debian/0000775000000000000000000000000011663375267007210 5ustar debian/copyright0000664000000000000000000000133610425711616011131 0ustar This is the Debian postfix-gld package, which contains the gld program. gld was written by Salim Gasmi This package was first put together by Santiago Vila , who currently maintains it. The source for this release was downloaded from: http://www.gasmi.net/down/gld-1.7.tgz A small modification has been made to server.c so that it does s/\+.*@/@/ on the sender, to deal with some VERP addresses used by some mailing list managers. gld is Copyright 2004 Salim Gasmi, it may be redistributed and/or modified under the terms of the GNU General Public License, version 2. On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL'. debian/gld.80000664000000000000000000000072410425702304010027 0ustar .TH GLD 8 "June 2004" .SH NAME gld \- GreyListing Daemon for postfix .SH SYNOPSIS .B gld [-c |-h|-v] .SH DESCRIPTION .B gld is a policy daemon for postfix 2.1 or higher. It's written in C and uses MySQL for the database stuff. .SH OPTIONS .IP -c clean the database for entries older than days .IP -v display version .IP -h display Usage .SH FILES .I /etc/gld.conf .RS Configuration file. .SH "SEE ALSO" Please read /usr/share/doc/postfix-gld/README.Debian. debian/conffiles0000664000000000000000000000013111362702420011053 0ustar /etc/gld.conf /etc/init.d/gld /etc/default/gld /etc/logcheck/ignore.d.server/postfix-gld debian/logcheck0000664000000000000000000000023711362702104010670 0ustar ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gld: Greylist activated for recipient=<[[:alnum:]@._-]+> sender=<[[:alnum:]@._-]+> ip=<([0-9.]{7,15}|[0-9a-fA-F:.]{4,39})>$ debian/changelog0000664000000000000000000001025711663375267011067 0ustar postfix-gld (1.7-3build1) precise; urgency=low * Rebuild for libmysqlclient transition -- Clint Byrum Thu, 24 Nov 2011 00:05:11 -0800 postfix-gld (1.7-3) unstable; urgency=low * Added homepage field to control file. * Changed build-depends to libmysqlclient-dev. * Switch to 3.0 (quilt) source format, 6 patches. * Use strip, not "install -s", to make lintian happy. * Added logcheck filter. Thanks to Tim Small. Closes: #431835. -- Santiago Vila Mon, 19 Apr 2010 01:09:52 +0200 postfix-gld (1.7-2) unstable; urgency=low * Updated README.Debian for the mysql packages in lenny. * Updated postgresql.diff for the postgresql packages in lenny. * Changed postfix and mysql-server from Suggests to Recommends. * Added LSB formatted dependency on postfix and mysql to init script. Change to suit your needs if any of those is on another machine. Closes: #294053, #468135. -- Santiago Vila Wed, 2 Apr 2008 16:18:50 +0200 postfix-gld (1.7-1) unstable; urgency=low * New upstream release. * The KEEPDBOPEN option does not exist anymore (Closes: #358909). * Updated postgresql.diff in the source to current PostgreSQL. * Added section in README.Debian about database cleanup. -- Santiago Vila Tue, 2 May 2006 19:15:18 +0200 postfix-gld (1.6-2) unstable; urgency=low * Changed Build-Depends to libmysqlclient15-dev (Closes: #343797). * Added dependency on adduser, required by postinst. -- Santiago Vila Thu, 22 Dec 2005 18:05:44 +0100 postfix-gld (1.6-1) unstable; urgency=low * New upstream release. The lightgreydomain feature is not supported anymore. Please use the new mxgrey algorithm instead. * Changed Build-Depends to libmysqlclient14-dev (Closes: #324398). -- Santiago Vila Wed, 28 Sep 2005 17:05:54 +0200 postfix-gld (1.5.2-2) unstable; urgency=medium * Changed README.Debian to document how to solve a timeout problem. Thanks to Nils Gundelach for the report (Closes: #307823). -- Santiago Vila Fri, 3 Jun 2005 16:52:02 +0200 