Permalink
Browse files

Merge pull request #36 from msimerson/master

bringing in 0.94
  • Loading branch information...
2 parents 90ba0ff + 0fee545 commit 0c41c012746ed6b269d89874cfb81e88ecee42f4 @msimerson msimerson committed Jan 11, 2014
View
37 Changes
@@ -1,4 +1,41 @@
+0.94 ___ NN, 2014
+
+ Updated DMARC plugin to use Mail::DMARC
+
+ Updated SPF & DKIM plugins to store data for DMARC processing
+
+ karma plugin: added spammy TLD penalty
+
+ a few more log prefixes (corralling stragglers)
+
+
+0.93 Dec 17, 2013
+
+ Added Authentication-Results header
+ moves Authentication-Results to Original-Authentication-Results on inbound.
+ no longer puts auth info in Received header
+
+ TcpServer: ignore DNS search path and explicitely request PTR lookups (speedup)
+
+ store envelope TO/FROM in connection notes
+
+ raised max msg size in clamdscan
+
+ SPF enabled by default (if Mail::SPF available)
+
+ auth_vpopmaild: added taint checking to responses
+
+ added run files for most common deployment methods (easier install)
+
+ untaint config data passed to plugins
+
+ Qpsmtpd.pm: split config args on /\s+/, was / /
+ (compatibility with newer versions of perl)
+
+ dmarc: added subdomain policy handling
+
+
0.92 Apr 20, 2013
new plugins: dmarc, fcrdns
View
18 STATUS
@@ -1,19 +1,11 @@
-Qpsmtpd-dev is a fork of Qpsmtpd. Qpsmtpd is a very good SMTP daemon for
-developers and hackers (admittedly, its focus). The plugin system is great
-but the plugin organization, documentation, and consistency left much
-to be desired.
+Qpsmtpd is a very good SMTP daemon for developers and hackers.
-The primary focus of the -dev branch is improving the consistency and
-behavior of the plugins. After using one plugin, the knowledge gained
-should carry over to other plugins.
-
-Secondary goals are making it easier to install, reducing code duplication,
+Current goals are making it easier to install, reducing code duplication,
reducing complexity, and cooperation between plugins. Anything covered
-in Perl Best Practices is also fair game.
+in Perl Best Practices is fair game.
-So far, the main changes between the release and dev branches have focused
-on these goals:
+Recent changes have been made towards these goals:
- plugins use is_immune and is_naughty instead of a local methods
- plugins log a single entry summarizing their disposition
@@ -36,7 +28,7 @@ For most sites, even DNSBL, SPF, DKIM, and SpamAssassin tests alone are insuffic
Roadmap
=======
- - https://github.com/qpsmtpd-dev/qpsmtpd-dev/issues
+ - https://github.com/smtpd/qpsmtpd/issues
- Bugfixes - qpsmtpd is extremely stable (in production since 2001), but
there are always more things to fix.
View
@@ -1,26 +0,0 @@
-
-When upgrading from:
-
-v 0.84 or below
-
-CHECK_RELAY, CHECK_NORELAY, RELAY_ONLY
-
- All 3 plugins are deprecated and replaced with a new 'relay' plugin. The new plugin reads the same config files (see 'perldoc plugins/relay') as the previous plugins. To get the equivalent functionality of enabling 'relay_only', use the 'only' argument to the relay plugin as documented in the RELAY ONLY section of plugins/relay.
-
-GREYLISTING plugin:
-
- 'mode' config argument is deprecated. Use reject and reject_type instead.
-
- The greylisting DB format has changed to accommodate IPv6 addresses. (The DB key has colon ':' seperated fields, and IPv6 addresses are colon delimited). The new format converts the IPs into integers. There is a new config option named 'upgrade' that when enabled, updates all the records in your DB to the new format. Simply add 'upgrade 1' to the plugin entry in config/plugins, start up qpsmtpd once, make one connection. A log entry will be made, telling how many records were upgraded. Remove the upgrade option from your config.
-
-SPF plugin:
-
- spf_deny setting deprecated. Use reject N setting instead, which provides administrators with more granular control over SPF. For backward compatibility, a spf_deny setting of 1 is mapped to 'reject 3' and a 'spf_deny 2' is mapped to 'reject 4'.
-
-
-P0F plugin:
- defaults to p0f v3 (was v2).
-
- Upgrade p0f to version 3 or add 'version 2' to your p0f line in config/plugins. perldoc plugins/ident/p0f for more details.
-
-
View
@@ -73,6 +73,7 @@ headers reject 0 reject_type temp require From,Date future 2 past 15
bogus_bounce log
#loop
dkim reject 0
+# dmarc requires dkim and SPF to run before it
dmarc
# content filters
View
@@ -89,11 +89,7 @@ connection before any auth succeeds, defaults to C<0>.
