summaryrefslogtreecommitdiff
path: root/mail
AgeCommit message (Collapse)AuthorFilesLines
2008-03-25Remove thunderbird15 packages.wiz59-8264/+1
They have security problems and are not maintained. Removal was announced on pkgsrc-users on March 13.
2008-03-20Upgrade netqmail to 1.06, which is identical to 1.05 except thatschmonz3-17/+12
instead of consisting of a pristine qmail tarball and netqmail patch, 1.06 has the patch already applied. No user-visible changes to pkgsrc, either; this just simplifies a weird build and will make future upgrades (don't laugh!) easier. jlam@ "looks fine"
2008-03-17Update MASTER_SITES and HOMEPAGE (and 1.1 is in old)obache1-3/+3
2008-03-17The old ftp.dcs.ed.ac.uk FTP service has been withdrawn.obache1-2/+2
2008-03-171.13 is now in old.obache1-2/+3
2008-03-17distfile is in "archive" now.obache1-2/+2
2008-03-17Update MASTER_SITES and HOMEPAGE.obache1-5/+3
2008-03-17Adjust version number in MASTER_SITES url.obache1-2/+2
2008-03-171.3.4 in old.obache1-2/+3
2008-03-175.2.4 in old.obache1-2/+3
2008-03-17Updated postfix-current to 2.6.20080221martti2-9/+13
* Bug fixes * Create /var/db/postfix like in pkgsrc/mail/postfix
2008-03-16Support PKGMANDIR.tnn2-7/+16
2008-03-15Delete package -- GPL version conflictsmb4-37/+1
2008-03-15Patches from schmonz@ for 0.1-stableadrianp5-19/+119
Notes: First "stable" release ever. Introduces an install script, some new features and many bug fixes. Changes: - Added interactive installer script - Allow to send mail with BCC recipients only - Remember decision to display images for a certain message during session - Remember search results - Add Received header on outgoing mail - Implement Message-Disposition-Notification (Receipts) - Don't create default folders by default - Fixed some potential security risks (audited by Andris) - Filter linked/imported CSS files - Improve message compose screen and many bug fixes. See http://trac.roundcube.net/wiki/Changelog for details.
2008-03-14Setup BINOWN/BINGRP/SHAREOWN/SHAREGRP for mail/libmilter's benefit.jnemeth1-1/+7
2008-03-14Fix unprivileged build by passing in BINOWN/BINGRP/SHAREOWN/SHAREGRP.jnemeth1-2/+3
2008-03-14Set data_directory's default to "/var/db/postfix" and create it properlytaca1-3/+8
install stage. It should be fix some problem; running tls and find command's error on start. Bump PKGREVISION.
2008-03-13Make PostgreSQL 8.2 the default version. Bump all packages using it.joerg1-2/+2
Remove PostgreSQL 8.0 as choice.
2008-03-11Put back a couple of IRIX conditionals the way they used to behave,tnn3-6/+6
e.g. match IRIX 5.x but not 6.x. Some of these may indeed apply to 6.x too, but let's be conservative. PR pkg/38224.
2008-03-10Add CONFLICTS line for previous PKGNAME versions.wiz1-1/+2
Suggested by Alan Barrett.
