Commit Graph

322 Commits

Author SHA1 Message Date
Matt Simerson
c3626f2123 in log entries, print hook name first
so log entries look like this:

86553 (connect) ident::geoip: US, United States
86553 (connect) ident::p0f: Windows 7 or 8
86553 (connect) check_earlytalker: remote host said nothing spontaneous, proceeding

instead of this:

86553 ident::geoip: (connect): US, United States
86553 ident::p0f: (connect) Windows 7 or 8
86553 check_earlytalker: (connect): remote host said nothing spontaneous, proceeding

Conflicts:

	plugins/logging/warn
2012-05-06 16:00:58 -07:00
Matt Simerson
6031e49da8 improved readability of default logging logic 2012-05-06 15:59:49 -07:00
Matt Simerson
2b1428af7e moved POD to top of file
all but 3 plugins have their POD at the top of the file. Bring these little lost sheep into the barn.
2012-05-06 15:46:51 -07:00
Pim van den Berg
8f7494f0cb spf: exit relayclients while loop when client_ip doesnt match
Checking an invalid address kept looping.
2012-04-30 22:20:00 -07:00
Pim van den Berg
2ef465e7aa spf: remove DENYSOFT on SPF softfail
With a DENYSOFT (450) the sender will keep trying to deliver the e-mail.
It makes no sense.

This commit also makes it compatible again with the plugin from before commit:
02912 [rewrote sender_permitted_from]
2012-04-30 22:19:54 -07:00
Ask Bjørn Hansen
a23d4b3da9 Fix 01-syntax test failures
Exclude some tests with dependencies.

Remove -T from perl line in plugins
This makes it harder to test with PERL5LIB/perlbrew etc
2012-04-29 01:36:01 -07:00
Matt Simerson
d8467d784b Made greylisting plugin log a little less by default 2012-04-29 00:44:02 -07:00
Matt Simerson
0084986115 refactored p0f plugin, added p0f v3 support 2012-04-29 00:41:15 -07:00
Matt Simerson
368ce9401b merged check_badmailfrom_patterns into check_badmailfrom 2012-04-29 00:40:02 -07:00
Matt Simerson
102e068297 added dspam plugin 2012-04-29 00:38:28 -07:00
Matt Simerson
318c9ed4f2 applied greylisting NFSLock patch
Issue #1 on Google issue tracker. The patch was 'accepted' by Ask in 2007, but never applied.
2012-04-29 00:32:52 -07:00
Matt Simerson
7c2e37ff20 added pod DESC to dont_require_anglebrackets 2012-04-29 00:25:19 -07:00
Matt Simerson
dbaa9dbd6c POD corrections, additional tests, plugin consistency
on files in plugins dir:
  fixed a number of POD errors

  formatted some # comments into POD

  removed bare 1;  (these are plugins, not perl modules)
    most instances of this were copy/pasted from a previous plugin that had it

  removed instances of # vim ts=N ...
    they weren't consistent, many didn't match .perltidyrc

  on modules that failed perl -c tests, added 'use Qpsmtpd::Constants;'

Conflicts:

