Index: files/patch-Makefile.m4 =================================================================== --- files/patch-Makefile.m4 +++ files/patch-Makefile.m4 @@ -1,12 +1,11 @@ ---- sendmail/Makefile.m4.orig 2014-11-11 15:49:49 UTC -+++ sendmail/Makefile.m4 -@@ -13,8 +13,7 @@ bldPUSH_SMLIB(`smutil') - - - dnl hack: /etc/mail is not defined as "location of .cf" in the build system --define(`bldTARGET_INST_DEP', ifdef(`confINST_DEP', `confINST_DEP', --`${DESTDIR}/etc/mail/submit.cf ${DESTDIR}${MSPQ}'))dnl -+define(`bldTARGET_INST_DEP', ifdef(`confINST_DEP', `confINST_DEP')) - define(`bldTARGET_LINKS', ifdef(`confLINKS', `confLINKS', - `${DESTDIR}${UBINDIR}/newaliases ${DESTDIR}${UBINDIR}/mailq ${DESTDIR}${UBINDIR}/hoststat ${DESTDIR}${UBINDIR}/purgestat') - )dnl +--- sendmail/Makefile.m4.orig 2017-12-12 22:50:54.044512000 -0500 ++++ sendmail/Makefile.m4 2017-12-12 22:51:20.794948000 -0500 +@@ -6,7 +6,7 @@ + bldPRODUCT_START(`executable', `sendmail') + define(`bldBIN_TYPE', `G') + define(`bldINSTALL_DIR', `') +-define(`bldSOURCES', `main.c alias.c arpadate.c bf.c collect.c conf.c control.c convtime.c daemon.c deliver.c domain.c envelope.c err.c headers.c macro.c map.c mci.c milter.c mime.c parseaddr.c queue.c ratectrl.c readcf.c recipient.c sasl.c savemail.c sfsasl.c shmticklib.c sm_resolve.c srvrsmtp.c stab.c stats.c sysexits.c timers.c tls.c trace.c udb.c usersmtp.c util.c version.c ') ++define(`bldSOURCES', `main.c alias.c arpadate.c bf.c blacklist.c collect.c conf.c control.c convtime.c daemon.c deliver.c domain.c envelope.c err.c headers.c macro.c map.c mci.c milter.c mime.c parseaddr.c queue.c ratectrl.c readcf.c recipient.c sasl.c savemail.c sfsasl.c shmticklib.c sm_resolve.c srvrsmtp.c stab.c stats.c sysexits.c timers.c tls.c trace.c udb.c usersmtp.c util.c version.c ') + PREPENDDEF(`confENVDEF', `confMAPDEF') + bldPUSH_SMLIB(`sm') + bldPUSH_SMLIB(`smutil') Index: files/patch-blacklist.c =================================================================== --- /dev/null +++ files/patch-blacklist.c @@ -0,0 +1,60 @@ +--- sendmail/blacklist.c.orig 1969-12-31 19:00:00.000000000 -0500 ++++ sendmail/blacklist.c 2017-12-12 22:51:20.796167000 -0500 +@@ -0,0 +1,57 @@ ++/*- ++ * Copyright (c) 2016 The FreeBSD Foundation ++ * All rights reserved. ++ * ++ * This software was developed by Kurt Lidl under sponsorship from the ++ * FreeBSD Foundation. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. */ ++ ++/* $FreeBSD$ */ ++ ++#ifdef USE_BLACKLIST ++#include ++#include /* for EXTERN UseBlacklist */ ++ ++#include ++#include "blacklist_client.h" ++ ++static struct blacklist *blstate; ++ ++void ++blacklist_init(void) ++{ ++ ++ if (UseBlacklist) ++ blstate = blacklist_open(); ++} ++ ++void ++blacklist_notify(int action, int fd, const char *msg) ++{ ++ ++ if (blstate == NULL) ++ return; ++ (void)blacklist_r(blstate, action, fd, msg); ++} ++ ++#endif /* USE_BLACKLIST */ Index: files/patch-blacklist_client.h =================================================================== --- /dev/null +++ files/patch-blacklist_client.h @@ -0,0 +1,60 @@ +--- sendmail/blacklist_client.h.orig 1969-12-31 19:00:00.000000000 -0500 ++++ sendmail/blacklist_client.h 2017-12-12 22:51:20.797288000 -0500 +@@ -0,0 +1,57 @@ ++/*- ++ * Copyright (c) 2016 The FreeBSD Foundation ++ * All rights reserved. ++ * ++ * This software was developed by Kurt Lidl under sponsorship from the ++ * FreeBSD Foundation. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. */ ++ ++/* $FreeBSD$ */ ++ ++#ifndef BLACKLIST_CLIENT_H ++#define BLACKLIST_CLIENT_H ++ ++#ifndef BLACKLIST_API_ENUM ++enum { ++ BLACKLIST_AUTH_OK = 0, ++ BLACKLIST_AUTH_FAIL, ++ BLACKLIST_ABUSIVE_BEHAVIOR, ++ BLACKLIST_BAD_USER ++}; ++#endif ++ ++#ifdef USE_BLACKLIST ++void blacklist_init(void); ++void blacklist_notify(int, int, const char *); ++ ++#define BLACKLIST_INIT() blacklist_init() ++#define BLACKLIST_NOTIFY(x, y, msg) blacklist_notify(x, y, msg) ++ ++#else ++ ++#define BLACKLIST_INIT() ++#define BLACKLIST_NOTIFY(x, y, msg) ++ ++#endif ++ ++#endif /* BLACKLIST_CLIENT_H */ Index: files/patch-daemon.c =================================================================== --- files/patch-daemon.c +++ files/patch-daemon.c @@ -1,12 +1,10 @@ ---- sendmail/daemon.c.orig 2016-06-12 18:25:14.196269000 -0400 -+++ sendmail/daemon.c 2016-06-12 18:31:47.159880000 -0400 -@@ -754,6 +754,10 @@ +--- sendmail/daemon.c.orig 2015-02-27 19:50:03.000000000 -0500 ++++ sendmail/daemon.c 2017-12-12 22:51:20.801087000 -0500 +@@ -754,6 +754,8 @@ anynet_ntoa(&RealHostAddr)); } -+#ifdef USE_BLACKLIST -+ blacklist_init(); -+#endif ++ BLACKLIST_INIT(); + if (pipefd[0] != -1) { Index: files/patch-main.c =================================================================== --- files/patch-main.c +++ /dev/null @@ -1,26 +0,0 @@ ---- sendmail/main.c.orig 2016-06-12 18:24:56.170900000 -0400 -+++ sendmail/main.c 2016-06-12 18:30:07.426701000 -0400 -@@ -4642,3 +4642,23 @@ - sm_etype_printf, - "quick abort %0", - }; -+ -+#ifdef USE_BLACKLIST -+static struct blacklist *blstate; -+ -+void -+blacklist_init(void) -+{ -+ blstate = blacklist_open(); -+} -+ -+void -+blacklist_notify(int a, int fd, char *msg) -+{ -+ if (blstate == NULL) -+ blacklist_init(); -+ if (blstate == NULL) -+ return; -+ (void)blacklist_r(blstate, a, fd, msg); -+} -+#endif Index: files/patch-readcf.c =================================================================== --- /dev/null +++ files/patch-readcf.c @@ -0,0 +1,26 @@ +--- sendmail/readcf.c.orig 2015-06-17 12:51:58.000000000 -0400 ++++ sendmail/readcf.c 2017-12-12 22:51:20.804907000 -0500 +@@ -2910,6 +2910,10 @@ + #endif + #define O_USECOMPRESSEDIPV6ADDRESSES 0xec + { "UseCompressedIPv6Addresses", O_USECOMPRESSEDIPV6ADDRESSES, OI_NONE }, ++#if USE_BLACKLIST ++# define O_BLACKLIST 0xf2 ++ { "UseBlacklist", O_BLACKLIST, OI_NONE }, ++#endif + + { NULL, '\0', OI_NONE } + }; +@@ -4540,6 +4544,12 @@ + UseCompressedIPv6Addresses = atobool(val); + break; + ++#if USE_BLACKLIST ++ case O_BLACKLIST: ++ UseBlacklist = atobool(val); ++ break; ++#endif ++ + default: + if (tTd(37, 1)) + { Index: files/patch-sendmail.h =================================================================== --- files/patch-sendmail.h +++ files/patch-sendmail.h @@ -1,16 +1,22 @@ ---- sendmail/sendmail.h.orig 2016-06-12 18:23:05.239106000 -0400 -+++ sendmail/sendmail.h 2016-06-12 18:42:38.972341000 -0400 -@@ -2647,6 +2647,13 @@ - extern char *milter_unknown __P((char *, ENVELOPE *, char *)); - #endif /* MILTER */ +--- sendmail/sendmail.h.orig 2015-06-19 08:59:29.000000000 -0400 ++++ sendmail/sendmail.h 2017-12-12 22:51:20.809294000 -0500 +@@ -57,6 +57,8 @@ + #endif /* _DEFINE */ -+#if USE_BLACKLIST -+/* blacklistd functions */ -+void blacklist_init(void); -+void blacklist_notify(int, int, char *); + #include "bf.h" +#include ++#include "blacklist_client.h" + #include "timers.h" + #include + #include +@@ -2544,6 +2546,10 @@ + EXTERN bool SSLEngineInitialized; + #endif /* STARTTLS && USE_OPENSSL_ENGINE */ + ++#if USE_BLACKLIST ++EXTERN bool UseBlacklist; +#endif + - extern char *addquotes __P((char *, SM_RPOOL_T *)); - extern char *arpadate __P((char *)); - extern bool atobool __P((char *)); + /* + ** Declarations of useful functions + */ Index: files/patch-sendmail.8 =================================================================== --- /dev/null +++ files/patch-sendmail.8 @@ -0,0 +1,14 @@ +--- sendmail/sendmail.8.orig 2014-06-13 10:57:59.000000000 -0400 ++++ sendmail/sendmail.8 2017-12-12 22:51:20.806020000 -0500 +@@ -537,6 +537,11 @@ + failed messages will be returned to the sender. + The default is five days. + .TP ++UseBlacklist ++If set, send authentication failure and success notifications to the ++.BR blacklistd (8) ++daemon. ++.TP + .RI UserDatabaseSpec= userdatabase + If set, a user database is consulted to get forwarding information. + You can consider this an adjunct to the aliasing mechanism, Index: files/patch-srvrsmtp.c =================================================================== --- files/patch-srvrsmtp.c +++ files/patch-srvrsmtp.c @@ -1,44 +1,33 @@ --- sendmail/srvrsmtp.c.orig 2015-03-18 07:47:12.000000000 -0400 -+++ sendmail/srvrsmtp.c 2016-06-12 18:36:01.372172000 -0400 -@@ -832,6 +832,9 @@ - int n_badrcpts_adj; - #endif /* _FFR_BADRCPT_SHUTDOWN */ - -+#ifdef USE_BLACKLIST -+ int fd; -+#endif - SevenBitInput_Saved = SevenBitInput; - smtp.sm_nrcpts = 0; - #if MILTER -@@ -1328,6 +1331,9 @@ ++++ sendmail/srvrsmtp.c 2017-12-12 22:51:20.813357000 -0500 +@@ -1328,6 +1328,7 @@ (int) tp.tv_sec + (tp.tv_usec >= 500000 ? 1 : 0) ); -+#ifdef USE_BLACKLIST -+ blacklist_notify(1, fd, "pre-greeting traffic"); -+#endif ++ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, fd, "pre-greeting traffic"); } } } -@@ -1723,6 +1729,10 @@ +@@ -1721,8 +1722,11 @@ + } + else { ++ int fd; /* not SASL_OK or SASL_CONT */ message("535 5.7.0 authentication failed"); -+#ifdef USE_BLACKLIST + fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL); -+ blacklist_notify(1, fd, "AUTH FAIL"); -+#endif ++ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, fd, "AUTH FAIL"); if (LogLevel > 9) sm_syslog(LOG_WARNING, e->e_id, "AUTH failure (%s): %s (%d) %s, relay=%.100s", -@@ -3524,6 +3534,10 @@ +@@ -3523,7 +3527,10 @@ + #if MAXBADCOMMANDS > 0 if (++n_badcmds > MAXBADCOMMANDS) { ++ int fd; stopattack: -+#ifdef USE_BLACKLIST + fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL); -+ blacklist_notify(1, fd, "too many bad commands"); -+#endif ++ BLACKLIST_NOTIFY(BLACKLIST_ABUSIVE_BEHAVIOR, fd, "too many bad commands"); message("421 4.7.0 %s Too many bad commands; closing connection", MyHostName); Index: files/patch-usersmtp.c =================================================================== --- files/patch-usersmtp.c +++ files/patch-usersmtp.c @@ -1,26 +1,23 @@ --- sendmail/usersmtp.c.orig 2014-12-05 10:42:28.000000000 -0500 -+++ sendmail/usersmtp.c 2016-06-12 18:35:25.940865000 -0400 -@@ -1825,6 +1825,10 @@ ++++ sendmail/usersmtp.c 2017-12-12 22:51:20.815975000 -0500 +@@ -1825,6 +1825,9 @@ if (saslresult != SASL_OK && saslresult != SASL_CONTINUE) { -+#ifdef USE_BLACKLIST + int fd = sm_io_getinfo(mci->mci_in, SM_IO_WHAT_FD, NULL); -+ blacklist_notify(1, fd, "AUTH FAIL"); -+#endif ++ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, fd, "AUTH FAIL"); ++ if (tTd(95, 5)) sm_dprintf("AUTH FAIL=%s (%d)\n", sasl_errstring(saslresult, NULL, NULL), -@@ -1970,9 +1974,13 @@ +@@ -1970,9 +1973,11 @@ do { result = attemptauth(m, mci, e, &(mci->mci_sai)); - if (result == EX_OK) + if (result == EX_OK) { -+#ifdef USE_BLACKLIST + int fd = sm_io_getinfo(mci->mci_in, SM_IO_WHAT_FD, NULL); -+ blacklist_notify(0, fd, "AUTH OK"); -+#endif ++ BLACKLIST_NOTIFY(BLACKLIST_AUTH_OK, fd, "AUTH OK"); mci->mci_sasl_auth = true; - else if (result == EX_TEMPFAIL || result == EX_NOPERM) + } else if (result == EX_TEMPFAIL || result == EX_NOPERM)