diff options
author | Michael Cummings <mcummings@gentoo.org> | 2004-04-16 11:10:20 +0000 |
---|---|---|
committer | Michael Cummings <mcummings@gentoo.org> | 2004-04-16 11:10:20 +0000 |
commit | 106c99fd417da71d9d1807af0acb1b0569978561 (patch) | |
tree | 60269563e9cccbbafefc1178d0d5d5a65b3dcf45 /net-mail | |
parent | ~amd64 (Manifest recommit) (diff) | |
download | gentoo-2-106c99fd417da71d9d1807af0acb1b0569978561.tar.gz gentoo-2-106c99fd417da71d9d1807af0acb1b0569978561.tar.bz2 gentoo-2-106c99fd417da71d9d1807af0acb1b0569978561.zip |
Bug 22008
Diffstat (limited to 'net-mail')
-rw-r--r-- | net-mail/anomy-sanitizer/ChangeLog | 13 | ||||
-rw-r--r-- | net-mail/anomy-sanitizer/Manifest | 2 | ||||
-rw-r--r-- | net-mail/anomy-sanitizer/anomy-sanitizer-1.67.ebuild | 111 | ||||
-rw-r--r-- | net-mail/anomy-sanitizer/files/anomy.conf | 207 | ||||
-rw-r--r-- | net-mail/anomy-sanitizer/files/digest-anomy-sanitizer-1.67 | 1 | ||||
-rw-r--r-- | net-mail/anomy-sanitizer/files/sample2_mailfilter.sh | 83 | ||||
-rw-r--r-- | net-mail/anomy-sanitizer/files/sample_e-mail-architecture.png | bin | 0 -> 15409 bytes | |||
-rw-r--r-- | net-mail/anomy-sanitizer/files/sample_e-mail-architektur.flw | bin | 0 -> 7001 bytes | |||
-rw-r--r-- | net-mail/anomy-sanitizer/files/sample_mailfiler.sh | 76 | ||||
-rw-r--r-- | net-mail/anomy-sanitizer/metadata.xml | 10 |
10 files changed, 503 insertions, 0 deletions
diff --git a/net-mail/anomy-sanitizer/ChangeLog b/net-mail/anomy-sanitizer/ChangeLog new file mode 100644 index 000000000000..9bd2e45f457f --- /dev/null +++ b/net-mail/anomy-sanitizer/ChangeLog @@ -0,0 +1,13 @@ +# ChangeLog for net-mail/anomy-sanitizer +# Copyright 2000-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-mail/anomy-sanitizer/ChangeLog,v 1.1 2004/04/16 11:10:20 mcummings Exp $ + +*anomy-sanitizer-1.67 (16 Apr 2004) + + 16 Apr 2004; Michael Cummings <mcummings@gentoo.org> + anomy-sanitizer-1.67.ebuild, metadata.xml, files/anomy.conf, + files/sample2_mailfilter.sh, files/sample_e-mail-architecture.png, + files/sample_e-mail-architektur.flw, files/sample_mailfiler.sh: + Anomy-sanitizer mail filter, originally posted by Thiemo Kellner + <thiemo@thiam.ch> and worked on by Alessandro Pisani <alextxm@tin.it>. + diff --git a/net-mail/anomy-sanitizer/Manifest b/net-mail/anomy-sanitizer/Manifest new file mode 100644 index 000000000000..a1cdbed96d6d --- /dev/null +++ b/net-mail/anomy-sanitizer/Manifest @@ -0,0 +1,2 @@ +MD5 e6b64bd74a5115c0e2c3624f8d577b72 anomy-sanitizer-1.67.ebuild 2938 +MD5 bfbe48e53cc13347c50082c700ca1981 files/digest-anomy-sanitizer-1.67 72 diff --git a/net-mail/anomy-sanitizer/anomy-sanitizer-1.67.ebuild b/net-mail/anomy-sanitizer/anomy-sanitizer-1.67.ebuild new file mode 100644 index 000000000000..4f2e47466a2e --- /dev/null +++ b/net-mail/anomy-sanitizer/anomy-sanitizer-1.67.ebuild @@ -0,0 +1,111 @@ +# Copyright 1999-2004 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-mail/anomy-sanitizer/anomy-sanitizer-1.67.ebuild,v 1.1 2004/04/16 11:10:20 mcummings Exp $ + +DESCRIPTION="Perl based e-mail filtering tool, sensitive