moved POD to top of file
all but 3 plugins have their POD at the top of the file. Bring these little lost sheep into the barn.
This commit is contained in:
parent
5b7844158f
commit
2b1428af7e
@ -1,5 +1,84 @@
|
|||||||
#!perl -w
|
#!perl -w
|
||||||
|
|
||||||
|
=head1 NAME
|
||||||
|
|
||||||
|
auth_ldap_bind - Authenticate user via an LDAP bind
|
||||||
|
|
||||||
|
=head1 DESCRIPTION
|
||||||
|
|
||||||
|
This plugin authenticates users against an LDAP Directory. The plugin
|
||||||
|
first performs a lookup for an entry matching the connecting user. This
|
||||||
|
lookup uses the 'ldap_auth_filter_attr' attribute to match the connecting
|
||||||
|
user to their LDAP DN. Once the plugin has found the user's DN, the plugin
|
||||||
|
will attempt to bind to the Directory as that DN with the password that has
|
||||||
|
been supplied.
|
||||||
|
|
||||||
|
=head1 CONFIGURATION
|
||||||
|
|
||||||
|
Configuration items can be held in either the 'ldap' configuration file, or as
|
||||||
|
arguments to the plugin.
|
||||||
|
|
||||||
|
Configuration items in the 'ldap' configuration file
|
||||||
|
are set one per line, starting the line with the configuration item key,
|
||||||
|
followed by a space, then the values associated with the configuration item.
|
||||||
|
|
||||||
|
Configuration items given as arguments to the plugin are keys and values
|
||||||
|
separated by spaces. Be sure to quote any values that have spaces in them.
|
||||||
|
|
||||||
|
The only configuration item which is required is 'ldap_base'. This tells the
|
||||||
|
plugin what your base DN is. The plugin will not work until it has been
|
||||||
|
configured.
|
||||||
|
|
||||||
|
The configuration items 'ldap_host' and 'ldap_port' specify the host and port
|
||||||
|
at which your Directory server may be contacted. If these are not specified,
|
||||||
|
the plugin will use port '389' on 'localhost'.
|
||||||
|
|
||||||
|
The configuration item 'ldap_timeout' specifies how long the plugin should
|
||||||
|
wait for a response from your Directory server. By default, the value is 5
|
||||||
|
seconds.
|
||||||
|
|
||||||
|
The configuration item 'ldap_auth_filter_attr' specifies how the plugin should
|
||||||
|
find the user in your Directory. By default, the plugin will look up the user
|
||||||
|
based on the 'uid' attribute.
|
||||||
|
|
||||||
|
=head1 NOTES
|
||||||
|
|
||||||
|
Each auth requires an initial lookup to find the user's DN. Ideally, the
|
||||||
|
plugin would simply bind as the user without the need for this lookup (see
|
||||||
|
FUTURE DIRECTION below).
|
||||||
|
|
||||||
|
This plugin requires that the Directory allow anonymous bind (see FUTURE
|
||||||
|
DIRECTION below).
|
||||||
|
|
||||||
|
=head1 FUTURE DIRECTION
|
||||||
|
|
||||||
|
A configurable LDAP filter should be made available, to account for users
|
||||||
|
who are over quota, have had their accounts disabled, or whatever other
|
||||||
|
arbitrary requirements.
|
||||||
|
|
||||||
|
A configurable DN template (uid=$USER,ou=$DOMAIN,$BASE). This would prevent
|
||||||
|
the need of the initial user lookup, as the DN is created from the template.
|
||||||
|
|
||||||
|
A configurable bind DN, for Directories that do not allow anonymous bind.
|
||||||
|
|
||||||
|
Another plugin ('ldap_auth_cleartext'?), to allow retrieval of plain-text
|
||||||
|
passwords from the Directory, permitting CRAM-MD5 or other hash algorithm
|
||||||
|
authentication.
|
||||||
|
|
||||||
|
=head1 AUTHOR
|
||||||
|
|
||||||
|
Elliot Foster <elliotf@gratuitous.net>
|
||||||
|
|
||||||
|
=head1 COPYRIGHT AND LICENSE
|
||||||
|
|
||||||
|
Copyright (c) 2005 Elliot Foster
|
||||||
|
|
||||||
|
This plugin is licensed under the same terms as the qpsmtpd package itself.
|
||||||
|
Please see the LICENSE file included with qpsmtpd for details.
