Enable greylisting by default via mail/greylisting-spp. To make this a

sensible default, we wrap it in "greylisting-spp-with-exemptions", which
lets recipient addresses and domains be exempted from greylisting by
editing control/greylist/exemptrcpt{s,hosts}.

qmailofmipd: enable user CDB by default and remove the verbiage.

qmailsmtpd: bump datalimit (seeing occasional "fixsmtpio: out of memory" in production).

Improve MESSAGE a bit more.

Bump version.

8 files changed, 82 insertions, 26 deletions

diff --git a/mail/qmail-run/MESSAGE b/mail/qmail-run/MESSAGE
index b5cebff905b..167dbed44d5 100644
--- a/mail/qmail-run/MESSAGE
+++ b/mail/qmail-run/MESSAGE
@@ -1,13 +1,13 @@
 ===========================================================================
-$NetBSD: MESSAGE,v 1.12 2018/11/08 20:57:28 schmonz Exp $
+$NetBSD: MESSAGE,v 1.13 2018/11/13 16:34:58 schmonz Exp $
 
 Please read ${PREFIX}/share/doc/qmail-run/README.pkgsrc.
 
 Assuming NetBSD-style mailwrapper(8) and rc(8), to enable qmail for...
 
 Local and outgoing deliveries:
-- Check configuration in ${PKG_SYSCONFDIR} (including alias/.qmail-*).
-- Replace /etc/mailer.conf with share/examples/qmail-run/mailer.conf.
+- Check configuration in ${PKG_SYSCONFDIR} (especially alias/.qmail-*).
+- Copy ${PREFIX}/share/examples/qmail-run/mailer.conf to /etc/mailer.conf.
 - Set qmailsend=YES in /etc/rc.conf.
 
 Local non-root users to see the queue:
@@ -16,15 +16,15 @@ Local non-root users to see the queue:
 
 Incoming SMTP deliveries:
 - Set qmailsmtpd=YES in /etc/rc.conf.
-- Optionally list qmail-rcptcheck programs in control/rcptchecks.
-- Optionally list qmail-qfilter programs in control/smtpfilters.
+- Add any qmail-rcptcheck programs to control/rcptchecks.
+- Add any qmail-qfilter programs to control/smtpfilters.
+- Add any qmail-spp programs to control/smtpplugins.
+- Add any domains exempt from greylisting to control/greylist/exemptrcpthosts.
+- Add any addresses exempt from greylisting to control/greylist/exemptrcpts.
 
 Outgoing authentication-only submission:
 - Set qmailofmipd=YES in /etc/rc.conf.
-- Optionally list qmail-qfilter programs in control/ofmipfilters.
-
-User-controlled ofmipd address rewriting:
-- Set qmailofmipd_ofmipdcmd=${PREFIX}/bin/ofmipd-with-user-cdb in /etc/rc.conf.
+- Add any qmail-qfilter programs to control/ofmipfilters.
 
 Fetching Maildirs via POP3:
 - Set qmailpop3d=YES in /etc/rc.conf.
diff --git a/mail/qmail-run/Makefile b/mail/qmail-run/Makefile
index 4401d57c512..e1b8ff354e3 100644
--- a/mail/qmail-run/Makefile
+++ b/mail/qmail-run/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.56 2018/11/10 15:31:18 schmonz Exp $
+# $NetBSD: Makefile,v 1.57 2018/11/13 16:34:58 schmonz Exp $
 #
 
-DISTNAME=		qmail-run-20181110
+DISTNAME=		qmail-run-20181113
 CATEGORIES=		mail
 MASTER_SITES=		# empty
 DISTFILES=		# empty
@@ -11,6 +11,7 @@ COMMENT=		Configures qmail to receive and deliver mail
 LICENSE=		2-clause-bsd
 
 DEPENDS+=		greetdelay-[0-9]*:../../mail/greetdelay
+DEPENDS+=		greylisting-spp-[0-9]*:../../mail/greylisting-spp
 DEPENDS+=		pkg_alternatives-[0-9]*:../../pkgtools/pkg_alternatives
 DEPENDS_QMAIL=		qmail>=1.03nb40:../../mail/qmail
 DEPENDS+=		${DEPENDS_QMAIL}
@@ -32,20 +33,28 @@ FILES_SUBST+=		UCSPI_SSL_GROUP=${UCSPI_SSL_GROUP:Q}
 MESSAGE_SUBST+=		PKG_SYSCONFBASE=${PKG_SYSCONFBASE:Q}
 RCD_SCRIPTS=		qmail qmailofmipd qmailpop3d qmailqread qmailsend qmailsmtpd
 
