rpms/spamass-milter/EL-5 spamass-milter-0.3.1-authuser.patch, NONE, 1.1 spamass-milter-0.3.1-bits.patch, NONE, 1.1
Paul Howarth
pghmcfc at fedoraproject.org
Mon Mar 22 16:16:07 UTC 2010
- Previous message: rpms/spamass-milter/EL-4 spamass-milter-0.3.1-authuser.patch, NONE, 1.1 spamass-milter-0.3.1-bits.patch, NONE, 1.1
- Next message: rpms/amarok/F-11 a62fed8c667a076daa21fdf8360708813f1bf9e0.patch, NONE, 1.1 amarok.spec, 1.163, 1.164 amarok-2.2.2-kde#220532.patch, 1.1, NONE amarok-2.2.2-no_var_tracking.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: pghmcfc
Update of /cvs/pkgs/rpms/spamass-milter/EL-5
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv23572/EL-5
Added Files:
spamass-milter-0.3.1-authuser.patch
spamass-milter-0.3.1-bits.patch
Log Message:
Forgot to cvs add the patches in the EPEL branches
spamass-milter-0.3.1-authuser.patch:
spamass-milter.1.in | 3 +++
spamass-milter.cpp | 26 ++++++++++++++++++++++++--
2 files changed, 27 insertions(+), 2 deletions(-)
--- NEW FILE spamass-milter-0.3.1-authuser.patch ---
--- spamass-milter-0.3.1/spamass-milter.cpp.authuser 2010-03-18 15:38:38.414240811 +0000
+++ spamass-milter-0.3.1/spamass-milter.cpp 2010-03-18 15:39:27.751241308 +0000
@@ -172,6 +172,7 @@
bool flag_full_email = false; /* pass full email address to spamc */
bool flag_expand = false; /* alias/virtusertable expansion */
bool warnedmacro = false; /* have we logged that we couldn't fetch a macro? */
+bool ignore_authenticated_senders = false; /* authenticated users bypass spam checks */
// {{{ main()
@@ -179,7 +180,7 @@
main(int argc, char* argv[])
{
int c, err = 0;
- const char *args = "fd:mMp:P:r:u:D:i:b:B:e:xg:";
+ const char *args = "fd:mMp:P:r:u:D:i:Ib:B:e:xg:";
char *sock = NULL;
char *group = NULL;
bool dofork = false;
@@ -212,6 +213,10 @@
debug(D_MISC, "Parsing ignore list");
parse_networklist(optarg, &ignorenets);
break;
+ case 'I':
+ debug(D_MISC, "Ignore authenticated senders");
+ ignore_authenticated_senders = true;
+ break;
case 'm':
dontmodifyspam = true;
smfilter.xxfi_flags &= ~SMFIF_CHGBODY;
@@ -282,7 +287,7 @@
cout << PACKAGE_NAME << " - Version " << PACKAGE_VERSION << endl;
cout << "SpamAssassin Sendmail Milter Plugin" << endl;
cout << "Usage: spamass-milter -p socket [-b|-B bucket] [-d xx[,yy...]] [-D host]" << endl;
- cout << " [-e defaultdomain] [-f] [-i networks] [-m] [-M]" << endl;
+ cout << " [-e defaultdomain] [-f] [-i networks] [-I] [-m] [-M]" << endl;
cout << " [-P pidfile] [-r nn] [-u defaultuser] [-x]" << endl;
cout << " [-- spamc args ]" << endl;
cout << " -p socket: path to create socket" << endl;
@@ -297,6 +302,7 @@
cout << " -f: fork into background" << endl;
cout << " -i: skip (ignore) checks from these IPs or netblocks" << endl;
cout << " example: -i 192.168.12.5,10.0.0.0/8,172.16.0.0/255.255.0.0" << endl;
+ cout << " -I: skip (ignore) checks if sender is authenticated" << endl;
cout << " -m: don't modify body, Content-type: or Subject:" << endl;
cout << " -M: don't modify the message at all" << endl;
cout << " -P pidfile: Put processid in pidfile" << endl;
