diff options
author | kreon | 2015-07-07 02:17:51 +0300 |
---|---|---|
committer | kreon | 2015-07-07 02:20:05 +0300 |
commit | 5cdb11c0710b4390efb62211af60762fbf1d942d (patch) | |
tree | a6a08d7e9942d462256705b3c8d3a5b82f0f5c42 | |
download | aur-5cdb11c0710b4390efb62211af60762fbf1d942d.tar.gz |
initial commit
-rw-r--r-- | .SRCINFO | 39 | ||||
-rw-r--r-- | PKGBUILD | 47 | ||||
-rw-r--r-- | greyd.conf | 199 | ||||
-rw-r--r-- | greyd.install | 26 | ||||
-rw-r--r-- | greyd.service | 13 | ||||
-rwxr-xr-x | greydctl | 62 | ||||
-rw-r--r-- | mod_c.patch | 11 |
7 files changed, 397 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..ca3578266f63 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,39 @@ +# Generated by makepkg 4.2.0 +# Tue Mar 10 21:56:18 UTC 2015 +pkgbase = greyd + pkgdesc = Lightweight greylisting & blacklisting daemon based on OpenBSD spamd + pkgver = 0.7.0 + pkgrel = 5 + url = http://greyd.org/ + install = greyd.install + arch = i686 + arch = x86_64 + license = BSD + makedepends = libtool + makedepends = autoconf + makedepends = automake + makedepends = gcc + makedepends = make + makedepends = patch + depends = zlib + depends = libtool + depends = libgcrypt + depends = ipset + depends = libnetfilter_conntrack + depends = libnetfilter_log + depends = db + depends = iptables + depends = libspf2 + source = https://github.com/mikey-austin/greyd/archive/v0.7.0.tar.gz + source = mod_c.patch + source = greyd.conf + source = greydctl + source = greyd.service + md5sums = c231a42ff9b53ad7401d1a7c4006a5ac + md5sums = 675176b859e7a442d2bbcbca11a9e64a + md5sums = c4c05842a1ff7706616d5f49b83b67bf + md5sums = bec202f3c8f00d7c917f423b0eda66f6 + md5sums = 61023296035deb3d685b296c3fca9d68 + +pkgname = greyd + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..4e87499a38f9 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,47 @@ +# Kekeke +# Maintainer: Your Name <youremail@domain.com> +pkgname=greyd +pkgver=0.7.0 +pkgrel=5 +pkgdesc="Lightweight greylisting & blacklisting daemon based on OpenBSD spamd" +arch=('i686' 'x86_64') +url="http://greyd.org/" +license=('BSD') + +depends=('zlib' 'libtool' 'libgcrypt' 'ipset' + 'libnetfilter_conntrack' 'libnetfilter_log' + 'db' 'iptables' 'libspf2') +makedepends=('libtool' 'autoconf' 'automake' 'gcc' 'make' 'patch') + +source=("https://github.com/mikey-austin/greyd/archive/v0.7.0.tar.gz" "mod_c.patch" "greyd.conf" "greydctl" "greyd.service") +install=greyd.install + +md5sums=('c231a42ff9b53ad7401d1a7c4006a5ac' + '675176b859e7a442d2bbcbca11a9e64a' + 'c4c05842a1ff7706616d5f49b83b67bf' + 'bec202f3c8f00d7c917f423b0eda66f6' + '61023296035deb3d685b296c3fca9d68') + +prepare() { + cd "$pkgname-$pkgver" + patch -p1 < ../mod_c.patch + aclocal + autoheader + libtoolize + automake -ac + autoconf +} +build() { + cd "$pkgname-$pkgver" + ./configure --prefix=/usr --sbindir=/usr/bin --sysconfdir=/etc --with-netfilter --with-bdb --with-spf + make clean && make +} + +package() { + cd "$pkgname-$pkgver" + make DESTDIR="$pkgdir/" install + mkdir -p "$pkgdir/usr/lib/systemd/system" + install -m 0644 "$srcdir/greyd.conf" "$pkgdir/etc/greyd/greyd.conf" + install -m 0755 "$srcdir/greydctl" "$pkgdir/usr/bin/greydctl" + install -m 0644 "$srcdir/greyd.service" "$pkgdir/usr/lib/systemd/system/greyd.service" +} diff --git a/greyd.conf b/greyd.conf new file mode 100644 index 000000000000..b037db8c6716 --- /dev/null +++ b/greyd.conf @@ -0,0 +1,199 @@ +# +# Debugging options and more verbose logs. +# +debug = 1 +verbose = 1 +daemonize = 1 + +# +# Main daemon user to drop privileges to. +# +user = "greyd" + +# +# Address to listen on. +# +bind_address = "127.0.0.1" + +# +# Main greyd port. +# +port = 8025 + +# +# This will be obtained via "hostname" if not set. +# +#hostname = "greyd.org" + +# +# Enable listening