2003-04-15 19:39:27 +02:00
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
|
|
check_earlytalker - Check that the client doesn't talk before we send the SMTP banner
|
|
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
2004-08-01 09:08:07 +02:00
|
|
|
Checks to see if the remote host starts talking before we've issued a 2xx
|
|
|
|
|
greeting. If so, we're likely looking at a direct-to-MX spam agent which
|
|
|
|
|
pipelines its entire SMTP conversation, and will happily dump an entire spam
|
|
|
|
|
into our mail log even if later tests deny acceptance.
|
2003-04-15 19:39:27 +02:00
|
|
|
|
2004-08-01 09:08:07 +02:00
|
|
|
Depending on configuration, clients which behave in this way are either
|
|
|
|
|
immediately disconnected with a deny or denysoft code, or else are issued this
|
|
|
|
|
on all mail/rcpt commands in the transaction.
|
2003-04-15 19:39:27 +02:00
|
|
|
|
2004-08-01 09:08:07 +02:00
|
|
|
=head1 CONFIGURATION
|
2003-04-15 19:39:27 +02:00
|
|
|
|
2004-08-01 09:08:07 +02:00
|
|
|
=over 4
|
2003-04-15 19:39:27 +02:00
|
|
|
|
2004-08-01 09:08:07 +02:00
|
|
|
=item wait [integer]
|
|
|
|
|
|
|
|
|
|
The number of seconds to delay the initial greeting to see if the connecting
|
2005-07-30 09:22:13 +02:00
|
|
|
host speaks first. The default is 1. Do not select a value that is too high,
|
|
|
|
|
or you may be unable to receive mail from MTAs with short SMTP connect or
|
|
|
|
|
greeting timeouts -- these are known to range as low as 30 seconds, and may
|
|
|
|
|
in some cases be configured lower by mailserver admins. Network transit time
|
|
|
|
|
must also be allowed for.
|
2004-08-01 09:08:07 +02:00
|
|
|
|
|
|
|
|
=item action [string: deny, denysoft, log]
|
|
|
|
|
|
|
|
|
|
What to do when matching an early-talker -- the options are I<deny>,
|
|
|
|
|
I<denysoft> or I<log>.
|
|
|
|
|
|
|
|
|
|
If I<log> is specified, the connection will be allowed to proceed as normal,
|
|
|
|
|
and only a warning will be logged.
|
|
|
|
|
|
|
|
|
|
The default is I<denysoft>.
|
|
|
|
|
|
|
|
|
|
=item defer-reject [boolean]
|
|
|
|
|
|
|
|
|
|
When an early-talker is detected, if this option is set to a true value, the
|
|
|
|
|
SMTP greeting will be issued as usual, but all RCPT/MAIL commands will be
|
|
|
|
|
issued a deny or denysoft (depending on the value of I<action>). The default
|
|
|
|
|
is to react at the SMTP greeting stage by issuing the apropriate response code
|
|
|
|
|
and terminating the SMTP connection.
|
|
|
|
|
|
2007-07-12 19:14:36 +02:00
|
|
|
=item check-at [ CONNECT | DATA ]
|
|
|
|
|
|
|
|
|
|
Specifies when to check for early talkers. You can specify this option
|
|
|
|
|
multiple times to check more than once.
|
|
|
|
|
|
|
|
|
|
The default is I<check-at CONNECT> only.
|
|
|
|
|
|
2004-08-01 09:08:07 +02:00
|
|
|
=back
|
2003-04-15 19:39:27 +02:00
|
|
|
|
|
|
|
|
=cut
|
|
|
|
|
|
|
|
|
|
use IO::Select;
|
|
|
|
|
|
2004-08-01 09:08:07 +02:00
|
|
|
use warnings;
|
|
|
|
|
use strict;
|
|
|
|
|
|
2003-04-15 19:39:27 +02:00
|
|
|
sub register {
|
2004-08-01 09:08:07 +02:00
|
|
|
my ($self, $qp, @args) = @_;
|
|
|
|
|
|
|
|
|
|
if (@args % 2) {
|
Changes by jpeacock@cpan.org (John Peacock)
o plugins/check_badmailfromto
- New plugin in the style of check_badmailfrom, which matches a pair
of FROM/TO and makes it seem like the recipient's address no longer
exists (but only from the matching sender's point of view). Useful
for stalkers and other harassment cases.
o plugins/dns_whitelist_soft
- New plugin to provide a DNS-based whitelist (good for distributed
sites).
o various files
- Replaced tab character with 8 spaces and adjusted line breaks for
better readability.
