Name: clement
Version: 2.1
Release: 209%{?dist}
URL: http://www.clement.safe.ca
License: GPL
Summary: An application to filter and manage E-mail traffic
Group: System Environment/Daemons
Source: ftp://ftp.safe.ca/pub/%{name}-%{version}/srctgz/%{name}-%{version}-209.tar.gz
buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: byacc
BuildRequires: clamav-devel >= 0.87-1
BuildRequires: openssl-devel,bzip2-devel,gmp-devel,glibc-devel,pam-devel
Requires: clamav >= 0.87-1
Requires: iptables
Requires(post): chkconfig, initscripts
Requires(preun): chkconfig, initscripts
Requires(pre): /usr/sbin/useradd, /usr/sbin/groupadd
%description
Clement is an email firewall. Its purpose is to filter all email,
rejecting viruses and unwelcome messages at the SMTP protocol level
(and avoids bouncing to forged originators). Dubious emails are
centrally quarantined.
Clement extracts "email sending contexts" and can use a remote mentor
process to further analyze message context while still connected to the
remote sender process.
%prep
%setup -q
%build
%{__make} %{?_smp_mflags}
%install
%{__rm} -rf %{buildroot}
%{__make} install DESTDIR=%{buildroot}
%clean
%{__rm} -rf %{buildroot}
%post
if [ "$1" = 1 ]; then
/sbin/chkconfig --add %{name} 2>/dev/null || :
fi
if [ "$1" = 2 ]; then
if [ -f /var/lock/subsys/%{name} ] ; then
%{_initrddir}/%{name} restart 2>/dev/null || :
fi
fi
%pre
if [ "$1" = 1 ]; then
/usr/sbin/groupadd -r %{name} 2>/dev/null || :
/usr/sbin/useradd -r -M -d /var/spool/%{name}-%{version} \
-g %{name} -c "Clement daemon" \
-s /sbin/nologin %{name} 2>/dev/null || :
fi
%preun
if [ "$1" = 0 ]; then
if [ -f /var/lock/subsys/%{name} ] ; then
%{_initrddir}/%{name} stop 2>/dev/null || :
fi
export APPNAME=%{name}
%{_usr}/lib/%{name}-%{version}/support/remove.sh \
%{_sysconfdir}/pki/%{name}-%{version}/%{name}.pem \
%{_sysconfdir}/%{name}-%{version}/config.done 2>/dev/null || :
/sbin/chkconfig --del %{name} 2>/dev/null || :
(
/bin/echo -n "$APPNAME has been removed on "; date
/bin/echo "remaining file in this directory are logs and Emails"
/bin/echo "created while $APPNAME was in production."
/bin/echo "these files _may_ be removed too, but that they could"
/bin/echo "contain valuable data and admin should be careful"
/bin/echo "when removing them."
) > %{_var}/spool/%{name}-%{version}/README-%{name}-removed
fi
%files
%defattr(-,root,root,-)
%{_sysconfdir}/cron.daily/%{name}
%{_usr}/lib/%{name}-%{version}/
%{_datadir}/%{name}-%{version}/
%{_bindir}/pibsmtp
%{_bindir}/clrquar
%{_bindir}/clxtract
%attr(-,%{name},%{name}) %{_bindir}/%{name}
%attr(-,%{name},%{name}) %{_var}/spool/%{name}-%{version}/
%attr(-,%{name},%{name}) %{_var}/crash/%{name}-%{version}/
%attr(-,%{name},%{name}) %{_var}/lock/%{name}-%{version}/
%doc %{name}-%{version}-*.build_date
%doc doc/*.txt Changes FAQ LICENCE README
%attr(0755,root,root) %{_initrddir}/%{name}
%attr(-,%{name},%{name}) %config(noreplace) %{_sysconfdir}/%{name}-%{version}/
%config(noreplace) %{_sysconfdir}/yum.repos.d/%{name}.repo
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
%config(noreplace) %{_sysconfdir}/pki/%{name}-%{version}/trusted.pem
%config(noreplace) %{_sysconfdir}/httpd/conf/%{name}.conf
%changelog
* Mon Sep 3 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-209
- Bug-Fix:
* Fixed problem about undue relaying, was caused
by storing relais status within existing user cache.
