--- opendmarc-1.3.2.orig/debian/.new +++ opendmarc-1.3.2/debian/.new @@ -0,0 +1,31 @@ +# Automatically Generated by systemd service file generator. +# To change the editable parameters, edit /etc/default/ and then do +# systemctl restart . + +# If you are using OpenDMARC with SQL datasets it might be necessary to start +# OpenDMARC after the database servers. For example, if using both MariaDB and +# PostgreSQL, edit /etc/default/ to add the needed definitions to +# EXTRAAFTER. If used, mariadb.service and postgresql.service would have to be +# added. + +[Unit] +Description=OpenDMARC Milter +Documentation=man:opendmarc(8) man:opendmarc.conf(5) +After=network.target nss-lookup.target + +[Service] +Type=forking +PIDFile= +PermissionsStartOnly=true +User=kitterma +Group= +ExecStartPre=-/bin/sh /lib//.service.generate +ExecStartPre=-/bin/mkdir -p +ExecStartPre=-/bin/chown kitterma. +ExecStartPre=-/bin/chmod 770 +ExecStart=/usr/sbin/opendkim -p -x /etc/.conf -u kitterma -P +Restart=on-failure +ExecReload=/bin/kill -USR1 $MAINPID + +[Install] +WantedBy=multi-user.target --- opendmarc-1.3.2.orig/debian/README.Debian +++ opendmarc-1.3.2/debian/README.Debian @@ -0,0 +1,57 @@ +opendmarc for Debian +------------------- + +Configuration Notes for Debian systes +-------------------------------------------- + +The DMARC protocol is built on top of SPF and DKIM. OpenDMARC needs SPF and +DKIM verification results as an input. OpenDMARC uses RFC 5451 Authentication +Results header fields to get those results. OpenDMARC will use header fields +with an AuthservID that matches either the one specified in +/etc/opendmarc.conf or the system hostname. It is important to verify that +the AuthservID provided by SPF and DKIM verifiers matches the one that +opendmarc expects. + +In Debian, postfix-policyd-spf-python and opendkim have been tested to +generate appropriate A-R header fields. For postfix-policyd-spf-python, +however, it is not the default configuration. See man 5 policyd-spf.conf for +information on how to configure it to generate A-R header fields. + +To generate aggregate feedback reports a MySQL database is needed. See the +man pages for opendmarc-expire, opendmarc-import, opendmarc-params, and +opendmarc-reports for details on how the aggregate report data collection and +report generation works. The database schema, setup script, and README.schema +files can be found in /usr/share/doc/opendmarc. + +Notes for Postfix users +----------------------- + +Postfix users who wish to access the opendmarc service via UNIX socket +may need to add the postfix user to the opendmarc group and ensure that +UMask is set to 002 in /etc/opendkim.conf, in order to make the socket + readable by Posfix. + +Users may also need to move the socket into a directory accessible by the +Postfix chroot; this can be accomplished by setting the SOCKET variable +in /etc/systemd/system/opendmarc.service.d/overrride.conf (if systemd is used) +or in /etc/default/opendmarc (if SysV is used). Alternately, it can be set in +the installed configuration file, /etc/opendmarc.conf. + +If opendmarc fails to start during boot, add After=network-online.target to +/etc/systemd/system/opendmarc.service.d/overrride.conf (if systemd is used) to +ensure the network is fully initialized before opendkim is started. This is +not likely to be an issue with SysV. + +The default is to connect to the filter over a Unix socket. It can also use +TCP sockets. The filter can be bound to localhost to prevent other hosts from +accessing it. For example, to bind to port 8892, specify +"inet:8892@localhost". In order to use a TCP socket for a specific IP +address, that address has to be bound to an active network connection. + +Changing group ownership of socket +---------------------------------- + +The group ID of the UNIX socket created by opendkim can be changed by +changing the primary GID of the opendmarc user, e.g.: +$ usermod -g mail opendmarc + --- opendmarc-1.3.2.orig/debian/README.source +++ opendmarc-1.3.2/debian/README.source @@ -0,0 +1,58 @@ +This package uses quilt to manage all modifications to the upstream +source. Changes are stored in the source package as diffs in +debian/patches and applied during the build. + +To configure quilt to use debian/patches instead of patches, you want +either to export QUILT_PATCHES=debian/patches in your environment +or use this snippet in your ~/.quiltrc: + + for where in ./ ../ ../../ ../../../ ../../../../ ../../../../../; do + if [ -e ${where}debian/rules -a -d ${where}debian/patches ]; then + export QUILT_PATCHES=debian/patches + break + fi + done + +To get the fully patched source after unpacking the source package, cd to +the root level of the source package and run: + + quilt push -a + +The last patch listed in debian/patches/series will become the current +patch. + +To add a new set of changes, first run quilt push -a, and then run: + + quilt new + +where is a descriptive name for the patch, used as the filename in +debian/patches. Then, for every file that will be modified by this patch, +run: + + quilt add + +before editing those files. You must tell quilt with quilt add what files +will be part of the patch before making changes or quilt will not work +properly. After editing the files, run: + + quilt refresh + +to save the results as a patch. + +Alternately, if you already have an external patch and you just want to +add it to the build system, run quilt push -a and then: + + quilt import -P /path/to/patch + quilt push -a + +(add -p 0 to quilt import if needed). as above is the filename to +use in debian/patches. The last quilt push -a will apply the patch to +make sure it works properly. + +To remove an existing patch from the list of patches that will be applied, +run: + + quilt delete + +You may need to run quilt pop -a to unapply patches first before running +this command. --- opendmarc-1.3.2.orig/debian/changelog +++ opendmarc-1.3.2/debian/changelog @@ -0,0 +1,334 @@ +opendmarc (1.3.2-3) unstable; urgency=medium + + * Update opendmarc service file so changes in opendmarc.conf are used and + update opendmarc.conf to match values previously hard-coded in the service + file and better align to the organization in the upstream example + configuration (Closes: #863612) + - Thanks to Jack Bates for the patch + + -- Scott Kitterman Mon, 11 Dec 2017 14:22:44 -0500 + +opendmarc (1.3.2-2) unstable; urgency=medium + + * Do not remove /etc/default/opendkim on upgrade since it is a conffile + because policy 10.7.3 (Closes: #863173) + + -- Scott Kitterman Mon, 22 May 2017 18:11:58 -0400 + +opendmarc (1.3.2-1) unstable; urgency=medium + + * New upstream release + - Update debian/copyright (added 2017) + - Remove patches applied upstrea (debian/patches/ticket095.patch, + ticket165_incomplete.patch, ticket166.patch, ticket185.patch, and + ticket187.patch) + * Update README.Debian to point to use of opendmarc.service.d/overrride.conf + with systemd (Closes: #856489, #856057) + * Update README.Debian to explain that TCP sockets bound to a specific IP + address will not work if that address is not bound to a network connection + and how to work avoid startup issues if network initialization is too slow + (Closes: #856488) + + -- Scott Kitterman Mon, 13 Mar 2017 21:44:33 -0400 + +opendmarc (1.3.2~Beta1-2) unstable; urgency=medium + + * Add debian/patches/ticket193.patch to fix compatibility with mysql strict + mode + - Update openmarc.docs for new README and schema update files + * Add debian/patches/ticket159.patch so that history file location is taken + from opendmarc.conf rather than hard coded + + -- Scott Kitterman Sat, 07 Jan 2017 11:36:04 -0500 + +opendmarc (1.3.2~Beta1-1) unstable; urgency=medium + + * New upstream release + * Remove patches applied upstream (debian/patches/ticket181.patch, + ticket186.patch, ticket188.patch, ticket194.patch, ticket195.patch, and + ticket196.patch + * Update debian/copyright + * Fix symbols-file-contains-debian-revision in debian/libopendmarc2.symbols + * Update debian/opendmarc.docs for removal of reports/mkdb.mysql + + -- Scott Kitterman Sat, 07 Jan 2017 01:06:55 -0500 + +opendmarc (1.3.2~Beta0+dfsg-5) unstable; urgency=medium + + * Fix opendmarc.service so it will successfully start opendmarc in the + absence of the (usually present) override file + + -- Scott Kitterman Tue, 06 Dec 2016 20:20:21 -0500 + +opendmarc (1.3.2~Beta0+dfsg-4) unstable; urgency=medium + + * Fix debiam/rules so linking to libspf2 actually works + * Additional patches from the upstream