diff options
| author | Ulises Vitulli <dererk@debian.org> | 2015-01-05 14:59:58 +0100 |
|---|---|---|
| committer | Ulises Vitulli <dererk@debian.org> | 2015-01-05 14:59:58 +0100 |
| commit | 59cafe99bf294f96eec1b148752da8b6fc9781f6 (patch) | |
| tree | c8c21efd1e4757042b7cb5321b59a730b2e11c9a | |
Import mailavenger_0.8.4-4.debian.tar.xz
[dgit import tarball mailavenger 0.8.4-4 mailavenger_0.8.4-4.debian.tar.xz]
| -rw-r--r-- | README.Debian | 246 | ||||
| -rw-r--r-- | changelog | 94 | ||||
| -rw-r--r-- | compat | 1 | ||||
| -rw-r--r-- | control | 47 | ||||
| -rw-r--r-- | copyright | 88 | ||||
| -rw-r--r-- | default | 20 | ||||
| -rw-r--r-- | init.d | 107 | ||||
| -rw-r--r-- | lintian-overrides | 7 | ||||
| -rw-r--r-- | patches/fix_sasl_libs.patch | 37 | ||||
| -rw-r--r-- | patches/handle_errout.patch | 41 | ||||
| -rw-r--r-- | patches/series | 2 | ||||
| -rw-r--r-- | preinst | 17 | ||||
| -rwxr-xr-x | rules | 106 | ||||
| -rw-r--r-- | source/format | 1 | ||||
| -rw-r--r-- | watch | 2 |
15 files changed, 816 insertions, 0 deletions
diff --git a/README.Debian b/README.Debian new file mode 100644 index 0000000..29c081b --- /dev/null +++ b/README.Debian @@ -0,0 +1,246 @@ +mailavenger for Debian +====================== + +Reference: + A. Quick-n-painless three-steps cook list + B. Additional Basic Tips + C. Greylisting on MailAvenger + D. Expirable Email Addresses + E. Extra Information about MailAvenger + + +A. Quick-n-painless three-steps cook list + -------------------------------------- + +1. /etc/avenger/asmtpd.conf: + + Replace 'BindAddr' and 'Hostname' with the proper values. + + Take into account that you have to put your public IP here, or in case you are + relaying email from a WAN/MAN/CAN etc, the IP of the interface in which + you see them. + + The MailAvenger SMTP (asmtpd) will attach to interface and bind for listing to + TCP SYN fingerprints and network/routing information. + + For example: + + # head -n 5 /etc/avenger/asmtpd.conf + # Sample asmtpd.conf file, suitable for sendmail + + BindAddr 10.4.21.225 + Hostname smtp.man.debian.org + + +2. /etc/avenger/domains + + Think of any other domain(s) that doesn't match your MailAvenger hostname, + which you have already set in Part 1 above. + + In order to let MailAvenger SMTP know you authorize certain domains to be + accepted for relaying, you have to add them in a one-per-line fashion, + followed by a ':' (without the quotes) as the end of each line. + + For example: + + # head -n 5 /etc/avenger/domains + danzi.node.man.debian.org: + donizetti.node.man.debian.org: + eysler.node.man.debian.org: + finzi.node.man.debian.org: + fischer.node.man.debian.org: + + +3. /etc/default/mailavenger + + Switch the MailAvenger daemon on by taking out 'no' at RUN_DAEMON. + + ----------------------------------------------------------------------- + Do not delete or comment it out, otherwise MailAvenger will not start + ----------------------------------------------------------------------- + + ALL SET!!! + Now your will have to take a look at your Mail log to watch them fall down + + :-) + + +B. Additional Basic Tips + --------------------- + + + By default, MailAvenger is configured to log SMTP transactions in a debug mode + This is because in the very first tries you'll be able to quickly find, + in case of existing, any network misconfiguration or a missing authentic + sender domain that you forgot to append at the 'domains' file at (A) Part 2. + + In addition to that, if you happen to receive (many) frequent emails from a + friendly and known sender, you may not want him to wait or spend some extra + time for a STMP transaction, so you can white-list him into your MailAvenger + setup. + + On the other hand, you also may want to white-list some servers that have poor + Mail configuration, and, sure, let them know that they are not complaining + with STMP standards in a nice and distinguish mail, but remember, not all the + network/system