[patch] Expand tls plugin docs concerning certificate chains

[Devin Carraway]

Perhaps counterintuitively, IO::Socket:SSL expects that multi-step SSL
cert chains must have the intermediate certs in the SSL_cert_file
path and not the SSL_ca_file path.  Add documentation on this point,
and a way of verifying cert configuration since most MTAs won't be
at all helpful in diagnosing SSL verification errors.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 4096R/9197B5F9: 9C64 37CD 1B7B 029D 0933  49EA 1E52 7672 9197 B5F9
commit f49a266b76ee8c539a3bbed68c3d65f8cdba6593
Author: Devin Carraway g...@devin.com
Date:   Thu Jun 5 23:53:51 2014 -0700

Expand the tls plugin's documentation regarding certificate chains and testing.

diff --git a/plugins/tls b/plugins/tls
index b690eb6..6e1a20c 100644
--- a/plugins/tls
+++ b/plugins/tls
@@ -14,7 +14,13 @@ tls [Bcert_path priv_key_path ca_path]
 
 =item Bcert_path
 
-Path to the server certificate file. Default: Issl/qpsmtpd-server.crt
+Path to the server certificate file.  This file should include
+both the server's own certificate and those of any intermediate
+(non-root) certificate authorities in the cert chain.  If a chain
+of multiple certificates is given here, the file must be in PEM
+format; if only one cert is given, DER format is also acceptable.
+
+Default: Issl/qpsmtpd-server.crt
 
 =item Bpriv_key_path
 
@@ -22,7 +28,7 @@ Path to the private key file. Default: Issl/qpsmtpd-server.key
 
 =item Bca_path
 
-Path to the certificate authority file. Default: Issl/qpsmtpd-ca.crt
+Path to the root certificate authority file. Default: Issl/qpsmtpd-ca.crt
 
 =back
 
@@ -57,6 +63,13 @@ ciphers at Lhttp://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS,
 and put a suitable string in config/tls_ciphers (e.g. DEFAULT or
 HIGH:MEDIUM)
 
+=head1 TESTING
+
+To verify correct configuration and certificate structure, after enabling
+the plugin one can use this command to test negotiation and authentication:
+
+  openssl s_client -CApath /etc/ssl/certs -starttls smtp -connect mailhost:25
+
 =cut
 
 use IO::Socket::SSL 0.98; # qw(debug1 debug2 debug3 debug4);

Transport encryption in Received: header

[Devin Carraway]

This was reported as Debian bug#684571 (http://bugs.debian.org/684571):

 When TLS is in use, qpsmtpd creates a Received header of the form
 
 Received: from 87.114.148.171.plusnet.thn-ag1.dyn.plus.net (HELO
 george.localnet) (87.114.148.171)
   (smtp-auth username XXELIDEDXXX, mechanism cram-md5)
   by tauism.org (qpsmtpd/0.84) with (AES256-SHA encrypted) ESMTPSA; Thu, 02
 Aug 2012 23:04:55 +0100
 
 According to RFC 5322, comments may not appear between with and the
 protocol.  The BNF allows only FWS there, not CFWS.

This appears correct based on a quick read of RFC5321 (RFC5322 doesn't
explicitly say as much but defers to 5321 concerning specific trace data).

The reporter goes on to suggest that this causes a mis-parse by spamassassin
and causes mail to be interpreted as from an untrusted source since the sender
auth isn't collected.  I haven't verified this part.

Submitter provides a patch, available here:

http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=qpsmtpd-received-with-ssl.patch;att=1;bug=684571


Devin
-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: release

[Devin Carraway]

On Thu, Jun 21, 2012 at 03:00:27PM -0700, Matt Simerson wrote:
 What is the process for releasing a new version of qpsmtpd? 

And, tangentially: Debian has announced that it's freezing Wheezy on the 30th.
There's been a ton of changes in the last couple of months, and I haven't kept
close watch on their backwards compatibility, so it's a tight timeline if we
were to try to cut a release before then.


Devin
-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: URIBL plugin and 'semicolon insertion munging'

[Devin Carraway]

On Mon, Jul 26, 2010 at 12:53:33PM -0500, Jared Johnson wrote:
 Do you happen to remember whether at the time you were looking at real
 spam volume, or just a possible attack?

This was based on actual spam, although it would have been reactive testing
based on spam that escaped detection, not any statistical assessment.

  My latest effort is still a bit
 in question; (1) http://domain;.jkl and http://domain/ are just as
 possible to trigger the implied-.com behavior; (2) this behavior seems to
 only be triggered when typing on the URL bar, and *not* when clicking a
 link.

At the time the feature was added, spammers were escalating their attacks on
URI matchers, which had by that point implemented tests for the full range of
legal URL obfuscation tricks.  There was a period through there where the spam
attempted to induce the recipient to cut and paste into the browser's URL bar.
That may well still be going on, though I don't recall seeing it recently.  I
recall seeing some spam that obfuscated the URL beyond browser interpretation,
but included some extra instructions for human de-munging.

Clicking on a link may vary with the particular combinations of
OS/mailreader/browser involved -- opening a link from a webmail app almost
certainly won't do implied TLD or auto-searching, whereas native readers may
behave differently.  Firefox on Linux does the extra interpration on
commandline-supplied URLs, but other systems may vary.


  My colleagues are in favor of just dropping the test, unless
 there's actually reason to believe we will see spammer URI's that try to
 take advantage of this.  If so, it would probably be best to detect what
 they're trying to obfuscate based on actual data, since that's really the
 important thing -- if the spammer thinks spammerdomain;.net will go to
 spammerdomain.net, we should check spammerdomain.net, even if in reality
 it would go to spammerdomain.com :)

I won't be unhappy if you take it out -- since you're working from a spam
corpus and I'm working from memory of spam from ages ago, a statistical sense
of whether this type of attack is used anymore would be more valuable.


