--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: buster-pu: package spf-engine/2.9.0-4
- From: Scott Kitterman <debian@kitterman.com>
- Date: Mon, 14 Oct 2019 23:14:12 -0400
- Message-id: <157110925246.23410.13519131981344461972.reportbug@l5580.kitterman.com>
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
There are a number of important fixes proposed for this upload,
including a new bugfix release from upstream. The changes are all
already in Testing (spf-engine is currently marked for removal from
Testing, but that's related to the overall bullseye python2 removal
effort - unrelated to these changes - and it should be resolved before
any removal happens).
The most important fix is:
* Catch pyspf tracebacks so at least we don't die (thanks to Adi Pircalabu
for both the report and the suggested fix) (LP: #1842005)
spf-engine-2.9.1/spf_engine/__init__.py hunk at line 542 and 640
The next most important change is:
* Correct over-writing of SPF identity by SPF reason for HELO checks and the
reverse for Mail From (LP: #1822685)
Which is the balance of the changes in spf_engine/__init.py.
These are small, low risk changes that will benefit users of both the
postfix policy server and milter variants of the package.
Similar to dkimpy-milter (same upstream made the same mistakes):
packaging and upstream fixes so sysvinit works.
This only affects the milter and it's totally broken now, so there is no
regression risk.
Finally, there are man page cleanups (deletion of obsolete .IX headers
that strictly aren't needed, but they are harmless and it'd be nice to
be able to just ship the new upstream.
Scott K
diff -Nru spf-engine-2.9.0/CHANGES spf-engine-2.9.1/CHANGES
--- spf-engine-2.9.0/CHANGES 2019-02-01 18:58:14.000000000 -0500
+++ spf-engine-2.9.1/CHANGES 2019-10-06 20:31:00.000000000 -0400
@@ -4,6 +4,14 @@
# ! = Changed something significant, or removed a feature
# * = Fixed a bug, or made a minor improvement
+--- 2.9.1 (2019-10-06)
+ * Use /run instead of /var/run
+ * Fix-up sysv init so it works
+ * Catch pyspf tracebacks so at least we don't die (thanks to Adi Pircalabu
+ for both the report and the suggested fix) (LP: #1842005)
+ * Correct over-writing of SPF identity by SPF reason for HELO checks and the
+ reverse for Mail From (LP: #1822685)
+
--- 2.9.0 (2019-02-01)
+ Initial alpha release with pyspf-milter added
* Use HOSTNAME for Authserv_Id lookup function from dkimpy-milter for both
diff -Nru spf-engine-2.9.0/debian/changelog spf-engine-2.9.1/debian/changelog
--- spf-engine-2.9.0/debian/changelog 2019-05-05 18:07:33.000000000 -0400
+++ spf-engine-2.9.1/debian/changelog 2019-10-14 19:04:55.000000000 -0400
@@ -1,3 +1,14 @@
+spf-engine (2.9.1-0+deb10u1) buster; urgency=medium
+
+ * New upstream bugfix release
+ * Put upstream provided init file where dh_installinit expects to find it
+ so it is properly registered on install
+ * Update debian/watch so limit itself to version 2.9.x updates for buster
+ * Update debian/patches/0001-install-conf-fix.patch for missed change needed
+ in sysv init
+
+ -- Scott Kitterman <scott@kitterman.com> Mon, 14 Oct 2019 19:04:55 -0400
+
spf-engine (2.9.0-4) unstable; urgency=medium
* Fix missing depends on python3-pkg-resources:
diff -Nru spf-engine-2.9.0/debian/gbp.conf spf-engine-2.9.1/debian/gbp.conf
--- spf-engine-2.9.0/debian/gbp.conf 2019-05-05 18:06:13.000000000 -0400
+++ spf-engine-2.9.1/debian/gbp.conf 2019-10-14 19:02:19.000000000 -0400
@@ -1,2 +1,2 @@
[DEFAULT]
-debian-branch=debian/master
+debian-branch=debian/buster
diff -Nru spf-engine-2.9.0/debian/patches/0001-install-conf-fix.patch spf-engine-2.9.1/debian/patches/0001-install-conf-fix.patch
--- spf-engine-2.9.0/debian/patches/0001-install-conf-fix.patch 2019-05-05 18:06:13.000000000 -0400
+++ spf-engine-2.9.1/debian/patches/0001-install-conf-fix.patch 2019-10-14 19:04:00.000000000 -0400
@@ -9,15 +9,15 @@
policyd-spf.conf.5 | 4 ++--
setup.py | 9 +++++----
spf_engine/policyd_spf.py | 2 +-
- system/pyspf-milter | 2 +-
+ system/pyspf-milter | 4 ++--
system/pyspf-milter.service | 2 +-
- 6 files changed, 21 insertions(+), 21 deletions(-)
+ 6 files changed, 22 insertions(+), 22 deletions(-)
diff --git a/policyd-spf.1 b/policyd-spf.1
-index 62d5992..0bc8bda 100644
+index e7b43fc..c189543 100644
--- a/policyd-spf.1
+++ b/policyd-spf.1
-@@ -147,12 +147,13 @@ $ policyd-spf (Start using installed config file)
+@@ -144,12 +144,13 @@ $ policyd-spf (Start using installed config file)
$ policyd-spf \-h (Display usage message)
@@ -36,7 +36,7 @@
Additionally, whitelisting certain IP addresses or IP addresses used by listed
domains from SPF checks is supported. Skipping SPF checks for local submission
-@@ -256,15 +257,13 @@ followed by a empty line:
+@@ -247,15 +248,13 @@ followed by a empty line:
1. Add the following to /etc/postfix/master.cf:
policyd-spf unix - n n - 0 spawn
@@ -58,19 +58,19 @@
2. Configure the Postfix policy service in /etc/postfix/main.cf:
diff --git a/policyd-spf.conf.5 b/policyd-spf.conf.5
-index a33e2e2..118044d 100644
+index 362e79d..a5cb92c 100644
--- a/policyd-spf.conf.5
+++ b/policyd-spf.conf.5
-@@ -140,7 +140,7 @@ policyd-spf python configuration parameters
+@@ -137,7 +137,7 @@ policyd-spf python configuration parameters
+
.SH "USAGE"
- .IX Header "USAGE"
Usage:
- policyd-spf [/etc/policyd-spf/policyd-spf.conf]
+ policyd-spf [/etc/postfix-policyd-spf-python/policyd-spf.conf]
.SH "OTHER DOCUMENTATION"
- .IX Header "OTHER DOCUMENTATION"
-@@ -168,7 +168,7 @@ file.
+ This documentation assumes you have read Postfix's README_FILES/
+@@ -162,7 +162,7 @@ file.
Configuration options are described here and in the configuration file
provided with the package. The provided setup.py installs this configuration
@@ -80,7 +80,7 @@
Additionally, whitelisting certain IP addresses from SPF checks is supported.
This man page and the sample configuration file show the format to use.
diff --git a/setup.py b/setup.py
-index 1fba001..e6f9a6a 100755
+index 159135e..c856745 100644
--- a/setup.py
+++ b/setup.py
@@ -25,10 +25,11 @@ setup(name='spf-engine',
@@ -100,7 +100,7 @@
classifiers = [
'Development Status :: 5 - Production/Stable',
diff --git a/spf_engine/policyd_spf.py b/spf_engine/policyd_spf.py
-index c78c8b6..c08c1e8 100644
+index 8fb77b2..d0536d6 100644
--- a/spf_engine/policyd_spf.py
+++ b/spf_engine/policyd_spf.py
@@ -46,7 +46,7 @@ def main():
@@ -113,26 +113,29 @@
if sys.argv[1] in ( '-?', '--help', '-h' ):
print('usage: policyd-spf [<configfilename>]')
diff --git a/system/pyspf-milter b/system/pyspf-milter
-index a64cb6d..ae7d4ca 100755
+index c299c4d..eaa9cee 100644
--- a/system/pyspf-milter
+++ b/system/pyspf-milter
-@@ -18,7 +18,7 @@
+@@ -18,9 +18,9 @@
# Short-Description: pyspf-milter
# Description: Python SPF Milter for Sendmail and Postfix
### END INIT INFO
-prefix="/usr/local"
+prefix="/usr"
exec_prefix=${prefix}
- sysconfdir="/etc/pyspf-milter"
+-sysconfdir="/usr/local/etc"
++sysconfdir="/etc"
bindir="${exec_prefix}/bin/"
+ RUNDIR="/run/pyspf-milter"
+ DAEMON=${bindir}/pyspf-milter
diff --git a/system/pyspf-milter.service b/system/pyspf-milter.service
-index 7de9d26..6a2ce4a 100644
+index 4ab8922..b8794c8 100644
--- a/system/pyspf-milter.service
+++ b/system/pyspf-milter.service
@@ -6,7 +6,7 @@ After=network.target
[Service]
Type=simple
- PIDFile=/var/run/pyspf-milter/pyspf-milter.pid
+ PIDFile=/run/pyspf-milter/pyspf-milter.pid
-ExecStart=/usr/local/bin/pyspf-milter /usr/local/etc/pyspf-milter.conf
+ExecStart=/usr/bin/pyspf-milter /etc/pyspf-milter/pyspf-milter.conf
diff -Nru spf-engine-2.9.0/debian/rules spf-engine-2.9.1/debian/rules
--- spf-engine-2.9.0/debian/rules 2019-05-05 18:06:13.000000000 -0400
+++ spf-engine-2.9.1/debian/rules 2019-10-14 18:48:03.000000000 -0400
@@ -13,8 +13,11 @@
dh_install debian/postfix-policyd-spf-python.logcheck etc/logcheck/ignore.d.server/
mv $(CURDIR)/debian/postfix-policyd-spf-python/etc/logcheck/ignore.d.server/postfix-policyd-spf-python.logcheck \
$(CURDIR)/debian/postfix-policyd-spf-python/etc/logcheck/ignore.d.server/postfix-policyd-spf-python
+ cp system/pyspf-milter debian/pyspf-milter.init
+ mkdir -p debian/pyspf-milter/etc
+
override_dh_auto_clean:
python3 $(CURDIR)/setup.py clean
rm -rf $(CURDIR)/build
-
+ rm -f debian/pyspf-milter.init
diff -Nru spf-engine-2.9.0/debian/watch spf-engine-2.9.1/debian/watch
--- spf-engine-2.9.0/debian/watch 2019-05-05 18:06:13.000000000 -0400
+++ spf-engine-2.9.1/debian/watch 2019-10-14 19:02:19.000000000 -0400
@@ -1,3 +1,3 @@
version=3
-https://launchpad.net/spf-engine/+download https://launchpad.net/spf-engine/.*/.*/spf-engine-(.*)\.tar\.gz
+https://launchpad.net/spf-engine/+download https://launchpad.net/spf-engine/.*/.*/spf-engine-(2.9.*)\.tar\.gz
diff -Nru spf-engine-2.9.0/PKG-INFO spf-engine-2.9.1/PKG-INFO
--- spf-engine-2.9.0/PKG-INFO 2019-02-01 18:58:35.000000000 -0500
+++ spf-engine-2.9.1/PKG-INFO 2019-10-06 20:31:42.000000000 -0400
@@ -1,6 +1,6 @@
-Metadata-Version: 1.1
+Metadata-Version: 2.1
Name: spf-engine
-Version: 2.9.0
+Version: 2.9.1
Summary: SPF processing for Postfix (and Sendmail)
Home-page: https://launchpad.net/spf-engine
