-
Notifications
You must be signed in to change notification settings - Fork 739
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
mail/p5-Mail-Milter-Authentication: Add new port
A Perl implementation of email authentication standards rolled up into a single easy to use milter. This milter verifies using the following standards. ARC / BIMI / DMARC / IPRev / SPF Check HELO matches it's IP address DKIM (including ADSP) DomainKeys (deprecated) SenderID (deprecated) Includes other additional modules like AddID, ReturnOK and etc... Approved by: hrs (mentor)
- Loading branch information
Showing
12 changed files
with
635 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
PORTNAME= Mail-Milter-Authentication | ||
PORTVERSION= 3.20240205 | ||
CATEGORIES= mail perl5 | ||
MASTER_SITES= CPAN | ||
PKGNAMEPREFIX= p5- | ||
|
||
MAINTAINER= nork@FreeBSD.org | ||
COMMENT= Perl Mail Authentication Milter | ||
WWW= https://metacpan.org/release/Mail-Milter-Authentication/ | ||
|
||
LICENSE= ART10 GPLv1+ | ||
LICENSE_COMB= dual | ||
|
||
BUILD_DEPENDS= p5-File-ShareDir-Install>0:devel/p5-File-ShareDir-Install | ||
RUN_DEPENDS= p5-App-Cmd>0:devel/p5-App-Cmd \ | ||
p5-Clone>0:devel/p5-Clone \ | ||
p5-Date-Manip>0:devel/p5-Date-Manip \ | ||
p5-Email-Date-Format>0:mail/p5-Email-Date-Format \ | ||
p5-Email-Sender>0:mail/p5-Email-Sender \ | ||
p5-Email-Simple>0:mail/p5-Email-Simple \ | ||
p5-File-Slurp>0:devel/p5-File-Slurp \ | ||
p5-Import-Into>0:devel/p5-Import-Into \ | ||
p5-JSON-XS>0:converters/p5-JSON-XS \ | ||
p5-List-MoreUtils>0:lang/p5-List-MoreUtils \ | ||
p5-Lock-File>0:devel/p5-Lock-File \ | ||
p5-Log-Dispatchouli>0:devel/p5-Log-Dispatchouli \ | ||
p5-Mail-AuthenticationResults>2.20230112:mail/p5-Mail-AuthenticationResults \ | ||
p5-Mail-BIMI>=3.20230913:mail/p5-Mail-BIMI \ | ||
p5-Mail-DataFeed-Abusix>=1.20200617.1:mail/p5-Mail-DataFeed-Abusix \ | ||
p5-Mail-DKIM>=1.20200824:mail/p5-Mail-DKIM \ | ||
p5-Mail-DMARC>=1.20160612:mail/p5-Mail-DMARC \ | ||
p5-Mail-SPF>0:mail/p5-Mail-SPF \ | ||
p5-Net-DNS-Resolver-Mock>=1.20171219:dns/p5-Net-DNS-Resolver-Mock \ | ||
p5-Net-DNS>=1.01:dns/p5-Net-DNS \ | ||
p5-Net-IP>0:net-mgmt/p5-Net-IP \ | ||
p5-Net-Server>0:net/p5-Net-Server \ | ||
p5-Proc-ProcessTable>0:devel/p5-Proc-ProcessTable \ | ||
p5-Prometheus-Tiny-Shared>=0.020:net-mgmt/p5-Prometheus-Tiny-Shared \ | ||
p5-Sereal>0:converters/p5-Sereal \ | ||
p5-SUPER>0:devel/p5-SUPER \ | ||
p5-Test-File-Contents>0:devel/p5-Test-File-Contents \ | ||
p5-Text-Table>0:textproc/p5-Text-Table \ | ||
p5-TimeDate>0:devel/p5-TimeDate \ | ||
p5-TOML>0:textproc/p5-TOML | ||
TEST_DEPENDS= p5-Crypt-OpenSSL-RSA>0:security/p5-Crypt-OpenSSL-RSA \ | ||
p5-Test-CheckManifest>0:devel/p5-Test-CheckManifest \ | ||
p5-Test-Exception>0:devel/p5-Test-Exception \ | ||
p5-Test-Perl-Critic>0:textproc/p5-Test-Perl-Critic | ||
|
||
USES= perl5 shebangfix | ||
USE_PERL5= configure | ||
USE_RC_SUBR= authentication_milter | ||
SHEBANG_FILES= bin/authentication_milter bin/authentication_milter_blocker \ | ||
bin/authentication_milter_client bin/authentication_milter_log | ||
|
||
TEST_ENV= AUTHOR_TESTING=1 \ | ||
