pkgsrc/mail/policyd-weight/Makefile

# $NetBSD: Makefile,v 1.3 2008/03/31 20:50:11 tnn Exp $
#

DISTNAME=		policyd-weight-0.1.14.17
CATEGORIES=		mail
MASTER_SITES=		http://www.policyd-weight.org/releases/

MAINTAINER=		bartosz.kuzma@gmail.com
HOMEPAGE=		http://www.policyd-weight.org/
COMMENT=		Weighted policy daemon for postfix

DEPENDS+=		p5-Net-DNS>=0.58:../../net/p5-Net-DNS

PKG_DESTDIR_SUPPORT=	user-destdir

USE_TOOLS+=		perl:run
USE_LANGUAGES=		# none
REPLACE_PERL+=		policyd-weight

BUILD_DEFS+=		VARBASE

POLICYD_WEIGHT_USER?=	polw
POLICYD_WEIGHT_GROUP?=	polw

BUILD_DEFS+=		POLICYD_WEIGHT_GROUP POLICYD_WEIGHT_USER
FILES_SUBST+=		POLICYD_WEIGHT_GROUP=${POLICYD_WEIGHT_GROUP:Q}
FILES_SUBST+=		POLICYD_WEIGHT_USER=${POLICYD_WEIGHT_USER:Q}

PKG_GROUPS=		${POLICYD_WEIGHT_GROUP}
PKG_USERS=		${POLICYD_WEIGHT_USER}:${POLICYD_WEIGHT_GROUP}
PKG_GECOS.${POLICYD_WEIGHT_USER}=	Policyd-weight User

DOCDIR=			${PREFIX}/share/doc/policyd-weight
EGDIR=			${PREFIX}/share/examples/policyd-weight
CONF_FILES=		${EGDIR}/policyd-weight.conf \
			${PKG_SYSCONFDIR}/policyd-weight.conf
RCD_SCRIPTS=		policyd_weight

SUBST_CLASSES+=		fix-paths
SUBST_STAGE.fix-paths=	post-build
SUBST_FILES.fix-paths=	policyd-weight policyd-weight.conf.sample
SUBST_SED.fix-paths=	-e 's,"/var/run/,"${VARBASE}/run/,g'
SUBST_SED.fix-paths+=	-e 's,"/etc/policyd-weight.conf","${PKG_SYSCONFDIR}/policyd-weight.conf",g'
SUBST_SED.fix-paths+=	-e 's,"polw";,"${POLICYD_WEIGHT_USER}";,g'

do-build:		replace-interpreter

do-install:
	${INSTALL_PROGRAM_DIR} ${DESTDIR}${PREFIX}/sbin
	${INSTALL_SCRIPT} ${WRKSRC}/policyd-weight ${DESTDIR}${PREFIX}/sbin
	${INSTALL_DATA_DIR} ${DESTDIR}${DOCDIR}
	${INSTALL_DATA} ${WRKSRC}/changes.txt ${DESTDIR}${DOCDIR}
	${INSTALL_DATA} ${WRKSRC}/documentation.txt ${DESTDIR}${DOCDIR}
	${INSTALL_DATA_DIR} ${DESTDIR}${EGDIR}
	${INSTALL_DATA} ${WRKSRC}/policyd-weight.conf.sample \
		${DESTDIR}${EGDIR}/policyd-weight.conf

