reverted: --- amavisd-new-2.5.3/debian/amavisd-new-milter.dirs +++ amavisd-new-2.5.3.orig/debian/amavisd-new-milter.dirs @@ -1 +0,0 @@ -usr/sbin diff -u amavisd-new-2.5.3/debian/README.Debian amavisd-new-2.5.3/debian/README.Debian --- amavisd-new-2.5.3/debian/README.Debian +++ amavisd-new-2.5.3/debian/README.Debian @@ -36,10 +36,7 @@ Sendmail Milter --------------- -Please see README.milter for Debian specific instructions on getting milter -support running with amavisd-new-milter. We recommend you use the -dual-sendmail setup described in README.sendmail-dual, though. DO notice that -there are *two* different sockets when using milter. +The amavisd-new-milter is not provided by this package in Ubuntu. Antivirus and spam-checking reverted: --- amavisd-new-2.5.3/debian/amavisd-new-milter.postrm +++ amavisd-new-2.5.3.orig/debian/amavisd-new-milter.postrm @@ -1,44 +0,0 @@ -#! /bin/sh -# postrm script for amavis-perl -# $Id: amavisd-new-milter.postrm 104 2003-03-28 04:35:57Z hmh $ -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `remove' -# * `purge' -# * `upgrade' -# * `failed-upgrade' -# * `abort-install' -# * `abort-install' -# * `abort-upgrade' -# * `disappear' overwrit>r> -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package - - -case "$1" in - purge) - for i in /usr/sbin/amavis-milter - do - dpkg-statoverride --remove $i || true - done - ;; - - remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) - ;; - - *) - echo "postrm called with unknown argument \`$1'" >&2 - exit 1 - -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 diff -u amavisd-new-2.5.3/debian/patches/71_fqdn-warning.dpatch amavisd-new-2.5.3/debian/patches/71_fqdn-warning.dpatch --- amavisd-new-2.5.3/debian/patches/71_fqdn-warning.dpatch +++ amavisd-new-2.5.3/debian/patches/71_fqdn-warning.dpatch @@ -1,8 +1,8 @@ #! /bin/sh /usr/share/dpatch/dpatch-run -## 71_fqdn-warning.dpatch by +## 71_fqdn-warning.dpatch by ## ## All lines beginning with `## DP:' are a description of the patch. -## DP: No description. +## DP: Point to correct config file for Debian package. @DPATCH@ diff -urNad amavisd-new-2.5.2~/amavisd amavisd-new-2.5.2/amavisd reverted: --- amavisd-new-2.5.3/debian/patches/70_fix_milter_permissions.dpatch +++ amavisd-new-2.5.3.orig/debian/patches/70_fix_milter_permissions.dpatch @@ -1,19 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 70_fix_milter_permissions.dpatch by Alex Prinsier -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: makes the milter tempdir group writeable so that av scanner can access it - -@DPATCH@ -diff -urNad pkg-amavisd-new~/helper-progs/amavis-milter.c pkg-amavisd-new/helper-progs/amavis-milter.c ---- pkg-amavisd-new~/helper-progs/amavis-milter.c 2007-10-07 09:13:35.000000000 +0200 -+++ pkg-amavisd-new/helper-progs/amavis-milter.c 2007-10-07 09:18:29.000000000 +0200 -@@ -210,6 +210,8 @@ - - #ifdef HAVE_MKDTEMP - stt = mkdtemp(s); -+ /* make the tempdir groupwriteable */ -+ chmod(stt,S_IRWXU|S_IRGRP|S_IXGRP); - if (stt == NULL) - amavis_syslog(DBG_FATAL, "(amavis_mkdtemp) mkdtemp %s failed: %s", - s, strerror(errno)); diff -u amavisd-new-2.5.3/debian/patches/55_helper-progs_build_fixes.dpatch amavisd-new-2.5.3/debian/patches/55_helper-progs_build_fixes.dpatch --- amavisd-new-2.5.3/debian/patches/55_helper-progs_build_fixes.dpatch +++ amavisd-new-2.5.3/debian/patches/55_helper-progs_build_fixes.dpatch @@ -8,44 +8,2479 @@ -diff -urNad unstable~/helper-progs/Makefile.in unstable/helper-progs/Makefile.in ---- unstable~/helper-progs/Makefile.in 2006-11-04 00:55:56.000000000 -0300 -+++ unstable/helper-progs/Makefile.in 2006-11-04 00:56:34.710451077 -0300 -@@ -15,8 +15,8 @@ +diff -urNad amavisd-new-2.5.3~/MANIFEST amavisd-new-2.5.3/MANIFEST +--- amavisd-new-2.5.3~/MANIFEST 2008-01-15 04:40:41.000000000 -0500 ++++ amavisd-new-2.5.3/MANIFEST 2008-01-15 22:42:05.000000000 -0500 +@@ -29,7 +29,6 @@ + JpegTester.pm a Perl module needed if 'check-jpeg' AV checker entry + is enabled; to be placed in Perl include paths if needed; - all: amavis-milter amavis +-helper-progs/ contains amavis.c and amavis-milter.c helpers (sendmail only) + test-messages/ contains sample/test mail messages + TODO missing features, wish list, ... +diff -urNad amavisd-new-2.5.3~/helper-progs/.cvsignore amavisd-new-2.5.3/helper-progs/.cvsignore +--- amavisd-new-2.5.3~/helper-progs/.cvsignore 2008-01-15 04:40:42.000000000 -0500 ++++ amavisd-new-2.5.3/helper-progs/.cvsignore 1969-12-31 19:00:00.000000000 -0500 +@@ -1,3 +0,0 @@ +-autom4te.cache +-configure +-config.h.in +diff -urNad amavisd-new-2.5.3~/helper-progs/Makefile.in amavisd-new-2.5.3/helper-progs/Makefile.in +--- amavisd-new-2.5.3~/helper-progs/Makefile.in 2008-01-15 04:40:42.000000000 -0500 ++++ amavisd-new-2.5.3/helper-progs/Makefile.in 1969-12-31 19:00:00.000000000 -0500 +@@ -1,46 +0,0 @@ +-# DO NOT EDIT MAKEFILE; EDIT MAKEFILE.IN INSTEAD +-# Makefile.in for amavisd-new helper-progs +- +-# Needed for autoconf to behave properly... +-AMAVISUSER=@AMAVISUSER@ +-prefix=@prefix@ +-exec_prefix=@exec_prefix@ +-sbindir=@sbindir@ +-DESTDIR=$(sbindir) +- +-MINCLUDE=@MINCLUDE@ +-# TODO : use some VERSION variable DEFS= -DVERSION=\"@VERSION@ and in the 2 .c helper programs +-# additional flags +-DEFS=-D_POSIX_PTHREAD_SEMANTICS +- +-all: amavis-milter amavis +- -amavis-milter.c: - ln -sf amavis-milter-based-on-1.1.2.3.2.40-v2.c amavis-milter.c -+unstripped: FORCE -+ $(MAKE) all DONT_STRIP=1 - - amavis-milter: amavis-milter.o - @CC@ @CFLAGS@ @LDFLAGS@ @PTHREAD_FLAG@ -o amavis-milter amavis-milter.o @LIBMILTER@ @LIBS@ -diff -urNad unstable~/helper-progs/configure.in unstable/helper-progs/configure.in ---- unstable~/helper-progs/configure.in 2006-11-04 00:55:56.000000000 -0300 -+++ unstable/helper-progs/configure.in 2006-11-04 00:56:34.710451077 -0300 -@@ -153,6 +153,10 @@ - AC_PATH_PROG(SENDMAILPROG, sendmail, no, $PATH:/sbin:/usr/sbin:/usr/lib:/usr/libexec) - fi - -+if test "$SENDMAILPROG" = "no" ; then -+ SENDMAILPROG=/usr/sbin/sendmail -+fi -+ - dnl rm - AC_PATH_PROG(RM, rm, no, $PATH) - -@@ -280,9 +284,9 @@ - - - +- +-amavis-milter: amavis-milter.o +- @CC@ @CFLAGS@ @LDFLAGS@ @PTHREAD_FLAG@ -o amavis-milter amavis-milter.o @LIBMILTER@ @LIBS@ +- +-amavis-milter.o: amavis-milter.c +- @CC@ @CFLAGS@ @PTHREAD_FLAG@ $(DEFS) $(MINCLUDE) -c -o amavis-milter.o amavis-milter.c +- +-amavis: amavis.o +- @CC@ @CFLAGS@ @LDFLAGS@ -o amavis amavis.o @LIBS@ +- +-amavis.o: amavis.c +- @CC@ @CFLAGS@ $(DEFS) -c -o amavis.o amavis.c +- +-install: +- -test -f amavis-milter && install -o root -m 755 amavis-milter $(DESTDIR) +- -test -f amavis && install -o root -m 755 amavis $(DESTDIR) +- +-clean:: FORCE +- rm -f *~ *.o amavis-milter amavis +- [ -L amavis-milter.c ] && rm -f amavis-milter.c +- +-distclean:: clean +- rm -f config.log config.status Makefile config.cache config.h amavis-milter amavis +- +-FORCE: +- +-.phony: FORCE +diff -urNad amavisd-new-2.5.3~/helper-progs/README amavisd-new-2.5.3/helper-progs/README +--- amavisd-new-2.5.3~/helper-progs/README 2008-01-15 04:40:42.000000000 -0500 ++++ amavisd-new-2.5.3/helper-progs/README 1969-12-31 19:00:00.000000000 -0500 +@@ -1,72 +0,0 @@ +-Last updated: 2003-11-04 +- +-If using Postfix or Exim v4 or dual-sendmail setup, +-you came to the wrong subdirectory, +-no helper programs are needed. +- +- +-sendmail with milter +-==================== +- +-NOTE: +- A rewrite by Petr Rehor of the helper program amavis-milter.c to use +- the new AM.PDP protocol (README.protocol) is available as a separate +- project, see: http://sourceforge.net/projects/amavisd-milter/ +- +- The rest of this document applies to older helper program included +- in the amavisd-new distribution, which speaks a traditional AM.CL +- protocol with amavisd daemon (see README.protocol), and offers +- limited milter functionality. +- +- +-For sendmail milter setup, please use the usual procedure: +- +- check the configure options: ./configure --help +- +- ./configure +- make +- make install +- +-This should produce the program amavis-milter. +- +-Follow the instructions in README.milter for integrating it with sendmail. +- +-There are two source code version of the program amavis-milter.c +-available in this distribution. The older, based on 1.1.2.3.2.36, was +-distributed with amavisd-new up to the version amavisd-new-20030616-p5. +- +-The amavis-milter.c is currently being maintained by Lars Hecking. +-The 1.1.2.3.2.40 -based version is now the default (via soft link) +-starting with amavisd-new-20030616-p6. There are some minor differences +-in command-line options, otherwise both should work with amavisd-new. +- +-Start it as 'amavis-milter -h' to get the up-to-date list of options! +- +-The new version has better error handling and logging to syslog. +-If there are problems with newer version, please revert to the older one. +- +- +-Thanks to Stephane Lentz for providing the +-configure.in/Makefile.in for this version. +- +- +-older sendmail without milter +-============================= +- +-To compile just the older amavis(.c) helper program +-without the benefit of the sendmail library and configure/make, +-please: +-- copy config.h.in to config.h +-- edit config.h, adjusting the few variables as needed +-- compile the program, e.g. gcc -o amavis amavis.c +- and copy it to wherever you would like to have it +- +-Follow the instructions in README.sendmail for +-integrating it with sendmail. +- +- +- +-P.S. +-There is an small experimental Perl program amavis.pl in this directory, +-which is functionally similar to amavis.c, but speaks the new AM.PDP +-protocol with the amavisd daemon. See its source code for comments. +diff -urNad amavisd-new-2.5.3~/helper-progs/amavis-milter.c amavisd-new-2.5.3/helper-progs/amavis-milter.c +--- amavisd-new-2.5.3~/helper-progs/amavis-milter.c 2008-01-15 04:40:42.000000000 -0500 ++++ amavisd-new-2.5.3/helper-progs/amavis-milter.c 1969-12-31 19:00:00.000000000 -0500 +@@ -1,1131 +0,0 @@ +-/* +- * Based(V2.5) on amavis-milter.c,v 1.1.2.3.2.40 2003/06/06 12:34:58 lhecking Exp +- */ +- +-/* +- * sendmail/milter client for amavis +- * amavisd version +- * +- * Author: Geoff Winkless +- * Additional work and patches by: +- * Gregory Ade +- * Anne Bennett +- * Thomas Biege +- * Pierre-Yves Bonnetain +- * Lars Hecking +- * Rainer Link +- * Dale Perkel +- * Julio Sanchez +- * Stephane Lentz +- * Mark Martinec +- */ +- +-/* +- * Add some copyright notice here ... +- * +- */ +- +-#include "config.h" +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#ifdef HAVE_SM_GEN_H +-# include "sm/gen.h" +-#endif +-#include "libmilter/mfapi.h" +- +-typedef int mybool; +- +-#define BUFFLEN 255 +-/* Must be the same as the buffer length for recv() in amavisd */ +-#define SOCKBUFLEN 8192 +- +-#ifndef RUNTIME_DIR +-# define RUNTIME_DIR "/var/amavis" +-#endif +- +-#ifndef AMAVISD_SOCKET +-# define AMAVISD_SOCKET RUNTIME_DIR ## "/amavisd.sock" +-#endif +- +-/* Activate the sendmail add-on features */ +-#define WITH_SENDMAIL_QUEUEID_TEMP_DNAME 1 +-#define WITH_SYNTHESIZED_RECEIVED_HEADER 1 +- +-#define D_TEMPPREFIX "/amavis-milter-" +-#define D_TEMPLATE "XXXXXXXX" +-#define F_TEMPLATE "/email.txt" +- +-#define DEVNULL "/dev/null" +- +-/* #ifndef AMAVIS_USER +- * # define AMAVIS_USER "amavis" +- * #endif +- * #ifndef MILTER_SOCKET_GROUP +- * # define MILTER_SOCKET_GROUP "amavis" +- * #endif +- */ +- +-/* Extracted from the code for better configurability +- * These will be set by configure/make eventually */ +-#ifndef X_HEADER_TAG +-# define X_HEADER_TAG "X-Virus-Scanned" +-#endif +-#ifndef X_HEADER_LINE +-# define X_HEADER_LINE "by amavisd-milter (http://www.amavis.org/)" +-#endif +- +-#define DBG_NONE 0 +-#define DBG_FATAL 1 +-#define DBG_WARN 2 +-#define DBG_INFO 3 +-#define DBG_DEBUG 4 +- +-typedef struct llstrct { +- char *str; +- struct llstrct *next; +-} ll; +- +-struct mlfiPriv { +- char *mlfi_fname; /* temporary file name */ +- FILE *mlfi_fp; /* file descriptor of the temporary file */ +- char *mlfi_helo; +- char *mlfi_client_addr; +- char *mlfi_client_name; +- char *mlfi_queueid; +- char *mlfi_envfrom; +- ll mlfi_envto; +- ll *mlfi_thisenvto; +- int mlfi_numto; +-}; +- +-static int verbosity = DBG_WARN; +-static int AM_DAEMON = 1; +- +-static struct group *miltergroup; +-static gid_t amavis_gid; +-static struct utsname amavis_uts; +-static int enable_x_header = 1; /* enabled by default */ +- +-static void amavis_syslog(const int, const char *, ...); +-static char *amavis_mkdtemp(char *, int); +-static int group_member(const char *); +-static void freeenvto(ll *); +-static sfsistat clearpriv(SMFICTX *, sfsistat, int); +-static int allocmem(SMFICTX *); +-static sfsistat mlfi_connect(SMFICTX *, char *, _SOCK_ADDR *); +-static sfsistat mlfi_helo(SMFICTX *, char *); +-static sfsistat mlfi_envfrom(SMFICTX *, char **); +-static sfsistat mlfi_envto(SMFICTX *, char **); +-static sfsistat mlfi_header(SMFICTX *, char *, char *); +-static sfsistat mlfi_eoh(SMFICTX *); +-static sfsistat mlfi_body(SMFICTX *, u_char *, size_t); +-static sfsistat mlfi_eom(SMFICTX *); +-static sfsistat mlfi_abort(SMFICTX *); +-static sfsistat mlfi_close(SMFICTX *); +-static sfsistat mlfi_cleanup(SMFICTX *, sfsistat, mybool); +- +- +-static void +-amavis_syslog(const int level, const char *fmt, ...) +-{ +- time_t tmpt; +- char *timestamp; +- char buf[512]; +- va_list ap; +- int loglevel; +- +- if (level > verbosity) return; +- switch (level) { /* map internal log level to syslog priority */ +- case DBG_FATAL: loglevel = LOG_ERR; break; +- case DBG_WARN: loglevel = LOG_WARNING; break; +- case DBG_INFO: loglevel = LOG_INFO; break; +- case DBG_DEBUG: loglevel = LOG_DEBUG; break; +- default: loglevel = LOG_INFO; +- } +- if (verbosity > 1 && loglevel == LOG_DEBUG) loglevel = LOG_INFO; +- buf[0] = 0; +- va_start(ap, fmt); +- +- if (AM_DAEMON == 0) { +- tmpt = time(NULL); +- timestamp = ctime(&tmpt); +- /* A 26 character string according ctime(3c) +- * we cut off the trailing \n\0 */ +- timestamp[24] = 0; +- +- snprintf(buf,sizeof(buf),"%s %s amavis-milter[%ld]: ", +- timestamp, +- (amavis_uts.nodename ? amavis_uts.nodename : "localhost"), +- (long) getpid()); +- } +- +- vsnprintf(buf+strlen(buf),sizeof(buf)-strlen(buf),fmt,ap); +- va_end(ap); +- +- if (AM_DAEMON == 0) { +- fprintf(stderr,"%s\n",buf); +- } +- +- /* HG: does it make sense to open and close the log each time? */ +- openlog("amavis-milter", LOG_PID|LOG_CONS, LOG_MAIL); +- +- syslog(loglevel,"%s\n",buf); +- closelog(); +-} +- +-static char * +-amavis_mkdtemp(char *s, int use_fixed_name) +-{ +- char *stt; +- int count = 0; +- +- if (use_fixed_name) { +- if (!mkdir(s, S_IRWXU|S_IRGRP|S_IXGRP)) return s; /*succeeded */ +- amavis_syslog(DBG_FATAL, "(amavis_mkdtemp) creating directory %s failed: %s", +- s, strerror(errno)); +- } +- /* fall back to inventing temporary directory names */ +- strcat(s, D_TEMPLATE); /* storage has been preallocated */ +- +-#ifdef HAVE_MKDTEMP +- stt = mkdtemp(s); +- if (stt == NULL) +- amavis_syslog(DBG_FATAL, "(amavis_mkdtemp) mkdtemp %s failed: %s", +- s, strerror(errno)); +- return stt; +-#else +- /* magic number alert */ +- while (count++ < 20) { +-# ifdef HAVE_MKTEMP +- stt = mktemp(s); +-# else +- /* relies on template format */ +- stt = strrchr(s, '-') + 1; +- if (stt) { +- /* more magic number alert */ +- snprintf(stt, strlen(s) - 1 - (stt - s), "%08d", lrand48() / 215); +- stt = s; +- } else { +- /* invalid template */ +- amavis_syslog(DBG_FATAL, "(amavis_mkdtemp) mktemp failed %s",s); +- return NULL; +- } +-# endif +- if (stt) { +- if (!mkdir(s, S_IRWXU|S_IRGRP|S_IXGRP)) { +- return s; +- } else { +- continue; +- } +- } +- } +- amavis_syslog(DBG_FATAL, "(amavis_mkdtemp) creating (3) directory %s failed: %s", +- s, strerror(errno)); +- return NULL; +-#endif /* HAVE_MKDTEMP */ +-} +- +-static +-int group_member(const char *group) +-{ +- int i, r, rc = -1; +- gid_t *grouplist = 0; +- +- if (!(miltergroup = getgrnam(group))) { +- perror("getgrnam"); +- return rc; +- } +- +- if ((r = getgroups(0, grouplist)) < 0) { +- perror("getgroups"); +- } else if ((grouplist = malloc (r*sizeof(gid_t))) == NULL) { +- perror("malloc"); +- r = 0; +- } else if ((r = getgroups(r, grouplist)) < 0) { +- perror("getgroups"); +- free(grouplist); +- } +- +- for (i=0;igr_gid == grouplist[i]) { +- rc = 0; +- break; +- } +- } +- +- if (grouplist) +- free(grouplist); +- +- return rc; +-} +- +-#define MLFIPRIV ((struct mlfiPriv *) smfi_getpriv(ctx)) +- +-static void +-freeenvto(ll * envto) +-{ +- while (envto) { +- ll *new = envto->next; +- if (envto->str) { +- free(envto->str); +- envto->str = NULL; +- } +- free(envto); +- envto = new; +- } +-} +- +-static sfsistat +-clearpriv(SMFICTX *ctx, sfsistat retme, int clearall) +-{ +- /* clear or release private memory and return retme */ +- struct mlfiPriv *priv = MLFIPRIV; +- +- if (priv) { +- if (priv->mlfi_fp) { +- if (fclose(priv->mlfi_fp) != 0) +- amavis_syslog(DBG_FATAL, "(clearpriv) close failed: %s", +- strerror(errno)); +- priv->mlfi_fp = NULL; +- } +- if (priv->mlfi_fname) +- { free(priv->mlfi_fname); priv->mlfi_fname = NULL; } +- if (priv->mlfi_queueid) +- { free(priv->mlfi_queueid); priv->mlfi_queueid = NULL; } +- if (priv->mlfi_envfrom) +- { free(priv->mlfi_envfrom); priv->mlfi_envfrom = NULL; } +- if (priv->mlfi_envto.next) +- { freeenvto(priv->mlfi_envto.next); priv->mlfi_envto.next = NULL; } +- if (priv->mlfi_envto.str) +- { free(priv->mlfi_envto.str); priv->mlfi_envto.str = NULL; } +- priv->mlfi_thisenvto = NULL; +- priv->mlfi_numto = 0; +- if (clearall) { +- if (priv->mlfi_client_addr) +- { free(priv->mlfi_client_addr); priv->mlfi_client_addr = NULL; } +- if (priv->mlfi_client_name) +- { free(priv->mlfi_client_name); priv->mlfi_client_name = NULL; } +- if (priv->mlfi_helo) +- { free(priv->mlfi_helo); priv->mlfi_helo = NULL; } +- free(priv); priv = NULL; +- if (smfi_setpriv(ctx, priv) != MI_SUCCESS) { +- /* Not sure what we need to do here */ +- amavis_syslog(DBG_WARN, "(clearpriv) smfi_setpriv failed"); +- } +- } +- } +- return retme; +-} +- +-/* +- * allocate some private memory if not already allocated +- * returns 0 if ok, 1 if not +- */ +-static int +-allocmem(SMFICTX * ctx) +-{ +- struct mlfiPriv *priv = MLFIPRIV; +- +- if (priv != NULL) { +- /* amavis_syslog(DBG_DEBUG, "allocmem not needed"); */ +- } else { +- amavis_syslog(DBG_DEBUG, "(allocmem) allocating private variables"); +- priv = malloc(sizeof *priv); +- if (priv == NULL) { +- /* can't accept this message right now */ +- amavis_syslog(DBG_FATAL, "failed to malloc %d bytes for private store: %s", +- sizeof(*priv), strerror(errno)); +- return 1; +- } +- memset(priv, 0, sizeof *priv); +- amavis_syslog(DBG_DEBUG, "malloced priv successfully"); +- if (smfi_setpriv(ctx, priv) != MI_SUCCESS) { +- /* Not sure what we need to do here */ +- amavis_syslog(DBG_WARN, "(allocmem) smfi_setpriv failed"); +- } +- } +- return 0; +-} +- +-static sfsistat +-mlfi_connect(SMFICTX * ctx, char *hostname, _SOCK_ADDR * gen_hostaddr) +-{ +- struct mlfiPriv *priv; +- /* discard any possible data from previous session */ +- amavis_syslog(DBG_INFO, "(mlfi_connect) client connect: hostname %s; clearing all variables", hostname); +- clearpriv(ctx, SMFIS_CONTINUE, 1); /* discard data if any, just in case */ +- if (allocmem(ctx)) return SMFIS_TEMPFAIL; +- priv = MLFIPRIV; +- +- if (priv->mlfi_client_addr) +- { free(priv->mlfi_client_addr); priv->mlfi_client_addr = NULL; } +- if (priv->mlfi_client_name) +- { free(priv->mlfi_client_name); priv->mlfi_client_name = NULL; } +- if (gen_hostaddr) { +- char *s = inet_ntoa( ((struct sockaddr_in *)gen_hostaddr)->sin_addr ); +- if (s && *s) { +- if ((priv->mlfi_client_addr = strdup(s)) == NULL) +- return (SMFIS_TEMPFAIL); +- } +- } +- if (hostname) { +- if ((priv->mlfi_client_name = strdup(hostname)) == NULL) +- return (SMFIS_TEMPFAIL); +- } +- return SMFIS_CONTINUE; +-} +- +-static sfsistat +-mlfi_helo(SMFICTX * ctx, char *helohost) +-{ +- struct mlfiPriv *priv; +- amavis_syslog(DBG_INFO, "(mlfi_helo) HELO argument is %s", helohost); +- if (allocmem(ctx)) return SMFIS_TEMPFAIL; +- priv = MLFIPRIV; +- if (priv->mlfi_helo) { free(priv->mlfi_helo); priv->mlfi_helo = NULL; } +- if ((priv->mlfi_helo = strdup(helohost)) == NULL) return (SMFIS_TEMPFAIL); +- return SMFIS_CONTINUE; +-} +- +-/* write synthesized received header to temp file as the first header */ +-void write_received(SMFICTX *ctx) +-{ +-#ifdef WITH_SYNTHESIZED_RECEIVED_HEADER +- char date_str[64]; +- struct mlfiPriv *priv = MLFIPRIV; +- /* sendmail macros present by default */ +- const char *quid = smfi_getsymval(ctx, "i"); /* sendmail queue id */ +- const char *hostname = smfi_getsymval(ctx, "j"); /* sendmail's host */ +- /* optional sendmail milter macros */ +- const char *date = smfi_getsymval(ctx, "b"); /* time of transaction */ +- if (!date) { /* fallback if milter macro {b} is not defined */ +- time_t t; time(&t); +- date = date_str; +- if (!strftime(date_str, sizeof(date_str), "%a, %e %b %Y %H:%M:%S %z", +- localtime(&t))) { date = NULL; } +- } +- if (fprintf(priv->mlfi_fp, +- "Received: from %s (%s [%s])\n\tby %s (amavis-milter) id %s; %s\n", +- priv->mlfi_helo && *(priv->mlfi_helo) ? priv->mlfi_helo : "unknown", +- priv->mlfi_client_name ? priv->mlfi_client_name : "", +- priv->mlfi_client_addr ? priv->mlfi_client_addr : "", +- hostname ? hostname : "(milter macro {j} not defined)", +- quid ? quid : "(milter macro {i} not defined)", +- date ? date : "(milter macro {b} not defined)" +- ) < 0 +- ) amavis_syslog(DBG_FATAL,"(write_received) write of header failed: %s", +- strerror(errno)); +-#endif +-} +- +-static sfsistat +-mlfi_envfrom(SMFICTX * ctx, char **envfrom) +-{ +- struct mlfiPriv *priv; +- struct stat StatBuf; +- char *messagepath; +- const char *sendmail_queueid = NULL; +- int use_fixed_name; +- +- /* discard any message data from previous SMTP transaction */ +- amavis_syslog(DBG_DEBUG, "(mlfi_envfrom) clearing message variables"); +- clearpriv(ctx, SMFIS_CONTINUE, 0); /* discard previos msg data if any */ +- if (allocmem(ctx)) return SMFIS_TEMPFAIL; +- priv = MLFIPRIV; +- +- sendmail_queueid = smfi_getsymval(ctx, "i"); +- if (!sendmail_queueid) sendmail_queueid = ""; +- priv->mlfi_queueid = strdup(sendmail_queueid); +- if (!priv->mlfi_queueid) { +- amavis_syslog(DBG_FATAL,"%s: (mlfi_envfrom) failed to alloc mlfi_queueid", sendmail_queueid); +- return SMFIS_TEMPFAIL; +- } +- priv->mlfi_envfrom = strdup(*envfrom); +- if (!priv->mlfi_envfrom) { +- amavis_syslog(DBG_FATAL,"%s: (mlfi_envfrom) failed to alloc mlfi_envfrom", sendmail_queueid); +- return SMFIS_TEMPFAIL; +- } +- +- /* tmp dir */ +- messagepath = malloc(strlen(RUNTIME_DIR) + +- strlen(D_TEMPPREFIX) + strlen(D_TEMPLATE) + /*reserve for worst case*/ +- (!sendmail_queueid ? 