debian/0000755000000000000000000000000012240062075007164 5ustar debian/install0000644000000000000000000000010611755661700010564 0ustar tumgreyspf.conf /etc/tumgreyspf tumgreyspf-test.conf /etc/tumgreyspf debian/gbp.conf0000644000000000000000000000016411755661700010616 0ustar [DEFAULT] upstream-branch = upstream-sid debian-branch = debian-sid [git-buildpackage] export-dir = ../build-area/ debian/manpages0000644000000000000000000000001511755661700010710 0ustar tumgreyspf.8 debian/changelog0000644000000000000000000001237712240061474011052 0ustar tumgreyspf (1.36-4.1) unstable; urgency=medium * Non-maintainer upload. * Urgency medium for RC bug fix for Testing * Add debian/patches/007-no-pyspf-internals.diff to restore local copies of functions that were removed from python-spf so tumgreyspf will start (Closes: #718308) -- Scott Kitterman Sun, 10 Nov 2013 23:53:19 -0500 tumgreyspf (1.36-4) unstable; urgency=low * Switching to format 3.0 (quilt): all version 1.36 didn't have the patches applied, and thus were crashing because of wrong path. As a consequence: + Removed dependency on quilt + Fixed debian/rules to not care about patches + Rewrote patch headers and fixed patch 001 * Increased compat level and dephelper build-depends to 8 instead of 7. -- Thomas Goirand Sat, 19 May 2012 08:46:38 +0000 tumgreyspf (1.36-3) unstable; urgency=low * The previous upload introduced an error in the find command, this fixes it. -- Thomas Goirand Tue, 08 May 2012 14:35:29 +0000 tumgreyspf (1.36-2) unstable; urgency=low * Fixes cron.daily sending emails (Closes: #670674), thanks to "Nelson A. de Oliveira" for reporting. * Bumped Standard-Version to 3.9.3 (no change). -- Thomas Goirand Tue, 08 May 2012 12:40:24 +0000 tumgreyspf (1.36-1) unstable; urgency=low * New upstream release (Closes: #651205). - This new upstream release adds the feature to allow receiving mails with a domain that has a "permerror" SPF field, which might sometimes be needed. * Switching from deprecated dpatch to quilt, and from source format 1 to 3. * Added build-arch and build-indep rules targets. * Fixed debian/copyright to be compliant with the newer version of DEP5. -- Thomas Goirand Thu, 08 Dec 2011 11:35:23 +0800 tumgreyspf (1.35-8) unstable; urgency=low * Rewrote debian/copyright using DEP5 format, and set the license to be the GPL-2 (and not later) (Closes: #633665). * Standards-Version is now 3.9.2. -- Thomas Goirand Wed, 20 Jul 2011 20:36:06 +0200 tumgreyspf (1.35-7) unstable; urgency=low * As discussed with the release team, the file /etc/cron.d/tumgreyspf is now deleted only if it matches the 1.35-2 MD5 sum. -- Thomas Goirand Fri, 03 Sep 2010 12:44:48 +0800 tumgreyspf (1.35-6) unstable; urgency=low * Now creates the user in /var/lib/tumgreyspf and not in /var/lib/tumgreyspf/tumgreyspf like 1.35-5 was doing. The usermod call has also been corrected. -- Thomas Goirand Fri, 27 Aug 2010 12:57:11 +0800 tumgreyspf (1.35-5) unstable; urgency=low * Added patch for debian/cron.daily so that the cron job doesn't spam the administrator if there's no mail traffic (Closes: #590492). * Added Vcs-Browser / Vcs-Git URLs. * Bumped Standard-Version. * Now using -r -b /var/lib/tumgreyspf to create the tumgreyspf user, and modifies an eventual old setup to this