diff options
author | Valery Kartel <valery.kartel@gmail.com> | 2016-11-28 18:40:10 +0200 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2016-12-26 10:01:53 +0000 |
commit | b3d10d56958485c034a5c66d006ee680644d5b77 (patch) | |
tree | d84d7d16b61afad2aeb2773754fcbbf2dc75ead7 | |
parent | 8db10f90bc1848cd8050dfe0df9cc40671225d39 (diff) | |
download | aports-b3d10d56958485c034a5c66d006ee680644d5b77.tar.bz2 aports-b3d10d56958485c034a5c66d006ee680644d5b77.tar.xz |
testing/rmilter: upgrade to 1.10.0, implemented an idea of modular design
--
- subpackages adds more functionality in one click
- made a kind of automatic service dependency for external local services
-rw-r--r-- | testing/rmilter/APKBUILD | 101 | ||||
-rw-r--r-- | testing/rmilter/config.patch | 156 | ||||
-rw-r--r-- | testing/rmilter/rmilter-clamav.conf | 3 | ||||
-rw-r--r-- | testing/rmilter/rmilter-clamav.pre-install | 6 | ||||
-rw-r--r-- | testing/rmilter/rmilter-dkim.conf | 3 | ||||
-rw-r--r-- | testing/rmilter/rmilter-dkim.pre-install | 5 | ||||
-rw-r--r-- | testing/rmilter/rmilter-redis.conf | 18 | ||||
-rw-r--r-- | testing/rmilter/rmilter-rspamd.conf | 3 | ||||
-rw-r--r-- | testing/rmilter/rmilter.conf | 259 | ||||
-rw-r--r-- | testing/rmilter/rmilter.confd | 6 | ||||
-rw-r--r-- | testing/rmilter/rmilter.initd | 48 | ||||
-rw-r--r-- | testing/rmilter/rmilter.pre-install | 4 | ||||
-rw-r--r-- | testing/rmilter/system_hiredis.patch | 20 |
13 files changed, 314 insertions, 318 deletions
diff --git a/testing/rmilter/APKBUILD b/testing/rmilter/APKBUILD index 66526c6788..88cc71e590 100644 --- a/testing/rmilter/APKBUILD +++ b/testing/rmilter/APKBUILD @@ -2,10 +2,10 @@ # Contributor: Valery Kartel <valery.kartel@gmail.com> # Contributor: Nathan Angelacos <nangel@alpinelinux.org> pkgname=rmilter -pkgver=1.9.2 -pkgrel=2 +pkgver=1.10.0 +pkgrel=0 pkgdesc="Rspamd mail filter" -url="https://rspamd.com" +url="https://rspamd.com/rmilter" arch="all" license="BSD" pkgusers="rmilter" @@ -15,18 +15,24 @@ depends_dev="" makedepends="$depends_dev cmake bison flex bsd-compat-headers libressl-dev pcre-dev libmilter-dev opendkim-dev hiredis-dev glib-dev" -install="$pkgname.pre-install" +install="$pkgname.pre-install $pkgname-clamav.pre-install $pkgname-dkim.pre-install" +subpackages="$pkgname-clamav::noarch $pkgname-rspamd::noarch $pkgname-redis::noarch $pkgname-dkim::noarch" source="$pkgname-$pkgver.tar.gz::https://github.com/vstakhov/$pkgname/archive/$pkgver.tar.gz - $pkgname.conf + $pkgname-clamav.conf + $pkgname-rspamd.conf + $pkgname-redis.conf + $pkgname-dkim.conf $pkgname.confd $pkgname.initd + $pkgname.conf + config.patch config_dir.patch system_hiredis.patch " +builddir="$srcdir"/$pkgname-$pkgver -_builddir="$srcdir"/$pkgname-$pkgver build() { - cd "$_builddir" + cd "$builddir" cmake CMakeLists.txt \ -DCMAKE_INSTALL_PREFIX=/usr \ -DRMILTER_USER=$pkgusers \ @@ -36,29 +42,74 @@ build() { } package() { - cd "$_builddir" + cd "$builddir" make DESTDIR="$pkgdir" install || return 1 - install -d "$pkgdir"/etc/mail/dkim + install -Dm644 $pkgname.conf.sample "$pkgdir"/etc/$pkgname/$pkgname.conf.common + install -Dm644 "$srcdir"/$pkgname.conf "$pkgdir"/etc/$pkgname/$pkgname.conf install -Dm755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname install -Dm644 "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname - install -Dm644 "$srcdir"/$pkgname.conf "$pkgdir"/etc/$pkgname/$pkgname.conf + install -dm755 "$pkgdir"/etc/$pkgname/conf.d +} + +clamav() { + pkgdesc="$pkgdesc: enable virus scanning with local Clamav instance" + depends="$pkgname clamav" + install -Dm644 /dev/null "$subpkgdir"/etc/conf.d/$pkgname-rc_need@clamd + install -Dm644 "$srcdir"/$pkgname-clamav.conf "$subpkgdir"/etc/$pkgname/conf.d/clamav.conf +} + +rspamd() { + pkgdesc="$pkgdesc: enable spam filtering with local Rspamd instance" + depends="$pkgname rspamd" + install -Dm644 /dev/null "$subpkgdir"/etc/conf.d/$pkgname-rc_need@rspamd + install -Dm644 "$srcdir"/$pkgname-rspamd.conf "$subpkgdir"/etc/$pkgname/conf.d/rspamd.conf +} + +redis() { + pkgdesc="$pkgdesc: enable greylisting and limits with local Redis backend" + depends="$pkgname redis" + install -Dm644 /dev/null "$subpkgdir"/etc/conf.d/$pkgname-rc_need@redis + install -Dm644 "$srcdir"/$pkgname-redis.conf "$subpkgdir"/etc/$pkgname/conf.d/redis.conf +} + +dkim() { + pkgdesc="$pkgdesc: enable DKIM" + depends="$pkgname" + install -dm750 -g mail "$subpkgdir"/etc/mail + install -dm755 "$subpkgdir"/etc/mail/dkim + install -Dm644 "$srcdir"/$pkgname-dkim.conf "$subpkgdir"/etc/$pkgname/conf.d/dkim.conf } -md5sums="c64ad097d79b8bc4efe8fba15b72e6b6 rmilter-1.9.2.tar.gz -74b3a71b9e14d548f9bbade386cdacae rmilter.conf -e159e4461b765b487f72c05b3d504a9c rmilter.confd -a3fa9ba78d3392716d04f27e40e40ac8 rmilter.initd +md5sums="220d693636f9ec5606033d15816a2346 rmilter-1.10.0.tar.gz +ae0cd1a2b91e06c217d3883211ef57b8 rmilter-clamav.conf +bdbd10caee1958ce5f9b8b899accac9c rmilter-rspamd.conf +690b8f76f40f1a16d3ca7b994c27b637 rmilter-redis.conf +33eafa022a0e918c7a1cf74a81654373 rmilter-dkim.conf +d37109f41764e89606d1e40c30c010de rmilter.confd +098a8f376dab26291f3a5e3e775e14b5 rmilter.initd +a4a15e6c89caaecf7bbdae681cdf36a2 rmilter.conf +87da6d59c5ca17e760668ba878d83391 config.patch e4f3e1ea90401b8d55e6a381af05b994 config_dir.patch -e5d20803b01b6d47e81a700bd12aa529 system_hiredis.patch" -sha256sums="3e44977c39ece541c90ff1075b58847f44d310aa9d4ee49bc2df96e1ee4fb39f rmilter-1.9.2.tar.gz -65f602b802766ff71807ca5537c2c17b400e0dfd915223ddeb306db074162019 rmilter.conf -fad2d6baea215c3b31750e8128efe557a27024974eca2ff359b8fa921acb9076 rmilter.confd -ce592d80851b0a52138bfa97f70c3e98a21555daa9e8a9f3966b7cafca1acc3c rmilter.initd +d1aded4ee98211bd5e644c63c77eab8b system_hiredis.patch" +sha256sums="ea80563fa7636afed0b5fd9a29aa2300f15793ed85788e4ce69c187d341a7d54 rmilter-1.10.0.tar.gz +35f6eecbac988a4a2fdbb649fdf93aec5e77ded321aaa0521ddc9ef2ffe721e1 rmilter-clamav.conf +eae2a0867c3e258fa052f1ada5465cf3132da87028ac9ac1a829c3239382fa13 rmilter-rspamd.conf +9c265b9dc02b5e520d62228e9486d8bf96041f50da8f240ad352a5b189da8b27 rmilter-redis.conf +f7513ab4345d127d2a6ef34848bc68faea83e3f7cdc11f1da641e2934bb19dd9 rmilter-dkim.conf +fd7ac67f1c2d8bc03fee67f5fca4d0a12c562eaaab00a390e0f8e5230e6a5da4 rmilter.confd +d0cce00aa6780fabbba03d14ab4ffa914326ac48a085bcde4c12853f8c44037d rmilter.initd +ee73f437d02ef343eb0c1aa6d2da5bfc502e4ee93fb9d9f3362dda2efe9e5a13 rmilter.conf +aada82ad61f3d33d285e163e054748159c378f4b7713814bf8ae94c6451bea1e config.patch 1aa29ce0a638356d4ebd75757a2094f9db20ad3895867e3676d5ae1129352760 config_dir.patch -12d5050e60bb8c2cd1e5468a65d2f447e83f6bd49c8cac92c54e4cd40ed47e45 system_hiredis.patch" -sha512sums="4938515d18d4cff363266348cbd00b85690f889cb479a0e2fb61fa74e1e0deb3e78ec06132537ae001ccec375d0bab10af77c4a4c6fb248dc7f9f929c5a57eb9 rmilter-1.9.2.tar.gz -4b577dbe63277dd932be74fad78989366056e3d0b7945af17906da17f685b19d0c58078398277ece4cff6304af8e20f45e61d196c86f933c7c5857efdecbdd81 rmilter.conf -d222bcf307e89f110efed524c2d708d3512d4400235091de0250d1f60358f65871667112bdad61bbcd948a9abdb8a46d8c3952cf78585cfb59fcf94f15849062 rmilter.confd -2ec3eb3fece210867001cf3a799336c77dfec7dd770442852a14b337205893aaefe24999ca5c0d92706bf8e9f1c8a192282e5c48b7bde2e591b03f721560e6e3 rmilter.initd +aa57dbf0e6244675989caec1a62ce969f044e0f0dc4f7bfee00e91ae19c58bc0 system_hiredis.patch" +sha512sums="bef62d6dd4190b9a28e751cc598d201f0f994a08def46ae68587d1cc956e7e209ae540d91241545dc4efd055b4bf2b95039f0e9649448e5506f17ec37240adf8 rmilter-1.10.0.tar.gz +e28357e8eab451cb972149b003db56e4386f17e137c3a690e90c4b161edd6eeb7da99b8f36cdf016f11161664b90825ee2f706ce70887c6d8b9c6a7b167770cd rmilter-clamav.conf +15db17901e4fc53596860dadade29b656d0addb390a56a610d13caee6362c867215de0fb57071ba87f0b97620d076444ad22fd87a3c27b2ca709fc31d71ed19c rmilter-rspamd.conf +f56f4295209483e2e2d0ecceeecdd8a73e547ba85bca6cf9c54f3a57a87b3ca1dfbb6dd062d54224840019cee47a062d8b9384b8b08a789b0ea46b947cb11ac2 rmilter-redis.conf +b558762c18fbcb0a50c787094d267fabae3d336ea665b126fccf1fc67284b38336ee4b9997e23091bc64e60a0302e3c5a3f659581b72dccc5da0d26c8e722f30 rmilter-dkim.conf +a8c91009662e1f4b4fd140df8187bc2b781aab167b71219ed63447da480f3b856bea00e48651f26104e5e53f096a84dc10f769067bc9c0e6e1d504a9fcef4fbd rmilter.confd +010d6e8e83087212ef0fe0bebfcd9581e8205dcf2ddf3434f7b25b9e80959cd6f24a5ede3207f9a104b3d467a5649e365a78fa609a7d2bf361253c803bb1ab2c rmilter.initd +1ab84f669bd05268816c2c454e939921102713f4ce9ef39ca695a21fc3410d915abecabd5b732022f945abfdf3d1e39ab13c8412c8de46420651a1b26e2374b3 rmilter.conf +2112a10358d7f00931a850f501db53481932badeee488afc8d8481c07bde8556449e2485c0fad5e5a0837fd921dc153a674e1c69fc1d055f6f10b89f2f061237 config.patch 6ac3a1d73e52c156b60cabaabceea6e01c7e5f2dce78a557ccce24127440a8fea713b2465ecdd29486c4283afb6dee723cbcb476f1789bcd3876dd6c6aa5ebd1 config_dir.patch -14ddca01c495cc4fa1467deb682f049d91586f0d670c596ee1e1c7c40ba12ca58c40e29ca1d18abb4d19387b668caaf627e2cdd35b172f3ca85f6bfe8fe8295a system_hiredis.patch" +6913c39c3335ecaebd6413ea8d39630cf67bc5fba9a91609f1ea25f756702e1652d51429534a5223a7136a7424deaffd16c2a2fb8d32fa1a1f1f23b3b8fed87c system_hiredis.patch" diff --git a/testing/rmilter/config.patch b/testing/rmilter/config.patch new file mode 100644 index 0000000000..feeac38265 --- /dev/null +++ b/testing/rmilter/config.patch @@ -0,0 +1,156 @@ +--- a/rmilter.conf.sample ++++ b/rmilter.conf.sample +@@ -1,24 +1,3 @@ +-# Sample config file for rmilter +-# $Id$ +-# +- +-# .include - directive to include other config file +-#.include ./rmilter-grey.conf +- +-# pidfile - path to pid file +-# Default: pidfile = /var/run/rmilter.pid +-pidfile = /var/run/rmilter/rmilter.pid; +- +-# bind_socket - socket credits for local bind: +-# unix:/path/to/file - bind to local socket +-# inet:port@host - bind to inet socket +-# Default: bind_socket = unix:/var/tmp/rmilter.sock; +-bind_socket = unix:/var/run/rmilter/rmilter.sock; +- +-# tempdir - path to directory that contains temporary files +-# Default: $TMPDIR +-tempdir = /tmp; +- + # max_size - maximum size of scanned message for ClamAV, Rspamd and DCC + # Default: 0 (no limit) + max_size = 10M; +@@ -27,14 +6,14 @@ + # Default: no + #strict_auth = no; + +-# spf_domains - path to file that contains hash of spf domains +-# Default: empty +-#spf_domains = example.com, mail.ru; +- + # use_dcc - whether or not use DCC + # Default: no + #use_dcc = no; + ++# use_redis - switch cache to use redis or legacy memcached ++# Default: yes ++use_redis = no; ++ + # whitelist - global recipients whitelist + # Default: no + #whitelist = abuse@example.com, postmaster@example.com; +@@ -51,6 +30,7 @@ + # sockets are separated by ',' + # Default: empty + #servers = clam1.example.com, clam2.example.com; ++ + # connect_timeout - timeout in miliseconds for connecting to clamav + # Default: 1s + #connect_timeout = 1s; +@@ -84,13 +64,13 @@ + # sockets are separated by ',' + # if server name is prefixed with 'r:' it is an Rspamd server + # Default: empty +- servers = r:localhost:11333; ++ #servers = r:localhost:11333; + + # also_check - extra Rspamd servers to check + #also_check = r:clam10.example.com; + + # diff_dir - path where to write messages that have different results from main and extra checks +- #diff_dir = /var/run/rmilter/diffmsg; ++ #diff_dir = /run/rmilter/diffmsg; + + # connect_timeout - timeout in miliseconds for connecting to spamd + # Default: 1s +@@ -147,17 +127,17 @@ + redis { + # servers_grey - redis servers for greylisting in format: + # host[:port][, host[:port]] +- servers_grey = localhost; ++ #servers_grey = localhost; + + # servers_white - redis servers for whitelisting in format similar to that is used + # in servers_grey +- servers_white = localhost; ++ #servers_white = localhost; + + # servers_limits - redis servers used for limits storing, can not be mirrored +- servers_limits = localhost; ++ #servers_limits = localhost; + + # servers_id - redis servers used for message id storing, can not be mirrored +- servers_id = localhost; ++ #servers_id = localhost; + + # servers_spam - redis servers used to send spam messages + #servers_spam = localhost; +@@ -207,7 +187,6 @@ + #maxerrors = 10; + }; + +- + # rule definition: + # rule { + # accept|discard|reject|tempfail|quarantine "[message]"; <- action definition +@@ -223,7 +202,7 @@ + limits { + # enable: enable or disable rate limits (binary flag) + # Default: true +- #enable = yes; ++ enable = no; + + # Whitelisted ip or networks + #limit_whitelist = 194.67.45.4/32; +@@ -246,7 +225,7 @@ + greylisting { + # enable - enable or disable greylisting (binary flag) + # Default: true +- #enable = yes; ++ enable = no; + + # timeout - time during which we mark message greylisted + # Default: 300s +@@ -264,23 +243,23 @@ + dkim { + # enable - enable or disable DKIM signing (binary flag) + # Default: true +- #enable = yes; ++ enable = no; + + # Sample for dkim specific keys + # domain { +- # key = /etc/dkim/dkim_example.key; ++ # key = /etc/mail/dkim/dkim_example.key; + # domain = "example.com"; + # selector = "dkim"; + # }; + # domain { +- # key = /etc/dkim/dkim_test.key; ++ # key = /etc/mail/dkim/dkim_test.key; + # domain = "test.com"; + # selector = "dkim"; + # }; + +- # Universal selector, keys will be checked for pattern /etc/dkim/<domain>.<selector>.key ++ # Universal selector, keys will be checked for pattern /etc/mail/dkim/<domain>.<selector>.key + domain { +- key = /usr/local/etc/dkim; ++ key = /etc/mail/dkim; + domain = "*"; + selector = "dkim"; + }; +@@ -288,8 +267,3 @@ + body_canon = relaxed; + sign_alg = sha256; + }; +- +- +-# include user's configuration, replace this with full path +-.try_include /usr/local/etc/rmilter.conf.local +-.try_include /usr/local/etc/rmilter.conf.d/*.conf diff --git a/testing/rmilter/rmilter-clamav.conf b/testing/rmilter/rmilter-clamav.conf new file mode 100644 index 0000000000..fac04675f1 --- /dev/null +++ b/testing/rmilter/rmilter-clamav.conf @@ -0,0 +1,3 @@ +clamav { + servers = /run/clamav/clamd.sock; +}; diff --git a/testing/rmilter/rmilter-clamav.pre-install b/testing/rmilter/rmilter-clamav.pre-install new file mode 100644 index 0000000000..1adaa3194f --- /dev/null +++ b/testing/rmilter/rmilter-clamav.pre-install @@ -0,0 +1,6 @@ +#!