From a26d46ed87ccfee32b23f0ad0087a368fddaccdd Mon Sep 17 00:00:00 2001 From: Matt Simerson Date: Tue, 17 Dec 2013 14:13:51 -0800 Subject: [PATCH 1/3] move Auth-Results header to Original-Auth-Results this was in a sub, commented out as a TODO to delete them. Instead of deleting, move the Authentication-Results header on incoming messages to the Original-A-R. --- lib/Qpsmtpd/SMTP.pm | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/lib/Qpsmtpd/SMTP.pm b/lib/Qpsmtpd/SMTP.pm index 1589472..fe8e63e 100644 --- a/lib/Qpsmtpd/SMTP.pm +++ b/lib/Qpsmtpd/SMTP.pm @@ -23,7 +23,7 @@ use Net::DNS; # this is only good for forkserver # can't set these here, cause forkserver resets them -#$SIG{ALRM} = sub { respond(421, "Game over pal, game over. You got a timeout; I just can't wait that long..."); exit }; +#$SIG{ALRM} = sub { respond(421, "timeout; I can't wait that long..."); exit }; #$SIG{ALRM} = sub { warn "Connection Timed Out\n"; exit; }; sub new { @@ -818,17 +818,24 @@ sub authentication_results { sub clean_authentication_results { my $self = shift; -# On messages received from the internet, we may want to remove -# the Authentication-Results headers added by other MTAs, so our downstream -# can trust the new A-R header we insert. -# We do not want to invalidate DKIM signatures. -# TODO: parse the DKIM signature(s) to see if A-R header is signed - return if $self->transaction->header->get('DKIM-Signature'); +# http://tools.ietf.org/html/draft-kucherawy-original-authres-00.html - my @headers = $self->transaction->header->get('Authentication-Results'); - for ( my $i = 0; $i < scalar @headers; $i++ ) { +# On messages received from the internet, move Authentication-Results headers +# to Original-AR, so our downstream can trust the A-R header we insert. + +# TODO: Do not invalidate DKIM signatures. +# if $self->transaction->header->get('DKIM-Signature') +# Parse the DKIM signature(s) +# return if A-R header is signed; +# } + + my @ar_headers = $self->transaction->header->get('Authentication-Results'); + for ( my $i = 0; $i < scalar @ar_headers; $i++ ) { $self->transaction->header->delete('Authentication-Results', $i); + $self->transaction->header->add('Original-Authentication-Results', $ar_headers[$i]); } + + $self->log(LOGDEBUG, "Authentication-Results moved to Original-Authentication-Results" ); }; sub received_line { From 7a9ae2c7058c6f77dd12dd15797b2cd1981810d3 Mon Sep 17 00:00:00 2001 From: Matt Simerson Date: Tue, 17 Dec 2013 15:06:58 -0800 Subject: [PATCH 2/3] STATUS: removed -dev comments --- STATUS | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/STATUS b/STATUS index 6992271..c9e7e8f 100644 --- a/STATUS +++ b/STATUS @@ -1,19 +1,11 @@ -Qpsmtpd-dev is a fork of Qpsmtpd. Qpsmtpd is a very good SMTP daemon for -developers and hackers (admittedly, its focus). The plugin system is great -but the plugin organization, documentation, and consistency left much -to be desired. +Qpsmtpd is a very good SMTP daemon for developers and hackers. -The primary focus of the -dev branch is improving the consistency and -behavior of the plugins. After using one plugin, the knowledge gained -should carry over to other plugins. - -Secondary goals are making it easier to install, reducing code duplication, +Current goals are making it easier to install, reducing code duplication, reducing complexity, and cooperation between plugins. Anything covered -in Perl Best Practices is also fair game. +in Perl Best Practices is fair game. -So far, the main changes between the release and dev branches have focused -on these goals: +Recent changes have been made towards these goals: - plugins use is_immune and is_naughty instead of a local methods - plugins log a single entry summarizing their disposition @@ -36,7 +28,7 @@ For most sites, even DNSBL, SPF, DKIM, and SpamAssassin tests alone are insuffic Roadmap ======= - - https://github.com/qpsmtpd-dev/qpsmtpd-dev/issues + - https://github.com/smtpd/qpsmtpd/issues - Bugfixes - qpsmtpd is extremely stable (in production since 2001), but there are always more things to fix. From 2a12acce6e3090906ad0730d27efbead41a82604 Mon Sep 17 00:00:00 2001 From: Matt Simerson Date: Tue, 17 Dec 2013 15:08:29 -0800 Subject: [PATCH 3/3] Changes: updated with 0.93 changes --- Changes | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/Changes b/Changes index 01053b6..3e377a8 100644 --- a/Changes +++ b/Changes @@ -1,4 +1,30 @@ +0.93 Dec 17, 2013 + + Added Authentication-Results header + moves Authentication-Results to Original-Authentication-Results on inbound. + no longer puts auth info in Received header + + TcpServer: ignore DNS search path and explicitely request PTR lookups (speedup) + + store envelope TO/FROM in connection notes + + raised max msg size in clamdscan + + SPF enabled by default (if Mail::SPF available) + + auth_vpopmaild: added taint checking to responses + + added run files for most common deployment methods (easier install) + + untaint config data passed to plugins + + Qpsmtpd.pm: split config args on /\s+/, was / / + (compatibility with newer versions of perl) + + dmarc: added subdomain policy handling + + 0.92 Apr 20, 2013 new plugins: dmarc, fcrdns