summaryrefslogtreecommitdiff
path: root/mail
diff options
context:
space:
mode:
authorschmonz <schmonz@pkgsrc.org>2018-12-14 06:49:30 +0000
committerschmonz <schmonz@pkgsrc.org>2018-12-14 06:49:30 +0000
commitc67582b6c898028243b0176e205317010d8fbf3a (patch)
tree2526760c1440a9b1200f0ba82c8e7e492b3ca7f5 /mail
parent83b051269b55f66da6062b857aadeb37d2118ef7 (diff)
downloadpkgsrc-c67582b6c898028243b0176e205317010d8fbf3a.tar.gz
Extract most of MESSAGE to README.pkgsrc. (MESSAGE was getting too long.)
Comment out qmail-qfilter-viruscan in control/smtpfilters. It's not a very precise tool, so the cost (false positives) probably outweighs the benefit (blocked malware attachments) for many users. Also not a sensible default: rejecting incoming mail on SPF explicit-fail. This needs to be an admin decision because, among other reasons, it would also reject messages forwarded through servers that haven't configured SRS. Document SPF setup, including how to reject (with this caveat) and how to greylist SPF explicit-pass (which would otherwise be exempted from greylisting). Rename greylisting-spp-with-exemptions to greylisting-spp-wrapper. Add a feature: to effectively omit IP from the (IP,sender,recipient) tuple, add GL_WRAPPER_TCPREMOTEIP="127.127.127.127" to control/tcprules/smtp. rc.d scripts: - Location of tcprules file is configurable - By default, CDB is auto-rebuilt as needed on service start - CDB auto-rebuilding can be configured off Bump version.
Diffstat (limited to 'mail')
-rw-r--r--mail/qmail-run/INSTALL11
-rw-r--r--mail/qmail-run/MESSAGE34
-rw-r--r--mail/qmail-run/Makefile10
-rw-r--r--mail/qmail-run/PLIST4
-rw-r--r--mail/qmail-run/files/README.pkgsrc55
-rw-r--r--mail/qmail-run/files/greylisting-spp-wrapper.sh (renamed from mail/qmail-run/files/greylisting-spp-with-exemptions.sh)16
-rw-r--r--mail/qmail-run/files/qmailofmipd.sh24
-rw-r--r--mail/qmail-run/files/qmailpop3d.sh24
-rw-r--r--mail/qmail-run/files/qmailsmtpd.sh24
-rw-r--r--mail/qmail-run/files/smtpfilters2
-rw-r--r--mail/qmail-run/files/smtpplugins2
-rw-r--r--mail/qmail-run/files/tcprules-smtp2
12 files changed, 135 insertions, 73 deletions
diff --git a/mail/qmail-run/INSTALL b/mail/qmail-run/INSTALL
index 4f6585325bb..d7baa4ea644 100644
--- a/mail/qmail-run/INSTALL
+++ b/mail/qmail-run/INSTALL
@@ -1,4 +1,4 @@
-# $NetBSD: INSTALL,v 1.10 2018/12/11 17:49:40 schmonz Exp $
+# $NetBSD: INSTALL,v 1.11 2018/12/14 06:49:30 schmonz Exp $
case "${STAGE}" in
@@ -12,13 +12,4 @@ PRE-INSTALL)
;;
-POST-INSTALL)
- cd ${PKG_SYSCONFDIR}/control/tcprules
- for i in ofmip pop3 smtp; do
- ${CHMOD} 644 ${i}
- ${PREFIX}/bin/tcprules ${i}.cdb ${i}.tmp < ${i}
- ${CHMOD} 644 ${i}.cdb
- done
-
- ;;
esac
diff --git a/mail/qmail-run/MESSAGE b/mail/qmail-run/MESSAGE
index 5d20f2284f7..2e1b53c60bc 100644
--- a/mail/qmail-run/MESSAGE
+++ b/mail/qmail-run/MESSAGE
@@ -1,34 +1,16 @@
===========================================================================
-$NetBSD: MESSAGE,v 1.14 2018/11/14 16:46:58 schmonz Exp $
+$NetBSD: MESSAGE,v 1.15 2018/12/14 06:49:30 schmonz Exp $
-Please read ${PREFIX}/share/doc/qmail-run/README.pkgsrc.
