Commit Graph

151 Commits

Author SHA1 Message Date
John Peacock
bfcd620a83 Fix problems with tls and relay_client.
* lib/Qpsmtpd/Connection.pm
    Abstract out parameters which can be reused (e.g. TLS) or can be
    set when creating the Connection object via start().

* plugins/tls
    Simplify code to use $self->clone() construct and also suppress
    IO::Socket::SSL debug noise, now that this is working.

* plugins/tls_cert
    New file to automate creating self-signed certificates for TLS.

git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@597 958fd67b-6ff1-0310-b445-bb7760255be9
2006-01-05 02:12:46 +00:00
John Peacock
c9779a3376 * plugins/virus/clamdscan
Use LOGNOTICE instead of LOGERROR when bailing early due to
    non-multipart message.

    Test clamd->ping() before scanning, and bail if it doesn't
    answer (with an appropriate error).

    Patch submitted by Dave Rolsky <autarch@urth.org>.

git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@583 958fd67b-6ff1-0310-b445-bb7760255be9
2005-12-10 21:11:04 +00:00
Matt Sergeant
111afb91db No strict refs when assigning to a glob
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.31@551 958fd67b-6ff1-0310-b445-bb7760255be9
2005-10-07 14:30:10 +00:00
Matt Sergeant
0d8d9f03b8 Merge from trunk r540:541
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.31@542 958fd67b-6ff1-0310-b445-bb7760255be9
2005-08-15 18:43:19 +00:00
Devin Carraway
bde5a3fef9 Merge r534 from trunk (caution about using large wait times in
check_earlytalker)


git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.31@535 958fd67b-6ff1-0310-b445-bb7760255be9
2005-07-30 07:22:13 +00:00
Devin Carraway
a9bb35d180 Enable svn:keywords
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.31@528 958fd67b-6ff1-0310-b445-bb7760255be9
2005-07-29 07:41:54 +00:00
Devin Carraway
26bc3e25b8 Import Exim BSMTP queue plugin, updated to 0.31 API
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.31@527 958fd67b-6ff1-0310-b445-bb7760255be9
2005-07-29 07:41:10 +00:00
John Peacock
ea28e88fa6 Extend require_resolvable_fromhost to include a configurable list of
"impossible" addresses to combat spammer forging.  (Hanno Hecker)

git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.31@522 958fd67b-6ff1-0310-b445-bb7760255be9
2005-07-28 20:25:54 +00:00
Matt Sergeant
820a3bcb2b return DECLINED for bad_ssl
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.31@516 958fd67b-6ff1-0310-b445-bb7760255be9
2005-07-18 12:51:57 +00:00
John Peacock
a69b2e1526 [merge from trunk] Missed hook to data_post to add headers
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.31@514 958fd67b-6ff1-0310-b445-bb7760255be9
2005-07-18 11:13:17 +00:00
Matt Sergeant
bcbe2ac25f Don't do exists() on a method call
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.31@506 958fd67b-6ff1-0310-b445-bb7760255be9
2005-07-14 13:25:48 +00:00
John Peacock
35f45f208b These changes to trunk were missed when 0.31 was branched.
r588@jpeacock (orig r490):  jpeacock | 2005-07-09 07:03:53 -0400
  r547@jpeacock:  jpeacock | 2005-07-02 07:20:17 -0400
  Replace pithy comment with something more neutral.
  Thanks Gordon Rowell <gordonr@gormand.com.au>
  r548@jpeacock:  jpeacock | 2005-07-02 07:24:21 -0400
  Example patterns for badrcptto plugin - Gordon Rowell <gordonr@gormand.com.au>
  r586@jpeacock:  jpeacock | 2005-07-09 06:54:47 -0400
  Don't use varlog() directly unless you are passing all parameters.
  Don't try to log() anything during loading of logging plugins.
  r587@jpeacock:  jpeacock | 2005-07-09 06:59:57 -0400
  Cannot use new-style hooking with logging plugins (yet).
 
 r590@jpeacock (orig r491):  jpeacock | 2005-07-10 06:56:55 -0400
  r589@jpeacock:  jpeacock | 2005-07-10 06:54:32 -0400
  Track hooks as array and hash.
  Re-revert changes to logging plugins to use new-style hooking.
  logging/adaptive assumed that register() has been called before hook_logging.
 


git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.31@503 958fd67b-6ff1-0310-b445-bb7760255be9
2005-07-14 02:31:01 +00:00
Matt Sergeant
f0b31cbb9b MERGE 498:499 FROM https://svn.perl.org/qpsmtpd/trunk
Better fix for pipe being closed bug


git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.31@500 958fd67b-6ff1-0310-b445-bb7760255be9
2005-07-12 22:14:48 +00:00
Matt Sergeant
11da7e2778 Work around race condition (not fixed, but mostly fixed)
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.31@495 958fd67b-6ff1-0310-b445-bb7760255be9
2005-07-11 16:00:03 +00:00
Matt Sergeant
8a3c3c40b0 tls support
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.31@489 958fd67b-6ff1-0310-b445-bb7760255be9
2005-07-08 16:50:24 +00:00
Robert Spier
90daeb3786 r483@dog: rspier | 2005-07-06 21:17:00 -0700
The great plugin renaming in the name of inheritance and standardization commit.
 
 1. new concept of standard hook_ names.
 2. Plugin::init
 3. renamed many subroutines in plugins (and cleaned up register subs)
 4. updated README.plugins
 


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@479 958fd67b-6ff1-0310-b445-bb7760255be9
2005-07-07 04:17:39 +00:00
Ask Bjørn Hansen
4f0c4d94a1 The unrecognized_command hook now understands the DENY_DISCONNECT return
and the DENY return is deprecated.


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@473 958fd67b-6ff1-0310-b445-bb7760255be9
2005-07-06 21:52:45 +00:00
John Peacock
532ce30f64 Replace $ENV{RELAYCLIENT} with $connection->relay_client in last plugin.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@453 958fd67b-6ff1-0310-b445-bb7760255be9
2005-06-28 13:35:29 +00:00
John Peacock
5b9f01b5e4 New AV plugin. Uses SOPHOS Antivirus via Sophie resident daemon.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@448 958fd67b-6ff1-0310-b445-bb7760255be9
2005-06-22 20:06:54 +00:00
John Peacock
51b035ad62 Switch sense of adaptive logging. Immediately echo log lines <= max level
and save log lines <= min level.  IIF a message is accepted for delivery,
 then echo out the saved log lines (typically just FROM and TO) with the prefix
 for multilog filtering into independent log files.

 Update POD in logging/adaptive to describe changed behavior as well as give
 an example log/run file to filter the messages accordingly.


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@443 958fd67b-6ff1-0310-b445-bb7760255be9
2005-06-22 14:42:09 +00:00
John Peacock
9664eb9469 Change remaining plugins to use LOGXXXX constants instead of bare numbers.
Change plugins/dnsbl to permit AUTH'd or other relay clients even if IP
is on a blacklist.


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@442 958fd67b-6ff1-0310-b445-bb7760255be9
2005-06-22 14:08:57 +00:00
Matt Sergeant
b906f67123 Ported to support Apache::Qpsmtpd
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@439 958fd67b-6ff1-0310-b445-bb7760255be9
2005-06-20 18:46:38 +00:00
Matt Sergeant
9ba9d68f72 check_loop plugin by Keith Ivey
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@438 958fd67b-6ff1-0310-b445-bb7760255be9
2005-06-20 14:56:36 +00:00
John Peacock
4360370e7e A new auth plugin by Gordon Rowell <gordonr@gormand.com.au>
Interfaces with Bruce Guenther's Credential Validation Module (CVM)

 *   plugins/auth/auth_cvm_unix_local
     Only DENY if the credentials were accepted but incorrect (bad password?)


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@432 958fd67b-6ff1-0310-b445-bb7760255be9
2005-06-10 12:11:26 +00:00
John Peacock
8b50b6dd46 Two new plugins from Gordon Rowell <gordonr@gormand.com.au>
*   plugins/check_badrcptto_patterns
     Match bad RCPTO address with regex
 
 *   plugins/check_norelay
     Carve out holes from larger relay blocks


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@431 958fd67b-6ff1-0310-b445-bb7760255be9
2005-06-09 16:36:43 +00:00
John Peacock
662003437d * qpsmtpd-forkserver
Create a single Qpsmtpd::TcpServer object in the parent process and
     then rely on fork to let each child have it's own copy
     
 *   lib/Qpsmtpd/Plugin.pm
     Add new pre-connection and post-connection hooks
     
 *   README.plugins
     Document the above new hooks

 *   lib/Qpsmtpd.pm
     No longer have local value for trace_level() the first time through, which 
     was masking the global value (due to stupid search/replace error).
     Don't call log() from trace_level() since it is only ever called from
     within the varlog() sub when no logging plugin is registered.

