summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorjlam <jlam@pkgsrc.org>2004-08-06 15:05:53 +0000
committerjlam <jlam@pkgsrc.org>2004-08-06 15:05:53 +0000
commit1403a3a8be5ede4f83474a2aca988b16adbc33af (patch)
treede13c56145da1ec97a1bfce260c61ec1ccfafcbe /security
parent8a77e710d395fc0b64b3c44373c0ac663461caf2 (diff)
downloadpkgsrc-1403a3a8be5ede4f83474a2aca988b16adbc33af.tar.gz
Reimport mail/amavisd-new as security/amavisd-new.
amavisd-new is an interface between message transfer agent (MTA) and one or more content checkers, e.g. virus scanners, SpamAssassin, etc. It is a performance-enhanced and feature-enriched version of amavisd (which in turn is a daemonized version of AMaViS or amavis-perl). amavisd-new is normally positioned at or near a central mailer, not necessarily where user's mailboxes and final delivery takes place. If you are looking for fully per-user configurable and/or low-message-rate solution to be placed at the final stage of mail delivery (e.g. called from procmail), there may be other solutions more appropriate for your needs. Package created and maintained by Julian Dunn in pkgsrc-wip.
Diffstat (limited to 'security')
-rw-r--r--security/amavisd-new/DESCR11
-rw-r--r--security/amavisd-new/MESSAGE21
-rw-r--r--security/amavisd-new/MESSAGE.milter24
-rw-r--r--security/amavisd-new/Makefile134
-rw-r--r--security/amavisd-new/PLIST33
-rw-r--r--security/amavisd-new/distinfo5
-rw-r--r--security/amavisd-new/files/amavisd.sh77
-rw-r--r--security/amavisd-new/files/amavismilter.sh57
-rw-r--r--security/amavisd-new/patches/patch-aa42
9 files changed, 404 insertions, 0 deletions
diff --git a/security/amavisd-new/DESCR b/security/amavisd-new/DESCR
new file mode 100644
index 00000000000..3180f61f143
--- /dev/null
+++ b/security/amavisd-new/DESCR
@@ -0,0 +1,11 @@
+amavisd-new is an interface between message transfer agent (MTA) and
+one or more content checkers, e.g. virus scanners, SpamAssassin, etc.
+It is a performance-enhanced and feature-enriched version of amavisd
+(which in turn is a daemonized version of AMaViS or amavis-perl).
+
+amavisd-new is normally positioned at or near a central mailer, not
+necessarily where user's mailboxes and final delivery takes place. If
+you are looking for fully per-user configurable and/or low-message-rate
+solution to be placed at the final stage of mail delivery (e.g. called
+from procmail), there may be other solutions more appropriate for your
+needs.
diff --git a/security/amavisd-new/MESSAGE b/security/amavisd-new/MESSAGE
new file mode 100644
index 00000000000..76d1d52591c
--- /dev/null
+++ b/security/amavisd-new/MESSAGE
@@ -0,0 +1,21 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1.1.1 2004/08/06 15:05:54 jlam Exp $
+
+To use amavisd-new, you should install at least one content checker.
+Examples of content checkers include the freely-available Clam Anti-Virus
+(mail/p5-Mail-ClamAV) and SpamAssassin (mail/spamassassin).
+
+amavisd-new will only scan inside archives if the appropriate unarchiving
+tools are available. You may choose to install the following tools to
+scan the respective archive types:
+
+ arc archivers/arc
+ freeze archivers/freeze
+ lha archivers/lha
+ lzop archivers/lzop
+ unarj archivers/unarj
+ unrar archivers/unrar
+ xbin archivers/xbin
+ zoo archivers/zoo
+
+===========================================================================
diff --git a/security/amavisd-new/MESSAGE.milter b/security/amavisd-new/MESSAGE.milter
new file mode 100644
index 00000000000..183c76cb539
--- /dev/null
+++ b/security/amavisd-new/MESSAGE.milter
@@ -0,0 +1,24 @@
+===========================================================================
+$NetBSD: MESSAGE.milter,v 1.1.1.1 2004/08/06 15:05:53 jlam Exp $
+
+Before using amavisd-new with Sendmail, you must configure Sendmail
+properly. Please refer to the following documentation:
+
+ ${PREFIX}/share/doc/amavisd-new/README.milter
+ ${PREFIX}/share/doc/amavisd-new/README.sendmail
+ ${PREFIX}/share/doc/amavisd-new/README.sendmail-dual
+
+There are several ways to configure Sendmail to pass mail through
+amavisd-new depending on your resources and whether you wish to use
+libmilter.