to html tags, mime types and attachments" +HOMEPAGE="http://mailtools.anomy.net/" +SRC_URI="http://mailtools.anomy.net/dist/${PN}-${PV}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~x86" +IUSE="" + +RDEPEND=">=dev-lang/perl + >=dev-perl/MIME-Base64-2.12-r2 + >=dev-perl/Mail-Audit-2.1-r1 + virtual/mta" +DEPEND="${RDEPEND}" + +S=${WORKDIR}/${P} + + +DEST="/usr/share/${PN}" +SANI_WORKDIR="/var/spool/sanitizer" + + +src_install() { + keepdir ${SANI_WORKDIR} + dodir ${DEST} + insinto ${DEST} + +# generate lists for doins + _list="anomy anomy/bin anomy/bin/Anomy anomy/bin/Anomy/Sanitizer anomy/contrib anomy/testcases anomy/testcases/results.def" + + for i in $_list; do + _di=`echo $i | sed -e "s/^anomy//g; s/^\///g"` + insinto ${DEST}/$_di + + _sublist=`find ${WORKDIR}/$i/* -type f -maxdepth 0` + for l in $_sublist; do + echo + doins $l + done + done + + insinto ${DEST} + doins ${FILESDIR}/*.conf + doins ${FILESDIR}/*.sh + doins ${FILESDIR}/*.png + doins ${FILESDIR}/*.flw + + keepdir /etc/mail/anomy-sanitizer + dosym ${DEST}/anomy.conf /etc/mail/anomy-sanitizer/anomy.conf +} + +pkg_postinst() { + if [ -z "`grep ^sanitizer: ${ROOT}/etc/group`" ]; then + groupadd sanitizer + fi + + if [ -z "`grep ^sanitizer: ${ROOT}/etc/shadow`" ]; then + useradd sanitizer -d ${SANI_WORKDIR} -g sanitizer -s /bin/false + fi + + if [ -z "`grep ^sanitizer:.*sanitizer /etc/group`" ]; then + usermod -G sanitizer sanitizer + fi + + chown -R sanitizer:sanitizer ${ROOT}/${SANI_WORKDIR} + chmod -R a-rwx,g+X,u+rwX ${ROOT}/${SANI_WORKDIR} + chown -R sanitizer:sanitizer ${ROOT}/${DEST} + chmod -R a-rwx,g+rX,u+rX ${ROOT}/${DEST} + chmod u+x ${ROOT}/${DEST}/bin/*.pl + chmod u+x ${ROOT}/${DEST}/contrib/*.pl + chmod u+x ${ROOT}/${DEST}/testcases/*.sh + chmod u+w ${ROOT}/${DEST}/* + chmod u+w ${ROOT}/${DEST}/bin + chmod u+w ${ROOT}/${DEST}/bin/Anomy + chmod u+w ${ROOT}/${DEST}/bin/Anomy/Sanitizer + chmod u+w ${ROOT}/${DEST}/contrib + chmod u+w ${ROOT}/${DEST}/testcases + chmod u+w ${ROOT}/${DEST}/testcases/results.def + + echo "" + echo "" + einfo "There is a howto for the integration of sanitizer" + einfo "into your (postfix) mail system at" + einfo "\thttp://advosys.ca/papers/postfix-filtering.html" + einfo "Please find example scripts to be used to integrate sanitizer" + einfo "into your (postfix) mail system at" + einfo "\t${ROOT}/${DEST}" + einfo "There is also a png and kivio document about a possible" + einfo "e-mail architecture" + echo "" + echo "" +} + +pkg_postrm() { + rm -f ${ROOT}/${DEST}/anomy.conf + + # remove groups and users + if [ -n "`grep ^sanitizer: ${ROOT}/etc/group`" ]; then + groupdel sanitizer + fi + + if [ -n "`grep ^sanitizer: ${ROOT}/etc/shadow`" ]; then + userdel -r sanitizer + fi +} + + diff --git a/net-mail/anomy-sanitizer/files/anomy.conf b/net-mail/anomy-sanitizer/files/anomy.conf new file mode 100644 index 000000000000..f7c45cd973d2 --- /dev/null +++ b/net-mail/anomy-sanitizer/files/anomy.conf @@ -0,0 +1,207 @@ +# Example configuration file for Anomy Sanitizer +# +# Thiemo Kellner, thiemo@thiam.ch, 2003-05-29 +# Based on