RELEASE_TESTING=1 \ | ||
TEST_AUTHOR=1 | ||
|
||
ETCDIR= ${PREFIX}/etc/mail | ||
EXTRACT_AFTER_ARGS= --exclude ./share/authentication_milter.init \ | ||
--no-same-owner --no-same-permission | ||
.for V in CACHEDIR ETCDIR RUNDIR SPOOLDIR VARLIBDIR VARLIBDIRBASE \ | ||
DEFAULT_USER DEFAULT_GROUP | ||
REINPLACE_LIST+= -e "s|%%${V}%%|${$V}|g" | ||
.endfor | ||
NO_ARCH= yes | ||
SUB_FILES= pkg-message | ||
.for V in CACHEDIR ETCDIR RUNDIR SPOOLDIR VARLIBDIR VARLIBDIRBASE \ | ||
DEFAULT_USER DEFAULT_GROUP | ||
SUB_LIST+= ${V}=${$V} | ||
.endfor | ||
|
||
PLIST_SUB= ${SUB_LIST} | ||
|
||
CACHEDIR= /var/cache/auth_milter | ||
DEFAULT_GROUP= mailnull | ||
DEFAULT_USER= mailnull | ||
RUNDIR= /var/run/auth_milter | ||
SPOOLDIR= /var/spool/auth_milter | ||
VARLIBDIR= /var/lib/auth_milter | ||
VARLIBDIRBASE= /var/lib | ||
|
||
post-patch: | ||
cd ${PATCH_WRKSRC} && ${REINPLACE_CMD} ${REINPLACE_LIST} \ | ||
bin/authentication_milter \ | ||
lib/Mail/Milter/Authentication/Config.pm \ | ||
lib/Mail/Milter/Authentication/Handler/DMARC.pm \ | ||
share/authentication_milter.json | ||
|
||
post-install: | ||
${MKDIR} ${STAGEDIR}${ETCDIR}/authentication_milter.d | ||
|
||
.include <bsd.port.mk> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
TIMESTAMP = 1708613768 | ||
SHA256 (Mail-Milter-Authentication-3.20240205.tar.gz) = 88a04406509c2f6a2b1b718b1ca250dc4e86f783343ceeb6cd6eac00ed4d0d7e | ||
SIZE (Mail-Milter-Authentication-3.20240205.tar.gz) = 249101 |
93 changes: 93 additions & 0 deletions
93
mail/p5-Mail-Milter-Authentication/files/authentication_milter.in
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
#!/bin/sh | ||
|
||
# PROVIDE: authentication_milter | ||
# REQUIRE: NETWORKING | ||
# BEFORE: mail | ||
# KEYWORD: shutdown | ||
# | ||
# Define these authentication_milter* variables in one of these files: | ||
# /etc/rc.conf | ||
# /etc/rc.conf.local | ||
# /etc/rc.conf.d/authentication_milter | ||
# | ||
# DO NOT CHANGE THESE DEFAULT VALUES HERE | ||
# | ||
# Add the following lines to /etc/rc.conf to enable authentication_milter: | ||
# | ||
# authentication_milter_enable="YES" | ||
# authentication_milter_flags="<set as needed>" | ||
# authentication_milter_prefix="%%ETCDIR%%" | ||
# authentication_milter_foreground_enable="<default 'NO'>" | ||
# | ||
|
||
. /etc/rc.subr | ||
|
||
name="authentication_milter" | ||
rcvar="authentication_milter_enable" | ||
procname="${name}:parent" | ||
|
||
load_rc_config $name | ||
|
||
: ${authentication_milter_enable:=NO} | ||
: ${authentication_milter_prefix:=%%ETCDIR%%} | ||
: ${authentication_milter_foreground_enable:=NO} | ||
|
||
pidfile="%%RUNDIR%%/${name}.pid" | ||
command="%%PREFIX%%/bin/authentication_milter" | ||
command_args="--pidfile ${pidfile} --prefix ${authentication_milter_prefix} ${command_args}" | ||
|
||
start_precmd="authentication_milter_precmd_start" | ||
stop_precmd="authentication_milter_precmd" | ||
|
||
authentication_milter_precmd_start () { | ||
var1= | ||
var2= | ||
|
||
case "${authentication_milter_flags}" in | ||
-c*|*-c*|--control*|*--control*) | ||
var1="control" | ||
;; | ||
