Obtuse smtpd/smtpfwdd, part of the Juniper firewall toolkit

Submitted by:	Joao Carlos Mendes Luis <jonny@coppe.ufrj.br>

mail/smtpd/Makefile

@@ -0,0 +1,70 @@
+# Ports collection makefile for:  smtpd
+# Version required:		2.0
+# Date created:			06 Feb 1998
+# Whom:				Joao Carlos Mendes Luis <jonny@coppe.ufrj.br>
+#
+# $Id$
+#
+
+DISTNAME=      smtpd-2.0
+CATEGORIES=    mail security
+MASTER_SITES=  ftp://ftp.obtuse.com/pub/smtpd/
+
+PATCH_SITES=   ${MASTER_SITES}
+PATCHFILES=    patch-smtpd-2.0-RBL.gz
+
+MAINTAINER=    jonny@coppe.ufrj.br
+
+#  Directory where smtpd will chroot to, and put the received mail
+#  If you change it here, change also patches/patch-aa
+SPOOLBASE=	/var/smtpd
+
+post-patch:
+	@mv ${WRKSRC}/Makefile ${WRKSRC}/Makefile.tmp
+	@sed s+!!SPOOLBASE!!+${SPOOLBASE}+g < ${WRKSRC}/Makefile.tmp \
+	                                    > ${WRKSRC}/Makefile
+
+post-install:
+	@${MKDIR} ${PREFIX}/share/doc/smtpd
+	@${INSTALL_MAN} ${WRKSRC}/README ${PREFIX}/share/doc/smtpd
+
+	@${ECHO} "Creating spool directories..."
+	@${MKDIR} ${SPOOLBASE}
+	@chown root.uucp ${SPOOLBASE}
+	@chmod 0710 ${SPOOLBASE}
+
+	@${MKDIR} ${SPOOLBASE}/mqueue
+	@chown uucp.uucp ${SPOOLBASE}/mqueue
+	@chmod 0700 ${SPOOLBASE}/mqueue
+
+	@${MKDIR} ${SPOOLBASE}/etc
+	@chown root.uucp ${SPOOLBASE}/etc
+	@chmod 0710 ${SPOOLBASE}/etc
+.if !defined(BATCH)
+	@${CP} -p /etc/resolv.conf ${SPOOLBASE}/etc
+	@${CP} -p /etc/localtime ${SPOOLBASE}/etc
+.endif
+
+	@${ECHO} "Copying examples..."
+	@${INSTALL} ${COPY} -g uucp -o root -m 0640		\
+		${WRKSRC}/antirelay_check_rules_example	\
+		${SPOOLBASE}/etc/antirelay_check_rules.example
+	@${INSTALL} ${COPY} -g uucp -o root -m 0640		\
+		${WRKSRC}/antispam_check_rules.example	\
+		${SPOOLBASE}/etc
+	@${INSTALL} ${COPY} -g uucp -o root -m 0640		\
+		${WRKSRC}/smtpd_check_rules.example	\
+		${SPOOLBASE}/etc
+
+	@${ECHO} "Creating startup file..."
+	@sed s+!!PREFIX!!+${PREFIX}+		\
+		< ${FILESDIR}/smtpd.sh		\
+		> ${PREFIX}/etc/rc.d/smtpd.sh
+	@chmod 0700 ${PREFIX}/etc/rc.d/smtpd.sh
+	@chown 0.0 ${PREFIX}/etc/rc.d/smtpd.sh
+
+	@${ECHO} "Done!"
+
+	@${CAT} ${PKGDIR}/MESSAGE
+
+.include <bsd.port.mk>

mail/smtpd/distinfo

@@ -0,0 +1,2 @@
+MD5 (smtpd-2.0.tar.gz) = c1b4e15db9bd7f6fd2ef846fd2e22d4b
+MD5 (patch-smtpd-2.0-RBL.gz) = 5c54365520f439db27d5ed428139429c