.include "../../mk/bsd.pkg.mk"
Maintainer update from PR pkg/38349, containing security fixes. While here, fix a minor DESTDIR botch. 0.1.14 beta-17 - (security) Using File::Spec->canonpath for normalization (trailing slashes) Check ownership of real directories to avoid race attacks for symlinks. Thanks to Robert Buchholz. 0.1.14 beta-16 (not released) - (security) The check for symlinked directories was half complete. perl ignores -l if the argument has a trailung slash. Thanks to Andrej Kacian. 0.1.14 beta-15 - (security) $LOCKPATH and its contents weren't checked for being a symlink which. Thanks to Chris Howells and Andrej Kacian. - (fix) "dedicated" added to the exclusion list for dialup checks. A better approach would be to let the user configure dialup and exclude patterns. 0.1.14 beta-14 - (change) rbls.org link changed to robtext.com - (change) results with 'rc:' as action are not cached - (fix) regexp check for dynamic helo/client did hit also some clients with "static" - (fix) helo numeric check was too fuzzy. - (fix) master didn't read config after policyd-weight reload - (fix) HELO_SEEMS_DIALUP may have scored even if the IP is listed for the sender domain. - (fix) An interrupt of policyd-weight -s may cause a SIGPIPE which killed the cache - (change) Implemented $NS list. Useful for users with split horizon DNS - (fix) don't cache rejections which were deferred (4xx and friends) - (fix) helo_numeric_score didn't catch [n.n.n.n] helos - (fix) Header was not included if $dnsbl_checks_only = 1; and $ADD_X_HEADER = 1; - Thanks to J. Genannt - (fix) Corrected handling of [n.n.n.n] HELOs and address-literals as sender (long standing issue) - (change) Introduced @dnsbl_checks_only_regexps in order to skip DNS checks for certain client hostnames - (change) Added -D (Don't detach) switch for daemon-tools/runit users - (change) Added signals handlers for most of signals so that they are at least logged, also, provide a perl backtrace. - (change) prerequisite steps for providing coredumps (build coredump directories, chdir) - coredumps are non-trivial: we start as root, change uid. At this moment coredumps are denied by kernel in order to protect root-data. The only workaround would be, to start cache and master via system() after changing uid - (change) In daemon mode wrongly crafted policy requests don't lead to a child-exit anymore, only the connection is closed - (change) log-facilities other than 'info' are now mentioned in log-lines - (change) SMTP information such as client, helo, sender and to are now logged in each log-message. If $DEBUG is set this also logs the instance variable. - (fix) rbl_lookup used sometimes 65536 as packet id which appeared to cause problems - (fix) Check for syslog absence. If syslog is not available then log temporarily to $LOCKPATH/polw-emergency.log - (tmpfix) Introduced $TRY_BALANCE which closes connections to smtpds after they got their response in order to avoid too many established smtpd->policyd-weight (child) connections. 2008-03-31 22:50:11 +02:00			`# $NetBSD: Makefile,v 1.3 2008/03/31 20:50:11 tnn Exp $`
Initial import of policyd-weight-0.1.14.5, packaged by bartosz at atom.eu.org via pkgsrc-wip. policyd-weight is a Perl policy daemon for the Postfix MTA (2.1 and later) intended to eliminate forged envelope senders and HELOs (i.e. in bogus mails). It allows you to score DNSBLs (RBL/RHSBL), HELO, MAIL FROM and client IP addresses before any queuing is done. It allows you to REJECT messages which have a score higher than allowed, providing improved blocking of spam and virus mails. policyd-weight caches the most frequent client/sender combinations (SPAM as well as HAM) to reduce the number of DNS queries. 2007-07-06 15:49:46 +02:00			`#`

Maintainer update from PR pkg/38349, containing security fixes. While here, fix a minor DESTDIR botch. 0.1.14 beta-17 - (security) Using File::Spec->canonpath for normalization (trailing slashes) Check ownership of real directories to avoid race attacks for symlinks. Thanks to Robert Buchholz. 0.1.14 beta-16 (not released) - (security) The check for symlinked directories was half complete. perl ignores -l if the argument has a trailung slash. Thanks to Andrej Kacian. 0.1.14 beta-15 - (security) $LOCKPATH and its contents weren't checked for being a symlink which. Thanks to Chris Howells and Andrej Kacian. - (fix) "dedicated" added to the exclusion list for dialup checks. A better approach would be to let the user configure dialup and exclude patterns. 0.1.14 beta-14 - (change) rbls.org link changed to robtext.com - (change) results with 'rc:' as action are not cached - (fix) regexp check for dynamic helo/client did hit also some clients with "static" - (fix) helo numeric check was too fuzzy. - (fix) master didn't read config after policyd-weight reload - (fix) HELO_SEEMS_DIALUP may have scored even if the IP is listed for the sender domain. - (fix) An interrupt of policyd-weight -s may cause a SIGPIPE which killed the cache - (change) Implemented $NS list. Useful for users with split horizon DNS - (fix) don't cache rejections which were deferred (4xx and friends) - (fix) helo_numeric_score didn't catch [n.n.n.n] helos - (fix) Header was not included if $dnsbl_checks_only = 1; and $ADD_X_HEADER = 1; - Thanks to J. Genannt - (fix) Corrected handling of [n.n.n.n] HELOs and address-literals as sender (long standing issue) - (change) Introduced @dnsbl_checks_only_regexps in order to skip DNS checks for certain client hostnames - (change) Added -D (Don't detach) switch for daemon-tools/runit users - (change) Added signals handlers for most of signals so that they are at least logged, also, provide a perl backtrace. - (change) prerequisite steps for providing coredumps (build coredump directories, chdir) - coredumps are non-trivial: we start as root, change uid. At this moment coredumps are denied by kernel in order to protect root-data. The only workaround would be, to start cache and master via system() after changing uid - (change) In daemon mode wrongly crafted policy requests don't lead to a child-exit anymore, only the connection is closed - (change) log-facilities other than 'info' are now mentioned in log-lines - (change) SMTP information such as client, helo, sender and to are now logged in each log-message. If $DEBUG is set this also logs the instance variable. - (fix) rbl_lookup used sometimes 65536 as packet id which appeared to cause problems - (fix) Check for syslog absence. If syslog is not available then log temporarily to $LOCKPATH/polw-emergency.log - (tmpfix) Introduced $TRY_BALANCE which closes connections to smtpds after they got their response in order to avoid too many established smtpd->policyd-weight (child) connections. 2008-03-31 22:50:11 +02:00			`DISTNAME= policyd-weight-0.1.14.17`
Initial import of policyd-weight-0.1.14.5, packaged by bartosz at atom.eu.org via pkgsrc-wip. policyd-weight is a Perl policy daemon for the Postfix MTA (2.1 and later) intended to eliminate forged envelope senders and HELOs (i.e. in bogus mails). It allows you to score DNSBLs (RBL/RHSBL), HELO, MAIL FROM and client IP addresses before any queuing is done. It allows you to REJECT messages which have a score higher than allowed, providing improved blocking of spam and virus mails. policyd-weight caches the most frequent client/sender combinations (SPAM as well as HAM) to reduce the number of DNS queries. 2007-07-06 15:49:46 +02:00			`CATEGORIES= mail`
			`MASTER_SITES= http://www.policyd-weight.org/releases/`