-d*|*-d*|--daemon*|*--daemon*) | ||
var1="daemon" | ||
;; | ||
--pidfile*|*--pidfile*) | ||
var2="pidfile" | ||
;; | ||
--prefix*|*--prefix*) | ||
var2="prefix" | ||
;; | ||
-h*|*-h*|--help*|*--help*) | ||
var1="help" | ||
;; | ||
esac | ||
case ${var1} in | ||
"") ;; | ||
*) | ||
err 1 "Invalid option --${var1} found in ${name}_flags" | ||
;; | ||
esac | ||
case ${var2} in | ||
"") ;; | ||
*) | ||
err 1 "Invalid option --${var2} found in ${name}_flags." \ | ||
"Use \$${name}_${var2} in /etc/rc.conf instead." | ||
;; | ||
esac | ||
|
||
piddir=$(dirname "$pidfile") | ||
install -d %%VARLIBDIRBASE%% | ||
install -d -m 0755 -o "%%DEFAULT_USER%%" -g "%%DEFAULT_GROUP%%" "$piddir" | ||
install -d -m 0750 -o "%%DEFAULT_USER%%" -g "%%DEFAULT_GROUP%%" \ | ||
%%RUNDIR%% %%CACHEDIR%% %%SPOOLDIR%% %%VARLIBDIR%% | ||
|
||
authentication_milter_precmd | ||
if ! checkyesno authentication_milter_foreground_enable; then | ||
command_args="-d ${command_args}" | ||
fi | ||
} | ||
|
||
authentication_milter_precmd () { | ||
command_args="-c ${rc_arg} ${command_args}" | ||
} | ||
|
||
run_rc_command "$1" |
85 changes: 85 additions & 0 deletions
85
mail/p5-Mail-Milter-Authentication/files/patch-bin_authentication__milter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
--- bin/authentication_milter.orig 2024-02-05 02:41:57 UTC | ||
+++ bin/authentication_milter | ||
@@ -15,7 +15,7 @@ use Mail::Milter::Authentication::Protocol::SMTP; | ||
use Mail::Milter::Authentication::Protocol::SMTP; | ||
|
||
# CONFIG | ||
-my $pid_file = '/run/authentication_milter.pid'; | ||
+my $pid_file = '%%RUNDIR%%/authentication_milter.pid'; | ||
my $daemon = 0; | ||
my $help = 0; | ||
my $prefix; | ||
@@ -195,11 +195,11 @@ version 3.20240205 | ||
=item --pidfile <file> | ||
|
||
Write the process PID to the given file. | ||
- defaults to /run/authentication_milter.pid | ||
+ defaults to %%RUNDIR%%/authentication_milter.pid | ||
|
||
=item --prefix <dir> | ||
|
||
- Read configuration from dir rather than /etc/ | ||
+ Read configuration from dir rather than %%ETCDIR%% | ||
|
||
=item -i|--ident <ident> | ||
|
||
@@ -212,7 +212,7 @@ version 3.20240205 | ||
|
||
=head1 CONFIGURATION | ||
|
||
- The milter reads configuration from /etc/authentication_milter.json | ||
+ The milter reads configuration from %%ETCDIR%%/authentication_milter.json | ||
|
||
The configuration file format is as follows... | ||
|
||
@@ -266,10 +266,10 @@ version 3.20240205 | ||
"metric_tempfile" : "/tmpfs/authmilter_metrics", | Path to shared metrics data, defaults to <lib_path>/metrics | ||
"metric_basic_http" : 1, | Disable extended http services such as config and grafana json pages | ||
|
||
- "cache_dir" : "/var/cache/auth_milter", | Path to the shared cache directory | ||
- "spool_dir" : "/var/spool/auth_milter", | Path to the shared spool directory | ||
- "lib_dir" : "/var/lib/auth_milter", | Path to the shared lib directory | ||
- "lock_file" : "/var/run/authmilter.lock", | Optionally specify the location of the Net::Server lock file | ||
+ "cache_dir" : "%%CACHEDIR%%", | Path to the shared cache directory | ||
