our ( $EXIT_STATUS, $WARNINGS );
our @MODULES = (
{
'module' => 'Digest::SHA',
'version' => 0,
'desc' => 'The Digest::SHA module is used as a cryptographic hash for some
tests and the Bayes subsystem. It is also required by the DKIM plugin.',
},
{
'module' => 'HTML::Parser',
'version' => '3.43',
'desc' => 'HTML is used for an ever-increasing amount of email so this dependency
is unavoidable. Run "perldoc -q html" for additional information.',
},
{
module => 'Net::DNS',
version => '1.10',
desc => 'Used for all DNS-based tests (SBL, XBL, SpamCop, DSBL, etc.),
perform MX checks, and is also used when manually reporting spam to
SpamCop.',
},
{
'module' => 'NetAddr::IP',
'version' => '4.010',
'desc' => "Used in determining which DNS tests are to be done for each of
the header's received fields, used by AWL plugin for extracting network
address from an IPv6 addresses (and from IPv4 address on nondefault mask),
and used by DNSxL rules for assembling DNS queries out of IPv6 addresses.
4.010 fixes an issue where NetAddr::IP::full6() causes a full6.al include
error.
Avoid versions 4.034 to 4.035 and 4.045 to 4.054",
},
{
module => 'Time::HiRes',
version => 0,
desc => 'Used by asynchronous DNS lookups to operate timeouts with subsecond
precision and to report processing times accurately.'
},
{
module => 'Archive::Tar',
version => '1.23',
desc => 'The "sa-update" program requires this module to access tar update
archive files.',
},
{
module => 'IO::Zlib',
version => '1.04',
desc => 'The "sa-update" program requires this module to access compressed
update archive files.',
},
);
our @OPTIONAL_MODULES = (
{
'module' => 'Digest::SHA1',
'version' => 0,
'desc' => 'The Digest::SHA1 module is still required by the Razor2 plugin.
Other modules prefer Digest::SHA, which is a Perl base module.',
},
{
module => 'MIME::Base64',
version => 0,
desc => 'This module is highly recommended to increase the speed with which
Base64 encoded messages/mail parts are decoded.',
},
{
module => 'DB_File',
version => 0,
desc => 'Used to store data on-disk, for the Bayes-style logic and
auto-welcomelist. *Much* more efficient than the other standard Perl
database packages. Strongly recommended.',
},
{
module => 'Net::SMTP',
alt_name => 'libnet',
version => 0,
desc => 'Used when manually reporting spam to SpamCop with "spamassassin -r".',
},
{
module => 'Net::LibIDN2',
version => 0,
desc => "Newer version of the optional Net::LibIDN module.
Provides mapping between Internationalized Domain Names (IDN) in
Unicode and ASCII-compatible encoding (ACE) for use in DNS and comparisions. The module is optional, but without it Unicode IDN names found in mail will
not be suitable for DNS queries and welcome/blocklisting.",
},
{
module => 'Net::LibIDN',
version => 0,
desc => "Provides mapping between Internationalized Domain Names (IDN) in
Unicode and ASCII-compatible encoding (ACE) for use in DNS and comparisions. The module is optional, but without it Unicode IDN names found in mail will
not be suitable for DNS queries and welcome/blocklisting.",
},
{
module => 'Mail::SPF',
version => 0,
desc => 'Used to check DNS Sender Policy Framework (SPF) records to fight email
address forgery and make it easier to identify spams.',
},
{
module => 'MaxMind::DB::Reader',
version => 0,
desc => 'Used by the RelayCountry plugin (not enabled by default) to
determine the domain country codes of each relay in the path of an email.
Also used by the URILocalBL plugin (not enabled by default) to provide ISP
and Country code based filtering.',
},
{
module => 'MaxMind::DB::Reader::XS',
version => 0,
desc => 'Recommended much faster version of the optional MaxMind::DB::Reader module,
used by RelayCountry / URILocalBL plugins.',
},
{
module => 'Geo::IP',
version => 0,
desc => 'Used by the RelayCountry plugin (not enabled by default) to
determine the domain country codes of each relay in the path of an email.
Also used by the URILocalBL plugin (not enabled by default) to provide ISP
and Country code based filtering.',
},
{
module => 'IP::Country::DB_File',
version => 0,
desc => 'Used by the RelayCountry plugin (not enabled by default) to
determine the domain country codes of each relay in the path of an email.
