--- spampd-2.30.orig/debian/spampd.init +++ spampd-2.30/debian/spampd.init @@ -0,0 +1,217 @@ +#!/bin/sh -e +# +# spampd SpamPD is a spamdetection proxy daemon for SMTP and LMTP +# +# This script was written for debian +# by Sven Mueller +# +# Version: 2.0 22-Aug-2005 debian@incase.de +# +### BEGIN INIT INFO +# Provides: spampd +# Required-Start: $syslog $network $named $time +# Required-Stop: $syslog $network $named $time +# Should-Start: 2 3 4 5 +# Should-Stop: 1 6 +# Short-Description: spam detection proxy for SMTP and LMTP +# Description: SpamAssassin based perl proxy for SMTP and LMTP +# which marks mails as spam/nonspam based on SpamAssassin +# results +### END INIT INFO + +PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin +DESC='spam checking proxy daemon' +NAME='spampd' +PROGRAM=/usr/sbin/spampd +#EXECUTABLE=`head -n 1 $PROGRAM | sed -e 's,^#![ ]*/,/,;s,[ ].*$,,'` +EXECUTABLE=/usr/bin/perl +PIDFILE=/var/run/spampd.pid + +# set some important defaults (overridable via /etc/default/spampd) +USERID=spampd +GRPID=spampd + +if [ "$EUID" != "0" ]; then + echo "ERROR: Insufficient privileges. Retry as root" >&2 + # LSB 3.0 says that return value of 4 indicates insufficient privileges + exit 4 +fi + +if [ -f /etc/default/$NAME ]; then + . /etc/default/$NAME +fi + +istrue () { + ANS=$(echo $1 | tr A-Z a-z) + [ "$ANS" = 'yes' -o "$ANS" = 'true' -o "$ANS" = 'enable' -o "$ANS" = '1' ] +} + +# +# find out wether to start spampd or not +# +istrue ${STARTSPAMPD} && STARTSPAMPD='true' + +# +# Check wether the program is actually there +# +# return 5 as demanded by LSB 2.1 when program isn't installed. +[ -x $PROGRAM ] || exit 5 + +# +# Calculate final commandline +# +S_TAGALL='' +S_AWL='' +S_LOCALONLY='' + +istrue "$TAGALL" \ +&& S_TAGALL='--tagall' + +istrue "$AUTOWHITELIST" \ +&& S_AWL='--auto-whitelist' + +istrue "$LOCALONLY" \ +&& S_LOCALONLY='--L' + +istrue "$LOGINET" \ +&& LOGTARGET="inet" \ +|| LOGTARGET="unix" + +ARGS="${S_LOCALONLY} ${S_AWL} ${S_TAGALL} " + +[ -n "${LISTENPORT}" ] && ARGS="${ARGS} --port=${LISTENPORT}" + +[ -n "${LISTENHOST}" ] && ARGS="${ARGS} --host=${LISTENHOST}" + +[ -n "${DESTPORT}" ] && ARGS="${ARGS} --relayport=${DESTPORT}" + +[ -n "${DESTHOST}" ] && ARGS="${ARGS} --relayhost=${DESTHOST}" + +[ -n "${PIDFILE}" ] && ARGS="${ARGS} --pid=${PIDFILE}" + +[ -n "${CHILDREN}" ] && ARGS="${ARGS} --children=${CHILDREN}" + +[ -n "${USERID}" ] && ARGS="${ARGS} --user=${USERID}" + +[ -n "${GRPID}" ] && ARGS="${ARGS} --group=${GRPID}" + +[ -n "${LOGTARGET}" ] && ARGS="${ARGS} --logsock=${LOGTARGET}" + +[ -n "${ADDOPTS}" ] && ARGS="${ARGS} ${ADDOPTS}" + +function check_pid () { + [ "$3" = "verbose" ] && VERBOSE=1 + if [ -f $2 ]; then + kill -0 `cat $2` > /dev/null 2>&1 + RETVAL=$? + if [ "$RETVAL" = "0" ]; then + [ "$VERBOSE" ] && echo "$1 is running as `cat $2`" + return 0 + else + [ "$VERBOSE" ] && echo "PIDFILE $2 for $1 exists, but $1 is not running." + rm $2 + return 1 + fi + else + [ "$VERBOSE" ] && echo "PIDFILE $2 for $1 doesn't exists." + return 4 + fi + return 3 +} + +case "$1" in + start) + if ! istrue "${STARTSPAMPD}"; then + echo "Starting $DESC: $NAME (disabled in /etc/default/$NAME)." + # LSB 2.1: 6 mean unconfigured. This seems appropriate here. + exit 6 + fi + echo -n "Starting $DESC: $NAME" + # if spampd is already running, exit 0 as demanded by LSB 2.1 + # this also removes the PIDFILE if it exists but has no matching + # process + if check_pid $PROGRAM $PIDFILE ; then + exit 0 + fi + # if spampd is not installed, return 5 as demanded by LSB 2.1 + if [ ! -x $EXECUTABLE ]; then + exit 5 + fi + # start daemon + start-stop-daemon --start --exec $EXECUTABLE \ + --startas $PROGRAM --pidfile $PIDFILE \ + --user $USERID --group $GRPID -- $ARGS + if [ "$?" = '0' ]; then + echo '.' + exit 0 + else + echo '' + # LSB 2.1 says 7 should be returned when program + # isn't running. + exit 7 + fi + ;; + stop) + echo -n "Stopping $DESC: $NAME " + set +e + # if $PROGRAM is not running under PID given in + # $PIDFILE, exit with 0 to be LSB compliant + check_pid $PROGRAM $PIDFILE || exit 0 + if istrue "$STARTSPAMPD" ; then + start-stop-daemon --stop --exec $EXECUTABLE \ + --pidfile $PIDFILE + else + start-stop-daemon --stop --exec $EXECUTABLE \ + --pidfile $PIDFILE > /dev/null 2>&1 + fi + if [ "$?" = "0" ]; then + echo '.' + rm $PIDFILE + exit 0 + else + echo '' + if ! check_pid $PROGRAM $PIDFILE ; then + exit 0 + else + # if we had not successfully stopped the + # program, we can assume the user didn't + # have sufficient privileges. + exit 4 + fi + fi + ;; + status) + check_pid $PROGRAM $PIDFILE