+EGDIR=			share/examples/qmail-run
 .for f in defaultdelivery fixsmtpio signatures \
 	pop3capabilities smtpcapabilities smtpplugins \
 	concurrencyincoming concurrencypop3 concurrencysubmission
-CONF_FILES+=		${PREFIX}/share/examples/qmail-run/${f} \
+CONF_FILES+=		${PREFIX}/${EGDIR}/${f} \
 			${PKG_SYSCONFDIR}/control/${f}
 .endfor
 .for f in tcp.ofmip tcp.pop3 tcp.smtp
-CONF_FILES+=		${PREFIX}/share/examples/qmail-run/${f} \
+CONF_FILES+=		${PREFIX}/${EGDIR}/${f} \
 			${PKG_SYSCONFDIR}/${f}
 .endfor
+GREYLISTDIR=		${PKG_SYSCONFDIR}/control/greylist
+OWN_DIRS_PERMS+=	${GREYLISTDIR} ${QMAIL_DAEMON_USER} ${QMAIL_QMAIL_GROUP} 775
+CONF_FILES_PERMS+=	${PREFIX}/${EGDIR}/greylist-database ${GREYLISTDIR}/database ${QMAIL_DAEMON_USER} ${QMAIL_QMAIL_GROUP} 664
+.for f in exemptrcpthosts exemptrcpts
+CONF_FILES+=		${PREFIX}/${EGDIR}/greylist-${f} \
+			${GREYLISTDIR}/${f}
+.endfor
 
-INSTALLATION_DIRS=	bin share/doc/qmail-run share/examples/qmail-run
+INSTALLATION_DIRS=	bin share/doc/qmail-run ${EGDIR}
 BUILD_DEFS+=		QMAIL_DAEMON_USER QMAIL_LOG_USER QMAIL_SEND_USER
-BUILD_DEFS+=		QMAIL_QUEUE_EXTRA PKG_SYSCONFBASE
+BUILD_DEFS+=		QMAIL_QMAIL_GROUP QMAIL_QUEUE_EXTRA PKG_SYSCONFBASE
 BUILD_DEFS+=		UCSPI_SSL_USER UCSPI_SSL_GROUP
 
 .include "../../mk/bsd.prefs.mk"
@@ -66,7 +75,7 @@ MAKEVARS+=	PKG_SYSCONFDIR.qmail-run
 SUBST_CLASSES+=		paths
 SUBST_STAGE.paths=	pre-configure
 SUBST_FILES.paths=	mailer.conf
-SUBST_FILES.paths+=	ofmipd-with-user-cdb
+SUBST_FILES.paths+=	greylisting-spp-with-exemptions ofmipd-with-user-cdb
 SUBST_FILES.paths+=	qmail-isspam-* qmail-procmail qmail-qread-client
 SUBST_FILES.paths+=	smtpplugins tcp.*
 SUBST_VARS.paths=	PKGNAME PKG_SYSCONFDIR PREFIX
@@ -80,14 +89,14 @@ post-extract:
 		tcp.ofmip tcp.pop3 tcp.smtp; do \
 		${CP} ${FILESDIR}/$$f ${WRKDIR}/$$f; \
 	done; \
-	for f in ofmipd-with-user-cdb \
+	for f in greylisting-spp-with-exemptions ofmipd-with-user-cdb \
 		qmail-isspam-rspamd qmail-isspam-spamassassin \
 		qmail-procmail qmail-qread-client; do \
 		${CP} ${FILESDIR}/$$f.sh ${WRKDIR}/$$f; \
 	done
 
