Commit Graph

1255 Commits

Author SHA1 Message Date
Matt Simerson
0c4a76ffe7 add test name to test output 2010-07-25 22:52:36 -07:00
Matt Simerson
d11b87e050 give badrcptto a reasonable name
renamed check_badrcptto test from foo to test_check_badrcptto_ok
2010-07-25 22:52:32 -07:00
Matt Simerson
3a7f46aa3e increased default TLS security setting
switched default TLS security in config/tls_ciphers from HIGH to HIGH:!SSLv2. Added note for how to set the minimum level of security necessary for PCI compliance.

Signed-off-by: Robert <rspier@pobox.com>
2010-07-25 22:31:59 -07:00
Matt Simerson
d0c9b7cbe5 corrected email address 2010-07-25 22:31:19 -07:00
Robert
9348539ed7 don't create homedir in RPM
based on..

From: Charlie Brady <charlieb-qpsmtpd@budge.apana.org.au>
Subject: rpm packaging bug - smtpd user created with shell not /bin/false
Date: Sat, 17 Jul 2010 18:17:49 -0400 (EDT)
Message-ID:
 <Pine.LNX.4.64.1007171816230.19928@e-smith.charlieb.ott.istop.com>

http://bugs.contribs.org/show_bug.cgi?id=6025

if ! id smtpd >/dev/null 2>&1
then
    # need to create smtpd user.
    if perl -e 'exit ! defined(getgrnam("postdrop"))'
    then
    # if postfix is installed, we will probably use
    # queue/postfix, which will need this:
        supp="-G postdrop"
    fi
    useradd -r -m $supp smtpd
fi

qpsmtpd needs a user "smtpd", but should not create a home directory or
give access to a shell.
2010-07-25 21:48:26 -07:00
Robert
803a320127 ignore search path in DNS lookups
2.  If the name doesn't end in a dot then append each item in the search list to the name.
           This is only done if dnsrch is true.

triggered by..

From: Charlie Brady <charlieb-qpsmtpd@budge.apana.org.au>
Subject: [BUG] Default search path used in require_resolvable_fromhost
Date: Sat, 17 Jul 2010 16:24:42 -0400 (EDT)
Message-ID:
 <Pine.LNX.4.64.1007171623040.17109@e-smith.charlieb.ott.istop.com>

http://bugs.contribs.org/show_bug.cgi?id=5808

 Jesper Knudsen      2010-03-01 01:29:10 MST

When using the require_resolvable_fromhost plugin for qpsmtpd I noticed
that mails from user@localhost.localdomain was actually getting through
this filter. I finally found out that the plugin has a bug that causes it
to insert default search path if it cannot find the domain. This means in
my case that localhost.localdomain was then tried resolved as
localhost.localdomain.swerts-knudsen.dk and since I have a wilcard CNAME
was resolved as my public IP.

Since this plugin is only enabled for public interface the fix is to set
the "dnsrch" flag when creating the Net::DNS object.

In require_resolvable_fromhost:
my $res = Net::DNS::Resolver->new (
                                   dnsrch => 0
                                   );
2010-07-25 21:47:25 -07:00
Johan Almqvist
e2ee6f13e5 new plugin check_badmailfrom_patterns
Signed-off-by: Robert <rspier@pobox.com>
2010-07-11 17:29:24 -07:00
Robin Bowes
0d2b724b93 Check for the exact string resonses from vpopmaild rather than using regexes 2010-05-12 23:25:09 -07:00
Matt Simerson
e13952164d packaging updates
added to MANIFEST
 plugins/check_bogus_bounce
 plugins/auth/auth_vpopmaild
 t/plugin_tests/greylisting

added packaging to MANIFEST.SKIP

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:22:25 -07:00
Matt Simerson
b81d464c87 added p0f support to greylist plugin
- these changes are in the previous TCPLOCAL patch. Documented here.
added p0f config option
added POD docs to explain usage
modified $dbdir selection logic. The previous logic failed when QPHOME was
 not selected (as is the case when tests are being run).
Added '.' as the dir of last resort for $dbdir selection (others $EMPTY/dir
 dumped greylisting database in / )

  - These changes are included in this patch -
Added t/plugin_tests/greylisting, with greylist logic testing (tests are
 disabled by default, as greylisting is disabled in config.sample/plugins)
Added example entry in config.sample/plugins

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:19:52 -07:00
Matt Simerson
cc2d8ccca6 added local_ip option to p0f plugin
(updated patch against rspier/qpsmtpd)

The p0f plugin defaulted to binding to TCPLOCALIP, which doesn't work
when the mail server is running behind a firewall with a private IP. If
the local_ip option is set in the config file, it overrides TCPLOCALIP.

