Browse Source

spamass-milter package update

Signed-off-by: webbuilder_pel7ppc64bebuilder0 <webbuilder@powerel.org>
master
webbuilder_pel7ppc64bebuilder0 6 years ago
parent
commit
8170d3731a
  1. 28
      SOURCES/spamass-milter-0.4.0-auth-no-ssf.patch
  2. 89
      SOURCES/spamass-milter-0.4.0-authuser.patch
  3. 289
      SOURCES/spamass-milter-0.4.0-bits.patch
  4. 110
      SOURCES/spamass-milter-0.4.0-group.patch
  5. 20
      SOURCES/spamass-milter-0.4.0-pathnames.patch
  6. 22
      SOURCES/spamass-milter-0.4.0-rcvd.patch
  7. 28
      SOURCES/spamass-milter-0.4.0-rundir.patch
  8. 4
      SOURCES/spamass-milter-postfix-sysconfig.systemd
  9. 1
      SOURCES/spamass-milter-postfix-tmpfs.conf
  10. 30
      SOURCES/spamass-milter-root.service
  11. 1
      SOURCES/spamass-milter-tmpfs.conf
  12. 39
      SOURCES/spamass-milter.README.Postfix
  13. 29
      SOURCES/spamass-milter.service
  14. 116
      SOURCES/spamass-milter.sysv
  15. 580
      SPECS/spamass-milter.spec

28
SOURCES/spamass-milter-0.4.0-auth-no-ssf.patch

@ -0,0 +1,28 @@ @@ -0,0 +1,28 @@
This change is to help users with Postfix that aren't using the -a option
to not pass mail from authenticated users through SpamAssassin. Postfix,
unlike Sendmail, does not provide the {auth_ssf} macro, so in the case
where mail is from an authenticated user, the modified code can now add
an (authenticated) hint in the dummy Received: header (where Sendmail would
add (authenticated bits=nnn)), and this is scored favourably by SpamAssassin.

http://bugzilla.redhat.com/730308

--- spamass-milter.cpp
+++ spamass-milter.cpp
@@ -1069,9 +1069,14 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
rec_header = (string) "Received: from " + macro_s + " (" + macro__ + ")\r\n\t";
- if (strlen(macro_auth_ssf))
+ if (strlen(macro_auth_authen))
{
- rec_header += (string) "(authenticated bits=" + macro_auth_ssf + ")\r\n\t";
+ rec_header += (string) "(authenticated";
+ if (strlen(macro_auth_ssf))
+ {
+ rec_header += (string) " bits=" + macro_auth_ssf;
+ }
+ rec_header += (string) ")\r\n\t";
}
rec_header += (string) "by " + macro_j + " (" + macro_v + "/" + macro_Z + ") with " +

89
SOURCES/spamass-milter-0.4.0-authuser.patch

@ -0,0 +1,89 @@ @@ -0,0 +1,89 @@
--- spamass-milter.1.in
+++ spamass-milter.1.in
@@ -16,6 +16,7 @@
.Op Fl f
.Op Fl g Ar group
.Op Fl i Ar networks
+.Op Fl I
.Op Fl m
.Op Fl M
.Op Fl P Ar pidfile
@@ -134,6 +135,8 @@ Multiple
flags will append to the list.
For example, if you list all your internal networks, no outgoing emails
will be filtered.
+.It Fl I
+Ignores messages if the sender has authenticated via SMTP AUTH.
.It Fl m
Disables modification of the
.Ql Subject:
--- spamass-milter.cpp
+++ spamass-milter.cpp
@@ -178,6 +178,7 @@ bool flag_full_email = false; /* pass f
bool flag_expand = false; /* alias/virtusertable expansion */
bool warnedmacro = false; /* have we logged that we couldn't fetch a macro? */
bool auth = false; /* don't scan authenticated users */
+bool ignore_authenticated_senders = false; /* authenticated users bypass spam checks */
// {{{ main()
@@ -185,7 +186,7 @@ int
main(int argc, char* argv[])
{
int c, err = 0;
- const char *args = "afd:mMp:P:r:u:D:i:b:B:e:xS:R:C:g:";
+ const char *args = "afd:mMp:P:r:u:D:i:Ib:B:e:xS:R:C:g:";
char *sock = NULL;
char *group = NULL;
bool dofork = false;
@@ -225,6 +226,10 @@ main(int argc, char* argv[])
debug(D_MISC, "Parsing ignore list");
parse_networklist(optarg, &ignorenets);
break;
+ case 'I':
+ debug(D_MISC, "Ignore authenticated senders");
+ ignore_authenticated_senders = true;
+ break;
case 'm':
dontmodifyspam = true;
smfilter.xxfi_flags &= ~SMFIF_CHGBODY;
@@ -301,7 +306,7 @@ main(int argc, char* argv[])
cout << PACKAGE_NAME << " - Version " << PACKAGE_VERSION << endl;
cout << "SpamAssassin Sendmail Milter Plugin" << endl;
cout << "Usage: spamass-milter -p socket [-b|-B bucket] [-d xx[,yy...]] [-D host]" << endl;
- cout << " [-e defaultdomain] [-f] [-i networks] [-m] [-M]" << endl;
+ cout << " [-e defaultdomain] [-f] [-i networks] [-I] [-m] [-M]" << endl;
cout << " [-P pidfile] [-r nn] [-u defaultuser] [-x] [-a]" << endl;
cout << " [-C rejectcode] [-R rejectmsg] [-g group]" << endl;
cout << " [-- spamc args ]" << endl;
@@ -318,6 +323,7 @@ main(int argc, char* argv[])
cout << " -g group: socket group (perms to 660 as well)" << endl;
cout << " -i: skip (ignore) checks from these IPs or netblocks" << endl;
cout << " example: -i 192.168.12.5,10.0.0.0/8,172.16.0.0/255.255.0.0" << endl;
+ cout << " -I: skip (ignore) checks if sender is authenticated" << endl;
cout << " -m: don't modify body, Content-type: or Subject:" << endl;
cout << " -M: don't modify the message at all" << endl;
cout << " -P pidfile: Put processid in pidfile" << endl;
@@ -850,6 +856,22 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
return SMFIS_ACCEPT;
}
}
+
+ if (ignore_authenticated_senders)
+ {
+ char *auth_authen;
+
+ auth_authen = smfi_getsymval(ctx, const_cast<char *>("{auth_authen}"));
+ debug(D_MISC, "auth_authen=%s", auth_authen ?: "<unauthenticated>");
+
+ if (auth_authen)
+ {
+ debug(D_MISC, "sender authenticated (%s) - accepting message",
+ auth_authen);
+ debug(D_FUNC, "mlfi_envfrom: exit ignore");
+ return SMFIS_ACCEPT;
+ }
+ }
debug(D_FUNC, "mlfi_envfrom: enter");
try {

289
SOURCES/spamass-milter-0.4.0-bits.patch

@ -0,0 +1,289 @@ @@ -0,0 +1,289 @@
Add authenticated bits information into the dummy generated
Received-header for SpamAssassin to facilitate adding a rule
to score mail from authenticated clients.