Maintainer update from PR pkg/38349, containing security fixes. While here, fix a minor DESTDIR botch. 0.1.14 beta-17 - (security) Using File::Spec->canonpath for normalization (trailing slashes) Check ownership of real directories to avoid race attacks for symlinks. Thanks to Robert Buchholz. 0.1.14 beta-16 (not released) - (security) The check for symlinked directories was half complete. perl ignores -l if the argument has a trailung slash. Thanks to Andrej Kacian. 0.1.14 beta-15 - (security) $LOCKPATH and its contents weren't checked for being a symlink which. Thanks to Chris Howells and Andrej Kacian. - (fix) "dedicated" added to the exclusion list for dialup checks. A better approach would be to let the user configure dialup and exclude patterns. 0.1.14 beta-14 - (change) rbls.org link changed to robtext.com - (change) results with 'rc:' as action are not cached - (fix) regexp check for dynamic helo/client did hit also some clients with "static" - (fix) helo numeric check was too fuzzy. - (fix) master didn't read config after policyd-weight reload - (fix) HELO_SEEMS_DIALUP may have scored even if the IP is listed for the sender domain. - (fix) An interrupt of policyd-weight -s may cause a SIGPIPE which killed the cache - (change) Implemented $NS list. Useful for users with split horizon DNS - (fix) don't cache rejections which were deferred (4xx and friends) - (fix) helo_numeric_score didn't catch [n.n.n.n] helos - (fix) Header was not included if $dnsbl_checks_only = 1; and $ADD_X_HEADER = 1; - Thanks to J. Genannt - (fix) Corrected handling of [n.n.n.n] HELOs and address-literals as sender (long standing issue) - (change) Introduced @dnsbl_checks_only_regexps in order to skip DNS checks for certain client hostnames - (change) Added -D (Don't detach) switch for daemon-tools/runit users - (change) Added signals handlers for most of signals so that they are at least logged, also, provide a perl backtrace. - (change) prerequisite steps for providing coredumps (build coredump directories, chdir) - coredumps are non-trivial: we start as root, change uid. At this moment coredumps are denied by kernel in order to protect root-data. The only workaround would be, to start cache and master via system() after changing uid - (change) In daemon mode wrongly crafted policy requests don't lead to a child-exit anymore, only the connection is closed - (change) log-facilities other than 'info' are now mentioned in log-lines - (change) SMTP information such as client, helo, sender and to are now logged in each log-message. If $DEBUG is set this also logs the instance variable. - (fix) rbl_lookup used sometimes 65536 as packet id which appeared to cause problems - (fix) Check for syslog absence. If syslog is not available then log temporarily to $LOCKPATH/polw-emergency.log - (tmpfix) Introduced $TRY_BALANCE which closes connections to smtpds after they got their response in order to avoid too many established smtpd->policyd-weight (child) connections. 2008-03-31 22:50:11 +02:00			`MAINTAINER= bartosz.kuzma@gmail.com`
Initial import of policyd-weight-0.1.14.5, packaged by bartosz at atom.eu.org via pkgsrc-wip. policyd-weight is a Perl policy daemon for the Postfix MTA (2.1 and later) intended to eliminate forged envelope senders and HELOs (i.e. in bogus mails). It allows you to score DNSBLs (RBL/RHSBL), HELO, MAIL FROM and client IP addresses before any queuing is done. It allows you to REJECT messages which have a score higher than allowed, providing improved blocking of spam and virus mails. policyd-weight caches the most frequent client/sender combinations (SPAM as well as HAM) to reduce the number of DNS queries. 2007-07-06 15:49:46 +02:00			`HOMEPAGE= http://www.policyd-weight.org/`
			`COMMENT= Weighted policy daemon for postfix`

