[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
user/3714: [PATCH]Improvements to spamd-setup(8) utility
- To: <gnats@openbsd.org>
- Subject: user/3714: [PATCH]Improvements to spamd-setup(8) utility
- From: "Michael O. Boev" <mike@tric.tomsk.gov.ru>
- Date: Mon, 15 Mar 2004 19:04:24 +0600
- Resent-Date: Mon, 15 Mar 2004 06:20:03 -0700 (MST)
- Resent-From: gnats@cvs.openbsd.org (GNATS Filer)
- Resent-Message-Id: <200403151320.i2FDK3AN016830@cvs.openbsd.org>
- Resent-Reply-To: gnats@cvs.openbsd.org,"Michael O. Boev" <mike@tric.tomsk.gov.ru>
- Resent-To: bugs@cvs.openbsd.org
>Number: 3714
>Category: user
>Synopsis: Improvements to spamd-setup(8) utility
>Confidential: yes
>Severity: non-critical
>Priority: low
>Responsible: bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Mon Mar 15 13:20:01 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Michael O. Boev
>Release: OpenBSD 3.4
>Organization:
Tomsk Regional Information Center
>Environment:
System : OpenBSD 3.4, -CURRENT
Architecture: any
Machine : any
>Description:
1) One (me, for instance) should be able to run spamd and pf on
separate
machines. spamd-setup(8) just won't run (up to configuring pf(4))
when spamd is not running. OTOH, spamd-setup(8) is a very convenient
way to populate the <spamd> table.
2) Also, the problem described in PR 3657 was resolved by editing the
manpage,
and not in the source code. The code actually iterates through
command-line
arguments and adds them to the arguments of cgetent(3), which can
be, at least
now, considered bogus.
>How-To-Repeat:
1)
kill any running instance of spamd and launch
# /usr/libexec/spamd-setup
2)
Look through the source for evidence.
>Fix:
I wrote a couple of patches that solve the above 2 problems.
With them applied,
one may ALSO use only pf(4) rules for blocking incoming spam at firewall
level,
wasting only 48 bytes of incoming traffic for an IPv4 connection, AND
STILL use
spamd-setup(8) for populating the <spamd> table, AND not wasting memory
for spamd(8)
instance.
These patches add to the spamd.conf(5) syntax, so any existing
spamd-setup(8)
invocations (cron jobs, /etc/rc, etc.) still work as before.
I copied and pasted the patches below, but in case of any formatting
issues,
they are also available at:
http://tric.ru/users/mike/20040315/spamd-setup.c.patch
http://tric.ru/users/mike/20040315/spamd.conf.5.patch
--- spamd.conf.5.orig Sun Feb 8 05:58:58 2004
+++ spamd.conf.5 Mon Mar 15 18:24:56 2004
@@ -183,6 +183,32 @@
and the sequence \&%A will be expanded in the message by
.Xr spamd 8
to display the connecting IP address in the output.
+.Pp
+It is also possible to modify the default behaviour of
+.Xr spamd-setup 8
+by including
+.Ar _spamd_setup
+entry in the configuration file. The entry may include one or both of
+.Ar pf
+and
+.Ar spamd
+capabilities, which correspond to what
+.Xr spamd-setup 8
+is to configure. Use this if you wish to configure only the
+.Xr spamd 8
+deferral daemon lists but not the
+.Ar spamd
+.Xr pf 4
+table or vice versa, for example, if you run these on separate machines.
+When the
+.Ar _spamd_setup
+entry is omitted, both actions are performed, assuming the following
+default configuration entry:
+.Bd -literal -offset indent
+# Default spamd-setup(8) configuration
+_spamd_setup:\e
+ :pf:spamd:
+.Ed
.Sh SEE ALSO
.Xr ftp 1 ,
.Xr pf 4 ,
--- spamd-setup.c.orig Fri Feb 27 04:45:16 2004
+++ spamd-setup.c Mon Mar 15 18:28:40 2004
@@ -91,6 +91,8 @@
int debug;
int dryrun;
+int do_pf;
+int do_spamd;
u_int32_t
imask(u_int8_t b)
@@ -769,10 +771,10 @@
int
main(int argc, char *argv[])
{
- size_t dbs, dbc, blc, bls, black, white;
+ size_t blc, bls, black, white;
char **db_array, *buf, *name;
struct blacklist *blists;
- struct servent *ent;
+ struct servent *ent = NULL;
int i, ch;
while ((ch = getopt(argc, argv, "nd")) != -1) {
@@ -788,20 +790,33 @@
}
}
- if ((ent = getservbyname("spamd-cfg", "tcp")) == NULL)
- errx(1, "cannot find service \"spamd-cfg\" in /etc/services");
- ent->s_port = ntohs(ent->s_port);
-
- dbs = argc + 2;
- dbc = 0;
- db_array = calloc(dbs, sizeof(char *));
+ db_array = calloc(2, sizeof(char *));
if (db_array == NULL)
errx(1, "malloc failed");
- db_array[dbc]= PATH_SPAMD_CONF;
- dbc++;
- for (i = 1; i < argc; i++)
- db_array[dbc++] = argv[i];
+ db_array[0]= PATH_SPAMD_CONF;
+
+ if (cgetent(&buf, db_array, "_spamd_setup") != 0) {
+ if (debug)
+ fprintf(stderr,
+ "Can't find \"_spamd_setup\" in " PATH_SPAMD_CONF
+ "; assuming defaults.\n");
+ do_pf = do_spamd = 1;
+ } else {
+ if (cgetcap(buf, "pf", ':') != NULL)
+ do_pf = 1;
+ if (cgetcap(buf, "spamd", ':') != NULL)
+ do_spamd = 1;
+ if (!(do_pf || do_spamd))
+ errx(1, "Nothing to do!");
+ }
+ if (debug)
+ fprintf(stderr, "Config: do_pf=%d, do_spamd=%d\n", do_pf, do_spamd);
+ if (do_spamd) {
+ if ((ent = getservbyname("spamd-cfg", "tcp")) == NULL)
+ errx(1, "cannot find service \"spamd-cfg\" in /etc/services");
+ ent->s_port = ntohs(ent->s_port);
+ }
blists = NULL;
blc = bls = 0;
@@ -844,11 +859,11 @@
if (dryrun)
continue;
- if (configure_spamd(ent->s_port, blists[i].name,
+ if (do_spamd && configure_spamd(ent->s_port, blists[i].name,
blists[i].message, cidrs) == -1)
err(1, "Can't connect to spamd on port %d",
ent->s_port);
- if (configure_pf(cidrs) == -1)
+ if (do_pf && configure_pf(cidrs) == -1)
err(1, "pfctl failed");
tmp = cidrs;
while (*tmp != NULL)
>Release-Note:
>Audit-Trail:
>Unformatted: