backwards compatible with previous warn_only option.
added additional logging
refactored out a couple new subs.
minor changes: added strictures, warnings, moved 'use' statements to top of code
so log entries look like this:
86553 (connect) ident::geoip: US, United States
86553 (connect) ident::p0f: Windows 7 or 8
86553 (connect) check_earlytalker: remote host said nothing spontaneous, proceeding
instead of this:
86553 ident::geoip: (connect): US, United States
86553 ident::p0f: (connect) Windows 7 or 8
86553 check_earlytalker: (connect): remote host said nothing spontaneous, proceeding
Conflicts:
plugins/logging/warn
With a DENYSOFT (450) the sender will keep trying to deliver the e-mail.
It makes no sense.
This commit also makes it compatible again with the plugin from before commit:
02912 [rewrote sender_permitted_from]
on files in plugins dir:
fixed a number of POD errors
formatted some # comments into POD
removed bare 1; (these are plugins, not perl modules)
most instances of this were copy/pasted from a previous plugin that had it
removed instances of # vim ts=N ...
they weren't consistent, many didn't match .perltidyrc
on modules that failed perl -c tests, added 'use Qpsmtpd::Constants;'
Conflicts:
plugins/async/check_earlytalker
plugins/async/dns_whitelist_soft
plugins/async/dnsbl
plugins/async/queue/smtp-forward
plugins/async/require_resolvable_fromhost
plugins/async/rhsbl
plugins/async/uribl
plugins/auth/auth_checkpassword
plugins/auth/auth_cvm_unix_local
plugins/auth/auth_flat_file
plugins/auth/auth_ldap_bind
plugins/auth/auth_vpopmail
plugins/auth/auth_vpopmail_sql
plugins/auth/authdeny
plugins/check_badmailfromto
plugins/check_badrcptto_patterns
plugins/check_bogus_bounce
plugins/check_earlytalker
plugins/check_norelay
plugins/check_spamhelo
plugins/connection_time
plugins/dns_whitelist_soft
plugins/dnsbl
plugins/domainkeys
plugins/greylisting
plugins/hosts_allow
plugins/http_config
plugins/logging/adaptive
plugins/logging/apache
plugins/logging/connection_id
plugins/logging/transaction_id
plugins/logging/warn
plugins/milter
plugins/queue/exim-bsmtp
plugins/queue/maildir
plugins/queue/postfix-queue
plugins/queue/smtp-forward
plugins/quit_fortune
plugins/random_error
plugins/rcpt_map
plugins/rcpt_regexp
plugins/relay_only
plugins/require_resolvable_fromhost
plugins/rhsbl
plugins/sender_permitted_from
plugins/spamassassin
plugins/tls
plugins/tls_cert
plugins/uribl
plugins/virus/aveclient
plugins/virus/bitdefender
plugins/virus/clamav
plugins/virus/clamdscan
plugins/virus/hbedv
plugins/virus/kavscanner
plugins/virus/klez_filter
plugins/virus/sophie
plugins/virus/uvscan
Apparently the format of vpopmaild responses has been expanded and the responses
are conditional.
* Replaced the 'sometimes works' eq comparison with a regexp that always works.
* added tests for all 3 vpopmail plugins
* added cram-md5 auth support to auth_vpopmaild.
The mail hook sets a transaction note 'temp_resolver_failed', but the
rcpt hook queried a connection note of the same name (which didn't
exist, of course).
Now it queries the transaction note.
Check recipients from a postfix style map. The valid return codes are of course
qpsmtpd constants. By storing the addresses in a %hash, this is much faster
for fixed addresses than using the rcpt_regexp plugin just with fixed strings.
This plugin handles only one domain per plugin instance. Use the :N suffix for
the plugin if you need several domains mapped.
The current postfix-queue plugin allows the administrator to set a
single path to a local postfix cleanup socket file from the plugin
'command line'. This adds a 'cleanup_sockets' configuration directive
that can contain a list of paths as well as host/port combinations
pointing to postfix cleanup services, which will be tried in the order
that they appear. Not yet tested.
