debian/0000755000000000000000000000000012203356472007172 5ustar debian/control0000644000000000000000000000340712203355462010577 0ustar Source: mailavenger Section: mail Priority: extra Maintainer: Ulises Vitulli Build-Depends: debhelper (>= 6.0.7~), autotools-dev, libdb-dev, libssl-dev, libpcap0.8-dev | libpcap-dev Standards-Version: 3.9.4 Homepage: http://www.mailavenger.org/ Package: mailavenger Architecture: any Pre-Depends: adduser (>= 3.40) Depends: ${shlibs:Depends}, ${misc:Depends}, postfix | mail-transport-agent, lsb-base Description: Highly configurable, MTA-independent SMTP filter server Mail Avenger is a highly configurable, MTA-independent Spam filtering solution at SMTP'ing time. . The criteria Mail Avenger uses to handle filtering is based on a "how is it being send?" fashion, instead of the classical "what are you sending?" model, in which the body or mail itself is analysed looking for SPAM patterns, keywords, bad words or applying Bayesian filters, like SpamAssassin, DSPAM or SpamBayes does. . A distinguishing feature of Mail Avenger is that it allows you to reject spam during SMTP time, before even spooling messages in your local mail queue. This carries interesting features like identifying most clients OS (using TCP SYN fingerprints), acquiring client's network information, embed cryptographically secure expiration times in temporary mail addresses to validate mail before receiving the message body, between others. . This is a partial list of features: * Mail-bomb protection * TCP filtering * Network-level traffic analysis * SMTP-level traffic analysis * SMTP callbacks * Per-user and per-user-extension mail scripts * Per-user mail relay checks * Virtual domain mapping * Alias to user mapping * RBL support * SPF * SPF language queries * Asynchronous DNS queries * "Bodytest" support * SMTP STARTTLS support debian/default0000644000000000000000000000117212202770413010534 0ustar # Defaults for mailavenger initscript # sourced by /etc/init.d/mailavenger # installed at /etc/default/mailavenger by the maintainer scripts # # This is a POSIX shell fragment # # Additional options that are passed to the Daemon # By enabling this, mailavenger SMTP daemon, asmtpd, will be instructed to run # # PLEASE, Take into account that for a good and efficient SMTP filtring performance # you HAVE to edit some basic values in order to achieve missclasification # # Once you have done some basic configuration, you'll be able to run the daemon by # clearing the "no" value from the RUN_DAEMON below here. # RUN_DAEMON=no debian/rules0000755000000000000000000000633512203126577010262 0ustar #!/usr/bin/make -f # -*- makefile -*- # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 # These are used for cross-compiling and for saving the configure script # from having to guess our platform (since we know it already) # Required for Multiarch support (20120124, ref #621440, #634553, #647247) DEB_MULTIARCH_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_MULTIARCH) export DEB_BUILD_MAINT_OPTIONS = hardening=+all DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/buildflags.mk config.status: configure dh_testdir # Add here commands to configure the package. ifneq "$(wildcard /usr/share/misc/config.sub)" "" cp -f /usr/share/misc/config.sub config.sub endif ifneq "$(wildcard /usr/share/misc/config.guess)" "" cp -f /usr/share/misc/config.guess config.guess endif ./configure --enable-sasl --host=$(DEB_MULTIARCH_GNU_TYPE) --prefix=/usr \ --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info \ --libexecdir=\$${prefix}/lib/mailavenger \ --docdir=\$${prefix}/share/doc/mailavenger \ --datadir=\$${prefix}/share/doc/mailavenger \ --htmldir=\$${prefix}/share/doc/mailavenger \ CFLAGS="$(CFLAGS)" \ LDFLAGS="$(LDFLAGS)" build: build-arch build-indep build-arch: build-stamp build-indep: build-stamp build-stamp: config.status dh_testdir # Add here commands to compile the package. $(MAKE) touch $@ clean: dh_testdir dh_testroot rm -f build-stamp [ ! -f Makefile ] || $(MAKE) distclean rm -f config.log dh_clean install: build dh_testdir dh_testroot dh_clean -k dh_installdirs etc/avenger var/lib/mailavenger # Add here commands to install the package into debian/mailavenger. $(MAKE) DESTDIR=$(CURDIR)/debian/mailavenger install # Ok, now place some basic configuration, but remember, # some