- new option BLACKLISTD for FreeBSD-11

Submitted by: Kurt Lidl, Masachika ISHIZUKA Differential Revision: https://reviews.freebsd.org/D6595
svn path=/head/; revision=452183
2024-12-16 03:24:07 +00:00 · 2017-10-16 09:18:49 +00:00 · 2017-10-16 09:18:49 +00:00 · 6921ca5f80 · 2021-03-31 03:12:20 +00:00
commit 6921ca5f80
parent 0e8ef7f48c
7 changed files with 149 additions and 4 deletions
--- a/mail/sendmail/Makefile
+++ b/mail/sendmail/Makefile
@ -30,7 +30,8 @@ MAKE_ARGS=	UBINOWN=${UID} UBINGRP=${GID} \
 WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}
 DOCS=		KNOWNBUGS LICENSE PGPKEYS README RELEASE_NOTES \
 		sendmail/TRACEFLAGS sendmail/SECURITY sendmail/TUNING
-PLIST_SUB+=	PREFIX=${PREFIX:S=${PREFIX}/==} MANPREFIX=${MANPREFIX:S=$=/=:S=${PREFIX}==:S=^/==}
+PLIST_SUB+=	PREFIX=${PREFIX:S=${PREFIX}/==} \
+		MANPREFIX=${MANPREFIX:S=$=/=:S=${PREFIX}==:S=^/==}
 PKGMESSAGE=	${WRKSRC}/pkg-message

 WCONF=		${WRKSRC}/devtools/Site
@ -44,8 +45,11 @@ SENDMAIL=	${PREFIX}/sbin/sendmail
 BASEMAIL=	/usr/libexec/sendmail/sendmail
 MILTER_SOVER?=	6

-OPTIONS_DEFINE?=	SHMEM SEM LA NIS IPV6 TLS SASL SASLAUTHD LDAP BDB GDBM SOCKETMAP CYRUSLOOKUP PICKY_HELO_CHECK MILTER DOCS
-OPTIONS_DEFAULT?=	SHMEM SEM LA NIS TLS SASL SASLAUTHD PICKY_HELO_CHECK MILTER BDB1
+OPTIONS_DEFINE?=	SHMEM SEM LA NIS IPV6 TLS SASL SASLAUTHD LDAP BDB \
+			GDBM SOCKETMAP CYRUSLOOKUP BLACKLISTD \
+			PICKY_HELO_CHECK MILTER DOCS
+OPTIONS_DEFAULT?=	SHMEM SEM LA NIS TLS SASL SASLAUTHD BDB1 \
+			PICKY_HELO_CHECK MILTER
 NO_OPTIONS_SORT=yes
 SHMEM_DESC=		System V shared memory support
 LA_DESC=		load averages support
@ -54,6 +58,7 @@ SASLAUTHD_DESC=		SASLAUTHD support
 BDB_DESC=		Berkeley DB version 4+ support
 GDBM_DESC=		GNU dbm library support (option COMPAT needed)
 SOCKETMAP_DESC=		Enable socketmap feature
+BLACKLISTD_DESC=	Enable blacklistd support
 CYRUSLOOKUP_DESC=	Enable cyruslookup feature
 PICKY_HELO_CHECK_DESC=	Enable picky HELO check
 MILTER_DESC=		Enable milter support
@ -120,6 +125,9 @@ SITE+=	${FILESDIR}/site.config.m4.sasl2
 .if ${PORT_OPTIONS:MLDAP}
 SITE+=	${FILESDIR}/site.config.m4.ldap
 .endif
+.if ${PORT_OPTIONS:MBLACKLISTD}
+SITE+=	${FILESDIR}/site.config.m4.blacklistd
+.endif
 .if ${PORT_OPTIONS:MMILTER}
 SITE+=	${FILESDIR}/site.config.m4.milter
 .endif
@ -147,6 +155,12 @@ do-configure:
 	  ${ECHO_MSG} "===> option COMPAT is missing in databases/gdbm."; \
          ${FALSE}; \
          fi)
+.endif
+.if ${PORT_OPTIONS:MBLACKLISTD}
+	@(if [ ! -e "${DESTDIR}/usr/lib/libblacklist.so" ] ; then \
+	  ${ECHO_MSG} "===> libblacklist.so not found. Please update to FreeBSD 11"; \
+          ${FALSE}; \
+          fi)
 .endif
 	${REINPLACE_CMD} ${SED_SCRIPT} ${WRKSRC}/devtools/OS/FreeBSD
 	${SED} -e "s=%%PREFIX%%=${PREFIX}=g" \
@ -192,7 +206,8 @@ do-configure:
 .endif

 post-build:
-	(cd ${WRKSRC}/doc/op && ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} op.txt)
+	(cd ${WRKSRC}/doc/op && \
+	 ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} op.txt)

