Commit Graph

750 Commits

Author SHA1 Message Date
Jared Johnson
cf0d87610c Make GeoIP headers optional 2014-11-13 11:13:15 -06:00
Jared Johnson
d22396c298 Add headers with GeoIP data 2014-11-13 11:13:15 -06:00
Jared Johnson
da3ed5ebbf Fix missing $self 2014-11-13 11:13:15 -06:00
Jared Johnson
462e974d1e leave register() if neither geoip module loads 2014-11-13 11:13:15 -06:00
Matt Simerson
26a77511b0 fortune: fix bin detection 2014-11-12 22:58:06 -08:00
Jared Johnson
3ffee33d33 Remove extraneous semicolons
They confuse my editor
2014-11-11 16:59:40 -06:00
Matt Simerson
03e7ef722c geoip: skip lookups for localhost 2014-11-11 01:49:46 -05:00
Matt Simerson
3acc6dd3d9 updated MANIFEST with new bin/ file 2014-11-10 16:29:59 -08:00
Matt Simerson
4acf8602bd update docs with geoip_asn note addition 2014-11-10 13:32:28 -08:00
Jared Johnson
2655e7b452 Add tests for exclude files 2014-11-06 17:02:27 -06:00
Jared Johnson
7fb80f35ab Fix some broken variable names 2014-11-06 16:23:29 -06:00
Jared Johnson
81b55eb1ac Support postgrey-style greylist exclusion files
Not yet tested
2014-11-06 16:21:10 -06:00
Graham Todd
fc50cc2629 Update pull request with suggested changes from feedback. 2014-11-06 15:37:40 -05:00
Matt Simerson
38d5523b35 Base: consistent DNS handling 2014-11-06 11:15:18 -08:00
Graham Todd
ceb7419578 Add auth_imap plugin. 2014-11-06 13:00:52 -05:00
Matt Simerson
954fa45f2d added call to ->set_asn 2014-11-05 14:30:23 -08:00
Matt Simerson
54abd60239 strip off AS prefix 2014-11-05 14:30:23 -08:00
Matt Simerson
f2eda74074 ASN lookups now work 2014-11-05 14:30:22 -08:00
Matt Simerson
4eba2a39bc remove unused var 2014-11-05 14:30:22 -08:00
Matt Simerson
c61dbb5734 added GeoIP2 support, partial ASN support 2014-11-05 14:30:22 -08:00
Matt Simerson
9862cdc042 geoip: simplify the get/set data bits 2014-11-05 14:30:22 -08:00
Jared Johnson
289c5b2ca6 Add RFC link 2014-11-03 16:14:51 -06:00
Jared Johnson
e9400cc085 Add missing $self and explicit return 2014-10-28 14:37:56 -05:00
Jared Johnson
179d6427fc Consolidate greylist exclusions into exclude()
This makes for an easily overridden method for excluding hosts from greylisting with custom rules
2014-10-27 17:24:06 -05:00
Matt Simerson
4c314eb642 patch from Carlos Canau <Carlos@Canau.COM> 2014-10-02 15:25:57 -07:00
Matt Simerson
c3aa4c10d2 stunnel: cleanups 2014-09-17 23:00:31 -07:00
Matt Simerson
b289d38f53 more cleanups 2014-09-17 22:22:44 -07:00
Jonathan Hall
897a1fd8aa Remove a ton of 'return ()', and a few other minor readability tweaks. 2014-09-17 20:28:51 -05:00
Matt Simerson
1e82ae1bc7 async removed
1. the known users of async don't upgrade
2. async becomes a win when concurrent connections exceed a few hundred simultaneous
3. anyone that needs async should be looking at Haraka instead
4. the perl async dependencies aren't maintained
2014-09-17 11:38:40 -07:00
Matt Simerson
5155e5c32f POD fixups 2014-09-16 23:27:19 -07:00
Jonathan Hall
3d97773827 Reverse sense of is_not_multipart to is_multipart. 2014-09-16 13:57:15 -05:00
Jonathan Hall
ba3122bd82 Style cleanup
* no more 'return ()'
 * Explicit 'return 0'
2014-09-16 13:51:19 -05:00
Jonathan Hall
44cafde7d4 More complete clamdcscan tests
* construct our own Qpsmtpd::Transaction object for testing, so we're sure
   to have a pristine state
 * Move some logic into a should_scan() sub, to help separate scan_all from
   is_not_multipart (since the multipart state of a message has nothing to
