diff --git a/mail/postfix/Makefile b/mail/postfix/Makefile index 3fe0740e9228..b148a5a2fd10 100644 --- a/mail/postfix/Makefile +++ b/mail/postfix/Makefile @@ -1,463 +1,463 @@ PORTNAME= postfix DISTVERSION= 3.10.0 -PORTREVISION?= 0 +PORTREVISION?= 1 PORTEPOCH= 1 CATEGORIES= mail MASTER_SITES= https://postfix-mirror.horus-it.com/postfix-release/ \ http://ftp.porcupine.org/mirrors/postfix-release/ \ http://de.postfix.org/ftpmirror/ \ http://www.artfiles.org/postfix.org/postfix-release/ \ http://mirror.lhsolutions.nl/postfix-release/ \ ftp://postfix.mirrors.pair.com/ MASTER_SITES:= ${MASTER_SITES:S|$|official/|} DIST_SUBDIR= ${PORTNAME} MAINTAINER= otis@FreeBSD.org COMMENT= Secure alternative to widely-used Sendmail ${COMMENT_${FLAVOR}} WWW= https://www.postfix.org/ LICENSE= EPL IPL10 LICENSE_COMB= multi LICENSE_NAME_IPL10= IBM PUBLIC LICENSE VERSION 1.0 LICENSE_FILE= ${WRKSRC}/LICENSE LICENSE_PERMS_IPL10= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept FLAVORS= default ldap mongo mysql pgsql sasl sqlite default_CONFLICTS_INSTALL= postfix-base-ldap postfix-base-sasl \ postfix-ldap postfix-sasl \ postfix-mongo postfix-base-mongo \ postfix-mysql postfix-base-mysql \ postfix-pgsql postfix-base-pgsql \ postfix-sqlite postfix-base-sqlite ldap_PKGNAMESUFFIX= -ldap ldap_CONFLICTS_INSTALL= postfix postfix-base \ postfix-base-sasl postfix-sasl \ postfix-mongo postfix-base-mongo \ postfix-mysql postfix-base-mysql \ postfix-pgsql postfix-base-pgsql \ postfix-sqlite postfix-base-sqlite mongo_PKGNAMESUFFIX= -mongo mongo_CONFLICTS_INSTALL= postfix postfix-base \ postfix-ldap postfix-base-ldap \ postfix-mysql postfix-base-mysql \ postfix-pgsql postfix-base-pgsql \ postfix-sasl postfix-base-sasl \ postfix-sqlite postfix-base-sqlite mysql_PKGNAMESUFFIX= -mysql mysql_CONFLICTS_INSTALL= postfix postfix-base \ postfix-ldap postfix-base-ldap \ postfix-mongo postfix-base-mongo \ postfix-pgsql postfix-base-pgsql \ postfix-sasl postfix-base-sasl \ postfix-sqlite postfix-base-sqlite pgsql_PKGNAMESUFFIX= -pgsql pgsql_CONFLICTS_INSTALL= postfix postfix-base \ postfix-ldap postfix-base-ldap \ postfix-mongo postfix-base-mongo \ postfix-mysql postfix-base-mysql \ postfix-sasl postfix-base-sasl \ postfix-sqlite postfix-base-sqlite sasl_PKGNAMESUFFIX= -sasl sasl_CONFLICTS_INSTALL= postfix postfix-base \ postfix-base-ldap postfix-ldap \ postfix-mongo postfix-base-mongo \ postfix-mysql postfix-base-mysql \ postfix-pgsql postfix-base-pgsql \ postfix-sqlite postfix-base-sqlite sqlite_PKGNAMESUFFIX= -sqlite