10696600cSBjoern A. Zeeb#!/bin/sh 20696600cSBjoern A. Zeeb# 30696600cSBjoern A. Zeeb# 40696600cSBjoern A. Zeeb 50696600cSBjoern A. Zeeb# PROVIDE: mail 60696600cSBjoern A. Zeeb# REQUIRE: LOGIN FILESYSTEMS 70696600cSBjoern A. Zeeb# KEYWORD: shutdown 88751fbe3SMateusz Piotrowski# 98751fbe3SMateusz Piotrowski# We make mail start late, so that things like .forward's are not processed 108751fbe3SMateusz Piotrowski# until the system is fully operational. 110696600cSBjoern A. Zeeb 120696600cSBjoern A. Zeeb# XXX - Get together with sendmail mantainer to figure out how to 130696600cSBjoern A. Zeeb# better handle SENDMAIL_ENABLE and 3rd party MTAs. 140696600cSBjoern A. Zeeb# 150696600cSBjoern A. Zeeb. /etc/rc.subr 160696600cSBjoern A. Zeeb 170696600cSBjoern A. Zeebname="sendmail" 180696600cSBjoern A. Zeebdesc="Electronic mail transport agent" 190696600cSBjoern A. Zeebrcvar="sendmail_enable" 200696600cSBjoern A. Zeebrequired_files="/etc/mail/${name}.cf" 210696600cSBjoern A. Zeebstart_precmd="sendmail_precmd" 220696600cSBjoern A. Zeeb 23f99f0ee1SAlexander Leidinger: ${sendmail_svcj_options:="net_basic"} 24f99f0ee1SAlexander Leidinger 250696600cSBjoern A. Zeebload_rc_config $name 260696600cSBjoern A. Zeebcommand=${sendmail_program:-/usr/sbin/${name}} 270696600cSBjoern A. Zeebpidfile=${sendmail_pidfile:-/var/run/${name}.pid} 280696600cSBjoern A. Zeebprocname=${sendmail_procname:-/usr/sbin/${name}} 290696600cSBjoern A. Zeeb 300696600cSBjoern A. ZeebCERTDIR=/etc/mail/certs 310696600cSBjoern A. Zeeb 320696600cSBjoern A. Zeebcase ${sendmail_enable} in 330696600cSBjoern A. Zeeb[Nn][Oo][Nn][Ee]) 340696600cSBjoern A. Zeeb sendmail_enable="NO" 350696600cSBjoern A. Zeeb sendmail_submit_enable="NO" 360696600cSBjoern A. Zeeb sendmail_outbound_enable="NO" 370696600cSBjoern A. Zeeb sendmail_msp_queue_enable="NO" 380696600cSBjoern A. Zeeb ;; 390696600cSBjoern A. Zeebesac 400696600cSBjoern A. Zeeb 410696600cSBjoern A. Zeeb# If sendmail_enable=yes, don't need submit or outbound daemon 420696600cSBjoern A. Zeebif checkyesno sendmail_enable; then 430696600cSBjoern A. Zeeb sendmail_submit_enable="NO" 440696600cSBjoern A. Zeeb sendmail_outbound_enable="NO" 45*6b17d944STijl Coosemans _sendmail_run=true 460696600cSBjoern A. Zeebfi 470696600cSBjoern A. Zeeb 480696600cSBjoern A. Zeeb# If sendmail_submit_enable=yes, don't need outbound daemon 490696600cSBjoern A. Zeebif checkyesno sendmail_submit_enable; then 50*6b17d944STijl Coosemans name="sendmail_submit" 51*6b17d944STijl Coosemans rcvar="sendmail_submit_enable" 520696600cSBjoern A. Zeeb sendmail_outbound_enable="NO" 53*6b17d944STijl Coosemans _sendmail_run=true 54*6b17d944STijl Coosemansfi 55*6b17d944STijl Coosemans 56*6b17d944STijl Coosemansif checkyesno sendmail_outbound_enable; then 57*6b17d944STijl Coosemans name="sendmail_outbound" 58*6b17d944STijl Coosemans rcvar="sendmail_outbound_enable" 59*6b17d944STijl Coosemans _sendmail_run=true 60*6b17d944STijl Coosemansfi 61*6b17d944STijl Coosemans 62*6b17d944STijl Coosemansif checkyesno sendmail_msp_queue_enable; then 63*6b17d944STijl