Added POD documentation for local_ip option and p0f general usage

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:16:56 -07:00
Matt Simerson
671a6953b0 add TCPLOCAL* variables to $qp->connection
(patch remade against latest rspier/qpsmtpd)

added remote_port, local_ip, local_port, and local_host to $qp->connection, as the p0f plugin relies on it.
added notes to TcpServer.pm and the p0f plugin noting the dependence, and the lack of support for models other than tcpserver.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:15:57 -07:00
Matt Simerson
0291260284 rewrote sender_permitted_from
rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author).  The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:13:13 -07:00
Matt Simerson
b1c3d2f333 added auth_vpopmail plugin
added auth_vpopmail plugin, using the perl-vpopmail module
added VPOPMAIL auth methods description to docs/authentication
added SEE ALSO section to each module, noting the VPOPMAIL description

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:11:42 -07:00
Matt Simerson
8b892c33ad fix copy/paste error in auth_flat_file
correct copy/paste error, where auth_flat_file methods were named authsql in auth_flat plugin

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:08:50 -07:00
Robert
caad3444c3 start working on Changes file for 0.84+next
Includes 93c1a23..febdb00
2010-05-10 21:23:15 -07:00
Robin Bowes
febdb001c6 new plugin auth_vpopmaild
Signed-off-by: Robert <rspier@pobox.com>
2010-05-10 21:02:46 -07:00
Matt Simerson
0ae24edc55 updates to auth_vpopmail_sql module
updates to auth_vpopmail_sql module
 - moved vpopmail database parameters into config files
 - added LIMITATIONS section to POD, noting no support for alias domains
 - renamed sub from authsql (too generic) to auth_vmysql

Signed-off-by: Robert <rspier@pobox.com>
2010-05-10 20:51:14 -07:00
Matt Simerson
fbbf43ad15 added auth_checkpassword plugin
New and improved!
With POD! (because JP said so: http://www.nntp.perl.org/group/perl.qpsmtpd/2005/06/msg3145.html)
Includes usage notes and a perl script useful for diagnosing a checkpassword program.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-10 20:50:43 -07:00
Robert
3939c7bc51 Add guidelines for commit messages
From git-commit(1)
2010-05-10 20:38:18 -07:00
Matt Simerson
e8cb1c3e94 added definedness test to $local_port as it was emitting errors to to not being defined. My previous commit to TcpServer.pm fixed that problem.
Signed-off-by: Robert <rspier@pobox.com>
2010-05-09 23:28:15 -07:00
Matt Simerson
5f81fd7925 remove vestiges of a bygone RCS 2010-05-09 23:22:13 -07:00
Robert
e37f14b9a6 microoptimizations - replace regex with lc eq 2010-05-09 22:45:59 -07:00
Steve Kemp
1002d0dd56 new plugin - check_bogus_bounce
The current status file, in git, has the following entry:

  -plugin to reject mails from <> if it has multiple recipients.

  I hereby submit my plugin to handle this case for possible inclusion,
 under the same terms as the current qpsmtpd release.

  The plugin is available here:

    http://www.steve.org.uk/Software/qpsmtpd/check_bogus_bounce/

  Please find patch against git head below, adding the file and removing
 the TODO line from the status file.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-09 22:37:13 -07:00
Matt Simerson
68ecedd1ac added ClamAV version to the X-Virus-Checked header
Signed-off-by: Robert <rspier@pobox.com>
2010-05-04 14:23:03 -07:00
Steve Kemp
93c1a238e8 Misc documentation updates
Minor fixups to the documentation:

  * README + CREDITS:
     We use git now, not subversion.
  * README:
     dns  -> DNS
     smtp -> SMTP

Steve
--
Let me steal your soul?
http://stolen-souls.com

Signed-off-by: Robert <rspier@pobox.com>
2010-05-04 14:18:50 -07:00
Ask Bjørn Hansen
c408aa98ca Update copyright year 2010-04-07 22:32:41 -07:00
Ask Bjørn Hansen
e0948cee24 Prepare 0.84 release 2010-04-07 22:26:48 -07:00
Ask Bjørn Hansen
da9e9cd8f9 Update credits for rpm changes 2010-04-07 22:26:48 -07:00
Richard Siddall
977d94a6e0 Modify RPM packaging to allow an SRPM to be built. 2010-04-07 22:16:11 -07:00
Larry Nedry
ef1b493b18 Note Net::IP dependency (Larry Nedry) 2010-04-07 21:51:55 -07:00
Ask Bjørn Hansen
9c81fa10ff Update Changes 2010-04-07 21:49:53 -07:00
Devin Carraway
73eb9012bd Header check config/logical-inversion fix
Jost Krieger pointed out that the documentation for the header check called
for a config_headers, but the code actually implemented scan_headers.  Updated
to accept either.  Also the condition for actually checking/skipping the
headers was inverted.