administrators do care as much as you do for standardizing, + and, of course, try not to verbosely laugh that much at them ;-) + + You can achive this by fixing their IPs/Domains into the asmtpd.conf file. + + For example: + + # egrep '(TrustedNet|TrustedDomain)' /etc/avenger/asmtpd.conf + TrustedNet 10.4.13.225 + TrustedNet 10.4.14.33 + TrustedNet 10.4.14.225 + TrustedDomain 1.dhcptrustedpool.man.debian.org + TrustedDomain 2.dhcptrustedpool.man.debian.org + + +C. Greylisting on MailAvenger + -------------------------- + + One of the awesome features of MailAvenger is that, even thought it handles + mail filtering at SMTP'ing time, it keeps being flexible enought to create + YOUR OWN decision paths about what/who to send into a temporarily reject + list, also known as "Greylisting" technique. + + The concept behind Greylisting is pretty basic[0]: + Temporarily reject any email from a sender that is't recognized by the you. + + Case A: + If the mail is legitimate the originating server will, after a certain delay, + try again and, if sufficient time has elapsed, the email will be accepted. + + Case B: + If the mail is from a spam sender, sending to many thousands of email + addresses, it will probably not be retried. + + + Example + ======= + + This is simple but powerful example I took from Thomer M. Gil site[1] with a + minor modification, that you'll find into /usr/share/doc/mailavenger/examples + + # cat /etc/avenger/default + errcheck + case "$SPF0" in + error) + defer "Temporary error in SPF record processing" + ;; + pass) + accept "SPF sender PASS" + ;; + esac + + greylist_delay=5m + greylist_ttl1=5h + greylist_ttl2=4D + + greylist "${CLIENT_IP%.*} $RECIPIENT $SENDER" + + accept + + Explaination ( See also the avenger(1) manual page ). + + This 'default' file discards email that MailAvenger has flagged as coming + from a non-existent sender (errcheck). + Then it immediately accepts email that comes from a SPF-verified sender + (accept "SPF sender PASS"). + Otherwise it greylists the sender's IP address (in fact, the /24) by telling + it to send the email again in 5 minutes (greylist "${CLIENT_IP%.*} $RE....) + Then (when the email comes a few minutes later), gets accepted and handed + to the MTA (which is responsible for delivering it to the user). + + + This is a MailAvenger output at /var/log/mail.log on a MTA waiting for them: + + +0. http://en.wikipedia.org/wiki/Greylisting +1. http://thomer.com/howtos/fight_spam.html + + +D. Expirable Email Addresses + ------------------------- + + Using the Mail Avenger macutil command. + + Create a file called $HOME/.avenger/.macutil containing a single line of text + that will be your password for macutil. It doesn't matter what you put in + there, as long as it is hard for spammers to guess. + + If your primary email address is user@your.host.com, then add the following: + + For csh users and derived shells + At ~/.login: + + setenv MACUTIL_SENDER 'user+return+*@your.host.com' + setenv MACUTIL_SENDMAIL '/usr/sbin/sendmail' + + + For Bourne-Again Shell (Bash) or derived shells + At ~/.profile: + + MACUTIL_SENDER='user+return+*@your.host.com' + MACUTIL_SENDMAIL=/usr/sbin/sendmail + export MACUTIL_SENDER + export MACUTIL_SENDMAIL + + + Then place the following in $HOME/.avenger/rcpt+return+default: + + macutil -c "$SUFFIX" 2> /dev/null \ + || reject "<$RECIPIENT>... unknown or expired address" + + + - Integrating with /usr/bin/Mail + + Put the following line in $HOME/.mailrc: + + set sendmail="/usr/bin/sendmac" + + + - Integrating with emacs / Gnus + + Place the following in your .emacs or .gnus file: + + (setq message-sendmail-f-is-evil t) + (setq sendmail-program "/PATH/TO/YOUR/HOME/bin/sendmac" + + (setq macutil-expire "2M") + (defun av-from () + (with-temp-buffer + (call-process "macutil" nil t nil + (concat "--expire=+" macutil-expire) + "--sender" "user+return+*@your.host.com" + "--from" "Your Full Name" + "--fromexp" "address expires") + (goto-char (point-max)) + (delete-char -1) + (search-backward " <") + (insert "\n ") + (buffer-string))) + + (setq message-generate-headers-first t) + (setq gnus-posting-styles + '((".