/bin/sh + +adduser rmilter clamav 2>/dev/null +echo "You cat add clamd to rc_need list at /etc/conf.d/rmilter" + +exit 0 diff --git a/testing/rmilter/rmilter-dkim.conf b/testing/rmilter/rmilter-dkim.conf new file mode 100644 index 0000000000..bf158f8e55 --- /dev/null +++ b/testing/rmilter/rmilter-dkim.conf @@ -0,0 +1,3 @@ +dkim { + enable = yes; +}; diff --git a/testing/rmilter/rmilter-dkim.pre-install b/testing/rmilter/rmilter-dkim.pre-install new file mode 100644 index 0000000000..a651ced4d4 --- /dev/null +++ b/testing/rmilter/rmilter-dkim.pre-install @@ -0,0 +1,5 @@ +#!/bin/sh + +adduser rmilter mail 2>/dev/null + +exit 0 diff --git a/testing/rmilter/rmilter-redis.conf b/testing/rmilter/rmilter-redis.conf new file mode 100644 index 0000000000..0a1c96c042 --- /dev/null +++ b/testing/rmilter/rmilter-redis.conf @@ -0,0 +1,18 @@ +use_redis = yes; + +redis { + servers_grey = localhost; + servers_white = localhost; + servers_limits = localhost; + servers_id = localhost; + #servers_spam = localhost; + #servers_copy = localhost; +}; + +greylisting { + enable = yes; +}; + +limits { + enable = yes; +}; diff --git a/testing/rmilter/rmilter-rspamd.conf b/testing/rmilter/rmilter-rspamd.conf new file mode 100644 index 0000000000..dcc785d67f --- /dev/null +++ b/testing/rmilter/rmilter-rspamd.conf @@ -0,0 +1,3 @@ +spamd { + servers = r:localhost:11333; +}; diff --git a/testing/rmilter/rmilter.conf b/testing/rmilter/rmilter.conf index 6250474ef3..f1a4b17b2c 100644 --- a/testing/rmilter/rmilter.conf +++ b/testing/rmilter/rmilter.conf @@ -1,265 +1,20 @@ # .include - directive to include other config file -#.include ./rmilter-grey.conf +.include /etc/rmilter/rmilter.conf.common # pidfile - path to pid file -# Default: pidfile = /run/rmilter/rmilter.pid - +# Default: no defaults pidfile = /run/rmilter/rmilter.pid; # bind_socket - socket credits for local bind: # unix:/path/to/file - bind to local socket # inet:port@host - bind to inet socket -# Default: bind_socket = unix:/var/rmilter/rmilter.sock; - +# Default: no defaults bind_socket = unix:/run/rmilter/rmilter.sock; # tempdir - path to directory that contains temporary files -# Default: $TMPDIR - +# Default: $TMPDIR tempdir = /tmp; -# tempfiles_mode - set permission for temp files -# Default: 00600 - -tempfiles_mode = 00600; - -# max_size - maximum size of scanned mail with clamav and dcc -# Default: 0 (no limit) - -max_size = 10M; - -# strict_auth - strict checks for mails from authenticated senders -# Default: no - -strict_auth = no; - -# spf_domains - path to file that contains hash of spf domains -# Default: empty - -#spf_domains = example.com; - -# use_dcc - whether use or not dcc system -# Default: no - -use_dcc = no; - -use_redis = yes; - -# .include - directive to include other config file -#.include ./rmilter-grey.conf - -clamav { - # servers - clamav socket definitions in format: - # /path/to/file - # host[:port] - # sockets are separated by ',' - # Default: empty - #servers = /run/clamav/clamd.sock; - # connect_timeout - timeout in miliseconds for connecting to clamav - # Default: 1s - connect_timeout = 1s; - - # port_timeout - timeout in miliseconds for waiting for clamav port response - # Default: 4s - port_timeout = 4s; - - # results_timeout - timeout in miliseconds for waiting for clamav response - # Default: 20s - results_timeout = 20s; - - # error_time - time in seconds during which we are counting errors - # Default: 10 - error_time = 10; - - # dead_time - time in seconds during which we are thinking that server is down - # Default: 300 - dead_time = 300; - - # maxerrors - maximum number of