2004-11-27 19:40:54 +01:00
|
|
|
# -*- perl -*-
|
2003-08-31 10:24:06 +02:00
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
check_badmailfrom - checks the standard badmailfrom config
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
Reads the "badmailfrom" configuration like qmail-smtpd does. From the
|
|
|
|
qmail-smtpd docs:
|
|
|
|
|
|
|
|
"Unacceptable envelope sender addresses. qmail-smtpd will reject every
|
|
|
|
recipient address for a message if the envelope sender address is
|
|
|
|
listed in badmailfrom. A line in badmailfrom may be of the form
|
|
|
|
@host, meaning every address at host."
|
|
|
|
|
2004-11-27 19:40:54 +01:00
|
|
|
=head1 NOTES
|
|
|
|
|
|
|
|
According to the SMTP protocol, we can't reject until after the RCPT
|
|
|
|
stage, so store it until later.
|
|
|
|
|
2003-08-31 10:24:06 +02:00
|
|
|
=cut
|
2002-09-10 13:00:31 +02:00
|
|
|
|
|
|
|
sub register {
|
|
|
|
my ($self, $qp) = @_;
|
|
|
|
$self->register_hook("mail", "mail_handler");
|
|
|
|
$self->register_hook("rcpt", "rcpt_handler");
|
|
|
|
}
|
|
|
|
|
|
|
|
sub mail_handler {
|
2002-09-10 13:04:18 +02:00
|
|
|
my ($self, $transaction, $sender) = @_;
|
2003-08-31 10:24:06 +02:00
|
|
|
|
2002-09-10 19:17:15 +02:00
|
|
|
my @badmailfrom = $self->qp->config("badmailfrom")
|
|
|
|
or return (DECLINED);
|
|
|
|
|
|
|
|
return (DECLINED) unless ($sender->format ne "<>"
|
Changes by jpeacock@cpan.org (John Peacock)
o plugins/check_badmailfromto
- New plugin in the style of check_badmailfrom, which matches a pair
of FROM/TO and makes it seem like the recipient's address no longer
exists (but only from the matching sender's point of view). Useful
for stalkers and other harassment cases.
o plugins/dns_whitelist_soft
- New plugin to provide a DNS-based whitelist (good for distributed
sites).
o various files
- Replaced tab character with 8 spaces and adjusted line breaks for
better readability.
Changes by mct@toren.net (Michael C. Toren)
o lib/Qpsmtpd/SMTP.pm
- Assumes a MAIL FROM value of "<#@[]>" (utilized by qmail to
indicate a null sender when generating a doublebounce message)
is equivalent to "<>". Previously qpsmtpd complained that the
value could not be parsed.
- Adds LOGIN to the default list of supported auth mechanisms.
The documentation in Auth.pm indicated that auth-login was not
currently supported due to lack of functionality, however I can
confirm that LOGIN appears to work fine as tested by using msmtp
(http://msmtp.sourceforge.net/). Are there any indications that
LOGIN support is actually broken in the current implementation?
- Removes the "X-Qpsmtpd-Auth: True" header appended when a message
has been sent by an authenticated user. One problem with such a
header is that it's impossible to say which SMTP hop added it,
and it provides no information which could be used to backtrack
the transaction. I grepped through my mail archives a bit
looking for how other MTAs handled the problem, and decided it
would be best to place this information in the Received: header:
Received: from remotehost (HELO remotehost) (192.168.42.42)
(smtp-auth username foo, mechanism cram-md5)
by mail.netisland.net (qpsmtpd/0.28) with ESMTP; <date>
o lib/Qpsmtpd/Auth.pm:
- Documentation update for the arguments passed to an auth
handler; previously the $mechanism argument was not mentioned,
which threw off the argument offsets.
- Documentation update for auth-login removing the warning
that auth-login is not currently supported due to lack of
functionality.
- Fix to execute a generic auth hook when a more specific
auth-$mechanism hook does not exist. (Previously posted
to the list last week.)
- Upon authentication, sets $session->{_auth_user} and
$session->{_auth_mechanism} so that SMTP.pm can include them
in the Received: header.
o plugins/queue/qmail-queue
- Added a timestamp and the qmail-queue qp identifier to the
"Queued!" 250 message, for compatibility with qmail-smtpd, which
can be very useful for tracking message delivery from machine to
machine. For example, the new 250 message might be:
250 Queued! 1105927468 qp 3210 <1105927457@netisland.net>
qmail-smtpd returns:
250 ok 1106546213 qp 7129
Additionally, for consistency angle brackets are placed around
the Message-ID displayed in the 250 if they were missing in the
message header.
o plugins/check_badmailfrom:
- Changed the error message from "Mail from $bad not accepted
here" to "sorry, your envelope sender is in my badmailfrom
list", for compatibility with qmail-smtpd. I didn't see any
reason to share with the sender the value of $bad, especially
for situations where the sender was rejected resulting from a
wildcard.
o plugins/check_earlytalker:
o plugins/require_resolvable_fromhost:
- No longer checks for earlytalkers or resolvable senders if the
connection note "whitelistclient" is set, which is nice for
helping backup MX hosts empty their queue faster.
