debian/postfwd
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: debian:master
Branches Tags
debian:master
debian:development
debian:bullseye
debian:upstream
debian:debian/1.35-8
debian:debian/1.35-7
debian:debian/1.35-6
debian:debian/1.35-5
debian:debian/1.35-4
debian:debian/1.35-3
debian:debian/1.35-2
debian:upstream/1.35
debian:upstream/1.32
debian:upstream/1.20
debian:upstream/1.18
debian:upstream/1.17
debian:upstream/1.16
debian:upstream/1.14
debian:upstream/1.10pre8b
debian:upstream/1.10pre7c
debian:debian/1.35-1
debian:debian/1.32-2
debian:debian/1.32-1
debian:debian/1.20-1
debian:debian/1.17-1
debian:debian/1.16-2
debian:debian/1.18-1
debian:debian/1.16-1
debian:debian/1.14-1
debian:debian/1.10pre8b-1
debian:debian/1.10pre7c-3
debian:debian/1.10pre7c-2
debian:debian/1.10pre7c-1
..
compare: debian:upstream
Branches Tags
debian:development
debian:master
debian:bullseye
debian:upstream
debian:debian/1.35-8
debian:debian/1.35-7
debian:debian/1.35-6
debian:debian/1.35-5
debian:debian/1.35-4
debian:debian/1.35-3
debian:debian/1.35-2
debian:upstream/1.35
debian:upstream/1.32
debian:upstream/1.20
debian:upstream/1.18
debian:upstream/1.17
debian:upstream/1.16
debian:upstream/1.14
debian:upstream/1.10pre8b
debian:upstream/1.10pre7c
debian:debian/1.35-1
debian:debian/1.32-2
debian:debian/1.32-1
debian:debian/1.20-1
debian:debian/1.17-1
debian:debian/1.16-2
debian:debian/1.18-1
debian:debian/1.16-1
debian:debian/1.14-1
debian:debian/1.10pre8b-1
debian:debian/1.10pre7c-3
debian:debian/1.10pre7c-2
debian:debian/1.10pre7c-1

No commits in common. "master" and "upstream" have entirely different histories.
master ... upstream

29 changed files with 0 additions and 1510 deletions
Show stats Expand all files Collapse all files

12
.github/dependabot.yml vendored
View file

@ -1,12 +0,0 @@
version: 2
updates:
- package-ecosystem: github-actions
directory: "/"
schedule:
interval: daily
time: "04:00"
reviewers:
- "waja"
pull-request-branch-name:
separator: "-"
open-pull-requests-limit: 10

36
.github/workflows/packaging_test.yml vendored
View file

@ -1,36 +0,0 @@
name: Packaging Test
on:
push:
branches:
- $default-branch
- development
- master
# Run tests for any PRs
pull_request:
env:
SOURCE_DIR: ./
ARTIFACTS_DIR: debian/build/release/
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
env:
DEBIAN_FRONTEND: "noninteractive"
- name: Remove github artefacts
run: |
rm -rf .github*
- name: Adjust distibution in changelog file
run: |
sed -i '0,/restricted/s//stable/' debian/changelog
- name: Build Debian package
uses: dawidd6/action-debian-package@v1.5.0
with:
artifacts_directory: debian/build/release/
os_distribution: testing
- name: Debug
run: |
ls -la

71
.github/workflows/release.yml vendored
View file

@ -1,71 +0,0 @@
on:
push:
# Sequence of patterns matched against refs/tags
tags:
- 'debian/*' # Push events to matching debian/*, i.e. debian/1.0-2, debian/20.15.10, debian/23.20020326
name: Release Process
env:
SOURCE_DIR: ./
ARTIFACTS_DIR: debian/build/release/
jobs:
create-release:
name: Create Release
runs-on: ubuntu-latest
outputs:
release-id: ${{ steps.create_release.outputs.id }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install needed packages
run: |
if [ $(dpkg -l | grep -c dpkg-dev) -ne 1 ]; then sudo apt-get update && sudo apt-get install -y dpkg-dev; fi
- name: Gather changelog
run: |
ls -la
dpkg-parsechangelog | tail -n +9 > debian.changelog
- name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
body_path: debian.changelog
draft: false
prerelease: false
build:
name: Build and upload packages
needs: create-release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
env:
DEBIAN_FRONTEND: "noninteractive"
- name: Remove github artefacts
run: |
rm -rf .github*
- name: Adjust distibution in changelog file
run: |
sed -i '0,/restricted/s//stable/' debian/changelog
- name: Build Debian package
uses: dawidd6/action-debian-package@v1.5.0
with:
artifacts_directory: debian/build/release/
os_distribution: testing
# - name: Build Debian package
# uses: pi-top/action-debian-package@v0.2.0
# with:
# artifacts_directory: debian/build/release/
# target_architectures: "amd64,i386"
- name: Upload the artifacts
uses: skx/github-action-publish-binaries@release-2.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
releaseId: ${{ needs.create-release.outputs.release-id }}
args: debian/build/release/*

32
.travis.yml
View file

@ -1,32 +0,0 @@
dist: xenial
sudo: required
env:
- TRAVIS_DEBIAN_DISTRIBUTION=unstable TRAVIS_DEBIAN_MIRROR="http://httpredir.debian.org/debian/" TRAVIS_DEBIAN_SECURITY_UPDATES=false
- TRAVIS_DEBIAN_DISTRIBUTION=testing TRAVIS_DEBIAN_MIRROR="http://httpredir.debian.org/debian/"
- TRAVIS_DEBIAN_DISTRIBUTION=stable TRAVIS_DEBIAN_MIRROR="http://httpredir.debian.org/debian/"
services:
- docker
before_script:
# fetch all tags (not done due travis cloning with depth=50)
- git fetch --tags
script:
# build the debian package
- wget -O- http://travis.debian.net/script.sh | sh -
after_script:
# run lintian after build
- sudo add-apt-repository -y ppa:waja/trusty-backports
- sudo apt-get update -qq
- sudo apt-get install -qq --no-install-recommends lintian
- lintian --info --display-info --display-experimental --pedantic --show-overrides ../*.deb && lintian --info --display-info --display-experimental --pedantic --show-overrides ../*.dsc
#notifications:
# email: false
branches:
except:
- /^debian\/\d/

14
debian/.gitlab-ci.yml vendored
View file

@ -1,14 +0,0 @@
include:
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
variables:
RELEASE: 'unstable'
SALSA_CI_DISABLE_APTLY: 0
SALSA_CI_DISABLE_AUTOPKGTEST: 1
SALSA_CI_DISABLE_BLHC: 0
SALSA_CI_DISABLE_LINTIAN: 0
SALSA_CI_DISABLE_PIUPARTS: 1
SALSA_CI_DISABLE_REPROTEST: 1
SALSA_CI_DISABLE_BUILD_PACKAGE_ALL: 0
SALSA_CI_DISABLE_BUILD_PACKAGE_ANY: 0