2. If the name doesn't end in a dot then append each item in the search list to the name.
This is only done if dnsrch is true.
triggered by..
From: Charlie Brady <charlieb-qpsmtpd@budge.apana.org.au>
Subject: [BUG] Default search path used in require_resolvable_fromhost
Date: Sat, 17 Jul 2010 16:24:42 -0400 (EDT)
Message-ID:
<Pine.LNX.4.64.1007171623040.17109@e-smith.charlieb.ott.istop.com>
http://bugs.contribs.org/show_bug.cgi?id=5808
Jesper Knudsen 2010-03-01 01:29:10 MST
When using the require_resolvable_fromhost plugin for qpsmtpd I noticed
that mails from user@localhost.localdomain was actually getting through
this filter. I finally found out that the plugin has a bug that causes it
to insert default search path if it cannot find the domain. This means in
my case that localhost.localdomain was then tried resolved as
localhost.localdomain.swerts-knudsen.dk and since I have a wilcard CNAME
was resolved as my public IP.
Since this plugin is only enabled for public interface the fix is to set
the "dnsrch" flag when creating the Net::DNS object.
In require_resolvable_fromhost:
my $res = Net::DNS::Resolver->new (
dnsrch => 0
);
(updated patch against rspier/qpsmtpd)
The p0f plugin defaulted to binding to TCPLOCALIP, which doesn't work
when the mail server is running behind a firewall with a private IP. If
the local_ip option is set in the config file, it overrides TCPLOCALIP.
Added POD documentation for local_ip option and p0f general usage
Signed-off-by: Robert <rspier@pobox.com>
(patch remade against latest rspier/qpsmtpd)
added remote_port, local_ip, local_port, and local_host to $qp->connection, as the p0f plugin relies on it.
added notes to TcpServer.pm and the p0f plugin noting the dependence, and the lack of support for models other than tcpserver.
Signed-off-by: Robert <rspier@pobox.com>
rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available.
Signed-off-by: Robert <rspier@pobox.com>
added auth_vpopmail plugin, using the perl-vpopmail module
added VPOPMAIL auth methods description to docs/authentication
added SEE ALSO section to each module, noting the VPOPMAIL description
Signed-off-by: Robert <rspier@pobox.com>
updates to auth_vpopmail_sql module
- moved vpopmail database parameters into config files
- added LIMITATIONS section to POD, noting no support for alias domains
- renamed sub from authsql (too generic) to auth_vmysql
Signed-off-by: Robert <rspier@pobox.com>
The current status file, in git, has the following entry:
-plugin to reject mails from <> if it has multiple recipients.
I hereby submit my plugin to handle this case for possible inclusion,
under the same terms as the current qpsmtpd release.
The plugin is available here:
http://www.steve.org.uk/Software/qpsmtpd/check_bogus_bounce/
Please find patch against git head below, adding the file and removing
the TODO line from the status file.
Signed-off-by: Robert <rspier@pobox.com>
Jost Krieger pointed out that the documentation for the header check called
for a config_headers, but the code actually implemented scan_headers. Updated
to accept either. Also the condition for actually checking/skipping the
headers was inverted.
Also whitespace fixes.
Exim's BSMTP interface will indicate the SMTP response to the exchange;
actually use it rather than assuming all errors are 400-class soft ones.
Tolerate $transaction->header returning undef (since it evidently can under
some conditions).
Convert a few errant tabs to spaces.
Fix vi modeline.
Signed-off-by: Robert <rspier@pobox.com>
Hi all!
I have written a patch to allow the spamassasin plugin to have a custom
spam tag read in from a configuration file as opposed to the default ***
SPAM *** that is hard coded.
When the configuration file (spamsubjectprefix) is not defined or empty
the default value still applies, if it is provided the value from the
configuration file is used.
Any change this can be considered for implementation as we would really
like to have it for SME Server.
Kind regards,
Jonathan
Signed-off-by: Robert <rspier@pobox.com>
Tomas Lee <j533xdbjwfgdbsv@jetable.net> pointed out that
cab7466c08 broke the default badmailfrom
reason.