very basic stuff is needed, that's why we don't start by default dh_install debian/mailavenger/usr/share/doc/mailavenger/avenger/asmtpd.conf etc/avenger dh_install debian/mailavenger/usr/share/doc/mailavenger/avenger/unknown etc/avenger # See #624234 mv $(CURDIR)/debian/mailavenger/usr/bin/deliver $(CURDIR)/debian/mailavenger/usr/bin/avenger.deliver mv $(CURDIR)/debian/mailavenger/usr/share/man/man1/deliver.1 $(CURDIR)/debian/mailavenger/usr/share/man/man1/avenger.deliver.1 # Lintian suggestion (Is something this guys can't do? ;) ) sed -i 's/writeable/writable/' $(CURDIR)/debian/mailavenger/usr/share/man/man1/avenger.deliver.1 # Duplicated doc pages rm $(CURDIR)/debian/mailavenger/usr/share/doc/mailavenger/avenger/INSTALL.html # don't really need MAC stuff in our free world =) rm $(CURDIR)/debian/mailavenger/usr/bin/sendmac rm $(CURDIR)/debian/mailavenger/usr/bin/macutil rm $(CURDIR)/debian/mailavenger/usr/share/man/man1/macutil.1 # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot dh_installinit dh_installchangelogs NEWS dh_installdocs README dh_installman dh_lintian dh_link dh_strip dh_compress -X usr/share/doc/mailavenger/pf.os dh_fixperms dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install debian/watch0000644000000000000000000000011112202770413010206 0ustar version=3 http://www.mailavenger.org/dist/avenger-?(\d[\d\-.]+)\.tar\.gz debian/changelog0000644000000000000000000000545612203356472011056 0ustar mailavenger (0.8.4-2) unstable; urgency=low * Improve gcc hardening features: - debian/rules: Switch from hardening-includes in favor of dpkg-buildflags. - debian/control: Drop build-dep on hardening-includes. - debian/patches/handle_errout.patch: Local patch to get rid of warn_unused_result Werror. -- Ulises Vitulli Fri, 16 Aug 2013 09:54:50 +0200 mailavenger (0.8.4-1) unstable; urgency=low * New upstream release: - Fix FTBFS on gcc 4.8 (Closes: #701317). - Added systemd mailavenger.service file. - Use new resolver library interface, instead of reloading resolv.conf. * Bump up Standard-version to 3.9.4 (no changes needed). -- Ulises Vitulli Wed, 14 Aug 2013 23:08:43 +0200 mailavenger (0.8.3rc1-1) unstable; urgency=low * Fix FTBFS on gcc-4.7 series (Closes: #667268). * Fix piuparts QA checks on mailavenger: - unowned directory after purge: /var/lib/mailavenger (Closes: #668749). * Update Standard-version to 3.9.3 (no changes needed). -- Ulises Vitulli Sat, 14 Apr 2012 09:40:52 -0300 mailavenger (0.8.2-1) unstable; urgency=low * New upstream-coordinated snapshot/release: - Fix bdb compatibility on 5.x (Closes: #621440, #634553, #647247) - Fix some gcc-4.6 warnings (Closes: #625391). * Improve building targets for simplifying portscripts. * Clean-up on debian/rules for multiarch support. * Dropped local patch for typofixing license documentation. -- Ulises Vitulli Tue, 13 Dec 2011 09:24:55 -0300 mailavenger (0.8.1-4) unstable; urgency=low * Renamed conflicting files to secondary path (Closes: #624234). * Update Standard-version to 3.9.2.0 (no changes needed). * Clean up old unused targets at debian/rules. * Switched to my Debian account. -- Ulises Vitulli Thu, 16 Jun 2011 18:30:07 -0300 mailavenger (0.8.1-3) unstable; urgency=low * The 'Oh-righhht!' upload. * debian/rules: Now switching hardening-includes to easily handle gcc's advanced protections on unsupported archs (Closes: #580790). -- Ulises Vitulli Thu, 13 May 2010 20:30:39 -0300 mailavenger (0.8.1-2) unstable; urgency=low * debian/rules: do not install mac-specific files (Closes: #580397). * debian/control: Improved objective package description. * debian/copyright: Fix minor typo on Copyright (already fixed on upstream). * debian/rules: Disable gcc's Stack Smashing protection for unsupported archs: - alpha - hppa - ia64 - mips -- Ulises Vitulli Wed, 05 May 2010 16:19:39 -0300 mailavenger (0.8.1-1) unstable; urgency=low * Initial release (Closes: #377714). * Stick to dpkg-source 3.0 (quilt) format. -- Ulises Vitulli Thu, 08 Apr 2010 14:11:08 -0300 debian/lintian-overrides0000644000000000000000000000056012202770413012546 0ustar # License Include Excemption case for OpenSSL conflicting points # with GPL and OpenSSL license. mailavenger: possible-gpl-code-linked-with-openssl # Currently pcre is used for trivial tasks and embebbed # with custom changes, it's not possible to do drop-down