/tags/4.2.1-15/debian/README.Debian |
---|
124,13 → 124,14 |
loadplugin line, but fixing it is probably not worth the disruption of |
existing installations.) |
If two messages from the same /24 network (or IP address, depending on |
greylistfourthbyte), with the same sender, with the same list of |
recipient, and with a score below dontgreylistthreshold are seen at |
least greylistsecs apart, the triplet will be whitelisted and the |
GREYLIST_ISWHITE rule will be considered to match thenceforth. That |
will signal to the local_scan library to raise SAtempreject to let the |
message through, in addition to the negative spam score it carries. |
If two messages from the same /24 IPv4 network or /64 IPv6 network (or |
individual IP address, depending on greylistfourthbyte), with the same |
sender, with the same list of recipient, and with a score below |
dontgreylistthreshold are seen at least greylistsecs apart, the |
triplet will be whitelisted and the GREYLIST_ISWHITE rule will be |
considered to match thenceforth. That will signal to the local_scan |
library to raise SAtempreject to let the message through, in addition |
to the negative spam score it carries. |
Notice that messages can be permanently rejected (score above |
SApermreject) and still get a triplet whitelisted if the score is |
219,4 → 220,4 |
file specifies conflicting options, it will prevent SA-Exim from |
working. For now, you'll have to make sure that it doesn't. |
-- Magnus Holmgren <holmgren@debian.org>, Sun, 18 Sep 2011 00:11:18 +0200 |
-- Magnus Holmgren <holmgren@debian.org>, Fri, 22 Jul 2016 09:58:32 +0200 |
/tags/4.2.1-15/debian/changelog |
---|
1,3 → 1,37 |
sa-exim (4.2.1-15) unstable; urgency=low |
* reproducible-build.patch (new): Make build reproducible by replacing |
the build date with the source date via ${SOURCE_DATE_EPOCH} when |
available (Closes: #831649). Thanks to Chris Lamb. |
* greylisting-ipv6.patch (new): Finally add IPv6 support to the |
greylisting plugin (Closes: #508161). Replaces grey-only-ipv4.patch. |
Based on Robert Tasarz's patch, though I decided to do things a little |
differently by keeping the greylistfourthbyte option for backwards |
compatibility and not adding separate options for IPv4 and IPv6 at |
this time. Also, with that option enabled, there will only be one |
directory level for all the last 64 bits of an IPv6 address. |
* delete-ext-html-references.patch (new): sa.html, which is shipped in |
the doc directory, is a copy of the author's webpage on sa-exim from |
his website, but without the images or linked pages, which means that |
most of the images and links don't work, except the SourceForge logo, |
which was fetched from sourceforge.net, causing a privacy concern. We |
drop the images and make the non-absolute links relative to |
http://marc.merlins.org/linux/exim/. |
* postinst, postrm: Remove hard-coded path to invoke-rc.d. |
* postrm: On purge, always delete the greylisting tuplets directory |
first. Normally, /var/spool/sa-exim is then empty and can be removed |
without asking the user, avoiding leaving unowned files (Closes: |