2008-03-09Update to 2.5.0adrianp5-21/+23
Add "AutoRestartCount" and "AutoRestartRate" configuration parameters to limit runaway restart loops. Feature request #SF1735573: Add "AlwaysAddARHeader" option, which will add an Authentication-Results of "none" for unsigned messages from domains without a "strict" policy. Feature request #SF1807748: Reload the configuration file on receipt of SIGUSR1. Requested by Florian Sager. Feature request #SF1811969: Add _FFR_BODYLENGTH_DB which adds a "BodyLengthDBFile" feature, allowing a per-recipient decision on whether or not to use an "l=" tag when signing. Patch contributed by Daniel Black. Feature request #SF1841955: Add an "Include" facility to the configuration file. Feature request #SF1876941: Make the syslog facility selectable. Based on a patch from Jose-Marcio Martins da Cruz of Ecole des Mines de Paris. Feature request #SF1876943: Add _FFR_AUTHSERV_JOBID allowing the job ID to be included as part of the "authserv-id" in Authentication-Results: headers. Based on a patch from Jose-Marcio Martins da Cruz of Ecole des Mines de Paris. Feature request #SF1890581: Attempt to clean up a UNIX domain socket in the non-AutoRestart case as well. Requested by Daniel Black. Add "MilterDebug" configuration file option for requesting debugging output from the filter. Add "FixCRLF" configuration file option which activates the DKIM_LIBFLAGS_FIXCRLF flag (see below). Update to draft-ietf-dkim-ssp-03. In doing so, rename the "UseSSPDeny" configuration option to "UseASPDiscard". Handle an error from dkim_getsighdr() properly in mlfi_eom(). When VERIFY_DOMAINKEYS is active, don't short-circuit mlfi_eoh() between dk_verify() and dk_eoh() or a segmentation fault below dk_body() could result. LIBDKIM: Feature request #SF1823059: Export key, signature and policy syntax checking capability via the API. Based on a patch from Chris Behrens of Concentric Network Corporation. LIBDKIM: Assert defaults for "c" and "q" tags when parsing signature headers. Patch from Chris Behrens of Concentric Network Corporation. LIBDKIM: Better handling of truncated DNS replies; instead of just giving up if the "tc" (truncated) bit is set in the reply, see if there was enough of a reply returned to be able to complete the request. LIBDKIM: Fix recycling bug in header canonicalizations which was causing signatures other than the first one to fail in most cases. LIBDKIM: Add new dkim_chunk() interface. LIBDKIM: Enforce DKIM_OPTS_QUERYMETHOD library option even if there were no valid signatures. LIBDKIM: New DKIM_LIBFLAGS_FIXCRLF which requests that "naked" CRs and LFs be converted to CRLFs during canonicalization when signing. LIBDKIM: Fix bounds checking in dkim_canon_selecthdrs(). LIBAR: Eliminate a possible race condition in ar_dispatcher(). LIBAR: Timeouts passed to select() can't be bigger than 10^8. Problem noted by S. Moonesamy of Eland Systems. BUILD: Feature request #SF1876242: Install the filter in EBINDIR and everything else in UBINDIR.
2008-03-09Pull in improvements from wip (packaged by j+pkgsrc (at) salmi.ch):adrianp5-21/+201
* Install documentation for the library * Install a static version of the dkim library * Move to external options.mk * Add support for ar(3) and debug
2008-03-09Update to Dovecot 1.0.13.ghen2-6/+6
Note that the changes for the security hole fix were quite large. I tested with several auth configurations myself and they seemed to work, but it's possible I left a bug somewhere in there breaking someone's configuration. So make sure to test that it works after upgrading. Of course it would be really nice if Dovecot had a proper test suite where testing all configurations could be automated and run before each release. I've already started this with my imaptest tool (http://imapwiki.org/ImapTest), but it only does IMAP tests and a lot of things are still missing. Some help would be nice here. * Fixed a security hole in blocking passdbs (MySQL always. PAM, passwd and shadow if blocking=yes) where user could specify extra fields in the password. The main problem here is when specifying "skip_password_check" introduced in v1.0.11 for fixing master user logins, allowing the user to log in as anyone without a valid password. - mail_privileged_group was broken in some systems (OS X, Solaris?) - IMAP THREAD: Fixed some correctness problems
2008-03-08Use PKGVERSION_NOREV as base for the compressed mbox patch.joerg2-3/+6
Add patchsum.
2008-03-06Recursive PKGREVISION bump for gnutls-2.2.2 update with shlib major bump.wiz8-16/+17
2008-03-06add a case, making the patch identical to Gentoo's,drochner2-3/+12
ride on yesterday's PKGREV bump
2008-03-06Fix PKGNAME.wiz1-1/+2
2008-03-05fix some format string problems, should fix CVE-2008-0072drochner3-3/+44
(There is no exact information available, so I've patched all uses of non-constant strings as format specifiers.) bump PKGREVISION
2008-03-05Update to Dovecot 1.0.12.ghen2-6/+6
- Using mail_privileged_group with dotlock_use_excl=no worked, but it logged "access denied" errors.
