Matt Simerson
9f88e374c2
tls: reduced importants of an info message
...
from WARN to INFO
2013-12-18 00:11:53 -05:00
Matt Simerson
a4695cec8b
geoip: added named array for invalid args
...
so it passes Perl::Critic tests
2013-12-18 00:02:07 -05:00
Matt Simerson
96dfb08d87
headers: added POD descripting each header
2013-12-18 00:00:52 -05:00
Matt Simerson
725a8d1960
dspam: remove hard coded default in train_ methods
2013-12-17 23:59:57 -05:00
Matt Simerson
c202d3ef69
dmarc integrated with Mail::DMARC
...
reimplemented dmarc module to use Mail::DMARC
updated SPF plugin to save SPF results in dmarc_spf note
update dkim to store DKIM results in dkim_result & dkim_verifier notes
2013-12-17 23:53:00 -05:00
Matt Simerson
4d489ea6ef
tested and working Authentication-Results
...
changed the method of saving results. Instead of appending to/from a header, plugins save results to a connection note.
Qpsmtpd::SMTP.pm has a new method that inserts the Authentication-Results header
The smtp-auth information has been removed from the Received header
Authentication-Results providing plugins have been updated to store results in connection note
2013-08-05 15:05:38 -07:00
Matt Simerson
4ae16219bd
added Authentication-Results header, with provider
...
dkim, dmarc, fcrdns (iprev), spf, and smtp-auth
2013-08-05 15:05:38 -07:00
Matt Simerson
4aa888dc6c
headers: assign zeroes to avoid undef errors
2013-08-05 15:05:38 -07:00
Matt Simerson
247c5a2bea
is_naughty is a setter now too
2013-08-05 15:05:38 -07:00
Matt Simerson
fbdee49965
raised default max msg size in clamdscan from 128k
...
added max_size on config, so it's likely to get noticed, since even 1M is probably too low for most sites. This should likely default to the same as databytes?
2013-08-05 15:05:38 -07:00
Matt Simerson
f7b00fa677
auth_vpopmaild: added taint checking to responses
2013-08-05 15:05:37 -07:00
Matt Simerson
b8229fbdbf
dmarc: added subdomain policy handling
2013-08-05 15:05:37 -07:00
Matt Simerson
92fe1e899f
rcpt_ok: do immunity checks earlier, so that
...
disposition logs don't indicate failure for authenticated senders
2013-08-05 15:05:37 -07:00
Matt Simerson
eccaf17d18
karma: limit rcpts to 1 for senders with neg karma
2013-08-05 15:05:36 -07:00
Matt Simerson
bbc6e895cc
distinguish rejecting versus tolerated failures
2013-08-05 15:05:36 -07:00
Matt Simerson
3180c9da31
SPF: added more precise disposition logs, so that
...
postprocess can determine if a SPF failure caused a rejection
2013-08-05 15:05:36 -07:00
Matt Simerson
ebfccec5b3
dmarc: added support for DMARC policy pct=NNN
2013-08-05 15:05:36 -07:00
Matt Simerson
c0210a7877
SPF: arrage flow so if a pass result is possible,
...
we will get it and set the note for DMARC plugin
2013-08-05 15:05:36 -07:00
Matt Simerson
effb4e2269
dmarc: improving and updating POD
2013-08-05 15:05:36 -07:00
Matt Simerson
f9fb0acee7
qmail_deliverable: smite null sender to email list
2013-08-05 15:05:16 -07:00
Matt Simerson
ca678ba736
log2sql: populate plugins table from registry.txt
...
much easier for local customizations.
moved SQL connection settings to config/log2sql
2013-08-05 15:05:16 -07:00
Matt Simerson
8e054c1eda
dkim: reduce INFO logging to once per connect
2013-08-05 15:05:16 -07:00
Matt Simerson
a14de07280
tls: added pass|fail prefix to a couple log msgs
2013-08-05 15:05:15 -07:00
Matt Simerson
7f8848d2e8
auth_chkpw: added pass|fail prefix to log msgs
2013-08-05 15:05:15 -07:00
Matt Simerson
25171ec371
dmarc: weed out SPF records from initial search
...
use a variable instead of array to count list (not using RR address after all)
2013-08-05 15:05:15 -07:00
Matt Simerson
1f2a5c27ed
dkim: when signing, use signing domain when we
...
finding the signing key in a different directory than the sending (eg: example.com instead of www.example.com.)