Devin
-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: Rewritten URIBL plugin

[Devin Carraway]

On Sun, Jul 25, 2010 at 04:43:36AM -0500, Jared Johnson wrote:
 The plugin has the following advantages over the original:

Based on a single read-through of the code, I like most of it.  Some
assorted observations, though:

- Parsing out the MIME sections is worthwhile, though it's really something
  that ought to be done in the core libs when plugins indicate they need it,
  or in a utility plugin if that's practical.  This was something I meant
  to bring up a while back -- we have quite a few different content-scanning
  plugins, and if they're all obliged to invoke MIME::Parser repeatedly it'll
  be even more costly than that module already is.  Not that I have time to
  do it myself, though.  :P
- For messages below a few hundred kb or so, consider
  MIME::Parser-output_to_core(), so we can avoid the fs churn.  Annoyingly,
  MIME::Parser doesn't provide a mechanism to only consider particular
  mimetypes, or we could skip decoding non-text bodies.
- It looks like you're scanning inside all parts of multipart MIME, where
  doing so only on text parts might be preferable.
- The config really needs to live in a config file -- changing or expanding 
  the format is fine if needed, but config that lives in code can't really
  be edited.  I'm not bothered by having per-list defaults in the plugin,
  but one should be able to fully add a new list or alter an existing one
  without changing Perl code.
- In the unwinding of HTML entity escaping -- I suggest doing amp; last.
  amp;gt; is gt;, not .

 the SURBL two-level and three-level lists -- but the SURBL lists are
 pruned to exclude stuff that we're pretty sure is never going to actually
 get listed -- when was the last time you saw a spammer use .mil? 
 uribl.com never has, according to our datafeed :)

We'll probably see compromised .gov and .mil sites hosting malware, much as we
see in other domains.  They're not that useful for classical spammer purposes
since they can't be registered in the usual fashion.


Devin

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: URIBL plugin and 'semicolon insertion munging'

[Devin Carraway]

On Wed, Jul 21, 2010 at 07:54:30AM -0500, Jared Johnson wrote:
 Unlike the other bits of dodge this sort of munging operations,
 examining my test results and asking uncle google has not made it clear to
 me what inserted-semicolon munging really is.  Can anyone shed light on

My memory of this is fuzzy, but my SVN log indicates it was an attempt to deal
with a style of munging that exploited different browser behavior on
encountering semicolons in the hostname component of URLs.  At the time, the
form I was considering was http://domain;.com/;.  Under firefox, the
semicolon is taken to mean the end of the hostname and the start of the path,
thus triggering the implied-.com behavior and ending up at
http://domain.com/;.com/;.  I forget what IE does/did, but given the IE/FF
market share balance in 2005 when I added that feature, it was probably
similar.

In fact the problem is a lot more complex, because the five major browsers out
there all deal differently with deviations from the norm in URLs, and spammers
exploit those deviations to mislead parsers.  For the case I had in mind,
stripping semicolons out would be the right thing, but will be misled by the
munge pattern http://domain.com;.com/foo;.  The uribl plugin deals with a lot
of the munging tricks that were common back when it was written, but it's
probably not comprehensive today and it's definitely suceptible to picking up
bogus hostnames (e.g. the nbsp;.net behavior you note) based on what's left
after the known munging tricks are unwound.

http://code.google.com/p/browsersec/wiki/Part1#Uniform_Resource_Locators has a
summary of some of the deviations, although it doesn't address this specific
one.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: URIBL plugin and 'semicolon insertion munging'

[Devin Carraway]

On Fri, Jul 23, 2010 at 06:57:33PM -0500, Jared Johnson wrote:
  It seems like
  all you have to do to get around the nbsp; etc. problem is to wait a
  little longer before applying the fixup -- allow the semicolon to match in
  the hostname search and then strip it out.
 
 My bad.. I guess the plugin currently only fixes up '#\d\d\d' encoding,
 not nbsp; etc.  maybe i'll work on that...

Yeah, I didn't include full HTML entity decoding support.  Decoding any
entities is a heuristic, since the plugin isn't MIME aware and really doesn't
know that it's looking at HTML.  Encoded entities are fairly distinctive,
though, and the characters used in the format are generally invalid within the
hostname component of URLs, so it's a fair guess.

As IDNs become more common we can also expect to see munging attacks based on
UTF-* decoder variants, too, come to think of it.  :P

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: Bug in uribl plugin

[Devin Carraway]

On Wed, Feb 17, 2010 at 05:32:35PM +0100, Jost Krieger wrote:
 uribl documnets a config option scan_headers, but implements an option
 check_headers.
 
 In addition, if check_headers is *set*, headers are skipped (if I
 haven't missed a negation).
 
 This also means headers are checked by default.

Ah, thanks for the catch.  Will send a patch in a moment.


-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

[PATCH] Header check config/logical-inversion fix

[Devin Carraway]

Jost Krieger pointed out that the documentation for the header check called
for a config_headers, but the code actually implemented scan_headers.  Updated
to accept either.  Also the condition for actually checking/skipping the
headers was inverted.