2008-03-04Restore catted man page lost in previous commit.schmonz1-1/+3
2008-03-04Mechanical changes to add DESTDIR support to packages that installjlam61-386/+563
their files via a custom do-install target.
2008-03-04Patch around imap_header() dying with SIGABRT if recipient lists are toosborrill1-2/+2
long. Patch appended to PHP bug 42862, so the fix may be incorporated in later PHP releases and thus this patch can be reverted. http://bugs.php.net/bug.php?id=42862 Bump PKGREVISION of php-imap
2008-03-04Resign from maintaining a lot of packages, so everyone is free to updaterillig1-2/+2
them at will.
2008-03-04Update to Dovecot 1.0.11.ghen2-7/+6
* mail_extra_groups setting was commonly used insecurely. This setting is now deprecated. Most users should switch to using mail_privileged_group setting, but if you really need the old functionality use mail_access_groups instead. - mbox: Dropped some of the physical size fetch optimizations added in v1.0.8. This makes some commands slower, but should fix the rest of the problems. - IMAP: SEARCH BEFORE/ON/SINCE didn't handle timezones correctly. - ldap: auth_bind was doing lookups using subtree scope instead of the scope specified in config file. - zlib plugin crashfixes by Richard Platel - master passdbs: pass=yes setting was broken with blocking passdbs (e.g. MySQL)
2008-03-03Solaris/SunPro fixes.sketch5-6/+98
2008-02-28Fixed pkglint warnings.rillig1-6/+5
2008-02-27Update thunderbrd and thunderbird-gtk1 to 2.0.0.12 (.10 and .11 where skipped).ghen2-6/+6
Security fixes in this version: MFSA 2008-12 Heap buffer overflow in external MIME bodies MFSA 2008-07 Possible information disclosure in BMP decoder MFSA 2008-05 Directory traversal via chrome: URI MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12) For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.12/releasenotes/
2008-02-27USE_NCURSESW is gone, use USE_NCURSES instead.wiz1-2/+2
2008-02-25Update to 3.1.6. Note that some command-line options and the formatschmonz7-70/+58
of some log entries have changed since 2.6.3; see UPGRADING.txt. Also, pkgsrc no longer installs the random extra utilities that are explicitly marked as unnecessary for spamdyke operation. From the changelog: VERSION 3.1.6 -- 2/11/2008 Fixed a serious bug in middleman() -- when the remote server sent its message data and QUIT command in a burst and disconnected before spamdyke read() all of the data, the last data returned from read() was printed twice. This could cause message corruption, especially in the case of attachments. Fixed a serious bug in middleman() -- when the remote server sent its data in bursts of 4096 bytes AND there were two lines of text in the data AND the 4096th character was not a newline AND there was a delay between the data bursts, memmove()ing the buffered data was causing corruption because the moved data was not being properly re-terminated. While processing the remaining buffered data (and waiting for another burst from the remote server), strchr() would seek past the end of the data to an old newline character and middleman() would erroneously conclude the next line of data was complete, ready for processing. Many thanks to Andreas Galatis and Dragomir Denev for reporting and helping me reproduce this one. Added a -W flag to sendrecv to introduce a delay between message data bursts. Added a -o flag to smtpdummy to save the message data to a file. VERSION 3.1.5 -- 1/22/2008 Fixed sendrecv to correctly process corrupted TLS negotiations instead of covering up bugs in spamdyke. Fixed spamdyke to not add garbage output at the beginning of TLS passthrough negotiations. This was causing SSL handshakes to fail. Thanks to Ronnie Tartar for reporting this one. VERSION 3.1.4 -- 1/21/2008 Fixed all of the Makefiles to remove a symbols directory Leopard's gcc seems to create when compiling in debug mode. Fixed middleman() to log the timeout message only once. Fixed middleman() to not expect input from the child process when the child process' input is being ignored or after the child process has exited. Fixed middleman() to correctly handle a rare situation -- when the child process was too slow responding that spamdyke's idle timeout was passed AND spamdyke was processing TLS data AND there was still data in the SSL buffer, spamdyke would loop infinitely, consuming 100% CPU. This was a very tricky bug to find and fix. Thanks to Pablo Gonzalez and Paolo for reporting this one and helping me debug it. Fixed middleman() to send message data to the child process line-by-line, even when the buffer is full. Added a new