Commit Graph

649 Commits

Author SHA1 Message Date
Matt Simerson
c0899f6d4d spamassassin: assign karma for autolearn message
also removed 'use lib', to be consistent with most other plugins
and improved grammar
2013-08-05 15:05:11 -07:00
Matt Simerson
8012dff4f9 dspam: be more conservative with karma awards
previous settings were reasonable for a well trained dspam. After starting with a fresh dspam, the settings were not optimal for the amount of naive that a default dspam is.
2013-08-05 15:05:11 -07:00
Matt Simerson
0eef321990 dnsbl: smite blacklisted IPs with -1 karma 2013-08-05 15:05:11 -07:00
Matt Simerson
d5f1f3f72b badrcptto: smite matches with -2 karma
useful for (reject=>naughty) + spam filter training
2013-08-05 15:05:11 -07:00
Matt Simerson
e7f9f3bf21 geoip: added too_far option 2013-08-05 15:05:11 -07:00
Matt Simerson
473a1ba6e3 karma_tool: optimized for speedy IP search, IPv6
fixed one IPv6 issue
2013-08-05 15:05:11 -07:00
Markus Ullmann
c0b36c5cb4 Sanitize spamd_sock path for perl taint mode 2013-08-05 15:05:11 -07:00
Matt Simerson
a90c881ae5 helo: added comments 2013-08-05 15:05:11 -07:00
Matt Simerson
a7742b5b40 dspam: added use lib, removed some parens 2013-08-05 15:05:11 -07:00
Matt Simerson
73f4759ae7 karma: general improvements
skip earlytalker checks for positive senders

limit negative karma senders to 1 concurrent connection (hosts_allow)
  added karma::hook_pre_connection, to make hosts_allow change possible

