Milter-greylist

Hi

Here is milter-greylist 2.1.11
http://ftp.espci.fr/pub/milter-greylist/milter-greylist-2.1.11.tgz
MD5 (milter-greylist-2.1.11.tgz) = ba955569b9e1f30ccc16e94c11495940

I added the flushaddr feature, which canbe used to remove any entry
with the source IP of the message that matched an ACL. See the man
page for the details.

Now it would be nice if we could settle feature addition and make sure
it builds correctly for everyone. Bugs and build fixes are welcome
(so are success stories). First, who is still unable to build?

-- 
Emmanuel Dreyfus
manu@...

On Tue, Aug 01, 2006 at 03:07:14PM +0000, Emmanuel Dreyfus wrote:
> Here is milter-greylist 2.1.11
> http://ftp.espci.fr/pub/milter-greylist/milter-greylist-2.1.11.tgz
> MD5 (milter-greylist-2.1.11.tgz) = ba955569b9e1f30ccc16e94c11495940

FWIW, I upgraded the OS and I don't have any crashes left with DNSRBL
usage (gone from NetBSD 1.6.2 with GNU PTh to NetBSD 3.0 with native 
libpthread)

-- 
Emmanuel Dreyfus
manu@...

FreeBSD webmig.com 4.7-RELEASE-p28 FreeBSD 4.7-RELEASE-p28 #43: Wed  
Jul 20 09:35:30 MDT 2005     root@fc2:/usr/src/sys/compile/VKERN  i386

./configure (no options)

completed ok

milter-greylist-2.1.11# make
gcc -g -O2 -Wall -D_BSD_SOURCE -c milter-greylist.c
gcc -g -O2 -Wall -D_BSD_SOURCE -c pending.c
gcc -g -O2 -Wall -D_BSD_SOURCE -c sync.c
gcc -g -O2 -Wall -D_BSD_SOURCE -c dnsrbl.c
gcc -g -O2 -Wall -D_BSD_SOURCE -c list.c
In file included from list.c:47:
/usr/include/regex.h:46: syntax error before `regoff_t'
/usr/include/regex.h:46: warning: type defaults to `int' in  
declaration of `regoff_t'
/usr/include/regex.h:46: warning: data definition has no type or  
storage class
/usr/include/regex.h:56: syntax error before `regoff_t'
*** Error code 1

Stop in /usr/local/src/milter-greylist-2.1.11.


/usr/include/regex.h
line 45: /* types */
line 46: typedef off_t regoff_t;

side note: OS X has the following
/usr/include/regex.h
line 45: /* types */
line 46: typedef __darwin_off_t regoff_t;

Bill

On Aug 1, 2006, at 8:07 AM, Emmanuel Dreyfus wrote:

> http://ftp.espci.fr/pub/milter-greylist/milter-greylist-2.1.11.tgz

On Tue, Aug 01, 2006 at 09:00:17AM -0700, Bill Levering wrote:
> /usr/include/regex.h:46: syntax error before `regoff_t'
> /usr/include/regex.h:46: warning: type defaults to `int' in  
> declaration of `regoff_t'
> /usr/include/regex.h:46: warning: data definition has no type or  
> storage class
> /usr/include/regex.h:56: syntax error before `regoff_t'
> *** Error code 1

Does it helps to include <regex.h> after <sys/types.h> ?

-- 
Emmanuel Dreyfus
manu@...

According to Emmanuel Dreyfus:
> 
> I added the flushaddr feature, which canbe used to remove any entry
> with the source IP of the message that matched an ACL. See the man
> page for the details.

hmm. I don't see how it could match my description of auto-blacklist.
I mean, it's an instantaneous flush, right?
auto-blacklist has a remanency similar to auto-whitelisting, ie, you kill
all that happened *before* and continue to kill *after* for a while.
That's the advantage compared to instantaneous flush.
Or did I misunderstood something?

/Fabien

Hi,

>>>>> On Tue, 1 Aug 2006 15:07:14 +0000
>>>>> Emmanuel Dreyfus <manu@...> said:

manu> Here is milter-greylist 2.1.11
manu> http://ftp.espci.fr/pub/milter-greylist/milter-greylist-2.1.11.tgz
manu> MD5 (milter-greylist-2.1.11.tgz) = ba955569b9e1f30ccc16e94c11495940

manu> I added the flushaddr feature, which canbe used to remove any entry
manu> with the source IP of the message that matched an ACL. See the man
manu> page for the details.

manu> Now it would be nice if we could settle feature addition and make sure
manu> it builds correctly for everyone. Bugs and build fixes are welcome
manu> (so are success stories). First, who is still unable to build?

There are three issues:

- For disabling IPv6 DNSRBL query, when an address is an IPv6,
  dnsrbl_check_source() should return 0, as if the address is not
  match.

