Commit Graph

1262 Commits

Author SHA1 Message Date
Hanno Hecker
7bfad42ac9 new plugin rcpt_map
Check recipients from a postfix style map. The valid return codes are of course
qpsmtpd constants. By storing the addresses in a %hash, this is much faster
for fixed addresses than using the rcpt_regexp plugin just with fixed strings.
This plugin handles only one domain per plugin instance. Use the :N suffix for
the plugin if you need several domains mapped.
2010-09-17 15:25:18 +08:00
Peter A Eisch
e403a56d74 I forgot to sync the code that calls the original config correctly. 2010-09-15 14:33:34 +08:00
Peter A Eisch
2979c52b47 Adds the ability to have multiple instances (each with different
configs) running under Apache.
2010-09-15 14:33:31 +08:00
jaredj
295474503f Add support for multiple postfix cleanup sockets
The current postfix-queue plugin allows the administrator to set a
single path to a local postfix cleanup socket file from the plugin
'command line'.  This adds a 'cleanup_sockets' configuration directive
that can contain a list of paths as well as host/port combinations
pointing to postfix cleanup services, which will be tried in the order
that they appear.  Not yet tested.
2010-09-15 14:32:54 +08:00
jaredj
5c3bd220aa Run hook_reset_transaction after all connections
This makes hook_reset_transaction a bit more useful by running it on
disconnections.  It also ensures that hook_disconnect runs when the
client disconnects without QUITing.
2010-09-15 14:32:53 +08:00
Jared Johnson
96aa5ba171 Shorten/clarify Connection and Transaction notes()
Update Qpsmtpd::Connection::notes() and Qpsmtpd::Transaction::notes()
with clearer, more brief syntax.  A previous patch used seemingly better
syntax, but did not evaluate the size of @_ in order to distinguish
between a call to notes('arg1',undef) and notes('arg1').  This corrects
this issue, and adds a comment to that effect.
2010-09-15 14:32:53 +08:00
Matt Simerson
fa91764f88 renamed test from foo to rcpt_ok 2010-07-25 23:04:58 -07:00
Matt Simerson
0c4a76ffe7 add test name to test output 2010-07-25 22:52:36 -07:00
Matt Simerson
d11b87e050 give badrcptto a reasonable name
renamed check_badrcptto test from foo to test_check_badrcptto_ok
2010-07-25 22:52:32 -07:00
Matt Simerson
3a7f46aa3e increased default TLS security setting
switched default TLS security in config/tls_ciphers from HIGH to HIGH:!SSLv2. Added note for how to set the minimum level of security necessary for PCI compliance.

Signed-off-by: Robert <rspier@pobox.com>
2010-07-25 22:31:59 -07:00
Matt Simerson
d0c9b7cbe5 corrected email address 2010-07-25 22:31:19 -07:00
Robert
9348539ed7 don't create homedir in RPM
based on..

From: Charlie Brady <charlieb-qpsmtpd@budge.apana.org.au>
Subject: rpm packaging bug - smtpd user created with shell not /bin/false
Date: Sat, 17 Jul 2010 18:17:49 -0400 (EDT)
Message-ID:
 <Pine.LNX.4.64.1007171816230.19928@e-smith.charlieb.ott.istop.com>

http://bugs.contribs.org/show_bug.cgi?id=6025

if ! id smtpd >/dev/null 2>&1
then
    # need to create smtpd user.
    if perl -e 'exit ! defined(getgrnam("postdrop"))'
    then
    # if postfix is installed, we will probably use
    # queue/postfix, which will need this:
        supp="-G postdrop"
    fi
    useradd -r -m $supp smtpd
fi

qpsmtpd needs a user "smtpd", but should not create a home directory or
give access to a shell.
2010-07-25 21:48:26 -07:00
Robert
803a320127 ignore search path in DNS lookups
2.  If the name doesn't end in a dot then append each item in the search list to the name.
           This is only done if dnsrch is true.

triggered by..

From: Charlie Brady <charlieb-qpsmtpd@budge.apana.org.au>
Subject: [BUG] Default search path used in require_resolvable_fromhost
Date: Sat, 17 Jul 2010 16:24:42 -0400 (EDT)
Message-ID:
 <Pine.LNX.4.64.1007171623040.17109@e-smith.charlieb.ott.istop.com>

http://bugs.contribs.org/show_bug.cgi?id=5808

 Jesper Knudsen      2010-03-01 01:29:10 MST

When using the require_resolvable_fromhost plugin for qpsmtpd I noticed
that mails from user@localhost.localdomain was actually getting through
this filter. I finally found out that the plugin has a bug that causes it
to insert default search path if it cannot find the domain. This means in
my case that localhost.localdomain was then tried resolved as
localhost.localdomain.swerts-knudsen.dk and since I have a wilcard CNAME
was resolved as my public IP.

