Package: greylistd Version: 0.8.3 Severity: wishlist Tags: patch
Hi, I took a look at greylistd and decided I wanted to use it with courier and courier-filter-perl, and ended up hacking the package. The attached diff is all the changes I did, and am sending to you in hope it might be integrated in the package. I've already tried to mail this to the maintainer directly, but had no response. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-1-686 Locale: LANG=sv_SE.utf8, LC_CTYPE=sv_SE.utf8 (charmap=UTF-8)
# # old_revision [9853692c7b7bdfb92e816f1c5255b67ac7dfc300] # # add_file "program/Greylist.pm" # content [fdcc2b84a39699e6b7260d3c38d771d82a857d49] # # add_file "program/greylistd-setup-courierfilter" # content [43ede48a12fc0affb52ccc316820614d17c8f716] # # patch "debian/README.Debian" # from [ccf9f89d3520e0238cf0eb937da5b6fdc17ecfd1] # to [9f1dba93d4cc5c6d8f48e70391c7cb0d29b05d4d] # # patch "debian/changelog" # from [94317e037f125350774d100abbd1f669e0f9bcbd] # to [61bd2a67b8f0cea8714dc2b815794e14d6a5dce9] # # patch "debian/config" # from [79136866c2ca0e4c6c8561d1c26d656be839a4d6] # to [fb3caf11055fcc59fb9e165a9aec527bbdb26197] # # patch "debian/control" # from [0a6d46857bebe49811917d25cfa592a4acffa8da] # to [d3744fbfc25db0e8babbdf3f2fbbbd84b1bc5767] # # patch "debian/install" # from [0abbd01d375d1bd38fa78a77e07d531717c3538e] # to [ba1264e8efe0f1964ae49dc860224091ad7c330d] # # patch "debian/postinst" # from [27b15c235e7c16a0f117ceb46982a6704b6271c3] # to [e4a9be022f6d00af2e158f310495a5d986dc184a] # # patch "debian/templates" # from [f8317a4490fb460bfb7542322472ff888eb2279a] # to [d7d82aea11bc1adc629608cc8c1aba7d9db03b49] # # set "program/greylistd-setup-courierfilter" # attr "mtn:execute" # value "true" # ============================================================ --- program/Greylist.pm fdcc2b84a39699e6b7260d3c38d771d82a857d49 +++ program/Greylist.pm fdcc2b84a39699e6b7260d3c38d771d82a857d49 @@ -0,0 +1,88 @@ +package Courier::Filter::Module::Greylist; +use base qw(Courier::Filter::Module); +use Socket; + +sub new { + my ($class, %options) = @_; + my $conffile = "/etc/greylistd/config"; + my %config = (); + + if (-f $conffile) { + if (open(GREYCONF,$conffile)) { + my $section = "DEFAULT"; + my $linecnt = 0; + while(<GREYCONF>) { + $linecnt++; + chomp; + print STDERR "DEBUG: <config[$linecnt]: $_\n" + if $options{debugging}; + next if (/^\#/ || /^\s*$/); # Skip comments and blank lines + if (/^\s*\[([^\]]+)\]\s*(\#.*)?$/) { + $section = $1; + } elsif (/^\s*([^\s]+)\s*[:=]\s*(.*)$/) { + my $key = $1; + my $value = $2; + if (!defined $config{$section}) { + $config{$section} = {}; + } + print STDERR "DEBUG: \$config{$section}->{$key} = $value\n" + if $options{debugging}; + $config{$section}->{$key} = $value; + } else { + die "Syntax error in configuration file $conffile:\n\"$_\"\n"; + } + } + close(GREYCONF); + } else { + die "Reading configuration file $conffile: $!\n"; + } + } + + my $sockfile = $config{socket}->{path}; + $sockfile = "/var/run/greylistd/socket" if (!defined $sockfile); + + my $module = $class->SUPER::new( %options, + grey_sock_file => $sockfile ); + return $module; +} + +my %exits = ( "grey" => [ "4.7.1 Temporarily rejected", 451 ], + "black" => [ "5.7.1 Rejected", 550 ] ); + +sub match { + my ($module, $message) = @_; + + socket(GREYSOCK, PF_UNIX, SOCK_STREAM, 0) + || die "socket: $!\n"; + connect(GREYSOCK, sockaddr_un($module->{grey_sock_file})) + || die "connect to " . $module->{grey_sock_file} . ": $!\n"; + + my $addr = $message->remote_host; +# if (defined $module->{netmask}) { +# my $netmask = $module->{netmask}; +# $netmask = 0 if $netmask < 0; +# $netmask = 32 if $module->{netmask} > 32; + +# my $shift = 32 - $module->{netmask}; +# $addr = inet_ntoa((inet_aton($addr) >> $shift) << $shift); + +# print STDERR "DEBUG: address: ",$message->remote_host," -> ",$addr,"\n"; +# } + + my $mess = "update " + .