Subversion Repositories sa-exim

Compare Revisions

Ignore whitespace Rev 74 → Rev 86

/tags/4.2.1-15/debian/README.Debian
124,13 → 124,14
loadplugin line, but fixing it is probably not worth the disruption of
existing installations.)
 
If two messages from the same /24 network (or IP address, depending on
greylistfourthbyte), with the same sender, with the same list of
recipient, and with a score below dontgreylistthreshold are seen at
least greylistsecs apart, the triplet will be whitelisted and the
GREYLIST_ISWHITE rule will be considered to match thenceforth. That
will signal to the local_scan library to raise SAtempreject to let the
message through, in addition to the negative spam score it carries.
If two messages from the same /24 IPv4 network or /64 IPv6 network (or
individual IP address, depending on greylistfourthbyte), with the same
sender, with the same list of recipient, and with a score below
dontgreylistthreshold are seen at least greylistsecs apart, the
triplet will be whitelisted and the GREYLIST_ISWHITE rule will be
considered to match thenceforth. That will signal to the local_scan
library to raise SAtempreject to let the message through, in addition
to the negative spam score it carries.
 
Notice that messages can be permanently rejected (score above
SApermreject) and still get a triplet whitelisted if the score is
219,4 → 220,4
file specifies conflicting options, it will prevent SA-Exim from
working. For now, you'll have to make sure that it doesn't.
 
-- Magnus Holmgren <holmgren@debian.org>, Sun, 18 Sep 2011 00:11:18 +0200
-- Magnus Holmgren <holmgren@debian.org>, Fri, 22 Jul 2016 09:58:32 +0200
/tags/4.2.1-15/debian/changelog
1,3 → 1,37
sa-exim (4.2.1-15) unstable; urgency=low
 
* reproducible-build.patch (new): Make build reproducible by replacing
the build date with the source date via ${SOURCE_DATE_EPOCH} when
available (Closes: #831649). Thanks to Chris Lamb.
* greylisting-ipv6.patch (new): Finally add IPv6 support to the
greylisting plugin (Closes: #508161). Replaces grey-only-ipv4.patch.
Based on Robert Tasarz's patch, though I decided to do things a little
differently by keeping the greylistfourthbyte option for backwards
compatibility and not adding separate options for IPv4 and IPv6 at
this time. Also, with that option enabled, there will only be one
directory level for all the last 64 bits of an IPv6 address.
* delete-ext-html-references.patch (new): sa.html, which is shipped in
the doc directory, is a copy of the author's webpage on sa-exim from
his website, but without the images or linked pages, which means that
most of the images and links don't work, except the SourceForge logo,
which was fetched from sourceforge.net, causing a privacy concern. We
drop the images and make the non-absolute links relative to
http://marc.merlins.org/linux/exim/.
* postinst, postrm: Remove hard-coded path to invoke-rc.d.
* postrm: On purge, always delete the greylisting tuplets directory
first. Normally, /var/spool/sa-exim is then empty and can be removed
without asking the user, avoiding leaving unowned files (Closes:
#657140).
* greylist-lint.patch: disable greylisting plugin during spamassassin
--lint to avoid warnings about missing headers (Closes: #760860).
Thanks to Chaskiel Grundman.
* Use dpkg-buildflags.
* Bump Standards-Version to 3.9.8.
* Override Lintian warning about virtual exim4-localscanapi dependency
regardless of API version.
 
-- Magnus Holmgren <holmgren@debian.org> Fri, 22 Jul 2016 11:26:45 +0200
 
sa-exim (4.2.1-14) unstable; urgency=low
 
* Updated Danish and Dutch Debconf template translations (Closes:
/tags/4.2.1-15/debian/control
3,7 → 3,7
Priority: optional
Maintainer: Magnus Holmgren <holmgren@debian.org>
Build-Depends: debhelper (>= 7), links, exim4-dev
Standards-Version: 3.9.2
Standards-Version: 3.9.8
Vcs-Svn: svn://svn.kibibyte.se/sa-exim/trunk
Vcs-Browser: http://svn.kibibyte.se/sa-exim
Homepage: http://marc.merlins.org/linux/exim/sa.html
11,7 → 11,7
Package: sa-exim
Architecture: any
Depends: ${exim:Depends}, spamc, ${shlibs:Depends}, ${misc:Depends},
debconf (>= 1.2.0) | debconf-2.0
debconf (>= 1.2.0) | debconf-2.0, libnetaddr-ip-perl
Recommends: ${perl:Depends}
Suggests: spamassassin
Description: SpamAssassin filter for Exim
/tags/4.2.1-15/debian/patches/grey-only-ipv4.patch
File deleted
/tags/4.2.1-15/debian/patches/delete-ext-html-references.patch
0,0 → 1,41
Description: Delete references to images not distributed, and add base URL to make links work.
In particular get rid of the external SourceForce logo, which caused a privacy breach.
 
