packages: spamass-milter/spamass-milter-bits.patch (NEW) - add authenticate...
hawk
hawk at pld-linux.org
Thu Jul 14 21:15:20 CEST 2011
Author: hawk Date: Thu Jul 14 19:15:20 2011 GMT
Module: packages Tag: HEAD
---- Log message:
- add authenticated bits information into the dummy generated
Received-header for SpamAssassin to facilitate adding a rule to score
mail from authenticated clients, taken from Fedora
---- Files affected:
packages/spamass-milter:
spamass-milter-bits.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/spamass-milter/spamass-milter-bits.patch
diff -u /dev/null packages/spamass-milter/spamass-milter-bits.patch:1.1
--- /dev/null Thu Jul 14 21:15:20 2011
+++ packages/spamass-milter/spamass-milter-bits.patch Thu Jul 14 21:15:15 2011
@@ -0,0 +1,289 @@
+Add authenticated bits information into the dummy generated
+Received-header for SpamAssassin to facilitate adding a rule
+to score mail from authenticated clients.
+
+Discussion:
+http://bugzilla.redhat.com/496769
+http://www.gossamer-threads.com/lists/spamassassin/users/146948
+
+This patch also moves some of the macro collection to the
+ENVFROM callback, where the required macros are available by default.
+
+diff -up spamass-milter-0.3.2/README.bits spamass-milter-0.3.2/README
+--- spamass-milter-0.3.2/README.bits 2008-04-23 17:11:42.000000000 +0100
++++ spamass-milter-0.3.2/README 2011-02-15 11:02:47.877271392 +0000
+@@ -55,15 +55,26 @@ configuring sendmail through m4 & the se
+ adding the lines
+
+ INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/sendmail/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
+-define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl
+-define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl
+-define(`confMILTER_MACROS_ENVRCPT',`r, v, Z')dnl
++define(`confMILTER_MACROS_ENVRCPT',confMILTER_MACROS_ENVRCPT`, b, r, v, Z')dnl
+
+ should do the trick. Of course you need to modify the path of the
+ socket if you put another one into the startup script. The timeouts
+ have been increased somewhat because SpamAssassin may chew on it for a
+ little while on a slow machine.
+
++If you are using multiple milter mail filters on your mail server, you may
++have overridden the default values of some of the confMILTER_MACROS_*
++macros whilst configuring the other filters. You need to ensure that at
++least the following values are present:
++
++confMILTER_MACROS_CONNECT must include the {j} and {_} macros
++(all included by default)
++
++confMILTER_MACROS_ENVFROM must include the {i}, {auth_authen} and {auth_ssf}
++macros (all included by default)
++
++confMILTER_MACROS_ENVRCPT must include the {b}, {r}, {v}, and {Z} macros
++
+ Now recreate sendmail.cf, restart sendmail and experiment around a bit
+ with the setup to make sure it is working.
