spamass-milter package update

Signed-off-by: webbuilder_pel7ppc64bebuilder0 <webbuilder@powerel.org>

SOURCES/spamass-milter-0.4.0-auth-no-ssf.patch

@@ -0,0 +1,28 @@
+This change is to help users with Postfix that aren't using the -a option
+to not pass mail from authenticated users through SpamAssassin. Postfix,
+unlike Sendmail, does not provide the {auth_ssf} macro, so in the case
+where mail is from an authenticated user, the modified code can now add
+an (authenticated) hint in the dummy Received: header (where Sendmail would
+add (authenticated bits=nnn)), and this is scored favourably by SpamAssassin.
+
+http://bugzilla.redhat.com/730308
+
+--- spamass-milter.cpp
++++ spamass-milter.cpp
+@@ -1069,9 +1069,14 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+ 
+ 		rec_header = (string) "Received: from " + macro_s + " (" + macro__ + ")\r\n\t";
+ 
+-		if (strlen(macro_auth_ssf))
++		if (strlen(macro_auth_authen))
+ 		{
+-			rec_header += (string) "(authenticated bits=" + macro_auth_ssf + ")\r\n\t";
++			rec_header += (string) "(authenticated";
++			if (strlen(macro_auth_ssf))
++			{
++				rec_header += (string) " bits=" + macro_auth_ssf;
++			}
++			rec_header += (string) ")\r\n\t";
+ 		}
+ 
+ 		rec_header += (string) "by " + macro_j + " (" + macro_v + "/" + macro_Z + ") with " +

SOURCES/spamass-milter-0.4.0-authuser.patch

@@ -0,0 +1,89 @@
+--- spamass-milter.1.in
++++ spamass-milter.1.in
+@@ -16,6 +16,7 @@
+ .Op Fl f
+ .Op Fl g Ar group
+ .Op Fl i Ar networks
++.Op Fl I
+ .Op Fl m
+ .Op Fl M
+ .Op Fl P Ar pidfile
+@@ -134,6 +135,8 @@ Multiple
+ flags will append to the list.
+ For example, if you list all your internal networks, no outgoing emails
+ will be filtered.
++.It Fl I
++Ignores messages if the sender has authenticated via SMTP AUTH.
+ .It Fl m
+ Disables modification of the 
+ .Ql Subject: 
+--- spamass-milter.cpp
++++ spamass-milter.cpp
+@@ -178,6 +178,7 @@ bool flag_full_email = false;		/* pass f
+ bool flag_expand = false;	/* alias/virtusertable expansion */
+ bool warnedmacro = false;	/* have we logged that we couldn't fetch a macro? */
+ bool auth = false;		/* don't scan authenticated users */
++bool ignore_authenticated_senders = false;     /* authenticated users bypass spam checks */
+ 
+ // {{{ main()
+ 
+@@ -185,7 +186,7 @@ int
+ main(int argc, char* argv[])
+ {
+    int c, err = 0;
+-   const char *args = "afd:mMp:P:r:u:D:i:b:B:e:xS:R:C:g:";
++   const char *args = "afd:mMp:P:r:u:D:i:Ib:B:e:xS:R:C:g:";
+    char *sock = NULL;
+    char *group = NULL;
+    bool dofork = false;
+@@ -225,6 +226,10 @@ main(int argc, char* argv[])
+                 debug(D_MISC, "Parsing ignore list");
+                 parse_networklist(optarg, &ignorenets);
+                 break;
++            case 'I':
++                debug(D_MISC, "Ignore authenticated senders");
++                ignore_authenticated_senders = true;
++                break;
+             case 'm':
+                 dontmodifyspam = true;
+                 smfilter.xxfi_flags &= ~SMFIF_CHGBODY;
+@@ -301,7 +306,7 @@ main(int argc, char* argv[])
+       cout << PACKAGE_NAME << " - Version " << PACKAGE_VERSION << endl;
+       cout << "SpamAssassin Sendmail Milter Plugin" << endl;
+       cout << "Usage: spamass-milter -p socket [-b|-B bucket] [-d xx[,yy...]] [-D host]" << endl;
+-      cout << "                      [-e defaultdomain] [-f] [-i networks] [-m] [-M]" << endl;
++      cout << "                      [-e defaultdomain] [-f] [-i networks] [-I] [-m] [-M]" << endl;
+       cout << "                      [-P pidfile] [-r nn] [-u defaultuser] [-x] [-a]" << endl;
+       cout << "                      [-C rejectcode] [-R rejectmsg] [-g group]" << endl;
+       cout << "                      [-- spamc args ]" << endl;
+@@ -318,6 +323,7 @@ main(int argc, char* argv[])
+       cout << "   -g group: socket group (perms to 660 as well)" << endl;
+       cout << "   -i: skip (ignore) checks from these IPs or netblocks" << endl;
+       cout << "          example: -i 192.168.12.5,10.0.0.0/8,172.16.0.0/255.255.0.0" << endl;
++      cout << "   -I: skip (ignore) checks if sender is authenticated" << endl;
+       cout << "   -m: don't modify body, Content-type: or Subject:" << endl;
+       cout << "   -M: don't modify the message at all" << endl;
+       cout << "   -P pidfile: Put processid in pidfile" << endl;
+@@ -850,6 +856,22 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
+       return SMFIS_ACCEPT;
+     }
+   }
++
++  if (ignore_authenticated_senders)
++  {
++    char *auth_authen;
++
++    auth_authen = smfi_getsymval(ctx, const_cast<char *>("{auth_authen}"));
++    debug(D_MISC, "auth_authen=%s", auth_authen ?: "<unauthenticated>");
++
++    if (auth_authen)
++    {
++      debug(D_MISC, "sender authenticated (%s) - accepting message",
++	    auth_authen);
++      debug(D_FUNC, "mlfi_envfrom: exit ignore");
++      return SMFIS_ACCEPT;
++    }
++  }
+ 
+   debug(D_FUNC, "mlfi_envfrom: enter");
+   try {