bug tracker: + - Correct SPF related processing issues with IPv6 + https://sf.net/p/opendmarc/tickets/95/ + - Complete correction for #165: Fix logic in checking which SPF, + identifier was used: debian/patches/ticket165_incomplete.patch + + -- Scott Kitterman Sat, 03 Dec 2016 20:54:45 -0500 + +opendmarc (1.3.2~Beta0+dfsg-3) unstable; urgency=medium + + * Fixup opendmarc.service installation and update based on changes from the + opendkim package (Closes: #843247, #843327) + - /etc/default/opendmarc will be removed on systems using systemd (see + opendmarc.NEWS) + * Create run dir on install in postinst + * Only override dh_fixperms instead of dh_install as it is more correct and + only override for -arch, not indep to fix indep only build (Closes: + #843366) + - Thanks to Santiago Vila for the report and the fix + * Cherry-pick additional changes from upstream bug tracker: + - Correct processing if a domain has a size limit on its ruf address + https://sourceforge.net/p/opendmarc/tickets/174/ + - Correct error in help processing for opendmarc-reports + https://sourceforge.net/p/opendmarc/tickets/181/ + - Fix segfaults when invoked for local/ignored hosts (Closes: #843330) + https://sourceforge.net/p/opendmarc/tickets/185/ + - Fix bug in dmarcf_config_reload function + https://sourceforge.net/p/opendmarc/tickets/186/ + - Fix compile and functional fix for SPF result logging (more complete + replacement for current fix_compile.patch) + https://sourceforge.net/p/opendmarc/tickets/187/ + - Fix issue with deleting zip file too early in opendmarc-reports + https://sourceforge.net/p/opendmarc/tickets/188/ + - Fix history file SPF results (use AR format) + https://sourceforge.net/p/opendmarc/tickets/195/ + - Fix issue with wrong DMARC state in Auth-Res header + https://sourceforge.net/p/opendmarc/tickets/194/ + - Fix RecordAllMessages = false so it works + https://sourceforge.net/p/opendmarc/tickets/196/ + + -- Scott Kitterman Tue, 08 Nov 2016 00:48:22 -0500 + +opendmarc (1.3.2~Beta0+dfsg-2) unstable; urgency=medium + + * Upload to unstable + - Despite being a beta, it appears to be more reliable than the previous + release + * Replace TimeoutStartSec=10 with Restart=on-failure in + opendmarc.service to give more time for initial start-up and to make + sure opendmarc starts eventually See #837376 + * Fix group permissions on /var/run/opendmarc See #837375 + * Generate opendkim.service in postinst instead of shipping it in the + package See #837374 + * Correct executability of opendmarc.service.generate + + -- Scott Kitterman Sun, 30 Oct 2016 08:47:07 -0400 + +opendmarc (1.3.2~Beta0+dfsg-1) experimental; urgency=medium + + * New upstream beta release + - Drop patches for incorporated changes + - Refresh remaining patches + - Update libopendmarc2.symbols + * Add systemd service file + - Parameters generated from /etc/default/opendmarc based on opendkim + implementation + + -- Scott Kitterman Wed, 20 Jul 2016 01:39:28 -0400 + +opendmarc (1.3.1+dfsg-4) unstable; urgency=medium + + * Set CONFIG_SHELL=/bin/sh to work around captures_shell_variable_in_autofoo + _script and make the build reproducible + * Bump standards version to 3.9.8 without further change + * Update debian/watch so it is working again + * Add reviewed patches from sourceforge tickets since a new upstream release + seems to be nowhere in sight. + - Adds new RejectString option to define custom text for rejection reason + + -- Scott Kitterman Sat, 02 Jul 2016 22:52:59 -0400 + +opendmarc (1.3.1+dfsg-3) unstable; urgency=medium + + * Use system public suffix list so organizational domain can be determined + - Add publicsuffix to opendmarc depends + - Add PublicSuffixList to installed opendmarc.conf + * Fix use of Debian revision in libopendmarc2.symbols + * Update debian/watch (thanks to bartm) + + -- Scott Kitterman Tue, 26 Jan 2016 17:06:30 -0500 + +opendmarc (1.3.1+dfsg-2) unstable; urgency=medium + + * Upload to unstable + * Add debian/patches/fix-incompatible-pointer-type + - Thanks to Sebastian A. Siewior for the patch + * Fix enabling of SPF: update configure and add new symbols + (Closes: #781048) + - Thanks to Christophe Wolfhugel for both the report and the fix + * Update installed opendmarc.conf to use the term FailureReports vice + ForensiceReports (Closes: #783180) + - Thanks to Olaf Zaplinski for the report + + -- Scott Kitterman Thu, 23 Apr 2015 13:41:35 -0400 + +opendmarc (1.3.1+dfsg-1) experimental; urgency=medium + + * New upstream release (Closes: #761444, #761451) + * Bump standards version to 3.9.6 without further change) + + -- Scott Kitterman Mon, 23 Feb 2015 16:52:23 -0500 + +opendmarc (1.3.0+dfsg-1) unstable; urgency=medium + + * Upload to unstable + * New upstream release + - Drop debian/patches/missing_include.patch, incorporated upstream + - Update for new soname (rename libopendmarc1 to libopendmarc2, update + libopendmarc-dev depends, and rename install/symbols files) + * Update debian/copyright + + -- Scott Kitterman Fri, 01 Aug 2014 03:03:09 -0400 + +opendmarc (1.3.0~beta4+dfsg-2) experimental; urgency=medium + + * Update debian/patches/missing_include.patch to move the build-config.h + before the STRL checks in opendmarc/config.c and test.c + + -- Scott Kitterman Wed, 30 Jul 2014 15:45:28 -0400 + +opendmarc (1.3.0~beta4+dfsg-1) experimental; urgency=medium + + * New upstream beta release + * Patch configure.ac to add tests for presence of libbsd/string.h and + use USE_BSD_H and USE_STRL_H to select the correct include + - Based on similar changes done for opendkim + + -- Scott Kitterman Wed, 30 Jul 2014 12:00:37 -0400 + +opendmarc (1.3.0~beta3+dfsg-1) experimental; urgency=medium + + * New upstream beta release + - Repacked tarball to remove non-free internet draft + - Updated debian/libopendmarc1.symbols + - Enable new internal SPF checking with libspf2 + - Add libspf2-dev to build-depends + - Adjust configure in debian/rules + * Update standards version to 3.9.5 without further change + * Enable use of syslog by default + * Run as opendmarc:opendmarc by default + * Decluttered installed configuration file + * Improved rddmarc package description + + -- Scott Kitterman Sat, 19 Jul 2014 02:18:01 -0400 + +opendmarc (1.2.0+dfsg-1) unstable; urgency=medium + + * Upload to Unstable + * New upstream release + - Repacked tarball to remove non-free internet draft + - Fixes hard coded parameters in dmarcfail (Closes: #720392) + + -- Scott Kitterman Mon, 17 Mar 2014 20:38:42 -0400 + +opendmarc (1.2.0~beta3+dfsg-1) experimental; urgency=low + + * New upstream beta release + - Repack upstream tarball to remove non-free IETF draft + - Add libbsd-dev to build-depends to use system strlcat/strlcpy + - Update libopendkim1.symbols + - Fixes hard coded parameters in dmarcfail (Closes: #720392) + * Move dmarcfail and rddmarc to /usr/share/doc as suggested by upstream + * Update package descriptions + + -- Scott Kitterman Thu, 13 Mar 2014 00:27:01 -0400 + +opendmarc (1.1.3-1) unstable; urgency=low + + * New upstream release + - Update draft-dmarc-base version number in opendmarc.docs + + -- Scott Kitterman Sun, 14 Apr 2013 18:34:00 -0400 + +opendmarc (1.1.2-1) unstable; urgency=low + + * New upstream release + + -- Scott Kitterman Mon, 01 Apr 2013 10:58:46 -0400 + +opendmarc (1.1.1-1) unstable; urgency=low + + * New upstream release + * Update debian/watch now that we don't mangle the version anymore + + -- Scott Kitterman Mon, 18 Mar 2013 22:04:19 -0400 + +opendmarc (1.1.0-1) unstable; urgency=low + + * Uploading to unstable + * New upstream final release + + -- Scott Kitterman Fri, 08 Mar 2013 13:40:54 -0500 + +opendmarc (1.1.0~beta2-1) experimental; urgency=low + + * New upstream beta release + - Drop debian/patches/warnings_fix.patch since it is included upstream + - Update debian/copyright + - Update for new library SO name libopendmarc0* -> libopendmarc1 + - Update symbols file + + -- Scott Kitterman Thu, 28 Feb 2013 03:24:00 -0500 + +opendmarc (1.1.0~beta1-2) experimental; urgency=low + + * Fix borked dh_autoreconf change in debian/rules in the last upload + + -- Scott Kitterman Tue, 12 Feb 2013 00:21:10 -0500 + +opendmarc (1.1.0~beta1-1) experimental; urgency=low + + * New upstream beta release + - Update symbols file + - Update debian/copyright + * Add debian/patches/warnings_fix.patch for upstream changes made post- + release to address compiler warnings + * Update debian/rules for better cross-building support, based on changes + from Adam Conrad for opendkim + - Add dh-autoreconf to build-depends + + -- Scott Kitterman Mon, 11 Feb 2013 15:27:52 -0500 + +opendmarc (1.1.0~beta0-1) experimental; urgency=low + + * New upstream beta release + - Repacking on longer required because DMARC specification license is now + included in the upstream tarball + - Update symbols file + - Re-enable tests since they no longer require network access + - Added new reports/mkdb.mysql setup script to debian/opendmarc.docs + * Include MySQL schema files and readme in /usr/share/doc/opendmarc to + support DMARC aggregate reporting + * Update debian/README.Debian + * Set umask in opendmarc.conf so Unix socket has proper permissions + * Fix libopendmarc-dev package description to be about opendmarc and not + opendkim (Closes: #699278) + + -- Scott Kitterman Wed, 06 Feb 2013 10:24:23 -0500 + +opendmarc (1.0.1+dfsg-3) unstable; urgency=low + + * Upload to unstable + * Correct option for using installed configuration file in + debian/opendmarc.init + + -- Scott Kitterman Wed, 12 Dec 2012 18:48:33 -0500 + +opendmarc (1.0.1+dfsg-2) experimental; urgency=low + + * Disable opendmarc tests since they require network access + + -- Scott Kitterman Wed, 12 Dec 2012 00:49:42 -0500 + +opendmarc (1.0.1+dfsg-1) experimental; urgency=low + + * Initial release (Closes: #692940) + * Repacked upstream tarball to add license for DMARC specification + + -- Scott Kitterman Mon, 23 Jul 2012 18:17:11 -0400 --- opendmarc-1.3.2.orig/debian/compat +++ opendmarc-1.3.2/debian/compat @@ -0,0 +1 @@ +9 --- opendmarc-1.3.2.orig/debian/control +++ opendmarc-1.3.2/debian/control @@ -0,0 +1,78 @@ +Source: opendmarc +Section: mail +Priority: extra +Maintainer: Scott Kitterman +Build-Depends: debhelper (>= 9), libmilter-dev, pkg-config, opendkim-tools, + libspf2-dev, libbsd-dev, autotools-dev, automake, dh-autoreconf, quilt +Standards-Version: 3.9.8 +Homepage: http://www.trusteddomain.org/opendmarc + +Package: opendmarc +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, lsb-base, publicsuffix +Recommends: libopendbx1, libopendbx1-mysql, perl, libswitch-perl, libdbi-perl, + libdbd-mysql-perl, libhttp-message-perl, ${perl:Depends} +Description: Milter implementation of DMARC + Domain-based Message Authentication, Reporting and Conformance (DMARC), + builds on the successes of technologies such as DomainKeys Identified Mail + (DKIM) and the Sender Policy Framework (SPF) to create an infrastructure that + enforces policy on domain names that are visible to end users, and creates a + feedback framework for identifying and tracking fraudulent use of domain + names in email. It uses OpenDBX as an interface layer to various SQL back + ends. + . + It provides the following new capabilities: + . + A binding between the domain name seen in the From: field of a message and + one or both of the domain names verified by DKIM and SPF; + . + The capability to request that receivers enforce strict message + authentication policy published by the author; and Comprehensive reporting, + both forensic and aggregate, regarding suspect messages. + . + This package contains the OpenDMARC mail filter (Milter) for plugging into + Milter-aware MTAs. It implements support for both message reject and DMARC + failure reporting. + + +Package: libopendmarc2 +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Library for DMARC validation and reporting + Domain-based Message Authentication, Reporting and Conformance (DMARC), + builds on the successes of technologies such as DomainKeys Identified Mail + (DKIM) and the Sender Policy Framework (SPF) to create an infrastructure that + enforces policy on domain names that are visible to end users, and creates a + feedback framework for identifying and tracking fraudulent use of domain + names in email. + . + This package provides library for implementing mail validation and reporting + for the experimental DMARC standard. + +Package: libopendmarc-dev +Section: libdevel +Architecture: any +Depends: libopendmarc2 (= ${binary:Version}), ${misc:Depends} +Description: Headers and development libraries for the OpenDMARC library + Domain-based Message Authentication, Reporting and Conformance (DMARC), + builds on the successes of technologies such as DomainKeys Identified Mail + (DKIM) and the Sender Policy Framework (SPF) to create an infrastructure that + enforces policy on domain names that are visible to end users, and creates a + feedback framework for identifying and tracking fraudulent use of domain + names in email. + . + This package provides the required header files and development libraries for + developing against the OpenDMARC library. + +Package: rddmarc +Architecture: all +Depends: python, python-mysqldb, perl, libdbi-perl, libxml-simple-perl, + libmime-tools-perl, ${perl:Depends}, ${misc:Depends} +Description: Sample DMARC report processing scripts collection + There are currently three example scripts provided: + . + - rddmarc: Perl the script to parse DMARC summary reports + - mkdmarc - SQL to create the tables + - dmarcfail: Parses DMARC forensic reports from Netease and adds them to a + MySQL database to assist in further analysis. --- opendmarc-1.3.2.orig/debian/copyright +++ opendmarc-1.3.2/debian/copyright @@ -0,0 +1,171 @@ +This package was debianized by Scott Kitterman on +Tue, 30 Oct 2012 14:46:53 +0100. + +It was downloaded from http://sourceforge.net/projects/opendkim + +Copyright Holder: The OpenDKIM Project. + +Based on code from DKIM Milter, copyright Sendmail Inc. + +Copyright: +Copyright (c) 2009, 2010, 2012, 2013, 2014, 2015, 2016, 2017 The Trusted + Domain Project. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of The Trusted Domain Project nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +Portions of this project are also covered by the Sendmail Open Source +License, available in this distribution in the file "LICENSE.Sendmail". +See the copyright notice(s) in each file to determine whether it is covered +by either or both of the licenses. For example: + + Copyright (c) Sendmail, Inc. and its suppliers. + All rights reserved. + +Files bearing the banner above are covered under the Sendmail Open Source +License (see LICENSE.Sendmail). + + Copyright (c) , The Trusted Domain Project. + All rights reserved. + +Files bearing the banner above are covered under the Trusted Domain Project +License (above). + +Files bearing both banners are covered under both sets of license terms. + +THIS SOFTWARE IS PROVIDED BY THE TRUSTED DOMAIN PROJECT ''AS IS'' AND ANY +EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE TRUSTED DOMAIN PROJECT BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +For files: +opendmarc/parse.h Copyright (c) 2004 Sendmail, Inc. and its suppliers. +opendmarc/opendmarc-ar.c Copyright (c) 2007-2009 Sendmail, Inc. and its suppliers. +opendmarc/opendmarc-dstring.c Copyright (c) 2005-2009 Sendmail, Inc. and its suppliers. +opendmarc/opendmarc-dstring.h Copyright (c) 2004, 2005, 2007-2009 Sendmail, Inc. and its suppliers. +opendmarc/opendmarc-ar.h Copyright (c) 2007-2009 Sendmail, Inc. and its suppliers. +opendmarc/config.c Copyright (c) 2006-2009 Sendmail, Inc. and its suppliers. +opendmarc/parse.c Copyright (c) 2005, 2007, 2008 Sendmail, Inc. and its suppliers. +opendmarc/config.h Copyright (c) 2006-2008 Sendmail, Inc. and its suppliers + + SENDMAIL OPEN SOURCE LICENSE + +The following license terms and conditions apply to this open source +software ("Software"), unless a different license is obtained directly +from Sendmail, Inc. ("Sendmail") located at 6475 Christie Ave, Suite 350, +Emeryville, CA 94608, USA. + +Use, modification and redistribution (including distribution of any +modified or derived work) of the Software in source and binary forms is +permitted only if each of the following conditions of 1-6 are met: + +1. Redistributions of the Software qualify as "freeware" or "open + source software" under one of the following terms: + + (a) Redistributions are made at no charge beyond the reasonable + cost of materials and delivery; or + + (b) Redistributions are accompanied by a copy of the modified + Source Code (on an acceptable machine-readable medium) or by an + irrevocable offer to provide a copy of the modified Source Code + (on an acceptable machine-readable medium) for up to three years + at the cost of materials and delivery. Such redistributions must + allow further use, modification, and redistribution of the Source + Code under substantially the same terms as this license. For + the purposes of redistribution "Source Code" means the complete + human-readable, compilable, linkable, and operational source + code of the redistributed module(s) including all modifications. + +2. Redistributions of the Software Source Code must retain the + copyright notices as they appear in each Source Code file, these + license terms and conditions, and the disclaimer/limitation of + liability set forth in paragraph 6 below. Redistributions of the + Software Source Code must also comply with the copyright notices + and/or license terms and conditions imposed by contributors on + embedded code. The contributors' license terms and conditions + and/or copyright notices are contained in the Source Code + distribution. + +3. Redistributions of the Software in binary form must reproduce the + Copyright Notice described below, these license terms and conditions, + and the disclaimer/limitation of liability set forth in paragraph + 6 below, in the documentation and/or other materials provided with + the binary distribution. For the purposes of binary distribution, + "Copyright Notice" refers to the following language: "Copyright (c) + 1998-2009 Sendmail, Inc. All rights reserved." + +4. Neither the name, trademark or logo of Sendmail, Inc. (including + without limitation its subsidiaries or affiliates) or its contributors + may be used to endorse or promote products, or software or services + derived from this Software without specific prior written permission. + The name "sendmail" is a registered trademark and service mark of + Sendmail, Inc. + +5. We reserve the right to cancel this license if you do not comply with + the terms. This license is governed by California law and both of us + agree that for any dispute arising out of or relating to this Software, + that jurisdiction and venue is proper in San Francisco or Alameda + counties. These license terms and conditions reflect the complete + agreement for the license of the Software (which means this supercedes + prior or contemporaneous agreements or representations). If any term + or condition under this license is found to be invalid, the remaining + terms and conditions still apply. + +6. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY + SENDMAIL AND ITS CONTRIBUTORS "AS IS" WITHOUT WARRANTY OF ANY KIND + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A + PARTICULAR PURPOSE ARE EXPRESSLY DISCLAIMED. IN NO EVENT SHALL SENDMAIL + OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, + OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + WITHOUT LIMITATION NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +$Revision: 1.1 $ $Date: 2009/07/16 18:43:18 $ + +For file contrib/rddmarc/dmarcfail.py: + +# Copyright 2012, Taughannock Networks. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: + +# Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. + +# Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. + +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS +# OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED +# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY +# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + --- opendmarc-1.3.2.orig/debian/libopendmarc-dev.docs +++ opendmarc-1.3.2/debian/libopendmarc-dev.docs @@ -0,0 +1 @@ +libopendmarc/docs --- opendmarc-1.3.2.orig/debian/libopendmarc-dev.install +++ opendmarc-1.3.2/debian/libopendmarc-dev.install @@ -0,0 +1,3 @@ +usr/include/opendmarc +usr/lib/libopendmarc*.a +usr/lib/libopendmarc*.so --- opendmarc-1.3.2.orig/debian/libopendmarc2.install +++ opendmarc-1.3.2/debian/libopendmarc2.install @@ -0,0 +1 @@ +usr/lib/libopendmarc.so.2* --- opendmarc-1.3.2.orig/debian/libopendmarc2.symbols +++ opendmarc-1.3.2/debian/libopendmarc2.symbols @@ -0,0 +1,60 @@ +libopendmarc.so.2 libopendmarc2 #MINVER# + dmarc_dns_get_record@Base 1.1.0~beta2 + dmarc_strlcat@Base 1.1.0~beta2 + dmarc_strlcpy@Base 1.1.0~beta2 + opendmarc_dns_fake_record@Base 1.1.0~beta2 + opendmarc_get_policy_to_enforce@Base 1.1.0~beta2 + opendmarc_get_policy_token_used@Base 1.3.2~Beta0 + opendmarc_get_tld@Base 1.1.0~beta2 + opendmarc_hash_drop@Base 1.1.0~beta2 + opendmarc_hash_expire@Base 1.1.0~beta2 + opendmarc_hash_init@Base 1.1.0~beta2 + opendmarc_hash_lookup@Base 1.1.0~beta2 + opendmarc_hash_set_callback@Base 1.1.0~beta2 + opendmarc_hash_shutdown@Base 1.1.0~beta2 + opendmarc_policy_check_alignment@Base 1.1.0~beta2 + opendmarc_policy_connect_clear@Base 1.1.0~beta2 + opendmarc_policy_connect_init@Base 1.1.0~beta2 + opendmarc_policy_connect_rset@Base 1.1.0~beta2 + opendmarc_policy_connect_shutdown@Base 1.1.0~beta2 + opendmarc_policy_fetch_adkim@Base 1.1.0~beta2 + opendmarc_policy_fetch_alignment@Base 1.1.0~beta2 + opendmarc_policy_fetch_aspf@Base 1.1.0~beta2 + opendmarc_policy_fetch_fo@Base 1.1.0~beta2 + opendmarc_policy_fetch_p@Base 1.1.0~beta2 + opendmarc_policy_fetch_pct@Base 1.1.0~beta2 + opendmarc_policy_fetch_rf@Base 1.1.0~beta2 + opendmarc_policy_fetch_rua@Base 1.1.0~beta2 + opendmarc_policy_fetch_ruf@Base 1.1.0~beta2 + opendmarc_policy_fetch_sp@Base 1.1.0~beta2 + opendmarc_policy_fetch_utilized_domain@Base 1.1.0~beta2 + opendmarc_policy_library_dns_hook@Base 1.1.0~beta2 + opendmarc_policy_library_init@Base 1.1.0~beta2 + opendmarc_policy_library_shutdown@Base 1.1.0~beta2 + opendmarc_policy_parse_dmarc@Base 1.1.0~beta2 + opendmarc_policy_query_dmarc@Base 1.1.0~beta2 + opendmarc_policy_query_dmarc_xdomain@Base 1.2.0~beta3+dfsg + opendmarc_policy_status_to_str@Base 1.1.0~beta2 + opendmarc_policy_store_dkim@Base 1.1.0~beta2 + opendmarc_policy_store_dmarc@Base 1.1.0~beta2 + opendmarc_policy_store_from_domain@Base 1.1.0~beta2 + opendmarc_policy_store_spf@Base 1.1.0~beta2 + opendmarc_policy_to_buf@Base 1.1.0~beta2 + opendmarc_reverse_domain@Base 1.1.0~beta2 + opendmarc_spf2_alloc_ctx@Base 1.3.2~Beta0+dfsg + opendmarc_spf2_find_mailfrom_domain@Base 1.3.2~Beta0+dfsg + opendmarc_spf2_free_ctx@Base 1.3.2~Beta0+dfsg + opendmarc_spf2_specify_ip_address@Base 1.3.2~Beta0+dfsg + opendmarc_spf2_test@Base 1.3.2~Beta0+dfsg + opendmarc_tld_read_file@Base 1.1.0~beta2 + opendmarc_tld_shutdown@Base 1.1.0~beta2 + opendmarc_util_cleanup@Base 1.1.0~beta2 + opendmarc_util_clearargv@Base 1.1.0~beta2 + opendmarc_util_dupe_argv@Base 1.1.0~beta2 + opendmarc_util_finddomain@Base 1.1.0~beta2 + opendmarc_util_freenargv@Base 1.3.0~beta2 + opendmarc_util_pushargv@Base 1.1.0~beta2 + opendmarc_util_pushnargv@Base 1.3.0~beta2 + opendmarc_util_ultoa@Base 1.3.0~beta2 + opendmarc_xml@Base 1.1.0~beta2 + opendmarc_xml_parse@Base 1.1.0~beta2 --- opendmarc-1.3.2.orig/debian/opendmarc.NEWS +++ opendmarc-1.3.2/debian/opendmarc.NEWS @@ -0,0 +1,11 @@ +opendmarc (1.3.2~Beta0+dfsg-3) unstable; urgency=medium + + On systems using systemd, this version replaces /etc/default/opendmarc + with the files /etc/systemd/system/opendmarc.service.d/overrride.conf + and /etc/tmpfiles.d/opendmarc.conf carrying over non-default settings. + + Note: since /etc/default/opendmarc is removed if you are using systemd, if + you later switch back to sysvinit, you will have to manually recreate it + if needed. + + -- Scott Kitterman Tue, 08 Nov 2016 00:50:54 -0500 --- opendmarc-1.3.2.orig/debian/opendmarc.conf +++ opendmarc-1.3.2/debian/opendmarc.conf @@ -0,0 +1,114 @@ +# This is a basic configuration that can easily be adapted to suit a standard +# installation. For more advanced options, see opendkim.conf(5) and/or +# /usr/share/doc/opendmarc/examples/opendmarc.conf.sample. + +## AuthservID (string) +## defaults to MTA name +## +## Sets the "authserv-id" to use when generating the Authentication-Results: +## header field after verifying a message. If the string "HOSTNAME" is +## provided, the name of the host running the filter (as returned by the +## gethostname(3) function) will be used. +# +# AuthservID name + +## FailureReports { true | false } +## default "false" +## +## Enables generation of failure reports when the DMARC test fails and the +## purported sender of the message has requested such reports. Reports are +## formatted per RFC6591. +# +# FailureReports false + +## PidFile path +## default (none) +## +## Specifies the path to a file that should be created at process start +## containing the process ID. +# +PidFile /var/run/opendmarc/opendmarc.pid + +## PublicSuffixList path +## default (none) +## +## Specifies the path to a file that contains top-level domains (TLDs) that +## will be used to compute the Organizational Domain for a given domain name, +## as described in the DMARC specification. If not provided, the filter will +## not be able to determine the Organizational Domain and only the