packages: spamass-milter/spamass-milter-bits.patch (NEW) - add authenticate...

hawk hawk at pld-linux.org
Thu Jul 14 21:15:20 CEST 2011


Author: hawk                         Date: Thu Jul 14 19:15:20 2011 GMT
Module: packages                      Tag: HEAD
---- Log message:
- add authenticated bits information into the dummy generated
  Received-header for SpamAssassin to facilitate adding a rule to score
  mail from authenticated clients, taken from Fedora

---- Files affected:
packages/spamass-milter:
   spamass-milter-bits.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/spamass-milter/spamass-milter-bits.patch
diff -u /dev/null packages/spamass-milter/spamass-milter-bits.patch:1.1
--- /dev/null	Thu Jul 14 21:15:20 2011
+++ packages/spamass-milter/spamass-milter-bits.patch	Thu Jul 14 21:15:15 2011
@@ -0,0 +1,289 @@
+Add authenticated bits information into the dummy generated
+Received-header for SpamAssassin to facilitate adding a rule
+to score mail from authenticated clients.
+
+Discussion:
+http://bugzilla.redhat.com/496769
+http://www.gossamer-threads.com/lists/spamassassin/users/146948
+
+This patch also moves some of the macro collection to the
+ENVFROM callback, where the required macros are available by default.
+
+diff -up spamass-milter-0.3.2/README.bits spamass-milter-0.3.2/README
+--- spamass-milter-0.3.2/README.bits	2008-04-23 17:11:42.000000000 +0100
++++ spamass-milter-0.3.2/README	2011-02-15 11:02:47.877271392 +0000
+@@ -55,15 +55,26 @@ configuring sendmail through m4 & the se
+ adding the lines
+ 
+ INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/sendmail/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
+-define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl
+-define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl
+-define(`confMILTER_MACROS_ENVRCPT',`r, v, Z')dnl
++define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`, b, r, v, Z')dnl
+ 
+ should do the trick. Of course you need to modify the path of the
+ socket if you put another one into the startup script. The timeouts
+ have been increased somewhat because SpamAssassin may chew on it for a
+ little while on a slow machine.
+ 
++If you are using multiple milter mail filters on your mail server, you may
++have overridden the default values of some of the confMILTER_MACROS_*
++macros whilst configuring the other filters. You need to ensure that at
++least the following values are present:
++
++confMILTER_MACROS_CONNECT must include the {j} and {_} macros
++(all included by default)
++
++confMILTER_MACROS_ENVFROM must include the {i}, {auth_authen} and {auth_ssf}
++macros (all included by default)
++
++confMILTER_MACROS_ENVRCPT must include the {b}, {r}, {v}, and {Z} macros
++
+ Now recreate sendmail.cf, restart sendmail and experiment around a bit
+ with the setup to make sure it is working.
+ 
+diff -up spamass-milter-0.3.2/spamass-milter.cpp.bits spamass-milter-0.3.2/spamass-milter.cpp
+--- spamass-milter-0.3.2/spamass-milter.cpp.bits	2011-02-15 10:53:49.349259089 +0000
++++ spamass-milter-0.3.2/spamass-milter.cpp	2011-02-15 10:53:49.353259721 +0000
+@@ -678,6 +678,7 @@ sfsistat 
+ mlfi_connect(SMFICTX * ctx, char *hostname, _SOCK_ADDR * hostaddr)
+ {
+ 	struct context *sctx;
++	const char *macro_j, *macro__;
+ 	int rv;
+ 
+ 	debug(D_FUNC, "mlfi_connect: enter");
+@@ -695,8 +696,31 @@ mlfi_connect(SMFICTX * ctx, char *hostna
+ 	}
+ 	sctx->assassin = NULL;
+ 	sctx->helo = NULL;
+-	
