debian/0000755000000000000000000000000012253402563007170 5ustar debian/README.Debian0000644000000000000000000000304412251100263011220 0ustar policyd-weight for Debian ------------------------- You can create a file /etc/policyd-weight.conf with different setting from default (can be got with "/usr/sbin/policyd-weight defaults"). Please keep track of the used Blocking Lists, default there are: 'pbl.spamhaus.org', 3.25, 0, 'DYN_PBL_SPAMHAUS', 'sbl-xbl.spamhaus.org', 4.35, -1.5, 'SBL_XBL_SPAMHAUS', 'bl.spamcop.net', 3.75, -1.5, 'SPAMCOP', 'dnsbl.njabl.org', 4.25, -1.5, 'BL_NJABL', 'ix.dnsbl.manitu.net', 4.35, 0, 'IX_MANITU' and 'multi.surbl.org', 4, 0, 'SURBL', 'rhsbl.ahbl.org', 4, 0, 'AHBL', 'dsn.rfc-ignorant.org', 3.5, 0, 'DSN_RFCI', 'postmaster.rfc-ignorant.org', 0.1, 0, 'PM_RFCI', 'abuse.rfc-ignorant.org', 0.1, 0, 'ABUSE_RFCI' Some of them maybe disappear during the stable release, in this case you need to redefine @dnsbl_score and/or @rhsbl_score in /etc/policyd-weight.conf. If you stop/restart policyd-weight via init script, the cache instance will be terminated. The cache is NOT terminated with dstop/drestart. For instructions to setup policyd-weight please refer to /usr/share/doc/policyd-weight/documentation.txt.gz or to http://www.policyd-weight.org! Feel free to also contact the policyd-weight mailing list if you has questions/problems. -- Jan Wagner Wed, 8 Nov 2006 22:44:24 +0100 debian/changelog0000644000000000000000000002045312253402024011036 0ustar policyd-weight (0.1.15.2-7) unstable; urgency=low * Correct 09_fix_net_dns_usage.patch logic -- Werner Detter Sun, 15 Dec 2013 17:05:19 +0100 policyd-weight (0.1.15.2-6) unstable; urgency=low * Updated standards version to 3.9.5 * debian/control added dependency on libio-socket-inet6-perl * debian/init.d removed internal api call /lib/init/vars.sh from init script * Add 09_fix_net_dns_usage.patch which fixes infinite loop when dns resolver is reachable only via IPv6 (Closes: #726670) -- Werner Detter Sun, 8 Dec 2013 15:23:19 +0100 policyd-weight (0.1.15.2-5) unstable; urgency=high * Add 08_del_dnsbl.njabl.org.patch which removes dnsbl.njabl.org list due to service shutdown on 2013-03-01 (Closes: #702838) * Bumped standard versions to 3.9.4 -- Werner Detter Tue, 12 Mar 2013 20:23:14 +0100 policyd-weight (0.1.15.2-4) unstable; urgency=low * Add 07_del_rfc-ignorant.org.patch which removes rfc-ignorant.org lists due to service shut down on 2012-11-30 -- Werner Detter Mon, 17 Sep 2012 09:32:23 +0100 policyd-weight (0.1.15.2-3) unstable; urgency=low * Updating standards version to 3.9.3 * Fixed 02_cacherejectmsg.patch (modify $CACHEREJECTMSG instead of $REJECTMSG), thanks to Marcel Meckel (Closes: #598844) -- Werner Detter Sun, 19 Aug 2012 12:20:23 +0100 policyd-weight (0.1.15.2-2) unstable; urgency=low * Add 05_fix_issuing_group.patch - use getgrgid() instead of getpwuid() for mapping the group id into group name. Thanks to Heiko Schlittermann (Closes: #641538) * Add 06_del_non_func_ipv6_dnsbl.patch which removes non-functional DNSBL rbl.ipv6-world.net * Add debian/default * Modified init script -- Werner Detter Tue, 24 Jan 2012 16:41:52 +0100 policyd-weight (0.1.15.2-1) unstable; urgency=low * New upstream release - non