diff options
author | schmonz <schmonz@pkgsrc.org> | 2018-12-14 06:49:30 +0000 |
---|---|---|
committer | schmonz <schmonz@pkgsrc.org> | 2018-12-14 06:49:30 +0000 |
commit | c67582b6c898028243b0176e205317010d8fbf3a (patch) | |
tree | 2526760c1440a9b1200f0ba82c8e7e492b3ca7f5 /mail | |
parent | 83b051269b55f66da6062b857aadeb37d2118ef7 (diff) | |
download | pkgsrc-c67582b6c898028243b0176e205317010d8fbf3a.tar.gz |
Extract most of MESSAGE to README.pkgsrc. (MESSAGE was getting too long.)
Comment out qmail-qfilter-viruscan in control/smtpfilters. It's not a
very precise tool, so the cost (false positives) probably outweighs the
benefit (blocked malware attachments) for many users.
Also not a sensible default: rejecting incoming mail on SPF
explicit-fail. This needs to be an admin decision because, among other
reasons, it would also reject messages forwarded through servers that
haven't configured SRS. Document SPF setup, including how to reject
(with this caveat) and how to greylist SPF explicit-pass (which would
otherwise be exempted from greylisting).
Rename greylisting-spp-with-exemptions to greylisting-spp-wrapper. Add a
feature: to effectively omit IP from the (IP,sender,recipient) tuple,
add GL_WRAPPER_TCPREMOTEIP="127.127.127.127" to control/tcprules/smtp.
rc.d scripts:
- Location of tcprules file is configurable
- By default, CDB is auto-rebuilt as needed on service start
- CDB auto-rebuilding can be configured off
Bump version.
Diffstat (limited to 'mail')
-rw-r--r-- | mail/qmail-run/INSTALL | 11 | ||||
-rw-r--r-- | mail/qmail-run/MESSAGE | 34 | ||||
-rw-r--r-- | mail/qmail-run/Makefile | 10 | ||||
-rw-r--r-- | mail/qmail-run/PLIST | 4 | ||||
-rw-r--r-- | mail/qmail-run/files/README.pkgsrc | 55 | ||||
-rw-r--r-- | mail/qmail-run/files/greylisting-spp-wrapper.sh (renamed from mail/qmail-run/files/greylisting-spp-with-exemptions.sh) | 16 | ||||
-rw-r--r-- | mail/qmail-run/files/qmailofmipd.sh | 24 | ||||
-rw-r--r-- | mail/qmail-run/files/qmailpop3d.sh | 24 | ||||
-rw-r--r-- | mail/qmail-run/files/qmailsmtpd.sh | 24 | ||||
-rw-r--r-- | mail/qmail-run/files/smtpfilters | 2 | ||||
-rw-r--r-- | mail/qmail-run/files/smtpplugins | 2 | ||||
-rw-r--r-- | mail/qmail-run/files/tcprules-smtp | 2 |
12 files changed, 135 insertions, 73 deletions
diff --git a/mail/qmail-run/INSTALL b/mail/qmail-run/INSTALL index 4f6585325bb..d7baa4ea644 100644 --- a/mail/qmail-run/INSTALL +++ b/mail/qmail-run/INSTALL @@ -1,4 +1,4 @@ -# $NetBSD: INSTALL,v 1.10 2018/12/11 17:49:40 schmonz Exp $ +# $NetBSD: INSTALL,v 1.11 2018/12/14 06:49:30 schmonz Exp $ case "${STAGE}" in @@ -12,13 +12,4 @@ PRE-INSTALL) ;; -POST-INSTALL) - cd ${PKG_SYSCONFDIR}/control/tcprules - for i in ofmip pop3 smtp; do - ${CHMOD} 644 ${i} - ${PREFIX}/bin/tcprules ${i}.cdb ${i}.tmp < ${i} - ${CHMOD} 644 ${i}.cdb - done - - ;; esac diff --git a/mail/qmail-run/MESSAGE b/mail/qmail-run/MESSAGE index 5d20f2284f7..2e1b53c60bc 100644 --- a/mail/qmail-run/MESSAGE +++ b/mail/qmail-run/MESSAGE @@ -1,34 +1,16 @@ =========================================================================== -$NetBSD: MESSAGE,v 1.14 2018/11/14 16:46:58 schmonz Exp $ +$NetBSD: MESSAGE,v 1.15 2018/12/14 06:49:30 schmonz Exp $ -Please read ${PREFIX}/share/doc/qmail-run/README.pkgsrc. +Assuming NetBSD-style mailwrapper(8) and rc(8), to enable qmail for +local and outbound delivery: -Assuming NetBSD-style mailwrapper(8) and rc(8), to enable qmail for... - -Local and outbound delivery: +- Run "/etc/rc.d/postfix stop" and set postfix=NO in /etc/rc.conf. +- Replace /etc/mailer.conf with ${PREFIX}/share/examples/qmail-run/mailer.conf. - Check configuration in ${PKG_SYSCONFDIR} (especially alias/.qmail-*). -- Copy ${PREFIX}/share/examples/qmail-run/mailer.conf to /etc/mailer.conf. - Set qmailsend=YES and qmailqread=YES in /etc/rc.conf. +- Run "/etc/rc.d/qmail start". -Incoming SMTP on port 25: -- Add any qmail-rcptcheck programs to control/rcptchecks. -- Add any qmail-qfilter programs to control/smtpfilters. -- Add any qmail-spp programs (such as greylisting) to control/smtpplugins. -- Set qmailsmtpd=YES in /etc/rc.conf. - -Greylisting: -- Add any exempt recipient addresses to control/greylist/exemptrcpts. -- Add any exempt recipient domains to control/greylist/exemptrcpthosts. -- Uncomment "greylisting-spp-with-exemptions" in control/smtpplugins. - -Authenticated submission on port 587: -- Add any qmail-qfilter programs to control/ofmipfilters. -- Set qmailofmipd=YES in /etc/rc.conf. - -POP3 (for Maildirs only) on port 110: -- Set qmailpop3d=YES in /etc/rc.conf. - -TLS encryption everywhere applicable: -- Create cert and DH params as instructed by the qmail package. +For SMTP, TLS, and more, please read +${PREFIX}/share/doc/qmail-run/README.pkgsrc. =========================================================================== diff --git a/mail/qmail-run/Makefile b/mail/qmail-run/Makefile index 6726b8f3e11..ce201e3e8ec 100644 --- a/mail/qmail-run/Makefile +++ b/mail/qmail-run/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.64 2018/12/12 01:08:30 schmonz Exp $ +# $NetBSD: Makefile,v 1.65 2018/12/14 06:49:30 schmonz Exp $ # -DISTNAME= qmail-run-20181211.1 +DISTNAME= qmail-run-20181214 CATEGORIES= mail MASTER_SITES= # empty DISTFILES= # empty @@ -78,7 +78,7 @@ MAKEVARS+= PKG_SYSCONFDIR.qmail-run SUBST_CLASSES+= paths SUBST_STAGE.paths= pre-configure SUBST_FILES.paths= mailer.conf -SUBST_FILES.paths+= greylisting-spp-with-exemptions ofmipd-with-user-cdb +SUBST_FILES.paths+= greylisting-spp-wrapper ofmipd-with-user-cdb SUBST_FILES.paths+= qmail-isspam-* qmail-procmail qmail-qread-client SUBST_FILES.paths+= rcptchecks ofmipfilters smtpfilters smtpplugins tcprules-* SUBST_VARS.paths= PKGNAME PKG_SYSCONFDIR PREFIX @@ -93,14 +93,14 @@ post-extract: tcprules-ofmip tcprules-pop3 tcprules-smtp; do \ ${CP} ${FILESDIR}/$$f ${WRKDIR}/$$f; \ done; \ - for f in greylisting-spp-with-exemptions ofmipd-with-user-cdb \ + for f in greylisting-spp-wrapper ofmipd-with-user-cdb \ qmail-isspam-rspamd qmail-isspam-spamassassin \ qmail-procmail