http://advosys.ca/papers/postfix-filtering.html, +# Advosys Consulting Inc., Ottawa +# +# Works with Anomy Sanitizer revision 1.60 + + + # Warn user about unscanned parts, etc. + feat_verbose = 1 + + # Inline logs: 0 = Off, 1 = Maybe, 2 = Force + feat_log_inline = 1 + + # Print log to standard error: 0 = Off, 1 = On + feat_log_stderr = 1 + + # Don't use XML format for logs. + feat_log_xml = 0 + + # Omit trace info from logs. + feat_log_trace = 0 + + # Don't add any scratch space to part headers. + feat_log_after = 0 + + # Enable filename-based policy decisions. + feat_files = 1 + + # Force all parts (except text/plain and + # text/html parts) to have file names: 0 = Off, 1 = On + feat_force_name = 1 + + # Replace all boundary strings with our own + # NOTE: Always breaks PGP/MIME messages! + feat_boundaries = 0 + + # Protect against buffer overflows and null values. + feat_lengths = 1 + + # Defang incoming shell scripts. + feat_scripts = 1 + + # Defang active HTML content. + feat_html = 1 + + # Web-bugs are allowed. + feat_webbugs = 0 + + # Don't scan PGP signed message parts: 0 = Don't scan (???) + feat_trust_pgp = 0 + msg_pgp_warning = WARNING: Unsanitized content follows.\n + + # Sanitize inline uuencoded files. + feat_uuencoded = 1 + + # Sanitize forwarded messages + feat_forwards = 1 + + # Set to 0 if going productive (This isn't a test-case configuration.) + feat_testing = 1 + + # Fix invalid MIME, if possible. + feat_fixmime = 1 + + # Don't be excessively paranoid about MIME headers etc. + feat_paranoid = 0 + + # Advertisement to insert in each mail header: + header_info = X-Sanitizer: Anomy Sanitizer mail filter + header_url = 0 + header_rev = 0 + + + # + # Scoring + # + + # Any message requring this many modifications + # will cause the sanitizer to return a non-zero + # exit code after processing the entire message. + # To disable set to 0. + score_bad = 100 + #score_panic = 0 + + msg_file_drop = \n*****\n + msg_file_drop += NOTE: An attachment named %FILENAME was deleted from + msg_file_drop += this message because it contained a (windows) executable + msg_file_drop += or other potentially dangerous file type. + msg_file_drop += If you really need this attachment, have it re-sent + msg_file_drop += encapsulated, e.g. in a zip or tgz archive or contact your + msg_file_drop += mail system administrator. + + # + # You may need to increase the following if you have a very + # complex configuration split between multiple files. + # + # Thiemo Kellner, thiemo@thiam.ch, 2003-05-31 + # max_conf_recursions does not work with 1.60 + #max_conf_recursions = 5 # The default is 5. + # + # Create temporary or saved files using this template. + # An attachment named "dude.txt" might be saved as + # + # /var/quarantine/att-dude-txt.A9Y + # + # Note: The directory must exist and be writable by + # the user running the sanitizer. + # (supposedly: $F -> file name, $$$ -> three arbitrary characters) + file_name_tpl = /var/spool/sanitizer/att-$F.