ports/103490: mail/dk-milter to run as a non-privileged user and support for postfix
Hirohisa Yamaguchi
umq at ueo.co.jp
Fri Sep 22 15:50:15 UTC 2006
>Number: 103490
>Category: ports
>Synopsis: mail/dk-milter to run as a non-privileged process and support for postfix
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Sep 22 15:50:14 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Hirohisa Yamaguchi
>Release: FreeBSD 7.0-CURRENT amd64
>Organization:
<organization of PR author (multiple lines)>
>Environment:
System: FreeBSD calliope.****.org 7.0-CURRENT FreeBSD 7.0-CURRENT #2: Fri Sep 1 13:15:27 JST 2006 root at calliope.****.org:/usr/obj/usr/src/sys/CALLIOPE64 amd64
>Description:
As postfix 2.3 supports milter, I wrote a patch to make the port work with postfix.
The patch includes:
* a patch (from dkim-milter) to fix `delayed queue ID' problem
http://sourceforge.net/tracker/index.php?func=detail&aid=1514447&group_id=110311&atid=656974
* new switch WITH_POSTFIX_MILTER
* assign a new user `dkfilter' to run the milter as a non-priviledged process
# almost the same as: ports/103404, ports/103417 for mail/dkim-milter
>How-To-Repeat:
N/A
>Fix:
the patch follows:
diff -Nbpru ports.orig/mail/dk-milter/Makefile ports/mail/dk-milter/Makefile
--- ports.orig/mail/dk-milter/Makefile Sun Sep 17 23:57:21 2006
+++ ports/mail/dk-milter/Makefile Sat Sep 23 00:28:57 2006
@@ -7,7 +7,7 @@
PORTNAME= dk-milter
PORTVERSION= 0.4.1
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= mail
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= dk-milter
@@ -17,6 +17,12 @@ COMMENT= Domainkeys milter for Sendmail
USE_RC_SUBR= milter-dk.sh
+.if defined(WITH_POSTFIX_MILTER)
+SENDMAIL_MILTER_IN_BASE= yes
+RUN_DEPENDS+= postfix>=2[3-9]*:${PORTSDIR}/mail/postfix
+PKGMESSAGE= pkg-message.postfix
+.endif
+
.if !defined(SENDMAIL_MILTER_IN_BASE)
.if defined(SENDMAIL_WITH_SHARED_MILTER)
LIB_DEPENDS+= milter.3:${PORTSDIR}/mail/${SENDMAIL_MILTER_PORT}
@@ -71,6 +77,7 @@ post-install:
${INSTALL_DATA} ${WRKSRC}/${i} ${DOCSDIR}/
.endfor
.endif
+ @${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
@${CAT} ${PKGMESSAGE}
.include <bsd.port.post.mk>
diff -Nbpru ports.orig/mail/dk-milter/files/milter-dk.sh.in ports/mail/dk-milter/files/milter-dk.sh.in
--- ports.orig/mail/dk-milter/files/milter-dk.sh.in Wed Jul 12 17:09:13 2006
+++ ports/mail/dk-milter/files/milter-dk.sh.in Sat Sep 23 00:17:09 2006
@@ -15,6 +15,7 @@
#
# milterdk_enable (bool): Set to "NO" by default.
# Set it to "YES" to enable dk-milter
+# milterdk_uid (str): Set username to run milter.
# milterdk_profiles (list): Set to "" by default.
# Define your profiles here.
# milterdk_socket (str): Path to the milter socket.
@@ -37,24 +38,25 @@ load_rc_config $name
# DO NOT CHANGE THESE DEFAULT VALUES HERE
#
milterdk_enable=${milterdk_enable:-"NO"}
+milterdk_uid=${milterdk_uid:-"dkfilter"}
milterdk_profiles=${milterdk_profiles:-}
milterdk_socket=${milterdk_socket:-"local:/var/run/dk-filter"}
milterdk_domain=${milterdk_domain:-"example.com"}
milterdk_key=${milterdk_key:-"/var/db/domainkeys/default.key.pem"}
milterdk_selector=${milterdk_selector:-"default"}
-milterdk_flags=${milterdk_flags:-"-d ${milterdk_domain} -c nofws -H -m MSA \
--s ${milterdk_key} -S ${milterdk_selector}"}
+## milterdk_flags expands escaped variables later.
