From 0e572da1852de5d350bfa95885600ea21f7343a9 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Wed, 17 Mar 2010 15:35:18 +0100 Subject: add spampd Signed-off-by: Florian Pritz --- spampd/ChangeLog | 184 ++++++++++++++++++++++++++++++++++++++++++++++++++ spampd/PKGBUILD | 36 ++++++++++ spampd/rc-config | 2 + spampd/rc-script | 46 +++++++++++++ spampd/spampd.install | 9 +++ 5 files changed, 277 insertions(+) create mode 100644 spampd/ChangeLog create mode 100644 spampd/PKGBUILD create mode 100644 spampd/rc-config create mode 100755 spampd/rc-script create mode 100644 spampd/spampd.install (limited to 'spampd') diff --git a/spampd/ChangeLog b/spampd/ChangeLog new file mode 100644 index 0000000..39a07e3 --- /dev/null +++ b/spampd/ChangeLog @@ -0,0 +1,184 @@ +SpamPD Change Log +----------------- + +2.30 (31-Oct-05) +- Another, hopefully final, fix for the Sys::Syslog issue of % signs in the log + string. Fixes possible DoS vulnerability. Thanks to Sven Mueller and Florian + Weimer for the solution. +- Added new options for adding X-Envelope-From and (optionally) X-Envelope-To + headers to messages before SA processing. The idea is to help SA process any + blacklist/whitelist to/from directives on the actual sender/recipients instead + of the possibly bogus envelope headers. Use --seh or --set-envelope-headers + to enable setting both headers, or use --sef or --set-envelope-from to enable + only X-Envelope-From. If added, spampd attempts to remove the X-Envelope-To + header after SA processing to preserve BCC recipient anonymity, but enabling + this header may still expose recipient information. See man page for more + details. This patch was originally submitted by Sven Mueller, was slightly + modified, and the --sef option was added. + +######## + +2.21 (23-Oct-05) (unreleased) +- fixed SA version check on alphanumeric version strings. Stops the annoying + Perl warning messages in the mail log. Thanks to Sven Mueller for the fix. + +######## + +2.20 (05-Oct-04) +- added support for SpamAssassin version 3. spampd should now support all + SA versions (tested with 2.6.3 and 3.0.0). +- removed --add-sc-header feature. It is now redundant with SA v2.6 ability + to (almost fully) customize headers, which v3 improves on. If anyone + really needs this feature, please let me know. +- added --nodetach option to prevent daemon process backgrounding. Patch + provided by Urban Petry. Can be useful for win32/cygwin. +- if --debug is specified, Net::Server log level is increased to 4 (debug) + to provide some more info in the log (can be useful for diagnosing + user/permission issues). Thanks to Urban Petry for idea. +- the message sender (From header) is now included in the log along with message + ID, recipient, and scoring info. Thanks to Roland Koeckel for the patch. + +######## + +2.13 (24-Nov-03) +- SA debug messages redirected from STDERR (warn) to syslog. Thanks to Roland + Koeckel for the suggestion. + +######## + +2.12 (15-Nov-03) +- fixed bug related to Sys::Syslog where we needed to escape % signs in + Message IDs. Thanks to Jeffrey W. Collyer and Yann Grossel for the bug reports. +- minor performance improvement in SpamPD::Client using buffered write to send + message data. Thanks to Sam Horrocks for the tip. +- fixed error condition when an error response ([4|5]xx) was returned after a + DATA command was sent. Thanks to Rodrigo Ventura for bug reports about this. + +######## + +2.11 (15-Jul-03): +- fix for occasional corrupted message headers which caused blank messages + (seemed to have only affected certain malformed spam mail). +- added --logsock option for syslog socket. Defaults to 'unix' except for + HP-UX and SunOS (Solaris) which I'm told prefer 'inet'. + +######## + +2.10 (01-Jul-03): +- added optional 'X-Spam-Checked-By: {hostname}' header, where {hostname} is, + theoretically, the name of the machine doing the message scanning. New + options --add-sc-header and --hostname=name control this behavior. + +######## + +2.00 (10-Jun-03): +- major rewrite of how mail is handled internally. spampd now takes no + responsibility for the mail at any point, instead acting as a transparent + proxy between the originating and the destination servers. That is, the + servers speak to each other through spampd so final mail delivery + occurs only when the destination server acknowledges