Commit Graph

1435 Commits

Author SHA1 Message Date
Robert
61de599c1b Normalize #! lines on all plugins
find . -type f | xargs -n1 perl -pi.bak -0777 -e '$want = "#!perl -Tw"; s/\A#!.*\n/$want\n/; s/\A([^#])/$want\n\1/s'
2012-04-28 20:41:31 -07:00
Matt Simerson
38c74352d1 prepend auth_flat plugin name to $note
Makes it much easier to figure out where that log entry came from.
2012-04-28 20:19:30 -07:00
Matt Simerson
651ca986ff don't print GeoIP country if not defined
If we don't get a result from the lookup, all we know is that we didn't get a result. Maybe an error, maybe the IP not in the database.
2012-04-28 20:19:18 -07:00
Matt Simerson
005c4d9105 make sure $hook is defined before printing it
This prevents error messages about $hook being undefined in the logs
2012-04-28 20:18:28 -07:00
Matt Simerson
821b182081 fixed spelling error, added spf code to notes 2012-04-28 20:15:36 -07:00
Matt Simerson
4bff5debab added tls comments to config/plugins 2012-04-28 20:14:00 -07:00
Matt Simerson
91d3f2a007 added comments to logging config files 2012-04-28 20:13:50 -07:00
Matt Simerson
5dfc90acf3 fixed POD formatting 2012-04-28 20:13:24 -07:00
Matt Simerson
dfeb8358c6 improve grammar, update logging instructions
updated instructions for setting loglevel to use config/loglevel instead
of editing lib/Qpsmtpd to set $TraceLevel
2012-04-28 20:11:24 -07:00
Matt Simerson
1f36a2437a bump RAM from 50 to 75MB
necessary on my FreeBSD 8 amd64 system. I'm guessing higher requirements
will be the norm on 64 bit systems.
2012-04-28 20:08:30 -07:00
Matt Simerson
1701406f78 suppress log error when $user unset
test for and return earlier when a null sender is encountered.
Prevents using an undefined variable.
2012-04-28 20:08:17 -07:00
Matt Simerson
2591d57aab updated URL to new github repo 2012-04-28 20:05:06 -07:00
Matt Simerson
890558767e doc fix: changed $TRACE_LEVEL to $TraceLevel 2012-04-28 20:04:38 -07:00
Ask Bjørn Hansen
ffb561d065 Add travis-ci configuration file 2012-04-07 18:11:22 -07:00
Matt Simerson
ed8eca0a63 fixed failing auths to auth/vpopmaild, added tests
Apparently the format of vpopmaild responses has been expanded and the responses
are conditional.

* Replaced the 'sometimes works' eq comparison with a regexp that always works.
* added tests for all 3 vpopmail plugins
* added cram-md5 auth support to auth_vpopmaild.
2012-04-07 17:52:44 -04:00
Robert
cd5f088d69 Merge pull request #4 from baudehlo/master
Fix for starttls vulnerability
2011-06-24 14:05:42 -07:00
Matt Sergeant
5200244031 Fix STARTTLS vulnerability for async 2011-06-02 12:57:50 -04:00
Peter J. Holzer
b7668c0468 temp_resolver_failed is a transaction note
The mail hook sets a transaction note 'temp_resolver_failed', but the
 rcpt hook queried a connection note of the same name (which didn't
 exist, of course).
 Now it queries the transaction note.
2011-01-03 12:39:57 -08:00
Charlie Brady
24d09fa4a9 Patch: FATAL PLUGIN ERROR [check_basicheaders]: ...
check_basicheaders fails if there are no headers at all:

http://bugs.contribs.org/show_bug.cgi?id=6345
2010-11-13 18:04:02 -08:00
Robert
461dabc3e1 Revert "Spool body when $transaction->body_fh() is called"
This reverts commit a52660a646.