$addr." " + .$message->sender." " + .$message->recipients; + send GREYSOCK,$mess,0; + print STDERR "DEBUG: >$mess\n" if $module->{debugging}; + my $reply = ""; + recv GREYSOCK,$reply,1024,0; + print STDERR "DEBUG: <$reply\n" if $module->{debugging}; + + close(GREYSOCK); + + $firstword = (split(/\s+/,$reply))[0]; + $retval = $exits{$firstword}; + return @$retval if (defined $retval); + return undef; +} ============================================================ --- program/greylistd-setup-courierfilter 43ede48a12fc0affb52ccc316820614d17c8f716 +++ program/greylistd-setup-courierfilter 43ede48a12fc0affb52ccc316820614d17c8f716 @@ -0,0 +1,156 @@ +#! /usr/bin/perl + +use strict; +use warnings; +use File::Basename; + +my $default_pureperlfilterconf = "/etc/courier/filters/pureperlfilter.conf"; + +sub usage { + my $progname = shift @_; + my $message = shift @_; + + print STDERR "$progname: $message\n" if defined $message; + print STDERR map { $_,"\n" } + ( + "Usage: $progname {add|remove|test} [options] [<file>]", + "", + " Add, remove or test for greylistd support in the given", + " courier-filter-perl configuration file.", + "", + " If no file is supplied, changes are made to the default", + " courier-filter-perl configuration files for your distribution.", + "", + " -quiet", + " Do not print anything to standard output.", + " -no-fail", + " Exit status is zero even on failure", + " -no-reload", + " Do not tell courier-filter-perl to reload configuration", + " after add / remove.", + " -netmask=<bits>", + " Filter the remote host address though a netmask of the", + " given size (useful values are between 16 and 31) before", + " it is passed to greylistd. Hosts within the same network", + " are then pooled together as if they represented a single", + " host." + ); + exit 2 if defined $message; + exit 0; +} + +my $true = 1; +my $false = 0; + +sub courierfilter_configure { + my $config = shift @_; + my %options = @_; + my $changes = 0; + + if ($config !~ /use\s+Courier::Filter::Module::Greylist;/) { + $config =~ + s/(\n\#?use Courier::Filter::Module::)/\nuse Courier::Filter::Module::Greylist;$1/; + $changes++; + } + + if ($config !~ /Courier::Filter::Module::Greylist->new\(/) { + my $netmask = ""; + $netmask = + "netmask => ".$options{netmask} if defined $options{netmask}; + $config =~ + s/(modules\s*=>\s*\[)/$1\n\tCourier::Filter::Module::Greylist->new($netmask),\n/; + $changes++; + } + + print STDERR "DEBUG[add]: START CONFIG\n${config}DEBUG[add]: END CONFIG\n" + if defined $options{debug}; + + return ($false, "Already configured") if $changes == 0; + return ($true, $config); +} +sub courierfilter_deconfigure { + my $config = shift @_; + my %options = @_; + my $changes = 0; + + if ($config =~ /^((.|\n)*\n)[ \#\t]*use\s+Courier::Filter::Module::Greylist;[ \t]*\n((.|\n)*)$/) { + $config = $1.$3; + $changes++; + } + + if ($config =~ /^((.|\n)*)\n[ \t]*Courier::Filter::Module::Greylist->new\([^\)]*\),[ \t]*\n((.|\n)*)$/) { + $config = $1.$3; + $changes++; + } + + print STDERR "DEBUG[remove]: START CONFIG\n${config}DEBUG[remove]: END CONFIG\n" + if defined $options{debug}; + + return ($false, "Not configured") if $changes == 0; + return ($true, $config); +} +sub courierfilter_check { + my @result = courierfilter_configure(@_); + + return ($true, "Not configured") if $result[0]; + return ($true, "Already configured"); +} + +my %operations = ( add => \&courierfilter_configure, + remove => \&courierfilter_deconfigure, + test => \&courierfilter_check ); + + +my $progname = basename($0); +my $action = undef; +my $filename = undef; +my %options = (); + +foreach my $arg (@ARGV) { + if ($arg =~ /^-([^=]+)=(.+)$/) { + $options{$1} = $2; + } elsif ($arg =~ /^-(.+)$/) { + $options{$1} = ""; + } elsif (!defined $action) { + $action = $arg; + } elsif (!defined $filename) { + $filename = $arg; + } else { + usage($progname, "Too many arguments"); + } +} + +if (!defined $action || $action eq "help") { + usage($progname, undef); +} +if (!defined $operations{$action}) { + usage($progname, "Invalid action: $action"); +} + +if (!defined $filename) { + $filename = $default_pureperlfilterconf; +} + +my $config = undef; +open CONF,$filename || die "Couldn't read $filename: $!\n"; +while(<CONF>) { + $config .= $_; +} +close CONF; + +my @result = $operations{$action}($config, %options); + +if ($action ne "test" && $result[0]) { + open CONF,">$filename" || die "Couldn't write $filename: $!\n"; + print CONF $result[1]; + close CONF; + + if (!defined $options{"no-reload"}) { + system("/usr/sbin/invoke-rc.d courier-mta restart"); + } +} else { + print STDERR $result[1],"\n"; +} + +exit 0 if $result[0]; +exit 1; ============================================================ --- debian/README.Debian ccf9f89d3520e0238cf0eb937da5b6fdc17ecfd1 +++ debian/README.Debian 9f1dba93d4cc5c6d8f48e70391c7cb0d29b05d4d @@ -1,22 +1,27 @@ Setting up greylistd on a Debian system --------------------------------------- - Your Mail Transport Agent (MTA) needs to access to the greylistd communication socket, /var/run/greylistd/socket. This means that the - account that owns your MTA process needs to be a member of the "greylist" + account that owns your MTA process needs to be a member of the "daemon" group. - If Exim 4 was installed when you last installed/upgraded greylistd, this - should have been confiured already. If not, you can run the following - command as the "root" user: - # adduser Debian-exim greylist + If Exim 4 or courier-filter-perl was installed when you last + installed/upgraded greylistd, this should have been configured already. + If not, you can run the following command as the "root" user: - If you built Exim 4 from sources, or if you use a different MTA, add - the appropriate username to this group the same way. + For Exim 4: + # adduser Debian-exim daemon + Nothing is needed for courier + + If you built Exim 4 or courier-filter-perl from sources, or if you use + a different MTA, add the appropriate username to this group the same way. + - Then, your MTA needs to be configured to talk to greylistd during n - incoming SMTP transactions. If you are using Exim 4 (with the - configuration supplied in Debian's "exim4-config" package), you can - add this support by simply running: + incoming SMTP transactions. + + If you are using Exim 4 (with the configuration supplied in Debian's + "exim4-config" package), you can add this support by simply running: # greylistd-setup-exim4 add Alternatively, you can run: @@ -36,6 +41,12 @@ * One in the "acl_check_data" ACL, for bounces (mail with no envelope sender). + If you are using courier-filter-perl, you need to edit + /etc/courier/filters/pureperlfilter.conf so the modules array + includes the following line: + + Courier::Filter::Module::Greylist->new(), + - If your ACL configration is different from that supplied with Debian (i.e. if you use different ACL names and/or file locations), you can run the command: ============================================================ --- debian/changelog 94317e037f125350774d100abbd1f669e0f9bcbd +++ debian/changelog 61bd2a67b8f0cea8714dc2b815794e14d6a5dce9 @@ -1,3 +1,17 @@ +greylistd (0.8.3-2) unstable; urgency=low + + * Added a script greylistd-setup-courierfilter to help the admin. + + -- Richard Levitte <[EMAIL PROTECTED]> Thu, 24 Mar 2006 03:38:32 +0100 + +greylistd (0.8.3-1) unstable; urgency=low + + * Added files needed to adapt greylistd to courier-filter-perl. + Note that for this to