 do-install:
-	for f in ofmipd-with-user-cdb \
+	for f in greylisting-spp-with-exemptions ofmipd-with-user-cdb \
 		qmail-isspam-rspamd qmail-isspam-spamassassin \
 		qmail-procmail qmail-qread-client; do \
 		${INSTALL_SCRIPT} ${WRKDIR}/$$f ${DESTDIR}${PREFIX}/bin; \
@@ -99,9 +108,12 @@ do-install:
 		concurrencyincoming concurrencypop3 concurrencysubmission \
 		tcp.ofmip tcp.pop3 tcp.smtp; do \
 		${INSTALL_DATA} ${WRKDIR}/$${f} \
-			${DESTDIR}${PREFIX}/share/examples/qmail-run; \
+			${DESTDIR}${PREFIX}/${EGDIR}; \
+	done; \
+	for f in database exemptrcpthosts exemptrcpts; do \
+		${TOUCH} ${DESTDIR}${PREFIX}/${EGDIR}/greylist-$${f}; \
 	done; \
 	${INSTALL_DATA} ${WRKDIR}/mailer.conf \
-		${DESTDIR}${PREFIX}/share/examples/qmail-run
+		${DESTDIR}${PREFIX}/${EGDIR}
 
 .include "../../mk/bsd.pkg.mk"
diff --git a/mail/qmail-run/PLIST b/mail/qmail-run/PLIST
index bd975506cfb..100e5222682 100644
--- a/mail/qmail-run/PLIST
+++ b/mail/qmail-run/PLIST
@@ -1,4 +1,5 @@
-@comment $NetBSD: PLIST,v 1.15 2018/11/10 15:31:18 schmonz Exp $
+@comment $NetBSD: PLIST,v 1.16 2018/11/13 16:34:58 schmonz Exp $
+bin/greylisting-spp-with-exemptions
 bin/ofmipd-with-user-cdb
 bin/qmail-isspam-rspamd
 bin/qmail-isspam-spamassassin
@@ -10,6 +11,9 @@ share/examples/qmail-run/concurrencypop3
 share/examples/qmail-run/concurrencysubmission
 share/examples/qmail-run/defaultdelivery
 share/examples/qmail-run/fixsmtpio
+share/examples/qmail-run/greylist-database
+share/examples/qmail-run/greylist-exemptrcpthosts
+share/examples/qmail-run/greylist-exemptrcpts
 share/examples/qmail-run/mailer.conf
 share/examples/qmail-run/pop3capabilities
 share/examples/qmail-run/signatures
diff --git a/mail/qmail-run/files/greylisting-spp-with-exemptions.sh b/mail/qmail-run/files/greylisting-spp-with-exemptions.sh
new file mode 100644
index 00000000000..acb88d0a384
--- /dev/null
+++ b/mail/qmail-run/files/greylisting-spp-with-exemptions.sh
@@ -0,0 +1,39 @@
+#!@SH@
+#
+# $NetBSD: greylisting-spp-with-exemptions.sh,v 1.1 2018/11/13 16:34:58 schmonz Exp $
+#
+# @PKGNAME@ wrapper to skip greylisting for certain recipient
+# addresses and domains.
+# Requires greylisting-spp.
+#
+
+EXEMPTRCPTS=@PKG_SYSCONFDIR@/control/greylist/exemptrcpts
+EXEMPTRCPTHOSTS=@PKG_SYSCONFDIR@/control/greylist/exemptrcpthosts
+
+is_exempt_recipient_address() {
+	[ -f "$EXEMPTRCPTS" ] \
+		&& @GREP@ -qFx -- "$1" "$EXEMPTRCPTS"
+}
+
+is_exempt_recipient_domain() {
+	[ -f "$EXEMPTRCPTHOSTS" ] \
+		&& @GREP@ -qFx -- "$1" "$EXEMPTRCPTHOSTS"
+}
+
+main() {
+	[ -n "$SMTPRCPTTO" ] || return
+
+	rcpt="$SMTPRCPTTO"
+	rcpthost=$(@ECHO@ "$rcpt" | @SED@ -e 's|.*@||')
+
+	if is_exempt_recipient_address "$rcpt"; then
+		@ECHO@ >&2 "greylisting skipped for recipient address: $rcpt"
+		export GL_WHITELISTED="1"