on IPv6 socket. +# +enable_ipv6 = 0 +bind_address_ipv6 = "::1" + +# +# For blacklisted connections, the number of seconds between +# stuttered bytes. +# +stutter = 1 + +# +# Adjust the socket receive buffer to the specified number +# of bytes (window size). This slows down spammers even more. +# +# window = 1 + +# +# The banner message to be displayed to new connections. +# +banner = "greyd IP-based SPAM blocker" + +# +# The return code to show blacklisted spammers. +# +error_code = "450" + +# +# Chroot enable & location for main daemon. +# +chroot = 1 +chroot_dir = "/var/empty/greyd" + +# +# Pidfile locations for greyd & greylogd daemons. If +# chrooting, the greyd_pidfile must reside withing the +# chroot_dir, and the main greyd user must have permission +# to remove the file in the chroot directory. +# +greyd_pidfile = "/var/empty/greyd/greyd.pid" +greylogd_pidfile = "/var/empty/greyd/greylogd.pid" + +# +# The firewall configuration. +# +section firewall { + driver = "/usr/lib/greyd/greyd_netfilter.so", + + # Max. number of IPSET set elements. + max_elements = 1000000, + + # Max. IPSET hash size. + hash_size = 1048576, + + # + # Greylogd tracking via the iptables NFLOG target and + # corresponding --nflog-group. + # + track_outbound = 1, + inbound_group = 155, + outbound_group = 255 +} + +# +# The greylisting database configuration. +# +section database { + driver = "/usr/lib/greyd/greyd_bdb.so", + path = "/var/lib/greydb", + db_name = "greyd.db" +} + +# +# Sync configuration. +# +section sync { + enable = 0 + #hosts = [ "eth0:2", "jackiemclean.net" ], + #ttl = 2, + #port = 8025, + #verify = 1, + #key = "/etc/greyd/greyd.key", + #bind_address = "eth0:2", + #mcast_address = "224.0.1.241" +} + +# +# SPF validation +# +section spf { + enable = 1, + + # Whitelist hosts that pass SPF validation. + whitelist_on_pass = 1, + + # Trap hosts on softfail, in addition to + # hardfail. + trap_on_softfail = 1 +} + +# +# Greylist engine configuration. +# +section grey { + enable = 1, + user = "greyd", + traplist_name = "greyd-greytrap", + traplist_message = "Your address %A has mailed to spamtraps here", + whitelist_name = "greyd-whitelist", + whitelist_name_ipv6 = "greyd-whitelist-ipv6", + + # Specify the secondary MX server for auto-greytrapping. + #low_prio_mx = "10.10.20.30", + + # Kill stutter for new connections after so many seconds. + stutter = 5, + + # Various greylisting times (in seconds) + pass_time = 300, # 10 minutes. + grey_expiry = 14400, # 4 hours. + white_expiry = 2678400, # 31 days. + trap_expiry = 86400, # 1 day. + + # + # If this file is specified (and exists), any message received + # with a RCPT TO domain *not* matching an entry in the below file + # will be grey-trapped (ie blacklisted). + # + #permitted_domains = "/etc/greyd/permitted_domains" +} + +# +# The configuration section for greyd-setup. +# +section setup { + # + # Place blacklists & whitelists here. Note, the lists are applied + # in order. Whitelists are subtracted from the blacklists that + # come before them. + # + lists = [ "nixspam", "uatraps" ], + curl_path = "/usr/bin/curl" +} + +blacklist uatraps { + message = "Your address %A has sent mail to a ualberta.ca spamtrap\\\\n + within the last 24 hours", + method = "http", + file = "www.openbsd.org/spamd/traplist.gz" +} + +blacklist nixspam { + message = "Your address %A is in the nixspam list", + method = "http", + file = "www.openbsd.org/spamd/nixspam.gz" +} + +#whitelist test_exec_method { +# method = "exec", +# file = "cat /tmp/nixspam-traplist.gz" +#} + +#blacklist test_file_method { +# method = "file", +# file = "/tmp/nixspam-traplist.gz" +#} + +# +# Configuration may be recursively specified using globs. +# +#include "/etc/greyd/conf.d/*.conf" diff --git a/greyd.install b/greyd.install