qpsmtpd/plugins/stunnel

#!perl -w

=head1 NAME

stunnel - stunnel proxy protocol client ip helper.

=head1 DESCRIPTION

stunnel proxy protocol remote ip,port setting feature added for smtps.
reference : http://www.stunnel.org/static/stunnel.html
protocol spec : http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt

config/plugins file example
stunnel proxy on
...

=head1 CONFIGURATION

=head2 proxy [ ON | OFF ]

proxy protocol handler on/off

=cut

use strict;
use warnings;
use Qpsmtpd::Constants;

my $proxy_enabled;
sub init {
	my ($self, $qp, %args) = @_;

	return if ( uc $args{proxy} ne 'ON' );

	$self->log(LOGINFO, "proxy protocol enabled");
	$proxy_enabled = 1;
}

sub hook_unrecognized_command {
	my ($self, $transaction, $cmd, @args) = @_;

	return OK if ( uc $cmd ne 'PROXY' );
	return OK if ( !defined $proxy_enabled );
	return DENY_DISCONNECT if ( $self->connection->remote_ip() ne '127.0.0.1' );
	return DENY_DISCONNECT if ( $self->connection->notes('proxy') );

	# TCP4 192.168.41.227 10.27.11.106 50060 465
	if ( $args[0] =~ m/^(.*?) (.*?) (.*?) (.*?) (.*?)$/ ) {
		my $protocol = $1;
		my $remote_ip = $2;
		my $local_ip = $3;
		my $remote_port = $4;
		my $local_port = $5;
		$self->connection->remote_ip( $remote_ip );
		$self->connection->remote_port( $remote_port );
		$self->connection->remote_info( "[$remote_ip]");

		$self->connection->notes('proxy', 'YES');
		$self->connection->notes('protocol', $protocol);
		$self->connection->notes('remote_ip', $remote_ip);
		$self->connection->notes('remote_port', $remote_port);
		$self->connection->notes('local_ip', $local_ip);
		$self->connection->notes('local_port', $local_port);
		$self->log(LOGINFO, "stunnel : $remote_ip:$remote_port");

		# DNS reverse 
        my $res = Net::DNS::Resolver->new( dnsrch => 0 );
        $res->tcp_timeout(3);
        $res->udp_timeout(3);
        my $query = $res->query( $remote_ip, 'PTR' );
        if ($query) {
            foreach my $rr ($query->answer) {
                next if $rr->type ne 'PTR';
                $self->connection->remote_host( $rr->ptrdname );
            }
        }
	}
	else {
		return DENY_DISCONNECT;
	}
	return DONE;
}