From 8288b9175373aac53a6c38667db82071f4e9a3db Mon Sep 17 00:00:00 2001 From: Hans Salvisberg Date: Tue, 6 Jan 2015 14:57:52 +0100 Subject: [PATCH 1/3] Fix a stray quote in the generated 'dns' file. --- config.sample/dkim/dkim_key_gen.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.sample/dkim/dkim_key_gen.sh b/config.sample/dkim/dkim_key_gen.sh index 586f30e..c147965 100755 --- a/config.sample/dkim/dkim_key_gen.sh +++ b/config.sample/dkim/dkim_key_gen.sh @@ -44,7 +44,7 @@ With SPF: With DMARC: -_dmarc TXT "v=DMARC1; p=reject; adkim=s; aspf=r; rua=mailto:dmarc-feedback@$DOMAIN; ruf=mailto:dmarc-feedback@'$DOMAIN; pct=100" +_dmarc TXT "v=DMARC1; p=reject; adkim=s; aspf=r; rua=mailto:dmarc-feedback@$DOMAIN; ruf=mailto:dmarc-feedback@$DOMAIN; pct=100" With DomainKeys (deprecated) From 963193ddedb81fd1db17136a7dbed03861527256 Mon Sep 17 00:00:00 2001 From: Jared Johnson Date: Wed, 7 Jan 2015 15:19:39 -0800 Subject: [PATCH 2/3] Disable SSLv3 --- plugins/tls | 3 +++ 1 file changed, 3 insertions(+) diff --git a/plugins/tls b/plugins/tls index 1b94a95..6bfe42f 100644 --- a/plugins/tls +++ b/plugins/tls @@ -86,6 +86,9 @@ sub init { local $^W; # this bit is very noisy... my $ssl_ctx = IO::Socket::SSL::SSL_Context->new( + # Disable SSLv2 and SSLv3 to avoid POODLE attacks. This is already + # the default in sufficiently recent versions of IO::Socket::SSL + SSL_version => 'SSLv23:!SSLv3:!SSLv2', SSL_use_cert => 1, SSL_cert_file => $self->tls_cert, SSL_key_file => $self->tls_key, From 3ef92f214e0b5221af84191c0850218fc80c7bde Mon Sep 17 00:00:00 2001 From: Priyadi Iman Nurcahyo Date: Tue, 13 Jan 2015 05:40:16 +0000 Subject: [PATCH 3/3] Change Received header ordering when using SSL --- lib/Qpsmtpd/SMTP.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/Qpsmtpd/SMTP.pm b/lib/Qpsmtpd/SMTP.pm index 1bee2ac..c9817da 100644 --- a/lib/Qpsmtpd/SMTP.pm +++ b/lib/Qpsmtpd/SMTP.pm @@ -843,7 +843,7 @@ sub received_line { $smtp .= "S" if $esmtp; # RFC3848 $sslheader = "(" . $self->connection->notes('tls_socket')->get_cipher() - . " encrypted) "; + . " encrypted)"; } if (defined $self->{_auth} && $self->{_auth} == OK) { my $mech = $self->{_auth_mechanism}; @@ -869,7 +869,7 @@ sub received_line { . $self->config('me') . " (qpsmtpd/" . $self->version - . ") with $sslheader$smtp; " + . ") with $smtp $sslheader; " . (strftime('%a, %d %b %Y %H:%M:%S %z', localtime)); } $self->transaction->header->add('Received', $header_str, 0);