	plugins/async/check_earlytalker
	plugins/async/dns_whitelist_soft
	plugins/async/dnsbl
	plugins/async/queue/smtp-forward
	plugins/async/require_resolvable_fromhost
	plugins/async/rhsbl
	plugins/async/uribl
	plugins/auth/auth_checkpassword
	plugins/auth/auth_cvm_unix_local
	plugins/auth/auth_flat_file
	plugins/auth/auth_ldap_bind
	plugins/auth/auth_vpopmail
	plugins/auth/auth_vpopmail_sql
	plugins/auth/authdeny
	plugins/check_badmailfromto
	plugins/check_badrcptto_patterns
	plugins/check_bogus_bounce
	plugins/check_earlytalker
	plugins/check_norelay
	plugins/check_spamhelo
	plugins/connection_time
	plugins/dns_whitelist_soft
	plugins/dnsbl
	plugins/domainkeys
	plugins/greylisting
	plugins/hosts_allow
	plugins/http_config
	plugins/logging/adaptive
	plugins/logging/apache
	plugins/logging/connection_id
	plugins/logging/transaction_id
	plugins/logging/warn
	plugins/milter
	plugins/queue/exim-bsmtp
	plugins/queue/maildir
	plugins/queue/postfix-queue
	plugins/queue/smtp-forward
	plugins/quit_fortune
	plugins/random_error
	plugins/rcpt_map
	plugins/rcpt_regexp
	plugins/relay_only
	plugins/require_resolvable_fromhost
	plugins/rhsbl
	plugins/sender_permitted_from
	plugins/spamassassin
	plugins/tls
	plugins/tls_cert
	plugins/uribl
	plugins/virus/aveclient
	plugins/virus/bitdefender
	plugins/virus/clamav
	plugins/virus/clamdscan
	plugins/virus/hbedv
	plugins/virus/kavscanner
	plugins/virus/klez_filter
	plugins/virus/sophie
	plugins/virus/uvscan
2012-04-29 00:00:10 -07:00
Robert
61de599c1b Normalize #! lines on all plugins
find . -type f | xargs -n1 perl -pi.bak -0777 -e '$want = "#!perl -Tw"; s/\A#!.*\n/$want\n/; s/\A([^#])/$want\n\1/s'
2012-04-28 20:41:31 -07:00
Matt Simerson
651ca986ff don't print GeoIP country if not defined
If we don't get a result from the lookup, all we know is that we didn't get a result. Maybe an error, maybe the IP not in the database.
2012-04-28 20:19:18 -07:00
Matt Simerson
821b182081 fixed spelling error, added spf code to notes 2012-04-28 20:15:36 -07:00
Matt Simerson
5dfc90acf3 fixed POD formatting 2012-04-28 20:13:24 -07:00
Matt Simerson
1701406f78 suppress log error when $user unset
test for and return earlier when a null sender is encountered.
Prevents using an undefined variable.
2012-04-28 20:08:17 -07:00
Matt Simerson
ed8eca0a63 fixed failing auths to auth/vpopmaild, added tests
Apparently the format of vpopmaild responses has been expanded and the responses
are conditional.

* Replaced the 'sometimes works' eq comparison with a regexp that always works.
* added tests for all 3 vpopmail plugins
* added cram-md5 auth support to auth_vpopmaild.
2012-04-07 17:52:44 -04:00
Matt Sergeant
5200244031 Fix STARTTLS vulnerability for async 2011-06-02 12:57:50 -04:00
Peter J. Holzer
b7668c0468 temp_resolver_failed is a transaction note
The mail hook sets a transaction note 'temp_resolver_failed', but the
 rcpt hook queried a connection note of the same name (which didn't
 exist, of course).
 Now it queries the transaction note.
2011-01-03 12:39:57 -08:00
Charlie Brady
24d09fa4a9 Patch: FATAL PLUGIN ERROR [check_basicheaders]: ...
check_basicheaders fails if there are no headers at all:

http://bugs.contribs.org/show_bug.cgi?id=6345
2010-11-13 18:04:02 -08:00
Hanno Hecker
f9399950f3 plugins/rcpt_map cleanup
* enforce having a "domain" parameter
* unique default message (missing dot added)
2010-09-17 15:25:19 +08:00
Hanno Hecker
7bfad42ac9 new plugin rcpt_map
Check recipients from a postfix style map. The valid return codes are of course
qpsmtpd constants. By storing the addresses in a %hash, this is much faster
for fixed addresses than using the rcpt_regexp plugin just with fixed strings.
This plugin handles only one domain per plugin instance. Use the :N suffix for
the plugin if you need several domains mapped.
2010-09-17 15:25:18 +08:00
jaredj
295474503f Add support for multiple postfix cleanup sockets
The current postfix-queue plugin allows the administrator to set a
single path to a local postfix cleanup socket file from the plugin
'command line'.  This adds a 'cleanup_sockets' configuration directive
that can contain a list of paths as well as host/port combinations
pointing to postfix cleanup services, which will be tried in the order
that they appear.  Not yet tested.
2010-09-15 14:32:54 +08:00
Matt Simerson
d0c9b7cbe5 corrected email address 2010-07-25 22:31:19 -07:00
Robert
803a320127 ignore search path in DNS lookups
2.  If the name doesn't end in a dot then append each item in the search list to the name.
           This is only done if dnsrch is true.

triggered by..