mail/smtpd/files/patch-aa

@@ -0,0 +1,86 @@
+--- Makefile.orig	Sun Oct 12 23:40:34 1997
++++ Makefile	Fri Feb  6 22:21:46 1998
+@@ -1,7 +1,7 @@
+ ##########################################################
+ ## Where do I get installed? #############################
+ ##########################################################
+-INSTALL_PREFIX = /usr/local/
++INSTALL_PREFIX = ${PREFIX}/
+ INSTALL_BIN = sbin/
+ INSTALL_MAN = man/
+ 
+@@ -41,9 +41,9 @@
+ # in SMTP_USER above.
+ #
+ # The chroot directory
+-SPOOLDIR = /usr/spool/smtpd
++SPOOLDIR = !!SPOOLBASE!!
+ # Where to store messages, relative to SPOOLDIR above.
+-SPOOLSUBDIR = .
++SPOOLSUBDIR = mqueue
+ #Use below instead of above if you don't want smtpd to chroot. This
+ #isn't normally a good idea if security is your main goal. A nice
+ #chroot jail may be a pain to build but should give you enough of a
+@@ -143,8 +143,8 @@
+ # indicating a DNS spoof of misconfiguration.
+ # If PARANOID_DNS is 0, smtpd will replace any evil characters it sees
+ # continue.
+-# PARANOID_DNS = 1
+-PARANOID_DNS = 0
++PARANOID_DNS = 1
++# PARANOID_DNS = 0
+ 
+ # The check above will clobber stuff in the headers from some
+ # non north-american localizations.
+@@ -181,8 +181,8 @@
+ # seem to have a bug in which they simply try the EHLO again. Sigh. 
+ # setting EHLO_KLUDGE to 1 will make smtpd accept a second EHLO as a helo, 
+ # thereby kludging around this bug in Communicator. 
+-#EHLO_KLUDGE=1  
+-EHLO_KLUDGE=0  
++EHLO_KLUDGE=1  
++#EHLO_KLUDGE=0  
+ 
+ 
+ # smtpd can check FROM and RCPT addresses, along with the connecting
+@@ -206,8 +206,8 @@
+ # build with CHECK_ADDRESS set to 1. You will get an error about
+ # juniper_firewall.h not existing if you forget this.
+ #
+-JUNIPER_SUPPORT=1
+-#JUNIPER_SUPPORT=0
++#JUNIPER_SUPPORT=1
++JUNIPER_SUPPORT=0
+ 
+ # Use regexp's in patterns?  If you have a POSIX <regex.h> and friends, 
+ # and you trust the regex lib enough for use, you can set USE_REGEX to 
+@@ -245,7 +245,7 @@
+ #
+ #NS_MATCH=0
+ NS_MATCH=1
+-LD_LIBS=-lresolv  # you may or may not need this.
++#LD_LIBS=-lresolv  # you may or may not need this.
+ 
+ # The rules file for address checking, if enabled, remember this file
+ # will be in the chroot jail, so the line below probably means
+@@ -325,7 +325,8 @@
+ ####################################################
+ 
+ # The Source is with you (*BSD 4.4, Linux)
+-CFLAGS = -g -O -Wall -DUSE_FLOCK -DUSE_MKSTEMP $(OPTIONS)
++#CFLAGS = -g -O -Wall -DUSE_FLOCK -DUSE_MKSTEMP $(OPTIONS)
++CFLAGS += -Wall -DUSE_FLOCK -DUSE_MKSTEMP $(OPTIONS)
+ 
+ 
+ #SunOS 5.X
+@@ -362,8 +363,8 @@
+ 	indent $(INDENT_ARGS) address_check.c
+ 
+ install:	smtpd smtpfwdd
+-	install -m 500 smtpd $(INSTALL_PREFIX)$(INSTALL_BIN)smtpd
+-	install -m 500 smtpfwdd $(INSTALL_PREFIX)$(INSTALL_BIN)smtpfwdd
++	install -cs -g 0 -o 0 -m 500 smtpd $(INSTALL_PREFIX)$(INSTALL_BIN)smtpd
++	install -cs -g 0 -o 0 -m 500 smtpfwdd $(INSTALL_PREFIX)$(INSTALL_BIN)smtpfwdd
+ 
+ clean:
+ 	/bin/rm -f  *.o 

