Package: greylistd
Version: 0.8.3
Severity: wishlist
Tags: patch
Hi,
I took a look at greylistd and decided I wanted to use it with courier
and courier-filter-perl, and ended up hacking the package. The
attached diff is all the changes I did, and am sending to you in hope
it might be integrated in the package.
I've already tried to mail this to the maintainer directly, but had no
response.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-1-686
Locale: LANG=sv_SE.utf8, LC_CTYPE=sv_SE.utf8 (charmap=UTF-8)
#
# old_revision [9853692c7b7bdfb92e816f1c5255b67ac7dfc300]
#
# add_file "program/Greylist.pm"
# content [fdcc2b84a39699e6b7260d3c38d771d82a857d49]
#
# add_file "program/greylistd-setup-courierfilter"
# content [43ede48a12fc0affb52ccc316820614d17c8f716]
#
# patch "debian/README.Debian"
# from [ccf9f89d3520e0238cf0eb937da5b6fdc17ecfd1]
# to [9f1dba93d4cc5c6d8f48e70391c7cb0d29b05d4d]
#
# patch "debian/changelog"
# from [94317e037f125350774d100abbd1f669e0f9bcbd]
# to [61bd2a67b8f0cea8714dc2b815794e14d6a5dce9]
#
# patch "debian/config"
# from [79136866c2ca0e4c6c8561d1c26d656be839a4d6]
# to [fb3caf11055fcc59fb9e165a9aec527bbdb26197]
#
# patch "debian/control"
# from [0a6d46857bebe49811917d25cfa592a4acffa8da]
# to [d3744fbfc25db0e8babbdf3f2fbbbd84b1bc5767]
#
# patch "debian/install"
# from [0abbd01d375d1bd38fa78a77e07d531717c3538e]
# to [ba1264e8efe0f1964ae49dc860224091ad7c330d]
#
# patch "debian/postinst"
# from [27b15c235e7c16a0f117ceb46982a6704b6271c3]
# to [e4a9be022f6d00af2e158f310495a5d986dc184a]
#
# patch "debian/templates"
# from [f8317a4490fb460bfb7542322472ff888eb2279a]
# to [d7d82aea11bc1adc629608cc8c1aba7d9db03b49]
#
# set "program/greylistd-setup-courierfilter"
# attr "mtn:execute"
# value "true"
#
============================================================
--- program/Greylist.pm fdcc2b84a39699e6b7260d3c38d771d82a857d49
+++ program/Greylist.pm fdcc2b84a39699e6b7260d3c38d771d82a857d49
@@ -0,0 +1,88 @@
+package Courier::Filter::Module::Greylist;
+use base qw(Courier::Filter::Module);
+use Socket;
+
+sub new {
+ my ($class, %options) = @_;
+ my $conffile = "/etc/greylistd/config";
+ my %config = ();
+
+ if (-f $conffile) {
+ if (open(GREYCONF,$conffile)) {
+ my $section = "DEFAULT";
+ my $linecnt = 0;
+ while(<GREYCONF>) {
+ $linecnt++;
+ chomp;
+ print STDERR "DEBUG: <config[$linecnt]: $_\n"
+ if $options{debugging};
+ next if (/^\#/ || /^\s*$/); # Skip comments and blank lines
+ if (/^\s*\[([^\]]+)\]\s*(\#.*)?$/) {
+ $section = $1;
+ } elsif (/^\s*([^\s]+)\s*[:=]\s*(.*)$/) {
+ my $key = $1;
+ my $value = $2;
+ if (!defined $config{$section}) {
+ $config{$section} = {};
+ }
+ print STDERR "DEBUG: \$config{$section}->{$key} = $value\n"
+ if $options{debugging};
+ $config{$section}->{$key} = $value;
+ } else {
+ die "Syntax error in configuration file
$conffile:\n\"$_\"\n";
+ }
+ }
+ close(GREYCONF);
+ } else {
+ die "Reading configuration file $conffile: $!\n";
+ }
+ }
+
+ my $sockfile = $config{socket}->{path};
+ $sockfile = "/var/run/greylistd/socket" if (!defined $sockfile);
+
+ my $module = $class->SUPER::new( %options,
+ grey_sock_file => $sockfile );
+ return $module;
+}
+
+my %exits = ( "grey" => [ "4.7.1 Temporarily rejected", 451 ],
+ "black" => [ "5.7.1 Rejected", 550 ] );
+
+sub match {
+ my ($module, $message) = @_;
+
+ socket(GREYSOCK, PF_UNIX, SOCK_STREAM, 0)
+ || die "socket: $!\n";
+ connect(GREYSOCK, sockaddr_un($module->{grey_sock_file}))
+ || die "connect to " . $module->{grey_sock_file} . ": $!\n";
+
+ my $addr = $message->remote_host;
+# if (defined $module->{netmask}) {
+# my $netmask = $module->{netmask};
+# $netmask = 0 if $netmask < 0;
+# $netmask = 32 if $module->{netmask} > 32;
+
+# my $shift = 32 - $module->{netmask};