0 : strlen(sendmail_queueid)) + +- strlen(F_TEMPLATE) + 1); +- if (messagepath == NULL) { +- amavis_syslog(DBG_FATAL, "%s: (mlfi_envfrom) failed to allocate memory for temp file name: %s", +- sendmail_queueid, strerror(errno)); +- return SMFIS_TEMPFAIL; +- } +- +- strcpy(messagepath, RUNTIME_DIR); +- strcat(messagepath, D_TEMPPREFIX); +- use_fixed_name = 0; +-#ifdef WITH_SENDMAIL_QUEUEID_TEMP_DNAME +- if (sendmail_queueid && *sendmail_queueid) { +- strcat(messagepath, sendmail_queueid); use_fixed_name = 1; +- } +-#endif +- if (amavis_mkdtemp(messagepath,use_fixed_name) == NULL) { +- amavis_syslog(DBG_FATAL, "%s: (mlfi_envfrom) failed to create temp dir %s: %s", messagepath, +- sendmail_queueid, strerror(errno)); +- return SMFIS_TEMPFAIL; +- } +-/* if (chown(messagepath, (uid_t)-1, amavis_gid) < 0) { +- * amavis_syslog(DBG_FATAL, "Failed to adjust %s group ownership (%d): %s", +- * messagepath, amavis_gid, strerror(errno)); +- * return SMFIS_TEMPFAIL; +- * } +- */ +- if (lstat(messagepath, &StatBuf) < 0) { +- amavis_syslog(DBG_FATAL, "%s: (mlfi_envfrom) lstat(%s) failed: %s", +- sendmail_queueid, messagepath, strerror(errno)); +- return SMFIS_TEMPFAIL; +- } +- /* may be too restrictive for you, but is good to avoid problems */ +- if (!S_ISDIR(StatBuf.st_mode) || +- StatBuf.st_uid != geteuid() || StatBuf.st_gid != getegid() ) { +- amavis_syslog(DBG_FATAL, +- "%s, Security Warning: %s must be a directory, owned by User %d " +- "and Group %d", messagepath, sendmail_queueid, geteuid(), getegid()); +- } else if ( ((StatBuf.st_mode & 0777) != (S_IRWXU|S_IRGRP|S_IXGRP)) ) { +- amavis_syslog(DBG_FATAL, +- "%s, Security Warning: %s %o07 must be readable/writeable by the " +- "User %d and readable by Group %d only", +- sendmail_queueid, messagepath, StatBuf.st_mode, geteuid(), getegid()); +- } +- /* there is still a race condition here if RUNTIME_DIR is writeable by the attacker :-\ */ +- +- /* tmp file name */ +- strcat(messagepath, F_TEMPLATE); +- amavis_syslog(DBG_INFO, "%s: (mlfi_envfrom) MAIL FROM: %s, tempdir: %s", +- sendmail_queueid, *envfrom, messagepath); +- priv->mlfi_fname = messagepath; messagepath = NULL; +- +- if ((priv->mlfi_fp = fopen(priv->mlfi_fname, "w+")) == NULL) { +- amavis_syslog(DBG_FATAL, "%s: (mlfi_envfrom) creating file %s failed: %s", +- sendmail_queueid, priv->mlfi_fname, strerror(errno)); +- return SMFIS_TEMPFAIL; +- } else if (fchmod(fileno(priv->mlfi_fp), S_IRUSR|S_IWUSR|S_IRGRP) == -1) { +- amavis_syslog(DBG_FATAL, "%s: (mlfi_envfrom) fchmod on %s failed: %s", +- sendmail_queueid, priv->mlfi_fname, strerror(errno)); +- return SMFIS_TEMPFAIL; +- } +- +- /* prepend synthesized header to the temporary file */ +- write_received(ctx); +- +- /* continue processing */ +- return SMFIS_CONTINUE; +-} +- +-static sfsistat +-mlfi_envto(SMFICTX * ctx, char **envto) +-{ +- struct mlfiPriv *priv; +- const char *sendmail_queueid; +- if (allocmem(ctx)) return SMFIS_TEMPFAIL; +- priv = MLFIPRIV; +- sendmail_queueid = !priv->mlfi_queueid ? "" : priv->mlfi_queueid; +- if (!(priv->mlfi_thisenvto)) { +- /* first one... */ +- priv->mlfi_thisenvto = &(priv->mlfi_envto); +- priv->mlfi_numto = 1; +- } else { +- if ((priv->mlfi_thisenvto->next = malloc(sizeof(ll))) == NULL) +- return (SMFIS_TEMPFAIL); +- priv->mlfi_thisenvto = priv->mlfi_thisenvto->next; +- priv->mlfi_numto++; +- } +- priv->mlfi_thisenvto->next = NULL; +- priv->mlfi_thisenvto->str = NULL; +- if ((priv->mlfi_thisenvto->str = strdup(*envto)) == NULL) +- return (SMFIS_TEMPFAIL); +- amavis_syslog(DBG_INFO, "%s: (mlfi_envto) RCPT TO: %s", +- (!priv->mlfi_queueid ? "" : priv->mlfi_queueid), *envto); +- return SMFIS_CONTINUE; +-} +- +-static sfsistat +-mlfi_header(SMFICTX *ctx, char *headerf, char *headerv) +-{ +- struct mlfiPriv *priv = MLFIPRIV; +- +- /* write the header to the temporary file */ +- if (fprintf(priv->mlfi_fp, "%s: %s\n", headerf, headerv) < 0) +- amavis_syslog(DBG_FATAL, "%s: (mlfi_header) write of header failed: %s", +- (!priv->mlfi_queueid ? "" : priv->mlfi_queueid), strerror(errno)); +- +- /* continue processing */ +- return SMFIS_CONTINUE; +-} +- +-static sfsistat +-mlfi_eoh(SMFICTX *ctx) +-{ +- struct mlfiPriv *priv = MLFIPRIV; +- const char *sendmail_queueid; +- +- sendmail_queueid = !priv->mlfi_queueid ? "" : priv->mlfi_queueid; +- amavis_syslog(DBG_DEBUG, "%s: (mlfi_eoh)", sendmail_queueid); +- /* output the blank line between the header and the body */ +- if (fprintf(priv->mlfi_fp, "\n") < 0) +- amavis_syslog(DBG_FATAL, "%s: (mlfi_eoh) writing an empty line failed: %s", +- sendmail_queueid, strerror(errno)); +- /* continue processing */ +- return SMFIS_CONTINUE; +-} +- +-static sfsistat +-mlfi_body(SMFICTX *ctx, u_char *bodyp, size_t bodylen) +-{ +- struct mlfiPriv *priv = MLFIPRIV; +- /* output body block to log file */ +- u_char *d = bodyp, *s = bodyp; +- u_char *lastc = bodyp + bodylen - 1; +- +- /* convert crlf to lf */ +- while (s <= lastc) { +- if (s != lastc && *s == 13 && *(s+1) == 10) +- s++; +- +- *d++ = *s++; +- } +- bodylen = (size_t)(d - bodyp); +- +- if (bodylen && fwrite(bodyp, bodylen, 1, priv->mlfi_fp) <= 0) { +- amavis_syslog(DBG_FATAL, "%s: (mlfi_body) write of %d bytes failed: %s", +- (!priv->mlfi_queueid ? "" : priv->mlfi_queueid), +- bodylen, strerror(errno)); +- (void) fclose(priv->mlfi_fp); priv->mlfi_fp = NULL; +- return mlfi_cleanup(ctx, SMFIS_TEMPFAIL, 0); /* write failed */ +- } +- +- /* continue processing */ +- return SMFIS_CONTINUE; +-} +- +-/* Simple "protocol" */ +-const char _EOT = '\3'; +- +-static sfsistat +-mlfi_eom(SMFICTX *ctx) +-{ +- struct mlfiPriv *priv = MLFIPRIV; +- char buff[7]; +- int sock, r; +- char *sender; +- char retval; +- struct sockaddr_un saddr; +- sfsistat rstat = SMFIS_CONTINUE; +- const char *sendmail_queueid; +- +- if (!priv) { /* no priv object */ +- amavis_syslog(DBG_FATAL, "(mlfi_eom) no private object"); +- rstat = SMFIS_TEMPFAIL; +- return rstat; +- } +- sendmail_queueid = !priv->mlfi_queueid ? "" : priv->mlfi_queueid; +- amavis_syslog(DBG_DEBUG, "%s: (mlfi_eom)", sendmail_queueid); +- /* close the file so we can run checks on it */ +- if (priv->mlfi_fp) { +- if (fclose(priv->mlfi_fp) != 0) +- amavis_syslog(DBG_FATAL, "%s: (mlfi_eom) close failed: %s", +- sendmail_queueid, strerror(errno)); +- priv->mlfi_fp = NULL; +- } +- /* AFAIK, AF_UNIX is obsolete. POSIX defines AF_LOCAL */ +- saddr.sun_family = AF_UNIX; +- if (strlen(AMAVISD_SOCKET)+1 > sizeof(saddr.sun_path)) { +- amavis_syslog(DBG_FATAL, "%s: (mlfi_eom) socket path too long: %d", +- sendmail_queueid, strlen(AMAVISD_SOCKET)); +- exit(EX_TEMPFAIL); +- } +- strcpy(saddr.sun_path, AMAVISD_SOCKET); +- amavis_syslog(DBG_DEBUG, "%s: (mlfi_eom) allocate socket()", sendmail_queueid); +- r = (sock = socket(PF_UNIX, SOCK_STREAM, 0)); +- if (r < 0) { +- amavis_syslog(DBG_FATAL, "%s: (mlfi_eom) failed to allocate socket: %s", +- sendmail_queueid, strerror(errno)); +- } +- if (r >= 0) { +- amavis_syslog(DBG_DEBUG, "%s: (mlfi_eom) connect", sendmail_queueid); +- r = connect(sock, (struct sockaddr *) (&saddr), sizeof(saddr)); +- if (r < 0) +- amavis_syslog(DBG_FATAL, "%s: (mlfi_eom) failed to connect(): %s", +- sendmail_queueid, strerror(errno)); +- } +- if (r >= 0) { +- char *p = strrchr(priv->mlfi_fname, '/'); +- amavis_syslog(DBG_DEBUG, "%s: (mlfi_eom) sendfile", sendmail_queueid); +- /* amavisd wants the directory, not the filename */ +- *p = '\0'; +- r = send(sock, priv->mlfi_fname, strlen(priv->mlfi_fname), 0); +- *p = '/'; +- if (r < 0) +- amavis_syslog(DBG_FATAL, "%s: (mlfi_eom) failed to send() file name: %s", +- sendmail_queueid, strerror(errno)); +- } +- if (r >= 0) { +- r = recv(sock, &retval, 1, 0); +- if (r < 0) +- amavis_syslog(DBG_FATAL, "%s: (mlfi_eom) failed to recv() file name confirmation: %s", +- sendmail_queueid, strerror(errno)); +- } +- if (r >= 0) { +- size_t sender_l; +- sender = (strlen(priv->mlfi_envfrom) > 0) ? priv->mlfi_envfrom : "<>"; +- amavis_syslog(DBG_DEBUG, "%s: (mlfi_eom) sendfrom() %s", sendmail_queueid, sender); +- sender_l = strlen(sender); +- if (sender_l > SOCKBUFLEN) { +- amavis_syslog(DBG_WARN, "%s: (mlfi_eom) Sender too long (%d), truncated to %d characters", +- sendmail_queueid, sender_l, SOCKBUFLEN); +- sender_l = SOCKBUFLEN; +- } +- r = send(sock, sender, sender_l, 0); +- if (r < 0) +- amavis_syslog(DBG_FATAL, "%s: (mlfi_eom) failed to send() Sender: %s", +- sendmail_queueid, strerror(errno)); +- else if (r < sender_l) +- amavis_syslog(DBG_WARN, "%s: (mlfi_eom) failed to send() complete Sender, truncated to %d characters", +- sendmail_queueid, r); +- } +- if (r >= 0) { +- r = recv(sock, &retval, 1, 0); +- if (r < 0) +- amavis_syslog(DBG_FATAL, "%s: (mlfi_eom) failed to recv() ok for Sender info: %s", +- sendmail_queueid, strerror(errno)); +- } +- if (r >= 0) { +- int x; +- priv->mlfi_thisenvto = &(priv->mlfi_envto); +- for (x = 0; (r >= 0) && (x < priv->mlfi_numto); x++) { +- size_t recipient_l; +- amavis_syslog(DBG_DEBUG, "%s: (mlfi_eom) sendto() %s", +- sendmail_queueid, priv->mlfi_thisenvto->str); +- recipient_l = strlen(priv->mlfi_thisenvto->str); +- if (recipient_l > SOCKBUFLEN) { +- amavis_syslog(DBG_WARN, "%s: (mlfi_eom) Recipient too long (%d), truncated to %d characters", +- sendmail_queueid, recipient_l, SOCKBUFLEN); +- recipient_l = SOCKBUFLEN; +- } +- r = send(sock, priv->mlfi_thisenvto->str, recipient_l, 0); +- if (r < 0) +- amavis_syslog(DBG_FATAL, "%s: (mlfi_eom) failed to send() Recipient: %s", +- sendmail_queueid, strerror(errno)); +- else { +- if (r < recipient_l) +- amavis_syslog(DBG_WARN, "%s: (mlfi_eom) failed to send() complete Recipient, truncated to %d characters ", +- sendmail_queueid, r); +- r = recv(sock, &retval, 1, 0); +- if (r < 0) +- amavis_syslog(DBG_FATAL, "%s: (mlfi_eom) failed to recv() ok for recip info: %s", +- sendmail_queueid, strerror(errno)); +- priv->mlfi_thisenvto = priv->mlfi_thisenvto->next; +- } +- } +- } +- if (r >= 0) { +- amavis_syslog(DBG_DEBUG, "%s: (mlfi_eom) send() EOT", sendmail_queueid); +- r = send(sock, &_EOT, 1, 0); +- /* send "end of args" msg */ +- if (r < 0) { +- amavis_syslog(DBG_FATAL, "%s: (mlfi_eom) failed to send() EOT: %s", +- sendmail_queueid, strerror(errno)); +- } else { +- /* get result from amavisd */ +- r = recv(sock, buff, 6, 0); +- amavis_syslog(DBG_DEBUG, "%s: (mlfi_eom) received %s from daemon", sendmail_queueid, buff); +- if (r < 0) +- amavis_syslog(DBG_FATAL, "%s: (mlfi_eom) Failed to recv() final result: %s", +- sendmail_queueid, strerror(errno)); +- else if (!r) +- amavis_syslog(DBG_FATAL, "%s: (mlfi_eom) Failed to recv() final result: empty status string", +- sendmail_queueid); +- /* get back final result */ +- } +- } +- close(sock); +- +- if (r < 0) { +- /* some point of the communication failed miserably - so give up */ +- amavis_syslog(DBG_FATAL, "%s: (mlfi_eom) communication failure", sendmail_queueid); +- return mlfi_cleanup(ctx, SMFIS_TEMPFAIL, 0); +- } +- amavis_syslog(DBG_DEBUG, "%s: (mlfi_eom) finished conversation", sendmail_queueid); +- +- /* Protect against empty return string */ +- if (*buff) +- retval = atoi(buff); +- else +- retval = 1; +- +- if (retval == 99) { +- amavis_syslog(DBG_INFO, "%s: (mlfi_eom) discarding mail, retval is %d", +- sendmail_queueid, retval); +- rstat = SMFIS_DISCARD; +- } else if (retval == EX_UNAVAILABLE) { /* REJECT handling */ +- /* by Didi Rieder and Mark Martinec */ +- amavis_syslog(DBG_INFO, "%s: (mlfi_eom) rejecting mail, retval is %d", +- sendmail_queueid, retval); +- if (smfi_setreply(ctx, "550", "5.7.1", "Message content rejected") != MI_SUCCESS) { +- /* Not sure what we need to do here */ +- amavis_syslog(DBG_FATAL, "%s: (mlfi_eom) smfi_setreply failed", +- sendmail_queueid); +- } +- rstat = SMFIS_REJECT; +- } else if (retval == 0) { +- if (enable_x_header) { +- amavis_syslog(DBG_DEBUG, "%s: (mlfi_eom) adding/changing header", sendmail_queueid); +- if (smfi_chgheader(ctx, X_HEADER_TAG, 1, X_HEADER_LINE) == MI_FAILURE) { +- amavis_syslog(DBG_DEBUG, "%s: (mlfi_eom) adding header", sendmail_queueid); +- if (smfi_addheader(ctx, X_HEADER_TAG, X_HEADER_LINE) != MI_SUCCESS) { +- amavis_syslog(DBG_FATAL, +- "%s: (mlfi_eom) smfi_addheader failed, perhaps milter session timed out", +- sendmail_queueid); +- } +- } +- } +- amavis_syslog(DBG_INFO, "%s: (mlfi_eom) CONTINUE delivery", sendmail_queueid); +- rstat = SMFIS_CONTINUE; +- } else { +- /* if we got any unexpected exit status, we didn't check the file... +- * so don't add the header. We return TEMPFAIL instead */ +- amavis_syslog(DBG_WARN, "%s: (mlfi_eom) TEMPFAIL, retval is %d", +- sendmail_queueid, retval); +- rstat = SMFIS_TEMPFAIL; +- } +- /* return mlfi_cleanup(ctx, rstat, 0); */ /* _we_ must delete dir & file */ +- return mlfi_cleanup(ctx, rstat, 1); /* server will delete the dir & file */ +-} +- +-static sfsistat +-mlfi_abort(SMFICTX *ctx) +-{ +- struct mlfiPriv *priv = MLFIPRIV; +- amavis_syslog(DBG_WARN, "%s: (mlfi_abort)", +- (!priv || !priv->mlfi_queueid ? "?" : priv->mlfi_queueid) ); +- return mlfi_cleanup(ctx, SMFIS_CONTINUE, 0); +-} +- +-static sfsistat +-mlfi_close(SMFICTX *ctx) +-{ +- struct mlfiPriv *priv = MLFIPRIV; +- amavis_syslog(DBG_DEBUG, "(mlfi_close) %sclearing all variables", +- (!priv || !priv->mlfi_queueid ? "" : priv->mlfi_queueid) ); +- return clearpriv(ctx, SMFIS_CONTINUE, 1); /* discard all data */ +-} +- +-static sfsistat +-mlfi_cleanup(SMFICTX *ctx, sfsistat rstat, mybool keep) +-{ +- struct mlfiPriv *priv = MLFIPRIV; +- const char *sendmail_queueid; +- +- if (!priv) +- return rstat; +- sendmail_queueid = !priv->mlfi_queueid ? "" : priv->mlfi_queueid; +- +- if (keep) { +- /* don't delete the file */ +- } else { +- /* message was aborted -- delete the archive file */ +- if (priv->mlfi_fp) { +- if (fclose(priv->mlfi_fp) != 0) +- amavis_syslog(DBG_FATAL, "%s: (mlfi_cleanup) close failed: %s", +- sendmail_queueid, strerror(errno)); +- priv->mlfi_fp = NULL; +- } +- if (priv->mlfi_fname) { +- char *p; +- amavis_syslog(DBG_DEBUG, "%s: (mlfi_cleanup) deleting temp file", +- sendmail_queueid); +- if (unlink(priv->mlfi_fname) < 0) +- amavis_syslog(DBG_FATAL, "%s: (mlfi_cleanup) unlinking %s failed: %s", +- sendmail_queueid, priv->mlfi_fname, strerror(errno)); +- p = strrchr(priv->mlfi_fname, '/'); +- if (!p) { +- amavis_syslog(DBG_FATAL, "%s: (mlfi_cleanup) no '/' in %s", +- sendmail_queueid, priv->mlfi_fname); +- } else { +- *p = '\0'; +- if (rmdir(priv->mlfi_fname) < 0) +- amavis_syslog(DBG_FATAL, "%s: (mlfi_cleanup) rmdir of %s failed: %s", +- sendmail_queueid, priv->mlfi_fname, strerror(errno)); +- *p = '/'; +- } +- } +- } +- +- /* clear message data, return status */ +- amavis_syslog(DBG_DEBUG, "%s: (mlfi_cleanup) clearing message variables", +- sendmail_queueid); +- return clearpriv(ctx, rstat, 0); /* discard message data if any */ +-} +- +- +-struct smfiDesc smfilter = { +- "amavis-milter", /* filter name */ +- SMFI_VERSION, /* version code -- do not change */ +- SMFIF_ADDHDRS|SMFIF_CHGHDRS,/* flags */ +- mlfi_connect, /* connection info filter */ +- mlfi_helo, /* SMTP HELO command filter */ +- mlfi_envfrom, /* envelope sender filter */ +- mlfi_envto, /* envelope recipient filter */ +- mlfi_header, /* header filter */ +- mlfi_eoh, /* end of header */ +- mlfi_body, /* body block filter */ +- mlfi_eom, /* end of message */ +- mlfi_abort, /* message aborted */ +- mlfi_close /* connection cleanup */ +-}; +- +- +-void +-usage(void) +-{ +- fprintf(stderr, "usage:\n"); +- fprintf(stderr, " amavis-milter -p local: [-d] [-v]\n"); +- fprintf(stderr, " amavis-milter -p inet:port@0.0.0.0 [-d] [-v]\n"); +- fprintf(stderr, " amavis-milter -h\n"); +- fprintf(stderr, "\n"); +- fprintf(stderr, "-p specifies a milter socket on which amavis-milter\n"); +- fprintf(stderr, " will listen for connections from sendmail.\n"); +- fprintf(stderr, " The argument is passed directly to libmilter, see sendmail milter\n"); +- fprintf(stderr, " documentation for details. The socket specified must match the\n"); +- fprintf(stderr, " INPUT_MAIL_FILTER macro call in the sendmail configuration file.\n"); +- fprintf(stderr, "-d debug: disables daemonisation and turns log level fully up (-vvvv) \n"); +- fprintf(stderr, "-v increases logging level by one, may be specified up to 4 times\n"); +- fprintf(stderr, "-h help: displays this usage text and exits\n"); +- fprintf(stderr, "\n"); +- fprintf(stderr, "Options -g, -x, -D are allowed for compatibility but ignored.\n"); +- fprintf(stderr, "\n"); +- fprintf(stderr, "This helper prgram (milter daemon) is normally started as:\n"); +- fprintf(stderr, "# su amavis -c '/usr/local/sbin/amavis-milter -p local:/var/amavis/amavis-milter.sock'\n"); +-}; +- +-int +-main(int argc, char *argv[]) +-{ +-/* struct passwd *userinfo; *amavis uid* */ +- int c, i; +- char *p, *milter_socket = NULL, *milter_socket_group = NULL; +-/* const char *args = "dg:p:vx"; */ +- const char *args = ":hdg:p:Dvx"; /* some mix of old and new options!!! */ +- +- pid_t pid; +- int devnull; +- +-#if !defined(HAVE_MKDTEMP) && !defined(HAVE_MKTEMP) +- int mypid = getpid(); +- +- srand48(time(NULL) ^ (mypid + (mypid << 15))); +-#endif +- +- umask(0007); +- +- /* Process command line options */ +- while ((c = getopt(argc, argv, args)) != -1) { +- switch (c) { +- case 'd': +- /* don't daemonise, log to stderr */ +- verbosity = DBG_DEBUG; /* full debugging log level */ +- AM_DAEMON = 0; +- break; +- case 'g': +- /* name of milter socket group owner */ +- if (optarg == NULL || *optarg == '\0') { +- fprintf(stderr, "%s: Illegal group: %s\n", argv[0], optarg); +- } +- fprintf(stderr, "%s: group specification ignored (not implemented)\n", argv[0]); +- milter_socket_group = strdup(optarg); +- break; +- case 'p': +- /* socket name - see smfi_setconn man page */ +- if (optarg == NULL || *optarg == '\0') { +- fprintf(stderr, "%s: Illegal conn: %s\n", argv[0], optarg); +- exit(EXIT_FAILURE); +- } +- milter_socket = strdup(optarg); +- break; +- case 'v': +- verbosity++; +- break; +- case 'D': +- AM_DAEMON = 1; /* which is also a default, unless debugging */ +- break; +- case 'x': +- /* enable_x_header++; */ /* older versions */ +- /* enable_x_header = 0;*/ /* since 1.1.2.3.2.40 */ +- fprintf(stderr, "%s: option -x ignored to avoid confusion with older versions\n", argv[0]); +- break; +- case 'h': +- usage(); +- exit(EXIT_SUCCESS); +- break; +- default: +- usage(); +- exit(EXIT_FAILURE); +- } +- } +- +- if (smfi_register(smfilter) == MI_FAILURE) { +- fprintf(stderr, "%s: smfi_register failed\n", argv[0]); +- exit(EXIT_FAILURE); +- } +- +- uname(&amavis_uts); +- +- /* check user and group */ +-/* if (!