summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAntonio Radici <antonio@debian.org>2014-10-24 21:09:37 +0000
committerAntonio Radici <antonio@debian.org>2014-10-24 21:09:37 +0000
commiteb64540aac8b727295c8abd11576e5db0ae58c9f (patch)
treec47046d5ec3cdda2893ab469f92702c0b5a6c552
parentc5ce8492b63612b46a6f53f2ba951522c8d63752 (diff)
Imported Upstream version 1.35
-rw-r--r--Changes11
-rw-r--r--README3
-rwxr-xr-xpostgrey29
-rw-r--r--postgrey_whitelist_clients25
4 files changed, 60 insertions, 8 deletions
diff --git a/Changes b/Changes
index 272f557..6d9863f 100644
--- a/Changes
+++ b/Changes
@@ -1,3 +1,14 @@
+* 2014-06-11: version 1.35
+ - use just 'postgrey' as process name, instead of '/usr/sbin/postgrey', because
+ Linux tools are limited to 15 characters (#5)
+ - updated whitelist
+
+* 2011-05-04: version 1.34
+
+ - gracefully handle future timestamps in the database (Andreas Hoedle)
+ - replaced obsolete Digest::SHA1 with Digest::SHA (Salvatore Bonaccorso)
+ - updated whitelist
+
* 2010-05-04: version 1.33
- fix warning with IPv6 address (Edwin Kremer)
diff --git a/README b/README
index 6802e50..cabd8b1 100644
--- a/README
+++ b/README
@@ -12,6 +12,7 @@ Requirements
- IO::Multiplex (Perl Module)
- BerkeleyDB (Perl Module)
- Berkeley DB >= 4.1 (Library)
+- Digest::SHA (Perl Module, only for --privacy option)
Documentation
@@ -37,4 +38,4 @@ subject 'subscribe' to:
There is also a mailing-list archive, where you might find answers:
- http://lists.ee.ethz.ch/postgrey
+ http://lists.ee.ethz.ch/wws/arc/postgrey
diff --git a/postgrey b/postgrey
index 0149bad..a1e39fb 100755
--- a/postgrey
+++ b/postgrey
@@ -22,7 +22,7 @@ use POSIX qw(strftime setlocale LC_ALL);
use vars qw(@ISA);
@ISA = qw(Net::Server::Multiplex);
-my $VERSION = '1.33';
+my $VERSION = '1.35';
my $DEFAULT_DBDIR = '/var/spool/postfix/postgrey';
my $CONFIG_DIR = '/etc/postfix';
@@ -375,7 +375,7 @@ sub smtpd_access_policy($$)
$cawl_db = $self->{postgrey}{db_cawl};
$cawl_key = $attr->{client_address};
if ($self->{postgrey}{privacy}) {
- $cawl_key = Digest::SHA1::sha1_hex($cawl_key);
+ $cawl_key = Digest::SHA::sha1_hex($cawl_key);
}
my $cawl_val = $cawl_db->{$cawl_key};
($cawl_count, $cawl_last) = split(/,/,$cawl_val) if defined $cawl_val;
@@ -383,7 +383,7 @@ sub smtpd_access_policy($$)
# whitelist if count is enough
if(defined $cawl_count and $cawl_count >= $self->{postgrey}{awl_clients})
{
- if($now >= $cawl_last+3600) {
+ if(($now >= $cawl_last+3600) or ($cawl_last > $now)) {
$cawl_count++; # for statistics
$cawl_db->{$cawl_key}=$cawl_count.','.$now;
}
@@ -398,7 +398,7 @@ sub smtpd_access_policy($$)
$self->do_client_substitutions($attr->{client_address}, $attr->{client_name});
my $key = lc "$client_net/$sender/$attr->{recipient}";
if ($self->{postgrey}{privacy}) {
- $key = Digest::SHA1::sha1_hex($key);
+ $key = Digest::SHA::sha1_hex($key);
}
my $val = $db->{$key};
my $first;
@@ -416,6 +416,11 @@ sub smtpd_access_policy($$)
# it is beyond the retry_window
$first = $now if $now-$first > $self->{postgrey}{retry_window};