*" + ("From" '(av-from))) + )) + + + +E. Extra Information about MailAvenger + ----------------------------------- + +Q: Why do you keep calling it 'MailAvenger' instead of 'Avenger' or 'asmtpd'? + Are you insane in the membrain? + +A: The MailAvenger software is also known as plain 'Avenger', and there might + eventually exist some files or directories that are named after each other. + For practical reasons, I tried to stick with the cannonical name so no more + confusion is added into the equation and created a 'avenger' virtual package + that points to the mailavenger software you are looking at :-) + + + -- Ulises Vitulli <dererk@debian.org> Mon, 05 Jan 2015 20:43:02 -0300 diff --git a/changelog b/changelog new file mode 100644 index 0000000..2515ca8 --- /dev/null +++ b/changelog @@ -0,0 +1,94 @@ +mailavenger (0.8.4-4) unstable; urgency=medium + + * The 'waaaat' upload. + * Added libsasl2-dev build-dep. + * Fix broken SASL support through hardcode patch. + * Include Expirable Email Addresses mailavenger support (Closes: #705647). + * Updated README.Debian documentation to reflect recent changes. + * Bump up Standard-version to 3.9.6 (no changes needed). + + -- Ulises Vitulli <dererk@debian.org> Mon, 05 Jan 2015 10:59:58 -0300 + +mailavenger (0.8.4-3) unstable; urgency=medium + + * Run dh-autoreconf to update config. Thanks Doko@ (Closes: #744628). + * Bump up Standard-version to 3.9.5 (no changes needed). + + -- Ulises Vitulli <dererk@debian.org> Fri, 02 May 2014 10:49:45 -0300 + +mailavenger (0.8.4-2) unstable; urgency=low + + * Improve gcc hardening features: + - debian/rules: Switch from hardening-includes in favor of dpkg-buildflags. + - debian/control: Drop build-dep on hardening-includes. + - debian/patches/handle_errout.patch: Local patch to get rid of + warn_unused_result Werror. + + -- Ulises Vitulli <dererk@debian.org> Fri, 16 Aug 2013 09:54:50 +0200 + +mailavenger (0.8.4-1) unstable; urgency=low + + * New upstream release: + - Fix FTBFS on gcc 4.8 (Closes: #701317). + - Added systemd mailavenger.service file. + - Use new resolver library interface, instead of reloading resolv.conf. + * Bump up Standard-version to 3.9.4 (no changes needed). + + -- Ulises Vitulli <dererk@debian.org> Wed, 14 Aug 2013 23:08:43 +0200 + +mailavenger (0.8.3rc1-1) unstable; urgency=low + + * Fix FTBFS on gcc-4.7 series (Closes: #667268). + * Fix piuparts QA checks on mailavenger: + - unowned directory after purge: /var/lib/mailavenger (Closes: #668749). + * Update Standard-version to 3.9.3 (no changes needed). + + -- Ulises Vitulli <dererk@debian.org> Sat, 14 Apr 2012 09:40:52 -0300 + +mailavenger (0.8.2-1) unstable; urgency=low + + * New upstream-coordinated snapshot/release: + - Fix bdb compatibility on 5.x (Closes: #621440, #634553, #647247) + - Fix some gcc-4.6 warnings (Closes: #625391). + * Improve building targets for simplifying portscripts. + * Clean-up on debian/rules for multiarch support. + * Dropped local patch for typofixing license documentation. + + -- Ulises Vitulli <dererk@debian.org> Tue, 13 Dec 2011 09:24:55 -0300 + +mailavenger (0.8.1-4) unstable; urgency=low + + * Renamed conflicting files to secondary path (Closes: #624234). + * Update Standard-version to 3.9.2.0 (no changes needed). + * Clean up old unused targets at debian/rules. + * Switched to my Debian account. + + -- Ulises Vitulli <dererk@debian.org> Thu, 16 Jun 2011 18:30:07 -0300 + +mailavenger (0.8.1-3) unstable; urgency=low + + * The 'Oh-righhht!' upload. + * debian/rules: Now switching hardening-includes to easily handle gcc's + advanced protections on unsupported archs (Closes: #580790). + + -- Ulises Vitulli <uvitulli@fi.uba.ar> Thu, 13 May 2010 20:30:39 -0300 + +mailavenger (0.8.1-2) unstable; urgency=low + + * debian/rules: do not install