Index: head/mail/postfix-policyd-weight/Makefile =================================================================== --- head/mail/postfix-policyd-weight/Makefile (revision 376657) +++ head/mail/postfix-policyd-weight/Makefile (revision 376658) @@ -1,39 +1,40 @@ # Created by: Robert Felber # $FreeBSD$ PORTNAME= policyd-weight PORTVERSION= 0.1.15.2 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= mail MASTER_SITES= http://www.policyd-weight.org/releases/ \ LOCAL/ohauer PKGNAMEPREFIX= postfix- MAINTAINER= ohauer@FreeBSD.org COMMENT= Weighted policy daemon for postfix LICENSE= GPLv2 RUN_DEPENDS= p5-Net-DNS>=0.72:${PORTSDIR}/dns/p5-Net-DNS \ p5-Net-IP>0:${PORTSDIR}/net-mgmt/p5-Net-IP -SUB_FILES= pkg-message -PLIST_FILES= bin/${PORTNAME} etc/${PORTNAME}.conf.sample \ +SUB_FILES= pkg-message pkg-install +PLIST_FILES= bin/${PORTNAME} \ + "@sample etc/${PORTNAME}.conf.sample" \ man/man5/policyd-weight.conf.5.gz \ man/man8/policyd-weight.8.gz USERS= polw GROUPS= polw USE_RC_SUBR+= policyd-weight USES= perl5 USE_PERL5= run NO_BUILD= yes do-install: - ${INSTALL_SCRIPT} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin/ - ${INSTALL_DATA} ${WRKSRC}/${PORTNAME}.conf.sample ${STAGEDIR}${PREFIX}/etc/ - ${INSTALL_MAN} ${WRKSRC}/man/man5/policyd-weight.conf.5 ${STAGEDIR}${MAN5PREFIX}/man/man5/ - ${INSTALL_MAN} ${WRKSRC}/man/man8/policyd-weight.8 ${STAGEDIR}${MAN8PREFIX}/man/man8/ + ${INSTALL_SCRIPT} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin + ${INSTALL_DATA} ${WRKSRC}/${PORTNAME}.conf.sample ${STAGEDIR}${PREFIX}/etc + ${INSTALL_MAN} ${WRKSRC}/man/man5/policyd-weight.conf.5 ${STAGEDIR}${MAN5PREFIX}/man/man5 + ${INSTALL_MAN} ${WRKSRC}/man/man8/policyd-weight.8 ${STAGEDIR}${MAN8PREFIX}/man/man8 .include Index: head/mail/postfix-policyd-weight/files/patch-man__man5__policyd-weight.conf.5 =================================================================== --- head/mail/postfix-policyd-weight/files/patch-man__man5__policyd-weight.conf.5 (revision 376657) +++ head/mail/postfix-policyd-weight/files/patch-man__man5__policyd-weight.conf.5 (revision 376658) @@ -1,35 +1,34 @@ ---- ./man/man5/policyd-weight.conf.5.orig 2011-09-18 14:27:29.000000000 +0200 -+++ ./man/man5/policyd-weight.conf.5 2014-03-15 17:15:33.000000000 +0100 -@@ -101,7 +101,7 @@ +--- man/man5/policyd-weight.conf.5.orig 2011-09-18 12:27:29 UTC ++++ man/man5/policyd-weight.conf.5 +@@ -101,7 +101,7 @@ file changes. .IP "\fB$PIDFILE\fR (default: /var/run/policyd-weight.pid)" Path and filename to store the master pid (daemon mode) -.IP "\fB$LOCKPATH\fR (default: /tmp/.policyd-weight/)" +.IP "\fB$LOCKPATH\fR (default: /var/run/policyd-weight/)" Directory where policyd-weight stores sockets and lock-files/directories. Its argument must contain a trailing slash. -@@ -304,9 +304,8 @@ +@@ -304,9 +304,8 @@ The default is: @dnsbl_score = ( "pbl.spamhaus.org", 3.25, 0, "DYN_PBL_SPAMHAUS", - "dnsbl.njabl.org", 4.25, -1.5, "BL_NJABL", - "bl.spamcop.net", 1.75, -1.5, "SPAMCOP", "sbl-xbl.spamhaus.org", 4.35, -1.5, "SBL_XBL_SPAMHAUS", + "bl.spamcop.net", 1.75, -1.5, "SPAMCOP", "ix.dnsbl.manitu.net", 4.35, 0, "IX_MANITU" .br ); -@@ -330,10 +329,8 @@ +@@ -330,10 +329,7 @@ A list of RHSBL hosts to be queried must The default is: @rhsbl_score = ( - "rhsbl.ahbl.org", 1.8, 0, "AHBL", - "dsn.rfc-ignorant.org", 3.2, 0, "DSN_RFCI", - "postmaster.rfc-ignorant.org", 1 , 0, "PM_RFCI", - "abuse.rfc-ignorant.org", 1, 0, "ABUSE_RFCI" -+ 'multi.surbl.org', 4, 0, 'SURBL', -+ 'rhsbl.ahbl.org', 4, 0, 'AHBL' ++ 'multi.surbl.org', 4, 0, 'SURBL' .br ); Index: head/mail/postfix-policyd-weight/files/patch-policyd-weight =================================================================== --- head/mail/postfix-policyd-weight/files/patch-policyd-weight (revision 376657) +++ head/mail/postfix-policyd-weight/files/patch-policyd-weight (revision 376658) @@ -1,153 +1,154 @@ ---- ./policyd-weight.orig 2011-09-03 15:55:02.000000000 +0200 -+++ ./policyd-weight 2014-05-25 14:34:09.000000000 +0200 -@@ -320,7 +320,7 @@ +--- policyd-weight.orig 2011-09-03 13:55:02 UTC ++++ policyd-weight +@@ -320,7 +320,7 @@ $SIG{__DIE__} = sub { my $DEBUG = 0; # 1 or 0 - don't comment -my $REJECTMSG = "550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs"; +my $REJECTMSG = "550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs"; my $REJECTLEVEL = 1; # Mails with scores which exceed this # REJECTLEVEL will be rejected -@@ -374,9 +374,7 @@ +@@ -374,9 +374,7 @@ my @dnsbl_score = ( 'pbl.spamhaus.org', 3.25, 0, 'DYN_PBL_SPAMHAUS', 'sbl-xbl.spamhaus.org', 4.35, -1.5, 'SBL_XBL_SPAMHAUS', 'bl.spamcop.net', 3.75, -1.5, 'SPAMCOP', - 'dnsbl.njabl.org', 4.25, -1.5, 'BL_NJABL', 'ix.dnsbl.manitu.net', 4.35, 0, 'IX_MANITU' - #'rbl.ipv6-world.net', 4.25, 0, 'IPv6_RBL' #don't use, kept for testing failures! ); my $MAXDNSBLHITS = 2; # If Client IP is listed in MORE -@@ -392,10 +390,7 @@ +@@ -391,11 +389,7 @@ my $MAXDNSBLMSG = '550 Your MTA is lis + ## RHSBL settings my @rhsbl_score = ( - 'multi.surbl.org', 4, 0, 'SURBL', +- 'multi.surbl.org', 4, 0, 'SURBL', - 'rhsbl.ahbl.org', 4, 0, 'AHBL', - 'dsn.rfc-ignorant.org', 3.5, 0, 'DSN_RFCI', - 'postmaster.rfc-ignorant.org', 0.1, 0, 'PM_RFCI', - 'abuse.rfc-ignorant.org', 0.1, 0, 'ABUSE_RFCI' -+ 'rhsbl.ahbl.org', 4, 0, 'AHBL' ++ 'multi.surbl.org', 4, 0, 'SURBL' ); my $BL_ERROR_SKIP = 2; # skip a RBL if this RBL had this many continuous -@@ -404,7 +399,7 @@ +@@ -404,7 +398,7 @@ my $BL_ERROR_SKIP = 2; # skip a RBL my $BL_SKIP_RELEASE = 10; # skip a RBL for that many times ## cache stuff -my $LOCKPATH = '/tmp/.policyd-weight/'; # must be a directory (add +my $LOCKPATH = '/var/run/policyd-weight/'; # must be a directory (add # trailing slash) my $SPATH = $LOCKPATH.'/polw.sock'; # socket path for the cache -@@ -426,7 +421,7 @@ +@@ -426,7 +420,7 @@ my $CACHESIZE = 2000; # set to 0 t my $CACHEMAXSIZE = 4000; # at this number of entries cleanup takes place -my $CACHEREJECTMSG = '550 temporarily blocked because of previous errors'; +my $CACHEREJECTMSG = $REJECTMSG . " [cached]"; my $NTTL = 1; # after NTTL retries the cache entry is deleted -@@ -582,7 +577,7 @@ +@@ -582,7 +576,7 @@ my %poscache; my $my_PTIME; my $my_TEMP_PTIME; -if(!($conf)) +if(not defined $conf) { if( -f "/etc/policyd-weight.conf") { -@@ -605,7 +600,7 @@ +@@ -605,7 +599,7 @@ if(!($conf)) my $conf_err; my $conf_str; our $old_mtime; -if($conf ne "") +if(defined $conf) { if(sprintf("%04o",(stat($conf))[2]) !~ /(7|6|3|2)$/) { -@@ -652,8 +647,12 @@ +@@ -652,8 +646,12 @@ $GROUP = $USER unless $GROUP; if($CMD_DEBUG == 1) { $DEBUG = 1; - $conf_str =~ s/\#.*?(\n)/$1/gs; - $conf_str =~ s/\n+/\n/g; + if (defined $conf_str) { + $conf_str =~ s/\#.*?(\n)/$1/gs; + $conf_str =~ s/\n+/\n/g; + } + else { $conf_str = "" } + print "config: $conf\n".