mail/p5-Mail-Milter-Authentication: Add new port

A Perl implementation of email authentication standards rolled up into a
single easy to use milter.
This milter verifies using the following standards.
    ARC / BIMI / DMARC / IPRev / SPF
    Check HELO matches it's IP address
    DKIM (including ADSP)
    DomainKeys (deprecated)
    SenderID (deprecated)
Includes other additional modules like AddID, ReturnOK and etc...

Approved by:	hrs (mentor)

mail/Makefile

@@ -377,6 +377,7 @@
     SUBDIR += p5-Mail-Mbox-MessageParser
     SUBDIR += p5-Mail-MboxParser
     SUBDIR += p5-Mail-Message
+    SUBDIR += p5-Mail-Milter-Authentication
     SUBDIR += p5-Mail-OpenDKIM
     SUBDIR += p5-Mail-OpenRelay-Simple
     SUBDIR += p5-Mail-POP3Client

mail/p5-Mail-Milter-Authentication/Makefile

@@ -0,0 +1,94 @@
+PORTNAME=	Mail-Milter-Authentication
+PORTVERSION=	3.20240205
+CATEGORIES=	mail perl5
+MASTER_SITES=	CPAN
+PKGNAMEPREFIX=	p5-
+
+MAINTAINER=	nork@FreeBSD.org
+COMMENT=	Perl Mail Authentication Milter
+WWW=		https://metacpan.org/release/Mail-Milter-Authentication/
+
+LICENSE=	ART10 GPLv1+
+LICENSE_COMB=	dual
+
+BUILD_DEPENDS=	p5-File-ShareDir-Install>0:devel/p5-File-ShareDir-Install
+RUN_DEPENDS=	p5-App-Cmd>0:devel/p5-App-Cmd \
+		p5-Clone>0:devel/p5-Clone \
+		p5-Date-Manip>0:devel/p5-Date-Manip \
+		p5-Email-Date-Format>0:mail/p5-Email-Date-Format \
+		p5-Email-Sender>0:mail/p5-Email-Sender \
+		p5-Email-Simple>0:mail/p5-Email-Simple \
+		p5-File-Slurp>0:devel/p5-File-Slurp \
+		p5-Import-Into>0:devel/p5-Import-Into \
+		p5-JSON-XS>0:converters/p5-JSON-XS \
+		p5-List-MoreUtils>0:lang/p5-List-MoreUtils \
+		p5-Lock-File>0:devel/p5-Lock-File \
+		p5-Log-Dispatchouli>0:devel/p5-Log-Dispatchouli \
+		p5-Mail-AuthenticationResults>2.20230112:mail/p5-Mail-AuthenticationResults \
+		p5-Mail-BIMI>=3.20230913:mail/p5-Mail-BIMI \
+		p5-Mail-DataFeed-Abusix>=1.20200617.1:mail/p5-Mail-DataFeed-Abusix \
+		p5-Mail-DKIM>=1.20200824:mail/p5-Mail-DKIM \
+		p5-Mail-DMARC>=1.20160612:mail/p5-Mail-DMARC \
+		p5-Mail-SPF>0:mail/p5-Mail-SPF \
+		p5-Net-DNS-Resolver-Mock>=1.20171219:dns/p5-Net-DNS-Resolver-Mock \