188
debian/bin/github-release.sh vendored
View file

@ -1,188 +0,0 @@
#!/bin/bash
# Copyright (c) 2014 Terry Burton
#
# https://github.com/terryburton/travis-github-release
#
# Permission is hereby granted, free of charge, to any
# person obtaining a copy of this software and associated
# documentation files (the "Software"), to deal in the
# Software without restriction, including without
# limitation the rights to use, copy, modify, merge,
# publish, distribute, sublicense, and/or sell copies of
# the Software, and to permit persons to whom the Software
# is furnished to do so, subject to the following
# conditions:
#
# The above copyright notice and this permission notice
# shall be included in all copies or substantial portions
# of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY
# KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
# THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
# PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
# DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
# CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
# This script provides a simple continuous deployment
# solution that allows Travis CI to publish a new GitHub
# release and upload assets to it whenever a tag is pushed:
# git tag; git push --tags
#
# It is created as a temporary solution whilst we wait for
# Travis DPL to support GitHub:
#
# https://github.com/travis-ci/dpl
#
# Place this script somewhere in your project repository (perhaps by forking
# the github-travis-release repo and adding your fork as a git submodule) then
# put something like this to your .travis.yml:
#
# after_success: .travis/github-release.sh "$TRAVIS_REPO_SLUG" "`head -1 src/VERSION`" build/release/*
#
# The first argument is your repository in the format
# "username/repository", which Travis provides in the
# TRAVIS_REPO_SLUG environment variable.
#
# The second argument is the release version which as a
# sanity check should match the tag that you are releasing.
# You could pass "`git describe`" to satisfy this check.
#
# The remaining arguments are a list of asset files that you
# want to publish along with the release.
#
# The script requires that you create a GitHub OAuth access
# token to facilitate the upload:
#
# https://help.github.com/articles/creating-an-access-token-for-command-line-use
#
# You must pass this securely in the GITHUBTOKEN environment
# variable:
#
# http://docs.travis-ci.com/user/encryption-keys/
#
# For testing purposes you can create a local convenience
# file in the script directory called GITHUBTOKEN that sets
# the GITHUBTOKEN environment variable. If you do so you MUST
# ensure that this doesn't get pushed to your repository,
# perhaps by adding it to a .gitignore file.
#
# Should you get stuck then look at a working example. This
# code is being used by Barcode Writer in Pure PostScript
# for automated deployment:
#
# https://github.com/terryburton/postscriptbarcode
set -e
REPO=$1 && shift
RELEASE=$1 && shift
RELEASEFILES=$@
if ! TAG=`git describe --exact-match --tags 2>/dev/null`; then
echo "This commit is not a tag so not creating a release"
exit 0
fi
if [ "$TRAVIS" = "true" ] && [ -z "$TRAVIS_TAG" ]; then
echo "This build is not for the tag so not creating a release"
exit 0
fi
if [ "$TRAVIS" = "true" ] && [ "$TRAVIS_TAG" != "$RELEASE" ]; then
echo "Error: TRAVIS_TAG ($TRAVIS_TAG) does not match the indicated release ($RELEASE)"
exit 1
fi
if [ "$TAG" != "$RELEASE" ]; then
echo "Error: The tag ($TAG) does not match the indicated release ($RELEASE)"
exit 1
fi
if [[ -z "$RELEASEFILES" ]]; then
echo "Error: No release files provided"
exit 1
fi
SCRIPTDIR=`dirname $0`
[ -e "$SCRIPTDIR/GITHUBTOKEN" ] && . "$SCRIPTDIR/GITHUBTOKEN"
if [[ -z "$GITHUBTOKEN" ]]; then
echo "Error: GITHUBTOKEN is not set"
exit 1
fi
echo "Creating GitHub release for $RELEASE"
echo -n "Create draft release... "
JSON=$(cat <<EOF
{
"tag_name": "$TAG",
"target_commitish": "master",
"name": "$TAG: New release",
"draft": true,
"prerelease": false
}
EOF
)
RESULT=`curl -s -w "\n%{http_code}\n" \
-H "Authorization: token $GITHUBTOKEN" \
-d "$JSON" \
"https://api.github.com/repos/$REPO/releases"`
if [ "`echo "$RESULT" | tail -1`" != "201" ]; then
echo FAILED
echo "$RESULT"
exit 1
fi
RELEASEID=`echo "$RESULT" | sed -ne 's/^ "id": \(.*\),$/\1/p'`
if [[ -z "$RELEASEID" ]]; then
echo FAILED
echo "$RESULT"
exit 1
fi
echo DONE
for FILE in $RELEASEFILES; do
if [ ! -f $FILE ]; then
echo "Warning: $FILE not a file"
continue
fi
FILESIZE=`stat -c '%s' "$FILE"`
FILENAME=`basename $FILE`
echo -n "Uploading $FILENAME... "
RESULT=`curl -s -w "\n%{http_code}\n" \
-H "Authorization: token $GITHUBTOKEN" \
-H "Accept: application/vnd.github.manifold-preview" \
-H "Content-Type: application/zip" \
--data-binary "@$FILE" \
"https://uploads.github.com/repos/$REPO/releases/$RELEASEID/assets?name=$FILENAME&size=$FILESIZE"`
if [ "`echo "$RESULT" | tail -1`" != "201" ]; then
echo FAILED
echo "$RESULT"
exit 1
fi
echo DONE
done
echo -n "Publishing release... "
JSON=$(cat <<EOF
{
"draft": false
}
EOF
)
RESULT=`curl -s -w "\n%{http_code}\n" \
-X PATCH \
-H "Authorization: token $GITHUBTOKEN" \
-d "$JSON" \
"https://api.github.com/repos/$REPO/releases/$RELEASEID"`
if [ "`echo "$RESULT" | tail -1`" = "200" ]; then
echo DONE
else
echo FAILED
echo "$RESULT"
exit 1
fi