2013-08-05 15:05:15 -07:00
Matt Simerson
091843927d
dmarc: added relaxed alignment tests
2013-08-05 15:05:15 -07:00
Matt Simerson
75a3e4baae
find plugins -type f -exec perltidy -b {} \;
2013-08-05 15:05:15 -07:00
Matt Simerson
fd2c56fb36
resolvable_fromhost: adjust log message prefix
2013-08-05 15:05:15 -07:00
Matt Simerson
2e6eeaa82d
karma: add recipient limits for bad senders
2013-08-05 15:05:15 -07:00
Matt Simerson
b9bf523e0e
hosts_allow: more succinct log message
2013-08-05 15:05:15 -07:00
Matt Simerson
e23523bc46
registry: renumber with big spaces between plugin
...
types. So there's plenty of room to insert future plugins with having to renumber, which impacts log2sql
2013-08-05 15:05:14 -07:00
Matt Simerson
8a1a156e60
dmarc: remove useless comment
2013-08-05 15:05:14 -07:00
Matt Simerson
2c7cb8afb7
naughty: improve POD
2013-08-05 15:05:14 -07:00
Matt Simerson
db8ec50c3a
new plugin: dmarc
2013-08-05 15:05:14 -07:00
Matt Simerson
515188ace5
tls: added ability to store certs in config/ssl
...
was hard coded to ./ssl
2013-08-05 15:05:14 -07:00
Matt Simerson
f03128523c
SPF: add pod, documenting spf_pass_host note
2013-08-05 15:05:14 -07:00
Matt Simerson
0f01a39e88
SPF: add trans. note spf_pass_host if SPF=pass
2013-08-05 15:05:14 -07:00
Matt Simerson
6bea1ebd50
domainkeys: fixed pod grammar error
2013-08-05 15:05:14 -07:00
Matt Simerson
b64bb2f9e4
a collection of DKIM enhancements
...
* disable Mail::DKIM::TextWrap (causes mangled messages for some clients)
* pod improvements
* don't log the entire DKIM signature when signing
* add dkim_pass_domains connection note with DKIM signer domains that pass
* enable dkim tests
2013-08-05 15:05:14 -07:00
Matt Simerson
b7320a8eb9
SPF: POD formatting fix
2013-08-05 15:05:14 -07:00
Matt Simerson
c92a5a83c8
dkim: improve POD, add dkim_key_gen.sh
2013-08-05 15:05:13 -07:00
Matt Simerson
a3b8af77bd
dkim: added message signing feature
2013-08-05 15:05:13 -07:00
Matt Simerson
8c265d3583
domainkeys: added deprecation comment
2013-08-05 15:05:13 -07:00
Matt Simerson
6b16704b4a
karma,relay: karma plugin awards karma later
...
by detecting during DATA if relay_client is set
2013-08-05 15:05:13 -07:00
Matt Simerson
ce0d2b80ef
dkim: corrected log entry, added comment
2013-08-05 15:05:13 -07:00
Matt Simerson
d5fd8d24e3
dspam: raise loglevel on debug log message
2013-08-05 15:05:13 -07:00
Matt Simerson
e7ea7a0949
dspam: catch error where QP user lacks x on dspam
...
x = execute privileges
2013-08-05 15:05:13 -07:00
Matt Simerson
eeacf83e3a
bogus_bounce: suppress undefined var error
2013-08-05 15:05:13 -07:00
Matt Simerson
5853ec1a47
spf: add comment re: Authentication-Results header
2013-08-05 15:05:13 -07:00
Matt Simerson
2ca3b1d4ee
resolvable_fromhost: documented reject naughty
2013-08-05 15:05:13 -07:00
Matt Simerson
c7f5c45f40
random_error: fixed typo, added std pragmas
2013-08-05 15:05:13 -07:00
Matt Simerson
e433796b96
dspam/spamassassin: adjust karma awards
...
