From 1bd64e7414b956c80ae4bf188ab7956c5fdfe77a Mon Sep 17 00:00:00 2001 From: "Robin H. Johnson" Date: Tue, 12 Aug 2003 05:47:19 +0000 Subject: fix bug #23658, add SMTP-AUTH stubs to conf-smtpd, seperate the sanity check, allow easier configuration of all options. Install config files with correct permissions, prevent the pkg_config from destroying old data. Bug #17283 done. --- net-mail/qmail/ChangeLog | 12 +- net-mail/qmail/Manifest | 21 +- net-mail/qmail/files/1.03-r12/bad-rcpt-noisy-patch | 328 +++++++++++++++++++++ net-mail/qmail/files/1.03-r12/conf-common | 26 +- net-mail/qmail/files/1.03-r12/conf-qmqpd | 14 +- net-mail/qmail/files/1.03-r12/conf-qmtpd | 14 +- net-mail/qmail/files/1.03-r12/conf-smtpd | 24 +- net-mail/qmail/files/1.03-r12/config-sanity-check | 23 ++ net-mail/qmail/files/1.03-r12/run-qmailqmqpd | 15 +- net-mail/qmail/files/1.03-r12/run-qmailqmtpd | 15 +- net-mail/qmail/files/1.03-r12/run-qmailsmtpd | 15 +- .../qmail/files/1.03-r12/smtp-auth-close3.patch | 16 +- net-mail/qmail/files/digest-qmail-1.03-r12 | 1 + net-mail/qmail/qmail-1.03-r12.ebuild | 61 ++-- 14 files changed, 495 insertions(+), 90 deletions(-) create mode 100644 net-mail/qmail/files/1.03-r12/bad-rcpt-noisy-patch create mode 100644 net-mail/qmail/files/1.03-r12/config-sanity-check (limited to 'net-mail') diff --git a/net-mail/qmail/ChangeLog b/net-mail/qmail/ChangeLog index 106221a738b9..959b0f17efb1 100644 --- a/net-mail/qmail/ChangeLog +++ b/net-mail/qmail/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for net-mail/qmail # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-mail/qmail/ChangeLog,v 1.33 2003/08/11 07:35:15 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-mail/qmail/ChangeLog,v 1.34 2003/08/12 05:47:14 robbat2 Exp $ + + 11 Aug 2003; Robin H. Johnson qmail-1.03-r12.ebuild, + files/1.03-r12/conf-common, files/1.03-r12/conf-qmqpd, + files/1.03-r12/conf-qmtpd, files/1.03-r12/conf-smtpd, + files/1.03-r12/config-sanity-check, files/1.03-r12/run-qmailqmqpd, + files/1.03-r12/run-qmailqmtpd, files/1.03-r12/run-qmailsmtpd, + files/1.03-r12/smtp-auth-close3.patch: + fix bug #23658, add SMTP-AUTH stubs to conf-smtpd, seperate the sanity check, + allow easier configuration of all options. Install config files with correct + permissions, prevent the pkg_config from destroying old data. Bug #17283 done. *qmail-1.03-r12 (11 Aug 2003) diff --git a/net-mail/qmail/Manifest b/net-mail/qmail/Manifest index df8049b9e185..b64d4310070e 100644 --- a/net-mail/qmail/Manifest +++ b/net-mail/qmail/Manifest @@ -2,8 +2,8 @@ MD5 4bf70f21528928c670477f76bd375237 qmail-1.03-r11.ebuild 11431 MD5 3bdf6864e9399d20c8d786be23d7d34f qmail-1.03-r9.ebuild 9990 MD5 d1d239c08fb007430de3a84e0a5de524 qmail-1.03-r10.ebuild 11180 MD5 173fcf74cb0fb3fd6df5a3c842cd6d41 qmail-1.03-r8.ebuild 8142 -MD5 738561e6cde3828cbd027140baab90fd qmail-1.03-r12.ebuild 11468 -MD5 586d9117fb27a3a38518e3e1944abc38 ChangeLog 8116 +MD5 a3763ec649f3aae1b0ebb2799f18865a qmail-1.03-r12.ebuild 11500 +MD5 79e4b1339b1e663b8862d2da2421eb1c ChangeLog 8133 MD5 ff596e74b015e067a180fc78855aa87a metadata.xml 360 MD5 5897cb300c3233c91c7e221c8b4b8501 files/digest-qmail-1.03-r8 245 MD5 48a1e168db29ab4e6c57f1ac135ee2bf files/digest-qmail-1.03-r9 323 @@ -69,22 +69,23 @@ MD5 23a2babf3049fe012de21c17e550b3e5 files/1.03-r11/run-qmailsend 29 MD5 0e97c0b031776f40cacdfbf3114af574 files/1.03-r11/run-qmailpop3dlog 97 MD5 f42a779e5c708c2d7bf38de66dfb93f5 files/1.03-r12/rc 108 MD5 88f15101dd4bc36b52d13f336713e716 files/1.03-r12/run-qmailpop3d 221 -MD5 40202970a0743af6802ca376db37df59 files/1.03-r12/run-qmailqmqpd 1002 -MD5 2479bbdbfe3a588b1d01303b37311004 files/1.03-r12/run-qmailqmtpd 1002 -MD5 23bef52f6dad5f07efc3e5a364c6e8e8 files/1.03-r12/run-qmailsmtpd 1002 +MD5 1fcc8023bbdc64001e792c4bcf3da57d files/1.03-r12/run-qmailqmqpd 1111 +MD5 48a655613e62090f387363b19e2d16ee files/1.03-r12/run-qmailqmtpd 1111 +MD5 03441b007f4cb66ceaceb2c9b6d7fbfb files/1.03-r12/run-qmailsmtpd 1111 MD5 180a513f34e3f00abc609672a190072c files/1.03-r12/99qmail 137 MD5 c47d861aeef098d12d022d44c27386b5 files/1.03-r12/errno.patch 850 MD5 bed3133c1737dd9bc3c67e07f8bc65d8 files/1.03-r12/smtp-auth-close3.patch 728 MD5 249138d56492deb0f856849bc002e46a files/1.03-r12/run-qmailqmqpdlog 97 +MD5 a993cab8b077162680bb09fa8e5ed896 files/1.03-r12/bad-rcpt-noisy-patch 10388 MD5 795f633858c0919b6e201cf2b845779e