Index: head/etc/rc.d/sendmail =================================================================== --- head/etc/rc.d/sendmail (revision 334699) +++ head/etc/rc.d/sendmail (revision 334700) @@ -1,225 +1,229 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: mail # REQUIRE: LOGIN FILESYSTEMS # we make mail start late, so that things like .forward's are not # processed until the system is fully operational # KEYWORD: shutdown # XXX - Get together with sendmail mantainer to figure out how to # better handle SENDMAIL_ENABLE and 3rd party MTAs. # . /etc/rc.subr name="sendmail" desc="Electronic mail transport agent" rcvar="sendmail_enable" required_files="/etc/mail/${name}.cf" start_precmd="sendmail_precmd" load_rc_config $name command=${sendmail_program:-/usr/sbin/${name}} pidfile=${sendmail_pidfile:-/var/run/${name}.pid} procname=${sendmail_procname:-/usr/sbin/${name}} CERTDIR=/etc/mail/certs case ${sendmail_enable} in [Nn][Oo][Nn][Ee]) sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO" ;; esac # If sendmail_enable=yes, don't need submit or outbound daemon if checkyesno sendmail_enable; then sendmail_submit_enable="NO" sendmail_outbound_enable="NO" fi # If sendmail_submit_enable=yes, don't need outbound daemon if checkyesno sendmail_submit_enable; then sendmail_outbound_enable="NO" fi sendmail_cert_create() { cnname="${sendmail_cert_cn:-`hostname`}" cnname="${cnname:-amnesiac}" # based upon: # http://www.sendmail.org/~ca/email/other/cagreg.html CAdir=`mktemp -d` && certpass=`(date; ps ax ; hostname) | md5 -q` # make certificate authority ( cd "$CAdir" && chmod 700 "$CAdir" && mkdir certs crl newcerts && echo "01" > serial && :> index.txt && cat <<-OPENSSL_CNF > openssl.cnf && RANDFILE = $CAdir/.rnd [ ca ] default_ca = CA_default [ CA_default ] dir = . certs = \$dir/certs # Where the issued certs are kept crl_dir = \$dir/crl # Where the issued crl are kept database = \$dir/index.txt # database index file. new_certs_dir = \$dir/newcerts # default place for new certs. certificate = \$dir/cacert.pem # The CA certificate serial = \$dir/serial # The current serial number crlnumber = \$dir/crlnumber # the current crl number crl = \$dir/crl.pem # The current CRL private_key = \$dir/cakey.pem x509_extensions = usr_cert # The extensions to add to the cert name_opt = ca_default # Subject Name options cert_opt = ca_default # Certificate field options default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = default # use public key default MD preserve = no # keep passed DN ordering policy = policy_anything [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca # The extensions to add to the self signed cert string_mask = utf8only prompt = no [ req_distinguished_name ] countryName = XX stateOrProvinceName = Some-state localityName = Some-city 0.organizationName = Some-org CN = $cnname [ req_attributes ] challengePassword = foobar unstructuredName = An optional company name [ usr_cert ] basicConstraints=CA:FALSE nsComment = "OpenSSL Generated Certificate" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment [ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer basicConstraints = CA:true OPENSSL_CNF # though we use a password, the key is discarded and never used openssl req -batch -passout pass:"$certpass" -new -x509 \ -keyout cakey.pem -out cacert.pem -days 3650 \ -config openssl.cnf -newkey rsa:2048 >/dev/null 2>&1 && # make new certificate openssl req -batch -nodes -new -x509 -keyout newkey.pem \ -out newreq.pem -days 365 -config openssl.cnf \ -newkey rsa:2048 >/dev/null 2>&1 && # sign certificate openssl x509 -x509toreq -in newreq.pem -signkey newkey.pem \ -out tmp.pem >/dev/null 2>&1 && openssl ca -notext -config openssl.cnf \ -out newcert.pem -keyfile cakey.pem -cert cacert.pem \ -key "$certpass" -batch -infiles tmp.pem >/dev/null 2>&1 && mkdir -p "$CERTDIR" && chmod 0755 "$CERTDIR" && chmod 644 newcert.pem cacert.pem && chmod 600 newkey.pem && cp -p newcert.pem "$CERTDIR"/host.cert && cp -p cacert.pem "$CERTDIR"/cacert.pem && cp -p newkey.pem "$CERTDIR"/host.key && ln -s cacert.pem "$CERTDIR"/`openssl x509 -hash -noout \ -in cacert.pem`.0) retVal="$?" rm -rf "$CAdir" return "$retVal" } sendmail_precmd() { # Die if there's pre-8.10 custom configuration file. This check is # mandatory for smooth upgrade. See NetBSD PR 10100 for details. # if checkyesno ${rcvar} && [ -f "/etc/${name}.cf" ]; then if ! cmp -s "/etc/mail/${name}.cf" "/etc/${name}.cf"; then warn \ "${name} was not started; you have multiple copies of sendmail.cf." return 1 fi fi # check modifications on /etc/mail/aliases if checkyesno sendmail_rebuild_aliases; then if [ -f "/etc/mail/aliases.db" ]; then if [ "/etc/mail/aliases" -nt "/etc/mail/aliases.db" ]; then echo \ "${name}: /etc/mail/aliases newer than /etc/mail/aliases.db, regenerating" /usr/bin/newaliases fi else echo \ "${name}: /etc/mail/aliases.db not present, generating" /usr/bin/newaliases fi fi if checkyesno sendmail_cert_create && [ ! \( \ -f "$CERTDIR/host.cert" -o -f "$CERTDIR/host.key" -o \ -f "$CERTDIR/cacert.pem" \) ]; then if ! openssl version >/dev/null 2>&1; then warn "OpenSSL not available, but sendmail_cert_create is YES." else info Creating certificate for sendmail. sendmail_cert_create fi fi + + if [ ! -f /var/log/sendmail.st ]; then + /usr/bin/install -m 640 -o root -g wheel /dev/null /var/log/sendmail.st + fi } run_rc_command "$1" required_files= if checkyesno sendmail_submit_enable; then name="sendmail_submit" rcvar="sendmail_submit_enable" _rc_restart_done=false run_rc_command "$1" fi if checkyesno sendmail_outbound_enable; then name="sendmail_outbound" rcvar="sendmail_outbound_enable" _rc_restart_done=false run_rc_command "$1" fi name="sendmail_msp_queue" rcvar="sendmail_msp_queue_enable" pidfile="${sendmail_msp_queue_pidfile:-/var/spool/clientmqueue/sm-client.pid}" required_files="/etc/mail/submit.cf" _rc_restart_done=false run_rc_command "$1" Index: head/etc/sendmail/Makefile =================================================================== --- head/etc/sendmail/Makefile (revision 334699) +++ head/etc/sendmail/Makefile (revision 334700) @@ -1,96 +1,94 @@ # @(#)Makefile 8.19 (Berkeley) 1/14/97 # $FreeBSD$ M4= m4 CHMOD= chmod ROMODE= 444 RM= rm -f SENDMAIL_DIR= ${SRCTOP}/contrib/sendmail SMDIR= ${SENDMAIL_DIR}/src SENDMAIL_CF_DIR?=${SENDMAIL_DIR}/cf # this is overkill, but.... M4FILES!= find ${SENDMAIL_CF_DIR} -type f -name '*.m4' -print .SUFFIXES: .mc .cf .mc.cf: ${M4FILES} ${RM} ${.TARGET} ${M4} -D_CF_DIR_=${SENDMAIL_CF_DIR}/ -D_NO_MAKEINFO_ \ ${SENDMAIL_M4_FLAGS} \ ${SENDMAIL_CF_DIR}/m4/cf.m4 ${.IMPSRC} > ${.TARGET} ${CHMOD} ${ROMODE} ${.TARGET} DEST_CF= ${DESTDIR}/etc/mail/sendmail.cf DEST_SUBMIT_CF= ${DESTDIR}/etc/mail/submit.cf ALL= freebsd.cf freebsd.submit.cf CLEANFILES= freebsd.cf freebsd.submit.cf # Local SENDMAIL_MC or SENDMAIL_CF may be set in /etc/make.conf. # Warning! If set, this causes 'make install' to always copy it # over /etc/mail/sendmail.cf!!! # Caveat emptor! Be sure you want this before you enable it. .if defined(SENDMAIL_MC) && defined(SENDMAIL_CF) .error Both SENDMAIL_MC and SENDMAIL_CF cannot be set. .elif defined(SENDMAIL_MC) INSTALL_CF= ${SENDMAIL_MC:T:R}.cf ALL+= ${INSTALL_CF} CLEANFILES+= ${SENDMAIL_MC:T:R}.cf ${INSTALL_CF}: ${SENDMAIL_MC} .elif defined(SENDMAIL_CF) ALL+= ${SENDMAIL_CF} INSTALL_CF= ${SENDMAIL_CF} .endif .if !defined(SENDMAIL_SET_USER_ID) && defined(SENDMAIL_SUBMIT_MC) INSTALL_SUBMIT_CF= ${SENDMAIL_SUBMIT_MC:T:R}.cf ALL+= ${INSTALL_SUBMIT_CF} CLEANFILES+= ${INSTALL_SUBMIT_CF} ${INSTALL_SUBMIT_CF}: ${SENDMAIL_SUBMIT_MC} .endif # Additional .cf files to build. .if defined(SENDMAIL_ADDITIONAL_MC) SENDMAIL_ADDITIONAL_CF= ${SENDMAIL_ADDITIONAL_MC:T:S/.mc$/.cf/} ALL+= ${SENDMAIL_ADDITIONAL_CF} CLEANFILES+= ${SENDMAIL_ADDITIONAL_CF} .for mc in ${SENDMAIL_ADDITIONAL_MC} ${mc:T:R}.cf: ${mc} .endfor .endif all: ${ALL} distribution: ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ ${.CURDIR}/freebsd.mc freebsd.cf ${DESTDIR}/etc/mail ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \ ${.CURDIR}/freebsd.submit.mc freebsd.submit.cf ${DESTDIR}/etc/mail ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \ ${SMDIR}/helpfile ${DESTDIR}/etc/mail - ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 640 \ - /dev/null ${DESTDIR}/var/log/sendmail.st .if defined(INSTALL_CF) ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ ${INSTALL_CF} ${DEST_CF} .else ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ freebsd.cf ${DEST_CF} .endif .if defined(SENDMAIL_ADDITIONAL_CF) ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \ ${SENDMAIL_ADDITIONAL_CF} ${DESTDIR}/etc/mail .endif .if !defined(SENDMAIL_SET_USER_ID) .if defined(INSTALL_SUBMIT_CF) ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \ ${INSTALL_SUBMIT_CF} ${DEST_SUBMIT_CF} .else ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \ freebsd.submit.cf ${DEST_SUBMIT_CF} .endif .endif .include