diff --git a/mail/sendmail-devel/files/patch-cfproto.m4 b/mail/sendmail-devel/files/patch-cfproto.m4 deleted file mode 100644 index be4f25c23264..000000000000 --- a/mail/sendmail-devel/files/patch-cfproto.m4 +++ /dev/null @@ -1,24 +0,0 @@ ---- cf/m4/proto.m4.orig 2023-10-27 05:47:26 UTC -+++ cf/m4/proto.m4 -@@ -2912,10 +2912,6 @@ R$* $| $#$* $#$2 - R$* $| $* $: $1', `dnl') - ifdef(`_TLS_FAILURES_',`dnl - R$* $: $(macro {saved_verify} $@ $1 $) $1') --ifdef(`_MTA_STS_', `dnl --R$* $: $1 $| $>"STS_secure" $1 --R$* $| $#$* $#$2 --R$* $| $* $: $1', `dnl') - ifdef(`_ACCESS_TABLE_', `dnl - dnl store name of other side - R$* $: $(macro {TLS_Name} $@ $&{server_name} $) $1 -@@ -2923,6 +2919,10 @@ R$* $: $1 $| $>D <$&{server_name}> $* $: $1 $| $>A <$&{server_addr}> <> - dnl do a default lookup: just TLS_SRV_TAG - R$* $| $* $: $1 $| <$(access TLS_SRV_TAG`'_TAG_DELIM_ $: ? $)> -+ifdef(`_MTA_STS_', `dnl -+R$* $: $1 $| $>"STS_secure" $1 -+R$* $| $#$* $#$2 -+R$* $| $* $: $1', `dnl') - ifdef(`_ATMPF_', `dnl tempfail? - R$* $| <$* _ATMPF_> $#error $@ 4.3.0 $: _TMPFMSG_(`TS')', `dnl') - R$* $@ $>"TLS_connection" $1', `dnl diff --git a/mail/sendmail-devel/files/patch-readcf.c b/mail/sendmail-devel/files/patch-readcf.c index 2318f6a19842..c777f3c55f1e 100644 --- a/mail/sendmail-devel/files/patch-readcf.c +++ b/mail/sendmail-devel/files/patch-readcf.c @@ -1,26 +1,26 @@ ---- sendmail/readcf.c.orig 2023-12-19 05:29:19 UTC +--- sendmail/readcf.c.orig 2024-01-25 05:27:02 UTC +++ sendmail/readcf.c @@ -3208,6 +3208,10 @@ static struct optioninfo { "CipherSuites", O_CIPHERSUITES, OI_NONE }, #endif +#if USE_BLACKLIST -+# define O_BLACKLIST 0xf2 ++# define O_BLACKLIST 0xfb + { "UseBlacklist", O_BLACKLIST, OI_NONE }, +#endif { NULL, '\0', OI_NONE } }; -@@ -4946,6 +4950,12 @@ setoption(opt, val, safe, sticky, e) - break; - #endif - -+#if USE_BLACKLIST -+ case O_BLACKLIST: -+ UseBlacklist = atobool(val); +@@ -4943,6 +4947,12 @@ setoption(opt, val, safe, sticky, e) + #if _FFR_MTA_STS + case O_MTASTS: + MTASTS = atobool(val); + break; +#endif + - default: - if (tTd(37, 1)) - { ++#if USE_BLACKLIST ++ case O_BLACKLIST: ++ UseBlacklist = atobool(val); + break; + #endif + diff --git a/mail/sendmail-devel/files/patch-srvrsmtp.c b/mail/sendmail-devel/files/patch-srvrsmtp.c index e4abbbf00a57..4abe95e30b78 100644 --- a/mail/sendmail-devel/files/patch-srvrsmtp.c +++ b/mail/sendmail-devel/files/patch-srvrsmtp.c @@ -1,102 +1,102 @@ ---- sendmail/srvrsmtp.c.orig 2023-12-05 09:53:22 UTC +--- sendmail/srvrsmtp.c.orig 2024-01-25 05:27:02 UTC +++ sendmail/srvrsmtp.c -@@ -921,6 +921,9 @@ do \ +@@ -940,6 +940,9 @@ do \ # define SHOWCMDINREPLY(inp) inp # define SHOWSHRTCMDINREPLY(inp) shortenstring(inp, MAXSHORTSTR) #endif +#ifdef USE_BLACKLIST + int saved_bl_fd; +#endif void smtp(nullserver, d_flags, e) -@@ -1504,6 +1507,8 @@ smtp(nullserver, d_flags, e) +@@ -1528,6 +1531,8 @@ smtp(nullserver, d_flags, e) /* check if data is on the socket during the pause */ if ((tp = channel_readable(InChannel, msecs)) != NULL) { + int fd; + greetcode = "554"; nullserver = "Command rejected"; sm_syslog(LOG_INFO, e->e_id, -@@ -1513,6 +1518,8 @@ smtp(nullserver, d_flags, e) +@@ -1537,6 +1542,8 @@ smtp(nullserver, d_flags, e) (int) tp->tv_sec + (tp->tv_usec >= 500000 ? 