diff --git a/.gitignore b/.gitignore index 077e0db..7b5d5ef 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,8 @@ /amavis-v2.12.0.tar.bz2 -/amavis-v2.12.3.tar.bz2 +/amavis-v2.12.1.tar.bz2 +/amavis-v2.12.2.tar.bz2 +/amavis-b5619240f3dbbf008549d6688ffd78148c0c6a9d.tar.bz2 +/amavis-35407e96537e1e42bc01961eb428fa389c24c15f.tar.bz2 +/amavis-v2.13.0.tar.bz2 +/amavis-v2.13.1.tar.bz2 +/amavis-v2.14.0.tar.bz2 diff --git a/amavis-2.12.0-conf.patch b/amavis-2.12.0-conf.patch deleted file mode 100644 index 3722e8a..0000000 --- a/amavis-2.12.0-conf.patch +++ /dev/null @@ -1,213 +0,0 @@ -From f697a6d1cfe2499751157748a420994635e4ce68 Mon Sep 17 00:00:00 2001 -From: Juan Orti Alcaine -Date: Thu, 1 Aug 2019 12:40:43 +0200 -Subject: [PATCH] Fedora configuration modifications - ---- - amavis-mc | 6 ++--- - amavisd-agent | 2 +- - amavisd-nanny | 2 +- - amavisd-signer | 4 ++-- - amavisd.conf | 64 +++++++++++++++++++++++++------------------------- - 5 files changed, 39 insertions(+), 39 deletions(-) - -diff --git a/amavis-mc b/amavis-mc -index 88d9701..f6f8081 100755 ---- a/amavis-mc -+++ b/amavis-mc -@@ -70,10 +70,10 @@ use vars qw(@path @services $daemon_user $daemon_group $pid_file $log_level - - ### USER CONFIGURABLE: - --$daemon_user = 'vscan'; --$daemon_group = 'vscan'; -+$daemon_user = 'amavis'; -+$daemon_group = 'amavis'; - --$pid_file = '/var/amavis/amavis-mc.pid'; -+$pid_file = '/run/amavisd/amavis-mc.pid'; - - $log_level = 0; - $syslog_ident = 'amavis-mc'; -diff --git a/amavisd-agent b/amavisd-agent -index 1ebe2bb..b8271a3 100755 ---- a/amavisd-agent -+++ b/amavisd-agent -@@ -53,7 +53,7 @@ use BerkeleyDB; - - my($dbfile) = 'snmp.db'; - my($db_home) = # DB databases directory -- defined $ENV{'AMAVISD_DB_HOME'} ? $ENV{'AMAVISD_DB_HOME'} : '/var/amavis/db'; -+ defined $ENV{'AMAVISD_DB_HOME'} ? $ENV{'AMAVISD_DB_HOME'} : '/var/spool/amavisd/db'; - - my($wakeuptime) = 10; # -w, sleep time in seconds, may be fractional - my($repeatcount); # -c, repeat count (when defined) -diff --git a/amavisd-nanny b/amavisd-nanny -index 80b84dc..164549f 100755 ---- a/amavisd-nanny -+++ b/amavisd-nanny -@@ -61,7 +61,7 @@ my($activettl) = 10*60; # stuck active children are sent a SIGTERM - - my($dbfile) = 'nanny.db'; - my($db_home) = # DB databases directory -- defined $ENV{'AMAVISD_DB_HOME'} ? $ENV{'AMAVISD_DB_HOME'} : '/var/amavis/db'; -+ defined $ENV{'AMAVISD_DB_HOME'} ? $ENV{'AMAVISD_DB_HOME'} : '/var/spool/amavisd/db'; - my($wakeuptime) = 2; # -w, sleep time in seconds, may be fractional - my($repeatcount); # -c, repeat count (when defined) - -diff --git a/amavisd-signer b/amavisd-signer -index f154646..3042b7c 100755 ---- a/amavisd-signer -+++ b/amavisd-signer -@@ -86,8 +86,8 @@ $VERSION = 1.001; # 20100730 - # Please adjust the following settings as necessary: - # - --$daemon_user = 'vscan'; --$daemon_group = 'vscan'; -+$daemon_user = 'amavis'; -+$daemon_group = 'amavis'; - # $daemon_chroot_dir = '/var/amavis'; # chroot directory or undef - - # $daemonize = 1; -diff --git a/amavisd.conf b/amavisd.conf -index bb562e6..f2e0e40 100644 ---- a/amavisd.conf -+++ b/amavisd.conf -@@ -17,25 +17,25 @@ use strict; - # truncation in /proc//stat and ps -e output - - $max_servers = 2; # num of pre-forked children (2..30 is common), -m --$daemon_user = 'vscan'; # (no default; customary: vscan or amavis), -u --$daemon_group = 'vscan'; # (no default; customary: vscan or amavis), -g -+$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u -+$daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g - - $mydomain = 'example.com'; # a convenient default for other settings - --# $MYHOME = '/var/amavis'; # a convenient default for other settings, -H -+$MYHOME = '/var/spool/amavisd'; # a convenient default for other settings, -H - $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T - $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc. --$QUARANTINEDIR = '/var/virusmails'; # -Q -+$QUARANTINEDIR = undef; # -Q - # $quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine - # $release_format = 'resend'; # 'attach', 'plain', 'resend' - # $report_format = 'arf'; # 'attach', 'plain', 'resend', 'arf' - - # $daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R - --# $db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D -+$db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D - # $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S --# $lock_file = "$MYHOME/var/amavisd.lock"; # -L --# $pid_file = "$MYHOME/var/amavisd.pid"; # -P -+$lock_file = "/run/amavisd/amavisd.lock"; # -L -+$pid_file = "/run/amavisd/amavisd.pid"; # -P - #NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually - - $log_level = 0; # verbosity 0..5, -d -@@ -55,7 +55,7 @@ $enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key - @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 - 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); - --$unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter -+$unix_socketname = "/run/amavisd/amavisd.sock"; # amavisd-release or amavis-milter - # option(s) -p overrides $inet_socket_port and $unix_socketname - - $inet_socket_port = 10024; # listen on this local TCP port(s) -@@ -119,11 +119,11 @@ $sa_local_tests_only = 0; # only tests which do not require internet access? - # $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP; - # defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16) - --$virus_admin = "virusalert\@$mydomain"; # notifications recip. -+$virus_admin = undef; # notifications recip. - --$mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications sender --$mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications sender --$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender -+$mailfrom_notify_admin = undef; # notifications sender -+$mailfrom_notify_recip = undef; # notifications sender -+$mailfrom_notify_spamadmin = undef; # notifications sender - $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef - - @addr_extension_virus_maps = ('virus'); -@@ -157,10 +157,10 @@ $defang_by_ccat{CC_BADH.",6"} = 1; # header field syntax error - # $notify_method = 'smtp:[127.0.0.1]:10025'; - # $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter! - --# $final_virus_destiny = D_DISCARD; --# $final_banned_destiny = D_DISCARD; --# $final_spam_destiny = D_PASS; #!!! D_DISCARD / D_REJECT --# $final_bad_header_destiny = D_PASS; -+$final_virus_destiny = D_DISCARD; -+$final_banned_destiny = D_BOUNCE; -+$final_spam_destiny = D_DISCARD; #!!! D_DISCARD / D_REJECT -+$final_bad_header_destiny = D_BOUNCE; - # $bad_header_quarantine_method = undef; - - # $os_fingerprint_method = 'p0f:*:2345'; # to query p0f-analyzer.pl -@@ -329,8 +329,8 @@ $banned_filename_re = new_RE( - ['lzma', \&do_uncompress, - ['lzmadec', 'xz -dc --format=lzma', - 'lzma -dc', 'unlzma -c', 'lzcat', 'lzmadec'] ], -- ['lrz', \&do_uncompress, -- ['lrzip -q -k -d -o -', 'lrzcat -q -k'] ], -+# ['lrz', \&do_uncompress, -+# ['lrzip -q -k -d -o -', 'lrzcat -q -k'] ], - ['lzo', \&do_uncompress, 'lzop -d'], - ['lz4', \&do_uncompress, ['lz4c -d'] ], - ['rpm', \&do_uncompress, ['rpm2cpio.pl', 'rpm2cpio'] ], -@@ -342,9 +342,9 @@ $banned_filename_re = new_RE( - ['arj', \&do_unarj, ['unarj', 'arj'] ], - ['arc', \&do_arc, ['nomarch', 'arc'] ], - ['zoo', \&do_zoo, ['zoo', 'unzoo'] ], -- ['doc', \&do_ole, 'ripole'], -+# ['doc', \&do_ole, 'ripole'], # no ripole package so far - ['cab', \&do_cabextract, 'cabextract'], -- ['tnef', \&do_tnef_ext, 'tnef'], -+# ['tnef', \&do_tnef_ext, 'tnef'], # use internal do_tnef() instead - ['tnef', \&do_tnef], - # ['lha', \&do_lha, 'lha'], # not safe, use 7z instead - # ['sit', \&do_unstuff, 'unstuff'], # not safe -@@ -382,16 +382,16 @@ $banned_filename_re = new_RE( - # qr/^(?:310|420)[,\s]*(?:.* <<< )?(.+?)(?: ; |$)/m ], - # settings for the SAVAPI3.conf: ArchiveScan=1, HeurLevel=2, MailboxScan=1 - --# ### http://www.clamav.net/ --# ['ClamAV-clamd', --# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"], --# qr/\bOK$/m, qr/\bFOUND$/m, --# qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], --# # NOTE: run clamd under the same user as amavisd - or run it under its own --# # uid such as clamav, add user clamav to the amavis group, and then add --# # AllowSupplementaryGroups to clamd.conf; --# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in --# # this entry; when running chrooted one may prefer a socket under $MYHOME. -+ ### http://www.clamav.net/ -+ ['ClamAV-clamd', -+ \&ask_daemon, ["CONTSCAN {}\n", "/run/clamd.amavisd/clamd.sock"], -+ qr/\bOK$/m, qr/\bFOUND$/m, -+ qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], -+ # NOTE: run clamd under the same user as amavisd - or run it under its own -+ # uid such as clamav, add user clamav to the amavis group, and then add -+ # AllowSupplementaryGroups to clamd.conf; -+ # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in -+ # this entry; when running chrooted one may prefer a socket under $MYHOME. - - # ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred) - # # note that Mail::ClamAV requires perl to be build with threading! -@@ -701,8 +701,8 @@ $banned_filename_re = new_RE( - # ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'], - # '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/m ], - -- ### http://www.avast.com/ -- ['avast! Antivirus', '/bin/scan', '{}', [0], [1], qr/\t(.+)/m ], -+# ### http://www.avast.com/ -+# ['avast! Antivirus', '/bin/scan', '{}', [0], [1], qr/\t(.