sqlite_CONFLICTS_INSTALL= postfix postfix-base \ postfix-ldap postfix-base-ldap \ postfix-mongo postfix-base-mongo \ postfix-mysql postfix-base-mysql \ postfix-pgsql postfix-base-pgsql \ postfix-sasl postfix-base-sasl COMMENT_ldap= (with OpenLDAP support) COMMENT_mysql= (with MySQL support) COMMENT_pgsql= (with PostgreSQL support) COMMENT_sasl= (with Cyrus SASL support) COMMENT_sqlite= (with SQLite support) USES= cpe shebangfix ssl USE_RC_SUBR= postfix USE_SUBMAKE= yes SHEBANG_FILES= auxiliary/qshape/qshape.pl SCRIPTS_ENV+= POSTFIX_DEFAULT_MTA="${POSTFIX_DEFAULT_MTA}" PORTSCOUT= limit:^3\.9\. CONFLICTS_INSTALL= courier-0.* opensmtpd opensmtpd-devel \ postfix postfix-base postfix-ldap-sasl \ postfix-sasl sendmail sendmail-devel USERS= postfix GROUPS= mail maildrop postfix OPTIONS_DEFINE= BDB BLACKLISTD CDB DOCS EAI INST_BASE LDAP LMDB MONGO \ MYSQL NIS PCRE2 PGSQL SASL SQLITE TEST TLS OPTIONS_DEFAULT?= BLACKLISTD EAI PCRE2 TLS OPTIONS_RADIO= RG1 OPTIONS_RADIO_RG1= SASLKMIT SASLKRB5 .if ${FLAVOR:U} == ldap OPTIONS_SLAVE= LDAP .elif ${FLAVOR:U} == mysql OPTIONS_SLAVE= MYSQL .elif ${FLAVOR:U} == pgsql OPTIONS_SLAVE= PGSQL .elif ${FLAVOR:U} == sasl OPTIONS_SLAVE= SASL .elif ${FLAVOR:U} == sqlite OPTIONS_SLAVE= SQLITE .endif .if !empty(FLAVOR) && ${FLAVOR:U} != default OPTIONS_FILE= ${PORT_DBDIR}/${OPTIONS_NAME}/${FLAVOR}-options .endif OPTIONS_SUB= yes BLACKLISTD_DESC= Enable blacklistd support CDB_DESC= CDB maps lookups EAI_DESC= Email Address Internationalization (SMTPUTF8) support INST_BASE_DESC= Install into /usr and /etc/postfix LDAP_DESC= LDAP maps (uses WITH_OPENLDAP_VER) LMDB_DESC= LMDB maps PCRE2_DESC= Use Perl Compatible Regular Expressions, version 2 RG1_DESC= Kerberos network authentication protocol type SASLKMIT_DESC= If your SASL req. MIT Kerberos5, select this SASLKRB5_DESC= If your SASL req. Kerberos5, select this SASL_DESC= Cyrus SASL support (Dovecot SASL is always built in) TEST_DESC= SMTP/LMTP test server and generator BDB_USES= bdb BLACKLISTD_EXTRA_PATCHES= ${FILESDIR}/extra-patch-blacklistd CDB_LIB_DEPENDS= libcdb.so:databases/tinycdb EAI_LIB_DEPENDS= libicuuc.so:devel/icu LDAP_USES= ldap LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb MONGO_LIB_DEPENDS= libbson-1.0.so:devel/libbson \ libmongoc-1.0.so:devel/mongo-c-driver MYSQL_USES?