append optional log_mess to log entry (more description)
subsequent attempts to set naughty don't overwrite the first
set the naughty rejection type to be the reject type of the plugin that marked the connection naughty
get_reject_type can be passed an explicit default
Plugins can now use a 'loglevel' argument in config/plugins entry
Includes user instructions prepended to docs/logging.pod
Already works for all plugins that use named arguments
These 3 auth plugins all have a data store they fetch the reference
password or hash from. They then match the attemped password or hash
against the reference. This consolidates the latter portion (validating
the password/hash) into Auth.pm.
* less duplicated code in the plugins.
* Pass validation consistently handled for these 3 plugins.
* less work to create new auth plugins
Also caches the CRAM-MD5 ticket. It could also cache user/pass info if
this was desirable.
removed auth method from return calls in all auth plugins. The caller knows the mechanism already. In the code, the difference looks like this:
before:
or return (DENY, "authcvm/$method");
after:
or return (DENY, "authcvm");
Added debug level log entries in auth_vpopmaild
Conflicts:
plugins/auth/auth_vpopmail_sql
unit tests for new methods are in t/auth.t
added PLAIN and LOGIN tests in auth_flat_file
Most tests are disabled unless an interactive terminal is detected and $ENV{QPSMTPD_DEVELOPER} is set.
so log entries look like this:
86553 (connect) ident::geoip: US, United States
86553 (connect) ident::p0f: Windows 7 or 8
86553 (connect) check_earlytalker: remote host said nothing spontaneous, proceeding
instead of this:
86553 ident::geoip: (connect): US, United States
86553 ident::p0f: (connect) Windows 7 or 8
86553 check_earlytalker: (connect): remote host said nothing spontaneous, proceeding
Conflicts:
plugins/logging/warn
We have to return something true, else the client gets an additional
451 Internal error - try again later - command 'helo' failed unexpectedly
after the plugin's ->respond() message.
The current postfix-queue plugin allows the administrator to set a
single path to a local postfix cleanup socket file from the plugin
'command line'. This adds a 'cleanup_sockets' configuration directive
that can contain a list of paths as well as host/port combinations
pointing to postfix cleanup services, which will be tried in the order
that they appear. Not yet tested.
This makes hook_reset_transaction a bit more useful by running it on
disconnections. It also ensures that hook_disconnect runs when the
client disconnects without QUITing.
Update Qpsmtpd::Connection::notes() and Qpsmtpd::Transaction::notes()
with clearer, more brief syntax. A previous patch used seemingly better
syntax, but did not evaluate the size of @_ in order to distinguish
between a call to notes('arg1',undef) and notes('arg1'). This corrects
this issue, and adds a comment to that effect.
(patch remade against latest rspier/qpsmtpd)
added remote_port, local_ip, local_port, and local_host to $qp->connection, as the p0f plugin relies on it.
added notes to TcpServer.pm and the p0f plugin noting the dependence, and the lack of support for models other than tcpserver.
Signed-off-by: Robert <rspier@pobox.com>
Qpsmtpd::config now checks cache, hooks, qmail_config, default in this
order and returns the first match. In any case the returned value is
stored in the cache, so subsequent calls to Qpsmtpd::config return the
same value (unless the cache is cleared).
Trying to get SMTP auth working with alpine, I came across a bug.
Alpine sends AUTH PLAIN and waits for a 334 response, then sends the
auth string. According to the RFC, the server should reply with 334
and a nothing else, but in Auth.pm qpsmtpd responds with "334 Please
continue." the "Please continue" is interpreted as a non-zero
length initial challenge which causes alpine (and maybe other
clients?) to abort the session.
Signed-off-by: Charlie Brady <charlieb@budge.apana.org.au>
Signed-off-by: Robert <rspier@pobox.com>
Qpsmtpd::Transaction::body_filename() calls $self->body_spool() if the
message body has not already been spool to disk. This adds the same
check to Qpsmtpd::Transaction::body_fh()
It wasn't suitable to dup the body FH returned by plain old
body_fh(), so here's a separate function to return that.
Signed-off-by: Ask Bjørn Hansen <ask@develooper.com>