Also whitespace fixes.
---
 plugins/uribl |   20 
 1 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/plugins/uribl b/plugins/uribl
index 76115fc..984d7b8 100644
--- a/plugins/uribl
+++ b/plugins/uribl
@@ -143,7 +143,9 @@ sub init {
 
 $self-{action} = $args{action} || 'add-header';
 $self-{timeout} = $args{timeout} || 30;
-$self-{check_headers} = $args{'check-headers'};
+# scan-headers was the originally documented name for this option, while
+# check-headers actually implements it, so tolerate both.
+$self-{check_headers} = $args{'check-headers'} || $args{'scan-headers'};
 
 $args{mask} ||= 0x00ff;
 $self-{mask} = 0;
@@ -270,19 +272,21 @@ sub lookup_start {
 my @qp_continuations;
 
 $transaction-body_resetpos;
-while ($self-{check_headers} and $l = $transaction-body_getline) {
+   # if we're not looking for URIs in the headers, read past that point
+   # before starting to actually look for any
+while (!$self-{check_headers} and $l = $transaction-body_getline) {
 chomp $l;
 last if !$l;
 }
 while ($l = $transaction-body_getline) {
 chomp $l;
 
-if ($l =~ /(.*)=$/) {
-push @qp_continuations, $1;
-} elsif (@qp_continuations) {
-$l = join('', @qp_continuations, $l);
-@qp_continuations = ();
-}
+if ($l =~ /(.*)=$/) {
+push @qp_continuations, $1;
+} elsif (@qp_continuations) {
+$l = join('', @qp_continuations, $l);
+@qp_continuations = ();
+}
 
 # Undo URI escape munging
 $l =~ s/[=%]([0-9A-Fa-f]{2,2})/chr(hex($1))/ge;
-- 
1.5.6.5

[PATCH] Add a whatis to Qpsmtpd.pm and Postfix.pm's POD

[Devin Carraway]

From: Devin Carraway g...@devin.com

---
 lib/Qpsmtpd.pm |2 +-
 lib/Qpsmtpd/Postfix.pm |2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/Qpsmtpd.pm b/lib/Qpsmtpd.pm
index 85508ad..b4211fe 100644
--- a/lib/Qpsmtpd.pm
+++ b/lib/Qpsmtpd.pm
@@ -604,7 +604,7 @@ __END__
 
 =head1 NAME
 
-Qpsmtpd
+Qpsmtpd - base class for the qpsmtpd mail server
 
 =head1 DESCRIPTION
 
diff --git a/lib/Qpsmtpd/Postfix.pm b/lib/Qpsmtpd/Postfix.pm
index 4e69157..f045f7f 100644
--- a/lib/Qpsmtpd/Postfix.pm
+++ b/lib/Qpsmtpd/Postfix.pm
@@ -2,7 +2,7 @@ package Qpsmtpd::Postfix;
 
 =head1 NAME
 
-Qpsmtpd::Postfix
+Qpsmtpd::Postfix - postfix queueing support for qpsmtpd
 
 =head2 DESCRIPTION
 
-- 
1.6.6

[PATCH] Fix whatis in Qpsmtpd.pm and Postfix.pm's POD

[Devin Carraway]

Adds a suffix to the NAME section of the POD in a couple of places;
this fixes the whatis section in manpages generated from the POD.  It's
not a big deal or a compatibility issue with perl, but it's been
triggering a lintian warning in prepping the Debian packages.

[PATCH] Use BSMTP response code; misc cleanups

[Devin Carraway]

From: Devin Carraway g...@devin.com

Exim's BSMTP interface will indicate the SMTP response to the exchange;
actually use it rather than assuming all errors are 400-class soft ones.

Tolerate $transaction-header returning undef (since it evidently can under
some conditions).

Convert a few errant tabs to spaces.

Fix vi modeline.
---
 plugins/queue/exim-bsmtp |   26 +++---
 1 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/plugins/queue/exim-bsmtp b/plugins/queue/exim-bsmtp
index d25644f..528e7ab 100644
--- a/plugins/queue/exim-bsmtp
+++ b/plugins/queue/exim-bsmtp
@@ -80,12 +80,16 @@ sub register {
 sub hook_queue {
 my ($self, $transaction) = @_;
 
+unless ($transaction-header) {
+$self-log(LOGERROR, No header parsed for transaction; can't 
enqueue);
+return (DENY, 'Mail unqueuable');
+}
 my $tmp_dir = $self-qp-config('spool_dir') || '/tmp';
 $tmp_dir = $1 if ($tmp_dir =~ /(.*)/);
 my ($tmp, $tmpfn) = tempfile(exim-bsmtp.$$.XX, DIR = $tmp_dir);
 unless ($tmp  $tmpfn) {
-   $self-log(LOGERROR, Couldn't create tempfile: $!);
-   return (DECLINED, 'Internal error enqueueing mail');
+$self-log(LOGERROR, Couldn't create tempfile: $!);
+return (DECLINED, 'Internal error enqueueing mail');
 }
 
 print $tmp HELO , hostname(), \n,
@@ -112,9 +116,13 @@ sub hook_queue {
 # Normally exim produces no output in BSMTP mode; anything that
 # does come out is an error worth logging.
 my $start = time;
+my ($bsmtp_error, $bsmtp_msg);
 while ($exim) {
-   chomp;
-   $self-log(LOGERROR, exim: $_);
+chomp;
+$self-log(LOGERROR, exim: $_);
+if (/(\d\d\d)\s(\S.*)/) {
+($bsmtp_error, $bsmtp_msg) = ($1, $2);
+}
 }
 $self-log(LOGDEBUG, BSMTP finished (.(time - $start). sec));
 $exim-close;
@@ -122,7 +130,12 @@ sub hook_queue {
 unlink $tmpfn or $self-log(LOGERROR, unlink: $tmpfn: $!);
 
 $self-log(LOGDEBUG, Exitcode from exim: $exit);
-if (($exit  8) != 0) {
+if ($bsmtp_error  $bsmtp_error = 400  $bsmtp_error  600) {
+$self-log(LOGERROR, BSMTP enqueue failed; response $bsmtp_error.
+  ($bsmtp_msg));
+return ($bsmtp_error  400 ? DECLINED : DENY, $bsmtp_msg);
+}
+elsif (($exit  8) != 0 || $bsmtp_error) {
 $self-log(LOGERROR, 'BSMTP enqueue failed; exitcode '.($exit  8).
   from $self-{_exim_path} -bS);
 return (DECLINED, 'Internal error enqueuing mail');
@@ -135,5 +148,4 @@ sub hook_queue {
 
