New port: mail/spamd - Trapit in cooperation with security/pf

A Trapit is a fake SMTP server that tries to waste as much resources
	of a spam-relay as possible - without delivering any mail.

	Implemented for pf, but might work with other ip filters as well.
	mail/relaydb is a fine tool to utilize spamd.

PR:		ports/57365
Submitted by:	Max Laier <max@love2party.net>

mail/Makefile

@@ -319,6 +319,7 @@
     SUBDIR += sortmail
     SUBDIR += spamass-milter
     SUBDIR += spambnc
+    SUBDIR += spamd
     SUBDIR += spamoracle
     SUBDIR += spamprobe
     SUBDIR += spamstats

mail/spamd/Makefile

@@ -0,0 +1,61 @@
+# New ports collection makefile for:	spamd
+# Date created:		23 June 2003
+# Whom:			Max Laier <max@love2party.net>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	spamd
+PORTVERSION=	3.4
+CATEGORIES=	mail
+MASTER_SITES=	http://pf4freebsd.love2party.net/
+DISTNAME=	${PORTNAME}_${PORTVERSION}
+
+MAINTAINER=	max@love2party.net
+COMMENT=	Traps spammers with a very slow smtp-login and return 4xx error
+
+RUN_DEPENDS=	${LOCALBASE}/sbin/pfctl:${PORTSDIR}/security/pf
+
+.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
+IS_INTERACTIVE= yes
+.endif
+
+MAN5=		spamd.conf.5
+MAN8=		spamd.8 spamd-setup.8
+
+MANCOMPRESSED=	maybe
+
+MAKE_ARGS=      MANDIR="${PREFIX}/man/man"
+
+SAMPLE_SPAMD_CONF=	${PREFIX}/etc/spamd.conf.sample
+SAMPLE_SPAMD_RC=	${PREFIX}/etc/rc.d/spamd.sh
+
+.include <bsd.port.pre.mk>
+
+.if ${OSVERSION} < 500000
+IGNORE=		"Only for 5.0 and above"
+.endif
+
+post-patch:
+	${SED} -e 's!%%LOCALBASE%%!${LOCALBASE}!'	\
+		${PATCHDIR}/local-patch.sed | ${PATCH} 	\
+		${WRKSRC}/spamd-setup/spamd-setup.c
+
+pre-su-install:
+.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
+	@${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
+.endif
+
+post-install:
+	@if [ ! -f ${SAMPLE_SPAMD_RC} ]; then			\
+		${ECHO_MSG} "Installing ${SAMPLE_SPAMD_RC} startup file."; \
+		${INSTALL_SCRIPT} ${FILESDIR}/spamd.sh.sample	\
+		${SAMPLE_SPAMD_RC};				\
+	fi
+	@if [ ! -f ${SAMPLE_SPAMD_CONF} ]; then			\
+		${ECHO_MSG} "Installing ${SAMPLE_SPAMD_CONF} file."; \
+		${INSTALL_DATA} ${WRKSRC}/spamd/spamd.conf	\
+		${SAMPLE_SPAMD_CONF};				\
+	fi
+
+.include <bsd.port.post.mk>

mail/spamd/distinfo

@@ -0,0 +1 @@
+MD5 (spamd_3.4.tar.gz) = 628d0e0672b7bebb7bf6c562958480a6

mail/spamd/files/local-patch.sed

@@ -0,0 +1,13 @@
+--- spamd-setup/spamd-setup.c.orig	Mon Sep 29 14:15:19 2003
++++ spamd-setup/spamd-setup.c	Mon Sep 29 14:16:37 2003
+@@ -47,8 +47,8 @@
+ #endif
+ 
+ #define PATH_FTP		"/usr/bin/ftp"
+-#define PATH_PFCTL		"/sbin/pfctl"
+-#define PATH_SPAMD_CONF		"/etc/spamd.conf"
++#define PATH_PFCTL		"%%LOCALBASE%%/sbin/pfctl"
++#define PATH_SPAMD_CONF		"%%LOCALBASE%%/etc/spamd.conf"
+ #define SPAMD_ARG_MAX		256 /* max # of args to an exec */
+ 
+ struct cidr {

