- from PLD, migrated configuration to /etc/postfix

diff --git a/disable-transaction-logic b/disable-transaction-logic
new file mode 100644 (file)
index 0000000..a82a121
--- /dev/null
+++ b/disable-transaction-logic
@@ -0,0 +1,30 @@
+patch to disable the transactional logic during the cleaning of the DB, this
+fixes a problem seen as result of updates of BerkeleyDB.
+See http://bugs.debian.org/614968 for more info
+
+--- a/postgrey
++++ b/postgrey
+@@ -276,11 +276,7 @@
+                 $nr_keys_after++;
+             }
+         }
+-        my $db_obj = $self->{postgrey}{db_obj};
+-        my $txn = $db_env->txn_begin();
+-        $db_obj->Txn($txn);
+         for my $key (@old_keys) { delete $db->{$key}; }
+-        $txn->txn_commit();
+         
+         $self->mylog(1, "cleaning main database finished. before: $nr_keys_before, after: $nr_keys_after");
+ 
+@@ -300,11 +296,7 @@
+                     $nr_keys_after++;
+                 }
+             }
+-            my $db_cawl_obj = $self->{postgrey}{db_cawl_obj};
+-            $txn = $db_env->txn_begin();
+-            $db_cawl_obj->Txn($txn);
+             for my $key (@old_keys_cawl) { delete $cawl_db->{$key}; }
+-            $txn->txn_commit();
+ 
+             $self->mylog(1, "cleaning clients database finished. before: $nr_keys_before, after: $nr_keys_after");
+         }

diff --git a/postgrey-group.patch b/postgrey-group.patch
new file mode 100644 (file)
index 0000000..2f2b0b7
--- /dev/null
+++ b/postgrey-group.patch
@@ -0,0 +1,20 @@
+--- postgrey-1.31/postgrey.orig        2007-09-06 16:32:58.000000000 +0200
++++ postgrey-1.31/postgrey     2007-11-13 08:33:21.000000000 +0100
+@@ -557,7 +557,7 @@
+             port             => [ $opt{inet} ? $opt{inet} : $opt{unix}."|unix" ],
+             proto            => $opt{inet} ? 'tcp' : 'unix',
+             user             => $opt{user} || 'postgrey',
+-            group            => $opt{group} || 'nogroup',
++            group            => $opt{group} || 'postgrey',
+             dbdir            => $opt{dbdir} || $DEFAULT_DBDIR,
+             setsid           => $opt{daemonize} ? 1 : undef,
+             pid_file         => $opt{daemonize} ? $opt{pidfile} : undef,
+@@ -764,7 +764,7 @@
+  -d, --daemonize         run in the background
+      --pidfile=PATH      put daemon pid into this file
+      --user=USER         run as USER (default: postgrey)
+-     --group=GROUP       run as group GROUP (default: nogroup)
++     --group=GROUP       run as group GROUP (default: postgrey)
+      --dbdir=PATH        put db files in PATH (default: /var/spool/postfix/postgrey)
+      --delay=N           greylist for N seconds (default: 300)
+      --max-age=N         delete entries older than N days since the last time

diff --git a/postgrey.init b/postgrey.init
new file mode 100644 (file)
index 0000000..24e5a5e
--- /dev/null
+++ b/postgrey.init
@@ -0,0 +1,83 @@
+#!/bin/sh
+#
+# postgrey     Postfix Greylisting Policy Server
+#
+# chkconfig:   2345 79 31
+# description: Postfix Greylisting Policy Server
+#
+# processname: postgrey
+# pidfile:     /var/run/postgrey.pid
+#
+
+# Source function library
+. /etc/rc.d/init.d/functions
+
+# Get network config
+. /etc/sysconfig/network
+
+OPTIONS="--unix=/var/spool/postfix/postgrey/socket"
+
+# Get service config
+[ -f /etc/sysconfig/postgrey ] && . /etc/sysconfig/postgrey
+
+OPTIONS="$OPTIONS $POSTGREY_OPTS"
+
+# Check that networking is up.
+if is_yes "${NETWORKING}"; then
+       if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status ]; then
+               msg_network_down postgrey
+               exit 1
+       fi
+else
+       exit 0
+fi
+
+RETVAL=0
+
+# See how we were called.
+case "$1" in
+  start)
+       # Check if the service is already running?
+       if [ ! -f /var/lock/subsys/postgrey ]; then
+               msg_starting postgrey
+               daemon /usr/sbin/postgrey -d --pidfile=/var/run/postgrey.pid $OPTIONS
+               RETVAL=$?
+               [ $RETVAL -eq 0 ] && touch /var/lock/subsys/postgrey
+       else
+               msg_already_running postgrey
+       fi
+       ;;
+  stop)
+       if [ -f /var/lock/subsys/postgrey ]; then
+               msg_stopping postgrey
+               killproc postgrey
+       else
+               msg_not_running postgrey
+       fi
+       rm -f /var/lock/subsys/postgrey >/dev/null 2>&1
+       ;;
+  restart)
+       $0 stop
+       $0 start
+       exit $?
+       ;;
+  reload|force-reload)
+       if [ -f /var/lock/subsys/postgrey ]; then
+               msg_reloading postgrey
+               killproc postgrey -HUP
+               RETVAL=$?
+       else
+               msg_not_running postgrey
+               exit 7
+       fi
+       ;;
+  status)
+       status --pidfile /var/run/postgrey.pid postgrey
+       exit $?
+       ;;
+  *)
+       msg_usage "$0 {start|stop|restart|reload|force-reload|status}"
+       exit 3
+esac
+
+exit $RETVAL