errors that can occur during error_time to make us thinking that - # this upstream is dead - # Default: 10 - maxerrors = 10; -}; - -spamd { - # servers - spamd socket definitions in format: - # /path/to/file - # host[:port] - # sockets are separated by ',' - # is server name is prefixed with r: it is rspamd server - # Default: empty - servers = r:localhost:11333; - - # also_check - extra spamd servers to check - #also_check = r:spam.example.com; - - # diff_dir - path where to write messages that have different results from main and extra checks - #diff_dir = /var/run/rmilter/diffmsg; - - # connect_timeout - timeout in milliseconds for connecting to spamd - # Default: 1s - connect_timeout = 1s; - - # results_timeout - timeout in milliseconds for waiting for spamd response - # Default: 20s - results_timeout = 20s; - - # error_time - time in seconds during which we are counting errors - # Default: 10 - error_time = 10; - - # dead_time - time in seconds during which we are thinking that server is down - # Default: 300 - dead_time = 300; - - # maxerrors - maximum number of errors that can occur during error_time to make us thinking that - # this upstream is dead - # Default: 10 - maxerrors = 10; - - # reject_message - reject message for spam - # Default: "Spam message rejected; If this is not spam contact abuse" - reject_message = "Spam message rejected; If this is not spam contact abuse"; - - # whitelist - list of ips or nets that should be not checked with spamd - # Default: empty - whitelist = 127.0.0.1/32, 192.168.0.0/16, [::1]/128; - - # rspamd_metric - metric for using with rspamd - # Default: "default" - rspamd_metric = "default"; -}; - -redis { - # servers_grey - redis servers for greylisting in format: - # host[:port][, host[:port]] - servers_grey = localhost; - - # servers_white - redis servers for whitelisting in format similar to that is used - # in servers_grey - # servers_white = redis.example.com:6379; - - # servers_limits - redis servers used for limits storing, can not be mirrored - servers_limits = localhost; - - # servers_id - redis servers used for message id storing, can not be mirrored - servers_id = localhost; - - # id_prefix - prefix for extracting message ids from redis - # Default: empty (no prefix is prepended to key) - id_prefix = "message_id."; - - # grey_prefix - prefix for extracting greylisted records from redis - # Default: empty (no prefix is prepended to key) - grey_prefix = "grey."; - - # id_prefix - prefix for extracting whitelisted records from redis - # Default: empty (no prefix is prepended to key) - white_prefix = "white."; - - # connect_timeout - timeout in miliseconds for waiting for redis - # Default: 1s - connect_timeout = 1s; - - # error_time - time in seconds during which we are counting errors - # Default: 10 - error_time = 10; - - # dead_time - time in seconds during which we are thinking that server is down - # Default: 300 - dead_time = 300; - - # maxerrors - maximum number of errors that can occur during error_time to make us thinking that - # this upstream is dead - # Default: 10 - maxerrors = 10; -}; - -# rule definition: -# rule { -# accept|discard|reject|tempfail|quarantine "[message]"; <- action definition -# [not] connect <regexp> <regexp>; <- conditions -# helo <regexp>; -# envfrom <regexp>; -# envrcpt <regexp>; -# header <regexp> <regexp>; -# body <regexp>; -# }; - -# limits section -limits { - # Whitelisted ip or networks - #limit_whitelist = 194.67.45.4/32; - # Whitelisted recipients - limit_whitelist_rcpt = postmaster, mailer-daemon; - # Addrs for