(userinfo = getpwnam(AMAVIS_USER))) { +- * perror("getpwnam"); +- * exit(EXIT_FAILURE); +- * } +- * amavis_gid = userinfo->pw_gid; +- * if (!milter_socket_group) { +- * milter_socket_group = strdup(MILTER_SOCKET_GROUP); +- * if (!milter_socket_group) { +- * perror("strdup"); +- * exit(EXIT_FAILURE); +- * } +- * } +- * if (group_member(milter_socket_group) < 0) { +- * fprintf(stderr, "%s not member of %s group\n", AMAVIS_USER, milter_socket_group); +- * exit(EXIT_FAILURE); +- * } +- */ +- if (!milter_socket) { +- fprintf(stderr, "%s: no milter socket specified (missing option -p)\n\n", argv[0]); +- usage(); +- exit(EXIT_FAILURE); +- } +- +- /* check socket */ +- if ((p = strchr(milter_socket,'/'))) { +- /* Unlink any existing file that might be in place of +- * the socket we want to create. This might not exactly +- * be safe, or friendly, but I'll deal with that later. +- * Be nice and issue a warning if we have a problem, but +- * other than that, ignore it. */ +- if (unlink(p) < 0) { +- amavis_syslog(DBG_INFO, "INFO: Cannot unlink old socket %s: %s", milter_socket, strerror(errno)); +- } +- } +- +- /* Errors are detected in smfi_main */ +- if (smfi_setconn(milter_socket) != MI_SUCCESS) { +- amavis_syslog(DBG_FATAL, "(main) smfi_setconn failed"); +- } +- +- /* See if we're supposed to become a daemonized process */ +- if (AM_DAEMON == 1) { +- +- /* 2001/11/09 Anne Bennett: daemonize properly. +- * OK, let's be a real daemon. Taken from page 417 +- * of Stevens' "Advanced Programming in the UNIX Environment". +- */ +- +- /* Step 1: Fork and have parent exit. This not only +- * backgrounds us but makes sure we are not a process group +- * leader. +- */ +- +- /* Fork ourselves into the background, and see if it worked */ +- if ((pid = fork()) > 0) { +- +- amavis_syslog(DBG_INFO, "amavis-milter forked into background"); +- /* We are the parent; exit. */ +- exit(EXIT_SUCCESS); +- +- } else if (pid == -1) { +- perror("fork"); +- exit(EXIT_FAILURE); +- } +- +- /* OK, we're backgrounded. +- * Step 2: Call setsid to create a new session. This makes +- * sure among other things that we have no controlling +- * terminal. +- */ +- if (setsid() < (pid_t)0) { +- amavis_syslog(DBG_FATAL, "setsid() returned error: %s", strerror(errno)); +- exit(EXIT_FAILURE); +- } +- +- /* Step 3: Set the working directory appropriately. */ +- if (chdir("/") < 0 ) { +- amavis_syslog(DBG_FATAL, "chdir(/) returned error: %s", strerror(errno)); +- exit(EXIT_FAILURE); +- } +- +- /* Step 4: Close all file descriptors. */ +- for (i = 0; i < _POSIX_OPEN_MAX ; i++) { +- close(i); +- } +- +- /* Open /dev/null read-only (fd 0 = STDIN) */ +- if ((devnull = open(DEVNULL, O_RDONLY, 0)) < 0) { +- amavis_syslog(DBG_FATAL, "Could not open %s as STDIN: %s", DEVNULL, strerror(errno)); +- exit(EXIT_FAILURE); +- } +- if (devnull != 0) { +- amavis_syslog(DBG_FATAL, "Got wrong file descriptor as STDIN: %s != 0", DEVNULL); +- exit(EXIT_FAILURE); +- } +- +- /* Open /dev/null write-only (fd 1 = STDOUT) */ +- if ((devnull = open(DEVNULL, O_WRONLY, 0)) < 0) { +- amavis_syslog(DBG_FATAL, "Could not open %s as STDOUT: %s", DEVNULL, strerror(errno)); +- exit(EXIT_FAILURE); +- } +- if (devnull != 1) { +- amavis_syslog(DBG_FATAL, "Got wrong file descriptor as STDOUT: %s != 1", DEVNULL); +- exit(EXIT_FAILURE); +- } +- +- /* Open /dev/null write-only (fd 2 = STDERR) */ +- if ((devnull = open(DEVNULL, O_WRONLY, 0)) < 0) { +- amavis_syslog(DBG_FATAL, "Could not open %s as STDERR: %s", DEVNULL, strerror(errno)); +- exit(EXIT_FAILURE); +- } +- if (devnull != 2) { +- amavis_syslog(DBG_FATAL, "Got wrong file descriptor as STDERR: %s != 2", DEVNULL); +- exit(EXIT_FAILURE); +- } +- } +- +- /* change process group id */ +- if (miltergroup && (setgid(miltergroup->gr_gid)) < 0) { +- amavis_syslog(DBG_FATAL, "setgid(%d): %s", miltergroup->gr_gid, strerror(errno)); +- exit(EX_UNAVAILABLE); +- } +- +- /* smfi_settimeout(1800); */ /* defaults to 7210 seconds */ +- +- /* hand control over to libmilter */ +- amavis_syslog(DBG_WARN, "Starting, handing off to smfi_main"); +- return smfi_main(); +-} +- +-/* eof */ +diff -urNad amavisd-new-2.5.3~/helper-progs/amavis.c amavisd-new-2.5.3/helper-progs/amavis.c +--- amavisd-new-2.5.3~/helper-progs/amavis.c 2008-01-15 04:40:42.000000000 -0500 ++++ amavisd-new-2.5.3/helper-progs/amavis.c 1969-12-31 19:00:00.000000000 -0500 +@@ -1,473 +0,0 @@ +-#ifndef lint +-static char *RCSid() { return RCSid("$Id: amavis.c,v 1.1.2.25 2002/05/13 17:15:12 lhecking Exp $"); } +-#endif +- +-/* +- * client for amavisd +- * +- * Author: Geoff Winkless +- * Additional work and patches by: +- * Gregory Ade +- * Thomas Biege +- * Pierre-Yves Bonnetain +- * Ricardo M. Ferreira +- * Lars Hecking +- * Rainer Link +- * Julio Sanchez +- * Mark Martinec (2002-07-30, don't pass LDA args to amavisd, +- * call LDA directly) +- * Henrique M. Holschuh +- * 2003-08-25: bomb on argc < 2, not 3 +- * fix error message when wrong no. of args +- * fix this crap to use syslog +- * log errors, otherwise nobody knows what is happening +- * change default dir to something obvious for bug reporting +- */ +- +-/* +- * Add some copyright notice here ... +- * +- * Usage: amavis sender recipient [recipient ...] [-- lda [lda-args]] +- * +- */ +- +-#include "config.h" +- +-#define BUFFLEN 8192 +-/* Must be the same as the buffer length for recv() in amavisd */ +-#define SOCKBUFLEN 8192 +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#define D_TEMPLATE "/amavis-client-XXXXXXXX" +-#define F_TEMPLATE "/email.txt" +- +-#define DBG_NONE 0 +-#define DBG_INFO 1 +-#define DBG_WARN 2 +-#define DBG_FATAL 4 +- +-#define DBG_ALL (DBG_FATAL | DBG_WARN | DBG_INFO) +- +-static struct utsname myuts; +- +-static const int debuglevel = DBG_FATAL; +-static char truncated[] = " (truncated)"; +-#define MAX_MSG 150 +- +-/* temp dir where mail message is stored */ +-static char *dir_name; +-/* temp file where mail message is stored */ +-static char *atmpfile; +- +-static size_t mystrlcpy(char *, const char *, size_t); +-static void mydebug(const int, const char *, ...); +-static char *mymktempdir(char *); +-static void amavis_cleanup(void); +- +-static size_t +-mystrlcpy(char *dst, const char *src, size_t size) +-{ +- size_t src_l = strlen(src); +- if(src_l < size) { +- memcpy(dst, src, src_l + 1); +- } else if(size) { +- memcpy(dst, src, size - 1); +- dst[size - 1] = '\0'; +- } +- return src_l; +-} +- +-/* Construct the message string from its parts */ +-char * +-make_msg(const char *fmt, va_list args) +-{ +- int len; +- char *msg = NULL; +- if ( (msg = calloc(1, MAX_MSG + 1)) == NULL ) +- return NULL; +- /* There's some confusion in the documentation about what vsnprintf +- * returns when the buffer overflows. Hmmm... */ +- len = vsnprintf(msg, MAX_MSG + 1, fmt, args); +- if (len >= MAX_MSG) +- strcpy(msg + (MAX_MSG - 1) - sizeof(truncated), truncated); +- return msg; +-} +- +-static void +-mylog(const int level, const char *fmt, va_list args) +-{ +- int loglevel=LOG_INFO; +- char *msg; +- +- if (!(level & debuglevel)) +- return; +- +- switch (level) { +- case DBG_WARN: +- loglevel=LOG_WARNING; +- break; +- case DBG_FATAL: +- loglevel=LOG_ERR; +- } +- if ((msg = make_msg(fmt, args)) == NULL) return; +- syslog(loglevel, "%s", msg); +-} +- +-static void +-mydebug(const int level, const char *fmt, ...) +-{ +- va_list args; +- +- va_start(args, fmt); +- mylog(level, fmt, args); +- va_end(args); +-} +- +-static char * +-mymktempdir(char *s) +-{ +-#ifdef HAVE_MKDTEMP +- return mkdtemp(s); +-#else +- char *stt; +- int count = 0; +- +- /* magic number alert */ +- while (count++ < 20) { +-# ifdef HAVE_MKTEMP +- stt = mktemp(s); +-# else +- /* relies on template format */ +- stt = strchr(s, '-') + 1; +- if (stt) { +- /* more magic number alert */ +- snprintf(stt, strlen(s) - 1 - (stt - s), "%08d", lrand48() / 215); +- stt = s; +- } else { +- /* invalid template */ +- return NULL; +- } +-# endif +- if (stt) { +- if (!mkdir(s, S_IRWXU)) { +- return s; +- } else { +- continue; +- } +- } +- } +- return NULL; +-#endif /* HAVE_MKDTEMP */ +-} +- +-static void +-amavis_cleanup(void) +-{ +- if (dir_name) +- free(dir_name); +- +- if (atmpfile) +- free(atmpfile); +-} +- +-static int +-call_lda(int fdin, const char *path, char *const argv[]) +-{ +- pid_t pid; +- int status; +- +- mydebug(DBG_INFO, "calling LDA: %s %s ...", path, argv[0]); +- +- fflush(stdout); +- fflush(stderr); +- pid = fork(); +- if (pid < 0) { +- mydebug(DBG_FATAL, "Can't fork: %s", strerror(errno)); +- return EX_TEMPFAIL; +- } +- if (!pid) { /* child */ +- int d = dup2(fdin,STDIN_FILENO); +- if (d < 0) { +- mydebug(DBG_FATAL, "dup2 %d failed: %s\n", fdin, strerror(errno)); +- exit(EX_TEMPFAIL); +- } else if (d != STDIN_FILENO) { +- mydebug(DBG_FATAL, "dup2 %d error to stdin (got %d)\n", fdin, d); +- exit(EX_TEMPFAIL); +- } +- close(fdin); +- execv(path, argv); +- mydebug(DBG_FATAL, "Can't exec LDA '%s': %s\n", path, strerror(errno)); +- exit(EX_TEMPFAIL); +- } +- /* parent */ +- if (waitpid(pid, &status, 0) < 0) { +- mydebug(DBG_FATAL, "Waiting for LDA child aborted: %s", strerror(errno)); +- return EX_TEMPFAIL; +- } +- if (!WIFEXITED(status)) { +- if (WIFSIGNALED(status)) +- mydebug(DBG_FATAL, "LDA child died, signal: %d", WTERMSIG(status)); +- else +- mydebug(DBG_FATAL, "LDA child aborted, status: %d", status); +- return EX_TEMPFAIL; +- } +- return WEXITSTATUS(status); +-} +- +-/* Simple "protocol" */ +-const char _LDA = '\2'; +-const char _EOT = '\3'; +- +-/* take input from stdin as an email, with argv as sender and recipients +- * then pass it all to amavisd +- * TODO: sender/recipient parsing for qmail; see qmail-queue(8) for details +- */ +-int +-main(int argc, char **argv) +-{ +- char *buff; /* temp buffer for mail message */ +- char xstat[8] = { 0 }; +- struct sockaddr_un saddr; +- FILE *fout = NULL; +- int fd = 0; +- size_t rw = 0, msgsize = 0; +- int r, sock, i; /* socket func return val, socket descriptor, index var */ +- char retval; +- int ldaargs_ind = -1; +- int fdin; /* keep the file open to be able to pass it on +- to LDA even after unlinking */ +- struct stat StatBuf; +-#if !defined(HAVE_MKDTEMP) && !defined(HAVE_MKTEMP) +- int mypid = getpid(); +- +- srand48(time(NULL) ^ (mypid + (mypid << 15))); +-#endif +- +- atexit(amavis_cleanup); +- openlog("amavis(client)", LOG_PID, LOG_MAIL); +- +- /* */ +- uname(&myuts); +- +- /* Process args first */ +- if (argc < 2) { +- mydebug(DBG_FATAL, "Insufficient number of arguments, need sender recipient [recipient...]"); +- exit(EX_TEMPFAIL); +- } +- +-/* umask(0077); */ +- umask(0007); +- +- /* */ +- dir_name = malloc(strlen(RUNTIME_DIR) + strlen(D_TEMPLATE) + 1); +- if (dir_name == NULL) { +- mydebug(DBG_FATAL, "Failed to allocate memory for temp dir name: %s", strerror(errno)); +- exit(EX_TEMPFAIL); +- } +- +- strcpy(dir_name, RUNTIME_DIR); +- strcat(dir_name, D_TEMPLATE); +- if (mymktempdir(dir_name) == NULL) { +- mydebug(DBG_FATAL, "Failed to create temp dir: %s", strerror(errno)); +- exit(EX_TEMPFAIL); +- } +- if (chmod(dir_name,S_IRWXU|S_IRWXG)) { +- mydebug(DBG_FATAL, "Failed to chmod temp dir: %s", strerror(errno)); +- exit(EX_TEMPFAIL); +- } +- if (lstat(dir_name, &StatBuf) < 0) { +- mydebug(DBG_FATAL, "%s: Error while trying lstat(%s): %s", +- argv[0], dir_name, strerror(errno)); +- exit(EX_TEMPFAIL); +- } +- +- /* may be too restrictive for you, but's good to avoid problems */ +-/* if (!S_ISDIR(StatBuf.st_mode) || StatBuf.st_uid != geteuid() || +- * StatBuf.st_gid != getegid() || !(StatBuf.st_mode & (S_IWUSR | S_IRUSR))) { +- * mydebug(DBG_FATAL, +- * "%s: Security Warning: %s must be a Directory and owned by " +- * "User %d and Group %d and just read-/write-able by the User " +- * " and noone else. Exit.", argv[0], dir_name, geteuid(), getegid()); +- * exit(EX_TEMPFAIL); +- * } +- */ +- /* there is still a race condition here if RUNTIME_DIR is writeable by the attacker :-\ */ +- +- atmpfile = malloc(strlen(dir_name) + strlen(F_TEMPLATE) + 1); +- if (atmpfile == NULL) { +- mydebug(DBG_FATAL, "Failed to allocate memory for temp file name: %s", strerror(errno)); +- exit(EX_TEMPFAIL); +- } +- +- sprintf(atmpfile, "%s/email.txt", dir_name); +- +- buff = malloc(BUFFLEN); +- if (buff == NULL) { +- mydebug(DBG_FATAL, "Failed to allocate memory for read buffer: %s", strerror(errno)); +- exit(EX_TEMPFAIL); +- } +- +- if ((fd = open(atmpfile, O_CREAT | O_EXCL | O_WRONLY, +- S_IRUSR|S_IWUSR|S_IRGRP)) < 0 || (fout = fdopen(fd, "w")) == NULL) +- mydebug(DBG_FATAL, "failed to open a_tmp_file: %s", strerror(errno)); +- +- while (!feof(stdin)) { +- rw = fread(buff, sizeof(char), BUFFLEN, stdin); +- fwrite(buff, sizeof(char), rw, fout); +- msgsize += rw; +- } +- fclose(fout); +- free(buff); buff = NULL; /* will reuse later */ +- mydebug(DBG_INFO, "size=%d", msgsize); +- +- /* keep the temporary file open, to be able to pass it on to LDA +- via STDIN even after unlinking the file and directory by amavisd-new */ +- if ((fdin = open(atmpfile, O_RDONLY)) < 0) +- mydebug(DBG_FATAL, "error opening fdin '%s': %s", atmpfile, strerror(errno)); +- +- r = (sock = socket(PF_UNIX, SOCK_STREAM, 0)); +- if (r < 0) +- mydebug(DBG_FATAL, "failed to allocate socket: %s", strerror(errno)); +- saddr.sun_family = AF_UNIX; +- mystrlcpy(saddr.sun_path, AMAVISD_SOCKET, sizeof(saddr.sun_path)); +- if (r >= 0) { +- mydebug(DBG_INFO, "connect()"); +- r = connect(sock, (struct sockaddr *) &saddr, sizeof(saddr)); +- if (r < 0) +- mydebug(DBG_FATAL, "failed to connect(): %s", strerror(errno)); +- } +- if (r >= 0) { +- mydebug(DBG_INFO, "senddir() %s", dir_name); +- r = send(sock, dir_name, strlen(dir_name), 0); +- if (r < 0) +- mydebug(DBG_FATAL, "failed to send() directory: %s", strerror(errno)); +- } +- if (r >= 0) { +- r = recv(sock, &retval, 1, 0); +- if (r < 0) +- mydebug(DBG_FATAL, "failed to recv() directory confirmation: %s", +- strerror(errno)); +- } +- if (r >= 0) { +- /* send envelope from */ +- const char *sender = argv[1]; +- int sender_l = strlen(sender); +- if (!sender_l) { sender = "<>"; sender_l = 2; } +- mydebug(DBG_INFO, "sendfrom() %s", sender); +- if (sender_l > SOCKBUFLEN) { +- mydebug(DBG_WARN, "Sender too long (%d), truncated to %d characters", sender_l, SOCKBUFLEN); +- sender_l = SOCKBUFLEN; +- } +- r = send(sock, sender, sender_l, 0); +- if (r < 0) +- mydebug(DBG_FATAL, "failed to send() Sender: %s", strerror(errno)); +- else if (r < sender_l) +- mydebug(DBG_WARN, "failed to send() complete Sender, truncated to %d characters ", r); +- } +- if (r >= 0) { +- r = recv(sock, &retval, 1, 0); +- if (r < 0) +- mydebug(DBG_FATAL, "failed to recv() ok for Sender info: %s", +- strerror(errno)); +- } +- if (r >= 0) { +- /* send recipients and lda/ldaargs if present */ +- for (i = 2; i < argc; i++) { +- int arg_l; +- arg_l = strlen(argv[i]); +- if (arg_l > SOCKBUFLEN) { +- mydebug(DBG_WARN, "Recipient too long (%d), truncated to %d characters", arg_l, SOCKBUFLEN); +- arg_l = SOCKBUFLEN; +- } +- if (strcmp(argv[i], "--") == 0) { +- ldaargs_ind = i; +- break;/* don' pass LDA args, we'll call LDA ourselves later! */ +- mydebug(DBG_INFO, "sendlda() %s", argv[i]); +- r = send(sock, &_LDA, 1, 0); +- } else { +- const char *recip = argv[i]; +- if (!arg_l) { recip = "<>"; arg_l = 2; } +- mydebug(DBG_INFO, "sendto() %s", recip); +- /* mydebug(DBG_INFO, "sendlda/arg() %s", recip); */ +- r = send(sock, recip, arg_l, 0); +- if (r >= 0 && r < arg_l) +- mydebug(DBG_WARN, "failed to send() complete Recipient, truncated to %d characters", r); +- } +- if (r < 0) { +- mydebug(DBG_FATAL, "failed to send() Recipient: %s", strerror(errno)); +- /* mydebug(DBG_FATAL, "failed to send/lda() recip info: %s", strerror(errno)); */ +- } else { +- r = recv(sock, &retval, 1, 0); +- if (r < 0) { +- mydebug(DBG_FATAL, "failed to recv() ok for recip info: %s", strerror(errno)); +- /* mydebug(DBG_FATAL, "failed to recv() ok for recip/lda info: %s", strerror(errno)); */ +- } +- } +- } +- } +- if (r >= 0) { +- mydebug(DBG_INFO, "sendEOT()"); +- r = send(sock, &_EOT, 1, 0); +- /* send "end of args" msg */ +- if (r < 0) +- mydebug(DBG_FATAL, "failed to send() EOT: %s", strerror(errno)); +- else { +- r = recv(sock, xstat, 6, 0); +- mydebug(DBG_INFO, "received %s from daemon", xstat); +- if (r < 0) +- mydebug(DBG_FATAL, "Failed to recv() final result: %s", +- strerror(errno)); +- else if (!r) +- mydebug(DBG_FATAL, "Failed to recv() final result: empty status string"); +- /* get back final result */ +- } +- } +- close(sock); +- mydebug(DBG_INFO, "finished conversation"); +- +- if (r < 0) { +- /* some point of the communication failed miserably - so give up */ +- retval = EX_TEMPFAIL; +- mydebug(DBG_FATAL, "failing with EX_TEMPFAIL: %s", strerror(errno)); +- } else { +- /* Protect against empty return string */ +- retval = *xstat ? atoi(xstat) : EX_TEMPFAIL; +- mydebug(DBG_INFO, "retval is %d", retval); +- +- if (retval==99) { /* drop mail, either here by ignoring LDA args, */ +- /* or already done by amavisd if delivery was delegated to it */ +- mydebug(DBG_INFO, "DROP mail"); +- retval = 0; /* pretend it was delivered */ +- } else if (retval==0 && ldaargs_ind >= 0) { /* pass delivery to LDA */ +- char *path; +- ldaargs_ind++; /* step over "--" */ +- path = malloc(strlen(argv[ldaargs_ind]) + 1); +- if (path == NULL) +- mydebug(DBG_FATAL, "Failed to allocate memory for temp dir name: %s", strerror(errno)); +- path = strcpy(path, argv[ldaargs_ind]); +- argv[ldaargs_ind] = basename(path); +- retval = call_lda(fdin, path, &argv[ldaargs_ind]); +- } +- } +- close(fdin); +- unlink(atmpfile); +- rmdir(dir_name); +- exit(retval); +-} +diff -urNad amavisd-new-2.5.3~/helper-progs/amavis.pl amavisd-new-2.5.3/helper-progs/amavis.pl +--- amavisd-new-2.5.3~/helper-progs/amavis.pl 2008-01-15 04:40:42.000000000 -0500 ++++ amavisd-new-2.5.3/helper-progs/amavis.pl 1969-12-31 19:00:00.000000000 -0500 +@@ -1,172 +0,0 @@ +-#!/usr/bin/perl -T +- +-#------------------------------------------------------------------------------ +-# This is amavis.pl, a simple demonstrational program functionally much like +-# the amavis.c helper program, but talks the new AM.PDP protocol with the +-# amavisd daemon. See README.protocol for the description of AM.PDP protocol. +-# Usage: +-# amavis.pl sender recip1 recip2 ... < message.txt +-# To be placed in amavisd.conf: +-# $protocol='AM.PDP'; $unix_socketname='/var/amavis/amavisd.sock'; +-# +-# +-# Author: Mark Martinec +-# Copyright (C) 2004 Mark Martinec, All Rights Reserved. +-# +-# Redistribution and use in source and binary forms, with or without +-# modification, are permitted provided that the following conditions are met: +-# +-# * Redistributions of source code must retain the above copyright notice, +-# this list of conditions and the following disclaimer. +-# * Redistributions in binary form must reproduce the above copyright notice, +-# this list of conditions and the following disclaimer in the documentation +-# and/or other materials provided with the distribution. +-# * Neither the name of the author, nor the name of the "Jozef Stefan" +-# Institute, nor the names of contributors may be used to endorse or +-# promote products derived from this software without specific prior +-# written permission. +-# +-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +-# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER +-# OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +-# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +-# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +-# OR BUSINESS INTERRUPTION) HOWEVERREADME.protocol CAUSED AND ON ANY THEORY OF LIABILITY, +-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +-# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +-# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +-# +-#(the license above is the new BSD license, and pertains to this program only) +-# +-# Patches and problem reports are welcome. +-# The latest version of this program is available at: +-# http://www.ijs.si/software/amavisd/ +-#------------------------------------------------------------------------------ +- +-use strict; +-use re 'taint'; +-use IO::Socket; +-use Digest::MD5; +-use Time::HiRes (); +- +-use vars qw($VERSION); $VERSION = 1.000; +-use vars qw($socketname); +- +-# $socketname = '127.0.0.1:9998'; +- $socketname = '/var/amavis/amavisd.sock'; +- +-sub sanitize_str { +- my($str, $keep_eol) = @_; +- my(%map) = ("\r" => '\\r', "\n" => '\\n', "\f" => '\\f', "\t" => '\\t', +- "\b" => '\\b', "\e" => '\\e', "\\" => '\\\\'); +- if ($keep_eol) { +- $str =~ s/([^\012\040-\133\135-\176])/ # and \240-\376 ? +- exists($map{$1}) ? $map{$1} : +- sprintf(ord($1)>255 ? '\\x{%04x}' : '\\%03o', ord($1))/eg; +- } else { +- $str =~ s/([^\040-\133\135-\176])/ # and \240-\376 ? +- exists($map{$1}) ? $map{$1} : +- sprintf(ord($1)>255 ? '\\x{%04x}' : '\\%03o', ord($1))/eg; +- } +- $str; +-} +- +-sub do_log($$) { +- my($level, $errmsg) = @_; +- print STDERR sanitize_str($errmsg),"\n"; +-} +- +-sub proto_decode($) { +- my($str) = @_; +- $str =~ s/%([0-9a-fA-F]{2})/pack("C",hex($1))/eg; +- $str; +-} +- +-sub proto_encode($@) { +- my($attribute_name,@strings) = @_; local($1); +- $attribute_name =~ # encode all but alfanumerics, '_' and '-' +- s/([^0-9a-zA-Z_-])/sprintf("%%%02x",ord($1))/eg; +- for (@strings) { # encode % and nonprintables +- s/([^\041-\044\046-\176])/sprintf("%%%02x",ord($1))/eg; +- } +- $attribute_name . '=' . join(' ',@strings); +-} +- +-sub ask_amavisd($$) { +- my($sock,$query_ref) = @_; +- my(@encoded_query) = +- map { /^([^=]+)=(.*)\z/s; proto_encode($1,$2) } @$query_ref; +- do_log(0,'> '.$_) for @encoded_query; +- $sock->print( map { $_."\015\012" } (@encoded_query,'') ) +- or die "Can't write response to socket: $!"; +- $sock->flush or die "Can't flush on socket: $!"; +- my(%attr); +- local($/) = "\015\012"; # set line terminator to CRLF +- # must not use \r and \n, which may not be \015 and \012 on certain platforms +- do_log(0,"waiting for response"); +- while(<$sock>) { +- last if /^\015\012\z/; # end of response +- if (/^ ([^=\000\012]*?) (=|:[ \t]*) ([^\012]*?) \015\012 \z/xsi) { +- my($attr_name) = proto_decode($1); +- my($attr_val) = proto_decode($3); +- if (!exists $attr{$attr_name}) { $attr{$attr_name} = [] } +- push(@{$attr{$attr_name}}, $attr_val); +- } +- } +- if (!defined($_) && $! != 0) { die "read from socket failed: $!" } +- \%attr; +-} +- +-# Main program starts here +- +- die "Usage: amavis.pl sender recip1 recip2 ... < message.txt\n" if !@ARGV; +- my($sock); +- my($is_inet) = $socketname=~m{^/} ? 0 : 1; # simpleminded: unix vs. inet sock +- if ($is_inet) { # inet socket +- $sock = IO::Socket::INET->new($socketname) +- or die "Can't connect to INET socket $socketname: $!"; +- } else { # unix socket +- $sock = IO::Socket::UNIX->new(Type => SOCK_STREAM) +- or die "Can't create UNIX socket: $!"; +- $sock->connect( pack_sockaddr_un($socketname) ) +- or die "Can't connect to UNIX socket $socketname: $!"; +- } +- +- # generate some semi-unique directory name; not good enough for production +- my($ctx) = Digest::MD5->new; # 128 bits (32 hex digits) +- $ctx->add(sprintf("%s %.9f %s", $$, Time::HiRes::time, join(',',@ARGV))); +- my($id) = substr($ctx->b64digest,0,16); $id =~ tr{+/}{-.