2012-04-29 10:35:59 +02:00
#!perl -w
2004-09-25 13:40:43 +02:00
=head1 NAME
2012-05-21 23:30:11 +02:00
check_basicheaders
2004-09-25 13:40:43 +02:00
=head1 DESCRIPTION
2012-05-21 23:30:11 +02:00
Checks for missing or empty values in the From or Date headers.
2004-09-25 13:40:43 +02:00
2012-05-21 23:30:11 +02:00
Optionally test if the Date header is too many days in the past or future. If
I<future> or I<past> are not defined, they are not tested.
2004-09-25 13:40:43 +02:00
2012-05-23 23:12:26 +02:00
If the remote IP is whitelisted, header validation is skipped.
2004-09-25 13:40:43 +02:00
=head1 CONFIGURATION
2012-05-21 23:30:11 +02:00
The following optional settings exist:
=head2 future
The number of days in the future beyond which messages are invalid.
check_basicheaders [ future 1 ]
=head2 past
The number of days in the past beyond which a message is invalid. The Date header is added by the MUA, so there are many valid reasons a message may have an older date in the header. It could have been delayed by the client, the sending server, connectivity problems, recipient server problem, recipient server configuration, etc. The I<past> setting should take those factors into consideration.
I would be surprised if a valid message ever had a date header older than a week.
check_basicheaders [ past 5 ]
2004-09-25 13:40:43 +02:00
2012-05-21 23:30:11 +02:00
=head2 reject
Determine if the connection is denied. Use the I<reject 0> option when first enabling the plugin, and then watch your logs to see what would have been rejected. When you are no longer concerned that valid messages will be rejected, enable with I<reject 1>.
check_basicheaders [ reject 0 | 1 ]
Default policy is to reject.
2012-05-13 05:27:49 +02:00
=head2 reject_type
2004-09-25 13:40:43 +02:00
2012-05-13 05:27:49 +02:00
Whether to issue a permanent or temporary rejection. The default is permanent.
2004-09-25 13:40:43 +02:00
2012-05-13 05:27:49 +02:00
check_basicheaders reject_type [ temp | perm ]
2004-09-25 13:40:43 +02:00
2012-05-21 23:30:11 +02:00
Using a temporary rejection is a cautious way to enable rejections. It allows an administrator to watch for a trial period and assure no valid messages are rejected. If a deferral of valid mail is noticed, I<reject 0> can be set to permit the deferred message to be delivered.
Default policy is a permanent rejection.
=head2 loglevel
Adjust the quantity of logging for this plugin. See docs/logging.pod
2004-09-25 13:40:43 +02:00
2012-05-13 05:27:49 +02:00
=head1 AUTHOR
2004-09-25 13:40:43 +02:00
2012-05-13 05:27:49 +02:00
2004 - Written by Jim Winstead Jr.
2004-09-25 13:40:43 +02:00
2012-05-13 05:27:49 +02:00
2012 - added logging, named arguments, reject_type, tests - Matt Simerson
2012-05-21 23:30:11 +02:00
- deprecate days for I<past> & I<future>. Improved POD
2004-09-25 13:40:43 +02:00
2012-05-13 05:27:49 +02:00
=head1 LICENSE
2004-09-25 13:40:43 +02:00
2012-05-13 05:27:49 +02:00
Released to the public domain, 26 March 2004.