+# $addr = inet_ntoa((inet_aton($addr) >> $shift) << $shift);
+
+# print STDERR "DEBUG: address: ",$message->remote_host," -> ",$addr,"\n";
+# }
+
+ my $mess = "update "
+ .$addr." "
+ .$message->sender." "
+ .$message->recipients;
+ send GREYSOCK,$mess,0;
+ print STDERR "DEBUG: >$mess\n" if $module->{debugging};
+ my $reply = "";
+ recv GREYSOCK,$reply,1024,0;
+ print STDERR "DEBUG: <$reply\n" if $module->{debugging};
+
+ close(GREYSOCK);
+
+ $firstword = (split(/\s+/,$reply))[0];
+ $retval = $exits{$firstword};
+ return @$retval if (defined $retval);
+ return undef;
+}
============================================================
--- program/greylistd-setup-courierfilter
43ede48a12fc0affb52ccc316820614d17c8f716
+++ program/greylistd-setup-courierfilter
43ede48a12fc0affb52ccc316820614d17c8f716
@@ -0,0 +1,156 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+use File::Basename;
+
+my $default_pureperlfilterconf = "/etc/courier/filters/pureperlfilter.conf";
+
+sub usage {
+ my $progname = shift @_;
+ my $message = shift @_;
+
+ print STDERR "$progname: $message\n" if defined $message;
+ print STDERR map { $_,"\n" }
+ (
+ "Usage: $progname {add|remove|test} [options] [<file>]",
+ "",
+ " Add, remove or test for greylistd support in the given",
+ " courier-filter-perl configuration file.",
+ "",
+ " If no file is supplied, changes are made to the default",
+ " courier-filter-perl configuration files for your distribution.",
+ "",
+ " -quiet",
+ " Do not print anything to standard output.",
+ " -no-fail",
+ " Exit status is zero even on failure",
+ " -no-reload",
+ " Do not tell courier-filter-perl to reload configuration",
+ " after add / remove.",
+ " -netmask=<bits>",
+ " Filter the remote host address though a netmask of the",
+ " given size (useful values are between 16 and 31) before",
+ " it is passed to greylistd. Hosts within the same network",
+ " are then pooled together as if they represented a single",
+ " host."
+ );
+ exit 2 if defined $message;
+ exit 0;
+}
+
+my $true = 1;
+my $false = 0;
+
+sub courierfilter_configure {
+ my $config = shift @_;
+ my %options = @_;
+ my $changes = 0;
+
+ if ($config !~ /use\s+Courier::Filter::Module::Greylist;/) {
+ $config =~
+ s/(\n\#?use Courier::Filter::Module::)/\nuse
Courier::Filter::Module::Greylist;$1/;
+ $changes++;
+ }
+
+ if ($config !~ /Courier::Filter::Module::Greylist->new\(/) {
+ my $netmask = "";
+ $netmask =
+ "netmask => ".$options{netmask} if defined $options{netmask};
+ $config =~
+
s/(modules\s*=>\s*\[)/$1\n\tCourier::Filter::Module::Greylist->new($netmask),\n/;
+ $changes++;
+ }
+
+ print STDERR "DEBUG[add]: START CONFIG\n${config}DEBUG[add]: END CONFIG\n"
+ if defined $options{debug};
+
+ return ($false, "Already configured") if $changes == 0;
+ return ($true, $config);
+}
+sub courierfilter_deconfigure {
+ my $config = shift @_;
+ my %options = @_;
+ my $changes = 0;
+
+ if ($config =~ /^((.|\n)*\n)[
\#\t]*use\s+Courier::Filter::Module::Greylist;[ \t]*\n((.|\n)*)$/) {
+ $config = $1.$3;
+ $changes++;
+ }
+
+ if ($config =~ /^((.|\n)*)\n[
\t]*Courier::Filter::Module::Greylist->new\([^\)]*\),[ \t]*\n((.|\n)*)$/) {
+ $config = $1.$3;
+ $changes++;
+ }
+
+ print STDERR "DEBUG[remove]: START CONFIG\n${config}DEBUG[remove]: END
CONFIG\n"
+ if defined $options{debug};
+
+ return ($false, "Not configured") if $changes == 0;
+ return ($true, $config);
+}
+sub courierfilter_check {
+ my @result = courierfilter_configure(@_);
+
+ return ($true, "Not configured") if $result[0];
+ return ($true, "Already configured");
+}
+
+my %operations = ( add => \&courierfilter_configure,
+ remove => \&courierfilter_deconfigure,
+ test => \&courierfilter_check );
+
+
+my $progname = basename($0);
