Merge branch 'master' of github.com:msimerson/qpsmtpd
This commit is contained in:
Matt Simerson
commit
6ea12f0896
26
Changes
26
Changes
@ -1,4 +1,30 @@
|
|||||||
|
|
||||||
|
0.93 Dec 17, 2013
|
||||||
|
|
||||||
|
Added Authentication-Results header
|
||||||
|
moves Authentication-Results to Original-Authentication-Results on inbound.
|
||||||
|
no longer puts auth info in Received header
|
||||||
|
|
||||||
|
TcpServer: ignore DNS search path and explicitely request PTR lookups (speedup)
|
||||||
|
|
||||||
|
store envelope TO/FROM in connection notes
|
||||||
|
|
||||||
|
raised max msg size in clamdscan
|
||||||
|
|
||||||
|
SPF enabled by default (if Mail::SPF available)
|
||||||
|
|
||||||
|
auth_vpopmaild: added taint checking to responses
|
||||||
|
|
||||||
|
added run files for most common deployment methods (easier install)
|
||||||
|
|
||||||
|
untaint config data passed to plugins
|
||||||
|
|
||||||
|
Qpsmtpd.pm: split config args on /\s+/, was / /
|
||||||
|
(compatibility with newer versions of perl)
|
||||||
|
|
||||||
|
dmarc: added subdomain policy handling
|
||||||
|
|
||||||
|
|
||||||
0.92 Apr 20, 2013
|
0.92 Apr 20, 2013
|
||||||
|
|
||||||
new plugins: dmarc, fcrdns
|
new plugins: dmarc, fcrdns
|
||||||
|
|||||||
18
STATUS
18
STATUS
@ -1,19 +1,11 @@
|
|||||||
|
|
||||||
Qpsmtpd-dev is a fork of Qpsmtpd. Qpsmtpd is a very good SMTP daemon for
|
Qpsmtpd is a very good SMTP daemon for developers and hackers.
|
||||||
developers and hackers (admittedly, its focus). The plugin system is great
|
|
||||||
but the plugin organization, documentation, and consistency left much
|
|
||||||
to be desired.
|
|
||||||
|
|
||||||
The primary focus of the -dev branch is improving the consistency and
|
Current goals are making it easier to install, reducing code duplication,
|
||||||
behavior of the plugins. After using one plugin, the knowledge gained
|
|
||||||
should carry over to other plugins.
|
|
||||||
|
|
||||||
Secondary goals are making it easier to install, reducing code duplication,
|
|
||||||
reducing complexity, and cooperation between plugins. Anything covered
|
reducing complexity, and cooperation between plugins. Anything covered
|
||||||
in Perl Best Practices is also fair game.
|
in Perl Best Practices is fair game.
|
||||||
|
|
||||||
So far, the main changes between the release and dev branches have focused
|
Recent changes have been made towards these goals:
|
||||||
on these goals:
|
|
||||||
|
|
||||||
- plugins use is_immune and is_naughty instead of a local methods
|
- plugins use is_immune and is_naughty instead of a local methods
|
||||||
- plugins log a single entry summarizing their disposition
|
- plugins log a single entry summarizing their disposition
|
||||||
@ -36,7 +28,7 @@ For most sites, even DNSBL, SPF, DKIM, and SpamAssassin tests alone are insuffic
|
|||||||
Roadmap
|
Roadmap
|
||||||
=======
|
=======
|
||||||
|
|
||||||
- https://github.com/qpsmtpd-dev/qpsmtpd-dev/issues
|
- https://github.com/smtpd/qpsmtpd/issues
|
||||||
|
|
||||||
- Bugfixes - qpsmtpd is extremely stable (in production since 2001), but
|
- Bugfixes - qpsmtpd is extremely stable (in production since 2001), but
|
||||||
there are always more things to fix.
|
there are always more things to fix.
|
||||||
|
|||||||
@ -23,7 +23,7 @@ use Net::DNS;
|
|||||||
|
|
||||||
# this is only good for forkserver
|
# this is only good for forkserver
|
||||||
# can't set these here, cause forkserver resets them
|
# can't set these here, cause forkserver resets them
|
||||||
#$SIG{ALRM} = sub { respond(421, "Game over pal, game over. You got a timeout; I just can't wait that long..."); exit };
|
#$SIG{ALRM} = sub { respond(421, "timeout; I can't wait that long..."); exit };
|
||||||
#$SIG{ALRM} = sub { warn "Connection Timed Out\n"; exit; };
|
#$SIG{ALRM} = sub { warn "Connection Timed Out\n"; exit; };
|
||||||
|
|
||||||
sub new {
|
sub new {
|
||||||
@ -818,17 +818,24 @@ sub authentication_results {
|
|||||||
sub clean_authentication_results {
|
sub clean_authentication_results {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
|
|
||||||
# On messages received from the internet, we may want to remove
|
# http://tools.ietf.org/html/draft-kucherawy-original-authres-00.html
|
||||||
# the Authentication-Results headers added by other MTAs, so our downstream
|
|
||||||
# can trust the new A-R header we insert.
|
|
||||||
# We do not want to invalidate DKIM signatures.
|
|
||||||
# TODO: parse the DKIM signature(s) to see if A-R header is signed
|
|
||||||
return if $self->transaction->header->get('DKIM-Signature');
|
|
||||||
|
|
||||||
my @headers = $self->transaction->header->get('Authentication-Results');
|
# On messages received from the internet, move Authentication-Results headers
|
||||||
for ( my $i = 0; $i < scalar @headers; $i++ ) {
|
# to Original-AR, so our downstream can trust the A-R header we insert.
|
||||||
|
|
||||||
|
# TODO: Do not invalidate DKIM signatures.
|
||||||
|
# if $self->transaction->header->get('DKIM-Signature')
|
||||||
|
# Parse the DKIM signature(s)
|
||||||
|
# return if A-R header is signed;
|
||||||
|
# }
|
||||||
|
|
||||||
|
my @ar_headers = $self->transaction->header->get('Authentication-Results');
|
||||||
|
for ( my $i = 0; $i < scalar @ar_headers; $i++ ) {
|
||||||
$self->transaction->header->delete('Authentication-Results', $i);
|
$self->transaction->header->delete('Authentication-Results', $i);
|
||||||
|
$self->transaction->header->add('Original-Authentication-Results', $ar_headers[$i]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$self->log(LOGDEBUG, "Authentication-Results moved to Original-Authentication-Results" );
|
||||||
};
|
};
|
||||||
|
|
||||||
sub received_line {
|
sub received_line {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user