298
debian/changelog vendored
View file

@ -1,298 +0,0 @@
postfwd (1.35-9) UNRELEASED; urgency=medium
*
-- Jan Wagner <waja@cyconet.org> Mon, 23 Jan 2023 12:43:03 +0000
postfwd (1.35-8) unstable; urgency=medium
* [d32c972] d/watch: Update to new url scheme
* [47e9ee0] Bump debhelper from old 12 to 13.
* [cac0b96] Bump Standards-Version to 4.6.2
* [98d8062] Update watch file format version to 4.
* [7ba39f1] Drop lsb-base, sysvinit-utils is essential
* [be975fb] Set Rules-Requires-Root: no.
-- Jan Wagner <waja@cyconet.org> Mon, 23 Jan 2023 12:40:57 +0000
postfwd (1.35-7) unstable; urgency=medium
* [f2a169d] Use secure copyright file specification URI.
* [270413d] Use secure URI in Homepage field.
* [1563d38] d/source/options: Adding .github to diff ignore
* [f32e604] Adding d/.gitlab-ci.yml
* [94f95bc] Adding Dependabot config
* [b16de77] Do not remove .git* anymore
* [4926505] ci: pin action versions
* [d0ecd91] d/rules: Calling dh_installsystemd (Closes: #994901)
-- Jan Wagner <waja@cyconet.org> Tue, 28 Sep 2021 13:28:53 +0200
postfwd (1.35-6) unstable; urgency=medium
* [1446da0] Fix initscript (Closes: #942414)
* [3abd7a4] Bump Standards-Version to 4.5.1.0, no changes needed
* [27de180] Adding Github CI
* [a282d29] d/control: Raise compat level to 12
-- Jan Wagner <waja@cyconet.org> Wed, 06 Jan 2021 21:49:07 +0100
postfwd (1.35-5) unstable; urgency=medium
* [217213b] Adding systemd unit file
* [8e419b4] Add a bit documentation about systemd (and sysvinit)
* [62139a7] travis-ci: Use xenial image
* [ac0ac42] d/control: Bump Standards-Version to 4.3.0, no changes needed
* [e438455] d/postfwd.postrm: detect existens of command by which and
not 'test -x'
-- Jan Wagner <waja@cyconet.org> Thu, 24 Jan 2019 09:37:19 +0100
postfwd (1.35-4) unstable; urgency=medium
* [e8799d3] travis-ci: don't install build-deps manual
* [c86c540] travis-ci: build package with dpkg-buildpackage
* [07e9eeb] travis-ci: Initial support for uploading releases to github
* [231a90f] Merging upstream changes of github-release.sh
* [b832cd0] Updating copyright and author of debian/bin/github-release.sh
* [5e353b5] debian/control: reformating with warp-and-sort
* [3862572] Reformating with warp-and-sort the rest of debian/
* [d4687ee] travis-ci: grab actual used upstream version
* [4d0d01d] travis-ci: Adding required arguments for trusty
* [11da7ca] travis-ci: automatically install dependencies
* [7ad8c99] d/control: Bump Standards-Version to 3.9.8, no changes needed
* [80b011c] d/control: Depend on lsb-base
* [583a10d] travis-ci: Make use of travis.d.n
-- Jan Wagner <waja@cyconet.org> Mon, 05 Dec 2016 11:50:27 +0100
postfwd (1.35-3) unstable; urgency=medium
* [965e0d7] Remove shiped html files from binaries
* [17c1925] Bump Standards-Version to 3.9.6, no changes needed
-- Jan Wagner <waja@cyconet.org> Mon, 13 Oct 2014 15:02:11 +0200
postfwd (1.35-2) unstable; urgency=low
* Migrate over example installation to postfwd.examples
* Add plugins/*.sample to examples
* [6f4f77b] Remove generated hapolicy manpage in clean target
* [05ca589] Updating standards version to 3.9.4, no changes needed
* [bb64a82] Source init functions in init script
* [5d8b250] Update Vcs-headers
* [0df5d0a] Updating standards version to 3.9.5, no changes needed
* [86f8f61] Add travis-ci config
* [010082b] Remove unneeded purge from travis config
* [7542e86] Reorder and comment .travis.yml
* [7025f4f] Add lintian checks after build
* [ddbfcc0] Update to recent copyright format
* [b9b503e] Move samples into /usr/share/doc/postfwd/examples
* [1e7c202] Add 10_fix_wording_manpages.patch to fix manpages
* [f7da50f] travis-ci: Remove dpatch from build-deps
* [dd5f01d] Add 20_fix_postfwd1_default_umask.patch to fix postfwd default
umask (Closes: #717607), thanks Jesse Norell
* [172a432] Fix bug report source format move
-- Jan Wagner <waja@cyconet.org> Sun, 09 Mar 2014 23:43:28 +0100
postfwd (1.35-1) unstable; urgency=low
* New upstream release
- fixed fixed taint mode logging error
- check_* functions use print/getline instead of send/recv for large
--dumpcache output
- log_* routines added to allow the same plugins for postfwd1 and postfwd2
- added more information when using --debug=cleanup
- new sendmail(sendmail-path::from::to::subject::body) action
- rate(), size() and rcpt() function index is now case insensitive by
default
- fixed segfault when using new perl versions (Closes: #697653)
-- Jan Wagner <waja@cyconet.org> Wed, 22 May 2013 14:49:15 +0200
postfwd (1.33-1) UNRELEASED; urgency=low
* New upstream release
- fixed bug when computing scores with more than 1 digit after the "."
- fixed bug when computing negative values with the set action
- ITEMS plugins returning zero values were handled incorrectly
- max command recursion was not reset for each rule
- fixed warning about use of (uninitialized value) when STORABLE
is available but no cache file was defined (Closes: #697657)
* Fix comment in /etc/default/postfwd (Closes: #679924), thanks Jeroen
Koekkoek
* Fix typo in README.Debian (closes: #691242), thanks Axel Beckert
-- Jan Wagner <waja@cyconet.org> Thu, 29 Mar 2012 20:31:17 +0200
postfwd (1.32-2) unstable; urgency=low
* Switch over to packaging format 3.0 (quilt) (Closes: #664368)
* Updating standards version to 3.9.3, no changes needed
* Remove build-dependency of dpatch
* Use dh_prep instead of dh_clean -k
* Add build-arch and build-indep targets to debian/rules
-- Jan Wagner <waja@cyconet.org> Thu, 29 Mar 2012 20:22:17 +0200
postfwd (1.32-1) unstable; urgency=low
* New upstream release
- new option --save_rates=<file> is able to load and save rate limit counters
to disk on program start and termination.
- the --debugitem="sender=example\.org$" option allows verbose logging for
particular requests
- the debug() action enables verbose logging for certain rules
- nested commands are possible now
- new mail(server/helo/from/to/subject/body) action.
- single cache items can be wiped
- sasl_username is logged if available
- rate limit action is executed, if the first request exceeds the limit
- exceeded ratecounters will not be kept permanently anymore
- rate limits are evaluated at ruleset stage now
- new parser enhancement is able to omit the trailing "\" for multi-line
rules
- new plugin interface (BETA)
- Time::HiRes is used if available
- multiple rate limits for the same items are supported now
- new $$ratecount variable for rate() actions
- new option --keep_rates
- queueid is logged when available
- rate limits fixed
- new --debug class 'cleanup'
- documentation updates and fixes
* Suppress output on restarting via init script (Closes: #636782), thanks
Martin F. Krafft for reporting
* Add hapolicy and manpage into separate binary package
* Reorganize documentation
- Add new files from upstream to documentation
- Changelogs where renamed by upstream
* Bump Standards-Version to 3.9.2, no changes needed
-- Jan Wagner <waja@cyconet.org> Wed, 21 Dec 2011 22:27:27 +0100
postfwd (1.20-1) unstable; urgency=low
* New upstream release
- Release contains postfwd1 and postfwd2 now (Closes: #582969)
- new --umask setting allows to set filepermissions for pidfiles and unix
domain sockets
- Rate limit code rewritten
- rbl checks disabled for ipv6 addresses, cidr compare will switch to
default (regex/string)
- rbl check could fail on multiple dnsbl answers
* Add dpatch infrastructure
* Provide update-alternatives for choosing the postfwd variant
* Install also CHANGELOG2
* Bump Standards-Version to 3.9.1, no changes needed
-- Jan Wagner <waja@cyconet.org> Thu, 10 Feb 2011 08:38:04 +0100
postfwd (1.18-1) unstable; urgency=low
* New upstream release
- Fixed bug when comparing sender and recipient addresses, like
"sender=$$recipient"
-- Jan Wagner <waja@cyconet.org> Thu, 29 Apr 2010 08:46:25 +0200
postfwd (1.17-1) unstable; urgency=low
* New upstream release
- Net::DNS internal errors will now be handled gracefully
- default for options --dns_max_ns_a_lookups and --dns_max_mx_a_lookups of
100
- Fixed variable substitution when the '=' operator is used
-- Jan Wagner <waja@cyconet.org> Mon, 22 Mar 2010 09:02:31 +0100
postfwd (1.16-2) unstable; urgency=low
* Bump Standards-Version to 3.8.4, no changes needed
* Migrate Vcs-Fields over to scm.uncompleted.org
* Add 1.0 to debian/source/format
-- Jan Wagner <waja@cyconet.org> Wed, 10 Mar 2010 12:35:57 +0100
postfwd (1.16-1) unstable; urgency=low
* NEW upstream release
- documentation fixed
- configuration parser improvements
- option --reload (HUP signal) now reloads config, if the file is unchanged
- redirect syslog to stdout for --kill, --reload and --showconfig
- new rcpt() command counts recipients for rate limits
- helo_address, and sender_(ns|mx)_addrs can now be csv items
- items may now be retrieved from files using "item=file:/some/where"
* Add "Copyright" to all copyrights in debian/copyright
* Bump standards version to 3.8.3 (no changes needed)
* Fix speeling errors in debian/README.Debian
-- Jan Wagner <waja@cyconet.org> Thu, 14 Jan 2010 19:32:26 +0100
postfwd (1.14-1) unstable; urgency=low
* new upstream release
- new compare operators
- added --nodaemon option
- perform non dns items first
- enabled dns cache for sender(ns|mx) and helo address
- new options --dns_max_ns_lookups and --dns_max_mx_lookups
- new items sender_ns_names and sender_ns_addrs
- new items sender_mx_names and sender_mx_addrs
- new item helo_address, please see docs for more
- added --proto switch, to enable the use of unix domain sockets
- added command-line options --kill and --reload
- dnsbl txt lookups only for dnsbls with at least one a record
- small performance improvement
- ask() action allows to use another policy service
- new options --noidlestats and --norulelog
* install postfwd.cf.sample, was renamed upstream
* leave hints about documentation and config verification in README.Debian
* Bump standards version to 3.8.2 (no changes needed)
-- Jan Wagner <waja@cyconet.org> Mon, 06 Jul 2009 21:15:35 +0200
postfwd (1.10pre8b-1) unstable; urgency=low
* new upstream release
- Net::CIDR::Lite is not required any longer
- Net::DNS::Async is no longer used
- changed Net::Server behaviour to ignore syslog errors
- --shortlog is now default behaviour (use -v to see more)
- days=Wed now means exactly Wednesday
- disabled fallback to synchronous dns on timed out rbls
- new item "rhsbl_helo" allows to check helo against rhsbls
- the new variable $$request_hits contains a list of all matching ruleids
- the new variable $$dnsbltext allows access to txt records of rbls
- new options --no-rulestats and --nodnslog
- ttls of the dns responses override --cache-rbl-timeout when bigger
* drop dependency of libnet-cidr-lite-perl and libnet-dns-async-perl
* add dependency of libnet-dns-perl
-- Jan Wagner <waja@cyconet.org> Thu, 19 Feb 2009 22:39:09 +0100
postfwd (1.10pre7c-3) unstable; urgency=low
* implement machine-interpretable copyright file
* fix init script (Closes: #503597).
- let daemon write pid file for his own
- point start-stop daemon to pidfile when stoping
- fix reload by fixing the way how to get the pid
* fix example-cfg2.txt to work with 1.10pre7 (Closes: #503596).
-- Jan Wagner <waja@cyconet.org> Fri, 31 Oct 2008 09:55:52 +0100
postfwd (1.10pre7c-2) unstable; urgency=low
* Uploading to unstable.
* Updating standards version to 3.8.0, no changes needed
-- Jan Wagner <waja@cyconet.org> Tue, 15 Jul 2008 22:43:08 +0200
postfwd (1.10pre7c-1) experimental; urgency=low
* Initial release (Closes: #470356).
-- Jan Wagner <waja@cyconet.org> Sat, 31 May 2008 22:07:08 +0200