SOURCES/spamass-milter-0.4.0-bits.patch

@@ -0,0 +1,289 @@
+Add authenticated bits information into the dummy generated
+Received-header for SpamAssassin to facilitate adding a rule
+to score mail from authenticated clients.
+
+Discussion:
+http://bugzilla.redhat.com/496769
+http://www.gossamer-threads.com/lists/spamassassin/users/146948
+
+This patch also moves some of the macro collection to the
+ENVFROM callback, where the required macros are available by default.
+
+--- README
++++ README
+@@ -55,16 +55,28 @@ configuring sendmail through m4 & the se
+ adding the lines
+ 
+ INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/sendmail/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
+-define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl
+-define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl
+-define(`confMILTER_MACROS_ENVFROM',`{auth_authen}, {auth_type}')dnl
+-define(`confMILTER_MACROS_ENVRCPT',`r, v, Z')dnl
++define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`, b, r, v, Z')dnl
++
+ 
+ should do the trick. Of course you need to modify the path of the
+ socket if you put another one into the startup script. The timeouts
+ have been increased somewhat because SpamAssassin may chew on it for a
+ little while on a slow machine.
+ 
++If you are using multiple milter mail filters on your mail server, you may
++have overridden the default values of some of the confMILTER_MACROS_*
++macros whilst configuring the other filters. You need to ensure that at
++least the following values are present:
++
++confMILTER_MACROS_CONNECT must include the {j} and {_} macros
++(all included by default)
++
++confMILTER_MACROS_ENVFROM must include the {i}, {auth_authen}, {auth_ssf}
++and {auth_type} macros (all included by default)
++
++confMILTER_MACROS_ENVRCPT must include the {b}, {r}, {v}, and {Z} macros
++
++
+ Now recreate sendmail.cf, restart sendmail and experiment around a bit
+ with the setup to make sure it is working.
+ 
+--- spamass-milter.cpp
++++ spamass-milter.cpp
+@@ -702,6 +702,7 @@ sfsistat
+ mlfi_connect(SMFICTX * ctx, char *hostname, _SOCK_ADDR * hostaddr)
+ {
+ 	struct context *sctx;
++	const char *macro_j, *macro__;
+ 	int rv;
+ 
+ 	debug(D_FUNC, "mlfi_connect: enter");
+@@ -726,8 +727,31 @@ mlfi_connect(SMFICTX * ctx, char *hostna
+ 	}
+ 	sctx->assassin = NULL;
+ 	sctx->helo = NULL;
+-	
+-	/* store a pointer to it with setpriv */
++	sctx->our_fqdn = NULL;
++	sctx->sender_address = NULL;
++	sctx->queueid = NULL;
++	sctx->auth_authen = NULL;
++	sctx->auth_ssf = NULL;
++
++	/* store our FQDN */
++	macro_j = smfi_getsymval(ctx, const_cast<char *>("j"));
++	if (!macro_j)
++	{
++		macro_j = "localhost";
++		warnmacro("j", "CONNECT");
++	}
++	sctx->our_fqdn = strdup(macro_j);
++
++	/* store the validated sending site's address */
++	macro__ = smfi_getsymval(ctx, const_cast<char *>("_"));
++	if (!macro__)
++	{
++		macro__ = "unknown";
++		warnmacro("_", "CONNECT");
++	}
++	sctx->sender_address = strdup(macro__);
++
++	/* store a pointer to our private data with setpriv */
+ 	rv = smfi_setpriv(ctx, sctx);
+ 	if (rv != MI_SUCCESS)
+ 	{
+@@ -778,7 +802,7 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
+ {
+   SpamAssassin* assassin;
+   struct context *sctx = (struct context *)smfi_getpriv(ctx);
+-  const char *queueid;
++  const char *queueid, *macro_auth_ssf, *macro_auth_authen;
+ 
+   if (sctx == NULL)
+   {
+@@ -814,17 +838,44 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
+ 
+   // remember the MAIL FROM address
+   assassin->set_from(string(envfrom[0]));
+-  
++
++  // remember the queueid for this message
+   queueid=smfi_getsymval(ctx, const_cast<char *>("i"));
+   if (!queueid)
+   {
+     queueid="unknown";
+     warnmacro("i", "ENVFROM");
+   }
+-  assassin->queueid = queueid;
+-
++  sctx->queueid = strdup(queueid);
+   debug(D_MISC, "queueid=%s", queueid);
+ 
++  // remember the SMTP AUTH login name
++  macro_auth_authen = smfi_getsymval(ctx, const_cast<char *>("{auth_authen}"));
++  if (!macro_auth_authen)
++  {
++    macro_auth_authen = "";
++    // Don't issue a warning for the auth_authen macro as
++    // it is likely to be unset much of the time - it's
++    // only set if the client has authenticated.
++    //
++    // Similarly, we only issue warnings for the other
++    // auth-related macros if {auth_authen) is available.
++    //
++    // warnmacro("auth_authen", "ENVFROM");
++  }
++  sctx->auth_authen = strdup(macro_auth_authen);
++
++  // remember the SASL cipher bits
++  macro_auth_ssf = smfi_getsymval(ctx, const_cast<char *>("{auth_ssf}"));
++  if (!macro_auth_ssf)
++  {
++    macro_auth_ssf = "";
++    if (strlen(macro_auth_authen)) {
++      warnmacro("auth_ssf", "ENVFROM");
++    }
++  }
++  sctx->auth_ssf = strdup(macro_auth_ssf);
++
+   // tell Milter to continue
+   debug(D_FUNC, "mlfi_envfrom: exit");
+ 
+@@ -918,7 +969,8 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+ 		   
+ 		*/
+ 		const char *macro_b, *macro_i, *macro_j, *macro_r,
+-		           *macro_s, *macro_v, *macro_Z, *macro__;
++		           *macro_s, *macro_v, *macro_Z, *macro__,
++			   *macro_auth_ssf, *macro_auth_authen;
+ 		char date[32];
+ 
+ 		/* RFC 822 date. */
+@@ -933,20 +985,13 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+ 		}
+ 
+ 		/* queue ID */
+-		macro_i = smfi_getsymval(ctx, const_cast<char *>("i"));
+-		if (!macro_i)
+-		{
+-			macro_i = "unknown";
+-			warnmacro("i", "ENVRCPT");
+-		}
++		macro_i = sctx->queueid;
+ 
+-		/* FQDN of this site */
+-		macro_j = smfi_getsymval(ctx, const_cast<char *>("j"));
+-		if (!macro_j)
+-		{
+-			macro_j = "localhost";
+-			warnmacro("j", "ENVRCPT");
+-		}
++		/* FQDN */
++		macro_j = sctx->our_fqdn;
++
++		/* Sender address */
++		macro__ = sctx->sender_address;
+ 
+ 		/* Protocol used to receive the message */
+ 		macro_r = smfi_getsymval(ctx, const_cast<char *>("r"));
+@@ -955,7 +1000,11 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+ 			macro_r = "SMTP";
+ 			warnmacro("r", "ENVRCPT");
+ 		}
+-			
++
++		/* SMTP AUTH details */
++		macro_auth_authen = sctx->auth_authen;
++		macro_auth_ssf = sctx->auth_ssf;
++
+ 		/* Sendmail currently cannot pass us the {s} macro, but
+ 		   I do not know why.  Leave this in for the day sendmail is
+ 		   fixed.  Until that day, use the value remembered by
+@@ -983,22 +1032,25 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+ 			warnmacro("Z", "ENVRCPT");
+ 		}
+ 
+-		/* Validated sending site's address */
+-		macro__ = smfi_getsymval(ctx, const_cast<char *>("_"));
+-		if (!macro__)
++		assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n");
++		assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
++
++		string rec_header;
++
++		rec_header = (string) "Received: from " + macro_s + " (" + macro__ + ")\r\n\t";
++
++		if (strlen(macro_auth_ssf))
+ 		{
+-			macro__ = "unknown";
+-			warnmacro("_", "ENVRCPT");
++			rec_header += (string) "(authenticated bits=" + macro_auth_ssf + ")\r\n\t";
+ 		}
+ 
+-		assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n");
+-		assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
++		rec_header += (string) "by " + macro_j + " (" + macro_v + "/" + macro_Z + ") with " +
++			macro_r + " id " + macro_i + ";\r\n\t" +
++			macro_b + "\r\n\t" +
++			"(envelope-from " + assassin->from() + ")\r\n";
+ 
+-		assassin->output((string)
+-			"Received: from "+macro_s+" ("+macro__+")\r\n\t"+
+-			"by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+
+-			macro_b+"\r\n\t"+
+-			"(envelope-from "+assassin->from()+")\r\n");
++		debug(D_SPAMC, "Received header for spamc: %s", rec_header.c_str());
++		assassin->output(rec_header);
+ 
+ 	} else
+ 		assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
+@@ -1244,16 +1296,27 @@ mlfi_close(SMFICTX* ctx)
+ {
+   struct context *sctx;
+   debug(D_FUNC, "mlfi_close");
+-  
++
+   sctx = (struct context*)smfi_getpriv(ctx);
+   if (sctx == NULL)
+     return SMFIS_ACCEPT;
+ 
+   if (sctx->helo)
+   	free(sctx->helo);
++  if (sctx->our_fqdn)
++  	free(sctx->our_fqdn);
++  if (sctx->sender_address)
++  	free(sctx->sender_address);
++  if (sctx->queueid)
++  	free(sctx->queueid);
++  if (sctx->auth_authen)
++  	free(sctx->auth_authen);
++  if (sctx->auth_ssf)
++  	free(sctx->auth_ssf);
++
+   free(sctx);
+   smfi_setpriv(ctx, NULL);
+-  
++
+   return SMFIS_ACCEPT;
+ }
+ 
+--- spamass-milter.h
++++ spamass-milter.h
+@@ -168,9 +168,6 @@ public:
+   // List of recipients after alias/virtusertable expansion
+   list <string> expandedrcpt;
+ 
+-  // the sendmail queue id for this message; used for logging
+-  string queueid;
+-
+   // Process handling variables
+   pid_t pid;
+   int pipe_io[2][2];
+@@ -181,6 +178,11 @@ struct context
+ {
+ 	char connect_ip[64];	// remote IP address
+ 	char *helo;
++	char *our_fqdn;
++	char *sender_address;
++	char *queueid;
++	char *auth_authen;
++	char *auth_ssf;
+ 	SpamAssassin *assassin; // pointer to the SA object if we're processing a message
+ };
+ 