mac-specific files (Closes: #580397). + * debian/control: Improved objective package description. + * debian/copyright: Fix minor typo on Copyright (already fixed on upstream). + * debian/rules: Disable gcc's Stack Smashing protection for unsupported archs: + - alpha + - hppa + - ia64 + - mips + + -- Ulises Vitulli <uvitulli@fi.uba.ar> Wed, 05 May 2010 16:19:39 -0300 + +mailavenger (0.8.1-1) unstable; urgency=low + + * Initial release (Closes: #377714). + * Stick to dpkg-source 3.0 (quilt) format. + + -- Ulises Vitulli <uvitulli@fi.uba.ar> Thu, 08 Apr 2010 14:11:08 -0300 @@ -0,0 +1 @@ +6 @@ -0,0 +1,47 @@ +Source: mailavenger +Section: mail +Priority: extra +Maintainer: Ulises Vitulli <dererk@debian.org> +Build-Depends: debhelper (>= 6.0.7~), autotools-dev, libdb-dev, + libssl-dev, libpcap0.8-dev | libpcap-dev, dh-autoreconf, libsasl2-dev +Standards-Version: 3.9.6 +Homepage: http://www.mailavenger.org/ + +Package: mailavenger +Architecture: any +Pre-Depends: adduser (>= 3.40) +Depends: ${shlibs:Depends}, ${misc:Depends}, postfix | mail-transport-agent, + lsb-base +Description: Highly configurable, MTA-independent SMTP filter server + Mail Avenger is a highly configurable, MTA-independent Spam filtering solution + at SMTP'ing time. + . + The criteria Mail Avenger uses to handle filtering is based on a "how is it + being send?" fashion, instead of the classical "what are you sending?" model, + in which the body or mail itself is analysed looking for SPAM patterns, + keywords, bad words or applying Bayesian filters, like SpamAssassin, DSPAM or + SpamBayes does. + . + A distinguishing feature of Mail Avenger is that it allows you to reject spam + during SMTP time, before even spooling messages in your local mail queue. + This carries interesting features like identifying most clients OS (using + TCP SYN fingerprints), acquiring client's network information, embed + cryptographically secure expiration times in temporary mail addresses + to validate mail before receiving the message body, between others. + . + This is a partial list of features: + * Mail-bomb protection + * TCP filtering + * Network-level traffic analysis + * SMTP-level traffic analysis + * SMTP callbacks + * Per-user and per-user-extension mail scripts + * Per-user mail relay checks + * Virtual domain mapping + * Alias to user mapping + * RBL support + * SPF + * SPF language queries + * Asynchronous DNS queries + * "Bodytest" support + * SMTP STARTTLS support diff --git a/copyright b/copyright new file mode 100644 index 0000000..d96d927 --- /dev/null +++ b/copyright @@ -0,0 +1,88 @@ +This package was debianized by Ulises Vitulli <dererk@debian.org> on +Sat, 13 Oct 2009 09:27:20 -0300. + +It was downloaded from http://www.mailavenger.org/ + +Copyright and Upstream: + + © 2004-2010 David Mazieres (dm@uun.org) + +Software License: + + This license grants you the right to use, modify, and redistribute + Mail Avenger ("the software"). + + In this license, the term "GPL" designates one or more official, + numbered versions of the GNU General Public License as published by + the Free Software Foundation. It specifically excludes drafts or + working verions of licenses, or licenses with similar or identical + names that are published by entities other than the Free Software + Foundation. + + You may use, modify, and redistribute the software under any one of + the following conditions (at your option): + + 1. You may use, modify, and redistribute the software under the + terms of the GPL version 2 as distributed here: + + http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt + + 2. You may use, modify, and redistribute the software under the + terms of the GPL version 3, as found in the file COPYING and + distributed here: + + http://www.gnu.org/licenses/gpl-3.0.txt + + 3. You may use, modify, and redistribute the software under any + version of the GPL greater than 3. + + 4. You may use, modify, and redistribute the software