added karma score to log entries
2013-08-05 15:05:11 -07:00
Matt Simerson
60d3cda18e headers: added section # to RFC citation 2013-08-05 15:05:11 -07:00
Matt Simerson
d8a242b050 whitelist: added pass prefix to log entries 2013-08-05 15:05:11 -07:00
Matt Simerson
96ee32106a qmail_deliverable: remove fail prefix from SMTP er
prefix should only be logged, not emitted during SMTP
2013-08-05 15:05:11 -07:00
Matt Simerson
dd59ad210e karma_tool: release didn't. fixed.
also, preserve karma history when using karma_tool to capture/release
2013-08-05 15:05:10 -07:00
Matt Simerson
0ed418fafd p0f: added path to socket in error message
if p0f cannot connect, provide a more descriptive error message. Particularly useful for a p0f plugin developer that runs both p0f v2 and v3 at the same time.
2013-08-05 15:05:10 -07:00
Matt Simerson
c3dff626cb plugins/bogus_bounce: add Return-Path check
make sure return path is empty, per RFC 3834
2013-08-05 15:05:10 -07:00
Matt Simerson
b9750ee5bf plugins/helo: added RFC 5321 notes 2013-08-05 15:05:10 -07:00
Matt Simerson
214ceffea6 uribl plugin: added 'pass' prefix to log message 2013-08-05 15:05:10 -07:00
Matt Simerson
a5803d10f5 updated more split '' syntax to split // 2013-08-05 15:05:10 -07:00
Matt Simerson
e67f4ff98c helo: avoid undef warning when rDNS is invalid
specifically, when rDNS returns an invalid FQDN like 'null.', which doesn't have
a domain part.
2013-08-05 15:05:10 -07:00
Matt Simerson
d80b117bff replace all instances of split '' with split //
newer versions of perl don't accept split '' syntax any longer
2013-08-05 15:05:10 -07:00
Matt Simerson
2e0909ad27 dspam: improve logging and config error reporting 2013-08-05 15:05:10 -07:00
Matt Simerson
838594642b relay: better error handling and logging
detect failures in calls to Net::IP for relayclient entries that don't parse.
2013-08-05 15:05:10 -07:00
Matt Simerson
f0c7c212c0 clamdscan: replace immunity check with naught test
immunity check was disabled by default, as it wasn't a good policy. OTOH, a naughty check is a sensible default, as we can skip processing on messages we already decided to reject.
2013-08-05 15:05:10 -07:00
Matt Simerson
14e87fabdf qmail_deliverable: reject null sender to ezmlm lis 2013-08-05 15:05:10 -07:00
Matt Simerson
5b742cbf7d dkim: added some missing POD text 2013-08-05 15:05:09 -07:00
Matt Simerson
4465b7af43 headers: simplify required headers logic 2013-08-05 15:05:09 -07:00
Matt Simerson
af55a8d6dd SPF: use $conn->relay_client instead of duplicated
is_in_relayclients method. Expects relay plugin to have set relay_client, a reasonable assumption.
2013-08-05 15:05:09 -07:00
Matt Simerson
e959e408b1 SA: suppress undefined variable warnings 2013-08-05 15:05:09 -07:00
Matt Simerson
55119616d4 whitelist: added debug log message & std plugin
entries.
2013-08-05 15:05:09 -07:00
Matt Simerson
a257ec8414 added vpopmail_ext to qmail_deliverable plugin 2013-08-05 15:05:09 -07:00
Matt Simerson
01d7c7e228 karma: added adjust_karma method
makes it easier to set karma in plugins
2013-08-05 15:04:12 -07:00
Matt Simerson
368b2c0206 spamassassin: further log message refinement 2013-08-05 15:03:12 -07:00
Matt Simerson
016d2b06bc spf: improved support for IPv6 clients 2013-08-05 15:02:17 -07:00
Matt Simerson
7b420252f0 whitelist: added debug log message & std plugin
entries.
2013-08-05 15:02:17 -07:00
Matt Simerson
cd4eda80e1 spamassassin: added 'headers none' option
enables suppression of SA header insertion
2013-08-05 15:02:17 -07:00
Matt Simerson
34957d0604 added vpopmail_ext to qmail_deliverable plugin 2013-08-05 15:02:16 -07:00
Matt Simerson
ef985d0df4 earlytalker: lower karma for earlytalkers 2013-08-05 15:01:53 -07:00
Matt Simerson
69e30117fa resolvable_fromhost: additional logging 2013-08-05 15:01:53 -07:00
Matt Simerson
0229780b0f registry: renamed clamd abb3 from cad to clm 2013-08-05 15:01:53 -07:00
Matt Simerson
cba8cd9cef karma: added error keyword to error log messages 2013-08-05 15:01:53 -07:00
Matt Simerson
2fc909b809 karma: added adjust_karma method
makes it easier to set karma in plugins
2013-08-05 15:01:52 -07:00
Matt Simerson
aa619b84b0 helo: added is_plain_ip to lenient checks
there's no excuse for a client to ever send a raw IP, and I have yet to see a valid client do it
2013-08-05 15:01:52 -07:00
Matt Simerson
93be22020b clamdscan: default is scan always, even authenticated 2013-08-05 15:01:52 -07:00
Matt Simerson
cc26fb7b06 registry: added auth_ prefixes, relay aliases 2013-08-05 15:01:52 -07:00
Matt Simerson
ab22cb2ac4 spamassassin: further log message refinement 2013-08-05 15:01:52 -07:00
Matt Simerson
a005f131f3 qmail_deliverable: test variable if defined before accessing 2013-08-05 15:01:52 -07:00
Matt Simerson
63f97f205f dspam: better error message if dspam_bin is not found 2013-08-05 15:01:52 -07:00
Matt Simerson
b6b1cdd03e SPF: more logging additions 2013-08-05 15:01:52 -07:00
Matt Simerson
b1c2fa16b5 drop the check_ prefix from the last 3 plugins 2013-08-05 15:01:52 -07:00
Matt Simerson
4a662012aa dspam: added missing return 2013-08-05 15:01:52 -07:00
Matt Simerson
fd71e9b98e dnsbl: restore dnsbl bypass for special recipients 2013-08-05 15:01:51 -07:00
Matt Simerson
b7724f4742 dspam: check for dspam_bin during register 2013-08-05 15:01:51 -07:00
Matt Simerson
493c0b3268 log watching and processing tools 2013-08-05 15:01:51 -07:00
Matt Simerson
16b5bfe027 dkim: new plugin 2013-08-05 15:01:51 -07:00
Matt Simerson
002bbed9e3 uribl: ordered pragmas and dependencies 2013-08-05 15:01:51 -07:00
Matt Simerson
6988fa5377 rhsbl: make sure $transaction->sender defined before accessing it 2013-08-05 15:01:51 -07:00
Matt Simerson
bc793a87c7 naughty: POD additions 2013-08-05 15:01:51 -07:00
Matt Simerson
eefb4ab823 headers: added Received to POD header require list 2013-08-05 15:01:51 -07:00
Matt Simerson
8141b4f5a3 dnsbl: more refactoring, 2013-08-05 15:01:51 -07:00
Matt Simerson
723fe314fa rhsbl: added default reject settings 2013-08-05 15:01:51 -07:00
Matt Simerson
b5651f0e4d added plugin: qmail_deliverable 2013-08-05 15:01:51 -07:00
Matt Simerson
0897d93375 resolvable_fromhost: log message updates 2013-08-05 15:01:51 -07:00
Matt Simerson
208dfc3a21 rename require_resolvable_fromhost to resolvable_fromhost 2013-08-05 15:01:51 -07:00
Matt Simerson
feb9ede9df clamdscan: fix karma decrementer 2013-08-05 15:01:51 -07:00
Matt Simerson
4646b0ff0a spamassassin: s/deny/fail/ from a log message (consistency) 2013-08-05 15:01:51 -07:00
Matt Simerson
1b7457b555 SPF: add more log messages 2013-08-05 15:01:50 -07:00
Matt Simerson
11e449a904 geoip: no data is a skip, not a fail 2013-08-05 15:01:50 -07:00
Matt Simerson
52256d2d9b dspam: fixes for training dspam
process_backticks now writes the entire message (headers + body) to a temp file and had dspam read that. Previously, dspam only read the body.  With the new "process, then train on error" method, dspam didn't have access to the DSPAM signature (in the headers).