= mysql PCRE2_LIB_DEPENDS= libpcre2-8.so:devel/pcre2 PGSQL_USES= pgsql SASLKMIT_LIB_DEPENDS= libkrb5.so:security/krb5 SASL_LIB_DEPENDS= libsasl2.so:security/cyrus-sasl2 SQLITE_USES= sqlite ALL_TARGET= default .include HTML1= body_checks.5.html bounce.5.html postfix-power.png \ scache.8.html tlsmgr.8.html STRIP_LIBEXEC= anvil bounce cleanup discard dnsblog error flush lmtp local \ master nqmgr oqmgr pickup pipe postlogd postscreen proxymap \ qmgr qmqpd scache showq smtp smtpd spawn tlsmgr tlsproxy \ trivial-rewrite verify virtual .if !defined(DEBUG) MAKEFILEFLAGS+= DEBUG= .endif MAKEFILEFLAGS+= pie=yes CC="${CC}" OPT="${CFLAGS}" .if ${SSL_DEFAULT} == libressl BROKEN= error: OpenSSL-1.1.1 is the minimum supported version. LibreSSL is not supported .endif .if ${PORT_OPTIONS:MINST_BASE} .if ${FLAVOR:U} == ldap PKGNAMESUFFIX= -base-ldap .elif ${FLAVOR:U} == mysql PKGNAMESUFFIX= -base-mysql .elif ${FLAVOR:U} == pgsql PKGNAMESUFFIX= -base-pgsql .elif ${FLAVOR:U} == sasl PKGNAMESUFFIX= -base-sasl .elif ${FLAVOR:U} == sqlite PKGNAMESUFFIX= -base-sqlite .else PKGNAMESUFFIX= -base .endif PREFIX= /usr ETCDIR= /etc/postfix .endif PLIST_SUB+= PFETC=${ETCDIR} # check if mailwrapper supports $LOCALBASE .if ${OPSYS} == FreeBSD SUB_LIST+= MC_PREFIX="${LOCALBASE}" \ USE_LOCALBASE_MAILER_CONF="yes" .else SUB_LIST+= MC_PREFIX="" \ USE_LOCALBASE_MAILER_CONF="no" .endif .if ${PORT_OPTIONS:MDOCS} PORTDOCS= * READMEDIR= ${DOCSDIR} .else READMEDIR= no .endif # dynamic directory location DAEMONDIR= ${PREFIX}/libexec/postfix SHLIB_DIRECTORY= ${PREFIX}/lib/postfix # new proposed location is ETCDIR (see README_FILES/INSTALL) # keep compatiblity with Postfix 2.6 .. 2.11 and use DAEMOMDIR META_DIRECTORY= ${DAEMONDIR} SUB_LIST+= REQUIRE="${_REQUIRE}" SUB_FILES+= mailer.conf.postfix pkg-install pkg-message POSTFIX_CCARGS+= -DDEF_CONFIG_DIR=\\\"${ETCDIR}\\\" \ -DDEF_DAEMON_DIR=\\\"${DAEMONDIR}\\\" \ -DDEF_META_DIR=\\\"${META_DIRECTORY}\\\" \ -DDEF_COMMAND_DIR=\\\"${PREFIX}/sbin\\\" \ -DDEF_SENDMAIL_PATH=\\\"${PREFIX}/sbin/sendmail\\\" \ -DDEF_NEWALIAS_PATH=\\\"${PREFIX}/bin/newaliases\\\" \ -DDEF_MAILQ_PATH=\\\"${PREFIX}/bin/mailq\\\" \ -DDEF_MANPAGE_DIR=\\\"${PREFIX}/share/man\\\" \ -DDEF_README_DIR=\\\"${READMEDIR}\\\" \ -DDEF_HTML_DIR=\\\"${READMEDIR}\\\" \ -DDEF_QUEUE_DIR=\\\"/var/spool/postfix\\\" \ -DDEF_DATA_DIR=\\\"/var/db/postfix\\\" \ -DDEF_MAIL_OWNER=\\\"postfix\\\" \ -DDEF_SGID_GROUP=\\\"maildrop\\\" \ -Wmissing-prototypes -Wformat -Wno-comment # Default requirement for postfix rc script _REQUIRE= LOGIN cleanvar dovecot # always build with Dovecot SASL support, Cyrus is optional # see Postfix HISTORY 20051222 POSTFIX_CCARGS+= -DUSE_SASL_AUTH # Email Address Internationalization (EAI, RFC 