SOURCES/spamass-milter-0.4.0-group.patch

@@ -0,0 +1,110 @@
+Add option -g group to have the milter create a group-writeable socket
+for communication with the MTA and set the GID of the socket to the
+specified group. This makes it possible to use the milter via a
+unix-domain socket with Postfix as the MTA (Postfix doesn't run as
+root and would otherwise be unable to use the socket).
+
+http://bugzilla.redhat.com/452248
+
+--- spamass-milter.1.in
++++ spamass-milter.1.in
+@@ -14,6 +14,7 @@
+ .Op Fl D Ar host
+ .Op Fl e Ar defaultdomain
+ .Op Fl f
++.Op Fl g Ar group
+ .Op Fl i Ar networks
+ .Op Fl m
+ .Op Fl M
+@@ -115,6 +116,12 @@ flag.
+ Causes
+ .Nm
+ to fork into the background.
++.It Fl g Ar group
++Makes the socket for communication with the MTA group-writable (mode 0750)
++and sets the socket's group to
++.Ar group .
++This option is intended for use with MTA's like Postfix that do not run as
++root, and is incompatible with Sendmail usage.
+ .It Fl i Ar networks
+ Ignores messages if the originating IP is in the network(s) listed.
+ The message will be passed through without calling SpamAssassin at all.
+--- spamass-milter.cpp
++++ spamass-milter.cpp
+@@ -89,6 +89,7 @@
+ #endif
+ #include <errno.h>
+ #include <netdb.h>
++#include <grp.h>
+ 
+ // C++ includes
+ #include <cstdio>
+@@ -184,8 +185,9 @@ int
+ main(int argc, char* argv[])
+ {
+    int c, err = 0;
+-   const char *args = "afd:mMp:P:r:u:D:i:b:B:e:xS:R:C:";
++   const char *args = "afd:mMp:P:r:u:D:i:b:B:e:xS:R:C:g:";
+    char *sock = NULL;
++   char *group = NULL;
+    bool dofork = false;
+    char *pidfilename = NULL;
+    FILE *pidfile = NULL;
+@@ -206,6 +208,9 @@ main(int argc, char* argv[])
+             case 'f':
+                 dofork = true;
+                 break;
++            case 'g':
++                group = strdup(optarg);
++                break;
+             case 'd':
+                 parse_debuglevel(optarg);
+                 break;
+@@ -298,7 +303,7 @@ main(int argc, char* argv[])
+       cout << "Usage: spamass-milter -p socket [-b|-B bucket] [-d xx[,yy...]] [-D host]" << endl;
+       cout << "                      [-e defaultdomain] [-f] [-i networks] [-m] [-M]" << endl;
+       cout << "                      [-P pidfile] [-r nn] [-u defaultuser] [-x] [-a]" << endl;
+-      cout << "                      [-C rejectcode] [ -R rejectmsg ]" << endl;
++      cout << "                      [-C rejectcode] [-R rejectmsg] [-g group]" << endl;
+       cout << "                      [-- spamc args ]" << endl;
+       cout << "   -p socket: path to create socket" << endl;
+       cout << "   -b bucket: redirect spam to this mail address.  The orignal" << endl;
+@@ -310,6 +315,7 @@ main(int argc, char* argv[])
+       cout << "   -e defaultdomain: pass full email address to spamc instead of just\n"
+               "          username.  Uses 'defaultdomain' if there was none" << endl;
+       cout << "   -f: fork into background" << endl;
++      cout << "   -g group: socket group (perms to 660 as well)" << endl;
+       cout << "   -i: skip (ignore) checks from these IPs or netblocks" << endl;
+       cout << "          example: -i 192.168.12.5,10.0.0.0/8,172.16.0.0/255.255.0.0" << endl;
+       cout << "   -m: don't modify body, Content-type: or Subject:" << endl;
+@@ -378,6 +384,30 @@ main(int argc, char* argv[])
+ 	} else {
+       debug(D_MISC, "smfi_register succeeded");
+    }
++
++	if (group)
++	{
++		struct group *gr;
++
++		(void) smfi_opensocket(0);
++		gr = getgrnam(group);
++		if (gr)
++		{
++			int rc;
++			rc = chown(sock, (uid_t)-1, gr->gr_gid);
++			if (!rc)
++			{
++				(void) chmod(sock, 0660);
++			} else {
++				perror("group option, chown");
++				exit(EX_NOPERM);
++			}
++		} else { 
++			perror("group option, getgrnam");
++			exit(EX_NOUSER);
++		}
++	}
++
+ 	debug(D_ALWAYS, "spamass-milter %s starting", PACKAGE_VERSION);
+ 	err = smfi_main();
+ 	debug(D_ALWAYS, "spamass-milter %s exiting", PACKAGE_VERSION);