=back
-<<<<<<< HEAD
-=head2 Plugin settings
-=======
=head2 Plugin settings files
->>>>>>> initial import - based on my qpsmtpd fork
=over 4
View
@@ -7,7 +7,7 @@ use Qpsmtpd::Constants;
#use DashProfiler;
-$VERSION = "0.93";
+$VERSION = "0.94";
my $git;
View
@@ -218,7 +218,7 @@ sub compile {
sub get_reject {
my $self = shift;
- my $smtp_mess = shift || "why didn't you pass an error message?";
+ my $smtp_mess = shift || "unspecified error";
my $log_mess = shift || '';
$log_mess = ", $log_mess" if $log_mess;
@@ -320,17 +320,17 @@ sub is_immune {
sub is_naughty {
my ($self, $setit) = @_;
- if ( defined $setit ) {
- $self->connection->notes('naughty', $setit);
- $self->connection->notes('rejected', $setit);
- };
+ # see plugins/naughty
+ return $self->connection->notes('naughty') if ! defined $setit;
- if ($self->connection->notes('naughty')) {
+ $self->connection->notes('naughty', $setit);
+ $self->connection->notes('rejected', $setit);
- # see plugins/naughty
+ if ($self->connection->notes('naughty')) {
$self->log(LOGINFO, "skip, naughty");
return 1;
}
+
if ($self->connection->notes('rejected')) {
# http://www.steve.org.uk/Software/ms-lite/
@@ -345,7 +345,7 @@ sub adjust_karma {
my $karma = $self->connection->notes('karma') || 0;
$karma += $value;
- $self->log(LOGDEBUG, "karma $value ($karma)");
+ $self->log(LOGINFO, "karma $value ($karma)");
$self->connection->notes('karma', $karma);
return $value;
}
View
@@ -23,7 +23,7 @@ use Net::DNS;
# this is only good for forkserver
# can't set these here, cause forkserver resets them
-#$SIG{ALRM} = sub { respond(421, "Game over pal, game over. You got a timeout; I just can't wait that long..."); exit };
+#$SIG{ALRM} = sub { respond(421, "timeout; I can't wait that long..."); exit };
#$SIG{ALRM} = sub { warn "Connection Timed Out\n"; exit; };
sub new {
@@ -818,17 +818,24 @@ sub authentication_results {
sub clean_authentication_results {
my $self = shift;
-# On messages received from the internet, we may want to remove
-# the Authentication-Results headers added by other MTAs, so our downstream
-# can trust the new A-R header we insert.
-# We do not want to invalidate DKIM signatures.
-# TODO: parse the DKIM signature(s) to see if A-R header is signed
- return if $self->transaction->header->get('DKIM-Signature');
+# http://tools.ietf.org/html/draft-kucherawy-original-authres-00.html
- my @headers = $self->transaction->header->get('Authentication-Results');
- for ( my $i = 0; $i < scalar @headers; $i++ ) {
+# On messages received from the internet, move Authentication-Results headers
+# to Original-AR, so our downstream can trust the A-R header we insert.
+
+# TODO: Do not invalidate DKIM signatures.
+# if $self->transaction->header->get('DKIM-Signature')
+# Parse the DKIM signature(s)
+# return if A-R header is signed;
+# }
+
+ my @ar_headers = $self->transaction->header->get('Authentication-Results');
+ for ( my $i = 0; $i < scalar @ar_headers; $i++ ) {
$self->transaction->header->delete('Authentication-Results', $i);
+ $self->transaction->header->add('Original-Authentication-Results', $ar_headers[$i]);
}
+
+ $self->log(LOGDEBUG, "Authentication-Results moved to Original-Authentication-Results" );
};
sub received_line {
View
@@ -191,18 +191,18 @@ sub tcpenv {
return ($TCPLOCALIP, $TCPREMOTEIP,
$TCPREMOTEIP ? "[$ENV{TCPREMOTEIP}]" : "[noip!]");
}
- my $res = new Net::DNS::Resolver;
+ my $res = Net::DNS::Resolver->new( dnsrch => 0 );
$res->tcp_timeout(3);
$res->udp_timeout(3);
- my $query = $res->query($nto_iaddr);
+ my $query = $res->query($nto_iaddr, 'PTR');
my $TCPREMOTEHOST;
if ($query) {
foreach my $rr ($query->answer) {
- next unless $rr->type eq "PTR";
+ next if $rr->type ne 'PTR';
$TCPREMOTEHOST = $rr->ptrdname;
}
}
- return ($TCPLOCALIP, $TCPREMOTEIP, $TCPREMOTEHOST || "Unknown");
+ return ($TCPLOCALIP, $TCPREMOTEIP, $TCPREMOTEHOST || 'Unknown');
}
sub check_socket() {
View
@@ -136,14 +136,14 @@ sub handle_dispatch {
my ($message, $pid, $line) = @_;
if ($message =~ /^dispatching MAIL FROM/i) {
my ($from) = $message =~ /<(.*?)>/;
- $pids{$pid}{from} = $from;
+ $pids{$pid}{from} = $from || '';
}
elsif ($message =~ /^dispatching RCPT TO/i) {
my ($to) = $message =~ /<(.*?)>/;
- $pids{$pid}{to} = $to;
+ $pids{$pid}{to} = $to || '';
}
elsif ($message =~ m/dispatching (EHLO|HELO) (.*)/) {
- $pids{$pid}{helo_host} = $2;
+ $pids{$pid}{helo_host} = $2 || '';
}
elsif ($message eq 'dispatching DATA') { }
elsif ($message eq 'dispatching QUIT') { }
@@ -1,14 +1,14 @@
-Name: @PACKAGE@
-Version: @VERSION@
-Release: @RELEASE@
+Name: %{_package}
+Version: %{_version}
+Release: %{_release}
Summary: qpsmtpd + qpsmtpd-apache + qpsmtpd-async
License: MIT
Group: System Environment/Daemons
URL: http://smtpd.develooper.com/
BuildRoot: %{_builddir}/%{name}-%{version}-%{release}-root
BuildRequires: perl >= 0:5.00503
-BuildArch: noarch
+BuildArchitectures: noarch
Requires: perl(Mail::Header), perl(Net::DNS) perl(Net::IP) perl(IPC::Shareable)
Requires(pre): coreutils, shadow-utils, perl
@@ -52,7 +52,7 @@ qpsmpd-async which uses it.
