Milter-greylist

Here is final 4.4 release

http://ftp.espci.fr/pub/milter-greylist/milter-greylist-4.4.tgz
MD5 (milter-greylist-4.4.tgz) = 5030c7767c4e4d59497224cd38728ba6

Changelog since last stable release:

4.4
        Attempt to apply subjtag even if message is bigger than maxpeek
4.4rc1
        Fix build --with-spamd
        Man page layout improvements
4.4a4
        subjtag fix
        better handling of ldap escapes in substitution strings
4.4a3
        buildmx and builddkim for RPM, fix libsm dependency (Rudy Eschauzier)
        Improve regex examples in documentation (Denis Solovyov)
        Documentation fix on SPF (Attila Bruncsak) 
        Mkdir parent dir for pidfile/socket/dumpfile
        Add helpful error message if mkdir fails
        Fix duplicate logging when run with -D via systemd
        Add subjtag clause in DATA stage ACL to add a tag to message subject
        Allow comparison of msgsize, rcptcount & spamd, against values from LDAP
        Format string substitution get %-encoding for urlcheck
        Format string substitution get \-escapes and %-encoding for ldapcheck
4.4a2
        Build fixes
        Fix corrupted log output
4.4a1
        Typo fixes in man pages (Bernhard Schneider)
        localaddr option so that Postifix user can use spf self
        Allow filtering header and body against LDAP or CURL gathered properties
        Add format string to report last matching LDAP or CURL propery
        Fix memory corruption bug
        Add a addfooter action clause in ACL, to add mail a footer
        Allow per-dacl maxpeek setting, set by maxpeer action clause in racl
        Add LDAP or CURL gathered property substitution in format strings
        Add continue type ACL
        p0f v3 support
4.3.9
        Fix wrong message size tracking, causing bug in spamd (Attila Bruncsak)
        Fix ratelimit sliding window for computing average
        Fix p0f port byte order (Enrico Scholz)
        Fix milter-greylist.m4 for newer Sendmail (Joe Pruett)
        Fix autoconf warning about --datarootdir (R P Herrold)
        Add spamassassin toggling to the .spec file (Adam Katz)
        Fix DKIM (John Wood, Jörgen Lundman)
4.3.8
        Fix spamd hang if message contains NULL (Enrico Scholz)
        Format string for SpamAssassin score
        Build fix for Solaris
        Send the queueid to spamd (Petar Bogdanovic)
        Close-on-exec sockets to avoid file shortage with stat (Enrico Scholz)
        Add a missing comma in X-Greylist (Kouhei Sutou)
        Look for liresolv in ${libdir} instead of /usr/lib (DUFRESNE VINCENT)
        Fix SPF on Postfix (Kouhei Sutou)
4.3.7
        Build fix when SPF is enabled
        Ratelimit on SMTP sessions and data size
        Fix missing ratelimit initialization 
        Test for legacy config file timestamp so that it does not loop reloading
4.3.6
        New rate limiting feature
        Add a domatch keyword to ldapconf to enable ldapcheck matches
        Network byte order byg fix in p0f code (Adrian Dabrowski)
        Fix MX clause wrong results caused by thread unsafety (Hajimu UMEMOTO)
        Do not reject message if p0f cannot identiy the remote system
4.3.5
        Update .spec file for libcurl, GeoIP and p0f support (Chris Bennett)
        Really support dkim self and dkim none clauses
        Better configure test to avoid resolver memory leaks (Hajimu UMEMOTO)
        Fix p0f wrong results caused by thread unsafety (Enrico Scholz)
        Fix GeoIP related crashes caused by thread unsafety (Enrico Scholz)
        Start as root and drop priv later on RedHat (Ole Hansen)
        Fix dumpfile argument on command line (Ole Hansen)
        Fix missing reason for whitelisting (Attila Bruncsak)
        Wait 5 seconds before stopping, for database dump (Attila Bruncsak)
        Add mx ACL clause (Rudy Eschauzier)
        Do not use socket mode for the PID file (Kouhei Sutou)
        Fix tarpit deadlock (Kouhei Sutou)
4.3.4
        Restore not ACL keyword functionnality (Benoit Branciard)
        Fix uninitialized thread condition variable (Petar Bogdanovic)
        Fix Debian startup script
        New tarpit feature (Kouhei Sutou)
        Support make install as unprivilegied user (Kouhei Sutou)
4.3.3 
        Fix unallocated memory use for ldapcheck and urlcheck property matching
        Fix off-by one bug in DATA stage filtering (Pascal Lalonde)
        Allow ACL override by ldapcheck clauses (Piotr Wadas)
        Header for autowhitelisted messages bug fix (Attila Bruncsak)
        Fix MX sync stop on config reload (Attila Bruncsak, Hajimu UMEMOTO)
        Improve Debian startup script (Adam Katz)
        Make SpamAssassin headers Sendmail-like (Petar Bogdanovic)
4.3.2
        Merge autowhite and greylist databases (Rudy Eschauzier)
4.3.1
        Log ACL id instead of line number (John Thiltges)
        Fix LDAP thread safety issues
        Make LDAP querries timeout configurable
        Make MX sync timeout peer-configurable (Attila Bruncsak)
        Fix a crash when LDAP server is down
        Update contributor list
        Make sure dump is really on disk even with a buggy ext4fs
        Build with OpenLDAP but not CURL (Matthias Scheler)
        Do not complain about unreachable p0f daemon if it is unconfigured
        Fix buffer overflow in SpamAssassin support (Enrico Scholz)
        Fix socket mode in sample config file
        Build fix on tru64 and Solaris
        4.2 Branch forked