From: Charlie Brady <charlieb-qpsmtpd@budge.apana.org.au>
Subject: [BUG] Default search path used in require_resolvable_fromhost
Date: Sat, 17 Jul 2010 16:24:42 -0400 (EDT)
Message-ID:
 <Pine.LNX.4.64.1007171623040.17109@e-smith.charlieb.ott.istop.com>

http://bugs.contribs.org/show_bug.cgi?id=5808

 Jesper Knudsen      2010-03-01 01:29:10 MST

When using the require_resolvable_fromhost plugin for qpsmtpd I noticed
that mails from user@localhost.localdomain was actually getting through
this filter. I finally found out that the plugin has a bug that causes it
to insert default search path if it cannot find the domain. This means in
my case that localhost.localdomain was then tried resolved as
localhost.localdomain.swerts-knudsen.dk and since I have a wilcard CNAME
was resolved as my public IP.

Since this plugin is only enabled for public interface the fix is to set
the "dnsrch" flag when creating the Net::DNS object.

In require_resolvable_fromhost:
my $res = Net::DNS::Resolver->new (
                                   dnsrch => 0
                                   );
2010-07-25 21:47:25 -07:00
Johan Almqvist
e2ee6f13e5 new plugin check_badmailfrom_patterns
Signed-off-by: Robert <rspier@pobox.com>
2010-07-11 17:29:24 -07:00
Robin Bowes
0d2b724b93 Check for the exact string resonses from vpopmaild rather than using regexes 2010-05-12 23:25:09 -07:00
Matt Simerson
cc2d8ccca6 added local_ip option to p0f plugin
(updated patch against rspier/qpsmtpd)

The p0f plugin defaulted to binding to TCPLOCALIP, which doesn't work
when the mail server is running behind a firewall with a private IP. If
the local_ip option is set in the config file, it overrides TCPLOCALIP.

Added POD documentation for local_ip option and p0f general usage

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:16:56 -07:00
Matt Simerson
671a6953b0 add TCPLOCAL* variables to $qp->connection
(patch remade against latest rspier/qpsmtpd)

added remote_port, local_ip, local_port, and local_host to $qp->connection, as the p0f plugin relies on it.
added notes to TcpServer.pm and the p0f plugin noting the dependence, and the lack of support for models other than tcpserver.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:15:57 -07:00
Matt Simerson
0291260284 rewrote sender_permitted_from
rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author).  The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:13:13 -07:00
Matt Simerson
b1c3d2f333 added auth_vpopmail plugin
added auth_vpopmail plugin, using the perl-vpopmail module
added VPOPMAIL auth methods description to docs/authentication
added SEE ALSO section to each module, noting the VPOPMAIL description

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:11:42 -07:00
Matt Simerson
8b892c33ad fix copy/paste error in auth_flat_file
correct copy/paste error, where auth_flat_file methods were named authsql in auth_flat plugin

Signed-off-by: Robert <rspier@pobox.com>
2010-05-11 21:08:50 -07:00
Robin Bowes
febdb001c6 new plugin auth_vpopmaild
Signed-off-by: Robert <rspier@pobox.com>
2010-05-10 21:02:46 -07:00
Matt Simerson
0ae24edc55 updates to auth_vpopmail_sql module
updates to auth_vpopmail_sql module
 - moved vpopmail database parameters into config files
 - added LIMITATIONS section to POD, noting no support for alias domains
 - renamed sub from authsql (too generic) to auth_vmysql