presented +## domain will be evaluated. +# +PublicSuffixList /usr/share/publicsuffix + +## RejectFailures { true | false } +## default "false" +## +## If set, messages will be rejected if they fail the DMARC evaluation, or +## temp-failed if evaluation could not be completed. By default, no message +## will be rejected or temp-failed regardless of the outcome of the DMARC +## evaluation of the message. Instead, an Authentication-Results header +## field will be added. +# +# RejectFailures false + +## Socket socketspec +## default (none) +## +## Specifies the socket that should be established by the filter to receive +## connections from sendmail(8) in order to provide service. socketspec is +## in one of two forms: local:path, which creates a UNIX domain socket at +## the specified path, or inet:port[@host] or inet6:port[@host] which creates +## a TCP socket on the specified port for the appropriate protocol family. +## If the host is not given as either a hostname or an IP address, the +## socket will be listening on all interfaces. This option is mandatory +## either in the configuration file or on the command line. If an IP +## address is used, it must be enclosed in square brackets. +# +Socket local:/var/run/opendmarc/opendmarc.sock + +## Syslog { true | false } +## default "false" +## +## Log via calls to syslog(3) any interesting activity. +# +Syslog true + +## SyslogFacility facility-name +## default "mail" +## +## Log via calls to syslog(3) using the named facility. The facility names +## are the same as the ones allowed in syslog.conf(5). +# +# SyslogFacility mail + +## TrustedAuthservIDs string +## default HOSTNAME +## +## Specifies one or more "authserv-id" values to trust as relaying true +## upstream DKIM and SPF results. The default is to use the name of +## the MTA processing the message. To specify a list, separate each entry +## with a comma. The key word "HOSTNAME" will be replaced by the name of +## the host running the filter as reported by the gethostname(3) function. +# +# TrustedAuthservIDs HOSTNAME + +## UMask mask +## default (none) +## +## Requests a specific permissions mask to be used for file creation. This +## only really applies to creation of the socket when Socket specifies a +## UNIX domain socket, and to the HistoryFile and PidFile (if any); temporary +## files are normally created by the mkstemp(3) function that enforces a +## specific file mode on creation regardless of the process umask. See +## umask(2) for more information. +# +UMask 0002 + +## UserID user[:group] +## default (none) +## +## Attempts to become the specified userid before starting operations. +## The process will be assigned all of the groups and primary group ID of +## the named userid unless an alternate group is specified. +# +UserID opendmarc --- opendmarc-1.3.2.orig/debian/opendmarc.default +++ opendmarc-1.3.2/debian/opendmarc.default @@ -0,0 +1,22 @@ +# Command-line options specified here will override the contents of +# /etc/opendmarc.conf. See opendmarc(8) for a complete list of options. +#DAEMON_OPTS="" +# Change to /var/spool/postfix/var/run/opendmarc to use a Unix socket with +# postfix in a chroot: +#RUNDIR=/var/spool/postfix/var/run/opendmarc +RUNDIR=/var/run/opendmarc +# +# Uncomment to specify an alternate socket +# Note that setting this will override any Socket value in opendkim.conf +# default: +SOCKET=local:$RUNDIR/opendmarc.sock +# listen on all interfaces on port 54321: +#SOCKET=inet:54321 +# listen on loopback on port 12345: +#SOCKET=inet:12345@localhost +# listen on 192.0.2.1 on port 12345: +#SOCKET=inet:12345@192.0.2.1 +USER=opendmarc +GROUP=opendmarc +PIDFILE=$RUNDIR/$NAME.pid +EXTRAAFTER= --- opendmarc-1.3.2.orig/debian/opendmarc.docs +++ opendmarc-1.3.2/debian/opendmarc.docs @@ -0,0 +1,6 @@ +README +opendmarc/opendmarc.conf.sample +db/README.schema +db/README.update-db-schema.mysql +db/schema.mysql +db/update-db-schema.mysql --- opendmarc-1.3.2.orig/debian/opendmarc.init +++ opendmarc-1.3.2/debian/opendmarc.init @@ -0,0 +1,151 @@ +#! /bin/sh +# +### BEGIN INIT INFO +# Provides: opendmarc +# Required-Start: $syslog $time $local_fs $remote_fs $named $network +# Required-Stop: $syslog $time $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start the OpenDMARC service +# Description: Enable DMAR verification and reporting provided by OpenDMARC +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/opendmarc +NAME=opendmarc +DESC="OpenDMARC" +RUNDIR=/var/run/$NAME +USER=opendmarc +GROUP=opendmarc +SOCKET=local:$RUNDIR/$NAME.sock +PIDFILE=$RUNDIR/$NAME.pid + +# How long to wait for the process to die on stop/restart +stoptimeout=5 + +test -x $DAEMON || exit 0 + +# Include LSB provided init functions +. /lib/lsb/init-functions + +# Include opendkim defaults if available +if [ -f /etc/default/opendmarc ] ; then + . /etc/default/opendmarc +fi + +if [ -f /etc/opendmarc.conf ]; then + CONFIG_SOCKET=`awk '$1 == "Socket" { print $2 }' /etc/opendmarc.conf` +fi + +# This can be set via Socket option in config file, so it's not required +if [ -n "$SOCKET" -a -z "$CONFIG_SOCKET" ]; then + DAEMON_OPTS="-p $SOCKET $DAEMON_OPTS" +fi + +DAEMON_OPTS="-c /etc/opendmarc.conf -u $USER -P $PIDFILE $DAEMON_OPTS" + +start() { + # Create the run directory if it doesn't exist + if [ ! -d "$RUNDIR" ]; then + install -o "$USER" -g "$GROUP" -m 755 -d "$RUNDIR" || return 2 + [ -x /sbin/restorecon ] && /sbin/restorecon "$RUNDIR" + fi + # Clean up stale sockets + if [ -f "$PIDFILE" ]; then + pid=`cat $PIDFILE` + if ! ps -C "$DAEMON" -s "$pid" >/dev/null; then + rm "$PIDFILE" + TMPSOCKET="" + if [ -n "$SOCKET" ]; then + TMPSOCKET="$SOCKET" + elif [ -n "$CONFIG_SOCKET" ]; then + TMPSOCKET="$CONFIG_SOCKET" + fi + if [ -n "$TMPSOCKET" ]; then + # UNIX sockets may be specified with or without the + # local: prefix; handle both + t=`echo $SOCKET | cut -d: -f1` + s=`echo $SOCKET | cut -d: -f2` + if [ -e "$s" -a -S "$s" ]; then + if [ "$t" = "$s" -o "$t" = "local" ]; then + rm "$s" + fi + fi + fi + fi + fi + start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" --test -- $DAEMON_OPTS || return 1 + start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" -- $DAEMON_OPTS || return 2 +} + +stop() { + start-stop-daemon --stop --retry "$stoptimeout" --exec "$DAEMON" + [ "$?" = 2 ] && return 2 +} + +reload() { + start-stop-daemon --stop --signal USR1 --exec "$DAEMON" +} + +status() { + local pidfile daemon name status + + pidfile= + OPTIND=1 + while getopts p: opt ; do + case "$opt" in + p) pidfile="$OPTARG";; + esac + done + shift $(($OPTIND - 1)) + + if [ -n "$pidfile" ]; then + pidfile="-p $pidfile" + fi + daemon="$1" + name="$2" + + status="0" + pidofproc $pidfile $daemon >/dev/null || status="$?" + if [ "$status" = 0 ]; then + log_success_msg "$name is running" + return 0 + else + log_failure_msg "$name is not running" + return $status + fi +} + +case "$1" in + start) + echo -n "Starting $DESC: " + start + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + stop + echo "$NAME." + ;; + restart) + echo -n "Restarting $DESC: " + stop + start + echo "$NAME." + ;; + reload|force-reload) + echo -n "Restarting $DESC: " + reload + echo "$NAME." + ;; + status) + status $DAEMON $NAME + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|reload|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 --- opendmarc-1.3.2.orig/debian/opendmarc.install +++ opendmarc-1.3.2/debian/opendmarc.install @@ -0,0 +1,3 @@ +debian/tmp/usr/sbin/opendmarc* usr/sbin +debian/opendmarc.conf etc +debian/opendmarc.service.generate lib/opendmarc --- opendmarc-1.3.2.orig/debian/opendmarc.manpages +++ opendmarc-1.3.2/debian/opendmarc.manpages @@ -0,0 +1,2 @@ +debian/tmp/usr/share/man/man5/* +debian/tmp/usr/share/man/man8/* --- opendmarc-1.3.2.orig/debian/opendmarc.postinst +++ opendmarc-1.3.2/debian/opendmarc.postinst @@ -0,0 +1,49 @@ +#!