byterazor/qpsmtpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,124 Commits 2 Branches 0 Tags 3.7 MiB
fafeaf40a0
Commit Graph

669 Commits

Author SHA1 Message Date
Matt Simerson
a4695cec8b geoip: added named array for invalid args 
so it passes Perl::Critic tests
 2013-12-18 00:02:07 -05:00
Matt Simerson
96dfb08d87 headers: added POD descripting each header 2013-12-18 00:00:52 -05:00
Matt Simerson
725a8d1960 dspam: remove hard coded default in train_ methods 2013-12-17 23:59:57 -05:00
Matt Simerson
c202d3ef69 dmarc integrated with Mail::DMARC 
reimplemented dmarc module to use Mail::DMARC
updated SPF plugin to save SPF results in dmarc_spf note
update dkim to store DKIM results in dkim_result & dkim_verifier notes
 2013-12-17 23:53:00 -05:00
Matt Simerson
4d489ea6ef tested and working Authentication-Results 
changed the method of saving results. Instead of appending to/from a header, plugins save results to a connection note.

Qpsmtpd::SMTP.pm has a new method that inserts the Authentication-Results header
The smtp-auth information has been removed from the Received header

Authentication-Results providing plugins have been updated to store results in connection note
 2013-08-05 15:05:38 -07:00
Matt Simerson
4ae16219bd added Authentication-Results header, with provider 
dkim, dmarc, fcrdns (iprev), spf, and smtp-auth
 2013-08-05 15:05:38 -07:00
Matt Simerson
4aa888dc6c headers: assign zeroes to avoid undef errors 2013-08-05 15:05:38 -07:00
Matt Simerson
247c5a2bea is_naughty is a setter now too 2013-08-05 15:05:38 -07:00
Matt Simerson
fbdee49965 raised default max msg size in clamdscan from 128k 
added max_size on config, so it's likely to get noticed, since even 1M is probably too low for most sites. This should likely default to the same as databytes?
 2013-08-05 15:05:38 -07:00
Matt Simerson
f7b00fa677 auth_vpopmaild: added taint checking to responses 2013-08-05 15:05:37 -07:00
Matt Simerson
b8229fbdbf dmarc: added subdomain policy handling 2013-08-05 15:05:37 -07:00
Matt Simerson
92fe1e899f rcpt_ok: do immunity checks earlier, so that 
disposition logs don't indicate failure for authenticated senders
 2013-08-05 15:05:37 -07:00
Matt Simerson
eccaf17d18 karma: limit rcpts to 1 for senders with neg karma 2013-08-05 15:05:36 -07:00
Matt Simerson
bbc6e895cc distinguish rejecting versus tolerated failures 2013-08-05 15:05:36 -07:00
Matt Simerson
3180c9da31 SPF: added more precise disposition logs, so that 
postprocess can determine if a SPF failure caused a rejection
 2013-08-05 15:05:36 -07:00
Matt Simerson
ebfccec5b3 dmarc: added support for DMARC policy pct=NNN 2013-08-05 15:05:36 -07:00
Matt Simerson
c0210a7877 SPF: arrage flow so if a pass result is possible, 
we will get it and set the note for DMARC plugin
 2013-08-05 15:05:36 -07:00
Matt Simerson
effb4e2269 dmarc: improving and updating POD 2013-08-05 15:05:36 -07:00
Matt Simerson
f9fb0acee7 qmail_deliverable: smite null sender to email list 2013-08-05 15:05:16 -07:00
Matt Simerson
ca678ba736 log2sql: populate plugins table from registry.txt 
much easier for local customizations.
moved SQL connection settings to config/log2sql
 2013-08-05 15:05:16 -07:00
Matt Simerson
8e054c1eda dkim: reduce INFO logging to once per connect 2013-08-05 15:05:16 -07:00
Matt Simerson
a14de07280 tls: added pass|fail prefix to a couple log msgs 2013-08-05 15:05:15 -07:00
Matt Simerson
7f8848d2e8 auth_chkpw: added pass|fail prefix to log msgs 2013-08-05 15:05:15 -07:00
Matt Simerson
25171ec371 dmarc: weed out SPF records from initial search 
use a variable instead of array to count list (not using RR address after all)
 2013-08-05 15:05:15 -07:00
Matt Simerson
1f2a5c27ed dkim: when signing, use signing domain when we 
finding the signing key in a different directory than the sending (eg: example.com instead of www.example.com.)