6531..6533) .if ${PORT_OPTIONS:MEAI} POSTFIX_CCARGS+= -DHAS_EAI -I${LOCALBASE}/include POSTFIX_AUXLIBS+= -L${LOCALBASE}/lib -licuuc .else POSTFIX_CCARGS+= -DNO_EAI .endif .if ${PORT_OPTIONS:MPCRE2} DYN_EXT+= pcre POSTFIX_CCARGS+= -DHAS_PCRE=2 -I${LOCALBASE}/include POSTFIX_DYN_AUXLIBS+= "AUXLIBS_PCRE=`${LOCALBASE}/bin/pcre2-config --libs8`" .else POSTFIX_CCARGS+= -DNO_PCRE .endif .if ${PORT_OPTIONS:MSASL} POSTFIX_CCARGS+= -DUSE_CYRUS_SASL -I${LOCALBASE}/include \ -I${LOCALBASE}/include/sasl POSTFIX_AUXLIBS+= -L${LOCALBASE}/lib -lsasl2 -lpam -lcrypt .else POSTFIX_CCARGS+= -DDEF_SERVER_SASL_TYPE=\\\"dovecot\\\" .endif .if ${PORT_OPTIONS:MSASLKRB5} POSTFIX_AUXLIBS+= -lkrb5 -lhx509 -lcrypto -lcrypt -lcom_err -lasn1 \ -lroken .endif .if ${PORT_OPTIONS:MSASLKMIT} POSTFIX_AUXLIBS+= -Wl,--rpath,$${KRB5_HOME:-${LOCALBASE}}/lib -lkrb5 \ -lcrypto -lcrypt -lcom_err .endif .if ${PORT_OPTIONS:MTLS} POSTFIX_CCARGS+= -DUSE_TLS -I${OPENSSLINC} # XXX LDFLAGS possible breaks dynamic building POSTFIX_AUXLIBS+= -L${OPENSSLLIB} ${LDFLAGS} -lssl -lcrypto .else POSTFIX_CCARGS+= -DNO_TLS .endif .if ${PORT_OPTIONS:MBDB} POSTFIX_CCARGS+= -I${BDB_INCLUDE_DIR} POSTFIX_AUXLIBS+= -L${BDB_LIB_DIR} -l${BDB_LIB_NAME} .endif .if ${PORT_OPTIONS:MBLACKLISTD} . if ${OPSYS} == FreeBSD POSTFIX_AUXLIBS+= -lblacklist . else IGNORE= blacklistd is only supported on FreeBSD . endif .endif .if ${PORT_OPTIONS:MMONGO} DYN_EXT+= mongodb POSTFIX_CCARGS+= -DHAS_MONGODB -I${LOCALBASE}/include/libmongoc-1.0 \ -I${LOCALBASE}/include/libbson-1.0 POSTFIX_DYN_AUXLIBS+= "AUXLIBS_MONGODB=-L${LOCALBASE}/lib -lmongoc-1.0 -lbson-1.0" .endif .if ${PORT_OPTIONS:MMYSQL} DYN_EXT+= mysql POSTFIX_CCARGS+= -DHAS_MYSQL -I${LOCALBASE}/include/mysql POSTFIX_DYN_AUXLIBS+= "AUXLIBS_MYSQL=-L${LOCALBASE}/lib/mysql -lmysqlclient -lz -lm" _REQUIRE+= mysql .endif .if ${PORT_OPTIONS:MPGSQL} DYN_EXT+= pgsql POSTFIX_CCARGS+= -DHAS_PGSQL -I${LOCALBASE}/include POSTFIX_DYN_AUXLIBS+= "AUXLIBS_PGSQL=-L${LOCALBASE}/lib -lpq" _REQUIRE+= postgresql .endif .if ${PORT_OPTIONS:MSQLITE} DYN_EXT+= sqlite POSTFIX_CCARGS+= -DHAS_SQLITE -I${LOCALBASE}/include POSTFIX_DYN_AUXLIBS+= "AUXLIBS_SQLITE=-L${LOCALBASE}/lib -lsqlite3 -lpthread" .endif .if ${PORT_OPTIONS:MLDAP} DYN_EXT+= ldap POSTFIX_CCARGS+= -DHAS_LDAP -I${LOCALBASE}/include \ -I${LOCALBASE}/include/sasl -DUSE_LDAP_SASL POSTFIX_DYN_AUXLIBS+= "AUXLIBS_LDAP=-L${LOCALBASE}/lib -lldap -llber" _REQUIRE+= slapd .endif .if ${PORT_OPTIONS:MCDB} DYN_EXT+= cdb POSTFIX_CCARGS+= -DHAS_CDB -I${LOCALBASE}/include