1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
Add option -g group to have the milter create a group-writeable socket
for communication with the MTA and set the GID of the socket to the
specified group. This makes it possible to use the milter via a
unix-domain socket with Postfix as the MTA (Postfix doesn't run as
root and would otherwise be unable to use the socket).
http://bugzilla.redhat.com/452248
diff -up spamass-milter-0.3.1/spamass-milter.cpp.group spamass-milter-0.3.1/spamass-milter.cpp
--- spamass-milter-0.3.1/spamass-milter.cpp.group 2010-03-24 13:30:19.030834527 +0000
+++ spamass-milter-0.3.1/spamass-milter.cpp 2010-03-24 13:40:54.712898107 +0000
@@ -89,6 +89,8 @@
#endif
#include <errno.h>
+#include <grp.h>
+
// C++ includes
#include <cstdio>
#include <cstddef>
@@ -180,8 +182,9 @@ int
main(int argc, char* argv[])
{
int c, err = 0;
- const char *args = "fd:mMp:P:r:u:D:i:Ib:B:e:x";
+ const char *args = "fd:mMp:P:r:u:D:i:Ib:B:e:xg:";
char *sock = NULL;
+ char *group = NULL;
bool dofork = false;
char *pidfilename = NULL;
FILE *pidfile = NULL;
@@ -228,6 +231,9 @@ main(int argc, char* argv[])
case 'p':
sock = strdup(optarg);
break;
+ case 'g':
+ group = strdup(optarg);
+ break;
case 'P':
pidfilename = strdup(optarg);
break;
@@ -287,6 +293,7 @@ main(int argc, char* argv[])
cout << " [-P pidfile] [-r nn] [-u defaultuser] [-x]" << endl;
cout << " [-- spamc args ]" << endl;
cout << " -p socket: path to create socket" << endl;
+ cout << " -g group: socket group (perms to 660 as well)" << endl;
cout << " -b bucket: redirect spam to this mail address. The orignal" << endl;
cout << " recipient(s) will not receive anything." << endl;
cout << " -B bucket: add this mail address as a BCC recipient of spam." << endl;
@@ -354,6 +361,30 @@ main(int argc, char* argv[])
} else {
debug(D_MISC, "smfi_register succeeded");
}
+
+ if (group)
+ {
+ struct group *gr;
+
+ (void) smfi_opensocket(0);
+ gr = getgrnam(group);
+ if (gr)
+ {
+ int rc;
+ rc = chown(sock, (uid_t)-1, gr->gr_gid);
+ if (!rc)
+ {
+ (void) chmod(sock, 0660);
+ } else {
+ perror("group option, chown");
+ exit(EX_NOPERM);
+ }
+ } else {
+ perror("group option, getgrnam");
+ exit(EX_NOUSER);
+ }
+ }
+
debug(D_ALWAYS, "spamass-milter %s starting", PACKAGE_VERSION);
err = smfi_main();
debug(D_ALWAYS, "spamass-milter %s exiting", PACKAGE_VERSION);
diff -up spamass-milter-0.3.1/spamass-milter.1.in.group spamass-milter-0.3.1/spamass-milter.1.in
--- spamass-milter-0.3.1/spamass-milter.1.in.group 2010-03-24 13:30:19.026834927 +0000
+++ spamass-milter-0.3.1/spamass-milter.1.in 2010-03-24 13:30:19.033834685 +0000
@@ -13,6 +13,7 @@
.Op Fl D Ar host
.Op Fl e Ar defaultdomain
.Op Fl f
+.Op Fl g Ar group
.Op Fl i Ar networks
.Op Fl I
.Op Fl m
@@ -108,6 +109,12 @@ flag.
Causes
.Nm
to fork into the background.
+.It Fl g Ar group
+Makes the socket for communication with the MTA group-writable (mode 0750)
+and sets the socket's group to
+.Ar group .
+This option is intended for use with MTA's like Postfix that do not run as
+root, and is incompatible with Sendmail usage.
.It Fl i Ar networks
Ignores messages if the originating IP is in the network(s) listed.
The message will be passed through without calling SpamAssassin at all.
|