forked from gentoo/gentoo
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
mail-mta/netqmail: avoid ANY DNS queries
Closes: https://bugs.gentoo.org/701476 Signed-off-by: Rolf Eike Beer <[email protected]> Closes: gentoo#13816 Signed-off-by: Joonas Niilola <[email protected]>
- Loading branch information
Showing
2 changed files
with
273 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
From b05ec6cbdacdf40d6c75326394461e22b7f8ab20 Mon Sep 17 00:00:00 2001 | ||
From: Jonathan de Boyne Pollard <[email protected]> | ||
Date: Fri, 12 Jul 2019 23:34:52 -0600 | ||
Subject: [PATCH] Apply Jonathan de Boyne Pollard's any-to-cname patch. | ||
|
||
modifies the behaviour of qmail-remote to remove the workaround | ||
that Dan Bernstein added on 1996-10-03 to work around a bug in | ||
BIND versions earlier than version 4.9.4. | ||
|
||
Applying this patch incurs a risk, but yields a benefit. It is | ||
published in order to allow others to experiment with removing | ||
the workaround. | ||
|
||
The risk is twofold: | ||
|
||
* qmail-remote will not be able to relay any mail if one's own | ||
proxy DNS server is such a version of BIND. This is trivially | ||
overcome by replacing such an old version of BIND either with a | ||
new version of BIND that doesn't have the problem or with some | ||
other proxy DNS server software entirely (such as dnscache). | ||
|
||
* qmail-remote will not be able to relay mail to domains whose | ||
content DNS servers use such versions of BIND, because the | ||
"CNAME" resource record lookup will fail. To gauge the level of | ||
this risk, notice that Dan's own 2002-12-17 survey of content DNS | ||
servers reports a mere 2% of the "*.com." content DNS servers as | ||
employing BIND version 4 (but doesn't report how many of that 2% | ||
employ BIND 4 versions earlier than 4.9.4). | ||
|
||
The benefit of this patch is that it reduces DNS query traffic | ||
and proxy DNS server cache load. | ||
|
||
* Without it, qmail-remote issues "ANY" queries. Some proxy DNS | ||
server softwares (albeit not dnscache) pass such queries through | ||
directly to the back end, meaning that every query issued by | ||
qmail-remote will result in a back-end query to a content DNS | ||
server, no matter if the necessary information is already cached. | ||
Moreover: The results of such a query, which are often a large | ||
collection of resource record sets of various types, are cached | ||
in the proxy DNS server's cache, even though almost none of them | ||
will be used. A caching proxy DNS server dedicated to serving | ||
qmail will end up with all sorts of cruft in its cache that isn't | ||
actually relevant to mail transportation, taking up space that | ||
could be better put to use caching those resource record sets | ||
that are relevant. | ||
|
||
* With it, qmail-remote issues "CNAME" queries. All of the mainstream | ||
proxy DNS server softwares in popular use (apart from dnscache, | ||
because it has problems in this regard) don't pass such queries | ||
directly through, and will answer them from their caches without | ||