files/1.03-r12/run-qmailqmtpdlog 97 MD5 b24f4dbd450d2d4eddc75ba19cebb915 files/1.03-r12/dot_qmail 34 MD5 f43900d79a0aacb5e0d71b0bb6c06fea files/1.03-r12/run-qmailsmtpdlog 97 -MD5 7a0724d2267d9c51838fb1e36748e04d files/1.03-r12/conf-qmqpd 377 -MD5 212273350726a9ec84309b4f765a813e files/1.03-r12/conf-qmtpd 469 -MD5 bb48db63fcc304a3f0367200c6a08a44 files/1.03-r12/conf-smtpd 1424 +MD5 c405feee8a1cf55d49f6b9b2f6a1094e files/1.03-r12/conf-qmqpd 377 +MD5 de5dd10da85322890de21e18507bf7fb files/1.03-r12/conf-qmtpd 469 +MD5 c4bd9f4cc4a7f1eadec12da3bdb63465 files/1.03-r12/conf-smtpd 1424 MD5 834dad5113515d0f00981fdc1d07fa84 files/1.03-r12/run-qmailsendlog 96 MD5 fc7391f02934a9c75a92dce36229d590 files/1.03-r12/qmail-control 858 -MD5 ee17eca030b9c3b5ac14c8c0da6895e7 files/1.03-r12/conf-common 1097 -MD5 c050668f7ed93ff0d806c6735829a829 files/1.03-r12/config-sanity-check 644 +MD5 fea7374599ee92b4533fd8802e3c5fc3 files/1.03-r12/conf-common 1097 +MD5 9027a1cbc134fd8fcbdf54280fb625b4 files/1.03-r12/config-sanity-check 773 MD5 23a2babf3049fe012de21c17e550b3e5 files/1.03-r12/run-qmailsend 29 MD5 0e97c0b031776f40cacdfbf3114af574 files/1.03-r12/run-qmailpop3dlog 97 diff --git a/net-mail/qmail/files/1.03-r12/bad-rcpt-noisy-patch b/net-mail/qmail/files/1.03-r12/bad-rcpt-noisy-patch new file mode 100644 index 000000000000..576d6c410dcb --- /dev/null +++ b/net-mail/qmail/files/1.03-r12/bad-rcpt-noisy-patch @@ -0,0 +1,328 @@ +This is a noissy "badrcptto" patch for systems that have a lot +of addresses they want to reject, and want to log what happens + +Addresses to reject go in control/badrcptto and control/morebadrcptto, +one per line, just like badmailfrom. control/morebadrcptto is +compiled into control/morebadrcptto.cdb with the new program +qmail-newbrt. I'd suggest putting all of your bad addresses into +morebadrcptto since it's a lot faster to look something up in a CDB +than in a text file. + +Whenever qmail-smtp rejects a message or otherwise fails, it writes a +descriptive message to stderr, which if you're running under +daemontools should end up in the log file. The logging code is +adapted from an older anti-spam patch contributed to qmail.org. + +Unlike the previous badrcptto patch, this one does not reject the +message at RCPT TO time. Instead, it waits until the DATA command to +issue a 550 rejection. This has two effects: one is to deter +dictionary attackers which are perversely encouraged by RCPT TO +rejections. (If some of the addresses are bad, the rest must be +good.) The other is that if a message has a mixture of bad and good +addresses, the message will be rejected anyway. That's a feature, +since in my experience, any message addressed to a spam-only address +is spam even if it's also addressed to legit addresses. + +This version also does not let you list domains in the badrcptto +files. There's no point in doing so, since all domains not in +rcpthosts are rejected, anyway. + +This patch contains the entire new source file for qmail-newbrt.c as +a diff against an empty file. If patch gets mad at you, just create +the empty file. + +No warranty expressed or implied. If you find bugs, feel free to fix +them and please send me the fix. + +John Levine, johnl@iecc.com, 4/03 + + +diff -u qmail-1.03-dist/Makefile qmail-1.03/Makefile +--- qmail-1.03-dist/Makefile Mon Jun 15 06:53:16 1998 ++++ qmail-1.03/Makefile Wed Apr 9 01:30:20 2003 +@@ -803,7 +803,7 @@ + predate datemail mailsubj qmail-upq qmail-showctl qmail-newu \ + qmail-pw2u qmail-qread qmail-qstat qmail-tcpto qmail-tcpok \ + qmail-pop3d qmail-popup qmail-qmqpc qmail-qmqpd qmail-qmtpd \ +-qmail-smtpd sendmail tcp-env qmail-newmrh config config-fast dnscname \ ++qmail-smtpd sendmail tcp-env qmail-newmrh qmail-newbrt config config-fast dnscname \ + dnsptr dnsip dnsmxip dnsfq hostname ipmeprint qreceipt qsmhook qbiff \ + forward preline condredirect bouncesaying except maildirmake \ + maildir2mbox maildirwatch qail elq pinq idedit install-big install \ +@@ -1241,6 +1241,19 @@ + uint32.h substdio.h + ./compile qmail-newmrh.c + ++qmail-newbrt: \ ++load qmail-newbrt.o cdbmss.o getln.a open.a cdbmake.a seek.a case.a \ ++stralloc.a alloc.a strerr.a substdio.a error.a str.a auto_qmail.o ++ ./load qmail-newbrt cdbmss.o getln.a open.a cdbmake.a \ ++ seek.a case.a stralloc.a alloc.a strerr.a substdio.a \ ++ error.a str.a auto_qmail.o ++ ++qmail-newbrt.o: \ ++compile qmail-newbrt.c strerr.h stralloc.h gen_alloc.h substdio.h \ ++getln.h exit.h readwrite.h open.h auto_qmail.h cdbmss.h cdbmake.h \ ++uint32.h substdio.h ++ ./compile qmail-newbrt.c ++ + qmail-newu: \ + load qmail-newu.o cdbmss.o getln.a open.a seek.a cdbmake.a case.a \ + stralloc.a alloc.a substdio.a error.a str.a auto_qmail.o +diff -u qmail-1.03-dist/qmail-newbrt.c qmail-1.03/qmail-newbrt.c +--- qmail-1.03-dist/qmail-newbrt.c Wed Apr 9 16:31:27 2003 ++++ qmail-1.03/qmail-newbrt.c Wed Apr 9 16:18:50 2003 +@@ -0,0 +1,70 @@ ++#include "strerr.h" ++#include "stralloc.h" ++#include "substdio.h" ++#include "getln.h" ++#include "exit.h" ++#include "readwrite.h" ++#include "open.h" ++#include "auto_qmail.h" ++#include "cdbmss.h" ++ ++#define FATAL "qmail-newbrt: fatal: " ++ ++void die_read() ++{ ++ strerr_die2sys(111,FATAL,"unable to read control/morebadrcptto: "); ++} ++void die_write() ++{ ++ strerr_die2sys(111,FATAL,"unable to write to control/morebadrcptto.tmp: "); ++} ++ ++char inbuf[1024]; ++substdio ssin; ++ ++int fd; ++int fdtemp; ++ ++struct cdbmss cdbmss; ++stralloc line = {0}; ++int match; ++ ++void main() ++{ ++ umask(033); ++ if (chdir(auto_qmail) == -1) ++ strerr_die4sys(111,FATAL,"unable to chdir to ",auto_qmail,": "); ++ ++ fd = open_read("control/morebadrcptto"); ++ if (fd == -1) die_read(); ++ ++ substdio_fdbuf(&ssin,read,fd,inbuf,sizeof inbuf); ++ ++ fdtemp = open_trunc("control/morebadrcptto.tmp"); ++ if (fdtemp == -1) die_write(); ++ ++ if (cdbmss_start(&cdbmss,fdtemp) == -1) die_write(); ++ ++ for (;;) { ++ if (getln(&ssin,&line,&match,'\n') != 0) die_read(); ++ case_lowerb(line.s,line.len); ++ while (line.len) { ++ if (line.s[line.len - 1] == ' ') { --line.len; continue; } ++ if (line.s[line.len - 1] == '\n') { --line.len; continue; } ++ if (line.s[line.len - 1] == '\t') { --line.len; continue; } ++ if (line.s[0] != '#') ++ if (cdbmss_add(&cdbmss,line.s,line.len,"",0) == -1) ++ die_write(); ++ break; ++ } ++ if (!match) break; ++ } ++ ++ if (cdbmss_finish(&cdbmss) == -1) die_write(); ++ if (fsync(fdtemp) == -1) die_write(); ++ if (close(fdtemp) == -1) die_write(); /* NFS stupidity */ ++ if (rename("control/morebadrcptto.tmp","control/morebadrcptto.cdb") == -1) ++ strerr_die2sys(111,FATAL,"unable to move control/morebadrcpto.tmp to control/morebadrcptto.cdb"); ++ ++ _exit(0); ++} +diff -u qmail-1.03-dist/qmail-smtpd.c.orig qmail-1.03/qmail-smtpd.c +--- qmail-1.03-dist/qmail-smtpd.c.orig 2003-08-11 22:23:06.000000000 -0700 ++++ qmail-1.03/qmail-smtpd.c 2003-08-11 22:26:10.000000000 -0700 +@@ -25,12 +25,20 @@ + #include "commands.h" + #include "wait.h" + #include "fd.h" ++#include "cdb.h" + + #define AUTHCRAM + #define MAXHOPS 100 + unsigned int databytes = 0; + int timeout = 1200; + ++char *remoteip; ++char *remotehost; ++char *remoteinfo; ++char *local; ++char *relayclient; ++ ++ + const char *protocol = "SMTP"; + + #ifdef TLS +@@ -59,17 +67,50 @@ + char ssoutbuf[512]; + substdio ssout = SUBSTDIO_FDBUF(safewrite,1,ssoutbuf,sizeof ssoutbuf); + ++/* write errors to stderr */ ++char erroutbuf[512]; ++substdio errout = SUBSTDIO_FDBUF(safewrite,2,erroutbuf,sizeof erroutbuf); ++ + void flush() { substdio_flush(&ssout); } + void out(s) char *s; { substdio_puts(&ssout,s); } + ++void eflush() { substdio_flush(&errout); } ++void eout(s) char *s; { substdio_puts(&errout,s); } ++void enew() { substdio_puts(&errout,"qmail-smtpd: "); } ++ + void die_read() { _exit(1); } +-void die_alarm() { out("451 timeout (#4.4.2)\r\n"); flush(); _exit(1); } +-void die_nomem() { out("421 out of memory (#4.3.0)\r\n"); flush(); _exit(1); } +-void die_control() { out("421 unable to read controls (#4.3.0)\r\n"); flush(); _exit(1); } +-void die_ipme() { out("421 unable to figure out my IP addresses (#4.3.0)\r\n"); flush(); _exit(1); } +-void straynewline() { out("451 See http://pobox.com/~djb/docs/smtplf.html.\r\n"); flush(); _exit(1); } ++void die_alarm() ++{ ++ enew(); eout("Connection to "); eout(remoteip); eout(" timed out.\n"); ++ out("451 timeout (#4.4.2)\r\n"); flush(); eflush(); _exit(1); ++} ++void die_nomem() ++{ ++ enew(); eout("Out of memory while connected to "); eout(remoteip); eout("!\n"); ++ out("421 out of memory (#4.3.0)\r\n"); flush(); eflush(); _exit(1); ++} ++void die_control() ++{ ++ enew(); eout("Unable to read controls!