pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/mail/qmail-run
Module Name: pkgsrc
Committed By: schmonz
Date: Thu Jan 14 15:42:36 UTC 2021
Modified Files:
pkgsrc/mail/qmail-run: Makefile
pkgsrc/mail/qmail-run/files: qmailofmipd.sh qmailpop3d.sh qmailsmtpd.sh
tcprules-smtp
Log Message:
Take steps toward running under other UCSPI-TLS server implementations:
- Set CADIR in the environment.
- Prefer a separate keyfile for TLS. If it's not present, attempt to
generate it by copying out the private key from the certfile.
- Don't provide an affordance for overriding the compiled-in cipherlist.
- Be willing to enable TLS without a DH params file.
While here, invent control/localfilters. If it exists, it's a sequence
of filters for SMTP connections on localhost.
Bump version.
To generate a diff of this commit:
cvs rdiff -u -r1.78 -r1.79 pkgsrc/mail/qmail-run/Makefile
cvs rdiff -u -r1.26 -r1.27 pkgsrc/mail/qmail-run/files/qmailofmipd.sh
cvs rdiff -u -r1.33 -r1.34 pkgsrc/mail/qmail-run/files/qmailpop3d.sh
cvs rdiff -u -r1.30 -r1.31 pkgsrc/mail/qmail-run/files/qmailsmtpd.sh
cvs rdiff -u -r1.2 -r1.3 pkgsrc/mail/qmail-run/files/tcprules-smtp
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/mail/qmail-run/Makefile
diff -u pkgsrc/mail/qmail-run/Makefile:1.78 pkgsrc/mail/qmail-run/Makefile:1.79
--- pkgsrc/mail/qmail-run/Makefile:1.78 Mon Dec 14 11:59:45 2020
+++ pkgsrc/mail/qmail-run/Makefile Thu Jan 14 15:42:35 2021
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.78 2020/12/14 11:59:45 schmonz Exp $
+# $NetBSD: Makefile,v 1.79 2021/01/14 15:42:35 schmonz Exp $
#
-DISTNAME= qmail-run-20201214
+DISTNAME= qmail-run-20210114
CATEGORIES= mail
MASTER_SITES= # empty
DISTFILES= # empty
Index: pkgsrc/mail/qmail-run/files/qmailofmipd.sh
diff -u pkgsrc/mail/qmail-run/files/qmailofmipd.sh:1.26 pkgsrc/mail/qmail-run/files/qmailofmipd.sh:1.27
--- pkgsrc/mail/qmail-run/files/qmailofmipd.sh:1.26 Fri Dec 11 12:11:43 2020
+++ pkgsrc/mail/qmail-run/files/qmailofmipd.sh Thu Jan 14 15:42:36 2021
@@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
-# $NetBSD: qmailofmipd.sh,v 1.26 2020/12/11 12:11:43 schmonz Exp $
+# $NetBSD: qmailofmipd.sh,v 1.27 2021/01/14 15:42:36 schmonz Exp $
#
# @PKGNAME@ script to control ofmipd (SMTP submission service).
#
@@ -31,8 +31,7 @@ name="qmailofmipd"
: ${qmailofmipd_tls:="auto"}
: ${qmailofmipd_tls_dhparams:="@PKG_SYSCONFDIR@/control/dh2048.pem"}
: ${qmailofmipd_tls_cert:="@PKG_SYSCONFDIR@/control/servercert.pem"}
-: ${qmailofmipd_tls_key:=""}
-: ${qmailofmipd_tls_ciphers:=""}
+: ${qmailofmipd_tls_key:="@PKG_SYSCONFDIR@/control/serverkey.pem"}
if [ -f /etc/rc.subr ]; then
. /etc/rc.subr
@@ -57,7 +56,7 @@ reload_cmd=${cdb_cmd}
qmailofmipd_configure_tls() {
if [ "auto" = "${qmailofmipd_tls}" ]; then
- if [ -f "${qmailofmipd_tls_dhparams}" ] && [ -f "${qmailofmipd_tls_cert}" ]; then
+ if [ -f "${qmailofmipd_tls_cert}" ]; then
qmailofmipd_enable_tls
else
qmailofmipd_disable_tls
@@ -74,16 +73,16 @@ qmailofmipd_disable_tls() {
}
qmailofmipd_enable_tls() {
+ qmailofmipd_postenv="CADIR=@SSLDIR@/certs ${qmailofmipd_postenv}"
qmailofmipd_postenv="SSL_UID=$(@ID@ -u @UCSPI_SSL_USER@) ${qmailofmipd_postenv}"
