mail/postfix35 add new port

Postfix 3.6 requires minimum OpenSSL 1.1.1,
this port is an alternative for FreeBSD 11 users using
'OpenSSL base' and will be removed if FreeBSD 11 is EoL

10 files changed, 461 insertions, 0 deletions

diff --git a/mail/postfix35/files/extra-patch-blacklistd b/mail/postfix35/files/extra-patch-blacklistd
new file mode 100644
index 000000000000..a9448d978c7d
--- /dev/null
+++ b/mail/postfix35/files/extra-patch-blacklistd
@@ -0,0 +1,69 @@
+# PR 225664: support blacklistd on FreeBSD >= 11.0
+#
+--- src/smtpd/Makefile.in.orig	2017-02-05 23:36:32 UTC
++++ src/smtpd/Makefile.in
+@@ -2,14 +2,14 @@ SHELL	= /bin/sh
+ SRCS	= smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.c smtpd_state.c \
+ 	smtpd_peer.c smtpd_sasl_proto.c smtpd_sasl_glue.c smtpd_proxy.c \
+ 	smtpd_xforward.c smtpd_dsn_fix.c smtpd_milter.c smtpd_resolve.c \
+-	smtpd_expand.c smtpd_haproxy.c
++	smtpd_expand.c smtpd_haproxy.c pfilter.c
+ OBJS	= smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o \
+ 	smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o \
+ 	smtpd_xforward.o smtpd_dsn_fix.o smtpd_milter.o smtpd_resolve.o \
+-	smtpd_expand.o smtpd_haproxy.o
++	smtpd_expand.o smtpd_haproxy.o pfilter.o
+ HDRS	= smtpd_token.h smtpd_check.h smtpd_chat.h smtpd_sasl_proto.h \
+ 	smtpd_sasl_glue.h smtpd_proxy.h smtpd_dsn_fix.h smtpd_milter.h \
+-	smtpd_resolve.h smtpd_expand.h
++	smtpd_resolve.h smtpd_expand.h pfilter.h
+ TESTSRC	= smtpd_token_test.c
+ DEFS	= -I. -I$(INC_DIR) -D$(SYSTYPE)
+ CFLAGS	= $(DEBUG) $(OPT) $(DEFS)
+--- src/smtpd/smtpd_sasl_glue.c.orig	2017-02-19 01:58:21 UTC
++++ src/smtpd/smtpd_sasl_glue.c
+@@ -147,6 +147,7 @@
+ #include "smtpd.h"
+ #include "smtpd_sasl_glue.h"
+ #include "smtpd_chat.h"
++#include "pfilter.h" /* for blacklistd(8) */
+ 
+ #ifdef USE_SASL_AUTH
+ 
+@@ -332,6 +333,10 @@ int     smtpd_sasl_authenticate(SMTPD_ST
+ 	else
+ 	    smtpd_chat_reply(state, "535 5.7.8 Error: authentication failed: %s",
+ 			     STR(state->sasl_reply));
++
++
++	/* notify blacklistd of SASL authentication failure */
++	pfilter_notify(1, vstream_fileno(state->client));
+ 	return (-1);
+     }
+     /* RFC 4954 Section 6. */
+--- src/smtpd/pfilter.h.orig	2018-02-04 15:36:49 UTC
++++ src/smtpd/pfilter.h
+@@ -0,0 +1 @@
++void pfilter_notify(int, int);
+--- src/smtpd/pfilter.c.orig	2018-02-04 15:36:49 UTC
++++ src/smtpd/pfilter.c
+@@ -0,0 +1,19 @@
++#include "pfilter.h"
++#include <stdio.h>	/* for NULL */
++#include <blacklist.h>
++
++static struct blacklist *blstate;
++
++void
++pfilter_notify(int a, int fd)
++{
++	if (blstate == NULL)
++		blstate = blacklist_open();
++	if (blstate == NULL)
++		return;
++	(void)blacklist_r(blstate, a, fd, "smtpd");
++	if (a == 0) {
++		blacklist_close(blstate);
++		blstate = NULL;
++	}
++}
diff --git a/mail/postfix35/files/mailer.conf.postfix.in b/mail/postfix35/files/mailer.conf.postfix.in
new file mode 100644
index 000000000000..08f2b2c00f35
--- /dev/null
+++ b/mail/postfix35/files/mailer.conf.postfix.in
@@ -0,0 +1,7 @@
+#
+# Execute the Postfix sendmail program, named %%PREFIX%%/sbin/sendmail
+#
+sendmail	%%PREFIX%%/sbin/sendmail
+send-mail	%%PREFIX%%/sbin/sendmail
+mailq		%%PREFIX%%/sbin/sendmail
+newaliases	%%PREFIX%%/sbin/sendmail
diff --git a/mail/postfix35/files/patch-makedefs b/mail/postfix35/files/patch-makedefs
new file mode 100644
index 000000000000..f688b8ab7338
--- /dev/null
+++ b/mail/postfix35/files/patch-makedefs
@@ -0,0 +1,45 @@
+--- makedefs.orig	2021-01-16 15:10:00 UTC
++++ makedefs
+@@ -298,6 +298,42 @@ case "$SYSTEM.$RELEASE" in
+ 		: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
+ 		: ${PLUGIN_LD="${CC} -shared"}
