webbuilder_pel7ppc64bebuilder0
6 years ago
15 changed files with 1386 additions and 0 deletions
@ -0,0 +1,28 @@
@@ -0,0 +1,28 @@
|
||||
This change is to help users with Postfix that aren't using the -a option |
||||
to not pass mail from authenticated users through SpamAssassin. Postfix, |
||||
unlike Sendmail, does not provide the {auth_ssf} macro, so in the case |
||||
where mail is from an authenticated user, the modified code can now add |
||||
an (authenticated) hint in the dummy Received: header (where Sendmail would |
||||
add (authenticated bits=nnn)), and this is scored favourably by SpamAssassin. |
||||
|
||||
http://bugzilla.redhat.com/730308 |
||||
|
||||
--- spamass-milter.cpp |
||||
+++ spamass-milter.cpp |
||||
@@ -1069,9 +1069,14 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp |
||||
|
||||
rec_header = (string) "Received: from " + macro_s + " (" + macro__ + ")\r\n\t"; |
||||
|
||||
- if (strlen(macro_auth_ssf)) |
||||
+ if (strlen(macro_auth_authen)) |
||||
{ |
||||
- rec_header += (string) "(authenticated bits=" + macro_auth_ssf + ")\r\n\t"; |
||||
+ rec_header += (string) "(authenticated"; |
||||
+ if (strlen(macro_auth_ssf)) |
||||
+ { |
||||
+ rec_header += (string) " bits=" + macro_auth_ssf; |
||||
+ } |
||||
+ rec_header += (string) ")\r\n\t"; |
||||
} |
||||
|
||||
rec_header += (string) "by " + macro_j + " (" + macro_v + "/" + macro_Z + ") with " + |
@ -0,0 +1,89 @@
@@ -0,0 +1,89 @@
|
||||
--- spamass-milter.1.in |
||||
+++ spamass-milter.1.in |
||||
@@ -16,6 +16,7 @@ |
||||
.Op Fl f |
||||
.Op Fl g Ar group |
||||
.Op Fl i Ar networks |
||||
+.Op Fl I |
||||
.Op Fl m |
||||
.Op Fl M |
||||
.Op Fl P Ar pidfile |
||||
@@ -134,6 +135,8 @@ Multiple |
||||
flags will append to the list. |
||||
For example, if you list all your internal networks, no outgoing emails |
||||
will be filtered. |
||||
+.It Fl I |
||||
+Ignores messages if the sender has authenticated via SMTP AUTH. |
||||
.It Fl m |
||||
Disables modification of the |
||||
.Ql Subject: |
||||
--- spamass-milter.cpp |
||||
+++ spamass-milter.cpp |
||||
@@ -178,6 +178,7 @@ bool flag_full_email = false; /* pass f |
||||
bool flag_expand = false; /* alias/virtusertable expansion */ |
||||
bool warnedmacro = false; /* have we logged that we couldn't fetch a macro? */ |
||||
bool auth = false; /* don't scan authenticated users */ |
||||
+bool ignore_authenticated_senders = false; /* authenticated users bypass spam checks */ |
||||
|
||||
// {{{ main() |
||||
|
||||
@@ -185,7 +186,7 @@ int |
||||
main(int argc, char* argv[]) |
||||
{ |
||||
int c, err = 0; |
||||
- const char *args = "afd:mMp:P:r:u:D:i:b:B:e:xS:R:C:g:"; |
||||
+ const char *args = "afd:mMp:P:r:u:D:i:Ib:B:e:xS:R:C:g:"; |
||||
char *sock = NULL; |
||||
char *group = NULL; |
||||
bool dofork = false; |
||||
@@ -225,6 +226,10 @@ main(int argc, char* argv[]) |
||||
debug(D_MISC, "Parsing ignore list"); |
||||
parse_networklist(optarg, &ignorenets); |
||||
break; |
||||
+ case 'I': |
||||
+ debug(D_MISC, "Ignore authenticated senders"); |
||||
+ ignore_authenticated_senders = true; |
||||
+ break; |
||||
case 'm': |
||||
dontmodifyspam = true; |
||||
smfilter.xxfi_flags &= ~SMFIF_CHGBODY; |
||||
@@ -301,7 +306,7 @@ main(int argc, char* argv[]) |
||||
cout << PACKAGE_NAME << " - Version " << PACKAGE_VERSION << endl; |
||||
cout << "SpamAssassin Sendmail Milter Plugin" << endl; |
||||
cout << "Usage: spamass-milter -p socket [-b|-B bucket] [-d xx[,yy...]] [-D host]" << endl; |
||||
- cout << " [-e defaultdomain] [-f] [-i networks] [-m] [-M]" << endl; |
||||
+ cout << " [-e defaultdomain] [-f] [-i networks] [-I] [-m] [-M]" << endl; |
||||
cout << " [-P pidfile] [-r nn] [-u defaultuser] [-x] [-a]" << endl; |
||||
cout << " [-C rejectcode] [-R rejectmsg] [-g group]" << endl; |
||||
cout << " [-- spamc args ]" << endl; |
||||
@@ -318,6 +323,7 @@ main(int argc, char* argv[]) |
||||
cout << " -g group: socket group (perms to 660 as well)" << endl; |
||||
cout << " -i: skip (ignore) checks from these IPs or netblocks" << endl; |
||||
cout << " example: -i 192.168.12.5,10.0.0.0/8,172.16.0.0/255.255.0.0" << endl; |
||||
+ cout << " -I: skip (ignore) checks if sender is authenticated" << endl; |
||||
cout << " -m: don't modify body, Content-type: or Subject:" << endl; |
||||
cout << " -M: don't modify the message at all" << endl; |
||||
cout << " -P pidfile: Put processid in pidfile" << endl; |
||||
@@ -850,6 +856,22 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro |
||||
return SMFIS_ACCEPT; |
||||
} |
||||
} |
||||
+ |
||||
+ if (ignore_authenticated_senders) |
||||
+ { |
||||
+ char *auth_authen; |
||||
+ |
||||
+ auth_authen = smfi_getsymval(ctx, const_cast<char *>("{auth_authen}")); |
||||
+ debug(D_MISC, "auth_authen=%s", auth_authen ?: "<unauthenticated>"); |
||||
+ |
||||
+ if (auth_authen) |
||||
+ { |
||||
+ debug(D_MISC, "sender authenticated (%s) - accepting message", |
||||
+ auth_authen); |
||||
+ debug(D_FUNC, "mlfi_envfrom: exit ignore"); |
||||
+ return SMFIS_ACCEPT; |
||||
+ } |
||||
+ } |
||||
|
||||
debug(D_FUNC, "mlfi_envfrom: enter"); |
||||
try { |
@ -0,0 +1,289 @@
@@ -0,0 +1,289 @@
|
||||
Add authenticated bits information into the dummy generated |
||||
Received-header for SpamAssassin to facilitate adding a rule |
||||
to score mail from authenticated clients. |
||||
|
||||
Discussion: |
||||
http://bugzilla.redhat.com/496769 |
||||
http://www.gossamer-threads.com/lists/spamassassin/users/146948 |
||||
|
||||
This patch also moves some of the macro collection to the |
||||
ENVFROM callback, where the required macros are available by default. |
||||
|
||||
--- README |
||||
+++ README |
||||
@@ -55,16 +55,28 @@ configuring sendmail through m4 & the se |
||||
adding the lines |
||||
|
||||
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/sendmail/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl |
||||
-define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl |
||||
-define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl |
||||
-define(`confMILTER_MACROS_ENVFROM',`{auth_authen}, {auth_type}')dnl |
||||
-define(`confMILTER_MACROS_ENVRCPT',`r, v, Z')dnl |
||||
+define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`, b, r, v, Z')dnl |
||||
+ |
||||
|
||||
should do the trick. Of course you need to modify the path of the |
||||
socket if you put another one into the startup script. The timeouts |
||||
have been increased somewhat because SpamAssassin may chew on it for a |
||||
little while on a slow machine. |
||||
|
||||
+If you are using multiple milter mail filters on your mail server, you may |
||||
+have overridden the default values of some of the confMILTER_MACROS_* |
||||
+macros whilst configuring the other filters. You need to ensure that at |
||||
+least the following values are present: |
||||
+ |
||||
+confMILTER_MACROS_CONNECT must include the {j} and {_} macros |
||||
+(all included by default) |
||||
+ |
||||
+confMILTER_MACROS_ENVFROM must include the {i}, {auth_authen}, {auth_ssf} |
