Commit Graph

39 Commits

Author SHA1 Message Date
Matt Simerson
a5803d10f5 updated more split '' syntax to split // 2013-08-05 15:05:10 -07:00
Matt Simerson
c61fb67e9b checkpassword: remove newlines that appeared 2012-06-04 03:34:47 -04:00
Matt Simerson
1a1dcc3e53 auth: eval 'use' so plugins can be enabled by default
and tested.
2012-06-04 03:34:47 -04:00
Matt Simerson
4c6054c9fc vpopmaild: logging improvements
added a couple logging calls
prefixed others with pass/skip/fail keywords
2012-05-20 23:40:11 -07:00
Matt Simerson
35e1ce9883 consolidate auth logic into Qpsmtpd::Auth
These 3 auth plugins all have a data store they fetch the reference
password or hash from. They then match the attemped password or hash
against the reference. This consolidates the latter portion (validating
the password/hash) into Auth.pm.

* less duplicated code in the plugins.
* Pass validation consistently handled for these 3 plugins.
* less work to create new auth plugins

Also caches the CRAM-MD5 ticket. It could also cache user/pass info if
this was desirable.
2012-05-20 23:37:06 -07:00
Matt Simerson
319391affe auth_ldap: added logging
whitespace changes (stinkin windows newline chars)
2012-05-07 09:57:41 -07:00
Matt Simerson
fda2f4a730 auth_cvm_unix_local: log entries, strict 2012-05-07 09:55:16 -07:00
Matt Simerson
57d72b3cb4 auth_vpopmail_sql, refactor, log, tests
added strict and warnings pragma
refactored
added tests
added more logging
standard log prefixes
tests run pretests to assure tests can succeed
2012-05-07 09:53:03 -07:00
Matt Simerson
adbbfe6f67 auth_vpopmail: refactored, added tests, logging
added more logging
standard log prefixes
tests run a pretest to make sure tests have a chance to succeed
2012-05-07 09:52:46 -07:00
Matt Simerson
9059529325 authdeny: added standard log prefix 2012-05-07 09:51:24 -07:00
Matt Simerson
54f1a11b46 added logging and tests to auth_checkpassword 2012-05-07 09:47:15 -07:00
Matt Simerson
a6e664ce83 Altered SASL method to include the mechanism in log entries.
removed auth method from return calls in all auth plugins. The caller knows the mechanism already. In the code, the difference looks like this:

before:
        or return (DENY, "authcvm/$method");
after:
        or return (DENY, "authcvm");

Added debug level log entries in auth_vpopmaild

Conflicts:

	plugins/auth/auth_vpopmail_sql
2012-05-06 16:20:25 -07:00
Matt Simerson
5285774285 refactored Qpsmtpd::Auth::SASL
unit tests for new methods are in t/auth.t

added PLAIN and LOGIN tests in auth_flat_file

Most tests are disabled unless an interactive terminal is detected and $ENV{QPSMTPD_DEVELOPER} is set.
2012-05-06 16:17:02 -07:00
Matt Simerson
44ae52818e added vpopmail_sql db connect error handling.
Conflicts:

	plugins/auth/auth_vpopmail_sql
2012-05-06 16:05:28 -07:00
Matt Simerson
219392590e make authdeny POD docs match plugin name
I would rather the plugin were named auth_deny as the POD has, but renaming plugins is currently a sticky mess due to backwards compatibility.
2012-05-06 16:02:56 -07:00
Matt Simerson
2b1428af7e moved POD to top of file
all but 3 plugins have their POD at the top of the file. Bring these little lost sheep into the barn.
2012-05-06 15:46:51 -07:00
Ask Bjørn Hansen
a23d4b3da9 Fix 01-syntax test failures
Exclude some tests with dependencies.

Remove -T from perl line in plugins
This makes it harder to test with PERL5LIB/perlbrew etc
2012-04-29 01:36:01 -07:00
Matt Simerson
dbaa9dbd6c POD corrections, additional tests, plugin consistency
on files in plugins dir:
  fixed a number of POD errors

  formatted some # comments into POD

  removed bare 1;  (these are plugins, not perl modules)
    most instances of this were copy/pasted from a previous plugin that had it

  removed instances of # vim ts=N ...
    they weren't consistent, many didn't match .perltidyrc

  on modules that failed perl -c tests, added 'use Qpsmtpd::Constants;'

