--- postfwd-1.10pre8b.orig/debian/compat +++ postfwd-1.10pre8b/debian/compat @@ -0,0 +1 @@ +5 --- postfwd-1.10pre8b.orig/debian/copyright +++ postfwd-1.10pre8b/debian/copyright @@ -0,0 +1,60 @@ +Format-Specification: http://wiki.debian.org/Proposals/CopyrightFormat?action=recall&rev=196 +Packaged-By: Jan Wagner +Packaged-Date: Mon, 10 Mar 2008 22:37:44 +0100 +Upstream-Name: postfwd +Upstream-Maintainer: Jan Peter Kessler +Upstream-Source: http://www.postfwd.org + +Files: * +Copyright: (c) 2007, Jan Peter Kessler, All rights reserved. +License: BSD-3 + +Files: debian/* +Copyright: (C) 2006, 2008 Jan Wagner +License: GPL-2+ + +Files: debian/example-cfg2.txt +Copyright: (c) 2008, Henrik Krohns +License: BSD-3 + +License: BSD-3 + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + * Neither the name of the authors nor the names of his contributors may be + used to endorse or promote products derived from this software without + specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ME ``AS IS'' AND ANY EXPRESS OR IMPLIED + WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO + EVENT SHALL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: GPL-2+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + + On Debian systems, the complete text of the GNU General Public License can be + found in /usr/share/common-licenses/GPL-2 file. --- postfwd-1.10pre8b.orig/debian/README.Debian +++ postfwd-1.10pre8b/debian/README.Debian @@ -0,0 +1,19 @@ +postfwd for Debian +------------------ + +1. PROVIDE A CONFIGFILE +----------------------- + +Please provide a config file, usualy /etc/postfix/postfwd.cf. Examples are +located in /usr/share/doc/postfwd/examples/. +An other can be found at http://hege.li/howto/spam/etc/postfwd/postfwd.conf +and is provided as example-cfg2.txt. + +2. AUTOMATIC STARTUP +-------------------- + +In order to avoid the startup of the daemon on an unconfigured machine, +automatic startup, on boot, is disabled by default. To enable it just edit the +file /etc/default/postfwd and set the "startup" variable to 1. + + -- Jan Wagner Mon, 10 Mar 2008 22:37:44 +0100 --- postfwd-1.10pre8b.orig/debian/docs +++ postfwd-1.10pre8b/debian/docs @@ -0,0 +1,2 @@ +doc/postfwd.html +doc/postfwd.txt --- postfwd-1.10pre8b.orig/debian/watch +++ postfwd-1.10pre8b/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://www.postfwd.org/postfwd-(.*)\.tar\.gz --- postfwd-1.10pre8b.orig/debian/control +++ postfwd-1.10pre8b/debian/control @@ -0,0 +1,21 @@ +Source: postfwd +Section: mail +Priority: optional +Maintainer: Ubuntu MOTU Developers +XSBC-Original-Maintainer: Jan Wagner +Build-Depends: debhelper (>= 5) +Homepage: http://www.postfwd.org/ +Vcs-Browser: https://trac.cyconet.org/debian/browser/debian/postfwd +Vcs-Svn: https://trac.cyconet.org/svn/debian/postfwd +Standards-Version: 3.8.0 + +Package: postfwd +Architecture: all +Depends: ${perl:Depends}, ${misc:Depends}, adduser, libnet-server-perl +Description: Postfix policyd to combine complex restrictions in a ruleset + Postfwd is written in perl to combine complex postfix restrictions in a + ruleset similar to those of the most firewalls. The program uses the postfix + policy delegation protocol to control access to the mail system before a + message has been accepted. It allows you to choose an action (e.g. reject, + dunno) for a combination of several smtp parameters (like sender and recipient + address, size or the client's TLS fingerprint). --- postfwd-1.10pre8b.orig/debian/default +++ postfwd-1.10pre8b/debian/default @@ -0,0 +1,15 @@ +# Global options for postfwd(8). + +# Set to '1' to enable startup (daemon mode) +STARTUP=0 + +# Config file +CONF=/etc/postfix/postfwd.cf +# IP where listen to +INET=127.0.0.1 +# Port where listen to +PORT=10040 +# run as user postfwd +RUNAS="postfw" +# Arguments passed on start (--daemon implied) +ARGS="--summary=600 --cache=600 --cache-rdomain-only --cache-no-size" --- postfwd-1.10pre8b.orig/debian/example-cfg2.txt +++ postfwd-1.10pre8b/debian/example-cfg2.txt @@ -0,0 +1,148 @@ + +### +### Example config for postfwd 1.10pre8+ +### + +## Check DNS Whitelisting + +id=OK_DNSWL; \ + rbl=list.dnswl.org/^127/43200; \ + action=OK + +## Check HELO and reverse DNS + +id=SET_HELO; \ + helo_name=^(\[|[^.]