SOURCES/spamass-milter-0.4.0-pathnames.patch

@@ -0,0 +1,20 @@
+--- README
++++ README
+@@ -42,7 +42,7 @@ put the spamass-milter binary and set th
+ you want to use. YOU WILL MOST LIKELY HAVE TO EDIT THE VARIABLES ON
+ TOP OF THIS FILE.
+ 
+-Then start the daemon via /etc/init.d/spamass-milter start and make
++Then start the daemon via /etc/rc.d/init.d/spamass-milter start and make
+ sure it didn't crash/terminate immediately. If it does, there should
+ usually be syslog output. 
+ 
+@@ -54,7 +54,7 @@ Now you need to make sendmail use the pl
+ configuring sendmail through m4 & the sendmail.mc files. In this case
+ adding the lines
+ 
+-INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/sendmail/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
++INPUT_MAIL_FILTER(`spamassassin', `S=unix:/var/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
+ define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`, b, r, v, Z')dnl
+ 
+ 

SOURCES/spamass-milter-0.4.0-rcvd.patch

@@ -0,0 +1,22 @@
+The code in spamass-milter.cpp that tries to create a
+Sendmail-compatible header was broken and generated a header
+that was incorrectly parsed by SpamAssassin.
+
+This is mostly fixed now apart from the space that needs
+adding prior to the "(" between macro_j and macro_v.
+
+https://savannah.nongnu.org/bugs/index.php?17178
+http://bugs.debian.org/510665
+http://bugzilla.redhat.com/496763
+
+--- spamass-milter.cpp
++++ spamass-milter.cpp
+@@ -996,7 +996,7 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+ 
+ 		assassin->output((string)
+ 			"Received: from "+macro_s+" ("+macro__+")\r\n\t"+
+-			"by "+macro_j+"("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+
++			"by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+
+ 			macro_b+"\r\n\t"+
+ 			"(envelope-from "+assassin->from()+")\r\n");
+ 

SOURCES/spamass-milter-0.4.0-rundir.patch

@@ -0,0 +1,28 @@
+--- README.Postfix
++++ README.Postfix
+@@ -2,12 +2,12 @@ Installing the spamass-milter-postfix pa
+ of spamass-milter to be more Postfix-friendly, i.e.:
+ 
+    The Unix-domain socket used for MTA communication is changed to
+-   /var/run/spamass-milter/postfix/sock, and that socket is
++   /run/spamass-milter/postfix/sock, and that socket is
+    writable by the postfix group.
+ 
+ To configure Postfix to use the milter, add to /etc/postfix/main.cf:
+ 
+-  smtpd_milters = unix:/var/run/spamass-milter/postfix/sock
++  smtpd_milters = unix:/run/spamass-milter/postfix/sock
+ 
+ In addition:
+ 
+--- README
++++ README
+@@ -54,7 +54,7 @@ Now you need to make sendmail use the pl
+ configuring sendmail through m4 & the sendmail.mc files. In this case
+ adding the lines
+ 
+-INPUT_MAIL_FILTER(`spamassassin', `S=unix:/var/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
++INPUT_MAIL_FILTER(`spamassassin', `S=unix:/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
+ define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`, b, r, v, Z')dnl
+ 
+ 

SOURCES/spamass-milter-postfix-sysconfig.systemd

@@ -0,0 +1,4 @@
+# For Postfix support, use a postfix-group-writable socket
+# for communication with the MTA
+SOCKET="/run/spamass-milter/postfix/sock"
+SOCKET_OPTIONS="-g postfix"

SOURCES/spamass-milter-postfix-tmpfs.conf

@@ -0,0 +1 @@
+d	/run/spamass-milter/postfix	750	sa-milt	postfix

SOURCES/spamass-milter-root.service

@@ -0,0 +1,30 @@
+# Note: this unit file runs spamass-milter as the privileged user root,
+# which is necessary for using the milter's -x option for performing
+# virtusertable and alias expansion. If you are not using the -x option,
+# there is no need for the milter to run as root and it is best not to do so,
+# using the spamass-milter.service unit instead of this one.
+
+[Unit]
+Description = Mail filter for SpamAssassin
+Wants = spamassassin.service
+After = syslog.target
+After = local-fs.target
+After = network.target
+After = spamassassin.service
+Before = sendmail.service
+Before = postfix.service
+Conflicts = spamass-milter.service
+
+[Service]
+Type = simple
+UMask = 0022
+Environment = SOCKET=/run/spamass-milter/spamass-milter.sock SOCKET_OPTIONS= EXTRA_FLAGS=
+EnvironmentFile = -/etc/sysconfig/spamass-milter
+EnvironmentFile = -/etc/sysconfig/spamass-milter-postfix
+ExecStartPre = /bin/chown -R root /run/spamass-milter
+ExecStart = /usr/sbin/spamass-milter $SOCKET_OPTIONS -p $SOCKET $EXTRA_FLAGS
+ExecStopPost = /bin/chown -R sa-milt /run/spamass-milter
+
+[Install]
+WantedBy = multi-user.target
+

SOURCES/spamass-milter-tmpfs.conf

@@ -0,0 +1 @@
+d	/run/spamass-milter		711	sa-milt	sa-milt

SOURCES/spamass-milter.README.Postfix

@@ -0,0 +1,39 @@
+Installing the spamass-milter-postfix package changes the default behaviour
+of spamass-milter to be more Postfix-friendly, i.e.:
+
+   The Unix-domain socket used for MTA communication is changed to
+   /var/run/spamass-milter/postfix/sock, and that socket is
+   writable by the postfix group.
+
+To configure Postfix to use the milter, add to /etc/postfix/main.cf:
+
+  smtpd_milters = unix:/var/run/spamass-milter/postfix/sock
+
+In addition:
+
+  milter_connect_macros must include the j and _ macros
+  milter_rcpt_macros    must include the b, r, v, and Z macros
+
+Most of these are present by default and shouldn't need explicitly setting,
+except for the _ macro in milter_connect_macros. You can use:
+
+postconf -d milter_connect_macros
+
+to find the current setting, and add _ to the returned value, e.g.
+
+  milter_connect_macros = j {daemon_name} v _
+
+Note that Postfix users will see the following warning logged at the time of
+the first connection to the milter:
+
+  Could not retrieve sendmail macro "i"!.  Please add it to
+  confMILTER_MACROS_ENVFROM for better spamassassin results
+
+This is a consequence of different design decisions between Postfix and
+Sendmail (which spamass-milter is written for), where Postfix does not assign
+a Queue ID to an incoming message until later in an SMTP transaction compared
+with Sendmail. The milter wants to use the information before Postfix can
+provide it, hence the message. It is harmless and can be ignored.
+
+For further information, see:
+http://www.postfix.org/MILTER_README.html

SOURCES/spamass-milter.service

@@ -0,0 +1,29 @@
+# Note: this unit file runs spamass-milter as the unprivileged user sa-milt,
+# which is not compatible with the milter's -x option for performing
+# virtusertable and alias expansion. If you are not using the -x option,
+# there is no need for the milter to run as root and it is best not to do so.
+# However, if you are using the -x option, you will need to run the milter as
+# root and should use the spamass-milter-root.service unit instead of this one.
+
+[Unit]
+Description = Mail filter for SpamAssassin
+Wants = spamassassin.service
+After = syslog.target
+After = local-fs.target
+After = network.target
+After = spamassassin.service
+Before = sendmail.service
+Before = postfix.service
+Conflicts = spamass-milter-root.service
+
+[Service]
+Type = simple
+UMask = 0022
+Environment = SOCKET=/run/spamass-milter/spamass-milter.sock SOCKET_OPTIONS= EXTRA_FLAGS=
+EnvironmentFile = -/etc/sysconfig/spamass-milter
+EnvironmentFile = -/etc/sysconfig/spamass-milter-postfix
+User = sa-milt
+ExecStart = /usr/sbin/spamass-milter $SOCKET_OPTIONS -p $SOCKET $EXTRA_FLAGS
+
+[Install]
+WantedBy = multi-user.target