verbose + exit $? + ;; + reload) + echo "reload not implemented, try force-reload/restart instead" + exit 3 + ;; + force-reload|try-restart) + if check_pid $PROGRAM $PIDFILE ; then + exec $0 restart + else + echo "$DESC is not running. Try '$0 start' to start it." + # LSB 2.1 says that this should return success, anyhow. + exit 0 + fi + ;; + restart) + if check_pid $PROGRAM $PIDFILE ; then + $0 stop + fi + exec $0 start + ;; + help) + echo "Usage: $0 (start|stop|restart|try-restart|force-reload|status)" + exit 0 + ;; + *) echo "Usage: $0 (start|stop|restart|try-restart|force-reload|status|help)" + exit 2 + ;; + +esac + +echo "This point shouldn't be reached. Some weird thing happened" +exit 1 --- spampd-2.30.orig/debian/control +++ spampd-2.30/debian/control @@ -0,0 +1,30 @@ +Source: spampd +Section: mail +Priority: optional +Maintainer: Sven Mueller +Build-Depends: debhelper (>= 4.0.0), dpatch +Standards-Version: 3.6.2.2 + +Package: spampd +Architecture: all +Depends: ${perl:Depends}, spamassassin (>= 2.6), libnet-server-perl, adduser (>= 3.59), dpkg (>= 1.10.23) +Description: spamassassin based SMTP/LMTP proxy daemon + spampd is an SMTP/LMTP server designed to be hooked into the + MTA processing chain (e.g. as a content filter). It is + written in Perl and uses the Net::Server framework. It is + intended to provide spam filtering at the system level (i.e. + ususally for all users). If you rely on per-user configuration + or per-user Bayes databases, spampd is not for you. + . + The major advantage of spampd over plain SpamAssassin (both + directly and through spamd) is that it doesn't need to load + all needed perl modules on every invocation or spawn + a C programme for every mail it receives. Compared to using + spamc/spamd, spampd can usually provide a 25% performance + with local-only tests. + . + The advantage of spampd over amavisd-new is that it uses the + original SpamAssassin header tags, which are more verbose than + the tags which amavisd-new provides. This allows easier + filtering in the mail client and easier tuning of SpamAssassin. + --- spampd-2.30.orig/debian/compat +++ spampd-2.30/debian/compat @@ -0,0 +1 @@ +4 --- spampd-2.30.orig/debian/patches/45-fix-man-references.dpatch +++ spampd-2.30/debian/patches/45-fix-man-references.dpatch @@ -0,0 +1,18 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 45-fix-man-references.dpatch by Sven Mueller +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix manpage references to match manpages installed by debian packages + +@DPATCH@ +diff -urNad trunk/spampd /tmp/dpep.frHYYX/trunk/spampd +--- trunk/spampd 2005-10-18 21:09:01.000000000 +0200 ++++ /tmp/dpep.frHYYX/trunk/spampd 2005-10-18 21:09:01.353161334 +0200 +@@ -1416,5 +1416,5 @@ + + =head1 See Also + +-perl(1), Spam::Assassin(3), L, +-L ++perl(1), Mail::SpamAssassin(3pm), L, ++L, spamassassin(1p) --- spampd-2.30.orig/debian/patches/30-fix-Makefile.dpatch +++ spampd-2.30/debian/patches/30-fix-Makefile.dpatch @@ -0,0 +1,70 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 30-fix-Makefile.dpatch by Sven Mueller +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Adjust Makefile to Debian's needs + +@DPATCH@ +diff -urNad trunk/Makefile /tmp/dpep.g7kFlz/trunk/Makefile +--- trunk/Makefile 2005-11-03 20:24:21.000000000 +0100 ++++ /tmp/dpep.g7kFlz/trunk/Makefile 2005-11-03 20:29:10.154385505 +0100 +@@ -14,43 +14,39 @@ + INSTALL:="/usr/bin/install" + LN:="ln" + +-.PHONY: all install uninstall clean ++.PHONY: all install clean + all: spampd.8.gz spampd.html + + install: spampd.8.gz spampd.html + $(INSTALL) -D -m 755 spampd ${BINDIR}/spampd +- $(INSTALL) -D -m 644 spampd.default ${ETCDIR}/default/spampd +- $(INSTALL) -D -m 755 spampd-init.sh $(DESTDIR)${INITDIR}/spampd +- $(INSTALL) -D -m 644 spampd.html ${DOCDIR}/spampd.html +- $(INSTALL) -D -m 644 changelog.txt ${DOCDIR}/changelog +- for i in ${RUNLEVELDIRS}; do \ +- $(LN) -sf ${INITDIR}/spampd $i/S20spampd ; \ +- done ++# $(INSTALL) -D -m 644 defaults ${ETCDIR}/default/spampd ++# $(INSTALL) -D -m 755 spampd-init.sh $(DESTDIR)${INITDIR}/spampd ++# $(INSTALL) -D -m 644 spampd.html ${DOCDIR}/spampd.html ++# $(INSTALL) -D -m 644 changelog.txt ${DOCDIR}/changelog.txt ++# for i in ${RUNLEVELDIRS}; do \ ++# $(LN) -sf ${INITDIR}/spampd $i/S20spampd ; \ ++# done + $(INSTALL) -D -m 644 spampd.8.gz ${MANDIR}/man8/spampd.8.gz + +-uninstall: +- rm -f ${BINDIR}/spampd +- rm -f ${ETCDIR}/default/spampd +- rm -f $(DESTDIR)${INITDIR}/spampd +- rm -f ${DOCDIR}/spampd.html +- rm -f ${DOCDIR}/changelog +- rmdir ${DOCDIR} || true +- for i in ${RUNLEVELDIRS}; do \ +- rm -f $i/S20spampd ; \ +- done +- rm -f ${MANDIR}/man8/spampd.8.gz +- + spampd.8.gz: spampd.8 + gzip -9 < spampd.8 > spampd.8.gz + + spampd.8: spampd ++ if [ -f spampd.8 ] && [ ! -f spampd.8.orig ] ; then mv -f spampd.8 spampd.8.orig ; fi + pod2man --section=8 --center="Spam Proxy Daemon" spampd > spampd.8 + + spampd.html: spampd ++ if [ -f spampd.html ] && [ ! -f spampd.html.orig ] ; then mv -f spampd.html spampd.html.orig ; fi + pod2html --outfile spampd.html --header --norecurse --backlink '[Back to top]' --infile spampd + rm -f pod2htm?.tmp + + clean: + rm -f spampd.8.gz ++ [ -f spampd.html.orig] && mv -f spampd.html.orig spampd.html ++ [ -f spampd.8.orig] && mv -f spampd.8.orig spampd.8 ++ ++realclean: ++ rm -f spampd.8.gz + rm -f spampd.8 + rm -f spampd.html ++ rm -f spampd*.orig --- spampd-2.30.orig/debian/patches/50-fix-fd-usage.dpatch +++ spampd-2.30/debian/patches/50-fix-fd-usage.dpatch @@ -0,0 +1,21 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 50-fix-fd-usage.dpatch by Sven Mueller +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix filedescriptor usage (close STDIN/STDOUT/STDERR if backgrounded) + +@DPATCH@ +diff -urNad trunk/spampd /tmp/dpep.sr9Ucd/trunk/spampd +--- trunk/spampd 2005-10-18 21:09:45.000000000 +0200 ++++ /tmp/dpep.sr9Ucd/trunk/spampd 2005-10-18 21:09:45.686991691 +0200 +@@ -881,7 +881,9 @@ + syslog_ident => 'spampd', + syslog_facility => 'mail', + background => $background, +- # setsid => 1, ++ setsid => $background, # this causes stdin/stderr/stdout to ++ # be opened to /dev/null, cleanly ++ # detaching from current console + pid_file => $pidfile, + user => $user, + group => $group, --- spampd-2.30.orig/debian/patches/00list +++ spampd-2.30/debian/patches/00list @@ -0,0 +1,5 @@ +30-fix-Makefile.dpatch +45-fix-man-references.dpatch +50-fix-fd-usage.dpatch +55-workaround-for-syslog-regression.dpatch +60-use-spampd-conf.dpatch --- spampd-2.30.orig/debian/patches/55-workaround-for-syslog-regression.dpatch +++ spampd-2.30/debian/patches/55-workaround-for-syslog-regression.dpatch @@ -0,0 +1,134 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 55-workaround-for-syslog-regression.dpatch by Sven Mueller +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Work aroung the changed behaviour of Net::Server's log() implementation +## DP: Which started with version 0.89 + +@DPATCH@ +diff -urNad trunk/spampd /tmp/dpep.s3Xmyu/trunk/spampd +--- trunk/spampd 2006-04-16 18:49:55.000000000 +0200 ++++ /tmp/dpep.s3Xmyu/trunk/spampd 2006-04-16 18:51:19.357204394 +0200 +@@ -490,7 +490,12 @@ + + $msgid ||= "(unknown)"; + +- $self->log(2, "%s", "processing message $msgid for ". $recips); ++ if ($self->{spampd}->{pfs_uses_format}) { ++ $self->log(2, "%s", "processing message $msgid for ". $recips); ++ } else { ++ $self->log(2, "processing message $msgid for ". $recips); ++ } ++ + + eval { + +@@ -574,13 +579,22 @@ + my $msg_threshold = sprintf("%.2f",$status->get_required_hits); + my $proc_time = sprintf("%.2f", time - $start); + +- $self->log(2, "%s", "$was_it_spam $msgid ($msg_score/$msg_threshold) from $sender for ". +- "$recips in ". $proc_time . "s, $size bytes."); ++ if ($self->{spampd}->{pfs_uses_format}) { ++ $self->log(2, "%s", "$was_it_spam $msgid ($msg_score/$msg_threshold) from $sender for ". ++ "$recips in ". $proc_time . "s, $size bytes."); ++ } else { ++ $self->log(2, "$was_it_spam $msgid ($msg_score/$msg_threshold) from $sender for ". ++ "$recips in ". $proc_time . "s, $size bytes."); ++ } + + # thanks to Kurt Andersen for this idea + if ( $self->{spampd}->{rh} ) { +- $self->log(2, "%s", "rules hit for $msgid: " . $status->get_names_of_tests_hit); } +- ++ if ($self->{spampd}->{pfs_uses_format}) { ++ $self->log(2, "%s", "rules hit for $msgid: " . $status->get_names_of_tests_hit); ++ } else { ++ $self->log(2, "rules hit for $msgid: " . $status->get_names_of_tests_hit); } ++ } ++ + $status->finish(); + + # set the timeout alarm back to wherever it was at +@@ -589,7 +603,11 @@ + }; + + if ( $@ ne '' ) { +- $self->log(1, "%s", "WARNING!! SpamAssassin error on message $msgid: $@"); ++ if ($self->{spampd}->{pfs_uses_format}) { ++ $self->log(1, "%s", "WARNING!! SpamAssassin error on message $msgid: $@"); ++ } else { ++ $self->log(1, "WARNING!! SpamAssassin error on message $msgid: $@"); ++ } + return 0; + } + +@@ -679,7 +697,7 @@ + + #close the temp file + $smtp_server->{data}->close +- or $self->log(1, "%s", "WARNING!! Couldn't close smtp_server->{data} temp file: $!"); ++ or $self->log(1, "WARNING!! Couldn't close smtp_server->{data} temp file: $!"); + + if ( $self->{spampd}->{debug} ) { + $self->log(2, "Finished