mail-mta/netqmail: avoid ANY DNS queries

Closes: https://bugs.gentoo.org/701476
Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>
Closes: https://github.com/gentoo/gentoo/pull/13816
Signed-off-by: Joonas Niilola <juippis@gentoo.org>

2 files changed, 273 insertions, 0 deletions

diff --git a/mail-mta/netqmail/files/netqmail-1.06-any-to-cname.patch b/mail-mta/netqmail/files/netqmail-1.06-any-to-cname.patch
new file mode 100644
index 000000000000..9c9d53963510
--- /dev/null
+++ b/mail-mta/netqmail/files/netqmail-1.06-any-to-cname.patch
@@ -0,0 +1,74 @@
+From b05ec6cbdacdf40d6c75326394461e22b7f8ab20 Mon Sep 17 00:00:00 2001
+From: Jonathan de Boyne Pollard <J.deBoynePollard-newsgroups@NTLWorld.com>
+Date: Fri, 12 Jul 2019 23:34:52 -0600
+Subject: [PATCH] Apply Jonathan de Boyne Pollard's any-to-cname patch.
+
+modifies the behaviour of qmail-remote to remove the workaround
+that Dan Bernstein added on 1996-10-03 to work around a bug in
+BIND versions earlier than version 4.9.4.
+
+Applying this patch incurs a risk, but yields a benefit. It is
+published in order to allow others to experiment with removing
+the workaround.
+
+The risk is twofold:
+
+ * qmail-remote will not be able to relay any mail if one's own
+   proxy DNS server is such a version of BIND. This is trivially
+   overcome by replacing such an old version of BIND either with a
+   new version of BIND that doesn't have the problem or with some
+   other proxy DNS server software entirely (such as dnscache).
+
+ * qmail-remote will not be able to relay mail to domains whose
+   content DNS servers use such versions of BIND, because the
+   "CNAME" resource record lookup will fail. To gauge the level of
+   this risk, notice that Dan's own 2002-12-17 survey of content DNS
+   servers reports a mere 2% of the "*.com." content DNS servers as
+   employing BIND version 4 (but doesn't report how many of that 2%
+   employ BIND 4 versions earlier than 4.9.4).
+
+The benefit of this patch is that it reduces DNS query traffic
+and proxy DNS server cache load.
+
+ * Without it, qmail-remote issues "ANY" queries. Some proxy DNS
+   server softwares (albeit not dnscache) pass such queries through
+   directly to the back end, meaning that every query issued by
+   qmail-remote will result in a back-end query to a content DNS
+   server, no matter if the necessary information is already cached.
+   Moreover: The results of such a query, which are often a large
+   collection of resource record sets of various types, are cached
+   in the proxy DNS server's cache, even though almost none of them
+   will be used. A caching proxy DNS server dedicated to serving
+   qmail will end up with all sorts of cruft in its cache that isn't
+   actually relevant to mail transportation, taking up space that
+   could be better put to use caching those resource record sets
+   that are relevant.
+
+ * With it, qmail-remote issues "CNAME" queries. All of the mainstream
+   proxy DNS server softwares in popular use (apart from dnscache,
+   because it has problems in this regard) don't pass such queries
+   directly through, and will answer them from their caches without
+   issuing a back-end query at all if the data are already there and
+   still current. Moreover: A caching proxy DNS server dedicated to
+   serving qmail will not have its cache cluttered with irrelevant
+   data.