#657140). |
* greylist-lint.patch: disable greylisting plugin during spamassassin |
--lint to avoid warnings about missing headers (Closes: #760860). |
Thanks to Chaskiel Grundman. |
* Use dpkg-buildflags. |
* Bump Standards-Version to 3.9.8. |
* Override Lintian warning about virtual exim4-localscanapi dependency |
regardless of API version. |
-- Magnus Holmgren <holmgren@debian.org> Fri, 22 Jul 2016 11:26:45 +0200 |
sa-exim (4.2.1-14) unstable; urgency=low |
* Updated Danish and Dutch Debconf template translations (Closes: |
/tags/4.2.1-15/debian/control |
---|
3,7 → 3,7 |
Priority: optional |
Maintainer: Magnus Holmgren <holmgren@debian.org> |
Build-Depends: debhelper (>= 7), links, exim4-dev |
Standards-Version: 3.9.2 |
Standards-Version: 3.9.8 |
Vcs-Svn: svn://svn.kibibyte.se/sa-exim/trunk |
Vcs-Browser: http://svn.kibibyte.se/sa-exim |
Homepage: http://marc.merlins.org/linux/exim/sa.html |
11,7 → 11,7 |
Package: sa-exim |
Architecture: any |
Depends: ${exim:Depends}, spamc, ${shlibs:Depends}, ${misc:Depends}, |
debconf (>= 1.2.0) | debconf-2.0 |
debconf (>= 1.2.0) | debconf-2.0, libnetaddr-ip-perl |
Recommends: ${perl:Depends} |
Suggests: spamassassin |
Description: SpamAssassin filter for Exim |
/tags/4.2.1-15/debian/patches/grey-only-ipv4.patch |
---|
File deleted |
/tags/4.2.1-15/debian/patches/delete-ext-html-references.patch |
---|
0,0 → 1,41 |
Description: Delete references to images not distributed, and add base URL to make links work. |
In particular get rid of the external SourceForce logo, which caused a privacy breach. |
--- a/sa.html.template |
+++ b/sa.html.template |
@@ -1,6 +1,7 @@ |
<html> |
<head> |
-<title>Exim SpamAssassin at SMTP time</title> |
+ <title>Exim SpamAssassin at SMTP time</title> |
+ <base href="http://marc.merlins.org/linux/exim/"> |
</head> |
<body> |
@@ -113,7 +114,7 @@ threshold (7 for instance). After that, |
inspect all the mails you've rejected or /dev/nulled |
</ul> |
-You can also (and probably should <img src="/gifs/people/smile.happy.gif" alt=":-)" align=TOP WIDTH=16 HEIGHT=16>) use the new greylisting support for even |
+You can also (and probably should :-)) use the new greylisting support for even |
better spam control |
@@ -205,17 +206,5 @@ prefer the use of the |
<Acknowledgements> |
</Acknowledgements> |
- |
-<P ALIGN="center"> |
-<img src="/gifs/lines/misc/lampline.gif" alt="" WIDTH=720 HEIGHT=14> |
-</P> |
-<br> |
-<img src="/gifs/misc/wizard.gif" alt="" align="middle" WIDTH=72 HEIGHT=61> |
-<img src="/gifs/linux/damn-powered.gif" alt="" align="right" WIDTH=170 HEIGHT=29> |
-<IMG SRC="/gifs/icons/msfree.gif" ALT="[ms free site]" ALIGN="right" WIDTH=95 HEIGHT=31> |
-<a href="http://sourceforge.net"><img src="http://sourceforge.net/sflogo.php?group_id=56124&type=1" width="88" height="31" border="0" align="right" alt="SourceForge.net Logo"></a> |
-<A HREF="/perso/contact.html">Email</A><BR> |
-<A HREF="/">Link to Home Page</A> |
-<P> |
</body> |
</html> |
/tags/4.2.1-15/debian/patches/greylist-lint.patch |
---|
0,0 → 1,17 |
From: Chaskiel Grundman <cg2v@andrew.cmu.edu> |
Subject: Prevent warnings during spamassassin --lint |
Bug: https://bugs.debian.org/760860 |
--- a/Greylisting.pm |
+++ b/Greylisting.pm |
@@ -65,6 +65,10 @@ sub greylisting |
my $dontcheckscore; |
my %option; |
+ if ($self->{main}->{lint_rules}) { |
+ Mail::SpamAssassin::Plugin::dbg("GREYLISTING: disabled while linting"); |
+ return 0; |
+ } |
Mail::SpamAssassin::Plugin::dbg("GREYLISTING: called function"); |
$optionhash =~ s/;/,/g; |
/tags/4.2.1-15/debian/patches/greylisting-ipv6.patch |
---|
0,0 → 1,76 |
Description: Add IPv6 support to the Greylisting SpamAssassin plugin. |
The greylistfourthbyte option, for IPv6 addresses, means that all |
addresses in the same /64 get whitelisted as a group. |
Bug: https://bugs.debian.org/508161 |
--- a/Greylisting.pm |
+++ b/Greylisting.pm |
@@ -21,6 +21,8 @@ package Greylisting; |
use strict; |
use Mail::SpamAssassin::Plugin; |
+use NetAddr::IP; |
+use File::Path qw(mkpath); |
our @ISA = qw(Mail::SpamAssassin::Plugin); |
sub new |
@@ -104,8 +106,12 @@ sub greylisting |
} |
chomp($connectip); |
# Clean up input (for security, if you use files/dirs) |
- $connectip =~ /([\d.:]+)/; |
- $connectip = ($1 or ""); |
+ |
+ $connectip = NetAddr::IP->new($connectip); |
+ if (not defined $connectip) { |
+ warn "Can only handle IPv4 and IPv6 addresses; skipping greylisting call for message $mesgid\n"; |
+ return 0; |
+ } |
# Account for a null envelope from |
if (not defined ($envfrom = $permsgstatus->get($option{'envfromhdr'}))) |
@@ -172,26 +178,27 @@ sub greylisting |
# connectip is supposed to be untainted now, but I was still getting |
# some insecure dependecy error messages sometimes (perl 5.8 problem apparently) |
- $connectip =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/; |
- my ($ipbyte1, $ipbyte2, $ipbyte3, $ipbyte4) = ($1, $2, $3, $4); |
- my $ipdir1 = "$option{'dir'}/$ipbyte1"; |
- my $ipdir2 = "$ipdir1/$ipbyte2"; |
- my $ipdir3 = "$ipdir2/$ipbyte3"; |
- my $ipdir4; |
- my $tupletdir; |
- |
- $ipdir4 = "$ipdir3"; |
- $ipdir4 .= "/$ipbyte4" if ($option{'greylistfourthbyte'}); |
- $tupletdir = "$ipdir4/$envfrom"; |
- |
+ my $ipdir; |
+ if ($connectip->version == 6) { |
+ my @components = split ':', $connectip->full, 5; |
+ if ($option{'greylistfourthbyte'}) { |
+ $ipdir = join '/', @components; |
+ } else { |
+ $ipdir = join '/', @components[0..3]; |
+ } |
+ } else { |
+ my @components = split '\.', $connectip->addr; |
+ if ($option{'greylistfourthbyte'}) { |
+ $ipdir = join '/', @components; |
+ } else { |
+ $ipdir = join '/', @components[0..2]; |
+ } |
+ } |
+ my $tupletdir = "$option{'dir'}/$ipdir/$envfrom"; |
$tuplet = "$tupletdir/$rcptto"; |
# make directory whether it's there or not (faster than test and set) |
- mkdir $ipdir1; |
- mkdir $ipdir2; |
- mkdir $ipdir3; |
- mkdir $ipdir4; |
- mkdir $tupletdir; |
+ mkpath $tupletdir; |
if (not -e $tuplet) |
{ |
/tags/4.2.1-15/debian/patches/reproducible-build.patch |
---|
0,0 → 1,17 |
Author: Chris Lamb <lamby@debian.org> |
Last-Update: 2016-07-18 |
--- a/Makefile |
+++ b/Makefile |