Signed-off-by: Robert <rspier@pobox.com>
2010-05-10 20:51:14 -07:00
Matt Simerson
fbbf43ad15 added auth_checkpassword plugin
New and improved!
With POD! (because JP said so: http://www.nntp.perl.org/group/perl.qpsmtpd/2005/06/msg3145.html)
Includes usage notes and a perl script useful for diagnosing a checkpassword program.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-10 20:50:43 -07:00
Matt Simerson
e8cb1c3e94 added definedness test to $local_port as it was emitting errors to to not being defined. My previous commit to TcpServer.pm fixed that problem.
Signed-off-by: Robert <rspier@pobox.com>
2010-05-09 23:28:15 -07:00
Matt Simerson
5f81fd7925 remove vestiges of a bygone RCS 2010-05-09 23:22:13 -07:00
Robert
e37f14b9a6 microoptimizations - replace regex with lc eq 2010-05-09 22:45:59 -07:00
Steve Kemp
1002d0dd56 new plugin - check_bogus_bounce
The current status file, in git, has the following entry:

  -plugin to reject mails from <> if it has multiple recipients.

  I hereby submit my plugin to handle this case for possible inclusion,
 under the same terms as the current qpsmtpd release.

  The plugin is available here:

    http://www.steve.org.uk/Software/qpsmtpd/check_bogus_bounce/

  Please find patch against git head below, adding the file and removing
 the TODO line from the status file.

Signed-off-by: Robert <rspier@pobox.com>
2010-05-09 22:37:13 -07:00
Matt Simerson
68ecedd1ac added ClamAV version to the X-Virus-Checked header
Signed-off-by: Robert <rspier@pobox.com>
2010-05-04 14:23:03 -07:00
Devin Carraway
73eb9012bd Header check config/logical-inversion fix
Jost Krieger pointed out that the documentation for the header check called
for a config_headers, but the code actually implemented scan_headers.  Updated
to accept either.  Also the condition for actually checking/skipping the
headers was inverted.

Also whitespace fixes.
2010-02-20 11:31:36 -08:00
lnedry
3e36ab55af Moved DENYSOFT for temp_resolver_failed to the RCPT TO hook. 2010-02-13 16:29:56 -07:00
Devin Carraway
3889821d16 Use BSMTP response code; misc cleanups
Exim's BSMTP interface will indicate the SMTP response to the exchange;
actually use it rather than assuming all errors are 400-class soft ones.

Tolerate $transaction->header returning undef (since it evidently can under
some conditions).

Convert a few errant tabs to spaces.

Fix vi modeline.

Signed-off-by: Robert <rspier@pobox.com>
2009-12-23 00:02:04 -08:00
Ask Bjørn Hansen
59da4e4944 Fix typo in default clamav configuration name 2009-11-04 22:36:07 -08:00
Robert
b72c4b0b86 Add config example 2009-11-04 21:44:43 -08:00
Robert
de3fbb565f Rename spamsubjectprefix to subject_prefix. Add docs. 2009-11-04 21:43:38 -08:00
Jonathan Martens
48d1a5b9fe Custom spam tag subject munging in spamassasin plugin
Hi all!

I have written a patch to allow the spamassasin plugin to have a custom
spam tag read in from a configuration file as opposed to the default ***
SPAM *** that is hard coded.

When the configuration file (spamsubjectprefix) is not defined or empty
the default value still applies, if it is provided the value from the
configuration file is used.

Any change this can be considered for implementation as we would really
like to have it for SME Server.

Kind regards,

Jonathan

Signed-off-by: Robert <rspier@pobox.com>
2009-11-04 21:38:57 -08:00
Hinrik Örn Sigurðsson
a5ecd41e72 Allow hyphens in the 1st argument to queue/maildir
This is to allow some perfectly reasonable path names like
/var/spool/qpsmtpd-maildir, etc.
2009-09-15 17:24:34 +00:00