- Since, the block which test an address family was moved before
  initializing res, don't call res_ndestroy() when an address is an
  IPv6.

- Since dnsrbl_check_source() returns -1 when error occurs, the
  return code should be tested if it is 1 or not.

Index: acl.c
diff -u -p acl.c.orig acl.c
--- acl.c.orig	Tue Aug  1 23:55:20 2006
+++ acl.c	Wed Aug  2 01:25:59 2006
@@ -622,7 +622,7 @@ acl_filter(sa, salen, hostname, from, rc
 
 		if (acl->a_dnsrbl != NULL) {
 			if (dnsrbl_check_source(sa, 
-			    salen, acl->a_dnsrbl) != 0) {
+			    salen, acl->a_dnsrbl) == 1) {
 				retval |= EXF_DNSRBL;
 				if (conf.c_debug) {
 					iptostring(sa, salen, 
Index: dnsrbl.c
diff -u -p dnsrbl.c.orig dnsrbl.c
--- dnsrbl.c.orig	Tue Aug  1 05:56:26 2006
+++ dnsrbl.c	Wed Aug  2 01:23:37 2006
@@ -125,9 +125,7 @@ dnsrbl_check_source(sa, salen, source)
 #ifdef AF_INET6
 	case AF_INET6:
 		/* No IPv6 DNSRBL exists right now */
-		retval = 1;
-		goto end;
-		break;
+		return 0;
 #endif
 	default:
 		syslog(LOG_ERR, "unexpected address family %d",
Index: list.c
diff -u -p list.c.orig list.c
--- list.c.orig	Sat Jul 29 05:43:41 2006
+++ list.c	Wed Aug  2 01:25:32 2006
@@ -436,7 +436,7 @@ list_dnsrbl_filter(list,salen, sa)
 	struct list_entry *le;
 
 	LIST_FOREACH(le, &list->al_head, l_list) {
-		if (dnsrbl_check_source(sa, salen, le->l_data.dnsrbl) != 0)
+		if (dnsrbl_check_source(sa, salen, le->l_data.dnsrbl) == 1)
 			break;
 	}
 

Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@...  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

Yep, changing the order solved the types issue!

# make clean
rm -f milter-greylist milter-greylist.o pending.o sync.o dnsrbl.o  
list.o  conf_yacc.o dump_yacc.o conf.o autowhite.o dump.o spf.o acl.o  
conf_yacc.c conf_lex.c dump_yacc.c dump_lex.c  rc-redhat.sh rc-bsd.sh  
rc-solaris.sh rc-debian.sh rc-gentoo.sh  rc-suse.sh

# make
gcc -g -O2 -Wall -D_BSD_SOURCE -c milter-greylist.c
gcc -g -O2 -Wall -D_BSD_SOURCE -c pending.c
gcc -g -O2 -Wall -D_BSD_SOURCE -c sync.c
gcc -g -O2 -Wall -D_BSD_SOURCE -c dnsrbl.c
gcc -g -O2 -Wall -D_BSD_SOURCE -c list.c
bison -y -p`echo conf_yacc.c|sed 's/^\([^_]\{1,\}_\).*$/\1/'`  
conf_yacc.y
mv y.tab.c conf_yacc.c
flex -oconf_lex.c conf_lex.l
gcc -g -O2 -Wall -D_BSD_SOURCE -c conf_yacc.c
conf_lex.c:2305: warning: `yy_flex_realloc' defined but not used
bison -y -p`echo dump_yacc.c|sed 's/^\([^_]\{1,\}_\).*$/\1/'`  
dump_yacc.y
mv y.tab.c dump_yacc.c
flex -odump_lex.c dump_lex.l
gcc -g -O2 -Wall -D_BSD_SOURCE -c dump_yacc.c
dump_lex.c:1683: warning: `yy_flex_realloc' defined but not used
gcc -g -O2 -Wall -D_BSD_SOURCE -c conf.c
gcc -g -O2 -Wall -D_BSD_SOURCE -c autowhite.c
gcc -g -O2 -Wall -D_BSD_SOURCE -c dump.c
gcc -g -O2 -Wall -D_BSD_SOURCE -c spf.c
gcc -g -O2 -Wall -D_BSD_SOURCE -c acl.c
gcc -o milter-greylist milter-greylist.o pending.o sync.o dnsrbl.o  
list.o  conf_yacc.o dump_yacc.o conf.o autowhite.o dump.o spf.o  
acl.o  -lc_r -lmilter
/usr/lib/libc.so: WARNING!  setkey(3) not present in the system!
/usr/lib/libc.so: warning: this program uses gets(), which is unsafe.
/usr/lib/libc.so: warning: mktemp() possibly used unsafely; consider  
using mkstemp()
/usr/lib/libc.so: WARNING!  des_setkey(3) not present in the system!
/usr/lib/libc.so: WARNING!  encrypt(3) not present in the system!
/usr/lib/libc.so: warning: tmpnam() possibly used unsafely; consider  
using mkstemp()
/usr/lib/libc.so: warning: this program uses f_prealloc(), which is  
not recommended.
/usr/lib/libc.so: WARNING!  des_cipher(3) not present in the system!
/usr/lib/libc.so: warning: tempnam() possibly used unsafely; consider  
using mkstemp()
sed "s|@BINDIR[@]|/usr/local/bin|g; s|@SBINDIR[@]|/usr/local/sbin|g;  
s|@USER[@]|root|g" rc-bsd.sh.in > rc-bsd.sh
sed "s|@BINDIR[@]|/usr/local/bin|g; s|@SBINDIR[@]|/usr/local/sbin|g;  
s|@USER[@]|root|g" rc-redhat.sh.in > rc-redhat.sh
sed "s|@BINDIR[@]|/usr/local/bin|g; s|@SBINDIR[@]|/usr/local/sbin|g;  
s|@USER[@]|root|g" rc-solaris.sh.in > rc-solaris.sh
sed "s|@BINDIR[@]|/usr/local/bin|g; s|@SBINDIR[@]|/usr/local/sbin|g;  
s|@USER[@]|root|g" rc-debian.sh.in > rc-debian.sh
sed "s|@BINDIR[@]|/usr/local/bin|g; s|@SBINDIR[@]|/usr/local/sbin|g;  
s|@USER[@]|root|g" rc-gentoo.sh.in > rc-gentoo.sh
sed "s|@BINDIR[@]|/usr/local/bin|g; s|@SBINDIR[@]|/usr/local/sbin|g;  
s|@USER[@]|root|g" rc-suse.sh.in > rc-suse.sh