   do with any configuration parameters)
2014-09-16 13:48:19 -05:00
Jonathan Hall
9faa1e1903 Fix clamdscan configuration handling
- Honor configured 'false' values
 - Treat 'scan_all' consistently with other options--permitting 0, 1, 'yes', or 'no' as values
2014-09-16 12:03:49 -05:00
Matt Simerson
ebdb25a4bd extracted config*() from Qpsmtpd.pm -> Config.pm
* includes full test converage for Qpsmtpd::Config
    * folded t/config.t into t/qpsmtpd-config.t
* includes additional tests for Qpsmtpd
    * folded t/tempstuff into t/qpsmtpd.t
* PBP adjustments here and there
* other tweaks to handle test warnings
2014-09-15 23:41:31 -07:00
Matt Simerson
710894cd49 moved Qpsmtpd::Utils -> Base.pm 2014-09-15 18:53:30 -07:00
Matt Simerson
851e1b54ee META updates, tidy, PBP tweaks
* update manifest
* perltidy
* replace postfix if/unless with brackets
* reduce useless indention by exiting sooner
2014-09-15 15:57:12 -07:00
Jared Johnson
4b7af20f49 Fix pattern substitution in user_config plugin 2014-09-15 17:06:47 -05:00
Jared Johnson
50cc469881 Add docs and flexible path to user_config plugin
I needed to make the path modifyable for testing anyway, might as well make it
actually usable.  Not yet tested.
2014-09-15 17:01:39 -05:00
Jared Johnson
8d032d8b50 Follow upstream convention in shebang
Our fork uses '#!/perl (Editor hint)' but upstream normally uses '#!perl'.  Conforming to upstream.

FWIW, the Kate editor recognizes the former as perl for the purpose of syntax highlighting but does not recognize the latter. But the one guy I know who uses Kate didn't take the opportunity to object :)
2014-09-15 16:53:09 -05:00
Jared Johnson
3379248c45 Add user_config example plugin
Add a plugin to read qpsmptd-style configuration files from users' home
directories.  Little to no testing yet.
2014-09-15 16:53:09 -05:00
Matt Simerson
0b38c21f40 auth_vpopmail_sql: wrap DB connect attempt in eval 2014-09-15 14:36:09 -07:00
Jonathan Hall
921139e0ca Update POD to reflect proper ->notes() calling convention. 2014-09-15 11:04:14 -05:00
Matt Simerson
b114e051c7 earlytalker: corrected POD note name 2014-09-13 17:08:12 -07:00
Matt Simerson
6cc5f78826 added POD for earlytalker_wait 2014-09-12 13:54:37 -07:00
Matt Simerson
a53c692c7b earlytalker: check connection note for wait length
Issue #58
reputation databases can set $connection->notes(earlytalker_wait)
2014-09-12 13:32:08 -07:00
Matt Simerson
96ff5746bd early: minor style tweaks 2014-09-12 09:53:41 -07:00
Matt Simerson
ca96ddf4eb added Utils->is_valid_ip, IPv6 ready
resolves Issue #82
2014-09-11 13:34:32 -07:00
Matt Simerson
5960cb4d87 helo: make NXDOMAIN time out faster 2014-09-11 11:37:46 -07:00
Matt Simerson
04a984bbab helo: improved invalid_localhost detection 2014-09-10 15:12:52 -07:00
Matt Simerson
91f8133f5c 2x: use Utils->is_localhost() to detect loopback
* it's IPv6 compatible
* plugins/helo, plugins/fcrdns
2014-09-10 14:22:06 -07:00
Matt Simerson
39c454c95e helo: added IPv6 support to invalid_localhost
and also suppress a test warning
2014-09-10 13:52:56 -07:00
Matt Simerson
88bef54283 resolve issue #77 and PR #32 2014-09-09 14:24:33 -07:00
Matt Simerson
0bbd209431 auth_cvm: added check for null char in username
see issue #53
2014-08-23 11:20:41 -07:00
Matt Simerson
c74564b4c8 Merge pull request #44 from priyadi/master
munge_subject_threshold did not previously work
2014-06-03 22:12:00 -07:00
Matt Simerson
3300994f97 Merge pull request #49 from luzluna/master
looks good, thanks for this.
