diff --git a/SOURCES/spamass-milter-0.4.0-auth-no-ssf.patch b/SOURCES/spamass-milter-0.4.0-auth-no-ssf.patch new file mode 100644 index 0000000..3992399 --- /dev/null +++ b/SOURCES/spamass-milter-0.4.0-auth-no-ssf.patch @@ -0,0 +1,28 @@ +This change is to help users with Postfix that aren't using the -a option +to not pass mail from authenticated users through SpamAssassin. Postfix, +unlike Sendmail, does not provide the {auth_ssf} macro, so in the case +where mail is from an authenticated user, the modified code can now add +an (authenticated) hint in the dummy Received: header (where Sendmail would +add (authenticated bits=nnn)), and this is scored favourably by SpamAssassin. + +http://bugzilla.redhat.com/730308 + +--- spamass-milter.cpp ++++ spamass-milter.cpp +@@ -1069,9 +1069,14 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp + + rec_header = (string) "Received: from " + macro_s + " (" + macro__ + ")\r\n\t"; + +- if (strlen(macro_auth_ssf)) ++ if (strlen(macro_auth_authen)) + { +- rec_header += (string) "(authenticated bits=" + macro_auth_ssf + ")\r\n\t"; ++ rec_header += (string) "(authenticated"; ++ if (strlen(macro_auth_ssf)) ++ { ++ rec_header += (string) " bits=" + macro_auth_ssf; ++ } ++ rec_header += (string) ")\r\n\t"; + } + + rec_header += (string) "by " + macro_j + " (" + macro_v + "/" + macro_Z + ") with " + diff --git a/SOURCES/spamass-milter-0.4.0-authuser.patch b/SOURCES/spamass-milter-0.4.0-authuser.patch new file mode 100644 index 0000000..890cfc9 --- /dev/null +++ b/SOURCES/spamass-milter-0.4.0-authuser.patch @@ -0,0 +1,89 @@ +--- spamass-milter.1.in ++++ spamass-milter.1.in +@@ -16,6 +16,7 @@ + .Op Fl f + .Op Fl g Ar group + .Op Fl i Ar networks ++.Op Fl I + .Op Fl m + .Op Fl M + .Op Fl P Ar pidfile +@@ -134,6 +135,8 @@ Multiple + flags will append to the list. + For example, if you list all your internal networks, no outgoing emails + will be filtered. ++.It Fl I ++Ignores messages if the sender has authenticated via SMTP AUTH. + .It Fl m + Disables modification of the + .Ql Subject: +--- spamass-milter.cpp ++++ spamass-milter.cpp +@@ -178,6 +178,7 @@ bool flag_full_email = false; /* pass f + bool flag_expand = false; /* alias/virtusertable expansion */ + bool warnedmacro = false; /* have we logged that we couldn't fetch a macro? */ + bool auth = false; /* don't scan authenticated users */ ++bool ignore_authenticated_senders = false; /* authenticated users bypass spam checks */ + + // {{{ main() + +@@ -185,7 +186,7 @@ int + main(int argc, char* argv[]) + { + int c, err = 0; +- const char *args = "afd:mMp:P:r:u:D:i:b:B:e:xS:R:C:g:"; ++ const char *args = "afd:mMp:P:r:u:D:i:Ib:B:e:xS:R:C:g:"; + char *sock = NULL; + char *group = NULL; + bool dofork = false; +@@ -225,6 +226,10 @@ main(int argc, char* argv[]) + debug(D_MISC, "Parsing ignore list"); + parse_networklist(optarg, &ignorenets); + break; ++ case 'I': ++ debug(D_MISC, "Ignore authenticated senders"); ++ ignore_authenticated_senders = true; ++ break; + case 'm': + dontmodifyspam = true; + smfilter.xxfi_flags &= ~SMFIF_CHGBODY; +@@ -301,7 +306,7 @@ main(int argc, char* argv[]) + cout << PACKAGE_NAME << " - Version " << PACKAGE_VERSION << endl; + cout << "SpamAssassin Sendmail Milter Plugin" << endl; + cout << "Usage: spamass-milter -p socket [-b|-B bucket] [-d xx[,yy...]] [-D host]" << endl; +- cout << " [-e defaultdomain] [-f] [-i networks] [-m] [-M]" << endl; ++ cout << " [-e defaultdomain] [-f] [-i networks] [-I] [-m] [-M]" << endl; + cout << " [-P pidfile] [-r nn] [-u defaultuser] [-x] [-a]" << endl; + cout << " [-C rejectcode] [-R rejectmsg] [-g group]" << endl; + cout << " [-- spamc args ]" << endl; +@@ -318,6 +323,7 @@ main(int argc, char* argv[]) + cout << " -g group: socket group (perms to 660 as well)" << endl; + cout << " -i: skip (ignore) checks from these IPs or netblocks" << endl; + cout << " example: -i 192.168.12.5,10.0.0.0/8,172.16.0.0/255.255.0.0" << endl; ++ cout << " -I: skip (ignore) checks if sender is authenticated" << endl; + cout << " -m: don't modify body, Content-type: or Subject:" << endl; + cout << " -M: don't modify the message at all" << endl; + cout << " -P pidfile: Put processid in pidfile" << endl; +@@ -850,6 +856,22 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro + return SMFIS_ACCEPT; + } + } ++ ++ if (ignore_authenticated_senders) ++ { ++ char *auth_authen; ++ ++ auth_authen = smfi_getsymval(ctx, const_cast("{auth_authen}")); ++ debug(D_MISC, "auth_authen=%s", auth_authen ?: ""); ++ ++ if (auth_authen) ++ { ++ debug(D_MISC, "sender authenticated (%s) - accepting message", ++ auth_authen); ++ debug(D_FUNC, "mlfi_envfrom: exit ignore"); ++ return SMFIS_ACCEPT; ++ } ++ } + + debug(D_FUNC, "mlfi_envfrom: enter"); + try { diff --git a/SOURCES/spamass-milter-0.4.0-bits.patch b/SOURCES/spamass-milter-0.4.0-bits.patch new file mode 100644 index 0000000..61090fd --- /dev/null +++ b/SOURCES/spamass-milter-0.4.0-bits.patch @@ -0,0 +1,289 @@ +Add authenticated bits information into the dummy generated +Received-header for SpamAssassin to facilitate adding a rule +to score mail from authenticated clients. + +Discussion: +http://bugzilla.redhat.com/496769 +http://www.gossamer-threads.com/lists/spamassassin/users/146948 + +This patch also moves some of the macro collection to the +ENVFROM callback, where the required macros are available by default. + +--- README ++++ README +@@ -55,16 +55,28 @@ configuring sendmail through m4 & the se + adding the lines + + INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/sendmail/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl +-define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl +-define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl +-define(`confMILTER_MACROS_ENVFROM',`{auth_authen}, {auth_type}')dnl +-define(`confMILTER_MACROS_ENVRCPT',`r, v, Z')dnl ++define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`, b, r, v, Z')dnl ++ + + should do the trick. Of course you need to modify the path of the + socket if you put another one into the startup script. The timeouts + have been increased somewhat because SpamAssassin may chew on it for a + little while