Coosemans _sendmail_msp_queue_run=true 64*6b17d944STijl Coosemanselse 65*6b17d944STijl Coosemans # Make sure run_rc_command is called at least once. 66*6b17d944STijl Coosemans _sendmail_run=true 670696600cSBjoern A. Zeebfi 680696600cSBjoern A. Zeeb 690696600cSBjoern A. Zeebsendmail_cert_create() 700696600cSBjoern A. Zeeb{ 710696600cSBjoern A. Zeeb cnname="${sendmail_cert_cn:-`hostname`}" 720696600cSBjoern A. Zeeb cnname="${cnname:-amnesiac}" 730696600cSBjoern A. Zeeb 740696600cSBjoern A. Zeeb # based upon: 750696600cSBjoern A. Zeeb # http://www.sendmail.org/~ca/email/other/cagreg.html 760696600cSBjoern A. Zeeb CAdir=`mktemp -d` && 770696600cSBjoern A. Zeeb certpass=`(date; ps ax ; hostname) | md5 -q` 780696600cSBjoern A. Zeeb 790696600cSBjoern A. Zeeb # make certificate authority 800696600cSBjoern A. Zeeb ( cd "$CAdir" && 810696600cSBjoern A. Zeeb chmod 700 "$CAdir" && 820696600cSBjoern A. Zeeb mkdir certs crl newcerts && 830696600cSBjoern A. Zeeb echo "01" > serial && 840696600cSBjoern A. Zeeb :> index.txt && 850696600cSBjoern A. Zeeb 860696600cSBjoern A. Zeeb cat <<-OPENSSL_CNF > openssl.cnf && 870696600cSBjoern A. Zeeb RANDFILE = $CAdir/.rnd 880696600cSBjoern A. Zeeb [ ca ] 890696600cSBjoern A. Zeeb default_ca = CA_default 900696600cSBjoern A. Zeeb [ CA_default ] 910696600cSBjoern A. Zeeb dir = . 920696600cSBjoern A. Zeeb certs = \$dir/certs # Where the issued certs are kept 930696600cSBjoern A. Zeeb crl_dir = \$dir/crl # Where the issued crl are kept 940696600cSBjoern A. Zeeb database = \$dir/index.txt # database index file. 950696600cSBjoern A. Zeeb new_certs_dir = \$dir/newcerts # default place for new certs. 960696600cSBjoern A. Zeeb certificate = \$dir/cacert.pem # The CA certificate 970696600cSBjoern A. Zeeb serial = \$dir/serial # The current serial number 980696600cSBjoern A. Zeeb crlnumber = \$dir/crlnumber # the current crl number 990696600cSBjoern A. Zeeb crl = \$dir/crl.pem # The current CRL 1000696600cSBjoern A. Zeeb private_key = \$dir/cakey.pem 1010696600cSBjoern A. Zeeb x509_extensions = usr_cert # The extensions to add to the cert 1020696600cSBjoern A. Zeeb name_opt = ca_default # Subject Name options 1030696600cSBjoern A. Zeeb cert_opt = ca_default # Certificate field options 1040696600cSBjoern A. Zeeb default_days = 365 # how long to certify for 1050696600cSBjoern A. Zeeb default_crl_days= 30 # how long before next CRL 1060696600cSBjoern A. Zeeb default_md = default # use public key default MD 1070696600cSBjoern A. Zeeb preserve = no # keep passed DN ordering 1080696600cSBjoern A. Zeeb policy = policy_anything 1090696600cSBjoern A. Zeeb [ policy_anything ] 1100696600cSBjoern A. Zeeb countryName = optional 1110696600cSBjoern A. Zeeb stateOrProvinceName = optional 1120696600cSBjoern A. Zeeb localityName = optional 1130696600cSBjoern A. Zeeb organizationName = optional 1140696600cSBjoern A. Zeeb organizationalUnitName = optional 1150696600cSBjoern A. Zeeb commonName = supplied 1160696600cSBjoern A. Zeeb emailAddress = optional 1170696600cSBjoern A. Zeeb [ req ] 