work properly, I've changed greylistd to + be in the daemon group instead of its own. + + -- Richard Levitte <[EMAIL PROTECTED]> Thu, 23 Mar 2006 11:01:34 +0100 + greylistd (0.8.3) unstable; urgency=low * Changed value of "false" from -1 to 1 in 'config' DebConf module. ============================================================ --- debian/config 79136866c2ca0e4c6c8561d1c26d656be839a4d6 +++ debian/config fb3caf11055fcc59fb9e165a9aec527bbdb26197 @@ -16,7 +16,14 @@ test -x /usr/sbin/exim4 -a -d /etc/exim4 } +running_courier_filter_perl() +{ + test -x /usr/lib/pureperlfilter \ + -a -d /usr/share/courier-filter-perl/perl5/Courier/Filter/Module \ + -a -f /etc/courier/filters/pureperlfilter.conf +} + ismember() { user=$1 @@ -34,7 +41,7 @@ config_restartexim() { - if running_exim4 && ! ismember Debian-exim greylist + if running_exim4 && ! ismember Debian-exim daemon then db_input low "$owner/restartexim" && db_go fi @@ -42,11 +49,24 @@ return 0 } +config_restartcourierfilter() +{ + if running_courier_filter_perl && ! ismember greylist daemon + then + db_input low "$owner/restartcourierfilter" && db_go + fi + + return 0 +} + config_autoconfig_notdone() { if running_exim4 then question="$owner/autoconfig_notdone_exim4" + elif running_courier_filter_perl + then + question="$owner/autoconfig_notdone_courierfilter" else question="$owner/autoconfig_notdone" fi @@ -57,6 +77,7 @@ config_restartexim +#config_restartcourierfilter config_autoconfig_notdone #DEBHELPER# ============================================================ --- debian/control 0a6d46857bebe49811917d25cfa592a4acffa8da +++ debian/control d3744fbfc25db0e8babbdf3f2fbbbd84b1bc5767 @@ -7,11 +7,12 @@ Package: greylistd Architecture: all -Depends: python (>= 2.3), ${misc:Depends} -Recommends: exim4 -Description: Greylisting daemon for use with Exim 4 +Depends: python (>= 2.3), perl (>= 5.8), ${misc:Depends} +Recommends: exim4 | courier-filter-perl +Description: Greylisting daemon for use with Exim 4 or courier-filter-perl This daemon provides a simple greylisting implementation for use with - the Exim Mail Transport Agent (MTA), version 4. + the Exim Mail Transport Agent (MTA), version 4, or courier with + courier-filter-perl. . Greylisting is a simple but highly effective means to weed out messages that are being delivered via spamware/ratware tools. The idea is to establish @@ -32,6 +33,7 @@ accept or defer the incoming message depending on its response. . This package contains a script to configure support for greylisting in + Exim 4 and instructions on how to do the same with courier-filter-perl. + It may be possible to use greylistd with other MTAs as well, though some + work will probably be involved. Postfix users may want to check out the + "postgrey" package instead of this one. - Exim 4. It may be possible to use greylistd with other MTAs as well, though - some work will probably be involved. Postfix users may want to check out - the "postgrey" package instead of this one. ============================================================ --- debian/install 0abbd01d375d1bd38fa78a77e07d531717c3538e +++ debian/install ba1264e8efe0f1964ae49dc860224091ad7c330d @@ -1,5 +1,7 @@ -program/greylistd-setup-exim4 usr/sbin -program/greylistd usr/sbin -program/greylist usr/bin -config/config etc/greylistd -config/whitelist-hosts var/lib/greylistd +program/greylistd-setup-exim4 usr/sbin +program/greylistd-setup-courierfilter usr/sbin +program/greylistd usr/sbin +program/greylist usr/bin +program/Greylist.pm usr/share/courier-filter-perl/perl5/Courier/Filter/Module +config/config etc/greylistd +config/whitelist-hosts var/lib/greylistd ============================================================ --- debian/postinst 27b15c235e7c16a0f117ceb46982a6704b6271c3 +++ debian/postinst