test program: smtpdummy. This one simulates an SMTP server and can add delays after specific commands. Changed sendrecv to use a 64K buffer for input and output data. Changed sendrecv to kill the its child process after its timeout expires. Changed sendrecv to optionally continue sending data in bursts after the end for the message data. Some mail servers do this. Changed sendrecv to deliberately send corrupt data while TLS is active. Changed test regression_009 to build its message payload at runtime instead of including a 0.75M file. This file was unnecesarily increasing the size of the spamdyke tarball. Fixed compiling on Solaris. Again. Thanks to Davide Bozzelli for reporting this. Again. Sigh. VERSION 3.1.3 -- 1/3/2008 Fixed the format string LOG_INFO_DNS_TXT to assign the parameters correctly and prevent bus errors when the DNS response text is long. Thanks to Stephan Rosenke for reporting this one. VERSION 3.1.2 -- 12/11/2007 Fixed smtp_filter() to set a flag after some SMTP commands to force middleman() to wait for input from the child process before proceeding. Some (nonspammer) mail servers send their data in bursts without waiting for responses. This was causing spamdyke to skip logging (but not filtering) if the DATA command was sent in a burst with RCPT TO. Thanks to Sebastien Guilbaud and Bucky Carr for reporting this one. Added a "-b" flag to sendrecv to simulate servers that send their message data (but not their SMTP commands) in bursts. VERSION 3.1.1 -- 11/12/2007 Added excessive logging to search_domain_directory() to log the directory search pattern. Changed all calls to spamdyke_log() to use the macros SPAMDYKE_LOG_NONE(), SPAMDYKE_LOG_ERROR(), SPAMDYKE_LOG_INFO(), SPAMDYKE_LOG_DEBUG() and SPAMDYKE_LOG_EXCESSIVE() instead. The macro tests the current log level without forcing a function call and also paves the way toward eliminating some logging code at compile-time. Fixed process_access() to correctly search for the RELAYCLIENT variable in spamdyke's environment. Thanks to Steve Cole for reporting this one. VERSION 3.1.0 -- 11/5/2007 Changed the "graylist-dir" and "no-graylist-dir" options to take multiple directories for servers that are hosting so many domains that they can't create enough domain folders in one place (wow). Added minimum and maximum values to all integer options and changed set_config_value() to generate error messages when values are out of range. Change usage() to print minimum and maximum integer values. Alphabetized the option list by long option name and changed process_config_file() to use a binary search algorithm when identifying directives, a theoretical improvement from O(n/2) to O(log n). Changed prepare_settings() to create an array of options indexed by the short option code. This introduces some constant-time work (O(1)) and greater memory usage. Changed process_command_line() to use the indexed array of options, theoretically reducing command line parsing work from O(n/2) to O(1). This is a win if the command line has many parameters or if it has parameters that are near the end of the unindexed option array. Testing confirms a small performance gain. Added command line options "config-test-smtpauth-username" and "config-test-smtpauth-password". Changed config_test_smtpauth() to run the authentication command(s) if a username and password are provided. This incorporates the functionality of checkpassword into spamdyke. Added the command line option "config-test-user" to change user and group IDs before running the configuration tests. This makes it easier to simulate running as the mail server. Changed process_config_file() and process_command_line() to print errors and stop when they encounter an option that is not legal in that location. At the moment, "help", "version", "config-test", "config-test-smtpauth-username", "config-test-smtpauth-password" and "config-test-user" are not valid in files; all options are valid on the command line. Changed config_test_dir_read() and config_test_graylist() to never examine the "." or ".." folders, even if readdir() and/or stat() report they are not folders. Thanks to Paulo Henrique for reporting this one. Changed set_config_value() to remove trailing slashes from directory paths. Added test_spamdyke_binary() to check if the spamdyke binary is setuid root (it should not be). Renamed test_settings() to config_test(). Moved all of the configuration test functions to config_test.[ch] -- they were cluttering up configuration.c. Made a few small updates to the help message text. Added additional vchkpw exit codes to exec_checkpassword() to explain why vchkpw exited, since it doesn't follow DJB's published checkpassword API. Moved md5.