replaced open2 with open3. Same results. Works part of the time, but not consistent, and I haven't been able to figure out why.

dspam transaction note is now a hashref (was a string)
parsing of dspam response via substring (was regexp)
2013-08-05 15:01:50 -07:00
Matt Simerson
d2cd1160ad domainkeys: add header at top of headers (not bottom) 2013-08-05 15:01:50 -07:00
Matt Simerson
3427af8aa4 dnsbl,rhsbl: process DNS immediately
and use naughty for deferred rejection
2013-08-05 15:01:50 -07:00
Matt Simerson
e67a71cca5 earlytalker: log message cleanup 2013-08-05 15:01:50 -07:00
Matt Simerson
e69893a961 qmail-queue: a few tweaks and a lot of whitespace 2013-08-05 15:01:50 -07:00
Matt Simerson
439e9fe566 tls: log improvement 2013-08-05 15:01:50 -07:00
Matt Simerson
143534d7a6 spf: remove rcpt hook, process to completion during from 2013-08-05 15:01:50 -07:00
Matt Simerson
65f216c445 parse_addr_withhelo: consistency additions 2013-08-05 15:01:50 -07:00
Matt Simerson
183d8b9f18 naughty: support reject_type set by original plugin
that marked the connection as naughty
2013-08-05 15:01:50 -07:00
Matt Simerson
6c2b65d3af hosts_allow: better logging 2013-08-05 15:01:49 -07:00
Matt Simerson
b2a3ef4c34 greylisting: POD correction 2013-08-05 15:01:49 -07:00
Matt Simerson
75e74cd033 dns_whitelist_soft: tiny tweaks of little consequence 2013-08-05 15:01:49 -07:00
Matt Simerson
129ca56e2f unrec: fixed variable assignment 2013-08-05 15:01:49 -07:00
Matt Simerson
0fa0f08b97 connection_time: add compat with tcpserver deployment model 2013-08-05 15:01:49 -07:00
Matt Simerson
12e7895d4c loop: max loops was sometimes not set 2013-08-05 15:01:49 -07:00
Matt Simerson
283610fb73 earlytalker: updated for consistent note accessor 2013-08-05 15:01:49 -07:00
Matt Simerson
d74a5bb095 bogus_bounce: added logging and rejection handling 2013-08-05 15:01:49 -07:00
Matt Simerson
b245d30e9e dnsbl: process DNS queries immediately
rather than deferring until RCPT. This greatly improves efficiency, since most connections will get marked naughty much sooner, having run fewer tests.
2013-08-05 15:01:49 -07:00
Matt Simerson
0fe884209e check_spamhelo: remove, deprecated by helo 2013-08-05 15:01:49 -07:00
Matt Simerson
a259fec536 badrcptto: dropped check_ prefix from name 2013-08-05 15:01:49 -07:00
Matt Simerson
5341163913 karma: improve error handling 2013-08-05 15:01:49 -07:00
Matt Simerson
5ea1eb0f4c badrcptto: log tweaks, better regex detection 2013-08-05 15:01:49 -07:00
Matt Simerson
35b9b32895 relay: logging tweak 2013-08-05 15:01:49 -07:00
Matt Simerson
ca3cb6a67e uribl: insert headers at top of message 2013-08-05 15:01:49 -07:00
Matt Simerson
4a3452f486 p0f: POD & log message updates 2013-08-05 15:01:48 -07:00
Matt Simerson
964eab3b2b dspam: changed to only train on error
per suggestions by the dspam author
2013-08-05 15:01:48 -07:00
Matt Simerson
08256232a8 clamdscan: make sure headers exist before operating on them 2013-08-05 15:01:48 -07:00
Matt Simerson
c95df51af1 geoip: improve log messages
list fixed with continent code first to improve readability
added ability to include city in logging
2013-08-05 15:01:48 -07:00
Matt Simerson
47488650b3 badmailfrom rename fixups 2013-08-05 15:01:48 -07:00
Matt Simerson
1fff417405 rename check_badmailfrom -> badmailfrom 2013-08-05 15:01:48 -07:00
Matt Simerson
e4133127d5 badmailfrom: remove rcpt hook (uses naughty instead) 2013-08-05 15:01:48 -07:00
Matt Simerson
e2c84987f3 helo: refine plugin tests 2013-08-05 15:01:48 -07:00
Matt Simerson
97fda310ee headers: plugin tests, deprecate check_basicheaders 2013-08-05 15:01:48 -07:00
Matt Simerson
d460dc86e3 spamassassin: add explicit default reject_type
consolidate the two data_post methods into one (more linear, simpler)
more informative log message
add new headers to top of headers (not bottom (consistent MTA behavior))
2013-08-05 15:01:48 -07:00
Matt Simerson
db3d27ba4e removed check_badrcptto_patterns: merged into check_badrcptto 2013-08-05 15:01:47 -07:00
Matt Simerson
7ff2d050f3 initial import - based on my qpsmtpd fork
which will merge into the main branch fairly easily
2013-08-05 15:01:47 -07:00
Matt Simerson
4e2ae484a2 Merge pull request #15 from msimerson/early
consolidated chunks of code duplicated 4x into log_and_deny and log_and_...
2013-08-05 12:33:42 -07:00
Matt Simerson
fd646b0d27 Merge pull request #29 from msimerson/helo
Helo
2013-08-05 12:30:59 -07:00
Matt Simerson
ba38da87fb helo: tweak POD language
also mention the connection notes in the POD
2012-06-15 12:44:33 -04:00
Matt Simerson
44db1fecf6 helo: loosen up matching DNS requirements
added X-HELO header to message
added timeout option
quieted down debug logging
2012-06-13 17:49:25 -04:00
Matt Simerson
74ae957936 helo: new plugin
helo - validate a HELO message delivered from a connecting host.