}; +- +- my($tempdir) = "/var/amavis/amavis-milter-$id"; +- my($fname) = "$tempdir/email.txt"; +- mkdir($tempdir,0750) or die "Can't create directory $tempdir: $!"; +- +- # copy message from stdin to a file email.txt in the temporary directory +- open(F,">$fname") or die "Can't create file $fname: $!"; +- while () { print F $_ or die "Can't write to $fname: $!" } +- close(F) or die "Can't close $fname: $!"; +- +- my(@query) = ( +- 'request=AM.PDP', +- "mail_file=$fname", +- "tempdir=$tempdir", +- 'tempdir_removed_by=server', +- 'sender='.shift @ARGV, +- map {"recipient=$_"} @ARGV, +-# 'protocol_name=ESMTP', +-# 'helo_name=b.example.com', +-# 'client_address=10.2.3.4', +- ); +- my($attr_ref) = ask_amavisd($sock,\@query); +- for my $attr_name (keys %$attr_ref) { +- for my $attr_val (@{$attr_ref->{$attr_name}}) +- { do_log(0,"< $attr_name=$attr_val") } +- } +- # may do another query here if needed ... +- $sock->close or die "Can't close socket: $!"; +- close(STDIN) or die "Can't close STDIN: $!"; +- my($exit_code) = shift @{$attr_ref->{'exit_code'}}; +- $exit_code = 0 if $exit_code==99; # same thing in this case, both is ok +- exit 0+$exit_code; +diff -urNad amavisd-new-2.5.3~/helper-progs/configure.in amavisd-new-2.5.3/helper-progs/configure.in +--- amavisd-new-2.5.3~/helper-progs/configure.in 2008-01-15 04:40:42.000000000 -0500 ++++ amavisd-new-2.5.3/helper-progs/configure.in 1969-12-31 19:00:00.000000000 -0500 +@@ -1,288 +0,0 @@ +-dnl configure.in for Amavisd-new helper-progs +-dnl based on MIMEDefang's configure.in +-dnl Process this file with autoconf to produce a configure script. +-dnl use version 2.13 (configure fails detecting libmilter if running 2.5x) +-dnl start +-AC_INIT +- +- +-AC_PROG_CC dnl Find C compiler +-AC_CHECK_PROGS(AR, ar, no) dnl Check ar exists +-AC_CHECK_PROGS(AWK, awk, no) dnl Check awk exists +-AC_CONFIG_HEADER(config.h) dnl Generate config.h +- +-dnl Add some common directories to PATH in case they are not there +-PATH=$PATH:/usr/local/bin +- +-AC_PATH_PROG(id,id,/usr/bin/id,/usr/local/bin:/bin:/usr/bin:/usr/xpg4/bin:$PATH) +- +-AC_PROG_INSTALL +- +- +-AC_PATH_PROG(NM, nm) +- +-dnl Allow user to tell us where Sendmail is (or will be) +-SENDMAILPROG=no +-AC_ARG_WITH(sendmail, +-[ --with-sendmail=PATH specify location of Sendmail binary], +- SENDMAILPROG=$with_sendmail, SENDMAILPROG=no) +- +- +-dnl Base directory for runtime files (log file, socket, temp dirs) +-runtime_dir=/var/amavis +-AC_MSG_CHECKING([for runtime directory]) +-AC_ARG_WITH(runtime-dir, +- [ --with-runtime-dir=DIR directory for runtime files [/var/amavis]], +- runtime_dir=$withval) +-AC_MSG_RESULT([$runtime_dir]) +-AC_DEFINE_UNQUOTED(RUNTIME_DIR, "$runtime_dir", [ Where all temporary files and directories are created. ]) +-AC_SUBST(runtime_dir) +- +-dnl Path to socket for d/c communication +-AC_MSG_CHECKING([socket name]) +-AC_ARG_WITH(sockname, +- [ --with-sockname=PATH path to socket for daemon/client communication +- [/var/amavis/amavisd.sock]], +- sockname=$withval, sockname=$runtime_dir/amavisd.sock) +- +-AC_MSG_RESULT([$sockname]) +-AC_DEFINE_UNQUOTED(AMAVISD_SOCKET, "$sockname", [ The full path to the socket used for communication between client and daemon. ]) +-AC_SUBST(sockname) +- +- +-dnl Amavis user for file ownership +-AMAVISUSER="" +-AC_ARG_WITH(user, +-[ --with-user=LOGIN use LOGIN as the AMAVISD user], +- AMAVISUSER=$with_user, AMAVISUSER=amavisd) +- +-AC_SUBST(AMAVISUSER) +- +-dnl Amavis-milter header/value +- +-x_header_tag="X-Virus-Scanned" +-AC_MSG_CHECKING([for header_tag]) +-AC_ARG_WITH(x-header-tag, +-[ --with-x-header-tag=X_HEADER_TAG use X_HEADER_TAG as the AMAVISD header tag], +- x_header_tag=$withval) +-AC_MSG_RESULT([$x_header_tag]) +-AC_DEFINE_UNQUOTED(X_HEADER_TAG, "$x_header_tag", [ tag for messages going through amavis-milter ]) +-AC_SUBST(x_header_tag) +- +- +-x_header_val="by amavisd-new" +-AC_MSG_CHECKING([for header_value]) +-AC_ARG_WITH(x-header-val, +-[ --with-x-header-val=X_HEADER_VAL use X_HEADER_VAL as the AMAVISD header value], +- x_header_val=$withval) +-AC_MSG_RESULT([$x_header_val]) +-AC_DEFINE_UNQUOTED(X_HEADER_LINE, "$x_header_val", [ header value for messages going through amavis-milter ]) +-AC_SUBST(x_header_val) +- +-dnl Allow user to tell us where milter includes are +-MILTERINC= +-AC_ARG_WITH(milterinc, +-[ --with-milterinc=PATH specify alternative location of milter includes], +- MILTERINC=$with_milterinc, MILTERINC=) +- +-dnl Allow user to tell us where milter libraries are +-MILTERLIB= +-AC_ARG_WITH(milterlib, +-[ --with-milterlib=PATH specify alternative location of milter libraries], +- MILTERLIB=$with_milterlib, MILTERLIB=) +- +- +- +-dnl Check if compiler allows "-pthread" option, but only if +-dnl we are using GCC +- +-if test "$GCC" = yes ; then +- AC_MSG_CHECKING([whether ${CC-cc} accepts -pthread]) +- echo 'void f(){}' > conftest.c +- if test -z "`${CC-cc} -pthread -c conftest.c 2>&1`"; then +- ac_cv_prog_cc_pthread=yes +- PTHREAD_FLAG="-pthread" +- else +- PTHREAD_FLAG="" +- ac_cv_prog_cc_pthread=no +- fi +- AC_MSG_RESULT($ac_cv_prog_cc_pthread) +- rm -f conftest* +-else +- PTHREAD_FLAG="" +-fi +- +-AC_CHECK_LIB(resolv, res_init) +-AC_CHECK_LIB(socket, htons) +-AC_CHECK_LIB(nsl, gethostbyname) +-LIBS_WITHOUT_PTHREAD="$LIBS" +-AC_SUBST(LIBS_WITHOUT_PTHREAD) +-AC_CHECK_LIB(pthread, pthread_once) +- +-AC_CHECK_FUNCS(snprintf mkdtemp mktemp) +- +-dnl Find sendmail include file. The nasty path is in case you're building +-dnl Sendmail at the same level as MIMEDefang... we want to use that include +-dnl file... +-SMMILTER=`echo ../sendmail-*/include` +-AC_PATH_PROG(MINCLUDE, libmilter/mfapi.h, no, $MILTERINC:$SMMILTER:/usr/include:/usr/local/include:/usr/local/include/sendmail:/opt/local/include) +- +-dnl debugging +-AC_ARG_ENABLE(debugging, [ --enable-debugging Add debugging messages to syslog], ac_cv_debugging=$enableval, ac_cv_debugging=no) +- +-if test "$ac_cv_debugging" = yes ; then +- ENABLE_DEBUGGING=-DENABLE_DEBUGGING +-else +- ENABLE_DEBUGGING= +-fi +- +-dnl find libmilter.a and libsm.a +-SMPATH=`echo ../sendmail-*/obj.*/libmilter` +-AC_PATH_PROG(LIBMILTER, libmilter.a, no, $MILTERLIB:$SMPATH:/usr/local/lib:/lib:/usr/lib:/usr/lib/libmilter) +-SMPATH=`echo ../sendmail-*/obj.*/libsm` +-AC_PATH_PROG(LIBSM, libsm.a, no, $SMPATH:/usr/local/lib:/lib:/usr/lib:/usr/lib/libmilter) +-if test "$LIBSM" = "no" ; then +- # try libsmutil +- unset ac_cv_path_LIBSM +- SMPATH=`echo ../sendmail-*/obj.*/libsmutil` +- AC_PATH_PROG(LIBSM, libsmutil.a, no, $SMPATH:/usr/local/lib:/lib:/usr/lib:/usr/lib/libmilter) +-fi +- +-dnl find Sendmail +-if test "$SENDMAILPROG" = "no" ; then +- AC_PATH_PROG(SENDMAILPROG, sendmail, no, $PATH:/sbin:/usr/sbin:/usr/lib:/usr/libexec) +-fi +- +-dnl rm +-AC_PATH_PROG(RM, rm, no, $PATH) +- +-AC_DEFUN(MD_MILTER_SFIO,[ +- AC_MSG_CHECKING([whether libmilter requires -lsfio]) +- RESULT=`$NM $LIBMILTER | grep sfsprintf` +- if test -z "$RESULT" ; then +- AC_MSG_RESULT(no) +- else +- AC_MSG_RESULT(yes) +- LIBS="$LIBS -lsfio" +- fi +-]) +- +-AC_DEFUN(MD_SM_LDAP,[ +- AC_MSG_CHECKING([whether libsm requires -lldap]) +- RESULT=`$NM $LIBSM | grep ldap_` +- if test -z "$RESULT" ; then +- AC_MSG_RESULT(no) +- else +- AC_MSG_RESULT(yes) +- LIBS="$LIBS -lldap -llber" +- fi +-]) +- +-AC_DEFUN(MD_MILTER_SM,[ +- AC_MSG_CHECKING([whether libmilter requires -lsm]) +- RESULT=`$NM $LIBMILTER | grep sm_strlcpy` +- if test -z "$RESULT" ; then +- AC_MSG_RESULT(no) +- LIBSM="" +- else +- AC_MSG_RESULT(yes) +- LIBS="$LIBS" +- if test "$LIBSM" = "no" ; then +- AC_MSG_WARN([Oops.. I couldn't find libsm.a. Please install Sendmail 8.12]) +- AC_MSG_WARN([and its libraries.]) +- PROBLEM=1 +- else +- MD_SM_LDAP +- fi +- fi +-]) +- +- +-dnl Sanity checks +- +-if test "$LIBMILTER" = "no" ; then +- AC_MSG_WARN([Oops.. I couldn't find libmilter.a. Please install Sendmail 8.12]) +- AC_MSG_WARN([and its libraries. You must run Build in the libmilter/ directory]) +- AC_MSG_WARN([to compiler libmilter.]) +- PROBLEM=1 +-fi +- +-if test "$MINCLUDE" = "no" ; then +- AC_MSG_WARN([Oops.. I couldn't find libmilter/mfapi.h. Please install Sendmail 8.12]) +- AC_MSG_WARN([and its header files.]) +- PROBLEM=1 +-fi +- +-if test "$SENDMAILPROG" = "no" ; then +- AC_MSG_WARN([Oops.. I couldn't find the 'sendmail' program. Please install it.]) +- PROBLEM=1 +-fi +- +-if test "$PROBLEM" = 1 ; then +- exit 1 +-fi +- +-dnl GCC warning level +-if test "$GCC" = yes; then +- if test "`uname -s`" = Linux; then +- dnl CFLAGS="$CFLAGS -Wall -Wstrict-prototypes" +- CFLAGS="$CFLAGS -Wall" +- fi +-fi +- +-dnl Fix up the include stuff +-MINCLUDE=`dirname $MINCLUDE` +-MINCLUDE=`dirname $MINCLUDE` +- +-dnl If MINCLUDE is "/usr/include", do NOT add to include path, because +-dnl this messes up compilation with gcc on Solaris. +-if test "$MINCLUDE" = "/usr/include" ; then +- MINCLUDE="" +-else +- MINCLUDE="-I${MINCLUDE}" +-fi +- +-AC_SUBST(ENABLE_DEBUGGING) +-AC_SUBST(PTHREAD_FLAG) +-VERSION=1.0 +-AC_SUBST(VERSION) +- +-NEED_LIBSM=0 +-dnl Jigger for machines without snprintf +-if test "$ac_cv_func_snprintf" != "yes" ; then +- AC_MSG_RESULT([Your OS lacks snprintf or vsnprintf, but we'll use the]) +- AC_MSG_RESULT([equivalents in $LIBSM]) +- NEED_LIBSM=1 +-fi +- +-dnl Check if our libmilter is old... +-if test "$AR" != "no" ; then +- AC_MSG_CHECKING(whether libmilter must be linked with libsm) +- $AR -t $LIBMILTER | fgrep strl.o > /dev/null 2>&1 +- if test "$?" = 0 ; then +- AC_MSG_RESULT(no) +- else +- AC_MSG_RESULT(yes) +- NEED_LIBSM=1 +- fi +-fi +- +-if test "$NEED_LIBSM" = 1 ; then +- if test "$LIBSM" = "no" ; then +- AC_MSG_ERROR([Problem: we need to link with libsm.a, but I can't find it.]) +- exit 1 +- fi +- LIBS="$LIBSM $LIBS" +-fi +- +- +-AC_OUTPUT(Makefile) +- +- +- -if test "$SENDMAILPROG" != "no" ; then - sendmailversion=`$SENDMAILPROG -bv -d0.1 | $AWK '/Version/ {print $2}'` - echo "" - echo "Info: sendmail version $sendmailversion detected" - echo "" -fi -+#if test "$SENDMAILPROG" != "no" ; then -+# sendmailversion=`$SENDMAILPROG -bv -d0.1 | $AWK '/Version/ {print $2}'` -+# echo "" -+# echo "Info: sendmail version $sendmailversion detected" -+# echo "" -+#fi +diff -urNad amavisd-new-2.5.3~/helper-progs/install-sh amavisd-new-2.5.3/helper-progs/install-sh +--- amavisd-new-2.5.3~/helper-progs/install-sh 2008-01-15 04:40:42.000000000 -0500 ++++ amavisd-new-2.5.3/helper-progs/install-sh 1969-12-31 19:00:00.000000000 -0500 +@@ -1,251 +0,0 @@ +-#!/bin/sh +-# +-# install - install a program, script, or datafile +-# This comes from X11R5 (mit/util/scripts/install.sh). +-# +-# Copyright 1991 by the Massachusetts Institute of Technology +-# +-# Permission to use, copy, modify, distribute, and sell this software and its +-# documentation for any purpose is hereby granted without fee, provided that +-# the above copyright notice appear in all copies and that both that +-# copyright notice and this permission notice appear in supporting +-# documentation, and that the name of M.I.T. not be used in advertising or +-# publicity pertaining to distribution of the software without specific, +-# written prior permission. M.I.T. makes no representations about the +-# suitability of this software for any purpose. It is provided "as is" +-# without express or implied warranty. +-# +-# Calling this script install-sh is preferred over install.sh, to prevent +-# `make' implicit rules from creating a file called install from it +-# when there is no Makefile. +-# +-# This script is compatible with the BSD install script, but was written +-# from scratch. It can only install one file at a time, a restriction +-# shared with many OS's install programs. +- +- +-# set DOITPROG to echo to test this script +- +-# Don't use :- since 4.3BSD and earlier shells don't like it. +-doit="${DOITPROG-}" +- +- +-# put in absolute paths if you don't have them in your path; or use env. vars. +- +-mvprog="${MVPROG-mv}" +-cpprog="${CPPROG-cp}" +-chmodprog="${CHMODPROG-chmod}" +-chownprog="${CHOWNPROG-chown}" +-chgrpprog="${CHGRPPROG-chgrp}" +-stripprog="${STRIPPROG-strip}" +-rmprog="${RMPROG-rm}" +-mkdirprog="${MKDIRPROG-mkdir}" +- +-transformbasename="" +-transform_arg="" +-instcmd="$mvprog" +-chmodcmd="$chmodprog 0755" +-chowncmd="" +-chgrpcmd="" +-stripcmd="" +-rmcmd="$rmprog -f" +-mvcmd="$mvprog" +-src="" +-dst="" +-dir_arg="" +- +-while [ x"$1" != x ]; do +- case $1 in +- -c) instcmd="$cpprog" +- shift +- continue;; +- +- -d) dir_arg=true +- shift +- continue;; +- +- -m) chmodcmd="$chmodprog $2" +- shift +- shift +- continue;; +- +- -o) chowncmd="$chownprog $2" +- shift +- shift +- continue;; +- +- -g) chgrpcmd="$chgrpprog $2" +- shift +- shift +- continue;; +- +- -s) stripcmd="$stripprog" +- shift +- continue;; +- +- -t=*) transformarg=`echo $1 | sed 's/-t=//'` +- shift +- continue;; +- +- -b=*) transformbasename=`echo $1 | sed 's/-b=//'` +- shift +- continue;; +- +- *) if [ x"$src" = x ] +- then +- src=$1 +- else +- # this colon is to work around a 386BSD /bin/sh bug +- : +- dst=$1 +- fi +- shift +- continue;; +- esac +-done +- +-if [ x"$src" = x ] +-then +- echo "install: no input file specified" +- exit 1 +-else +- true +-fi +- +-if [ x"$dir_arg" != x ]; then +- dst=$src +- src="" +- +- if [ -d $dst ]; then +- instcmd=: +- chmodcmd="" +- else +- instcmd=mkdir +- fi +-else +- +-# Waiting for this to be detected by the "$instcmd $src $dsttmp" command +-# might cause directories to be created, which would be especially bad +-# if $src (and thus $dsttmp) contains '*'. +- +- if [ -f $src -o -d $src ] +- then +- true +- else +- echo "install: $src does not exist" +- exit 1 +- fi +- +- if [ x"$dst" = x ] +- then +- echo "install: no destination specified" +- exit 1 +- else +- true +- fi +- +-# If destination is a directory, append the input filename; if your system +-# does not like double slashes in filenames, you may need to add some logic +- +- if [ -d $dst ] +- then +- dst="$dst"/`basename $src` +- else +- true +- fi +-fi +- +-## this sed command emulates the dirname command +-dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` +- +-# Make sure that the destination directory exists. +-# this part is taken from Noah Friedman's mkinstalldirs script +- +-# Skip lots of stat calls in the usual case. +-if [ ! -d "$dstdir" ]; then +-defaultIFS=' +-' +-IFS="${IFS-${defaultIFS}}" +- +-oIFS="${IFS}" +-# Some sh's can't handle IFS=/ for some reason. +-IFS='%' +-set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` +-IFS="${oIFS}" +- +-pathcomp='' +- +-while [ $# -ne 0 ] ; do +- pathcomp="${pathcomp}${1}" +- shift +- +- if [ ! -d "${pathcomp}" ] ; +- then +- $mkdirprog "${pathcomp}" +- else +- true +- fi +- +- pathcomp="${pathcomp}/" +-done +-fi +- +-if [ x"$dir_arg" != x ] +-then +- $doit $instcmd $dst && +- +- if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && +- if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && +- if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && +- if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi +-else +- +-# If we're going to rename the final executable, determine the name now. +- +- if [ x"$transformarg" = x ] +- then +- dstfile=`basename $dst` +- else +- dstfile=`basename $dst $transformbasename | +- sed $transformarg`$transformbasename +- fi +- +-# don't allow the sed command to completely eliminate the filename +- +- if [ x"$dstfile" = x ] +- then +- dstfile=`basename $dst` +- else +- true +- fi +- +-# Make a temp file name in the proper directory. +- +- dsttmp=$dstdir/#inst.$$# +- +-# Move or copy the file name to the temp name +- +- $doit $instcmd $src $dsttmp && +- +- trap "rm -f ${dsttmp}" 0 && +- +-# and set any options; do chmod last to preserve setuid bits +- +-# If any of these fail, we abort the whole thing. If we want to +-# ignore errors from any of these, just make sure not to ignore +-# errors from the above "$doit $instcmd $src $dsttmp" command. +- +- if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && +- if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && +- if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && +- if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && +- +-# Now rename the file to the real destination. +- +- $doit $rmcmd -f $dstdir/$dstfile && +- $doit $mvcmd $dsttmp $dstdir/$dstfile +- +-fi && +- +- +-exit 0 diff -u amavisd-new-2.5.3/debian/patches/45_misc_doc_changes.dpatch amavisd-new-2.5.3/debian/patches/45_misc_doc_changes.dpatch --- amavisd-new-2.5.3/debian/patches/45_misc_doc_changes.dpatch +++ amavisd-new-2.5.3/debian/patches/45_misc_doc_changes.dpatch @@ -5,9 +5,9 @@ ## DP: Misc doc changes @DPATCH@ -diff -urNad unstable~/README_FILES/README.courier unstable/README_FILES/README.courier ---- unstable~/README_FILES/README.courier 2006-11-04 00:42:23.000000000 -0300 -+++ unstable/README_FILES/README.courier 2006-11-04 00:42:44.192140909 -0300 +diff -urNad amavisd-new-2.5.3~/README_FILES/README.courier amavisd-new-2.5.3/README_FILES/README.courier +--- amavisd-new-2.5.3~/README_FILES/README.courier 2008-01-15 04:40:41.000000000 -0500 ++++ amavisd-new-2.5.3/README_FILES/README.courier 2008-01-15 21:54:00.000000000 -0500 @@ -1,3 +1,7 @@ +Debian Note: Rename the start links of amavisd-new to S21, or you +risk trouble. See the last paragraph of this text for more information. @@ -16,50 +16,1916 @@ How to use amavisd-new with Courier *********************************** -diff -urNad unstable~/README_FILES/README.exim_v3 unstable/README_FILES/README.exim_v3 ---- unstable~/README_FILES/README.exim_v3 2006-11-04 00:42:23.000000000 -0300 -+++ unstable/README_FILES/README.exim_v3 2006-11-04 00:42:44.192140909 -0300 -@@ -1,3 +1,9 @@ -+Debian notes: -+ -+1. Install amavisd-new-milter. It contains /usr/sbin/amavis, -+which is required for the following instructions to work. -+--- cut --- -+ - +======================================================================+ - | (Please see instructions in README.exim_v4. The setup described here | - | is not recommended with amavisd-new + Exim v4) | -diff -urNad unstable~/README_FILES/README.milter unstable/README_FILES/README.milter ---- unstable~/README_FILES/README.milter 2006-11-04 00:42:23.000000000 -0300 -+++ unstable/README_FILES/README.milter 2006-11-04 00:42:44.193140788 -0300 -@@ -1,3 +1,24 @@ -+Debian notes: -+ -+1. Install amavisd-new-milter. -+ -+2. The postinst script needs to add lines to one's sendmail.mc file that -+tell it how to communicate with a milter program, e.g.: -+ -+define(`MILTER',1) -+INPUT_MAIL_FILTER(`/usr/sbin/amavis-milter',`S=local:/var/lib/amavis/amavisd-new-milter.sock, F=T, T=S:10m;R:10m;E:10m') -+ -+Run sendmailconfig. -+ -+3. Change/replace the following settings in /etc/amavis/amavisd.conf: -+ -+$unix_socketname = "/var/lib/amavis/amavisd.sock"; -+$forward_method = undef; -+$notify_method = $notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -i -odd -f ${sender} -- ${recipient}'; -+ -+Contributed and adapted from Susan Kleinmann . -+[End of Debian Notes] -+ - =============================================================================== - NOTE: - A recommended sendmail setup is described in file README.sendmail-dual, -diff -urNad unstable~/amavisd.conf-default unstable/amavisd.conf-default ---- unstable~/amavisd.conf-default 2006-11-04 00:42:23.000000000 -0300 -+++ unstable/amavisd.conf-default 2006-11-04 00:42:44.191141030 -0300 +diff -urNad amavisd-new-2.5.3~/README_FILES/README.exim_v3 amavisd-new-2.5.3/README_FILES/README.exim_v3 +--- amavisd-new-2.5.3~/README_FILES/README.exim_v3 2008-01-15 04:40:41.000000000 -0500 ++++ amavisd-new-2.5.3/README_FILES/README.exim_v3 1969-12-31 19:00:00.000000000 -0500 +@@ -1,256 +0,0 @@ +-+======================================================================+ +-| (Please see instructions in README.exim_v4. The setup described here | +-| is not recommended with amavisd-new + Exim v4) | +-+======================================================================+ +- +- +- +-See also: +- http://ente.limmat.ch/linux/exim_v3_-_amavisd-new.html +- http://bugs.debian.org/213422 +- +- +-How To Use AMaViS With exim +-*************************** +- +- +-Exim 3.x +-******** +- +-Scanning incoming mail only +-=========================== +- +-First of all, create the group "amavis" and the user "amavis", which +-is in this group. Add the user amavis to your trusted users, so in the +-MAIN CONFIGURATION SETTINGS add the following line +- +-trusted_users = amavis +- +-(or, if this line already exists simply add amavis, separated with a +-colon). +- +-In the TRANSPORT CONFIGURATION, add the following: +- +-amavis: +- driver = smtp +- port = 10024 +- hosts = 127.0.0.1 +- allow_localhost +- +-Here below is an old variant of a transport which uses a pipe to a helper +-program amavis(.c). As feeding to amavisd-new with SMTP is easier and +-possibly faster, the pipe via helper setup is not recommended - it is +-included here for the curious: +- +-# amavis: +-# driver = pipe +-# command = "/usr/sbin/amavis <${sender_address}> ${pipe_addresses}" +-# prefix = +-# suffix = +-# check_string = +-# escape_string = +-# # for debugging change return_output to true +-# return_output = false +-# return_path_add = false +-# user = amavis +-# group = amavis +-# path = "/bin:/sbin:/usr/bin:/usr/sbin" +-# current_directory = "/var/amavis" +- +-At the *beginning* of the DIRECTORS CONFIGURATION, add the following: +- +-amavis_director: +- condition = "${if eq {$received_protocol}{scanned-ok} {0}{1}}" +- driver = smartuser +- transport = amavis +- # verify must be set to false, to avoid troubles with receiver and/or +- # sender verify +- verify = false +- +- +-NOTE: Please keep in mind that the ORDER matters! +- +-Scanning incoming/outgoing and relayed mail +-=========================================== +- +-Scanning of outgoing mail is also possible (based on a contribution +-by John Burnham). +- +-Additionally to the steps mentioned at the "Scanning incoming mail only" +-section, do the following: +- +-At the *beginning* of the ROUTERS CONFIGURATION, add the following +- +-amavis_router: +- condition = "${if eq {$received_protocol}{scanned-ok} {0}{1}}" +- driver = domainlist +- route_list = "*" +- transport = amavis +- # verify must be set to false, to avoid troubles with receiver and/or +- # sender verify +- verify = false +- +- +- +-The configure script should be called with the option +---enable-exim. Well, it is enabled by default if the MTA qmail is not +-installed on the system. +- +-NOTE: if the MTA qmail is installed on your system, too, you *MUST* +-add --disable-qmail +- +-NOTE: do not forget to set up an (eMail) alias for "amavis" to a real +-user account. If you used --with-notifyreceivers, and a user sends a +-mail to an non-existent remote user, the bounce message from the +-remote MTA will be send to pseudo-user amavis. +- +-Note: If you want to add a "X-Virus-Scanned" header you can do this in +-your exim configuration, too. Use the headers_add option in the +-amavis TRANSPORT CONFIGURATION, i.e. headers_add = +-"X-Virus-Scanned: by AMaViS (http://amavis.org/)" +- +- +-Exim 4.x +-******** +- +-+======================================================================+ +-| (Please see instructions in README.exim_v4. The setup described here | +-| is not recommended with amavisd-new + Exim v4) | +-+======================================================================+ +- +- +-The setup is very similar to the Exim 3.x one, so you should read +-this section first. +- +- +-# trusted users +-trusted_users = amavis +- +- +-Routers configuration: +-# in routers: +- +-amavis_router: +- condition = "${if eq {$received_protocol}{scanned-ok} {0}{1}}" +- driver = accept +- transport = amavis +- # verify must be set to false, to avoid troubles with receiver and/or +- # sender verify +- verify = false +- +- +-Transport configuration: +- +-After the +- +-remote_smtp: +- driver = smtp +- +-entry, add the following entry +- +-amavis: +- driver = smtp +- port = 10024 +- hosts = 127.0.0.1 +- allow_localhost +- +-Or the old variant via pipe to amavis(.c) helper program (not recommended): +- +-# amavis: +-# driver = pipe +-# command = "/usr/sbin/amavis <${sender_address}> ${pipe_addresses}" +-# # for debugging change return_output to true +-# return_output = false +-# return_path_add = false +-# user = amavis +-# group = amavis +-# path = "/bin:/sbin:/usr/bin:/usr/sbin" +-# current_directory = "/var/amavis" +- +- +-(based on a mail to exim-users by Niels Dettenbach) +- +- +-AMaViS via exim system filter +-***************************** +- +-This setup has not been tested by the AMaViS team yet. Feedback on this +-is very welcome! Based on a mail from Dariusz Sznajder to the amavis- +-user mailing list (http://marc.theaimsgroup.com/?l=amavis-user&m=102861263206738&w=2) +- +-In exim/configure I have: +- [...] +- system_filter = /etc/exim.filter +- system_filter_pipe_transport = amavis_pipe +- +- [...] +- amavis_pipe: +- driver = pipe +- user = amavis +- return_output +- headers_add = ${if def:authenticated_id {X-Authenticated-Sender: $authenticated_id}{}} +- +- [...] +- +-/etc/exim.filter +- # Exim filter +- +- # drop out error messages here +- if $received_protocol is "scanned-ok" +- then +- finish +- endif +- +- pipe "/usr/sbin/amavis \"$sender_address\" \"$recipients\"" +- +- +-AMaViS has to be configured as ./configure --enable-exim +- +- +- +-FAQ +---- +- +-Q: Whenever I am receiving many mails in large batches (i.e. via +-UUCP or fetchmail), the system load on the machine on which AMaViS +-runs climbs to a level that renders the machine virtually unusable. +-How do I prevent such behaviour? +- +-A: The reason for the high load is that one AMaViS process (and in +-turn AMaViS' children processes) are started for every message that is +-received. The obvious solution is to limit the number of AMaViS +-processes that are started simultaniously. +- +-AMaViS does not currently support this itself, but every sensible MTA +-does. Moreover, it makes sense to limit the number of messages that an +-MTA can deliver at one time, to prevent mail server death by spamming. +- +-For Exim, the configuration keywords to look for are deliver_load_max, +-deliver_queue_load_max, and queue_only_load which control whether +-mails are delivered (read: passed to AMaViS) or queued only under high +-load. More detailed information can be found in the Exim +-Specification. +- +- +-Credits +-------- +-Philip Hazel, Marc Haber, John Burnham, Jeffrey C. Ollie, Hilko Bengen, +-Niels Dettenbach, Dariusz Sznajder +- +- +-TODO +----- +- +-* whatever you whish to add here :-) +- +-Author +------- +-Rainer Link +-eMail: Rainer.Link@suse.de +-WWW: http://rainer.w3.to +- +-Please send bug reports, questions, suggestions and more directly to +-the author. Thanks :-) +- +-Updated by Mark Martinec, based on suggestion +-in http://bugs.debian.org/213422 from Enrico +diff -urNad amavisd-new-2.5.3~/README_FILES/README.exim_v3_app amavisd-new-2.5.3/README_FILES/README.exim_v3_app +--- amavisd-new-2.5.3~/README_FILES/README.exim_v3_app 2008-01-15 04:40:41.000000000 -0500 ++++ amavisd-new-2.5.3/README_FILES/README.exim_v3_app 1969-12-31 19:00:00.000000000 -0500 +@@ -1,115 +0,0 @@ +-Date: Wed, 03 Sep 2003 23:17:12 +0200 +-From: Andreas Zeidler +-Subject: [AMaViS-user] smtp only setup with exim 3.x (request for comments) +-To: AMaViS-user +-Message-id: <20030903211712.GA12537@kreativkombinat.de> +- +-hi, +- +-during the last two days i've finally found some time to setup +-amavisd-new with exim v3, clamav and spamassassin. after looking +-around the web for a sample configuration, i found some remarks about +-shortcomings of the amavis.c approach [1]. that is, feeding the mail in +-question to amavisd by defining a transport like ... +- +- amavis: +- driver = pipe +- command = "/usr/sbin/amavis ${sender_address} ${pipe_addresses}" +- +-also, judging from the comments in amavisd.conf, it seemed to me that +-returning the now checked mail by... +- +- $forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr +- scanned-ok -i -f ${sender} -- ${recipient}'; +- +-is not preferable to using regular smtp. while i've read about those +-problems, i do not know under which exact circumstances the above +-methods would cause trouble. +- +-anyway, putting together several pieces and reading the exim +-documentation i've come up with a setup that uses smtp both ways and +-seems to work fine so far (it's been running for some 24 hours on our +-mail server now). so, the reason i'm writing is that i'd like some +-comments about this setup, since i wouldn't know enough details to be +-sure there are no other problems with it. +- +-following are the relevant parts from the configuration of amavisd and +-exim. clamd and spamd are installed with their respective default +-configuration. the transport is defined as... +- +- amavis: +- driver = smtp +- hosts = localhost +- port = 10024 +- allow_localhost +-# transport_filter = "/usr/bin/spamc" +- +-which causes exim to relay the mail to amavisd listening on the local +-port 10024 (the default). thanks to a (indeed) neat suggestion [2] +-the need for a second round-trip through spamassassin and several more +-(exim) drivers is gone by using spamc as a transport filter. also, the +-generated spam-headers are conserved nicely. +- +-the transport method for the way back is defined (in amavisd.conf), +-so that the mail is re-injected into exim on the regular smtp port. +-afaik exim 3.3 doesn't support listening on several ports at once, +-so port 10025 is not possible... +- +- $forward_method = 'smtp:127.0.0.1:25'; +- $notify_method = $forward_method; +- $localhost_name = "amavis"; +- $relayhost_is_client = 0; +- +-the 'localhost_name' setting is necessary in order to distinguish +-amavis from other processes using smtp via localhost. the director +-is defined accordingly... +- +- amavis_director: +- condition = "${if and {{eq {$sender_host_address}{127.0.0.1}} \ +- {eq {$sender_helo_name}{amavis}}} {0}{1}}" +- driver = smartuser +- transport = amavis +- verify = false +- +-the condition tests against the helo name provided by amavis and set +-up in amavisd.conf as described above. at the same time this is the +-only flaw i can see with this setup so far. a local user could use +-this helo name to prevent the mail from being scanned by amavis, but +-on the other hand that's also possible with the suggested setup for +-exim 4.x (re-injecting through port 10025). also, at least on our +-mail server local users are pretty rare, so that's no problem... +- +-for exim to receive a proper sender address it is also necessary +-to make the user running amavisd trusted... +- +- trusted_users = mail:amavis +- +-finally, if outgoing mail should be scanned as well, a possible +-definition for a route could be... +- +- amavis_router: +- condition = "${if and {{eq {$sender_host_address}{127.0.0.1}} \ +- {eq {$sender_helo_name}{amavis}}} {0}{1}}" +- driver = domainlist +- transport = amavis +- route_list = "* localhost byname" +- verify = false +- self = send +- +-i think that's about everything relevant. like i said, this setup +-is working fine here so far. what do you think? would this be +-an okay way to run things or are there problems to be expected? +- +-take care, +- +- +-andi +- +-[1] http://marc.theaimsgroup.com/?t=103014542500001&r=1&w=2 +-[2] http://marc.theaimsgroup.com/?l=exim-users&m=102977722707468&w=2 +- +--- +-Kreativkombinat GbR +-Konrad-Adenauer-Allee 25 * 86150 Augsburg +-Telefon +49 821 4441269 * Fax +49 821 4401310 +-Web http://www.kreativkombinat.de/ +diff -urNad amavisd-new-2.5.3~/README_FILES/README.milter amavisd-new-2.5.3/README_FILES/README.milter +--- amavisd-new-2.5.3~/README_FILES/README.milter 2008-01-15 04:40:41.000000000 -0500 ++++ amavisd-new-2.5.3/README_FILES/README.milter 1969-12-31 19:00:00.000000000 -0500 +@@ -1,316 +0,0 @@ +-=============================================================================== +-NOTE: +- A recommended sendmail setup is described in file README.sendmail-dual, +- which describes a dual-MTA setup. The sendmail milter setup as described +- in this file works as well, but with some functionality limitations. +- Please see the introduction section in README.sendmail-dual when deciding +- between milter setup and a dual-MTA setup. +-=============================================================================== +- +-NOTE1: +- these instructions describe the amavisd-0.1 installation, +- but apply in large degree to amavisd-new as well. +- +- Don't forget to set the $forward_method to undef +- in amavisd.conf, and adjust the $notify_method. +- Also, the $final_*_destiny may use D_REJECT if desired. +- +-NITE2: +- a rewrite by Petr Rehor of the helper program amavis-milter.c to use +- the new AM.PDP protocol (README.protocol) is available as a separate +- project, see: http://sourceforge.net/projects/amavisd-milter/ +- in FreeBSD ports collection: security/amavisd-milter +- +-How To use AMaViS With sendmail/libmilter +-***************************************** +- +-General Notes +-============= +- +-By Rob MacGregor +- +-SECURITY +- MILTER is designed such that milter applications do not need to +- run as root. By not running amavis as root you improve security. +- Simply put, nothing that can run as an account other than root +- should be run as root. +- +- However, it's important to ensure that you run your virus scanners +- and both parts of amavis (amavisd and amavis-milter) as the same +- group. It's worth giving daemonised virus scanners a different +- account, just to reduce the chance that the scanner modifies the +- message. If you don't do this then you'll run into permission +- problems. The account that you run amavis as *MUST* own the +- /var/amavis directory and the quarantine directory (usually +- /var/virusmails). +- +- Now, create the following account for amavisd and amavis milter: +- +- amavis (group amavis) +- +- If you use daemonised virus scanners then it is worth creating a +- separate account for them: +- +- vscan (group amavis) +- +-GENERAL +- If you run into problems first check the FAQ at: +- http://www.amavis.org/amavis-faq.php3 +- and the list archive at: +- http://marc.theaimsgroup.com/?l=amavis-user&r=1&w=2 +- before asking questions on the list. It's highly likely somebody +- has already come across the same problem and it's been solved. +- +- Oh, and don't forget to RTFM :-) +- +-SOCKETS +- Amavis uses 2 sockets for communications. One is for communication +- between sendmail and amavis-milter process (amavis-milter.sock). +- The protocol spoken over this socket is MILTER. +- +- The other is for communication between the 2 parts of amavis +- (amavisd.sock), i.e. between amavis-milter process and amavisd daemon. +- A protocol over this socket is _not_ MILTER, but a private amavis +- protocol. +- +- The first socket is fixed and cannot be changed (short of editing +- the source). The second can be changed by the configure command. +- However if you set it to the same as the sendmail-amavis socket +- strange things will happen. You should receive a message in the +- log of amavisd-new that indicates what the problem is, e.g.: +- RX_tempdir FAILED, retry: Invalid temporary directory '\000\000\000\rO'. +- Other versions of amavis may not produce any such warnings. +- +- The short version is: +- +- 1) Don't change the socket details unless you know what you're +- doing. +- 2) If you do change the socket name, don't use the name of the +- other socket. +- +-CENTRALISING SCANNING (From Dibo ) +- If you want to place milter-amavis along with amavis daemon +- on another host, or just prefer inet sockets to Unix sockets, +- pick a free port number above 1024, and change: +- +- - in file sendmail.mc in the call to the macro INPUT_MAIL_FILTER +- replace: S=local:/var/amavis/amavis-milter.sock +- with: S=inet:port@hostname +- +- (substituting 'port' with your chosen port number, +- and substituting host name or IP address in place of 'hostname' +- to specify the host on which milter-amavis daemon is running) +- +- - when starting milter-amavis process, change the value of +- it's option -p: +- replace -p local:/var/amavis/amavis-milter.sock +- with: -p inet:port@0.0.0.0 +- +- (substituting 'port' with your chosen port number, +- and optionally limiting the bind address (0.0.0.0) with the +- desired interface, e.g. 127.0.0.1 to limit bind to the +- loopback address) +- +- +-Sendmail 8.12.x +-=============== +- +-By Rob MacGregor +- +-NOTE: Ensure you're running Sendmail 8.12.10 or later. Earlier +- versions all have a remotely exploitable vulnerability +- (see CERT Advisory CA-2003-25 and other advisories). +- +-Add the following to /devtools/Site/site.config.m4: +- +- APPENDDEF(`confENVDEF', `-DMILTER') +- +-Then build sendmail. If you've already built sendmail, clean the old +-tree by doing "rm -fr obj.*" in the sendmail source directory, or run +-"./Build -c". Once sendmail has finished building go into the +-following directories under the sendmail source directory and do a +-"make" and "make install": +- +- libmilter +- libsm +- libsmutil +- +-Copy the .a files from under obj.*/libsm and obj.*/libsmutil to +-somewhere the linker can find them (/usr/lib, /usr/local/lib or +-similar). +- +- +-Building AMAVIS(d) +-================== +- +-IMPORTANT: Versions of AMAVISd before 0.1 use a different configure +- command line. If you're running an older version then UPGRADE. +- +-Assuming you've copied the libraries to /usr/lib configure amavis(d) +-with "--enable-milter --with-milter-includes=/usr/include +---with-milter-libs=/usr/lib" DO NOT USE the "--enable-relay", +-"--enable-smtp" or "--with-origconf" options. +- +-IMPORTANT: Unless you REALLY understand EXACTLY what you're doing, +- leave the --with-sockname option alone. The default is correct +- and changing it may cause you problems. +- +-When you run configure check that you see the following lines: +- +- checking for sm_errstring in -lsm... yes +- checking for sm_strlcpy in -lsm... yes +- checking for libmilter/mfapi.h... yes +- checking for smfi_main in -lmilter... yes +- We will use libmilter as the MTA +- +-The summary should include: +- +- Configured for use with: libmilter +- Configuration type: sendmail/milter +- +-If you don't see this, check that you've put the libmilter.a, libsm.a +-and libsmutil.a files in a location the linker can find (see above). +-Check that you've specified the correct paths to the libraries and +-header files. +- +-For building amavisd-new, see files README, INSTALL, and +-helper-progs/README in its distribution. +- +- +-Finishing Sendmail 8.12.x +-========================= +- +-In the sendmail.mc file add the following two entries (the first one +-is mandatory): +- +- INPUT_MAIL_FILTER(`milter-amavis', +- `S=local:/var/amavis/amavis-milter.sock, F=T, T=S:10m;R:10m;E:10m') +- define(`confMILTER_MACROS_ENVFROM', +- confMILTER_MACROS_ENVFROM`, r, b') # supply macros b,r to helper +- +-Now rebuild your sendmail.cf file and install it (usually +-/etc/mail/sendmail.cf). +- +-Start amavisd and then sendmail. Below is a suitable amavis startup +-script for a Linux type system. Check syslog for messages (probably +-/var/log/mail or /var/log/mail/info). You should see something like: +- +-Oct 18 16:45:19 host amavis[24606]: starting. amavisd 0.1 Sat Jul 28 10:03:56 UTC 2001 +-Oct 18 16:45:20 host sm-msp-queue[24618]: starting daemon (8.12.9): queueing@01:00:00 +-Oct 18 16:45:26 host sm-mta[24631]: starting daemon (8.12.9): SMTP+queueing@01:00:00 +- +-The following options can be passed to amavis-milter (0.1.1 or later) +-to change the default behaviour: +- +- -x From 0.1.1 this DISABLES the X_HEADER insertion. +- -d Disable automatic daemonising of the client. +- All logging is now performed to stderr instead of stdout. +- -v Increases the verbosity of the logging, can be repeated +- for greater verbosity +- -g Sets the group the client runs as (the amavis account, +- or your chosen account, MUST be a member of this group). +- Normally this group will be "smmsp". This is designed +- for when you run sendmail as non-root and isn't +- normally required. See the amavis-milter(1) man page +- for full details. +- +- +-PERFORMANCE NOTES +-================= +- +-Ok, strictly speaking generic, but always useful. +- +-You can (possibly) boost performance in a number of simple ways: +- +- * Use a daemonised scanner. This way a new copy of the scanner doesn't +- have to be launched for every message. Examples include Sophos+Sophie, +- Trend+Trophie and ClamAV. +- +- * Use separate disks/controllers for the amavis spool (/var/amavis) and +- the sendmail spool (/var/spool/...). +- +- * Put amavis on another system (assuming you've got a fast network). This +- is particularly useful if your mail server is already I/O or processor +- bound. +- +- * Use memory based file systems (TMPFS in Linux and Solaris, MFS in +- (Free)BSD) for the amavis spool (/var/amavis). Don't do this for the +- quarantine directory and don't do it for the sendmail spool without +- reading the tuning section in the Sendmail (Bat) book (3rd edition) +- by O'Reilly. +- +- * It's worth doing some simple checks to see if you're running out of +- memory or maxing out the processor or disk I/O. The "top" command +- gives you a start on gathering this information. +- +- +->>>START /etc/rc.d/init.d/amavisd (or wherever it lives on your system)>>> +-#!