+)/m ], - - ### http://www.ikarus-software.com/ - ['Ikarus AntiVirus for Linux', 'ikarus', --- -2.21.0 - diff --git a/amavis-conf.patch b/amavis-conf.patch new file mode 100644 index 0000000..66966d4 --- /dev/null +++ b/amavis-conf.patch @@ -0,0 +1,338 @@ +From 760c0848cf0e0c13b33bcd0823ea5a310587d8a1 Mon Sep 17 00:00:00 2001 +From: Juan Orti Alcaine +Date: Thu, 17 Jul 2025 21:02:32 +0200 +Subject: [PATCH] Fedora configuration modifications + +--- + bin/amavis-mc | 6 ++-- + bin/amavisd-agent | 2 +- + bin/amavisd-nanny | 2 +- + bin/amavisd-release | 4 +-- + bin/amavisd-signer | 4 +-- + bin/amavisd-submit | 6 ++-- + conf/amavisd.conf | 79 ++++++++++++++++++++++++--------------------- + 7 files changed, 55 insertions(+), 48 deletions(-) + +diff --git a/bin/amavis-mc b/bin/amavis-mc +index 1c913e0..46e2013 100755 +--- a/bin/amavis-mc ++++ b/bin/amavis-mc +@@ -73,10 +73,10 @@ use vars qw(@path @services $daemon_user @daemon_groups $pid_file $log_level + + ### USER CONFIGURABLE: + +-$daemon_user = 'vscan'; +-@daemon_groups = 'vscan'; ++$daemon_user = 'amavis'; ++@daemon_groups = 'amavis'; + +-$pid_file = '/var/amavis/amavis-mc.pid'; ++$pid_file = '/run/amavisd/amavis-mc.pid'; + + $log_level = 0; + $syslog_ident = 'amavis-mc'; +diff --git a/bin/amavisd-agent b/bin/amavisd-agent +index bbefbb3..fe44697 100755 +--- a/bin/amavisd-agent ++++ b/bin/amavisd-agent +@@ -54,7 +54,7 @@ use BerkeleyDB; + + my($dbfile) = 'snmp.db'; + my($db_home) = # DB databases directory +- defined $ENV{'AMAVISD_DB_HOME'} ? $ENV{'AMAVISD_DB_HOME'} : '/var/amavis/db'; ++ defined $ENV{'AMAVISD_DB_HOME'} ? $ENV{'AMAVISD_DB_HOME'} : '/var/spool/amavisd/db'; + + my($wakeuptime) = 10; # -w, sleep time in seconds, may be fractional + my($repeatcount); # -c, repeat count (when defined) +diff --git a/bin/amavisd-nanny b/bin/amavisd-nanny +index f9d7f6d..ffc9d54 100755 +--- a/bin/amavisd-nanny ++++ b/bin/amavisd-nanny +@@ -62,7 +62,7 @@ my($activettl) = 10*60; # stuck active children are sent a SIGTERM + + my($dbfile) = 'nanny.db'; + my($db_home) = # DB databases directory +- defined $ENV{'AMAVISD_DB_HOME'} ? $ENV{'AMAVISD_DB_HOME'} : '/var/amavis/db'; ++ defined $ENV{'AMAVISD_DB_HOME'} ? $ENV{'AMAVISD_DB_HOME'} : '/var/spool/amavisd/db'; + my($wakeuptime) = 2; # -w, sleep time in seconds, may be fractional + my($repeatcount); # -c, repeat count (when defined) + +diff --git a/bin/amavisd-release b/bin/amavisd-release +index 597c663..88ef695 100755 +--- a/bin/amavisd-release ++++ b/bin/amavisd-release +@@ -50,7 +50,7 @@ + # To be placed in amavisd.conf: + # $interface_policy{'SOCK'} = 'AM.PDP'; + # $policy_bank{'AM.PDP'} = { protocol=>'AM.PDP' }; +-# $unix_socketname = '/var/amavis/amavisd.sock'; ++# $unix_socketname = '/run/amavisd/amavisd.sock'; + # or: + # $interface_policy{'9998'} = 'AM.PDP'; + # $policy_bank{'AM.PDP'} = { protocol=>'AM.PDP' }; +@@ -88,7 +88,7 @@ BEGIN { + $log_level = 1; + # $socketname = '127.0.0.1:9998'; + # $socketname = '[::1]:9998'; +- $socketname = '/var/amavis/amavisd.sock'; ++ $socketname = '/run/amavisd/amavisd.sock'; + + ### END OF USER CONFIGURABLE + } +diff --git a/bin/amavisd-signer b/bin/amavisd-signer +index 680513c..6f537f4 100755 +--- a/bin/amavisd-signer ++++ b/bin/amavisd-signer +@@ -88,8 +88,8 @@ $VERSION = 1.001; # 20100730 + # Please adjust the following settings as necessary: + # + +-$daemon_user = 'vscan'; +-@daemon_groups = 'vscan'; ++$daemon_user = 'amavis'; ++@daemon_groups = 'amavis'; + # $daemon_chroot_dir = '/var/amavis'; # chroot directory or undef + + # $daemonize = 1; +diff --git a/bin/amavisd-submit b/bin/amavisd-submit +index 7e8cedb..5eefdd7 100755 +--- a/bin/amavisd-submit ++++ b/bin/amavisd-submit +@@ -53,7 +53,7 @@ + # To be placed in amavisd.conf: + # $interface_policy{'SOCK'} = 'AM.PDP'; + # $policy_bank{'AM.PDP'} = { protocol=>'AM.PDP' }; +-# $unix_socketname = '/var/amavis/amavisd.sock'; ++# $unix_socketname = '/run/amavisd/amavisd.sock'; + + use warnings; + use warnings FATAL => 'utf8'; +@@ -73,9 +73,9 @@ BEGIN { + ### USER CONFIGURABLE: + + $log_level = 0; +- $tempbase = '/var/amavis/tmp'; # where to create a temp directory with a msg ++ $tempbase = '/run/amavisd/tmp'; # where to create a temp directory with a msg + +- $socketname = '/var/amavis/amavisd.sock'; ++ $socketname = '/run/amavisd/amavisd.sock'; + # $socketname = '127.0.0.1:9998'; + # $socketname = '[::1]:9998'; + +diff --git a/conf/amavisd.conf b/conf/amavisd.conf +index a612b49..d3acb42 100644 +--- a/conf/amavisd.conf ++++ b/conf/amavisd.conf +@@ -17,25 +17,25 @@ use strict; + # truncation in /proc//stat and ps -e output + + $max_servers = 2; # num of pre-forked children (2..30 is common), -m +-$daemon_user = 'vscan'; # (no default; customary: vscan or amavis), -u +-@daemon_groups = 'vscan'; # (leave empty to use $daemon_user's supplementary groups), -g ++$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u ++@daemon_groups = 'amavis'; # (leave empty to use $daemon_user's supplementary groups), -g + + $mydomain = 'example.com'; # a convenient default for other settings + +-# $MYHOME = '/var/amavis'; # a convenient default for other settings, -H ++$MYHOME = '/var/spool/amavisd'; # a convenient default for other settings, -H + $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T + $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc. +-$QUARANTINEDIR = '/var/virusmails'; # -Q ++$QUARANTINEDIR = undef; # -Q + # $quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine + # $release_format = 'resend'; # 'attach', 'plain', 'resend' + # $report_format = 'arf'; # 'attach', 'plain', 'resend', 'arf' + + # $daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R + +-# $db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D ++$db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D + # $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S +-# $lock_file = "$MYHOME/var/amavisd.lock"; # -L +-# $pid_file = "$MYHOME/var/amavisd.pid"; # -P ++$lock_file = "/run/amavisd/amavisd.lock"; # -L ++$pid_file = "/run/amavisd/amavisd.pid"; # -P + #NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually + + $log_level = 0; # verbosity 0..5, -d +@@ -55,11 +55,14 @@ $enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key + @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 + 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); + +-$unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter ++$unix_socketname = "/run/amavisd/amavisd.sock"; # amavisd-release or amavis-milter + # option(s) -p overrides $inet_socket_port and $unix_socketname + ++# The default receiving port in the Fedora and RHEL SELinux policy is 10024. ++# To allow additional ports you need to label them as 'amavisd_recv_port_t' ++# For example: semanage port -a -t amavisd_recv_port_t -p tcp 10022 + $inet_socket_port = 10024; # listen on this local TCP port(s) +-# $inet_socket_port = [10024,10026]; # listen on multiple TCP ports ++# $inet_socket_port = [10022,10024]; # listen on multiple TCP ports + + $policy_bank{'MYNETS'} = { # mail originating from @mynetworks + originating => 1, # is true in MYNETS by default, but let's make it explicit +@@ -67,8 +70,8 @@ $policy_bank{'MYNETS'} = { # mail originating from @mynetworks + }; + + # it is up to MTA to re-route mail from authenticated roaming users or +-# from internal hosts to a dedicated TCP port (such as 10026) for filtering +-$interface_policy{'10026'} = 'ORIGINATING'; ++# from internal hosts to a dedicated TCP port (such as 10022) for filtering ++$interface_policy{'10022'} = 'ORIGINATING'; + + $policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users + originating => 1, # declare that mail was submitted by our smtp client +@@ -78,7 +81,7 @@ $policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users + spam_admin_maps => ["virusalert\@$mydomain"], + warnbadhsender => 1, + # forward to a smtpd service providing DKIM signing service +- forward_method => 'smtp:[127.0.0.1]:10027', ++ forward_method => 'smtp:[127.0.0.1]:10025', + # force MTA conversion to 7-bit (e.g. before DKIM signing) + smtpd_discard_ehlo_keywords => ['8BITMIME'], + bypass_banned_checks_maps => [1], # allow sending any file names and types +@@ -119,11 +122,11 @@ $sa_local_tests_only = 0; # only tests which do not require internet access? + # $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP; + # defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16) + +-$virus_admin = "virusalert\@$mydomain"; # notifications recip. ++$virus_admin = undef; # notifications recip. + +-$mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications sender +-$mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications sender +-$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender ++$mailfrom_notify_admin = undef; # notifications sender ++$mailfrom_notify_recip = undef; # notifications sender ++$mailfrom_notify_spamadmin = undef; # notifications sender + $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef + + @addr_extension_virus_maps = ('virus'); +@@ -167,13 +170,16 @@ $defang_by_ccat{CC_UNCHECKED.",3"} = 1; # ambiguous content (e.g. multipart boun + + # $myhostname = 'host.example.com'; # must be a fully-qualified domain name! + +-# $notify_method = 'smtp:[127.0.0.1]:10025'; +-# $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter! ++# The default forwarding port in the Fedora and RHEL SELinux policy is 10025. ++# To allow additional ports you need to label them as 'amavisd_send_port_t'. ++# For example: semanage port -a -t amavisd_send_port_t -p tcp 10023 ++# $notify_method = 'smtp:[127.0.0.1]:10023'; ++# $forward_method = 'smtp:[127.0.0.1]:10023'; # set to