ports/123544: New port: mail/postfix-postfwd A postfix firewall policy daemon

Sahil Tandon sahil at tandon.net
Fri May 9 05:50:01 UTC 2008


>Number:         123544
>Category:       ports
>Synopsis:       New port: mail/postfix-postfwd A postfix firewall policy daemon
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 09 05:50:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Sahil Tandon
>Release:        FreeBSD 6.1-RELEASE
>Organization:
>Environment:
FreeBSD bulwark.hamla.org 6.1-RELEASE-p17-jc1 FreeBSD 6.1-RELEASE-p17-jc1 #2: Fri Jun  8 12:56:07 PDT 2007     user at jail19.johncompanies.com:/usr/obj/usr/src/sys/jail19  i386
>Description:
The program uses the postfix policy delegation protocol to control access to 
the mail system before a message has been accepted (please visit 
http://www.postfix.org/SMTPD_POLICY_README.html for more information). It 
allows you to choose an action (e.g. reject, dunno) for a combination of 
several smtp parameters (like sender and recipient address, size or the 
client's TLS fingerprint).

WWW:    http://www.postfwd.org/

>How-To-Repeat:

>Fix:
The output of shar (piped to a .txt file) is attached.  Output of portlint (just for reference, in case the .txt is mangled by the web form):

bulwark# portlint postfix-postfwd
WARN: Makefile: only one MASTER_SITE configured.  Consider adding additional mirrors.
0 fatal errors and 1 warning found.

Patch attached with submission follows:

# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	postfix-postfwd
#	postfix-postfwd/Makefile
#	postfix-postfwd/files
#	postfix-postfwd/files/postfwd.in
#	postfix-postfwd/files/pkg-message.in
#	postfix-postfwd/pkg-plist
#	postfix-postfwd/pkg-descr
#	postfix-postfwd/distinfo
#
echo c - postfix-postfwd
mkdir -p postfix-postfwd > /dev/null 2>&1
echo x - postfix-postfwd/Makefile
sed 's/^X//' >postfix-postfwd/Makefile << 'END-of-postfix-postfwd/Makefile'
X# New ports collection makefile for:	postfwd
X# Date created:				8 May 2008
X# Whom:					Sahil Tandon <sahil at tandon.net>
X#
X# $FreeBSD$
X#
X
XPORTNAME=	postfwd
XPORTVERSION=	1.10p.7b
XCATEGORIES=	mail
XMASTER_SITES=   http://www.postfwd.org/old/
XPKGNAMEPREFIX=	postfix-
XDISTNAME=	postfwd-1.10pre7b
X
XMAINTAINER=	sahil at tandon.net
XCOMMENT=	A postfix firewall policy daemon
X
XRUN_DEPENDS=	${SITE_PERL}/Net/DNS/Async.pm:${PORTSDIR}/dns/p5-Net-DNS-Async \
X		${SITE_PERL}/Net/CIDR/Lite.pm:${PORTSDIR}/net/p5-Net-CIDR-Lite \
X		${SITE_PERL}/IO/Multiplex.pm:${PORTSDIR}/devel/p5-IO-Multiplex
X
XSUB_FILES=	pkg-message
X
XUSE_RC_SUBR=	postfwd
XUSE_PERL5_RUN=	yes
XNO_BUILD=       yes
X
XMAN1=		postfwd.1
X
X.include <bsd.port.pre.mk>
X
Xdo-install:
X	${INSTALL_SCRIPT} ${WRKSRC}/sbin/${PORTNAME} ${PREFIX}/bin/
X	${INSTALL_DATA} ${WRKSRC}/etc/${PORTNAME}.cf ${PREFIX}/etc/${PORTNAME}.conf.sample
X	@${MKDIR} ${PREFIX}/man/man1
X	${INSTALL_MAN} ${WRKSRC}/man/man1/${MAN1} ${PREFIX}/man/man1/
X
Xpost-install:
X.if !defined(NOPORTDOCS)
X	${MKDIR} ${DOCSDIR}
X	(cd ${WRKSRC}/doc/ && ${COPYTREE_SHARE} \* ${DOCSDIR})
X	${MKDIR} ${EXAMPLESDIR}
X	${INSTALL_DATA} ${WRKSRC}/bin/postfwd-rblcheck.pl ${EXAMPLESDIR}
X	${INSTALL_DATA} ${WRKSRC}/tools/request.sample ${EXAMPLESDIR}
X.endif
X	@${CAT} ${PKGMESSAGE}
X
X.include <bsd.port.post.mk>
END-of-postfix-postfwd/Makefile
echo c - postfix-postfwd/files
mkdir -p postfix-postfwd/files > /dev/null 2>&1
echo x - postfix-postfwd/files/postfwd.in
sed 's/^X//' >postfix-postfwd/files/postfwd.in << 'END-of-postfix-postfwd/files/postfwd.in'
X#!/bin/sh
X
X# PROVIDE: postfwd 
X# REQUIRE: LOGIN cleanvar
X# KEYWORD: shutdown
X#
X# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
X# to enable this service:
X#
X# postfwd_enable (bool):   
X#	Set to "NO" by default.
X#               Set it to "YES" to enable postfwd.
X# postfwd_config (path):   Set to %%PREFIX%%/etc/postfwd.conf
X#               by default.
X#
X
X. %%RC_SUBR%%
X
Xname=postfwd
Xrcvar=${name}_enable
X
Xcommand=%%PREFIX%%/bin/${name}
Xrequired_files=%%PREFIX%%/etc/${name}.conf
Xpidfile="/var/run/${name}.pid"
X
Xstop_postcmd=stop_postcmd
X
Xstop_postcmd()
X{
X  rm -f $pidfile
X}
X
Xload_rc_config "$name"
X
Xcase "$postfwd_enable" in
X    [Yy][Ee][Ss] | 1 | [Oo][Nn] | [Tt][Rr][Uu][Ee]) ;;
X    *) echo "To make use of $name you must first set $rcvar=\"YES\" in /etc/rc.conf" ;;
Xesac
X
X: ${postfwd_enable="NO"}
X: ${postfwd_config="%%PREFIX%%/etc/${name}.conf"}
X
Xcommand_args="-d -f ${required_files} -i 127.0.0.1 -p 10040 -u nobody -g nobody -S"
X
Xrun_rc_command "$1"
END-of-postfix-postfwd/files/postfwd.in
echo x - postfix-postfwd/files/pkg-message.in
sed 's/^X//' >postfix-postfwd/files/pkg-message.in << 'END-of-postfix-postfwd/files/pkg-message.in'
X*************
X* Start postfwd with:
X
X# %%PREFIX%%/bin/postfwd start
X
X* Integrate thusly in: %%PREFIX%%/etc/postfix/main.cf
X
X127.0.0.1:10040_time_limit   = 3600
X
Xsmtpd_recipient_restrictions = 
X	...
X	permit_mynetworks
X	...
X	reject_unauth_destination
X	reject_unauth_pipelining
X	check_policy_service inet:127.0.0.1:10040
X	...
X
X* NOTE: specify check_policy_service AFTER reject_unauth_destination
X* or else your system can become an open relay.
X*
X* CONFIGURATION:
X*
X* Create and edit %%PREFIX%%/etc/postfwd.conf
X* An example is provided in %%PREFIX%%/etc/postfwd.conf.sample
X*
X*************
END-of-postfix-postfwd/files/pkg-message.in
echo x - postfix-postfwd/pkg-plist
sed 's/^X//' >postfix-postfwd/pkg-plist << 'END-of-postfix-postfwd/pkg-plist'
Xbin/postfwd
Xetc/postfwd.conf.sample
X%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG
X%%PORTDOCS%%%%DOCSDIR%%/LICENSE
X%%PORTDOCS%%%%DOCSDIR%%/postfwd.html
X%%PORTDOCS%%%%DOCSDIR%%/postfwd.txt
X%%PORTDOCS%%%%EXAMPLESDIR%%/postfwd-rblcheck.pl
X%%PORTDOCS%%%%EXAMPLESDIR%%/request.sample
X%%PORTDOCS%%@dirrm %%EXAMPLESDIR%%
X%%PORTDOCS%%@dirrm %%DOCSDIR%%
END-of-postfix-postfwd/pkg-plist
echo x - postfix-postfwd/pkg-descr
sed 's/^X//' >postfix-postfwd/pkg-descr << 'END-of-postfix-postfwd/pkg-descr'
XThe program uses the postfix policy delegation protocol to control access to 
Xthe mail system before a message has been accepted (please visit 
Xhttp://www.postfix.org/SMTPD_POLICY_README.html for more information). It 
Xallows you to choose an action (e.g. reject, dunno) for a combination of 
Xseveral smtp parameters (like sender and recipient address, size or the 
Xclient's TLS fingerprint).
X
XWWW:	http://www.postfwd.org/
END-of-postfix-postfwd/pkg-descr
echo x - postfix-postfwd/distinfo
sed 's/^X//' >postfix-postfwd/distinfo << 'END-of-postfix-postfwd/distinfo'
XMD5 (postfwd-1.10pre7b.tar.gz) = 6ae4a3f7b7748ff20dc8ec915f76c4e9
XSHA256 (postfwd-1.10pre7b.tar.gz) = e8213518032061f6a85dcd54846f487d78e1f9886ef950dfc95456de1de0c70a
XSIZE (postfwd-1.10pre7b.tar.gz) = 81798
END-of-postfix-postfwd/distinfo
exit



>Release-Note:
>Audit-Trail:
>Unformatted:



More information about the freebsd-ports-bugs mailing list