SOURCES/spamass-milter.sysv

@@ -0,0 +1,116 @@
+#!/bin/bash
+#
+# Init file for SpamAssassin sendmail milter.
+#
+# chkconfig: - 79 21
+# description: spamass-milter is a daemon that hooks into sendmail and \
+#              routes email messages to spamassassin
+#
+# processname: spamass-milter
+# config: /etc/sysconfig/spamass-milter
+# pidfile: /var/run/spamass-milter.pid
+
+### BEGIN INIT INFO
+# Provides: spamass-milter
+# Required-Start: $local_fs $network $syslog $named
+# Required-Stop: $local_fs $network $syslog $named
+# Default-Stop: 0 1 6
+# Should-Start: spamd spamassassin
+# Should-Stop: spamd spamassassin
+# Short-Description: Start or stop SpamAssassin Milter
+# Description: Spamass-milter is an add-on to sendmail that can route mail \
+#       messages through SpamAssassin and mark or reject mail deemed \
+#       to be spam
+### END INIT INFO
+
+# Default variables
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+RUN_AS_USER=sa-milt
+SOCKET="/var/run/spamass-milter/spamass-milter.sock"
+SOCKET_OPTIONS=""
+EXTRA_FLAGS=""
+SYSCONFIG="/etc/sysconfig/spamass-milter"
+
+# If Postfix support package is installed, use a postfix-group-writable
+# socket for communication with the MTA
+if [ -d /var/run/spamass-milter/postfix ]; then
+	SOCKET="/var/run/spamass-milter/postfix/sock"
+	SOCKET_OPTIONS="-g postfix"
+fi
+
+# Read configuration
+source /etc/rc.d/init.d/functions
+for configfile in /etc/sysconfig/network "${SYSCONFIG}"; do
+	[ -r "${configfile}" ] && source "${configfile}"
+done
+
+[ -x /usr/sbin/spamass-milter ] || exit 5
+
+RETVAL=0
+prog="spamass-milter"
+desc="SpamAssassin milter"
+pidfile=/var/run/spamass-milter.pid
+
+# Fix ownership of socket directory if necessary
+chown ${RUN_AS_USER} /var/run/spamass-milter
+
+start() {
+	echo -n $"Starting ${desc} (${prog}): "
+	touch ${pidfile}
+	chown ${RUN_AS_USER} ${pidfile}
+	[ -x /sbin/restorecon ] && /sbin/restorecon ${pidfile}
+	daemon --user ${RUN_AS_USER} /usr/sbin/${prog} ${SOCKET_OPTIONS} -p ${SOCKET} -P ${pidfile} -f ${EXTRA_FLAGS}
+	RETVAL=$?
+	echo
+	if [ ${RETVAL} -eq 0 ]; then
+		touch /var/lock/subsys/spamass-milter
+		return 0
+	else
+		return 1
+	fi
+}
+
+stop() {
+	echo -n $"Shutting down ${desc} (${prog}): "
+	rm -f /var/lock/subsys/spamass-milter
+	killproc ${prog}
+	RETVAL=$?
+	echo
+	if [ ${RETVAL} -eq 0 ]; then
+		rm -f ${pidfile}
+		return 0
+	else
+		return 1
+	fi
+}
+
+case "$1" in
+	start)
+		start
+		;;
+	stop)
+		stop
+		;;
+	restart|force-reload)
+		if [ "x`pidof spamass-milter`" != x ]; then
+			stop
+			sleep 2
+		fi
+		start
+		;;
+	condrestart|try-restart)
+		if [ -e /var/lock/subsys/spamass-milter ]; then
+			stop
+			sleep 2
+			start
+		else
+			exit 0
+		fi
+		;;
+	status)
+		status ${prog}
+		;;
+	*)
+		echo $"Usage: $0 {start|stop|restart|try-restart|force-reload|status}"
+		exit 2
+esac