+Assuming NetBSD-style mailwrapper(8) and rc(8), to enable qmail for
+local and outbound delivery:
-Assuming NetBSD-style mailwrapper(8) and rc(8), to enable qmail for...
-
-Local and outbound delivery:
+- Run "/etc/rc.d/postfix stop" and set postfix=NO in /etc/rc.conf.
+- Replace /etc/mailer.conf with ${PREFIX}/share/examples/qmail-run/mailer.conf.
- Check configuration in ${PKG_SYSCONFDIR} (especially alias/.qmail-*).
-- Copy ${PREFIX}/share/examples/qmail-run/mailer.conf to /etc/mailer.conf.
- Set qmailsend=YES and qmailqread=YES in /etc/rc.conf.
+- Run "/etc/rc.d/qmail start".
-Incoming SMTP on port 25:
-- Add any qmail-rcptcheck programs to control/rcptchecks.
-- Add any qmail-qfilter programs to control/smtpfilters.
-- Add any qmail-spp programs (such as greylisting) to control/smtpplugins.
-- Set qmailsmtpd=YES in /etc/rc.conf.
-
-Greylisting:
-- Add any exempt recipient addresses to control/greylist/exemptrcpts.
-- Add any exempt recipient domains to control/greylist/exemptrcpthosts.
-- Uncomment "greylisting-spp-with-exemptions" in control/smtpplugins.
-
-Authenticated submission on port 587:
-- Add any qmail-qfilter programs to control/ofmipfilters.
-- Set qmailofmipd=YES in /etc/rc.conf.
-
-POP3 (for Maildirs only) on port 110:
-- Set qmailpop3d=YES in /etc/rc.conf.
-
-TLS encryption everywhere applicable:
-- Create cert and DH params as instructed by the qmail package.
+For SMTP, TLS, and more, please read
+${PREFIX}/share/doc/qmail-run/README.pkgsrc.
===========================================================================
diff --git a/mail/qmail-run/Makefile b/mail/qmail-run/Makefile
index 6726b8f3e11..ce201e3e8ec 100644
--- a/mail/qmail-run/Makefile
+++ b/mail/qmail-run/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.64 2018/12/12 01:08:30 schmonz Exp $
+# $NetBSD: Makefile,v 1.65 2018/12/14 06:49:30 schmonz Exp $
#
-DISTNAME= qmail-run-20181211.1
+DISTNAME= qmail-run-20181214
CATEGORIES= mail
MASTER_SITES= # empty
DISTFILES= # empty
@@ -78,7 +78,7 @@ MAKEVARS+= PKG_SYSCONFDIR.qmail-run
SUBST_CLASSES+= paths
SUBST_STAGE.paths= pre-configure
SUBST_FILES.paths= mailer.conf
-SUBST_FILES.paths+= greylisting-spp-with-exemptions ofmipd-with-user-cdb
+SUBST_FILES.paths+= greylisting-spp-wrapper ofmipd-with-user-cdb
SUBST_FILES.paths+= qmail-isspam-* qmail-procmail qmail-qread-client
SUBST_FILES.paths+= rcptchecks ofmipfilters smtpfilters smtpplugins tcprules-*
SUBST_VARS.paths= PKGNAME PKG_SYSCONFDIR PREFIX
@@ -93,14 +93,14 @@ post-extract:
tcprules-ofmip tcprules-pop3 tcprules-smtp; do \
${CP} ${FILESDIR}/$$f ${WRKDIR}/$$f; \
done; \
- for f in greylisting-spp-with-exemptions ofmipd-with-user-cdb \
+ for f in greylisting-spp-wrapper ofmipd-with-user-cdb \