2004-09-25 13:40:43 +02:00
2012-05-13 05:27:49 +02:00
=cut
2004-09-25 13:40:43 +02:00
2012-05-21 23:30:11 +02:00
use strict;
use warnings;
use Qpsmtpd::Constants;
2012-05-13 05:27:49 +02:00
use Date::Parse qw(str2time);
2004-09-25 13:40:43 +02:00
2012-05-13 05:27:49 +02:00
sub register {
my ($self, $qp, @args) = @_;
if ( @args == 1 ) {
$self->{_args}{days} = $args[0];
}
elsif ( @args % 2 ) {
$self->log(LOGWARN, "invalid arguments");
}
else {
$self->{_args} = { @args };
};
2012-05-23 23:56:06 +02:00
# provide backwards comptibility with the previous unnamed 'days' argument
2012-05-21 23:30:11 +02:00
if ( $self->{_args}{days} ) {
if ( ! defined $self->{_args}{future} ) {
$self->{_args}{future} = $self->{_args}{days};
};
if ( ! defined $self->{_args}{past} ) {
$self->{_args}{past} = $self->{_args}{days};
};
};
2012-05-13 05:27:49 +02:00
}
2004-09-25 13:40:43 +02:00
2012-05-13 05:27:49 +02:00
sub hook_data_post {
my ($self, $transaction) = @_;
my $deny = $self->{_args}{reject_type} eq 'temp' ? DENYSOFT : DENY;
2012-05-21 23:30:11 +02:00
$deny = DECLINED if defined $self->{_args}{reject} && ! $self->{_args}{reject};
2012-05-13 05:27:49 +02:00
if ( $transaction->data_size == 0 ) {
$self->log(LOGINFO, "fail: no data");
2012-05-21 23:30:11 +02:00
return ($deny, "You must send some data first");
2012-05-13 05:27:49 +02:00
};
my $header = $transaction->header or do {
$self->log(LOGINFO, "fail: no headers");
return ($deny, "missing header");
};
2012-05-23 23:12:26 +02:00
return DECLINED if $self->is_immune();
2012-05-13 05:27:49 +02:00
if ( ! $header->get('From') ) {
$self->log(LOGINFO, "fail: no from");
return ($deny, "We require a valid From header")
};
my $date = $header->get('Date') or do {
$self->log(LOGINFO, "fail: no date");
return ($deny, "We require a valid Date header");
};
2012-05-23 00:14:10 +02:00
chomp $date;
2012-05-13 05:27:49 +02:00
2012-05-21 23:30:11 +02:00
my $err_msg = $self->invalid_date_range($date);
if ( $err_msg ) {
return ($deny, $err_msg );
2012-05-13 05:27:49 +02:00
};
2012-05-21 23:30:11 +02:00
return (DECLINED);
};
sub invalid_date_range {
my ($self, $date) = @_;
2012-05-13 05:27:49 +02:00
my $ts = str2time($date) or do {
$self->log(LOGINFO, "skip: date not parseable ($date)");
2012-05-21 23:30:11 +02:00
return;
2012-05-13 05:27:49 +02:00
};
2012-05-21 23:30:11 +02:00
my $past = $self->{_args}{past};
if ( $past && $ts < time - ($past*24*3600) ) {
2012-05-13 05:27:49 +02:00
$self->log(LOGINFO, "fail: date too old ($date)");
2012-05-21 23:30:11 +02:00
return "The Date header is too far in the past";
2012-05-13 05:27:49 +02:00
};
2012-05-21 23:30:11 +02:00
my $future = $self->{_args}{future};
if ( $future && $ts > time + ($future*24*3600) ) {
2012-05-13 05:27:49 +02:00
$self->log(LOGINFO, "fail: date in future ($date)");
2012-05-21 23:30:11 +02:00
return "The Date header is too far in the future";
2012-05-13 05:27:49 +02:00
};
$self->log(LOGINFO, "pass");
2012-05-21 23:30:11 +02:00
return;
2004-09-25 13:40:43 +02:00
}
2012-05-23 23:12:26 +02:00
sub is_immune {
my $self = shift;
if ( $self->qp->connection->relay_client() ) {
$self->log(LOGINFO, "skip: relay client");
return 1;
};
if ( $self->qp->connection->notes('whitelisthost') ) {
$self->log(LOGINFO, "skip: whitelisted host");
return 1;
};
if ( $self->qp->transaction->notes('whitelistsender') ) {
$self->log(LOGINFO, "skip: whitelisted sender");
return 1;
};
return;
};