diff options
Diffstat (limited to 'network/opensmtpd')
| -rw-r--r-- | network/opensmtpd/README | 28 | ||||
| -rw-r--r-- | network/opensmtpd/README.alpine | 21 | ||||
| -rw-r--r-- | network/opensmtpd/aliases | 34 | ||||
| -rw-r--r-- | network/opensmtpd/fix-crash-on-authentication.patch | 43 | ||||
| -rw-r--r-- | network/opensmtpd/openbsd64-020-smtpd.patch | 31 | ||||
| -rw-r--r-- | network/opensmtpd/openbsd65-029-smptd-tls.patch | 52 | ||||
| -rw-r--r-- | network/opensmtpd/openbsd66-019-smtpd-exec.patch | 46 | ||||
| -rw-r--r-- | network/opensmtpd/opensmtpd.SlackBuild | 69 | ||||
| -rw-r--r-- | network/opensmtpd/opensmtpd.info | 10 | ||||
| -rw-r--r-- | network/opensmtpd/rc.opensmtpd | 13 |
10 files changed, 120 insertions, 227 deletions
diff --git a/network/opensmtpd/README b/network/opensmtpd/README index 39e7203c20..fba4cc0dd4 100644 --- a/network/opensmtpd/README +++ b/network/opensmtpd/README @@ -3,6 +3,10 @@ as defined by RFC 5321, with some additional standard extensions. It allows ordinary machines to exchange e-mails with other systems speaking the SMTP protocol. +This package conflicts with the stock postfix (or sendmail) package +included in Slackware and overwrites some of its files, +so remove the postfix (or sendmail) package before installing opensmtpd + You must have smtpd and smtpq users and groups on the system for privilege separation - something like this should suffice: @@ -11,20 +15,18 @@ privilege separation - something like this should suffice: groupadd -g 271 smtpq useradd -u 271 -g 271 -r -s /bin/false -d /var/empty smtpq -You will want to add /etc/rc.d/rc.opensmtpd to rc.local so that it -will start on boot (or perhaps consider symlinking rc.sendmail to -rc.opensmtpd). - -This package conflicts with the stock sendmail package included in -Slackware and overwrites some of its files, so remove the sendmail -package before installing opensmtpd. +You will want to modify rc.local so that OpenSMTPD +will start on boot something like this: -Alpine hangs when sending mail using the opensmtp sendmail command and the -opensmtpd server is down. + # start opensmtpd a replacement for sendmail and postfix + if [ -x /etc/rc.d/rc.opensmtpd ]; then + . /etc/rc.d/rc.opensmtpd start + fi -To prevent this, modify the /etc/pine.conf or the user .pinerc to -send the mail directly to the server instead of using the -opensmtpd sendmail command: +Optional Dependency: LibreSSL - smtp-server=localhost +To use the LibreSSL runtime libraries + First install LibreSSL + then build OpenSMTPD +For hints on using alpine with OpenSMTPD see the README.alpine file diff --git a/network/opensmtpd/README.alpine b/network/opensmtpd/README.alpine new file mode 100644 index 0000000000..e1d149b683 --- /dev/null +++ b/network/opensmtpd/README.alpine @@ -0,0 +1,21 @@ + +Alpine hangs when sending mail using the opensmtp sendmail command and +the opensmtpd server is down. + +To prevent this, modify the /etc/pine.conf or the user .pinerc to +send the mail directly to the server instead of using the +opensmtpd sendmail command: + + smtp-server=localhost + +If the OpenSMTPD server is down, then alpine will indicate that +the localhost has refused the connection. + +Or modify the sendmail command to have the -t option: + + sendmail-path=/usr/sbin/sendmail -t + +And if the OpenSMTPD server is down, then alpine will indicate that +the sendmail command has gotten an error. + + diff --git a/network/opensmtpd/aliases b/network/opensmtpd/aliases index ea54878974..85cc8e71ac 100644 --- a/network/opensmtpd/aliases +++ b/network/opensmtpd/aliases @@ -1,23 +1,49 @@ -# See aliases(5) for more information +# Sample aliases file installed in /etc/opensmtpd/aliases +# +# Aliases in this file will NOT be expanded in the header from +# Mail, but WILL be visible over networks or from /usr/libexec/mail.local. +# +# >>>>>>>>>> The program "newaliases" must be run after +# >> NOTE >> this file is updated for any changes to +# >>>>>>>>>> show through to smtpd. +# + +# Person who should get root's mail. Don't receive mail as root! +#root: you # Basic system aliases -- these MUST be present MAILER-DAEMON: postmaster postmaster: root # General redirections for pseudo accounts -bin: root daemon: root named: root -nobody: root uucp: root www: root ftp-bugs: root +# Redirections for pseudo accounts that should not receive mail +bin: /dev/null +build: /dev/null +nobody: /dev/null +sshd: /dev/null + # Well-known aliases manager: root dumper: root operator: root -abuse: postmaster + +# RFC 2142: NETWORK OPERATIONS MAILBOX NAMES +abuse: root +# noc: root +security: root + +# RFC 2142: SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES +# hostmaster: root +# usenet: root +# news: usenet +# webmaster: root +# ftp: root # trap decode to catch security attacks decode: root diff --git a/network/opensmtpd/fix-crash-on-authentication.patch b/network/opensmtpd/fix-crash-on-authentication.patch deleted file mode 100644 index c20b5e0a0e..0000000000 --- a/network/opensmtpd/fix-crash-on-authentication.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 9b5f70b93e038df5446bd37a4adac5a0380748e7 Mon Sep 17 00:00:00 2001 -From: johannes <johannes.brechtmann@gmail.com> -Date: Wed, 21 Feb 2018 23:57:11 +0100 -Subject: [PATCH] crypt_checkpass: include HAVE_CRYPT_H definition, add NULL - check - ---- - openbsd-compat/crypt_checkpass.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/openbsd-compat/crypt_checkpass.c b/openbsd-compat/crypt_checkpass.c -index dafd2dae..d10b3a57 100644 ---- a/openbsd-compat/crypt_checkpass.c -+++ b/openbsd-compat/crypt_checkpass.c -@@ -1,5 +1,6 @@ - /* OPENBSD ORIGINAL: lib/libc/crypt/cryptutil.c */ - -+#include "includes.h" - #include <errno.h> - #ifdef HAVE_CRYPT_H - #include <crypt.h> -@@ -10,6 +11,8 @@ - int - crypt_checkpass(const char *pass, const char *goodhash) - { -+ char *c; -+ - if (goodhash == NULL) - goto fail; - -@@ -17,7 +20,11 @@ crypt_checkpass(const char *pass, const char *goodhash) - if (strlen(goodhash) == 0 && strlen(pass) == 0) - return 0; - -- if (strcmp(crypt(pass, goodhash), goodhash) == 0) -+ c = crypt(pass, goodhash); -+ if (c == NULL) -+ goto fail; -+ -+ if (strcmp(c, goodhash) == 0) - return 0; - - fail: diff --git a/network/opensmtpd/openbsd64-020-smtpd.patch b/network/opensmtpd/openbsd64-020-smtpd.patch deleted file mode 100644 index 8ce7178da8..0000000000 --- a/network/opensmtpd/openbsd64-020-smtpd.patch +++ /dev/null @@ -1,31 +0,0 @@ -OpenBSD 6.4 errata 020, August 2, 2019 - -smtpd can crash on excessively large input, causing