bounce checks - limit_bounce_addrs = postmaster, mailer-daemon, symantec_antivirus_for_smtp_gateways, <>, null, fetchmail-daemon; - # Limit for bounce mail - limit_bounce_to = 5:0.000277778; - # Limit for bounce mail per one source ip - limit_bounce_to_ip = 5:0.000277778; - # Limit for all mail per recipient - limit_to = 20:0.016666667; - # Limit for all mail per one source ip - limit_to_ip = 30:0.025; - # Limit for all mail per one source ip and from address - limit_to_ip_from = 100:0.033333333; -}; - -beanstalk { - # List of beanstalk servers, random selected - #servers = bot01.example.com:3132; - - # Address of server to which rmilter should send all messages copies - #copy_server = somehost:13333; - - # Address of server to which rmilter should send spam messages copies - #spam_server = otherhost:13333; - - # Time to live for task in seconds - lifetime = 172800; - # Regexp that define for which messages we should put the whole message to beanstalk - # now only In-Reply-To headers are checked - id_regexp = "/^SomeID.*$/"; - # Flags for sending beanstalk copies - send_beanstalk_headers = yes; - send_beanstalk_copy = yes; - send_beanstalk_spam = yes; -}; - -greylisting { - timeout = 300s; - expire = 3d; - whitelist = 127.0.0.1, 192.168.1.1, 192.168.2.0/24; - awl_enable = yes; - awl_pool = 10M; - awl_hits = 10; - awl_ttl = 3600s; -}; - -dkim { - # Sample for dkim specific keys - # domain { - # key = /etc/mail/dkim/dkim_example.key; - # domain = "example.com"; - # selector = "dkim"; - # }; - # domain { - # key = /etc/mail/dkim/dkim_test.key; - # domain = "test.com"; - # selector = "dkim"; - # }; - # Universal selector, keys will be checked for pattern /etc/mail/dkim/<domain>.<selector>.key - domain { - key = /etc/mail/dkim; - domain = "*"; - selector = "dkim"; - }; - header_canon = relaxed; - body_canon = relaxed; - sign_alg = sha256; -}; - -# Order of checks at EOM: -# -# SPF -> DCC -> CLAMAV +# include user's configuration, replace this with full path +.try_include /etc/rmilter/rmilter.conf.local +.try_include /etc/rmilter/conf.d/*.conf diff --git a/testing/rmilter/rmilter.confd b/testing/rmilter/rmilter.confd index d18a6fed82..bf2a347286 100644 --- a/testing/rmilter/rmilter.confd +++ b/testing/rmilter/rmilter.confd @@ -1,8 +1,6 @@ -# User to run rmilter +# User and group to run as #user=rmilter - -# Group to run rmilter #group=rmilter -# Main rmilter config file +# Main config file #cfgfile=/etc/rmilter/rmilter.conf diff --git a/testing/rmilter/rmilter.initd b/testing/rmilter/rmilter.initd index 10ea136d36..6983bddaef 100644 --- a/testing/rmilter/rmilter.initd +++ b/testing/rmilter/rmilter.initd @@ -1,45 +1,45 @@ #!/sbin/openrc-run -description="Rapid spam defence mail filter" -user=${user:-rmilter} -group=${group:-rmilter} -cfgfile=${cfgfile:-/etc/rmilter/rmilter.conf} -pidfile=$(grep pidfile $cfgfile | cut -d = -f 2 | sed 's/[ ;]//g') -pidfile=${pidfile:-/run/rmilter/rmilter.pid} -sockfile=$(grep bind_socket $cfgfile | grep unix: | cut -d : -f 2 | sed 's/[ ;]//g') +description="Rapid mail filter" command=/usr/sbin/rmilter -command_args="-c $cfgfile" +command_args=${cfgfile:+"-c $cfgfile"} + +: ${user:=rmilter} +: ${group:=rmilter} +: ${cfgfile:=/etc/rmilter/rmilter.conf} + +pidfile=$(grep '^[[:space:]]*pidfile[[:space:]]*=' $cfgfile | sed 's/[[:space:];]//g' | cut -d= -f2) required_files="$cfgfile" extra_started_commands="reload" description_reload="Reload configuration" +start_stop_daemon_args="$start_stop_daemon_args --user $user --group $group" depend() { - need net dns localmount + need net