/bin/sh + +set -e + +RUNDIR=/var/run/opendmarc +USER=opendmarc +GROUP=opendmarc + +pathfind() { + OLDIFS="$IFS" + IFS=: + for p in $PATH; do + if [ -x "$p/$*" ]; then + IFS="$OLDIFS" + return 0 + fi + done + IFS="$OLDIFS" + return 1 +} + +if [ "$1" = "configure" ]; then + if ! id -u opendmarc >/dev/null 2>&1; then + adduser --quiet --system --group --home /var/run/opendmarc opendmarc + fi + + # Create the run directory if it doesn't exist + if [ ! -d "$RUNDIR" ]; then + install -o "$USER" -g "$GROUP" -m 755 -d "$RUNDIR" || exit 2 + if pathfind restorecon; then restorecon "$RUNDIR" + fi + fi + + # Set ownership if the admin has not overriden it. + if ! dpkg-statoverride --list /var/run/opendmarc >/dev/null; then + chown opendmarc:opendmarc /var/run/opendmarc + fi + + # Upgrade /etc/default to systemd override files + if [ -d /run/systemd/system ] && [ -f /etc/default/opendmarc ]; then + if [ -f /etc/tmpfiles.d/opendmarc.conf ]; then + systemd-tmpfiles --create /etc/tmpfiles.d/opendmarc.conf + fi + fi +fi + +#DEBHELPER# + +exit 0 --- opendmarc-1.3.2.orig/debian/opendmarc.postrm +++ opendmarc-1.3.2/debian/opendmarc.postrm @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +if [ "$1" = "purge" ]; then + rm -rf /lib/systemd/system/opendmarc.service +fi + +#DEBHELPER# + +exit 0 --- opendmarc-1.3.2.orig/debian/opendmarc.service +++ opendmarc-1.3.2/debian/opendmarc.service @@ -0,0 +1,15 @@ +[Unit] +Description=OpenDMARC Milter +Documentation=man:opendmarc(8) man:opendmarc.conf(5) +After=network.target nss-lookup.target + +[Service] +Type=forking +PIDFile=/var/run/opendmarc/opendmarc.pid +User=opendmarc +ExecStart=/usr/sbin/opendmarc +Restart=on-failure +ExecReload=/bin/kill -USR1 $MAINPID + +[Install] +WantedBy=multi-user.target --- opendmarc-1.3.2.orig/debian/opendmarc.service.generate +++ opendmarc-1.3.2/debian/opendmarc.service.generate @@ -0,0 +1,61 @@ +#! /bin/sh +# +# Generate systemd override file from /etc/default + +set -e + +NAME=opendmarc + +RUNDIR=/var/run/$NAME +USER=$NAME +GROUP=$NAME +SOCKET=local:$RUNDIR/$NAME.sock + +_RUNDIR=$RUNDIR +_USER=$USER +_GROUP=$GROUP +_SOCKET=$SOCKET + +# Include defaults if available +if [ -f /etc/default/$NAME ]; then + . /etc/default/$NAME +fi + +# Generate service override file +SERVICE=$(mktemp $NAME.service.XXXXXXXXXX) + +if [ "$EXTRAAFTER" != "" ]; then + echo "[Unit]" >> $SERVICE + echo "After=$EXTRAAFTER" >> $SERVICE +fi +if [ "$RUNDIR" != "$_RUNDIR" ]; then + echo "[Service]" >> $SERVICE + echo "PIDFile=$RUNDIR/$NAME.pid" >> $SERVICE +fi +if [ "$USER" != "$_USER" ] || [ "$GROUP" != "$_GROUP" ]; then + grep -q -F "[Service]" $SERVICE || echo "[Service]" >> $SERVICE + echo "User=$USER" >> $SERVICE + echo "Group=$GROUP" >> $SERVICE +fi +if [ "$SOCKET" != "$_SOCKET" ] || [ "$RUNDIR" != "$_RUNDIR" ] || [ "$DAEMON_OPTS" != "" ]; then + grep -q -F "[Service]" $SERVICE || echo "[Service]" >> $SERVICE + echo "ExecStart=" >> $SERVICE + echo "ExecStart=/usr/sbin/opendmarc -P $RUNDIR/$NAME.pid -p $SOCKET $DAEMON_OPTS" >> $SERVICE +fi + +if [ -s $SERVICE ] ; then + mkdir -p /etc/systemd/system/$NAME.service.d + cp $SERVICE /etc/systemd/system/$NAME.service.d/override.conf +fi + +# Generate tmpfiles.d override file +TMPFILE=$(mktemp $NAME.tmpfile.XXXXXXXXXX) + +echo "d $RUNDIR 0750 $USER $GROUP - -" > $TMPFILE + +if ! cmp -s $TMPFILE /usr/lib/tmpfiles.d/opendmarc.conf; then + mkdir -p /etc/tmpfiles.d + cp $TMPFILE /etc/tmpfiles.d/$NAME.conf +fi + +rm -f $SERVICE $TMPFILE --- opendmarc-1.3.2.orig/debian/opendmarc.tmpfile +++ opendmarc-1.3.2/debian/opendmarc.tmpfile @@ -0,0 +1 @@ +d /var/run/opendmarc 0750 opendmarc opendmarc - - --- opendmarc-1.3.2.orig/debian/patches/fix-python-interpreter.diff +++ opendmarc-1.3.2/debian/patches/fix-python-interpreter.diff @@ -0,0 +1,11 @@ +Does not need to be forwarded. Upstream uses FreeBSD. +Index: opendmarc-1.0.1+dfsg/contrib/rddmarc/dmarcfail.py +=================================================================== +--- opendmarc-1.0.1+dfsg.orig/contrib/rddmarc/dmarcfail.py 2012-11-18 00:08:28.105858463 -0500 ++++ opendmarc-1.0.1+dfsg/contrib/rddmarc/dmarcfail.py 2012-11-18 00:09:10.041857224 -0500 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/python ++#!/usr/bin/python + # $Header: /home/johnl/hack/dmarc/RCS/dmarcfail.py,v 1.1 2012/07/12 03:59:29 johnl Exp $ + # parse DMARC failure reports, add it to the mysql database + # optional arguments are names of files containing ARF messages, --- opendmarc-1.3.2.orig/debian/patches/series +++ opendmarc-1.3.2/debian/patches/series @@ -0,0 +1,6 @@ +fix-python-interpreter.diff +ticket153.patch +ticket168.patch +ticket174.patch +ticket193.patch +ticket159.patch --- opendmarc-1.3.2.orig/debian/patches/ticket153.patch +++ opendmarc-1.3.2/debian/patches/ticket153.patch @@ -0,0 +1,35 @@ +Description: do not report same dkim result multiple times + in the same record object +URL: https://sf.net/p/opendmarc/tickets/153/ +Author: Tomki +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: opendmarc-1.3.2/reports/opendmarc-reports.in +=================================================================== +--- opendmarc-1.3.2.orig/reports/opendmarc-reports.in 2017-03-13 19:01:56.496961757 -0400 ++++ opendmarc-1.3.2/reports/opendmarc-reports.in 2017-03-13 19:01:56.492961756 -0400 +@@ -703,6 +703,7 @@ + exit(1); + } + ++ my %dkim_domain_result_cache = (); + while ($dbi_a = $dbi_d->fetchrow_arrayref()) + { + undef $dkimdomain; +@@ -716,11 +717,15 @@ + $dkimresult = $dbi_a->[1]; + } + +- + if (!defined($dkimdomain)) + { + next; + } ++ if (defined($dkim_domain_result_cache{$dkimdomain}{$dkimresult})) ++ { ++ next; # no duplicate per-record auth_result dkim sections ++ } ++ $dkim_domain_result_cache{$dkimdomain}{$dkimresult}++; + + switch ($dkimresult) + { --- opendmarc-1.3.2.orig/debian/patches/ticket159.patch +++ opendmarc-1.3.2/debian/patches/ticket159.patch @@ -0,0 +1,77 @@ +diff --git a/configure.ac b/configure.ac +index 255c449..27d7cd4 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -492,6 +492,7 @@ AC_OUTPUT([ Makefile + reports/opendmarc-expire.8 + reports/opendmarc-import + reports/opendmarc-import.8 ++ reports/opendmarc-importstats + reports/opendmarc-importstats.8 + reports/opendmarc-params + reports/opendmarc-params.8 +diff --git a/reports/opendmarc-importstats b/reports/opendmarc-importstats +deleted file mode 100755 +index 839a871..0000000 +--- a/reports/opendmarc-importstats ++++ /dev/null +@@ -1,26 +0,0 @@ +-#!/bin/sh +-## +-## Copyright (c) 2012, The Trusted Domain Project. All rights reserved. +-## +-## opendmarc-importstats -- import opendmarc output to MySQL +-## +-## This is intended to be used via a crontab. If import is successful, +-## this code exits quietly so there's no output. If it fails, it does +-## "ls -l" on the temporary file, so that cron generates mail to whever +-## ran the job. +- +-## setup +-statsdb="/var/tmp/dmarc.dat" +-# OPENDMARC_PASSWORD="password"; export OPENDMARC_PASSWORD +- +-if [ -s $statsdb ] +-then +- mv $statsdb ${statsdb}.OLD.$$ +- +- if opendmarc-import < ${statsdb}.OLD.$$ +- then +- rm ${statsdb}.OLD.$$ +- else +- ls -l ${statsdb}.OLD.$$ +- fi +-fi +diff --git a/reports/opendmarc-importstats.in b/reports/opendmarc-importstats.in +new file mode 100755 +index 0000000..3a28ee3 +--- /dev/null ++++ b/reports/opendmarc-importstats.in +@@ -0,0 +1,27 @@ ++#!/bin/sh ++## ++## Copyright (c) 2012, The Trusted Domain Project. All rights reserved. ++## ++## opendmarc-importstats -- import opendmarc output to MySQL ++## ++## This is intended to be used via a crontab. If import is successful, ++## this code exits quietly so there's no output. If it fails, it does ++## "ls -l" on the temporary file, so that cron generates mail to whever ++## ran the job. ++ ++## setup ++statsdb="`grep ^HistoryFile @sysconfdir@/opendmarc.conf | sed 's/^HistoryFile\s\+//'`" ++[ -z "$statsdb" ] && exit 0 ++# OPENDMARC_PASSWORD="password"; export OPENDMARC_PASSWORD ++ ++if [ -s "$statsdb" ] ++then ++ mv "$statsdb" "${statsdb}.OLD.$$" ++ ++ if opendmarc-import < "${statsdb}.OLD.$$" ++ then ++ rm "${statsdb}.OLD.$$" ++ else ++ ls -l "${statsdb}.OLD.$$" ++ fi ++fi --- opendmarc-1.3.2.orig/debian/patches/ticket168.patch +++ opendmarc-1.3.2/debian/patches/ticket168.patch @@ -0,0 +1,132 @@ +Description: allow to configure the SMTP Reject reason. This patch adds the RejectString option. +URL: https://sf.net/p/opendmarc/tickets/???