qmail-isspam-rspamd qmail-isspam-spamassassin \
qmail-procmail qmail-qread-client; do \
${CP} ${FILESDIR}/$$f.sh ${WRKDIR}/$$f; \
done
do-install:
- for f in greylisting-spp-with-exemptions ofmipd-with-user-cdb \
+ for f in greylisting-spp-wrapper ofmipd-with-user-cdb \
qmail-isspam-rspamd qmail-isspam-spamassassin \
qmail-procmail qmail-qread-client; do \
${INSTALL_SCRIPT} ${WRKDIR}/$$f ${DESTDIR}${PREFIX}/bin; \
diff --git a/mail/qmail-run/PLIST b/mail/qmail-run/PLIST
index a1b07aeeaf7..382f4fd7a71 100644
--- a/mail/qmail-run/PLIST
+++ b/mail/qmail-run/PLIST
@@ -1,5 +1,5 @@
-@comment $NetBSD: PLIST,v 1.19 2018/12/11 17:49:40 schmonz Exp $
-bin/greylisting-spp-with-exemptions
+@comment $NetBSD: PLIST,v 1.20 2018/12/14 06:49:30 schmonz Exp $
+bin/greylisting-spp-wrapper
bin/ofmipd-with-user-cdb
bin/qmail-isspam-rspamd
bin/qmail-isspam-spamassassin
diff --git a/mail/qmail-run/files/README.pkgsrc b/mail/qmail-run/files/README.pkgsrc
index 1c67cdda774..fb4e86d8065 100644
--- a/mail/qmail-run/files/README.pkgsrc
+++ b/mail/qmail-run/files/README.pkgsrc
@@ -1,3 +1,58 @@
+ Getting started
+ ===============
+
+Assuming NetBSD-style mailwrapper(8) and rc(8), to enable qmail for...
+
+Local and outbound delivery:
+- Run "/etc/rc.d/postfix stop" and set postfix=NO in /etc/rc.conf.
+- Replace /etc/mailer.conf with ${PREFIX}/share/examples/qmail-run/mailer.conf.
+- Check configuration in ${PKG_SYSCONFDIR} (especially alias/.qmail-*).
+- Set qmailsend=YES and qmailqread=YES in /etc/rc.conf.
+- Run "/etc/rc.d/qmail start".
+
+Incoming SMTP on port 25:
+- Set qmailsmtpd=YES in /etc/rc.conf.
+- Add any qmail-rcptcheck programs to control/rcptchecks.
+- Add any qmail-qfilter programs to control/smtpfilters.
+- Add any qmail-spp programs (such as greylisting) to control/smtpplugins.
+- Run "/etc/rc.d/qmailsmtpd start".
+
+Greylisting:
+- Add any exempt recipient addresses to control/greylist/exemptrcpts.
+- Add any exempt recipient domains to control/greylist/exemptrcpthosts.
+- Tuples are (IP,sender,recipient). To effectively omit IP, add
+ GL_WRAPPER_TCPREMOTEIP="127.127.127.127" to control/tcprules/smtp,
+ then run "/etc/rc.d/qmailsmtpd cdb".
+- Uncomment "greylisting-spp-wrapper" in control/smtpplugins.
+
+Authenticated message submission on port 587:
+- Set qmailofmipd=YES in /etc/rc.conf.
+- Add any qmail-qfilter programs to control/ofmipfilters.
+- Run "/etc/rc.d/qmailofmipd start".
+
+POP3 (for Maildirs only) on port 110:
+- Set qmailpop3d=YES in /etc/rc.conf.
+- Run "/etc/rc.d/qmailpop3d start".
+
+TLS encryption for SMTP, submission, POP3, and remote delivery:
+- Create cert and DH params (as instructed by the qmail package).