$$$ + + # We have three policies, in addition to the default which is + # to defang file names. + # + file_list_rules = 3 + file_default_policy = defang + file_default_filename = unnamed.file + + # Delete obviously executable attachments. This list is + # incomplete! This is a perl regular expression, see "man + # perlre" for info. The (?i) prefix makes the regexp case + # insensitive. + # + file_list_1 = (?i)(winmail.dat)| + file_list_1 += (\.(exe|com|vb[se]|dll|ocx|cmd|bat|pif|lnk|hlp|ms[ip]|reg|sct + file_list_1 += |inf|asd|cab|sh[sb]|scr|cpl|chm|ws[fhc]|hta|vcd|vcf|eml|nws))$ + file_list_1_policy = drop + file_list_1_scanner = 0 + + # Scan WinWord and Excel attachments with built-in macro scanner. + # We consider anything exceeding the score of 25 to be dangerous, + # and save it in the quarantine. + # + file_list_2 = (?i)\.(doc|dot|xls|xlw)$ + file_list_2_policy = accept:accept:save:save + file_list_2_scanner = 0:1:2:builtin/macro 25# Do not log to STDERR: + + # Allow file types considered "safe" (DO NOT JUST TRUST THIS LIST!) + file_list_3 = (?i)\.( + # Plain ASCII formats: + file_list_3 += txt|rtf|csv|dxf|htm|[sp]?html?|xml|xslt?|dtd|css|sgml + # PostScript (like) formats: + file_list_3 += |pdf|e?ps + # Word processor and document formats: + file_list_3 += |doc|dot|kwd|stw + # Spreadsheets: + file_list_3 += |xls|xlw|xlt|wk[1-4]|stc|ksp|gnumeric + # Presentation applications: + file_list_3 += |ppt|pps|pot|kpr|chrt + # Type setting formats: + file_list_3 += |dvi|texi?|tfm|txi|texinfo + # Flow charting: + file_list_3 += |flw + # Bitmap graphic files (maybe some are actually vector graphic formats): + file_list_3 += |jpe?g|gif|png|tiff?|bmp|psd|pcx|xcf|pat|pix|pnm|sgi|snp|ras|tga + file_list_3 += |xwd|xpm|dib|rle|cal|cas|pat|bmf|cel|cex|cgm|ico|img|jfi|jif|raw + file_list_3 += |crw|sun + # Vector graphics and diagramming: + file_list_3 += |vsd|drw|cdr|swf|pct|pict|kpm|kon + # Multimedia: + file_list_3 += |mp[23]|avi|mpe?g|mov|ram?|midi?|ogg|aiff?|au|snd|wav + # Archives: + file_list_3 += |zip|g?z|rar|tgz|t?bz2|tar|sit|sea|arc + # Package formats: + file_list_3 += |rpm|deb + # Others: + file_list_3 += |kfo + # Source code: + file_list_3 += |[ch](pp|\+\+)?|s|inc|asm|patch|java|php\d?|jsp|bas|ebuild) + file_list_3_policy = accept + file_list_3_scanner = 0 + + # Any file type not listed above gets renamed to prevent + # the mail client from auto-executing it. + + # + # More sample file lists + # + # Scan mp3 files for Evil Viruses, using the imaginary mp3virscan + # utility. Always define FOUR potential policies, which depend on the + # exit code returned by the scanner. Which code means what is + # defined in the scanner line, which must contain THREE entries. + # The fourth policy is used for "anything else". + # + # "accept" if the file is clean (exit status 0 or 1) + # "mangle" if the file was dirty, but is now clean (2 or 4) + # "drop" if the file is still dirty (66) + # "save" if the mp3virscan utility returns some other exit code + # or an error occurs. + # + #file_list_4 = (?i)\.(mp3|mp2|mpg)$ + #file_list_4_policy = accept:mangle:drop:save + #file_list_4_scanner = 0,1:2,4:66:/path/to/mp3virscan -opt -f %FILENAME + + # Archives and scriptable stuff - virus scan these. + # NOTE: There must be THREE groups of exit codes and FOUR policies, + # - the first three match the code groups, the fourth is default. + # + #file_list_5_scanner = 0:5:3,4:/usr/local/bin/avp.sh %FILENAME + #file_list_5_policy = accept:accept:save:save + #file_list_5 = (?i)\.(xls|d(at|oc)|p(pt|l)|rtf|[sp]?html? + #file_list_5 += |class|upd|wp\d?|m?db + #file_list_5 += |z(ip|oo)|ar[cj]|lha|[tr]ar|rpm|deb|slp|tgz + #file_list_5 += )(\.g?z|\.bz\d?)*$ + + diff --git a/net-mail/anomy-sanitizer/files/digest-anomy-sanitizer-1.67 b/net-mail/anomy-sanitizer/files/digest-anomy-sanitizer-1.67 new file mode 100644 index 000000000000..394a9e7c9b32 --- /dev/null +++ b/net-mail/anomy-sanitizer/files/digest-anomy-sanitizer-1.67 @@ -0,0 +1 @@ +MD5 f6e3da88db0f4a01c61db8717acf61d9 anomy-sanitizer-1.67.tar.gz 141720 diff --git a/net-mail/anomy-sanitizer/files/sample2_mailfilter.sh b/net-mail/anomy-sanitizer/files/sample2_mailfilter.sh new file mode 100644 index 000000000000..3448d0ac0ea2 --- /dev/null +++ b/net-mail/anomy-sanitizer/files/sample2_mailfilter.sh @@ -0,0 +1,83 @@ +#!/bin/sh +# +# spamassassin +# +# Simple filter to plug SpamAssassin only +# into the Postfix MTA, using the spamc / spamd +# daemon version of SpamAssassin. +# +# (Should result in higher performance on busy servers) +# +# NOTE: spamd must be running before using this script! +# +# For use with: +# Postfix 20010228 or later +# SpamAssassin 2.42 or later +# +############ +# # +# UNTESTED # +# # +############ + + +# VARIABLES +# --------- + +# File locations +# (CHANGE AS REQUIRED TO MATCH YOUR SET-UP) +INSPECT_DIR="/var/spool/sanitizer" +#INSPECT_DIR="/var/spool/filter" +SENDMAIL="/usr/lib/sendmail -i" +ANOMY="/usr/share/anomy-sanitizer" +ANOMY_BIN="${ANOMY}/bin/sanitizer.pl" +ANOMY_CONF="/usr/share/anomy-sanitizer/anomy.conf" +#ANOMY_LOG="/dev/null" +ANOMY_LOG="/tmp/sanitizer.log" +SPAMASSASSIN="/usr/bin/spamassassin" +#SPAMASSASSIN_LOG="/dev/null" +SPAMASSASSIN_LOG="/tmp/spamassassin.log" +CAT="/bin/cat" + +# Messages +UNABLE_TO_CD_INSPECTDIR="Impossible to change to ${INSPECT_DIR}" +MSG_CONTENT_REJECTED="Message content rejected" + +# Exit codes from <sysexits.h> +EX_TEMPFAIL=75 +EX_UNAVAILABLE=69 + +# Users that execute different filters +SPAMC_USER="sanitizer" + +export ANOMY + + +# MAIN +# ---- + +cd ${INSPECT_DIR} || { echo ${UNABLE_TO_CD_INSPECTDIR} ; exit ${EX_TEMPFAIL}; } + +# Clean up when done or when aborting. +trap "rm -f out.$$" 0 1 2 3 15 + +# sanitizer only +#${CAT} \ +# | ${ANOMY_BIN} ${ANOMY_CONF} 2>>${ANOMY_LOG} > out.$$ || \ +# { echo ${MSG_CONTENT_REJECTED}; exit ${EX_UNAVAILABLE}; } + +# sanitizer and SpamAssassin +${CAT} \ + | ${SPAMC} -f -u ${SPAMC_USER} 2>${SPAMASSASSIN_LOG} \ + | ${ANOMY_BIN} ${ANOMY_CONF} 2>>${ANOMY_LOG} > out.$$ || \ + { echo ${MSG_CONTENT_REJECTED}; exit ${EX_UNAVAILABLE}; } + +# SpamAssassin only +#${CAT} \ +# | ${SPAMC} -f -u ${SPAMC_USER} 2>${SPAMASSASSIN_LOG} > out.$$ || \ +# { echo ${MSG_CONTENT_REJECTED}; exit ${EX_UNAVAILABLE}; } + +$SENDMAIL "$@" < out.