+ 		;;
++  FreeBSD.11*)	SYSTYPE=FREEBSD11
++		: ${CC=cc}
++		: ${SHLIB_SUFFIX=.so}
++		: ${SHLIB_CFLAGS=-fPIC}
++		: ${SHLIB_LD="${CC} -shared"' -Wl,-soname,${LIB}'}
++		: ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'}
++		: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
++		: ${PLUGIN_LD="${CC} -shared"}
++		;;
++  FreeBSD.12*)	SYSTYPE=FREEBSD12
++		: ${CC=cc}
++		: ${SHLIB_SUFFIX=.so}
++		: ${SHLIB_CFLAGS=-fPIC}
++		: ${SHLIB_LD="${CC} -shared"' -Wl,-soname,${LIB}'}
++		: ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'}
++		: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
++		: ${PLUGIN_LD="${CC} -shared"}
++		;;
++  FreeBSD.13*)	SYSTYPE=FREEBSD13
++		: ${CC=cc}
++		: ${SHLIB_SUFFIX=.so}
++		: ${SHLIB_CFLAGS=-fPIC}
++		: ${SHLIB_LD="${CC} -shared"' -Wl,-soname,${LIB}'}
++		: ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'}
++		: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
++		: ${PLUGIN_LD="${CC} -shared"}
++		;;
++  FreeBSD.14*)	SYSTYPE=FREEBSD14
++		: ${CC=cc}
++		: ${SHLIB_SUFFIX=.so}
++		: ${SHLIB_CFLAGS=-fPIC}
++		: ${SHLIB_LD="${CC} -shared"' -Wl,-soname,${LIB}'}
++		: ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'}
++		: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
++		: ${PLUGIN_LD="${CC} -shared"}
++		;;
+  DragonFly.*)	SYSTYPE=DRAGONFLY
+ 		;;
+   OpenBSD.2*)	SYSTYPE=OPENBSD2
diff --git a/mail/postfix35/files/patch-src_posttls-finger_posttls-finger.c b/mail/postfix35/files/patch-src_posttls-finger_posttls-finger.c
new file mode 100644
index 000000000000..fdece6346ca5
--- /dev/null
+++ b/mail/postfix35/files/patch-src_posttls-finger_posttls-finger.c
@@ -0,0 +1,22 @@
+--- src/posttls-finger/posttls-finger.c.orig	2019-02-12 13:17:45 UTC
++++ src/posttls-finger/posttls-finger.c
+@@ -1673,7 +1673,8 @@ static int finger(STATE *state)
+     return (0);
+ }
+ 
+-#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L
++#if defined(USE_TLS) && \
++    ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) )
+ 
+ /* ssl_cleanup - free memory allocated in the OpenSSL library */
+ 
+@@ -2156,7 +2157,8 @@ int     main(int argc, char *argv[])
+     cleanup(&state);
+ 
+     /* OpenSSL 1.1.0 and later (de)initialization is implicit */
+-#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L
++#if defined(USE_TLS) && \
++    ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) )
+     ssl_cleanup();
+ #endif
+ 
diff --git a/mail/postfix35/files/patch-src_tls_tls__certkey.c b/mail/postfix35/files/patch-src_tls_tls__certkey.c
new file mode 100644
index 000000000000..b34b8efd2be6
--- /dev/null
+++ b/mail/postfix35/files/patch-src_tls_tls__certkey.c
@@ -0,0 +1,11 @@
+--- src/tls/tls_certkey.c.orig	2019-03-07 23:57:10 UTC
++++ src/tls/tls_certkey.c
+@@ -144,7 +144,7 @@ static void init_pem_load_state(pem_load
+ 
+ /* use_chain - load cert, key and chain into ctx or ssl */
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x1010100fUL
++#if OPENSSL_VERSION_NUMBER >= 0x1010100fUL && !defined(LIBRESSL_VERSION_NUMBER)
+ static int use_chain(pem_load_state_t *st)
+ {
+     int     ret;
diff --git a/mail/postfix35/files/patch-src_tls_tls__server.c b/mail/postfix35/files/patch-src_tls_tls__server.c
new file mode 100644
index 000000000000..92115aa16679
--- /dev/null
+++ b/mail/postfix35/files/patch-src_tls_tls__server.c
@@ -0,0 +1,12 @@
+--- src/tls/tls_server.c.orig	2019-02-18 23:03:54 UTC
++++ src/tls/tls_server.c
+@@ -518,7 +518,9 @@ TLS_APPL_STATE *tls_server_init(const TL
+ 	 * ticket decryption callback already (since 2.11) asks OpenSSL to
+ 	 * avoid issuing new tickets when the presented ticket is re-usable.
