Summary: sendmail with LDAP and TLS
Name: sendmail
Version: 8.13.0
Release: 1
Copyright: GPL
Source0: %{name}.%{version}.tar.bz2
URL: http://www.sendmail.org
Group: System Environment/Daemons
Requires: procmail cyrus-sasl openssl openldap db42
BuildRoot: /var/tmp/%{name}-%{version}-root
%description
sendmail

%prep
%setup

%build
cat > devtools/Site/site.config.m4 << EOF
APPENDDEF(\`confENVDEF',\`-DSTARTTLS')
APPENDDEF(\`confENVDEF',\`-DSASL')
APPENDDEF(\`confMAPDEF',\`-DLDAPMAP')
APPENDDEF(\`confINCDIRS',\`-I/usr/include/sasl')
APPENDDEF(\`confLIBS',\`-lsasl2 -lssl -lcrypto -lldap -llber -lldap_r -lpthread')
EOF
cd sendmail
sh Build
cd ../makemap
sh Build
cd ../mailstats
sh Build
cd ../praliases
sh Build
cd ../smrsh
sh Build

%install
mkdir -p "$RPM_BUILD_ROOT"/etc/{rc.d/init.d,pam.d,mail}
mkdir -p "$RPM_BUILD_ROOT"/usr/{bin,sbin,lib/sasl2,share/sendmail}
mkdir -p "$RPM_BUILD_ROOT"/usr/share/man/{man1,man5,man8}
mkdir -p "$RPM_BUILD_ROOT"/var/spool/{mqueue,clientmqueue}
cp -R cf/* "$RPM_BUILD_ROOT"/usr/share/sendmail
cat > "$RPM_BUILD_ROOT"/usr/lib/sasl2/Sendmail.conf << EOF
pwcheck_method:pam
EOF
cat > "$RPM_BUILD_ROOT"/etc/pam.d/smtp << EOF
#%PAM-1.0
auth       required	/lib/security/pam_stack.so service=system-auth
account    required	/lib/security/pam_stack.so service=system-auth
EOF

cat > "$RPM_BUILD_ROOT"/etc/rc.d/init.d/sendmail << EOF
#!/bin/bash
#
# sendmail      This shell script takes care of starting and stopping
#               sendmail.
#
# chkconfig: 2345 80 30
# description: Sendmail is a Mail Transport Agent, which is the program \\
#              that moves mail from one machine to another.
# processname: sendmail
# config: /etc/sendmail.cf
# pidfile: /var/run/sendmail.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Source sendmail configureation.
DAEMON=yes
QUEUE=1h

# Check that networking is up.
[ \${NETWORKING} = "no" ] && exit 0

[ -f /usr/sbin/sendmail ] || exit 0
[ ! -f /etc/mail/sendmail.cf ] && /usr/bin/m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

RETVAL=0
prog="sendmail"

start() {
	# Start daemons.

	echo -n \$"Starting \$prog: "
	/usr/bin/newaliases > /dev/null 2>&1
	if test -x /usr/bin/make -a -f /etc/mail/Makefile ; then
	  make -C /etc/mail -q
	else
	  for i in virtusertable access domaintable mailertable ; do
	    if [ -f /etc/mail/\$i ] ; then
		makemap hash /etc/mail/\$i < /etc/mail/\$i
	    fi
	  done
	fi
	daemon /usr/sbin/sendmail \$([ "\$DAEMON" = yes ] && echo -bd) \\
                                  \$([ -n "\$QUEUE" ] && echo -q\$QUEUE)
	RETVAL=\$?
	echo
	[ \$RETVAL -eq 0 ] && touch /var/lock/subsys/sendmail
	return \$RETVAL
}

stop() {
	# Stop daemons.
	echo -n \$"Shutting down \$prog: "
	killproc sendmail
	RETVAL=\$?
	[ \$RETVAL -eq 0 ] && rm -f /var/lock/subsys/sendmail
	echo
	return \$RETVAL
}

