process_backticks now writes the entire message (headers + body) to a temp file and had dspam read that. Previously, dspam only read the body. With the new "process, then train on error" method, dspam didn't have access to the DSPAM signature (in the headers).
replaced open2 with open3. Same results. Works part of the time, but not consistent, and I haven't been able to figure out why.
dspam transaction note is now a hashref (was a string)
parsing of dspam response via substring (was regexp)
rather than deferring until RCPT. This greatly improves efficiency, since most connections will get marked naughty much sooner, having run fewer tests.
consolidate the two data_post methods into one (more linear, simpler)
more informative log message
add new headers to top of headers (not bottom (consistent MTA behavior))
helo - validate a HELO message delivered from a connecting host.
Includes the following tests:
is_in_badhelo
invalid_localhost
is_plain_ip
is_address_literal [N.N.N.N]
is_forged_literal
is_not_fqdn
no_forward_dns
no_reverse_dns
no_matching_dns
in apr_*_handler subs, return DECLINED when connection is not available to read (like during tests)
added 23 tests
deprecate action argument
'action log' did nothing, better logging controls available with loglevel
'action deny' -> reject 1
'action denysoft' => reject 1 reject_type temp
POD
use head2 for config options (instead of over, item, back)
added loglevel section
updated for replacement of action with reject options
consolidated POD at top of file
added example options to reject_type POD head
added an example loglevel entry
consolidated DENY[SOFT|DISCONNECT] logic into get_reject_type
added tests for get_reject_type
the previous DK commit moved the 'use Mail::DomainKeys::*' stuff into an eval. The right idea, but tests still fail because I forgot to remove the bare 'use' lines.
added POD description of spfquery note
changed spf_deny -> reject (and offered 4 more options, see POD for reject)
backwards compatible with old config settings
replicates qmail-smtpd SPF patch behavior
improved logging (again)
uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed.
background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
instead of a positional arguments, used named arguments (backwards compatible)
added a couple log message prefixes
removed some trailing whitespace
updated POD
minor changes to facilitate testing
improved error reporting of several failures
added p0f v2 compatibility to p0f v3 results: in addition to all the newer values, also report the old ones too.
These 3 auth plugins all have a data store they fetch the reference
password or hash from. They then match the attemped password or hash
against the reference. This consolidates the latter portion (validating
the password/hash) into Auth.pm.
* less duplicated code in the plugins.
* Pass validation consistently handled for these 3 plugins.
* less work to create new auth plugins
Also caches the CRAM-MD5 ticket. It could also cache user/pass info if
this was desirable.
fixed the vestiges of old plugin name 'denysoft_greylisting'
added ability to bypass greylisting based on geoip
deprecated 'mode [denysoft | testonly | off]
off wasn't useful
testonly & denysoft replaced by reject [ 0 | 1 ]
renamed DB from denysoft_greylist to greylist.dbm. Will use existing/legacy DB if present.
added DB pruning feature. Automatically prune the DB when qpsmtpd registers the plugin. Perhaps this should be a config option to enable?
added DB upgrade feature. Convert dotted quad IP addresses in DB to integers. Makes greylisting IPv6 compatible, since DB records are colon delimited.
exempt TLS connections from greylisting. The vast majority (perhaps all) of the SMTP clients that request encryption to my server are legit. We could add a config option for this, but this plugin already has a multitude of config options.
refactored much of the greylisting method into discreet subs
added 30 tests
added additional DEBUG level logging for p0f matches
POD changes:
replaced over, item N, back, with head2 (better formatted output)
better describe the current behavior of the plugin (some past behaviors no longer exist)
added TRIPLET section with example
added loglevel section
had single positional argument for loglevel,
switched to named args which inherits the more flexible loglevel
shortened logging line
before: connection_time: Connection time from 66.118.151.187: 3.046 sec.
after: connection_time: 3.046 s.
removed auth method from return calls in all auth plugins. The caller knows the mechanism already. In the code, the difference looks like this:
before:
or return (DENY, "authcvm/$method");
after:
or return (DENY, "authcvm");
Added debug level log entries in auth_vpopmaild
Conflicts:
plugins/auth/auth_vpopmail_sql
expanded POD
cleaned up stray EOL spaces
added lots of logging, with standardized [ pass | fail | skip ] prefixes
added reject_type option
use split for parsing dspam headers
use SA note instead of parsing headers
added reject = agree option
store & fetch dspam results in a note
refactored into small subs with unit tests.
parse SA header with split instead of regexp (more reliable)
store SA results in a 'spamassassin' transaction note
add strict and warnings pragma
renamed reject_threshold -> reject (backwards compatible)
added relayclient skip option and POD. Skips SA processing when relayclient is set
added MULTIPLE RECIPIENT BEHAVIOR topic to POD
unit tests for new methods are in t/auth.t
added PLAIN and LOGIN tests in auth_flat_file
Most tests are disabled unless an interactive terminal is detected and $ENV{QPSMTPD_DEVELOPER} is set.
backwards compatible with previous warn_only option.
added additional logging
refactored out a couple new subs.
minor changes: added strictures, warnings, moved 'use' statements to top of code
so log entries look like this:
86553 (connect) ident::geoip: US, United States
86553 (connect) ident::p0f: Windows 7 or 8
86553 (connect) check_earlytalker: remote host said nothing spontaneous, proceeding
instead of this:
86553 ident::geoip: (connect): US, United States
86553 ident::p0f: (connect) Windows 7 or 8
86553 check_earlytalker: (connect): remote host said nothing spontaneous, proceeding
Conflicts:
plugins/logging/warn
With a DENYSOFT (450) the sender will keep trying to deliver the e-mail.
It makes no sense.
This commit also makes it compatible again with the plugin from before commit:
02912 [rewrote sender_permitted_from]