initial commit

author: kreon 2015-07-07 02:17:51 +0300
committer: kreon 2015-07-07 02:20:05 +0300
commit: 5cdb11c0710b4390efb62211af60762fbf1d942d (patch)
tree: a6a08d7e9942d462256705b3c8d3a5b82f0f5c42
download: aur-5cdb11c0710b4390efb62211af60762fbf1d942d.tar.gz
7 files changed, 397 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 000000000000..ca3578266f63
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,39 @@
+# Generated by makepkg 4.2.0
+# Tue Mar 10 21:56:18 UTC 2015
+pkgbase = greyd
+	pkgdesc = Lightweight greylisting & blacklisting daemon based on OpenBSD spamd
+	pkgver = 0.7.0
+	pkgrel = 5
+	url = http://greyd.org/
+	install = greyd.install
+	arch = i686
+	arch = x86_64
+	license = BSD
+	makedepends = libtool
+	makedepends = autoconf
+	makedepends = automake
+	makedepends = gcc
+	makedepends = make
+	makedepends = patch
+	depends = zlib
+	depends = libtool
+	depends = libgcrypt
+	depends = ipset
+	depends = libnetfilter_conntrack
+	depends = libnetfilter_log
+	depends = db
+	depends = iptables
+	depends = libspf2
+	source = https://github.com/mikey-austin/greyd/archive/v0.7.0.tar.gz
+	source = mod_c.patch
+	source = greyd.conf
+	source = greydctl
+	source = greyd.service
+	md5sums = c231a42ff9b53ad7401d1a7c4006a5ac
+	md5sums = 675176b859e7a442d2bbcbca11a9e64a
+	md5sums = c4c05842a1ff7706616d5f49b83b67bf
+	md5sums = bec202f3c8f00d7c917f423b0eda66f6
+	md5sums = 61023296035deb3d685b296c3fca9d68
+
+pkgname = greyd
+
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 000000000000..4e87499a38f9
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,47 @@
+# Kekeke
+# Maintainer: Your Name <youremail@domain.com>
+pkgname=greyd
+pkgver=0.7.0
+pkgrel=5
+pkgdesc="Lightweight greylisting & blacklisting daemon based on OpenBSD spamd"
+arch=('i686' 'x86_64')
+url="http://greyd.org/"
+license=('BSD')
+
+depends=('zlib' 'libtool' 'libgcrypt' 'ipset'
+ 'libnetfilter_conntrack' 'libnetfilter_log'
+ 'db' 'iptables' 'libspf2')
+makedepends=('libtool' 'autoconf' 'automake' 'gcc' 'make' 'patch')
+
+source=("https://github.com/mikey-austin/greyd/archive/v0.7.0.tar.gz" "mod_c.patch" "greyd.conf" "greydctl" "greyd.service")
+install=greyd.install
+
+md5sums=('c231a42ff9b53ad7401d1a7c4006a5ac'
+         '675176b859e7a442d2bbcbca11a9e64a'
+         'c4c05842a1ff7706616d5f49b83b67bf'
+         'bec202f3c8f00d7c917f423b0eda66f6'
+         '61023296035deb3d685b296c3fca9d68')
+         
+prepare() {
+    cd "$pkgname-$pkgver"
+    patch -p1 < ../mod_c.patch
+    aclocal
+    autoheader
+    libtoolize
+    automake -ac
+    autoconf
+}
+build() {
+	cd "$pkgname-$pkgver"
+	./configure --prefix=/usr --sbindir=/usr/bin --sysconfdir=/etc --with-netfilter --with-bdb --with-spf
+	make clean && make
+}
+
+package() {
+	cd "$pkgname-$pkgver"
+	make DESTDIR="$pkgdir/" install
+	mkdir -p "$pkgdir/usr/lib/systemd/system"
+	install -m 0644 "$srcdir/greyd.conf" "$pkgdir/etc/greyd/greyd.conf"
+	install -m 0755 "$srcdir/greydctl" "$pkgdir/usr/bin/greydctl"
+	install -m 0644 "$srcdir/greyd.service" "$pkgdir/usr/lib/systemd/system/greyd.service"
+}
diff --git a/greyd.conf b/greyd.conf
new file mode 100644
index 000000000000..b037db8c6716
--- /dev/null
+++ b/greyd.conf
@@ -0,0 +1,199 @@
+#
+# Debugging options and more verbose logs.
+#
+debug = 1
+verbose = 1
+daemonize = 1
+
+#
+# Main daemon user to drop privileges to.
+#
+user = "greyd"
+
+#
+# Address to listen on.
+#
+bind_address = "127.0.0.1"
+
+#
+# Main greyd port.
+#
+port = 8025
+
+#
+# This will be obtained via "hostname" if not set.
+#
+#hostname = "greyd.org"
+
+#
+# Enable listening on IPv6 socket.
+#
+enable_ipv6 = 0
+bind_address_ipv6 = "::1"
+
+#
+# For blacklisted connections, the number of seconds between
+# stuttered bytes.
+#
+stutter = 1
+
+#
+# Adjust the socket receive buffer to the specified number
+# of bytes (window size). This slows down spammers even more.
