byterazor/qpsmtpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Two patches from Robin Johnson:

Browse Source 
Add SSL encryption method to FROM: header line.
Add new tls_before_auth configuration to hide AUTH until TLS is established.

git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@645 958fd67b-6ff1-0310-b445-bb7760255be9
This commit is contained in:
John Peacock 2006-06-22 14:48:48 +00:00
parent b3bc12e587
commit 25d9fe85a8
4 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Changes
View File

@ -1,5 +1,9 @@
0.33 0.33
Add SSL encryption method to header to mirror other qmail/SSL patches.
Add tls_before_auth to suppress AUTH unless TLS has already been
established (Robin Johnson).
Fix "help" command when there's no "smtpgreeting" configured (the default) Fix "help" command when there's no "smtpgreeting" configured (the default)
(Thanks to Thomas Ogrisegg) (Thanks to Thomas Ogrisegg)

5
README
View File

@ -176,6 +176,11 @@ smtpd uses during the data transactions. If this file doesnt exist, it
will default to use $ENV{HOME}/tmp/. This directory should be set with will default to use $ENV{HOME}/tmp/. This directory should be set with
a mode of 700 and owned by the smtpd user. a mode of 700 and owned by the smtpd user.
=item tls_before_auth
If this file contains anything except a 0 on the first noncomment line, then
AUTH will not be offered unless TLS/SSL are in place, either with STARTTLS,
or SMTP-SSL on port 465.
=item everything (?) that qmail-smtpd supports. =item everything (?) that qmail-smtpd supports.

2
config.sample/tls_before_auth Normal file
View File

@ -0,0 +1,2 @@
# change the next line to 0 if you want to offer AUTH without TLS
1

11
lib/Qpsmtpd/SMTP.pm
View File

@ -219,7 +219,9 @@ HOOK: foreach my $hook ( keys %{$self->{hooks}} ) {
} }
} }
if ( %auth_mechanisms ) { # Check if we should only offer AUTH after TLS is completed
my $tls_before_auth = ($self->config('tls_before_auth') ? ($self->config('tls_before_auth'))[0] && $self->transaction->notes('tls_enabled') : 0);
if ( %auth_mechanisms && !$tls_before_auth) {
push @capabilities, 'AUTH '.join(" ",keys(%auth_mechanisms)); push @capabilities, 'AUTH '.join(" ",keys(%auth_mechanisms));
$self->{_commands}->{'auth'} = ""; $self->{_commands}->{'auth'} = "";
} }
@ -248,6 +250,9 @@ sub auth {
and $self->{_auth} == OK ); and $self->{_auth} == OK );
return $self->respond( 503, "AUTH not defined for HELO" ) return $self->respond( 503, "AUTH not defined for HELO" )
if ( $self->connection->hello eq "helo" ); if ( $self->connection->hello eq "helo" );
return $self->respond( 503, "SSL/TLS required before AUTH" )
if ( ($self->config('tls_before_auth'))[0]
and $self->transaction->notes('tls_enabled') );
return $self->{_auth} = Qpsmtpd::Auth::SASL( $self, $arg, @stuff ); return $self->{_auth} = Qpsmtpd::Auth::SASL( $self, $arg, @stuff );
} }
@ -584,13 +589,15 @@ sub data {
$self->transaction->header($header); $self->transaction->header($header);
my $smtp = $self->connection->hello eq "ehlo" ? "ESMTP" : "SMTP"; my $smtp = $self->connection->hello eq "ehlo" ? "ESMTP" : "SMTP";
my $sslheader = (defined $self->connection->notes('tls_enabled') and $self->connection->notes('tls_enabled')) ?
"(".$self->connection->notes('tls_socket')->get_cipher()." encrypted) " : "";
my $authheader = (defined $self->{_auth} and $self->{_auth} == OK) ? my $authheader = (defined $self->{_auth} and $self->{_auth} == OK) ?
"(smtp-auth username $self->{_auth_user}, mechanism $self->{_auth_mechanism})\n" : ""; "(smtp-auth username $self->{_auth_user}, mechanism $self->{_auth_mechanism})\n" : "";
$header->add("Received", "from ".$self->connection->remote_info $header->add("Received", "from ".$self->connection->remote_info
." (HELO ".$self->connection->hello_host . ") (".$self->connection->remote_ip ." (HELO ".$self->connection->hello_host . ") (".$self->connection->remote_ip
. ")\n $authheader by ".$self->config('me')." (qpsmtpd/".$self->version . ")\n $authheader by ".$self->config('me')." (qpsmtpd/".$self->version
.") with $smtp; ". (strftime('%a, %d %b %Y %H:%M:%S %z', localtime)), .") with $sslheader$smtp; ". (strftime('%a, %d %b %Y %H:%M:%S %z', localtime)),
0); 0);
# if we get here without seeing a terminator, the connection is # if we get here without seeing a terminator, the connection is