Mail-SpamAssassin
view release on metacpan or search on metacpan
- IO::Socket::IP (from CPAN)
- IO::Socket::INET6 (from CPAN)
Installing IO::Socket::IP is recommended if spamd is to listen on IPv6
sockets or if DNS queries should go to an IPv6 name server. If
IO::Socket::IP is not available, using a deprecated module
IO::Socket::INET6 will be attempted, and in its absence the support for
IPv6 will not be available. Some plugins and underlying modules may
also prefer IO::Socket::IP over IO::Socket::INET6.
- IO::Socket::SSL (from CPAN)
If you wish to use SSL encryption to communicate between spamc and spamd
(the --ssl option to spamd), you need to install this module. (You will
need the OpenSSL libraries and use the ENABLE_SSL=yes argument to
Makefile.PL to build and run an SSL compatible spamc.)
- Net::Patricia
If this module is available, it will be used for IP address lookups in
tables internal_networks, trusted_networks, and msa_networks.
"BSD::Resource" : "0",
"Compress::Zlib" : "0",
"DBD::SQLite" : "1.5901",
"DBI" : "0",
"DB_File" : "0",
"Email::Address::XS" : "0",
"Encode::Detect::Detector" : "0",
"Geo::IP" : "0",
"IO::Socket::INET6" : "0",
"IO::Socket::IP" : "0.09",
"IO::Socket::SSL" : "1.76",
"IO::String" : "0",
"IP::Country::DB_File" : "0",
"IP::Country::Fast" : "0",
"LWP::Protocol::https" : "0",
"MIME::Base64" : "0",
"Mail::DKIM" : "0.37",
"Mail::DMARC" : "0",
"Mail::SPF" : "0",
"MaxMind::DB::Reader" : "0",
"MaxMind::DB::Reader::XS" : "0",
BSD::Resource: '0'
Compress::Zlib: '0'
DBD::SQLite: '1.5901'
DBI: '0'
DB_File: '0'
Email::Address::XS: '0'
Encode::Detect::Detector: '0'
Geo::IP: '0'
IO::Socket::INET6: '0'
IO::Socket::IP: '0.09'
IO::Socket::SSL: '1.76'
IO::String: '0'
IP::Country::DB_File: '0'
IP::Country::Fast: '0'
LWP::Protocol::https: '0'
MIME::Base64: '0'
Mail::DKIM: '0.37'
Mail::DMARC: '0'
Mail::SPF: '0'
MaxMind::DB::Reader: '0'
MaxMind::DB::Reader::XS: '0'
Makefile.PL view on Meta::CPAN
'Net::LibIDN' => 0,
'Mail::SPF' => 0,
'MaxMind::DB::Reader' => 0,
'MaxMind::DB::Reader::XS' => 0,
'Geo::IP' => 0,
'IP::Country::DB_File' => 0,
'IP::Country::Fast' => 0,
'Razor2::Client::Agent' => 2.61,
'IO::Socket::IP' => 0.09,
'IO::Socket::INET6' => 0,
'IO::Socket::SSL' => 1.76,
'Compress::Zlib' => 0,
'Mail::DKIM' => 0.37,
'DBI' => 0,
'DBD::SQLite' => 1.59_01,
'LWP::Protocol::https' => 0,
'Encode::Detect::Detector' => 0,
'Net::Patricia' => 1.16,
'Net::CIDR::Lite' => 0,
'BSD::Resource' => 0,
'Archive::Zip' => 0,
The following provides more details on the included cryptographic
software:
The OpenSSL Project - http://www.openssl.org/source/
spamc and libspamc use OpenSSL to perform SSL encryption.
Steffen Ullrich - https://metacpan.org/author/SULLR
spamd uses IO::Socket::SSL to perform SSL encryption.
lib/Mail/SpamAssassin/SpamdForkScaling.pm view on Meta::CPAN
while (1) {
my $state = $self->read_one_message_from_child_socket($sock);
if ($state == PFSTATE_BUSY) {
return 1; # 1 == success
}
if ($state == PFSTATE_ERROR) {
return;
}
else {
if( Scalar::Util::blessed($self->{server_fh}[0]) eq 'IO::Socket::SSL' ) {
warn "prefork: SSL connection protocol error";
}
warn "prefork: ordered child $kid to accept, but they reported state '$state', killing rogue";
$self->child_error_kill($kid, $sock);
$self->adapt_num_children();
sleep 1;
return;
}
}
lib/Mail/SpamAssassin/Util/DependencyInfo.pm view on Meta::CPAN
version => 0,
desc => 'This module is a deprecated alternative to IO::Socket::IP.