SPECS/spamass-milter.spec

@@ -0,0 +1,580 @@
+# This package uses systemd init from Fedora 16, but can use it for
+# Fedora 15 if built using --with systemd
+%if !((0%{?rhel} && 0%{?rhel} <= 6) || (0%{?fedora} && 0%{?fedora} <= 15))
+%global _with_systemd --with-systemd
+%endif
+%global use_systemd %{!?_with_systemd:0}%{?_with_systemd:1}
+
+# The runtime directory is on tmpfs from Fedora 15 regardless of whether or not we're using systemd init
+%if (0%{?rhel} && 0%{?rhel} <= 6) || (0%{?fedora} && 0%{?fedora} <= 14)
+%global rundir %{_localstatedir}/run
+%global rundir_tmpfs 0
+%else
+%global rundir /run
+%global rundir_tmpfs 1
+%endif
+
+# systemd-units merged into systemd at Fedora 17
+%if (0%{?fedora} && 0%{?fedora} <= 16)
+%global systemd_units systemd-units
+%else
+%global systemd_units systemd
+%endif
+
+# Support systemd presets and drop support for SysV migration from Fedora 18, RHEL 7
+%if (0%{?rhel} && 0%{?rhel} <= 6) || (0%{?fedora} && 0%{?fedora} <= 17)
+%global preset_support 0
+%global sysv_to_systemd %{use_systemd}
+# Flag file for SysV-to-systemd migration
+%global migrfile /run/%{name}-%{version}-%{release}-%{_arch}.systemd-migration
+# This macro not defined until Fedora 18
+%global _tmpfilesdir %{_prefix}/lib/tmpfiles.d
+%else
+%global preset_support 1
+%global sysv_to_systemd 0
+%endif
+
+# Milter header files package name
+%if (0%{?rhel} && 0%{?rhel} <= 7) || (0%{?fedora} && 0%{?fedora} <= 25)
+%global milter_devel_package sendmail-devel
+%else
+%global milter_devel_package sendmail-milter-devel
+%endif
+
+# Do a hardened build where possible
+%global _hardened_build 1
+
+Summary:	Milter (mail filter) for spamassassin
+Name:		spamass-milter
+Version:	0.4.0
+Release:	14%{?dist}
+License:	GPLv2+
+URL:		http://savannah.nongnu.org/projects/spamass-milt/
+Source0:	http://savannah.nongnu.org/download/spamass-milt/spamass-milter-%{version}.tar.gz
+Source1:	spamass-milter.README.Postfix
+Source2:	spamass-milter-tmpfs.conf
+Source3:	spamass-milter-postfix-tmpfs.conf
+# SysV init
+Source10:	spamass-milter.sysv
+Source11:	spamass-milter-sysconfig.sysv
+# systemd
+Source20:	spamass-milter.service
+Source21:	spamass-milter-root.service
+Source22:	spamass-milter-sysconfig.systemd
+Source23:	spamass-milter-postfix-sysconfig.systemd
+# Patches submitted upstream:
+# http://savannah.nongnu.org/bugs/?29326
+Patch2:		spamass-milter-0.4.0-authuser.patch
+Patch3:		spamass-milter-0.4.0-rcvd.patch
+Patch4:		spamass-milter-0.4.0-bits.patch
+Patch5:		spamass-milter-0.4.0-group.patch
+# Patches not yet submitted upstream
+Patch8:		spamass-milter-0.4.0-auth-no-ssf.patch
+# Fedora-specific patches
+Patch10:	spamass-milter-0.4.0-pathnames.patch
+Patch11:	spamass-milter-0.4.0-rundir.patch
+BuildRequires:	coreutils
+BuildRequires:	gcc-c++
+BuildRequires:	make
+BuildRequires:	%milter_devel_package
+BuildRequires:	spamassassin
+Requires:	spamassassin, /usr/sbin/sendmail
+%if %{rundir_tmpfs}
+# Needed for ownership of %%{_tmpfilesdir}
+Requires:	%{systemd_units}
+%endif
+
+Requires(pre): glibc-common, shadow-utils
+%if %{sysv_to_systemd}
+Requires(pre): chkconfig, coreutils, systemd-sysv
+%endif
+%if %{use_systemd}
+BuildRequires: %{systemd_units}
+Requires(post): coreutils, %{systemd_units}
+Requires(preun): %{systemd_units}
+Requires(postun): %{systemd_units}
+%else
+Requires(post): chkconfig
+Requires(preun): chkconfig, initscripts
+Requires(postun): initscripts
+%endif
+
+%description
+A milter (Mail Filter) application that pipes incoming mail (including things
+received by rmail/UUCP) through SpamAssassin, a highly customizable spam
+filter. A milter-compatible MTA such as Sendmail or Postfix is required.
+
+%package postfix
+Summary:	Postfix support for spamass-milter
+Requires:	%{name} = %{version}-%{release}
+Requires(pre):	postfix
+Requires(post):	shadow-utils, %{name} = %{version}-%{release}
+BuildArch:	noarch
+
+%description postfix
+This package adds support for running spamass-milter using a Unix-domain
+socket to communicate with the Postfix MTA.
+
+%prep
+%setup -q
+
+# Copy in general support files
+cp -p %{SOURCE1} README.Postfix
+cp -p %{SOURCE2} spamass-milter-tmpfs.conf
+cp -p %{SOURCE3} spamass-milter-postfix-tmpfs.conf
+
+# Fix Received-header generation (#496763)
+%patch3 -b .rcvd
+
+# Add authentication info to dummy Received-header (#496769)
+%patch4 -b .bits
+
+# Add -g option for group-writable socket for Postfix support (#452248)
+%patch5 -b .group
+
+# Help for users authenticating to Postfix (#730308)
+%patch8 -b .postfix-auth
+
+# Local patch for initscript and socket paths
+%patch10 -b .pathnames
+
+# Add -I option to ignore (don't check) mail from authenticated users
+# (#437506, #496767) http://savannah.nongnu.org/bugs/?21046
+# Note: upstream introduced a similar -a option in version 0.4.0, so this
+# option is retained only in builds prior to Fedora 22 for compatibility
+%if (0%{?rhel} && 0%{?rhel} <= 7) || (0%{?fedora} && 0%{?fedora} <= 21)
+%patch2 -b .authuser
+%endif
+
+# With systemd, the runtime directory is /run rather than /var/run
+%if %{rundir_tmpfs}
+%patch11 -b .rundir
+%endif
+
+# Copy in SysV init files
+%if !%{use_systemd}
+cp -p %{SOURCE10} %{SOURCE11} .
+%endif
+
+# Copy in systemd files
+%if %{use_systemd}
+cp -p %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} .
+%endif
+
+%build
+export SENDMAIL=/usr/sbin/sendmail
+%configure
+make %{?_smp_mflags}
+
+%install
+make DESTDIR=%{buildroot} install
+
+install -m 755 -d %{buildroot}%{_localstatedir}/lib/spamass-milter
+install -m 711 -d %{buildroot}%{rundir}/spamass-milter
+install -m 750 -d %{buildroot}%{rundir}/spamass-milter/postfix
+%if %{use_systemd}
+install -m 644 -D spamass-milter.service \
+	%{buildroot}%{_unitdir}/spamass-milter.service
+install -m 644 -D spamass-milter-root.service \
+	%{buildroot}%{_unitdir}/spamass-milter-root.service
+install -m 644 -D spamass-milter-sysconfig.systemd \
+	%{buildroot}%{_sysconfdir}/sysconfig/spamass-milter
+install -m 644 -D spamass-milter-postfix-sysconfig.systemd \
+	%{buildroot}%{_sysconfdir}/sysconfig/spamass-milter-postfix
+%else
+install -m 755 -D spamass-milter.sysv \
+	%{buildroot}%{_initddir}/spamass-milter
+install -m 644 -D spamass-milter-sysconfig.sysv \
+	%{buildroot}%{_sysconfdir}/sysconfig/spamass-milter
+%endif
+
+# Make sure %%{rundir}/spamass-milter{,/postfix} exist at boot time for systems
+# with %%{rundir} on tmpfs (#656692)
+%if %{rundir_tmpfs}
+install -m 755 -d %{buildroot}%{_tmpfilesdir}
+install -m 644 spamass-milter-tmpfs.conf \
+	%{buildroot}%{_tmpfilesdir}/spamass-milter.conf
+install -m 644 spamass-milter-postfix-tmpfs.conf \
+	%{buildroot}%{_tmpfilesdir}/spamass-milter-postfix.conf
+%endif
+
+# Create dummy sockets for %%ghost-ing
+: > %{buildroot}%{rundir}/spamass-milter/spamass-milter.sock
+: > %{buildroot}%{rundir}/spamass-milter/postfix/sock