@@ -63,7 +63,11 @@ sa-exim_short.conf: sa-exim.conf |
@cat sa-exim.conf | grep -v "^#" | tr '\012' 'ÿ' | sed "s/ÿÿÿ*/ÿÿ/g" | tr 'ÿ' '\012' >> sa-exim_short.conf |
sa-exim.h: sa-exim.c version |
+ifdef SOURCE_DATE_EPOCH |
+ echo "char *version=\"`cat version` (built `LC_ALL=C date --utc -R --date=@$${SOURCE_DATE_EPOCH}`)\";" > sa-exim.h |
+else |
echo "char *version=\"`cat version` (built `date -R 2>/dev/null || date`)\";" > sa-exim.h |
+endif |
clean: |
@-rm -rf $(OBJECTS) $(DOCS) $(OTHERTARGETS) build-stamp configure-stamp debian/sa-exim debian/sa-exim.postrm.debhelper debian/sa-exim.substvars debian/files 2>/dev/null |
/tags/4.2.1-15/debian/patches/series |
---|
1,8 → 1,11 |
api-limitations.patch |
spamc-args.patch |
grey-only-ipv4.patch |
grey-clean-sender.patch |
save-path.patch |
improved-default-conf.patch |
spamd-not-nobody.patch |
readme.patch |
reproducible-build.patch |
greylisting-ipv6.patch |
greylist-lint.patch |
delete-ext-html-references.patch |
/tags/4.2.1-15/debian/postinst |
---|
39,7 → 39,7 |
rm ${LOCALSCANCONF}.rul |
fi |
if [ -x /etc/init.d/exim4 ]; then |
if [ -x /usr/sbin/invoke-rc.d ]; then |
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then |
invoke-rc.d exim4 reload || true |
else |
/etc/init.d/exim4 reload || true |
/tags/4.2.1-15/debian/postrm |
---|
16,7 → 16,7 |
echo "${DISABLELOCALSCANTEXT}" > ${LOCALSCANCONF}.rul |
fi |
if [ -x /etc/init.d/exim4 ]; then |
if [ -x /usr/sbin/invoke-rc.d ]; then |
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then |
invoke-rc.d exim4 reload || true |
else |
/etc/init.d/exim4 reload || true |
31,12 → 31,14 |
rm ${LOCALSCANCONF}.rul |
fi |
if [ -x /etc/init.d/exim4 ]; then |
if [ -x /usr/sbin/invoke-rc.d ]; then |
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then |
invoke-rc.d exim4 reload || true |
else |
/etc/init.d/exim4 reload || true |
fi |
fi |
rm -rf /var/spool/sa-exim/tuplets |
# In the rather uncommon event that debconf has been removed before |
# us, we have no choice but leaving the spool directory alone. |
if [ -e /var/spool/sa-exim ] && |
/tags/4.2.1-15/debian/rules |
---|
5,14 → 5,10 |
# Uncomment this to turn on verbose mode. |
#export DH_VERBOSE=1 |
CFLAGS = -Wall -g |
CFLAGS := $(shell dpkg-buildflags --get CFLAGS) |
CPPFLAGS := $(shell dpkg-buildflags --get CPPFLAGS) |
LDFLAGS := $(shell dpkg-buildflags --get LDFLAGS) |
ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) |
CFLAGS += -O0 |
else |
CFLAGS += -O2 |
endif |
build: build-arch |
build-indep: |
20,7 → 16,8 |
build-arch: build-stamp |
build-stamp: |
dh_testdir |
$(MAKE) BUILDCFLAGS='-I/usr/include/exim4 -fPIC $$(CFLAGS)' SUFF='' |
$(MAKE) BUILDCFLAGS='-I/usr/include/exim4 -fPIC $$(CPPFLAGS) $$(CFLAGS)' \ |
CPPFLAGS='$(CPPFLAGS)' CFLAGS='$(CFLAGS)' LDFLAGS='-shared $(LDFLAGS)' SUFF='' |
touch build-stamp |
clean: |
/tags/4.2.1-15/debian/sa-exim.lintian-overrides |
---|
1,0 → 0,0 |
sa-exim: virtual-package-depends-without-real-package-depends depends: exim4-localscanapi-1.1 |
sa-exim: virtual-package-depends-without-real-package-depends depends: exim4-localscanapi-* |