+
+If you choose to use libmilter, then you will need to add the following
+line to /etc/rc.conf:
+
+ amavismilter=YES
+
+Please refer to the comments at the top of the amavismilter rc.d script
+for additional rc.conf settings to modify how libmilter and amavisd-new
+communicate with each other.
+
+===========================================================================
diff --git a/security/amavisd-new/Makefile b/security/amavisd-new/Makefile
new file mode 100644
index 00000000000..463dc881336
--- /dev/null
+++ b/security/amavisd-new/Makefile
@@ -0,0 +1,134 @@
+# $NetBSD: Makefile,v 1.1.1.1 2004/08/06 15:05:54 jlam Exp $
+
+DISTNAME= amavisd-new-${VERSION}${PATCHLEVEL}
+PKGNAME= amavisd-new-${VERSION}${PATCHLEVEL:S/-//}
+CATEGORIES= security mail
+MASTER_SITES= http://www.ijs.si/software/amavisd/ \
+ http://mirrors.catpipe.net/amavisd-new/ \
+ http://ftp.cfu.net/pub/amavisd-new/ \
+ ftp://ftp.cfu.net/pub/amavisd-new/
+
+VERSION= 20040701
+PATCHLEVEL= # empty
+
+MAINTAINER= jdunn@aquezada.com
+HOMEPAGE= http://www.ijs.si/software/amavisd/
+COMMENT= daemonized interface between MTA and content checkers
+
+DEPENDS+= p5-Archive-Tar-[0-9]*:../../archivers/p5-Archive-Tar
+DEPENDS+= p5-Archive-Zip-[0-9]*:../../archivers/p5-Archive-Zip
+DEPENDS+= p5-BerkeleyDB-[0-9]*:../../databases/p5-BerkeleyDB
+DEPENDS+= p5-Compress-Zlib-[0-9]*:../../devel/p5-Compress-Zlib
+DEPENDS+= p5-Convert-TNEF-[0-9]*:../../converters/p5-Convert-TNEF
+DEPENDS+= p5-Convert-UUlib-[0-9]*:../../converters/p5-Convert-UUlib
+DEPENDS+= p5-Digest-MD5-[0-9]*:../../security/p5-Digest-MD5
+DEPENDS+= p5-MIME-tools>=5.313:../../mail/p5-MIME-tools
+DEPENDS+= p5-Net-[0-9]*:../../net/p5-Net
+DEPENDS+= p5-Net-Server-[0-9]*:../../net/p5-Net-Server
+DEPENDS+= p5-Time-HiRes-[0-9]*:../../time/p5-Time-HiRes
+DEPENDS+= p5-Unix-Syslog-[0-9]*:../../sysutils/p5-Unix-Syslog
+
+WRKSRC= ${WRKDIR}/amavisd-new-${VERSION}
+
+CONFLICTS+= amavis-[0-9]*
+CONFLICTS+= amavis-perl-[0-9]*
+
+.include "../../mk/bsd.prefs.mk"
+
+USE_PERL5= yes
+PERL5_REQD= 5.8.2
+REPLACE_PERL+= amavisd
+
+USE_PKGINSTALL= yes
+AMAVIS_USER?= vscan
+AMAVIS_GROUP?= vscan
+AMAVIS_DIR?= ${VARBASE}/amavis
+AMAVIS_QUARANTINE?= ${VARBASE}/virusmails
+DOCDIR= ${PREFIX}/share/doc/amavisd-new
+EGDIR= ${PREFIX}/share/examples/amavisd-new
+MESSAGE_SRC= ${PKGDIR}/MESSAGE
+
+BUILD_DEFS+= AMAVIS_USER AMAVIS_GROUP AMAVIS_DIR AMAVIS_QUARANTINE
+FILES_SUBST+= AMAVIS_USER=${AMAVIS_USER}
+FILES_SUBST+= AMAVIS_GROUP=${AMAVIS_GROUP}
+FILES_SUBST+= AMAVIS_DIR=${AMAVIS_DIR}
+FILES_SUBST+= AMAVIS_QUARANTINE=${AMAVIS_QUARANTINE}
+
+PKG_GROUPS= ${AMAVIS_GROUP}
+PKG_USERS= ${AMAVIS_USER}:${AMAVIS_GROUP}::Virus\\ Scanning\\ Account:${AMAVIS_DIR}:${SH}