functional DNSBL rbl.ipv6-world.net now deactivated by default (Closes: #641227) - Socket for cache communication is now chowned by the right group (Closes: #641539) * New Maintainer (Closes: #612734) * Switch to dpkg-source 3.0 (quilt) format - Recreated existing patches with quilt - Add 03_fix_perl_warnings.patch which fixes Perl warnings in debug mode, thanks to Heiko Schlittermann (Closes: #641544) - Removed 02_enable_ipv6.dpatch as IPv6 is now supported by default - Deleted README.source * Updating standards version to 3.9.2 * debian/control Vcs-Fields removed * debian/copyright revised for DEP5 specifications * debian/init.d created lsb-base init script * debian/postinst removed lapsed version-checks * Add 04_fix_spelling_man.patch which fixes some spelling in the manpages -- Werner Detter Mon, 02 Jan 2012 10:14:52 +0100 policyd-weight (0.1.15.1-3) unstable; urgency=low * Orphan the package. * Add 03_cacherejectmsg.dpatch, to have a more verbose reject message on cache hit, thanks Martin F. Krafft (Closes: #598844) * Updating standards version to 3.9.1 - use dh_prep instead of dh_clean -k * Update to debhelper 7 -- Jan Wagner Thu, 10 Feb 2011 10:38:35 +0100 policyd-weight (0.1.15.1-2) unstable; urgency=low * Updating standards version to 3.8.4 - Add README.source * Migrate Vcs-Fields over to scm.uncompleted.org * Add 1.0 to debian/source/format * Add ${misc:Depends} to dependencies -- Jan Wagner Wed, 10 Mar 2010 12:21:52 +0100 policyd-weight (0.1.15.1-1) experimental; urgency=low * integrate the development script into our rebuild upstream tarball - drop 02_remove_dsbl.dpatch and 03_0.1.15.1.dpatch * add 02_enable_ipv6.dpatch to make use of the IPv6 code -- Jan Wagner Mon, 29 Sep 2008 22:32:36 +0200 policyd-weight (0.1.14.17+0.1.15.1-1) experimental; urgency=low * new upstream release - add 03_0.1.15.1.dpatch, since no tarball is available * remove 03_ipv6_support.dpatch, cause integrated upstream -- Jan Wagner Wed, 24 Sep 2008 12:21:07 +0200 policyd-weight (0.1.14.17-10) experimental; urgency=low * add support for IPv6 Helo and RBL checks (Closes: #483864). * depend on libnet-ip-perl -- Jan Wagner Wed, 24 Sep 2008 12:18:08 +0200 policyd-weight (0.1.14.17-4) unstable; urgency=low * Remove list.dsbl.org from default DNSBL list (Closes: #498037). * Leave hint about blocking lists in README.Debian -- Jan Wagner Sun, 07 Sep 2008 13:49:39 +0200 policyd-weight (0.1.14.17-3) unstable; urgency=low * Updating standards version to 3.8.0, no changes needed * implement machine-interpretable copyright file -- Jan Wagner Sun, 20 Jul 2008 13:34:54 +0200 policyd-weight (0.1.14.17-2) unstable; urgency=low * add conditional deluser and delgroup in postrm * bump copyright of packaging to 2008 and remove trailing whitespaces * add CVE into the changelog entries -- Jan Wagner Mon, 14 Apr 2008 23:28:12 +0200 policyd-weight (0.1.14.17-1) unstable; urgency=high * new upstream release - fixes insecure temporary file vulnerability, previous releases doesn't really does (CVE-2008-1570) * adjust initscript to return 0 on exit when using stop target and daemon isn't running anymore (Closes: #473225). * add dpatch infrastructure to package (depency to dpatch and adjusted rules) * add 