diff --git a/Sendmail-sasl2.conf b/Sendmail-sasl2.conf new file mode 100644 index 0000000000000000000000000000000000000000..74ef83f212619e660e161294ff8d5d07fafe7d45 --- /dev/null +++ b/Sendmail-sasl2.conf @@ -0,0 +1 @@ +pwcheck_method:saslauthd diff --git a/sendmail-8.13.0-cyrus.patch b/sendmail-8.13.0-cyrus.patch new file mode 100644 index 0000000000000000000000000000000000000000..e296d5b8cb76fa6e85106452ed73518f7fa2c967 --- /dev/null +++ b/sendmail-8.13.0-cyrus.patch @@ -0,0 +1,11 @@ +--- sendmail-8.13.0/cf/mailer/cyrus.m4.cyrus 2004-06-30 11:47:47.116910591 +0200 ++++ sendmail-8.13.0/cf/mailer/cyrus.m4 2004-06-30 11:49:02.262556546 +0200 +@@ -36,7 +36,7 @@ + # + + _DEFIFNOT(`CYRUS_MAILER_FLAGS', `Ah5@/:|') +-ifdef(`CYRUS_MAILER_PATH',, `define(`CYRUS_MAILER_PATH', /usr/cyrus/bin/deliver)') ++ifdef(`CYRUS_MAILER_PATH',, `define(`CYRUS_MAILER_PATH', /usr/lib/cyrus-imapd/deliver)') + ifdef(`CYRUS_MAILER_ARGS',, `define(`CYRUS_MAILER_ARGS', `deliver -e -m $h -- $u')') + ifdef(`CYRUS_MAILER_USER',, `define(`CYRUS_MAILER_USER', `cyrus:mail')') + _DEFIFNOT(`CYRUS_BB_MAILER_FLAGS', `u') diff --git a/sendmail-8.14.3-sharedmilter.patch b/sendmail-8.14.3-sharedmilter.patch new file mode 100644 index 0000000000000000000000000000000000000000..29e1851955f3d9f5e4caf2838c7ab372f7952ef6 --- /dev/null +++ b/sendmail-8.14.3-sharedmilter.patch @@ -0,0 +1,50 @@ +diff -up sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4.sharedmilter sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4 +--- sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4.sharedmilter 2009-01-20 15:19:34.000000000 +0100 ++++ sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4 2009-01-20 15:19:34.000000000 +0100 +@@ -15,22 +15,23 @@ divert(-1) + divert(0)dnl + include(confBUILDTOOLSDIR`/M4/'bldM4_TYPE_DIR`/links.m4')dnl + bldLIST_PUSH_ITEM(`bldC_PRODUCTS', bldCURRENT_PRODUCT)dnl +-bldPUSH_TARGET(bldCURRENT_PRODUCT`.a')dnl ++bldPUSH_TARGET(bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL)dnl + bldPUSH_INSTALL_TARGET(`install-'bldCURRENT_PRODUCT)dnl + bldPUSH_CLEAN_TARGET(bldCURRENT_PRODUCT`-clean')dnl + + include(confBUILDTOOLSDIR`/M4/'bldM4_TYPE_DIR`/defines.m4') + divert(bldTARGETS_SECTION) +-bldCURRENT_PRODUCT.a: ${BEFORE} ${bldCURRENT_PRODUCT`OBJS'} +- ${AR} ${AROPTS} bldCURRENT_PRODUCT.a ${bldCURRENT_PRODUCT`OBJS'} +- ${RANLIB} ${RANLIBOPTS} bldCURRENT_PRODUCT.a ++bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL: ${BEFORE} ${bldCURRENT_PRODUCT`OBJS'} ++ ${CC} ${CFLAGS} ${LDOPTS_SO} -o bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL `-Wl,'confSONAME`,'bldCURRENT_PRODUCT`.so.'confSOVER ${bldCURRENT_PRODUCT`OBJS'} + ifdef(`bldLINK_SOURCES', `bldMAKE_SOURCE_LINKS(bldLINK_SOURCES)') + +-install-`'bldCURRENT_PRODUCT: bldCURRENT_PRODUCT.a ++install-`'bldCURRENT_PRODUCT: bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL + ifdef(`bldINSTALLABLE', ` ifdef(`confMKDIR', `if [ ! -d ${DESTDIR}${bldINSTALL_DIR`'LIBDIR} ]; then confMKDIR -p ${DESTDIR}${bldINSTALL_DIR`'LIBDIR}; else :; fi ') +- ${INSTALL} -c -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} bldCURRENT_PRODUCT.a ${DESTDIR}${LIBDIR}') ++ ${LN} ${LNOPTS} bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL ${DESTDIR}${LIBDIR}/bldCURRENT_PRODUCT.so.confSOVER ++ ${LN} ${LNOPTS} bldCURRENT_PRODUCT.so.confSOVER ${DESTDIR}${LIBDIR}/bldCURRENT_PRODUCT.so ++ ${INSTALL} -c -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} bldCURRENT_PRODUCT.so.confSOVER`.'confSOPLVL ${DESTDIR}${LIBDIR}') + + bldCURRENT_PRODUCT-clean: +- rm -f ${OBJS} bldCURRENT_PRODUCT.a ${MANPAGES} ++ rm -f ${OBJS} bldCURRENT_PRODUCT.so* ${MANPAGES} + + divert(0) +diff -up sendmail-8.14.3/libmilter/Makefile.m4.sharedmilter sendmail-8.14.3/libmilter/Makefile.m4 +--- sendmail-8.14.3/libmilter/Makefile.m4.sharedmilter 2008-04-08 07:23:44.000000000 +0200 ++++ sendmail-8.14.3/libmilter/Makefile.m4 2009-01-20 15:26:05.000000000 +0100 +@@ -9,7 +9,11 @@ define(`confMT', `true') + SMSRCDIR=ifdef(`confSMSRCDIR', `confSMSRCDIR', `${SRCDIR}/sendmail') + PREPENDDEF(`confINCDIRS', `-I${SMSRCDIR} ') + +-bldPRODUCT_START(`library', `libmilter') ++APPENDDEF(`confOPTIMIZE', `-fno-pie -fPIC') ++define(`runCtest', `esyscmd(`echo -e "#include \n#include \"../include/libmilter/mfapi.h\"\nint main(){'$1`;return 0;}" | gcc -x c -I../include -o ctest - && ./ctest && rm -f ctest')')dnl ++define(`confSOVER', runCtest(`printf(\"%d.%d\", SM_LM_VRS_MAJOR(SMFI_VERSION), SM_LM_VRS_MINOR(SMFI_VERSION))'))dnl ++define(`confSOPLVL', runCtest(`printf(\"%d\", SM_LM_VRS_PLVL(SMFI_VERSION))'))dnl ++bldPRODUCT_START(`sharedlibrary', `libmilter') + define(`bldINSTALLABLE', `true') + define(`LIBMILTER_EXTRAS', `errstring.c strl.c') + APPENDDEF(`confENVDEF', `-DNOT_SENDMAIL -Dsm_snprintf=snprintf') diff --git a/sendmail-8.14.4-makemapman.patch b/sendmail-8.14.4-makemapman.patch new file mode 100644 index 0000000000000000000000000000000000000000..7beb0cdcc784c3c880cdd036ea2bec8b0ea05486 --- /dev/null +++ b/sendmail-8.14.4-makemapman.patch @@ -0,0 +1,56 @@ +--- sendmail-8.14.4/cf/cf/Build 1999-03-02 03:37:12.000000000 +0100 ++++ sendmail-8.14.4/cf/cf/Build.makemapman 2010-01-03 22:49:38.000000000 +0100 +@@ -18,7 +18,7 @@ + SMROOT=${SMROOT-../..} + BUILDTOOLS=${BUILDTOOLS-$SMROOT/devtools} + +-M4=`sh $BUILDTOOLS/bin/find_m4.sh` ++M4=/usr/bin/m4 + ret=$? + if [ $ret -ne 0 ] + then +--- sendmail-8.14.4/devtools/OS/Linux 2009-01-22 03:15:42.000000000 +0100 ++++ sendmail-8.14.4/devtools/OS/Linux.makemapman 2010-01-03 22:50:27.000000000 +0100 +@@ -6,7 +6,7 @@ + define(`confDEPEND_TYPE', `CC-M') + define(`confCCOPTS_SO', `-fPIC') + define(`confSM_OS_HEADER', `sm_os_linux') +-define(`confMANROOT', `/usr/man/man') ++define(`confMANROOT', `/usr/share/man/man') + define(`confLIBS', `-ldl') + define(`confEBINDIR', `/usr/sbin') + APPENDDEF(`confLIBSEARCH', `crypt nsl') +@@ -16,6 +16,8 @@ + define(`confMTLDOPTS', `-lpthread') + define(`confLDOPTS_SO', `-shared') + define(`confSONAME',`-soname') ++define('confSBINGRP', 'mail') ++define('confSBINMODE', '6755') + + ifelse(confBLDVARIANT, `DEBUG', + dnl Debug build +--- sendmail-8.14.4/makemap/makemap.8 2008-05-03 01:07:48.000000000 +0200 ++++ sendmail-8.14.4/makemap/makemap.8.makemapman 2010-01-03 22:51:04.000000000 +0100 +@@ -52,12 +52,6 @@ + parameter. + They may be + .TP +-dbm +-DBM format maps. +-This requires the +-ndbm(3) +-library. +-.TP + btree + B-Tree format maps. + This requires the new Berkeley DB +--- sendmail-8.14.4/rmail/rmail.c 2001-09-18 23:45:29.000000000 +0200 ++++ sendmail-8.14.4/rmail/rmail.c.makemapman 2010-01-03 22:51:36.000000000 +0100 +@@ -276,7 +276,6 @@ + args[i++] = _PATH_SENDMAIL; /* Build sendmail's argument list. */ + args[i++] = "-G"; /* relay submission */ + args[i++] = "-oee"; /* No errors, just status. */ +- args[i++] = "-odq"; /* Queue it, don't try to deliver. */ + args[i++] = "-oi"; /* Ignore '.' on a line by itself. */ + + /* set from system and protocol used */ diff --git a/sendmail-8.14.8-sasl2-in-etc.patch b/sendmail-8.14.8-sasl2-in-etc.patch new file mode 100644 index 0000000000000000000000000000000000000000..fe8f353f372561a0069e04ad01f8c419ca1a87fa --- /dev/null +++ b/sendmail-8.14.8-sasl2-in-etc.patch @@ -0,0 +1,31 @@ +diff --git a/sendmail/usersmtp.c b/sendmail/usersmtp.c +index c217ffa..e4dadd3 100644 +--- a/sendmail/usersmtp.c ++++ b/sendmail/usersmtp.c +@@ -1331,9 +1331,7 @@ safesaslfile(context, file) + { + long sff; + int r; +-#if SASL <= 10515 + size_t len; +-#endif /* SASL <= 10515 */ + char *p; + + if (file == NULL || *file == '\0') +@@ -1369,9 +1367,16 @@ safesaslfile(context, file) + #endif /* SASL <= 10515 */ + + p = (char *) file; ++ len = strlen(p); + if ((r = safefile(p, RunAsUid, RunAsGid, RunAsUserName, sff, + S_IRUSR, NULL)) == 0) + return SASL_OK; ++#if SASL > 10515 ++ /* Expect /usr/lib/sasl2/Sendmail.conf to be missing - config now in /etc/sasl2 */ ++ if (type == SASL_VRFY_CONF && r == ENOENT && ++ len >= 8 && strncmp(p, "/usr/lib", 8) == 0) ++ return SASL_CONTINUE; ++#endif /* SASL > 10515 */ + if (LogLevel > (r != ENOENT ? 8 : 10)) + sm_syslog(LOG_WARNING, NOQID, "error: safesasl(%s) failed: %s", + p, sm_errstring(r)); diff --git a/sendmail-8.14.9-noversion.patch b/sendmail-8.14.9-noversion.patch new file mode 100644 index 0000000000000000000000000000000000000000..f0ca667b18f0f26e400208dac2741dbd7930f9e6 --- /dev/null +++ b/sendmail-8.14.9-noversion.patch @@ -0,0 +1,13 @@ +--- sendmail-8.14.9/sendmail/helpfile 2014-03-06 18:31:31.000000000 +0100 ++++ sendmail-8.14.9/sendmail/helpfile.noversion 2014-05-21 17:25:29.000000000 +0200 +@@ -11,9 +11,7 @@ + cpyr forth in the LICENSE file which can be found at the top level of + cpyr the sendmail distribution. + cpyr +-cpyr $$Id: helpfile,v 8.49 2013-11-22 20:51:55 ca Exp $$ +-cpyr +-smtp This is sendmail version $v ++smtp This is sendmail + smtp Topics: + smtp HELO EHLO MAIL RCPT DATA + smtp RSET NOOP QUIT HELP VRFY diff --git a/sendmail-8.14.9-pid.patch b/sendmail-8.14.9-pid.patch new file mode 100644 index 0000000000000000000000000000000000000000..6d769596b77dec902db9fb9d08f24c8a234847ef --- /dev/null +++ b/sendmail-8.14.9-pid.patch @@ -0,0 +1,20 @@ +--- sendmail-8.14.9/cf/cf/submit.mc 2014-03-06 18:31:28.000000000 +0100 ++++ sendmail-8.14.9/cf/cf/submit.mc.pid 2014-05-21 17:20:14.000000000 +0200 +@@ -15,12 +15,16 @@ + # + + divert(0)dnl +-VERSIONID(`$Id: submit.mc,v 8.15 2013-11-22 20:51:08 ca Exp $') ++sinclude(`/usr/share/sendmail-cf/m4/cf.m4')dnl ++VERSIONID(`linux setup')dnl + define(`confCF_VERSION', `Submit')dnl + define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining + define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet + define(`confTIME_ZONE', `USE_TZ')dnl + define(`confDONT_INIT_GROUPS', `True')dnl ++define(`confPID_FILE', `/run/sm-client.pid')dnl ++dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl ++FEATURE(`use_ct_file')dnl + dnl + dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:0:0:0:0:0:0:0:1] + FEATURE(`msp', `[127.0.0.1]')dnl diff --git a/sendmail-8.15.1-aliases_dir.patch b/sendmail-8.15.1-aliases_dir.patch new file mode 100644 index 0000000000000000000000000000000000000000..808e2989e2e3106e62ae987247ee20778ec5f600 --- /dev/null +++ b/sendmail-8.15.1-aliases_dir.patch @@ -0,0 +1,126 @@ +diff --git a/cf/m4/cfhead.m4 b/cf/m4/cfhead.m4 +index 714a3ec..3fd6c1c 100644 +--- a/cf/m4/cfhead.m4 ++++ b/cf/m4/cfhead.m4 +@@ -260,7 +260,7 @@ ifdef(`MAIL_SETTINGS_DIR', , `define(`MAIL_SETTINGS_DIR', `/etc/mail/')') + define(`DATABASE_MAP_TYPE', `hash') + + # set up default values for options +-define(`ALIAS_FILE', `MAIL_SETTINGS_DIR`'aliases') ++define(`ALIAS_FILE', `/etc/aliases') + define(`confMAILER_NAME', ``MAILER-DAEMON'') + define(`confFROM_LINE', `From $g $d') + define(`confOPERATORS', `.:%@!