replace # Already working on stripping this out. mailavenger: embedded-library usr/sbin/asmtpd: pcre3 debian/compat0000644000000000000000000000000212202770413010362 0ustar 6 debian/init.d0000644000000000000000000000520412202770413010275 0ustar #! /bin/bash # # This initscript was created by Ulises Vitulli for mailavenger # # Start/stop the mailavenger daemon ### BEGIN INIT INFO # Provides: mailavenger # Required-Start: $syslog $remote_fs $time # Required-Stop: $syslog $remote_fs $time # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: mailavenger SMTP filter server # Description: This daemon handles the status of the MailAvenger stmpd ### END INIT INFO PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/sbin/asmtpd RUN_DAEMON=no NAME=mailavenger DESC=mailavenger USER=avenger DAEMON_OPTS= test -x $DAEMON || exit 0 . /lib/lsb/init-functions daemon_status () { # This returns 0 if the daemon is running, returns 1 otherwise. start-stop-daemon --start --test --exec $DAEMON -- $DAEMON_OPTS >/dev/null 2>&1 } case "$1" in start) log_begin_msg "Starting $NAME daemon..." # Check if user has acknowledged to have configured Mail Avenger. if [ -f /etc/default/mailavenger ] ; then . /etc/default/mailavenger fi if [ "$RUN_DAEMON" = "no" ]; then log_failure_msg "DAEMON DISABLED, Launch aborted." log_failure_msg "Please check /usr/share/doc/mailavenger/README.Debian for a quick start." log_end_msg 0 exit 0 else if ! daemon_status ; then log_begin_msg "Already running." log_end_msg 0 exit 0 fi fi if [ ! -d "/var/run/$NAME" ]; then mkdir -p /var/run/$NAME chown $USER:nogroup /var/run/$NAME fi start-stop-daemon --start --oknodo --pidfile /var/run/$NAME/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS if ! pidof $DAEMON > /var/run/$NAME/$NAME.pid; then log_begin_msg "Oops, something went wront. CHECK SYSLOG!" exit 1 fi log_end_msg $? ;; stop) log_begin_msg "Stopping $NAME daemon..." start-stop-daemon --stop --oknodo --pidfile /var/run/$NAME/$NAME.pid --exec $DAEMON log_end_msg $? rm /var/run/$NAME/$NAME.pid >/dev/null 2>&1 ;; status) if ! daemon_status; then log_begin_msg "$NAME is RUNNING using process id `cat /var/run/$NAME/$NAME.pid`." log_end_msg 0 else log_failure_msg "$NAME is STOPPED!" fi ;; force-reload|reload) if ! daemon_status; then log_begin_msg "Reloading $NAME configuration..." start-stop-daemon --stop --signal HUP --pidfile /var/run/$NAME/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS && \ log_end_msg 0 && echo "done." || log_end_msg 3 else log_failure_msg "$NAME is STOPPED!" log_end_msg 3 fi ;; restart) $0 stop $0 start ;; *) log_success_msg "Usage: /etc/init.d/$NAME {start|stop|status|force-reload|restart}" exit 1 ;; esac exit 0 debian/README.Debian0000644000000000000000000001341412202770413011230 0ustar mailavenger for Debian ====================== Reference: A. Quick-n-painless three-steps cook list B. Additional Basic Tips C. Extra Information about MailAvenger A. :: Quick-n-painless three-steps cook list :: -------------------------------------- 1. /etc/avenger/asmtpd.conf: Replace 'BindAddr' and 'Hostname' with the proper values. Take into account that you have to put your public IP here, or in case you are relaying email from a WAN/MAN/CAN etc, the IP of the interface in which you see them. The MailAvenger SMTP (asmtpd) will attach to interface and bind for listing to TCP SYN fingerprints and network/routing information. For example: # head -n 5 /etc/avenger/asmtpd.conf # Sample asmtpd.conf file, suitable for sendmail BindAddr 10.4.21.225 Hostname smtp.man.buenosaireslibre.org 2. /etc/avenger/domains Think of any other domain(s) that doesn't match your MailAvenger hostname, which you have already set in Part 1 above. In order to let MailAvenger SMTP know you authorize certain domains to be accepted for relaying, you have to add them in a one-per-line fashion, followed by a ':' (without the quotes) as the end of each line. For example: # head -n 5 /etc/avenger/domains Rohirrim.node.man.buenosaireslibre.org: Londres.node.man.buenosaireslibre.org: Hermes.node.man.buenosaireslibre.org: LaReja.node.man.buenosaireslibre.org: Gizmo.node.man.buenosaireslibre.org: 3. /etc/default/mailavenger Switch the MailAvenger daemon on by taking out 'no' at RUN_DAEMON. ----------------------------------------------------------------------- Do not delete or comment