1180696600cSBjoern A. Zeeb default_bits = 2048 1190696600cSBjoern A. Zeeb default_keyfile = privkey.pem 1200696600cSBjoern A. Zeeb distinguished_name = req_distinguished_name 1210696600cSBjoern A. Zeeb attributes = req_attributes 1220696600cSBjoern A. Zeeb x509_extensions = v3_ca # The extensions to add to the self signed cert 1230696600cSBjoern A. Zeeb string_mask = utf8only 1240696600cSBjoern A. Zeeb prompt = no 1250696600cSBjoern A. Zeeb [ req_distinguished_name ] 1260696600cSBjoern A. Zeeb countryName = XX 1270696600cSBjoern A. Zeeb stateOrProvinceName = Some-state 1280696600cSBjoern A. Zeeb localityName = Some-city 1290696600cSBjoern A. Zeeb 0.organizationName = Some-org 1300696600cSBjoern A. Zeeb CN = $cnname 1310696600cSBjoern A. Zeeb [ req_attributes ] 1320696600cSBjoern A. Zeeb challengePassword = foobar 1330696600cSBjoern A. Zeeb unstructuredName = An optional company name 1340696600cSBjoern A. Zeeb [ usr_cert ] 1350696600cSBjoern A. Zeeb basicConstraints=CA:FALSE 1360696600cSBjoern A. Zeeb nsComment = "OpenSSL Generated Certificate" 1370696600cSBjoern A. Zeeb subjectKeyIdentifier=hash 1380696600cSBjoern A. Zeeb authorityKeyIdentifier=keyid,issuer 1390696600cSBjoern A. Zeeb [ v3_req ] 1400696600cSBjoern A. Zeeb basicConstraints = CA:FALSE 1410696600cSBjoern A. Zeeb keyUsage = nonRepudiation, digitalSignature, keyEncipherment 1420696600cSBjoern A. Zeeb [ v3_ca ] 1430696600cSBjoern A. Zeeb subjectKeyIdentifier=hash 1440696600cSBjoern A. Zeeb authorityKeyIdentifier=keyid:always,issuer 1450696600cSBjoern A. Zeeb basicConstraints = CA:true 1460696600cSBjoern A. Zeeb OPENSSL_CNF 1470696600cSBjoern A. Zeeb 1480696600cSBjoern A. Zeeb # though we use a password, the key is discarded and never used 1490696600cSBjoern A. Zeeb openssl req -batch -passout pass:"$certpass" -new -x509 \ 1500696600cSBjoern A. Zeeb -keyout cakey.pem -out cacert.pem -days 3650 \ 1510696600cSBjoern A. Zeeb -config openssl.cnf -newkey rsa:2048 >/dev/null 2>&1 && 1520696600cSBjoern A. Zeeb 1530696600cSBjoern A. Zeeb # make new certificate 1540696600cSBjoern A. Zeeb openssl req -batch -nodes -new -x509 -keyout newkey.pem \ 1550696600cSBjoern A. Zeeb -out newreq.pem -days 365 -config openssl.cnf \ 1560696600cSBjoern A. Zeeb -newkey rsa:2048 >/dev/null 2>&1 && 1570696600cSBjoern A. Zeeb 1580696600cSBjoern A. Zeeb # sign certificate 1590696600cSBjoern A. Zeeb openssl x509 -x509toreq -in newreq.pem -signkey newkey.pem \ 1600696600cSBjoern A. Zeeb -out tmp.pem >/dev/null 2>&1 && 1610696600cSBjoern A. Zeeb openssl ca -notext -config openssl.cnf \ 1620696600cSBjoern A. Zeeb -out newcert.pem -keyfile cakey.pem -cert cacert.pem \ 1630696600cSBjoern A. Zeeb -key "$certpass" -batch -infiles tmp.pem >/dev/null 2>&1 && 1640696600cSBjoern A. Zeeb 1650696600cSBjoern A. Zeeb mkdir -p "$CERTDIR" && 1660696600cSBjoern A. Zeeb chmod 0755 "$CERTDIR" && 1670696600cSBjoern A. Zeeb chmod 644 newcert.pem cacert.pem && 1680696600cSBjoern A. Zeeb chmod 600 newkey.pem && 1690696600cSBjoern A. Zeeb cp -p newcert.pem "$CERTDIR"/host.cert && 1700696600cSBjoern A. Zeeb cp -p cacert.pem "$CERTDIR"/cacert.pem && 1710696600cSBjoern A. Zeeb cp -p newkey.pem "$CERTDIR"/host.key && 1720696600cSBjoern A. Zeeb ln -s cacert.pem "$CERTDIR"/`openssl x509 -hash -noout \ 1730696600cSBjoern A. Zeeb -in cacert.pem`.0) 1740696600cSBjoern A. Zeeb 1750696600cSBjoern A. Zeeb retVal="$?" 