Changes by mct@toren.net (Michael C. Toren)
o lib/Qpsmtpd/SMTP.pm
- Assumes a MAIL FROM value of "<#@[]>" (utilized by qmail to
indicate a null sender when generating a doublebounce message)
is equivalent to "<>". Previously qpsmtpd complained that the
value could not be parsed.
- Adds LOGIN to the default list of supported auth mechanisms.
The documentation in Auth.pm indicated that auth-login was not
currently supported due to lack of functionality, however I can
confirm that LOGIN appears to work fine as tested by using msmtp
(http://msmtp.sourceforge.net/). Are there any indications that
LOGIN support is actually broken in the current implementation?
- Removes the "X-Qpsmtpd-Auth: True" header appended when a message
has been sent by an authenticated user. One problem with such a
header is that it's impossible to say which SMTP hop added it,
and it provides no information which could be used to backtrack
the transaction. I grepped through my mail archives a bit
looking for how other MTAs handled the problem, and decided it
would be best to place this information in the Received: header:
Received: from remotehost (HELO remotehost) (192.168.42.42)
(smtp-auth username foo, mechanism cram-md5)
by mail.netisland.net (qpsmtpd/0.28) with ESMTP; <date>
o lib/Qpsmtpd/Auth.pm:
- Documentation update for the arguments passed to an auth
handler; previously the $mechanism argument was not mentioned,
which threw off the argument offsets.
- Documentation update for auth-login removing the warning
that auth-login is not currently supported due to lack of
functionality.
- Fix to execute a generic auth hook when a more specific
auth-$mechanism hook does not exist. (Previously posted
to the list last week.)
- Upon authentication, sets $session->{_auth_user} and
$session->{_auth_mechanism} so that SMTP.pm can include them
in the Received: header.
o plugins/queue/qmail-queue
- Added a timestamp and the qmail-queue qp identifier to the
"Queued!" 250 message, for compatibility with qmail-smtpd, which
can be very useful for tracking message delivery from machine to
machine. For example, the new 250 message might be:
250 Queued! 1105927468 qp 3210 <1105927457@netisland.net>
qmail-smtpd returns:
250 ok 1106546213 qp 7129
Additionally, for consistency angle brackets are placed around
the Message-ID displayed in the 250 if they were missing in the
message header.
o plugins/check_badmailfrom:
- Changed the error message from "Mail from $bad not accepted
here" to "sorry, your envelope sender is in my badmailfrom
list", for compatibility with qmail-smtpd. I didn't see any
reason to share with the sender the value of $bad, especially
for situations where the sender was rejected resulting from a
wildcard.
o plugins/check_earlytalker:
o plugins/require_resolvable_fromhost:
- No longer checks for earlytalkers or resolvable senders if the
connection note "whitelistclient" is set, which is nice for
helping backup MX hosts empty their queue faster.
o plugins/count_unrecognized_commands:
- Return code changed from DENY_DISCONNECT, which isn't valid in
an unrecognized_command hook, to DENY, which in this context
drops the connection anyway. (Previously posted to the list
last week.)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@356 958fd67b-6ff1-0310-b445-bb7760255be9
2005-01-28 04:30:50 +01:00
|
|
|
$self->log(LOGERROR, "Unrecognized/mismatched arguments");
|
|
|
|
|
return undef;
|
2004-08-01 09:08:07 +02:00
|
|
|
}
|
2007-07-12 19:14:36 +02:00
|
|
|
my %check_at;
|
|
|
|
|
for (0..$#args) {
|
|
|
|
|
next if $_ % 2;
|
|
|
|
|
if (lc($args[$_]) eq 'check-at') {
|
|
|
|
|
my $val = $args[$_ + 1];
|
|
|
|
|
$check_at{uc($val)}++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!%check_at) {
|
|
|
|
|
$check_at{CONNECT} = 1;
|
|
|
|
|
}
|
2004-08-01 09:08:07 +02:00
|
|
|
$self->{_args} = {
|
Changes by jpeacock@cpan.org (John Peacock)
o plugins/check_badmailfromto
- New plugin in the style of check_badmailfrom, which matches a pair
of FROM/TO and makes it seem like the recipient's address no longer
exists (but only from the matching sender's point of view). Useful
for stalkers and other harassment cases.
o plugins/dns_whitelist_soft
- New plugin to provide a DNS-based whitelist (good for distributed
sites).
o various files
- Replaced tab character with 8 spaces and adjusted line breaks for
better readability.