* When trying to find hostname ipnumber, local definition
was not used, such it was impossible to overcome
"No MX or IP linkable to originator domain" problem
* Tue Aug 22 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-202
- Marker:
* Spec file adjustement (BuildRequires)
* Fri Aug 18 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-197
- Marker:
* Inclusion Fedora Extra.
* Tue Aug 15 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-193
- Improvement:
* Spec file very fine tuning
* Orphean E-mail are now properly store in the trouble
queue directory.
* Mon Aug 14 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-192
- Improvement:
* Adding running user and group clement to comply
to extras commitee recommendation.
* Timing change in modtrp.c to have a quicker
detection (1 sec instead of 5 sec) about
zombie state child process.
* Fri Aug 11 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-186
- Bug-Fix:
* WEB Interface (PHP), when user changed the
working language, page stop to be displayed
as the CGI was not able to access log file.
* Thu Aug 10 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-184
- bug-Fix
* Alias definition was crashing when only one
user was defined without domain.
- Improvement:
* Clement starting shell (/etc/rc.d/init.d/clement)
do not define the iptable rule 'clement' if
no redirection is defined within file iptables.conf.
* Sat Aug 5 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-183
- Improvement:
* Sorting WEB logs informations is now done by new
executable name 'clxtract'.
* WEB logs file are moved from /usr/share/clement-2.1/logs
to /var/spool/clement-2.1/wlogs
* Wed Jul 26 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-179
- Bug Fix:
* 'QUARANTINE_LOCAL' variable (clement.conf) was
not properly read when set as default or 'All_Other_Domains'.
* Tue Jul 25 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-177
- Bug Fix:
* If 'QUARANTINE_LOCAL' is set to 'No" (clement.conf) and
a to be quarantined E-mail is aliases to an OUTSIDE
domain (not known by clement), the process to
flag spam inside the E-mail subject was crashing (major).
- Improvement:
* Spec file, fine fine tuning.
* Thu Jul 11 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-176
* Further SPECS file fine tunning to be fully compliant
to Fedora-Extra package guideline.
* Thu Jul 5 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-175
- Bug-Fix:
* SMTP AUTH command was not working anymore, fixed the
CHKID messages format.
* Fine tuning about SPEC to avoid warning while
doing rpmbuild. File clembase.php is now named
clement.php and moved from /var/www/clement-2.1 to
/etc/clement-2.1.
WARNING: Previously installed clement MUST be manually
adjusted!
* Tue Jul 4 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-173
- Improvement:
* SPAM marker inserted inside the E-mail subject can be adjusted
according QUARANTINE_HEADER and QUARANTINE_EXTRA within
the clement.conf file.
* New clement.conf variable can be now managed via the Clement
WEB interface.
* File clement.conf, .domain and .domain are now written
by clement itself when management is done via the WEB interface
- Bug-Fix:
* No Zombie process after a user ID check.
* Mon Jun 26 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-171
- Improvement
* SPEC file clean according rpmlint-0.77-1.fc5
* Thu Jun 22 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-161
- Improvement:
* Better 'click' addition done to SPAM flagged E-mail
to advice mentor it is a good E-mail.
Fix insertion problem when MIME contents type was used.
* Tue Jun 20 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-159
- Bug-Fix:
* Fixed "CERT Vulnerability Note VU#738331" found
in unidns.c
- Improvement:
* Better 'click' addition done to SPAM flagged E-mail
to advice mentor it is a good E-mail.
Insertion problem when MIME contents type was used.
* Fri Jun 16 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-158
- Improvement:
* Quarantine policy (kept local or transmitted to end user)
can be now decided within clement.conf (can be set
within binding definition).
* AT SMTP protocol level, if 'From:' is empty (allowed
by RFC), 'From:' is set as Mailer_daemon@domainname,
where 'domainname' is extracted from the helo/ehlo
command.
- Bug-Fix:
* In case of "RSET" within the SMTP protocol exchange
session number is now alway updated.
* Batch procedure 'clrquar' was core-dumping when executed
(Major bug, created in 2.1-153)
* Wed Jun 14 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-154
- Improvement
* E-mail set quarantine are now sent to user with
a special marker within the subject.
