ports/123544: New port: mail/postfix-postfwd A postfix firewall policy daemon
Sahil Tandon
sahil at tandon.net
Fri May 9 05:50:01 UTC 2008
>Number: 123544
>Category: ports
>Synopsis: New port: mail/postfix-postfwd A postfix firewall policy daemon
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri May 09 05:50:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Sahil Tandon
>Release: FreeBSD 6.1-RELEASE
>Organization:
>Environment:
FreeBSD bulwark.hamla.org 6.1-RELEASE-p17-jc1 FreeBSD 6.1-RELEASE-p17-jc1 #2: Fri Jun 8 12:56:07 PDT 2007 user at jail19.johncompanies.com:/usr/obj/usr/src/sys/jail19 i386
>Description:
The program uses the postfix policy delegation protocol to control access to
the mail system before a message has been accepted (please visit
http://www.postfix.org/SMTPD_POLICY_README.html for more information). It
allows you to choose an action (e.g. reject, dunno) for a combination of
several smtp parameters (like sender and recipient address, size or the
client's TLS fingerprint).
WWW: http://www.postfwd.org/
>How-To-Repeat:
>Fix:
The output of shar (piped to a .txt file) is attached. Output of portlint (just for reference, in case the .txt is mangled by the web form):
bulwark# portlint postfix-postfwd
WARN: Makefile: only one MASTER_SITE configured. Consider adding additional mirrors.
0 fatal errors and 1 warning found.
Patch attached with submission follows:
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# postfix-postfwd
# postfix-postfwd/Makefile
# postfix-postfwd/files
# postfix-postfwd/files/postfwd.in
# postfix-postfwd/files/pkg-message.in
# postfix-postfwd/pkg-plist
# postfix-postfwd/pkg-descr
# postfix-postfwd/distinfo
#
echo c - postfix-postfwd
mkdir -p postfix-postfwd > /dev/null 2>&1
echo x - postfix-postfwd/Makefile
sed 's/^X//' >postfix-postfwd/Makefile << 'END-of-postfix-postfwd/Makefile'
X# New ports collection makefile for: postfwd
X# Date created: 8 May 2008
X# Whom: Sahil Tandon <sahil at tandon.net>
X#
X# $FreeBSD$
X#
X
XPORTNAME= postfwd
XPORTVERSION= 1.10p.7b
XCATEGORIES= mail
XMASTER_SITES= http://www.postfwd.org/old/
XPKGNAMEPREFIX= postfix-
XDISTNAME= postfwd-1.10pre7b
X
XMAINTAINER= sahil at tandon.net
XCOMMENT= A postfix firewall policy daemon
X
XRUN_DEPENDS= ${SITE_PERL}/Net/DNS/Async.pm:${PORTSDIR}/dns/p5-Net-DNS-Async \
X ${SITE_PERL}/Net/CIDR/Lite.pm:${PORTSDIR}/net/p5-Net-CIDR-Lite \
X ${SITE_PERL}/IO/Multiplex.pm:${PORTSDIR}/devel/p5-IO-Multiplex
X
XSUB_FILES= pkg-message
X
XUSE_RC_SUBR= postfwd
XUSE_PERL5_RUN= yes
XNO_BUILD= yes
X
XMAN1= postfwd.1
X
X.include <bsd.port.pre.mk>
X
Xdo-install:
X ${INSTALL_SCRIPT} ${WRKSRC}/sbin/${PORTNAME} ${PREFIX}/bin/
X ${INSTALL_DATA} ${WRKSRC}/etc/${PORTNAME}.cf ${PREFIX}/etc/${PORTNAME}.conf.sample
X @${MKDIR} ${PREFIX}/man/man1
X ${INSTALL_MAN} ${WRKSRC}/man/man1/${MAN1} ${PREFIX}/man/man1/
X
Xpost-install:
X.if !defined(NOPORTDOCS)
X ${MKDIR} ${DOCSDIR}
X (cd ${WRKSRC}/doc/ && ${COPYTREE_SHARE} \* ${DOCSDIR})
X ${MKDIR} ${EXAMPLESDIR}
X ${INSTALL_DATA} ${WRKSRC}/bin/postfwd-rblcheck.pl ${EXAMPLESDIR}
X ${INSTALL_DATA} ${WRKSRC}/tools/request.sample ${EXAMPLESDIR}
X.endif
X @${CAT} ${PKGMESSAGE}
X
X.include <bsd.port.post.mk>
END-of-postfix-postfwd/Makefile
echo c - postfix-postfwd/files
mkdir -p postfix-postfwd/files > /dev/null 2>&1
echo x - postfix-postfwd/files/postfwd.in
sed 's/^X//' >postfix-postfwd/files/postfwd.in << 'END-of-postfix-postfwd/files/postfwd.in'
X#!/bin/sh
X
X# PROVIDE: postfwd
X# REQUIRE: LOGIN cleanvar
X# KEYWORD: shutdown
X#
X# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
X# to enable this service:
X#
X# postfwd_enable (bool):
X# Set to "NO" by default.