Changes by mct@toren.net (Michael C. Toren)
o lib/Qpsmtpd/SMTP.pm
- Assumes a MAIL FROM value of "<#@[]>" (utilized by qmail to
indicate a null sender when generating a doublebounce message)
is equivalent to "<>". Previously qpsmtpd complained that the
value could not be parsed.
- Adds LOGIN to the default list of supported auth mechanisms.
The documentation in Auth.pm indicated that auth-login was not
currently supported due to lack of functionality, however I can
confirm that LOGIN appears to work fine as tested by using msmtp
(http://msmtp.sourceforge.net/). Are there any indications that
LOGIN support is actually broken in the current implementation?
- Removes the "X-Qpsmtpd-Auth: True" header appended when a message
has been sent by an authenticated user. One problem with such a
header is that it's impossible to say which SMTP hop added it,
and it provides no information which could be used to backtrack
the transaction. I grepped through my mail archives a bit
looking for how other MTAs handled the problem, and decided it
would be best to place this information in the Received: header:
Received: from remotehost (HELO remotehost) (192.168.42.42)
(smtp-auth username foo, mechanism cram-md5)
by mail.netisland.net (qpsmtpd/0.28) with ESMTP; <date>
o lib/Qpsmtpd/Auth.pm:
- Documentation update for the arguments passed to an auth
handler; previously the $mechanism argument was not mentioned,
which threw off the argument offsets.
- Documentation update for auth-login removing the warning
that auth-login is not currently supported due to lack of
functionality.
- Fix to execute a generic auth hook when a more specific
auth-$mechanism hook does not exist. (Previously posted
to the list last week.)
- Upon authentication, sets $session->{_auth_user} and
$session->{_auth_mechanism} so that SMTP.pm can include them
in the Received: header.
o plugins/queue/qmail-queue
- Added a timestamp and the qmail-queue qp identifier to the
"Queued!" 250 message, for compatibility with qmail-smtpd, which
can be very useful for tracking message delivery from machine to
machine. For example, the new 250 message might be:
250 Queued! 1105927468 qp 3210 <1105927457@netisland.net>
qmail-smtpd returns:
250 ok 1106546213 qp 7129
Additionally, for consistency angle brackets are placed around
the Message-ID displayed in the 250 if they were missing in the
message header.
o plugins/check_badmailfrom:
- Changed the error message from "Mail from $bad not accepted
here" to "sorry, your envelope sender is in my badmailfrom
list", for compatibility with qmail-smtpd. I didn't see any
reason to share with the sender the value of $bad, especially
for situations where the sender was rejected resulting from a
wildcard.
o plugins/check_earlytalker:
o plugins/require_resolvable_fromhost:
- No longer checks for earlytalkers or resolvable senders if the
connection note "whitelistclient" is set, which is nice for
helping backup MX hosts empty their queue faster.
o plugins/count_unrecognized_commands:
- Return code changed from DENY_DISCONNECT, which isn't valid in
an unrecognized_command hook, to DENY, which in this context
drops the connection anyway. (Previously posted to the list
last week.)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@356 958fd67b-6ff1-0310-b445-bb7760255be9
2005-01-28 04:30:50 +01:00
|
|
|
'wait' => 1,
|
|
|
|
|
'action' => 'denysoft',
|
|
|
|
|
'defer-reject' => 0,
|
|
|
|
|
@args,
|
2007-07-12 19:14:36 +02:00
|
|
|
'check-at' => \%check_at,
|
2004-08-01 09:08:07 +02:00
|
|
|
};
|
2007-02-07 23:25:44 +01:00
|
|
|
if ( $qp->{conn} && $qp->{conn}->isa('Apache2::Connection')) {
|
2005-06-20 20:46:38 +02:00
|
|
|
require APR::Const;
|
|
|
|
|
APR::Const->import(qw(POLLIN SUCCESS));
|
|
|
|
|
$self->register_hook('connect', 'apr_connect_handler');
|
2007-07-12 19:14:36 +02:00
|
|
|
$self->register_hook('data', 'apr_data_handler');
|
2005-06-20 20:46:38 +02:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$self->register_hook('connect', 'connect_handler');
|
2007-07-12 19:14:36 +02:00
|
|
|
$self->register_hook('data', 'data_handler');
|
2005-06-20 20:46:38 +02:00
|
|
|
}
|
2004-08-01 09:08:07 +02:00
|
|
|
$self->register_hook('mail', 'mail_handler')
|
|
|
|
|
if $self->{_args}->{'defer-reject'};
|
|
|
|
|
1;
|
2003-04-15 19:39:27 +02:00
|
|
|
}
|
|
|
|
|
|
2005-06-20 20:46:38 +02:00
|
|
|
sub apr_connect_handler {
|
|
|
|
|
my ($self, $transaction) = @_;
|
2008-05-05 19:05:38 +02:00
|
|
|
|
2007-07-12 19:14:36 +02:00
|
|
|
return DECLINED unless $self->{_args}{'check-at'}{CONNECT};
|
2005-06-20 20:46:38 +02:00
|
|
|
return DECLINED if ($self->qp->connection->notes('whitelistclient'));
|
|
|
|
|
my $ip = $self->qp->connection->remote_ip;
|
|
|
|
|
|
|
|
|
|
my $c = $self->qp->{conn};
|
|
|
|
|
my $socket = $c->client_socket;
|
|
|
|
|
my $timeout = $self->{_args}->{'wait'} * 1_000_000;
|
2008-05-05 19:05:38 +02:00
|
|
|
|
2005-06-20 20:46:38 +02:00
|
|
|
my $rc = $socket->poll($c->pool, $timeout, APR::Const::POLLIN());
|
|
|
|
|
if ($rc == APR::Const::SUCCESS()) {
|
|
|
|
|
$self->log(LOGNOTICE, "remote host started talking before we said hello [$ip]");
|
|
|
|
|
if ($self->{_args}->{'defer-reject'}) {
|
|
|
|
|
$self->qp->connection->notes('earlytalker', 1);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
my $msg = 'Connecting host started transmitting before SMTP greeting';
|
|
|
|
|
return (DENY,$msg) if $self->{_args}->{'action'} eq 'deny';
|
|
|
|
|
return (DENYSOFT,$msg) if $self->{_args}->{'action'} eq 'denysoft';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$self->log(LOGINFO, "remote host said nothing spontaneous, proceeding");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2007-07-12 19:14:36 +02:00
|
|
|
sub apr_data_handler {
|
|
|
|
|
my ($self, $transaction) = @_;
|
2008-05-05 19:05:38 +02:00
|
|
|
|
2007-07-12 19:14:36 +02:00
|
|
|
return DECLINED unless $self->{_args}{'check-at'}{DATA};
|
|
|
|
|
return DECLINED if ($self->qp->connection->notes('whitelistclient'));
|
|
|
|
|
my $ip = $self->qp->connection->remote_ip;
|
|
|
|
|
|
|
|
|
|
my $c = $self->qp->{conn};
|
|
|
|
|
my $socket = $c->client_socket;
|
|
|
|
|
my $timeout = $self->{_args}->{'wait'} * 1_000_000;
|
2008-05-05 19:05:38 +02:00
|
|
|
|
2007-07-12 19:14:36 +02:00
|
|
|
my $rc = $socket->poll($c->pool, $timeout, APR::Const::POLLIN());
|
|
|
|
|
if ($rc == APR::Const::SUCCESS()) {
|
|
|
|
|
$self->log(LOGNOTICE, "remote host started talking before we said hello [$ip]");
|
|
|
|
|
my $msg = 'Connecting host started transmitting before SMTP greeting';
|
|
|
|
|
return (DENY,$msg) if $self->{_args}->{'action'} eq 'deny';
|
|
|
|
|
return (DENYSOFT,$msg) if $self->{_args}->{'action'} eq 'denysoft';
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$self->log(LOGINFO, "remote host said nothing spontaneous, proceeding");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2003-04-15 19:39:27 +02:00
|
|
|
sub connect_handler {
|
|
|
|
|
my ($self, $transaction) = @_;
|
|
|
|
|
my $in = new IO::Select;
|
Changes by jpeacock@cpan.org (John Peacock)
o plugins/check_badmailfromto
- New plugin in the style of check_badmailfrom, which matches a pair
of FROM/TO and makes it seem like the recipient's address no longer
exists (but only from the matching sender's point of view). Useful
for stalkers and other harassment cases.
o plugins/dns_whitelist_soft
- New plugin to provide a DNS-based whitelist (good for distributed
sites).
o various files
- Replaced tab character with 8 spaces and adjusted line breaks for
better readability.