Author: Scott Kitterman
@@ -18,3 +18,4 @@
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Communications :: Email :: Mail Transport Agents
Classifier: Topic :: Communications :: Email :: Filters
+Provides-Extra: milter
diff -Nru spf-engine-2.9.0/policyd-spf.1 spf-engine-2.9.1/policyd-spf.1
--- spf-engine-2.9.0/policyd-spf.1 2018-06-10 00:16:27.000000000 -0400
+++ spf-engine-2.9.1/policyd-spf.1 2019-02-07 21:06:40.000000000 -0500
@@ -127,18 +127,15 @@
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
-.IX Title "policy-spf 1"
.TH POLICYD-SPF 1
.SH "NAME"
policyd-spf
\-
pure-Python Postfix policy daemon for SPF checking
.SH "VERSION"
-.IX Header "VERSION"
2\.0\.0
.SH "USAGE"
-.IX Header "USAGE"
NOTE: Depending on the packaging and distribution, the exact path to the
executable may vary.
@@ -160,7 +157,6 @@
policyd-spf.conf(5) shows the format to use.
.SH "OTHER DOCUMENTATION"
-.IX Header "OTHER DOCUMENTATION"
This documentation assumes you have read Postfix's README_FILES/
SMTPD_POLICY_README and are generally familiar with Sender Policy Framework
(SPF). See RFC 7208 for details.
@@ -171,7 +167,6 @@
different configuration options on a per user (mail reciepient) basis.
.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
python-policyd-spf is a Postfix SMTPd policy daemon for SPF checking.
It is implemented in pure Python and uses the pyspf module. The SPF
@@ -179,7 +174,6 @@
changed to check SPF.
.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
Logging is sent to syslogd.
@@ -212,7 +206,6 @@
administrators. See policyd-spf.conf(5) for configuration file details.
.SH "LOGGING"
-.IX Header "LOGGING"
Policyd-spf will log messages to syslog about it's activities. The "debugLevel"
value in "policyd-spf.conf" can be increased to get additional information to
@@ -222,7 +215,6 @@
mail log files.
.SH "TESTING THE POLICY DAEMON"
-.IX Header "TESTING THE POLICY DAEMON"
Testing the policy daemon
To test the policy daemon by hand, execute:
@@ -251,7 +243,6 @@
[empty line]
.SH "POSTFIX INTEGRATION"
-.IX Header "POSTFIX INTEGRATION"
1. Add the following to /etc/postfix/master.cf:
@@ -282,7 +273,6 @@
3. Reload Postfix.
.SH "PERFORMANCE CONSIDERATIONS"
-.IX Header "PERFORMANCE CONSIDERATIONS"
The time to complete DNS lookups associated with SPF checks is the most
significant factor in policy server performance. Use of a capable local
@@ -316,12 +306,10 @@
value should be raised.
.SH "SEE ALSO"
-.IX Header "SEE ALSO"
policyd-spf.conf(5), policyd-spf.peruser(5), python-spf,
<http://www.openspf.org>, RFC 7208
.SH "AUTHORS"
-.IX Header "AUTHORS"
This version of \fBpolicyd-spf (python)\fR was written by Copyright © 2007-2016
Scott Kitterman <scott@kitterman.com>. It is derived from Tumgreyspf,
written by Sean Reifschneider, tummy.com, ltd <jafo@tummy.com>. Portions of
diff -Nru spf-engine-2.9.0/policyd-spf.conf.5 spf-engine-2.9.1/policyd-spf.conf.5
--- spf-engine-2.9.0/policyd-spf.conf.5 2018-06-10 00:16:27.000000000 -0400
+++ spf-engine-2.9.1/policyd-spf.conf.5 2019-02-07 21:09:08.000000000 -0500
@@ -127,23 +127,19 @@
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
-.IX Title "policy-spf.conf 5"
.TH policy-spf.conf 5
.SH "NAME"
policyd-spf
\-
policyd-spf python configuration parameters
.SH "VERSION"
-.IX Header "VERSION"
2\.0\.0
.SH "USAGE"
-.IX Header "USAGE"
Usage:
policyd-spf [/etc/policyd-spf/policyd-spf.conf]
.SH "OTHER DOCUMENTATION"
-.IX Header "OTHER DOCUMENTATION"
This documentation assumes you have read Postfix's README_FILES/
SMTPD_POLICY_README and are generally familiar with Sender Policy Framework
(SPF). See RFC 7208 for details.
