Add support for working with blacklistd. These patches were

originally created for FreeBSD and were ported to pkgsrc by Hauke Fath with some cleanup by myself. These patches add a new "UseBlacklist" option to sendmail to have it send authentication failure notices to blacklistd.
2019-07-15 04:32:49 +00:00 · 2019-07-15 04:32:49 +00:00 · b243d8a934
commit b243d8a934
parent e5db186a98
13 changed files with 303 additions and 31 deletions
--- a/mail/sendmail/Makefile
+++ b/mail/sendmail/Makefile
@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.131 2019/07/15 02:06:42 jnemeth Exp $
+# $NetBSD: Makefile,v 1.132 2019/07/15 04:32:49 jnemeth Exp $

 PKGNAME=	sendmail-${DIST_VERS}
-PKGREVISION=	3
+PKGREVISION=	4
 COMMENT=	The well known Mail Transport Agent

 CONFLICTS+=	courier-mta-[0-9]* fastforward>=0.51nb2 postfix-[0-9]*
@ -106,6 +106,9 @@ post-patch: make-sendmail-siteconfig
 .if !empty(PKG_OPTIONS:Msendmail-ffr-badrcptshutdown)
 	cat ${FILESDIR}/site.config.m4-ffr_badrcptshutdown >>${SITECONFIG}
 .endif
+.if !empty(PKG_OPTIONS:Mblacklistd)
+	cat ${FILESDIR}/site.config.m4-blacklistd >>${SITECONFIG}
+.endif

 post-extract:
 	cp ${FILESDIR}/mailer.conf ${WRKDIR}/mailer.conf
--- a/mail/sendmail/distinfo
+++ b/mail/sendmail/distinfo
@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.58 2018/12/05 12:10:21 bsiegert Exp $
+$NetBSD: distinfo,v 1.59 2019/07/15 04:32:49 jnemeth Exp $

 SHA1 (sendmail.8.15.2.tar.gz) = 5801d4b06f4e38ef228a5954a44d17636eaa5a16
 RMD160 (sendmail.8.15.2.tar.gz) = 1fe2210e1ded1fe2ee640fceb1de29f19ceaa8e4
@ -10,19 +10,19 @@ SHA1 (patch-ag) = f76de45c7e8d16207670e151265b7edbca4c045c
 SHA1 (patch-ah) = e6be09008b9230ffdd1560aaacbdbb2ee4fb8028
 SHA1 (patch-ai) = 0bd3676dce988cf1167fae09443da0d1a1363abb
 SHA1 (patch-aj) = e65e6fe44380de2f9c397c1a97677eb4ad285433
-SHA1 (patch-an) = 739c9081979bdb3eb77b117fd905c2875a1fc064
+SHA1 (patch-an) = 56b8b82880b9ef8fefd7cbbe98dad30b8db753f1
 SHA1 (patch-ao) = 88dd76b71ad57a8d0efdb6e8518ff01689ecf634
 SHA1 (patch-ap) = 9c83d9ed1b4d8c851c106597638763515923a4ab
 SHA1 (patch-aq) = 722382daf085ac2f4a06d0c812bb00f49bcdfd2c
-SHA1 (patch-ar) = d68984a057d7a0a674a8d46cf903585c8279f7a8
+SHA1 (patch-ar) = 1ecf39ddded8504079c5c446625bf9ad9497044f
 SHA1 (patch-as) = 652b107d5f68507a0b2fb7c5402186eff96c6bc0
 SHA1 (patch-at) = 7c206df88d29671faef950276a5119ef2f525f4b
 SHA1 (patch-au) = 87e907f36482f3ca03754160bc1ee106e17e3aaa
 SHA1 (patch-av) = 1b6bd4547930507ab67427bcf8a390c0afce0fb0
-SHA1 (patch-aw) = 9077b9fc4063bd1a66500b203d246bcddae8eb0f
+SHA1 (patch-aw) = 33066ae7770e7f8ea6520b3fc0ecbe46dd4d958d
 SHA1 (patch-ax) = adba9177404e10d5f461e1e8f0c4dd5840d78dd1
 SHA1 (patch-ay) = 94f9c633c1d15037ddd0a6ed46a4f3aaec236fc2
-SHA1 (patch-az) = 592ec93f700723485a5969ae1f1836c64975d1d0
+SHA1 (patch-az) = 5885c524fcae3a314c07eadf661bbe6ae1c081e7
 SHA1 (patch-ba) = c190b11b9874f00a18b9c75b6e734f4a9dd3f68f
 SHA1 (patch-bb) = 6c86a60af25b02fc0389f1d40f59c5031d9679f1
 SHA1 (patch-bc) = 9e7346342dfe1ca5d84053b913df4be41a979683
@ -31,3 +31,7 @@ SHA1 (patch-be) = d2f3397b7880f23f8cbd5d3c4eb5ccfe6a6ca75b
 SHA1 (patch-bf) = 9c5faf5b38c18623e5ce4ffafc00a4430965e41a
 SHA1 (patch-bg) = 17b750d84333eacd39a23aa313d5ba24dc7d2156
 SHA1 (patch-bk) = 0b0b85fb6c5c80c8419c783dc3e35d28edbdb70b
+SHA1 (patch-bl) = 4fff262691deb2fcacf5013bfeb5aede45783dcd
+SHA1 (patch-bm) = a30f2152407a1f5ac84d95f5c28c506b5645f4bc
+SHA1 (patch-bn) = 3af37c9d3523d6093181ae3b7d4c25bc8173b7f9
+SHA1 (patch-bo) = b92941be46a3dc86226a774b5df31ce62e9fbc17
--- a/mail/sendmail/files/site.config.m4-blacklistd
+++ b/mail/sendmail/files/site.config.m4-blacklistd
@ -0,0 +1,5 @@
+# $Id: site.config.m4-blacklistd,v 1.1 2019/07/15 04:32:49 jnemeth Exp $
+
+APPENDDEF(`conf_sendmail_ENVDEF', `-DUSE_BLACKLIST')
+APPENDDEF(`conf_sendmail_LIBS', `-lblacklist')
+
--- a/mail/sendmail/files/site.config.m4-sasl2
+++ b/mail/sendmail/files/site.config.m4-sasl2
@ -1,8 +1,9 @@
-# $NetBSD: site.config.m4-sasl2,v 1.3 2014/06/20 16:26:55 jnemeth Exp $
+# $NetBSD: site.config.m4-sasl2,v 1.4 2019/07/15 04:32:49 jnemeth Exp $