# make test
make: don't know how to make test. Stop

Bill

On Aug 1, 2006, at 9:11 AM, Emmanuel Dreyfus wrote:

> On Tue, Aug 01, 2006 at 09:00:17AM -0700, Bill Levering wrote:
>> /usr/include/regex.h:46: syntax error before `regoff_t'
>> /usr/include/regex.h:46: warning: type defaults to `int' in
>> declaration of `regoff_t'
>> /usr/include/regex.h:46: warning: data definition has no type or
>> storage class
>> /usr/include/regex.h:56: syntax error before `regoff_t'
>> *** Error code 1
>
> Does it helps to include <regex.h> after <sys/types.h> ?
>
> -- 
> Emmanuel Dreyfus
> manu@...
>
>
>
> Yahoo! Groups Links
>
>
>
>
>
>

Hi,

>>> Wed, 02 Aug 2006 01:42:48 +0900,
>>> Hajimu UMEMOTO <ume@...> said:

>>>>> On Tue, 1 Aug 2006 15:07:14 +0000
>>>>> Emmanuel Dreyfus <manu@...> said:

manu> Here is milter-greylist 2.1.11
manu> http://ftp.espci.fr/pub/milter-greylist/milter-greylist-2.1.11.tgz
manu> MD5 (milter-greylist-2.1.11.tgz) = ba955569b9e1f30ccc16e94c11495940

manu> I added the flushaddr feature, which canbe used to remove any entry
manu> with the source IP of the message that matched an ACL. See the man
manu> page for the details.

manu> Now it would be nice if we could settle feature addition and make sure
manu> it builds correctly for everyone. Bugs and build fixes are welcome
manu> (so are success stories). First, who is still unable to build?

ume> There are three issues:

ume> - For disabling IPv6 DNSRBL query, when an address is an IPv6,
ume>   dnsrbl_check_source() should return 0, as if the address is not
ume>   match.

ume> - Since, the block which test an address family was moved before
ume>   initializing res, don't call res_ndestroy() when an address is an
ume>   IPv6.

ume> - Since dnsrbl_check_source() returns -1 when error occurs, the
ume>   return code should be tested if it is 1 or not.

Oops, I was confused.  You didn't disable IPv6 DNSRBL query,
correctly.  We need to test sa.  Please throw my previous patch away,
and use this patch instead.