POSTFIX_DYN_AUXLIBS+= "AUXLIBS_CDB=-L${LOCALBASE}/lib -lcdb" .endif .if ${PORT_OPTIONS:MNIS} POSTFIX_CCARGS+= -DHAS_NIS _REQUIRE+= ypserv .endif .if ${PORT_OPTIONS:MTEST} BINTEST= qmqp-sink qmqp-source smtp-sink smtp-source MANTEST= qmqp-sink.1 qmqp-source.1 smtp-sink.1 smtp-source.1 .endif .if ${PORT_OPTIONS:MLMDB} DYN_EXT+= lmdb POSTFIX_CCARGS+= -DHAS_LMDB -I${LOCALBASE}/include POSTFIX_DYN_AUXLIBS+= "AUXLIBS_LMDB=-L${LOCALBASE}/lib -llmdb" .endif # sed script for files in ${WRKSRC}/README_FILES ${WRKSRC}/conf ${WRKSRC}/man REINPLACE= s!^PATH=.*!PATH=/bin:/sbin:/usr/bin:/usr/sbin:${PREFIX}/bin:${PREFIX}/sbin!;\ s!(_directory = )/usr/!\1${PREFIX}/!g;\ s!^(data_directory = /var/)lib/!\1db/!g;\ s!^\#(mynetworks_style = host)!\1!g;\ s!^(sendmail_path =)!\1 ${PREFIX}/sbin/sendmail!g;\ s!^(newaliases_path =)!\1 ${PREFIX}/bin/newaliases!g;\ s!^(mailq_path =)!\1 ${PREFIX}/bin/mailq!g;\ s!^(setgid_group =)!\1 maildrop!g;\ s!^(manpage_directory =)!\1 ${PREFIX}/share/man!g;\ s!^((html|readme)_directory =)!\1 ${READMEDIR}!g;\ \!^\#alias_database = dbm:/etc/mail/aliases$$!d;\ s!(:|= )/etc/postfix!\1$$config_directory!g;\ s!/etc/postfix!${ETCDIR}!g;\ s!^(sample_directory =)!\1 ${ETCDIR}!g;\ s!($$config_directory/(access|aliases|canonical|generic|header_checks|relocated|transport|virtual):f:root:-:644:)p1!\1o!; post-patch: .if ${PORT_OPTIONS:MSASL} && ! ${PORT_OPTIONS:MMYSQL} && exists(${LOCALBASE}/lib/libsasl2.a) @if /usr/bin/nm ${LOCALBASE}/lib/libsasl2.a | ${GREP} -wq "mysql_init"; then \ ${ECHO_MSG}; \ ${ECHO_MSG} "Your SASL library is compiled with MYSQL"; \ ${ECHO_MSG} "If you use MYSQL in ${PORTNAME} consider CTRL+C and"; \ ${ECHO_MSG} "select MYSQL OPTION in config menu."; \ ${ECHO_MSG} "# make clean config"; \ ${ECHO_MSG}; \ sleep 5; \ fi .endif @${ECHO_CMD} 'See header_checks.5.html' \ > ${WRKSRC}/html/body_checks.5.html @${REINPLACE_CMD} -E -e 's!^(#define DEF_SGID_GROUP[^"]+)"postdrop"$$!\1"maildrop"!' \ ${WRKSRC}/src/global/mail_params.h @${FIND} -X ${WRKSRC}/README_FILES ${WRKSRC}/conf ${WRKSRC}/man \ -type f -a ! \( -name INSTALL -o -name aliases \) | ${XARGS} \ ${REINPLACE_CMD} -i '' -E -e '${REINPLACE}' .for f in ${HTML1} @${ECHO_CMD} '$$html_directory/$f:f:root:-:644' \ >> ${WRKSRC}/conf/postfix-files .endfor @${ECHO_CMD} '$$manpage_directory/man1/posttls-finger.1:f:root:-:644' \ >> ${WRKSRC}/conf/postfix-files @${ECHO_CMD} '$$command_directory/posttls-finger:f:root:-:755' \ >> ${WRKSRC}/conf/postfix-files do-configure: ${MAKE} -C ${WRKSRC} -f Makefile.init