 # enable SASL 2
 APPENDDEF(`confENVDEF', `-DSASL=2')
 APPENDDEF(`conf_sendmail_LIBS', `-lsasl2')

-# for some strange reason SASL, and NAMED_RESN and MILTER are incompatible
-APPENDDEF(`confENVDEF', `-DNAMED_RESN=0')
+# XXX JMN  always enable NAMED_RESN for now
+## for some strange reason SASL, and NAMED_RESN and MILTER are incompatible
+#APPENDDEF(`confENVDEF', `-DNAMED_RESN=0')
--- a/mail/sendmail/options.mk
+++ b/mail/sendmail/options.mk
@ -1,10 +1,17 @@
-# $NetBSD: options.mk,v 1.24 2019/07/15 02:06:42 jnemeth Exp $
+# $NetBSD: options.mk,v 1.25 2019/07/15 04:32:49 jnemeth Exp $

 PKG_OPTIONS_VAR=	PKG_OPTIONS.sendmail
 PKG_SUPPORTED_OPTIONS=	inet6 db2 db4 ldap sasl tls tcpwrappers
 PKG_SUPPORTED_OPTIONS+=	sendmail-ffr-tls sendmail-ffr-badrcptshutdown
 PKG_SUGGESTED_OPTIONS=	inet6 tcpwrappers tls

+.include "../../mk/bsd.prefs.mk"
+
+.if ${OPSYS} == "NetBSD" || ${OPSYS} == "FreeBSD"
+PKG_SUPPORTED_OPTIONS+=	blacklistd
+PKG_SUGGESTED_OPTIONS+=	blacklistd
+.endif
+
 PKG_OPTIONS_LEGACY_OPTS+=	starttls:tls ffr_tls_1:sendmail-ffr-tls

 .include "../../mk/bsd.options.mk"
@ -62,3 +69,9 @@ PKG_OPTIONS_LEGACY_OPTS+=	starttls:tls ffr_tls_1:sendmail-ffr-tls
 ###
 .if !empty(PKG_OPTIONS:Minet6)
 .endif
+
+###
+### NetBSD blacklistd(8) support.
+###
+# Nothing to do here, activation is done in Makefile
+
--- a/mail/sendmail/patches/patch-an
+++ b/mail/sendmail/patches/patch-an
@ -1,8 +1,8 @@
-$NetBSD: patch-an,v 1.2 2014/06/20 05:24:32 jnemeth Exp $
+$NetBSD: patch-an,v 1.3 2019/07/15 04:32:49 jnemeth Exp $