Index: acl.c
diff -u -p acl.c.orig acl.c
--- acl.c.orig	Tue Aug  1 23:55:20 2006
+++ acl.c	Wed Aug  2 01:25:59 2006
@@ -622,7 +622,7 @@ acl_filter(sa, salen, hostname, from, rc
 
 		if (acl->a_dnsrbl != NULL) {
 			if (dnsrbl_check_source(sa, 
-			    salen, acl->a_dnsrbl) != 0) {
+			    salen, acl->a_dnsrbl) == 1) {
 				retval |= EXF_DNSRBL;
 				if (conf.c_debug) {
 					iptostring(sa, salen, 
Index: dnsrbl.c
diff -u -p dnsrbl.c.orig dnsrbl.c
--- dnsrbl.c.orig	Tue Aug  1 05:56:26 2006
+++ dnsrbl.c	Wed Aug  2 01:49:55 2006
@@ -114,6 +114,10 @@ dnsrbl_check_source(sa, salen, source)
 	char *addr;
 	size_t len;
 
+	/* No IPv6 DNSRBL exists right now */
+	if (sa->sa_family != AF_INET)
+		return 0;
+
 	blacklisted = SA(&source->d_blacklisted);
 
 	switch (blacklisted->sa_family) {
@@ -124,9 +128,9 @@ dnsrbl_check_source(sa, salen, source)
 		break;
 #ifdef AF_INET6
 	case AF_INET6:
-		/* No IPv6 DNSRBL exists right now */
-		retval = 1;
-		goto end;
+		qtype = T_AAAA;
+		addr = (char *)SADDR6(blacklisted);
+		len = sizeof(*SADDR6(blacklisted));
 		break;
 #endif
 	default:
Index: list.c
diff -u -p list.c.orig list.c
--- list.c.orig	Sat Jul 29 05:43:41 2006
+++ list.c	Wed Aug  2 01:25:32 2006
@@ -436,7 +436,7 @@ list_dnsrbl_filter(list,salen, sa)
 	struct list_entry *le;
 
 	LIST_FOREACH(le, &list->al_head, l_list) {
-		if (dnsrbl_check_source(sa, salen, le->l_data.dnsrbl) != 0)
+		if (dnsrbl_check_source(sa, salen, le->l_data.dnsrbl) == 1)
 			break;
 	}
 


Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@...  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

Hi,

>>> Wed, 02 Aug 2006 01:57:54 +0900,
>>> Hajimu UMEMOTO <ume@...> said:

ume> Oops, I was confused.  You didn't disable IPv6 DNSRBL query,
ume> correctly.  We need to test sa.  Please throw my previous patch away,
ume> and use this patch instead.

One more patch, please.

Index: dnsrbl.c
diff -u -p dnsrbl.c.orig dnsrbl.c
--- dnsrbl.c.orig	Wed Aug  2 03:58:36 2006
+++ dnsrbl.c	Wed Aug  2 04:03:41 2006
@@ -69,8 +69,6 @@ __RCSID("$Id: dnsrbl.c,v 1.10 2006/07/31
 #define res_ndestroy(res)	res_nclose(res)
 #endif
 #else
-#define	res_ninit(res) \
-	((_res.options & RES_INIT) == 0 && res_init())
 #define res_nquery(res, req, class, type, ans, anslen)	\
 	res_query(req, class, type, ans, anslen)
 #define res_ndestroy(res)
@@ -142,8 +140,11 @@ dnsrbl_check_source(sa, salen, source)
 
 #ifdef HAVE_RESN
 	bzero(&res, sizeof(res));
+	if (res_ninit(&res) != 0)
+#else
+	if ((_res.options & RES_INIT) == 0 && res_init() != 0)
 #endif
-	if (res_ninit(&res) != 0) {
+	{
 		syslog(LOG_ERR, "res_ninit failed: %s", strerror(errno));
 		return -1;
 	}

Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@...  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

Fabien Tassin <fta+miltergreylist@...> wrote:

> > I added the flushaddr feature, which canbe used to remove any entry
> > with the source IP of the message that matched an ACL. See the man
> > page for the details.
> 
> hmm. I don't see how it could match my description of auto-blacklist.
> I mean, it's an instantaneous flush, right?

Yes.

> auto-blacklist has a remanency similar to auto-whitelisting, ie, you kill
> all that happened *before* and continue to kill *after* for a while.
> That's the advantage compared to instantaneous flush.
> Or did I misunderstood something?

auto-blacklisting needs heavy changes. I'd like to make the code settle
a bit so that it gets stable and buildable for everyone. We'll se after
the 3.0 release for auto-blacklisting, except if someone steps in and
contribute a patch right now.

Moreover, you can already have the auto-blacklisting with current
features: have your spamtrap feed a local DNSRBL with a given timeout,
tell milter-greylist to blacklist using this DNSRBL and you are done.

FWIW, I once wrote some code that was supposed to run in the .forward of
a spamtrap. It parse the header and adds the sender IP address to a
DNSRBL, and remove it after some time. Look for DST at the URL below:

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Hajimu UMEMOTO <ume@...> wrote:

> One more patch, please.

Why is that one required? 

