summaryrefslogtreecommitdiffstats
path: root/mail
diff options
context:
space:
mode:
authordinoex <dinoex@FreeBSD.org>2002-10-08 15:29:02 +0000
committerdinoex <dinoex@FreeBSD.org>2002-10-08 15:29:02 +0000
commitf144698a14e3021bd9893b0c9b8d102e99644c05 (patch)
treea533d9ee2bab7779fb10fd65d827ab7d84584e60 /mail
parent3e724c2eee8b3d0ff1c4513502f501afd6714697 (diff)
downloadFreeBSD-ports-f144698a14e3021bd9893b0c9b8d102e99644c05.zip
FreeBSD-ports-f144698a14e3021bd9893b0c9b8d102e99644c05.tar.gz
Update pkg-message for local paths and uucp.
Add targets for easy install: root-sasldb, tls-install Small Security Fix, see http://www.sendmail.org/smrsh.adv.txt
Diffstat (limited to 'mail')
-rw-r--r--mail/sendmail/Makefile26
-rw-r--r--mail/sendmail/files/patch-smrsh.c63
-rw-r--r--mail/sendmail/files/tls-install.sh87
-rw-r--r--mail/sendmail/pkg-message6
-rw-r--r--mail/sendmail812/Makefile26
-rw-r--r--mail/sendmail812/files/patch-smrsh.c63
-rw-r--r--mail/sendmail812/files/tls-install.sh87
-rw-r--r--mail/sendmail812/pkg-message6
8 files changed, 364 insertions, 0 deletions
diff --git a/mail/sendmail/Makefile b/mail/sendmail/Makefile
index c704303..0e67da0 100644
--- a/mail/sendmail/Makefile
+++ b/mail/sendmail/Makefile
@@ -7,6 +7,7 @@
PORTNAME= sendmail
PORTVERSION= 8.12.6
+PORTREVISION= 1
CATEGORIES= mail ipv6
MASTER_SITES= ftp://ftp.sendmail.org/pub/sendmail/ \
${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/mail/sendmail/&,}
@@ -219,6 +220,31 @@ ${DESTDIR}/etc/mail/submit.cf: ${DESTDIR}/etc/mail/submit.mc
SENDMAIL_CF_DIR=${PREFIX}/share/sendmail/cf \
SENDMAIL_MC=submit )
+# create basics for smtp-auth
+#
+root-sasldb:
+ @${ECHO_CMD} "# Links:"
+ @${ECHO_CMD} "#"
+ @${ECHO_CMD} "# http://www.sendmail.org/~ca/email/auth.html"
+ @${ECHO_CMD} "# http://www.asp.ogi.edu/people/paja/linux/sendmail/"
+ @${ECHO_CMD} "# http://blue-labs.org/clue/sendmail.php"
+ @${ECHO_CMD} "# http://www.digitalanswers.org/sendmail/"
+ @${ECHO_CMD} "#"
+.if defined(SASLPWD)
+ -@${ECHO_CMD} ${SASLPWD} | \
+ ${LOCALBASE}/sbin/saslpasswd -p -c -u ${REALM} "sendmail"
+.else
+ @${ECHO_CMD} "make SASLPWD=passwort owner-sasldb"
+.endif
+ ${CHOWN} root:wheel ${DESTDIR}${PREFIX}/etc/sasldb.db
+ ${CHMOD} 0600 ${DESTDIR}${PREFIX}/etc/sasldb.db
+
+# create certificates for TLS/SSL
+#
+tls-install:
+ env DESTDIR=${DESTDIR} FILESDIR=${FILESDIR} \
+ sh ${FILESDIR}/tls-install.sh
+
.include <bsd.port.pre.mk>
.if defined(SENDMAIL_WITH_TLS) || defined(WITH_TLS)
diff --git a/mail/sendmail/files/patch-smrsh.c b/mail/sendmail/files/patch-smrsh.c
new file mode 100644
index 0000000..f838f41
--- /dev/null
+++ b/mail/sendmail/files/patch-smrsh.c
@@ -0,0 +1,63 @@
+Index: smrsh.c
+===================================================================
+RCS file: /cvs/smrsh/smrsh.c,v
+retrieving revision 8.58
+diff -u -r8.58 smrsh.c
+--- smrsh/smrsh.c 25 May 2002 02:41:31 -0000 8.58
++++ smrsh/smrsh.c 24 Sep 2002 23:58:16 -0000
+@@ -57,6 +57,8 @@
+ #include <sm/limits.h>
+ #include <sm/string.h>
+ #include <sys/file.h>
++#include <sys/types.h>
++#include <sys/stat.h>
+ #include <string.h>
+ #include <ctype.h>
+ #include <errno.h>
+@@ -145,6 +147,7 @@
+ char *newenv[2];
+ char pathbuf[1000];
+ char specialbuf[32];
++ struct stat st;
+
+ #ifndef DEBUG
+ # ifndef LOG_MAIL
+@@ -302,6 +305,38 @@
+ (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
+ "Trying %s\n", cmdbuf);
+ #endif /* DEBUG */
++ if (stat(cmdbuf, &st) < 0)
