89 lines
2.4 KiB
Perl
89 lines
2.4 KiB
Perl
#!perl -w
|
|
|
|
use Qpsmtpd::Plugin::Async::DNSBLBase;
|
|
|
|
sub init {
|
|
my $self = shift;
|
|
my $class = ref $self;
|
|
|
|
no strict 'refs';
|
|
push @{"${class}::ISA"}, 'Qpsmtpd::Plugin::Async::DNSBLBase';
|
|
}
|
|
|
|
sub hook_connect {
|
|
my ($self, $transaction) = @_;
|
|
my $class = ref $self;
|
|
|
|
my %whitelist_zones =
|
|
map { (split /\s+/, $_, 2)[0, 1] } $self->qp->config('whitelist_zones');
|
|
|
|
return DECLINED unless %whitelist_zones;
|
|
|
|
my $remote_ip = $self->connection->remote_ip;
|
|
my $reversed_ip = join(".", reverse(split(/\./, $remote_ip)));
|
|
|
|
# type TXT lookup only
|
|
return DECLINED
|
|
unless $class->lookup($self->qp, [],
|
|
[map { "$reversed_ip.$_" } keys %whitelist_zones],
|
|
);
|
|
|
|
return YIELD;
|
|
}
|
|
|
|
sub process_txt_result {
|
|
my ($class, $qp, $result, $query) = @_;
|
|
|
|
my $connection = $qp->connection;
|
|
$connection->notes('whitelisthost', $result)
|
|
unless $connection->notes('whitelisthost');
|
|
}
|
|
|
|
sub hook_rcpt {
|
|
my ($self, $transaction, $rcpt) = @_;
|
|
my $connection = $self->qp->connection;
|
|
|
|
if (my $note = $connection->notes('whitelisthost')) {
|
|
my $ip = $connection->remote_ip;
|
|
$self->log(LOGNOTICE, "Host $ip is whitelisted: $note");
|
|
}
|
|
return DECLINED;
|
|
}
|
|
|
|
=head1 NAME
|
|
|
|
dns_whitelist_soft - dns-based whitelist override for other qpsmtpd plugins
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
The dns_whitelist_soft plugin allows selected host to be whitelisted as
|
|
exceptions to later plugin processing. It is most suitable for multisite
|
|
installations, so that the whitelist is stored in one location and available
|
|
from all.
|
|
|
|
=head1 CONFIGURATION
|
|
|
|
To enable the plugin, add it to the ~qpsmtpd/config/plugins file as usual.
|
|
It should precede any plugins whose rejections you wish to override. You may
|
|
have to alter those plugins to check the appropriate notes field.
|
|
|
|
Several configuration files are supported, corresponding to different
|
|
parts of the SMTP conversation:
|
|
|
|
=over 4
|
|
|
|
=item whitelist_zones
|
|
|
|
Any IP address listed in the whitelist_zones file is queried using
|
|
the connecting MTA's IP address. Any A or TXT answer means that the
|
|
remote HOST address can be selectively exempted at other stages by plugins
|
|
testing for a 'whitelisthost' connection note.
|
|
|
|
=back
|
|
|
|
NOTE: in contrast to the non-async version, the other 'connect' hooks
|
|
fired after the 'connect' hook of this plugin will see the 'whitelisthost'
|
|
connection note, if set by this plugin.
|
|
|
|
=cut
|