+my $action = undef;
+my $filename = undef;
+my %options = ();
+
+foreach my $arg (@ARGV) {
+ if ($arg =~ /^-([^=]+)=(.+)$/) {
+ $options{$1} = $2;
+ } elsif ($arg =~ /^-(.+)$/) {
+ $options{$1} = "";
+ } elsif (!defined $action) {
+ $action = $arg;
+ } elsif (!defined $filename) {
+ $filename = $arg;
+ } else {
+ usage($progname, "Too many arguments");
+ }
+}
+
+if (!defined $action || $action eq "help") {
+ usage($progname, undef);
+}
+if (!defined $operations{$action}) {
+ usage($progname, "Invalid action: $action");
+}
+
+if (!defined $filename) {
+ $filename = $default_pureperlfilterconf;
+}
+
+my $config = undef;
+open CONF,$filename || die "Couldn't read $filename: $!\n";
+while(<CONF>) {
+ $config .= $_;
+}
+close CONF;
+
+my @result = $operations{$action}($config, %options);
+
+if ($action ne "test" && $result[0]) {
+ open CONF,">$filename" || die "Couldn't write $filename: $!\n";
+ print CONF $result[1];
+ close CONF;
+
+ if (!defined $options{"no-reload"}) {
+ system("/usr/sbin/invoke-rc.d courier-mta restart");
+ }
+} else {
+ print STDERR $result[1],"\n";
+}
+
+exit 0 if $result[0];
+exit 1;
============================================================
--- debian/README.Debian ccf9f89d3520e0238cf0eb937da5b6fdc17ecfd1
+++ debian/README.Debian 9f1dba93d4cc5c6d8f48e70391c7cb0d29b05d4d
@@ -1,22 +1,27 @@
Setting up greylistd on a Debian system
---------------------------------------
- Your Mail Transport Agent (MTA) needs to access to the greylistd
communication socket, /var/run/greylistd/socket. This means that the
- account that owns your MTA process needs to be a member of the "greylist"
+ account that owns your MTA process needs to be a member of the "daemon"
group.
- If Exim 4 was installed when you last installed/upgraded greylistd, this
- should have been confiured already. If not, you can run the following
- command as the "root" user:
- # adduser Debian-exim greylist
+ If Exim 4 or courier-filter-perl was installed when you last
+ installed/upgraded greylistd, this should have been configured already.
+ If not, you can run the following command as the "root" user:
- If you built Exim 4 from sources, or if you use a different MTA, add
- the appropriate username to this group the same way.
+ For Exim 4:
+ # adduser Debian-exim daemon
+ Nothing is needed for courier
+
+ If you built Exim 4 or courier-filter-perl from sources, or if you use
+ a different MTA, add the appropriate username to this group the same way.
+
- Then, your MTA needs to be configured to talk to greylistd during n
- incoming SMTP transactions. If you are using Exim 4 (with the
- configuration supplied in Debian's "exim4-config" package), you can
- add this support by simply running:
+ incoming SMTP transactions.
+
+ If you are using Exim 4 (with the configuration supplied in Debian's
+ "exim4-config" package), you can add this support by simply running:
# greylistd-setup-exim4 add
Alternatively, you can run:
@@ -36,6 +41,12 @@
* One in the "acl_check_data" ACL, for bounces (mail with no envelope
sender).
+ If you are using courier-filter-perl, you need to edit
+ /etc/courier/filters/pureperlfilter.conf so the modules array
+ includes the following line:
+
+ Courier::Filter::Module::Greylist->new(),
+
- If your ACL configration is different from that supplied with Debian
(i.e. if you use different ACL names and/or file locations), you can
run the command:
============================================================
--- debian/changelog 94317e037f125350774d100abbd1f669e0f9bcbd
+++ debian/changelog 61bd2a67b8f0cea8714dc2b815794e14d6a5dce9
@@ -1,3 +1,17 @@
+greylistd (0.8.3-2) unstable; urgency=low
+
+ * Added a script greylistd-setup-courierfilter to help the admin.