 2013-08-05 15:05:15 -07:00
Matt Simerson
091843927d dmarc: added relaxed alignment tests 2013-08-05 15:05:15 -07:00
Matt Simerson
75a3e4baae find plugins -type f -exec perltidy -b {} \; 2013-08-05 15:05:15 -07:00
Matt Simerson
fd2c56fb36 resolvable_fromhost: adjust log message prefix 2013-08-05 15:05:15 -07:00
Matt Simerson
2e6eeaa82d karma: add recipient limits for bad senders 2013-08-05 15:05:15 -07:00
Matt Simerson
b9bf523e0e hosts_allow: more succinct log message 2013-08-05 15:05:15 -07:00
Matt Simerson
e23523bc46 registry: renumber with big spaces between plugin 
types. So there's plenty of room to insert future plugins with having to renumber, which impacts log2sql
 2013-08-05 15:05:14 -07:00
Matt Simerson
8a1a156e60 dmarc: remove useless comment 2013-08-05 15:05:14 -07:00
Matt Simerson
2c7cb8afb7 naughty: improve POD 2013-08-05 15:05:14 -07:00
Matt Simerson
db8ec50c3a new plugin: dmarc 2013-08-05 15:05:14 -07:00
Matt Simerson
515188ace5 tls: added ability to store certs in config/ssl 
was hard coded to ./ssl
 2013-08-05 15:05:14 -07:00
Matt Simerson
f03128523c SPF: add pod, documenting spf_pass_host note 2013-08-05 15:05:14 -07:00
Matt Simerson
0f01a39e88 SPF: add trans. note spf_pass_host if SPF=pass 2013-08-05 15:05:14 -07:00
Matt Simerson
6bea1ebd50 domainkeys: fixed pod grammar error 2013-08-05 15:05:14 -07:00
Matt Simerson
b64bb2f9e4 a collection of DKIM enhancements 
* disable Mail::DKIM::TextWrap (causes mangled messages for some clients)
* pod improvements
* don't log the entire DKIM signature when signing
* add dkim_pass_domains connection note with DKIM signer domains that pass
* enable dkim tests
 2013-08-05 15:05:14 -07:00
Matt Simerson
b7320a8eb9 SPF: POD formatting fix 2013-08-05 15:05:14 -07:00
Matt Simerson
c92a5a83c8 dkim: improve POD, add dkim_key_gen.sh 2013-08-05 15:05:13 -07:00
Matt Simerson
a3b8af77bd dkim: added message signing feature 2013-08-05 15:05:13 -07:00
Matt Simerson
8c265d3583 domainkeys: added deprecation comment 2013-08-05 15:05:13 -07:00
Matt Simerson
6b16704b4a karma,relay: karma plugin awards karma later 
by detecting during DATA if relay_client is set
 2013-08-05 15:05:13 -07:00
Matt Simerson
ce0d2b80ef dkim: corrected log entry, added comment 2013-08-05 15:05:13 -07:00
Matt Simerson
d5fd8d24e3 dspam: raise loglevel on debug log message 2013-08-05 15:05:13 -07:00
Matt Simerson
e7ea7a0949 dspam: catch error where QP user lacks x on dspam 
x = execute privileges
 2013-08-05 15:05:13 -07:00
Matt Simerson
eeacf83e3a bogus_bounce: suppress undefined var error 2013-08-05 15:05:13 -07:00
Matt Simerson
5853ec1a47 spf: add comment re: Authentication-Results header 2013-08-05 15:05:13 -07:00
Matt Simerson
2ca3b1d4ee resolvable_fromhost: documented reject naughty 2013-08-05 15:05:13 -07:00
Matt Simerson
c7f5c45f40 random_error: fixed typo, added std pragmas 2013-08-05 15:05:13 -07:00
Matt Simerson
e433796b96 dspam/spamassassin: adjust karma awards 
dspam: be more conservative when learning from karma
sa: added an SA autolearn bonus
 2013-08-05 15:05:13 -07:00
Matt Simerson
2f3127359d moved triplicated init_resolver into Plugin.pm 2013-08-05 15:05:13 -07:00
Matt Simerson
58b860c0eb dkim: added karma for dkim results (allow/reject) 2013-08-05 15:05:12 -07:00
Matt Simerson
8e437ec305 helo: stop processing after first match 2013-08-05 15:05:12 -07:00
Matt Simerson
3bb85a66a1 resolvable_fromhost: added karma smites 2013-08-05 15:05:12 -07:00
Matt Simerson
7da69ef12d spamassassin: karma scoring is dependent on 
the sessage learn status, not SA (global) autolearn setting. So, karma learning follows SA learning rules.
 2013-08-05 15:05:12 -07:00
Matt Simerson
fc5eeec122 added karma awards for SPF pass/fail 2013-08-05 15:05:12 -07:00
Matt Simerson
0c59813957 badmailfrom: fix reject message typo 2013-08-05 15:05:12 -07:00
Matt Simerson
91db656cac fcrdns: new plugin for Forward Confirmed rDNS 2013-08-05 15:05:12 -07:00
Matt Simerson
26becea3d4 qm_deliverable: added reject option, karma smite 
award senders -1 karma to senders to invalid addresses
 2013-08-05 15:05:12 -07:00
Matt Simerson
0383f63d87 naughty: improve POD 2013-08-05 15:05:12 -07:00
Matt Simerson
f039014b33 karma: be a bit more conservative 
require at least -2 karma before smiting
also, add +1 karma to senders with karma_history > 10
 2013-08-05 15:05:12 -07:00
Matt Simerson
77272ba095 whitelist: add +5 karma to whitelisted IPs 2013-08-05 15:05:12 -07:00
Matt Simerson
1e88a57f26 relay: give +2 karma boost to relay IPs 2013-08-05 15:05:12 -07:00
Matt Simerson
c17ebdbcf9 p0f: added smite_os, assign -karma by OS 2013-08-05 15:05:12 -07:00
Matt Simerson
d08de879c5 hosts_allow: allow +karma senders +3 concurrents 
this is really useful if you set max-per-ip to <= 3.
 2013-08-05 15:05:12 -07:00
Matt Simerson
7a4c789ae2 helo: smite senders that fail the selected tests 
and made log entries more terse
 2013-08-05 15:05:12 -07:00
Matt Simerson
b43f369dbe headers: smite poorly behaved senders with -karma 2013-08-05 15:05:12 -07:00
Matt Simerson
e47d431aa9 earlytalker: if we skip for +karma, log it 
and remove IP from log (not IPv6 optimal)
 2013-08-05 15:05:11 -07:00
Matt Simerson
c0899f6d4d spamassassin: assign karma for autolearn message 
also removed 'use lib', to be consistent with most other plugins
and improved grammar
 2013-08-05 15:05:11 -07:00
Matt Simerson
8012dff4f9 dspam: be more conservative with karma awards 
previous settings were reasonable for a well trained dspam. After starting with a fresh dspam, the settings were not optimal for the amount of naive that a default dspam is.
 2013-08-05 15:05:11 -07:00
Matt Simerson
0eef321990 dnsbl: smite blacklisted IPs with -1 karma 2013-08-05 15:05:11 -07:00
Matt Simerson
d5f1f3f72b badrcptto: smite matches with -2 karma 
useful for (reject=>naughty) + spam filter training
 2013-08-05 15:05:11 -07:00
Matt Simerson
e7f9f3bf21 geoip: added too_far option 2013-08-05 15:05:11 -07:00
Matt Simerson
473a1ba6e3 karma_tool: optimized for speedy IP search, IPv6 
fixed one IPv6 issue
 2013-08-05 15:05:11 -07:00
Markus Ullmann
c0b36c5cb4 Sanitize spamd_sock path for perl taint mode 2013-08-05 15:05:11 -07:00
Matt Simerson
a90c881ae5 helo: added comments 2013-08-05 15:05:11 -07:00
Matt Simerson
a7742b5b40 dspam: added use lib, removed some parens 2013-08-05 15:05:11 -07:00
Matt Simerson
73f4759ae7 karma: general improvements 
skip earlytalker checks for positive senders

limit negative karma senders to 1 concurrent connection (hosts_allow)
  added karma::hook_pre_connection, to make hosts_allow change possible

added karma score to log entries
 2013-08-05 15:05:11 -07:00
Matt Simerson
60d3cda18e headers: added section # to RFC citation 2013-08-05 15:05:11 -07:00
Matt Simerson
d8a242b050 whitelist: added pass prefix to log entries 2013-08-05 15:05:11 -07:00
Matt Simerson
96ee32106a qmail_deliverable: remove fail prefix from SMTP er 
prefix should only be logged, not emitted during SMTP
 2013-08-05 15:05:11 -07:00
Matt Simerson
dd59ad210e karma_tool: release didn't. fixed. 
also, preserve karma history when using karma_tool to capture/release
 2013-08-05 15:05:10 -07:00
Matt Simerson
0ed418fafd p0f: added path to socket in error message 
if p0f cannot connect, provide a more descriptive error message. Particularly useful for a p0f plugin developer that runs both p0f v2 and v3 at the same time.
