bring the postgrey patches into this repository rather than maintaining them in a separate postgrey fork repository

2015-06-01 21:31:11 -04:00 · 2015-06-01 21:31:11 -04:00 · b25ce67fe1
parent 47a5a44b9e
commit b25ce67fe1
4 changed files with 196 additions and 7 deletions
--- a/ppa/Makefile
+++ b/ppa/Makefile
@ -1,3 +1,5 @@
+POSTGREY_VERSION=1.35-1+miab1
+
 all: clean build_postgrey build_dovecot_lucene

 clean:
@ -7,21 +9,28 @@ clean:
 	# Prepare to build source packages.
 	mkdir -p /tmp/build

-build_postgrey:
-	# Download our fork of the Debian postgrey package.
-	git clone https://github.com/mail-in-a-box/postgrey /tmp/build/postgrey
+build_postgrey: clean
+	# Download the latest Debian postgrey package. It is ahead of Ubuntu,
+	# and we might as well jump ahead.
+	git clone git://git.debian.org/git/collab-maint/postgrey.git /tmp/build/postgrey

 	# Download the corresponding upstream package.
 	wget -O /tmp/build/postgrey_1.35.orig.tar.gz http://postgrey.schweikert.ch/pub/postgrey-1.35.tar.gz

+	# Add our source patch to the debian packaging listing.
+	cp postgrey_sources.diff /tmp/build/postgrey/debian/patches/mailinabox
+
+	# Patch the packaging to give it a new version.
+	patch -p1 -d /tmp/build/postgrey < postgrey.diff
+
 	# Build the source package.
 	(cd /tmp/build/postgrey; dpkg-buildpackage -S -us -uc -nc)

 	# Sign the packages.
-	debsign /tmp/build/postgrey_1.35-1miab1_source.changes
+	debsign /tmp/build/postgrey_$(POSTGREY_VERSION)_source.changes

 	# Upload to PPA.
-	dput ppa:mail-in-a-box/ppa /tmp/build/postgrey_1.35-1miab1_source.changes
+	dput ppa:mail-in-a-box/ppa /tmp/build/postgrey_$(POSTGREY_VERSION)_source.changes

 	# Clear the intermediate files.
 	rm -rf /tmp/build/postgrey
@ -30,7 +39,7 @@ build_postgrey:
 	#sudo apt-get build-dep -y postgrey
 	#(cd /tmp/build/postgrey; dpkg-buildpackage -us -uc -nc)

-build_dovecot_lucene:
+build_dovecot_lucene: clean
 	# Get the upstream source.
 	(cd /tmp/build; apt-get source dovecot)

--- a/ppa/README.md
+++ b/ppa/README.md
@ -6,7 +6,7 @@ Mail-in-a-Box maintains a Launchpad.net PPA ([Mail-in-a-Box PPA](https://launchp
 Packages
 --------

-* [postgrey](https://github.com/mail-in-a-box/postgrey), with a modification to whitelist senders that are whitelisted by [dnswl.org](https://www.dnswl.org/) (i.e. don't greylist mail from them).
+* postgrey, a fork of [postgrey](http://postgrey.schweikert.ch/) based on the [latest Debian package](http://git.debian.org/?p=collab-maint/postgrey.git), with a modification to whitelist senders that are whitelisted by [dnswl.org](https://www.dnswl.org/) (i.e. don't greylist mail from known good senders).

