Bug 177401 - Review Request: clamsmtp - SMTP filter for ClamAV
Review Request: clamsmtp - SMTP filter for ClamAV
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Aurelien Bompard
Fedora Package Reviews List
Depends On:
  Show dependency treegraph
Reported: 2006-01-10 08:10 EST by Dominik 'Rathann' Mierzejewski
Modified: 2007-11-30 17:11 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-06-04 21:54:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Change default port to make it work with SELinux (1.48 KB, patch)
2006-04-09 15:06 EDT, Aurelien Bompard
no flags Details | Diff
README for SELinux (830 bytes, text/plain)
2006-04-09 15:08 EDT, Aurelien Bompard
no flags Details

  None (edit)
Description Dominik 'Rathann' Mierzejewski 2006-01-10 08:10:40 EST
Spec Name or Url: http://rpm.greysector.net/extras/clamsmtp.spec
SRPM Name or Url: http://rpm.greysector.net/extras/clamsmtp-1.6-1.src.rpm
ClamSMTP is an SMTP filter that checks for viruses using ClamAV.
It aims to be lightweight, reliable, and simple.
Comment 1 Tim Jackson 2006-01-10 10:04:49 EST
(NB I am not a reviewer, these are just comments)

1. BuildRoot should probably be:
%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

2. $rpm -ivh clamsmtp-1.6-1.i386.rpm
Preparing...                ########################################### [100%]
   1:clamsmtp               ########################################### [100%]
error reading information on service clamsmtpd: No such device
error: %post(clamsmtp-1.6-1.i386) scriptlet failed, exit status 1

This is because the clamsmtpd init script is ending up in a subdirectory:
$ls -ld /etc/init.d/clamsmtpd
drwxr-xr-x  2 root root 4096 Jan 10 14:37 /etc/init.d/clamsmtpd

fix to the spec:

< %{__install} -d %{buildroot}%{_initrddir}/clamsmtpd
> %{__install} -d %{buildroot}%{_initrddir}

3. rpmlint says:
E: clamsmtp non-standard-gid /etc/clamsmtpd.conf clamav

This is tricky. clamsmtp does require clamav, which creates the clamav user in
its %post, but that seems a bit fragile in case the clamav package changes.
Also, the "clamav" user in the clamav package owns the virus databases, so
having daemons run as the same user is not a good idea. It would probably be
better for the package to create its own "clamsmtp" user to run as and own the

W: clamsmtp no-reload-entry /etc/rc.d/init.d/clamsmtpd

from "man clamsmtpd" it does not have a reload signal. 

W: clamsmtp incoherent-init-script-name clamsmtpd

It would probably be better to rename this to "clamsmtp", to match the package
name. Ditto the init file refers to "ClamSmtpd" which should perhaps be "clamsmtp"

4. I wonder if /etc/clamsmtpd.conf should be mode 0640 rather than 0644, for

5. the %doc "scripts/clamsmtpd.sh" can probably be removed, it seems to just be
a crude init script.

other than that, a few things I checked:
- Naming looks OK
- license is OK (BSD)
- license in spec matches package
- license is packaged in %doc
- spec file is in en_US
- spec is legible
- source matches upstream
- package builds
- package superficially works (it runs)
- ldconfig not necessary
- no locales
- no relocation
- no directories created and therefore needing ownership
- permissions look ok
- %clean is present
- package uses macros
- %doc is docs. scripts/virus_action.sh is an example, so that's OK.
- scriptlets look sane, with Requires(post) and (postun)
Comment 2 Dominik 'Rathann' Mierzejewski 2006-01-12 18:53:22 EST
1. Fixed.
2. Fixed.
3. for now I just left it root-owned.

4. Naming is tricky, because the software (and the tarball) is called clamsmtp
by its author, even though the daemon is clamsmtpd and the config file is
clamsmtpd.conf. What should I do then?

5. Fixed.

Thanks for the comments!
Comment 3 Mike McGrath 2006-02-13 16:14:59 EST
you should post the SPEC and SRPM every comment when possible.  Also increment
the revision number every time you post.

Also, postun should require /sbin/service not /sbin/chkconfig
Comment 4 Dominik 'Rathann' Mierzejewski 2006-04-02 17:45:04 EDT
Fixed. http://rpm.greysector.net/extras/clamsmtp-1.6-2.src.rpm (spec as above)
Comment 5 Aurelien Bompard 2006-04-09 15:06:15 EDT
Created attachment 127527 [details]
Change default port to make it work with SELinux

I have two comments :
 - "condrestart" does not exist in the init script, and you use this option in
the scriptlets. You'll have to add it to the init script.
 - The setup with postfix explained on clamsmtpd's website will not work with
SELinux enabled (and it's the default).
Postfix is not allowed to listen on port 10026 as requested on
http://memberwebs.com/nielsen/software/clamsmtp/postfix.html but it may listen
on port 10025 (this is the default for amavis). I think the best solution would
be to have clamsmtp listen on port 10024, like amavis, and forward mails to
postfix on port 10025.
Two ways to do this:
 1. only patch the config file and enable the option to have it listen on the
non-default port
 2. make port 10024 the default.

Here's a patch that does (2). Doing (1) has its benefits too, since it avoids
patching the source code.

In any case, a README.Fedora is a must-have to explain what's going on. I've
written one, I'll attach it right afterwards.
add selinux patch and readme
Comment 6 Aurelien Bompard 2006-04-09 15:08:41 EDT
Created attachment 127528 [details]
README for SELinux

Please install this file as README.Fedora. You can edit it all you want, I'm
not a native english speaker and there may be mistakes.

Both options are fine to me, but if you choose to only patch the config file,
make sure you edit this readme accordingly.
Comment 7 Michael Schwendt 2006-05-29 07:22:00 EDT
Dropping FE-NEEDSPONSOR. Tom Callaway offered sponsorship in bug 177235
(and bugzilla change-several-bugs-at-once feature requires me to add/edit
Comment 8 Jason Tibbitts 2007-05-23 22:05:28 EDT
It's been about a year since anything happened here.  I'll fix up the flags but
if this submission isn't going anywhere then this ticket should be closed, and
indeed I'll close it if there's no response soon.

Note You need to log in before you can comment on or make changes to this bug.