I was about to make that change in the code:

#ifdef HAVE_RES_NINIT
#define RES_NINIT(res)  res_ninit(res)
#else
#define RES_NINIT(res) \
        ((_res.options & RES_INIT) == 0 && res_init())
#endif

#ifdef HAVE_RES_NDESTROY
# define RES_NDESTROY(res)      res_ndestroy(res)
#else
# ifdef HAVE_RES_NCLOSE
#  define RES_NDESTROY(res)     res_nclose(res)
# else
#  define RES_NDESTROY(res)
# endif
#endif


And use the macro like this:

        if (RES_NINIT(res) != 0) {
                ...
        }

Plus checks in configure to discover what we have.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Hi,

>>>>> On Tue, 1 Aug 2006 21:29:25 +0200
>>>>> manu@... said:

manu> Why is that one required? 

manu> I was about to make that change in the code:

manu> #ifdef HAVE_RES_NINIT
manu> #define RES_NINIT(res)  res_ninit(res)
manu> #else
manu> #define RES_NINIT(res) \
manu>         ((_res.options & RES_INIT) == 0 && res_init())
manu> #endif

manu> #ifdef HAVE_RES_NDESTROY
manu> # define RES_NDESTROY(res)      res_ndestroy(res)
manu> #else
manu> # ifdef HAVE_RES_NCLOSE
manu> #  define RES_NDESTROY(res)     res_nclose(res)
manu> # else
manu> #  define RES_NDESTROY(res)
manu> # endif
manu> #endif


manu> And use the macro like this:

manu>         if (RES_NINIT(res) != 0) {
manu>                 ...
manu>         }

The return value of res_ninit() was not tested, but is tested now.

	res_ninit(&res) != 0

is expand to

	((_res.options & RES_INIT) == 0 && res_init()) != 0

It is not same with

	(_res.options & RES_INIT) == 0 && res_init() != 0

exactly.  As far as testing if the return value of res_ninit() is 0 or
not, they come to same result.  However, it is slightly tricky.  In
anyway, the current code is valid.

Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@...  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

Just two important notes ...

Bill Levering wrote:
 > FreeBSD webmig.com 4.7-RELEASE-p28 FreeBSD 4.7-RELEASE-p28 #43: Wed  
 > Jul 20 09:35:30 MDT 2005     root@fc2:/usr/src/sys/compile/VKERN  i386

FreeBSD 4.7 is 4 years old and not supported anymore by the
FreeBSD security team.  Besides, a lot of current software
doesn't build on 4.7 anymore (even from the current ports
collection) because of its ancient compiler and toolchain,
and some missing POSIX-compliance in the standard includes
which has been fixed in newer releases.

Frankly, I'm not surprised that you have problems building
milter-greylist.  I strongly recommend to upgrad to a newer
release (e.g. 6.1-RELEASE or 6.1-STABLE).  It will also fix
a lot of security issues, which you should care about on a
mail server.  And I'm sure that milter-greylist will compile
with less problems.

 > ./configure (no options)
 > 
 > completed ok
 > 
 > milter-greylist-2.1.11# make
 > gcc -g -O2 -Wall -D_BSD_SOURCE -c milter-greylist.c

The "-O2" flag will break on FreeBSD 4.7.  You should use
no more than "-O1".  On FreeBSD 6.1 you can use "-O2" if
you also use "-fno-strict-aliasing" (unless you are 100%
sure that the code in question is aliasing-clean).

Best regards
   Oliver Fromme

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"It combines all the worst aspects of C and Lisp:  a billion different
sublanguages in one monolithic executable.  It combines the power of C
with the readability of PostScript."
        -- Jamie Zawinski, when asked: "What's wrong with perl?"

On Wed, Aug 02, 2006 at 08:59:48AM +0200, Oliver Fromme wrote:
> Frankly, I'm not surprised that you have problems building
> milter-greylist.

Well, the issue he raised was just an minot include issue: 
<regex.h> needs <sys/types.h>. That have been easy to handle.

-- 
Emmanuel Dreyfus
manu@...

Emmanuel Dreyfus wrote:
 > Oliver Fromme wrote:
 > > Frankly, I'm not surprised that you have problems building
 > > milter-greylist.
 > 
 > Well, the issue he raised was just an minot include issue: 
 > <regex.h> needs <sys/types.h>. That have been easy to handle.

Yes, OK.

But nevertheless:  Running FreeBSD 4.7 (and saying so in a
public mailing list which is archived on the web) is like
putting a sign on your front door saying "I'm on vacation
for 2 weeks and the door isn't locked".  ;-)

I still strongly recommend updating to a newer version
that's supported by the FreeBSD security team and will
receive patches for advisories.  Even updating to 4.11
would be better than nothing (it's supported with patches
for any security issues till end of January 2007), and
it's not difficult to update from 4.7 to 4.11.  However,
updating to 6.1 (or re-installing) is probably the best
and way to go for the future.

I'm very sorry, this is probably off-topic here, but I
think it is an important advise.