localmount use logger antivirus antispam + for file in $(ls /etc/conf.d/${RC_SVCNAME}-rc_need@* 2>/dev/null); do + need ${file#*@} + done } start_pre() { ebegin - checkpath --directory --mode 750 --owner $user:$group ${pidfile%/*} - if [ "$sockfile" ]; then - checkpath --directory --mode 750 --owner $user:$group ${sockfile%/*} - rm -f $sockfile + checkpath --directory --owner $user:$group ${pidfile%/*} + bind_socket=$(grep '^[[:space:]]*bind_socket[[:space:]]*=[[:space:]]*unix:' $cfgfile | sed 's/[[:space:];]//g' | cut -d: -f2) + diff_dir=$(grep -hr '^[[:space:]]*diff_dir[[:space:]]*=' ${cfgfile%/*} | sed 's/[[:space:];]//g' | cut -d= -f2) + if [ "$bind_socket" ]; then + checkpath --directory --owner $user:$group ${bind_socket%/*} + rm -f $bind_socket + fi + if [ "$diff_dir" ]; then + checkpath --directory --owner $user:$group $diff_dir + rm -f $diff_dir/* fi - eend $? -} - -start() { - ebegin "Starting ${SVCNAME}" - start-stop-daemon --start \ - --user $user \ - --group $group \ - --pidfile $pidfile \ - --exec $command -- $command_args eend $? } reload() { - ebegin "Reloading ${SVCNAME}" + ebegin "Reloading ${RC_SVCNAME}" start-stop-daemon --signal USR1 --pidfile $pidfile eend $? } diff --git a/testing/rmilter/rmilter.pre-install b/testing/rmilter/rmilter.pre-install index f84c689dc7..80ddefc291 100644 --- a/testing/rmilter/rmilter.pre-install +++ b/testing/rmilter/rmilter.pre-install @@ -1,6 +1,6 @@ #!/bin/sh -addgroup -S rmilter 2>dev/null -adduser -S -D -H -h /run/rmilter -s /bin/false -G rmilter -g rmilter rmilter 2>/dev/null +addgroup -S rmilter 2>/dev/null +adduser -S -D -H -h /run/rmilter -s /sbin/nologin -G rmilter -g rmilter rmilter 2>/dev/null exit 0 diff --git a/testing/rmilter/system_hiredis.patch b/testing/rmilter/system_hiredis.patch index 006eb5ffad..d72e9cd03d 100644 --- a/testing/rmilter/system_hiredis.patch +++ b/testing/rmilter/system_hiredis.patch @@ -1,26 +1,24 @@ -diff --git a/CMakeLists.txt b/CMakeLists.txt -index ae4dbc4..216b177 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -367,6 +367,8 @@ ProcessPackage(LIBMILTER LIBRARY milter INCLUDE mfapi.h INCLUDE_SUFFIXES include - LIB_SUFFIXES lib/libmilter ROOT ${LIBMILTER_ROOT_DIR} MODULES libmilter) - ProcessPackage(PCRE LIBRARY pcre INCLUDE pcre.h INCLUDE_SUFFIXES include/pcre - ROOT ${PCRE_ROOT_DIR} MODULES pcre libpcre pcre3 libpcre3) -+ProcessPackage(LIBHIREDIS LIBRARY hiredis INCLUDE hiredis.h INCLUDE_SUFFIXES include/hiredis -+ LIB_SUFFIXES lib/libhiredis ROOT ${LIBHIREDIS_ROOT_DIR} MODULES libhiredis) +@@ -370,6 +370,8 @@ ProcessPackage(GLIB2 LIBRARY glib-2.0 INCLUDE glib.h INCLUDE_SUFFIXES include/glib ROOT ${GLIB_ROOT_DIR} MODULES glib-2.0>=2.28) -@@ -388,8 +390,6 @@ IF(ENABLE_MEMCACHED MATCHES "ON") ++ProcessPackage(LIBHIREDIS LIBRARY hiredis INCLUDE hiredis.h INCLUDE_SUFFIXES include/hiredis ++ LIB_SUFFIXES lib/libhiredis ROOT ${LIBHIREDIS_ROOT_DIR} MODULES libhiredis) + + IF(ENABLE_DKIM MATCHES "ON") + SET(WITH_DKIM 1) +@@ -388,8 +390,6 @@ ENDIF() ################################ SOURCES SECTION ########################### -ADD_SUBDIRECTORY(hiredis) -INCLUDE_DIRECTORIES("${CMAKE_SOURCE_DIR}/hiredis") INCLUDE_DIRECTORIES("${CMAKE_SOURCE_DIR}/contrib/lc-btrie") + INCLUDE_DIRECTORIES("${CMAKE_SOURCE_DIR}/") ADD_SUBDIRECTORY(contrib/libucl) - ADD_SUBDIRECTORY(contrib/http-parser) -@@ -419,7 +419,6 @@ CONFIGURE_FILE(config.h.in config.h) +@@ -421,7 +421,6 @@ ADD_EXECUTABLE(rmilter ${RMILTERSRC}) SET_TARGET_PROPERTIES(rmilter PROPERTIES LINKER_LANGUAGE C) TARGET_LINK_LIBRARIES(rmilter ${RMILTER_REQUIRED_LIBRARIES}) |