on a slow machine. + ++If you are using multiple milter mail filters on your mail server, you may ++have overridden the default values of some of the confMILTER_MACROS_* ++macros whilst configuring the other filters. You need to ensure that at ++least the following values are present: ++ ++confMILTER_MACROS_CONNECT must include the {j} and {_} macros ++(all included by default) ++ ++confMILTER_MACROS_ENVFROM must include the {i}, {auth_authen}, {auth_ssf} ++and {auth_type} macros (all included by default) ++ ++confMILTER_MACROS_ENVRCPT must include the {b}, {r}, {v}, and {Z} macros ++ ++ + Now recreate sendmail.cf, restart sendmail and experiment around a bit + with the setup to make sure it is working. + +--- spamass-milter.cpp ++++ spamass-milter.cpp +@@ -702,6 +702,7 @@ sfsistat + mlfi_connect(SMFICTX * ctx, char *hostname, _SOCK_ADDR * hostaddr) + { + struct context *sctx; ++ const char *macro_j, *macro__; + int rv; + + debug(D_FUNC, "mlfi_connect: enter"); +@@ -726,8 +727,31 @@ mlfi_connect(SMFICTX * ctx, char *hostna + } + sctx->assassin = NULL; + sctx->helo = NULL; +- +- /* store a pointer to it with setpriv */ ++ sctx->our_fqdn = NULL; ++ sctx->sender_address = NULL; ++ sctx->queueid = NULL; ++ sctx->auth_authen = NULL; ++ sctx->auth_ssf = NULL; ++ ++ /* store our FQDN */ ++ macro_j = smfi_getsymval(ctx, const_cast("j")); ++ if (!macro_j) ++ { ++ macro_j = "localhost"; ++ warnmacro("j", "CONNECT"); ++ } ++ sctx->our_fqdn = strdup(macro_j); ++ ++ /* store the validated sending site's address */ ++ macro__ = smfi_getsymval(ctx, const_cast("_")); ++ if (!macro__) ++ { ++ macro__ = "unknown"; ++ warnmacro("_", "CONNECT"); ++ } ++ sctx->sender_address = strdup(macro__); ++ ++ /* store a pointer to our private data with setpriv */ + rv = smfi_setpriv(ctx, sctx); + if (rv != MI_SUCCESS) + { +@@ -778,7 +802,7 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro + { + SpamAssassin* assassin; + struct context *sctx = (struct context *)smfi_getpriv(ctx); +- const char *queueid; ++ const char *queueid, *macro_auth_ssf, *macro_auth_authen; + + if (sctx == NULL) + { +@@ -814,17 +838,44 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro + + // remember the MAIL FROM address + assassin->set_from(string(envfrom[0])); +- ++ ++ // remember the queueid for this message + queueid=smfi_getsymval(ctx, const_cast("i")); + if (!queueid) + { + queueid="unknown"; + warnmacro("i", "ENVFROM"); + } +- assassin->queueid = queueid; +- ++ sctx->queueid = strdup(queueid); + debug(D_MISC, "queueid=%s", queueid); + ++ // remember the SMTP AUTH login name ++ macro_auth_authen = smfi_getsymval(ctx, const_cast("{auth_authen}")); ++ if (!macro_auth_authen) ++ { ++ macro_auth_authen = ""; ++ // Don't issue a warning for the auth_authen macro as ++ // it is likely to be unset much of the time - it's ++ // only set if the client has authenticated. ++ // ++ // Similarly, we only issue warnings for the other ++ // auth-related macros if {auth_authen) is available. ++ // ++ // warnmacro("auth_authen", "ENVFROM"); ++ } ++ sctx->auth_authen = strdup(macro_auth_authen); ++ ++ // remember the SASL cipher bits ++ macro_auth_ssf = smfi_getsymval(ctx, const_cast("{auth_ssf}")); ++ if (!macro_auth_ssf) ++ { ++ macro_auth_ssf = ""; ++ if (strlen(macro_auth_authen)) { ++ warnmacro("auth_ssf", "ENVFROM"); ++ } ++ } ++ sctx->auth_ssf = strdup(macro_auth_ssf); ++ + // tell Milter to continue + debug(D_FUNC, "mlfi_envfrom: exit"); + +@@ -918,7 +969,8 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp + + */ + const char *macro_b, *macro_i, *macro_j, *macro_r, +- *macro_s, *macro_v, *macro_Z, *macro__; ++ *macro_s, *macro_v, *macro_Z, *macro__, ++ *macro_auth_ssf, *macro_auth_authen; + char date[32]; + + /* RFC 822 date. */ +@@ -933,20 +985,13 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp + } + + /* queue ID */ +- macro_i = smfi_getsymval(ctx, const_cast("i")); +- if (!macro_i) +- { +- macro_i = "unknown"; +- warnmacro("i", "ENVRCPT"); +- } ++ macro_i = sctx->queueid; + +- /* FQDN of this site */ +- macro_j = smfi_getsymval(ctx, const_cast("j")); +- if (!macro_j) +- { +- macro_j = "localhost"; +- warnmacro("j", "ENVRCPT"); +- } ++ /* FQDN */ ++ macro_j = sctx->our_fqdn; ++ ++ /* Sender address */ ++ macro__ = sctx->sender_address; + + /* Protocol used to receive the message */ + macro_r = smfi_getsymval(ctx, const_cast("r")); +@@ -955,7 +1000,11 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp + macro_r = "SMTP"; + warnmacro("r", "ENVRCPT"); + } +- ++ ++ /* SMTP AUTH details */ ++ macro_auth_authen = sctx->auth_authen; ++ macro_auth_ssf = sctx->auth_ssf; ++ + /* Sendmail currently cannot pass us the {s} macro, but + I do not know why. Leave this in for the day sendmail is + fixed. Until that day, use the value remembered by +@@ -983,22 +1032,25 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp + warnmacro("Z", "ENVRCPT"); + } + +- /* Validated sending site's address */ +- macro__ = smfi_getsymval(ctx, const_cast("_")); +- if (!macro__) ++ assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n"); ++ assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n"); ++ ++ string rec_header; ++ ++ rec_header = (string) "Received: from " + macro_s + " (" + macro__ + ")\r\n\t"; ++ ++ if (strlen(macro_auth_ssf)) + { +- macro__ = "unknown"; +- warnmacro("_", "ENVRCPT"); ++ rec_header += (string) "(authenticated bits=" + macro_auth_ssf + ")\r\n\t"; + } + +- assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n"); +- assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n"); ++ rec_header += (string) "by " + macro_j + " (" + macro_v + "/" + macro_Z + ") with " + ++ macro_r + " id " + macro_i + ";\r\n\t" + ++ macro_b + "\r\n\t" + ++ "(envelope-from " + assassin->from() + ")\r\n"; + +- assassin->output((string) +- "Received: from "+macro_s+" ("+macro__+")\r\n\t"+ +- "by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+ +- macro_b+"\r\n\t"+ +- "(envelope-from "+assassin->from()+")\r\n"); ++ debug(D_SPAMC, "Received header for spamc: %s", rec_header.c_str()); ++ assassin->output(rec_header); + + } else + assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n"); +@@ -1244,16 +1296,27 @@ mlfi_close(SMFICTX* ctx) + { + struct context *sctx; + debug(D_FUNC, "mlfi_close"); +- ++ + sctx = (struct context*)smfi_getpriv(ctx); + if (sctx == NULL) + return SMFIS_ACCEPT; + + if (sctx->helo) + free(sctx->helo); ++ if (sctx->our_fqdn) ++ free(sctx->our_fqdn); ++ if (sctx->sender_address) ++ free(sctx->sender_address); ++ if (sctx->queueid) ++ free(sctx->queueid); ++ if (sctx->auth_authen) ++ free(sctx->auth_authen); ++ if (sctx->auth_ssf) ++ free(sctx->auth_ssf); ++ + free(sctx); + smfi_setpriv(ctx, NULL); +- ++ + return SMFIS_ACCEPT; + } + +--- spamass-milter.h ++++ spamass-milter.h +@@ -168,9 +168,6 @@ public: + // List of recipients after alias/virtusertable expansion + list expandedrcpt; + +- // the sendmail queue id for this message; used for logging +- string queueid; +- + // Process handling variables + pid_t pid; + int pipe_io[2][2]; +@@ -181,6 +178,11 @@ struct context + { + char connect_ip[64]; // remote IP address + char *helo; ++ char *our_fqdn; ++ char *sender_address; ++ char *queueid; ++ char *auth_authen; ++ char *auth_ssf; + SpamAssassin *assassin; // pointer to the SA object if we're processing a message + }; + diff --git a/SOURCES/spamass-milter-0.4.0-group.patch b/SOURCES/spamass-milter-0.4.0-group.patch new file mode 100644 index 0000000..3887e1b --- /dev/null +++ b/SOURCES/spamass-milter-0.4.0-group.patch @@ -0,0 +1,110 @@ +Add option -g group to have the milter create a group-writeable socket +for communication with the MTA and set the GID of the socket to the +specified group. This makes it possible to use the milter via a +unix-domain socket with Postfix as the MTA (Postfix doesn't run as +root and would otherwise be unable to use the socket). + +http://bugzilla.redhat.com/452248 + +--- spamass-milter.1.in ++++ spamass-milter.1.in +@@ -14,6 +14,7 @@ + .Op Fl D Ar host + .Op Fl e Ar defaultdomain + .Op Fl f ++.Op Fl g Ar group + .Op Fl i Ar networks + .Op Fl m + .Op Fl M +@@ -115,6 +116,12 @@ flag. + Causes + .Nm + to fork into the background. ++.It Fl g Ar group ++Makes the socket for communication with the MTA group-writable (mode 0750) ++and sets the socket's group to ++.Ar group . ++This option is intended for use with MTA's like Postfix that do not run as ++root, and is incompatible with Sendmail usage. + .It Fl i Ar networks + Ignores messages if the originating IP is in the network(s) listed. + The message will be passed through without calling SpamAssassin at all. +--- spamass-milter.cpp ++++ spamass-milter.cpp +@@ -89,6 +89,7 @@ + #endif + #include + #include ++#include + + // C++ includes + #include +@@ -184,8 +185,9 @@ int + main(int argc, char* argv[]) + { + int c, err = 0; +- const char *args = "afd:mMp:P:r:u:D:i:b:B:e:xS:R:C:"; ++ const char *args = "afd:mMp:P:r:u:D:i:b:B:e:xS:R:C:g:"; + char *sock = NULL; ++ char *group = NULL; + bool dofork = false; + char *pidfilename = NULL; + FILE *pidfile = NULL; +@@ -206,6 +208,9 @@ main(int argc, char* argv[]) + case 'f': + dofork = true; + break; ++ case 'g': ++ group = strdup(optarg); ++ break; + case 'd': + parse_debuglevel(optarg); + break; +@@ -298,7 +303,7 @@ main(int argc, char* argv[]) + cout << "Usage: spamass-milter -p socket [-b|-B bucket] [-d xx[,yy...]] [-D host]" << endl; + cout << " [-e defaultdomain] [-f] [-i networks] [-m] [-M]" << endl; + cout << " [-P pidfile] [-r nn] [-u defaultuser] [-x] [-a]" << endl; +- cout << " [-C rejectcode] [ -R rejectmsg ]" << endl; ++ cout << " [-C rejectcode] [-R rejectmsg] [-g group]" << endl; + cout << " [-- spamc args ]" << endl; + cout << " -p socket: path to create socket" << endl; + cout << " -b bucket: redirect spam to this mail address. The orignal" << endl; +@@ -310,6 +315,7 @@ main(int argc, char* argv[]) + cout << " -e defaultdomain: pass full email address to spamc instead of just\n" + " username. Uses 'defaultdomain' if there was none" << endl; + cout << " -f: fork into background" << endl; ++ cout << " -g group: socket group (perms to 660 as well)" << endl; + cout << " -i: skip (ignore) checks from these IPs or netblocks" << endl; + cout << " example: -i 192.168.12.5,10.0.0.0/8,172.16.0.0/255.255.0.0" << endl; + cout << " -m: don't modify body, Content-type: or Subject:" << endl; +@@ -378,6 +384,30 @@ main(int argc, char* argv[]) + } else { + debug(D_MISC, "smfi_register succeeded"); + } ++ ++ if (group) ++ { ++ struct group *gr; ++ ++ (void) smfi_opensocket(0); ++ gr = getgrnam(group); ++ if (gr) ++ { ++ int rc; ++ rc = chown(sock, (uid_t)-1, gr->gr_gid); ++ if (!rc) ++ { ++ (void) chmod(sock, 0660); ++ } else { ++ perror("group option, chown"); ++ exit(EX_NOPERM); ++ } ++ } else { ++ perror("group option, getgrnam"); ++ exit(EX_NOUSER); ++ } ++ } ++ + debug(D_ALWAYS, "spamass-milter %s starting", PACKAGE_VERSION); + err = smfi_main(); + debug(D_ALWAYS, "spamass-milter %s exiting", PACKAGE_VERSION); diff --git a/SOURCES/spamass-milter-0.4.0-pathnames.patch b/SOURCES/spamass-milter-0.4.0-pathnames.patch new file mode 100644 index 0000000..f3f95ab --- /dev/null +++ b/SOURCES/spamass-milter-0.4.0-pathnames.patch @@ -0,0 +1,20 @@ +--- README ++++ README +@@ -42,7 +42,7 @@ put the spamass-milter binary and set th + you want to use. YOU WILL MOST LIKELY HAVE TO EDIT THE VARIABLES ON + TOP OF THIS FILE. + +-Then start the daemon via /etc/init.d/spamass-milter start and make ++Then start the daemon via /etc/rc.d/init.d/spamass-milter start and make + sure it didn't crash/terminate immediately. If it does, there should + usually be syslog output. + +@@ -54,7 +54,7 @@ Now you need to make sendmail use the pl + configuring sendmail through m4 & the sendmail.mc files. In this case + adding the lines + +-INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/sendmail/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl ++INPUT_MAIL_FILTER(`spamassassin', `S=unix:/var/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl + define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`, b, r, v, Z')dnl + + diff --git a/SOURCES/spamass-milter-0.4.0-rcvd.patch b/SOURCES/spamass-milter-0.4.0-rcvd.patch new file mode 100644 index 0000000..35de10f --- /dev/null +++ b/SOURCES/spamass-milter-0.4.0-rcvd.patch @@ -0,0 +1,22 @@ +The code in spamass-milter.cpp that tries to create a +Sendmail-compatible header was broken and generated a header +that was incorrectly parsed by SpamAssassin. + +This is mostly fixed now apart from the space that needs +adding prior to the "(" between macro_j and macro_v. + +https://savannah.nongnu.org/bugs/index.php?17178 +http://bugs.debian.org/510665 +http://bugzilla.redhat.com/496763 + +--- spamass-milter.cpp ++++ spamass-milter.cpp +@@ -996,7 +996,7 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp + + assassin->output((string) + "Received: from "+macro_s+" ("+macro__+")\r\n\t"+ +- "by "+macro_j+"("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+ ++ "by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+ + macro_b+"\r\n\t"+ + "(envelope-from "+assassin->from()+")\r\n"); + diff --git a/SOURCES/spamass-milter-0.4.0-rundir.patch b/SOURCES/spamass-milter-0.4.0-rundir.patch new file mode 100644 index 0000000..e70342b --- /dev/null +++ b/SOURCES/spamass-milter-0.4.0-rundir.patch @@ -0,0 +1,28 @@ +--- README.Postfix ++++ README.Postfix +@@ -2,12 +2,12 @@ Installing the spamass-milter-postfix pa + of spamass-milter to be more Postfix-friendly, i.e.: + + The Unix-domain socket used for MTA communication is changed to +- /var/run/spamass-milter/postfix/sock, and that socket is ++ /run/spamass-milter/postfix/sock, and that socket is + writable by the postfix group. + + To configure Postfix to use the milter, add to /etc/postfix/main.cf: + +- smtpd_milters = unix:/var/run/spamass-milter/postfix/sock ++ smtpd_milters = unix:/run/spamass-milter/postfix/sock + + In addition: + +--- README ++++ README +@@ -54,7 +54,7 @@ Now you need to make sendmail use the pl + configuring sendmail through m4 & the sendmail.mc files. In this case + adding the lines + +-INPUT_MAIL_FILTER(`spamassassin', `S=unix:/var/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl ++INPUT_MAIL_FILTER(`spamassassin', `S=unix:/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl + define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`, b, r, v, Z')dnl + + diff --git a/SOURCES/spamass-milter-postfix-sysconfig.systemd b/SOURCES/spamass-milter-postfix-sysconfig.systemd new file mode 100644 index 0000000..668906b --- /dev/null +++ b/SOURCES/spamass-milter-postfix-sysconfig.systemd @@ -0,0 +1,4 @@ +# For Postfix support, use a postfix-group-writable socket +# for communication with the MTA +SOCKET="/run/spamass-milter/postfix/sock" +SOCKET_OPTIONS="-g postfix" diff --git a/SOURCES/spamass-milter-postfix-tmpfs.conf b/SOURCES/spamass-milter-postfix-tmpfs.conf new file mode 100644 index 0000000..03203fa --- /dev/null +++ b/SOURCES/spamass-milter-postfix-tmpfs.conf @@ -0,0 +1 @@ +d /run/spamass-milter/postfix 750 sa-milt postfix diff --git a/SOURCES/spamass-milter-root.service b/SOURCES/spamass-milter-root.service new file mode 100644 index 0000000..e5cc223 --- /dev/null +++ b/SOURCES/spamass-milter-root.service @@ -0,0 +1,30 @@ +# Note: this unit file runs spamass-milter as the privileged user root, +# which is necessary for using the milter's -x option for performing +# virtusertable and alias expansion. If you are not using the -x option, +# there is no need for the milter to run as root and it is best not to do so, +# using the spamass-milter.service unit instead of this one. + +[Unit] +Description = Mail filter for SpamAssassin +Wants = spamassassin.service +After = syslog.target +After = local-fs.target +After = network.target +After = spamassassin.service +Before = sendmail.service +Before = postfix.service +Conflicts = spamass-milter.service + +[Service] +Type = simple +UMask = 0022 +Environment = SOCKET=/run/spamass-milter/spamass-milter.sock SOCKET_OPTIONS= EXTRA_FLAGS= +EnvironmentFile = -/etc/sysconfig/spamass-milter +EnvironmentFile = -/etc/sysconfig/spamass-milter-postfix +ExecStartPre = /bin/chown -R root /run/spamass-milter +ExecStart = /usr/sbin/spamass-milter $SOCKET_OPTIONS -p $SOCKET $EXTRA_FLAGS +ExecStopPost = /bin/chown -R sa-milt /run/spamass-milter + +[Install] +WantedBy = multi-user.target + diff --git a/SOURCES/spamass-milter-tmpfs.conf b/SOURCES/spamass-milter-tmpfs.conf new file mode 100644 index 0000000..621426e --- /dev/null +++ b/SOURCES/spamass-milter-tmpfs.conf @@ -0,0 +1 @@ +d /run/spamass-milter 711 sa-milt sa-milt diff --git a/SOURCES/spamass-milter.README.Postfix b/SOURCES/spamass-milter.README.Postfix new file mode 100644 index 0000000..0195ca9 --- /dev/null +++ b/SOURCES/spamass-milter.README.Postfix @@ -0,0 +1,39 @@ +Installing the spamass-milter-postfix package changes the default behaviour +of spamass-milter to be more Postfix-friendly, i.e.: + + The Unix-domain socket used for MTA communication is changed to + /var/run/spamass-milter/postfix/sock, and that socket is + writable by the postfix group. + +To configure Postfix to use the milter, add to /etc/postfix/main.cf: + + smtpd_milters = unix:/var/run/spamass-milter/postfix/sock + +In addition: + + milter_connect_macros must include the j and _ macros + milter_rcpt_macros must include the b, r, v, and Z macros + +Most of these are present by default and shouldn't need explicitly setting, +except for the _ macro in milter_connect_macros. You can use: + +postconf -d milter_connect_macros + +to find the current setting, and add _ to the returned value, e.g. + + milter_connect_macros = j {daemon_name} v _ + +Note that Postfix users will see the following warning logged at the time of +the first connection to the milter: + + Could not retrieve sendmail macro "i"!. Please add it to + confMILTER_MACROS_ENVFROM for better spamassassin results + +This is a consequence of different design decisions between Postfix and +Sendmail (which spamass-milter is written for), where Postfix does not assign +a Queue ID to an incoming message until later in an SMTP transaction compared +with Sendmail. The milter wants to use the information before Postfix can +provide it, hence the message. It is harmless and can be ignored. + +For further information, see: +http://www.postfix.org/MILTER_README.html diff --git a/SOURCES/spamass-milter.service