robin.thoni
/
roehling-postsrsd
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 5 Wiki Activity
Browse Source

Merge tag '1.3' into ppa

ppa
Timo Röhling 10 years ago
parent
5e0056ab6b d549b3ff35
commit
7ddcfd2fed
11 changed files with 132 additions and 23 deletions
Split View Show Diff Stats
  1. 19
    2
      CMakeLists.txt
  2. 16
    2
      README.md
  3. 15
    0
      README_UPGRADE.md
  4. 4
    0
      init/postsrsd.default.in
  5. 3
    5
      init/postsrsd.systemd.in
  6. 1
    1
      init/postsrsd.sysv-lsb.in
  7. 1
    1
      init/postsrsd.sysv-redhat.in
  8. 1
    1
      init/postsrsd.upstart.in
  9. 1
    1
      main.cf.ex
  10. 19
    6
      postinstall.cmake.in
  11. 52
    4
      postsrsd.c

+ 19
- 2
CMakeLists.txt View File 

@@ -7,14 +7,27 @@ option(USE_APPARMOR "Enable AppArmor profile" OFF)
7 7
8 8 
 set(CHROOT_DIR "${CMAKE_INSTALL_PREFIX}/lib/${PROJECT_NAME}" CACHE PATH "Chroot jail for daemon")
9 9 
 set(SYSCONF_DIR "/etc" CACHE PATH "Global system configuration folder")
10 
+set(SYSD_UNIT_DIR "${SYSCONF_DIR}/systemd/system" CACHE PATH "Systemd unit file folder")
10 11 
 set(CONFIG_DIR "${SYSCONF_DIR}/default" CACHE PATH "Location of startup configuration file")
11 12 
 set(DOC_DIR "share/doc/${PROJECT_NAME}" CACHE PATH "Path for documentation files")
13 
+mark_as_advanced(CHROOT_DIR SYSCONF_DIR SYSD_UNIT_DIR CONFIG_DIR DOC_DIR)
12 14
13 15 
 find_program(HELP2MAN help2man DOC "path to help2man executable")
14 16 
 find_program(DD dd DOC "path to dd executable")
15 17 
 find_program(BASE64 base64 DOC "path to base64 executable")
18 
+find_program(OPENSSL openssl DOC "path to OpenSSL executable")
16 19 
 find_program(INSSERV insserv DOC "path to insserv executable")
17 20 
 find_program(CHKCONFIG chkconfig DOC "path to chkconfig executable")
21 
+find_library(LIBSOCKET socket)
22 
+find_library(LIBNSL nsl)
23 
+
24 
+if(BASE64)
25 
+    set(BASE64_ENCODE "${BASE64}")
26 
+elseif(OPENSSL)
27 
+    set(BASE64_ENCODE "${OPENSSL} base64 -e")
28 
+else()
29 
+    set(BASE64_ENCODE "")
30 
+endif()
18 31
19 32 
 check_include_file(sys/wait.h HAVE_SYS_WAIT_H)
20 33 
 if(HAVE_SYS_WAIT_H)
 
@@ -34,7 +47,7 @@ if(HAVE_TIME_H)
34 47 
 endif()
35 48
36 49 
 if(NOT DEFINED INIT_FLAVOR)
37 
-	if(IS_DIRECTORY "${SYSCONF_DIR}/systemd" AND EXISTS "/usr/lib/systemd/systemd")
50 
+	if(IS_DIRECTORY "${SYSD_UNIT_DIR}" AND EXISTS "/usr/lib/systemd/systemd")
38 51 
         message(STATUS "Detected init flavor: systemd")
39 52 
         set(INIT_FLAVOR "systemd" CACHE STRING "Init daemon of this system")
40 53 
     elseif(IS_DIRECTORY "${SYSCONF_DIR}/init" AND EXISTS "/lib/init/upstart-job")
 
@@ -55,6 +68,10 @@ endif()
55 68
56 69 
 add_executable(${PROJECT_NAME} postsrsd.c sha1.c srs2.c)
57 70
71 
+if(${CMAKE_SYSTEM_NAME} MATCHES "SunOS")
72 
+    target_link_libraries(${PROJECT_NAME} ${LIBSOCKET} ${LIBNSL})
73 
+endif()
74 
+
58 75 
 get_target_property(POSTSRSD ${PROJECT_NAME} LOCATION)
59 76 
 get_filename_component(POSTSRSD ${POSTSRSD} NAME_WE)
60 77 
 set(APPARMOR_PROFILE "${CMAKE_INSTALL_PREFIX}/sbin/${POSTSRSD}")
 