+milterdk_flags=${milterdk_flags:-'-d ${milterdk_domain} -c nofws -H -m MSA -s ${milterdk_key} -S ${milterdk_selector}'}
start_precmd="dk_prepcmd"
-stop_postcmd="dk_prepcmd"
+stop_postcmd="dk_postcmd"
command="%%PREFIX%%/libexec/dk-filter"
-_pidprefix="/var/run/dk-filter"
-pidfile="${_pidprefix}.pid"
+_piddir="/var/run/milterdk"
+pidfile="${_piddir}/pid"
if [ -n "$2" ]; then
profile="$2"
if [ "x${milterdk_profiles}" != "x" ]; then
- pidfile="${_pidprefix}.${profile}.pid"
+ pidfile="${_piddir}/${profile}.pid"
eval milterdk_enable="\${milterdk_${profile}_enable:-${milterdk_enable}}"
eval milterdk_socket="\${milterdk_${profile}_socket:-}"
if [ "x${milterdk_socket}" = "x" ];then
@@ -64,7 +66,7 @@ if [ -n "$2" ]; then
eval milterdk_domain="\${milterdk_${profile}_domain:-${milterdk_domain}}"
eval milterdk_key="\${milterdk_${profile}_key:-${milterdk_key}}"
eval milterdk_flags="\${milterdk_${profile}_flags:-${milterdk_flags}}"
- command_args="-l -p ${milterdk_socket} -P ${pidfile}"
+ command_args="-l -p ${milterdk_socket} -u ${milterdk_uid} -P ${pidfile}"
else
echo "$0: extra argument ignored"
fi
@@ -87,7 +89,7 @@ else
fi
else
milterdk_flags=${milterdk_flags}
- command_args="-l -p ${milterdk_socket} -P ${pidfile}"
+ command_args="-l -p ${milterdk_socket} -u ${milterdk_uid} -P ${pidfile}"
fi
fi
@@ -98,6 +100,24 @@ dk_prepcmd ()
elif [ -S ${milterdk_socket##unix:} ] ; then
rm -f ${milterdk_socket##unix:}
fi
+ if [ -d ${_piddir} ] ; then
+ return;
+ fi
+ mkdir -p ${_piddir}
+ if [ -n "${milterdk_uid}" ] ; then
+ chown ${milterdk_uid} ${_piddir}
+ fi
+}
+
+dk_postcmd()
+{
+ if [ -S ${milterdk_socket##local:} ] ; then
+ rm -f ${milterdk_socket##local:}
+ elif [ -S ${milterdk_socket##unix:} ] ; then
+ rm -f ${milterdk_socket##unix:}
+ fi
+ # just if the directory is empty
+ rmdir ${_piddir} > /dev/null 2>&1
}
run_rc_command "$1"
diff -Nbpru ports.orig/mail/dk-milter/files/patch-vendor-postfix ports/mail/dk-milter/files/patch-vendor-postfix
--- ports.orig/mail/dk-milter/files/patch-vendor-postfix Sun Sep 17 23:57:21 2006
+++ ports/mail/dk-milter/files/patch-vendor-postfix Fri Sep 22 23:23:21 2006
@@ -1,12 +1,22 @@
-Index: dk-filter/dk-filter.c
-===================================================================
-RCS file: /cvs/dk-filter/dk-filter.c,v
-retrieving revision 1.158
-retrieving revision 1.159
-diff -u -r1.158 -r1.159
--- dk-filter/dk-filter.c 19 May 2006 21:42:05 -0000 1.158
-+++ dk-filter/dk-filter.c 26 Jun 2006 19:41:23 -0000 1.159
-@@ -1625,6 +1625,8 @@
++++ dk-filter/dk-filter.c 31 Aug 2006 21:37:17 -0000
+@@ -1582,15 +1582,7 @@
+
+ dfc->mctx_jobid = smfi_getsymval(ctx, "i");
+ if (dfc->mctx_jobid == NULL)
+- {
+- if (no_i_whine && dolog)
+- {
+- syslog(LOG_WARNING,
+- "WARNING: sendmail symbol 'i' not available");
+- no_i_whine = FALSE;
+- }
+ dfc->mctx_jobid = JOBIDUNKNOWN;
+- }
+
+ #if _FFR_REQUIRED_HEADERS
+ /* if requested, verify RFC2822-required headers */
+@@ -1625,6 +1617,8 @@
}
#endif /* _FFR_REQUIRED_HEADERS */
@@ -15,7 +25,7 @@ diff -u -r1.158 -r1.159
/* find the Sender: or From: header */
memset(addr, '\0', sizeof addr);
from = dkf_findheader(dfc, "Sender", 0);
-@@ -1639,7 +1641,8 @@
+@@ -1639,7 +1633,8 @@
dfc->mctx_jobid);
}
@@ -25,7 +35,7 @@ diff -u -r1.158 -r1.159
dfc->mctx_headeronly = TRUE;
dfc->mctx_status = DKF_STATUS_BADFORMAT;
return SMFIS_CONTINUE;
-@@ -1669,7 +1672,6 @@
+@@ -1669,7 +1664,6 @@
originok = FALSE;
/* is it a domain we sign for? */
@@ -33,6 +43,33 @@ diff -u -r1.158 -r1.159
if (!msgsigned && domains != NULL && dfc->mctx_domain != NULL)
{
int n;
+@@ -2075,6 +2069,26 @@
+ assert(cc != NULL);
+ dfc = cc->cctx_msg;
+ assert(dfc != NULL);
++
++ /*
++ ** If necessary, try again to get the job ID in case it came down
++ ** later than expected (e.g. postfix).