 1;
 
-# vi: ts=4 sw=4 expandtab syn=perl
-
+# vi: ts=4 sw=4 expandtab syn=perl:
-- 
1.6.5.7

Re: [qpsmtpd] Still looking: tcpserver startup for qpsmtpd-prefork 0.81

[Devin Carraway]

On Wed, May 20, 2009 at 09:40:21PM -0400, Charlie Brady wrote:
 I think the -T *should* be there on the command line, but there are some 
 bugs in qpsmtpd and/or your plugins which need to be fixed before it will 
 work.

forkserver has used -T since 29ac2860, back in 2004.  Obviously prefork is
newer and has seen less testing, but most of the module code and plugins have
seen plenty of taint-checked use.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: [qpsmtpd] Still looking: tcpserver startup for qpsmtpd-prefork 0.81

[Devin Carraway]

On Thu, May 21, 2009 at 07:23:55AM +, Matt Sergeant wrote:
 I guess this raises a question: The return values from config() are 
 tainted. Should we de-taint them?

I think so.  Integrity of the config files is an issue handled much higher up,
not by taint checks way down in plugins.


-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: [qpsmtpd] 0.81 Can prefork listen on more than one port?

[Devin Carraway]

On Thu, May 21, 2009 at 03:30:28PM +, J wrote:
 I set my 'run' file to use two ports, but only the last one listed is
 actually being listened on. I verified this with manual connections and
 netstat on the server.
 
 Does this mean prefork can only listen to one port, or might I be invoking
 it improperly? Here's my run file:

The prefork in 0.81 can only listen on one.  The next release will support
listening on multiple addresses  ports in prefork, just as forkserver does.

http://github.com/abh/qpsmtpd/commit/19a0f5ded13e804b9546224c3bdc5e1b7eaa9487
has the change if you want to patch it in while you're waiting.


-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: [qpsmtpd] 0.81 Can prefork listen on more than one port?

[Devin Carraway]

On Thu, May 21, 2009 at 08:17:51PM +, J wrote:
 On Thu, 21 May 2009, Ask Bj?rn Hansen wrote:
  wget http://github.com/abh/qpsmtpd/tarball/master
 
 I copied the qpsmtpd-prefork from there and restarted. The following error
 is repeated, with no qpsmtpd-prefork processes showing up:

Yeah, that's a bug -- sent a patch a few minutes ago.  However, if you're
seeing it, then your commandline isn't specifying multiple ports to listen on;
use --listen-address 0.0.0.0:25 --listen-address 0.0.0.0:587 to get the
behavior you're looking for (and avoid the bug).



-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: [qpsmtpd] 0.81 Can prefork listen on more than one port?

[Devin Carraway]

On Thu, May 21, 2009 at 03:55:33PM -0500, Jared Johnson wrote:
 You might want to consider the multiple-addresses/ports thing to be 
 significant enough to warrant an early release; I noticed a bit ago that 
 the stock debian package had switched to prefork, but had to revert back 
 to forkserver because of the regression on that issue.  Food for thought.
 
 Of course, someone could also just advice the debian maintainer to apply 
 that patch to the debian package :)

I'm the Debian maintainer.  :)  Defaulting to prefork was an accident, and I
fixed it the following morning (and then went off to add multi-interface
support).  When prefork is commandline-compatible I'll add it as a
debconf-selected option; the change is sitting in my svn repo ready to go.  If
the next release drags out too long I'll patch  upload, or release from git,
but with Debian in an unstable cycle I'm content to wait a bit.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: [qpsmtpd] 0.81 Can prefork listen on more than one port?

[Devin Carraway]

On Thu, May 21, 2009 at 10:13:08PM +, J wrote:
 Made the substitution, as suggested, but now I get the following error
 repeated:
 
 Insecure dependency in setpriority while running with -T switch at 
 ./qpsmtpd-prefork line 432.

sigh You can work around this one by leaving off the --renice-parent; if you
do need to set a nicelevel, do so via /bin/nice instead.



-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: clamav plugins

[Devin Carraway]

On Sun, Apr 19, 2009 at 09:24:54AM +0300, Imre Gergely wrote:
 Happy to report that the new clamdscan plugin works fine, and got in in 
 Jaunty. If you wish I could try a NMU to Debian, too if you don't have 
 the time.

No worries, I pushed 0.81 to Debian.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: clamav plugins

[Devin Carraway]

On Thu, Apr 16, 2009 at 10:29:41PM +0300, Imre Gergely wrote:
 Do you have any plans on updating this Clamd.pm or maybe using 
 clamd-client (http://search.cpan.org/dist/ClamAV-Client/) which is more 
 up-to-date ?

I updated clamdscan to use ClamAV::Client a while back, since the package was
about to be uninstallable with the old module dependency.  Never actually got
it checked in, but it works fine.  Here's a copy; I'll try to get it into git,
but anyone else with more time is welcome to jump ahead of me.  :)

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2
#!/usr/bin/perl -w
# $Id$

=head1 NAME

clamdscan

=head1 DESCRIPTION

A qpsmtpd plugin for virus scanning using the ClamAV scan daemon, clamd.

=head1 RESTRICTIONS

The ClamAV scan daemon, clamd, must have at least execute access to the qpsmtpd
spool directory in order to sucessfully scan the messages.  You can ensure this
by running clamd as the same user as qpsmtpd does, or by doing the following: 

=over 4

=item * Change the group ownership of the spool directory to be a group 
of which clamav is a member or add clamav to the same group as the qpsmtpd
user.

=item * Enable the AllowSupplementaryGroups option in clamd.conf.

=item * Add group-execute permissions to the qpsmtpd spool directory.

=item * Make sure that all directories above the spool directory (to the
root) are g+x so that the group has directory traversal rights; it is not
necessary for the group to have any read rights.

=back

It may be helpful to temporary grant the clamav user a shell and test to
make sure you can cd into the spool directory and read files located there.
Remember to remove the shell from the clamav user when you are done
testing.

=head1 INSTALL AND CONFIG

Place this plugin in the plugin/virus directory beneath the standard
qpsmtpd installation.  If you installed clamd with the default path, you
can use this plugin with default options (nothing specified):

You must have the ClamAV::Client module installed to use the plugin.

=over 4

=item Bclamd_socket

Full path to the clamd socket (the recommended mode), if different from the
ClamAV::Client defaults.

=item Bclamd_port

If present, must be the TCP port where the clamd service is running,
typically 3310; default disabled.  If present, overrides the clamd_socket.

=item Bdeny_viruses

Whether the scanner will automatically delete messages which have viruses.
Takes either 'yes' or 'no' (defaults to 'yes').  If set to 'no' it will add
a header to the message with the virus results.

=item Bdefer_on_error

Whether to defer the mail (with a soft-failure error, which will incur a retry)
if an unrecoverable error occurs during the scan.   The default is to accept
the mail under these conditions.  This can permit viruses to be accepted when
the clamd daemon is malfunctioning or unreadable, but will not allow mail to
backlog or be lost if the condition persists.

=item Bmax_size

The maximum size, in kilobytes, of messages to scan; defaults to 128k.

=back

=head1 REQUIREMENTS

This module requires the ClamAV::Client module, found on CPAN here:

Lhttp://search.cpan.org/dist/ClamAV-Client/

=head1 AUTHOR

Originally written for the Clamd module by John Peacock jpeac...@cpan.org;
adjusted for ClamAV::Client by Devin Carraway qpsmtpd/@/devin.com.

=head1 COPYRIGHT AND LICENSE

Copyright (c) 2005 John Peacock,
Copyright (c) 2007 Devin Carraway

Based heavily on the clamav plugin

This plugin is licensed under the same terms as the qpsmtpd package itself.
Please see the LICENSE file included with qpsmtpd for details.

=cut

use ClamAV::Client;

use strict;
use warnings;

sub register {
my ( $self, $qp, @args ) = @_;

%{ $self-{_clamd} } = @args;

# Set some sensible defaults
$self-{_clamd}-{deny_viruses} ||= yes;
$self-{_clamd}-{max_size} ||= 128;


for my $setting ('deny_viruses', 'defer_on_error') {
next unless $self-{_clamd}-{$setting};
$self-{_clamd}-{$setting} = 0
if lc $self-{_clamd}-{$setting} eq 'no';
}
}

sub hook_data_post {
my ( $self, $transaction ) = @_;

if ( $transaction-data_size  $self-{_clamd}-{max_size} * 1024 ) {
$self-log( LOGNOTICE, Declining due to data_size );
return (DECLINED);
}

# Ignore non-multipart emails
my $content_type = $transaction-header-get('Content-Type');
$content_type =~ s/\s/ /g if defined $content_type;
unless ( $content_type
 $content_type =~ m!\bmultipart/.*\bboundary=?([^]+)!i )
{
$self-log( LOGNOTICE, non-multipart mail - skipping );
return DECLINED;
}

my $filename = $transaction-body_filename;
unless ($filename) {
$self-log( LOGWARN, Cannot process due to lack of filename );
return (DECLINED);# unless $filename;
}

# the spool directory must be readable and executable by the scanner;
# this generally means

Re: clamav plugins

[Devin Carraway]

On Fri, Apr 17, 2009 at 12:10:06AM +0300, Imre Gergely wrote:
 Uh, nice. Mind if I take that and test it a bit in Ubuntu? and if it's 
 working maybe we can squeeze it in in the new release next week. Though 
 it would be better if it came from the git, so if anybody could upload 
 it there before the weekend, that would be really great.

Help yourself; I've been preparing a new package for upload to Debian this
week, but it may not be done in time and the integration with prefork at least
may not be of release quality.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

[PATCH] Update clamdscan plugin to use ClamAV::Client

[Devin Carraway]

---
 Changes |5 ++
 plugins/virus/clamdscan |  130 +++
 2 files changed, 91 insertions(+), 44 deletions(-)

diff --git a/Changes b/Changes
index 5b47051..b1c330f 100644
--- a/Changes
+++ b/Changes
@@ -1,3 +1,8 @@
+X.YY - Date
+
+  The clamdscan virus-scanning plugin now requires the ClamAV::Client
+  perl module instead of the older, deprecated Clamd module (Devin Carraway)
+
 0.81 - April 2, 2009
 
   Close spamd socket after reading the result back (Jared Johnson)
diff --git a/plugins/virus/clamdscan b/plugins/virus/clamdscan
index 1ea28ff..a7884e7 100644
--- a/plugins/virus/clamdscan
+++ b/plugins/virus/clamdscan
@@ -1,4 +1,5 @@
 #!/usr/bin/perl -w
+# $Id$
 
 =head1 NAME
 
@@ -10,10 +11,9 @@ A qpsmtpd plugin for virus scanning using the ClamAV scan 
daemon, clamd.
 
 =head1 RESTRICTIONS
 
-The ClamAV scan daemon, clamd, must have at least read access to the
-qpsmtpd spool directory in order to sucessfully scan the messages.  You can
-ensure this by running clamd as the same user as qpsmtpd does (by far the
-easiest method) or by doing the following: 
+The ClamAV scan daemon, clamd, must have at least execute access to the qpsmtpd
+spool directory in order to sucessfully scan the messages.  You can ensure this
+by running clamd as the same user as qpsmtpd does, or by doing the following: 
 
 =over 4
 
@@ -23,14 +23,11 @@ user.
 
 =item * Enable the AllowSupplementaryGroups option in clamd.conf.
 
-=item * Change the permissions of the qpsmtpd spool directory to 0750 (this 
-will emit a warning when the qpsmtpd service starts up, but can be safely
-ignored).
+=item * Add group-execute permissions to the qpsmtpd spool directory.
 
 =item * Make sure that all directories above the spool directory (to the
 root) are g+x so that the group has directory traversal rights; it is not
-necessary for the group to have any read rights except to the spool
-directory itself.
+necessary for the group to have any read rights.
 
 =back
 
@@ -45,12 +42,14 @@ Place this plugin in the plugin/virus directory beneath the 
standard
 qpsmtpd installation.  If you installed clamd with the default path, you
 can use this plugin with default options (nothing specified):
 
+You must have the ClamAV::Client module installed to use the plugin.
+
 =over 4
 
 =item Bclamd_socket
 
-Full path to the clamd socket (the recommended mode); defaults to
-/tmp/clamd and is the default method.
+Full path to the clamd socket (the recommended mode), if different from the
+ClamAV::Client defaults.
 
 =item Bclamd_port
 
@@ -63,6 +62,14 @@ Whether the scanner will automatically delete messages which 
have viruses.
 Takes either 'yes' or 'no' (defaults to 'yes').  If set to 'no' it will add
 a header to the message with the virus results.
 
+=item Bdefer_on_error
+
+Whether to defer the mail (with a soft-failure error, which will incur a retry)
+if an unrecoverable error occurs during the scan.   The default is to accept
+the mail under these conditions.  This can permit viruses to be accepted when
+the clamd daemon is malfunctioning or unreadable, but will not allow mail to
+backlog or be lost if the condition persists.
+
 =item Bmax_size
 
 The maximum size, in kilobytes, of messages to scan; defaults to 128k.
@@ -75,17 +82,19 @@ Scan all messages, even if there are no attachments
 
 =head1 REQUIREMENTS
 
-This module requires the Clamd module, found on CPAN here:
+This module requires the ClamAV::Client module, found on CPAN here:
 
-Lhttp://search.cpan.org/author/MSERGEANT/Clamd-1.04
+Lhttp://search.cpan.org/dist/ClamAV-Client/
 
 =head1 AUTHOR
 
-John Peacock jpeac...@cpan.org
+Originally written for the Clamd module by John Peacock jpeac...@cpan.org;
+adjusted for ClamAV::Client by Devin Carraway qpsmtpd/@/devin.com.
 
 =head1 COPYRIGHT AND LICENSE
 
-Copyright (c) 2005 John Peacock
+Copyright (c) 2005 John Peacock,
+Copyright (c) 2007 Devin Carraway
 
 Based heavily on the clamav plugin
 
@@ -94,7 +103,10 @@ Please see the LICENSE file included with qpsmtpd for 
details.
 
 =cut
 
-use Clamd;
+use ClamAV::Client;
+
+use strict;
+use warnings;
 
 sub register {
 my ( $self, $qp, @args ) = @_;
@@ -102,10 +114,14 @@ sub register {
 %{ $self-{_clamd} } = @args;
 
 # Set some sensible defaults
-$self-{_clamd}-{clamd_socket} ||= /tmp/clamd;
 $self-{_clamd}-{deny_viruses} ||= yes;
 $self-{_clamd}-{max_size} ||= 128;
 $self-{_clamd}-{scan_all} ||= 0;
+for my $setting ('deny_viruses', 'defer_on_error') {
+next unless $self-{_clamd}-{$setting};
+$self-{_clamd}-{$setting} = 0
+if lc $self-{_clamd}-{$setting} eq 'no';
+}
 }
 
 sub hook_data_post {
@@ -134,55 +150,81 @@ sub hook_data_post {
 return (DECLINED);# unless $filename;
 }
 
+# the spool directory must be readable and executable by the scanner;
+# this generally means either group or world exec; if
+# neither of these is set, issue

Re: [PATCH] prefork: add multi-address support

[Devin Carraway]

On Wed, Apr 15, 2009 at 06:38:47AM +0200, Hanno Hecker wrote:
 On Tue, 14 Apr 2009 17:57:36 -0700
 Devin Carraway qpsm...@devin.com wrote:
 
  Allows qpsmtpd-prefork to listen on multiple address/port combinations
  simultaneously, based on the corresponding implementation in forkserver.
 [...]
  -use lib 'lib';
 This should stay for running from git tree.

I understand the rationale, but it's a security risk, and will have to be
patched out for production use.  I suggest that development features like that
one be opt-in by environment, commandline flag or whatever other means.

I'm happy to deal with it as a separate patch, though -- meant to call it out
in the description but forgot I'd removed it.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: [PATCH] Sanitize the shell environment before loading modules

[Devin Carraway]

Oops, sorry for the dupe.  Ignore this one.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

[patch] prefork: support --listen-address for consistency with forkserver

[Devin Carraway]

forkserver uses --listen-address to specify the listening socket address, while
prefork uses --interface.  Add the former as an alias for the latter, for
consistency  ease of integration.  The two still aren't commandline-compatible,
but they're fairly close.

Can also be pulled from git://github.com/aqua/qpsmtpd.git

diff --git a/qpsmtpd-prefork b/qpsmtpd-prefork
index 18a980f..882c752 100755
--- a/qpsmtpd-prefork
+++ b/qpsmtpd-prefork
@@ -92,20 +92,21 @@ my $user;
 sub usage {
 print EOT;
 Usage: qpsmtpd-prefork [ options ]
---quiet : Be quiet (even errors are suppressed)
---version   : Show version information
---debug : Enable debug output
---interface addr: Interface daemon should listen on (default: $d_addr)
---port int  : TCP port daemon should listen on (default: $d_port)
---max-from-ip int   : Limit number of connections from single IP (default: 
$maxconnip, 0 to disable)
---children int  : Max number of children that can be spawned (default: 
$max_children)
---idle-children int : Number of idle children to spawn (default: 
$idle_children, 0 to disable)
---pretty-child  : Change child process name (default: 0)
---user username : User the daemon should run as
---pid-file path: Path to pid file
---renice-parent int : Subtract value from parent process nice level (default: 
$re_nice)
---detach: detach from controlling terminal (daemonize)
---help  : This message
+--quiet  : Be quiet (even errors are suppressed)
+--version: Show version information
+--debug  : Enable debug output
+--listen-address addr: Listen for connections on the address 'addr' (default: 
$d_addr);
+   synonymous with --interface
+--port int   : TCP port daemon should listen on (default: $d_port)
+--max-from-ip int: Limit number of connections from single IP (default: 
$maxconnip, 0 to disable)
+--children int   : Max number of children that can be spawned (default: 
$max_children)
+--idle-children int  : Number of idle children to spawn (default: 
$idle_children, 0 to disable)
+--pretty-child   : Change child process name (default: 0)
+--user username  : User the daemon should run as
+--pid-file path : Path to pid file
+--renice-parent int  : Subtract value from parent process nice level (default: 
$re_nice)
+--detach : detach from controlling terminal (daemonize)
+--help   : This message
 EOT
 exit 0;
 }
@@ -115,7 +116,7 @@ GetOptions(
 'quiet'   = \$quiet,
 'version' = sub { print Qpsmtpd Daemon - version $VERSION\n; 
exit 0; },
 'debug'   = \$debug,
-'interface=s' = \$d_addr,
+'interface|listen-address=s' = \$d_addr,
 'port=i'  = \$d_port,
 'max-from-ip=i'   = \$maxconnip,
 'children=i'  = \$max_children,

Re: uribl plugin questions

[Devin Carraway]

On Fri, Oct 05, 2007 at 03:27:47PM -0500, Ed McLain wrote:
 I'm using the uribl plugin from Devin Carraway and I've got an odd problem
 I'm trying to fix.  Basically we have a user attempting to receive an email
 from [EMAIL PROTECTED]  Now this is fine and dandy but deborah.st
 is listed in surbl and the uribl plugin is rejecting the email because it is
 finding the name in surbl.  I'm trying to fix it but I'm not really good at
 regex.  Is there somebody out there who could re-write the regex checks and
 not have them hit on something like this?

Can you tell me which version of the plugin you're using (check the $Id$
changenumber near the top)?  The case you're describing I think I fixed back
in 2006, and will be labelled as change#537.

Fresh versions are at http://devin.com/qpsmtpd/ if yours is older than that.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Updating clamdscan

[Devin Carraway]

A ways back I got a bug report regarding the Debian qpsmtpd package regarding
the usefulness of the clamdscan plugin (mainly because the Clamd module isn't
packaged for Debian, and probably never will be).  The current version depends
on Clamd; here's a partial rewrite of the plugin to use the newer
ClamAV::Client.  ClamAV::Client adds various features like auto-detecting the
socket path, and stream scanning (which I considered using to avoid having to
do the permissions tricks, but it requires permitting clamd to open TCP ports
on demand).

I fixed the permissions adjustment on spooled files; the old behavior was to
assign to spooled files whatever permissions the spool dir had.  The
documentation called for the spool directory to be made group-readable, which
isn't necessary -- the spool only needs the exec bit, while the file itself
needs to be readable.  I adjusted this to set the read bit for group and world
to match the corresponding exec bit(s), and to strip the rest, including the
sticky bit, which doesn't have the same meaning when applied to files.  :)

I also added an option to select the behavior on internal errors, between
declining (that is, accepting) and denysoft.  There isn't a good fail-safe
option here -- either you accept potential viruses, or you defer all multipart
mail.  Having lost some mail due to the former behavior when clamd crashed and
I didn't notice for some time, I wanted this one.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2
#!/usr/bin/perl -w
# $Id$

=head1 NAME

clamdscan

=head1 DESCRIPTION

A qpsmtpd plugin for virus scanning using the ClamAV scan daemon, clamd.

=head1 RESTRICTIONS

The ClamAV scan daemon, clamd, must have at least execute access to the qpsmtpd
spool directory in order to sucessfully scan the messages.  You can ensure this
by running clamd as the same user as qpsmtpd does, or by doing the following: 

=over 4

=item * Change the group ownership of the spool directory to be a group 
of which clamav is a member or add clamav to the same group as the qpsmtpd
user.

=item * Enable the AllowSupplementaryGroups option in clamd.conf.

=item * Add group-execute permissions to the qpsmtpd spool directory.

=item * Make sure that all directories above the spool directory (to the
root) are g+x so that the group has directory traversal rights; it is not
necessary for the group to have any read rights.

=back

It may be helpful to temporary grant the clamav user a shell and test to
make sure you can cd into the spool directory and read files located there.
Remember to remove the shell from the clamav user when you are done
testing.

=head1 INSTALL AND CONFIG

Place this plugin in the plugin/virus directory beneath the standard
qpsmtpd installation.  If you installed clamd with the default path, you
can use this plugin with default options (nothing specified):

You must have the ClamAV::Client module installed to use the plugin.

=over 4

=item Bclamd_socket

Full path to the clamd socket (the recommended mode), if different from the
ClamAV::Client defaults.

=item Bclamd_port

If present, must be the TCP port where the clamd service is running,
typically 3310; default disabled.  If present, overrides the clamd_socket.

=item Bdeny_viruses

Whether the scanner will automatically delete messages which have viruses.
Takes either 'yes' or 'no' (defaults to 'yes').  If set to 'no' it will add
a header to the message with the virus results.