++ {
++ /* can't stat it */
++ (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
++ "%s: %s not available for sendmail programs (stat failed)\n",
++ prg, cmd);
++ if (p != NULL)
++ *p = ' ';
++#ifndef DEBUG
++ syslog(LOG_CRIT, "uid %d: attempt to use %s (stat failed)",
++ (int) getuid(), cmd);
++#endif /* ! DEBUG */
++ exit(EX_UNAVAILABLE);
++ }
++ if (!S_ISREG(st.st_mode)
++#ifdef S_ISLNK
++ && !S_ISLNK(st.st_mode)
++#endif /* S_ISLNK */
++ )
++ {
++ /* can't stat it */
++ (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
++ "%s: %s not available for sendmail programs (not a file)\n",
++ prg, cmd);
++ if (p != NULL)
++ *p = ' ';
++#ifndef DEBUG
++ syslog(LOG_CRIT, "uid %d: attempt to use %s (not a file)",
++ (int) getuid(), cmd);
++#endif /* ! DEBUG */
++ exit(EX_UNAVAILABLE);
++ }
+ if (access(cmdbuf, X_OK) < 0)
+ {
+ /* oops.... crack attack possiblity */
diff --git a/mail/sendmail/files/tls-install.sh b/mail/sendmail/files/tls-install.sh
new file mode 100644
index 0000000..1157bab
--- /dev/null
+++ b/mail/sendmail/files/tls-install.sh
@@ -0,0 +1,87 @@
+#!/bin/sh
+#
+CADIR="${CADIR-${DESTDIR}/etc/mail/certs}"
+FILSEDIR="${FILESDIR-/usr/ports/mail/sendmail/files}"
+REALM=`hostname`
+
+echo "creating: ${CADIR} on ${REALM}"
+for i in certs crl newcerts private
+do
+ if test ! -d "${CADIR}/${i}"
+ then
+ mkdir -p "${CADIR}/${i}"
+ fi
+done
+chmod 0600 "${CADIR}/private"
+cd "${CADIR}" || exit 65
+
+if test ! -f openssl.cnf
+then
+ echo "generating: openssl.cnf"
+ sed -e "s=./demoCA=${CADIR}=" /etc/ssl/openssl.cnf > "openssl.cnf"
+fi
+
+if test ! -f "serial"
+then
+ echo "generating: serial"
+ echo "01" > "serial"
+fi
+
+if test ! -f "index.txt"
+then
+ echo "generating: index.txt"
+ cp /dev/null "index.txt"
+fi
+
+if test ! -f "cacert.pem"
+then
+ echo "generating CA"
+ openssl req -new -x509 -config openssl.cnf \
+ -keyout private/cakey.pem \
+ -out cacert.pem
+ chmod 0600 "private/cakey.pem"
+fi
+
+if test ! -f "sendmailcert.pem"
+then
+ if test ! -f "private/sendmailkey.pem"
+ then
+ echo "generating server CERT"
+ umask 0066
+ openssl req -nodes -new -x509 -config openssl.cnf \
+ -keyout private/sendmailkey.pem \
+ -out private/sendmailkey.pem
+ fi
+ if test ! -f "newcsr.pem"
+ then
+ echo "signing CERT1"
+ openssl x509 -x509toreq \
+ -in private/sendmailkey.pem \
+ -signkey private/sendmailkey.pem \
+ -out newcsr.pem
+ fi
+ if test ! -f "sendmailcert.pem"
+ then
+ echo "signing CERT2"
+ openssl ca -config openssl.cnf -policy policy_anything \
+ -out sendmailcert.pem \
+ -infiles newcsr.pem
+ rm -f newcsr.pem
+ fi
+fi
+
+sed 's/^X//' << 'END-of-files/tls.m4'
+X# links:
+X# http://www.sendmail.org/~ca/email/starttls.html
+X# http://www.ofb.net/~jheiss/sendmail/tlsandrelay.shtml
+X#
+X# You may need to add this to your sendmail.mc file:
+X
+Xdefine(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
+Xdefine(`confCACERT_PATH', `CERT_DIR')dnl
+Xdefine(`confCACERT', `CERT_DIR/cacert.pem')dnl
+Xdefine(`confSERVER_CERT', `CERT_DIR/sendmailcert.pem')dnl
+Xdefine(`confSERVER_KEY', `CERT_DIR/private/sendmailkey.pem')dnl
+X
+END-of-files/tls.m4
+exit
diff --git a/mail/sendmail/pkg-message b/mail/sendmail/pkg-message
index 3628cb1..2018047 100644
--- a/mail/sendmail/pkg-message
+++ b/mail/sendmail/pkg-message
@@ -21,6 +21,12 @@ sendmail_flags="-L sm-msp-queue -Ac -q1m"
To update your configuration look at %%PREFIX%%/share/sendmail/cf/README.