diff --git a/postgrey.spec b/postgrey.spec
new file mode 100644 (file)
index 0000000..bac60e6
--- /dev/null
+++ b/postgrey.spec
@@ -0,0 +1,136 @@
+%include       /usr/lib/rpm/macros.perl
+Summary:       Postfix Greylisting Policy Server
+Summary(pl.UTF-8):     Serwer do polityki "szarych list" dla Postfiksa
+Name:          postgrey
+Version:       1.37
+Release:       5
+License:       GPL v2
+Group:         Networking/Daemons
+Source0:       http://postgrey.schweikert.ch/pub/%{name}-%{version}.tar.gz
+# Source0-md5: 2ef30f42ad84f00caf41c49b593b8e2a
+Source1:       %{name}.init
+Source2:       %{name}.sysconfig
+Source3:       http://www.lipek.pl/postgrey_clients_dump
+# Source3-md5: 155b88f2781b03535bfa2797cda28e52
+Patch0:                %{name}-group.patch
+Patch1:                disable-transaction-logic
+URL:           http://postgrey.schweikert.ch/
+BuildRequires: rpm-perlprov
+BuildRequires: rpmbuild(macros) >= 1.268
+Requires:      perl-IO-Multiplex
+Requires:      postfix
+BuildArch:     noarch
+BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%define                _sysconfdir /etc/postfix
+
+%description
+Postgrey is a Postfix policy server implementing greylisting. When a
+request for delivery of a mail is received by Postfix via SMTP, the
+triplet CLIENT_IP / SENDER / RECIPIENT is built. If it is the first
+time that this triplet is seen, or if the triplet was first seen less
+than 5 minutes, then the mail gets rejected with a temporary error.
+Hopefully spammers or viruses will not try again later, as it is
+however required per RFC.
+
+Edit your configuration files:
+%{_sysconfdir}/main.cf:
+  smtpd_recipient_restrictions = ...
+    check_policy_service unix:postgrey/socket, ...
+or if you like to use inet sockets (modify the IP if needed):
+/etc/sysconfig/postgrey:
+  OPTIONS="--inet=127.0.0.1:10023"
+%{_sysconfdir}/main.cf:
+  smtpd_recipient_restrictions = ...
+    check_policy_service inet:127.0.0.1:10023, ...
+
+%description -l pl.UTF-8
+Postgrey to serwer polityki dla Postfiksa implementujący "szare
+listy". Kiedy Postfix otrzymuje po SMTP żądanie dostarczenia poczty,
+tworzony jest triplet IP_KLIENTA / NADAWCA / ADRESAT. Jeśli dany
+triplet jest widziany po raz pierwszy lub był widziany po raz pierwszy
+mniej niż 5 minut temu, poczta jest odrzucana z tymczasowym błędem.
+Można mieć nadzieję, że spamerzy i wirusy nie będą próbować ponownie,
+co jest jednak wymagane przez RFC.
+
+Aby użyć tego programu należy zmodyfikować pliki konfiguracyjne:
+%{_sysconfdir}/main.cf:
+  smtpd_recipient_restrictions = ...
+    check_policy_service unix:postgrey/socket, ...
+lub jeśli chcemy używać gniazd inet (w razie potrzeby zmienić IP):
+/etc/sysconfig/postgrey:
+  OPTIONS="--inet=127.0.0.1:10023"
+%{_sysconfdir}/main.cf:
+  smtpd_recipient_restrictions = ...
+    check_policy_service inet:127.0.0.1:10023, ...
+
+%prep
+%setup -q
+%patch0 -p1
+%patch1 -p1
+
+%install
+rm -rf $RPM_BUILD_ROOT
+install -d $RPM_BUILD_ROOT{/etc/{rc.d/init.d,sysconfig},%{_sysconfdir},%{_sbindir}} \
+       $RPM_BUILD_ROOT%{_var}/spool/postfix/%{name}
+
+# init script:
+install %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
+install %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name}
+
+install postgrey_whitelist_clients $RPM_BUILD_ROOT%{_sysconfdir}
+install postgrey_whitelist_recipients $RPM_BUILD_ROOT%{_sysconfdir}
+touch $RPM_BUILD_ROOT%{_sysconfdir}/postgrey_whitelist_clients.local
+
+install postgrey %{SOURCE3} contrib/postgreyreport $RPM_BUILD_ROOT%{_sbindir}
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%pre
+%groupadd -g 155 postgrey
+%useradd -u 155 -d %{_var}/spool/postfix/%{name} -s /sbin/false -c "Postfix Greylisting Policy" -g postgrey postgrey
+
+%post
+/sbin/chkconfig --add %{name}
+%service %{name} restart
+
+%preun
+if [ "$1" = 0 ]; then
+       %service %{name} stop
+       /sbin/chkconfig --del %{name}
+fi
+
+%postun
+if [ "$1" = 0 ]; then
+       %userremove postgrey
+       %groupremove postgrey
+       # should be done?:
+       rm -rf %{_var}/spool/postfix/%{name}
+fi
+
+%triggerun -- %{name} < 1.37-5
+if [ $1 -le 1 ]; then
+       exit 0
+fi
+for f in /etc/mail/postgres_whitelist_{clients,clients.local,recipients}; do
+       f=${f##*/}
+       [ -f "/etc/mail/$f" ] && mv "/etc/mail/$f" "/etc/postfix/$f" 2>/dev/null || :
+done
+[ -n "$(find /etc/mail -type d -empty 2>/dev/null)" ] && rmdir /etc/mail 2>/dev/null || :
+
+%triggerpostun -- %{name} < 1.37-5
+echo
+echo "Warning! Configuration has been migrated to /etc/postfix."
+echo
+
+%files
+%defattr(644,root,root,755)
+%doc README Changes
+%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/postgrey_whitelist_clients
+%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/postgrey_whitelist_recipients
+%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/postgrey_whitelist_clients.local
+%attr(640,root,postgrey) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name}
+%attr(754,root,root) /etc/rc.d/init.d/%{name}
+%attr(755,root,root) %{_sbindir}/postgrey*
+%dir %attr(711,postgrey,postgrey) %{_var}/spool/postfix/%{name}