2014-06-03 21:44:25 -07:00
luzluna park
a4c319acf8 stunnel proxy protocol remote ip,port setting feature added for smtps.
reference : http://www.stunnel.org/static/stunnel.html
protocol spec : http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
2014-06-03 17:48:46 +09:00
Matt Simerson
bdeb92e01b Merge pull request #48 from priyadi/spamassassin
spamassassin: Fix extra newlines between headers and body.
2014-06-03 00:39:32 -07:00
Priyadi Iman Nurcahyo
2775e992a1 Fix extra newlines between headers and body. This caused problems with DKIM verification in SpamAssassin 2014-06-03 07:24:29 +00:00
Priyadi Iman Nurcahyo
59f0c4426c loadcheck: Provide meaningful rejection message to clients 2014-05-15 13:12:47 +00:00
Priyadi Iman Nurcahyo
bb03a785ef munge_subject_threshold did not previously work 2014-05-15 12:21:09 +00:00
Matt Simerson
d1ce56657a loadcheck: refactored. See =CHANGES section 2014-03-21 21:03:46 -07:00
Matt Simerson
767a797dbd loadcheck: perltidy 2014-03-21 09:33:16 -07:00
Matt Simerson
2e356a7cab helo: fix doc typo 2014-03-21 09:28:30 -07:00
Matt Simerson
8e6ef9385f Merge pull request #42 from rsiddall/master
Added Peter Eisch's load checking plugin, see: http://www.nntp.perl.org/...
2014-03-21 08:46:28 -07:00
Richard Siddall
aabefce3b9 Added warning about expense of forking/exec to determine system load. Added SEE ALSO links to the postings containing the plugin and an alternate. 2014-03-21 09:56:32 -04:00
Richard Siddall
ab965b585c Minor perldoc fix. 2014-03-21 09:48:49 -04:00
Richard Siddall
5df4dec48d Bumped the plugin version number for the variant with caching. Fixed a typo in the perldoc. 2014-03-21 09:42:54 -04:00
Richard Siddall
04fc9327b7 Found the improved version of Peter Eisch's plugin attached to http://www.nntp.perl.org/group/perl.qpsmtpd/2006/03/msg4710.html. This includes caching of the system load and adds a cache_time config parameter. 2014-03-21 09:40:01 -04:00
Richard Siddall
95102e68c5 Added Peter Eisch's load checking plugin, see: http://www.nntp.perl.org/group/perl.qpsmtpd/2006/01/msg4422.html, and Steve Kemp's alternative at: http://www.nntp.perl.org/group/perl.qpsmtpd/2008/03/msg7814.html 2014-02-13 21:42:56 -05:00
Matt Simerson
f9d84d94c7 Add Postfix XCLIENT support to smtp-forward plugin
manually merged in PR #2 from cventers

XCLIENT support allows Qpsmtpd to forward client information, such as
the IP address and HELO information, to Postfix such that it can use
that information in access control decisions and logging.

XCLIENT is documented here: http://www.postfix.org/XCLIENT_README.html

This patch adds a "xclient" argument to smtp-forward which enables the
use of the XCLIENT verb if it is advertised by the server smtp-forward
is delivering mail to.
2014-02-13 12:53:33 -08:00
tpoindessous
9f404f52bf Add the message id in log
There is no message id in logfile so it's difficult to debug a message sent through qpsmtpd.