-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Le jeu. 11/10/2012 à 06:37, manu@... a écrit :
>   
> 
> Here is final 4.4 release
> 
> http://ftp.espci.fr/pub/milter-greylist/milter-greylist-4.4.tgz
> MD5 (milter-greylist-4.4.tgz) = 5030c7767c4e4d59497224cd38728ba6

Under Solaris 10 using an unchanged 4.2.7 release conf file
milter-greylist create a socket belonging to root causing sendmail to
abort :

with 4.4

srwxr-xr-x   1 root     root           0 Oct 11 10:48 milter-greylist.sock

with 4.2.7 owner was the same as «user "smmsp"» config file.

srwxr-xr-x   1 smmsp    smmsp          0 Oct 11 11:03 milter-greylist.sock

===
Workarounded by adding line marked <<<<< above in the startup script

...
mildir="/var/milter-greylist"
socket="$mildir/milter-greylist.sock"
binpath="/usr/local/bin"
user="smmsp"

OPTIONS="-v"

case "$1" in
  start)
        # Start daemon.
        echo "Starting milter-greylist: ... \c"
        chown $user $mildir
        ulimit -n 1024
        $binpath/milter-greylist $OPTIONS
        chown $user $socket    <<<<<
        echo "done."
        ;;
...


===
[ Oct 11 10:40:12 Method "start" exited with status 0 ]
451 4.0.0 /etc/mail/sendmail.cf: line 1944: Xgreylist: local socket name
/var/milter-greylist/milter-greylist.sock unsafe: Permission denied
[ Oct 11 10:40:13 Stopping because all processes in service exited. ]
[ Oct 11 10:40:13 Executing stop method ("/lib/svc/method/smtp-sendmail
stop 11659") ]
===



-- 
Christian Pélissier
Office National d'Études et de Recherches Aérospatiales
BP 72 92322 Chatillon
Tel: 33 1 46 73 44 19, Fax: 33 1 46 73 41 50

On Thu, Oct 11, 2012 at 11:19:03AM +0200, Christian P\ufffdlissier wrote:
> with 4.4
> 
> srwxr-xr-x   1 root     root           0 Oct 11 10:48 milter-greylist.sock
> 
> with 4.2.7 owner was the same as \ufffduser "smmsp"\ufffd config file.
> 
> srwxr-xr-x   1 smmsp    smmsp          0 Oct 11 11:03 milter-greylist.sock

Please try confgure --with-user=smmsp

-- 
Emmanuel Dreyfus
manu@...

Le jeu. 11/10/2012 à 17:28, Emmanuel Dreyfus a écrit :
>   
> 
> On Thu, Oct 11, 2012 at 11:19:03AM +0200, Christian Pélissier wrote:
> > with 4.4
> > 
> > srwxr-xr-x 1 root root 0 Oct 11 10:48 milter-greylist.sock
> > 
> > with 4.2.7 owner was the same as «user "smmsp"» config file.
> > 
> > srwxr-xr-x 1 smmsp smmsp 0 Oct 11 11:03 milter-greylist.sock
> 
> Please try confgure --with-user=smmsp

Same problem with --with-user=smmsp socket is owner root.

milter-greylist is running  as smmsp
smmsp 24159     1   0 08:59:06 ?           0:00
/usr/local/bin/milter-greylist -v

Probably code for socket creation as moved from a  place where
milter-greylist is euid smmsp to another one where milter-greylist is
euid root between 4.2.7 and 4.4 releases.

> 
> -- 
> Emmanuel Dreyfus
> manu@netbsd.org
> 
> 
> 
> 
-- 
Christian Pélissier
Office National d'Études et de Recherches Aérospatiales
BP 72 92322 Chatillon
Tel: 33 1 46 73 44 19, Fax: 33 1 46 73 41 50

... Does the attached patch fix the problem? -- Emmanuel Dreyfus manu@netbsd.org

Le ven. 12/10/2012 à 09:55, Emmanuel Dreyfus a écrit :
>   
> [Attachment(s) from Emmanuel Dreyfus included below] 
> 
> On Fri, Oct 12, 2012 at 09:02:20AM +0200, Christian Pélissier wrote:
> > Same problem with --with-user=smmsp socket is owner root.
> 
> Does the attached patch fix the problem?
Yes it does.
Thank's.



> -- 
> Emmanuel Dreyfus
> manu@netbsd.org
> 
> 
> 
> 
-- 
Christian Pélissier
Office National d'Études et de Recherches Aérospatiales
BP 72 92322 Chatillon
Tel: 33 1 46 73 44 19, Fax: 33 1 46 73 41 50

Emmanuel Dreyfus <manu@...> wrote:

> > Same problem with --with-user=smmsp socket is owner root. 
> Does the attached patch fix the problem?

No reply? I'd like to you your feedback before releasing a 4.4.1

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Bonjour,

J'ai bien répondu sur la liste. Le patch fixe bien le problème.
Merci.


Le mer. 17/10/2012 à 03:16, manu@... a écrit :
>   
> 
> Emmanuel Dreyfus <manu@...> wrote:
> 
> > > Same problem with --with-user=smmsp socket is owner root. 
> > Does the attached patch fix the problem?
> 
> No reply? I'd like to you your feedback before releasing a 4.4.1
> 
> -- 
> Emmanuel Dreyfus
> http://hcpnet.free.fr/pubz
> manu@...
> 
> 
> 
> 
-- 
Christian Pélissier
Office National d'Études et de Recherches Aérospatiales
BP 72 92322 Chatillon
Tel: 33 1 46 73 44 19, Fax: 33 1 46 73 41 50