+
+ -- Richard Levitte <[EMAIL PROTECTED]> Thu, 24 Mar 2006 03:38:32 +0100
+
+greylistd (0.8.3-1) unstable; urgency=low
+
+ * Added files needed to adapt greylistd to courier-filter-perl.
+ Note that for this to work properly, I've changed greylistd to
+ be in the daemon group instead of its own.
+
+ -- Richard Levitte <[EMAIL PROTECTED]> Thu, 23 Mar 2006 11:01:34 +0100
+
greylistd (0.8.3) unstable; urgency=low
* Changed value of "false" from -1 to 1 in 'config' DebConf module.
============================================================
--- debian/config 79136866c2ca0e4c6c8561d1c26d656be839a4d6
+++ debian/config fb3caf11055fcc59fb9e165a9aec527bbdb26197
@@ -16,7 +16,14 @@
test -x /usr/sbin/exim4 -a -d /etc/exim4
}
+running_courier_filter_perl()
+{
+ test -x /usr/lib/pureperlfilter \
+ -a -d /usr/share/courier-filter-perl/perl5/Courier/Filter/Module \
+ -a -f /etc/courier/filters/pureperlfilter.conf
+}
+
ismember()
{
user=$1
@@ -34,7 +41,7 @@
config_restartexim()
{
- if running_exim4 && ! ismember Debian-exim greylist
+ if running_exim4 && ! ismember Debian-exim daemon
then
db_input low "$owner/restartexim" && db_go
fi
@@ -42,11 +49,24 @@
return 0
}
+config_restartcourierfilter()
+{
+ if running_courier_filter_perl && ! ismember greylist daemon
+ then
+ db_input low "$owner/restartcourierfilter" && db_go
+ fi
+
+ return 0
+}
+
config_autoconfig_notdone()
{
if running_exim4
then
question="$owner/autoconfig_notdone_exim4"
+ elif running_courier_filter_perl
+ then
+ question="$owner/autoconfig_notdone_courierfilter"
else
question="$owner/autoconfig_notdone"
fi
@@ -57,6 +77,7 @@
config_restartexim
+#config_restartcourierfilter
config_autoconfig_notdone
#DEBHELPER#
============================================================
--- debian/control 0a6d46857bebe49811917d25cfa592a4acffa8da
+++ debian/control d3744fbfc25db0e8babbdf3f2fbbbd84b1bc5767
@@ -7,11 +7,12 @@
Package: greylistd
Architecture: all
-Depends: python (>= 2.3), ${misc:Depends}
-Recommends: exim4
-Description: Greylisting daemon for use with Exim 4
+Depends: python (>= 2.3), perl (>= 5.8), ${misc:Depends}
+Recommends: exim4 | courier-filter-perl
+Description: Greylisting daemon for use with Exim 4 or courier-filter-perl
This daemon provides a simple greylisting implementation for use with
- the Exim Mail Transport Agent (MTA), version 4.
+ the Exim Mail Transport Agent (MTA), version 4, or courier with
+ courier-filter-perl.
.
Greylisting is a simple but highly effective means to weed out messages that
are being delivered via spamware/ratware tools. The idea is to establish
@@ -32,6 +33,7 @@
accept or defer the incoming message depending on its response.
.
This package contains a script to configure support for greylisting in
+ Exim 4 and instructions on how to do the same with courier-filter-perl.
+ It may be possible to use greylistd with other MTAs as well, though some
+ work will probably be involved. Postfix users may want to check out the
+ "postgrey" package instead of this one.
- Exim 4. It may be possible to use greylistd with other MTAs as well, though
- some work will probably be involved. Postfix users may want to check out
- the "postgrey" package instead of this one.