2014-01-24 15:11:39 +01:00
Matt Simerson
0fee545794 domainkeys: fixed doc typo 2014-01-10 21:55:09 -08:00
Matt Simerson
3a47dd2ac2 dmarc: skip processing for null sender 2014-01-08 19:22:16 -05:00
Matt Simerson
4d1b9ffe32 headers: use a more descriptive variable name 2014-01-08 16:11:04 -08:00
Matt Simerson
3353578d8b clamdscan: add support for remote TCP/IP clamd
previous version only worked when clamd was running on the same machine and had access to the spool file. This version also works with a remote clamd.
2013-12-20 00:22:09 -05:00
Matt Simerson
2d4f4a299a naughty: legibility improvement 2013-12-18 00:17:37 -05:00
Matt Simerson
45316487e3 anglebrackets: increase penalty, prefix log msgs 2013-12-18 00:16:41 -05:00
Matt Simerson
bcc6adae19 helo: add karma penalty for no HELO hostname 2013-12-18 00:16:02 -05:00
Matt Simerson
02da55e06d karma: added penalty for spammy TLDs 2013-12-18 00:15:20 -05:00
Matt Simerson
9f88e374c2 tls: reduced importants of an info message
from WARN to INFO
2013-12-18 00:11:53 -05:00
Matt Simerson
a4695cec8b geoip: added named array for invalid args
so it passes Perl::Critic tests
2013-12-18 00:02:07 -05:00
Matt Simerson
96dfb08d87 headers: added POD descripting each header 2013-12-18 00:00:52 -05:00
Matt Simerson
725a8d1960 dspam: remove hard coded default in train_ methods 2013-12-17 23:59:57 -05:00
Matt Simerson
c202d3ef69 dmarc integrated with Mail::DMARC
reimplemented dmarc module to use Mail::DMARC
updated SPF plugin to save SPF results in dmarc_spf note
update dkim to store DKIM results in dkim_result & dkim_verifier notes
2013-12-17 23:53:00 -05:00
Matt Simerson
4d489ea6ef tested and working Authentication-Results
changed the method of saving results. Instead of appending to/from a header, plugins save results to a connection note.

Qpsmtpd::SMTP.pm has a new method that inserts the Authentication-Results header
The smtp-auth information has been removed from the Received header

Authentication-Results providing plugins have been updated to store results in connection note
2013-08-05 15:05:38 -07:00
Matt Simerson
4ae16219bd added Authentication-Results header, with provider
dkim, dmarc, fcrdns (iprev), spf, and smtp-auth
2013-08-05 15:05:38 -07:00
Matt Simerson
4aa888dc6c headers: assign zeroes to avoid undef errors 2013-08-05 15:05:38 -07:00
Matt Simerson
247c5a2bea is_naughty is a setter now too 2013-08-05 15:05:38 -07:00
Matt Simerson
fbdee49965 raised default max msg size in clamdscan from 128k
added max_size on config, so it's likely to get noticed, since even 1M is probably too low for most sites. This should likely default to the same as databytes?
2013-08-05 15:05:38 -07:00
Matt Simerson
f7b00fa677 auth_vpopmaild: added taint checking to responses 2013-08-05 15:05:37 -07:00
Matt Simerson
b8229fbdbf dmarc: added subdomain policy handling 2013-08-05 15:05:37 -07:00
Matt Simerson
92fe1e899f rcpt_ok: do immunity checks earlier, so that
disposition logs don't indicate failure for authenticated senders
2013-08-05 15:05:37 -07:00
Matt Simerson
eccaf17d18 karma: limit rcpts to 1 for senders with neg karma 2013-08-05 15:05:36 -07:00
Matt Simerson
bbc6e895cc distinguish rejecting versus tolerated failures 2013-08-05 15:05:36 -07:00
Matt Simerson
3180c9da31 SPF: added more precise disposition logs, so that
postprocess can determine if a SPF failure caused a rejection
2013-08-05 15:05:36 -07:00
Matt Simerson
ebfccec5b3 dmarc: added support for DMARC policy pct=NNN 2013-08-05 15:05:36 -07:00
Matt Simerson
c0210a7877 SPF: arrage flow so if a pass result is possible,
we will get it and set the note for DMARC plugin
2013-08-05 15:05:36 -07:00
Matt Simerson
effb4e2269 dmarc: improving and updating POD 2013-08-05 15:05:36 -07:00
Matt Simerson
f9fb0acee7 qmail_deliverable: smite null sender to email list 2013-08-05 15:05:16 -07:00
Matt Simerson
ca678ba736 log2sql: populate plugins table from registry.txt
much easier for local customizations.
