rather than deferring until RCPT. This greatly improves efficiency, since most connections will get marked naughty much sooner, having run fewer tests.
consolidate the two data_post methods into one (more linear, simpler)
more informative log message
add new headers to top of headers (not bottom (consistent MTA behavior))
helo - validate a HELO message delivered from a connecting host.
Includes the following tests:
is_in_badhelo
invalid_localhost
is_plain_ip
is_address_literal [N.N.N.N]
is_forged_literal
is_not_fqdn
no_forward_dns
no_reverse_dns
no_matching_dns
in apr_*_handler subs, return DECLINED when connection is not available to read (like during tests)
added 23 tests
deprecate action argument
'action log' did nothing, better logging controls available with loglevel
'action deny' -> reject 1
'action denysoft' => reject 1 reject_type temp
POD
use head2 for config options (instead of over, item, back)
added loglevel section
updated for replacement of action with reject options
consolidated POD at top of file
added example options to reject_type POD head
added an example loglevel entry
consolidated DENY[SOFT|DISCONNECT] logic into get_reject_type
added tests for get_reject_type
the previous DK commit moved the 'use Mail::DomainKeys::*' stuff into an eval. The right idea, but tests still fail because I forgot to remove the bare 'use' lines.
added POD description of spfquery note
changed spf_deny -> reject (and offered 4 more options, see POD for reject)
backwards compatible with old config settings
replicates qmail-smtpd SPF patch behavior
improved logging (again)
uses a stringy eval 'use Mail::SPF' in the register sub. If missing, warn and log the error, and don't register any hooks. This is much nicer error than the current, "*** Remote host closed connection unexpectedly." broken mail server that results from enabling the SPF plugin without Mail::SPF installed.
background: I noticed I was deferring valid emails with the SPF plugin at 'spf_deny 1', and without changing the code, there wasn't a way to change how ~all records were handled. This provides that flexibility.
instead of a positional arguments, used named arguments (backwards compatible)
added a couple log message prefixes
removed some trailing whitespace
updated POD
minor changes to facilitate testing
improved error reporting of several failures
added p0f v2 compatibility to p0f v3 results: in addition to all the newer values, also report the old ones too.
These 3 auth plugins all have a data store they fetch the reference
password or hash from. They then match the attemped password or hash
against the reference. This consolidates the latter portion (validating
the password/hash) into Auth.pm.
* less duplicated code in the plugins.
* Pass validation consistently handled for these 3 plugins.
* less work to create new auth plugins
Also caches the CRAM-MD5 ticket. It could also cache user/pass info if
this was desirable.
fixed the vestiges of old plugin name 'denysoft_greylisting'
added ability to bypass greylisting based on geoip
deprecated 'mode [denysoft | testonly | off]
off wasn't useful
testonly & denysoft replaced by reject [ 0 | 1 ]
renamed DB from denysoft_greylist to greylist.dbm. Will use existing/legacy DB if present.
added DB pruning feature. Automatically prune the DB when qpsmtpd registers the plugin. Perhaps this should be a config option to enable?
added DB upgrade feature. Convert dotted quad IP addresses in DB to integers. Makes greylisting IPv6 compatible, since DB records are colon delimited.
exempt TLS connections from greylisting. The vast majority (perhaps all) of the SMTP clients that request encryption to my server are legit. We could add a config option for this, but this plugin already has a multitude of config options.
refactored much of the greylisting method into discreet subs
added 30 tests
added additional DEBUG level logging for p0f matches
POD changes:
replaced over, item N, back, with head2 (better formatted output)
better describe the current behavior of the plugin (some past behaviors no longer exist)
added TRIPLET section with example
added loglevel section
had single positional argument for loglevel,
switched to named args which inherits the more flexible loglevel
shortened logging line
before: connection_time: Connection time from 66.118.151.187: 3.046 sec.
after: connection_time: 3.046 s.
removed auth method from return calls in all auth plugins. The caller knows the mechanism already. In the code, the difference looks like this:
before:
or return (DENY, "authcvm/$method");
after:
or return (DENY, "authcvm");
Added debug level log entries in auth_vpopmaild
Conflicts:
plugins/auth/auth_vpopmail_sql
expanded POD
cleaned up stray EOL spaces
added lots of logging, with standardized [ pass | fail | skip ] prefixes
added reject_type option
use split for parsing dspam headers
use SA note instead of parsing headers
added reject = agree option
store & fetch dspam results in a note
refactored into small subs with unit tests.