Discussion:
http://bugzilla.redhat.com/496769
http://www.gossamer-threads.com/lists/spamassassin/users/146948

This patch also moves some of the macro collection to the
ENVFROM callback, where the required macros are available by default.

--- README
+++ README
@@ -55,16 +55,28 @@ configuring sendmail through m4 & the se
adding the lines
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/sendmail/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
-define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl
-define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl
-define(`confMILTER_MACROS_ENVFROM',`{auth_authen}, {auth_type}')dnl
-define(`confMILTER_MACROS_ENVRCPT',`r, v, Z')dnl
+define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`, b, r, v, Z')dnl
+
should do the trick. Of course you need to modify the path of the
socket if you put another one into the startup script. The timeouts
have been increased somewhat because SpamAssassin may chew on it for a
little while on a slow machine.
+If you are using multiple milter mail filters on your mail server, you may
+have overridden the default values of some of the confMILTER_MACROS_*
+macros whilst configuring the other filters. You need to ensure that at
+least the following values are present:
+
+confMILTER_MACROS_CONNECT must include the {j} and {_} macros
+(all included by default)
+
+confMILTER_MACROS_ENVFROM must include the {i}, {auth_authen}, {auth_ssf}
+and {auth_type} macros (all included by default)
+
+confMILTER_MACROS_ENVRCPT must include the {b}, {r}, {v}, and {Z} macros
+
+
Now recreate sendmail.cf, restart sendmail and experiment around a bit
with the setup to make sure it is working.
--- spamass-milter.cpp
+++ spamass-milter.cpp
@@ -702,6 +702,7 @@ sfsistat
mlfi_connect(SMFICTX * ctx, char *hostname, _SOCK_ADDR * hostaddr)
{
struct context *sctx;
+ const char *macro_j, *macro__;
int rv;
debug(D_FUNC, "mlfi_connect: enter");
@@ -726,8 +727,31 @@ mlfi_connect(SMFICTX * ctx, char *hostna
}
sctx->assassin = NULL;
sctx->helo = NULL;
-
- /* store a pointer to it with setpriv */
+ sctx->our_fqdn = NULL;
+ sctx->sender_address = NULL;
+ sctx->queueid = NULL;
+ sctx->auth_authen = NULL;
+ sctx->auth_ssf = NULL;
+
+ /* store our FQDN */
+ macro_j = smfi_getsymval(ctx, const_cast<char *>("j"));
+ if (!macro_j)
+ {
+ macro_j = "localhost";
+ warnmacro("j", "CONNECT");
+ }
+ sctx->our_fqdn = strdup(macro_j);
+
+ /* store the validated sending site's address */
+ macro__ = smfi_getsymval(ctx, const_cast<char *>("_"));
+ if (!macro__)
+ {
+ macro__ = "unknown";
+ warnmacro("_", "CONNECT");
+ }
+ sctx->sender_address = strdup(macro__);
+
+ /* store a pointer to our private data with setpriv */
rv = smfi_setpriv(ctx, sctx);
if (rv != MI_SUCCESS)
{
@@ -778,7 +802,7 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
{
SpamAssassin* assassin;
struct context *sctx = (struct context *)smfi_getpriv(ctx);
- const char *queueid;
+ const char *queueid, *macro_auth_ssf, *macro_auth_authen;
if (sctx == NULL)
{
@@ -814,17 +838,44 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
// remember the MAIL FROM address
assassin->set_from(string(envfrom[0]));
-
+
+ // remember the queueid for this message
queueid=smfi_getsymval(ctx, const_cast<char *>("i"));
if (!queueid)
{
queueid="unknown";
warnmacro("i", "ENVFROM");
}
- assassin->queueid = queueid;
-
+ sctx->queueid = strdup(queueid);
debug(D_MISC, "queueid=%s", queueid);
+ // remember the SMTP AUTH login name
+ macro_auth_authen = smfi_getsymval(ctx, const_cast<char *>("{auth_authen}"));
+ if (!macro_auth_authen)
+ {
+ macro_auth_authen = "";
+ // Don't issue a warning for the auth_authen macro as
+ // it is likely to be unset much of the time - it's
+ // only set if the client has authenticated.
+ //
+ // Similarly, we only issue warnings for the other
+ // auth-related macros if {auth_authen) is available.
+ //
+ // warnmacro("auth_authen", "ENVFROM");
+ }
+ sctx->auth_authen = strdup(macro_auth_authen);
+
+ // remember the SASL cipher bits
+ macro_auth_ssf = smfi_getsymval(ctx, const_cast<char *>("{auth_ssf}"));
+ if (!macro_auth_ssf)
+ {
+ macro_auth_ssf = "";
+ if (strlen(macro_auth_authen)) {
+ warnmacro("auth_ssf", "ENVFROM");
+ }
+ }
+ sctx->auth_ssf = strdup(macro_auth_ssf);
+
// tell Milter to continue
debug(D_FUNC, "mlfi_envfrom: exit");
@@ -918,7 +969,8 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
*/
const char *macro_b, *macro_i, *macro_j, *macro_r,
- *macro_s, *macro_v, *macro_Z, *macro__;
+ *macro_s, *macro_v, *macro_Z, *macro__,
+ *macro_auth_ssf, *macro_auth_authen;
char date[32];
/* RFC 822 date. */
@@ -933,20 +985,13 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
}
/* queue ID */
- macro_i = smfi_getsymval(ctx, const_cast<char *>("i"));
- if (!macro_i)
- {
- macro_i = "unknown";
- warnmacro("i", "ENVRCPT");
- }
+ macro_i = sctx->queueid;
- /* FQDN of this site */
- macro_j = smfi_getsymval(ctx, const_cast<char *>("j"));
- if (!macro_j)
- {
- macro_j = "localhost";
- warnmacro("j", "ENVRCPT");
- }
+ /* FQDN */
+ macro_j = sctx->our_fqdn;
+
+ /* Sender address */
+ macro__ = sctx->sender_address;
/* Protocol used to receive the message */
macro_r = smfi_getsymval(ctx, const_cast<char *>("r"));
@@ -955,7 +1000,11 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
macro_r = "SMTP";
warnmacro("r", "ENVRCPT");
}
-
+
+ /* SMTP AUTH details */
+ macro_auth_authen = sctx->auth_authen;
+ macro_auth_ssf = sctx->auth_ssf;
+
/* Sendmail currently cannot pass us the {s} macro, but
I do not know why. Leave this in for the day sendmail is
fixed. Until that day, use the value remembered by
@@ -983,22 +1032,25 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
warnmacro("Z", "ENVRCPT");
}
- /* Validated sending site's address */
- macro__ = smfi_getsymval(ctx, const_cast<char *>("_"));
- if (!macro__)
+ assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n");
+ assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
+
+ string rec_header;
+
+ rec_header = (string) "Received: from " + macro_s + " (" + macro__ + ")\r\n\t";
+
+ if (strlen(macro_auth_ssf))
{
- macro__ = "unknown";
- warnmacro("_", "ENVRCPT");
+ rec_header += (string) "(authenticated bits=" + macro_auth_ssf + ")\r\n\t";
}
- assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n");
- assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
+ rec_header += (string) "by " + macro_j + " (" + macro_v + "/" + macro_Z + ") with " +
+ macro_r + " id " + macro_i + ";\r\n\t" +
+ macro_b + "\r\n\t" +
+ "(envelope-from " + assassin->from() + ")\r\n";
- assassin->output((string)
- "Received: from "+macro_s+" ("+macro__+")\r\n\t"+
- "by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+
- macro_b+"\r\n\t"+
- "(envelope-from "+assassin->from()+")\r\n");
+ debug(D_SPAMC, "Received header for spamc: %s", rec_header.c_str());
+ assassin->output(rec_header);
} else
assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
@@ -1244,16 +1296,27 @@ mlfi_close(SMFICTX* ctx)
{
struct context *sctx;
debug(D_FUNC, "mlfi_close");
-
+
sctx = (struct context*)smfi_getpriv(ctx);
if (sctx == NULL)
return SMFIS_ACCEPT;
if (sctx->helo)
free(sctx->helo);
+ if (sctx->our_fqdn)
+ free(sctx->our_fqdn);
+ if (sctx->sender_address)
+ free(sctx->sender_address);
+ if (sctx->queueid)
+ free(sctx->queueid);
+ if (sctx->auth_authen)
+ free(sctx->auth_authen);
+ if (sctx->auth_ssf)
+ free(sctx->auth_ssf);
+
free(sctx);
smfi_setpriv(ctx, NULL);
-
+
return SMFIS_ACCEPT;
}
--- spamass-milter.h
+++ spamass-milter.h
@@ -168,9 +168,6 @@ public:
// List of recipients after alias/virtusertable expansion
list <string> expandedrcpt;
- // the sendmail queue id for this message; used for logging
- string queueid;
-
// Process handling variables
pid_t pid;
int pipe_io[2][2];
@@ -181,6 +178,11 @@ struct context
{
char connect_ip[64]; // remote IP address
char *helo;
+ char *our_fqdn;
+ char *sender_address;
+ char *queueid;
+ char *auth_authen;
+ char *auth_ssf;
SpamAssassin *assassin; // pointer to the SA object if we're processing a message
};