o plugins/count_unrecognized_commands:
- Return code changed from DENY_DISCONNECT, which isn't valid in
an unrecognized_command hook, to DENY, which in this context
drops the connection anyway. (Previously posted to the list
last week.)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@356 958fd67b-6ff1-0310-b445-bb7760255be9
2005-01-28 04:30:50 +01:00
|
|
|
and $sender->host && $sender->user);
|
2002-09-10 19:17:15 +02:00
|
|
|
|
2002-09-10 13:04:18 +02:00
|
|
|
my $host = lc $sender->host;
|
2004-06-18 07:47:45 +02:00
|
|
|
my $from = lc($sender->user) . '@' . $host;
|
2002-09-10 19:17:15 +02:00
|
|
|
|
2002-09-10 13:00:31 +02:00
|
|
|
for my $bad (@badmailfrom) {
|
2003-08-31 10:24:06 +02:00
|
|
|
$bad =~ s/^\s*(\S+).*/$1/;
|
|
|
|
next unless $bad;
|
2004-06-18 07:47:45 +02:00
|
|
|
$bad = lc $bad;
|
2003-08-31 10:24:06 +02:00
|
|
|
warn "Bad badmailfrom config: No \@ sign in $bad\n" and next unless $bad =~ m/\@/;
|
Changes by jpeacock@cpan.org (John Peacock)
o plugins/check_badmailfromto
- New plugin in the style of check_badmailfrom, which matches a pair
of FROM/TO and makes it seem like the recipient's address no longer
exists (but only from the matching sender's point of view). Useful
for stalkers and other harassment cases.
o plugins/dns_whitelist_soft
- New plugin to provide a DNS-based whitelist (good for distributed
sites).
o various files
- Replaced tab character with 8 spaces and adjusted line breaks for
better readability.
Changes by mct@toren.net (Michael C. Toren)
o lib/Qpsmtpd/SMTP.pm
- Assumes a MAIL FROM value of "<#@[]>" (utilized by qmail to
indicate a null sender when generating a doublebounce message)
is equivalent to "<>". Previously qpsmtpd complained that the
value could not be parsed.
- Adds LOGIN to the default list of supported auth mechanisms.
The documentation in Auth.pm indicated that auth-login was not
currently supported due to lack of functionality, however I can
confirm that LOGIN appears to work fine as tested by using msmtp
(http://msmtp.sourceforge.net/). Are there any indications that
LOGIN support is actually broken in the current implementation?
- Removes the "X-Qpsmtpd-Auth: True" header appended when a message
has been sent by an authenticated user. One problem with such a
header is that it's impossible to say which SMTP hop added it,
and it provides no information which could be used to backtrack
the transaction. I grepped through my mail archives a bit
looking for how other MTAs handled the problem, and decided it
would be best to place this information in the Received: header:
Received: from remotehost (HELO remotehost) (192.168.42.42)
(smtp-auth username foo, mechanism cram-md5)
by mail.netisland.net (qpsmtpd/0.28) with ESMTP; <date>
o lib/Qpsmtpd/Auth.pm:
- Documentation update for the arguments passed to an auth
handler; previously the $mechanism argument was not mentioned,
which threw off the argument offsets.
- Documentation update for auth-login removing the warning
that auth-login is not currently supported due to lack of
functionality.
- Fix to execute a generic auth hook when a more specific
auth-$mechanism hook does not exist. (Previously posted
to the list last week.)
- Upon authentication, sets $session->{_auth_user} and
$session->{_auth_mechanism} so that SMTP.pm can include them
in the Received: header.
o plugins/queue/qmail-queue
- Added a timestamp and the qmail-queue qp identifier to the
"Queued!" 250 message, for compatibility with qmail-smtpd, which
can be very useful for tracking message delivery from machine to
machine. For example, the new 250 message might be:
250 Queued! 1105927468 qp 3210 <1105927457@netisland.net>
qmail-smtpd returns:
250 ok 1106546213 qp 7129
Additionally, for consistency angle brackets are placed around
the Message-ID displayed in the 250 if they were missing in the
message header.
o plugins/check_badmailfrom:
- Changed the error message from "Mail from $bad not accepted
here" to "sorry, your envelope sender is in my badmailfrom
list", for compatibility with qmail-smtpd. I didn't see any
reason to share with the sender the value of $bad, especially
for situations where the sender was rejected resulting from a
wildcard.
o plugins/check_earlytalker:
o plugins/require_resolvable_fromhost:
- No longer checks for earlytalkers or resolvable senders if the
connection note "whitelistclient" is set, which is nice for
helping backup MX hosts empty their queue faster.
o plugins/count_unrecognized_commands:
- Return code changed from DENY_DISCONNECT, which isn't valid in
an unrecognized_command hook, to DENY, which in this context
drops the connection anyway. (Previously posted to the list
last week.)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@356 958fd67b-6ff1-0310-b445-bb7760255be9
2005-01-28 04:30:50 +01:00
|
|
|
$transaction->notes('badmailfrom', "sorry, your envelope sender is in my badmailfrom list")
|
2004-11-27 19:40:54 +01:00
|
|
|
if ($bad eq $from) || (substr($bad,0,1) eq '@' && $bad eq "\@$host");
|
2002-09-10 13:00:31 +02:00
|
|
|
}
|
|
|
|
return (DECLINED);
|
|
|
|
}
|
|
|
|
|
|
|
|
sub rcpt_handler {
|
|
|
|
my ($self, $transaction, $rcpt) = @_;
|
|
|
|
my $note = $transaction->notes('badmailfrom');
|
2004-11-27 19:40:54 +01:00
|
|
|
if ($note) {
|
|
|
|
$self->log(LOGINFO, $note);
|
|
|
|
return (DENY, $note);
|
|
|
|
}
|
2002-09-10 13:00:31 +02:00
|
|
|
return (DECLINED);
|
|
|
|
}
|