sending DATA"); } +@@ -692,7 +710,11 @@ + or die "Error in server->ok(client->hear): $!"; + + if ( $self->{spampd}->{debug} ) { +- $self->log(2, "%s", "Destination response: '" . $destresp . "'"); } ++ if ($self->{spampd}->{pfs_uses_format}) { ++ $self->log(2, "%s", "Destination response: '" . $destresp . "'"); ++ } else { ++ $self->log(2, "%s", "Destination response: '" . $destresp . "'"); } ++ } + + # if we're in data state but the response is an error, exit data state. + # Shold not normally occur, but can happen. Thanks to Rodrigo Ventura for bug reports. +@@ -723,7 +745,11 @@ + if ($@ ne '') { + chomp($@); + $msg = "WARNING!! Error in process_request eval block: $@"; +- $self->log(0, "%s", $msg); ++ if ($self->{spampd}->{pfs_uses_format}) { ++ $self->log(0, "%s", $msg); ++ } else { ++ $self->log(0, $msg); ++ } + die ($msg . "\n"); + } + +@@ -766,6 +792,17 @@ + my $envelopeheaders = 0; # Set X-Envelope-To and X-Envelope-From headers in the mail before + # passing it to spamassassin. Set to 1 to enable this + my $setenvelopefrom = 0; # Set X-Envelope-From header only ++my $pfs_uses_format = 1; # Wether or not Net::Server::PreForkSimple allows ++ # format strings as the second parameter. Note that ++ # 1 is the safe default: It might not log all wanted ++ # information, but it will not be open to format ++ # string attacks. ++ ++if ( $Net::Server::PreForkSimple::VERSION ge 0.89 ) { ++ # Version 0.89 and higher don't support format strings in ->log() ++ # calls anymore. Disable the format string protection ++ $pfs_uses_format = 0; ++} + + my %options = (port => \$port, + host => \$host, +@@ -783,6 +820,7 @@ + logsock => \$logsock, + envelopeheaders => \$envelopeheaders, + setenvelopefrom => \$setenvelopefrom, ++ pfs_uses_format => \$pfs_uses_format, + ); + + usage(1) unless GetOptions(\%options, +@@ -907,6 +945,7 @@ + instance => 0, + envelopeheaders => $envelopeheaders, + setenvelopefrom => $setenvelopefrom, ++ pfs_uses_format => $pfs_uses_format, + }, + }, 'SpamPD'; + --- spampd-2.30.orig/debian/patches/60-use-spampd-conf.dpatch +++ spampd-2.30/debian/patches/60-use-spampd-conf.dpatch @@ -0,0 +1,89 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 60-dont-open-userprefs.dpatch by Sven Mueller +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Dont open user preferences for spamassassin + +@DPATCH@ +diff -urNad trunk/spampd /tmp/dpep.IFxtvg/trunk/spampd +--- trunk/spampd 2006-06-13 20:06:05.000000000 +0200 ++++ /tmp/dpep.IFxtvg/trunk/spampd 2006-06-13 20:07:52.078374699 +0200 +@@ -778,6 +778,7 @@ + my $satimeout = 285; # SpamAssassin timeout in seconds (15s less than Postfix + # default for smtp_data_done_timeout) + my $pidfile = '/var/run/spampd.pid'; # write pid to file ++my $configfile = undef; # file to read spampd specific config from + my $user = 'mail'; # user to run as + my $group = 'mail'; # group to run as + my $tagall = 0; # mark-up all msgs with SA, not just spam +@@ -809,6 +810,7 @@ + relayhost => \$relayhost, + relayport => \$relayport, + pid => \$pidfile, ++ config => \$configfile, + user => \$user, + group => \$group, + maxrequests => \$maxrequests, +@@ -845,6 +847,7 @@ + 'debug|d', + 'help|h|?', + 'local-only|l', ++ 'config|C=s', + 'log-rules-hit|rh', + 'dose', + 'add-sc-header|ash', # deprecated +@@ -884,10 +887,19 @@ + $host = $tmp[0]; + if ( $tmp[1] ) { $port = $tmp[1]; } + +-my $assassin = Mail::SpamAssassin->new({ ++my $assassin; ++if ( defined($options{'config'}) ) { ++ $assassin=Mail::SpamAssassin->new({ + 'dont_copy_prefs' => 1, + 'debug' => $debug, ++ 'userprefs_filename' => $options{'config'}, + 'local_tests_only' => $options{'local-only'} || 0 }); ++} else { ++ $assassin=Mail::SpamAssassin->new({ ++ 'dont_copy_prefs' => 1, ++ 'debug' => $debug, ++ 'local_tests_only' => $options{'local-only'} || 0 }); ++}; + + $options{'auto-whitelist'} and eval { + require Mail::SpamAssassin::DBBasedAddrList; +@@ -897,7 +909,11 @@ + $assassin->set_persistent_address_list_factory ($addrlistfactory); + }; + +-$assassin->compile_now(); ++if ( defined($options{'config'}) ) { ++ $assassin->compile_now(); ++} else { ++ $assassin->compile_now(0); ++} + + # thanks to Kurt Andersen for the 'uname -s' fix + if ( !$options{logsock} ) { +@@ -1087,6 +1103,7 @@ + [B<--set-envelope-from|sef>] + [B<--auto-whitelist|aw>] + [B<--local-only|L>] ++[B<--config|C=filename>] + [B<--debug|d>] + + B B<--help> +@@ -1416,6 +1433,12 @@ + + Turn off all SA network-based tests (DNS, Razor, etc). + ++=item B<--config=filename> or B<--C filename> ++ ++Use the specified filename as the config read by spampd in addition to ++SpamAssassin's normal configuration files, overriding the latter. Defaults ++to not using a spampd specific configuration file. ++ + =item B<--debug> or B<--d> + + Turns on SpamAssassin debug messages which print to the system mail log --- spampd-2.30.orig/debian/spampd.postinst +++ spampd-2.30/debian/spampd.postinst @@ -0,0 +1,26 @@ +#!