kiwi/klara-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Trahs

Browse Source
This commit is contained in:
Xavier Beaudouin
2025-12-18 08:51:29 +01:00
parent 34549e9737
commit c729bfcb24
3 changed files with 0 additions and 324 deletions
Download Patch File Download Diff File Expand all files Collapse all files

200
mail/exim/files.nok/extra-patch-Local-sa-exim.c
View File

@ -1,200 +0,0 @@
--- Local/sa-exim.c.orig 2020-02-19 03:04:43 UTC
+++ Local/sa-exim.c
@@ -29,10 +29,7 @@ http://lists.merlins.org/lists/listinfo/sa-exim
#include "sa-exim.h"
/* Exim includes */
-#include "local_scan.h"
-extern FILE *smtp_out; /* Exim's incoming SMTP output file */
-extern int body_linecount; /* Line count in body */
-extern uschar *primary_hostname;
+#include <local_scan.h>
#ifdef DLOPEN_LOCAL_SCAN
@@ -409,6 +406,11 @@ int parsemlheader(char *buffer, FILE *readfh, char *he
if (buffer[strlen(buffer)-1] == '\n')
{
buffer[strlen(buffer)-1]=0;
+ /* and any carriage return */
+ if (buffer[strlen(buffer)-1] == '\r')
+ {
+ buffer[strlen(buffer)-1]=0;
+ }
}
if (SAEximDebug > 5)
{
@@ -515,6 +517,7 @@ int local_scan(volatile int fd, uschar **return_text)
int pid;
int writefd[2];
int readfd[2];
+ char *spamc_argv[10];
int i;
/* These are the only values that we want working after the longjmp
* The automatic ones can be clobbered, but we don't really care */
@@ -550,8 +553,9 @@ int local_scan(volatile int fd, uschar **return_text)
static char *SAspamcpath=SPAMC_LOCATION;
static char *SAsafemesgidchars=SAFEMESGIDCHARS
static char *SAspamcSockPath=NULL;
- static char *SAspamcPort="783";
- static char *SAspamcHost="127.0.0.1";
+ static char *SAspamcPort=NULL;
+ static char *SAspamcHost=NULL;
+ static char *SAspamcUser=NULL;
static char *SAEximRunCond="0";
static char *SAEximRejCond="1";
static int SAmaxbody=250*1024;
@@ -602,6 +606,10 @@ int local_scan(volatile int fd, uschar **return_text)
/* Do not put a %s in there, or you'll segfault */
static char *SAmsgerror="Temporary local error while processing message, please contact postmaster";
+ /* This needs to be retrieved through expand_string in order
+ not to violate the API. */
+ uschar *primary_hostname=expand_string("$primary_hostname");
+
/* New values we read from spamassassin */
char *xspamstatus=NULL;
char *xspamflag=NULL;
@@ -712,6 +720,7 @@ int local_scan(volatile int fd, uschar **return_text)
M_CHECKFORSTR(SAspamcSockPath);
M_CHECKFORSTR(SAspamcPort);
M_CHECKFORSTR(SAspamcHost);
+ M_CHECKFORSTR(SAspamcUser);
M_CHECKFORSTR(SAEximRunCond);
M_CHECKFORSTR(SAEximRejCond);
M_CHECKFORVAR(SAmaxbody, "%d");
@@ -914,6 +923,22 @@ int local_scan(volatile int fd, uschar **return_text)
ret=dup2(readfd[1],2);
CHECKERR(ret,"dup2 stderr",__LINE__);
+ i = 0;
+ spamc_argv[i++] = "spamc";
+ if (SAspamcUser && SAspamcUser[0])
+ {
+ expand=expand_string(SAspamcUser);
+ if (expand == NULL)
+ {
+ log_write(0, LOG_MAIN | LOG_PANIC, "SA: SAspamcUser expansion failure on %s, will run as Exim user instead.", SAspamcUser);
+ }
+ else if (expand[0] != '\0')
+ {
+ spamc_argv[i++] = "-u";
+ spamc_argv[i++] = expand;
+ }
+ }
+
/*
* I could implement the spamc protocol and talk to spamd directly
* instead of forking spamc, but considering the overhead spent
@@ -924,17 +949,30 @@ int local_scan(volatile int fd, uschar **return_text)
/* Ok, we cheat, spamc cares about how big the whole message is and
* we only know about the body size, so I'll give an extra 16K
* to account for any headers that can accompany the message */
+
+ spamc_argv[i++] = "-s";
+ spamc_argv[i++] = string_sprintf("%d", SAmaxbody+16384);
+
if(SAspamcSockPath)
{
- ret=execl(SAspamcpath, "spamc", "-s", string_sprintf("%d", SAmaxbody+16384), "-U", SAspamcSockPath, NULL);
- CHECKERR(ret,string_sprintf("exec %s", SAspamcpath),__LINE__);
+ spamc_argv[i++] = "-U";
+ spamc_argv[i++] = SAspamcSockPath;
}
else
{
- ret=execl(SAspamcpath, "spamc", "-s", string_sprintf("%d", SAmaxbody+16384), "-d", SAspamcHost, "-p", SAspamcPort, NULL);
- CHECKERR(ret,string_sprintf("exec %s", SAspamcpath),__LINE__);
+ if (SAspamcHost) {
+ spamc_argv[i++] = "-d";
+ spamc_argv[i++] = SAspamcHost;
+ }
+ if (SAspamcPort) {
+ spamc_argv[i++] = "-p";
+ spamc_argv[i++] = SAspamcPort;
+ }
}
-
+ spamc_argv[i++] = NULL;
+
+ ret=execv(SAspamcpath, spamc_argv);
+ CHECKERR(ret,string_sprintf("exec %s", SAspamcpath),__LINE__);
}
if (SAEximDebug > 8)
@@ -1045,6 +1083,11 @@ int local_scan(volatile int fd, uschar **return_text)
if (buffer[strlen(buffer)-1] == '\n')
{
buffer[strlen(buffer)-1]=0;
+ /* and any carriage return */
+ if (buffer[strlen(buffer)-1] == '\r')
+ {
+ buffer[strlen(buffer)-1]=0;
+ }
}
restart:
if (SAEximDebug > 5)
@@ -1218,7 +1261,7 @@ restart:
}
stret=write(fd, buffer, strlen(buffer));
- CHECKERR(stret,string_sprintf("SA body write to msg"),__LINE__);
+ CHECKERR(stret,string_sprintf("%s", "SA body write to msg"),__LINE__);
if (SAEximDebug > 8)
{
log_write(0, LOG_MAIN, "SA: Debug9: Wrote to msg; line %d (wrote %d)", line, ret);
@@ -1229,18 +1272,20 @@ restart:
}
}
+
if (SAEximDebug > 1)
{
log_write(0, LOG_MAIN, "SA: Debug2: body_linecount before SA: %d", body_linecount);
}
/* update global variable $body_linecount to reflect the new body size*/
- body_linecount = (line - 1);
+ if (body_linecount > 0) body_linecount = (line - 1); // Not updating if zero, indicating spool_wireformat
if (SAEximDebug > 1)
{
log_write(0, LOG_MAIN, "SA: Debug2: body_linecount after SA: %d", body_linecount);
}
+
}
fclose((FILE *)readfh);
@@ -1331,6 +1376,9 @@ restart:
if (dorej && doteergrube)
{
+ char *teergrubewaitstr;
+ teergrubewaitstr=string_sprintf(SAmsgteergrubewait, spamstatus);
+
/* By default, we'll only save temp bounces by message ID so
* that when the same message is submitted several times, we
* overwrite the same file on disk and not create a brand new
@@ -1353,20 +1401,8 @@ restart:
for (i=0;i<SAteergrubetime/10;i++)
{
- char *str;
-
- /* Unfortunately, we can't use exim's smtp_printf because it
- * doesn't return an error code if the write gets an EPIPE.
- * So, we write ourselves, but this won't work if you have a
- * TLS connection opened (that said, if you are teergrubing
- * a TLS connection, it's probably a relay host, not a
- * spammer, and in this case you should not teergrube a
- * friendly relay, so basically we should be ok).
- * If you do teergrube an SSL connection with the current
- * code, you will break it, but that's acceptable */
- str=string_sprintf(string_sprintf("451- %s\r\n",SAmsgteergrubewait), spamstatus);
- fprintf(smtp_out, str);
- ret=fflush(smtp_out);
+ smtp_printf("451-%s\r\n", FALSE, teergrubewaitstr);
+ ret=smtp_fflush();
if (ret != 0)
{
log_write(0, LOG_MAIN | LOG_REJECT, "SA: Action: teergrubed sender for %d secs until it closed the connection: %s (scanned in %d/%d secs | Message-Id: %s). %s", i*10, spamstatus, scantime, fulltime, safemesgid, mailinfo);

