- New port: mail/postfix-postfwd A postfix firewall policy daemon

The program uses the postfix policy delegation protocol to control access to
the mail system before a message has been accepted (please visit
http://www.postfix.org/SMTPD_POLICY_README.html for more information). It
allows you to choose an action (e.g. reject, dunno) for a combination of
several smtp parameters (like sender and recipient address, size or the
client's TLS fingerprint).

PR:		ports/123544
Submitted by:	Sahil Tandon <sahil at tandon.net>

5 files changed, 136 insertions, 0 deletions

diff --git a/mail/postfix-postfwd/Makefile b/mail/postfix-postfwd/Makefile
new file mode 100644
index 000000000000..f4239cb0bdbd
--- /dev/null
+++ b/mail/postfix-postfwd/Makefile
@@ -0,0 +1,53 @@
+# New ports collection makefile for:	postfwd
+# Date created:				8 May 2008
+# Whom:					Sahil Tandon <sahil@tandon.net>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	postfwd
+DISTVERSION=	1.10.7b
+CATEGORIES=	mail
+MASTER_SITES=	http://www.postfwd.org/old/
+PKGNAMEPREFIX=	postfix-
+DISTNAME=	postfwd-1.10pre7b
+
+MAINTAINER=	sahil@tandon.net
+COMMENT=	A postfix firewall policy daemon
+
+RUN_DEPENDS=	${SITE_PERL}/Net/DNS/Async.pm:${PORTSDIR}/dns/p5-Net-DNS-Async \
+		${SITE_PERL}/Net/CIDR/Lite.pm:${PORTSDIR}/net/p5-Net-CIDR-Lite \
+		${SITE_PERL}/IO/Multiplex.pm:${PORTSDIR}/devel/p5-IO-Multiplex
+
+PORTDOCS=	CHANGELOG postfwd.html postfwd.txt
+PORTEXAMPLES=	postfwd-rblcheck.pl request.sample
+PLIST_FILES=	bin/postfwd etc/postfwd.conf.sample
+
+SUB_FILES=	pkg-message
+
+USE_RC_SUBR=	postfwd
+USE_PERL5_RUN=	yes
+NO_BUILD=	yes
+
+MAN1=		postfwd.1
+
+.include <bsd.port.pre.mk>
+
+do-install:
+	@${INSTALL_SCRIPT} ${WRKSRC}/sbin/${PORTNAME} ${PREFIX}/bin/
+	@${INSTALL_DATA} ${WRKSRC}/etc/${PORTNAME}.cf ${PREFIX}/etc/${PORTNAME}.conf.sample
+	@${INSTALL_MAN} ${WRKSRC}/man/man1/${MAN1} ${MANPREFIX}/man/man1/
+
+post-install:
+.if !defined(NOPORTDOCS)
+	@${INSTALL} -d ${DOCSDIR}
+	@cd ${WRKSRC}/doc/ && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
+.endif
+.if !defined(NOPORTEXAMPLES)
+	@${INSTALL} -d ${EXAMPLESDIR}
+	@${INSTALL_DATA} ${WRKSRC}/bin/postfwd-rblcheck.pl ${EXAMPLESDIR}
+	@${INSTALL_DATA} ${WRKSRC}/tools/request.sample ${EXAMPLESDIR}
+.endif
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.post.mk>
diff --git a/mail/postfix-postfwd/distinfo b/mail/postfix-postfwd/distinfo
new file mode 100644
index 000000000000..8233fab3d557
--- /dev/null
+++ b/mail/postfix-postfwd/distinfo
@@ -0,0 +1,3 @@
+MD5 (postfwd-1.10pre7b.tar.gz) = 6ae4a3f7b7748ff20dc8ec915f76c4e9
+SHA256 (postfwd-1.10pre7b.tar.gz) = e8213518032061f6a85dcd54846f487d78e1f9886ef950dfc95456de1de0c70a
+SIZE (postfwd-1.10pre7b.tar.gz) = 81798
diff --git a/mail/postfix-postfwd/files/pkg-message.in b/mail/postfix-postfwd/files/pkg-message.in
new file mode 100644
index 000000000000..bf63e05ea004
--- /dev/null
+++ b/mail/postfix-postfwd/files/pkg-message.in
@@ -0,0 +1,27 @@
+*************
+* Start postfwd with:
+
+# %%PREFIX%%/bin/postfwd start
+
+* Integrate thusly in: %%PREFIX%%/etc/postfix/main.cf
+
+127.0.0.1:10040_time_limit   = 3600
+
+smtpd_recipient_restrictions = 
+	...
+	permit_mynetworks
+	...
+	reject_unauth_destination
+	reject_unauth_pipelining
+	check_policy_service inet:127.0.0.1:10040
+	...
+
+* NOTE: specify check_policy_service AFTER reject_unauth_destination
+* or else your system can become an open relay.
+*
+* CONFIGURATION:
+*
+* Create and edit %%PREFIX%%/etc/postfwd.conf
+* An example is provided in %%PREFIX%%/etc/postfwd.conf.sample
+*
+*************
diff --git a/mail/postfix-postfwd/files/postfwd.in b/mail/postfix-postfwd/files/postfwd.in
new file mode 100644
index 000000000000..1f8580c706cb
--- /dev/null
+++ b/mail/postfix-postfwd/files/postfwd.in
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+# PROVIDE: postfwd 
+# REQUIRE: LOGIN cleanvar
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# postfwd_enable (bool):   
+#	Set to "NO" by default.
+#               Set it to "YES" to enable postfwd.
+# postfwd_config (path):   Set to %%PREFIX%%/etc/postfwd.conf
+#               by default.
+#
+
+. %%RC_SUBR%%
+
+name=postfwd
+rcvar=${name}_enable
+
+command=%%PREFIX%%/bin/${name}
+required_files=%%PREFIX%%/etc/${name}.conf
+pidfile="/var/run/${name}.pid"
+
+stop_postcmd=stop_postcmd
+
+stop_postcmd()
+{
+  rm -f $pidfile
+}
+
+load_rc_config "$name"
+
+case "$postfwd_enable" in
+    [Yy][Ee][Ss] | 1 | [Oo][Nn] | [Tt][Rr][Uu][Ee]) ;;
+    *) echo "To make use of $name you must first set $rcvar=\"YES\" in /etc/rc.conf" ;;
+esac
+
+: ${postfwd_enable="NO"}
+: ${postfwd_config="%%PREFIX%%/etc/${name}.conf"}
+
+command_args="-d -f ${required_files} -i 127.0.0.1 -p 10040 -u nobody -g nobody -S"
+
+run_rc_command "$1"
diff --git a/mail/postfix-postfwd/pkg-descr b/mail/postfix-postfwd/pkg-descr
new file mode 100644
index 000000000000..102e38ecd39d
--- /dev/null
+++ b/mail/postfix-postfwd/pkg-descr
@@ -0,0 +1,8 @@
+The program uses the postfix policy delegation protocol to control access to 
+the mail system before a message has been accepted (please visit 
+http://www.postfix.org/SMTPD_POLICY_README.html for more information). It 
+allows you to choose an action (e.g. reject, dunno) for a combination of 
+several smtp parameters (like sender and recipient address, size or the 
+client's TLS fingerprint).
+
+WWW:	http://www.postfwd.org/