@@ -773,6 +779,22 @@
}
/* debug(D_ALWAYS, "ZZZ got private context %p", sctx); */
+ if (ignore_authenticated_senders)
+ {
+ char *auth_authen;
+
+ auth_authen = smfi_getsymval(ctx, "{auth_authen}");
+ debug(D_MISC, "auth_authen=%s", auth_authen ?: "<unauthenticated>");
+
+ if (auth_authen)
+ {
+ debug(D_MISC, "sender authenticated (%s) - accepting message",
+ auth_authen);
+ debug(D_FUNC, "mlfi_envfrom: exit ignore");
+ return SMFIS_ACCEPT;
+ }
+ }
+
debug(D_FUNC, "mlfi_envfrom: enter");
try {
// launch new SpamAssassin
--- spamass-milter-0.3.1/spamass-milter.1.in.authuser 2010-03-18 15:38:38.407240309 +0000
+++ spamass-milter-0.3.1/spamass-milter.1.in 2010-03-18 15:38:38.417240342 +0000
@@ -15,6 +15,7 @@
.Op Fl f
.Op Fl g Ar group
.Op Fl i Ar networks
+.Op Fl I
.Op Fl m
.Op Fl M
.Op Fl P Ar pidfile
@@ -126,6 +127,8 @@
flags will append to the list.
For example, if you list all your internal networks, no outgoing emails
will be filtered.
+.It Fl I
+Ignores messages if the sender has authenticated via SMTP AUTH.
.It Fl m
Disables modification of the
.Ql Subject:
spamass-milter-0.3.1-bits.patch:
README | 20 ++++++-
spamass-milter.cpp | 134 ++++++++++++++++++++++++++++++++++++++---------------
spamass-milter.h | 8 +--
3 files changed, 119 insertions(+), 43 deletions(-)
--- NEW FILE spamass-milter-0.3.1-bits.patch ---
diff -up spamass-milter-0.3.1/README.bits spamass-milter-0.3.1/README
--- spamass-milter-0.3.1/README.bits 2010-03-22 14:50:10.404092602 +0000
+++ spamass-milter-0.3.1/README 2010-03-22 14:51:26.198958883 +0000
@@ -54,15 +54,27 @@ Now you need to make sendmail use the pl
configuring sendmail through m4 & the sendmail.mc files. In this case
adding the lines
-INPUT_MAIL_FILTER(`spamassassin', `S=unix:%{_localstatedir}/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
-define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl
-define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl
-
+INPUT_MAIL_FILTER(`spamassassin', `S=unix:%{_localstatedir}/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
+define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`, b, r, v, Z')dnl
+
should do the trick. Of course you need to modify the path of the
socket if you put another one into the startup script. The timeouts
have been increased somewhat because SpamAssassin may chew on it for a
little while on a slow machine.
+If you are using multiple milter mail filters on your mail server, you may
+have overridden the default values of some of the confMILTER_MACROS_*
+macros whilst configuring the other filters. You need to ensure that at
+least the following values are present:
+
+confMILTER_MACROS_CONNECT must include the {j} and {_} macros
+(all included by default)
+
+confMILTER_MACROS_ENVFROM must include the {i}, {auth_authen} and {auth_ssf}
+macros (all included by default)
+
+confMILTER_MACROS_ENVRCPT must include the {b}, {r}, {v}, and {Z} macros
+
Now recreate sendmail.cf, restart sendmail and experiment around a bit
with the setup to make sure it is working.