/bin/sh -e + +function handle_init_errs () +{ + RET=$? + if [ "$RET" = "6" ]; then + return 0 + else + exit $RET + fi + set -e +} + +case "$1" in + configure|install|upgrade) + adduser --system --group \ + --no-create-home --home /nonexistent \ + --quiet spampd + dpkg-statoverride --add spampd spampd 775 /var/cache/spampd + dpkg-statoverride --add root spampd 640 /etc/spampd.conf + ;; + *) + ;; +esac + +#DEBHELPER# --- spampd-2.30.orig/debian/changelog +++ spampd-2.30/debian/changelog @@ -0,0 +1,269 @@ +spampd (2.30-5) unstable; urgency=low + + * Add special "user" configuration file only accessed by spampd's + SpamAssassin Instance (closes: #344373) + * Revert postinst to use dh_installinit built-in option to call an error + handler if the init script fails. + * Move dependencies from build-depends-indep to build-depends + (since they must also be fulfilled when calling the clean target) + + -- Sven Mueller Fri, 16 Jun 2006 15:26:49 +0200 + +spampd (2.30-4) unstable; urgency=low + + * Fix init script return value when run by non-root + * Use error handler for init script calls in postinst/prerm (closes: #366362) + + -- Sven Mueller Mon, 8 May 2006 02:43:00 +0200 + +spampd (2.30-3) unstable; urgency=low + + * Fix syntax errors introduced during prior update (slipped in after test) + Thanks for the report and fix to Adam James + (closes: #362839) + * Remove Martin F. Krafft from the uploaders field + + -- Sven Mueller Fri, 14 Apr 2006 20:14:44 +0200 + +spampd (2.30-2) unstable; urgency=low + + * Add workaround patch for the regression of libnet-server-perl's log() + function (closes: #344372) + Format string protection in Net::Server::PreForkSimple->log() calls + is now only used for libnet-server-perl versions below 0.89 + * Don't read user config when parsing spamassassin config (related to: + bug #344373) + Note: Doesn't close bug yet because it's no real resolution. + * Make init script report insufficient privileges when not run as root + (closes: #350637) + * Update policy version (removes lintian warning) + + -- Sven Mueller Thu, 23 Mar 2006 22:21:25 +0100 + +spampd (2.30-1) unstable; urgency=low + + * New upstream release + - fixes possible DoS/remote exploit (closes #332259) + * remove various dpatch files (incorporated by upstream) + + -- Sven Mueller Wed, 30 Nov 2005 17:27:45 +0100 + +spampd (2.20-18) unstable; urgency=low + + * Fix match/concatenation with uninitialized string (off by 1 error during + walk through array) + * Change all server->log calls to use "%s" as the second argument so that + any %* in the string passed as third argument aren't expanded. spampd + doesn't use the expansion feature anyway, so any expansion made would be + accidental. + + -- Sven Mueller Wed, 19 Oct 2005 14:54:17 +0200 + +spampd (2.20-17) unstable; urgency=high + + * Make init script completely LSB 2.1/3.0 compliant, see + http://refspecs.freestandards.org/LSB_2.1.0/LSB-generic/LSB-generic/iniscrptact.html + http://refspecs.freestandards.org/LSB_2.1.0/LSB-generic/LSB-generic/initscrcomconv.html + respectively + http://refspecs.freestandards.org/LSB_3.0.0/LSB-generic/LSB-generic/iniscrptact.html + http://refspecs.freestandards.org/LSB_3.0.0/LSB-generic/LSB-generic/initscrcomconv.html + * remove the last remaining (possible) bashisms from init script + (closes #317746) + * fix up README.Debian a bit + * add note to README.Debian to document initially disabled state of the + daemon. + * Fix a DoS vulnerability in MSGID-Handling + * Fix match/concatenation with uninitialized string + + -- Sven Mueller Tue, 18 Oct 2005 21:33:35 +0200 + +spampd (2.20-16) unstable; urgency=low + + * Remove bashism from init script (closes #317746) + + -- Sven Mueller Tue, 12 Jul 2005 21:24:59 +0200 + +spampd (2.20-14) unstable; urgency=low + + * Don't depend on coreutils (closes #316427) + * Fix a small cosmetic problem with perl complain about the SA version + string not being a number. The fixtrims the SA version string to something + matches [0-9]+\.