+---
+ dns.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dns.c b/dns.c
+index 44db25b..77e4ff7 100644
+--- a/dns.c
++++ b/dns.c
+@@ -197,7 +197,7 @@ stralloc *sa;
+    if (!sa->len) return loop;
+    if (sa->s[sa->len - 1] == ']') return loop;
+    if (sa->s[sa->len - 1] == '.') { --sa->len; continue; }
+-   switch(resolve(sa,T_ANY))
++   switch(resolve(sa,T_CNAME))
+     {
+      case DNS_MEM: return DNS_MEM;
+      case DNS_SOFT: return DNS_SOFT;
+-- 
+2.16.4
+
diff --git a/mail-mta/netqmail/netqmail-1.06-r12.ebuild b/mail-mta/netqmail/netqmail-1.06-r12.ebuild
new file mode 100644
index 000000000000..8044a26d5027
--- /dev/null
+++ b/mail-mta/netqmail/netqmail-1.06-r12.ebuild
@@ -0,0 +1,199 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+GENQMAIL_PV=20191010
+QMAIL_SPP_PV=0.42
+
+QMAIL_TLS_PV=20190114
+QMAIL_TLS_F=${PN}-1.05-tls-smtpauth-${QMAIL_TLS_PV}.patch
+QMAIL_TLS_CVE=vu555316.patch
+
+QMAIL_BIGTODO_PV=103
+QMAIL_BIGTODO_F=big-todo.${QMAIL_BIGTODO_PV}.patch
+
+QMAIL_LARGE_DNS='qmail-103.patch'
+
+QMAIL_SMTPUTF8='qmail-smtputf8.patch'
+
+inherit qmail
+
+DESCRIPTION="qmail -- a secure, reliable, efficient, simple message transfer agent"
+HOMEPAGE="
+	http://netqmail.org
+	https://cr.yp.to/qmail.html
+	http://qmail.org
+"
+SRC_URI="mirror://qmail/${P}.tar.gz
+	https://github.com/DerDakon/genqmail/releases/download/genqmail-${GENQMAIL_PV}/${GENQMAIL_F}
+	https://www.ckdhr.com/ckd/${QMAIL_LARGE_DNS}
+	!vanilla? (
+		highvolume? ( mirror://qmail/${QMAIL_BIGTODO_F} )
+		qmail-spp? ( mirror://sourceforge/qmail-spp/${QMAIL_SPP_F} )
+		ssl? (
+			https://mirror.alexh.name/qmail/netqmail/${QMAIL_TLS_F}
+			http://inoa.net/qmail-tls/${QMAIL_TLS_CVE}
+			https://arnt.gulbrandsen.priv.no/qmail/qmail-smtputf8.patch
+		)
+	)
+"
+
+LICENSE="public-domain"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86"
+IUSE="authcram gencertdaily highvolume libressl pop3 qmail-spp ssl vanilla"
+REQUIRED_USE="vanilla? ( !ssl !qmail-spp !highvolume )"
+RESTRICT="test"
+
+DEPEND="
+	acct-group/nofiles
+	acct-group/qmail
+	acct-user/alias
+	acct-user/qmaild
+	acct-user/qmaill
+	acct-user/qmailp
+	acct-user/qmailq
+	acct-user/qmailr
+	acct-user/qmails
+	net-dns/libidn2
+	net-mail/queue-repair
+	sys-apps/gentoo-functions
+	sys-apps/groff
+	ssl? (
+		!libressl? ( >=dev-libs/openssl-1.1:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+"
+RDEPEND="${DEPEND}
+	sys-apps/ucspi-tcp
+	virtual/checkpassword
+	virtual/daemontools
+	authcram? ( >=net-mail/cmd5checkpw-0.30 )
+	ssl? (
+		pop3? ( sys-apps/ucspi-ssl )
+	)
+	!mail-mta/courier
+	!mail-mta/esmtp
+	!mail-mta/exim
+	!mail-mta/mini-qmail
+	!mail-mta/msmtp[mta]
+	!mail-mta/nullmailer
+	!mail-mta/opensmtpd
+	!mail-mta/postfix
+	!mail-mta/qmail-ldap
+	!mail-mta/sendmail
+	!mail-mta/ssmtp[mta]
+"
+
+pkg_setup() {
+	if [[ -n "${QMAIL_PATCH_DIR}" ]]; then
+		eerror
+		eerror "The QMAIL_PATCH_DIR variable for custom patches"
+		eerror "has been removed from ${PN}. If you need custom patches"
+		eerror "see 'user patches' in the portage manual."