See http://www.nntp.perl.org/group/perl.qpsmtpd/2010/10/msg9453.html for discussion.
2010-10-29 22:23:58 -07:00
Hanno Hecker
0b0e4e911a prefork: use new instance instead of cloning
Create a new instance instead of cloning^copying the base instance,
see http://www.nntp.perl.org/group/perl.qpsmtpd/2008/07/msg8134.html ff.
2010-09-17 00:39:48 -07:00
Hanno Hecker
33d8825ecf Fix for plugins returning DONE from HELO/EHLO
We have to return something true, else the client gets an additional
 451 Internal error - try again later - command 'helo' failed unexpectedly
after the plugin's ->respond() message.
2010-09-17 15:25:20 +08:00
Hanno Hecker
f9399950f3 plugins/rcpt_map cleanup
* enforce having a "domain" parameter
* unique default message (missing dot added)
2010-09-17 15:25:19 +08:00
Hanno Hecker
7bfad42ac9 new plugin rcpt_map
Check recipients from a postfix style map. The valid return codes are of course
qpsmtpd constants. By storing the addresses in a %hash, this is much faster
for fixed addresses than using the rcpt_regexp plugin just with fixed strings.
This plugin handles only one domain per plugin instance. Use the :N suffix for
the plugin if you need several domains mapped.
2010-09-17 15:25:18 +08:00
Peter A Eisch
e403a56d74 I forgot to sync the code that calls the original config correctly. 2010-09-15 14:33:34 +08:00
Peter A Eisch
2979c52b47 Adds the ability to have multiple instances (each with different
configs) running under Apache.
2010-09-15 14:33:31 +08:00
jaredj
295474503f Add support for multiple postfix cleanup sockets
The current postfix-queue plugin allows the administrator to set a
single path to a local postfix cleanup socket file from the plugin
'command line'.  This adds a 'cleanup_sockets' configuration directive
that can contain a list of paths as well as host/port combinations
pointing to postfix cleanup services, which will be tried in the order
that they appear.  Not yet tested.
2010-09-15 14:32:54 +08:00
jaredj
5c3bd220aa Run hook_reset_transaction after all connections
This makes hook_reset_transaction a bit more useful by running it on
disconnections.  It also ensures that hook_disconnect runs when the
client disconnects without QUITing.
2010-09-15 14:32:53 +08:00
Jared Johnson
96aa5ba171 Shorten/clarify Connection and Transaction notes()
Update Qpsmtpd::Connection::notes() and Qpsmtpd::Transaction::notes()
with clearer, more brief syntax.  A previous patch used seemingly better
syntax, but did not evaluate the size of @_ in order to distinguish
between a call to notes('arg1',undef) and notes('arg1').  This corrects
this issue, and adds a comment to that effect.
2010-09-15 14:32:53 +08:00
Matt Simerson
fa91764f88 renamed test from foo to rcpt_ok 2010-07-25 23:04:58 -07:00
Matt Simerson
0c4a76ffe7 add test name to test output 2010-07-25 22:52:36 -07:00
Matt Simerson
d11b87e050 give badrcptto a reasonable name
renamed check_badrcptto test from foo to test_check_badrcptto_ok
2010-07-25 22:52:32 -07:00
Matt Simerson
3a7f46aa3e increased default TLS security setting
switched default TLS security in config/tls_ciphers from HIGH to HIGH:!SSLv2. Added note for how to set the minimum level of security necessary for PCI compliance.

Signed-off-by: Robert <rspier@pobox.com>
2010-07-25 22:31:59 -07:00
Matt Simerson
d0c9b7cbe5 corrected email address 2010-07-25 22:31:19 -07:00
Robert
9348539ed7 don't create homedir in RPM
based on..

From: Charlie Brady <charlieb-qpsmtpd@budge.apana.org.au>
Subject: rpm packaging bug - smtpd user created with shell not /bin/false
Date: Sat, 17 Jul 2010 18:17:49 -0400 (EDT)
Message-ID:
 <Pine.LNX.4.64.1007171816230.19928@e-smith.charlieb.ott.istop.com>

http://bugs.contribs.org/show_bug.cgi?id=6025

if ! id smtpd >/dev/null 2>&1
then
    # need to create smtpd user.
    if perl -e 'exit ! defined(getgrnam("postdrop"))'
    then
    # if postfix is installed, we will probably use
    # queue/postfix, which will need this:
        supp="-G postdrop"
    fi
    useradd -r -m $supp smtpd
fi

qpsmtpd needs a user "smtpd", but should not create a home directory or
give access to a shell.
2010-07-25 21:48:26 -07:00
Robert
803a320127 ignore search path in DNS lookups
2.  If the name doesn't end in a dot then append each item in the search list to the name.
           This is only done if dnsrch is true.

triggered by..

From: Charlie Brady <charlieb-qpsmtpd@budge.apana.org.au>
Subject: [BUG] Default search path used in require_resolvable_fromhost
Date: Sat, 17 Jul 2010 16:24:42 -0400 (EDT)
Message-ID:
 <Pine.LNX.4.64.1007171623040.17109@e-smith.charlieb.ott.istop.com>

http://bugs.contribs.org/show_bug.cgi?id=5808

 Jesper Knudsen      2010-03-01 01:29:10 MST

When using the require_resolvable_fromhost plugin for qpsmtpd I noticed
that mails from user@localhost.localdomain was actually getting through
this filter. I finally found out that the plugin has a bug that causes it
to insert default search path if it cannot find the domain. This means in
my case that localhost.localdomain was then tried resolved as
localhost.localdomain.swerts-knudsen.dk and since I have a wilcard CNAME
was resolved as my public IP.