+- Run "/etc/rc.d/qmail restart".
+
+Sender Policy Framework:
+- Configure Sender Rewriting Scheme (as instructed by the qmail package)
+ so your auto-forwarded messages will reach servers that choose to
+ enforce the forwarded domains' SPF policies.
+- Publish a DNS TXT record with your desired policy.
+- Incoming messages that explicit-fail published policy are nonetheless
+ accepted. To reject -- including rejecting auto-forwarded messages
+ from servers that haven't configured SRS -- add
+ SPP_SPF_RESULT_FAIL="E550 spf_smtp_msg" to control/tcprules/smtp,
+ then run "/etc/rc.d/qmailsmtpd cdb".
+- Messages that explicit-pass are not greylisted. To remove the
+ exemption, remove SPP_SPF_RESULT_PASS="SGL_WHITELISTED=1" from
+ control/tcprules/smtp, then run "/etc/rc.d/qmailsmtpd cdb".
+
+
Getting help
============
diff --git a/mail/qmail-run/files/greylisting-spp-with-exemptions.sh b/mail/qmail-run/files/greylisting-spp-wrapper.sh
index acb88d0a384..b8aa28baf7e 100644
--- a/mail/qmail-run/files/greylisting-spp-with-exemptions.sh
+++ b/mail/qmail-run/files/greylisting-spp-wrapper.sh
@@ -1,10 +1,10 @@
#!@SH@
#
-# $NetBSD: greylisting-spp-with-exemptions.sh,v 1.1 2018/11/13 16:34:58 schmonz Exp $
+# $NetBSD: greylisting-spp-wrapper.sh,v 1.1 2018/12/14 06:49:31 schmonz Exp $
#
-# @PKGNAME@ wrapper to skip greylisting for certain recipient
-# addresses and domains.
-# Requires greylisting-spp.
+# @PKGNAME@ wrapper for greylisting-spp.
+# Skips greylisting for configured recipient addresses and domains.
+# Optionally assigns a fixed "ip" in (ip,sender,recipient).
#
EXEMPTRCPTS=@PKG_SYSCONFDIR@/control/greylist/exemptrcpts
@@ -28,10 +28,14 @@ main() {
if is_exempt_recipient_address "$rcpt"; then
@ECHO@ >&2 "greylisting skipped for recipient address: $rcpt"
- export GL_WHITELISTED="1"
+ GL_WHITELISTED="1"; export GL_WHITELISTED
elif is_exempt_recipient_domain "$rcpthost"; then
@ECHO@ >&2 "greylisting skipped for recipient domain: $rcpthost"
- export GL_WHITELISTED="1"
+ GL_WHITELISTED="1"; export GL_WHITELISTED
+ fi
+
+ if [ -n "$GL_WRAPPER_TCPREMOTEIP" ]; then
+ TCPREMOTEIP="$GL_WRAPPER_TCPREMOTEIP"; export TCPREMOTEIP
fi
}
diff --git a/mail/qmail-run/files/qmailofmipd.sh b/mail/qmail-run/files/qmailofmipd.sh