++ */
++
++ if (dfc->mctx_jobid == JOBIDUNKNOWN)
++ {
++ dfc->mctx_jobid = smfi_getsymval(ctx, "i");
++ if (dfc->mctx_jobid == NULL)
++ {
++ if (no_i_whine && dolog)
++ {
++ syslog(LOG_WARNING,
++ "WARNING: sendmail symbol 'i' not available");
++ no_i_whine = FALSE;
++ }
++ dfc->mctx_jobid = JOBIDUNKNOWN;
++ }
++ }
+
+ /* get hostname; used in the X header and in new MIME boundaries */
+ hostname = smfi_getsymval(ctx, "j");
Index: libdk/dk.c
===================================================================
RCS file: /cvs/libdk/dk.c,v
diff -Nbpru ports.orig/mail/dk-milter/pkg-install ports/mail/dk-milter/pkg-install
--- ports.orig/mail/dk-milter/pkg-install Thu Jan 1 09:00:00 1970
+++ ports/mail/dk-milter/pkg-install Fri Sep 22 23:30:11 2006
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+if [ "$2" != "POST-INSTALL" ]
+then
+ exit 0;
+fi
+
+# check if dkfilter user exists
+pw user show dkfilter > /dev/null 2>&1
+
+if [ $? != 0 ]
+then
+ echo "===> Adding user dkfilter"
+ pw useradd dkfilter -c "milter-dk" -s /sbin/nologin \
+ -d /nonexistent
+else
+ echo "===> Using existing user dkfilter"
+fi
diff -Nbpru ports.orig/mail/dk-milter/pkg-message ports/mail/dk-milter/pkg-message
--- ports.orig/mail/dk-milter/pkg-message Tue Jan 17 23:10:08 2006
+++ ports/mail/dk-milter/pkg-message Sat Sep 23 00:22:44 2006
@@ -3,7 +3,7 @@
In order to run this port, please add the following lines to
/etc/mail/<your_configuration>.mc:
-INPUT_MAIL_FILTER(`dk-filter', `S=unix:/var/run/dk-filter, F=T, T=R:2m')
+INPUT_MAIL_FILTER(`dk-filter', `S=unix:/var/run/milterdk/filter, F=T, T=R:2m')
define(`confMILTER_MACROS_CONNECT', `j, {daemon_name}')
define(`confMILTER_MACROS_ENVFROM', `i, {auth_type}')
diff -Nbpru ports.orig/mail/dk-milter/pkg-message.postfix ports/mail/dk-milter/pkg-message.postfix
--- ports.orig/mail/dk-milter/pkg-message.postfix Thu Jan 1 09:00:00 1970
+++ ports/mail/dk-milter/pkg-message.postfix Sat Sep 23 00:25:35 2006
@@ -0,0 +1,12 @@
+************************************************************************
+
+In order to run this port, please add the following lines to
+${PREFIX}/etc/postfix/main.cf:
+
+smtpd_milters = unix:/var/run/milterdk/filter
+
+And to run the milter from startup, add milterdk_enable="YES" in
+your /etc/rc.conf.
+Extra options can be found in startup script.
+
+************************************************************************
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list