Quellcode durchsuchen

Merge tag '1.3' into ppa

ppa
Timo Röhling vor 9 Jahren
Ursprung
Commit
7ddcfd2fed

+ 19
- 2
CMakeLists.txt Datei anzeigen

@@ -7,14 +7,27 @@ option(USE_APPARMOR "Enable AppArmor profile" OFF)
7 7
 
8 8
 set(CHROOT_DIR "${CMAKE_INSTALL_PREFIX}/lib/${PROJECT_NAME}" CACHE PATH "Chroot jail for daemon")
9 9
 set(SYSCONF_DIR "/etc" CACHE PATH "Global system configuration folder")
10
+set(SYSD_UNIT_DIR "${SYSCONF_DIR}/systemd/system" CACHE PATH "Systemd unit file folder")
10 11
 set(CONFIG_DIR "${SYSCONF_DIR}/default" CACHE PATH "Location of startup configuration file")
11 12
 set(DOC_DIR "share/doc/${PROJECT_NAME}" CACHE PATH "Path for documentation files")
13
+mark_as_advanced(CHROOT_DIR SYSCONF_DIR SYSD_UNIT_DIR CONFIG_DIR DOC_DIR)
12 14
 
13 15
 find_program(HELP2MAN help2man DOC "path to help2man executable")
14 16
 find_program(DD dd DOC "path to dd executable")
15 17
 find_program(BASE64 base64 DOC "path to base64 executable")
18
+find_program(OPENSSL openssl DOC "path to OpenSSL executable")
16 19
 find_program(INSSERV insserv DOC "path to insserv executable")
17 20
 find_program(CHKCONFIG chkconfig DOC "path to chkconfig executable")
21
+find_library(LIBSOCKET socket)
22
+find_library(LIBNSL nsl)
23
+
24
+if(BASE64)
25
+    set(BASE64_ENCODE "${BASE64}")
26
+elseif(OPENSSL)
27
+    set(BASE64_ENCODE "${OPENSSL} base64 -e")
28
+else()
29
+    set(BASE64_ENCODE "")
30
+endif()
18 31
 
19 32
 check_include_file(sys/wait.h HAVE_SYS_WAIT_H)
20 33
 if(HAVE_SYS_WAIT_H)
@@ -34,7 +47,7 @@ if(HAVE_TIME_H)
34 47
 endif()
35 48
 
36 49
 if(NOT DEFINED INIT_FLAVOR)
37
-	if(IS_DIRECTORY "${SYSCONF_DIR}/systemd" AND EXISTS "/usr/lib/systemd/systemd")
50
+	if(IS_DIRECTORY "${SYSD_UNIT_DIR}" AND EXISTS "/usr/lib/systemd/systemd")
38 51
         message(STATUS "Detected init flavor: systemd")
39 52
         set(INIT_FLAVOR "systemd" CACHE STRING "Init daemon of this system")
40 53
     elseif(IS_DIRECTORY "${SYSCONF_DIR}/init" AND EXISTS "/lib/init/upstart-job")
@@ -55,6 +68,10 @@ endif()
55 68
 
56 69
 add_executable(${PROJECT_NAME} postsrsd.c sha1.c srs2.c)
57 70
 
71
+if(${CMAKE_SYSTEM_NAME} MATCHES "SunOS")
72
+    target_link_libraries(${PROJECT_NAME} ${LIBSOCKET} ${LIBNSL})
73
+endif()
74
+
58 75
 get_target_property(POSTSRSD ${PROJECT_NAME} LOCATION)
59 76
 get_filename_component(POSTSRSD ${POSTSRSD} NAME_WE)
60 77
 set(APPARMOR_PROFILE "${CMAKE_INSTALL_PREFIX}/sbin/${POSTSRSD}")
@@ -83,6 +100,6 @@ if(USE_APPARMOR)
83 100
 endif()
84 101
 
85 102
 install(TARGETS ${PROJECT_NAME} DESTINATION "sbin")
86
-install(FILES README.md main.cf.ex DESTINATION "${DOC_DIR}")
103
+install(FILES README.md README_UPGRADE.md main.cf.ex DESTINATION "${DOC_DIR}")
87 104
 install(SCRIPT "${CMAKE_CURRENT_BINARY_DIR}/postinstall.cmake")
88 105
 

+ 16
- 2
README.md Datei anzeigen

@@ -80,8 +80,22 @@ your main.cf:
80 80
     sender_canonical_maps = tcp:127.0.0.1:10001
81 81
     sender_canonical_classes = envelope_sender
82 82
     recipient_canonical_maps = tcp:127.0.0.1:10002
83
-    recipient_canonical_classes= envelope_recipient
83
+    recipient_canonical_classes= envelope_recipient,header_recipient
84
+
85
+This will transparently rewrite incoming and outgoing envelope addresses,
86
+and additionally undo SRS rewrites in the To: header of bounce notifications
87
+and vacation autoreplies.
84 88
 
85
-This will transparently rewrite incoming and outgoing envelope addresses.
86 89
 Run `service postsrsd start` and `postfix reload` as root, or reboot.
87 90
 
91
+Known Issues
92
+------------
93
+
94
+- Due to the way PostSRSd is integrated with Postfix, sender addresses
95
+  will always be rewritten even if the mail is not forwarded at all. This
96
+  is because the canonical maps are read by the cleanup daemon, which
97
+  processes mails at the very beginning before any routing decision is made.
98
+
99
+- The Postfix package in CentOS 6 lacks the required support for TCP
100
+  dictionaries. Please upgrade your distribution or build Postfix yourself.
101
+

+ 15
- 0
README_UPGRADE.md Datei anzeigen

@@ -0,0 +1,15 @@
1
+PostSRSd Upgrade Note
2
+=====================
3
+
4
+/etc/default/postsrsd
5
+---------------------
6
+
7
+The shipped configuration file has changed from previous versions.
8
+However, the installer will not automatically overwrite existing
9
+configuration files to prevent data loss.
10
+
11
+Please review the changes after the installation and update your
12
+configuration file accordingly. Note in particular, that most options
13
+may no longer remain commented out, since it was cumbersome to maintain 
14
+all the default values in the various startup scripts.
15
+

+ 4
- 0
init/postsrsd.default.in Datei anzeigen

@@ -13,6 +13,10 @@
13 13
 #
14 14
 #SRS_EXCLUDE_DOMAINS=.example.com,example.org
15 15
 
16
+# First separator character after SRS0 or SRS1.
17
+# Can be one of: -+=
18
+SRS_SEPARATOR==
19
+
16 20
 # Secret key to sign rewritten addresses.
17 21
 # When postsrsd is installed for the first time, a random secret is generated
18 22
 # and stored in /etc/postsrsd.secret. For most installations, that's just fine.

+ 3
- 5
init/postsrsd.systemd.in Datei anzeigen

@@ -1,15 +1,13 @@
1 1
 [Unit]
2 2
 Description=PostSRSd Daemon
3
-After=network.target
4 3
 
5 4
 [Service]
6 5
 Type=simple
7
-Environment SRS_DOMAIN=localhost.localdomain
8
-Environment SRS_EXCLUDE_DOMAINS=
6
+Environment=SRS_DOMAIN=localhost.localdomain
7
+Environment=SRS_EXCLUDE_DOMAINS=
9 8
 EnvironmentFile=@CONFIG_DIR@/@PROJECT_NAME@
10
-ExecStart=@CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f${SRS_FORWARD_PORT} -r${SRS_REVERSE_PORT} -d${SRS_DOMAIN} -s${SRS_SECRET} -u${RUN_AS} -c${CHROOT} -X${SRS_EXCLUDE_DOMAINS}
9
+ExecStart=@CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f"${SRS_FORWARD_PORT}" -r"${SRS_REVERSE_PORT}" -d"${SRS_DOMAIN}" -s"${SRS_SECRET}" -a"${SRS_SEPARATOR}" -u"${RUN_AS}" -c"${CHROOT}" -X"${SRS_EXCLUDE_DOMAINS}"
11 10
 Restart=always
12 11
 
13 12
 [Install]
14 13
 WantedBy=multi-user.target
15
-

+ 1
- 1
init/postsrsd.sysv-lsb.in Datei anzeigen

@@ -44,7 +44,7 @@ case "$1" in
44 44
 		--pidfile $PIDFILE \
45 45
 		--name $NAME \
46 46
 		--startas $DAEMON \
47
-		-- -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -u"$RUN_AS" -p"$PIDFILE" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS" -D
47
+		-- -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -a "$SRS_SEPARATOR" -u"$RUN_AS" -p"$PIDFILE" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS" -D
48 48
 	then
49 49
 	    log_end_msg 0
50 50
 	else

