Debian

Available patches from Ubuntu

To see Ubuntu differences wrt. to Debian, write down a grep-dctrl query identifying the packages you're interested in:
grep-dctrl -n -sPackage Sources.Debian
(e.g. -FPackage linux-ntfs or linux-ntfs)

Modified packages are listed below:

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: amavisd-new

amavisd-new (1:2.11.0-5ubuntu1) disco; urgency=medium * Merge with Debian unstable (LP: #1814900). Remaining changes: - Add information in README.Debian about Ubuntu specific changes - Ubuntu configuration changes in 21-ubuntu_defaults - Reduce email responses for virus/blocked mail so as not to be a backscatter source by default - Enable DKIM checking by default - Include policy-bank of known good domains for DKIM whitelisting in 40-policy_banks - debian/control: drop altermime and ripole to Suggests after discussions with the server team. - amavisd-new-postfix configuration for anti-spam/virus - Fix DKIM signing in 2.11.0 (LP #1770532) -- Karl Stenerud <kstenerud@gmail.com> Wed, 06 Feb 2019 17:02:57 +0100

Modifications :
  1. Download patch debian/etc/conf.d/21-ubuntu_defaults

    --- 1:2.11.0-5/debian/etc/conf.d/21-ubuntu_defaults 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.11.0-5ubuntu1/debian/etc/conf.d/21-ubuntu_defaults 2019-02-06 16:02:57.000000000 +0000 @@ -0,0 +1,19 @@ +use strict; + +# +# These are Ubuntu specific defaults for amavisd-new configuration +# +# DOMAIN KEYS IDENTIFIED MAIL (DKIM) +$enable_dkim_verification = 1; +# Don't be verbose about sending mail: +@whitelist_sender_acl = qw( .$mydomain ); +$final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE) +$final_banned_destiny = D_DISCARD; # (defaults to D_BOUNCE) +$final_spam_destiny = D_DISCARD; # (defaults to D_REJECT) +$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested + +$virus_admin = undef; +$spam_admin = undef; + +#------------ Do not modify anything below this line ------------- +1; # insure a defined return
  2. Download patch debian/amavisd-new-postfix.postinst

    --- 1:2.11.0-5/debian/amavisd-new-postfix.postinst 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.11.0-5ubuntu1/debian/amavisd-new-postfix.postinst 2019-02-06 16:02:57.000000000 +0000 @@ -0,0 +1,93 @@ +#! /bin/sh +# postinst script for amavisd-new-postfix + +set -e + +# summary of how this script can be called: +# * <postinst> `configure' <most-recently-configured-version> +# * <old-postinst> `abort-upgrade' <new version> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package> +# <new-version> +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package +# +# quoting from the policy: +# Any necessary prompting should almost always be confined to the +# post-installation script, and should be protected with a conditional +# so that unnecessary prompting doesn't happen if a package's +# installation fails and the `postinst' is called with `abort-upgrade', +# `abort-remove' or `abort-deconfigure'. + +POSTFIX_BCKFILE="/var/backups/amavisd-new-postfix/main.cf-backup" +POSTFIX_MASTER_BCKFILE="/var/backups/amavisd-new-postfix/master.cf-backup" + +set_postfix_option() { + opt="$1" + # Backup the existion value of the option + postconf $(echo ${opt} | cut -d= -f1) >> ${POSTFIX_BCKFILE} || true + # Set the new value of the option + postconf -e "${opt}" +} + +case "$1" in + configure) + if [ -f "/etc/postfix/main.cf" ]; then + if [ -z "$2" -o ! -e "$POSTFIX_BCKFILE" ]; then + if which postconf >/dev/null; then + # Setup postfix + set_postfix_option "content_filter = smtp-amavis:[localhost]:10024" + set_postfix_option "policy-spf_time_limit = 3600s" + SMTPD_RECIP_RESTR=`postconf smtpd_recipient_restrictions` + set_postfix_option "$SMTPD_RECIP_RESTR, check_policy_service unix:private/policy-spf" + fi + cp /etc/postfix/master.cf $POSTFIX_MASTER_BCKFILE + postfix-add-policy policy-spf nobody /usr/bin/policyd-spf + postfix-add-filter smtp-amavis 10025 + fi + else + echo "" + echo "Postfix not configured. Run" + echo "sudo dpkg-reconfigure postfix and choose" + echo "the type of mail server. Then run" + echo "sudo dpkg-reconfigure amavisd-new-postfix to" + echo "finish amavisd-new-postfix installation." + echo "" + fi + if [ -x "/etc/init.d/postfix" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d postfix restart + else + /etc/init.d/postfix restart + fi + fi + if [ -x "/etc/init.d/amavis" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d amavis restart + else + /etc/init.d/amavis restart + fi + fi + + + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 +
  3. Download patch debian/amavisd-new-postfix.dirs