# See how we were called.
case "\$1" in
  start)
	start
	;;
  stop)
	stop
	;;
  restart|reload)
	stop
	start
	RETVAL=\$?
	;;
  condrestart)
	if [ -f /var/lock/subsys/sendmail ]; then
	    stop
	    start
	    RETVAL=\$?
	fi
	;;
  status)
	status sendmail
	RETVAL=\$?
	;;
  *)
	echo \$"Usage: \$0 {start|stop|restart|condrestart|status}"
	exit 1
esac

exit \$RETVAL
EOF

cp obj.*/sendmail/sendmail "$RPM_BUILD_ROOT"/usr/sbin
cp obj.*/sendmail/mailq.1 "$RPM_BUILD_ROOT"/usr/share/man/man1
cp obj.*/sendmail/newaliases.1 "$RPM_BUILD_ROOT"/usr/share/man/man1
cp obj.*/sendmail/aliases.5 "$RPM_BUILD_ROOT"/usr/share/man/man5
cp obj.*/sendmail/sendmail.8 "$RPM_BUILD_ROOT"/usr/share/man/man8

cp obj.*/smrsh/smrsh "$RPM_BUILD_ROOT"/usr/sbin
cp obj.*/smrsh/smrsh.8 "$RPM_BUILD_ROOT"/usr/share/man/man8

cp obj.*/praliases/praliases "$RPM_BUILD_ROOT"/usr/sbin
cp obj.*/praliases/praliases.8 "$RPM_BUILD_ROOT"/usr/share/man/man8

cp obj.*/makemap/makemap "$RPM_BUILD_ROOT"/usr/sbin
cp obj.*/makemap/makemap.8 "$RPM_BUILD_ROOT"/usr/share/man/man8

cp obj.*/mailstats/mailstats "$RPM_BUILD_ROOT"/usr/sbin
cp obj.*/mailstats/mailstats.8 "$RPM_BUILD_ROOT"/usr/share/man/man8

cp sendmail/aliases "$RPM_BUILD_ROOT"/etc/mail
cp sendmail/helpfile "$RPM_BUILD_ROOT"/etc/mail
touch "$RPM_BUILD_ROOT"/etc/mail/statistics
touch "$RPM_BUILD_ROOT"/etc/mail/domaintable
touch "$RPM_BUILD_ROOT"/etc/mail/mailertable
touch "$RPM_BUILD_ROOT"/etc/mail/virtusertable
cp cf/cf/submit.cf "$RPM_BUILD_ROOT"/etc/mail
cat > "$RPM_BUILD_ROOT"/etc/mail/sendmail.mc << EOF
divert(-1)dnl
include(\`/usr/share/sendmail/m4/cf.m4')
VERSIONID(\`Red Hat')
OSTYPE(\`linux')
define(\`confDEF_USER_ID',\`\`8:12'')
define(\`confTRUSTED_USER', \`smmsp')

dnl # Используем внешний mail север
dnl FEATURE(\`nocanonify')
dnl define(\`SMART_HOST',\`smtp.your.provider')

dnl # Приветственный банер
define(\`confSMTP_LOGIN_MSG', \`\$j mail server ready at \$b')

dnl # Используем local-host-names, для приема почты доменов
FEATURE(use_cw_file)

dnl # Используем access_db для клиентов
FEATURE(\`access_db')

dnl # Используем virtusertable для клиентов
FEATURE(\`virtusertable')

dnl # Используем статистику
define(\`STATUS_FILE', \`/etc/mail/statistics')

dnl # Альясы храним в aliases
define(\`ALIAS_FILE', \`/etc/mail/aliases')

dnl # Включаем проверку черного списка
FEATURE(blacklist_recipients)

dnl # Блокируем спам
FEATURE(\`dnsbl', \`sbl.spamhaus.org', \`Spam blocked')
FEATURE(\`dnsbl', \`list.dnsbl.org', \`550 Email rejected')
FEATURE(\`dnsbl', \`relays.ordb.org', \`550 Email rejected')

dnl # Отключаем протоколы кроме SMTP
FEATURE(nouucp, \`reject')
undefine(\`UUCP_RELAY')
undefine(\`BITNET_RELAY')
undefine(\`DECNET_RELAY')