@@ -155,7 +151,6 @@
different configuration options on a per user (mail reciepient) basis.
.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
python-policyd-spf operates with a default installed configuration file and
set of default configuration options that are used if the configuration file
@@ -164,7 +159,6 @@
file.
.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
Configuration options are described here and in the configuration file
provided with the package. The provided setup.py installs this configuration
@@ -176,11 +170,9 @@
on per user settings can be found in policyd-spf.peruser(5).
.SH "OPTIONS"
-.IX Header "OPTIONS"
\X'ps:'\c
.br
.SH "LOGGING"
-.IX Header "LOGGING"
"debugLevel" controls the amount of information logged by the policy server.
@@ -216,7 +208,6 @@
debugLevel = 1
.SH "TEST OPERATION"
-.IX Header "TEST OPERATION"
The policy server can operate in a test only mode. This allows you to see the
potential impact of SPF checking in your mail logs without rejecting mail.
@@ -231,7 +222,6 @@
TestOnly = 1
.SH "HELO/EHLO CHECKING"
-.IX Header "HELO/EHLO CHECKING"
HELO check rejection policy options are:
@@ -274,7 +264,6 @@
HELO_reject = Fail
.SH "HELO/EHLO PASS RESTRICTION"
-.IX Header "HELO/EHLO PASS RESTRICTION"
HELO Pass Restriction allows integration with other Postfix access
controls by provding a user supplied name of a postfix access
@@ -296,7 +285,6 @@
None
.SH "Mail From CHECKING"
-.IX Header "Mail From CHECKING"
Mail From rejection policy options are:
@@ -328,7 +316,6 @@
Mail_From_reject = Fail
.SH "Mail From PASS RESTRICTION"
-.IX Header "Mail From PASS RESTRICTION"
Mail From Pass Restriction allows integration with other Postfix access
contlols by provding a user supplied name of a postfix access
@@ -349,7 +336,6 @@
None
.SH "Limit Rejections To Domains That Send No Mail"
-.IX Header "Limit Rejections To Domains That Send No Mail"
No_Mail - Only reject when SPF indicates the host/domain sends no mail. This
option will only cause mail to be rejected if the HELO/Mail From record is
@@ -362,7 +348,6 @@
No_Mail = False
.SH "Domain Specific Receiver Policy"
-.IX Header "Domain Specific Receiver Policy"
Using this option, a list of domains can be defined for special processing
when messages do not Pass SPF. This can be useful for commonly spoofed
@@ -380,7 +365,6 @@
None
.SH "Permanent Error Processing"
-.IX Header "Permanent Error Processing"
Policy for rejecting due to SPF PermError options are:
@@ -400,7 +384,6 @@
PermError_reject = False
.SH "Temporary Error Processing"
-.IX Header "Temporary Error Processing"
Policy for deferring messages due to SPF TempError options are:
@@ -425,7 +408,6 @@
TempError_Defer = False
.SH "Prospective SPF Check"
-.IX Header "Prospective SPF Check"
Prospective SPF checking - Check to see if mail sent from the defined IP
address would pass. This is useful for outbound MTAs to avoid sending mail that
@@ -440,7 +422,6 @@
None
.SH "LOCAL SPF BYPASS LIST"
-.IX Header "LOCAL SPF BYPASS LIST"
Do not check SPF for localhost addresses - add to skip addresses to skip SPF
for internal networks if desired. Defaults are standard IPv4 and IPv6 localhost
@@ -454,7 +435,6 @@
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
.SH "SPF IP WHITELIST"
-.IX Header "SPF IP WHITELIST"
A comma separated CIDR Notation list of IP addresses to skip SPF checks for.
