From owner-freebsd-ports-bugs@FreeBSD.ORG Sun May 21 21:40:12 2006 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BABDA16A4F3 for ; Sun, 21 May 2006 21:40:09 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id AC4C843D46 for ; Sun, 21 May 2006 21:40:06 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k4LLe6PA078085 for ; Sun, 21 May 2006 21:40:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k4LLe6kw078084; Sun, 21 May 2006 21:40:06 GMT (envelope-from gnats) Resent-Date: Sun, 21 May 2006 21:40:06 GMT Resent-Message-Id: <200605212140.k4LLe6kw078084@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Olli Hauer Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 062B516A421 for ; Sun, 21 May 2006 21:36:15 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 620C443D5C for ; Sun, 21 May 2006 21:36:14 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k4LLaEPa093940 for ; Sun, 21 May 2006 21:36:14 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id k4LLaEAJ093939; Sun, 21 May 2006 21:36:14 GMT (envelope-from nobody) Message-Id: <200605212136.k4LLaEAJ093939@www.freebsd.org> Date: Sun, 21 May 2006 21:36:14 GMT From: Olli Hauer To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Cc: Subject: ports/97579: [patch] ports mail/spamd to reflect the public hostname in helo dialog X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 May 2006 21:40:14 -0000 >Number: 97579 >Category: ports >Synopsis: [patch] ports mail/spamd to reflect the public hostname in helo dialog >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun May 21 21:40:06 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Olli Hauer >Release: FreeBSD 6.1-RELEASE i386 >Organization: >Environment: >Description: spamd gets the hostname via gethostname(3) spamd reports the inside hostname in the initial dialog sample public hostname: mx.example.org sample real hostname: mx.dmz.example.local the patches are replacments for spamd/files/patch-spamd spamd/files/patch-spamdm >How-To-Repeat: $ echo "helo test" | nc localhost 8025 220 mx.dmz.example.local ESMTP Fake-Banner ^^^^^^^^^^^^^^^^^^^^^^^^ With the patch and the following directive: pfspamd_flags="-4 -g -b 127.0.0.1 -G 6:4:846 -H mx.example.org -n Fake-Banner" ^^^^^^^^^^^^^^^^^ $ echo "helo test" | nc localhost 8025 220 mx.example.org ESMTP Fake-Banner ^^^^^^^^^^^^^^^^^^ >Fix: --- spamd/spamd.c.orig Tue Apr 12 19:21:48 2005 +++ spamd/spamd.c Sun May 21 18:14:51 2006 @@ -123,6 +123,10 @@ pid_t jail_pid = -1; u_short cfg_port; +#ifdef IPFW +int tabno=1; +#endif + extern struct sdlist *blacklists; int conffd = -1; @@ -150,9 +154,13 @@ fprintf(stderr, "usage: spamd [-45dgv] [-B maxblack] [-b address] [-c maxcon]\n"); fprintf(stderr, - " [-G mins:hours:hours] [-n name] [-p port]\n"); + " [-G mins:hours:hours] [-H hostname] [-n name] [-p port]\n"); fprintf(stderr, " [-r reply] [-s secs] [-w window]\n"); +#ifdef IPFW + fprintf(stderr, + " [-t table_no]\n"); +#endif exit(1); } @@ -958,7 +966,11 @@ if (gethostname(hostname, sizeof hostname) == -1) err(1, "gethostname"); - while ((ch = getopt(argc, argv, "45b:c:B:p:dgG:r:s:n:vw:")) != -1) { +#ifdef IPFW + while ((ch = getopt(argc, argv, "45b:c:B:p:dgG:r:s:H:n:vw:t:")) != -1) { +#else + while ((ch = getopt(argc, argv, "45b:c:B:p:dgG:r:s:H:n:vw:")) != -1) { +#endif switch (ch) { case '4': nreply = "450"; @@ -1009,12 +1021,22 @@ usage(); stutter = i; break; + case 'H': + /* get hostname from optarg */ + if (strlcpy(hostname, optarg, sizeof(hostname) ) >= sizeof(hostname)) + err(1, "strlcpy hostname"); + break; case 'n': spamd = optarg; break; case 'v': verbose = 1; break; +#ifdef IPFW + case 't': + tabno = atoi(optarg); + break; +#endif case 'w': window = atoi(optarg); if (window <= 0) --- spamd/spamd.8.orig Tue Apr 12 19:21:48 2005 +++ spamd/spamd.8 Sun May 21 18:27:45 2006 @@ -36,6 +36,7 @@ .Op Fl b Ar address .Op Fl c Ar maxcon .Op Fl G Ar passtime:greyexp:whiteexp +.Op Fl H Ar hostname .Op Fl n Ar name .Op Fl p Ar port .Op Fl r Ar reply @@ -49,6 +50,8 @@ daemon which rejects false mail. If the .Xr pf 4 +or +.Xr ipfw 4 packet filter is configured to redirect port 25 (SMTP) to this daemon, it will attempt to waste the time and resources of the spam sender. .Pp @@ -95,6 +98,10 @@ Greylisting mode; see .Sx GREYLISTING below. +.It Fl H Ar hostname +The SMTP hostname that is reported upon initial connection. +If unused the hostname is found with +.Xr gethostname 3 . .It Fl n Ar name The SMTP version banner that is reported upon initial connection. .It Fl p Ar port @@ -151,11 +158,15 @@ which processes a list of spammers' addresses, and applies appropriate .Xr pfctl 8 .Em rdr +or +.Xr ipfw 8 +.Em fwd rules. .Xr spamd-setup 8 is run from .Xr cron 8 . .Sh REDIRECTING SMTP CONNECTIONS +.Ss "When using PF" With .Xr pf 4 , connections to port 25 (SMTP) can be redirected to another host or port, @@ -189,6 +200,8 @@ can also be used to load addresses into the .Em table. + + .Xr spamd-setup 8 also has the added benefit of being able to remove addresses from blacklists, and will connect to @@ -203,6 +216,52 @@ This is important as it allows legitimate mail senders to pressure spam sources into behaving properly so that they may be removed from the relevant blacklists. + +.Ss "If compiled with IPFW" +With +.Xr ipfw 4 , +the syntax for redirection of TCP sessions is quite different +from that of +.Xr pf 4 . +The +.Em fwd +rule used for this purpose are described in +.Xr ipfw 8 . +The rules should be added to the ruleset called by /etc/rc.firewall +to be present at boot time. +.Bd -literal -offset 4n +fwd 127.0.0.1,8025 tcp from table(2) to me 25 in +allow tcp from table(1) to me 25 in +fwd 127.0.0.1,8025 tcp from any to me 25 in +.Ed +.Pp +Any addresses in the blacklist table +.Em 2 +and not in the whitelist table +.Em 1 +are then redirected to +.Nm +running on port 8025. +Addresses can be loaded into the blacklist +.Em table , +like: +.Bd -literal -offset 4n +# ipfw table 1 add a.b.c.d/x +.Ed +.Pp +.Xr spamd-setup 8 +can also be used to load addresses into the blacklist table +.Em 2 . +.Pp +The +.Op Fl t Ar table_no +option to +.Em spamd +and +.Em spamd-setup +can be used to change the default table +numbers. + .Sh CONFIGURATION CONNECTIONS .Nm listens for configuration connections on the port identified by the >Release-Note: >Audit-Trail: >Unformatted: