mail/libspf2-10 Vulnerable, use mail/libspf2 instead
mail/postfix-policyd-spf Relies on vulnerable mail/libspf2-10
This commit is contained in:
parent
7626bb39cb
commit
de3193618a
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=281487
12 changed files with 2 additions and 284 deletions
2
MOVED
2
MOVED
|
@ -2639,3 +2639,5 @@ games/xshisen||2011-09-07|Has expired: No more public distfiles
|
|||
games/slige||2011-09-07|Has expired: No more public distfiles
|
||||
games/wmtimebomb||2011-09-07|Has expired: No more public distfiles
|
||||
net-mgmt/cfgstoragemk||2011-09-07|Has expired: No more public distfiles
|
||||
mail/libspf2-10||2011-09-09|Vulnerable, use mail/libspf2 instead
|
||||
mail/postfix-policyd-spf||2011-09-09|Relies on vulnerable mail/libspf2-10
|
||||
|
|
|
@ -233,7 +233,6 @@
|
|||
SUBDIR += libspamtest
|
||||
SUBDIR += libspf
|
||||
SUBDIR += libspf2
|
||||
SUBDIR += libspf2-10
|
||||
SUBDIR += libsrs2
|
||||
SUBDIR += libsrs_alt
|
||||
SUBDIR += libvmime
|
||||
|
@ -518,7 +517,6 @@
|
|||
SUBDIR += postfix-gps
|
||||
SUBDIR += postfix-logwatch
|
||||
SUBDIR += postfix-policyd-sf
|
||||
SUBDIR += postfix-policyd-spf
|
||||
SUBDIR += postfix-policyd-spf-perl
|
||||
SUBDIR += postfix-policyd-spf-python
|
||||
SUBDIR += postfix-policyd-weight
|
||||
|
|
|
@ -1,29 +0,0 @@
|
|||
# New ports collection makefile for: libspf2
|
||||
# Date created: 07 July 2004
|
||||
# Whom: snowchyld
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
PORTNAME= libspf2
|
||||
PORTVERSION= 1.0.4
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= mail
|
||||
MASTER_SITES= http://www.libspf2.org/%SUBDIR%/
|
||||
MASTER_SITE_SUBDIR= spf
|
||||
|
||||
MAINTAINER= mnag@FreeBSD.org
|
||||
COMMENT= Sender Rewriting Scheme 2 C Implementation
|
||||
|
||||
DEPRECATED= Vulnerable as of 2008-10-27 http://portaudit.freebsd.org/2ddbfd29-a455-11dd-a55e-00163e000016.html
|
||||
EXPIRATION_DATE= 2011-09-09
|
||||
|
||||
CONFLICTS= ${PORTNAME}-1.2.*
|
||||
|
||||
LATEST_LINK= ${PORTNAME}-${PORTVERSION:S/.//:R}
|
||||
|
||||
USE_AUTOTOOLS= libtool
|
||||
USE_LDCONFIG= yes
|
||||
GNU_CONFIGURE= yes
|
||||
|
||||
.include <bsd.port.mk>
|
|
@ -1,2 +0,0 @@
|
|||
SHA256 (libspf2-1.0.4.tar.gz) = 222803a98d1e86ac7eee9491beb5fbf30e259a3c74cd4166bda1796374c26cd1
|
||||
SIZE (libspf2-1.0.4.tar.gz) = 427613
|
|
@ -1,10 +0,0 @@
|
|||
libspf2 implements the Sender Policy Framework, a part of the SPF/SRS
|
||||
protocol pair. libspf2 is a library which allows email systems such as
|
||||
Sendmail, Postfix, Exim, Zmailer and MS Exchange to check SPF records
|
||||
and make sure that the email is authorized by the domain name that it
|
||||
is coming from. This prevents email forgery, commonly used by spammers,
|
||||
scammers and email viruses/worms.