dspam: be more conservative when learning from karma
sa: added an SA autolearn bonus
2013-08-05 15:05:13 -07:00
Matt Simerson
2f3127359d
moved triplicated init_resolver into Plugin.pm
2013-08-05 15:05:13 -07:00
Matt Simerson
58b860c0eb
dkim: added karma for dkim results (allow/reject)
2013-08-05 15:05:12 -07:00
Matt Simerson
8e437ec305
helo: stop processing after first match
2013-08-05 15:05:12 -07:00
Matt Simerson
3bb85a66a1
resolvable_fromhost: added karma smites
2013-08-05 15:05:12 -07:00
Matt Simerson
7da69ef12d
spamassassin: karma scoring is dependent on
...
the sessage learn status, not SA (global) autolearn setting. So, karma learning follows SA learning rules.
2013-08-05 15:05:12 -07:00
Matt Simerson
fc5eeec122
added karma awards for SPF pass/fail
2013-08-05 15:05:12 -07:00
Matt Simerson
0c59813957
badmailfrom: fix reject message typo
2013-08-05 15:05:12 -07:00
Matt Simerson
91db656cac
fcrdns: new plugin for Forward Confirmed rDNS
2013-08-05 15:05:12 -07:00
Matt Simerson
26becea3d4
qm_deliverable: added reject option, karma smite
...
award senders -1 karma to senders to invalid addresses
2013-08-05 15:05:12 -07:00
Matt Simerson
0383f63d87
naughty: improve POD
2013-08-05 15:05:12 -07:00
Matt Simerson
f039014b33
karma: be a bit more conservative
...
require at least -2 karma before smiting
also, add +1 karma to senders with karma_history > 10
2013-08-05 15:05:12 -07:00
Matt Simerson
77272ba095
whitelist: add +5 karma to whitelisted IPs
2013-08-05 15:05:12 -07:00
Matt Simerson
1e88a57f26
relay: give +2 karma boost to relay IPs
2013-08-05 15:05:12 -07:00
Matt Simerson
c17ebdbcf9
p0f: added smite_os, assign -karma by OS
2013-08-05 15:05:12 -07:00
Matt Simerson
d08de879c5
hosts_allow: allow +karma senders +3 concurrents
...
this is really useful if you set max-per-ip to <= 3.
2013-08-05 15:05:12 -07:00
Matt Simerson
7a4c789ae2
helo: smite senders that fail the selected tests
...
and made log entries more terse
2013-08-05 15:05:12 -07:00
Matt Simerson
b43f369dbe
headers: smite poorly behaved senders with -karma
2013-08-05 15:05:12 -07:00
Matt Simerson
e47d431aa9
earlytalker: if we skip for +karma, log it
...
and remove IP from log (not IPv6 optimal)
2013-08-05 15:05:11 -07:00
Matt Simerson
c0899f6d4d
spamassassin: assign karma for autolearn message
...
also removed 'use lib', to be consistent with most other plugins
and improved grammar
2013-08-05 15:05:11 -07:00
Matt Simerson
8012dff4f9
dspam: be more conservative with karma awards
...
previous settings were reasonable for a well trained dspam. After starting with a fresh dspam, the settings were not optimal for the amount of naive that a default dspam is.