Includes the following tests:

	is_in_badhelo
	invalid_localhost
	is_plain_ip
	is_address_literal [N.N.N.N]
	is_forged_literal
	is_not_fqdn
	no_forward_dns
	no_reverse_dns
	no_matching_dns
2012-06-11 22:27:01 -04:00
Matt Simerson
e6ea23c92f relay: clean up trailing whitespace 2012-06-04 03:35:01 -04:00
Matt Simerson
22c0f23226 imported karma_tool 2012-06-04 03:34:59 -04:00
Matt Simerson
99c0aa8abd new karma plugin 2012-06-04 03:34:47 -04:00
Matt Simerson
7713333d31 p0f: POD improvements 2012-06-04 03:34:47 -04:00
Matt Simerson
c61fb67e9b checkpassword: remove newlines that appeared 2012-06-04 03:34:47 -04:00
Matt Simerson
1a1dcc3e53 auth: eval 'use' so plugins can be enabled by default
and tested.
2012-06-04 03:34:47 -04:00
Matt Simerson
5a8a9be26c make SPF level 2 a little more lenient 2012-06-04 03:34:47 -04:00
Matt Simerson
2727b8529c relay: added note to UPGRADING, dates to plugin author 2012-06-04 03:34:47 -04:00
Matt Simerson
974f1a95e8 new relay plugin, with tests!
replaces functionality of previous 3 relay plugins
2012-06-04 03:34:47 -04:00
Matt Simerson
bf5f1db436 delete 3 relay plugins 2012-06-04 03:34:47 -04:00
Matt Simerson
a69cd6bf64 basicheaders: adding missing semicolon, fixed POD error 2012-06-04 03:34:47 -04:00
Matt Simerson
1e26d1f5ec earlytalker: add explicit reject_type perm
and replace whitelist with is_immune
2012-06-04 03:26:24 -04:00
Matt Simerson
57a0e4ba7b updated plugins to use QP::Plugins::is_immune 2012-06-04 03:26:16 -04:00
Matt Simerson
2a371a2c6e consolidated chunks of code duplicated 4x into log_and_deny and log_and_pass
in apr_*_handler subs, return DECLINED when connection is not available to read (like during tests)

added 23 tests

deprecate action argument
	'action log' did nothing, better logging controls available with loglevel
	'action deny'  ->  reject 1
	'action denysoft' =>  reject 1 reject_type temp

POD
use head2 for config options (instead of over, item, back)
added loglevel section
updated for replacement of action with reject options
2012-06-04 03:23:14 -04:00
Matt Simerson
c2d23306dc badrcptto: remove spurious semicolon 2012-06-04 00:01:30 -07:00
Matt Simerson
086b31c546 connection_time: make compatible with tcpserver deployment 2012-06-04 00:00:37 -07:00
Ask Bjørn Hansen
0e2384cceb Make all plugins use $self->connection rather than $self->qp->connection
Merge remote-tracking branch 'msimerson/connect'