Since this plugin is only enabled for public interface the fix is to set
the "dnsrch" flag when creating the Net::DNS object.

In require_resolvable_fromhost:
my $res = Net::DNS::Resolver->new (
                                   dnsrch => 0
                                   );
2010-07-25 21:47:25 -07:00
Johan Almqvist
e2ee6f13e5 new plugin check_badmailfrom_patterns
Signed-off-by: Robert <rspier@pobox.com>
2010-07-11 17:29:24 -07:00
Robin Bowes
0d2b724b93 Check for the exact string resonses from vpopmaild rather than using regexes 2010-05-12 23:25:09 -07:00
Matt Simerson
e13952164d packaging updates
added to MANIFEST
 plugins/check_bogus_bounce
 plugins/auth/auth_vpopmaild
 t/plugin_tests/greylisting

added packaging to MANIFEST.SKIP

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:22:25 -07:00
Matt Simerson
b81d464c87 added p0f support to greylist plugin
- these changes are in the previous TCPLOCAL patch. Documented here.
added p0f config option
added POD docs to explain usage
modified $dbdir selection logic. The previous logic failed when QPHOME was
 not selected (as is the case when tests are being run).
Added '.' as the dir of last resort for $dbdir selection (others $EMPTY/dir
 dumped greylisting database in / )

  - These changes are included in this patch -
Added t/plugin_tests/greylisting, with greylist logic testing (tests are
 disabled by default, as greylisting is disabled in config.sample/plugins)
Added example entry in config.sample/plugins

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:19:52 -07:00
Matt Simerson
cc2d8ccca6 added local_ip option to p0f plugin
(updated patch against rspier/qpsmtpd)

The p0f plugin defaulted to binding to TCPLOCALIP, which doesn't work
when the mail server is running behind a firewall with a private IP. If
the local_ip option is set in the config file, it overrides TCPLOCALIP.

Added POD documentation for local_ip option and p0f general usage

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:16:56 -07:00
Matt Simerson
671a6953b0 add TCPLOCAL* variables to $qp->connection
(patch remade against latest rspier/qpsmtpd)

added remote_port, local_ip, local_port, and local_host to $qp->connection, as the p0f plugin relies on it.
added notes to TcpServer.pm and the p0f plugin noting the dependence, and the lack of support for models other than tcpserver.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:15:57 -07:00
Matt Simerson
0291260284 rewrote sender_permitted_from
rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author).  The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:13:13 -07:00
Matt Simerson
b1c3d2f333 added auth_vpopmail plugin
added auth_vpopmail plugin, using the perl-vpopmail module
added VPOPMAIL auth methods description to docs/authentication
added SEE ALSO section to each module, noting the VPOPMAIL description

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:11:42 -07:00
Matt Simerson
8b892c33ad fix copy/paste error in auth_flat_file
correct copy/paste error, where auth_flat_file methods were named authsql in auth_flat plugin

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:08:50 -07:00
Robert
caad3444c3 start working on Changes file for 0.84+next
Includes 93c1a23..febdb00
2010-05-10 21:23:15 -07:00
Robin Bowes
febdb001c6 new plugin auth_vpopmaild
Signed-off-by: Robert <rspier@pobox.com>
2010-05-10 21:02:46 -07:00
Matt Simerson
0ae24edc55 updates to auth_vpopmail_sql module
updates to auth_vpopmail_sql module
 - moved vpopmail database parameters into config files
 - added LIMITATIONS section to POD, noting no support for alias domains
 - renamed sub from authsql (too generic) to auth_vmysql

Signed-off-by: Robert <rspier@pobox.com>
2010-05-10 20:51:14 -07:00
Matt Simerson
fbbf43ad15 added auth_checkpassword plugin
New and improved!
With POD! (because JP said so: http://www.nntp.perl.org/group/perl.qpsmtpd/2005/06/msg3145.html)
Includes usage notes and a perl script useful for diagnosing a checkpassword program.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-10 20:50:43 -07:00
Robert
3939c7bc51 Add guidelines for commit messages
From git-commit(1)
2010-05-10 20:38:18 -07:00
Matt Simerson
e8cb1c3e94 added definedness test to $local_port as it was emitting errors to to not being defined. My previous commit to TcpServer.pm fixed that problem.
Signed-off-by: Robert <rspier@pobox.com>
2010-05-09 23:28:15 -07:00
Matt Simerson
5f81fd7925 remove vestiges of a bygone RCS 2010-05-09 23:22:13 -07:00
Robert
e37f14b9a6 microoptimizations - replace regex with lc eq 2010-05-09 22:45:59 -07:00
Steve Kemp
1002d0dd56 new plugin - check_bogus_bounce
The current status file, in git, has the following entry:

  -plugin to reject mails from <> if it has multiple recipients.