+ 	 */
++#ifndef LIBRESSL_VERSION_NUMBER
+ 	SSL_CTX_set_num_tickets(server_ctx, 1);
++#endif
+     }
+ #endif
+     if (!ticketable)
diff --git a/mail/postfix35/files/patch-src_util_sys__defs.h b/mail/postfix35/files/patch-src_util_sys__defs.h
new file mode 100644
index 000000000000..a31dfd4c24d5
--- /dev/null
+++ b/mail/postfix35/files/patch-src_util_sys__defs.h
@@ -0,0 +1,12 @@
+--- src/util/sys_defs.h.orig	2019-10-13 15:32:18 UTC
++++ src/util/sys_defs.h
+@@ -30,7 +30,8 @@
+ #if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
+     || defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7) \
+     || defined(FREEBSD8) || defined(FREEBSD9) || defined(FREEBSD10) \
+-    || defined(FREEBSD11) \
++    || defined(FREEBSD11) || defined(FREEBSD12) || defined(FREEBSD13) \
++    || defined(FREEBSD14) \
+     || defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \
+     || defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \
+     || defined(OPENBSD5) || defined(OPENBSD6) \
diff --git a/mail/postfix35/files/pkg-install.in b/mail/postfix35/files/pkg-install.in
new file mode 100644
index 000000000000..0b7e47cfe011
--- /dev/null
+++ b/mail/postfix35/files/pkg-install.in
@@ -0,0 +1,189 @@
+#!/bin/sh
+
+# If the POSTFIX_DEFAULT_MTA environment variable is set to YES, it
+# will make the port/package use defaults which make postfix replace
+# sendmail as much as possible.
+
+# allowed vars during package installation
+BATCH=${BATCH:=no}
+POSTFIX_DEFAULT_MTA=${POSTFIX_DEFAULT_MTA:=no}
+
+# fixed vars
+PREFIX="%%PREFIX%%"
+ETCDIR="%%ETCDIR%%"
+DAEMONDIR="%%DAEMONDIR%%"
+META_DIRECTORY="%%META_DIRECTORY%%"
+READMEDIR="%%READMEDIR%%"
+MC_TEMPLATE="%%DATADIR%%/mailer.conf.postfix"
+
+# FreeBSD <= 10.3
+MC_BASE="/etc/mail/mailer.conf"
+# FreeBSD >= 10.3 (and current)
+MC_LOCALBASE="%%LOCALBASE%%/etc/mail/mailer.conf"
+USE_LOCALBASE_MAILER_CONF="%%USE_LOCALBASE_MAILER_CONF%%"
+
+if [ "${POSTFIX_DEFAULT_MTA}" = "no" ]; then
+      DEFAULT_REPLACE_MAILERCONF=n
+else
+      DEFAULT_REPLACE_MAILERCONF=y
+fi
+
+ask() {
+      local question default answer
+
+      question=$1
+      default=$2
+      if [ -z "${PACKAGE_BUILDING}" -a "${BATCH}" = "no" ]; then
+	      read -p "${question} [${default}]? " answer
+      fi
+      if [ -z "${answer}" ]; then
+	      answer=${default}
+      fi
+      echo ${answer}
+}
+
+yesno() {
+      local question default answer
+
+      question=$1
+      default=$2
+      while :; do
+	      answer=$(ask "${question}" "${default}")
+	      case "${answer}" in
+		      [Yy]*)	return 0;;
+		      [Nn]*)	return 1;;
+	      esac
+	      echo "Please answer yes or no."