Changes by mct@toren.net (Michael C. Toren)
o lib/Qpsmtpd/SMTP.pm
- Assumes a MAIL FROM value of "<#@[]>" (utilized by qmail to
indicate a null sender when generating a doublebounce message)
is equivalent to "<>". Previously qpsmtpd complained that the
value could not be parsed.
- Adds LOGIN to the default list of supported auth mechanisms.
The documentation in Auth.pm indicated that auth-login was not
currently supported due to lack of functionality, however I can
confirm that LOGIN appears to work fine as tested by using msmtp
(http://msmtp.sourceforge.net/). Are there any indications that
LOGIN support is actually broken in the current implementation?
- Removes the "X-Qpsmtpd-Auth: True" header appended when a message
has been sent by an authenticated user. One problem with such a
header is that it's impossible to say which SMTP hop added it,
and it provides no information which could be used to backtrack
the transaction. I grepped through my mail archives a bit
looking for how other MTAs handled the problem, and decided it
would be best to place this information in the Received: header:
Received: from remotehost (HELO remotehost) (192.168.42.42)
(smtp-auth username foo, mechanism cram-md5)
by mail.netisland.net (qpsmtpd/0.28) with ESMTP; <date>
o lib/Qpsmtpd/Auth.pm:
- Documentation update for the arguments passed to an auth
handler; previously the $mechanism argument was not mentioned,
which threw off the argument offsets.
- Documentation update for auth-login removing the warning
that auth-login is not currently supported due to lack of
functionality.
- Fix to execute a generic auth hook when a more specific
auth-$mechanism hook does not exist. (Previously posted
to the list last week.)
- Upon authentication, sets $session->{_auth_user} and
$session->{_auth_mechanism} so that SMTP.pm can include them
in the Received: header.
o plugins/queue/qmail-queue
- Added a timestamp and the qmail-queue qp identifier to the
"Queued!" 250 message, for compatibility with qmail-smtpd, which
can be very useful for tracking message delivery from machine to
machine. For example, the new 250 message might be:
250 Queued! 1105927468 qp 3210 <1105927457@netisland.net>
qmail-smtpd returns:
250 ok 1106546213 qp 7129
Additionally, for consistency angle brackets are placed around
the Message-ID displayed in the 250 if they were missing in the
message header.
o plugins/check_badmailfrom:
- Changed the error message from "Mail from $bad not accepted
here" to "sorry, your envelope sender is in my badmailfrom
list", for compatibility with qmail-smtpd. I didn't see any
reason to share with the sender the value of $bad, especially
for situations where the sender was rejected resulting from a
wildcard.
o plugins/check_earlytalker:
o plugins/require_resolvable_fromhost:
- No longer checks for earlytalkers or resolvable senders if the
connection note "whitelistclient" is set, which is nice for
helping backup MX hosts empty their queue faster.
o plugins/count_unrecognized_commands:
- Return code changed from DENY_DISCONNECT, which isn't valid in
an unrecognized_command hook, to DENY, which in this context
drops the connection anyway. (Previously posted to the list
last week.)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@356 958fd67b-6ff1-0310-b445-bb7760255be9
2005-01-28 04:30:50 +01:00
|
|
|
my $ip = $self->qp->connection->remote_ip;
|
|
|
|
|
|
2007-07-12 19:14:36 +02:00
|
|
|
return DECLINED unless $self->{_args}{'check-at'}{CONNECT};
|
Changes by jpeacock@cpan.org (John Peacock)
o plugins/check_badmailfromto
- New plugin in the style of check_badmailfrom, which matches a pair
of FROM/TO and makes it seem like the recipient's address no longer
exists (but only from the matching sender's point of view). Useful
for stalkers and other harassment cases.
o plugins/dns_whitelist_soft
- New plugin to provide a DNS-based whitelist (good for distributed
sites).
o various files
- Replaced tab character with 8 spaces and adjusted line breaks for
better readability.
Changes by mct@toren.net (Michael C. Toren)
o lib/Qpsmtpd/SMTP.pm
- Assumes a MAIL FROM value of "<#@[]>" (utilized by qmail to
indicate a null sender when generating a doublebounce message)
is equivalent to "<>". Previously qpsmtpd complained that the
value could not be parsed.
- Adds LOGIN to the default list of supported auth mechanisms.
The documentation in Auth.pm indicated that auth-login was not
currently supported due to lack of functionality, however I can
confirm that LOGIN appears to work fine as tested by using msmtp
(http://msmtp.sourceforge.net/). Are there any indications that
LOGIN support is actually broken in the current implementation?
- Removes the "X-Qpsmtpd-Auth: True" header appended when a message
has been sent by an authenticated user. One problem with such a
header is that it's impossible to say which SMTP hop added it,
and it provides no information which could be used to backtrack
the transaction. I grepped through my mail archives a bit
looking for how other MTAs handled the problem, and decided it
would be best to place this information in the Received: header:
Received: from remotehost (HELO remotehost) (192.168.42.42)
(smtp-auth username foo, mechanism cram-md5)
by mail.netisland.net (qpsmtpd/0.28) with ESMTP; <date>
o lib/Qpsmtpd/Auth.pm:
- Documentation update for the arguments passed to an auth
handler; previously the $mechanism argument was not mentioned,
which threw off the argument offsets.
- Documentation update for auth-login removing the warning
that auth-login is not currently supported due to lack of
functionality.
- Fix to execute a generic auth hook when a more specific
auth-$mechanism hook does not exist. (Previously posted
to the list last week.)
- Upon authentication, sets $session->{_auth_user} and
$session->{_auth_mechanism} so that SMTP.pm can include them
in the Received: header.
o plugins/queue/qmail-queue
- Added a timestamp and the qmail-queue qp identifier to the
"Queued!" 250 message, for compatibility with qmail-smtpd, which
can be very useful for tracking message delivery from machine to
machine. For example, the new 250 message might be:
250 Queued! 1105927468 qp 3210 <1105927457@netisland.net>
qmail-smtpd returns:
250 ok 1106546213 qp 7129
Additionally, for consistency angle brackets are placed around
the Message-ID displayed in the 250 if they were missing in the
message header.
o plugins/check_badmailfrom:
- Changed the error message from "Mail from $bad not accepted
here" to "sorry, your envelope sender is in my badmailfrom
list", for compatibility with qmail-smtpd. I didn't see any
reason to share with the sender the value of $bad, especially
for situations where the sender was rejected resulting from a
wildcard.
o plugins/check_earlytalker:
o plugins/require_resolvable_fromhost:
- No longer checks for earlytalkers or resolvable senders if the
connection note "whitelistclient" is set, which is nice for
helping backup MX hosts empty their queue faster.
o plugins/count_unrecognized_commands:
- Return code changed from DENY_DISCONNECT, which isn't valid in
an unrecognized_command hook, to DENY, which in this context
drops the connection anyway. (Previously posted to the list
last week.)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@356 958fd67b-6ff1-0310-b445-bb7760255be9
2005-01-28 04:30:50 +01:00
|
|
|
return DECLINED
|
|
|
|
|
if ($self->qp->connection->notes('whitelistclient'));
|
|
|
|
|
|
2003-04-15 19:39:27 +02:00
|
|
|
$in->add(\*STDIN) || return DECLINED;
|
2004-08-01 09:08:07 +02:00
|
|
|
if ($in->can_read($self->{_args}->{'wait'})) {
|
Changes by jpeacock@cpan.org (John Peacock)
o plugins/check_badmailfromto
- New plugin in the style of check_badmailfrom, which matches a pair
of FROM/TO and makes it seem like the recipient's address no longer
exists (but only from the matching sender's point of view). Useful
for stalkers and other harassment cases.
o plugins/dns_whitelist_soft
- New plugin to provide a DNS-based whitelist (good for distributed
sites).
o various files
- Replaced tab character with 8 spaces and adjusted line breaks for
better readability.
Changes by mct@toren.net (Michael C. Toren)
o lib/Qpsmtpd/SMTP.pm
- Assumes a MAIL FROM value of "<#@[]>" (utilized by qmail to
indicate a null sender when generating a doublebounce message)
is equivalent to "<>". Previously qpsmtpd complained that the
value could not be parsed.
- Adds LOGIN to the default list of supported auth mechanisms.
The documentation in Auth.pm indicated that auth-login was not
currently supported due to lack of functionality, however I can
confirm that LOGIN appears to work fine as tested by using msmtp
(http://msmtp.sourceforge.net/). Are there any indications that
LOGIN support is actually broken in the current implementation?