b/SOURCES/spamass-milter.service new file mode 100644 index 0000000..7925c5c --- /dev/null +++ b/SOURCES/spamass-milter.service @@ -0,0 +1,29 @@ +# Note: this unit file runs spamass-milter as the unprivileged user sa-milt, +# which is not compatible with the milter's -x option for performing +# virtusertable and alias expansion. If you are not using the -x option, +# there is no need for the milter to run as root and it is best not to do so. +# However, if you are using the -x option, you will need to run the milter as +# root and should use the spamass-milter-root.service unit instead of this one. + +[Unit] +Description = Mail filter for SpamAssassin +Wants = spamassassin.service +After = syslog.target +After = local-fs.target +After = network.target +After = spamassassin.service +Before = sendmail.service +Before = postfix.service +Conflicts = spamass-milter-root.service + +[Service] +Type = simple +UMask = 0022 +Environment = SOCKET=/run/spamass-milter/spamass-milter.sock SOCKET_OPTIONS= EXTRA_FLAGS= +EnvironmentFile = -/etc/sysconfig/spamass-milter +EnvironmentFile = -/etc/sysconfig/spamass-milter-postfix +User = sa-milt +ExecStart = /usr/sbin/spamass-milter $SOCKET_OPTIONS -p $SOCKET $EXTRA_FLAGS + +[Install] +WantedBy = multi-user.target diff --git a/SOURCES/spamass-milter.sysv b/SOURCES/spamass-milter.sysv new file mode 100644 index 0000000..0e0c5fe --- /dev/null +++ b/SOURCES/spamass-milter.sysv @@ -0,0 +1,116 @@ +#!/bin/bash +# +# Init file for SpamAssassin sendmail milter. +# +# chkconfig: - 79 21 +# description: spamass-milter is a daemon that hooks into sendmail and \ +# routes email messages to spamassassin +# +# processname: spamass-milter +# config: /etc/sysconfig/spamass-milter +# pidfile: /var/run/spamass-milter.pid + +### BEGIN INIT INFO +# Provides: spamass-milter +# Required-Start: $local_fs $network $syslog $named +# Required-Stop: $local_fs $network $syslog $named +# Default-Stop: 0 1 6 +# Should-Start: spamd spamassassin +# Should-Stop: spamd spamassassin +# Short-Description: Start or stop SpamAssassin Milter +# Description: Spamass-milter is an add-on to sendmail that can route mail \ +# messages through SpamAssassin and mark or reject mail deemed \ +# to be spam +### END INIT INFO + +# Default variables +PATH=/sbin:/bin:/usr/sbin:/usr/bin +RUN_AS_USER=sa-milt +SOCKET="/var/run/spamass-milter/spamass-milter.sock" +SOCKET_OPTIONS="" +EXTRA_FLAGS="" +SYSCONFIG="/etc/sysconfig/spamass-milter" + +# If Postfix support package is installed, use a postfix-group-writable +# socket for communication with the MTA +if [ -d /var/run/spamass-milter/postfix ]; then + SOCKET="/var/run/spamass-milter/postfix/sock" + SOCKET_OPTIONS="-g postfix" +fi + +# Read configuration +source /etc/rc.d/init.d/functions +for configfile in /etc/sysconfig/network "${SYSCONFIG}"; do + [ -r "${configfile}" ] && source "${configfile}" +done + +[ -x /usr/sbin/spamass-milter ] || exit 5 + +RETVAL=0 +prog="spamass-milter" +desc="SpamAssassin milter" +pidfile=/var/run/spamass-milter.pid + +# Fix ownership of socket directory if necessary +chown ${RUN_AS_USER} /var/run/spamass-milter + +start() { + echo -n $"Starting ${desc} (${prog}): " + touch ${pidfile} + chown ${RUN_AS_USER} ${pidfile} + [ -x /sbin/restorecon ] && /sbin/restorecon ${pidfile} + daemon --user ${RUN_AS_USER} /usr/sbin/${prog} ${SOCKET_OPTIONS} -p ${SOCKET} -P ${pidfile} -f ${EXTRA_FLAGS} + RETVAL=$? + echo + if [ ${RETVAL} -eq 0 ]; then + touch /var/lock/subsys/spamass-milter + return 0 + else + return 1 + fi +} + +stop() { + echo -n $"Shutting down ${desc} (${prog}): " + rm -f /var/lock/subsys/spamass-milter + killproc ${prog} + RETVAL=$? + echo + if [ ${RETVAL} -eq 0 ]; then + rm -f ${pidfile} + return 0 + else + return 1 + fi +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart|force-reload) + if [ "x`pidof spamass-milter`" != x ]; then + stop + sleep 2 + fi + start + ;; + condrestart|try-restart) + if [ -e /var/lock/subsys/spamass-milter ]; then + stop + sleep 2 + start + else + exit 0 + fi + ;; + status) + status ${prog} + ;; + *) + echo $"Usage: $0 {start|stop|restart|try-restart|force-reload|status}" + exit 2 +esac diff --git a/SPECS/spamass-milter.spec b/SPECS/spamass-milter.spec new file mode 100644 index 0000000..c1fa809 --- /dev/null +++ b/SPECS/spamass-milter.spec @@ -0,0 +1,580 @@ +# This package uses systemd init from Fedora 16, but can use it for +# Fedora 15 if built using --with systemd +%if !((0%{?rhel} && 0%{?rhel} <= 6) || (0%{?fedora} && 0%{?fedora} <= 15)) +%global _with_systemd --with-systemd +%endif +%global use_systemd %{!?_with_systemd:0}%{?_with_systemd:1} + +# The runtime directory is on tmpfs from Fedora 15 regardless of whether or not we're using systemd init +%if (0%{?rhel} && 0%{?rhel} <= 6) || (0%{?fedora} && 0%{?fedora} <= 14) +%global rundir %{_localstatedir}/run +%global rundir_tmpfs 0 +%else +%global rundir /run +%global rundir_tmpfs 1 +%endif + +# systemd-units merged into systemd at Fedora 17 +%if (0%{?fedora} && 0%{?fedora} <= 16) +%global systemd_units systemd-units +%else +%global systemd_units systemd +%endif + +# Support systemd presets and drop support for SysV migration from Fedora 18, RHEL 7 +%if (0%{?rhel} && 0%{?rhel} <= 6) || (0%{?fedora} && 0%{?fedora} <= 17) +%global preset_support 0 +%global sysv_to_systemd %{use_systemd} +# Flag file for SysV-to-systemd migration +%global migrfile /run/%{name}-%{version}-%{release}-%{_arch}.systemd-migration +# This macro not defined until Fedora 18 +%global _tmpfilesdir %{_prefix}/lib/tmpfiles.d +%else +%global preset_support 1 +%global sysv_to_systemd 0 +%endif + +# Milter header files package name +%if (0%{?rhel} && 0%{?rhel} <= 7) || (0%{?fedora} && 0%{?fedora} <= 25) +%global milter_devel_package sendmail-devel +%else +%global milter_devel_package sendmail-milter-devel +%endif + +# Do a hardened build where possible +%global _hardened_build 1 + +Summary: Milter (mail filter) for spamassassin +Name: spamass-milter +Version: 0.4.0 +Release: 14%{?dist} +License: GPLv2+ +URL: http://savannah.nongnu.org/projects/spamass-milt/ +Source0: http://savannah.nongnu.org/download/spamass-milt/spamass-milter-%{version}.tar.gz +Source1: spamass-milter.README.Postfix +Source2: spamass-milter-tmpfs.conf +Source3: spamass-milter-postfix-tmpfs.conf +# SysV init +Source10: spamass-milter.sysv +Source11: spamass-milter-sysconfig.sysv +# systemd +Source20: spamass-milter.service +Source21: spamass-milter-root.service +Source22: spamass-milter-sysconfig.systemd +Source23: spamass-milter-postfix-sysconfig.systemd +# Patches submitted upstream: +# http://savannah.nongnu.org/bugs/?29326 +Patch2: spamass-milter-0.4.0-authuser.patch +Patch3: spamass-milter-0.4.0-rcvd.patch +Patch4: spamass-milter-0.4.0-bits.patch +Patch5: spamass-milter-0.4.0-group.patch +# Patches not yet submitted upstream +Patch8: spamass-milter-0.4.0-auth-no-ssf.patch +# Fedora-specific patches +Patch10: spamass-milter-0.4.0-pathnames.patch +Patch11: spamass-milter-0.4.0-rundir.patch +BuildRequires: coreutils +BuildRequires: gcc-c++ +BuildRequires: make +BuildRequires: %milter_devel_package +BuildRequires: spamassassin +Requires: spamassassin, /usr/sbin/sendmail +%if %{rundir_tmpfs} +# Needed for ownership of %%{_tmpfilesdir} +Requires: %{systemd_units} +%endif + +Requires(pre): glibc-common, shadow-utils +%if %{sysv_to_systemd} +Requires(pre): chkconfig, coreutils, systemd-sysv +%endif +%if %{use_systemd} +BuildRequires: %{systemd_units} +Requires(post): coreutils, %{systemd_units} +Requires(preun): %{systemd_units} +Requires(postun): %{systemd_units} +%else +Requires(post): chkconfig +Requires(preun): chkconfig, initscripts +Requires(postun): initscripts +%endif + +%description +A milter (Mail Filter) application that pipes incoming mail (including things +received by rmail/UUCP) through SpamAssassin, a highly customizable spam +filter. A milter-compatible MTA such as Sendmail or Postfix is required. + +%package postfix +Summary: Postfix support for spamass-milter +Requires: %{name} = %{version}-%{release} +Requires(pre): postfix +Requires(post): shadow-utils, %{name} = %{version}-%{release} +BuildArch: noarch + +%description postfix +This package adds support for running spamass-milter using a Unix-domain +socket to communicate with the Postfix MTA. + +%prep +%setup -q + +# Copy in general support files +cp -p %{SOURCE1} README.Postfix +cp -p %{SOURCE2} spamass-milter-tmpfs.conf +cp -p %{SOURCE3} spamass-milter-postfix-tmpfs.conf + +# Fix Received-header generation (#496763) +%patch3 -b .rcvd + +# Add authentication info to dummy Received-header (#496769) +%patch4 -b .bits + +# Add -g option for group-writable socket for Postfix support (#452248) +%patch5 -b .group + +# Help for users authenticating to Postfix (#730308) +%patch8 -b .postfix-auth + +# Local patch for initscript and socket paths +%patch10 -b .pathnames + +# Add -I option to ignore (don't check) mail from authenticated users +# (#437506, #496767) http://savannah.nongnu.org/bugs/?21046 +# Note: upstream introduced a similar -a option in version 0.4.0, so this +# option is retained only in builds prior to Fedora 22 for compatibility +%if (0%{?rhel} && 0%{?rhel} <= 7) || (0%{?fedora} && 0%{?fedora} <= 21) +%patch2 -b .authuser +%endif + +# With systemd, the runtime directory is /run rather than /var/run +%if %{rundir_tmpfs} +%patch11 -b .rundir +%endif + +# Copy in SysV init files +%if !%{use_systemd} +cp -p %{SOURCE10} %{SOURCE11} . +%endif + +# Copy in systemd files +%if %{use_systemd} +cp -p %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} . +%endif + +%build +export SENDMAIL=/usr/sbin/sendmail +%configure +make %{?_smp_mflags} + +%install +make DESTDIR=%{buildroot} install + +install -m 755 -d %{buildroot}%{_localstatedir}/lib/spamass-milter +install -m 711 -d %{buildroot}%{rundir}/spamass-milter +install -m 750 -d %{buildroot}%{rundir}/spamass-milter/postfix +%if %{use_systemd} +install -m 644 -D spamass-milter.service \ + %{buildroot}%{_unitdir}/spamass-milter.service +install -m 644 -D spamass-milter-root.service \ + %{buildroot}%{_unitdir}/spamass-milter-root.service +install -m 644 -D spamass-milter-sysconfig.systemd \ + %{buildroot}%{_sysconfdir}/sysconfig/spamass-milter +install -m 644 -D spamass-milter-postfix-sysconfig.systemd \ + %{buildroot}%{_sysconfdir}/sysconfig/spamass-milter-postfix +%else +install -m 755 -D spamass-milter.sysv \ + %{buildroot}%{_initddir}/spamass-milter +install -m 644 -D spamass-milter-sysconfig.sysv \ + %{buildroot}%{_sysconfdir}/sysconfig/spamass-milter +%endif + +# Make sure %%{rundir}/spamass-milter{,/postfix} exist at boot time for systems +# with %%{rundir} on tmpfs (#656692) +%if %{rundir_tmpfs} +install -m 755 -d %{buildroot}%{_tmpfilesdir} +install -m 644 spamass-milter-tmpfs.conf \ + %{buildroot}%{_tmpfilesdir}/spamass-milter.conf +install -m 644 spamass-milter-postfix-tmpfs.conf \ + %{buildroot}%{_tmpfilesdir}/spamass-milter-postfix.conf +%endif + +# Create dummy sockets for %%ghost-ing +: > %{buildroot}%{rundir}/spamass-milter/spamass-milter.sock +: > %{buildroot}%{rundir}/spamass-milter/postfix/sock + +%pre +getent group sa-milt >/dev/null || groupadd -r sa-milt +getent passwd sa-milt >/dev/null || \ + useradd -r -g sa-milt -d %{_localstatedir}/lib/spamass-milter \ + -s /sbin/nologin -c "SpamAssassin Milter" sa-milt +# Fix homedir for upgrades +usermod --home %{_localstatedir}/lib/spamass-milter sa-milt &>/dev/null +%if %{sysv_to_systemd} +# Start SysV-to-systemd migration +rm -f %{migrfile} &>/dev/null +if [ $1 -gt 1 -a ! -e %{_unitdir}/spamass-milter.service -a -e %{_initddir}/spamass-milter ]; then + systemd-sysv-convert --save spamass-milter &>/dev/null + chkconfig --del spamass-milter &>/dev/null + touch %{migrfile} &>/dev/null +fi +%endif +exit 0 + +%post +if [ $1 -eq 1 ]; then + # Initial installation +%if %{use_systemd} + systemctl daemon-reload &>/dev/null || : +%else + chkconfig --add spamass-milter || : +%endif +%if %{preset_support} + systemctl preset spamass-milter.service &>/dev/null || : + systemctl preset spamass-milter-root.service &>/dev/null || : +%endif +fi + +%preun +if [ $1 -eq 0 ]; then + # Package removal, not upgrade +%if %{use_systemd} + systemctl --no-reload disable spamass-milter.service &>/dev/null || : + systemctl stop