^/[]+') +diff --git a/sendmail/aliases.0 b/sendmail/aliases.0 +index cfdbe17..5ea4c28 100644 +--- a/sendmail/aliases.0 ++++ b/sendmail/aliases.0 +@@ -63,7 +63,7 @@ DDEESSCCRRIIPPTTIIOONN + the list of users defined in that file. + + This is only the raw data file; the actual aliasing information is +- placed into a binary format in the file /etc/mail/aliases.db using the ++ placed into a binary format in the file /etc/aliases.db using the + program newaliases(1). A newaliases command should be executed each + time the aliases file is changed for the change to take effect. + +diff --git a/sendmail/aliases.5 b/sendmail/aliases.5 +index f09b49c..7b16db2 100644 +--- a/sendmail/aliases.5 ++++ b/sendmail/aliases.5 +@@ -23,7 +23,7 @@ ID + aliases used by + sendmail. + The file resides in +-/etc/mail ++/etc + and + is formatted as a series of lines of the form + .IP +@@ -96,7 +96,7 @@ list of users defined in that file. + .PP + This is only the raw data file; the actual aliasing information is + placed into a binary format in the file +-/etc/mail/aliases.db ++/etc/aliases.db + using the program + newaliases(1). + A +diff --git a/sendmail/newaliases.0 b/sendmail/newaliases.0 +index c77f401..e2a1670 100644 +--- a/sendmail/newaliases.0 ++++ b/sendmail/newaliases.0 +@@ -10,7 +10,7 @@ SSYYNNOOPPSSIISS + + DDEESSCCRRIIPPTTIIOONN + NNeewwaalliiaasseess rebuilds the random access data base for the mail aliases +- file /etc/mail/aliases. It must be run each time this file is changed ++ file /etc/aliases. It must be run each time this file is changed + in order for the change to take effect. + + NNeewwaalliiaasseess is identical to ``sendmail -bi''. +@@ -22,7 +22,7 @@ DDEESSCCRRIIPPTTIIOONN + sseennddmmaaiill.. + + FFIILLEESS +- /etc/mail/aliases The mail aliases file ++ /etc/aliases The mail aliases file + + SSEEEE AALLSSOO + aliases(5), sendmail(8) +diff --git a/sendmail/newaliases.1 b/sendmail/newaliases.1 +index 59dc0de..9ba8752 100644 +--- a/sendmail/newaliases.1 ++++ b/sendmail/newaliases.1 +@@ -20,7 +20,7 @@ newaliases + .SH DESCRIPTION + .B Newaliases + rebuilds the random access data base for the mail aliases file +-/etc/mail/aliases. It must be run each time this file is changed ++/etc/aliases. It must be run each time this file is changed + in order for the change to take effect. + .PP + .B Newaliases +@@ -40,7 +40,7 @@ puts a special token into the data base that is required by + .B sendmail. + .SH FILES + .TP 2i +-/etc/mail/aliases ++/etc/aliases + The mail aliases file + .SH SEE ALSO + aliases(5), sendmail(8) +diff --git a/sendmail/sendmail.0 b/sendmail/sendmail.0 +index 515d5f7..8236411 100644 +--- a/sendmail/sendmail.0 ++++ b/sendmail/sendmail.0 +@@ -434,10 +434,10 @@ FFIILLEESS + are only approximations. + + +- /etc/mail/aliases ++ /etc/aliases + raw data for alias names + +- /etc/mail/aliases.db ++ /etc/aliases.db + data base of alias names + + /etc/mail/sendmail.cf +diff --git a/sendmail/sendmail.8 b/sendmail/sendmail.8 +index 0356839..1258c26 100644 +--- a/sendmail/sendmail.8 ++++ b/sendmail/sendmail.8 +@@ -711,10 +711,10 @@ Thus, + these values are only approximations. + .PP + .TP +- /etc/mail/aliases ++ /etc/aliases + raw data for alias names + .TP +- /etc/mail/aliases.db ++ /etc/aliases.db + data base of alias names + .TP + /etc/mail/sendmail.cf diff --git a/sendmail-8.15.1-dynamic.patch b/sendmail-8.15.1-dynamic.patch new file mode 100644 index 0000000000000000000000000000000000000000..bf6ceed94b2a13dbf8d351342d9e00644818a0ad --- /dev/null +++ b/sendmail-8.15.1-dynamic.patch @@ -0,0 +1,46 @@ +--- sendmail-8.14.4/devtools/OS/Linux 2010-01-03 22:55:35.000000000 +0100 ++++ sendmail-8.14.4/devtools/OS/Linux.dynamic 2010-01-03 22:59:03.000000000 +0100 +@@ -7,7 +7,7 @@ + define(`confCCOPTS_SO', `-fPIC') + define(`confSM_OS_HEADER', `sm_os_linux') + define(`confMANROOT', `/usr/share/man/man') +-define(`confLIBS', `-ldl') ++define(`confLIBS', `-pie -ldl') + define(`confEBINDIR', `/usr/sbin') + APPENDDEF(`confLIBSEARCH', `crypt nsl') + +@@ -22,19 +22,19 @@ + ifelse(confBLDVARIANT, `DEBUG', + dnl Debug build + ` +- define(`confOPTIMIZE',`-g -Wall') ++ define(`confOPTIMIZE',`-g -Wall -fpie') + ', + dnl Optimized build + confBLDVARIANT, `OPTIMIZED', + ` +- define(`confOPTIMIZE',`-O2') ++ define(`confOPTIMIZE',`-O2 -fpie') + ', + dnl Purify build + confBLDVARIANT, `PURIFY', + ` +- define(`confOPTIMIZE',`-g') ++ define(`confOPTIMIZE',`-g -fpie') + ', + dnl default + ` +- define(`confOPTIMIZE',`-O2') ++ define(`confOPTIMIZE',`-O2 -fpie') + ') +--- sendmail-8.14.4/libsm/Makefile.m4 2006-08-16 23:06:31.000000000 +0200 ++++ sendmail-8.14.4/libsm/Makefile.m4.dynamic 2010-01-03 23:01:36.000000000 +0100 +@@ -6,7 +6,7 @@ + define(`confREQUIRE_SM_OS_H', `true') + PREPENDDEF(`confENVDEF', `confMAPDEF') + bldPRODUCT_START(`library', `libsm') +-define(`bldSOURCES', ` assert.c debug.c errstring.c exc.c heap.c match.c rpool.c strdup.c strerror.c strl.c clrerr.c fclose.c feof.c ferror.c fflush.c fget.c fpos.c findfp.c flags.c fopen.c fprintf.c fpurge.c fput.c fread.c fscanf.c fseek.c fvwrite.c fwalk.c fwrite.c get.c makebuf.c put.c refill.c rewind.c setvbuf.c smstdio.c snprintf.c sscanf.c stdio.c strio.c ungetc.c vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c wbuf.c wsetup.c string.c stringf.c xtrap.c strto.c test.c strcasecmp.c strrevcmp.c signal.c clock.c config.c shm.c sem.c mbdb.c strexit.c cf.c ldap.c niprop.c mpeix.c memstat.c util.c inet6_ntop.c ') ++define(`bldSOURCES', ` assert.c debug.c errstring.c exc.c heap.c match.c rpool.c strdup.c strl.c clrerr.c fclose.c feof.c ferror.c fflush.c fget.c fpos.c findfp.c flags.c fopen.c fprintf.c fpurge.c fput.c fread.c fscanf.c fseek.c fvwrite.c fwalk.c fwrite.c get.c makebuf.c put.c refill.c rewind.c setvbuf.c smstdio.c snprintf.c sscanf.c stdio.c strio.c ungetc.c vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c wbuf.c wsetup.c string.c stringf.c xtrap.c strto.c test.c strcasecmp.c strrevcmp.c signal.c clock.c config.c shm.c sem.c mbdb.c strexit.c cf.c ldap.c niprop.c mpeix.c memstat.c util.c inet6_ntop.c ') + bldPRODUCT_END + dnl msg.c + dnl syslogio.c diff --git a/sendmail-8.15.1-manpage.patch b/sendmail-8.15.1-manpage.patch new file mode 100644 index 0000000000000000000000000000000000000000..4cf5fff013fba6e1237f442448d907869de834ab --- /dev/null +++ b/sendmail-8.15.1-manpage.patch @@ -0,0 +1,18 @@ +diff --git a/sendmail/sendmail.8 b/sendmail/sendmail.8 +index 9e0b9af..0356839 100644 +--- a/sendmail/sendmail.8 ++++ b/sendmail/sendmail.8 +@@ -729,13 +729,11 @@ collected statistics + /var/spool/mqueue/* + temp files + .SH SEE ALSO +-binmail(1), + mail(1), + rmail(1), + syslog(3), + aliases(5), + mailaddr(7), +-rc(8) + .PP + DARPA + Internet Request For Comments diff --git a/sendmail-8.15.2-format-security.patch b/sendmail-8.15.2-format-security.patch new file mode 100644 index 0000000000000000000000000000000000000000..5acd75a4e18c1ff6310a6f109f97c9b87ba138c5 --- /dev/null +++ b/sendmail-8.15.2-format-security.patch @@ -0,0 +1,127 @@ +diff --git a/sendmail/envelope.c b/sendmail/envelope.c +index bae6b00..beb91a1 100644 +--- a/sendmail/envelope.c ++++ b/sendmail/envelope.c +@@ -323,7 +323,7 @@ dropenvelope(e, fulldrop, split) + + /* don't free, allocated from e_rpool */ + e->e_message = sm_rpool_strdup_x(e->e_rpool, buf); +- message(buf); ++ message("%s", buf); + e->e_flags |= EF_CLRQUEUE; + } + if (msg_timeout == MSG_NOT_BY) +@@ -420,7 +420,7 @@ dropenvelope(e, fulldrop, split) + /* don't free, allocated from e_rpool */ + e->e_message = sm_rpool_strdup_x(e->e_rpool, + buf); +- message(buf); ++ message("%s", buf); + e->e_flags |= EF_WARNING; + } + if (msg_timeout == MSG_WARN_BY) +diff --git a/sendmail/parseaddr.c b/sendmail/parseaddr.c +index 2adb39c..ba99414 100644 +--- a/sendmail/parseaddr.c ++++ b/sendmail/parseaddr.c +@@ -218,7 +218,7 @@ parseaddr(addr, a, flags, delim, delimptr, e, isrcpt) + msg = "Deferring message until queue run"; + if (tTd(20, 1)) + sm_dprintf("parseaddr: queueing message\n"); +- message(msg); ++ message("%s", msg); + if (e->e_message == NULL && e->e_sendmode != SM_DEFER) + e->e_message = sm_rpool_strdup_x(e->e_rpool, msg); + a->q_state = QS_QUEUEUP; +diff --git a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c +index ba636a8..46c5356 100644 +--- a/sendmail/srvrsmtp.c ++++ b/sendmail/srvrsmtp.c +@@ -122,6 +122,26 @@ extern ENVELOPE BlankEnvelope; + #define SKIP_SPACE(s) while (isascii(*s) && isspace(*s)) \ + (s)++ + ++static inline void ++message1(fmt) ++ char *fmt; ++{ ++ if (strchr(fmt, '%') == NULL) ++ message(fmt, NULL); ++ else ++ message("%s", fmt); ++} ++ ++static inline void ++usrerr1(fmt) ++ char *fmt; ++{ ++ if (strchr(fmt, '%') == NULL) ++ usrerr(fmt, NULL); ++ else ++ usrerr("%s", fmt); ++} ++ + /* + ** PARSE_ESMTP_ARGS -- parse EMSTP arguments (for MAIL, RCPT) + ** +@@ -578,13 +598,13 @@ static bool smtp_data __P((SMTP_T *, ENVELOPE *)); + bool tsave = QuickAbort; \ + \ + QuickAbort = false; \ +- usrerr(response); \ ++ usrerr1(response); \ + QuickAbort = tsave; \ + e->e_sendqueue = NULL; \ + goto doquit; \ + } \ + else \ +- usrerr(response); \ ++ usrerr1(response); \ + break; \ + \ + case SMFIR_REJECT: \ +@@ -931,7 +951,7 @@ smtp(nullserver, d_flags, e) + } + else if (strncmp(nullserver, "421 ", 4) == 0) + { +- message(nullserver); ++ message1(nullserver); + goto doquit; + } + +@@ -1849,7 +1869,7 @@ smtp(nullserver, d_flags, e) + if (nullserver != NULL) + { + if (ISSMTPREPLY(nullserver)) +- usrerr(nullserver); ++ usrerr1(nullserver); + else + usrerr("550 5.0.0 %s", + nullserver); +@@ -2449,7 +2469,7 @@ smtp(nullserver, d_flags, e) + tempfail = true; + smtp.sm_milterize = false; + if (response != NULL) +- usrerr(response); ++ usrerr1(response); + else + message("421 4.7.0 %s closing connection", + MyHostName); +@@ -3656,7 +3676,7 @@ smtp_data(smtp, e) + (void) extenhsc(response + 4, ' ', e->e_enhsc); + #endif /* _FFR_MILTER_ENHSC */ + +- usrerr(response); ++ usrerr1(response); + if (strncmp(response, "421 ", 4) == 0 + || strncmp(response, "421-", 4) == 0) + { +@@ -3776,7 +3796,7 @@ smtp_data(smtp, e) + if (ISSMTPCODE(response)) + (void) extenhsc(response + 4, ' ', e->e_enhsc); + #endif /* _FFR_MILTER_ENHSC */ +- usrerr(response); ++ usrerr1(response); + if (strncmp(response, "421 ", 4) == 0 + || strncmp(response, "421-", 4) == 0) + rv = false; diff --git a/sendmail-8.15.2-libmilter-socket-activation.patch b/sendmail-8.15.2-libmilter-socket-activation.patch new file mode 100644 index 0000000000000000000000000000000000000000..e8251bcdd593f2c11a8a40b61f7ec6f924594a48 --- /dev/null +++ b/sendmail-8.15.2-libmilter-socket-activation.patch @@ -0,0 +1,80 @@ +Description: systemd-like socket activation support for libmilter +Author: Mikhail Gusarov {unix|local}:/path/to/file -- A named pipe. +
  • inet:port@{hostname|ip-address} -- An IPV4 socket. +
  • inet6:port@{hostname|ip-address} -- An IPV6 socket. ++