- Removes the "X-Qpsmtpd-Auth: True" header appended when a message
has been sent by an authenticated user. One problem with such a
header is that it's impossible to say which SMTP hop added it,
and it provides no information which could be used to backtrack
the transaction. I grepped through my mail archives a bit
looking for how other MTAs handled the problem, and decided it
would be best to place this information in the Received: header:
Received: from remotehost (HELO remotehost) (192.168.42.42)
(smtp-auth username foo, mechanism cram-md5)
by mail.netisland.net (qpsmtpd/0.28) with ESMTP; <date>
o lib/Qpsmtpd/Auth.pm:
- Documentation update for the arguments passed to an auth
handler; previously the $mechanism argument was not mentioned,
which threw off the argument offsets.
- Documentation update for auth-login removing the warning
that auth-login is not currently supported due to lack of
functionality.
- Fix to execute a generic auth hook when a more specific
auth-$mechanism hook does not exist. (Previously posted
to the list last week.)
- Upon authentication, sets $session->{_auth_user} and
$session->{_auth_mechanism} so that SMTP.pm can include them
in the Received: header.
o plugins/queue/qmail-queue
- Added a timestamp and the qmail-queue qp identifier to the
"Queued!" 250 message, for compatibility with qmail-smtpd, which
can be very useful for tracking message delivery from machine to
machine. For example, the new 250 message might be:
250 Queued! 1105927468 qp 3210 <1105927457@netisland.net>
qmail-smtpd returns:
250 ok 1106546213 qp 7129
Additionally, for consistency angle brackets are placed around
the Message-ID displayed in the 250 if they were missing in the
message header.
o plugins/check_badmailfrom:
- Changed the error message from "Mail from $bad not accepted
here" to "sorry, your envelope sender is in my badmailfrom
list", for compatibility with qmail-smtpd. I didn't see any
reason to share with the sender the value of $bad, especially
for situations where the sender was rejected resulting from a
wildcard.
o plugins/check_earlytalker:
o plugins/require_resolvable_fromhost:
- No longer checks for earlytalkers or resolvable senders if the
connection note "whitelistclient" is set, which is nice for
helping backup MX hosts empty their queue faster.
o plugins/count_unrecognized_commands:
- Return code changed from DENY_DISCONNECT, which isn't valid in
an unrecognized_command hook, to DENY, which in this context
drops the connection anyway. (Previously posted to the list
last week.)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@356 958fd67b-6ff1-0310-b445-bb7760255be9
2005-01-28 04:30:50 +01:00
|
|
|
$self->log(LOGNOTICE, "remote host started talking before we said hello [$ip]");
|
2004-08-01 09:08:07 +02:00
|
|
|
if ($self->{_args}->{'defer-reject'}) {
|
Changes by jpeacock@cpan.org (John Peacock)
o plugins/check_badmailfromto
- New plugin in the style of check_badmailfrom, which matches a pair
of FROM/TO and makes it seem like the recipient's address no longer
exists (but only from the matching sender's point of view). Useful
for stalkers and other harassment cases.
o plugins/dns_whitelist_soft
- New plugin to provide a DNS-based whitelist (good for distributed
sites).
o various files
- Replaced tab character with 8 spaces and adjusted line breaks for
better readability.
Changes by mct@toren.net (Michael C. Toren)
o lib/Qpsmtpd/SMTP.pm
- Assumes a MAIL FROM value of "<#@[]>" (utilized by qmail to
indicate a null sender when generating a doublebounce message)
is equivalent to "<>". Previously qpsmtpd complained that the
value could not be parsed.
- Adds LOGIN to the default list of supported auth mechanisms.
The documentation in Auth.pm indicated that auth-login was not
currently supported due to lack of functionality, however I can
confirm that LOGIN appears to work fine as tested by using msmtp
(http://msmtp.sourceforge.net/). Are there any indications that
LOGIN support is actually broken in the current implementation?
- Removes the "X-Qpsmtpd-Auth: True" header appended when a message
has been sent by an authenticated user. One problem with such a
header is that it's impossible to say which SMTP hop added it,
and it provides no information which could be used to backtrack
the transaction. I grepped through my mail archives a bit
looking for how other MTAs handled the problem, and decided it
would be best to place this information in the Received: header:
Received: from remotehost (HELO remotehost) (192.168.42.42)
(smtp-auth username foo, mechanism cram-md5)
by mail.netisland.net (qpsmtpd/0.28) with ESMTP; <date>
o lib/Qpsmtpd/Auth.pm:
- Documentation update for the arguments passed to an auth
handler; previously the $mechanism argument was not mentioned,
which threw off the argument offsets.
- Documentation update for auth-login removing the warning
that auth-login is not currently supported due to lack of
functionality.
- Fix to execute a generic auth hook when a more specific
auth-$mechanism hook does not exist. (Previously posted
to the list last week.)