||||
+and {auth_type} macros (all included by default) |
||||
+ |
||||
+confMILTER_MACROS_ENVRCPT must include the {b}, {r}, {v}, and {Z} macros |
||||
+ |
||||
+ |
||||
Now recreate sendmail.cf, restart sendmail and experiment around a bit |
||||
with the setup to make sure it is working. |
||||
|
||||
--- spamass-milter.cpp |
||||
+++ spamass-milter.cpp |
||||
@@ -702,6 +702,7 @@ sfsistat |
||||
mlfi_connect(SMFICTX * ctx, char *hostname, _SOCK_ADDR * hostaddr) |
||||
{ |
||||
struct context *sctx; |
||||
+ const char *macro_j, *macro__; |
||||
int rv; |
||||
|
||||
debug(D_FUNC, "mlfi_connect: enter"); |
||||
@@ -726,8 +727,31 @@ mlfi_connect(SMFICTX * ctx, char *hostna |
||||
} |
||||
sctx->assassin = NULL; |
||||
sctx->helo = NULL; |
||||
- |
||||
- /* store a pointer to it with setpriv */ |
||||
+ sctx->our_fqdn = NULL; |
||||
+ sctx->sender_address = NULL; |
||||
+ sctx->queueid = NULL; |
||||
+ sctx->auth_authen = NULL; |
||||
+ sctx->auth_ssf = NULL; |
||||
+ |
||||
+ /* store our FQDN */ |
||||
+ macro_j = smfi_getsymval(ctx, const_cast<char *>("j")); |
||||
+ if (!macro_j) |
||||
+ { |
||||
+ macro_j = "localhost"; |
||||
+ warnmacro("j", "CONNECT"); |
||||
+ } |
||||
+ sctx->our_fqdn = strdup(macro_j); |
||||
+ |
||||
+ /* store the validated sending site's address */ |
||||
+ macro__ = smfi_getsymval(ctx, const_cast<char *>("_")); |
||||
+ if (!macro__) |
||||
+ { |
||||
+ macro__ = "unknown"; |
||||
+ warnmacro("_", "CONNECT"); |
||||
+ } |
||||
+ sctx->sender_address = strdup(macro__); |
||||
+ |
||||
+ /* store a pointer to our private data with setpriv */ |
||||
rv = smfi_setpriv(ctx, sctx); |
||||
if (rv != MI_SUCCESS) |
||||
{ |
||||
@@ -778,7 +802,7 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro |
||||
{ |
||||
SpamAssassin* assassin; |
||||
struct context *sctx = (struct context *)smfi_getpriv(ctx); |
||||
- const char *queueid; |
||||
+ const char *queueid, *macro_auth_ssf, *macro_auth_authen; |
||||
|
||||
if (sctx == NULL) |
||||
{ |
||||
@@ -814,17 +838,44 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro |
||||
|
||||
// remember the MAIL FROM address |
||||
assassin->set_from(string(envfrom[0])); |
||||
- |
||||
+ |
||||
+ // remember the queueid for this message |
||||
queueid=smfi_getsymval(ctx, const_cast<char *>("i")); |
||||
if (!queueid) |
||||
{ |
||||
queueid="unknown"; |
||||
warnmacro("i", "ENVFROM"); |
||||
} |
||||
- assassin->queueid = queueid; |
||||
- |
||||
+ sctx->queueid = strdup(queueid); |
||||
debug(D_MISC, "queueid=%s", queueid); |
||||
|
||||
+ // remember the SMTP AUTH login name |
||||
+ macro_auth_authen = smfi_getsymval(ctx, const_cast<char *>("{auth_authen}")); |
||||
+ if (!macro_auth_authen) |
||||
+ { |
||||
+ macro_auth_authen = ""; |
||||
+ // Don't issue a warning for the auth_authen macro as |
||||
+ // it is likely to be unset much of the time - it's |
||||
+ // only set if the client has authenticated. |
||||
+ // |
||||
+ // Similarly, we only issue warnings for the other |
||||
+ // auth-related macros if {auth_authen) is available. |
||||
+ // |
||||
+ // warnmacro("auth_authen", "ENVFROM"); |
||||
+ } |
||||
+ sctx->auth_authen = strdup(macro_auth_authen); |
||||
+ |
||||
+ // remember the SASL cipher bits |
||||
+ macro_auth_ssf = smfi_getsymval(ctx, const_cast<char *>("{auth_ssf}")); |
||||
+ if (!macro_auth_ssf) |
||||
+ { |
||||
+ macro_auth_ssf = ""; |
||||
+ if (strlen(macro_auth_authen)) { |
||||
+ warnmacro("auth_ssf", "ENVFROM"); |
||||
+ } |
||||
+ } |
||||
+ sctx->auth_ssf = strdup(macro_auth_ssf); |
||||
+ |
||||
// tell Milter to continue |
||||
debug(D_FUNC, "mlfi_envfrom: exit"); |
||||
|
||||
@@ -918,7 +969,8 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp |
||||
|
||||
*/ |
||||
const char *macro_b, *macro_i, *macro_j, *macro_r, |
||||
- *macro_s, *macro_v, *macro_Z, *macro__; |
||||
+ *macro_s, *macro_v, *macro_Z, *macro__, |
||||
+ *macro_auth_ssf, *macro_auth_authen; |
||||
char date[32]; |
||||
|
||||
/* RFC 822 date. */ |
||||
@@ -933,20 +985,13 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp |
||||
} |
||||
|
||||
/* queue ID */ |
||||
- macro_i = smfi_getsymval(ctx, const_cast<char *>("i")); |
||||
- if (!macro_i) |
||||
- { |
||||
- macro_i = "unknown"; |
||||
- warnmacro("i", "ENVRCPT"); |
||||
- } |
||||
+ macro_i = sctx->queueid; |
||||
|
||||
- /* FQDN of this site */ |
||||
- macro_j = smfi_getsymval(ctx, const_cast<char *>("j")); |
||||
- if (!macro_j) |
||||
- { |
||||
- macro_j = "localhost"; |
||||
- warnmacro("j", "ENVRCPT"); |
||||
- } |
||||
+ /* FQDN */ |
||||
+ macro_j = sctx->our_fqdn; |
||||
+ |
||||
+ /* Sender address */ |
||||
+ macro__ = sctx->sender_address; |
||||
|
||||
/* Protocol used to receive the message */ |
||||
macro_r = smfi_getsymval(ctx, const_cast<char *>("r")); |
||||
@@ -955,7 +1000,11 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp |
||||
macro_r = "SMTP"; |
||||
warnmacro("r", "ENVRCPT"); |
||||
} |
||||
- |
||||
+ |
||||
+ /* SMTP AUTH details */ |
||||
+ macro_auth_authen = sctx->auth_authen; |
||||
+ macro_auth_ssf = sctx->auth_ssf; |
||||
+ |
||||
/* Sendmail currently cannot pass us the {s} macro, but |
||||
I do not know why. Leave this in for the day sendmail is |
||||
fixed. Until that day, use the value remembered by |
||||
@@ -983,22 +1032,25 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp |
||||
warnmacro("Z", "ENVRCPT"); |
||||
} |
||||
|
||||
- /* Validated sending site's address */ |
||||
- macro__ = smfi_getsymval(ctx, const_cast<char *>("_")); |
||||
- if (!macro__) |
||||
+ assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n"); |
||||
+ assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n"); |
||||
+ |
||||
+ string rec_header; |
||||
+ |
||||
+ rec_header = (string) "Received: from " + macro_s + " (" + macro__ + ")\r\n\t"; |
||||
+ |
||||
+ if (strlen(macro_auth_ssf)) |
||||
{ |
||||
- macro__ = "unknown"; |
||||
- warnmacro("_", "ENVRCPT"); |
||||
+ rec_header += (string) "(authenticated bits=" + macro_auth_ssf + ")\r\n\t"; |
||||
} |
||||
|
||||
- assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n"); |
||||
- assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n"); |
||||
+ rec_header += (string) "by " + macro_j + " (" + macro_v + "/" + macro_Z + ") with " + |
||||
+ macro_r + " id " + macro_i + ";\r\n\t" + |
||||
+ macro_b + "\r\n\t" + |
||||
+ "(envelope-from " + assassin->from() + ")\r\n"; |
||||
|
||||
- assassin->output((string) |
||||
- "Received: from "+macro_s+" ("+macro__+")\r\n\t"+ |
||||
- "by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+ |
||||
- macro_b+"\r\n\t"+ |
||||
- "(envelope-from "+assassin->from()+")\r\n"); |
||||
+ debug(D_SPAMC, "Received header for spamc: %s", rec_header.c_str()); |
||||
+ assassin->output(rec_header); |
||||
|
||||
} else |
||||
assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n"); |
||||
@@ -1244,16 +1296,27 @@ mlfi_close(SMFICTX* ctx) |
||||
{ |