it out, otherwise MailAvenger will not start ----------------------------------------------------------------------- ALL SET!!! Now your will have to take a look at your Mail log to watch them fall down :-) B. :: Additional Basic Tips :: --------------------- By default, MailAvenger is configured to log SMTP transactions in a debug mode This is because in the very first tries you'll be able to quickly find, in case of existing, any network misconfiguration or a missing authentic sender domain that you forgot to append at the 'domains' file at (A) Part 2. In addition to that, if you happen to receive (many) frequent emails from a friendly and known sender, you may not want him to wait or spend some extra time for a STMP transaction, so you can white-list him into your MailAvenger setup. On the other hand, you also may want to white-list some servers that have poor Mail configuration, and, sure, let them know that they are not complaining with STMP standards in a nice and distinguish mail, but remember, not all the network/system administrators do care as much as you do for standardizing, and, of course, try not to verbosely laugh that much at them ;-) You can achive this by fixing their IPs/Domains into the asmtpd.conf file. For example: # egrep '(TrustedNet|TrustedDomain)' /etc/avenger/asmtpd.conf TrustedNet 10.4.13.225 TrustedNet 10.4.14.33 TrustedNet 10.4.14.225 TrustedDomain 1.dhcptrustedpool.man.buenosaireslibre.org TrustedDomain 2.dhcptrustedpool.man.buenosaireslibre.org C. :: Extra Information about MailAvenger :: ----------------------------------- Q: Why do you keep calling it 'MailAvenger' instead of 'Avenger' or 'asmtpd'? Are you insane in the membrain? A: The MailAvenger software is also known as plain 'Avenger', and there might eventually exist some files or directories that are named after each other. For practical reasons, I tried to stick with the cannonical name so no more confusion is added into the equation and created a 'avenger' virtual package that points to the mailavenger software you are looking at :-) Greylisting on MailAvenger -------------------------- One of the awesome features of MailAvenger is that, even thought it handles mail filtering at SMTP'ing time, it keeps being flexible enought to create YOUR OWN decision paths about what/who to send into a temporarily reject list, also known as "Greylisting" technique. The concept behind Greylisting is pretty basic[0]: Temporarily reject any email from a sender that is't recognized by the you. Case A: If the mail is legitimate the originating server will, after a certain delay, try again and, if sufficient time has elapsed, the email will be accepted. Case B: If the mail is from a spam sender, sending to many thousands of email addresses, it will probably not be retried. Example ======= This is simple but powerful example I took from Thomer M. Gil site[1] with a minor modification, that you'll find into /usr/share/doc/mailavenger/examples # cat /etc/avenger/default errcheck case "$SPF0" in error) defer "Temporary error in SPF record processing" ;; pass) accept "SPF sender PASS" ;; esac greylist_delay=5m greylist_ttl1=5h greylist_ttl2=4D greylist "${CLIENT_IP%.*} $RECIPIENT $SENDER" accept Explaination ( See also the avenger(1) manual page ). This 'default' file discards email that MailAvenger has flagged as coming from a non-existent sender (errcheck). Then it immediately accepts email that comes from a SPF-verified sender (accept "SPF sender PASS"). Otherwise it greylists the sender's IP address (in fact, the /24) by telling it to send the email again in 5 minutes (greylist "${CLIENT_IP%.*} $RE....) Then (when the email comes a few minutes later), gets accepted and handed to the MTA (which is responsible for delivering it to the user). This is a MailAvenger output at /var/log/mail.log on a MTA waiting for them: 0. http://en.wikipedia.org/wiki/Greylisting 1. http://thomer.com/howtos/fight_spam.html -- Ulises Vitulli Wed, 6 Jun 2009 01:30:25 -0300 debian/source/0000755000000000000000000000000012202770413010464 5ustar debian/source/format0000644000000000000000000000001412202770413011672 0ustar 3.0 (quilt) debian/patches/0000755000000000000000000000000012203252335010612 5ustar debian/patches/series0000644000000000000000000000002412203225050012015 0ustar handle_errout.patch