From 2b1428af7e7fd8687a234924448925f9e6a35b67 Mon Sep 17 00:00:00 2001 From: Matt Simerson Date: Fri, 4 May 2012 14:02:12 -0400 Subject: [PATCH] moved POD to top of file all but 3 plugins have their POD at the top of the file. Bring these little lost sheep into the barn. --- plugins/auth/auth_ldap_bind | 162 ++++++++++++++++++------------------ plugins/domainkeys | 57 ++++++------- plugins/rhsbl | 51 ++++++------ 3 files changed, 136 insertions(+), 134 deletions(-) diff --git a/plugins/auth/auth_ldap_bind b/plugins/auth/auth_ldap_bind index 8c191ff..d8b6980 100644 --- a/plugins/auth/auth_ldap_bind +++ b/plugins/auth/auth_ldap_bind @@ -1,5 +1,84 @@ #!perl -w - + +=head1 NAME + +auth_ldap_bind - Authenticate user via an LDAP bind + +=head1 DESCRIPTION + +This plugin authenticates users against an LDAP Directory. The plugin +first performs a lookup for an entry matching the connecting user. This +lookup uses the 'ldap_auth_filter_attr' attribute to match the connecting +user to their LDAP DN. Once the plugin has found the user's DN, the plugin +will attempt to bind to the Directory as that DN with the password that has +been supplied. + +=head1 CONFIGURATION + +Configuration items can be held in either the 'ldap' configuration file, or as +arguments to the plugin. + +Configuration items in the 'ldap' configuration file +are set one per line, starting the line with the configuration item key, +followed by a space, then the values associated with the configuration item. + +Configuration items given as arguments to the plugin are keys and values +separated by spaces. Be sure to quote any values that have spaces in them. + +The only configuration item which is required is 'ldap_base'. This tells the +plugin what your base DN is. The plugin will not work until it has been +configured. + +The configuration items 'ldap_host' and 'ldap_port' specify the host and port +at which your Directory server may be contacted. If these are not specified, +the plugin will use port '389' on 'localhost'. + +The configuration item 'ldap_timeout' specifies how long the plugin should +wait for a response from your Directory server. By default, the value is 5 +seconds. + +The configuration item 'ldap_auth_filter_attr' specifies how the plugin should +find the user in your Directory. By default, the plugin will look up the user +based on the 'uid' attribute. + +=head1 NOTES + +Each auth requires an initial lookup to find the user's DN. Ideally, the +plugin would simply bind as the user without the need for this lookup (see +FUTURE DIRECTION below). + +This plugin requires that the Directory allow anonymous bind (see FUTURE +DIRECTION below). + +=head1 FUTURE DIRECTION + +A configurable LDAP filter should be made available, to account for users +who are over quota, have had their accounts disabled, or whatever other +arbitrary requirements. + +A configurable DN template (uid=$USER,ou=$DOMAIN,$BASE). This would prevent +the need of the initial user lookup, as the DN is created from the template. + +A configurable bind DN, for Directories that do not allow anonymous bind. + +Another plugin ('ldap_auth_cleartext'?), to allow retrieval of plain-text +passwords from the Directory, permitting CRAM-MD5 or other hash algorithm +authentication. + +=head1 AUTHOR + +Elliot Foster + +=head1 COPYRIGHT AND LICENSE + +Copyright (c) 2005 Elliot Foster + +This plugin is licensed under the same terms as the qpsmtpd package itself. +Please see the LICENSE file included with qpsmtpd for details. + +=cut + + sub register { my ( $self, $qp, @args ) = @_; $self->register_hook( "auth-plain", "authldap" ); @@ -110,83 +189,4 @@ sub authldap { $ldh->disconnect; } - -=head1 NAME - -auth_ldap_bind - Authenticate user via an LDAP bind - -=head1 DESCRIPTION - -This plugin authenticates users against an LDAP Directory. The plugin -first performs a lookup for an entry matching the connecting user. This -lookup uses the 'ldap_auth_filter_attr' attribute to match the connecting -user to their LDAP DN. Once the plugin has found the user's DN, the plugin -will attempt to bind to the Directory as that DN with the password that has -been supplied. - -=head1 CONFIGURATION - -Configuration items can be held in either the 'ldap' configuration file, or as -arguments to the plugin. - -Configuration items in the 'ldap' configuration file -are set one per line, starting the line with the configuration item key, -followed by a space, then the values associated with the configuration item. - -Configuration items given as arguments to the plugin are keys and values -separated by spaces. Be sure to quote any values that have spaces in them. - -The only configuration item which is required is 'ldap_base'. This tells the -plugin what your base DN is. The plugin will not work until it has been -configured. - -The configuration items 'ldap_host' and 'ldap_port' specify the host and port -at which