From 9f742d13b7ab555f806ede036d3df0136399b247 Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Mon, 28 May 2018 14:39:00 +0000 Subject: [PATCH 1/1] - from PLD --- bug-869408-unescaped-brace-in-regex.patch | 29 ++ bug_771408_perl_version | 15 + bug_828552-openssl-1.1.0 | 453 ++++++++++++++++++++++ cronjob-sa-update.service | 5 + cronjob-sa-update.timer | 8 + disable_sslv3 | 276 +++++++++++++ dkim_subdomains | 64 +++ fix-uninitialized-concat | 25 ++ sa-update.cron | 8 + sa-update.sh | 58 +++ sought.conf | 47 +++ spamassassin-3.4.1-netdns.patch | 396 +++++++++++++++++++ spamassassin-default.rc | 3 + spamassassin-official.conf | 86 ++++ spamassassin-perl-fix.patch | 12 + spamassassin-spamc.rc | 3 + spamassassin-spamd.init | 100 +++++ spamassassin.spec | 430 ++++++++++++++++++++ spamassassin.sysconfig | 4 + 19 files changed, 2022 insertions(+) create mode 100644 bug-869408-unescaped-brace-in-regex.patch create mode 100644 bug_771408_perl_version create mode 100644 bug_828552-openssl-1.1.0 create mode 100644 cronjob-sa-update.service create mode 100644 cronjob-sa-update.timer create mode 100644 disable_sslv3 create mode 100644 dkim_subdomains create mode 100644 fix-uninitialized-concat create mode 100644 sa-update.cron create mode 100644 sa-update.sh create mode 100644 sought.conf create mode 100644 spamassassin-3.4.1-netdns.patch create mode 100644 spamassassin-default.rc create mode 100644 spamassassin-official.conf create mode 100644 spamassassin-perl-fix.patch create mode 100644 spamassassin-spamc.rc create mode 100644 spamassassin-spamd.init create mode 100644 spamassassin.spec create mode 100644 spamassassin.sysconfig diff --git a/bug-869408-unescaped-brace-in-regex.patch b/bug-869408-unescaped-brace-in-regex.patch new file mode 100644 index 0000000..7056dd9 --- /dev/null +++ b/bug-869408-unescaped-brace-in-regex.patch @@ -0,0 +1,29 @@ +Description: Unescaped left brace in regex leads to warnings with perl 5.26 +Origin: https://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/PerMsgStatus.pm?r1=1708863&r2=1791010&diff_format=h +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869408 + +Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/PerMsgStatus.pm +=================================================================== +--- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/PerMsgStatus.pm ++++ spamassassin-3.4.1/lib/Mail/SpamAssassin/PerMsgStatus.pm +@@ -916,16 +916,16 @@ sub get_content_preview { + $str .= shift @{$ary}; + } + undef $ary; +- chomp ($str); $str .= " [...]\n"; + + # in case the last line was huge, trim it back to around 200 chars + local $1; +- $str =~ s/^(.{,200}).*$/$1/gs; ++ $str =~ s/^(.{200}).+$/$1 [...]/gm; ++ chomp ($str); $str .= "\n"; + + # now, some tidy-ups that make things look a bit prettier +- $str =~ s/-----Original Message-----.*$//gs; ++ $str =~ s/-----Original Message-----.*$//gm; + $str =~ s/This is a multi-part message in MIME format\.//gs; +- $str =~ s/[-_\*\.]{10,}//gs; ++ $str =~ s/[-_*.]{10,}//gs; + $str =~ s/\s+/ /gs; + + # add "Content preview:" ourselves, so that the text aligns diff --git a/bug_771408_perl_version b/bug_771408_perl_version new file mode 100644 index 0000000..f51e0bf --- /dev/null +++ b/bug_771408_perl_version @@ -0,0 +1,15 @@ +upstream fix for bug #771408 +Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Conf/Parser.pm +=================================================================== +--- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Conf/Parser.pm ++++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Conf/Parser.pm +@@ -536,6 +536,9 @@ sub handle_conditional { + elsif ($token eq 'perl_version') { + $eval .= $]." "; + } ++ elsif ($token eq 'perl_version') { ++ $eval .= $]." "; ++ } + elsif ($token =~ /^\w[\w\:]+$/) { # class name + my $u = untaint_var($token); + $eval .= '"' . $u . '" '; diff --git a/bug_828552-openssl-1.1.0 b/bug_828552-openssl-1.1.0 new file mode 100644 index 0000000..fd11d4a --- /dev/null +++ b/bug_828552-openssl-1.1.0 @@ -0,0 +1,453 @@ +From: Sebastian Andrzej Siewior +Date: Thu, 22 Sep 2016 11:19:42 +0000 +Subject: [PATCH] spamassassin: get it compiled against openssl 1.1.0 + +CRYPTO_lock was part of the old locking API which got removed. I picked +a different symbol. + +Signed-off-by: Sebastian Andrzej Siewior +--- + spamc/configure | 22 +++++++++++----------- + spamc/configure.in | 2 +- + 2 files changed, 12 insertions(+), 12 deletions(-) + +Index: spamassassin-3.4.1/spamc/configure +=================================================================== +--- spamassassin-3.4.1.orig/spamc/configure ++++ spamassassin-3.4.1/spamc/configure +@@ -943,7 +943,7 @@ esac + else + echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi +- cd "$ac_popdir" ++ cd $ac_popdir + done + fi + +@@ -1874,7 +1874,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -1932,7 +1933,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -2048,7 +2050,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -2102,7 +2105,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -2147,7 +2151,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -2191,7 +2196,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -2523,7 +2529,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -2693,7 +2700,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -2764,7 +2772,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -2917,7 +2926,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -3069,7 +3079,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -3260,7 +3271,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -3323,7 +3335,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -3388,7 +3401,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -3491,7 +3505,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -3557,7 +3572,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -3628,7 +3644,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -3666,9 +3683,9 @@ fi + SSLLIBS="" + SSLCFLAGS="" + if test yes = "$sa_ssl_enabled"; then +- echo "$as_me:$LINENO: checking for CRYPTO_lock in -lcrypto" >&5 +-echo $ECHO_N "checking for CRYPTO_lock in -lcrypto... $ECHO_C" >&6 +-if test "${ac_cv_lib_crypto_CRYPTO_lock+set}" = set; then ++ echo "$as_me:$LINENO: checking for CRYPTO_malloc in -lcrypto" >&5 ++echo $ECHO_N "checking for CRYPTO_malloc in -lcrypto... $ECHO_C" >&6 ++if test "${ac_cv_lib_crypto_CRYPTO_malloc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 + else + ac_check_lib_save_LIBS=$LIBS +@@ -3686,11 +3703,11 @@ extern "C" + #endif + /* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +-char CRYPTO_lock (); ++char CRYPTO_malloc (); + int + main () + { +-CRYPTO_lock (); ++CRYPTO_malloc (); + ; + return 0; + } +@@ -3704,7 +3721,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -3716,20 +3734,20 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then +- ac_cv_lib_crypto_CRYPTO_lock=yes ++ ac_cv_lib_crypto_CRYPTO_malloc=yes + else + echo "$as_me: failed program was:" >&5 + sed 's/^/| /' conftest.$ac_ext >&5 + +-ac_cv_lib_crypto_CRYPTO_lock=no ++ac_cv_lib_crypto_CRYPTO_malloc=no + fi + rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS=$ac_check_lib_save_LIBS + fi +-echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_CRYPTO_lock" >&5 +-echo "${ECHO_T}$ac_cv_lib_crypto_CRYPTO_lock" >&6 +-if test $ac_cv_lib_crypto_CRYPTO_lock = yes; then ++echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_CRYPTO_malloc" >&5 ++echo "${ECHO_T}$ac_cv_lib_crypto_CRYPTO_malloc" >&6 ++if test $ac_cv_lib_crypto_CRYPTO_malloc = yes; then + SSLLIBS="-lcrypto $SSLLIBS" + fi + +@@ -3771,7 +3789,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -3804,7 +3823,7 @@ fi + # before defining SPAMC_SSL check that all its requirements are + # actually available + if test yes = "$ac_cv_header_openssl_crypto_h" && \ +- test yes = "$ac_cv_lib_crypto_CRYPTO_lock" && \ ++ test yes = "$ac_cv_lib_crypto_CRYPTO_malloc" && \ + test yes = "$ac_cv_lib_ssl_SSL_CTX_free"; then + SSLCFLAGS="-DSPAMC_SSL" + else +@@ -3854,7 +3873,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -3927,7 +3947,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -4000,7 +4021,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -4073,7 +4095,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -4182,7 +4205,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_l + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -4246,7 +4270,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -4311,7 +4336,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -4368,7 +4394,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -4435,7 +4462,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -4500,7 +4528,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -4564,7 +4593,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -4628,7 +4658,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -4692,7 +4723,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_c + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && +- { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err' ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? +@@ -5527,6 +5559,11 @@ esac + + + ++ if test x"$ac_file" != x-; then ++ { echo "$as_me:$LINENO: creating $ac_file" >&5 ++echo "$as_me: creating $ac_file" >&6;} ++ rm -f "$ac_file" ++ fi + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ +@@ -5565,12 +5602,6 @@ echo "$as_me: error: cannot find input f + fi;; + esac + done` || { (exit 1); exit 1; } +- +- if test x"$ac_file" != x-; then +- { echo "$as_me:$LINENO: creating $ac_file" >&5 +-echo "$as_me: creating $ac_file" >&6;} +- rm -f "$ac_file" +- fi + _ACEOF + cat >>$CONFIG_STATUS <<_ACEOF + sed "$ac_vpsub +Index: spamassassin-3.4.1/spamc/configure.in +=================================================================== +--- spamassassin-3.4.1.orig/spamc/configure.in ++++ spamassassin-3.4.1/spamc/configure.in +@@ -64,13 +64,13 @@ AC_CHECK_LIB(socket, socket) + SSLLIBS="" + SSLCFLAGS="" + if test yes = "$sa_ssl_enabled"; then +- AC_CHECK_LIB(crypto, CRYPTO_lock,[SSLLIBS="-lcrypto $SSLLIBS"]) ++ AC_CHECK_LIB(crypto, CRYPTO_malloc,[SSLLIBS="-lcrypto $SSLLIBS"]) + AC_CHECK_LIB(ssl, SSL_CTX_free,[SSLLIBS="-lssl $SSLLIBS"],,-lcrypto) + + # before defining SPAMC_SSL check that all its requirements are + # actually available + if test yes = "$ac_cv_header_openssl_crypto_h" && \ +- test yes = "$ac_cv_lib_crypto_CRYPTO_lock" && \ ++ test yes = "$ac_cv_lib_crypto_CRYPTO_malloc" && \ + test yes = "$ac_cv_lib_ssl_SSL_CTX_free"; then + SSLCFLAGS="-DSPAMC_SSL" + else diff --git a/cronjob-sa-update.service b/cronjob-sa-update.service new file mode 100644 index 0000000..7e39494 --- /dev/null +++ b/cronjob-sa-update.service @@ -0,0 +1,5 @@ +[Unit] +Description=Spamassassin Rules Updates + +[Service] +ExecStart=/usr/share/spamassassin/sa-update.cron diff --git a/cronjob-sa-update.timer b/cronjob-sa-update.timer new file mode 100644 index 0000000..0584895 --- /dev/null +++ b/cronjob-sa-update.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Spamassassin Rules Updates timer + +[Timer] +OnCalendar=4:10 + +[Install] +WantedBy=cronjobs.target diff --git a/disable_sslv3 b/disable_sslv3 new file mode 100644 index 0000000..794f07f --- /dev/null +++ b/disable_sslv3 @@ -0,0 +1,276 @@ +Index: spamassassin-3.4.1/spamc/libspamc.c +=================================================================== +--- spamassassin-3.4.1.orig/spamc/libspamc.c ++++ spamassassin-3.4.1/spamc/libspamc.c +@@ -1187,7 +1187,7 @@ int message_filter(struct transport *tp, + unsigned int throwaway; + SSL_CTX *ctx = NULL; + SSL *ssl = NULL; +- SSL_METHOD *meth; ++ const SSL_METHOD *meth; + char zlib_on = 0; + unsigned char *zlib_buf = NULL; + int zlib_bufsiz = 0; +@@ -1213,11 +1213,7 @@ int message_filter(struct transport *tp, + if (flags & SPAMC_USE_SSL) { + #ifdef SPAMC_SSL + SSLeay_add_ssl_algorithms(); +- if (flags & SPAMC_TLSV1) { +- meth = TLSv1_client_method(); +- } else { +- meth = SSLv3_client_method(); /* default */ +- } ++ meth = SSLv23_client_method(); + SSL_load_error_strings(); + ctx = SSL_CTX_new(meth); + #else +@@ -1596,7 +1592,7 @@ int message_tell(struct transport *tp, c + int failureval; + SSL_CTX *ctx = NULL; + SSL *ssl = NULL; +- SSL_METHOD *meth; ++ const SSL_METHOD *meth; + + assert(tp != NULL); + assert(m != NULL); +@@ -1604,7 +1600,7 @@ int message_tell(struct transport *tp, c + if (flags & SPAMC_USE_SSL) { + #ifdef SPAMC_SSL + SSLeay_add_ssl_algorithms(); +- meth = SSLv3_client_method(); ++ meth = SSLv23_client_method(); + SSL_load_error_strings(); + ctx = SSL_CTX_new(meth); + #else +Index: spamassassin-3.4.1/spamc/spamc.c +=================================================================== +--- spamassassin-3.4.1.orig/spamc/spamc.c ++++ spamassassin-3.4.1/spamc/spamc.c +@@ -368,16 +368,11 @@ read_args(int argc, char **argv, + case 'S': + { + flags |= SPAMC_USE_SSL; +- if (!spamc_optarg || (strcmp(spamc_optarg,"sslv3") == 0)) { +- flags |= SPAMC_SSLV3; +- } +- else if (strcmp(spamc_optarg,"tlsv1") == 0) { +- flags |= SPAMC_TLSV1; +- } +- else { +- libspamc_log(flags, LOG_ERR, "Please specify a legal ssl version (%s)", spamc_optarg); +- ret = EX_USAGE; +- } ++ if(spamc_optarg) { ++ libspamc_log(flags, LOG_ERR, ++ "Explicit specification of an SSL/TLS version no longer supported."); ++ ret = EX_USAGE; ++ } + break; + } + #endif +Index: spamassassin-3.4.1/spamd/spamd.raw +=================================================================== +--- spamassassin-3.4.1.orig/spamd/spamd.raw ++++ spamassassin-3.4.1/spamd/spamd.raw +@@ -409,7 +409,6 @@ GetOptions( + 'sql-config!' => \$opt{'sql-config'}, + 'ssl' => \$opt{'ssl'}, + 'ssl-port=s' => \$opt{'ssl-port'}, +- 'ssl-version=s' => \$opt{'ssl-version'}, + 'syslog-socket=s' => \$opt{'syslog-socket'}, + 'syslog|s=s' => \$opt{'syslog'}, + 'log-timestamp-fmt:s' => \$opt{'log-timestamp-fmt'}, +@@ -743,11 +742,6 @@ if ( defined $ENV{'HOME'} ) { + + # Do whitelist later in tmp dir. Side effect: this will be done as -u user. + +-my $sslversion = $opt{'ssl-version'} || 'sslv3'; +-if ($sslversion !~ /^(?:sslv3|tlsv1)$/) { +- die "spamd: invalid ssl-version: $opt{'ssl-version'}\n"; +-} +- + $opt{'server-key'} ||= "$LOCAL_RULES_DIR/certs/server-key.pem"; + $opt{'server-cert'} ||= "$LOCAL_RULES_DIR/certs/server-cert.pem"; + +@@ -898,9 +892,8 @@ sub compose_listen_info_string { + $socket_info->{ip_addr}, $socket_info->{port})); + + } elsif ($socket->isa('IO::Socket::SSL')) { +- push(@listeninfo, sprintf("SSL [%s]:%s, ssl version %s", +- $socket_info->{ip_addr}, $socket_info->{port}, +- $opt{'ssl-version'}||'sslv3')); ++ push(@listeninfo, sprintf("SSL [%r]:%s", $socket_info->{ip_addr}, ++ $socket_info->{port})); + } + } + +@@ -1071,7 +1064,6 @@ sub server_sock_setup_inet { + $sockopt{V6Only} = 1 if $io_socket_module_name eq 'IO::Socket::IP' + && IO::Socket::IP->VERSION >= 0.09; + %sockopt = (%sockopt, ( +- SSL_version => $sslversion, + SSL_verify_mode => 0x00, + SSL_key_file => $opt{'server-key'}, + SSL_cert_file => $opt{'server-cert'}, +@@ -1092,7 +1084,8 @@ sub server_sock_setup_inet { + if (!$server_inet) { + $diag = sprintf("could not create %s socket on [%s]:%s: %s", + $ssl ? 'IO::Socket::SSL' : $io_socket_module_name, +- $adr, $port, $!); ++ $adr, $port, $ssl && $IO::Socket::SSL::SSL_ERROR ? ++ "$!,$IO::Socket::SSL::SSL_ERROR" : $!); + push(@diag_fail, $diag); + } else { + $diag = sprintf("created %s socket on [%s]:%s", +@@ -3232,7 +3225,6 @@ Options: + -H [dir], --helper-home-dir[=dir] Specify a different HOME directory + --ssl Enable SSL on TCP connections + --ssl-port port Override --port setting for SSL connections +- --ssl-version sslversion Specify SSL protocol version to use + --server-key keyfile Specify an SSL keyfile + --server-cert certfile Specify an SSL certificate + --socketpath=path Listen on a given UNIX domain socket +@@ -3720,14 +3712,6 @@ Optionally specifies the port number for + SSL connections (default: whatever --port uses). See B<--ssl> for + more details. + +-=item B<--ssl-version>=I +- +-Specify the SSL protocol version to use, one of B or B. +-The default, B, is the most flexible, accepting a SSLv3 or +-higher hello handshake, then negotiating use of SSLv3 or TLSv1 +-protocol if the client can accept it. Specifying B<--ssl-version> +-implies B<--ssl>. +- + =item B<--server-key> I + + Specify the SSL key file to use for SSL connections. +Index: spamassassin-3.4.1/spamc/spamc.pod +=================================================================== +--- spamassassin-3.4.1.orig/spamc/spamc.pod ++++ spamassassin-3.4.1/spamc/spamc.pod +@@ -177,12 +177,10 @@ The default is 1 time (ie. one attempt a + Sleep for I seconds between failed spamd filtering attempts. + The default is 1 second. + +-=item B<-S>, B<--ssl>, B<--ssl>=I ++=item B<-S>, B<--ssl>, B<--ssl> + + If spamc was built with support for SSL, encrypt data to and from the + spamd process with SSL; spamd must support SSL as well. +-I specifies the SSL protocol version to use, either +-C, or C. The default, is C. + + =item B<-t> I, B<--timeout>=I + +Index: spamassassin-3.4.1/t/spamd_ssl_tls.t +=================================================================== +--- spamassassin-3.4.1.orig/t/spamd_ssl_tls.t ++++ /dev/null +@@ -1,28 +0,0 @@ +-#!/usr/bin/perl +- +-use lib '.'; use lib 't'; +-use SATest; sa_t_init("spamd_ssl_tls"); +-use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9); +- +-exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE); +- +-# --------------------------------------------------------------------------- +- +-%patterns = ( +- +-q{ Return-Path: sb55sb55@yahoo.com}, 'firstline', +-q{ Subject: There yours for FREE!}, 'subj', +-q{ X-Spam-Status: Yes, score=}, 'status', +-q{ X-Spam-Flag: YES}, 'flag', +-q{ X-Spam-Level: **********}, 'stars', +-q{ TEST_ENDSNUMS}, 'endsinnums', +-q{ TEST_NOREALNAME}, 'noreal', +-q{ This must be the very last line}, 'lastline', +- +- +-); +- +-ok (sdrun ("-L --ssl --ssl-version=tlsv1 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert", +- "--ssl=tlsv1 < data/spam/001", +- \&patterns_run_cb)); +-ok_all_patterns(); +Index: spamassassin-3.4.1/t/spamd_ssl_v3.t +=================================================================== +--- spamassassin-3.4.1.orig/t/spamd_ssl_v3.t ++++ /dev/null +@@ -1,28 +0,0 @@ +-#!