+RCD_SCRIPTS= amavisd
+CONF_FILES= ${EGDIR}/amavisd.conf-minimal ${PKG_SYSCONFDIR}/amavisd.conf
+
+# Global and legacy options
+.if defined(USE_MILTER)
+. if !defined(PKG_OPTIONS.amavisd-new)
+. if defined(USE_MILTER) && !empty(USE_MILTER:M[Yy][Es][Ss])
+PKG_OPTIONS.amavisd-new+= milter
+. endif
+. endif
+.endif
+
+PKG_OPTIONS_VAR= PKG_OPTIONS.amavisd-new
+PKG_SUPPORTED_OPTIONS= milter
+.include "../../mk/bsd.options.mk"
+
+.if !empty(PKG_OPTIONS:Mmilter)
+USE_BUILDLINK3= yes
+GNU_CONFIGURE= yes
+CONFIGURE_ARGS+= --with-runtime-dir=${AMAVIS_DIR}
+CONFIGURE_ARGS+= --with-sockname=${AMAVIS_DIR}/amavisd.sock
+CONFIGURE_ARGS+= --with-user=${AMAVIS_USER}
+CONFIGURE_ARGS+= --with-milterinc=${BUILDLINK_PREFIX.libmilter}/include
+CONFIGURE_ARGS+= --with-milterlib=${BUILDLINK_PREFIX.libmilter}/lib
+CONFIGURE_DIRS= ${WRKSRC}/helper-progs
+BUILD_DIRS= ${WRKSRC}/helper-progs
+RCD_SCRIPTS+= amavismilter
+MESSAGE_SRC+= ${PKGDIR}/MESSAGE.milter
+PLIST_SUBST+= MILTER=
+
+PTHREAD_OPTS+= require native # doesn't work with pth
+. include "../../mail/libmilter/buildlink3.mk"
+. include "../../mk/pthread.buildlink3.mk"
+.else
+USE_LANGUAGES= # empty
+NO_BUILDLINK= yes
+NO_CONFIGURE= yes
+PLIST_SUBST+= MILTER="@comment "
+
+do-build: replace-interpreter
+.endif
+
+SUBST_CLASSES+= amavisd
+SUBST_STAGE.amavisd= pre-build
+SUBST_FILES.amavisd= ${WRKSRC}/amavisd ${WRKSRC}/amavisd.conf
+SUBST_SED.amavisd= \
+ -e "s|/etc/amavisd.conf|${PKG_SYSCONFDIR}/amavisd.conf|" \
+ -e "s|@AMAVIS_DIR@|${AMAVIS_DIR}|g" \
+ -e "s|@AMAVIS_USER@|${AMAVIS_USER}|g" \
+ -e "s|@AMAVIS_GROUP@|${AMAVIS_GROUP}|g" \
+ -e "s|@AMAVIS_QUARANTINE@|${AMAVIS_QUARANTINE}|g" \
+ -e "s|@LOCALBASE@|${LOCALBASE}|g" \
+ -e "s|@PREFIX@|${PREFIX}|g"
+
+do-install:
+.if !empty(PKG_OPTIONS:Mmilter)
+ ${INSTALL_PROGRAM} ${WRKSRC}/helper-progs/amavis ${PREFIX}/sbin
+ ${INSTALL_PROGRAM} ${WRKSRC}/helper-progs/amavis-milter ${PREFIX}/sbin
+.endif
+ ${INSTALL_SCRIPT} ${WRKSRC}/amavisd ${PREFIX}/sbin/amavisd
+ ${INSTALL_DATA_DIR} ${DOCDIR}
+ ${INSTALL_DATA} ${WRKSRC}/AAAREADME.first ${DOCDIR}
+ ${INSTALL_DATA} ${WRKSRC}/INSTALL ${DOCDIR}
+ ${INSTALL_DATA} ${WRKSRC}/LDAP.schema ${DOCDIR}
+ ${INSTALL_DATA} ${WRKSRC}/LICENSE ${DOCDIR}
+ ${INSTALL_DATA} ${WRKSRC}/MANIFEST ${DOCDIR}
+ ${INSTALL_DATA} ${WRKSRC}/RELEASE_NOTES ${DOCDIR}
+ for file in README_FILES/README.*; do \
+ ${INSTALL_DATA} ${WRKSRC}/$$file ${DOCDIR}; \
+ done
+ ${INSTALL_DATA_DIR} ${EGDIR}
+ ${INSTALL_DATA} ${WRKSRC}/amavisd.conf ${EGDIR}/amavisd.conf-minimal
+ ${INSTALL_DATA} ${WRKSRC}/amavisd.conf-default ${EGDIR}
+ ${INSTALL_DATA} ${WRKSRC}/amavisd.conf-sample ${EGDIR}
+
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/amavisd-new/PLIST b/security/amavisd-new/PLIST
new file mode 100644
index 00000000000..7d241a67ceb
--- /dev/null
+++ b/security/amavisd-new/PLIST
@@ -0,0 +1,33 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2004/08/06 15:05:54 jlam Exp $
+${MILTER}sbin/amavis
+${MILTER}sbin/amavis-milter
+sbin/amavisd
+share/doc/amavisd-new/AAAREADME.first
+share/doc/amavisd-new/INSTALL
+share/doc/amavisd-new/LDAP.schema
+share/doc/amavisd-new/LICENSE
+share/doc/amavisd-new/MANIFEST
+share/doc/amavisd-new/README.chroot
+share/doc/amavisd-new/README.contributed
+share/doc/amavisd-new/README.courier
+share/doc/amavisd-new/README.customize
+share/doc/amavisd-new/README.exim_v3
+share/doc/amavisd-new/README.exim_v3_app
+share/doc/amavisd-new/README.exim_v4
+share/doc/amavisd-new/README.exim_v4_app
+share/doc/amavisd-new/README.exim_v4_app2
+share/doc/amavisd-new/README.lookups
+share/doc/amavisd-new/README.milter
+share/doc/amavisd-new/README.old.scanners
+share/doc/amavisd-new/README.performance
+share/doc/amavisd-new/README.policy-on-notifications
+share/doc/amavisd-new/README.postfix
+share/doc/amavisd-new/README.protocol
+share/doc/amavisd-new/README.sendmail
+share/doc/amavisd-new/README.sendmail-dual
+share/doc/amavisd-new/RELEASE_NOTES
+share/examples/amavisd-new/amavisd.conf-default
+share/examples/amavisd-new/amavisd.conf-minimal
+share/examples/amavisd-new/amavisd.conf-sample
+@dirrm share/examples/amavisd-new
+@dirrm share/doc/amavisd-new
diff --git a/security/amavisd-new/distinfo b/security/amavisd-new/distinfo
new file mode 100644
index 00000000000..caf556d3322
--- /dev/null
+++ b/security/amavisd-new/distinfo
@@ -0,0 +1,5 @@
+$NetBSD: distinfo,v 1.1.1.1 2004/08/06 15:05:54 jlam Exp $
+
+SHA1 (amavisd-new-20040701.tar.gz) = 77c037cb13e629f5f2c038d56a62c1cdae904075
+Size (amavisd-new-20040701.tar.gz) = 451622 bytes
+SHA1 (patch-aa) = 4364b6501c0730b623c48afee6f24b6256c6b84f
diff --git a/security/amavisd-new/files/amavisd.sh b/security/amavisd-new/files/amavisd.sh
new file mode 100644
index 00000000000..fac6afc917c
--- /dev/null
+++ b/security/amavisd-new/files/amavisd.sh
@@ -0,0 +1,77 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: amavisd.sh,v 1.1.1.1 2004/08/06 15:05:54 jlam Exp $
+#
+# PROVIDE: amavisd
+# REQUIRE: DAEMON
+# BEFORE: mail
+#
+#
+# You will need to set some variables in /etc/rc.conf to start amavisd:
+#
+# amavisd=YES
+#
+# The following variables are optional:
+#
+# amavisd_user="@AMAVIS_USER@" # user to run amavisd as
+# amavisd_group="@AMAVIS_GROUP@" # ${amavisd_user}'s group
+# amavisd_dirs="@AMAVIS_DIR@" # directories that should be created
+# # before starting amavisd
+
+if [ -f /etc/rc.subr ]; then