dnl # Запрещаем EXPN, VRFY. Ограничиваем пользователям просмотр и обработку очереди сообщений
dnl # А так же при ошибке не высылаем тело сообщения
define(\`confPRIVACY_FLAGS', \`authwarnings, novrfy, noexpn, needmailhelo, restrictmailq, restrictqrun, nobodyreturn')

dnl # Отвергаем письма не соответствующие почтовым стандартам
define(\`confMAX_HEADERS_LENGTH', \`16384')
define(\`cofMAX_MIME_HEADER_LENGTH', \`256/128')

dnl # Максимальный размер сообщения 5Mb
define(\`confMAX_MESSAGE_SIZE', \`5242880')

dnl # Максимальное число получателей для одного письма 10
define(\`confMAX_RCPTS_PER_MESSAGE', \`10')

dnl # При несуществующем получателе генерируем дополнительный заголовок
define(\`confNO_RCPT_ACTION', \`add-to-undisclosed')

dnl # Сообщения которые не удалось доставить дублируем на postmaster
define(\`confCOPY_ERROR_TO', \`postmaster')

dnl # Не принимаем почту при отсутствии места на диске 1Mb
define(\`confMIN_FREE_BLOCKS', \`1024')

dnl # Количество одновременно максимальных подключений
define(\`confMAX_DAEMON_CHILDREN', \`25')

dnl # Лимит на число допустимых соединений в секунду
define(\`confCONNECTION_RATE_THROTTLE', \`5')

dnl # Русский язык
define(\`confDEF_CHAR_SET', \`koi8-r')
define(\`confSEVEN_BIT_INPUT', False)
define(\`confEIGHT_BIT_HANDLING', \`pass8')

dnl # Обработчик procmail
define(\`PROCMAIL_MAILER_PATH',\`/usr/bin/procmail')
FEATURE(local_procmail,\`',\`procmail -t -Y -a \$h -d \$u')
FEATURE(\`smrsh',\`/usr/sbin/smrsh')

dnl # Определяем порядок авторизации
define(\`confAUTH_OPTIONS', \`A p')
TRUST_AUTH_MECH(\`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')
define(\`confAUTH_MECHANISMS', \`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

dnl # Поддержка SSL/TLS соединений
dnl define(\`confCACERT_PATH',\`/usr/share/ssl/certs')
dnl define(\`confCACERT',\`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(\`confSERVER_CERT',\`/usr/share/ssl/private/sendmail.pem')
dnl define(\`confSERVER_KEY',\`/usr/share/ssl/private/sendmail.pem')

dnl # Поддержка openLDAP
dnl define(\`confLDAP_CLUSTER', `servers')
dnl define(\`confLDAP_DEFAULT_SPEC',\`-w3 -H ldaps:///ldap.domain -b ou=aliases,dc=domain')
dnl define(\`ALIAS_FILE',\`ldap:')
dnl FEATURE(\`access_db',\`LDAP')
dnl FEATURE(\`domaintable',\`LDAP')
dnl FEATURE(\`mailertable',\`LDAP')
dnl FEATURE(\`virtusertable',\`LDAP')

dnl # Время на повторы при ошибках (значения по умолчанию)
dnl define(\`confTO_QUEUEWARN', \`4h')
dnl define(\`confTO_QUEUERETURN', \`5d')
dnl define(\`confQUEUE_LA', \`12')
dnl define(\`confREFUSE_LA', \`18')

dnl # Запрещаем поддержку демона inetd (уменьшаем время подключений на 5 сек)
define(\`confTO_IDENT', \`0')

dnl # Включаем маскардинг доменов
dnl GENERICS_DOMAIN(\`main.mydomain.com')
EXPOSED_USER(\`root', \`Mailer-Daemon')
dnl MASQUERADE_AS(\`mydomain.com')
dnl FEATURE(masquerade_envelope)
dnl FEATURE(allmasquerade)
dnl MASQUERADE_DOMAIN(localhost)
dnl MASQUERADE_DOMAIN(localhost.localdomain)