new file mode 100644 index 000000000000..f35975b638e9 --- /dev/null +++ b/greyd.install @@ -0,0 +1,26 @@ +# This is a default template for a post-install scriptlet. +# Uncomment only required functions and remove any functions +# you don't need (and this header). + +## arg 1: the new package version +pre_install() { + [ -f /etc/greyd/greyd.conf ] && cp -f /etc/greyd/greyd.conf /etc/greyd/greyd.conf.pacsave +} + +## arg 1: the new package version +post_install() { + grep -q greyd: /etc/passwd || useradd -r -M -d / greyd + mkdir -p /var/empty/greyd/ && chown greyd:greyd /var/empty/greyd/ + mkdir -p /var/lib/greydb/ && chown greyd:greyd /var/lib/greydb/ + echo "To set up iptables, do: " + echo "\tiptables -t nat -N GREYD" + echo "\tiptables -t filter -N GREYD" + echo "\tiptables -t filter -A INPUT -p tcp --dport 25 -d 127.0.0.1 -j ACCEPT" + echo "\tiptables-save > /etc/iptables/iptables.rules" + echo "Add a job to crontab:" + echo "\t05 * * * * /usr/sbin/greyd-setup -f /etc/greyd/greyd.conf" +} + +post_remove() { + echo "Please remove iptables rules and cron jobs" +} diff --git a/greyd.service b/greyd.service new file mode 100644 index 000000000000..3f491abb8ab3 --- /dev/null +++ b/greyd.service @@ -0,0 +1,13 @@ +[Unit] +Description=Greyd anti-spam daemon +After=ipset.service + +[Service] +Type=oneshot +ExecStart=/usr/bin/greydctl start +ExecReload=/usr/bin/greydctl restart +ExecStop=/usr/bin/greydctl stop +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/greydctl b/greydctl new file mode 100755 index 000000000000..92904edabe58 --- /dev/null +++ b/greydctl @@ -0,0 +1,62 @@ +#!/bin/sh +# Sample greyd control script for Arch Linux distro +# Ivan Agarkov <ivan.agarkov@gmail.com>, 2015 + +start() { +if [ ! -f /var/empty/greyd/greyd.pid ]; then + greyd + sleep 3 + iptables -t nat -A GREYD -p tcp --dport smtp -m set --match-set greyd-whitelist src -j ACCEPT + iptables -t nat -A GREYD -p tcp --dport smtp -j DNAT --to-destination 127.0.0.1:8025 + iptables -t nat -I PREROUTING 1 -j GREYD + sysctl net.ipv4.conf.all.route_localnet=1 +else + echo "greyd is already running" +fi +if [ ! -f /var/empry/greyd/greylogd.pid ]; then + rm -f /var/empry/greyd/greylogd.pid + greylogd + iptables -t nat -I GREYD 1 -p tcp --dport smtp -m set --match-set greyd-whitelist src -j NFLOG --nflog-group 155 + iptables -t filter -A GREYD -m conntrack --ctstate NEW \ + -p tcp --dport 25 -j NFLOG --nflog-group 255 + iptables -t filter -I OUTPUT 1 -j GREYD +else + echo "greylogd not found" +fi +} + +stop() { +if [ -f /var/empty/greyd/greyd.pid ]; then + kill `cat /var/empty/greyd/greyd.pid` && ( iptables -t nat -F GREYD && iptables -t nat -D PREROUTING 1 ) + rm -f /var/empty/greyd/greyd.pid +else + echo "greyd not running" +fi +if [ -f /var/empty/greyd/greylogd.pid ]; then + kill `cat /var/empty/greyd/greylogd.pid` && (iptables -t nat -F GREYD && iptables -t filter -F GREYD && iptables -t filter -D OUTPUT 1) + rm -f /var/empty/greyd/greylogd.pid +else + echo "greylogd not running" +fi +sysctl net.ipv4.conf.all.route_localnet=0 +} + +if [ "$EUID" -ne "0" ]; then + echo "Only root can run this" + exit 1 +fi + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + stop + start + ;; + *) + echo "Usage: $0 {start|stop|restart}" +esac diff --git a/mod_c.patch b/mod_c.patch new file mode 100644 index 000000000000..e476b6bf41d6 --- /dev/null +++ b/mod_c.patch @@ -0,0 +1,11 @@ +diff -Naur greyd-0.7.0/src/mod.c greyd-0.7.0-p/src/mod.c +--- greyd-0.7.0/src/mod.c 2015-03-08 04:32:49.000000000 +0300 ++++ greyd-0.7.0-p/src/mod.c 2015-03-10 18:15:20.412646601 +0300 +@@ -24,6 +24,7 @@ + #include <config.h> + + #ifdef HAVE_LTDL_H ++#define lt__PROGRAM__LTX_preloaded_symbols lt_libltdl_LTX_preloaded_symbols + # include <ltdl.h> + #else + # error This module requires ltdl.h. |