undef with milter! + +-# $final_virus_destiny = D_DISCARD; +-# $final_banned_destiny = D_DISCARD; +-# $final_spam_destiny = D_PASS; #!!! D_DISCARD / D_REJECT +-# $final_bad_header_destiny = D_PASS; ++$final_virus_destiny = D_DISCARD; ++$final_banned_destiny = D_BOUNCE; ++$final_spam_destiny = D_DISCARD; #!!! D_DISCARD / D_REJECT ++$final_bad_header_destiny = D_BOUNCE; + # $bad_header_quarantine_method = undef; + + # $os_fingerprint_method = 'p0f:*:2345'; # to query p0f-analyzer.pl +@@ -342,8 +348,8 @@ $banned_filename_re = new_RE( + ['lzma', \&do_uncompress, + ['lzmadec', 'xz -dc --format=lzma', + 'lzma -dc', 'unlzma -c', 'lzcat', 'lzmadec'] ], +- ['lrz', \&do_uncompress, +- ['lrzip -q -k -d -o -', 'lrzcat -q -k'] ], ++# ['lrz', \&do_uncompress, ++# ['lrzip -q -k -d -o -', 'lrzcat -q -k'] ], + ['lzo', \&do_uncompress, 'lzop -d'], + ['lzip', \&do_uncompress, ['lzip -d'] ], + ['lz4', \&do_uncompress, ['lz4c -d'] ], +@@ -356,9 +362,9 @@ $banned_filename_re = new_RE( + ['arj', \&do_unarj, ['unarj', 'arj'] ], + ['arc', \&do_arc, ['nomarch', 'arc'] ], + ['zoo', \&do_zoo, ['zoo', 'unzoo'] ], +- ['doc', \&do_ole, 'ripole'], ++# ['doc', \&do_ole, 'ripole'], # no ripole package so far + ['cab', \&do_cabextract, 'cabextract'], +- ['tnef', \&do_tnef_ext, 'tnef'], ++# ['tnef', \&do_tnef_ext, 'tnef'], # use internal do_tnef() instead + ['tnef', \&do_tnef], + # ['lha', \&do_lha, 'lha'], # not safe, use 7z instead + # ['sit', \&do_unstuff, 'unstuff'], # not safe +@@ -396,7 +402,8 @@ $banned_filename_re = new_RE( + # * By dropping the --fdpass option, this command is easily adapted for + # use with a network socket (clamd running elsewhere). + # +- ['ClamAV-clamdscan', 'clamdscan', "--fdpass --stdout --no-summary {}", ++ ['ClamAV-clamdscan', 'clamdscan', ++ "--config-file=/etc/clamd.d/amavisd.conf --fdpass --stdout --no-summary {}", + [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], + + # ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred) +@@ -406,7 +413,7 @@ $banned_filename_re = new_RE( + + # ### http://www.sophos.com/ (EOL 31 March 2022) + # ['Sophos-SSSP', # SAV Dynamic Interface +-# \&ask_daemon, ["{}", 'sssp:/var/run/savdi/sssp.sock'], ++# \&ask_daemon, ["{}", 'sssp:/run/savdi/sssp.sock'], + # # or: ["{}", 'sssp:[127.0.0.1]:4010'], + # qr/^DONE OK\b/m, qr/^VIRUS\b/m, qr/^VIRUS\s*(\S*)/m ], + +@@ -452,7 +459,7 @@ $banned_filename_re = new_RE( + # pack('N',0). # content size + # pack('N',0), + # '/var/drweb/run/drwebd.sock', +-# # '/var/amavis/var/run/drwebd.sock', # suitable for chroot ++# # '/var/amavis/run/drwebd.sock', # suitable for chroot + # # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default + # # '127.0.0.1:3000', # or over an inet socket + # ], +@@ -467,7 +474,7 @@ $banned_filename_re = new_RE( + ['KasperskyLab AVP - aveclient', + ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient', + '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'], +- '-p /var/run/aveserver -s {}/*', ++ '-p /run/aveserver -s {}/*', + [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/m, + qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m, + ], +@@ -576,12 +583,12 @@ $banned_filename_re = new_RE( + # ### http://www.avast.com/ + # ['avast! Antivirus daemon', + # \&ask_daemon, # greets with 220, terminate with QUIT +-# ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'], ++# ["SCAN {}\015\012QUIT\015\012", '/run/avast4/mailscanner.sock'], + # qr/\t\[\+\]/m, qr/\t\[L\]\t/m, qr/\t\[L\]\t[0-9]+\s+([^[ \t\015\012]+)/m ], + + # ### http://www.avast.com/ + # ['avast! Antivirus - Client/Server Version', 'avastlite', +-# '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1], ++# '-a /run/avast4/mailscanner.sock -n {}', [0], [1], + # qr/\t\[L\]\t([^[ \t\015\012]+)/m ], + + ['CAI InoculateIT', 'inocucmd', # retired product +@@ -717,8 +724,8 @@ $banned_filename_re = new_RE( + # ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'], + # '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/m ], + +- ### http://www.avast.com/ +- ['avast! Antivirus', '/bin/scan', '{}', [0], [1], qr/\t(.+)/m ], ++# ### http://www.avast.com/ ++# ['avast! Antivirus', '/bin/scan', '{}', [0], [1], qr/\t(.