postfix-gld (1.5.2-1) unstable; urgency=medium * New upstream release, MXGREY should work now (Closes: #305386). * Added debian/postgresql.diff to the source package. Read it if you wish to use PostgreSQL instead of MySQL. -- Santiago Vila Thu, 21 Apr 2005 18:44:22 +0200 postfix-gld (1.5-1) unstable; urgency=high * New upstream release, fixes lots of security bugs (Closes: #304390). * Default gld.conf explains how to change return code (Closes: #293829). Be careful with this, most people do greylisting with defer_if_permit. * Default is now LOOPBACKONLY=1. Use LOOPBACKONLY=0 only if you need it (i.e. postfix and gld running in different machines). * Updated table-whitelist.sql (Closes: #293824). * Clarified README.Debian (Closes: #302267). -- Santiago Vila Wed, 13 Apr 2005 23:05:36 +0200 postfix-gld (1.4-2) unstable; urgency=low * Changed Build-Depends to libmysqlclient12-dev to prevent potential FTBFS problem, as there is no libmysqlclient-dev in sarge anymore. -- Santiago Vila Tue, 25 Jan 2005 20:18:56 +0100 postfix-gld (1.4-1) unstable; urgency=low * New upstream release. It allows the daemon to run under a user and group other than root (Closes: #264803). * Modified postinst and default gld.conf so that postfix-gld is used as the user and group. -- Santiago Vila Wed, 25 Aug 2004 12:11:36 +0200 postfix-gld (1.3.1-1) unstable; urgency=low * New upstream release. - Should not have buffer overruns (Closes: #264770). - Should not allow SQL injection (Closes: #264773). * Minor changes to the init script. -- Santiago Vila Mon, 16 Aug 2004 18:06:50 +0200 postfix-gld (1.3-1) unstable; urgency=low * New upstream release, includes new whitelist entry (Closes: #259058). -- Santiago Vila Tue, 20 Jul 2004 18:12:02 +0200 postfix-gld (1.2-1) unstable; urgency=low * Initial release (Closes: #257490). -- Santiago Vila Tue, 6 Jul 2004 01:33:10 +0200 debian/control0000664000000000000000000000107011362707034010574 0ustar Source: postfix-gld Section: mail Priority: optional Maintainer: Santiago Vila Standards-Version: 3.8.4 Build-Depends: libmysqlclient-dev Homepage: http://www.gasmi.net/gld.html Package: postfix-gld Architecture: any Depends: ${shlibs:Depends}, psmisc, adduser Recommends: postfix (>= 2.1), mysql-server Description: greylisting daemon for postfix, written in C, uses MySQL gld stands for GreyList Daemon. gld is a standalone policy delegation server for postfix that implements the greylist algorithm as defined at http://www.greylisting.org debian/source/0000775000000000000000000000000011362600346010471 5ustar debian/source/format0000664000000000000000000000001411362600346011677 0ustar 3.0 (quilt) debian/default0000664000000000000000000000001210425702304010525 0ustar ENABLED=0 debian/README.Debian0000664000000000000000000001140311362704442011233 0ustar gld for Debian ============== gld stands for GreyList Daemon. gld is a standalone policy delegation server for postfix that implements the greylist algorithm as defined at http://www.greylisting.org It's written in C and uses MySQL for the database stuff. Requirements: ------------ postfix >= 2.1 mysql-server It is possible to have postfix, mysql-server and this daemon all running on different machines, so this package does not have a Depends on postfix or mysql-server (only a Suggests). For simplicity, this document assumes they are all on the same machine. Configuration: ------------- * Make sure mysql-server starts on boot. Otherwise gld will not start, and postfix will not receive any mail. In doubt: dpkg-reconfigure mysql-server-5.0 * Make sure mysql-server has a priority of 18 or lower in the boot scripts. The default is 20, which is the same as postfix. gld has 19, so you will have to lower