Commit Graph

135 Commits

Author SHA1 Message Date
Ask Bjørn Hansen
4f0c4d94a1 The unrecognized_command hook now understands the DENY_DISCONNECT return
and the DENY return is deprecated.


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@473 958fd67b-6ff1-0310-b445-bb7760255be9
2005-07-06 21:52:45 +00:00
John Peacock
532ce30f64 Replace $ENV{RELAYCLIENT} with $connection->relay_client in last plugin.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@453 958fd67b-6ff1-0310-b445-bb7760255be9
2005-06-28 13:35:29 +00:00
John Peacock
5b9f01b5e4 New AV plugin. Uses SOPHOS Antivirus via Sophie resident daemon.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@448 958fd67b-6ff1-0310-b445-bb7760255be9
2005-06-22 20:06:54 +00:00
John Peacock
51b035ad62 Switch sense of adaptive logging. Immediately echo log lines <= max level
and save log lines <= min level.  IIF a message is accepted for delivery,
 then echo out the saved log lines (typically just FROM and TO) with the prefix
 for multilog filtering into independent log files.

 Update POD in logging/adaptive to describe changed behavior as well as give
 an example log/run file to filter the messages accordingly.


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@443 958fd67b-6ff1-0310-b445-bb7760255be9
2005-06-22 14:42:09 +00:00
John Peacock
9664eb9469 Change remaining plugins to use LOGXXXX constants instead of bare numbers.
Change plugins/dnsbl to permit AUTH'd or other relay clients even if IP
is on a blacklist.


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@442 958fd67b-6ff1-0310-b445-bb7760255be9
2005-06-22 14:08:57 +00:00
Matt Sergeant
b906f67123 Ported to support Apache::Qpsmtpd
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@439 958fd67b-6ff1-0310-b445-bb7760255be9
2005-06-20 18:46:38 +00:00
Matt Sergeant
9ba9d68f72 check_loop plugin by Keith Ivey
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@438 958fd67b-6ff1-0310-b445-bb7760255be9
2005-06-20 14:56:36 +00:00
John Peacock
4360370e7e A new auth plugin by Gordon Rowell <gordonr@gormand.com.au>
Interfaces with Bruce Guenther's Credential Validation Module (CVM)

 *   plugins/auth/auth_cvm_unix_local
     Only DENY if the credentials were accepted but incorrect (bad password?)


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@432 958fd67b-6ff1-0310-b445-bb7760255be9
2005-06-10 12:11:26 +00:00
John Peacock
8b50b6dd46 Two new plugins from Gordon Rowell <gordonr@gormand.com.au>
*   plugins/check_badrcptto_patterns
     Match bad RCPTO address with regex
 
 *   plugins/check_norelay
     Carve out holes from larger relay blocks


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@431 958fd67b-6ff1-0310-b445-bb7760255be9
2005-06-09 16:36:43 +00:00
John Peacock
662003437d * qpsmtpd-forkserver
Create a single Qpsmtpd::TcpServer object in the parent process and
     then rely on fork to let each child have it's own copy
     
 *   lib/Qpsmtpd/Plugin.pm
     Add new pre-connection and post-connection hooks
     
 *   README.plugins
     Document the above new hooks

 *   lib/Qpsmtpd.pm
     No longer have local value for trace_level() the first time through, which 
     was masking the global value (due to stupid search/replace error).
     Don't call log() from trace_level() since it is only ever called from
     within the varlog() sub when no logging plugin is registered.

 *   plugins/dnsbl
     Config line option to use DENY_DISCONNECT instead of DENY (since any IP
     on a blacklist should not have a chance to send anything for now).
     Add POD to document the new disconnect behavior

 *   lib/Qpsmtpd.pm
     Compatibility changes so test files continue to work
 
 *   t/Test/Qpsmtpd.pm
     Compatibility sub for core subs which call varlog() directly


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@428 958fd67b-6ff1-0310-b445-bb7760255be9
2005-05-25 20:07:58 +00:00
John Peacock
270f9c9a70 * plugins/auth/auth_ldap_bind
Correct DECLINE to DECLINED


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@405 958fd67b-6ff1-0310-b445-bb7760255be9
2005-04-12 20:48:53 +00:00
John Peacock
58ded6369d * lib/Qpsmtpd/Auth.pm
Fix some totally egregious spelling errors
 