Also used by the URILocalBL plugin (not enabled by default) to provide
Country code based filtering.',
},
{
module => 'IP::Country::Fast',
version => 0,
desc => 'Used by the RelayCountry plugin (not enabled by default) to
determine the domain country codes of each relay in the path of an email.
Also used by the URILocalBL plugin (not enabled by default) to provide
Country code based filtering.',
},
{
module => 'Razor2::Client::Agent',
alt_name => 'Razor2',
version => '2.61',
desc => 'Used to check message signatures against Vipul\'s Razor collaborative
filtering network. Razor has a large number of dependencies on CPAN
modules. Feel free to skip installing it, if this makes you nervous;
SpamAssassin will still work well without it.
More info on installing and using Razor can be found
},
{
module => 'IO::Socket::IP',
version => 0.09,
desc => 'Installing this module is recommended if spamd is to listen
on IPv6 sockets or if DNS queries should go to an IPv6 name server.
If IO::Socket::IP is not available, using an older module
IO::Socket::INET6 will be attempted, and in its absence the support
for IPv6 will not be available. Some plugins and underlying
modules may also prefer IO::Socket::IP over IO::Socket::INET6.',
},
{
module => 'IO::Socket::INET6',
version => 0,
desc => 'This module is a deprecated alternative to IO::Socket::IP.
Spamd, as well some underlying modules, will fall back to using
IO::Socket::INET6 if IO::Socket::IP is unavailable. One or the other
module is required to support IPv6 (e.g. in spamd/spamc protocol,
for DNS lookups or in plugins like DCC). Some plugins or underlying
if IO::Socket::IP is available.',
},
{
module => 'IO::Socket::SSL',
version => 1.76,
desc => 'If you wish to use SSL encryption to communicate between spamc and spamd (the --ssl option to spamd), you need to install this
module. (You will need the OpenSSL libraries and use the ENABLE_SSL="yes" argument to Makefile.PL to build and run an SSL
compatible spamc.)',
},
{
module => 'Compress::Zlib',
version => 0,
desc => 'If you wish to use the optional zlib compression for communication between spamc and spamd (the -z option to spamc), you need to install
this module.',
},
{
module => 'Mail::DKIM',
version => '0.31',
recommended_min_version => '0.37',
desc => 'If this module is installed and the DKIM plugin is enabled,
SpamAssassin will perform DKIM signature verification when DKIM-Signature
header fields are present in the message headers, and check ADSP rules
(e.g. anti-phishing) when a mail message does not contain a valid author
domain signature. Version 0.37 or later is needed to fully support ADSP.'
},
{
module => 'DBI',
version => 0,
desc => 'If you intend to use SpamAssassin with an SQL database backend for user configuration data, Bayes storage, or other storage, you will need
to have these installed; both the basic DBI module and the DBD driver for
your database.',
},
{
module => 'DBD::SQLite',
version => 1.59,
desc => 'If you intend to use SpamAssassin with SQLite as the SQL database backend for the DBI module, this is the DBD driver required. Version 1.59_01
or later is needed to provide SQLite 3.25.0 or later.',
},
{
module => 'LWP::Protocol::https',
version => 0,
desc => 'The "sa-update" program can use this module to make HTTPS requests. Also used by DecodeShortURLs plugin.',
},
{
module => 'LWP::UserAgent',
version => 0,
desc => 'The "sa-update" program can use this module to make HTTP requests. Also used by DecodeShortURLs plugin.',
},
{
module => 'Encode::Detect::Detector',
version => 0,
desc => 'If normalize_charset decoding of message parts from their
declared character set into Unicode fails, the Encode::Detect::Detector
module (when available) may be consulted to provide an alternative guess
on a character set of a problematic message part.',
},
{
module => 'Net::Patricia',
version => 1.16,
desc => 'If this module is available, it will be used for IP address
lookups in tables internal_networks, trusted_networks, msa_networks and
uri_local_cidr. Recommended when a number of entries in these tables is
large, i.e. in hundreds or thousands. However, in case of overlapping
(or conflicting) networks in these tables, lookup results may differ as
Net::Patricia finds a tightest-matching entry, while a sequential
NetAddr::IP search finds a first-matching entry. So when overlapping
network ranges are given, specifying more specific subnets (longest
netmask) first, followed by wider subnets ensures predictable results.',
},
{
module => 'Net::CIDR::Lite',
version => 0,
desc => 'If this module is available, then dash separated IP range format
"192.168.1.1-192.168.255.255" can be used for internal_networks,
trusted_networks, msa_networks and uri_local_cidr.',
},
{
module => 'Net::DNS::Nameserver',
version => 0,
desc => 'Net::DNS:Nameserver is typically part of Net::DNS. However, RHEL/
CentOS systems may install it using separate packages. Because of this, we
check for both Net::DNS and Net::DNS::Nameserver. However,
Net::DNS::Nameserver is only used in make test as of June 2014.',
},
{
module => 'BSD::Resource',
version => 0,
desc => 'BSD::Resource provides BSD process resource limit and priority
functions. It is used by the optional ResourceLimits Plugin.',
},
{
module => 'Archive::Zip',
version => 0,
desc => 'Archive::Zip provides an interface to ZIP archive files.