/usr/bin/perl +- +-use lib '.'; use lib 't'; +-use SATest; sa_t_init("spamd_sslv3"); +-use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9); +- +-exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE); +- +-# --------------------------------------------------------------------------- +- +-%patterns = ( +- +-q{ Return-Path: sb55sb55@yahoo.com}, 'firstline', +-q{ Subject: There yours for FREE!}, 'subj', +-q{ X-Spam-Status: Yes, score=}, 'status', +-q{ X-Spam-Flag: YES}, 'flag', +-q{ X-Spam-Level: **********}, 'stars', +-q{ TEST_ENDSNUMS}, 'endsinnums', +-q{ TEST_NOREALNAME}, 'noreal', +-q{ This must be the very last line}, 'lastline', +- +- +-); +- +-ok (sdrun ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert", +- "--ssl=sslv3 < data/spam/001", +- \&patterns_run_cb)); +-ok_all_patterns(); +Index: spamassassin-3.4.1/t/spamd_ssl_accept_fail.t +=================================================================== +--- spamassassin-3.4.1.orig/t/spamd_ssl_accept_fail.t ++++ spamassassin-3.4.1/t/spamd_ssl_accept_fail.t +@@ -23,9 +23,9 @@ q{ This must be the very last line}, 'la + + ); + +-ok (start_spamd ("-L --ssl --ssl-version=sslv3 --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert")); ++ok (start_spamd ("-L --ssl --server-key data/etc/testhost.key --server-cert data/etc/testhost.cert")); + ok (spamcrun ("< data/spam/001", \&patterns_run_cb)); +-ok (spamcrun ("--ssl=sslv3 < data/spam/001", \&patterns_run_cb)); ++ok (spamcrun ("--ssl < data/spam/001", \&patterns_run_cb)); + ok (stop_spamd ()); + + ok_all_patterns(); +Index: spamassassin-3.4.1/t/spamd_ssl.t +=================================================================== +--- spamassassin-3.4.1.orig/t/spamd_ssl.t ++++ spamassassin-3.4.1/t/spamd_ssl.t +@@ -2,10 +2,7 @@ + + use lib '.'; use lib 't'; + use SATest; sa_t_init("spamd_ssl"); +-use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9), +- onfail => sub { +- warn "\n\nNote: This may not be a SpamAssassin bug, as some platforms require that you" . +- "\nspecify a protocol in spamc --ssl option, and possibly in spamd --ssl-version.\n\n" }; ++use Test; plan tests => (($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE) ? 0 : 9); + + exit if ($SKIP_SPAMD_TESTS || !$SSL_AVAILABLE); + +Index: spamassassin-3.4.1/MANIFEST +=================================================================== +--- spamassassin-3.4.1.orig/MANIFEST ++++ spamassassin-3.4.1/MANIFEST +@@ -511,8 +511,6 @@ t/spamd_report_ifspam.t + t/spamd_sql_prefs.t + t/spamd_ssl.t + t/spamd_ssl_accept_fail.t +-t/spamd_ssl_tls.t +-t/spamd_ssl_v3.t + t/spamd_stop.t + t/spamd_symbols.t + t/spamd_syslog.t diff --git a/dkim_subdomains b/dkim_subdomains new file mode 100644 index 0000000..cb2cbdc --- /dev/null +++ b/dkim_subdomains @@ -0,0 +1,64 @@ +Description: Support signer subdomain matching in whitelist_from_dkim +Origin: upstream, https://svn.apache.org/viewvc?view=revision&revision=1693414 +Bug: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7226 +Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/DKIM.pm +=================================================================== +--- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/Plugin/DKIM.pm ++++ spamassassin-3.4.1/lib/Mail/SpamAssassin/Plugin/DKIM.pm +@@ -178,13 +178,18 @@ sub set_config { + + Works similarly to whitelist_from, except that in addition to matching + an author address (From) to the pattern in the first parameter, the message +-must also carry a Domain Keys Identified Mail (DKIM) signature made by a +-signing domain (SDID, i.e. the d= tag) that is acceptable to us. ++must also carry a valid Domain Keys Identified Mail (DKIM) signature made by ++a signing domain (SDID, i.e. the d= tag) that is acceptable to us. + + Only one whitelist entry is allowed per line, as in C. + Multiple C lines are allowed. File-glob style characters + are allowed for the From address (the first parameter), just like with +-C. The second parameter does not accept wildcards. ++C. ++ ++The second parameter (the signing-domain) does not accept full file-glob style ++wildcards, although a simple '*.' (or just a '.') prefix to a domain name ++is recognized and implies any subdomain of the specified domain (but not ++the domain itself). + + If no signing-domain parameter is specified, the only acceptable signature + will be an Author Domain Signature (sometimes called first-party signature) +@@ -205,7 +210,8 @@ Examples of whitelisting based on third- + whitelist_from_dkim jane@example.net example.org + whitelist_from_dkim rick@info.example.net example.net + whitelist_from_dkim *@info.example.net example.net +- whitelist_from_dkim *@* remailer.example.com ++ whitelist_from_dkim *@* mail7.remailer.example.com ++ whitelist_from_dkim *@* *.remailer.example.com + + =item def_whitelist_from_dkim author@example.com [signing-domain] + +@@ -376,7 +382,8 @@ some valid signature on a message has no + associated with a particular domain), regardless of its key size - anyone can + prepend its own signature on a copy of some third party mail and re-send it, + which makes it no more trustworthy than without such signature. This is also +-a reason for a rule DKIM_VALID to have a near-zero score. ++a reason for a rule DKIM_VALID to have a near-zero score, i.e. a rule hit ++is only informational. + + =cut + +@@ -1257,8 +1264,12 @@ sub _wlcheck_list { + # identity (AUID). Nevertheless, be prepared to accept the full e-mail + # address there for compatibility, and just ignore its local-part. + +- $acceptable_sdid = $1 if $acceptable_sdid =~ /\@([^\@]*)\z/; +- $matches = 1 if $sdid eq lc $acceptable_sdid; ++ $acceptable_sdid = $1 if $acceptable_sdid =~ /\@([^\@]*)\z/s; ++ if ($acceptable_sdid =~ s/^\*?\.//s) { ++ $matches = 1 if $sdid =~ /\.\Q$acceptable_sdid\E\z/si; ++ } else { ++ $matches = 1 if $sdid eq lc $acceptable_sdid; ++ } + } + if ($matches) { + if (would_log("dbg","dkim")) { diff --git a/fix-uninitialized-concat b/fix-uninitialized-concat new file mode 100644 index 0000000..1c62c99 --- /dev/null +++ b/fix-uninitialized-concat @@ -0,0 +1,25 @@ +Description: Import upstream fix for uninitialized value warning in Mail::SpamAssassin::PerMsgStatus::get_names_of_tests_hit_with_scores() +Origin: https://svn.apache.org/viewvc?view=revision&revision=1685843 +Bug: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7212 +Index: spamassassin-3.4.1/lib/Mail/SpamAssassin/PerMsgStatus.pm +=================================================================== +--- spamassassin-3.4.1.orig/lib/Mail/SpamAssassin/PerMsgStatus.pm ++++ spamassassin-3.4.1/lib/Mail/SpamAssassin/PerMsgStatus.pm +@@ -738,7 +738,7 @@ test names and individual scores of the + sub get_names_of_tests_hit_with_scores_hash { + my ($self) = @_; + +- my ($line, %testsscores); ++ my (%testsscores); + + #BASED ON CODE FOR TESTSSCORES TAG - KAM 2014-04-24 + foreach my $test (@{$self->{test_names_hit}}) { +@@ -763,6 +763,8 @@ sub get_names_of_tests_hit_with_scores { + + my ($line, %testsscores); + ++ $line = ''; ++ + #BASED ON CODE FOR TESTSSCORES TAG - KAM 2014-04-24 + foreach my $test (sort @{$self->{test_names_hit}}) { + my $score = $self->{conf}->{scores}->{$test}; diff --git a/sa-update.cron b/sa-update.cron new file mode 100644 index 0000000..3ddbe6e --- /dev/null +++ b/sa-update.cron @@ -0,0 +1,8 @@ +### OPTIONAL: Spamassassin Rules Updates ### +# +# http://wiki.apache.org/spamassassin/RuleUpdates +# Highly recommended that you read the documentation before using this. +# ENABLE UPDATES AT YOUR OWN RISK. +# + +#10 4 * * * root /usr/share/spamassassin/sa-update.cron diff --git a/sa-update.sh b/sa-update.sh new file mode 100644 index 0000000..b221c04 --- /dev/null +++ b/sa-update.sh @@ -0,0 +1,58 @@ +#!/bin/sh + +umask 022 +OPT="" + +# sa-update must create keyring +if [ ! -d /etc/mail/spamassassin/sa-update-keys ]; then + sa-update +fi + +# Initialize Channels and Keys +CHANNELLIST="" +KEYLIST="" +# Process each channel defined in /etc/mail/spamassassin/channel.d/ +for file in /etc/mail/spamassassin/channel.d/*.conf; do + [ ! -f "$file" ] && continue + # Validate config file + PREFIXES="CHANNELURL KEYID BEGIN" + for prefix in $PREFIXES; do + if ! grep -q "$prefix" $file; then + echo "ERROR: $file missing $prefix" + exit 255 + fi + done + . "$file" + #echo "CHANNELURL=$CHANNELURL" + #echo "KEYID=$KEYID" + CHANNELLIST="$CHANNELLIST $CHANNELURL" + KEYLIST="$KEYLIST $KEYID" + sa-update --import "$file" +done + +# Using --channelfile breaks channel.d support :-/ Need better way but stays for now for backward compat +grep -q "^[a-zA-Z0-9]" /etc/mail/spamassassin/channels && OPT="$OPT --channelfile /etc/mail/spamassassin/channels" + +# Run sa-update on each channel, restart spam daemon if success +for channel in $CHANNELLIST; do + OPT="$OPT --channel $channel" +done +for keyid in $KEYLIST; do + OPT="$OPT --gpgkey $keyid" +done + +# Only restart spamd if sa-update returns 0, meaning it updated the rules +/usr/bin/sa-update $OPT || exit $? + +if [ -x /usr/bin/sa-compile ]; then + out=$(/usr/bin/sa-compile 2>&1) + rc=$? + if [ $rc -gt 0 ]; then + echo >&2 "$out" + exit $rc + fi +fi + +if [ -x /etc/rc.d/init.d/spamd -a -e /var/lock/subsys/spamd ]; then + /sbin/service spamd restart > /dev/null +fi diff --git a/sought.conf b/sought.conf