summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/NEWS6
-rw-r--r--debian/changelog6
-rw-r--r--debian/control10
-rw-r--r--debian/copyright6
-rw-r--r--debian/patches/mailinabox100
-rw-r--r--debian/patches/series2
6 files changed, 124 insertions, 6 deletions
diff --git a/debian/NEWS b/debian/NEWS
index dd09744..de7b640 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,9 @@
+postgrey (1.35-1miab1)
+
+ Added DNSWL.org whitelisting.
+
+ -- Joshua Tauberer <jt@occams.info> Mon May 18 18:58:40 EDT 2015
+
postgrey (1.32-1) unstable; urgency=low
Postgrey is now listening to port 10023 and not 60000. The latter was an
diff --git a/debian/changelog b/debian/changelog
index 1058e15..e5e3557 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+postgrey (1.35-1miab1) trusty; urgency=low
+
+ * Added DNSWL.org whitelisting.
+
+ -- Joshua Tauberer <jt@occams.info> Mon, 18 May 2015 21:58:40 +0000
+
postgrey (1.35-1) unstable; urgency=low
* New upstream release (Closes: 756486)
diff --git a/debian/control b/debian/control
index ce12ba6..0a82855 100644
--- a/debian/control
+++ b/debian/control
@@ -1,14 +1,13 @@
Source: postgrey
Section: mail
Priority: optional
-Maintainer: Antonio Radici <antonio@debian.org>
-Uploaders: Jon Daley <jondaley-guest@alioth.debian.org>
+Maintainer: Joshua Tauberer <jt@occams.info>
Build-Depends: debhelper (>= 7), quilt
Build-Depends-Indep: po-debconf
Standards-Version: 3.9.6
Homepage: http://postgrey.schweikert.ch/
-Vcs-Browser: http://git.debian.org/?p=collab-maint/postgrey.git
-Vcs-Git: git://git.debian.org/git/collab-maint/postgrey.git
+Vcs-Browser: https://github.com/mail-in-a-box/postgrey
+Vcs-Git: https://github.com/mail-in-a-box/postgrey
Package: postgrey
Architecture: all
@@ -25,3 +24,6 @@ Description: greylisting implementation for Postfix
.
While Postgrey is designed for use with Postfix, it can also be used
with Exim.
+ .
+ This version has been modified by Mail-in-a-Box to whitelist senders
+ in the DNSWL.org list. See https://mailinabox.email.
diff --git a/debian/copyright b/debian/copyright
index 3cbe377..bf09b89 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,6 +1,10 @@
+This package is a fork by Mail-in-a-Box (https://mailinabox.email). Original
+copyright statement follows:
+----------------------------------------------------------------------------
+
This Debian package was prepared by Adrian von Bidder <cmot@debian.org> in
July 2004, then the package was adopted by Antonio Radici <antonio@dyne.org>
-in Sept 2009
+in Sept 2009.
It was downloaded from http://postgrey.schweikert.ch/
diff --git a/debian/patches/mailinabox b/debian/patches/mailinabox
new file mode 100644
index 0000000..8c48746
--- /dev/null
+++ b/debian/patches/mailinabox
@@ -0,0 +1,100 @@
+Description: whitelist whatever dnswl.org whitelists
+ .
+ postgrey (1.35-1miab1) unstable; urgency=low
+ .
+ * Added DNSWL.org whitelisting.