LOCAL_DOMAIN(\`localhost.localdomain')dnl
FEATURE(\`accept_unresolvable_domains')

dnl # Биндим на локальный интерфейс
DAEMON_OPTIONS(\`Port=smtp, Addr=127.0.0.1, Name=MTA')
dnl DAEMON_OPTIONS(\`Port=smtp, Name=MTA')
dnl DAEMON_OPTIONS(\`Port=submission, Name=MSA, M=Ea')
dnl # Биндим только на SSL
dnl DAEMON_OPTIONS(\`Port=smtps, Name=TLSMTA, M=s')

MAILER(smtp)
MAILER(procmail)

EOF
cat > "$RPM_BUILD_ROOT"/etc/mail/access << EOF
# by default we allow relaying from localhost...
localhost.localdomain		RELAY
localhost			RELAY
127.0.0.1			RELAY
EOF
cat > "$RPM_BUILD_ROOT"/etc/mail/local-host-names << EOF
# local-host-names - include all aliases for your machine here.
EOF
cat > "$RPM_BUILD_ROOT"/etc/mail/trusted-users << EOF
# trusted-users - users that can send mail as others without a warning
# apache, mailman, majordomo, uucp, are good candidates
EOF

ln -s /usr/sbin/sendmail "$RPM_BUILD_ROOT"/usr/bin/hoststat
ln -s /usr/sbin/sendmail "$RPM_BUILD_ROOT"/usr/bin/mailq
ln -s /usr/sbin/sendmail "$RPM_BUILD_ROOT"/usr/bin/newaliases
ln -s /usr/sbin/sendmail "$RPM_BUILD_ROOT"/usr/bin/purgestat

gzip "$RPM_BUILD_ROOT"/usr/share/man/man1/*
gzip "$RPM_BUILD_ROOT"/usr/share/man/man5/*
gzip "$RPM_BUILD_ROOT"/usr/share/man/man8/*

%pre
(grep smmsp /etc/group || groupadd -g 25 smmsp)>/dev/null 2>&1
(grep smmsp /etc/passwd || useradd -u 25 -g smmsp -d /etc/mail -s/bin/false -r smmsp)>/dev/null 2>&1

%post 
chkconfig --level 012345 sendmail off
chkconfig --level 345 sendmail on

%files
%defattr(0664,root,root,0755)

%config(noreplace) %attr(0444,root,root) /etc/mail/helpfile
%config(noreplace) %attr(0600,root,root) /etc/mail/statistics
%config(noreplace) %attr(0644,root,root) /etc/mail/aliases
%config(noreplace) %attr(0644,root,root) /etc/mail/access
%config(noreplace) %attr(0644,root,root) /etc/mail/domaintable
%config(noreplace) %attr(0644,root,root) /etc/mail/mailertable
%config(noreplace) %attr(0644,root,root) /etc/mail/virtusertable
%config(noreplace) %attr(0644,root,root) /etc/mail/local-host-names
%config(noreplace) %attr(0644,root,root) /etc/mail/trusted-users
%config(noreplace) %attr(0644,root,root) /etc/mail/sendmail.mc
%config(noreplace) %attr(0444,root,wheel) /etc/mail/submit.cf

%attr(-,root,root) /usr/bin/*
%attr(2555,root,smmsp) /usr/sbin/sendmail
%attr(0555,bin,bin) /usr/sbin/mailstats
%attr(0555,bin,bin) /usr/sbin/makemap
%attr(0555,bin,bin) /usr/sbin/praliases
%attr(0555,bin,bin) /usr/sbin/smrsh
%attr(0755,root,root) /etc/rc.d/init.d/sendmail
%attr(0644,root,root) /etc/pam.d/smtp
%attr(0644,root,root) /usr/lib/sasl2/Sendmail.conf
%attr(0644,root,root) /usr/share/man/man1/*
%attr(0644,root,root) /usr/share/man/man5/*
%attr(0644,root,root) /usr/share/man/man8/*
%attr(-,root,root) /usr/share/sendmail/*

%dir %attr(0755,root,root) /etc/mail
%dir %attr(0770,smmsp,smmsp) /var/spool/clientmqueue
%dir %attr(0700,root,wheel) /var/spool/mqueue

%doc FAQ INSTALL KNOWNBUGS LICENSE PGPKEYS README RELEASE_NOTES sendmail/SECURITY sendmail/TUNING doc/op/op.me