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
|
||||||
sub register {
|
sub register {
|
||||||
my ( $self, $qp, @args ) = @_;
|
my ( $self, $qp, @args ) = @_;
|
||||||
$self->register_hook( "auth-plain", "authldap" );
|
$self->register_hook( "auth-plain", "authldap" );
|
||||||
@ -111,82 +190,3 @@ sub authldap {
|
|||||||
$ldh->disconnect;
|
$ldh->disconnect;
|
||||||
}
|
}
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
auth_ldap_bind - Authenticate user via an LDAP bind
|
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
|
||||||
|
|
||||||
This plugin authenticates users against an LDAP Directory. The plugin
|
|
||||||
first performs a lookup for an entry matching the connecting user. This
|
|
||||||
lookup uses the 'ldap_auth_filter_attr' attribute to match the connecting
|
|
||||||
user to their LDAP DN. Once the plugin has found the user's DN, the plugin
|
|
||||||
will attempt to bind to the Directory as that DN with the password that has
|
|
||||||
been supplied.
|
|
||||||
|
|
||||||
=head1 CONFIGURATION
|
|
||||||
|
|
||||||
Configuration items can be held in either the 'ldap' configuration file, or as
|
|
||||||
arguments to the plugin.
|
|
||||||
|
|
||||||
Configuration items in the 'ldap' configuration file
|
|
||||||
are set one per line, starting the line with the configuration item key,
|
|
||||||
followed by a space, then the values associated with the configuration item.
|
|
||||||
|
|
||||||
Configuration items given as arguments to the plugin are keys and values
|
|
||||||
separated by spaces. Be sure to quote any values that have spaces in them.
|
|
||||||
|
|
||||||
The only configuration item which is required is 'ldap_base'. This tells the
|
|
||||||
plugin what your base DN is. The plugin will not work until it has been
|
|
||||||
configured.
|
|
||||||
|
|
||||||
The configuration items 'ldap_host' and 'ldap_port' specify the host and port
|
|
||||||
at which your Directory server may be contacted. If these are not specified,
|
|
||||||
the plugin will use port '389' on 'localhost'.
|
|
||||||
|
|
||||||
The configuration item 'ldap_timeout' specifies how long the plugin should
|
|
||||||
wait for a response from your Directory server. By default, the value is 5
|
|
||||||
seconds.
|
|
||||||
|
|
||||||
The configuration item 'ldap_auth_filter_attr' specifies how the plugin should
|
|
||||||
find the user in your Directory. By default, the plugin will look up the user
|
|
||||||
based on the 'uid' attribute.
|
|
||||||
|
|
||||||
=head1 NOTES
|
|
||||||
|
|
||||||
Each auth requires an initial lookup to find the user's DN. Ideally, the
|
|
||||||
plugin would simply bind as the user without the need for this lookup(see
|
|
||||||
FUTURE DIRECTION below).
|
|
||||||
|
|
||||||
This plugin requires that the Directory allow anonymous bind (see FUTURE
|
|
||||||
DIRECTION below).
|
|
||||||
|
|
||||||
=head1 FUTURE DIRECTION
|
|
||||||
|
|
||||||
A configurable LDAP filter should be made available, to account for users
|
|
||||||
who are over quota, have had their accounts disabled, or whatever other
|
|
||||||
arbitrary requirements.
|
|
||||||
|
|
||||||
A configurable DN template (uid=$USER,ou=$DOMAIN,$BASE). This would prevent
|
|
||||||
the need of the initial user lookup, as the DN is created from the template.
|
|
||||||
|
|
||||||
A configurable bind DN, for Directories that do not allow anonymous bind.
|
|
||||||
|
|
||||||
Another plugin ('ldap_auth_cleartext'?), to allow retrieval of plain-text
|
|
||||||
passwords from the Directory, permitting CRAM-MD5 or other hash algorithm
|
|
||||||
authentication.
|
|
||||||
|
|
||||||
=head1 AUTHOR
|
|
||||||
|
|
||||||
Elliot Foster <elliotf@gratuitous.net>
|
|
||||||
|
|
||||||
=head1 COPYRIGHT AND LICENSE
|
|
||||||
|
|
||||||
Copyright (c) 2005 Elliot Foster
|
|
||||||
|
|
||||||
This plugin is licensed under the same terms as the qpsmtpd package itself.
|
|
||||||
Please see the LICENSE file included with qpsmtpd for details.
|
|
||||||
|
|
||||||
|
|
||||||
=cut
|
|
||||||
|
|
||||||
|
@ -1,9 +1,37 @@
|
|||||||
#!perl -w
|
#!perl -w
|
||||||
|
|
||||||
|
=head1 NAME
|
||||||
|
|
||||||
|
domainkeys: validate a DomainKeys signature on an incoming mail
|
||||||
|
|
||||||
|
=head1 SYNOPSIS
|
||||||
|
|
||||||
|
domainkeys [warn_only 1]
|
||||||
|
|
||||||
|
Performs a DomainKeys validation on the message. Takes a single
|
||||||
|
configuration
|
||||||
|
|
||||||
|
warn_only 1
|
||||||
|
|
||||||
|
which means that messages which are not correctly signed (i.e. signed but
|
||||||
|
modified or deliberately forged) will not be DENY'd, but an error will still
|
||||||
|
be issued to the logfile.
|
||||||
|
|
||||||
|
=head1 COPYRIGHT
|
||||||
|
|
||||||
|
Copyright (C) 2005-2006 John Peacock.
|
||||||
|
|
||||||
|
Portions Copyright (C) 2004 Anthony D. Urso. All rights reserved. This
|
||||||
|
program is free software; you can redistribute it and/or modify it under
|
||||||
|
the same terms as Perl itself.