--- sendmail/Makefile.m4.orig	2014-05-16 20:40:15.000000000 +0000
+--- sendmail/Makefile.m4.orig	2015-06-19 12:59:29.000000000 +0000
 +++ sendmail/Makefile.m4
-@@ -4,7 +4,7 @@ include(confBUILDTOOLSDIR`/M4/switch.m4'
+@@ -4,9 +4,10 @@ include(confBUILDTOOLSDIR`/M4/switch.m4'
 define(`confREQUIRE_LIBSM', `true')
 define(`confREQUIRE_SM_OS_H', `true')
 bldPRODUCT_START(`executable', `sendmail')
@ -10,8 +10,11 @@ $NetBSD: patch-an,v 1.2 2014/06/20 05:24:32 jnemeth Exp $
 +dnl define(`bldBIN_TYPE', `G')
 define(`bldINSTALL_DIR', `')
 define(`bldSOURCES', `main.c alias.c arpadate.c bf.c collect.c conf.c control.c convtime.c daemon.c deliver.c domain.c envelope.c err.c headers.c macro.c map.c mci.c milter.c mime.c parseaddr.c queue.c ratectrl.c readcf.c recipient.c sasl.c savemail.c sfsasl.c shmticklib.c sm_resolve.c srvrsmtp.c stab.c stats.c sysexits.c timers.c tls.c trace.c udb.c usersmtp.c util.c version.c ')
+APPENDDEF(`bldSOURCES',`blacklist.c ')
 PREPENDDEF(`confENVDEF', `confMAPDEF')
-@@ -68,7 +68,7 @@ ifdef(`confNO_STATISTICS_INSTALL',, `bld
+ bldPUSH_SMLIB(`sm')
+ bldPUSH_SMLIB(`smutil')
+@@ -68,7 +69,7 @@ ifdef(`confNO_STATISTICS_INSTALL',, `bld
 divert(bldTARGETS_SECTION)
 
 install-set-user-id: bldCURRENT_PRODUCT ifdef(`confNO_HELPFILE_INSTALL',, `install-hf') ifdef(`confNO_STATISTICS_INSTALL',, `install-st') ifdef(`confNO_MAN_BUILD',, `install-docs')
@ -20,7 +23,7 @@ $NetBSD: patch-an,v 1.2 2014/06/20 05:24:32 jnemeth Exp $
 	for i in ${sendmailTARGET_LINKS}; do \
 		rm -f $$i; \
 		${LN} ${LNOPTS} ${M`'BINDIR}/sendmail $$i; \
-@@ -76,7 +76,7 @@ install-set-user-id: bldCURRENT_PRODUCT 
+@@ -76,7 +77,7 @@ install-set-user-id: bldCURRENT_PRODUCT 
 
 define(`confMTA_LINKS', `${DESTDIR}${UBINDIR}/newaliases ${DESTDIR}${UBINDIR}/mailq ${DESTDIR}${UBINDIR}/hoststat ${DESTDIR}${UBINDIR}/purgestat')
 install-sm-mta: bldCURRENT_PRODUCT
@ -29,7 +32,7 @@ $NetBSD: patch-an,v 1.2 2014/06/20 05:24:32 jnemeth Exp $
 	for i in confMTA_LINKS; do \
 		rm -f $$i; \
 		${LN} ${LNOPTS} ${M`'BINDIR}/sm-mta $$i; \
-@@ -84,14 +84,14 @@ install-sm-mta: bldCURRENT_PRODUCT
+@@ -84,14 +85,14 @@ install-sm-mta: bldCURRENT_PRODUCT
 
 install-hf:
 	if [ ! -d ${DESTDIR}${HFDIR} ]; then mkdir -p ${DESTDIR}${HFDIR}; else :; fi
--- a/mail/sendmail/patches/patch-ar
+++ b/mail/sendmail/patches/patch-ar
@ -1,6 +1,6 @@
-$NetBSD: patch-ar,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
+$NetBSD: patch-ar,v 1.2 2019/07/15 04:32:49 jnemeth Exp $

--- sendmail/daemon.c.orig	2014-05-16 20:40:15.000000000 +0000
+--- sendmail/daemon.c.orig	2015-02-28 00:50:03.000000000 +0000
 +++ sendmail/daemon.c
@@ -57,6 +57,10 @@ SM_RCSID("@(#)$Id: daemon.c,v 8.698 2013
 # endif /* HAS_IN_H */
@ -13,7 +13,16 @@ $NetBSD: patch-ar,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
 #include <sm/fdset.h>
 