qmail-qread-client; do \ ${CP} ${FILESDIR}/$$f.sh ${WRKDIR}/$$f; \ done do-install: - for f in greylisting-spp-with-exemptions ofmipd-with-user-cdb \ + for f in greylisting-spp-wrapper ofmipd-with-user-cdb \ qmail-isspam-rspamd qmail-isspam-spamassassin \ qmail-procmail qmail-qread-client; do \ ${INSTALL_SCRIPT} ${WRKDIR}/$$f ${DESTDIR}${PREFIX}/bin; \ diff --git a/mail/qmail-run/PLIST b/mail/qmail-run/PLIST index a1b07aeeaf7..382f4fd7a71 100644 --- a/mail/qmail-run/PLIST +++ b/mail/qmail-run/PLIST @@ -1,5 +1,5 @@ -@comment $NetBSD: PLIST,v 1.19 2018/12/11 17:49:40 schmonz Exp $ -bin/greylisting-spp-with-exemptions +@comment $NetBSD: PLIST,v 1.20 2018/12/14 06:49:30 schmonz Exp $ +bin/greylisting-spp-wrapper bin/ofmipd-with-user-cdb bin/qmail-isspam-rspamd bin/qmail-isspam-spamassassin diff --git a/mail/qmail-run/files/README.pkgsrc b/mail/qmail-run/files/README.pkgsrc index 1c67cdda774..fb4e86d8065 100644 --- a/mail/qmail-run/files/README.pkgsrc +++ b/mail/qmail-run/files/README.pkgsrc @@ -1,3 +1,58 @@ + Getting started + =============== + +Assuming NetBSD-style mailwrapper(8) and rc(8), to enable qmail for... + +Local and outbound delivery: +- Run "/etc/rc.d/postfix stop" and set postfix=NO in /etc/rc.conf. +- Replace /etc/mailer.conf with ${PREFIX}/share/examples/qmail-run/mailer.conf. +- Check configuration in ${PKG_SYSCONFDIR} (especially alias/.qmail-*). +- Set qmailsend=YES and qmailqread=YES in /etc/rc.conf. +- Run "/etc/rc.d/qmail start". + +Incoming SMTP on port 25: +- Set qmailsmtpd=YES in /etc/rc.conf. +- Add any qmail-rcptcheck programs to control/rcptchecks. +- Add any qmail-qfilter programs to control/smtpfilters. +- Add any qmail-spp programs (such as greylisting) to control/smtpplugins. +- Run "/etc/rc.d/qmailsmtpd start". + +Greylisting: +- Add any exempt recipient addresses to control/greylist/exemptrcpts. +- Add any exempt recipient domains to control/greylist/exemptrcpthosts. +- Tuples are (IP,sender,recipient). To effectively omit IP, add + GL_WRAPPER_TCPREMOTEIP="127.127.127.127" to control/tcprules/smtp, + then run "/etc/rc.d/qmailsmtpd cdb". +- Uncomment "greylisting-spp-wrapper" in control/smtpplugins. + +Authenticated message submission on port 587: +- Set qmailofmipd=YES in /etc/rc.conf. +- Add any qmail-qfilter programs to control/ofmipfilters. +- Run "/etc/rc.d/qmailofmipd start". + +POP3 (for Maildirs only) on port 110: +- Set qmailpop3d=YES in /etc/rc.conf. +- Run "/etc/rc.d/qmailpop3d start". + +TLS encryption for SMTP, submission, POP3, and remote delivery: +- Create cert and DH params (as instructed by the qmail package). +- Run "/etc/rc.d/qmail restart". + +Sender Policy Framework: +- Configure Sender Rewriting Scheme (as instructed by the qmail package) + so your auto-forwarded messages will reach servers that choose to + enforce the forwarded domains' SPF policies. +- Publish a DNS TXT record with your desired policy. +- Incoming messages that explicit-fail published policy are nonetheless + accepted. To reject -- including rejecting auto-forwarded messages + from servers that haven't configured SRS -- add + SPP_SPF_RESULT_FAIL="E550 spf_smtp_msg" to control/tcprules/smtp, + then run "/etc/rc.d/qmailsmtpd cdb". +- Messages that explicit-pass are not greylisted. To remove the + exemption, remove SPP_SPF_RESULT_PASS="SGL_WHITELISTED=1" from + control/tcprules/smtp, then run "/etc/rc.d/qmailsmtpd cdb". + + Getting help ============ diff --git a/mail/qmail-run/files/greylisting-spp-with-exemptions.sh b/mail/qmail-run/files/greylisting-spp-wrapper.sh index acb88d0a384..b8aa28baf7e 100644 --- a/mail/qmail-run/files/greylisting-spp-with-exemptions.sh +++ b/mail/qmail-run/files/greylisting-spp-wrapper.sh @@ -1,10 +1,10 @@ #!@SH@ # -# $NetBSD: greylisting-spp-with-exemptions.sh,v 1.1 2018/11/13 16:34:58 schmonz Exp $ +# $NetBSD: greylisting-spp-wrapper.sh,v 1.1 2018/12/14 06:49:31 schmonz Exp $ # -# @PKGNAME@ wrapper to skip greylisting for certain recipient -# addresses and domains. -# Requires greylisting-spp. +# @PKGNAME@ wrapper for greylisting-spp. +# Skips greylisting for configured recipient addresses and domains. +# Optionally assigns a fixed "ip" in (ip,sender,recipient). # EXEMPTRCPTS=@PKG_SYSCONFDIR@/control/greylist/exemptrcpts @@ -28,10 +28,14 @@ main() { if is_exempt_recipient_address "$rcpt"; then @ECHO@ >&2 "greylisting skipped for recipient address: $rcpt" - export GL_WHITELISTED="1" + GL_WHITELISTED="1"; export GL_WHITELISTED elif is_exempt_recipient_domain "$rcpthost"; then @ECHO@ >&2 "greylisting skipped for recipient domain: $rcpthost" - export GL_WHITELISTED="1" + GL_WHITELISTED="1"; export GL_WHITELISTED + fi + + if [ -n "$GL_WRAPPER_TCPREMOTEIP" ]; then + TCPREMOTEIP="$GL_WRAPPER_TCPREMOTEIP"; export TCPREMOTEIP fi } diff --git a/mail/qmail-run/files/qmailofmipd.sh b/mail/qmail-run/files/qmailofmipd.sh index 4f366a09507..f0195f9492f 100644 --- a/mail/qmail-run/files/qmailofmipd.sh +++ b/mail/qmail-run/files/qmailofmipd.sh @@ -1,6 +1,6 @@ #!@RCD_SCRIPTS_SHELL@ # -# $NetBSD: qmailofmipd.sh,v 1.19 2018/12/11 17:49:41 schmonz Exp $ +# $NetBSD: qmailofmipd.sh,v 1.20 2018/12/14 06:49:31 schmonz Exp $ # # @PKGNAME@ script to control ofmipd (SMTP submission service). # @@ -18,6 +18,8 @@ name="qmailofmipd" : ${qmailofmipd_tcpflags:="-ne -vRl0"} : ${qmailofmipd_tcphost:="0.0.0.0"} : ${qmailofmipd_tcpport:="587"} +: ${qmailofmipd_tcprules:="@PKG_SYSCONFDIR@/control/tcprules/ofmip"} +: ${qmailofmipd_autocdb:="YES"} : ${qmailofmipd_precheckpassword:="@PREFIX@/bin/reup -t 5 @PREFIX@/bin/authup smtp"} : ${qmailofmipd_checkpassword:="@PREFIX@/bin/nbcheckpassword"} : ${qmailofmipd_preofmipd:="@PREFIX@/bin/checknotroot @PREFIX@/bin/fixsmtpio"} @@ -41,7 +43,7 @@ required_files="${required_files} @PKG_SYSCONFDIR@/control/concurrencysubmission required_files="${required_files} @PKG_SYSCONFDIR@/control/rcpthosts" required_files="${required_files} @PKG_SYSCONFDIR@/control/smtpcapabilities" required_files="${required_files} @PKG_SYSCONFDIR@/control/fixsmtpio" -required_files="${required_files} @PKG_SYSCONFDIR@/control/tcprules/ofmip.cdb" +required_files="${required_files} ${qmailofmipd_tcprules}.cdb" command="${qmailofmipd_tcpserver}" procname=nb${name} start_precmd="qmailofmipd_precmd" @@ -84,13 +86,16 @@ qmailofmipd_precmd() qmailofmipd_logcmd=${qmailofmipd_nologcmd} fi qmailofmipd_configure_tls + if [ -f /etc/rc.subr ] && checkyesno qmailofmipd_autocdb; then + qmailofmipd_needcdb && qmailofmipd_cdb + fi # tcpserver(1) is akin to inetd(8), but runs one service per process. # We want to signal only the tcpserver process responsible for this # service. Use argv0(1) to set procname to "nbqmailofmipd". command="@PREFIX@/bin/pgrphack @SETENV@ - ${qmailofmipd_postenv} @PREFIX@/bin/softlimit -m ${qmailofmipd_datalimit} ${qmailofmipd_pretcpserver} @PREFIX@/bin/argv0 ${qmailofmipd_tcpserver} ${procname} -${qmailofmipd_tcpflags} -x @PKG_SYSCONFDIR@/control/tcprules/ofmip.cdb +${qmailofmipd_tcpflags} -x ${qmailofmipd_tcprules}.cdb -c `@HEAD@ -1 @PKG_SYSCONFDIR@/control/concurrencysubmission` ${qmailofmipd_tcphost} ${qmailofmipd_tcpport} ${qmailofmipd_precheckpassword} ${qmailofmipd_checkpassword} @@ -126,12 +131,17 @@ qmailofmipd_cont() kill -CONT $rc_pid } +qmailofmipd_needcdb() { + _src=${qmailofmipd_tcprules} + _dst=${qmailofmipd_tcprules}.cdb + [ -f "${_src}" -a "${_src}" -nt "${_dst}" ] || [ ! -f "${_dst}" ] +} + qmailofmipd_cdb() { - @ECHO@ "Reloading @PKG_SYSCONFDIR@/control/tcprules/ofmip" - cd @PKG_SYSCONFDIR@/control/tcprules - @PREFIX@/bin/tcprules ofmip.cdb ofmip.tmp < ofmip - @CHMOD@ 644 ofmip.cdb + @ECHO@ "Reloading ${qmailofmipd_tcprules}" + @PREFIX@/bin/tcprules ${qmailofmipd_tcprules}.cdb ${qmailofmipd_tcprules}.tmp < ${qmailofmipd_tcprules} + @CHMOD@ 644 ${qmailofmipd_tcprules}.cdb } if [ -f /etc/rc.subr ]; then diff --git a/mail/qmail-run/files/qmailpop3d.sh b/mail/qmail-run/files/qmailpop3d.sh index 7e758dc5e9c..470985ead65 100644 --- a/mail/qmail-run/files/qmailpop3d.sh +++ b/mail/qmail-run/files/qmailpop3d.sh @@ -1,6 +1,6 @@ #!@RCD_SCRIPTS_SHELL@ # -# $NetBSD: qmailpop3d.sh,v 1.27 2018/12/11 17:49:41 schmonz Exp $ +# $NetBSD: qmailpop3d.sh,v 1.28 2018/12/14 06:49:31 schmonz Exp $ # # @PKGNAME@ script to control qmail-pop3d (POP3 server for Maildirs). # @@ -17,6 +17,8 @@ name="qmailpop3d" : ${qmailpop3d_tcpflags:="-ne -vRl0"} : ${qmailpop3d_tcphost:="0.0.0.0"} : ${qmailpop3d_tcpport:="110"} +: ${qmailpop3d_tcprules:="@PKG_SYSCONFDIR@/control/tcprules/pop3"} +: ${qmailpop3d_autocdb:="YES"} : ${qmailpop3d_precheckpassword:="@PREFIX@/bin/authup pop3"} : ${qmailpop3d_checkpassword:="@PREFIX@/bin/nbcheckpassword"} : ${qmailpop3d_prepop3d:="@PREFIX@/bin/checknotroot"} @@ -38,7 +40,7 @@ rcvar=${name} required_files="@PKG_SYSCONFDIR@/control/me" required_files="${required_files} @PKG_SYSCONFDIR@/control/concurrencypop3" required_files="${required_files} @PKG_SYSCONFDIR@/control/pop3capabilities" -required_files="${required_files} @PKG_SYSCONFDIR@/control/tcprules/pop3.cdb" +required_files="${required_files} ${qmailpop3d_tcprules}.cdb" command="${qmailpop3d_tcpserver}" procname=nb${name} start_precmd="qmailpop3d_precmd" @@ -81,13 +83,16 @@ qmailpop3d_precmd() qmailpop3d_logcmd=${qmailpop3d_nologcmd} fi qmailpop3d_configure_tls + if [ -f /etc/rc.subr ] && checkyesno qmailpop3d_autocdb; then + qmailpop3d_needcdb && qmailpop3d_cdb + fi # tcpserver(1) is akin to inetd(8), but runs one service per process. # We want to signal only the tcpserver process responsible for this # service. Use argv0(1) to set procname to "nbqmailpop3d". command="@PREFIX@/bin/pgrphack @SETENV@ - ${qmailpop3d_postenv} @PREFIX@/bin/softlimit -m ${qmailpop3d_datalimit} ${qmailpop3d_pretcpserver} @PREFIX@/bin/argv0 ${qmailpop3d_tcpserver} ${procname} -${qmailpop3d_tcpflags} -x @PKG_SYSCONFDIR@/control/tcprules/pop3.cdb +${qmailpop3d_tcpflags} -x ${qmailpop3d_tcprules}.cdb -c `@HEAD@ -1 @PKG_SYSCONFDIR@/control/concurrencypop3` ${qmailpop3d_tcphost} ${qmailpop3d_tcpport} ${qmailpop3d_precheckpassword} ${qmailpop3d_checkpassword} @@ -123,12 +128,17 @@ qmailpop3d_cont() kill -CONT $rc_pid } +qmailpop3d_needcdb() { + _src=${qmailpop3d_tcprules} + _dst=${qmailpop3d_tcprules}.cdb + [ -f "${_src}" -a "${_src}" -nt "${_dst}" ] || [ ! -f "${_dst}" ] +} + qmailpop3d_cdb() { - @ECHO@ "Reloading @PKG_SYSCONFDIR@/control/tcprules/pop3." - cd @PKG_SYSCONFDIR@/control/tcprules - @PREFIX@/bin/tcprules pop3.cdb pop3.tmp < pop3 - @CHMOD@ 644 pop3.cdb + @ECHO@ "Reloading ${qmailpop3d_tcprules}." + @PREFIX@/bin/tcprules ${qmailpop3d_tcprules}.cdb ${qmailpop3d_tcprules}.tmp < ${qmailpop3d_tcprules} + @CHMOD@ 644 ${qmailpop3d_tcprules}.cdb } if [ -f /etc/rc.subr ]; then diff --git a/mail/qmail-run/files/qmailsmtpd.sh b/mail/qmail-run/files/qmailsmtpd.sh index 62e9cd5526c..bf3512e45ed 100644 --- a/mail/qmail-run/files/qmailsmtpd.sh +++ b/mail/qmail-run/files/qmailsmtpd.sh @@ -1,6 +1,6 @@ #!@RCD_SCRIPTS_SHELL@ # -# $NetBSD: qmailsmtpd.sh,v 1.24 2018/12/11 17:49:41 schmonz Exp $ +# $NetBSD: qmailsmtpd.sh,v 1.25 2018/12/14 06:49:31 schmonz Exp $ # # @PKGNAME@ script to control qmail-smtpd (SMTP service). # @@ -18,6 +18,8 @@ name="qmailsmtpd" : ${qmailsmtpd_tcpflags:="-ne -vRl0"} : ${qmailsmtpd_tcphost:="0.0.0.0"} : ${qmailsmtpd_tcpport:="25"} +: ${qmailsmtpd_tcprules:="@PKG_SYSCONFDIR@/control/tcprules/smtp"} +: ${qmailsmtpd_autocdb:="YES"} : ${qmailsmtpd_presmtpd:="@PREFIX@/bin/greetdelay @PREFIX@/bin/rblsmtpd -r zen.spamhaus.org @PREFIX@/bin/fixsmtpio"} : ${qmailsmtpd_smtpdcmd:="@PREFIX@/bin/qmail-smtpd"} : ${qmailsmtpd_postsmtpd:=""} @@ -37,7 +39,7 @@ rcvar=${name} required_files="@PKG_SYSCONFDIR@/control/me" required_files="${required_files} @PKG_SYSCONFDIR@/control/concurrencyincoming" required_files="${required_files} @PKG_SYSCONFDIR@/control/rcpthosts" -required_files="${required_files} @PKG_SYSCONFDIR@/control/tcprules/smtp.cdb" +required_files="${required_files} ${qmailsmtpd_tcprules}.cdb" command="${qmailsmtpd_tcpserver}" procname=nb${name} start_precmd="qmailsmtpd_precmd" @@ -80,13 +82,16 @@ qmailsmtpd_precmd() qmailsmtpd_logcmd=${qmailsmtpd_nologcmd} fi