Here is 4.4 alpha2, with just build fixes since alpha 1

http://ftp.espci.fr/pub/milter-greylist/milter-greylist-4.4a2.tgz

ChangeLog since 2.2:

4.4a2
         Build fixes
         Fix corrupted log output
4.4a1
         Typo fixes in man pages (Bernhard Schneider)
         localaddr option so that Postifix user can use spf self
         Allow filtering header and body against LDAP or CURL gathered properties
         Add format string to report last matching LDAP or CURL propery
         Fix memory corruption bug
         Add a addfooter action clause in ACL, to add mail a footer
         Allow per-dacl maxpeek setting, set by maxpeer action clause in racl
         Add LDAP or CURL gathered property substitution in format strings
         Add continue type ACL
         p0f v3 support
4.3.9
         Fix wrong message size tracking, causing bug in spamd (Attila Bruncsak)
         Fix ratelimit sliding window for computing average
         Fix p0f port byte order (Enrico Scholz)
         Fix milter-greylist.m4 for newer Sendmail (Joe Pruett)
         Fix autoconf warning about --datarootdir (R P Herrold)
         Add spamassassin toggling to the .spec file (Adam Katz)
         Fix DKIM (John Wood, Jörgen Lundman)
4.3.8
         Fix spamd hang if message contains NULL (Enrico Scholz)
         Format string for SpamAssassin score
         Build fix for Solaris
         Send the queueid to spamd (Petar Bogdanovic)
         Close-on-exec sockets to avoid file shortage with stat (Enrico Scholz)
         Add a missing comma in X-Greylist (Kouhei Sutou)
         Look for liresolv in ${libdir} instead of /usr/lib (DUFRESNE VINCENT)
         Fix SPF on Postfix (Kouhei Sutou)
4.3.7
         Build fix when SPF is enabled
         Ratelimit on SMTP sessions and data size
         Fix missing ratelimit initialization
         Test for legacy config file timestamp so that it does not loop reloading
4.3.6
         New rate limiting feature
         Add a domatch keyword to ldapconf to enable ldapcheck matches
         Network byte order byg fix in p0f code (Adrian Dabrowski)
         Fix MX clause wrong results caused by thread unsafety (Hajimu UMEMOTO)
         Do not reject message if p0f cannot identiy the remote system
4.3.5
         Update .spec file for libcurl, GeoIP and p0f support (Chris Bennett)
         Really support dkim self and dkim none clauses
         Better configure test to avoid resolver memory leaks (Hajimu UMEMOTO)
         Fix p0f wrong results caused by thread unsafety (Enrico Scholz)
         Fix GeoIP related crashes caused by thread unsafety (Enrico Scholz)
         Start as root and drop priv later on RedHat (Ole Hansen)
         Fix dumpfile argument on command line (Ole Hansen)
         Fix missing reason for whitelisting (Attila Bruncsak)
         Wait 5 seconds before stopping, for database dump (Attila Bruncsak)
         Add mx ACL clause (Rudy Eschauzier)
         Do not use socket mode for the PID file (Kouhei Sutou)
         Fix tarpit deadlock (Kouhei Sutou)
4.3.4
         Restore not ACL keyword functionnality (Benoit Branciard)
         Fix uninitialized thread condition variable (Petar Bogdanovic)
         Fix Debian startup script
         New tarpit feature (Kouhei Sutou)
         Support make install as unprivilegied user (Kouhei Sutou)
4.3.3
         Fix unallocated memory use for ldapcheck and urlcheck property matching
         Fix off-by one bug in DATA stage filtering (Pascal Lalonde)
         Allow ACL override by ldapcheck clauses (Piotr Wadas)
         Header for autowhitelisted messages bug fix (Attila Bruncsak)
         Fix MX sync stop on config reload (Attila Bruncsak, Hajimu UMEMOTO)
         Improve Debian startup script (Adam Katz)
         Make SpamAssassin headers Sendmail-like (Petar Bogdanovic)
4.3.2
         Merge autowhite and greylist databases (Rudy Eschauzier)
4.3.1
         Log ACL id instead of line number (John Thiltges)
         Fix LDAP thread safety issues
         Make LDAP querries timeout configurable
         Make MX sync timeout peer-configurable (Attila Bruncsak)
         Fix a crash when LDAP server is down
         Update contributor list
         Make sure dump is really on disk even with a buggy ext4fs
         Build with OpenLDAP but not CURL (Matthias Scheler)
         Do not complain about unreachable p0f daemon if it is unconfigured
         Fix buffer overflow in SpamAssassin support (Enrico Scholz)
         Fix socket mode in sample config file
         Build fix on tru64 and Solaris
         4.2 Branch forked