index 4f366a09507..f0195f9492f 100644
--- a/mail/qmail-run/files/qmailofmipd.sh
+++ b/mail/qmail-run/files/qmailofmipd.sh
@@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
-# $NetBSD: qmailofmipd.sh,v 1.19 2018/12/11 17:49:41 schmonz Exp $
+# $NetBSD: qmailofmipd.sh,v 1.20 2018/12/14 06:49:31 schmonz Exp $
#
# @PKGNAME@ script to control ofmipd (SMTP submission service).
#
@@ -18,6 +18,8 @@ name="qmailofmipd"
: ${qmailofmipd_tcpflags:="-ne -vRl0"}
: ${qmailofmipd_tcphost:="0.0.0.0"}
: ${qmailofmipd_tcpport:="587"}
+: ${qmailofmipd_tcprules:="@PKG_SYSCONFDIR@/control/tcprules/ofmip"}
+: ${qmailofmipd_autocdb:="YES"}
: ${qmailofmipd_precheckpassword:="@PREFIX@/bin/reup -t 5 @PREFIX@/bin/authup smtp"}
: ${qmailofmipd_checkpassword:="@PREFIX@/bin/nbcheckpassword"}
: ${qmailofmipd_preofmipd:="@PREFIX@/bin/checknotroot @PREFIX@/bin/fixsmtpio"}
@@ -41,7 +43,7 @@ required_files="${required_files} @PKG_SYSCONFDIR@/control/concurrencysubmission
required_files="${required_files} @PKG_SYSCONFDIR@/control/rcpthosts"
required_files="${required_files} @PKG_SYSCONFDIR@/control/smtpcapabilities"
required_files="${required_files} @PKG_SYSCONFDIR@/control/fixsmtpio"
-required_files="${required_files} @PKG_SYSCONFDIR@/control/tcprules/ofmip.cdb"
+required_files="${required_files} ${qmailofmipd_tcprules}.cdb"
command="${qmailofmipd_tcpserver}"
procname=nb${name}
start_precmd="qmailofmipd_precmd"
@@ -84,13 +86,16 @@ qmailofmipd_precmd()
qmailofmipd_logcmd=${qmailofmipd_nologcmd}
fi
qmailofmipd_configure_tls
+ if [ -f /etc/rc.subr ] && checkyesno qmailofmipd_autocdb; then
+ qmailofmipd_needcdb && qmailofmipd_cdb
+ fi
# tcpserver(1) is akin to inetd(8), but runs one service per process.
# We want to signal only the tcpserver process responsible for this
# service. Use argv0(1) to set procname to "nbqmailofmipd".
command="@PREFIX@/bin/pgrphack @SETENV@ - ${qmailofmipd_postenv}
@PREFIX@/bin/softlimit -m ${qmailofmipd_datalimit} ${qmailofmipd_pretcpserver}
@PREFIX@/bin/argv0 ${qmailofmipd_tcpserver} ${procname}
-${qmailofmipd_tcpflags} -x @PKG_SYSCONFDIR@/control/tcprules/ofmip.cdb
+${qmailofmipd_tcpflags} -x ${qmailofmipd_tcprules}.cdb
-c `@HEAD@ -1 @PKG_SYSCONFDIR@/control/concurrencysubmission`
${qmailofmipd_tcphost} ${qmailofmipd_tcpport}
${qmailofmipd_precheckpassword} ${qmailofmipd_checkpassword}
@@ -126,12 +131,17 @@ qmailofmipd_cont()
kill -CONT $rc_pid
}
+qmailofmipd_needcdb() {
+ _src=${qmailofmipd_tcprules}
+ _dst=${qmailofmipd_tcprules}.cdb
+ [ -f "${_src}" -a "${_src}" -nt "${_dst}" ] || [ ! -f "${_dst}" ]
+}
+
qmailofmipd_cdb()
{
- @ECHO@ "Reloading @PKG_SYSCONFDIR@/control/tcprules/ofmip"
- cd @PKG_SYSCONFDIR@/control/tcprules
- @PREFIX@/bin/tcprules ofmip.cdb ofmip.tmp < ofmip
- @CHMOD@ 644 ofmip.cdb
+ @ECHO@ "Reloading ${qmailofmipd_tcprules}"
+ @PREFIX@/bin/tcprules ${qmailofmipd_tcprules}.cdb ${qmailofmipd_tcprules}.tmp < ${qmailofmipd_tcprules}
+ @CHMOD@ 644 ${qmailofmipd_tcprules}.cdb
}
if [ -f /etc/rc.subr ]; then
diff --git a/mail/qmail-run/files/qmailpop3d.sh b/mail/qmail-run/files/qmailpop3d.sh