diff -up spamass-milter-0.3.1/spamass-milter.cpp.bits spamass-milter-0.3.1/spamass-milter.cpp
--- spamass-milter-0.3.1/spamass-milter.cpp.bits 2010-03-22 14:50:10.433025554 +0000
+++ spamass-milter-0.3.1/spamass-milter.cpp 2010-03-22 14:53:16.528833350 +0000
@@ -736,6 +736,7 @@ sfsistat
mlfi_connect(SMFICTX * ctx, char *hostname, _SOCK_ADDR * hostaddr)
{
struct context *sctx;
+ const char *macro_j, *macro__;
int rv;
debug(D_FUNC, "mlfi_connect: enter");
@@ -753,8 +754,31 @@ mlfi_connect(SMFICTX * ctx, char *hostna
}
sctx->assassin = NULL;
sctx->helo = NULL;
-
- /* store a pointer to it with setpriv */
+ sctx->our_fqdn = NULL;
+ sctx->sender_address = NULL;
+ sctx->queueid = NULL;
+ sctx->auth_authen = NULL;
+ sctx->auth_ssf = NULL;
+
+ /* store our FQDN */
+ macro_j = smfi_getsymval(ctx, "j");
+ if (!macro_j)
+ {
+ macro_j = "localhost";
+ warnmacro("j", "CONNECT");
+ }
+ sctx->our_fqdn = strdup(macro_j);
+
+ /* store the validated sending site's address */
+ macro__ = smfi_getsymval(ctx, "_");
+ if (!macro__)
+ {
+ macro__ = "unknown";
+ warnmacro("_", "CONNECT");
+ }
+ sctx->sender_address = strdup(macro__);
+
+ /* store a pointer to our private data with setpriv */
rv = smfi_setpriv(ctx, sctx);
if (rv != MI_SUCCESS)
{
@@ -803,7 +827,7 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
{
SpamAssassin* assassin;
struct context *sctx = (struct context *)smfi_getpriv(ctx);
- char *queueid;
+ const char *queueid, *macro_auth_ssf, *macro_auth_authen;
if (sctx == NULL)
{
@@ -829,17 +853,44 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
// remember the MAIL FROM address
assassin->set_from(string(envfrom[0]));
-
+
+ // remember the queueid for this message
queueid=smfi_getsymval(ctx,"i");
if (!queueid)
{
queueid="unknown";
warnmacro("i", "ENVFROM");
}
- assassin->queueid = queueid;
-
+ sctx->queueid = strdup(queueid);
debug(D_MISC, "queueid=%s", queueid);
+ // remember the SMTP AUTH login name
+ macro_auth_authen = smfi_getsymval(ctx, "{auth_authen}");
+ if (!macro_auth_authen)
+ {
+ macro_auth_authen = "";
+ // Don't issue a warning for the auth_authen macro as
+ // it is likely to be unset much of the time - it's
+ // only set if the client has authenticated.
+ //
+ // Similarly, we only issue warnings for the other
+ // auth-related macros if {auth_authen) is available.
+ //
+ // warnmacro("auth_authen", "ENVFROM");
+ }
+ sctx->auth_authen = strdup(macro_auth_authen);
+
+ // remember the SASL cipher bits
+ macro_auth_ssf = smfi_getsymval(ctx, "{auth_ssf}");
+ if (!macro_auth_ssf)
+ {
+ macro_auth_ssf = "";
+ if (strlen(macro_auth_authen)) {
+ warnmacro("auth_ssf", "ENVFROM");
+ }
+ }
+ sctx->auth_ssf = strdup(macro_auth_ssf);
+
// tell Milter to continue
debug(D_FUNC, "mlfi_envfrom: exit");
@@ -953,7 +1004,8 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
*/
const char *macro_b, *macro_i, *macro_j, *macro_r,
- *macro_s, *macro_v, *macro_Z, *macro__;
+ *macro_s, *macro_v, *macro_Z, *macro__,
+ *macro_auth_ssf, *macro_auth_authen;
char date[32];
/* RFC 822 date. */
@@ -968,20 +1020,13 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
}
/* queue ID */
- macro_i = smfi_getsymval(ctx, "i");
- if (!macro_i)
- {
- macro_i = "unknown";
- warnmacro("i", "ENVRCPT");
- }
+ macro_i = sctx->queueid;
- /* FQDN of this site */
- macro_j = smfi_getsymval(ctx, "j");
- if (!macro_j)
- {
- macro_j = "localhost";
- warnmacro("j", "ENVRCPT");
- }
+ /* FQDN */
+ macro_j = sctx->our_fqdn;
