Plugins can now use a 'loglevel' argument in config/plugins entry
Includes user instructions prepended to docs/logging.pod
Already works for all plugins that use named arguments
These 3 auth plugins all have a data store they fetch the reference
password or hash from. They then match the attemped password or hash
against the reference. This consolidates the latter portion (validating
the password/hash) into Auth.pm.
* less duplicated code in the plugins.
* Pass validation consistently handled for these 3 plugins.
* less work to create new auth plugins
Also caches the CRAM-MD5 ticket. It could also cache user/pass info if
this was desirable.
removed auth method from return calls in all auth plugins. The caller knows the mechanism already. In the code, the difference looks like this:
before:
or return (DENY, "authcvm/$method");
after:
or return (DENY, "authcvm");
Added debug level log entries in auth_vpopmaild
Conflicts:
plugins/auth/auth_vpopmail_sql
unit tests for new methods are in t/auth.t
added PLAIN and LOGIN tests in auth_flat_file
Most tests are disabled unless an interactive terminal is detected and $ENV{QPSMTPD_DEVELOPER} is set.
so log entries look like this:
86553 (connect) ident::geoip: US, United States
86553 (connect) ident::p0f: Windows 7 or 8
86553 (connect) check_earlytalker: remote host said nothing spontaneous, proceeding
instead of this:
86553 ident::geoip: (connect): US, United States
86553 ident::p0f: (connect) Windows 7 or 8
86553 check_earlytalker: (connect): remote host said nothing spontaneous, proceeding
Conflicts:
plugins/logging/warn
We have to return something true, else the client gets an additional
451 Internal error - try again later - command 'helo' failed unexpectedly
after the plugin's ->respond() message.
The current postfix-queue plugin allows the administrator to set a
single path to a local postfix cleanup socket file from the plugin
'command line'. This adds a 'cleanup_sockets' configuration directive
that can contain a list of paths as well as host/port combinations
pointing to postfix cleanup services, which will be tried in the order
that they appear. Not yet tested.
This makes hook_reset_transaction a bit more useful by running it on
disconnections. It also ensures that hook_disconnect runs when the
client disconnects without QUITing.
Update Qpsmtpd::Connection::notes() and Qpsmtpd::Transaction::notes()
with clearer, more brief syntax. A previous patch used seemingly better
syntax, but did not evaluate the size of @_ in order to distinguish
between a call to notes('arg1',undef) and notes('arg1'). This corrects
this issue, and adds a comment to that effect.
(patch remade against latest rspier/qpsmtpd)
added remote_port, local_ip, local_port, and local_host to $qp->connection, as the p0f plugin relies on it.
added notes to TcpServer.pm and the p0f plugin noting the dependence, and the lack of support for models other than tcpserver.
Signed-off-by: Robert <rspier@pobox.com>
Qpsmtpd::config now checks cache, hooks, qmail_config, default in this
order and returns the first match. In any case the returned value is
stored in the cache, so subsequent calls to Qpsmtpd::config return the
same value (unless the cache is cleared).
Trying to get SMTP auth working with alpine, I came across a bug.
Alpine sends AUTH PLAIN and waits for a 334 response, then sends the
auth string. According to the RFC, the server should reply with 334
and a nothing else, but in Auth.pm qpsmtpd responds with "334 Please
continue." the "Please continue" is interpreted as a non-zero
length initial challenge which causes alpine (and maybe other
clients?) to abort the session.
Signed-off-by: Charlie Brady <charlieb@budge.apana.org.au>
Signed-off-by: Robert <rspier@pobox.com>
Qpsmtpd::Transaction::body_filename() calls $self->body_spool() if the
message body has not already been spool to disk. This adds the same
check to Qpsmtpd::Transaction::body_fh()
It wasn't suitable to dup the body FH returned by plain old
body_fh(), so here's a separate function to return that.
Signed-off-by: Ask Bjørn Hansen <ask@develooper.com>
Improve Qpsmtpd::Transaction::add_recipient syntax
Update Qpsmtpd::Transaction::add_recipient to use slightly clearer
language, and add 'if $rcpt' to prevent undef recipients from
being added -- in this case, the '@_ and' syntax allowing this set
method to set undef is undesirable, since you shouldn't be adding undef as
a recipient.
Signed-off-by: Ask Bjørn Hansen <ask@develooper.com>
Qpsmtpd::Connection::notes() and Qpsmtpd::Transaction::notes() have
identicaly functionality; however, the POD documentation for Connection
notes is fairly brief while the documentation for Transaction notes is
longer and more helpful. This updates the Connection notes documention
to be consistent with its Transaction counterpart.
Qpsmtpd Connection and Transaction objects support notes() methods which
are conventionally used to pass data between plugins. This adds the
same functionality to Address objects. This should make it easier for
plugins to begin supporting message handling based on per-user
configuration directives.
Signed-off-by: Ask Bjørn Hansen <ask@develooper.com>
This reverts commit ea86b9fdb2.
Jared said...
I originally considered these functionally identical, but they are
not. The new code, called with, say, $txn->notes('discard',undef),
would result in evaluation as if it were a 'get' method rather than
setting the 'discard' note to undef. That seems quite dangerous. I
suggest either reverting the language back to the '@_ and' model, or
else doing something like:
Hook after receiving all headers lines. Defaults to nothing,
just continue processing. At this step, sender does not wait for a reply,
but we can stop him from sending remaining data by disconnecting.
