Mercurial > packages > rhel6 > postfwd
changeset 0:e03652c59c7d
Initial revision
| author | Guido Berhoerster <guido+packaging@berhoerster.name> |
|---|---|
| date | Wed, 09 Jan 2013 17:46:39 +0100 |
| parents | |
| children | 0c0c93f9123b |
| files | postfwd-fix-pidfile-permissions.patch postfwd.cf postfwd.init postfwd.spec postfwd.sysconf sources |
| diffstat | 6 files changed, 326 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/postfwd-fix-pidfile-permissions.patch Wed Jan 09 17:46:39 2013 +0100 @@ -0,0 +1,92 @@ +Index: Notizen/sbin/postfwd +=================================================================== +--- Notizen.orig/sbin/postfwd ++++ Notizen/sbin/postfwd +@@ -19,6 +19,7 @@ use POSIX qw(setsid setuid setgid setloc + use IO::Socket qw(SOCK_STREAM); + use Net::DNS; + use Net::Server::Multiplex; ++use Net::Server::Daemonize qw(create_pid_file); + use vars qw(@ISA); + @ISA = qw(Net::Server::Multiplex); + our($TIMEHIRES); our($STORABLE); +@@ -2681,7 +2682,6 @@ if ($opt_daemon) { + group => $net_group, + chroot => $net_chroot ? $net_chroot : undef, + setsid => $opt_daemon ? 1 : undef, +- pid_file => $net_pid ? $net_pid : undef, + log_level => $opt_perfmon ? 0 : ($opt_verbose + 2), + log_file => $opt_perfmon ? undef : 'Sys::Syslog', + syslog_logsock => $syslog_socktype, +@@ -2736,6 +2736,23 @@ if ($opt_daemon) { + log_info "$NAME $VERSION ready for input"; + }; + ++ # create pid_file ourselves in order to control permissions ++ sub post_configure_hook { ++ my $self = shift; ++ my $prop = $self->{'server'}; ++ ++ $prop->{'pid_file'} = $net_pid ? $net_pid : undef; ++ umask oct('0022'); ++ if ($prop->{'pid_file'}) { ++ if (eval { create_pid_file($prop->{'pid_file'}) }) { ++ $prop->{'pid_file_unlink'} = 1; ++ } else { ++ $self->fatal(my $e = $@); ++ } ++ } ++ umask oct($net_umask); ++ } ++ + # main loop + sub mux_input() { + +@@ -3637,7 +3654,7 @@ The following arguments will control it' + Changes real and effective group to <name>. + + --umask <mask> +- Changes the umask for filepermissions (unix domain sockets, pidfiles). ++ Changes the umask for filepermissions (unix domain sockets). + Attention: This is umask, not chmod - you have to specify the bits that + should NOT apply. E.g.: umask 077 equals to chmod 700. + +Index: Notizen/man/man8/postfwd.8 +=================================================================== +--- Notizen.orig/man/man8/postfwd.8 ++++ Notizen/man/man8/postfwd.8 +@@ -1198,7 +1198,7 @@ The following arguments will control it' + .PP + .Vb 4 + \& --umask <mask> +-\& Changes the umask for filepermissions (unix domain sockets, pidfiles). ++\& Changes the umask for filepermissions (unix domain sockets). + \& Attention: This is umask, not chmod - you have to specify the bits that + \& should NOT apply. E.g.: umask 077 equals to chmod 700. + .Ve +Index: Notizen/doc/postfwd.html +=================================================================== +--- Notizen.orig/doc/postfwd.html ++++ Notizen/doc/postfwd.html +@@ -822,7 +822,7 @@ The following arguments will control it' + Changes real and effective group to <name>.