  • fd:number -- Pre-opened file descriptor. + + + +diff --git a/libmilter/listener.c b/libmilter/listener.c +index 11d92bb..2ab533d 100644 +--- a/libmilter/listener.c ++++ b/libmilter/listener.c +@@ -197,6 +197,11 @@ mi_milteropen(conn, backlog, rmsocket, name) + L_socksize = sizeof addr.sin6; + } + #endif /* NETINET6 */ ++ else if (strcasecmp(p, "fd") == 0) ++ { ++ addr.sa.sa_family = AF_UNSPEC; ++ L_socksize = sizeof (_SOCK_ADDR); ++ } + else + { + smi_log(SMI_LOG_ERR, "%s: unknown socket type %s", +@@ -443,7 +448,21 @@ mi_milteropen(conn, backlog, rmsocket, name) + } + #endif /* NETINET || NETINET6 */ + +- sock = socket(addr.sa.sa_family, SOCK_STREAM, 0); ++ if (addr.sa.sa_family == AF_UNSPEC) ++ { ++ char *end; ++ sock = strtol(colon, &end, 10); ++ if (*end != '\0' || sock < 0) ++ { ++ smi_log(SMI_LOG_ERR, "%s: expected positive integer as fd, got %s", name, colon); ++ return INVALID_SOCKET; ++ } ++ } ++ else ++ { ++ sock = socket(addr.sa.sa_family, SOCK_STREAM, 0); ++ } ++ + if (!ValidSocket(sock)) + { + smi_log(SMI_LOG_ERR, +@@ -466,6 +485,7 @@ mi_milteropen(conn, backlog, rmsocket, name) + #if NETUNIX + addr.sa.sa_family != AF_UNIX && + #endif /* NETUNIX */ ++ addr.sa.sa_family != AF_UNSPEC && + setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *) &sockopt, + sizeof(sockopt)) == -1) + { +@@ -511,7 +531,8 @@ mi_milteropen(conn, backlog, rmsocket, name) + } + #endif /* NETUNIX */ + +- if (bind(sock, &addr.sa, L_socksize) < 0) ++ if (addr.sa.sa_family != AF_UNSPEC && ++ bind(sock, &addr.sa, L_socksize) < 0) + { + smi_log(SMI_LOG_ERR, + "%s: Unable to bind to port %s: %s", +@@ -818,7 +839,7 @@ mi_listener(conn, dbg, smfi, timeout, backlog) + # ifdef BSD4_4_SOCKADDR + cliaddr.sa.sa_len == 0 || + # endif /* BSD4_4_SOCKADDR */ +- cliaddr.sa.sa_family != L_family)) ++ (L_family != AF_UNSPEC && cliaddr.sa.sa_family != L_family))) + { + (void) closesocket(connfd); + connfd = INVALID_SOCKET; diff --git a/sendmail-8.15.2-localdomain.patch b/sendmail-8.15.2-localdomain.patch new file mode 100644 index 0000000000000000000000000000000000000000..36ec981dfe7687ed2730245f630048e4a5113c55 --- /dev/null +++ b/sendmail-8.15.2-localdomain.patch @@ -0,0 +1,13 @@ +diff --git a/cf/m4/proto.m4 b/cf/m4/proto.m4 +index 696bf36..5a5963b 100644 +--- a/cf/m4/proto.m4 ++++ b/cf/m4/proto.m4 +@@ -1898,6 +1898,8 @@ R<@> < $* @ [IPv6:::1] > + $: < ? $&{client_name} > < $1 @ [IPv6:::1] > + R<@> < $* @ localhost.$m > + $: < ? $&{client_name} > < $1 @ localhost.$m > ++R<@> < $* @ localhost.localdomain > ++ $: < ? $&{client_name} > < $1 @ localhost.localdomain > + ifdef(`_NO_UUCP_', `dnl', + `R<@> < $* @ localhost.UUCP > + $: < ? $&{client_name} > < $1 @ localhost.UUCP >') diff --git a/sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch b/sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch new file mode 100644 index 0000000000000000000000000000000000000000..b470358a7f4ba82499c37d84db129d1e91d59669 --- /dev/null +++ b/sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch @@ -0,0 +1,20 @@ +diff --git a/sendmail/tls.c b/sendmail/tls.c +index 16cb93f..9338380 100644 +--- a/sendmail/tls.c ++++ b/sendmail/tls.c +@@ -1329,13 +1329,8 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar + } + + #if _FFR_TLS_EC +- ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +- if (ecdh != NULL) +- { +- SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE); +- SSL_CTX_set_tmp_ecdh(*ctx, ecdh); +- EC_KEY_free(ecdh); +- } ++ SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE); ++ SSL_CTX_set_ecdh_auto(*ctx, 1); + #endif /* _FFR_TLS_EC */ + + } diff --git a/sendmail-8.15.2-openssl-1.1.0-fix.patch b/sendmail-8.15.2-openssl-1.1.0-fix.patch new file mode 100644 index 0000000000000000000000000000000000000000..54a67548941db6bf92aee45affe645af0dd3ed0b --- /dev/null +++ b/sendmail-8.15.2-openssl-1.1.0-fix.patch @@ -0,0 +1,182 @@ +--- sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 15:20:59.953546417 +0100 ++++ sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 17:26:43.868521378 +0100 +@@ -63,14 +63,28 @@ static unsigned char dh512_g[] = + static DH * + get_dh512() + { +- DH *dh = NULL; ++ DH *dh; ++ BIGNUM *p, *g; + + if ((dh = DH_new()) == NULL) + return NULL; +- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); +- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); +- if ((dh->p == NULL) || (dh->g == NULL)) ++ p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); ++ g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); ++ if (p == NULL || g == NULL) ++ { ++ BN_free(p); ++ BN_free(g); ++ DH_free(dh); + return NULL; ++ } ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ DH_set0_pqg(dh, p, NULL, g); ++#else ++ dh->p = p; ++ dh->g = g; ++#endif ++ + return dh; + } + +@@ -117,16 +131,27 @@ get_dh2048() + }; + static unsigned char dh2048_g[]={ 0x02, }; + DH *dh; ++ BIGNUM *p, *g; + + if ((dh=DH_new()) == NULL) + return(NULL); +- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); +- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); +- if ((dh->p == NULL) || (dh->g == NULL)) ++ p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL); ++ g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL); ++ if (p == NULL || g == NULL) + { ++ BN_free(p); ++ BN_free(g); + DH_free(dh); +- return(NULL); ++ return NULL; + } ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ DH_set0_pqg(dh, p, NULL, g); ++#else ++ dh->p = p; ++ dh->g = g; ++#endif ++ + return(dh); + } + # endif /* !NO_DH */ +@@ -715,6 +740,54 @@ static char server_session_id_context[] + # define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 0 + #endif + ++static RSA * ++generate_rsa_key(bits, e) ++ int bits; ++ unsigned long e; ++{ ++#if OPENSSL_VERSION_NUMBER < 0x00908000L ++ return RSA_generate_key(bits, e, NULL, NULL); ++#else ++ BIGNUM *bne; ++ RSA *rsa = NULL; ++ ++ bne = BN_new(); ++ if (bne && BN_set_word(bne, e) != 1) ++ rsa = RSA_new(); ++ if (rsa && RSA_generate_key_ex(rsa, bits, bne, NULL) != 1) ++ { ++ RSA_free(rsa); ++ rsa = NULL; ++ } ++ BN_free(bne); ++ return rsa; ++#endif ++} ++ ++static DSA * ++generate_dsa_parameters(bits, seed, seed_len, counter_ret, h_ret) ++ int bits; ++ unsigned char *seed; ++ int seed_len; ++ int *counter_ret; ++ unsigned long *h_ret; ++{ ++#if OPENSSL_VERSION_NUMBER < 0x00908000L ++ return DSA_generate_parameters(bits, seed, seed_len, counter_ret, ++ h_ret, NULL, NULL); ++#else ++ DSA *dsa = DSA_new(); ++ ++ if (dsa && DSA_generate_parameters_ex(dsa, bits, seed, seed_len, ++ counter_ret, h_ret, NULL) != 1) ++ { ++ DSA_free(dsa); ++ dsa = NULL; ++ } ++ return dsa; ++#endif ++} ++ + bool + inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) + SSL_CTX **ctx; +@@ -926,7 +999,7 @@ inittls(ctx, req, options, srv, certfile + { + /* get a pointer to the current certificate validation store */ + store = SSL_CTX_get_cert_store(*ctx); /* does not fail */ +- crl_file = BIO_new(BIO_s_file_internal()); ++ crl_file = BIO_new(BIO_s_file()); + if (crl_file != NULL) + { + if (BIO_read_filename(crl_file, CRLFile) >= 0) +@@ -1003,8 +1076,7 @@ inittls(ctx, req, options, srv, certfile + if (bitset(TLS_I_RSA_TMP, req) + # if SM_CONF_SHM + && ShmId != SM_SHM_NO_ID && +- (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, +- NULL)) == NULL ++ (rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4)) == NULL + # else /* SM_CONF_SHM */ + && 0 /* no shared memory: no need to generate key now */ + # endif /* SM_CONF_SHM */ +@@ -1210,8 +1282,8 @@ inittls(ctx, req, options, srv, certfile + sm_dprintf("inittls: Generating %d bit DH parameters\n", bits); + + /* this takes a while! */ +- dsa = DSA_generate_parameters(bits, NULL, 0, NULL, +- NULL, 0, NULL); ++ dsa = generate_dsa_parameters(bits, NULL, 0, NULL, ++ NULL); + dh = DSA_dup_DH(dsa); + DSA_free(dsa); + } +@@ -1747,7 +1819,7 @@ tmp_rsa_key(s, export, keylength) + + if (rsa_tmp != NULL) + RSA_free(rsa_tmp); +- rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL); ++ rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4); + if (rsa_tmp == NULL) + { + if (LogLevel > 0) +@@ -1974,11 +2046,20 @@ x509_verify_cb(ok, ctx) + { + if (LogLevel > 13) + tls_verify_log(ok, ctx, "x509"); ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ if (X509_STORE_CTX_get_error(ctx) == ++ X509_V_ERR_UNABLE_TO_GET_CRL) ++ { ++ X509_STORE_CTX_set_error(ctx, 0); ++ return 1; /* override it */ ++ } ++#else + if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL) + { + ctx->error = 0; + return 1; /* override it */ + } ++#endif + } + return ok; + } diff --git a/sendmail-8.15.2-qos.patch b/sendmail-8.15.2-qos.patch new file mode 100644 index 0000000000000000000000000000000000000000..c0b8b6a7f3a9812e33f149ef5331f34ea3520121 --- /dev/null +++ b/sendmail-8.15.2-qos.patch @@ -0,0 +1,246 @@ +diff --git a/cf/cf/submit.mc b/cf/cf/submit.mc +index b9dfb16..cb325cc 100644 +--- a/cf/cf/submit.mc ++++ b/cf/cf/submit.mc +@@ -22,6 +22,8 @@ define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining + define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet + define(`confTIME_ZONE', `USE_TZ')dnl + define(`confDONT_INIT_GROUPS', `True')dnl ++dnl # If you're operating in a DSCP/RFC-4594 environment with QoS ++dnl define(`confINET_QOS', `AF11')dnl + define(`confPID_FILE', `/run/sm-client.pid')dnl + dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl + FEATURE(`use_ct_file')dnl +diff --git a/cf/m4/proto.m4 b/cf/m4/proto.m4 +index 5a5963b..0df3416 100644 +--- a/cf/m4/proto.m4 ++++ b/cf/m4/proto.m4 +@@ -251,6 +251,9 @@ _OPTION(SevenBitInput, `confSEVEN_BIT_INPUT', `False') + # 8-bit data handling + _OPTION(EightBitMode, `confEIGHT_BIT_HANDLING', `pass8') + ++# DSCP marking of traffic (IP_TOS) ++_OPTION(InetQoS, `confINET_QOS', `none') ++ + # wait for alias file rebuild (default units: minutes) + _OPTION(AliasWait, `confALIAS_WAIT', `5m') + +diff --git a/sendmail/conf.c b/sendmail/conf.c +index cbb9c76..1b55533 100644 +--- a/sendmail/conf.c ++++ b/sendmail/conf.c +@@ -6430,6 +6430,10 @@ char *FFRCompileOptions[] = + #if _FFR_QF_PARANOIA + "_FFR_QF_PARANOIA", + #endif ++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) ++ /* QoS */ ++ "_FFR_QOS", ++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */ + #if _FFR_QUEUE_GROUP_SORTORDER + /* Allow QueueSortOrder per queue group. */ + /* XXX: Still need to actually use qgrp->qg_sortorder */ +diff --git a/sendmail/daemon.c b/sendmail/daemon.c +index 4288365..86fe319 100644 +--- a/sendmail/daemon.c ++++ b/sendmail/daemon.c +@@ -104,6 +104,10 @@ static int NDaemons = 0; /* actual number of daemons */ + + static time_t NextDiskSpaceCheck = 0; + ++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) ++int InetQoS = 0; /* none by default */ ++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */ ++ + /* + ** GETREQUESTS -- open mail IPC port and get requests. + ** +@@ -1139,6 +1143,16 @@ opendaemonsocket(d, firsttime) + (void) setsockopt(d->d_socket, SOL_SOCKET, + SO_KEEPALIVE, (char *)&on, sizeof(on)); + ++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) ++ if (InetQoS != 0x00 ++ && (d->d_addr.sa.sa_family == AF_INET ++ || (d->d_addr.sin6.sin6_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(d->d_addr.sin6.sin6_addr.s6_addr32)))) { ++ if (setsockopt(d->d_socket, SOL_IP, ++ IP_TOS, (char *)&InetQoS, sizeof(InetQoS)) < 0) ++ syserr("opendaemonsock: daemon %s: setsockopt(IP_TOS)", d->d_name); ++ } ++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */ ++ + #ifdef SO_RCVBUF + if (d->d_tcprcvbufsize > 0) + { +@@ -2571,6 +2585,16 @@ gothostent: + return EX_TEMPFAIL; + } + ++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) ++ if (InetQoS != 0x00 ++ && (family == AF_INET ++ || (family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(addr.sin6.sin6_addr.s6_addr32)))) ++ { ++ if (setsockopt(s, SOL_IP, IP_TOS, ++ (char *)&InetQoS, sizeof(InetQoS)) < 0) ++ syserr("makeconnection: setsockopt(IP_TOS)"); ++ } ++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */ + #ifdef SO_SNDBUF + if (ClientSettings[family].d_tcpsndbufsize > 0) + { +diff --git a/sendmail/readcf.c b/sendmail/readcf.c +index 2b0fbf7..86892f5 100644 +--- a/sendmail/readcf.c ++++ b/sendmail/readcf.c +@@ -18,6 +18,7 @@ SM_RCSID("@(#)$Id: readcf.c,v 8.692 2013-11-22 20:51:56 ca Exp $") + + #if NETINET || NETINET6 + # include ++# include + #endif /* NETINET || NETINET6 */ + + +@@ -2888,8 +2889,8 @@ static struct optioninfo + # define O_RCPTTHROTDELAY 0xe6 + { "BadRcptThrottleDelay", O_RCPTTHROTDELAY, OI_SAFE }, + #endif /* _FFR_RCPTTHROTDELAY */ +-#if 0 && _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) +-# define O_INETQOS 0xe7 /* reserved for FFR_QOS */ ++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) ++# define O_INETQOS 0xe7 + { "InetQoS", O_INETQOS, OI_NONE }, + #endif + #if STARTTLS && _FFR_FIPSMODE +@@ -2914,6 +2915,77 @@ static struct optioninfo + { NULL, '\0', OI_NONE } + }; + ++#ifdef O_INETQOS ++static struct qosmap ++{ ++ char *name; /* name of the setting */ ++ int value; /* corresponding setsockopt() value */ ++} QoSMap[] = { ++#ifdef IPTOS_CLASS_CS0 ++ { "CS0", IPTOS_CLASS_CS0 }, ++#endif ++#ifdef IPTOS_CLASS_CS1 ++ { "CS1", IPTOS_CLASS_CS1 }, ++#endif ++#ifdef IPTOS_DSCP_AF11 ++ { "AF11", IPTOS_DSCP_AF11 }, ++#endif ++#ifdef IPTOS_DSCP_AF12 ++ { "AF12", IPTOS_DSCP_AF12 }, ++#endif ++#ifdef IPTOS_DSCP_AF13 ++ { "AF13", IPTOS_DSCP_AF13 }, ++#endif ++#ifdef IPTOS_CLASS_CS2 ++ { "CS2", IPTOS_CLASS_CS2 }, ++#endif ++#ifdef IPTOS_DSCP_AF21 ++ { "AF21", IPTOS_DSCP_AF21 }, ++#endif ++#ifdef IPTOS_DSCP_AF22 ++ { "AF22", IPTOS_DSCP_AF22 }, ++#endif ++#ifdef IPTOS_DSCP_AF23 ++ { "AF23", IPTOS_DSCP_AF23 }, ++#endif ++#ifdef IPTOS_CLASS_CS3 ++ { "CS3", IPTOS_CLASS_CS3 }, ++#endif ++#ifdef IPTOS_DSCP_AF31 ++ { "AF31", IPTOS_DSCP_AF31 }, ++#endif ++#ifdef IPTOS_DSCP_AF32 ++ { "AF32", IPTOS_DSCP_AF32 }, ++#endif ++#ifdef IPTOS_DSCP_AF33 ++ { "AF33", IPTOS_DSCP_AF33 }, ++#endif ++#ifdef IPTOS_CLASS_CS4 ++ { "CS4", IPTOS_CLASS_CS4 }, ++#endif ++#ifdef IPTOS_DSCP_AF41 ++ { "AF41", IPTOS_DSCP_AF41 }, ++#endif ++#ifdef IPTOS_DSCP_AF42 ++ { "AF42", IPTOS_DSCP_AF42 }, ++#endif ++#ifdef IPTOS_DSCP_AF43 ++ { "AF43", IPTOS_DSCP_AF43 }, ++#endif ++#ifdef IPTOS_CLASS_CS5 ++ { "CS5", IPTOS_CLASS_CS5 }, ++#endif ++#ifdef IPTOS_CLASS_CS6 ++ { "CS6", IPTOS_CLASS_CS6 }, ++#endif ++#ifdef IPTOS_CLASS_CS7 ++ { "CS7", IPTOS_CLASS_CS7 }, ++#endif ++ { "none", 0x00 }, ++ { NULL, 0 } ++}; ++#endif ++ + # define CANONIFY(val) + + # define SET_OPT_DEFAULT(opt, val) opt = val +@@ -4540,6 +4612,33 @@ setoption(opt, val, safe, sticky, e) + UseCompressedIPv6Addresses = atobool(val); + break; + ++#ifdef O_INETQOS ++ case O_INETQOS: ++ { ++ struct qosmap *qmp; ++ InetQoS = -1; ++ ++ for (qmp = QoSMap; qmp->name != NULL; ++qmp) { ++ if (!strcmp(val, qmp->name)) { ++ InetQoS = qmp->value; ++ break; ++ } ++ } ++ ++ /* ++ ** we could allow writing it as a hex value, but ++ ** we don't at this time. ++ **/ ++ if (qmp->name == NULL) { ++ (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, ++ "Warning: Option: %s unknown parameter '%s'\n", ++ OPTNAME, val); ++ break; ++ } ++ break; ++ } ++#endif ++ + default: + if (tTd(37, 1)) + { +diff --git a/sendmail/sendmail.h b/sendmail/sendmail.h +index b2d0211..3bcc2e2 100644 +--- a/sendmail/sendmail.h ++++ b/sendmail/sendmail.h +@@ -2537,7 +2537,14 @@ EXTERN struct termescape TermEscape; /* terminal escape codes */ + EXTERN SOCKADDR ConnectOnlyTo; /* override connection address (for testing) */ + EXTERN SOCKADDR RealHostAddr; /* address of host we are talking to */ + extern const SM_EXC_TYPE_T EtypeQuickAbort; /* type of a QuickAbort exception */ +- ++#if _FFR_QOS ++# if !defined(SOL_IP) && defined(IPPROTO_IP) ++# define SOL_IP IPPROTO_IP ++# endif ++# if defined(SOL_IP) && defined(IP_TOS) ++EXTERN int InetQoS; /* QoS mapping */ ++# endif ++#endif + + EXTERN int ConnectionRateWindowSize; + #if STARTTLS && USE_OPENSSL_ENGINE diff --git a/sendmail-8.15.2-smtp-session-reuse-fix.patch b/sendmail-8.15.2-smtp-session-reuse-fix.patch new file mode 100644 index 0000000000000000000000000000000000000000..bc148419532b2d97886b43f2f91f621469370dc8 --- /dev/null +++ b/sendmail-8.15.2-smtp-session-reuse-fix.patch @@ -0,0 +1,249 @@ +diff -ru a/sendmail/deliver.c b/sendmail/deliver.c +--- a/sendmail/deliver.c 2016-02-29 06:01:55.000000000 -0800 ++++ b/sendmail/deliver.c 2016-02-29 06:02:06.000000000 -0800 +@@ -6274,8 +6274,7 @@ + tlslogerr(LOG_WARNING, "client"); + } + +- SSL_free(clt_ssl); +- clt_ssl = NULL; ++ SM_SSL_FREE(clt_ssl); + return EX_SOFTWARE; + } + mci->mci_ssl = clt_ssl; +@@ -6287,8 +6286,7 @@ + return EX_OK; + + /* failure */ +- SSL_free(clt_ssl); +- clt_ssl = NULL; ++ SM_SSL_FREE(clt_ssl); + return EX_SOFTWARE; + } + /* +@@ -6309,7 +6307,7 @@ + + if (!bitset(MCIF_TLSACT, mci->mci_flags)) + return EX_OK; +- r = endtls(mci->mci_ssl, "client"); ++ r = endtls(&mci->mci_ssl, "client"); + mci->mci_flags &= ~MCIF_TLSACT; + return r; + } +diff -ru a/sendmail/macro.c b/sendmail/macro.c +--- a/sendmail/macro.c 2016-02-29 06:01:55.000000000 -0800 ++++ b/sendmail/macro.c 2016-02-29 06:02:06.000000000 -0800 +@@ -362,6 +362,33 @@ + } + + /* ++** MACTABCLEAR -- clear entire macro table ++** ++** Parameters: ++** mac -- Macro table. ++** ++** Returns: ++** none. ++** ++** Side Effects: ++** clears entire mac structure including rpool pointer! ++*/ ++ ++void ++mactabclear(mac) ++ MACROS_T *mac; ++{ ++ int i; ++ ++ if (mac->mac_rpool == NULL) ++ { ++ for (i = 0; i < MAXMACROID; i++) ++ SM_FREE_CLR(mac->mac_table[i]); ++ } ++ memset((char *) mac, '\0', sizeof(*mac)); ++} ++ ++/* + ** MACDEFINE -- bind a macro name to a value + ** + ** Set a macro to a value, with fancy storage management. +diff -ru a/sendmail/mci.c b/sendmail/mci.c +--- a/sendmail/mci.c 2016-02-29 06:01:55.000000000 -0800 ++++ b/sendmail/mci.c 2016-02-29 06:02:06.000000000 -0800 +@@ -25,6 +25,7 @@ + int, bool)); + static bool mci_load_persistent __P((MCI *)); + static void mci_uncache __P((MCI **, bool)); ++static void mci_clear __P((MCI *)); + static int mci_lock_host_statfile __P((MCI *)); + static int mci_read_persistent __P((SM_FILE_T *, MCI *)); + +@@ -253,6 +254,7 @@ + SM_FREE_CLR(mci->mci_status); + SM_FREE_CLR(mci->mci_rstatus); + SM_FREE_CLR(mci->mci_heloname); ++ mci_clear(mci); + if (mci->mci_rpool != NULL) + { + sm_rpool_free(mci->mci_rpool); +@@ -315,6 +317,41 @@ + } + + /* ++** MCI_CLEAR -- clear mci ++** ++** Parameters: ++** mci -- the connection to clear. ++** ++** Returns: ++** none. ++*/ ++ ++static void ++mci_clear(mci) ++ MCI *mci; ++{ ++ if (mci == NULL) ++ return; ++ ++ mci->mci_maxsize = 0; ++ mci->mci_min_by = 0; ++ mci->mci_deliveries = 0; ++#if SASL ++ if (bitset(MCIF_AUTHACT, mci->mci_flags)) ++ sasl_dispose(&mci->mci_conn); ++#endif ++#if STARTTLS ++ if (bitset(MCIF_TLSACT, mci->mci_flags) && mci->mci_ssl != NULL) ++ SM_SSL_FREE(mci->mci_ssl); ++#endif ++ ++ /* which flags to preserve? */ ++ mci->mci_flags &= MCIF_CACHED; ++ mactabclear(&mci->mci_macro); ++} ++ ++ ++/* + ** MCI_GET -- get information about a particular host + ** + ** Parameters: +@@ -419,6 +456,7 @@ + mci->mci_errno = 0; + mci->mci_exitstat = EX_OK; + } ++ mci_clear(mci); + } + + return mci; +diff -ru a/sendmail/sendmail.h b/sendmail/sendmail.h +--- a/sendmail/sendmail.h 2016-02-29 06:01:55.000000000 -0800 ++++ b/sendmail/sendmail.h 2016-02-29 06:02:06.000000000 -0800 +@@ -1186,6 +1186,7 @@ + #define macid(name) macid_parse(name, NULL) + extern char *macname __P((int)); + extern char *macvalue __P((int, ENVELOPE *)); ++extern void mactabclear __P((MACROS_T *)); + extern int rscheck __P((char *, char *, char *, ENVELOPE *, int, int, char *, char *, ADDRESS *, char **)); + extern int rscap __P((char *, char *, char *, ENVELOPE *, char ***, char *, int)); + extern void setclass __P((int, char *)); +@@ -2002,7 +2003,15 @@ + extern void setclttls __P((bool)); + extern bool initsrvtls __P((bool)); + extern int tls_get_info __P((SSL *, bool, char *, MACROS_T *, bool)); +-extern int endtls __P((SSL *, char *)); ++#define SM_SSL_FREE(ssl) \ ++ do { \ ++ if (ssl != NULL) \ ++ { \ ++ SSL_free(ssl); \ ++ ssl = NULL; \ ++ } \ ++ } while (0) ++extern int endtls __P((SSL **, char *)); + extern void tlslogerr __P((int, const char *)); + + +diff -ru a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c +--- a/sendmail/srvrsmtp.c 2016-02-29 06:01:55.000000000 -0800 ++++ b/sendmail/srvrsmtp.c 2016-02-29 06:02:06.000000000 -0800 +@@ -2122,8 +2122,7 @@ + if (get_tls_se_options(e, srv_ssl, true) != 0) + { + message("454 4.3.3 TLS not available: error setting options"); +- SSL_free(srv_ssl); +- srv_ssl = NULL; ++ SM_SSL_FREE(srv_ssl); + goto tls_done; + } + +@@ -2145,8 +2144,7 @@ + SSL_set_wfd(srv_ssl, wfd) <= 0) + { + message("454 4.3.3 TLS not available: error set fd"); +- SSL_free(srv_ssl); +- srv_ssl = NULL; ++ SM_SSL_FREE(srv_ssl); + goto tls_done; + } + if (!smtps) +@@ -2188,8 +2186,7 @@ + tlslogerr(LOG_WARNING, "server"); + } + tls_ok_srv = false; +- SSL_free(srv_ssl); +- srv_ssl = NULL; ++ SM_SSL_FREE(srv_ssl); + + /* + ** according to the next draft of +@@ -3416,7 +3413,7 @@ + /* shutdown TLS connection */ + if (tls_active) + { +- (void) endtls(srv_ssl, "server"); ++ (void) endtls(&srv_ssl, "server"); + tls_active = false; + } + #endif /* STARTTLS */ +diff -ru a/sendmail/tls.c b/sendmail/tls.c +--- a/sendmail/tls.c 2016-02-29 06:01:55.000000000 -0800 ++++ b/sendmail/tls.c 2016-02-29 06:02:06.000000000 -0800 +@@ -1624,7 +1624,7 @@ + ** ENDTLS -- shutdown secure connection + ** + ** Parameters: +-** ssl -- SSL connection information. ++** pssl -- pointer to TLS session context + ** side -- server/client (for logging). + ** + ** Returns: +@@ -1632,12 +1632,16 @@ + */ + + int +-endtls(ssl, side) +- SSL *ssl; ++endtls(pssl, side) ++ SSL **pssl; + char *side; + { + int ret = EX_OK; ++ SSL *ssl; + ++ SM_REQUIRE(pssl != NULL); ++ ret = EX_OK; ++ ssl = *pssl; + if (ssl != NULL) + { + int r; +@@ -1703,8 +1707,7 @@ + ret = EX_SOFTWARE; + } + # endif /* !