This fixes that functionality and simplifies the code a little.
QP's connection to spamd unnecessarily persists beyond the run of the
spamassassin plugin itself. This closes the socket as soon as we're
finished using it.
Signed-off-by: Ask Bjørn Hansen <ask@develooper.com>
from Tom Callahan <anomaly@abducted.us>
(reformatted by Robert)
Signed-off-by: Robert <rspier@pobox.com>
Signed-off-by: Ask Bjørn Hansen <ask@develooper.com>
import plugins/connection_time from SVN's contrib. Changes:
* perltidy run
* add one optional parameter: log level of the message, defaults
to LOGNOTICE (same as in SVN)
* updated docs
* use magic hooking with hook_rcpt
* add note about regexes being eval()ed => trusted users only
Signed-off-by: Ask Bjørn Hansen <ask@develooper.com>
plugins/virus/kavscanner calls $transaction->add_recipient($_->address)
on a list of Mail::Address objects, but add_recipient() clearly
documents that it takes Qpsmtpd::Address (or compatible) objects, not
strings. This is a bit of a drive-by fix inspired by a grep through the
codebase for calls to add_recipient().
non-premium customers or something like that such as (3) annoying your
customers, if you are in a position to actually want to do that
Signed-off-by: Robert <rspier@pobox.com>
Can't call method "close" on an undefined value at
/usr/share/perl5/IO/Socket/SSL.pm line 780.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@937 958fd67b-6ff1-0310-b445-bb7760255be9
the MX lookups and, only if they return nothing, make the A lookups.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@880 958fd67b-6ff1-0310-b445-bb7760255be9
Fix to prevent run_continuation being incorrectly called
(both Radu Greab)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@857 958fd67b-6ff1-0310-b445-bb7760255be9
... now check_earlytalker can be expanded to VRFY and NOOP (see RFC 1854, #2.1)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@836 958fd67b-6ff1-0310-b445-bb7760255be9
- add back in after 0.42 is out? if yes: start implementing in -prefork
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@809 958fd67b-6ff1-0310-b445-bb7760255be9
Add _auth field to PollServer.
Make sure that check_earlytalker works with PollServer.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@711 958fd67b-6ff1-0310-b445-bb7760255be9
Qpsmtpd::Plugins for more info. This can be used to disable (and re-
enable) loaded plugins for the current connection.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@700 958fd67b-6ff1-0310-b445-bb7760255be9
domain names we queried.
See the thread "dnsbl or spamhaus occassionally blocks wrong IP"
starting at 14 Mar 2006 for details.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@683 958fd67b-6ff1-0310-b445-bb7760255be9
Sender: but does not resign message or strip DomainKeys-Signature. Add
config option to prevent badly signed message from being DENY'd.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@654 958fd67b-6ff1-0310-b445-bb7760255be9
mandate signing by policy for the moment).
Change variables to use actual English words as names (instead of disemvoweled
or truncated variants).
Tweak Copyright notice to be current.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@652 958fd67b-6ff1-0310-b445-bb7760255be9
Enhance the spamassassin plugin to support connecting to a remote
spamd process (Kjetil Kjernsmo).
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@651 958fd67b-6ff1-0310-b445-bb7760255be9
Make the clamdscan plugin temporarily deny mail if if can't talk to clamd
(Filippo Carletti)
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@621 958fd67b-6ff1-0310-b445-bb7760255be9
From: gordonr@gormand.com.au
Subject: Re: Submitting plugins (was Re: New plugin: denybounce)
Date: January 24, 2006 9:02:35 PM PST
To: ask@develooper.com
Cc: gavin@openfusion.com.au, qpsmtpd@perl.org
Message-Id: <43D7066B.3050106@gormand.com.au>
Ask Bjørn Hansen wrote:
On Jan 24, 2006, at 1:08 PM, Gordon Rowell wrote:
- License statement - either as per qpsmtpd or as per Perl or similar open license
No, it really should be MIT licensed ("as per qpsmtpd") to go in the distribution.