receipt of the data. + Idea based on smtpprox by Bennett Todd (http://bent.latency.net/smtpprox/). + Unfortunately this breaks the ability to redirect the mail based on spam + score, since scoring happens after all recipients have been specified and + accepted. But, it is much cleaner and safer than the previous method. + +- new architecture doesn't store the mail data in memory any more. Message + is still written to memory before scanning by SpamAssassin, but messages + larger than the --maxsize to be scanned won't eat up a bunch of memory. + From smtpprox documentation by Bennet Todd: + "it [spampd] stores the body of the message in an unlinked file + under /tmp, which should be a tmpfs; this prevents the allocation + overhead associated with large strings (often 2-3x) and ensures that + space will be returned to the OS as soon as it's not needed." + +- as a bonus feature, LMTP is now supported by virtue of spampd's transparency. + +- added a timeout check around the socket operations as suggested in the + Net::Server docs. Added new parameter to control this: --childtimeout=n + where n is number of seconds. + +- added a timeout check around the message processing (spam checking) routines + to guard against a SpamAssassin hang. Added new parameter to control + this: --satimeout=n where n is number of seconds. If a timeout (or error) + occurs while processing, the mail is still passed on unless the new --dose + (die-on-sa-errors) paramater is given. + +- added --children=n parameter to specify how many child + servers to spawn and maintain. Default is 5 children (plus + one parent). + +- now uses Net::Server::PreForkSimple instead of PreFork. (Tried utilizing the + advanced children pool features of PreFork but either couldn't figure it out + or they're kinda broken. If anyone has experience here, please let me know.) + +- improved logging including the Message-ID, recipients, 100ths precision + on spam score, processing time, and file size. Logging format now better + resembles that of spamd (which hopefully means spamd log analysis tools can be + made to work with spampd easily). + +- removed dependencies on Net::SMTP, Net::SMTP::Server::Client, and Error + modules. + +- host/port and relay host/port can both be specified as xx.xx.xx.xx:nn in + the --host and --relayhost parameters, or as individual parameters (--host, + --port, --relayhost, --relayport). + +# The next 3 items are ideas/patches by +# Kurt Andersen, +# Agilent Technologies Postmaster +# Global Messaging Team, Agilent Technologies + +- added optional support for Time::HiRes for more accurate processing time + reporting in the log (automatically loaded if Time::HiRes is available). + +- added optional logging of which SA rules matched a message. New option is + --log-rules-hit or --rh for short. + +- Added auto HPUX OS detection for syslog loggging + "(for some reason HPUX chokes on using the 'unix' socket type)." + +# Thanks Kurt! + +- added much more verbose spampd logging when using the --debug option. + +- 3 parameters are now deprecated but accepted for backwards compatability: + --dead-letters, --heloname, and --stop-at-threshold + +- added shorthand choice for some options: + --aw for --auto-whitelist; --L for --local-only; --a for --tagall + --u for --user; --g for --group; --p for --pid + --d for --debug; --h for --help; + +- documentation updates + +- licensing change due to use of Bennet Todd's code (to GNU GPL from Perl + Artistic). + +######## + +1.0.2 (13-Apr-03): +- added 'local-only' parameter to pass on to SA which turns off all + network-based tests (DNS, Razor, etc). + +######## + +1.0.1 (3-Feb-03): +- fixed minor but substantial bug preventing child processes + from exiting properly since the counter wasn't being incremented (d'oh!). + Thanks to Mark Blackman for pointing this out. + +- fixed typo in pod docs (Thx to James Sizemore for pointing out) + +######## + +Changes to assassind (1.0.0 initial release of spampd - May 2002): +A different message rewriting method (using + Mail::SpamAssassin::NoMailAudit instead of Dave Carrigan's + custom headers and Mail::Audit); +Adding more options for message handling, network/protocol options, + some options to pass on to SpamAssassin (such as whitelist usage); +More orientation to being used as a content filter for the + Postfix MTA, mostly by changing some