index 7e758dc5e9c..470985ead65 100644
--- a/mail/qmail-run/files/qmailpop3d.sh
+++ b/mail/qmail-run/files/qmailpop3d.sh
@@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
-# $NetBSD: qmailpop3d.sh,v 1.27 2018/12/11 17:49:41 schmonz Exp $
+# $NetBSD: qmailpop3d.sh,v 1.28 2018/12/14 06:49:31 schmonz Exp $
#
# @PKGNAME@ script to control qmail-pop3d (POP3 server for Maildirs).
#
@@ -17,6 +17,8 @@ name="qmailpop3d"
: ${qmailpop3d_tcpflags:="-ne -vRl0"}
: ${qmailpop3d_tcphost:="0.0.0.0"}
: ${qmailpop3d_tcpport:="110"}
+: ${qmailpop3d_tcprules:="@PKG_SYSCONFDIR@/control/tcprules/pop3"}
+: ${qmailpop3d_autocdb:="YES"}
: ${qmailpop3d_precheckpassword:="@PREFIX@/bin/authup pop3"}
: ${qmailpop3d_checkpassword:="@PREFIX@/bin/nbcheckpassword"}
: ${qmailpop3d_prepop3d:="@PREFIX@/bin/checknotroot"}
@@ -38,7 +40,7 @@ rcvar=${name}
required_files="@PKG_SYSCONFDIR@/control/me"
required_files="${required_files} @PKG_SYSCONFDIR@/control/concurrencypop3"
required_files="${required_files} @PKG_SYSCONFDIR@/control/pop3capabilities"
-required_files="${required_files} @PKG_SYSCONFDIR@/control/tcprules/pop3.cdb"
+required_files="${required_files} ${qmailpop3d_tcprules}.cdb"
command="${qmailpop3d_tcpserver}"
procname=nb${name}
start_precmd="qmailpop3d_precmd"
@@ -81,13 +83,16 @@ qmailpop3d_precmd()
qmailpop3d_logcmd=${qmailpop3d_nologcmd}
fi
qmailpop3d_configure_tls
+ if [ -f /etc/rc.subr ] && checkyesno qmailpop3d_autocdb; then
+ qmailpop3d_needcdb && qmailpop3d_cdb
+ fi
# tcpserver(1) is akin to inetd(8), but runs one service per process.
# We want to signal only the tcpserver process responsible for this
# service. Use argv0(1) to set procname to "nbqmailpop3d".
command="@PREFIX@/bin/pgrphack @SETENV@ - ${qmailpop3d_postenv}
@PREFIX@/bin/softlimit -m ${qmailpop3d_datalimit} ${qmailpop3d_pretcpserver}
@PREFIX@/bin/argv0 ${qmailpop3d_tcpserver} ${procname}
-${qmailpop3d_tcpflags} -x @PKG_SYSCONFDIR@/control/tcprules/pop3.cdb
+${qmailpop3d_tcpflags} -x ${qmailpop3d_tcprules}.cdb
-c `@HEAD@ -1 @PKG_SYSCONFDIR@/control/concurrencypop3`
${qmailpop3d_tcphost} ${qmailpop3d_tcpport}
${qmailpop3d_precheckpassword} ${qmailpop3d_checkpassword}
@@ -123,12 +128,17 @@ qmailpop3d_cont()
kill -CONT $rc_pid
}
+qmailpop3d_needcdb() {
+ _src=${qmailpop3d_tcprules}
+ _dst=${qmailpop3d_tcprules}.cdb
+ [ -f "${_src}" -a "${_src}" -nt "${_dst}" ] || [ ! -f "${_dst}" ]
+}
+
qmailpop3d_cdb()
{
- @ECHO@ "Reloading @PKG_SYSCONFDIR@/control/tcprules/pop3."