issuing a back-end query at all if the data are already there and | ||
still current. Moreover: A caching proxy DNS server dedicated to | ||
serving qmail will not have its cache cluttered with irrelevant | ||
data. | ||
--- | ||
dns.c | 2 +- | ||
1 file changed, 1 insertion(+), 1 deletion(-) | ||
|
||
diff --git a/dns.c b/dns.c | ||
index 44db25b..77e4ff7 100644 | ||
--- a/dns.c | ||
+++ b/dns.c | ||
@@ -197,7 +197,7 @@ stralloc *sa; | ||
if (!sa->len) return loop; | ||
if (sa->s[sa->len - 1] == ']') return loop; | ||
if (sa->s[sa->len - 1] == '.') { --sa->len; continue; } | ||
- switch(resolve(sa,T_ANY)) | ||
+ switch(resolve(sa,T_CNAME)) | ||
{ | ||
case DNS_MEM: return DNS_MEM; | ||
case DNS_SOFT: return DNS_SOFT; | ||
-- | ||
2.16.4 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,199 @@ | ||
# Copyright 1999-2019 Gentoo Authors | ||
# Distributed under the terms of the GNU General Public License v2 | ||
|
||
EAPI=7 | ||
|
||
GENQMAIL_PV=20191010 | ||
QMAIL_SPP_PV=0.42 | ||
|
||
QMAIL_TLS_PV=20190114 | ||
QMAIL_TLS_F=${PN}-1.05-tls-smtpauth-${QMAIL_TLS_PV}.patch | ||
QMAIL_TLS_CVE=vu555316.patch | ||
|
||
QMAIL_BIGTODO_PV=103 | ||
QMAIL_BIGTODO_F=big-todo.${QMAIL_BIGTODO_PV}.patch | ||
|
||
QMAIL_LARGE_DNS='qmail-103.patch' | ||
|
||
QMAIL_SMTPUTF8='qmail-smtputf8.patch' | ||
|
||
inherit qmail | ||
|
||
DESCRIPTION="qmail -- a secure, reliable, efficient, simple message transfer agent" | ||
HOMEPAGE=" | ||
http://netqmail.org | ||
https://cr.yp.to/qmail.html | ||
http://qmail.org | ||
" | ||
SRC_URI="mirror://qmail/${P}.tar.gz | ||
https://github.com/DerDakon/genqmail/releases/download/genqmail-${GENQMAIL_PV}/${GENQMAIL_F} | ||
https://www.ckdhr.com/ckd/${QMAIL_LARGE_DNS} | ||
!vanilla? ( | ||
highvolume? ( mirror://qmail/${QMAIL_BIGTODO_F} ) | ||
qmail-spp? ( mirror://sourceforge/qmail-spp/${QMAIL_SPP_F} ) | ||
ssl? ( | ||
https://mirror.alexh.name/qmail/netqmail/${QMAIL_TLS_F} | ||
http://inoa.net/qmail-tls/${QMAIL_TLS_CVE} | ||
https://arnt.gulbrandsen.priv.no/qmail/qmail-smtputf8.patch | ||
) | ||
) | ||
" | ||
|
||
LICENSE="public-domain" | ||
SLOT="0" | ||
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86" | ||
IUSE="authcram gencertdaily highvolume libressl pop3 qmail-spp ssl vanilla" | ||
REQUIRED_USE="vanilla? ( !ssl !qmail-spp !highvolume )" | ||
RESTRICT="test" | ||
|
||
DEPEND=" | ||
acct-group/nofiles | ||
acct-group/qmail | ||
acct-user/alias | ||
acct-user/qmaild | ||
acct-user/qmaill | ||
acct-user/qmailp | ||
acct-user/qmailq | ||
acct-user/qmailr | ||
acct-user/qmails | ||
net-dns/libidn2 | ||
net-mail/queue-repair | ||
sys-apps/gentoo-functions | ||
sys-apps/groff | ||
ssl? ( | ||
!libressl? ( >=dev-libs/openssl-1.1:0= ) | ||
libressl? ( dev-libs/libressl:= ) | ||
) | ||
" | ||
RDEPEND="${DEPEND} | ||
sys-apps/ucspi-tcp | ||
virtual/checkpassword | ||
virtual/daemontools | ||
authcram? ( >=net-mail/cmd5checkpw-0.30 ) | ||
ssl? ( | ||
pop3? ( sys-apps/ucspi-ssl ) | ||
) | ||
!mail-mta/courier | ||
!mail-mta/esmtp | ||
!mail-mta/exim | ||
!mail-mta/mini-qmail | ||