parse SA header with split instead of regexp (more reliable)
store SA results in a 'spamassassin' transaction note
add strict and warnings pragma
renamed reject_threshold -> reject (backwards compatible)
added relayclient skip option and POD. Skips SA processing when relayclient is set
added MULTIPLE RECIPIENT BEHAVIOR topic to POD
unit tests for new methods are in t/auth.t
added PLAIN and LOGIN tests in auth_flat_file
Most tests are disabled unless an interactive terminal is detected and $ENV{QPSMTPD_DEVELOPER} is set.
backwards compatible with previous warn_only option.
added additional logging
refactored out a couple new subs.
minor changes: added strictures, warnings, moved 'use' statements to top of code
so log entries look like this:
86553 (connect) ident::geoip: US, United States
86553 (connect) ident::p0f: Windows 7 or 8
86553 (connect) check_earlytalker: remote host said nothing spontaneous, proceeding
instead of this:
86553 ident::geoip: (connect): US, United States
86553 ident::p0f: (connect) Windows 7 or 8
86553 check_earlytalker: (connect): remote host said nothing spontaneous, proceeding
Conflicts:
plugins/logging/warn
With a DENYSOFT (450) the sender will keep trying to deliver the e-mail.
It makes no sense.
This commit also makes it compatible again with the plugin from before commit:
02912 [rewrote sender_permitted_from]
on files in plugins dir:
fixed a number of POD errors
formatted some # comments into POD
removed bare 1; (these are plugins, not perl modules)
most instances of this were copy/pasted from a previous plugin that had it
removed instances of # vim ts=N ...
they weren't consistent, many didn't match .perltidyrc
on modules that failed perl -c tests, added 'use Qpsmtpd::Constants;'
Conflicts:
plugins/async/check_earlytalker
plugins/async/dns_whitelist_soft
plugins/async/dnsbl
plugins/async/queue/smtp-forward
plugins/async/require_resolvable_fromhost
plugins/async/rhsbl
plugins/async/uribl
plugins/auth/auth_checkpassword
plugins/auth/auth_cvm_unix_local
plugins/auth/auth_flat_file
plugins/auth/auth_ldap_bind
plugins/auth/auth_vpopmail
plugins/auth/auth_vpopmail_sql
plugins/auth/authdeny
plugins/check_badmailfromto
plugins/check_badrcptto_patterns
plugins/check_bogus_bounce
plugins/check_earlytalker
plugins/check_norelay
plugins/check_spamhelo
plugins/connection_time
plugins/dns_whitelist_soft
plugins/dnsbl
plugins/domainkeys
plugins/greylisting
plugins/hosts_allow
plugins/http_config
plugins/logging/adaptive
plugins/logging/apache
plugins/logging/connection_id
plugins/logging/transaction_id
plugins/logging/warn
plugins/milter
plugins/queue/exim-bsmtp
plugins/queue/maildir
plugins/queue/postfix-queue
plugins/queue/smtp-forward
plugins/quit_fortune
plugins/random_error
plugins/rcpt_map
plugins/rcpt_regexp
plugins/relay_only
plugins/require_resolvable_fromhost
plugins/rhsbl
plugins/sender_permitted_from
plugins/spamassassin
plugins/tls
plugins/tls_cert
plugins/uribl
plugins/virus/aveclient
plugins/virus/bitdefender
plugins/virus/clamav
plugins/virus/clamdscan
plugins/virus/hbedv
plugins/virus/kavscanner
plugins/virus/klez_filter
plugins/virus/sophie
plugins/virus/uvscan
Apparently the format of vpopmaild responses has been expanded and the responses
are conditional.
* Replaced the 'sometimes works' eq comparison with a regexp that always works.
* added tests for all 3 vpopmail plugins
* added cram-md5 auth support to auth_vpopmaild.
The mail hook sets a transaction note 'temp_resolver_failed', but the
rcpt hook queried a connection note of the same name (which didn't
exist, of course).