Conflicts:

	plugins/async/check_earlytalker
	plugins/async/dns_whitelist_soft
	plugins/async/dnsbl
	plugins/async/queue/smtp-forward
	plugins/async/require_resolvable_fromhost
	plugins/async/rhsbl
	plugins/async/uribl
	plugins/auth/auth_checkpassword
	plugins/auth/auth_cvm_unix_local
	plugins/auth/auth_flat_file
	plugins/auth/auth_ldap_bind
	plugins/auth/auth_vpopmail
	plugins/auth/auth_vpopmail_sql
	plugins/auth/authdeny
	plugins/check_badmailfromto
	plugins/check_badrcptto_patterns
	plugins/check_bogus_bounce
	plugins/check_earlytalker
	plugins/check_norelay
	plugins/check_spamhelo
	plugins/connection_time
	plugins/dns_whitelist_soft
	plugins/dnsbl
	plugins/domainkeys
	plugins/greylisting
	plugins/hosts_allow
	plugins/http_config
	plugins/logging/adaptive
	plugins/logging/apache
	plugins/logging/connection_id
	plugins/logging/transaction_id
	plugins/logging/warn
	plugins/milter
	plugins/queue/exim-bsmtp
	plugins/queue/maildir
	plugins/queue/postfix-queue
	plugins/queue/smtp-forward
	plugins/quit_fortune
	plugins/random_error
	plugins/rcpt_map
	plugins/rcpt_regexp
	plugins/relay_only
	plugins/require_resolvable_fromhost
	plugins/rhsbl
	plugins/sender_permitted_from
	plugins/spamassassin
	plugins/tls
	plugins/tls_cert
	plugins/uribl
	plugins/virus/aveclient
	plugins/virus/bitdefender
	plugins/virus/clamav
	plugins/virus/clamdscan
	plugins/virus/hbedv
	plugins/virus/kavscanner
	plugins/virus/klez_filter
	plugins/virus/sophie
	plugins/virus/uvscan
2012-04-29 00:00:10 -07:00
Robert
61de599c1b Normalize #! lines on all plugins
find . -type f | xargs -n1 perl -pi.bak -0777 -e '$want = "#!perl -Tw"; s/\A#!.*\n/$want\n/; s/\A([^#])/$want\n\1/s'
2012-04-28 20:41:31 -07:00
Matt Simerson
ed8eca0a63 fixed failing auths to auth/vpopmaild, added tests
Apparently the format of vpopmaild responses has been expanded and the responses
are conditional.

* Replaced the 'sometimes works' eq comparison with a regexp that always works.
* added tests for all 3 vpopmail plugins
* added cram-md5 auth support to auth_vpopmaild.
2012-04-07 17:52:44 -04:00
Robin Bowes
0d2b724b93 Check for the exact string resonses from vpopmaild rather than using regexes 2010-05-12 23:25:09 -07:00
Matt Simerson
b1c3d2f333 added auth_vpopmail plugin
added auth_vpopmail plugin, using the perl-vpopmail module
added VPOPMAIL auth methods description to docs/authentication
added SEE ALSO section to each module, noting the VPOPMAIL description

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:11:42 -07:00
Matt Simerson
8b892c33ad fix copy/paste error in auth_flat_file
correct copy/paste error, where auth_flat_file methods were named authsql in auth_flat plugin

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:08:50 -07:00
Robin Bowes
febdb001c6 new plugin auth_vpopmaild
Signed-off-by: Robert <rspier@pobox.com>
2010-05-10 21:02:46 -07:00
Matt Simerson
0ae24edc55 updates to auth_vpopmail_sql module
updates to auth_vpopmail_sql module
 - moved vpopmail database parameters into config files
 - added LIMITATIONS section to POD, noting no support for alias domains
 - renamed sub from authsql (too generic) to auth_vmysql

Signed-off-by: Robert <rspier@pobox.com>
2010-05-10 20:51:14 -07:00
Matt Simerson
fbbf43ad15 added auth_checkpassword plugin
New and improved!
With POD! (because JP said so: http://www.nntp.perl.org/group/perl.qpsmtpd/2005/06/msg3145.html)
Includes usage notes and a perl script useful for diagnosing a checkpassword program.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-10 20:50:43 -07:00
Ask Bjørn Hansen
c0fedf9845 Remove the auth/authnull sample plugin (there are plenty proper examples now
so we don't have to include this insecure plugin)


