pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/mail/qmail
Module Name: pkgsrc
Committed By: schmonz
Date: Thu Jan 14 15:25:23 UTC 2021
Modified Files:
pkgsrc/mail/qmail: Makefile options.mk
pkgsrc/mail/qmail/files: README.pkgsrc README.tls
Log Message:
Improve TLS setup instructions. Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.123 -r1.124 pkgsrc/mail/qmail/Makefile
cvs rdiff -u -r1.69 -r1.70 pkgsrc/mail/qmail/options.mk
cvs rdiff -u -r1.6 -r1.7 pkgsrc/mail/qmail/files/README.pkgsrc
cvs rdiff -u -r1.2 -r1.3 pkgsrc/mail/qmail/files/README.tls
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/mail/qmail/Makefile
diff -u pkgsrc/mail/qmail/Makefile:1.123 pkgsrc/mail/qmail/Makefile:1.124
--- pkgsrc/mail/qmail/Makefile:1.123 Thu Nov 19 09:35:42 2020
+++ pkgsrc/mail/qmail/Makefile Thu Jan 14 15:25:22 2021
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.123 2020/11/19 09:35:42 schmonz Exp $
+# $NetBSD: Makefile,v 1.124 2021/01/14 15:25:22 schmonz Exp $
#
DISTNAME= notqmail-1.08
PKGNAME= qmail-1.03
-PKGREVISION= 49
+PKGREVISION= 50
CATEGORIES= mail
MASTER_SITES= ${MASTER_SITE_GITHUB:=notqmail/}
GITHUB_PROJECT= notqmail
Index: pkgsrc/mail/qmail/options.mk
diff -u pkgsrc/mail/qmail/options.mk:1.69 pkgsrc/mail/qmail/options.mk:1.70
--- pkgsrc/mail/qmail/options.mk:1.69 Sat May 23 20:50:02 2020
+++ pkgsrc/mail/qmail/options.mk Thu Jan 14 15:25:22 2021
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.69 2020/05/23 20:50:02 schmonz Exp $
+# $NetBSD: options.mk,v 1.70 2021/01/14 15:25:22 schmonz Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.qmail
PKG_SUPPORTED_OPTIONS+= eai inet6 pam syncdir tai-system-clock tls
@@ -98,8 +98,8 @@ SUBST_SED.tmprsadh= -e 's|^export PATH=
SUBST_SED.tmprsadh+= -e 's|^openssl |${OPENSSL} |'
READMES+= README.tls
SUBST_VARS.paths+= OPENSSL QMAIL_DAEMON_USER QMAIL_QMAIL_GROUP
-SUBST_VARS.paths+= OPENSSL SERVERCERT CLIENTCERT
SUBST_SED.paths+= -e 's|@SERVERCERT@|${PKG_SYSCONFDIR:Q}/control/servercert.pem|g'
+SUBST_SED.paths+= -e 's|@SERVERKEY@|${PKG_SYSCONFDIR:Q}/control/serverkey.pem|g'
SUBST_SED.paths+= -e 's|@CLIENTCERT@|${PKG_SYSCONFDIR:Q}/control/clientcert.pem|g'
DEPENDS+= ucspi-ssl>=0.999.10.11nb2:../../net/ucspi-ssl
.else
Index: pkgsrc/mail/qmail/files/README.pkgsrc
diff -u pkgsrc/mail/qmail/files/README.pkgsrc:1.6 pkgsrc/mail/qmail/files/README.pkgsrc:1.7
--- pkgsrc/mail/qmail/files/README.pkgsrc:1.6 Thu Aug 29 22:04:21 2019
+++ pkgsrc/mail/qmail/files/README.pkgsrc Thu Jan 14 15:25:22 2021
@@ -12,7 +12,7 @@ Otherwise, run this command as root:
Getting help
============
-You've installed an automated and customized qmail package. If
+You've installed an automated and customized notqmail package. If
you're having trouble with it, ask the package's maintainer:
<URL:mailto:schmonz-pkgsrc-qmail%schmonz.com@localhost>
@@ -29,7 +29,7 @@ mention:
* that you installed @PKGNAME@ from pkgsrc,
* the output of "@PKG_INFO@ -B @PKGNAME@ | @GREP@ ^QMAIL", and
-* how you're running (or trying to run) the qmail daemons.
+* how you're running (or trying to run) the notqmail daemons.
If you can first reproduce your problem on a manual LWQ-style
installation, your request for help is likely to be better received.
Index: pkgsrc/mail/qmail/files/README.tls
diff -u pkgsrc/mail/qmail/files/README.tls:1.2 pkgsrc/mail/qmail/files/README.tls:1.3
--- pkgsrc/mail/qmail/files/README.tls:1.2 Mon Nov 2 10:43:55 2020
+++ pkgsrc/mail/qmail/files/README.tls Thu Jan 14 15:25:22 2021
@@ -1,32 +1,37 @@
Configuring TLS
===============
-You've applied a Transport Layer Security patch to your qmail installation.
-It is documented more fully by its author here:
+notqmail does not yet ship with native support for TLS encryption. This
+notqmail package enables outbound TLS via a patch:
<URL:https://schmonz.com/qmail/tlsonlyremote/>
+To enable TLS for incoming mail, message submission, and POP3, install
+the qmail-run package. It includes these add-on programs:
-For qmail to opportunistically encrypt incoming mail, and to require
-encryption before authentication for submitted messages, first obtain a
-certificate (e.g., from Let's Encrypt), make it available as
-@SERVERCERT@, and apply these permissions:
+<URL:https://schmonz.com/qmail/acceptutils/>
-# chmod 640 @SERVERCERT@
-# chown @QMAIL_DAEMON_USER@:@QMAIL_QMAIL_GROUP@ @SERVERCERT@
+With qmail-run installed, follow these steps:
-Generate DH params:
+1. Obtain a certificate (e.g., from Let's Encrypt), make it available as
+ @SERVERCERT@, and apply these permissions:
-# update_tmprsadh
+ # chown @QMAIL_DAEMON_USER@:@QMAIL_QMAIL_GROUP@ @SERVERCERT@
+ # chmod 640 @SERVERCERT@
-Have cron(8) regularly regenerate them:
+2. If your cert's private key is in a separate file, make it available as
+ @SERVERKEY@ (same permissions).
- 01 01 * * * @PREFIX@/bin/update_tmprsadh > /dev/null 2>&1
+3. Use the same cert for your server's connections to other servers:
-Then install the qmail-run package and use its qmailsmtpd and
-qmailofmipd rc.d scripts.
+ # ln -s @SERVERCERT@ \
+ @CLIENTCERT@
-For qmail to opportunistically encrypt outgoing mail, use the same
-certificate:
+4. Generate initial Diffie-Hellman parameters:
-# ln -s @SERVERCERT@ @CLIENTCERT@
+ # @PREFIX@/bin/update_tmprsadh
+
+5. Arrange for update_tmprsadh to be run regularly from cron(8),
+ /etc/security.local, or similar.
+
+Then start your TLS-enabled notqmail using qmail-run's rc.d scripts.
Home |
Main Index |
Thread Index |
Old Index