- new option BLACKLISTD for FreeBSD-11

Submitted by:	Kurt Lidl, Masachika ISHIZUKA
Differential Revision:	https://reviews.freebsd.org/D6595

7 files changed, 149 insertions, 4 deletions

diff --git a/mail/sendmail/Makefile b/mail/sendmail/Makefile
index 52ff5e02b52c..94714cf94d4e 100644
--- a/mail/sendmail/Makefile
+++ b/mail/sendmail/Makefile
@@ -30,7 +30,8 @@ MAKE_ARGS=	UBINOWN=${UID} UBINGRP=${GID} \
 WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}
 DOCS=		KNOWNBUGS LICENSE PGPKEYS README RELEASE_NOTES \
 		sendmail/TRACEFLAGS sendmail/SECURITY sendmail/TUNING
-PLIST_SUB+=	PREFIX=${PREFIX:S=${PREFIX}/==} MANPREFIX=${MANPREFIX:S=$=/=:S=${PREFIX}==:S=^/==}
+PLIST_SUB+=	PREFIX=${PREFIX:S=${PREFIX}/==} \
+		MANPREFIX=${MANPREFIX:S=$=/=:S=${PREFIX}==:S=^/==}
 PKGMESSAGE=	${WRKSRC}/pkg-message
 
 WCONF=		${WRKSRC}/devtools/Site
@@ -44,8 +45,11 @@ SENDMAIL=	${PREFIX}/sbin/sendmail
 BASEMAIL=	/usr/libexec/sendmail/sendmail
 MILTER_SOVER?=	6
 
-OPTIONS_DEFINE?=	SHMEM SEM LA NIS IPV6 TLS SASL SASLAUTHD LDAP BDB GDBM SOCKETMAP CYRUSLOOKUP PICKY_HELO_CHECK MILTER DOCS
-OPTIONS_DEFAULT?=	SHMEM SEM LA NIS TLS SASL SASLAUTHD PICKY_HELO_CHECK MILTER BDB1
+OPTIONS_DEFINE?=	SHMEM SEM LA NIS IPV6 TLS SASL SASLAUTHD LDAP BDB \
+			GDBM SOCKETMAP CYRUSLOOKUP BLACKLISTD \
+			PICKY_HELO_CHECK MILTER DOCS
+OPTIONS_DEFAULT?=	SHMEM SEM LA NIS TLS SASL SASLAUTHD BDB1 \
+			PICKY_HELO_CHECK MILTER
 NO_OPTIONS_SORT=yes
 SHMEM_DESC=		System V shared memory support
 LA_DESC=		load averages support
@@ -54,6 +58,7 @@ SASLAUTHD_DESC=		SASLAUTHD support
 BDB_DESC=		Berkeley DB version 4+ support
 GDBM_DESC=		GNU dbm library support (option COMPAT needed)
 SOCKETMAP_DESC=		Enable socketmap feature
+BLACKLISTD_DESC=	Enable blacklistd support
 CYRUSLOOKUP_DESC=	Enable cyruslookup feature
 PICKY_HELO_CHECK_DESC=	Enable picky HELO check
 MILTER_DESC=		Enable milter support
@@ -120,6 +125,9 @@ SITE+=	${FILESDIR}/site.config.m4.sasl2
 .if ${PORT_OPTIONS:MLDAP}
 SITE+=	${FILESDIR}/site.config.m4.ldap
 .endif
+.if ${PORT_OPTIONS:MBLACKLISTD}
+SITE+=	${FILESDIR}/site.config.m4.blacklistd
+.endif
 .if ${PORT_OPTIONS:MMILTER}
 SITE+=	${FILESDIR}/site.config.m4.milter
 .endif
@@ -148,6 +156,12 @@ do-configure:
           ${FALSE}; \
           fi)
 .endif
+.if ${PORT_OPTIONS:MBLACKLISTD}
+	@(if [ ! -e "${DESTDIR}/usr/lib/libblacklist.so" ] ; then \
+	  ${ECHO_MSG} "===> libblacklist.so not found. Please update to FreeBSD 11"; \
+          ${FALSE}; \
+          fi)
+.endif
 	${REINPLACE_CMD} ${SED_SCRIPT} ${WRKSRC}/devtools/OS/FreeBSD
 	${SED} -e "s=%%PREFIX%%=${PREFIX}=g" \
 		-e "s=%%LOCALBASE%%=${LOCALBASE}=g" \
@@ -192,7 +206,8 @@ do-configure:
 .endif
 