+
+diff -up spamass-milter-0.3.2/spamass-milter.cpp.bits spamass-milter-0.3.2/spamass-milter.cpp
+--- spamass-milter-0.3.2/spamass-milter.cpp.bits 2011-02-15 10:53:49.349259089 +0000
++++ spamass-milter-0.3.2/spamass-milter.cpp 2011-02-15 10:53:49.353259721 +0000
+@@ -678,6 +678,7 @@ sfsistat
+ mlfi_connect(SMFICTX * ctx, char *hostname, _SOCK_ADDR * hostaddr)
+ {
+ struct context *sctx;
++ const char *macro_j, *macro__;
+ int rv;
+
+ debug(D_FUNC, "mlfi_connect: enter");
+@@ -695,8 +696,31 @@ mlfi_connect(SMFICTX * ctx, char *hostna
+ }
+ sctx->assassin = NULL;
+ sctx->helo = NULL;
+-
+- /* store a pointer to it with setpriv */
++ sctx->our_fqdn = NULL;
++ sctx->sender_address = NULL;
++ sctx->queueid = NULL;
++ sctx->auth_authen = NULL;
++ sctx->auth_ssf = NULL;
++
++ /* store our FQDN */
++ macro_j = smfi_getsymval(ctx, const_cast<char *>("j"));
++ if (!macro_j)
++ {
++ macro_j = "localhost";
++ warnmacro("j", "CONNECT");
++ }
++ sctx->our_fqdn = strdup(macro_j);
++
++ /* store the validated sending site's address */
++ macro__ = smfi_getsymval(ctx, const_cast<char *>("_"));
++ if (!macro__)
++ {
++ macro__ = "unknown";
++ warnmacro("_", "CONNECT");
++ }
++ sctx->sender_address = strdup(macro__);
++
++ /* store a pointer to our private data with setpriv */
+ rv = smfi_setpriv(ctx, sctx);
+ if (rv != MI_SUCCESS)
+ {
+@@ -745,7 +769,7 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
+ {
+ SpamAssassin* assassin;
+ struct context *sctx = (struct context *)smfi_getpriv(ctx);
+- const char *queueid;
++ const char *queueid, *macro_auth_ssf, *macro_auth_authen;
+
+ if (sctx == NULL)
+ {
+@@ -787,17 +811,44 @@ mlfi_envfrom(SMFICTX* ctx, char** envfro
+
+ // remember the MAIL FROM address
+ assassin->set_from(string(envfrom[0]));
+-
++
++ // remember the queueid for this message
+ queueid=smfi_getsymval(ctx, const_cast<char *>("i"));
+ if (!queueid)
+ {
+ queueid="unknown";
+ warnmacro("i", "ENVFROM");
+ }
+- assassin->queueid = queueid;
+-
++ sctx->queueid = strdup(queueid);
+ debug(D_MISC, "queueid=%s", queueid);
+
++ // remember the SMTP AUTH login name
++ macro_auth_authen = smfi_getsymval(ctx, const_cast<char *>("{auth_authen}"));
++ if (!macro_auth_authen)
++ {
++ macro_auth_authen = "";
++ // Don't issue a warning for the auth_authen macro as
++ // it is likely to be unset much of the time - it's
++ // only set if the client has authenticated.
++ //
++ // Similarly, we only issue warnings for the other
++ // auth-related macros if {auth_authen) is available.
++ //
++ // warnmacro("auth_authen", "ENVFROM");
++ }
++ sctx->auth_authen = strdup(macro_auth_authen);
++
++ // remember the SASL cipher bits
++ macro_auth_ssf = smfi_getsymval(ctx, const_cast<char *>("{auth_ssf}"));
++ if (!macro_auth_ssf)
++ {
++ macro_auth_ssf = "";
++ if (strlen(macro_auth_authen)) {
++ warnmacro("auth_ssf", "ENVFROM");
++ }
++ }
++ sctx->auth_ssf = strdup(macro_auth_ssf);
++
+ // tell Milter to continue
+ debug(D_FUNC, "mlfi_envfrom: exit");
+
+@@ -888,7 +939,8 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+
+ */
+ const char *macro_b, *macro_i, *macro_j, *macro_r,
+- *macro_s, *macro_v, *macro_Z, *macro__;
++ *macro_s, *macro_v, *macro_Z, *macro__,
++ *macro_auth_ssf, *macro_auth_authen;
+ char date[32];
+
+ /* RFC 822 date. */
+@@ -903,20 +955,13 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+ }
+
+ /* queue ID */
+- macro_i = smfi_getsymval(ctx, const_cast<char *>("i"));
+- if (!macro_i)
+- {
+- macro_i = "unknown";
+- warnmacro("i", "ENVRCPT");
+- }
++ macro_i = sctx->queueid;
+
+- /* FQDN of this site */
+- macro_j = smfi_getsymval(ctx, const_cast<char *>("j"));