---------------------------------------------------
+To use the ports versions you may add to your sendmail.mc file:
+
+define(`confEBINDIR', `/usr/local/libexec')dnl
+define(`UUCP_MAILER_PATH', `/usr/local/bin/uux')dnl
+
+---------------------------------------------------
To activate sendmail as your default mailer, call the target 'mailer.conf':
/usr/ports/mail/sendmail$ make mailer.conf
diff --git a/mail/sendmail812/Makefile b/mail/sendmail812/Makefile
index c704303..0e67da0 100644
--- a/mail/sendmail812/Makefile
+++ b/mail/sendmail812/Makefile
@@ -7,6 +7,7 @@
PORTNAME= sendmail
PORTVERSION= 8.12.6
+PORTREVISION= 1
CATEGORIES= mail ipv6
MASTER_SITES= ftp://ftp.sendmail.org/pub/sendmail/ \
${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/mail/sendmail/&,}
@@ -219,6 +220,31 @@ ${DESTDIR}/etc/mail/submit.cf: ${DESTDIR}/etc/mail/submit.mc
SENDMAIL_CF_DIR=${PREFIX}/share/sendmail/cf \
SENDMAIL_MC=submit )
+# create basics for smtp-auth
+#
+root-sasldb:
+ @${ECHO_CMD} "# Links:"
+ @${ECHO_CMD} "#"
+ @${ECHO_CMD} "# http://www.sendmail.org/~ca/email/auth.html"
+ @${ECHO_CMD} "# http://www.asp.ogi.edu/people/paja/linux/sendmail/"
+ @${ECHO_CMD} "# http://blue-labs.org/clue/sendmail.php"
+ @${ECHO_CMD} "# http://www.digitalanswers.org/sendmail/"
+ @${ECHO_CMD} "#"
+.if defined(SASLPWD)
+ -@${ECHO_CMD} ${SASLPWD} | \
+ ${LOCALBASE}/sbin/saslpasswd -p -c -u ${REALM} "sendmail"
+.else
+ @${ECHO_CMD} "make SASLPWD=passwort owner-sasldb"
+.endif
+ ${CHOWN} root:wheel ${DESTDIR}${PREFIX}/etc/sasldb.db
+ ${CHMOD} 0600 ${DESTDIR}${PREFIX}/etc/sasldb.db
+
+# create certificates for TLS/SSL
+#
+tls-install:
+ env DESTDIR=${DESTDIR} FILESDIR=${FILESDIR} \
+ sh ${FILESDIR}/tls-install.sh
+
.include <bsd.port.pre.mk>
.if defined(SENDMAIL_WITH_TLS) || defined(WITH_TLS)
diff --git a/mail/sendmail812/files/patch-smrsh.c b/mail/sendmail812/files/patch-smrsh.c
new file mode 100644
index 0000000..f838f41
--- /dev/null
+++ b/mail/sendmail812/files/patch-smrsh.c
@@ -0,0 +1,63 @@
+Index: smrsh.c
+===================================================================
+RCS file: /cvs/smrsh/smrsh.c,v
+retrieving revision 8.58
+diff -u -r8.58 smrsh.c
+--- smrsh/smrsh.c 25 May 2002 02:41:31 -0000 8.58
++++ smrsh/smrsh.c 24 Sep 2002 23:58:16 -0000
+@@ -57,6 +57,8 @@
+ #include <sm/limits.h>
+ #include <sm/string.h>
+ #include <sys/file.h>
++#include <sys/types.h>
++#include <sys/stat.h>
+ #include <string.h>
+ #include <ctype.h>
+ #include <errno.h>
+@@ -145,6 +147,7 @@
+ char *newenv[2];
+ char pathbuf[1000];
+ char specialbuf[32];
++ struct stat st;
+
+ #ifndef DEBUG
+ # ifndef LOG_MAIL
+@@ -302,6 +305,38 @@
+ (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
+ "Trying %s\n", cmdbuf);
+ #endif /* DEBUG */
++ if (stat(cmdbuf, &st) < 0)
++ {
++ /* can't stat it */
++ (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
++ "%s: %s not available for sendmail programs (stat failed)\n",
++ prg, cmd);
++ if (p != NULL)
++ *p = ' ';
++#ifndef DEBUG
++ syslog(LOG_CRIT, "uid %d: attempt to use %s (stat failed)",
++ (int) getuid(), cmd);
++#endif /* ! DEBUG */
++ exit(EX_UNAVAILABLE);
++ }
++ if (!S_ISREG(st.st_mode)
++#ifdef S_ISLNK
++ && !S_ISLNK(st.st_mode)
++#endif /* S_ISLNK */
++ )
++ {
++ /* can't stat it */
++ (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