qmailsmtpd_configure_tls + if [ -f /etc/rc.subr ] && checkyesno qmailsmtpd_autocdb; then + qmailsmtpd_needcdb && qmailsmtpd_cdb + fi # tcpserver(1) is akin to inetd(8), but runs one service per process. # We want to signal only the tcpserver process responsible for this # service. Use argv0(1) to set procname to "nbqmailsmtpd". command="@PREFIX@/bin/pgrphack @SETENV@ - ${qmailsmtpd_postenv} @PREFIX@/bin/softlimit -m ${qmailsmtpd_datalimit} ${qmailsmtpd_pretcpserver} @PREFIX@/bin/argv0 ${qmailsmtpd_tcpserver} ${procname} -${qmailsmtpd_tcpflags} -x @PKG_SYSCONFDIR@/control/tcprules/smtp.cdb +${qmailsmtpd_tcpflags} -x ${qmailsmtpd_tcprules}.cdb -c `@HEAD@ -1 @PKG_SYSCONFDIR@/control/concurrencyincoming` -u `@ID@ -u @QMAIL_DAEMON_USER@` -g `@ID@ -g @QMAIL_DAEMON_USER@` ${qmailsmtpd_tcphost} ${qmailsmtpd_tcpport} @@ -122,12 +127,17 @@ qmailsmtpd_cont() kill -CONT $rc_pid } +qmailsmtpd_needcdb() { + _src=${qmailsmtpd_tcprules} + _dst=${qmailsmtpd_tcprules}.cdb + [ -f "${_src}" -a "${_src}" -nt "${_dst}" ] || [ ! -f "${_dst}" ] +} + qmailsmtpd_cdb() { - @ECHO@ "Reloading @PKG_SYSCONFDIR@/control/tcprules/smtp." - cd @PKG_SYSCONFDIR@/control/tcprules - @PREFIX@/bin/tcprules smtp.cdb smtp.tmp < smtp - @CHMOD@ 644 smtp.cdb + @ECHO@ "Reloading ${qmailsmtpd_tcprules}." + @PREFIX@/bin/tcprules ${qmailsmtpd_tcprules}.cdb ${qmailsmtpd_tcprules}.tmp < ${qmailsmtpd_tcprules} + @CHMOD@ 644 ${qmailsmtpd_tcprules}.cdb } if [ -f /etc/rc.subr ]; then diff --git a/mail/qmail-run/files/smtpfilters b/mail/qmail-run/files/smtpfilters index e3b52faa4c7..4c758300b2c 100644 --- a/mail/qmail-run/files/smtpfilters +++ b/mail/qmail-run/files/smtpfilters @@ -1,2 +1,2 @@ -@PREFIX@/bin/qmail-qfilter-viruscan +#@PREFIX@/bin/qmail-qfilter-viruscan @PREFIX@/bin/qmail-qfilter-addtlsheader diff --git a/mail/qmail-run/files/smtpplugins b/mail/qmail-run/files/smtpplugins index 94b68ce17e4..de773cca830 100644 --- a/mail/qmail-run/files/smtpplugins +++ b/mail/qmail-run/files/smtpplugins @@ -13,7 +13,7 @@ # plugins to execute on RCPT command [rcpt] @PREFIX@/bin/qmail-rcptcheck -#@PREFIX@/bin/greylisting-spp-with-exemptions +#@PREFIX@/bin/greylisting-spp-wrapper # plugins to execute on DATA command [data] diff --git a/mail/qmail-run/files/tcprules-smtp b/mail/qmail-run/files/tcprules-smtp index eb9a0172404..776ab91ccd9 100644 --- a/mail/qmail-run/files/tcprules-smtp +++ b/mail/qmail-run/files/tcprules-smtp @@ -1,2 +1,2 @@ 127.:allow,RELAYCLIENT="" -:allow,UCSPITLS="",GREETDELAY="2",SPP_SPF_RESULT_FAIL="E550 spf_smtp_msg",SPP_SPF_RESULT_PASS="SGL_WHITELISTED=1",GL_DATABASE="@PKG_SYSCONFDIR@/control/greylist/database",GL_VERBOSE="1",QMAILQUEUE="@PREFIX@/bin/qmail-qfilter-queue",QMAILQUEUEFILTERS="control/smtpfilters" +:allow,UCSPITLS="",GREETDELAY="2",SPP_SPF_DONT_ALLOW_RANDOM_IP_PASS="1",SPP_SPF_RESULT_PASS="SGL_WHITELISTED=1",GL_DATABASE="@PKG_SYSCONFDIR@/control/greylist/database",GL_VERBOSE="1",QMAILQUEUE="@PREFIX@/bin/qmail-qfilter-queue",QMAILQUEUEFILTERS="control/smtpfilters" |