Re: [spamdyke-users] FreeBSD 12.1 problems compiling with TLS

2020-10-23 Thread Pablo Murillo (rednet) via spamdyke-users 

Hi Sam

I sent another mail to the list with a patch for configure and tcl.c 
(tcl.c patch taked from Amitai) to use with OpenSSL 1.1.1


SSL_library_init was replaced with OPENSSL_init_ssl

This is one of the problems
The other is the path where (at least in my servers) is ssl.h

Probably the patch my could be made better, but I was only trying to 
make it work


Pablo Murillo

On 10/23/2020 11:22 PM, Sam Clippinger via spamdyke-users wrote:
The configure script is trying to find the library that contains 
SSL_library_init() so it'll know what flags to use with gcc.  It tries 
libssl and libcrypto, but obviously that isn't working on your new OS. 
 The source code for the test program is in the config.log file along 
with the gcc commands it tested.  If you could figure out the correct 
command to compile, we should be able to update the configure script 
to use it.  It might just be a case of libcrypto.so being in an 
unexpected folder; it's possible just adding the -L flag or setting 
LIBRARY_PATH might fix it.


-- Sam Clippinger




On Oct 22, 2020, at 3:10 PM, Pablo Murillo (rednet) via 
spamdyke-users > wrote:


Hi

I'm upgrading few server from FreeBSD 11.4 to 12.1 and I found that 
the port fot SpamDyke is broken, so I compile "manually" and I found 
a problem with OpenSSL

Spamdyke is not finding openssl, and openssl is installed

./configure --enable-tls --without-debug-output
checking for gcc... gcc
checking whether the C compiler works... yes
...
checking if openssl/ssl.h will include without additional include 
directories... yes

checking for library containing RSA_sign... -lcrypto
checking for library containing SSL_library_init... no
configure: error: in `/root/spamdyke-5.0.1/spamdyke':
configure: error: --enable-tls was given but OpenSSL was not found

I'm sending the config.log attached

Pablo Murillo
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org 
https://spamdyke.org/mailman/listinfo/spamdyke-users



___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] How to hide RBL name in responses

2020-10-23 Thread Sam Clippinger via spamdyke-users 
Unfortunately there's no option to hide the RBL name, but you could update the 
code to hide it.  The log message is generated by filter.c on line 1692.  If 
you change the 7th parameter to set_rejection() from this:
(tmp_buf[0] != '\0') ? tmp_buf : name_array[rbl_index]
to:
NULL
That should do it.

-- Sam Clippinger




> On Oct 12, 2020, at 3:57 AM, Alessio Cecchi via spamdyke-users 
>  wrote:
> 
> Hi,
> 
> since many commercial DNSBL are providing access to their RBL with a "key" 
> (es. 1234abcd.zen.dq.spamhaus.net.) we need to hide the RBL name in the 
> response in order to not divulgate our secret key.
> 
> Can we customize the text response for IP in RBL with spamdyke and omitting 
> the specific RBL name?
> 
> I tried with "rejection-text-dns-blacklist" but the RBL is always shown.
> 
> Thanks
> -- 
> Alessio Cecchi
> https://www.linkedin.com/in/alessice 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> https://spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] FreeBSD 12.1 problems compiling with TLS

2020-10-23 Thread Sam Clippinger via spamdyke-users 
The configure script is trying to find the library that contains 
SSL_library_init() so it'll know what flags to use with gcc.  It tries libssl 
and libcrypto, but obviously that isn't working on your new OS.  The source 
code for the test program is in the config.log file along with the gcc commands 
it tested.  If you could figure out the correct command to compile, we should 
be able to update the configure script to use it.  It might just be a case of 
libcrypto.so being in an unexpected folder; it's possible just adding the -L 
flag or setting LIBRARY_PATH might fix it.