--- a/sa.html.template
+++ b/sa.html.template
@@ -1,6 +1,7 @@
<html>
<head>
-<title>Exim SpamAssassin at SMTP time</title>
+ <title>Exim SpamAssassin at SMTP time</title>
+ <base href="http://marc.merlins.org/linux/exim/">
</head>
<body>
@@ -113,7 +114,7 @@ threshold (7 for instance). After that,
inspect all the mails you've rejected or /dev/nulled
</ul>
-You can also (and probably should <img src="/gifs/people/smile.happy.gif" alt=":-)" align=TOP WIDTH=16 HEIGHT=16>) use the new greylisting support for even
+You can also (and probably should :-)) use the new greylisting support for even
better spam control
@@ -205,17 +206,5 @@ prefer the use of the
<Acknowledgements>
</Acknowledgements>
-
-<P ALIGN="center">
-<img src="/gifs/lines/misc/lampline.gif" alt="" WIDTH=720 HEIGHT=14>
-</P>
-<br>
-<img src="/gifs/misc/wizard.gif" alt="" align="middle" WIDTH=72 HEIGHT=61>
-<img src="/gifs/linux/damn-powered.gif" alt="" align="right" WIDTH=170 HEIGHT=29>
-<IMG SRC="/gifs/icons/msfree.gif" ALT="[ms free site]" ALIGN="right" WIDTH=95 HEIGHT=31>
-<a href="http://sourceforge.net"><img src="http://sourceforge.net/sflogo.php?group_id=56124&amp;type=1" width="88" height="31" border="0" align="right" alt="SourceForge.net Logo"></a>
-<A HREF="/perso/contact.html">Email</A><BR>
-<A HREF="/">Link to Home Page</A>
-<P>
</body>
</html>
/tags/4.2.1-15/debian/patches/greylist-lint.patch
0,0 → 1,17
From: Chaskiel Grundman <cg2v@andrew.cmu.edu>
Subject: Prevent warnings during spamassassin --lint
Bug: https://bugs.debian.org/760860
 
--- a/Greylisting.pm
+++ b/Greylisting.pm
@@ -65,6 +65,10 @@ sub greylisting
my $dontcheckscore;
my %option;
+ if ($self->{main}->{lint_rules}) {
+ Mail::SpamAssassin::Plugin::dbg("GREYLISTING: disabled while linting");
+ return 0;
+ }
Mail::SpamAssassin::Plugin::dbg("GREYLISTING: called function");
$optionhash =~ s/;/,/g;
/tags/4.2.1-15/debian/patches/greylisting-ipv6.patch
0,0 → 1,76
Description: Add IPv6 support to the Greylisting SpamAssassin plugin.
The greylistfourthbyte option, for IPv6 addresses, means that all
addresses in the same /64 get whitelisted as a group.
Bug: https://bugs.debian.org/508161
 
--- a/Greylisting.pm
+++ b/Greylisting.pm
@@ -21,6 +21,8 @@ package Greylisting;
use strict;
use Mail::SpamAssassin::Plugin;
+use NetAddr::IP;
+use File::Path qw(mkpath);
our @ISA = qw(Mail::SpamAssassin::Plugin);
sub new
@@ -104,8 +106,12 @@ sub greylisting
}
chomp($connectip);
# Clean up input (for security, if you use files/dirs)
- $connectip =~ /([\d.:]+)/;
- $connectip = ($1 or "");
+
+ $connectip = NetAddr::IP->new($connectip);
+ if (not defined $connectip) {
+ warn "Can only handle IPv4 and IPv6 addresses; skipping greylisting call for message $mesgid\n";
+ return 0;
+ }
# Account for a null envelope from
if (not defined ($envfrom = $permsgstatus->get($option{'envfromhdr'})))
@@ -172,26 +178,27 @@ sub greylisting
# connectip is supposed to be untainted now, but I was still getting
# some insecure dependecy error messages sometimes (perl 5.8 problem apparently)
- $connectip =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/;
- my ($ipbyte1, $ipbyte2, $ipbyte3, $ipbyte4) = ($1, $2, $3, $4);
- my $ipdir1 = "$option{'dir'}/$ipbyte1";
- my $ipdir2 = "$ipdir1/$ipbyte2";
- my $ipdir3 = "$ipdir2/$ipbyte3";
- my $ipdir4;
- my $tupletdir;
-
- $ipdir4 = "$ipdir3";
- $ipdir4 .= "/$ipbyte4" if ($option{'greylistfourthbyte'});
- $tupletdir = "$ipdir4/$envfrom";
-
+ my $ipdir;
+ if ($connectip->version == 6) {
+ my @components = split ':', $connectip->full, 5;
+ if ($option{'greylistfourthbyte'}) {
+ $ipdir = join '/', @components;
+ } else {
+ $ipdir = join '/', @components[0..3];
+ }
+ } else {
+ my @components = split '\.', $connectip->addr;
+ if ($option{'greylistfourthbyte'}) {
+ $ipdir = join '/', @components;
+ } else {
+ $ipdir = join '/', @components[0..2];
+ }
+ }
+ my $tupletdir = "$option{'dir'}/$ipdir/$envfrom";
$tuplet = "$tupletdir/$rcptto";
# make directory whether it's there or not (faster than test and set)
- mkdir $ipdir1;
- mkdir $ipdir2;
- mkdir $ipdir3;
- mkdir $ipdir4;
- mkdir $tupletdir;
+ mkpath $tupletdir;
if (not -e $tuplet)
{
/tags/4.2.1-15/debian/patches/reproducible-build.patch
0,0 → 1,17
Author: Chris Lamb <lamby@debian.org>
Last-Update: 2016-07-18
 