a denial of service. - ---- a/smtpd/smtp_session.c 3 Sep 2018 19:01:29 -0000 1.337 -+++ b/smtpd/smtp_session.c 1 Aug 2019 21:18:53 -0000 -@@ -1904,15 +1904,21 @@ smtp_reply(struct smtp_session *s, char - { - va_list ap; - int n; -- char buf[LINE_MAX], tmp[LINE_MAX]; -+ char buf[LINE_MAX*2], tmp[LINE_MAX*2]; - - va_start(ap, fmt); - n = vsnprintf(buf, sizeof buf, fmt, ap); - va_end(ap); -- if (n == -1 || n >= LINE_MAX) -- fatalx("smtp_reply: line too long"); -+ if (n < 0) -+ fatalx("smtp_reply: response format error"); - if (n < 4) - fatalx("smtp_reply: response too short"); -+ if (n >= (int)sizeof buf) { -+ /* only first three bytes are used by SMTP logic, -+ * so if _our_ reply does not fit entirely in the -+ * buffer, it's ok to truncate. -+ */ -+ } - - log_trace(TRACE_SMTP, "smtp: %p: >>> %s", s, buf); - diff --git a/network/opensmtpd/openbsd65-029-smptd-tls.patch b/network/opensmtpd/openbsd65-029-smptd-tls.patch deleted file mode 100644 index a2727decf8..0000000000 --- a/network/opensmtpd/openbsd65-029-smptd-tls.patch +++ /dev/null @@ -1,52 +0,0 @@ -OpenBSD 6.5 errata 029, January 30, 2020: - -smtpd can crash on opportunistic TLS downgrade, causing a denial of service. - ---- usr.sbin/smtpd/mta_session.c 23 Dec 2018 16:37:53 -0000 1.115 -+++ usr.sbin/smtpd/mta_session.c 20 Jan 2020 10:36:58 -0000 -@@ -1292,40 +1292,20 @@ mta_io(struct io *io, int evt, void *arg - break; - - case IO_ERROR: -+ case IO_TLSERROR: - log_debug("debug: mta: %p: IO error: %s", s, io_error(io)); -- if (!s->ready) { -- mta_error(s, "IO Error: %s", io_error(io)); -- mta_connect(s); -- break; -- } -- else if (!(s->flags & (MTA_FORCE_TLS|MTA_FORCE_SMTPS|MTA_FORCE_ANYSSL))) { -- /* error in non-strict SSL negotiation, downgrade to plain */ -- if (s->flags & MTA_TLS) { -- log_info("smtp-out: Error on session %016"PRIx64 -- ": opportunistic TLS failed, " -- "downgrading to plain", s->id); -- s->flags &= ~MTA_TLS; -- s->flags |= MTA_DOWNGRADE_PLAIN; -- mta_connect(s); -- break; -- } -- } -- mta_error(s, "IO Error: %s", io_error(io)); -- mta_free(s); -- break; - -- case IO_TLSERROR: -- log_debug("debug: mta: %p: TLS IO error: %s", s, io_error(io)); -- if (!(s->flags & (MTA_FORCE_TLS|MTA_FORCE_SMTPS|MTA_FORCE_ANYSSL))) { -+ if (s->state == MTA_STARTTLS && s->use_smtp_tls) { - /* error in non-strict SSL negotiation, downgrade to plain */ -- log_info("smtp-out: TLS Error on session %016"PRIx64 -- ": TLS failed, " -+ log_info("smtp-out: Error on session %016"PRIx64 -+ ": opportunistic TLS failed, " - "downgrading to plain", s->id); - s->flags &= ~MTA_TLS; - s->flags |= MTA_DOWNGRADE_PLAIN; - mta_connect(s); - break; - } -+ - mta_error(s, "IO Error: %s", io_error(io)); - mta_free(s); - break; diff --git a/network/opensmtpd/openbsd66-019-smtpd-exec.patch b/network/opensmtpd/openbsd66-019-smtpd-exec.patch deleted file mode 100644 index 93ce19dcb1..0000000000 --- a/network/opensmtpd/openbsd66-019-smtpd-exec.patch +++ /dev/null @@ -1,46 +0,0 @@ -OpenBSD 6.6 errata 019, January 30, 2020: - -An incorrect check allows an attacker to trick mbox delivery into executing -arbitrary commands as root and lmtp delivery into executing arbitrary commands -as an unprivileged user. - ---- usr.sbin/smtpd/smtp_session.c 4 Oct 2019 08:34:29 -0000 1.415 -+++ usr.sbin/smtpd/smtp_session.c 26 Jan 2020 05:56:37 -0000 -@@ -2012,24 +2012,22 @@ smtp_mailaddr(struct mailaddr *maddr, ch - memmove(maddr->user, p, strlen(p) + 1); - } - -- if (!valid_localpart(maddr->user) || -- !valid_domainpart(maddr->domain)) { -- /* accept empty return-path in MAIL FROM, required for bounces */ -- if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0') -- return (1); -+ /* accept empty return-path in MAIL FROM, required for bounces */ -+ if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0') -+ return (1); - -- /* no user-part, reject */ -- if (maddr->user[0] == '\0') -- return (0); -- -- /* no domain, local user */ -- if (maddr->domain[0] == '\0') { -- (void)strlcpy(maddr->domain, domain, -- sizeof(maddr->domain)); -- return (1); -- } -+ /* no or invalid user-part, reject */ -+ if (maddr->user[0] == '\0' || !valid_localpart(maddr->user)) - return (0); -+ -+ /* no domain part, local user */ -+ if (maddr->domain[0] == '\0') { -+ (void)strlcpy(maddr->domain, domain, -+ sizeof(maddr->domain)); - } -+ -+ if (!valid_domainpart(maddr->domain)) -+ return (0); - - return (1); - } diff --git a/network/opensmtpd/opensmtpd.SlackBuild b/network/opensmtpd/opensmtpd.SlackBuild index 052a1fcf03..342996614b 100644 --- a/network/opensmtpd/opensmtpd.SlackBuild +++ b/network/opensmtpd/opensmtpd.SlackBuild @@ -1,9 +1,9 @@ -#!/bin/sh +#!/bin/bash # Slackware build script for opensmtpd # Copyright 2013-2014 Robby Workman, Northport, Alabama, USA -# Copyright 2015-2020 Richard Narron, California, USA +# Copyright 2015-2024 Richard Narron, California, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -23,10 +23,13 @@ # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +cd $(dirname $0) ; CWD=$(pwd) + PRGNAM=opensmtpd -VERSION=${VERSION:-6.0.3p1} -BUILD=${BUILD:-5} +VERSION=${VERSION:-7.5.0p0} +BUILD=${BUILD:-1} TAG=${TAG:-_SBo} +PKGTYPE=${PKGTYPE:-tgz} if [ -z "$ARCH" ]; then case "$( uname -m )" in @@ -36,7 +39,14 @@ if [ -z "$ARCH" ]; then esac fi -CWD=$(pwd) +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE" + exit 0 +fi + TMP=${TMP:-/tmp/SBo} PKG=$TMP/package-$PRGNAM OUTPUT=${OUTPUT:-/tmp} @@ -81,9 +91,10 @@ rm -rf $PKG mkdir -p $TMP $PKG $OUTPUT cd $TMP -rm -rf $PRGNAM-$VERSION -tar xvf $CWD/$PRGNAM-$VERSION.tar.gz -cd $PRGNAM-$VERSION + +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION chown -R root:root . find -L . \ @@ -92,20 +103,10 @@ find -L . \ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; -# fix reply buffer overflow -cat $CWD/openbsd64-020-smtpd.patch | patch -p1 - -# fix tls downgrade -cat $CWD/openbsd65-029-smptd-tls.patch | patch -p1 - -# fix exec -cat $CWD/openbsd66-019-smtpd-exec.patch | patch -p1 - -# check null from crypt function -cat $CWD/fix-crash-on-authentication.patch | patch -p1 - -CFLAGS="$SLKCFLAGS -D_DEFAULT_SOURCE" \ -CXXFLAGS="$SLKCFLAGS" \ +# pickup files from libressl if it is installed +CFLAGS="$SLKCFLAGS -I/usr/include/libressl" \ +LDFLAGS="-L/usr/lib${LIBDIRSUFFIX}/libressl -lcrypto -lssl \ +-Wl,-rpath=/usr/lib${LIBDIRSUFFIX}/libressl" \ ./configure \ --prefix=/usr \ --libdir=/usr/lib${LIBDIRSUFFIX} \ @@ -113,7 +114,6 @@ CXXFLAGS="$SLKCFLAGS" \ --localstatedir=/var \ --with-path-socket=/var/run \ --mandir=/usr/man \ - --with-mantype=doc \ --docdir=/usr/doc/$PRGNAM-$VERSION \ --without-rpath \ --with-path-mbox=/var/spool/mail \ @@ -147,10 +147,16 @@ ln -s smtpctl $PKG/usr/sbin/makemap mkdir -p $PKG/etc/rc.d cat $CWD/rc.opensmtpd > $PKG/etc/rc.d/rc.opensmtpd.new -# Don't clobber the config file +# copy original smtpd.conf file +cp -p $PKG/etc/opensmtpd/smtpd.conf $PKG/etc/opensmtpd/smtpd.conf.upstream.default + +# Don't clobber the existing config file mv $PKG/etc/opensmtpd/smtpd.conf $PKG/etc/opensmtpd/smtpd.conf.new # and reflect the correct path to aliases file -sed -i "s,/etc/mail/,/etc/opensmtpd/,g" $PKG/etc/opensmtpd/smtpd.conf.new +# and use mbox instead of maildir +sed -i -e "s,/etc/mail/,/etc/opensmtpd/,g" \ + -e "s,maildir alias,mbox alias,g" \ + $PKG/etc/opensmtpd/smtpd.conf.new # Create (but don't clobber) the aliases file cat $CWD/aliases > $PKG/etc/opensmtpd/aliases.new @@ -172,14 +178,15 @@ chmod 0700 $PKG/var/spool/smtpd/purge find $PKG/usr/man -type f -exec gzip -9 {} \; for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done -mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -cp -a INSTALL LICENSE README.md THANKS $PKG/usr/doc/$PRGNAM-$VERSION -cat $CWD/README > $PKG/usr/doc/$PRGNAM-$VERSION/README.slackware -cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a CHANGES.md LICENSE README.md $PKG/usr/doc/$PRGNAM-$VERSION/ +cat $CWD/README > $PKG/usr/doc/$PRGNAM-$VERSION/README.slackware +cat $CWD/README.alpine > $PKG/usr/doc/$PRGNAM-$VERSION/README.alpine +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc -cat $CWD/doinst.sh > $PKG/install/doinst.sh +cat $CWD/doinst.sh > $PKG/install/doinst.sh cd $PKG -/sbin/makepkg -l y -p -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} +/sbin/makepkg -l y -p -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE diff --git a/network/opensmtpd/opensmtpd.info b/network/opensmtpd/opensmtpd.info index 0930880299..31413fe623 100644 --- a/network/opensmtpd/opensmtpd.info +++ b/network/opensmtpd/opensmtpd.info @@ -1,10 +1,10 @@ PRGNAM="opensmtpd" -VERSION="6.0.3p1" -HOMEPAGE="https://www.opensmtpd.org/" -DOWNLOAD="https://www.opensmtpd.org/archives/opensmtpd-6.0.3p1.tar.gz" -MD5SUM="66e496bb0f3303d660744f4fa2178765" +VERSION="7.5.0p0" +HOMEPAGE="https://opensmtpd.org/" +DOWNLOAD="https://www.opensmtpd.org/archives/opensmtpd-7.5.0p0.tar.gz" +MD5SUM="81d1987ab1bdbb04dbbedffb3334cc01" DOWNLOAD_x86_64="" MD5SUM_x86_64="" -REQUIRES="libasr" +REQUIRES="" MAINTAINER="Richard Narron" EMAIL="richard@aaazen.com" diff --git a/network/opensmtpd/rc.opensmtpd b/network/opensmtpd/rc.opensmtpd index b75e3c53e4..f3154061c5 100644 --- a/network/opensmtpd/rc.opensmtpd +++ b/network/opensmtpd/rc.opensmtpd @@ -10,7 +10,7 @@ smtpd_start() { smtpd_stop() { echo "Stopping OpenSMTPD" - /usr/sbin/smtpctl stop 1>/dev/null 2>/dev/null || /usr/bin/pkill smtpd + /usr/bin/pkill -f /usr/sbin/smtpd } # Restart smtpd: @@ -20,6 +20,12 @@ smtpd_restart() { smtpd_start } +# Test the smtpd configuration: +smtpd_testconf() { + echo "testing OpenSMTPD configuration: /usr/sbin/smtpd -n" + /usr/sbin/smtpd -n +} + case "$1" in 'start') smtpd_start @@ -30,6 +36,9 @@ case "$1" in 'restart') smtpd_restart ;; +'testconf') + smtpd_testconf + ;; *) - echo "usage $0 start|stop|restart" + echo "usage $0 start|stop|restart|testconf" esac |