It is used by the optional OLEVBMacro Plugin.',
},
{
module => 'IO::String',
version => 0,
desc => 'IO::String emulates file interface for in-core strings.
It is used by the optional OLEVBMacro Plugin.',
},
{
module => 'Email::Address::XS',
version => 0,
desc => 'Email::Address::XS is used to parse email addresses from header
fields like To/From/cc, per RFC 5322. If installed, it may additionally
be used by internal parser to process complex lists.',
},
{
module => 'Mail::DMARC',
version => 0,
desc => 'Mail::DMARC is used by the optional DMARC plugin.',
},
{
module => 'Devel::Cycle',
version => 0,
desc => 'Devel::Cycle is used in make test in tests that will be harmelessly
skipped if it is not available',
},
{
module => 'Text::Diff',
version => 0,
desc => 'Text::Diff is used in make test in tests that will be harmelessly
skipped if it is not available',
},
);
our @BINARIES = ();
my $lwp_note = " Sa-update will use curl, wget or fetch to download updates. Because perl module LWP does not support IPv6, sa-update as of
3.4.0 will use these standard programs to download rule updates leaving LWP as a fallback if none of the programs are found.
*IMPORTANT NOTE*: You only need one of these programs
It's only a concern if you are warned about all 3
i.e. (curl, wget & fetch) missing";
our @OPTIONAL_BINARIES = (
{
binary => 'gpg',
version => '0',
recommended_min_version => '1.0.6',
version_check_params => '--version',
version_check_regex => 'gpg \(GnuPG\) ([\d\.]*)',
desc => 'The "sa-update" program requires this executable to verify
encryption signatures. It is not recommended, but you can use
"sa-update" with the --no-gpg to skip the verification. ',
},
{
binary => 'wget',
version => '0',
recommended_min_version => '1.8.2',
version_check_params => '--version',
version_check_regex => 'Gnu Wget ([\d\.]*)',
desc => $lwp_note,
},
{
binary => 'curl',
version => '0',
recommended_min_version => '7.2.14',
version_check_params => '--version',
version_check_regex => 'curl ([\d\.]*)',
desc => $lwp_note,
},
{
binary => 're2c',
version => '0',
desc => 'The "re2c" program is used by sa-compile to compile rules
for regular expressions to speed up scanning.',
}
);
if ($^O eq 'freebsd') {
push @OPTIONAL_BINARIES, {
binary => 'fetch',
version => '0',
desc => $lwp_note,
};
}
our @NETWORK_TESTS = (
{
'name' => 'txttcp.spamassassin.org',
'type' => 'TXT',
'min_answers' => 10,
},
{
'name' => 'multihomed.dnsbltest.spamassassin.org',
'type' => 'A',
'min_answers' => 4,
},
);
sub debug_diagnostics {
my $out = "diag: perl platform: $] $^O\n";
my $prefix = '';
foreach my $moddef (@MODULES, 'optional', @OPTIONAL_MODULES) {
if ($moddef eq 'optional') { $prefix = 'optional '; next; }
my $module = $moddef->{module};
my $modver;
if (eval ' require '.$module.'; $modver = $'.$module.'::VERSION; 1;')
{
$modver ||= '(undef)';
$out .= "${prefix}module installed: $module, version $modver\n";
} else {
$out .= "${prefix}module not installed: $module ('require' failed)\n";
}
}
return $out;
}
sub long_diagnostics {
my ($missing_modules_are_continuable) = @_;
my $summary = "";
print "checking module dependencies and their versions...\n";
$EXIT_STATUS = 0;
$WARNINGS = 0;
foreach my $moddef (@MODULES) {
try_module(1, $moddef, \$summary);
}
foreach my $moddef (@OPTIONAL_MODULES) {
try_module(0, $moddef, \$summary);
}
if ($missing_modules_are_continuable) {
$WARNINGS += $EXIT_STATUS;
$EXIT_STATUS = 0;
}
print "checking binary dependencies and their versions...\n";
foreach my $bindef (@BINARIES) {
try_binary(0, $bindef, \$summary);
}
foreach my $bindef (@OPTIONAL_BINARIES) {
try_binary(0, $bindef, \$summary);
}
print "dependency check complete...\n\n";
print $summary;
if ($EXIT_STATUS || $WARNINGS) {
print "\nwarning: some functionality may not be available,\n".