+- if (!macro_j)
+- {
+- macro_j = "localhost";
+- warnmacro("j", "ENVRCPT");
+- }
++ /* FQDN */
++ macro_j = sctx->our_fqdn;
++
++ /* Sender address */
++ macro__ = sctx->sender_address;
+
+ /* Protocol used to receive the message */
+ macro_r = smfi_getsymval(ctx, const_cast<char *>("r"));
+@@ -925,7 +970,11 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+ macro_r = "SMTP";
+ warnmacro("r", "ENVRCPT");
+ }
+-
++
++ /* SMTP AUTH details */
++ macro_auth_authen = sctx->auth_authen;
++ macro_auth_ssf = sctx->auth_ssf;
++
+ /* Sendmail currently cannot pass us the {s} macro, but
+ I do not know why. Leave this in for the day sendmail is
+ fixed. Until that day, use the value remembered by
+@@ -953,22 +1002,25 @@ mlfi_envrcpt(SMFICTX* ctx, char** envrcp
+ warnmacro("Z", "ENVRCPT");
+ }
+
+- /* Validated sending site's address */
+- macro__ = smfi_getsymval(ctx, const_cast<char *>("_"));
+- if (!macro__)
++ assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n");
++ assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
++
++ string rec_header;
++
++ rec_header = (string) "Received: from " + macro_s + " (" + macro__ + ")\r\n\t";
++
++ if (strlen(macro_auth_ssf))
+ {
+- macro__ = "unknown";
+- warnmacro("_", "ENVRCPT");
++ rec_header += (string) "(authenticated bits=" + macro_auth_ssf + ")\r\n\t";
+ }
+
+- assassin->output((string)"X-Envelope-From: "+assassin->from()+"\r\n");
+- assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
++ rec_header += (string) "by " + macro_j + " (" + macro_v + "/" + macro_Z + ") with " +
++ macro_r + " id " + macro_i + ";\r\n\t" +
++ macro_b + "\r\n\t" +
++ "(envelope-from " + assassin->from() + ")\r\n";
+
+- assassin->output((string)
+- "Received: from "+macro_s+" ("+macro__+")\r\n\t"+
+- "by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+
+- macro_b+"\r\n\t"+
+- "(envelope-from "+assassin->from()+")\r\n");
++ debug(D_SPAMC, "Received header for spamc: %s", rec_header.c_str());
++ assassin->output(rec_header);
+
+ } else
+ assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
+@@ -1214,16 +1266,27 @@ mlfi_close(SMFICTX* ctx)
+ {
+ struct context *sctx;
+ debug(D_FUNC, "mlfi_close");
+-
++
+ sctx = (struct context*)smfi_getpriv(ctx);
+ if (sctx == NULL)
+ return SMFIS_ACCEPT;
+
+ if (sctx->helo)
+ free(sctx->helo);
++ if (sctx->our_fqdn)
++ free(sctx->our_fqdn);
++ if (sctx->sender_address)
++ free(sctx->sender_address);
++ if (sctx->queueid)
++ free(sctx->queueid);
++ if (sctx->auth_authen)
++ free(sctx->auth_authen);
++ if (sctx->auth_ssf)
++ free(sctx->auth_ssf);
++
+ free(sctx);
+ smfi_setpriv(ctx, NULL);
+-
++
+ return SMFIS_ACCEPT;
+ }
+
+diff -up spamass-milter-0.3.2/spamass-milter.h.bits spamass-milter-0.3.2/spamass-milter.h
+--- spamass-milter-0.3.2/spamass-milter.h.bits 2011-02-15 10:53:49.342257983 +0000
++++ spamass-milter-0.3.2/spamass-milter.h 2011-02-15 10:53:49.354259879 +0000
+@@ -154,9 +154,6 @@ public:
+ // List of recipients after alias/virtusertable expansion
+ list <string> expandedrcpt;
+
+- // the sendmail queue id for this message; used for logging
+- string queueid;
+-
+ // Process handling variables
+ pid_t pid;
+ int pipe_io[2][2];
+@@ -167,6 +164,11 @@ struct context
+ {
+ struct in_addr connect_ip; // remote IP address
+ char *helo;
++ char *our_fqdn;
++ char *sender_address;
++ char *queueid;
++ char *auth_authen;
++ char *auth_ssf;
+ SpamAssassin *assassin; // pointer to the SA object if we're processing a message
+ };
+
================================================================
More information about the pld-cvs-commit
mailing list