 *  plugins/auth/auth_ldap_bind
    New plugin to authenticate against an LDAP database
    Thanks to Elliot Foster <elliotf@gratuitous.net>


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@404 958fd67b-6ff1-0310-b445-bb7760255be9
2005-04-12 19:59:52 +00:00
John Peacock
1be0263025 * plugins/logging/adaptive
Skip empty log lines in both accept and reject case


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@403 958fd67b-6ff1-0310-b445-bb7760255be9
2005-04-06 18:34:02 +00:00
Matt Sergeant
bfe7e6cb63 Flat file auth plugin
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@402 958fd67b-6ff1-0310-b445-bb7760255be9
2005-03-30 20:50:34 +00:00
John Peacock
89fd516d8e Revamp Qpsmtpd::Constants so it is possible to retrieve the text
representation from the numeric (for logging purposes).  Add new logging
plugin, logging/adaptive, which logs at different levels depending on
whether the message was accepted/rejected.
 
 *  lib/Qpsmtpd/Constants.pm
    use hashes for storing return_codes and log_levels
    export accessor methods to retrieve the text representations
 
 *  lib/Qpsmtpd.pm
    Rename log_level() to trace_level() so as to not conflict with the same
    name in Qpsmtpd::Constants.
    Call return_code() to display the text form when logging
 
 *  plugins/logging/adaptive
    Better documentation
    Support named parameters and prefix
    Call return_code() to display the text form when logging
 
 *  plugins/logging/warn
    Include POD

 *  README.logging
    First pass at documenting the logging plugin API

 *  config.sample/loglevel
    New numbering scheme to map directly to syslog levels


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@401 958fd67b-6ff1-0310-b445-bb7760255be9
2005-03-29 20:15:53 +00:00
John Peacock
e331f6b248 Add plugable logging support include sample plugin which replicates the
existing core code.  Add OK hook.

*  lib/Qpsmtpd.pm
   (init_logger): replaced with log_level()
   (load_logging): NEW - load logging plugins without calling log()
   (log_level): NEW - set/get global $LogLevel scalar
   (log): now just a wrapper for varlog(); called only by core code
   (varlog): initializes logging if not already done, calls logging plugins
     in turn and falls back to interal logging unless plugins OK or DECLINED
   (_load_plugins): only display "Loading plugin" when actually loading one
   (run_hooks): load logging plugins without calling log(); add OK hook as
     else of the DENY* case
   (spool_dir): use global $Spool_dir scalar to cache location

*  lib/Qpsmtpd/Plugin.pm
   (%hooks): add "logging" and "ok"
   (register_hook): add local _hook to object cache
   (log): call varlog() with additional parameters hook and plugin_name
     except for logging hook
   (compile): add accessor sub for local _hook scalar

*  lib/Qpsmtpd/SMTP.pm
   (mail, rcpt): change loglevel to LOGALERT instead of LOGWARN for from/to

*  qpsmtpd-forkserver
   (REAPER): use package ::log() instead of warn()
   (main): defer calling log until $plugin_loader has been initialized
   (log): call logging using the $plugin_loader object

*  plugins/logging/warn
   NEW: sample plugin which replicates the core logging functionality

*  plugins/logging/devnull
   NEW: sample plugin which logs nothing (for testing multiple logging
     plugin functionality)

*  config.sample/logging
   sample configuration file for logging plugins

*  plugins/virus/uvscan
   plugins/virus/clamav
   Increase loglevel for non-serious warnings to LOGWARN from LOGERROR


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@398 958fd67b-6ff1-0310-b445-bb7760255be9
2005-03-24 21:16:35 +00:00
Ask Bjørn Hansen
aef508cb7b Don't check the HELO host for rfc-ignorant compliance (maybe this should be an option?)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@397 958fd67b-6ff1-0310-b445-bb7760255be9
2005-03-24 19:17:46 +00:00
John Peacock
43f39a4538 * plugins/virus/clamdscan
Correctly support alternate domain socket
    Remove a tab that crept in