[ch] from the "utils" folder to the "spamdyke" folder and updated Makefile to compile them into spamdyke. Removed passwordcheck from the "utils" folder since spamdyke now contains its functionality. Added a README file to the "utils" folder to answer the biggest FAQ about those utilities. Fixed exec_command() to connect the output pipe to the child process's stdin instead of file descriptor 3. The bug was due to copying exec_checkpassword() and forgetting to change the value. Renamed exec_checkpassword() to exec_checkpassword_argv() and changed its arguments to expect a filename and an argument array. Added exec_checkpassword() to parse a command string into an argument array and call exec_checkpassword_argv(). Renamed exec_command() to exec_command_argv() and changed its arguments to expect a filename and an argument array. Added exec_command() to parse a command string into an argument array and call exec_command_argv(). Fixed numerous bugs in exec_command_argv() that were preventing it from actually gathering any input from the child process. Changed exec_command_argv() and exec_checkpassword_argv() to always log their child process errors to syslog, regardless of the user's preferences. Otherwise, the errors will be lost. Added the function find_path() to search the PATH for the given command without executing it. Changed exec_command_argv() and exec_checkpassword_argv() to use find_path() to locate the executable before fork()ing to catch typos. The child processes then use execve() to execute the command instead of exec_path(). Otherwise, the parent has a hard time determining that the child process quit because the command path was invalid. Changed exec_command_argv() and exec_checkpassword_argv() not to wait indefinitely for the child to exit after the timeout expires. Changed dns_txt(), dns_ptr_lookup() and dns_mx() to limit the total number of queries they will recursively perform. This is to prevent a DoS situation where some domain has an unreasonable number of chained (non-circular) CNAME records. The limit is (arbitrarily) set at 16. Added the function config_test_child_capabilities() to test the qmail binary for SMTP AUTH and TLS patches. Depending on what is found, recommendations for spamdyke flags are made. Changed check_rdns_keywords() to allow top-level domains (like .com) to be used as keywords. This allows a way to reject connections from remote servers with rDNS names that contain the IP address and a two-letter country code. Unlike check_country_code(), specific country codes can now be chosen. Fixed do_spamdyke() not to wait indefinitely for all child processes to exit. This behavior was causing problems with DJB's recordio because recordio fork()s and uses its parent process to exec() spamdyke. This is very unusual. Changing wait(NULL) to waitpid() fixes the problem. Thanks to Bob Hutchinson for reporting this one. Added dns_initialize() and dns_get() to perform DNS queries by sending UDP packets instead of using the resolver library to do it. The resolver functions are just too slow and they try to do too much unnecessary work. dns_get() performs multiple requests for records (one for each kind of desired record) and, if no responses are received, sends requests to the secondary nameservers as well. Timeouts and retransmission times can now be controlled. This has resulted in a significant speedup in DNS resolutions; testing shows as much as a 10x performance increase in some situations. Changed dns_txt(), dns_ptr_lookup() and dns_mx() to search all of the answers for the desired answer type before recursively querying CNAME answers. Some nameservers always put the CNAME answers first, even if other answer types are also given. This should allow spamdyke to find answers faster when domain admins have used a lot of CNAMEs. Added dns_a() to perform A record queries and changed all uses of gethostbyname() to use dns_a() instead. Changed dnsa, dnsmx, dnsns, dnsptr, dnssoa and dnstxt in the "utils" folder to only perform their specific queries, not ask for CNAME records as well. Changed dnsa, dnsmx, dnsns, dnsptr, dnssoa and dnstxt in the "utils" folder to send their own UDP packets instead of using the resolver library. Added dnscname to the "utils" folder to perform CNAME queries. Added dnsany to the "utils" folder to perform ANY queries and perform recursive CNAME lookups. Added "log-target" option to allow logging to stderr instead of syslog. Some people apparently like using