Commit Graph

761 Commits

Author SHA1 Message Date
Matt Simerson
4f27f360e9 Merge pull request #252 from dani/tls_proto
Allow setting TLS protocol versions in a config file
2016-04-19 17:55:26 -10:00
Daniel Berteaud
4a6ce830b3 New size_limit param for spamassassin plugin
Allow setting the size limit to handle by the plugin, instead of the hardcoded 500_000 value
2016-04-19 18:37:42 +02:00
Daniel Berteaud
0d2690d726 Allow setting TLS protocol versions in a config file
Some users might need to enable the old SSLv3, or others might want to disable TLSv1. Lets make this configurable.
The default value is kept, but can be overriden in the tls_protocols config file
2016-04-19 18:28:36 +02:00
Matt Simerson
9de7c3778e Merge pull request #244 from priyadi/dmarc-fix
Fix DMARC authentication-result string
2016-02-16 14:39:37 -08:00
Christian Eisendle
4d061dfa89 Replace all occurances of CR in X-Spam-Status
The hack for outlook (replacing CR in X-Spam-Status header) assumes
that there is only a single occurance of CR. However, if spamassassin
adds some more spam status information X-Spam-Status might be several lines
long leading to multiple occurance of CR.
This fix changes the substitute to a global subsititute, replacing all
CRs in the X-SPam-Status header.
2016-02-16 22:03:57 +01:00
Matt Simerson
965f4fc440 check *every* regex, not just first 2015-12-17 10:47:08 -08:00
Matt Simerson
00343a48ac Merge pull request #243 from priyadi/master
Should only reject if host is not localhost but HELO claims to be one
2015-12-17 10:17:59 -08:00
Matt Simerson
1143918ec9 badrcpt use reason, and defined-ness test
as reported by frank on the QP mailing list
2015-07-20 09:56:18 -07:00
Priyadi Iman Nurcahyo
feb63c95a5 According to RFC7489 authstr should be: none, pass, fail, temperror, permerror 2015-05-26 19:36:40 +00:00
Priyadi Iman Nurcahyo
0e614e8741 Fix DMARC authentication-result string 2015-05-26 16:13:08 +00:00
Priyadi Iman Nurcahyo
298b92f067 Should only reject if host is not localhost but HELO claims to be one 2015-05-26 10:27:33 +00:00
analogic
e440f8760b DMARC plugin: Added option to disable reporting 2015-03-13 14:02:05 +01:00
Jared Johnson
84aa8e2328 Die when an invalid dir is specified manually 2015-03-09 17:17:26 -05:00
Jared Johnson
4106da56d1 Don't leave DB locked after pruning an empty DB 2015-03-05 18:34:13 -06:00
Jared Johnson
a1144ecbf9 Revert "Revert "Don't crash QP when GeoIP data is missing"" 2015-02-26 17:07:35 -06:00
Jared Johnson
6f38bdf5ad Revert "Don't crash QP when GeoIP data is missing" 2015-02-26 17:05:52 -06:00
Jared Johnson
15210db779 Don't crash QP when GeoIP data is missing 2015-02-26 17:04:49 -06:00
Jared Johnson
15a297372d Default to one-second connect timeout for Redis 2015-02-23 14:32:42 -06:00
Jared Johnson
51ca3fcda4 Skip greylisting when we can't talk to greylist DB 2015-02-23 11:25:36 -06:00
Jared Johnson
4c9bcc0ee4 Configure but don't connect to DB in init_db()
This allows us to start up QP even if e.g. Redis is down
2015-02-23 11:25:18 -06:00
Tom Li
a44c70232c tls_cert: fix a misused quotes
Signed-off-by: Tom Li <biergaizi2009@gmail.com>
2015-02-03 03:49:22 +08:00
Tom Li
2cc6d3f938 tls: checking if dhparam is empty, using "undef" instead of "" for clarity.
Signed-off-by: Tom Li <biergaizi2009@gmail.com>
2015-02-02 20:50:37 +08:00
Tom Li
edea4c239d tls_cert: unified cert name between tls and tls_cert.
Signed-off-by: Tom Li <biergaizi2009@gmail.com>
2015-02-02 18:36:51 +08:00
Tom Li
845760969b tls: fix a typo.
Signed-off-by: Tom Li <biergaizi2009@gmail.com>
2015-02-02 18:30:54 +08:00
Tom Li
2e2e6c70c6 tls: style fixes.
Signed-off-by: Tom Li <biergaizi2009@gmail.com>
2015-02-02 18:19:13 +08:00
Tom Li
acbbf66806 tls_cert: adding dhparam generating.
Signed-off-by: Tom Li <biergaizi2009@gmail.com>
2015-02-02 17:55:40 +08:00
Tom Li
d5954ce249 tls: adding support of dhparam.
Signed-off-by: Tom Li <biergaizi2009@gmail.com>
2015-02-02 17:55:22 +08:00
Tom Li
e6ee356925 tls: respect the order of specified ciphers.
Signed-off-by: Tom Li <biergaizi2009@gmail.com>
2015-02-02 17:37:15 +08:00
Matt Simerson
d9ac50f383 make sure $transaction->notes is blessed before
calling it as such. It doesn't resolve #199 but it does help there.