Use this list to whitelist trusted relays (such as a secondary MX and
@@ -471,7 +451,6 @@
None
.SH "SPF HELO WHITELIST"
-.IX Header "SPF HELO WHITELIST"
A comma separated HELO/EHLO host names to skip SPF checks for. Use this list
to whitelist trusted relays (such as a secondary MX and trusted forwarders) or
@@ -494,7 +473,6 @@
None
.SH "SPF DOMAIN WHITELIST"
-.IX Header "SPF DOMAIN WHITELIST"
Domain_Whitelist: List of domains whose sending IPs should be whitelisted from
SPF checks. Use this to list trusted forwarders by domain name. Client IP
@@ -515,7 +493,6 @@
None
.SH "PTR DOMAIN WHITELIST"
-.IX Header "PTR DOMAIN WHITELIST"
Domain_Whitelist_PTR: List of domains (and subdomains) whose sending IPs
should be whitelisted from SPF checks based on PTR match of the domain. Use
@@ -539,7 +516,6 @@
None
.SH "SPF ENHANCED STATUS CODES"
-.IX Header "SPF ENHANCED STATUS CODES
By default, Postfix will use the 4/5.7.1 enhanced status code for defer/reject
actions from the policy server (originally defined in RFC 1893, RFC 3463 is
@@ -557,7 +533,6 @@
Yes
.SH "RESULTS HEADER"
-.IX Header "RESULTS HEADER"
The standard method for documenting SPF results in a message (for consumption
by downstream processes) is the Received-SPF header defined in RFC 7208. This
@@ -584,7 +559,6 @@
SPF
.SH "HIDE RCPT TO IN RESULTS HEADER"
-.IX Header "HIDE RCPT TO IN RESULTS HEADER"
Both Received-SPF and Authentication-Results (AR) header fields include the
receiving (RCPT TO) address. In this application, it will always be the first
@@ -613,7 +587,6 @@
True
.SH "Authentications Results Authentication Identifier"
-.IX Header "Authentications Results Authentication Identifier"
Every Authentication-Results header field has an authentication identifier
field ('Authserv_Id'). This is similar in syntax to a fully-qualified domain
@@ -636,7 +609,6 @@
HOSTNAME
.SH "DNS Timeout Limit"
-.IX Header "DNS Timeout Limit
RFC 7208 recommends an elapsed time limit for SPF checks of at least 20
seconds. Lookup_Time allows the maximum time (seconds) to be adjusted. 20
@@ -654,7 +626,6 @@
20 (seconds)
.SH "Whitelist DNS Timeout Limit"
-.IX Header "Whitelist DNS Timeout Limit
Some of the available whitelisting mechanisms, i.e. Domain_Whitelist,
Domain_Whitelist_PTR, and HELO_Whitelist, require specific non-SPF DNS lookups
@@ -675,7 +646,6 @@
10 (seconds)
.SH "DNS Void Lookup Limit"
-.IX Header "DNS Void Lookup Limit"
RFC 7208 adds a new processing limit called "void lookup limit" (See section
4.6.4). Void lookups are DNS queries within an SPF record for which DNS
queries return either a positive answer (RCODE 0) with an answer count of 0,
@@ -692,7 +662,6 @@
2
.SH "Mock SPF Check To Add Milter Compatibility Header Field"
-.IX Mock SPF Check To Add Milter Compatibility Header Field"
In some versions of postfix, for bizarre Sendmail compatibility reasons, the
first header field added by a policy server is not visible to milters. To
make this easy to work around, set the Mock value to true and a fixed header
@@ -729,7 +698,6 @@
False
.SH "Reason Message"
-.IX Header "Reason Message"
If a message is rejected or deferred because of the SPF policy, a
reason is given for logging and debugging purposes. The String configured
@@ -752,12 +720,10 @@
Reason_Message = Message {rejectdefer} due to: {spf}. Please see {url}
.SH "SEE ALSO"
-.IX Header "SEE ALSO"
man 1 policyd-spf, man 5 policyd-spf.peruser, python-spf,
<http://www.openspf.net>, RFC 7208, RFC 7001, RFC 7372
.SH "AUTHORS"
-.IX Header "AUTHORS"
This version of \fBpolicyd-spf\fR was written by Copyright © 2007-2016,
Scott Kitterman <scott@kitterman.com>. It is derived from Tumgreyspf,
written by Sean Reifschneider, tummy.com, ltd <jafo@tummy.com>. Portions
diff -Nru spf-engine-2.9.0/policyd-spf.peruser.5 spf-engine-2.9.1/policyd-spf.peruser.5
--- spf-engine-2.9.0/policyd-spf.peruser.5 2018-06-10 00:16:27.000000000 -0400
+++ spf-engine-2.9.1/policyd-spf.peruser.5 2019-02-07 21:09:42.000000000 -0500
@@ -127,23 +127,19 @@
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
-.IX Title "policy-spf.peruser 5"
.TH policy-spf.peruser 5
.SH "NAME"
policyd-spf
\-
policyd-spf python per-user configuration
.SH "VERSION"
-.IX Header "VERSION"
2\.0\.0
.SH "USAGE"
-.IX Header "USAGE"
Usage:
policyd-spf [/etc/policyd-spf/policyd-spf.conf]
.SH "OTHER DOCUMENTATION"
-.IX Header "OTHER DOCUMENTATION"
This documentation assumes you have read Postfix's README_FILES/
SMTPD_POLICY_README and are generally familiar with Sender Policy Framework
(SPF). See RFC 7208 for details.
@@ -153,7 +149,6 @@
See man 5 policyd-spf.conf for configuration file information.
.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
python-policyd-spf operates with a default installed configuration file and
set of default configuration options that are used if the configuration file
@@ -168,7 +163,6 @@
supported in the future.
.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
Use of per-user configuration is defined in the application configuration
file with the setting "Per_User". The value of the setting gives the type and
@@ -194,11 +188,9 @@
user table has to be traversed for each message recipient.
.SH "OPTIONS"
-.IX Header "OPTIONS"
\X'ps:'\c
.br
.SH "Text Per-User Configuration File"
-.IX Header "Text"
The text file option is useful for testing and when only a small number of
users require per-user configurations. It is specified in the main
@@ -229,12 +221,10 @@
and the global configuration is used instead.