makefiles \ ${MAKEFILEFLAGS} CCARGS="${POSTFIX_CCARGS}" \ shared=yes shlib_directory=${SHLIB_DIRECTORY} \ dynamicmaps=yes \ ${POSTFIX_DYN_AUXLIBS} \ AUXLIBS="${POSTFIX_AUXLIBS}" pre-install-INST_BASE-on: ${MKDIR} ${STAGEDIR}/etc/rc.d do-install: ${MAKE} -C ${WRKSRC} non-interactive-package \ install_root=${STAGEDIR} tempdir=${WRKDIR} \ shlib_directory=${SHLIB_DIRECTORY} \ config_directory=${ETCDIR} \ command_directory=${PREFIX}/sbin \ daemon_directory=${DAEMONDIR} \ meta_directory=${META_DIRECTORY} \ html_directory=${READMEDIR} \ mailq_path=${PREFIX}/bin/mailq \ manpage_directory=${PREFIX}/share/man \ newaliases_path=${PREFIX}/bin/newaliases \ readme_directory=${READMEDIR} \ sendmail_path=${PREFIX}/sbin/sendmail ${INSTALL_SCRIPT} ${WRKSRC}/auxiliary/rmail/rmail ${STAGEDIR}${PREFIX}/bin/rmail ${INSTALL_SCRIPT} ${WRKSRC}/auxiliary/qshape/qshape.pl ${STAGEDIR}${PREFIX}/bin/qshape ${INSTALL_MAN} ${WRKSRC}/man/man1/qshape.1 ${STAGEDIR}${PREFIX}/share/man/man1 # == do not overwrite existing config ${MV} ${STAGEDIR}${ETCDIR}/main.cf ${STAGEDIR}${ETCDIR}/main.cf.sample ${MV} ${STAGEDIR}${ETCDIR}/master.cf ${STAGEDIR}${ETCDIR}/master.cf.sample ${MKDIR} ${STAGEDIR}${DATADIR} ${INSTALL_DATA} ${WRKDIR}/mailer.conf.postfix ${STAGEDIR}${DATADIR} .for SAMPLEFILE in access aliases canonical generic header_checks relocated transport virtual ${MV} ${STAGEDIR}${ETCDIR}/${SAMPLEFILE} ${STAGEDIR}${ETCDIR}/${SAMPLEFILE}.sample .endfor # == chop dynamicmaps.cf entries into dedicated .cf files # for future sub-packages support .for f in ${DYN_EXT} # adjust dynamicmaps.cf ${GREP} -e "^#" -e "^${f}" ${STAGEDIR}${META_DIRECTORY}/dynamicmaps.cf \ > ${STAGEDIR}${META_DIRECTORY}/dynamicmaps.cf.d/${f}.cf && \ ${SED} -i '' -e '/${f}/d' ${STAGEDIR}${META_DIRECTORY}/dynamicmaps.cf # adjust / generate postfix-files for dynamic modules ${SED} -i '' -e '/postfix-${f}.so/d' ${STAGEDIR}${META_DIRECTORY}/postfix-files && \ ${PRINTF} '# Do not edit this file.\ \n$$shlib_directory/postfix-${f}.so:f:root:-:755\ \n$$meta_directory/postfix-files.d/${f}-files:f:root:-:644\ \n$$meta_directory/dynamicmaps.cf.d/${f}.cf:f:root:-:644\n' \ > ${STAGEDIR}${META_DIRECTORY}/postfix-files.d/${f}-files .endfor # Fix compressed man pages and strip executables ${SED} -i '' -E -e "s|(man[158]/.*.