 #define DAEMON_C 1
-@@ -2295,16 +2299,16 @@ makeconnection(host, port, mci, e, enoug
+@@ -754,6 +758,8 @@ getrequests(e)
+ 						anynet_ntoa(&RealHostAddr));
+ 			}
+ 
+			BLACKLIST_INIT();
+
+ 			if (pipefd[0] != -1)
+ 			{
+ 				auto char c;
+@@ -2298,16 +2304,16 @@ makeconnection(host, port, mci, e, enoug
 				if (hp == NULL && p[-1] == '.')
 				{
 #if NAMED_BIND
@ -33,7 +42,7 @@ $NetBSD: patch-ar,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
 #endif /* NAMED_BIND */
 				}
 				*p = ']';
-@@ -2333,15 +2337,15 @@ makeconnection(host, port, mci, e, enoug
+@@ -2336,15 +2342,15 @@ makeconnection(host, port, mci, e, enoug
 			if (hp == NULL && *p == '.')
 			{
 #if NAMED_BIND
@ -52,7 +61,7 @@ $NetBSD: patch-ar,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
 #endif /* NAMED_BIND */
 			}
 		}
-@@ -4005,13 +4009,13 @@ host_map_lookup(map, name, av, statp)
+@@ -4007,13 +4013,13 @@ host_map_lookup(map, name, av, statp)
 #if NAMED_BIND
 	if (map->map_timeout > 0)
 	{
@ -70,7 +79,7 @@ $NetBSD: patch-ar,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
 	}
 #endif /* NAMED_BIND */
 
-@@ -4074,9 +4078,9 @@ host_map_lookup(map, name, av, statp)
+@@ -4076,9 +4082,9 @@ host_map_lookup(map, name, av, statp)
 	}
 #if NAMED_BIND
 	if (map->map_timeout > 0)
@ -82,7 +91,7 @@ $NetBSD: patch-ar,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
 #endif /* NAMED_BIND */
 
 	s->s_namecanon.nc_flags |= NCF_VALID;	/* will be soon */
-@@ -4407,11 +4411,11 @@ hostnamebyanyaddr(sap)
+@@ -4407,11 +4413,11 @@ hostnamebyanyaddr(sap)
 
 # if NAMED_BIND
 	/* shorten name server timeout to avoid higher level timeouts */
@ -99,7 +108,7 @@ $NetBSD: patch-ar,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
 # endif /* NAMED_BIND */
 
 	switch (sap->sa.sa_family)
-@@ -4450,7 +4454,7 @@ hostnamebyanyaddr(sap)
+@@ -4450,7 +4456,7 @@ hostnamebyanyaddr(sap)
 	}
 
 # if NAMED_BIND
--- a/mail/sendmail/patches/patch-aw
+++ b/mail/sendmail/patches/patch-aw
@ -1,6 +1,6 @@
-$NetBSD: patch-aw,v 1.4 2014/12/06 23:22:20 jnemeth Exp $
+$NetBSD: patch-aw,v 1.5 2019/07/15 04:32:49 jnemeth Exp $

--- sendmail/readcf.c.orig	2014-10-22 16:33:53.000000000 +0000
+--- sendmail/readcf.c.orig	2015-06-17 16:51:58.000000000 +0000
 +++ sendmail/readcf.c
@@ -20,6 +20,10 @@ SM_RCSID("@(#)$Id: readcf.c,v 8.692 2013
 # include <arpa/inet.h>
@ -13,7 +13,18 @@ $NetBSD: patch-aw,v 1.4 2014/12/06 23:22:20 jnemeth Exp $
 