36
debian/control vendored
View file

@ -1,36 +0,0 @@
Source: postfwd
Section: mail
Priority: optional
Maintainer: Jan Wagner <waja@cyconet.org>
Build-Depends: debhelper-compat (= 13), html2text
Homepage: https://www.postfwd.org/
Vcs-Browser: https://gitlab.uncompleted.org/debian/postfwd
Vcs-Git: https://gitlab.uncompleted.org/debian/postfwd.git
Standards-Version: 4.6.2
Rules-Requires-Root: no
Package: postfwd
Architecture: all
Depends: adduser,
libnet-dns-perl,
libnet-server-perl,
${misc:Depends},
${perl:Depends}
Conflicts: postfwd2
Description: Postfix policyd to combine complex restrictions in a ruleset
Postfwd is written in perl to combine complex postfix restrictions in a
ruleset similar to those of the most firewalls. The program uses the postfix
policy delegation protocol to control access to the mail system before a
message has been accepted. It allows you to choose an action (e.g. reject,
dunno) for a combination of several smtp parameters (like sender and recipient
address, size or the client's TLS fingerprint).
Package: hapolicy
Architecture: all
Depends: ${misc:Depends}, ${perl:Depends}
Description: Balancing and fallback postfix policy delegation service
Hapolicy enables high availability, weighted loadbalancing and a fallback
action for postfix policy delegation services. Invoked via postfix spawn
it acts as a wrapper that queries other policy servers via tcp connection.
The order of the service queries can be influenced by assigning a specific
priority and weight to each service.

82
debian/copyright vendored
View file

@ -1,82 +0,0 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: postfwd
Upstream-Contact: Jan Peter Kessler <info@postfwd.org>
Source: http://www.postfwd.org
Files: *
Copyright: Copyright (c) 2007, Jan Peter Kessler, All rights reserved.
License: BSD-3
Files: debian/*
Copyright: Copyright (C) 2006, 2008 Jan Wagner <waja@cyconet.org>
License: GPL-2+
Files: debian/example-cfg2.txt
Copyright: Copyright (c) 2008, Henrik Krohns <hege@hege.li>
License: BSD-3
Files: debian/bin/github-release.sh
Copyright: Copyright (c) 2014 Terry Burton
License: Expat
License: Expat
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
.
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
License: BSD-3
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
.
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of the authors nor the names of his contributors may be
used to endorse or promote products derived from this software without
specific prior written permission.
.
THIS SOFTWARE IS PROVIDED BY ME ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
EVENT SHALL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
License: GPL-2+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
.
On Debian systems, the complete text of the GNU General Public License can be
found in /usr/share/common-licenses/GPL-2 file.