$conf_str."\n"; $SPATH .= ".debug"; -@@ -673,7 +672,7 @@ +@@ -673,7 +671,7 @@ if($CMD_DEBUG == 1) print "debug: USER: $USER\n"; print "debug: GROUP: $GROUP\n"; print "debug: issuing user: ".getpwuid($<)."\n"; - print "debug: issuing group: ".getpwuid($()."\n"; + print "debug: issuing group: ".getgrgid($()."\n"; } $conf_str = ""; -@@ -893,12 +892,12 @@ +@@ -893,12 +891,12 @@ if($NS && $NS =~ /\d/) # watch the version string, I'm afraid that they change to x.x.x notation -if(Net::DNS->version() >= 0.50) +if(Net::DNS->version() >= 0.50 && Net::DNS->version() <= 0.53) { $res->force_v4(1); # force ipv4 usage, autodetection is broken till # Net::DNS 0.53 } -else +if(Net::DNS->version() < 0.50) { $res->igntc(1); # ignore truncated packets if Net-DNS version is # lower than 0.50 -@@ -2282,7 +2281,7 @@ +@@ -2282,7 +2280,7 @@ sub weighted_check ## HELO numeric check ######################################################### - my $glob_numeric_score; + my $glob_numeric_score = 0; # check /1.2.3.4/ and /[1.2.3.4]/ if($helo =~ /^[\d|\[][\d\.]+[\d|\]]$/) { -@@ -2844,7 +2843,7 @@ +@@ -2844,7 +2842,7 @@ sub cache_query my $sender = shift(@_) || ''; my $domain = shift(@_) || ''; - $! = ''; + $! = undef; $@ = (); if( (!($csock)) || ($csock && (!($csock->connected))) ) { -@@ -2972,7 +2971,7 @@ +@@ -2972,7 +2970,7 @@ sub spawn_cache die $!; } - if(!( $( = getpwnam($USER) )) + if(!( $( = getgrnam($GROUP) )) { mylog(warning=>"cache: couldn't change GID to user $GROUP: $!"); } -@@ -3588,7 +3587,7 @@ +@@ -3588,7 +3586,7 @@ sub rbl_lookup my ($id, $bf, $qc, $anc, $nsc, $arc, $qb) = unpack('n n n n n n a*', $buf); - my ($dn, $offset) = dn_expand(\$qb, 0); + my ($dn, $offset) = Net::DNS::Packet::dn_expand(\$qb, 0); if(($id && $anc) && ($id == $oid) && ($query eq $dn)) { -@@ -3842,7 +3841,7 @@ +@@ -3842,7 +3840,7 @@ sub squared_helo my $helo = shift; my $ip = shift; - if($$helo !~ /^\[(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\]$/ ) { return } + if($$helo !~ /^\[(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\]$/ ) { return 0 } my $tmp_helo_ip = $1; my $tmpip = inet_aton( $tmp_helo_ip ); Index: head/mail/postfix-policyd-weight/files/patch-policyd-weight.conf.sample =================================================================== --- head/mail/postfix-policyd-weight/files/patch-policyd-weight.conf.sample (revision 376657) +++ head/mail/postfix-policyd-weight/files/patch-policyd-weight.conf.sample (revision 376658) @@ -1,43 +1,44 @@ ---- ./policyd-weight.conf.sample.orig 2011-09-03 16:10:01.000000000 +0200 -+++ ./policyd-weight.conf.sample 2014-03-15 17:15:33.000000000 +0100 +--- policyd-weight.conf.sample.orig 2011-09-03 14:10:01 UTC ++++ policyd-weight.conf.sample @@ -59,9 +59,8 @@ 'pbl.spamhaus.org', 3.25, 0, 'DYN_PBL_SPAMHAUS', 'sbl-xbl.spamhaus.org', 4.35, -1.5, 'SBL_XBL_SPAMHAUS', 'bl.spamcop.net', 3.75, -1.5, 'SPAMCOP', - 'dnsbl.njabl.org', 4.25, -1.5, 'BL_NJABL', +# 'dnsbl-1.uceprotect.net', 4.35, 0, 'UCE_1', 'ix.dnsbl.manitu.net', 4.35, 0, 'IX_MANITU' - #'rbl.ipv6-world.net', 4.25, 0, 'IPv6_RBL' #don't use, kept for testing failures! ); $MAXDNSBLHITS = 2; # If Client IP is listed in MORE -@@ -77,10 +76,7 @@ +@@ -76,11 +75,7 @@ + ## RHSBL settings @rhsbl_score = ( - 'multi.surbl.org', 4, 0, 'SURBL', +- 'multi.surbl.org', 4, 0, 'SURBL', - 'rhsbl.ahbl.org', 4, 0, 'AHBL', - 'dsn.rfc-ignorant.org', 3.5, 0, 'DSN_RFCI', - 