postfix-policyd-spf-perl is an RFC-4408-compliant SPF policy service for

postfix written in Perl. WWW: http://www.openspf.org/Software/ PR: ports/131000 Submitted by: Darren Pilgrim <ports.maintainer at evilphi.com>
svn path=/head/; revision=226945
2009-01-27 05:39:46 +00:00 · 2009-01-27 05:39:46 +00:00 · ddab3358cd · 2021-03-31 03:12:20 +00:00
commit ddab3358cd
parent 3f65f803c1
7 changed files with 172 additions and 0 deletions
--- a/mail/Makefile
+++ b/mail/Makefile
@ -479,6 +479,7 @@
    SUBDIR += postfix-gps-devel
    SUBDIR += postfix-policyd-sf
    SUBDIR += postfix-policyd-spf
+    SUBDIR += postfix-policyd-spf-perl
    SUBDIR += postfix-policyd-weight
    SUBDIR += postfix-postfwd
    SUBDIR += postfix1
--- a/mail/postfix-policyd-spf-perl/Makefile
+++ b/mail/postfix-policyd-spf-perl/Makefile
@ -0,0 +1,53 @@
+# New ports collection makefile for:	postfix-policyd-spf-perl
+# Date created:				2008-01-25
+# Whom:					Darren Pilgrim <ports.maintainer@evilphi.com>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	postfix-policyd-spf-perl
+PORTVERSION=	2.007
+CATEGORIES=	mail
+MASTER_SITES=	http://www.openspf.org/blobs/
+
+MAINTAINER=	ports.maintainer@evilphi.com
+COMMENT=	SPF policy service for Postfix written in Perl
+
+RUN_DEPENDS=	${SITE_PERL}/Mail/SPF.pm:${PORTSDIR}/mail/p5-Mail-SPF \
+		p5-NetAddr-IP>=4:${PORTSDIR}/net-mgmt/p5-NetAddr-IP \
+		${SITE_PERL}/${PERL_ARCH}/version.pm:${PORTSDIR}/devel/p5-version
+
+USE_PERL5_RUN=	5.6.0+
+NO_BUILD=	yes
+
+PLIST_FILES=	sbin/postfix-policyd-spf-perl
+
+SUB_LIST=	PREFIX=${PREFIX}
+SUB_FILES=	pkg-message
+
+SPF_FAIL?=	550
+SPF_TEMPERROR?=	DEFER_IF_PERMIT
+REINPLACE=	s/%%SPF_FAIL%%/${SPF_FAIL}/g;\
+		s/%%SPF_TEMPERROR%%/${SPF_TEMPERROR}/g;
+
+pre-patch:
+	@${ECHO_MSG} ""
+	@${ECHO_MSG} "You can change the actions returned by the server by setting the following"
+	@${ECHO_MSG} "environment variables:"
+	@${ECHO_MSG} ""
+	@${ECHO_MSG} "  SPF_FAIL      - Used when the SPF record(s) determine client is not"
+	@${ECHO_MSG} "                  authorized.  Default: 550"
+	@${ECHO_MSG} "  SPF_TEMPERROR - Used when the SPF check itself fails due to a transient"
+	@${ECHO_MSG} "                  error (i.e. DNS timeout).  Default: DEFER_IF_PERMIT"
+	@${ECHO_MSG} ""
+
+post-patch:
+	@${REINPLACE_CMD} -e '${REINPLACE}' ${WRKSRC}/postfix-policyd-spf-perl
+
+do-install:
+	@${INSTALL_SCRIPT} ${WRKSRC}/postfix-policyd-spf-perl ${PREFIX}/sbin
+
+post-install:
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>
--- a/mail/postfix-policyd-spf-perl/Makefile~
+++ b/mail/postfix-policyd-spf-perl/Makefile~
@ -0,0 +1,53 @@
+# New ports collection makefile for:	postfix-policyd-spf-perl
+# Date created:				2008-01-25
+# Whom:					Darren Pilgrim <ports.maintainer@evilphi.com>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	postfix-policyd-spf-perl
+PORTVERSION=	2.007
+CATEGORIES=	mail
+MASTER_SITES=	http://www.openspf.org/blobs/
+
+MAINTAINER=	ports.maintainer@evilphi.com
+COMMENT=	SPF policy service for Postfix written in Perl
+
+RUN_DEPENDS=	${SITE_PERL}/Mail/SPF.pm:${PORTSDIR}/p5-Mail-SPF \
+		p5-NetAddr-IP>=4:${PORTSDIR}/net-mgmt/p5-NetAddr-IP \
+		${SITE_PERL}/${PERL_ARCH}/version.pm:${PORTSDIR}/devel/p5-version
+
+USE_PERL5_RUN=	5.6.0+
+NO_BUILD=	yes
+
+PLIST_FILES=	sbin/postfix-policyd-spf-perl
+
+SUB_LIST=	PREFIX=${PREFIX}
+SUB_FILES=	pkg-message
+
+SPF_FAIL?=	550
+SPF_TEMPERROR?=	DEFER_IF_PERMIT
+REINPLACE=	s/%%SPF_FAIL%%/${SPF_FAIL}/g;\
+		s/%%SPF_TEMPERROR%%/${SPF_TEMPERROR}/g;
+
+pre-patch:
+	@${ECHO_MSG} ""
+	@${ECHO_MSG} "You can change the actions returned by the server by setting the following"
+	@${ECHO_MSG} "environment variables:"
+	@${ECHO_MSG} ""
+	@${ECHO_MSG} "  SPF_FAIL      - Used when the SPF record(s) determine client is not"
+	@${ECHO_MSG} "                  authorized.  Default: 550"
+	@${ECHO_MSG} "  SPF_TEMPERROR - Used when the SPF check itself fails due to a transient"
+	@${ECHO_MSG} "                  error (i.e. DNS timeout).  Default: DEFER_IF_PERMIT"
+	@${ECHO_MSG} ""
+
+post-patch:
+	@${REINPLACE_CMD} -e '${REINPLACE}' ${WRKSRC}/postfix-policyd-spf-perl
+
+do-install:
+	@${INSTALL_SCRIPT} ${WRKSRC}/postfix-policyd-spf-perl ${PREFIX}/sbin
+
+post-install:
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>
--- a/mail/postfix-policyd-spf-perl/distinfo
+++ b/mail/postfix-policyd-spf-perl/distinfo
@ -0,0 +1,3 @@
+MD5 (postfix-policyd-spf-perl-2.007.tar.gz) = 69b501012907236fd39975eadf29848a
+SHA256 (postfix-policyd-spf-perl-2.007.tar.gz) = 5137b03d9b6009684fe432451acb25db5513d7e9f69ccd218279d81d152a8cd3
+SIZE (postfix-policyd-spf-perl-2.007.tar.gz) = 13460
--- a/mail/postfix-policyd-spf-perl/files/patch-postfix-policyd-spf-perl
+++ b/mail/postfix-policyd-spf-perl/files/patch-postfix-policyd-spf-perl
@ -0,0 +1,32 @@
+--- postfix-policyd-spf-perl.orig	2008-07-25 19:35:01.000000000 -0700
+++ postfix-policyd-spf-perl	2009-01-25 16:46:38.991336330 -0800
+@@ -263,14 +263,14 @@
+             info => "%s: SPF %s: HELO/EHLO: %s",
+             $attr->{queue_id}, $helo_result, $attr->{helo_name}
+         );
+-        return "550 $helo_authority_exp";
+        return "%%SPF_FAIL%% $helo_authority_exp";
+     }
+     elsif ($helo_result->is_code('temperror')) {
+         syslog(
+             info => "%s: SPF %s: HELO/EHLO: %s",
+             $attr->{queue_id}, $helo_result, $attr->{helo_name}
+         );
+-        return "DEFER_IF_PERMIT SPF-Result=$helo_local_exp";
+        return "%%SPF_TEMPERROR%% SPF-Result=$helo_local_exp";
+     }
+     elsif ($attr->{sender} eq '') {
+         syslog(
+@@ -334,10 +334,10 @@
+         $attr->{queue_id}, $mfrom_result, $attr->{sender}
+     );
+     if ($mfrom_result->is_code('fail')) {
+-        return "550 $mfrom_authority_exp";
+        return "%%SPF_FAIL%% $mfrom_authority_exp";
+     }
+     elsif ($mfrom_result->is_code('temperror')) {
+-        return "DEFER_IF_PERMIT SPF-Result=$mfrom_local_exp";
+        return "%%SPF_TEMPERROR%% SPF-Result=$mfrom_local_exp";
+     }
+     else {
+         return "PREPEND $mfrom_spf_header"
--- a/mail/postfix-policyd-spf-perl/files/pkg-message.in
+++ b/mail/postfix-policyd-spf-perl/files/pkg-message.in
@ -0,0 +1,26 @@
+The service is not enabled by default.  Enable it by doing the following:
+
+1. Add the following to /etc/postfix/master.cf:
+
+	spf-policy unix -       n       n       -       0       spawn
+	  user=nobody argv=%%PREFIX%%/sbin/postfix-policyd-spf-perl
+
+   The user nobody is fine if you have no other daemons running as nobody.
+   Otherwise, you should use a dedicated user and group for this policy
+   service.
+
+2. Add "spf-policy_time_limit = 3600" to main.cf.
+
+3. Configure the Postfix policy service in %%PREFIX%%/etc/postfix/main.cf:
+
+	smtpd_recipient_restrictions =
+		...
+		reject_unauth_destination
+		...
+		check_policy_service unix:private/spf-policy
+		...
+
+   NOTE: Specify check_policy_service AFTER reject_unauth_destination or your
+   system may become an open relay.
+
+4. Restart Postfix.
--- a/mail/postfix-policyd-spf-perl/pkg-descr
+++ b/mail/postfix-policyd-spf-perl/pkg-descr
@ -0,0 +1,4 @@
+postfix-policyd-spf-perl is an RFC-4408-compliant SPF policy service for
+postfix written in Perl.
+
+WWW: http://www.openspf.org/Software/