[158]):|\1.gz:|g" ${STAGEDIR}${META_DIRECTORY}/postfix-files -@${STRIP_CMD} ${STRIP_LIBEXEC:S|^|${STAGEDIR}${DAEMONDIR}/|} -@${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/* -@${STRIP_CMD} ${STAGEDIR}${SHLIB_DIRECTORY}/*.so do-install-TEST-on: ${INSTALL_PROGRAM} ${BINTEST:S|^|${WRKSRC}/bin/|} ${STAGEDIR}${PREFIX}/bin ${INSTALL_MAN} ${MANTEST:S|^|${WRKSRC}/man/man1/|} ${STAGEDIR}${PREFIX}/share/man/man1 .include diff --git a/mail/postfix/files/extra-patch-blacklistd b/mail/postfix/files/extra-patch-blacklistd index 699d7b890578..6b8d49969405 100644 --- a/mail/postfix/files/extra-patch-blacklistd +++ b/mail/postfix/files/extra-patch-blacklistd @@ -1,69 +1,135 @@ --- src/smtpd/Makefile.in.orig 2024-02-29 20:13:17 UTC +++ src/smtpd/Makefile.in @@ -2,14 +2,14 @@ SRCS = smtpd.c smtpd_token.c smtpd_check.c smtpd_chat. SRCS = smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.c smtpd_state.c \ smtpd_peer.c smtpd_sasl_proto.c smtpd_sasl_glue.c smtpd_proxy.c \ smtpd_xforward.c smtpd_dsn_fix.c smtpd_milter.c smtpd_resolve.c \ - smtpd_expand.c smtpd_haproxy.c + smtpd_expand.c smtpd_haproxy.c pfilter.c OBJS = smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o \ smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o \ smtpd_xforward.o smtpd_dsn_fix.o smtpd_milter.o smtpd_resolve.o \ - smtpd_expand.o smtpd_haproxy.o + smtpd_expand.o smtpd_haproxy.o pfilter.o HDRS = smtpd_token.h smtpd_check.h smtpd_chat.h smtpd_sasl_proto.h \ smtpd_sasl_glue.h smtpd_proxy.h smtpd_dsn_fix.h smtpd_milter.h \ - smtpd_resolve.h smtpd_expand.h + smtpd_resolve.h smtpd_expand.h pfilter.h TESTSRC = smtpd_token_test.c DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE) CFLAGS = $(DEBUG) $(OPT) $(DEFS) --- src/smtpd/pfilter.c.orig 2024-03-21 21:45:18 UTC +++ src/smtpd/pfilter.c @@ -0,0 +1,19 @@ +#include "pfilter.h" +#include /* for NULL */ +#include + +static struct blacklist *blstate; + +void +pfilter_notify(int a, int fd) +{ + if (blstate == NULL) + blstate = blacklist_open(); + if (blstate == NULL) + return; + (void)blacklist_r(blstate, a, fd, "smtpd"); + if (a == 0) { + blacklist_close(blstate); + blstate = NULL; + } +} --- src/smtpd/pfilter.h.orig 2024-03-21 21:45:18 UTC +++ src/smtpd/pfilter.h @@ -0,0 +1 @@ +void pfilter_notify(int, int); --- src/smtpd/smtpd_sasl_glue.c.orig 2023-11-12 21:41:13 UTC +++ src/smtpd/smtpd_sasl_glue.c @@ -153,6 +153,7 @@ #include "smtpd.h" #include "smtpd_sasl_glue.h" #include "smtpd_chat.h" +#include "pfilter.h" /* for blacklistd(8) */ #ifdef USE_SASL_AUTH @@ -358,8 +359,12 @@ int smtpd_sasl_authenticate(SMTPD_STATE *state, else smtpd_chat_reply(state, "535 5.7.8 Error: authentication failed: %s", reason); + + /* notify blacklistd of SASL authentication failure */ + pfilter_notify(1, vstream_fileno(state->client)); return (-1); } + /* RFC 4954 Section 6. */ smtpd_chat_reply(state, "235 2.7.0 Authentication successful"); if ((sasl_username = xsasl_server_get_username(state->sasl_server)) == 0) +--- src/postscreen/Makefile.in.orig 2025-01-29 08:50:15.761070000 +0100 ++++ src/postscreen/Makefile.in 2025-01-29 08:52:29.611925000 +0100 +@@ -3,13 +3,13 @@ + postscreen_early.c postscreen_smtpd.c postscreen_misc.c \ + postscreen_state.c postscreen_tests.c postscreen_send.c \ + postscreen_starttls.c postscreen_expand.c postscreen_endpt.c \ +- postscreen_haproxy.c ++ postscreen_haproxy.c pfilter.c + OBJS = postscreen.o postscreen_dict.o postscreen_dnsbl.o \ + postscreen_early.o postscreen_smtpd.o postscreen_misc.o \ + postscreen_state.o postscreen_tests.o postscreen_send.o \ + postscreen_starttls.o postscreen_expand.o postscreen_endpt.o \ +- postscreen_haproxy.o +-HDRS = ++ postscreen_haproxy.o pfilter.o ++HDRS = pfilter.h + TESTSRC = + DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE) + CFLAGS = $(DEBUG) $(OPT) $(DEFS) +--- src/postscreen/pfilter.c.orig 2025-01-29 08:56:39.949695000 +0100 ++++ src/postscreen/pfilter.c 2025-01-29 08:59:16.979565000 +0100 +@@ -0,0 +1,19 @@ ++#include "pfilter.h" ++#include /* for NULL */ ++#include ++ ++static struct blacklist *blstate; ++ ++void ++pfilter_notify(int a, int fd) ++{ ++ if (blstate == NULL) ++ blstate = blacklist_open(); ++ if (blstate == NULL) ++ return; ++ (void)blacklist_r(blstate, a, fd, "postscreen"); ++ if (a == 0) { ++ blacklist_close(blstate); ++ blstate = NULL; ++ } ++} +--- src/postscreen/pfilter.h.orig 2025-01-29 08:56:49.984170000 +0100 ++++ src/postscreen/pfilter.h 2025-01-29 08:59:47.270172000 +0100 +@@ -0,0 +1 @@ ++void pfilter_notify(int, int); +--- src/postscreen/postscreen_early.c.orig 2025-01-29 08:45:04.847798000 +0100 ++++ src/postscreen/postscreen_early.c 2025-01-29 10:18:34.349408000 +0100 +@@ -52,6 +52,7 @@ + /* Application-specific. */ + + #include ++#include "pfilter.h" /* for blacklistd(8) */ + + static char *psc_teaser_greeting; + static VSTRING *psc_escape_buf; +@@ -183,6 +184,10 @@ + msg_info("DNSBL rank %d for [%s]:%s", + state->dnsbl_score, PSC_CLIENT_ADDR_PORT(state)); + PSC_FAIL_SESSION_STATE(state, PSC_STATE_FLAG_DNSBL_FAIL); ++ ++ /* notify blacklistd of DNSBL rank violation */ ++ pfilter_notify(1, vstream_fileno(state->smtp_client_stream)); ++ + switch (psc_dnsbl_action) { + case PSC_ACT_DROP: + state->dnsbl_reply = vstring_sprintf(vstring_alloc(100),