From 4979688fafe9a9b3e7db30bead360886b07f92f3 Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Fri, 25 Jan 2019 18:59:02 +0100 Subject: [PATCH 1/1] - from PLD, migrated configuration to /etc/postfix --- disable-transaction-logic | 30 +++++++++ postgrey-group.patch | 20 ++++++ postgrey.init | 83 +++++++++++++++++++++++ postgrey.spec | 136 ++++++++++++++++++++++++++++++++++++++ postgrey.sysconfig | 7 ++ postgrey_clients_dump | 57 ++++++++++++++++ 6 files changed, 333 insertions(+) create mode 100644 disable-transaction-logic create mode 100644 postgrey-group.patch create mode 100644 postgrey.init create mode 100644 postgrey.spec create mode 100644 postgrey.sysconfig create mode 100644 postgrey_clients_dump diff --git a/disable-transaction-logic b/disable-transaction-logic new file mode 100644 index 0000000..a82a121 --- /dev/null +++ b/disable-transaction-logic @@ -0,0 +1,30 @@ +patch to disable the transactional logic during the cleaning of the DB, this +fixes a problem seen as result of updates of BerkeleyDB. +See http://bugs.debian.org/614968 for more info + +--- a/postgrey ++++ b/postgrey +@@ -276,11 +276,7 @@ + $nr_keys_after++; + } + } +- my $db_obj = $self->{postgrey}{db_obj}; +- my $txn = $db_env->txn_begin(); +- $db_obj->Txn($txn); + for my $key (@old_keys) { delete $db->{$key}; } +- $txn->txn_commit(); + + $self->mylog(1, "cleaning main database finished. before: $nr_keys_before, after: $nr_keys_after"); + +@@ -300,11 +296,7 @@ + $nr_keys_after++; + } + } +- my $db_cawl_obj = $self->{postgrey}{db_cawl_obj}; +- $txn = $db_env->txn_begin(); +- $db_cawl_obj->Txn($txn); + for my $key (@old_keys_cawl) { delete $cawl_db->{$key}; } +- $txn->txn_commit(); + + $self->mylog(1, "cleaning clients database finished. before: $nr_keys_before, after: $nr_keys_after"); + } diff --git a/postgrey-group.patch b/postgrey-group.patch new file mode 100644 index 0000000..2f2b0b7 --- /dev/null +++ b/postgrey-group.patch @@ -0,0 +1,20 @@ +--- postgrey-1.31/postgrey.orig 2007-09-06 16:32:58.000000000 +0200 ++++ postgrey-1.31/postgrey 2007-11-13 08:33:21.000000000 +0100 +@@ -557,7 +557,7 @@ + port => [ $opt{inet} ? $opt{inet} : $opt{unix}."|unix" ], + proto => $opt{inet} ? 'tcp' : 'unix', + user => $opt{user} || 'postgrey', +- group => $opt{group} || 'nogroup', ++ group => $opt{group} || 'postgrey', + dbdir => $opt{dbdir} || $DEFAULT_DBDIR, + setsid => $opt{daemonize} ? 1 : undef, + pid_file => $opt{daemonize} ? $opt{pidfile} : undef, +@@ -764,7 +764,7 @@ + -d, --daemonize run in the background + --pidfile=PATH put daemon pid into this file + --user=USER run as USER (default: postgrey) +- --group=GROUP run as group GROUP (default: nogroup) ++ --group=GROUP run as group GROUP (default: postgrey) + --dbdir=PATH put db files in PATH (default: /var/spool/postfix/postgrey) + --delay=N greylist for N seconds (default: 300) + --max-age=N delete entries older than N days since the last time diff --git a/postgrey.init b/postgrey.init new file mode 100644 index 0000000..24e5a5e --- /dev/null +++ b/postgrey.init @@ -0,0 +1,83 @@ +#!/bin/sh +# +# postgrey Postfix Greylisting Policy Server +# +# chkconfig: 2345 79 31 +# description: Postfix Greylisting Policy Server +# +# processname: postgrey +# pidfile: /var/run/postgrey.pid +# + +# Source function library +. /etc/rc.d/init.d/functions + +# Get network config +. /etc/sysconfig/network + +OPTIONS="--unix=/var/spool/postfix/postgrey/socket" + +# Get service config +[ -f /etc/sysconfig/postgrey ] && . /etc/sysconfig/postgrey + +OPTIONS="$OPTIONS $POSTGREY_OPTS" + +# Check that networking is up. +if is_yes "${NETWORKING}"; then + if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status ]; then + msg_network_down postgrey + exit 1 + fi +else + exit 0 +fi + +RETVAL=0 + +# See how we were called. +case "$1" in + start) + # Check if the service is