 post-build:
-	(cd ${WRKSRC}/doc/op && ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} op.txt)
+	(cd ${WRKSRC}/doc/op && \
+	 ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} op.txt)
 
 pre-install:
 	${MKDIR} ${STAGEDIR}/etc/mail
diff --git a/mail/sendmail/files/patch-daemon.c b/mail/sendmail/files/patch-daemon.c
new file mode 100644
index 000000000000..9189bf8a2a89
--- /dev/null
+++ b/mail/sendmail/files/patch-daemon.c
@@ -0,0 +1,13 @@
+--- sendmail/daemon.c.orig	2016-06-12 18:25:14.196269000 -0400
++++ sendmail/daemon.c	2016-06-12 18:31:47.159880000 -0400
+@@ -754,6 +754,10 @@
+ 						anynet_ntoa(&RealHostAddr));
+ 			}
+ 
++#ifdef USE_BLACKLIST
++			blacklist_init();
++#endif
++
+ 			if (pipefd[0] != -1)
+ 			{
+ 				auto char c;
diff --git a/mail/sendmail/files/patch-main.c b/mail/sendmail/files/patch-main.c
new file mode 100644
index 000000000000..47e637162bde
--- /dev/null
+++ b/mail/sendmail/files/patch-main.c
@@ -0,0 +1,26 @@
+--- sendmail/main.c.orig	2016-06-12 18:24:56.170900000 -0400
++++ sendmail/main.c	2016-06-12 18:30:07.426701000 -0400
+@@ -4642,3 +4642,23 @@
+ 	sm_etype_printf,
+ 	"quick abort %0",
+ };
++
++#ifdef USE_BLACKLIST
++static struct blacklist *blstate;
++
++void
++blacklist_init(void)
++{
++	blstate = blacklist_open();
++}
++
++void
++blacklist_notify(int a, int fd, char *msg)
++{
++	if (blstate == NULL)
++		blacklist_init();
++	if (blstate == NULL)
++		return;
++	(void)blacklist_r(blstate, a, fd, msg);
++}
++#endif
diff --git a/mail/sendmail/files/patch-sendmail.h b/mail/sendmail/files/patch-sendmail.h
new file mode 100644
index 000000000000..4969fd6c03bc
--- /dev/null
+++ b/mail/sendmail/files/patch-sendmail.h
@@ -0,0 +1,16 @@
+--- sendmail/sendmail.h.orig	2016-06-12 18:23:05.239106000 -0400
++++ sendmail/sendmail.h	2016-06-12 18:42:38.972341000 -0400
+@@ -2647,6 +2647,13 @@
+ extern char	*milter_unknown __P((char *, ENVELOPE *, char *));
+ #endif /* MILTER */
+ 
++#if USE_BLACKLIST
++/* blacklistd functions */
++void blacklist_init(void);
++void blacklist_notify(int, int, char *);
++#include <blacklist.h>
++#endif
++
+ extern char	*addquotes __P((char *, SM_RPOOL_T *));
+ extern char	*arpadate __P((char *));
+ extern bool	atobool __P((char *));
diff --git a/mail/sendmail/files/patch-srvrsmtp.c b/mail/sendmail/files/patch-srvrsmtp.c
new file mode 100644
index 000000000000..89dcdbd56d14
--- /dev/null
+++ b/mail/sendmail/files/patch-srvrsmtp.c
@@ -0,0 +1,44 @@
+--- sendmail/srvrsmtp.c.orig	2015-03-18 07:47:12.000000000 -0400
++++ sendmail/srvrsmtp.c	2016-06-12 18:36:01.372172000 -0400
+@@ -832,6 +832,9 @@
+ 	int n_badrcpts_adj;