Now it queries the transaction note.
Check recipients from a postfix style map. The valid return codes are of course
qpsmtpd constants. By storing the addresses in a %hash, this is much faster
for fixed addresses than using the rcpt_regexp plugin just with fixed strings.
This plugin handles only one domain per plugin instance. Use the :N suffix for
the plugin if you need several domains mapped.
The current postfix-queue plugin allows the administrator to set a
single path to a local postfix cleanup socket file from the plugin
'command line'. This adds a 'cleanup_sockets' configuration directive
that can contain a list of paths as well as host/port combinations
pointing to postfix cleanup services, which will be tried in the order
that they appear. Not yet tested.
2. If the name doesn't end in a dot then append each item in the search list to the name.
This is only done if dnsrch is true.
triggered by..
From: Charlie Brady <charlieb-qpsmtpd@budge.apana.org.au>
Subject: [BUG] Default search path used in require_resolvable_fromhost
Date: Sat, 17 Jul 2010 16:24:42 -0400 (EDT)
Message-ID:
<Pine.LNX.4.64.1007171623040.17109@e-smith.charlieb.ott.istop.com>
http://bugs.contribs.org/show_bug.cgi?id=5808
Jesper Knudsen 2010-03-01 01:29:10 MST
When using the require_resolvable_fromhost plugin for qpsmtpd I noticed
that mails from user@localhost.localdomain was actually getting through
this filter. I finally found out that the plugin has a bug that causes it
to insert default search path if it cannot find the domain. This means in
my case that localhost.localdomain was then tried resolved as
localhost.localdomain.swerts-knudsen.dk and since I have a wilcard CNAME
was resolved as my public IP.
Since this plugin is only enabled for public interface the fix is to set
the "dnsrch" flag when creating the Net::DNS object.
In require_resolvable_fromhost:
my $res = Net::DNS::Resolver->new (
dnsrch => 0
);
(updated patch against rspier/qpsmtpd)
The p0f plugin defaulted to binding to TCPLOCALIP, which doesn't work
when the mail server is running behind a firewall with a private IP. If
the local_ip option is set in the config file, it overrides TCPLOCALIP.
Added POD documentation for local_ip option and p0f general usage
Signed-off-by: Robert <rspier@pobox.com>
(patch remade against latest rspier/qpsmtpd)
added remote_port, local_ip, local_port, and local_host to $qp->connection, as the p0f plugin relies on it.
added notes to TcpServer.pm and the p0f plugin noting the dependence, and the lack of support for models other than tcpserver.
Signed-off-by: Robert <rspier@pobox.com>
rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available.
Signed-off-by: Robert <rspier@pobox.com>
added auth_vpopmail plugin, using the perl-vpopmail module
added VPOPMAIL auth methods description to docs/authentication
added SEE ALSO section to each module, noting the VPOPMAIL description
Signed-off-by: Robert <rspier@pobox.com>
updates to auth_vpopmail_sql module
- moved vpopmail database parameters into config files
- added LIMITATIONS section to POD, noting no support for alias domains
- renamed sub from authsql (too generic) to auth_vmysql
Signed-off-by: Robert <rspier@pobox.com>
The current status file, in git, has the following entry:
-plugin to reject mails from <> if it has multiple recipients.
I hereby submit my plugin to handle this case for possible inclusion,
under the same terms as the current qpsmtpd release.
The plugin is available here:
http://www.steve.org.uk/Software/qpsmtpd/check_bogus_bounce/
Please find patch against git head below, adding the file and removing
the TODO line from the status file.
Signed-off-by: Robert <rspier@pobox.com>
Jost Krieger pointed out that the documentation for the header check called
for a config_headers, but the code actually implemented scan_headers. Updated
to accept either. Also the condition for actually checking/skipping the
headers was inverted.
Also whitespace fixes.
Exim's BSMTP interface will indicate the SMTP response to the exchange;
actually use it rather than assuming all errors are 400-class soft ones.
Tolerate $transaction->header returning undef (since it evidently can under
some conditions).
Convert a few errant tabs to spaces.
Fix vi modeline.
Signed-off-by: Robert <rspier@pobox.com>
Hi all!
