cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to version 0.5

Browse Source 
Changelist:
- Add support for ed25519. This currently requires openssl1.1 libcrypto and
  is thus only enabled in an ed25519 flavor of the package.
  Lots of help from tb@ and sthen@
- Fix error handling in a couple of places
- Fix an initialization issue
  Spotted by Maarten de Vries <maarten <at> de-vri <dot> es>
- Fix a couple of signedness warnings
- Allow filter-dkimsign to be build on Debian (not relevant for OpenBSD)
  With Ryan Kavanagh <rak <at> debian <dot> org>

Looks OK to jasper@ sthen@
This commit is contained in:
martijn 2021-06-10 10:58:51 +00:00
parent b47237aa85
commit 5480ba5c0b
3 changed files with 47 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
mail/opensmtpd-filters/dkimsign/Makefile
View File

@ -1,11 +1,14 @@
# $OpenBSD: Makefile,v 1.7 2021/03/30 12:32:53 martijn Exp $
# $OpenBSD: Makefile,v 1.8 2021/06/10 10:58:51 martijn Exp $
COMMENT= dkim signer integration to the OpenSMTPD daemon
V= 0.4
V= 0.5
FILTER_NAME = dkimsign
DISTNAME = filter-dkimsign-${V}
FLAVORS = ed25519
FLAVOR ?=
CATEGORIES= mail
HOMEPAGE= http://imperialat.at/dev/filter-dkimsign
@ -19,8 +22,18 @@ LIB_DEPENDS= mail/opensmtpd-filters/libopensmtpd
# ISC
PERMIT_PACKAGE= Yes
WANTLIB= c crypto opensmtpd
WANTLIB= c opensmtpd
NO_TEST= Yes
MAKE_FLAGS= CC="${CC}"
.if ${FLAVOR:Med25519}
MAKE_ENV+= HAVE_ED25519=1
MAKE_ENV+= LIBCRYPTOPC=libecrypto11
LIB_DEPENDS+= security/openssl/1.1
WANTLIB+= lib/eopenssl11/crypto
.else
WANTLIB+= crypto
.endif
.include <bsd.port.mk>

4
mail/opensmtpd-filters/dkimsign/distinfo
View File

@ -1,2 +1,2 @@
SHA256 (filter-dkimsign-0.4.tar.gz) = p59JVCMdHJT1badrfVtEWyTiOWgGjanxwxoHiO6nUSU=
SIZE (filter-dkimsign-0.4.tar.gz) = 9468
SHA256 (filter-dkimsign-0.5.tar.gz) = pbTsOvXstCNRoLVFm90PMsAOxVwjBQtfRt+u2OMhl0s=
SIZE (filter-dkimsign-0.5.tar.gz) = 23709

36
mail/opensmtpd-filters/dkimsign/pkg/README
View File

@ -1,15 +1,16 @@
$OpenBSD: README,v 1.1 2019/09/23 19:24:45 martijn Exp $
$OpenBSD: README,v 1.2 2021/06/10 10:58:51 martijn Exp $
+-----------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-----------------------------------------------------------------------
To use filter-dkimsign, you must first generate a key:
To use filter-dkimsign, you must first generate a private key:
doas -u _dkimsign openssl genrsa -out ${SYSCONFDIR}/mail/dkim/private.key 2048
doas -u _dkimsign openssl genrsa -out ${SYSCONFDIR}/mail/dkim/private.rsa.key 2048
To generate the public ready for dns:
openssl rsa -in ${SYSCONFDIR}/mail/dkim/private.key -pubout | \
To generate the public key ready for dns:
openssl rsa -in ${SYSCONFDIR}/mail/dkim/private.rsa.key -pubout | \
sed '1s/.*/v=DKIM1;p=/;:nl;${s/-----.*//;q;};N;s/\n//g;b nl;'
This value needs to be placed in a DNS txt record with the following syntax:
@ -17,10 +18,31 @@ This value needs to be placed in a DNS txt record with the following syntax:
Edit the /etc/mail/smtpd.conf file to declare the filter:
filter "dkimsign" proc-exec "filter-dkimsign -d <domain> -s <selector> -k ${SYSCONFDIR}/mail/dkim/private.key" user _dkimsign group _dkimsign
filter dkimsign_rsa proc-exec "filter-dkimsign -d <domain> -s <selector> -k ${SYSCONFDIR}/mail/dkim/private.rsa.key" user _dkimsign group _dkimsign
Then add the filter to each listener that should be signed:
listen on all filter "dkimsign"
listen on all filter dkimsign_rsa
To use Ed25519 similar steps must be taken.
Make sure the ed25519 flavor of opensmtpd-filter-dkimsign is installed.
To generate the private key:
doas -u _dkimsign eopenssl11 genpkey -algorithm ed25519 -outform PEM -out ${SYSCONFDIR}/mail/dkim/private.ed25519.key
To generate the public key ready for dns:
printf "v=DKIM1;k=ed25519;p=%s" "$(eopenssl11 pkey -outform DER -pubout -in ${SYSCONFDIR}/mail/dkim/private.ed25519.key | tail -c +13 | openssl base64)"
Edit the /etc/mail/smtpd.conf file to declare the filter:
filter dkimsign_ed25519 proc-exec "filter-dkimsign -a ed25519-sha256 -d <domain> -s <selector> -k ${SYSCONFDIR}/mail/dkim/private.ed25519.key" user _dkimsign group _dkimsign
To add both filters to each listener that should be signed:
filter dkimsign chain { dkimsign_rsa, dkimsign_ed25519 }
listen on all filter dkimsign
For a full list of options see filter-dkimsign(8).