============================================================
--- debian/install 0abbd01d375d1bd38fa78a77e07d531717c3538e
+++ debian/install ba1264e8efe0f1964ae49dc860224091ad7c330d
@@ -1,5 +1,7 @@
-program/greylistd-setup-exim4 usr/sbin
-program/greylistd usr/sbin
-program/greylist usr/bin
-config/config etc/greylistd
-config/whitelist-hosts var/lib/greylistd
+program/greylistd-setup-exim4 usr/sbin
+program/greylistd-setup-courierfilter usr/sbin
+program/greylistd usr/sbin
+program/greylist usr/bin
+program/Greylist.pm usr/share/courier-filter-perl/perl5/Courier/Filter/Module
+config/config etc/greylistd
+config/whitelist-hosts var/lib/greylistd
============================================================
--- debian/postinst 27b15c235e7c16a0f117ceb46982a6704b6271c3
+++ debian/postinst e4a9be022f6d00af2e158f310495a5d986dc184a
@@ -25,8 +25,15 @@
test -x /usr/sbin/exim4 -a -d /etc/exim4
}
+running_courier_filter_perl()
+{
+ test -x /usr/lib/pureperlfilter \
+ -a -d /usr/share/courier-filter-perl/perl5/Courier/Filter/Module \
+ -a -f /etc/courier/filters/pureperlfilter.conf
+}
+
copyfile ()
{
if [ -f "$1" -a '!' -f "$2" ]
@@ -88,7 +95,7 @@
oldversion=$1
username=greylist
- groupname=greylist
+ groupname=daemon
datadir=/var/lib/greylistd
rundir=/var/run/greylistd
docdir=/usr/share/doc/greylistd
@@ -101,7 +108,7 @@
### If the user does not already exist, create it.
id -u "$username" >/dev/null 2>&1 ||
- adduser --system --group --disabled-password \
+ adduser --system --ingroup "$groupname" --disabled-password \
--home "$datadir" --no-create-home "$username"
@@ -112,6 +119,12 @@
db_get "$owner/restartexim"
$RET && invoke-rc.d exim4 restart
+ ### If we are using courier-filter-perl, and the daemon user is not
+ ### in the group, add it and then restart Exim.
+ elif running_courier_filter_perl
+ then
+ courierfilter stop && courierfilter start
+
### Otherwise, if we are updating from 0.7 or prior versions, we add
### the greylist user from the "ugid" DebConf setting
elif dpkg --compare-versions "$oldversion" le "0.7" && db_get "$owner/ugid"
============================================================
--- debian/templates f8317a4490fb460bfb7542322472ff888eb2279a
+++ debian/templates d7d82aea11bc1adc629608cc8c1aba7d9db03b49
@@ -8,6 +8,17 @@
Exim daemon process can talk to greylistd. However, for this change to
take effect, the process must also be restarted.
+Template: greylistd/restartcourierfilter
+Type: boolean
+Default: true
+_Description: Restart courierfilter after adding daemon to the greylist group?
+ You are using courier as your Mail Transport Agent (MTA) with
+ courier-filter-perl for filtering. Great!
+ .
+ The "daemon" user will be added to the "greylist" group, so that the
+ courierfilter daemon process can talk to greylistd. However, for this
+ change to take effect, the process must also be restarted.
+
Template: greylistd/autoconfig_notdone_exim4
Type: note
_Description: Exim 4 needs additional configuration
@@ -35,6 +46,36 @@
If you prefer to configure Exim 4 for greylistd by hand, please see
/usr/share/doc/greylistd/README.Debian.
+Template: greylistd/autoconfig_notdone_courierfilter
+Type: note
+_Description: courier-filter-perl needs additional configuration
+ For greylisting to become effective, your Mail Transport Agent (MTA) needs
+ to talk to greylistd while receiving incoming mail; and depending on the
+ response, issue a temporary rejection (451 SMTP code) to the remote host.
+ .
+ Since you are using courier as your MTA with courier-filter-perl, a
+ script is available for you to perform this task. At a root prompt,
+ type:
+ # greylistd-setup-courierfilter add
+ If you overwrite your courier-filter-perl configuration files in the
+ future (for instance, when upgrading courier-filter-perl), you may
+ need to re-run this command.
+ .
+ Later, before you uninstall "greylistd", you want to run:
+ # greylistd-setup-courierfilter remove
+ .
+ For more options and help on usage, run the command without any arguments,
+ or see the "greylistd-setup-courierfilter(8)" manual page. One suggested
+ option for the "add" command is "-netmask=24".
+ .
+ The reason this operation is not performed automatically is that
+ courier-filter-perl's configuration files are tagged as "conffiles", so
+ per Debian Policy they are completely under your control. Only you can
+ change them.
+ .
+ If you prefer to configure courier-filter-perl for greylistd by hand,
+ please see /usr/share/doc/greylistd/README.Debian.
+
Template: greylistd/autoconfig_notdone
Type: note
_Description: Your MTA needs additional configuration
