# HG changeset patch # User Guido Berhoerster # Date 1357749999 -3600 # Node ID e03652c59c7d1db999e95d0f2335fa0e70a36722 Initial revision diff -r 000000000000 -r e03652c59c7d postfwd-fix-pidfile-permissions.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/postfwd-fix-pidfile-permissions.patch Wed Jan 09 17:46:39 2013 +0100 @@ -0,0 +1,92 @@ +Index: Notizen/sbin/postfwd +=================================================================== +--- Notizen.orig/sbin/postfwd ++++ Notizen/sbin/postfwd +@@ -19,6 +19,7 @@ use POSIX qw(setsid setuid setgid setloc + use IO::Socket qw(SOCK_STREAM); + use Net::DNS; + use Net::Server::Multiplex; ++use Net::Server::Daemonize qw(create_pid_file); + use vars qw(@ISA); + @ISA = qw(Net::Server::Multiplex); + our($TIMEHIRES); our($STORABLE); +@@ -2681,7 +2682,6 @@ if ($opt_daemon) { + group => $net_group, + chroot => $net_chroot ? $net_chroot : undef, + setsid => $opt_daemon ? 1 : undef, +- pid_file => $net_pid ? $net_pid : undef, + log_level => $opt_perfmon ? 0 : ($opt_verbose + 2), + log_file => $opt_perfmon ? undef : 'Sys::Syslog', + syslog_logsock => $syslog_socktype, +@@ -2736,6 +2736,23 @@ if ($opt_daemon) { + log_info "$NAME $VERSION ready for input"; + }; + ++ # create pid_file ourselves in order to control permissions ++ sub post_configure_hook { ++ my $self = shift; ++ my $prop = $self->{'server'}; ++ ++ $prop->{'pid_file'} = $net_pid ? $net_pid : undef; ++ umask oct('0022'); ++ if ($prop->{'pid_file'}) { ++ if (eval { create_pid_file($prop->{'pid_file'}) }) { ++ $prop->{'pid_file_unlink'} = 1; ++ } else { ++ $self->fatal(my $e = $@); ++ } ++ } ++ umask oct($net_umask); ++ } ++ + # main loop + sub mux_input() { + +@@ -3637,7 +3654,7 @@ The following arguments will control it' + Changes real and effective group to . + + --umask +- Changes the umask for filepermissions (unix domain sockets, pidfiles). ++ Changes the umask for filepermissions (unix domain sockets). + Attention: This is umask, not chmod - you have to specify the bits that + should NOT apply. E.g.: umask 077 equals to chmod 700. + +Index: Notizen/man/man8/postfwd.8 +=================================================================== +--- Notizen.orig/man/man8/postfwd.8 ++++ Notizen/man/man8/postfwd.8 +@@ -1198,7 +1198,7 @@ The following arguments will control it' + .PP + .Vb 4 + \& --umask +-\& Changes the umask for filepermissions (unix domain sockets, pidfiles). ++\& Changes the umask for filepermissions (unix domain sockets). + \& Attention: This is umask, not chmod - you have to specify the bits that + \& should NOT apply. E.g.: umask 077 equals to chmod 700. + .Ve +Index: Notizen/doc/postfwd.html +=================================================================== +--- Notizen.orig/doc/postfwd.html ++++ Notizen/doc/postfwd.html +@@ -822,7 +822,7 @@ The following arguments will control it' + Changes real and effective group to <name>. +
+         --umask <mask>
+-        Changes the umask for filepermissions (unix domain sockets, pidfiles).
++        Changes the umask for filepermissions (unix domain sockets).
+         Attention: This is umask, not chmod - you have to specify the bits that
+         should NOT apply. E.g.: umask 077 equals to chmod 700.
+
+Index: Notizen/doc/postfwd.txt
+===================================================================
+--- Notizen.orig/doc/postfwd.txt
++++ Notizen/doc/postfwd.txt
+@@ -876,7 +876,7 @@ DESCRIPTION
+             Changes real and effective group to .
+ 
+             --umask 
+-            Changes the umask for filepermissions (unix domain sockets, pidfiles).
++            Changes the umask for filepermissions (unix domain sockets).
+             Attention: This is umask, not chmod - you have to specify the bits that
+             should NOT apply. E.g.: umask 077 equals to chmod 700.