01_change_lockpath.dpatch to use proper location for lockpath to prevent security mess with permissions in unsecure directory -- Jan Wagner Sun, 30 Mar 2008 01:10:45 +0100 policyd-weight (0.1.14.15-1) unstable; urgency=high * new upstream release - fixes insecure temporary file vulnerability (CVE-2008-1569) -- Jan Wagner Wed, 26 Mar 2008 01:58:34 +0100 policyd-weight (0.1.14.14-2) unstable; urgency=medium * remove c&p fault from postrm which causes accidently remove files not related to this package -- Jan Wagner Wed, 12 Mar 2008 00:37:24 +0100 policyd-weight (0.1.14.14-1) unstable; urgency=low * new upstream (Closes: #451358). * remove patches, we are on upstream tarball again * remove dpatch as builddep and from rules * added Vcs- fields, moved Homepage into source header's field * bump standards version to 3.7.3 * include cstop/crestart into init script for stoping cache instance (Closes: #461124). -- Jan Wagner Thu, 14 Feb 2008 20:01:13 +0100 policyd-weight (0.1.14.5+0.1.14.12-1) experimental; urgency=low * switch to recent development version to get more up to date checks * include and depend on dpatch * this version provides a workaround for #451358 (Closes: #451358). -- Jan Wagner Mon, 16 Jul 2007 10:13:21 +0200 policyd-weight (0.1.14.5-1) unstable; urgency=low * switch to recent development version to get more up to date checks * drop ordb patch, included into upstream -- Jan Wagner Mon, 16 Jul 2007 10:13:21 +0200 policyd-weight (0.1.14-beta-6) unstable; urgency=medium * fix upgrade path for initscript * changed init scripts to 19 21 to make shure postfix is not running when polw not -- Jan Wagner Wed, 20 Dec 2006 19:55:38 +0100 policyd-weight (0.1.14-beta-5) unstable; urgency=medium * add remove_ordb.diff to remove ORDB DNSBL from default config since they got offline today -- Jan Wagner Mon, 18 Dec 2006 00:05:29 +0100 policyd-weight (0.1.14-beta-4) unstable; urgency=medium * fix startup script S20, so make polw start before postfix * provide update path via postinst -- Jan Wagner Sun, 17 Dec 2006 14:19:46 +0100 policyd-weight (0.1.14-beta-3) unstable; urgency=medium * fixed attributes of system user (Closes: #402314). -- Jan Wagner Fri, 24 Nov 2006 21:55:27 +0100 policyd-weight (0.1.14-beta-2) unstable; urgency=medium * removed libsys-syslog-perl from Depencies and add to Recommends * fixed watch file -- Jan Wagner Sun, 12 Nov 2006 22:17:36 +0100 policyd-weight (0.1.14-beta-1) unstable; urgency=low * Initial release (Closes: #397704). -- Jan Wagner Wed, 8 Nov 2006 22:44:24 +0100 debian/docs0000644000000000000000000000003312251100263010025 0ustar documentation.txt todo.txt debian/postrm0000644000000000000000000000242312251100263010426 0ustar #!/bin/sh # based on arpwatch.postrm: v2 2004/09/15 KELEMEN Peter # postrm: v1 2006/10/12 Jan Wagner NUSER="polw" NGROUP="polw" set -e case "$1" in purge) # find first and last SYSTEM_UID numbers for LINE in `grep SYSTEM_UID /etc/adduser.conf | grep -v "^#"`; do case $LINE in FIRST_SYSTEM_UID*) FIST_SYSTEM_UID=`echo $LINE | cut -f2 -d '='` ;; LAST_SYSTEM_UID*) LAST_SYSTEM_UID=`echo $LINE | cut -f2 -d '='` ;; *) ;; esac done # remove system account if necessary if [ -n "$FIST_SYSTEM_UID" ] && [ -n "$LAST_SYSTEM_UID" ]; then if USERID=`getent