$$ + +exit 0 + diff --git a/net-mail/anomy-sanitizer/files/sample_e-mail-architecture.png b/net-mail/anomy-sanitizer/files/sample_e-mail-architecture.png Binary files differnew file mode 100644 index 000000000000..8df1a11dbd2a --- /dev/null +++ b/net-mail/anomy-sanitizer/files/sample_e-mail-architecture.png diff --git a/net-mail/anomy-sanitizer/files/sample_e-mail-architektur.flw b/net-mail/anomy-sanitizer/files/sample_e-mail-architektur.flw Binary files differnew file mode 100644 index 000000000000..8ce3f47131c7 --- /dev/null +++ b/net-mail/anomy-sanitizer/files/sample_e-mail-architektur.flw diff --git a/net-mail/anomy-sanitizer/files/sample_mailfiler.sh b/net-mail/anomy-sanitizer/files/sample_mailfiler.sh new file mode 100644 index 000000000000..a258f4890ded --- /dev/null +++ b/net-mail/anomy-sanitizer/files/sample_mailfiler.sh @@ -0,0 +1,76 @@ +#!/bin/sh +# +# spamc.sh +# +# Simple filter to plug SpamAssassin only +# into the Postfix MTA, using the spamc / spamd +# daemon version of SpamAssassin. +# +# (Should result in higher performance on busy servers) +# +# NOTE: spamd must be running before using this script! +# +# For use with: +# Postfix 20010228 or later +# SpamAssassin 2.42 or later +# + + +# VARIABLES +# --------- + +# File locations +# (CHANGE AS REQUIRED TO MATCH YOUR SET-UP) +INSPECT_DIR="/var/spool/sanitizer" +#INSPECT_DIR="/var/spool/filter" +SENDMAIL="/usr/lib/sendmail -i" +ANOMY="/usr/share/anomy-sanitizer" +ANOMY_BIN="${ANOMY}/bin/sanitizer.pl" +ANOMY_CONF="/usr/share/anomy-sanitizer/anomy.conf" +#ANOMY_LOG="/dev/null" +ANOMY_LOG="/tmp/sanitizer.log" +SPAMC="/usr/bin/spamc" +#SPAMC_LOG="/dev/null" +SPAMC_LOG="/tmp/spamc.log" +CAT="/bin/cat" + +# Messages +UNABLE_TO_CD_INSPECTDIR="Impossible to change to ${INSPECT_DIR}" +MSG_CONTENT_REJECTED="Message content rejected" + +# Exit codes from <sysexits.h> +EX_TEMPFAIL=75 +EX_UNAVAILABLE=69 + +# Users that execute different filters +SPAMC_USER="sanitizer" + +export ANOMY + + +# MAIN +# ---- + +cd ${INSPECT_DIR} || { echo ${UNABLE_TO_CD_INSPECTDIR} ; exit ${EX_TEMPFAIL}; } + +# sanitizer only +#${CAT} \ +# | ${ANOMY_BIN} ${ANOMY_CONF} 2>>${ANOMY_LOG} \ +# | ${SENDMAIL} "$@" || \ +# { echo ${MSG_CONTENT_REJECTED}; exit ${EX_UNAVAILABLE}; } + +# sanitizer and SpamAssassin +${CAT} \ + | ${SPAMC} -f -u ${SPAMC_USER} 2>${SPAMC_LOG} \ + | ${ANOMY_BIN} ${ANOMY_CONF} 2>>${ANOMY_LOG} \ + | ${SENDMAIL} "$@" || \ + { echo ${MSG_CONTENT_REJECTED}; exit ${EX_UNAVAILABLE}; } + +# SpamAssassin only +#${CAT} \ +# | ${SPAMC} -f -u ${SPAMC_USER} 2>${SPAMC_LOG} \ +# | ${SENDMAIL} "$@" || \ +# { echo ${MSG_CONTENT_REJECTED}; exit ${EX_UNAVAILABLE}; } + +exit 0 + diff --git a/net-mail/anomy-sanitizer/metadata.xml b/net-mail/anomy-sanitizer/metadata.xml new file mode 100644 index 000000000000..86672fe64c10 --- /dev/null +++ b/net-mail/anomy-sanitizer/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>perl</herd> + <maintainer> + <email>perl@gentoo.org</email> + <description>Primary Maintainer</description> + </maintainer> + <longdescription></longdescription> +</pkgmetadata> |