under a + modified version of the GPL version 3 (or, at your option, a + modified version of any higher-numbered version of the GPL) that + places additional restrictions on advertising and labeling of the + software, provided that all of the following conditions are met: + + a. The software has incorporated (been combined with or linked + to) the OpenSSL library, and + + b. The license of the incoporated OpenSSL library prevents the + resulting work from being distributed under each of + conditions 1-3 of this license, and + + c. The restrictions on advertising and labeling are no more + restrictive than those under which OpenSSL 1.0.0 was + distributed in its original March 2010 release, and + + d. All recipients of the software retain the ability to + distribute the software under any subset they wish of + conditions 1-3 of this license provided they remove the + incoporated OpenSSL library. + +On Debian systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL-3'. + + +------------------------------------------------------------------------- + + MailAvenger includes a copy of the OpenBSD Passive OS fingerprinting DB + + (C) Copyright 2000-2003 by Michal Zalewski <lcamtuf@coredump.cx> + (C) Copyright 2003 by Mike Frantzen <frantzen@w4g.org> + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + +------------------------------------------------------------------------- + +The Debian packaging is © 2009-2010, Ulises Vitulli <dererk@debian.org> and +is licensed under the GPL, see above. @@ -0,0 +1,20 @@ +# Defaults for mailavenger initscript +# sourced by /etc/init.d/mailavenger +# installed at /etc/default/mailavenger by the maintainer scripts + +# +# This is a POSIX shell fragment +# +# Additional options that are passed to the Daemon + +# By enabling this, mailavenger SMTP daemon, asmtpd, will be instructed to run +# +# PLEASE, Take into account that for a good and efficient SMTP filtring performance +# you HAVE to edit some basic values in order to achieve missclasification +# +# Once you have done some basic configuration, you'll be able to run the daemon by +# clearing the "no" value from the RUN_DAEMON below here. +# + +RUN_DAEMON=no + @@ -0,0 +1,107 @@ +#! /bin/bash +# +# This initscript was created by Ulises Vitulli <dererk@debian.org> for mailavenger +# +# Start/stop the mailavenger daemon +### BEGIN INIT INFO +# Provides: mailavenger +# Required-Start: $syslog $remote_fs $time +# Required-Stop: $syslog $remote_fs $time +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: mailavenger SMTP filter server +# Description: This daemon handles the status of the MailAvenger stmpd +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/asmtpd +RUN_DAEMON=no +NAME=mailavenger +DESC=mailavenger +USER=avenger +DAEMON_OPTS= + +test -x $DAEMON || exit 0 + +. /lib/lsb/init-functions + + +daemon_status () { + # This returns 0 if the daemon is running, returns 1 otherwise. + start-stop-daemon --start --test --exec $DAEMON -- $DAEMON_OPTS >/dev/null 2>&1 +} + +case "$1" in + start) + log_begin_msg "Starting $NAME daemon..." + + # Check if user has acknowledged to have configured Mail Avenger. + + if [ -f /etc/default/mailavenger ] ; then + . /etc/default/mailavenger + fi + + if [ "$RUN_DAEMON" = "no" ]; then + log_failure_msg "DAEMON DISABLED, Launch aborted." + log_failure_msg "Please check /usr/share/doc/mailavenger/README.Debian for a quick start." + log_end_msg 0 + exit 0 + else + if ! daemon_status ; then + log_begin_msg "Already running." + log_end_msg 0 + exit 0 + fi + fi + + if [ ! -d "/var/run/$NAME" ]; then + mkdir -p /var/run/$NAME + chown $USER:nogroup /var/run/$NAME + fi + + start-stop-daemon --start --oknodo --pidfile /var/run/$NAME/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS + + if ! pidof $DAEMON > /var/run/$NAME/$NAME.pid; then + log_begin_msg "Oops, something went wront. CHECK SYSLOG!" + exit 1 + fi + log_end_msg $? + ;; + stop) + log_begin_msg "Stopping $NAME