passwd $NUSER | cut -f 3 -d ':'`; then if [ -n "$USERID" ]; then if [ "$FIST_SYSTEM_UID" -le "$USERID" ] && \ [ "$USERID" -le "$LAST_SYSTEM_UID" ] && \ [ -x /usr/sbin/deluser ]; then deluser --quiet $NUSER || true # And then remove the group GROUPID=`getent group $NGROUP | cut -f 3 -d ':'` if [ -n "$GROUPID" ] && [ -x /usr/sbin/delgroup ] ; then delgroup --quiet $NGROUP || true fi fi fi fi fi ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 ;; esac #DEBHELPER# debian/source/0000755000000000000000000000000012251100263010456 5ustar debian/source/format0000644000000000000000000000001412251100263011664 0ustar 3.0 (quilt) debian/watch0000644000000000000000000000011612251100263010205 0ustar version=3 http://www.policyd-weight.org/releases/policyd-weight-(.*)\.tar\.gz debian/compat0000644000000000000000000000000212251100263010354 0ustar 7 debian/copyright0000644000000000000000000000225712251100263011117 0ustar Format: http://anonscm.debian.org/viewvc/dep/web/deps/dep5.mdwn?revision=240 Upstream-Name: policyd-weight Source: http://www.policyd-weight.org Files: * Copyright: (C) 2005-2010 Robert Felber License: GPL-2+ Files: debian/* Copyright: (C) 2006, 2008 Jan Wagner (C) 2012, Werner Detter License: GPL-2+ License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA . On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL-2 file. debian/rules0000755000000000000000000000155212251100263010241 0ustar #!/usr/bin/make -f # written by Jan Wagner # # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 clean: dh_testdir dh_testroot dh_clean install: build dh_testdir dh_testroot dh_prep dh_installdirs install -D -m 644 policyd-weight debian/policyd-weight/usr/sbin/policyd-weight # Build architecture-independent files here. binary-indep: build install dh_testdir dh_testroot dh_installchangelogs changes.txt dh_installdocs dh_installinit -- defaults 19 21 dh_installman man/man5/policyd-weight.conf.5 man/man8/policyd-weight.8 dh_link dh_compress dh_fixperms dh_perl dh_installdeb dh_gencontrol dh_md5sums dh_builddeb # Build architecture-dependent files here. build-arch: build build-indep: build binary-arch: build install binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install debian/postinst0000644000000000000000000000210612251100263010763 0ustar #!/bin/sh # based on arpwatch.postinst: v11 2004/09/15 KELEMEN Peter # postinst: v1 2006/01/12 Jan Wagner set -e NUSER="polw" NGROUP="polw" NHOME="/var/lib/$NUSER" NGECOS="policy-weight user" case "$1" in configure) # Take care of group. if NGROUP_ENTRY=`getent group $NGROUP`; then # group exists : else # group does not exist yet addgroup --quiet --system $NGROUP fi # Take care of user. if NUSER_ENTRY=`getent passwd $NUSER`; then # user exists adduser --quiet $NUSER $NGROUP else # user does not exist yet adduser --quiet --system \ --ingroup $NGROUP \ --gecos "$NGECOS" \ --home $NHOME \ --no-create-home \ --shell /bin/sh \ --disabled-login \ --disabled-password \ --shell /bin/false \ $NUSER fi # Set up home directory. if [ -d $NHOME ]; then chown -R ${NUSER}:${NGROUP} $NHOME chmod -R o-rwX $NHOME fi ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac #DEBHELPER# debian/default0000644000000000000000000000121212251100263010521 