[from postfwd.org]: postfwd is written in perl to combine complex postfix restrictions in a ruleset similar to those of the most firewalls. The program uses the postfix policy delegation protocol to control access to the mail system before a message has been accepted (please visit http://www.postfix.org/SMTPD_POLICY_README.html for more information). It allows you to choose an action (e.g. reject, dunno) for a combination of several smtp parameters (like sender and recipient address, size or the client's TLS fingerprint). When policyd-weight was announced to be no longer maintained, the author referred to postfwd as an appropriate replacement (s. http://thread.gmane.org/gmane.mail.postfix.policyd-weight/810). Since postfwd is not in the main tree so far (and not in b.g.o either), I wrote the attached ebuild, partly copied from policyd-weight (ebuild) and postgrey (init script). Two minor quirks: 1) The current version of postfwd is 1.10_pre7c. However portage doesn't allow trailing letters in suffix versions, so after consulting #gentoo-dev-help and #gentoo-portage, I named the ebuild 1.10_pre7 and supplied the pre-release letter inside the ebuild. This is ugly, but I asked upstream to bump to the next number in the future (answer still pending). 2) Since I copied the init script from postgrey, I also intended to support unix sockets for postfwd. Unfortunately I discovered that postfwd checks the format of the --port parameter (which I used to supply the socket info) to be only numbers, hence the attached patch. I'll talk to upstream about this after he answers my previous mail. However, postfwd works just fine with unix sockets (since it uses the Net::Server perl module), I have it running right now. So far I only tested it on amd64, but since it's a perl application, it should run on x86 as well, hence the keyword. Comments welcome.
Created attachment 153597 [details] postfwd-1.10_pre7.ebuild: the proposed ebuild for mail-filter/postfwd
Created attachment 153599 [details, diff] files/postfwd-1.10_pre7-allow-unix-socket.patch: allow postfwd to use unix sockets
Created attachment 153601 [details] files/postfwd.rc.new: the init script for the proposed ebuild
Created attachment 153603 [details] files/postfwd.rc.new: the conf file for the above init script
Created attachment 153605 [details] files/postfwd.conf.new: the conf file for the above init script gna, wrong file ;)
Created attachment 166646 [details] update ebuild for postfwd 1.10pre8b unfortunately upstream didn't change the versioning scheme yet, so here's another ebuild version using the PV suffix in the source. However, it seems upstream has adopted my proposal for the new development branch, so this workaround might no longer be needed for future rev bumps.
Created attachment 166648 [details] files/postfwd-1.10_pre8-allow-unix-socket.patch: allow postfwd to use unix sockets also adapted the patch for 1.10pre8b. Since upstream didn't get back to me on my last message, I might contact them for this one after all despite my previous plans... until then, this patch still works :)
# DNSBL checks - evaluation id=RBL_002 ; HIT_dnsbls>=2 ; action=554 5.7.1 blocked using $$DSBL_count dnsbls, INFO: [$$DSBL_text] changes to # DNSBL checks - evaluation id=RBL_002 ; HIT_dnsbls>=2 ; action=554 5.7.1 blocked using $$HIT_dnsbls dnsbls, INFO: [$$DSBL_text] only error i have found in http://www.postfwd.org/example-cfg.txt and the ebuild works here
(In reply to comment #8) > # DNSBL checks - evaluation > id=RBL_002 ; HIT_dnsbls>=2 ; action=554 5.7.1 blocked using > $$DSBL_count dnsbls, INFO: [$$DSBL_text] > > changes to > > # DNSBL checks - evaluation > id=RBL_002 ; HIT_dnsbls>=2 ; action=554 5.7.1 blocked using > $$HIT_dnsbls dnsbls, INFO: [$$DSBL_text] > > only error i have found in http://www.postfwd.org/example-cfg.txt > > and the ebuild works here > Nicely noticed. Should be reported upstream, and until anything changes, I suppose we could patch it.
Created attachment 171075 [details] files/postfwd.rc.new: init script for postfwd including stats function added a stats() function which makes postfwd dump some statistics to the syslog
(this is an automated message based on filtering criteria that matched this bug) 'EBUILD' is in the KEYWORDS which should mean that there is a ebuild attached to this bug. This bug is assigned to maintainer-wanted which means that it is not in the main tree. Heuristics show that no Gentoo developer has commented on your ebuild. Hello, The Gentoo Team would like to firstly thank you for your ebuild submission. We also apologize for not being able to accommodate you in a timely manner. There are simply too many new packages. Allow me to use this opportunity to introduce you to Gentoo Sunrise. The sunrise overlay[1] is a overlay for Gentoo which we allow trusted users to commit to and all users can have ebuilds reviewed by Gentoo devs for entry into the overlay. So, the sunrise team is suggesting that you look into this and submit your ebuild to the overlay where even *you* can commit to. =) Because this is a mass message, we are also asking you to be patient with us. We anticipate a large number of requests in a short time. Thanks, On behalf of the Gentoo Sunrise Team, Jeremy. [1]: http://www.gentoo.org/proj/en/sunrise/ [2]: http://overlays.gentoo.org/proj/sunrise/wiki/SunriseFaq
*** Bug 312453 has been marked as a duplicate of this bug. ***
By demand, I attach my ebuild along with the required files here. Like said in my original report, I also proxy-maintain net-misc/strongswan, so I'd volunteer to at least proxy-maintain this also if it hits the official tree.
Created attachment 226233 [details] ebuild
Created attachment 226235 [details] metadata
Created attachment 226237 [details] config for init script (files/)
Created attachment 226239 [details] example ruleset (files/)
Created attachment 226241 [details] init script (files/)
(In reply to Matthias Dahl from comment #18) > Created attachment 226241 [details] > init script (files/) The attached init script has a typo: --- /usr/portage/mail-filter/postfwd/files/postfwd.init 2014-07-15 02:19:41.000000000 +0200 +++ /etc/init.d/postfwd 2014-10-12 22:10:31.016134640 +0200 @@ -16,7 +16,7 @@ start() { --exec /usr/sbin/postfwd2 -- --daemon --file ${POSTFWD_CONFIG} \ --interface=${POSTFWD_LISTEN} --port=${POSTFWD_PORT} \ --user=${POSTFWD_USER} --group=${POSTFWD_GROUP} \ - --pidfile ${PIDFILE} + --pidfile ${PIDFILE} \ ${POSTFWD_OPTS} eend $? } It is missing a trailing backslash '\' after the pidfile statement. If you omit this backslash AND if you configure POSTFWD_OPTS in /etc/conf.d/postfwd then ${POSTFWD_OPTS} will be interpreted as command instead of additional options.
*postfwd-1.35 (15 Jul 2014) 15 Jul 2014; Marc Schiffbauer <mschiff@gentoo.org> +files/postfwd.conf, +files/postfwd.init, +files/postfwd2.example.cf, +metadata.xml, +postfwd-1.35.ebuild: Added postfwd to the tree (again?).