+ . /etc/rc.subr
+fi
+
+name="amavisd"
+rcvar=$name
+command="@PREFIX@/sbin/${name}"
+command_interpreter="@PERL5@"
+pidfile="@AMAVIS_DIR@/amavisd.pid"
+required_files="@PKG_SYSCONFDIR@/${name}.conf"
+: ${amavisd_user="@AMAVIS_USER@"}
+: ${amavisd_group="@AMAVIS_GROUP@"}
+: ${amavisd_dirs="@AMAVIS_DIR@ @AMAVIS_DIR@/db @AMAVIS_DIR@/tmp @AMAVIS_QUARANTINE@"}
+
+start_precmd="amavisd_prestart"
+stop_cmd="amavisd_stop"
+
+amavisd_prestart()
+{
+ @RM@ -f @AMAVIS_DIR@/amavisd.sock
+ for dir in ${amavisd_dirs}; do
+ @MKDIR@ $dir
+ @CHOWN@ ${amavisd_user}:${amavisd_group} $dir
+ @CHMOD@ 0750 $dir
+ done
+}
+
+# Net::Server breaks rc.subr's techniques for detecting whether the
+# process running at a certain PID is actually the process we wish to
+# stop. Just unconditionally send SIGTERM to the PID instead.
+#
+amavisd_stop()
+{
+ @ECHO@ "Stopping ${name}."
+ if [ -f ${pidfile} ]; then
+ pid=`@HEAD@ -1 ${pidfile}`
+ doit="@SU@ -m ${amavisd_user} -c \"kill ${pid}\""
+ if ! eval $doit && [ -z "$rc_force" ]; then
+ return 1
+ fi
+ wait_for_pids $pid
+ fi
+ @RM@ -f ${pidfile}
+ for dir in ${amavisd_dirs}; do
+ @RMDIR@ -p $dir 2>/dev/null || @TRUE@
+ done
+}
+
+if [ -f /etc/rc.subr -a -f /etc/rc.conf \
+ -a -d /etc/rc.d -a -f /etc/rc.d/DAEMON ]; then
+ load_rc_config $name
+ run_rc_command "$1"
+else
+ @ECHO@ -n " ${name}"
+ eval ${start_precmd}
+ ${command} ${amavisd_flags} ${command_args}
+fi
diff --git a/security/amavisd-new/files/amavismilter.sh b/security/amavisd-new/files/amavismilter.sh
new file mode 100644
index 00000000000..4c0695a322d
--- /dev/null
+++ b/security/amavisd-new/files/amavismilter.sh
@@ -0,0 +1,57 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: amavismilter.sh,v 1.1.1.1 2004/08/06 15:05:54 jlam Exp $
+#
+# PROVIDE: amavismilter
+# REQUIRE: DAEMON
+# BEFORE: mail
+#
+# To communicate with libmilter through a UNIX domain socket (the
+# socket must exist in a location that's writable by the user named
+# by ${amavismilter_user}:
+#
+# amavismilter_flags="-p local:/path/to/socket"
+#
+# To communicate with libmilter through a TCP/IP socket:
+#
+# amavismilter_flags="-p inet:port@0.0.0.0"
+#
+# To communicate with libmilter through a TCP/IP socket restricted to a
+# particular interface address:
+#
+# amavismilter_flags="-p inet:port@A.B.C.D"
+#
+
+if [ -f /etc/rc.subr ]; then
+ . /etc/rc.subr
+fi
+
+name="amavismilter"
+rcvar=$name
+command="@PREFIX@/sbin/amavis-milter"
+required_vars="amavisd"
+: ${amavismilter_user="@AMAVIS_USER@"}
+: ${amavismilter_flags="-p local:@AMAVIS_DIR@/amavis-milter.sock"}
+
+start_precmd="amavismilter_precmd"
+
+# Before starting amavis-milter, remove the old milter socket if it exists.
+amavismilter_precmd()
+{
+ set -- ${amavismilter_flags}
+ case $2 in
+ local:*)
+ @RM@ -f "${2#local:}"
+ ;;
+ esac
+}
+
+if [ -f /etc/rc.subr -a -f /etc/rc.conf \
+ -a -d /etc/rc.d -a -f /etc/rc.d/DAEMON ]; then
+ load_rc_config $name
+ run_rc_command "$1"
+else
+ @ECHO@ -n " ${name}"
+ eval ${start_precmd}
+ ${command} ${amavismilter_flags} ${command_args}
+fi
diff --git a/security/amavisd-new/patches/patch-aa b/security/amavisd-new/patches/patch-aa
new file mode 100644
index 00000000000..85868e5f613
--- /dev/null
+++ b/security/amavisd-new/patches/patch-aa
@@ -0,0 +1,42 @@
+$NetBSD: patch-aa,v 1.1.1.1 2004/08/06 15:05:54 jlam Exp $
+
+--- amavisd.conf.orig Thu Jul 1 16:04:36 2004
++++ amavisd.conf
+@@ -9,7 +9,7 @@ use strict;
+ # MUST BE SET (no useful default):
+
+ $mydomain = 'example.com';
+-$MYHOME = '/var/amavis';
++$MYHOME = '@AMAVIS_DIR@';
+ $TEMPBASE = "$MYHOME/tmp";
+
+
+@@ -19,8 +19,8 @@ $TEMPBASE = "$MYHOME/tmp";
+ # @bypass_spam_checks_maps = (1); # uncomment to DISABLE anti-spam code
+
+ $max_servers = 2; # number of pre-forked children
+-$daemon_user = 'vscan'; # (no default; customary: vscan or amavis)
+-$daemon_group = 'vscan'; # (no default; customary: vscan or amavis)
++$daemon_user = '@AMAVIS_USER@'; # (no default; customary: vscan or amavis)
++$daemon_group = '@AMAVIS_GROUP@'; # (no default; customary: vscan or amavis)
+ @local_domains_maps = ( [".$mydomain"] );
+
+ $log_level = 0;
+@@ -28,7 +28,7 @@ $log_recip_templ = undef; # disable b
+ $DO_SYSLOG = 1;
+ $SYSLOG_LEVEL = 'mail.info';
+ $ENV{TMPDIR} = $TEMPBASE;
+-$QUARANTINEDIR = '/var/virusmails';
++$QUARANTINEDIR = '@AMAVIS_QUARANTINE@';
+ # $daemon_chroot_dir = $MYHOME; # (default is undef, meaning: do not chroot)
+
+ $inet_socket_port = 10024; # accept SMTP on this local TCP port(s) (Postfix)
+@@ -55,7 +55,7 @@ $mailfrom_notify_spamadmin = "spam.polic
+ @addr_extension_banned_maps = ('banned');
+ @addr_extension_bad_header_maps = ('badh');
+
+-$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
++$path = '@PREFIX@/sbin:@PREFIX@/bin:@LOCALBASE@/sbin:@LOCALBASE@/bin:/usr/sbin:/sbin:/usr/bin:/bin';
+ $file = 'file'; # file(1) utility; use 3.41 or later to avoid vulnerability
+ $gzip = 'gzip';
+ $bzip2 = 'bzip2';