--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

On Mon, Feb 27, 2012 at 2:56 AM,  <manu@...> wrote:
> shuttlebox <shuttlebox@...> wrote:
>
>> What do others think? I love the syntax of greylist.conf and often use
>> it instead of Sendmail, if only I had the above feature I could
>> integrate log parsing scripts that would blacklist spammers, I don't
>> want to mess with the main file for that.
>
> The include feature would be interesting, but we could also have an ACL
> clause to lookup a string from a file. Like we have urlcheck and
> ldapcheck:
>
> filecheck "blacklist" "/var/run/blacklist.txt" "%i"
> (...)
> racl blacklist filecheck "blacklist"
>
> The advantage is that you are less likely to mess the configuration if
> you enter badly formatted data. I suspect we can improve the above
> syntax to parse more complicated files.

I would be fine with just being able to read a single column text
file, nothing more complicated than that in my case, I'm thinking
about making some of the lists external so your suggestion would work
for me. The include in BIND is more general though and can outsource
anything that can be in named.conf, however in my case I don't see any
real benefit to that compared to what you suggested.

/peter bonivart

>
> I realize it's probably too late for the next stable and I don't even
> know if it has been discussed before but I would really like to see an
> include option in greylist.conf similar to what BIND DNS has for
> named.conf:
>
> http://www.zytrax.com/books/dns/ch7/include.html
>
> Basically, wherever "include <file>" is encountered it's replaced with
> the contents of <file>. Reasons are the same as in the link above.
>
> I'm ok with a change in one of the included files not triggering a
> reload but that we have to HUP ourselves. That's not a problem.
>
> What do others think? I love the syntax of greylist.conf and often use
> it instead of Sendmail, if only I had the above feature I could
> integrate log parsing scripts that would blacklist spammers, I don't
> want to mess with the main file for that.
>
> /peter bonivart
>

Hello,

I read through the examples for the "BIND" for the
advantage of having included configuration file.
By my opinion all the 3 arguments are going wrong
on the fact that when there is a new sub-configuration
file generated there has to be a notification system
to be in place (like sending HUP signal to the process)
which must be as priviledged as the BIND process itself.

If you write a code to verify for the new versions
of those files to send a HUP signal as well as you
could write a script instead which concatenates those
files into a single master config file.
(I am already doing that way!
I have a template file plus extractions from different
databases with formating script to generate the ACL
statements into the master config file.)

Syntax verification has to be done in both cases
so no difference on that.

With the include statement more code is required which
leads to bigger running process memory footprint as well
as higher chance having more bug in the code.

Bests,
Attila Bruncsak

This would be a really good feature!

One could plit lengthy files into groups.

It would be possibly "fairly easy" to implement if you do the merge the files
just before you check the in the moment?

Jobst


On Mon, Feb 27, 2012 at 02:56:44AM +0100, manu@... (manu@...)
wrote:
> shuttlebox <shuttlebox@...> wrote:
>
> > What do others think? I love the syntax of greylist.conf and often use
> > it instead of Sendmail, if only I had the above feature I could
> > integrate log parsing scripts that would blacklist spammers, I don't
> > want to mess with the main file for that.
>
> The include feature would be interesting, but we could also have an ACL
> clause to lookup a string from a file. Like we have urlcheck and
> ldapcheck:
>
> filecheck "blacklist" "/var/run/blacklist.txt" "%i"
> (...)
> racl blacklist filecheck "blacklist"
>
> The advantage is that you are less likely to mess the configuration if
> you enter badly formatted data. I suspect we can improve the above
> syntax to parse more complicated files.
>
> --
> Emmanuel Dreyfus
> http://hcpnet.free.fr/pubz
> manu@...