+
+ /* Sender address */
+ macro__ = sctx->sender_address;
/* Protocol used to receive the message */
macro_r = smfi_getsymval(ctx, "r");
@@ -990,7 +1035,11 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
macro_r = "SMTP";
warnmacro("r", "ENVRCPT");
}
-
+
+ /* SMTP AUTH details */
+ macro_auth_authen = sctx->auth_authen;
+ macro_auth_ssf = sctx->auth_ssf;
+
/* Sendmail currently cannot pass us the {s} macro, but
I do not know why. Leave this in for the day sendmail is
fixed. Until that day, use the value remembered by
@@ -1018,22 +1067,24 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
warnmacro("Z", "ENVRCPT");
}
- /* Validated sending site's address */
- macro__ = smfi_getsymval(ctx, "_");
- if (!macro__)
- {
- macro__ = "unknown";
- warnmacro("_", "ENVRCPT");
- }
-
assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n");
assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
- assassin->output((string)
- "Received: from "+macro_s+" ("+macro__+")\r\n\t"+
- "by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+"\r\n\t"+
- macro_b+"\r\n\t"+
- "(envelope-from "+assassin->from()+")\r\n");
+ string rec_header;
+
+ rec_header = (string) "Received: from " + macro_s + " (" + macro__ + ")\r\n\t";
+
+ if (strlen(macro_auth_ssf)) {
+ rec_header += (string) "(authenticated bits=" + macro_auth_ssf + ")\r\n\t";
+ }
+
+ rec_header += (string) "by " + macro_j + " (" + macro_v + "/" + macro_Z + ") with " +
+ macro_r + " id " + macro_i + "\r\n\t" +
+ macro_b + "\r\n\t" +
+ "(envelope-from " + assassin->from() + ")\r\n";
+
+ debug(D_SPAMC, "Received header for spamc: %s", rec_header.c_str());
+ assassin->output(rec_header);
} else
assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
@@ -1279,16 +1330,27 @@ mlfi_close(SMFICTX* ctx)
{
struct context *sctx;
debug(D_FUNC, "mlfi_close");
-
+
sctx = (struct context*)smfi_getpriv(ctx);
if (sctx == NULL)
return SMFIS_ACCEPT;
if (sctx->helo)
free(sctx->helo);
+ if (sctx->our_fqdn)
+ free(sctx->our_fqdn);
+ if (sctx->sender_address)
+ free(sctx->sender_address);
+ if (sctx->queueid)
+ free(sctx->queueid);
+ if (sctx->auth_authen)
+ free(sctx->auth_authen);
+ if (sctx->auth_ssf)
+ free(sctx->auth_ssf);
+
free(sctx);
smfi_setpriv(ctx, NULL);
-
+
return SMFIS_ACCEPT;
}
diff -up spamass-milter-0.3.1/spamass-milter.h.bits spamass-milter-0.3.1/spamass-milter.h
--- spamass-milter-0.3.1/spamass-milter.h.bits 2006-03-23 22:07:55.000000000 +0000
+++ spamass-milter-0.3.1/spamass-milter.h 2010-03-22 14:51:52.766971871 +0000
@@ -154,9 +154,6 @@ public:
// List of recipients after alias/virtusertable expansion
list <string> expandedrcpt;
- // the sendmail queue id for this message; used for logging
- string queueid;
-
// Process handling variables
pid_t pid;
int pipe_io[2][2];
@@ -167,6 +164,11 @@ struct context
{
struct in_addr connect_ip; // remote IP address
char *helo;
+ char *our_fqdn;
+ char *sender_address;
+ char *queueid;
+ char *auth_authen;
+ char *auth_ssf;
SpamAssassin *assassin; // pointer to the SA object if we're processing a message
};
- Previous message: rpms/spamass-milter/EL-4 spamass-milter-0.3.1-authuser.patch, NONE, 1.1 spamass-milter-0.3.1-bits.patch, NONE, 1.1
- Next message: rpms/amarok/F-11 a62fed8c667a076daa21fdf8360708813f1bf9e0.patch, NONE, 1.1 amarok.spec, 1.163, 1.164 amarok-2.2.2-kde#220532.patch, 1.1, NONE amarok-2.2.2-no_var_tracking.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list