@@ -83,6 +100,6 @@ if(USE_APPARMOR)
83 100 
 endif()
84 101
85 102 
 install(TARGETS ${PROJECT_NAME} DESTINATION "sbin")
86 
-install(FILES README.md main.cf.ex DESTINATION "${DOC_DIR}")
103 
+install(FILES README.md README_UPGRADE.md main.cf.ex DESTINATION "${DOC_DIR}")
87 104 
 install(SCRIPT "${CMAKE_CURRENT_BINARY_DIR}/postinstall.cmake")
88 105

+ 16
- 2
README.md View File 

@@ -80,8 +80,22 @@ your main.cf:
80 80 
     sender_canonical_maps = tcp:127.0.0.1:10001
81 81 
     sender_canonical_classes = envelope_sender
82 82 
     recipient_canonical_maps = tcp:127.0.0.1:10002
83 
-    recipient_canonical_classes= envelope_recipient
83 
+    recipient_canonical_classes= envelope_recipient,header_recipient
84 
+
85 
+This will transparently rewrite incoming and outgoing envelope addresses,
86 
+and additionally undo SRS rewrites in the To: header of bounce notifications
87 
+and vacation autoreplies.
84 88
85 
-This will transparently rewrite incoming and outgoing envelope addresses.
86 89 
 Run `service postsrsd start` and `postfix reload` as root, or reboot.
87 90
91 
+Known Issues
92 
+------------
93 
+
94 
+- Due to the way PostSRSd is integrated with Postfix, sender addresses
95 
+  will always be rewritten even if the mail is not forwarded at all. This
96 
+  is because the canonical maps are read by the cleanup daemon, which
97 
+  processes mails at the very beginning before any routing decision is made.
98 
+
99 
+- The Postfix package in CentOS 6 lacks the required support for TCP
100 
+  dictionaries. Please upgrade your distribution or build Postfix yourself.
101 
+

+ 15
- 0
README_UPGRADE.md View File 

@@ -0,0 +1,15 @@
1 
+PostSRSd Upgrade Note
2 
+=====================
3 
+
4 
+/etc/default/postsrsd
5 
+---------------------
6 
+
7 
+The shipped configuration file has changed from previous versions.
8 
+However, the installer will not automatically overwrite existing
9 
+configuration files to prevent data loss.
10 
+
11 
+Please review the changes after the installation and update your
12 
+configuration file accordingly. Note in particular, that most options
13 
+may no longer remain commented out, since it was cumbersome to maintain
14 
+all the default values in the various startup scripts.
15 
+

+ 4
- 0
init/postsrsd.default.in View File 

@@ -13,6 +13,10 @@
13 13 
 #
14 14 
 #SRS_EXCLUDE_DOMAINS=.example.com,example.org
15 15
16 
+# First separator character after SRS0 or SRS1.
17 
+# Can be one of: -+=
18 
+SRS_SEPARATOR==
19 
+
16 20 
 # Secret key to sign rewritten addresses.
17 21 
 # When postsrsd is installed for the first time, a random secret is generated
18 22 
 # and stored in /etc/postsrsd.secret. For most installations, that's just fine.

+ 3
- 5
init/postsrsd.systemd.in View File 

@@ -1,15 +1,13 @@
1 1 
 [Unit]
2 2 
 Description=PostSRSd Daemon
3 
-After=network.target
4 3
5 4 
 [Service]
6 5 
 Type=simple
7 
-Environment SRS_DOMAIN=localhost.localdomain
8 
-Environment SRS_EXCLUDE_DOMAINS=
6 
+Environment=SRS_DOMAIN=localhost.localdomain
7 
+Environment=SRS_EXCLUDE_DOMAINS=
9 8 
 EnvironmentFile=@CONFIG_DIR@/@PROJECT_NAME@
10 
-ExecStart=@CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f${SRS_FORWARD_PORT} -r${SRS_REVERSE_PORT} -d${SRS_DOMAIN} -s${SRS_SECRET} -u${RUN_AS} -c${CHROOT} -X${SRS_EXCLUDE_DOMAINS}
9 
+ExecStart=@CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f"${SRS_FORWARD_PORT}" -r"${SRS_REVERSE_PORT}" -d"${SRS_DOMAIN}" -s"${SRS_SECRET}" -a"${SRS_SEPARATOR}" -u"${RUN_AS}" -c"${CHROOT}" -X"${SRS_EXCLUDE_DOMAINS}"
11 10 
 Restart=always
12 11
13 12 
 [Install]
14 13 
 WantedBy=multi-user.target
15 
-