daemon..." + start-stop-daemon --stop --oknodo --pidfile /var/run/$NAME/$NAME.pid --exec $DAEMON + log_end_msg $? + rm /var/run/$NAME/$NAME.pid >/dev/null 2>&1 + ;; + + status) + if ! daemon_status; then + log_begin_msg "$NAME is RUNNING using process id `cat /var/run/$NAME/$NAME.pid`." + log_end_msg 0 + else + log_failure_msg "$NAME is STOPPED!" + fi + ;; + force-reload|reload) + if ! daemon_status; then + log_begin_msg "Reloading $NAME configuration..." + start-stop-daemon --stop --signal HUP --pidfile /var/run/$NAME/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS && \ + log_end_msg 0 && echo "done." || log_end_msg 3 + + else + log_failure_msg "$NAME is STOPPED!" + log_end_msg 3 + fi + ;; + restart) + $0 stop + $0 start + ;; + + *) + log_success_msg "Usage: /etc/init.d/$NAME {start|stop|status|force-reload|restart}" + exit 1 + ;; +esac + +exit 0 diff --git a/lintian-overrides b/lintian-overrides new file mode 100644 index 0000000..6376355 --- /dev/null +++ b/lintian-overrides @@ -0,0 +1,7 @@ +# License Include Excemption case for OpenSSL conflicting points +# with GPL and OpenSSL license. +mailavenger: possible-gpl-code-linked-with-openssl +# Currently pcre is used for trivial tasks and embebbed +# with custom changes, it's not possible to do drop-down replace +# Already working on stripping this out. +mailavenger: embedded-library usr/sbin/asmtpd: pcre3 diff --git a/patches/fix_sasl_libs.patch b/patches/fix_sasl_libs.patch new file mode 100644 index 0000000..8aa06d3 --- /dev/null +++ b/patches/fix_sasl_libs.patch @@ -0,0 +1,37 @@ +Author: Dererk +Description: Local patch, hardcode SASL include paths for Debian + +Index: avenger-0.8.4/configure.in +=================================================================== +--- avenger-0.8.4.orig/configure.in ++++ avenger-0.8.4/configure.in +@@ -197,26 +197,9 @@ AM_CONDITIONAL(SSL, test -n "$LIBSSL") + AC_ARG_ENABLE(sasl, + --enable-sasl Enable SASL w. Cyrus SASL2 library,, + enable_sasl=no) +-if test yes = "$enable_sasl"; then +- for dir in "$prefix" /usr/local /usr; do +- test -f "$dir/include/sasl/sasl.h" \ +- -a \( -f "$dir/lib/libsasl2.la" -o -f "$dir/lib/libsasl2.a" \) \ +- && sasl="$dir" && break +- done +-elif test -n "$enable_sasl" -a no != "$enable_sasl"; then +- sasl="$enable_sasl" +-fi +- +-unset LIBSASL +-if test -n "$sasl"; then +- if test -f "$dir/lib/libsasl2.la"; then +- LIBSASL="$dir/lib/libsasl2.la" +- else +- LIBSASL="-L$dir/lib -lsasl2" +- fi +- CPPFLAGS="$CPPFLAGS -I$sasl/include/sasl" +- AC_DEFINE(SASL, 1, [Define to use Cyrus libsasl2.]) +-fi ++LIBSASL="-lsasl2" ++CPPFLAGS="$CPPFLAGS -I/usr/include/sasl" ++AC_DEFINE(SASL, 1, [Define to use Cyrus libsasl2.]) + AC_SUBST(LIBSASL) + + saved_LIBS="$LIBS" diff --git a/patches/handle_errout.patch b/patches/handle_errout.patch new file mode 100644 index 0000000..dd0c28a --- /dev/null +++ b/patches/handle_errout.patch @@ -0,0 +1,41 @@ +Author: David Mazieres +Description: Fix warn_unused_result and enhance error msg when using -Werror=format-security + +Index: avenger-0.8.4/asmtpd/avif.C +=================================================================== +--- a/asmtpd/avif.C ++++ b/asmtpd/avif.C +@@ -392,6 +392,12 @@ avif::maybe_reply () + } + } + ++/* Casting to void isn't enough to get rid of these warnings */ ++inline void ++ignore_int (int) ++{ ++} ++ + void + avif::chldinit (struct passwd *pw, int fd, bool sys, str ext) + { +@@ -409,9 +415,9 @@ avif::chldinit (struct passwd *pw, int fd, bool sys, str ext) + if (!sys) { + /* quick optimization because setgroups is expensive */ + GETGROUPS_T gid = pw->pw_gid; +- setgid (gid); ++ ignore_int (setgid (gid)); + if (root) +- seteuid (pw->pw_uid); ++ ignore_int (seteuid (pw->pw_uid)); + struct stat sb; + if (!sys && lstat (avdir, &sb)) { + if (smtpd::tmperr (errno)) { +@@ -421,7 +427,7 @@ avif::chldinit (struct passwd *pw, int fd, bool sys, str ext) + _exit (0); + } + if (root) +- seteuid (getuid ()); ++ ignore_int (seteuid (getuid ())); + if (!S_ISDIR (sb.st_mode) || (sb.st_uid && sb.st_uid != pw->pw_uid)) { + warn << avdir << " should be directory owned by " << pw->pw_name << "\n"; + _exit (0); diff --git a/patches/series b/patches/series new file mode 100644 index 0000000..e62cdc8 --- /dev/null +++ b/patches/series @@ -0,0 +1,2 @@ +handle_errout.patch +fix_sasl_libs.patch @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e +DATADIR=/var/lib/mailavenger +if ! getent passwd avenger >/dev/null; then + # Adding system user: avenger. + adduser \ + --system \ + --disabled-login \ + --ingroup nogroup \ + --home $DATADIR \ + --gecos "MailAvenger non-smtp user" \ + --shell /usr/sbin/nologin \ + avenger >/dev/null +fi + +#DEBHELPER# @@ -0,0 +1,106 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# These are used for cross-compiling and for saving the configure script +# from having to guess our platform (since we know it already) +# Required for Multiarch support (20120124, ref #621440, #634553, #647247) +DEB_MULTIARCH_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_MULTIARCH) + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/buildflags.mk + +config.status: configure + dh_testdir + # Add here commands to configure the package. +ifneq "$(wildcard /usr/share/misc/config.sub)" "" + cp -f /usr/share/misc/config.sub config.sub +endif +ifneq "$(wildcard /usr/share/misc/config.guess)" "" + cp -f /usr/share/misc/config.guess config.guess +endif + dh_autoreconf + ./configure --enable-sasl --host=$(DEB_MULTIARCH_GNU_TYPE) --prefix=/usr \ + --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info \ + --libexecdir=\$${prefix}/lib/mailavenger \ + --docdir=\$${prefix}/share/doc/mailavenger \ + --datadir=\$${prefix}/share/doc/mailavenger \ + --htmldir=\$${prefix}/share/doc/mailavenger \ + CFLAGS="$(CFLAGS)" \ + LDFLAGS="$(LDFLAGS)" + +build: build-arch build-indep +build-arch: build-stamp +build-indep: build-stamp + +build-stamp: config.status + dh_testdir + # Add here commands to compile the package. + $(MAKE) + touch $@ + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + [ ! -f Makefile ] || $(MAKE) distclean + rm -f config.log + dh_autoreconf_clean + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs etc/avenger var/lib/mailavenger + + # Add here commands to install the package into debian/mailavenger. + $(MAKE) DESTDIR=$(CURDIR)/debian/mailavenger install + + # Ok, now place some basic configuration, but remember, + # some very basic stuff is needed, that's why we don't start by default + dh_install debian/mailavenger/usr/share/doc/mailavenger/avenger/asmtpd.conf etc/avenger + dh_install debian/mailavenger/usr/share/doc/mailavenger/avenger/unknown etc/avenger + + # See #624234 + mv $(CURDIR)/debian/mailavenger/usr/bin/deliver $(CURDIR)/debian/mailavenger/usr/bin/avenger.deliver + mv $(CURDIR)/debian/mailavenger/usr/share/man/man1/deliver.1 $(CURDIR)/debian/mailavenger/usr/share/man/man1/avenger.deliver.1 + + # See #580397 + mv $(CURDIR)/debian/mailavenger/usr/share/man/man1/macutil.1 $(CURDIR)/debian/mailavenger/usr/share/man/man8/macutil.8 + sed -i 's/macutil 1/macutil 8/g' $(CURDIR)/debian/mailavenger/usr/share/man/man8/macutil.8 + + # Lintian suggestion (Is something this guys can't do? ;) ) + sed -i 's/writeable/writable/' $(CURDIR)/debian/mailavenger/usr/share/man/man1/avenger.deliver.1 + + # Duplicated doc pages + rm $(CURDIR)/debian/mailavenger/usr/share/doc/mailavenger/avenger/INSTALL.html + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installinit + dh_installchangelogs NEWS + dh_installdocs README + dh_installman + dh_lintian + dh_link usr/share/man/man8/macutil.8.gz usr/share/man/man8/sendmac.8.gz + dh_strip + dh_compress -X usr/share/doc/mailavenger/pf.os + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install diff --git a/source/format b/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) @@ -0,0 +1,2 @@ +version=3 +http://www.mailavenger.org/dist/avenger-?(\d[\d\-.]+)\.tar\.gz |