1760696600cSBjoern A. Zeeb rm -rf "$CAdir" 1770696600cSBjoern A. Zeeb 1780696600cSBjoern A. Zeeb return "$retVal" 1790696600cSBjoern A. Zeeb} 1800696600cSBjoern A. Zeeb 1810696600cSBjoern A. Zeebsendmail_precmd() 1820696600cSBjoern A. Zeeb{ 1830696600cSBjoern A. Zeeb # check modifications on /etc/mail/aliases 1840696600cSBjoern A. Zeeb if checkyesno sendmail_rebuild_aliases; then 1850696600cSBjoern A. Zeeb if [ -f "/etc/mail/aliases.db" ]; then 1860696600cSBjoern A. Zeeb if [ "/etc/mail/aliases" -nt "/etc/mail/aliases.db" ]; then 1870696600cSBjoern A. Zeeb echo \ 1880696600cSBjoern A. Zeeb "${name}: /etc/mail/aliases newer than /etc/mail/aliases.db, regenerating" 1890696600cSBjoern A. Zeeb /usr/bin/newaliases 1900696600cSBjoern A. Zeeb fi 1910696600cSBjoern A. Zeeb else 1920696600cSBjoern A. Zeeb echo \ 1930696600cSBjoern A. Zeeb "${name}: /etc/mail/aliases.db not present, generating" 1940696600cSBjoern A. Zeeb /usr/bin/newaliases 1950696600cSBjoern A. Zeeb fi 1960696600cSBjoern A. Zeeb fi 1970696600cSBjoern A. Zeeb 1980696600cSBjoern A. Zeeb if checkyesno sendmail_cert_create && [ ! \( \ 1990696600cSBjoern A. Zeeb -f "$CERTDIR/host.cert" -o -f "$CERTDIR/host.key" -o \ 2000696600cSBjoern A. Zeeb -f "$CERTDIR/cacert.pem" \) ]; then 2010696600cSBjoern A. Zeeb if ! openssl version >/dev/null 2>&1; then 2020696600cSBjoern A. Zeeb warn "OpenSSL not available, but sendmail_cert_create is YES." 2030696600cSBjoern A. Zeeb else 2040696600cSBjoern A. Zeeb info Creating certificate for sendmail. 2050696600cSBjoern A. Zeeb sendmail_cert_create 2060696600cSBjoern A. Zeeb fi 2070696600cSBjoern A. Zeeb fi 2080696600cSBjoern A. Zeeb 2090696600cSBjoern A. Zeeb if [ ! -f /var/log/sendmail.st ]; then 2100696600cSBjoern A. Zeeb /usr/bin/install -m 640 -o root -g wheel /dev/null /var/log/sendmail.st 2110696600cSBjoern A. Zeeb fi 2120696600cSBjoern A. Zeeb} 2130696600cSBjoern A. Zeeb 214*6b17d944STijl Coosemansif ${_sendmail_run:-false}; then 2150696600cSBjoern A. Zeeb run_rc_command "$1" 216*6b17d944STijl Coosemansfi 217d2e7bb63SMateusz Piotrowski_ret=$? 2180696600cSBjoern A. Zeeb 219*6b17d944STijl Coosemansif ${_sendmail_msp_queue_run:-false}; then 2200696600cSBjoern A. Zeeb name="sendmail_msp_queue" 2210696600cSBjoern A. Zeeb rcvar="sendmail_msp_queue_enable" 2220696600cSBjoern A. Zeeb pidfile="${sendmail_msp_queue_pidfile:-/var/spool/clientmqueue/sm-client.pid}" 2230696600cSBjoern A. Zeeb required_files="/etc/mail/submit.cf" 2240696600cSBjoern A. Zeeb _rc_restart_done=false 2250696600cSBjoern A. Zeeb run_rc_command "$1" 226d2e7bb63SMateusz Piotrowski _ret=$(( _ret > $? ? _ret : $? )) 227*6b17d944STijl Coosemansfi 228d2e7bb63SMateusz Piotrowski 229d2e7bb63SMateusz Piotrowski(exit "$_ret") 230