0ustar ## This is a POSIX shell fragment sourced by /etc/init.d/policyd-weight ## variable: DAEMON_OPTS ## daemon options to policyd-weight, possible options: ## ## Options ## -D Don't detach master - run master in foreground ## -d Debug, don't daemonize, log to STDOUT ## -f /path/to/file Specify a configuration file ## -h This help ## -k Kill cache instance ## -s Show cache entries and exit. With -d show debug ## cache entries ## -v Show version and exit ## ## default: unset # DAEMON_OPTS="" debian/patches/0000755000000000000000000000000012253351274010621 5ustar debian/patches/06_del_non_func_ipv6_dnsbl.patch0000644000000000000000000000115712251100263016716 0ustar Description: removes non function DNSBL rbl.ipv6-world.net from policyd-weight source Author: Werner Detter DEP: 3 Bug-Debian: http://bugs.debian.org/641227 --- a/policyd-weight +++ b/policyd-weight @@ -376,7 +376,6 @@ 'bl.spamcop.net', 3.75, -1.5, 'SPAMCOP', 'dnsbl.njabl.org', 4.25, -1.5, 'BL_NJABL', 'ix.dnsbl.manitu.net', 4.35, 0, 'IX_MANITU' - #'rbl.ipv6-world.net', 4.25, 0, 'IPv6_RBL' #don't use, kept for testing failures! ); my $MAXDNSBLHITS = 2; # If Client IP is listed in MORE debian/patches/07_del_rfc-ignorant.org.patch0000644000000000000000000000140112251100263016133 0ustar Description: removes DNSBL dsn.rfc-ignorant.org, postmaster.rfc-ignorant.org, abuse.rfc-ignorant.org from policyd-weight source Author: Werner Detter DEP: 3 --- a/policyd-weight +++ b/policyd-weight @@ -391,10 +391,7 @@ ## RHSBL settings my @rhsbl_score = ( 'multi.surbl.org', 4, 0, 'SURBL', - 'rhsbl.ahbl.org', 4, 0, 'AHBL', - 'dsn.rfc-ignorant.org', 3.5, 0, 'DSN_RFCI', - 'postmaster.rfc-ignorant.org', 0.1, 0, 'PM_RFCI', - 'abuse.rfc-ignorant.org', 0.1, 0, 'ABUSE_RFCI' + 'rhsbl.ahbl.org', 4, 0, 'AHBL' ); my $BL_ERROR_SKIP = 2; # skip a RBL if this RBL had this many continuous debian/patches/series0000644000000000000000000000037012251100277012027 0ustar 01_change_lockpath.patch 02_cacherejectmsg.patch 03_fix_perl_warnings.patch 04_fix_spelling_man.patch 05_fix_issuing_group.patch 06_del_non_func_ipv6_dnsbl.patch 07_del_rfc-ignorant.org.patch 08_del_dnsbl.njabl.org.patch 09_fix_net_dns_usage.patch debian/patches/03_fix_perl_warnings.patch0000644000000000000000000000352112251100263015651 0ustar Description: fixes perl warnings in debug mode Origin: Heiko Schlittermann Author: Werner Detter DEP: 3 Bug-Debian: http://bugs.debian.org/641544 --- a/policyd-weight +++ b/policyd-weight @@ -582,7 +582,7 @@ my $my_PTIME; my $my_TEMP_PTIME; -if(!($conf)) +if(not defined $conf) { if( -f "/etc/policyd-weight.conf") { @@ -605,7 +605,7 @@ my $conf_err; my $conf_str; our $old_mtime; -if($conf ne "") +if(defined $conf) { if(sprintf("%04o",(stat($conf))[2]) !~ /(7|6|3|2)$/) { @@ -652,8 +652,12 @@ if($CMD_DEBUG == 1) { $DEBUG = 1; - $conf_str =~ s/\#.*?(\n)/$1/gs; - $conf_str =~ s/\n+/\n/g; + if (defined $conf_str) { + $conf_str =~ s/\#.*?(\n)/$1/gs; + $conf_str =~ s/\n+/\n/g; + } + else { $conf_str = "" } + print "config: $conf\n".$conf_str."\n"; $SPATH .= ".debug"; @@ -2282,7 +2286,7 @@ ## HELO numeric check ######################################################### - my $glob_numeric_score; + my $glob_numeric_score = 0; # check /1.2.3.4/ and /[1.2.3.4]/ if($helo =~ /^[\d|\[][\d\.]