+		p5-Net-DNS>=1.01:dns/p5-Net-DNS \
+		p5-Net-IP>0:net-mgmt/p5-Net-IP \
+		p5-Net-Server>0:net/p5-Net-Server \
+		p5-Proc-ProcessTable>0:devel/p5-Proc-ProcessTable \
+		p5-Prometheus-Tiny-Shared>=0.020:net-mgmt/p5-Prometheus-Tiny-Shared \
+		p5-Sereal>0:converters/p5-Sereal \
+		p5-SUPER>0:devel/p5-SUPER \
+		p5-Test-File-Contents>0:devel/p5-Test-File-Contents \
+		p5-Text-Table>0:textproc/p5-Text-Table \
+		p5-TimeDate>0:devel/p5-TimeDate \
+		p5-TOML>0:textproc/p5-TOML
+TEST_DEPENDS=	p5-Crypt-OpenSSL-RSA>0:security/p5-Crypt-OpenSSL-RSA \
+		p5-Test-CheckManifest>0:devel/p5-Test-CheckManifest \
+		p5-Test-Exception>0:devel/p5-Test-Exception \
+		p5-Test-Perl-Critic>0:textproc/p5-Test-Perl-Critic
+
+USES=		perl5 shebangfix
+USE_PERL5=	configure
+USE_RC_SUBR=	authentication_milter
+SHEBANG_FILES=	bin/authentication_milter bin/authentication_milter_blocker \
+		bin/authentication_milter_client bin/authentication_milter_log
+
+TEST_ENV=	AUTHOR_TESTING=1 \
+		RELEASE_TESTING=1 \
+		TEST_AUTHOR=1
+
+ETCDIR=			${PREFIX}/etc/mail
+EXTRACT_AFTER_ARGS=	--exclude ./share/authentication_milter.init \
+			--no-same-owner --no-same-permission
+.for V in CACHEDIR ETCDIR RUNDIR SPOOLDIR VARLIBDIR VARLIBDIRBASE \
+	DEFAULT_USER DEFAULT_GROUP
+REINPLACE_LIST+=	-e "s|%%${V}%%|${$V}|g"
+.endfor
+NO_ARCH=		yes
+SUB_FILES=		pkg-message
+.for V in CACHEDIR ETCDIR RUNDIR SPOOLDIR VARLIBDIR VARLIBDIRBASE \
+	DEFAULT_USER DEFAULT_GROUP
+SUB_LIST+=		${V}=${$V}
+.endfor
+
+PLIST_SUB=	${SUB_LIST}
+
+CACHEDIR=	/var/cache/auth_milter
+DEFAULT_GROUP=	mailnull
+DEFAULT_USER=	mailnull
+RUNDIR=		/var/run/auth_milter
+SPOOLDIR=	/var/spool/auth_milter
+VARLIBDIR=	/var/lib/auth_milter
+VARLIBDIRBASE=	/var/lib
+
+post-patch:
+		cd ${PATCH_WRKSRC} && ${REINPLACE_CMD} ${REINPLACE_LIST} \
+		    bin/authentication_milter \
+		    lib/Mail/Milter/Authentication/Config.pm \
+		    lib/Mail/Milter/Authentication/Handler/DMARC.pm \
+		    share/authentication_milter.json
+
+post-install:
+		${MKDIR} ${STAGEDIR}${ETCDIR}/authentication_milter.d
+
+.include <bsd.port.mk>