new file mode 100644 index 0000000..f24d6c9 --- /dev/null +++ b/sought.conf @@ -0,0 +1,47 @@ +# http://wiki.apache.org/spamassassin/SoughtRules +CHANNELURL=sought.rules.yerp.org +KEYID=6C6191E3 +# Ignore everything below. +return 0 + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.1 (GNU/Linux) + +mQGiBEa/l+YRBACC+uJfIThEoEWrNxdDD/1tAwb5L8v7H3gGt+LtuOwwn5ZU7XsT +s1DOok1oZVRnTQJYdlth7QlU9wqijwLEVzW1LDWnxXXKwPmlTlkcdGoBcb+cBbYI +miJ/TlAetvbprcZdROS4Ey31GjPRmWPPnVE2Xcwy+e4+RmnhqfZBmOaE7wCgo1GG +pkik2OPD1le4LGGOGHL5HiED/0TyvTiSS3NnUtoDFQAPrnezOCjxv8zMjYEnJs/I +h7uyIgHRsbB75cD2O1LWyO8Vz8r/snVuG35zcZagPf/7Tc9AJoaxVmCIk9DEmWZp +iuvqpMhwHAbNvY3jY2oKsDl1rNx0IIctoJwjXia99kvNTHK/Yz/HqhIyLModhiMB +aYYZA/wIdPOHGHaP5vjlbWBwGlRR9m0Rf4ob5sul8MjCyehOYcRVLwfOEfzX308v +0enOGnbbBKXU2QvA0Z068aBmJkJaaPhlIjZApQJDsb7pt6k8jMPj/Xpr779wAFQ8 +IZC7Tw21OtqkjrUb3dZlEljrTwWNc6FVxuIidBBg7HCdP24WKLRESnVzdGluIE1h +c29uIFNpZ25pbmcgS2V5IChDb2RlIFNpZ25pbmcgT25seSkgPHNpZ25pbmdrZXlA +am1hc29uLm9yZz6IZAQTEQIAJAUCRr+X5gIbAwUJEswDAAYLCQgHAwIDFQIDAxYC +AQIeAQIXgAAKCRDchTQfbGGR4/GJAKCC6X6AF8nM+H00b/XeZl9vYihXBgCcDYuU +AtXjWWxndkneakmbnD0O4Z25BA0ERr+YdxAQAIYYUQHMzVsRAzpIRLfni0aeczrr +armwXMJ8y5p74lVLbJyQOjkQyIJWP80twrN8SjNyUFBr/52SlOPOuAbGZY1ZKpux +vkbsug2wWvkoj8xGjnexrSDahRgpNhf/otLRNTyUFZTM6mjZt0ItnYDl6xszY4kd +O5rVzjQuivNB4BsHcd8qQ7zVo9+VZ5R77iM4dtk6t5ycpXlAom5pD8qLb7ZzTVe0 +SuhzOeynF51rwjS+wa3hzZisvJqZA5uJcAyYslgP1UTW+2e5wutSktSZmL/XnlEF +p86GPjAgDPL2Q0TgzVL6sPt0blNCyzOJrcBqBHrgZfraYgqtmGepLpk72q4VD23c +aV2wTqjnfJAsNR3y8jgVNwF8LpXtlbxrBByFRwEqsc/gzdMEnJ728XBDqT2IhZLY +maL/WxiDKNWD/Mae69HTyInIYgrfT7nJKDeKQA81+e5+UmqBVoi5/AICMlDm1DgR +gG6bbOXGhLVPh+gHjGG4Jdd/ZLedncUsjW9KyK261sqM3tSDSfgnF99w2/32ToFu +ChN8JOfQ6VZ7QbL1BWRtQWZ3tyauUUXmsrYDv1w1nx51MqxQdlitnmTRWaRW0GmD +b5XapJfSK+FiGXaynl3HHxHHpcUauX9zBa/LRp8oXiGPLfJEWmjWcGCyGZawASj3 +pTTJUnbkYs0fUyUXAAQND/42mh8f3mTA+24I3lY4K8mxH9GSFgOkLoYwok8xL5Md +OUJAyvs34ixqvM2u560YJkegEO/xzg2abddfoqL8eNnjfvG3bI7KOCT+m+mM/5Cg +ul8XFSnHIEivuOXNtc/x/dwYSidKM8atkdpKtv++psd6hVbJQMfLlzf0S2QyiaGk +yXur/pM3A97lvkjAgvIKQt8NbJ/sITFlrN2TFxcbE8OED7LC4nBo54TJ1AxVsHlT +LB5XPKU8pBv0fABZrNKxf6a2iXx9jT9sSYdnb0y+hBjnoWZUNbhxo6jpAqt1quUy +buGWugvG8J75JvT6X+lwEEkg1lplmm+HuaFtegOqTUTKmffKduY+E00le+3Kh8gW +bLR8P1qp/xnxQxZJYcQ+mT4QsYpj6Pkcj0ON3NQO5wP6dr2UGhGcSzS2Cxv8TERN +7HSdFbFXQWPCekx+i7OjeRSY/XTUf2zYquPNP2oU0MjgnXhnkHq+6EaQPpM59fMd +MyLeOiUMOxpPOkeaAC8Ku0Oj2aZU/eyizuBDnhq1PAxBprSW5SSkxP4kz9BnA42x +tkMKMzzPohdfMIRI6zSu0chr76w2UeoViSsMtmWnR6qAXbQvzR+HHxhhB/Rzp6Gc +u9gybrv58IBkybn5ztST6NqgIgcQ/E7XIsB0Eooohfw+QiPlCdoghSxspbzwqcEZ +B4hPBBgRAgAPBQJGv5h3AhsMBQkSzAMAAAoJENyFNB9sYZHjUh0AnA3u5TNYHGLQ +DXLPP0qWHkTeOz8dAJ4wkrLBTaXz3CPCjoTdoBiQsNt3fw== +=nK43 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/spamassassin-3.4.1-netdns.patch b/spamassassin-3.4.1-netdns.patch new file mode 100644 index 0000000..0337f2f --- /dev/null +++ b/spamassassin-3.4.1-netdns.patch @@ -0,0 +1,396 @@ +commit e064e2844aede6026433fa9635d4181b3de396aa +Author: Mark Martinec +Date: Mon Jul 20 18:23:18 2015 +0000 + + Bug 7223: Net::DNS 1.01 breaks DnsResolver + + git-svn-id: https://svn.apache.org/repos/asf/spamassassin/trunk@1691991 13f79535-47bb-0310-9956-ffa450edef68 + +diff --git a/lib/Mail/SpamAssassin/DnsResolver.pm b/lib/Mail/SpamAssassin/DnsResolver.pm +index ce51bee83..612245cac 100644 +--- a/lib/Mail/SpamAssassin/DnsResolver.pm ++++ b/lib/Mail/SpamAssassin/DnsResolver.pm +@@ -581,7 +581,7 @@ sub new_dns_packet { + # time, $domain, $type, $packet->id); + 1; + } or do { +- # this can if a domain name in a query is invalid, or if a timeout signal ++ # get here if a domain name in a query is invalid, or if a timeout signal + # happened to be trapped by this eval, or if Net::DNS signalled an error + my $eval_stat = $@ ne '' ? $@ : "errno=$!"; chomp $eval_stat; + # resignal if alarm went off +@@ -592,6 +592,9 @@ sub new_dns_packet { + }; + + if ($packet) { ++ # RD flag needs to be set explicitly since Net::DNS 1.01, Bug 7223 ++ $packet->header->rd(1); ++ + # my $udp_payload_size = $self->{res}->udppacketsize; + my $udp_payload_size = $self->{conf}->{dns_options}->{edns}; + if ($udp_payload_size && $udp_payload_size > 512) { +@@ -861,7 +864,8 @@ Emulates C. + This subroutine is a simple synchronous leftover from SpamAssassin version + 3.3 and does not participate in packet query caching and callback grouping + as implemented by AsyncLoop::bgsend_and_start_lookup(). As such it should +-be avoided for mainstream usage. ++be avoided for mainstream usage. Currently used through Mail::SPF::Server ++by the SPF plugin. + + =cut + +commit 41f4c5ac8f275593a2bad1cb614b5185172ef568 +Author: Mark Martinec +Date: Tue Aug 4 23:10:16 2015 +0000 + + Bug 7231: Net::DNS 1.01 returns answers formatted differently, breaks SA + + git-svn-id: https://svn.apache.org/repos/asf/spamassassin/trunk@1694122 13f79535-47bb-0310-9956-ffa450edef68 + +diff --git a/lib/Mail/SpamAssassin/Dns.pm b/lib/Mail/SpamAssassin/Dns.pm +index 55e1640f8..1c305c939 100644 +--- a/lib/Mail/SpamAssassin/Dns.pm ++++ b/lib/Mail/SpamAssassin/Dns.pm +@@ -171,7 +171,7 @@ sub dnsbl_hit { + if (substr($rule, 0, 2) eq "__") { + # don't bother with meta rules + } elsif ($answer->type eq 'TXT') { +- # txtdata returns a non- zone-file-format encoded result, unlike rdatastr; ++ # txtdata returns a non- zone-file-format encoded result, unlike rdstring; + # avoid space-separated RDATA fields if possible, + # txtdata provides a list of strings in a list context since Net::DNS 0.69 + $log = join('',$answer->txtdata); +@@ -215,12 +215,14 @@ sub dnsbl_uri { + + my $qname = $question->qname; + +- # txtdata returns a non- zone-file-format encoded result, unlike rdatastr; ++ # txtdata returns a non- zone-file-format encoded result, unlike rdstring; + # avoid space-separated RDATA fields if possible, + # txtdata provides a list of strings in a list context since Net::DNS 0.69 + # +- my $rdatastr = $answer->UNIVERSAL::can('txtdata') ? join('',$answer->txtdata) +- : $answer->rdatastr; ++ # rdatastr() is historical/undocumented, use rdstring() since Net::DNS 0.69 ++ my $rdatastr = $answer->UNIVERSAL::can('txtdata') ? join('',$answer->txtdata) ++ : $answer->UNIVERSAL::can('rdstring') ? $answer->rdstring ++ : $answer->rdatastr; + if (defined $qname && defined $rdatastr) { + my $qclass = $question->qclass; + my $qtype = $question->qtype; +@@ -267,8 +269,13 @@ sub process_dnsbl_result { + my $answ_type = $answer->type; + # TODO: there are some CNAME returns that might be useful + next if ($answ_type ne 'A' && $answ_type ne 'TXT'); +- # skip any A record that isn't on 127/8 +- next if ($answ_type eq 'A' && $answer->rdatastr !~ /^127\./); ++ if ($answ_type eq 'A') { ++ # Net::DNS::RR::A::address() is available since Net::DNS 0.69 ++ my $ip_address = $answer->UNIVERSAL::can('address') ? $answer->address ++ : $answer->rdatastr; ++ # skip any A record that isn't on 127.0.0.0/8 ++ next if $ip_address !~ /^127\./; ++ } + for my $rule (@{$rules}) { + $self->dnsbl_hit($rule, $question, $answer); + } +@@ -284,12 +291,14 @@ sub process_dnsbl_result { + sub process_dnsbl_set { + my ($self, $set, $question, $answer) = @_; + +- # txtdata returns a non- zone-file-format encoded result, unlike rdatastr; ++ # txtdata returns a non- zone-file-format encoded result, unlike rdstring; + # avoid space-separated RDATA fields if possible, + # txtdata provides a list of strings in a list context since Net::DNS 0.69 + # +- my $rdatastr = $answer->UNIVERSAL::can('txtdata') ? join('',$answer->txtdata) +- : $answer->rdatastr; ++ # rdatastr() is historical/undocumented, use rdstring() since Net::DNS 0.69 ++ my $rdatastr = $answer->UNIVERSAL::can('txtdata') ? join('',$answer->txtdata) ++ : $answer->UNIVERSAL::can('rdstring') ? $answer->rdstring ++ : $answer->rdatastr; + + while (my ($subtest, $rule) = each %{ $self->{dnspost}->{$set} }) { + next if $self->{tests_already_hit}->{$rule}; +diff --git a/lib/Mail/SpamAssassin/Plugin/AskDNS.pm b/lib/Mail/SpamAssassin/Plugin/AskDNS.pm +index 3511162e8..4f41ff0ff 100644 +--- a/lib/Mail/SpamAssassin/Plugin/AskDNS.pm ++++ b/lib/Mail/SpamAssassin/Plugin/AskDNS.pm +@@ -539,7 +539,7 @@ sub process_response_packet { + @answer = ( undef ); + } + +- # NOTE: $rr->rdatastr returns the result encoded in a DNS zone file ++ # NOTE: $rr->rdstring returns the result encoded in a DNS zone file + # format, i.e. enclosed in double quotes if a result contains whitespace + # (or other funny characters), and may use \DDD encoding or \X quoting as + # per RFC 1035. Using $rr->txtdata instead avoids this unnecessary encoding +@@ -566,19 +566,24 @@ sub process_response_packet { + # special case, no answer records, only rcode can be tested + } else { + $rr_type = uc $rr->type; +- if ($rr->UNIVERSAL::can('txtdata')) { # TXT, SPF +- # join with no intervening spaces, as per RFC 5518 ++ if ($rr_type eq 'A') { ++ # Net::DNS::RR::A::address() is available since Net::DNS 0.69 ++ $rr_rdatastr = $rr->UNIVERSAL::can('address') ? $rr->address ++ : $rr->rdatastr; ++ if ($rr_rdatastr =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/) { ++ $rdatanum = Mail::SpamAssassin::Util::my_inet_aton($rr_rdatastr); ++ } ++ } elsif ($rr->UNIVERSAL::can('txtdata')) { ++ # TXT, SPF: join with no intervening spaces, as per RFC 5518 + if ($txtdata_can_provide_a_list || $rr_type ne 'TXT') { + $rr_rdatastr = join('', $rr->txtdata); # txtdata() in list context! + } else { # char_str_list() is only available for TXT records + $rr_rdatastr = join('', $rr->char_str_list); # historical + } + } else { +- $rr_rdatastr = $rr->rdatastr; +- if ($rr_type eq 'A' && +- $rr_rdatastr =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/) { +- $rdatanum = Mail::SpamAssassin::Util::my_inet_aton($rr_rdatastr); +- } ++ # rdatastr() is historical, use rdstring() since Net::DNS 0.69 ++ $rr_rdatastr = $rr->UNIVERSAL::can('rdstring') ? $rr->rdstring ++ : $rr->rdatastr; + } + # dbg("askdns: received rr type %s, data: %s", $rr_type, $rr_rdatastr); + } +diff --git a/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm b/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm +index 9602eba4e..674f42bd4 100644 +--- a/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm ++++ b/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm +@@ -942,9 +942,8 @@ sub complete_ns_lookup { + next unless (defined($str) && defined($dom)); + dbg("uridnsbl: got($j) NS for $dom: $str"); + +- if ($str =~ /IN\s+NS\s+(\S+)/) { +- my $nsmatch = lc $1; +- $nsmatch =~ s/\.