+		eerror
+		die "QMAIL_PATCH_DIR is not supported anymore"
+	fi
+}
+
+src_unpack() {
+	genqmail_src_unpack
+	use qmail-spp && qmail_spp_src_unpack
+
+	unpack ${P}.tar.gz
+}
+
+PATCHES=(
+	"${FILESDIR}/${PV}-exit.patch"
+	"${FILESDIR}/${PV}-readwrite.patch"
+	"${DISTDIR}/${QMAIL_LARGE_DNS}"
+	"${FILESDIR}/${PV}-fbsd-utmpx.patch"
+	"${FILESDIR}/${P}-ipme-multiple.patch"
+	"${FILESDIR}/${P}-any-to-cname.patch"
+)
+
+src_prepare() {
+	if ! use vanilla; then
+		if use ssl; then
+			# This patch contains relative paths and needs to be cleaned up.
+			sed 's~^--- \.\./\.\./~--- ~g' \
+				< "${DISTDIR}"/${QMAIL_TLS_F} \
+				> "${T}"/${QMAIL_TLS_F} || die
+			PATCHES+=( "${T}/${QMAIL_TLS_F}"
+				"${DISTDIR}/${QMAIL_TLS_CVE}"
+				"${FILESDIR}/qmail-smtputf8.patch"
+				"${FILESDIR}/qmail-smtputf8-crlf-fix.patch"
+			)
+		fi
+		if use highvolume; then
+			PATCHES+=( "${DISTDIR}/${QMAIL_BIGTODO_F}" )
+		fi
+
+		if use qmail-spp; then
+			if use ssl; then
+				SPP_PATCH="${QMAIL_SPP_S}/qmail-spp-smtpauth-tls-20060105.diff"
+			else
+				SPP_PATCH="${QMAIL_SPP_S}/netqmail-spp.diff"
+			fi
+			# make the patch work with "-p1"
+			sed -e 's#^--- \([Mq]\)#--- a/\1#' -e 's#^+++ \([Mq]\)#+++ b/\1#' -i ${SPP_PATCH} || die
+
+			PATCHES+=( "${SPP_PATCH}" )
+		fi
+	fi
+
+	default
+
+	qmail_src_postunpack
+
+	# Fix bug #33818 but for netqmail (Bug 137015)
+	if ! use authcram; then
+		einfo "Disabled CRAM_MD5 support"
+		sed -e 's,^#define CRAM_MD5$,/*&*/,' -i "${S}"/qmail-smtpd.c || die
+	else
+		einfo "Enabled CRAM_MD5 support"
+	fi
+
+	ht_fix_file Makefile*
+}
+
+src_compile() {
+	qmail_src_compile
+	use qmail-spp && qmail_spp_src_compile
+}
+
+src_install() {
+	qmail_src_install
+}
+
+pkg_postinst() {
+	qmail_queue_setup
+	qmail_rootmail_fixup
+	qmail_tcprules_build
+
+	qmail_config_notice
+	qmail_supervise_config_notice
+	elog
+	elog "If you are looking for documentation, check those links:"
+	elog "https://wiki.gentoo.org/wiki/Virtual_mail_hosting_with_qmail"
+	elog "  -- qmail/vpopmail Virtual Mail Hosting System Guide"
+	elog "http://www.lifewithqmail.com/"
+	elog "  -- Life with qmail"
+	elog
+}
+
+pkg_preinst() {
+	qmail_tcprules_fixup
+}
+
+pkg_config() {
+	# avoid some weird locale problems
+	export LC_ALL=C
+
+	qmail_config_fast
+	qmail_tcprules_config
+	qmail_tcprules_build
+
+	use ssl && qmail_ssl_generate
+}