diff -p -up dnswl-client-scripts-0.1.1/dnswl.conf.orig dnswl-client-scripts-0.1.1/dnswl.conf --- dnswl-client-scripts-0.1.1/dnswl.conf.orig 2006-11-26 16:24:16.000000000 -0500 +++ dnswl-client-scripts-0.1.1/dnswl.conf 2008-09-15 06:01:59.000000000 -0400 @@ -49,7 +49,8 @@ $bind_address='0.0.0.0'; # in order to profit from rsync's bandwidth-saving # incremental transfer. However it's no disaster if # the files get deleted. -$tmpdir = '/tmp/'; +#$tmpdir = "$ENV{'HOME'}/tmp/"; +$tmpdir = "/var/cache/dnswl/"; # Verify authenticity of downloaded / rsynced @@ -80,7 +80,7 @@ $pgp = '/usr/bin/gpg'; # # The base directory for all rbldnsd-related things. -$rbldnsd_base = '/opt/rbldnsd/'; +$rbldnsd_base = '/var/lib/rbldnsd/'; $rbldnsd_datadir = $rbldnsd_base . '/dnswl/'; $rbldnsd_filename = 'rbldnsd-dnswl'; diff -p -up dnswl-client-scripts-0.1.1/postfix-update-dnswl.pl.orig dnswl-client-scripts-0.1.1/postfix-update-dnswl.pl --- dnswl-client-scripts-0.1.1/postfix-update-dnswl.pl.orig 2006-11-27 14:02:52.000000000 -0500 +++ dnswl-client-scripts-0.1.1/postfix-update-dnswl.pl 2008-09-15 05:49:48.000000000 -0400 @@ -35,12 +35,17 @@ my @args = (); if ($dnswl::postfix_getheader == 1) { my $tmpfile = sprintf('%s/%s', $dnswl::tmpdir, $dnswl::headerfile); my $outfile = sprintf('%s/%s', $dnswl::postfix_dir, $dnswl::headerfile); + my $signaturefile = sprintf('%s.asc', $dnswl::headerfile); + # 1. Get the file if (!(rsync($dnswl::headerfile, $tmpfile) == 0)) { print "rsync of dnswl.org data for Postfix (headerfile) failed\n"; exit 1; - } else { + } + my $verify = verify($tmpfile, $signaturefile); + + if ($verify == 1) { # 2. Substitute 'REPLACEME' with $whitelistheader if (length($dnswl::whitelistheader) > 0) { print "Inserting $dnswl::whitelistheader\n" if ($dnswl::debug); @@ -55,18 +60,26 @@ if ($dnswl::postfix_getheader == 1) { close(IN); close(OUT); } - } + } else { + print "PGP VERIFICATION FAILED!\n"; + print "You may want to verify the data file: $tmpfile and the signature file: $signaturefile\n"; + exit $verify; + } } if ($dnswl::postfix_getpermit == 1) { my $tmpfile = sprintf('%s/%s', $dnswl::tmpdir, $dnswl::permitfile); my $outfile = sprintf('%s/%s', $dnswl::postfix_dir, $dnswl::permitfile); + my $signaturefile = sprintf('%s.asc', $dnswl::permitfile); # 1. Get the file if (!(rsync($dnswl::permitfile, $tmpfile) == 0)) { print "rsync of dnswl.org data for Postfix (permitfile) failed\n"; - } else { + } + my $verify = verify($tmpfile, $signaturefile); + + if ($verify == 1) { # 2. Filter according to $permitregex print "Applying $dnswl::permitregex to $dnswl::permitaction\n" if ($dnswl::debug); open(IN, "$tmpfile") or die sprintf('Could not open %s for reading: %s', $tmpfile, $!); @@ -85,6 +98,10 @@ if ($dnswl::postfix_getpermit == 1) { } close(IN); close(OUT); + } else { + print "PGP VERIFICATION FAILED!\n"; + print "You may want to verify the data file: $tmpfile and the signature file: $signaturefile\n"; + exit $verify; } } diff -p -up dnswl-client-scripts-0.1.1/dnswl.sh.orig dnswl-client-scripts-0.1.1/dnswl.sh --- dnswl-client-scripts-0.1.1/dnswl.sh.orig 2006-11-26 15:35:32.000000000 -0500 +++ dnswl-client-scripts-0.1.1/dnswl.sh 2008-09-15 05:49:48.000000000 -0400 @@ -13,13 +13,13 @@ # # Path to dnswl-lib.pl -LIBPATH=/home/matthias/projects/dnswl/client-scripts +LIBPATH=/usr/share/dnswl # Path to the program files PROGPATH=$LIBPATH # Configuration file, fully qualified -CONFIG=/home/matthias/projects/dnswl/client-scripts/dnswl.conf +CONFIG=/etc/dnswl.conf # User to run as USER=dnswl @@ -39,11 +39,11 @@ export PERL5LIB=$LIBPATH case "$1" in rbldnsd) - su $USER -c $PROGPATH/rbldnsd-update-dnswl.pl $CONFIG + su $USER -s /bin/sh -c "$PROGPATH/rbldnsd-update-dnswl.pl $CONFIG" ;; postfix) - su $USER -c $PROGPATH/postfix-update-dnswl.pl $CONFIG + su $USER -s /bin/sh -c "$PROGPATH/postfix-update-dnswl.pl $CONFIG" ;; bind) @@ -56,4 +56,4 @@ case "$1" in ;; esac -# EOF \ No newline at end of file +# EOF