mail/p5-Mail-Milter-Authentication/distinfo

@@ -0,0 +1,3 @@
+TIMESTAMP = 1708613768
+SHA256 (Mail-Milter-Authentication-3.20240205.tar.gz) = 88a04406509c2f6a2b1b718b1ca250dc4e86f783343ceeb6cd6eac00ed4d0d7e
+SIZE (Mail-Milter-Authentication-3.20240205.tar.gz) = 249101

mail/p5-Mail-Milter-Authentication/files/authentication_milter.in

@@ -0,0 +1,93 @@
+#!/bin/sh
+
+# PROVIDE: authentication_milter
+# REQUIRE: NETWORKING
+# BEFORE:  mail
+# KEYWORD: shutdown
+#
+# Define these authentication_milter* variables in one of these files:
+#	/etc/rc.conf
+#	/etc/rc.conf.local
+#	/etc/rc.conf.d/authentication_milter
+#
+# DO NOT CHANGE THESE DEFAULT VALUES HERE
+#
+# Add the following lines to /etc/rc.conf to enable authentication_milter:
+#
+# authentication_milter_enable="YES"
+# authentication_milter_flags="<set as needed>"
+# authentication_milter_prefix="%%ETCDIR%%"
+# authentication_milter_foreground_enable="<default 'NO'>"
+#
+
+. /etc/rc.subr
+
+name="authentication_milter"
+rcvar="authentication_milter_enable"
+procname="${name}:parent"
+
+load_rc_config $name
+
+: ${authentication_milter_enable:=NO}
+: ${authentication_milter_prefix:=%%ETCDIR%%}
+: ${authentication_milter_foreground_enable:=NO}
+
+pidfile="%%RUNDIR%%/${name}.pid"
+command="%%PREFIX%%/bin/authentication_milter"
+command_args="--pidfile ${pidfile} --prefix ${authentication_milter_prefix} ${command_args}"
+
+start_precmd="authentication_milter_precmd_start"
+stop_precmd="authentication_milter_precmd"
+
+authentication_milter_precmd_start () {
+	var1=
+	var2=
+
+	case "${authentication_milter_flags}" in
+	-c*|*-c*|--control*|*--control*)
+		var1="control"
+		;;
+	-d*|*-d*|--daemon*|*--daemon*)
+		var1="daemon"
+		;;
+	--pidfile*|*--pidfile*)
+		var2="pidfile"
+		;;
+	--prefix*|*--prefix*)
+		var2="prefix"
+		;;
+	-h*|*-h*|--help*|*--help*)
+		var1="help"
+		;;
+	esac
+	case ${var1} in
+	"")	;;
+	*)
+		err 1 "Invalid option --${var1} found in ${name}_flags"
+	;;
+	esac
+	case ${var2} in
+	"")	;;
+	*)
+		err 1 "Invalid option --${var2} found in ${name}_flags." \
+		    "Use \$${name}_${var2} in /etc/rc.conf instead."
+	;;
+	esac
+
+	piddir=$(dirname "$pidfile")
+	install -d %%VARLIBDIRBASE%%
+	install -d -m 0755 -o "%%DEFAULT_USER%%" -g "%%DEFAULT_GROUP%%" "$piddir"
+	install -d -m 0750 -o "%%DEFAULT_USER%%" -g "%%DEFAULT_GROUP%%" \
+	    %%RUNDIR%% %%CACHEDIR%% %%SPOOLDIR%% %%VARLIBDIR%%
+
+	authentication_milter_precmd
+	if ! checkyesno authentication_milter_foreground_enable; then
+		command_args="-d ${command_args}"
+	fi
+}
+
+authentication_milter_precmd () {
+	command_args="-c ${rc_arg} ${command_args}"
+}
+
+run_rc_command "$1"