* Quarantine local advice (no Mentor) can have
a Spam limite set by domaine within clement.conf
New Keywork 'SPAMLIM'.
- Bug-Fix:
* Signal are not in "SA_RESTART" mode anymore
(to avoid loop within waitpid when a SIGALRM
is received).
* closed a small memory leak.
* "Mentor Service" icone was sometime missing when
user was properly authenticated within Clement
* Message to Mentor without answer expected have
now a special reference ID (called ONWAY)
* Mon May 29 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-139
- Marker:
* Stable release Marker.
* Fri May 26 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-135
- Improvement:
* Clement smtp server modul is now sending messages
directly to checker without going to main process.
* Started to implement the capability to mark
SPAM email contents.
* Mon May 16 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-133
- Improvement:
* Clement is now sending 'relaying' flag information
when sending 'CHKRCPT' and 'RFRESH' message to
Mentor (is used when checking for remote spammer
status).
* Fri May 12 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-131
- Bug-Fix:
* Long aliases list was not working properly,
domain without name were added to the list.
* Wed May 10 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-130
- Marker:
* Stable release Marker.
* Mon May 8 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-126
- Bug Fix:
* If (by mistake) the '-Q' file in queue is corrupted
(no 'from' defined), E-mail is stored in the
trblq.
* Configuration changed to really use the generated
file 'poprelay', created from the file 'pibsmtp.lst'.
'poprelay' can/is used by Clement to know about relayed
IP number.
* Fri May 5 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-125
- Improvement:
* Clement use now clamav-0.88.2 version
* clement daily.sh is changed to clean 'trblq' area
from file older than 20 days.
* Clement Pop_Before_SMTP is now properly working.
* Wed May 3 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-116
- Improvement:
* Clement, Aliases are now fully implemented, aliases of
aliases are possible. Aliases are meaningful only
with domain set as 'keeplocal'.
* Wed Apr 27 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-115
- Improvement:
* Clement, when sender is rejecting an E-mail while it
was accepted by Clement, mail is stored within
a sender structure with the 'trblq' directory.
Process continue to send next E-mail within the queue.
* Tue Apr 22 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-114
- Improvement:
* Clement refuse E-mail at SMTP protocol level, if the
MAIL FROM: domain address is not resolvable as an
IP or an MX.
- Improvement: (version 2.1-113)
* The waiting for a socket connection is not forever
anymore but only for 5 second, allowing calling
program to do checking task time to time.
* Mon Apr 17 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-112
- Bug-Fix:
* If the subject include a '%' caractere the modtra.c
can cause a crash (% was inderstood as printf directive).
* Sat Apr 15 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-111
- Bug-Fix:
* Clement main daemon was crashing when recipient Email
was given as "<username@mail .ru>"
* Mon Apr 10 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-110
- Improvement:
* Clement in now integrated with OPenWebMail,
Web interface to user creation create all needed
files and directores to allow dovecot and openwebmail
to retrieve User E-mail.
* Mon Mar 27 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-108
- Improvement:
* Mentor improvement to detect Spammer site
* Tue Mar 21 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-103
- Bug fix:
* clement password change is now working (crypted
password uppercase letters are kept)
* Wed Mar 15 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-102
- Improvement:
* Mentor Email count improvement.
* Sun Mar 12 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-100
- Bug-Fix
* No Core-DUMP when remote sender is not on-line,
While an E-mail address need to be croschecked.
- Improvement:
* Better Timer management within gesipc.c
* Mon Mar 6 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-99
- Adding pam-devel as required to build clement from
src.rpm file.
- Adjusting clement starting shell script such iptables
configuration use a target named 'clement'
* Thu Mar 2 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-98
- Mentor bug-fix.
* Wed Mar 1 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-97
- Mentor Improvement.
* Mon Feb 27 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-95
- Improvement
Clement can bind on ANY address for a specific port,
'binding' directive in clement.conf must have a '*'
as hostname.
- When remote originator is granted to 'relayable' status
by Clement, E-mail is transmitted to recipient, regardless
the spam level detected by spamassassin.