Conflicts:
	plugins/async/require_resolvable_fromhost
	plugins/require_resolvable_fromhost
2012-06-03 23:53:43 -07:00
Matt Simerson
0a16621f02 connection consistency
-  $self->qp->connection->notes
+  $self->connection->notes

and all tests pass.
2012-06-02 00:46:33 -04:00
Matt Simerson
e8e47ad93b move 'use ParaDNS' into register and eval it
so eventually, plugin tests can run against it, if ParaDNS can be loaded
2012-05-23 23:39:43 -04:00
Matt Simerson
2f49cafcd6 resolvable_fromhost: refactored, added: POD, tests, reject, reject_type 2012-05-23 23:39:43 -04:00
Ask Bjørn Hansen
9e239fd83d Merge pull request #16 from msimerson/geoip
Geoip plugin improvements
2012-05-23 15:39:10 -07:00
Matt Simerson
23f06fde7a basicheaders: removed deprecated argument warning 2012-05-23 17:56:06 -04:00
Matt Simerson
09935b0bf6 basicheaders: added whitelist support
because alerts.etrade.com doesn't set a Date header in alerts
2012-05-23 17:12:26 -04:00
Matt Simerson
80b94eb47a removed newline 2012-05-22 18:14:10 -04:00
Matt Simerson
2dcd34467e geoip: eval loading of Geo::IP, tests, enabled in config
eval Geo::IP and log an error if missing
added 2 tests
enabled in config/plugins
2012-05-22 17:40:02 -04:00
Matt Simerson
521aa4919f basicheaders, add reject option, loglevel
added reject option
document the existence of the loglevel option
factored date validity tests into their own sub
added tests
improved POD
2012-05-21 21:30:02 -04:00
Matt Simerson
9d0c2f8469 dnsbl, POD tweaks, DENY type tests
consolidated POD at top of file
added example options to reject_type POD head
added an example loglevel entry

consolidated DENY[SOFT|DISCONNECT] logic into get_reject_type
added tests for get_reject_type
2012-05-21 17:07:37 -04:00
Matt Simerson
ed8ce150be domainkeys: fix failing tests
the previous DK commit moved the 'use Mail::DomainKeys::*' stuff into an eval. The right idea, but tests still fail because I forgot to remove the bare 'use' lines.
2012-05-21 12:17:32 -07:00
Matt Simerson
41550c2681 domainkeys: only register hooks if Mail::DomainKeys is loadable 2012-05-21 05:59:44 -04:00
Matt Simerson
51486d0b04 SPF plugin: refactored, tests, new config option
added POD description of spfquery note

changed spf_deny -> reject  (and offered 4 more options, see POD for reject)
	backwards compatible with old config settings
	replicates qmail-smtpd SPF patch behavior

improved logging (again)

uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed.

background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-21 04:19:45 -04:00
Matt Simerson
edacbf914c anglebrackets: emit log entry when change made 2012-05-20 23:41:15 -07:00
Matt Simerson
691955c60f dnsbl: fixed path to docs/logging.pod 2012-05-20 23:41:09 -07:00
Matt Simerson
1c7d26ecca dnsbl: added log messages, prefixes, additional args
instead of a positional arguments, used named arguments (backwards compatible)
added a couple log message prefixes
removed some trailing whitespace
updated POD
2012-05-20 23:40:23 -07:00
Matt Simerson
5e7568fe71 earlytalker: prefix messages with result keywords 2012-05-20 23:40:15 -07:00
Matt Simerson
4c6054c9fc vpopmaild: logging improvements
added a couple logging calls
prefixed others with pass/skip/fail keywords
2012-05-20 23:40:11 -07:00
Matt Simerson
49dc8bc117 basicheaders: added log messages, tests, named args
added log messages at each exit point
added tests
added reject_type option (defer -vs- deny)
added named argument parsing
2012-05-20 23:39:54 -07:00
Matt Simerson
f37fba7c2b badrcptto: merged plugins, refactored, tests
merged badrcptto_pattern into badrcptto
refactored into smaller methods
added unit tests for each method
2012-05-20 23:39:38 -07:00
Matt Simerson
19927a117e spamassassin: added spam status to log messages
added additional values to tests, to suppress test warnings
2012-05-20 23:39:03 -07:00
Matt Simerson
c3d1f6b16e p0f: tests, tests, tests, backward compat
minor changes to facilitate testing
improved error reporting of several failures
added p0f v2 compatibility to p0f v3 results: in addition to all the newer values, also report the old ones too.
2012-05-20 23:38:48 -07:00
Matt Simerson
25a099e20b dspam: added check for autolearn
don't try to use autolearn if it's not set
added tests that exercise and exorcise the bug
2012-05-20 23:38:42 -07:00
Matt Simerson
9b8c5a1be4 rcpt_ok: refactored and added tests 2012-05-20 23:37:37 -07:00
Matt Simerson
c4b8a7a395 hosts_allow: added logging, POD, deploy notes
added LOGINFO logging for denials, and LOGDEBUG for other results
added SEE ALSO pod
improved readability
2012-05-20 23:37:33 -07:00
Matt Simerson
35e1ce9883 consolidate auth logic into Qpsmtpd::Auth
These 3 auth plugins all have a data store they fetch the reference
password or hash from. They then match the attemped password or hash
against the reference. This consolidates the latter portion (validating
the password/hash) into Auth.pm.