+ 1
- 1
init/postsrsd.sysv-lsb.in View File 

@@ -44,7 +44,7 @@ case "$1" in
44 44 
 		--pidfile $PIDFILE \
45 45 
 		--name $NAME \
46 46 
 		--startas $DAEMON \
47 
-		-- -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -u"$RUN_AS" -p"$PIDFILE" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS" -D
47 
+		-- -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -a "$SRS_SEPARATOR" -u"$RUN_AS" -p"$PIDFILE" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS" -D
48 48 
 	then
49 49 
 	    log_end_msg 0
50 50 
 	else

+ 1
- 1
init/postsrsd.sysv-redhat.in View File 

@@ -36,7 +36,7 @@ do_start()
36 36 
 {
37 37 
 	echo -n "Starting $DESC: "
38 38 
 	daemon $DAEMON -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" \
39 
-	               -u"$RUN_AS" -p"$PIDFILE" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS" -D
39 
+	               -u"$RUN_AS" -p"$PIDFILE" -a "$SRS_SEPARATOR" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS" -D
40 40 
 	RETVAL=$?
41 41 
 	echo
42 42 
     	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$NAME

+ 1
- 1
init/postsrsd.upstart.in View File 

@@ -9,6 +9,6 @@ script
9 9 
 	SRS_DOMAIN=`postconf -h mydomain || true`
10 10 
 	SRS_EXCLUDE_DOMAINS=
11 11 
 	. "@CONFIG_DIR@/@PROJECT_NAME@"
12 
-	exec @CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -u"$RUN_AS" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS"
12 
+	exec @CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -a "$SRS_SEPARATOR" -u"$RUN_AS" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS"
13 13 
 end script
14 14

+ 1
- 1
main.cf.ex View File 

@@ -3,6 +3,6 @@
3 3 
 sender_canonical_maps = tcp:127.0.0.1:10001
4 4 
 sender_canonical_classes = envelope_sender
5 5 
 recipient_canonical_maps = tcp:127.0.0.1:10002
6 
-recipient_canonical_classes = envelope_recipient
6 
+recipient_canonical_classes = envelope_recipient,header_recipient
7 7
8 8

+ 19
- 6
postinstall.cmake.in View File 

@@ -1,11 +1,12 @@
1 1 
 set(GENERATE_SRS_SECRET "@GENERATE_SRS_SECRET@")
2 2 
 set(SYSCONF_DIR "@SYSCONF_DIR@")
3 
+set(SYSD_UNIT_DIR "@SYSD_UNIT_DIR@")
3 4 
 set(CHROOT_DIR "@CHROOT_DIR@")
4 5 
 set(CONFIG_DIR "@CONFIG_DIR@")
5 6 
 set(INIT_FLAVOR "@INIT_FLAVOR@")
6 7 
 set(SECRET_FILE "@PROJECT_NAME@.secret")
7 8 
 set(DD "@DD@")
8 
-set(BASE64 "@BASE64@")
9 
+set(BASE64_ENCODE "@BASE64_ENCODE@")
9 10 
 set(INSSERV "@INSSERV@")
10 11 
 set(CHKCONFIG "@CHKCONFIG@")
11 12 
 
@@ -14,8 +15,20 @@ if(CHROOT_DIR AND NOT EXISTS "$ENV{DESTDIR}${CHROOT_DIR}")
14 15 
 	file(MAKE_DIRECTORY "$ENV{DESTDIR}${CHROOT_DIR}")
15 16 
 endif()
16 17
17 
-if(INIT_FLAVOR AND NOT EXISTS "$ENV{DESTDIR}${CONFIG_DIR}/@PROJECT_NAME@")
18 
-	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.default" DESTINATION "${CONFIG_DIR}" RENAME "@PROJECT_NAME@")
18 
+if(INIT_FLAVOR)
19 
+	if (NOT EXISTS "$ENV{DESTDIR}${CONFIG_DIR}/@PROJECT_NAME@")
20 
+		file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.default" DESTINATION "${CONFIG_DIR}" RENAME "@PROJECT_NAME@")
21 
+	else()
22 
+		file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.default" DESTINATION "${CONFIG_DIR}" RENAME "@PROJECT_NAME@.new")
23 
+		message(STATUS "")
24 
+		message(STATUS "*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*")
25 
+		message(STATUS "*!* ${CONFIG_DIR}/@PROJECT_NAME@ will NOT be overwritten!")
26 
+		message(STATUS "*!* Please note the changes from @PROJECT_NAME@.new in the same folder and")
27 
+		message(STATUS "*!* update your configuration accordinly.")
28 
+		message(STATUS "*!* See also README_UPGRADE.md for details")
29 
+		message(STATUS "*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*")
30 
+		message(STATUS "")
31 
+	endif()
19 32 
 endif()
20 33
21 34 
 if(INIT_FLAVOR STREQUAL "sysv-lsb")
 