+[\d|\]]$/) { @@ -2844,7 +2848,7 @@ my $sender = shift(@_) || ''; my $domain = shift(@_) || ''; - $! = ''; + $! = undef; $@ = (); if( (!($csock)) || ($csock && (!($csock->connected))) ) { @@ -2972,7 +2976,7 @@ die $!; } - if(!( $( = getpwnam($USER) )) + if(!( $( = getgrnam($GROUP) )) { mylog(warning=>"cache: couldn't change GID to user $GROUP: $!"); } @@ -3842,7 +3846,7 @@ my $helo = shift; my $ip = shift; - if($$helo !~ /^\[(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\]$/ ) { return } + if($$helo !~ /^\[(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\]$/ ) { return 0 } my $tmp_helo_ip = $1; my $tmpip = inet_aton( $tmp_helo_ip ); debian/patches/05_fix_issuing_group.patch0000644000000000000000000000121612251100263015675 0ustar Description: The debug code should print the name of the issuing group. this fix uses the correct function for mapping a group id into a group name (getgrgid() instead of getpwuid() Origin: Heiko Schlittermann Author: Werner Detter DEP: 3 Bug-Debian: http://bugs.debian.org/641538 --- a/policyd-weight +++ b/policyd-weight @@ -677,7 +677,7 @@ print "debug: USER: $USER\n"; print "debug: GROUP: $GROUP\n"; print "debug: issuing user: ".getpwuid($<)."\n"; - print "debug: issuing group: ".getpwuid($()."\n"; + print "debug: issuing group: ".getgrgid($()."\n"; } $conf_str = ""; debian/patches/02_cacherejectmsg.patch0000644000000000000000000000206412251100263015100 0ustar Description: enables more verbose reject message on cache hit Origin: Martin F. Krafft Author: Jan Wagner DEP: 3 Bug-Debian: http://bugs.debian.org/598844 --- a/policyd-weight +++ b/policyd-weight @@ -320,7 +320,7 @@ my $DEBUG = 0; # 1 or 0 - don't comment -my $REJECTMSG = "550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs"; +my $REJECTMSG = "550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs"; my $REJECTLEVEL = 1; # Mails with scores which exceed this # REJECTLEVEL will be rejected @@ -426,7 +426,7 @@ my $CACHEMAXSIZE = 4000; # at this number of entries cleanup takes place -my $CACHEREJECTMSG = '550 temporarily blocked because of previous errors'; +my $CACHEREJECTMSG = $REJECTMSG . " [cached]"; my $NTTL = 1; # after NTTL retries the cache entry is deleted debian/patches/09_fix_net_dns_usage.patch0000644000000000000000000000130612253351274015636 0ustar Description: fixes perl warnings in debug mode Origin: Alexandre Vaissiere Author: Werner Detter DEP: 3 Bug-Debian: http://bugs.debian.org/726670 --- a/policyd-weight +++ b/policyd-weight @@ -892,12 +892,12 @@ # watch the version string, I'm afraid that they change to x.x.x notation -if(Net::DNS->version() >= 0.50) +if(Net::DNS->version() >= 0.50 && Net::DNS->version() <= 0.53) { $res->force_v4(1); # force ipv4 usage, autodetection is broken till # Net::DNS 0.53 } -else +if(Net::DNS->version() < 0.50) { $res->igntc(1); # ignore truncated packets if Net-DNS version is # lower than 0.50 debian/patches/01_change_lockpath.patch0000644000000000000000000000120412251100263015235 0ustar Description: use proper location for lockpath to prevent security mess with permissions in unsecure directory Origin: old upstream version Author: Jan Wagner DEP: 3 --- a/policyd-weight +++ b/policyd-weight @@ -404,7 +404,7 @@ my $BL_SKIP_RELEASE = 10; # skip a RBL for that many times ## cache stuff -my $LOCKPATH = '/tmp/.policyd-weight/'; # must be a directory (add +my $LOCKPATH = '/var/run/policyd-weight/'; # must be a directory (add # trailing slash) my $SPATH = $LOCKPATH.'