diff options
author | Laurent Bercot <ska-adelie@skarnet.org> | 2023-01-15 19:39:25 +0000 |
---|---|---|
committer | Laurent Bercot <ska-adelie@skarnet.org> | 2023-01-15 22:47:38 +0000 |
commit | c7463dd3f6857af03af871bea754535feb0af3e6 (patch) | |
tree | 298f6b2e9cd1627f959370cf06c73ef8bfc5f90c | |
parent | 8bc45c494da91875604612d85e5bb596892b096c (diff) | |
download | packages-c7463dd3f6857af03af871bea754535feb0af3e6.tar.gz packages-c7463dd3f6857af03af871bea754535feb0af3e6.tar.bz2 packages-c7463dd3f6857af03af871bea754535feb0af3e6.tar.xz packages-c7463dd3f6857af03af871bea754535feb0af3e6.zip |
user/netqmail: support STARTTLS, manage conflict with ssmtp
-rw-r--r-- | user/netqmail/APKBUILD | 73 | ||||
-rw-r--r-- | user/netqmail/netqmail.confd | 21 | ||||
-rw-r--r-- | user/netqmail/netqmail.initd | 64 | ||||
-rw-r--r-- | user/netqmail/smtpd-notls.run | 9 | ||||
-rw-r--r-- | user/netqmail/smtpd.run | 7 | ||||
-rw-r--r-- | user/netqmail/smtpsd.run | 8 |
6 files changed, 80 insertions, 102 deletions
diff --git a/user/netqmail/APKBUILD b/user/netqmail/APKBUILD index 9be7d7c68..a450db304 100644 --- a/user/netqmail/APKBUILD +++ b/user/netqmail/APKBUILD @@ -2,17 +2,17 @@ # Maintainer: Laurent Bercot <ska-adelie@skarnet.org> pkgname=netqmail pkgver=1.06 -pkgrel=7 +pkgrel=8 pkgdesc="The qmail mail transfer agent (community version)" url="http://www.netqmail.org/" arch="all" license="Public-Domain" options="suid !check" # suid programs (qmail-queue); no test suite -depends="execline s6 s6-networking" +depends="execline s6 s6-networking smtpd-starttls-proxy ca-certificates !ssmtp" makedepends="groff utmps-dev" subpackages="$pkgname-doc $pkgname-openrc" provider_priority=1 -provides="sendmail" +provides=/usr/sbin/sendmail install="$pkgname.post-install $pkgname.pre-deinstall" source="http://www.netqmail.org/$pkgname-$pkgver.tar.gz 0001-DESTDIR.patch @@ -22,7 +22,7 @@ source="http://www.netqmail.org/$pkgname-$pkgver.tar.gz 0005-CVE-2005-1513.patch qmail.run smtpd.run - smtpsd.run + smtpd-notls.run $pkgname.confd $pkgname.initd" @@ -30,13 +30,13 @@ makeservicedir() { mkdir -p -m 0755 "$1"/log "$1"/env { - echo '#!/bin/execlineb -P' - echo - echo 's6-setuidgid qmaill' - echo 's6-envdir ../env' - echo 'importas -u IP IP' - echo 'exec -c' - echo "s6-log t $4" + echo '#!/bin/execlineb -P' + echo + echo 's6-setuidgid qmaill' + echo 's6-envdir ../env' + echo 'importas -u IP IP' + echo 'exec -c' + echo "s6-log t $4" } > "$1"/log/run echo "$2" > "$1"/notification-fd cp -f "$3" "$1"/run @@ -47,21 +47,26 @@ makeservicedir() mkfifo -m 0600 "$1"/supervise/control dd if=/dev/zero of="$1"/supervise/status bs=35 count=1 if test $5 -eq 0 ; then - echo /var/qmail/bin:/usr/bin:/usr/sbin:/bin:/sbin > "$1"/env/PATH - echo "$2" > "$1"/env/QMAIL_NOTIFY_FD + echo /var/qmail/bin:/usr/bin:/usr/sbin:/bin:/sbin > "$1"/env/PATH + echo "$2" > "$1"/env/QMAIL_NOTIFY_FD else - echo 110 > "$1"/env/UID - echo 200 > "$1"/env/GID - echo > "$1"/env/GIDLIST - if test $5 -eq 6 ; then - mkdir -p -m 0755 "$1"/data/rules/ip6/::_0 - touch "$1"/data/rules/ip6/::_0/allow - sed -i -e 's/s6-tcpserver /s6-tcpserver6 /' "$1"/run - elif test $5 -eq 4 ; then - mkdir -p -m 0755 "$1"/data/rules/ip4/0.0.0.0_0 - touch "$1"/data/rules/ip4/0.0.0.0_0/allow - sed -i -e 's/s6-tcpserver /s6-tcpserver4 /' "$1"/run - fi + echo 110 > "$1"/env/UID + echo 200 > "$1"/env/GID + echo > "$1"/env/GIDLIST + if "$6" ; then + echo 116 > "$1"/env/TLS_UID + echo 200 > "$1"/env/TLS_GID + echo /etc/ssl/certs > "$1"/env/CADIR + fi + if test $5 -eq 6 ; then + mkdir -p -m 0755 "$1"/data/rules/ip6/::_0 + touch "$1"/data/rules/ip6/::_0/allow + sed -i -e 's/s6-tcpserver /s6-tcpserver6 /' "$1"/run + elif test $5 -eq 4 ; then + mkdir -p -m 0755 "$1"/data/rules/ip4/0.0.0.0_0 + touch "$1"/data/rules/ip4/0.0.0.0_0/allow + sed -i -e 's/s6-tcpserver /s6-tcpserver4 /' "$1"/run + fi fi chmod 0755 "$1"/run "$1"/log/run } @@ -95,11 +100,11 @@ package() { mv -f "$pkgdir"/var/qmail/doc "$pkgdir/usr/share/doc/$pkgname-$pkgver" echo 255 > "$pkgdir"/var/qmail/control/concurrencylocal echo 255 > "$pkgdir"/var/qmail/control/concurrencyremote - makeservicedir "$pkgdir"/var/qmail/services/qmail 7 "$srcdir"/qmail.run 'n20 s1000000 /var/log/qmail' 0 - makeservicedir "$pkgdir"/etc/qmail/services/smtpd4-skeleton 3 "$srcdir"/smtpd.run '/var/log/smtpd-$IP' 4 - makeservicedir "$pkgdir"/etc/qmail/services/smtpd6-skeleton 3 "$srcdir"/smtpd.run '/var/log/smtpd-$IP' 6 - makeservicedir "$pkgdir"/etc/qmail/services/smtpsd4-skeleton 3 "$srcdir"/smtpsd.run '/var/log/smtpsd-$IP' 4 - makeservicedir "$pkgdir"/etc/qmail/services/smtpsd6-skeleton 3 "$srcdir"/smtpsd.run '/var/log/smtpsd-$IP' 6 + makeservicedir "$pkgdir"/var/qmail/services/qmail 7 "$srcdir"/qmail.run 'n20 s1000000 /var/log/qmail' 0 false + makeservicedir "$pkgdir"/etc/qmail/services/smtpd4-skeleton 3 "$srcdir"/smtpd.run '/var/log/smtpd-$IP' 4 true + makeservicedir "$pkgdir"/etc/qmail/services/smtpd6-skeleton 3 "$srcdir"/smtpd.run '/var/log/smtpd-$IP' 6 true + makeservicedir "$pkgdir"/etc/qmail/services/smtpd4-skeleton-notls 3 "$srcdir"/smtpd-notls.run '/var/log/smtpd-$IP' 4 false + makeservicedir "$pkgdir"/etc/qmail/services/smtpd6-skeleton-notls 3 "$srcdir"/smtpd-notls.run '/var/log/smtpd-$IP' 6 false } sha512sums="de40a6d8fac502bd785010434d99b99f2c0524e10aea3d0f2a0d35c70fce91e991eb1fb8f20a1276eb56d7e73130ea5e2c178f6075d138af47b28d9ca6e6046b netqmail-1.06.tar.gz @@ -109,7 +114,7 @@ cbebdc72c7cc5c437531c9277534ae552c6d044a83b36e3f3ce60ab5563c55eb814d6c543cc0997a b32a8a36c8ab8872abd4f1a117482f064a6d631a6bb2ba75cafe61743bef09f923d26935d9514eec33a7dec5aeb3d0b517d677e55924859d2db5233bc11f9f11 0004-notifyfd.patch ac8406c1d16ce2e55e47bc83ca6e095833a54de73cecee222cad3fcececa518386b95a11cb0c9c2dcc6851bae28aa539b11069305aa887a291177bf177ee7b01 0005-CVE-2005-1513.patch 954a905bac5e3bc49f180dc0de7f6ee4c4ae8f94dd400ee4b06d3c944f1ff1cfc44bddccb07ae439f2523ad06fcb89023e57d091737da88f836013757794e931 qmail.run -c0cd244af4d8186305c51b0e93960bdb1ea6ce40f1adf20c4f72419aa7498e35649590919ebd16547a0313676bf9171c9efea2ff8ac3a5c773b18473a972a977 smtpd.run -719c4ce5ad93cddeafbb734cffeec3fd959d3f374e44e1f34e9a25d638303dd97df41642d3df5c7a069a8db47d1e31c32a16ecd2d04b72860c4e00bbba0c9fcf smtpsd.run -80ee7e8b3c1ca7cdb00044e6fdd5b9c6a39fd9c882b470f4968c79b974c95e48946a1a3a8b79d9d0ed134ecf09b1185823bf6d022f8b17168e34c18f44ddd16f