+)/m ], + + ### http://www.ikarus-software.com/ + ['Ikarus AntiVirus for Linux', 'ikarus', +@@ -822,12 +829,12 @@ $banned_filename_re = new_RE( + # /etc/clamd.conf, or may be controlled by your service manager / init. + # + # ['ClamAV-clamd', +-# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"], ++# \&ask_daemon, ["CONTSCAN {}\n", "/run/clamd.amavisd/clamd.sock"], + # qr/\bOK$/m, qr/\bFOUND$/m, + # qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], + + # ['ClamAV-clamd-stream', +-# \&ask_daemon, ["*", 'clamd:/var/run/clamav/clamd.sock'], ++# \&ask_daemon, ["*", 'clamd:/run/clamd.amavisd/clamd.sock'], + # qr/\bOK$/m, qr/\bFOUND$/m, + # qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], + +-- +2.50.1 + diff --git a/amavis.spec b/amavis.spec index 79ac24f..5124df0 100644 --- a/amavis.spec +++ b/amavis.spec @@ -1,9 +1,12 @@ +# SNMP enabled by default +%bcond_without snmp + Summary: Email filter with virus scanner and spamassassin support Name: amavis -Version: 2.12.3 -Release: 1%{?dist} -# LDAP schema is GFDL, some helpers are BSD, core is GPLv2+ -License: GPLv2+ and BSD and GFDL +Version: 2.14.0 +Release: 3%{?dist} +# LDAP schema is GFDL-1.2-or-later, some helpers are BSD-2-Clause, core is GPL-2.0-or-later +License: GPL-2.0-or-later AND BSD-2-Clause AND GFDL-1.2-or-later URL: https://gitlab.com/amavis/amavis Source0: https://gitlab.com/amavis/amavis/-/archive/v%{version}/amavis-v%{version}.tar.bz2 Source2: amavis-clamd.conf @@ -12,7 +15,9 @@ Source5: README.quarantine Source8: amavisd-tmpfiles.conf Source9: amavisd.service Source10: amavisd-snmp.service -Patch0: amavis-2.12.0-conf.patch +Source11: amavis.sysusers +Source12: amavisd.sysconfig +Patch0: amavis-conf.patch BuildArch: noarch %if 0%{?fedora} BuildRequires: systemd-rpm-macros @@ -20,9 +25,11 @@ BuildRequires: systemd-rpm-macros BuildRequires: systemd %endif BuildRequires: perl-generators +BuildRequires: perl-interpreter %if 0%{?rhel} > 7 || 0%{?fedora} > 24 Suggests: %{name}-doc Recommends: clamav-server-systemd +Recommends: clamav Recommends: binutils Recommends: arj Recommends: bzip2 @@ -36,9 +43,6 @@ Recommends: p7zip, p7zip-plugins Recommends: tar Recommends: unzoo Recommends: perl(DBD::SQLite) -Recommends: perl(DBI) -Recommends: perl(Mail::SpamAssassin) -Recommends: perl(Net::LDAP) Recommends: perl(Convert::TNEF) Recommends: perl(Convert::UUlib) %else @@ -55,26 +59,16 @@ Requires: p7zip, p7zip-plugins Requires: tar Requires: unzoo Requires: perl(DBD::SQLite) -Requires: perl(DBI) -Requires: perl(Mail::SpamAssassin) -Requires: perl(Net::LDAP) %endif +Requires: perl-Amavis = %{version}-%{release} Requires: clamav-filesystem Requires: altermime Requires: file Requires: perl(Archive::Tar) -Requires: perl(Archive::Zip) >= 1.14 Requires: perl(Authen::SASL) -Requires: perl(Compress::Zlib) >= 1.35 Requires: perl(Compress::Raw::Zlib) >= 2.017 -Requires: perl(Crypt::OpenSSL::RSA) -Requires: perl(Digest::MD5) >= 2.22 -Requires: perl(Digest::SHA) Requires: perl(File::LibMagic) Requires: perl(IO::Socket::IP) -Requires: perl(IO::Socket::SSL) -Requires: perl(IO::Stringy) -Requires: perl(MIME::Base64) Requires: perl(MIME::Body) Requires: perl(MIME::Decoder::Base64) Requires: perl(MIME::Decoder::Binary) @@ -83,39 +77,41 @@ Requires: perl(MIME::Decoder::NBit) Requires: perl(MIME::Decoder::QuotedPrint) Requires: perl(MIME::Decoder::UU) Requires: perl(MIME::Head) -Requires: perl(MIME::Parser) -Requires: perl(Mail::DKIM) >= 0.31 Requires: perl(Mail::Field) Requires: perl(Mail::Header) Requires: perl(Mail::Internet) >= 1.58 Requires: perl(Mail::SPF) Requires: perl(Net::DNS) -Requires: perl(Net::LibIDN) +Requires: perl(Net::LibIDN2) Requires: perl(Net::SSLeay) -Requires: perl(Net::Server) >= 2.0 Requires: perl(NetAddr::IP) Requires: perl(Razor2::Client::Version) -Requires: perl(Socket6) -Requires: perl(Time::HiRes) >= 1.49 -Requires: perl(Unix::Syslog) +Requires: perl(Socket) Requires: perl(URI) -Requires(pre): shadow-utils Obsoletes: amavisd-new-zeromq <= 2.11.0-5 Obsoletes: amavisd-new-snmp-zeromq <= 2.11.0-5 Provides: amavisd-new = %{version}-%{release} Obsoletes: amavisd-new < 2.12.0-3 +%package -n perl-Amavis +Summary: Amavis perl module + +%if %{with snmp} %package snmp Summary: Exports amavis SNMP data Requires: %{name} = %{version}-%{release} Provides: amavisd-new-snmp = %{version}-%{release} Obsoletes: amavisd-new-snmp < 2.12.0-3 +%endif %package doc Summary: Amavis doc files Provides: amavisd-new-doc = %{version}-%{release} Obsoletes: amavisd-new-doc < 2.12.0-3 +%description -n perl-Amavis +Amavis perl module used by the amavis mail scanner service. + %description amavis is a high-performance and reliable interface between mailer (MTA) and one or more content checkers: virus scanners, and/or @@ -124,6 +120,7 @@ reliability, portability and maintainability. It talks to MTA via (E)SMTP or LMTP, or by using helper programs. No timing gaps exist in the design which could cause a mail loss. +%if %{with snmp} %description snmp This package contains the program amavisd-snmp-subagent, which can be used as a SNMP AgentX, exporting amavisd statistical counters database @@ -135,33 +132,36 @@ amavisd-nanny, but instead of writing results as text to stdout, it exports data to a SNMP server running on a host (same or remote), making them available to SNMP clients (such a Cacti or mrtg) for monitoring or