mail/smtpd/files/smtpd.sh

@@ -0,0 +1,11 @@
+#! /bin/sh
+
+if [ $# -eq 0 -o "$1" = "start" ]; then
+  if [ -x !!PREFIX!!/sbin/smtpfwdd ] ; then
+    !!PREFIX!!/sbin/smtpfwdd
+    echo " smtpfwdd"
+  fi
+fi
+if [ "$1" = "stop" ]; then
+  killall smtpfwdd
+fi

mail/smtpd/pkg-comment

@@ -0,0 +1 @@
+Obtuse smtpd/smtpfwdd, part of the Juniper firewall toolkit

mail/smtpd/pkg-descr

@@ -0,0 +1,20 @@
+The smtpd daemon talks the Simple Mail Transfer Protocol (SMTP) with other
+SMTP daemons to receive mail from them, and saves it into a spool directory
+for later processing.  It is the store portion of an SMTP store and forward
+proxy.  The symbiotic companion program smtpfwdd is used to forward the
+spooled mail on to its eventual destination. 
+
+smtpd is invoked from a super-server such as inetd or juniperd. 
+
+There is a patch available to do MAPS RBL style lookups at
+ftp://ftp.obtuse.com/pub/smtpd/patch-smtpd-2.0-RBL.gz. 
+
+Documentation is avaialble online with the juniper documentation.
+See the docs for smtpd as a starting point, at
+http://www.obtuse.com/juniper-docs/man/smtpd.html
+
+Access control rules based on the connecting host, and the smtp envelope are
+supported.  It contains some powerful features for stopping inbound or
+outbound SPAM. 
+
+Source: http://www.obtuse.com/smtpd.html

mail/smtpd/pkg-message

@@ -0,0 +1,33 @@
+
+You must follow the next steps, as root, in order to finish the installation:
+
+1) Make sure uucp is a trusted user to sendmail.
+   To do this, check if your sendmail.cf has a line with "Tuucp"
+
+2) Disable sendmail from answering smtp requests, but make sure it
+   handles queue delivering.  You have two choices:
+
+   a) Start sendmail without the "-bd" flag, but with the "-q30m" one.
+   b) Do not start sendmail as a daemon, and add an entry in /etc/crontab
+      to run sendmail -q when needed.  For example, add the following line
+      to your /etc/crontab:
+*/30	*	*	*	*	root	/usr/sbin/sendmail -q
+
+   In any case, you'll most likely have to edit /etc/rc.conf to change
+   sendmail configuration.
+
+3) Add smtpd to your inetd.conf:
+	smtp stream tcp nowait root /usr/local/sbin/smtpd smtpd
+
+4) smtpd runs in a chrooted environment, so you must feed this environment
+   with any configuration file it needs.  Make a copy of /etc/resolv.conf
+   and /etc/localtime to /var/smtpd/etc.  If you ever change any of these
+   files, remember to change the copies also.  Do not make a symbolic
+   link, as it will not work in the chrooted environment.
+
+5) Create your own /var/smtpd/etc/smtpd_check_rules.  There are some
+   examples in that directory.  If have any problem, take a look at
+   http://www.obtuse.com/juniper-docs/man/smtpd_address_check.html.
+
+6) Reboot !   (Or restart all those daemons manually, if you know how :^) )
+

mail/smtpd/pkg-plist

@@ -0,0 +1,20 @@
+sbin/smtpd
+sbin/smtpfwdd
+etc/rc.d/smtpd.sh
+share/doc/smtpd/README
+@exec mkdir /var/smtpd
+@exec chown root.uucp /var/smtpd
+@exec chmod 0710 /var/smtpd
+@cwd /var/smtpd
+@exec mkdir mqueue
+@exec chown uucp.uucp mqueue
+@exec chmod 0700 mqueue
+@exec mkdir etc
+@exec chown root.uucp etc
+@exec chmod 0710 etc
+@exec cp -p /etc/resolv.conf etc
+@exec cp -p /etc/localtime etc
+etc/antirelay_check_rules.example
+etc/antispam_check_rules.example
+etc/smtpd_check_rules.example
+@unexec echo "You may want to remove /var/smtpd manually"