(Cleaned up by Robert for english and coding style.)
Signed-off-by: Ask Bjørn Hansen <ask@develooper.com>
Signed-off-by: Robert Spier <robert@perl.org>
I've got many non-standard plugins and for a given
fatal error it is non-trivial to determine which of
them was to blame.
Perhaps this patch would be useful? (Against SVN,
not git, but I think that shouldn't matter too much..)
Steve
--
Stop blog&forum spam
http://blogspam.net/
The code feeds the results of $session->config('me') to
sprintf as part of the format string. In practice, this is
probably not a problem since hostnames don't contain percent
signs. However, it triggers a taint warning in perl 5.10,
making cram-md5 auth unusable.
This patch rewrites the sprintf to insert the 'me' value
using a %s format specifier.
(always worked on the second call due to the cache, but would return undef on the first call)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@955 958fd67b-6ff1-0310-b445-bb7760255be9
Support case where no connect hook is defined (thus continue_read() never gets called)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@882 958fd67b-6ff1-0310-b445-bb7760255be9
Before this, the SMTP responses contained the reference stringification
instead of the real message, when a plugin denied the mail at the DATA
stage:
554 ARRAY(0x9362f10)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@881 958fd67b-6ff1-0310-b445-bb7760255be9
Previous fix does not work for other cases, for example: packet ends
with CRLFdot, next packet starts with CRLF.
Danga::Client will send now full text lines to the callback.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@878 958fd67b-6ff1-0310-b445-bb7760255be9
... now check_earlytalker can be expanded to VRFY and NOOP (see RFC 1854, #2.1)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@836 958fd67b-6ff1-0310-b445-bb7760255be9
- add back in after 0.42 is out? if yes: start implementing in -prefork
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@809 958fd67b-6ff1-0310-b445-bb7760255be9
then derive ids for connections and transactions from that via
simple counters.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@785 958fd67b-6ff1-0310-b445-bb7760255be9
- the reporters poposed fix would have caused two messages for the client on
return(DENY, ...) or a really unknown command.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@772 958fd67b-6ff1-0310-b445-bb7760255be9
Can't locate object method "new" via package "Qpsmtpd::Plugin::logging::warn"
(perhaps you forgot to load "Qpsmtpd::Plugin::logging::warn"?)
if plugin cannot be found in @plugin_dirs
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@762 958fd67b-6ff1-0310-b445-bb7760255be9
What happens is if you pause the connection (needed if you YIELD for something)
then the line-reading loop exits, and never gets back there unless the client
sends more data. If the client is an abuser (i.e. pipelines) then you might
never get back to the read loop.
(yes, this was a bitch to track down :-))
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@730 958fd67b-6ff1-0310-b445-bb7760255be9
Add _auth field to PollServer.
Make sure that check_earlytalker works with PollServer.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@711 958fd67b-6ff1-0310-b445-bb7760255be9
Heavily based on:
From: Nick Leverton <nj@leverton.org>
To: qpsmtpd@perl.org
Subject: SMTPA
Date: Thu, 4 Jan 2007 12:08:16 +0000
Message-Id: <200701041208.17018@leverton.icritical.com>
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@703 958fd67b-6ff1-0310-b445-bb7760255be9
Qpsmtpd::Plugins for more info. This can be used to disable (and re-
enable) loaded plugins for the current connection.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@700 958fd67b-6ff1-0310-b445-bb7760255be9
(intention is to check bits in that don't break anything, so we can
always return to a stable base)
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@676 958fd67b-6ff1-0310-b445-bb7760255be9
Make child process pretty name optional for qpsmtpd-prefork.
Ignore rather than crash for uninstalled plugins.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@675 958fd67b-6ff1-0310-b445-bb7760255be9
plugin_dir is configured. Slightly worsens duplication of code with
plugin_dir() to continue avoiding infinite recursion.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@674 958fd67b-6ff1-0310-b445-bb7760255be9
Leverton <nj|@|leverton.org>. The inner _load_plugins() routine is changed to
load only a single plugin given a search path, and the (two) calls to it pass
in the configured list of plugin dirs. The non-module case of _load_plugin()
simply loops on the plugin dir list until a matching plugin file is found;
the first match stops the search for that plugin, regardless of success or
failure in loading it.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@671 958fd67b-6ff1-0310-b445-bb7760255be9
follow RFC's for multiline responses.
Patch from Brian Szymanski <ski-qpsmtpd@allafrica.com>
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@664 958fd67b-6ff1-0310-b445-bb7760255be9
[stupid] MUA, but isn't implemented with existing auth plugins. Based on
patch from Brian Szymanski.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@660 958fd67b-6ff1-0310-b445-bb7760255be9
Add SSL encryption method to FROM: header line.
Add new tls_before_auth configuration to hide AUTH until TLS is established.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@645 958fd67b-6ff1-0310-b445-bb7760255be9
Greatly simplify Danga::Client due to no more need for line mode client
Update to latest Danga::Socket
Fix check_earlytalker to use new API
Fix Danga::DNS to use new API
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@643 958fd67b-6ff1-0310-b445-bb7760255be9
Fix "help" command when there's no "smtpgreeting" configured (the default)
(Thanks to Thomas Ogrisegg)
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@642 958fd67b-6ff1-0310-b445-bb7760255be9