+ 1
- 1
init/postsrsd.sysv-redhat.in Datei anzeigen

@@ -36,7 +36,7 @@ do_start()
36 36
 {
37 37
 	echo -n "Starting $DESC: "
38 38
 	daemon $DAEMON -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" \
39
-	               -u"$RUN_AS" -p"$PIDFILE" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS" -D
39
+	               -u"$RUN_AS" -p"$PIDFILE" -a "$SRS_SEPARATOR" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS" -D
40 40
 	RETVAL=$?
41 41
 	echo
42 42
     	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$NAME

+ 1
- 1
init/postsrsd.upstart.in Datei anzeigen

@@ -9,6 +9,6 @@ script
9 9
 	SRS_DOMAIN=`postconf -h mydomain || true`
10 10
 	SRS_EXCLUDE_DOMAINS=
11 11
 	. "@CONFIG_DIR@/@PROJECT_NAME@"
12
-	exec @CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -u"$RUN_AS" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS"
12
+	exec @CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f"$SRS_FORWARD_PORT" -r"$SRS_REVERSE_PORT" -d"$SRS_DOMAIN" -s"$SRS_SECRET" -a "$SRS_SEPARATOR" -u"$RUN_AS" -c"$CHROOT" -X"$SRS_EXCLUDE_DOMAINS"
13 13
 end script
14 14
 

+ 1
- 1
main.cf.ex Datei anzeigen

@@ -3,6 +3,6 @@
3 3
 sender_canonical_maps = tcp:127.0.0.1:10001
4 4
 sender_canonical_classes = envelope_sender
5 5
 recipient_canonical_maps = tcp:127.0.0.1:10002
6
-recipient_canonical_classes = envelope_recipient
6
+recipient_canonical_classes = envelope_recipient,header_recipient
7 7
 
8 8
 

+ 19
- 6
postinstall.cmake.in Datei anzeigen

@@ -1,11 +1,12 @@
1 1
 set(GENERATE_SRS_SECRET "@GENERATE_SRS_SECRET@")
2 2
 set(SYSCONF_DIR "@SYSCONF_DIR@")
3
+set(SYSD_UNIT_DIR "@SYSD_UNIT_DIR@")
3 4
 set(CHROOT_DIR "@CHROOT_DIR@")
4 5
 set(CONFIG_DIR "@CONFIG_DIR@")
5 6
 set(INIT_FLAVOR "@INIT_FLAVOR@")
6 7
 set(SECRET_FILE "@PROJECT_NAME@.secret")
7 8
 set(DD "@DD@")
8
-set(BASE64 "@BASE64@")
9
+set(BASE64_ENCODE "@BASE64_ENCODE@")
9 10
 set(INSSERV "@INSSERV@")
10 11
 set(CHKCONFIG "@CHKCONFIG@")
11 12
 
@@ -14,8 +15,20 @@ if(CHROOT_DIR AND NOT EXISTS "$ENV{DESTDIR}${CHROOT_DIR}")
14 15
 	file(MAKE_DIRECTORY "$ENV{DESTDIR}${CHROOT_DIR}")
15 16
 endif()
16 17
 
17
-if(INIT_FLAVOR AND NOT EXISTS "$ENV{DESTDIR}${CONFIG_DIR}/@PROJECT_NAME@")
18
-	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.default" DESTINATION "${CONFIG_DIR}" RENAME "@PROJECT_NAME@")
18
+if(INIT_FLAVOR)
19
+	if (NOT EXISTS "$ENV{DESTDIR}${CONFIG_DIR}/@PROJECT_NAME@")
20
+		file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.default" DESTINATION "${CONFIG_DIR}" RENAME "@PROJECT_NAME@")
21
+	else()
22
+		file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.default" DESTINATION "${CONFIG_DIR}" RENAME "@PROJECT_NAME@.new")
23
+		message(STATUS "")
24
+		message(STATUS "*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*")
25
+		message(STATUS "*!* ${CONFIG_DIR}/@PROJECT_NAME@ will NOT be overwritten!")
26
+		message(STATUS "*!* Please note the changes from @PROJECT_NAME@.new in the same folder and")
27
+		message(STATUS "*!* update your configuration accordinly.")
28
+		message(STATUS "*!* See also README_UPGRADE.md for details")
29
+		message(STATUS "*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*!*")
30
+		message(STATUS "")
31
+	endif()
19 32
 endif()
20 33
 
