diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
| commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
| tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /mail-filter/postgrey/files | |
reinit the tree, so we can have metadata
Diffstat (limited to 'mail-filter/postgrey/files')
| -rw-r--r-- | mail-filter/postgrey/files/postgrey-1.34-perl-5.18.patch | 33 | ||||
| -rw-r--r-- | mail-filter/postgrey/files/postgrey-1.34-r3.rc.new | 100 | ||||
| -rw-r--r-- | mail-filter/postgrey/files/postgrey.conf.new | 55 | ||||
| -rw-r--r-- | mail-filter/postgrey/files/postgrey.service | 17 | ||||
| -rw-r--r-- | mail-filter/postgrey/files/targrey-0.31-postgrey-1.34.patch | 202 |
5 files changed, 407 insertions, 0 deletions
diff --git a/mail-filter/postgrey/files/postgrey-1.34-perl-5.18.patch b/mail-filter/postgrey/files/postgrey-1.34-perl-5.18.patch new file mode 100644 index 000000000000..615c6e5b77d1 --- /dev/null +++ b/mail-filter/postgrey/files/postgrey-1.34-perl-5.18.patch @@ -0,0 +1,33 @@ +From 9673b54064691a5b9c295ffea340d8a1f9ee1cb8 Mon Sep 17 00:00:00 2001 +From: Yasuhiro KIMURA <yasu@utahime.org> +Date: Sat, 17 Aug 2013 22:05:27 +0900 +Subject: [PATCH] Make postgrey work with Perl 5.18 + +--- + postgrey | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/postgrey b/postgrey +index 7cb0352..37f69bd 100755 +--- a/postgrey ++++ b/postgrey +@@ -557,6 +557,16 @@ sub main() + if($opt{dbdir}) { + $opt{dbdir} =~ /^(.*)$/; $opt{dbdir} = $1; + } ++ # untaint what is given on --pidfile. It is not security sensitive since ++ # it is provided by the admin ++ if($opt{pidfile}) { ++ $opt{pidfile} =~ /^(.*)$/; $opt{pidfile} = $1; ++ } ++ # untaint what is given on --inet. It is not security sensitive since ++ # it is provided by the admin ++ if($opt{inet}) { ++ $opt{inet} =~ /^(.*)$/; $opt{inet} = $1; ++ } + + # determine proper "logsock" for Sys::Syslog + my $syslog_logsock; +-- +2.0.3 + diff --git a/mail-filter/postgrey/files/postgrey-1.34-r3.rc.new b/mail-filter/postgrey/files/postgrey-1.34-r3.rc.new new file mode 100644 index 000000000000..74256f7e987a --- /dev/null +++ b/mail-filter/postgrey/files/postgrey-1.34-r3.rc.new @@ -0,0 +1,100 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +conf="/etc/conf.d/postgrey" + +extra_started_commands="reload" + +depend() { + need net + before postfix + provide postfix_greylist +} + +conf_error() { + eerror "You need to setup ${conf} first" + return 1 +} + +checkconfig() { +if [ -z "${POSTGREY_TYPE}" ] + then + einfo "You need to choose the server type you want" + einfo "by setting the POSTGREY_TYPE variable in ${conf}." + else + if [ "x${POSTGREY_TYPE}" = "xinet" ] + then + if [ -z "${POSTGREY_PORT}" ] || [ -z "${POSTGREY_HOST}" ] + then + einfo "The following entries are missing in ${conf}:" + [ -z "${POSTGREY_HOST}" ] && einfo " - POSTGREY_HOST" + [ -z "${POSTGREY_PORT}" ] && einfo " - POSTGREY_PORT" + conf_error + fi + POSTGREY_ADDR="${POSTGREY_TYPE}=${POSTGREY_HOST}:${POSTGREY_PORT}" + else + if [ -z "${POSTGREY_SOCKET}" ] + then + einfo "The following entries are missing in ${conf}:" + [ -z "${POSTGREY_SOCKET}" ] && einfo " - POSTGREY_SOCKET" + conf_error + fi + POSTGREY_ADDR="${POSTGREY_TYPE}=${POSTGREY_SOCKET}" + fi +fi + + if [ -z "${POSTGREY_PID}" ] + then + einfo "The following entries are missing in ${conf}:" + [ -z "${POSTGREY_PID}" ] && einfo " - POSTGREY_PID" + conf_error + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting Postgrey" + + # HACK -- start a subshell and corrects perms on the socket... + if [ "x${POSTGREY_TYPE}" = "xunix" ]; then + rm -f ${POSTGREY_SOCKET} + ( while ! test -S ${POSTGREY_SOCKET}; do sleep 1; done; chmod a+rw,a-x ${POSTGREY_SOCKET} ) & + fi + + if [ -z ${POSTGREY_DELAY} ] ; then + POSTGREY_DELAY_ARG="" + else + POSTGREY_DELAY_ARG="--delay=${POSTGREY_DELAY}" + fi + + if [ -z "${POSTGREY_TEXT}" ] ; then + POSTGREY_TEXT_ARG="" + else + POSTGREY_TEXT_ARG="--greylist-text=${POSTGREY_TEXT}" + fi + + start-stop-daemon --start --quiet --background \ + --pidfile=${POSTGREY_PID} \ + --name postgrey \ + --exec /usr/sbin/postgrey -- \ + --${POSTGREY_ADDR} \ + --daemonize \ + --pidfile=${POSTGREY_PID} \ + ${POSTGREY_DELAY_ARG} \ + ${POSTGREY_OPTS} \ + "${POSTGREY_TEXT_ARG}" + eend ${?