the priority of mysql-server to 18 at least: update-rc.d -f mysql remove update-rc.d mysql defaults 18 Note: The new priority-based boot process in squeeze should make this step not required at all. * Choose a user, a password and a database name and put them in the /etc/gld.conf file at the very end. * Create the database with the chosen name, then create a user to access the database and give it the password in the previous step. Assuming that you didn't change the defaults in /etc/gld.conf, you can easily do this from a mysql shell by doing this: CREATE DATABASE gld; GRANT ALL PRIVILEGES ON gld.* TO gld@localhost IDENTIFIED BY 'gld'; USE gld; source /usr/share/gld/tables.mysql source /usr/share/gld/table-whitelist.sql * Edit /etc/default/gld so that it reads: ENABLED=1 Then gld will start automatically on boot. * Start gld and see if there are errors: invoke-rc.d gld start You should see something like this: Starting GreyListing Daemon: gld. * If everything was ok until this point, postfix will be ready to use gld. Edit /etc/postfix/main.cf and add a line like this: check_policy_service inet:127.0.0.1:2525 to the smtpd_recipient_restrictions variable, or any other variable which is appropriate for this. By default, the Debian postfix package does not define any variable which is suitable for this, so it is possible that you will have to add the definition yourself (not just "add" the check_policy_service line). In such case, you may copy the following example verbatim: smtpd_recipient_restrictions = reject_unauth_destination, check_policy_service inet:127.0.0.1:2525 It is very important that you have reject_unauth_destination first. In doubt, install the postfix-doc package and read the Postfix manual, for which this README.Debian is not meant to be a replacement. * After changing /etc/postfix/main.cf, reload postfix: postfix reload Database cleanup: ---------------- You might want to perform some cleanup of old entries automatically using a cron job (so that the database do not become polluted by spammers). Options -c and -k may help here. For example: #!/bin/sh set -e gld -c 90 gld -k 7 That would clean all database entries not updated in three months and entries with only one hit not updated in a week. Bugs: ---- start-stop-daemon is unable to start or kill gld appropriately. For this reason /etc/init.d/gld does not use start-stop-daemon. Help will be appreciated to debug this. Features: -------- Some people have reported that postfix sometimes has timeout problems when talking with the gld daemon, the logs from postfix/smtpd are like this: warning: timeout on 127.0.0.1:2525 while reading input attribute name warning: problem talking to server 127.0.0.1:2525: Connection timed out This may be fixed by increasing the value of smtpd_policy_service_timeout in /etc/postfix/main.cf. The default value is 100s, so you might want to try something like this: smtpd_policy_service_timeout = 240s Security warnings: ----------------- * Make sure you have secured your MySQL installation. I usually do this just after installing mysql-server: use mysql; delete from user where user=''; delete from user where host != 'localhost'; update user set password=PASSWORD('somepassword') where user='root'; flush privileges; then create a file named $HOME/.my.cnf with mode 600 containing this: [mysql] user = root password = somepassword * By default, /etc/gld.conf is mode 644, which means every local user will have access to the gld database. If you don't like this, change the password and do chmod 640 /etc/gld.conf. * The default /etc/gld.conf says LOOPBACKONLY=1, which means gld will only accept connections from localhost. Use LOOPBACKONLY=0 only if you really need it, i.e. if your greylisting daemon is going to be used by a Postfix installed in another machine. Make sure the greylisting daemon may only be accessed by the machine running Postfix. debian/rules0000775000000000000000000000365111362707350010261 0ustar #!