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@383 958fd67b-6ff1-0310-b445-bb7760255be9
2005-03-04 16:04:59 +00:00
Ask Bjørn Hansen
a44957dc86 fix thinko from the log cleanup
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@381 958fd67b-6ff1-0310-b445-bb7760255be9
2005-03-03 17:28:43 +00:00
Matt Sergeant
43aa207242 Fix all uses of warn() to be $self->log(LOGWARN, ...)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@380 958fd67b-6ff1-0310-b445-bb7760255be9
2005-03-03 02:37:04 +00:00
John Peacock
167939748c * Changes
Remember (belatedly) to add changes here

*   MANIFEST
    Add all new files to this list

*   plugins/virus/clamdscan
    New AV plugin to directly communicate with clamd daemon


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@378 958fd67b-6ff1-0310-b445-bb7760255be9
2005-03-01 20:11:09 +00:00
John Peacock
889845af24 * plugins/virus/clamav
Scan temporary file directly now that the spooled file includes the
    entire message

*   plugins/virus/bitdefender - John Peacock
    plugins/virus/hbedv - Hanno Hecker
    New AV plugins


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@377 958fd67b-6ff1-0310-b445-bb7760255be9
2005-03-01 19:55:18 +00:00
John Peacock
72eb14dcfb * plugins/virus/clamav
Reword the POD to explain exactly how to chmod the directories to get
    clamdscan to work within the spool directory (Thanks to Robin Bowes)


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@373 958fd67b-6ff1-0310-b445-bb7760255be9
2005-02-25 03:06:22 +00:00
John Peacock
f95c2f8826 * plugins/virus/clamav
Improved documentation for running clamdscan correctly inside the
    qpsmtpd spool directory.

    Change file permissions to permit non-owner external process to access
    files inside spool directory


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@372 958fd67b-6ff1-0310-b445-bb7760255be9
2005-02-24 20:00:23 +00:00
John Peacock
c049917d8e * plugins/virus/clamav
Provide more documentation on using clamdscan
    Provide back_compat option to eliminate warnings in log with old ClamAV
    Use new $self->spool_dir() function instead of homebrew


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@371 958fd67b-6ff1-0310-b445-bb7760255be9
2005-02-24 16:54:02 +00:00
John Peacock
9da2fc7343 Explicitely ignore non-multipart messages for virus scanning
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@370 958fd67b-6ff1-0310-b445-bb7760255be9
2005-02-22 22:01:21 +00:00
Ask Bjørn Hansen
40a1f2fc2a add Gavin's greylisting plugin
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@365 958fd67b-6ff1-0310-b445-bb7760255be9
2005-02-15 21:42:52 +00:00
John Peacock
60cab010f8 * plugins/auth/auth_vpopmail_sql
Handle case where pw_clear_passwd doesn't exists in vpopmail database


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@360 958fd67b-6ff1-0310-b445-bb7760255be9
2005-02-10 14:33:13 +00:00
John Peacock
1d1799feb6 Correct handling for vpopmail built without clear password option
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@358 958fd67b-6ff1-0310-b445-bb7760255be9
2005-01-30 17:24:49 +00:00
John Peacock
c840a1d04f Changes by jpeacock@cpan.org (John Peacock)
o plugins/check_badmailfromto
    - New plugin in the style of check_badmailfrom, which matches a pair
      of FROM/TO and makes it seem like the recipient's address no longer
      exists (but only from the matching sender's point of view).  Useful
      for stalkers and other harassment cases.

o plugins/dns_whitelist_soft
    - New plugin to provide a DNS-based whitelist (good for distributed
      sites).

o various files
    - Replaced tab character with 8 spaces and adjusted line breaks for
      better readability.

Changes by mct@toren.net (Michael C. Toren)

o lib/Qpsmtpd/SMTP.pm

    - Assumes a MAIL FROM value of "<#@[]>" (utilized by qmail to
      indicate a null sender when generating a doublebounce message)
      is equivalent to "<>".  Previously qpsmtpd complained that the
      value could not be parsed.

    - Adds LOGIN to the default list of supported auth mechanisms.
      The documentation in Auth.pm indicated that auth-login was not
      currently supported due to lack of functionality, however I can
      confirm that LOGIN appears to work fine as tested by using msmtp
      (http://msmtp.sourceforge.net/).  Are there any indications that
      LOGIN support is actually broken in the current implementation?