- cd @PKG_SYSCONFDIR@/control/tcprules
- @PREFIX@/bin/tcprules pop3.cdb pop3.tmp < pop3
- @CHMOD@ 644 pop3.cdb
+ @ECHO@ "Reloading ${qmailpop3d_tcprules}."
+ @PREFIX@/bin/tcprules ${qmailpop3d_tcprules}.cdb ${qmailpop3d_tcprules}.tmp < ${qmailpop3d_tcprules}
+ @CHMOD@ 644 ${qmailpop3d_tcprules}.cdb
}
if [ -f /etc/rc.subr ]; then
diff --git a/mail/qmail-run/files/qmailsmtpd.sh b/mail/qmail-run/files/qmailsmtpd.sh
index 62e9cd5526c..bf3512e45ed 100644
--- a/mail/qmail-run/files/qmailsmtpd.sh
+++ b/mail/qmail-run/files/qmailsmtpd.sh
@@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
-# $NetBSD: qmailsmtpd.sh,v 1.24 2018/12/11 17:49:41 schmonz Exp $
+# $NetBSD: qmailsmtpd.sh,v 1.25 2018/12/14 06:49:31 schmonz Exp $
#
# @PKGNAME@ script to control qmail-smtpd (SMTP service).
#
@@ -18,6 +18,8 @@ name="qmailsmtpd"
: ${qmailsmtpd_tcpflags:="-ne -vRl0"}
: ${qmailsmtpd_tcphost:="0.0.0.0"}
: ${qmailsmtpd_tcpport:="25"}
+: ${qmailsmtpd_tcprules:="@PKG_SYSCONFDIR@/control/tcprules/smtp"}
+: ${qmailsmtpd_autocdb:="YES"}
: ${qmailsmtpd_presmtpd:="@PREFIX@/bin/greetdelay @PREFIX@/bin/rblsmtpd -r zen.spamhaus.org @PREFIX@/bin/fixsmtpio"}
: ${qmailsmtpd_smtpdcmd:="@PREFIX@/bin/qmail-smtpd"}
: ${qmailsmtpd_postsmtpd:=""}
@@ -37,7 +39,7 @@ rcvar=${name}
required_files="@PKG_SYSCONFDIR@/control/me"
required_files="${required_files} @PKG_SYSCONFDIR@/control/concurrencyincoming"
required_files="${required_files} @PKG_SYSCONFDIR@/control/rcpthosts"
-required_files="${required_files} @PKG_SYSCONFDIR@/control/tcprules/smtp.cdb"
+required_files="${required_files} ${qmailsmtpd_tcprules}.cdb"
command="${qmailsmtpd_tcpserver}"
procname=nb${name}
start_precmd="qmailsmtpd_precmd"
@@ -80,13 +82,16 @@ qmailsmtpd_precmd()