I'm not sure initializing Qpsmtpd::transaction as {} is a brilliant idea, but I haven't a better solution for that yet.
2015-01-29 11:25:14 -08:00
Jared Johnson
0d79c1ef8e Merge pull request #215 from msimerson/qmd
delete qmail-deliverable BEGIN block
2015-01-29 05:39:15 -06:00
Jared Johnson
194cde52af Merge pull request #213 from msimerson/geoip-debug
geoip: change a couple INFO -> DEBUG
2015-01-29 05:37:12 -06:00
Matt Simerson
11ddf03164 disable qmail-deliverable BEGIN block
because FindBin has some undesirable global effects
2015-01-29 03:10:56 -05:00
Matt Simerson
bc4e7e61a5 geoip: change a couple INFO -> DEBUG 2015-01-28 22:10:06 -08:00
Matt Simerson
d81b2d4331 Merge pull request #147 from msimerson/tcpserver
update tcpenv and lrpip calls to use -> syntax
2015-01-28 20:08:53 -08:00
Matt Simerson
be9f4aef0c update tcpenv and lrpip calls to use -> syntax
don't load plugins twice.

Not exactly sure where that feature crept in some time ago. It was suppressed by checking to see if a queue plugin was already registered, and then bailing out on subsequent register_hook runs. I noticed it in testing, b/c I didn't have a queue plugin loaded. This removes the duplicate calls to register_hook.

* adds caching of the AUTH methods. You can't add new plugins or register new
  hooks w/o restarting QP, so cache the list and avoid having to generate it on every connection.

* other PBP changes (early exits, less indention, fewer unnecessary parens, etc.)
2015-01-28 19:58:58 -08:00
Matt Simerson
04914bf4c9 Merge pull request #212 from salvis/dkim-doc-tweak
plugins/dkim doc tweak
2015-01-28 19:45:46 -08:00
Hans Salvisberg
c1e3652beb Tweak plugins/dkim doc to clarify the d= issue and add a third email reflector. 2015-01-29 02:05:28 +01:00
Matt Simerson
31dbe00514 use perl DNS methods instead of shell cmds 2015-01-28 10:23:03 -08:00
Jared Johnson
113becf8be Get rid of Qpsmtpd::DB::File
DBM is probably the only file format we'll ever support anyhow
2015-01-27 15:55:53 -06:00
Matt Simerson
178c5f6884 Merge pull request #196 from msimerson/dmarc
dmarc: add error handling and tests
2015-01-27 10:30:28 -08:00
Jared Johnson
b6311caae0 Pass multiple keys to del() to speed up prune_db() 2015-01-27 11:50:55 -06:00
Jared Johnson
1320a01f46 Speed up prune_db() with new Qpsmtpd::DB::mget()
This reduces round trips to Redis, speeding up DB pruning,
especially over a network
2015-01-27 10:59:47 -06:00
Jared Johnson
5a58e02e80 Scarier error message for redis failures 2015-01-23 15:23:18 -06:00
Jared Johnson
462a2ae367 Rename 'redis_server' arg to 'redis' 2015-01-23 15:15:04 -06:00
Jared Johnson
4f9af75e48 Make Redis optional
Previously the greylist plugin tried to use redis and fell back to DBM. This means that if a system already had an established DBM database, but happened to have Redis running, the existing DBM db would be abandoned for a new Redis DB. This would inevitably lead to more delays for legitimate mail, and possibly lost mail.

This adds a 'redis_server' argument which enables Redis and sets the location of the redis server; if it is not explicitly set, DBM is used instead.

If the redis server is unavailable, rather than failing to start QP, we instead fail to register the plugin.
2015-01-23 14:24:23 -06:00
Jared Johnson
8c1c5c851d Remove unnecessary calls to cleanup_and_return()
prune_db() and migrate_db() already call unlock(), calling
cleanup_and_return() only added a second (redundant) call to unlock()
2015-01-21 17:31:47 -06:00
Matt Simerson
8185d33fa5 dmarc: add error handling and tests 2015-01-21 10:16:03 -08:00
Matt Simerson
376498f2e8 Merge pull request #190 from msimerson/use-lib
remove instances of: use lib 'lib' in lib/ and
2015-01-21 10:06:07 -08:00
Jared Johnson
9450c21c06 Perltidy 2015-01-14 16:17:04 -06:00
Jared Johnson
029db84771 Remove some postfix 'if' 2015-01-14 16:05:42 -06:00