the qmail-style "multilog" instead of syslog. I can't understand why but I'm here to serve. Thanks to John Hallam for suggesting this one. Changed all of the error messages about unexpected file types to specify what file type was found -- "non-regular file" was too vague to be useful. Changed the header in the files created by full logging to include the spamdyke version. Changed tls_end_inner() to use SSL_get_shutdown() to see if a shutdown signal has already been received. If SSL_shutdown() is used on a closed file descriptor, spamdyke will crash with SIGPIPE. Changed all instances of read(), write(), SSL_read() and SSL_write() to read or write as many bytes as possible in each call. This should provide a significant performance increase. The single-byte read()s and write()s were only used because I had badly misunderstood the relationship between select() and read()/write() -- blocking only occurs when select() indicates a file descriptor is not ready. If it is ready, read() and write() will handle as many bytes as they can without blocking. Thanks to Trog for setting me straight on this one. Rewrote most of sendrecv in the "tests" folder to use a multi-byte read(). Also took the opportunity to make sendrecv much faster and more polite, so it doesn't consume 100% CPU while waiting for qmail output. Fixed compiling errors on 64 bit Linux systems (Debian Etch x86_64 and Gentoo AMD64). Thanks to Juha-Pekka Jarvenpaa and FireBall for reporting this. Added config_test_file_type() to use stat() to find a file's type if readdir() either doesn't report it (Solaris) or reports "unknown" for all files (XFS). Thanks to Paulo Henrique for reporting this one. Fixed compiling errors on Solaris. Thanks to Limperis Antonis for reporting this. Changed the logging severity of the "unable to write X bytes to file descriptor" to debug instead of error. 99% of the time, the error occurs because the remote client disconnected unexpectedly and there's nothing the administrator can do about it anyway. Changed do_spamdyke() to ignore SIGPIPE signals. Changed do_spamdyke(), exec_command_argv() and exec_command_checkpassword() to change the SIGPIPE signal handler back to default for child processes after fork()ing but before exec()ing. Added a new logging level: excessive (4). It's to be used for printing very detailed debugging statements. Changed process_access() to permit access when no matching lines are found in the access file. Although DJB's tcprules documentation doesn't explicitly say so, no matching lines should allow access. Thanks to Steve Cole for reporting this one. VERSION 3.0.1 -- 9/12/2007 Fixed "configure" to remove the "_beta1" tag from the version number. That should never have been published. Changed usage() to show that optional values to long commands must be separated by an equals sign. getopt_long() is really becoming a hassle. Thanks to Richard Kreider for reporting this one. Fixed find_address() to accept addresses that aren't correctly delimited with <> characters and/or have multiple (illegal) spaces after the colon. Thanks to Davide Bozzelli for reporting this one. Fixed prepare_settings() to set the idle timeout seconds to the correct variable instead of setting the connection timeout variable. Thanks to Carlo Blohm for reporting this one. Fixed smtp_filter() to print the rejection message to HELO and EHLO, even if those commands appear in an improper place in the protocol. Fixed smtp_filter() to print the rejection message with an error code in response to STARTTLS if the command is given in an improper place in the protocol. Added some regression tests to find these bugs in the future. Fixed the usage statement in sendrecv to show the -w flag. VERSION 3.0.0 -- 9/11/2007 Added command line options never-graylist-rdns-dir, always-graylist-rdns-dir and rdns-whitelist-dir to search domain directory structures just like rdns-blacklist-dir. Added the command line option rdns-blacklist-file to search a file just like rdns-whitelist-file. Moved the command line option labels into configuration.c so they can be shared with the config file parser. Changed process_command_line() to build the list of short options from the list of long options instead of hardcoding them. Less maintenance this way. Modified check_rdns_keywords(), search_file() and search_tcprules_file() to correctly track line numbers and return the matching line number instead of just 1. Changed logging to allow the amount of information to be turned up or down. This should make spamdyke less chatty in the syslog for small errors. Modified