Commit Graph

18 Commits

Author SHA1 Message Date
Matt Simerson
983dc82203 confine duplicate Auth log entry to LOGDEBUG 2012-05-06 16:12:20 -07:00
Rick
7de104bf66 AUTH PLAIN bug with qpsmtpd and alpine
Trying to get SMTP auth working with alpine, I came across a bug.
Alpine sends AUTH PLAIN and waits for a 334 response, then sends the
auth string. According to the RFC, the server should reply with 334
and a nothing else, but in Auth.pm qpsmtpd responds with "334 Please
continue."   the "Please continue" is interpreted as a non-zero
length initial challenge which causes alpine (and maybe other
clients?) to abort the session.

Signed-off-by: Charlie Brady <charlieb@budge.apana.org.au>
Signed-off-by: Robert <rspier@pobox.com>
2009-12-24 20:36:51 -08:00
Steve Kemp
d066479a77 PATCH: Spelling fixups
According to my dictionary "Authentification" is not a real word.

Signed-off-by: Robert <rspier@pobox.com>
2009-10-17 23:38:57 -07:00
Jeff King
e4cb191047 Don't do printf interpolation on config('me')
The code feeds the results of $session->config('me') to
sprintf as part of the format string. In practice, this is
probably not a problem since hostnames don't contain percent
signs. However, it triggers a taint warning in perl 5.10,
making cram-md5 auth unusable.

This patch rewrites the sprintf to insert the 'me' value
using a %s format specifier.
2009-01-05 06:34:59 +00:00
John Peacock
d218bfea82 Correctly handle the case where a given AUTH mechanism is requested by a
[stupid] MUA, but isn't implemented with existing auth plugins.  Based on
patch from Brian Szymanski.

git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@660 958fd67b-6ff1-0310-b445-bb7760255be9
2006-09-22 15:31:28 +00:00
John Peacock
508be70d26 ne is for strings, != is for numbers (Leonardo Helman)
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@636 958fd67b-6ff1-0310-b445-bb7760255be9
2006-04-26 15:31:03 +00:00
John Peacock
af93447e78 Redo AUTH PLAIN and AUTH LOGIN correctly(?) this time. (Michael Holzt)
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@634 958fd67b-6ff1-0310-b445-bb7760255be9
2006-04-24 15:48:24 +00:00
John Peacock
ff4e92bb4e Resolve ticket #38806 (Inadequate validation of authentication data)
Charlie Brady.

git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@633 958fd67b-6ff1-0310-b445-bb7760255be9
2006-04-07 19:21:10 +00:00
John Peacock
7c6cbdd000 Move the Qpsmtpd::Auth POD to a top-level README to be more obvious.
git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@632 958fd67b-6ff1-0310-b445-bb7760255be9
2006-04-07 19:06:39 +00:00
John Peacock
6f145149ae Apparently, I never tested TLS and AUTH at the same time. It turns out
that you have to explicitely read from <STDIN> in order for IO::Socket::SSL
to correctly translate the data (i.e. reading from <> isn't sufficient).

git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@612 958fd67b-6ff1-0310-b445-bb7760255be9
2006-02-07 02:03:00 +00:00
John Peacock
5959cc1c32 * lib/Qpsmtpd/Auth.pm
lib/Qpsmtpd/SMTP.pm
    Take the AUTH method and put it in SMTP.pm where it belongs.

* lib/Qpsmtpd.pm
  lib/Qpsmtpd/Plugin.pm
    Expose the auth_user/auth_mechanism property to plugin writers.

git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.31@556 958fd67b-6ff1-0310-b445-bb7760255be9
2005-10-31 17:12:37 +00:00
John Peacock
58ded6369d * lib/Qpsmtpd/Auth.pm
Fix some totally egregious spelling errors
 
 *  plugins/auth/auth_ldap_bind
    New plugin to authenticate against an LDAP database
    Thanks to Elliot Foster <elliotf@gratuitous.net>


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@404 958fd67b-6ff1-0310-b445-bb7760255be9
2005-04-12 19:59:52 +00:00
John Peacock
c840a1d04f Changes by jpeacock@cpan.org (John Peacock)
o plugins/check_badmailfromto
    - New plugin in the style of check_badmailfrom, which matches a pair
      of FROM/TO and makes it seem like the recipient's address no longer
      exists (but only from the matching sender's point of view).  Useful
      for stalkers and other harassment cases.

o plugins/dns_whitelist_soft
    - New plugin to provide a DNS-based whitelist (good for distributed
      sites).

o various files
    - Replaced tab character with 8 spaces and adjusted line breaks for
      better readability.