+$|.*?[0-9.-]{8}); \ + action=set(HIT_helo=1) + +id=SET_NODNS; \ + client_name=^unknown$; \ + action=set(HIT_nodns=1) + +id=REJECT_HELO_NODNS; \ + HIT_helo==1; HIT_nodns==1; \ + action=REJECT Blocked - contact postmaster@example.net for help - Suspicious HELO [$$helo_name] and missing reverse DNS [$$client_address] + +## Check ZEN first for immediate blocking - less queries for other lists +## See usage policy: http://www.spamhaus.org/organization/dnsblusage.html + +id=REJECT_RBL_ZEN; \ + rbl=zen.spamhaus.org; \ + action=REJECT Blocked - contact postmaster@example.net for help - DNSBL [$$dnsbltext] + +## Check other DNSBLs in parallel + +&&DNSBLS { \ + rbl=bl.spamcop.net; \ + rbl=b.barracudacentral.org; \ + rbl=dnsbl-1.uceprotect.net; \ + rbl=psbl.surriel.com; \ + rbl=combined.njabl.org; \ + rbl=dnsbl.sorbs.net; \ + rbl=ix.dnsbl.manitu.net; \ +}; + +id=EVAL_DNSBLS; \ + &&DNSBLS; rblcount=all; \ + action=set(HIT_rbls=$$rblcount,HIT_dtxt=$$dnsbltext) + +id=REJECT_RBL_MULTI; \ + HIT_rbls>=2; \ + action=REJECT Blocked - contact postmaster@example.net for help - Multiple DNSBLs [$$HIT_dtxt] + +## Check RHSBLs if there wasn't enough DNSBLs hit + +&&RHSBLS_REVERSE { \ + rhsbl_reverse_client=dynamic.rhs.mailpolice.com; \ +}; + +&&RHSBLS_SENDER { \ + rhsbl_sender=multi.uribl.com; \ + rhsbl_sender=multi.surbl.org; \ + rhsbl_sender=bulk.rhs.mailpolice.com; \ + rhsbl_sender=rhsbl.ahbl.org; \ + rhsbl_sender=rhsbl.sorbs.net; \ + rhsbl_sender=dsn.rfc-ignorant.org; \ +}; + +id=EVAL_RHSBLS; \ + &&RHSBLS_REVERSE; &&RHSBLS_SENDER; rhsblcount=all; \ + action=set(HIT_rhsbls=$$rhsblcount,HIT_rtxt=$$dnsbltext) + +id=REJECT_RHSBL_MULTI; \ + HIT_rhsbls>=2; \ + action=REJECT Blocked - contact postmaster@example.net for help - Multiple RHSBLs [$$HIT_rtxt] + +## See if we get any combined hits from rules before + +id=REJECT_RBL_RHSBL; \ + HIT_rbls>=1; HIT_rhsbls>=1; \ + action=REJECT Blocked - contact postmaster@example.net for help - RHSBL and DNSBL [$$HIT_rtxt] [$$HIT_dtxt] + +id=REJECT_RBL_HELO; \ + HIT_rbls>=1; HIT_helo==1; \ + action=REJECT Blocked - contact postmaster@example.net for help - DNSBL [$$HIT_dtxt] and suspicious HELO [$$helo_name] + +id=REJECT_RBL_NODNS; \ + HIT_rbls>=1; HIT_nodns==1; \ + action=REJECT Blocked - contact postmaster@example.net for help - DNSBL [$$HIT_dtxt] and missing reverse DNS [$$client_address] + +id=REJECT_RHSBL_HELO; \ + HIT_rhsbls>=1; HIT_helo==1; \ + action=REJECT Blocked - contact postmaster@example.net for help - RHSBL [$$HIT_rtxt] and suspicious HELO [$$helo_name] + +id=REJECT_RHSBL_NODNS; \ + HIT_rhsbls>=1; HIT_nodns==1; \ + action=REJECT Blocked - contact postmaster@example.net for help - RHSBL [$$HIT_rtxt] and missing reverse DNS [$$client_address] + +## Finally greylist all lesser hits. +## +## A more DNSBL friendly way would be to greylist everything suspicious +## before DNS checks. Currently this requires you to setup some postfix +## tables before postfwd is called, since greylisting can be only done last +## in postfwd (action always exits processing). + +id=GREY_HELO; HIT_helo==1; action=check_postgrey +id=GREY_NODNS; HIT_nodns==1; action=check_postgrey +id=GREY_RBL; HIT_rbls>=1; action=check_postgrey +id=GREY_RHSBL; HIT_rhsbls>=1; action=check_postgrey + +&&DNSBLS_GREY { \ + rbl=dnsbl-2.uceprotect.net; \ + rbl=dnsbl-3.uceprotect.net; \ +}; + +id=GREY_DNSBL; &&DNSBLS_GREY; action=check_postgrey + + + +## +## This example is free to use as per BSD license: +## +## Copyright (c) 2008, Henrik Krohns +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without modification, +## are permitted provided that the following conditions are met: +## +## * Redistributions of source code must retain the above copyright +## notice, this list of conditions and the following disclaimer. +## * Redistributions in binary form must reproduce the above copyright +## notice, this list of conditions and the following disclaimer in +## the documentation and/or other materials provided with the +## distribution. +## * Neither the name of the authors nor the names of his contributors +## may be used to endorse or promote products derived from this +## software without specific prior written permission. +## +## THIS SOFTWARE IS PROVIDED BY ME ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +## INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +## FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY DIRECT, +## INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +## NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +## PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +## WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +## POSSIBILITY OF SUCH DAMAGE. +## + --- postfwd-1.10pre8b.orig/debian/init.d +++ postfwd-1.10pre8b/debian/init.d @@ -0,0 +1,100 @@ +#! /bin/sh +# Written by Miquel van Smoorenburg . +# Modified for Debian +# by Ian Murdock . +# +# Version: @(#)skeleton 1.9 26-Feb-2001 miquels@cistron.nl +# /etc/init.d/postfwd: v1 2008/03/12 Jan Wagner + +### BEGIN INIT INFO +# Provides: postfwd +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: start and stop the postfw daemon +# Description: a Perl policy daemon for the Postfix MTA +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +NAME=postfwd +DAEMON=/usr/sbin/${NAME} +PIDFILE=/var/run/$NAME.pid +DESC=postfwd + +test -x $DAEMON || exit 0 + +not_configured () { + echo "#### WARNING ####" + echo "${NAME} won't be started/stopped unless it is configured." + echo "If you want to start ${NAME} as daemon, see /etc/default/${NAME}." + echo "#################" + exit 0 +} + +no_configfile () { + echo "#### WARNING ####" + echo "${NAME} won't be started/stopped unless a rules file is provided at $CONF." + echo "#################" + exit 0 +} + +# check if postfwd is configured or not +if [ -f "/etc/default/$NAME" ] +then + . /etc/default/$NAME + if [ "$STARTUP" != "1" ] + then + not_configured + fi +else + not_configured +fi + +# check if rules file is there +if [ ! -f $CONF ] +then + no_configfile +fi + +# Check whether we have to drop privileges. +if [ -n "$RUNAS" ]; then + if ! getent passwd "$RUNAS" >/dev/null; then + RUNAS="" + fi +fi + +set -e + +case "$1" in + start) + echo -n "Starting $DESC: " + start-stop-daemon --start --quiet \ + --name ${RUNAS} \ + --exec $DAEMON -- ${ARGS} --daemon --file=${CONF} --interface=${INET} --port=${PORT} --user=${RUNAS} --group=${RUNAS} --pidfile=$PIDFILE + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE && rm -rf $PIDFILE + echo "$NAME." + ;; + reload) + echo "Reloading $DESC configuration files." + kill -HUP $(cat $PIDFILE) + ;; + restart|force-reload) + echo -n "Restarting $DESC (incl. cache): " + $0 stop + sleep 1 + $0 start + echo "$NAME." + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 --- postfwd-1.10pre8b.orig/debian/changelog +++ postfwd-1.10pre8b/debian/changelog @@ -0,0 +1,32 @@ +postfwd (1.10pre8b-0ubuntu1) jaunty; urgency=low + + * New upstream release + - Update example-cfg2.txt for new release + - Drop depends on libnet-cidr-lite-perl and libnet-dns-async-perl (no + longer used) + + -- Scott Kitterman Tue, 02 Dec 2008 17:22:31 -0500 + +postfwd (1.10pre7c-3) unstable; urgency=low + + * implement machine-interpretable copyright file + * fix init script (Closes: #503597). + - let daemon write pid file for his own + - point start-stop daemon to pidfile when stoping + - fix reload by fixing the way how to get the pid + * fix example-cfg2.txt to work with 1.10pre7 (Closes: #503596). + + -- Jan Wagner Fri, 31 Oct 2008 09:55:52 +0100 + +postfwd (1.10pre7c-2) unstable; urgency=low + + * Uploading to unstable. + * Updating standards version to 3.8.0, no changes needed + + -- Jan Wagner Tue, 15 Jul 2008 22:43:08 +0200 + +postfwd (1.10pre7c-1) experimental; urgency=low + + * Initial release (Closes: #470356). + + -- Jan Wagner Sat, 31 May 2008 22:07:08 +0200 --- postfwd-1.10pre8b.orig/debian/postrm +++ postfwd-1.10pre8b/debian/postrm @@ -0,0 +1,53 @@ +#!/bin/sh +# based on arpwatch.postrm: v2 2004/09/15 KELEMEN Peter +# postrm: v1 2006/10/12 Jan Wagner + +NUSER="postfw" +NGROUP="postfw" + +set -e + +case "$1" in + purge) + # find first and last SYSTEM_UID numbers + for LINE in `grep SYSTEM_UID /etc/adduser.conf | grep -v "^#"`; do + case $LINE in + FIRST_SYSTEM_UID*) + FIST_SYSTEM_UID=`echo $LINE | cut -f2 -d '='` + ;; + LAST_SYSTEM_UID*) + LAST_SYSTEM_UID=`echo $LINE | cut -f2 -d '='` + ;; + *) + ;; + esac + done + # remove system account if necessary + if [ -n "$FIST_SYSTEM_UID" ] && [ -n "$LAST_SYSTEM_UID" ]; then + if USERID=`getent passwd $NUSER | cut -f 3 -d ':'`; then + if [ -n "$USERID" ]; then + if [ "$FIST_SYSTEM_UID" -le "$USERID" ] && \ + [ "$USERID" -le "$LAST_SYSTEM_UID" ] && \ + [ -x /usr/sbin/deluser ]; then + deluser --quiet $NUSER || true + # And then remove the group + GROUPID=`getent group $NGROUP | cut -f 3 -d ':'` + if [ -n "$GROUPID" ] && [ -x /usr/sbin/delgroup ] ; then + delgroup --quiet $NGROUP || true + fi + fi + fi + fi + fi + ;; + + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# --- postfwd-1.10pre8b.orig/debian/rules +++ postfwd-1.10pre8b/debian/rules @@ -0,0 +1,43 @@ +#!/usr/bin/make -f +# written by Jan Wagner +# +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +build: + +clean: + dh_testdir + dh_testroot + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + + install -D -m 644 sbin/postfwd debian/postfwd/usr/sbin/postfwd + +# Build architecture-independent files here. +binary-indep: build install + dh_testdir + dh_testroot + dh_installchangelogs doc/CHANGELOG + dh_installdocs tools + dh_installexamples etc/postfwd.cf debian/example-cfg* + dh_installinit -- defaults 19 21 + dh_installman man/man8/postfwd.8 + dh_link + dh_compress + dh_fixperms + dh_perl + dh_installdeb + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture-dependent files here. +binary-arch: build install + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install --- postfwd-1.10pre8b.orig/debian/postinst +++ postfwd-1.10pre8b/debian/postinst @@ -0,0 +1,57 @@ +#!/bin/sh +# based on arpwatch.postinst: v11 2004/09/15 KELEMEN Peter +# postinst: v1 2006/01/12 Jan Wagner + +set -e + +NUSER="postfw" +NGROUP="postfw" +NHOME="/var/lib/$NUSER" +NGECOS="postfwd user" + +case "$1" in + configure) + # Take care of group. + if NGROUP_ENTRY=`getent group $NGROUP`; then + # group exists + : + else + # group does not exist yet + addgroup --quiet --system $NGROUP + fi + + # Take care of user. + if NUSER_ENTRY=`getent passwd $NUSER`; then + # user exists + adduser --quiet $NUSER $NGROUP + # + else + # user does not exist yet + adduser --quiet --system \ + --ingroup $NGROUP \ + --gecos "$NGECOS" \ + --home $NHOME \ + --no-create-home \ + --shell /bin/sh \ + --disabled-login \ + --disabled-password \ + --shell /bin/false \ + $NUSER + fi + + # Set up home directory. + if [ -d $NHOME ]; then + chown -R ${NUSER}:${NGROUP} $NHOME + chmod -R o-rwX $NHOME + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER#