Matt Simerson
bcc6adae19
helo: add karma penalty for no HELO hostname
2013-12-18 00:16:02 -05:00
Matt Simerson
02da55e06d
karma: added penalty for spammy TLDs
2013-12-18 00:15:20 -05:00
Matt Simerson
9f88e374c2
tls: reduced importants of an info message
...
from WARN to INFO
2013-12-18 00:11:53 -05:00
Matt Simerson
a4695cec8b
geoip: added named array for invalid args
...
so it passes Perl::Critic tests
2013-12-18 00:02:07 -05:00
Matt Simerson
96dfb08d87
headers: added POD descripting each header
2013-12-18 00:00:52 -05:00
Matt Simerson
725a8d1960
dspam: remove hard coded default in train_ methods
2013-12-17 23:59:57 -05:00
Matt Simerson
c202d3ef69
dmarc integrated with Mail::DMARC
...
reimplemented dmarc module to use Mail::DMARC
updated SPF plugin to save SPF results in dmarc_spf note
update dkim to store DKIM results in dkim_result & dkim_verifier notes
2013-12-17 23:53:00 -05:00
Matt Simerson
4d489ea6ef
tested and working Authentication-Results
...
changed the method of saving results. Instead of appending to/from a header, plugins save results to a connection note.
Qpsmtpd::SMTP.pm has a new method that inserts the Authentication-Results header
The smtp-auth information has been removed from the Received header
Authentication-Results providing plugins have been updated to store results in connection note
2013-08-05 15:05:38 -07:00
Matt Simerson
4ae16219bd
added Authentication-Results header, with provider
...
dkim, dmarc, fcrdns (iprev), spf, and smtp-auth
2013-08-05 15:05:38 -07:00
Matt Simerson
4aa888dc6c
headers: assign zeroes to avoid undef errors
2013-08-05 15:05:38 -07:00
Matt Simerson
247c5a2bea
is_naughty is a setter now too
2013-08-05 15:05:38 -07:00
Matt Simerson
fbdee49965
raised default max msg size in clamdscan from 128k
...
added max_size on config, so it's likely to get noticed, since even 1M is probably too low for most sites. This should likely default to the same as databytes?
2013-08-05 15:05:38 -07:00
Matt Simerson
f7b00fa677
auth_vpopmaild: added taint checking to responses
2013-08-05 15:05:37 -07:00
Matt Simerson
b8229fbdbf
dmarc: added subdomain policy handling
2013-08-05 15:05:37 -07:00
Matt Simerson
92fe1e899f
rcpt_ok: do immunity checks earlier, so that
...
disposition logs don't indicate failure for authenticated senders
2013-08-05 15:05:37 -07:00
Matt Simerson
eccaf17d18
karma: limit rcpts to 1 for senders with neg karma
2013-08-05 15:05:36 -07:00
Matt Simerson
bbc6e895cc
distinguish rejecting versus tolerated failures
2013-08-05 15:05:36 -07:00
Matt Simerson
3180c9da31
SPF: added more precise disposition logs, so that
...
postprocess can determine if a SPF failure caused a rejection
2013-08-05 15:05:36 -07:00
Matt Simerson
ebfccec5b3
dmarc: added support for DMARC policy pct=NNN
2013-08-05 15:05:36 -07:00
Matt Simerson
c0210a7877
SPF: arrage flow so if a pass result is possible,
...
we will get it and set the note for DMARC plugin
2013-08-05 15:05:36 -07:00
Matt Simerson
effb4e2269
dmarc: improving and updating POD
2013-08-05 15:05:36 -07:00
Matt Simerson
f9fb0acee7
qmail_deliverable: smite null sender to email list
2013-08-05 15:05:16 -07:00
Matt Simerson
ca678ba736
log2sql: populate plugins table from registry.txt
...
much easier for local customizations.
moved SQL connection settings to config/log2sql
2013-08-05 15:05:16 -07:00
Matt Simerson
8e054c1eda
dkim: reduce INFO logging to once per connect
2013-08-05 15:05:16 -07:00
Matt Simerson
a14de07280
tls: added pass|fail prefix to a couple log msgs
2013-08-05 15:05:15 -07:00
Matt Simerson
7f8848d2e8
auth_chkpw: added pass|fail prefix to log msgs
2013-08-05 15:05:15 -07:00
Matt Simerson
25171ec371
dmarc: weed out SPF records from initial search
...
use a variable instead of array to count list (not using RR address after all)
2013-08-05 15:05:15 -07:00
Matt Simerson
1f2a5c27ed
dkim: when signing, use signing domain when we
...
finding the signing key in a different directory than the sending (eg: example.com instead of www.example.com.)
2013-08-05 15:05:15 -07:00
Matt Simerson
091843927d
dmarc: added relaxed alignment tests
2013-08-05 15:05:15 -07:00
Matt Simerson
75a3e4baae
find plugins -type f -exec perltidy -b {} \;
2013-08-05 15:05:15 -07:00
Matt Simerson
fd2c56fb36
resolvable_fromhost: adjust log message prefix
2013-08-05 15:05:15 -07:00
Matt Simerson
2e6eeaa82d
karma: add recipient limits for bad senders
2013-08-05 15:05:15 -07:00
Matt Simerson
b9bf523e0e
hosts_allow: more succinct log message
2013-08-05 15:05:15 -07:00
Matt Simerson
e23523bc46
registry: renumber with big spaces between plugin
...
types. So there's plenty of room to insert future plugins with having to renumber, which impacts log2sql
2013-08-05 15:05:14 -07:00
Matt Simerson
8a1a156e60
dmarc: remove useless comment
2013-08-05 15:05:14 -07:00
Matt Simerson
2c7cb8afb7
naughty: improve POD
2013-08-05 15:05:14 -07:00
Matt Simerson
db8ec50c3a
new plugin: dmarc
2013-08-05 15:05:14 -07:00
Matt Simerson
515188ace5
tls: added ability to store certs in config/ssl
...
was hard coded to ./ssl
2013-08-05 15:05:14 -07:00
Matt Simerson
f03128523c
SPF: add pod, documenting spf_pass_host note
2013-08-05 15:05:14 -07:00
Matt Simerson
0f01a39e88
SPF: add trans. note spf_pass_host if SPF=pass
2013-08-05 15:05:14 -07:00
Matt Simerson
6bea1ebd50
domainkeys: fixed pod grammar error
2013-08-05 15:05:14 -07:00
Matt Simerson
b64bb2f9e4
a collection of DKIM enhancements
...
* disable Mail::DKIM::TextWrap (causes mangled messages for some clients)
* pod improvements
* don't log the entire DKIM signature when signing
* add dkim_pass_domains connection note with DKIM signer domains that pass
* enable dkim tests
2013-08-05 15:05:14 -07:00
Matt Simerson
b7320a8eb9
SPF: POD formatting fix
2013-08-05 15:05:14 -07:00
Matt Simerson
c92a5a83c8
dkim: improve POD, add dkim_key_gen.sh
2013-08-05 15:05:13 -07:00
Matt Simerson
a3b8af77bd
dkim: added message signing feature
2013-08-05 15:05:13 -07:00
Matt Simerson
8c265d3583
domainkeys: added deprecation comment
2013-08-05 15:05:13 -07:00
Matt Simerson
6b16704b4a
karma,relay: karma plugin awards karma later
...
by detecting during DATA if relay_client is set
2013-08-05 15:05:13 -07:00
Matt Simerson
ce0d2b80ef
dkim: corrected log entry, added comment
2013-08-05 15:05:13 -07:00
Matt Simerson
d5fd8d24e3
dspam: raise loglevel on debug log message
2013-08-05 15:05:13 -07:00
Matt Simerson
e7ea7a0949
dspam: catch error where QP user lacks x on dspam
...
x = execute privileges
2013-08-05 15:05:13 -07:00
Matt Simerson
eeacf83e3a
bogus_bounce: suppress undefined var error
2013-08-05 15:05:13 -07:00
Matt Simerson
5853ec1a47
spf: add comment re: Authentication-Results header
2013-08-05 15:05:13 -07:00
Matt Simerson
2ca3b1d4ee
resolvable_fromhost: documented reject naughty
2013-08-05 15:05:13 -07:00
Matt Simerson
c7f5c45f40
random_error: fixed typo, added std pragmas
2013-08-05 15:05:13 -07:00
Matt Simerson
e433796b96
dspam/spamassassin: adjust karma awards
...
dspam: be more conservative when learning from karma
sa: added an SA autolearn bonus
2013-08-05 15:05:13 -07:00
Matt Simerson
2f3127359d
moved triplicated init_resolver into Plugin.pm
2013-08-05 15:05:13 -07:00
Matt Simerson
58b860c0eb
dkim: added karma for dkim results (allow/reject)
2013-08-05 15:05:12 -07:00
Matt Simerson
8e437ec305
helo: stop processing after first match
2013-08-05 15:05:12 -07:00
Matt Simerson
3bb85a66a1
resolvable_fromhost: added karma smites
2013-08-05 15:05:12 -07:00
Matt Simerson
7da69ef12d
spamassassin: karma scoring is dependent on
...
the sessage learn status, not SA (global) autolearn setting. So, karma learning follows SA learning rules.
2013-08-05 15:05:12 -07:00
Matt Simerson
fc5eeec122
added karma awards for SPF pass/fail
2013-08-05 15:05:12 -07:00
Matt Simerson
0c59813957
badmailfrom: fix reject message typo
2013-08-05 15:05:12 -07:00
Matt Simerson
91db656cac
fcrdns: new plugin for Forward Confirmed rDNS
2013-08-05 15:05:12 -07:00
Matt Simerson
26becea3d4
qm_deliverable: added reject option, karma smite
...
award senders -1 karma to senders to invalid addresses
2013-08-05 15:05:12 -07:00
Matt Simerson
0383f63d87
naughty: improve POD
2013-08-05 15:05:12 -07:00
Matt Simerson
f039014b33
karma: be a bit more conservative
...
require at least -2 karma before smiting
also, add +1 karma to senders with karma_history > 10
2013-08-05 15:05:12 -07:00
Matt Simerson
77272ba095
whitelist: add +5 karma to whitelisted IPs
2013-08-05 15:05:12 -07:00
Matt Simerson
1e88a57f26
relay: give +2 karma boost to relay IPs
2013-08-05 15:05:12 -07:00
Matt Simerson
c17ebdbcf9
p0f: added smite_os, assign -karma by OS
2013-08-05 15:05:12 -07:00
Matt Simerson
d08de879c5
hosts_allow: allow +karma senders +3 concurrents
...
this is really useful if you set max-per-ip to <= 3.
2013-08-05 15:05:12 -07:00
Matt Simerson
7a4c789ae2
helo: smite senders that fail the selected tests
...
and made log entries more terse
2013-08-05 15:05:12 -07:00
Matt Simerson
b43f369dbe
headers: smite poorly behaved senders with -karma
2013-08-05 15:05:12 -07:00
Matt Simerson
e47d431aa9
earlytalker: if we skip for +karma, log it
...
and remove IP from log (not IPv6 optimal)
2013-08-05 15:05:11 -07:00
Matt Simerson
c0899f6d4d
spamassassin: assign karma for autolearn message
...
also removed 'use lib', to be consistent with most other plugins
and improved grammar
2013-08-05 15:05:11 -07:00
Matt Simerson
8012dff4f9
dspam: be more conservative with karma awards
...
previous settings were reasonable for a well trained dspam. After starting with a fresh dspam, the settings were not optimal for the amount of naive that a default dspam is.
2013-08-05 15:05:11 -07:00
Matt Simerson
0eef321990
dnsbl: smite blacklisted IPs with -1 karma
2013-08-05 15:05:11 -07:00
Matt Simerson
d5f1f3f72b
badrcptto: smite matches with -2 karma
...
useful for (reject=>naughty) + spam filter training
2013-08-05 15:05:11 -07:00
Matt Simerson
e7f9f3bf21
geoip: added too_far option
2013-08-05 15:05:11 -07:00
Matt Simerson
473a1ba6e3
karma_tool: optimized for speedy IP search, IPv6
...
fixed one IPv6 issue
2013-08-05 15:05:11 -07:00
Markus Ullmann
c0b36c5cb4
Sanitize spamd_sock path for perl taint mode
2013-08-05 15:05:11 -07:00
Matt Simerson
a90c881ae5
helo: added comments
2013-08-05 15:05:11 -07:00
Matt Simerson
a7742b5b40
dspam: added use lib, removed some parens
2013-08-05 15:05:11 -07:00
Matt Simerson
73f4759ae7
karma: general improvements
...
skip earlytalker checks for positive senders
limit negative karma senders to 1 concurrent connection (hosts_allow)
added karma::hook_pre_connection, to make hosts_allow change possible
added karma score to log entries
2013-08-05 15:05:11 -07:00
Matt Simerson
60d3cda18e
headers: added section # to RFC citation
2013-08-05 15:05:11 -07:00
Matt Simerson
d8a242b050
whitelist: added pass prefix to log entries
2013-08-05 15:05:11 -07:00
Matt Simerson
96ee32106a
qmail_deliverable: remove fail prefix from SMTP er
...
prefix should only be logged, not emitted during SMTP
2013-08-05 15:05:11 -07:00
Matt Simerson
dd59ad210e
karma_tool: release didn't. fixed.
...
also, preserve karma history when using karma_tool to capture/release
2013-08-05 15:05:10 -07:00
Matt Simerson
0ed418fafd
p0f: added path to socket in error message
...
if p0f cannot connect, provide a more descriptive error message. Particularly useful for a p0f plugin developer that runs both p0f v2 and v3 at the same time.
2013-08-05 15:05:10 -07:00
Matt Simerson
c3dff626cb
plugins/bogus_bounce: add Return-Path check
...
make sure return path is empty, per RFC 3834
2013-08-05 15:05:10 -07:00
Matt Simerson
b9750ee5bf
plugins/helo: added RFC 5321 notes
2013-08-05 15:05:10 -07:00
Matt Simerson
214ceffea6
uribl plugin: added 'pass' prefix to log message
2013-08-05 15:05:10 -07:00
Matt Simerson
a5803d10f5
updated more split '' syntax to split //
2013-08-05 15:05:10 -07:00
Matt Simerson
e67f4ff98c
helo: avoid undef warning when rDNS is invalid
...
specifically, when rDNS returns an invalid FQDN like 'null.', which doesn't have
a domain part.
2013-08-05 15:05:10 -07:00
Matt Simerson
d80b117bff
replace all instances of split '' with split //
...
newer versions of perl don't accept split '' syntax any longer
2013-08-05 15:05:10 -07:00
Matt Simerson
2e0909ad27
dspam: improve logging and config error reporting
2013-08-05 15:05:10 -07:00
Matt Simerson
838594642b
relay: better error handling and logging
...
detect failures in calls to Net::IP for relayclient entries that don't parse.
2013-08-05 15:05:10 -07:00
Matt Simerson
f0c7c212c0
clamdscan: replace immunity check with naught test
...
immunity check was disabled by default, as it wasn't a good policy. OTOH, a naughty check is a sensible default, as we can skip processing on messages we already decided to reject.
2013-08-05 15:05:10 -07:00
Matt Simerson
14e87fabdf
qmail_deliverable: reject null sender to ezmlm lis
2013-08-05 15:05:10 -07:00
Matt Simerson
5b742cbf7d
dkim: added some missing POD text
2013-08-05 15:05:09 -07:00
Matt Simerson
4465b7af43
headers: simplify required headers logic
2013-08-05 15:05:09 -07:00
Matt Simerson
af55a8d6dd
SPF: use $conn->relay_client instead of duplicated
...
is_in_relayclients method. Expects relay plugin to have set relay_client, a reasonable assumption.
2013-08-05 15:05:09 -07:00
Matt Simerson
e959e408b1
SA: suppress undefined variable warnings
2013-08-05 15:05:09 -07:00
Matt Simerson
55119616d4
whitelist: added debug log message & std plugin
...
entries.
2013-08-05 15:05:09 -07:00
Matt Simerson
a257ec8414
added vpopmail_ext to qmail_deliverable plugin
2013-08-05 15:05:09 -07:00
Matt Simerson
01d7c7e228
karma: added adjust_karma method
...
makes it easier to set karma in plugins
2013-08-05 15:04:12 -07:00
Matt Simerson
368b2c0206
spamassassin: further log message refinement
2013-08-05 15:03:12 -07:00
Matt Simerson
016d2b06bc
spf: improved support for IPv6 clients
2013-08-05 15:02:17 -07:00
Matt Simerson
7b420252f0
whitelist: added debug log message & std plugin
...
entries.
2013-08-05 15:02:17 -07:00
Matt Simerson
cd4eda80e1
spamassassin: added 'headers none' option
...
enables suppression of SA header insertion
2013-08-05 15:02:17 -07:00
Matt Simerson
34957d0604
added vpopmail_ext to qmail_deliverable plugin
2013-08-05 15:02:16 -07:00
Matt Simerson
ef985d0df4
earlytalker: lower karma for earlytalkers
2013-08-05 15:01:53 -07:00
Matt Simerson
69e30117fa
resolvable_fromhost: additional logging
2013-08-05 15:01:53 -07:00
Matt Simerson
0229780b0f
registry: renamed clamd abb3 from cad to clm
2013-08-05 15:01:53 -07:00
Matt Simerson
cba8cd9cef
karma: added error keyword to error log messages
2013-08-05 15:01:53 -07:00
Matt Simerson
2fc909b809
karma: added adjust_karma method
...
makes it easier to set karma in plugins
2013-08-05 15:01:52 -07:00
Matt Simerson
aa619b84b0
helo: added is_plain_ip to lenient checks
...
there's no excuse for a client to ever send a raw IP, and I have yet to see a valid client do it
2013-08-05 15:01:52 -07:00
Matt Simerson
93be22020b
clamdscan: default is scan always, even authenticated
2013-08-05 15:01:52 -07:00
Matt Simerson
cc26fb7b06
registry: added auth_ prefixes, relay aliases
2013-08-05 15:01:52 -07:00
Matt Simerson
ab22cb2ac4
spamassassin: further log message refinement
2013-08-05 15:01:52 -07:00
Matt Simerson
a005f131f3
qmail_deliverable: test variable if defined before accessing
2013-08-05 15:01:52 -07:00
Matt Simerson
63f97f205f
dspam: better error message if dspam_bin is not found
2013-08-05 15:01:52 -07:00
Matt Simerson
b6b1cdd03e
SPF: more logging additions
2013-08-05 15:01:52 -07:00
Matt Simerson
b1c2fa16b5
drop the check_ prefix from the last 3 plugins
2013-08-05 15:01:52 -07:00
Matt Simerson
4a662012aa
dspam: added missing return
2013-08-05 15:01:52 -07:00
Matt Simerson
fd71e9b98e
dnsbl: restore dnsbl bypass for special recipients
2013-08-05 15:01:51 -07:00
Matt Simerson
b7724f4742
dspam: check for dspam_bin during register
2013-08-05 15:01:51 -07:00
Matt Simerson
493c0b3268
log watching and processing tools
2013-08-05 15:01:51 -07:00
Matt Simerson
16b5bfe027
dkim: new plugin
2013-08-05 15:01:51 -07:00
Matt Simerson
002bbed9e3
uribl: ordered pragmas and dependencies
2013-08-05 15:01:51 -07:00
Matt Simerson
6988fa5377
rhsbl: make sure $transaction->sender defined before accessing it
2013-08-05 15:01:51 -07:00
Matt Simerson
bc793a87c7
naughty: POD additions
2013-08-05 15:01:51 -07:00
Matt Simerson
eefb4ab823
headers: added Received to POD header require list
2013-08-05 15:01:51 -07:00
Matt Simerson
8141b4f5a3
dnsbl: more refactoring,
2013-08-05 15:01:51 -07:00
Matt Simerson
723fe314fa
rhsbl: added default reject settings
2013-08-05 15:01:51 -07:00
Matt Simerson
b5651f0e4d
added plugin: qmail_deliverable
2013-08-05 15:01:51 -07:00
Matt Simerson
0897d93375
resolvable_fromhost: log message updates
2013-08-05 15:01:51 -07:00
Matt Simerson
208dfc3a21
rename require_resolvable_fromhost to resolvable_fromhost
2013-08-05 15:01:51 -07:00
Matt Simerson
feb9ede9df
clamdscan: fix karma decrementer
2013-08-05 15:01:51 -07:00
Matt Simerson
4646b0ff0a
spamassassin: s/deny/fail/ from a log message (consistency)
2013-08-05 15:01:51 -07:00
Matt Simerson
1b7457b555
SPF: add more log messages
2013-08-05 15:01:50 -07:00
Matt Simerson
11e449a904
geoip: no data is a skip, not a fail
2013-08-05 15:01:50 -07:00
Matt Simerson
52256d2d9b
dspam: fixes for training dspam
...
process_backticks now writes the entire message (headers + body) to a temp file and had dspam read that. Previously, dspam only read the body. With the new "process, then train on error" method, dspam didn't have access to the DSPAM signature (in the headers).
replaced open2 with open3. Same results. Works part of the time, but not consistent, and I haven't been able to figure out why.
dspam transaction note is now a hashref (was a string)
parsing of dspam response via substring (was regexp)
2013-08-05 15:01:50 -07:00
Matt Simerson
d2cd1160ad
domainkeys: add header at top of headers (not bottom)
2013-08-05 15:01:50 -07:00
Matt Simerson
3427af8aa4
dnsbl,rhsbl: process DNS immediately
...
and use naughty for deferred rejection
2013-08-05 15:01:50 -07:00
Matt Simerson
e67a71cca5
earlytalker: log message cleanup
2013-08-05 15:01:50 -07:00
Matt Simerson
e69893a961
qmail-queue: a few tweaks and a lot of whitespace
2013-08-05 15:01:50 -07:00
Matt Simerson
439e9fe566
tls: log improvement
2013-08-05 15:01:50 -07:00
Matt Simerson
143534d7a6
spf: remove rcpt hook, process to completion during from
2013-08-05 15:01:50 -07:00
Matt Simerson
65f216c445
parse_addr_withhelo: consistency additions
2013-08-05 15:01:50 -07:00
Matt Simerson
183d8b9f18
naughty: support reject_type set by original plugin
...
that marked the connection as naughty
2013-08-05 15:01:50 -07:00
Matt Simerson
6c2b65d3af
hosts_allow: better logging
2013-08-05 15:01:49 -07:00
Matt Simerson
b2a3ef4c34
greylisting: POD correction
2013-08-05 15:01:49 -07:00
Matt Simerson
75e74cd033
dns_whitelist_soft: tiny tweaks of little consequence
2013-08-05 15:01:49 -07:00
Matt Simerson
129ca56e2f
unrec: fixed variable assignment
2013-08-05 15:01:49 -07:00
Matt Simerson
0fa0f08b97
connection_time: add compat with tcpserver deployment model
2013-08-05 15:01:49 -07:00
Matt Simerson
12e7895d4c
loop: max loops was sometimes not set
2013-08-05 15:01:49 -07:00
Matt Simerson
283610fb73
earlytalker: updated for consistent note accessor
2013-08-05 15:01:49 -07:00
Matt Simerson
d74a5bb095
bogus_bounce: added logging and rejection handling
2013-08-05 15:01:49 -07:00
Matt Simerson
b245d30e9e
dnsbl: process DNS queries immediately
...
rather than deferring until RCPT. This greatly improves efficiency, since most connections will get marked naughty much sooner, having run fewer tests.
2013-08-05 15:01:49 -07:00
Matt Simerson
0fe884209e
check_spamhelo: remove, deprecated by helo
2013-08-05 15:01:49 -07:00
Matt Simerson
a259fec536
badrcptto: dropped check_ prefix from name
2013-08-05 15:01:49 -07:00
Matt Simerson
5341163913
karma: improve error handling
2013-08-05 15:01:49 -07:00
Matt Simerson
5ea1eb0f4c
badrcptto: log tweaks, better regex detection
2013-08-05 15:01:49 -07:00
Matt Simerson
35b9b32895
relay: logging tweak
2013-08-05 15:01:49 -07:00
Matt Simerson
ca3cb6a67e
uribl: insert headers at top of message
2013-08-05 15:01:49 -07:00
Matt Simerson
4a3452f486
p0f: POD & log message updates
2013-08-05 15:01:48 -07:00
Matt Simerson
964eab3b2b
dspam: changed to only train on error
...
per suggestions by the dspam author
2013-08-05 15:01:48 -07:00
Matt Simerson
08256232a8
clamdscan: make sure headers exist before operating on them
2013-08-05 15:01:48 -07:00
Matt Simerson
c95df51af1
geoip: improve log messages
...
list fixed with continent code first to improve readability
added ability to include city in logging
2013-08-05 15:01:48 -07:00
Matt Simerson
47488650b3
badmailfrom rename fixups
2013-08-05 15:01:48 -07:00
Matt Simerson
1fff417405
rename check_badmailfrom -> badmailfrom
2013-08-05 15:01:48 -07:00
Matt Simerson
e4133127d5
badmailfrom: remove rcpt hook (uses naughty instead)
2013-08-05 15:01:48 -07:00
Matt Simerson
e2c84987f3
helo: refine plugin tests
2013-08-05 15:01:48 -07:00
Matt Simerson
97fda310ee
headers: plugin tests, deprecate check_basicheaders
2013-08-05 15:01:48 -07:00
Matt Simerson
d460dc86e3
spamassassin: add explicit default reject_type
...
consolidate the two data_post methods into one (more linear, simpler)
more informative log message
add new headers to top of headers (not bottom (consistent MTA behavior))
2013-08-05 15:01:48 -07:00
Matt Simerson
db3d27ba4e
removed check_badrcptto_patterns: merged into check_badrcptto
2013-08-05 15:01:47 -07:00
Matt Simerson
7ff2d050f3
initial import - based on my qpsmtpd fork
...
which will merge into the main branch fairly easily
2013-08-05 15:01:47 -07:00
Matt Simerson
4e2ae484a2
Merge pull request #15 from msimerson/early
...
consolidated chunks of code duplicated 4x into log_and_deny and log_and_...
2013-08-05 12:33:42 -07:00
Matt Simerson
fd646b0d27
Merge pull request #29 from msimerson/helo
...
Helo
2013-08-05 12:30:59 -07:00
Matt Simerson
ba38da87fb
helo: tweak POD language
...
also mention the connection notes in the POD
2012-06-15 12:44:33 -04:00
Matt Simerson
44db1fecf6
helo: loosen up matching DNS requirements
...
added X-HELO header to message
added timeout option
quieted down debug logging
2012-06-13 17:49:25 -04:00
Matt Simerson
74ae957936
helo: new plugin
...
helo - validate a HELO message delivered from a connecting host.
Includes the following tests:
is_in_badhelo
invalid_localhost
is_plain_ip
is_address_literal [N.N.N.N]
is_forged_literal
is_not_fqdn
no_forward_dns
no_reverse_dns
no_matching_dns
2012-06-11 22:27:01 -04:00
Matt Simerson
e6ea23c92f
relay: clean up trailing whitespace
2012-06-04 03:35:01 -04:00
Matt Simerson
22c0f23226
imported karma_tool
2012-06-04 03:34:59 -04:00
Matt Simerson
99c0aa8abd
new karma plugin
2012-06-04 03:34:47 -04:00
Matt Simerson
7713333d31
p0f: POD improvements
2012-06-04 03:34:47 -04:00
Matt Simerson
c61fb67e9b
checkpassword: remove newlines that appeared
2012-06-04 03:34:47 -04:00
Matt Simerson
1a1dcc3e53
auth: eval 'use' so plugins can be enabled by default
...
and tested.
2012-06-04 03:34:47 -04:00
Matt Simerson
5a8a9be26c
make SPF level 2 a little more lenient
2012-06-04 03:34:47 -04:00
Matt Simerson
2727b8529c
relay: added note to UPGRADING, dates to plugin author
2012-06-04 03:34:47 -04:00
Matt Simerson
974f1a95e8
new relay plugin, with tests!
...
replaces functionality of previous 3 relay plugins
2012-06-04 03:34:47 -04:00
Matt Simerson
bf5f1db436
delete 3 relay plugins
2012-06-04 03:34:47 -04:00
Matt Simerson
a69cd6bf64
basicheaders: adding missing semicolon, fixed POD error
2012-06-04 03:34:47 -04:00
Matt Simerson
1e26d1f5ec
earlytalker: add explicit reject_type perm
...
and replace whitelist with is_immune
2012-06-04 03:26:24 -04:00
Matt Simerson
57a0e4ba7b
updated plugins to use QP::Plugins::is_immune
2012-06-04 03:26:16 -04:00
Matt Simerson
2a371a2c6e
consolidated chunks of code duplicated 4x into log_and_deny and log_and_pass
...
in apr_*_handler subs, return DECLINED when connection is not available to read (like during tests)
added 23 tests
deprecate action argument
'action log' did nothing, better logging controls available with loglevel
'action deny' -> reject 1
'action denysoft' => reject 1 reject_type temp
POD
use head2 for config options (instead of over, item, back)
added loglevel section
updated for replacement of action with reject options
2012-06-04 03:23:14 -04:00
Matt Simerson
c2d23306dc
badrcptto: remove spurious semicolon
2012-06-04 00:01:30 -07:00
Matt Simerson
086b31c546
connection_time: make compatible with tcpserver deployment
2012-06-04 00:00:37 -07:00
Ask Bjørn Hansen
0e2384cceb
Make all plugins use $self->connection rather than $self->qp->connection
...
Merge remote-tracking branch 'msimerson/connect'
Conflicts:
plugins/async/require_resolvable_fromhost
plugins/require_resolvable_fromhost
2012-06-03 23:53:43 -07:00
Matt Simerson
0a16621f02
connection consistency
...
- $self->qp->connection->notes
+ $self->connection->notes
and all tests pass.
2012-06-02 00:46:33 -04:00
Matt Simerson
e8e47ad93b
move 'use ParaDNS' into register and eval it
...
so eventually, plugin tests can run against it, if ParaDNS can be loaded
2012-05-23 23:39:43 -04:00
Matt Simerson
2f49cafcd6
resolvable_fromhost: refactored, added: POD, tests, reject, reject_type
2012-05-23 23:39:43 -04:00
Ask Bjørn Hansen
9e239fd83d
Merge pull request #16 from msimerson/geoip
...
Geoip plugin improvements
2012-05-23 15:39:10 -07:00
Matt Simerson
23f06fde7a
basicheaders: removed deprecated argument warning
2012-05-23 17:56:06 -04:00
Matt Simerson
09935b0bf6
basicheaders: added whitelist support
...
because alerts.etrade.com doesn't set a Date header in alerts
2012-05-23 17:12:26 -04:00
Matt Simerson
80b94eb47a
removed newline
2012-05-22 18:14:10 -04:00
Matt Simerson
2dcd34467e
geoip: eval loading of Geo::IP, tests, enabled in config
...
eval Geo::IP and log an error if missing
added 2 tests
enabled in config/plugins
2012-05-22 17:40:02 -04:00
Matt Simerson
521aa4919f
basicheaders, add reject option, loglevel
...
added reject option
document the existence of the loglevel option
factored date validity tests into their own sub
added tests
improved POD
2012-05-21 21:30:02 -04:00
Matt Simerson
9d0c2f8469
dnsbl, POD tweaks, DENY type tests
...
consolidated POD at top of file
added example options to reject_type POD head
added an example loglevel entry
consolidated DENY[SOFT|DISCONNECT] logic into get_reject_type
added tests for get_reject_type
2012-05-21 17:07:37 -04:00
Matt Simerson
ed8ce150be
domainkeys: fix failing tests
...
the previous DK commit moved the 'use Mail::DomainKeys::*' stuff into an eval. The right idea, but tests still fail because I forgot to remove the bare 'use' lines.
2012-05-21 12:17:32 -07:00
Matt Simerson
41550c2681
domainkeys: only register hooks if Mail::DomainKeys is loadable
2012-05-21 05:59:44 -04:00
Matt Simerson
51486d0b04
SPF plugin: refactored, tests, new config option
...
added POD description of spfquery note
changed spf_deny -> reject (and offered 4 more options, see POD for reject)
backwards compatible with old config settings
replicates qmail-smtpd SPF patch behavior
improved logging (again)
uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed.
background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
2012-05-21 04:19:45 -04:00
Matt Simerson
edacbf914c
anglebrackets: emit log entry when change made
2012-05-20 23:41:15 -07:00
Matt Simerson
691955c60f
dnsbl: fixed path to docs/logging.pod
2012-05-20 23:41:09 -07:00
Matt Simerson
1c7d26ecca
dnsbl: added log messages, prefixes, additional args
...
instead of a positional arguments, used named arguments (backwards compatible)
added a couple log message prefixes
removed some trailing whitespace
updated POD
2012-05-20 23:40:23 -07:00
Matt Simerson
5e7568fe71
earlytalker: prefix messages with result keywords
2012-05-20 23:40:15 -07:00
Matt Simerson
4c6054c9fc
vpopmaild: logging improvements
...
added a couple logging calls
prefixed others with pass/skip/fail keywords
2012-05-20 23:40:11 -07:00
Matt Simerson
49dc8bc117
basicheaders: added log messages, tests, named args
...
added log messages at each exit point
added tests
added reject_type option (defer -vs- deny)
added named argument parsing
2012-05-20 23:39:54 -07:00
Matt Simerson
f37fba7c2b
badrcptto: merged plugins, refactored, tests
...
merged badrcptto_pattern into badrcptto
refactored into smaller methods
added unit tests for each method
2012-05-20 23:39:38 -07:00
Matt Simerson
19927a117e
spamassassin: added spam status to log messages
...
added additional values to tests, to suppress test warnings
2012-05-20 23:39:03 -07:00
Matt Simerson
c3d1f6b16e
p0f: tests, tests, tests, backward compat
...
minor changes to facilitate testing
improved error reporting of several failures
added p0f v2 compatibility to p0f v3 results: in addition to all the newer values, also report the old ones too.
2012-05-20 23:38:48 -07:00
Matt Simerson
25a099e20b
dspam: added check for autolearn
...
don't try to use autolearn if it's not set
added tests that exercise and exorcise the bug
2012-05-20 23:38:42 -07:00
Matt Simerson
9b8c5a1be4
rcpt_ok: refactored and added tests
2012-05-20 23:37:37 -07:00
Matt Simerson
c4b8a7a395
hosts_allow: added logging, POD, deploy notes
...
added LOGINFO logging for denials, and LOGDEBUG for other results
added SEE ALSO pod
improved readability
2012-05-20 23:37:33 -07:00
Matt Simerson
35e1ce9883
consolidate auth logic into Qpsmtpd::Auth
...
These 3 auth plugins all have a data store they fetch the reference
password or hash from. They then match the attemped password or hash
against the reference. This consolidates the latter portion (validating
the password/hash) into Auth.pm.
* less duplicated code in the plugins.
* Pass validation consistently handled for these 3 plugins.
* less work to create new auth plugins
Also caches the CRAM-MD5 ticket. It could also cache user/pass info if
this was desirable.
2012-05-20 23:37:06 -07:00
Matt Simerson
6b9881c32e
greylisting, refactored and many changes
...
fixed the vestiges of old plugin name 'denysoft_greylisting'
added ability to bypass greylisting based on geoip
deprecated 'mode [denysoft | testonly | off]
off wasn't useful
testonly & denysoft replaced by reject [ 0 | 1 ]
renamed DB from denysoft_greylist to greylist.dbm. Will use existing/legacy DB if present.
added DB pruning feature. Automatically prune the DB when qpsmtpd registers the plugin. Perhaps this should be a config option to enable?
added DB upgrade feature. Convert dotted quad IP addresses in DB to integers. Makes greylisting IPv6 compatible, since DB records are colon delimited.
exempt TLS connections from greylisting. The vast majority (perhaps all) of the SMTP clients that request encryption to my server are legit. We could add a config option for this, but this plugin already has a multitude of config options.
refactored much of the greylisting method into discreet subs
added 30 tests
added additional DEBUG level logging for p0f matches
POD changes:
replaced over, item N, back, with head2 (better formatted output)
better describe the current behavior of the plugin (some past behaviors no longer exist)
added TRIPLET section with example
added loglevel section
2012-05-20 23:35:46 -07:00
Matt Simerson
5e76d66c66
count_unrecognized_commands
...
simplified logic in a couple places
consolidated duplicated message
added 4 tests
2012-05-20 23:34:58 -07:00
Matt Simerson
74125300da
connection_time:
...
had single positional argument for loglevel,
switched to named args which inherits the more flexible loglevel
shortened logging line
before: connection_time: Connection time from 66.118.151.187: 3.046 sec.
after: connection_time: 3.046 s.