++ "%s: %s not available for sendmail programs (not a file)\n",
++ prg, cmd);
++ if (p != NULL)
++ *p = ' ';
++#ifndef DEBUG
++ syslog(LOG_CRIT, "uid %d: attempt to use %s (not a file)",
++ (int) getuid(), cmd);
++#endif /* ! DEBUG */
++ exit(EX_UNAVAILABLE);
++ }
+ if (access(cmdbuf, X_OK) < 0)
+ {
+ /* oops.... crack attack possiblity */
diff --git a/mail/sendmail812/files/tls-install.sh b/mail/sendmail812/files/tls-install.sh
new file mode 100644
index 0000000..1157bab
--- /dev/null
+++ b/mail/sendmail812/files/tls-install.sh
@@ -0,0 +1,87 @@
+#!/bin/sh
+#
+CADIR="${CADIR-${DESTDIR}/etc/mail/certs}"
+FILSEDIR="${FILESDIR-/usr/ports/mail/sendmail/files}"
+REALM=`hostname`
+
+echo "creating: ${CADIR} on ${REALM}"
+for i in certs crl newcerts private
+do
+ if test ! -d "${CADIR}/${i}"
+ then
+ mkdir -p "${CADIR}/${i}"
+ fi
+done
+chmod 0600 "${CADIR}/private"
+cd "${CADIR}" || exit 65
+
+if test ! -f openssl.cnf
+then
+ echo "generating: openssl.cnf"
+ sed -e "s=./demoCA=${CADIR}=" /etc/ssl/openssl.cnf > "openssl.cnf"
+fi
+
+if test ! -f "serial"
+then
+ echo "generating: serial"
+ echo "01" > "serial"
+fi
+
+if test ! -f "index.txt"
+then
+ echo "generating: index.txt"
+ cp /dev/null "index.txt"
+fi
+
+if test ! -f "cacert.pem"
+then
+ echo "generating CA"
+ openssl req -new -x509 -config openssl.cnf \
+ -keyout private/cakey.pem \
+ -out cacert.pem
+ chmod 0600 "private/cakey.pem"
+fi
+
+if test ! -f "sendmailcert.pem"
+then
+ if test ! -f "private/sendmailkey.pem"
+ then
+ echo "generating server CERT"
+ umask 0066
+ openssl req -nodes -new -x509 -config openssl.cnf \
+ -keyout private/sendmailkey.pem \
+ -out private/sendmailkey.pem
+ fi
+ if test ! -f "newcsr.pem"
+ then
+ echo "signing CERT1"
+ openssl x509 -x509toreq \
+ -in private/sendmailkey.pem \
+ -signkey private/sendmailkey.pem \
+ -out newcsr.pem
+ fi
+ if test ! -f "sendmailcert.pem"
+ then
+ echo "signing CERT2"
+ openssl ca -config openssl.cnf -policy policy_anything \
+ -out sendmailcert.pem \
+ -infiles newcsr.pem
+ rm -f newcsr.pem
+ fi
+fi
+
+sed 's/^X//' << 'END-of-files/tls.m4'
+X# links:
+X# http://www.sendmail.org/~ca/email/starttls.html
+X# http://www.ofb.net/~jheiss/sendmail/tlsandrelay.shtml
+X#
+X# You may need to add this to your sendmail.mc file:
+X
+Xdefine(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
+Xdefine(`confCACERT_PATH', `CERT_DIR')dnl
+Xdefine(`confCACERT', `CERT_DIR/cacert.pem')dnl
+Xdefine(`confSERVER_CERT', `CERT_DIR/sendmailcert.pem')dnl
+Xdefine(`confSERVER_KEY', `CERT_DIR/private/sendmailkey.pem')dnl
+X
+END-of-files/tls.m4
+exit
diff --git a/mail/sendmail812/pkg-message b/mail/sendmail812/pkg-message
index 3628cb1..2018047 100644
--- a/mail/sendmail812/pkg-message
+++ b/mail/sendmail812/pkg-message
@@ -21,6 +21,12 @@ sendmail_flags="-L sm-msp-queue -Ac -q1m"
To update your configuration look at %%PREFIX%%/share/sendmail/cf/README.
---------------------------------------------------
+To use the ports versions you may add to your sendmail.mc file:
+
+define(`confEBINDIR', `/usr/local/libexec')dnl
+define(`UUCP_MAILER_PATH', `/usr/local/bin/uux')dnl
+
+---------------------------------------------------
To activate sendmail as your default mailer, call the target 'mailer.conf':
/usr/ports/mail/sendmail$ make mailer.conf
OpenPOWER on IntegriCloud