mail/spamd/files/spamd.sh.sample

@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# $FreeBSD: /tmp/pcvs/ports/mail/spamd/files/Attic/spamd.sh.sample,v 1.1 2003-09-29 23:01:21 edwin Exp $
+
+if ! PREFIX=$(expr $0 : "\(/.*\)/etc/rc\.d/$(basename $0)\$"); then
+    echo "$0: Cannot determine the PREFIX" >&2
+    echo "Please use the complete pathname." >&2
+    exit 1
+fi
+
+if [ -z "${source_rc_confs_defined}" ]; then
+	if [ -r /etc/defaults/rc.conf ]; then
+		. /etc/defaults/rc.conf
+		source_rc_confs
+	elif [ -r /etc/rc.conf ]; then
+		. /etc/rc.conf
+	fi
+fi
+
+case "$1" in
+start)
+	case "${spamd_enable}" in
+	    [Yy][Ee][Ss])
+	    echo -n ' spamd'
+	    ${PREFIX}/libexec/spamd ${spamd_flags}
+	    if [ -x ${PREFIX}/sbin/spamd-setup ]; then
+		${PREFIX}/sbin/spamd-setup
+	    fi
+	    ;;
+	esac
+	;;
+stop)
+	killall spamd
+	;;
+*)
+	echo "Usage: `basename $0` {start|stop}" >&2
+	;;
+esac
+
+exit 0

mail/spamd/pkg-descr

@@ -0,0 +1,17 @@
+Tarpits like spamd are fake SMTP servers, which accept connections but don't
+deliver mail. Instead, they keep the connections open and reply very slowly.
+If the peer is patient enough to actually complete the SMTP dialogue (which
+will take ten minutes or more), the tarpit returns a 'temporary error' code
+(4xx), which indicates that the mail could not be delivered successfully and
+that the sender should keep the mail in his queue and retry again later. If
+he does, the same procedure repeats. Until, after several attempts, wasting
+both his queue space and socket handles for several days, he gives up. The
+resources I have to waste to do this are minimal.
+
+If the sender is badly configured, an uncooperative recipient might actually
+delay his entire queue handling for several minutes each time he connects to
+the tarpit. And many spammers use badly configured open relays
+
+WWW: http://www.benzedrine.cx/relaydb.html
+
+-Max <max@love2party.net>

mail/spamd/pkg-install

@@ -0,0 +1,84 @@
+#!/bin/sh
+# an installation script for spamd copied from pf_freebsd
+
+ask() {
+    local question default answer
+
+    question=$1
+    default=$2
+    if [ -z "${PACKAGE_BUILDING}" ]; then
+	read -p "${question} (y/n) [${default}]? " answer
+    fi
+    if [ x${answer} = x ]; then
+	answer=${default}
+    fi
+    echo ${answer}
+}
+
+yesno() {
+    local dflt question answer
+
+    question=$1
+    dflt=$2
+    while :; do
+	answer=$(ask "${question}" "${dflt}")
+	case "${answer}" in
+	[Yy]*)		return 0;;
+	[Nn]*)		return 1;;
+	esac
+	echo "Please answer yes or no."
+    done
+}
+
+check_service() {
+    local name number type comment
+    
+    name=$1
+    number=$2
+    type=$3
+    comment=$4
+    
+    FILE="/etc/services"
+    # check
+    OK=no
+    HAS_SERVICE=no
+    COUNT=1
+    for i in `grep $name $FILE `; do
+	if [ $COUNT = 1 ] && [ X"$i" = X"$name" ]; then
+	    HAS_SERVICE=yes
+	elif [ $COUNT = 2 ] && [ $HAS_SERVICE = yes ] && \
+		[ X"$i" = X"$number/$type" ]; then
+	    OK=yes
+	    break
+	fi
+	COUNT=`expr ${COUNT} + 1`
+    done
+    # add an entry for SERVICE to /etc/services
+    if [ $OK = no ]; then
+	echo "This system has no entry for $name in ${FILE}"
+	if yesno "Would you like to add it automatically?" y; then
+	    mv ${FILE} ${FILE}.bak
+	    (grep -v $name ${FILE}.bak ; \
+		echo "$name	$number/$type	# $comment") \
+		>> ${FILE}
+	    rm ${FILE}.bak
+	else
+	    echo "Please add '$name $number/$type' into ${FILE}, and try again."
+	    return 1
+	fi
+    fi
+    return 0
+}
+
+case $2 in
+PRE-INSTALL)
+
+    if ! check_service spamd 8025 tcp "# spamd(8)"; then
+	exit 1
+    fi
+    if ! check_service spamd-cfg 8026 tcp "# spamd(8) configuration"; then
+	exit 1
+    fi
+    ;;
+
+esac

mail/spamd/pkg-plist

@@ -0,0 +1,4 @@
+libexec/spamd
+sbin/spamd-setup
+etc/rc.d/spamd.sh
+etc/spamd.conf.sample