@@ -35,14 +48,14 @@ elseif(INIT_FLAVOR STREQUAL "sysv-redhat")
35 48 
 elseif(INIT_FLAVOR STREQUAL "upstart")
36 49 
 	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.upstart" DESTINATION "${SYSCONF_DIR}/init" RENAME "@PROJECT_NAME@.conf")
37 50 
 elseif(INIT_FLAVOR STREQUAL "systemd")
38 
-	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.systemd" DESTINATION "${SYSCONF_DIR}/systemd/system" RENAME "@PROJECT_NAME@.service")
51 
+	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.systemd" DESTINATION "${SYSD_UNIT_DIR}" RENAME "@PROJECT_NAME@.service")
39 52 
 endif()
40 53
41 
-if(GENERATE_SRS_SECRET AND DD AND BASE64 AND EXISTS "/dev/urandom" AND NOT EXISTS "$ENV{DESTDIR}${SYSCONF_DIR}/${SECRET_FILE}")
54 
+if(GENERATE_SRS_SECRET AND DD AND BASE64_ENCODE AND EXISTS "/dev/urandom" AND NOT EXISTS "$ENV{DESTDIR}${SYSCONF_DIR}/${SECRET_FILE}")
42 55 
 	message(STATUS "Generating secret key")
43 56 
 	execute_process(
44 57 
 		COMMAND ${DD} if=/dev/urandom bs=18 count=1
45 
-		COMMAND ${BASE64}
58 
+                COMMAND ${BASE64_ENCODE}
46 59 
 		OUTPUT_FILE "@CMAKE_CURRENT_BINARY_DIR@/${SECRET_FILE}"
47 60 
 		ERROR_QUIET
48 61 
 		OUTPUT_STRIP_TRAILING_WHITESPACE

+ 52
- 4
postsrsd.c View File 

@@ -43,7 +43,7 @@
43 43 
 #include <syslog.h>
44 44
45 45 
 #ifndef VERSION
46 
-#define VERSION "1.2"
46 
+#define VERSION "1.3"
47 47 
 #endif
48 48
49 49 
 static char *self = NULL;
 
@@ -58,7 +58,7 @@ static int bind_service (const char *service, int family)
58 58 
   memset (&hints, 0, sizeof(hints));
59 59 
   hints.ai_family = family;
60 60 
   hints.ai_socktype = SOCK_STREAM;
61 
-  hints.ai_flags = AI_ADDRCONFIG | AI_V4MAPPED;
61 
+
62 62 
   err = getaddrinfo(NULL, service, &hints, &addr);
63 63 
   if (err != 0) {
64 64 
     fprintf(stderr, "%s: bind_service(%s): %s\n", self, service, gai_strerror(err));
 
@@ -214,6 +214,7 @@ static void show_help ()
214 214 
     "Options:\n"
215 215 
     "   -s<file>       read secrets from file (required)\n"
216 216 
     "   -d<domain>     set domain name for rewrite (required)\n"
217 
+    "   -a<char>       set first separator character which can be one of: -=+ (default: =)\n"
217 218 
     "   -f<port>       set port for the forward SRS lookup (default: 10001)\n"
218 219 
     "   -r<port>       set port for the reverse SRS lookup (default: 10002)\n"
219 220 
     "   -p<pidfile>    write process ID to pidfile (default: none)\n"
 
@@ -221,6 +222,7 @@ static void show_help ()
221 222 
     "   -u<user>       switch user id after port bind (default: none)\n"
222 223 
     "   -t<seconds>    timeout for idle client connections (default: 1800)\n"
223 224 
     "   -X<domain>     exclude additional domain from address rewriting\n"
225 
+    "   -e             attempt to read above parameters from environment\n"
224 226 
     "   -D             fork into background\n"
225 227 
     "   -4             force IPv4 socket (default: any)\n"
226 228 
     "   -6             force IPv6 socket (default: any)\n"
 
@@ -239,6 +241,7 @@ int main (int argc, char **argv)
239 241 
   int daemonize = FALSE;
240 242 
   char *forward_service = NULL, *reverse_service = NULL,
241 243 
        *user = NULL, *domain = NULL, *chroot_dir = NULL;
244 
+  char separator = '=';
242 245 
   int forward_sock, reverse_sock;
243 246 
   char *secret_file = NULL, *pid_file = NULL;
244 247 
   FILE *pf = NULL, *sf = NULL;
 