--
The journey of a thousand steps begins with few hundred forgotten necessities.

   | |0| |   Jobst Schmalenbach, jobst@..., General Manager
   | | |0|   Barrett Consulting Group P/L & The Meditation Room P/L
   |0|0|0|   +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia

Works for me:

  * CentOS 5.5
  * mimedefang-2.73 (as a milter)
  * sendmail.x86_64                        8.13.8-8.1.el5_7               
installed
  * clamav-milter.x86_64                   0.97.3-3.el5                   
installed

Feb 28 17:17:42 sendmail[9369]: q1S6HZqV009369: Milter add: header: X-Greylist:
Delayed for 00:03:11 by milter-greylist-4.4a2 (mail.barrett.com.au
[220.233.246.146]); Tue, 28 Feb 2012 17:17:42 +1100 (EST)
Feb 28 17:17:42 mimedefang.pl[7646]: q1S6HZqV009369:
MDLOG,q1S6HZqV009369,mail_in,,,<sentto-12763546-5942-1330409662-jobst=barrett.co\
m.au@...>,<jobst@...>,Re: [milter-greylist]
Feature request - include in greylist.conf
Feb 28 17:17:42 sendmail[9369]: q1S6HZqV009369: Milter add: header:
X-Scanned-By: MIMEDefang 2.73 on 220.233.246.146
Feb 28 17:17:42 sendmail[9369]: q1S6HZqV009369: Milter accept: message


On Mon, Feb 27, 2012 at 03:21:42AM +0100, manu@... (manu@...)
wrote:
> Here is 4.4 alpha2, with just build fixes since alpha 1
>
> http://ftp.espci.fr/pub/milter-greylist/milter-greylist-4.4a2.tgz
>
> ChangeLog since 2.2:
>
> 4.4a2
>         Build fixes
>         Fix corrupted log output
> 4.4a1
>         Typo fixes in man pages (Bernhard Schneider)
>         localaddr option so that Postifix user can use spf self
>         Allow filtering header and body against LDAP or CURL gathered
properties
>         Add format string to report last matching LDAP or CURL propery
>         Fix memory corruption bug
>         Add a addfooter action clause in ACL, to add mail a footer
>         Allow per-dacl maxpeek setting, set by maxpeer action clause in racl
>         Add LDAP or CURL gathered property substitution in format strings
>         Add continue type ACL
>         p0f v3 support
> 4.3.9
>         Fix wrong message size tracking, causing bug in spamd (Attila
Bruncsak)
>         Fix ratelimit sliding window for computing average
>         Fix p0f port byte order (Enrico Scholz)
>         Fix milter-greylist.m4 for newer Sendmail (Joe Pruett)
>         Fix autoconf warning about --datarootdir (R P Herrold)
>         Add spamassassin toggling to the .spec file (Adam Katz)
>         Fix DKIM (John Wood, Jörgen Lundman)
> 4.3.8
>         Fix spamd hang if message contains NULL (Enrico Scholz)
>         Format string for SpamAssassin score
>         Build fix for Solaris
>         Send the queueid to spamd (Petar Bogdanovic)
>         Close-on-exec sockets to avoid file shortage with stat (Enrico Scholz)
>         Add a missing comma in X-Greylist (Kouhei Sutou)
>         Look for liresolv in ${libdir} instead of /usr/lib (DUFRESNE VINCENT)
>         Fix SPF on Postfix (Kouhei Sutou)
> 4.3.7
>         Build fix when SPF is enabled
>         Ratelimit on SMTP sessions and data size
>         Fix missing ratelimit initialization
>         Test for legacy config file timestamp so that it does not loop
reloading
> 4.3.6
>         New rate limiting feature
>         Add a domatch keyword to ldapconf to enable ldapcheck matches
>         Network byte order byg fix in p0f code (Adrian Dabrowski)
>         Fix MX clause wrong results caused by thread unsafety (Hajimu UMEMOTO)
>         Do not reject message if p0f cannot identiy the remote system
> 4.3.5
>         Update .spec file for libcurl, GeoIP and p0f support (Chris Bennett)
>         Really support dkim self and dkim none clauses
>         Better configure test to avoid resolver memory leaks (Hajimu UMEMOTO)
>         Fix p0f wrong results caused by thread unsafety (Enrico Scholz)
>         Fix GeoIP related crashes caused by thread unsafety (Enrico Scholz)
>         Start as root and drop priv later on RedHat (Ole Hansen)
>         Fix dumpfile argument on command line (Ole Hansen)
>         Fix missing reason for whitelisting (Attila Bruncsak)
>         Wait 5 seconds before stopping, for database dump (Attila Bruncsak)
>         Add mx ACL clause (Rudy Eschauzier)
>         Do not use socket mode for the PID file (Kouhei Sutou)
>         Fix tarpit deadlock (Kouhei Sutou)
> 4.3.4
>         Restore not ACL keyword functionnality (Benoit Branciard)
>         Fix uninitialized thread condition variable (Petar Bogdanovic)
>         Fix Debian startup script
>         New tarpit feature (Kouhei Sutou)
>         Support make install as unprivilegied user (Kouhei Sutou)
> 4.3.3
>         Fix unallocated memory use for ldapcheck and urlcheck property
matching
>         Fix off-by one bug in DATA stage filtering (Pascal Lalonde)
>         Allow ACL override by ldapcheck clauses (Piotr Wadas)
>         Header for autowhitelisted messages bug fix (Attila Bruncsak)
>         Fix MX sync stop on config reload (Attila Bruncsak, Hajimu UMEMOTO)
>         Improve Debian startup script (Adam Katz)
>         Make SpamAssassin headers Sendmail-like (Petar Bogdanovic)
> 4.3.2
>         Merge autowhite and greylist databases (Rudy Eschauzier)
> 4.3.1
>         Log ACL id instead of line number (John Thiltges)
>         Fix LDAP thread safety issues
>         Make LDAP querries timeout configurable
>         Make MX sync timeout peer-configurable (Attila Bruncsak)
>         Fix a crash when LDAP server is down
>         Update contributor list
>         Make sure dump is really on disk even with a buggy ext4fs
>         Build with OpenLDAP but not CURL (Matthias Scheler)
>         Do not complain about unreachable p0f daemon if it is unconfigured
>         Fix buffer overflow in SpamAssassin support (Enrico Scholz)
>         Fix socket mode in sample config file
>         Build fix on tru64 and Solaris
>         4.2 Branch forked
>
> --
> Emmanuel Dreyfus
> http://hcpnet.free.fr/pubz
> manu@...

