c840a1d04f
o plugins/check_badmailfromto - New plugin in the style of check_badmailfrom, which matches a pair of FROM/TO and makes it seem like the recipient's address no longer exists (but only from the matching sender's point of view). Useful for stalkers and other harassment cases. o plugins/dns_whitelist_soft - New plugin to provide a DNS-based whitelist (good for distributed sites). o various files - Replaced tab character with 8 spaces and adjusted line breaks for better readability. Changes by mct@toren.net (Michael C. Toren) o lib/Qpsmtpd/SMTP.pm - Assumes a MAIL FROM value of "<#@[]>" (utilized by qmail to indicate a null sender when generating a doublebounce message) is equivalent to "<>". Previously qpsmtpd complained that the value could not be parsed. - Adds LOGIN to the default list of supported auth mechanisms. The documentation in Auth.pm indicated that auth-login was not currently supported due to lack of functionality, however I can confirm that LOGIN appears to work fine as tested by using msmtp (http://msmtp.sourceforge.net/). Are there any indications that LOGIN support is actually broken in the current implementation? - Removes the "X-Qpsmtpd-Auth: True" header appended when a message has been sent by an authenticated user. One problem with such a header is that it's impossible to say which SMTP hop added it, and it provides no information which could be used to backtrack the transaction. I grepped through my mail archives a bit looking for how other MTAs handled the problem, and decided it would be best to place this information in the Received: header: Received: from remotehost (HELO remotehost) (192.168.42.42) (smtp-auth username foo, mechanism cram-md5) by mail.netisland.net (qpsmtpd/0.28) with ESMTP; <date> o lib/Qpsmtpd/Auth.pm: - Documentation update for the arguments passed to an auth handler; previously the $mechanism argument was not mentioned, which threw off the argument offsets. - Documentation update for auth-login removing the warning that auth-login is not currently supported due to lack of functionality. - Fix to execute a generic auth hook when a more specific auth-$mechanism hook does not exist. (Previously posted to the list last week.) - Upon authentication, sets $session->{_auth_user} and $session->{_auth_mechanism} so that SMTP.pm can include them in the Received: header. o plugins/queue/qmail-queue - Added a timestamp and the qmail-queue qp identifier to the "Queued!" 250 message, for compatibility with qmail-smtpd, which can be very useful for tracking message delivery from machine to machine. For example, the new 250 message might be: 250 Queued! 1105927468 qp 3210 <1105927457@netisland.net> qmail-smtpd returns: 250 ok 1106546213 qp 7129 Additionally, for consistency angle brackets are placed around the Message-ID displayed in the 250 if they were missing in the message header. o plugins/check_badmailfrom: - Changed the error message from "Mail from $bad not accepted here" to "sorry, your envelope sender is in my badmailfrom list", for compatibility with qmail-smtpd. I didn't see any reason to share with the sender the value of $bad, especially for situations where the sender was rejected resulting from a wildcard. o plugins/check_earlytalker: o plugins/require_resolvable_fromhost: - No longer checks for earlytalkers or resolvable senders if the connection note "whitelistclient" is set, which is nice for helping backup MX hosts empty their queue faster. o plugins/count_unrecognized_commands: - Return code changed from DENY_DISCONNECT, which isn't valid in an unrecognized_command hook, to DENY, which in this context drops the connection anyway. (Previously posted to the list last week.) git-svn-id: https://svn.perl.org/qpsmtpd/trunk@356 958fd67b-6ff1-0310-b445-bb7760255be9
51 lines
1.3 KiB
Perl
51 lines
1.3 KiB
Perl
# -*- perl -*-
|
|
=head1 NAME
|
|
|
|
count_unrecognized_commands - Count unrecognized commands and disconnect when we have too many
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
Disconnect the client if it sends too many unrecognized commands.
|
|
Good for rejecting spam sent through open HTTP proxies.
|
|
|
|
=head1 CONFIGURATION
|
|
|
|
Takes one parameter, the number of allowed unrecognized commands
|
|
before we disconnect the client. Defaults to 4.
|
|
|
|
=cut
|
|
|
|
sub register {
|
|
my ($self, $qp, @args) = @_;
|
|
$self->register_hook("unrecognized_command", "check_unrec_cmd");
|
|
|
|
if (@args > 0) {
|
|
$self->{_unrec_cmd_max} = $args[0];
|
|
$self->log(LOGWARN, "WARNING: Ignoring additional arguments.") if (@args > 1);
|
|
} else {
|
|
$self->{_unrec_cmd_max} = 4;
|
|
}
|
|
|
|
$qp->connection->notes('unrec_cmd_count', 0);
|
|
|
|
}
|
|
|
|
sub check_unrec_cmd {
|
|
my ($self, $cmd) = @_[0,2];
|
|
|
|
$self->log(LOGINFO, "Unrecognized command '$cmd'");
|
|
|
|
my $badcmdcount =
|
|
$self->qp->connection->notes( 'unrec_cmd_count',
|
|
($self->qp->connection->notes('unrec_cmd_count') || 0) + 1
|
|
);
|
|
|
|
if ($badcmdcount >= $self->{_unrec_cmd_max}) {
|
|
$self->log(LOGINFO, "Closing connection. Too many unrecognized commands.");
|
|
return (DENY, "Closing connection. $badcmdcount unrecognized commands. Perhaps you should read RFC 2821?");
|
|
}
|
|
|
|
return DECLINED;
|
|
}
|
|
|