 pre-install:
 	${MKDIR} ${STAGEDIR}/etc/mail
--- a/mail/sendmail/files/patch-daemon.c
+++ b/mail/sendmail/files/patch-daemon.c
@ -0,0 +1,13 @@
+--- sendmail/daemon.c.orig	2016-06-12 18:25:14.196269000 -0400
+++ sendmail/daemon.c	2016-06-12 18:31:47.159880000 -0400
+@@ -754,6 +754,10 @@
+ 						anynet_ntoa(&RealHostAddr));
+ 			}
+ 
+#ifdef USE_BLACKLIST
+			blacklist_init();
+#endif
+
+ 			if (pipefd[0] != -1)
+ 			{
+ 				auto char c;
--- a/mail/sendmail/files/patch-main.c
+++ b/mail/sendmail/files/patch-main.c
@ -0,0 +1,26 @@
+--- sendmail/main.c.orig	2016-06-12 18:24:56.170900000 -0400
+++ sendmail/main.c	2016-06-12 18:30:07.426701000 -0400
+@@ -4642,3 +4642,23 @@
+ 	sm_etype_printf,
+ 	"quick abort %0",
+ };
+
+#ifdef USE_BLACKLIST
+static struct blacklist *blstate;
+
+void
+blacklist_init(void)
+{
+	blstate = blacklist_open();
+}
+
+void
+blacklist_notify(int a, int fd, char *msg)
+{
+	if (blstate == NULL)
+		blacklist_init();
+	if (blstate == NULL)
+		return;
+	(void)blacklist_r(blstate, a, fd, msg);
+}
+#endif
--- a/mail/sendmail/files/patch-sendmail.h
+++ b/mail/sendmail/files/patch-sendmail.h
@ -0,0 +1,16 @@
+--- sendmail/sendmail.h.orig	2016-06-12 18:23:05.239106000 -0400
+++ sendmail/sendmail.h	2016-06-12 18:42:38.972341000 -0400
+@@ -2647,6 +2647,13 @@
+ extern char	*milter_unknown __P((char *, ENVELOPE *, char *));
+ #endif /* MILTER */
+ 
+#if USE_BLACKLIST
+/* blacklistd functions */
+void blacklist_init(void);
+void blacklist_notify(int, int, char *);
+#include <blacklist.h>
+#endif
+
+ extern char	*addquotes __P((char *, SM_RPOOL_T *));
+ extern char	*arpadate __P((char *));
+ extern bool	atobool __P((char *));
--- a/mail/sendmail/files/patch-srvrsmtp.c
+++ b/mail/sendmail/files/patch-srvrsmtp.c
@ -0,0 +1,44 @@
+--- sendmail/srvrsmtp.c.orig	2015-03-18 07:47:12.000000000 -0400
+++ sendmail/srvrsmtp.c	2016-06-12 18:36:01.372172000 -0400
+@@ -832,6 +832,9 @@
+ 	int n_badrcpts_adj;
+ #endif /* _FFR_BADRCPT_SHUTDOWN */
+ 
+#ifdef USE_BLACKLIST
+	int fd;
+#endif
+ 	SevenBitInput_Saved = SevenBitInput;
+ 	smtp.sm_nrcpts = 0;
+ #if MILTER
+@@ -1328,6 +1331,9 @@
+ 					  (int) tp.tv_sec +
+ 						(tp.tv_usec >= 500000 ? 1 : 0)
+ 					 );
+#ifdef USE_BLACKLIST
+				blacklist_notify(1, fd, "pre-greeting traffic");
+#endif
+ 			}
+ 		}
+ 	}
+@@ -1723,6 +1729,10 @@
+ 			{
+ 				/* not SASL_OK or SASL_CONT */
+ 				message("535 5.7.0 authentication failed");
+#ifdef USE_BLACKLIST
+				fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
+				blacklist_notify(1, fd, "AUTH FAIL");
+#endif
+ 				if (LogLevel > 9)
+ 					sm_syslog(LOG_WARNING, e->e_id,
+ 						  "AUTH failure (%s): %s (%d) %s, relay=%.100s",
+@@ -3524,6 +3534,10 @@
+ 			if (++n_badcmds > MAXBADCOMMANDS)
+ 			{
+   stopattack:
+#ifdef USE_BLACKLIST
+				fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
+				blacklist_notify(1, fd, "too many bad commands");
+#endif
+ 				message("421 4.7.0 %s Too many bad commands; closing connection",
+ 					MyHostName);
+ 
--- a/mail/sendmail/files/patch-usersmtp.c
+++ b/mail/sendmail/files/patch-usersmtp.c
@ -0,0 +1,29 @@
+--- sendmail/usersmtp.c.orig	2014-12-05 10:42:28.000000000 -0500
+++ sendmail/usersmtp.c	2016-06-12 18:35:25.940865000 -0400
+@@ -1825,6 +1825,10 @@
+ 
+ 		if (saslresult != SASL_OK && saslresult != SASL_CONTINUE)
+ 		{
+#ifdef USE_BLACKLIST
+			int fd = sm_io_getinfo(mci->mci_in, SM_IO_WHAT_FD, NULL);
+			blacklist_notify(1, fd, "AUTH FAIL");
+#endif
+ 			if (tTd(95, 5))
+ 				sm_dprintf("AUTH FAIL=%s (%d)\n",
+ 					sasl_errstring(saslresult, NULL, NULL),
+@@ -1970,9 +1974,13 @@
+ 	do
+ 	{
+ 		result = attemptauth(m, mci, e, &(mci->mci_sai));
+-		if (result == EX_OK)
+		if (result == EX_OK) {
+#ifdef USE_BLACKLIST
+			int fd = sm_io_getinfo(mci->mci_in, SM_IO_WHAT_FD, NULL);
+			blacklist_notify(0, fd, "AUTH OK");
+#endif
+ 			mci->mci_sasl_auth = true;
+-		else if (result == EX_TEMPFAIL || result == EX_NOPERM)
+		} else if (result == EX_TEMPFAIL || result == EX_NOPERM)
+ 		{
+ 			mci->mci_saslcap = removemech((mci->mci_sai)[SASL_MECH],
+ 						      mci->mci_saslcap,
--- a/mail/sendmail/files/site.config.m4.blacklistd
+++ b/mail/sendmail/files/site.config.m4.blacklistd
@ -0,0 +1,2 @@
+APPENDDEF(`conf_sendmail_ENVDEF', `-DUSE_BLACKLIST')
+APPENDDEF(`conf_sendmail_LIBS', `-lblacklist')