+      done
+}
+
+# ==============================================================================
+# Respect POSTFIX_DEFAULT_MTA, do not ask for confirmation!
+# (This helps tools like salt, ansible or puppet on new installations)
+# ==============================================================================
+install_choise(){
+	local mailerconf
+	mailerconf=$1
+
+	if [ "${DEFAULT_REPLACE_MAILERCONF}" = "y" ]; then
+		install_mailer_conf ${mailerconf}
+	elif [ "${DEFAULT_REPLACE_MAILERCONF}" = "n" -a -t 0 ]; then
+		if yesno "Would you like to activate Postfix in ${mailerconf}" ${DEFAULT_REPLACE_MAILERCONF:="n"}; then
+			install_mailer_conf ${mailerconf}
+		else
+			show_not_activated_msg ${mailerconf}
+		fi
+	else
+		show_not_activated_msg ${mailerconf}
+	fi
+}
+
+show_not_activated_msg() {
+	local mailerconf
+
+	mailerconf=$1
+	echo
+	echo "==============================================================="
+	echo "Postfix was *not* activated in ${mailerconf}! "
+	echo
+	echo "To finish installation run the following commands:"
+	echo
+	if [ "${USE_LOCALBASE_MAILER_CONF}" = "yes" ]; then
+		echo "  mkdir -p %%LOCALBASE%%/etc/mail"
+	else
+		echo "  mv -f ${mailerconf} ${mailerconf}.old"
+	fi
+	echo "  install -m 0644 ${MC_TEMPLATE} ${mailerconf}"
+	echo "==============================================================="
+	echo
+}
+
+show_activated_msg() {
+	local mailerconf
+
+	mailerconf=$1
+	echo "==============================================================="
+	echo "Postfix already activated in ${mailerconf}"
+	echo "==============================================================="
+}
+
+cmp_mailer() {
+	local mailerconf
+
+	mailerconf=$1
+	cmp -s ${mailerconf} ${MC_TEMPLATE}
+	return $?
+}
+
+install_mailer_conf() {
+	local mailerconf
+
+	mailerconf=$1
+	echo "Activate Postfix in ${mailerconf}"
+	if [ "${USE_LOCALBASE_MAILER_CONF}" = "yes" ]; then
+		[ -d %%LOCALBASE%%/etc/mail ] || mkdir -p %%LOCALBASE%%/etc/mail
+	fi
+	[ -f ${mailerconf} ] && mv -f ${mailerconf} ${mailerconf}.old
+	install -m 644 ${MC_TEMPLATE} ${mailerconf}
+}
+
+# ==============================================================================
+# Run postfix reload
+# This is a candidate for a dedicated pkg-post-upgrade script, but it seems
+# this not fully implemented in pkg :(see upstream PR 941)
+# ==============================================================================
+try_reload(){
+	${PREFIX}/sbin/postfix status 2>/dev/null
+if [ $? -eq 0 ]; then
+	${PREFIX}/sbin/postfix reload
+else
+	echo "postfix not running"
+fi
+}
+
+# ==============================================================================
+# Run postfix post-install to fix permissions and new config values
+# ==============================================================================
+if [ "$2" = "POST-INSTALL" ]; then
+	/bin/sh ${DAEMONDIR}/post-install tempdir=/tmp \
+	 daemon_directory=${DAEMONDIR} \
+ 	 meta_directory=${META_DIRECTORY} \
+	 html_directory=${READMEDIR} \
+	 readme_directory=${READMEDIR} \
+	 upgrade-package
+fi
+
+# ==============================================================================
+# If FreeBSD <= 10.2 is deprecated check only LOCALBASE and remove BASE checks,
+# regardless if installed in BASE or LOCALBASE
+# Iff postfix is activated in BASE, also activate postfix in LOCALBASE!