--
I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, F6, quit, ZZ, :q,
:q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, stop, end, F3, ~., ^]c, +++
ATH, disconnect, halt, abort, hangup, PF4, F20, ^X^X, :D::D, KJOB, F14-f-e,
F8-e, kill -1 $$, shutdown, kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock,
Stop-A, ... "Are you sure?" ... YES ... Phew ... I'm out!

   | |0| |   Jobst Schmalenbach, jobst@..., General Manager
   | | |0|   Barrett Consulting Group P/L & The Meditation Room P/L
   |0|0|0|   +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia

manu@... wrote:
  > shuttlebox <shuttlebox@...> wrote:
  >
  > > I'm using 4.8.30 and grep:ed the sources, found no trace of O_SHLOCK.
  >
  > Reading the sources, the flag is passed to open(2). In Solaris open(2)
  > man page, I find no way to get an unexclusive lock on the file.

Just for the record:  O_SHLOCK and O_EXLOCK are BSD-extensions,
so SysV-based systems like Solaris/SunOS 5.x don't support it.

  > The simplier solution is to define it as 0. Unix locks are advisory
  > anyway. We could add a flock(LOCK_SH) but it is probably not worth the
  > trouble.

flock() is also a BSD-extension.  :-)  Solaris supports flock()
from its compatibility interfaces, but the implementation just
calls fcntl() underneath, which is a POSIX-standard.

So, the most portable and easiest way is to use only fcntl()
for locking on all platforms.  No #ifdef required.

Best regards
    Oliver


--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

"Life is short (You need Python)"
         -- Bruce Eckel, ANSI C++ Comitee member, author
            of "Thinking in C++" and "Thinking in Java"

Oliver Fromme <olli@...> wrote:

> So, the most portable and easiest way is to use only fcntl()
> for locking on all platforms.  No #ifdef required.

And do you have a way to atomicaly open and lock?

--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

manu@... wrote:
  > Oliver Fromme <olli@...> wrote:
  >
  > > So, the most portable and easiest way is to use only fcntl()
  > > for locking on all platforms.  No #ifdef required.
  >
  > And do you have a way to atomicaly open and lock?

No, but I don't think that is necessary anyway.

You only have to be careful if you want to use O_TRUNC at the
same time.  In this case, you must first open the file without
O_TRUNC, then acquire the lock with fcntl(), and if successful,
use ftruncate() on the descriptor.

If fcntl() was not successful, just close the file descriptor
again.  In this case the file won't be touched at all (not even
the mtime or ctime).

