# Use systemd from F-15 / EL-7, else sysvinit %if 0%{?fedora} > 14 || 0%{?rhel} > 6 %global use_systemd 1 %global rundir /run %else %global use_systemd 0 %global rundir %{_localstatedir}/run %endif # rundir (/var/run or /run) is on tmpfs from F-15 / EL-7 %if 0%{?fedora} > 14 || 0%{?rhel} > 6 %global rundir_tmpfs 1 %endif # EL-5 needs to use libbind apparently %if "%{?rhel}" == "5" %global use_libbind 1 %endif Summary: Milter for greylisting, the next step in the spam control war Name: milter-greylist Version: 4.5.3 Release: 1%{?dist} License: BSD with advertising Group: System Environment/Daemons URL: http://hcpnet.free.fr/milter-greylist/ Source0: ftp://ftp.espci.fr/pub/milter-greylist/milter-greylist-%{version}.tgz Source1: README.fedora Source20: milter-greylist.systemd.service Patch0: milter-greylist-4.5.2-config.patch Patch1: milter-greylist-4.4.2-utf8.patch Patch4: ai_addrconfig.patch Patch7: milter-greylist-dkim-reentrant.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu) BuildRequires: bison BuildRequires: flex BuildRequires: m4 BuildRequires: curl-devel BuildRequires: GeoIP-devel BuildRequires: sendmail-devel %if 0%{?use_libbind} BuildRequires: %{_libdir}/libbind.so %endif Requires(pre): shadow-utils %if %{use_systemd} Requires(post): /bin/systemctl Requires(preun): /bin/systemctl Requires(postun): /bin/systemctl Obsoletes: milter-greylist-systemd < %{version}-%{release} Provides: milter-greylist-systemd = %{version}-%{release} %else Requires(post): /sbin/chkconfig Requires(preun): /sbin/chkconfig Requires(preun): initscripts Requires(postun): initscripts Obsoletes: milter-greylist-sysv < %{version}-%{release} Provides: milter-greylist-sysv = %{version}-%{release} %endif %description Greylisting is a new method of blocking significant amounts of spam at the mailserver level, but without resorting to heavyweight statistical analysis or other heuristical (and error-prone) approaches. Consequently, implementations are fairly lightweight, and may even decrease network traffic and processor load on your mailserver. This package provides a greylist filter for sendmail's milter API. %prep %setup -q -n milter-greylist-%{version} # Customize config for Fedora / EPEL # * Specify pidfile in initscript rather than config file # * Specify socket in config file rather than initscript # * Specify grmilter as the user to run the dæmon as # * Specify the GeoIP database location %patch0 # Rec-code docs as UTF8 %patch1 # Work around issues with ISC libbind and AI_ADDRCONFIG # http://tech.groups.yahoo.com/group/milter-greylist/message/5048 %patch4 -p1 # Lock DKIM calls %patch7 -p1 # README.fedora install -p -m 644 %{SOURCE1} . # Don't let the configure script find libresolv sed -i -e 's!/libresolv.a!/../../../no-such-lib.a!g' configure # Set socket/db/pidfile to be in FHS-compliant places for i in `find -type f`; do sed -e 's|/var/milter-greylist/milter-greylist.sock|%{rundir}/milter-greylist/milter-greylist.sock|g; s|/var/milter-greylist/greylist.db|%{_localstatedir}/lib/milter-greylist/db/greylist.db|g; s|/var/milter-greylist/milter-greylist.pid|%{rundir}/milter-greylist.pid|g; ' "$i" >"$i.tmp" cmp -s "$i" "$i.tmp" || cat "$i.tmp" >"$i" rm -f "$i".tmp done %build greylist_comps="%{?use_libbind:libbind} libcurl" export CPPFLAGS="-DUSE_CURL -DUSE_GEOIP -D_GNU_SOURCE -D_REENTRANT $(pkg-config --cflags-only-I $greylist_comps)" export LDLIBS="$(pkg-config --libs $greylist_comps) -lGeoIP" # Harden the build if supported %if 0%{?fedora} > 15 || 0%{?rhel} > 6 %global _hardened_build 1 export CFLAGS="%{__global_cflags} -fno-strict-aliasing" export LDFLAGS="-Wl,-z,now -Wl,-z,relro %{__global_ldflags} -Wl,--as-needed $LDLIBS" %else export CFLAGS="%{optflags} -fno-strict-aliasing" export LDFLAGS="-Wl,--as-needed $LDLIBS" %endif %configure \ --disable-drac \ --disable-rpath \ --with-user=grmilter \ --enable-dnsrbl \ --enable-spamassassin \ --enable-p0f \ --with-drac-db=%{_localstatedir}/lib/milter-greylist/drac/drac.db ## is now SMP safe :) make %{_smp_mflags} BINDIR=%{_sbindir} %install rm -rf %{buildroot} install -d -m 755 %{buildroot}{%{rundir}/milter-greylist,%{_localstatedir}/lib/milter-greylist/db} make install \ DESTDIR=%{buildroot} \ BINDIR=%{_sbindir} \ TEST=false \ USER="$(id -u)" # Create a dummy socket so we can %%ghost it and remove it on uninstall touch %{buildroot}%{rundir}/milter-greylist/milter-greylist.sock # Initscript %if %{use_systemd} install -D -p -m 0644 %{SOURCE20} %{buildroot}%{_unitdir}/milter-greylist.service %else install -D -p -m 755 rc-redhat.sh %{buildroot}%{_initrddir}/milter-greylist touch %{buildroot}%{rundir}/milter-greylist.pid %endif # Make sure /run/milter-greylist is re-created at boot time if /run is on tmpfs %if 0%{?rundir_tmpfs} install -d -m 755 %{buildroot}%{_prefix}/lib/tmpfiles.d cat << EOF > %{buildroot}%{_prefix}/lib/tmpfiles.d/milter-greylist.conf d %{rundir}/milter-greylist 0710 grmilter mail EOF %endif %clean rm -rf %{buildroot} %pre # Create account for milter-greylist to run as getent group grmilter >/dev/null || groupadd -r grmilter getent passwd grmilter >/dev/null || \ useradd -r -g grmilter -d %{_localstatedir}/lib/milter-greylist -s /sbin/nologin \ -c "Greylist-milter user" grmilter exit 0 %post %if %{use_systemd} /bin/systemctl daemon-reload >/dev/null || 2>&1 : %endif if [ $1 -eq 1 ]; then # Initial installation %if ! %{use_systemd} /sbin/chkconfig --add milter-greylist || : %endif %if 0%{?fedora} >= 18 /bin/systemctl preset milter-greylist.service >/dev/null 2>&1 || : %endif fi %preun if [ $1 -eq 0 ]; then # Package removal, not upgrade %if %{use_systemd} /bin/systemctl --no-reload disable milter-greylist.service >/dev/null 2>&1 || : /bin/systemctl stop milter-greylist.service >/dev/null 2>&1 || : %else %{_initrddir}/milter-greylist stop >/dev/null || : /sbin/chkconfig --del milter-greylist || : %endif fi %postun %if %{use_systemd} /bin/systemctl daemon-reload >/dev/null || 2>&1 : %endif if [ $1 -ge 1 ]; then # Package upgrade, not uninstall %if %{use_systemd} /bin/systemctl try-restart milter-greylist.service >/dev/null || : %else %{_initrddir}/milter-greylist condrestart >/dev/null || : %endif fi %files %doc ChangeLog README README.fedora %{_sbindir}/milter-greylist %attr(0640,root,grmilter) %verify(not mtime) %config(noreplace) %{_sysconfdir}/mail/greylist.conf %dir %attr(0751,grmilter,grmilter) %{_localstatedir}/lib/milter-greylist/ %dir %attr(0770,root,grmilter) %{_localstatedir}/lib/milter-greylist/db/ %dir %attr(0710,grmilter,mail) %{rundir}/milter-greylist/ %{_mandir}/man5/greylist.conf.5* %{_mandir}/man8/milter-greylist.8* %ghost %{rundir}/milter-greylist/milter-greylist.sock %if 0%{?rundir_tmpfs} %{_prefix}/lib/tmpfiles.d/milter-greylist.conf %endif %if %{use_systemd} %{_unitdir}/milter-greylist.service %else %{_initrddir}/milter-greylist %ghost %{rundir}/milter-greylist.pid %endif %changelog * Mon Aug 19 2013 Paul Howarth - 4.5.3-1 - Update to 4.5.3 - Format string expansions now honor %%r everywhere possible - Add unbracket option to resolve MTA-passed bracketed unresolved IP - set ACL clause to set/increment/decrement properties - log ACL clause to send formatted string to syslog * Wed Aug 14 2013 Paul Howarth - 4.5.2-1 - Update to 4.5.2 - Fix crash when chown socket without group - Fix memory leak in nsupdate config reload - Fix nsupdate servers option - Build fixes - Fix ACL bypass for second recipient when sender passed auth/tls/spf - Parallel build - Configurable package information - More verbosity in SPF logs - Use localaddr for p0f and %%V format string - Search current directory first for includes - Make unknown AF family non fatal in p0f, report errors once - Enable parallel build * Sat Aug 03 2013 Fedora Release Engineering - 4.5.