||||
struct context *sctx; |
||||
debug(D_FUNC, "mlfi_close"); |
||||
- |
||||
+ |
||||
sctx = (struct context*)smfi_getpriv(ctx); |
||||
if (sctx == NULL) |
||||
return SMFIS_ACCEPT; |
||||
|
||||
if (sctx->helo) |
||||
free(sctx->helo); |
||||
+ if (sctx->our_fqdn) |
||||
+ free(sctx->our_fqdn); |
||||
+ if (sctx->sender_address) |
||||
+ free(sctx->sender_address); |
||||
+ if (sctx->queueid) |
||||
+ free(sctx->queueid); |
||||
+ if (sctx->auth_authen) |
||||
+ free(sctx->auth_authen); |
||||
+ if (sctx->auth_ssf) |
||||
+ free(sctx->auth_ssf); |
||||
+ |
||||
free(sctx); |
||||
smfi_setpriv(ctx, NULL); |
||||
- |
||||
+ |
||||
return SMFIS_ACCEPT; |
||||
} |
||||
|
||||
--- spamass-milter.h |
||||
+++ spamass-milter.h |
||||
@@ -168,9 +168,6 @@ public: |
||||
// List of recipients after alias/virtusertable expansion |
||||
list <string> expandedrcpt; |
||||
|
||||
- // the sendmail queue id for this message; used for logging |
||||
- string queueid; |
||||
- |
||||
// Process handling variables |
||||
pid_t pid; |
||||
int pipe_io[2][2]; |
||||
@@ -181,6 +178,11 @@ struct context |
||||
{ |
||||
char connect_ip[64]; // remote IP address |
||||
char *helo; |
||||
+ char *our_fqdn; |
||||
+ char *sender_address; |
||||
+ char *queueid; |
||||
+ char *auth_authen; |
||||
+ char *auth_ssf; |
||||
SpamAssassin *assassin; // pointer to the SA object if we're processing a message |
||||
}; |
||||
|
@ -0,0 +1,110 @@
@@ -0,0 +1,110 @@
|
||||
Add option -g group to have the milter create a group-writeable socket |
||||
for communication with the MTA and set the GID of the socket to the |
||||
specified group. This makes it possible to use the milter via a |
||||
unix-domain socket with Postfix as the MTA (Postfix doesn't run as |
||||
root and would otherwise be unable to use the socket). |
||||
|
||||
http://bugzilla.redhat.com/452248 |
||||
|
||||
--- spamass-milter.1.in |
||||
+++ spamass-milter.1.in |
||||
@@ -14,6 +14,7 @@ |
||||
.Op Fl D Ar host |
||||
.Op Fl e Ar defaultdomain |
||||
.Op Fl f |
||||
+.Op Fl g Ar group |
||||
.Op Fl i Ar networks |
||||
.Op Fl m |
||||
.Op Fl M |
||||
@@ -115,6 +116,12 @@ flag. |
||||
Causes |
||||
.Nm |
||||
to fork into the background. |
||||
+.It Fl g Ar group |
||||
+Makes the socket for communication with the MTA group-writable (mode 0750) |
||||
+and sets the socket's group to |
||||
+.Ar group . |
||||
+This option is intended for use with MTA's like Postfix that do not run as |
||||
+root, and is incompatible with Sendmail usage. |
||||
.It Fl i Ar networks |
||||
Ignores messages if the originating IP is in the network(s) listed. |
||||
The message will be passed through without calling SpamAssassin at all. |
||||
--- spamass-milter.cpp |
||||
+++ spamass-milter.cpp |
||||
@@ -89,6 +89,7 @@ |
||||
#endif |
||||
#include <errno.h> |
||||
#include <netdb.h> |
||||
+#include <grp.h> |
||||
|
||||
// C++ includes |
||||
#include <cstdio> |
||||
@@ -184,8 +185,9 @@ int |
||||
main(int argc, char* argv[]) |
||||
{ |
||||
int c, err = 0; |
||||
- const char *args = "afd:mMp:P:r:u:D:i:b:B:e:xS:R:C:"; |
||||
+ const char *args = "afd:mMp:P:r:u:D:i:b:B:e:xS:R:C:g:"; |
||||
char *sock = NULL; |
||||
+ char *group = NULL; |
||||
bool dofork = false; |
||||
char *pidfilename = NULL; |
||||
FILE *pidfile = NULL; |
||||
@@ -206,6 +208,9 @@ main(int argc, char* argv[]) |
||||
case 'f': |
||||
dofork = true; |
||||
break; |
||||
+ case 'g': |
||||
+ group = strdup(optarg); |
||||
+ break; |
||||
case 'd': |
||||
parse_debuglevel(optarg); |
||||
break; |
||||
@@ -298,7 +303,7 @@ main(int argc, char* argv[]) |
||||
cout << "Usage: spamass-milter -p socket [-b|-B bucket] [-d xx[,yy...]] [-D host]" << endl; |
||||
cout << " [-e defaultdomain] [-f] [-i networks] [-m] [-M]" << endl; |
||||
cout << " [-P pidfile] [-r nn] [-u defaultuser] [-x] [-a]" << endl; |
||||
- cout << " [-C rejectcode] [ -R rejectmsg ]" << endl; |
||||
+ cout << " [-C rejectcode] [-R rejectmsg] [-g group]" << endl; |
||||
cout << " [-- spamc args ]" << endl; |
||||
cout << " -p socket: path to create socket" << endl; |
||||
cout << " -b bucket: redirect spam to this mail address. The orignal" << endl; |
||||
@@ -310,6 +315,7 @@ main(int argc, char* argv[]) |
||||
cout << " -e defaultdomain: pass full email address to spamc instead of just\n" |
||||
" username. Uses 'defaultdomain' if there was none" << endl; |
||||
cout << " -f: fork into background" << endl; |
||||
+ cout << " -g group: socket group (perms to 660 as well)" << endl; |
||||
cout << " -i: skip (ignore) checks from these IPs or netblocks" << endl; |
||||
cout << " example: -i 192.168.12.5,10.0.0.0/8,172.16.0.0/255.255.0.0" << endl; |
||||
cout << " -m: don't modify body, Content-type: or Subject:" << endl; |
||||
@@ -378,6 +384,30 @@ main(int argc, char* argv[]) |
||||
} else { |
||||
debug(D_MISC, "smfi_register succeeded"); |
||||
} |
||||
+ |
||||
+ if (group) |
||||
+ { |
||||
+ struct group *gr; |
||||
+ |
||||
+ (void) smfi_opensocket(0); |
||||
+ gr = getgrnam(group); |
||||
+ if (gr) |
||||
+ { |
||||
+ int rc; |
||||
+ rc = chown(sock, (uid_t)-1, gr->gr_gid); |
||||
+ if (!rc) |
||||
+ { |
||||
+ (void) chmod(sock, 0660); |
||||
+ } else { |
||||
+ perror("group option, chown"); |
||||
+ exit(EX_NOPERM); |
||||
+ } |
||||
+ } else { |
||||
+ perror("group option, getgrnam"); |
||||
+ exit(EX_NOUSER); |
||||
+ } |
||||
+ } |
||||
+ |
||||
debug(D_ALWAYS, "spamass-milter %s starting", PACKAGE_VERSION); |
||||
err = smfi_main(); |
||||
debug(D_ALWAYS, "spamass-milter %s exiting", PACKAGE_VERSION); |
@ -0,0 +1,20 @@
@@ -0,0 +1,20 @@
|
||||
--- README |
||||
+++ README |
||||
@@ -42,7 +42,7 @@ put the spamass-milter binary and set th |
||||
you want to use. YOU WILL MOST LIKELY HAVE TO EDIT THE VARIABLES ON |
||||
TOP OF THIS FILE. |
||||
|
||||
-Then start the daemon via /etc/init.d/spamass-milter start and make |
||||
+Then start the daemon via /etc/rc.d/init.d/spamass-milter start and make |
||||
sure it didn't crash/terminate immediately. If it does, there should |
||||
usually be syslog output. |
||||
|
||||
@@ -54,7 +54,7 @@ Now you need to make sendmail use the pl |
||||
configuring sendmail through m4 & the sendmail.mc files. In this case |
||||
adding the lines |
||||
|
||||
-INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/sendmail/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl |
||||
+INPUT_MAIL_FILTER(`spamassassin', `S=unix:/var/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl |
||||
define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`, b, r, v, Z')dnl |
||||
|
||||
|
@ -0,0 +1,22 @@
@@ -0,0 +1,22 @@
|
||||
The code in spamass-milter.cpp that tries to create a |
||||
Sendmail-compatible header was broken and generated a header |
||||
that was incorrectly parsed by SpamAssassin. |
||||
|
||||
This is mostly fixed now apart from the space that needs |
||||
adding prior to the "(" between macro_j and macro_v. |
||||
|
||||
https://savannah.nongnu.org/bugs/index.php?17178 |