Best regards
    Oliver


--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

"We, the unwilling, led by the unknowing,
are doing the impossible for the ungrateful.
We have done so much, for so long, with so little,
we are now qualified to do anything with nothing."
        -- Mother Teresa

On Sun, Feb 26, 2012 at 04:08:22PM +0100, shuttlebox wrote:
> On Sun, Feb 26, 2012 at 4:37 AM,  <manu@...> wrote:
> > shuttlebox <shuttlebox@...> wrote:
> >
> >> This is what I could find, does it help?
> >
> > Yes, please try this patch:
> > http://ftp.espci.fr/shadow/manu/mg44a1p2.patch
>
> I still get the warnings. I'm not sure I understand how you're trying
> to solve this but I'm guessing you want to trigger EXTENSIONS to be
> used..? However, configure doesn't seem to pick it up:
>
> checking if -D_REENTRANT is needed to use localtime_r and strtok_r... no
> checking if -D__EXTENSIONS__ is needed to use localtime_r and strtok_r... no
>
> Also, the build command hasn't added it either:
>
> /opt/csw/bin/gcc-4.6 -mtune=i686 -O2 -pipe -m32 -march=i386
> -DUSE_DB185_EMULATION -Wall -I/opt/csw/lib/include -DUSE_CURL
> -I/opt/csw/lib/include -DUSE_GEOIP -I/opt/csw/lib/include
> -DUSE_FD_POOL -DUSE_DRAC -DHAVE_DATA_CALLBACK -DUSE_DNSRBL
> -DCONFFILE=\"/etc/opt/csw/greylist.conf\"
> -DDUMPFILE=\"/var/opt/csw/milter-greylist/greylist.db\" -D_BSD_SOURCE
> -I. -I. -I/opt/csw/bdb48/include -I/opt/csw/include
> -I/opt/csw/bdb48/include -I/opt/csw/include  -c -o milter-greylist.o
> milter-greylist.c
> milter-greylist.c: In function 'real_header':
> milter-greylist.c:812:11: warning: variable 'stat' set but not used
> [-Wunused-but-set-variable]
> milter-greylist.c: In function 'real_body':
> milter-greylist.c:889:11: warning: variable 'stat' set but not used
> [-Wunused-but-set-variable]
> milter-greylist.c: In function 'real_eom':
> milter-greylist.c:991:11: warning: variable 'stat' set but not used
> [-Wunused-but-set-variable]
> milter-greylist.c: In function 'gmtoffset':
> milter-greylist.c:2043:2: warning: implicit declaration of function
> 'gmtime_r' [-Wimplicit-function-declaration]
> milter-greylist.c:2044:2: warning: implicit declaration of function
> 'localtime_r' [-Wimplicit-function-declaration]
> milter-greylist.c: In function 'fstring_expand':
> milter-greylist.c:2571:2: warning: implicit declaration of function
> 'strtok_r' [-Wimplicit-function-declaration]
> milter-greylist.c:2571:15: warning: assignment makes pointer from
> integer without a cast [enabled by default]

_r functions are only defined with correct prototypes if
  a) gcc is called with option -pthreads (POSIX threads)
  b) cc (Sun Studio Compiler) with -mt -lpthread

This defines implicit _REENTRANT and therefore the extended system interface
which
will be enabled by defining __EXTENSIONS__ is not needed (AFAIK).
As I have experienced _REENTRANT should not be defined explicitly (except for a
temporary hack or so).


>
> If I add EXTENSIONS manually to our build system it works:
>
> EXTRA_CFLAGS = -DUSE_DB185_EMULATION -D__EXTENSIONS__

What about with set the compile option -ptreads?

[..]

Johann E.K.

Hello,

May I suggest a small improvement for milter-greylist logging.

When milter-greylist does auto-whitelisting by external factors (such as
{greylist} macro being set) it writes only a short message to log. It
would be great if the tuple data is written as well. I mean:

Now:
mg_log(LOG_DEBUG,
        "whitelisted by {greylist}");

Todo:
mg_log(LOG_DEBUG,
        "%s: addr %s[%s] from %s to %s whitelisted by {greylist}",
        priv->priv_queueid, priv->priv_hostname, addrstr,
        priv->priv_from, *envrcpt);

Is there any reason not to do this?

Best regards,
Denis Solovyv

Denis Solovyov <elk@...> wrote:

> Is there any reason not to do this?

Perhaps some users wrote swript relying on log output. But we can still
have an option to get the improved version. For instance we could have a
configurable format string that gets the usual subsitutions.

--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

>> Is there any reason not to do this?
> Perhaps some users wrote swript relying on log output. But we can still
> have an option to get the improved version. For instance we could have a
> configurable format string that gets the usual subsitutions.

Thank you for your reply.

