STATISTICS_INSTALL',, `install-st') ifdef(`confNO_MAN_BUILD',, `install-docs') @@ -20,7 +23,7 @@ $NetBSD: patch-an,v 1.2 2014/06/20 05:24:32 jnemeth Exp $ for i in ${sendmailTARGET_LINKS}; do \ rm -f $$i; \ ${LN} ${LNOPTS} ${M`'BINDIR}/sendmail $$i; \ -@@ -76,7 +76,7 @@ install-set-user-id: bldCURRENT_PRODUCT +@@ -76,7 +77,7 @@ install-set-user-id: bldCURRENT_PRODUCT define(`confMTA_LINKS', `${DESTDIR}${UBINDIR}/newaliases ${DESTDIR}${UBINDIR}/mailq ${DESTDIR}${UBINDIR}/hoststat ${DESTDIR}${UBINDIR}/purgestat') install-sm-mta: bldCURRENT_PRODUCT @@ -29,7 +32,7 @@ $NetBSD: patch-an,v 1.2 2014/06/20 05:24:32 jnemeth Exp $ for i in confMTA_LINKS; do \ rm -f $$i; \ ${LN} ${LNOPTS} ${M`'BINDIR}/sm-mta $$i; \ -@@ -84,14 +84,14 @@ install-sm-mta: bldCURRENT_PRODUCT +@@ -84,14 +85,14 @@ install-sm-mta: bldCURRENT_PRODUCT install-hf: if [ ! -d ${DESTDIR}${HFDIR} ]; then mkdir -p ${DESTDIR}${HFDIR}; else :; fi diff --git a/mail/sendmail/patches/patch-ar b/mail/sendmail/patches/patch-ar index 3e4f3a04e93..ee48215dd8b 100644 --- a/mail/sendmail/patches/patch-ar +++ b/mail/sendmail/patches/patch-ar @@ -1,6 +1,6 @@ -$NetBSD: patch-ar,v 1.1 2014/06/15 20:48:50 jnemeth Exp $ +$NetBSD: patch-ar,v 1.2 2019/07/15 04:32:49 jnemeth Exp $ ---- sendmail/daemon.c.orig 2014-05-16 20:40:15.000000000 +0000 +--- sendmail/daemon.c.orig 2015-02-28 00:50:03.000000000 +0000 +++ sendmail/daemon.c @@ -57,6 +57,10 @@ SM_RCSID("@(#)$Id: daemon.c,v 8.698 2013 # endif /* HAS_IN_H */ @@ -13,7 +13,16 @@ $NetBSD: patch-ar,v 1.1 2014/06/15 20:48:50 jnemeth Exp $ #include <sm/fdset.h> #define DAEMON_C 1 -@@ -2295,16 +2299,16 @@ makeconnection(host, port, mci, e, enoug +@@ -754,6 +758,8 @@ getrequests(e) + anynet_ntoa(&RealHostAddr)); + } + ++ BLACKLIST_INIT(); ++ + if (pipefd[0] != -1) + { + auto char c; +@@ -2298,16 +2304,16 @@ makeconnection(host, port, mci, e, enoug if (hp == NULL && p[-1] == '.') { #if NAMED_BIND @@ -33,7 +42,7 @@ $NetBSD: patch-ar,v 1.1 2014/06/15 20:48:50 jnemeth Exp $ #endif /* NAMED_BIND */ } *p = ']'; -@@ -2333,15 +2337,15 @@ makeconnection(host, port, mci, e, enoug +@@ -2336,15 +2342,15 @@ makeconnection(host, port, mci, e, enoug if (hp == NULL && *p == '.') { #if NAMED_BIND @@ -52,7 +61,7 @@ $NetBSD: patch-ar,v 1.1 2014/06/15 20:48:50 jnemeth Exp $ #endif /* NAMED_BIND */ } } -@@ -4005,13 +4009,13 @@ host_map_lookup(map, name, av, statp) +@@ -4007,13 +4013,13 @@ host_map_lookup(map, name, av, statp) #if NAMED_BIND if (map->map_timeout > 0) { @@ -70,7 +79,7 @@ $NetBSD: patch-ar,v 1.1 2014/06/15 20:48:50 jnemeth Exp $ } #endif /* NAMED_BIND */ -@@ -4074,9 +4078,9 @@ host_map_lookup(map, name, av, statp) +@@ -4076,9 +4082,9 @@ host_map_lookup(map, name, av, statp) } #if NAMED_BIND if (map->map_timeout > 0) @@ -82,7 +91,7 @@ $NetBSD: patch-ar,v 1.1 2014/06/15 20:48:50 jnemeth Exp $ #endif /* NAMED_BIND */ s->s_namecanon.nc_flags |= NCF_VALID; /* will be soon */ -@@ -4407,11 +4411,11 @@ hostnamebyanyaddr(sap) +@@ -4407,11 +4413,11 @@ hostnamebyanyaddr(sap) # if NAMED_BIND /* shorten name server timeout to avoid higher level timeouts */ @@ -99,7 +108,7 @@ $NetBSD: patch-ar,v 1.1 2014/06/15 20:48:50 jnemeth Exp $ # endif /* NAMED_BIND */ switch (sap->sa.sa_family) -@@ -4450,7 +4454,7 @@ hostnamebyanyaddr(sap) +@@ -4450,7 +4456,7 @@ hostnamebyanyaddr(sap) } # if NAMED_BIND diff --git a/mail/sendmail/patches/patch-aw b/mail/sendmail/patches/patch-aw index 94e3f6a3474..2a103b16d11 100644 --- a/mail/sendmail/patches/patch-aw +++ b/mail/sendmail/patches/patch-aw @@ -1,6 +1,6 @@ -$NetBSD: patch-aw,v 1.4 2014/12/06 23:22:20 jnemeth Exp $ +$NetBSD: patch-aw,v 1.5 2019/07/15 04:32:49 jnemeth Exp $ ---- sendmail/readcf.c.orig 2014-10-22 16:33:53.000000000 +0000 +--- sendmail/readcf.c.orig 2015-06-17 16:51:58.000000000 +0000 +++ sendmail/readcf.c @@ -20,6 +20,10 @@ SM_RCSID("@(#)$Id: readcf.c,v 8.692 2013 # include <arpa/inet.h> @@ -13,7 +13,18 @@ $NetBSD: patch-aw,v 1.4 2014/12/06 23:22:20 jnemeth Exp $ #define SECONDS #define MINUTES * 60 -@@ -2999,13 +3003,13 @@ setoption(opt, val, safe, sticky, e) +@@ -2910,6 +2914,10 @@ static struct optioninfo + #endif + #define O_USECOMPRESSEDIPV6ADDRESSES 0xec + { "UseCompressedIPv6Addresses", O_USECOMPRESSEDIPV6ADDRESSES, OI_NONE }, ++#ifdef USE_BLACKLIST ++# define O_BLACKLIST 0xf2 ++ { "UseBlacklist", O_BLACKLIST, OI_NONE }, ++#endif + + { NULL, '\0', OI_NONE } + }; +@@ -3318,13 +3326,13 @@ setoption(opt, val, safe, sticky, e) if (rfp->rf_name == NULL) syserr("readcf: I option value %s unrecognized", q); else if (clearmode) @@ -30,3 +41,16 @@ $NetBSD: patch-aw,v 1.4 2014/12/06 23:22:20 jnemeth Exp $ #else /* NAMED_BIND */ usrerr("name server (I option) specified but BIND not compiled in"); #endif /* NAMED_BIND */ +@@ -4540,6 +4548,12 @@ setoption(opt, val, safe, sticky, e) + UseCompressedIPv6Addresses = atobool(val); + break; + ++#ifdef USE_BLACKLIST ++ case O_BLACKLIST: ++ UseBlacklist = atobool(val); ++ break; ++#endif ++ + default: + if (tTd(37, 1)) + { diff --git a/mail/sendmail/patches/patch-az b/mail/sendmail/patches/patch-az index cb22ee58a81..c26f59e5197 100644 --- a/mail/sendmail/patches/patch-az +++ b/mail/sendmail/patches/patch-az @@ -1,6 +1,6 @@ -$NetBSD: patch-az,v 1.2 2014/12/06 23:22:20 jnemeth Exp $ +$NetBSD: patch-az,v 1.3 2019/07/15 04:32:49 jnemeth Exp $ ---- sendmail/srvrsmtp.c.orig 2014-11-12 03:02:04.000000000 +0000 +--- sendmail/srvrsmtp.c.orig 2015-03-18 11:47:12.000000000 +0000 +++ sendmail/srvrsmtp.c @@ -46,6 +46,10 @@ static bool tls_ok_srv = false; static bool NotFirstDelivery = false; @@ -13,7 +13,53 @@ $NetBSD: patch-az,v 1.2 2014/12/06 23:22:20 jnemeth Exp $ /* server features */ #define SRV_NONE 0x0000 /* none... */ #define SRV_OFFER_TLS 0x0001 /* offer STARTTLS */ -@@ -3983,8 +3987,8 @@ smtp_data(smtp, e) +@@ -1328,6 +1332,7 @@ smtp(nullserver, d_flags, e) + (int) tp.tv_sec + + (tp.tv_usec >= 500000 ? 