/usr/bin/make -f package = postfix-gld docdir = debian/tmp/usr/share/doc/$(package) DATABASE = mysql CC = gcc CFLAGS = -g -Wall STRIP = true ifeq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) CFLAGS += -O2 endif ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) STRIP = strip --remove-section=.comment --remove-section=.note endif build: ./configure --prefix=/usr --with-$(DATABASE) $(MAKE) CC="$(CC)" CFLAGS="$(CFLAGS)" touch build clean: rm -f build [ ! -f Makefile ] || $(MAKE) distclean rm -f `find . -name "*~"` rm -rf debian/tmp debian/files* core debian/substvars binary-indep: build binary-arch: build rm -rf debian/tmp install -d debian/tmp/DEBIAN $(docdir) cd debian/tmp && install -d etc/init.d usr/sbin usr/share/gld \ etc/default usr/share/man/man8 etc/logcheck/ignore.d.server install -m 755 gld debian/tmp/usr/sbin install -m 644 debian/logcheck \ debian/tmp/etc/logcheck/ignore.d.server/postfix-gld install -m 644 gld.conf debian/tmp/etc install -m 755 debian/gld.init debian/tmp/etc/init.d/gld install -m 644 debian/conffiles debian/tmp/DEBIAN install -m 755 debian/prerm debian/postinst debian/postrm \ debian/tmp/DEBIAN cp -p debian/default debian/tmp/etc/default/gld cp -p tables.$(DATABASE) debian/tmp/usr/share/gld cp -p table-whitelist.sql debian/tmp/usr/share/gld ifeq ($(DATABASE),pgsql) cp -p README-pgsql $(docdir) endif install -m 644 debian/gld.8 debian/tmp/usr/share/man/man8 cp -p debian/changelog $(docdir)/changelog.Debian cp -p HISTORY README debian/README.Debian $(docdir) cp -p debian/copyright $(docdir) cd $(docdir) && gzip -9 HISTORY changelog.Debian ln -s HISTORY.gz $(docdir)/changelog.gz gzip -r9 debian/tmp/usr/share/man $(STRIP) debian/tmp/usr/sbin/* dpkg-shlibdeps debian/tmp/usr/sbin/* dpkg-gencontrol chown -R 0:0 debian/tmp chmod -R go=rX debian/tmp dpkg --build debian/tmp .. binary: binary-indep binary-arch .PHONY: binary binary-arch binary-indep clean debian/postinst0000664000000000000000000000043610425702304010776 0ustar #!/bin/sh set -e if [ "$1" = "configure" ]; then if ! getent passwd postfix-gld >/dev/null; then adduser --quiet --system --group --home / --no-create-home postfix-gld fi fi if [ -x "/etc/init.d/gld" ]; then update-rc.d gld defaults 19 > /dev/null invoke-rc.d gld start fi debian/patches/0000775000000000000000000000000011362701375010624 5ustar debian/patches/series0000664000000000000000000000002211362701416012027 0ustar 01 02 03 04 05 06 debian/patches/040000664000000000000000000000073111362701413010764 0ustar From: Santiago Vila Subject: The user under which the deaemon runs --- a/gld.conf +++ b/gld.conf @@ -24,13 +24,13 @@ # The user used to run gld (default value is no user change) # comment the line to deactivate it. # -USER=nobody +USER=postfix-gld # # The group used to run gld (default value is no group change) # comment the line to deactivate it. # -GROUP=nobody +GROUP=postfix-gld # # Maximum simultaneous connexions (default is 100) debian/patches/020000664000000000000000000000120311362701411010753 0ustar From: Santiago Vila Subject: Deal with some VERP addresses used by some mailing list managers --- a/server.c +++ b/server.c @@ -193,6 +193,8 @@ char sender[BLEN]; char recipient[BLEN]; char ip[BLEN]; +char *plus; +char *at; int n; long ts; int pid; @@ -306,6 +308,9 @@ if(sender[0]==0) strcpy(sender,"void@void"); +if((plus=strchr(sender, '+')) && (at=strchr(sender, '@')) && at-plus > 0) + while (*plus++ = *at++); + if(strcmp(request,REQ)!