\n"); ++ out("421 unable to read controls (#4.3.0)\r\n"); flush(); eflush(); ++ _exit(1); ++} ++void die_ipme() ++{ ++ enew(); eout("Unable to figure out my IP addresses!\n"); ++ out("421 unable to figure out my IP addresses (#4.3.0)\r\n"); flush(); ++ eflush(); _exit(1); ++} ++void straynewline() ++{ ++ enew(); eout("Stray newline from "); eout(remoteip); eout(".\n"); ++ out("451 See http://pobox.com/~djb/docs/smtplf.html.\r\n"); flush(); ++ eflush(); _exit(1); ++} ++ + + void err_bmf() { out("553 sorry, your envelope sender is in my badmailfrom list (#5.7.1)\r\n"); } ++void err_brt() { out("550 sorry, this message is not deliverable (#5.7.1)\r\n"); } + #ifndef TLS + void err_nogateway() { out("553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)\r\n"); } + #else +@@ -115,12 +156,6 @@ + smtp_greet("221 "); out("\r\n"); flush(); _exit(0); + } + +-char *remoteip; +-char *remotehost; +-char *remoteinfo; +-char *local; +-char *relayclient; +- + stralloc helohost = {0}; + char *fakehelo; /* pointer into helohost, or 0 */ + +@@ -135,6 +170,10 @@ + int bmfok = 0; + stralloc bmf = {0}; + struct constmap mapbmf; ++int brtok = 0; ++stralloc brt = {0}; ++struct constmap mapbrt; ++int fdmbrt; + + void setup() + { +@@ -155,7 +194,16 @@ + if (bmfok == -1) die_control(); + if (bmfok) + if (!constmap_init(&mapbmf,bmf.s,bmf.len,0)) die_nomem(); ++ ++ brtok = control_readfile(&brt,"control/badrcptto",0); ++ if (brtok == -1) die_control(); ++ if (brtok) ++ if (!constmap_init(&mapbrt,brt.s,brt.len,0)) die_nomem(); + ++ fdmbrt = open_read("control/morebadrcptto.cdb"); ++ if (fdmbrt == -1) if (errno != error_noent) die_control(); ++ ++ + if (control_readint(&databytes,"control/databytes") == -1) die_control(); + x = env_get("DATABYTES"); + if (x) { scan_ulong(x,&u); databytes = u; } +@@ -241,6 +289,14 @@ + return 1; + } + ++static void log_deny(m,f,t) char *m,*f,*t; ++{ ++ enew(); eout(m); eout(" check failed ("); eout(f); eout(") -> ("); ++ eout(t); eout(") ["); eout(remoteip); eout("] (HELO "); ++ eout(helohost.s); eout(")\n"); ++ eflush(); ++} ++ + int bmfcheck() + { + int j; +@@ -252,6 +308,19 @@ + return 0; + } + ++int brtcheck() ++{ ++ int j; ++ if (brtok) if (constmap(&mapbrt,addr.s,addr.len - 1)) return 1; ++ if (fdmbrt) { ++ uint32 dlen; ++ j = cdb_seek(fdmbrt, addr.s, addr.len - 1, &dlen); ++ if (j == -1) die_control(); ++ if (j) return j; ++ } ++ return 0; ++} ++ + int addrallowed() + { + int r; +@@ -281,6 +350,7 @@ + + int seenmail = 0; + int flagbarf; /* defined if seenmail */ ++int flagbrt; /* defined if any bad rcpts */ + stralloc mailfrom = {0}; + stralloc rcptto = {0}; + +@@ -333,6 +403,10 @@ + } + else + if (!addrallowed()) { err_nogateway(); return; } ++ if (!env_get("RELAYCLIENT") && brtcheck()) { ++ flagbrt = 1; ++ log_deny("BAD RCPT TO", mailfrom.s,addr.s); ++ } + if (!stralloc_cats(&rcptto,"T")) die_nomem(); + if (!stralloc_cats(&rcptto,addr.s)) die_nomem(); + if (!stralloc_0(&rcptto)) die_nomem(); +@@ -452,6 +526,7 @@ + + if (!seenmail) { err_wantmail(); return; } + if (!rcptto.len) { err_wantrcpt(); return; } ++ if (flagbrt) { err_brt(); return; } + seenmail = 0; + if (databytes) bytestooverflow = databytes + 1; + if (qmail_open(&qqt) == -1) { err_qqt(); return; } diff --git a/net-mail/qmail/files/1.03-r12/conf-common b/net-mail/qmail/files/1.03-r12/conf-common index 6276c86272b0..d2c82ec1fa41 100644 --- a/net-mail/qmail/files/1.03-r12/conf-common +++ b/net-mail/qmail/files/1.03-r12/conf-common @@ -1,12 +1,11 @@ -#!/bin/sh -# Configuration file for all qmail daemons -# $Header: /var/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r12/conf-common,v 1.1 2003/08/11 07:35:15 robbat2 Exp $ +# Common Configuration file for all qmail daemons +# $Header: /var/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r12/conf-common,v 1.2 2003/08/12 05:47:14 robbat2 Exp $ # Qmail User IDS to run daemons as QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` -# Qmail Control Dir (this is actually set in /etc/env.d/99qmail +# Qmail Control Dir (this is actually set in /etc/env.d/99qmail) #QMAIL_CONTROLDIR=/var/qmail/control # Host and port to listen on @@ -14,12 +13,17 @@ NOFILESGID=`id -g qmaild` TCPSERVER_HOST=0.0.0.0 TCPSERVER_PORT=${SERVICE} +# you do not need to specify -x, -c, -u or -g in this variable as those are +# added later +TCPSERVER_OPTS="-H -R -v" + +# we limit data and stack