146
debian/example-cfg2.txt vendored
View file

@ -1,146 +0,0 @@
# downloaded from http://hege.li/howto/spam/etc/postfwd/postfwd.conf
# check for more recent versions!
###
### Example config for postfwd 1.10pre7+
###
## Check DNS whitelists, maybe we don't need more checks
id=OK_DNSWL; \
rbl=list.dnswl.org/^127/43200; \
action=DUNNO
## Check (non-fqdn/ip/dynamic) HELO and (missing) reverse DNS
id=SET_HELO; \
helo_name=!!\.; \
helo_name=[0-9.-]{7}; \
action=set(HIT_helo=1)
id=SET_NODNS; \
client_name=^unknown$; \
action=set(HIT_nodns=1)
id=REJECT_HELO_NODNS; \
HIT_helo==1; HIT_nodns==1; \
action=REJECT Blocked - contact postmaster@example.net for help - Suspicious HELO [$$helo_name] and missing reverse DNS [$$client_address]
## Check ZEN first for immediate blocking - less queries for other lists
## See usage policy: http://www.spamhaus.org/organization/dnsblusage.html
id=REJECT_RBL_ZEN; \
rbl=zen.spamhaus.org; \
action=REJECT Blocked - contact postmaster@example.net for help - zen.spamhaus.org RBL
## Check other DNSBLs in parallel
&&DNSBLS { \
rbl=bl.spamcop.net; \
rbl=dnsbl-1.uceprotect.net; \
rbl=dnsbl-2.uceprotect.net; \
rbl=dnsbl-3.uceprotect.net; \
rbl=psbl.surriel.com; \
rbl=combined.njabl.org; \
rbl=dnsbl.ahbl.org; \
rbl=dnsbl.sorbs.net; \
rbl=ix.dnsbl.manitu.net; \
rbl=dyna.spamrats.com; \
};
id=EVAL_DNSBLS; \
&&DNSBLS; rblcount=all; \
action=set(HIT_rbls=$$rblcount)
id=REJECT_RBL_MULTI; \
HIT_rbls>=2; \
action=REJECT Blocked - contact postmaster@example.net for help - Multiple DNSBLs
## Check RHSBLs if there wasn't enough DNSBLs hit
&&RHSBLS_REVERSE { \
rhsbl_reverse_client=dynamic.rhs.mailpolice.com; \
};
&&RHSBLS_SENDER { \
rhsbl_sender=multi.uribl.com; \
rhsbl_sender=multi.surbl.org; \
rhsbl_sender=bulk.rhs.mailpolice.com; \
rhsbl_sender=rhsbl.ahbl.org; \
rhsbl_sender=rhsbl.sorbs.net; \
rhsbl_sender=dsn.rfc-ignorant.org; \
};
id=EVAL_RHSBLS; \
&&RHSBLS_REVERSE; &&RHSBLS_SENDER; rhsblcount=all; \
action=set(HIT_rhsbls=$$rhsblcount)
id=REJECT_RHSBL_MULTI; \
HIT_rhsbls>=2; \
action=REJECT Blocked - contact postmaster@example.net for help - Multiple RHSBLs
## See if we get any combined hits from rules before
id=REJECT_RBL_RHSBL; \
HIT_rbls>=1; HIT_rhsbls>=1; \
action=REJECT Blocked - contact postmaster@example.net for help - RHSBL and DNSBL
id=REJECT_RBL_HELO; \
HIT_rbls>=1; HIT_helo==1; \
action=REJECT Blocked - contact postmaster@example.net for help - DNSBL and suspicious HELO [$$helo_name]
id=REJECT_RBL_NODNS; \
HIT_rbls>=1; HIT_nodns==1; \
action=REJECT Blocked - contact postmaster@example.net for help - DNSBL and missing reverse DNS [$$client_address]
id=REJECT_RHSBL_HELO; \
HIT_rhsbls>=1; HIT_helo==1; \
action=REJECT Blocked - contact postmaster@example.net for help - RHSBL and suspicious HELO [$$helo_name]
id=REJECT_RHSBL_NODNS; \
HIT_rhsbls>=1; HIT_nodns==1; \
action=REJECT Blocked - contact postmaster@example.net for help - RHSBL and missing reverse DNS [$$client_address]
## Finally greylist all lesser hits.
##
## A more DNSBL friendly way would be to greylist everything suspicious
## before DNS checks. Currently this requires you to setup some postfix
## tables before postfwd is called, since greylisting can be only done last
## in postfwd (action always exits processing).
id=GREY_HELO; HIT_helo==1; action=check_postgrey
id=GREY_NODNS; HIT_nodns==1; action=check_postgrey
id=GREY_RBL; HIT_rbls>=1; action=check_postgrey
id=GREY_RHSBL; HIT_rhsbls>=1; action=check_postgrey
##
## This example is free to use as per BSD license:
##
## Copyright (c) 2008, Henrik Krohns <hege@hege.li>
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without modification,
## are permitted provided that the following conditions are met:
##
## * Redistributions of source code must retain the above copyright
## notice, this list of conditions and the following disclaimer.
## * Redistributions in binary form must reproduce the above copyright
## notice, this list of conditions and the following disclaimer in
## the documentation and/or other materials provided with the
## distribution.
## * Neither the name of the authors nor the names of his contributors
## may be used to endorse or promote products derived from this
## software without specific prior written permission.
##
## THIS SOFTWARE IS PROVIDED BY ME ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
## INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
## FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY DIRECT,
## INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
## NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
## PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
## WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
## POSSIBILITY OF SUCH DAMAGE.
##

3
debian/hapolicy.docs vendored
View file

@ -1,3 +0,0 @@
doc/hapolicy.txt
tools/hapolicy/hapolicy.*
tools/hapolicy/hapolicy[0-9a-zA-Z.]*