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER > 0x0090602fL */ +- SSL_free(ssl); +- ssl = NULL; ++ SM_SSL_FREE(*pssl); + } + return ret; + } diff --git a/sendmail-8.15.2-switchfile.patch b/sendmail-8.15.2-switchfile.patch new file mode 100644 index 0000000000000000000000000000000000000000..940d5a7b913b4a8b763f499faf5ad7ba9eab91de --- /dev/null +++ b/sendmail-8.15.2-switchfile.patch @@ -0,0 +1,13 @@ +diff --git a/sendmail/conf.c b/sendmail/conf.c +index c73334e..cbb9c76 100644 +--- a/sendmail/conf.c ++++ b/sendmail/conf.c +@@ -986,7 +986,7 @@ switch_map_find(service, maptype, mapreturn) + if (p != NULL) + *p = '\0'; + #ifndef SM_NSSWITCH_DELIMS +-# define SM_NSSWITCH_DELIMS " \t" ++# define SM_NSSWITCH_DELIMS " \t:" + #endif /* SM_NSSWITCH_DELIMS */ + p = strpbrk(buf, SM_NSSWITCH_DELIMS); + if (p != NULL) diff --git a/sendmail-etc-mail-access b/sendmail-etc-mail-access new file mode 100644 index 0000000000000000000000000000000000000000..31715ef3f6ecd1300bfd44ec02f599027515208d --- /dev/null +++ b/sendmail-etc-mail-access @@ -0,0 +1,12 @@ +# Check the /usr/share/doc/sendmail/README.cf file for a description +# of the format of this file. (search for access_db in that file) +# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc +# package. +# +# If you want to use AuthInfo with "M:PLAIN LOGIN", make sure to have the +# cyrus-sasl-plain package installed. +# +# By default we allow relaying from localhost... +Connect:localhost.localdomain RELAY +Connect:localhost RELAY +Connect:127.0.0.1 RELAY diff --git a/sendmail-etc-mail-domaintable b/sendmail-etc-mail-domaintable new file mode 100644 index 0000000000000000000000000000000000000000..2dfd1aa36fa79495ba52d091a33446842c75d9f0 --- /dev/null +++ b/sendmail-etc-mail-domaintable @@ -0,0 +1,4 @@ +# The "domain table" can be used to provide domain name mapping. +# Use of this should really be limited to your own domains. +# It may be useful if you change names (e.g., your company +# changes names from oldname.com to newname.com) diff --git a/sendmail-etc-mail-local-host-names b/sendmail-etc-mail-local-host-names new file mode 100644 index 0000000000000000000000000000000000000000..9248c0063adddfd5c365fa0fc6fe71c7fc64d027 --- /dev/null +++ b/sendmail-etc-mail-local-host-names @@ -0,0 +1 @@ +# local-host-names - include all aliases for your machine here. diff --git a/sendmail-etc-mail-mailertable b/sendmail-etc-mail-mailertable new file mode 100644 index 0000000000000000000000000000000000000000..0deb307e513e48738d73b267c0f5464bdb53bbbb --- /dev/null +++ b/sendmail-etc-mail-mailertable @@ -0,0 +1,30 @@ +# The "mailer table" can be used to override routing for particular domains +# (which are not in class {w}, i.e. local host names). +# +# hash /etc/mail/mailertable +# +# Keys in this database are fully qualified domain names or partial domains +# preceded by a dot -- for example, "vangogh.CS.Berkeley.EDU" or +# ".CS.Berkeley.EDU". As a special case of the latter, "." matches any domain +# not covered by other keys. Values must be of the form: +# +# mailer:domain +# +# where "mailer" is the internal mailer name, and "domain" is where to send +# the message. These maps are not reflected into the message header. As a +# special case, the forms: +# +# local:user +# +# will forward to the indicated user using the local mailer, +# +# local: +# +# will forward to the original user in the e-mail address using the local +# mailer, and +# +# error:code message +# error:D.S.N:code message +# +# will give an error message with the indicated SMTP reply code and message, +# where D.S.N is an RFC 1893 compliant error code. diff --git a/sendmail-etc-mail-trusted-users b/sendmail-etc-mail-trusted-users new file mode 100644 index 0000000000000000000000000000000000000000..986184dff2163fde3eea7557d5b855abdb716356 --- /dev/null +++ b/sendmail-etc-mail-trusted-users @@ -0,0 +1,2 @@ +# trusted-users - users that can send mail as others without a warning +# apache, mailman, majordomo, uucp, are good candidates diff --git a/sendmail-etc-mail-virtusertable b/sendmail-etc-mail-virtusertable new file mode 100644 index 0000000000000000000000000000000000000000..cc4b545e377d0940c43927bcdf87bbe7e8da4f6f --- /dev/null +++ b/sendmail-etc-mail-virtusertable @@ -0,0 +1,41 @@ +# A domain-specific form of aliasing, allowing multiple virtual domains to be +# hosted on one machine. +# +# info@foo.com foo-info +# info@bar.com bar-info +# joe@bar.com error:nouser 550 No such user here +# jax@bar.com error:5.7.0:550 Address invalid +# @baz.org jane@example.net +# +# then mail addressed to info@foo.com will be sent to the address foo-info, +# mail addressed to info@bar.com will be delivered to bar-info, and mail +# addressed to anyone at baz.org will be sent to jane@example.net, mail to +# joe@bar.com will be rejected with the specified error message, and mail to +# jax@bar.com will also have a RFC 1893 compliant error code 5.7.0. +# +# The username from the original address is passed as %1 allowing: +# +# @foo.org %1@example.com +# +# Additionally, if the local part consists of "user+detail" then "detail" is +# passed as %2 and "+detail" is passed as %3 when a match against user+* is +# attempted, so entries like +# +# old+*@foo.org new+%2@example.com +# gen+*@foo.org %2@example.com +# +*@foo.org %1%3@example.com +# X++@foo.org Z%3@example.com +# @bar.org %1%3 +# +# Note: to preserve "+detail" for a default case (@domain) %1%3 must be used +# as RHS. There are two wildcards after "+": "+" matches only a non-empty +# detail, "*" matches also empty details, e.g., user+@foo.org matches# +# +*@foo.org but not ++@foo.org. This can be used to ensure that the +# parameters %2 and %3 are not empty. +# +# All the host names on the left hand side (foo.com, bar.com, and baz.org) +# must be in class {w} or class {VirtHost}. The latter can be defined by the +# macros VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE (analogously to +# MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE). If VIRTUSER_DOMAIN or +# VIRTUSER_DOMAIN_FILE is used, then the entries of class {VirtHost} are +# added to class {R}, i.e., relaying is allowed to (and from) those domains. diff --git a/sendmail-redhat.mc b/sendmail-redhat.mc new file mode 100644 index 0000000000000000000000000000000000000000..dd9bc9648b513efa7693d9b9cc92c4f94d91b5cd --- /dev/null +++ b/sendmail-redhat.mc @@ -0,0 +1,181 @@ +divert(-1)dnl +dnl # +dnl # This is the sendmail macro config file for m4. If you make changes to +dnl # /etc/mail/sendmail.mc, you will need to regenerate the +dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is +dnl # installed and then performing a +dnl # +dnl # /etc/mail/make +dnl # +include(`@@PATH@@/m4/cf.m4')dnl +VERSIONID(`setup for linux')dnl +OSTYPE(`linux')dnl +dnl # +dnl # Do not advertize sendmail version. +dnl # +dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl +dnl # +dnl # default logging level is 9, you might want to set it higher to +dnl # debug the configuration +dnl # +dnl define(`confLOG_LEVEL', `9')dnl +dnl # +dnl # Uncomment and edit the following line if your outgoing mail needs to +dnl # be sent out through an external mail server: +dnl # +dnl define(`SMART_HOST', `smtp.your.provider')dnl +dnl # +define(`confDEF_USER_ID', ``8:12'')dnl +dnl define(`confAUTO_REBUILD')dnl +define(`confTO_CONNECT', `1m')dnl +define(`confTRY_NULL_MX_LIST', `True')dnl +define(`confDONT_PROBE_INTERFACES', `True')dnl +define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl +define(`ALIAS_FILE', `/etc/aliases')dnl +define(`STATUS_FILE', `/var/log/mail/statistics')dnl +define(`UUCP_MAILER_MAX', `2000000')dnl +define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl +define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl +define(`confAUTH_OPTIONS', `A')dnl +dnl # +dnl # The following allows relaying if the user authenticates, and disallows +dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links +dnl # +dnl define(`confAUTH_OPTIONS', `A p')dnl +dnl # +dnl # which realm to use in SASL database (sasldb2) +dnl # +define(`confAUTH_REALM', `mail')dnl +dnl # +dnl # PLAIN is the preferred plaintext authentication method and used by +dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do +dnl # use LOGIN. Other mechanisms should be used if the connection is not +dnl # guaranteed secure. +dnl # Please remember that saslauthd needs to be running for AUTH. +dnl # +dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl +dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl +dnl # +dnl # Basic sendmail TLS configuration with self-signed certificate for +dnl # inbound SMTP (and also opportunistic TLS for outbound SMTP). +dnl # +define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl +define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl +define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl +define(`confSERVER_KEY', `/etc/pki/tls/private/sendmail.key')dnl +define(`confTLS_SRV_OPTIONS', `V')dnl +dnl # +dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's +dnl # slapd, which requires the file to be readble by group ldap +dnl # +dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl +dnl # +dnl define(`confTO_QUEUEWARN', `4h')dnl +dnl define(`confTO_QUEUERETURN', `5d')dnl +dnl define(`confQUEUE_LA', `12')dnl +dnl define(`confREFUSE_LA', `18')dnl +define(`confTO_IDENT', `0')dnl +dnl # If you're operating in a DSCP/RFC-4594 environment with QoS +dnl define(`confINET_QOS', `AF11')dnl +dnl FEATURE(delay_checks)dnl +FEATURE(`no_default_msa', `dnl')dnl +FEATURE(`smrsh', `/usr/sbin/smrsh')dnl +FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl +FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl +FEATURE(redirect)dnl +FEATURE(always_add_domain)dnl +FEATURE(use_cw_file)dnl +FEATURE(use_ct_file)dnl +dnl # +dnl # The following limits the number of processes sendmail can fork to accept +dnl # incoming messages or process its message queues to 20.) sendmail refuses +dnl # to accept connections once it has reached its quota of child processes. +dnl # +dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl +dnl # +dnl # Limits the number of new connections per second. This caps the overhead +dnl # incurred due to forking new sendmail processes. May be useful against +dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address +dnl # limit would be useful but is not available as an option at this writing.) +dnl # +dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl +dnl # +dnl # The -t option will retry delivery if e.g. the user runs over his quota. +dnl # +FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl +FEATURE(`access_db', `hash -T -o /etc/mail/access.db')dnl +FEATURE(`blacklist_recipients')dnl +EXPOSED_USER(`root')dnl +dnl # +dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment +dnl # the following 2 definitions and activate below in the MAILER section the +dnl # cyrusv2 mailer. +dnl # +dnl define(`confLOCAL_MAILER', `cyrusv2')dnl +dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl +dnl # +dnl # The following causes sendmail to only listen on the IPv4 loopback address +dnl # 127.0.0.1 and not on any other network devices. Remove the loopback +dnl # address restriction to accept email from the internet or intranet. +dnl # +DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl +dnl # +dnl # The following causes sendmail to additionally listen to port 587 for +dnl # mail from MUAs that authenticate. Roaming users who can't reach their +dnl # preferred sendmail daemon due to port 25 being blocked or redirected find +dnl # this useful. +dnl # +dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl +dnl # +dnl # The following causes sendmail to additionally listen to port 465, but +dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed +dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't +dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS +dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps +dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1. +dnl # +dnl # For this to work your OpenSSL certificates must be configured. +dnl # +dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl +dnl # +dnl # The following causes sendmail to additionally listen on the IPv6 loopback +dnl # device. Remove the loopback address restriction listen to the network. +dnl # +dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl +dnl # +dnl # enable both ipv6 and ipv4 in sendmail: +dnl # +dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6') +dnl # +dnl # We strongly recommend not accepting unresolvable domains if you want to +dnl # protect yourself from spam. However, the laptop and users on computers +dnl # that do not have 24x7 DNS do need this. +dnl # +FEATURE(`accept_unresolvable_domains')dnl +dnl # +dnl FEATURE(`relay_based_on_MX')dnl +dnl # +dnl # Also accept email sent to "localhost.localdomain" as local email. +dnl # +LOCAL_DOMAIN(`localhost.localdomain')dnl +dnl # +dnl # The following example makes mail from this host and any additional +dnl # specified domains appear to be sent from mydomain.com +dnl # +dnl MASQUERADE_AS(`mydomain.com')dnl +dnl # +dnl # masquerade not just the headers, but the envelope as well +dnl # +dnl FEATURE(masquerade_envelope)dnl +dnl # +dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well +dnl # +dnl FEATURE(masquerade_entire_domain)dnl +dnl # +dnl MASQUERADE_DOMAIN(localhost)dnl +dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl +dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl +dnl MASQUERADE_DOMAIN(mydomain.lan)dnl +MAILER(smtp)dnl +MAILER(procmail)dnl +dnl MAILER(cyrusv2)dnl diff --git a/sendmail.8.15.2.tar.gz b/sendmail.8.15.2.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..4bc3717243023debc7fcc87e3dc5c6617ab38df5 Binary files /dev/null and b/sendmail.8.15.2.tar.gz differ diff --git a/sendmail.etc-mail-Makefile b/sendmail.etc-mail-Makefile new file mode 100644 index 0000000000000000000000000000000000000000..e80f4a9f76a3adb65431f3e489323054412de19f --- /dev/null +++ b/sendmail.etc-mail-Makefile @@ -0,0 +1,8 @@ +# Pass everything to the make script + +all: +%: force + @./make $@ +force:; + +$(MAKEFILE_LIST):; diff --git a/sendmail.etc-mail-make b/sendmail.etc-mail-make new file mode 100644 index 0000000000000000000000000000000000000000..f345b43f4170af05475ec78bb0500a67fe08ba45 --- /dev/null +++ b/sendmail.etc-mail-make @@ -0,0 +1,129 @@ +#!/bin/sh +# Generate db and cf files if necessary. This used to be handled by +# /etc/mail/Makefile. + +teste() { + if ! test -e "$1"; then + echo "$1 doesn't exist" + exit 2 + fi +} + +makedb() { + teste "${1%.db}" + + if [ -z "$SM_FORCE_DBREBUILD" ]; then + test "${1%.db}" -nt "$1" || return 0 + fi + + if [ "$1" = userdb.db ]; then + makemap btree "$1" < "${1%.db}" + else + makemap hash "$1" < "${1%.db}" + fi +} + +makealiasesdb() { + uptodate=1 + + if [ -z "$SM_FORCE_DBREBUILD" ]; then + files=$(grep '^O AliasFile=' sendmail.cf | + while read a; do echo ${a#*=}; done) + + for a in $files; do + if [ "$a" = /etc/aliases ]; then + # /etc/aliases.db may be used by other MTA, make sure nothing + # has touched it since our last newaliases call + test "$a" -nt "${a}.db" || + test aliasesdb-stamp -nt "${a}.db" || + test aliasesdb-stamp -ot "${a}.db" || continue + else + test "$a" -nt "${a}.db" || continue + fi + + uptodate=0 + break + done + else + uptodate=0 + fi + + [ $uptodate = 1 ] && return 0 + + # check if alternatives is configured to sendmail + if [ "$(readlink -e /usr/bin/newaliases)" = /usr/sbin/sendmail.sendmail ] + then + /usr/bin/newaliases > /dev/null + touch -r /etc/aliases.db aliasesdb-stamp 2> /dev/null + else + rm -f aliasesdb-stamp + fi +} + +makecf() { + mc=${1%.cf}.mc + + teste "$mc" + + if [ -z "$SM_FORCE_CFREBUILD" ]; then + test "$mc" -nt "$1" || return 0 + fi + + if test -f /usr/share/sendmail-cf/m4/cf.m4; then + umask 022 + [ -e "$1" ] && mv -f "$1" "$1".bak + m4 "$mc" > "$1" + else + echo "WARNING: '$mc' is modified. Please install package sendmail-cf to update your configuration." + exit 15 + fi +} + +makeall() { + # These could be used by sendmail, but are not part of the default install. + # To use them you will have to generate your own sendmail.cf with + # FEATURE('whatever') + test -f bitdomain && makedb bitdomain.db + test -f uudomain && makedb uudomain.db + test -f genericstable && makedb genericstable.db + test -f userdb && makedb userdb.db + test -f authinfo && makedb authinfo.db + + makedb virtusertable.db + makedb access.db + makedb domaintable.db + makedb mailertable.db + + makecf sendmail.cf + makecf submit.cf +} + +cd /etc/mail || exit 1 + +[ $# -eq 0 ] && makeall + +for target; do + case "$target" in + *.db) + makedb "$target" + ;; + *.cf) + makecf "$target" + ;; + all) + makeall + ;; + aliases) + makealiasesdb + ;; + clean) + rm -f *.db *~ aliasesdb-stamp + ;; + start|stop|restart) + service sendmail "$target" + ;; + *) + echo "Don't know how to make $target" + exit 2 + esac +done diff --git a/sendmail.init b/sendmail.init new file mode 100644 index 0000000000000000000000000000000000000000..fefd2874c40f7d0e35d4ab8e813fff1b0255456b --- /dev/null +++ b/sendmail.init @@ -0,0 +1,144 @@ +#!/bin/bash +# +# sendmail This shell script takes care of starting and stopping +# sendmail. +# +# chkconfig: 2345 80 30 +# description: Sendmail is a Mail Transport Agent, which is the program \ +# that moves mail from one machine to another. +# processname: sendmail +# config: /etc/mail/sendmail.cf +# pidfile: /var/run/sendmail.pid + +### BEGIN INIT INFO +# Provides: sendmail smtpdaemon $mail-transfer-agent +# Required-Start: $local_fs $network +# Required-Stop: $local_fs $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: start and stop sendmail +# Description: sendmail is a Mail Transport Agent (MTA) +### END INIT INFO + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +[ -f /etc/sysconfig/network ] && . /etc/sysconfig/network + +# Source sendmail configureation. +if [ -f /etc/sysconfig/sendmail ]; then + . /etc/sysconfig/sendmail +else + DAEMON=no + QUEUE=1h +fi +[ -z "$SMQUEUE" ] && SMQUEUE="$QUEUE" +[ -z "$SMQUEUE" ] && SMQUEUE=1h + +# Check that we're a privileged user +[ `id -u` = 0 ] || exit 4 + +# Check that networking is up. +[ "${NETWORKING}" = "no" ] && exit 1 + +[ -x /usr/sbin/sendmail ] || exit 5 + +prog="sendmail" + +updateconf() { + /etc/mail/make > /dev/null 2>&1 + if [ $? -eq 15 ]; then + echo -n $"Package sendmail-cf is required to update configuration." + warning + echo + fi + /etc/mail/make aliases > /dev/null 2>&1 +} + +start() { + # Start daemons. + ret=0 + updateconf + echo -n $"Starting $prog: " + daemon /usr/sbin/sendmail $([ "x$DAEMON" = xyes ] && echo -bd) \ + $([ -n "$QUEUE" ] && echo -q$QUEUE) $SENDMAIL_OPTARG + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sendmail + let ret+=$RETVAL + + if [ ! -f /var/run/sm-client.pid ]; then + echo -n $"Starting sm-client: " + touch /var/run/sm-client.pid + chown smmsp:smmsp /var/run/sm-client.pid + if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then + /sbin/restorecon /var/run/sm-client.pid + fi + daemon --check sm-client /usr/sbin/sendmail -L sm-msp-queue -Ac \ + -q$SMQUEUE $SENDMAIL_OPTARG + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sm-client + let ret+=$RETVAL + fi + + [ $ret -eq 0 ] && return 0 || return 1 +} + +stop() { + # Stop daemons. + if [ -f /var/run/sm-client.pid ]; then + echo -n $"Shutting down sm-client: " + killproc sm-client + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f /var/run/sm-client.pid + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sm-client + fi + echo -n $"Shutting down $prog: " + killproc sendmail + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sendmail + return $RETVAL +} + +status -p /var/run/sendmail.pid >/dev/null || status -p /var/run/sm-client.pid >/dev/null +running=$? + +# See how we were called. +case "$1" in + start) + [ $running -eq 0 ] && exit 0 + start + RETVAL=$? + ;; + stop) + [ $running -eq 0 ] || exit 0 + stop + RETVAL=$? + ;; + restart|force-reload) + stop + start + RETVAL=$? + ;; + condrestart|try-restart) + [ $running -eq 0 ] || exit 0 + stop + start + RETVAL=$? + ;; + status) + echo -n sendmail; status -p /var/run/sendmail.pid -l sendmail + RETVAL=$? + echo -n sm-client; status -p /var/run/sm-client.pid -l sm-client + [ $RETVAL -eq 0 ] && RETVAL=$? + ;; + *) + echo $"Usage: $0 {start|stop|restart|condrestart|status}" + RETVAL=2 +esac + +exit $RETVAL diff --git a/sendmail.nm-dispatcher b/sendmail.nm-dispatcher new file mode 100644 index 0000000000000000000000000000000000000000..b3122e5ebcba24b538fa3e26c6bea2288dad9e02 --- /dev/null +++ b/sendmail.nm-dispatcher @@ -0,0 +1,7 @@ +#!