+ "spool_dir" : "%%SPOOLDIR%%", | Path to the shared spool directory | ||
+ "lib_dir" : "%%VARLIBDIR%%", | Path to the shared lib directory | ||
+ "lock_file" : "%%RUNDIR%%/authmilter.lock", | Optionally specify the location of the Net::Server lock file | ||
|
||
# metric_port and metric_host are deprecated. | ||
# please use metric_connection instead | ||
@@ -289,7 +289,7 @@ version 3.20240205 | ||
"sock_type" : "inet", | Socket type (inet or unix) | ||
"sock_host" : "localhost", | Host to connect to (when inet) | ||
"sock_port" : "2525", | Port to connect to (when inet) | ||
- "sock_path" : "/var/run/smtp.sock", | Socket path to connect to (when unix) | ||
+ "sock_path" : "%%RUNDIR%%/smtp.sock", | Socket path to connect to (when unix) | ||
"timeout_in" : "10", | Timeout when waiting for inbound SMTP data | ||
"timeout_out" : "10", | Timeout when waiting for outbound SMTP data | ||
"pipeline_limit" : "50", | Limit the number of transactions accepted in an SMTP pipeline | ||
@@ -315,7 +315,7 @@ version 3.20240205 | ||
"unix:/var/sock/a.sock" : { | ||
"server_name" : "util.example.com", | ||
"sock_type" : "unix", | ||
- "sock_path" : "/var/run/smtp.sock", | ||
+ "sock_path" : "%%RUNDIR%%/smtp.sock", | ||
"timeout_in" : "10", | ||
"timeout_out" : "10" | ||
} | ||
@@ -408,7 +408,7 @@ version 3.20240205 | ||
}, | ||
"!InactiveModule" : {}, | ||
| Additionally, config for a module can be placed in a file | ||
- | with filename /etc/authentication_milter.d/ModuleName.json | ||
+ | with filename %%ETCDIR%%/authentication_milter.d/ModuleName.json | ||
| the contents of which should be the JSON assigned to the | ||
| entry here. | ||
|
||
@@ -421,7 +421,7 @@ This milter uses Mail::DMARC as a backend for DMARC ch | ||
|
||
This milter uses Mail::DMARC as a backend for DMARC checks, this module requires that a configuration file is setup. | ||
|
||
-You should create and populate /etc/mail-dmarc.ini | ||
+You should create and populate %%ETCDIR%%/mail-dmarc.ini | ||
|
||
For DMARC reporting you are also required to setup a datastore, including creating a basic table structure. | ||
The detauls of this are to be found in the Mail::DMARC documentation. |
18 changes: 18 additions & 0 deletions
18
mail/p5-Mail-Milter-Authentication/files/patch-lib_Mail_Milter_Authentication.pm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
--- lib/Mail/Milter/Authentication.pm.orig 2024-02-05 02:41:57 UTC | ||
+++ lib/Mail/Milter/Authentication.pm | ||
@@ -32,11 +32,14 @@ use vars qw(@ISA); | ||
my $MYARGS = { | ||
'ident' => $Mail::Milter::Authentication::Config::IDENT, | ||
'to_stderr' => 0, # handled elsewhere | ||
+ 'to_stdout' => 0, # handled elsewhere | ||
'log_pid' => 1, | ||
'facility' => LOG_MAIL, | ||
}; | ||
if ( exists $config->{ 'log_dispatchouli' } ) { | ||
- $MYARGS = $config->{ 'log_dispatchouli' }; | ||
+ foreach my $k (keys %{$config->{ 'log_dispatchouli' }}) { | ||
+ $MYARGS->{$k} = $config->{ 'log_dispatchouli' }->{$k}; | ||
+ } | ||
} | ||
|
||
$LOGGER = Log::Dispatchouli->new( $MYARGS ); |
71 changes: 71 additions & 0 deletions
71