/ +Author: M. Favero +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: opendmarc-1.3.2~Beta1/opendmarc/opendmarc.c +=================================================================== +--- opendmarc-1.3.2~Beta1.orig/opendmarc/opendmarc.c 2017-01-07 00:27:25.963326984 -0500 ++++ opendmarc-1.3.2~Beta1/opendmarc/opendmarc.c 2017-01-07 00:27:25.959326984 -0500 +@@ -166,6 +166,7 @@ + char * conf_historyfile; + char * conf_pslist; + char * conf_ignorelist; ++ char * conf_rejectstring; + char ** conf_trustedauthservids; + char ** conf_ignoredomains; + }; +@@ -1265,6 +1266,10 @@ + &conf->conf_rejectfail, + sizeof conf->conf_rejectfail); + ++ (void) config_get(data, "RejectString", ++ &conf->conf_rejectstring, ++ sizeof conf->conf_rejectstring); ++ + (void) config_get(data, "RequiredHeaders", + &conf->conf_reqhdrs, + sizeof conf->conf_reqhdrs); +@@ -1363,6 +1368,33 @@ + dmarcf_init_syslog(log_facility); + } + ++ if ( conf->conf_rejectstring == NULL ) { ++ conf->conf_rejectstring = DEFREJECTSTR; ++ } ++ else { ++ /* Count occurences of "%s" in RejectString */ ++ int countocc = 0; ++ const char *tmp = conf->conf_rejectstring; ++ while(tmp = strstr(tmp, "%s")) ++ { ++ countocc++; ++ tmp++; ++ } ++ switch ( countocc ) { ++ case 0: ++ snprintf(err, errlen, "%s: The RejectString doesn't contain %%s!", ++ basedir); ++ return -1; ++ case 1: ++ break; ++ default: ++ snprintf(err, errlen, "%s: The RejectString contains %d occurences of %%s instead of one!", ++ basedir, countocc); ++ return -1; ++ } ++ } ++ ++ + return 0; + } + +@@ -3031,7 +3063,7 @@ + if (conf->conf_rejectfail && random() % 100 < pct) + { + snprintf(replybuf, sizeof replybuf, +- "rejected by DMARC policy for %s", pdomain); ++ conf->conf_rejectstring, pdomain); + + status = dmarcf_setreply(ctx, DMARC_REJECT_SMTP, + DMARC_REJECT_ESC, replybuf); +Index: opendmarc-1.3.2~Beta1/opendmarc/opendmarc.conf.5.in +=================================================================== +--- opendmarc-1.3.2~Beta1.orig/opendmarc/opendmarc.conf.5.in 2017-01-07 00:27:25.963326984 -0500 ++++ opendmarc-1.3.2~Beta1/opendmarc/opendmarc.conf.5.in 2017-01-07 00:27:25.959326984 -0500 +@@ -219,6 +219,13 @@ + The default is "false". + + .TP ++.I RejectString (string) ++This string describes the reason of reject at SMTP level. ++The message MUST contain the word "%s" once, which will be replaced by ++the RFC5322.From domain. ++The default is "rejected by DMARC policy for %s" ++ ++.TP + .I ReportCommand (string) + Indicates the shell command to which failure reports should be passed for + delivery when +Index: opendmarc-1.3.2~Beta1/opendmarc/opendmarc-config.h +=================================================================== +--- opendmarc-1.3.2~Beta1.orig/opendmarc/opendmarc-config.h 2017-01-07 00:27:25.963326984 -0500 ++++ opendmarc-1.3.2~Beta1/opendmarc/opendmarc-config.h 2017-01-07 00:27:25.959326984 -0500 +@@ -41,6 +41,7 @@ + { "RecordAllMessages", CONFIG_TYPE_BOOLEAN, FALSE }, + { "RequiredHeaders", CONFIG_TYPE_BOOLEAN, FALSE }, + { "RejectFailures", CONFIG_TYPE_BOOLEAN, FALSE }, ++ { "RejectString", CONFIG_TYPE_STRING, FALSE }, + { "ReportCommand", CONFIG_TYPE_STRING, FALSE }, + { "Socket", CONFIG_TYPE_STRING, FALSE }, + { "SoftwareHeader", CONFIG_TYPE_BOOLEAN, FALSE }, +Index: opendmarc-1.3.2~Beta1/opendmarc/opendmarc.conf.sample +=================================================================== +--- opendmarc-1.3.2~Beta1.orig/opendmarc/opendmarc.conf.sample 2017-01-07 00:27:25.963326984 -0500 ++++ opendmarc-1.3.2~Beta1/opendmarc/opendmarc.conf.sample 2017-01-07 00:27:25.959326984 -0500 +@@ -252,6 +252,14 @@ + # + # RejectFailures false + ++## RejectString string ++## default ("rejected by DMARC policy for %s") ++## ++## This string describes the reason of reject. The message MUST contain the ++## word "%s" (only once), which will be replaced by the RFC5322.From domain. ++# ++# RejectString rejected by DMARC policy for %s ++ + ## ReportCommand string + ## default "/usr/sbin/sendmail -t" + ## +Index: opendmarc-1.3.2~Beta1/opendmarc/opendmarc.h +=================================================================== +--- opendmarc-1.3.2~Beta1.orig/opendmarc/opendmarc.h 2017-01-07 00:27:25.963326984 -0500 ++++ opendmarc-1.3.2~Beta1/opendmarc/opendmarc.h 2017-01-07 00:27:25.959326984 -0500 +@@ -34,6 +34,7 @@ + #define BUFRSZ 2048 + #define DEFCONFFILE CONFIG_BASE "/opendmarc.conf" + #define DEFREPORTCMD "/usr/sbin/sendmail -t -odq" ++#define DEFREJECTSTR "rejected by DMARC policy for %s" + #define JOBIDUNKNOWN "(unknown-jobid)" + #define MAXARGV 65536 + #define MAXHEADER 1024 --- opendmarc-1.3.2.orig/debian/patches/ticket174.patch +++ opendmarc-1.3.2/debian/patches/ticket174.patch @@ -0,0 +1,20 @@ +Index: opendmarc-1.3.2~Beta1/opendmarc/opendmarc.c +=================================================================== +--- opendmarc-1.3.2~Beta1.orig/opendmarc/opendmarc.c 2017-01-07 00:27:37.643327284 -0500 ++++ opendmarc-1.3.2~Beta1/opendmarc/opendmarc.c 2017-01-07 00:27:37.639327284 -0500 +@@ -2841,6 +2841,15 @@ + if (ruv[c][7] == '\0') + continue; + ++ for (int x = 0; ruv[c][x] != '\0'; x++) ++ { ++ if (ruv[c][x] == '!') ++ { ++ ruv[c][x] = '\0'; ++ break; ++ } ++ } ++ + if (first) + { + dmarcf_dstring_cat(dfc->mctx_afrf, "To: "); --- opendmarc-1.3.2.orig/debian/patches/ticket181.patch +++ opendmarc-1.3.2/debian/patches/ticket181.patch @@ -0,0 +1,14 @@ +diff --git a/reports/opendmarc-reports.in b/reports/opendmarc-reports.in +index e81aaf0..98ec20e 100755 +--- a/reports/opendmarc-reports.in ++++ b/reports/opendmarc-reports.in +@@ -163,8 +163,8 @@ sub usage + print STDERR "\t--smtp-port smtp server port [$smtp_port]\n"; + print STDERR "\t--smtp-server smtp server [$smtp_server]\n"; + print STDERR "\t--test don't send reports\n"; +- print STDERR "\t--utc operate in UTC\n"; + print STDERR "\t (implies --keepfiles --noupdate)\n"; ++ print STDERR "\t--utc operate in UTC\n"; + print STDERR "\t--verbose verbose output\n"; + print STDERR "\t (repeat for increased output)\n"; + print STDERR "\t--version print version and exit\n"; --- opendmarc-1.3.2.orig/debian/patches/ticket193.patch +++ opendmarc-1.3.2/debian/patches/ticket193.patch @@ -0,0 +1,195 @@ +diff --git a/db/Makefile.am b/db/Makefile.am +index 43b8614..83bc1d1 100644 +--- a/db/Makefile.am ++++ b/db/Makefile.am +@@ -1,3 +1,3 @@ + # Copyright (c) 2012, The Trusted Domain Project. All rights reserved. + +-dist_doc_DATA = README.schema schema.mysql ++dist_doc_DATA = README.schema schema.mysql README.update-db-schema.mysql update-db-schema.mysql +diff --git a/db/README.update-db-schema.mysql b/db/README.update-db-schema.mysql +new file mode 100644 +index 0000000..8a6a909 +--- /dev/null ++++ b/db/README.update-db-schema.mysql +@@ -0,0 +1,8 @@ ++ ++To update your database to the current state use this script like this: ++ ++ mysql -u -p --force < update-db-schema.mysql ++ ++You might receive up to four errors about duplicate keys - this is expected if your database ++already has these keys (because you used the MySQL schema in the db sub-direcory instead of ++the obsolete schema in the reports sub-dirctory). +diff --git a/db/schema.mysql b/db/schema.mysql +index 99152bd..28416f8 100644 +--- a/db/schema.mysql ++++ b/db/schema.mysql +@@ -5,6 +5,7 @@ + + CREATE DATABASE IF NOT EXISTS opendmarc; + USE opendmarc; ++SET TIME_ZONE='+00:00'; + + -- A table for mapping domain names and their DMARC policies to IDs + CREATE TABLE IF NOT EXISTS domains ( +@@ -28,7 +29,7 @@ CREATE TABLE IF NOT EXISTS requests ( + pct TINYINT NOT NULL, + locked TINYINT NOT NULL DEFAULT '0', + firstseen TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, +- lastsent TIMESTAMP NOT NULL DEFAULT '0000-00-00 00:00:00', ++ lastsent TIMESTAMP NOT NULL DEFAULT '1970-01-01 00:00:01', + + PRIMARY KEY(id), + KEY(lastsent), +diff --git a/db/update-db-schema.mysql b/db/update-db-schema.mysql +new file mode 100644 +index 0000000..5c0a190 +--- /dev/null ++++ b/db/update-db-schema.mysql +@@ -0,0 +1,12 @@ ++use opendmarc; ++SET TIME_ZONE="+00:00"; ++ALTER TABLE ipaddr MODIFY COLUMN addr VARCHAR(64) NOT NULL; ++DELETE FROM ipaddr WHERE addr = NULL; ++ALTER TABLE messages MODIFY COLUMN spf TINYINT NOT NULL; ++ALTER TABLE requests ALTER COLUMN locked SET DEFAULT '0'; ++ALTER TABLE requests ALTER COLUMN lastsent SET DEFAULT '1970-01-01 00:00:01'; ++ALTER TABLE requests ADD UNIQUE KEY domain (domain); ++ALTER TABLE requests ADD KEY lastsent (lastsent); ++ALTER TABLE messages ADD KEY date (date); ++ALTER TABLE signatures ADD KEY message (message); ++ +diff --git a/reports/opendmarc-expire.in b/reports/opendmarc-expire.in +index 9912bb1..0adbd92 100755 +--- a/reports/opendmarc-expire.in ++++ b/reports/opendmarc-expire.in +@@ -210,6 +210,17 @@ if ($verbose) + print STDERR "$progname: connected to database\n"; + } + ++# switch to UTC to have a defined date behaviour ++$dbi_s = $dbi_h->prepare("SET TIME_ZONE='+00:00'"); ++ ++if (!$dbi_s->execute()) ++{ ++ print STDERR "$progname: failed to change to UTC: " . $dbi_h->errstr . "\n"; ++ $dbi_s->finish; ++ $dbi_h->disconnect; ++ exit(1); ++} ++ + # + # Expire messages + # +@@ -340,7 +351,7 @@ if ($verbose) + print STDERR "$progname: expiring request data older than $maxage days\n"; + } + +-$dbi_s = $dbi_h->prepare("DELETE FROM requests WHERE lastsent <= DATE_SUB(CURRENT_TIMESTAMP(), INTERVAL ? DAY) AND NOT lastsent = '0000-00-00 00:00:00'"); ++$dbi_s = $dbi_h->prepare("DELETE FROM requests WHERE lastsent <= DATE_SUB(CURRENT_TIMESTAMP(), INTERVAL ? DAY) AND NOT lastsent <= '1970-01-01 00:00:01'"); + $rows = $dbi_s->execute($maxage); + if (!