/bin/sh +-# +-# chkconfig: 2345 70 30 +-# description: AMAVISd is an anti-virus scanning interface for \ +-# common mail servers. +- +-# Source amavis configureation. +-if [ -f /etc/sysconfig/amavis ] ; then +- . /etc/sysconfig/amavis +- else +- AMAVIS_ACCOUNT=amavis +- MILTER_SOCKET=/var/amavis/amavis-milter.sock +- MILTER_FLAGS="" # Set the options you want passed to amavis-milter +-fi +- +-# See how we were called. +-case "$1" in +- start) +- # Start daemons. +- echo -n "Starting amavis-milter: " +- rm -fr /var/amavis/amavis*.sock +- su - ${AMAVIS_ACCOUNT} -c /usr/sbin/amavisd +- sleep 5 +- su - ${AMAVIS_ACCOUNT} -c "/usr/sbin/amavis-milter ${MILTER_FLAGS} -p local:${MILTER_SOCKET}" +- RETVAL=$? +- if [ $RETVAL -eq 0 ]; then +- echo " [ OK ] " +- touch /var/lock/subsys/amavis +- else +- echo " [ FAIL ] " +- fi +- ;; +- stop) +- # Stop daemons. +- echo -n "Shutting down amavis-milter: " +- if [ -f /var/amavis/amavisd.pid ]; then +- # *** PAY ATTENTION *** +- # pkill only seems to exist in LINUX, whereas the -m option to killall only exists in BSD. +- # You may have to modify the following commands depending on your system. +- if [ -e /usr/bin/pkill ]; then +- /usr/bin/pkill amavis-milter +- else +- killall -m amavis-milter +- fi +- su - ${AMAVIS_ACCOUNT} -c /usr/sbin/amavisd stop +- echo " [ OK ] " +- else +- echo " [ FAIL ] " +- fi +- +- rm -f /var/lock/subsys/amavis +- ;; +- restart|reload) +- $0 stop +- $0 start +- RETVAL=$? +- ;; +- *) +- echo "Usage: amavis {start|stop|restart}" +- exit 1 +-esac +-<< +- Last updated 8 March 2004 by Mark Martinec (added milter macro {b}) +diff -urNad amavisd-new-2.5.3~/README_FILES/README.sendmail amavisd-new-2.5.3/README_FILES/README.sendmail +--- amavisd-new-2.5.3~/README_FILES/README.sendmail 2008-01-15 21:54:00.000000000 -0500 ++++ amavisd-new-2.5.3/README_FILES/README.sendmail 1969-12-31 19:00:00.000000000 -0500 +@@ -1,329 +0,0 @@ +-=============================================================================== +-NOTE: +- this file is rather old and not well maintained. +- +- A recommended sendmail setup is described in file README.sendmail-dual, +- which describes a dual-MTA setup. The sendmail milter setup as described +- in README.milter works as well, but with some functionality limitations. +-=============================================================================== +- +- +-AMaViS & sendmail +-***************** +- +-Scanning only incoming mail +---------------------------- +- +-The amavis script is designed to be used in the sendmail.cf configuration +-file in a similar way to how tcpd is used in /etc/inetd.conf. +- +-Amavis helper program receives sender ($f) and recipients ($u) from the +-command line, and the other arguments after '--' should be the original +-local delivery agent with original arguments. Amavis will run the original +-command after scanning for viruses if mail is clean. +- +-As most people generate sendmail.cf from a m4 file (we assume sendmail.mc), +-you should add the following just before the MAILER definitions: +- +-MODIFY_MAILER_FLAGS(`LOCAL',`-r')dnl +-define(`LOCAL_MAILER_ARGS',`amavis $f $u --' LOCAL_MAILER_PATH `-d $u')dnl +-define(`LOCAL_MAILER_PATH',`/usr/local/sbin/amavis')dnl +- +-The resulting Mlocal mailer entry could look like: +- +-Mlocal, P=/usr/local/sbin/amavis, F=lsDFMAw5:/|@qPmn9S, +- S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, +- T=DNS/RFC822/X-Unix, U=root:amavis, +- A=amavis $f $u -- /usr/libexec/mail.local -d $u +- +-The user and group may be specified with the U option to the mailer. +-The group name in 'U=root:amavis' should match the chosen group name +-of the daemon amavisd(-new). +- +-This setup is probably the trickiest of them all to get right +-because of the conflicting daemon UID and file permission requirements +-of the different components in play. The amavisd daemon should not be +-running as root for security reasons, whereas the mail.local LDA needs +-privileges to access user mailboxes. Running amavis helper program +-as root:amavis retains root privileges for the helper program, while +-still alowing amavisd daemon process to access the temporary directory +-in the same group, even if not running as root. +- +- +-Scanning incoming/outgoing and relayed mail +-------------------------------------------- +- +- The concept for scanning incoming/outgoing and relayed mail is +-different from the concept described in the AMaViS documentation. +-If you are running a newer version of sendmail (8.10.0 or better), +-we recommend to use the milter API. See README.milter for details. +- +- We use two different setups (.cf files) for sendmail, one is the original +-configuration, the second has a different Queue-Directory, another status +-file and most important a changed Rule Set 0 and the Mailer Definition AMaViS, +-so that AMaViS is always called first. If no virus is detected, we pass +-the mail to sendmail again, but advise it to use the original configuration. +- +- Note: I assume that sendmail.cf is in /etc - on your system it may be +-in /etc/mail +- +- Setting it up in easy 5 steps (without the m4 way) +-(please *read* the example configuration section below, too!): +- +-Step 1: Copy your /etc/sendmail.cf file to /etc/sendmail.orig.cf +-Step 2: Change sendmail.cf manually +- +-a) open /etc/sendmail.cf in your favorite editor +- +-b) change the queue directory, i.e. to +-O QueueDirectory=/var/spool/mqamavis +- +-c) change the status file, i.e. to +-O StatusFile=/var/log/amavis.st +- +-d) change rule set 0 to +-R$* $: $>Parse0 $1 initial parsing +-R<@> $#local $: <@> special case error msgs +-R$* $: $>98 $1 handle local hacks +-R$* $#amavis $:$1 +-#R$* $: $>Parse1 $1 final parsing +- +-Be careful of tabs, so here's the code again, instead of [tab] press +-the tab key :-) +- +-R$*[tab][tab]$: $>Parse0 $1[tab][tab]initial parsing +-R<@>[tab][tab]$#local $: <@>[tab][tab]special case error msgs +-R$*[tab][tab]$: $>98 $1[tab][tab]handle local hacks +-R$*[tab][tab]$#amavis $:$1 +-#R$*[tab][tab]$: $>Parse1 $1[tab][tab]final parsing +- +-Add the new mailer definition: +-Mamavis, P=/usr/sbin/amavis, F=nmlsACDFMS5:/|@qhP, S=0, R=0, +- T=DNS/RFC822/X-Unix, U=amavis:amavis, +- A=amavis $f $u +- +-[Step 3, with older amavis: do a ./configure --enable-relay --enable-sendmail, +- make and make install (you may add some more flags to configure)] +- +-Step 3, with amavisd-new: change the settings of $forward_method and +-$notify_method in /etc/amavisd.conf: +- $forward_method= 'pipe:flags=q argv=/usr/sbin/sendmail -i -f ${sender} -- ${recipient}'; +- $notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -i -f ${sender} -- ${recipient}'; +- +-Step 4: Create /var/spool/mqamavis with the same permissions as +-/var/spool/mqueue but owner and group should be amavis +- +-Step 5: Restart sendmail, i.e. killall -HUP sendmail or with SuSE Linux +-rcsendmail restart +- +- +- +- Setting it up in easy 7 steps - doing it the m4 way +- (please *read* the example configuration section below, too!) +- +-Step 1: Copy your /etc/sendmail.cf file to /etc/sendmail.orig.cf +-Step 2: Copy the provided doc/amavis.m4 file to /usr/share/sendmail/mailer +- (this is the location for a SuSE Linux system ... please have a +- look at your .mc file for the "include" macro. It tells you +- in which path your sendmail m4 stuff is located. Don't forget +- to put amavis.m4 into the mailer/ directory and not the m4/ dir) +-Step 3: Copy your .mc file, used for generating sendmail.cf, to amavis.mc +-Step 4: Change amavis.mc +- +-a) in front of the OSTYPE definition, add +-define(`QUEUE_DIR',`/var/spool/mqamavis')dnl +-define(`STATUS_FILE',`/var/log/amavis.st')dnl +- +-b) add the amavis mailer to the MAILER definitions +-MAILER(`amavis')dnl +- +-[Step 5, with older amavis: do a ./configure --enable-relay --enable-sendmail, +- make and make install (you may add some more flags to configure) ] +- +-Step 5, with amavisd-new: change the settings of $forward_method and +-$notify_method in /etc/amavisd.conf: +- $forward_method= 'pipe:flags=q argv=/usr/sbin/sendmail -i -f ${sender} -- ${recipient}'; +- $notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -i -f ${sender} -- ${recipient}'; +- +-Step 6: Create /var/spool/mqamavis with the same permissions as +-/var/spool/mqueue but owner and group should be amavis +- +-Step 7: Restart sendmail, i.e. killall -HUP sendmail or with SuSE Linux +-rcsendmail restart +- +- +- +-Additional information (please read!) +-************************************* +- +-NOTE: If you decided to copy your original sendmail.cf to another +-filename than sendmail.orig.cf, you have to specificy the filename +-with --with-orig-conf= +- +-NOTE: This configuration could be made simpler if /etc/sendmail.cf remained +-untouched, and sendmail could be started simply with +-sendmail -bd -C/etc/amavis.cf. But for security reasons, sendmail refuses +-the -C flag if started as root. Therefore, we have to patch sendmail.cf +-and rename the original file. +- +-IMPORTANT NOTE: please have closer look at the mailer definition, especially +-the F equate (the mailer flags). You may copy the F= stuff out from your +-original sendmail.cf file, but be careful! You must not use the f flag. +-You may also add the A flag, otherwise "newaliases" will yell "cannot alias +-non-local names". +- +-NOTE: This concept should be considered *experimental*. +- +-NOTE: If mail is deferred, it may get stuck in the queue (this may happen +-if a delivery attemp fails). Calling +-/usr/sbin/sendmail -C /etc/sendmail.orig.cf -q via cron is a good idea. +-Another solution is to call +-/usr/sbin/sendmail -q5m -C /etc/mail/sendmail.orig.cf +-In this example, the mail queue is flushed every 5 minutes. +- +- +-EXAMPLE CONFIGURATION (sendmail 8.9.3) +--------------------------------------- +- +-Here's the configuration I use on my SuSE Linux system with sendmail 8.9.3 +-(for sendmail 8.11 see below). +-AMaViS is run as user amavis, group amavis and therfore /var/spool/mqamavis +-is owned by amavis:amavis +- +-/etc/sendmail.cf: +- +- +-* I use the following mailer defintion +-Mamavis, P=/usr/sbin/amavis, F=nmlsACDFMS5:/|@qhP, S=0, R=0, +- T=DNS/RFC822/X-Unix, U=amavis:amavis, +- A=amavis $f $u +- +- +-/etc/sendmail.orig.cf: +-* to get rid off the X-Authentification-Warning "Processed by amavis +-with -C /etc/sendmail.orig" and "Processed from queue /var/spool/mqueue" +-I removed authwarnings from PrivacyOptions, so +-O PrivacyOptions=novrfy,noexpn +- +-NOTE: The "goaway" option is another PrivacyOption. The "goaway" option +-implies the "authwarnings" option, so with "goaway" you'll get the +-X-Authentification-Warning. +- +- +-/var/spool/mqueue and /var/spool/mqamavis is owned by amavis. +- +-NOTE: as amavis is run as user amavis, /var/lib/amavis/virusmails must be owned +-by amavis and you have to specify a location for the AMaViS logfile +-that is writable by user amavis, if writing to a log file directly +-(not via syslog). +- +-NOTE: As sendmail will perform most tasks as user amavis now, it may +-not be able to read the users .forward file anymore! You may consider +-changing the permissions for the home directories, i.e. access rights +-for others. +- +- +-EXAMPLE CONFIGURATION (sendmail 8.11) +--------------------------------------- +- +-Here's the configuration I use on my SuSE Linux system with sendmail 8.11. +-AMaViS is run as user amavis, group amavis. +- +-/etc/mail/sendmail.cf: +- +- +-* I use the following mailer defintion +-Mamavis, P=/usr/sbin/amavis, F=nmlsACDFMS5:/|@qhP, S=0, R=0, +- T=DNS/RFC822/X-Unix, U=amavis:amavis, +- A=amavis $f $u +- +- +-Note: The following entry does *NOT* work +-Mamavis, P=/usr/sbin/amavis, F=sDFMAw5:/|@qPfhn9, S=0, R=0, +- T=DNS/RFC822/X-Unix, +- A=amavis $f $u +- +-Hint: F=C (specifies that @domain has to be added to recipient) is needed +-otherwise you'll get an "user unknown" error. +- +- +-/etc/sendmail.orig.cf: +-* to get rid off the X-Authentification-Warning "Processed by amavis +-with -C /etc/sendmail.orig" and "Processed from queue /var/spool/mqueue" +-I removed authwarnings from PrivacyOptions, so +-O PrivacyOptions=novrfy,noexpn +- +-NOTE: The "goaway" option is another PrivacyOption. The "goaway" option +-implies the "authwarnings" option, so with "goaway" you'll get the +-X-Authentification-Warning. +- +- +- +-The Mlocal entry looks like this +-Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qPfhn9, +- S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, +- T=DNS/RFC822/X-Unix, +- A=procmail -Y -a $h -d $u +- +-(it seems that in the F= flags neiter the "o" nor "S" +-must be set ...) +- +-The permission of /var/spool/mqueue and /var/spool/mqamavis are +-the following: +- +-drwxrwxr-x 2 amavis root 1024 Sep 2 16:41 mqamavis +-drwxrwxr-x 2 amavis root 1024 Sep 2 16:41 mqueue +- +- +-As I use procmail als Local Delivery Agent, the setuid-bit +-for procmail has to be set! (d'oh ...) +- +-Note: For some reasons I'm not aware of, the notification messages generated +-by amavis are not sent immediately. Two solutions do exist for that +-(the latter one is the one I would recommend) +- +-* calling sendmail -C /etc/mail/sendmail.orig.cf -q via a cron job +- +-* or (prefered) +-change the delivery mode in /etc/mail/sendmail.orig.cf to +-# default delivery mode +-O DeliveryMode=i +-# i Deliver interactively (synchronously) +- +- +-NOTE: as amavis is run as amavis /var/lib/amavis/virusmails must be owned +-by amavis and you have to specify a another location for the AMaViS +-logfile (normally /var/lib/amavis/amavis.log) to which amavis has +-write access to. +- +-NOTE: As sendmail will perform most tasks as user amavis now, it may +-not be able to read the users .forward file anymore! You may consider +-changing the permissions for the home directories, i.e. access rights +-for others. +- +- +-TODO/BUGS +---------- +-* huh? nothing?! that's unbelieveable :-) +- +- +-The author +----------- +-This stuff was written and tested by Rainer Link +-Rainer Link , http://rainer.w3.to/ +- +- +-Credits +-------- +-This stuff is based on a patch from gody@master.slon.net and is itself +-based on the concept from Inflex. Thanks to Paul L. Daniels and +-(indirectly) to Steve Kehelet via the P.L.Daniels's Inflex scanner. +-Thanks to Yan Seiner for the m4 stuff, which our amavis.m4 is based upon. +-Section 'Scanning only incoming mail' updated by Mark Martinec. +- +- +-Thanks +------- +-Thanks to everyone who reported bugs or problems directly +-to me or the AMaViS user mailing list, and provided us/me +-with patches or additional information. +diff -urNad amavisd-new-2.5.3~/README_FILES/README.sendmail-dual amavisd-new-2.5.3/README_FILES/README.sendmail-dual +--- amavisd-new-2.5.3~/README_FILES/README.sendmail-dual 2008-01-15 21:54:00.000000000 -0500 ++++ amavisd-new-2.5.3/README_FILES/README.sendmail-dual 1969-12-31 19:00:00.000000000 -0500 +@@ -1,454 +0,0 @@ +-Dual-instance sendmail with amavisd-new +---------------------------------------- +- Mark Martinec, 2003-05-06 +- (based on initial research by Ricardo Stella) +- updated on: 2005-09-22 (added a reference to 'milter-ahead'); +- updated on: 2005-09-29 (added custom rules to reject unknown users outright, +- provided by Matej Vela, thanks to Simone Marx) +- updated on: 2006-09-15 (placement of DKIM/DK milters, mention the feature +- FEATURE(`nocanonify',`canonify_hosts'), the absence +- of which can make header procesing by sm *very* long) +- +-The most recent version of this document can be found at: +- http://www.ijs.si/software/amavisd/README.sendmail-dual +- +-========================================================================== +- +-The setup is very similar to the one described in README.sendmail +-(by Rainer Link) in section 'Scanning incoming/outgoing and relayed mail', +-except that it uses SMTP protocol over inet socket (instead of pipes +-to commands) to transfer files between MTA and amavisd-new and back, +-and that it uses a permanently running second sendmail instance +-in 'queue only' delivery mode, instead of bringing it up every time +-a new checked mail comes from amavisd. +- +-========================================================================== +- +-Comparing the setup described in this document with the sendmail milter +-setup, as described in README.milter: +- +-milter - reasons in favour: +-- can REJECT on the original SMTP session, instead of generating a bounce +- (sending a non-delivery notification _after_ the mail has been enqueued); +- +-- only one sendmail daemon need be running, only one config file needed, +- no additional queue area needed (although starting with sendmail 8.12 +- more than one queue area is already a norm: clientmqueue, queue groups; +- and MSP already uses a different .cf file); +- +- +-dual-MTA - reasons in favour: +-- Full amavisd-new functionality is available, including adding spam and +- virus information header fields, adding address extensions and removing +- certain recipients from delivery while delivering the same message to +- the rest (*_lovers). Also a message can be split if different recipients +- need different header edits. All this is not available when using +- amavis-milter helper program. +- +-- Content scanning need not be performed at the time of mail reception. +- This allows better control on CPU-intensive content filtering: mail +- checking can be streamlined and performed at optimum throughput setting +- (number of content checker processes) so as not to overwhelm host resources, +- instead of leaving it at the mercy of the current number of incoming +- SMTP sessions where available crude controls are mostly based on system +- load. Typically the number of incoming SMTP sessions (tiny processes) +- is desired to be many times above the number of content filtering +- processes (heavy resource consumers). +- +-- No helper programs needed, MTA communicates with amavisd-new directly +- via SMTP, saves on creating one directory and one file for each message, +- and deleting it (at the cost of one additional transfer); +- +-- Receiving sendmail daemon (MTA-RX) need not run as root (using option +- RunAsUser) since it does not need to run any local delivery agents (LDA) +- or to access user .forward files. This avoids external SMTP clients +- talking directly to a process running as root. +- +-========================================================================== +- +- +-The following setup is described in this document: +- +- ............................ ............................ +- : sendmail instance MTA-RX : : sendmail instance MTA-TX : +- : : : : +- 25 -----> \ (mqueue-rx) : : (mqueue) / -------> forward +-587 -----> > -queue- : : -queue- ->-----+ : +- ^ : / | MAIL_HUB, : : | \ -------> local +- | : v SMART_HOST : : ^ : delivery +-msp ...........|................ ....|....................... +- | ^ loopback interface +- v | port 10025 +- loopback interf.| port 10024 | +- .....|.......................|............. +- : $inet_socket_port=10024 | : +- : | : +- : $forward_method='smtp:127.0.0.1:10025' : +- : $notify_method ='smtp:127.0.0.1:10025' : +- : : +- : amavisd-new : +- ........................................... +- +- +-The setup is based on the recent sendmail (8.12.9 or later) with its set of +-m4 configuration macros. Because of several security problems with earlier +-versions of sendmail it is advised to stick to the most recent version, +-although the functionality needed for this setup has long been available. +-If a particular macro or feature is not available with some older version, +-it is usually possible to achieve the same or similar by manually writing +-a new 'mailer' specification and/or tweaking the .cf file. +- +- +-We'll prepare two sendmail daemon instances (processes), let's call them +-MTA-RX (receiving, accepting) and MTA-TX (transmitting, delivering). +- +-For convenience we keep the name of the configuration file and the +-queue (spool) area at default names for one mailer instance, and choose +-non-default names for the other. Let's choose the MTA-TX to keep default +-names, and supply non-default names to MTA-RX explicitly. This will make +-admin utilities like mailq, newaliases, hoststat and purgestat operate +-on the outgoing mailer instance unless explicitly told otherwise. +-It could just as well be the other way around. +- +-MTA-RX (receiving mailer) will be responsible for accepting mail from +-the Internet or from internal hosts on port 25, optionally accepting local +-message submissions on tcp port 587 (rfc2476), and for message submissions +-via sendmail program. It will forward all mail (both for local and for +-nonlocal recipients) via SMTP protocol (or LMTP) to 127.0.0.1 (a loopback +-interface) on tcp port 10024, where amavisd daemon will be listening. +-- its queue: /var/spool/mqueue-rx +-- its config file: /etc/mail/sendmail-rx.cf, /etc/mail/submit.cf +-- the source (.mc) of the configuration file: thishost-rx.mc +- (where 'thishost' is often by convention the name of the system (uname)) +- +-MTA-TX (transmitting mailer) will be responsible for accepting checked +-mail and notifications from amavisd-new via SMTP on the loopback interface +-(127.0.0.1) at tcp port 10025, and will forward all mail to its final +-destinations, either for local delivery, or delivering outgoing mail +-to the Internet or to other internal mailers. +-- its queue: /var/spool/mqueue +-- its config file: /etc/mail/sendmail.cf +-- the source (.mc) of the configuration file: thishost-tx.mc +- +-In-between the two MTAs an amavisd daemon will accept mail via SMTP (or LMTP) +-protocol on tcp port 10024, check it, and forward checked mail and +-notifications via SMTP to MTA-TX. +- +-If you already have an existing sendmail installation, you already +-have a queue directory /var/spool/mqueue and the configuration file(s) +-(.mc source and the compiled .cf file). Most of the existing settings +-in your .mc file can be reused, and are to be moved to the new files +-thishost-rx.mc or thishost-tx.mc, or (some of them) to both. +-The settings pertaining to receiving mail, including recource limits, +-should go to thishost-rx.mc; settings pertaining to delivering mail +-(locally or to other mailers) should go to thishost-tx.mc, and general +-settings should go to both. +- +-The MTA-TX should have none or hardly any resource limits, or at least +-have them larger than MTA-RX. Large messages, common errors in mail, and +-mail rush-ins should be stopped or limited at their entry to the system. +-Accepting them first, but choking later can lead to trouble or at least +-to wasted resources. +- +-The file names thishost-rx.mc and thishost-tx.mc are arbitrary, they only +-serve as source (to the m4 macro processor) for producing .cf files, +-which control sendmail's behaviour. Sendmail never uses .mc files directly. +- +- +-MTA-TX already got its queue directory during sendmail installation. +- +-For MTA-RX a new queue directory needs to be created where incoming +-mail can be collected. Use the same ownership and protection as used +-for /var/spool/mqueue, e.g: +- # mkdir /var/spool/mqueue-rx +- # chown root:wheel /var/spool/mqueue-rx +- # chmod 700 /var/spool/mqueue-rx +- +-SECURITY NOTE: +- starting with sendmail 8.12 it is possible to start sendmail daemon +- as root and let it drop privileges (become user specified by RunAsUser) +- after binding to port 25. This is normally used by MSP, and it can +- just as well be used by MTA-RX, since it has no need to access user +- mailboxes and .forward files. To use this feature, specify user and +- group in the macro confRUN_AS_USER (file thishost-rx.mc), and set the +- ownership of mqueue-rx to this user and group: +- # chown smmsp:smmsp /var/spool/mqueue-rx +- # chmod 770 /var/spool/mqueue-rx +- +- +-More complex queue setup is possible if needed, like separating +-sendmail work area and core dump area from actual queues. +-For details about queue groups see sendmail documentation. +- +- +-Create file thishost-rx.mc: +----cut-here------------------------------ +-dnl To be used for MTA-RX, the first MTA instance (receiving mail) +- +-dnl Insert here the usual .mc preamble, including OSTYPE and DOMAIN calls. +- +-dnl Specify here also access controls, relayable domains, anti-spam measures +-dnl including milter settings if needed, mail submission settings, client +-dnl authentication, resource controls, maximum mail size and header size, +-dnl confMIN_FREE_BLOCKS, and other settings needed for receiving mail. +-dnl +-dnl NOTE: +-dnl confMIN_FREE_BLOCKS at MTA-RX should be kept higher than the same +-dnl setting at MTA-TX to quench down clients when disk space is low, +-dnl and not to stop processing the already received mail. +-dnl +-dnl In particular, here are some settings to be considered: +-dnl ( see also http://www.sendmail.org/m4/anti_spam.html ) +-dnl +-dnl FEATURE(`access_db') +-dnl VIRTUSER_DOMAIN(`sub1.example.com')dnl list valid users here +-dnl VIRTUSER_DOMAIN(`sub2.example.com')dnl list valid users here +-dnl FEATURE(`virtusertable') +-dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db') +-dnl FEATURE(`blacklist_recipients') +-dnl FEATURE(`use_cw_file') +-dnl FEATURE(`use_ct_file') +-dnl FEATURE(`nocanonify', `canonify_hosts')dnl +-dnl INPUT_MAIL_FILTER(...) +-dnl define(`confPRIVACY_FLAGS', `noexpn,novrfy,authwarnings') nobodyreturn ? +-dnl define(`confDONT_PROBE_INTERFACES') +-dnl MASQUERADE_AS(...) FEATURE(`allmasquerade') FEATURE(`masquerade_envelope') +-dnl define(`confTO_IDENT', `0')dnl Disable IDENT +-dnl define(`confMAX_MESSAGE_SIZE',`10485760') +-dnl define(`confMAX_MIME_HEADER_LENGTH', `256/128') +-dnl define(`confNO_RCPT_ACTION', `add-to-undisclosed') +-dnl define(`confBIND_OPTS', ...) +-dnl define(`confTO_RESOLVER_*... ) +-dnl define(`confDELAY_LA, 8) +-dnl define(`confREFUSE_LA', 12) +-dnl define(`confMAX_DAEMON_CHILDREN',20) +-dnl define(`confMIN_FREE_BLOCKS', `10000') +-dnl define(`confDEF_USER_ID', ...) +- +-define(`confRUN_AS_USER',`smmsp:smmsp')dnl Drop privileges (see SECURITY NOTE) +- +-define(`confPID_FILE', `/var/run/sendmail-rx.pid')dnl Non-default pid file +-define(`STATUS_FILE', `/etc/mail/stat-rx')dnl Non-default stat file +-define(`QUEUE_DIR', `/var/spool/mqueue-rx')dnl Non-default queue area +-define(`confQUEUE_SORT_ORDER',`Modification')dnl Modif or Random are reasonable +- +-dnl Match the number of queue runners (R=) to the number of amavisd-new child +-dnl processes ($max_servers). 