- Upon authentication, sets $session->{_auth_user} and
$session->{_auth_mechanism} so that SMTP.pm can include them
in the Received: header.
o plugins/queue/qmail-queue
- Added a timestamp and the qmail-queue qp identifier to the
"Queued!" 250 message, for compatibility with qmail-smtpd, which
can be very useful for tracking message delivery from machine to
machine. For example, the new 250 message might be:
250 Queued! 1105927468 qp 3210 <1105927457@netisland.net>
qmail-smtpd returns:
250 ok 1106546213 qp 7129
Additionally, for consistency angle brackets are placed around
the Message-ID displayed in the 250 if they were missing in the
message header.
o plugins/check_badmailfrom:
- Changed the error message from "Mail from $bad not accepted
here" to "sorry, your envelope sender is in my badmailfrom
list", for compatibility with qmail-smtpd. I didn't see any
reason to share with the sender the value of $bad, especially
for situations where the sender was rejected resulting from a
wildcard.
o plugins/check_earlytalker:
o plugins/require_resolvable_fromhost:
- No longer checks for earlytalkers or resolvable senders if the
connection note "whitelistclient" is set, which is nice for
helping backup MX hosts empty their queue faster.
o plugins/count_unrecognized_commands:
- Return code changed from DENY_DISCONNECT, which isn't valid in
an unrecognized_command hook, to DENY, which in this context
drops the connection anyway. (Previously posted to the list
last week.)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@356 958fd67b-6ff1-0310-b445-bb7760255be9
2005-01-28 04:30:50 +01:00
|
|
|
$self->qp->connection->notes('earlytalker', 1);
|
2004-08-01 09:08:07 +02:00
|
|
|
} else {
|
|
|
|
|
my $msg = 'Connecting host started transmitting before SMTP greeting';
|
|
|
|
|
return (DENY,$msg) if $self->{_args}->{'action'} eq 'deny';
|
|
|
|
|
return (DENYSOFT,$msg) if $self->{_args}->{'action'} eq 'denysoft';
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$self->log(LOGINFO, 'remote host said nothing spontaneous, proceeding');
|
2003-04-15 19:39:27 +02:00
|
|
|
}
|
|
|
|
|
return DECLINED;
|
|
|
|
|
}
|
2004-08-01 09:08:07 +02:00
|
|
|
|
2007-07-12 19:14:36 +02:00
|
|
|
sub data_handler {
|
|
|
|
|
my ($self, $transaction) = @_;
|
|
|
|
|
my $in = new IO::Select;
|
|
|
|
|
my $ip = $self->qp->connection->remote_ip;
|
|
|
|
|
|
|
|
|
|
return DECLINED unless $self->{_args}{'check-at'}{DATA};
|
|
|
|
|
return DECLINED
|
|
|
|
|
if ($self->qp->connection->notes('whitelistclient'));
|
|
|
|
|
|
|
|
|
|
$in->add(\*STDIN) || return DECLINED;
|
|
|
|
|
if ($in->can_read($self->{_args}->{'wait'})) {
|
|
|
|
|
$self->log(LOGNOTICE, "remote host started talking before we said hello [$ip]");
|
|
|
|
|
my $msg = 'Connecting host started transmitting before SMTP greeting';
|
|
|
|
|
return (DENY,$msg) if $self->{_args}->{'action'} eq 'deny';
|
|
|
|
|
return (DENYSOFT,$msg) if $self->{_args}->{'action'} eq 'denysoft';
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$self->log(LOGINFO, 'remote host said nothing spontaneous, proceeding');
|
|
|
|
|
}
|
|
|
|
|
return DECLINED;
|
|
|
|
|
}
|
|
|
|
|
|
2004-08-01 09:08:07 +02:00
|
|
|
sub mail_handler {
|
2008-05-05 19:05:38 +02:00
|
|
|
my ($self, $transaction) = @_;
|
2004-08-01 09:08:07 +02:00
|
|
|
my $msg = 'Connecting host started transmitting before SMTP greeting';
|
|
|
|
|
|
|
|
|
|
return DECLINED unless $self->qp->connection->notes('earlytalker');
|
|
|
|
|
return (DENY,$msg) if $self->{_args}->{'action'} eq 'deny';
|
|
|
|
|
return (DENYSOFT,$msg) if $self->{_args}->{'action'} eq 'denysoft';
|
|
|
|
|
return DECLINED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1;
|
|
|
|
|
|
