Change plugins/dnsbl to permit AUTH'd or other relay clients even if IP
is on a blacklist.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@442 958fd67b-6ff1-0310-b445-bb7760255be9
Interfaces with Bruce Guenther's Credential Validation Module (CVM)
* plugins/auth/auth_cvm_unix_local
Only DENY if the credentials were accepted but incorrect (bad password?)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@432 958fd67b-6ff1-0310-b445-bb7760255be9
* plugins/check_badrcptto_patterns
Match bad RCPTO address with regex
* plugins/check_norelay
Carve out holes from larger relay blocks
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@431 958fd67b-6ff1-0310-b445-bb7760255be9
Create a single Qpsmtpd::TcpServer object in the parent process and
then rely on fork to let each child have it's own copy
* lib/Qpsmtpd/Plugin.pm
Add new pre-connection and post-connection hooks
* README.plugins
Document the above new hooks
* lib/Qpsmtpd.pm
No longer have local value for trace_level() the first time through, which
was masking the global value (due to stupid search/replace error).
Don't call log() from trace_level() since it is only ever called from
within the varlog() sub when no logging plugin is registered.
* plugins/dnsbl
Config line option to use DENY_DISCONNECT instead of DENY (since any IP
on a blacklist should not have a chance to send anything for now).
Add POD to document the new disconnect behavior
* lib/Qpsmtpd.pm
Compatibility changes so test files continue to work
* t/Test/Qpsmtpd.pm
Compatibility sub for core subs which call varlog() directly
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@428 958fd67b-6ff1-0310-b445-bb7760255be9
Fix some totally egregious spelling errors
* plugins/auth/auth_ldap_bind
New plugin to authenticate against an LDAP database
Thanks to Elliot Foster <elliotf@gratuitous.net>
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@404 958fd67b-6ff1-0310-b445-bb7760255be9
representation from the numeric (for logging purposes). Add new logging
plugin, logging/adaptive, which logs at different levels depending on
whether the message was accepted/rejected.
* lib/Qpsmtpd/Constants.pm
use hashes for storing return_codes and log_levels
export accessor methods to retrieve the text representations
* lib/Qpsmtpd.pm
Rename log_level() to trace_level() so as to not conflict with the same
name in Qpsmtpd::Constants.
Call return_code() to display the text form when logging
* plugins/logging/adaptive
Better documentation
Support named parameters and prefix
Call return_code() to display the text form when logging
* plugins/logging/warn
Include POD
* README.logging
First pass at documenting the logging plugin API
* config.sample/loglevel
New numbering scheme to map directly to syslog levels
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@401 958fd67b-6ff1-0310-b445-bb7760255be9
existing core code. Add OK hook.
* lib/Qpsmtpd.pm
(init_logger): replaced with log_level()
(load_logging): NEW - load logging plugins without calling log()
(log_level): NEW - set/get global $LogLevel scalar
(log): now just a wrapper for varlog(); called only by core code
(varlog): initializes logging if not already done, calls logging plugins
in turn and falls back to interal logging unless plugins OK or DECLINED
(_load_plugins): only display "Loading plugin" when actually loading one
(run_hooks): load logging plugins without calling log(); add OK hook as
else of the DENY* case
(spool_dir): use global $Spool_dir scalar to cache location
* lib/Qpsmtpd/Plugin.pm
(%hooks): add "logging" and "ok"
(register_hook): add local _hook to object cache
(log): call varlog() with additional parameters hook and plugin_name
except for logging hook
(compile): add accessor sub for local _hook scalar
* lib/Qpsmtpd/SMTP.pm
(mail, rcpt): change loglevel to LOGALERT instead of LOGWARN for from/to
* qpsmtpd-forkserver
(REAPER): use package ::log() instead of warn()
(main): defer calling log until $plugin_loader has been initialized
(log): call logging using the $plugin_loader object
* plugins/logging/warn
NEW: sample plugin which replicates the core logging functionality
* plugins/logging/devnull
NEW: sample plugin which logs nothing (for testing multiple logging
plugin functionality)
* config.sample/logging
sample configuration file for logging plugins
* plugins/virus/uvscan
plugins/virus/clamav
Increase loglevel for non-serious warnings to LOGWARN from LOGERROR
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@398 958fd67b-6ff1-0310-b445-bb7760255be9
Correctly support alternate domain socket
Remove a tab that crept in
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@383 958fd67b-6ff1-0310-b445-bb7760255be9
Remember (belatedly) to add changes here
* MANIFEST
Add all new files to this list
* plugins/virus/clamdscan
New AV plugin to directly communicate with clamd daemon
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@378 958fd67b-6ff1-0310-b445-bb7760255be9
Scan temporary file directly now that the spooled file includes the
entire message
* plugins/virus/bitdefender - John Peacock
plugins/virus/hbedv - Hanno Hecker
New AV plugins
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@377 958fd67b-6ff1-0310-b445-bb7760255be9
Reword the POD to explain exactly how to chmod the directories to get
clamdscan to work within the spool directory (Thanks to Robin Bowes)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@373 958fd67b-6ff1-0310-b445-bb7760255be9
Provide more documentation on using clamdscan
Provide back_compat option to eliminate warnings in log with old ClamAV
Use new $self->spool_dir() function instead of homebrew
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@371 958fd67b-6ff1-0310-b445-bb7760255be9
Handle case where pw_clear_passwd doesn't exists in vpopmail database
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@360 958fd67b-6ff1-0310-b445-bb7760255be9
o plugins/check_badmailfromto
- New plugin in the style of check_badmailfrom, which matches a pair
of FROM/TO and makes it seem like the recipient's address no longer
exists (but only from the matching sender's point of view). Useful
for stalkers and other harassment cases.
