packages: spamass-milter/spamass-milter-group.patch (NEW) - add option to h...
hawk
hawk at pld-linux.org
Thu Jul 14 21:16:03 CEST 2011
Author: hawk Date: Thu Jul 14 19:16:03 2011 GMT
Module: packages Tag: HEAD
---- Log message:
- add option to have the milter create a group-writeable socket
---- Files affected:
packages/spamass-milter:
spamass-milter-group.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/spamass-milter/spamass-milter-group.patch
diff -u /dev/null packages/spamass-milter/spamass-milter-group.patch:1.1
--- /dev/null Thu Jul 14 21:16:03 2011
+++ packages/spamass-milter/spamass-milter-group.patch Thu Jul 14 21:15:58 2011
@@ -0,0 +1,104 @@
+Add option -g group to have the milter create a group-writeable socket
+for communication with the MTA and set the GID of the socket to the
+specified group. This makes it possible to use the milter via a
+unix-domain socket with Postfix as the MTA (Postfix doesn't run as
+root and would otherwise be unable to use the socket).
+
+http://bugzilla.redhat.com/452248
+
+diff -up spamass-milter-0.3.1/spamass-milter.cpp.group spamass-milter-0.3.1/spamass-milter.cpp
+--- spamass-milter-0.3.1/spamass-milter.cpp.group 2010-03-24 13:30:19.030834527 +0000
++++ spamass-milter-0.3.1/spamass-milter.cpp 2010-03-24 13:40:54.712898107 +0000
+@@ -89,6 +89,8 @@
+ #endif
+ #include <errno.h>
+
++#include <grp.h>
++
+ // C++ includes
+ #include <cstdio>
+ #include <cstddef>
+@@ -180,8 +182,9 @@ int
+ main(int argc, char* argv[])
+ {
+ int c, err = 0;
+- const char *args = "fd:mMp:P:r:u:D:i:Ib:B:e:x";
++ const char *args = "fd:mMp:P:r:u:D:i:Ib:B:e:xg:";
+ char *sock = NULL;
++ char *group = NULL;
+ bool dofork = false;
+ char *pidfilename = NULL;
+ FILE *pidfile = NULL;
+@@ -228,6 +231,9 @@ main(int argc, char* argv[])
+ case 'p':
+ sock = strdup(optarg);
+ break;
++ case 'g':
++ group = strdup(optarg);
++ break;
+ case 'P':
+ pidfilename = strdup(optarg);
+ break;
+@@ -287,6 +293,7 @@ main(int argc, char* argv[])
+ cout << " [-P pidfile] [-r nn] [-u defaultuser] [-x]" << endl;
+ cout << " [-- spamc args ]" << endl;
+ cout << " -p socket: path to create socket" << endl;
++ cout << " -g group: socket group (perms to 660 as well)" << endl;
+ cout << " -b bucket: redirect spam to this mail address. The orignal" << endl;
+ cout << " recipient(s) will not receive anything." << endl;
+ cout << " -B bucket: add this mail address as a BCC recipient of spam." << endl;
+@@ -354,6 +361,30 @@ main(int argc, char* argv[])
+ } else {
+ debug(D_MISC, "smfi_register succeeded");
+ }
++
++ if (group)
++ {
++ struct group *gr;
++
++ (void) smfi_opensocket(0);
++ gr = getgrnam(group);
++ if (gr)
++ {
++ int rc;
++ rc = chown(sock, (uid_t)-1, gr->gr_gid);
++ if (!rc)
++ {
++ (void) chmod(sock, 0660);
++ } else {
++ perror("group option, chown");
++ exit(EX_NOPERM);
++ }
++ } else {
++ perror("group option, getgrnam");
++ exit(EX_NOUSER);
++ }
++ }
++
+ debug(D_ALWAYS, "spamass-milter %s starting", PACKAGE_VERSION);
+ err = smfi_main();
+ debug(D_ALWAYS, "spamass-milter %s exiting", PACKAGE_VERSION);
+diff -up spamass-milter-0.3.1/spamass-milter.1.in.group spamass-milter-0.3.1/spamass-milter.1.in
+--- spamass-milter-0.3.1/spamass-milter.1.in.group 2010-03-24 13:30:19.026834927 +0000
++++ spamass-milter-0.3.1/spamass-milter.1.in 2010-03-24 13:30:19.033834685 +0000
+@@ -13,6 +13,7 @@
+ .Op Fl D Ar host
+ .Op Fl e Ar defaultdomain
+ .Op Fl f
++.Op Fl g Ar group
+ .Op Fl i Ar networks
+ .Op Fl I
+ .Op Fl m
+@@ -108,6 +109,12 @@ flag.
+ Causes
+ .Nm
+ to fork into the background.
++.It Fl g Ar group
++Makes the socket for communication with the MTA group-writable (mode 0750)
++and sets the socket's group to
++.Ar group .
++This option is intended for use with MTA's like Postfix that do not run as
++root, and is incompatible with Sendmail usage.
+ .It Fl i Ar networks
+ Ignores messages if the originating IP is in the network(s) listed.
+ The message will be passed through without calling SpamAssassin at all.
================================================================
More information about the pld-cvs-commit
mailing list