Commit Graph

622 Commits

Author SHA1 Message Date
Matt Simerson
bcc6adae19 helo: add karma penalty for no HELO hostname 2013-12-18 00:16:02 -05:00
Matt Simerson
02da55e06d karma: added penalty for spammy TLDs 2013-12-18 00:15:20 -05:00
Matt Simerson
9f88e374c2 tls: reduced importants of an info message
from WARN to INFO
2013-12-18 00:11:53 -05:00
Matt Simerson
a4695cec8b geoip: added named array for invalid args
so it passes Perl::Critic tests
2013-12-18 00:02:07 -05:00
Matt Simerson
96dfb08d87 headers: added POD descripting each header 2013-12-18 00:00:52 -05:00
Matt Simerson
725a8d1960 dspam: remove hard coded default in train_ methods 2013-12-17 23:59:57 -05:00
Matt Simerson
c202d3ef69 dmarc integrated with Mail::DMARC
reimplemented dmarc module to use Mail::DMARC
updated SPF plugin to save SPF results in dmarc_spf note
update dkim to store DKIM results in dkim_result & dkim_verifier notes
2013-12-17 23:53:00 -05:00
Matt Simerson
4d489ea6ef tested and working Authentication-Results
changed the method of saving results. Instead of appending to/from a header, plugins save results to a connection note.

Qpsmtpd::SMTP.pm has a new method that inserts the Authentication-Results header
The smtp-auth information has been removed from the Received header

Authentication-Results providing plugins have been updated to store results in connection note
2013-08-05 15:05:38 -07:00
Matt Simerson
4ae16219bd added Authentication-Results header, with provider
dkim, dmarc, fcrdns (iprev), spf, and smtp-auth
2013-08-05 15:05:38 -07:00
Matt Simerson
4aa888dc6c headers: assign zeroes to avoid undef errors 2013-08-05 15:05:38 -07:00
Matt Simerson
247c5a2bea is_naughty is a setter now too 2013-08-05 15:05:38 -07:00
Matt Simerson
fbdee49965 raised default max msg size in clamdscan from 128k
added max_size on config, so it's likely to get noticed, since even 1M is probably too low for most sites. This should likely default to the same as databytes?
2013-08-05 15:05:38 -07:00
Matt Simerson
f7b00fa677 auth_vpopmaild: added taint checking to responses 2013-08-05 15:05:37 -07:00
Matt Simerson
b8229fbdbf dmarc: added subdomain policy handling 2013-08-05 15:05:37 -07:00
Matt Simerson
92fe1e899f rcpt_ok: do immunity checks earlier, so that
disposition logs don't indicate failure for authenticated senders
2013-08-05 15:05:37 -07:00
Matt Simerson
eccaf17d18 karma: limit rcpts to 1 for senders with neg karma 2013-08-05 15:05:36 -07:00
Matt Simerson
bbc6e895cc distinguish rejecting versus tolerated failures 2013-08-05 15:05:36 -07:00
Matt Simerson
3180c9da31 SPF: added more precise disposition logs, so that
postprocess can determine if a SPF failure caused a rejection
2013-08-05 15:05:36 -07:00
Matt Simerson
ebfccec5b3 dmarc: added support for DMARC policy pct=NNN 2013-08-05 15:05:36 -07:00
Matt Simerson
c0210a7877 SPF: arrage flow so if a pass result is possible,
we will get it and set the note for DMARC plugin
2013-08-05 15:05:36 -07:00
Matt Simerson
effb4e2269 dmarc: improving and updating POD 2013-08-05 15:05:36 -07:00
Matt Simerson
f9fb0acee7 qmail_deliverable: smite null sender to email list 2013-08-05 15:05:16 -07:00
Matt Simerson
ca678ba736 log2sql: populate plugins table from registry.txt
much easier for local customizations.