} +} + +stop() { + ebegin "Stopping Postgrey" + start-stop-daemon --stop --quiet --pidfile ${POSTGREY_PID} + eend ${?} +} + +reload() { + ebegin "Reloading Postgrey" + start-stop-daemon --stop --signal HUP --oknodo --pidfile ${POSTGREY_PID} + eend $? +} diff --git a/mail-filter/postgrey/files/postgrey.conf.new b/mail-filter/postgrey/files/postgrey.conf.new new file mode 100644 index 000000000000..58db73440bd4 --- /dev/null +++ b/mail-filter/postgrey/files/postgrey.conf.new @@ -0,0 +1,55 @@ +# Config file for /etc/init.d/postgrey + +# LISTEN TYPE +# Set to 'inet' if you want to use a TCP socket. +# Set to 'unix' if you want to use a UNIX socket. +POSTGREY_TYPE="inet" + +# HOST +# What IP should postgrey bind to? +# Leave unchanged unless you know what you are doing. +# (ignored if POSTGREY_TYPE is set to 'unix') +POSTGREY_HOST="127.0.0.1" + +# PORT +# What TCP port should postgrey listen on? +# (ignored if POSTGREY_TYPE is set to 'unix') +POSTGREY_PORT="10030" + +# SOCKET +# Unix socket to listen on, if POSTGREY_TYPE is set to 'unix'. +# Leave unchanged unless you know what you are doing. +# (ignored if POSTGREY_TYPE is set to 'inet') +POSTGREY_SOCKET="/var/spool/postfix/private/postgrey" + +# PID +# Postgrey pid file. +# Do not change, if you don't know what this is! +POSTGREY_PID="/var/run/postgrey.pid" + +# DELAY +# How long to delay mail that is greylisted in seconds. +POSTGREY_DELAY=300 + +# TEXT +# The response we'll send back with delayed mail. +POSTGREY_TEXT="Greylisted for %s seconds" + +# Additional Postgrey options +# +# -v, --verbose increase verbosity level +# --max-age=N delete entries older than N days since the last time +# that they have been seen (default: 30) +# --retry-window=N allow only N days for the first retrial (default: 2) +# append 'h' if you want to specify it in hours +# --greylist-action=A if greylisted, return A to Postfix (default: DEFER_IF_PERMIT) +# --lookup-by-subnet strip the last 8 bits from IP addresses (default) +# --lookup-by-host do not strip the last 8 bits from IP addresses +# --whitelist-clients=FILE default: /etc/postfix/postgrey_whitelist_clients +# --whitelist-recipients=FILE default: /etc/postfix/postgrey_whitelist_recipients +# +# Note that the --whitelist-x options can be specified multiple times, and that +# per default /etc/postfix/postgrey_whitelist_clients.local is also read, so +# that you can put there local entries. +# +POSTGREY_OPTS="" diff --git a/mail-filter/postgrey/files/postgrey.service b/mail-filter/postgrey/files/postgrey.service new file mode 100644 index 000000000000..7321eee13adb --- /dev/null +++ b/mail-filter/postgrey/files/postgrey.service @@ -0,0 +1,17 @@ +[Unit] +Description=Postfix Greylisting Service +Before=postfix.service + +[Service] +Type=simple +ExecStart=/usr/sbin/postgrey --inet=127.0.0.1:10030 \ + --pidfile=/var/run/postgrey.pid \ + --group=postgrey --user=postgrey \ + --greylist-text="Greylisted for %%s seconds" +Restart=always +RestartSec=5 +TimeoutSec=10 + +[Install] +WantedBy=multi-user.target + diff --git a/mail-filter/postgrey/files/targrey-0.31-postgrey-1.34.patch