smtp_filter() and run_tests() to report the matching filename and line number from check_rdns_keywords(), search_file() and search_tcprules_file() in syslog if the logging level is high enough. Fixed find_address() to locate the real email address and ignore BATV tags, relay paths and bang paths. Thanks to Walter Russo for reporting this one (again). Changed middleman() to obey minimums and maximums for the amount of time to select() for traffic. If spamdyke waits too long, the qmail process might not get wait()ed for a while, leaving a lot of defunct/zombie processes around. On a busy server, this could be a problem. Thanks to Jason M for reporting this one. Added process_config_file() to process configuration files instead of requiring all configuration to be done on the command line. At the moment, the file just uses the same (long option) directives as the command line. Added test_settings() to run tests on every configuration option and (hopefully) identify misconfigurations before someone makes them on a live server. Added the command line option "config-test" to run test_settings(). Renamed log_writeln() and log_write_rejection() to output_writeln() and output_write_rejection(), respectively, to make it clearer what they're doing. Changed smtp_filter() to allow multiple authentication attempts. Some clients retry authentication several times, presumably to deal with servers that can't use the authentication method they prefer. Changed middleman() to collect (and send) whole lines of input instead of single characters. Single character write()s were causing problems with Nagios and Windows clients. Changed output_write_rejection() to create a single output line and send it to output_writeln() all at once instead of sending a piece at a time. This keeps packets together for stupid Windows clients that just can't handle reassembling TCP packets correctly. Changed main() to always run spamdyke (as opposed to starting qmail without spamdyke listening) even if a whitelist is matched. This way, spamdyke can report all traffic to syslog, not just traffic that _may_ be filtered. Changed smtp_filter() and middleman() to catch the return codes from qmail when the remote client gives the recipient address. Now, if spamdyke doesn't block the recipient command but qmail does (e.g. for relaying), spamdyke will log the correct message. Incorporated GNU autoconf to create a "configure" script for spamdyke and the "utils" folder. The days of "make no_tls" and "make bsd" are thankfully over. Renamed all of the test folders to group them by function so it's easier to see what tests exist. Sequential numbers just weren't working. Changed dns_mx() to lookup the MX record before returning success. This means the sender MX filter now requires a mail exchanger record _and_ at least one mail exchanger must have an IP address. Before, the MX record was enough, even if there was no corresponding A record. Changed usage() to read the options and help text from get_spamdyke_options() in configuration.c so the help message won't ever be out of sync with the available options again. Added the command line option "tls-privatekey-password-file" to allow the SSL private key password to be read from a file instead of the command line. This way, the password isn't visible to everyone who can view a process list. Changed search_file(), search_tcprules_file() and check_rdns_keywords() so they no longer build their fscanf() patterns into a stack variable but instead use a literal search pattern assembled at compile time with STRINGIFY(). Added the command line options "hostname-file" and "hostname-command" to support reading the local hostname from a file or from a command (e.g. "hostname -f") instead of forcing it to be specified on the command line. Changed middleman() and smtp_filter() to always monitor and trust authentication carried out by qmail, even if "smtp-auth-command" was not given. This means spamdyke will always disable its filters for authenticated users even if it can't check the authentication itself. I'm not sure why I didn't design spamdyke this way in the first place. Added command line options recipient-whitelist-file and sender-whitelist-file so specific sender and recipient addresses can bypass the filters. Sender addresses are very easy to fake and recipient addresses are, of course, known to spammers, so both of these options are ill-advised. I've only added them due to popular demand. Added command line option check-rhsbl to check righthand-side blacklists. Both the server's rDNS domain name and the sender's email domain