Re: status-mail-rejects: appears to be broken

From: Chris H <bsd-lists_at_BSDforge.com>
Date: Sun, 07 Jan 2018 16:52:03 -0800
On Sun, 07 Jan 2018 14:13:01 +0100 "Ronald Klop" <ronald-lists_at_klop.ws> said

> On Sun, 17 Dec 2017 20:50:23 +0100, Chris H <bsd-lists_at_bsdforge.com> wrote:
> 
> > I'm running on r326056, and periodic(8) doesn't seem to be working
> > as expected;
> > mail rejects:
> >
> > Checking for rejected mail hosts:
> > usage: fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [--bind-address=host]
> >        [--ca-cert=file] [--ca-path=dir] [--cert=file] [--crl=file]
> >        [-i file] [--key=file] [-N file] [--no-passive] [--no-proxy=list]
> >        [--no-sslv3] [--no-tlsv1] [--no-verify-hostname]  
> > [--no-verify-peer]
> >        [-o file] [--referer=URL] [-S bytes] [-T seconds]
> >        [--user-agent=agent-string] [-w seconds] URL ...
> >        fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [--bind-address=host]
> >        [--ca-cert=file] [--ca-path=dir] [--cert=file] [--crl=file]
> >        [-i file] [--key=file] [-N file] [--no-passive] [--no-proxy=list]
> >        [--no-sslv3] [--no-tlsv1] [--no-verify-hostname]  
> > [--no-verify-peer]
> >        [-o file] [--referer=URL] [-S bytes] [-T seconds]
> >        [--user-agent=agent-string] [-w seconds] -h host -f file [-c dir]
> >
> > Also, 520.pfdenied doesn't produce any output. In fact, it doesn't appear
> > to be run at all.
> >
> > Any thoughts, or advice on how to best proceed?
> >
> > Thanks!
> >
> > --Chris
> 
> This looks the same as what I experienced. It will be fixed by upgrading  
> until at least this commit:
> 
> http://www.secnetix.de/olli/FreeBSD/svnews/index.py?r=326343
It appears that you indicate anything past, or including r326343 resolves this
I'll look into it.
But FWIW I was able to get etc/periodic/security/520.pfdenied output working
with the following diff(1):
--- /etc/periodic/security/520.pfdenied.orig	2017-11-21 06:57:04.000000000 -0800
+++ /etc/periodic/security/520.pfdenied	2017-03-29 16:22:50.000000000 -0700
_at__at_ -24,7 +24,7 _at__at_
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $FreeBSD: head/etc/periodic/security/520.pfdenied 306696 2016-10-04 23:12:35Z lidl $
+# $FreeBSD: head/etc/periodic/security/520.pfdenied 290405 2015-11-05 17:37:14Z lidl $
 #
 
 # If there is a global system configuration file, suck it in.
_at__at_ -44,13 +44,8 _at__at_
 if check_yesno_period security_status_pfdenied_enable
 then
 	TMP=`mktemp -t security`
-	for _a in "" $(pfctl -a "blacklistd" -sA 2>/dev/null)
-	do
-		pfctl -a ${_a} -sr -v -z 2>/dev/null | \
-		nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); if ($5 > 0) print buf$0;} }' >> ${TMP}
-	done
-	if [ -s ${TMP} ]; then
-		check_diff new_only pf ${TMP} "${host} pf denied packets:"
+	if pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); print buf$0;} }' > ${TMP}; then
+	  check_diff new_only pf ${TMP} "${host} pf denied packets:"
 	fi
 	rc=$?
 	rm -f ${TMP}

Thanks for taking the time to reply, Ronald!
> 
> Ronald.
> 
> 
--Chris
Received on Sun Jan 07 2018 - 23:51:54 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:14 UTC