/bin/sh + +case "$2" in + up|down|vpn-up|vpn-down) + /bin/systemctl --no-block try-restart sendmail.service || : + ;; +esac diff --git a/sendmail.pam b/sendmail.pam new file mode 100644 index 0000000000000000000000000000000000000000..73e5348115f745bd5932974ac6e48c48c2607d21 --- /dev/null +++ b/sendmail.pam @@ -0,0 +1,3 @@ +#%PAM-1.0 +auth include password-auth +account include password-auth diff --git a/sendmail.service b/sendmail.service new file mode 100644 index 0000000000000000000000000000000000000000..9a7c9c324bcea74f10bb5df374ddbffc33258ab2 --- /dev/null +++ b/sendmail.service @@ -0,0 +1,22 @@ +[Unit] +Description=Sendmail Mail Transport Agent +After=syslog.target network.target +Conflicts=postfix.service exim.service +Wants=sm-client.service +StartLimitIntervalSec=0 + +[Service] +Type=forking +PIDFile=/run/sendmail.pid +Environment=SENDMAIL_OPTS=-q1h +EnvironmentFile=-/etc/sysconfig/sendmail +ExecStartPre=-/etc/mail/make +ExecStartPre=-/etc/mail/make aliases +ExecStart=/usr/sbin/sendmail -bd $SENDMAIL_OPTS $SENDMAIL_OPTARG +ExecReload=/usr/bin/kill -HUP $MAINPID +# hack to allow async reload to complete, otherwise systemd may signal error +ExecReload=/usr/bin/sleep 2 + +[Install] +WantedBy=multi-user.target +Also=sm-client.service diff --git a/sendmail.spec b/sendmail.spec new file mode 100644 index 0000000000000000000000000000000000000000..939d6cf769d6702f9c4d91c27f1356b44d5ca476 --- /dev/null +++ b/sendmail.spec @@ -0,0 +1,487 @@ +Name: sendmail +Version: 8.15.2 +Release: 32 +Summary: A classic mail transfer agent from the Unix world +License: Sendmail +URL: http://www.sendmail.org/ +Source0: http://ftp.sendmail.org/sendmail.%{version}.tar.gz +Source1: sendmail.service +Source2: sendmail.nm-dispatcher +Source3: sendmail.etc-mail-make +Source4: sendmail.sysconfig +Source5: sendmail.etc-mail-Makefile +Source6: sm-client.service +Source7: sendmail.pam +Source8: Sendmail-sasl2.conf +Source9: sendmail-redhat.mc +Source10: sendmail-etc-mail-virtusertable +Source11: sendmail-etc-mail-access +Source12: sendmail-etc-mail-domaintable +Source13: sendmail-etc-mail-local-host-names +Source14: sendmail-etc-mail-mailertable +Source15: sendmail-etc-mail-trusted-users + +BuildRequires: openssl-devel openldap-devel libdb-devel libnsl2-devel hesiod-devel +BuildRequires: cyrus-sasl-devel groff ghostscript m4 systemd setup >= 2.5.31-1 +Requires: bash >= 2.0 setup >= 2.5.31-1 %{_sbindir}/saslauthd +Requires(pre): shadow-utils +Requires(post): systemd systemd-sysv coreutils %{_sbindir}/alternatives openssl +Requires(preun): systemd %{_sbindir}/alternatives +Requires(postun): systemd coreutils %{_sbindir}/alternatives + +Provides: MTA smtpdaemon server(smtp) +Provides: sendmail-cf +Obsoletes: sendmail-cf + +Patch0001: sendmail-8.14.4-makemapman.patch +Patch0003: sendmail-8.14.9-pid.patch +Patch0004: sendmail-8.15.1-manpage.patch +Patch0005: sendmail-8.15.1-dynamic.patch +Patch0006: sendmail-8.13.0-cyrus.patch +Patch0007: sendmail-8.15.1-aliases_dir.patch +Patch0009: sendmail-8.14.9-noversion.patch +Patch0010: sendmail-8.15.2-localdomain.patch +Patch0011: sendmail-8.14.3-sharedmilter.patch +Patch0012: sendmail-8.15.2-switchfile.patch +Patch0013: sendmail-8.14.8-sasl2-in-etc.patch +Patch0014: sendmail-8.15.2-qos.patch +Patch0015: sendmail-8.15.2-libmilter-socket-activation.patch +Patch0016: sendmail-8.15.2-smtp-session-reuse-fix.patch +Patch0017: sendmail-8.15.2-openssl-1.1.0-fix.patch +Patch0018: sendmail-8.15.2-format-security.patch +Patch0019: sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch + +%description +Sendmail is a general purpose internetwork email routing facility that +supports many kinds of mail-transfer and delivery methods, including +the Simple Mail Transfer Protocol (SMTP) used for email transport over +the Internet. It also includes the configuration files you need to generate +the sendmail.cf file distributed with the sendmail package. + +%package help +Summary: Help document for the Sendmail Mail Transport Agent program +BuildArch: noarch +Requires: sendmail = %{version}-%{release} +Provides: sendmail-doc +Obsoletes: sendmail-doc + +%description help +This package contains the Sendmail Installation and Operation Guide, +text files containing configuration documentation, plus a number of +scripts and tools for using with Sendmail. + +%package -n libmilter +Summary: The sendmail milter library +provides: sendmail-milter +obsoletes: sendmail-milter + +%description -n libmilter +The Sendmail Content Management API (Milter) is designed to allow third-party +programs access to mail messages as they are being processed in order to +filter meta-information and content. It includes the milter shared library. + +%package -n libmilter-devel +Summary: Sendmail milter development libraries and headers +Requires: libmilter = %{version}-%{release} +Provides: sendmail-milter-devel +Obsoletes: sendmail-milter-devel + +%description -n libmilter-devel +Include development libraries and headers for the milter add-ons as part of sendmail. + +%prep +%setup -q +cp devtools/M4/UNIX/library.m4 devtools/M4/UNIX/sharedlibrary.m4 +%autopatch -p1 + +%build +export CFLAGS="${RPM_OPT_FLAGS}" + +cat << EOF > config.m4 +define(\`confMAPDEF', \`-DNEWDB -DNIS -DHESIOD -DMAP_REGEX -DSOCKETMAP -DNAMED_BIND=1') +define(\`confOPTIMIZE', \`\`\`\`${RPM_OPT_FLAGS}'''') +define(\`confLIBS', \`-lnsl -lhesiod -lcrypt -ldb -lresolv') +define(\`confSTDIR', \`%{_localstatedir}/log/mail') +define(\`confLDOPTS', \`-Xlinker -z -Xlinker relro -Xlinker -z -Xlinker now') +define(\`confMANOWN', \`root') +define(\`confMANGRP', \`root') +define(\`confENVDEF', \`-I%{_includedir}/libdb -I/usr/kerberos/include -Wall -DXDEBUG=0') +define(\`confLIBDIRS', \`-L/usr/kerberos/%{_lib}') +define(\`confMANMODE', \`644') +define(\`confMAN1SRC', \`1') +define(\`confMAN5SRC', \`5') +define(\`confMAN8SRC', \`8') +define(\`STATUS_FILE', \`%{_localstatedir}/log/mail/statistics') +define(\`confLIBSEARCH', \`db resolv 44bsd') +EOF +#' + +cat << EOF >> config.m4 +APPENDDEF(\`confLIBS', \`-pie') +APPENDDEF(\`confLIBS', \`-lsasl2 -lcrypto')dnl +APPENDDEF(\`confLIBS', \`-lldap -llber -lssl -lcrypto')dnl +APPENDDEF(\`confENVDEF', \`-DNETINET6 -DHES_GETMAILHOST -DUSE_VENDOR_CF_PATH=1 -D_FFR_LINUX_MHNLi')dnl +APPENDDEF(\`confENVDEF', \`-D_FFR_QOS -D_FILE_OFFSET_BITS=64 -DHESIOD_ALLOW_NUMERIC_LOGIN')dnl +APPENDDEF(\`confENVDEF', \`-DSASL=2')dnl +APPENDDEF(\`confENVDEF', \`-D_FFR_MILTER_CHECK_REJECTIONS_TOO')dnl +APPENDDEF(\`confMAPDEF', \`-DLDAPMAP -DLDAP_DEPRECATED')dnl +APPENDDEF(\`confENVDEF', \`-DSM_CONF_LDAP_MEMFREE=1')dnl +APPENDDEF(\`confOPTIMIZE', \`') +APPENDDEF(\`confOPTIMIZE', \`-fpie') +APPENDDEF(\`conf_sendmail_ENVDEF', \`-DMILTER')dnl +APPENDDEF(\`conf_sendmail_ENVDEF', \`-DSTARTTLS -D_FFR_TLS_1 -D_FFR_TLS_EC -D_FFR_TLS_USE_CERTIFICATE_CHAIN_FILE')dnl +APPENDDEF(\`conf_sendmail_LIBS', \`-lssl -lcrypto')dnl +EOF + +for dir in libsmutil sendmail mailstats rmail praliases smrsh makemap editmap libmilter; do + cd $dir + sh ./Build -f ../config.m4 + cd .. +done + +make -C doc/op op.pdf + +%install +mkdir -p $RPM_BUILD_ROOT%{_bindir} +mkdir -p $RPM_BUILD_ROOT%{_sbindir} +mkdir -p $RPM_BUILD_ROOT%{_libdir} +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/mail +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/mail +mkdir -p $RPM_BUILD_ROOT%{_datadir}/sendmail-cf +mkdir -p $RPM_BUILD_ROOT%{_initrddir} +mkdir -p $RPM_BUILD_ROOT%{_unitdir} +mkdir -p $RPM_BUILD_ROOT%{_mandir}/man{1,5,8} +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/spool/{clientmqueue,mqueue} +mkdir -p $RPM_BUILD_ROOT%{_docdir}/sendmail/contrib +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{smrsh,sysconfig,pam.d,sasl2} +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d +mkdir -p $RPM_BUILD_ROOT%{_includedir}/libmilter + +%define USER `id -nu` +%define GROUP `id -ng` +sendmail_make() { + make $@ \ + DESTDIR=$RPM_BUILD_ROOT \ + LIBDIR=%{_libdir} \ + MANROOT=%{_mandir}/man \ + LIBMODE=0755 INCMODE=0644 \ + MSPQOWN=%{USER} CFMODE=0644 \ + CFOWN=%{USER} CFGRP=%{GROUP} \ + SBINOWN=%{USER} SBINGRP=%{GROUP} \ + UBINOWN=%{USER} UBINGRP=%{GROUP} \ + MANOWN=%{USER} MANGRP=%{GROUP} \ + INCOWN=%{USER} INCGRP=%{GROUP} \ + LIBOWN=%{USER} LIBGRP=%{GROUP} \ + GBINOWN=%{USER} GBINGRP=%{GROUP} +} + +MAKEDIR=obj.$(uname -s).$(uname -r).$(uname -m) + +sendmail_make -C $MAKEDIR/rmail force-install +for dir in sendmail mailstats praliases smrsh makemap editmap libmilter ; do + sendmail_make -C $MAKEDIR/$dir install +done +ln -sf ../sbin/makemap $RPM_BUILD_ROOT%{_bindir}/makemap +ln -sf ../sbin/sendmail.sendmail $RPM_BUILD_ROOT/usr/lib/sendmail.sendmail + +for dir in hoststat mailq newaliases purgestat ; do + ln -sf ../sbin/sendmail.sendmail $RPM_BUILD_ROOT%{_bindir}/$dir +done + +install -p -m 644 {FAQ,KNOWNBUGS,LICENSE,RELEASE_NOTES} $RPM_BUILD_ROOT%{_docdir}/sendmail +install -p -m 644 {README,doc/op/op.pdf,sendmail/SECURITY} $RPM_BUILD_ROOT%{_docdir}/sendmail + +install -p -m 644 sendmail/README $RPM_BUILD_ROOT%{_docdir}/sendmail/README.sendmail +install -p -m 644 smrsh/README $RPM_BUILD_ROOT%{_docdir}/sendmail/README.smrsh +install -p -m 644 libmilter/README $RPM_BUILD_ROOT%{_docdir}/sendmail/README.libmilter +install -p -m 644 cf/README $RPM_BUILD_ROOT%{_docdir}/sendmail/README.cf +install -p -m 644 contrib/* $RPM_BUILD_ROOT%{_docdir}/sendmail/contrib +gzip -9 $RPM_BUILD_ROOT%{_docdir}/sendmail/RELEASE_NOTES + +cp -ar cf/* $RPM_BUILD_ROOT%{_datadir}/sendmail-cf +rm -rf $RPM_BUILD_ROOT%{_datadir}/sendmail-cf/cf/{README,Build.*} +rm -rf $RPM_BUILD_ROOT%{_datadir}/sendmail-cf/*/*.m{c,4}.* + +install -p -m 644 cf/cf/submit.mc $RPM_BUILD_ROOT%{_sysconfdir}/mail/submit.mc +install -p -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir} +install -p -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_unitdir} +install -p -m 755 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d/10-sendmail +install -p -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/sendmail +install -p -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/smtp.sendmail +install -p -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_sysconfdir}/sasl2/Sendmail.conf +install -p -m 755 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/mail/make +install -p -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/mail/Makefile +install -p -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_sysconfdir}/mail/sendmail.mc +install -p -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_sysconfdir}/mail/virtusertable +install -p -m 644 %{SOURCE11} $RPM_BUILD_ROOT%{_sysconfdir}/mail/access +install -p -m 644 %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir}/mail/domaintable +install -p -m 644 %{SOURCE13} $RPM_BUILD_ROOT%{_sysconfdir}/mail/local-host-names +install -p -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_sysconfdir}/mail/mailertable +install -p -m 644 %{SOURCE15} $RPM_BUILD_ROOT%{_sysconfdir}/mail/trusted-users + +sed -i -e 's|@@PATH@@|%{_datadir}/sendmail-cf|' $RPM_BUILD_ROOT%{_sysconfdir}/mail/sendmail.mc +sed -i -e 's|@@PATH@@|cf|' %{SOURCE9} +m4 %{SOURCE9} > $RPM_BUILD_ROOT%{_sysconfdir}/mail/sendmail.cf +chmod 644 $RPM_BUILD_ROOT%{_sysconfdir}/mail/sendmail.cf + +for map in virtusertable access domaintable mailertable ; do + touch $RPM_BUILD_ROOT%{_sysconfdir}/mail/${map}.db + chmod 644 $RPM_BUILD_ROOT%{_sysconfdir}/mail/${map}.db +done + +touch $RPM_BUILD_ROOT%{_sysconfdir}/mail/aliasesdb-stamp +touch $RPM_BUILD_ROOT%{_localstatedir}/spool/clientmqueue/sm-client.st + +chmod 644 $RPM_BUILD_ROOT%{_sysconfdir}/mail/helpfile +chmod 