2012-05-20 23:34:26 -07:00
Matt Simerson
19c924d13c
dspam bug fix for messages over max size
...
needs to return DECLINED instead of undef.
2012-05-08 22:37:58 -07:00
Matt Simerson
b53454730d
shebang fix for tls_cert (standalone script)
2012-05-07 12:28:59 -07:00
Matt Simerson
319391affe
auth_ldap: added logging
...
whitespace changes (stinkin windows newline chars)
2012-05-07 09:57:41 -07:00
Matt Simerson
35f26c23bb
spf plugin, added logging
2012-05-07 09:56:37 -07:00
Matt Simerson
fda2f4a730
auth_cvm_unix_local: log entries, strict
2012-05-07 09:55:16 -07:00
Matt Simerson
8103c5a132
added country name to GeoIP plugin
...
and removed redundant words from log entries
2012-05-07 09:54:31 -07:00
Matt Simerson
57d72b3cb4
auth_vpopmail_sql, refactor, log, tests
...
added strict and warnings pragma
refactored
added tests
added more logging
standard log prefixes
tests run pretests to assure tests can succeed
2012-05-07 09:53:03 -07:00
Matt Simerson
adbbfe6f67
auth_vpopmail: refactored, added tests, logging
...
added more logging
standard log prefixes
tests run a pretest to make sure tests have a chance to succeed
2012-05-07 09:52:46 -07:00
Matt Simerson
9059529325
authdeny: added standard log prefix
2012-05-07 09:51:24 -07:00
Matt Simerson
a1c8462557
moved warn plugin POD to top, merged with # comments
2012-05-07 09:50:43 -07:00
Matt Simerson
54f1a11b46
added logging and tests to auth_checkpassword
2012-05-07 09:47:15 -07:00
Matt Simerson
a1b073cfe2
refactored dnsbl, sprinkling logs and tests on it
2012-05-06 16:21:09 -07:00
Matt Simerson
a6e664ce83
Altered SASL method to include the mechanism in log entries.
...
removed auth method from return calls in all auth plugins. The caller knows the mechanism already. In the code, the difference looks like this:
before:
or return (DENY, "authcvm/$method");
after:
or return (DENY, "authcvm");
Added debug level log entries in auth_vpopmaild
Conflicts:
plugins/auth/auth_vpopmail_sql
2012-05-06 16:20:25 -07:00
Matt Simerson
205120f26f
dspam: a batch of improvements:
...
expanded POD
cleaned up stray EOL spaces
added lots of logging, with standardized [ pass | fail | skip ] prefixes
added reject_type option
use split for parsing dspam headers
use SA note instead of parsing headers
added reject = agree option
store & fetch dspam results in a note
2012-05-06 16:18:38 -07:00
Matt Simerson
d644c24c83
spamassassin updates
...
refactored into small subs with unit tests.
parse SA header with split instead of regexp (more reliable)
store SA results in a 'spamassassin' transaction note
add strict and warnings pragma
renamed reject_threshold -> reject (backwards compatible)
added relayclient skip option and POD. Skips SA processing when relayclient is set
added MULTIPLE RECIPIENT BEHAVIOR topic to POD
2012-05-06 16:18:22 -07:00
Matt Simerson
5285774285
refactored Qpsmtpd::Auth::SASL
...
unit tests for new methods are in t/auth.t
added PLAIN and LOGIN tests in auth_flat_file
Most tests are disabled unless an interactive terminal is detected and $ENV{QPSMTPD_DEVELOPER} is set.
2012-05-06 16:17:02 -07:00
Matt Simerson
5ec9695b94
domainkeys: added reject & reject_type options.
...
backwards compatible with previous warn_only option.
added additional logging
refactored out a couple new subs.
minor changes: added strictures, warnings, moved 'use' statements to top of code
2012-05-06 16:09:41 -07:00
Matt Simerson
0c7ee4941b
added logging and tests to check_badmailfrom
...
refactored several checks out of hook_mail and added LOGDEBUG
added tests for is_immune method
2012-05-06 16:08:28 -07:00
Matt Simerson
dd5cccd49f
converted comments to POD in check_relay plugin
2012-05-06 16:06:24 -07:00
Matt Simerson
44ae52818e
added vpopmail_sql db connect error handling.
...
Conflicts:
plugins/auth/auth_vpopmail_sql
2012-05-06 16:05:28 -07:00
Matt Simerson
219392590e
make authdeny POD docs match plugin name
...
I would rather the plugin were named auth_deny as the POD has, but renaming plugins is currently a sticky mess due to backwards compatibility.
2012-05-06 16:02:56 -07:00
Matt Simerson
1910fabf0e
badmailfromto: added strictures, tests, and
...
rearranged portionsn of logic for ease of reading
2012-05-06 16:02:43 -07:00