-- Sam Clippinger




> On Oct 22, 2020, at 3:10 PM, Pablo Murillo (rednet) via spamdyke-users 
>  wrote:
> 
> Hi
> 
> I'm upgrading few server from FreeBSD 11.4 to 12.1 and I found that the port 
> fot SpamDyke is broken, so I compile "manually" and I found a problem with 
> OpenSSL
> Spamdyke is not finding openssl, and openssl is installed
> 
> ./configure --enable-tls --without-debug-output
> checking for gcc... gcc
> checking whether the C compiler works... yes
> ...
> checking if openssl/ssl.h will include without additional include 
> directories... yes
> checking for library containing RSA_sign... -lcrypto
> checking for library containing SSL_library_init... no
> configure: error: in `/root/spamdyke-5.0.1/spamdyke':
> configure: error: --enable-tls was given but OpenSSL was not found
> 
> I'm sending the config.log attached
> 
> Pablo Murillo
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> https://spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] FreeBSD 12.1 problems compiling with TLS

2020-10-23 Thread Pablo Murillo (rednet) via spamdyke-users 

Thanks, but not, I use FreeBSD, not netBSD
I prefer to work with sources
I downloaded the tar.gz from spamdyke and compile in the old fashion way
I like to see what I'm doing :D


On 10/23/2020 5:58 PM, Amitai Schleier via spamdyke-users wrote:
On 23 Oct 2020, at 21:50, Pablo Murillo (rednet) via spamdyke-users 
wrote:



The same size, obviusly, something is wrong
I added yours patches on the email
Don't work for me


Sorry, I've given all the free advice I can afford. If you don't want 
to try using pkgsrc as I've already suggested, maybe you can get 
FreeBSD's port maintainer for spamdyke to merge pkgsrc's patches and 
get the port working again.


Alternatively, if it's urgent for you to deploy a TLS-enabled spamdyke 
to 50 FreeBSD 12.x machines with OpenSSL 1.1.x, I'd happy to set you 
up with an easy, repeatable build at my consulting rate.


- Amitai
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users


___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] FreeBSD 12.1 problems compiling with TLS

2020-10-23 Thread Amitai Schleier via spamdyke-users 
On 23 Oct 2020, at 21:50, Pablo Murillo (rednet) via spamdyke-users 
wrote:



The same size, obviusly, something is wrong
I added yours patches on the email
Don't work for me


Sorry, I've given all the free advice I can afford. If you don't want to 
try using pkgsrc as I've already suggested, maybe you can get FreeBSD's 
port maintainer for spamdyke to merge pkgsrc's patches and get the port 
working again.


Alternatively, if it's urgent for you to deploy a TLS-enabled spamdyke 
to 50 FreeBSD 12.x machines with OpenSSL 1.1.x, I'd happy to set you up 
with an easy, repeatable build at my consulting rate.


- Amitai
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] FreeBSD 12.1 problems compiling with TLS

2020-10-23 Thread Pablo Murillo (rednet) via spamdyke-users 

I applied your patches

patch < patch.configure
patch < patch.tls

on source from https://www.spamdyke.org/releases/spamdyke-5.0.1.tgz, and 
compile with:


./configure --enable-tls --without-debug-output
make

Result:
-rwxr-xr-x  1 root  wheel  306960 Oct 23 15:38 spamdyke-tls

./configure --disable-tls --without-debug-output
make

Result:
-rwxr-xr-x 1 root  wheel  306960 Oct 23 16:44 spamdyke

The same size, obviusly, something is wrong
I added yours patches on the email
Don't work for me

On 10/23/2020 2:35 PM, Amitai Schleier via spamdyke-users wrote:
On 23 Oct 2020, at 16:20, Pablo Murillo (rednet) via spamdyke-users 
wrote:


I applied your patches on the source files, compile with TLS support, 
and the program was compiled, yes, but, without TLS support
I checked the patches before compile and I saw that the only thing 
you did (about TLS) was to remove all the lines where TLS is added


Sorry, this is not correct. The patches to configure (and 
configure.ac) are to "Remove outdated OpenSSL check to build with 
OpenSSL 1.1.x." They remove a check that fails with OpenSSL 1.1.x, so 
that --enable-tls can work. The check should probably be updated, not 
removed, but since pkgsrc always explicitly passes --disable-tls or 
--enable-tls (after arranging for OpenSSL libs and headers to be 
absent or present), I didn't want to invest any more effort here.


The patch to tls.c is to "Support OpenSSL 1.1.x.". It's a very small 
patch. What was called "SSL_library_init()" in older OpenSSL is now 
pronounced "OPENSSL_init_ssl(0, NULL)". All the other OpenSSL API 
calls continue to build as is.