I guess the only thing a script can do with a current simple output line
is to count it. It won't be difficult to change scripts after extending
output... With a log output containing information about sender and
receiver we'll have much more great things for log analyzers to do.
Configurable format string here is overkill, I believe. Configuration
switch would be quite OK...

Best regards,
Denis Solovyov

Rudy Eschauzier <reschauzier@...> wrote:

> Attached is a patch file to add the buildmx and builddkim options to the
> rpm.spec file.
> It also fixes a strange build dependency on libsm

Got it.

--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Hello,

I try to build it with:
rpmbuild --define "build_postfix 1" --define "build_user smmsp" -tb
milter-greylist-4.2.7.tgz
but it fails:

gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom
-fasynchronous-unwind-tables -Wall -DUSE_POSTFIX -D_BSD_SOURCE -I. -I.    -c -o
macro.o macro.c
bison -y -p`echo conf_yacc.c|sed 's/^\([^_]\{1,\}_\).*$/\1/'` conf_yacc.y
flex -oconf_lex.c conf_lex.l
bison -y -p`echo dump_yacc.c|sed 's/^\([^_]\{1,\}_\).*$/\1/'` dump_yacc.y
mv y.tab.c dump_yacc.c
flex -odump_lex.c dump_lex.l
gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom
-fasynchronous-unwind-tables -Wall -DUSE_POSTFIX -D_BSD_SOURCE -I. -I.    -c -o
conf.o conf.c
mv y.tab.c conf_yacc.c
mv: nepavyksta patikrinti „y.tab.c“: No such file or directory

I think it uses make -j2, and 2nd bison overwrites the 1st bison's output
(y.tab.c).
It builds if I remove %{?_smp_mflags} from the spec file:

--- milter-greylist.spec.orig 2012-03-28 03:30:25.000000000 +0300
+++ milter-greylist.spec 2012-03-28 03:41:28.000000000 +0300
@@ -109,7 +109,7 @@
 	 --with-libGeoIP \
  %endif

-%{__make} %{?_smp_mflags}
+%{__make}


  %install


Does anyone know how to deal with such situations "oficially"? Or is it OK to
just remove %{?_smp_mflags}?

Regards,
Nerijus

Nerijus Baliunas <nerijus@...> wrote:

> Does anyone know how to deal with such situations "oficially"? Or is it OK
> to just remove %{?_smp_mflags}?

I have no problem removing them since I don't use the .spec file :-)
Anyone against that change?

--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Hi,

are FQDN in section 'list "my friends" addr' possible?

Ciao
Marcus

lists-yahoogroups@... <lists-yahoogroups@...> wrote:

> are FQDN in section 'list "my friends" addr' possible?

Ue FQDN with a domain list

list "brokenml" domain {                \
         broken.example.net           \
}

--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Hello,

Please explain to me if I need to use ^ and $ symbols to match the
beginning and the end of the string in regexps in acls. Examples in
milter-greylist doc don't use them at all, but won't

racl greylist rcpt /.*@example\.net/

match "test@..." as well?

With the best regards,
Denis Solovyov

Denis Solovyov <elk@...> wrote:

> Please explain to me if I need to use ^ and $ symbols to match the
> beginning and the end of the string in regexps in acls.

If you want to match boundaries, yes. For instance:
/whatever@example\.com$/

But note that ^.* here is useless and inefficient:
/^.*whatever@example\.com$/

--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

>> Please explain to me if I need to use ^ and $ symbols to match the
>> beginning and the end of the string in regexps in acls.
> If you want to match boundaries, yes. For instance:
> /whatever@example\.com$/
> But note that ^.* here is useless and inefficient:
> /^.*whatever@example\.com$/

Thank you.  I believe, then, the example from the doc

racl greylist rcpt /.*@example\.net/

probably should be replaced with

racl greylist rcpt /@example\.net$/

to avoid misunderstanding?  It is not clear now that /.*@example\.net/
actually matches much more than whatever@....

Denis Solovyov

Denis Solovyov <elk@...> wrote:

> Thank you.  I believe, then, the example from the doc
>
> racl greylist rcpt /.*@example\.net/
>
> probably should be replaced with
>
> racl greylist rcpt /@example\.net$/

Sure, please send a patch.