+ 
diff -r 000000000000 -r e03652c59c7d postfwd.cf
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/postfwd.cf	Wed Jan 09 17:46:39 2013 +0100
@@ -0,0 +1,6 @@
+# 
+# postfwd/postfwd2 configuration file, see postfwd(8) for a description of the
+# syntax.
+#
+
+id=DEFAULT; action=DUNNO
diff -r 000000000000 -r e03652c59c7d postfwd.init
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/postfwd.init	Wed Jan 09 17:46:39 2013 +0100
@@ -0,0 +1,119 @@
+#!/bin/sh
+#
+# postfwd - Postfix policy daemon
+#
+# chkconfig:   - 20 80
+# description: Postfix policy daemon which combines complex postfix \
+#              restrictions in a ruleset similar to those of the \
+#              most firewalls
+
+### BEGIN INIT INFO
+# Provides: postfwd
+# Required-Start: $local_fs $network $remote_fs
+# Required-Stop: $local_fs $network $remote_fs
+# Should-Start: 
+# Should-Stop: 
+# Default-Start:
+# Default-Stop: 0 1 2 3 4 5 6
+# Short-Description: postfwd Postfix policy daemon
+# Description: postfwd Postfix policy daemon which combines complex postfix
+#              restrictions in a ruleset similar to those of the most firewalls
+#             
+### END INIT INFO
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+prog="postfwd"
+
+[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
+
+POSTFWD_VARIANT="${POSTFWD_VARIANT:-postfwd}"
+
+exec="/usr/sbin/${POSTFWD_VARIANT}"
+config=/etc/postfwd.cf
+lockfile=/var/lock/subsys/$prog
+pidfile=/var/run/$prog.pid
+
+ARGS="${ARGS:---proto=unix --port=/var/spool/postfix/postfwd/postfwd.socket}"
+
+start() {
+    [ -x $exec ] || exit 5
+    echo -n $"Starting $prog: "
+    daemon $exec $ARGS --daemon --file=$config --user=postfwd --group=postfwd --pidfile=${pidfile}
+    retval=$?
+    echo
+    if [ $retval -eq 0 ]; then
+        touch $lockfile
+        return 0
+    fi
+    return 1
+}
+
+stop() {
+    echo -n $"Stopping $prog: "
+    killproc -p $pidfile $prog
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && rm -f $lockfile
+    return $retval
+}
+
+restart() {
+    stop
+    start
+}
+
+reload() {
+    echo -n $"Reloading $prog: "
+    kill -HUP "$(head -1 "${pidfile}")"
+    retval=$?
+    echo
+    return $retval
+}
+
+force_reload() {
+    restart
+}
+
+rh_status() {
+    # run checks to determine if the service is running or use generic status
+    status $prog
+}
+
+rh_status_q() {
+    rh_status >/dev/null 2>&1
+}
+
+
+case "$1" in
+    start)
+        rh_status_q && exit 0
+        $1
+        ;;
+    stop)
+        rh_status_q || exit 0
+        $1
+        ;;
+    restart)
+        $1
+        ;;
+    reload)
+        rh_status_q || exit 7
+        $1
+        ;;
+    force-reload)
+        force_reload
+        ;;
+    status)
+        rh_status
+        ;;
+    condrestart|try-restart)
+        rh_status_q || exit 0
+        restart
+        ;;
+    *)
+        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+        exit 2
+esac
+exit $?
diff -r 000000000000 -r e03652c59c7d postfwd.spec
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/postfwd.spec	Wed Jan 09 17:46:39 2013 +0100
@@ -0,0 +1,101 @@
+Name:           postfwd
+Version:        1.34
+Release:        1%{?dist}
+Summary:        Flexible Postfix Policy Daemon
+
+Group:          System Environment/Daemons
+License:        BSD
+URL:            http://www.postfwd.org
+Source0:        http://www.postfwd.org/%{name}-%{version}.tar.gz
+Source1:        postfwd.init
+Source2:        postfwd.sysconf
+Source3:        postfwd.cf
+Patch0:         postfwd-fix-pidfile-permissions.patch
+BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildArch:      noarch
+
+BuildRequires:  perl
+Requires:       postfix
+Requires(pre):  shadow-utils
+Requires(post): chkconfig
+Requires(postun): initscripts
+Requires(preun): chkconfig
+Requires(preun): initscripts
+
+%description
+postfwd is a Postfix policy daemon which combines complex Postfix restrictions
+in a ruleset similar to those of the most firewalls. The program uses the
+Postfix policy delegation protocol to control access to the mail system before
+a message has been accepted . It allows you to choose an action (e.g. reject,
+dunno) for a combination of several SMTP parameters (like sender and recipient
+address, size or the client's TLS fingerprint).