+
+%pre
+getent group sa-milt >/dev/null || groupadd -r sa-milt
+getent passwd sa-milt >/dev/null || \
+	useradd -r -g sa-milt -d %{_localstatedir}/lib/spamass-milter \
+		-s /sbin/nologin -c "SpamAssassin Milter" sa-milt
+# Fix homedir for upgrades
+usermod --home %{_localstatedir}/lib/spamass-milter sa-milt &>/dev/null
+%if %{sysv_to_systemd}
+# Start SysV-to-systemd migration
+rm -f %{migrfile} &>/dev/null
+if [ $1 -gt 1 -a ! -e %{_unitdir}/spamass-milter.service -a -e %{_initddir}/spamass-milter ]; then
+	systemd-sysv-convert --save spamass-milter &>/dev/null
+	chkconfig --del spamass-milter &>/dev/null
+	touch %{migrfile} &>/dev/null
+fi
+%endif
+exit 0
+
+%post
+if [ $1 -eq 1 ]; then
+	# Initial installation
+%if %{use_systemd}
+	systemctl daemon-reload &>/dev/null || :
+%else
+	chkconfig --add spamass-milter || :
+%endif
+%if %{preset_support}
+	systemctl preset spamass-milter.service &>/dev/null || :
+	systemctl preset spamass-milter-root.service &>/dev/null || :
+%endif
+fi
+
+%preun
+if [ $1 -eq 0 ]; then
+	# Package removal, not upgrade
+%if %{use_systemd}
+	systemctl --no-reload disable spamass-milter.service &>/dev/null || :
+	systemctl stop spamass-milter.service &>/dev/null || :
+	systemctl --no-reload disable spamass-milter-root.service &>/dev/null || :
+	systemctl stop spamass-milter-root.service &>/dev/null || :
+%else
+	%{_initddir}/spamass-milter stop &>/dev/null || :
+	chkconfig --del spamass-milter || :
+%endif
+fi
+
+%postun
+%if %{use_systemd}
+systemctl daemon-reload &>/dev/null || :
+%endif
+if [ $1 -ge 1 ]; then
+	# Package upgrade, not uninstall
+%if %{use_systemd}
+	systemctl try-restart spamass-milter.service &>/dev/null || :
+	systemctl try-restart spamass-milter-root.service &>/dev/null || :
+%else
+	%{_initddir}/spamass-milter condrestart &>/dev/null || :
+%endif
+fi
+
+%if %{sysv_to_systemd}
+%triggerpostun -- spamass-milter
+# Complete the SysV-to-system migration started in %%pre
+if [ $1 -gt 0 -a -e %{migrfile} ]; then
+	systemctl daemon-reload &>/dev/null || :
+	systemctl try-restart spamass-milter.service &>/dev/null
+fi
+rm -f %{migrfile} &>/dev/null || :
+%endif
+
+%post postfix
+# This is needed because the milter needs to "give away" the MTA communication
+# socket to the postfix group, and it needs to be a member of the group to do
+# that.
+usermod -a -G postfix sa-milt || :
+
+%files
+%doc AUTHORS ChangeLog NEWS README
+%{_mandir}/man1/spamass-milter.1*
+%config(noreplace) %{_sysconfdir}/sysconfig/spamass-milter
+%if %{rundir_tmpfs}
+%{_tmpfilesdir}/spamass-milter.conf
+%endif
+%if %{use_systemd}
+%{_unitdir}/spamass-milter.service
+%{_unitdir}/spamass-milter-root.service
+%else
+%{_initddir}/spamass-milter
+%endif
+%{_sbindir}/spamass-milter
+%dir %attr(-,sa-milt,sa-milt) %{_localstatedir}/lib/spamass-milter/
+%dir %attr(-,sa-milt,sa-milt) %{rundir}/spamass-milter/
+%ghost %{rundir}/spamass-milter/spamass-milter.sock
+
+%files postfix
+%doc README.Postfix
+%if %{rundir_tmpfs}
+%{_tmpfilesdir}/spamass-milter-postfix.conf
+%endif
+%if %{use_systemd}
+%config(noreplace) %{_sysconfdir}/sysconfig/spamass-milter-postfix
+%endif
+%dir %attr(-,sa-milt,postfix) %{rundir}/spamass-milter/postfix/
+%ghost %{rundir}/spamass-milter/postfix/sock
+
+%changelog
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Mon Jan 29 2018 Paul Howarth <paul@city-fan.org> - 0.4.0-12
+- Account for systemd-units being merged into systemd at Fedora 17
+- Drop support for SysV-to-systemd migration from Fedora 18, RHEL 7
+- Use forward-looking conditionals
+- One build requirement per line
+
+* Wed Nov 15 2017 Paul Howarth <paul@city-fan.org> - 0.4.0-11
+- Replace /bin/* dependencies with coreutils etc. (#1512898)
+- Drop explicit paths for commands to aid spec readability
+- Drop EL-5 support
+  - Drop legacy Group: and BuildRoot: tags
+  - Drop explicit buildroot cleaning in %%install section
+  - Drop explicit %%clean section
+  - Noarch sub-packages are always available now
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Mon Aug 22 2016 Paul Howarth <paul@city-fan.org> - 0.4.0-7
+- Document expected warning message when used with Postfix (#1368645)
+
+* Fri Aug  5 2016 Paul Howarth <paul@city-fan.org> - 0.4.0-6
+- sendmail-devel renamed to sendmail-milter-devel from Fedora 26
+- Specify all build requirements
+
+* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Wed Jan  6 2016 Paul Howarth <paul@city-fan.org> - 0.4.0-4
+- Document macro requirements for Postfix (#1294245)
+
+* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Sat May 02 2015 Kalev Lember <kalevlember@gmail.com> - 0.4.0-2
+- Rebuilt for GCC 5 C++11 ABI change
+
+* Thu Feb 26 2015 Paul Howarth <paul@city-fan.org> - 0.4.0-1
+- Update to 0.4.0
+  - New options:
+    -C option to change the default reject code
+    -S option to specify a path to sendmail (for the -x option)
+    -R option to specify the rejection message
+    -a option to skip messages that were authenticated
+  - IPv6 address support
+  - Syntax clean-ups
+- Drop upstreamed syntax, rejection text and IPv6 patches
+- Update authuser patch: note that upstream has introduced a -a option that
+  does pretty much the same as the -I option added by this patch, so this
+  patch is deprecated and will not be included in builds for Fedora 22 onwards
+- Clean up other patches to apply cleanly
+
+* Tue Feb 24 2015 Paul Howarth <paul@city-fan.org> - 0.3.2-15
+- Add -R option to specify SMTP rejection text (#1131667)
+- Drop %%defattr, redundant since rpm 4.4
+
+* Thu Aug 21 2014 Kevin Fenzi <kevin@scrye.com> - 0.3.2-14
+- Rebuild for rpm bug 1131960
+
+* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Wed Sep  5 2012 Paul Howarth <paul@city-fan.org> - 0.3.2-9
+- Add systemd preset support (#850321)
+
+* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Wed Jul  4 2012 Paul Howarth <paul@city-fan.org> - 0.3.2-7
+- Move the tmpfiles.d config from %%{_sysconfdir} to %%{_prefix}/lib
+
+* Mon Apr 16 2012 Paul Howarth <paul@city-fan.org> - 0.3.2-6
+- Do a hardened (PIE) build where possible
+
+* Wed Jan 11 2012 Paul Howarth <paul@city-fan.org> - 0.3.2-5
+- Rebuild for gcc 4.7 in Rawhide
+
+* Wed Aug 24 2011 Paul Howarth <paul@city-fan.org> - 0.3.2-4
+- Add systemd init support, on by default from Fedora 16
+- %%ghost the sockets for clean uninstalls
+
+* Thu Aug 18 2011 Paul Howarth <paul@city-fan.org> - 0.3.2-3
+- Help for users authenticating to Postfix (#730308)
+
+* Mon Jul 18 2011 Paul Howarth <paul@city-fan.org> - 0.3.2-2
+- Drop the wrapper, which hasn't been needed since 0.3.1 was released
+- Nobody else likes macros for commands
+
+* Tue Feb 15 2011 Paul Howarth <paul@city-fan.org> - 0.3.2-1
+- Update to 0.3.2 (upstream fix for popen unsanitized input vulnerability:
+  CVE-2010-1132, #572117, #572119, http://savannah.nongnu.org/bugs/?29136)