moved SQL connection settings to config/log2sql
2013-08-05 15:05:16 -07:00
Matt Simerson
8e054c1eda dkim: reduce INFO logging to once per connect 2013-08-05 15:05:16 -07:00
Matt Simerson
a14de07280 tls: added pass|fail prefix to a couple log msgs 2013-08-05 15:05:15 -07:00
Matt Simerson
7f8848d2e8 auth_chkpw: added pass|fail prefix to log msgs 2013-08-05 15:05:15 -07:00
Matt Simerson
25171ec371 dmarc: weed out SPF records from initial search
use a variable instead of array to count list (not using RR address after all)
2013-08-05 15:05:15 -07:00
Matt Simerson
1f2a5c27ed dkim: when signing, use signing domain when we
finding the signing key in a different directory than the sending (eg: example.com instead of www.example.com.)
2013-08-05 15:05:15 -07:00
Matt Simerson
091843927d dmarc: added relaxed alignment tests 2013-08-05 15:05:15 -07:00
Matt Simerson
75a3e4baae find plugins -type f -exec perltidy -b {} \; 2013-08-05 15:05:15 -07:00
Matt Simerson
fd2c56fb36 resolvable_fromhost: adjust log message prefix 2013-08-05 15:05:15 -07:00
Matt Simerson
2e6eeaa82d karma: add recipient limits for bad senders 2013-08-05 15:05:15 -07:00
Matt Simerson
b9bf523e0e hosts_allow: more succinct log message 2013-08-05 15:05:15 -07:00
Matt Simerson
e23523bc46 registry: renumber with big spaces between plugin
types. So there's plenty of room to insert future plugins with having to renumber, which impacts log2sql
2013-08-05 15:05:14 -07:00
Matt Simerson
8a1a156e60 dmarc: remove useless comment 2013-08-05 15:05:14 -07:00
Matt Simerson
2c7cb8afb7 naughty: improve POD 2013-08-05 15:05:14 -07:00
Matt Simerson
db8ec50c3a new plugin: dmarc 2013-08-05 15:05:14 -07:00
Matt Simerson
515188ace5 tls: added ability to store certs in config/ssl
was hard coded to ./ssl
2013-08-05 15:05:14 -07:00
Matt Simerson
f03128523c SPF: add pod, documenting spf_pass_host note 2013-08-05 15:05:14 -07:00
Matt Simerson
0f01a39e88 SPF: add trans. note spf_pass_host if SPF=pass 2013-08-05 15:05:14 -07:00
Matt Simerson
6bea1ebd50 domainkeys: fixed pod grammar error 2013-08-05 15:05:14 -07:00
Matt Simerson
b64bb2f9e4 a collection of DKIM enhancements
* disable Mail::DKIM::TextWrap (causes mangled messages for some clients)
* pod improvements
* don't log the entire DKIM signature when signing
* add dkim_pass_domains connection note with DKIM signer domains that pass
* enable dkim tests
2013-08-05 15:05:14 -07:00
Matt Simerson
b7320a8eb9 SPF: POD formatting fix 2013-08-05 15:05:14 -07:00
Matt Simerson
c92a5a83c8 dkim: improve POD, add dkim_key_gen.sh 2013-08-05 15:05:13 -07:00
Matt Simerson
a3b8af77bd dkim: added message signing feature 2013-08-05 15:05:13 -07:00
Matt Simerson
8c265d3583 domainkeys: added deprecation comment 2013-08-05 15:05:13 -07:00
Matt Simerson
6b16704b4a karma,relay: karma plugin awards karma later
by detecting during DATA if relay_client is set
2013-08-05 15:05:13 -07:00
Matt Simerson
ce0d2b80ef dkim: corrected log entry, added comment 2013-08-05 15:05:13 -07:00
Matt Simerson
d5fd8d24e3 dspam: raise loglevel on debug log message 2013-08-05 15:05:13 -07:00
Matt Simerson
e7ea7a0949 dspam: catch error where QP user lacks x on dspam
x = execute privileges
2013-08-05 15:05:13 -07:00
Matt Simerson
eeacf83e3a bogus_bounce: suppress undefined var error 2013-08-05 15:05:13 -07:00
Matt Simerson
5853ec1a47 spf: add comment re: Authentication-Results header 2013-08-05 15:05:13 -07:00
Matt Simerson
2ca3b1d4ee resolvable_fromhost: documented reject naughty 2013-08-05 15:05:13 -07:00
Matt Simerson
c7f5c45f40 random_error: fixed typo, added std pragmas 2013-08-05 15:05:13 -07:00
Matt Simerson
e433796b96 dspam/spamassassin: adjust karma awards
dspam: be more conservative when learning from karma
sa: added an SA autolearn bonus
2013-08-05 15:05:13 -07:00
Matt Simerson
2f3127359d moved triplicated init_resolver into Plugin.pm 2013-08-05 15:05:13 -07:00
Matt Simerson
58b860c0eb dkim: added karma for dkim results (allow/reject) 2013-08-05 15:05:12 -07:00
Matt Simerson
8e437ec305 helo: stop processing after first match 2013-08-05 15:05:12 -07:00
Matt Simerson
3bb85a66a1 resolvable_fromhost: added karma smites 2013-08-05 15:05:12 -07:00
Matt Simerson
7da69ef12d spamassassin: karma scoring is dependent on
the sessage learn status, not SA (global) autolearn setting. So, karma learning follows SA learning rules.
2013-08-05 15:05:12 -07:00
Matt Simerson
fc5eeec122 added karma awards for SPF pass/fail 2013-08-05 15:05:12 -07:00
Matt Simerson
0c59813957 badmailfrom: fix reject message typo 2013-08-05 15:05:12 -07:00
Matt Simerson
91db656cac fcrdns: new plugin for Forward Confirmed rDNS 2013-08-05 15:05:12 -07:00
Matt Simerson
26becea3d4 qm_deliverable: added reject option, karma smite
award senders -1 karma to senders to invalid addresses
2013-08-05 15:05:12 -07:00
Matt Simerson
0383f63d87 naughty: improve POD 2013-08-05 15:05:12 -07:00
Matt Simerson
f039014b33 karma: be a bit more conservative
require at least -2 karma before smiting
also, add +1 karma to senders with karma_history > 10
2013-08-05 15:05:12 -07:00
Matt Simerson
77272ba095 whitelist: add +5 karma to whitelisted IPs 2013-08-05 15:05:12 -07:00
Matt Simerson
1e88a57f26 relay: give +2 karma boost to relay IPs 2013-08-05 15:05:12 -07:00
Matt Simerson
c17ebdbcf9 p0f: added smite_os, assign -karma by OS 2013-08-05 15:05:12 -07:00
Matt Simerson
d08de879c5 hosts_allow: allow +karma senders +3 concurrents
this is really useful if you set max-per-ip to <= 3.
2013-08-05 15:05:12 -07:00
Matt Simerson
7a4c789ae2 helo: smite senders that fail the selected tests
and made log entries more terse
2013-08-05 15:05:12 -07:00
Matt Simerson
b43f369dbe headers: smite poorly behaved senders with -karma 2013-08-05 15:05:12 -07:00
Matt Simerson
e47d431aa9 earlytalker: if we skip for +karma, log it
and remove IP from log (not IPv6 optimal)
2013-08-05 15:05:11 -07:00
Matt Simerson
c0899f6d4d spamassassin: assign karma for autolearn message
also removed 'use lib', to be consistent with most other plugins
and improved grammar
2013-08-05 15:05:11 -07:00
Matt Simerson
8012dff4f9 dspam: be more conservative with karma awards
previous settings were reasonable for a well trained dspam. After starting with a fresh dspam, the settings were not optimal for the amount of naive that a default dspam is.