 #define SECONDS
 #define MINUTES	* 60
-@@ -2999,13 +3003,13 @@ setoption(opt, val, safe, sticky, e)
+@@ -2910,6 +2914,10 @@ static struct optioninfo
+ #endif
+ #define O_USECOMPRESSEDIPV6ADDRESSES 0xec
+ 	{ "UseCompressedIPv6Addresses",	O_USECOMPRESSEDIPV6ADDRESSES, OI_NONE },
+#ifdef USE_BLACKLIST
+# define O_BLACKLIST	0xf2
+	{ "UseBlacklist",             O_BLACKLIST,    OI_NONE },
+#endif
+ 
+ 	{ NULL,				'\0',		OI_NONE	}
+ };
+@@ -3318,13 +3326,13 @@ setoption(opt, val, safe, sticky, e)
 			if (rfp->rf_name == NULL)
 				syserr("readcf: I option value %s unrecognized", q);
 			else if (clearmode)
@ -30,3 +41,16 @@ $NetBSD: patch-aw,v 1.4 2014/12/06 23:22:20 jnemeth Exp $
 #else /* NAMED_BIND */
 		usrerr("name server (I option) specified but BIND not compiled in");
 #endif /* NAMED_BIND */
+@@ -4540,6 +4548,12 @@ setoption(opt, val, safe, sticky, e)
+ 		UseCompressedIPv6Addresses = atobool(val);
+ 		break;
+ 
+#ifdef USE_BLACKLIST
+	  case O_BLACKLIST:
+		UseBlacklist = atobool(val);
+		break;
+#endif
+
+ 	  default:
+ 		if (tTd(37, 1))
+ 		{
--- a/mail/sendmail/patches/patch-az
+++ b/mail/sendmail/patches/patch-az
@ -1,6 +1,6 @@
-$NetBSD: patch-az,v 1.2 2014/12/06 23:22:20 jnemeth Exp $
+$NetBSD: patch-az,v 1.3 2019/07/15 04:32:49 jnemeth Exp $

--- sendmail/srvrsmtp.c.orig	2014-11-12 03:02:04.000000000 +0000
+--- sendmail/srvrsmtp.c.orig	2015-03-18 11:47:12.000000000 +0000
 +++ sendmail/srvrsmtp.c
@@ -46,6 +46,10 @@ static bool	tls_ok_srv = false;
 static bool	NotFirstDelivery = false;
@ -13,7 +13,53 @@ $NetBSD: patch-az,v 1.2 2014/12/06 23:22:20 jnemeth Exp $
 /* server features */
 #define SRV_NONE	0x0000	/* none... */
 #define SRV_OFFER_TLS	0x0001	/* offer STARTTLS */
-@@ -3983,8 +3987,8 @@ smtp_data(smtp, e)
+@@ -1328,6 +1332,7 @@ smtp(nullserver, d_flags, e)
+ 					  (int) tp.tv_sec +
+ 						(tp.tv_usec >= 500000 ? 1 : 0)
+ 					 );
+				BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, fd, "pre-greeting traffic");
+ 			}
+ 		}
+ 	}
+@@ -1589,7 +1594,12 @@ smtp(nullserver, d_flags, e)
+ 			/* get an OK if we're done */
+ 			if (result == SASL_OK)
+ 			{
+				int fd;
+
+   authenticated:
+				fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
+				BLACKLIST_NOTIFY(BLACKLIST_AUTH_OK, fd, "AUTH OK");
+
+ 				message("235 2.0.0 OK Authenticated");
+ 				authenticating = SASL_IS_AUTH;
+ 				macdefine(&BlankEnvelope.e_macro, A_TEMP,
+@@ -1721,8 +1731,12 @@ smtp(nullserver, d_flags, e)
+ 			}
+ 			else
+ 			{
+				int fd;
+
+ 				/* not SASL_OK or SASL_CONT */
+ 				message("535 5.7.0 authentication failed");
+				fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
+				BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, fd, "AUTH FAIL");
+ 				if (LogLevel > 9)
+ 					sm_syslog(LOG_WARNING, e->e_id,
+ 						  "AUTH failure (%s): %s (%d) %s, relay=%.100s",
+@@ -3523,7 +3537,11 @@ doquit:
+ #if MAXBADCOMMANDS > 0
+ 			if (++n_badcmds > MAXBADCOMMANDS)
+ 			{
+				int fd;
+
+   stopattack:
+				fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
+				BLACKLIST_NOTIFY(BLACKLIST_ABUSIVE_BEHAVIOR, fd, "too many bad commands");
+ 				message("421 4.7.0 %s Too many bad commands; closing connection",
+ 					MyHostName);
+ 
+@@ -3992,8 +4010,8 @@ smtp_data(smtp, e)
 	id = e->e_id;
 