Best regards
   Oliver


-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

Python is executable pseudocode.  Perl is executable line noise.

Before anyone has issues with 4.7, let me state that a moderate size  
ISP (of 400 servers) runs all their servers on this platform. They  
are working on upgrading to FBSD6 (which became stable last  
November), and as we all know how FBSD5 was a great success...

Bill

FreeBSD webmig.com 4.7-RELEASE-p28 FreeBSD 4.7-RELEASE-p28 #43: Wed  
Jul 20 09:35:30 MDT 2005     root@fc2:/usr/src/sys/compile/VKERN  i386

webmig /usr/local/src/milter-greylist-3.0rc4# make
gcc -g -O2 -Wall -D_BSD_SOURCE -c milter-greylist.c
gcc -g -O2 -Wall -D_BSD_SOURCE -c pending.c
gcc -g -O2 -Wall -D_BSD_SOURCE -c sync.c
gcc -g -O2 -Wall -D_BSD_SOURCE -c dnsrbl.c
gcc -g -O2 -Wall -D_BSD_SOURCE -c list.c
gcc -g -O2 -Wall -D_BSD_SOURCE -c macro.c
In file included from macro.c:47:
/usr/include/regex.h:46: syntax error before `regoff_t'
/usr/include/regex.h:46: warning: type defaults to `int' in  
declaration of `regoff_t'
/usr/include/regex.h:46: warning: data definition has no type or  
storage class
/usr/include/regex.h:56: syntax error before `regoff_t'
In file included from milter-greylist.h:36,
                  from macro.c:56:
/usr/include/arpa/inet.h:89: warning: parameter has incomplete type
/usr/include/arpa/inet.h:92: warning: parameter has incomplete type
/usr/include/arpa/inet.h:96: warning: parameter has incomplete type
*** Error code 1

Stop in /usr/local/src/milter-greylist-3.0rc4.




--- configure ---
webmig /usr/local/src/milter-greylist-3.0rc4# ./configure
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking for flex... flex
checking for yywrap in -lfl... yes
checking lex output file root... lex.yy
checking whether yytext is a pointer... yes
checking for bison... bison -y
checking for a BSD-compatible install... /usr/bin/install -c
checking for mkdep... mkdep
checking for rm... rm
checking for mv... mv
checking for test... test
checking for sed... sed
checking for true... true
checking if compiler accepts -Wall... yes
checking if ld accepts --rpath... yes
checking how to run the C preprocessor... gcc -E
checking for egrep... grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... no
checking for unistd.h... yes
checking arpa/inet.h usability... yes
checking arpa/inet.h presence... yes
checking for arpa/inet.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking netinet/in.h usability... yes
checking netinet/in.h presence... yes
checking for netinet/in.h... yes
checking for stdlib.h... (cached) yes
checking for string.h... (cached) yes
checking for strings.h... (cached) yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking syslog.h usability... yes
checking syslog.h presence... yes
checking for syslog.h... yes
checking for unistd.h... (cached) yes
checking sys/param.h usability... yes
checking sys/param.h presence... yes
checking for sys/param.h... yes
checking netdb.h usability... yes
checking netdb.h presence... yes
checking for netdb.h... yes
checking getopt.h usability... no
checking getopt.h presence... no
checking for getopt.h... no
checking sys/cdefs.h usability... yes
checking sys/cdefs.h presence... yes
checking for sys/cdefs.h... yes
checking for pid_t... yes
checking for size_t... yes
checking whether time.h and sys/time.h may both be included... yes
checking for unistd.h... (cached) yes
checking vfork.h usability... no
checking vfork.h presence... no
checking for vfork.h... no
checking for fork... yes
checking for vfork... yes
checking for working fork... yes
checking for working vfork... (cached) yes
checking for strftime... yes
checking for working memcmp... yes
checking sys/select.h usability... yes
checking sys/select.h presence... yes
checking for sys/select.h... yes
checking for sys/socket.h... (cached) yes
checking types of arguments for select... int,fd_set *,struct timeval *
checking for function prototypes... yes
checking whether setvbuf arguments are reversed... no
checking whether lstat dereferences a symlink specified with a  
trailing slash... no
checking whether stat accepts an empty string... no
checking for bzero... yes
checking for gettimeofday... yes
checking for malloc... yes
checking for inet_ntoa... yes
checking for strerror... yes
checking for select... yes
checking for socket... yes
checking for initgroups... yes
checking for strlcat... yes
checking for vsyslog... yes
checking for socket in -lsocket... no
checking for socket in -lsocket -lnsl... no
checking for inet_aton in -lresolv... no
checking for inet_pton in -lnsl... no
checking for getaddrinfo... yes
checking for getnameinfo... yes
checking if <time.h> defines timeradd... yes
checking if -D_REENTRANT is needed to use localtime_r... no
checking if -D__EXTENSIONS__ is needed to use snprintf... no
checking for pthread_create in -lpthread... no
checking for pthread_create in -lc_r... yes
checking for smfi_register in -lmilter... yes
checking if -lpthread is needed after -lmilter... no
checking if <sys/queue.h> is outdated... no
checking if __RCSID can be used twice in the same source... yes
checking whether <pthreads.h> wants -pthread... no
checking whether you need -D_XOPEN_SOURCE to use libpthread... no
checking whether you need -D_SGI_SOURCE to use <stdio.h> with - 
ansi... no
checking whether you need -D_XOPEN_SOURCE to use <stdio.h> with - 
ansi... no
checking if -D_OSF_SOURCE is needed for IPV6 support... no
checking for struct sockaddr.sa_len... yes
checking for struct sockaddr_in6.sin6_scope_id... yes
checking if socklen_t is missing... no
checking for broken rwlock in libpthread... no
checking if DNS resolver is re-entrant... no
configure: creating ./config.status
config.status: creating Makefile
config.status: creating milter-greylist.spec
config.status: creating config.h