qmailsmtpd_logcmd=${qmailsmtpd_nologcmd}
fi
qmailsmtpd_configure_tls
+ if [ -f /etc/rc.subr ] && checkyesno qmailsmtpd_autocdb; then
+ qmailsmtpd_needcdb && qmailsmtpd_cdb
+ fi
# tcpserver(1) is akin to inetd(8), but runs one service per process.
# We want to signal only the tcpserver process responsible for this
# service. Use argv0(1) to set procname to "nbqmailsmtpd".
command="@PREFIX@/bin/pgrphack @SETENV@ - ${qmailsmtpd_postenv}
@PREFIX@/bin/softlimit -m ${qmailsmtpd_datalimit} ${qmailsmtpd_pretcpserver}
@PREFIX@/bin/argv0 ${qmailsmtpd_tcpserver} ${procname}
-${qmailsmtpd_tcpflags} -x @PKG_SYSCONFDIR@/control/tcprules/smtp.cdb
+${qmailsmtpd_tcpflags} -x ${qmailsmtpd_tcprules}.cdb
-c `@HEAD@ -1 @PKG_SYSCONFDIR@/control/concurrencyincoming`
-u `@ID@ -u @QMAIL_DAEMON_USER@` -g `@ID@ -g @QMAIL_DAEMON_USER@`
${qmailsmtpd_tcphost} ${qmailsmtpd_tcpport}
@@ -122,12 +127,17 @@ qmailsmtpd_cont()
kill -CONT $rc_pid
}
+qmailsmtpd_needcdb() {
+ _src=${qmailsmtpd_tcprules}
+ _dst=${qmailsmtpd_tcprules}.cdb
+ [ -f "${_src}" -a "${_src}" -nt "${_dst}" ] || [ ! -f "${_dst}" ]
+}
+
qmailsmtpd_cdb()
{
- @ECHO@ "Reloading @PKG_SYSCONFDIR@/control/tcprules/smtp."
- cd @PKG_SYSCONFDIR@/control/tcprules
- @PREFIX@/bin/tcprules smtp.cdb smtp.tmp < smtp
- @CHMOD@ 644 smtp.cdb
+ @ECHO@ "Reloading ${qmailsmtpd_tcprules}."
+ @PREFIX@/bin/tcprules ${qmailsmtpd_tcprules}.cdb ${qmailsmtpd_tcprules}.tmp < ${qmailsmtpd_tcprules}
+ @CHMOD@ 644 ${qmailsmtpd_tcprules}.cdb
}
if [ -f /etc/rc.subr ]; then
diff --git a/mail/qmail-run/files/smtpfilters b/mail/qmail-run/files/smtpfilters
index e3b52faa4c7..4c758300b2c 100644
--- a/mail/qmail-run/files/smtpfilters
+++ b/mail/qmail-run/files/smtpfilters
@@ -1,2 +1,2 @@
-@PREFIX@/bin/qmail-qfilter-viruscan
+#@PREFIX@/bin/qmail-qfilter-viruscan
@PREFIX@/bin/qmail-qfilter-addtlsheader
diff --git a/mail/qmail-run/files/smtpplugins b/mail/qmail-run/files/smtpplugins
index 94b68ce17e4..de773cca830 100644
--- a/mail/qmail-run/files/smtpplugins
+++ b/mail/qmail-run/files/smtpplugins
@@ -13,7 +13,7 @@
# plugins to execute on RCPT command
[rcpt]
@PREFIX@/bin/qmail-rcptcheck
-#@PREFIX@/bin/greylisting-spp-with-exemptions
+#@PREFIX@/bin/greylisting-spp-wrapper
# plugins to execute on DATA command
[data]
diff --git a/mail/qmail-run/files/tcprules-smtp b/mail/qmail-run/files/tcprules-smtp
index eb9a0172404..776ab91ccd9 100644
--- a/mail/qmail-run/files/tcprules-smtp
+++ b/mail/qmail-run/files/tcprules-smtp
@@ -1,2 +1,2 @@
127.:allow,RELAYCLIENT=""
-:allow,UCSPITLS="",GREETDELAY="2",SPP_SPF_RESULT_FAIL="E550 spf_smtp_msg",SPP_SPF_RESULT_PASS="SGL_WHITELISTED=1",GL_DATABASE="@PKG_SYSCONFDIR@/control/greylist/database",GL_VERBOSE="1",QMAILQUEUE="@PREFIX@/bin/qmail-qfilter-queue",QMAILQUEUEFILTERS="control/smtpfilters"
+:allow,UCSPITLS="",GREETDELAY="2",SPP_SPF_DONT_ALLOW_RANDOM_IP_PASS="1",SPP_SPF_RESULT_PASS="SGL_WHITELISTED=1",GL_DATABASE="@PKG_SYSCONFDIR@/control/greylist/database",GL_VERBOSE="1",QMAILQUEUE="@PREFIX@/bin/qmail-qfilter-queue",QMAILQUEUEFILTERS="control/smtpfilters"