netqmail.confd -7600285e70511447b11161a2fc1ca11debc5adcde1d76583d4c715e9710cab876f8be158fd8e034d480588d3d4978c42a9254c29f2db70913105ab009cab6479 netqmail.initd" +37d99446cc21e4fe12c6bb78aaff64b93d59935257d660ff31be4a3ebb122a86f3db9afb6f6abc3934fca864eb108469669e4b32b8a4b21ec055d67175f69496 smtpd.run +9762eb50173f81ecb9b01a958457a60ef4814b4c474afe9976187b84818b69f627583a130e61fed8bfbf9e4859819bae983ebe8f27300d9ae6090a9a6d3b3881 smtpd-notls.run +57c30023fa479b88923712c5688469d61f70af3fc7c0d48eb445696f3b8a67e9279814932539e6958660d4ddecdce3dc804fbbde9613dab74001de25f9ef9bad netqmail.confd +f634f6118ea7ed1966b59ca7bdb21ca83e30084bebbc362a4de1d58c44cf14560732029e28ae9bea617005729b06d9677f35c2c96ea075f5972d23b4cb021e7f netqmail.initd" diff --git a/user/netqmail/netqmail.confd b/user/netqmail/netqmail.confd index b3f331fdb..bd0b333a7 100644 --- a/user/netqmail/netqmail.confd +++ b/user/netqmail/netqmail.confd @@ -18,24 +18,17 @@ # :: means all v6 addresses. Remove it if you want to # list v6 addresses explicitly. -SMTPD_IPS="0.0.0.0 ::" +IPS="0.0.0.0 ::" # TLS configuration. -# If you want to have SMTP-over-TLS daemons, the -# SMTPSD_KEYFILE should point to your private key, and the -# SMTPSD_CERTFILE should point to your certificate. -# Leave them empty for no SMTP-over-TLS. +# If you want to enable STARTTLS, the KEYFILE variable +# should point to your private key, and the CERTFILE variable +# should point to your certificate. +# Leave them empty if you don't want STARTTLS support. -SMTPSD_KEYFILE= -SMTPSD_CERTFILE= - - -# List the IP addresses (v4 or v6) where a SMTP-over-TLS daemon -# should be listening. This will only be used if SMTPSD_KEYFILE -# and SMTPSD_CERTFILE are defined. - -SMTPSD_IPS="0.0.0.0 ::" +KEYFILE= +CERTFILE= # Relaying configuration. diff --git a/user/netqmail/netqmail.initd b/user/netqmail/netqmail.initd index dae9c4d55..36e43e74e 100644 --- a/user/netqmail/netqmail.initd +++ b/user/netqmail/netqmail.initd @@ -12,39 +12,30 @@ makesmtpd() { set -e ip="$1" - usetls="$2" - if "$usetls" ; then - s="s" - port=25 - else - s= - port=465 - fi - if s6-tcpserver6-socketbinder -dBb0 -- "$ip" "$port" true 2>/dev/null ; then + ext="$2" + if s6-tcpserver6-socketbinder -dBb0 -- "$ip" 25 true 2>/dev/null ; then ipv=6 relayfor="$smtprelay6" - elif s6-tcpserver4-socketbinder -dBb0 -- "$ip" "$port" true 2>/dev/null ; then + elif s6-tcpserver4-socketbinder -dBb0 -- "$ip" 25 true 2>/dev/null ; then ipv=4 relayfor="$smtprelay4" else return 1 fi - service="smtp${s}d-$ip" + service="smtpd-$ip" sdir=/run/services/"$service" - logdir=/var/log/"smtp${s}d-$ip" + logdir=/var/log/"smtpd-$ip" mkdir -p -m 0755 "$logdir" chown qmaill:qmaill "$logdir" chmod 2700 "$logdir" rm -rf "$sdir" - cp -a /etc/qmail/services/smtp"${s}"d"${ipv}"-skeleton "$sdir" + cp -a /etc/qmail/services/smtpd"${ipv}"-skeleton"$ext" "$sdir" echo "$ip" > "$sdir"/env/IP - if "$usetls" ; then - echo "$SMTPSD_KEYFILE" > "$sdir"/env/KEYFILE - echo "$SMTPSD_CERTFILE" > "$sdir"/env/CERTFILE - fi + echo "$KEYFILE" > "$sdir"/env/KEYFILE + echo "$CERTFILE" > "$sdir"/env/CERTFILE