+
+%prep
+%setup -q
+%patch0 -p1
+# move example scripts and data to a single directory
+mkdir doc/examples
+mv plugins/ etc/* tools/*.sample tools/*.pl doc/examples/
+mv tools/hapolicy/hapolicy.* doc
+# ensure example scripts, plugins are non-executable
+find doc -type f -exec chmod 644 {} \+
+# fix CR+LF line endings
+sed -i 's/\x0D$//' doc/postfwd2-chroot.txt
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -D -m 755 -p sbin/postfwd %{buildroot}%{_sbindir}/postfwd
+install -D -m 755 -p sbin/postfwd2 %{buildroot}%{_sbindir}/postfwd2
+install -D -m 755 -p tools/hapolicy/hapolicy %{buildroot}%{_sbindir}/hapolicy
+install -D -m 644 -p man/man8/postfwd.8 %{buildroot}%{_mandir}/man8/postfwd.8
+install -D -m 644 -p man/man8/postfwd2.8 %{buildroot}%{_mandir}/man8/postfwd2.8
+pod2man tools/hapolicy/hapolicy > %{buildroot}%{_mandir}/man8/hapolicy.8
+install -D -m 755 -p %{SOURCE1} %{buildroot}%{_initddir}/%{name}
+install -D -m 644 -p %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
+install -D -m 644 -p %{SOURCE3} %{buildroot}%{_sysconfdir}/postfwd.cf
+install -d -m 750 %{buildroot}%{_var}/spool/postfix/postfwd
+install -d -m 750 %{buildroot}%{_var}/cache/postfwd
+
+%clean
+rm -rf %{buildroot}
+
+%pre
+getent group postfwd >/dev/null || groupadd -r postfwd
+getent passwd postfwd >/dev/null || \
+    useradd -r -g postfwd -d %{_var}/spool/postfix/postfwd -s /sbin/nologin \
+    -c "postfwd daemon user" postfwd
+exit 0
+
+%post
+/sbin/chkconfig --add postfwd
+
+%preun
+if [ $1 -eq 0 ] ; then
+    /sbin/service postfwd stop >/dev/null 2>&1
+    /sbin/chkconfig --del postfwd
+fi
+
+%postun
+if [ "$1" -ge 1 ] ; then
+    /sbin/service postfwd condrestart >/dev/null 2>&1 || :
+fi
+
+
+%files
+%defattr(-,root,root,-)
+%doc doc/*
+%{_initddir}/postfwd
+%config(noreplace) %{_sysconfdir}/sysconfig/postfwd
+%config(noreplace) %{_sysconfdir}/postfwd.cf
+%{_sbindir}/postfwd*
+%{_sbindir}/hapolicy
+%{_mandir}/man8/postfwd*.8*
+%{_mandir}/man8/hapolicy.8*
+%dir %attr(0750,postfwd,postfix) %{_var}/spool/postfix/postfwd/
+%dir %attr(0750,postfwd,postfwd) %{_var}/cache/postfwd/
+
+%changelog
+* Wed Jan 09 2013 Guido Berhoerster  - 1.34-1
+- Initial packaging
diff -r 000000000000 -r e03652c59c7d postfwd.sysconf
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/postfwd.sysconf	Wed Jan 09 17:46:39 2013 +0100
@@ -0,0 +1,7 @@
+# Configuration file for the postfwd service
+
+# postfwd variant to run, either postfwd or postfwd2
+POSTFWD_VARIANT=postfwd
+
+# additional arguments passed to the daemon
+#ARGS="--interface=lo --port=10040"
diff -r 000000000000 -r e03652c59c7d sources
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/sources	Wed Jan 09 17:46:39 2013 +0100
@@ -0,0 +1,1 @@
+b07e270d9308dd3e5ffada6974117b27 postfwd-1.34.tar.gz