    --- 1:2.11.0-5/debian/amavisd-new-postfix.dirs 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.11.0-5ubuntu1/debian/amavisd-new-postfix.dirs 2019-02-06 16:02:57.000000000 +0000 @@ -0,0 +1,3 @@ +var/backups +var/backups/amavisd-new-postfix +etc/amavis/conf.d
  4. Download patch debian/control

    --- 1:2.11.0-5/debian/control 2019-01-27 23:05:01.000000000 +0000 +++ 1:2.11.0-5ubuntu1/debian/control 2019-02-06 16:02:57.000000000 +0000 @@ -1,7 +1,8 @@ Source: amavisd-new Section: mail Priority: optional -Maintainer: Brian May <bam@debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Brian May <bam@debian.org> Uploaders: Henrique de Moraes Holschuh <hmh@debian.org>, Alexander Wirt <formorer@debian.org> Build-Depends: debhelper (>= 9), po-debconf, dh-exec @@ -57,8 +58,10 @@ Suggests: apt-listchanges (>= 2.35), p7zip, rpm, spamassassin (>= 3.1.0a), - unrar -Recommends: altermime, libnet-patricia-perl, ripole + unrar, + altermime, + ripole +Recommends: libnet-patricia-perl Description: Interface between MTA and virus scanner/content filters AMaViSd-new is a script that interfaces a mail transport agent (MTA) with zero or more virus scanners, and spamassassin (optional). @@ -71,3 +74,23 @@ Description: Interface between MTA and v (ideal for postfix and exim). It is faster and safer to use the SMTP/LMTP filter mode than using the AMaViS pipe client. It supports sendmail milter through the amavisd-new-milter package. + +Package: amavisd-new-postfix +Architecture: all +Depends: ${shlibs:Depends}, amavisd-new (= ${source:Version}), ${misc:Depends}, postfix, postfix-policyd-spf-python, spamassassin +Recommends: clamav-daemon, clamav-freshclam, zoo, unzip, unarj, bzip2 +Description: part of Ubuntu mail stack provided by Ubuntu server team + AMaViSd-new is a script that interfaces a mail transport agent (MTA) with + zero or more virus scanners, and spamassassin (optional). + . + It supports all common virus scanners (more than 20 different AVs), with + direct talk-to-daemon support for ClamAV, OpenAntiVirus, Trophie, AVG, + f-prot, and Sophos AVs. + . + AMaViSd-new supports all MTAs through its generic SMTP/LMTP filter mode + (ideal for postfix and exim). It is faster and safer to use the SMTP/LMTP + filter mode than using the AMaViS pipe client. It supports sendmail milter + through this package. + . + This package contains configuration files for amavis and alters postfix + configuration to utilize amavisd-new.
  5. Download patch debian/amavisd-new-postfix.postrm

    --- 1:2.11.0-5/debian/amavisd-new-postfix.postrm 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.11.0-5ubuntu1/debian/amavisd-new-postfix.postrm 2019-02-06 16:02:57.000000000 +0000 @@ -0,0 +1,20 @@ +#!/bin/sh +set -e + +POSTFIX_BCKFILE="/var/backups/amavisd-new-postfix/main.cf-backup" + +if [ "$1" = "remove" ]; then + if which postconf >/dev/null && [ -f "${POSTFIX_BCKFILE}" ]; then + while read line; do + postconf -e "$line" + done < "${POSTFIX_BCKFILE}" + rm -f "${POSTFIX_BCKFILE}" + fi + if [ -x "/etc/init.d/postfix" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d postfix reload + else + /etc/init.d/postfix reload + fi + fi +fi
  6. Download patch debian/patches/series

    --- 1:2.11.0-5/debian/patches/series 2019-02-03 08:55:48.000000000 +0000 +++ 1:2.11.0-5ubuntu1/debian/patches/series 2019-02-06 16:02:57.000000000 +0000 @@ -7,3 +7,4 @@ 90_fix_snmp_subagent_warning 95_amavisd_helpers_fixes 0009-Fix-an-unescaped-brace-in-amavisd.patch +105_amavisd_fix_originating_dkim_signing.patch
  7. Download patch debian/README.Debian

