Skip to content

Commit

Permalink
imap: only use port 143 if requested
Browse files Browse the repository at this point in the history 
imap: add SSL_verify_mode config setting to disable TLS host validation
  • Loading branch information
@msimerson
msimerson committed Mar 25, 2024
1 parent ac6d3ad commit 56bf600
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 29 deletions.
38 changes: 9 additions & 29 deletions lib/Mail/DMARC/Report/Receive.pm
View file
Expand Up @@ -27,11 +27,18 @@ sub from_imap {
my $folder = $self->config->{imap}{folder} or croak "no imap folder conf";
my $a_done = $self->config->{imap}{a_done};
my $f_done = $self->config->{imap}{f_done};
my $port = $self->config->{imap}{port} // $self->get_imap_port();
my $port = $self->config->{imap}{port} // 993;

if (defined $self->config->{imap}{SSL_verify_mode}) {
IO::Socket::SSL::set_ctx_defaults(
SSL_verifycn_scheme => 'imap',
SSL_verify_mode => $self->config->{imap}{SSL_verify_mode},
);
}

no warnings qw(once); ## no critic (Warn)
my $imap = Net::IMAP::Simple->new( $server, port => $port,
($port != 143) ? (use_ssl => 1) : ()
use_ssl => $port != 143,
)
or do {
## no critic (PackageVar)
Expand Down Expand Up @@ -183,33 +190,6 @@ sub from_email_simple {
return $rep_type;
}

sub get_imap_port {
my $self = shift;

eval "use IO::Socket::SSL"; ## no critic (Eval)
if ( $@ ) {
carp "no SSL, using insecure connection: $!\n";
return 143;
};

eval "use Mozilla::CA"; ## no critic (Eval)
if ( ! $@ ) {
IO::Socket::SSL::set_ctx_defaults(
SSL_verifycn_scheme => 'imap',
SSL_verify_mode => 0x02,
SSL_ca_file => Mozilla::CA::SSL_ca_file(),
);
return 993;
};

# no CA, disable verification
IO::Socket::SSL::set_ctx_defaults(
SSL_verifycn_scheme => 'imap',
SSL_verify_mode => 0,
);
return 993;
}

sub get_submitter_from_filename {
my ( $self, $filename ) = @_;
return if $self->{_envelope_to}; # already parsed from Subject:
Expand Down
4 changes: 4 additions & 0 deletions share/mail-dmarc.ini
View file
Expand Up @@ -71,6 +71,10 @@ server = mail.example.com
port = 993
user =
pass =

; SSL_verify_mode = 0
; setting to 0 disables TLS certificate validation

; the imap folder where new dmarc messages will be found
folder = dmarc
; the folders to store processed reports (a=aggregate, f=forensic)
Expand Down

0 comments on commit 56bf600

Please sign in to comment.