/polw.sock'; # socket path for the cache debian/patches/04_fix_spelling_man.patch0000644000000000000000000000451312251100263015452 0ustar Description: this patch fixes some spelling errors in the manpages Author: Werner Detter DEP: 3 --- a/man/man5/policyd-weight.conf.5 +++ b/man/man5/policyd-weight.conf.5 @@ -91,7 +91,7 @@ .ad .fi .IP "\fB$MAINTENANCE_LEVEL\fR (default: 5)" -After that many policy requests the cache (and in daemon mode childs) +After that many policy requests the cache (and in daemon mode child processes) checks for configuration file changes .IP "\fB$MAXIDLECACHE\fR (default: 60)" @@ -160,7 +160,7 @@ Process limit on how many processes policyd-weight will spawn (daemon mode) .IP "\fB$MIN_PROC\fR (default: 2)" -Minimum childs which are kept alive in idle times (daemon mode) +Minimum child processes which are kept alive in idle times (daemon mode) .IP "\fB$PUDP\fR (default: 0)" .br @@ -304,9 +304,9 @@ @dnsbl_score = ( "dynablock.njabl.org", 3.25, 0, "DYN_NJABL", - "dnsbl.njabl.org", 4.25, -1.5, "BL_NJABL", - "bl.spamcop.net", 1.75, -1.5, "SPAMCOP", - "sbl-xbl.spamhaus.org", 4.35, -1.5, "SBL_XBL_SPAMHAUS", + "dnsbl.njabl.org", 4.25, \-1.5, "BL_NJABL", + "bl.spamcop.net", 1.75, \-1.5, "SPAMCOP", + "sbl-xbl.spamhaus.org", 4.35, \-1.5, "SBL_XBL_SPAMHAUS", "list.dsbl.org", 4.35, 0, "DSBL_ORG", "ix.dnsbl.manitu.net", 4.35, 0, "IX_MANITU", "relays.ordb.org", 3.25, 0, "ORDB_ORG" @@ -315,7 +315,7 @@ .IP "\fB@rhsbl_score\fR (default: see below)" Define a list of RHSBL host which are queried for the sender domain. Results -get additionaly scores of 0.5 * DNSBL results and \fB@rhsbl_penalty_score\fR. +get additionally scores of 0.5 * DNSBL results and \fB@rhsbl_penalty_score\fR. A list of RHSBL hosts to be queried must be build as follows: .br --- a/man/man8/policyd-weight.8 +++ b/man/man8/policyd-weight.8 @@ -31,7 +31,7 @@ Policyd-weight can operate in master.cf \fBor\fR daemon mode. In master.cf mode it uses postfix' \fBspawn\fR(8), which results in number of simultanous requests perl instances. In daemon mode it uses shared memory and forks on -load, and only if all childs are busy. +load, and only if all child processes are busy. At the time of writing the man-pages for policyd-weight assume a postfix installation. It has been reported that policyd-weight works with other MTAs debian/patches/08_del_dnsbl.njabl.org.patch0000644000000000000000000000104612251100263015737 0ustar Description: removes DNSBL dnsbl.njabl.org from policyd-weight source Author: Werner Detter DEP: 3 --- a/policyd-weight +++ b/policyd-weight @@ -374,7 +374,6 @@ 'pbl.spamhaus.org', 3.25, 0, 'DYN_PBL_SPAMHAUS', 'sbl-xbl.spamhaus.org', 4.35, -1.5, 'SBL_XBL_SPAMHAUS', 'bl.spamcop.net', 3.75, -1.5, 'SPAMCOP', - 'dnsbl.njabl.org', 4.25, -1.5, 'BL_NJABL', 'ix.dnsbl.manitu.net', 4.35, 0, 'IX_MANITU' ); debian/control0000644000000000000000000000163012251100263010561 0ustar Source: policyd-weight Section: mail Priority: optional Maintainer: Werner Detter Build-Depends: debhelper (>= 7) Homepage: http://www.policyd-weight.org/ Standards-Version: 3.9.5 Package: policyd-weight Architecture: all Depends: ${perl:Depends}, ${misc:Depends}, adduser, lsb-base, libnet-dns-perl, libnet-ip-perl, libio-socket-inet6-perl Recommends: libsys-syslog-perl Description: Perl policy daemon for the Postfix MTA policyd-weight is intended to eliminate forged envelope senders and HELOs (i.e. in bogus mails). It allows you to score DNSBLs (RBL/RHSBL), HELO, MAIL FROM and client IP addresses before any queuing is done. It allows you to REJECT messages which have a score higher than allowed, providing improved blocking of spam and virus mails. policyd-weight caches the most frequent client/sender combinations (SPAM as well as HAM) to reduce the number of DNS queries. debian/init.d0000644000000000000000000000542012251100702010265 0ustar #! /bin/sh # # policyd-weight start/stop the policyd-weight deamon for postfix # (priority should be smaller than that of postfix) # # Author: (c) 2012 Werner Detter # ### BEGIN INIT INFO # Provides: policyd-weight # Required-Start: $local_fs $network $remote_fs $syslog # Required-Stop: $local_fs $network $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: start and stop the policyd-weight daemon # Description: Perl policy daemon for the Postfix MTA ### END INIT INFO set -e PATH=/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/sbin/policyd-weight NAME=policyd-weight DESC="policyd-weight" PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME # Gracefully exit if the package has been removed. test -x $DAEMON || exit 0 . /lib/lsb/init-functions # Read config file if it is present. if [ -r /etc/default/$NAME ] then . /etc/default/$NAME fi ret=0 case "$1" in start) log_daemon_msg "Starting $DESC" "$NAME" if start-stop-daemon --start --oknodo --quiet \ --pidfile $PIDFILE --name $NAME \ --exec $DAEMON start -- $DAEMON_OPTS then log_end_msg 0 else ret=$? log_end_msg 1 fi ;; stop) log_daemon_msg "Stopping $DESC (incl. cache)" "$NAME" if $DAEMON -k && start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE && rm -f $PIDFILE then log_end_msg 0 else ret=$? log_end_msg 1 fi ;; dstop) log_daemon_msg "Stopping $DESC (without cache)" "$NAME" if start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE && rm -f $PIDFILE then log_end_msg 0 else ret=$? log_end_msg 1 fi ;; reload|force-reload) log_daemon_msg "Reloading $DESC configuration files" "$NAME" if $DAEMON $DAEMON_OPTS reload > /dev/null 2>&1 then log_end_msg 0 else log_end_msg 1 ret=$? fi ;; restart) log_daemon_msg "Restarting $DESC configuration (incl. cache)" "$NAME" if $DAEMON -k && start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE \ && rm -f $PIDFILE \ && start-stop-daemon --start --oknodo --quiet \ --pidfile $PIDFILE --name $NAME \ --exec $DAEMON start -- $DAEMON_OPTS then log_end_msg 0 else ret=$? log_end_msg 1 fi ;; drestart) log_daemon_msg "Restarting $DESC configuration (without cache)" "$NAME" if $DAEMON $DAEMON_OPTS restart > /dev/null 2>&1 then log_end_msg 0 else ret=$? log_end_msg 1 fi ;; status) ;; *) N=/etc/init.d/$NAME echo "Usage: $N {start|stop|dstop|reload|force-reload|restart|drestart}" >&2 exit 1 ;; esac exit $ret