Merge branch 'master' of github.com:msimerson/qpsmtpd

2013-12-17 18:17:52 -05:00 · 2013-12-17 18:17:52 -05:00 · 6ea12f0896
commit 6ea12f0896
parent 1cc7563852 2a12acce6e
3 changed files with 47 additions and 22 deletions
--- a/26
+++ b/26
@ -1,4 +1,30 @@

+0.93  Dec 17, 2013
+
+  Added Authentication-Results header
+    moves Authentication-Results to Original-Authentication-Results on inbound.
+    no longer puts auth info in Received header
+
+  TcpServer: ignore DNS search path and explicitely request PTR lookups (speedup)
+
+  store envelope TO/FROM in connection notes
+
+  raised max msg size in clamdscan
+
+  SPF enabled by default (if Mail::SPF available)
+
+  auth_vpopmaild: added taint checking to responses
+
+  added run files for most common deployment methods (easier install)
+
+  untaint config data passed to plugins
+
+  Qpsmtpd.pm: split config args on /\s+/, was / /
+    (compatibility with newer versions of perl)
+
+  dmarc: added subdomain policy handling
+
+
 0.92  Apr 20, 2013

  new plugins: dmarc, fcrdns
--- a/18
+++ b/18
@ -1,19 +1,11 @@

-Qpsmtpd-dev is a fork of Qpsmtpd. Qpsmtpd is a very good SMTP daemon for
-developers and hackers (admittedly, its focus). The plugin system is great
-but the plugin organization, documentation, and consistency left much
-to be desired.
+Qpsmtpd is a very good SMTP daemon for developers and hackers.

-The primary focus of the -dev branch is improving the consistency and
-behavior of the plugins. After using one plugin, the knowledge gained
-should carry over to other plugins.
-
-Secondary goals are making it easier to install, reducing code duplication,
+Current goals are making it easier to install, reducing code duplication,
 reducing complexity, and cooperation between plugins. Anything covered
-in Perl Best Practices is also fair game.
+in Perl Best Practices is fair game.

-So far, the main changes between the release and dev branches have focused
-on these goals:
+Recent changes have been made towards these goals:

  - plugins use is_immune and is_naughty instead of a local methods
  - plugins log a single entry summarizing their disposition
@ -36,7 +28,7 @@ For most sites, even DNSBL, SPF, DKIM, and SpamAssassin tests alone are insuffic
 Roadmap
 =======

- - https://github.com/qpsmtpd-dev/qpsmtpd-dev/issues
+ - https://github.com/smtpd/qpsmtpd/issues

 - Bugfixes - qpsmtpd is extremely stable (in production since 2001), but
   there are always more things to fix.
--- a/lib/Qpsmtpd/SMTP.pm
+++ b/lib/Qpsmtpd/SMTP.pm
@ -23,7 +23,7 @@ use Net::DNS;

 # this is only good for forkserver
 # can't set these here, cause forkserver resets them
-#$SIG{ALRM} = sub { respond(421, "Game over pal, game over. You got a timeout; I just can't wait that long..."); exit };
+#$SIG{ALRM} = sub { respond(421, "timeout; I can't wait that long..."); exit };
 #$SIG{ALRM} = sub { warn "Connection Timed Out\n"; exit; };

 sub new {
@ -818,17 +818,24 @@ sub authentication_results {
 sub clean_authentication_results {
    my $self = shift;

-# On messages received from the internet, we may want to remove
-# the Authentication-Results headers added by other MTAs, so our downstream
-# can trust the new A-R header we insert.
-# We do not want to invalidate DKIM signatures.
-# TODO: parse the DKIM signature(s) to see if A-R header is signed
-    return if $self->transaction->header->get('DKIM-Signature');
+# http://tools.ietf.org/html/draft-kucherawy-original-authres-00.html

-    my @headers = $self->transaction->header->get('Authentication-Results');
-    for ( my $i = 0; $i < scalar @headers; $i++ ) {
+# On messages received from the internet, move Authentication-Results headers
+# to Original-AR, so our downstream can trust the A-R header we insert.
+
+# TODO: Do not invalidate DKIM signatures.
+#   if $self->transaction->header->get('DKIM-Signature')
+#       Parse the DKIM signature(s)
+#       return if A-R header is signed;
+#   }
+
+    my @ar_headers = $self->transaction->header->get('Authentication-Results');
+    for ( my $i = 0; $i < scalar @ar_headers; $i++ ) {
        $self->transaction->header->delete('Authentication-Results', $i);
+        $self->transaction->header->add('Original-Authentication-Results', $ar_headers[$i]);
    }
+
+    $self->log(LOGDEBUG, "Authentication-Results moved to Original-Authentication-Results" );
 };

 sub received_line {