[0-9]+, an alternate patch which switches to textual + compares instead of numerical compares is available in debin/patches. + + -- Sven Mueller Tue, 5 Jul 2005 14:55:05 +0200 + +spampd (2.20-11) unstable; urgency=low + + * Fix init script to exit with returncode 0 if asked to stop + non-running daemon (should make the init script LSB compliant + as far as I know). + + -- Sven Mueller Thu, 30 Jun 2005 16:05:06 +0200 + +spampd (2.20-10) unstable; urgency=low + + * Never publicly released + * Fixed a small problem (numeric comparison of possibly non-numeric strings) + with detection of the used SpamAssassin version + * Fix my own dpatch scripts to never create backups of patched files. They + shouldn't be necessary because my scripts only apply the patches if a test + with 'patch --dry-run' doesn't report any problem + + -- Sven Mueller Sun, 5 Jun 2005 01:35:36 +0200 + +spampd (2.20-9) unstable; urgency=low + + * Fix line duplication introduced by the add-envelope-from_to patch + * Fix a typo in debian/patches/55-add-envelope-from_to.dpatch which + prevented the patch from being applied. (closes: #295590) + - The option to enable addition of envelope headers is -seh or + --set-envelope-headers + * Fix a typo in the package description (closes: #300066) + * remove dh_testroot from build and clean targets. It's only needed + in the install target + + -- Sven Mueller Mon, 21 Mar 2005 21:28:52 +0100 + +spampd (2.20-8) unstable; urgency=high + + * Fix two problems in the patch to add Envelope-To and Envelope-From + headers, which was introduced with the last upload (closes: #292410) + * Add some documentation regarding timeout values do the + debian readme (see also #292064) + * Add a ADDOPTS variable to /etc/default/spampd and use it + in /etc/init.d/spampd to allow passing of additional + commandline arguments to spampd + + -- Sven Mueller Wed, 2 Feb 2005 01:38:55 +0100 + +spampd (2.20-7) unstable; urgency=low + + * Added patch which allows addition of Envelope-To and Envelope-From + headers before passing the message to SpamAssassin (closes: #285531) + * Remove spampd user only when the package is purged, not when removed + * Don't redirect any output (stdout/stderr) from adduser in postinst + script. Use --quiet instead + * Remove spampd.orig (is sometimes created by the dpatch scripts) + in the clean target + + -- Sven Mueller Sat, 1 Jan 2005 18:15:47 +0100 + +spampd (2.20-6) unstable; urgency=low + + * Allow configuration of the syslog destination + via /etc/default/spampd (INET socket or UNIX socket) + * Switch default syslog destination to UNIX because Debian + standard configuration of syslogd doesn't allow logging + via INET socket. + + -- Sven Mueller Sun, 12 Dec 2004 01:12:00 +0100 + +spampd (2.20-5) unstable; urgency=low + + * Added martin f. krafft as a co-maintainer on his request + * Depend on dpkg >= 1.10.23 (closes: #281101) + * pass setsid -> 1 to Net::Server when backgrounded + thereby closing stdin/stdout/stderr when daemonized + * don't redirect stdin/stdout/stderr on start-stop-daemon + in initscript (not needed anymore due to previous fix) + * Fix a minor mistake in debian/README.debian + * Moved over to dpatch for patch handling + * Replace Build-Depends with more appropriate + Build-Depends-Indep + + -- Sven Mueller Tue, 16 Nov 2004 18:54:51 +0100 + +spampd (2.20-4) unstable; urgency=low + + * Fixed postinst and prerm scripts to suppress adduser/deluser + output. It just doesn't say anything important anyway. + * Suppress start-stop-daemon output on "/etc/init.d/spampd stop" + if the daemon is disabled in /etc/default/spampd. + + -- Sven Mueller Sun, 10 Oct 2004 19:56:33 +0200 + +spampd (2.20-3) unstable; urgency=low + + * Fixed up the init script to some degree + * Changed init script to use start-stop-daemon instead of handling + everything manually + + -- Sven Mueller Sat, 9 Oct 2004 12:55:57 +0200 + +spampd (2.20-2) unstable; urgency=low + + * Fixed a bug in preinst script which caused the spampd user not + to be added + * Added check after adding the user wether or not the user now + exists. Fail preinst script if it doesn't exist + * Upstream changed version number without significant source + changes, to fix upgrade problems because of 2.2 being smaller + than 2.12 + + -- Sven Mueller Fri, 8 Oct 2004 02:00:23 +0200 + +spampd (2.2-1) unstable; urgency=low + + * Updated to new upstream release + * Now supports spamassassin 2.6 again + + -- Sven Mueller Wed, 6 Oct 2004 13:28:17 +0200 + +spampd (2.12-8) unstable; urgency=low + + * Update control file to Standards version 3.6.1.1 + * Corrected problems in package description + * Modified init script to accept yes/true/enable/1 to + enable an option in /etc/default/spampd + * Sponsored by martin f. krafft + (closes: Bug#220007). + + -- Sven Mueller Tue, 5 Oct 2004 18:52:09 +0200 + +spampd (2.12-7) unstable; urgency=low + + * Patched spampd to work with SpamAssassin version 3 + (This breaks compatibility with SpamAssassin version 2!) + * Changed dependecy on SpamAssassin from << 3 to >= 3 + + -- Sven Mueller Wed, 29 Sep 2004 19:49:07 +0200 + +spampd (2.12-6) unstable; urgency=low + + * Added a < 3 to the SpamAssassin dependency + + -- Sven Mueller Wed, 26 Sep 2004 19:49:07 +0200 + +spampd (2.12-5) unstable; urgency=low + + * Made the init script full LSB 2.0 compliant + + -- Sven Mueller Thu, 25 Sep 2004 13:09:17 +0200 + +spampd (2.12-4) unstable; urgency=low + + * Fixed a typo in the init script which made it ignore various + /etc/default/spampd settings + + -- Sven Mueller Wed, 24 Sep 2004 19:53:07 +0200 + +spampd (2.12-3) unstable; urgency=low + + * Removed default html documentation file and added make rule + to generate it freshly from the perl file (pod2html). + + -- Sven Mueller Mon, 15 Sep 2004 19:49:07 +0200 + +spampd (2.12-2) unstable; urgency=low + + * Added manpages + + -- Sven Mueller Mon, 14 Sep 2004 18:48:23 +0200 + +spampd (2.12-1) unstable; urgency=low + + * Initial Release. + + -- Sven Mueller Mon, 13 Sep 2004 17:00:16 +0200 + --- spampd-2.30.orig/debian/rules +++ spampd-2.30/debian/rules @@ -0,0 +1,87 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS))) + CFLAGS += -g +endif +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + INSTALL_PROGRAM += -s +endif + +configure: configure-stamp +configure-stamp: + dh_testdir + # Add here commands to configure the package. + + touch configure-stamp + + +build: patch build-stamp + +build-stamp: configure-stamp + dh_testdir + + # Add here commands to compile the package. + $(MAKE) + #/usr/bin/docbook-to-man debian/spampd.sgml > spampd.1 + + touch build-stamp + +clean-patched: + dh_testdir + rm -f build-stamp configure-stamp + + # Add here commands to clean up after the build process. + rm -f spampd.8 spampd.8.gz + + dh_clean + +clean: clean-patched unpatch + rm -f spampd.orig + +patch: patch-stamp +patch-stamp: + dpatch apply-all + touch patch-stamp + +unpatch: + dpatch deapply-all + rm -rf patch-stamp debian/patched + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/spampd. + $(MAKE) install DESTDIR=$(CURDIR)/debian/spampd + mkdir -p $(CURDIR)/debian/spampd/etc + cp debian/spampd.conf $(CURDIR)/debian/spampd/etc/spampd.conf + + +# Build architecture-independent files here. +binary-arch: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-indep: build install + dh_testdir + dh_installdocs + dh_installinit --error-handler handle_init_errs + dh_installman + dh_installchangelogs changelog.txt + dh_compress + dh_fixperms + dh_installdeb + dh_perl + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- spampd-2.30.orig/debian/dirs +++ spampd-2.30/debian/dirs @@ -0,0 +1,2 @@ +usr/sbin +var/cache/spampd --- spampd-2.30.orig/debian/watch +++ spampd-2.30/debian/watch @@ -0,0 +1,7 @@ +# Example watch control file for uscan +version=2 +# Rename this file to "watch" and then you can run the "uscan" command +# to check for upstream updates and more. +# Site Directory Pattern Version Script +#sunsite.unc.edu /pub/Linux/Incoming spampd-(.*)\.tar\.gz debian uupdate +http://www.worlddesign.com/index.cfm/rd/mta/spampd.htm .*\/spampd\/spampd-([\d\.]*).tar.gz debian uupdate --- spampd-2.30.orig/debian/spampd.default +++ spampd-2.30/debian/spampd.default @@ -0,0 +1,55 @@ +# Defaults file for spampd, the spam proxy daemon +# (spampd is using spamassassin to scan mails) + +# On boolean options, 0 means off/no/false, 1 means on/yes/true + +# Wether or not to start spampd (0/1) +STARTSPAMPD=1 + +# where to put the PID file +PIDFILE=/var/run/spampd.pid + +# The IP to listen on +LISTENHOST=127.0.0.1 + +# The port to listen on +LISTENPORT=10025 + +# The host to forward the connection to +DESTHOST=127.0.0.1 + +# The port to forward the connection to +DESTPORT=10026 + +# How many parallel checks can be done in parallel +CHILDREN=3 + +# user ID to run as +USERID=spampd + +# group ID to run as +GRPID=spampd + +# Wether or not to tag all messages (0/1) +TAGALL=1 + +# Wether or not to use auto-whitelisting (0/1) +AUTOWHITELIST=0 + +# Wether or not to do only local checks +# if this is turned on, no network based checks +# (like DNS-Blacklists) are done. (0/1) +LOCALONLY=1 + +# Wether to prefer INET (network,1) for syslog logging +# instead of UNIX (unix domain socket,0) (0/1) +LOGINET=0 + +# Any additional parameters you want to pass to spampd +# +# The following sample entry enables use of a config file +# by spampd which can be used to override parameters from +# the system-wide SpamAssassin configuration +# +#ADDOPTS="--config=/etc/spampd.conf" +ADDOPTS="" --- spampd-2.30.orig/debian/spampd.prerm +++ spampd-2.30/debian/spampd.prerm @@ -0,0 +1,29 @@ +#!