--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

On 03/27/2012 07:48 PM, Nerijus Baliunas wrote:
> Hello,
>
> I try to build it with:
> rpmbuild --define "build_postfix 1" --define "build_user smmsp" -tb
> milter-greylist-4.2.7.tgz
> but it fails:
>
> gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
> -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom
> -fasynchronous-unwind-tables -Wall -DUSE_POSTFIX -D_BSD_SOURCE -I. -I.
> -c -o macro.o macro.c
> bison -y -p`echo conf_yacc.c|sed 's/^\([^_]\{1,\}_\).*$/\1/'` conf_yacc.y
> flex -oconf_lex.c conf_lex.l
> bison -y -p`echo dump_yacc.c|sed 's/^\([^_]\{1,\}_\).*$/\1/'` dump_yacc.y
> mv y.tab.c dump_yacc.c
> flex -odump_lex.c dump_lex.l
> gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
> -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom
> -fasynchronous-unwind-tables -Wall -DUSE_POSTFIX -D_BSD_SOURCE -I. -I.
> -c -o conf.o conf.c
> mv y.tab.c conf_yacc.c
> mv: nepavyksta patikrinti „y.tab.c“: No such file or directory
>
> I think it uses make -j2, and 2nd bison overwrites the 1st bison's
> output (y.tab.c).
> It builds if I remove %{?_smp_mflags} from the spec file:
>
> --- milter-greylist.spec.orig 2012-03-28 03:30:25.000000000 +0300
> +++ milter-greylist.spec 2012-03-28 03:41:28.000000000 +0300
> @@ -109,7 +109,7 @@
> --with-libGeoIP \
> %endif
>
> -%{__make} %{?_smp_mflags}
> +%{__make}
>
>
> %install
>
> Does anyone know how to deal with such situations "oficially"? Or is it
> OK to just remove %{?_smp_mflags}?
>
> Regards,
> Nerijus

I've just run into something similar. I'm trying to build an RPM for
RHEL6 x86_64. I ran:

rpmbuild --define "build_sendmail 1" -tb \
   ../SOURCES/milter-greylist-4.3.9.tgz

I also get:

flex -oconf_lex.c conf_lex.l
bison -y -p`echo dump_yacc.c|sed 's/^\([^_]\{1,\}_\).*$/\1/'` dump_yacc.y
milter-greylist.c:2493: warning: 'last' may be used uninitialized in
this function
mv y.tab.c dump_yacc.c
flex -odump_lex.c dump_lex.l
gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wall
-DHAVE_DATA_CALLBACK -DCONFFILE=\"/etc/mail/greylist.conf\"
-DDUMPFILE=\"/var/milter-greylist/greylist.db\" -D_BSD_SOURCE -I. -I.
   -c -o conf.o conf.c
mv y.tab.c conf_yacc.c
mv: cannot stat `y.tab.c': No such file or directory
make: *** [conf_yacc.c] Error 1
make: *** Waiting for unfinished jobs....
error: Bad exit status from /var/tmp/rpm-tmp.nRIRgr (%build)


RPM build errors:
      Bad exit status from /var/tmp/rpm-tmp.nRIRgr (%build)

I took your advice and:

[tcameron@spamcatcher SPECS]$ diff -u milter-greylist.spec
milter-greylist.spec.orig
--- milter-greylist.spec 2012-05-05 22:59:08.896982213 -0500
+++ milter-greylist.spec.orig 2012-05-05 22:58:59.554233864 -0500
@@ -109,7 +109,7 @@
  	 --with-libGeoIP \
   %endif

-%{__make}
+%{__make} %{?_smp_mflags}

But now when I try to build it, I get:

test -f
/home/tcameron/rpmbuild/BUILDROOT/milter-greylist-4.3.9-1.x86_64/etc/mail/greyli\
st.conf
-o  \
		 -f
/home/tcameron/rpmbuild/BUILDROOT/milter-greylist-4.3.9-1.x86_64/etc/mail/greyli\
st.except
||  \
	      /usr/bin/install -c -m 644 ./greylist.conf
/home/tcameron/rpmbuild/BUILDROOT/milter-greylist-4.3.9-1.x86_64/etc/mail/greyli\
st.conf
/usr/bin/install -c -d -m 755 -o root
/home/tcameron/rpmbuild/BUILDROOT/milter-greylist-4.3.9-1.x86_64`dirname
/var/milter-greylist/greylist.db`
/usr/bin/install: cannot change owner and permissions of
`/home/tcameron/rpmbuild/BUILDROOT/milter-greylist-4.3.9-1.x86_64/var/milter-gre\
ylist':
Operation not permitted
make: *** [install-db] Error 1
error: Bad exit status from /var/tmp/rpm-tmp.KtSEYc (%install)


RPM build errors:
      Bad exit status from /var/tmp/rpm-tmp.KtSEYc (%install)

The same will happen if I set the user to smmsp. Now, best practice is
to build RPMs as a non-root user. Any clues for building an RPM for this
thing as a non-root user? I worked around it by changing the build user
and installation user as my Linux username, but that is less than
optimal, you know?