I have written a patch to allow the spamassasin plugin to have a custom
spam tag read in from a configuration file as opposed to the default ***
SPAM *** that is hard coded.
When the configuration file (spamsubjectprefix) is not defined or empty
the default value still applies, if it is provided the value from the
configuration file is used.
Any change this can be considered for implementation as we would really
like to have it for SME Server.
Kind regards,
Jonathan
Signed-off-by: Robert <rspier@pobox.com>
Tomas Lee <j533xdbjwfgdbsv@jetable.net> pointed out that
cab7466c08 broke the default badmailfrom
reason.
This fixes that functionality and simplifies the code a little.
QP's connection to spamd unnecessarily persists beyond the run of the
spamassassin plugin itself. This closes the socket as soon as we're
finished using it.
Signed-off-by: Ask Bjørn Hansen <ask@develooper.com>
from Tom Callahan <anomaly@abducted.us>
(reformatted by Robert)
Signed-off-by: Robert <rspier@pobox.com>
Signed-off-by: Ask Bjørn Hansen <ask@develooper.com>
import plugins/connection_time from SVN's contrib. Changes:
* perltidy run
* add one optional parameter: log level of the message, defaults
to LOGNOTICE (same as in SVN)
* updated docs
* use magic hooking with hook_rcpt
* add note about regexes being eval()ed => trusted users only
Signed-off-by: Ask Bjørn Hansen <ask@develooper.com>
plugins/virus/kavscanner calls $transaction->add_recipient($_->address)
on a list of Mail::Address objects, but add_recipient() clearly
documents that it takes Qpsmtpd::Address (or compatible) objects, not
strings. This is a bit of a drive-by fix inspired by a grep through the
codebase for calls to add_recipient().
non-premium customers or something like that such as (3) annoying your
customers, if you are in a position to actually want to do that
Signed-off-by: Robert <rspier@pobox.com>
Can't call method "close" on an undefined value at
/usr/share/perl5/IO/Socket/SSL.pm line 780.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@937 958fd67b-6ff1-0310-b445-bb7760255be9
the MX lookups and, only if they return nothing, make the A lookups.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@880 958fd67b-6ff1-0310-b445-bb7760255be9
Fix to prevent run_continuation being incorrectly called
(both Radu Greab)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@857 958fd67b-6ff1-0310-b445-bb7760255be9
... now check_earlytalker can be expanded to VRFY and NOOP (see RFC 1854, #2.1)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@836 958fd67b-6ff1-0310-b445-bb7760255be9
- add back in after 0.42 is out? if yes: start implementing in -prefork
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@809 958fd67b-6ff1-0310-b445-bb7760255be9
Add _auth field to PollServer.
Make sure that check_earlytalker works with PollServer.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@711 958fd67b-6ff1-0310-b445-bb7760255be9
Qpsmtpd::Plugins for more info. This can be used to disable (and re-
enable) loaded plugins for the current connection.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@700 958fd67b-6ff1-0310-b445-bb7760255be9
domain names we queried.
See the thread "dnsbl or spamhaus occassionally blocks wrong IP"
starting at 14 Mar 2006 for details.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@683 958fd67b-6ff1-0310-b445-bb7760255be9
Sender: but does not resign message or strip DomainKeys-Signature. Add
config option to prevent badly signed message from being DENY'd.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@654 958fd67b-6ff1-0310-b445-bb7760255be9
mandate signing by policy for the moment).
Change variables to use actual English words as names (instead of disemvoweled
or truncated variants).
Tweak Copyright notice to be current.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@652 958fd67b-6ff1-0310-b445-bb7760255be9
Enhance the spamassassin plugin to support connecting to a remote
spamd process (Kjetil Kjernsmo).
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@651 958fd67b-6ff1-0310-b445-bb7760255be9
Make the clamdscan plugin temporarily deny mail if if can't talk to clamd
(Filippo Carletti)
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@621 958fd67b-6ff1-0310-b445-bb7760255be9
From: gordonr@gormand.com.au
Subject: Re: Submitting plugins (was Re: New plugin: denybounce)
Date: January 24, 2006 9:02:35 PM PST
To: ask@develooper.com
Cc: gavin@openfusion.com.au, qpsmtpd@perl.org
Message-Id: <43D7066B.3050106@gormand.com.au>
Ask Bjørn Hansen wrote:
On Jan 24, 2006, at 1:08 PM, Gordon Rowell wrote:
- License statement - either as per qpsmtpd or as per Perl or similar open license
No, it really should be MIT licensed ("as per qpsmtpd") to go in the distribution.