			`DEPENDS+= p5-Net-DNS>=0.58:../../net/p5-Net-DNS`

Mechanical changes to add DESTDIR support to packages that install their files via a custom do-install target. 2008-03-04 18:57:17 +01:00			`PKG_DESTDIR_SUPPORT= user-destdir`

Initial import of policyd-weight-0.1.14.5, packaged by bartosz at atom.eu.org via pkgsrc-wip. policyd-weight is a Perl policy daemon for the Postfix MTA (2.1 and later) intended to eliminate forged envelope senders and HELOs (i.e. in bogus mails). It allows you to score DNSBLs (RBL/RHSBL), HELO, MAIL FROM and client IP addresses before any queuing is done. It allows you to REJECT messages which have a score higher than allowed, providing improved blocking of spam and virus mails. policyd-weight caches the most frequent client/sender combinations (SPAM as well as HAM) to reduce the number of DNS queries. 2007-07-06 15:49:46 +02:00			`USE_TOOLS+= perl:run`
			`USE_LANGUAGES= # none`
			`REPLACE_PERL+= policyd-weight`

			`BUILD_DEFS+= VARBASE`

			`POLICYD_WEIGHT_USER?= polw`
			`POLICYD_WEIGHT_GROUP?= polw`

			`BUILD_DEFS+= POLICYD_WEIGHT_GROUP POLICYD_WEIGHT_USER`
			`FILES_SUBST+= POLICYD_WEIGHT_GROUP=${POLICYD_WEIGHT_GROUP:Q}`
			`FILES_SUBST+= POLICYD_WEIGHT_USER=${POLICYD_WEIGHT_USER:Q}`

			`PKG_GROUPS= ${POLICYD_WEIGHT_GROUP}`
			`PKG_USERS= ${POLICYD_WEIGHT_USER}:${POLICYD_WEIGHT_GROUP}`
			`PKG_GECOS.${POLICYD_WEIGHT_USER}= Policyd-weight User`

			`DOCDIR= ${PREFIX}/share/doc/policyd-weight`
			`EGDIR= ${PREFIX}/share/examples/policyd-weight`
			`CONF_FILES= ${EGDIR}/policyd-weight.conf \`
			`${PKG_SYSCONFDIR}/policyd-weight.conf`
			`RCD_SCRIPTS= policyd_weight`

			`SUBST_CLASSES+= fix-paths`
			`SUBST_STAGE.fix-paths= post-build`
			`SUBST_FILES.fix-paths= policyd-weight policyd-weight.conf.sample`
			`SUBST_SED.fix-paths= -e 's,"/var/run/,"${VARBASE}/run/,g'`
			`SUBST_SED.fix-paths+= -e 's,"/etc/policyd-weight.conf","${PKG_SYSCONFDIR}/policyd-weight.conf",g'`
			`SUBST_SED.fix-paths+= -e 's,"polw";,"${POLICYD_WEIGHT_USER}";,g'`