diff --git a/postgrey.sysconfig b/postgrey.sysconfig
new file mode 100644 (file)
index 0000000..78215f1
--- /dev/null
+++ b/postgrey.sysconfig
@@ -0,0 +1,7 @@
+# PostGrey startup configuration file
+
+# Try to define nice-level for running postgrey
+SERVICE_RUN_NICE_LEVEL="+5"
+
+# Define your own Postgrey 4xx message
+#POSTGREY_OPTS="--greylist-text='Greylisted, see http://yourdomain.tld/your-mail-policy/?domain=%r'"

diff --git a/postgrey_clients_dump b/postgrey_clients_dump
new file mode 100644 (file)
index 0000000..640e899
--- /dev/null
+++ b/postgrey_clients_dump
@@ -0,0 +1,57 @@
+#!/usr/bin/perl -w
+
+# written by David Schweikert and adapted to Debian by Adrian von Bidder
+# adapted to PLD Linux Distribution Micha³ Lipka
+# this script is in the public domain
+#
+# This script will output all clients that were automatically whitelisted
+# by postgrey's --auto-whitelist-clients option. 
+# Set the default number of mails your to fit your needs (generally it 
+# should be the same as N i --auto-whitelist-clients=N)
+
+use BerkeleyDB;
+use Socket;
+
+my $dbdir = '/var/spool/postfix/postgrey/';
+my $mails = 3;
+
+sub resolv($) {
+    my $host = shift;
+    my $iaddr = inet_aton($host);
+    return gethostbyaddr($iaddr, AF_INET) || $host;
+}
+
+sub dbopen($)
+{
+    my ($dbdir) = @_;
+    my %db;
+
+    my $dbenv = BerkeleyDB::Env->new(
+        -Home     => $dbdir,
+        -Flags    => DB_INIT_TXN|DB_INIT_MPOOL|DB_INIT_LOG,
+    ) or die "ERROR: can't open DB environment: $!\n";
+
+    tie(%db, 'BerkeleyDB::Btree',
+        -Filename => "postgrey_clients.db",
+        -Flags    => DB_RDONLY,
+        -Env      => $dbenv,
+    ) or die "ERROR: can't open database $dbdir/postgrey_clients.db: $!\n";
+
+    return \%db;
+}
+
+sub main()
+{
+    # go through the database
+    my $db = dbopen($dbdir);
+    while (my ($key, $value) = each %$db) {
+        my ($c,$l) = split(/,/,$value);
+        $c >= $mails or next;
+        my $host = resolv($key);
+        print "$host [$key] ($c)\n";
+    }
+}
+
+main;
+
+# vim: sw=4