Install control/ofmipfilters containing qmail-qfilter-addtlsheader, a

new filter to add a Received header with TLS protocol and ciphers. Add
qmail-qfilter-addtlsheader to control/smtpfilters, too. Bump acceptutils
dependency to get this program.

Point to qmail-qfilter-queue in tcp.ofmip and tcp.smtp. This replaces
the formerly separate qmail-queue wrappers for ofmipd and smtpd. Bump
rejectutils dependency to get this program.

rc.d scripts:

- ofmipd, pop3d, smtpd: let a standalone TLS key file be configured
  in rc.conf.
- ofmipd, pop3d: let pre- and post-checkpassword commands be configured
  in rc.conf.
- pop3d: fix typo in default TLS file paths.

Bump version.

mail/qmail-run/Makefile

@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.60 2018/11/24 17:12:00 schmonz Exp $
+# $NetBSD: Makefile,v 1.61 2018/11/28 16:22:41 schmonz Exp $
 #
 
-DISTNAME=		qmail-run-20181124.1
+DISTNAME=		qmail-run-20181128
 CATEGORIES=		mail
 MASTER_SITES=		# empty
 DISTFILES=		# empty
@@ -15,9 +15,9 @@ DEPENDS+=		greylisting-spp-[0-9]*:../../mail/greylisting-spp
 DEPENDS+=		pkg_alternatives-[0-9]*:../../pkgtools/pkg_alternatives
 DEPENDS_QMAIL=		qmail>=1.03nb41:../../mail/qmail
 DEPENDS+=		${DEPENDS_QMAIL}
-DEPENDS+=		qmail-acceptutils>=20181124.1:../../mail/qmail-acceptutils
+DEPENDS+=		qmail-acceptutils>=20181128:../../mail/qmail-acceptutils
 DEPENDS+=		qmail-qfilter>1.5nb1:../../mail/qmail-qfilter
-DEPENDS+=		qmail-rejectutils>=20181110:../../mail/qmail-rejectutils
+DEPENDS+=		qmail-rejectutils>=20181128:../../mail/qmail-rejectutils
 
 WRKSRC=			${WRKDIR}
 NO_BUILD=		yes
@@ -34,7 +34,8 @@ MESSAGE_SUBST+=		PKG_SYSCONFBASE=${PKG_SYSCONFBASE:Q}
 RCD_SCRIPTS=		qmail qmailofmipd qmailpop3d qmailqread qmailsend qmailsmtpd
 
 EGDIR=			share/examples/qmail-run
-.for f in defaultdelivery fixsmtpio signatures rcptchecks smtpfilters \
+.for f in defaultdelivery fixsmtpio signatures rcptchecks \
+	ofmipfilters smtpfilters \
 	pop3capabilities smtpcapabilities smtpplugins \
 	concurrencyincoming concurrencypop3 concurrencysubmission
 CONF_FILES+=		${PREFIX}/${EGDIR}/${f} \
@@ -77,13 +78,14 @@ SUBST_STAGE.paths=	pre-configure
 SUBST_FILES.paths=	mailer.conf
 SUBST_FILES.paths+=	greylisting-spp-with-exemptions ofmipd-with-user-cdb
 SUBST_FILES.paths+=	qmail-isspam-* qmail-procmail qmail-qread-client
-SUBST_FILES.paths+=	rcptchecks smtpfilters smtpplugins tcp.*
+SUBST_FILES.paths+=	rcptchecks ofmipfilters smtpfilters smtpplugins tcp.*
 SUBST_VARS.paths=	PKGNAME PKG_SYSCONFDIR PREFIX
 SUBST_VARS.paths+=	CAT ECHO GREP SED SH SORT TRUE
 