Spamd, as well some underlying modules, will fall back to using
IO::Socket::INET6 if IO::Socket::IP is unavailable. One or the other
module is required to support IPv6 (e.g. in spamd/spamc protocol,
for DNS lookups or in plugins like DCC). Some plugins or underlying
modules may still require IO::Socket::INET6 for IPv6 support even
if IO::Socket::IP is available.',
},
{
module => 'IO::Socket::SSL',
version => 1.76,
desc => 'If you wish to use SSL encryption to communicate between spamc and
spamd (the --ssl option to spamd), you need to install this
module. (You will need the OpenSSL libraries and use the
ENABLE_SSL="yes" argument to Makefile.PL to build and run an SSL
compatible spamc.)',
},
{
module => 'Compress::Zlib',
version => 0,
spamc/spamc.pod view on Meta::CPAN
=item B<--ssl-ca-file>=I<cafile>
Use the specified Certificate Authority certificate to verify the server
certificate. The server certificate must be signed by this certificate.
=item B<--ssl-ca-path>=I<capath>
Use the Certificate Authority certificate files in the specified set of
directories to verify the server certificate. The server certificate must
be signed by one of these Certificate Authorities. See the man page for
B<IO::Socket::SSL> for additional details.
=item B<-t> I<timeout>, B<--timeout>=I<timeout>
Set the timeout for spamc-to-spamd communications (default: 600, 0 disables).
If spamd takes longer than this many seconds to reply to a message, spamc
will abort the connection and treat this as a failure to connect; in other
words the message will be returned unprocessed.
=item B<-n> I<timeout>, B<--connect-timeout>=I<timeout>
spamd-apache2/lib/Mail/SpamAssassin/Spamd/Config.pm view on Meta::CPAN
# set other defaults
for my $opt (keys %defaults) {
$self->{$opt} = $defaults{$opt} if !exists $self->{$opt};
}
# check for server certs, must be done after setting other defaults
if ($self->{'ssl'}) {
$self->{'server-key'} ||= "$self->{LOCAL_RULES_DIR}/certs/server-key.pem";
$self->{'server-cert'} ||= "$self->{LOCAL_RULES_DIR}/certs/server-cert.pem";
eval { require IO::Socket::SSL };
die "spamd: SSL encryption requested, but IO::Socket::SSL is unavailable\n"
if $@;
die "spamd: server key file '$self->{'server-key'}' does not exist\n"
unless -f $self->{'server-key'};
die "spamd: server certificate file '$self->{'server-cert'}' does not exist\n"
unless -f $self->{'server-cert'};
}
# XXX: delete LOCAL_{RULES,STATE}_DIR and PREFIX if eq $defaults{$_}?
1;
spamd/spamd.raw view on Meta::CPAN
EX_PROTOCOL => 76, # remote error in protocol
EX_NOPERM => 77, # permission denied
EX_CONFIG => 78, # configuration error
EX_TIMEOUT => 79, # read timeout
);
sub print_version {
printf("SpamAssassin Server version %s\n", Mail::SpamAssassin::Version());
printf(" running on Perl %s\n",
join(".", map( 0+($_||0), ($] =~ /(\d)\.(\d{3})(\d{3})?/) )));
eval { require IO::Socket::SSL; };
printf(" with SSL support (%s %s)\n", "IO::Socket::SSL", $IO::Socket::SSL::VERSION) unless ($@);
eval { require Compress::Zlib; };
printf(" with zlib support (%s %s)\n", "Compress::Zlib", $Compress::Zlib::VERSION) unless ($@);
}
sub print_usage_and_exit {
my ( $message, $respnam ) = (@_);
$respnam ||= 'EX_USAGE';
if ($respnam eq 'EX_OK' ) {
print_version();
spamd/spamd.raw view on Meta::CPAN
if ($socket->isa('IO::Socket::UNIX')) {
push(@listeninfo, "UNIX domain socket " . $socket_info->{path});
} elsif ( $socket->isa('IO::Socket::INET') ||
$socket->isa('IO::Socket::INET6') ||
$socket->isa('IO::Socket::IP') ) {
push(@listeninfo, sprintf("%s [%s]:%s", ref $socket,
$socket_info->{ip_addr}, $socket_info->{port}));
} elsif ($socket->isa('IO::Socket::SSL')) {
push(@listeninfo, sprintf("SSL [%r]:%s", $socket_info->{ip_addr},
$socket_info->{port}));
}
}
# just for reporting at startup
return join(', ', @listeninfo);
}
sub server_sock_setup {
spamd/spamd.raw view on Meta::CPAN
LocalPort => $port,
Type => &SOCK_STREAM,
Proto => 'tcp',
ReuseAddr => 1,
Listen => &SOMAXCONN,
);
$sockopt{V6Only} = 1 if $io_socket_module_name eq 'IO::Socket::IP'
&& IO::Socket::IP->VERSION >= 0.09;
if ($ssl) {
if (!$have_ssl_module) {
eval { require IO::Socket::SSL; }
or die "spamd: SSL encryption requested, ".
