Apparently the format of vpopmaild responses has been expanded and the responses
are conditional.
* Replaced the 'sometimes works' eq comparison with a regexp that always works.
* added tests for all 3 vpopmail plugins
* added cram-md5 auth support to auth_vpopmaild.
The mail hook sets a transaction note 'temp_resolver_failed', but the
rcpt hook queried a connection note of the same name (which didn't
exist, of course).
Now it queries the transaction note.
We have to return something true, else the client gets an additional
451 Internal error - try again later - command 'helo' failed unexpectedly
after the plugin's ->respond() message.
Check recipients from a postfix style map. The valid return codes are of course
qpsmtpd constants. By storing the addresses in a %hash, this is much faster
for fixed addresses than using the rcpt_regexp plugin just with fixed strings.
This plugin handles only one domain per plugin instance. Use the :N suffix for
the plugin if you need several domains mapped.
The current postfix-queue plugin allows the administrator to set a
single path to a local postfix cleanup socket file from the plugin
'command line'. This adds a 'cleanup_sockets' configuration directive
that can contain a list of paths as well as host/port combinations
pointing to postfix cleanup services, which will be tried in the order
that they appear. Not yet tested.
This makes hook_reset_transaction a bit more useful by running it on
disconnections. It also ensures that hook_disconnect runs when the
client disconnects without QUITing.
Update Qpsmtpd::Connection::notes() and Qpsmtpd::Transaction::notes()
with clearer, more brief syntax. A previous patch used seemingly better
syntax, but did not evaluate the size of @_ in order to distinguish
between a call to notes('arg1',undef) and notes('arg1'). This corrects
this issue, and adds a comment to that effect.
switched default TLS security in config/tls_ciphers from HIGH to HIGH:!SSLv2. Added note for how to set the minimum level of security necessary for PCI compliance.
Signed-off-by: Robert <rspier@pobox.com>
based on..
From: Charlie Brady <charlieb-qpsmtpd@budge.apana.org.au>
Subject: rpm packaging bug - smtpd user created with shell not /bin/false
Date: Sat, 17 Jul 2010 18:17:49 -0400 (EDT)
Message-ID:
<Pine.LNX.4.64.1007171816230.19928@e-smith.charlieb.ott.istop.com>
http://bugs.contribs.org/show_bug.cgi?id=6025
if ! id smtpd >/dev/null 2>&1
then
# need to create smtpd user.
if perl -e 'exit ! defined(getgrnam("postdrop"))'
then
# if postfix is installed, we will probably use
# queue/postfix, which will need this:
supp="-G postdrop"
fi
useradd -r -m $supp smtpd
fi
qpsmtpd needs a user "smtpd", but should not create a home directory or
give access to a shell.
2. If the name doesn't end in a dot then append each item in the search list to the name.
This is only done if dnsrch is true.
triggered by..
From: Charlie Brady <charlieb-qpsmtpd@budge.apana.org.au>
Subject: [BUG] Default search path used in require_resolvable_fromhost
Date: Sat, 17 Jul 2010 16:24:42 -0400 (EDT)
Message-ID:
<Pine.LNX.4.64.1007171623040.17109@e-smith.charlieb.ott.istop.com>
http://bugs.contribs.org/show_bug.cgi?id=5808
Jesper Knudsen 2010-03-01 01:29:10 MST
When using the require_resolvable_fromhost plugin for qpsmtpd I noticed
that mails from user@localhost.localdomain was actually getting through
this filter. I finally found out that the plugin has a bug that causes it
to insert default search path if it cannot find the domain. This means in
my case that localhost.localdomain was then tried resolved as
localhost.localdomain.swerts-knudsen.dk and since I have a wilcard CNAME
was resolved as my public IP.
Since this plugin is only enabled for public interface the fix is to set
the "dnsrch" flag when creating the Net::DNS object.
In require_resolvable_fromhost:
my $res = Net::DNS::Resolver->new (
dnsrch => 0
);
added to MANIFEST
plugins/check_bogus_bounce
plugins/auth/auth_vpopmaild
t/plugin_tests/greylisting
added packaging to MANIFEST.SKIP
Signed-off-by: Robert <rspier@pobox.com>
- these changes are in the previous TCPLOCAL patch. Documented here.
added p0f config option
added POD docs to explain usage
modified $dbdir selection logic. The previous logic failed when QPHOME was
not selected (as is the case when tests are being run).
Added '.' as the dir of last resort for $dbdir selection (others $EMPTY/dir
dumped greylisting database in / )
- These changes are included in this patch -
Added t/plugin_tests/greylisting, with greylist logic testing (tests are
disabled by default, as greylisting is disabled in config.sample/plugins)
Added example entry in config.sample/plugins
Signed-off-by: Robert <rspier@pobox.com>
(updated patch against rspier/qpsmtpd)
The p0f plugin defaulted to binding to TCPLOCALIP, which doesn't work
when the mail server is running behind a firewall with a private IP. If
the local_ip option is set in the config file, it overrides TCPLOCALIP.
Added POD documentation for local_ip option and p0f general usage
Signed-off-by: Robert <rspier@pobox.com>
(patch remade against latest rspier/qpsmtpd)
added remote_port, local_ip, local_port, and local_host to $qp->connection, as the p0f plugin relies on it.
added notes to TcpServer.pm and the p0f plugin noting the dependence, and the lack of support for models other than tcpserver.
Signed-off-by: Robert <rspier@pobox.com>
rewrote the plugin using Mail::SPF, which is the replacement for Mail::SPF::Query (by the same author). The two plugins are mutually exclusive and SpamAssassin expects to have Mail::SPF available.
Signed-off-by: Robert <rspier@pobox.com>
added auth_vpopmail plugin, using the perl-vpopmail module
added VPOPMAIL auth methods description to docs/authentication
added SEE ALSO section to each module, noting the VPOPMAIL description
Signed-off-by: Robert <rspier@pobox.com>
updates to auth_vpopmail_sql module
- moved vpopmail database parameters into config files
- added LIMITATIONS section to POD, noting no support for alias domains
- renamed sub from authsql (too generic) to auth_vmysql
Signed-off-by: Robert <rspier@pobox.com>
The current status file, in git, has the following entry:
-plugin to reject mails from <> if it has multiple recipients.
I hereby submit my plugin to handle this case for possible inclusion,
under the same terms as the current qpsmtpd release.
The plugin is available here:
http://www.steve.org.uk/Software/qpsmtpd/check_bogus_bounce/
Please find patch against git head below, adding the file and removing
the TODO line from the status file.
Signed-off-by: Robert <rspier@pobox.com>
Minor fixups to the documentation:
* README + CREDITS:
We use git now, not subversion.
* README:
dns -> DNS
smtp -> SMTP
Steve
--
Let me steal your soul?
http://stolen-souls.com
Signed-off-by: Robert <rspier@pobox.com>
Jost Krieger pointed out that the documentation for the header check called
for a config_headers, but the code actually implemented scan_headers. Updated
to accept either. Also the condition for actually checking/skipping the
headers was inverted.
Also whitespace fixes.