$rows) + { +diff --git a/reports/opendmarc-import.in b/reports/opendmarc-import.in +index 5a28f2f..3efc926 100755 +--- a/reports/opendmarc-import.in ++++ b/reports/opendmarc-import.in +@@ -204,20 +204,18 @@ sub update_db + $envfrom_id = get_table_id($envdomain, "domains"); + $pdomain_id = get_table_id($pdomain, "domains"); + $ipaddr_id = get_table_id($ipaddr, "ipaddr", "addr"); +- $request_id = get_table_id($from_id, "requests", "domain"); + + if (!defined($rep_id) || + !defined($from_id) || + !defined($envfrom_id) || + !defined($pdomain_id) || +- !defined($ipaddr_id) || +- !defined($request_id)) ++ !defined($ipaddr_id)) + { + return; + } + +- $dbi_s = $dbi_h->prepare("INSERT INTO messages (date, jobid, reporter, policy, disp, ip, env_domain, from_domain, spf, align_spf, align_dkim, sigcount) VALUES(FROM_UNIXTIME(?), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); +- if (!$dbi_s->execute($received, $jobid, $rep_id, $policy, $action, $ipaddr_id, $envfrom_id, $from_id, $spf, $align_spf, $align_dkim, $sigcount)) ++ $dbi_s = $dbi_h->prepare("INSERT INTO messages (date, jobid, reporter, policy, disp, ip, env_domain, from_domain, policy_domain, spf, align_spf, align_dkim, sigcount) VALUES(FROM_UNIXTIME(?), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); ++ if (!$dbi_s->execute($received, $jobid, $rep_id, $policy, $action, $ipaddr_id, $envfrom_id, $from_id, $pdomain_id, $spf, $align_spf, $align_dkim, $sigcount)) + { + print STDERR "$progname: failed to insert message: " . $dbi_h->errstr . "\n"; + return; +@@ -275,41 +273,51 @@ sub update_db + } + $dbi_s->finish; + +- if (get_value("requests", "locked", $request_id) != 1) ++ $dbi_t = $dbi_h->prepare("SELECT id FROM requests WHERE domain = ?"); ++ if (!$dbi_t->execute($from_id)) + { +- if (scalar @rua > 0) ++ print STDERR "$progname: failed to retrieve table ID: " . $dbi_h->errstr . "\n"; ++ return undef; ++ } ++ ++ undef $request_id; ++ while ($dbi_a = $dbi_t->fetchrow_arrayref()) ++ { ++ if (defined($dbi_a->[0])) + { +- $repuri = join(",", @rua); +- $dbi_s = $dbi_h->prepare("UPDATE requests SET repuri = ? WHERE id = ?"); ++ $request_id = $dbi_a->[0]; ++ } ++ } + +- if (!$dbi_s->execute($repuri, $request_id)) +- { +- print STDERR "$progname: failed to update reporting URI for $fdomain: " . $dbi_h->errstr . "\n"; +- $dbi_s->finish; +- return; +- } ++ $dbi_t->finish; + +- $dbi_s->finish; +- } +- else ++ $repuri = join(",", @rua); ++ ++ if (defined($request_id)) ++ { ++ if (get_value("requests", "locked", $request_id) != 1) + { +- $dbi_s = $dbi_h->prepare("UPDATE requests SET repuri = NULL WHERE id = ?"); ++ $dbi_s = $dbi_h->prepare("UPDATE requests SET domain = ?, repuri = ?, adkim = ?, aspf = ?, policy = ?, spolicy = ?, pct = ? WHERE id = ?"); + +- if (!$dbi_s->execute($request_id)) ++ if (!$dbi_s->execute($from_id, $repuri, $adkim, $aspf, $p, $sp, $pct, $request_id)) + { +- print STDERR "$progname: failed to update reporting URI for $fdomain: " . $dbi_h->errstr . "\n"; ++ print STDERR "$progname: failed to update policy data for $fdomain: " . $dbi_h->errstr . "\n"; + $dbi_s->finish; + return; + } +- +- $dbi_s->finish; + } ++ else ++ { ++ print STDERR "$progname: policy data for $fdomain not updated, because they are locked\n"; ++ } ++ } ++ else ++ { ++ $dbi_s = $dbi_h->prepare("insert requests SET domain = ?, repuri = ?, adkim = ?, aspf = ?, policy = ?, spolicy = ?, pct = ?"); + +- $dbi_s = $dbi_h->prepare("UPDATE requests SET adkim = ?, aspf = ?, policy = ?, spolicy = ?, pct = ? WHERE id = ?"); +- +- if (!$dbi_s->execute($adkim, $aspf, $p, $sp, $pct, $request_id)) ++ if (!$dbi_s->execute($from_id, $repuri, $adkim, $aspf, $p, $sp, $pct)) + { +- print STDERR "$progname: failed to update policy data for $fdomain: " . $dbi_h->errstr . "\n"; ++ print STDERR "$progname: failed to insert policy data for $fdomain: " . $dbi_h->errstr . "\n"; + $dbi_s->finish; + return; + } --- opendmarc-1.3.2.orig/debian/rddmarc.docs +++ opendmarc-1.3.2/debian/rddmarc.docs @@ -0,0 +1,4 @@ +contrib/rddmarc/README.rddmarc +contrib/rddmarc/mkdmarc +contrib/rddmarc/rddmarc +contrib/rddmarc/dmarcfail.py --- opendmarc-1.3.2.orig/debian/rules +++ opendmarc-1.3.2/debian/rules @@ -0,0 +1,35 @@ +#!/usr/bin/make -f + +%: + dh $@ --with quilt, --with autoreconf --parallel + +# These are used for cross-compiling and for saving the configure script +# from having to guess our platform (since we know it already) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +CROSS= --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE) + +override_dh_auto_configure: + dh_testdir + CONFIG_SHELL=/bin/sh ./configure $(CROSS) --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info \ + --sysconfdir=/etc \ + CFLAGS="$(CFLAGS) $(CPPFLAGS)" \ + LDFLAGS="$(LDFLAGS) -lresolv -Wl,-z,defs -L/usr/lib/libmilter" \ + --enable-filter-tests \ + --with-spf \ + --with-spf2-include=/usr/include/spf2 \ + --with-spf2-lib=/usr/lib \ + --with-sql-backend + +override_dh_fixperms-arch: + dh_fixperms + chmod +x $(CURDIR)/debian/opendmarc/lib/opendmarc/opendmarc.service.generate + +override_dh_installchangelogs: + dh_installchangelogs RELEASE_NOTES + +override_dh_installdocs: + dh_installdocs + mkdir -p $(CURDIR)/debian/opendmarc/usr/share/doc/opendmarc + cp opendmarc/README $(CURDIR)/debian/opendmarc/usr/share/doc/opendmarc/README.opendmarc + --- opendmarc-1.3.2.orig/debian/script +++ opendmarc-1.3.2/debian/script @@ -0,0 +1,77 @@ +#! /bin/sh +# +# Generate systemd service file from /etc/default +# Copyright 2016 Scott Kitterman +# All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. Neither the name of the University nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. + +# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +NAME=opendmarc + +# Include defaults if available +if [ -f /etc/default/$NAME ] ; then + . /etc/default/$NAME +else +RUNDIR=/var/run/$NAME +USER=$NAME +GROUP=$NAME +# Other package specific defaults can be added for if the defaults file is +# missing: +SOCKET=local:$RUNDIR/$NAME.sock +PIDFILE=$RUNDIR/$NAME.pid +fi + +SERVICEFILE=$NAME.service +echo "# Automatically Generated by $NAME systemd service file generator." > $SERVICEFILE.new +echo "# To change the editable parameters, edit /etc/default/$NAME and then do" >> $SERVICEFILE.new +echo "# systemctl restart $NAME." >> $SERVICEFILE.new +echo "" >> $SERVICEFILE.new +echo "# If you are using OpenDMARC with SQL datasets it might be necessary to start" >> $SERVICEFILE.new +echo "# OpenDMARC after the database servers. For example, if using both MariaDB and" >> $SERVICEFILE.new +echo "# PostgreSQL, edit /etc/default/$NAME to add the needed definitions to" >> $SERVICEFILE.new +echo "# EXTRAAFTER. If used, mariadb.service and postgresql.service would have to be" >> $SERVICEFILE.new +echo "# added." >> $SERVICEFILE.new +echo "" >> $SERVICEFILE.new +echo "[Unit]" >> $SERVICEFILE.new +echo "Description=OpenDMARC Milter" >> $SERVICEFILE.new +echo "Documentation=man:opendmarc(8) man:opendmarc.conf(5)" >> $SERVICEFILE.new +echo "After=network.target nss-lookup.target $EXTRAAFTER" >> $SERVICEFILE.new +echo "" >> $SERVICEFILE.new +echo "[Service]" >> $SERVICEFILE.new +echo "Type=forking" >> $SERVICEFILE.new +echo "PIDFile=$PIDFILE" >> $SERVICEFILE.new +echo "PermissionsStartOnly=true" >> $SERVICEFILE.new +echo "User=$USER" >> $SERVICEFILE.new +echo "Group=$GROUP" >> $SERVICEFILE.new +echo "ExecStartPre=-/bin/sh /lib/$NAME/$NAME.service.generate" >> $SERVICEFILE.new +echo "ExecStartPre=-/bin/mkdir -p $RUNDIR" >> $SERVICEFILE.new +echo "ExecStartPre=-/bin/chown $USER.$GROUP $RUNDIR" >> $SERVICEFILE.new +echo "ExecStartPre=-/bin/chmod 770 $RUNDIR" >> $SERVICEFILE.new +echo "ExecStart=/usr/sbin/opendkim -p $SOCKET $DAEMON_OPTS -x /etc/$NAME.conf -u $USER -P $PIDFILE" >> $SERVICEFILE.new +echo "Restart=on-failure" >> $SERVICEFILE.new +echo "ExecReload=/bin/kill -USR1 \$MAINPID" >> $SERVICEFILE.new +echo "" >> $SERVICEFILE.new +echo "[Install]" >> $SERVICEFILE.new +echo "WantedBy=multi-user.target" >> $SERVICEFILE.new --- opendmarc-1.3.2.orig/debian/watch +++ opendmarc-1.3.2/debian/watch @@ -0,0 +1,4 @@ +version=3 +opts=uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|Beta|alpha|b|a)[\-\.]?\d*)$/$1~$2/,dversionmangle=s/\+dfsg\d*$// \ +http://sf.net/opendmarc/opendmarc-(.*).tar.gz debian uupdate +