Merge pull request #1 from smtpd/master

Update from original.
2015-01-19 23:06:46 +01:00 · 2015-01-19 23:06:46 +01:00 · de08a11e04
commit de08a11e04
parent 3db87b846c a97e931231
3 changed files with 6 additions and 3 deletions
--- a/config.sample/dkim/dkim_key_gen.sh
+++ b/config.sample/dkim/dkim_key_gen.sh
@ -44,7 +44,7 @@ With SPF:

 With DMARC:

-_dmarc  TXT "v=DMARC1; p=reject; adkim=s; aspf=r; rua=mailto:dmarc-feedback@$DOMAIN; ruf=mailto:dmarc-feedback@'$DOMAIN; pct=100"
+_dmarc  TXT "v=DMARC1; p=reject; adkim=s; aspf=r; rua=mailto:dmarc-feedback@$DOMAIN; ruf=mailto:dmarc-feedback@$DOMAIN; pct=100"

 With DomainKeys (deprecated)

--- a/lib/Qpsmtpd/SMTP.pm
+++ b/lib/Qpsmtpd/SMTP.pm
@ -843,7 +843,7 @@ sub received_line {
        $smtp .= "S" if $esmtp;    # RFC3848
        $sslheader = "("
          . $self->connection->notes('tls_socket')->get_cipher()
-          . " encrypted) ";
+          . " encrypted)";
    }
    if (defined $self->{_auth} && $self->{_auth} == OK) {
        my $mech = $self->{_auth_mechanism};
@ -869,7 +869,7 @@ sub received_line {
          . $self->config('me')
          . " (qpsmtpd/"
          . $self->version
-          . ") with $sslheader$smtp; "
+          . ") with $smtp $sslheader; "
          . (strftime('%a, %d %b %Y %H:%M:%S %z', localtime));
    }
    $self->transaction->header->add('Received', $header_str, 0);
--- a/plugins/tls
+++ b/plugins/tls
@ -86,6 +86,9 @@ sub init {
    local $^W;    # this bit is very noisy...
    my $ssl_ctx =
      IO::Socket::SSL::SSL_Context->new(
+                                        # Disable SSLv2 and SSLv3 to avoid POODLE attacks. This is already
+                                        # the default in sufficiently recent versions of IO::Socket::SSL
+                                        SSL_version => 'SSLv23:!SSLv3:!SSLv2',
                                        SSL_use_cert    => 1,
                                        SSL_cert_file   => $self->tls_cert,
                                        SSL_key_file    => $self->tls_key,