}
+ # test for invalid first-seen date in the future
+ if($first > $now) {
+ $self->mylog(1, "correcting date for first seen in the future!");
+ $first = $now;
+ }
}
else {
$first = $now;
@@ -552,6 +557,16 @@ sub main()
if($opt{dbdir}) {
$opt{dbdir} =~ /^(.*)$/; $opt{dbdir} = $1;
}
+ # untaint what is given on --pidfile. It is not security sensitive since
+ # it is provided by the admin
+ if($opt{pidfile}) {
+ $opt{pidfile} =~ /^(.*)$/; $opt{pidfile} = $1;
+ }
+ # untaint what is given on --inet. It is not security sensitive since
+ # it is provided by the admin
+ if($opt{inet}) {
+ $opt{inet} =~ /^(.*)$/; $opt{inet} = $1;
+ }
# determine proper "logsock" for Sys::Syslog
my $syslog_logsock;
@@ -577,7 +592,7 @@ sub main()
# create Net::Server object and run it
my $server = bless {
server => {
- commandline => [ $0, @ARGV_saved ],
+ commandline => [ 'postgrey', @ARGV_saved ],
port => [ $opt{inet} ? $opt{inet} : $opt{unix}."|unix" ],
proto => $opt{inet} ? 'tcp' : 'unix',
user => $opt{user} || 'postgrey',
@@ -623,9 +638,9 @@ sub main()
$server->read_clients_whitelists();
$server->read_recipients_whitelists();
- # --privacy requires Digest::SHA1
+ # --privacy requires Digest::SHA
if($opt{'privacy'}) {
- require Digest::SHA1;
+ require Digest::SHA;
}
$0 = join(' ', @{$server->{server}{commandline}});
diff --git a/postgrey_whitelist_clients b/postgrey_whitelist_clients
index f4ecb0d..31eb1be 100644
--- a/postgrey_whitelist_clients
+++ b/postgrey_whitelist_clients
@@ -2,6 +2,8 @@
# --------------------------------------------
# put this file in /etc/postfix or specify its path
# with --whitelist-clients=xxx
+#
+# postgrey version: 1.35, build date: 2014-06-11
# greylisting.org: Southwest Airlines (unique sender, no retry)
southwest.com
@@ -196,9 +198,32 @@ yahoo.com
/^outmail\d+\.sctm\.tfbnw\.net$/
# 2009-02-10: server14.cyon.ch (long retry, reported by Alex Beckert)
server14.cyon.ch
+# 2009-08-19: 126.com (big pool)
+/^m\d+-\d+\.126\.com$/
# 2010-01-08: tifr.res.in (no retry, reported by Alex Beckert)
home.theory.tifr.res.in
# 2010-01-08: 1blu.de (long retry, reported by Alex Beckert)
ms4-1.1blu.de
# 2010-03-17: chello.at (big pool, reported by Jan-willem van Eys)
/^viefep\d+-int\.chello\.at$/
+# 2010-05-31: nic.nu (long retry, reported by Ivan Sie)
+mx.nic.nu
+# 2010-06-10: Microsoft servers (long/no retry, reported by Roy McMorran)
+bigfish.com
+frontbridge.com
+microsoft.com
+# 2010-06-18: Google/Postini (big pool, reported by Warren Trakman)
+postini.com
+# 2011-02-04: evanzo-server.de (no retry, reported by Andre Hoepner)
+/^mx.*\.evanzo-server\.de$/
+# 2011-05-02: upcmail.net (big pool, reported by Michael Monnerie)
+upcmail.net
+# 2013-12-18: orange.fr (big pool, reported by fulax)
+/^smtp\d+\.smtpout\.orange\.fr$/
+# 2014-01-29: gmx/web.de/1&1 (long retry, reported by Axel Beckert)
+mout-xforward.gmx.net
+mout-xforward.web.de
+mout-xforward.kundenserver.de
+mout-xforward.perfora.net
+# 2014-02-01: startcom.org (long retry, reported by jweiher)
+gateway.startcom.org