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
sub init {
|
sub init {
|
||||||
my ($self, $qp, %args) = @_;
|
my ($self, $qp, %args) = @_;
|
||||||
|
|
||||||
foreach my $key ( %args ) {
|
foreach my $key ( %args ) {
|
||||||
$self->{$key} = $args{$key};
|
$self->{$key} = $args{$key};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -89,30 +117,3 @@ sub hook_data_post {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
domainkeys: validate a DomainKeys signature on an incoming mail
|
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
|
||||||
|
|
||||||
domainkeys [warn_only 1]
|
|
||||||
|
|
||||||
Performs a DomainKeys validation on the message. Takes a single
|
|
||||||
configuration
|
|
||||||
|
|
||||||
warn_only 1
|
|
||||||
|
|
||||||
which means that messages which are not correctly signed (i.e. signed but
|
|
||||||
modified or deliberately forged) will not be DENY'd, but an error will still
|
|
||||||
be issued to the logfile.
|
|
||||||
|
|
||||||
=head1 COPYRIGHT
|
|
||||||
|
|
||||||
Copyright (C) 2005-2006 John Peacock.
|
|
||||||
|
|
||||||
Portions Copyright (C) 2004 Anthony D. Urso. All rights reserved. This
|
|
||||||
program is free software; you can redistribute it and/or modify it under
|
|
||||||
the same terms as Perl itself.
|
|
||||||
|
|
||||||
=cut
|
|
||||||
|
@ -1,5 +1,31 @@
|
|||||||
#!perl -w
|
#!perl -w
|
||||||
|
|
||||||
|
=head1 NAME
|
||||||
|
|
||||||
|
rhsbl - handle RHSBL lookups
|
||||||
|
|
||||||
|
=head1 DESCRIPTION
|
||||||
|
|
||||||
|
Pluging that checks the host part of the sender's address against a
|
||||||
|
configurable set of RBL services.
|
||||||
|
|
||||||
|
=head1 CONFIGURATION
|
||||||
|
|
||||||
|
This plugin reads the lists to use from the rhsbl_zones configuration
|
||||||
|
file. Normal domain based dns blocking lists ("RBLs") which contain TXT
|
||||||
|
records are specified simply as:
|
||||||
|
|
||||||
|
dsn.rfc-ignorant.org
|
||||||
|
|
||||||
|
To configure RBL services which do not contain TXT records in the DNS,
|
||||||
|
but only A records, specify, after a whitespace, your own error message
|
||||||
|
to return in the SMTP conversation e.g.
|
||||||
|
|
||||||
|
abuse.rfc-ignorant.org does not support abuse@domain
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
|
||||||
sub register {
|
sub register {
|
||||||
my ($self, $qp, $denial ) = @_;
|
my ($self, $qp, $denial ) = @_;
|
||||||
if ( defined $denial and $denial =~ /^disconnect$/i ) {
|
if ( defined $denial and $denial =~ /^disconnect$/i ) {
|
||||||
@ -133,28 +159,3 @@ sub hook_disconnect {
|
|||||||
return DECLINED;
|
return DECLINED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
rhsbl - handle RHSBL lookups
|
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
|
||||||
|
|
||||||
Pluging that checks the host part of the sender's address against a
|
|
||||||
configurable set of RBL services.
|
|
||||||
|
|
||||||
=head1 CONFIGURATION
|
|
||||||
|
|
||||||
This plugin reads the lists to use from the rhsbl_zones configuration
|
|
||||||
file. Normal domain based dns blocking lists ("RBLs") which contain TXT
|
|
||||||
records are specified simply as:
|
|
||||||
|
|
||||||
dsn.rfc-ignorant.org
|
|
||||||
|
|
||||||
To configure RBL services which do not contain TXT records in the DNS,
|
|
||||||
but only A records, specify, after a whitespace, your own error message
|
|
||||||
to return in the SMTP conversation e.g.
|
|
||||||
|
|
||||||
abuse.rfc-ignorant.org does not support abuse@domain
|
|
||||||
|
|
||||||
=cut
|
|
||||||
|
Loading…
Reference in New Issue
Block a user