added POD description of spfquery note
changed spf_deny -> reject (and offered 4 more options, see POD for reject)
backwards compatible with old config settings
replicates qmail-smtpd SPF patch behavior
improved logging (again)
uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed.
background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
minor changes to facilitate testing
improved error reporting of several failures
added p0f v2 compatibility to p0f v3 results: in addition to all the newer values, also report the old ones too.
These 3 auth plugins all have a data store they fetch the reference
password or hash from. They then match the attemped password or hash
against the reference. This consolidates the latter portion (validating
the password/hash) into Auth.pm.
* less duplicated code in the plugins.
* Pass validation consistently handled for these 3 plugins.
* less work to create new auth plugins
Also caches the CRAM-MD5 ticket. It could also cache user/pass info if
this was desirable.
fixed the vestiges of old plugin name 'denysoft_greylisting'
added ability to bypass greylisting based on geoip
deprecated 'mode [denysoft | testonly | off]
off wasn't useful
testonly & denysoft replaced by reject [ 0 | 1 ]
renamed DB from denysoft_greylist to greylist.dbm. Will use existing/legacy DB if present.
added DB pruning feature. Automatically prune the DB when qpsmtpd registers the plugin. Perhaps this should be a config option to enable?
added DB upgrade feature. Convert dotted quad IP addresses in DB to integers. Makes greylisting IPv6 compatible, since DB records are colon delimited.
exempt TLS connections from greylisting. The vast majority (perhaps all) of the SMTP clients that request encryption to my server are legit. We could add a config option for this, but this plugin already has a multitude of config options.
refactored much of the greylisting method into discreet subs
added 30 tests
added additional DEBUG level logging for p0f matches
POD changes:
replaced over, item N, back, with head2 (better formatted output)
better describe the current behavior of the plugin (some past behaviors no longer exist)
added TRIPLET section with example
added loglevel section
expanded POD
cleaned up stray EOL spaces
added lots of logging, with standardized [ pass | fail | skip ] prefixes
added reject_type option
use split for parsing dspam headers
use SA note instead of parsing headers
added reject = agree option
store & fetch dspam results in a note
refactored into small subs with unit tests.
parse SA header with split instead of regexp (more reliable)
store SA results in a 'spamassassin' transaction note
add strict and warnings pragma
renamed reject_threshold -> reject (backwards compatible)
added relayclient skip option and POD. Skips SA processing when relayclient is set
added MULTIPLE RECIPIENT BEHAVIOR topic to POD
unit tests for new methods are in t/auth.t
added PLAIN and LOGIN tests in auth_flat_file
Most tests are disabled unless an interactive terminal is detected and $ENV{QPSMTPD_DEVELOPER} is set.
on files in plugins dir:
fixed a number of POD errors
formatted some # comments into POD
removed bare 1; (these are plugins, not perl modules)
most instances of this were copy/pasted from a previous plugin that had it
removed instances of # vim ts=N ...
they weren't consistent, many didn't match .perltidyrc
on modules that failed perl -c tests, added 'use Qpsmtpd::Constants;'
Conflicts:
plugins/async/check_earlytalker
plugins/async/dns_whitelist_soft
plugins/async/dnsbl
plugins/async/queue/smtp-forward
plugins/async/require_resolvable_fromhost
plugins/async/rhsbl
plugins/async/uribl
plugins/auth/auth_checkpassword
plugins/auth/auth_cvm_unix_local
plugins/auth/auth_flat_file
plugins/auth/auth_ldap_bind
plugins/auth/auth_vpopmail
plugins/auth/auth_vpopmail_sql
plugins/auth/authdeny
plugins/check_badmailfromto
plugins/check_badrcptto_patterns
plugins/check_bogus_bounce
plugins/check_earlytalker
plugins/check_norelay
plugins/check_spamhelo
plugins/connection_time
plugins/dns_whitelist_soft
plugins/dnsbl
plugins/domainkeys
plugins/greylisting
plugins/hosts_allow
plugins/http_config
plugins/logging/adaptive
plugins/logging/apache
plugins/logging/connection_id
plugins/logging/transaction_id
plugins/logging/warn
plugins/milter
plugins/queue/exim-bsmtp
plugins/queue/maildir
plugins/queue/postfix-queue
plugins/queue/smtp-forward
plugins/quit_fortune
plugins/random_error
plugins/rcpt_map
plugins/rcpt_regexp
plugins/relay_only
plugins/require_resolvable_fromhost
plugins/rhsbl
plugins/sender_permitted_from
plugins/spamassassin
plugins/tls
plugins/tls_cert
plugins/uribl
plugins/virus/aveclient
plugins/virus/bitdefender
plugins/virus/clamav
plugins/virus/clamdscan
plugins/virus/hbedv
plugins/virus/kavscanner
plugins/virus/klez_filter
plugins/virus/sophie
plugins/virus/uvscan
Apparently the format of vpopmaild responses has been expanded and the responses
are conditional.
* Replaced the 'sometimes works' eq comparison with a regexp that always works.
* added tests for all 3 vpopmail plugins
* added cram-md5 auth support to auth_vpopmaild.
- these changes are in the previous TCPLOCAL patch. Documented here.
added p0f config option
added POD docs to explain usage
modified $dbdir selection logic. The previous logic failed when QPHOME was
not selected (as is the case when tests are being run).
Added '.' as the dir of last resort for $dbdir selection (others $EMPTY/dir
dumped greylisting database in / )
- These changes are included in this patch -
Added t/plugin_tests/greylisting, with greylist logic testing (tests are
disabled by default, as greylisting is disabled in config.sample/plugins)
Added example entry in config.sample/plugins
Signed-off-by: Robert <rspier@pobox.com>
so trace level doesn't get set to the default anywhere. Set it to a value
here to avoid the uninitialized warnings.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@849 958fd67b-6ff1-0310-b445-bb7760255be9