e4a9be022f6d00af2e158f310495a5d986dc184a @@ -25,8 +25,15 @@ test -x /usr/sbin/exim4 -a -d /etc/exim4 } +running_courier_filter_perl() +{ + test -x /usr/lib/pureperlfilter \ + -a -d /usr/share/courier-filter-perl/perl5/Courier/Filter/Module \ + -a -f /etc/courier/filters/pureperlfilter.conf +} + copyfile () { if [ -f "$1" -a '!' -f "$2" ] @@ -88,7 +95,7 @@ oldversion=$1 username=greylist - groupname=greylist + groupname=daemon datadir=/var/lib/greylistd rundir=/var/run/greylistd docdir=/usr/share/doc/greylistd @@ -101,7 +108,7 @@ ### If the user does not already exist, create it. id -u "$username" >/dev/null 2>&1 || - adduser --system --group --disabled-password \ + adduser --system --ingroup "$groupname" --disabled-password \ --home "$datadir" --no-create-home "$username" @@ -112,6 +119,12 @@ db_get "$owner/restartexim" $RET && invoke-rc.d exim4 restart + ### If we are using courier-filter-perl, and the daemon user is not + ### in the group, add it and then restart Exim. + elif running_courier_filter_perl + then + courierfilter stop && courierfilter start + ### Otherwise, if we are updating from 0.7 or prior versions, we add ### the greylist user from the "ugid" DebConf setting elif dpkg --compare-versions "$oldversion" le "0.7" && db_get "$owner/ugid" ============================================================ --- debian/templates f8317a4490fb460bfb7542322472ff888eb2279a +++ debian/templates d7d82aea11bc1adc629608cc8c1aba7d9db03b49 @@ -8,6 +8,17 @@ Exim daemon process can talk to greylistd. However, for this change to take effect, the process must also be restarted. +Template: greylistd/restartcourierfilter +Type: boolean +Default: true +_Description: Restart courierfilter after adding daemon to the greylist group? + You are using courier as your Mail Transport Agent (MTA) with + courier-filter-perl for filtering. Great! + . + The "daemon" user will be added to the "greylist" group, so that the + courierfilter daemon process can talk to greylistd. However, for this + change to take effect, the process must also be restarted. + Template: greylistd/autoconfig_notdone_exim4 Type: note _Description: Exim 4 needs additional configuration @@ -35,6 +46,36 @@ If you prefer to configure Exim 4 for greylistd by hand, please see /usr/share/doc/greylistd/README.Debian. +Template: greylistd/autoconfig_notdone_courierfilter +Type: note +_Description: courier-filter-perl needs additional configuration + For greylisting to become effective, your Mail Transport Agent (MTA) needs + to talk to greylistd while receiving incoming mail; and depending on the + response, issue a temporary rejection (451 SMTP code) to the remote host. + . + Since you are using courier as your MTA with courier-filter-perl, a + script is available for you to perform this task. At a root prompt, + type: + # greylistd-setup-courierfilter add + If you overwrite your courier-filter-perl configuration files in the + future (for instance, when upgrading courier-filter-perl), you may + need to re-run this command. + . + Later, before you uninstall "greylistd", you want to run: + # greylistd-setup-courierfilter remove + . + For more options and help on usage, run the command without any arguments, + or see the "greylistd-setup-courierfilter(8)" manual page. One suggested + option for the "add" command is "-netmask=24". + . + The reason this operation is not performed automatically is that + courier-filter-perl's configuration files are tagged as "conffiles", so + per Debian Policy they are completely under your control. Only you can + change them. + . + If you prefer to configure courier-filter-perl for greylistd by hand, + please see /usr/share/doc/greylistd/README.Debian. + Template: greylistd/autoconfig_notdone Type: note _Description: Your MTA needs additional configuration