* less duplicated code in the plugins.
* Pass validation consistently handled for these 3 plugins.
* less work to create new auth plugins

Also caches the CRAM-MD5 ticket. It could also cache user/pass info if
this was desirable.
2012-05-20 23:37:06 -07:00
Matt Simerson
6b9881c32e greylisting, refactored and many changes
fixed the vestiges of old plugin name 'denysoft_greylisting'

added ability to bypass greylisting based on geoip

deprecated 'mode [denysoft | testonly | off]
	off wasn't useful
	testonly & denysoft replaced by reject [ 0 | 1 ]

renamed DB from denysoft_greylist to greylist.dbm. Will use existing/legacy DB if present.

added DB pruning feature. Automatically prune the DB when qpsmtpd registers the plugin. Perhaps this should be a config option to enable?

added DB upgrade feature. Convert dotted quad IP addresses in DB to integers. Makes greylisting IPv6 compatible, since DB records are colon delimited.

exempt TLS connections from greylisting. The vast majority (perhaps all) of the SMTP clients that request encryption to my server are legit. We could add a config option for this, but this plugin already has a multitude of config options.

refactored much of the greylisting method into discreet subs

added 30 tests

added additional DEBUG level logging for p0f matches

POD changes:
	replaced over, item N, back, with head2 (better formatted output)
	better describe the current behavior of the plugin (some past behaviors no longer exist)
	added TRIPLET section with example
	added loglevel section
2012-05-20 23:35:46 -07:00
Matt Simerson
5e76d66c66 count_unrecognized_commands
simplified logic in a couple places
consolidated duplicated message
added 4 tests
2012-05-20 23:34:58 -07:00
Matt Simerson
74125300da connection_time:
had single positional argument for loglevel,
  switched to named args which inherits the more flexible loglevel

shortened logging line
 before:   connection_time: Connection time from 66.118.151.187: 3.046 sec.
 after:    connection_time: 3.046 s.
2012-05-20 23:34:26 -07:00
Matt Simerson
19c924d13c dspam bug fix for messages over max size
needs to return DECLINED instead of undef.
2012-05-08 22:37:58 -07:00
Matt Simerson
b53454730d shebang fix for tls_cert (standalone script) 2012-05-07 12:28:59 -07:00
Matt Simerson
319391affe auth_ldap: added logging
whitespace changes (stinkin windows newline chars)
2012-05-07 09:57:41 -07:00
Matt Simerson
35f26c23bb spf plugin, added logging 2012-05-07 09:56:37 -07:00
Matt Simerson
fda2f4a730 auth_cvm_unix_local: log entries, strict 2012-05-07 09:55:16 -07:00
Matt Simerson
8103c5a132 added country name to GeoIP plugin
and removed redundant words from log entries
2012-05-07 09:54:31 -07:00
Matt Simerson
57d72b3cb4 auth_vpopmail_sql, refactor, log, tests
added strict and warnings pragma
refactored
added tests
added more logging
standard log prefixes
tests run pretests to assure tests can succeed
2012-05-07 09:53:03 -07:00
Matt Simerson
adbbfe6f67 auth_vpopmail: refactored, added tests, logging
added more logging
standard log prefixes
tests run a pretest to make sure tests have a chance to succeed
2012-05-07 09:52:46 -07:00
Matt Simerson
9059529325 authdeny: added standard log prefix 2012-05-07 09:51:24 -07:00
Matt Simerson
a1c8462557 moved warn plugin POD to top, merged with # comments 2012-05-07 09:50:43 -07:00
Matt Simerson
54f1a11b46 added logging and tests to auth_checkpassword 2012-05-07 09:47:15 -07:00
Matt Simerson
a1b073cfe2 refactored dnsbl, sprinkling logs and tests on it 2012-05-06 16:21:09 -07:00
Matt Simerson
a6e664ce83 Altered SASL method to include the mechanism in log entries.
removed auth method from return calls in all auth plugins. The caller knows the mechanism already. In the code, the difference looks like this:

before:
        or return (DENY, "authcvm/$method");
after:
        or return (DENY, "authcvm");

