Date: Sat, 23 Sep 2006 00:44:34 +0900 From: Hirohisa Yamaguchi <umq@ueo.co.jp> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/103490: mail/dk-milter to run as a non-privileged user and support for postfix Message-ID: <86psdnhpnh.wl%umq@ueo.co.jp> Resent-Message-ID: <200609221550.k8MFoE6f003659@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 103490 >Category: ports >Synopsis: mail/dk-milter to run as a non-privileged process and support for postfix >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Sep 22 15:50:14 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Hirohisa Yamaguchi >Release: FreeBSD 7.0-CURRENT amd64 >Organization: <organization of PR author (multiple lines)> >Environment: System: FreeBSD calliope.****.org 7.0-CURRENT FreeBSD 7.0-CURRENT #2: Fri Sep 1 13:15:27 JST 2006 root@calliope.****.org:/usr/obj/usr/src/sys/CALLIOPE64 amd64 >Description: As postfix 2.3 supports milter, I wrote a patch to make the port work with postfix. The patch includes: * a patch (from dkim-milter) to fix `delayed queue ID' problem http://sourceforge.net/tracker/index.php?func=detail&aid=1514447&group_id=110311&atid=656974 * new switch WITH_POSTFIX_MILTER * assign a new user `dkfilter' to run the milter as a non-priviledged process # almost the same as: ports/103404, ports/103417 for mail/dkim-milter >How-To-Repeat: N/A >Fix: the patch follows: diff -Nbpru ports.orig/mail/dk-milter/Makefile ports/mail/dk-milter/Makefile --- ports.orig/mail/dk-milter/Makefile Sun Sep 17 23:57:21 2006 +++ ports/mail/dk-milter/Makefile Sat Sep 23 00:28:57 2006 @@ -7,7 +7,7 @@ PORTNAME= dk-milter PORTVERSION= 0.4.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= mail MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= dk-milter @@ -17,6 +17,12 @@ COMMENT= Domainkeys milter for Sendmail USE_RC_SUBR= milter-dk.sh +.if defined(WITH_POSTFIX_MILTER) +SENDMAIL_MILTER_IN_BASE= yes +RUN_DEPENDS+= postfix>=2[3-9]*:${PORTSDIR}/mail/postfix +PKGMESSAGE= pkg-message.postfix +.endif + .if !defined(SENDMAIL_MILTER_IN_BASE) .if defined(SENDMAIL_WITH_SHARED_MILTER) LIB_DEPENDS+= milter.3:${PORTSDIR}/mail/${SENDMAIL_MILTER_PORT} @@ -71,6 +77,7 @@ post-install: ${INSTALL_DATA} ${WRKSRC}/${i} ${DOCSDIR}/ .endfor .endif + @${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL @${CAT} ${PKGMESSAGE} .include <bsd.port.post.mk> diff -Nbpru ports.orig/mail/dk-milter/files/milter-dk.sh.in ports/mail/dk-milter/files/milter-dk.sh.in --- ports.orig/mail/dk-milter/files/milter-dk.sh.in Wed Jul 12 17:09:13 2006 +++ ports/mail/dk-milter/files/milter-dk.sh.in Sat Sep 23 00:17:09 2006 @@ -15,6 +15,7 @@ # # milterdk_enable (bool): Set to "NO" by default. # Set it to "YES" to enable dk-milter +# milterdk_uid (str): Set username to run milter. # milterdk_profiles (list): Set to "" by default. # Define your profiles here. # milterdk_socket (str): Path to the milter socket. @@ -37,24 +38,25 @@ load_rc_config $name # DO NOT CHANGE THESE DEFAULT VALUES HERE # milterdk_enable=${milterdk_enable:-"NO"} +milterdk_uid=${milterdk_uid:-"dkfilter"} milterdk_profiles=${milterdk_profiles:-} milterdk_socket=${milterdk_socket:-"local:/var/run/dk-filter"} milterdk_domain=${milterdk_domain:-"example.com"} milterdk_key=${milterdk_key:-"/var/db/domainkeys/default.key.pem"} milterdk_selector=${milterdk_selector:-"default"} -milterdk_flags=${milterdk_flags:-"-d ${milterdk_domain} -c nofws -H -m MSA \ --s ${milterdk_key} -S ${milterdk_selector}"} +## milterdk_flags expands escaped variables later. +milterdk_flags=${milterdk_flags:-'-d ${milterdk_domain} -c nofws -H -m MSA -s ${milterdk_key} -S ${milterdk_selector}'} start_precmd="dk_prepcmd" -stop_postcmd="dk_prepcmd" +stop_postcmd="dk_postcmd" command="%%PREFIX%%/libexec/dk-filter" -_pidprefix="/var/run/dk-filter" -pidfile="${_pidprefix}.pid" +_piddir="/var/run/milterdk" +pidfile="${_piddir}/pid" if [ -n "$2" ]; then profile="$2" if [ "x${milterdk_profiles}" != "x" ]; then - pidfile="${_pidprefix}.${profile}.pid" + pidfile="${_piddir}/${profile}.pid" eval milterdk_enable="\${milterdk_${profile}_enable:-${milterdk_enable}}" eval milterdk_socket="\${milterdk_${profile}_socket:-}" if [ "x${milterdk_socket}" = "x" ];then @@ -64,7 +66,7 @@ if [ -n "$2" ]; then eval milterdk_domain="\${milterdk_${profile}_domain:-${milterdk_domain}}" eval milterdk_key="\${milterdk_${profile}_key:-${milterdk_key}}" eval milterdk_flags="\${milterdk_${profile}_flags:-${milterdk_flags}}" - command_args="-l -p ${milterdk_socket} -P ${pidfile}" + command_args="-l -p ${milterdk_socket} -u ${milterdk_uid} -P ${pidfile}" else echo "$0: extra argument ignored" fi @@ -87,7 +89,7 @@ else fi else milterdk_flags=${milterdk_flags} - command_args="-l -p ${milterdk_socket} -P ${pidfile}" + command_args="-l -p ${milterdk_socket} -u ${milterdk_uid} -P ${pidfile}" fi fi @@ -98,6 +100,24 @@ dk_prepcmd () elif [ -S ${milterdk_socket##unix:} ] ; then rm -f ${milterdk_socket##unix:} fi + if [ -d ${_piddir} ] ; then + return; + fi + mkdir -p ${_piddir} + if [ -n "${milterdk_uid}" ] ; then + chown ${milterdk_uid} ${_piddir} + fi +} + +dk_postcmd() +{ + if [ -S ${milterdk_socket##local:} ] ; then + rm -f ${milterdk_socket##local:} + elif [ -S ${milterdk_socket##unix:} ] ; then + rm -f ${milterdk_socket##unix:} + fi + # just if the directory is empty + rmdir ${_piddir} > /dev/null 2>&1 } run_rc_command "$1" diff -Nbpru ports.orig/mail/dk-milter/files/patch-vendor-postfix ports/mail/dk-milter/files/patch-vendor-postfix --- ports.orig/mail/dk-milter/files/patch-vendor-postfix Sun Sep 17 23:57:21 2006 +++ ports/mail/dk-milter/files/patch-vendor-postfix Fri Sep 22 23:23:21 2006 @@ -1,12 +1,22 @@ -Index: dk-filter/dk-filter.c -=================================================================== -RCS file: /cvs/dk-filter/dk-filter.c,v -retrieving revision 1.158 -retrieving revision 1.159 -diff -u -r1.158 -r1.159 --- dk-filter/dk-filter.c 19 May 2006 21:42:05 -0000 1.158 -+++ dk-filter/dk-filter.c 26 Jun 2006 19:41:23 -0000 1.159 -@@ -1625,6 +1625,8 @@ ++++ dk-filter/dk-filter.c 31 Aug 2006 21:37:17 -0000 +@@ -1582,15 +1582,7 @@ + + dfc->mctx_jobid = smfi_getsymval(ctx, "i"); + if (dfc->mctx_jobid == NULL) +- { +- if (no_i_whine && dolog) +- { +- syslog(LOG_WARNING, +- "WARNING: sendmail symbol 'i' not available"); +- no_i_whine = FALSE; +- } + dfc->mctx_jobid = JOBIDUNKNOWN; +- } + + #if _FFR_REQUIRED_HEADERS + /* if requested, verify RFC2822-required headers */ +@@ -1625,6 +1617,8 @@ } #endif /* _FFR_REQUIRED_HEADERS */ @@ -15,7 +25,7 @@ diff -u -r1.158 -r1.159 /* find the Sender: or From: header */ memset(addr, '\0', sizeof addr); from = dkf_findheader(dfc, "Sender", 0); -@@ -1639,7 +1641,8 @@ +@@ -1639,7 +1633,8 @@ dfc->mctx_jobid); } @@ -25,7 +35,7 @@ diff -u -r1.158 -r1.159 dfc->mctx_headeronly = TRUE; dfc->mctx_status = DKF_STATUS_BADFORMAT; return SMFIS_CONTINUE; -@@ -1669,7 +1672,6 @@ +@@ -1669,7 +1664,6 @@ originok = FALSE; /* is it a domain we sign for? */ @@ -33,6 +43,33 @@ diff -u -r1.158 -r1.159 if (!msgsigned && domains != NULL && dfc->mctx_domain != NULL) { int n; +@@ -2075,6 +2069,26 @@ + assert(cc != NULL); + dfc = cc->cctx_msg; + assert(dfc != NULL); ++ ++ /* ++ ** If necessary, try again to get the job ID in case it came down ++ ** later than expected (e.g. postfix). ++ */ ++ ++ if (dfc->mctx_jobid == JOBIDUNKNOWN) ++ { ++ dfc->mctx_jobid = smfi_getsymval(ctx, "i"); ++ if (dfc->mctx_jobid == NULL) ++ { ++ if (no_i_whine && dolog) ++ { ++ syslog(LOG_WARNING, ++ "WARNING: sendmail symbol 'i' not available"); ++ no_i_whine = FALSE; ++ } ++ dfc->mctx_jobid = JOBIDUNKNOWN; ++ } ++ } + + /* get hostname; used in the X header and in new MIME boundaries */ + hostname = smfi_getsymval(ctx, "j"); Index: libdk/dk.c =================================================================== RCS file: /cvs/libdk/dk.c,v diff -Nbpru ports.orig/mail/dk-milter/pkg-install ports/mail/dk-milter/pkg-install --- ports.orig/mail/dk-milter/pkg-install Thu Jan 1 09:00:00 1970 +++ ports/mail/dk-milter/pkg-install Fri Sep 22 23:30:11 2006 @@ -0,0 +1,18 @@ +#!/bin/sh + +if [ "$2" != "POST-INSTALL" ] +then + exit 0; +fi + +# check if dkfilter user exists +pw user show dkfilter > /dev/null 2>&1 + +if [ $? != 0 ] +then + echo "===> Adding user dkfilter" + pw useradd dkfilter -c "milter-dk" -s /sbin/nologin \ + -d /nonexistent +else + echo "===> Using existing user dkfilter" +fi diff -Nbpru ports.orig/mail/dk-milter/pkg-message ports/mail/dk-milter/pkg-message --- ports.orig/mail/dk-milter/pkg-message Tue Jan 17 23:10:08 2006 +++ ports/mail/dk-milter/pkg-message Sat Sep 23 00:22:44 2006 @@ -3,7 +3,7 @@ In order to run this port, please add the following lines to /etc/mail/<your_configuration>.mc: -INPUT_MAIL_FILTER(`dk-filter', `S=unix:/var/run/dk-filter, F=T, T=R:2m') +INPUT_MAIL_FILTER(`dk-filter', `S=unix:/var/run/milterdk/filter, F=T, T=R:2m') define(`confMILTER_MACROS_CONNECT', `j, {daemon_name}') define(`confMILTER_MACROS_ENVFROM', `i, {auth_type}') diff -Nbpru ports.orig/mail/dk-milter/pkg-message.postfix ports/mail/dk-milter/pkg-message.postfix --- ports.orig/mail/dk-milter/pkg-message.postfix Thu Jan 1 09:00:00 1970 +++ ports/mail/dk-milter/pkg-message.postfix Sat Sep 23 00:25:35 2006 @@ -0,0 +1,12 @@ +************************************************************************ + +In order to run this port, please add the following lines to +${PREFIX}/etc/postfix/main.cf: + +smtpd_milters = unix:/var/run/milterdk/filter + +And to run the milter from startup, add milterdk_enable="YES" in +your /etc/rc.conf. +Extra options can be found in startup script. + +************************************************************************ >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86psdnhpnh.wl%umq>