This is not a patch to compile whit tls, the result is the same 
compiling without tls support


Here's what I get:

$ uname -v
FreeBSD 12.1-RELEASE-p10 GENERIC

$ cd ~/trees/pkgsrc-current/mail/spamdyke

$ make show-options
Any of the following general options may be selected:
    tls  Enable TLS support.

These options are enabled by default:

These options are currently enabled:
    tls

You can select which build options to use by setting PKG_DEFAULT_OPTIONS
or PKG_OPTIONS.spamdyke.

$ make install clean
[...]

$ ldd /opt/pkg/bin/spamdyke
/opt/pkg/bin/spamdyke:
    libcrypto.so.111 => /lib/libcrypto.so.111 (0x800297000)
    libc.so.7 => /lib/libc.so.7 (0x800586000)
    libthr.so.3 => /lib/libthr.so.3 (0x80097f000)

If you can't reproduce this result without pkgsrc, but you need to be 
able to build spamdyke with OpenSSL on FreeBSD, I suggest you try pkgsrc.


- Amitai

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users

--- configure.orig  2015-04-30 00:53:36.0 +
+++ configure
@@ -1,13 +1,11 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for spamdyke 5.0.1.
+# Generated by GNU Autoconf 2.69 for spamdyke 5.0.1.
 #
 # Report bugs to .
 #
 #
-# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
-# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
-# Foundation, Inc.
+# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
 #
 #
 # This configure script is free software; the Free Software Foundation
@@ -136,6 +134,31 @@ export LANGUAGE
 # CDPATH.
 (unset CDPATH) >/dev/null 2>&1 && unset CDPATH
 
+# Use a proper internal environment variable to ensure we don't fall
+  # into an infinite loop, continuously re-executing ourselves.
+  if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
+_as_can_reexec=no; export _as_can_reexec;
+# We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # 
+  *v*x* | *x*v* ) as_opts=-vx ;;
+  *v* ) as_opts=-v ;;
+  *x* ) as_opts=-x ;;
+  * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+as_fn_exit 255
+  fi
+  # We don't want this to propagate to other subprocesses.
+  { _as_can_reexec=; unset _as_can_reexec;}
 if test "x$CONFIG_SHELL" = x; then
   as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) 
>/dev/null 2>&1; then :
   emulate sh
@@ -169,7 +192,8 @@ if ( set x; as_fn_ret_success y && test 
 else
   exitcode=1; echo positional parameters were not saved.
 fi
-test x\$exitcode = x0 || exit 1"
+test x\$exitcode = x0 || exit 1
+test -x / || exit 1"
   as_suggested="  
as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" 
as_lineno_1a=\$LINENO

Re: [spamdyke-users] FreeBSD 12.1 problems compiling with TLS

2020-10-23 Thread Amitai Schleier via spamdyke-users 
On 23 Oct 2020, at 16:20, Pablo Murillo (rednet) via spamdyke-users 
wrote:


I applied your patches on the source files, compile with TLS support, 
and the program was compiled, yes, but, without TLS support
I checked the patches before compile and I saw that the only thing you 
did (about TLS) was to remove all the lines where TLS is added


Sorry, this is not correct. The patches to configure (and configure.ac) 
are to "Remove outdated OpenSSL check to build with OpenSSL 1.1.x." They 
remove a check that fails with OpenSSL 1.1.x, so that --enable-tls can 
work. The check should probably be updated, not removed, but since 
pkgsrc always explicitly passes --disable-tls or --enable-tls (after 
arranging for OpenSSL libs and headers to be absent or present), I 
didn't want to invest any more effort here.


The patch to tls.c is to "Support OpenSSL 1.1.x.". It's a very small 
patch. What was called "SSL_library_init()" in older OpenSSL is now 
pronounced "OPENSSL_init_ssl(0, NULL)". All the other OpenSSL API calls 
continue to build as is.


This is not a patch to compile whit tls, the result is the same 
compiling without tls support


Here's what I get:

$ uname -v
FreeBSD 12.1-RELEASE-p10 GENERIC

$ cd ~/trees/pkgsrc-current/mail/spamdyke

$ make show-options
Any of the following general options may be selected:
tls  Enable TLS support.