already running? + if [ ! -f /var/lock/subsys/postgrey ]; then + msg_starting postgrey + daemon /usr/sbin/postgrey -d --pidfile=/var/run/postgrey.pid $OPTIONS + RETVAL=$? + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/postgrey + else + msg_already_running postgrey + fi + ;; + stop) + if [ -f /var/lock/subsys/postgrey ]; then + msg_stopping postgrey + killproc postgrey + else + msg_not_running postgrey + fi + rm -f /var/lock/subsys/postgrey >/dev/null 2>&1 + ;; + restart) + $0 stop + $0 start + exit $? + ;; + reload|force-reload) + if [ -f /var/lock/subsys/postgrey ]; then + msg_reloading postgrey + killproc postgrey -HUP + RETVAL=$? + else + msg_not_running postgrey + exit 7 + fi + ;; + status) + status --pidfile /var/run/postgrey.pid postgrey + exit $? + ;; + *) + msg_usage "$0 {start|stop|restart|reload|force-reload|status}" + exit 3 +esac + +exit $RETVAL diff --git a/postgrey.spec b/postgrey.spec new file mode 100644 index 0000000..bac60e6 --- /dev/null +++ b/postgrey.spec @@ -0,0 +1,136 @@ +%include /usr/lib/rpm/macros.perl +Summary: Postfix Greylisting Policy Server +Summary(pl.UTF-8): Serwer do polityki "szarych list" dla Postfiksa +Name: postgrey +Version: 1.37 +Release: 5 +License: GPL v2 +Group: Networking/Daemons +Source0: http://postgrey.schweikert.ch/pub/%{name}-%{version}.tar.gz +# Source0-md5: 2ef30f42ad84f00caf41c49b593b8e2a +Source1: %{name}.init +Source2: %{name}.sysconfig +Source3: http://www.lipek.pl/postgrey_clients_dump +# Source3-md5: 155b88f2781b03535bfa2797cda28e52 +Patch0: %{name}-group.patch +Patch1: disable-transaction-logic +URL: http://postgrey.schweikert.ch/ +BuildRequires: rpm-perlprov +BuildRequires: rpmbuild(macros) >= 1.268 +Requires: perl-IO-Multiplex +Requires: postfix +BuildArch: noarch +BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) + +%define _sysconfdir /etc/postfix + +%description +Postgrey is a Postfix policy server implementing greylisting. When a +request for delivery of a mail is received by Postfix via SMTP, the +triplet CLIENT_IP / SENDER / RECIPIENT is built. If it is the first +time that this triplet is seen, or if the triplet was first seen less +than 5 minutes, then the mail gets rejected with a temporary error. +Hopefully spammers or viruses will not try again later, as it is +however required per RFC. + +Edit your configuration files: +%{_sysconfdir}/main.cf: + smtpd_recipient_restrictions = ... + check_policy_service unix:postgrey/socket, ... +or if you like to use inet sockets (modify the IP if needed): +/etc/sysconfig/postgrey: + OPTIONS="--inet=127.0.0.1:10023" +%{_sysconfdir}/main.cf: + smtpd_recipient_restrictions = ... + check_policy_service inet:127.0.0.1:10023, ... + +%description -l pl.UTF-8 +Postgrey to serwer polityki dla Postfiksa implementujący "szare +listy". Kiedy Postfix otrzymuje po SMTP żądanie dostarczenia poczty, +tworzony jest triplet IP_KLIENTA / NADAWCA / ADRESAT. Jeśli dany +triplet jest widziany po raz pierwszy lub był widziany po raz pierwszy +mniej niż 5 minut temu, poczta jest odrzucana z tymczasowym błędem. +Można mieć nadzieję, że spamerzy i wirusy nie będą próbować ponownie, +co jest jednak wymagane przez RFC. + +Aby użyć tego programu należy zmodyfikować pliki konfiguracyjne: +%{_sysconfdir}/main.cf: + smtpd_recipient_restrictions = ... + check_policy_service unix:postgrey/socket, ... +lub jeśli chcemy używać gniazd inet (w razie potrzeby zmienić IP): +/etc/sysconfig/postgrey: + OPTIONS="--inet=127.0.0.1:10023" +%{_sysconfdir}/main.cf: + smtpd_recipient_restrictions = ... + check_policy_service inet:127.0.0.1:10023, ... + +%prep +%setup -q +%patch0 -p1 +%patch1 -p1 + +%install +rm -rf $RPM_BUILD_ROOT +install -d $RPM_BUILD_ROOT{/etc/{rc.d/init.d,sysconfig},%{_sysconfdir},%{_sbindir}} \ + $RPM_BUILD_ROOT%{_var}/spool/postfix/%{name} + +# init script: +install %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name} +install %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/%{name} + +install postgrey_whitelist_clients $RPM_BUILD_ROOT%{_sysconfdir} +install postgrey_whitelist_recipients $RPM_BUILD_ROOT%{_sysconfdir} +touch $RPM_BUILD_ROOT%{_sysconfdir}/postgrey_whitelist_clients.local + +install postgrey %{SOURCE3} contrib/postgreyreport $RPM_BUILD_ROOT%{_sbindir} + +%clean +rm -rf $RPM_BUILD_ROOT + +%pre +%groupadd -g 155 postgrey +%useradd -u 155 -d %{_var}/spool/postfix/%{name} -s /sbin/false -c "Postfix Greylisting Policy" -g postgrey postgrey + +%post +/sbin/chkconfig --add %{name} +%service %{name} restart + +%preun +if [ "$1" = 0 ]; then + %service %{name} stop + /sbin/chkconfig --del %{name} +fi + +%postun +if [ "$1" = 0 ]; then + %userremove postgrey + %groupremove postgrey + # should be done?: + rm -rf %{_var}/spool/postfix/%{name} +fi + +%triggerun -- %{name} < 1.37-5 +if [ $1 -le 1 ]; then + exit 0 +fi +for f in /etc/mail/postgres_whitelist_{clients,clients.local,recipients}; do + f=${f##*/} + [ -f "/etc/mail/$f" ] && mv "/etc/mail/$f" "/etc/postfix/$f" 2>/dev/null || : +done +[ -n "$(find /etc/mail -type d -empty 2>/dev/null)" ] && rmdir /etc/mail 2>/dev/null || : + +%triggerpostun -- %{name} < 1.37-5 +echo +echo "Warning! Configuration has been migrated to /etc/postfix." +echo + +%files +%defattr(644,root,root,755) +%doc README Changes +%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/postgrey_whitelist_clients +%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/postgrey_whitelist_recipients +%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/postgrey_whitelist_clients.local +%attr(640,root,postgrey) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name} +%attr(754,root,root) /etc/rc.d/init.d/%{name} +%attr(755,root,root) %{_sbindir}/postgrey* +%dir %attr(711,postgrey,postgrey) %{_var}/spool/postfix/%{name} diff --git a/postgrey.sysconfig b/postgrey.sysconfig new file mode 100644 index 0000000..78215f1 --- /dev/null +++ b/postgrey.sysconfig @@ -0,0 +1,7 @@ +# PostGrey startup configuration file + +# Try to define nice-level for running postgrey +SERVICE_RUN_NICE_LEVEL="+5" + +# Define your own Postgrey 4xx message +#POSTGREY_OPTS="--greylist-text='Greylisted, see http://yourdomain.tld/your-mail-policy/?domain=%r'" diff --git a/postgrey_clients_dump b/postgrey_clients_dump new file mode 100644 index 0000000..640e899 --- /dev/null +++ b/postgrey_clients_dump @@ -0,0 +1,57 @@ +#!/usr/bin/perl -w + +# written by David Schweikert and adapted to Debian by Adrian von Bidder +# adapted to PLD Linux Distribution Micha³ Lipka +# this script is in the public domain +# +# This script will output all clients that were automatically whitelisted +# by postgrey's --auto-whitelist-clients option. +# Set the default number of mails your to fit your needs (generally it +# should be the same as N i --auto-whitelist-clients=N) + +use BerkeleyDB; +use Socket; + +my $dbdir = '/var/spool/postfix/postgrey/'; +my $mails = 3; + +sub resolv($) { + my $host = shift; + my $iaddr = inet_aton($host); + return gethostbyaddr($iaddr, AF_INET) || $host; +} + +sub dbopen($) +{ + my ($dbdir) = @_; + my %db; + + my $dbenv = BerkeleyDB::Env->new( + -Home => $dbdir, + -Flags => DB_INIT_TXN|DB_INIT_MPOOL|DB_INIT_LOG, + ) or die "ERROR: can't open DB environment: $!\n"; + + tie(%db, 'BerkeleyDB::Btree', + -Filename => "postgrey_clients.db", + -Flags => DB_RDONLY, + -Env => $dbenv, + ) or die "ERROR: can't open database $dbdir/postgrey_clients.db: $!\n"; + + return \%db; +} + +sub main() +{ + # go through the database + my $db = dbopen($dbdir); + while (my ($key, $value) = each %$db) { + my ($c,$l) = split(/,/,$value); + $c >= $mails or next; + my $host = resolv($key); + print "$host [$key] ($c)\n"; + } +} + +main; + +# vim: sw=4 -- 2.37.3