2 to 7 OK, 10 is plenty, 20 is too many +-QUEUE_GROUP(`mqueue', `P=/var/spool/mqueue-rx, R=2, F=f')dnl +- +-dnl Direct all mail to be forwarded to amavisd-new at 127.0.0.1:10024 +-FEATURE(stickyhost)dnl Keep envelope addr "u@local.host" when fwd to MAIL_HUB +-define(`MAIL_HUB', `esmtp:[127.0.0.1]')dnl Forward all local mail to amavisd +-define(`SMART_HOST', `esmtp:[127.0.0.1]')dnl Forward all other mail to amavisd +-define(`LOCAL_RELAY',`esmtp:[127.0.0.1]')dnl +- +-define(`confDELIVERY_MODE',`q')dnl Delivery mode: queue only (a must, +-dnl ... otherwise the advantage of this setup of being able to specify +-dnl ... the number of queue runners is lost) +-define(`ESMTP_MAILER_ARGS',`TCP $h 10024')dnl To tcp port 10024 instead of 25 +-MODIFY_MAILER_FLAGS(`ESMTP', `+z')dnl Speak LMTP (this is optional) +-define(`SMTP_MAILER_MAXMSGS',`10')dnl Max no. of msgs in a single connection +-define(`confTO_DATAFINAL',`20m')dnl 20 minute timeout for content checking +-DAEMON_OPTIONS(`Name=MTA-RX')dnl Daemon name used in logged messages +- +-dnl Disable local delivery, as all local mail will go to MAIL_HUB +-undefine(`ALIAS_FILE')dnl No aliases file, all local mail goes to MAIL_HUB +-define(`confFORWARD_PATH')dnl Empty search path for .forward files +-undefine(`UUCP_RELAY')dnl +-undefine(`BITNET_RELAY')dnl +-undefine(`DECNET_RELAY')dnl +- +-MAILER(smtp) +- +-dnl The following solution to reject unknown recipients outright +-dnl is provided by Matej Vela , see: +-dnl http://groups.google.com/group/comp.mail.sendmail/ +-dnl browse_thread/thread/88cc72d7c4d3a6e/ee2a9474b3a4558d +-dnl The FEATURE(stickyhost) short-circuits FEATURE(luser_relay) so that a: +-dnl define(`LUSER_RELAY',`error:5.1.1:"550 User unknown"') can't be used. +-dnl A simple solution is to disable FEATURE(stickyhost). If this is not +-dnl possible, the alternative is to replace FEATURE(luser_relay) with custom +-dnl rules below. The latter has the advantage of properly handling special +-dnl aliases like ("|program", "/mailbox", and ":include:/list"). If choosing +-dnl this route, one should NOT use `undefine(`ALIAS_FILE')dnl', and use the +-dnl following custom rules: +-dnl +- +-LOCAL_CONFIG +-Kaliasp hash -m /etc/mail/aliases +-Kuserp user -m +- +-LOCAL_RULESETS +-SLocal_check_rcpt +-R$* $: $&{rcpt_addr} +-R $+ @ $=w $: <@> $1 mark local address +-R $* @ $* $@ OK ignore remote address +-R $+ $: <@> $1 mark unqualified user +-R<@> $+ + $* $: < $(aliasp $1+$2 $: @ $) > $1 + * plussed alias? +-R<@> $+ + $* $: < $(aliasp $1+$2 $: @ $) > $1 +* alias? +-R<@> $+ $: < $(aliasp $1 $: @ $) > $1 normal alias? +-R<@> $+ $: < $(userp $1 $: @ $) > $1 system user? +-R<@> $+ $#error $@ 5.1.1 $: "550 User unknown" nope, go away +- +----end----------------------------------- +- +- +- +-Create file thishost-tx.mc: +----cut-here------------------------------ +-dnl To be used for MTA-TX, the second MTA instance +-dnl (delivering outgoing and local mail) +- +-dnl Insert here the usual .mc preamble, including OSTYPE and DOMAIN calls. +- +-dnl Specify here also the required outgoing mail processing and +-dnl local delivery settings such as mailertables, needed mailers, aliases, +-dnl local delivery mailer settings, smrsh, delivery mode, queue groups, ... +-dnl Don't use milters here - for all common filtering purposes they belong +-dnl to MTA-RX; an exception to this rule would be DKIM or DomainKeys mail +-dnl signing milters (signature _verification_ milters still belong to MTA-RX). +- +-define(`confREFUSE_LA',999)dnl Disable the feature, limiting belongs to MTA-RX +-define(`confMAX_DAEMON_CHILDREN',0)dnl Disable, limiting belongs to MTA-RX +-FEATURE(`no_default_msa')dnl No need for another MSA, MTA-RX already has one +-FEATURE(`nocanonify')dnl Host/domain names are considered canonical +-DAEMON_OPTIONS(`Addr=127.0.0.1, Port=10025, Name=MTA-TX')dnl Listen on lo:10025 +-define(`confSMTP_LOGIN_MSG', `$w.tx.$m Sendmail $v/$Z; $b')dnl +-define(`confTO_IDENT', `0')dnl Disable IDENT +- +-MAILER(smtp) +-MAILER(local) +----end----------------------------------- +- +- +-Now macro-expand .mc files into .cf files: +-(adjust the path if needed to where your cf/m4/cf.m4 file resides) +- +-# m4 /usr/share/sendmail/cf/m4/cf.m4 thishost-rx.mc >/etc/mail/sendmail-rx.cf +-# m4 /usr/share/sendmail/cf/m4/cf.m4 thishost-tx.mc >/etc/mail/sendmail.cf +- +-Start MTA-RX and MTA-TX daemons: +-# /usr/sbin/sendmail -C/etc/mail/sendmail-rx.cf -L sm-mta-rx -bd -qp +-# /usr/sbin/sendmail -L sm-mta-tx -bd -q15m +- +-Start queue runner for the MSP client queue as usual, if using it: +-# /usr/sbin/sendmail -Ac -L sm-msp-queue -q10m +- +- +-Start amavisd-new: +-# amavisd +- +-Test if MTA-RX is listening: +-# telnet localhost 25 +-QUIT +- +-Test if MTA-RX is listening on MSA port 587 (a newer sendmail invention) +-# telnet localhost 587 +-QUIT +- +-Test if MTA-TX is listening: +-# telnet localhost 10025 +-QUIT +- +-Test if amavisd is listening: +-# telnet localhost 10024 +-QUIT +- +- +- +-For convenience some shell aliases may be defined: +- +-alias mailq-rx='mailq -C/etc/mail/sendmail-rx.cf' +-alias mailq-tx='mailq' +-alias sendmail-rx='/usr/sbin/sendmail -C/etc/mail/sendmail-rx.cf' +-alias sendmail-tx='/usr/sbin/sendmail' +- +- +-All done! +- +- +-NOTES +- +-- In amavisd.conf file follow the 'POSTFIX or EXIM V4 or dual MTA setup', +- which is also the default. +- +-- The $final_*_destiny should not specify D_REJECT. +- The D_BOUNCE (or D_PASS or D_DISCARD) is preferred. +- +-- To make MTA-RX content-check only some mail but not all, one may use +- mailertables instead of MAIL_HUB and SMART_HOST. For example setting +- some recipient domains to be passed to MTA-TX at 127.0.0.1:10025 +- directly (e.g. via mailer 'esmtp'), while sending all the rest to +- amavisd at 127.0.0.1:10024. To be able to specify the port number, +- a new 'mailer' needs to be defined, let's call it 'amavis', with similar +- settings as the already defined 'esmtp', except with port number 10024. +- +-- depending on how local addresses are translated by MTA-RX, the +- %local_domains (or @local_domains_maps) in amavisd.conf needs to be +- adjusted accordingly to be able to recognize local domains. Check the +- amavisd-new log what recipient addresses it sees for local recipients. +- The '[127.0.0.1]' may need to be added to the @local_domains. +- +-- To make MTA-RX reject mail for nonexistent local users by itself +- (instead of generating a bounce later on), one may use the 'virtusertable' +- in thishost-rx.mc, listing all known recipients, and rejecting the rest, +- e.g.: +- +- VIRTUSER_DOMAIN(`example.com')dnl +- FEATURE(`virtusertable', `hash /etc/mail/virtusertable')dnl +- +- jim@example.com %1%3 +- joe@example.com %1%3 +- postmaster@example.com %1 +- @example.com error:5.7.0:550 No such user here +- +- You may use the righthand side of the map to specify local user +- (e.g. %1%3, or just jim, without domain name) in which case MAIL_HUB will +- be used for forwarding, or specify an explicit domain name that is not +- in the {w} class, in which case the SMART_HOST will get consulted. +- +- Perhaps what Stephane Lentz writes is even better: +- +- Dictionary attacks and messages to retired accounts can be bounced with +- sendmail: just replicate your aliases or write some SLocal_check_rcpt +- rule-set that checks addresses of your domain against a map of valid users +- (valid_addresses.db). I hope some standard FEATURE will be provided +- with sendmail - something like FEATURE(checkdomainaddresses) and +- CHECKDOMAINADDRESSES(mydomain.com). +- +- An alternative solution is to use a milter to do address verification +- against the second MTA in chain. See the milter-ahead project: +- +- http://www.milter.info/sendmail/milter-ahead/ +- +- +- +-PERFORMANCE NOTES +- +-- Mail handling is I/O-intensive. For better performance one may place +- the two mail queue areas (/var/spool/mqueue and /var/spool/mqueue-rx), +- and the /var/lib/amavis work directory ($TEMPBASE) on three separate disks. +- The /var/lib/amavis/tmp may be a tmpfs or a RAMdisk or delayed-sync fs. +- +-- One of the important arguments for choosing the dual-MTA setup is to be +- able to keep the number of content filtering processes under control, +- and not at the mercy of current mail inflow. Don't blow this advantage +- by setting the number of amavisd-new processes and MTA-RX queue runners +- too high! +- +- Throughput optimum is somewhere between 3 and 10 with fast daemonized +- av-scanner (or no av scanner) (with or without SpamAssassin), +- and between 2 and 3 with many command line scanners (regardless of SA). +- If the host is low on memory and when spam checking (SpamAssassin) +- is used, even 2 may be a lot for an elderly host. +- +- Start conservatively, e.g. at 2 or 3, and if everything works normally +- and higher throughput is needed, try a bit more. Anything above the point +- where throughput function levels off is just a waste of memory and +- gains nothing! +- +- The optimum may be higher if high-latency external SpamAssassin tests +- are enabled (e.g. Razor, RBL), Still, never go beyond available memory. +- For example with SpamAssassin enabled, the 20..25 processes on a 256 MB +- machine is where throughput begins to drop rapidly on a way to a swapping +- tar pit. +diff -urNad amavisd-new-2.5.3~/README_FILES/README.sendmail-dual.old amavisd-new-2.5.3/README_FILES/README.sendmail-dual.old +--- amavisd-new-2.5.3~/README_FILES/README.sendmail-dual.old 2008-01-15 04:40:42.000000000 -0500 ++++ amavisd-new-2.5.3/README_FILES/README.sendmail-dual.old 1969-12-31 19:00:00.000000000 -0500 +@@ -1,413 +0,0 @@ +-Dual-instance sendmail with amavisd-new +---------------------------------------- +- Mark Martinec, 2003-05-06 +- (based on initial research by Ricardo Stella) +- last updated on: 2005-09-22 (added a reference to 'milter-ahead') +- +-The most recent version of this document can be found at: +- http://www.ijs.si/software/amavisd/README.sendmail-dual +- +-========================================================================== +- +-The setup is very similar to the one described in README.sendmail +-(by Rainer Link) in section 'Scanning incoming/outgoing and relayed mail', +-except that it uses SMTP protocol over inet socket (instead of pipes +-to commands) to transfer files between MTA and amavisd-new and back, +-and that it uses a permanently running second sendmail instance +-in 'queue only' delivery mode, instead of bringing it up every time +-a new checked mail comes from amavisd. +- +-========================================================================== +- +-Comparing the setup described in this document with the sendmail milter +-setup, as described in README.milter: +- +-milter - reasons in favour: +-- can REJECT on the original SMTP session, instead of generating a bounce +- (sending a non-delivery notification _after_ the mail has been enqueued); +- +-- only one sendmail daemon need be running, only one config file needed, +- no additional queue area needed (although starting with sendmail 8.12 +- more than one queue area is already a norm: clientmqueue, queue groups; +- and MSP already uses a different .cf file); +- +- +-dual-MTA - reasons in favour: +-- Full amavisd-new functionality is available, including adding spam and +- virus information header fields, adding address extensions and removing +- certain recipients from delivery while delivering the same message to +- the rest (*_lovers). Also a message can be split if different recipients +- need different header edits. All this is not available when using +- amavis-milter helper program. +- +-- Content scanning need not be performed at the time of mail reception. +- This allows better control on CPU-intensive content filtering: mail +- checking can be streamlined and performed at optimum throughput setting +- (number of content checker processes) so as not to overwhelm host resources, +- instead of leaving it at the mercy of the current number of incoming +- SMTP sessions where available crude controls are mostly based on system +- load. Typically the number of incoming SMTP sessions (tiny processes) +- is desired to be many times above the number of content filtering +- processes (heavy resource consumers). +- +-- No helper programs needed, MTA communicates with amavisd-new directly +- via SMTP, saves on creating one directory and one file for each message, +- and deleting it (at the cost of one additional transfer); +- +-- Receiving sendmail daemon (MTA-RX) need not run as root (using option +- RunAsUser) since it does not need to run any local delivery agents (LDA) +- or to access user .forward files. This avoids external SMTP clients +- talking directly to a process running as root. +- +-========================================================================== +- +- +-The following setup is described in this document: +- +- ............................ ............................ +- : sendmail instance MTA-RX : : sendmail instance MTA-TX : +- : : : : +- 25 -----> \ (mqueue-rx) : : (mqueue) / -------> forward +-587 -----> > -queue- : : -queue- ->-----+ : +- ^ : / | MAIL_HUB, : : | \ -------> local +- | : v SMART_HOST : : ^ : delivery +-msp ...........|................ ....|....................... +- | ^ loopback interface +- v | port 10025 +- loopback interf.| port 10024 | +- .....|.......................|............. +- : $inet_socket_port=10024 | : +- : | : +- : $forward_method='smtp:127.0.0.1:10025' : +- : $notify_method ='smtp:127.0.0.1:10025' : +- : : +- : amavisd-new : +- ........................................... +- +- +-The setup is based on the recent sendmail (8.12.9 or later) with its set of +-m4 configuration macros. Because of several security problems with earlier +-versions of sendmail it is advised to stick to the most recent version, +-although the functionality needed for this setup has long been available. +-If a particular macro or feature is not available with some older version, +-it is usually possible to achieve the same or similar by manually writing +-a new 'mailer' specification and/or tweaking the .cf file. +- +- +-We'll prepare two sendmail daemon instances (processes), let's call them +-MTA-RX (receiving, accepting) and MTA-TX (transmitting, delivering). +- +-For convenience we keep the name of the configuration file and the +-queue (spool) area at default names for one mailer instance, and choose +-non-default names for the other. Let's choose the MTA-TX to keep default +-names, and supply non-default names to MTA-RX explicitly. This will make +-admin utilities like mailq, newaliases, hoststat and purgestat operate +-on the outgoing mailer instance unless explicitly told otherwise. +-It can just as well be the other way around. +- +-MTA-RX (receiving mailer) will be responsible for accepting mail from +-the Internet or from internal hosts on port 25, optionally accepting local +-message submissions on tcp port 587 (rfc2476), and for message submissions +-via sendmail program. It will forward all mail (both for local and for +-nonlocal recipients) via SMTP protocol (or LMTP) to 127.0.0.1 (a loopback +-interface) on tcp port 10024, where amavisd daemon will be listening. +-- its queue: /var/spool/mqueue-rx +-- its config file: /etc/mail/sendmail-rx.cf, /etc/mail/submit.cf +-- the source (.mc) of the configuration file: thishost-rx.mc +- (where 'thishost' is often by convention the name of the system (uname)) +- +-MTA-TX (transmitting mailer) will be responsible for accepting checked +-mail and notifications from amavisd-new via SMTP on the loopback interface +-(127.0.0.1) at tcp port 10025, and will forward all mail to its final +-destinations, either for local delivery, or delivering outgoing mail +-to the Internet or to other internal mailers. +-- its queue: /var/spool/mqueue +-- its config file: /etc/mail/sendmail.cf +-- the source (.mc) of the configuration file: thishost-tx.mc +- +-In-between the two MTAs an amavisd daemon will accept mail via SMTP (or LMTP) +-protocol on tcp port 10024, check it, and forward checked mail and +-notifications via SMTP to MTA-TX. +- +-If you already have an existing sendmail installation, you already +-have a queue directory /var/spool/mqueue and the configuration file(s) +-(.mc source and the compiled .cf file). Most of the existing settings +-in your .mc file can be reused, and are to be moved to the new files +-thishost-rx.mc or thishost-tx.mc, or (some of them) to both. +-The settings pertaining to receiving mail, including recource limits, +-should go to thishost-rx.mc; settings pertaining to delivering mail +-(locally or to other mailers) should go to thishost-tx.mc, and general +-settings should go to both. +- +-The MTA-TX should have none or hardly any resource limits, or at least +-have them larger than MTA-RX. Large messages, common errors in mail, and +-mail rush-ins should be stopped or limited at their entry to the system. +-Accepting them first, but choking later can lead to trouble or at least +-to wasted resources. +- +-The file names thishost-rx.mc and thishost-tx.mc are arbitrary, they only +-serve as source (to the m4 macro processor) for producing .cf files, +-which control sendmail's behaviour. Sendmail never uses .mc files directly. +- +- +-MTA-TX already got its queue directory during sendmail installation. +- +-For MTA-RX a new queue directory needs to be created where incoming +-mail can be collected. Use the same ownership and protection as used +-for /var/spool/mqueue, e.g: +- # mkdir /var/spool/mqueue-rx +- # chown root:wheel /var/spool/mqueue-rx +- # chmod 700 /var/spool/mqueue-rx +- +-SECURITY NOTE: +- starting with sendmail 8.12 it is possible to start sendmail daemon +- as root and let it drop privileges (become user specified by RunAsUser) +- after binding to port 25. This is normally used by MSP, and it can +- just as well be used by MTA-RX, since it has no need to access user +- mailboxes and .forward files. To use this feature, specify user and +- group in the macro confRUN_AS_USER (file thishost-rx.mc), and set the +- ownership of mqueue-rx to this user and group: +- # chown smmsp:smmsp /var/spool/mqueue-rx +- # chmod 770 /var/spool/mqueue-rx +- +- +-More complex queue setup is possible if needed, like separating +-sendmail work area and core dump area from actual queues. +-For details about queue groups see sendmail documentation. +- +- +-Create file thishost-rx.mc: +----cut-here------------------------------ +-dnl To be used for MTA-RX, the first MTA instance (receiving mail) +- +-dnl Insert here the usual .mc preamble, including OSTYPE and DOMAIN calls. +- +-dnl Specify here also access controls, relayable domains, anti-spam measures +-dnl including milter settings if needed, mail submission settings, client +-dnl authentication, resource controls, maximum mail size and header size, +-dnl confMIN_FREE_BLOCKS, and other settings needed for receiving mail. +-dnl +-dnl NOTE: +-dnl confMIN_FREE_BLOCKS at MTA-RX should be kept higher than the same +-dnl setting at MTA-TX, to quench down clients when disk space is low, +-dnl and not to stop processing the already received mail. +-dnl +-dnl In particular, here are some settings to be considered: +-dnl ( see also http://www.sendmail.org/m4/anti_spam.html ) +-dnl +-dnl FEATURE(`access_db',`hash -T /etc/mail/access.db') +-dnl VIRTUSER_DOMAIN(`sub1.example.com')dnl list valid users here +-dnl VIRTUSER_DOMAIN(`sub2.example.com')dnl list valid users here +-dnl FEATURE(`virtusertable', `hash /etc/mail/virtusertable') +-dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db') +-dnl FEATURE(`blacklist_recipients') +-dnl INPUT_MAIL_FILTER(...) +-dnl define(`confPRIVACY_FLAGS', `noexpn,novrfy,authwarnings') nobodyreturn ? +-dnl define(`confDONT_PROBE_INTERFACES') +-dnl undefine(`USE_CW_FILE')dnl cancel use_cw_file feature, no class {w} extras +-dnl MASQUERADE_AS(...) FEATURE(`allmasquerade') FEATURE(`masquerade_envelope') +-dnl define(`confTO_IDENT', `0')dnl Disable IDENT +-dnl define(`confMAX_MESSAGE_SIZE',`10485760') +-dnl define(`confMAX_MIME_HEADER_LENGTH', `256/128') +-dnl define(`confNO_RCPT_ACTION', `add-to-undisclosed') +-dnl FEATURE(`nocanonify', ...) +-dnl define(`confBIND_OPTS', ...) +-dnl define(`confTO_RESOLVER_*... ) +-dnl define(`confDELAY_LA, 8) +-dnl define(`confREFUSE_LA', 12) +-dnl define(`confMAX_DAEMON_CHILDREN',20) +-dnl define(`confMIN_FREE_BLOCKS', `10000') +-dnl define(`confDEF_USER_ID', ...) +- +-define(`confRUN_AS_USER',`smmsp:smmsp')dnl Drop privileges (see SECURITY NOTE) +- +-define(`confPID_FILE', `/var/run/sendmail-rx.pid')dnl Non-default pid file +-define(`STATUS_FILE', `/etc/mail/stat-rx')dnl Non-default stat file +-define(`QUEUE_DIR', `/var/spool/mqueue-rx')dnl Non-default queue area +-define(`confQUEUE_SORT_ORDER',`Modification')dnl Modif or Random are reasonable +- +-dnl Match the number of queue runners (R=) to the number of amavisd-new child +-dnl processes ($max_servers). 