||||
http://bugs.debian.org/510665 |
||||
http://bugzilla.redhat.com/496763 |
||||
|
||||
--- spamass-milter.cpp |
||||
+++ spamass-milter.cpp |
||||
@@ -996,7 +996,7 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp |
||||
|
||||
assassin->output((string) |
||||
"Received: from "+macro_s+" ("+macro__+")\r\n\t"+ |
||||
- "by "+macro_j+"("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+ |
||||
+ "by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+ |
||||
macro_b+"\r\n\t"+ |
||||
"(envelope-from "+assassin->from()+")\r\n"); |
||||
|
@ -0,0 +1,28 @@
@@ -0,0 +1,28 @@
|
||||
--- README.Postfix |
||||
+++ README.Postfix |
||||
@@ -2,12 +2,12 @@ Installing the spamass-milter-postfix pa |
||||
of spamass-milter to be more Postfix-friendly, i.e.: |
||||
|
||||
The Unix-domain socket used for MTA communication is changed to |
||||
- /var/run/spamass-milter/postfix/sock, and that socket is |
||||
+ /run/spamass-milter/postfix/sock, and that socket is |
||||
writable by the postfix group. |
||||
|
||||
To configure Postfix to use the milter, add to /etc/postfix/main.cf: |
||||
|
||||
- smtpd_milters = unix:/var/run/spamass-milter/postfix/sock |
||||
+ smtpd_milters = unix:/run/spamass-milter/postfix/sock |
||||
|
||||
In addition: |
||||
|
||||
--- README |
||||
+++ README |
||||
@@ -54,7 +54,7 @@ Now you need to make sendmail use the pl |
||||
configuring sendmail through m4 & the sendmail.mc files. In this case |
||||
adding the lines |
||||
|
||||
-INPUT_MAIL_FILTER(`spamassassin', `S=unix:/var/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl |
||||
+INPUT_MAIL_FILTER(`spamassassin', `S=unix:/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl |
||||
define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`, b, r, v, Z')dnl |
||||
|
||||
|
@ -0,0 +1,4 @@
@@ -0,0 +1,4 @@
|
||||
# For Postfix support, use a postfix-group-writable socket |
||||
# for communication with the MTA |
||||
SOCKET="/run/spamass-milter/postfix/sock" |
||||
SOCKET_OPTIONS="-g postfix" |
@ -0,0 +1 @@
@@ -0,0 +1 @@
|
||||
d /run/spamass-milter/postfix 750 sa-milt postfix |
@ -0,0 +1,30 @@
@@ -0,0 +1,30 @@
|
||||
# Note: this unit file runs spamass-milter as the privileged user root, |
||||
# which is necessary for using the milter's -x option for performing |
||||
# virtusertable and alias expansion. If you are not using the -x option, |
||||
# there is no need for the milter to run as root and it is best not to do so, |
||||
# using the spamass-milter.service unit instead of this one. |
||||
|
||||
[Unit] |
||||
Description = Mail filter for SpamAssassin |
||||
Wants = spamassassin.service |
||||
After = syslog.target |
||||
After = local-fs.target |
||||
After = network.target |
||||
After = spamassassin.service |
||||
Before = sendmail.service |
||||
Before = postfix.service |
||||
Conflicts = spamass-milter.service |
||||
|
||||
[Service] |
||||
Type = simple |
||||
UMask = 0022 |
||||
Environment = SOCKET=/run/spamass-milter/spamass-milter.sock SOCKET_OPTIONS= EXTRA_FLAGS= |
||||
EnvironmentFile = -/etc/sysconfig/spamass-milter |
||||
EnvironmentFile = -/etc/sysconfig/spamass-milter-postfix |
||||
ExecStartPre = /bin/chown -R root /run/spamass-milter |
||||
ExecStart = /usr/sbin/spamass-milter $SOCKET_OPTIONS -p $SOCKET $EXTRA_FLAGS |
||||
ExecStopPost = /bin/chown -R sa-milt /run/spamass-milter |
||||
|
||||
[Install] |
||||
WantedBy = multi-user.target |
||||
|
@ -0,0 +1 @@
@@ -0,0 +1 @@
|
||||
d /run/spamass-milter 711 sa-milt sa-milt |
@ -0,0 +1,39 @@
@@ -0,0 +1,39 @@
|
||||
Installing the spamass-milter-postfix package changes the default behaviour |
||||
of spamass-milter to be more Postfix-friendly, i.e.: |
||||
|
||||
The Unix-domain socket used for MTA communication is changed to |
||||
/var/run/spamass-milter/postfix/sock, and that socket is |
||||
writable by the postfix group. |
||||
|
||||
To configure Postfix to use the milter, add to /etc/postfix/main.cf: |
||||
|
||||
smtpd_milters = unix:/var/run/spamass-milter/postfix/sock |
||||
|
||||
In addition: |
||||
|
||||
milter_connect_macros must include the j and _ macros |
||||
milter_rcpt_macros must include the b, r, v, and Z macros |
||||
|
||||
Most of these are present by default and shouldn't need explicitly setting, |
||||
except for the _ macro in milter_connect_macros. You can use: |
||||
|
||||
postconf -d milter_connect_macros |
||||
|
||||
to find the current setting, and add _ to the returned value, e.g. |
||||
|
||||
milter_connect_macros = j {daemon_name} v _ |
||||
|
||||
Note that Postfix users will see the following warning logged at the time of |
||||
the first connection to the milter: |
||||
|
||||
Could not retrieve sendmail macro "i"!. Please add it to |
||||
confMILTER_MACROS_ENVFROM for better spamassassin results |
||||
|
||||
This is a consequence of different design decisions between Postfix and |
||||
Sendmail (which spamass-milter is written for), where Postfix does not assign |
||||
a Queue ID to an incoming message until later in an SMTP transaction compared |
||||
with Sendmail. The milter wants to use the information before Postfix can |
||||
provide it, hence the message. It is harmless and can be ignored. |
||||
|
||||
For further information, see: |
||||
http://www.postfix.org/MILTER_README.html |
@ -0,0 +1,29 @@
@@ -0,0 +1,29 @@
|
||||
# Note: this unit file runs spamass-milter as the unprivileged user sa-milt, |
||||
# which is not compatible with the milter's -x option for performing |
||||
# virtusertable and alias expansion. If you are not using the -x option, |
||||
# there is no need for the milter to run as root and it is best not to do so. |
||||
# However, if you are using the -x option, you will need to run the milter as |
||||
# root and should use the spamass-milter-root.service unit instead of this one. |
||||
|
||||
[Unit] |
||||
Description = Mail filter for SpamAssassin |
||||
Wants = spamassassin.service |
||||
After = syslog.target |
||||
After = local-fs.target |
||||
After = network.target |
||||
After = spamassassin.service |
||||
Before = sendmail.service |
||||
Before = postfix.service |
||||
Conflicts = spamass-milter-root.service |
||||
|
||||
[Service] |
||||
Type = simple |
||||
UMask = 0022 |
||||
Environment = SOCKET=/run/spamass-milter/spamass-milter.sock SOCKET_OPTIONS= EXTRA_FLAGS= |
||||
EnvironmentFile = -/etc/sysconfig/spamass-milter |
||||
EnvironmentFile = -/etc/sysconfig/spamass-milter-postfix |
||||
User = sa-milt |
||||
ExecStart = /usr/sbin/spamass-milter $SOCKET_OPTIONS -p $SOCKET $EXTRA_FLAGS |
||||
|
||||
[Install] |
||||
WantedBy = multi-user.target |
@ -0,0 +1,116 @@
@@ -0,0 +1,116 @@
|
||||
#!/bin/bash |
||||
# |
||||
# Init file for SpamAssassin sendmail milter. |
||||
# |
||||
# chkconfig: - 79 21 |
||||
# description: spamass-milter is a daemon that hooks into sendmail and \ |
||||
# routes email messages to spamassassin |
||||
# |
||||
# processname: spamass-milter |
||||