Added debug level log entries in auth_vpopmaild

Conflicts:

	plugins/auth/auth_vpopmail_sql
2012-05-06 16:20:25 -07:00
Matt Simerson
205120f26f dspam: a batch of improvements:
expanded POD
cleaned up stray EOL spaces
added lots of logging, with standardized [ pass | fail | skip ] prefixes
added reject_type option
use split for parsing dspam headers
use SA note instead of parsing headers
added reject = agree option
store & fetch dspam results in a note
2012-05-06 16:18:38 -07:00
Matt Simerson
d644c24c83 spamassassin updates
refactored into small subs with unit tests.
parse SA header with split instead of regexp (more reliable)
store SA results in a 'spamassassin' transaction note
add strict and warnings pragma
renamed reject_threshold -> reject (backwards compatible)
added relayclient skip option and POD. Skips SA processing when relayclient is set
added MULTIPLE RECIPIENT BEHAVIOR topic to POD
2012-05-06 16:18:22 -07:00
Matt Simerson
5285774285 refactored Qpsmtpd::Auth::SASL
unit tests for new methods are in t/auth.t

added PLAIN and LOGIN tests in auth_flat_file

Most tests are disabled unless an interactive terminal is detected and $ENV{QPSMTPD_DEVELOPER} is set.
2012-05-06 16:17:02 -07:00
Matt Simerson
5ec9695b94 domainkeys: added reject & reject_type options.
backwards compatible with previous warn_only option.

added additional logging

refactored out a couple new subs.

minor changes: added strictures, warnings, moved 'use' statements to top of code
2012-05-06 16:09:41 -07:00
Matt Simerson
0c7ee4941b added logging and tests to check_badmailfrom
refactored several checks out of hook_mail and added LOGDEBUG

added tests for is_immune method
2012-05-06 16:08:28 -07:00
Matt Simerson
dd5cccd49f converted comments to POD in check_relay plugin 2012-05-06 16:06:24 -07:00
Matt Simerson
44ae52818e added vpopmail_sql db connect error handling.
Conflicts:

	plugins/auth/auth_vpopmail_sql
2012-05-06 16:05:28 -07:00
Matt Simerson
219392590e make authdeny POD docs match plugin name
I would rather the plugin were named auth_deny as the POD has, but renaming plugins is currently a sticky mess due to backwards compatibility.
2012-05-06 16:02:56 -07:00
Matt Simerson
1910fabf0e badmailfromto: added strictures, tests, and
rearranged portionsn of logic for ease of reading
2012-05-06 16:02:43 -07:00
Matt Simerson
c3626f2123 in log entries, print hook name first
so log entries look like this:

86553 (connect) ident::geoip: US, United States
86553 (connect) ident::p0f: Windows 7 or 8
86553 (connect) check_earlytalker: remote host said nothing spontaneous, proceeding

instead of this:

86553 ident::geoip: (connect): US, United States
86553 ident::p0f: (connect) Windows 7 or 8
86553 check_earlytalker: (connect): remote host said nothing spontaneous, proceeding

Conflicts:

	plugins/logging/warn
2012-05-06 16:00:58 -07:00
Matt Simerson
6031e49da8 improved readability of default logging logic 2012-05-06 15:59:49 -07:00
Matt Simerson
2b1428af7e moved POD to top of file
all but 3 plugins have their POD at the top of the file. Bring these little lost sheep into the barn.
2012-05-06 15:46:51 -07:00
Pim van den Berg
8f7494f0cb spf: exit relayclients while loop when client_ip doesnt match
Checking an invalid address kept looping.
2012-04-30 22:20:00 -07:00
Pim van den Berg
2ef465e7aa spf: remove DENYSOFT on SPF softfail
With a DENYSOFT (450) the sender will keep trying to deliver the e-mail.
It makes no sense.

This commit also makes it compatible again with the plugin from before commit:
02912 [rewrote sender_permitted_from]
2012-04-30 22:19:54 -07:00
Ask Bjørn Hansen
a23d4b3da9 Fix 01-syntax test failures
Exclude some tests with dependencies.

Remove -T from perl line in plugins
This makes it harder to test with PERL5LIB/perlbrew etc
2012-04-29 01:36:01 -07:00
Matt Simerson
d8467d784b Made greylisting plugin log a little less by default 2012-04-29 00:44:02 -07:00
Matt Simerson
0084986115 refactored p0f plugin, added p0f v3 support 2012-04-29 00:41:15 -07:00
Matt Simerson
368ce9401b merged check_badmailfrom_patterns into check_badmailfrom 2012-04-29 00:40:02 -07:00
Matt Simerson
102e068297 added dspam plugin 2012-04-29 00:38:28 -07:00
Matt Simerson
318c9ed4f2 applied greylisting NFSLock patch
Issue #1 on Google issue tracker. The patch was 'accepted' by Ask in 2007, but never applied.
2012-04-29 00:32:52 -07:00
Matt Simerson
7c2e37ff20 added pod DESC to dont_require_anglebrackets 2012-04-29 00:25:19 -07:00
Matt Simerson
dbaa9dbd6c POD corrections, additional tests, plugin consistency
on files in plugins dir:
  fixed a number of POD errors

  formatted some # comments into POD

  removed bare 1;  (these are plugins, not perl modules)
    most instances of this were copy/pasted from a previous plugin that had it

  removed instances of # vim ts=N ...
    they weren't consistent, many didn't match .perltidyrc

  on modules that failed perl -c tests, added 'use Qpsmtpd::Constants;'