* Thu Feb 23 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-93
- daily.sh was not removing its lock at the end of
script (Major!, was waiting/locking out next day daily cron)
- 'grep' used in /etc/rc.d/init.d/clement detect
only "IPT" string as present at the begining of the line.
* Mon Feb 20 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-92
- Clement do not check the domain MX if the domain
appear within configuretion definition (clement.conf)
- Adding /etc/yum.repos.d/clement.repo to allow
clement downloading via 'yum'
* Sat Feb 18 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-90
- Changes in Mentor.
* Fri Feb 17 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-89
- Clement can accept email address with a quote (like
o'brien)
- Better IPC messages recovery processus.
- Mandrake-2006 version, fixed call to clamav virus scanner.
Doesn't return "virus <Oversized.Zip> found in the E-mail"
anymore, when a big zipped file attachement is included within
E-mail.
- Cron Shell script is now executed under ID 'mail'.
* Tue Jan 31 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-84
- Changes in Mentor.
* Mon Jan 30 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-83
- Some "SENT" message un-needed acknowledge were pilling up within
the IPC area (Major!), causing an IPC bottleneck after a while.
Then "error in processing" was answered to every mail received.
* Sun Jan 29 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-82
- Relaying stopped to work with 2.1.0.80, (missing code!).
- Variable SMTPSRV within clement.conf is now working.
* Sat Jan 28 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-80
- Better handling if a remote Mentor is not on line
(clement work then in stand alone mode).
- An 'Error in processing' stop de clement iteration,
such IPC still messages in the queue can be removed
cleaning and have other iteration continue to work.
* Thu Jan 26 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-76
- '.' (End of DATA Segment) was not recognize by Firstclass
type SMTP daemon, when mail was relayed from clement to
internal server.
* Wed Jan 25 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-74
- Event log report the exact return from local SMTP
server when probing to know if a user is really existing.
* Mon Jan 23 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-72
- Better handling of UNIQID info not transmitted to Mentor
(Mentor channel is declared but not responding)
- Bux fix in /etc/rc.d/init.d/clement about postfix
configuration
* Sat Jan 21 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-71
- Under some condition, exiting clement process was sending
a TERM signal to process '-1' (Arrgh!)
- No need to rely on 'postmaster' E-mail id to double-check
E-mail relaying condition.
* Fri Jan 21 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-70
- cron-daily check if directores are existing before to
'cd' to it.
* Fri Jan 20 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-69
- Connection to remote sender is kept longer (5 minutes) in case
we have further E-mail to transmite
- Multiple connection to same Mentor are seen now as different
connections as long the CHKCODE is differente, is the CHKCODE
is the same, only one connection to the remote Mentor is kept open.
* Mon Jan 17 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-68
- Adding release.php in www directory to display the
propere release number on WEB page
- Better handling in case the remote sender (SENDER
definition in clement.conf) is not accessible to check
user ID
* Mon Jan 17 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-66
- clement.conf binding definition was not taking care of
multiple binding definition (':' separator), only
the first IP number was used.
* Mon Jan 16 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-65
/var/crash directory missing from spec definition
* Mon Jan 16 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-64
- clrquar doesn't run as root anymore (change its uid to be
mail).
- Adjustment within /etc/sysconfig/clement file (options
become OPTIONS).
- /etc/clement-2.1/iptables.conf fixed
- clement daemon starting shell fixed
* Sat Jan 15 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-61
- Version in production
* Sat Jan 7 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-57
- Further Spec file improvement.
- dispatching Clement components according 'FHS' guidelines.
* Mon Jan 2 2006 Jean-Marc Pigeon <jmp@safe.ca> 2.1-38
- Better relaying handling, clement daemon is able
make a difference between 'All_Other_Domains' and
"to be relayed" domain.
- Adjusting Spec file according <jeff@ultimateevil.org>
* Wed Dec 19 2005 Jean-Marc Pigeon <jmp@safe.ca> 2.1-30
- Web interface allow to manage user aliases
* Wed Dec 17 2005 Jean-Marc Pigeon <jmp@safe.ca> 2.1-29
- Checking installation impact with external clamav
* Wed Dec 17 2005 Jean-Marc Pigeon <jmp@safe.ca> 2.1-28
- adjusting SPEC file according rpmlint finding
#-------------------------------------------------------------