new value using the usermod with -d to setup the new home (LP: #610810). -- Thomas Goirand Tue, 27 Jul 2010 04:01:55 +0800 tumgreyspf (1.35-4) unstable; urgency=low * Now using my zigo@debian.org as maintainer email. * Removed dm-upload field. * Bumped standard-version. * Now needs at least debhelper 7. * Added missing misc:depends. * Added missing mandatory debian/rules taget binary-arch: * Enhanced a bit the long desc. * Added a debian/source/format file. * Changed priority from extra to optional. * Now using dh_prep and not dh_clean -k. * As tumgreyspf doesn't use upstram's tumgreyspf-clean cron script anymore, this also removes the popen2 issue in SID (Closes: #588352). -- Thomas Goirand Thu, 08 Jul 2010 15:29:49 +0800 tumgreyspf (1.35-3) unstable; urgency=low * Rewrote a new shell script to replace the tumgreyspf-clean which is somehow broken in the upstream python code My bash version if fast enough, and much more simple than the author's python code, so I'm replacing it. * Bumped standard version. -- Thomas Goirand Tue, 11 Aug 2009 20:49:06 +0800 tumgreyspf (1.35-1) unstable; urgency=low * New upstream release correcting wrong SPF results. -- Thomas Goirand Fri, 24 Jul 2009 19:42:17 +0800 tumgreyspf (1.34-1) unstable; urgency=low * New upstream release (Closes: #524262). * Corrected debian/control (Closes: #471507). * Bumped standard version. * Fixed debian/postinst to remove fullpath from useradd call. * Moved dependencies to arch indep. * Fixed the blackhole dir to be created in /var/lib as it should have. -- Thomas Goirand Thu, 11 Jun 2009 07:11:27 +0800 tumgreyspf (1.32-1) unstable; urgency=low * New upstream release * Rephrased the package description (Closes: #453370) * Fixed the /etc/cron.d/tumgreyspf that was testing against a directory existance when in fact it should have test against an executable * Fixed the postinst to do a NOT recursive chown that is taking too much time on busy servers -- Thomas Goirand Tue, 04 Dec 2007 06:53:34 +0000 tumgreyspf (1.31-1) unstable; urgency=low * Initial release. (Closes: #445741) -- Thomas Goirand Mon, 08 Oct 2007 04:00:55 +0000 debian/dirs0000644000000000000000000000022511755661700010061 0ustar /var/lib/tumgreyspf/config/client_address/ /var/lib/tumgreyspf/data /var/lib/tumgreyspf/test/data /var/lib/tumgreyspf/blackhole /etc/tumgreyspf/test debian/source/0000755000000000000000000000000011755661700010476 5ustar debian/source/format0000644000000000000000000000001411755661700011704 0ustar 3.0 (quilt) debian/postinst0000644000000000000000000000250711755661700011010 0ustar #!/bin/sh set -e GETENT=/usr/bin/getent TUMUSER=tumgreyspf if ${GETENT} passwd ${TUMUSER} >/dev/null ; then echo "User ${TUMUSER} already exists: skipping creation!" else if [ -x `which useradd` ] ; then useradd -m -s /bin/false -g nogroup ${TUMUSER} -r -b /var/lib echo "Created user ${TUMUSER}" else echo "Could not find the useradd binary!" exit 1 fi fi if [ -x `which usermod` ] ; then usermod -d /var/lib/tumgreyspf ${TUMUSER} fi chown ${TUMUSER} /var/lib/tumgreyspf chown -R ${TUMUSER} /var/lib/tumgreyspf/config chown ${TUMUSER} /var/lib/tumgreyspf/data chown ${TUMUSER} /var/lib/tumgreyspf/test chown ${TUMUSER} /var/lib/tumgreyspf/test/data # Clean up the old /etc/cron.d/tumgreyspdf if it hasn't been modified, # and replace by the new /etc/cron.daily/tumgreyspf if [ -f /etc/cron.d/tumgreyspf ] ; then MYMD5=`md5sum /etc/cron.d/tumgreyspf | cut -d" " -f1` if [ "${MYMD5}" = "24ea9c78656d84da9d734407d8fcd82b" ] ; then echo "/etc/cron.d/tumgreyspdf has been replaced by /etc/cron.daily/tumgreyspf;" echo "the old file has been deleted." rm -f /etc/cron.d/tumgreyspf else echo "WARNING: there is an old /etc/cron.d/tumgreyspf file, but since it has" echo "been modified, it wont be deleted automaticaly. Please proceed to its" echo "deletion by hand if you don't need it anymore." fi fi #DEBHELPER# exit 0 debian/default0000644000000000000000000000036411755661700010550 0ustar # Defaults for tumgreyspf initscript # sourced by /etc/init.d/tumgreyspf # installed at /etc/default/tumgreyspf by the maintainer scripts # # This is a POSIX shell fragment # # Additional options that are passed to the Daemon. DAEMON_OPTS="" debian/rules0000755000000000000000000000252011755661700010255 0ustar #!/usr/bin/make -f # -*- makefile -*- # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 PKG_NAME=tumgreyspf # Target dir TRGT=$(CURDIR)/debian/tumgreyspf build: build-arch build-indep build-arch: build-stamp build-indep: build-stamp build-stamp: dh_testdir touch $@ clean: dh_testdir dh_testroot rm -f build-stamp configure-stamp dh_clean install: build dh_testdir dh_testroot dh_prep dh_installdirs install -D -m 0755 tumgreyspf $(TRGT)/usr/bin/tumgreyspf install -D -m 0755 tumgreyspf-clean $(TRGT)/usr/lib/tumgreyspf/tumgreyspf-clean install -D -m 0755 tumgreyspf-configtest $(TRGT)/usr/lib/tumgreyspf/tumgreyspf-configtest install -D -m 0755 tumgreyspf-install $(TRGT)/usr/lib/tumgreyspf/tumgreyspf-install install -D -m 0755 tumgreyspf-stat $(TRGT)/usr/lib/tumgreyspf/tumgreyspf-stat install -D -m 0755 tumgreyspfsupp.py $(TRGT)/usr/lib/tumgreyspf/tumgreyspfsupp.py install -D -m 0644 __default__.dist $(TRGT)/etc/tumgreyspf/default.conf binary-indep: build install dh_testdir dh_testroot dh_installchangelogs WHATSNEW dh_installdocs dh_installcron dh_installman dh_installdirs dh_installcron dh_install dh_link dh_compress dh_fixperms dh_installdeb dh_gencontrol dh_md5sums dh_builddeb binary-arch: install binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install debian/docs0000644000000000000000000000006411755661700010051 0ustar debian/README.Debian README README.performance TODO debian/watch0000644000000000000000000000011211755661700010221 0ustar version=3 ftp://ftp.tummy.com/pub/tummy/tumgreyspf/tumgreyspf-(.*).tar.gz debian/copyright0000644000000000000000000000427412240062075011126 0ustar Format: http://svn.debian.org/wsvn/dep/web/deps/dep5.mdwn?op=file&rev=174 Upstream-Name: tumgreyspf Upstream-Contact: Sean Reifschneider Source: ftp://ftp.tummy.com/pub/tummy/tumgreyspf/ Files: debian/* Copyright: (c) 2007-2011, Thomas Goirand License: GPL-2 Files: * Copyright: (c) 2004-2007 Sean Reifschneider Copyright (C) 2004-2007 tummy.com, ltd. License: GPL-2 License: GPL-2 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2 of the License. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA . On Debian systems, the complete text of the GNU General Public License v2 (GPL) can be found in /usr/share/common-licenses/GPL-2. Files: tumgreyspf (portions) Copyright: (c) 2003, Terence Way Portions Copyright (c) 2004,2005,2006,2007,2008 Stuart Gathman Portions Copyright (c) 2005,2006,2007,2008,2011,2012 Scott Kitterman License: PSF This module is free software, and you may redistribute it and/or modify it under the same terms as Python itself, so long as this copyright message and disclaimer are retained in their original form. . IN NO EVENT SHALL THE AUTHOR BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS CODE, EVEN IF THE AUTHOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. . THE AUTHOR SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE CODE PROVIDED HEREUNDER IS ON AN "AS IS" BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. debian/links0000644000000000000000000000021711755661700010241 0ustar /etc/tumgreyspf/default.conf /var/lib/tumgreyspf/config/__default__ /etc/tumgreyspf/tumgreyspf.conf /var/lib/tumgreyspf/config/tumgreyspf.conf debian/README.source0000644000000000000000000000042311755661700011354 0ustar Tumgreyspf hasn't been converted to using Quilt yet, so the usual dpatch tools apply: dpatch apply-all will apply all Debian patches, while: dpatch deapply-all will go back to the original extracted tarball from upstream. The maintainer, Thomas Goirand debian/control0000644000000000000000000000273211755661700010605 0ustar Source: tumgreyspf Section: mail Priority: optional Maintainer: Thomas Goirand Build-Depends: debhelper (>= 8) Standards-Version: 3.9.3 Vcs-Browser: http://git.debian.org/?p=users/zigo/tumgreyspf.git Vcs-Git: http://git.debian.org/git/users/zigo/tumgreyspf.git Homepage: http://www.tummy.com/Community/software/tumgreyspf/ Package: tumgreyspf Architecture: all Depends: ${misc:Depends}, python-spf, adduser, python, passwd, spfquery Description: external policy checker for the postfix mail server Tumgreyspf can optionally greylist and/or use spfquery to check SPF records to determine if email should be accepted by your server. The default behavior is to let emails comming from server that are SPF approved without any sort of greylisting, while all others will be greylisted. . SPF is information published by the domain owner about what systems may legitimately send e-mail for the domain. Greylisting takes advantage of spam and viruses that do not follow the RFCs and retry deliveries on temporary failure. These checks can be used as part of a mail system and allow several orders of magnitude reduction in spam, lower system load, and few problems with legitimate mail getting blocked. . Tumgreyspf uses the file-system as its database, no additional database is required to use it, see /var/lib/tumgreyspf/data and it's clean-up cron script. Also take care that tumgreyspf will block emails from any domain with DNS configured with a buggy SPF record. debian/cron.daily0000644000000000000000000000200711755661700011162 0ustar #!/bin/sh if [ -f /etc/tumgreyspf/default.conf ] ; then GREYLISTEXPIREDAYS=`grep GREYLISTEXPIREDAYS /etc/tumgreyspf/default.conf | cut -d'=' -f2 | awk '{print $1}' | cut -d'.' -f1` fi if [ -z "${GREYLISTEXPIREDAYS}" ] ; then GREYLISTEXPIREDAYS=10 fi greylistDir="/var/lib/tumgreyspf/data" if ! [ -d "${greylistDir}" ] ; then # echo "No tumgreyspf data folder" exit 0 fi if [ -z "$(ls ${greylistDir})" ] ; then # echo "No data to clean in this run" exit 0 fi #echo -n "Now parsing all Class A in ${greylistDir}:" # /var/lib/tumgreyspf/data/96/52/161/check_file for i in ${greylistDir}/* ; do # echo -n " "`basename ${i}` # if [ "${i}" = "${greylistDir}/lost+found" ] ; then # echo "Skipping ${greylistDir}/lost+found" # fi for j in ${i}/* ; do for k in ${j}/* ; do find ${k}/ -name check_file -mtime +${GREYLISTEXPIREDAYS} -delete rmdir --ignore-fail-on-non-empty ${k} done rmdir --ignore-fail-on-non-empty ${j} # rmdir ${j} done rmdir --ignore-fail-on-non-empty ${i} # rm ${i} done #echo " all done!" debian/README.Debian0000644000000000000000000000124611755661700011242 0ustar To use tumgreyspf, simply add this to your postfix configuration, and issue a /etc/init.d/postfix reload: /etc/postfix/main.cf: --------------------- smtpd_recipient_restrictions = [...] reject_invalid_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_sender_domain reject_unknown_recipient_domain reject_unverified_recipient [...] permit smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, [ ... ] check_policy_service unix:private/tumgreyspf [ ... ] permit /etc/postfix/master.cf: ----------------------- tumgreyspf unix - n n - - spawn user=tumgreyspf argv=/usr/bin/tumgreyspf debian/patches/0000755000000000000000000000000012240061264010612 5ustar debian/patches/series0000644000000000000000000000026512240057152012033 0ustar 001-tumgreyspf.diff 002-tumgreyspf-addip.diff 003-tumgreyspf-stat.diff 004-tumgreyspf-test.conf.diff 005-tumgreyspf.conf.diff 006-tumgreyspfsupp.py.diff 007-no-pyspf-internals.diff debian/patches/001-tumgreyspf.diff0000755000000000000000000000104711755661700014167 0ustar Description: Fixes path to the tumgreyspf lib Forwarded: not-needed Author: Thomas Goirand --- tumgreyspf-1.28/tumgreyspf.orig 2007-10-08 07:18:58.000000000 +0000 +++ tumgreyspf-1.28/tumgreyspf 2007-10-08 07:19:17.000000000 +0000 @@ -12,7 +12,7 @@ import syslog, os, sys, string, re, time, popen2, urllib, stat, errno, socket import spf -sys.path.append('/usr/local/lib/tumgreyspf') +sys.path.append('/usr/lib/tumgreyspf') import tumgreyspfsupp syslog.openlog(os.path.basename(sys.argv[0]), syslog.LOG_PID, syslog.LOG_MAIL) debian/patches/005-tumgreyspf.conf.diff0000755000000000000000000000214611755661700015120 0ustar Description: De-localify Forwarded: not-needed Author: Thomas Goirand --- tumgreyspf-1.28/tumgreyspf.conf.orig 2007-10-08 07:43:49.000000000 +0000 +++ tumgreyspf-1.28/tumgreyspf.conf 2007-10-08 07:44:47.000000000 +0000 @@ -15,16 +15,16 @@ # Path to the directory-based configuration. This can be used to override # the configuration values for certain remote hosts, senders or # recipients. -configPath = 'file:///var/local/lib/tumgreyspf/config' +configPath = 'file:///var/lib/tumgreyspf/config' # Directory where the greylist resides. -greylistDir = '/var/local/lib/tumgreyspf/data' +greylistDir = '/var/lib/tumgreyspf/data' # Path to the program used for SPF checking. This can either be the # perl version available from http://www.openspf.com/ or the # "spfquery-static" program built from libspf2, also available from # http://www.openspf.com/ -spfqueryPath = '/usr/local/lib/tumgreyspf/spfquery' +spfqueryPath = '/usr/bin/spfquery' # Directory where the blackhole information goes. "ips" sub-directory # contains IPs that have touched us with a bad address. "addresses" debian/patches/003-tumgreyspf-stat.diff0000755000000000000000000000070311755661700015140 0ustar Description: De-localify Forwarded: not-needed Author: Thomas Goirand --- tumgreyspf-1.28/tumgreyspf-stat.orig 2007-10-08 07:29:35.000000000 +0000 +++ tumgreyspf-1.28/tumgreyspf-stat 2007-10-08 07:30:23.000000000 +0000 @@ -7,7 +7,7 @@ # import os, re, string, syslog, sys, time -sys.path.append('/usr/local/lib/tumgreyspf') +sys.path.append('/usr/lib/tumgreyspf') import tumgreyspfsupp ################### debian/patches/007-no-pyspf-internals.diff0000644000000000000000000001574612240061230015526 0ustar Index: tumgreyspf-1.36/tumgreyspf =================================================================== --- tumgreyspf-1.36.orig/tumgreyspf 2013-11-10 20:41:45.000000000 -0500 +++ tumgreyspf-1.36/tumgreyspf 2013-11-10 23:52:37.320166793 -0500 @@ -6,6 +6,26 @@ # Copyright (c) 2004-2007, Sean Reifschneider, tummy.com, ltd. # All Rights Reserved # +# +# For code copied from pyspf, the following applies: +# Copyright (c) 2003, Terence Way +# Portions Copyright (c) 2004,2005,2006,2007,2008 Stuart Gathman +# Portions Copyright (c) 2005,2006,2007,2008,2011,2012 Scott Kitterman +# This module is free software, and you may redistribute it and/or modify +# it under the same terms as Python itself, so long as this copyright message +# and disclaimer are retained in their original form. +# +# IN NO EVENT SHALL THE AUTHOR BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, +# SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF +# THIS CODE, EVEN IF THE AUTHOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH +# DAMAGE. +# +# THE AUTHOR SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE. THE CODE PROVIDED HEREUNDER IS ON AN "AS IS" BASIS, +# AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, +# SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. + S_rcsid = '$Id: tumgreyspf,v 1.29 2007-10-08 00:39:37 jafo Exp $' @@ -19,19 +39,159 @@ tumgreyspfsupp.setExceptHook() ############################################# +# Copied from pyspf 2.0.7 +import struct + +def addr2bin(str): + """Convert a string IPv4 address into an unsigned integer. + + Examples:: + >>> import sys + >>> if sys.version_info[0] == 2: + ... print(long(addr2bin('127.0.0.1'))) + ... else: + ... print(addr2bin('127.0.0.1')) + 2130706433 + + >>> addr2bin('127.0.0.1') == socket.INADDR_LOOPBACK + 1 + + >>> print(addr2bin('255.255.255.254')) + 4294967294 + + >>> print(addr2bin('192.168.0.1')) + 3232235521 + + Unlike DNS.addr2bin, the n, n.n, and n.n.n forms for IP addresses + are handled as well:: + >>> import sys + >>> if sys.version_info[0] == 2: + ... print(long(addr2bin('10.65536'))) + ... else: + ... print(addr2bin('10.65536')) + 167837696 + + >>> import sys + >>> if sys.version_info[0] == 2: + ... print(long(addr2bin('10.93.512'))) + ... else: + ... print(addr2bin('10.93.512')) + 173867520 + """ + return struct.unpack("!L", socket.inet_aton(str))[0] + +def bin2long6(str): + h, l = struct.unpack("!QQ", str) + return h << 64 | l + +if hasattr(socket,'has_ipv6') and socket.has_ipv6: + def