32
mail/exim/files.nok/patch-pass-fd-to-tcpwrappers
View File

@ -1,32 +0,0 @@
--- src/smtp_in.c.orig 2017-03-08 16:31:57.587957000 +0000
+++ src/smtp_in.c 2017-03-08 16:43:44.934346000 +0000
@@ -2246,6 +2246,9 @@
#ifdef USE_TCP_WRAPPERS
struct request_info tcpwrap_ri;
#endif
+#ifdef USE_TCP_WRAPPERS
+struct request_info tcpwrap_ri;
+#endif
smtp_connection_start = time(NULL);
for (smtp_ch_index = 0; smtp_ch_index < SMTP_HBUFF_SIZE; smtp_ch_index++)
@@ -2602,11 +2605,14 @@
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Expansion of \"%s\" "
"(tcp_wrappers_name) failed: %s", string_printing(tcp_wrappers_name),
expand_string_message);
-
- if (!hosts_ctl(tcp_wrappers_name,
- sender_host_name ? CS sender_host_name : STRING_UNKNOWN,
- sender_host_address ? CS sender_host_address : STRING_UNKNOWN,
- sender_ident ? CS sender_ident : STRING_UNKNOWN))
+ request_init(&tcpwrap_ri,
+ RQ_DAEMON, tcp_wrappers_name,
+ RQ_FILE, fileno(smtp_out),
+ RQ_CLIENT_NAME, (sender_host_name == NULL)? STRING_UNKNOWN : CS sender_host_name,
+ RQ_CLIENT_ADDR, (sender_host_address == NULL)? STRING_UNKNOWN : CS sender_host_address,
+ RQ_USER, (sender_ident == NULL)? STRING_UNKNOWN : CS sender_ident,
+ 0);
+ if (!hosts_access(&tcpwrap_ri))
{
if (errno == 0 || errno == ENOENT)
{

92
mail/exim/files.nok/patch-src-auths-call_radius.c
View File

@ -1,92 +0,0 @@
--- src/auths/call_radius.c.orig 2020-05-30 22:35:38.000000000 +0200
+++ src/auths/call_radius.c 2020-06-01 19:54:14.402105000 +0200
@@ -113,37 +113,37 @@
#ifdef RADIUS_LIB_RADIUSCLIENT
if (rc_read_config(RADIUS_CONFIG_FILE) != 0)
- *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE);
+ *errptr = string_sprintf("%s", "RADIUS: can't open %s", RADIUS_CONFIG_FILE);
else if (rc_read_dictionary(rc_conf_str("dictionary")) != 0)
- *errptr = US"RADIUS: can't read dictionary";
+ *errptr = string_sprintf("%s", "RADIUS: can't read dictionary");
else if (!rc_avpair_add(&send, PW_USER_NAME, user, 0))
- *errptr = US"RADIUS: add user name failed";
+ *errptr = string_sprintf("%s", "RADIUS: add user name failed\n");
else if (!rc_avpair_add(&send, PW_USER_PASSWORD, CS radius_args, 0))
- *errptr = US"RADIUS: add password failed");
+ *errptr = string_sprintf("%s", "RADIUS: add password failed\n");
else if (!rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0))
- *errptr = US"RADIUS: add service type failed";
+ *errptr = string_sprintf("%s", "RADIUS: add service type failed\n");
#else /* RADIUS_LIB_RADIUSCLIENT unset => RADIUS_LIB_RADIUSCLIENT2 */
if (!(h = rc_read_config(RADIUS_CONFIG_FILE)))
- *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE);
+ *errptr = string_sprintf("%s", "RADIUS: can't open %s", RADIUS_CONFIG_FILE);
else if (rc_read_dictionary(h, rc_conf_str(h, "dictionary")) != 0)
- *errptr = US"RADIUS: can't read dictionary";
+ *errptr = string_sprintf("%s", "RADIUS: can't read dictionary");
else if (!rc_avpair_add(h, &send, PW_USER_NAME, user, Ustrlen(user), 0))
- *errptr = US"RADIUS: add user name failed";
+ *errptr = string_sprintf("%s", "RADIUS: add user name failed\n");
else if (!rc_avpair_add(h, &send, PW_USER_PASSWORD, CS radius_args,
Ustrlen(radius_args), 0))
- *errptr = US"RADIUS: add password failed";
+ *errptr = string_sprintf("%s", "RADIUS: add password failed\n");
else if (!rc_avpair_add(h, &send, PW_SERVICE_TYPE, &service, 0, 0))
- *errptr = US"RADIUS: add service type failed";
+ *errptr = string_sprintf("%s", "RADIUS: add service type failed\n");
#endif /* RADIUS_LIB_RADIUSCLIENT */
@@ -176,7 +176,7 @@
case BADRESP_RC:
default:
- *errptr = string_sprintf("RADIUS: unexpected response (%d)", result);
+ *errptr = string_sprintf("%s", "RADIUS: unexpected response (%d)", result);
return ERROR;
}
@@ -186,7 +186,7 @@
if (!(h = rad_auth_open()))
{
- *errptr = string_sprintf("RADIUS: can't initialise libradius");
+ *errptr = string_sprintf("%s", "RADIUS: can't initialise libradius");
return ERROR;
}
if (rad_config(h, RADIUS_CONFIG_FILE) != 0 ||
@@ -196,7 +196,7 @@
rad_put_int(h, RAD_SERVICE_TYPE, RAD_AUTHENTICATE_ONLY) != 0 ||
rad_put_string(h, RAD_NAS_IDENTIFIER, CS primary_hostname) != 0)
{
- *errptr = string_sprintf("RADIUS: %s", rad_strerror(h));
+ *errptr = string_sprintf("%s", "RADIUS: %s", rad_strerror(h));
result = ERROR;
}
else
@@ -211,12 +211,12 @@
break;
case -1:
- *errptr = string_sprintf("RADIUS: %s", rad_strerror(h));
+ *errptr = string_sprintf("%s", "RADIUS: %s", rad_strerror(h));
result = ERROR;
break;
default:
- *errptr = string_sprintf("RADIUS: unexpected response (%d)", result);
+ *errptr = string_sprintf("%s", "RADIUS: unexpected response (%d)", result);
result= ERROR;
break;
}