Conflicts:

	plugins/async/check_earlytalker
	plugins/async/dns_whitelist_soft
	plugins/async/dnsbl
	plugins/async/queue/smtp-forward
	plugins/async/require_resolvable_fromhost
	plugins/async/rhsbl
	plugins/async/uribl
	plugins/auth/auth_checkpassword
	plugins/auth/auth_cvm_unix_local
	plugins/auth/auth_flat_file
	plugins/auth/auth_ldap_bind
	plugins/auth/auth_vpopmail
	plugins/auth/auth_vpopmail_sql
	plugins/auth/authdeny
	plugins/check_badmailfromto
	plugins/check_badrcptto_patterns
	plugins/check_bogus_bounce
	plugins/check_earlytalker
	plugins/check_norelay
	plugins/check_spamhelo
	plugins/connection_time
	plugins/dns_whitelist_soft
	plugins/dnsbl
	plugins/domainkeys
	plugins/greylisting
	plugins/hosts_allow
	plugins/http_config
	plugins/logging/adaptive
	plugins/logging/apache
	plugins/logging/connection_id
	plugins/logging/transaction_id
	plugins/logging/warn
	plugins/milter
	plugins/queue/exim-bsmtp
	plugins/queue/maildir
	plugins/queue/postfix-queue
	plugins/queue/smtp-forward
	plugins/quit_fortune
	plugins/random_error
	plugins/rcpt_map
	plugins/rcpt_regexp
	plugins/relay_only
	plugins/require_resolvable_fromhost
	plugins/rhsbl
	plugins/sender_permitted_from
	plugins/spamassassin
	plugins/tls
	plugins/tls_cert
	plugins/uribl
	plugins/virus/aveclient
	plugins/virus/bitdefender
	plugins/virus/clamav
	plugins/virus/clamdscan
	plugins/virus/hbedv
	plugins/virus/kavscanner
	plugins/virus/klez_filter
	plugins/virus/sophie
	plugins/virus/uvscan
2012-04-29 00:00:10 -07:00
Robert
61de599c1b Normalize #! lines on all plugins
find . -type f | xargs -n1 perl -pi.bak -0777 -e '$want = "#!perl -Tw"; s/\A#!.*\n/$want\n/; s/\A([^#])/$want\n\1/s'
2012-04-28 20:41:31 -07:00
Matt Simerson
651ca986ff don't print GeoIP country if not defined
If we don't get a result from the lookup, all we know is that we didn't get a result. Maybe an error, maybe the IP not in the database.
2012-04-28 20:19:18 -07:00
Matt Simerson
821b182081 fixed spelling error, added spf code to notes 2012-04-28 20:15:36 -07:00
Matt Simerson
5dfc90acf3 fixed POD formatting 2012-04-28 20:13:24 -07:00
Matt Simerson
1701406f78 suppress log error when $user unset
test for and return earlier when a null sender is encountered.
Prevents using an undefined variable.
2012-04-28 20:08:17 -07:00
Matt Simerson
ed8eca0a63 fixed failing auths to auth/vpopmaild, added tests
Apparently the format of vpopmaild responses has been expanded and the responses
are conditional.

* Replaced the 'sometimes works' eq comparison with a regexp that always works.
* added tests for all 3 vpopmail plugins
* added cram-md5 auth support to auth_vpopmaild.
2012-04-07 17:52:44 -04:00
Matt Sergeant
5200244031 Fix STARTTLS vulnerability for async 2011-06-02 12:57:50 -04:00
Peter J. Holzer
b7668c0468 temp_resolver_failed is a transaction note
The mail hook sets a transaction note 'temp_resolver_failed', but the
 rcpt hook queried a connection note of the same name (which didn't
 exist, of course).
 Now it queries the transaction note.
2011-01-03 12:39:57 -08:00
Charlie Brady
24d09fa4a9 Patch: FATAL PLUGIN ERROR [check_basicheaders]: ...
check_basicheaders fails if there are no headers at all:

http://bugs.contribs.org/show_bug.cgi?id=6345
2010-11-13 18:04:02 -08:00
Hanno Hecker
f9399950f3 plugins/rcpt_map cleanup
* enforce having a "domain" parameter
* unique default message (missing dot added)
2010-09-17 15:25:19 +08:00