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Mon May 20 2013 Paul Howarth - 4.5.1-1 - Update to 4.5.1 - More Solaris build fixes - Fix swapped %%f and %%r for stat example in default greylist.conf - Support p0f v3.06 and up with --with-p0f-src or --enable-p0f306 - DNS update support - "make clean" clears milter-greylist.spec - Add IPv6 support for MX sync * Thu Apr 11 2013 Paul Howarth - 4.4.2-1902 - Drop unused upstart support - Drop unused libspf support - Drop %%defattr, redundant since rpm 4.4 - Merge sysv/system packages back into main package, configuring appropriate initscrit for target distribution - Move tmpfiles configuration from /etc to /usr/lib - Re-do scriptlets * Wed Apr 10 2013 Jon Ciesla - 4.4.2-1901 - Migrate from fedora-usermgmt to guideline scriptlets * Sun Jan 27 2013 Enrico Scholz - 4.4.2-1900 - updated to 4.4.2 - rediffed patches and removed obsolete ones - enabled hardened build - enabled PrivateTmp for systemd * Sun Aug 19 2012 Enrico Scholz - 4.2.7-1900 - disabled upstart - removed old sysv related cruft * Fri Jul 20 2012 Fedora Release Engineering - 4.2.7-1701 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Wed Jan 4 2012 Enrico Scholz - 4.2.7-1700 - fixed various systemd and tmpfile related issues (698961, comments 5 + 6) * Sat Apr 23 2011 Enrico Scholz - 4.2.7-1600 - updated to 4.2.7 - fixed tmpfiles syntax * Tue Mar 1 2011 Enrico Scholz - 4.2.6-1600 - fixed byte order of src port in p0f check * Tue Feb 08 2011 Fedora Release Engineering - 4.2.6-1501 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Fri Dec 10 2010 Enrico Scholz - 4.2.6-1401 - added systemd initscripts and obsolete the old sysvinit ones * Wed Jul 14 2010 Enrico Scholz - 4.2.6-1400 - updated to 4.2.6 * Fri Jul 9 2010 Enrico Scholz - 4.2.5-1401 - added spamd-null patch * Wed Jun 9 2010 Enrico Scholz - 4.2.5-1400 - updated to 4.2.5 - added cloexec patch - rediffed patches * Sun Apr 18 2010 Enrico Scholz - 4.2.4-1400 - updated to 4.2.4 - removed patches which have been applied upstream * Sat Feb 20 2010 Enrico Scholz - 4.2.3-1400 - added patches to fix races in dkim, geoip and p0f modules - conditionalized -upstart subpackage - added conditional to build it with libbind (required for RHEL5) * Sun Dec 6 2009 Enrico Scholz - 4.2.3-1300 - updated -upstart to upstart 0.6.3 * Wed Aug 19 2009 Enrico Scholz - 4.2.3-2 - moved pre-2007 %%changelog entries into ChangeLog.rpm - do not link against libbind anymore; recent glibc seems to have fixed its resolver API so that -lresolv can be used by dnsrbl. Old -lbind conflicts with this library in a subtly way causing segfaults (#518274). * Wed Aug 19 2009 Enrico Scholz - 4.2.3-1 - updated to 4.2.3 - use conditionalized %%noarch macro to mark noarch subpackages - simplified upstart initscript because #501155 is solved * Sat Jul 25 2009 Fedora Release Engineering - 4.2.2-1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Sat Apr 11 2009 Enrico Scholz - 4.2.2-0. - updated to 4.2.2 - removed patches which where applied upstream * Mon Mar 09 2009 Adam Tkac - 4.2-0.5.b1 - libbind has been moved to separate package, rebuild * Sat Mar 7 2009 Enrico Scholz - 4.2-0.4.b1 - added -upstart subpackage - renamed -sysv to -sysvinit to let -upstart win the default depresolving * Wed Feb 25 2009 Fedora Release Engineering - 4.2-0.3.b1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Sat Feb 14 2009 Enrico Scholz - 4.2-0.1.b1 - updated to 4.2b1 - enabled spamassassin + p0f support - set path to GeoIP database in sample configuration (#439087) - changed /var/run/milter-greylist to be owned by the mail group and made it group-accessibly; this should allow usage with postfix when setting a 0666 socket mode (#210765) - added README.fedora * Fri Aug 8 2008 Tom "spot" Callaway - 4.1.1-2 - fix license tag * Sat Jun 21 2008 Enrico Scholz - 4.1.1-1 - updated to 4.1.1 * Mon Feb 18 2008 Fedora Release Engineering - 4.0-2 - Autorebuild for GCC 4.3 * Sat Nov 10 2007 Enrico Scholz - 4.0-1 - updated to final 4.0 - fixed conflicts between libbind and libresolv by linking them manually * Mon Oct 29 2007 Enrico Scholz - 4.0-0.3.rc2 - updated to 4.0rc2 * Sun Oct 14 2007 Enrico Scholz - 4.0-0.2.rc1 - updated to 4.0rc1 - built with curl and GeoIP support * Wed Apr 25 2007 Enrico Scholz - 3.0-2 - fixed user name in config file (bz #237737) - commented out pidfile entry; it is to be set by the init methods * Tue Apr 17 2007 Enrico Scholz - 3.0-1 - updated to 3.0 - enabled dnsrbl - removed -initng subpackage * Tue Jan 30 2007 Enrico Scholz - 2.1.12-3 - removed -minit subpackage