@@ -256,7 +259,7 @@ int main (int argc, char **argv)
256 259 
   tmp = strrchr(argv[0], '/');
257 260 
   if (tmp) self = strdup(tmp + 1); else self = strdup(argv[0]);
258 261
259 
-  while ((opt = getopt(argc, argv, "46d:f:r:s:u:t:p:c:X::Dhv")) != -1) {
262 
+  while ((opt = getopt(argc, argv, "46d:a:f:r:s:u:t:p:c:X::Dhev")) != -1) {
260 263 
     switch (opt) {
261 264 
       case '?':
262 265 
         return EXIT_FAILURE;
 
@@ -269,6 +272,9 @@ int main (int argc, char **argv)
269 272 
       case 'd':
270 273 
         domain = strdup(optarg);
271 274 
         break;
275 
+      case 'a':
276 
+        separator = *optarg;
277 
+        break;
272 278 
       case 'f':
273 279 
         forward_service = strdup(optarg);
274 280 
         break;
 
@@ -314,6 +320,42 @@ int main (int argc, char **argv)
314 320 
           excludes[s1] = NULL;
315 321 
         }
316 322 
         break;
323 
+      case 'e':
324 
+        if ( getenv("SRS_DOMAIN") != NULL )
325 
+          domain = strdup(getenv("SRS_DOMAIN"));
326 
+        if ( getenv("SRS_SEPARATOR") != NULL )
327 
+          separator = *getenv("SRS_SEPARATOR");
328 
+        if ( getenv("SRS_FORWARD_PORT") != NULL )
329 
+          forward_service = strdup(getenv("SRS_FORWARD_PORT"));
330 
+        if ( getenv("SRS_REVERSE_PORT") != NULL )
331 
+          reverse_service = strdup(getenv("SRS_REVERSE_PORT"));
332 
+        if ( getenv("SRS_TIMEOUT") != NULL )
333 
+          timeout = atoi(getenv("SRS_TIMEOUT"));
334 
+        if ( getenv("SRS_SECRET") != NULL )
335 
+          secret_file = strdup(getenv("SRS_SECRET"));
336 
+        if ( getenv("SRS_PID_FILE") != NULL )
337 
+          pid_file = strdup(getenv("SRS_PID_FILE"));
338 
+        if ( getenv("RUN_AS") != NULL )
339 
+          user = strdup(getenv("RUN_AS"));
340 
+        if ( getenv("CHROOT") != NULL )
341 
+          chroot_dir = strdup(getenv("CHROOT"));
342 
+        if (getenv("SRS_EXCLUDE_DOMAINS") != NULL) {
343 
+          tmp = strtok(getenv("SRS_EXCLUDE_DOMAINS"), ",; \t\r\n");
344 
+          while (tmp) {
345 
+            if (s1 + 1 >= s2) {
346 
+              s2 *= 2;
347 
+              excludes = (const char **)realloc(excludes, s2 * sizeof(char*));
348 
+              if (excludes == NULL) {
349 
+                fprintf (stderr, "%s: Out of memory\n\n", self);
350 
+                return EXIT_FAILURE;
351 
+              }
352 
+            }
353 
+            excludes[s1++] = strdup(tmp);
354 
+            tmp = strtok(NULL, ",; \t\r\n");
355 
+          }
356 
+          excludes[s1] = NULL;
357 
+        }
358 
+        break;
317 359 
       case 'v':
318 360 
         fprintf (stdout, "%s\n", VERSION);
319 361 
         return EXIT_SUCCESS;
 
@@ -328,6 +370,11 @@ int main (int argc, char **argv)
328 370 
     return EXIT_FAILURE;
329 371 
   }
330 372
373 
+  if (separator != '=' && separator != '+' && separator != '-') {
374 
+    fprintf (stderr, "%s: SRS separator character must be one of '=+-'\n", self);
375 
+    return EXIT_FAILURE;
376 
+  }
377 
+
331 378 
   /* The stuff we do first may not be possible from within chroot or without privileges */
332 379
333 380 
   /* Open pid file for writing (the actual process ID is filled in later) */
 
@@ -420,7 +467,8 @@ int main (int argc, char **argv)
420 467 
       srs_add_secret (srs, secret);
421 468 
   }
422 469 
   fclose (sf);
423 
-  srs_set_separator (srs, '+');
470 
+
471 
+  srs_set_separator (srs, separator);
424 472
425 473 
   fds[0].fd = forward_sock;
426 474 
   fds[0].events = POLLIN;

Write Preview
Loading…
Cancel
Save