$//; ++ if ($rr->type eq 'NS') { ++ my $nsmatch = lc $rr->nsdname; # available since at least Net::DNS 0.14 + my $nsrhblstr = $nsmatch; + my $fullnsrhblstr = $nsmatch; + +@@ -1025,9 +1024,11 @@ sub complete_a_lookup { + } + dbg("uridnsbl: complete_a_lookup got(%d) A for %s: %s", $j,$hname,$str); + +- local $1; +- if ($str =~ /IN\s+A\s+(\S+)/) { +- $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $1); ++ if ($rr->type eq 'A') { ++ # Net::DNS::RR::A::address() is available since Net::DNS 0.69 ++ my $ip_address = $rr->UNIVERSAL::can('address') ? $rr->address ++ : $rr->rdatastr; ++ $self->lookup_dnsbl_for_ip($pms, $ent->{obj}, $ip_address); + } + } + } +@@ -1038,7 +1039,8 @@ sub lookup_dnsbl_for_ip { + my ($self, $pms, $obj, $ip) = @_; + + local($1,$2,$3,$4); +- $ip =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/; ++ $ip =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/ ++ or warn "lookup_dnsbl_for_ip: not an IPv4 address: $ip\n"; + my $revip = "$4.$3.$2.$1"; + + my $conf = $pms->{conf}; +@@ -1100,12 +1102,14 @@ sub complete_dnsbl_lookup { + my $rr_type = $rr->type; + + if ($rr_type eq 'A') { +- $rdatastr = $rr->rdatastr; ++ # Net::DNS::RR::A::address() is available since Net::DNS 0.69 ++ $rdatastr = $rr->UNIVERSAL::can('address') ? $rr->address ++ : $rr->rdatastr; + if ($rdatastr =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) { + $rdatanum = Mail::SpamAssassin::Util::my_inet_aton($rdatastr); + } + } elsif ($rr_type eq 'TXT') { +- # txtdata returns a non- zone-file-format encoded result, unlike rdatastr; ++ # txtdata returns a non- zone-file-format encoded result, unlike rdstring; + # avoid space-separated RDATA fields if possible; + # txtdata provides a list of strings in list context since Net::DNS 0.69 + $rdatastr = join('',$rr->txtdata); +commit 0d95b5b9280c3f8febffd418227a10f03747939a +Author: Mark Martinec +Date: Mon Aug 10 23:43:53 2015 +0000 + + Bug 7236: Net::DNS assumes strings in TXT resource records are in UTF-8 and gratuitously tries to decodes it + + git-svn-id: https://svn.apache.org/repos/asf/spamassassin/trunk@1695182 13f79535-47bb-0310-9956-ffa450edef68 + +diff --git a/lib/Mail/SpamAssassin/Plugin/ASN.pm b/lib/Mail/SpamAssassin/Plugin/ASN.pm +index 3b406b00f..a5143fd12 100644 +--- a/lib/Mail/SpamAssassin/Plugin/ASN.pm ++++ b/lib/Mail/SpamAssassin/Plugin/ASN.pm +@@ -355,8 +355,10 @@ sub process_dns_result { + foreach my $rr (@answer) { + dbg("asn: %s: lookup result packet: %s", $zone, $rr->string); + next if $rr->type ne 'TXT'; +- my @strings = $rr->char_str_list; ++ my @strings = Net::DNS->VERSION >= 0.69 ? $rr->txtdata ++ : $rr->char_str_list; + next if !@strings; ++ for (@strings) { utf8::encode($_) if utf8::is_utf8($_) } + + my @items; + if (@strings > 1 && join('',@strings) !~ m{\|}) { +diff --git a/lib/Mail/SpamAssassin/Plugin/AskDNS.pm b/lib/Mail/SpamAssassin/Plugin/AskDNS.pm +index 4cb37e1e1..b9b880ec3 100644 +--- a/lib/Mail/SpamAssassin/Plugin/AskDNS.pm ++++ b/lib/Mail/SpamAssassin/Plugin/AskDNS.pm +@@ -574,6 +574,7 @@ sub process_response_packet { + if ($rr_rdatastr =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/) { + $rdatanum = Mail::SpamAssassin::Util::my_inet_aton($rr_rdatastr); + } ++ + } elsif ($rr->UNIVERSAL::can('txtdata')) { + # TXT, SPF: join with no intervening spaces, as per RFC 5518 + if ($txtdata_can_provide_a_list || $rr_type ne 'TXT') { +@@ -581,10 +582,22 @@ sub process_response_packet { + } else { # char_str_list() is only available for TXT records + $rr_rdatastr = join('', $rr->char_str_list); # historical + } ++ # Net::DNS attempts to decode text strings in a TXT record as UTF-8, ++ # which is bad: octets failing the UTF-8 decoding are converted to ++ # three octets \x{EF}\x{BF}\x{BD} (i.e. to a Unicode "replacement ++ # character" U+FFFD encoded as UTF-8), and ASCII text is unnecessarily ++ # flagged as perl native characters (utf8 flag on), which can be ++ # disruptive on later processing, e.g. implicitly upgrading strings ++ # on concatenation. Unfortunately there is no way of legally bypassing ++ # the UTF-8 decoding by Net::DNS::RR::TXT in Net::DNS::RR::Text. ++ # Try to minimize damage by encoding back to UTF-8 octets: ++ utf8::encode($rr_rdatastr) if utf8::is_utf8($rr_rdatastr); ++ + } else { + # rdatastr() is historical, use rdstring() since Net::DNS 0.69 + $rr_rdatastr = $rr->UNIVERSAL::can('rdstring') ? $rr->rdstring + : $rr->rdatastr; ++ utf8::encode($rr_rdatastr) if utf8::is_utf8($rr_rdatastr); + } + # dbg("askdns: received rr type %s, data: %s", $rr_type, $rr_rdatastr); + } +diff --git a/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm b/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm +index a35037dbe..978a2af7d 100644 +--- a/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm ++++ b/lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm +@@ -1108,6 +1108,7 @@ sub complete_dnsbl_lookup { + # avoid space-separated RDATA fields if possible; + # txtdata provides a list of strings in list context since Net::DNS 0.69 + $rdatastr = join('',$rr->txtdata); ++ utf8::encode($rdatastr) if utf8::is_utf8($rdatastr); + } else { + next; + } +commit 7e9872e5b45a7793b9aabeb513e45acde9dce652 +Author: Mark Martinec +Date: Tue Aug 11 16:22:27 2015 +0000 + + Bug 7236: Net::DNS assumes strings in TXT resource records are in UTF-8 and gratuitously tries to decodes it (also in Dns.pm) + + git-svn-id: https://svn.apache.org/repos/asf/spamassassin/trunk@1695336 13f79535-47bb-0310-9956-ffa450edef68 + +diff --git a/lib/Mail/SpamAssassin/Dns.pm b/lib/Mail/SpamAssassin/Dns.pm +index 0926a030e..014ab2bf6 100644 +--- a/lib/Mail/SpamAssassin/Dns.pm ++++ b/lib/Mail/SpamAssassin/Dns.pm +@@ -177,6 +177,7 @@ sub dnsbl_hit { + # avoid space-separated RDATA fields if possible, + # txtdata provides a list of strings in a list context since Net::DNS 0.69 + $log = join('',$answer->txtdata); ++ utf8::encode($log) if utf8::is_utf8($log); + local $1; + $log =~ s{ (?}xgi; + } else { # assuming $answer->type eq 'A' +@@ -215,16 +216,27 @@ sub dnsbl_hit { + sub dnsbl_uri { + my ($self, $question, $answer) = @_; + +- my $qname = $question->qname; ++ my $rdatastr; ++ if ($answer->UNIVERSAL::can('txtdata')) { ++ # txtdata returns a non- zone-file-format encoded result, unlike rdstring; ++ # avoid space-separated RDATA fields if possible, ++ # txtdata provides a list of strings in a list context since Net::DNS 0.69 ++ $rdatastr = join('',$answer->txtdata); ++ } else { ++ # rdatastr() is historical/undocumented, use rdstring() since Net::DNS 0.69 ++ $rdatastr = $answer->UNIVERSAL::can('rdstring') ? $answer->rdstring ++ : $answer->rdatastr; ++ # encoded in a RFC 1035 zone file format (escaped), decode it ++ $rdatastr =~ s{ \\ ( [0-9]{3} | (?![0-9]{3}) . ) } ++ { length($1)==3 && $1 <= 255 ? chr($1) : $1 }xgse; ++ } ++ # Bug 7236: Net::DNS attempts to decode text strings in a TXT record as ++ # UTF-8 since version 0.69, which is undesired: octets failing the UTF-8 ++ # decoding are converted to a Unicode "replacement character" U+FFFD, and ++ # ASCII text is unnecessarily flagged as perl native characters. ++ utf8::encode($rdatastr) if utf8::is_utf8($rdatastr); + +- # txtdata returns a non- zone-file-format encoded result, unlike rdstring; +- # avoid space-separated RDATA fields if possible, +- # txtdata provides a list of strings in a list context since Net::DNS 0.69 +- # +- # rdatastr() is historical/undocumented, use rdstring() since Net::DNS 0.69 +- my $rdatastr = $answer->UNIVERSAL::can('txtdata') ? join('',$answer->txtdata) +- : $answer->UNIVERSAL::can('rdstring') ? $answer->rdstring +- : $answer->rdatastr; ++ my $qname = $question->qname; + if (defined $qname && defined $rdatastr) { + my $qclass = $question->qclass; + my $qtype = $question->qtype; +@@ -293,14 +305,25 @@ sub process_dnsbl_result { + sub process_dnsbl_set { + my ($self, $set, $question, $answer) = @_; + +- # txtdata returns a