There are a few exceptions (only your plugins at a cursory glance), but those are mistakes. :-)
I don't have an issue with my qpsmtpd plugins being changed to state:
=head1 AUTHOR
Copyright 2005 Gordon Rowell <gordonr@gormand.com.au>
This software is free software and may be distributed under the same
terms as qpsmtpd itself.
Though as a distro maintainer, we do have a sizeable issue with license proliferation. It really is a bit of a nightmare when two licenses are almost, but not completely, the same.
Thanks,
Gordon
r4216@g5: ask | 2006-01-24 23:12:21 -0800
merge license fix from trunk
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@603 958fd67b-6ff1-0310-b445-bb7760255be9
Patch by Hanno Hecker <hah@uu-x.de>.
Adds the RFC 1893 status codes to the messages which are returned to the
sending client.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@602 958fd67b-6ff1-0310-b445-bb7760255be9
By default no flags are set (old behaviour). Known flags for cleanup are
FLAG_FILTER, FLAG_BCC_OK and FLAG_MAP_OK, see POD for details.
Patch by: Hanno Hecker <hah@uu-x.de>
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@600 958fd67b-6ff1-0310-b445-bb7760255be9
* lib/Qpsmtpd/Connection.pm
Abstract out parameters which can be reused (e.g. TLS) or can be
set when creating the Connection object via start().
* plugins/tls
Simplify code to use $self->clone() construct and also suppress
IO::Socket::SSL debug noise, now that this is working.
* plugins/tls_cert
New file to automate creating self-signed certificates for TLS.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@597 958fd67b-6ff1-0310-b445-bb7760255be9
Use LOGNOTICE instead of LOGERROR when bailing early due to
non-multipart message.
Test clamd->ping() before scanning, and bail if it doesn't
answer (with an appropriate error).
Patch submitted by Dave Rolsky <autarch@urth.org>.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@583 958fd67b-6ff1-0310-b445-bb7760255be9
r588@jpeacock (orig r490): jpeacock | 2005-07-09 07:03:53 -0400
r547@jpeacock: jpeacock | 2005-07-02 07:20:17 -0400
Replace pithy comment with something more neutral.
Thanks Gordon Rowell <gordonr@gormand.com.au>
r548@jpeacock: jpeacock | 2005-07-02 07:24:21 -0400
Example patterns for badrcptto plugin - Gordon Rowell <gordonr@gormand.com.au>
r586@jpeacock: jpeacock | 2005-07-09 06:54:47 -0400
Don't use varlog() directly unless you are passing all parameters.
Don't try to log() anything during loading of logging plugins.
r587@jpeacock: jpeacock | 2005-07-09 06:59:57 -0400
Cannot use new-style hooking with logging plugins (yet).
r590@jpeacock (orig r491): jpeacock | 2005-07-10 06:56:55 -0400
r589@jpeacock: jpeacock | 2005-07-10 06:54:32 -0400
Track hooks as array and hash.
Re-revert changes to logging plugins to use new-style hooking.
logging/adaptive assumed that register() has been called before hook_logging.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.31@503 958fd67b-6ff1-0310-b445-bb7760255be9
The great plugin renaming in the name of inheritance and standardization commit.
1. new concept of standard hook_ names.
2. Plugin::init
3. renamed many subroutines in plugins (and cleaned up register subs)
4. updated README.plugins
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@479 958fd67b-6ff1-0310-b445-bb7760255be9
and save log lines <= min level. IIF a message is accepted for delivery,
then echo out the saved log lines (typically just FROM and TO) with the prefix
for multilog filtering into independent log files.