2013-08-05 15:05:11 -07:00
Matt Simerson
0eef321990 dnsbl: smite blacklisted IPs with -1 karma 2013-08-05 15:05:11 -07:00
Matt Simerson
d5f1f3f72b badrcptto: smite matches with -2 karma
useful for (reject=>naughty) + spam filter training
2013-08-05 15:05:11 -07:00
Matt Simerson
e7f9f3bf21 geoip: added too_far option 2013-08-05 15:05:11 -07:00
Matt Simerson
473a1ba6e3 karma_tool: optimized for speedy IP search, IPv6
fixed one IPv6 issue
2013-08-05 15:05:11 -07:00
Markus Ullmann
c0b36c5cb4 Sanitize spamd_sock path for perl taint mode 2013-08-05 15:05:11 -07:00
Matt Simerson
a90c881ae5 helo: added comments 2013-08-05 15:05:11 -07:00
Matt Simerson
a7742b5b40 dspam: added use lib, removed some parens 2013-08-05 15:05:11 -07:00
Matt Simerson
73f4759ae7 karma: general improvements
skip earlytalker checks for positive senders

limit negative karma senders to 1 concurrent connection (hosts_allow)
  added karma::hook_pre_connection, to make hosts_allow change possible

added karma score to log entries
2013-08-05 15:05:11 -07:00
Matt Simerson
60d3cda18e headers: added section # to RFC citation 2013-08-05 15:05:11 -07:00
Matt Simerson
d8a242b050 whitelist: added pass prefix to log entries 2013-08-05 15:05:11 -07:00
Matt Simerson
96ee32106a qmail_deliverable: remove fail prefix from SMTP er
prefix should only be logged, not emitted during SMTP
2013-08-05 15:05:11 -07:00
Matt Simerson
dd59ad210e karma_tool: release didn't. fixed.
also, preserve karma history when using karma_tool to capture/release
2013-08-05 15:05:10 -07:00
Matt Simerson
0ed418fafd p0f: added path to socket in error message
if p0f cannot connect, provide a more descriptive error message. Particularly useful for a p0f plugin developer that runs both p0f v2 and v3 at the same time.
2013-08-05 15:05:10 -07:00
Matt Simerson
c3dff626cb plugins/bogus_bounce: add Return-Path check
make sure return path is empty, per RFC 3834
2013-08-05 15:05:10 -07:00
Matt Simerson
b9750ee5bf plugins/helo: added RFC 5321 notes 2013-08-05 15:05:10 -07:00
Matt Simerson
214ceffea6 uribl plugin: added 'pass' prefix to log message 2013-08-05 15:05:10 -07:00
Matt Simerson
a5803d10f5 updated more split '' syntax to split // 2013-08-05 15:05:10 -07:00
Matt Simerson
e67f4ff98c helo: avoid undef warning when rDNS is invalid
specifically, when rDNS returns an invalid FQDN like 'null.', which doesn't have
a domain part.
2013-08-05 15:05:10 -07:00
Matt Simerson
d80b117bff replace all instances of split '' with split //
newer versions of perl don't accept split '' syntax any longer
2013-08-05 15:05:10 -07:00
Matt Simerson
2e0909ad27 dspam: improve logging and config error reporting 2013-08-05 15:05:10 -07:00
Matt Simerson
838594642b relay: better error handling and logging
detect failures in calls to Net::IP for relayclient entries that don't parse.
2013-08-05 15:05:10 -07:00
Matt Simerson
f0c7c212c0 clamdscan: replace immunity check with naught test
immunity check was disabled by default, as it wasn't a good policy. OTOH, a naughty check is a sensible default, as we can skip processing on messages we already decided to reject.
2013-08-05 15:05:10 -07:00
Matt Simerson
14e87fabdf qmail_deliverable: reject null sender to ezmlm lis 2013-08-05 15:05:10 -07:00
Matt Simerson
5b742cbf7d dkim: added some missing POD text 2013-08-05 15:05:09 -07:00
Matt Simerson
4465b7af43 headers: simplify required headers logic 2013-08-05 15:05:09 -07:00