From 567034c473c2ef777c999a4cf4cfb503884390f4 Mon Sep 17 00:00:00 2001 From: jakob Date: Mon, 31 Jul 2006 12:35:07 +0000 Subject: [PATCH] The dk-milter package is an open source implementation of the DomainKeys sender authentication system proposed by Yahoo!, Inc. --- mail/dk-milter/Makefile | 28 +++++++++ mail/dk-milter/distinfo | 4 ++ .../patches/patch-dk-filter_dk-filter_8 | 11 ++++ .../patches/patch-dk-filter_dk-filter_c | 33 +++++++++++ mail/dk-milter/pkg/DESCR | 2 + mail/dk-milter/pkg/MESSAGE | 57 +++++++++++++++++++ mail/dk-milter/pkg/PLIST | 7 +++ 7 files changed, 142 insertions(+) create mode 100644 mail/dk-milter/Makefile create mode 100644 mail/dk-milter/distinfo create mode 100644 mail/dk-milter/patches/patch-dk-filter_dk-filter_8 create mode 100644 mail/dk-milter/patches/patch-dk-filter_dk-filter_c create mode 100644 mail/dk-milter/pkg/DESCR create mode 100644 mail/dk-milter/pkg/MESSAGE create mode 100644 mail/dk-milter/pkg/PLIST diff --git a/mail/dk-milter/Makefile b/mail/dk-milter/Makefile new file mode 100644 index 00000000000..75839f3de8f --- /dev/null +++ b/mail/dk-milter/Makefile @@ -0,0 +1,28 @@ +# $OpenBSD: Makefile,v 1.1.1.1 2006/07/31 12:35:07 jakob Exp $ + +COMMENT= "DomainKeys milter" + +DISTNAME= dk-milter-0.4.1 +PKGNAME= ${DISTNAME} +CATEGORIES= mail +HOMEPAGE= http://sourceforge.net/projects/dk-milter/ + +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=dk-milter/} + +# sendmail open source license +PERMIT_PACKAGE_CDROM= Patent +PERMIT_PACKAGE_FTP= Yes +PERMIT_DISTFILES_CDROM= Patent +PERMIT_DISTFILES_FTP= Yes + +WANTLIB= c pthread milter + +EXAMPLESDIR= share/examples/dk-milter + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/obj.*/dk-filter/dk-filter ${PREFIX}/libexec + ${INSTALL_MAN} ${WRKSRC}/dk-filter/dk-filter.8 ${PREFIX}/man/man8 + ${INSTALL_DATA_DIR} ${PREFIX}/${EXAMPLESDIR} + ${INSTALL_DATA} ${WRKSRC}/dk-filter/gentxt.csh ${PREFIX}/${EXAMPLESDIR} + +.include diff --git a/mail/dk-milter/distinfo b/mail/dk-milter/distinfo new file mode 100644 index 00000000000..ffb5958e915 --- /dev/null +++ b/mail/dk-milter/distinfo @@ -0,0 +1,4 @@ +MD5 (dk-milter-0.4.1.tar.gz) = ec5f4fa17d53a2f39ebb0025caccabe0 +RMD160 (dk-milter-0.4.1.tar.gz) = fc75a6884b91466e97fd4830107baa43777f768b +SHA1 (dk-milter-0.4.1.tar.gz) = aec7e89dabe88fd277708bbb95bc02d48c305d79 +SIZE (dk-milter-0.4.1.tar.gz) = 313092 diff --git a/mail/dk-milter/patches/patch-dk-filter_dk-filter_8 b/mail/dk-milter/patches/patch-dk-filter_dk-filter_8 new file mode 100644 index 00000000000..16305e0d4d0 --- /dev/null +++ b/mail/dk-milter/patches/patch-dk-filter_dk-filter_8 @@ -0,0 +1,11 @@ +$OpenBSD: patch-dk-filter_dk-filter_8,v 1.1.1.1 2006/07/31 12:35:07 jakob Exp $ +--- dk-filter/dk-filter.8.orig Thu May 25 20:38:49 2006 ++++ dk-filter/dk-filter.8 Mon Jun 19 23:13:43 2006 +@@ -172,6 +172,7 @@ See also the NOTES section below. + Attempts to be come the specified + .I userid + before starting operations. ++The default is to change user to _dk-milter. + .TP + .I -U popdb + Requests that the filter consult a POP authentication database for IP diff --git a/mail/dk-milter/patches/patch-dk-filter_dk-filter_c b/mail/dk-milter/patches/patch-dk-filter_dk-filter_c new file mode 100644 index 00000000000..e6307dcc589 --- /dev/null +++ b/mail/dk-milter/patches/patch-dk-filter_dk-filter_c @@ -0,0 +1,33 @@ +$OpenBSD: patch-dk-filter_dk-filter_c,v 1.1.1.1 2006/07/31 12:35:07 jakob Exp $ +--- dk-filter/dk-filter.c.orig Fri May 19 23:42:05 2006 ++++ dk-filter/dk-filter.c Tue Jun 20 09:03:16 2006 +@@ -2782,7 +2782,7 @@ main(int argc, char **argv) + const char *args = CMDLINEOPTS; + FILE *f; + char *be = NULL; +- char *become = NULL; ++ char *become = "_dk-milter"; + char *domlist = NULL; + char *mtalist = NULL; + char *p; +@@ -3492,6 +3492,20 @@ main(int argc, char **argv) + } + + (void) endpwent(); ++ ++ if (setgid(pw->pw_gid) != 0) ++ { ++ if (dolog) ++ { ++ syslog(LOG_ERR, "setgid(): %s", ++ strerror(errno)); ++ } ++ ++ fprintf(stderr, "%s: setgid(): %s\n", progname, ++ strerror(errno)); ++ ++ return EX_NOPERM; ++ } + + if (setuid(pw->pw_uid) != 0) + { diff --git a/mail/dk-milter/pkg/DESCR b/mail/dk-milter/pkg/DESCR new file mode 100644 index 00000000000..d730335b7c3 --- /dev/null +++ b/mail/dk-milter/pkg/DESCR @@ -0,0 +1,2 @@ +The dk-milter package is an open source implementation of the DomainKeys +sender authentication system proposed by Yahoo!, Inc. diff --git a/mail/dk-milter/pkg/MESSAGE b/mail/dk-milter/pkg/MESSAGE new file mode 100644 index 00000000000..7efdbf350a4 --- /dev/null +++ b/mail/dk-milter/pkg/MESSAGE @@ -0,0 +1,57 @@ +(1) Configure sendmail: + (a) Choose a socket at which the MTA and the filter will rendezvous + (see the documentation in libmilter for details) + (b) Add a line like this example to your sendmail.mc using your desired + socket specification: + INPUT_MAIL_FILTER(`dk-filter', `S=inet:8891@localhost') + (c) Rebuild your sendmail.cf in the usual way + +(2) Choose a selector name. Current convention is to use the hostname + (hostname only, not the fully-qualified domain name) of the host that + will be providing the service, but you are free to choose any name you + wish, especially if you have a selector assignment scheme in mind. + +(3) Either: + (a) Run the script gentxt.csh. This will generate a public and private + key in PEM format and output a TXT record appropriate for insertion + into your DNS zone file. Insert it in your zone file and reload your + DNS system so the data is published. + -OR- + (b) Manually generate a public and private key: + (i) % openssl genrsa -out rsa.private 512 + (ii) % openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM + (iii) Add a TXT DNS record containing the base64 encoding of your public + key, which is everything between the BEGIN and END lines in the + rsa.public file generated above, with spaces and newlines removed. + It should be in this form: + + "g=; k=rsa; t=y; p=MFwwDQYJ...AwEAAQ==" + + ...using, of course, your own public key's base64 data. The name of + the TXT record should be SELECTOR._domainkey.example.com (where + "SELECTOR" is the name you chose and "example.com" is your domain + name). You might want to set a short TTL on this record. Reload + your nameserver so that the record gets published. For a translation + of the parameter and value pairs shown here, see the draft spec; + basically this just announces an RSA public key and also declares + that your site is using this key in test mode so nobody should take + any real action based on success or failure of the use of this key to + verify a message. + +(4) Store the private key in a safe place. We generally use a path like + /var/db/domainkeys/SELECTOR.key.pem (where "SELECTOR" is the name you + chose). + +(5) Start dk-filter. You will need at least the "-p" option. The current + recommended set of command line options is: + + -l -p SOCKETSPEC -d DOMAIN -s KEYPATH -S SELECTOR + + ...where SOCKETSPEC is the socket you told sendmail to use above, + DOMAIN is the domain or set of domains for which you want to sign + mail, KEYPATH is the path to the private key file you generated, and + SELECTOR is the selector name you picked. You can tack "-f" on there + if you want it to run in the foreground instead of in the background + as a daemon. + +(7) Restart sendmail. diff --git a/mail/dk-milter/pkg/PLIST b/mail/dk-milter/pkg/PLIST new file mode 100644 index 00000000000..27c86c51735 --- /dev/null +++ b/mail/dk-milter/pkg/PLIST @@ -0,0 +1,7 @@ +@comment $OpenBSD: PLIST,v 1.1.1.1 2006/07/31 12:35:07 jakob Exp $ +@newgroup _dk-milter:567 +@newuser _dk-milter:567:_dk-milter:daemon:dk-milter Account:/nonexistent:/sbin/nologin +libexec/dk-filter +@man man/man8/dk-filter.8 +share/examples/dk-milter/ +share/examples/dk-milter/gentxt.csh