+-	/* store a pointer to it with setpriv */
++	sctx->our_fqdn = NULL;
++	sctx->sender_address = NULL;
++	sctx->queueid = NULL;
++	sctx->auth_authen = NULL;
++	sctx->auth_ssf = NULL;
++
++	/* store our FQDN */
++	macro_j = smfi_getsymval(ctx, const_cast<char *>("j"));
++	if (!macro_j)
++	{
++		macro_j = "localhost";
++		warnmacro("j", "CONNECT");
++	}
++	sctx->our_fqdn = strdup(macro_j);
++
++	/* store the validated sending site's address */
++	macro__ = smfi_getsymval(ctx, const_cast<char *>("_"));
++	if (!macro__)
++	{
++		macro__ = "unknown";
++		warnmacro("_", "CONNECT");
++	}
++	sctx->sender_address = strdup(macro__);
++
++	/* store a pointer to our private data with setpriv */
+ 	rv = smfi_setpriv(ctx, sctx);
+ 	if (rv != MI_SUCCESS)
+ 	{
+@@ -745,7 +769,7 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
+ {
+   SpamAssassin* assassin;
+   struct context *sctx = (struct context *)smfi_getpriv(ctx);
+-  const char *queueid;
++  const char *queueid, *macro_auth_ssf, *macro_auth_authen;
+ 
+   if (sctx == NULL)
+   {
+@@ -787,17 +811,44 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
+ 
+   // remember the MAIL FROM address
+   assassin->set_from(string(envfrom[0]));
+-  
++
++  // remember the queueid for this message
+   queueid=smfi_getsymval(ctx, const_cast<char *>("i"));
+   if (!queueid)
+   {
+     queueid="unknown";
+     warnmacro("i", "ENVFROM");
+   }
+-  assassin->queueid = queueid;
+-
++  sctx->queueid = strdup(queueid);
+   debug(D_MISC, "queueid=%s", queueid);
+ 
++  // remember the SMTP AUTH login name
++  macro_auth_authen = smfi_getsymval(ctx, const_cast<char *>("{auth_authen}"));
++  if (!macro_auth_authen)
++  {
++    macro_auth_authen = "";
++    // Don't issue a warning for the auth_authen macro as
++    // it is likely to be unset much of the time - it's
++    // only set if the client has authenticated.
++    //
++    // Similarly, we only issue warnings for the other
++    // auth-related macros if {auth_authen) is available.
++    //
++    // warnmacro("auth_authen", "ENVFROM");
++  }
++  sctx->auth_authen = strdup(macro_auth_authen);
++
++  // remember the SASL cipher bits
++  macro_auth_ssf = smfi_getsymval(ctx, const_cast<char *>("{auth_ssf}"));
++  if (!macro_auth_ssf)
++  {
++    macro_auth_ssf = "";
++    if (strlen(macro_auth_authen)) {
++      warnmacro("auth_ssf", "ENVFROM");
++    }
++  }
++  sctx->auth_ssf = strdup(macro_auth_ssf);
++
+   // tell Milter to continue
+   debug(D_FUNC, "mlfi_envfrom: exit");
+ 
+@@ -888,7 +939,8 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+ 		   
+ 		*/
+ 		const char *macro_b, *macro_i, *macro_j, *macro_r,
+-		           *macro_s, *macro_v, *macro_Z, *macro__;
++		           *macro_s, *macro_v, *macro_Z, *macro__,
++			   *macro_auth_ssf, *macro_auth_authen;
+ 		char date[32];
+ 
+ 		/* RFC 822 date. */
+@@ -903,20 +955,13 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+ 		}
+ 
+ 		/* queue ID */
+-		macro_i = smfi_getsymval(ctx, const_cast<char *>("i"));
+-		if (!macro_i)
+-		{
+-			macro_i = "unknown";
+-			warnmacro("i", "ENVRCPT");
+-		}
++		macro_i = sctx->queueid;
+ 
+-		/* FQDN of this site */
+-		macro_j = smfi_getsymval(ctx, const_cast<char *>("j"));
+-		if (!macro_j)
+-		{
+-			macro_j = "localhost";
+-			warnmacro("j", "ENVRCPT");
+-		}
++		/* FQDN */
++		macro_j = sctx->our_fqdn;
++
++		/* Sender address */
++		macro__ = sctx->sender_address;
+ 
+ 		/* Protocol used to receive the message */