  I hereby submit my plugin to handle this case for possible inclusion,
 under the same terms as the current qpsmtpd release.

  The plugin is available here:

    http://www.steve.org.uk/Software/qpsmtpd/check_bogus_bounce/

  Please find patch against git head below, adding the file and removing
 the TODO line from the status file.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-09 22:37:13 -07:00
Matt Simerson
68ecedd1ac added ClamAV version to the X-Virus-Checked header
Signed-off-by: Robert <rspier@pobox.com>
2010-05-04 14:23:03 -07:00
Steve Kemp
93c1a238e8 Misc documentation updates
Minor fixups to the documentation:

  * README + CREDITS:
     We use git now, not subversion.
  * README:
     dns  -> DNS
     smtp -> SMTP

Steve
--
Let me steal your soul?
http://stolen-souls.com

Signed-off-by: Robert <rspier@pobox.com>
2010-05-04 14:18:50 -07:00
Ask Bjørn Hansen
c408aa98ca Update copyright year 2010-04-07 22:32:41 -07:00
Ask Bjørn Hansen
e0948cee24 Prepare 0.84 release 2010-04-07 22:26:48 -07:00
Ask Bjørn Hansen
da9e9cd8f9 Update credits for rpm changes 2010-04-07 22:26:48 -07:00
Richard Siddall
977d94a6e0 Modify RPM packaging to allow an SRPM to be built. 2010-04-07 22:16:11 -07:00
Larry Nedry
ef1b493b18 Note Net::IP dependency (Larry Nedry) 2010-04-07 21:51:55 -07:00
Ask Bjørn Hansen
9c81fa10ff Update Changes 2010-04-07 21:49:53 -07:00
Devin Carraway
73eb9012bd Header check config/logical-inversion fix
Jost Krieger pointed out that the documentation for the header check called
for a config_headers, but the code actually implemented scan_headers.  Updated
to accept either.  Also the condition for actually checking/skipping the
headers was inverted.

Also whitespace fixes.
2010-02-20 11:31:36 -08:00
Filippo Carletti
660ed14823 don't initialize the hooks array if it is already initialized 2010-02-13 21:23:03 -08:00
lnedry
3e36ab55af Moved DENYSOFT for temp_resolver_failed to the RCPT TO hook. 2010-02-13 16:29:56 -07:00
Ask Bjørn Hansen
38e4449d4d Merge branch 'rpm'
Conflicts:
	.gitignore
2010-02-12 21:30:55 -08:00
Ask Bjørn Hansen
a1ef2d13cf Fix rpmlint errors; correct License field to 'MIT' 2010-02-12 21:30:02 -08:00
Ask Bjørn Hansen
36a8c8a6cd Untabify 2010-02-12 21:29:32 -08:00
Ask Bjørn Hansen
f8b4650248 Fix to work with new git commands
(Also fix whitespace warning)
2010-02-12 21:28:20 -08:00
Filippo Carletti
2a35963bd4 Requires(pre): coreutils, shadow-utils, perl
to avoid useradd errors during install
2010-02-12 21:12:15 -08:00
Peter J. Holzer
46171d0c66 fixed issue #29: config now caches returned value
Qpsmtpd::config now checks cache, hooks, qmail_config, default in this
order and returns the first match. In any case the returned value is
stored in the cache, so subsequent calls to Qpsmtpd::config return the
same value (unless the cache is cleared).
2010-01-18 11:36:06 -08:00
Devin Carraway
44c67fcbc7 Add a whatis to Qpsmtpd.pm and Postfix.pm's POD
Signed-off-by: Robert <rspier@pobox.com>
2010-01-14 00:13:10 -08:00
Rick
7de104bf66 AUTH PLAIN bug with qpsmtpd and alpine
Trying to get SMTP auth working with alpine, I came across a bug.
Alpine sends AUTH PLAIN and waits for a 334 response, then sends the
auth string. According to the RFC, the server should reply with 334
and a nothing else, but in Auth.pm qpsmtpd responds with "334 Please
continue."   the "Please continue" is interpreted as a non-zero
length initial challenge which causes alpine (and maybe other
clients?) to abort the session.

Signed-off-by: Charlie Brady <charlieb@budge.apana.org.au>
Signed-off-by: Robert <rspier@pobox.com>
2009-12-24 20:36:51 -08:00