 *   plugins/dnsbl
     Config line option to use DENY_DISCONNECT instead of DENY (since any IP
     on a blacklist should not have a chance to send anything for now).
     Add POD to document the new disconnect behavior

 *   lib/Qpsmtpd.pm
     Compatibility changes so test files continue to work
 
 *   t/Test/Qpsmtpd.pm
     Compatibility sub for core subs which call varlog() directly


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@428 958fd67b-6ff1-0310-b445-bb7760255be9
2005-05-25 20:07:58 +00:00
John Peacock
270f9c9a70 * plugins/auth/auth_ldap_bind
Correct DECLINE to DECLINED


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@405 958fd67b-6ff1-0310-b445-bb7760255be9
2005-04-12 20:48:53 +00:00
John Peacock
58ded6369d * lib/Qpsmtpd/Auth.pm
Fix some totally egregious spelling errors
 
 *  plugins/auth/auth_ldap_bind
    New plugin to authenticate against an LDAP database
    Thanks to Elliot Foster <elliotf@gratuitous.net>


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@404 958fd67b-6ff1-0310-b445-bb7760255be9
2005-04-12 19:59:52 +00:00
John Peacock
1be0263025 * plugins/logging/adaptive
Skip empty log lines in both accept and reject case


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@403 958fd67b-6ff1-0310-b445-bb7760255be9
2005-04-06 18:34:02 +00:00
Matt Sergeant
bfe7e6cb63 Flat file auth plugin
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@402 958fd67b-6ff1-0310-b445-bb7760255be9
2005-03-30 20:50:34 +00:00
John Peacock
89fd516d8e Revamp Qpsmtpd::Constants so it is possible to retrieve the text
representation from the numeric (for logging purposes).  Add new logging
plugin, logging/adaptive, which logs at different levels depending on
whether the message was accepted/rejected.
 
 *  lib/Qpsmtpd/Constants.pm
    use hashes for storing return_codes and log_levels
    export accessor methods to retrieve the text representations
 
 *  lib/Qpsmtpd.pm
    Rename log_level() to trace_level() so as to not conflict with the same
    name in Qpsmtpd::Constants.
    Call return_code() to display the text form when logging
 
 *  plugins/logging/adaptive
    Better documentation
    Support named parameters and prefix
    Call return_code() to display the text form when logging
 
 *  plugins/logging/warn
    Include POD

 *  README.logging
    First pass at documenting the logging plugin API

 *  config.sample/loglevel
    New numbering scheme to map directly to syslog levels


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@401 958fd67b-6ff1-0310-b445-bb7760255be9
2005-03-29 20:15:53 +00:00
John Peacock
e331f6b248 Add plugable logging support include sample plugin which replicates the
existing core code.  Add OK hook.

*  lib/Qpsmtpd.pm
   (init_logger): replaced with log_level()
   (load_logging): NEW - load logging plugins without calling log()
   (log_level): NEW - set/get global $LogLevel scalar
   (log): now just a wrapper for varlog(); called only by core code
   (varlog): initializes logging if not already done, calls logging plugins
     in turn and falls back to interal logging unless plugins OK or DECLINED
   (_load_plugins): only display "Loading plugin" when actually loading one
   (run_hooks): load logging plugins without calling log(); add OK hook as
     else of the DENY* case
   (spool_dir): use global $Spool_dir scalar to cache location

*  lib/Qpsmtpd/Plugin.pm
   (%hooks): add "logging" and "ok"
   (register_hook): add local _hook to object cache
   (log): call varlog() with additional parameters hook and plugin_name
     except for logging hook
   (compile): add accessor sub for local _hook scalar

*  lib/Qpsmtpd/SMTP.pm
   (mail, rcpt): change loglevel to LOGALERT instead of LOGWARN for from/to

*  qpsmtpd-forkserver
   (REAPER): use package ::log() instead of warn()
   (main): defer calling log until $plugin_loader has been initialized
   (log): call logging using the $plugin_loader object

*  plugins/logging/warn
   NEW: sample plugin which replicates the core logging functionality

*  plugins/logging/devnull
   NEW: sample plugin which logs nothing (for testing multiple logging
     plugin functionality)

