| /trunk/debian/changelog |
|---|
| 3,15 → 3,8 |
| * reproducible-build.patch (new): Make build reproducible by replacing |
| the build date with the source date via ${SOURCE_DATE_EPOCH} when |
| available (Closes: #831649). Thanks to Chris Lamb. |
| * greylisting-ipv6.patch: Finally add IPv6 support to the greylisting |
| plugin (Closes: #508161). Replaces grey-only-ipv4.patch. Based on |
| Robert Tasarz's patch, though I decided to do things a little |
| differently by keeping the greylistfourthbyte option for backwards |
| compatibility and not adding separate options for IPv4 and IPv6 at |
| this time. Also, with that option enabled, there will only be one |
| directory level for all the last 64 bits of an IPv6 address. |
| -- Magnus Holmgren <holmgren@debian.org> Fri, 22 Jul 2016 10:13:11 +0200 |
| -- Magnus Holmgren <holmgren@debian.org> Thu, 21 Jul 2016 18:17:59 +0200 |
| sa-exim (4.2.1-14) unstable; urgency=low |
| /trunk/debian/patches/greylisting-ipv6.patch |
|---|
| File deleted |
| /trunk/debian/patches/series |
|---|
| 1,5 → 1,6 |
| api-limitations.patch |
| spamc-args.patch |
| grey-only-ipv4.patch |
| grey-clean-sender.patch |
| save-path.patch |
| improved-default-conf.patch |
| 6,4 → 7,3 |
| spamd-not-nobody.patch |
| readme.patch |
| reproducible-build.patch |
| greylisting-ipv6.patch |
| /trunk/debian/patches/grey-only-ipv4.patch |
|---|
| 0,0 → 1,33 |
| Description: Bail out if a non-IPv4 address is encountered |
| Author: Magnus Holmgren <holmgren@debian.org> |
| Bug-Debian: http://bugs.debian.org/300103 |
| Bug-Debian: http://bugs.debian.org/479955 |
| --- sa-exim-4.2.1.orig/Greylisting.pm |
| +++ sa-exim-4.2.1/Greylisting.pm |
| @@ -170,16 +172,19 @@ sub greylisting |
| # connectip is supposed to be untainted now, but I was still getting |
| # some insecure dependecy error messages sometimes (perl 5.8 problem apparently) |
| - $connectip =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/; |
| - my ($ipbyte1, $ipbyte2, $ipbyte3, $ipbyte4) = ($1, $2, $3, $4); |
| - my $ipdir1 = "$option{'dir'}/$ipbyte1"; |
| - my $ipdir2 = "$ipdir1/$ipbyte2"; |
| - my $ipdir3 = "$ipdir2/$ipbyte3"; |
| + unless ($connectip =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/) { |
| + warn "Can only handle IPv4 addresses; skipping greylisting call for message $mesgid\n"; |
| + return 0; |
| + } |
| + |
| + my $ipdir1 = "$option{'dir'}/$1"; |
| + my $ipdir2 = "$ipdir1/$2"; |
| + my $ipdir3 = "$ipdir2/$3"; |
| my $ipdir4; |
| my $tupletdir; |
| $ipdir4 = "$ipdir3"; |
| - $ipdir4 .= "/$ipbyte4" if ($option{'greylistfourthbyte'}); |
| + $ipdir4 .= "/$4" if ($option{'greylistfourthbyte'}); |
| $tupletdir = "$ipdir4/$envfrom"; |
| $tuplet = "$tupletdir/$rcptto"; |
| /trunk/debian/control |
|---|
| 11,7 → 11,7 |
| Package: sa-exim |
| Architecture: any |
| Depends: ${exim:Depends}, spamc, ${shlibs:Depends}, ${misc:Depends}, |
| debconf (>= 1.2.0) | debconf-2.0, libnetaddr-ip-perl |
| debconf (>= 1.2.0) | debconf-2.0 |
| Recommends: ${perl:Depends} |
| Suggests: spamassassin |
| Description: SpamAssassin filter for Exim |
| /trunk/debian/README.Debian |
|---|
| 124,14 → 124,13 |
| loadplugin line, but fixing it is probably not worth the disruption of |
| existing installations.) |
| If two messages from the same /24 IPv4 network or /64 IPv6 network (or |
| individual IP address, depending on greylistfourthbyte), with the same |
| sender, with the same list of recipient, and with a score below |
| dontgreylistthreshold are seen at least greylistsecs apart, the |
| triplet will be whitelisted and the GREYLIST_ISWHITE rule will be |
| considered to match thenceforth. That will signal to the local_scan |
| library to raise SAtempreject to let the message through, in addition |
| to the negative spam score it carries. |
| If two messages from the same /24 network (or IP address, depending on |
| greylistfourthbyte), with the same sender, with the same list of |
| recipient, and with a score below dontgreylistthreshold are seen at |
| least greylistsecs apart, the triplet will be whitelisted and the |
| GREYLIST_ISWHITE rule will be considered to match thenceforth. That |
| will signal to the local_scan library to raise SAtempreject to let the |
| message through, in addition to the negative spam score it carries. |
| Notice that messages can be permanently rejected (score above |
| SApermreject) and still get a triplet whitelisted if the score is |
| 220,4 → 219,4 |
| file specifies conflicting options, it will prevent SA-Exim from |
| working. For now, you'll have to make sure that it doesn't. |
| -- Magnus Holmgren <holmgren@debian.org>, Fri, 22 Jul 2016 09:58:32 +0200 |
| -- Magnus Holmgren <holmgren@debian.org>, Sun, 18 Sep 2011 00:11:18 +0200 |