    --- 1:2.11.0-5/debian/README.Debian 2018-09-24 22:32:34.000000000 +0000 +++ 1:2.11.0-5ubuntu1/debian/README.Debian 2019-02-06 16:02:57.000000000 +0000 @@ -24,6 +24,8 @@ Read-write conffiles: /etc/amavis/conf.d 15-av_scanners: AV scanner interface configuration 15-content_filter_mode: Use this to re-enable spamassassin/av checks 20-debian_defaults: Commonly modified settings + 21-ubuntu_defaults: Additional Ubuntu specific changes + 40-policy_banks: DKIM whitelist 50-user: Place your overrides here, if you want If the package detects legacy config files, it renames them adding a @@ -133,3 +135,18 @@ system. You can change the backend in /etc/default/amavisd-snmp-subagent. -- Your amavisd-new maintainers (and contributors) + +Ubuntu Changes +-------------- + +The Ubuntu variant of this package is generally very similar to the standard +Debian package. The major difference is that we enable DKIM verification by +default and provide an additional config file, 40-policy_banks, to for easy +DKIM based whitelisting. Domains recommended by upstream are whitelisted by +default. You can over-ride DKIM verification in 50-user if you don't want it. + +At any given moment there may be bug fixes applied in the Ubuntu package, but +not yet in Debian. It is the goal of Ubuntu to feed these back to Debian. + + + -- Scott Kitterman <scott@kitterman.com>
  8. Download patch debian/patches/105_amavisd_fix_originating_dkim_signing.patch

    --- 1:2.11.0-5/debian/patches/105_amavisd_fix_originating_dkim_signing.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.11.0-5ubuntu1/debian/patches/105_amavisd_fix_originating_dkim_signing.patch 2019-02-06 16:02:57.000000000 +0000 @@ -0,0 +1,22 @@ +Description: Fix DKIM signing in 2.11.0 lacking originating status +. +Version 2.11 has control flows that reach DKIM signing without originating +being set. Various reports upstream have very similar changes, but no upstream +response so far. Pick one of the changes to fix this in Ubuntu. +. +Forwarded: yes +Author: Adam Jacobs <alj@boxyfrog.com> +Origin: https://lists.amavis.org/pipermail/amavis-users/2018-May/005364.html +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1770532 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882324 +Last-Update: 2018-09-24 +--- a/amavisd ++++ b/amavisd +@@ -33570,6 +33570,7 @@ sub dkim_make_signatures($$;$) { + my $allowed_hdrs = cr('allowed_added_header_fields'); + my $from_str = join(', ', qquote_rfc2821_local(@rfc2822_from)); # logging + substr($from_str,100) = '[...]' if length($from_str) > 100; ++ $msginfo->originating(c('originating')); + if (!$allowed_hdrs || !$allowed_hdrs->{lc('DKIM-Signature')}) { + do_log(5, "dkim: inserting a DKIM-Signature header field disabled"); + } elsif (!$msginfo->originating) {
  9. Download patch debian/etc/conf.d/40-policy_banks

    --- 1:2.11.0-5/debian/etc/conf.d/40-policy_banks 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.11.0-5ubuntu1/debian/etc/conf.d/40-policy_banks 2019-02-06 16:02:57.000000000 +0000 @@ -0,0 +1,33 @@ +# DKIM signing domain whitelist. The domain to use is the domain after +# d= in the DKIM header. + +@author_to_policy_bank_maps = ( { + # 'friends.example.net' => 'WHITELIST,NOBANNEDCHECK', + # 'user1@cust.example.net' => 'WHITELIST,NOBANNEDCHECK', + '.ebay.com' => 'WHITELIST', + '.ebay.co.uk' => 'WHITELIST', + 'ebay.at' => 'WHITELIST', + 'ebay.ca' => 'WHITELIST', + 'ebay.de' => 'WHITELIST', + 'ebay.fr' => 'WHITELIST', + '.paypal.co.uk' => 'WHITELIST', + '.paypal.com' => 'WHITELIST', # author signatures + './@paypal.com' => 'WHITELIST', # 3rd-party sign. by paypal.com + 'alert.bankofamerica.com' => 'WHITELIST', + 'amazon.com' => 'WHITELIST', + 'cisco.com' => 'WHITELIST', + '.cnn.com' => 'WHITELIST', + 'skype.net' => 'WHITELIST', + 'welcome.skype.com' => 'WHITELIST', + 'cc.yahoo-inc.com' => 'WHITELIST', + 'cc.yahoo-inc.com/@yahoo-inc.com' => 'WHITELIST', + # 'google.com' => 'MILD_WHITELIST', + # 'googlemail.com' => 'MILD_WHITELIST', + # './@googlegroups.com' => 'MILD_WHITELIST', + # './@yahoogroups.com' => 'MILD_WHITELIST', + # './@yahoogroups.co.uk' => 'MILD_WHITELIST', + # './@yahoogroupes.fr' => 'MILD_WHITELIST', + # 'yousendit.com' => 'MILD_WHITELIST', + # 'meetup.com' => 'MILD_WHITELIST', + # 'dailyhoroscope@astrology.com' => 'MILD_WHITELIST', + } );
  1. amavisd-new