 2013-08-05 15:05:10 -07:00
Matt Simerson
c3dff626cb plugins/bogus_bounce: add Return-Path check 
make sure return path is empty, per RFC 3834
 2013-08-05 15:05:10 -07:00
Matt Simerson
b9750ee5bf plugins/helo: added RFC 5321 notes 2013-08-05 15:05:10 -07:00
Matt Simerson
214ceffea6 uribl plugin: added 'pass' prefix to log message 2013-08-05 15:05:10 -07:00
Matt Simerson
a5803d10f5 updated more split '' syntax to split // 2013-08-05 15:05:10 -07:00
Matt Simerson
e67f4ff98c helo: avoid undef warning when rDNS is invalid 
specifically, when rDNS returns an invalid FQDN like 'null.', which doesn't have
a domain part.
 2013-08-05 15:05:10 -07:00
Matt Simerson
d80b117bff replace all instances of split '' with split // 
newer versions of perl don't accept split '' syntax any longer
 2013-08-05 15:05:10 -07:00
Matt Simerson
2e0909ad27 dspam: improve logging and config error reporting 2013-08-05 15:05:10 -07:00
Matt Simerson
838594642b relay: better error handling and logging 
detect failures in calls to Net::IP for relayclient entries that don't parse.
 2013-08-05 15:05:10 -07:00
Matt Simerson
f0c7c212c0 clamdscan: replace immunity check with naught test 
immunity check was disabled by default, as it wasn't a good policy. OTOH, a naughty check is a sensible default, as we can skip processing on messages we already decided to reject.
 2013-08-05 15:05:10 -07:00
Matt Simerson
14e87fabdf qmail_deliverable: reject null sender to ezmlm lis 2013-08-05 15:05:10 -07:00
Matt Simerson
5b742cbf7d dkim: added some missing POD text 2013-08-05 15:05:09 -07:00
Matt Simerson
4465b7af43 headers: simplify required headers logic 2013-08-05 15:05:09 -07:00
Matt Simerson
af55a8d6dd SPF: use $conn->relay_client instead of duplicated 
is_in_relayclients method. Expects relay plugin to have set relay_client, a reasonable assumption.
 2013-08-05 15:05:09 -07:00
Matt Simerson
e959e408b1 SA: suppress undefined variable warnings 2013-08-05 15:05:09 -07:00
Matt Simerson
55119616d4 whitelist: added debug log message & std plugin 
entries.
 2013-08-05 15:05:09 -07:00
Matt Simerson
a257ec8414 added vpopmail_ext to qmail_deliverable plugin 2013-08-05 15:05:09 -07:00
Matt Simerson
01d7c7e228 karma: added adjust_karma method 
makes it easier to set karma in plugins
 2013-08-05 15:04:12 -07:00
Matt Simerson
368b2c0206 spamassassin: further log message refinement 2013-08-05 15:03:12 -07:00
Matt Simerson
016d2b06bc spf: improved support for IPv6 clients 2013-08-05 15:02:17 -07:00
Matt Simerson
7b420252f0 whitelist: added debug log message & std plugin 
entries.
 2013-08-05 15:02:17 -07:00
Matt Simerson
cd4eda80e1 spamassassin: added 'headers none' option 
enables suppression of SA header insertion
 2013-08-05 15:02:17 -07:00
Matt Simerson
34957d0604 added vpopmail_ext to qmail_deliverable plugin 2013-08-05 15:02:16 -07:00
Matt Simerson
ef985d0df4 earlytalker: lower karma for earlytalkers 2013-08-05 15:01:53 -07:00
Matt Simerson
69e30117fa resolvable_fromhost: additional logging 2013-08-05 15:01:53 -07:00
Matt Simerson
0229780b0f registry: renamed clamd abb3 from cad to clm 2013-08-05 15:01:53 -07:00
Matt Simerson
cba8cd9cef karma: added error keyword to error log messages 2013-08-05 15:01:53 -07:00
Matt Simerson
2fc909b809 karma: added adjust_karma method 
makes it easier to set karma in plugins
 2013-08-05 15:01:52 -07:00
Matt Simerson
aa619b84b0 helo: added is_plain_ip to lenient checks 
there's no excuse for a client to ever send a raw IP, and I have yet to see a valid client do it
 2013-08-05 15:01:52 -07:00
Matt Simerson
93be22020b clamdscan: default is scan always, even authenticated 2013-08-05 15:01:52 -07:00
Matt Simerson
cc26fb7b06 registry: added auth_ prefixes, relay aliases 2013-08-05 15:01:52 -07:00
Matt Simerson