|
||||
|
||||
WWW: http://www.libspf2.org/
|
||||
|
||||
snowchyld <mail-libsrs2-freebsd-ports@snowchyld.org>
|
|
@ -1,23 +0,0 @@
|
|||
bin/spf_example
|
||||
bin/spf_example_2mx
|
||||
bin/spf_example_2mx_static
|
||||
bin/spf_example_static
|
||||
bin/spfd
|
||||
bin/spfd_static
|
||||
bin/spfquery
|
||||
bin/spfquery_static
|
||||
bin/spftest
|
||||
bin/spftest_static
|
||||
include/spf2/spf.h
|
||||
include/spf2/spf_dns.h
|
||||
include/spf2/spf_dns_cache.h
|
||||
include/spf2/spf_dns_null.h
|
||||
include/spf2/spf_dns_resolv.h
|
||||
include/spf2/spf_dns_test.h
|
||||
include/spf2/spf_dns_zone.h
|
||||
include/spf2/spf_lib_version.h
|
||||
@dirrm include/spf2
|
||||
lib/libspf2.a
|
||||
lib/libspf2.la
|
||||
lib/libspf2.so
|
||||
lib/libspf2.so.1
|
|
@ -1,49 +0,0 @@
|
|||
# New ports collection makefile for: policyd
|
||||
# Date created: 19 Dec 2004
|
||||
# Whom: Marcus Alves Grando <mnag@FreeBSD.org>
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
PORTNAME= policyd
|
||||
PORTVERSION= 1.0.1
|
||||
PORTREVISION= 3
|
||||
CATEGORIES= mail
|
||||
MASTER_SITES= http://www.libspf2.org/patch/
|
||||
PKGNAMEPREFIX= postfix-
|
||||
PKGNAMESUFFIX= -spf
|
||||
|
||||
MAINTAINER= mnag@FreeBSD.org
|
||||
COMMENT= Implements SPF for postfix, as a policy daemon
|
||||
|
||||
DEPRECATED= Relies on libspf2-10 which is vulnerable as of 2008-10-27
|
||||
EXPIRATION_DATE= 2011-09-09
|
||||
|
||||
LIB_DEPENDS= spf2.1:${PORTSDIR}/mail/libspf2-10
|
||||
|
||||
CONFLICTS= policyd-1.*
|
||||
|
||||
CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include"
|
||||
CONFIGURE_ENV+= CFLAGS="-I${LOCALBASE}/include"
|
||||
CONFIGURE_ENV+= LDFLAGS="-L${LOCALBASE}/lib"
|
||||
GNU_CONFIGURE= yes
|
||||
|
||||
PKGMESSAGE= ${WRKDIR}/pkg-message
|
||||
SUB_FILES= pkg-message
|
||||
|
||||
PLIST_FILES= sbin/postfix-policyd-spf
|
||||
|
||||
DOCSDIR= ${PREFIX}/share/doc/${PKGNAMEPREFIX}${PORTNAME}${PKGNAMESUFFIX}
|
||||
|
||||
.if !defined(NOPORTDOCS)
|
||||
PORTDOCS= *
|
||||
.endif
|
||||
|
||||
post-install:
|
||||
.if !defined(NOPORTDOCS)
|
||||
${MKDIR} ${DOCSDIR}
|
||||
${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR}
|
||||
.endif
|
||||
@${CAT} ${PKGMESSAGE}
|
||||
|
||||
.include <bsd.port.mk>
|
|
@ -1,2 +0,0 @@
|
|||
SHA256 (policyd-1.0.1.tar.gz) = 4fc9c174144260b696c3804de01b5c1f7189f824cbcbb5bd9e80c9663d45c764
|
||||
SIZE (policyd-1.0.1.tar.gz) = 201134
|
|
@ -1,13 +0,0 @@
|
|||
--- Makefile.in.orig Mon Jun 28 13:59:26 2004
|
||||
+++ Makefile.in Mon Apr 18 11:24:56 2005
|
||||
@@ -192,8 +192,8 @@
|
||||
|| test -f $$p1 \
|
||||
; then \
|
||||
f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \
|
||||
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(sbindir)/$$f"; \