segments to 8mbytes, you may need to raise this if +# you are using a filter in QMAILQUEUE +SOFTLIMIT_OPTS="-m 8000000" + +# We don't have anything to set QMAILQUEUE to at the moment, so we leave it alone +#QMAILQUEUE="" + # tcpserver maximum concurrency, defaults to 40 in tcpserver +# this controls the maximum number of incoming connections that it will accept [ -e ${QMAIL_CONTROLDIR}/concurrencyincoming ] && MAXCONN=$(<${QMAIL_CONTROLDIR}/concurrencyincoming) || MAXCONN=40 - -# A quick sanity check -if [ -z "${QMAILDUID}" -o -z "${NOFILESGID}" -o -z "${SERVICE}" ]; then - echo SERVICE, QMAILDUID or NOFILESGID is unset in - echo $0 - exit 1 -fi diff --git a/net-mail/qmail/files/1.03-r12/conf-qmqpd b/net-mail/qmail/files/1.03-r12/conf-qmqpd index 1e61ffbd4cf2..d851dc8691c0 100644 --- a/net-mail/qmail/files/1.03-r12/conf-qmqpd +++ b/net-mail/qmail/files/1.03-r12/conf-qmqpd @@ -1,16 +1,12 @@ -#!/bin/sh # Configuration file for qmail-qmqpd -# $Header: /var/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r12/conf-qmqpd,v 1.1 2003/08/11 07:35:15 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r12/conf-qmqpd,v 1.2 2003/08/12 05:47:14 robbat2 Exp $ # Stuff to run before tcpserver -QMAIL_TCPSERVER_PRE="" +#QMAIL_TCPSERVER_PRE="" # Stuff to run qmail-qmqpd -QMAIL_QMQP_PRE="" +#QMAIL_QMQP_PRE="" # Stuff to after qmail-qmqpd -QMAIL_QMQP_POST="" +#QMAIL_QMQP_POST="" -# We don't have anything to set QMAILQUEUE to at the moment, so we leave it alone -#QMAILQUEUE="" - -# I don't trust /etc/services to have everything... +# I don't trust /etc/services to have obscure ports TCPSERVER_PORT=628 diff --git a/net-mail/qmail/files/1.03-r12/conf-qmtpd b/net-mail/qmail/files/1.03-r12/conf-qmtpd index 8822636baa96..1579aeefb464 100644 --- a/net-mail/qmail/files/1.03-r12/conf-qmtpd +++ b/net-mail/qmail/files/1.03-r12/conf-qmtpd @@ -1,19 +1,15 @@ -#!/bin/sh # Configuration file for qmail-qmtpd -# $Header: /var/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r12/conf-qmtpd,v 1.1 2003/08/11 07:35:15 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r12/conf-qmtpd,v 1.2 2003/08/12 05:47:14 robbat2 Exp $ # For more information on making your servers talk QMTP # see http://cr.yp.to/im/mxps.html # Stuff to run before tcpserver -QMAIL_TCPSERVER_PRE="" +#QMAIL_TCPSERVER_PRE="" # Stuff to run qmail-qmtpd -QMAIL_QMTP_PRE="" +#QMAIL_QMTP_PRE="" # Stuff to after qmail-qmtpd -QMAIL_QMTP_POST="" +#QMAIL_QMTP_POST="" -# We don't have anything to set QMAILQUEUE to at the moment, so we leave it alone -#QMAILQUEUE="" - -# I don't trust /etc/services to have everything... +# I don't trust /etc/services to have obscure ports TCPSERVER_PORT=209 diff --git a/net-mail/qmail/files/1.03-r12/conf-smtpd b/net-mail/qmail/files/1.03-r12/conf-smtpd index 87c878f9c884..a75bb7bed352 100644 --- a/net-mail/qmail/files/1.03-r12/conf-smtpd +++ b/net-mail/qmail/files/1.03-r12/conf-smtpd @@ -1,17 +1,19 @@ -#!/bin/sh +# Configuration file for qmail-smtpd +# $Header: /var/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r12/conf-smtpd,v 1.2 2003/08/12 05:47:14 robbat2 Exp $ # Stuff to run before tcpserver -QMAIL_TCPSERVER_PRE="" +#QMAIL_TCPSERVER_PRE="" # Stuff to run qmail-smtpd -QMAIL_SMTP_PRE="" +#QMAIL_SMTP_PRE="" # Stuff to after qmail-smtpd -QMAIL_SMTP_POST="" +#QMAIL_SMTP_POST="" # You might want to use rblsmtpd with this, but you need to fill in a RBL server here first # see http://cr.yp.to/ucspi-tcp/rblsmtpd.html for more details #QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} rblsmtpd -r RBL-SERVER" -# If you are interested in providing limited relaying, emerge relay-ctrl, then uncomment the next 2 lines +# If you are interested in providing POP or IMAP before SMTP type relaying, +# emerge relay-ctrl, then uncomment the next 2 lines #QMAIL_TCPSERVER_PRE="${QMAIL_TCPSERVER_PRE} envdir /etc/relay-ctrl relay-ctrl-chdir" #QMAIL_SMTP_POST="${QMAIL_SMTP_POST} relay-ctrl-check" # In /etc/courier-imap/authdaemonrc add the next line to the end: @@ -20,8 +22,10 @@ QMAIL_SMTP_POST="" # Add this at the end #PRERUN="${PRERUN} envdir /etc/relay-ctrl relay-ctrl-chdir" -# We don't have anything to set QMAILQUEUE to at the moment, so we leave it alone -#QMAILQUEUE="" - -# I don't trust /etc/services to have everything... -TCPSERVER_PORT=25 +# This next block is for SMTP-AUTH +# This provides the LOGIN, PLAIN and CRAM-MD5 types +# see the manpage for cmd5checkpw for details on the passwords +# uncomment the next three lines to enable it +#SMTPAUTH_HOST=$(<${QMAIL_CONTROLDIR}/me) +#[ -z "${QMAIL_SMTP_POST}" ] && QMAIL_SMTP_POST=/bin/true +#QMAIL_SMTP_POST="${SMTPAUTH_HOST} /bin/cmd5checkpw ${QMAIL_SMTP_POST}" diff --git a/net-mail/qmail/files/1.03-r12/config-sanity-check b/net-mail/qmail/files/1.03-r12/config-sanity-check new file mode 100644 index 000000000000..77176e283500 --- /dev/null +++ b/net-mail/qmail/files/1.03-r12/config-sanity-check @@ -0,0 +1,23 @@ +#!