for j in $relayfor ; do mkdir -p -m 0755 "$sdir/data/rules/ip${ipv}/$j/env" @@ -59,23 +50,15 @@ stop() { set -e . /etc/conf.d/netqmail - ebegin "Stopping SMTP and SMTPS listeners" + ebegin "Stopping SMTP listeners" dirs="" logs="" - for i in ${SMTPD_IPS} ; do + for i in ${IPS} ; do rm -f "/run/service/smtpd-$i" s6-svc -d "/run/services/smtpd-$i" dirs="$dirs /run/services/smtpd-$i" logs="$logs /run/services/smtpd-$i/log" done - if test -r "$SMTPSD_KEYFILE" && test -r "$SMTPSD_CERTFILE" ; then - for i in ${SMTPSD_IPS} ; do - rm -f "/run/service/smtpsd-$i" - s6-svc -d "/run/services/smtpsd-$i" - dirs="$dirs /run/services/smtpsd-$i" - logs="$logs /run/services/smtpsd-$i/log" - done - fi s6-svwait -D $dirs eend $? @@ -99,6 +82,11 @@ start() { set -e . /etc/conf.d/netqmail + if test -r "$KEYFILE" && test -r "$CERTFILE" ; then + ext="" + else + ext="-notls" + fi ebegin "Parsing the relay subnets" smtprelay4= @@ -122,31 +110,19 @@ start() s6-svwait -U /var/qmail/services/qmail eend $? - for i in ${SMTPD_IPS} ; do + mkdir -p /run/services + for i in ${IPS} ; do ebegin "Creating a service directory for a SMTP listener on $i" - makesmtpd "$i" false + makesmtpd "$i" "$ext" eend $? done - if test -r "$SMTPSD_KEYFILE" && test -r "$SMTPSD_CERTFILE" ; then - for i in ${SMTPSD_IPS} ; do - ebegin "Creating a service directory for a SMTPS listener on $i" - makesmtpd "$i" true - eend $? - done - fi dirs="" - ebegin "Starting SMTP/S listeners" - for i in ${SMTPD_IPS} ; do + ebegin "Starting SMTP listeners" + for i in ${IPS} ; do ln -nsf "../services/smtpd-$i" "/run/service/smtpd-$i" dirs="$dirs /run/service/smtpd-$i" done - if test -r "$SMTPSD_KEYFILE" && test -r "$SMTPSD_CERTFILE" ; then - for i in ${SMTPSD_IPS} ; do - ln -nsf "../services/smtpsd-$i" "/run/service/smtpsd-$i" - dirs="$dirs /run/service/smtpsd-$i" - done - fi s6-svscanctl -aN /run/service s6-svwait -U $dirs eend $? diff --git a/user/netqmail/smtpd-notls.run b/user/netqmail/smtpd-notls.run new file mode 100644 index 000000000..f29015401 --- /dev/null +++ b/user/netqmail/smtpd-notls.run @@ -0,0 +1,9 @@ +#!/bin/execlineb -P + +fdmove -c 2 1 +s6-envdir env +importas -u IP IP +fdmove 1 3 +s6-tcpserver -v2 -1U -c 255 -- $IP 25 +s6-tcpserver-access -v2 -DRpl0 -t5000 -i data/rules -- +qmail-smtpd diff --git a/user/netqmail/smtpd.run b/user/netqmail/smtpd.run index 7f10dbdbb..02884e840 100644 --- a/user/netqmail/smtpd.run +++ b/user/netqmail/smtpd.run @@ -4,6 +4,9 @@ fdmove -c 2 1 s6-envdir env importas -u IP IP fdmove 1 3 -s6-tcpserver -v2 -1U -c 255 -- $IP 25 -s6-tcpserver-access -v2 -DRpl0 -t 5000 -i data/rules -- +s6-tcpserver -v2 -1 -c 255 -- $IP 25 +s6-tcpserver-access -v2 -DRp -t5000 -i data/rules -- +s6-ucspitlsd -v2 -K30000 -- +s6-applyuidgid -Uz -- +smtpd-starttls-proxy-io qmail-smtpd diff --git a/user/netqmail/smtpsd.run b/user/netqmail/smtpsd.run deleted file mode 100644 index 32d9f54ab..000000000 --- a/user/netqmail/smtpsd.run +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/execlineb -P - -fdmove -c 2 1 -s6-envdir env -importas -u IP IP -fdmove 1 3 -s6-tlsserver -v2 -1U -c 255 -DRpl0 -t 5000 -i data/rules -- $IP 465 -qmail-smtpd |