spamass-milter.service &>/dev/null || : + systemctl --no-reload disable spamass-milter-root.service &>/dev/null || : + systemctl stop spamass-milter-root.service &>/dev/null || : +%else + %{_initddir}/spamass-milter stop &>/dev/null || : + chkconfig --del spamass-milter || : +%endif +fi + +%postun +%if %{use_systemd} +systemctl daemon-reload &>/dev/null || : +%endif +if [ $1 -ge 1 ]; then + # Package upgrade, not uninstall +%if %{use_systemd} + systemctl try-restart spamass-milter.service &>/dev/null || : + systemctl try-restart spamass-milter-root.service &>/dev/null || : +%else + %{_initddir}/spamass-milter condrestart &>/dev/null || : +%endif +fi + +%if %{sysv_to_systemd} +%triggerpostun -- spamass-milter +# Complete the SysV-to-system migration started in %%pre +if [ $1 -gt 0 -a -e %{migrfile} ]; then + systemctl daemon-reload &>/dev/null || : + systemctl try-restart spamass-milter.service &>/dev/null +fi +rm -f %{migrfile} &>/dev/null || : +%endif + +%post postfix +# This is needed because the milter needs to "give away" the MTA communication +# socket to the postfix group, and it needs to be a member of the group to do +# that. +usermod -a -G postfix sa-milt || : + +%files +%doc AUTHORS ChangeLog NEWS README +%{_mandir}/man1/spamass-milter.1* +%config(noreplace) %{_sysconfdir}/sysconfig/spamass-milter +%if %{rundir_tmpfs} +%{_tmpfilesdir}/spamass-milter.conf +%endif +%if %{use_systemd} +%{_unitdir}/spamass-milter.service +%{_unitdir}/spamass-milter-root.service +%else +%{_initddir}/spamass-milter +%endif +%{_sbindir}/spamass-milter +%dir %attr(-,sa-milt,sa-milt) %{_localstatedir}/lib/spamass-milter/ +%dir %attr(-,sa-milt,sa-milt) %{rundir}/spamass-milter/ +%ghost %{rundir}/spamass-milter/spamass-milter.sock + +%files postfix +%doc README.Postfix +%if %{rundir_tmpfs} +%{_tmpfilesdir}/spamass-milter-postfix.conf +%endif +%if %{use_systemd} +%config(noreplace) %{_sysconfdir}/sysconfig/spamass-milter-postfix +%endif +%dir %attr(-,sa-milt,postfix) %{rundir}/spamass-milter/postfix/ +%ghost %{rundir}/spamass-milter/postfix/sock + +%changelog +* Sat Jul 14 2018 Fedora Release Engineering - 0.4.0-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Fri Feb 09 2018 Fedora Release Engineering - 0.4.0-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Mon Jan 29 2018 Paul Howarth - 0.4.0-12 +- Account for systemd-units being merged into systemd at Fedora 17 +- Drop support for SysV-to-systemd migration from Fedora 18, RHEL 7 +- Use forward-looking conditionals +- One build requirement per line + +* Wed Nov 15 2017 Paul Howarth - 0.4.0-11 +- Replace /bin/* dependencies with coreutils etc. (#1512898) +- Drop explicit paths for commands to aid spec readability +- Drop EL-5 support + - Drop legacy Group: and BuildRoot: tags + - Drop explicit buildroot cleaning in %%install section + - Drop explicit %%clean section + - Noarch sub-packages are always available now + +* Thu Aug 03 2017 Fedora Release Engineering - 0.4.0-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 0.4.0-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 0.4.0-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Aug 22 2016 Paul Howarth - 0.4.0-7 +- Document expected warning message when used with Postfix (#1368645) + +* Fri Aug 5 2016 Paul Howarth - 0.4.0-6 +- sendmail-devel renamed to sendmail-milter-devel from Fedora 26 +- Specify all build requirements + +* Fri Feb 05 2016 Fedora Release Engineering - 0.4.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jan 6 2016 Paul Howarth - 0.4.0-4 +- Document macro requirements for Postfix (#1294245) + +* Fri Jun 19 2015 Fedora Release Engineering - 0.4.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat May 02 2015 Kalev Lember - 0.4.0-2 +- Rebuilt for GCC 5 C++11 ABI change + +* Thu Feb 26 2015 Paul Howarth - 0.4.0-1 +- Update to 0.4.0 + - New options: + -C option to change the default reject code + -S option to specify a path to sendmail (for the -x option) + -R option to specify the rejection message + -a option to skip messages that were authenticated + - IPv6 address support + - Syntax clean-ups +- Drop upstreamed syntax, rejection text and IPv6 patches +- Update authuser patch: note that upstream has introduced a -a option that + does pretty much the same as the -I option added by this patch, so this + patch is deprecated and will not be included in builds for Fedora 22 onwards +- Clean up other patches to apply cleanly + +* Tue Feb 24 2015 Paul Howarth - 0.3.2-15 +- Add -R option to specify SMTP rejection text (#1131667) +- Drop %%defattr, redundant since rpm 4.4 + +* Thu Aug 21 2014 Kevin Fenzi - 0.3.2-14 +- Rebuild for rpm bug 1131960 + +* Mon Aug 18 2014 Fedora Release Engineering - 0.3.2-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sun Jun 08 2014 Fedora Release Engineering - 0.3.2-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sun Aug 04 2013 Fedora Release Engineering - 0.3.2-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Fri Feb 15 2013 Fedora Release Engineering - 0.3.2-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Sep 5 2012 Paul Howarth - 0.3.2-9 +- Add systemd preset support (#850321) + +* Sat Jul 21 2012 Fedora Release Engineering - 0.3.2-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Jul 4 2012 Paul Howarth - 0.3.2-7 +- Move the tmpfiles.d config from %%{_sysconfdir} to %%{_prefix}/lib + +* Mon Apr 16 2012 Paul Howarth - 0.3.2-6 +- Do a hardened (PIE) build where possible + +* Wed Jan 11 2012 Paul Howarth - 0.3.2-5 +- Rebuild for gcc 4.7 in Rawhide + +* Wed Aug 24 2011 Paul Howarth - 0.3.2-4 +- Add systemd init support, on by default from Fedora 16 +- %%ghost the sockets for clean uninstalls + +* Thu Aug 18 2011 Paul Howarth - 0.3.2-3 +- Help for users authenticating to Postfix (#730308) + +* Mon Jul 18 2011 Paul Howarth - 0.3.2-2 +- Drop the wrapper, which hasn't been needed since 0.3.1 was released +- Nobody else likes macros for commands + +* Tue Feb 15 2011 Paul Howarth - 0.3.2-1 +- Update to 0.3.2 (upstream fix for popen unsanitized input vulnerability: + CVE-2010-1132, #572117, #572119, http://savannah.nongnu.org/bugs/?29136) +- Drop popen patch, now upstream +- Rework syntax, rcvd and bits patches to apply against new codebase + +* Wed Feb 09 2011 Fedora Release Engineering - 0.3.1-25 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Nov 30 2010 Paul Howarth - 0.3.1-24 +- Require systemd-units for ownership of /etc/tmpfiles.d directory +- Add Default-Stop LSB keyword in initscript + +* Fri Nov 26 2010 Paul Howarth - 0.3.1-23 +- Make sure /var/run/spamass-milter and /var/run/spamass-milter/postfix exist + at boot time for systems with /var/run on tmpfs (#656692) + +* Wed Sep 29 2010 jkeating - 0.3.1-22 +- Rebuilt for gcc bug 634757 + +* Thu Sep 23 2010 Paul Howarth - 0.3.1-21 +- Add IPv6 whitelisting support (#630263) + +* Tue Jun 8 2010 Paul Howarth - 0.3.1-20 +- RHEL-6 onwards have noarch subpackages, so make spamass-milter-postfix one + +* Mon Apr 19 2010 Paul Howarth - 0.3.1-19 +- Fix patch for CVE-2010-1132 to not create a zombie process per email when + the -x or -b options are used (#583523) + +* Tue Mar 23 2010 Paul Howarth - 0.3.1-18 +- Add patch to get rid of compiler warnings +- Reorder and re-base patches to optimize chances of upstream accepting them +- Improve Received-header patch (#496763) incorporating additional fix from + upstream update (http://savannah.nongnu.org/bugs/?17178) + +* Fri Mar 12 2010 Paul Howarth - 0.3.1-17 +- Update initscript to support running the milter as root, which is needed + for the -x (expand aliases) option; note that the milter does not run as + root by default +- Add patch for popen unsanitized input vulnerability + (CVE-2010-1132, #572117, #572119, http://savannah.nongnu.org/bugs/?29136) +- Rebase authuser patch +- Update patch adding auth info to dummy Received-header so that it doesn't + generate spurious warnings about missing macros (#532266), and update and + merge the macro documentation patch into this patch +- Document patch usage in spec file + +* Tue Aug 11 2009 Paul Howarth - 0.3.1-16 +- Switch to bzipped source tarball + +* Sun Jul 26 2009 Fedora Release Engineering - 0.3.1-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Fri Apr 24 2009 Paul Howarth - 0.3.1-14 +- Fix Received-header generation (#496763) +- Add authentication info to dummy Received-header (#496769) +- Add option to skip checks for authenticated senders (#437506, #496767) + (thanks to Habeeb J. Dihu for the reports and patches) + +* Wed Mar 18 2009 Paul Howarth - 0.3.1-13 +- Call initscripts directly instead of via /sbin/service and fine-tune scriptlet + dependencies +- Change sa-milt user's home directory from + %%{_localstatedir}/run/spamass-milter to %%{_localstatedir}/lib/spamass-milter + so as to retain directory contents across a reboot (#489995), and fix the home + directory of any existing sa-milt account on upgrades + +* Fri Feb 27 2009 Paul Howarth - 0.3.1-12 +- Subpackage for postfix is now noarch for Fedora 10 onwards +- Fix scriptlet deps to ensure that sa-milt user exists before we attempt to + add it to the postfix group + +* Wed Feb 25 2009 Fedora Release Engineering - 0.3.1-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Feb 13 2009 Paul Howarth - 0.3.1-10 +- Rebuild for shared libmilter in Fedora 11 development + +* Thu Jul 3 2008 Paul Howarth - 0.3.1-9 +- Require /usr/sbin/sendmail (for -b/-B/-x options) rather than sendmail pkg +- Make summary and description less Sendmail-specific +- Add patch to support group-writable socket for MTA communication, needed + to be able to use a Unix-domain socket with Postfix (#452248) +- Add subpackage with group-writable directory for Postfix support +- Tweak initscript to change default options when Postfix socket directory is + present +- Document additional ENVRCPT macros to provide + +* Tue May 20 2008 Paul Howarth - 0.3.1-8 +- Fix initscript failure to start with SELinux in enforcing mode (#447247) + (needs selinux-policy >= 3.3.1-55 on F9) + +* Tue Feb 19 2008 Fedora Release Engineering - 0.3.1-7 +- Autorebuild for GCC 4.3 + +* Mon Feb 18 2008 Paul Howarth - 0.3.1-6 +- Rebuild with gcc 4.3.0 for Fedora 9 + +* Fri Oct 12 2007 Paul Howarth - 0.3.1-5 +- Split initscript and config out from being here documents in the spec and + have them as separate source files instead +- Unexpand tabs +- Clarify license as GPL v2 or later (GPLv2+) +- Use the standard scriptlet for user/group creation in %%pre + +* Wed Aug 30 2006 Paul Howarth - 0.3.1-4 +- Use make/DESTDIR instead of deprecated %%makeinstall macro +- Expand tabs and clean up changelog entries + +* Mon May 15 2006 Paul Howarth - 0.3.1-3 +- Use upstream default settings (#191602) + This change re-enables by default Subject/Content-Type header modification + (which may have a performance impact for large messages) and disables by + default the rejection of emails with a spam score of 15 or more. To re-enable + these options, uncomment the line: + EXTRA_FLAGS="-m -r 15" + in %%{_sysconfdir}/sysconfig/spamass-milter + +* Sun May 7 2006 Paul Howarth - 0.3.1-2 +- Fix race condition in "stop" clause of initscript (#190894) + +* Thu Apr 6 2006 Paul Howarth - 0.3.1-1 +- Update to 0.3.1 + +* Wed Feb 15 2006 Paul Howarth - 0.3.0-9 +- Don't use macros in command paths, hardcode them instead + +* Mon Aug 1 2005 Paul Howarth - 0.3.0-8 +- Run the milter in a wrapper script that restarts it if it crashes + +* Thu Jun 16 2005 Paul Howarth - 0.3.0-7 +- Bump and rebuild due to transient build system failure + +* Wed Jun 15 2005 Paul Howarth - 0.3.0-6 +- Adjust initscript chkconfig values so it starts before sendmail + +* Mon Jun 13 2005 Paul Howarth - 0.3.0-5 +- Help the configure script find sendmail + +* Mon Jun 13 2005 Paul Howarth - 0.3.0-4 +- Bump and rebuild + +* Mon Jun 06 2005 Paul Howarth - 0.3.0-3 +- Use Extras standard buildroot +- Unpack tarball quietly +- Create account sa-milt and run the milter using that instead of root +- Fix socket name in README +- Initscript not %%config + +* Sun Jun 05 2005 Warren Togami - 0.3.0-2 +- Extras + +* Tue Feb 08 2005 Dag Wieers - 0.3.0-1 +- Updated to release 0.3.0 + +* Wed Sep 01 2004 Dag Wieers - 0.2.0-1 +- Fixed variables in sysconfig file (mator) + +* Tue Feb 17 2004 Dag Wieers - 0.2.0-0 +- Initial package (using DAR)