21 34
 if(INIT_FLAVOR STREQUAL "sysv-lsb")
@@ -35,14 +48,14 @@ elseif(INIT_FLAVOR STREQUAL "sysv-redhat")
35 48
 elseif(INIT_FLAVOR STREQUAL "upstart")
36 49
 	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.upstart" DESTINATION "${SYSCONF_DIR}/init" RENAME "@PROJECT_NAME@.conf")
37 50
 elseif(INIT_FLAVOR STREQUAL "systemd")
38
-	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.systemd" DESTINATION "${SYSCONF_DIR}/systemd/system" RENAME "@PROJECT_NAME@.service")
51
+	file(INSTALL FILES "@CMAKE_CURRENT_BINARY_DIR@/@PROJECT_NAME@.systemd" DESTINATION "${SYSD_UNIT_DIR}" RENAME "@PROJECT_NAME@.service")
39 52
 endif()
40 53
 
41
-if(GENERATE_SRS_SECRET AND DD AND BASE64 AND EXISTS "/dev/urandom" AND NOT EXISTS "$ENV{DESTDIR}${SYSCONF_DIR}/${SECRET_FILE}")
54
+if(GENERATE_SRS_SECRET AND DD AND BASE64_ENCODE AND EXISTS "/dev/urandom" AND NOT EXISTS "$ENV{DESTDIR}${SYSCONF_DIR}/${SECRET_FILE}")
42 55
 	message(STATUS "Generating secret key")
43 56
 	execute_process(
44 57
 		COMMAND ${DD} if=/dev/urandom bs=18 count=1
45
-		COMMAND ${BASE64}
58
+                COMMAND ${BASE64_ENCODE}
46 59
 		OUTPUT_FILE "@CMAKE_CURRENT_BINARY_DIR@/${SECRET_FILE}"
47 60
 		ERROR_QUIET
48 61
 		OUTPUT_STRIP_TRAILING_WHITESPACE

+ 52
- 4
postsrsd.c Datei anzeigen

@@ -43,7 +43,7 @@
43 43
 #include <syslog.h>
44 44
 
45 45
 #ifndef VERSION
46
-#define VERSION "1.2"
46
+#define VERSION "1.3"
47 47
 #endif
48 48
 
49 49
 static char *self = NULL;
@@ -58,7 +58,7 @@ static int bind_service (const char *service, int family)
58 58
   memset (&hints, 0, sizeof(hints));
59 59
   hints.ai_family = family;
60 60
   hints.ai_socktype = SOCK_STREAM;
61
-  hints.ai_flags = AI_ADDRCONFIG | AI_V4MAPPED;
61
+
62 62
   err = getaddrinfo(NULL, service, &hints, &addr);
63 63
   if (err != 0) {
64 64
     fprintf(stderr, "%s: bind_service(%s): %s\n", self, service, gai_strerror(err));
@@ -214,6 +214,7 @@ static void show_help ()
214 214
     "Options:\n"
215 215
     "   -s<file>       read secrets from file (required)\n"
216 216
     "   -d<domain>     set domain name for rewrite (required)\n"
217
+    "   -a<char>       set first separator character which can be one of: -=+ (default: =)\n"
217 218
     "   -f<port>       set port for the forward SRS lookup (default: 10001)\n"
218 219
     "   -r<port>       set port for the reverse SRS lookup (default: 10002)\n"
219 220
     "   -p<pidfile>    write process ID to pidfile (default: none)\n"
@@ -221,6 +222,7 @@ static void show_help ()
221 222
     "   -u<user>       switch user id after port bind (default: none)\n"
222 223
     "   -t<seconds>    timeout for idle client connections (default: 1800)\n"
223 224
     "   -X<domain>     exclude additional domain from address rewriting\n"
225
+    "   -e             attempt to read above parameters from environment\n"
224 226
     "   -D             fork into background\n"
225 227
     "   -4             force IPv4 socket (default: any)\n"
226 228
     "   -6             force IPv6 socket (default: any)\n"
@@ -239,6 +241,7 @@ int main (int argc, char **argv)
239 241
   int daemonize = FALSE;
240 242
   char *forward_service = NULL, *reverse_service = NULL,
241 243
        *user = NULL, *domain = NULL, *chroot_dir = NULL;
244
+  char separator = '=';
242 245
   int forward_sock, reverse_sock;
243 246
   char *secret_file = NULL, *pid_file = NULL;
244 247
   FILE *pf = NULL, *sf = NULL;
@@ -256,7 +259,7 @@ int main (int argc, char **argv)
256 259
   tmp = strrchr(argv[0], '/');
257 260
   if (tmp) self = strdup(tmp + 1); else self = strdup(argv[0]);
258 261
 