/bin/sh +# Configuration Sanity Checking for qmail +# $Header: /var/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r12/config-sanity-check,v 1.1 2003/08/12 05:47:14 robbat2 Exp $ +# This is intended solely to stop qmail eating up all your hard disk space with logs + +CONFIG_SANITY_GOOD=1 + +# check simple stuff first +if [ -z "${QMAILDUID}" -o -z "${NOFILESGID}" -o -z "${SERVICE}" ]; then + echo "SERVICE, QMAILDUID or NOFILESGID is unset in $0" + CONFIG_SANITY_GOOD=0 +fi + +# now make sure we are are on a port that is resolable to a port number +if [ -z "`getent services ${TCPSERVER_PORT}`" ]; then + CONFIG_SANITY_GOOD=0 +fi + +if [ ! "${CONFIG_SANITY_GOOD}" -eq "1" ]; then + echo "Some error detected, sleeping for 30 seconds for safety" + sleep 30s + exit 1 +fi diff --git a/net-mail/qmail/files/1.03-r12/run-qmailqmqpd b/net-mail/qmail/files/1.03-r12/run-qmailqmqpd index e936de18973a..d695cdb8f08d 100644 --- a/net-mail/qmail/files/1.03-r12/run-qmailqmqpd +++ b/net-mail/qmail/files/1.03-r12/run-qmailqmqpd @@ -1,17 +1,24 @@ #!/bin/sh +# Gentoo Startup script for qmail's QMQP daemon +# $Header: /var/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r12/run-qmailqmqpd,v 1.2 2003/08/12 05:47:14 robbat2 Exp $ +# +# If you need to edit this file, please look at editing conf-qmqpd and +# conf-common first. If you still need to change this file, you should +# probably file a bug on the bugzilla saying what you wanted to change so that +# modification can be make possible via the configuration files # This is to make life easier SERVICE=qmqp -# We run this afterwards to allow appending of values etc. [ -s ${QMAIL_CONTROLDIR}/conf-common ] && source ${QMAIL_CONTROLDIR}/conf-common [ -s ${QMAIL_CONTROLDIR}/conf-${SERVICE}d ] && source ${QMAIL_CONTROLDIR}/conf-${SERVICE}d +[ -s /var/qmail/bin/config-sanity-check ] && source /var/qmail/bin/config-sanity-check # Now run it all -exec /usr/bin/softlimit -m 8000000 \ +exec /usr/bin/softlimit ${SOFTLIMIT_OPTS} \ ${QMAIL_TCPSERVER_PRE} \ - /usr/bin/tcpserver -H -R -v -x /etc/tcp.${SERVICE}.cdb -c ${MAXCONN} \ - -u ${QMAILDUID} -g ${NOFILESGID} \ + /usr/bin/tcpserver ${TCPSERVER_OPTS} -x /etc/tcp.${SERVICE}.cdb \ + -c ${MAXCONN} -u ${QMAILDUID} -g ${NOFILESGID} \ ${TCPSERVER_HOST} ${TCPSERVER_PORT} \ ${QMAIL_QMQP_PRE} /var/qmail/bin/qmail-${SERVICE}d ${QMAIL_QMQP_POST} \ 2>&1 diff --git a/net-mail/qmail/files/1.03-r12/run-qmailqmtpd b/net-mail/qmail/files/1.03-r12/run-qmailqmtpd index d22c977593f0..ddcc95ccb031 100644 --- a/net-mail/qmail/files/1.03-r12/run-qmailqmtpd +++ b/net-mail/qmail/files/1.03-r12/run-qmailqmtpd @@ -1,17 +1,24 @@ #!/bin/sh +# Gentoo Startup script for qmail's QMTP daemon +# $Header: /var/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r12/run-qmailqmtpd,v 1.2 2003/08/12 05:47:14 robbat2 Exp $ +# +# If you need to edit this file, please look at editing conf-qmtpd and +# conf-common first. If you still need to change this file, you should +# probably file a bug on the bugzilla saying what you wanted to change so that +# modification can be make possible via the configuration files # This is to make life easier SERVICE=qmtp -# We run this afterwards to allow appending of values etc. [ -s ${QMAIL_CONTROLDIR}/conf-common ] && source ${QMAIL_CONTROLDIR}/conf-common [ -s ${QMAIL_CONTROLDIR}/conf-${SERVICE}d ] && source ${QMAIL_CONTROLDIR}/conf-${SERVICE}d +[ -s /var/qmail/bin/config-sanity-check ] && source /var/qmail/bin/config-sanity-check # Now run it all -exec /usr/bin/softlimit -m 8000000 \ +exec /usr/bin/softlimit ${SOFTLIMIT_OPTS} \ ${QMAIL_TCPSERVER_PRE} \ - /usr/bin/tcpserver -H -R -v -x /etc/tcp.${SERVICE}.cdb -c ${MAXCONN} \ - -u ${QMAILDUID} -g ${NOFILESGID} \ + /usr/bin/tcpserver ${TCPSERVER_OPTS} -x /etc/tcp.${SERVICE}.cdb \ + -c ${MAXCONN} -u ${QMAILDUID} -g ${NOFILESGID} \ ${TCPSERVER_HOST} ${TCPSERVER_PORT} \ ${QMAIL_QMTP_PRE} /var/qmail/bin/qmail-${SERVICE}d ${QMAIL_QMTP_POST} \ 2>&1 diff --git a/net-mail/qmail/files/1.03-r12/run-qmailsmtpd b/net-mail/qmail/files/1.03-r12/run-qmailsmtpd index 8ee797b566fb..5103703725b6 100644 --- a/net-mail/qmail/files/1.03-r12/run-qmailsmtpd +++ b/net-mail/qmail/files/1.03-r12/run-qmailsmtpd @@ -1,17 +1,24 @@ #!/bin/sh +# Gentoo Startup script for qmail's SMTP daemon +# $Header: /var/cvsroot/gentoo-x86/net-mail/qmail/files/1.03-r12/run-qmailsmtpd,v 1.2 2003/08/12 05:47:14 robbat2 Exp $ +# +# If you need to edit this file, please look at editing conf-smtpd and +# conf-common first. If you still need to change this file, you should +# probably file a bug on the bugzilla saying what you wanted to change so that +# modification can be make possible via the configuration files # This is to make life easier SERVICE=smtp -# We run this afterwards to allow appending of values etc. [ -s ${QMAIL_CONTROLDIR}/conf-common ] && source ${QMAIL_CONTROLDIR}/conf-common [ -s ${QMAIL_CONTROLDIR}/conf-${SERVICE}d ] && source ${QMAIL_CONTROLDIR}/conf-${SERVICE}d +[ -s /var/qmail/bin/config-sanity-check ] && source /var/qmail/bin/config-sanity-check # Now run it all -exec /usr/bin/softlimit -m 8000000 \ +exec /usr/bin/softlimit ${SOFTLIMIT_OPTS} \ ${QMAIL_TCPSERVER_PRE} \ - /usr/bin/tcpserver -H -R -v -x /etc/tcp.${SERVICE}.cdb -c ${MAXCONN} \ - -u ${QMAILDUID} -g ${NOFILESGID} \ + /usr/bin/tcpserver ${TCPSERVER_OPTS} -x /etc/tcp.${SERVICE}.cdb \ + -c ${MAXCONN} -u ${QMAILDUID} -g ${NOFILESGID} \ ${TCPSERVER_HOST} ${TCPSERVER_PORT} \ ${QMAIL_SMTP_PRE} /var/qmail/bin/qmail-${SERVICE}d ${QMAIL_SMTP_POST} \ 2>&1 diff --git a/net-mail/qmail/files/1.03-r12/smtp-auth-close3.patch b/net-mail/qmail/files/1.03-r12/smtp-auth-close3.patch index 82fda701fd12..e259bbf27977 100644 --- a/net-mail/qmail/files/1.03-r12/smtp-auth-close3.patch +++ b/net-mail/qmail/files/1.03-r12/smtp-auth-close3.patch @@ -1,20 +1,24 @@ ---- qmail-smtpd.c.orig Sat Jan 18 09:13:50 2003 -+++ qmail-smtpd.c Sat Jan 18 19:51:09 2003 -@@ -459,14 +459,14 @@ +diff -ur qmail-1.03.orig/qmail-smtpd.c qmail-1.03/qmail-smtpd.c +--- qmail-1.03.orig/qmail-smtpd.c 2003-08-11 20:37:16.000000000 -0700 ++++ qmail-1.03/qmail-smtpd.c 2003-08-11 20:39:52.000000000 -0700 +@@ -519,14 +519,18 @@ if (!stralloc_0(&resp)) die_nomem(); if (fd_copy(2,1) == -1) return err_pipe(); - close(3); ++ //close(3); if (pipe(pi) == -1) return err_pipe(); - if (pi[0] != 3) return err_pipe(); ++ //if (pi[0] != 3) return err_pipe(); switch(child = fork()) { case -1: return err_fork(); case 0: close(pi[1]); -+ close(3); -+ if (0 > dup2(pi[0],3)) _exit(1); ++ if (pi[0] != 3) { ++ close(3); ++ if (0 > dup2(pi[0],3)) _exit(1); ++ } sig_pipedefault(); execvp(*childargs, childargs); _exit(1); - diff --git a/net-mail/qmail/files/digest-qmail-1.03-r12 b/net-mail/qmail/files/digest-qmail-1.03-r12 index b1db88921e23..68a91d8f4690 100644 --- a/net-mail/qmail/files/digest-qmail-1.03-r12 +++ b/net-mail/qmail/files/digest-qmail-1.03-r12 @@ -10,3 +10,4 @@ MD5 3dc69265a561c7d82ba3e43e89828722 qmail-tls.patch.tbz2 14076 MD5 122664c38338e5ec35fcac43f33d6927 qmail-1.03-qmtpc.patch 6197 MD5 24fc1a33089faf12e00b127cd659f317 qmail-smtpd-relay-reject 1230 MD5 ed5c0ddb6a5cc0386b1e04ced71d26ad qmail-local-tabs.patch 505 +MD5 432064e12c65d8f0deda580a2320b513 bad-rcpt-noisy-patch.txt 10474 diff --git a/net-mail/qmail/qmail-1.03-r12.ebuild b/net-mail/qmail/qmail-1.03-r12.ebuild index f95503f3d37a..d94c85a395d6 100644 --- a/net-mail/qmail/qmail-1.03-r12.ebuild +++ b/net-mail/qmail/qmail-1.03-r12.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2003 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-mail/qmail/qmail-1.03-r12.ebuild,v 1.1 2003/08/11 07:35:15 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-mail/qmail/qmail-1.03-r12.ebuild,v 1.2 2003/08/12 05:47:14 robbat2 Exp $ inherit eutils @@ -46,11 +46,12 @@ S=${WORKDIR}/${P} src_unpack() { - # This makes life easy - EPATCH_OPTS="-d ${S}" # unpack the initial stuff unpack ${P}.tar.gz qmail-tls.patch.tbz2 qmail-smtpd-auth-0.31.tar.gz + + # This makes life easy + EPATCH_OPTS="-d ${S}" # SMTP AUTH cp ${WORKDIR}/qmail-smtpd-auth-0.31/{README.auth,base64.c,base64.h} ${S} @@ -106,6 +107,11 @@ src_unpack() { # Reject some bad relaying attempts # gentoo bug #18064 epatch ${DISTDIR}/qmail-smtpd-relay-reject + + # provide badrcptto support + # as per bug #17283 + # patch re-diffed from original at http://www.iecc.com/bad-rcpt-noisy-patch.txt + epatch ${FILESDIR}/${PV}-${PR}/bad-rcpt-noisy-patch cd ${S} @@ -174,7 +180,7 @@ src_install() { qmail-popup qmail-qmqpc qmail-qmqpd qmail-qmtpd qmail-smtpd \ sendmail tcp-env qreceipt qsmhook qbiff forward preline \ condredirect bouncesaying except maildirmake maildir2mbox \ - maildirwatch qail elq pinq config-fast + maildirwatch qail elq pinq config-fast qmail-newbrt into /usr einfo "Installing manpages" @@ -216,7 +222,7 @@ src_install() { newins ${FILESDIR}/${PV}-${PR}/dot_qmail .qmail fperms 644 /etc/skel/.qmail # for good measure - keepdir /etc/skel/.maildir/{cur,new,tmp} /root/.maildir/{cur,new,tmp} + keepdir /etc/skel/.maildir/{cur,new,tmp} einfo "Setting up all services (send, smtp, qmtp, qmqp, pop3) ..." insopts -o root -g root -m 755 @@ -235,19 +241,27 @@ src_install() { insinto /var/qmail/supervise/qmail-${i}/log newins ${FILESDIR}/${PV}-${PR}/run-qmail${i}log run done + + einfo "Installing the qmail startup file ..." + insinto /var/qmail + insopts -o root -g root -m 755 + doins ${FILESDIR}/${PV}-${PR}/rc einfo "Installing the qmail control file ..." exeinto /var/qmail/bin + insopts -o root -g root -m 755 doexe ${FILESDIR}/${PV}-${PR}/qmail-control - einfo "Installing the qmail startup file ..." - insinto /var/qmail - doins ${FILESDIR}/${PV}-${PR}/rc - einfo "Insalling some stock configuration files" insinto /var/qmail/control + insopts -o root -g root -m 644 doins ${FILESDIR}/${PV}-${PR}/conf-* newins ${FILESDIR}/${PV}-${PR}/dot_qmail defaultdelivery + + einfo "Configuration sanity checker" + into /var/qmail + insopts -o root -g root -m 644 + dobin ${FILESDIR}/${PV}-${PR}/config-sanity-check } pkg_postinst() { @@ -290,35 +304,38 @@ pkg_postinst() { pkg_config() { - export qhost=`hostname --fqdn` if [ ${ROOT} = "/" ] ; then if [ ! -f ${ROOT}/var/qmail/control/me ] ; then + export qhost=`hostname --fqdn` ${ROOT}/var/qmail/bin/config-fast $qhost fi fi einfo "Accepting relaying by default from all ips configured on this machine." LOCALIPS=`/sbin/ifconfig | grep inet | cut -d' ' -f 12 -s | cut -b 6-20` + [ -e ${ROOT}/etc/tcp.smtp ] && TCPSMTP_EXISTS=1 || TCPSMTP_EXISTS= + [ -e ${ROOT}/etc/tcp.qmtp ] && TCPQMTP_EXISTS=1 || TCPQMTP_EXISTS= + [ -e ${ROOT}/etc/tcp.qmqp ] && TCPQMQP_EXISTS=1 || TCPQMQP_EXISTS= for ip in $LOCALIPS; do - echo "$ip:allow,RELAYCLIENT=\"\",RBLSMTPD=\"\"" >> /etc/tcp.smtp - echo "$ip:allow,RELAYCLIENT=\"\"" >> /etc/tcp.qmtp - echo "$ip:allow,RELAYCLIENT=\"\"" >> /etc/tcp.qmqp + [ -z "${TCPSMTP_EXISTS}" ] && echo "$ip:allow,RELAYCLIENT=\"\"" >> ${ROOT}/etc/tcp.smtp + [ -z "${TCPQMTP_EXISTS}" ] && echo "$ip:allow,RELAYCLIENT=\"\"" >> ${ROOT}/etc/tcp.qmtp + [ -z "${TCPQMQP_EXISTS}" ] && echo "$ip:allow,RELAYCLIENT=\"\"" >> ${ROOT}/etc/tcp.qmqp done - echo ":allow" >> /etc/tcp.smtp - echo ":allow" >> /etc/tcp.qmtp - echo ":deny" >> /etc/tcp.qmqp + [ -z "${TCPSMTP_EXISTS}" ] && echo ":allow" >> ${ROOT}/etc/tcp.smtp + [ -z "${TCPQMTP_EXISTS}" ] && echo ":allow" >> ${ROOT}/etc/tcp.qmtp + [ -z "${TCPQMQP_EXISTS}" ] && echo ":deny" >> ${ROOT}/etc/tcp.qmqp for i in smtp qmtp qmqp; do - tcprules /etc/tcp.${i}.cdb /etc/tcp.${i}.tmp < /etc/tcp.${i} + tcprules ${ROOT}/etc/tcp.${i}.cdb ${ROOT}/etc/.tcp.${i}.tmp < ${ROOT}/etc/tcp.${i} done if [ `use ssl` ]; then - if [ ! -f /var/qmail/control/servercert.pem ]; then + if [ ! -f ${ROOT}/var/qmail/control/servercert.pem ]; then echo "Creating a self-signed ssl-cert:" - /usr/bin/openssl req -new -x509 -nodes -out /var/qmail/control/servercert.pem -days 366 -keyout /var/qmail/control/servercert.pem - chmod 640 /var/qmail/control/servercert.pem - chown qmaild.qmail /var/qmail/control/servercert.pem - ln -s /var/qmail/control/servercert.pem /var/qmail/control/clientcert.pem + /usr/bin/openssl req -new -x509 -nodes -out ${ROOT}/var/qmail/control/servercert.pem -days 366 -keyout ${ROOT}/var/qmail/control/servercert.pem + chmod 640 ${ROOT}/var/qmail/control/servercert.pem + chown qmaild.qmail ${ROOT}/var/qmail/control/servercert.pem + ln -s /var/qmail/control/servercert.pem ${ROOT}/var/qmail/control/clientcert.pem einfo "If You want to have a signed cert, do the following:" einfo "openssl req -new -nodes -out req.pem \\" -- cgit v1.2.3-65-gdbad