--- a/Makefile
+++ b/Makefile
@@ -63,7 +63,11 @@ sa-exim_short.conf: sa-exim.conf
@cat sa-exim.conf | grep -v "^#" | tr '\012' 'ÿ' | sed "s/ÿÿÿ*/ÿÿ/g" | tr 'ÿ' '\012' >> sa-exim_short.conf
sa-exim.h: sa-exim.c version
+ifdef SOURCE_DATE_EPOCH
+ echo "char *version=\"`cat version` (built `LC_ALL=C date --utc -R --date=@$${SOURCE_DATE_EPOCH}`)\";" > sa-exim.h
+else
echo "char *version=\"`cat version` (built `date -R 2>/dev/null || date`)\";" > sa-exim.h
+endif
clean:
@-rm -rf $(OBJECTS) $(DOCS) $(OTHERTARGETS) build-stamp configure-stamp debian/sa-exim debian/sa-exim.postrm.debhelper debian/sa-exim.substvars debian/files 2>/dev/null
/tags/4.2.1-15/debian/patches/series
1,8 → 1,11
api-limitations.patch
spamc-args.patch
grey-only-ipv4.patch
grey-clean-sender.patch
save-path.patch
improved-default-conf.patch
spamd-not-nobody.patch
readme.patch
reproducible-build.patch
greylisting-ipv6.patch
greylist-lint.patch
delete-ext-html-references.patch
/tags/4.2.1-15/debian/postinst
39,7 → 39,7
rm ${LOCALSCANCONF}.rul
fi
if [ -x /etc/init.d/exim4 ]; then
if [ -x /usr/sbin/invoke-rc.d ]; then
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
invoke-rc.d exim4 reload || true
else
/etc/init.d/exim4 reload || true
/tags/4.2.1-15/debian/postrm
16,7 → 16,7
echo "${DISABLELOCALSCANTEXT}" > ${LOCALSCANCONF}.rul
fi
if [ -x /etc/init.d/exim4 ]; then
if [ -x /usr/sbin/invoke-rc.d ]; then
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
invoke-rc.d exim4 reload || true
else
/etc/init.d/exim4 reload || true
31,12 → 31,14
rm ${LOCALSCANCONF}.rul
fi
if [ -x /etc/init.d/exim4 ]; then
if [ -x /usr/sbin/invoke-rc.d ]; then
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
invoke-rc.d exim4 reload || true
else
/etc/init.d/exim4 reload || true
fi
fi
 
rm -rf /var/spool/sa-exim/tuplets
# In the rather uncommon event that debconf has been removed before
# us, we have no choice but leaving the spool directory alone.
if [ -e /var/spool/sa-exim ] &&
/tags/4.2.1-15/debian/rules
5,14 → 5,10
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
 
CFLAGS = -Wall -g
CFLAGS := $(shell dpkg-buildflags --get CFLAGS)
CPPFLAGS := $(shell dpkg-buildflags --get CPPFLAGS)
LDFLAGS := $(shell dpkg-buildflags --get LDFLAGS)
 
ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
CFLAGS += -O0
else
CFLAGS += -O2
endif
 
build: build-arch
 
build-indep:
20,7 → 16,8
build-arch: build-stamp
build-stamp:
dh_testdir
$(MAKE) BUILDCFLAGS='-I/usr/include/exim4 -fPIC $$(CFLAGS)' SUFF=''
$(MAKE) BUILDCFLAGS='-I/usr/include/exim4 -fPIC $$(CPPFLAGS) $$(CFLAGS)' \
CPPFLAGS='$(CPPFLAGS)' CFLAGS='$(CFLAGS)' LDFLAGS='-shared $(LDFLAGS)' SUFF=''
touch build-stamp
 
clean:
/tags/4.2.1-15/debian/sa-exim.lintian-overrides
1,0 → 0,0
sa-exim: virtual-package-depends-without-real-package-depends depends: exim4-localscanapi-1.1
sa-exim: virtual-package-depends-without-real-package-depends depends: exim4-localscanapi-*