delete 3 relay plugins
This commit is contained in:
Matt Simerson
parent
a69cd6bf64
commit
bf5f1db436
@ -1,58 +0,0 @@
|
||||
#!perl -w
|
||||
=pod
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
This plugin checks the norelayclients config file to see if
|
||||
relaying is denied.
|
||||
|
||||
This allows specific clients, such as the gateway, to be denied
|
||||
relaying, even though they would be allowed relaying by the
|
||||
relayclients file.
|
||||
|
||||
=head1 CONFIG
|
||||
|
||||
config/norelayclients
|
||||
|
||||
Each line is:
|
||||
- a full IP address
|
||||
- partial IP address terminated by a dot for matching whole networks
|
||||
e.g. 192.168.42.
|
||||
|
||||
=head1 BUGS AND LIMITATIONS
|
||||
|
||||
This plugin does not have a more_norelayclients map equivalent
|
||||
of the more_relayclients map of the check_relay plugin.
|
||||
|
||||
=head1 AUTHOR
|
||||
|
||||
Based on check_relay plugin from the qpsmtpd distribution.
|
||||
|
||||
Copyright 2005 Gordon Rowell <gordonr@gormand.com.au>
|
||||
|
||||
This software is free software and may be distributed under the same
|
||||
terms as qpsmtpd itself.
|
||||
|
||||
=cut
|
||||
|
||||
sub hook_connect {
|
||||
my ($self, $transaction) = @_;
|
||||
my $connection = $self->qp->connection;
|
||||
|
||||
# Check if this IP is not allowed to relay
|
||||
my @no_relay_clients = $self->qp->config("norelayclients");
|
||||
my %no_relay_clients = map { $_ => 1 } @no_relay_clients;
|
||||
my $client_ip = $self->qp->connection->remote_ip;
|
||||
while ($client_ip) {
|
||||
if ( exists($no_relay_clients{$client_ip}) )
|
||||
{
|
||||
$connection->relay_client(0);
|
||||
delete $ENV{RELAYCLIENT};
|
||||
$self->log(LOGNOTICE, "check_norelay: $client_ip denied relaying");
|
||||
last;
|
||||
}
|
||||
$client_ip =~ s/\d+\.?$//; # strip off another 8 bits
|
||||
}
|
||||
|
||||
return (DECLINED);
|
||||
}
|
||||
@ -1,83 +0,0 @@
|
||||
#!perl -w
|
||||
|
||||
=head1 NAME
|
||||
|
||||
check_relay
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
Checks the relayclients config file and $ENV{RELAYCLIENT} to see if relaying is allowed.
|
||||
|
||||
=cut
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
use Qpsmtpd::Constants;
|
||||
use Net::IP qw(:PROC);
|
||||
|
||||
sub hook_connect {
|
||||
my ($self, $transaction) = @_;
|
||||
my $connection = $self->qp->connection;
|
||||
|
||||
# Check if this IP is allowed to relay
|
||||
my $client_ip = $self->qp->connection->remote_ip;
|
||||
|
||||
# @crelay... for comparing, @srelay... for stripping
|
||||
my (@crelay_clients, @srelay_clients);
|
||||
|
||||
my @relay_clients = $self->qp->config("relayclients");
|
||||
for (@relay_clients) {
|
||||
my ($range_ip, $range_prefix) = ip_splitprefix($_);
|
||||
if($range_prefix){
|
||||
# has a prefix, so due for comparing
|
||||
push @crelay_clients, $_;
|
||||
}
|
||||
else {
|
||||
# has no prefix, so due for splitting
|
||||
push @srelay_clients, $_;
|
||||
}
|
||||
}
|
||||
|
||||
if (@crelay_clients){
|
||||
my ($range_ip, $range_prefix, $rversion, $begin, $end, $bin_client_ip);
|
||||
my $cversion = ip_get_version($client_ip);
|
||||
for (@crelay_clients) {
|
||||
# Get just the IP from the CIDR range, to get the IP version, so we can
|
||||
# get the start and end of the range
|
||||
($range_ip, $range_prefix) = ip_splitprefix($_);
|
||||
$rversion = ip_get_version($range_ip);
|
||||
($begin, $end) = ip_normalize($_, $rversion);
|
||||
|
||||
# expand the client address (zero pad it) before converting to binary
|
||||
$bin_client_ip = ip_iptobin(ip_expand_address($client_ip, $cversion), $cversion);
|
||||
|
||||
if (ip_bincomp($bin_client_ip, 'gt', ip_iptobin($begin, $rversion))
|
||||
&& ip_bincomp($bin_client_ip, 'lt', ip_iptobin($end, $rversion)))
|
||||
{
|
||||
$connection->relay_client(1);
|
||||
last;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# If relay_client is already set, no point checking again
|
||||
if (@srelay_clients && !$connection->relay_client) {
|
||||
my $more_relay_clients = $self->qp->config("morerelayclients", "map");
|
||||
my %srelay_clients = map { $_ => 1 } @srelay_clients;
|
||||
$client_ip =~ s/::/:/;
|
||||
($connection->relay_client(1) && undef($client_ip)) if $client_ip eq ":1";
|
||||
|
||||
while ($client_ip) {
|
||||
if (exists($ENV{RELAYCLIENT}) or
|
||||
exists($srelay_clients{$client_ip}) or
|
||||
exists($more_relay_clients->{$client_ip}))
|
||||
{
|
||||
$connection->relay_client(1);
|
||||
last;
|
||||
}
|
||||
$client_ip =~ s/(\d|\w)+(:|\.)?$//; # strip off another 8 bits
|
||||
}
|
||||
}
|
||||
return (DECLINED);
|
||||
}
|
||||
@ -1,36 +0,0 @@
|
||||
#!perl -w
|
||||
|
||||
=head1 NAME
|
||||
|
||||
relay_only - this plugin only permits relaying
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
# in config/plugins
|
||||
|
||||
check_relay
|
||||
|
||||
relay_only
|
||||
|
||||
# other rcpt hooks go here
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
This plugin can be used for the case where a server is used as the smart
|
||||
relay host for internal users and external/authenticated users, but should
|
||||
not be considered a normal inbound MX server
|
||||
|
||||
It should be configured to be run _AFTER_ check_relay and before other
|
||||
RCPT hooks! Only clients that have authenticated or are listed in the
|
||||
relayclient file will be allowed to send mail.
|
||||
|
||||
=cut
|
||||
|
||||
sub hook_rcpt {
|
||||
if ( shift->qp->connection->relay_client ) {
|
||||
return (OK);
|
||||
}
|
||||
else {
|
||||
return (DENY);
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user