1 : 0) + ); ++ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, fd, "pre-greeting traffic"); + } + } + } +@@ -1589,7 +1594,12 @@ smtp(nullserver, d_flags, e) + /* get an OK if we're done */ + if (result == SASL_OK) + { ++ int fd; ++ + authenticated: ++ fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL); ++ BLACKLIST_NOTIFY(BLACKLIST_AUTH_OK, fd, "AUTH OK"); ++ + message("235 2.0.0 OK Authenticated"); + authenticating = SASL_IS_AUTH; + macdefine(&BlankEnvelope.e_macro, A_TEMP, +@@ -1721,8 +1731,12 @@ smtp(nullserver, d_flags, e) + } + else + { ++ int fd; ++ + /* not SASL_OK or SASL_CONT */ + message("535 5.7.0 authentication failed"); ++ fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL); ++ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, fd, "AUTH FAIL"); + if (LogLevel > 9) + sm_syslog(LOG_WARNING, e->e_id, + "AUTH failure (%s): %s (%d) %s, relay=%.100s", +@@ -3523,7 +3537,11 @@ doquit: + #if MAXBADCOMMANDS > 0 + if (++n_badcmds > MAXBADCOMMANDS) + { ++ int fd; ++ + stopattack: ++ fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL); ++ BLACKLIST_NOTIFY(BLACKLIST_ABUSIVE_BEHAVIOR, fd, "too many bad commands"); + message("421 4.7.0 %s Too many bad commands; closing connection", + MyHostName); + +@@ -3992,8 +4010,8 @@ smtp_data(smtp, e) id = e->e_id; #if NAMED_BIND diff --git a/mail/sendmail/patches/patch-bl b/mail/sendmail/patches/patch-bl new file mode 100644 index 00000000000..218c0d79007 --- /dev/null +++ b/mail/sendmail/patches/patch-bl @@ -0,0 +1,62 @@ +# $NetBSD: patch-bl,v 1.1 2019/07/15 04:32:49 jnemeth Exp $ + +--- sendmail/blacklist.c.orig 2018-01-02 20:16:44 UTC ++++ sendmail/blacklist.c +@@ -0,0 +1,57 @@ ++/*- ++ * Copyright (c) 2016 The FreeBSD Foundation ++ * All rights reserved. ++ * ++ * This software was developed by Kurt Lidl under sponsorship from the ++ * FreeBSD Foundation. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. */ ++ ++/* $FreeBSD$ */ ++ ++#ifdef USE_BLACKLIST ++#include <sm/gen.h> ++#include <sendmail.h> /* for EXTERN UseBlacklist */ ++ ++#include <blacklist.h> ++#include "blacklist_client.h" ++ ++static struct blacklist *blstate; ++ ++void ++blacklist_init(void) ++{ ++ ++ if (UseBlacklist) ++ blstate = blacklist_open(); ++} ++ ++void ++blacklist_notify(int action, int fd, const char *msg) ++{ ++ ++ if (blstate == NULL) ++ return; ++ (void)blacklist_r(blstate, action, fd, msg); ++} ++ ++#endif /* USE_BLACKLIST */ diff --git