"but IO::Socket::SSL is unavailable ($@)\n";
$have_ssl_module = 1;
}
%sockopt = (%sockopt, (
SSL_server => 1,
SSL_key_file => $opt{'server-key'},
SSL_cert_file => $opt{'server-cert'},
));
my $ssl_mode;
if ($opt{'ssl-verify'}) {
$ssl_mode = Net::SSLeay::VERIFY_PEER()
spamd/spamd.raw view on Meta::CPAN
$sockopt{SSL_check_crl} = 0;
$sockopt{SSL_verifycn_scheme} = 'none';
$sockopt{SSL_verifycn_publicsuffix} = '';
} else {
$ssl_mode = Net::SSLeay::VERIFY_NONE()
| Net::SSLeay::VERIFY_FAIL_IF_NO_PEER_CERT();
}
$sockopt{SSL_verify_mode} = $ssl_mode;
}
dbg("spamd: creating %s socket: %s",
$ssl ? 'IO::Socket::SSL' : $io_socket_module_name,
join(', ', map("$_: ".(defined $sockopt{$_} ? $sockopt{$_} : "(undef)"),
sort keys %sockopt)));
my $server_inet = $ssl ? IO::Socket::SSL->new(%sockopt)
: $io_socket_module_name->new(%sockopt);
my $diag;
if (!$server_inet) {
$diag = sprintf("could not create %s socket on [%s]:%s: %s",
$ssl ? 'IO::Socket::SSL' : $io_socket_module_name,
$adr, $port, $ssl && $IO::Socket::SSL::SSL_ERROR ?
"$!,$IO::Socket::SSL::SSL_ERROR" : $!);
push(@diag_fail, $diag);
} else {
$diag = sprintf("created %s socket on [%s]:%s",
$ssl ? 'IO::Socket::SSL' : $io_socket_module_name,
$adr, $port);
push(@diag_succ, $diag);
push(@listen_sockets, { specs => $socket_specs,
ip_addr => $adr, port => $port,
socket => $server_inet,
fd => $server_inet->fileno });
}
dbg("spamd: %s", $diag);
}
if (!@diag_fail) {
spamd/spamd.raw view on Meta::CPAN
} # end multiple sockets case
if ($selected_socket_info) {
my $socket = $selected_socket_info->{socket};
$socket or die "no socket???, impossible";
dbg("spamd: accept() on fd %d", $selected_socket_info->{fd});
$client = $socket->accept;
if (!defined $client) {
if (defined $socket) {
die sprintf("%s accept failed: %s\n", ref $socket,
$socket->isa('IO::Socket::SSL') ?
$socket->errstr : $@);
} else {
die "accept failed: no socket available: $!\n";
}
}
}
1; # end eval with success
} or do {
my $err = $@ ne '' ? $@ : "errno=$!"; chomp $err;
spamd/spamd.raw view on Meta::CPAN
$remote_hostaddr = '127.0.0.1';
$remote_port = $socket_info->{path};
info("spamd: got connection over %s", $socket_info->{path});
}
else {
($remote_port, $remote_hostaddr, $remote_hostname, $local_port) =
peer_info_from_socket($client);
$remote_hostaddr or die 'failed to obtain port and ip from socket';
my $ssl_info = '';
if ($client->isa('IO::Socket::SSL')) {
$ssl_info = ', ';
my $ssl_version = $client->get_sslversion();
if (defined $ssl_version) {
$ssl_info .= $ssl_version.'/';
} else {
$ssl_version = $client->get_sslversion_int();
if ($ssl_version == 0x0304) { $ssl_info .= 'TLSv1.3/'; }
elsif ($ssl_version == 0x0303) { $ssl_info .= 'TLSv1.2/'; }
elsif ($ssl_version == 0x0302) { $ssl_info .= 'TLSv1.1/'; }
elsif ($ssl_version == 0x0301) { $ssl_info .= 'TLSv1.0/'; }
spamd/spamd.raw view on Meta::CPAN
Specify that external programs such as Razor, DCC, and Pyzor should have
a HOME environment variable set to a specific directory. The default
is to use the HOME environment variable setting from the shell running
spamd. By specifying no argument, spamd will use the spamc caller's
home directory instead.
=item B<--ssl>
Accept only SSL connections on the associated port.
The B<IO::Socket::SSL> perl module must be installed.
If the B<--ssl> switch is used, and B<--ssl-port> is not supplied, then
B<--port> port will be used to accept SSL connections instead of unencrypted
connections. If the B<--ssl> switch is used, and B<--ssl-port> is set, then
unencrypted connections will be accepted on the B<--port>, at the same time as
encrypted connections are accepted at B<--ssl-port>.
=item B<--ssl-verify>
Implies B<--ssl>. Request a client certificate and verify the certificate.
spamd/spamd.raw view on Meta::CPAN
Implies B<--ssl-verify>. Use the specified Certificate Authority
certificate to verify the client certificate. The client certificate must
be signed by this certificate.
=item B<--ssl-ca-path>=I<capath>
Implies B<--ssl-verify>. Use the Certificate Authority certificate files in
the specified set of directories to verify the client certificate. The
client certificate must be signed by one of these Certificate Authorities.
See the man page for B<IO::Socket::SSL> for additional details.
=item B<--ssl-port>=I<port>
Optionally specifies the port number for the server to listen on for
SSL connections (default: whatever --port uses). See B<--ssl> for
more details.
=item B<--server-key> I<keyfile>
Specify the SSL key file to use for SSL connections.
( run in 0.779 second using v1.01-cache-2.11-cpan-4d50c553e7e )