your Directory server may be contacted. If these are not specified, -the plugin will use port '389' on 'localhost'. - -The configuration item 'ldap_timeout' specifies how long the plugin should -wait for a response from your Directory server. By default, the value is 5 -seconds. - -The configuration item 'ldap_auth_filter_attr' specifies how the plugin should -find the user in your Directory. By default, the plugin will look up the user -based on the 'uid' attribute. - -=head1 NOTES - -Each auth requires an initial lookup to find the user's DN. Ideally, the -plugin would simply bind as the user without the need for this lookup(see -FUTURE DIRECTION below). - -This plugin requires that the Directory allow anonymous bind (see FUTURE -DIRECTION below). - -=head1 FUTURE DIRECTION - -A configurable LDAP filter should be made available, to account for users -who are over quota, have had their accounts disabled, or whatever other -arbitrary requirements. - -A configurable DN template (uid=$USER,ou=$DOMAIN,$BASE). This would prevent -the need of the initial user lookup, as the DN is created from the template. - -A configurable bind DN, for Directories that do not allow anonymous bind. - -Another plugin ('ldap_auth_cleartext'?), to allow retrieval of plain-text -passwords from the Directory, permitting CRAM-MD5 or other hash algorithm -authentication. - -=head1 AUTHOR - -Elliot Foster - -=head1 COPYRIGHT AND LICENSE - -Copyright (c) 2005 Elliot Foster - -This plugin is licensed under the same terms as the qpsmtpd package itself. -Please see the LICENSE file included with qpsmtpd for details. - - -=cut - + diff --git a/plugins/domainkeys b/plugins/domainkeys index b449bf5..ebc66aa 100644 --- a/plugins/domainkeys +++ b/plugins/domainkeys @@ -1,9 +1,37 @@ #!perl -w + +=head1 NAME + +domainkeys: validate a DomainKeys signature on an incoming mail + +=head1 SYNOPSIS + + domainkeys [warn_only 1] + +Performs a DomainKeys validation on the message. Takes a single +configuration + + warn_only 1 + +which means that messages which are not correctly signed (i.e. signed but +modified or deliberately forged) will not be DENY'd, but an error will still +be issued to the logfile. + +=head1 COPYRIGHT + +Copyright (C) 2005-2006 John Peacock. + +Portions Copyright (C) 2004 Anthony D. Urso. All rights reserved. This +program is free software; you can redistribute it and/or modify it under +the same terms as Perl itself. + +=cut + sub init { my ($self, $qp, %args) = @_; foreach my $key ( %args ) { - $self->{$key} = $args{$key}; + $self->{$key} = $args{$key}; } } @@ -89,30 +117,3 @@ sub hook_data_post { } } - -=head1 NAME - -domainkeys: validate a DomainKeys signature on an incoming mail - -=head1 SYNOPSIS - - domainkeys [warn_only 1] - -Performs a DomainKeys validation on the message. Takes a single -configuration - - warn_only 1 - -which means that messages which are not correctly signed (i.e. signed but -modified or deliberately forged) will not be DENY'd, but an error will still -be issued to the logfile. - -=head1 COPYRIGHT - -Copyright (C) 2005-2006 John Peacock. - -Portions Copyright (C) 2004 Anthony D. Urso. All rights reserved. This -program is free software; you can redistribute it and/or modify it under -the same terms as Perl itself. - -=cut diff --git a/plugins/rhsbl b/plugins/rhsbl index 03a1c29..2ba0b5f 100644 --- a/plugins/rhsbl +++ b/plugins/rhsbl @@ -1,5 +1,31 @@ #!perl -w +=head1 NAME + +rhsbl - handle RHSBL lookups + +=head1 DESCRIPTION + +Pluging that checks the host part of the sender's address against a +configurable set of RBL services. + +=head1 CONFIGURATION + +This plugin reads the lists to use from the rhsbl_zones configuration +file. Normal domain based dns blocking lists ("RBLs") which contain TXT +records are specified simply as: + + dsn.rfc-ignorant.org + +To configure RBL services which do not contain TXT records in the DNS, +but only A records, specify, after a whitespace, your own error message +to return in the SMTP conversation e.g. + + abuse.rfc-ignorant.org does not support abuse@domain + +=cut + + sub register { my ($self, $qp, $denial ) = @_; if ( defined $denial and $denial =~ /^disconnect$/i ) { @@ -133,28 +159,3 @@ sub hook_disconnect { return DECLINED; } - -=head1 NAME - -rhsbl - handle RHSBL lookups - -=head1 DESCRIPTION - -Pluging that checks the host part of the sender's address against a -configurable set of RBL services. - -=head1 CONFIGURATION - -This plugin reads the lists to use from the rhsbl_zones configuration -file. Normal domain based dns blocking lists ("RBLs") which contain TXT -records are specified simply as: - - dsn.rfc-ignorant.org - -To configure RBL services which do not contain TXT records in the DNS, -but only A records, specify, after a whitespace, your own error message -to return in the SMTP conversation e.g. - - abuse.rfc-ignorant.org does not support abuse@domain - -=cut