# config: /etc/sysconfig/spamass-milter |
||||
# pidfile: /var/run/spamass-milter.pid |
||||
|
||||
### BEGIN INIT INFO |
||||
# Provides: spamass-milter |
||||
# Required-Start: $local_fs $network $syslog $named |
||||
# Required-Stop: $local_fs $network $syslog $named |
||||
# Default-Stop: 0 1 6 |
||||
# Should-Start: spamd spamassassin |
||||
# Should-Stop: spamd spamassassin |
||||
# Short-Description: Start or stop SpamAssassin Milter |
||||
# Description: Spamass-milter is an add-on to sendmail that can route mail \ |
||||
# messages through SpamAssassin and mark or reject mail deemed \ |
||||
# to be spam |
||||
### END INIT INFO |
||||
|
||||
# Default variables |
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin |
||||
RUN_AS_USER=sa-milt |
||||
SOCKET="/var/run/spamass-milter/spamass-milter.sock" |
||||
SOCKET_OPTIONS="" |
||||
EXTRA_FLAGS="" |
||||
SYSCONFIG="/etc/sysconfig/spamass-milter" |
||||
|
||||
# If Postfix support package is installed, use a postfix-group-writable |
||||
# socket for communication with the MTA |
||||
if [ -d /var/run/spamass-milter/postfix ]; then |
||||
SOCKET="/var/run/spamass-milter/postfix/sock" |
||||
SOCKET_OPTIONS="-g postfix" |
||||
fi |
||||
|
||||
# Read configuration |
||||
source /etc/rc.d/init.d/functions |
||||
for configfile in /etc/sysconfig/network "${SYSCONFIG}"; do |
||||
[ -r "${configfile}" ] && source "${configfile}" |
||||
done |
||||
|
||||
[ -x /usr/sbin/spamass-milter ] || exit 5 |
||||
|
||||
RETVAL=0 |
||||
prog="spamass-milter" |
||||
desc="SpamAssassin milter" |
||||
pidfile=/var/run/spamass-milter.pid |
||||
|
||||
# Fix ownership of socket directory if necessary |
||||
chown ${RUN_AS_USER} /var/run/spamass-milter |
||||
|
||||
start() { |
||||
echo -n $"Starting ${desc} (${prog}): " |
||||
touch ${pidfile} |
||||
chown ${RUN_AS_USER} ${pidfile} |
||||
[ -x /sbin/restorecon ] && /sbin/restorecon ${pidfile} |
||||
daemon --user ${RUN_AS_USER} /usr/sbin/${prog} ${SOCKET_OPTIONS} -p ${SOCKET} -P ${pidfile} -f ${EXTRA_FLAGS} |
||||
RETVAL=$? |
||||
echo |
||||
if [ ${RETVAL} -eq 0 ]; then |
||||
touch /var/lock/subsys/spamass-milter |
||||
return 0 |
||||
else |
||||
return 1 |
||||
fi |
||||
} |
||||
|
||||
stop() { |
||||
echo -n $"Shutting down ${desc} (${prog}): " |
||||
rm -f /var/lock/subsys/spamass-milter |
||||
killproc ${prog} |
||||
RETVAL=$? |
||||
echo |
||||
if [ ${RETVAL} -eq 0 ]; then |
||||
rm -f ${pidfile} |
||||
return 0 |
||||
else |
||||
return 1 |
||||
fi |
||||
} |
||||
|
||||
case "$1" in |
||||
start) |
||||
start |
||||
;; |
||||
stop) |
||||
stop |
||||
;; |
||||
restart|force-reload) |
||||
if [ "x`pidof spamass-milter`" != x ]; then |
||||
stop |
||||
sleep 2 |
||||
fi |
||||
start |
||||
;; |
||||
condrestart|try-restart) |
||||
if [ -e /var/lock/subsys/spamass-milter ]; then |
||||
stop |
||||
sleep 2 |
||||
start |
||||
else |
||||
exit 0 |
||||
fi |
||||
;; |
||||
status) |
||||
status ${prog} |
||||
;; |
||||
*) |
||||
echo $"Usage: $0 {start|stop|restart|try-restart|force-reload|status}" |
||||
exit 2 |
||||
esac |
@ -0,0 +1,580 @@
@@ -0,0 +1,580 @@
|
||||
# This package uses systemd init from Fedora 16, but can use it for |
||||
# Fedora 15 if built using --with systemd |
||||
%if !((0%{?rhel} && 0%{?rhel} <= 6) || (0%{?fedora} && 0%{?fedora} <= 15)) |
||||
%global _with_systemd --with-systemd |
||||
%endif |
||||
%global use_systemd %{!?_with_systemd:0}%{?_with_systemd:1} |
||||
|
||||
# The runtime directory is on tmpfs from Fedora 15 regardless of whether or not we're using systemd init |
||||
%if (0%{?rhel} && 0%{?rhel} <= 6) || (0%{?fedora} && 0%{?fedora} <= 14) |
||||
%global rundir %{_localstatedir}/run |
||||
%global rundir_tmpfs 0 |
||||
%else |
||||
%global rundir /run |
||||
%global rundir_tmpfs 1 |
||||
%endif |
||||
|
||||
# systemd-units merged into systemd at Fedora 17 |
||||
%if (0%{?fedora} && 0%{?fedora} <= 16) |
||||
%global systemd_units systemd-units |
||||
%else |
||||
%global systemd_units systemd |
||||
%endif |
||||
|
||||
# Support systemd presets and drop support for SysV migration from Fedora 18, RHEL 7 |
||||
%if (0%{?rhel} && 0%{?rhel} <= 6) || (0%{?fedora} && 0%{?fedora} <= 17) |
||||
%global preset_support 0 |
||||
%global sysv_to_systemd %{use_systemd} |
||||
# Flag file for SysV-to-systemd migration |
||||
%global migrfile /run/%{name}-%{version}-%{release}-%{_arch}.systemd-migration |
||||
# This macro not defined until Fedora 18 |
||||
%global _tmpfilesdir %{_prefix}/lib/tmpfiles.d |
||||
%else |
||||
%global preset_support 1 |
||||
%global sysv_to_systemd 0 |
||||
%endif |
||||
|
||||
# Milter header files package name |
||||
%if (0%{?rhel} && 0%{?rhel} <= 7) || (0%{?fedora} && 0%{?fedora} <= 25) |
||||
%global milter_devel_package sendmail-devel |
||||
%else |
||||
%global milter_devel_package sendmail-milter-devel |
||||
%endif |
||||
|
||||
# Do a hardened build where possible |
||||
%global _hardened_build 1 |
||||
|
||||
Summary: Milter (mail filter) for spamassassin |
||||
Name: spamass-milter |
||||
Version: 0.4.0 |
||||
Release: 14%{?dist} |
||||
License: GPLv2+ |
||||
URL: http://savannah.nongnu.org/projects/spamass-milt/ |
||||
Source0: http://savannah.nongnu.org/download/spamass-milt/spamass-milter-%{version}.tar.gz |
||||
Source1: spamass-milter.README.Postfix |
||||
Source2: spamass-milter-tmpfs.conf |
||||
Source3: spamass-milter-postfix-tmpfs.conf |
||||
# SysV init |
||||
Source10: spamass-milter.sysv |
||||
Source11: spamass-milter-sysconfig.sysv |
||||
# systemd |
||||
Source20: spamass-milter.service |
||||
Source21: spamass-milter-root.service |
||||
Source22: spamass-milter-sysconfig.systemd |
||||
Source23: spamass-milter-postfix-sysconfig.systemd |
||||
# Patches submitted upstream: |
||||
# http://savannah.nongnu.org/bugs/?29326 |
||||
Patch2: spamass-milter-0.4.0-authuser.patch |
||||
Patch3: spamass-milter-0.4.0-rcvd.patch |
||||
Patch4: spamass-milter-0.4.0-bits.patch |
||||
Patch5: spamass-milter-0.4.0-group.patch |
||||
# Patches not yet submitted upstream |
||||
Patch8: spamass-milter-0.4.0-auth-no-ssf.patch |
||||
# Fedora-specific patches |
||||
Patch10: spamass-milter-0.4.0-pathnames.patch |
||||
Patch11: spamass-milter-0.4.0-rundir.patch |
||||
BuildRequires: coreutils |
||||
BuildRequires: gcc-c++ |
||||
BuildRequires: make |
||||
BuildRequires: %milter_devel_package |
||||
BuildRequires: spamassassin |
||||
Requires: spamassassin, /usr/sbin/sendmail |
||||
%if %{rundir_tmpfs} |
||||
# Needed for ownership of %%{_tmpfilesdir} |
||||
Requires: %{systemd_units} |
||||
%endif |
||||
|
||||
Requires(pre): glibc-common, shadow-utils |
||||
%if %{sysv_to_systemd} |
||||
Requires(pre): chkconfig, coreutils, systemd-sysv |
||||
%endif |
||||
%if %{use_systemd} |
||||
BuildRequires: %{systemd_units} |
||||
Requires(post): coreutils, %{systemd_units} |
||||
Requires(preun): %{systemd_units} |
||||
Requires(postun): %{systemd_units} |
||||
%else |
||||
Requires(post): chkconfig |
||||