X# Set it to "YES" to enable postfwd.
X# postfwd_config (path): Set to %%PREFIX%%/etc/postfwd.conf
X# by default.
X#
X
X. %%RC_SUBR%%
X
Xname=postfwd
Xrcvar=${name}_enable
X
Xcommand=%%PREFIX%%/bin/${name}
Xrequired_files=%%PREFIX%%/etc/${name}.conf
Xpidfile="/var/run/${name}.pid"
X
Xstop_postcmd=stop_postcmd
X
Xstop_postcmd()
X{
X rm -f $pidfile
X}
X
Xload_rc_config "$name"
X
Xcase "$postfwd_enable" in
X [Yy][Ee][Ss] | 1 | [Oo][Nn] | [Tt][Rr][Uu][Ee]) ;;
X *) echo "To make use of $name you must first set $rcvar=\"YES\" in /etc/rc.conf" ;;
Xesac
X
X: ${postfwd_enable="NO"}
X: ${postfwd_config="%%PREFIX%%/etc/${name}.conf"}
X
Xcommand_args="-d -f ${required_files} -i 127.0.0.1 -p 10040 -u nobody -g nobody -S"
X
Xrun_rc_command "$1"
END-of-postfix-postfwd/files/postfwd.in
echo x - postfix-postfwd/files/pkg-message.in
sed 's/^X//' >postfix-postfwd/files/pkg-message.in << 'END-of-postfix-postfwd/files/pkg-message.in'
X*************
X* Start postfwd with:
X
X# %%PREFIX%%/bin/postfwd start
X
X* Integrate thusly in: %%PREFIX%%/etc/postfix/main.cf
X
X127.0.0.1:10040_time_limit = 3600
X
Xsmtpd_recipient_restrictions =
X ...
X permit_mynetworks
X ...
X reject_unauth_destination
X reject_unauth_pipelining
X check_policy_service inet:127.0.0.1:10040
X ...
X
X* NOTE: specify check_policy_service AFTER reject_unauth_destination
X* or else your system can become an open relay.
X*
X* CONFIGURATION:
X*
X* Create and edit %%PREFIX%%/etc/postfwd.conf
X* An example is provided in %%PREFIX%%/etc/postfwd.conf.sample
X*
X*************
END-of-postfix-postfwd/files/pkg-message.in
echo x - postfix-postfwd/pkg-plist
sed 's/^X//' >postfix-postfwd/pkg-plist << 'END-of-postfix-postfwd/pkg-plist'
Xbin/postfwd
Xetc/postfwd.conf.sample
X%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG
X%%PORTDOCS%%%%DOCSDIR%%/LICENSE
X%%PORTDOCS%%%%DOCSDIR%%/postfwd.html
X%%PORTDOCS%%%%DOCSDIR%%/postfwd.txt
X%%PORTDOCS%%%%EXAMPLESDIR%%/postfwd-rblcheck.pl
X%%PORTDOCS%%%%EXAMPLESDIR%%/request.sample
X%%PORTDOCS%%@dirrm %%EXAMPLESDIR%%
X%%PORTDOCS%%@dirrm %%DOCSDIR%%
END-of-postfix-postfwd/pkg-plist
echo x - postfix-postfwd/pkg-descr
sed 's/^X//' >postfix-postfwd/pkg-descr << 'END-of-postfix-postfwd/pkg-descr'
XThe program uses the postfix policy delegation protocol to control access to
Xthe mail system before a message has been accepted (please visit
Xhttp://www.postfix.org/SMTPD_POLICY_README.html for more information). It
Xallows you to choose an action (e.g. reject, dunno) for a combination of
Xseveral smtp parameters (like sender and recipient address, size or the
Xclient's TLS fingerprint).
X
XWWW: http://www.postfwd.org/
END-of-postfix-postfwd/pkg-descr
echo x - postfix-postfwd/distinfo
sed 's/^X//' >postfix-postfwd/distinfo << 'END-of-postfix-postfwd/distinfo'
XMD5 (postfwd-1.10pre7b.tar.gz) = 6ae4a3f7b7748ff20dc8ec915f76c4e9
XSHA256 (postfwd-1.10pre7b.tar.gz) = e8213518032061f6a85dcd54846f487d78e1f9886ef950dfc95456de1de0c70a
XSIZE (postfwd-1.10pre7b.tar.gz) = 81798
END-of-postfix-postfwd/distinfo
exit
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list