o plugins/dns_whitelist_soft
- New plugin to provide a DNS-based whitelist (good for distributed
sites).
o various files
- Replaced tab character with 8 spaces and adjusted line breaks for
better readability.
Changes by mct@toren.net (Michael C. Toren)
o lib/Qpsmtpd/SMTP.pm
- Assumes a MAIL FROM value of "<#@[]>" (utilized by qmail to
indicate a null sender when generating a doublebounce message)
is equivalent to "<>". Previously qpsmtpd complained that the
value could not be parsed.
- Adds LOGIN to the default list of supported auth mechanisms.
The documentation in Auth.pm indicated that auth-login was not
currently supported due to lack of functionality, however I can
confirm that LOGIN appears to work fine as tested by using msmtp
(http://msmtp.sourceforge.net/). Are there any indications that
LOGIN support is actually broken in the current implementation?
- Removes the "X-Qpsmtpd-Auth: True" header appended when a message
has been sent by an authenticated user. One problem with such a
header is that it's impossible to say which SMTP hop added it,
and it provides no information which could be used to backtrack
the transaction. I grepped through my mail archives a bit
looking for how other MTAs handled the problem, and decided it
would be best to place this information in the Received: header:
Received: from remotehost (HELO remotehost) (192.168.42.42)
(smtp-auth username foo, mechanism cram-md5)
by mail.netisland.net (qpsmtpd/0.28) with ESMTP; <date>
o lib/Qpsmtpd/Auth.pm:
- Documentation update for the arguments passed to an auth
handler; previously the $mechanism argument was not mentioned,
which threw off the argument offsets.
- Documentation update for auth-login removing the warning
that auth-login is not currently supported due to lack of
functionality.
- Fix to execute a generic auth hook when a more specific
auth-$mechanism hook does not exist. (Previously posted
to the list last week.)
- Upon authentication, sets $session->{_auth_user} and
$session->{_auth_mechanism} so that SMTP.pm can include them
in the Received: header.
o plugins/queue/qmail-queue
- Added a timestamp and the qmail-queue qp identifier to the
"Queued!" 250 message, for compatibility with qmail-smtpd, which
can be very useful for tracking message delivery from machine to
machine. For example, the new 250 message might be:
250 Queued! 1105927468 qp 3210 <1105927457@netisland.net>
qmail-smtpd returns:
250 ok 1106546213 qp 7129
Additionally, for consistency angle brackets are placed around
the Message-ID displayed in the 250 if they were missing in the
message header.
o plugins/check_badmailfrom:
- Changed the error message from "Mail from $bad not accepted
here" to "sorry, your envelope sender is in my badmailfrom
list", for compatibility with qmail-smtpd. I didn't see any
reason to share with the sender the value of $bad, especially
for situations where the sender was rejected resulting from a
wildcard.
o plugins/check_earlytalker:
o plugins/require_resolvable_fromhost:
- No longer checks for earlytalkers or resolvable senders if the
connection note "whitelistclient" is set, which is nice for
helping backup MX hosts empty their queue faster.
o plugins/count_unrecognized_commands:
- Return code changed from DENY_DISCONNECT, which isn't valid in
an unrecognized_command hook, to DENY, which in this context
drops the connection anyway. (Previously posted to the list
last week.)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@356 958fd67b-6ff1-0310-b445-bb7760255be9
Subject: SPF plugin: using it in practice (PATCH attached for CVS)
Date: Tue, 30 Nov 2004 11:35:30 +0000
Message-ID: <20041130113530.GA31737@leverton.org>
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@355 958fd67b-6ff1-0310-b445-bb7760255be9
use symbolic log levels, instead of numeric
- dnsbl: set some (probably too large) timeouts
- count_unrec_commands: DENYHARD
- spamassassin: upgrade protocol to support switching users
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@349 958fd67b-6ff1-0310-b445-bb7760255be9
New option to strip/rename/keep old X-Spam headers (Michael Holzt)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@335 958fd67b-6ff1-0310-b445-bb7760255be9
Refuse messages that lack basic headers per RFC-2822
(Jim Winstead)
modified by John Peacock to block null messages, too
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@333 958fd67b-6ff1-0310-b445-bb7760255be9
Must replace any existing X-Spam headers with local score,
rather than adding. Don't care what other SA instances thought.