Requires(preun): chkconfig, initscripts |
||||
Requires(postun): initscripts |
||||
%endif |
||||
|
||||
%description |
||||
A milter (Mail Filter) application that pipes incoming mail (including things |
||||
received by rmail/UUCP) through SpamAssassin, a highly customizable spam |
||||
filter. A milter-compatible MTA such as Sendmail or Postfix is required. |
||||
|
||||
%package postfix |
||||
Summary: Postfix support for spamass-milter |
||||
Requires: %{name} = %{version}-%{release} |
||||
Requires(pre): postfix |
||||
Requires(post): shadow-utils, %{name} = %{version}-%{release} |
||||
BuildArch: noarch |
||||
|
||||
%description postfix |
||||
This package adds support for running spamass-milter using a Unix-domain |
||||
socket to communicate with the Postfix MTA. |
||||
|
||||
%prep |
||||
%setup -q |
||||
|
||||
# Copy in general support files |
||||
cp -p %{SOURCE1} README.Postfix |
||||
cp -p %{SOURCE2} spamass-milter-tmpfs.conf |
||||
cp -p %{SOURCE3} spamass-milter-postfix-tmpfs.conf |
||||
|
||||
# Fix Received-header generation (#496763) |
||||
%patch3 -b .rcvd |
||||
|
||||
# Add authentication info to dummy Received-header (#496769) |
||||
%patch4 -b .bits |
||||
|
||||
# Add -g option for group-writable socket for Postfix support (#452248) |
||||
%patch5 -b .group |
||||
|
||||
# Help for users authenticating to Postfix (#730308) |
||||
%patch8 -b .postfix-auth |
||||
|
||||
# Local patch for initscript and socket paths |
||||
%patch10 -b .pathnames |
||||
|
||||
# Add -I option to ignore (don't check) mail from authenticated users |
||||
# (#437506, #496767) http://savannah.nongnu.org/bugs/?21046 |
||||
# Note: upstream introduced a similar -a option in version 0.4.0, so this |
||||
# option is retained only in builds prior to Fedora 22 for compatibility |
||||
%if (0%{?rhel} && 0%{?rhel} <= 7) || (0%{?fedora} && 0%{?fedora} <= 21) |
||||
%patch2 -b .authuser |
||||
%endif |
||||
|
||||
# With systemd, the runtime directory is /run rather than /var/run |
||||
%if %{rundir_tmpfs} |
||||
%patch11 -b .rundir |
||||
%endif |
||||
|
||||
# Copy in SysV init files |
||||
%if !%{use_systemd} |
||||
cp -p %{SOURCE10} %{SOURCE11} . |
||||
%endif |
||||
|
||||
# Copy in systemd files |
||||
%if %{use_systemd} |
||||
cp -p %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} . |
||||
%endif |
||||
|
||||
%build |
||||
export SENDMAIL=/usr/sbin/sendmail |
||||
%configure |
||||
make %{?_smp_mflags} |
||||
|
||||
%install |
||||
make DESTDIR=%{buildroot} install |
||||
|
||||
install -m 755 -d %{buildroot}%{_localstatedir}/lib/spamass-milter |
||||
install -m 711 -d %{buildroot}%{rundir}/spamass-milter |
||||
install -m 750 -d %{buildroot}%{rundir}/spamass-milter/postfix |
||||
%if %{use_systemd} |
||||
install -m 644 -D spamass-milter.service \ |
||||
%{buildroot}%{_unitdir}/spamass-milter.service |
||||
install -m 644 -D spamass-milter-root.service \ |
||||
%{buildroot}%{_unitdir}/spamass-milter-root.service |
||||
install -m 644 -D spamass-milter-sysconfig.systemd \ |
||||
%{buildroot}%{_sysconfdir}/sysconfig/spamass-milter |
||||
install -m 644 -D spamass-milter-postfix-sysconfig.systemd \ |
||||
%{buildroot}%{_sysconfdir}/sysconfig/spamass-milter-postfix |
||||
%else |
||||
install -m 755 -D spamass-milter.sysv \ |
||||
%{buildroot}%{_initddir}/spamass-milter |
||||
install -m 644 -D spamass-milter-sysconfig.sysv \ |
||||
%{buildroot}%{_sysconfdir}/sysconfig/spamass-milter |
||||
%endif |
||||
|
||||
# Make sure %%{rundir}/spamass-milter{,/postfix} exist at boot time for systems |
||||
# with %%{rundir} on tmpfs (#656692) |
||||
%if %{rundir_tmpfs} |
||||
install -m 755 -d %{buildroot}%{_tmpfilesdir} |
||||
install -m 644 spamass-milter-tmpfs.conf \ |
||||
%{buildroot}%{_tmpfilesdir}/spamass-milter.conf |
||||
install -m 644 spamass-milter-postfix-tmpfs.conf \ |
||||
%{buildroot}%{_tmpfilesdir}/spamass-milter-postfix.conf |
||||
%endif |
||||
|
||||
# Create dummy sockets for %%ghost-ing |
||||
: > %{buildroot}%{rundir}/spamass-milter/spamass-milter.sock |
||||
: > %{buildroot}%{rundir}/spamass-milter/postfix/sock |
||||
|
||||
%pre |
||||
getent group sa-milt >/dev/null || groupadd -r sa-milt |
||||
getent passwd sa-milt >/dev/null || \ |
||||
useradd -r -g sa-milt -d %{_localstatedir}/lib/spamass-milter \ |
||||
-s /sbin/nologin -c "SpamAssassin Milter" sa-milt |
||||
# Fix homedir for upgrades |
||||
usermod --home %{_localstatedir}/lib/spamass-milter sa-milt &>/dev/null |
||||
%if %{sysv_to_systemd} |
||||
# Start SysV-to-systemd migration |
||||
rm -f %{migrfile} &>/dev/null |
||||
if [ $1 -gt 1 -a ! -e %{_unitdir}/spamass-milter.service -a -e %{_initddir}/spamass-milter ]; then |
||||
systemd-sysv-convert --save spamass-milter &>/dev/null |
||||
chkconfig --del spamass-milter &>/dev/null |
||||
touch %{migrfile} &>/dev/null |
||||
fi |
||||
%endif |
||||
exit 0 |
||||
|
||||
%post |
||||
if [ $1 -eq 1 ]; then |
||||
# Initial installation |
||||
%if %{use_systemd} |
||||
systemctl daemon-reload &>/dev/null || : |
||||
%else |
||||
chkconfig --add spamass-milter || : |
||||
%endif |
||||
%if %{preset_support} |
||||
systemctl preset spamass-milter.service &>/dev/null || : |
||||
systemctl preset spamass-milter-root.service &>/dev/null || : |
||||
%endif |
||||
fi |
||||
|
||||
%preun |
||||
if [ $1 -eq 0 ]; then |
||||
# Package removal, not upgrade |
||||
%if %{use_systemd} |
||||
systemctl --no-reload disable spamass-milter.service &>/dev/null || : |
||||
systemctl stop spamass-milter.service &>/dev/null || : |
||||
systemctl --no-reload disable spamass-milter-root.service &>/dev/null || : |
||||
systemctl stop spamass-milter-root.service &>/dev/null || : |
||||
%else |
||||
%{_initddir}/spamass-milter stop &>/dev/null || : |
||||
chkconfig --del spamass-milter || : |
||||
%endif |
||||
fi |
||||
|
||||
%postun |
||||
%if %{use_systemd} |
||||
systemctl daemon-reload &>/dev/null || : |
||||
%endif |
||||
if [ $1 -ge 1 ]; then |
||||
# Package upgrade, not uninstall |
||||
%if %{use_systemd} |
||||
systemctl try-restart spamass-milter.service &>/dev/null || : |
||||
systemctl try-restart spamass-milter-root.service &>/dev/null || : |
||||
%else |
||||
%{_initddir}/spamass-milter condrestart &>/dev/null || : |
||||
%endif |
||||
fi |
||||
|
||||
%if %{sysv_to_systemd} |
||||
%triggerpostun -- spamass-milter |
||||
# Complete the SysV-to-system migration started in %%pre |
||||
if [ $1 -gt 0 -a -e %{migrfile} ]; then |
||||
systemctl daemon-reload &>/dev/null || : |
||||
systemctl try-restart spamass-milter.service &>/dev/null |
||||
fi |
||||
rm -f %{migrfile} &>/dev/null || : |
||||
%endif |
||||
|
||||
%post postfix |
||||
# This is needed because the milter needs to "give away" the MTA communication |
||||
# socket to the postfix group, and it needs to be a member of the group to do |
||||
# that. |
||||
usermod -a -G postfix sa-milt || : |
||||
|
||||
%files |
||||
%doc AUTHORS ChangeLog NEWS README |
||||
%{_mandir}/man1/spamass-milter.1* |
||||