Update POD in logging/adaptive to describe changed behavior as well as give
an example log/run file to filter the messages accordingly.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@443 958fd67b-6ff1-0310-b445-bb7760255be9
Change plugins/dnsbl to permit AUTH'd or other relay clients even if IP
is on a blacklist.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@442 958fd67b-6ff1-0310-b445-bb7760255be9
Interfaces with Bruce Guenther's Credential Validation Module (CVM)
* plugins/auth/auth_cvm_unix_local
Only DENY if the credentials were accepted but incorrect (bad password?)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@432 958fd67b-6ff1-0310-b445-bb7760255be9
* plugins/check_badrcptto_patterns
Match bad RCPTO address with regex
* plugins/check_norelay
Carve out holes from larger relay blocks
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@431 958fd67b-6ff1-0310-b445-bb7760255be9
Create a single Qpsmtpd::TcpServer object in the parent process and
then rely on fork to let each child have it's own copy
* lib/Qpsmtpd/Plugin.pm
Add new pre-connection and post-connection hooks
* README.plugins
Document the above new hooks
* lib/Qpsmtpd.pm
No longer have local value for trace_level() the first time through, which
was masking the global value (due to stupid search/replace error).
Don't call log() from trace_level() since it is only ever called from
within the varlog() sub when no logging plugin is registered.
* plugins/dnsbl
Config line option to use DENY_DISCONNECT instead of DENY (since any IP
on a blacklist should not have a chance to send anything for now).
Add POD to document the new disconnect behavior
* lib/Qpsmtpd.pm
Compatibility changes so test files continue to work
* t/Test/Qpsmtpd.pm
Compatibility sub for core subs which call varlog() directly
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@428 958fd67b-6ff1-0310-b445-bb7760255be9
Fix some totally egregious spelling errors
* plugins/auth/auth_ldap_bind
New plugin to authenticate against an LDAP database
Thanks to Elliot Foster <elliotf@gratuitous.net>
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@404 958fd67b-6ff1-0310-b445-bb7760255be9
representation from the numeric (for logging purposes). Add new logging
plugin, logging/adaptive, which logs at different levels depending on
whether the message was accepted/rejected.
* lib/Qpsmtpd/Constants.pm
use hashes for storing return_codes and log_levels
export accessor methods to retrieve the text representations
* lib/Qpsmtpd.pm
Rename log_level() to trace_level() so as to not conflict with the same
name in Qpsmtpd::Constants.
Call return_code() to display the text form when logging
* plugins/logging/adaptive
Better documentation
Support named parameters and prefix
Call return_code() to display the text form when logging
* plugins/logging/warn
Include POD
* README.logging
First pass at documenting the logging plugin API
* config.sample/loglevel
New numbering scheme to map directly to syslog levels
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@401 958fd67b-6ff1-0310-b445-bb7760255be9
existing core code. Add OK hook.
* lib/Qpsmtpd.pm
(init_logger): replaced with log_level()
(load_logging): NEW - load logging plugins without calling log()
(log_level): NEW - set/get global $LogLevel scalar
(log): now just a wrapper for varlog(); called only by core code
(varlog): initializes logging if not already done, calls logging plugins
in turn and falls back to interal logging unless plugins OK or DECLINED
(_load_plugins): only display "Loading plugin" when actually loading one
(run_hooks): load logging plugins without calling log(); add OK hook as
else of the DENY* case
(spool_dir): use global $Spool_dir scalar to cache location
* lib/Qpsmtpd/Plugin.pm
(%hooks): add "logging" and "ok"
(register_hook): add local _hook to object cache
(log): call varlog() with additional parameters hook and plugin_name
except for logging hook
(compile): add accessor sub for local _hook scalar
* lib/Qpsmtpd/SMTP.pm
(mail, rcpt): change loglevel to LOGALERT instead of LOGWARN for from/to
* qpsmtpd-forkserver
(REAPER): use package ::log() instead of warn()
(main): defer calling log until $plugin_loader has been initialized
(log): call logging using the $plugin_loader object
* plugins/logging/warn
NEW: sample plugin which replicates the core logging functionality
* plugins/logging/devnull
NEW: sample plugin which logs nothing (for testing multiple logging
plugin functionality)
* config.sample/logging
sample configuration file for logging plugins
* plugins/virus/uvscan
plugins/virus/clamav
Increase loglevel for non-serious warnings to LOGWARN from LOGERROR
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@398 958fd67b-6ff1-0310-b445-bb7760255be9
Correctly support alternate domain socket
Remove a tab that crept in
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@383 958fd67b-6ff1-0310-b445-bb7760255be9
Remember (belatedly) to add changes here
* MANIFEST
Add all new files to this list
* plugins/virus/clamdscan
New AV plugin to directly communicate with clamd daemon
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@378 958fd67b-6ff1-0310-b445-bb7760255be9
Scan temporary file directly now that the spooled file includes the
entire message
* plugins/virus/bitdefender - John Peacock
plugins/virus/hbedv - Hanno Hecker
New AV plugins
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@377 958fd67b-6ff1-0310-b445-bb7760255be9
Reword the POD to explain exactly how to chmod the directories to get
clamdscan to work within the spool directory (Thanks to Robin Bowes)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@373 958fd67b-6ff1-0310-b445-bb7760255be9
Provide more documentation on using clamdscan
Provide back_compat option to eliminate warnings in log with old ClamAV
Use new $self->spool_dir() function instead of homebrew
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@371 958fd67b-6ff1-0310-b445-bb7760255be9
Handle case where pw_clear_passwd doesn't exists in vpopmail database
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@360 958fd67b-6ff1-0310-b445-bb7760255be9
o plugins/check_badmailfromto
- New plugin in the style of check_badmailfrom, which matches a pair
of FROM/TO and makes it seem like the recipient's address no longer
exists (but only from the matching sender's point of view). Useful
for stalkers and other harassment cases.
o plugins/dns_whitelist_soft
- New plugin to provide a DNS-based whitelist (good for distributed
sites).
o various files
- Replaced tab character with 8 spaces and adjusted line breaks for
better readability.
Changes by mct@toren.net (Michael C. Toren)
o lib/Qpsmtpd/SMTP.pm
- Assumes a MAIL FROM value of "<#@[]>" (utilized by qmail to
indicate a null sender when generating a doublebounce message)
is equivalent to "<>". Previously qpsmtpd complained that the
value could not be parsed.
- Adds LOGIN to the default list of supported auth mechanisms.
The documentation in Auth.pm indicated that auth-login was not
currently supported due to lack of functionality, however I can
confirm that LOGIN appears to work fine as tested by using msmtp
(http://msmtp.sourceforge.net/). Are there any indications that
LOGIN support is actually broken in the current implementation?
- Removes the "X-Qpsmtpd-Auth: True" header appended when a message
has been sent by an authenticated user. One problem with such a
header is that it's impossible to say which SMTP hop added it,
and it provides no information which could be used to backtrack
the transaction. I grepped through my mail archives a bit
looking for how other MTAs handled the problem, and decided it
would be best to place this information in the Received: header:
Received: from remotehost (HELO remotehost) (192.168.42.42)
(smtp-auth username foo, mechanism cram-md5)
by mail.netisland.net (qpsmtpd/0.28) with ESMTP; <date>
o lib/Qpsmtpd/Auth.pm:
- Documentation update for the arguments passed to an auth
handler; previously the $mechanism argument was not mentioned,
which threw off the argument offsets.
- Documentation update for auth-login removing the warning
that auth-login is not currently supported due to lack of
functionality.
- Fix to execute a generic auth hook when a more specific
auth-$mechanism hook does not exist. (Previously posted
to the list last week.)
- Upon authentication, sets $session->{_auth_user} and
$session->{_auth_mechanism} so that SMTP.pm can include them
in the Received: header.
o plugins/queue/qmail-queue
- Added a timestamp and the qmail-queue qp identifier to the
"Queued!" 250 message, for compatibility with qmail-smtpd, which
can be very useful for tracking message delivery from machine to
machine. For example, the new 250 message might be:
250 Queued! 1105927468 qp 3210 <1105927457@netisland.net>
qmail-smtpd returns:
250 ok 1106546213 qp 7129
Additionally, for consistency angle brackets are placed around
the Message-ID displayed in the 250 if they were missing in the
message header.