			`do-build: replace-interpreter`

			`do-install:`
Maintainer update from PR pkg/38349, containing security fixes. While here, fix a minor DESTDIR botch. 0.1.14 beta-17 - (security) Using File::Spec->canonpath for normalization (trailing slashes) Check ownership of real directories to avoid race attacks for symlinks. Thanks to Robert Buchholz. 0.1.14 beta-16 (not released) - (security) The check for symlinked directories was half complete. perl ignores -l if the argument has a trailung slash. Thanks to Andrej Kacian. 0.1.14 beta-15 - (security) $LOCKPATH and its contents weren't checked for being a symlink which. Thanks to Chris Howells and Andrej Kacian. - (fix) "dedicated" added to the exclusion list for dialup checks. A better approach would be to let the user configure dialup and exclude patterns. 0.1.14 beta-14 - (change) rbls.org link changed to robtext.com - (change) results with 'rc:' as action are not cached - (fix) regexp check for dynamic helo/client did hit also some clients with "static" - (fix) helo numeric check was too fuzzy. - (fix) master didn't read config after policyd-weight reload - (fix) HELO_SEEMS_DIALUP may have scored even if the IP is listed for the sender domain. - (fix) An interrupt of policyd-weight -s may cause a SIGPIPE which killed the cache - (change) Implemented $NS list. Useful for users with split horizon DNS - (fix) don't cache rejections which were deferred (4xx and friends) - (fix) helo_numeric_score didn't catch [n.n.n.n] helos - (fix) Header was not included if $dnsbl_checks_only = 1; and $ADD_X_HEADER = 1; - Thanks to J. Genannt - (fix) Corrected handling of [n.n.n.n] HELOs and address-literals as sender (long standing issue) - (change) Introduced @dnsbl_checks_only_regexps in order to skip DNS checks for certain client hostnames - (change) Added -D (Don't detach) switch for daemon-tools/runit users - (change) Added signals handlers for most of signals so that they are at least logged, also, provide a perl backtrace. - (change) prerequisite steps for providing coredumps (build coredump directories, chdir) - coredumps are non-trivial: we start as root, change uid. At this moment coredumps are denied by kernel in order to protect root-data. The only workaround would be, to start cache and master via system() after changing uid - (change) In daemon mode wrongly crafted policy requests don't lead to a child-exit anymore, only the connection is closed - (change) log-facilities other than 'info' are now mentioned in log-lines - (change) SMTP information such as client, helo, sender and to are now logged in each log-message. If $DEBUG is set this also logs the instance variable. - (fix) rbl_lookup used sometimes 65536 as packet id which appeared to cause problems - (fix) Check for syslog absence. If syslog is not available then log temporarily to $LOCKPATH/polw-emergency.log - (tmpfix) Introduced $TRY_BALANCE which closes connections to smtpds after they got their response in order to avoid too many established smtpd->policyd-weight (child) connections. 2008-03-31 22:50:11 +02:00			`${INSTALL_PROGRAM_DIR} ${DESTDIR}${PREFIX}/sbin`
Mechanical changes to add DESTDIR support to packages that install their files via a custom do-install target. 2008-03-04 18:57:17 +01:00			`${INSTALL_SCRIPT} ${WRKSRC}/policyd-weight ${DESTDIR}${PREFIX}/sbin`
			`${INSTALL_DATA_DIR} ${DESTDIR}${DOCDIR}`
			`${INSTALL_DATA} ${WRKSRC}/changes.txt ${DESTDIR}${DOCDIR}`
			`${INSTALL_DATA} ${WRKSRC}/documentation.txt ${DESTDIR}${DOCDIR}`
			`${INSTALL_DATA_DIR} ${DESTDIR}${EGDIR}`
Initial import of policyd-weight-0.1.14.5, packaged by bartosz at atom.eu.org via pkgsrc-wip. policyd-weight is a Perl policy daemon for the Postfix MTA (2.1 and later) intended to eliminate forged envelope senders and HELOs (i.e. in bogus mails). It allows you to score DNSBLs (RBL/RHSBL), HELO, MAIL FROM and client IP addresses before any queuing is done. It allows you to REJECT messages which have a score higher than allowed, providing improved blocking of spam and virus mails. policyd-weight caches the most frequent client/sender combinations (SPAM as well as HAM) to reduce the number of DNS queries. 2007-07-06 15:49:46 +02:00			`${INSTALL_DATA} ${WRKSRC}/policyd-weight.conf.sample \`
Mechanical changes to add DESTDIR support to packages that install their files via a custom do-install target. 2008-03-04 18:57:17 +01:00			`${DESTDIR}${EGDIR}/policyd-weight.conf`
Initial import of policyd-weight-0.1.14.5, packaged by bartosz at atom.eu.org via pkgsrc-wip. policyd-weight is a Perl policy daemon for the Postfix MTA (2.1 and later) intended to eliminate forged envelope senders and HELOs (i.e. in bogus mails). It allows you to score DNSBLs (RBL/RHSBL), HELO, MAIL FROM and client IP addresses before any queuing is done. It allows you to REJECT messages which have a score higher than allowed, providing improved blocking of spam and virus mails. policyd-weight caches the most frequent client/sender combinations (SPAM as well as HAM) to reduce the number of DNS queries. 2007-07-06 15:49:46 +02:00
			`.include "../../mk/bsd.pkg.mk"`