+ 		macro_r = smfi_getsymval(ctx, const_cast<char *>("r"));
+@@ -925,7 +970,11 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+ 			macro_r = "SMTP";
+ 			warnmacro("r", "ENVRCPT");
+ 		}
+-			
++
++		/* SMTP AUTH details */
++		macro_auth_authen = sctx->auth_authen;
++		macro_auth_ssf = sctx->auth_ssf;
++
+ 		/* Sendmail currently cannot pass us the {s} macro, but
+ 		   I do not know why.  Leave this in for the day sendmail is
+ 		   fixed.  Until that day, use the value remembered by
+@@ -953,22 +1002,25 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+ 			warnmacro("Z", "ENVRCPT");
+ 		}
+ 
+-		/* Validated sending site's address */
+-		macro__ = smfi_getsymval(ctx, const_cast<char *>("_"));
+-		if (!macro__)
++		assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n");
++		assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
++
++		string rec_header;
++
++		rec_header = (string) "Received: from " + macro_s + " (" + macro__ + ")\r\n\t";
++
++		if (strlen(macro_auth_ssf))
+ 		{
+-			macro__ = "unknown";
+-			warnmacro("_", "ENVRCPT");
++			rec_header += (string) "(authenticated bits=" + macro_auth_ssf + ")\r\n\t";
+ 		}
+ 
+-		assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n");
+-		assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
++		rec_header += (string) "by " + macro_j + " (" + macro_v + "/" + macro_Z + ") with " +
++			macro_r + " id " + macro_i + ";\r\n\t" +
++			macro_b + "\r\n\t" +
++			"(envelope-from " + assassin->from() + ")\r\n";
+ 
+-		assassin->output((string)
+-			"Received: from "+macro_s+" ("+macro__+")\r\n\t"+
+-			"by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+
+-			macro_b+"\r\n\t"+
+-			"(envelope-from "+assassin->from()+")\r\n");
++		debug(D_SPAMC, "Received header for spamc: %s", rec_header.c_str());
++		assassin->output(rec_header);
+ 
+ 	} else
+ 		assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
+@@ -1214,16 +1266,27 @@ mlfi_close(SMFICTX* ctx)
+ {
+   struct context *sctx;
+   debug(D_FUNC, "mlfi_close");
+-  
++
+   sctx = (struct context*)smfi_getpriv(ctx);
+   if (sctx == NULL)
+     return SMFIS_ACCEPT;
+ 
+   if (sctx->helo)
+   	free(sctx->helo);
++  if (sctx->our_fqdn)
++  	free(sctx->our_fqdn);
++  if (sctx->sender_address)
++  	free(sctx->sender_address);
++  if (sctx->queueid)
++  	free(sctx->queueid);
++  if (sctx->auth_authen)
++  	free(sctx->auth_authen);
++  if (sctx->auth_ssf)
++  	free(sctx->auth_ssf);
++
+   free(sctx);
+   smfi_setpriv(ctx, NULL);
+-  
++
+   return SMFIS_ACCEPT;
+ }
+ 
+diff -up spamass-milter-0.3.2/spamass-milter.h.bits spamass-milter-0.3.2/spamass-milter.h
+--- spamass-milter-0.3.2/spamass-milter.h.bits	2011-02-15 10:53:49.342257983 +0000
++++ spamass-milter-0.3.2/spamass-milter.h	2011-02-15 10:53:49.354259879 +0000
+@@ -154,9 +154,6 @@ public:  
+   // List of recipients after alias/virtusertable expansion
+   list <string> expandedrcpt;
+ 
+-  // the sendmail queue id for this message; used for logging
+-  string queueid;
+-
+   // Process handling variables
+   pid_t pid;
+   int pipe_io[2][2];
+@@ -167,6 +164,11 @@ struct context
+ {
+ 	struct in_addr connect_ip;	// remote IP address
+ 	char *helo;
++	char *our_fqdn;
++	char *sender_address;
++	char *queueid;
++	char *auth_authen;
++	char *auth_ssf;
+ 	SpamAssassin *assassin; // pointer to the SA object if we're processing a message
+ };
+ 
================================================================


More information about the pld-cvs-commit mailing list