|
||||
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(sbindir)/$$f; \
|
||||
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(sbindir)/postfix-policyd-spf"; \
|
||||
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(sbindir)/postfix-policyd-spf; \
|
||||
else :; fi; \
|
||||
done
|
||||
|
|
@ -1,128 +0,0 @@
|
|||
--- policyd.c.orig 2004-07-09 06:42:25.000000000 +0900
|
||||
+++ policyd.c 2008-06-23 12:55:02.000000000 +0900
|
||||
@@ -70,12 +70,14 @@
|
||||
|
||||
#define POSTFIX_DUNNO "DUNNO"
|
||||
#define POSTFIX_REJECT "REJECT"
|
||||
+#define POSTFIX_PREPEND "PREPEND"
|
||||
|
||||
typedef
|
||||
struct _config_t {
|
||||
char *localpolicy;
|
||||
char *explanation;
|
||||
int trustedforwarder;
|
||||
+ int softfailreject;
|
||||
int debug;
|
||||
} config_t;
|
||||
|
||||
@@ -106,6 +108,7 @@
|
||||
static const struct option longopts[] = {
|
||||
{ "localpolicy", required_argument, NULL, 'l', },
|
||||
{ "trustedforwarder", no_argument, NULL, 't', },
|
||||
+ { "softfailreject", no_argument, NULL, 's', },
|
||||
{ "explanation", required_argument, NULL, 'x', },
|
||||
{ "debug", optional_argument, NULL, 'd', },
|
||||
{ "help", no_argument, NULL, 'h', },
|
||||
@@ -119,7 +122,7 @@
|
||||
#else
|
||||
#define DOC_LONGOPT(l, v, t, p1) do { } while(0)
|
||||
#endif
|
||||
-static const char *shortopts = "a:h";
|
||||
+static const char *shortopts = "l:x:d:tsh";
|
||||
|
||||
#define DOC_OPT(s, l, v, t, p0, p1) do { \
|
||||
fprintf(stderr, " -%c%c%s%*s" t "\n", \
|
||||
@@ -137,10 +140,12 @@
|
||||
"Set the SPF local policy.", 21, 10);
|
||||
DOC_OPT('t', "trustedforwarder", NULL,
|
||||
"Use the trusted-forwarder.com whitelist.", 29, 13);
|
||||
+ DOC_OPT('s', "softfailreject", NULL,
|
||||
+ "Reject SOFTFAIL.", 29, 15);
|
||||
DOC_OPT('x', "explanation", "<explanation>",
|
||||
"Set the SPF explanation.", 16, 5);
|
||||
- DOC_OPT('d', "debug", "[<level>]",
|
||||
- "Set the debug level.", 20, 15);
|
||||
+ DOC_OPT('d', "debug", "<level>",
|
||||
+ "Set the debug level.", 22, 17);
|
||||
DOC_OPT('h', "help", NULL,
|
||||
"Display this help.", 29, 25);
|
||||
}
|
||||
@@ -249,7 +254,7 @@
|
||||
}
|
||||
|
||||
static void
|
||||
-process_request(request_t *req)
|
||||
+process_request(request_t *req, config_t *conf)
|
||||
{
|
||||
SPF_output_t output;
|
||||
|
||||
@@ -268,7 +273,7 @@
|
||||
|
||||
switch (output.result) {
|
||||
case SPF_RESULT_PASS:
|
||||
- strcpy(req->result, POSTFIX_DUNNO);
|
||||
+ snprintf(req->result, RESULTSIZE, POSTFIX_PREPEND " %s", output.received_spf);
|
||||
break;
|
||||
case SPF_RESULT_FAIL:
|
||||
snprintf(req->result, RESULTSIZE,
|
||||
@@ -287,11 +292,21 @@
|
||||
: ""));
|
||||
break;
|
||||
case SPF_RESULT_SOFTFAIL:
|
||||
+ if (conf->softfailreject == 1) {
|
||||
+ snprintf(req->result, RESULTSIZE,
|
||||
+ POSTFIX_REJECT " %s",
|
||||
+ (output.smtp_comment
|
||||
+ ? output.smtp_comment
|
||||
+ : (output.header_comment
|
||||
+ ? output.header_comment
|
||||
+ : "")));
|
||||
+ break;
|
||||
+ }
|
||||
case SPF_RESULT_NEUTRAL:
|
||||
case SPF_RESULT_UNKNOWN:
|
||||
case SPF_RESULT_NONE:
|
||||
default:
|
||||
- strcpy(req->result, POSTFIX_DUNNO);
|
||||
+ snprintf(req->result, RESULTSIZE, POSTFIX_PREPEND " %s", output.received_spf);
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -315,6 +330,11 @@
|
||||
argv0 = argv[0];
|
||||
|
||||
|
||||
+ config.localpolicy = NULL;
|
||||
+ config.explanation = NULL;
|
||||
+ config.trustedforwarder = 0;
|
||||
+ config.softfailreject = 0;
|
||||
+ config.debug = 0;
|
||||
while ((c =
|
||||
#ifdef HAVE_GETOPT_LONG
|
||||
getopt_long(argc, argv, shortopts, longopts, &idx)
|
||||
@@ -329,12 +349,15 @@
|
||||
case 't':
|
||||
config.trustedforwarder = 1;
|
||||
break;
|
||||
+ case 's':
|
||||
+ config.softfailreject = 1;
|
||||
+ break;
|
||||
case 'x':
|
||||
config.explanation = optarg;
|
||||
break;
|
||||
case 'd':
|
||||
if (optarg)
|
||||
- config.debug = atol(optarg);
|
||||
+ config.debug = atoi(optarg);
|
||||
else
|
||||
config.debug = 1;
|
||||
break;
|
||||
@@ -366,7 +389,7 @@
|
||||
CHECK(req.client_ip, "client_address")
|
||||
else CHECK(req.sender_address, "sender")
|
||||
else CHECK(req.helo_address, "helo_name")
|
||||
- else process_request(&req);
|
||||
+ else process_request(&req, &config);
|
||||
|
||||
req.result[RESULTSIZE - 1] = '\0';
|
||||
printf("action=%s\n\n", req.result);
|
|
@ -1,19 +0,0 @@
|
|||
***
|
||||
*** NOTE: Now %%PREFIX%%/sbin/policyd has renamed to %%PREFIX%%/sbin/postfix-policyd-spf
|
||||
***
|
||||
|
||||
To run this from %%PREFIX%%/etc/postfix/master.cf:
|
||||
|
||||
policy unix - n n - - spawn
|
||||
user=nobody argv=%%PREFIX%%/sbin/postfix-policyd-spf
|
||||
|
||||
To use this from Postfix SMTPD, use in %%PREFIX%%/etc/postfix/main.cf:
|
||||
|
||||
smtpd_recipient_restrictions = ...
|
||||
reject_unknown_sender_domain
|
||||
reject_unauth_destination
|
||||
check_policy_service unix:private/policy
|
||||
...
|
||||
|
||||
NOTE: specify check_policy_service AFTER reject_unauth_destination
|
||||
or else your system can become an open relay.
|
|
@ -1,7 +0,0 @@
|
|||
This is a C port of Meng Wong's policyd for Postfix. The original
|
||||
code is available from http://spf.pobox.com/postfix-policyd.txt.
|
||||
It implements SPF for postfix, as a policy daemon.
|
||||
|
||||
WWW: http://www.libspf2.org/
|
||||
|
||||
Marcus Alves Grando <mnag@FreeBSD.org>
|
Loading…
Reference in a new issue