mail/dspam: implement privilege separation (resolves bug running with suexec)

- Runs as dspam:dspam instead of root:mail. The dspam UID/GID were created
  in r168311 when the UIDs/GIDs files were added but the port had always
  used root:mail. This had prevented running the dspam webUI under Apache
  with suexec due to a minimal requirement of UID/GID of 100. The original
  unsecure behavior is available with the SETUID option.
- Default run directory is now /var/run/dspam. This follows the default
  upstream behavior and removes the patch to dspam.c as a result. Use
  RUN_DIR and correct the dspam.conf.sample file accordingly.
- Default daemon/client communication port is now 2424.
- Regen patches while here (portlint)

UPDATING: Document privilege separated dspam

PR:		115957
Reported by:	tedm@ipinc.net, support@ipinc.net
Submitted by:	Danny Warren <danny@dannywarren.com> (maintainer)

7 files changed, 89 insertions, 24 deletions

diff --git a/mail/dspam/files/UPDATING b/mail/dspam/files/UPDATING
index 04ed4d35dddb..2baf17d716d4 100644
--- a/mail/dspam/files/UPDATING
+++ b/mail/dspam/files/UPDATING
@@ -17,6 +17,19 @@ in the port directory:
 make extract;  more `find . -type f -maxdepth 2 -name UPGRADING`
 
 ###########################################################################
+# dspam-3.10.2_2
+#
+
+Port Changes:
+- Runs as dspam:dspam instead of root:mail [1]
+- Default run directory is now /var/run/dspam [1]
+- Default daemon/client communication port is now 2424 [1]
+- New SETUID option to enable old insecure behavior [1]
+
+[1] Questionable ownership and security on mail/dspam (PR #115957)
+
+
+###########################################################################
 # dspam-3.10.2
 #
 
diff --git a/mail/dspam/files/dspam.in b/mail/dspam/files/dspam.in
index bab6ec7dc541..9c17ae47eb19 100644
--- a/mail/dspam/files/dspam.in
+++ b/mail/dspam/files/dspam.in
@@ -25,7 +25,9 @@ load_rc_config $name
 #defaults
 : ${dspam_enable="NO"}
 : ${dspam_debug="NO"}
-: ${dspam_pidfile:-/var/run/dspam.pid}
+: ${dspam_pidfile:-/var/run/dspam/dspam.pid}
+: ${dspam_user="%%DSPAM_OWNER%%"}
+: ${dspam_group="%%DSPAM_GROUP%%"}
 
 command=%%PREFIX%%/bin/${name}
 
diff --git a/mail/dspam/files/patch-src__Makefile.in b/mail/dspam/files/patch-src__Makefile.in
index d4c6c5894e95..42e057050c4e 100644
--- a/mail/dspam/files/patch-src__Makefile.in
+++ b/mail/dspam/files/patch-src__Makefile.in
@@ -1,6 +1,6 @@
---- src/Makefile.in.orig	2014-05-14 17:35:13.000000000 -0300
-+++ src/Makefile.in	2014-05-14 17:35:48.000000000 -0300
-@@ -1117,11 +1117,11 @@
+--- src/Makefile.in.orig        2012-04-23 17:53:45 UTC
++++ src/Makefile.in
+@@ -1249,11 +1249,11 @@ install-exec-hook:
  		mkdir -p $(DESTDIR)$(sysconfdir); \
  		chmod 755 $(DESTDIR)$(sysconfdir); \
  	fi
diff --git a/mail/dspam/files/patch-src__client.c b/mail/dspam/files/patch-src__client.c
new file mode 100644
index 000000000000..e960ce553c41
--- /dev/null
+++ b/mail/dspam/files/patch-src__client.c
@@ -0,0 +1,22 @@
+--- src/client.c.orig   2012-04-11 18:48:33 UTC
++++ src/client.c
+@@ -304,7 +304,7 @@ int client_connect(AGENT_CTX *ATX, int f
+   struct sockaddr_un saun;
+   int sockfd;
+   int yes = 1;
+-  int port = 24;
++  int port = 2424;
+   int domain = 0;
+   int addr_len;
+   char *host;
+--- src/client.c.orig   2012-04-11 18:48:33 UTC
++++ src/client.c
+@@ -304,7 +304,7 @@ int client_connect(AGENT_CTX *ATX, int f
+   struct sockaddr_un saun;
+   int sockfd;
+   int yes = 1;
+-  int port = 24;
++  int port = 2424;
+   int domain = 0;
+   int addr_len;
+   char *host;
diff --git a/mail/dspam/files/patch-src__daemon.c b/mail/dspam/files/patch-src__daemon.c
new file mode 100644
index 000000000000..3fee692297c2
--- /dev/null
+++ b/mail/dspam/files/patch-src__daemon.c
@@ -0,0 +1,22 @@
+--- src/daemon.c.orig   2012-04-11 18:48:33 UTC
++++ src/daemon.c
+@@ -97,7 +97,7 @@ int daemon_listen(DRIVER_CTX *DTX) {
+   int domain = 0;		/* listening on domain socket? */
+   int listener;			/* listener fd */
+   int i;
+-  int port = 24, queue = 32;	/* default port and queue size */
++  int port = 2424, queue = 32;	/* default port and queue size */
+ 
+   signal(SIGPIPE, SIG_IGN);
+   signal(SIGINT,  process_signal);
+--- src/daemon.c.orig   2012-04-11 18:48:33 UTC
++++ src/daemon.c
+@@ -97,7 +97,7 @@ int daemon_listen(DRIVER_CTX *DTX) {
+   int domain = 0;		/* listening on domain socket? */
+   int listener;			/* listener fd */
+   int i;
+-  int port = 24, queue = 32;	/* default port and queue size */
++  int port = 2424, queue = 32;	/* default port and queue size */
+ 
+   signal(SIGPIPE, SIG_IGN);
+   signal(SIGINT,  process_signal);
diff --git a/mail/dspam/files/patch-src__dspam.c b/mail/dspam/files/patch-src__dspam.c
deleted file mode 100644
index 9234ef2a52cb..000000000000
--- a/mail/dspam/files/patch-src__dspam.c
+++ /dev/null
@@ -1,11 +0,0 @@
---- src/dspam.c.orig	2012-04-11 11:48:33.000000000 -0700
-+++ src/dspam.c	2014-09-23 19:43:09.688194417 -0700
-@@ -4194,7 +4194,7 @@
- 
-     pidfile = _ds_read_attribute(agent_config, "ServerPID");
-     if ( pidfile == NULL )
--      pidfile = "/var/run/dspam/dspam.pid";
-+      pidfile = "/var/run/dspam.pid";
- 
-     if (pidfile) {
-       FILE *file;
diff --git a/mail/dspam/files/patch-src__dspam.conf.in b/mail/dspam/files/patch-src__dspam.conf.in
index b3c48fb130bd..cc9897cff25c 100644
--- a/mail/dspam/files/patch-src__dspam.conf.in
+++ b/mail/dspam/files/patch-src__dspam.conf.in
@@ -1,6 +1,6 @@
---- src/dspam.conf.in.orig	2014-09-18 00:33:02.874722063 -0700
-+++ src/dspam.conf.in	2014-09-18 00:41:49.434685786 -0700
-@@ -56,6 +56,7 @@
+--- src/dspam.conf.in.orig	2012-04-11 18:48:33 UTC
++++ src/dspam.conf.in
+@@ -56,6 +56,7 @@ TrustedDeliveryAgent "@delivery_agent@"
  # necessary if you plan on allowing untrusted processing.
  #
  #UntrustedDeliveryAgent "/usr/bin/procmail -d %u"
@@ -8,7 +8,7 @@
  