259
-  while ((opt = getopt(argc, argv, "46d:f:r:s:u:t:p:c:X::Dhv")) != -1) {
262
+  while ((opt = getopt(argc, argv, "46d:a:f:r:s:u:t:p:c:X::Dhev")) != -1) {
260 263
     switch (opt) {
261 264
       case '?':
262 265
         return EXIT_FAILURE;
@@ -269,6 +272,9 @@ int main (int argc, char **argv)
269 272
       case 'd':
270 273
         domain = strdup(optarg);
271 274
         break;
275
+      case 'a':
276
+        separator = *optarg;
277
+        break;
272 278
       case 'f':
273 279
         forward_service = strdup(optarg);
274 280
         break;
@@ -314,6 +320,42 @@ int main (int argc, char **argv)
314 320
           excludes[s1] = NULL;
315 321
         }
316 322
         break;
323
+      case 'e':
324
+        if ( getenv("SRS_DOMAIN") != NULL )
325
+          domain = strdup(getenv("SRS_DOMAIN"));
326
+        if ( getenv("SRS_SEPARATOR") != NULL )
327
+          separator = *getenv("SRS_SEPARATOR");
328
+        if ( getenv("SRS_FORWARD_PORT") != NULL )
329
+          forward_service = strdup(getenv("SRS_FORWARD_PORT"));
330
+        if ( getenv("SRS_REVERSE_PORT") != NULL )
331
+          reverse_service = strdup(getenv("SRS_REVERSE_PORT"));
332
+        if ( getenv("SRS_TIMEOUT") != NULL )
333
+          timeout = atoi(getenv("SRS_TIMEOUT"));
334
+        if ( getenv("SRS_SECRET") != NULL )
335
+          secret_file = strdup(getenv("SRS_SECRET"));
336
+        if ( getenv("SRS_PID_FILE") != NULL )
337
+          pid_file = strdup(getenv("SRS_PID_FILE"));
338
+        if ( getenv("RUN_AS") != NULL )
339
+          user = strdup(getenv("RUN_AS"));
340
+        if ( getenv("CHROOT") != NULL )
341
+          chroot_dir = strdup(getenv("CHROOT"));
342
+        if (getenv("SRS_EXCLUDE_DOMAINS") != NULL) {
343
+          tmp = strtok(getenv("SRS_EXCLUDE_DOMAINS"), ",; \t\r\n");
344
+          while (tmp) {
345
+            if (s1 + 1 >= s2) {
346
+              s2 *= 2;
347
+              excludes = (const char **)realloc(excludes, s2 * sizeof(char*));
348
+              if (excludes == NULL) {
349
+                fprintf (stderr, "%s: Out of memory\n\n", self);
350
+                return EXIT_FAILURE;
351
+              }
352
+            }
353
+            excludes[s1++] = strdup(tmp);
354
+            tmp = strtok(NULL, ",; \t\r\n");
355
+          }
356
+          excludes[s1] = NULL;
357
+        }
358
+        break;
317 359
       case 'v':
318 360
         fprintf (stdout, "%s\n", VERSION);
319 361
         return EXIT_SUCCESS;
@@ -328,6 +370,11 @@ int main (int argc, char **argv)
328 370
     return EXIT_FAILURE;
329 371
   }
330 372
 
373
+  if (separator != '=' && separator != '+' && separator != '-') {
374
+    fprintf (stderr, "%s: SRS separator character must be one of '=+-'\n", self);
375
+    return EXIT_FAILURE;
376
+  }
377
+
331 378
   /* The stuff we do first may not be possible from within chroot or without privileges */
332 379
 
333 380
   /* Open pid file for writing (the actual process ID is filled in later) */
@@ -420,7 +467,8 @@ int main (int argc, char **argv)
420 467
       srs_add_secret (srs, secret);
421 468
   }
422 469
   fclose (sf);
423
-  srs_set_separator (srs, '+');
470
+
471
+  srs_set_separator (srs, separator);
424 472
 
425 473
   fds[0].fd = forward_sock;
426 474
   fds[0].events = POLLIN;

Laden…
Abbrechen
Speichern