+Author: Joshua Tauberer <jt@occams.info>
+
+--- postgrey-1.35.orig/README
++++ postgrey-1.35/README
+@@ -13,7 +13,7 @@ Requirements
+ - BerkeleyDB (Perl Module)
+ - Berkeley DB >= 4.1 (Library)
+ - Digest::SHA (Perl Module, only for --privacy option)
+-
++- Net::DNS (Perl Module)
+
+ Documentation
+ -------------
+--- postgrey-1.35.orig/postgrey
++++ postgrey-1.35/postgrey
+@@ -18,6 +18,7 @@ use Fcntl ':flock'; # import LOCK_* cons
+ use Sys::Hostname;
+ use Sys::Syslog; # used only to find out which version we use
+ use POSIX qw(strftime setlocale LC_ALL);
++use Net::DNS; # for DNSWL.org whitelisting
+
+ use vars qw(@ISA);
+ @ISA = qw(Net::Server::Multiplex);
+@@ -26,6 +27,8 @@ my $VERSION = '1.35';
+ my $DEFAULT_DBDIR = '/var/lib/postgrey';
+ my $CONFIG_DIR = '/etc/postgrey';
+
++my $dns_resolver = Net::DNS::Resolver->new;
++
+ sub cidr_parse($)
+ {
+ defined $_[0] or return undef;
+@@ -48,6 +51,36 @@ sub cidr_match($$$)
+ return ($addr & $mask) == $net;
+ }
+
++sub reverseDottedQuad {
++ # This is the sub _chkValidPublicIP from Net::DNSBL by PJ Goodwin
++ # at http://www.the42.net/net-dnsbl.
++ my ($quad) = @_;
++ if ($quad =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/) {
++ my ($ip1,$ip2,$ip3,$ip4) = ($1, $2, $3, $4);
++ if (
++ $ip1 == 10 || #10.0.0.0/8 (10/8)
++ ($ip1 == 172 && $ip2 >= 16 && $ip2 <= 31) || #172.16.0.0/12 (172.16/12)
++ ($ip1 == 192 && $ip2 == 168) || #192.168.0.0/16 (192.168/16)
++ $quad eq '127.0.0.1' # localhost
++ ) {
++ # toss the RFC1918 specified privates
++ return undef;
++ } elsif (
++ ($ip1 <= 1 || $ip1 > 254) ||
++ ($ip2 < 0 || $ip2 > 255) ||
++ ($ip3 < 0 || $ip3 > 255) ||
++ ($ip4 < 0 || $ip4 > 255)
++ ) {
++ #invalid oct, toss it;
++ return undef;
++ }
++ my $revquad = $ip4 . "." . $ip3 . "." . $ip2 . "." . $ip1;
++ return $revquad;
++ } else { # invalid quad
++ return undef;
++ }
++}
++
+ sub read_clients_whitelists($)
+ {
+ my ($self) = @_;
+@@ -361,6 +394,25 @@ sub smtpd_access_policy($$)
+ }
+ }
+
++ # whitelist clients in dnswl.org
++ my $revip = reverseDottedQuad($attr->{client_address});
++ if ($revip) { # valid IP / plausibly in DNSWL
++ my $answer = $dns_resolver->send($revip . '.list.dnswl.org');
++ if ($answer && scalar($answer->answer) > 0) {
++ my @rrs = $answer->answer;
++ if ($rrs[0]->type eq 'A' && $rrs[0]->address ne '127.0.0.255') {
++ # Address appears in DNSWL. (127.0.0.255 means we were rate-limited.)
++ my $code = $rrs[0]->address;
++ if ($code =~ /^127.0.(\d+)\.([0-3])$/) {
++ my %dnswltrust = (0 => 'legitimate', 1 => 'occasional spam', 2 => 'rare spam', 3 => 'highly unlikely to send spam');
++ $code = $2 . '/' . $dnswltrust{$2};
++ }
++ $self->mylog_action($attr, 'pass', 'client whitelisted by dnswl.org (' . $code . ')');
++ return 'DUNNO';
++ }
++ }
++ }
++
+ # auto whitelist clients (see below for explanation)
+ my ($cawl_db, $cawl_key, $cawl_count, $cawl_last);
+ if($self->{postgrey}{awl_clients}) {
diff --git a/debian/patches/series b/debian/patches/series
index f4c5e31..3cd62b8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,3 @@
imported-upstream-diff
disable-transaction-logic
-
+mailinabox