moved SQL connection settings to config/log2sql
2013-08-05 15:05:16 -07:00
Matt Simerson
8e054c1eda dkim: reduce INFO logging to once per connect 2013-08-05 15:05:16 -07:00
Matt Simerson
a14de07280 tls: added pass|fail prefix to a couple log msgs 2013-08-05 15:05:15 -07:00
Matt Simerson
7f8848d2e8 auth_chkpw: added pass|fail prefix to log msgs 2013-08-05 15:05:15 -07:00
Matt Simerson
25171ec371 dmarc: weed out SPF records from initial search
use a variable instead of array to count list (not using RR address after all)
2013-08-05 15:05:15 -07:00
Matt Simerson
1f2a5c27ed dkim: when signing, use signing domain when we
finding the signing key in a different directory than the sending (eg: example.com instead of www.example.com.)
2013-08-05 15:05:15 -07:00
Matt Simerson
091843927d dmarc: added relaxed alignment tests 2013-08-05 15:05:15 -07:00
Matt Simerson
75a3e4baae find plugins -type f -exec perltidy -b {} \; 2013-08-05 15:05:15 -07:00
Matt Simerson
fd2c56fb36 resolvable_fromhost: adjust log message prefix 2013-08-05 15:05:15 -07:00
Matt Simerson
2e6eeaa82d karma: add recipient limits for bad senders 2013-08-05 15:05:15 -07:00
Matt Simerson
b9bf523e0e hosts_allow: more succinct log message 2013-08-05 15:05:15 -07:00
Matt Simerson
e23523bc46 registry: renumber with big spaces between plugin
types. So there's plenty of room to insert future plugins with having to renumber, which impacts log2sql
2013-08-05 15:05:14 -07:00
Matt Simerson
8a1a156e60 dmarc: remove useless comment 2013-08-05 15:05:14 -07:00
Matt Simerson
2c7cb8afb7 naughty: improve POD 2013-08-05 15:05:14 -07:00
Matt Simerson
db8ec50c3a new plugin: dmarc 2013-08-05 15:05:14 -07:00
Matt Simerson
515188ace5 tls: added ability to store certs in config/ssl
was hard coded to ./ssl
2013-08-05 15:05:14 -07:00
Matt Simerson
f03128523c SPF: add pod, documenting spf_pass_host note 2013-08-05 15:05:14 -07:00
Matt Simerson
0f01a39e88 SPF: add trans. note spf_pass_host if SPF=pass 2013-08-05 15:05:14 -07:00
Matt Simerson
6bea1ebd50 domainkeys: fixed pod grammar error 2013-08-05 15:05:14 -07:00
Matt Simerson
b64bb2f9e4 a collection of DKIM enhancements
* disable Mail::DKIM::TextWrap (causes mangled messages for some clients)
* pod improvements
* don't log the entire DKIM signature when signing
* add dkim_pass_domains connection note with DKIM signer domains that pass
* enable dkim tests
2013-08-05 15:05:14 -07:00
Matt Simerson
b7320a8eb9 SPF: POD formatting fix 2013-08-05 15:05:14 -07:00
Matt Simerson
c92a5a83c8 dkim: improve POD, add dkim_key_gen.sh 2013-08-05 15:05:13 -07:00
Matt Simerson
a3b8af77bd dkim: added message signing feature 2013-08-05 15:05:13 -07:00
Matt Simerson
8c265d3583 domainkeys: added deprecation comment 2013-08-05 15:05:13 -07:00
Matt Simerson
6b16704b4a karma,relay: karma plugin awards karma later
by detecting during DATA if relay_client is set