mail/p5-Mail-Milter-Authentication/files/patch-bin_authentication__milter

@@ -0,0 +1,85 @@
+--- bin/authentication_milter.orig	2024-02-05 02:41:57 UTC
++++ bin/authentication_milter
+@@ -15,7 +15,7 @@ use Mail::Milter::Authentication::Protocol::SMTP;
+ use Mail::Milter::Authentication::Protocol::SMTP;
+
+ # CONFIG
+-my $pid_file = '/run/authentication_milter.pid';
++my $pid_file = '%%RUNDIR%%/authentication_milter.pid';
+ my $daemon = 0;
+ my $help   = 0;
+ my $prefix;
+@@ -195,11 +195,11 @@ version 3.20240205
+ =item --pidfile <file>
+
+   Write the process PID to the given file.
+-  defaults to /run/authentication_milter.pid
++  defaults to %%RUNDIR%%/authentication_milter.pid
+
+ =item --prefix <dir>
+
+-  Read configuration from dir rather than /etc/
++  Read configuration from dir rather than %%ETCDIR%%
+
+ =item -i|--ident <ident>
+
+@@ -212,7 +212,7 @@ version 3.20240205
+
+ =head1 CONFIGURATION
+
+-  The milter reads configuration from /etc/authentication_milter.json
++  The milter reads configuration from %%ETCDIR%%/authentication_milter.json
+
+   The configuration file format is as follows...
+
+@@ -266,10 +266,10 @@ version 3.20240205
+     "metric_tempfile"   : "/tmpfs/authmilter_metrics",  | Path to shared metrics data, defaults to <lib_path>/metrics
+     "metric_basic_http" : 1,                            | Disable extended http services such as config and grafana json pages
+
+-    "cache_dir"        : "/var/cache/auth_milter",      | Path to the shared cache directory
+-    "spool_dir"        : "/var/spool/auth_milter",      | Path to the shared spool directory
+-    "lib_dir"          : "/var/lib/auth_milter",        | Path to the shared lib directory
+-    "lock_file"        : "/var/run/authmilter.lock",    | Optionally specify the location of the Net::Server lock file
++    "cache_dir"        : "%%CACHEDIR%%",      | Path to the shared cache directory
++    "spool_dir"        : "%%SPOOLDIR%%",      | Path to the shared spool directory
++    "lib_dir"          : "%%VARLIBDIR%%",        | Path to the shared lib directory
++    "lock_file"        : "%%RUNDIR%%/authmilter.lock", | Optionally specify the location of the Net::Server lock file
+
+     # metric_port and metric_host are deprecated.
+     # please use metric_connection instead
+@@ -289,7 +289,7 @@ version 3.20240205
+         "sock_type"      : "inet",                      | Socket type (inet or unix)
+         "sock_host"      : "localhost",                 | Host to connect to (when inet)
+         "sock_port"      : "2525",                      | Port to connect to (when inet)
+-        "sock_path"      : "/var/run/smtp.sock",        | Socket path to connect to (when unix)
++        "sock_path"      : "%%RUNDIR%%/smtp.sock", | Socket path to connect to (when unix)
+         "timeout_in"     : "10",                        | Timeout when waiting for inbound SMTP data
+         "timeout_out"    : "10",                        | Timeout when waiting for outbound SMTP data
+         "pipeline_limit" : "50",                        | Limit the number of transactions accepted in an SMTP pipeline
+@@ -315,7 +315,7 @@ version 3.20240205
+         "unix:/var/sock/a.sock" : {
+             "server_name" : "util.example.com",
+             "sock_type"   : "unix",
+-            "sock_path"   : "/var/run/smtp.sock",
++            "sock_path"   : "%%RUNDIR%%/smtp.sock",
+             "timeout_in"  : "10",
+             "timeout_out" : "10"
+         }
+@@ -408,7 +408,7 @@ version 3.20240205
+         },
+         "!InactiveModule" : {},
+                                                         | Additionally, config for a module can be placed in a file
+-                                                        | with filename /etc/authentication_milter.d/ModuleName.json
++                                                        | with filename %%ETCDIR%%/authentication_milter.d/ModuleName.json
+                                                         | the contents of which should be the JSON assigned to the
+                                                         | entry here.
+
+@@ -421,7 +421,7 @@ This milter uses Mail::DMARC as a backend for DMARC ch
+
+ This milter uses Mail::DMARC as a backend for DMARC checks, this module requires that a configuration file is setup.
+
+-You should create and populate /etc/mail-dmarc.ini
++You should create and populate %%ETCDIR%%/mail-dmarc.ini
+
+ For DMARC reporting you are also required to setup a datastore, including creating a basic table structure.
+ The detauls of this are to be found in the Mail::DMARC documentation.

mail/p5-Mail-Milter-Authentication/files/patch-lib_Mail_Milter_Authentication.pm

@@ -0,0 +1,18 @@
+--- lib/Mail/Milter/Authentication.pm.orig	2024-02-05 02:41:57 UTC
++++ lib/Mail/Milter/Authentication.pm
+@@ -32,11 +32,14 @@ use vars qw(@ISA);
+         my $MYARGS = {
+             'ident' => $Mail::Milter::Authentication::Config::IDENT,
+             'to_stderr' => 0, # handled elsewhere
++            'to_stdout' => 0, # handled elsewhere
+             'log_pid' => 1,
+             'facility' => LOG_MAIL,
+         };
+         if ( exists $config->{ 'log_dispatchouli' } ) {
+-            $MYARGS = $config->{ 'log_dispatchouli' };
++            foreach my $k (keys %{$config->{ 'log_dispatchouli' }}) {
++                $MYARGS->{$k} = $config->{ 'log_dispatchouli' }->{$k};
++            }
+         }
+
+         $LOGGER = Log::Dispatchouli->new( $MYARGS );

mail/p5-Mail-Milter-Authentication/files/patch-lib_Mail_Milter_Authentication_Config.pm

