Bug 225664 - mail/postfix: add blacklistd(8) support
Summary: mail/postfix: add blacklistd(8) support
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Olli Hauer
URL:
Keywords:
Depends on:
Blocks: 243978
  Show dependency treegraph
 
Reported: 2018-02-04 16:10 UTC by Koichiro Iwao
Modified: 2020-02-08 11:18 UTC (History)
5 users (show)

See Also:
bugzilla: maintainer-feedback? (ohauer)

Attachments
patch (3.76 KB, text/plain)
2018-02-04 16:10 UTC, Koichiro Iwao 		no flags Details
patch-postfix-3.3.0.r1,1-blacklistd.txt (12.11 KB, patch)
2018-02-14 04:34 UTC, Koichiro Iwao 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Koichiro Iwao freebsd_committer freebsd_triage 2018-02-04 16:10:08 UTC 
Created attachment 190316 [details]
patch

Hi, 

NetBSD has introduced blacklistd support to postfix.
https://github.com/NetBSD/src/commit/3ae4028

I've imported it to mail/postfix.

The purpose to support blacklistd in postfix is to block SMTP-AUTH brute-force
attack on 587/tcp or 465/tcp. This patch inserts notification of SASL 
authentication failure.

Probably some more changes will be needed before merge but let's discuss.
Comment 1 Koichiro Iwao freebsd_committer freebsd_triage 2018-02-14 04:34:27 UTC 
Created attachment 190602 [details]
patch-postfix-3.3.0.r1,1-blacklistd.txt

Updated patch to 3.3.0.r1.
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-02-25 15:27:44 UTC 
A commit references this bug:

Author: ohauer
Date: Sun Feb 25 15:27:31 UTC 2018
New revision: 462959
URL: https://svnweb.freebsd.org/changeset/ports/462959

Log:
  - update to 3.3.0
  - add patch for MySQL 8.x [1}
  - add blacklistd support [2]

  additional:
  - regenerate patch for src/util/sys_defs.h

  Release Notes:
  ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-3.3.0.RELEASE_NOTES

  PR:		220224 [1], 225664 [2]
  Submitted by:	Klaus Mayr [1], Koichiro IWAO [2]

Changes:
  head/mail/postfix/Makefile
  head/mail/postfix/distinfo
  head/mail/postfix/files/extra-patch-blacklistd
  head/mail/postfix/files/patch-src__util__sys_defs.h
  head/mail/postfix/files/patch-src_global_dict__mysql.c
  head/mail/postfix/files/patch-src_util_sys__defs.h
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-02-25 15:39:59 UTC 
A commit references this bug:

Author: ohauer
Date: Sun Feb 25 15:39:08 UTC 2018
New revision: 462961
URL: https://svnweb.freebsd.org/changeset/ports/462961

Log:
  - update to 3.4-20180222
  - add patch for MySQL 8.x [1}
  - add blacklistd support [2]

  additional:
   regenerate patch for src/util/sys_defs.h

  PR:           220224 [1], 225664 [2]
  Submitted by: Klaus Mayr [1], Koichiro IWAO [2]

Changes:
  head/mail/postfix-current/Makefile
  head/mail/postfix-current/distinfo
  head/mail/postfix-current/files/extra-patch-blacklistd
  head/mail/postfix-current/files/patch-src__util__sys_defs.h
  head/mail/postfix-current/files/patch-src_global_dict__mysql.c
  head/mail/postfix-current/files/patch-src_util_sys__defs.h
Comment 4 Olli Hauer freebsd_committer freebsd_triage 2018-02-25 15:55:49 UTC 
Thanks for the patch, it is now included in postfix and postfix-current
Comment 5 patpro 2018-06-10 07:10:32 UTC 
(In reply to Olli Hauer from comment #4)

If I understand correctly, this patch only adds an option to the port (disabled by default). Any chance the option gets enabled by default and makes it into the pkg?

thanks
Comment 6 Olli Hauer freebsd_committer freebsd_triage 2018-06-11 05:45:18 UTC 
(In reply to patpro from comment #5)
It will be possible in the future, when all FreeBSD versions without blacklistd(8) are EOL
Comment 7 Koichiro Iwao freebsd_committer freebsd_triage 2018-06-19 02:47:44 UTC 
(In reply to Olli Hauer from comment #6)
Or can we enable blacklistd option by default depending on OS version?
Comment 8 Olli Hauer freebsd_committer freebsd_triage 2018-06-19 04:07:01 UTC 
(In reply to Koichiro Iwao from comment #7)
Technical possible, but should be avoided so package options are consistent on all supported FreeBSD releases.
10.4 will be soon EoL, I think after that date it would be an option
https://www.freebsd.org/security/security.html#sup
Comment 9 Koichiro Iwao freebsd_committer freebsd_triage 2018-06-19 04:18:54 UTC 
(In reply to Koichiro Iwao from comment #7)
Understood, thanks!
Comment 10 Koichiro Iwao freebsd_committer freebsd_triage 2018-10-23 09:43:06 UTC 
Now isn't it a time to enable blacklistd patch by default?
All supported version of FreeBSD now have blacklistd, right?
Comment 11 FUJIURA Toyonori 2018-12-24 13:46:10 UTC 
(In reply to Olli Hauer from comment #8)
I'm waiting for the postfix package with blacklistd support.
When is this patch turned on?
Comment 12 Koichiro Iwao freebsd_committer freebsd_triage 2019-01-09 09:16:04 UTC 
(In reply to FUJIURA Toyonori from comment #11)

I'll address the issue.