.SH "SEE ALSO"
-.IX Header "SEE ALSO"
man 1 policyd-spf, man 5 policyd-spf.conf, python-spf,
<http://www.openspf.org>, RFC 7208
.SH "AUTHORS"
-.IX Header "AUTHORS"
This version of \fBpolicyd-spf\fR was written by Copyright © 2007-2016,
Scott Kitterman <scott@kitterman.com>. It is derived from Tumgreyspf,
written by Sean Reifschneider, tummy.com, ltd <jafo@tummy.com>.
diff -Nru spf-engine-2.9.0/README spf-engine-2.9.1/README
--- spf-engine-2.9.0/README 2019-02-01 15:20:32.000000000 -0500
+++ spf-engine-2.9.1/README 2019-10-06 20:16:00.000000000 -0400
@@ -95,9 +95,8 @@
Both a systemd unit file and a sysv init file are provided. Both make
assumptions about defaults being used, e.g. if a non-standard pidfile name is
-used, they will need to be updated. The sysv init file is Debian specific and
-untested, since the developers are not using sysv init. Feedback/patches
-welcome.
+used, they will need to be updated. The sysv init file uses start-stop-deamon
+from Debian. It is not portable to systems without that available.
The pyspf-milter drops priviledges after setup to the user/group specified in
UserID. During initial setup, this system user needs to be manually created.
@@ -105,7 +104,7 @@
[sudo] adduser --system --no-create-home --quiet --disabled-password \
--disabled-login --shell /bin/false --group \
- --home /var/run/pyspf-milter pyspf-milter
+ --home /run/pyspf-milter pyspf-milter
Since /var/run or /run is sometimes on a tempfs, if the PID file directory is
missing, the milter will create it on startup.
@@ -127,7 +126,7 @@
dkimpy-milter. Here's an example configuration line to include in your
sendmail.mc:
-INPUT_MAIL_FILTER(`pyspf-milter', `S=local:/var/run/pyspf-milter/pyspf-milter.sock')dnl
+INPUT_MAIL_FILTER(`pyspf-milter', `S=local:/run/pyspf-milter/pyspf-milter.sock')dnl
Changing the sendmail.mc file requires a Make (to compile it into sendmail.cf)
and a restart of sendmail. Note that S= needs to match the value of Socket in
diff -Nru spf-engine-2.9.0/setup.cfg spf-engine-2.9.1/setup.cfg
--- spf-engine-2.9.0/setup.cfg 2019-02-01 18:58:36.000000000 -0500
+++ spf-engine-2.9.1/setup.cfg 2019-10-06 20:31:42.000000000 -0400
@@ -1,5 +1,4 @@
[egg_info]
-tag_date = 0
tag_build =
-tag_svn_revision = 0
+tag_date = 0
diff -Nru spf-engine-2.9.0/setup.py spf-engine-2.9.1/setup.py
--- spf-engine-2.9.0/setup.py 2019-02-01 18:44:04.000000000 -0500
+++ spf-engine-2.9.1/setup.py 2019-02-01 21:29:44.000000000 -0500
@@ -5,7 +5,7 @@
DESC = """SPF (Sender Policy Framework) processing engine for Postfix policy server and Milter implemented in Python."""
setup(name='spf-engine',
- version='2.9.0',
+ version='2.9.1',
description='SPF processing for Postfix (and Sendmail)',
long_description=DESC,
author='Scott Kitterman',
diff -Nru spf-engine-2.9.0/spf_engine/__init__.py spf-engine-2.9.1/spf_engine/__init__.py
--- spf-engine-2.9.0/spf_engine/__init__.py 2019-01-29 23:33:07.000000000 -0500
+++ spf-engine-2.9.1/spf_engine/__init__.py 2019-10-06 14:15:11.000000000 -0400
@@ -542,7 +542,13 @@
if HELO_reject != 'No_Check':
helo_fake_sender = 'postmaster@' + helo
heloquery = spf.query(i=ip, s=helo_fake_sender, h=helo, querytime=configData.get('Lookup_Time'))
- res = heloquery.check()
+ try:
+ res = heloquery.check()
+ except Exception as e:
+ e = sys.exc_info()
+ exceptionmessage = "Exception: %s, locals: %s" %(e, locals())
+ syslog.syslog("Ouch, caught exc: %s" %exceptionmessage)
+ return(( 'dunno', exceptionmessage, instance_dict, None))
helo_result = [res[0], res[2]]
helo_result.append('helo')
helo_result[0] = helo_result[0].lower()
@@ -565,13 +571,13 @@
action = poss_actions
helo_result.append(action)
if local['local_helo']:
- helo_result[2] = 'Receiver policy for SPF ' + helo_result[0]
+ helo_result[1] = 'Receiver policy for SPF ' + helo_result[0]
if sender == '':
header_sender = '<>'
else:
header_sender = sender
if helo_result[0] == 'None':
- helo_result[2] = "no SPF record"
+ helo_result[1] = "no SPF record"
spfDetail = ('identity=%s; client-ip=%s; helo=%s; envelope-from=%s; receiver=%s '
% (helo_result[2], ip, helo, header_sender, data.get('recipient', '<UNKNOWN>')))
if debugLevel >= 2:
@@ -586,11 +592,11 @@
raise SyntaxError('Authserv_Id not set for authentication results header - invalid configuration.')
header += str(authres.AuthenticationResultsHeader(authserv_id = configData.get('Authserv_Id'),
results = [authres.SPFAuthenticationResult(result = helo_result[0],
- result_comment = helo_result[2],
+ result_comment = helo_result[1],
smtp_helo = helo, smtp_helo_comment =
'client-ip={0}; helo={1}; envelope-from={2}; receiver={3}'.format(ip, helo, header_sender, data.get('recipient', '<UNKNOWN>')))]))
else:
- header = 'Received-SPF: '+ helo_result[0] + ' (' + helo_result[2] +') ' + spfDetail
+ header = 'Received-SPF: '+ helo_result[0] + ' (' + helo_result[1] +') ' + spfDetail
if helo_result[3] != 'reject' and helo_result[3] != 'defer':
helo_result.append(header)
helo_result.append(helo_result[3])
@@ -640,7 +646,13 @@
else:
if Mail_From_reject != 'No_Check':
mfromquery = spf.query(i=ip, s=sender, h=helo, querytime=configData.get('Lookup_Time'))
- mres = mfromquery.check()
+ try:
+ mres = mfromquery.check()
+ except Exception as e:
+ e = sys.exc_info()
+ exceptionmessage = "Exception: %s, locals: %s" %(e, locals())
+ syslog.syslog("Ouch, caught exc: %s" %exceptionmessage)
+ return(( 'dunno', exceptionmessage, instance_dict, None))
mfrom_result = [mres[0], mres[2]]
mfrom_result.append('mailfrom')
mfrom_result[0] = mfrom_result[0].lower()
@@ -679,7 +691,7 @@
raise SyntaxError('Authserv_Id not set for authentication results header - invalid configuration.')
header += str(authres.AuthenticationResultsHeader(authserv_id = configData.get('Authserv_Id'),
results = [authres.SPFAuthenticationResult(result = mfrom_result[0],
- result_comment = mfrom_result[2],
+ result_comment = mfrom_result[1],
smtp_mailfrom = spf.split_email(sender,'example.com')[1], smtp_mailfrom_comment =
'client-ip={0}; helo={1}; envelope-from={2}; receiver={3}'.format(ip, helo, sender, data.get('recipient', '<UNKNOWN>')))]))
else:
diff -Nru spf-engine-2.9.0/spf_engine/milter_spf.py spf-engine-2.9.1/spf_engine/milter_spf.py
--- spf-engine-2.9.0/spf_engine/milter_spf.py 2019-02-01 18:31:02.000000000 -0500
+++ spf-engine-2.9.1/spf_engine/milter_spf.py 2019-02-01 21:30:24.000000000 -0500
@@ -40,7 +40,7 @@
from spf_engine.util import own_socketfile
from spf_engine.util import fold
-__version__ = "2.9.0"
+__version__ = "2.9.1"
FWS = re.compile(r'\r?\n[ \t]+')
diff -Nru spf-engine-2.9.0/spf_engine/policyd_spf.py spf-engine-2.9.1/spf_engine/policyd_spf.py
--- spf-engine-2.9.0/spf_engine/policyd_spf.py 2019-01-31 23:10:23.000000000 -0500
+++ spf-engine-2.9.1/spf_engine/policyd_spf.py 2019-02-01 21:30:04.000000000 -0500
@@ -24,7 +24,7 @@
'''
def main():
- __version__ = "2.9.0"
+ __version__ = "2.9.1"
import syslog
import os
diff -Nru spf-engine-2.9.0/spf_engine/policydspfsupp.py spf-engine-2.9.1/spf_engine/policydspfsupp.py
--- spf-engine-2.9.0/spf_engine/policydspfsupp.py 2019-02-01 18:24:58.000000000 -0500
+++ spf-engine-2.9.1/spf_engine/policydspfsupp.py 2019-02-01 21:34:50.000000000 -0500
@@ -47,8 +47,8 @@
'No_Mail' : False,
'Mock' : False,
# For milter front end
- 'Socket': 'local:/var/run/pyspf-milter/pyspf-milter.sock',
- 'PidFile': '/var/run/pyspf-milter/pyspf-milter.pid',
+ 'Socket': 'local:/run/pyspf-milter/pyspf-milter.sock',
+ 'PidFile': '/run/pyspf-milter/pyspf-milter.pid',
'UserID': 'pyspf-milter',
'UMask': 7,
'InternalHosts': '127.0.0.1',
diff -Nru spf-engine-2.9.0/spf_engine.egg-info/PKG-INFO spf-engine-2.9.1/spf_engine.egg-info/PKG-INFO
--- spf-engine-2.9.0/spf_engine.egg-info/PKG-INFO 2019-02-01 18:58:35.000000000 -0500
+++ spf-engine-2.9.1/spf_engine.egg-info/PKG-INFO 2019-10-06 20:31:42.000000000 -0400
@@ -1,6 +1,6 @@
-Metadata-Version: 1.1
+Metadata-Version: 2.1
Name: spf-engine
-Version: 2.9.0
+Version: 2.9.1