@@ -0,0 +1,71 @@
+--- lib/Mail/Milter/Authentication/Config.pm.orig	2024-02-05 02:41:57 UTC
++++ lib/Mail/Milter/Authentication/Config.pm
+@@ -21,7 +21,7 @@ our @EXPORT_OK = qw{
+ };
+
+
+-our $PREFIX = '/etc';
++our $PREFIX = '%%ETCDIR%%';
+ our $IDENT  = 'authentication_milter';
+ my  $CONFIG;
+
+@@ -31,19 +31,19 @@ sub default_config {
+         'debug'                           => 0,
+         'dryrun'                          => 0,
+         'logtoerr'                        => 0,
+-        'error_log'                       => '/var/log/authentication_milter.err',
++        "log_dispatchouli"                => {},
+         'extended_log'                    => 1,
+         'legacy_log'                      => 0,
+-        'connection'                      => 'inet:12345@localhost',
+-        'umask'                           => '0000',
+-        'runas'                           => 'nobody',
+-        'rungroup'                        => 'nogroup',
++        'connection'                      => 'unix:%%RUNDIR%%/auth_milter.sock',
++        'umask'                           => '0077',
++        'runas'                           => '%%DEFAULT_USER%%',
++        'rungroup'                        => '%%DEFAULT_GROUP%%',
+         'listen_backlog'                  => 20,
+         'check_for_dequeue'               => 60,
+-        'min_children'                    => 20,
+-        'max_children'                    => 200,
+-        'min_spare_children'              => 10,
+-        'max_spare_children'              => 20,
++        'min_children'                    => 1,
++        'max_children'                    => 2,
++        'min_spare_children'              => 1,
++        'max_spare_children'              => 1,
+         'max_requests_per_child'          => 200,
+         'protocol'                        => 'milter',
+         'connect_timeout'                 => 30,
+@@ -61,9 +61,9 @@ sub default_config {
+         'ip_map'                          => {},
+         'authserv_id'                     => '',
+         'handlers'                        => {},
+-        'cache_dir'                       => '/var/cache/authentication_milter',
+-        'spool_dir'                       => '/var/spool/authentication_milter',
+-        'lib_dir'                         => '/var/lib/authentication_milter',
++        'cache_dir'                       => '%%CACHEDIR%%',
++        'spool_dir'                       => '%%SPOOLDIR%%',
++        'lib_dir'                         => '%%VARLIBDIR%%',
+         'lock_file'                       => '',
+     };
+
+@@ -104,7 +104,7 @@ sub setup_config {
+         else {
+             if ( $EUID == 0 ) {
+                 # We are root, create in global space
+-                $dir = '/var/'.$type.'/authentication_milter';
++                $dir = '/var/'.$type.'/auth_milter';
+                 mkdir $dir if ! -e $dir;
+                 # Create the subdir for this IDENT
+                 $dir .= '/'.$safe_ident;
+@@ -119,7 +119,7 @@ sub setup_config {
+             else {
+                 # We are a user! Create something in a temporary space
+                 $dir = join( '_',
+-                  '/tmp/authentication_milter',
++                  '/tmp/auth_milter',
+                   $type,
+                   $EUID,
+                   $safe_ident,

mail/p5-Mail-Milter-Authentication/files/patch-lib_Mail_Milter_Authentication_Handler_DMARC.pm

@@ -0,0 +1,11 @@
+--- lib/Mail/Milter/Authentication/Handler/DMARC.pm.orig	2024-02-05 02:41:57 UTC
++++ lib/Mail/Milter/Authentication/Handler/DMARC.pm
+@@ -26,7 +26,7 @@ sub default_config {
+         'report_suppression_list' => 'rbl.example.com',
+         'no_report'      => 0,
+         'hide_report_to' => 0,
+-        'config_file'    => '/etc/mail-dmarc.ini',
++        'config_file'    => '%%ETCDIR%%/mail-dmarc.ini',
+         'no_reject_disposition' => 'quarantine',
+         'no_list_reject_disposition' => 'none',
+         'reject_on_multifrom' => 30,