+	elif is_exempt_recipient_domain "$rcpthost"; then
+		@ECHO@ >&2 "greylisting skipped for recipient domain: $rcpthost"
+		export GL_WHITELISTED="1"
+	fi
+}
+
+main "$@"
+exec @PREFIX@/bin/greylisting-spp
diff --git a/mail/qmail-run/files/qmailofmipd.sh b/mail/qmail-run/files/qmailofmipd.sh
index 0dec1405574..57b09aca96c 100644
--- a/mail/qmail-run/files/qmailofmipd.sh
+++ b/mail/qmail-run/files/qmailofmipd.sh
@@ -1,6 +1,6 @@
 #!@RCD_SCRIPTS_SHELL@
 #
-# $NetBSD: qmailofmipd.sh,v 1.15 2018/11/08 20:57:28 schmonz Exp $
+# $NetBSD: qmailofmipd.sh,v 1.16 2018/11/13 16:34:58 schmonz Exp $
 #
 # @PKGNAME@ script to control ofmipd (SMTP submission service).
 #
@@ -19,7 +19,7 @@ name="qmailofmipd"
 : ${qmailofmipd_pretcpserver:=""}
 : ${qmailofmipd_tcpserver:="@PREFIX@/bin/sslserver"}
 : ${qmailofmipd_preofmipd:=""}
-: ${qmailofmipd_ofmipdcmd:="@PREFIX@/bin/ofmipd"}
+: ${qmailofmipd_ofmipdcmd:="@PREFIX@/bin/ofmipd-with-user-cdb"}
 : ${qmailofmipd_checkpassword:="@PREFIX@/bin/nbcheckpassword"}
 : ${qmailofmipd_postofmipd:=""}
 : ${qmailofmipd_log:="YES"}
diff --git a/mail/qmail-run/files/qmailsmtpd.sh b/mail/qmail-run/files/qmailsmtpd.sh
index 96e0fdad141..f6e47414190 100644
--- a/mail/qmail-run/files/qmailsmtpd.sh
+++ b/mail/qmail-run/files/qmailsmtpd.sh
@@ -1,6 +1,6 @@
 #!@RCD_SCRIPTS_SHELL@
 #
-# $NetBSD: qmailsmtpd.sh,v 1.20 2018/11/08 20:57:28 schmonz Exp $
+# $NetBSD: qmailsmtpd.sh,v 1.21 2018/11/13 16:34:58 schmonz Exp $
 #
 # @PKGNAME@ script to control qmail-smtpd (SMTP service).
 #
@@ -15,7 +15,7 @@ name="qmailsmtpd"
 : ${qmailsmtpd_tcpflags:="-ne -vRl0"}
 : ${qmailsmtpd_tcphost:="0.0.0.0"}
 : ${qmailsmtpd_tcpport:="25"}
-: ${qmailsmtpd_datalimit:="360000000"}
+: ${qmailsmtpd_datalimit:="540000000"}
 : ${qmailsmtpd_pretcpserver:=""}
 : ${qmailsmtpd_tcpserver:="@PREFIX@/bin/sslserver"}
 : ${qmailsmtpd_presmtpd:="@PREFIX@/bin/greetdelay @PREFIX@/bin/rblsmtpd -r zen.spamhaus.org @PREFIX@/bin/fixsmtpio"}
diff --git a/mail/qmail-run/files/smtpplugins b/mail/qmail-run/files/smtpplugins
index cec3ba653aa..80204461dab 100644
--- a/mail/qmail-run/files/smtpplugins
+++ b/mail/qmail-run/files/smtpplugins
@@ -12,6 +12,7 @@
 # plugins to execute on RCPT command
 [rcpt]
 @PREFIX@/bin/qmail-rcptcheck
+@PREFIX@/bin/greylisting-spp-with-exemptions
 
 # plugins to execute on DATA command
 [data]
diff --git a/mail/qmail-run/files/tcp.smtp b/mail/qmail-run/files/tcp.smtp
index 811166f6c7c..dc606b6919a 100644
--- a/mail/qmail-run/files/tcp.smtp
+++ b/mail/qmail-run/files/tcp.smtp
@@ -1,2 +1,2 @@
 127.:allow,RELAYCLIENT=""
-:allow,UCSPITLS="",GREETDELAY="2",QMAILQUEUE="@PREFIX@/bin/qmail-qfilter-smtpd-queue"
+:allow,UCSPITLS="",GREETDELAY="2",GL_DATABASE="@PKG_SYSCONFDIR@/control/greylist/database",GL_VERBOSE="1",QMAILQUEUE="@PREFIX@/bin/qmail-qfilter-smtpd-queue"