default values; +Documentation changes; + +## EOF ## \ No newline at end of file diff --git a/spampd/PKGBUILD b/spampd/PKGBUILD new file mode 100644 index 0000000..7e9ee9e --- /dev/null +++ b/spampd/PKGBUILD @@ -0,0 +1,36 @@ +# Contributor: Florian "Bluewind" Pritz +pkgname=spampd +pkgver=2.30 +pkgrel=1 +pkgdesc="Spamassassin Proxy Daemon" +arch=('any') +url="http://www.worlddesign.com/index.cfm/rd/mta/spampd.htm" +license=('GPL') +groups=() +depends=('perl' 'perl-net-server') +makedepends=() +provides=() +conflicts=() +replaces=() +backup=(etc/conf.d/spampd) +options=() +install=spampd.install +source=("http://www.worlddesign.com/Content/rd/mta/$pkgname/$pkgname-$pkgver.tar.gz" + rc-script rc-config) +noextract=() +md5sums=('742c6f2cb75db54e59d044a8ee40445f' + '769f8a73765a0e7d235c9909aeb7ede9' + '637c2d93f76ba90d217e2418af64c9ec') + +build() { + cd "$srcdir/$pkgname-$pkgver" + + make + install -Dm755 spampd "$pkgdir/usr/bin/spampd" + install -Dm755 "$srcdir/rc-script" "$pkgdir/etc/rc.d/spampd" + install -Dm644 "$srcdir/rc-config" "$pkgdir/etc/conf.d/spampd" + install -Dm644 spampd.8.gz "$pkgdir/usr/share/man/man8/spampd.8.gz" + install -m644 changelog.txt "$startdir/ChangeLog" +} + +# vim:set ts=2 sw=2 et: diff --git a/spampd/rc-config b/spampd/rc-config new file mode 100644 index 0000000..61d9b57 --- /dev/null +++ b/spampd/rc-config @@ -0,0 +1,2 @@ +# for information see manpage or spampd --help +ARGS="--port=10025 --relayhost=127.0.0.1:10026 --tagall --rh --user spampd" diff --git a/spampd/rc-script b/spampd/rc-script new file mode 100755 index 0000000..364e064 --- /dev/null +++ b/spampd/rc-script @@ -0,0 +1,46 @@ +#!/bin/bash + +. /etc/rc.conf +. /etc/rc.d/functions +. /etc/conf.d/spampd + +PID=$(cat /var/run/spampd.pid) + +start() { + stat_busy "Starting Spampd" + /usr/bin/spampd $ARGS + if [ $? -gt 0 ]; then + stat_fail + else + add_daemon spampd + stat_done + fi +} + +stop() { + stat_busy "Stopping Spampd" + kill $PID + if [ $? -gt 0 ]; then + stat_fail + else + rm_daemon postfix + stat_done + fi +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + # calling 'stop' and 'start' without the $0 fails... + $0 stop + $0 start + ;; + *) + echo "usage: $0 {start|stop|restart}" +esac +exit 0 diff --git a/spampd/spampd.install b/spampd/spampd.install new file mode 100644 index 0000000..135f373 --- /dev/null +++ b/spampd/spampd.install @@ -0,0 +1,9 @@ +post_install() { + useradd -r spampd +} + +post_remove() { + userdel spampd +} + +# vim:set ts=2 sw=2 et: -- cgit v1.2.3-24-g4f1b From c6231092427aacb1f3b5eeb592f368a5ab9ec185 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Wed, 17 Mar 2010 15:38:22 +0100 Subject: spampd: clean up PKGBUILD Signed-off-by: Florian Pritz --- spampd/PKGBUILD | 7 ------- 1 file changed, 7 deletions(-) (limited to 'spampd') diff --git a/spampd/PKGBUILD b/spampd/PKGBUILD index 7e9ee9e..53eacd9 100644 --- a/spampd/PKGBUILD +++ b/spampd/PKGBUILD @@ -6,18 +6,11 @@ pkgdesc="Spamassassin Proxy Daemon" arch=('any') url="http://www.worlddesign.com/index.cfm/rd/mta/spampd.htm" license=('GPL') -groups=() depends=('perl' 'perl-net-server') -makedepends=() -provides=() -conflicts=() -replaces=() backup=(etc/conf.d/spampd) -options=() install=spampd.install source=("http://www.worlddesign.com/Content/rd/mta/$pkgname/$pkgname-$pkgver.tar.gz" rc-script rc-config) -noextract=() md5sums=('742c6f2cb75db54e59d044a8ee40445f' '769f8a73765a0e7d235c9909aeb7ede9' '637c2d93f76ba90d217e2418af64c9ec') -- cgit v1.2.3-24-g4f1b From 13a4f328ac7ceccedcadfca574e22098cf35e2df Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Wed, 17 Mar 2010 20:23:20 +0100 Subject: spampd: add dependency Signed-off-by: Florian Pritz --- spampd/PKGBUILD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'spampd') diff --git a/spampd/PKGBUILD b/spampd/PKGBUILD index 53eacd9..f9c7abd 100644 --- a/spampd/PKGBUILD +++ b/spampd/PKGBUILD @@ -1,12 +1,12 @@ # Contributor: Florian "Bluewind" Pritz pkgname=spampd pkgver=2.30 -pkgrel=1 +pkgrel=2 pkgdesc="Spamassassin Proxy Daemon" arch=('any') url="http://www.worlddesign.com/index.cfm/rd/mta/spampd.htm" license=('GPL') -depends=('perl' 'perl-net-server') +depends=('perl' 'perl-net-server' 'spamassassin') backup=(etc/conf.d/spampd) install=spampd.install source=("http://www.worlddesign.com/Content/rd/mta/$pkgname/$pkgname-$pkgver.tar.gz" -- cgit v1.2.3-24-g4f1b