-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy paths-postgray.README
153 lines (130 loc) · 6.49 KB
/
s-postgray.README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
S - p o s t g r a y
===================
A postfix RFC 6647 graylisting policy server that aims in being fast
and secure. Graylisting defers message acceptance a configurable number
of times via a standardized SMTP response (see RFC 5321, access(5)),
which does not prevent message delivery from SMTP M(essage) T(ransfer)
A(gent)s, but can help against simple spam producing programs.
Please see the manual for more.
To build this software simply run "make install". At the top of the
makefile there are some variables, which may be overwritten from the
command line:
$ make DESTDIR=.xxx PREFIX=/usr LIBEXEC=sbin \
VAL_STORE_PATH=/var/lib/postgray \
VAL_MSG_DEFER="DEFER 4.2.0 Hit da road, come back (later)?" \
VAL_OS_SANDBOX=0 \
install
This will build and install the binary under [.xxx]/usr/sbin.
The default built-in path for database storage, the client/server
communication socket, as well as the server PID (and lock) file will be
/var/lib/postgray, and it should be ensured that this directory exists
and is accessible by the desired user; it must _not_ be accessible by
other users or groups, as user mask and file modes (umask(2), chmod(2))
are "not handled".
RELEASES
--------
v0.8.4, 202?-??-??:
- Change *msg-defer* default, the old one is misinterpreted by some.
- Add --focus-domain/-F mode.
- Add --copyright.
+ Linux (musl, glibc), *BSD:
As above.
+ OpenIndiana 2024:
GNU make (gmake(1); or BSD make) must be used.
v0.8.3, 2024-06-23:
- FIX: configuration reload stripped wrong flag mask.
- FIX: two timeout calculations could overflow 16-bit and cause faulty
gray DB entry timeouts thus.
- Because i liked having those, add new --gc-linger behaviour which
never outdates elder entries except due to --limit excess.
- Gray DB maintenance, when faced with the necessity to remove entries
to keep within --limit's, more less dumb (and maybe more secure).
- No longer auto-adjusts --limit when repeatedly in out-of-memory
situations, only logs.
- fix a race condition in !--untamed mode on FreeBSD and Linux.
- Stuff:
o Make it compile with C++
o Ported to Solaris (OpenIndiana)
o Coverity.com defect density 0.00:
https://scan.coverity.com/projects/s--postgray
v0.8.2, 2024-02-29:
- FIX: actually match small --allow/--block CIDR in order!
- FIX: deal with allow empty from<> aka sender= seen in automated
responses: failing them with DUNNO was suboptimal at best.
- --test-mode mentions if CIDR address/mask do not fit.
- --resource-file supports line continuation.
- fix some exit status codes which uses _ERR_ not _EX_ constants.
- Disable Linux seccomp on non-x86: each platform needs specifics, and
seccomp is de facto not needed at all in the second line, anyway.
- Linux seccomp: no need for open(2)/openat(2) in client.
- FreeBSD capsicum: used CAP1|CAP2 not CAP1,CAP2 for _rights_init().
Worked in practice though (because its implementations'
right_to_index() is identical, and then OR simply assigns it both).
v0.8.1, 2023-04-19:
* Many, many thanks to Jens Schleusener, and his cron job!
+ Add --status to query server status.
+ Server PID is now stored in the lock file (renamed to VAL_NAME.pid),
and --startup now waits for server response (like --shutdown does).
+ Add sandboxing: generic setrlimit(2) based, plus an OS-dependent
strict sandboxing that can be disabled via --untamed. (Because it may
require an additional, internally managed, logger process, and may be
incompatible to (future) C library changes (see makefile).)
(On OpenBSD configured file paths are now even fixed byte-by-byte.)
- FIX memory map return check.
- FIX possible error path crash during program startup (missing fmt arg).
- fix: add missing su_log_set_level() and make --verbose work for users!
- fix: --startup was missing short -@ equivalent.
- fix: --test-mode did not include "focus-sender", "once" and "verbose".
- fix: VAL_MSG_* could not be overwritten on make(1) command line.
- Typos: treshold->threshold. (Jens Schleusener)
- (Source code style change spaces/80 -> tab/120+, saves ~12KB; etc.)
v0.8.0, 2022-09-16:
- New --startup mode to allow it to be driven as a standalone daemon.
- INCOMPAT! The gray DB name did not adapt the makefile's VAL_NAME yet.
- Client no longer exits after five unsuccessful connection attempts.
Instead try as long as postfix is willing to let it.
- "Fixes a miss": if on server startup the socket yet existed (no
proper shutdown on last run), startup failed and the missing policy
server would cause postfix to refuse acting.
Whereas "rm -f PG-SOCKET" in a postfix-startup-script avoids this,
it was never announced to be necessary, so henceforth automatize this.
- Robustness against MFILE,NFILE,NOBUF,NOMEM in file/socket open paths.
- Fixes some oddities, and clarifies documentation.
v0.7.0, 2022-06-07:
- An iteration that fixes some oddities, and clarifies documentation.
(The example configuration is also better.)
- Bug fixes:
. -v and -p were not reset for reload, thus fixated once set.
. -b and -B were not command-line-parsed by the server, only in
--test-mode (driven by client); usage in resource-file ok, too.
- --test-mode now outputs a normalized resource file.
- New --focus-sender approach which i like better.
[I personally now use --focus-sender mode with --count=1,
--msg-allow=permit and --msg-defer='DEFER 4.2.0 blabla',
and reject_unverified_sender thereafter.]
- New --msg-{allow,block}, and --msg-defer for misnamed --defer-msg,
which is kept for compatibility.
v0.6.0, 2022-03-31: (first release)
NOTE
----
The test script *may* fail on (very, very, very) slow systems: in order
not to take too long it uses very narrow time limits, and on slow
systems errors can happen (in particular 5.9).
Other tests try to skip themselves on slow systems.
THANKS
------
People contributed by reporting problems, suggesting various
improvements, whether directly or indirectly, or submitting actual code.
Here is a list of those people. I hope the list is complete and free of
errors.
Joachim Lindenberg postfix-users at lindenberg dot one
Jens Schleusener Jens dot Schleusener at t-online dot de
Matus UHLAR - fantomas uhlar at fantomas dot sk
Coverity.com https://scan.coverity.com/projects/s--postgray
Thank you!
P.S.
----
For now the build system is rudimentary. Either it works, then
the software should, too, or it will not. This will surely change in
the future.
# s-ts-mode