Since this plugin is only enabled for public interface the fix is to set
the "dnsrch" flag when creating the Net::DNS object.

In require_resolvable_fromhost:
my $res = Net::DNS::Resolver->new (
                                   dnsrch => 0
                                   );
2010-07-25 21:47:25 -07:00
Johan Almqvist
e2ee6f13e5 new plugin check_badmailfrom_patterns
Signed-off-by: Robert <rspier@pobox.com>
2010-07-11 17:29:24 -07:00
Robin Bowes
0d2b724b93 Check for the exact string resonses from vpopmaild rather than using regexes 2010-05-12 23:25:09 -07:00
Matt Simerson
e13952164d packaging updates
added to MANIFEST
 plugins/check_bogus_bounce
 plugins/auth/auth_vpopmaild
 t/plugin_tests/greylisting

added packaging to MANIFEST.SKIP

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:22:25 -07:00
Matt Simerson
b81d464c87 added p0f support to greylist plugin
- these changes are in the previous TCPLOCAL patch. Documented here.
added p0f config option
added POD docs to explain usage
modified $dbdir selection logic. The previous logic failed when QPHOME was
 not selected (as is the case when tests are being run).
Added '.' as the dir of last resort for $dbdir selection (others $EMPTY/dir
 dumped greylisting database in / )

  - These changes are included in this patch -
Added t/plugin_tests/greylisting, with greylist logic testing (tests are
 disabled by default, as greylisting is disabled in config.sample/plugins)
Added example entry in config.sample/plugins

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:19:52 -07:00
Matt Simerson
cc2d8ccca6 added local_ip option to p0f plugin
(updated patch against rspier/qpsmtpd)

The p0f plugin defaulted to binding to TCPLOCALIP, which doesn't work
when the mail server is running behind a firewall with a private IP. If
the local_ip option is set in the config file, it overrides TCPLOCALIP.

Added POD documentation for local_ip option and p0f general usage

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:16:56 -07:00
Matt Simerson
671a6953b0 add TCPLOCAL* variables to $qp->connection
(patch remade against latest rspier/qpsmtpd)

added remote_port, local_ip, local_port, and local_host to $qp->connection, as the p0f plugin relies on it.
added notes to TcpServer.pm and the p0f plugin noting the dependence, and the lack of support for models other than tcpserver.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:15:57 -07:00
Matt Simerson
0291260284 rewrote sender_permitted_from
rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author).  The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:13:13 -07:00
Matt Simerson
b1c3d2f333 added auth_vpopmail plugin
added auth_vpopmail plugin, using the perl-vpopmail module
added VPOPMAIL auth methods description to docs/authentication
added SEE ALSO section to each module, noting the VPOPMAIL description

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:11:42 -07:00
Matt Simerson
8b892c33ad fix copy/paste error in auth_flat_file
correct copy/paste error, where auth_flat_file methods were named authsql in auth_flat plugin

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:08:50 -07:00
Robert
caad3444c3 start working on Changes file for 0.84+next
Includes 93c1a23..febdb00
2010-05-10 21:23:15 -07:00
Robin Bowes
febdb001c6 new plugin auth_vpopmaild
Signed-off-by: Robert <rspier@pobox.com>
2010-05-10 21:02:46 -07:00
Matt Simerson
0ae24edc55 updates to auth_vpopmail_sql module
updates to auth_vpopmail_sql module
 - moved vpopmail database parameters into config files
 - added LIMITATIONS section to POD, noting no support for alias domains
 - renamed sub from authsql (too generic) to auth_vmysql

Signed-off-by: Robert <rspier@pobox.com>
2010-05-10 20:51:14 -07:00
Matt Simerson
fbbf43ad15 added auth_checkpassword plugin
New and improved!
With POD! (because JP said so: http://www.nntp.perl.org/group/perl.qpsmtpd/2005/06/msg3145.html)
Includes usage notes and a perl script useful for diagnosing a checkpassword program.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-10 20:50:43 -07:00
Robert
3939c7bc51 Add guidelines for commit messages
From git-commit(1)
2010-05-10 20:38:18 -07:00