110
SOURCES/spamass-milter-0.4.0-group.patch

@ -0,0 +1,110 @@ @@ -0,0 +1,110 @@
Add option -g group to have the milter create a group-writeable socket
for communication with the MTA and set the GID of the socket to the
specified group. This makes it possible to use the milter via a
unix-domain socket with Postfix as the MTA (Postfix doesn't run as
root and would otherwise be unable to use the socket).

http://bugzilla.redhat.com/452248

--- spamass-milter.1.in
+++ spamass-milter.1.in
@@ -14,6 +14,7 @@
.Op Fl D Ar host
.Op Fl e Ar defaultdomain
.Op Fl f
+.Op Fl g Ar group
.Op Fl i Ar networks
.Op Fl m
.Op Fl M
@@ -115,6 +116,12 @@ flag.
Causes
.Nm
to fork into the background.
+.It Fl g Ar group
+Makes the socket for communication with the MTA group-writable (mode 0750)
+and sets the socket's group to
+.Ar group .
+This option is intended for use with MTA's like Postfix that do not run as
+root, and is incompatible with Sendmail usage.
.It Fl i Ar networks
Ignores messages if the originating IP is in the network(s) listed.
The message will be passed through without calling SpamAssassin at all.
--- spamass-milter.cpp
+++ spamass-milter.cpp
@@ -89,6 +89,7 @@
#endif
#include <errno.h>
#include <netdb.h>
+#include <grp.h>
// C++ includes
#include <cstdio>
@@ -184,8 +185,9 @@ int
main(int argc, char* argv[])
{
int c, err = 0;
- const char *args = "afd:mMp:P:r:u:D:i:b:B:e:xS:R:C:";
+ const char *args = "afd:mMp:P:r:u:D:i:b:B:e:xS:R:C:g:";
char *sock = NULL;
+ char *group = NULL;
bool dofork = false;
char *pidfilename = NULL;
FILE *pidfile = NULL;
@@ -206,6 +208,9 @@ main(int argc, char* argv[])
case 'f':
dofork = true;
break;
+ case 'g':
+ group = strdup(optarg);
+ break;
case 'd':
parse_debuglevel(optarg);
break;
@@ -298,7 +303,7 @@ main(int argc, char* argv[])
cout << "Usage: spamass-milter -p socket [-b|-B bucket] [-d xx[,yy...]] [-D host]" << endl;
cout << " [-e defaultdomain] [-f] [-i networks] [-m] [-M]" << endl;
cout << " [-P pidfile] [-r nn] [-u defaultuser] [-x] [-a]" << endl;
- cout << " [-C rejectcode] [ -R rejectmsg ]" << endl;
+ cout << " [-C rejectcode] [-R rejectmsg] [-g group]" << endl;
cout << " [-- spamc args ]" << endl;
cout << " -p socket: path to create socket" << endl;
cout << " -b bucket: redirect spam to this mail address. The orignal" << endl;
@@ -310,6 +315,7 @@ main(int argc, char* argv[])
cout << " -e defaultdomain: pass full email address to spamc instead of just\n"
" username. Uses 'defaultdomain' if there was none" << endl;
cout << " -f: fork into background" << endl;
+ cout << " -g group: socket group (perms to 660 as well)" << endl;
cout << " -i: skip (ignore) checks from these IPs or netblocks" << endl;
cout << " example: -i 192.168.12.5,10.0.0.0/8,172.16.0.0/255.255.0.0" << endl;
cout << " -m: don't modify body, Content-type: or Subject:" << endl;
@@ -378,6 +384,30 @@ main(int argc, char* argv[])
} else {
debug(D_MISC, "smfi_register succeeded");
}
+
+ if (group)
+ {
+ struct group *gr;
+
+ (void) smfi_opensocket(0);
+ gr = getgrnam(group);
+ if (gr)
+ {
+ int rc;
+ rc = chown(sock, (uid_t)-1, gr->gr_gid);
+ if (!rc)
+ {
+ (void) chmod(sock, 0660);
+ } else {
+ perror("group option, chown");
+ exit(EX_NOPERM);
+ }
+ } else {
+ perror("group option, getgrnam");
+ exit(EX_NOUSER);
+ }
+ }
+
debug(D_ALWAYS, "spamass-milter %s starting", PACKAGE_VERSION);
err = smfi_main();
debug(D_ALWAYS, "spamass-milter %s exiting", PACKAGE_VERSION);