ab22cb2ac4 spamassassin: further log message refinement 2013-08-05 15:01:52 -07:00
Matt Simerson
a005f131f3 qmail_deliverable: test variable if defined before accessing 2013-08-05 15:01:52 -07:00
Matt Simerson
63f97f205f dspam: better error message if dspam_bin is not found 2013-08-05 15:01:52 -07:00
Matt Simerson
b6b1cdd03e SPF: more logging additions 2013-08-05 15:01:52 -07:00
Matt Simerson
b1c2fa16b5 drop the check_ prefix from the last 3 plugins 2013-08-05 15:01:52 -07:00
Matt Simerson
4a662012aa dspam: added missing return 2013-08-05 15:01:52 -07:00
Matt Simerson
fd71e9b98e dnsbl: restore dnsbl bypass for special recipients 2013-08-05 15:01:51 -07:00
Matt Simerson
b7724f4742 dspam: check for dspam_bin during register 2013-08-05 15:01:51 -07:00
Matt Simerson
493c0b3268 log watching and processing tools 2013-08-05 15:01:51 -07:00
Matt Simerson
16b5bfe027 dkim: new plugin 2013-08-05 15:01:51 -07:00
Matt Simerson
002bbed9e3 uribl: ordered pragmas and dependencies 2013-08-05 15:01:51 -07:00
Matt Simerson
6988fa5377 rhsbl: make sure $transaction->sender defined before accessing it 2013-08-05 15:01:51 -07:00
Matt Simerson
bc793a87c7 naughty: POD additions 2013-08-05 15:01:51 -07:00
Matt Simerson
eefb4ab823 headers: added Received to POD header require list 2013-08-05 15:01:51 -07:00
Matt Simerson
8141b4f5a3 dnsbl: more refactoring, 2013-08-05 15:01:51 -07:00
Matt Simerson
723fe314fa rhsbl: added default reject settings 2013-08-05 15:01:51 -07:00
Matt Simerson
b5651f0e4d added plugin: qmail_deliverable 2013-08-05 15:01:51 -07:00
Matt Simerson
0897d93375 resolvable_fromhost: log message updates 2013-08-05 15:01:51 -07:00
Matt Simerson
208dfc3a21 rename require_resolvable_fromhost to resolvable_fromhost 2013-08-05 15:01:51 -07:00
Matt Simerson
feb9ede9df clamdscan: fix karma decrementer 2013-08-05 15:01:51 -07:00
Matt Simerson
4646b0ff0a spamassassin: s/deny/fail/ from a log message (consistency) 2013-08-05 15:01:51 -07:00
Matt Simerson
1b7457b555 SPF: add more log messages 2013-08-05 15:01:50 -07:00
Matt Simerson
11e449a904 geoip: no data is a skip, not a fail 2013-08-05 15:01:50 -07:00
Matt Simerson
52256d2d9b dspam: fixes for training dspam 
process_backticks now writes the entire message (headers + body) to a temp file and had dspam read that. Previously, dspam only read the body.  With the new "process, then train on error" method, dspam didn't have access to the DSPAM signature (in the headers).

replaced open2 with open3. Same results. Works part of the time, but not consistent, and I haven't been able to figure out why.

dspam transaction note is now a hashref (was a string)
parsing of dspam response via substring (was regexp)
 2013-08-05 15:01:50 -07:00
Matt Simerson
d2cd1160ad domainkeys: add header at top of headers (not bottom) 2013-08-05 15:01:50 -07:00
Matt Simerson
3427af8aa4 dnsbl,rhsbl: process DNS immediately 
and use naughty for deferred rejection
 2013-08-05 15:01:50 -07:00
Matt Simerson
e67a71cca5 earlytalker: log message cleanup 2013-08-05 15:01:50 -07:00
Matt Simerson
e69893a961 qmail-queue: a few tweaks and a lot of whitespace 2013-08-05 15:01:50 -07:00
Matt Simerson
439e9fe566 tls: log improvement 2013-08-05 15:01:50 -07:00
Matt Simerson
143534d7a6 spf: remove rcpt hook, process to completion during from 2013-08-05 15:01:50 -07:00
Matt Simerson
65f216c445 parse_addr_withhelo: consistency additions 2013-08-05 15:01:50 -07:00
Matt Simerson
183d8b9f18 naughty: support reject_type set by original plugin 
that marked the connection as naughty
 2013-08-05 15:01:50 -07:00
Matt Simerson
6c2b65d3af hosts_allow: better logging 2013-08-05 15:01:49 -07:00
Matt Simerson
b2a3ef4c34 greylisting: POD correction 2013-08-05 15:01:49 -07:00
Matt Simerson
75e74cd033 dns_whitelist_soft: tiny tweaks of little consequence 2013-08-05 15:01:49 -07:00