755 $RPM_BUILD_ROOT%{_sbindir}/{mailstats,makemap,editmap,praliases,sendmail,smrsh} +chmod 755 $RPM_BUILD_ROOT%{_bindir}/rmail + +install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/sasl2 + +mv $RPM_BUILD_ROOT%{_sbindir}/sendmail $RPM_BUILD_ROOT%{_sbindir}/sendmail.sendmail +mv $RPM_BUILD_ROOT%{_sbindir}/makemap $RPM_BUILD_ROOT%{_sbindir}/makemap.sendmail +mv $RPM_BUILD_ROOT%{_sbindir}/editmap $RPM_BUILD_ROOT%{_sbindir}/editmap.sendmail +mv $RPM_BUILD_ROOT%{_bindir}/mailq $RPM_BUILD_ROOT%{_bindir}/mailq.sendmail +mv $RPM_BUILD_ROOT%{_bindir}/rmail $RPM_BUILD_ROOT%{_bindir}/rmail.sendmail +mv $RPM_BUILD_ROOT%{_bindir}/newaliases $RPM_BUILD_ROOT%{_bindir}/newaliases.sendmail +touch $RPM_BUILD_ROOT%{_sbindir}/sendmail +touch $RPM_BUILD_ROOT%{_sbindir}/makemap +touch $RPM_BUILD_ROOT%{_sbindir}/editmap +touch $RPM_BUILD_ROOT%{_bindir}/mailq +touch $RPM_BUILD_ROOT%{_bindir}/rmail +touch $RPM_BUILD_ROOT%{_bindir}/newaliases + +mv $RPM_BUILD_ROOT%{_mandir}/man1/mailq.1 $RPM_BUILD_ROOT%{_mandir}/man1/mailq.sendmail.1 +mv $RPM_BUILD_ROOT%{_mandir}/man1/newaliases.1 $RPM_BUILD_ROOT%{_mandir}/man1/newaliases.sendmail.1 +mv $RPM_BUILD_ROOT%{_mandir}/man5/aliases.5 $RPM_BUILD_ROOT%{_mandir}/man5/aliases.sendmail.5 +mv $RPM_BUILD_ROOT%{_mandir}/man8/sendmail.8 $RPM_BUILD_ROOT%{_mandir}/man8/sendmail.sendmail.8 +mv $RPM_BUILD_ROOT%{_mandir}/man8/rmail.8 $RPM_BUILD_ROOT%{_mandir}/man8/rmail.sendmail.8 +mv $RPM_BUILD_ROOT%{_mandir}/man8/makemap.8 $RPM_BUILD_ROOT%{_mandir}/man8/makemap.sendmail.8 +mv $RPM_BUILD_ROOT%{_mandir}/man8/editmap.8 $RPM_BUILD_ROOT%{_mandir}/man8/editmap.sendmail.8 +touch $RPM_BUILD_ROOT%{_mandir}/man1/mailq.1 +touch $RPM_BUILD_ROOT%{_mandir}/man1/newaliases.1 +touch $RPM_BUILD_ROOT%{_mandir}/man5/aliases.5 +touch $RPM_BUILD_ROOT%{_mandir}/man8/sendmail.8 +touch $RPM_BUILD_ROOT%{_mandir}/man8/rmail.8 +touch $RPM_BUILD_ROOT%{_mandir}/man8/makemap.8 +touch $RPM_BUILD_ROOT%{_mandir}/man8/editmap.8 +touch $RPM_BUILD_ROOT/usr/lib/sendmail +touch $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/smtp + +for m in man8/hoststat.8 man8/purgestat.8; do + [ -f %{buildroot}%{_mandir}/$m ] || + echo ".so man8/sendmail.8" > %{buildroot}%{_mandir}/$m +done + +%check + +%pre +getent group mailnull > /dev/null || %{_sbindir}/groupadd -g 47 -r mailnull > /dev/null 2>&1 +getent group smmsp > /dev/null || %{_sbindir}/groupadd -g 51 -r smmsp > /dev/null 2>&1 + +getent passwd mailnull > /dev/null || \ + %{_sbindir}/useradd -u 47 -g mailnull -d %{_localstatedir}/spool/mqueue -r -s /sbin/nologin mailnull > /dev/null 2>&1 +getent passwd smmsp > /dev/null || \ + %{_sbindir}/useradd -u 51 -g smmsp -d %{_localstatedir}/spool/mqueue -r -s /sbin/nologin smmsp > /dev/null 2>&1 + +[ -h %{_sbindir}/makemap ] || rm -f %{_sbindir}/makemap || : +[ -h %{_mandir}/man8/makemap.8.gz ] || rm -f %{_mandir}/man8/makemap.8.gz || : + +exit 0 + +%preun +%systemd_preun sendmail.service sm-client.service +if [ $1 = 0 ]; then + %{_sbindir}/alternatives --remove mta %{_sbindir}/sendmail.sendmail +fi +exit 0 + +%post +%systemd_post sendmail.service sm-client.service + +%{_sbindir}/alternatives --install %{_sbindir}/sendmail mta %{_sbindir}/sendmail.sendmail 90 \ + --slave %{_sbindir}/makemap mta-makemap %{_sbindir}/makemap.sendmail \ + --slave %{_sbindir}/editmap mta-editmap %{_sbindir}/editmap.sendmail \ + --slave %{_bindir}/mailq mta-mailq %{_bindir}/mailq.sendmail \ + --slave %{_bindir}/newaliases mta-newaliases %{_bindir}/newaliases.sendmail \ + --slave %{_bindir}/rmail mta-rmail %{_bindir}/rmail.sendmail \ + --slave /usr/lib/sendmail mta-sendmail /usr/lib/sendmail.sendmail \ + --slave %{_sysconfdir}/pam.d/smtp mta-pam %{_sysconfdir}/pam.d/smtp.sendmail \ + --slave %{_mandir}/man8/sendmail.8.gz mta-sendmailman %{_mandir}/man8/sendmail.sendmail.8.gz \ + --slave %{_mandir}/man1/mailq.1.gz mta-mailqman %{_mandir}/man1/mailq.sendmail.1.gz \ + --slave %{_mandir}/man1/newaliases.1.gz mta-newaliasesman %{_mandir}/man1/newaliases.sendmail.1.gz \ + --slave %{_mandir}/man5/aliases.5.gz mta-aliasesman %{_mandir}/man5/aliases.sendmail.5.gz \ + --slave %{_mandir}/man8/rmail.8.gz mta-rmailman %{_mandir}/man8/rmail.sendmail.8.gz \ + --slave %{_mandir}/man8/makemap.8.gz mta-makemapman %{_mandir}/man8/makemap.sendmail.8.gz \ + --slave %{_mandir}/man8/editmap.8.gz mta-editmapman %{_mandir}/man8/editmap.sendmail.8.gz \ + --initscript sendmail > /dev/null 2>&1 + +{ + chown root \ + %{_sysconfdir}/aliases.db \ + %{_sysconfdir}/mail/access.db \ + %{_sysconfdir}/mail/mailertable.db \ + %{_sysconfdir}/mail/domaintable.db \ + %{_sysconfdir}/mail/virtusertable.db + SM_FORCE_DBREBUILD=1 %{_sysconfdir}/mail/make + SM_FORCE_DBREBUILD=1 %{_sysconfdir}/mail/make aliases +} > /dev/null 2>&1 + +if [ ! -f %{_localstatedir}/spool/clientmqueue/sm-client.st ]; then + touch %{_localstatedir}/spool/clientmqueue/sm-client.st + chown smmsp:smmsp %{_localstatedir}/spool/clientmqueue/sm-client.st + chmod 0660 %{_localstatedir}/spool/clientmqueue/sm-client.st +fi + +if [ ! -f %{_sysconfdir}/pki/tls/private/sendmail.key ]; then + umask 077 + %{_bindir}/openssl genrsa 4096 > %{_sysconfdir}/pki/tls/private/sendmail.key 2> /dev/null +fi + +if [ ! -f %{_sysconfdir}/pki/tls/certs/sendmail.pem ]; then + FQDN=`hostname` + if [ "x${FQDN}" = "x" ]; then + FQDN=localhost.localdomain + fi + + %{_bindir}/openssl req -new -key %{_sysconfdir}/pki/tls/private/sendmail.key -x509 -sha256 \ + -days 365 -set_serial $RANDOM -out %{_sysconfdir}/pki/tls/certs/sendmail.pem \ + -subj "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=${FQDN}/emailAddress=root@${FQDN}" + chmod 644 %{_sysconfdir}/pki/tls/certs/sendmail.pem +fi + +exit 0 + +%postun +%systemd_postun_with_restart sendmail.service sm-client.service +if [ $1 -ge 1 ] ; then + mta=`readlink %{_sysconfdir}/alternatives/mta` + if [ "$mta" == "%{_sbindir}/sendmail.sendmail" ]; then + %{_sbindir}/alternatives --set mta %{_sbindir}/sendmail.sendmail + fi +fi +exit 0 + +%post -n libmilter +/sbin/ldconfig + +%postun -n libmilter +/sbin/ldconfig + +%files +%doc %{_docdir}/sendmail/{FAQ,KNOWNBUGS,LICENSE,README,RELEASE_NOTES.gz} +%doc %{_datadir}/sendmail-cf/README +%{_bindir}/hoststat +%{_bindir}/makemap +%{_bindir}/purgestat +%{_sbindir}/mailstats +%{_sbindir}/makemap.sendmail +%{_sbindir}/editmap.sendmail +%{_sbindir}/praliases +%{_bindir}/rmail.sendmail +%{_bindir}/newaliases.sendmail +%{_bindir}/mailq.sendmail +%{_sbindir}/smrsh +%attr(2755,root,smmsp) %{_sbindir}/sendmail.sendmail +/usr/lib/sendmail.sendmail + +%ghost %attr(0755,-,-) %{_sbindir}/sendmail +%ghost %attr(0755,-,-) %{_sbindir}/makemap +%ghost %attr(0755,-,-) %{_sbindir}/editmap +%ghost %attr(0755,-,-) %{_bindir}/mailq +%ghost %attr(0755,-,-) %{_bindir}/newaliases +%ghost %attr(0755,-,-) %{_bindir}/rmail +%ghost %attr(0755,-,-) /usr/lib/sendmail + +%ghost %{_sysconfdir}/pam.d/smtp +%dir %{_localstatedir}/log/mail +%dir %{_sysconfdir}/smrsh +%dir %{_sysconfdir}/mail +%attr(0770,smmsp,smmsp) %dir %{_localstatedir}/spool/clientmqueue +%attr(0700,root,mail) %dir %{_localstatedir}/spool/mqueue + +%config(noreplace) %verify(not size mtime md5) %{_localstatedir}/log/mail/statistics +%config(noreplace) %{_sysconfdir}/mail/Makefile +%config(noreplace) %{_sysconfdir}/mail/make +%config(noreplace) %{_sysconfdir}/mail/sendmail.cf +%config(noreplace) %{_sysconfdir}/mail/submit.cf +%config(noreplace) %{_sysconfdir}/mail/helpfile +%config(noreplace) %{_sysconfdir}/mail/sendmail.mc +%config(noreplace) %{_sysconfdir}/mail/submit.mc +%config(noreplace) %{_sysconfdir}/mail/access +%config(noreplace) %{_sysconfdir}/mail/domaintable +%config(noreplace) %{_sysconfdir}/mail/local-host-names +%config(noreplace) %{_sysconfdir}/mail/mailertable +%config(noreplace) %{_sysconfdir}/mail/trusted-users +%config(noreplace) %{_sysconfdir}/mail/virtusertable + +%ghost %{_sysconfdir}/mail/aliasesdb-stamp +%ghost %{_sysconfdir}/mail/virtusertable.db +%ghost %{_sysconfdir}/mail/access.db +%ghost %{_sysconfdir}/mail/domaintable.db +%ghost %{_sysconfdir}/mail/mailertable.db + +%ghost %{_localstatedir}/spool/clientmqueue/sm-client.st + +%{_unitdir}/sendmail.service +%{_unitdir}/sm-client.service +%config(noreplace) %{_sysconfdir}/sysconfig/sendmail +%config(noreplace) %{_sysconfdir}/pam.d/smtp.sendmail +%config(noreplace) %{_sysconfdir}/sasl2/Sendmail.conf +%{_sysconfdir}/NetworkManager/dispatcher.d/10-sendmail + +%{_datadir}/sendmail-cf/cf +%{_datadir}/sendmail-cf/domain +%{_datadir}/sendmail-cf/feature +%{_datadir}/sendmail-cf/hack +%{_datadir}/sendmail-cf/m4 +%{_datadir}/sendmail-cf/mailer +%{_datadir}/sendmail-cf/ostype +%{_datadir}/sendmail-cf/sendmail.schema +%{_datadir}/sendmail-cf/sh +%{_datadir}/sendmail-cf/siteconfig + +%files -n libmilter +%doc LICENSE +%{_docdir}/sendmail/README.libmilter +%{_libdir}/libmilter.so.* + +%files -n libmilter-devel +%doc libmilter/docs/* +%{_includedir}/libmilter/*.h +%{_libdir}/libmilter.so + +%files help +%{_mandir}/man{8,5,1} +%exclude %{_mandir}/man1/mailq.1.gz +%exclude %{_mandir}/man1/newaliases.1.gz +%exclude %{_mandir}/man5/aliases.5.gz +%exclude %{_mandir}/man8/sendmail.8.gz +%exclude %{_mandir}/man8/rmail.8.gz +%exclude %{_mandir}/man8/makemap.8.gz +%exclude %{_mandir}/man8/editmap.8.gz + +%{_docdir}/sendmail/README.cf +%{_docdir}/sendmail/README.sendmail +%{_docdir}/sendmail/README.smrsh +%{_docdir}/sendmail/SECURITY +%{_docdir}/sendmail/op.pdf +%attr(0644,root,root) %{_docdir}/sendmail/contrib/* + + +%changelog +* Tue Dec 31 2019 openEuler Buildteam - 8.15.2-32 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:optimization the spec + +* Tue Dec 24 2019 openEuler Buildteam - 8.15.2-31 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:adjust the location of requires + +* Sat Sep 21 2019 Huiming Xie - 8.15.2-30 +- Package init + diff --git a/sendmail.sysconfig b/sendmail.sysconfig new file mode 100644 index 0000000000000000000000000000000000000000..db735308a2d663da3a095a86a3767b64320404fd --- /dev/null +++ b/sendmail.sysconfig @@ -0,0 +1 @@ +SENDMAIL_OPTS="-q1h" diff --git a/sm-client.service b/sm-client.service new file mode 100644 index 0000000000000000000000000000000000000000..a450b164663612facb481afc6af9e442daaef154 --- /dev/null +++ b/sm-client.service @@ -0,0 +1,20 @@ +[Unit] +Description=Sendmail Mail Transport Client +After=syslog.target network.target sendmail.service +Conflicts=postfix.service exim.service +BindTo=sendmail.service +StartLimitIntervalSec=0 + +[Service] +Type=forking +PIDFile=/run/sm-client.pid +Environment=SENDMAIL_OPTS=-q1h +EnvironmentFile=-/etc/sysconfig/sendmail +ExecStartPre=/bin/touch /run/sm-client.pid +ExecStartPre=/bin/chown smmsp:smmsp /run/sm-client.pid +ExecStartPre=-/sbin/restorecon /run/sm-client.pid +ExecStartPre=-/etc/mail/make +ExecStart=/usr/sbin/sendmail -L sm-msp-queue -Ac $SENDMAIL_OPTS $SENDMAIL_OPTARG + +[Install] +WantedBy=multi-user.target