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@793 958fd67b-6ff1-0310-b445-bb7760255be9
2007-09-22 20:23:21 +00:00
John Peacock
3837fabc9f Ask and ye shall receive
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@659 958fd67b-6ff1-0310-b445-bb7760255be9
2006-09-14 19:48:37 +00:00
Ask Bjørn Hansen
a67b39e282 r4215@g5: ask | 2006-01-24 23:11:01 -0800
From:   gordonr@gormand.com.au
 Subject: Re: Submitting plugins (was Re: New plugin: denybounce)
 Date: January 24, 2006 9:02:35 PM PST
 To:   ask@develooper.com
 Cc:   gavin@openfusion.com.au, qpsmtpd@perl.org
 Message-Id: <43D7066B.3050106@gormand.com.au>
 
 Ask Bjørn Hansen wrote:
 On Jan 24, 2006, at 1:08 PM, Gordon Rowell wrote:
 - License statement - either as per qpsmtpd or as per Perl or  similar open license
 No, it really should be MIT licensed ("as per qpsmtpd") to go in the  distribution.
 There are a few exceptions (only your plugins at a cursory glance),  but those are mistakes.  :-)
 
 I don't have an issue with my qpsmtpd plugins being changed to state:
 
 
 =head1 AUTHOR
 
 Copyright 2005 Gordon Rowell <gordonr@gormand.com.au>
 
 This software is free software and may be distributed under the same
 terms as qpsmtpd itself.
 
 
 Though as a distro maintainer, we do have a sizeable issue with license proliferation. It really is a bit of a nightmare when two licenses are almost, but not completely, the same.
 
 Thanks,
 
 Gordon
 
 r4216@g5:  ask | 2006-01-24 23:12:21 -0800
 merge license fix from trunk


git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@603 958fd67b-6ff1-0310-b445-bb7760255be9
2006-01-25 07:12:34 +00:00
Robert Spier
90daeb3786 r483@dog: rspier | 2005-07-06 21:17:00 -0700
The great plugin renaming in the name of inheritance and standardization commit.
 
 1. new concept of standard hook_ names.
 2. Plugin::init
 3. renamed many subroutines in plugins (and cleaned up register subs)
 4. updated README.plugins
 


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@479 958fd67b-6ff1-0310-b445-bb7760255be9
2005-07-07 04:17:39 +00:00
John Peacock
4360370e7e A new auth plugin by Gordon Rowell <gordonr@gormand.com.au>
Interfaces with Bruce Guenther's Credential Validation Module (CVM)

 *   plugins/auth/auth_cvm_unix_local
     Only DENY if the credentials were accepted but incorrect (bad password?)


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@432 958fd67b-6ff1-0310-b445-bb7760255be9
2005-06-10 12:11:26 +00:00
John Peacock
270f9c9a70 * plugins/auth/auth_ldap_bind
Correct DECLINE to DECLINED


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@405 958fd67b-6ff1-0310-b445-bb7760255be9
2005-04-12 20:48:53 +00:00
John Peacock
58ded6369d * lib/Qpsmtpd/Auth.pm
Fix some totally egregious spelling errors
 
 *  plugins/auth/auth_ldap_bind
    New plugin to authenticate against an LDAP database
    Thanks to Elliot Foster <elliotf@gratuitous.net>


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@404 958fd67b-6ff1-0310-b445-bb7760255be9
2005-04-12 19:59:52 +00:00
Matt Sergeant
bfe7e6cb63 Flat file auth plugin
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@402 958fd67b-6ff1-0310-b445-bb7760255be9
2005-03-30 20:50:34 +00:00
John Peacock
60cab010f8 * plugins/auth/auth_vpopmail_sql
Handle case where pw_clear_passwd doesn't exists in vpopmail database


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@360 958fd67b-6ff1-0310-b445-bb7760255be9
2005-02-10 14:33:13 +00:00
John Peacock
1d1799feb6 Correct handling for vpopmail built without clear password option
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@358 958fd67b-6ff1-0310-b445-bb7760255be9
2005-01-30 17:24:49 +00:00
John Peacock
c840a1d04f Changes by jpeacock@cpan.org (John Peacock)
o plugins/check_badmailfromto
    - New plugin in the style of check_badmailfrom, which matches a pair
      of FROM/TO and makes it seem like the recipient's address no longer
      exists (but only from the matching sender's point of view).  Useful
      for stalkers and other harassment cases.

o plugins/dns_whitelist_soft
    - New plugin to provide a DNS-based whitelist (good for distributed
      sites).

o various files
    - Replaced tab character with 8 spaces and adjusted line breaks for
      better readability.