Also whitespace fixes.
2010-02-20 11:31:36 -08:00
Filippo Carletti
660ed14823 don't initialize the hooks array if it is already initialized 2010-02-13 21:23:03 -08:00
lnedry
3e36ab55af Moved DENYSOFT for temp_resolver_failed to the RCPT TO hook. 2010-02-13 16:29:56 -07:00
Ask Bjørn Hansen
38e4449d4d Merge branch 'rpm'
Conflicts:
	.gitignore
2010-02-12 21:30:55 -08:00
Ask Bjørn Hansen
a1ef2d13cf Fix rpmlint errors; correct License field to 'MIT' 2010-02-12 21:30:02 -08:00
Ask Bjørn Hansen
36a8c8a6cd Untabify 2010-02-12 21:29:32 -08:00
Ask Bjørn Hansen
f8b4650248 Fix to work with new git commands
(Also fix whitespace warning)
2010-02-12 21:28:20 -08:00
Filippo Carletti
2a35963bd4 Requires(pre): coreutils, shadow-utils, perl
to avoid useradd errors during install
2010-02-12 21:12:15 -08:00
Peter J. Holzer
46171d0c66 fixed issue #29: config now caches returned value
Qpsmtpd::config now checks cache, hooks, qmail_config, default in this
order and returns the first match. In any case the returned value is
stored in the cache, so subsequent calls to Qpsmtpd::config return the
same value (unless the cache is cleared).
2010-01-18 11:36:06 -08:00
Devin Carraway
44c67fcbc7 Add a whatis to Qpsmtpd.pm and Postfix.pm's POD
Signed-off-by: Robert <rspier@pobox.com>
2010-01-14 00:13:10 -08:00
Rick
7de104bf66 AUTH PLAIN bug with qpsmtpd and alpine
Trying to get SMTP auth working with alpine, I came across a bug.
Alpine sends AUTH PLAIN and waits for a 334 response, then sends the
auth string. According to the RFC, the server should reply with 334
and a nothing else, but in Auth.pm qpsmtpd responds with "334 Please
continue."   the "Please continue" is interpreted as a non-zero
length initial challenge which causes alpine (and maybe other
clients?) to abort the session.

Signed-off-by: Charlie Brady <charlieb@budge.apana.org.au>
Signed-off-by: Robert <rspier@pobox.com>
2009-12-24 20:36:51 -08:00
Devin Carraway
3889821d16 Use BSMTP response code; misc cleanups
Exim's BSMTP interface will indicate the SMTP response to the exchange;
actually use it rather than assuming all errors are 400-class soft ones.

Tolerate $transaction->header returning undef (since it evidently can under
some conditions).

Convert a few errant tabs to spaces.

Fix vi modeline.

Signed-off-by: Robert <rspier@pobox.com>
2009-12-23 00:02:04 -08:00
Ask Bjørn Hansen
d77244e487 Update Changes 2009-11-04 22:37:00 -08:00
Ask Bjørn Hansen
59da4e4944 Fix typo in default clamav configuration name 2009-11-04 22:36:07 -08:00
Robert
b72c4b0b86 Add config example 2009-11-04 21:44:43 -08:00
Robert
de3fbb565f Rename spamsubjectprefix to subject_prefix. Add docs. 2009-11-04 21:43:38 -08:00
Jonathan Martens
48d1a5b9fe Custom spam tag subject munging in spamassasin plugin
Hi all!

I have written a patch to allow the spamassasin plugin to have a custom
spam tag read in from a configuration file as opposed to the default ***
SPAM *** that is hard coded.

When the configuration file (spamsubjectprefix) is not defined or empty
the default value still applies, if it is provided the value from the
configuration file is used.

Any change this can be considered for implementation as we would really
like to have it for SME Server.

Kind regards,

Jonathan

Signed-off-by: Robert <rspier@pobox.com>
2009-11-04 21:38:57 -08:00
Steve Kemp
d066479a77 PATCH: Spelling fixups
According to my dictionary "Authentification" is not a real word.

Signed-off-by: Robert <rspier@pobox.com>
2009-10-17 23:38:57 -07:00