qmailofmipd_postenv="SSL_GID=$(@ID@ -g @UCSPI_SSL_GROUP@) ${qmailofmipd_postenv}"
qmailofmipd_postenv="DHFILE=${qmailofmipd_tls_dhparams} ${qmailofmipd_postenv}"
qmailofmipd_postenv="CERTFILE=${qmailofmipd_tls_cert} ${qmailofmipd_postenv}"
- if [ -f "${qmailofmipd_tls_key}" ]; then
- qmailofmipd_postenv="KEYFILE=${qmailofmipd_tls_key} ${qmailofmipd_postenv}"
- fi
- if [ -n "${qmailofmipd_tls_ciphers}" ]; then
- qmailofmipd_postenv="CIPHERS=${qmailofmipd_tls_ciphers} ${qmailofmipd_postenv}"
+ if [ -n "${qmailofmipd_tls_key}" -a ! -f "${qmailofmipd_tls_key}" ]; then
+ openssl rsa -in ${qmailofmipd_tls_cert} -out ${qmailofmipd_tls_key}
+ @CHMOD@ 640 ${qmailofmipd_tls_key}
fi
+ qmailofmipd_postenv="KEYFILE=${qmailofmipd_tls_key} ${qmailofmipd_postenv}"
}
qmailofmipd_precmd() {
Index: pkgsrc/mail/qmail-run/files/qmailpop3d.sh
diff -u pkgsrc/mail/qmail-run/files/qmailpop3d.sh:1.33 pkgsrc/mail/qmail-run/files/qmailpop3d.sh:1.34
--- pkgsrc/mail/qmail-run/files/qmailpop3d.sh:1.33 Thu Mar 21 15:33:06 2019
+++ pkgsrc/mail/qmail-run/files/qmailpop3d.sh Thu Jan 14 15:42:36 2021
@@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
-# $NetBSD: qmailpop3d.sh,v 1.33 2019/03/21 15:33:06 schmonz Exp $
+# $NetBSD: qmailpop3d.sh,v 1.34 2021/01/14 15:42:36 schmonz Exp $
#
# @PKGNAME@ script to control qmail-pop3d (POP3 server for Maildirs).
#
@@ -30,8 +30,7 @@ name="qmailpop3d"
: ${qmailpop3d_tls:="auto"}
: ${qmailpop3d_tls_dhparams:="@PKG_SYSCONFDIR@/control/dh2048.pem"}
: ${qmailpop3d_tls_cert:="@PKG_SYSCONFDIR@/control/servercert.pem"}
-: ${qmailpop3d_tls_key:=""}
-: ${qmailpop3d_tls_ciphers:=""}
+: ${qmailpop3d_tls_key:="@PKG_SYSCONFDIR@/control/serverkey.pem"}
if [ -f /etc/rc.subr ]; then
. /etc/rc.subr
@@ -54,7 +53,7 @@ reload_cmd=${cdb_cmd}
qmailpop3d_configure_tls() {
if [ "auto" = "${qmailpop3d_tls}" ]; then
- if [ -f "${qmailpop3d_tls_dhparams}" ] && [ -f "${qmailpop3d_tls_cert}" ]; then
+ if [ -f "${qmailpop3d_tls_cert}" ]; then
qmailpop3d_enable_tls
else
qmailpop3d_disable_tls
@@ -71,16 +70,16 @@ qmailpop3d_disable_tls() {
}
qmailpop3d_enable_tls() {
+ qmailpop3d_postenv="CADIR=@SSLDIR@/certs ${qmailpop3d_postenv}"
qmailpop3d_postenv="SSL_UID=$(@ID@ -u @UCSPI_SSL_USER@) ${qmailpop3d_postenv}"
qmailpop3d_postenv="SSL_GID=$(@ID@ -g @UCSPI_SSL_GROUP@) ${qmailpop3d_postenv}"
qmailpop3d_postenv="DHFILE=${qmailpop3d_tls_dhparams} ${qmailpop3d_postenv}"
qmailpop3d_postenv="CERTFILE=${qmailpop3d_tls_cert} ${qmailpop3d_postenv}"
- if [ -f "${qmailpop3d_tls_key}" ]; then
- qmailpop3d_postenv="KEYFILE=${qmailpop3d_tls_key} ${qmailpop3d_postenv}"
- fi
- if [ -n "${qmailpop3d_tls_ciphers}" ]; then
- qmailpop3d_postenv="CIPHERS=${qmailpop3d_tls_ciphers} ${qmailpop3d_postenv}"
+ if [ -n "${qmailpop3d_tls_key}" -a ! -f "${qmailpop3d_tls_key}" ]; then
+ openssl rsa -in ${qmailpop3d_tls_cert} -out ${qmailpop3d_tls_key}
+ @CHMOD@ 640 ${qmailpop3d_tls_key}
fi
+ qmailpop3d_postenv="KEYFILE=${qmailpop3d_tls_key} ${qmailpop3d_postenv}"
}
qmailpop3d_precmd() {
Index: pkgsrc/mail/qmail-run/files/qmailsmtpd.sh
diff -u pkgsrc/mail/qmail-run/files/qmailsmtpd.sh:1.30 pkgsrc/mail/qmail-run/files/qmailsmtpd.sh:1.31