debian/patches/handle_errout.patch0000644000000000000000000000240112203251712014461 0ustar Author: David Mazieres Description: Fix warn_unused_result and enhance error msg when using -Werror=format-security Index: avenger-0.8.4/asmtpd/avif.C =================================================================== --- a/asmtpd/avif.C +++ b/asmtpd/avif.C @@ -392,6 +392,12 @@ avif::maybe_reply () } } +/* Casting to void isn't enough to get rid of these warnings */ +inline void +ignore_int (int) +{ +} + void avif::chldinit (struct passwd *pw, int fd, bool sys, str ext) { @@ -409,9 +415,9 @@ avif::chldinit (struct passwd *pw, int fd, bool sys, str ext) if (!sys) { /* quick optimization because setgroups is expensive */ GETGROUPS_T gid = pw->pw_gid; - setgid (gid); + ignore_int (setgid (gid)); if (root) - seteuid (pw->pw_uid); + ignore_int (seteuid (pw->pw_uid)); struct stat sb; if (!sys && lstat (avdir, &sb)) { if (smtpd::tmperr (errno)) { @@ -421,7 +427,7 @@ avif::chldinit (struct passwd *pw, int fd, bool sys, str ext) _exit (0); } if (root) - seteuid (getuid ()); + ignore_int (seteuid (getuid ())); if (!S_ISDIR (sb.st_mode) || (sb.st_uid && sb.st_uid != pw->pw_uid)) { warn << avdir << " should be directory owned by " << pw->pw_name << "\n"; _exit (0); debian/copyright0000644000000000000000000000715212202770413011124 0ustar This package was debianized by Ulises Vitulli on Sat, 13 Oct 2009 09:27:20 -0300. It was downloaded from http://www.mailavenger.org/ Copyright and Upstream: © 2004-2010 David Mazieres (dm@uun.org) Software License: This license grants you the right to use, modify, and redistribute Mail Avenger ("the software"). In this license, the term "GPL" designates one or more official, numbered versions of the GNU General Public License as published by the Free Software Foundation. It specifically excludes drafts or working verions of licenses, or licenses with similar or identical names that are published by entities other than the Free Software Foundation. You may use, modify, and redistribute the software under any one of the following conditions (at your option): 1. You may use, modify, and redistribute the software under the terms of the GPL version 2 as distributed here: http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt 2. You may use, modify, and redistribute the software under the terms of the GPL version 3, as found in the file COPYING and distributed here: http://www.gnu.org/licenses/gpl-3.0.txt 3. You may use, modify, and redistribute the software under any version of the GPL greater than 3. 4. You may use, modify, and redistribute the software under a modified version of the GPL version 3 (or, at your option, a modified version of any higher-numbered version of the GPL) that places additional restrictions on advertising and labeling of the software, provided that all of the following conditions are met: a. The software has incorporated (been combined with or linked to) the OpenSSL library, and b. The license of the incoporated OpenSSL library prevents the resulting work from being distributed under each of conditions 1-3 of this license, and c. The restrictions on advertising and labeling are no more restrictive than those under which OpenSSL 1.0.0 was distributed in its original March 2010 release, and d. All recipients of the software retain the ability to distribute the software under any subset they wish of conditions 1-3 of this license provided they remove the incoporated OpenSSL library. On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-3'. ------------------------------------------------------------------------- MailAvenger includes a copy of the OpenBSD Passive OS fingerprinting DB (C) Copyright 2000-2003 by Michal Zalewski (C) Copyright 2003 by Mike Frantzen Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ------------------------------------------------------------------------- The Debian packaging is © 2009-2010, Ulises Vitulli and is licensed under the GPL, see above. debian/preinst0000644000000000000000000000057612202770413010603 0ustar #!/bin/sh set -e DATADIR=/var/lib/mailavenger if ! getent passwd avenger >/dev/null; then # Adding system user: avenger. adduser \ --system \ --disabled-login \ --ingroup nogroup \ --home $DATADIR \ --gecos "MailAvenger non-smtp user" \ --shell /usr/sbin/nologin \ avenger >/dev/null fi #DEBHELPER#