+ #endif /* _FFR_BADRCPT_SHUTDOWN */
+ 
++#ifdef USE_BLACKLIST
++	int fd;
++#endif
+ 	SevenBitInput_Saved = SevenBitInput;
+ 	smtp.sm_nrcpts = 0;
+ #if MILTER
+@@ -1328,6 +1331,9 @@
+ 					  (int) tp.tv_sec +
+ 						(tp.tv_usec >= 500000 ? 1 : 0)
+ 					 );
++#ifdef USE_BLACKLIST
++				blacklist_notify(1, fd, "pre-greeting traffic");
++#endif
+ 			}
+ 		}
+ 	}
+@@ -1723,6 +1729,10 @@
+ 			{
+ 				/* not SASL_OK or SASL_CONT */
+ 				message("535 5.7.0 authentication failed");
++#ifdef USE_BLACKLIST
++				fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
++				blacklist_notify(1, fd, "AUTH FAIL");
++#endif
+ 				if (LogLevel > 9)
+ 					sm_syslog(LOG_WARNING, e->e_id,
+ 						  "AUTH failure (%s): %s (%d) %s, relay=%.100s",
+@@ -3524,6 +3534,10 @@
+ 			if (++n_badcmds > MAXBADCOMMANDS)
+ 			{
+   stopattack:
++#ifdef USE_BLACKLIST
++				fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
++				blacklist_notify(1, fd, "too many bad commands");
++#endif
+ 				message("421 4.7.0 %s Too many bad commands; closing connection",
+ 					MyHostName);
+ 
diff --git a/mail/sendmail/files/patch-usersmtp.c b/mail/sendmail/files/patch-usersmtp.c
new file mode 100644
index 000000000000..6223915df489
--- /dev/null
+++ b/mail/sendmail/files/patch-usersmtp.c
@@ -0,0 +1,29 @@
+--- sendmail/usersmtp.c.orig	2014-12-05 10:42:28.000000000 -0500
++++ sendmail/usersmtp.c	2016-06-12 18:35:25.940865000 -0400
+@@ -1825,6 +1825,10 @@
+ 
+ 		if (saslresult != SASL_OK && saslresult != SASL_CONTINUE)
+ 		{
++#ifdef USE_BLACKLIST
++			int fd = sm_io_getinfo(mci->mci_in, SM_IO_WHAT_FD, NULL);
++			blacklist_notify(1, fd, "AUTH FAIL");
++#endif
+ 			if (tTd(95, 5))
+ 				sm_dprintf("AUTH FAIL=%s (%d)\n",
+ 					sasl_errstring(saslresult, NULL, NULL),
+@@ -1970,9 +1974,13 @@
+ 	do
+ 	{
+ 		result = attemptauth(m, mci, e, &(mci->mci_sai));
+-		if (result == EX_OK)
++		if (result == EX_OK) {
++#ifdef USE_BLACKLIST
++			int fd = sm_io_getinfo(mci->mci_in, SM_IO_WHAT_FD, NULL);
++			blacklist_notify(0, fd, "AUTH OK");
++#endif
+ 			mci->mci_sasl_auth = true;
+-		else if (result == EX_TEMPFAIL || result == EX_NOPERM)
++		} else if (result == EX_TEMPFAIL || result == EX_NOPERM)
+ 		{
+ 			mci->mci_saslcap = removemech((mci->mci_sai)[SASL_MECH],
+ 						      mci->mci_saslcap,
diff --git a/mail/sendmail/files/site.config.m4.blacklistd b/mail/sendmail/files/site.config.m4.blacklistd
new file mode 100644
index 000000000000..bc3a46e40d60
--- /dev/null
+++ b/mail/sendmail/files/site.config.m4.blacklistd
@@ -0,0 +1,2 @@
+APPENDDEF(`conf_sendmail_ENVDEF', `-DUSE_BLACKLIST')
+APPENDDEF(`conf_sendmail_LIBS', `-lblacklist')