Changes by mct@toren.net (Michael C. Toren)

o lib/Qpsmtpd/SMTP.pm

    - Assumes a MAIL FROM value of "<#@[]>" (utilized by qmail to
      indicate a null sender when generating a doublebounce message)
      is equivalent to "<>".  Previously qpsmtpd complained that the
      value could not be parsed.

    - Adds LOGIN to the default list of supported auth mechanisms.
      The documentation in Auth.pm indicated that auth-login was not
      currently supported due to lack of functionality, however I can
      confirm that LOGIN appears to work fine as tested by using msmtp
      (http://msmtp.sourceforge.net/).  Are there any indications that
      LOGIN support is actually broken in the current implementation?

    - Removes the "X-Qpsmtpd-Auth: True" header appended when a message
      has been sent by an authenticated user.  One problem with such a
      header is that it's impossible to say which SMTP hop added it,
      and it provides no information which could be used to backtrack
      the transaction.  I grepped through my mail archives a bit
      looking for how other MTAs handled the problem, and decided it
      would be best to place this information in the Received: header:

        Received: from remotehost (HELO remotehost) (192.168.42.42)
          (smtp-auth username foo, mechanism cram-md5)
          by mail.netisland.net (qpsmtpd/0.28) with ESMTP; <date>


o lib/Qpsmtpd/Auth.pm:

    - Documentation update for the arguments passed to an auth
      handler; previously the $mechanism argument was not mentioned,
      which threw off the argument offsets.

    - Documentation update for auth-login removing the warning
      that auth-login is not currently supported due to lack of
      functionality.

    - Fix to execute a generic auth hook when a more specific
      auth-$mechanism hook does not exist.  (Previously posted
      to the list last week.)

    - Upon authentication, sets $session->{_auth_user} and
      $session->{_auth_mechanism} so that SMTP.pm can include them
      in the Received: header.


o plugins/queue/qmail-queue

    - Added a timestamp and the qmail-queue qp identifier to the
      "Queued!" 250 message, for compatibility with qmail-smtpd, which
      can be very useful for tracking message delivery from machine to
      machine.  For example, the new 250 message might be:

        250 Queued! 1105927468 qp 3210 <1105927457@netisland.net>

      qmail-smtpd returns:

        250 ok 1106546213 qp 7129

      Additionally, for consistency angle brackets are placed around
      the Message-ID displayed in the 250 if they were missing in the
      message header.


o plugins/check_badmailfrom:

    - Changed the error message from "Mail from $bad not accepted
      here" to "sorry, your envelope sender is in my badmailfrom
      list", for compatibility with qmail-smtpd.  I didn't see any
      reason to share with the sender the value of $bad, especially
      for situations where the sender was rejected resulting from a
      wildcard.


o plugins/check_earlytalker:
o plugins/require_resolvable_fromhost:

    - No longer checks for earlytalkers or resolvable senders if the
      connection note "whitelistclient" is set, which is nice for
      helping backup MX hosts empty their queue faster.


o plugins/count_unrecognized_commands:

    - Return code changed from DENY_DISCONNECT, which isn't valid in
      an unrecognized_command hook, to DENY, which in this context
      drops the connection anyway.  (Previously posted to the list
      last week.)


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@356 958fd67b-6ff1-0310-b445-bb7760255be9
2005-01-28 03:30:50 +00:00
John Peacock
b5ef3d3add Couple of minor cleanups
*    lib/Qpsmtpd/Transaction.pm
     Forgot to nuke POD for deprecated relaying()

*    plugins/auth/auth_vpopmail_sql
     Log who actually AUTHenticated

*    plugins/virus/uvscan
     Don't need to unlink the file (Qpsmtpd will take care of it)
     Log the machine that did the actual Antivirus scanning


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@329 958fd67b-6ff1-0310-b445-bb7760255be9
2004-09-23 18:54:58 +00:00
Ask Bjørn Hansen
74a5b704b0 move the auth plugins to auth/
rename authsql to auth_vpopmail_sql -- we need a generic "connect to database"
thing with a generic way to configure databases.  ... and then we should have
a more generic "check username with sql" plugin.


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@253 958fd67b-6ff1-0310-b445-bb7760255be9
2004-06-30 09:21:40 +00:00