  #
  # SMTP or LMTP Delivery: Alternatively, you may wish to use SMTP or LMTP
-@@ -350,7 +351,7 @@
+@@ -350,7 +351,7 @@ AllowOverride notifications
  # Storage driver settings: Specific to a particular storage driver. Uncomment
  # the configuration specific to your installation, if applicable.
  #
@@ -17,7 +17,7 @@
  #MySQLPort		
  #MySQLUser		dspam
  #MySQLPass		changeme
-@@ -361,7 +362,7 @@
+@@ -361,7 +362,7 @@ AllowOverride notifications
  # If you are using replication for clustering, you can also specify a separate
  # server to perform all writes to.
  #
@@ -26,7 +26,7 @@
  #MySQLWritePort		
  #MySQLWriteUser		dspam
  #MySQLWritePass		changeme
-@@ -406,7 +407,7 @@
+@@ -406,7 +407,7 @@ AllowOverride notifications
  # in /var/run/postgresql/.s.PGSQL.5432 specify just the path where the socket
  # resits (without .s.PGSQL.5432).
  
@@ -35,12 +35,24 @@
  #PgSQLPort		
  #PgSQLUser		dspam
  #PgSQLPass		changeme
-@@ -845,14 +846,14 @@
+@@ -807,9 +808,9 @@ Opt out
+ # interfaces.
+ #
+ #ServerHost		127.0.0.1
+-#ServerPort		24
++#ServerPort		2424
+ #ServerQueueSize	32
+-#ServerPID		/var/run/dspam.pid
++#ServerPID		/var/run/dspam/dspam.pid
+ 
+ #
+ # ServerMode specifies the type of LMTP server to start. This can be one of:
+@@ -845,18 +846,18 @@ Opt out
  # you are running the client and server on the same machine, as it eliminates
  # much of the bandwidth overhead.
  #
 -#ServerDomainSocketPath	"/tmp/dspam.sock"
-+#ServerDomainSocketPath	"/var/run/dspam.sock"
++#ServerDomainSocketPath	"/var/run/dspam/dspam.sock"
  
  #
  # Client Mode: If you are running DSPAM in client/server mode, uncomment and
@@ -48,7 +60,12 @@
  # a domain socket.
  #
 -#ClientHost	/tmp/dspam.sock
-+#ClientHost	/var/run/dspam.sock
++#ClientHost	/var/run/dspam/dspam.sock
  #ClientIdent	"secret@Relay1"
  #
  #ClientHost	127.0.0.1
+-#ClientPort	24
++#ClientPort	2424
+ #ClientIdent	"secret@Relay1"
+ 
+ # --- RABL ---