These options are enabled by default:

These options are currently enabled:
tls

You can select which build options to use by setting PKG_DEFAULT_OPTIONS
or PKG_OPTIONS.spamdyke.

$ make install clean
[...]

$ ldd /opt/pkg/bin/spamdyke
/opt/pkg/bin/spamdyke:
libcrypto.so.111 => /lib/libcrypto.so.111 (0x800297000)
libc.so.7 => /lib/libc.so.7 (0x800586000)
libthr.so.3 => /lib/libthr.so.3 (0x80097f000)

If you can't reproduce this result without pkgsrc, but you need to be 
able to build spamdyke with OpenSSL on FreeBSD, I suggest you try 
pkgsrc.


- Amitai

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] FreeBSD 12.1 problems compiling with TLS

2020-10-23 Thread Pablo Murillo (rednet) via spamdyke-users 

Hi Amitai

I applied your patches on the source files, compile with TLS support, 
and the program was compiled, yes, but, without TLS support
I checked the patches before compile and I saw that the only thing you 
did (about TLS) was to remove all the lines where TLS is added
This is not a patch to compile whit tls, the result is the same 
compiling without tls support


Thanks, but, the idea is to compile with TLS


On 10/23/2020 9:42 AM, Amitai Schleier via spamdyke-users wrote:
On 22 Oct 2020, at 22:10, Pablo Murillo (rednet) via spamdyke-users 
wrote:


I'm upgrading few server from FreeBSD 11.4 to 12.1 and I found that 
the port fot SpamDyke is broken, so I compile "manually" and I found 
a problem with OpenSSL

Spamdyke is not finding openssl, and openssl is installed


FWIW, spamdyke builds just fine for me on FreeBSD 12.1 using pkgsrc 
with PKG_OPTIONS "tls". You can probably get the same result by 
borrowing these patches:


https://github.com/NetBSD/pkgsrc/blob/trunk/mail/spamdyke/patches/patch-configure 
(and the corresponding 
https://github.com/NetBSD/pkgsrc/blob/trunk/mail/spamdyke/patches/patch-configure.ac 
for good measure)


https://github.com/NetBSD/pkgsrc/blob/trunk/mail/spamdyke/patches/patch-tls.c 



And if you want to build with clang,

https://github.com/NetBSD/pkgsrc/blob/trunk/mail/spamdyke/patches/patch-configuration.c 



https://github.com/NetBSD/pkgsrc/blob/trunk/mail/spamdyke/patches/patch-spamdyke.h 



I've not used spamdyke for quite some time (ever since I wrote 
https://schmonz.com/qmail/rejectutils and 
https://schmonz.com/qmail/acceptutils) but I try to keep it building 
on all platforms supported by pkgsrc.


- Amitai
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users


___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] FreeBSD 12.1 problems compiling with TLS

2020-10-23 Thread Amitai Schleier via spamdyke-users 
On 22 Oct 2020, at 22:10, Pablo Murillo (rednet) via spamdyke-users 
wrote:


I'm upgrading few server from FreeBSD 11.4 to 12.1 and I found that 
the port fot SpamDyke is broken, so I compile "manually" and I found a 
problem with OpenSSL

Spamdyke is not finding openssl, and openssl is installed


FWIW, spamdyke builds just fine for me on FreeBSD 12.1 using pkgsrc with 
PKG_OPTIONS "tls". You can probably get the same result by borrowing 
these patches:


https://github.com/NetBSD/pkgsrc/blob/trunk/mail/spamdyke/patches/patch-configure 
(and the corresponding 
https://github.com/NetBSD/pkgsrc/blob/trunk/mail/spamdyke/patches/patch-configure.ac 
for good measure)


https://github.com/NetBSD/pkgsrc/blob/trunk/mail/spamdyke/patches/patch-tls.c

And if you want to build with clang,

https://github.com/NetBSD/pkgsrc/blob/trunk/mail/spamdyke/patches/patch-configuration.c

https://github.com/NetBSD/pkgsrc/blob/trunk/mail/spamdyke/patches/patch-spamdyke.h

I've not used spamdyke for quite some time (ever since I wrote 
https://schmonz.com/qmail/rejectutils and 
https://schmonz.com/qmail/acceptutils) but I try to keep it building on 
all platforms supported by pkgsrc.


- Amitai
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users