2013-08-05 15:05:13 -07:00
Matt Simerson
ce0d2b80ef dkim: corrected log entry, added comment 2013-08-05 15:05:13 -07:00
Matt Simerson
d5fd8d24e3 dspam: raise loglevel on debug log message 2013-08-05 15:05:13 -07:00
Matt Simerson
e7ea7a0949 dspam: catch error where QP user lacks x on dspam
x = execute privileges
2013-08-05 15:05:13 -07:00
Matt Simerson
eeacf83e3a bogus_bounce: suppress undefined var error 2013-08-05 15:05:13 -07:00
Matt Simerson
5853ec1a47 spf: add comment re: Authentication-Results header 2013-08-05 15:05:13 -07:00
Matt Simerson
2ca3b1d4ee resolvable_fromhost: documented reject naughty 2013-08-05 15:05:13 -07:00
Matt Simerson
c7f5c45f40 random_error: fixed typo, added std pragmas 2013-08-05 15:05:13 -07:00
Matt Simerson
e433796b96 dspam/spamassassin: adjust karma awards
dspam: be more conservative when learning from karma
sa: added an SA autolearn bonus
2013-08-05 15:05:13 -07:00
Matt Simerson
2f3127359d moved triplicated init_resolver into Plugin.pm 2013-08-05 15:05:13 -07:00
Matt Simerson
58b860c0eb dkim: added karma for dkim results (allow/reject) 2013-08-05 15:05:12 -07:00
Matt Simerson
8e437ec305 helo: stop processing after first match 2013-08-05 15:05:12 -07:00
Matt Simerson
3bb85a66a1 resolvable_fromhost: added karma smites 2013-08-05 15:05:12 -07:00
Matt Simerson
7da69ef12d spamassassin: karma scoring is dependent on
the sessage learn status, not SA (global) autolearn setting. So, karma learning follows SA learning rules.
2013-08-05 15:05:12 -07:00
Matt Simerson
fc5eeec122 added karma awards for SPF pass/fail 2013-08-05 15:05:12 -07:00
Matt Simerson
0c59813957 badmailfrom: fix reject message typo 2013-08-05 15:05:12 -07:00
Matt Simerson
91db656cac fcrdns: new plugin for Forward Confirmed rDNS 2013-08-05 15:05:12 -07:00
Matt Simerson
26becea3d4 qm_deliverable: added reject option, karma smite
award senders -1 karma to senders to invalid addresses
2013-08-05 15:05:12 -07:00
Matt Simerson
0383f63d87 naughty: improve POD 2013-08-05 15:05:12 -07:00
Matt Simerson
f039014b33 karma: be a bit more conservative
require at least -2 karma before smiting
also, add +1 karma to senders with karma_history > 10
2013-08-05 15:05:12 -07:00
Matt Simerson
77272ba095 whitelist: add +5 karma to whitelisted IPs 2013-08-05 15:05:12 -07:00
Matt Simerson
1e88a57f26 relay: give +2 karma boost to relay IPs 2013-08-05 15:05:12 -07:00
Matt Simerson
c17ebdbcf9 p0f: added smite_os, assign -karma by OS 2013-08-05 15:05:12 -07:00
Matt Simerson
d08de879c5 hosts_allow: allow +karma senders +3 concurrents
this is really useful if you set max-per-ip to <= 3.
2013-08-05 15:05:12 -07:00
Matt Simerson
7a4c789ae2 helo: smite senders that fail the selected tests
and made log entries more terse
2013-08-05 15:05:12 -07:00
Matt Simerson
b43f369dbe headers: smite poorly behaved senders with -karma 2013-08-05 15:05:12 -07:00