    - Removes the "X-Qpsmtpd-Auth: True" header appended when a message
      has been sent by an authenticated user.  One problem with such a
      header is that it's impossible to say which SMTP hop added it,
      and it provides no information which could be used to backtrack
      the transaction.  I grepped through my mail archives a bit
      looking for how other MTAs handled the problem, and decided it
      would be best to place this information in the Received: header:

        Received: from remotehost (HELO remotehost) (192.168.42.42)
          (smtp-auth username foo, mechanism cram-md5)
          by mail.netisland.net (qpsmtpd/0.28) with ESMTP; <date>


o lib/Qpsmtpd/Auth.pm:

    - Documentation update for the arguments passed to an auth
      handler; previously the $mechanism argument was not mentioned,
      which threw off the argument offsets.

    - Documentation update for auth-login removing the warning
      that auth-login is not currently supported due to lack of
      functionality.

    - Fix to execute a generic auth hook when a more specific
      auth-$mechanism hook does not exist.  (Previously posted
      to the list last week.)

    - Upon authentication, sets $session->{_auth_user} and
      $session->{_auth_mechanism} so that SMTP.pm can include them
      in the Received: header.


o plugins/queue/qmail-queue

    - Added a timestamp and the qmail-queue qp identifier to the
      "Queued!" 250 message, for compatibility with qmail-smtpd, which
      can be very useful for tracking message delivery from machine to
      machine.  For example, the new 250 message might be:

        250 Queued! 1105927468 qp 3210 <1105927457@netisland.net>

      qmail-smtpd returns:

        250 ok 1106546213 qp 7129

      Additionally, for consistency angle brackets are placed around
      the Message-ID displayed in the 250 if they were missing in the
      message header.


o plugins/check_badmailfrom:

    - Changed the error message from "Mail from $bad not accepted
      here" to "sorry, your envelope sender is in my badmailfrom
      list", for compatibility with qmail-smtpd.  I didn't see any
      reason to share with the sender the value of $bad, especially
      for situations where the sender was rejected resulting from a
      wildcard.


o plugins/check_earlytalker:
o plugins/require_resolvable_fromhost:

    - No longer checks for earlytalkers or resolvable senders if the
      connection note "whitelistclient" is set, which is nice for
      helping backup MX hosts empty their queue faster.


o plugins/count_unrecognized_commands:

    - Return code changed from DENY_DISCONNECT, which isn't valid in
      an unrecognized_command hook, to DENY, which in this context
      drops the connection anyway.  (Previously posted to the list
      last week.)


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@356 958fd67b-6ff1-0310-b445-bb7760255be9
2005-01-28 03:30:50 +00:00
Robert Spier
ed2ab5f5fd From: Nick Leverton <>
Subject: SPF plugin: using it in practice (PATCH attached for CVS)
Date: Tue, 30 Nov 2004 11:35:30 +0000
Message-ID: <20041130113530.GA31737@leverton.org>


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@355 958fd67b-6ff1-0310-b445-bb7760255be9
2004-12-02 07:26:11 +00:00
Robert Spier
ddc945f8f6 DENYHARD is deprecated in favor of DENY_DISCONNECT
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@353 958fd67b-6ff1-0310-b445-bb7760255be9
2004-11-28 05:58:58 +00:00
Robert Spier
9422b16c0f Inspired by Justin E@Apache...
- log the fact that badmailfrom is rejecting
- emacs header
- formatting tweak


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@352 958fd67b-6ff1-0310-b445-bb7760255be9
2004-11-27 18:40:54 +00:00
Robert Spier
3757913d54 Remove extraneous filehandling twiddling from qmail-queue that could cause weirdness if the exec failed.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@351 958fd67b-6ff1-0310-b445-bb7760255be9
2004-11-27 17:54:46 +00:00
Robert Spier
3341a5b4ab emacsisms, more timeouts
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@350 958fd67b-6ff1-0310-b445-bb7760255be9
2004-11-27 07:08:46 +00:00
Robert Spier
012c6db2d3 - dnsbl, count_unrec_commands, spamassassin:
use symbolic log levels, instead of numeric
- dnsbl:  set some (probably too large) timeouts
- count_unrec_commands: DENYHARD
- spamassassin: upgrade protocol to support switching users


