view @ 42:afcf403709ef

updates for 3.2, try to drop root privileges
author carl
date Mon, 05 Jul 2004 13:09:44 -0700
parents d95af8129dfa
children acbe44bbba22
line wrap: on
line source

Summary: DNSBL Sendmail Milter
Name: dnsbl
Version: 3.1
Release: 1
Copyright: GPL
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}

BuildRequires:  sendmail-devel >= 8.12.1
Requires(pre):  /usr/sbin/groupadd
Requires(pre):  /usr/sbin/useradd
Requires(pre):  /usr/bin/getent
Requires(postun):       /usr/sbin/userdel
Requires(postun):       /usr/sbin/groupdel
Requires(post,preun):   /sbin/chkconfig
Requires:       sendmail

We present here a mechanism whereby the backup mail server can use the correct set of DNSBLs for each recipient for each message. As a side-effect, it gives us the ability to customize the set of DNSBLs on a per-recipient basis, so that could use SPEWS and the SBL, where all other users use only the SBL.

This milter will also decode (base64, mime, html entity, url encodings) and scan for HTTP and HTTPS URLs and bare hostnames in the body of the mail. If any of those host names have A or NS records on the SBL (or a single configurable DNSBL), the mail will be rejected unless previously whitelisted. This milter also counts the number of invalid HTML tags, and can reject mail if that count exceeds your specified limit.

The DNSBL milter reads a text configuration file (dnsbl.conf) on startup, and whenever the config file (or any of the referenced include files) is changed. The entire configuration file is case insensitive.

# %setup -q -n Zope-%{zope_version}
# %patch0 -p1
# %patch1 -p1


g++ -c $CXXFLAGS -pthread dnsbl.cpp
g++ -o dnsbl dnsbl.o /usr/lib/libresolv.a -lmilter -pthread

# hoisted from install.bash
if [ "%{buildroot}" = "/" -o -z "%{buildroot}" ] ; then
	echo sorry, you probably do not want me to delete the old buildroot at %{buildroot}
	exit 1

rm -rf %{buildroot}
mkdir -p %{buildroot}/etc/dnsbl

install -m 644 dnsbl.conf %{buildroot}/etc/dnsbl/dnsbl.conf
install -m 644 html-tags.conf %{buildroot}/etc/dnsbl/html-tags.conf
install -m 644 tld.conf %{buildroot}/etc/dnsbl/tld.conf

mkdir -p %{buildroot}/usr/sbin
install -m 755 dnsbl %{buildroot}/usr/sbin/dnsbl

mkdir -p %{buildroot}/etc/init.d
install -m 755 dnsbl.rc %{buildroot}/etc/init.d/dnsbl

mkdir -p %{buildroot}/var/run/dnsbl

/usr/bin/getent passwd dnsbl ||
  useradd -r -d /etc/dnsbl -M -c "dnsbl pseudo-user" -s /sbin/nologin dnsbl
/sbin/chkconfig --add dnsbl
/sbin/chkconfig dnsbl on
/sbin/service dnsbl start

# [JOG] TODO: spew out a message indicating what should be added to

if [ $1 -eq 0 ]; then
   /sbin/service dnsbl stop || :
   /sbin/chkconfig --del dnsbl
   userdel dnsbl || :



%config /etc/dnsbl/
%dir %attr(0750,dnsbl,root) /var/run/dnsbl

Revision 1.1  2004/06/30 10:08:48
Initial revision of spec file. Need to add a better description, docs and a message