Commit Graph

1921 Commits

Author SHA1 Message Date
Matt Simerson
ed8eca0a63 fixed failing auths to auth/vpopmaild, added tests
Apparently the format of vpopmaild responses has been expanded and the responses
are conditional.

* Replaced the 'sometimes works' eq comparison with a regexp that always works.
* added tests for all 3 vpopmail plugins
* added cram-md5 auth support to auth_vpopmaild.
2012-04-07 17:52:44 -04:00
Robert
cd5f088d69 Merge pull request #4 from baudehlo/master
Fix for starttls vulnerability
2011-06-24 14:05:42 -07:00
Matt Sergeant
5200244031 Fix STARTTLS vulnerability for async 2011-06-02 12:57:50 -04:00
Peter J. Holzer
b7668c0468 temp_resolver_failed is a transaction note
The mail hook sets a transaction note 'temp_resolver_failed', but the
 rcpt hook queried a connection note of the same name (which didn't
 exist, of course).
 Now it queries the transaction note.
2011-01-03 12:39:57 -08:00
Charlie Brady
24d09fa4a9 Patch: FATAL PLUGIN ERROR [check_basicheaders]: ...
check_basicheaders fails if there are no headers at all:

http://bugs.contribs.org/show_bug.cgi?id=6345
2010-11-13 18:04:02 -08:00
Robert
461dabc3e1 Revert "Spool body when $transaction->body_fh() is called"
This reverts commit a52660a646.

See http://www.nntp.perl.org/group/perl.qpsmtpd/2010/10/msg9453.html for discussion.
2010-10-29 22:23:58 -07:00
Hanno Hecker
0b0e4e911a prefork: use new instance instead of cloning
Create a new instance instead of cloning^copying the base instance,
see http://www.nntp.perl.org/group/perl.qpsmtpd/2008/07/msg8134.html ff.
2010-09-17 00:39:48 -07:00
Hanno Hecker
33d8825ecf Fix for plugins returning DONE from HELO/EHLO
We have to return something true, else the client gets an additional
 451 Internal error - try again later - command 'helo' failed unexpectedly
after the plugin's ->respond() message.
2010-09-17 15:25:20 +08:00
Hanno Hecker
f9399950f3 plugins/rcpt_map cleanup
* enforce having a "domain" parameter
* unique default message (missing dot added)
2010-09-17 15:25:19 +08:00
Hanno Hecker
7bfad42ac9 new plugin rcpt_map
Check recipients from a postfix style map. The valid return codes are of course
qpsmtpd constants. By storing the addresses in a %hash, this is much faster
for fixed addresses than using the rcpt_regexp plugin just with fixed strings.
This plugin handles only one domain per plugin instance. Use the :N suffix for
the plugin if you need several domains mapped.
2010-09-17 15:25:18 +08:00
Peter A Eisch
e403a56d74 I forgot to sync the code that calls the original config correctly. 2010-09-15 14:33:34 +08:00
Peter A Eisch
2979c52b47 Adds the ability to have multiple instances (each with different
configs) running under Apache.
2010-09-15 14:33:31 +08:00
jaredj
295474503f Add support for multiple postfix cleanup sockets
The current postfix-queue plugin allows the administrator to set a
single path to a local postfix cleanup socket file from the plugin
'command line'.  This adds a 'cleanup_sockets' configuration directive
that can contain a list of paths as well as host/port combinations
pointing to postfix cleanup services, which will be tried in the order
that they appear.  Not yet tested.
2010-09-15 14:32:54 +08:00
jaredj
5c3bd220aa Run hook_reset_transaction after all connections
This makes hook_reset_transaction a bit more useful by running it on
disconnections.  It also ensures that hook_disconnect runs when the
client disconnects without QUITing.
2010-09-15 14:32:53 +08:00
Jared Johnson
96aa5ba171 Shorten/clarify Connection and Transaction notes()
Update Qpsmtpd::Connection::notes() and Qpsmtpd::Transaction::notes()
with clearer, more brief syntax.  A previous patch used seemingly better
syntax, but did not evaluate the size of @_ in order to distinguish
between a call to notes('arg1',undef) and notes('arg1').  This corrects
this issue, and adds a comment to that effect.
2010-09-15 14:32:53 +08:00
Matt Simerson
fa91764f88 renamed test from foo to rcpt_ok 2010-07-25 23:04:58 -07:00
Matt Simerson
0c4a76ffe7 add test name to test output 2010-07-25 22:52:36 -07:00
Matt Simerson
d11b87e050 give badrcptto a reasonable name
renamed check_badrcptto test from foo to test_check_badrcptto_ok
2010-07-25 22:52:32 -07:00
Matt Simerson
3a7f46aa3e increased default TLS security setting
switched default TLS security in config/tls_ciphers from HIGH to HIGH:!SSLv2. Added note for how to set the minimum level of security necessary for PCI compliance.

Signed-off-by: Robert <rspier@pobox.com>
2010-07-25 22:31:59 -07:00
Matt Simerson
d0c9b7cbe5 corrected email address 2010-07-25 22:31:19 -07:00
Robert
9348539ed7 don't create homedir in RPM
based on..

From: Charlie Brady <charlieb-qpsmtpd@budge.apana.org.au>
Subject: rpm packaging bug - smtpd user created with shell not /bin/false
Date: Sat, 17 Jul 2010 18:17:49 -0400 (EDT)
Message-ID:
 <Pine.LNX.4.64.1007171816230.19928@e-smith.charlieb.ott.istop.com>

http://bugs.contribs.org/show_bug.cgi?id=6025

if ! id smtpd >/dev/null 2>&1
then
    # need to create smtpd user.
    if perl -e 'exit ! defined(getgrnam("postdrop"))'
    then
    # if postfix is installed, we will probably use
    # queue/postfix, which will need this:
        supp="-G postdrop"
    fi
    useradd -r -m $supp smtpd
fi

qpsmtpd needs a user "smtpd", but should not create a home directory or
give access to a shell.
2010-07-25 21:48:26 -07:00
Robert
803a320127 ignore search path in DNS lookups
2.  If the name doesn't end in a dot then append each item in the search list to the name.
           This is only done if dnsrch is true.

triggered by..

From: Charlie Brady <charlieb-qpsmtpd@budge.apana.org.au>
Subject: [BUG] Default search path used in require_resolvable_fromhost
Date: Sat, 17 Jul 2010 16:24:42 -0400 (EDT)
Message-ID:
 <Pine.LNX.4.64.1007171623040.17109@e-smith.charlieb.ott.istop.com>

http://bugs.contribs.org/show_bug.cgi?id=5808

 Jesper Knudsen      2010-03-01 01:29:10 MST

When using the require_resolvable_fromhost plugin for qpsmtpd I noticed
that mails from user@localhost.localdomain was actually getting through
this filter. I finally found out that the plugin has a bug that causes it
to insert default search path if it cannot find the domain. This means in
my case that localhost.localdomain was then tried resolved as
localhost.localdomain.swerts-knudsen.dk and since I have a wilcard CNAME
was resolved as my public IP.

Since this plugin is only enabled for public interface the fix is to set
the "dnsrch" flag when creating the Net::DNS object.

In require_resolvable_fromhost:
my $res = Net::DNS::Resolver->new (
                                   dnsrch => 0
                                   );
2010-07-25 21:47:25 -07:00
Johan Almqvist
e2ee6f13e5 new plugin check_badmailfrom_patterns
Signed-off-by: Robert <rspier@pobox.com>
2010-07-11 17:29:24 -07:00
Robin Bowes
0d2b724b93 Check for the exact string resonses from vpopmaild rather than using regexes 2010-05-12 23:25:09 -07:00
Matt Simerson
e13952164d packaging updates
added to MANIFEST
 plugins/check_bogus_bounce
 plugins/auth/auth_vpopmaild
 t/plugin_tests/greylisting

added packaging to MANIFEST.SKIP

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:22:25 -07:00
Matt Simerson
b81d464c87 added p0f support to greylist plugin
- these changes are in the previous TCPLOCAL patch. Documented here.
added p0f config option
added POD docs to explain usage
modified $dbdir selection logic. The previous logic failed when QPHOME was
 not selected (as is the case when tests are being run).
Added '.' as the dir of last resort for $dbdir selection (others $EMPTY/dir
 dumped greylisting database in / )

  - These changes are included in this patch -
Added t/plugin_tests/greylisting, with greylist logic testing (tests are
 disabled by default, as greylisting is disabled in config.sample/plugins)
Added example entry in config.sample/plugins

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:19:52 -07:00
Matt Simerson
cc2d8ccca6 added local_ip option to p0f plugin
(updated patch against rspier/qpsmtpd)

The p0f plugin defaulted to binding to TCPLOCALIP, which doesn't work
when the mail server is running behind a firewall with a private IP. If
the local_ip option is set in the config file, it overrides TCPLOCALIP.