There are a few exceptions (only your plugins at a cursory glance), but those are mistakes. :-)
I don't have an issue with my qpsmtpd plugins being changed to state:
=head1 AUTHOR
Copyright 2005 Gordon Rowell <gordonr@gormand.com.au>
This software is free software and may be distributed under the same
terms as qpsmtpd itself.
Though as a distro maintainer, we do have a sizeable issue with license proliferation. It really is a bit of a nightmare when two licenses are almost, but not completely, the same.
Thanks,
Gordon
r4216@g5: ask | 2006-01-24 23:12:21 -0800
merge license fix from trunk
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@603 958fd67b-6ff1-0310-b445-bb7760255be9
Patch by Hanno Hecker <hah@uu-x.de>.
Adds the RFC 1893 status codes to the messages which are returned to the
sending client.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@602 958fd67b-6ff1-0310-b445-bb7760255be9
By default no flags are set (old behaviour). Known flags for cleanup are
FLAG_FILTER, FLAG_BCC_OK and FLAG_MAP_OK, see POD for details.
Patch by: Hanno Hecker <hah@uu-x.de>
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@600 958fd67b-6ff1-0310-b445-bb7760255be9
* lib/Qpsmtpd/Connection.pm
Abstract out parameters which can be reused (e.g. TLS) or can be
set when creating the Connection object via start().
* plugins/tls
Simplify code to use $self->clone() construct and also suppress
IO::Socket::SSL debug noise, now that this is working.
* plugins/tls_cert
New file to automate creating self-signed certificates for TLS.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@597 958fd67b-6ff1-0310-b445-bb7760255be9
Use LOGNOTICE instead of LOGERROR when bailing early due to
non-multipart message.
Test clamd->ping() before scanning, and bail if it doesn't
answer (with an appropriate error).
Patch submitted by Dave Rolsky <autarch@urth.org>.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@583 958fd67b-6ff1-0310-b445-bb7760255be9
r588@jpeacock (orig r490): jpeacock | 2005-07-09 07:03:53 -0400
r547@jpeacock: jpeacock | 2005-07-02 07:20:17 -0400
Replace pithy comment with something more neutral.
Thanks Gordon Rowell <gordonr@gormand.com.au>
r548@jpeacock: jpeacock | 2005-07-02 07:24:21 -0400
Example patterns for badrcptto plugin - Gordon Rowell <gordonr@gormand.com.au>
r586@jpeacock: jpeacock | 2005-07-09 06:54:47 -0400
Don't use varlog() directly unless you are passing all parameters.
Don't try to log() anything during loading of logging plugins.
r587@jpeacock: jpeacock | 2005-07-09 06:59:57 -0400
Cannot use new-style hooking with logging plugins (yet).
r590@jpeacock (orig r491): jpeacock | 2005-07-10 06:56:55 -0400
r589@jpeacock: jpeacock | 2005-07-10 06:54:32 -0400
Track hooks as array and hash.
Re-revert changes to logging plugins to use new-style hooking.
logging/adaptive assumed that register() has been called before hook_logging.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.31@503 958fd67b-6ff1-0310-b445-bb7760255be9
The great plugin renaming in the name of inheritance and standardization commit.
1. new concept of standard hook_ names.
2. Plugin::init
3. renamed many subroutines in plugins (and cleaned up register subs)
4. updated README.plugins
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@479 958fd67b-6ff1-0310-b445-bb7760255be9
and save log lines <= min level. IIF a message is accepted for delivery,
then echo out the saved log lines (typically just FROM and TO) with the prefix
for multilog filtering into independent log files.
Update POD in logging/adaptive to describe changed behavior as well as give
an example log/run file to filter the messages accordingly.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@443 958fd67b-6ff1-0310-b445-bb7760255be9
Change plugins/dnsbl to permit AUTH'd or other relay clients even if IP
is on a blacklist.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@442 958fd67b-6ff1-0310-b445-bb7760255be9
