diff options
author | dinoex <dinoex@FreeBSD.org> | 2002-10-08 15:29:02 +0000 |
---|---|---|
committer | dinoex <dinoex@FreeBSD.org> | 2002-10-08 15:29:02 +0000 |
commit | f144698a14e3021bd9893b0c9b8d102e99644c05 (patch) | |
tree | a533d9ee2bab7779fb10fd65d827ab7d84584e60 /mail | |
parent | 3e724c2eee8b3d0ff1c4513502f501afd6714697 (diff) | |
download | FreeBSD-ports-f144698a14e3021bd9893b0c9b8d102e99644c05.zip FreeBSD-ports-f144698a14e3021bd9893b0c9b8d102e99644c05.tar.gz |
Update pkg-message for local paths and uucp.
Add targets for easy install: root-sasldb, tls-install
Small Security Fix, see http://www.sendmail.org/smrsh.adv.txt
Diffstat (limited to 'mail')
-rw-r--r-- | mail/sendmail/Makefile | 26 | ||||
-rw-r--r-- | mail/sendmail/files/patch-smrsh.c | 63 | ||||
-rw-r--r-- | mail/sendmail/files/tls-install.sh | 87 | ||||
-rw-r--r-- | mail/sendmail/pkg-message | 6 | ||||
-rw-r--r-- | mail/sendmail812/Makefile | 26 | ||||
-rw-r--r-- | mail/sendmail812/files/patch-smrsh.c | 63 | ||||
-rw-r--r-- | mail/sendmail812/files/tls-install.sh | 87 | ||||
-rw-r--r-- | mail/sendmail812/pkg-message | 6 |
8 files changed, 364 insertions, 0 deletions
diff --git a/mail/sendmail/Makefile b/mail/sendmail/Makefile index c704303..0e67da0 100644 --- a/mail/sendmail/Makefile +++ b/mail/sendmail/Makefile @@ -7,6 +7,7 @@ PORTNAME= sendmail PORTVERSION= 8.12.6 +PORTREVISION= 1 CATEGORIES= mail ipv6 MASTER_SITES= ftp://ftp.sendmail.org/pub/sendmail/ \ ${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/mail/sendmail/&,} @@ -219,6 +220,31 @@ ${DESTDIR}/etc/mail/submit.cf: ${DESTDIR}/etc/mail/submit.mc SENDMAIL_CF_DIR=${PREFIX}/share/sendmail/cf \ SENDMAIL_MC=submit ) +# create basics for smtp-auth +# +root-sasldb: + @${ECHO_CMD} "# Links:" + @${ECHO_CMD} "#" + @${ECHO_CMD} "# http://www.sendmail.org/~ca/email/auth.html" + @${ECHO_CMD} "# http://www.asp.ogi.edu/people/paja/linux/sendmail/" + @${ECHO_CMD} "# http://blue-labs.org/clue/sendmail.php" + @${ECHO_CMD} "# http://www.digitalanswers.org/sendmail/" + @${ECHO_CMD} "#" +.if defined(SASLPWD) + -@${ECHO_CMD} ${SASLPWD} | \ + ${LOCALBASE}/sbin/saslpasswd -p -c -u ${REALM} "sendmail" +.else + @${ECHO_CMD} "make SASLPWD=passwort owner-sasldb" +.endif + ${CHOWN} root:wheel ${DESTDIR}${PREFIX}/etc/sasldb.db + ${CHMOD} 0600 ${DESTDIR}${PREFIX}/etc/sasldb.db + +# create certificates for TLS/SSL +# +tls-install: + env DESTDIR=${DESTDIR} FILESDIR=${FILESDIR} \ + sh ${FILESDIR}/tls-install.sh + .include <bsd.port.pre.mk> .if defined(SENDMAIL_WITH_TLS) || defined(WITH_TLS) diff --git a/mail/sendmail/files/patch-smrsh.c b/mail/sendmail/files/patch-smrsh.c new file mode 100644 index 0000000..f838f41 --- /dev/null +++ b/mail/sendmail/files/patch-smrsh.c @@ -0,0 +1,63 @@ +Index: smrsh.c +=================================================================== +RCS file: /cvs/smrsh/smrsh.c,v +retrieving revision 8.58 +diff -u -r8.58 smrsh.c +--- smrsh/smrsh.c 25 May 2002 02:41:31 -0000 8.58 ++++ smrsh/smrsh.c 24 Sep 2002 23:58:16 -0000 +@@ -57,6 +57,8 @@ + #include <sm/limits.h> + #include <sm/string.h> + #include <sys/file.h> ++#include <sys/types.h> ++#include <sys/stat.h> + #include <string.h> + #include <ctype.h> + #include <errno.h> +@@ -145,6 +147,7 @@ + char *newenv[2]; + char pathbuf[1000]; + char specialbuf[32]; ++ struct stat st; + + #ifndef DEBUG + # ifndef LOG_MAIL +@@ -302,6 +305,38 @@ + (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, + "Trying %s\n", cmdbuf); + #endif /* DEBUG */ ++ if (stat(cmdbuf, &st) < 0) ++ { ++ /* can't stat it */ ++ (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, ++ "%s: %s not available for sendmail programs (stat failed)\n", ++ prg, cmd); ++ if (p != NULL) ++ *p = ' '; ++#ifndef DEBUG ++ syslog(LOG_CRIT, "uid %d: attempt to use %s (stat failed)", ++ (int) getuid(), cmd); ++#endif /* ! DEBUG */ ++ exit(EX_UNAVAILABLE); ++ } ++ if (!S_ISREG(st.st_mode) ++#ifdef S_ISLNK ++ && !S_ISLNK(st.st_mode) ++#endif /* S_ISLNK */ ++ ) ++ { ++ /* can't stat it */ ++ (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, ++ "%s: %s not available for sendmail programs (not a file)\n", ++ prg, cmd); ++ if (p != NULL) ++ *p = ' '; ++#ifndef DEBUG ++ syslog(LOG_CRIT, "uid %d: attempt to use %s (not a file)", ++ (int) getuid(), cmd); ++#endif /* ! DEBUG */ ++ exit(EX_UNAVAILABLE); ++ } + if (access(cmdbuf, X_OK) < 0) + { + /* oops.... crack attack possiblity */ diff --git a/mail/sendmail/files/tls-install.sh b/mail/sendmail/files/tls-install.sh new file mode 100644 index 0000000..1157bab --- /dev/null +++ b/mail/sendmail/files/tls-install.sh @@ -0,0 +1,87 @@ +#!/bin/sh +# +CADIR="${CADIR-${DESTDIR}/etc/mail/certs}" +FILSEDIR="${FILESDIR-/usr/ports/mail/sendmail/files}" +REALM=`hostname` + +echo "creating: ${CADIR} on ${REALM}" +for i in certs crl newcerts private +do + if test ! -d "${CADIR}/${i}" + then + mkdir -p "${CADIR}/${i}" + fi +done +chmod 0600 "${CADIR}/private" +cd "${CADIR}" || exit 65 + +if test ! -f openssl.cnf +then + echo "generating: openssl.cnf" + sed -e "s=./demoCA=${CADIR}=" /etc/ssl/openssl.cnf > "openssl.cnf" +fi + +if test ! -f "serial" +then + echo "generating: serial" + echo "01" > "serial" +fi + +if test ! -f "index.txt" +then + echo "generating: index.txt" + cp /dev/null "index.txt" +fi + +if test ! -f "cacert.pem" +then + echo "generating CA" + openssl req -new -x509 -config openssl.cnf \ + -keyout private/cakey.pem \ + -out cacert.pem + chmod 0600 "private/cakey.pem" +fi + +if test ! -f "sendmailcert.pem" +then + if test ! -f "private/sendmailkey.pem" + then + echo "generating server CERT" + umask 0066 + openssl req -nodes -new -x509 -config openssl.cnf \ + -keyout private/sendmailkey.pem \ + -out private/sendmailkey.pem + fi + if test ! -f "newcsr.pem" + then + echo "signing CERT1" + openssl x509 -x509toreq \ + -in private/sendmailkey.pem \ + -signkey private/sendmailkey.pem \ + -out newcsr.pem + fi + if test ! -f "sendmailcert.pem" + then + echo "signing CERT2" + openssl ca -config openssl.cnf -policy policy_anything \ + -out sendmailcert.pem \ + -infiles newcsr.pem + rm -f newcsr.pem + fi +fi + +sed 's/^X//' << 'END-of-files/tls.m4' +X# links: +X# http://www.sendmail.org/~ca/email/starttls.html +X# http://www.ofb.net/~jheiss/sendmail/tlsandrelay.shtml +X# +X# You may need to add this to your sendmail.mc file: +X +Xdefine(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl +Xdefine(`confCACERT_PATH', `CERT_DIR')dnl +Xdefine(`confCACERT', `CERT_DIR/cacert.pem')dnl +Xdefine(`confSERVER_CERT', `CERT_DIR/sendmailcert.pem')dnl +Xdefine(`confSERVER_KEY', `CERT_DIR/private/sendmailkey.pem')dnl +X +END-of-files/tls.m4 +exit diff --git a/mail/sendmail/pkg-message b/mail/sendmail/pkg-message index 3628cb1..2018047 100644 --- a/mail/sendmail/pkg-message +++ b/mail/sendmail/pkg-message @@ -21,6 +21,12 @@ sendmail_flags="-L sm-msp-queue -Ac -q1m" To update your configuration look at %%PREFIX%%/share/sendmail/cf/README. --------------------------------------------------- +To use the ports versions you may add to your sendmail.mc file: + +define(`confEBINDIR', `/usr/local/libexec')dnl +define(`UUCP_MAILER_PATH', `/usr/local/bin/uux')dnl + +--------------------------------------------------- To activate sendmail as your default mailer, call the target 'mailer.conf': /usr/ports/mail/sendmail$ make mailer.conf diff --git a/mail/sendmail812/Makefile b/mail/sendmail812/Makefile index c704303..0e67da0 100644 --- a/mail/sendmail812/Makefile +++ b/mail/sendmail812/Makefile @@ -7,6 +7,7 @@ PORTNAME= sendmail PORTVERSION= 8.12.6 +PORTREVISION= 1 CATEGORIES= mail ipv6 MASTER_SITES= ftp://ftp.sendmail.org/pub/sendmail/ \ ${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/mail/sendmail/&,} @@ -219,6 +220,31 @@ ${DESTDIR}/etc/mail/submit.cf: ${DESTDIR}/etc/mail/submit.mc SENDMAIL_CF_DIR=${PREFIX}/share/sendmail/cf \ SENDMAIL_MC=submit ) +# create basics for smtp-auth +# +root-sasldb: + @${ECHO_CMD} "# Links:" + @${ECHO_CMD} "#" + @${ECHO_CMD} "# http://www.sendmail.org/~ca/email/auth.html" + @${ECHO_CMD} "# http://www.asp.ogi.edu/people/paja/linux/sendmail/" + @${ECHO_CMD} "# http://blue-labs.org/clue/sendmail.php" + @${ECHO_CMD} "# http://www.digitalanswers.org/sendmail/" + @${ECHO_CMD} "#" +.if defined(SASLPWD) + -@${ECHO_CMD} ${SASLPWD} | \ + ${LOCALBASE}/sbin/saslpasswd -p -c -u ${REALM} "sendmail" +.else + @${ECHO_CMD} "make SASLPWD=passwort owner-sasldb" +.endif + ${CHOWN} root:wheel ${DESTDIR}${PREFIX}/etc/sasldb.db + ${CHMOD} 0600 ${DESTDIR}${PREFIX}/etc/sasldb.db + +# create certificates for TLS/SSL +# +tls-install: + env DESTDIR=${DESTDIR} FILESDIR=${FILESDIR} \ + sh ${FILESDIR}/tls-install.sh + .include <bsd.port.pre.mk> .if defined(SENDMAIL_WITH_TLS) || defined(WITH_TLS) diff --git a/mail/sendmail812/files/patch-smrsh.c b/mail/sendmail812/files/patch-smrsh.c new file mode 100644 index 0000000..f838f41 --- /dev/null +++ b/mail/sendmail812/files/patch-smrsh.c @@ -0,0 +1,63 @@ +Index: smrsh.c +=================================================================== +RCS file: /cvs/smrsh/smrsh.c,v +retrieving revision 8.58 +diff -u -r8.58 smrsh.c +--- smrsh/smrsh.c 25 May 2002 02:41:31 -0000 8.58 ++++ smrsh/smrsh.c 24 Sep 2002 23:58:16 -0000 +@@ -57,6 +57,8 @@ + #include <sm/limits.h> + #include <sm/string.h> + #include <sys/file.h> ++#include <sys/types.h> ++#include <sys/stat.h> + #include <string.h> + #include <ctype.h> + #include <errno.h> +@@ -145,6 +147,7 @@ + char *newenv[2]; + char pathbuf[1000]; + char specialbuf[32]; ++ struct stat st; + + #ifndef DEBUG + # ifndef LOG_MAIL +@@ -302,6 +305,38 @@ + (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, + "Trying %s\n", cmdbuf); + #endif /* DEBUG */ ++ if (stat(cmdbuf, &st) < 0) ++ { ++ /* can't stat it */ ++ (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, ++ "%s: %s not available for sendmail programs (stat failed)\n", ++ prg, cmd); ++ if (p != NULL) ++ *p = ' '; ++#ifndef DEBUG ++ syslog(LOG_CRIT, "uid %d: attempt to use %s (stat failed)", ++ (int) getuid(), cmd); ++#endif /* ! DEBUG */ ++ exit(EX_UNAVAILABLE); ++ } ++ if (!S_ISREG(st.st_mode) ++#ifdef S_ISLNK ++ && !S_ISLNK(st.st_mode) ++#endif /* S_ISLNK */ ++ ) ++ { ++ /* can't stat it */ ++ (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, ++ "%s: %s not available for sendmail programs (not a file)\n", ++ prg, cmd); ++ if (p != NULL) ++ *p = ' '; ++#ifndef DEBUG ++ syslog(LOG_CRIT, "uid %d: attempt to use %s (not a file)", ++ (int) getuid(), cmd); ++#endif /* ! DEBUG */ ++ exit(EX_UNAVAILABLE); ++ } + if (access(cmdbuf, X_OK) < 0) + { + /* oops.... crack attack possiblity */ diff --git a/mail/sendmail812/files/tls-install.sh b/mail/sendmail812/files/tls-install.sh new file mode 100644 index 0000000..1157bab --- /dev/null +++ b/mail/sendmail812/files/tls-install.sh @@ -0,0 +1,87 @@ +#!/bin/sh +# +CADIR="${CADIR-${DESTDIR}/etc/mail/certs}" +FILSEDIR="${FILESDIR-/usr/ports/mail/sendmail/files}" +REALM=`hostname` + +echo "creating: ${CADIR} on ${REALM}" +for i in certs crl newcerts private +do + if test ! -d "${CADIR}/${i}" + then + mkdir -p "${CADIR}/${i}" + fi +done +chmod 0600 "${CADIR}/private" +cd "${CADIR}" || exit 65 + +if test ! -f openssl.cnf +then + echo "generating: openssl.cnf" + sed -e "s=./demoCA=${CADIR}=" /etc/ssl/openssl.cnf > "openssl.cnf" +fi + +if test ! -f "serial" +then + echo "generating: serial" + echo "01" > "serial" +fi + +if test ! -f "index.txt" +then + echo "generating: index.txt" + cp /dev/null "index.txt" +fi + +if test ! -f "cacert.pem" +then + echo "generating CA" + openssl req -new -x509 -config openssl.cnf \ + -keyout private/cakey.pem \ + -out cacert.pem + chmod 0600 "private/cakey.pem" +fi + +if test ! -f "sendmailcert.pem" +then + if test ! -f "private/sendmailkey.pem" + then + echo "generating server CERT" + umask 0066 + openssl req -nodes -new -x509 -config openssl.cnf \ + -keyout private/sendmailkey.pem \ + -out private/sendmailkey.pem + fi + if test ! -f "newcsr.pem" + then + echo "signing CERT1" + openssl x509 -x509toreq \ + -in private/sendmailkey.pem \ + -signkey private/sendmailkey.pem \ + -out newcsr.pem + fi + if test ! -f "sendmailcert.pem" + then + echo "signing CERT2" + openssl ca -config openssl.cnf -policy policy_anything \ + -out sendmailcert.pem \ + -infiles newcsr.pem + rm -f newcsr.pem + fi +fi + +sed 's/^X//' << 'END-of-files/tls.m4' +X# links: +X# http://www.sendmail.org/~ca/email/starttls.html +X# http://www.ofb.net/~jheiss/sendmail/tlsandrelay.shtml +X# +X# You may need to add this to your sendmail.mc file: +X +Xdefine(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl +Xdefine(`confCACERT_PATH', `CERT_DIR')dnl +Xdefine(`confCACERT', `CERT_DIR/cacert.pem')dnl +Xdefine(`confSERVER_CERT', `CERT_DIR/sendmailcert.pem')dnl +Xdefine(`confSERVER_KEY', `CERT_DIR/private/sendmailkey.pem')dnl +X +END-of-files/tls.m4 +exit diff --git a/mail/sendmail812/pkg-message b/mail/sendmail812/pkg-message index 3628cb1..2018047 100644 --- a/mail/sendmail812/pkg-message +++ b/mail/sendmail812/pkg-message @@ -21,6 +21,12 @@ sendmail_flags="-L sm-msp-queue -Ac -q1m" To update your configuration look at %%PREFIX%%/share/sendmail/cf/README. --------------------------------------------------- +To use the ports versions you may add to your sendmail.mc file: + +define(`confEBINDIR', `/usr/local/libexec')dnl +define(`UUCP_MAILER_PATH', `/usr/local/bin/uux')dnl + +--------------------------------------------------- To activate sendmail as your default mailer, call the target 'mailer.conf': /usr/ports/mail/sendmail$ make mailer.conf |