/trunk/debian/changelog |
---|
3,15 → 3,8 |
* reproducible-build.patch (new): Make build reproducible by replacing |
the build date with the source date via ${SOURCE_DATE_EPOCH} when |
available (Closes: #831649). Thanks to Chris Lamb. |
* greylisting-ipv6.patch: Finally add IPv6 support to the greylisting |
plugin (Closes: #508161). Replaces grey-only-ipv4.patch. Based on |
Robert Tasarz's patch, though I decided to do things a little |
differently by keeping the greylistfourthbyte option for backwards |
compatibility and not adding separate options for IPv4 and IPv6 at |
this time. Also, with that option enabled, there will only be one |
directory level for all the last 64 bits of an IPv6 address. |
-- Magnus Holmgren <holmgren@debian.org> Fri, 22 Jul 2016 10:13:11 +0200 |
-- Magnus Holmgren <holmgren@debian.org> Thu, 21 Jul 2016 18:17:59 +0200 |
sa-exim (4.2.1-14) unstable; urgency=low |
/trunk/debian/patches/greylisting-ipv6.patch |
---|
File deleted |
/trunk/debian/patches/series |
---|
1,5 → 1,6 |
api-limitations.patch |
spamc-args.patch |
grey-only-ipv4.patch |
grey-clean-sender.patch |
save-path.patch |
improved-default-conf.patch |
6,4 → 7,3 |
spamd-not-nobody.patch |
readme.patch |
reproducible-build.patch |
greylisting-ipv6.patch |
/trunk/debian/patches/grey-only-ipv4.patch |
---|
0,0 → 1,33 |
Description: Bail out if a non-IPv4 address is encountered |
Author: Magnus Holmgren <holmgren@debian.org> |
Bug-Debian: http://bugs.debian.org/300103 |
Bug-Debian: http://bugs.debian.org/479955 |
--- sa-exim-4.2.1.orig/Greylisting.pm |
+++ sa-exim-4.2.1/Greylisting.pm |
@@ -170,16 +172,19 @@ sub greylisting |
# connectip is supposed to be untainted now, but I was still getting |
# some insecure dependecy error messages sometimes (perl 5.8 problem apparently) |
- $connectip =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/; |
- my ($ipbyte1, $ipbyte2, $ipbyte3, $ipbyte4) = ($1, $2, $3, $4); |
- my $ipdir1 = "$option{'dir'}/$ipbyte1"; |
- my $ipdir2 = "$ipdir1/$ipbyte2"; |
- my $ipdir3 = "$ipdir2/$ipbyte3"; |
+ unless ($connectip =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/) { |
+ warn "Can only handle IPv4 addresses; skipping greylisting call for message $mesgid\n"; |
+ return 0; |
+ } |
+ |
+ my $ipdir1 = "$option{'dir'}/$1"; |
+ my $ipdir2 = "$ipdir1/$2"; |
+ my $ipdir3 = "$ipdir2/$3"; |
my $ipdir4; |
my $tupletdir; |
$ipdir4 = "$ipdir3"; |
- $ipdir4 .= "/$ipbyte4" if ($option{'greylistfourthbyte'}); |
+ $ipdir4 .= "/$4" if ($option{'greylistfourthbyte'}); |
$tupletdir = "$ipdir4/$envfrom"; |
$tuplet = "$tupletdir/$rcptto"; |
/trunk/debian/control |
---|
11,7 → 11,7 |
Package: sa-exim |
Architecture: any |
Depends: ${exim:Depends}, spamc, ${shlibs:Depends}, ${misc:Depends}, |
debconf (>= 1.2.0) | debconf-2.0, libnetaddr-ip-perl |
debconf (>= 1.2.0) | debconf-2.0 |
Recommends: ${perl:Depends} |
Suggests: spamassassin |
Description: SpamAssassin filter for Exim |
/trunk/debian/README.Debian |
---|
124,14 → 124,13 |
loadplugin line, but fixing it is probably not worth the disruption of |
existing installations.) |
If two messages from the same /24 IPv4 network or /64 IPv6 network (or |
individual IP address, depending on greylistfourthbyte), with the same |
sender, with the same list of recipient, and with a score below |
dontgreylistthreshold are seen at least greylistsecs apart, the |
triplet will be whitelisted and the GREYLIST_ISWHITE rule will be |
considered to match thenceforth. That will signal to the local_scan |
library to raise SAtempreject to let the message through, in addition |
to the negative spam score it carries. |
If two messages from the same /24 network (or IP address, depending on |
greylistfourthbyte), with the same sender, with the same list of |
recipient, and with a score below dontgreylistthreshold are seen at |
least greylistsecs apart, the triplet will be whitelisted and the |
GREYLIST_ISWHITE rule will be considered to match thenceforth. That |
will signal to the local_scan library to raise SAtempreject to let the |
message through, in addition to the negative spam score it carries. |
Notice that messages can be permanently rejected (score above |
SApermreject) and still get a triplet whitelisted if the score is |
220,4 → 219,4 |
file specifies conflicting options, it will prevent SA-Exim from |
working. For now, you'll have to make sure that it doesn't. |
-- Magnus Holmgren <holmgren@debian.org>, Fri, 22 Jul 2016 09:58:32 +0200 |
-- Magnus Holmgren <holmgren@debian.org>, Sun, 18 Sep 2011 00:11:18 +0200 |