2 to 7 OK, 10 is plenty, 20 is too many +-QUEUE_GROUP(`mqueue', `P=/var/spool/mqueue-rx, R=2, F=f')dnl +- +-dnl Direct all mail to be forwarded to amavisd-new at 127.0.0.1:10024 +-FEATURE(stickyhost)dnl Keep envelope addr "u@local.host" when fwd to MAIL_HUB +-define(`MAIL_HUB', `esmtp:[127.0.0.1]')dnl Forward all local mail to amavisd +-define(`SMART_HOST',`esmtp:[127.0.0.1]')dnl Forward all other mail to amavisd +- +-define(`confDELIVERY_MODE',`q')dnl Delivery mode: queue only (a must, +-dnl ... otherwise the advantage of this setup of being able to specify +-dnl ... the number of queue runners is lost) +-define(`ESMTP_MAILER_ARGS',`TCP $h 10024')dnl To tcp port 10024 instead of 25 +-MODIFY_MAILER_FLAGS(`ESMTP', `+z')dnl Speak LMTP (this is optional) +-define(`SMTP_MAILER_MAXMSGS',`10')dnl Max no. of msgs in a single connection +-define(`confTO_DATAFINAL',`20m')dnl 20 minute timeout for content checking +-DAEMON_OPTIONS(`Name=MTA-RX')dnl Daemon name used in logged messages +- +-dnl Disable local delivery, as all local mail will go to MAIL_HUB +-undefine(`ALIAS_FILE')dnl No aliases file, all local mail goes to MAIL_HUB +-define(`confFORWARD_PATH')dnl Empty search path for .forward files +-undefine(`UUCP_RELAY')dnl +-undefine(`BITNET_RELAY')dnl +-undefine(`DECNET_RELAY')dnl +- +-MAILER(smtp) +----end----------------------------------- +- +- +- +-Create file thishost-tx.mc: +----cut-here------------------------------ +-dnl To be used for MTA-TX, the second MTA instance +-dnl (delivering outgoing and local mail) +- +-dnl Insert here the usual .mc preamble, including OSTYPE and DOMAIN calls. +- +-dnl Specify here also the required outgoing mail processing and +-dnl local delivery settings such as mailertables, needed mailers, aliases, +-dnl local delivery mailer settings, smrsh, delivery mode, queue groups, ... +-dnl Don't use milters here - for all common purposes they belong to MTA-RX. +- +-define(`confREFUSE_LA',999)dnl Disable the feature, limiting belongs to MTA-RX +-define(`confMAX_DAEMON_CHILDREN',0)dnl Disable, limiting belongs to MTA-RX +-FEATURE(`no_default_msa')dnl No need for another MSA, MTA-RX already has one +-DAEMON_OPTIONS(`Addr=127.0.0.1, Port=10025, Name=MTA-TX')dnl Listen on lo:10025 +-define(`confSMTP_LOGIN_MSG', `$w.tx.$m Sendmail $v/$Z; $b')dnl +-define(`confTO_IDENT', `0')dnl Disable IDENT +- +-MAILER(smtp) +-MAILER(local) +----end----------------------------------- +- +- +-Now macro-expand .mc files into .cf files: +-(adjust the path if needed to where your cf/m4/cf.m4 file resides) +- +-# m4 /usr/share/sendmail/cf/m4/cf.m4 thishost-rx.mc >/etc/mail/sendmail-rx.cf +-# m4 /usr/share/sendmail/cf/m4/cf.m4 thishost-tx.mc >/etc/mail/sendmail.cf +- +-Start MTA-RX and MTA-TX daemons: +-# /usr/sbin/sendmail -C/etc/mail/sendmail-rx.cf -L sm-mta-rx -bd -qp +-# /usr/sbin/sendmail -L sm-mta-tx -bd -q15m +- +-Start queue runner for the MSP client queue as usual, if using it: +-# /usr/sbin/sendmail -Ac -L sm-msp-queue -q10m +- +- +-Start amavisd-new: +-# amavisd +- +-Test if MTA-RX is listening: +-# telnet localhost 25 +-QUIT +- +-Test if MTA-RX is listening on MSA port 587 (a newer sendmail invention) +-# telnet localhost 587 +-QUIT +- +-Test if MTA-TX is listening: +-# telnet localhost 10025 +-QUIT +- +-Test if amavisd is listening: +-# telnet localhost 10024 +-QUIT +- +- +- +-For convenience some shell aliases may be defined: +- +-alias mailq-rx='mailq -C/etc/mail/sendmail-rx.cf' +-alias mailq-tx='mailq' +-alias sendmail-rx='/usr/sbin/sendmail -C/etc/mail/sendmail-rx.cf' +-alias sendmail-tx='/usr/sbin/sendmail' +- +- +-All done! +- +- +-NOTES +- +-- In amavisd.conf file follow the 'POSTFIX or EXIM V4 or dual MTA setup', +- which is also the default. +- +-- The $final_*_destiny should not specify D_REJECT. +- The D_BOUNCE (or D_PASS or D_DISCARD) is preferred. +- +-- To make MTA-RX content-check only some mail but not all, one may use +- mailertables instead of MAIL_HUB and SMART_HOST. For example setting +- some recipient domains to be passed to MTA-TX at 127.0.0.1:10025 +- directly (e.g. via mailer 'esmtp'), while sending all the rest to +- amavisd at 127.0.0.1:10024. To be able to specify the port number, +- a new 'mailer' needs to be defined, let's call it 'amavis', with similar +- settings as the already defined 'esmtp', except with port number 10024. +- +-- depending on how local addresses are translated by MTA-RX, the +- %local_domains (or @local_domains_maps) in amavisd.conf needs to be +- adjusted accordingly to be able to recognize local domains. Check the +- amavisd-new log what recipient addresses it sees for local recipients. +- The '[127.0.0.1]' may need to be added to the @local_domains. +- +-- To make MTA-RX reject mail for nonexistent local users by itself +- (instead of generating a bounce later on), one may use the 'virtusertable' +- in thishost-rx.mc, listing all known recipients, and rejecting the rest, +- e.g.: +- +- VIRTUSER_DOMAIN(`example.com')dnl +- FEATURE(`virtusertable', `hash /etc/mail/virtusertable')dnl +- +- jim@example.com %1%3 +- joe@example.com %1%3 +- postmaster@example.com %1 +- @example.com error:5.7.0:550 No such user here +- +- You may use the righthand side of the map to specify local user +- (e.g. %1%3, or just jim, without domain name) in which case MAIL_HUB will +- be used for forwarding, or specify an explicit domain name that is not +- in the {w} class, in which case the SMART_HOST will get consulted. +- +- Perhaps what Stephane Lentz writes is even better: +- +- Dictionary attacks and messages to retired accounts can be bounced with +- sendmail: just replicate your aliases or write some SLocal_check_rcpt +- rule-set that checks addresses of your domain against a map of valid users +- (valid_addresses.db). I hope some standard FEATURE will be provided +- with sendmail - something like FEATURE(checkdomainaddresses) and +- CHECKDOMAINADDRESSES(mydomain.com). +- +- An alternative solution is to use a milter to do address verification +- against the second MTA in chain. See the milter-ahead project: +- +- http://www.milter.info/sendmail/milter-ahead/ +- +- +- +-PERFORMANCE NOTES +- +-- Mail handling is I/O-intensive. For better performance one may place +- the two mail queue areas (/var/spool/mqueue and /var/spool/mqueue-rx), +- and the /var/amavis work directory ($TEMPBASE) on three separate disks. +- The /var/amavis/tmp may be a tmpfs or a RAMdisk or delayed-sync fs. +- +-- One of the important arguments for choosing the dual-MTA setup is to be +- able to keep the number of content filtering processes under control, +- and not at the mercy of current mail inflow. Don't blow this advantage +- by setting the number of amavisd-new processes and MTA-RX queue runners +- too high! +- +- Throughput optimum is somewhere between 3 and 10 with fast daemonized +- av-scanner (or no av scanner) (with or without SpamAssassin), +- and between 2 and 3 with many command line scanners (regardless of SA). +- If the host is low on memory and when spam checking (SpamAssassin) +- is used, even 2 may be a lot for an elderly host. +- +- Start conservatively, e.g. at 2 or 3, and if everything works normally +- and higher throughput is needed, try a bit more. Anything above the point +- where throughput function levels off is just a waste of memory and +- gains nothing! +- +- The optimum may be higher if high-latency external SpamAssassin tests +- are enabled (e.g. Razor, RBL), Still, never go beyond available memory. +- For example with SpamAssassin enabled, the 20..25 processes on a 256 MB +- machine is where throughput begins to drop rapidly on a way to a swapping +- tar pit. +diff -urNad amavisd-new-2.5.3~/amavisd.conf-default amavisd-new-2.5.3/amavisd.conf-default +--- amavisd-new-2.5.3~/amavisd.conf-default 2008-01-15 04:40:41.000000000 -0500 ++++ amavisd-new-2.5.3/amavisd.conf-default 2008-01-15 21:54:00.000000000 -0500 @@ -1,5 +1,8 @@ use strict; reverted: --- amavisd-new-2.5.3/debian/patches/50_amavis-milter_pidfile_support.dpatch +++ amavisd-new-2.5.3.orig/debian/patches/50_amavis-milter_pidfile_support.dpatch @@ -1,102 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 50_amavis-milter_pidfile_support.dpatch by Henrique de Moraes Holschuh -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Add pidfile support for amavis-milter - -@DPATCH@ -diff -urNad unstable~/helper-progs/amavis-milter.c unstable/helper-progs/amavis-milter.c ---- unstable~/helper-progs/amavis-milter.c 2006-11-04 00:51:26.000000000 -0300 -+++ unstable/helper-progs/amavis-milter.c 2006-11-04 00:52:08.214746675 -0300 -@@ -45,6 +45,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -127,6 +128,9 @@ - static struct utsname amavis_uts; - static int enable_x_header = 1; /* enabled by default */ - -+pid_t daemon_pid; -+static char pidfile[] = "/var/run/amavis/amavisd-new-milter.pid"; -+ - static void amavis_syslog(const int, const char *, ...); - static char *amavis_mkdtemp(char *, int); - static int group_member(const char *); -@@ -146,6 +150,38 @@ - static sfsistat mlfi_cleanup(SMFICTX *, sfsistat, mybool); - - -+void -+get_lock() -+ /* check if another daemon is running */ -+{ -+ int otherpid = 0; -+ FILE *daemon_lockfp = NULL; -+ int fd; -+ -+ if (((fd = open(pidfile, O_RDWR|O_CREAT, 0644)) == -1 ) -+ || ((daemon_lockfp = fdopen(fd, "r+"))) == NULL) -+ { -+ amavis_syslog(DBG_FATAL, "can't open or create %s", pidfile); -+ exit(EX_UNAVAILABLE); -+ } -+ if ( flock(fd, LOCK_EX|LOCK_NB) != 0 ) -+ { -+ fscanf(daemon_lockfp, "%d", &otherpid); -+ amavis_syslog(DBG_INFO, "can't lock %s, running daemon's pid may be %d", pidfile, otherpid); -+ exit(EX_UNAVAILABLE); -+ } -+ -+ fcntl(fd, F_SETFD, 1); -+ -+ rewind(daemon_lockfp); -+ fprintf(daemon_lockfp, "%d\n", (int) daemon_pid); -+ fflush(daemon_lockfp); -+ ftruncate(fileno(daemon_lockfp), ftell(daemon_lockfp)); -+ /* abandon fd and daemon_lockfp even though the file is open. we need to- -+ * keep it open and locked, but we don't need the handles elsewhere. -+ */ -+} -+ - static void - amavis_syslog(const int level, const char *fmt, ...) - { -@@ -823,7 +859,7 @@ - mlfi_abort(SMFICTX *ctx) - { - struct mlfiPriv *priv = MLFIPRIV; -- amavis_syslog(DBG_WARN, "%s: (mlfi_abort)", -+ amavis_syslog(DBG_DEBUG, "%s: (mlfi_abort)", - (!priv || !priv->mlfi_queueid ? "?" : priv->mlfi_queueid) ); - return mlfi_cleanup(ctx, SMFIS_CONTINUE, 0); - } -@@ -936,6 +972,7 @@ - - pid_t pid; - int devnull; -+ int result; - - #if !defined(HAVE_MKDTEMP) && !defined(HAVE_MKTEMP) - int mypid = getpid(); -@@ -1123,9 +1160,15 @@ - - /* smfi_settimeout(1800); */ /* defaults to 7210 seconds */ - -+ daemon_pid = getpid(); -+ get_lock(); -+ - /* hand control over to libmilter */ -- amavis_syslog(DBG_WARN, "Starting, handing off to smfi_main"); -- return smfi_main(); -+ amavis_syslog(DBG_INFO, "Starting, handing off to smfi_main"); -+ result=smfi_main(); -+ -+ remove(pidfile); -+ return(result); - } - - /* eof */ diff -u amavisd-new-2.5.3/debian/patches/00list amavisd-new-2.5.3/debian/patches/00list --- amavisd-new-2.5.3/debian/patches/00list +++ amavisd-new-2.5.3/debian/patches/00list @@ -3,7 +3,5 @@ 40_fix_paths 45_misc_doc_changes -50_amavis-milter_pidfile_support 55_helper-progs_build_fixes -70_fix_milter_permissions.dpatch 71_fqdn-warning reverted: --- amavisd-new-2.5.3/debian/amavisd-new-milter.postinst +++ amavisd-new-2.5.3.orig/debian/amavisd-new-milter.postinst @@ -1,55 +0,0 @@ -#! /bin/sh -# postinst script for amavisd-new -# $Id: amavisd-new-milter.postinst 104 2003-03-28 04:35:57Z hmh $ -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `configure' -# * `abort-upgrade' -# * `abort-remove' `in-favour' -# -# * `abort-deconfigure' `in-favour' -# `removing' -# -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package -# -# quoting from the policy: -# Any necessary prompting should almost always be confined to the -# post-installation script, and should be protected with a conditional -# so that unnecessary prompting doesn't happen if a package's -# installation fails and the `postinst' is called with `abort-upgrade', -# `abort-remove' or `abort-deconfigure'. - -case "$1" in - configure) - # add amavis system user and group (requires adduser >= 3.34) - for i in /usr/sbin/amavis-milter - do - if ! dpkg-statoverride --list $i > /dev/null - then - dpkg-statoverride --update --add amavis amavis 4755 $i - fi - done - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 - diff -u amavisd-new-2.5.3/debian/changelog amavisd-new-2.5.3/debian/changelog --- amavisd-new-2.5.3/debian/changelog +++ amavisd-new-2.5.3/debian/changelog @@ -1,3 +1,30 @@ +amavisd-new (1:2.5.3-1ubuntu2) hardy; urgency=low + + * Stop building amavisd-new-milter binary so the package can be promoted + to Main + - In debian/control remove amavisd-new-milter binary and build-dep on + libmilter-dev + - In debian/rules remove make call for amavisd-new-milter and binary + arch rules + - Remove: + debian/amavisd-new-milter.dirs + debian/amavisd-new-milter.init + debian/amavisd-new-milter.links + debian/amavisd-new-milter.postinst + debian/amavisd-new-milter.postrm + debian/patches/50_amavis-milter_pidfile_support.dpatch + debian/patches/70_fix_milter_permissions.dpatch + - Adjust debian/patches/00list for removed patches + - Change milter content in README.Debian with a note that this package no + longer provides amavisd-new-milter + - Remove milter references in debian/amavisd-new.8 + - Adjust debian/patches/45_misc_doc_changes.dpatch to remove milter + related docs + - Adjust debian/patches/55_helper-progs_build_fixes.dpatch to not build + the milter package. + + -- Scott Kitterman Tue, 15 Jan 2008 21:17:57 -0500 + amavisd-new (1:2.5.3-1ubuntu1) hardy; urgency=low diff -u amavisd-new-2.5.3/debian/rules amavisd-new-2.5.3/debian/rules --- amavisd-new-2.5.3/debian/rules +++ amavisd-new-2.5.3/debian/rules @@ -32,14 +32,10 @@ endif CFLAGS +=$(DEBUGFLAGS) -helper-progs/configure: patch-stamp - cd helper-progs && autoheader2.13 && autoconf2.13 - configure: configure-stamp -configure-stamp: patch-stamp helper-progs/configure +configure-stamp: patch-stamp dh_testdir # Add here commands to configure the package. - cd helper-progs && ./configure \ --prefix=/usr \ --with-runtime-dir=/var/lib/amavis \ --with-sockname=/var/lib/amavis/amavisd.sock \ @@ -51,7 +47,6 @@ dh_testdir # Add here commands to compile the package. - make -C helper-progs touch build-stamp clean: clean-patched unpatch @@ -61,11 +56,6 @@ rm -f build-stamp configure-stamp rm -rf build - [ ! -f helper-progs/Makefile ] || make -C helper-progs clean - rm -rf helper-progs/autom4te.cache - rm -f helper-progs/config.h helper-progs/Makefile - rm -f helper-progs/config.log helper-progs/config.status helper-progs/config.cache - rm -f helper-progs/config.h.in helper-progs/configure # Debian housekeeping dh_clean @@ -114,9 +104,6 @@ dh_movefiles - make -C helper-progs install DESTDIR=$(CURDIR)/debian/amavisd-new-milter/usr/sbin - - # Build architecture-independent files here. binary-indep: build install dh_testdir @@ -147,32 +134,32 @@ dh_builddeb -i # Build architecture-dependent files here. -binary-arch: build install - dh_testdir - dh_testroot - dh_installdebconf -a -n +#binary-arch: build install +# dh_testdir +# dh_testroot +# dh_installdebconf -a -n # dh_installdocs -a # dh_installexamples -a - dh_installmenu -a +# dh_installmenu -a # dh_installlogrotate # dh_installpam # dh_installmime - dh_installinit -a -- defaults 19 21 - dh_installcron -a - dh_installman -a - dh_installinfo -a +# dh_installinit -a -- defaults 19 21 +# dh_installcron -a +# dh_installman -a +# dh_installinfo -a # dh_installchangelogs -a -k RELEASE_NOTES - dh_link -a - dh_strip -a - dh_compress -a - dh_fixperms -a +# dh_link -a +# dh_strip -a +# dh_compress -a +# dh_fixperms -a # dh_makeshlibs - dh_installdeb -a - dh_perl -a - dh_shlibdeps -a - dh_gencontrol -a - dh_md5sums -a - dh_builddeb -a +# dh_installdeb -a +# dh_perl -a +# dh_shlibdeps -a +# dh_gencontrol -a +# dh_md5sums -a +# dh_builddeb -a binary: binary-indep binary-arch .PHONY: build clean clean-patched binary-indep binary-arch binary install configure reverted: --- amavisd-new-2.5.3/debian/amavisd-new-milter.init +++ amavisd-new-2.5.3.orig/debian/amavisd-new-milter.init @@ -1,79 +0,0 @@ -#! /bin/sh -# -# amavisd-new-milter /etc/init.d/ initscript for amavisd-new milter -# $Id: amavisd-new-milter.init 411 2004-05-15 04:45:59Z hmh $ -# -# Copyright (c) 2003 by Brian May -# and Henrique M. Holschuh -# Distributed under the GPL version 2 -# -### BEGIN INIT INFO -# Provides: amavisd-new-milter -# Required-Start: $syslog -# Required-Stop: $syslog -# Should-Start: $local_fs -# Should-Stop: $local_fs -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Starts the milter for amavisd-new -# Description: milter for sendmail/postfix and amavisd-new -### END INIT INFO - -PATH=/sbin:/bin:/usr/sbin:/usr/bin -DAEMON=/usr/sbin/amavis-milter -PARENTDAEMON=/usr/sbin/amavisd-new -NAME=amavis-milter -DESC="AMaViS Daemons (milter)" -PARAMS="-D -p /var/lib/amavis/amavisd-new-milter.sock" - -test -f ${PARENTDAEMON} || exit 0 -test -f ${DAEMON} || exit 0 - -set -e - -START="--start --quiet --pidfile /var/run/amavis/amavisd-new-milter.pid --chuid amavis --startas ${DAEMON} --name ${NAME} -- ${PARAMS}" - -case "$1" in - start) - echo -n "Starting $DESC: " - if start-stop-daemon ${START} >/dev/null 2>&1; then - echo "${NAME}." - else - if start-stop-daemon --test ${START} >/dev/null 2>&1; then - echo "(failed)." - exit 1 - else - echo "(already running)." - exit 0 - fi - fi - ;; - stop) - echo -n "Stopping $DESC: " - if start-stop-daemon --stop --quiet --retry 10 --name ${NAME} \ - --pidfile /var/run/amavis/amavisd-new-milter.pid \ - --startas $DAEMON >/dev/null 2>&1; then - echo "${NAME}." - else - if start-stop-daemon --test ${START} >/dev/null 2>&1; then - echo "(not running)." - exit 0 - else - echo "(failed)." - exit 1 - fi - fi - ;; - restart|force-reload) - $0 stop - exec $0 start - ;; - *) - N=/etc/init.d/amavisd-new-milter - #echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 - echo "Usage: $N {start|stop|restart|force-reload}" >&2 - exit 1 - ;; -esac - -exit 0 diff -u amavisd-new-2.5.3/debian/amavisd-new.8 amavisd-new-2.5.3/debian/amavisd-new.8 --- amavisd-new-2.5.3/debian/amavisd-new.8 +++ amavisd-new-2.5.3/debian/amavisd-new.8 @@ -58,9 +58,6 @@ and fed back to the MTA through a new SMTP connection. There is no buffering to disk by amavis, it will report that the transfer was sucessfull only after the forwarding MTA has accepted the message. -.PP -It is possible to use the sendmail milter interface instead of the SMTP -proxy method, as well. .\" TeX users may be more comfortable with the \fB\fP and .\" \fI\fP escape sequences to invode bold face and italics, .\" respectively. reverted: --- amavisd-new-2.5.3/debian/amavisd-new-milter.links +++ amavisd-new-2.5.3.orig/debian/amavisd-new-milter.links @@ -1 +0,0 @@ -usr/share/doc/amavisd-new usr/share/doc/amavisd-new-milter diff -u amavisd-new-2.5.3/debian/control amavisd-new-2.5.3/debian/control --- amavisd-new-2.5.3/debian/control +++ amavisd-new-2.5.3/debian/control @@ -4,7 +4,7 @@ Maintainer: Ubuntu Core Developers XSBC-Original-Maintainer: Brian May Uploaders: Henrique de Moraes Holschuh , Alexander Wirt -Build-Depends: debhelper (>= 5), libmilter-dev, po-debconf, dpatch (>= 2), patch (>= 2.5.9-3bpo1), dpkg-dev (>= 1.13.19), autoconf2.13 +Build-Depends: debhelper (>= 5), po-debconf, dpatch (>= 2), patch (>= 2.5.9-3bpo1), dpkg-dev (>= 1.13.19), autoconf2.13 Standards-Version: 3.7.3 Package: amavisd-new @@ -30,18 +29,0 @@ -Package: amavisd-new-milter -Architecture: any -Depends: ${shlibs:Depends}, amavisd-new (= ${source:Version}) -Description: Interface between sendmail-milter and amavisd-new - AMaViSd-new is a script that interfaces a mail transport agent (MTA) with - zero or more virus scanners, and spamassassin (optional). - . - It supports all common virus scanners (more than 20 different AVs), with - direct talk-to-daemon support for ClamAV, OpenAntiVirus, Trophie, AVG, - f-prot, and Sophos AVs. - . - AMaViSd-new supports all MTAs through its generic SMTP/LMTP filter mode - (ideal for postfix and exim). It is faster and safer to use the SMTP/LMTP - filter mode than using the AMaViS pipe client. It supports sendmail milter - through this package. - . - This package contains the milter client, and a generic command line client - for amavisd-new.