1
debian/hapolicy.manpages vendored
View file

@ -1 +0,0 @@
man/man8/hapolicy.1

172
debian/patches/10_fix_wording_manpages.patch vendored
View file

@ -1,172 +0,0 @@
From: Jan Wagner <waja@cyconet.org>
Subject: Fixing cosmetical issues
diff --git a/man/man8/postfwd.8 b/man/man8/postfwd.8
index 3e4354b..49deff1 100644
--- a/man/man8/postfwd.8
+++ b/man/man8/postfwd.8
@@ -335,7 +335,7 @@ postfwd versions prior to 1.30 require trailing ';' and '\e'\-characters:
\& the specified action will be returned to postfix
\& scores are set global until redefined!
\&
-\& request_score \- this value allows to access a request\*(Aqs score. it
+\& request_score \- this value allows one to access a request\*(Aqs score. it
\& may be used as variable ($$request_score).
\&
\& rbl, rhsbl, \- query the specified RBLs/RHSBLs, possible values are:
@@ -466,7 +466,7 @@ The following items currently have to be unique:
\& id, minimum and maximum values, rblcount and rhsblcount
.Ve
.PP
-Any item can be negated by preceeding '!!' to it, e.g.:
+Any item can be negated by preceding '!!' to it, e.g.:
.PP
.Vb 1
\& id=HOST001 ; hostname == !!secure.trust.local ; action=REJECT only secure.trust.local please
@@ -484,7 +484,7 @@ To avoid confusion with regexps or simply for better visibility you can use '!!(
\& id=USER01 ; sasl_username = !!( (bob|alice) ) ; action=REJECT who is that?
.Ve
.PP
-Request attributes can be compared by preceeding '$$' characters, e.g.:
+Request attributes can be compared by preceding '$$' characters, e.g.:
.PP
.Vb 3
\& id=R\-003 ; client_name = !! $$helo_name ; action=WARN helo does not match DNS
@@ -637,7 +637,7 @@ with postfwd1 v1.15 and postfwd2 v0.18 and higher.
\&\fIGeneral\fR
.PP
Actions will be executed, when all rule items have matched a request (or at least one of any item list). You can refer to
-request attributes by preceeding $$ characters, like:
+request attributes by preceding $$ characters, like:
.PP
.Vb 3
\& id=R\-003; client_name = !!$$helo_name; action=WARN helo \*(Aq$$helo_name\*(Aq does not match DNS \*(Aq$$client_name\*(Aq
@@ -730,7 +730,7 @@ postfwd actions control the behaviour of the program. Currently you can specify
\& means that requests from bob@example.local and BoB@example.local will be treated differently
\&
\& ask (<addr>:<port>[:<ignore>])
-\& allows to delegate the policy decision to another policy service (e.g. postgrey). the first
+\& allows one to delegate the policy decision to another policy service (e.g. postgrey). the first
\& and the second argument (address and port) are mandatory. a third optional argument may be
\& specified to tell postfwd to ignore certain answers and go on parsing the ruleset:
\& # example1: query postgrey and return it\*(Aqs answer to postfix
@@ -832,7 +832,7 @@ carefully, because errors may cause postfwd to break! It is also
allowed to override attributes or built-in functions, but be sure that you know
what you do because some of them are used internally.
.PP
-Please keep security in mind, when you access sensible ressources and never, ever
+Please keep security in mind, when you access sensible resources and never, ever
run postfwd as privileged user! Also never trust your input (especially hostnames,
and e\-mail addresses).
.PP
@@ -866,7 +866,7 @@ the policy delegation request and therefore may be used in postfwd's ruleset.
\&
\& # EXAMPLES \- integrated in postfwd. no need to activate them here.
\&
-\& # allows to check postfwd version in ruleset
+\& # allows one to check postfwd version in ruleset
\& "version" => sub {
\& my(%request) = @_;
\& my(%result) = (
@@ -1505,7 +1505,7 @@ equals to
\& id=R001; sender=bob@alice.local; client_address=192.168.1.1; action=dunno
.Ve
.PP
-Lists will be evaluated in the specified order. This allows to place faster expressions at first:
+Lists will be evaluated in the specified order. This allows one to place faster expressions at first:
.PP
.Vb 1
\& postfwd \-vv \-L \-r "id=RBL001; rbl=localrbl.local zen.spamhaus.org; action=REJECT" /some/where/request.sample
diff --git a/man/man8/postfwd2.8 b/man/man8/postfwd2.8
index 11319fd..fdb3a6f 100644
--- a/man/man8/postfwd2.8
+++ b/man/man8/postfwd2.8
@@ -193,7 +193,7 @@ postfwd2 \- postfix firewall daemon
\& \-n, \-\-nodns skip any dns based test
\& \-\-dns_timeout <i> dns query timeout in seconds
\& \-\-dns_timeout_max <i> disable dnsbl after <i> timeouts
-\& \-\-dns_timeout_interval <i> reenable dnsbl after <i> seconds
+\& \-\-dns_timeout_interval <i> re-enable dnsbl after <i> seconds
\& \-\-cache\-rbl\-timeout <i> default dns ttl if not specified in ruleset
\& \-\-cache\-rbl\-default <s> default dns pattern if not specified in ruleset
\& \-\-cleanup\-rbls <i> cleanup old dns cache items every <i> seconds
@@ -364,7 +364,7 @@ postfwd versions prior to 1.30 require trailing ';' and '\e'\-characters:
\& the specified action will be returned to postfix
\& scores are set global until redefined!
\&
-\& request_score \- this value allows to access a request\*(Aqs score. it
+\& request_score \- this value allows one to access a request\*(Aqs score. it
\& may be used as variable ($$request_score).
\&
\& rbl, rhsbl, \- query the specified RBLs/RHSBLs, possible values are:
@@ -495,7 +495,7 @@ The following items must be unique:
\& id, minimum and maximum values, rblcount and rhsblcount
.Ve
.PP
-Any item can be negated by preceeding '!!' to it, e.g.:
+Any item can be negated by preceding '!!' to it, e.g.:
.PP
.Vb 1
\& id=HOST001 ; hostname == !!secure.trust.local ; action=REJECT only secure.trust.local please
@@ -513,7 +513,7 @@ To avoid confusion with regexps or simply for better visibility you can use '!!(
\& id=USER01 ; sasl_username =~ !!( /^(bob|alice)$/ ) ; action=REJECT who is that?
.Ve
.PP
-Request attributes can be compared by preceeding '$$' characters, e.g.:
+Request attributes can be compared by preceding '$$' characters, e.g.:
.PP
.Vb 3
\& id=R\-003 ; client_name = !! $$helo_name ; action=WARN helo does not match DNS
@@ -666,7 +666,7 @@ with postfwd1 v1.15 and postfwd2 v0.18 and higher.
\&\fIGeneral\fR
.PP
Actions will be executed, when all rule items have matched a request (or at least one of any item list). You can refer to
-request attributes by preceeding $$ characters, like:
+request attributes by preceding $$ characters, like:
.PP
.Vb 3
\& id=R\-003; client_name = !!$$helo_name; action=WARN helo \*(Aq$$helo_name\*(Aq does not match DNS \*(Aq$$client_name\*(Aq
@@ -750,7 +750,7 @@ postfwd2 actions control the behaviour of the program. Currently you can specify
\& means that requests from bob@example.local and BoB@example.local will be treated differently
\&
\& ask (<addr>:<port>[:<ignore>])
-\& allows to delegate the policy decision to another policy service (e.g. postgrey). the first
+\& allows one to delegate the policy decision to another policy service (e.g. postgrey). the first
\& and the second argument (address and port) are mandatory. a third optional argument may be
\& specified to tell postfwd2 to ignore certain answers and go on parsing the ruleset:
\& # example1: query postgrey and return it\*(Aqs answer to postfix
@@ -852,7 +852,7 @@ carefully, because errors may cause postfwd to break! It is also
allowed to override attributes or built-in functions, but be sure that you know
what you do because some of them are used internally.
.PP
-Please keep security in mind, when you access sensible ressources and never, ever
+Please keep security in mind, when you access sensible resources and never, ever
run postfwd as privileged user! Also never trust your input (especially hostnames,
and e\-mail addresses).
.PP
@@ -886,7 +886,7 @@ the policy delegation request and therefore may be used in postfwd's ruleset.
\&
\& # EXAMPLES \- integrated in postfwd. no need to activate them here.
\&
-\& # allows to check postfwd version in ruleset
+\& # allows one to check postfwd version in ruleset
\& "version" => sub {
\& my(%request) = @_;
\& my(%result) = (
@@ -1524,7 +1524,7 @@ equals to
\& id=R001; sender=bob@alice.local; client_address=192.168.1.1; action=dunno
.Ve
.PP
-Lists will be evaluated in the specified order. This allows to place faster expressions at first:
+Lists will be evaluated in the specified order. This allows one to place faster expressions at first:
.PP
.Vb 1
\& postfwd2 \-\-nodaemon \-vv \-L \-r "id=RBL001; rbl=localrbl.local zen.spamhaus.org; action=REJECT" /some/where/request.sample
@@ -1601,7 +1601,7 @@ To debug special steps of the parser the '\-\-debug' switch takes a list of debu
.PP
The common way to use postfwd2 is to start it as daemon, listening at a specified tcp port.
postfwd2 will spawn multiple child processes which communicate with a parent cache. This is
-the prefered way to use postfwd2 in high volume environments. Start postfwd2 with the following parameters:
+the preferred way to use postfwd2 in high volume environments. Start postfwd2 with the following parameters:
.PP
.Vb 1
\& postfwd2 \-d \-f /etc/postfwd.cf \-i 127.0.0.1 \-p 10045 \-u nobody \-g nobody \-S