 Building
 --------
--- a/ppa/postgrey.diff
+++ b/ppa/postgrey.diff
@ -0,0 +1,80 @@
+diff --git a/debian/NEWS b/debian/NEWS
+index dd09744..de7b640 100644
+--- a/debian/NEWS
+++ b/debian/NEWS
+@@ -1,3 +1,9 @@
+postgrey (1.35-1+miab1)
+
+  Added DNSWL.org whitelisting.
+
+ -- Joshua Tauberer <jt@occams.info>  Mon May 18 18:58:40 EDT 2015
+
+ postgrey (1.32-1) unstable; urgency=low
+ 
+   Postgrey is now listening to port 10023 and not 60000.  The latter was an
+diff --git a/debian/changelog b/debian/changelog
+index 1058e15..e5e3557 100644
+--- a/debian/changelog
+++ b/debian/changelog
+@@ -1,3 +1,9 @@
+postgrey (1.35-1+miab1) trusty; urgency=low
+
+  * Added DNSWL.org whitelisting.
+
+ -- Joshua Tauberer <jt@occams.info>  Mon, 18 May 2015 21:58:40 +0000
+
+ postgrey (1.35-1) unstable; urgency=low
+ 
+   * New upstream release (Closes: 756486)
+diff --git a/debian/control b/debian/control
+index ce12ba6..0a82855 100644
+--- a/debian/control
+++ b/debian/control
+@@ -1,14 +1,11 @@
+ Source: postgrey
+ Section: mail
+ Priority: optional
+-Maintainer: Antonio Radici <antonio@debian.org>
+-Uploaders: Jon Daley <jondaley-guest@alioth.debian.org>
+Maintainer: Joshua Tauberer <jt@occams.info>
+ Build-Depends: debhelper (>= 7), quilt
+ Build-Depends-Indep: po-debconf
+ Standards-Version: 3.9.6
+ Homepage: http://postgrey.schweikert.ch/
+-Vcs-Browser: http://git.debian.org/?p=collab-maint/postgrey.git
+-Vcs-Git: git://git.debian.org/git/collab-maint/postgrey.git
+ 
+ Package: postgrey
+ Architecture: all
+@@ -25,3 +22,6 @@ Description: greylisting implementation for Postfix
+  .
+  While Postgrey is designed for use with Postfix, it can also be used
+  with Exim.
+ .
+ This version has been modified by Mail-in-a-Box to whitelist senders
+ in the DNSWL.org list. See https://mailinabox.email.
+diff --git a/debian/copyright b/debian/copyright
+index 3cbe377..bf09b89 100644
+--- a/debian/copyright
+++ b/debian/copyright
+@@ -1,6 +1,10 @@
+This package is a fork by Mail-in-a-Box (https://mailinabox.email). Original
+copyright statement follows:
+----------------------------------------------------------------------------
+
+ This Debian package was prepared by Adrian von Bidder <cmot@debian.org> in
+ July 2004, then the package was adopted by Antonio Radici <antonio@dyne.org>
+-in Sept 2009
+in Sept 2009.
+ 
+ It was downloaded from http://postgrey.schweikert.ch/
+ 
+diff --git a/debian/patches/series b/debian/patches/series
+index f4c5e31..3cd62b8 100644
+--- a/debian/patches/series
+++ b/debian/patches/series
+@@ -1,3 +1,3 @@
+ imported-upstream-diff
+ disable-transaction-logic
+-
+mailinabox
--- a/ppa/postgrey_sources.diff
+++ b/ppa/postgrey_sources.diff
@ -0,0 +1,100 @@
+Description: whitelist whatever dnswl.org whitelists
+ .
+ postgrey (1.35-1+miab1) unstable; urgency=low
+ .
+   * Added DNSWL.org whitelisting.
+Author: Joshua Tauberer <jt@occams.info>
+
+--- postgrey-1.35.orig/README
+++ postgrey-1.35/README
+@@ -13,7 +13,7 @@ Requirements
+ - BerkeleyDB (Perl Module)
+ - Berkeley DB >= 4.1 (Library)
+ - Digest::SHA (Perl Module, only for --privacy option)
+-
+- Net::DNS (Perl Module)
+ 
+ Documentation
+ -------------
+--- postgrey-1.35.orig/postgrey
+++ postgrey-1.35/postgrey
+@@ -18,6 +18,7 @@ use Fcntl ':flock'; # import LOCK_* cons
+ use Sys::Hostname;
+ use Sys::Syslog; # used only to find out which version we use
+ use POSIX qw(strftime setlocale LC_ALL);
+use Net::DNS; # for DNSWL.org whitelisting
+ 
+ use vars qw(@ISA);
+ @ISA = qw(Net::Server::Multiplex);
+@@ -26,6 +27,8 @@ my $VERSION = '1.35';
+ my $DEFAULT_DBDIR = '/var/lib/postgrey';
+ my $CONFIG_DIR = '/etc/postgrey';
+ 
+my $dns_resolver = Net::DNS::Resolver->new;
+
+ sub cidr_parse($)
+ {
+     defined $_[0] or return undef;
+@@ -48,6 +51,36 @@ sub cidr_match($$$)
+     return ($addr & $mask) == $net;
+ }
+ 
+sub reverseDottedQuad {
+    # This is the sub _chkValidPublicIP from Net::DNSBL by PJ Goodwin
+    # at http://www.the42.net/net-dnsbl.
+    my ($quad) = @_;
+    if ($quad =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/) {
+        my ($ip1,$ip2,$ip3,$ip4) = ($1, $2, $3, $4);
+        if (
+           $ip1 == 10 ||                               #10.0.0.0/8 (10/8)
+          ($ip1 == 172 && $ip2 >= 16 && $ip2 <= 31) || #172.16.0.0/12 (172.16/12)
+          ($ip1 == 192 && $ip2 == 168) ||              #192.168.0.0/16 (192.168/16)
+           $quad eq '127.0.0.1'                        # localhost
+           ) {
+            # toss the RFC1918 specified privates
+            return undef;
+        } elsif (
+          ($ip1 <= 1 || $ip1 > 254) ||
+          ($ip2 < 0  || $ip2 > 255) ||
+          ($ip3 < 0  || $ip3 > 255) ||
+          ($ip4 < 0  || $ip4 > 255)
+           ) {
+            #invalid oct, toss it;
+            return undef;
+        }
+        my $revquad = $ip4 . "." . $ip3 . "." . $ip2 . "." . $ip1;
+        return $revquad;
+    } else { # invalid quad
+        return undef;
+    }
+}
+
+ sub read_clients_whitelists($)
+ {
+     my ($self) = @_;
+@@ -361,6 +394,25 @@ sub smtpd_access_policy($$)
+         }
+     }
+ 
+    # whitelist clients in dnswl.org
+    my $revip = reverseDottedQuad($attr->{client_address});
+    if ($revip) { # valid IP / plausibly in DNSWL
+        my $answer = $dns_resolver->send($revip . '.list.dnswl.org');
+        if ($answer && scalar($answer->answer) > 0) {
+            my @rrs = $answer->answer;
+            if ($rrs[0]->type eq 'A' && $rrs[0]->address ne '127.0.0.255') {
+                # Address appears in DNSWL. (127.0.0.255 means we were rate-limited.)
+                my $code = $rrs[0]->address;
+		if ($code =~ /^127.0.(\d+)\.([0-3])$/) {
+                    my %dnswltrust = (0 => 'legitimate', 1 => 'occasional spam', 2 => 'rare spam', 3 => 'highly unlikely to send spam');
+                    $code = $2 . '/' . $dnswltrust{$2};
+                }
+                $self->mylog_action($attr, 'pass', 'client whitelisted by dnswl.org (' . $code . ')');
+                return 'DUNNO';
+            }
+        }
+    }
+
+     # auto whitelist clients (see below for explanation)
+     my ($cawl_db, $cawl_key, $cawl_count, $cawl_last);
+     if($self->{postgrey}{awl_clients}) {