%config(noreplace) %{_sysconfdir}/sysconfig/spamass-milter |
||||
%if %{rundir_tmpfs} |
||||
%{_tmpfilesdir}/spamass-milter.conf |
||||
%endif |
||||
%if %{use_systemd} |
||||
%{_unitdir}/spamass-milter.service |
||||
%{_unitdir}/spamass-milter-root.service |
||||
%else |
||||
%{_initddir}/spamass-milter |
||||
%endif |
||||
%{_sbindir}/spamass-milter |
||||
%dir %attr(-,sa-milt,sa-milt) %{_localstatedir}/lib/spamass-milter/ |
||||
%dir %attr(-,sa-milt,sa-milt) %{rundir}/spamass-milter/ |
||||
%ghost %{rundir}/spamass-milter/spamass-milter.sock |
||||
|
||||
%files postfix |
||||
%doc README.Postfix |
||||
%if %{rundir_tmpfs} |
||||
%{_tmpfilesdir}/spamass-milter-postfix.conf |
||||
%endif |
||||
%if %{use_systemd} |
||||
%config(noreplace) %{_sysconfdir}/sysconfig/spamass-milter-postfix |
||||
%endif |
||||
%dir %attr(-,sa-milt,postfix) %{rundir}/spamass-milter/postfix/ |
||||
%ghost %{rundir}/spamass-milter/postfix/sock |
||||
|
||||
%changelog |
||||
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-14 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild |
||||
|
||||
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-13 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild |
||||
|
||||
* Mon Jan 29 2018 Paul Howarth <paul@city-fan.org> - 0.4.0-12 |
||||
- Account for systemd-units being merged into systemd at Fedora 17 |
||||
- Drop support for SysV-to-systemd migration from Fedora 18, RHEL 7 |
||||
- Use forward-looking conditionals |
||||
- One build requirement per line |
||||
|
||||
* Wed Nov 15 2017 Paul Howarth <paul@city-fan.org> - 0.4.0-11 |
||||
- Replace /bin/* dependencies with coreutils etc. (#1512898) |
||||
- Drop explicit paths for commands to aid spec readability |
||||
- Drop EL-5 support |
||||
- Drop legacy Group: and BuildRoot: tags |
||||
- Drop explicit buildroot cleaning in %%install section |
||||
- Drop explicit %%clean section |
||||
- Noarch sub-packages are always available now |
||||
|
||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-10 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild |
||||
|
||||
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-9 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild |
||||
|
||||
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-8 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild |
||||
|
||||
* Mon Aug 22 2016 Paul Howarth <paul@city-fan.org> - 0.4.0-7 |
||||
- Document expected warning message when used with Postfix (#1368645) |
||||
|
||||
* Fri Aug 5 2016 Paul Howarth <paul@city-fan.org> - 0.4.0-6 |
||||
- sendmail-devel renamed to sendmail-milter-devel from Fedora 26 |
||||
- Specify all build requirements |
||||
|
||||
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-5 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild |
||||
|
||||
* Wed Jan 6 2016 Paul Howarth <paul@city-fan.org> - 0.4.0-4 |
||||
- Document macro requirements for Postfix (#1294245) |
||||
|
||||
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.0-3 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild |
||||
|
||||
* Sat May 02 2015 Kalev Lember <kalevlember@gmail.com> - 0.4.0-2 |
||||
- Rebuilt for GCC 5 C++11 ABI change |
||||
|
||||
* Thu Feb 26 2015 Paul Howarth <paul@city-fan.org> - 0.4.0-1 |
||||
- Update to 0.4.0 |
||||
- New options: |
||||
-C option to change the default reject code |
||||
-S option to specify a path to sendmail (for the -x option) |
||||
-R option to specify the rejection message |
||||
-a option to skip messages that were authenticated |
||||
- IPv6 address support |
||||
- Syntax clean-ups |
||||
- Drop upstreamed syntax, rejection text and IPv6 patches |
||||
- Update authuser patch: note that upstream has introduced a -a option that |
||||
does pretty much the same as the -I option added by this patch, so this |
||||
patch is deprecated and will not be included in builds for Fedora 22 onwards |
||||
- Clean up other patches to apply cleanly |
||||
|
||||
* Tue Feb 24 2015 Paul Howarth <paul@city-fan.org> - 0.3.2-15 |
||||
- Add -R option to specify SMTP rejection text (#1131667) |
||||
- Drop %%defattr, redundant since rpm 4.4 |
||||
|
||||
* Thu Aug 21 2014 Kevin Fenzi <kevin@scrye.com> - 0.3.2-14 |
||||
- Rebuild for rpm bug 1131960 |
||||
|
||||
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-13 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild |
||||
|
||||
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-12 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild |
||||
|
||||
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-11 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild |
||||
|
||||
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-10 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild |
||||
|
||||
* Wed Sep 5 2012 Paul Howarth <paul@city-fan.org> - 0.3.2-9 |
||||
- Add systemd preset support (#850321) |
||||
|
||||
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-8 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild |
||||
|
||||
* Wed Jul 4 2012 Paul Howarth <paul@city-fan.org> - 0.3.2-7 |
||||
- Move the tmpfiles.d config from %%{_sysconfdir} to %%{_prefix}/lib |
||||
|
||||
* Mon Apr 16 2012 Paul Howarth <paul@city-fan.org> - 0.3.2-6 |
||||
- Do a hardened (PIE) build where possible |
||||
|
||||
* Wed Jan 11 2012 Paul Howarth <paul@city-fan.org> - 0.3.2-5 |
||||
- Rebuild for gcc 4.7 in Rawhide |
||||
|
||||
* Wed Aug 24 2011 Paul Howarth <paul@city-fan.org> - 0.3.2-4 |
||||
- Add systemd init support, on by default from Fedora 16 |
||||
- %%ghost the sockets for clean uninstalls |
||||
|
||||
* Thu Aug 18 2011 Paul Howarth <paul@city-fan.org> - 0.3.2-3 |
||||
- Help for users authenticating to Postfix (#730308) |
||||
|
||||
* Mon Jul 18 2011 Paul Howarth <paul@city-fan.org> - 0.3.2-2 |
||||
- Drop the wrapper, which hasn't been needed since 0.3.1 was released |
||||
- Nobody else likes macros for commands |
||||
|
||||
* Tue Feb 15 2011 Paul Howarth <paul@city-fan.org> - 0.3.2-1 |
||||
- Update to 0.3.2 (upstream fix for popen unsanitized input vulnerability: |
||||
CVE-2010-1132, #572117, #572119, http://savannah.nongnu.org/bugs/?29136) |
||||
- Drop popen patch, now upstream |
||||
- Rework syntax, rcvd and bits patches to apply against new codebase |
||||
|
||||
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-25 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild |
||||
|
||||
* Tue Nov 30 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-24 |
||||
- Require systemd-units for ownership of /etc/tmpfiles.d directory |
||||
- Add Default-Stop LSB keyword in initscript |
||||
|
||||
* Fri Nov 26 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-23 |
||||
- Make sure /var/run/spamass-milter and /var/run/spamass-milter/postfix exist |
||||
at boot time for systems with /var/run on tmpfs (#656692) |
||||
|
||||
* Wed Sep 29 2010 jkeating - 0.3.1-22 |
||||
- Rebuilt for gcc bug 634757 |
||||
|
||||
