Hello.
Unlike promised there had to be another release, and i still hope
it is ok to forward the announcement here.
(Bicycle-Day has passed in the meantime, however.)
This fixes some bugs, even non-developers can now see --verbose
logging, for example. Out of interest i implemented sandboxing,
setrlimit(2) everywhere, but on top specifics for OpenBSD,
FreeBSD, and Linux.
Thank you, and Ciao! already here.
--- Forwarded from Steffen Nurpmeso <stef...@sdaoden.eu> ---
Date: Wed, 19 Apr 2023 23:36:06 +0200
...
Hey, and hello,
With "Many Thanks!" to Jens Schleusener and his cron job i started
looking into this again, and really found (the) bugs!
So today I announce v0.8.1 of this little RFC 6647 graylisting
postfix(1) policy service. It comes with these changes:
* Many, many thanks to Jens Schleusener, and his cron job!
And already and automatically on fossies.org since last night.
+ Add --status to query server status.
+ Server PID is now stored in the lock file (renamed to VAL_NAME.pid),
and --startup now waits for server response (like --shutdown does).
(VAL_NAME is the make(1) variable.)
+ Add sandboxing: generic setrlimit(2) based, plus an OS-dependent
strict sandboxing that can be disabled via --untamed. (Because it may
require an additional, internally managed, logger process, and may be
incompatible to (future) C library changes (see makefile).)
(On OpenBSD configured file paths are now even fixed byte-by-byte.)
I had that ringing in my ear ("not even pledge/unveil"), so while
there i spent quite some time to add operating-system security
sandboxing. (If anyone says "Why for a second-line service behind
postfix?", that is not wrong. Say --untamed, and/or compile with
VAL_OS_SANDBOX=0.)
- FIX memory map return check.
- FIX possible error path crash during program startup (missing fmt arg).
- fix: add missing su_log_set_level() and make --verbose work for users!
Yes, --verbose now works in non-development mode!
- fix: --startup was missing short -@ equivalent.
- fix: --test-mode did not include "focus-sender", "once" and "verbose".
- fix: VAL_MSG_* could not be overwritten on make(1) command line.
- Typos: treshold->threshold. (Jens Schleusener)
- (Source code style change spaces/80 -> tab/120+, saves ~12KB; etc.)
Except for the intermediate self-knitted build system (and bitrot)
i really do not expect any further release now.
The files to download are
https://ftp.sdaoden.eu/s-postgray-0.8.1.tar.gz
https://ftp.sdaoden.eu/s-postgray-0.8.1.tar.gz.asc
They also exist in a XY-latest.* version, and are signed with my
OpenPGP key available on some OpenPGP key servers, my website
(also WKD), and download area (https://ftp.sdaoden.eu/steffen.asc).
stef...@sdaoden.eu / 1883A0DD
(EE19 E1C1 F2F7 054F 8D39 54D8 3089 64B5 1883 A0DD)
The hyperlinked manual is online at
https://www.sdaoden.eu/code-postgray.html
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