</pre> + <pre> + --umask <mask> +- Changes the umask for filepermissions (unix domain sockets, pidfiles). ++ Changes the umask for filepermissions (unix domain sockets). + Attention: This is umask, not chmod - you have to specify the bits that + should NOT apply. E.g.: umask 077 equals to chmod 700.</pre> + <pre> +Index: Notizen/doc/postfwd.txt +=================================================================== +--- Notizen.orig/doc/postfwd.txt ++++ Notizen/doc/postfwd.txt +@@ -876,7 +876,7 @@ DESCRIPTION + Changes real and effective group to <name>. + + --umask <mask> +- Changes the umask for filepermissions (unix domain sockets, pidfiles). ++ Changes the umask for filepermissions (unix domain sockets). + Attention: This is umask, not chmod - you have to specify the bits that + should NOT apply. E.g.: umask 077 equals to chmod 700. +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/postfwd.cf Wed Jan 09 17:46:39 2013 +0100 @@ -0,0 +1,6 @@ +# +# postfwd/postfwd2 configuration file, see postfwd(8) for a description of the +# syntax. +# + +id=DEFAULT; action=DUNNO
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/postfwd.init Wed Jan 09 17:46:39 2013 +0100 @@ -0,0 +1,119 @@ +#!/bin/sh +# +# postfwd - Postfix policy daemon +# +# chkconfig: - 20 80 +# description: Postfix policy daemon which combines complex postfix \ +# restrictions in a ruleset similar to those of the \ +# most firewalls + +### BEGIN INIT INFO +# Provides: postfwd +# Required-Start: $local_fs $network $remote_fs +# Required-Stop: $local_fs $network $remote_fs +# Should-Start: +# Should-Stop: +# Default-Start: +# Default-Stop: 0 1 2 3 4 5 6 +# Short-Description: postfwd Postfix policy daemon +# Description: postfwd Postfix policy daemon which combines complex postfix +# restrictions in a ruleset similar to those of the most firewalls +# +### END INIT INFO + +# Source function library. +. /etc/rc.d/init.d/functions + +prog="postfwd" + +[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog + +POSTFWD_VARIANT="${POSTFWD_VARIANT:-postfwd}" + +exec="/usr/sbin/${POSTFWD_VARIANT}" +config=/etc/postfwd.cf +lockfile=/var/lock/subsys/$prog +pidfile=/var/run/$prog.pid + +ARGS="${ARGS:---proto=unix --port=/var/spool/postfix/postfwd/postfwd.socket}" + +start() { + [ -x $exec ] || exit 5 + echo -n $"Starting $prog: " + daemon $exec $ARGS --daemon --file=$config --user=postfwd --group=postfwd --pidfile=${pidfile} + retval=$? + echo + if [ $retval -eq 0 ]; then + touch $lockfile + return 0 + fi + return 1 +} + +stop() { + echo -n $"Stopping $prog: " + killproc -p $pidfile $prog + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + stop + start +} + +reload() { + echo -n $"Reloading $prog: " + kill -HUP "$(head -1 "${pidfile}")" + retval=$? + echo + return $retval +} + +force_reload() { + restart +} + +rh_status() { + # run checks to determine if the service is running or use generic status + status $prog +} + +rh_status_q() { + rh_status >/dev/null 2>&1 +} + + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q || exit 0 + $1 + ;; + restart) + $1 + ;; + reload) + rh_status_q || exit 7 + $1 + ;; + force-reload) + force_reload + ;; + status) + rh_status + ;; + condrestart|try-restart) + rh_status_q || exit 0 + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" + exit 2 +esac +exit $?