2013-08-05 15:05:11 -07:00
Matt Simerson
0eef321990
dnsbl: smite blacklisted IPs with -1 karma
2013-08-05 15:05:11 -07:00
Matt Simerson
d5f1f3f72b
badrcptto: smite matches with -2 karma
...
useful for (reject=>naughty) + spam filter training
2013-08-05 15:05:11 -07:00
Matt Simerson
e7f9f3bf21
geoip: added too_far option
2013-08-05 15:05:11 -07:00
Matt Simerson
473a1ba6e3
karma_tool: optimized for speedy IP search, IPv6
...
fixed one IPv6 issue
2013-08-05 15:05:11 -07:00
Markus Ullmann
c0b36c5cb4
Sanitize spamd_sock path for perl taint mode
2013-08-05 15:05:11 -07:00
Matt Simerson
a90c881ae5
helo: added comments
2013-08-05 15:05:11 -07:00
Matt Simerson
a7742b5b40
dspam: added use lib, removed some parens
2013-08-05 15:05:11 -07:00
Matt Simerson
73f4759ae7
karma: general improvements
...
skip earlytalker checks for positive senders
limit negative karma senders to 1 concurrent connection (hosts_allow)
added karma::hook_pre_connection, to make hosts_allow change possible
added karma score to log entries
2013-08-05 15:05:11 -07:00
Matt Simerson
60d3cda18e
headers: added section # to RFC citation
2013-08-05 15:05:11 -07:00
Matt Simerson
d8a242b050
whitelist: added pass prefix to log entries
2013-08-05 15:05:11 -07:00
Matt Simerson
96ee32106a
qmail_deliverable: remove fail prefix from SMTP er
...
prefix should only be logged, not emitted during SMTP
2013-08-05 15:05:11 -07:00
Matt Simerson
dd59ad210e
karma_tool: release didn't. fixed.
...
also, preserve karma history when using karma_tool to capture/release
2013-08-05 15:05:10 -07:00
Matt Simerson
0ed418fafd
p0f: added path to socket in error message
...
if p0f cannot connect, provide a more descriptive error message. Particularly useful for a p0f plugin developer that runs both p0f v2 and v3 at the same time.
2013-08-05 15:05:10 -07:00
Matt Simerson
c3dff626cb
plugins/bogus_bounce: add Return-Path check
...
make sure return path is empty, per RFC 3834
2013-08-05 15:05:10 -07:00
Matt Simerson
b9750ee5bf
plugins/helo: added RFC 5321 notes
2013-08-05 15:05:10 -07:00
Matt Simerson
214ceffea6
uribl plugin: added 'pass' prefix to log message
2013-08-05 15:05:10 -07:00
Matt Simerson
a5803d10f5
updated more split '' syntax to split //
2013-08-05 15:05:10 -07:00
Matt Simerson
e67f4ff98c
helo: avoid undef warning when rDNS is invalid
...
specifically, when rDNS returns an invalid FQDN like 'null.', which doesn't have
a domain part.
2013-08-05 15:05:10 -07:00
Matt Simerson
d80b117bff
replace all instances of split '' with split //
...
newer versions of perl don't accept split '' syntax any longer
2013-08-05 15:05:10 -07:00
Matt Simerson
2e0909ad27
dspam: improve logging and config error reporting
2013-08-05 15:05:10 -07:00
Matt Simerson
838594642b
relay: better error handling and logging
...
detect failures in calls to Net::IP for relayclient entries that don't parse.
2013-08-05 15:05:10 -07:00
Matt Simerson
f0c7c212c0
clamdscan: replace immunity check with naught test
...
immunity check was disabled by default, as it wasn't a good policy. OTOH, a naughty check is a sensible default, as we can skip processing on messages we already decided to reject.
2013-08-05 15:05:10 -07:00
Matt Simerson
14e87fabdf
qmail_deliverable: reject null sender to ezmlm lis
2013-08-05 15:05:10 -07:00
Matt Simerson
5b742cbf7d
dkim: added some missing POD text
2013-08-05 15:05:09 -07:00
Matt Simerson
4465b7af43
headers: simplify required headers logic
2013-08-05 15:05:09 -07:00
Matt Simerson
af55a8d6dd
SPF: use $conn->relay_client instead of duplicated
...
is_in_relayclients method. Expects relay plugin to have set relay_client, a reasonable assumption.
2013-08-05 15:05:09 -07:00
Matt Simerson
e959e408b1
SA: suppress undefined variable warnings
2013-08-05 15:05:09 -07:00