Summary: SPF processing for Postfix (and Sendmail)
Home-page: https://launchpad.net/spf-engine
Author: Scott Kitterman
@@ -18,3 +18,4 @@
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Communications :: Email :: Mail Transport Agents
Classifier: Topic :: Communications :: Email :: Filters
+Provides-Extra: milter
diff -Nru spf-engine-2.9.0/spf_engine.egg-info/requires.txt spf-engine-2.9.1/spf_engine.egg-info/requires.txt
--- spf-engine-2.9.0/spf_engine.egg-info/requires.txt 2019-02-01 18:58:35.000000000 -0500
+++ spf-engine-2.9.1/spf_engine.egg-info/requires.txt 2019-10-06 20:31:42.000000000 -0400
@@ -1,5 +1,5 @@
pyspf
[milter]
+authres
pymilter
-authres
\ No newline at end of file
diff -Nru spf-engine-2.9.0/system/pyspf-milter spf-engine-2.9.1/system/pyspf-milter
--- spf-engine-2.9.0/system/pyspf-milter 2019-02-01 15:06:15.000000000 -0500
+++ spf-engine-2.9.1/system/pyspf-milter 2019-10-06 03:10:14.000000000 -0400
@@ -20,9 +20,9 @@
### END INIT INFO
prefix="/usr/local"
exec_prefix=${prefix}
-sysconfdir="/etc/pyspf-milter"
+sysconfdir="/usr/local/etc"
bindir="${exec_prefix}/bin/"
-RUNDIR="/var/run/pyspf-milter"
+RUNDIR="/run/pyspf-milter"
DAEMON=${bindir}/pyspf-milter
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:
NAME=pyspf-milter
@@ -35,8 +35,8 @@
# Include pyspf-python defaults if available
# Typically not used
-if [ -f /etc/default/pyspf-milter ] ; then
- . /etc/default/pyspf-milter
+if [ -f $sysconfdir/default/$NAME ] ; then
+ . $sysconfdir/default/$NAME
fi
set -e
@@ -67,14 +67,14 @@
fi
fi
fi
-
- start-stop-daemon --start --quiet --pidfile $RUNDIR/$NAME.pid --startas \
- $DAEMON $sysconfdir/$NAME.conf --name $NAME --test > /dev/null \
+ start-stop-daemon --start --background --quiet --pidfile \
+ $RUNDIR/$NAME.pid --exec $DAEMON $sysconfdir/$NAME.conf
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
if [ -f $RUNDIR/$NAME.pid ]; then
+ chown root:root $RUNDIR/$NAME.pid
start-stop-daemon --stop --pidfile $RUNDIR/$NAME.pid
rm $RUNDIR/$NAME.pid
#echo $SOCKET
@@ -87,6 +87,7 @@
force-reload)
echo -n "Force reloading $DESC: "
if [ -f $RUNDIR/$NAME.pid ]; then
+ chown root:root $RUNDIR/$NAME.pid
start-stop-daemon --stop --pidfile $RUNDIR/$NAME.pid
rm $RUNDIR/$NAME.pid
#echo $SOCKET
@@ -95,7 +96,7 @@
fi
fi
sleep 1
- start-stop-daemon --start --chuid $USER --background --quiet --pidfile \
+ start-stop-daemon --start --background --quiet --pidfile \
$RUNDIR/$NAME.pid --exec $DAEMON $sysconfdir/$NAME.conf
echo "$NAME."
;;
@@ -103,6 +104,7 @@
echo "Restarting $DESC: "
echo -n "Stopping $DESC: "
if [ -f $RUNDIR/$NAME.pid ]; then
+ chown root:root $RUNDIR/$NAME.pid
start-stop-daemon --stop --pidfile $RUNDIR/$NAME.pid
rm $RUNDIR/$NAME.pid
#echo $SOCKET
@@ -113,12 +115,12 @@
echo "$NAME."
sleep 1
echo -n "Starting $DESC: "
- start-stop-daemon --start --chuid $USER --background --quiet --pidfile \
+ start-stop-daemon --start --background --quiet --pidfile \
$RUNDIR/$NAME.pid --exec $DAEMON $sysconfdir/$NAME.conf
echo "$NAME."
;;
status)
- status_of_proc -p /var/run/dkimpy-milter/dkimpy-milter.pid /usr/local/bin/dkimpy-milter dkimpy-milter
+ status_of_proc -p $RUNDIR/$NAME.pid $DAEMON $NAME
;;
*)
diff -Nru spf-engine-2.9.0/system/pyspf-milter.service spf-engine-2.9.1/system/pyspf-milter.service
--- spf-engine-2.9.0/system/pyspf-milter.service 2019-02-01 01:20:52.000000000 -0500
+++ spf-engine-2.9.1/system/pyspf-milter.service 2019-02-01 21:35:24.000000000 -0500
@@ -5,7 +5,7 @@
[Service]
Type=simple
-PIDFile=/var/run/pyspf-milter/pyspf-milter.pid
+PIDFile=/run/pyspf-milter/pyspf-milter.pid
ExecStart=/usr/local/bin/pyspf-milter /usr/local/etc/pyspf-milter.conf
[Install]
--- End Message ---