%setup -q -n %{name}-%{version}-%{release}
%build
-CFLAGS="$RPM_OPT_FLAGS" perl Makefile.PL PREFIX=%{_prefix}
+CFLAGS="$RPM_OPT_FLAGS" perl Makefile.PL INSTALLSITELIB=%{_prefix}/lib/perl5/site_perl
make
%clean
@@ -69,9 +69,9 @@ then
make DESTDIR=$RPM_BUILD_ROOT install
else
- make PREFIX=$RPM_BUILD_ROOT%{_prefix}
+ make PREFIX=$RPM_BUILD_ROOT/usr
find blib/lib -name '*.pm.*' -exec rm -f {} \;
- make PREFIX=$RPM_BUILD_ROOT%{_prefix} install
+ make PREFIX=$RPM_BUILD_ROOT/usr install
fi
mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}
rm -f ${RPM_BUILD_ROOT}%{_datadir}/%{name}/plugins/*.*
@@ -127,19 +127,19 @@ fi
%files apache
%defattr(-,root,root)
-%{_datadir}/perl5/Apache/Qpsmtpd.pm
+%{_prefix}/lib/perl5/site_perl/Apache/Qpsmtpd.pm
%{_mandir}/man3/Apache::Qpsmtpd.3pm.gz
%config(noreplace) %{_sysconfdir}/httpd/conf.d/*
%doc %{_docdir}/%{name}-apache-%{version}/README.selinux
%files async
%defattr(-,root,root)
%{_bindir}/qpsmtpd-async
-%{_datadir}/perl5/Danga/Client.pm
-%{_datadir}/perl5/Danga/TimeoutSocket.pm
-%{_datadir}/perl5/Qpsmtpd/ConfigServer.pm
-%{_datadir}/perl5/Qpsmtpd/Plugin/Async/DNSBLBase.pm
-%{_datadir}/perl5/Qpsmtpd/PollServer.pm
+%{_prefix}/lib/perl5/site_perl/Danga/Client.pm
+%{_prefix}/lib/perl5/site_perl/Danga/TimeoutSocket.pm
+%{_prefix}/lib/perl5/site_perl/Qpsmtpd/ConfigServer.pm
+%{_prefix}/lib/perl5/site_perl/Qpsmtpd/Plugin/Async/DNSBLBase.pm
+%{_prefix}/lib/perl5/site_perl/Qpsmtpd/PollServer.pm
%{_mandir}/man1/qpsmtpd-async.1.gz
%{_datadir}/%{name}/plugins/async/*
@@ -157,9 +157,6 @@ then
fi
%changelog
-* Tue Oct 02 2012 <robin.bowes@yo61.com>
-- Fix up spec file to build directly from git repo
-
* Sun Jul 12 2009 <rpmbuild@robinbowes.com> 0.82-0.1
- Update to latest release
- don't add qpsmtpd to start-up by default
View
@@ -221,13 +221,14 @@ sub validate_it {
$self->send_message_to_dkim($dkim, $transaction);
my $result = $dkim->result;
my $mess = $self->get_details($dkim);
+ $self->connection->notes('dkim_result', $result);
+ $self->connection->notes('dkim_verifier', $dkim);
my $auth_str = "dkim=" .$dkim->result_detail;
if ( $dkim->signature && $dkim->signature->domain ) {
$auth_str .= " header.i=@" . $dkim->signature->domain;
};
$self->store_auth_results( $auth_str );
- #$self->add_header($mess);
foreach my $t (qw/ pass fail invalid temperror none /) {
next if $t ne $result;
@@ -482,7 +483,8 @@ sub send_message_to_dkim {
$self->log(LOGERROR, $@) if $@;
}
- $dkim->CLOSE;
+ eval { $dkim->CLOSE; };
+ $self->log(LOGERROR, $@) if $@;
}
sub get_policies {
Oops, something went wrong.

0 comments on commit 0c41c01

Please sign in to comment.