Bug 225664 - mail/postfix: add blacklistd(8) support
Summary: mail/postfix: add blacklistd(8) support
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Olli Hauer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-02-04 16:10 UTC by Koichiro Iwao
Modified: 2019-01-09 09:16 UTC (History)
5 users (show)

See Also:
bugzilla: maintainer-feedback? (ohauer)


Attachments
patch (3.76 KB, text/plain)
2018-02-04 16:10 UTC, Koichiro Iwao
no flags Details
patch-postfix-3.3.0.r1,1-blacklistd.txt (12.11 KB, patch)
2018-02-14 04:34 UTC, Koichiro Iwao
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Koichiro Iwao freebsd_committer 2018-02-04 16:10:08 UTC
Created attachment 190316 [details]
patch

Hi, 

NetBSD has introduced blacklistd support to postfix.
https://github.com/NetBSD/src/commit/3ae4028

I've imported it to mail/postfix.

The purpose to support blacklistd in postfix is to block SMTP-AUTH brute-force
attack on 587/tcp or 465/tcp. This patch inserts notification of SASL 
authentication failure.

Probably some more changes will be needed before merge but let's discuss.
Comment 1 Koichiro Iwao freebsd_committer 2018-02-14 04:34:27 UTC
Created attachment 190602 [details]
patch-postfix-3.3.0.r1,1-blacklistd.txt

Updated patch to 3.3.0.r1.
Comment 2 commit-hook freebsd_committer 2018-02-25 15:27:44 UTC
A commit references this bug:

Author: ohauer
Date: Sun Feb 25 15:27:31 UTC 2018
New revision: 462959
URL: https://svnweb.freebsd.org/changeset/ports/462959

Log:
  - update to 3.3.0
  - add patch for MySQL 8.x [1}
  - add blacklistd support [2]

  additional:
  - regenerate patch for src/util/sys_defs.h

  Release Notes:
  ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-3.3.0.RELEASE_NOTES

  PR:		220224 [1], 225664 [2]
  Submitted by:	Klaus Mayr [1], Koichiro IWAO [2]

Changes:
  head/mail/postfix/Makefile
  head/mail/postfix/distinfo
  head/mail/postfix/files/extra-patch-blacklistd
  head/mail/postfix/files/patch-src__util__sys_defs.h
  head/mail/postfix/files/patch-src_global_dict__mysql.c
  head/mail/postfix/files/patch-src_util_sys__defs.h
Comment 3 commit-hook freebsd_committer 2018-02-25 15:39:59 UTC
A commit references this bug:

Author: ohauer
Date: Sun Feb 25 15:39:08 UTC 2018
New revision: 462961
URL: https://svnweb.freebsd.org/changeset/ports/462961

Log:
  - update to 3.4-20180222
  - add patch for MySQL 8.x [1}
  - add blacklistd support [2]

  additional:
   regenerate patch for src/util/sys_defs.h

  PR:           220224 [1], 225664 [2]
  Submitted by: Klaus Mayr [1], Koichiro IWAO [2]

Changes:
  head/mail/postfix-current/Makefile
  head/mail/postfix-current/distinfo
  head/mail/postfix-current/files/extra-patch-blacklistd
  head/mail/postfix-current/files/patch-src__util__sys_defs.h
  head/mail/postfix-current/files/patch-src_global_dict__mysql.c
  head/mail/postfix-current/files/patch-src_util_sys__defs.h
Comment 4 Olli Hauer freebsd_committer 2018-02-25 15:55:49 UTC
Thanks for the patch, it is now included in postfix and postfix-current
Comment 5 patpro 2018-06-10 07:10:32 UTC
(In reply to Olli Hauer from comment #4)

If I understand correctly, this patch only adds an option to the port (disabled by default). Any chance the option gets enabled by default and makes it into the pkg?

thanks
Comment 6 Olli Hauer freebsd_committer 2018-06-11 05:45:18 UTC
(In reply to patpro from comment #5)
It will be possible in the future, when all FreeBSD versions without blacklistd(8) are EOL
Comment 7 Koichiro Iwao freebsd_committer 2018-06-19 02:47:44 UTC
(In reply to Olli Hauer from comment #6)
Or can we enable blacklistd option by default depending on OS version?
Comment 8 Olli Hauer freebsd_committer 2018-06-19 04:07:01 UTC
(In reply to Koichiro Iwao from comment #7)
Technical possible, but should be avoided so package options are consistent on all supported FreeBSD releases.
10.4 will be soon EoL, I think after that date it would be an option
https://www.freebsd.org/security/security.html#sup
Comment 9 Koichiro Iwao freebsd_committer 2018-06-19 04:18:54 UTC
(In reply to Koichiro Iwao from comment #7)
Understood, thanks!
Comment 10 Koichiro Iwao freebsd_committer 2018-10-23 09:43:06 UTC
Now isn't it a time to enable blacklistd patch by default?
All supported version of FreeBSD now have blacklistd, right?
Comment 11 FUJIURA Toyonori 2018-12-24 13:46:10 UTC
(In reply to Olli Hauer from comment #8)
I'm waiting for the postfix package with blacklistd support.
When is this patch turned on?
Comment 12 Koichiro Iwao freebsd_committer 2019-01-09 09:16:04 UTC
(In reply to FUJIURA Toyonori from comment #11)

I'll address the issue.