15
debian/patches/20_fix_postfwd1_default_umask.patch vendored
View file

@ -1,15 +0,0 @@
From: Jan Wagner <waja@cyconet.org>
Subject: Fixing default umask of postfwd
diff --git a/sbin/postfwd b/sbin/postfwd
index e17a729..62f90bb 100755
--- a/sbin/postfwd
+++ b/sbin/postfwd
@@ -49,7 +49,7 @@ our($def_net_chroot) = "";
our($def_net_interface) = "127.0.0.1";
our($def_net_port) = "10040";
our($def_net_proto) = "tcp";
-our($def_net_umask) = "0111";
+our($def_net_umask) = "0177";
our($def_net_user) = "nobody";
our($def_net_group) = "nobody";
our($def_dns_queuesize) = "300";

2
debian/patches/series vendored
View file

@ -1,2 +0,0 @@
10_fix_wording_manpages.patch
20_fix_postfwd1_default_umask.patch

68
debian/postfwd.README.Debian vendored
View file

@ -1,68 +0,0 @@
postfwd for Debian
------------------
1. PROVIDE A CONFIGFILE
-----------------------
Please provide a config file, usually /etc/postfix/postfwd.cf. Examples are
located in /usr/share/doc/postfwd/examples/.
Another can be found at http://hege.li/howto/spam/etc/postfwd/postfwd.conf
and is provided as example-cfg2.txt.
A quickstart guide is available at http://www.postfwd.org/quick.html and the
online documentation at http://www.postfwd.org/doc.html, the offline version
can be viewed with 'postfwd -m'.
2. VERIFY CONFIG
----------------
How interpret the parser your rules, you can check with:
# postfwd -f /etc/postfix/postfwd.cf -C -v
Check your rules against sample request:
# cat request.sample | postfwd -f /etc/postfix/postfwd.cf -L
# cat request.sample
------ snip -------
ccert_fingerprint=
size=64063
helo_name=english-breakfast.cloud9.net
reverse_client_name=english-breakfast.cloud9.net
queue_id=
encryption_cipher=
encryption_protocol=
etrn_domain=
ccert_subject=
request=smtpd_access_policy
protocol_state=RCPT
recipient=someone@domain.local
instance=6748.46adf3f8.62156.0
protocol_name=ESMTP
encryption_keysize=0
recipient_count=0
ccert_issuer=
sender=owner-postfix-users@postfix.org
client_name=english-breakfast.cloud9.net
client_address=168.100.1.7
------ snip -------
Samples can be taken into the logfile when starting the daemon with "-vv"
3. AUTOMATIC STARTUP
--------------------
In order to avoid the startup of the daemon on an unconfigured machine,
automatic startup, on boot, is disabled by default. To enable it just run
'systemctl enable postfwd.service', when still using SysVinit edit the
file /etc/default/postfwd and set the "startup" variable to 1.
4. CHOOSING WHICH POSTFWD VERSION TO USE
----------------------------------------
Since some time, there is also a prefork version available, called postfwd2.
You can use update-alternatives to choose between 'postfwd1' and 'postfwd2'.
-- Jan Wagner <waja@cyconet.org> Mon, 10 Mar 2008 22:37:44 +0100

15
debian/postfwd.default vendored
View file

@ -1,15 +0,0 @@
# Global options for postfwd(8).
# Set to '1' to enable startup (daemon mode), doesn't affect systemd
STARTUP=0
# Config file
CONF=/etc/postfix/postfwd.cf
# IP where listen to
INET=127.0.0.1
# Port where listen to
PORT=10040
# run as user postfw
RUNAS="postfw"
# Arguments passed on start (--daemon implied)
ARGS="--summary=600 --cache=600 --cache-rdomain-only --cache-no-size"

5
debian/postfwd.docs vendored
View file

@ -1,5 +0,0 @@
debian/tmp/*.txt
doc/*.txt
doc/postfwd-ARCH.png
doc/postfwd2.CHANGELOG
tools/*.pl

4
debian/postfwd.examples vendored
View file

@ -1,4 +0,0 @@
debian/example-cfg*
etc/postfwd.cf.sample
plugins/*.sample
tools/*.sample

103
debian/postfwd.init vendored
View file

@ -1,103 +0,0 @@
#! /bin/sh
# Written by Miquel van Smoorenburg <miquels@cistron.nl>.
# Modified for Debian
# by Ian Murdock <imurdock@gnu.ai.mit.edu>.
#
# Version: @(#)skeleton 1.9 26-Feb-2001 miquels@cistron.nl
# /etc/init.d/postfwd: v1 2008/03/12 Jan Wagner <waja@cyconet.org>
### BEGIN INIT INFO
# Provides: postfwd
# Required-Start: $local_fs $network $remote_fs $syslog
# Required-Stop: $local_fs $network $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start and stop the postfw daemon
# Description: a Perl policy daemon for the Postfix MTA
### END INIT INFO
PATH=/sbin:/bin:/usr/sbin:/usr/bin
NAME=postfwd
DAEMON=/usr/sbin/${NAME}
PIDFILE=/var/run/$NAME.pid
DESC=postfwd
. /lib/lsb/init-functions
test -x $DAEMON || exit 0
not_configured () {
echo "#### WARNING ####"
echo "${NAME} won't be started/stopped unless it is configured."
echo "If you want to start ${NAME} as daemon, see /etc/default/${NAME}."
echo "#################"
exit 0
}
no_configfile () {
echo "#### WARNING ####"
echo "${NAME} won't be started/stopped unless a rules file is provided at $CONF."
echo "#################"
exit 0
}
# check if postfwd is configured or not
if [ -f "/etc/default/$NAME" ]
then
. /etc/default/$NAME
if [ "$STARTUP" != "1" ]
then
not_configured
fi
else
not_configured
fi
# check if rules file is there
if [ ! -f $CONF ]
then
no_configfile
fi
# Check whether we have to drop privileges.
if [ -n "$RUNAS" ]
then
if ! getent passwd "$RUNAS" >/dev/null; then
RUNAS=""
fi
fi
set -e
case "$1" in
start)
echo -n "Starting $DESC: "
start-stop-daemon --start --quiet \
--name ${NAME} \
--exec $DAEMON -- ${ARGS} --daemon --file=${CONF} --interface=${INET} --port=${PORT} --user=${RUNAS} --group=${RUNAS} --pidfile=$PIDFILE
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE && rm -rf $PIDFILE
echo "$NAME."
;;
reload)
echo "Reloading $DESC configuration files."
kill -HUP $(cat $PIDFILE)
;;
restart|force-reload)
echo -n "Restarting $DESC (incl. cache): "
$0 stop > /dev/null
sleep 1
$0 start > /dev/null
echo "$NAME."
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
exit 1
;;
esac
exit 0

