trunk: Greylist milter from Paul Howarth.
This commit is contained in:
parent
c7dc1c7222
commit
c9c0d846de
@ -1,3 +1,4 @@
|
||||
- Greylist milter from Paul Howarth.
|
||||
- Crack db access for su to handle password expiration, from Brandon Whalen.
|
||||
- Misc fixes for unix_update from Brandon Whalen.
|
||||
- Add x_device permissions for XI2 functions, from Eamon Walsh.
|
||||
|
@ -1,8 +1,13 @@
|
||||
/usr/sbin/milter-greylist -- gen_context(system_u:object_r:greylist_milter_exec_t,s0)
|
||||
/usr/sbin/milter-regex -- gen_context(system_u:object_r:regex_milter_exec_t,s0)
|
||||
/var/spool/milter-regex(/.*)? gen_context(system_u:object_r:regex_milter_data_t,s0)
|
||||
/usr/sbin/spamass-milter -- gen_context(system_u:object_r:spamass_milter_exec_t,s0)
|
||||
|
||||
/usr/sbin/spamass-milter -- gen_context(system_u:object_r:spamass_milter_exec_t,s0)
|
||||
/var/lib/milter-greylist(/.*)? gen_context(system_u:object_r:greylist_milter_data_t,s0)
|
||||
/var/lib/spamass-milter(/.*)? gen_context(system_u:object_r:spamass_milter_state_t,s0)
|
||||
|
||||
/var/lib/spamass-milter(/.*)? gen_context(system_u:object_r:spamass_milter_state_t,s0)
|
||||
/var/run/spamass-milter(/.*)? gen_context(system_u:object_r:spamass_milter_data_t,s0)
|
||||
/var/run/spamass-milter\.pid -- gen_context(system_u:object_r:spamass_milter_data_t,s0)
|
||||
/var/run/milter-greylist(/.*)? gen_context(system_u:object_r:greylist_milter_data_t,s0)
|
||||
/var/run/milter-greylist\.pid -- gen_context(system_u:object_r:greylist_milter_data_t,s0)
|
||||
/var/run/spamass-milter(/.*)? gen_context(system_u:object_r:spamass_milter_data_t,s0)
|
||||
/var/run/spamass-milter\.pid -- gen_context(system_u:object_r:spamass_milter_data_t,s0)
|
||||
|
||||
/var/spool/milter-regex(/.*)? gen_context(system_u:object_r:regex_milter_data_t,s0)
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(milter, 1.0.1)
|
||||
policy_module(milter, 1.0.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -10,7 +10,8 @@ policy_module(milter, 1.0.1)
|
||||
attribute milter_domains;
|
||||
attribute milter_data_type;
|
||||
|
||||
# currently-supported milters are milter-regex and spamass-milter
|
||||
# currently-supported milters are milter-greylist, milter-regex and spamass-milter
|
||||
milter_template(greylist)
|
||||
milter_template(regex)
|
||||
milter_template(spamass)
|
||||
|
||||
@ -20,6 +21,35 @@ milter_template(spamass)
|
||||
type spamass_milter_state_t;
|
||||
files_type(spamass_milter_state_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
# milter-greylist local policy
|
||||
# ensure smtp clients retry mail like real MTAs and not spamware
|
||||
# http://hcpnet.free.fr/milter-greylist/
|
||||
#
|
||||
|
||||
# It removes any existing socket (not owned by root) whilst running as root,
|
||||
# fixes permissions, renices itself and then calls setgid() and setuid() to
|
||||
# drop privileges
|
||||
allow greylist_milter_t self:capability { chown dac_override setgid setuid sys_nice };
|
||||
allow greylist_milter_t self:process { setsched getsched };
|
||||
|
||||
# It creates a pid file /var/run/milter-greylist.pid
|
||||
files_pid_filetrans(greylist_milter_t, greylist_milter_data_t, file)
|
||||
|
||||
kernel_read_kernel_sysctls(greylist_milter_t)
|
||||
|
||||
# Allow the milter to read a GeoIP database in /usr/share
|
||||
files_read_usr_files(greylist_milter_t)
|
||||
# The milter runs from /var/lib/milter-greylist and maintains files there
|
||||
files_search_var_lib(greylist_milter_t);
|
||||
|
||||
# Look up username for dropping privs
|
||||
auth_use_nsswitch(greylist_milter_t)
|
||||
|
||||
# Config is in /etc/mail/greylist.conf
|
||||
mta_read_config(greylist_milter_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
# milter-regex local policy
|
||||
|
Loading…
Reference in New Issue
Block a user