(Michael Holzt)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@330 958fd67b-6ff1-0310-b445-bb7760255be9
* lib/Qpsmtpd/Transaction.pm
Forgot to nuke POD for deprecated relaying()
* plugins/auth/auth_vpopmail_sql
Log who actually AUTHenticated
* plugins/virus/uvscan
Don't need to unlink the file (Qpsmtpd will take care of it)
Log the machine that did the actual Antivirus scanning
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@329 958fd67b-6ff1-0310-b445-bb7760255be9
* plugins/rcpt_ok
Split check_relay into two plugins
* config/plugins
Reorder plugins to take advantage of the new check_relay
* lib/Qpsmtpd/Connection.pm
Add support for relay_client() method
* lib/Qpsmtpd/SMTP.pm
Copy connection relay settings to transaction object when created
* lib/Qpsmtpd/Auth.pm
Use the connection->relay_client() instead of setting an env var
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@326 958fd67b-6ff1-0310-b445-bb7760255be9
ident/geoip - lookup country of host
ident/p0f - use p0f to get type of source machine
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@289 958fd67b-6ff1-0310-b445-bb7760255be9
- Make the awkward silence at connection configurable (default still 1sec)
- Add an option to defer reaction to the HELO to the MAIL-FROM command
instead, anticipating broken SMTP agents that don't gracefully handle
disconnection after greeting.
Also made the specific response configurable (soft, hard, nothing).
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@284 958fd67b-6ff1-0310-b445-bb7760255be9
<knan at mo.himolde.no>)
make the maildir plugin record who the message was to (needs some improvements
still)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@277 958fd67b-6ff1-0310-b445-bb7760255be9
- name=value style configuration arguments (old format still supported)
- max_size for scan (default 512k)
- Pass messages to clamscan in mbox format to satisfy clamdscan
- Made detect action configurable (reject or add-header)
- Logging fixes
- POD
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@273 958fd67b-6ff1-0310-b445-bb7760255be9
To: qpsmtpd@perl.org
Subject: [PATCH] queue/smtp-forward doesn't use correct HELO string
Message-ID: <20040714143007.31047.qmail@onion.perl.org>
Date: Wed, 14 Jul 2004 10:30:24 -0400
The current version of Net::SMTP doesn't make any attempt to determine
the hostname of the current computer (not that I blame Graham for
that), so that all e-mails are sent out as from
"localhost.localdomain" unless an explicit Hello string is provided.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@266 958fd67b-6ff1-0310-b445-bb7760255be9
rename authsql to auth_vpopmail_sql -- we need a generic "connect to database"
thing with a generic way to configure databases. ... and then we should have
a more generic "check username with sql" plugin.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@253 958fd67b-6ff1-0310-b445-bb7760255be9
+
+ Fix warning in check_badrcptto plugin (Thanks to Robert James Kaes)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@230 958fd67b-6ff1-0310-b445-bb7760255be9
support all of the RBLSMTPD functionality. (Thanks to Mark Powell)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@210 958fd67b-6ff1-0310-b445-bb7760255be9
+ contributors, thanks everyone!). Note that for now it's not
+ including the Spam: headers with the score explained. For that use
+ the spamassassin_spamc plugin from http://projects.bluefeet.net/
+ (for now).
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@206 958fd67b-6ff1-0310-b445-bb7760255be9
+ * Integrated with Mail::SPF::Query 1.991
+ * Don't do SPF processing when you are acting as a relay system
+ * Remove the MX changes as they are now inside Mail::SPF::Query
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@201 958fd67b-6ff1-0310-b445-bb7760255be9
regularly for me - POSIX::dup2() was just plain more reliable. Odd, I know.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@176 958fd67b-6ff1-0310-b445-bb7760255be9
SMTP AUTH some day. :-)
If a plugin running the ehlo hook add something to the ARRAY
reference $self->transaction->notes('capabilities') then it will be
added to the EHLO response.
Add command_counter method to the SMTP object. Plugins can use this
to catch (or not) consecutive commands. In particular useful with
the unrecognized_command hook.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@144 958fd67b-6ff1-0310-b445-bb7760255be9
message we send back to the client (to help those odd sendmail using
people debug their logs)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@140 958fd67b-6ff1-0310-b445-bb7760255be9
config now takes an extra "type" parameter. If it's "map" then a
reference to a tied hash will be returned.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@131 958fd67b-6ff1-0310-b445-bb7760255be9
From: Devin Carraway <qpsmtpd-list@devin.com>
To: qpsmtpd@perl.org
Subject: HELO hook and check plugin
Speaking of direct-to-MX spam, both AOL and Yahoo are large companies
with whole walls-full of servers devoted to mail delivery. None of them
announce themselves with "HELO yahoo.com" or "HELO aol.com." Spammers
certainly do, though.
Here's a patch to SMTP.pm to add hooks for HELO and EHLO, and a plugin
to use them.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@119 958fd67b-6ff1-0310-b445-bb7760255be9