b/mail-filter/postgrey/files/targrey-0.31-postgrey-1.34.patch new file mode 100644 index 000000000000..a17b6457d39a --- /dev/null +++ b/mail-filter/postgrey/files/targrey-0.31-postgrey-1.34.patch @@ -0,0 +1,202 @@ +--- postgrey.orig 2011-05-04 22:54:15.000000000 +0200 ++++ postgrey 2011-10-17 10:10:21.000000000 +0200 +@@ -309,6 +309,22 @@ + $self->mylog(1, "cleaning clients database finished. before: $nr_keys_before, after: $nr_keys_after"); + } + ++ if($self->{postgrey}{targrey}) { ++ # cleanup tarpit blacklist database ++ my $tarpit_db = $self->{postgrey}{db_tarpit}; ++ ($nr_keys_before, $nr_keys_after) = (0, 0); ++ while (my ($key, $tarpit_last_seen) = each %$tarpit_db) { ++ $nr_keys_before++; ++ if($now - $tarpit_last_seen > $retry_window) { ++ delete $tarpit_db->{$key}; ++ } ++ else { ++ $nr_keys_after++; ++ } ++ } ++ $self->mylog(1, "cleaning tarpit blacklist database finished. before: $nr_keys_before, after: $nr_keys_after"); ++ } ++ + $self->{postgrey}{last_maint_keys}=$now; + } + } +@@ -383,7 +399,7 @@ + # whitelist if count is enough + if(defined $cawl_count and $cawl_count >= $self->{postgrey}{awl_clients}) + { +- if(($now >= $cawl_last+3600) or ($cawl_last > $now)) { ++ if(($now >= $cawl_last + $self->{postgrey}{awl_delay}) or ($cawl_last > $now)) { + $cawl_count++; # for statistics + $cawl_db->{$cawl_key}=$cawl_count.','.$now; + } +@@ -392,6 +408,28 @@ + } + } + ++ # check tarpit passed if targrey mode ++ if ($self->{postgrey}{targrey} && $attr->{protocol_state} eq 'DATA') { # passed tarpit ++ # remove tarpit blacklist ++ my $tarpit_db = $self->{postgrey}{db_tarpit}; ++ my $tarpit_key = $attr->{client_address}; ++ delete $tarpit_db->{$tarpit_key}; ++ ++ # auto whitelist clients by tarpit ++ if ($self->{postgrey}{awl_clients}) { ++ # enough time has passed (record only one attempt per hour) ++ if (! defined $cawl_last or $now >= $cawl_last + $self->{postgrey}{awl_delay}) { ++ # ok, increase count ++ $cawl_count++; ++ $cawl_db->{$cawl_key}=$cawl_count.','.$now; ++ $self->mylog(1, "tarpit whitelisted: $attr->{client_name}"."[".$attr->{client_address}."]") ++ if $cawl_count==$self->{postgrey}{awl_clients}; ++ } ++ } ++ ++ return 'DUNNO'; ++ } ++ + # lookup + my $sender = $self->do_sender_substitutions($attr->{sender}); + my ($client_net, $client_host) = +@@ -402,10 +440,11 @@ + } + my $val = $db->{$key}; + my $first; ++ my $retry_count=0; + my $last_was_successful=0; + if(defined $val) { + my $last; +- ($first, $last) = split(/,/,$val); ++ ($first, $last, $retry_count) = split(/,/,$val); + # find out if the last time was unsuccessful, so that we can add a header + # to say how much had to be waited + if($last - $first >= $self->{postgrey}{delay}) { +@@ -426,16 +465,19 @@ + $first = $now; + } + ++ my $diff = $self->{postgrey}{delay} - ($now - $first); ++ ++ # enough waited? -> increase retry_count ++ $retry_count++ if($diff <= 0); ++ + # update (put as last element stripped host-part if it was stripped) + if(defined $client_host) { +- $db->{$key}="$first,$now,$client_host"; ++ $db->{$key}="$first,$now,$retry_count,$client_host"; + } + else { +- $db->{$key}="$first,$now"; ++ $db->{$key}="$first,$now,$retry_count"; + } + +- my $diff = $self->{postgrey}{delay} - ($now - $first); +- + # auto whitelist clients + # algorithm: + # - on successful entry in the greylist db of a triplet: +@@ -443,23 +485,41 @@ + # - client whitelisted already? -> update last-seen timestamp + if($self->{postgrey}{awl_clients}) { + # greylisting succeeded +- if($diff <= 0 and !$last_was_successful) { ++ if($retry_count >= $self->{postgrey}{retry_count} and !