"please read the above report before continuing!\n\n";
}
return $EXIT_STATUS;
}
sub try_binary {
my ($required, $bindef, $summref) = @_;
my $binary_version;
my $installed = 0;
my $version_meets_required = 1;
my $version_meets_recommended = 1;
my $required_version = $bindef->{version};
my $recommended_version = $bindef->{recommended_min_version};
my $errtype;
my $command = Mail::SpamAssassin::Util::find_executable_in_env_path($bindef->{'binary'});
if (defined $command) {
if (defined $bindef->{'version_check_params'}) {
$command .= " ".$bindef->{'version_check_params'};
}
my $output = `$command 2>&1`;
if (defined $output && $output ne '') {
$installed = 1;
if (defined $bindef->{'version_check_regex'}) {
$output =~ m/$bindef->{'version_check_regex'}/;
$binary_version = $1;
}
if (defined $required_version) {
$version_meets_required = test_version($binary_version, $required_version);
}
if (defined $recommended_version) {
$version_meets_recommended = test_version($binary_version, $recommended_version);
}
}
}
unless (defined $errtype) {
if (!$installed) {
$errtype = "is not installed";
if ($required_version || $recommended_version) {
$errtype .= ",\n";
if ($required_version) {
$errtype .= "minimum required version is $required_version";
}
if ($recommended_version) {
$errtype .= ", " if $required_version;
$errtype .= "recommended version is $recommended_version or higher";
}
}
$errtype .= ".";
} elsif (!$version_meets_required) {
$errtype = "is installed ($binary_version),\nbut is below the ".
"minimum required version $required_version,\n".
"some functionality will not be available.";
$errtype .= "\nRecommended version is $recommended_version or higher."
if $recommended_version;
} elsif (!$version_meets_recommended) {
$errtype = "is installed ($binary_version),\nbut is below the ".
"recommended version $recommended_version,\n".
"some functionality may not be available,\n".