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@349 958fd67b-6ff1-0310-b445-bb7760255be9
2004-11-27 07:02:23 +00:00
John Peacock
af03c53512 plugins/spamassassin
New option to strip/rename/keep old X-Spam headers (Michael Holzt)


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@335 958fd67b-6ff1-0310-b445-bb7760255be9
2004-10-13 01:52:35 +00:00
John Peacock
8ea1b6b06c * plugins/check_basicheaders
Refuse messages that lack basic headers per RFC-2822
     (Jim Winstead)
     modified by John Peacock to block null messages, too


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@333 958fd67b-6ff1-0310-b445-bb7760255be9
2004-09-25 11:40:43 +00:00
John Peacock
479750aa03 * plugins/spamassassin
Revert changes to replace instead of add X-Spam headers


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@331 958fd67b-6ff1-0310-b445-bb7760255be9
2004-09-24 17:29:56 +00:00
John Peacock
9cd26b24c4 * spamassassin
Must replace any existing X-Spam headers with local score,
     rather than adding.  Don't care what other SA instances thought.
     (Michael Holzt)


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@330 958fd67b-6ff1-0310-b445-bb7760255be9
2004-09-24 15:17:07 +00:00
John Peacock
b5ef3d3add Couple of minor cleanups
*    lib/Qpsmtpd/Transaction.pm
     Forgot to nuke POD for deprecated relaying()

*    plugins/auth/auth_vpopmail_sql
     Log who actually AUTHenticated

*    plugins/virus/uvscan
     Don't need to unlink the file (Qpsmtpd will take care of it)
     Log the machine that did the actual Antivirus scanning


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@329 958fd67b-6ff1-0310-b445-bb7760255be9
2004-09-23 18:54:58 +00:00
John Peacock
f92e99bd9c * plugins/check_relay
*   plugins/rcpt_ok
    Split check_relay into two plugins

*   config/plugins
    Reorder plugins to take advantage of the new check_relay

*   lib/Qpsmtpd/Connection.pm
    Add support for relay_client() method

*   lib/Qpsmtpd/SMTP.pm
    Copy connection relay settings to transaction object when created

*   lib/Qpsmtpd/Auth.pm
    Use the connection->relay_client() instead of setting an env var


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@326 958fd67b-6ff1-0310-b445-bb7760255be9
2004-09-22 16:01:16 +00:00
Matt Sergeant
31eed901be Moved to the attic
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@324 958fd67b-6ff1-0310-b445-bb7760255be9
2004-09-21 18:15:25 +00:00
Matt Sergeant
1b977fbb5e Checking in last version before deleting it :-)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@323 958fd67b-6ff1-0310-b445-bb7760255be9
2004-09-21 18:14:53 +00:00
Matt Sergeant
4b8b4793b6 Switch to connection object for relaying info
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@322 958fd67b-6ff1-0310-b445-bb7760255be9
2004-09-20 17:31:26 +00:00
Matt Sergeant
c341ff0d0f Initial stab at an outbound bounce_verp system.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@321 958fd67b-6ff1-0310-b445-bb7760255be9
2004-09-20 08:09:02 +00:00
Matt Sergeant
06563ad3a3 Support more of the milter functionality (header changes)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@318 958fd67b-6ff1-0310-b445-bb7760255be9
2004-09-16 10:44:47 +00:00
Robert Spier
56ee8641ec Two new plugins:
ident/geoip - lookup country of host
  ident/p0f   - use p0f to get type of source machine


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@289 958fd67b-6ff1-0310-b445-bb7760255be9
2004-08-29 07:47:25 +00:00
Devin Carraway
b48ae7c630 Incorporate suggestions and part of a patch from Mark Powell:
- Make the awkward silence at connection configurable (default still 1sec)
- Add an option to defer reaction to the HELO to the MAIL-FROM command
  instead, anticipating broken SMTP agents that don't gracefully handle
  disconnection after greeting.

Also made the specific response configurable (soft, hard, nothing).


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@284 958fd67b-6ff1-0310-b445-bb7760255be9
2004-08-01 07:08:07 +00:00
Ask Bjørn Hansen
0a77877ced Make the rhsbl plugin do DNS lookups in the background. (Mark Powell)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@282 958fd67b-6ff1-0310-b445-bb7760255be9
2004-08-01 01:54:16 +00:00