o plugins/check_badmailfrom:
- Changed the error message from "Mail from $bad not accepted
here" to "sorry, your envelope sender is in my badmailfrom
list", for compatibility with qmail-smtpd. I didn't see any
reason to share with the sender the value of $bad, especially
for situations where the sender was rejected resulting from a
wildcard.
o plugins/check_earlytalker:
o plugins/require_resolvable_fromhost:
- No longer checks for earlytalkers or resolvable senders if the
connection note "whitelistclient" is set, which is nice for
helping backup MX hosts empty their queue faster.
o plugins/count_unrecognized_commands:
- Return code changed from DENY_DISCONNECT, which isn't valid in
an unrecognized_command hook, to DENY, which in this context
drops the connection anyway. (Previously posted to the list
last week.)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@356 958fd67b-6ff1-0310-b445-bb7760255be9
Subject: SPF plugin: using it in practice (PATCH attached for CVS)
Date: Tue, 30 Nov 2004 11:35:30 +0000
Message-ID: <20041130113530.GA31737@leverton.org>
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@355 958fd67b-6ff1-0310-b445-bb7760255be9
use symbolic log levels, instead of numeric
- dnsbl: set some (probably too large) timeouts
- count_unrec_commands: DENYHARD
- spamassassin: upgrade protocol to support switching users
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@349 958fd67b-6ff1-0310-b445-bb7760255be9
New option to strip/rename/keep old X-Spam headers (Michael Holzt)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@335 958fd67b-6ff1-0310-b445-bb7760255be9
Refuse messages that lack basic headers per RFC-2822
(Jim Winstead)
modified by John Peacock to block null messages, too
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@333 958fd67b-6ff1-0310-b445-bb7760255be9
Must replace any existing X-Spam headers with local score,
rather than adding. Don't care what other SA instances thought.
(Michael Holzt)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@330 958fd67b-6ff1-0310-b445-bb7760255be9
* lib/Qpsmtpd/Transaction.pm
Forgot to nuke POD for deprecated relaying()
* plugins/auth/auth_vpopmail_sql
Log who actually AUTHenticated
* plugins/virus/uvscan
Don't need to unlink the file (Qpsmtpd will take care of it)
Log the machine that did the actual Antivirus scanning
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@329 958fd67b-6ff1-0310-b445-bb7760255be9
* plugins/rcpt_ok
Split check_relay into two plugins
* config/plugins
Reorder plugins to take advantage of the new check_relay
* lib/Qpsmtpd/Connection.pm
Add support for relay_client() method
* lib/Qpsmtpd/SMTP.pm
Copy connection relay settings to transaction object when created
* lib/Qpsmtpd/Auth.pm
Use the connection->relay_client() instead of setting an env var
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@326 958fd67b-6ff1-0310-b445-bb7760255be9
ident/geoip - lookup country of host
ident/p0f - use p0f to get type of source machine
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@289 958fd67b-6ff1-0310-b445-bb7760255be9
- Make the awkward silence at connection configurable (default still 1sec)
- Add an option to defer reaction to the HELO to the MAIL-FROM command
instead, anticipating broken SMTP agents that don't gracefully handle
disconnection after greeting.
Also made the specific response configurable (soft, hard, nothing).
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@284 958fd67b-6ff1-0310-b445-bb7760255be9
<knan at mo.himolde.no>)
make the maildir plugin record who the message was to (needs some improvements
still)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@277 958fd67b-6ff1-0310-b445-bb7760255be9
- name=value style configuration arguments (old format still supported)
- max_size for scan (default 512k)
- Pass messages to clamscan in mbox format to satisfy clamdscan
- Made detect action configurable (reject or add-header)
- Logging fixes
- POD
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@273 958fd67b-6ff1-0310-b445-bb7760255be9
To: qpsmtpd@perl.org
Subject: [PATCH] queue/smtp-forward doesn't use correct HELO string
Message-ID: <20040714143007.31047.qmail@onion.perl.org>
Date: Wed, 14 Jul 2004 10:30:24 -0400
The current version of Net::SMTP doesn't make any attempt to determine
the hostname of the current computer (not that I blame Graham for
that), so that all e-mails are sent out as from
"localhost.localdomain" unless an explicit Hello string is provided.
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@266 958fd67b-6ff1-0310-b445-bb7760255be9