Thoughts?
Thomas

Howdy -

I've just now gotten back into using milter-greylist. I need to
configure it to whitelist entire domain names. I fully realize that this
might lead to some spam getting by, but the domain names are obscure
enough (partner businesses) that I don't mind the additional risk.

If I understand correctly, I would do:

# begin
list "partners" domain { \
example.com \
acmewidgetcorporation.com \
}

racl whitelist partners
# end

Is that right?

TC

Hi,

In <4FA5F85B.4060406@...>
   "Re: [milter-greylist] cannot build rpm on SMP machine" on Sat, 05 May 2012
23:04:43 -0500,
   Thomas Cameron <thomas.cameron@...> wrote:

> I also get:
>
> flex -oconf_lex.c conf_lex.l
> bison -y -p`echo dump_yacc.c|sed 's/^\([^_]\{1,\}_\).*$/\1/'` dump_yacc.y
> milter-greylist.c:2493: warning: 'last' may be used uninitialized in
> this function
> mv y.tab.c dump_yacc.c
> flex -odump_lex.c dump_lex.l
> gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
> -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wall
> -DHAVE_DATA_CALLBACK -DCONFFILE=\"/etc/mail/greylist.conf\"
> -DDUMPFILE=\"/var/milter-greylist/greylist.db\" -D_BSD_SOURCE -I. -I.
>   -c -o conf.o conf.c
> mv y.tab.c conf_yacc.c
> mv: cannot stat `y.tab.c': No such file or directory
> make: *** [conf_yacc.c] Error 1
> make: *** Waiting for unfinished jobs....
> error: Bad exit status from /var/tmp/rpm-tmp.nRIRgr (%build)

Here is a patch against milter-greylist itself to support
"make -j":

--
--- Makefile.in.~1.69.~ 2012-05-06 15:21:14.000000000 +0900
+++ Makefile.in 2012-05-06 15:54:38.921097972 +0900
@@ -148,8 +148,14 @@ realclean: clean
  .l.c:
 	 ${LEX} -o$@ $<
  .y.c:
- ${YACC} -p`echo $@|${SED} 's/^\([^_]\{1,\}_\).*$$/\1/'` $<
- ${MV} y.tab.c $@
+ prefix=`echo $@|${SED} 's/^\([^_]\{1,\}_\).*$$/\1/'`; \
+ ${RM} -Rf $${prefix} && \
+ ${INSTALL} -d $${prefix} && \
+ (cd $${prefix} && \
+  ${YACC} -p$${prefix} ../$< && \
+  ${MV} y.tab.c ../$@); \
+ ${RM} -Rf $${prefix}; \
+ ${TEST} -f $@

  # This is a target for debugging
  start: milter-greylist
--

This is another solution.

> But now when I try to build it, I get:
>
> test -f
>
/home/tcameron/rpmbuild/BUILDROOT/milter-greylist-4.3.9-1.x86_64/etc/mail/greyli\
st.conf
> -o  \
> 	 -f
>
/home/tcameron/rpmbuild/BUILDROOT/milter-greylist-4.3.9-1.x86_64/etc/mail/greyli\
st.except
> ||  \
> 	     /usr/bin/install -c -m 644 ./greylist.conf
>
/home/tcameron/rpmbuild/BUILDROOT/milter-greylist-4.3.9-1.x86_64/etc/mail/greyli\
st.conf
> /usr/bin/install -c -d -m 755 -o root
> /home/tcameron/rpmbuild/BUILDROOT/milter-greylist-4.3.9-1.x86_64`dirname
> /var/milter-greylist/greylist.db`
> /usr/bin/install: cannot change owner and permissions of
>
`/home/tcameron/rpmbuild/BUILDROOT/milter-greylist-4.3.9-1.x86_64/var/milter-gre\
ylist':
> Operation not permitted

You can avoid the problem by passing "USER=$USER" to
"%{__make} install".

  
https://github.com/kou/rpms/blob/milter-greylist-4.2.7/specs/milter-greylist/mil\
ter-greylist.spec#L46


Thanks,
--
kou