non- zone-file-format encoded result, unlike rdstring; +- # avoid space-separated RDATA fields if possible, +- # txtdata provides a list of strings in a list context since Net::DNS 0.69 +- # +- # rdatastr() is historical/undocumented, use rdstring() since Net::DNS 0.69 +- my $rdatastr = $answer->UNIVERSAL::can('txtdata') ? join('',$answer->txtdata) +- : $answer->UNIVERSAL::can('rdstring') ? $answer->rdstring +- : $answer->rdatastr; ++ my $rdatastr; ++ if ($answer->UNIVERSAL::can('txtdata')) { ++ # txtdata returns a non- zone-file-format encoded result, unlike rdstring; ++ # avoid space-separated RDATA fields if possible, ++ # txtdata provides a list of strings in a list context since Net::DNS 0.69 ++ $rdatastr = join('',$answer->txtdata); ++ } else { ++ # rdatastr() is historical/undocumented, use rdstring() since Net::DNS 0.69 ++ $rdatastr = $answer->UNIVERSAL::can('rdstring') ? $answer->rdstring ++ : $answer->rdatastr; ++ # encoded in a RFC 1035 zone file format (escaped), decode it ++ $rdatastr =~ s{ \\ ( [0-9]{3} | (?![0-9]{3}) . ) } ++ { length($1)==3 && $1 <= 255 ? chr($1) : $1 }xgse; ++ } ++ # Bug 7236: Net::DNS attempts to decode text strings in a TXT record as ++ # UTF-8 since version 0.69, which is undesired: octets failing the UTF-8 ++ # decoding are converted to a Unicode "replacement character" U+FFFD, and ++ # ASCII text is unnecessarily flagged as perl native characters. ++ utf8::encode($rdatastr) if utf8::is_utf8($rdatastr); + + while (my ($subtest, $rule) = each %{ $self->{dnspost}->{$set} }) { + next if $self->{tests_already_hit}->{$rule}; +diff --git a/lib/Mail/SpamAssassin/Plugin/AskDNS.pm b/lib/Mail/SpamAssassin/Plugin/AskDNS.pm +index d26117bbb..ac533a779 100644 +--- a/lib/Mail/SpamAssassin/Plugin/AskDNS.pm ++++ b/lib/Mail/SpamAssassin/Plugin/AskDNS.pm +@@ -584,9 +584,9 @@ sub process_response_packet { + $rr_rdatastr = join('', $rr->char_str_list); # historical + } + # Net::DNS attempts to decode text strings in a TXT record as UTF-8, +- # which is bad: octets failing the UTF-8 decoding are converted to +- # three octets \x{EF}\x{BF}\x{BD} (i.e. to a Unicode "replacement +- # character" U+FFFD encoded as UTF-8), and ASCII text is unnecessarily ++ # which is undesired: octets failing the UTF-8 decoding are converted ++ # to a Unicode "replacement character" U+FFFD (encoded as octets ++ # \x{EF}\x{BF}\x{BD} in UTF-8), and ASCII text is unnecessarily + # flagged as perl native characters (utf8 flag on), which can be + # disruptive on later processing, e.g. implicitly upgrading strings + # on concatenation. Unfortunately there is no way of legally bypassing diff --git a/spamassassin-default.rc b/spamassassin-default.rc new file mode 100644 index 0000000..1d8365c --- /dev/null +++ b/spamassassin-default.rc @@ -0,0 +1,3 @@ +# send mail through spamassassin +:0fw +| /usr/bin/spamassassin diff --git a/spamassassin-official.conf b/spamassassin-official.conf new file mode 100644 index 0000000..2f35a9c --- /dev/null +++ b/spamassassin-official.conf @@ -0,0 +1,86 @@ +# http://wiki.apache.org/spamassassin/RuleUpdates +CHANNELURL=updates.spamassassin.org +KEYID=5244EC45 +# Ignore everything below. +return 0 + +This is the GPG key that updates are signed with (currently, +as of Wed Dec 21 19:31:38 PST 2005. Please contact with any questions. + + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.2 (SunOS) + +mQILBEOnbDQBEADBfda+hU8cGXD/2WYrIHsZ5CmvC2eCYKgQ87W706tzwmxoZWQS +JfnRpkZnBqS5WDhXhNBOhk9CgF5/e9yHnDQCusNYfRstKd+t0XTFvq30/tacrJNe +67zgq+DtWqIK9C7akfElc+2M5NkX6mF4cjaMXZoW17ltPy0XSSeirf584nvK3pXf +oEFLYQ/0AUV9EBpo9+i2DkMUd8d5tz7A6O5foB3ijYPzIcVtVJ1eyCg6gO1I4cIA +YbIZCH0WIVx5MQjydfKyCR4D7VFPpZgwcZ1PmyZSsy3lrigGVvYEoUS2fWTt2jUO +pB3wg5pgzuu9hN5CpChZGvq65t4PGtAeShnBkddIH4l+iDC6sAc6W06KidSaUCW1 +BKvNMa39lyEkO4bfLblZRjoZbj7Tjq3wQV/PLpPyKDa8ZZ88GfWaeRDUNRgZG6Qq +e6UKlFGfrw2RXOImUje7Sjy/eG4Ud/BOeGkV913yWBm9CHsPNtaVDK+iQI6vkAWS +3QkiPjBkXGTZFHsUx9/i3k5Iga6d4Gq2cBIVBur3sDxjKuuSazLwA9OAybpzQe2s +PvTzbGc/f1P7plT++HBFlBHwFtl/v68Q8pkbMWlEc5M9nYJ6yXHATHZzFfThxBwt +OYfF25XGaclUMkOMX++RiRkmjaEaT7Whv5aPbeb3+H3v6Omjvnebge24lQAGKbQ/ +dXBkYXRlcy5zcGFtYXNzYXNzaW4ub3JnIFNpZ25pbmcgS2V5IDxyZWxlYXNlQHNw +YW1hc3Nhc3Npbi5vcmc+iQI2BBMBAgAgBQJDp2w0AhsDBgsJCAcDAgQVAggDBBYC +AwECHgECF4AACgkQQFamGlJE7EVkfg//ZjBQ6UXDizX9UPsEmogWXIqbBsyP5DJH +uToaFa6OzCbOJqcYnXNfOjovYdDOTje+x3ZEkwbx+y6MSfhmDuHPDPqBU7hXenxx +oRktC68mJasKo0wXym2YfyWFnhSZMlXXFQ9We48zNGcVRckzaxLzM67BFJuRUfOM +EV6Lf3HxMvoUK3/Xzq9YPEq2sqFO1Eu+qPC3nq726Tj/aYBBFHgHmbjDrZTaQNyV +fHvEjDzPcDRjlJI+vZw1UEuXG+BKATPpiT7U7I1OGLDa2ExDIxh0+eJnsmA3YyHG +VweE7nDN2GmkXMVfa5vXHH49Ae9Ee8jIIRipfgMgZWnkZ0XYDvLj2ueH0Ixu4o9R +D2zJIwqzRh1sytG+1YOfHrOMUCplImJaY/ARgOM324ZdBvhkgIi1XvT7Sy/ZmGWd +DKFo+GjX0r2cujR8Pd4i7VlKsF9wRypk+n/aupXiaz5GY44EIVbnweyS5IlCNrwn +4UtqcB9/9uk1tmUNIcC5xjbq5ud/Y+iMIqCKCH0C9WUwSNSdsg+K+9xoZuvlaXY0 +JeXWNcDdq+tMir+x+/o0U4ENVYBkSFesnotmHwN6jZj4lSMRmvcFHPBljXqLqzM+ +y5wZxnCo1N7T+erZaI7BUrpJYm8JxcJ2VCWV0JFoO1Ec//B6XYB0pckbRuSTX/Zw +pKEkNqOdmjm5AgsEQ6dsigEQAKvdggbwqJgfDbRE2Lcy2gsn4j7haqu3IVBbyUDn +kGuuDuEtSeoRjCZXEb5DaKibIpEy5vzvRGvCFFkrBs4KXk/uamkgCpGnQZFnoz/S +rNZ8U7+e1pecEePpIkhQyafUKox9+p43UVoq4UybdPRDvE9SmQ1qaNUhyQY2FP9S +WT1a63u5GA73aH4puGO0BuZ9R3MNaDYZe/MOlRRjmlAsbY4oqWOudlNVaZ71EV3O +FFmOH4pnpxdO0X0l6sF6nvqvO5/gdZ3dI5iqrJjUneVgVOmPkREq7tQ5qHS/2pny +rDrH8NZCDNT5TXciBxBrt53bxxL/V/HWaolmtJi8gK82uXt8YlmT6zuEsofufDmu +P/HMDZ+BhGI+ggNzY2AVwERTRD6ecHDOI3iIuCP4Ck26YNHRCLyocL3CSlIpjQPu +tb3qfdAcqKLJ/fVyLtGkXr24crel6IeJY7/AGjYBrfh47DWnK7Xds8bAqJ8VCjOc +/q1usFTHgGkYocvtv0gmcjbu8YypzuG8HxOg9Yk9qRLQgg1fNhzXE2lqEPyMlBfj +eLmMNRvKP70fH8CK8adinPIegaRrS6gZ/iIdv8+YV+1rlEt28qzzGJxnmzUEmW6X +Xj44u91umg9WOsLxTOCQWdjGHonytHqj/xIsf45N2JIGLhU0lF04hYfEo5p65AyM +PpYhAAYpiQIfBBgBAgAJBQJDp2yKAhsCAAoJEEBWphpSROxFungP/iWKe7o8szOz +VmXkj89xDVFZ69nthVKkbgSYIZYQC+QLF8P1MWRnNWO/8TY+XsaCT3SrqxDFQ/R/ +9mlAPGUM1ySVihOPmP/DPiOlWLCsc0mb6OzYF2olcOR33s05MqvJlqXSmIrdB+hI +KkC7G5byZ+XZwPXVj4XlxIEOzs18+0YJqy0IPZPXTiMet4k2KyWyWkJpJYUCb19G +R6QC8hZQD97EYTbkbr5Ss26jjY/9AqLofW5F1/98pLDo+ron7pI2k8Ymn5DngEsa +XoGsQuyvPfTAjS4p9q/XwExJcX3gvQesdw18mpoSaGAOgDISolBPRqpHpy7v7vuw +3UMnsefKOX3F0Rossevw+c2/JCulnGmJDlgz6nHSR6FhHsbrDKF8oBeYPfGW/Kjw +NvzB1i9yubAMrsTQVu1Q8e5LsnL/MNYKb6oEJbBywdeHxBkehGWFXVdSoFvVSih/ +VNqX9f7jlybpLZW/n8cQ2r1ax19v7FleO/xSGvkYm7B1+4BW0mjy6A5dta5+e5WG +D5R06Uya3/xRAPGdmV6t4Mw8fFsuyCvs+vC73PR3+eS1UvCYsDpcQD8KpVBnsHaA +duWRKKhjuFL0vdOWAr25tFOTKAj5Ywas47PBukO0isov2WBCA1rVqOr6FUvdP76y +mqHv/0E6/vnTLxFoNsu4Ce42nAQ/A/jRiQQ+BBgBAgAJAhsCBQJHhbheAinBXSAE +GQECAAYFAkOnbIoACgkQbFU5eCT0NM68MQ/8DvYqxRm3vP0Gwnr+63kzET8S+6vf +gxOghnU+eMlqUeUu/ajqnVDMzoAIRDw9QgQc9ZZoklOSJQwOuloAbdpL4TwQ2XfJ +MLU60JkZWnEOXJwClb0qG1GqtcBPbMEUPfZcQfphdRL3jpWZlaexFiJRSD+A0riw +7q3NZKPDt4FrF7F3GY9krFy+P0nRt5f462DeDhCYZgguBQH+oGtjc5Hx+kOVWDsS +txo5xkt4/0DG50ZklPkTlCohmJwRLACy+NswdQ9q83eWAhzKOPgkal7xF6a+LyE+ +ytVYy2EgEU74r2gVw5iizy92FDj//Z2QAUyf/c4BMuAhvfwVIHd8n2DPHvpMP15L +6fwoymh0OjzmhwK94Z2u1YqNC1CK27/hfB6okQ/Tct7/Ik61dBjtiYdUC9tTA5Ze +W8X5ouSmttS1QFixx+Z4hiXV7Qj12lgVKuJohjrVshfcbVzTHljjAo3YkOZIHIoA +IJTUMRNzTIx9k4hrPVbxbVQhKjKTwFNtBuxvmptGTcLEIv9THpqlq8jkcStJ2Zrd +hhofPCWRT/Kzo+WE+Kgefv88T5Li7Ku12U/UpiK85+6nRspXj3rnkfDOUbLZjGM+ +1NET0xQTPuyxN6CXF7MMxfGCpszCudYxMANDQqNXu9brcPN/+EIxGRjqin4E7q+h +kYUaY7Ki8mXtJ8cJEEBWphpSROxFktcQALWQv996bFq1iFcGuQ0ITxNDlOWCsses +bgEM5zR10DH+6s2bXEO8xyDHQJtrvdCPetRDosnuOToBMnGMXTYVytnWzwwAzwq1 +YM+bGAeTHaIX+2UmxwFyX4GMOdqsNB+xDZ8pmRKjamJSgUQt6e18YpZlg1Y4QkxS +Vptq7OZBjiKeLUhLhGJ6GWgEIedLcoCtFzKCfz3zwn0Oxl+1EnVu8yqN+quWTf8P +7EZn+0ztqZY059BrcK2jmOyXvtOZBcAHXCUknh/uPHwAJV2WFWSNid2kNiLOrV+J +3eLTs5sF9wNhxWRhl6/10cwTzjy0Onv5cJh2tjdwksigMRMwz4c839zXORni/tnY ++IY22kNTKu84gB8rBuqUq8MQXNdS3bbROwwNUzpC0D1C1z1fBvyXDL1EwJdz70Wc +2m/Sw6tIid5g98+XMW+Ibt43Jk2XbK71JLhbVbePbAcHVh/UXEtnjhRfX7oyWlwS +a+lkKMiJd/6CQ6bvYsgklE7uEzTpRskpkkOcCk1O+8jfl+DsDwKrvVaNu8tpx45k +TtV4JDA6iEHKakD/zZdVTR79W2CFqBvRfRikc5INOl1OfMQ4ODmjkMl3yI9wrHwS +SQQxdq2XsS7xbU9HDFBEguQDu0rfzILZ9DuKIVHyr/CsRoJ5joj+JvKaUQC81ywQ +aB8EKy5bg4U6 +=IbYW +-----END PGP PUBLIC KEY BLOCK----- diff --git a/spamassassin-perl-fix.patch b/spamassassin-perl-fix.patch new file mode 100644 index 0000000..10c66f1 --- /dev/null +++ b/spamassassin-perl-fix.patch @@ -0,0 +1,12 @@ +diff -ruNp Mail-SpamAssassin-3.4.1.orig/spamc/configure.pl Mail-SpamAssassin-3.4.1/spamc/configure.pl +--- Mail-SpamAssassin-3.4.1.orig/spamc/configure.pl 2015-04-28 21:56:59.000000000 +0200 ++++ Mail-SpamAssassin-3.4.1/spamc/configure.pl 2017-07-21 23:34:50.122992872 +0200 +@@ -66,7 +66,7 @@ print join(' ', $Config{'perlpath'}, "ve + # Do the same thing as for the preprocessor below. + package version_h; + my $Z = $0; +- local $0 = "version.h.pl"; ++ local $0 = "./version.h.pl"; + local @ARGV = (); + # Got to check for defined because the script returns shell error level! + unless (defined do $0) { diff --git a/spamassassin-spamc.rc b/spamassassin-spamc.rc new file mode 100644 index 0000000..911dcd4 --- /dev/null +++ b/spamassassin-spamc.rc @@ -0,0 +1,3 @@ +# send mail through spamassassin +:0fw +| /usr/bin/spamc diff --git a/spamassassin-spamd.init b/spamassassin-spamd.init new file mode 100644 index 0000000..07c17c0 --- /dev/null +++ b/spamassassin-spamd.init @@ -0,0 +1,100 @@ +#!/bin/sh +# +# spamassassin This script starts and stops the spamd daemon +# +# chkconfig: 2345 80 30 +# +# description: spamd is a daemon process which uses SpamAssassin to check \ +# email messages for SPAM. It is normally called by spamc \ +# from a MDA. +# processname: spamd +# pidfile: /var/run/spamd.pid + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +SPAMD_OPTS="-d -c" +# Source configureation. +if [ -f /etc/sysconfig/spamd ] ; then + . /etc/sysconfig/spamd +fi + +# Check that networking is up. +if is_no "${NETWORKING}"; then + msg_network_down "SpamAssassin" + exit 1 +fi + +start() { + # Start daemon. + if [ -f /var/lock/subsys/spamd ]; then + msg_already_running "SpamAssassin" + return + fi + + # Check if database is installed. + if [ "$(find /var/lib/spamassassin/ -name '*.cf' | head -n1 | wc -l)" -eq 0 ]; then + show 'Spamassassin database not found. Run sa-update first.'; fail + return 1 + fi + + msg_starting "SpamAssassin" + daemon /usr/bin/spamd -r /var/run/spamd.pid $SPAMD_OPTS + RETVAL=$? + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/spamd +} + +stop() { + # Stop daemons. + if [ ! -f /var/lock/subsys/spamd ]; then + msg_not_running "SpamAssassin" + return + fi + + msg_stopping "SpamAssassin" + killproc --pidfile spamd.pid spamd + RETVAL=$? + rm -f /var/lock/subsys/spamd +} + +condrestart() { + if [ ! -f /var/lock/subsys/spamd ]; then + msg_not_running "SpamAssassin" + RETVAL=$1 + return + fi + + stop + start +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + stop + start + ;; + try-restart) + condrestart 0 + ;; + force-reload) + condrestart 7 + ;; + status) + status --pidfile spamd.pid spamd + ;; + *) + msg_usage "$0 {start|stop|restart|try-restart|force-reload|status}" + exit 1 +esac + +exit $RETVAL diff --git a/spamassassin.spec b/spamassassin.spec new file mode 100644 index 0000000..a713160 --- /dev/null +++ b/spamassassin.spec @@ -0,0 +1,430 @@ +# TODO +# - build lib{,ssl}spamc.so (if there is a point) +# - sa-check_spamd into nagios-plugin-check_spamd subpackage +# +# Conditional build: +%bcond_without tests # do not perform "make test" + +%define pdir Mail +%define pnam SpamAssassin +%define sa_version %(printf %d.%03d%03d $(echo %{version} | tr '.' ' ')) +%include /usr/lib/rpm/macros.perl +Summary: A spam filter for email which can be invoked from mail delivery agents +Summary(pl.UTF-8): Filtr antyspamowy, przeznaczony dla programów dostarczających pocztę (MDA) +Name: spamassassin +Version: 3.4.1 +Release: 8 +License: Apache v2.0 +Group: Applications/Mail +Source0: http://ftp.ps.pl/pub/apache//spamassassin/source/%{pdir}-%{pnam}-%{version}.tar.bz2 +# Source0-md5: 0db5d27d7b782ff5eadee12b95eae84c +Source1: %{name}.sysconfig +Source2: %{name}-spamd.init +Source3: %{name}-default.rc +Source4: %{name}-spamc.rc +Source5: sa-update.sh +Source6: sa-update.cron +Source7: spamassassin-official.conf +Source8: sought.conf +Source9: cronjob-sa-update.service +Source10: cronjob-sa-update.timer +Patch0: spamassassin-3.4.1-netdns.patch +Patch1: %{name}-perl-fix.patch +Patch2: bug_771408_perl_version +Patch3: bug_828552-openssl-1.1.0 +Patch4: bug-869408-unescaped-brace-in-regex.patch +Patch5: disable_sslv3 +Patch6: dkim_subdomains +Patch7: fix-uninitialized-concat +URL: http://spamassassin.apache.org/ +BuildRequires: openssl-devel >= 0.9.7d +BuildRequires: perl(ExtUtils::MakeMaker) >= 6.16 +BuildRequires: perl-Archive-Tar +BuildRequires: perl-DBI +BuildRequires: perl-DB_File +BuildRequires: perl-Digest-SHA1 >= 2.10 +BuildRequires: perl-HTML-Parser >= 3 +BuildRequires: perl-IO-Socket-INET6 >= 2.51 +BuildRequires: perl-IO-Socket-SSL +BuildRequires: perl-IO-Zlib +BuildRequires: perl-IP-Country +BuildRequires: perl-Mail-SPF-Query +BuildRequires: perl-Net-DNS >= 0.65-3 +BuildRequires: perl-Net-Ident +BuildRequires: perl-NetAddr-IP >= 4.000 +#BuildRequires: perl-Razor2 +BuildRequires: perl-devel >= 1:5.8.0 +BuildRequires: perl-libwww +BuildRequires: re2c +BuildRequires: rpm-perlprov >= 4.1-13 +BuildRequires: rpmbuild(macros) >= 1.453 +%if %{with tests} +# are these really needed? +#BuildRequires: perl-Compress-Zlib +BuildRequires: perl-Encode-Detect +BuildRequires: perl-MIME-Base64 +BuildRequires: perl-MIME-tools +BuildRequires: perl-Mail-DKIM +BuildRequires: perl-Mail-DomainKeys +BuildRequires: perl-Mail-SPF +BuildRequires: perl-MailTools +BuildRequires: perl-Razor > 2.61 +%endif +Requires: perl-Mail-SpamAssassin = %{version}-%{release} +Obsoletes: SpamAssassin +Obsoletes: spamassassin-tools +BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) + +%define _noautoreq 'perl(Razor2::Client::Agent)' 'perl(Razor::Agent)' 'perl(Razor::Client)' 'perl(DBI)' 'perl(Net::Ident)' + +%description +Apache SpamAssassin provides you with a way to reduce if not +completely eliminate Unsolicited Commercial Email (SPAM) from your +incoming email. It can be invoked by a MDA such as sendmail or +postfix, or can be called from a procmail script, .forward file, etc. +It uses a genetic-algorithm evolved scoring system to identify +messages which look spammy, then adds headers to the message so they +can be filtered by the user's mail reading software. This distribution +includes the spamd/spamc components which create a server that +considerably speeds processing of mail. + +To enable spamassassin, if you are receiving mail locally, simply add +this line to your ~/.procmailrc: +INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc + +To filter spam for all users, add that line to /etc/procmailrc +(creating if necessary). + +%description -l pl.UTF-8 +Apache SpamAssassin daje możliwość zredukowania, jeśli nie kompletnego +wyeliminowania niezamawianej komercyjnej poczty (Unsolicited +Commercial Email, spamu) z poczty. Może być wywoływany z MDA, np. +Sendmaila czy Postfiksa, lub z pliku ~/.forward itp. Używa ogólnego +algorytmu oceniania w celu identyfikacji wiadomości, które wyglądają +na SPAM, po czym dodaje nagłówki do wiadomości, umożliwiając +filtrowanie przez oprogramowanie użytkownika. Ta dystrybucja zawiera +programy spamd/spamc, umożliwiające uruchomienie serwera, co znacznie +przyspieszy proces przetwarzania poczty. + +Aby uruchomić spamassassina dla lokalnie przychodzącej poczty, +wystarczy dodać do własnego ~/.procmailrc linię: +INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc + +Aby filtrować spam dla wszystkich użytkowników, należy dodać tę linię +do pliku /etc/procmailrc (tworząc go w razie potrzeby). + +%package spamd +Summary: spamd - daemonized version of spamassassin +Summary(pl.UTF-8): spamd - spamassassin w postaci demona +Group: Applications/Mail +Requires(post,preun): /sbin/chkconfig +Requires: perl-Mail-SpamAssassin = %{version}-%{release} +Requires: rc-scripts +Suggests: perl-Apache-Test +Suggests: perl-IO-Socket-IP +Suggests: perl-IO-Socket-SSL +Suggests: perl-IO-Socket-INET6 +Suggests: perl-Net-Ident + +%description spamd +The purpose of this program is to provide a daemonized version of the +spamassassin executable. The goal is improving throughput performance +for automated mail checking. + +This is intended to be used alongside "spamc", a fast, low-overhead C +client program. + +%description spamd -l pl.UTF-8 +Spamd jest "demoniczną" wersją spamassassina. Jego zadaniem jest +poprawa wydajności automatycznego sprawdzania poczty. + +Spamd powinien być używany wespół ze "spamc", który jest szybkim i +wydajnym programem klienckim. + +%package spamc +Summary: spamc - client for spamd +Summary(pl.UTF-8): spamc - klient dla spamd +Group: Applications/Mail +Suggests: perl-Compress-Zlib + +%description spamc +Spamc is the client half of the spamc/spamd pair. It should be used in +place of "spamassassin" in scripts to process mail. It will read the +mail from STDIN, and spool it to its connection to spamd, then read +the result back and print it to STDOUT. Spamc has extremely low +overhead in loading, so it should be much faster to load than the +whole spamassassin program. + +To enable spamassassin, if you are receiving mail locally, simply add +this line to your ~/.procmailrc: +INCLUDERC=/etc/mail/spamassassin/spamassassin-spamc.rc + +To filter spam for all users, add that line to /etc/procmailrc +(creating if necessary). + +%description spamc -l pl.UTF-8 +Spamc powinien być używany zamiast "spamassassina" w skryptach +przetwarzających pocztę. Zczytuje pocztę ze STDIN, kolejkuje ją a +następnie przekazuje spamdowi, odczytuje wynik i podaje go na STDOUT. +Spamc stara się nie obciążać zbytnio procesora podczas ładowania, +dzięki czemu powinien działać szybciej niż sam spamassassin. + +Aby uruchomić spamassassina dla lokalnie przychodzącej poczty, +wystarczy dodać do własnego ~/.procmailrc linię: +INCLUDERC=/etc/mail/spamassassin/spamassassin-spamc.rc + +Aby filtrować spam dla wszystkich użytkowników, należy dodać tę linię +do pliku /etc/procmailrc (tworząc go w razie potrzeby). + +%package compile +Summary: sa-compile - compile SpamAssassin ruleset into native code +Summary(pl.UTF-8): sa-compile - kompilowanie reguł SpamAssasina do kodu natywnego +Group: Applications/Mail +Requires: gcc +Requires: glibc-devel +Requires: make +Requires: perl(ExtUtils::MakeMaker) +Requires: perl-Mail-SpamAssassin = %{version}-%{release} +Requires: perl-devel +Requires: re2c >= 0.10 + +%description compile +sa-compile uses "re2c" to compile the SpamAssassin ruleset. This is +then used by the "Mail::SpamAssassin::Plugin::Rule2XSBody" plugin to +speed up SpamAssassin's operation, where possible, and when that +plugin is loaded. + +%description compile -l pl.UTF-8 +sa-compile wykorzystuje re2c do kompilacji reguł SpamAssassina. Służy +to do przyspieszenia operacji SpamAssassina w miarę możliwości, kiedy +ta wtyczka jest wczytana. + +%package update +Summary: sa-update - automate SpamAssassin rule updates +Summary(pl.UTF-8): sa-update - automatyczne uaktualnianie regułek SpamAssassina +Group: Applications/Mail +Requires: cronjobs +Requires: gnupg +Requires: perl-Archive-Tar +Requires: perl-Mail-SpamAssassin = %{version}-%{release} +Requires: perl-libwww + +%description update +sa-update automates the process of downloading and installing new +rules and configuration, based on channels. The default channel is +updates.spamassassin.org, which has updated rules since the previous +release. + +Update archives are verified by default using SHA1 hashes and GPG +signatures. + +%description update -l pl.UTF-8 +sa-update automatyzuje proces ściągania i instalowania nowych regułek +i konfiguracji w oparciu o kanały. Domyślny kanał to +updates.spamassassin.org, który ma uaktualnione regułki od czasu +poprzedniego wydania. + +Archiwa uaktualnień są sprawdzane domyślnie przy użyciu skrótów SHA1 i +podpisów GPG. + +%package -n perl-Mail-SpamAssassin +Summary: Mail::SpamAssassin - SpamAssassin e-mail filter libraries +Summary(pl.UTF-8): Mail::SpamAssassin - biblioteki filtra poczty SpamAssassin +Group: Development/Languages/Perl +Requires: perl-HTML-Parser >= 3 +# what for this one? +#Requires: perl-Sys-Hostname-Long +Suggests: Razor +Suggests: perl-Cache-DB_File >= 0.2 +Suggests: perl-DBD-mysql +Suggests: perl-Encode-Detect +Suggests: perl-Geo-IP +Suggests: perl-IO-Socket-INET6 >= 2.51 +Suggests: perl-IP-Country +Suggests: perl-Mail-DKIM +#Suggests: perl-Mail-DomainKeys +#Suggests: perl-Mail-SPF +Suggests: perl-Mail-SPF-Query +Suggests: perl-Net-DNS >= 0.34 +Suggests: perl-Net-Patricia +Suggests: spamassassin-compile +Suggests: spamassassin-plugin-fuzzyocr +Suggests: spamassassin-update + +%description -n perl-Mail-SpamAssassin +Mail::SpamAssassin is a Mail::Audit plugin to identify spam using text +analysis and several internet-based realtime blacklists. Using its +rule base, it uses a wide range of heuristic tests on mail headers and +body text to identify ``spam'', also known as unsolicited commercial +email. Once identified, the mail can then be optionally tagged as spam +for later filtering using the user's own mail user-agent application. + +%description -n perl-Mail-SpamAssassin -l pl.UTF-8 +Mail::SpamAssassin jest pluginem dla Mail::Audit, służącym do +identyfikacji spamu przy użyciu analizy zawartości i/lub internetowych +czarnych list. Do zidentyfikowania jako ,,spam'' stosuje szeroki +zakres testów heurystycznych na nagłówkach i treści, posiłkując się +stworzoną wcześniej bazą reguł. Po zidentyfikowaniu, poczta może być +oznaczona jako spam w celu późniejszego wyfiltrowania, np. przy użyciu +aplikacji do czytania poczty. + +%prep +%setup -q -n %{pdir}-%{pnam}-%{version} +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 + +# disable broken test +%{__mv} t/sa_compile.t{,.disabled} + +# this test needs network, does not work on builders +%{__mv} t/dnsbl_subtests.t{,.disabled} + +%build +# for spamc/configure +export CFLAGS="%{rpmcflags}" +%{__perl} Makefile.PL \ + INSTALLDIRS=vendor \ + PREFIX=%{_prefix} \ + SYSCONFDIR=%{_sysconfdir} \ + DATADIR=%{_datadir}/spamassassin \ + ENABLE_SSL=yes \ + CONTACT_ADDRESS="postmaster@localhost" \ + PERL_BIN=%{__perl} < /dev/null + +%{__make} \ + CC="%{__cc}" \ + OPTIMIZE="%{rpmcflags}" + +%{__sed} -e "s,@@LOCAL_STATE_DIR@@,$(pwd)," sa-compile.raw > sa-compile.pl +%{__perl} -T sa-compile.pl --siteconfigpath=rules + +%{?with_tests:%{__make} -j1 TEST_VERBOSE=1 test} + +%install +rm -rf $RPM_BUILD_ROOT +install -d $RPM_BUILD_ROOT{/etc/{cron.d,sysconfig,rc.d/init.d},%{_sysconfdir}/mail/spamassassin/channel.d,%{systemdunitdir}} + +%{__make} install \ + DESTDIR=$RPM_BUILD_ROOT + +install %{SOURCE1} $RPM_BUILD_ROOT/etc/sysconfig/spamd +install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/spamd +install %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin +install %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin +install %{SOURCE5} $RPM_BUILD_ROOT%{_datadir}/spamassassin/sa-update.cron +install %{SOURCE6} $RPM_BUILD_ROOT/etc/cron.d/sa-update +install %{SOURCE7} $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channel.d +install %{SOURCE8} $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channel.d +install %{SOURCE9} $RPM_BUILD_ROOT%{systemdunitdir}/cronjob-sa-update.service +install %{SOURCE10} $RPM_BUILD_ROOT%{systemdunitdir}/cronjob-sa-update.timer + +# sa-update, sa-compile +install -d $RPM_BUILD_ROOT/var/lib/spamassassin/{%{sa_version},compiled/%{sa_version}} +install -d $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/sa-update-keys +touch $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/sa-update-keys/{pubring,secring,trustdb}.gpg + +rm -f $RPM_BUILD_ROOT{%{perl_archlib}/perllocal.pod,%{perl_vendorarch}/auto/Mail/SpamAssassin/.packlist,%{_mandir}/man3/spamassassin-run.*} + +cat > $RPM_BUILD_ROOT%{_sysconfdir}/mail/spamassassin/channels << 'EOF' +# Use %{_sysconfdir}/mail/spamassassin/channel.d/*.conf for new channels +EOF + +%clean +rm -rf $RPM_BUILD_ROOT + +%post spamd +/sbin/chkconfig --add spamd +%service spamd restart + +%preun spamd +if [ "$1" = "0" ]; then + %service spamd stop + /sbin/chkconfig --del spamd +fi + +%triggerpostun spamd -- spamassassin-spamd < 3.1.0-5.3 +# temp hack, should we care of the dead link? +ln -s spamd /etc/rc.d/init.d/spamassassin +/sbin/chkconfig --del spamassassin +rm -f /etc/rc.d/init.d/spamassassin +if [ -f /etc/sysconfig/spamassassin.rpmsave ]; then + mv -f /etc/sysconfig/spamassassin.rpmsave /etc/sysconfig/spamd +fi + +%files +%defattr(644,root,root,755) +%doc CREDITS Changes INSTALL README TRADEMARK UPGRADE USAGE +%doc procmailrc.example sql/ ldap/ +%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/mail/spamassassin/spamassassin-default.rc +%attr(755,root,root) %{_bindir}/sa-learn +%attr(755,root,root) %{_bindir}/sa-awl +%attr(755,root,root) %{_bindir}/spamassassin +%attr(755,root,root) %{_bindir}/sa-check_spamd + +# It's needed for help of spamassassin command. +%{perl_vendorlib}/spamassassin-run.pod +%{_mandir}/man1/sa-learn.1* +%{_mandir}/man1/spamassassin.1* +%{_mandir}/man1/spamassassin-run.1* +%{_mandir}/man1/sa-awl.1* + +%files spamd +%defattr(644,root,root,755) +%doc spamd/README* +%attr(754,root,root) /etc/rc.d/init.d/spamd +%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/spamd +%attr(755,root,root) %{_bindir}/spamd +%{_mandir}/man1/spamd.1* + +%files spamc +%defattr(644,root,root,755) +%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/mail/spamassassin/spamassassin-spamc.rc +%attr(755,root,root) %{_bindir}/spamc +%{_mandir}/man1/spamc.1* + +%files compile +%defattr(644,root,root,755) +%attr(755,root,root) %{_bindir}/sa-compile +%{_mandir}/man1/sa-compile.1* +%dir /var/lib/spamassassin/compiled +%dir /var/lib/spamassassin/compiled/%{sa_version} + +%files update +%defattr(644,root,root,755) +%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/mail/spamassassin/channels +%dir %{_sysconfdir}/mail/spamassassin/channel.d +%{_sysconfdir}/mail/spamassassin/channel.d/spamassassin-official.conf +%{_sysconfdir}/mail/spamassassin/channel.d/sought.conf +%attr(700,root,root) %dir %{_sysconfdir}/mail/spamassassin/sa-update-keys +%attr(700,root,root) %ghost %{_sysconfdir}/mail/spamassassin/sa-update-keys/* +%config(noreplace) %verify(not md5 mtime size) /etc/cron.d/sa-update +%attr(755,root,root) %{_bindir}/sa-update +%attr(755,root,root) %{_datadir}/spamassassin/sa-update.cron +%{_datadir}/spamassassin/sa-update-pubkey.txt +%dir /var/lib/spamassassin/%{sa_version} +%{_mandir}/man1/sa-update.1* +%{systemdunitdir}/cronjob-sa-update.service +%{systemdunitdir}/cronjob-sa-update.timer + +%files -n perl-Mail-SpamAssassin +%defattr(644,root,root,755) +%doc sample-nonspam.txt sample-spam.txt +%dir %{_sysconfdir}/mail/spamassassin +%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/mail/spamassassin/*.pre +%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/mail/spamassassin/*.cf +%exclude %{_sysconfdir}/mail/spamassassin/sa-update-keys +%dir %{_datadir}/spamassassin +%config(noreplace) %{_datadir}/spamassassin/languages +%config(noreplace) %{_datadir}/spamassassin/user_prefs.template +%exclude %{_datadir}/spamassassin/sa-update-pubkey.txt + +%dir /var/lib/spamassassin + +%{perl_vendorlib}/Mail/* +%{_mandir}/man3/*.3* diff --git a/spamassassin.sysconfig b/spamassassin.sysconfig new file mode 100644 index 0000000..f8e4aca --- /dev/null +++ b/spamassassin.sysconfig @@ -0,0 +1,4 @@ +# Customized settings for spamassassin (spamd) + +# Cmdline options +SPAMD_OPTS="-d -c --pidfile=/var/run/spamassassin.pid" -- 2.46.0