mail/p5-Mail-Milter-Authentication/files/patch-lib_Mail_Milter_Authentication_Config.pm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
--- lib/Mail/Milter/Authentication/Config.pm.orig 2024-02-05 02:41:57 UTC | ||
+++ lib/Mail/Milter/Authentication/Config.pm | ||
@@ -21,7 +21,7 @@ our @EXPORT_OK = qw{ | ||
}; | ||
|
||
|
||
-our $PREFIX = '/etc'; | ||
+our $PREFIX = '%%ETCDIR%%'; | ||
our $IDENT = 'authentication_milter'; | ||
my $CONFIG; | ||
|
||
@@ -31,19 +31,19 @@ sub default_config { | ||
'debug' => 0, | ||
'dryrun' => 0, | ||
'logtoerr' => 0, | ||
- 'error_log' => '/var/log/authentication_milter.err', | ||
+ "log_dispatchouli" => {}, | ||
'extended_log' => 1, | ||
'legacy_log' => 0, | ||
- 'connection' => 'inet:12345@localhost', | ||
- 'umask' => '0000', | ||
- 'runas' => 'nobody', | ||
- 'rungroup' => 'nogroup', | ||
+ 'connection' => 'unix:%%RUNDIR%%/auth_milter.sock', | ||
+ 'umask' => '0077', | ||
+ 'runas' => '%%DEFAULT_USER%%', | ||
+ 'rungroup' => '%%DEFAULT_GROUP%%', | ||
'listen_backlog' => 20, | ||
'check_for_dequeue' => 60, | ||
- 'min_children' => 20, | ||
- 'max_children' => 200, | ||
- 'min_spare_children' => 10, | ||
- 'max_spare_children' => 20, | ||
+ 'min_children' => 1, | ||
+ 'max_children' => 2, | ||
+ 'min_spare_children' => 1, | ||
+ 'max_spare_children' => 1, | ||
'max_requests_per_child' => 200, | ||
'protocol' => 'milter', | ||
'connect_timeout' => 30, | ||
@@ -61,9 +61,9 @@ sub default_config { | ||
'ip_map' => {}, | ||
'authserv_id' => '', | ||
'handlers' => {}, | ||
- 'cache_dir' => '/var/cache/authentication_milter', | ||
- 'spool_dir' => '/var/spool/authentication_milter', | ||
- 'lib_dir' => '/var/lib/authentication_milter', | ||
+ 'cache_dir' => '%%CACHEDIR%%', | ||
+ 'spool_dir' => '%%SPOOLDIR%%', | ||
+ 'lib_dir' => '%%VARLIBDIR%%', | ||
'lock_file' => '', | ||
}; | ||
|
||
@@ -104,7 +104,7 @@ sub setup_config { | ||
else { | ||
if ( $EUID == 0 ) { | ||
# We are root, create in global space | ||
- $dir = '/var/'.$type.'/authentication_milter'; | ||
+ $dir = '/var/'.$type.'/auth_milter'; | ||
mkdir $dir if ! -e $dir; | ||
# Create the subdir for this IDENT | ||
$dir .= '/'.$safe_ident; | ||
@@ -119,7 +119,7 @@ sub setup_config { | ||
else { | ||
# We are a user! Create something in a temporary space | ||
$dir = join( '_', | ||
- '/tmp/authentication_milter', | ||
+ '/tmp/auth_milter', | ||
$type, | ||
$EUID, | ||
$safe_ident, |
11 changes: 11 additions & 0 deletions
11
...p5-Mail-Milter-Authentication/files/patch-lib_Mail_Milter_Authentication_Handler_DMARC.pm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
--- lib/Mail/Milter/Authentication/Handler/DMARC.pm.orig 2024-02-05 02:41:57 UTC | ||
+++ lib/Mail/Milter/Authentication/Handler/DMARC.pm | ||
@@ -26,7 +26,7 @@ sub default_config { | ||
'report_suppression_list' => 'rbl.example.com', | ||
'no_report' => 0, | ||
'hide_report_to' => 0, | ||
- 'config_file' => '/etc/mail-dmarc.ini', | ||
+ 'config_file' => '%%ETCDIR%%/mail-dmarc.ini', | ||
'no_reject_disposition' => 'quarantine', | ||
'no_list_reject_disposition' => 'none', | ||
'reject_on_multifrom' => 30, |
Oops, something went wrong.