/bin/sh -e + +function handle_init_errs () +{ + if [ "$1" = "6" ]; then + return 0 + else + exit $1 + fi +} + +if [ -x "/etc/init.d/spampd" ]; then + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d spampd stop || handle_init_errs $? + else + /etc/init.d/spampd stop || handle_init_errs $? + fi +fi + +#DEBHELPER# + +case "$1" in + purge) + deluser spampd > /dev/null 2>&1 || true + delgroup spampd > /dev/null 2>&1 || true + ;; + *) + ;; +esac --- spampd-2.30.orig/debian/copyright +++ spampd-2.30/debian/copyright @@ -0,0 +1,26 @@ +This package was debianized by Sven Mueller on +Mon, 13 Sep 2004 17:00:16 +0200. + +It was downloaded from http://www.worlddesign.com/index.cfm/rd/mta/spampd.htm + +Upstream Author: Maxim Paperno + +Copyright: + +spampd is Copyright © 2002 by World Design Group Inc. and Maxim Paperno + +Portions are Copyright © 2001 Morgan Stanley Dean Witter as mentioned +in the CREDITS section at: http://www.worlddesign.com/index.cfm/rd/mta/spampd.htm + +This program is free software; you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by the +Free Software Foundation; either version 2 of the License, or (at your +option) any later version. + +This program is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +more details. + +The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html +or at /usr/share/common-licenses/GPL --- spampd-2.30.orig/debian/spampd.conf +++ spampd-2.30/debian/spampd.conf @@ -0,0 +1,19 @@ +# +# NOTE: This config isn't used by default! +# You need to enable its use in /etc/default/spampd +# + +# Use this to set options for SpamAssassin you only want to have set +# when actually running SpamAssassin from spampd. Below are a few examples +# you might want to use. Remove the hashmark (#) in front of them to enable +# them and edit them to meet your needs. Note that you might need to fix +# path permissions to match your system. + +#use_bayes 1 +#bayes_path /var/cache/spampd/bayes +#auto_whitelist_path /var/cache/spampd/awl + +# +# NOTE: This config isn't used by default! +# You need to enable its use in /etc/default/spampd +# --- spampd-2.30.orig/debian/spampd.docs +++ spampd-2.30/debian/spampd.docs @@ -0,0 +1 @@ +spampd.html --- spampd-2.30.orig/debian/README.Debian +++ spampd-2.30/debian/README.Debian @@ -0,0 +1,37 @@ +SpamPD for Debian +----------------- + +SpamPD configuration takes place in /etc/default/spampd as far as the network +connections are concerned. Any more advanced configuration of the the +SpamAssassin part is done in /etc/spamassassin/local.cf as usual with with +SpamAssassin. Additionally, as of Debian package 2.30-5, it is now now possible +to specify an additional configuration file which can override any option given +in the system wide configuration of SpamAssassin. + +Running SpamPD in unintended ways +--------------------------------- + +SpamPD is (like amavisd-new and similar filters) intended to be run as a +_post-queue_ filter in postfix or in a similar way with other MTAs. However, +the following hints might help you to use it as a pre-queue filter or even in +front of your MTA. Both setups really are _not_ recommended though pre-queue +filtering seems to work fine. Running SpamPD in front of your MTA can quickly +turn your mailserver into an open relay if you are not 100% careful with the +setup. It also exposes SpamPD to malicious traffic which is normally caught by +the MTA in front of it. Though SpamPD has no known security holes, it's better +to be careful especially since SpamPD security relies on SpamAssassin being +secure. These notes of caution don't necessarily apply when running SpamPD as +a pre-queue filter though. Anyway, here is as much help as I can give you with +either setup. It's mostly related to network timeouts. + +By default, SpamPD times out after 5 minutes if no network paket is +received or after 6 minutes have gone by since start of the SMTP +dialogue. The first parameter isn't directly adjustable, but that shouldn't be +a problem in any case. The second one however can pose a problem for +really slow clients (or extremely large mails). +If you experience such problems (i.e. a client isn't able to send +large mails even though it slowly but steadily sends data), try +passing "--childtimeout=3600" (60 minutes) to spampd using the +ADDOPTS entry in /etc/default/spampd. + + -- Sven Mueller , Tue, 13 Jun 2006 20:22:42 +0200