inet_ntop(s): + return socket.inet_ntop(socket.AF_INET6,s) + def inet_pton(s): + return socket.inet_pton(socket.AF_INET6,s) +else: + def inet_ntop(s): + """Convert ip6 address to standard hex notation. + Examples: + >>> inet_ntop(struct.pack("!HHHHHHHH",0,0,0,0,0,0xFFFF,0x0102,0x0304)) + '::FFFF:1.2.3.4' + >>> inet_ntop(struct.pack("!HHHHHHHH",0x1234,0x5678,0,0,0,0,0x0102,0x0304)) + '1234:5678::102:304' + >>> inet_ntop(struct.pack("!HHHHHHHH",0,0,0,0x1234,0x5678,0,0x0102,0x0304)) + '::1234:5678:0:102:304' + >>> inet_ntop(struct.pack("!HHHHHHHH",0x1234,0x5678,0,0x0102,0x0304,0,0,0)) + '1234:5678:0:102:304::' + >>> inet_ntop(struct.pack("!HHHHHHHH",0,0,0,0,0,0,0,0)) + '::' + """ + # convert to 8 words + a = struct.unpack("!HHHHHHHH",s) + n = (0,0,0,0,0,0,0,0) # null ip6 + if a == n: return '::' + # check for ip4 mapped + if a[:5] == (0,0,0,0,0) and a[5] in (0,0xFFFF): + ip4 = '.'.join([str(i) for i in struct.unpack("!HHHHHHBBBB",s)[6:]]) + if a[5]: + return "::FFFF:" + ip4 + return "::" + ip4 + # find index of longest sequence of 0 + for l in (7,6,5,4,3,2,1): + e = n[:l] + for i in range(9-l): + if a[i:i+l] == e: + if i == 0: + return ':'+':%x'*(8-l) % a[l:] + if i == 8 - l: + return '%x:'*(8-l) % a[:-l] + ':' + return '%x:'*i % a[:i] + ':%x'*(8-l-i) % a[i+l:] + return "%x:%x:%x:%x:%x:%x:%x:%x" % a + + def inet_pton(p): + """Convert ip6 standard hex notation to ip6 address. + Examples: + >>> struct.unpack('!HHHHHHHH',inet_pton('::')) + (0, 0, 0, 0, 0, 0, 0, 0) + >>> struct.unpack('!HHHHHHHH',inet_pton('::1234')) + (0, 0, 0, 0, 0, 0, 0, 4660) + >>> struct.unpack('!HHHHHHHH',inet_pton('1234::')) + (4660, 0, 0, 0, 0, 0, 0, 0) + >>> struct.unpack('!HHHHHHHH',inet_pton('1234::5678')) + (4660, 0, 0, 0, 0, 0, 0, 22136) + >>> struct.unpack('!HHHHHHHH',inet_pton('::FFFF:1.2.3.4')) + (0, 0, 0, 0, 0, 65535, 258, 772) + >>> struct.unpack('!HHHHHHHH',inet_pton('1.2.3.4')) + (0, 0, 0, 0, 0, 65535, 258, 772) + >>> try: inet_pton('::1.2.3.4.5') + ... except ValueError,x: print x + ::1.2.3.4.5 + """ + if p == '::': + return '\0'*16 + s = p + m = RE_IP4.search(s) + try: + if m: + pos = m.start() + ip4 = [int(i) for i in s[pos:].split('.')] + if not pos: + return struct.pack('!QLBBBB',0,65535,*ip4) + s = s[:pos]+'%x%02x:%x%02x'%tuple(ip4) + a = s.split('::') + if len(a) == 2: + l,r = a + if not l: + r = r.split(':') + return struct.pack('!HHHHHHHH', + *[0]*(8-len(r)) + [int(s,16) for s in r]) + if not r: + l = l.split(':') + return struct.pack('!HHHHHHHH', + *[int(s,16) for s in l] + [0]*(8-len(l))) + l = l.split(':') + r = r.split(':') + return struct.pack('!HHHHHHHH', + *[int(s,16) for s in l] + [0]*(8-len(l)-len(r)) + + [int(s,16) for s in r]) + if len(a) == 1: + return struct.pack('!HHHHHHHH', + *[int(s,16) for s in a[0].split(':')]) + except ValueError: pass + raise ValueError(p) + +############################################# def cidrmatch(connectip, ipaddrs, n): """Match connect IP against a list of other IP addresses. From pyspf.""" try: if connectip.count(':'): MASK = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFL - connectip = spf.inet_pton(connectip) + connectip = inet_pton(connectip) for arg in ipaddrs: - ipaddrs[ipaddrs.index(arg)] = spf.inet_pton(arg) - bin = spf.bin2long6 + ipaddrs[ipaddrs.index(arg)] = inet_pton(arg) + bin = bin2long6 else: MASK = 0xFFFFFFFFL - bin = spf.addr2bin + bin = addr2bin c = ~(MASK >> n) & MASK & bin(connectip) for ip in [bin(ip) for ip in ipaddrs]: if c == ~(MASK >> n) & MASK & ip: return True debian/patches/002-tumgreyspf-addip.diff0000755000000000000000000000073511755661700015252 0ustar Description: De-localify Forwarded: not-needed Author: Thomas Goirand --- tumgreyspf-1.28/tumgreyspf-addip.orig 2007-10-08 07:25:03.000000000 +0000 +++ tumgreyspf-1.28/tumgreyspf-addip 2007-10-08 07:26:09.000000000 +0000 @@ -5,7 +5,7 @@ use strict; my $live = 1; -my $base_dir = q(/var/local/lib/tumgreyspf/config/client_address/); +my $base_dir = q(/var/lib/tumgreyspf/config/client_address/); my $conf_contents = q(SPFSEEDONLY=0 GREYLISTTIME=300 debian/patches/006-tumgreyspfsupp.py.diff0000755000000000000000000000174611755661700015541 0ustar Description: De-localify Forwarded: not-needed Author: Thomas Goirand --- tumgreyspf-1.28/tumgreyspfsupp.py.orig 2007-10-08 07:48:44.000000000 +0000 +++ tumgreyspf-1.28/tumgreyspfsupp.py 2007-10-08 07:49:55.000000000 +0000 @@ -9,15 +9,15 @@ # default values -defaultConfigFilename = '/var/local/lib/tumgreyspf/config/tumgreyspf.conf' +defaultConfigFilename = '/var/lib/tumgreyspf/config/tumgreyspf.conf' defaultConfigData = { 'debugLevel' : 0, 'defaultSeedOnly' : 0, 'defaultAllowTime' : 600, - 'configPath' : 'file:///var/local/lib/tumgreyspf/config', - 'greylistDir' : '/var/local/lib/tumgreyspf/data', - 'blackholeDir' : '/var/local/lib/tumgreyspf/blackhole', - 'spfqueryPath' : '/usr/local/lib/tumgreyspf/spfquery', + 'configPath' : 'file:///var/lib/tumgreyspf/config', + 'greylistDir' : '/var/lib/tumgreyspf/data', + 'blackholeDir' : '/var/lib/tumgreyspf/blackhole', + 'spfqueryPath' : '/usr/lib/tumgreyspf/spfquery', 'ignoreLastByte' : 0, } debian/patches/004-tumgreyspf-test.conf.diff0000755000000000000000000000247011755661700016074 0ustar Description: De-localify Forwarded: not-needed Author: Thomas Goirand --- tumgreyspf-1.28/tumgreyspf-test.conf.orig 2007-10-08 07:31:43.000000000 +0000 +++ tumgreyspf-1.28/tumgreyspf-test.conf 2007-10-08 07:39:18.000000000 +0000 @@ -15,18 +15,18 @@ # Path to the directory-based configuration. This can be used to override # the configuration values for certain remote hosts, senders or # recipients. -configPath = 'file:///home/jafo/projects/tumgreyspf/test/config' +configPath = 'file:///etc/tumgreyspf/test/config' # Directory where the greylist resides. -greylistDir = '/home/jafo/projects/tumgreyspf/test/data' +greylistDir = '/var/lib/tumgreyspf/test/data' # Path to the program used for greylist checking. This can either be the # perl version available from http://spf.pobox.com/ or the # "spfquery-static" program built from libspf2, also available from # http://spf.pobox.com/ -spfqueryPath = '/usr/local/lib/postfix/spfquery' +spfqueryPath = '/usr/bin/spfquery' # Directory where the blackhole information goes. "ips" sub-directory # contains IPs that have touched us with a bad address. "addresses" # sub-directory has a file per address named after the bad addresses. -blackholeDir = '/usr/local/lib/tumgreyspf/blackhole', +blackholeDir = '/usr/lib/tumgreyspf/blackhole', debian/compat0000644000000000000000000000000211755661700010374 0ustar 8