 #if NAMED_BIND
--- a/mail/sendmail/patches/patch-bl
+++ b/mail/sendmail/patches/patch-bl
@ -0,0 +1,62 @@
+# $NetBSD: patch-bl,v 1.1 2019/07/15 04:32:49 jnemeth Exp $
+
+--- sendmail/blacklist.c.orig	2018-01-02 20:16:44 UTC
+++ sendmail/blacklist.c
+@@ -0,0 +1,57 @@
+/*-
+ * Copyright (c) 2016 The FreeBSD Foundation
+ * All rights reserved.
+ *
+ * This software was developed by Kurt Lidl under sponsorship from the
+ * FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE. */
+
+/* $FreeBSD$ */
+
+#ifdef USE_BLACKLIST
+#include <sm/gen.h>
+#include <sendmail.h>	/* for EXTERN UseBlacklist */
+
+#include <blacklist.h>
+#include "blacklist_client.h"
+
+static struct blacklist *blstate;
+
+void
+blacklist_init(void)
+{
+
+	if (UseBlacklist)
+		blstate = blacklist_open();
+}
+
+void
+blacklist_notify(int action, int fd, const char *msg)
+{
+
+	if (blstate == NULL)
+		return;
+	(void)blacklist_r(blstate, action, fd, msg);
+}
+
+#endif /* USE_BLACKLIST */
--- a/mail/sendmail/patches/patch-bm
+++ b/mail/sendmail/patches/patch-bm
@ -0,0 +1,62 @@
+# $Id: patch-bm,v 1.1 2019/07/15 04:32:49 jnemeth Exp $
+
+--- sendmail/blacklist_client.h.orig	2018-01-02 20:16:44 UTC
+++ sendmail/blacklist_client.h
+@@ -0,0 +1,57 @@
+/*-
+ * Copyright (c) 2016 The FreeBSD Foundation
+ * All rights reserved.
+ *
+ * This software was developed by Kurt Lidl under sponsorship from the
+ * FreeBSD Foundation.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE. */
+
+/* $FreeBSD$ */
+
+#ifndef BLACKLIST_CLIENT_H
+#define BLACKLIST_CLIENT_H
+
+#ifndef BLACKLIST_API_ENUM
+enum {
+	BLACKLIST_AUTH_OK = 0,
+	BLACKLIST_AUTH_FAIL,
+	BLACKLIST_ABUSIVE_BEHAVIOR,
+	BLACKLIST_BAD_USER
+};
+#endif
+
+#ifdef USE_BLACKLIST
+void blacklist_init(void);
+void blacklist_notify(int, int, const char *);
+
+#define BLACKLIST_INIT() blacklist_init()
+#define BLACKLIST_NOTIFY(x, y, msg) blacklist_notify(x, y, msg)
+
+#else
+
+#define BLACKLIST_INIT()
+#define BLACKLIST_NOTIFY(x, y, msg)
+
+#endif
+
+#endif /* BLACKLIST_CLIENT_H */
--- a/mail/sendmail/patches/patch-bn
+++ b/mail/sendmail/patches/patch-bn
@ -0,0 +1,16 @@
+$NetBSD: patch-bn,v 1.1 2019/07/15 04:32:49 jnemeth Exp $
+
+--- sendmail/sendmail.8.orig	2014-06-13 14:57:59.000000000 +0000
+++ sendmail/sendmail.8
+@@ -537,6 +537,11 @@ for this amount of time, 
+ failed messages will be returned to the sender.  
+ The default is five days.
+ .TP
+UseBlacklist
+If set, send authentication failure and success notifications to the
+.BR blacklistd (8)
+daemon.
+.TP
+ .RI UserDatabaseSpec= userdatabase
+ If set, a user database is consulted to get forwarding information.
+ You can consider this an adjunct to the aliasing mechanism, 
--- a/mail/sendmail/patches/patch-bo
+++ b/mail/sendmail/patches/patch-bo
@ -0,0 +1,24 @@
+$NetBSD: patch-bo,v 1.1 2019/07/15 04:32:49 jnemeth Exp $
+
+--- sendmail/sendmail.h.orig	2015-06-19 12:59:29.000000000 +0000
+++ sendmail/sendmail.h
+@@ -57,6 +57,8 @@ SM_UNUSED(static char SmailId[]) = "@(#)
+ #endif /* _DEFINE */
+ 
+ #include "bf.h"
+#include <blacklist.h>
+#include "blacklist_client.h"
+ #include "timers.h"
+ #include <sm/exc.h>
+ #include <sm/heap.h>
+@@ -2544,6 +2546,10 @@ EXTERN int ConnectionRateWindowSize;
+ EXTERN bool	SSLEngineInitialized;
+ #endif /* STARTTLS && USE_OPENSSL_ENGINE */
+ 
+#if USE_BLACKLIST
+EXTERN bool    UseBlacklist;
+#endif
+
+ /*
+ **  Declarations of useful functions
+ */