alerting purposes. +%endif %description doc Documentation files for amavis %prep -%setup -q -n %{name}-v%{version} -%patch0 -p1 - +%autosetup -p1 -n %{name}-v%{version} install -p -m 644 %{SOURCE4} %{SOURCE5} README_FILES/ -sed -e 's,/var/amavis/amavisd.sock\>,%{_rundir}/amavisd/amavisd.sock,' -i amavisd-{release,submit} %build %install -rm -rf %{buildroot} +mkdir -p -m 0755 %{buildroot}%{perl_vendorlib} +cp -pr lib/* %{buildroot}%{perl_vendorlib}/ -install -D -p -m 755 amavisd %{buildroot}%{_sbindir}/amavisd -install -D -p -m 755 amavisd-snmp-subagent %{buildroot}%{_sbindir}/amavisd-snmp-subagent +install -D -p -m 755 bin/amavisd %{buildroot}%{_sbindir}/amavisd +%if %{?with_snmp} +install -D -p -m 755 bin/amavisd-snmp-subagent %{buildroot}%{_sbindir}/amavisd-snmp-subagent +%endif mkdir -p %{buildroot}%{_bindir} -install -p -m 755 amavisd-{agent,nanny,release,signer,submit} %{buildroot}%{_bindir}/ +install -p -m 755 bin/amavisd-{agent,nanny,release,signer,submit} %{buildroot}%{_bindir}/ install -D -p -m 644 %{SOURCE9} %{buildroot}%{_unitdir}/amavisd.service +%if %{with snmp} install -D -p -m 644 %{SOURCE10} %{buildroot}%{_unitdir}/amavisd-snmp.service +%endif mkdir -p -m 0755 %{buildroot}%{_sysconfdir}/clamd.d -install -D -p -m 644 amavisd.conf %{buildroot}%{_sysconfdir}/amavisd/amavisd.conf +install -D -p -m 644 conf/amavisd.conf %{buildroot}%{_sysconfdir}/amavisd/amavisd.conf install -D -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/clamd.d/amavisd.conf mkdir -p %{buildroot}%{_localstatedir}/spool/amavisd/{tmp,db,quarantine} @@ -169,30 +169,34 @@ mkdir -p %{buildroot}%{_rundir}/{clamd.amavisd,amavisd} install -D -m 644 %{SOURCE8} %{buildroot}%{_tmpfilesdir}/amavisd.conf -%pre -getent group amavis > /dev/null || %{_sbindir}/groupadd -r amavis -getent passwd amavis > /dev/null || \ - %{_sbindir}/useradd -r -g amavis -d %{_localstatedir}/spool/amavisd -s /sbin/nologin \ - -c "User for amavis" amavis -exit 0 +install -p -D -m 0644 %{SOURCE11} %{buildroot}%{_sysusersdir}/amavis.conf + +install -p -D -m 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/sysconfig/amavisd + %preun %systemd_preun amavisd.service +%if %{with snmp} %preun snmp %systemd_preun amavisd-snmp.service +%endif %post %systemd_post amavisd.service +%if %{with snmp} %post snmp %systemd_post amavisd-snmp.service +%endif %postun %systemd_postun_with_restart amavisd.service +%if %{with snmp} %postun snmp %systemd_postun_with_restart amavisd-snmp.service +%endif %files %license LICENSE @@ -212,53 +216,125 @@ exit 0 %dir %attr(750,amavis,amavis) %{_localstatedir}/spool/amavisd/db %dir %attr(750,amavis,amavis) %{_localstatedir}/spool/amavisd/quarantine %{_tmpfilesdir}/amavisd.conf +%{_sysusersdir}/amavis.conf %dir %attr(755,amavis,amavis) %{_rundir}/amavisd %dir %attr(770,amavis,clamupdate) %{_rundir}/clamd.amavisd +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/amavisd -%triggerprein -- amavisd-new < 2.12.0-3 -systemctl --quiet is-enabled amavisd.service && touch %{_rundir}/amavisd/amavisd.enabled || : -systemctl --quiet is-active amavisd.service && touch %{_rundir}/amavisd/amavisd.running || : - -%triggerpostun -- amavisd-new < 2.12.0-3 -if [ -f %{_rundir}/amavisd/amavisd.enabled ]; then - systemctl enable amavisd.service >/dev/null 2>&1 || : - rm -f %{_rundir}/amavisd/amavisd.enabled -fi -if [ -f %{_rundir}/amavisd/amavisd.running ]; then - systemctl start amavisd.service >/dev/null 2>&1 || : - rm -f %{_rundir}/amavisd/amavisd.running -fi - -%triggerprein snmp -- amavisd-new-snmp < 2.12.0-3 -systemctl --quiet is-enabled amavisd-snmp.service && touch %{_rundir}/amavisd/amavisd-snmp.enabled || : -systemctl --quiet is-active amavisd-snmp.service && touch %{_rundir}/amavisd/amavisd-snmp.running || : - -%triggerpostun snmp -- amavisd-new-snmp < 2.12.0-3 -if [ -f %{_rundir}/amavisd/amavisd-snmp.enabled ]; then - systemctl enable amavisd-snmp.service >/dev/null 2>&1 || : - rm -f %{_rundir}/amavisd/amavisd-snmp.enabled -fi -if [ -f %{_rundir}/amavisd/amavisd-snmp.running ]; then - systemctl start amavisd-snmp.service >/dev/null 2>&1 || : - rm -f %{_rundir}/amavisd/amavisd-snmp.running -fi +%files -n perl-Amavis +%license LICENSE +%{perl_vendorlib}/* +%if %{with snmp} %files snmp %doc AMAVIS-MIB.txt %{_unitdir}/amavisd-snmp.service %{_sbindir}/amavisd-snmp-subagent +%endif %files doc %license LICENSE -%doc AAAREADME.first LDAP.schema LDAP.ldif RELEASE_NOTES TODO -%doc README_FILES test-messages amavisd.conf-* amavisd-custom.conf +%doc AAAREADME.first contrib/LDAP.schema contrib/LDAP.ldif RELEASE_NOTES TODO +%doc README_FILES conf/amavisd.conf-* conf/amavisd-custom.conf %changelog -* Thu Mar 14 2024 Juan Orti Alcaine - 2.12.3-1 -- Update to version 2.12.3 +* Fri Jan 16 2026 Fedora Release Engineering - 2.14.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -* Fri Sep 18 2020 Juan Orti Alcaine - 2.12.0-10 -- Don't disable service after obsoleting amavisd-new (RHBZ#1875299) +* Wed Jul 23 2025 Fedora Release Engineering - 2.14.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Thu Jul 17 2025 Juan Orti Alcaine - 2.14.0-1 +- Update to version 2.14.0 (RHBZ#2379545) + +* Tue Feb 11 2025 Zbigniew Jędrzejewski-Szmek - 2.13.1-4 +- Drop call to %sysusers_create_compat + +* Thu Jan 16 2025 Fedora Release Engineering - 2.13.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Wed Jul 17 2024 Fedora Release Engineering - 2.13.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Thu Mar 14 2024 Juan Orti Alcaine - 2.13.1-1 +- Update to version 2.13.1 + +* Mon Jan 22 2024 Fedora Release Engineering - 2.13.0-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 2.13.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Jul 19 2023 Fedora Release Engineering - 2.13.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Sat May 06 2023 Chris Adams - 2.13.0-4 +- Add a syconfig file to be able to add arguments + +* Thu Feb 23 2023 Juan Orti Alcaine - 2.13.0-3 +- Update configuration to use clamdscan + +* Wed Jan 18 2023 Fedora Release Engineering - 2.13.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Sun Jan 08 2023 Juan Orti Alcaine - 2.13.0-1 +- Version 2.13.0 (RHBZ#2158819) + +* Wed Jul 20 2022 Fedora Release Engineering - 2.12.2-10.git35407e9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Mon May 30 2022 Jitka Plesnikova - 2.12.2-9.git35407e9 +- Perl 5.36 rebuild + +* Mon May 30 2022 Juan Orti Alcaine - 2.12.2-8.git35407e9 +- Update to latest git snapshot + +* Mon Apr 04 2022 Michal Josef Špaček - 2.12.2-7.gitb561924 +- Remove dependency to Socket6, in Socket is support for IPv6 too + +* Wed Mar 09 2022 Juan Orti Alcaine - 2.12.2-6.gitb561924 +- create perl-Amavis subpackage + +* Tue Mar 08 2022 Juan Orti Alcaine - 2.12.2-5.gitb561924 +- Update to master branch +- Switch from Net:LibIDN to Net:LibIDN2 + +* Wed Jan 19 2022 Fedora Release Engineering - 2.12.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Jan 06 2022 Juan Orti Alcaine - 2.12.2-3 +- Remove perl(IO::Stringy) dependency + +* Tue Oct 26 2021 Juan Orti Alcaine - 2.12.2-2 +- Create amavis user with systemd sysusers + +* Fri Oct 22 2021 Juan Orti Alcaine - 2.12.2-1 +- Version 2.12.2 (#2013555) + +* Wed Jul 21 2021 Fedora Release Engineering - 2.12.1-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 2.12.1-7 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Tue Jan 26 2021 Fedora Release Engineering - 2.12.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Sat Jan 09 2021 Juan Orti Alcaine - 2.12.1-5 +- Enable snmp subpackage in epel8 as net-snmp-perl is now available + +* Fri Jan 01 2021 Juan Orti Alcaine - 2.12.1-4 +- Change /var/run for /run (#1910344) + +* Tue Nov 17 2020 Juan Orti Alcaine - 2.12.1-3 +- Change ports in configuration file and add a note about SELinux (#1891003) + +* Tue Nov 17 2020 Juan Orti Alcaine - 2.12.1-2 +- Disable snmp subpackage in epel8 + +* Tue Nov 17 2020 Juan Orti Alcaine - 2.12.1-1 +- Version 2.12.1 (#1897574 #1851872) * Tue Aug 18 2020 Juan Orti Alcaine - 2.12.0-9 - Drop unused dependency: perl(Digest::SHA1) diff --git a/amavis.sysusers b/amavis.sysusers new file mode 100644 index 0000000..5fcaaf8 --- /dev/null +++ b/amavis.sysusers @@ -0,0 +1 @@ +u amavis - "Amavis email content filter" /var/spool/amavisd diff --git a/amavisd.service b/amavisd.service index 4ebcfed..bcd1ac8 100644 --- a/amavisd.service +++ b/amavisd.service @@ -7,8 +7,9 @@ Wants=clamd@amavisd.service [Service] Type=forking PIDFile=/run/amavisd/amavisd.pid -ExecStart=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf -ExecReload=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf reload +EnvironmentFile=-/etc/sysconfig/amavisd +ExecStart=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf $ARGS +ExecReload=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf $ARGS reload Restart=on-failure PrivateTmp=true CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_SETGID CAP_SETUID diff --git a/amavisd.sysconfig b/amavisd.sysconfig new file mode 100644 index 0000000..fd8ffed --- /dev/null +++ b/amavisd.sysconfig @@ -0,0 +1,2 @@ +# Add additional arguments to amavisd command-line +#ARGS="" diff --git a/sources b/sources index 29667d6..570a1a9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (amavis-v2.12.3.tar.bz2) = edb0de71f3c058e47d1ea9b261b1f8d2525c3718b53b8f19130d36b676c2f50eb5a50d878c06f36080f49984f0ba4e5c8b166aab5f4980c61ea7024e801d5369 +SHA512 (amavis-v2.14.0.tar.bz2) = 49303d86947d7ae258c6def8cf9892ff062fd054b4bc6451b1670426a5d767782ed7febd350237d36d4b62db408cbb993b6b4522eb595ead77faafb07012fe58