* Thu Sep 23 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-21 |
||||
- Add IPv6 whitelisting support (#630263) |
||||
|
||||
* Tue Jun 8 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-20 |
||||
- RHEL-6 onwards have noarch subpackages, so make spamass-milter-postfix one |
||||
|
||||
* Mon Apr 19 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-19 |
||||
- Fix patch for CVE-2010-1132 to not create a zombie process per email when |
||||
the -x or -b options are used (#583523) |
||||
|
||||
* Tue Mar 23 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-18 |
||||
- Add patch to get rid of compiler warnings |
||||
- Reorder and re-base patches to optimize chances of upstream accepting them |
||||
- Improve Received-header patch (#496763) incorporating additional fix from |
||||
upstream update (http://savannah.nongnu.org/bugs/?17178) |
||||
|
||||
* Fri Mar 12 2010 Paul Howarth <paul@city-fan.org> - 0.3.1-17 |
||||
- Update initscript to support running the milter as root, which is needed |
||||
for the -x (expand aliases) option; note that the milter does not run as |
||||
root by default |
||||
- Add patch for popen unsanitized input vulnerability |
||||
(CVE-2010-1132, #572117, #572119, http://savannah.nongnu.org/bugs/?29136) |
||||
- Rebase authuser patch |
||||
- Update patch adding auth info to dummy Received-header so that it doesn't |
||||
generate spurious warnings about missing macros (#532266), and update and |
||||
merge the macro documentation patch into this patch |
||||
- Document patch usage in spec file |
||||
|
||||
* Tue Aug 11 2009 Paul Howarth <paul@city-fan.org> - 0.3.1-16 |
||||
- Switch to bzipped source tarball |
||||
|
||||
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-15 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild |
||||
|
||||
* Fri Apr 24 2009 Paul Howarth <paul@city-fan.org> - 0.3.1-14 |
||||
- Fix Received-header generation (#496763) |
||||
- Add authentication info to dummy Received-header (#496769) |
||||
- Add option to skip checks for authenticated senders (#437506, #496767) |
||||
(thanks to Habeeb J. Dihu for the reports and patches) |
||||
|
||||
* Wed Mar 18 2009 Paul Howarth <paul@city-fan.org> - 0.3.1-13 |
||||
- Call initscripts directly instead of via /sbin/service and fine-tune scriptlet |
||||
dependencies |
||||
- Change sa-milt user's home directory from |
||||
%%{_localstatedir}/run/spamass-milter to %%{_localstatedir}/lib/spamass-milter |
||||
so as to retain directory contents across a reboot (#489995), and fix the home |
||||
directory of any existing sa-milt account on upgrades |
||||
|
||||
* Fri Feb 27 2009 Paul Howarth <paul@city-fan.org> - 0.3.1-12 |
||||
- Subpackage for postfix is now noarch for Fedora 10 onwards |
||||
- Fix scriptlet deps to ensure that sa-milt user exists before we attempt to |
||||
add it to the postfix group |
||||
|
||||
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-11 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild |
||||
|
||||
* Fri Feb 13 2009 Paul Howarth <paul@city-fan.org> - 0.3.1-10 |
||||
- Rebuild for shared libmilter in Fedora 11 development |
||||
|
||||
* Thu Jul 3 2008 Paul Howarth <paul@city-fan.org> - 0.3.1-9 |
||||
- Require /usr/sbin/sendmail (for -b/-B/-x options) rather than sendmail pkg |
||||
- Make summary and description less Sendmail-specific |
||||
- Add patch to support group-writable socket for MTA communication, needed |
||||
to be able to use a Unix-domain socket with Postfix (#452248) |
||||
- Add subpackage with group-writable directory for Postfix support |
||||
- Tweak initscript to change default options when Postfix socket directory is |
||||
present |
||||
- Document additional ENVRCPT macros to provide |
||||
|
||||
* Tue May 20 2008 Paul Howarth <paul@city-fan.org> - 0.3.1-8 |
||||
- Fix initscript failure to start with SELinux in enforcing mode (#447247) |
||||
(needs selinux-policy >= 3.3.1-55 on F9) |
||||
|
||||
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 0.3.1-7 |
||||
- Autorebuild for GCC 4.3 |
||||
|
||||
* Mon Feb 18 2008 Paul Howarth <paul@city-fan.org> - 0.3.1-6 |
||||
- Rebuild with gcc 4.3.0 for Fedora 9 |
||||
|
||||
* Fri Oct 12 2007 Paul Howarth <paul@city-fan.org> - 0.3.1-5 |
||||
- Split initscript and config out from being here documents in the spec and |
||||
have them as separate source files instead |
||||
- Unexpand tabs |
||||
- Clarify license as GPL v2 or later (GPLv2+) |
||||
- Use the standard scriptlet for user/group creation in %%pre |
||||
|
||||
* Wed Aug 30 2006 Paul Howarth <paul@city-fan.org> - 0.3.1-4 |
||||
- Use make/DESTDIR instead of deprecated %%makeinstall macro |
||||
- Expand tabs and clean up changelog entries |
||||
|
||||
* Mon May 15 2006 Paul Howarth <paul@city-fan.org> - 0.3.1-3 |
||||
- Use upstream default settings (#191602) |
||||
This change re-enables by default Subject/Content-Type header modification |
||||
(which may have a performance impact for large messages) and disables by |
||||
default the rejection of emails with a spam score of 15 or more. To re-enable |
||||
these options, uncomment the line: |
||||
EXTRA_FLAGS="-m -r 15" |
||||
in %%{_sysconfdir}/sysconfig/spamass-milter |
||||
|
||||
* Sun May 7 2006 Paul Howarth <paul@city-fan.org> - 0.3.1-2 |
||||
- Fix race condition in "stop" clause of initscript (#190894) |
||||
|
||||
* Thu Apr 6 2006 Paul Howarth <paul@city-fan.org> - 0.3.1-1 |
||||
- Update to 0.3.1 |
||||
|
||||
* Wed Feb 15 2006 Paul Howarth <paul@city-fan.org> - 0.3.0-9 |
||||
- Don't use macros in command paths, hardcode them instead |
||||
|
||||
* Mon Aug 1 2005 Paul Howarth <paul@city-fan.org> - 0.3.0-8 |
||||
- Run the milter in a wrapper script that restarts it if it crashes |
||||
|
||||
* Thu Jun 16 2005 Paul Howarth <paul@city-fan.org> - 0.3.0-7 |
||||
- Bump and rebuild due to transient build system failure |
||||
|
||||
* Wed Jun 15 2005 Paul Howarth <paul@city-fan.org> - 0.3.0-6 |
||||
- Adjust initscript chkconfig values so it starts before sendmail |
||||
|
||||
* Mon Jun 13 2005 Paul Howarth <paul@city-fan.org> - 0.3.0-5 |
||||
- Help the configure script find sendmail |
||||
|
||||
* Mon Jun 13 2005 Paul Howarth <paul@city-fan.org> - 0.3.0-4 |
||||
- Bump and rebuild |
||||
|
||||
* Mon Jun 06 2005 Paul Howarth <paul@city-fan.org> - 0.3.0-3 |
||||
- Use Extras standard buildroot |
||||
- Unpack tarball quietly |
||||
- Create account sa-milt and run the milter using that instead of root |
||||
- Fix socket name in README |
||||
- Initscript not %%config |
||||
|
||||
* Sun Jun 05 2005 Warren Togami <wtogami@redhat.com> - 0.3.0-2 |
||||
- Extras |
||||
|
||||
* Tue Feb 08 2005 Dag Wieers <dag@wieers.com> - 0.3.0-1 |
||||
- Updated to release 0.3.0 |
||||
|
||||
* Wed Sep 01 2004 Dag Wieers <dag@wieers.com> - 0.2.0-1 |
||||
- Fixed variables in sysconfig file (mator) |
||||
|
||||
* Tue Feb 17 2004 Dag Wieers <dag@wieers.com> - 0.2.0-0 |
||||
- Initial package (using DAR) |
Loading…
Reference in new issue