--- pkgsrc/mail/qmail-run/files/qmailsmtpd.sh:1.30 Thu Mar 21 15:33:06 2019
+++ pkgsrc/mail/qmail-run/files/qmailsmtpd.sh Thu Jan 14 15:42:36 2021
@@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
-# $NetBSD: qmailsmtpd.sh,v 1.30 2019/03/21 15:33:06 schmonz Exp $
+# $NetBSD: qmailsmtpd.sh,v 1.31 2021/01/14 15:42:36 schmonz Exp $
#
# @PKGNAME@ script to control qmail-smtpd (SMTP service).
#
@@ -29,8 +29,7 @@ name="qmailsmtpd"
: ${qmailsmtpd_tls:="auto"}
: ${qmailsmtpd_tls_dhparams:="@PKG_SYSCONFDIR@/control/dh2048.pem"}
: ${qmailsmtpd_tls_cert:="@PKG_SYSCONFDIR@/control/servercert.pem"}
-: ${qmailsmtpd_tls_key:=""}
-: ${qmailsmtpd_tls_ciphers:=""}
+: ${qmailsmtpd_tls_key:="@PKG_SYSCONFDIR@/control/serverkey.pem"}
if [ -f /etc/rc.subr ]; then
. /etc/rc.subr
@@ -53,7 +52,7 @@ reload_cmd=${cdb_cmd}
qmailsmtpd_configure_tls() {
if [ "auto" = "${qmailsmtpd_tls}" ]; then
- if [ -f "${qmailsmtpd_tls_dhparams}" ] && [ -f "${qmailsmtpd_tls_cert}" ]; then
+ if [ -f "${qmailsmtpd_tls_cert}" ]; then
qmailsmtpd_enable_tls
else
qmailsmtpd_disable_tls
@@ -70,16 +69,16 @@ qmailsmtpd_disable_tls() {
}
qmailsmtpd_enable_tls() {
+ qmailsmtpd_postenv="CADIR=@SSLDIR@/certs ${qmailsmtpd_postenv}"
qmailsmtpd_postenv="SSL_UID=$(@ID@ -u @UCSPI_SSL_USER@) ${qmailsmtpd_postenv}"
qmailsmtpd_postenv="SSL_GID=$(@ID@ -g @UCSPI_SSL_GROUP@) ${qmailsmtpd_postenv}"
qmailsmtpd_postenv="DHFILE=${qmailsmtpd_tls_dhparams} ${qmailsmtpd_postenv}"
qmailsmtpd_postenv="CERTFILE=${qmailsmtpd_tls_cert} ${qmailsmtpd_postenv}"
- if [ -f "${qmailsmtpd_tls_key}" ]; then
- qmailsmtpd_postenv="KEYFILE=${qmailsmtpd_tls_key} ${qmailsmtpd_postenv}"
- fi
- if [ -n "${qmailsmtpd_tls_ciphers}" ]; then
- qmailsmtpd_postenv="CIPHERS=${qmailsmtpd_tls_ciphers} ${qmailsmtpd_postenv}"
+ if [ -n "${qmailsmtpd_tls_key}" -a ! -f "${qmailsmtpd_tls_key}" ]; then
+ openssl rsa -in ${qmailsmtpd_tls_cert} -out ${qmailsmtpd_tls_key}
+ @CHMOD@ 640 ${qmailsmtpd_tls_key}
fi
+ qmailsmtpd_postenv="KEYFILE=${qmailsmtpd_tls_key} ${qmailsmtpd_postenv}"
}
qmailsmtpd_precmd() {
Index: pkgsrc/mail/qmail-run/files/tcprules-smtp
diff -u pkgsrc/mail/qmail-run/files/tcprules-smtp:1.2 pkgsrc/mail/qmail-run/files/tcprules-smtp:1.3
--- pkgsrc/mail/qmail-run/files/tcprules-smtp:1.2 Fri Dec 14 06:49:31 2018
+++ pkgsrc/mail/qmail-run/files/tcprules-smtp Thu Jan 14 15:42:36 2021
@@ -1,2 +1,2 @@
-127.:allow,RELAYCLIENT=""
+127.:allow,RELAYCLIENT="",QMAILQUEUE="/opt/pkg/bin/qmail-qfilter-queue",QMAILQUEUEFILTERS="control/localfilters"
:allow,UCSPITLS="",GREETDELAY="2",SPP_SPF_DONT_ALLOW_RANDOM_IP_PASS="1",SPP_SPF_RESULT_PASS="SGL_WHITELISTED=1",GL_DATABASE="@PKG_SYSCONFDIR@/control/greylist/database",GL_VERBOSE="1",QMAILQUEUE="@PREFIX@/bin/qmail-qfilter-queue",QMAILQUEUEFILTERS="control/smtpfilters"
Home |
Main Index |
Thread Index |
Old Index