!mail-mta/msmtp[mta] | ||
!mail-mta/nullmailer | ||
!mail-mta/opensmtpd | ||
!mail-mta/postfix | ||
!mail-mta/qmail-ldap | ||
!mail-mta/sendmail | ||
!mail-mta/ssmtp[mta] | ||
" | ||
|
||
pkg_setup() { | ||
if [[ -n "${QMAIL_PATCH_DIR}" ]]; then | ||
eerror | ||
eerror "The QMAIL_PATCH_DIR variable for custom patches" | ||
eerror "has been removed from ${PN}. If you need custom patches" | ||
eerror "see 'user patches' in the portage manual." | ||
eerror | ||
die "QMAIL_PATCH_DIR is not supported anymore" | ||
fi | ||
} | ||
|
||
src_unpack() { | ||
genqmail_src_unpack | ||
use qmail-spp && qmail_spp_src_unpack | ||
|
||
unpack ${P}.tar.gz | ||
} | ||
|
||
PATCHES=( | ||
"${FILESDIR}/${PV}-exit.patch" | ||
"${FILESDIR}/${PV}-readwrite.patch" | ||
"${DISTDIR}/${QMAIL_LARGE_DNS}" | ||
"${FILESDIR}/${PV}-fbsd-utmpx.patch" | ||
"${FILESDIR}/${P}-ipme-multiple.patch" | ||
"${FILESDIR}/${P}-any-to-cname.patch" | ||
) | ||
|
||
src_prepare() { | ||
if ! use vanilla; then | ||
if use ssl; then | ||
# This patch contains relative paths and needs to be cleaned up. | ||
sed 's~^--- \.\./\.\./~--- ~g' \ | ||
< "${DISTDIR}"/${QMAIL_TLS_F} \ | ||
> "${T}"/${QMAIL_TLS_F} || die | ||
PATCHES+=( "${T}/${QMAIL_TLS_F}" | ||
"${DISTDIR}/${QMAIL_TLS_CVE}" | ||
"${FILESDIR}/qmail-smtputf8.patch" | ||
"${FILESDIR}/qmail-smtputf8-crlf-fix.patch" | ||
) | ||
fi | ||
if use highvolume; then | ||
PATCHES+=( "${DISTDIR}/${QMAIL_BIGTODO_F}" ) | ||
fi | ||
|
||
if use qmail-spp; then | ||
if use ssl; then | ||
SPP_PATCH="${QMAIL_SPP_S}/qmail-spp-smtpauth-tls-20060105.diff" | ||
else | ||
SPP_PATCH="${QMAIL_SPP_S}/netqmail-spp.diff" | ||
fi | ||
# make the patch work with "-p1" | ||
sed -e 's#^--- \([Mq]\)#--- a/\1#' -e 's#^+++ \([Mq]\)#+++ b/\1#' -i ${SPP_PATCH} || die | ||
|
||
PATCHES+=( "${SPP_PATCH}" ) | ||
fi | ||
fi | ||
|
||
default | ||
|
||
qmail_src_postunpack | ||
|
||
# Fix bug #33818 but for netqmail (Bug 137015) | ||
if ! use authcram; then | ||
einfo "Disabled CRAM_MD5 support" | ||
sed -e 's,^#define CRAM_MD5$,/*&*/,' -i "${S}"/qmail-smtpd.c || die | ||
else | ||
einfo "Enabled CRAM_MD5 support" | ||
fi | ||
|
||
ht_fix_file Makefile* | ||
} | ||
|
||
src_compile() { | ||
qmail_src_compile | ||
use qmail-spp && qmail_spp_src_compile | ||
} | ||
|
||
src_install() { | ||
qmail_src_install | ||
} | ||
|
||
pkg_postinst() { | ||
qmail_queue_setup | ||
qmail_rootmail_fixup | ||
qmail_tcprules_build | ||
|
||
qmail_config_notice | ||
qmail_supervise_config_notice | ||
elog | ||
elog "If you are looking for documentation, check those links:" | ||
elog "https://wiki.gentoo.org/wiki/Virtual_mail_hosting_with_qmail" | ||
elog " -- qmail/vpopmail Virtual Mail Hosting System Guide" | ||
elog "http://www.lifewithqmail.com/" | ||
elog " -- Life with qmail" | ||
elog | ||
} | ||
|
||
pkg_preinst() { | ||
qmail_tcprules_fixup | ||
} | ||
|
||
pkg_config() { | ||
# avoid some weird locale problems | ||
export LC_ALL=C | ||
|
||
qmail_config_fast | ||
qmail_tcprules_config | ||
qmail_tcprules_build | ||
|
||
use ssl && qmail_ssl_generate | ||
} |