*  config.sample/logging
   sample configuration file for logging plugins

*  plugins/virus/uvscan
   plugins/virus/clamav
   Increase loglevel for non-serious warnings to LOGWARN from LOGERROR


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@398 958fd67b-6ff1-0310-b445-bb7760255be9
2005-03-24 21:16:35 +00:00
Ask Bjørn Hansen
aef508cb7b Don't check the HELO host for rfc-ignorant compliance (maybe this should be an option?)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@397 958fd67b-6ff1-0310-b445-bb7760255be9
2005-03-24 19:17:46 +00:00
John Peacock
43f39a4538 * plugins/virus/clamdscan
Correctly support alternate domain socket
    Remove a tab that crept in


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@383 958fd67b-6ff1-0310-b445-bb7760255be9
2005-03-04 16:04:59 +00:00
Ask Bjørn Hansen
a44957dc86 fix thinko from the log cleanup
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@381 958fd67b-6ff1-0310-b445-bb7760255be9
2005-03-03 17:28:43 +00:00
Matt Sergeant
43aa207242 Fix all uses of warn() to be $self->log(LOGWARN, ...)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@380 958fd67b-6ff1-0310-b445-bb7760255be9
2005-03-03 02:37:04 +00:00
John Peacock
167939748c * Changes
Remember (belatedly) to add changes here

*   MANIFEST
    Add all new files to this list

*   plugins/virus/clamdscan
    New AV plugin to directly communicate with clamd daemon


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@378 958fd67b-6ff1-0310-b445-bb7760255be9
2005-03-01 20:11:09 +00:00
John Peacock
889845af24 * plugins/virus/clamav
Scan temporary file directly now that the spooled file includes the
    entire message

*   plugins/virus/bitdefender - John Peacock
    plugins/virus/hbedv - Hanno Hecker
    New AV plugins


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@377 958fd67b-6ff1-0310-b445-bb7760255be9
2005-03-01 19:55:18 +00:00
John Peacock
72eb14dcfb * plugins/virus/clamav
Reword the POD to explain exactly how to chmod the directories to get
    clamdscan to work within the spool directory (Thanks to Robin Bowes)


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@373 958fd67b-6ff1-0310-b445-bb7760255be9
2005-02-25 03:06:22 +00:00
John Peacock
f95c2f8826 * plugins/virus/clamav
Improved documentation for running clamdscan correctly inside the
    qpsmtpd spool directory.

    Change file permissions to permit non-owner external process to access
    files inside spool directory


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@372 958fd67b-6ff1-0310-b445-bb7760255be9
2005-02-24 20:00:23 +00:00
John Peacock
c049917d8e * plugins/virus/clamav
Provide more documentation on using clamdscan
    Provide back_compat option to eliminate warnings in log with old ClamAV
    Use new $self->spool_dir() function instead of homebrew


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@371 958fd67b-6ff1-0310-b445-bb7760255be9
2005-02-24 16:54:02 +00:00
John Peacock
9da2fc7343 Explicitely ignore non-multipart messages for virus scanning
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@370 958fd67b-6ff1-0310-b445-bb7760255be9
2005-02-22 22:01:21 +00:00
Ask Bjørn Hansen
40a1f2fc2a add Gavin's greylisting plugin
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@365 958fd67b-6ff1-0310-b445-bb7760255be9
2005-02-15 21:42:52 +00:00
John Peacock
60cab010f8 * plugins/auth/auth_vpopmail_sql
Handle case where pw_clear_passwd doesn't exists in vpopmail database


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@360 958fd67b-6ff1-0310-b445-bb7760255be9
2005-02-10 14:33:13 +00:00
John Peacock
1d1799feb6 Correct handling for vpopmail built without clear password option
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@358 958fd67b-6ff1-0310-b445-bb7760255be9
2005-01-30 17:24:49 +00:00
John Peacock
c840a1d04f Changes by jpeacock@cpan.org (John Peacock)
o plugins/check_badmailfromto
    - New plugin in the style of check_badmailfrom, which matches a pair
      of FROM/TO and makes it seem like the recipient's address no longer
      exists (but only from the matching sender's point of view).  Useful
      for stalkers and other harassment cases.

o plugins/dns_whitelist_soft
    - New plugin to provide a DNS-based whitelist (good for distributed
      sites).

o various files
    - Replaced tab character with 8 spaces and adjusted line breaks for
      better readability.