=0 || recipient[0]==0 || ip[0]==0) { snprintf(buff,sizeof(buff)-1,"Received invalid data req=(%s) sender=(%s) recipient=(%s) ip=(%s)",request,sender,recipient,ip); debian/patches/030000664000000000000000000000124511362701412010763 0ustar From: Santiago Vila Subject: Default values for SQLHOST, SQLUSER, SQLPASSWD and SQLDB --- a/gld.conf +++ b/gld.conf @@ -139,7 +139,7 @@ # Be also warned that if you set a custom code, gld will no use defer_if_permit anymore # but direct supplied code to postfix . # -MESSAGE=Greylisting in action, please try later +MESSAGE=Service temporarily unavailable, please try later # # Training mode activated ? (0=No,1=Yes) (default is 0) @@ -153,7 +153,7 @@ # # SQL INFOS (defaults are localhost,myuser,mypasswd,mydb) # -SQLHOST=XXXXXXXXX -SQLUSER=XXXXXXXX -SQLPASSWD=XXXXXXX -SQLDB=XXXXXXXX +SQLHOST=localhost +SQLUSER=gld +SQLPASSWD=gld +SQLDB=gld debian/patches/010000664000000000000000000000171711362701410010763 0ustar From: Santiago Vila Subject: Changed Makefile.in to support DEB_BUILD_OPTIONS --- a/Makefile.in +++ b/Makefile.in @@ -1,23 +1,24 @@ all: gld +CFLAGS = -O2 -Wall + gld: cnf.o server.o sql.o sockets.o greylist.o gld.h - @CC@ -O2 @DEFS@ -Wall server.o sql.o sockets.o cnf.o greylist.o @LIBS@ @SQL_LIBS@ -o gld - strip gld + @CC@ $(CFLAGS) @DEFS@ server.o sql.o sockets.o cnf.o greylist.o @LIBS@ @SQL_LIBS@ -o gld sockets.o: sockets.c sockets.h - @CC@ -O2 @DEFS@ -Wall -c sockets.c + @CC@ $(CFLAGS) @DEFS@ -c sockets.c cnf.o: cnf.c gld.h - @CC@ -O2 @DEFS@ -Wall -c cnf.c + @CC@ $(CFLAGS) @DEFS@ -c cnf.c greylist.o: greylist.c gld.h - @CC@ -O2 @DEFS@ -Wall -c greylist.c + @CC@ $(CFLAGS) @DEFS@ -c greylist.c server.o: server.c gld.h - @CC@ -O2 @DEFS@ -Wall -c server.c + @CC@ $(CFLAGS) @DEFS@ -c server.c sql.o: sql.c - @CC@ -O2 @DEFS@ @SQL_CFLAGS@ -Wall -c sql.c + @CC@ $(CFLAGS) @DEFS@ @SQL_CFLAGS@ -c sql.c clean: rm -f gld *.o debian/patches/060000664000000000000000000000266311362701415010776 0ustar From: Santiago Vila Subject: Use correct prefix when using PostgreSQL --- a/configure +++ b/configure @@ -20,7 +20,7 @@ ac_help="$ac_help --with-pgsql=DIR Set root of PostgreSQL distribution. Should contain include/postgresql/libpq-fe.h and - lib/libpq.so [default=/usr/local]. + lib/libpq.so [default=/usr]. Cannot be used at the same time as --with-mysql." # Initialize some variables set by options. @@ -547,7 +547,7 @@ withval="$with_pgsql" PGSQL_SET=1; PGSQL_PREFIX=$with_pgsql else - PGSQL_SET=0; PGSQL_PREFIX="/usr/local" + PGSQL_SET=0; PGSQL_PREFIX="/usr" fi @@ -557,7 +557,7 @@ if [ "${PGSQL_PREFIX}" = "yes" ]; then - PGSQL_PREFIX=/usr/local + PGSQL_PREFIX=/usr fi if [ "${MYSQL_PREFIX}" = "yes" ]; then --- a/configure.in +++ b/configure.in @@ -13,10 +13,10 @@ AC_ARG_WITH(pgsql, [ --with-pgsql=DIR Set root of PostgreSQL distribution. Should contain include/postgresql/libpq-fe.h and - lib/libpq.so [default=/usr/local]. + lib/libpq.so [default=/usr]. Cannot be used at the same time as --with-mysql.], [PGSQL_SET=1; PGSQL_PREFIX=$with_pgsql], - [PGSQL_SET=0; PGSQL_PREFIX="/usr/local"]) + [PGSQL_SET=0; PGSQL_PREFIX="/usr"]) AC_SUBST(MYSQL_PREFIX) AC_SUBST(PGSQL_PREFIX) @@ -24,7 +24,7 @@ AC_SUBST(PGSQL_SET) if [[ "${PGSQL_PREFIX}" = "yes" ]]; then - PGSQL_PREFIX=/usr/local + PGSQL_PREFIX=/usr fi if [[ "${MYSQL_PREFIX}" = "yes" ]]; then debian/patches/050000664000000000000000000000201711362701414010765 0ustar From: Santiago Vila Subject: Typos in gld.conf --- a/gld.conf +++ b/gld.conf @@ -128,15 +128,15 @@ FACILITY=mail # -# The Message that We display in case of reject (default is "Greylisted") +# The Message that we display in case of reject (default is "Greylisted") # -# If you want another SMTP return code than