1 : 0) ); + fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL); + BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, fd, "pre-greeting traffic"); } } } -@@ -1631,6 +1638,10 @@ smtp(nullserver, d_flags, e) +@@ -1655,6 +1662,10 @@ smtp(nullserver, d_flags, e) SmtpPhase = "server cmd read"; sm_setproctitle(true, e, "server %s cmd read", CurSmtpClient); +#ifdef USE_BLACKLIST + saved_bl_fd = dup(sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL)); +#endif + /* handle errors */ if (sm_io_error(OutChannel) || (p = sfgets(inp, sizeof(inp), InChannel, -@@ -1944,8 +1955,11 @@ smtp(nullserver, d_flags, e) +@@ -1965,8 +1976,11 @@ smtp(nullserver, d_flags, e) #define LOGAUTHFAIL \ do \ { \ + int fd; \ SET_AUTH_USER_CONDITIONALLY \ message("535 5.7.0 authentication failed"); \ + fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL); \ + BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, fd, "AUTH FAIL"); \ if (LogLevel >= 9) \ sm_syslog(LOG_WARNING, e->e_id, \ "AUTH failure (%s): %s (%d) %s%s%.*s, relay=%.100s", \ -@@ -2095,6 +2109,9 @@ smtp(nullserver, d_flags, e) +@@ -2116,6 +2130,9 @@ smtp(nullserver, d_flags, e) DELAY_CONN("AUTH"); if (!sasl_ok || n_mechs <= 0) { + int fd; + fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL); + BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, fd, "AUTH LOGIN FAIL"); message("503 5.3.3 AUTH not available"); break; } -@@ -3836,10 +3853,17 @@ smtp(nullserver, d_flags, e) +@@ -3841,10 +3858,17 @@ smtp(nullserver, d_flags, e) ** timeouts for the same connection. */ +#ifdef USE_BLACKLIST + /* no immediate BLACKLIST_ABUSIVE_BEHAVIOR */ + BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, saved_bl_fd, "no command issued"); +#endif sm_syslog(LOG_INFO, e->e_id, "%s did not issue MAIL/EXPN/VRFY/ETRN during connection to %s", CurSmtpClient, d); } +#ifdef USE_BLACKLIST + close(saved_bl_fd); +#endif if (tTd(93, 100)) { /* return to handle next connection */ -@@ -3921,7 +3945,10 @@ smtp(nullserver, d_flags, e) +@@ -3926,7 +3950,10 @@ smtp(nullserver, d_flags, e) #if MAXBADCOMMANDS > 0 if (++n_badcmds > MAXBADCOMMANDS) { + int fd; stopattack: + fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL); + BLACKLIST_NOTIFY(BLACKLIST_ABUSIVE_BEHAVIOR, fd, "too many bad commands"); message("421 4.7.0 %s Too many bad commands; closing connection", MyHostName); -@@ -3975,6 +4002,9 @@ smtp(nullserver, d_flags, e) +@@ -3980,6 +4007,9 @@ smtp(nullserver, d_flags, e) } #if SASL } +#endif +#ifdef USE_BLACKLIST + close(saved_bl_fd); #endif } SM_EXCEPT(exc, "[!F]*")