+#
+# window = 1
+
+#
+# The banner message to be displayed to new connections.
+#
+banner = "greyd IP-based SPAM blocker"
+
+#
+# The return code to show blacklisted spammers.
+#
+error_code = "450"
+
+#
+# Chroot enable & location for main daemon.
+#
+chroot     = 1
+chroot_dir = "/var/empty/greyd"
+
+#
+# Pidfile locations for greyd & greylogd daemons. If
+# chrooting, the greyd_pidfile must reside withing the
+# chroot_dir, and the main greyd user must have permission
+# to remove the file in the chroot directory.
+#
+greyd_pidfile = "/var/empty/greyd/greyd.pid"
+greylogd_pidfile = "/var/empty/greyd/greylogd.pid"
+
+#
+# The firewall configuration.
+#
+section firewall {
+    driver = "/usr/lib/greyd/greyd_netfilter.so",
+
+    # Max. number of IPSET set elements.
+    max_elements = 1000000,
+
+    # Max. IPSET hash size.
+    hash_size = 1048576,
+
+    #
+    # Greylogd tracking via the iptables NFLOG target and
+    # corresponding --nflog-group.
+    #
+    track_outbound  = 1,
+    inbound_group  = 155,
+    outbound_group = 255
+}
+
+#
+# The greylisting database configuration.
+#
+section database {
+    driver  = "/usr/lib/greyd/greyd_bdb.so",
+    path    = "/var/lib/greydb",
+    db_name = "greyd.db"
+}
+
+#
+# Sync configuration.
+#
+section sync {
+    enable        = 0
+    #hosts         = [ "eth0:2", "jackiemclean.net" ],
+    #ttl           = 2,
+    #port          = 8025,
+    #verify        = 1,
+    #key           = "/etc/greyd/greyd.key",
+    #bind_address  = "eth0:2",
+    #mcast_address = "224.0.1.241"
+}
+
+#
+# SPF validation
+#
+section spf {
+    enable = 1,
+
+    # Whitelist hosts that pass SPF validation.
+    whitelist_on_pass = 1,
+
+    # Trap hosts on softfail, in addition to
+    # hardfail.
+    trap_on_softfail = 1
+}
+
+#
+# Greylist engine configuration.
+#
+section grey {
+    enable              = 1,
+    user                = "greyd",
+    traplist_name       = "greyd-greytrap",
+    traplist_message    = "Your address %A has mailed to spamtraps here",
+    whitelist_name      = "greyd-whitelist",
+    whitelist_name_ipv6 = "greyd-whitelist-ipv6",
+
+    # Specify the secondary MX server for auto-greytrapping.
+    #low_prio_mx = "10.10.20.30",
+
+    # Kill stutter for new connections after so many seconds.
+    stutter = 5,
+
+    # Various greylisting times (in seconds)
+    pass_time    = 300,     # 10 minutes.
+    grey_expiry  = 14400,   # 4 hours.
+    white_expiry = 2678400, # 31 days.
+    trap_expiry  = 86400,   # 1 day.
+
+    #
+    # If this file is specified (and exists), any message received
+    # with a RCPT TO domain *not* matching an entry in the below file
+    # will be grey-trapped (ie blacklisted).
+    #
+    #permitted_domains = "/etc/greyd/permitted_domains"
+}
+
+#
+# The configuration section for greyd-setup.
+#
+section setup {
+    #
+    # Place blacklists & whitelists here. Note, the lists are applied
+    # in order. Whitelists are subtracted from the blacklists that
+    # come before them.
+    #
+    lists     = [ "nixspam", "uatraps" ],
+    curl_path = "/usr/bin/curl"
+}
+
+blacklist uatraps {
+    message = "Your address %A has sent mail to a ualberta.ca spamtrap\\\\n
+               within the last 24 hours",
+    method  = "http",
+    file    = "www.openbsd.org/spamd/traplist.gz"
+}
+
+blacklist nixspam {
+    message = "Your address %A is in the nixspam list",
+    method  = "http",
+    file    = "www.openbsd.org/spamd/nixspam.gz"
+}
+
+#whitelist test_exec_method {
+#    method = "exec",
+#    file   = "cat /tmp/nixspam-traplist.gz"
+#}
+
+#blacklist test_file_method {
+#    method = "file",
+#    file   = "/tmp/nixspam-traplist.gz"
+#}
+
+#
+# Configuration may be recursively specified using globs.
+#
+#include "/etc/greyd/conf.d/*.conf"
diff --git a/greyd.install b/greyd.install
new file mode 100644
index 000000000000..f35975b638e9
--- /dev/null
+++ b/greyd.install
@@ -0,0 +1,26 @@
+# This is a default template for a post-install scriptlet.
+# Uncomment only required functions and remove any functions
+# you don't need (and this header).
+
+## arg 1:  the new package version
+pre_install() {
+	[ -f /etc/greyd/greyd.conf ] && cp -f /etc/greyd/greyd.conf /etc/greyd/greyd.conf.pacsave
+}
+
+## arg 1:  the new package version
+post_install() {
+	grep -q greyd: /etc/passwd || useradd -r -M -d / greyd
+	mkdir -p /var/empty/greyd/ && chown greyd:greyd /var/empty/greyd/
+	mkdir -p /var/lib/greydb/ && chown greyd:greyd /var/lib/greydb/
+	echo "To set up iptables, do: "
+	echo "\tiptables -t nat -N GREYD"
+	echo "\tiptables -t filter -N GREYD"
+	echo "\tiptables -t filter -A INPUT -p tcp --dport 25 -d 127.0.0.1 -j ACCEPT"
+	echo "\tiptables-save > /etc/iptables/iptables.rules"
+	echo "Add a job to crontab:"
+	echo "\t05 * * * * /usr/sbin/greyd-setup -f /etc/greyd/greyd.conf"
+}
+
+post_remove() {
+	echo "Please remove iptables rules and cron jobs"
+}
diff --git a/greyd.service b/greyd.service
new file mode 100644
index 000000000000..3f491abb8ab3
--- /dev/null
+++ b/greyd.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Greyd anti-spam daemon
+After=ipset.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/greydctl start
+ExecReload=/usr/bin/greydctl restart
+ExecStop=/usr/bin/greydctl stop
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/greydctl b/greydctl
new file mode 100755
index 000000000000..92904edabe58
--- /dev/null
+++ b/greydctl
@@ -0,0 +1,62 @@
+#!/bin/sh
+# Sample greyd control script for Arch Linux distro
+# Ivan Agarkov <ivan.agarkov@gmail.com>, 2015
+
+start() {
+if [ ! -f /var/empty/greyd/greyd.pid ]; then
+    greyd
+    sleep 3
+    iptables -t nat -A GREYD -p tcp --dport smtp -m set --match-set greyd-whitelist src -j ACCEPT
+    iptables -t nat -A GREYD -p tcp --dport smtp -j DNAT --to-destination 127.0.0.1:8025
+    iptables -t nat -I PREROUTING 1 -j GREYD
+    sysctl net.ipv4.conf.all.route_localnet=1
+else 
+    echo "greyd is already running"
+fi
+if [ ! -f /var/empry/greyd/greylogd.pid ]; then
+    rm -f /var/empry/greyd/greylogd.pid
+    greylogd
+    iptables -t nat -I GREYD 1 -p tcp --dport smtp -m set --match-set greyd-whitelist src -j NFLOG --nflog-group 155
+    iptables -t filter -A GREYD -m conntrack --ctstate NEW \
+    -p tcp --dport 25 -j NFLOG --nflog-group 255
+    iptables -t filter -I OUTPUT 1 -j GREYD
+else
+    echo "greylogd not found"
+fi
+}
+
+stop() {
+if [ -f /var/empty/greyd/greyd.pid ]; then
+    kill `cat /var/empty/greyd/greyd.pid` && ( iptables -t nat -F GREYD && iptables -t nat -D PREROUTING 1 )
+    rm -f /var/empty/greyd/greyd.pid
+else 
+    echo "greyd not running"
+fi
+if [ -f /var/empty/greyd/greylogd.pid ]; then
+    kill `cat /var/empty/greyd/greylogd.pid` && (iptables -t nat -F GREYD && iptables -t filter -F GREYD && iptables -t filter -D OUTPUT 1)
+    rm -f /var/empty/greyd/greylogd.pid
+else
+    echo "greylogd not running"
+fi
+sysctl net.ipv4.conf.all.route_localnet=0
+}
+
+if [ "$EUID" -ne "0" ]; then
+    echo "Only root can run this"
+    exit 1
+fi
+
+case "$1" in
+    start)
+	start
+	;;
+    stop)
+	stop
+	;;
+    restart)
+	stop
+	start
+	;;
+    *)
+    echo "Usage: $0 {start|stop|restart}"
+esac
diff --git a/mod_c.patch b/mod_c.patch
new file mode 100644
index 000000000000..e476b6bf41d6
--- /dev/null
+++ b/mod_c.patch
@@ -0,0 +1,11 @@
+diff -Naur greyd-0.7.0/src/mod.c greyd-0.7.0-p/src/mod.c
+--- greyd-0.7.0/src/mod.c	2015-03-08 04:32:49.000000000 +0300
++++ greyd-0.7.0-p/src/mod.c	2015-03-10 18:15:20.412646601 +0300
+@@ -24,6 +24,7 @@
+ #include <config.h>
+ 
+ #ifdef HAVE_LTDL_H
++#define lt__PROGRAM__LTX_preloaded_symbols lt_libltdl_LTX_preloaded_symbols
+ # include <ltdl.h>
+ #else
+ # error This module requires ltdl.h.
author	kreon	2015-07-07 02:17:51 +0300
committer	kreon	2015-07-07 02:20:05 +0300
commit	5cdb11c0710b4390efb62211af60762fbf1d942d (patch)
tree	a6a08d7e9942d462256705b3c8d3a5b82f0f5c42
download	aur-5cdb11c0710b4390efb62211af60762fbf1d942d.tar.gz