Added POD documentation for local_ip option and p0f general usage

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:16:56 -07:00
Matt Simerson
671a6953b0 add TCPLOCAL* variables to $qp->connection
(patch remade against latest rspier/qpsmtpd)

added remote_port, local_ip, local_port, and local_host to $qp->connection, as the p0f plugin relies on it.
added notes to TcpServer.pm and the p0f plugin noting the dependence, and the lack of support for models other than tcpserver.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:15:57 -07:00
Matt Simerson
0291260284 rewrote sender_permitted_from
rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author).  The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:13:13 -07:00
Matt Simerson
b1c3d2f333 added auth_vpopmail plugin
added auth_vpopmail plugin, using the perl-vpopmail module
added VPOPMAIL auth methods description to docs/authentication
added SEE ALSO section to each module, noting the VPOPMAIL description

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:11:42 -07:00
Matt Simerson
8b892c33ad fix copy/paste error in auth_flat_file
correct copy/paste error, where auth_flat_file methods were named authsql in auth_flat plugin

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:08:50 -07:00
Robert
caad3444c3 start working on Changes file for 0.84+next
Includes 93c1a23..febdb00
2010-05-10 21:23:15 -07:00
Robin Bowes
febdb001c6 new plugin auth_vpopmaild
Signed-off-by: Robert <rspier@pobox.com>
2010-05-10 21:02:46 -07:00
Matt Simerson
0ae24edc55 updates to auth_vpopmail_sql module
updates to auth_vpopmail_sql module
 - moved vpopmail database parameters into config files
 - added LIMITATIONS section to POD, noting no support for alias domains
 - renamed sub from authsql (too generic) to auth_vmysql

Signed-off-by: Robert <rspier@pobox.com>
2010-05-10 20:51:14 -07:00
Matt Simerson
fbbf43ad15 added auth_checkpassword plugin
New and improved!
With POD! (because JP said so: http://www.nntp.perl.org/group/perl.qpsmtpd/2005/06/msg3145.html)
Includes usage notes and a perl script useful for diagnosing a checkpassword program.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-10 20:50:43 -07:00
Robert
3939c7bc51 Add guidelines for commit messages
From git-commit(1)
2010-05-10 20:38:18 -07:00
Matt Simerson
e8cb1c3e94 added definedness test to $local_port as it was emitting errors to to not being defined. My previous commit to TcpServer.pm fixed that problem.
Signed-off-by: Robert <rspier@pobox.com>
2010-05-09 23:28:15 -07:00
Matt Simerson
5f81fd7925 remove vestiges of a bygone RCS 2010-05-09 23:22:13 -07:00
Robert
e37f14b9a6 microoptimizations - replace regex with lc eq 2010-05-09 22:45:59 -07:00
Steve Kemp
1002d0dd56 new plugin - check_bogus_bounce
The current status file, in git, has the following entry:

  -plugin to reject mails from <> if it has multiple recipients.

  I hereby submit my plugin to handle this case for possible inclusion,
 under the same terms as the current qpsmtpd release.

  The plugin is available here:

    http://www.steve.org.uk/Software/qpsmtpd/check_bogus_bounce/

  Please find patch against git head below, adding the file and removing
 the TODO line from the status file.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-09 22:37:13 -07:00
Matt Simerson
68ecedd1ac added ClamAV version to the X-Virus-Checked header
Signed-off-by: Robert <rspier@pobox.com>
2010-05-04 14:23:03 -07:00
Steve Kemp
93c1a238e8 Misc documentation updates
Minor fixups to the documentation:

  * README + CREDITS:
     We use git now, not subversion.
  * README:
     dns  -> DNS
     smtp -> SMTP

Steve
--
Let me steal your soul?
http://stolen-souls.com

Signed-off-by: Robert <rspier@pobox.com>
2010-05-04 14:18:50 -07:00
Ask Bjørn Hansen
c408aa98ca Update copyright year 2010-04-07 22:32:41 -07:00
Ask Bjørn Hansen
e0948cee24 Prepare 0.84 release 2010-04-07 22:26:48 -07:00
Ask Bjørn Hansen
da9e9cd8f9 Update credits for rpm changes 2010-04-07 22:26:48 -07:00
Richard Siddall
977d94a6e0 Modify RPM packaging to allow an SRPM to be built. 2010-04-07 22:16:11 -07:00
Larry Nedry
ef1b493b18 Note Net::IP dependency (Larry Nedry) 2010-04-07 21:51:55 -07:00
Ask Bjørn Hansen
9c81fa10ff Update Changes 2010-04-07 21:49:53 -07:00
Devin Carraway
73eb9012bd Header check config/logical-inversion fix
Jost Krieger pointed out that the documentation for the header check called
for a config_headers, but the code actually implemented scan_headers.  Updated
to accept either.  Also the condition for actually checking/skipping the
headers was inverted.

Also whitespace fixes.
2010-02-20 11:31:36 -08:00
Filippo Carletti
660ed14823 don't initialize the hooks array if it is already initialized 2010-02-13 21:23:03 -08:00