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/postfwd.spec Wed Jan 09 17:46:39 2013 +0100 @@ -0,0 +1,101 @@ +Name: postfwd +Version: 1.34 +Release: 1%{?dist} +Summary: Flexible Postfix Policy Daemon + +Group: System Environment/Daemons +License: BSD +URL: http://www.postfwd.org +Source0: http://www.postfwd.org/%{name}-%{version}.tar.gz +Source1: postfwd.init +Source2: postfwd.sysconf +Source3: postfwd.cf +Patch0: postfwd-fix-pidfile-permissions.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildArch: noarch + +BuildRequires: perl +Requires: postfix +Requires(pre): shadow-utils +Requires(post): chkconfig +Requires(postun): initscripts +Requires(preun): chkconfig +Requires(preun): initscripts + +%description +postfwd is a Postfix policy daemon which combines complex Postfix restrictions +in a ruleset similar to those of the most firewalls. The program uses the +Postfix policy delegation protocol to control access to the mail system before +a message has been accepted . It allows you to choose an action (e.g. reject, +dunno) for a combination of several SMTP parameters (like sender and recipient +address, size or the client's TLS fingerprint). + +%prep +%setup -q +%patch0 -p1 +# move example scripts and data to a single directory +mkdir doc/examples +mv plugins/ etc/* tools/*.sample tools/*.pl doc/examples/ +mv tools/hapolicy/hapolicy.* doc +# ensure example scripts, plugins are non-executable +find doc -type f -exec chmod 644 {} \+ +# fix CR+LF line endings +sed -i 's/\x0D$//' doc/postfwd2-chroot.txt + +%build + +%install +rm -rf %{buildroot} +install -D -m 755 -p sbin/postfwd %{buildroot}%{_sbindir}/postfwd +install -D -m 755 -p sbin/postfwd2 %{buildroot}%{_sbindir}/postfwd2 +install -D -m 755 -p tools/hapolicy/hapolicy %{buildroot}%{_sbindir}/hapolicy +install -D -m 644 -p man/man8/postfwd.8 %{buildroot}%{_mandir}/man8/postfwd.8 +install -D -m 644 -p man/man8/postfwd2.8 %{buildroot}%{_mandir}/man8/postfwd2.8 +pod2man tools/hapolicy/hapolicy > %{buildroot}%{_mandir}/man8/hapolicy.8 +install -D -m 755 -p %{SOURCE1} %{buildroot}%{_initddir}/%{name} +install -D -m 644 -p %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/%{name} +install -D -m 644 -p %{SOURCE3} %{buildroot}%{_sysconfdir}/postfwd.cf +install -d -m 750 %{buildroot}%{_var}/spool/postfix/postfwd +install -d -m 750 %{buildroot}%{_var}/cache/postfwd + +%clean +rm -rf %{buildroot} + +%pre +getent group postfwd >/dev/null || groupadd -r postfwd +getent passwd postfwd >/dev/null || \ + useradd -r -g postfwd -d %{_var}/spool/postfix/postfwd -s /sbin/nologin \ + -c "postfwd daemon user" postfwd +exit 0 + +%post +/sbin/chkconfig --add postfwd + +%preun +if [ $1 -eq 0 ] ; then + /sbin/service postfwd stop >/dev/null 2>&1 + /sbin/chkconfig --del postfwd +fi + +%postun +if [ "$1" -ge 1 ] ; then + /sbin/service postfwd condrestart >/dev/null 2>&1 || : +fi + + +%files +%defattr(-,root,root,-) +%doc doc/* +%{_initddir}/postfwd +%config(noreplace) %{_sysconfdir}/sysconfig/postfwd +%config(noreplace) %{_sysconfdir}/postfwd.cf +%{_sbindir}/postfwd* +%{_sbindir}/hapolicy +%{_mandir}/man8/postfwd*.8* +%{_mandir}/man8/hapolicy.8* +%dir %attr(0750,postfwd,postfix) %{_var}/spool/postfix/postfwd/ +%dir %attr(0750,postfwd,postfwd) %{_var}/cache/postfwd/ + +%changelog +* Wed Jan 09 2013 Guido Berhoerster <guido+packaging@berhoerster.name> - 1.34-1 +- Initial packaging
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/postfwd.sysconf Wed Jan 09 17:46:39 2013 +0100 @@ -0,0 +1,7 @@ +# Configuration file for the postfwd service + +# postfwd variant to run, either postfwd or postfwd2 +POSTFWD_VARIANT=postfwd + +# additional arguments passed to the daemon +#ARGS="--interface=lo --port=10040"