$last_was_successful) { + # enough time has passed (record only one attempt per hour) +- if(! defined $cawl_last or $now >= $cawl_last + 3600) { ++ if(! defined $cawl_last or $now >= $cawl_last + $self->{postgrey}{awl_delay}) { + # ok, increase count + $cawl_count++; + $cawl_db->{$cawl_key}=$cawl_count.','.$now; + my $client = $attr->{client_name} ? + $attr->{client_name}.'['.$attr->{client_address}.']' : + $attr->{client_address}; +- $self->mylog(1, "whitelisted: $client") ++ $self->mylog(1, "whitelisted: $attr->{client_name}"."[".$attr->{client_address}."]") + if $cawl_count==$self->{postgrey}{awl_clients}; + } + } + } + +- # not enough waited? -> greylist +- if ($diff > 0 ) { ++ # not enough retry? -> greylist ++ if ($retry_count < $self->{postgrey}{retry_count}) { ++ if($self->{postgrey}{tarpit} && ! $self->{postgrey}{targrey}) { ++ # do tarpit and greylist if tarpit option only ++ # don't add message after greylist_action ++ return "SLEEP $self->{postgrey}{tarpit}, $self->{postgrey}{greylist_action}"; ++ } ++ if($self->{postgrey}{targrey}) { ++ # do tarpit if targrey option ++ # add tarpit blacklist ++ my $tarpit_db = $self->{postgrey}{db_tarpit}; ++ my $tarpit_key = $attr->{client_address}; ++ my $tarpit_last = $tarpit_db->{$tarpit_key}; ++ $tarpit_last = 0 unless (defined $tarpit_last); ++ $tarpit_db->{$tarpit_key} = "$now" if ($now >= $tarpit_last+300); # update if 5min ago ++ ++ # return sleep if not tarpit blacklisted ++ return "SLEEP $self->{postgrey}{tarpit}" if ($tarpit_last == 0); ++ # greylist if tarpit blacklisted ++ } + my $msg = $self->{postgrey}{greylist_text}; + # Workaround for an Exchange bug related to Greylisting: + # use DSN 4.2.0 instead of the default 4.7.1. This works +@@ -517,6 +577,7 @@ + 'syslogfacility|syslog-facility|facility=s', + 'retry-window=s', 'greylist-action=s', 'greylist-text=s', 'privacy', + 'hostname=s', 'exim', 'listen-queue-size=i', 'x-greylist-header=s', ++ 'tarpit:s', 'targrey', 'retry-count=i', 'auto-whitelist-delay=i', + ) or exit(1); + # note: lookup-by-subnet can be given for compatibility, but it is default + # so do not do nothing with it... +@@ -606,7 +667,9 @@ + awl_clients => defined $opt{'auto-whitelist-clients'} ? + ($opt{'auto-whitelist-clients'} ne '' ? + $opt{'auto-whitelist-clients'} : 5) : 5, ++ awl_delay => $opt{'auto-whitelist-delay'} || 3600, + retry_window => $retry_window, ++ retry_count => $opt{'retry-count'} || 1, + greylist_action => $opt{'greylist-action'} || 'DEFER_IF_PERMIT', + greylist_text => $opt{'greylist-text'} || 'Greylisted, see http://postgrey.schweikert.ch/help/%r.html', + whitelist_clients_files => $opt{'whitelist-clients'} || +@@ -618,6 +681,10 @@ + hostname => defined $opt{hostname} ? $opt{hostname} : hostname, + exim => defined $opt{'exim'}, + x_greylist_header => $opt{'x-greylist-header'} || 'X-Greylist: delayed %t seconds by postgrey-%v at %h; %d', ++ tarpit => defined $opt{'tarpit'} ? ++ ($opt{'tarpit'} ne '' ? ++ $opt{'tarpit'} : 65) : undef, ++ targrey => defined $opt{'targrey'}, + }, + }, 'postgrey'; + +@@ -633,6 +700,11 @@ + require Digest::SHA; + } + ++ # --targrey needs tarpit sec ++ if(defined $opt{'targrey'} && ! defined $opt{'tarpit'}) { ++ $server->{postgrey}{tarpit} = 125; ++ } ++ + $0 = join(' ', @{$server->{server}{commandline}}); + $server->run; + +@@ -711,6 +783,13 @@ + -Env => $self->{postgrey}{db_env} + ) or die "ERROR: can't create database $self->{server}{dbdir}/postgrey_clients.db: $!\n"; + } ++ if($self->{postgrey}{targrey}) { # use targrey ++ tie(%{$self->{postgrey}{db_tarpit}}, 'BerkeleyDB::Btree', ++ -Filename => 'tarpit_clients.db', ++ -Flags => DB_CREATE, ++ -Env => $self->{postgrey}{db_env} ++ ) or die "ERROR: can't create database $self->{server}{dbdir}/tarpit_clients.db: $!\n"; ++ } + } + + sub mux_input() |