Changes by mct@toren.net (Michael C. Toren)

o lib/Qpsmtpd/SMTP.pm

    - Assumes a MAIL FROM value of "<#@[]>" (utilized by qmail to
      indicate a null sender when generating a doublebounce message)
      is equivalent to "<>".  Previously qpsmtpd complained that the
      value could not be parsed.

    - Adds LOGIN to the default list of supported auth mechanisms.
      The documentation in Auth.pm indicated that auth-login was not
      currently supported due to lack of functionality, however I can
      confirm that LOGIN appears to work fine as tested by using msmtp
      (http://msmtp.sourceforge.net/).  Are there any indications that
      LOGIN support is actually broken in the current implementation?

    - Removes the "X-Qpsmtpd-Auth: True" header appended when a message
      has been sent by an authenticated user.  One problem with such a
      header is that it's impossible to say which SMTP hop added it,
      and it provides no information which could be used to backtrack
      the transaction.  I grepped through my mail archives a bit
      looking for how other MTAs handled the problem, and decided it
      would be best to place this information in the Received: header:

        Received: from remotehost (HELO remotehost) (192.168.42.42)
          (smtp-auth username foo, mechanism cram-md5)
          by mail.netisland.net (qpsmtpd/0.28) with ESMTP; <date>


o lib/Qpsmtpd/Auth.pm:

    - Documentation update for the arguments passed to an auth
      handler; previously the $mechanism argument was not mentioned,
      which threw off the argument offsets.

    - Documentation update for auth-login removing the warning
      that auth-login is not currently supported due to lack of
      functionality.

    - Fix to execute a generic auth hook when a more specific
      auth-$mechanism hook does not exist.  (Previously posted
      to the list last week.)

    - Upon authentication, sets $session->{_auth_user} and
      $session->{_auth_mechanism} so that SMTP.pm can include them
      in the Received: header.


o plugins/queue/qmail-queue

    - Added a timestamp and the qmail-queue qp identifier to the
      "Queued!" 250 message, for compatibility with qmail-smtpd, which
      can be very useful for tracking message delivery from machine to
      machine.  For example, the new 250 message might be:

        250 Queued! 1105927468 qp 3210 <1105927457@netisland.net>

      qmail-smtpd returns:

        250 ok 1106546213 qp 7129

      Additionally, for consistency angle brackets are placed around
      the Message-ID displayed in the 250 if they were missing in the
      message header.


o plugins/check_badmailfrom:

    - Changed the error message from "Mail from $bad not accepted
      here" to "sorry, your envelope sender is in my badmailfrom
      list", for compatibility with qmail-smtpd.  I didn't see any
      reason to share with the sender the value of $bad, especially
      for situations where the sender was rejected resulting from a
      wildcard.


o plugins/check_earlytalker:
o plugins/require_resolvable_fromhost:

    - No longer checks for earlytalkers or resolvable senders if the
      connection note "whitelistclient" is set, which is nice for
      helping backup MX hosts empty their queue faster.


o plugins/count_unrecognized_commands:

    - Return code changed from DENY_DISCONNECT, which isn't valid in
      an unrecognized_command hook, to DENY, which in this context
      drops the connection anyway.  (Previously posted to the list
      last week.)


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@356 958fd67b-6ff1-0310-b445-bb7760255be9
2005-01-28 03:30:50 +00:00
Robert Spier
ed2ab5f5fd From: Nick Leverton <>
Subject: SPF plugin: using it in practice (PATCH attached for CVS)
Date: Tue, 30 Nov 2004 11:35:30 +0000
Message-ID: <20041130113530.GA31737@leverton.org>


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@355 958fd67b-6ff1-0310-b445-bb7760255be9
2004-12-02 07:26:11 +00:00
Robert Spier
ddc945f8f6 DENYHARD is deprecated in favor of DENY_DISCONNECT
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@353 958fd67b-6ff1-0310-b445-bb7760255be9
2004-11-28 05:58:58 +00:00
Robert Spier
9422b16c0f Inspired by Justin E@Apache...
- log the fact that badmailfrom is rejecting
- emacs header
- formatting tweak


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@352 958fd67b-6ff1-0310-b445-bb7760255be9
2004-11-27 18:40:54 +00:00
Robert Spier
3757913d54 Remove extraneous filehandling twiddling from qmail-queue that could cause weirdness if the exec failed.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@351 958fd67b-6ff1-0310-b445-bb7760255be9
2004-11-27 17:54:46 +00:00