"and some of the tests in the SpamAssassin test suite may fail.";
}
}
if (defined $errtype) {
my $pretty_name = $bindef->{alt_name} || $bindef->{binary};
my $desc = $bindef->{desc}; $desc =~ s/^(\S)/ $1/gm;
my $pretty_min_version =
!$required_version ? '' : "(version $required_version) ";
print "\n", ("*" x 75), "\n";
if ($errtype =~ /unknown/i) {
$WARNINGS++;
print "NOTE: the optional $pretty_name binary $errtype\n";
$$summref .= "optional binary status could not be determined: $pretty_name\n";
}
elsif ($required) {
$EXIT_STATUS++;
warn "\aERROR: the required $pretty_name binary $errtype\n";
if (!$installed) {
$$summref .= "REQUIRED binary missing or nonfunctional: $pretty_name\n";
} elsif (!$version_meets_required) {
$$summref .= "REQUIRED binary out of date: $pretty_name\n";
} else {
$$summref .= "REQUIRED binary older than recommended: $pretty_name\n";
}
}
else {
$WARNINGS++;
print "NOTE: the optional $pretty_name binary $errtype\n";
if (!$installed) {
$$summref .= "optional binary missing or nonfunctional: $pretty_name\n";
} elsif (!$version_meets_required) {
$$summref .= "optional binary out of date: $pretty_name\n";
} else {
$$summref .= "optional binary older than recommended: $pretty_name\n";
}
}
print "\n".$desc."\n\n";
}
}
sub test_version {
my ($version1, $version2) = @_;
my (@version1, @version2);
my ($count1, $count2, $i, $fail);
if (!defined($version1) or !defined($version2) or
$version1 !~ /^[0-9][0-9.]*\z/ or $version2 !~ /^[0-9][0-9.]*\z/) {
return -1;
}
$fail = 0;
$_ = $version1;
$count1 = (s/\.//g);
$_ = $version2;
$count2 = (s/\.//g);
if ($count1 != $count2) {
if ($count1 > $count2) {
for ($i = 0; $i < ($count1-$count2); $i++) {
$version2 .= '.0';
}
} else {
for ($i = 0; $i < ($count2-$count1); $i++) {
$version1 .= '.0';
}
}
}
@version1 = split(/\./,$version1);
@version2 = split(/\./,$version2);
for ($i = 0; $i < scalar(@version1); $i++) {
if ($version1[$i] < $version2[$i]) {
$fail++;
$i = scalar(@version1);
} elsif ($version1[$i] == $version2[$i]) {
} else {
$i = scalar(@version1);
}
}
return ($fail == 0);
}
sub try_module {
my ($required, $moddef, $summref) = @_;
my $module_version;
my $installed = 0;
my $version_meets_required = 0;
my $version_meets_recommended = 0;
my $required_version = $moddef->{version};
my $recommended_version = $moddef->{recommended_min_version};
if (eval "use $moddef->{module} $required_version; 1") {
$installed = 1; $version_meets_required = 1;
} else {
my $eval_stat;
if (eval "use $moddef->{module}; 1") {
$installed = 1;
} else {
$eval_stat = $@ ne '' ? $@ : "errno=$!"; chomp $eval_stat;
};
}
if ($installed) {
eval { $module_version = $moddef->{module}->VERSION };
if (!$recommended_version ||
($module_version && version->parse($module_version) >= version->parse($recommended_version))) {
$version_meets_recommended = 1;
}
$module_version = '' if !defined $module_version;
}
my $errtype;
if (!$installed) {
$errtype = "is not installed";
if ($required_version || $recommended_version) {
$errtype .= ",\n";
if ($required_version) {
$errtype .= "minimum required version is $required_version";
}
if ($recommended_version) {
$errtype .= ", " if $required_version;
$errtype .= "recommended version is $recommended_version or higher";
}
}
$errtype .= ".";
} elsif (!$version_meets_required) {
$errtype = "is installed ($module_version),\nbut is below the ".
"minimum required version $required_version,\n".
"some functionality will not be available.";
$errtype .= "\nRecommended version is $recommended_version or higher."
if $recommended_version;
} elsif (!$version_meets_recommended) {
$errtype = "is installed ($module_version),\nbut is below the ".
"recommended version $recommended_version,\n".
"some functionality may not be available,\n".
"and some of the tests in the SpamAssassin test suite may fail.";
}
if (defined $errtype) {
my $pretty_name = $moddef->{alt_name} || $moddef->{module};
my $desc = $moddef->{desc}; $desc =~ s/^(\S)/ $1/gm;
my $pretty_min_version =
!$required_version ? '' : "(version $required_version) ";
print "\n", ("*" x 75), "\n";
if ($required) {
$EXIT_STATUS++;
warn "\aERROR: the required $pretty_name module $errtype\n";
if (!$installed) {
$$summref .= "REQUIRED module missing: $pretty_name\n";
} elsif (!$version_meets_required) {
$$summref .= "REQUIRED module out of date: $pretty_name\n";
} else {
$$summref .= "REQUIRED module older than recommended: $pretty_name\n";
}
}
else {
$WARNINGS++;
print "NOTE: the optional $pretty_name module $errtype\n";
if (!$installed) {
$$summref .= "optional module missing: $pretty_name\n";
} elsif (!$version_meets_required) {
$$summref .= "optional module out of date: $pretty_name\n";
} else {
$$summref .= "optional module older than recommended: $pretty_name\n";
}
}
print "\n".$desc."\n\n";
}
}
1;