Hi,

>>>>> On Thu, 5 Oct 2006 09:21:21 -0700
>>>>> Bill Levering <idbill@...> said:

idbill> Before anyone has issues with 4.7, let me state that a moderate size  
idbill> ISP (of 400 servers) runs all their servers on this platform. They  
idbill> are working on upgrading to FBSD6 (which became stable last  
idbill> November), and as we all know how FBSD5 was a great success...

I could reproduce it on my 4.11-STABLE box.  It is rather name space
problem in FreeBSD 4.X and earlier, and sys/types.h shouldn't be
required on most systems which are standard compliant.  But, including
sys/types.h should be harmless.

Index: macro.c
diff -u -p macro.c.orig macro.c
--- macro.c.orig	Tue Sep  5 07:25:29 2006
+++ macro.c	Fri Oct  6 01:53:46 2006
@@ -38,6 +38,7 @@ __RCSID("$Id: macro.c,v 1.1.2.1 2006/09/
 #endif
 #endif
 
+#include <sys/types.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>

Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@...  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

Bill Levering wrote:
 > Before anyone has issues with 4.7, let me state that a moderate size  
 > ISP (of 400 servers) runs all their servers on this platform.

Not a good idea.  4.7 was released four years ago, and it's
not officially supported anymore, which means that you won't
get security advisories and patches.  For example, I bet
that those servers contain the OpenSSL vulnerability that
was discovered recently.

At the very least, I recommend to update to 4-stable which
is officially supported til the end of January 2007.  The
aforementioned OpenSSL bug is fixed in 4-stable.

 > They are working on upgrading to FBSD6 (which became stable last  
 > November), and as we all know how FBSD5 was a great success...

The problem was that the step between 4 and 5 was too big,
which caused nightmares for QA.  Personally I have skipped
FreeBSD 5 alltogether and re-installed most of them with
FreeBSD 6 (only a few are remaining with 4-stable, but they
will be updated soon, too).

Your problem with compiling milter_greylist might well be
caused by your obsolete FreeBSD version, because it has a
very old compiler (gcc 2.95.4, which was already obsolete
when FreeBSD 4.7 was released) and old include files.
If you cannot update your FreeBSD version right now, it
might be worth a try to install a more recent Compiler from
the Ports collection, e.g. gcc3.

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"[...]  one observation we can make here is that Python makes
an excellent pseudocoding language, with the wonderful attribute
that it can actually be executed."  --  Bruce Eckel

Hi,

>>> Fri, 06 Oct 2006 02:07:34 +0900,
>>> Hajimu UMEMOTO <ume@...> said:

ume> I could reproduce it on my 4.11-STABLE box.  It is rather name space
ume> problem in FreeBSD 4.X and earlier, and sys/types.h shouldn't be
ume> required on most systems which are standard compliant.  But, including
ume> sys/types.h should be harmless.

macro.c includes sys/types.h already but after inclusion of regex.h.
Please use this patch, instead.  It suppresses following warnings as
well:

In file included from milter-greylist.h:36,
                  from macro.c:56:
/usr/include/arpa/inet.h:89: warning: parameter has incomplete type
/usr/include/arpa/inet.h:92: warning: parameter has incomplete type
/usr/include/arpa/inet.h:96: warning: parameter has incomplete type

Index: macro.c
diff -u -p macro.c.orig macro.c
--- macro.c.orig	Tue Sep  5 07:25:29 2006
+++ macro.c	Fri Oct  6 02:12:19 2006
@@ -38,6 +38,7 @@ __RCSID("$Id: macro.c,v 1.1.2.1 2006/09/
 #endif
 #endif
 