+# ==============================================================================
+if [ "$2" = "POST-INSTALL" -a -z "${PACKAGE_BUILDING}" ]; then
+if [ -f "${MC_BASE}" ]; then
+	if [ "${USE_LOCALBASE_MAILER_CONF}" = "yes" ]; then
+		cmp_mailer ${MC_BASE}
+		if [ $? -eq 0 ]; then
+			show_activated_msg ${MC_BASE}
+			cmp_mailer ${MC_LOCALBASE} || install_mailer_conf ${MC_LOCALBASE}
+			try_reload
+		else
+			cmp_mailer ${MC_LOCALBASE} || install_choise ${MC_LOCALBASE}
+		fi
+	else
+		cmp_mailer ${MC_BASE}
+		if [ $? -ne 0 ]; then
+			install_choise ${MC_BASE}
+		else
+			show_activated_msg ${MC_BASE}
+			try_reload
+		fi
+	fi
+
+else
+	if [ "${USE_LOCALBASE_MAILER_CONF}" = "yes" ]; then
+		show_not_activated_msg ${MC_LOCALBASE}
+	else
+		show_not_activated_msg ${MC_BASE}
+	fi
+fi # -f "${MC_BASE}"
+fi # "$2" = "POST-INSTALL" -a -z "${PACKAGE_BUILDING}" 
diff --git a/mail/postfix35/files/pkg-message.in b/mail/postfix35/files/pkg-message.in
new file mode 100644
index 000000000000..44a62a9e6f4e
--- /dev/null
+++ b/mail/postfix35/files/pkg-message.in
@@ -0,0 +1,44 @@
+[
+{
+  type: install
+  message: <<EOM
+To use postfix instead of sendmail:
+  - clear sendmail queue and stop the sendmail daemons
+
+Run the following commands to enable postfix during startup:
+  - sysrc postfix_enable="YES"
+  - sysrc sendmail_enable="NONE"
+
+If postfix is *not* already activated in %%MC_PREFIX%%/etc/mail/mailer.conf
+  - mv %%MC_PREFIX%%/etc/mail/mailer.conf %%MC_PREFIX%%/etc/mail/mailer.conf.old
+  - install -m 0644 %%DATADIR%%/mailer.conf.postfix %%MC_PREFIX%%/etc/mail/mailer.conf
+
+Disable sendmail(8) specific tasks,
+add the following lines to /etc/periodic.conf(.local):
+  daily_clean_hoststat_enable="NO"
+  daily_status_mail_rejects_enable="NO"
+  daily_status_include_submit_mailq="NO"
+  daily_submit_queuerun="NO"
+
+If you are using SASL, you need to make sure that postfix has access to read
+the sasldb file.  This is accomplished by adding postfix to group mail and
+making the %%PREFIX%%/etc/sasldb* file(s) readable by group mail (this should
+be the default for new installs).
+EOM
+}
+{
+  type: upgrade
+  message: <<EOM
+If you are upgrading from prior postfix version, please see the README
+files for recommended changes to your configuration and additional
+http://www.postfix.org/COMPATIBILITY_README.html
+EOM
+}
+{
+  type: remove
+  message: <<EOM
+If you remove postfix permanent, adjust / remove the the following file:
+  - %%MC_PREFIX%%/etc/mail/mailer.conf
+EOM
+}
+]
diff --git a/mail/postfix35/files/postfix.in b/mail/postfix35/files/postfix.in
new file mode 100644
index 000000000000..597da191fd16
--- /dev/null
+++ b/mail/postfix35/files/postfix.in
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+# PROVIDE: postfix mail
+# REQUIRE: %%REQUIRE%%
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf to enable postfix:
+# postfix_enable (bool):	Set it to "YES" to enable postfix.
+#				Default is "NO".
+# postfix_pidfile (path):	Set full path to master.pid.
+#				Default is "/var/spool/postfix/pid/master.pid".
+# postfix_procname (command):	Set command that start master. Used to verify if
+#				postfix is running.
+#				Default is "%%PREFIX%%/libexec/postfix/master".
+# postfix_flags (str):		Flags passed to postfix-script on startup.
+#				Default is "".
+#
+
+. /etc/rc.subr
+
+name="postfix"
+rcvar=postfix_enable
+
+load_rc_config $name
+
+: ${postfix_enable:="NO"}
+: ${postfix_pidfile:="/var/spool/postfix/pid/master.pid"}
+: ${postfix_procname:="%%PREFIX%%/libexec/postfix/master"}
+
+start_cmd=${name}_start
+stop_cmd=${name}_stop
+extra_commands="reload"
+reload_cmd="${name}_reload"
+
+pidfile=${postfix_pidfile}
+procname=${postfix_procname}
+
+postfix_start() {
+	%%PREFIX%%/sbin/postfix ${postfix_flags} start
+}
+
+postfix_stop() {
+	%%PREFIX%%/sbin/postfix ${postfix_flags} stop
+}
+
+postfix_reload() {
+	%%PREFIX%%/sbin/postfix ${postfix_flags} reload
+}
+
+run_rc_command "$1"