a/mail/sendmail/patches/patch-bm b/mail/sendmail/patches/patch-bm new file mode 100644 index 00000000000..cb0637e2edb --- /dev/null +++ b/mail/sendmail/patches/patch-bm @@ -0,0 +1,62 @@ +# $Id: patch-bm,v 1.1 2019/07/15 04:32:49 jnemeth Exp $ + +--- sendmail/blacklist_client.h.orig 2018-01-02 20:16:44 UTC ++++ sendmail/blacklist_client.h +@@ -0,0 +1,57 @@ ++/*- ++ * Copyright (c) 2016 The FreeBSD Foundation ++ * All rights reserved. ++ * ++ * This software was developed by Kurt Lidl under sponsorship from the ++ * FreeBSD Foundation. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. */ ++ ++/* $FreeBSD$ */ ++ ++#ifndef BLACKLIST_CLIENT_H ++#define BLACKLIST_CLIENT_H ++ ++#ifndef BLACKLIST_API_ENUM ++enum { ++ BLACKLIST_AUTH_OK = 0, ++ BLACKLIST_AUTH_FAIL, ++ BLACKLIST_ABUSIVE_BEHAVIOR, ++ BLACKLIST_BAD_USER ++}; ++#endif ++ ++#ifdef USE_BLACKLIST ++void blacklist_init(void); ++void blacklist_notify(int, int, const char *); ++ ++#define BLACKLIST_INIT() blacklist_init() ++#define BLACKLIST_NOTIFY(x, y, msg) blacklist_notify(x, y, msg) ++ ++#else ++ ++#define BLACKLIST_INIT() ++#define BLACKLIST_NOTIFY(x, y, msg) ++ ++#endif ++ ++#endif /* BLACKLIST_CLIENT_H */ diff --git a/mail/sendmail/patches/patch-bn b/mail/sendmail/patches/patch-bn new file mode 100644 index 00000000000..d7d5518debb --- /dev/null +++ b/mail/sendmail/patches/patch-bn @@ -0,0 +1,16 @@ +$NetBSD: patch-bn,v 1.1 2019/07/15 04:32:49 jnemeth Exp $ + +--- sendmail/sendmail.8.orig 2014-06-13 14:57:59.000000000 +0000 ++++ sendmail/sendmail.8 +@@ -537,6 +537,11 @@ for this amount of time, + failed messages will be returned to the sender. + The default is five days. + .TP ++UseBlacklist ++If set, send authentication failure and success notifications to the ++.BR blacklistd (8) ++daemon. ++.TP + .RI UserDatabaseSpec= userdatabase + If set, a user database is consulted to get forwarding information. + You can consider this an adjunct to the aliasing mechanism, diff --git a/mail/sendmail/patches/patch-bo b/mail/sendmail/patches/patch-bo new file mode 100644 index 00000000000..33152094bdc --- /dev/null +++ b/mail/sendmail/patches/patch-bo @@ -0,0 +1,24 @@ +$NetBSD: patch-bo,v 1.1 2019/07/15 04:32:49 jnemeth Exp $ + +--- sendmail/sendmail.h.orig 2015-06-19 12:59:29.000000000 +0000 ++++ sendmail/sendmail.h +@@ -57,6 +57,8 @@ SM_UNUSED(static char SmailId[]) = "@(#) + #endif /* _DEFINE */ + + #include "bf.h" ++#include <blacklist.h> ++#include "blacklist_client.h" + #include "timers.h" + #include <sm/exc.h> + #include <sm/heap.h> +@@ -2544,6 +2546,10 @@ EXTERN int ConnectionRateWindowSize; + EXTERN bool SSLEngineInitialized; + #endif /* STARTTLS && USE_OPENSSL_ENGINE */ + ++#if USE_BLACKLIST ++EXTERN bool UseBlacklist; ++#endif ++ + /* + ** Declarations of useful functions + */ |