+#include <sys/types.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -51,7 +52,6 @@ __RCSID("$Id: macro.c,v 1.1.2.1 2006/09/
 #else 
 #include <sys/queue.h>
 #endif
-#include <sys/types.h>
 
 #include "milter-greylist.h"
 #include "pending.h"
Index: milter-greylist.h
diff -u milter-greylist.h.orig milter-greylist.h
--- milter-greylist.h.orig	Tue Sep  5 07:05:59 2006
+++ milter-greylist.h	Fri Oct  6 02:16:11 2006
@@ -33,8 +33,8 @@
 #define _MILTER_GREYLIST_H_
 
 #include <sys/socket.h>
-#include <arpa/inet.h>
 #include <netinet/in.h>
+#include <arpa/inet.h>
 #include <netdb.h>
 
 #include <libmilter/mfapi.h>

Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@...  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

Hajimu UMEMOTO,

Thank you, that is much better.

Since you commented about the earlier warnings, I included the newest  
warnings, but milter compiled ok.

/usr/lib/libc.so: WARNING!  setkey(3) not present in the system!
/usr/lib/libc.so: warning: this program uses gets(), which is unsafe.
/usr/lib/libc.so: warning: mktemp() possibly used unsafely; consider  
using mkstemp()
/usr/lib/libc.so: WARNING!  des_setkey(3) not present in the system!
/usr/lib/libc.so: WARNING!  encrypt(3) not present in the system!
/usr/lib/libc.so: warning: tmpnam() possibly used unsafely; consider  
using mkstemp()
/usr/lib/libc.so: warning: this program uses f_prealloc(), which is  
not recommended.
/usr/lib/libc.so: WARNING!  des_cipher(3) not present in the system!
/usr/lib/libc.so: warning: tempnam() possibly used unsafely; consider  
using mkstemp()

The vanilla install appears to be working.

I'd love to try the DNSRBL thing, but as we may all agree on, the  
FBSD4 dnsresolver isn't thread safe.

My isp has a FBSD6 virtual server product in beta testing now. I'm  
hoping to get an account 1st qtr 2007.

Bill

On Oct 5, 2006, at 10:27 AM, Hajimu UMEMOTO wrote:

> Hi,
>
>>>> Fri, 06 Oct 2006 02:07:34 +0900,
>>>> Hajimu UMEMOTO <ume@...> said:
>
> ume> I could reproduce it on my 4.11-STABLE box.  It is rather name  
> space
> ume> problem in FreeBSD 4.X and earlier, and sys/types.h shouldn't be
> ume> required on most systems which are standard compliant.  But,  
> including
> ume> sys/types.h should be harmless.
>
> macro.c includes sys/types.h already but after inclusion of regex.h.
> Please use this patch, instead.  It suppresses following warnings as
> well:
>
> In file included from milter-greylist.h:36,
>                   from macro.c:56:
> /usr/include/arpa/inet.h:89: warning: parameter has incomplete type
> /usr/include/arpa/inet.h:92: warning: parameter has incomplete type
> /usr/include/arpa/inet.h:96: warning: parameter has incomplete type
>
> Index: macro.c
> diff -u -p macro.c.orig macro.c
> --- macro.c.orig	Tue Sep  5 07:25:29 2006
> +++ macro.c	Fri Oct  6 02:12:19 2006
> @@ -38,6 +38,7 @@ __RCSID("$Id: macro.c,v 1.1.2.1 2006/09/
>  #endif
>  #endif
>
> +#include <sys/types.h>
>  #include <stdio.h>
>  #include <stdlib.h>
>  #include <string.h>
> @@ -51,7 +52,6 @@ __RCSID("$Id: macro.c,v 1.1.2.1 2006/09/
>  #else
>  #include <sys/queue.h>
>  #endif
> -#include <sys/types.h>
>
>  #include "milter-greylist.h"
>  #include "pending.h"
> Index: milter-greylist.h
> diff -u milter-greylist.h.orig milter-greylist.h
> --- milter-greylist.h.orig	Tue Sep  5 07:05:59 2006
> +++ milter-greylist.h	Fri Oct  6 02:16:11 2006
> @@ -33,8 +33,8 @@
>  #define _MILTER_GREYLIST_H_
>
>  #include <sys/socket.h>
> -#include <arpa/inet.h>
>  #include <netinet/in.h>
> +#include <arpa/inet.h>
>  #include <netdb.h>
>
>  #include <libmilter/mfapi.h>
>
> Sincerely,
>
> --
> Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
> ume@...  ume@{,jp.}FreeBSD.org
> http://www.imasy.org/~ume/
>

Bill Levering <idbill@...> wrote:

> I'd love to try the DNSRBL thing, but as we may all agree on, the  
> FBSD4 dnsresolver isn't thread safe.

Link with libbind.a from BIND9 and it will be alright.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...