'postmaster.rfc-ignorant.org', 0.1, 0, 'PM_RFCI', - 'abuse.rfc-ignorant.org', 0.1, 0, 'ABUSE_RFCI' -+ 'rhsbl.ahbl.org', 4, 0, 'AHBL' ++ 'multi.surbl.org', 4, 0, 'SURBL' ); $BL_ERROR_SKIP = 2; # skip a RBL if this RBL had this many continuous -@@ -89,7 +85,7 @@ +@@ -89,7 +84,7 @@ $BL_SKIP_RELEASE = 10; # skip a RBL for that many times ## cache stuff - $LOCKPATH = '/tmp/.policyd-weight/'; # must be a directory (add + $LOCKPATH = '/var/run/policyd-weight/'; # must be a directory (add # trailing slash) $SPATH = $LOCKPATH.'/polw.sock'; # socket path for the cache -@@ -111,7 +107,7 @@ +@@ -111,7 +106,7 @@ $CACHEMAXSIZE = 4000; # at this number of entries cleanup takes place - $CACHEREJECTMSG = '550 temporarily blocked because of previous errors'; + $CACHEREJECTMSG = $REJECTMSG . " [cached]"; $NTTL = 1; # after NTTL retries the cache entry is deleted Index: head/mail/postfix-policyd-weight/files/pkg-install.in =================================================================== --- head/mail/postfix-policyd-weight/files/pkg-install.in (nonexistent) +++ head/mail/postfix-policyd-weight/files/pkg-install.in (revision 376658) @@ -0,0 +1,43 @@ +#!/bin/sh + +# make sure we detect a customized config and if one of the deprecated +# RBL/RHBL server is present alert the user to remove the entry + + +PREFIX=${PKG_PREFIX:=%%PREFIX%%} +CFG="${PREFIX}/etc/policyd-weight.conf" + +# list of deprecated server already removed from the default config +DEPRECATED_LIST="dnsbl.njabl.org rbl.ipv6-world.net rhsbl.ahbl.org dsn.rfc-ignorant.org postmaster.rfc-ignorant.org abuse.rfc-ignorant.org" + +# found deprecated RBS/RHBS servers" +NOTIFY_LIST="" + +_check_deprecated() { +if [ -s "${CFG}" ]; then + for i in ${DEPRECATED_LIST}; do + grep -q "${i}" ${CFG} && NOTIFY_LIST="${NOTIFY_LIST} ${i}" + done +fi + +if [ "${NOTIFY_LIST}" != "" ]; then + echo "======================== !!! WARNING !!! ========================" + echo + echo "Please make sure to remove the following deprecated entires from" + echo " ${CFG}" + echo + for i in ${NOTIFY_LIST}; do + echo " - ${i}" + done + echo + echo "else you risk to reject valid mails!" + echo "======================== !!! WARNING !!! ========================" + sleep 3 +fi +} + + +if [ "$2" = "POST-INSTALL" ]; then + _check_deprecated +fi + Property changes on: head/mail/postfix-policyd-weight/files/pkg-install.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/mail/postfix-policyd-weight/files/pkg-message.in =================================================================== --- head/mail/postfix-policyd-weight/files/pkg-message.in (revision 376657) +++ head/mail/postfix-policyd-weight/files/pkg-message.in (revision 376658) @@ -1,26 +1,29 @@ ********** * Start with: # %%PREFIX%%/bin/policyd-weight start * To use this from Postfix SMTPD, use in %%PREFIX%%/etc/postfix/main.cf smtpd_recipient_restrictions = ... permit_mynetworks ... reject_unauth_destination reject_unauth_pipelining check_policy_service inet:127.0.0.1:12525 ... * NOTE: * specify check_policy_service AFTER reject_unauth_destination * else your system can become an open relay. * * CONFIGURATION: * * edit %%PREFIX%%/etc/policyd-weight.conf * An example is provided in %%PREFIX%%/etc/policyd-weight.conf.sample * +* Please compare existing configuration with the provided sample +* and remove deprecated DNSBL/RHSBL lists +* *************