20
SOURCES/spamass-milter-0.4.0-pathnames.patch

@ -0,0 +1,20 @@ @@ -0,0 +1,20 @@
--- README
+++ README
@@ -42,7 +42,7 @@ put the spamass-milter binary and set th
you want to use. YOU WILL MOST LIKELY HAVE TO EDIT THE VARIABLES ON
TOP OF THIS FILE.
-Then start the daemon via /etc/init.d/spamass-milter start and make
+Then start the daemon via /etc/rc.d/init.d/spamass-milter start and make
sure it didn't crash/terminate immediately. If it does, there should
usually be syslog output.
@@ -54,7 +54,7 @@ Now you need to make sendmail use the pl
configuring sendmail through m4 & the sendmail.mc files. In this case
adding the lines
-INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/sendmail/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
+INPUT_MAIL_FILTER(`spamassassin', `S=unix:/var/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`, b, r, v, Z')dnl

22
SOURCES/spamass-milter-0.4.0-rcvd.patch

@ -0,0 +1,22 @@ @@ -0,0 +1,22 @@
The code in spamass-milter.cpp that tries to create a
Sendmail-compatible header was broken and generated a header
that was incorrectly parsed by SpamAssassin.

This is mostly fixed now apart from the space that needs
adding prior to the "(" between macro_j and macro_v.

https://savannah.nongnu.org/bugs/index.php?17178
http://bugs.debian.org/510665
http://bugzilla.redhat.com/496763

--- spamass-milter.cpp
+++ spamass-milter.cpp
@@ -996,7 +996,7 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
assassin->output((string)
"Received: from "+macro_s+" ("+macro__+")\r\n\t"+
- "by "+macro_j+"("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+
+ "by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+
macro_b+"\r\n\t"+
"(envelope-from "+assassin->from()+")\r\n");

28
SOURCES/spamass-milter-0.4.0-rundir.patch

@ -0,0 +1,28 @@ @@ -0,0 +1,28 @@
--- README.Postfix
+++ README.Postfix
@@ -2,12 +2,12 @@ Installing the spamass-milter-postfix pa
of spamass-milter to be more Postfix-friendly, i.e.:
The Unix-domain socket used for MTA communication is changed to
- /var/run/spamass-milter/postfix/sock, and that socket is
+ /run/spamass-milter/postfix/sock, and that socket is
writable by the postfix group.
To configure Postfix to use the milter, add to /etc/postfix/main.cf:
- smtpd_milters = unix:/var/run/spamass-milter/postfix/sock
+ smtpd_milters = unix:/run/spamass-milter/postfix/sock
In addition:
--- README
+++ README
@@ -54,7 +54,7 @@ Now you need to make sendmail use the pl
configuring sendmail through m4 & the sendmail.mc files. In this case
adding the lines
-INPUT_MAIL_FILTER(`spamassassin', `S=unix:/var/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
+INPUT_MAIL_FILTER(`spamassassin', `S=unix:/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`, b, r, v, Z')dnl

4
SOURCES/spamass-milter-postfix-sysconfig.systemd

@ -0,0 +1,4 @@ @@ -0,0 +1,4 @@
# For Postfix support, use a postfix-group-writable socket
# for communication with the MTA
SOCKET="/run/spamass-milter/postfix/sock"
SOCKET_OPTIONS="-g postfix"

1
SOURCES/spamass-milter-postfix-tmpfs.conf

@ -0,0 +1 @@ @@ -0,0 +1 @@
d /run/spamass-milter/postfix 750 sa-milt postfix

30
SOURCES/spamass-milter-root.service

@ -0,0 +1,30 @@ @@ -0,0 +1,30 @@
# Note: this unit file runs spamass-milter as the privileged user root,
# which is necessary for using the milter's -x option for performing
# virtusertable and alias expansion. If you are not using the -x option,
# there is no need for the milter to run as root and it is best not to do so,
# using the spamass-milter.service unit instead of this one.

[Unit]
Description = Mail filter for SpamAssassin
Wants = spamassassin.service
After = syslog.target
After = local-fs.target
After = network.target
After = spamassassin.service
Before = sendmail.service
Before = postfix.service
Conflicts = spamass-milter.service

[Service]
Type = simple
UMask = 0022
Environment = SOCKET=/run/spamass-milter/spamass-milter.sock SOCKET_OPTIONS= EXTRA_FLAGS=
EnvironmentFile = -/etc/sysconfig/spamass-milter
EnvironmentFile = -/etc/sysconfig/spamass-milter-postfix
ExecStartPre = /bin/chown -R root /run/spamass-milter
ExecStart = /usr/sbin/spamass-milter $SOCKET_OPTIONS -p $SOCKET $EXTRA_FLAGS
ExecStopPost = /bin/chown -R sa-milt /run/spamass-milter

[Install]
WantedBy = multi-user.target

1
SOURCES/spamass-milter-tmpfs.conf

@ -0,0 +1 @@ @@ -0,0 +1 @@
d /run/spamass-milter 711 sa-milt sa-milt

39
SOURCES/spamass-milter.README.Postfix

@ -0,0 +1,39 @@ @@ -0,0 +1,39 @@
Installing the spamass-milter-postfix package changes the default behaviour
of spamass-milter to be more Postfix-friendly, i.e.:

The Unix-domain socket used for MTA communication is changed to
/var/run/spamass-milter/postfix/sock, and that socket is
writable by the postfix group.

To configure Postfix to use the milter, add to /etc/postfix/main.cf:

smtpd_milters = unix:/var/run/spamass-milter/postfix/sock

In addition:

milter_connect_macros must include the j and _ macros
milter_rcpt_macros must include the b, r, v, and Z macros

Most of these are present by default and shouldn't need explicitly setting,
except for the _ macro in milter_connect_macros. You can use:

postconf -d milter_connect_macros

to find the current setting, and add _ to the returned value, e.g.

milter_connect_macros = j {daemon_name} v _

Note that Postfix users will see the following warning logged at the time of
the first connection to the milter:

Could not retrieve sendmail macro "i"!. Please add it to
confMILTER_MACROS_ENVFROM for better spamassassin results

This is a consequence of different design decisions between Postfix and
Sendmail (which spamass-milter is written for), where Postfix does not assign
a Queue ID to an incoming message until later in an SMTP transaction compared
with Sendmail. The milter wants to use the information before Postfix can
provide it, hence the message. It is harmless and can be ignored.

For further information, see:
http://www.postfix.org/MILTER_README.html

29
SOURCES/spamass-milter.service

@ -0,0 +1,29 @@ @@ -0,0 +1,29 @@
# Note: this unit file runs spamass-milter as the unprivileged user sa-milt,
# which is not compatible with the milter's -x option for performing
# virtusertable and alias expansion. If you are not using the -x option,
# there is no need for the milter to run as root and it is best not to do so.
# However, if you are using the -x option, you will need to run the milter as
# root and should use the spamass-milter-root.service unit instead of this one.