 post-extract:
 	for f in README.pkgsrc mailer.conf \
-		defaultdelivery fixsmtpio signatures rcptchecks smtpfilters \
+		defaultdelivery fixsmtpio signatures rcptchecks \
+		ofmipfilters smtpfilters \
 		pop3capabilities smtpcapabilities smtpplugins \
 		concurrencyincoming concurrencypop3 concurrencysubmission \
 		tcp.ofmip tcp.pop3 tcp.smtp; do \
@@ -103,7 +105,8 @@ do-install:
 	done
 	${INSTALL_DATA} ${WRKDIR}/README.pkgsrc \
 		${DESTDIR}${PREFIX}/share/doc/qmail-run
-	for f in defaultdelivery fixsmtpio signatures rcptchecks smtpfilters \
+	for f in defaultdelivery fixsmtpio signatures rcptchecks \
+		ofmipfilters smtpfilters \
 		pop3capabilities smtpcapabilities smtpplugins \
 		concurrencyincoming concurrencypop3 concurrencysubmission \
 		tcp.ofmip tcp.pop3 tcp.smtp; do \

mail/qmail-run/PLIST

@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.17 2018/11/14 16:46:58 schmonz Exp $
+@comment $NetBSD: PLIST,v 1.18 2018/11/28 16:22:41 schmonz Exp $
 bin/greylisting-spp-with-exemptions
 bin/ofmipd-with-user-cdb
 bin/qmail-isspam-rspamd
@@ -15,6 +15,7 @@ share/examples/qmail-run/greylist-database
 share/examples/qmail-run/greylist-exemptrcpthosts
 share/examples/qmail-run/greylist-exemptrcpts
 share/examples/qmail-run/mailer.conf
+share/examples/qmail-run/ofmipfilters
 share/examples/qmail-run/pop3capabilities
 share/examples/qmail-run/rcptchecks
 share/examples/qmail-run/signatures

mail/qmail-run/files/ofmipfilters

@@ -0,0 +1,2 @@
+#@PREFIX@/bin/pymsgauth-filter
+@PREFIX@/bin/qmail-qfilter-addtlsheader

mail/qmail-run/files/qmailofmipd.sh

@@ -1,6 +1,6 @@
 #!@RCD_SCRIPTS_SHELL@
 #
-# $NetBSD: qmailofmipd.sh,v 1.16 2018/11/13 16:34:58 schmonz Exp $
+# $NetBSD: qmailofmipd.sh,v 1.17 2018/11/28 16:22:41 schmonz Exp $
 #
 # @PKGNAME@ script to control ofmipd (SMTP submission service).
 #
@@ -18,8 +18,9 @@ name="qmailofmipd"
 : ${qmailofmipd_datalimit:="360000000"}
 : ${qmailofmipd_pretcpserver:=""}
 : ${qmailofmipd_tcpserver:="@PREFIX@/bin/sslserver"}
-: ${qmailofmipd_preofmipd:=""}
+: ${qmailofmipd_preofmipd:="@PREFIX@/bin/checknotroot @PREFIX@/bin/fixsmtpio"}
 : ${qmailofmipd_ofmipdcmd:="@PREFIX@/bin/ofmipd-with-user-cdb"}
+: ${qmailofmipd_precheckpassword:="@PREFIX@/bin/reup -t 5 @PREFIX@/bin/authup smtp"}
 : ${qmailofmipd_checkpassword:="@PREFIX@/bin/nbcheckpassword"}
 : ${qmailofmipd_postofmipd:=""}
 : ${qmailofmipd_log:="YES"}
@@ -28,6 +29,7 @@ name="qmailofmipd"
 : ${qmailofmipd_tls:="auto"}
 : ${qmailofmipd_tls_dhparams:="@PKG_SYSCONFDIR@/control/dh2048.pem"}
 : ${qmailofmipd_tls_cert:="@PKG_SYSCONFDIR@/control/servercert.pem"}
+: ${qmailofmipd_tls_key:=""}
 
 if [ -f /etc/rc.subr ]; then
 	. /etc/rc.subr
@@ -71,6 +73,9 @@ qmailofmipd_disable_tls() {
 qmailofmipd_enable_tls() {
 	qmailofmipd_postenv="${qmailofmipd_postenv} DHFILE=${qmailofmipd_tls_dhparams}"
 	qmailofmipd_postenv="${qmailofmipd_postenv} CERTFILE=${qmailofmipd_tls_cert}"
+	if [ -f "${qmailofmipd_tls_key}" ]; then
+		qmailofmipd_postenv="${qmailofmipd_postenv} KEYFILE=${qmailofmipd_tls_key}"
+	fi
 }
 