+- Drop popen patch, now upstream
+- Rework syntax, rcvd and bits patches to apply against new codebase
+
+* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-25
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Tue Nov 30 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-24
+- Require systemd-units for ownership of /etc/tmpfiles.d directory
+- Add Default-Stop LSB keyword in initscript
+
+* Fri Nov 26 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-23
+- Make sure /var/run/spamass-milter and /var/run/spamass-milter/postfix exist
+  at boot time for systems with /var/run on tmpfs (#656692)
+
+* Wed Sep 29 2010 jkeating - 0.3.1-22
+- Rebuilt for gcc bug 634757
+
+* Thu Sep 23 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-21
+- Add IPv6 whitelisting support (#630263)
+
+* Tue Jun  8 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-20
+- RHEL-6 onwards have noarch subpackages, so make spamass-milter-postfix one
+
+* Mon Apr 19 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-19
+- Fix patch for CVE-2010-1132 to not create a zombie process per email when
+  the -x or -b options are used (#583523)
+
+* Tue Mar 23 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-18
+- Add patch to get rid of compiler warnings
+- Reorder and re-base patches to optimize chances of upstream accepting them
+- Improve Received-header patch (#496763) incorporating additional fix from
+  upstream update (http://savannah.nongnu.org/bugs/?17178)
+
+* Fri Mar 12 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-17
+- Update initscript to support running the milter as root, which is needed
+  for the -x (expand aliases) option; note that the milter does not run as
+  root by default
+- Add patch for popen unsanitized input vulnerability
+  (CVE-2010-1132, #572117, #572119, http://savannah.nongnu.org/bugs/?29136)
+- Rebase authuser patch
+- Update patch adding auth info to dummy Received-header so that it doesn't
+  generate spurious warnings about missing macros (#532266), and update and
+  merge the macro documentation patch into this patch
+- Document patch usage in spec file
+
+* Tue Aug 11 2009 Paul Howarth <paul@city-fan.org> - 0.3.1-16
+- Switch to bzipped source tarball
+
+* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Fri Apr 24 2009 Paul Howarth <paul@city-fan.org> - 0.3.1-14
+- Fix Received-header generation (#496763)
+- Add authentication info to dummy Received-header (#496769)
+- Add option to skip checks for authenticated senders (#437506, #496767)
+  (thanks to Habeeb J. Dihu for the reports and patches)
+
+* Wed Mar 18 2009 Paul Howarth <paul@city-fan.org> - 0.3.1-13
+- Call initscripts directly instead of via /sbin/service and fine-tune scriptlet
+  dependencies
+- Change sa-milt user's home directory from
+  %%{_localstatedir}/run/spamass-milter to %%{_localstatedir}/lib/spamass-milter
+  so as to retain directory contents across a reboot (#489995), and fix the home
+  directory of any existing sa-milt account on upgrades
+
+* Fri Feb 27 2009 Paul Howarth <paul@city-fan.org> - 0.3.1-12
+- Subpackage for postfix is now noarch for Fedora 10 onwards
+- Fix scriptlet deps to ensure that sa-milt user exists before we attempt to
+  add it to the postfix group
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Fri Feb 13 2009 Paul Howarth <paul@city-fan.org> - 0.3.1-10
+- Rebuild for shared libmilter in Fedora 11 development
+
+* Thu Jul  3 2008 Paul Howarth <paul@city-fan.org> - 0.3.1-9
+- Require /usr/sbin/sendmail (for -b/-B/-x options) rather than sendmail pkg
+- Make summary and description less Sendmail-specific
+- Add patch to support group-writable socket for MTA communication, needed
+  to be able to use a Unix-domain socket with Postfix (#452248)
+- Add subpackage with group-writable directory for Postfix support
+- Tweak initscript to change default options when Postfix socket directory is
+  present
+- Document additional ENVRCPT macros to provide
+
+* Tue May 20 2008 Paul Howarth <paul@city-fan.org> - 0.3.1-8
+- Fix initscript failure to start with SELinux in enforcing mode (#447247)
+  (needs selinux-policy >= 3.3.1-55 on F9)
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 0.3.1-7
+- Autorebuild for GCC 4.3
+
+* Mon Feb 18 2008 Paul Howarth <paul@city-fan.org> - 0.3.1-6
+- Rebuild with gcc 4.3.0 for Fedora 9
+
+* Fri Oct 12 2007 Paul Howarth <paul@city-fan.org> - 0.3.1-5
+- Split initscript and config out from being here documents in the spec and
+  have them as separate source files instead
+- Unexpand tabs
+- Clarify license as GPL v2 or later (GPLv2+)
+- Use the standard scriptlet for user/group creation in %%pre
+
+* Wed Aug 30 2006 Paul Howarth <paul@city-fan.org> - 0.3.1-4
+- Use make/DESTDIR instead of deprecated %%makeinstall macro
+- Expand tabs and clean up changelog entries
+
+* Mon May 15 2006 Paul Howarth <paul@city-fan.org> - 0.3.1-3
+- Use upstream default settings (#191602)
+  This change re-enables by default Subject/Content-Type header modification
+  (which may have a performance impact for large messages) and disables by
+  default the rejection of emails with a spam score of 15 or more. To re-enable
+  these options, uncomment the line:
+  EXTRA_FLAGS="-m -r 15"
+  in %%{_sysconfdir}/sysconfig/spamass-milter
+  
+* Sun May  7 2006 Paul Howarth <paul@city-fan.org> - 0.3.1-2
+- Fix race condition in "stop" clause of initscript (#190894)
+
+* Thu Apr  6 2006 Paul Howarth <paul@city-fan.org> - 0.3.1-1
+- Update to 0.3.1
+
+* Wed Feb 15 2006 Paul Howarth <paul@city-fan.org> - 0.3.0-9
+- Don't use macros in command paths, hardcode them instead
+
+* Mon Aug  1 2005 Paul Howarth <paul@city-fan.org> - 0.3.0-8
+- Run the milter in a wrapper script that restarts it if it crashes
+
+* Thu Jun 16 2005 Paul Howarth <paul@city-fan.org> - 0.3.0-7
+- Bump and rebuild due to transient build system failure
+
+* Wed Jun 15 2005 Paul Howarth <paul@city-fan.org> - 0.3.0-6
+- Adjust initscript chkconfig values so it starts before sendmail
+
+* Mon Jun 13 2005 Paul Howarth <paul@city-fan.org> - 0.3.0-5
+- Help the configure script find sendmail
+
+* Mon Jun 13 2005 Paul Howarth <paul@city-fan.org> - 0.3.0-4
+- Bump and rebuild
+
+* Mon Jun 06 2005 Paul Howarth <paul@city-fan.org> - 0.3.0-3
+- Use Extras standard buildroot
+- Unpack tarball quietly
+- Create account sa-milt and run the milter using that instead of root
+- Fix socket name in README
+- Initscript not %%config
+
+* Sun Jun 05 2005 Warren Togami <wtogami@redhat.com> - 0.3.0-2
+- Extras
+
+* Tue Feb 08 2005 Dag Wieers <dag@wieers.com> - 0.3.0-1
+- Updated to release 0.3.0
+
+* Wed Sep 01 2004 Dag Wieers <dag@wieers.com> - 0.2.0-1
+- Fixed variables in sysconfig file (mator)
+
+* Tue Feb 17 2004 Dag Wieers <dag@wieers.com> - 0.2.0-0
+- Initial package (using DAR)