2
debian/postfwd.manpages vendored
View file

@ -1,2 +0,0 @@
debian/tmp/postfwd1.8
man/man8/postfwd2.8

63
debian/postfwd.postinst vendored
View file

@ -1,63 +0,0 @@
#!/bin/sh
# based on arpwatch.postinst: v11 2004/09/15 KELEMEN Peter <fuji@debian.org>
# postinst: v1 2006/01/12 Jan Wagner <waja@cyconet.org>
set -e
NUSER="postfw"
NGROUP="postfw"
NHOME="/var/lib/$NUSER"
NGECOS="postfwd user"
case "$1" in
configure)
# Take care of group.
if NGROUP_ENTRY=`getent group $NGROUP`; then
# group exists
:
else
# group does not exist yet
addgroup --quiet --system $NGROUP
fi
# Take care of user.
if NUSER_ENTRY=`getent passwd $NUSER`; then
# user exists
adduser --quiet $NUSER $NGROUP
#
else
# user does not exist yet
adduser --quiet --system \
--ingroup $NGROUP \
--gecos "$NGECOS" \
--home $NHOME \
--no-create-home \
--shell /bin/sh \
--disabled-login \
--disabled-password \
--shell /bin/false \
$NUSER
fi
# Set up home directory.
if [ -d $NHOME ]; then
chown -R ${NUSER}:${NGROUP} $NHOME
chmod -R o-rwX $NHOME
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
update-alternatives --install /usr/sbin/postfwd postfwd /usr/sbin/postfwd1 100 \
--slave /usr/share/man/man1/postfwd.1.gz postfwd.1.gz \
/usr/share/man/man1/postfwd1.1.gz
update-alternatives --install /usr/sbin/postfwd postfwd /usr/sbin/postfwd2 120 \
--slave /usr/share/man/man1/postfwd.2.gz postfwd.2.gz \
/usr/share/man/man1/postfwd2.1.gz
#DEBHELPER#

56
debian/postfwd.postrm vendored
View file

@ -1,56 +0,0 @@
#!/bin/sh
# based on arpwatch.postrm: v2 2004/09/15 KELEMEN Peter <fuji@debian.org>
# postrm: v1 2006/10/12 Jan Wagner <waja@cyconet.org>
NUSER="postfw"
NGROUP="postfw"
set -e
case "$1" in
purge)
# find first and last SYSTEM_UID numbers
for LINE in `grep SYSTEM_UID /etc/adduser.conf | grep -v "^#"`; do
case $LINE in
FIRST_SYSTEM_UID*)
FIST_SYSTEM_UID=`echo $LINE | cut -f2 -d '='`
;;
LAST_SYSTEM_UID*)
LAST_SYSTEM_UID=`echo $LINE | cut -f2 -d '='`
;;
*)
;;
esac
done
# remove system account if necessary
if [ -n "$FIST_SYSTEM_UID" ] && [ -n "$LAST_SYSTEM_UID" ]; then
if USERID=`getent passwd $NUSER | cut -f 3 -d ':'`; then
if [ -n "$USERID" ]; then
if [ "$FIST_SYSTEM_UID" -le "$USERID" ] && \
[ "$USERID" -le "$LAST_SYSTEM_UID" ]; then
if which deluser > /dev/null; then
deluser --quiet $NUSER || true
# And then remove the group
GROUPID=`getent group $NGROUP | cut -f 3 -d ':'`
if [ -n "$GROUPID" ]; then
if which delgroup > /dev/null; then
delgroup --quiet $NGROUP || true
fi
fi
fi
fi
fi
fi
fi
;;
remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
;;
*)
echo "postrm called with unknown argument \`$1'" >&2
exit 1
;;
esac
#DEBHELPER#

10
debian/postfwd.prerm vendored
View file

@ -1,10 +0,0 @@
#!/bin/sh
set -e
if [ "$1" = remove ] || [ "$1" = deconfigure ]; then
update-alternatives --remove postfwd /usr/sbin/postfwd1
update-alternatives --remove postfwd /usr/sbin/postfwd2
fi
#DEBHELPER#

15
debian/postfwd.service vendored
View file

@ -1,15 +0,0 @@
[Unit]
Description=Postfix firewall daemon
After=network.target
Before=postfix.service
[Service]
Environment=PIDFILE=/var/run/postfwd.pid
EnvironmentFile=-/etc/default/postfwd
ExecStart=/usr/sbin/postfwd $ARGS --daemon --file $CONF --interface $INET --port $PORT --user $RUNAS --group $RUNAS --pidfile $PIDFILE
ExecStop=/usr/sbin/postfwd --file $CONF --pidfile $PIDFILE --kill
ExecReload=/usr/sbin/postfwd --file $CONF --pidfile $PIDFILE --reload
Type=forking
[Install]
WantedBy=multi-user.target

57
debian/rules vendored
View file

@ -1,57 +0,0 @@
#!/usr/bin/make -f
# written by Jan Wagner <waja@cyconet.org>
#
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
build: build-arch build-indep
build-arch:
build-indep:
clean:
# removing generated manpage (not initial shipped)
rm -rf man/man8/hapolicy.1
dh_testdir
dh_testroot
dh_clean
install: build
dh_testdir
dh_testroot
dh_prep
# install binaries
install -D -m 644 sbin/postfwd debian/postfwd/usr/sbin/postfwd1
install -D -m 644 sbin/postfwd2 debian/postfwd/usr/sbin/postfwd2
install -D -m 644 tools/hapolicy/hapolicy debian/hapolicy/usr/sbin/hapolicy
# install man page
mkdir -p debian/tmp/
cp man/man8/postfwd.8 debian/tmp/postfwd1.8
html2text doc/quick.html > debian/tmp/quick.txt
html2text doc/versions.html > debian/tmp/versions.txt
pod2man debian/hapolicy/usr/sbin/hapolicy man/man8/hapolicy.1
# Build architecture-independent files here.
binary-indep: build install
dh_testdir
dh_testroot
dh_installchangelogs doc/postfwd.CHANGELOG
dh_installdocs -ppostfwd -Xhapolicy
dh_installdocs -phapolicy tools/hapolicy/hapolicy[0-9a-zA-Z.]*
dh_installexamples
dh_installinit -- defaults 19 21
dh_installsystemd --no-enable
dh_installman
dh_compress
dh_fixperms
dh_perl
dh_installdeb
dh_gencontrol
dh_md5sums
dh_builddeb
# Build architecture-dependent files here.
binary-arch: build install
binary: binary-indep binary-arch
.PHONY: build clean binary-indep binary-arch binary install

1
debian/source/format vendored
View file

@ -1 +0,0 @@
3.0 (quilt)

1
debian/source/options vendored
View file

@ -1 +0,0 @@
extend-diff-ignore = '(^|/)(\.travis\.yml|\.git|\.github|\.gitgnore|config\.sub|config\.guess)'

2
debian/watch vendored
View file

@ -1,2 +0,0 @@
version=4
https://postfwd.org postfwd-(.*)\.tar\.gz