name are checked. Added command line options check-dns-whitelist and check-rhs-whitelist to allow DNS RBLs and RHSBLs to act as whitelists instead of blacklists. Anyone using DNS-based blacklists _and_ whitelists had better have some seriously fast DNS servers. Changed dns_txt(), dns_mx() and dns_ptr_lookup() to pass a stack of previous queries whenever they recursively lookup CNAME records, to prevent a cylical CNAME structure from leading to infinite recursion. NOT BACKWARDS COMPATIBLE: Changed the syslog entry format: renamed "origin" to "origin_ip", added "origin_rdns:" before the rDNS name, added "auth:" before the authenticated username and added "reason:" before the rejection reason when a timeout occurs. Changed process_command_line() to assume the remote IP address is 0.0.0.0 if the environment variable TCPREMOTEIP is not set. Added a ton more test scripts for all of the new options and for testing config files. Added dnsa, dnsns and dnssoa to the "utils" folder for performing DNS queries of A, NS and SOA records, respectively. Wouldn't it be AMAZING if the libc maintainers added standard functions to do these queries?! NOT BACKWARDS COMPATIBLE: Changed the "flag" options to take optional arguments instead of simply assuming "true" when the option was given. Unfortunately, getopt_long() is too stupid to handle them properly, which means clustered options (e.g. -rRc) can no longer be used. They must be separated (e.g. -r -R -c). Also, arguments given with the short version must not be separated by a space (e.g. -l3). NOT BACKWARDS COMPATIBLE: Renamed the long command line option "use-syslog" to "log-level". Fixed middleman() to completely bypass all processing when TLS passthrough is active. The additional processing was buffering TLS traffic until the data contained a newline character (purely by coincidence). This buffering was preventing the passthrough from functioning properly. Thanks to Dominik Dausch for reporting this one.
2008-02-22Match change to mail/mutt: force sendmail to /usr/sbin/sendmail ongdt1-2/+9
*BSD to avoid configure picking up pkgsrc postfix sendmail path and thus bypassing mailwrapper.
2008-02-22fix whitespacegdt1-2/+2
2008-02-21On *BSD, force sendmail to be /usr/sbin/sendmail, so that thegdt1-2/+9
mailwrapper sendmail is invoked, rather than finding pkgsrc postfix's /usr/pkg/sbin/sendmail. Systems not known to use mailwrapper remain as they were, although they probably have residual similar problems. (Perhaps mailwrapper support needs to be part of pkgsrc with a mk/mailwrapper.mk to force inclusion and also set a sendmail variable.) Discussed with tron@
2008-02-21Get rid of the "gnutls" and "ssl" options and replace with ajlam4-36/+31
"courier-gnutls" option/toggle that allows using GNU TLS instead of defaulting to OpenSSL. Bump the PKGREVISION of couriertcpd, courier-imap, and courier-mta to 1.
2008-02-21Update to 5.0.gdt5-23/+29
* A "consider new mail as read" action has been added. * An optional message count has been added over the icon. * A "Play a sound when new mail arrives" option has been added. * Passwords are now stored using GNOME Keyring. * Gmail label support has been added. * Yahoo! Mail support has been added. * Windows Live Hotmail support has been added. * A number of minor issues have been fixed. * And more, see the NEWS file.
2008-02-20One second thought, just let "wide-curses" toggle whether or not we usejlam1-13/+7
wide curses or narrow curses. Cone will always need a curses library regardless, so if we're not using one, we're using the other.
2008-02-20Update mail/cone to version 0.74. Changes from version 0.73 include:jlam3-15/+47
+ Add full DESTDIR support. + New "gnutls" option to select between using GNU TLS and OpenSSL. Default to "ssl". + New "wide-curses" option to select between curses and wide-curses displays. Default to "curses". * Add/fix GNU TLS support in cone.
2008-02-20Needs ncurses (for termattrs()). Fix some pkglint warnings while here.wiz2-3/+6
2008-02-19Update to 4.8.0. From the changelog:schmonz2-6/+6
* better diagnostic when user invalidly supplies timeout configuration parameter for an IMAP-SSL retriever. Thanks: Dennis S. * code cleanups
2008-02-19Update to 2.1.7adrianp2-6/+6
The Turba Contact Manager versions H3 (2.2-RC3) and H3 (2.1.7) have been released. These are security releases that fix unchecked access to contacts in the same SQL table, if the unique key of another user's contact can be guessed. All users are encouraged to upgrade to this version.
2008-02-19Add commented-out LICENSE=public-domain. Nudged by gdt@.schmonz1-1/+2