Changes by mct@toren.net (Michael C. Toren)

o lib/Qpsmtpd/SMTP.pm

    - Assumes a MAIL FROM value of "<#@[]>" (utilized by qmail to
      indicate a null sender when generating a doublebounce message)
      is equivalent to "<>".  Previously qpsmtpd complained that the
      value could not be parsed.

    - Adds LOGIN to the default list of supported auth mechanisms.
      The documentation in Auth.pm indicated that auth-login was not
      currently supported due to lack of functionality, however I can
      confirm that LOGIN appears to work fine as tested by using msmtp
      (http://msmtp.sourceforge.net/).  Are there any indications that
      LOGIN support is actually broken in the current implementation?

    - Removes the "X-Qpsmtpd-Auth: True" header appended when a message
      has been sent by an authenticated user.  One problem with such a
      header is that it's impossible to say which SMTP hop added it,
      and it provides no information which could be used to backtrack
      the transaction.  I grepped through my mail archives a bit
      looking for how other MTAs handled the problem, and decided it
      would be best to place this information in the Received: header:

        Received: from remotehost (HELO remotehost) (192.168.42.42)
          (smtp-auth username foo, mechanism cram-md5)
          by mail.netisland.net (qpsmtpd/0.28) with ESMTP; <date>


o lib/Qpsmtpd/Auth.pm:

    - Documentation update for the arguments passed to an auth
      handler; previously the $mechanism argument was not mentioned,
      which threw off the argument offsets.

    - Documentation update for auth-login removing the warning
      that auth-login is not currently supported due to lack of
      functionality.

    - Fix to execute a generic auth hook when a more specific
      auth-$mechanism hook does not exist.  (Previously posted
      to the list last week.)

    - Upon authentication, sets $session->{_auth_user} and
      $session->{_auth_mechanism} so that SMTP.pm can include them
      in the Received: header.


o plugins/queue/qmail-queue

    - Added a timestamp and the qmail-queue qp identifier to the
      "Queued!" 250 message, for compatibility with qmail-smtpd, which
      can be very useful for tracking message delivery from machine to
      machine.  For example, the new 250 message might be:

        250 Queued! 1105927468 qp 3210 <1105927457@netisland.net>

      qmail-smtpd returns:

        250 ok 1106546213 qp 7129

      Additionally, for consistency angle brackets are placed around
      the Message-ID displayed in the 250 if they were missing in the
      message header.


o plugins/check_badmailfrom:

    - Changed the error message from "Mail from $bad not accepted
      here" to "sorry, your envelope sender is in my badmailfrom
      list", for compatibility with qmail-smtpd.  I didn't see any
      reason to share with the sender the value of $bad, especially
      for situations where the sender was rejected resulting from a
      wildcard.


o plugins/check_earlytalker:
o plugins/require_resolvable_fromhost:

    - No longer checks for earlytalkers or resolvable senders if the
      connection note "whitelistclient" is set, which is nice for
      helping backup MX hosts empty their queue faster.


o plugins/count_unrecognized_commands:

    - Return code changed from DENY_DISCONNECT, which isn't valid in
      an unrecognized_command hook, to DENY, which in this context
      drops the connection anyway.  (Previously posted to the list
      last week.)


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@356 958fd67b-6ff1-0310-b445-bb7760255be9
2005-01-28 03:30:50 +00:00
John Peacock
03455aff9a Add username for AUTH success/failure log entry
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@328 958fd67b-6ff1-0310-b445-bb7760255be9
2004-09-23 16:14:56 +00:00
John Peacock
f92e99bd9c * plugins/check_relay
*   plugins/rcpt_ok
    Split check_relay into two plugins

*   config/plugins
    Reorder plugins to take advantage of the new check_relay

*   lib/Qpsmtpd/Connection.pm
    Add support for relay_client() method

*   lib/Qpsmtpd/SMTP.pm
    Copy connection relay settings to transaction object when created

*   lib/Qpsmtpd/Auth.pm
    Use the connection->relay_client() instead of setting an env var


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@326 958fd67b-6ff1-0310-b445-bb7760255be9
2004-09-22 16:01:16 +00:00
Matt Sergeant
a204827d0c Fix for AUTH PLAIN from Michael Holzt <kju@fqdn.org>
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@280 958fd67b-6ff1-0310-b445-bb7760255be9
2004-07-29 14:40:32 +00:00
Matt Sergeant
fd8fcde7c0 Don't allow AUTH under HELO (rfc 821) connections
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@258 958fd67b-6ff1-0310-b445-bb7760255be9
2004-07-05 09:24:59 +00:00
Matt Sergeant
011f44e11d Auth changes (John Peacock with minor modifications by baud)
git-svn-id: https://svn.perl.org/qpsmtpd/trunk@252 958fd67b-6ff1-0310-b445-bb7760255be9
2004-06-29 21:45:35 +00:00