[Unit]
Description = Mail filter for SpamAssassin
Wants = spamassassin.service
After = syslog.target
After = local-fs.target
After = network.target
After = spamassassin.service
Before = sendmail.service
Before = postfix.service
Conflicts = spamass-milter-root.service

[Service]
Type = simple
UMask = 0022
Environment = SOCKET=/run/spamass-milter/spamass-milter.sock SOCKET_OPTIONS= EXTRA_FLAGS=
EnvironmentFile = -/etc/sysconfig/spamass-milter
EnvironmentFile = -/etc/sysconfig/spamass-milter-postfix
User = sa-milt
ExecStart = /usr/sbin/spamass-milter $SOCKET_OPTIONS -p $SOCKET $EXTRA_FLAGS

[Install]
WantedBy = multi-user.target

116
SOURCES/spamass-milter.sysv

@ -0,0 +1,116 @@ @@ -0,0 +1,116 @@
#!/bin/bash
#
# Init file for SpamAssassin sendmail milter.
#
# chkconfig: - 79 21
# description: spamass-milter is a daemon that hooks into sendmail and \
# routes email messages to spamassassin
#
# processname: spamass-milter
# config: /etc/sysconfig/spamass-milter
# pidfile: /var/run/spamass-milter.pid

### BEGIN INIT INFO
# Provides: spamass-milter
# Required-Start: $local_fs $network $syslog $named
# Required-Stop: $local_fs $network $syslog $named
# Default-Stop: 0 1 6
# Should-Start: spamd spamassassin
# Should-Stop: spamd spamassassin
# Short-Description: Start or stop SpamAssassin Milter
# Description: Spamass-milter is an add-on to sendmail that can route mail \
# messages through SpamAssassin and mark or reject mail deemed \
# to be spam
### END INIT INFO

# Default variables
PATH=/sbin:/bin:/usr/sbin:/usr/bin
RUN_AS_USER=sa-milt
SOCKET="/var/run/spamass-milter/spamass-milter.sock"
SOCKET_OPTIONS=""
EXTRA_FLAGS=""
SYSCONFIG="/etc/sysconfig/spamass-milter"

# If Postfix support package is installed, use a postfix-group-writable
# socket for communication with the MTA
if [ -d /var/run/spamass-milter/postfix ]; then
SOCKET="/var/run/spamass-milter/postfix/sock"
SOCKET_OPTIONS="-g postfix"
fi

# Read configuration
source /etc/rc.d/init.d/functions
for configfile in /etc/sysconfig/network "${SYSCONFIG}"; do
[ -r "${configfile}" ] && source "${configfile}"
done

[ -x /usr/sbin/spamass-milter ] || exit 5

RETVAL=0
prog="spamass-milter"
desc="SpamAssassin milter"
pidfile=/var/run/spamass-milter.pid

# Fix ownership of socket directory if necessary
chown ${RUN_AS_USER} /var/run/spamass-milter

start() {
echo -n $"Starting ${desc} (${prog}): "
touch ${pidfile}
chown ${RUN_AS_USER} ${pidfile}
[ -x /sbin/restorecon ] && /sbin/restorecon ${pidfile}
daemon --user ${RUN_AS_USER} /usr/sbin/${prog} ${SOCKET_OPTIONS} -p ${SOCKET} -P ${pidfile} -f ${EXTRA_FLAGS}
RETVAL=$?
echo
if [ ${RETVAL} -eq 0 ]; then
touch /var/lock/subsys/spamass-milter
return 0
else
return 1
fi
}

stop() {
echo -n $"Shutting down ${desc} (${prog}): "
rm -f /var/lock/subsys/spamass-milter
killproc ${prog}
RETVAL=$?
echo
if [ ${RETVAL} -eq 0 ]; then
rm -f ${pidfile}
return 0
else
return 1
fi
}

case "$1" in
start)
start
;;
stop)
stop
;;
restart|force-reload)
if [ "x`pidof spamass-milter`" != x ]; then
stop
sleep 2
fi
start
;;
condrestart|try-restart)
if [ -e /var/lock/subsys/spamass-milter ]; then
stop
sleep 2
start
else
exit 0
fi
;;
status)
status ${prog}
;;
*)
echo $"Usage: $0 {start|stop|restart|try-restart|force-reload|status}"
exit 2
esac

580
SPECS/spamass-milter.spec

@ -0,0 +1,580 @@ @@ -0,0 +1,580 @@
# This package uses systemd init from Fedora 16, but can use it for
# Fedora 15 if built using --with systemd
%if !((0%{?rhel} && 0%{?rhel} <= 6) || (0%{?fedora} && 0%{?fedora} <= 15))
%global _with_systemd --with-systemd
%endif
%global use_systemd %{!?_with_systemd:0}%{?_with_systemd:1}

# The runtime directory is on tmpfs from Fedora 15 regardless of whether or not we're using systemd init
%if (0%{?rhel} && 0%{?rhel} <= 6) || (0%{?fedora} && 0%{?fedora} <= 14)
%global rundir %{_localstatedir}/run
%global rundir_tmpfs 0
%else
%global rundir /run
%global rundir_tmpfs 1
%endif

# systemd-units merged into systemd at Fedora 17
%if (0%{?fedora} && 0%{?fedora} <= 16)
%global systemd_units systemd-units
%else
%global systemd_units systemd
%endif

# Support systemd presets and drop support for SysV migration from Fedora 18, RHEL 7
%if (0%{?rhel} && 0%{?rhel} <= 6) || (0%{?fedora} && 0%{?fedora} <= 17)
%global preset_support 0
%global sysv_to_systemd %{use_systemd}
# Flag file for SysV-to-systemd migration
%global migrfile /run/%{name}-%{version}-%{release}-%{_arch}.systemd-migration
# This macro not defined until Fedora 18
%global _tmpfilesdir %{_prefix}/lib/tmpfiles.d
%else
%global preset_support 1
%global sysv_to_systemd 0
%endif

# Milter header files package name
%if (0%{?rhel} && 0%{?rhel} <= 7) || (0%{?fedora} && 0%{?fedora} <= 25)
%global milter_devel_package sendmail-devel
%else
%global milter_devel_package sendmail-milter-devel
%endif

# Do a hardened build where possible
%global _hardened_build 1

Summary: Milter (mail filter) for spamassassin
Name: spamass-milter
Version: 0.4.0
Release: 14%{?dist}
License: GPLv2+
URL: http://savannah.nongnu.org/projects/spamass-milt/
Source0: http://savannah.nongnu.org/download/spamass-milt/spamass-milter-%{version}.tar.gz
Source1: spamass-milter.README.Postfix
Source2: spamass-milter-tmpfs.conf
Source3: spamass-milter-postfix-tmpfs.conf
# SysV init
Source10: spamass-milter.sysv
Source11: spamass-milter-sysconfig.sysv
# systemd
Source20: spamass-milter.service
Source21: spamass-milter-root.service
Source22: spamass-milter-sysconfig.systemd
Source23: spamass-milter-postfix-sysconfig.systemd
# Patches submitted upstream:
# http://savannah.nongnu.org/bugs/?29326
Patch2: spamass-milter-0.4.0-authuser.patch
Patch3: spamass-milter-0.4.0-rcvd.patch
Patch4: spamass-milter-0.4.0-bits.patch
Patch5: spamass-milter-0.4.0-group.patch
# Patches not yet submitted upstream
Patch8: spamass-milter-0.4.0-auth-no-ssf.patch
# Fedora-specific patches
Patch10: spamass-milter-0.4.0-pathnames.patch
Patch11: spamass-milter-0.4.0-rundir.patch
BuildRequires: coreutils
BuildRequires: gcc-c++
BuildRequires: make
BuildRequires: %milter_devel_package
BuildRequires: spamassassin
Requires: spamassassin, /usr/sbin/sendmail
%if %{rundir_tmpfs}
# Needed for ownership of %%{_tmpfilesdir}
Requires: %{systemd_units}
%endif

Requires(pre): glibc-common, shadow-utils
%if %{sysv_to_systemd}
Requires(pre): chkconfig, coreutils, systemd-sysv
%endif
%if %{use_systemd}
BuildRequires: %{systemd_units}
Requires(post): coreutils, %{systemd_units}
Requires(preun): %{systemd_units}
Requires(postun): %{systemd_units}
%else
Requires(post): chkconfig
Requires(preun): chkconfig, initscripts
Requires(postun): initscripts
%endif

%description
A milter (Mail Filter) application that pipes incoming mail (including things
received by rmail/UUCP) through SpamAssassin, a highly customizable spam
filter. A milter-compatible MTA such as Sendmail or Postfix is required.

%package postfix
Summary: Postfix support for spamass-milter
Requires: %{name} = %{version}-%{release}
Requires(pre): postfix
Requires(post): shadow-utils, %{name} = %{version}-%{release}
BuildArch: noarch

%description postfix
This package adds support for running spamass-milter using a Unix-domain
socket to communicate with the Postfix MTA.

%prep
%setup -q

# Copy in general support files
cp -p %{SOURCE1} README.Postfix
cp -p %{SOURCE2} spamass-milter-tmpfs.conf
cp -p %{SOURCE3} spamass-milter-postfix-tmpfs.conf

# Fix Received-header generation (#496763)
%patch3 -b .rcvd

# Add authentication info to dummy Received-header (#496769)
%patch4 -b .bits

# Add -g option for group-writable socket for Postfix support (#452248)
%patch5 -b .group

# Help for users authenticating to Postfix (#730308)
%patch8 -b .postfix-auth

# Local patch for initscript and socket paths
%patch10 -b .pathnames

# Add -I option to ignore (don't check) mail from authenticated users
# (#437506, #496767) http://savannah.nongnu.org/bugs/?21046
# Note: upstream introduced a similar -a option in version 0.4.0, so this
# option is retained only in builds prior to Fedora 22 for compatibility
%if (0%{?rhel} && 0%{?rhel} <= 7) || (0%{?fedora} && 0%{?fedora} <= 21)
%patch2 -b .authuser
%endif

# With systemd, the runtime directory is /run rather than /var/run
%if %{rundir_tmpfs}
%patch11 -b .rundir
%endif

# Copy in SysV init files
%if !%{use_systemd}
cp -p %{SOURCE10} %{SOURCE11} .
%endif

# Copy in systemd files
%if %{use_systemd}
cp -p %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} .
%endif

%build
export SENDMAIL=/usr/sbin/sendmail
%configure
make %{?_smp_mflags}

%install
make DESTDIR=%{buildroot} install

install -m 755 -d %{buildroot}%{_localstatedir}/lib/spamass-milter
install -m 711 -d %{buildroot}%{rundir}/spamass-milter
install -m 750 -d %{buildroot}%{rundir}/spamass-milter/postfix
%if %{use_systemd}
install -m 644 -D spamass-milter.service \
%{buildroot}%{_unitdir}/spamass-milter.service
install -m 644 -D spamass-milter-root.service \
%{buildroot}%{_unitdir}/spamass-milter-root.service
install -m 644 -D spamass-milter-sysconfig.systemd \
%{buildroot}%{_sysconfdir}/sysconfig/spamass-milter
install -m 644 -D spamass-milter-postfix-sysconfig.systemd \
%{buildroot}%{_sysconfdir}/sysconfig/spamass-milter-postfix
%else
install -m 755 -D spamass-milter.sysv \
%{buildroot}%{_initddir}/spamass-milter
install -m 644 -D spamass-milter-sysconfig.sysv \
%{buildroot}%{_sysconfdir}/sysconfig/spamass-milter
%endif

# Make sure %%{rundir}/spamass-milter{,/postfix} exist at boot time for systems
# with %%{rundir} on tmpfs (#656692)
%if %{rundir_tmpfs}
install -m 755 -d %{buildroot}%{_tmpfilesdir}
install -m 644 spamass-milter-tmpfs.conf \
%{buildroot}%{_tmpfilesdir}/spamass-milter.conf
install -m 644 spamass-milter-postfix-tmpfs.conf \
%{buildroot}%{_tmpfilesdir}/spamass-milter-postfix.conf
%endif

# Create dummy sockets for %%ghost-ing
: > %{buildroot}%{rundir}/spamass-milter/spamass-milter.sock
: > %{buildroot}%{rundir}/spamass-milter/postfix/sock

%pre
getent group sa-milt >/dev/null || groupadd -r sa-milt
getent passwd sa-milt >/dev/null || \
useradd -r -g sa-milt -d %{_localstatedir}/lib/spamass-milter \
-s /sbin/nologin -c "SpamAssassin Milter" sa-milt
# Fix homedir for upgrades
usermod --home %{_localstatedir}/lib/spamass-milter sa-milt &>/dev/null
%if %{sysv_to_systemd}
# Start SysV-to-systemd migration
rm -f %{migrfile} &>/dev/null
if [ $1 -gt 1 -a ! -e %{_unitdir}/spamass-milter.service -a -e %{_initddir}/spamass-milter ]; then
systemd-sysv-convert --save spamass-milter &>/dev/null
chkconfig --del spamass-milter &>/dev/null
touch %{migrfile} &>/dev/null
fi
%endif
exit 0

%post
if [ $1 -eq 1 ]; then
# Initial installation
%if %{use_systemd}
systemctl daemon-reload &>/dev/null || :
%else
chkconfig --add spamass-milter || :
%endif
%if %{preset_support}
systemctl preset spamass-milter.service &>/dev/null || :
systemctl preset spamass-milter-root.service &>/dev/null || :
%endif
fi

%preun
if [ $1 -eq 0 ]; then
# Package removal, not upgrade
%if %{use_systemd}
systemctl --no-reload disable spamass-milter.service &>/dev/null || :
systemctl stop spamass-milter.service &>/dev/null || :
systemctl --no-reload disable spamass-milter-root.service &>/dev/null || :
systemctl stop spamass-milter-root.service &>/dev/null || :
%else
%{_initddir}/spamass-milter stop &>/dev/null || :
chkconfig --del spamass-milter || :
%endif
fi

%postun
%if %{use_systemd}
systemctl daemon-reload &>/dev/null || :
%endif
if [ $1 -ge 1 ]; then
# Package upgrade, not uninstall
%if %{use_systemd}
systemctl try-restart spamass-milter.service &>/dev/null || :
systemctl try-restart spamass-milter-root.service &>/dev/null || :
%else
%{_initddir}/spamass-milter condrestart &>/dev/null || :
%endif
fi

%if %{sysv_to_systemd}
%triggerpostun -- spamass-milter
# Complete the SysV-to-system migration started in %%pre
if [ $1 -gt 0 -a -e %{migrfile} ]; then
systemctl daemon-reload &>/dev/null || :
systemctl try-restart spamass-milter.service &>/dev/null
fi
rm -f %{migrfile} &>/dev/null || :
%endif

%post postfix
# This is needed because the milter needs to "give away" the MTA communication
# socket to the postfix group, and it needs to be a member of the group to do
# that.
usermod -a -G postfix sa-milt || :

%files
%doc AUTHORS ChangeLog NEWS README
%{_mandir}/man1/spamass-milter.1*
%config(noreplace) %{_sysconfdir}/sysconfig/spamass-milter
%if %{rundir_tmpfs}
%{_tmpfilesdir}/spamass-milter.conf
%endif
%if %{use_systemd}
%{_unitdir}/spamass-milter.service
%{_unitdir}/spamass-milter-root.service
%else
%{_initddir}/spamass-milter
%endif
%{_sbindir}/spamass-milter
%dir %attr(-,sa-milt,sa-milt) %{_localstatedir}/lib/spamass-milter/
%dir %attr(-,sa-milt,sa-milt) %{rundir}/spamass-milter/
%ghost %{rundir}/spamass-milter/spamass-milter.sock

%files postfix
%doc README.Postfix
%if %{rundir_tmpfs}
%{_tmpfilesdir}/spamass-milter-postfix.conf
%endif
%if %{use_systemd}
%config(noreplace) %{_sysconfdir}/sysconfig/spamass-milter-postfix
%endif
%dir %attr(-,sa-milt,postfix) %{rundir}/spamass-milter/postfix/
%ghost %{rundir}/spamass-milter/postfix/sock

%changelog
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Mon Jan 29 2018 Paul Howarth <paul@city-fan.org> - 0.4.0-12
- Account for systemd-units being merged into systemd at Fedora 17
- Drop support for SysV-to-systemd migration from Fedora 18, RHEL 7
- Use forward-looking conditionals
- One build requirement per line

* Wed Nov 15 2017 Paul Howarth <paul@city-fan.org> - 0.4.0-11
- Replace /bin/* dependencies with coreutils etc. (#1512898)
- Drop explicit paths for commands to aid spec readability
- Drop EL-5 support
- Drop legacy Group: and BuildRoot: tags
- Drop explicit buildroot cleaning in %%install section
- Drop explicit %%clean section
- Noarch sub-packages are always available now

* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

* Mon Aug 22 2016 Paul Howarth <paul@city-fan.org> - 0.4.0-7
- Document expected warning message when used with Postfix (#1368645)

* Fri Aug 5 2016 Paul Howarth <paul@city-fan.org> - 0.4.0-6
- sendmail-devel renamed to sendmail-milter-devel from Fedora 26
- Specify all build requirements

* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Wed Jan 6 2016 Paul Howarth <paul@city-fan.org> - 0.4.0-4
- Document macro requirements for Postfix (#1294245)

* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

* Sat May 02 2015 Kalev Lember <kalevlember@gmail.com> - 0.4.0-2
- Rebuilt for GCC 5 C++11 ABI change

* Thu Feb 26 2015 Paul Howarth <paul@city-fan.org> - 0.4.0-1
- Update to 0.4.0
- New options:
-C option to change the default reject code
-S option to specify a path to sendmail (for the -x option)
-R option to specify the rejection message
-a option to skip messages that were authenticated
- IPv6 address support
- Syntax clean-ups
- Drop upstreamed syntax, rejection text and IPv6 patches
- Update authuser patch: note that upstream has introduced a -a option that
does pretty much the same as the -I option added by this patch, so this
patch is deprecated and will not be included in builds for Fedora 22 onwards
- Clean up other patches to apply cleanly

* Tue Feb 24 2015 Paul Howarth <paul@city-fan.org> - 0.3.2-15
- Add -R option to specify SMTP rejection text (#1131667)
- Drop %%defattr, redundant since rpm 4.4

* Thu Aug 21 2014 Kevin Fenzi <kevin@scrye.com> - 0.3.2-14
- Rebuild for rpm bug 1131960

* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Wed Sep 5 2012 Paul Howarth <paul@city-fan.org> - 0.3.2-9
- Add systemd preset support (#850321)

* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Wed Jul 4 2012 Paul Howarth <paul@city-fan.org> - 0.3.2-7
- Move the tmpfiles.d config from %%{_sysconfdir} to %%{_prefix}/lib

* Mon Apr 16 2012 Paul Howarth <paul@city-fan.org> - 0.3.2-6
- Do a hardened (PIE) build where possible

* Wed Jan 11 2012 Paul Howarth <paul@city-fan.org> - 0.3.2-5
- Rebuild for gcc 4.7 in Rawhide

* Wed Aug 24 2011 Paul Howarth <paul@city-fan.org> - 0.3.2-4
- Add systemd init support, on by default from Fedora 16
- %%ghost the sockets for clean uninstalls

* Thu Aug 18 2011 Paul Howarth <paul@city-fan.org> - 0.3.2-3
- Help for users authenticating to Postfix (#730308)

* Mon Jul 18 2011 Paul Howarth <paul@city-fan.org> - 0.3.2-2
- Drop the wrapper, which hasn't been needed since 0.3.1 was released
- Nobody else likes macros for commands

* Tue Feb 15 2011 Paul Howarth <paul@city-fan.org> - 0.3.2-1
- Update to 0.3.2 (upstream fix for popen unsanitized input vulnerability:
CVE-2010-1132, #572117, #572119, http://savannah.nongnu.org/bugs/?29136)
- Drop popen patch, now upstream
- Rework syntax, rcvd and bits patches to apply against new codebase

* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-25
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Tue Nov 30 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-24
- Require systemd-units for ownership of /etc/tmpfiles.d directory
- Add Default-Stop LSB keyword in initscript

* Fri Nov 26 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-23
- Make sure /var/run/spamass-milter and /var/run/spamass-milter/postfix exist
at boot time for systems with /var/run on tmpfs (#656692)

* Wed Sep 29 2010 jkeating - 0.3.1-22
- Rebuilt for gcc bug 634757

* Thu Sep 23 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-21
- Add IPv6 whitelisting support (#630263)

* Tue Jun 8 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-20
- RHEL-6 onwards have noarch subpackages, so make spamass-milter-postfix one

* Mon Apr 19 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-19
- Fix patch for CVE-2010-1132 to not create a zombie process per email when
the -x or -b options are used (#583523)

* Tue Mar 23 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-18
- Add patch to get rid of compiler warnings
- Reorder and re-base patches to optimize chances of upstream accepting them
- Improve Received-header patch (#496763) incorporating additional fix from
upstream update (http://savannah.nongnu.org/bugs/?17178)

* Fri Mar 12 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-17
- Update initscript to support running the milter as root, which is needed
for the -x (expand aliases) option; note that the milter does not run as
root by default
- Add patch for popen unsanitized input vulnerability
(CVE-2010-1132, #572117, #572119, http://savannah.nongnu.org/bugs/?29136)
- Rebase authuser patch
- Update patch adding auth info to dummy Received-header so that it doesn't
generate spurious warnings about missing macros (#532266), and update and
merge the macro documentation patch into this patch
- Document patch usage in spec file

* Tue Aug 11 2009 Paul Howarth <paul@city-fan.org> - 0.3.1-16
- Switch to bzipped source tarball

* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Fri Apr 24 2009 Paul Howarth <paul@city-fan.org> - 0.3.1-14
- Fix Received-header generation (#496763)
- Add authentication info to dummy Received-header (#496769)
- Add option to skip checks for authenticated senders (#437506, #496767)
(thanks to Habeeb J. Dihu for the reports and patches)

* Wed Mar 18 2009 Paul Howarth <paul@city-fan.org> - 0.3.1-13
- Call initscripts directly instead of via /sbin/service and fine-tune scriptlet
dependencies
- Change sa-milt user's home directory from
%%{_localstatedir}/run/spamass-milter to %%{_localstatedir}/lib/spamass-milter
so as to retain directory contents across a reboot (#489995), and fix the home
directory of any existing sa-milt account on upgrades

* Fri Feb 27 2009 Paul Howarth <paul@city-fan.org> - 0.3.1-12
- Subpackage for postfix is now noarch for Fedora 10 onwards
- Fix scriptlet deps to ensure that sa-milt user exists before we attempt to
add it to the postfix group

* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Fri Feb 13 2009 Paul Howarth <paul@city-fan.org> - 0.3.1-10
- Rebuild for shared libmilter in Fedora 11 development

* Thu Jul 3 2008 Paul Howarth <paul@city-fan.org> - 0.3.1-9
- Require /usr/sbin/sendmail (for -b/-B/-x options) rather than sendmail pkg
- Make summary and description less Sendmail-specific
- Add patch to support group-writable socket for MTA communication, needed
to be able to use a Unix-domain socket with Postfix (#452248)
- Add subpackage with group-writable directory for Postfix support
- Tweak initscript to change default options when Postfix socket directory is
present
- Document additional ENVRCPT macros to provide

* Tue May 20 2008 Paul Howarth <paul@city-fan.org> - 0.3.1-8
- Fix initscript failure to start with SELinux in enforcing mode (#447247)
(needs selinux-policy >= 3.3.1-55 on F9)

* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 0.3.1-7
- Autorebuild for GCC 4.3

* Mon Feb 18 2008 Paul Howarth <paul@city-fan.org> - 0.3.1-6
- Rebuild with gcc 4.3.0 for Fedora 9

* Fri Oct 12 2007 Paul Howarth <paul@city-fan.org> - 0.3.1-5
- Split initscript and config out from being here documents in the spec and
have them as separate source files instead
- Unexpand tabs
- Clarify license as GPL v2 or later (GPLv2+)
- Use the standard scriptlet for user/group creation in %%pre

* Wed Aug 30 2006 Paul Howarth <paul@city-fan.org> - 0.3.1-4
- Use make/DESTDIR instead of deprecated %%makeinstall macro
- Expand tabs and clean up changelog entries

* Mon May 15 2006 Paul Howarth <paul@city-fan.org> - 0.3.1-3
- Use upstream default settings (#191602)
This change re-enables by default Subject/Content-Type header modification
(which may have a performance impact for large messages) and disables by
default the rejection of emails with a spam score of 15 or more. To re-enable
these options, uncomment the line:
EXTRA_FLAGS="-m -r 15"
in %%{_sysconfdir}/sysconfig/spamass-milter
* Sun May 7 2006 Paul Howarth <paul@city-fan.org> - 0.3.1-2
- Fix race condition in "stop" clause of initscript (#190894)

* Thu Apr 6 2006 Paul Howarth <paul@city-fan.org> - 0.3.1-1
- Update to 0.3.1

* Wed Feb 15 2006 Paul Howarth <paul@city-fan.org> - 0.3.0-9
- Don't use macros in command paths, hardcode them instead

* Mon Aug 1 2005 Paul Howarth <paul@city-fan.org> - 0.3.0-8
- Run the milter in a wrapper script that restarts it if it crashes

* Thu Jun 16 2005 Paul Howarth <paul@city-fan.org> - 0.3.0-7
- Bump and rebuild due to transient build system failure

* Wed Jun 15 2005 Paul Howarth <paul@city-fan.org> - 0.3.0-6
- Adjust initscript chkconfig values so it starts before sendmail

* Mon Jun 13 2005 Paul Howarth <paul@city-fan.org> - 0.3.0-5
- Help the configure script find sendmail

* Mon Jun 13 2005 Paul Howarth <paul@city-fan.org> - 0.3.0-4
- Bump and rebuild

* Mon Jun 06 2005 Paul Howarth <paul@city-fan.org> - 0.3.0-3
- Use Extras standard buildroot
- Unpack tarball quietly
- Create account sa-milt and run the milter using that instead of root
- Fix socket name in README
- Initscript not %%config

* Sun Jun 05 2005 Warren Togami <wtogami@redhat.com> - 0.3.0-2
- Extras

* Tue Feb 08 2005 Dag Wieers <dag@wieers.com> - 0.3.0-1
- Updated to release 0.3.0

* Wed Sep 01 2004 Dag Wieers <dag@wieers.com> - 0.2.0-1
- Fixed variables in sysconfig file (mator)

* Tue Feb 17 2004 Dag Wieers <dag@wieers.com> - 0.2.0-0
- Initial package (using DAR)
Loading…
Cancel
Save