the default 450, just put it in +# If you want another SMTP return code than the default 450, just put it at # the beginning of the message, ie: 451 You have been greylisted by gld ... # If you don't provide any SMTP code, the default 450 will be used by postfix # # WARNING: if you set a custom smtp code make sure it's a 4XX code. # if you don't provide a 4XX code, gld will ignore it and send the default 450. -# Be also warned that if you set a custom code, gld will no use defer_if_permit anymore +# Be also warned that if you set a custom code, gld will not use defer_if_permit anymore # but direct supplied code to postfix . # MESSAGE=Service temporarily unavailable, please try later debian/prerm0000664000000000000000000000021610425702304010234 0ustar #!/bin/sh set -e case "$1" in upgrade|remove|deconfigure) if [ -x /etc/init.d/gld ]; then invoke-rc.d gld stop fi ;; esac debian/gld.init0000664000000000000000000000360210774707102010631 0ustar #!/bin/sh ### BEGIN INIT INFO # Provides: gld # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # X-Start-Before: postfix mysql # X-Stop-After: postfix mysql # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 ### END INIT INFO set -e PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/sbin/gld NAME=gld DESC="GreyListing Daemon" test -x $DAEMON || exit 0 ENABLED=0 if [ -f /etc/default/gld ]; then . /etc/default/gld fi if [ "$ENABLED" = "0" ]; then exit 0 fi case "$1" in start) echo -n "Starting $DESC: $NAME" # start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \ # --exec $DAEMON $DAEMON echo "." ;; stop) # start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \ # --exec $DAEMON pid=`ps ax | awk '$5 == "/usr/sbin/gld" { print $1 }'` if [ "$pid" ]; then echo -n "Stopping $DESC: $NAME" kill $pid echo "." else echo "No gld daemon found" fi ;; force-reload|reload) # start-stop-daemon --stop --signal 1 --quiet --pidfile \ # /var/run/$NAME.pid --exec $DAEMON pid=`ps ax | awk '$5 == "/usr/sbin/gld" { print $1 }'` if [ "$pid" ]; then echo -n "Reloading $DESC configuration..." kill -HUP $pid echo "done." else echo "No gld daemon found" fi ;; restart) # start-stop-daemon --stop --quiet --pidfile \ # /var/run/$NAME.pid --exec $DAEMON $0 stop sleep 1 # start-stop-daemon --start --quiet --pidfile \ # /var/run/$NAME.pid --exec $DAEMON $0 start ;; *) N=/etc/init.d/$NAME echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 exit 1 ;; esac debian/postgresql.diff0000664000000000000000000000211111362710417012222 0ustar This patch should allow you to use PostgreSQL instead of MySQL. Use at your own risk. In particular you should probably put the package on hold to avoid upgrades to the MySQL version. In a future release, this will be a configuration option in /etc/gld.conf. --- a/debian/control +++ b/debian/control @@ -3,13 +3,13 @@ Priority: optional Maintainer: Santiago Vila Standards-Version: 3.8.4 -Build-Depends: libmysqlclient-dev +Build-Depends: libpq-dev Homepage: http://www.gasmi.net/gld.html Package: postfix-gld Architecture: any Depends: ${shlibs:Depends}, psmisc, adduser -Recommends: postfix (>= 2.1), mysql-server +Recommends: postfix (>= 2.1), postgresql Description: greylisting daemon for postfix, written in C, uses MySQL gld stands for GreyList Daemon. gld is a standalone policy delegation server for postfix that implements the greylist algorithm as defined --- a/debian/rules +++ b/debian/rules @@ -3,7 +3,7 @@ package = postfix-gld docdir = debian/tmp/usr/share/doc/$(package) -DATABASE = mysql +DATABASE = pgsql CC = gcc CFLAGS = -g -Wall debian/postrm0000664000000000000000000000012610425702304010433 0ustar #!/bin/sh set -e if [ "$1" = "purge" ] ; then update-rc.d gld remove > /dev/null fi