 qmailofmipd_precmd()
@@ -88,8 +93,7 @@ qmailofmipd_precmd()
 ${qmailofmipd_tcpflags} -x @PKG_SYSCONFDIR@/tcp.ofmip.cdb
 -c `@HEAD@ -1 @PKG_SYSCONFDIR@/control/concurrencysubmission`
 ${qmailofmipd_tcphost} ${qmailofmipd_tcpport}
-@PREFIX@/bin/reup -t 5 @PREFIX@/bin/authup smtp
-${qmailofmipd_checkpassword} @PREFIX@/bin/checknotroot @PREFIX@/bin/fixsmtpio
+${qmailofmipd_precheckpassword} ${qmailofmipd_checkpassword}
 ${qmailofmipd_preofmipd} ${qmailofmipd_ofmipdcmd} ${qmailofmipd_postofmipd}
 2>&1 |
 @PREFIX@/bin/pgrphack @PREFIX@/bin/setuidgid @QMAIL_LOG_USER@ ${qmailofmipd_logcmd}"

mail/qmail-run/files/qmailpop3d.sh

@@ -1,6 +1,6 @@
 #!@RCD_SCRIPTS_SHELL@
 #
-# $NetBSD: qmailpop3d.sh,v 1.24 2018/11/08 20:57:28 schmonz Exp $
+# $NetBSD: qmailpop3d.sh,v 1.25 2018/11/28 16:22:41 schmonz Exp $
 #
 # @PKGNAME@ script to control qmail-pop3d (POP3 server for Maildirs).
 #
@@ -17,16 +17,18 @@ name="qmailpop3d"
 : ${qmailpop3d_datalimit:="180000000"}
 : ${qmailpop3d_pretcpserver:=""}
 : ${qmailpop3d_tcpserver:="@PREFIX@/bin/sslserver"}
-: ${qmailpop3d_prepop3d:=""}
+: ${qmailpop3d_prepop3d:="@PREFIX@/bin/checknotroot"}
 : ${qmailpop3d_pop3dcmd:="@PREFIX@/bin/qmail-pop3d"}
+: ${qmailpop3d_precheckpassword:="@PREFIX@/bin/authup pop3"}
 : ${qmailpop3d_checkpassword:="@PREFIX@/bin/nbcheckpassword"}
-: ${qmailpop3d_maildirname:="Maildir"}
+: ${qmailpop3d_postpop3d:="Maildir"}
 : ${qmailpop3d_log:="YES"}
 : ${qmailpop3d_logcmd:="logger -t nbqmail/pop3d -p mail.info"}
 : ${qmailpop3d_nologcmd:="@PREFIX@/bin/multilog -*"}
 : ${qmailpop3d_tls:="auto"}
-: ${qmailpop3pd_tls_dhparams:="@PKG_SYSCONFDIR@/control/dh2048.pem"}
-: ${qmailpop3pd_tls_cert:="@PKG_SYSCONFDIR@/control/servercert.pem"}
+: ${qmailpop3d_tls_dhparams:="@PKG_SYSCONFDIR@/control/dh2048.pem"}
+: ${qmailpop3d_tls_cert:="@PKG_SYSCONFDIR@/control/servercert.pem"}
+: ${qmailpop3d_tls_key:=""}
 
 if [ -f /etc/rc.subr ]; then
 	. /etc/rc.subr
@@ -68,6 +70,9 @@ qmailpop3d_disable_tls() {
 qmailpop3d_enable_tls() {
 	qmailpop3d_postenv="${qmailpop3d_postenv} DHFILE=${qmailpop3d_tls_dhparams}"
 	qmailpop3d_postenv="${qmailpop3d_postenv} CERTFILE=${qmailpop3d_tls_cert}"
+	if [ -f "${qmailpop3d_tls_key}" ]; then
+		qmailpop3d_postenv="${qmailpop3d_postenv} KEYFILE=${qmailpop3d_tls_key}"
+	fi
 }
 
 qmailpop3d_precmd()
@@ -85,9 +90,8 @@ qmailpop3d_precmd()
 ${qmailpop3d_tcpflags} -x @PKG_SYSCONFDIR@/tcp.pop3.cdb
 -c `@HEAD@ -1 @PKG_SYSCONFDIR@/control/concurrencypop3`
 ${qmailpop3d_tcphost} ${qmailpop3d_tcpport}
-@PREFIX@/bin/authup pop3
-${qmailpop3d_checkpassword} @PREFIX@/bin/checknotroot
-${qmailpop3d_prepop3d} ${qmailpop3d_pop3dcmd} ${qmailpop3d_maildirname}
+${qmailpop3d_precheckpassword} ${qmailpop3d_checkpassword}
+${qmailpop3d_prepop3d} ${qmailpop3d_pop3dcmd} ${qmailpop3d_postpop3d}
 2>&1 |
 @PREFIX@/bin/pgrphack @PREFIX@/bin/setuidgid @QMAIL_LOG_USER@ ${qmailpop3d_logcmd}"
 	command_args="&"

mail/qmail-run/files/qmailsmtpd.sh

@@ -1,6 +1,6 @@
 #!@RCD_SCRIPTS_SHELL@
 #
-# $NetBSD: qmailsmtpd.sh,v 1.21 2018/11/13 16:34:58 schmonz Exp $
+# $NetBSD: qmailsmtpd.sh,v 1.22 2018/11/28 16:22:41 schmonz Exp $
 #
 # @PKGNAME@ script to control qmail-smtpd (SMTP service).
 #
@@ -27,6 +27,7 @@ name="qmailsmtpd"
 : ${qmailsmtpd_tls:="auto"}
 : ${qmailsmtpd_tls_dhparams:="@PKG_SYSCONFDIR@/control/dh2048.pem"}
 : ${qmailsmtpd_tls_cert:="@PKG_SYSCONFDIR@/control/servercert.pem"}
+: ${qmailsmtpd_tls_key:=""}
 
 if [ -f /etc/rc.subr ]; then
 	. /etc/rc.subr
@@ -68,6 +69,9 @@ qmailsmtpd_disable_tls() {
 qmailsmtpd_enable_tls() {
 	qmailsmtpd_postenv="${qmailsmtpd_postenv} DHFILE=${qmailsmtpd_tls_dhparams}"
 	qmailsmtpd_postenv="${qmailsmtpd_postenv} CERTFILE=${qmailsmtpd_tls_cert}"
+	if [ -f "${qmailsmtpd_tls_key}" ]; then
+		qmailsmtpd_postenv="${qmailsmtpd_postenv} KEYFILE=${qmailsmtpd_tls_key}"
+	fi
 }
 
 qmailsmtpd_precmd()

mail/qmail-run/files/smtpfilters

@@ -1 +1,2 @@
 @PREFIX@/bin/qmail-qfilter-viruscan
+@PREFIX@/bin/qmail-qfilter-addtlsheader

mail/qmail-run/files/tcp.ofmip

@@ -1 +1 @@
-:allow,UCSPITLS="!",QMAILQUEUE="@PREFIX@/bin/qmail-qfilter-ofmipd-queue",PYMSGAUTH_TOLERATE_UNCONFIGURED="1"
+:allow,UCSPITLS="!",QMAILQUEUE="@PREFIX@/bin/qmail-qfilter-queue",QMAILQUEUEFILTERS="control/ofmipfilters",PYMSGAUTH_TOLERATE_UNCONFIGURED="1"

mail/qmail-run/files/tcp.smtp

@@ -1,2 +1,2 @@
 127.:allow,RELAYCLIENT=""
-:allow,UCSPITLS="",GREETDELAY="2",GL_DATABASE="@PKG_SYSCONFDIR@/control/greylist/database",GL_VERBOSE="1",QMAILQUEUE="@PREFIX@/bin/qmail-qfilter-smtpd-queue"
+:allow,UCSPITLS="",GREETDELAY="2",GL_DATABASE="@PKG_SYSCONFDIR@/control/greylist/database",GL_VERBOSE="1",QMAILQUEUE="@PREFIX@/bin/qmail-qfilter-queue",QMAILQUEUEFILTERS="control/smtpfilters"