=item Bdefer_on_error

Whether to defer the mail (with a soft-failure error, which will incur a retry)
if an unrecoverable error occurs during the scan.   The default is to accept
the mail under these conditions.  This can permit viruses to be accepted when
the clamd daemon is malfunctioning or unreadable, but will not allow mail to
backlog or be lost if the condition persists.

=item Bmax_size

The maximum size, in kilobytes, of messages to scan; defaults to 128k.

=back

=head1 REQUIREMENTS

This module requires the ClamAV::Client module, found on CPAN here:

Lhttp://search.cpan.org/dist/ClamAV-Client/

=head1 AUTHOR

Originally written for the Clamd module by John Peacock [EMAIL PROTECTED];
adjusted for ClamAV::Client by Devin Carraway qpsmtpd/@/devin.com.

=head1 COPYRIGHT AND LICENSE

Copyright (c) 2005 John Peacock,
Copyright (c) 2007 Devin Carraway

Based heavily on the clamav plugin

This plugin is licensed under the same terms as the qpsmtpd package itself.
Please see the LICENSE file included with qpsmtpd for details.

=cut

use ClamAV::Client;

use strict;
use warnings;

sub register {
my ( $self, $qp, @args ) = @_;

%{ $self-{_clamd} } = @args;

# Set some sensible defaults
$self-{_clamd}-{deny_viruses} ||= yes;
$self-{_clamd}-{max_size} ||= 128;


for my $setting ('deny_viruses', 'defer_on_error') {
next unless $self-{_clamd}-{$setting};
$self-{_clamd}-{$setting} = 0

Re: Which (if any) deb-package of qpsmtpd 0.40?

[Devin Carraway]

On Fri, Aug 24, 2007 at 04:07:13PM +0200, Tony L. Svanstrom wrote:
Does anyone here have any experiences with using qpsmtpd from either 
lenny or etch-backports (any other?); is it even worth bothering with them 
 at all (compared with just installing/setting it up yourself), or will they 
 just end up being a source of problems?

I'm the Debian maintainer of the qpsmtpd package, and I customarily do
production testing on stable for a few days before uploading new upstream
versions to unstable.

Since sid/lenny are drifting away from etch in terms of their dependencies, I
do suggest rebuilding the package on stable to avoid unintended upgrades of
perl, libc, etc to the sid/lenny versions, but that's not because of qpsmtpd's
own needs, just the nature of package backports in general.


-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: strange forkserver code

[Devin Carraway]

On Tue, Jan 09, 2007 at 12:50:52PM -0500, Guy Hulbert wrote:
 I'm sure he does.  It's Debian policy.  I unpacked the source package
 and it looked completely compliant.  Unfortunately, I don't know the
 dpkg toolset well enough to tell from the source what the installed
 version would look like.  I was planning to try it on a test system but
 discovered I needed some of the post 0.32 features.

An easy way to see what a debian package would look like if installed is to
check the contents of the deb file (dpkg-deb -c qpsmtpd_0.32-5_all.deb).  This
is roughly equivalent to rpm's -qlp.


-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: check_earlytalker

[Devin Carraway]

On Thu, Jan 04, 2007 at 03:55:46PM +, [EMAIL PROTECTED] wrote:
 Is it possible, currently,  to configure check_earlytalker
 to _not_ check particular ip addresses? eg 192.168.0.*

Try using the whitelist plugin, and add 182.168.0. to your whitelisthosts
file.  That will bypass the check for that particular subnet.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: Patch: allow multiple plugin dirs

[Devin Carraway]

On Mon, Nov 06, 2006 at 02:25:52PM +, Mike Williams wrote:
 Can we get a default entry in @plugin_dirs please?
 I've just spent the last half hour trying to figure out why I couldn't start 
 qpsmtpd [1], eventually tracking it down to there being no 
 config/plugin_dirs, so nowhere for it to look for plugins.
 Putting the word plugins into config/plugin_dirs allows qpsmtpd to start.

Oops.  Yes, I'll take care of that tonight.


-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: remaining issues for 0.33

[Devin Carraway]

On Wed, Nov 01, 2006 at 02:47:54AM -0800, Ask Bj?rn Hansen wrote:
 Are there any bug-fix patches we must apply before releasing 0.33?   
 I'd like to get it out soon-ish.  It's been +6 months since the last  
 release and I like us to have at least a couple of releases a  
 year.   :-)

I had two outstanding patches from the Debian package, one for multiple
(working, thanks to a patch sent last month) configurable plugin dirs, the
other a tweak to the greylisting plugin so the DBs can be stored in a
configurable or FHS-compatible location.  I've committed both.  The only other
patches in my list are Debian-specific or already committed.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: mac.com is an earlytalker?

[Devin Carraway]

On Thu, Jun 22, 2006 at 11:32:11AM -0400, John Peacock wrote:
 Michael C. Toren wrote:
 Has anyone else running the earlytalker plugin had trouble accepting
 mail from mac.com?  I'm using a delay of 20 seconds.
[...]
 I confess that I am using earlytalker with the default delay (1 second) 
 and the 5 transactions with a *.mac.com server I see in my detailed logs 
 all succeeded.  It may be that 20 seconds is just too long...

20 seconds is quite likely too long -- IIRC the last time I checked, the
default timeout for Exim at that stage of the SMTP conversation is 15 seconds.

I'm not sure whether the perl IO::Select API reflects the same behavior as
Berkeley sockets' select()/read() behavior, where a connection close is
indicated by select()==1 then read()==0, but if so, earlytalker might just be
reporting the hangup as activity.

Michael, could you check the timing in your logs, to see how long mac.com's
servers are waiting, and if it's consistent?

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: problems getting qpsmtpd to work with postfix alias domains

[Devin Carraway]

On Thu, Mar 23, 2006 at 11:55:19PM +1100, john habermann wrote:
 That was it I hadn't read the information about the postfix-queue
 plugin so hadn't enabled the FLAG_MAP_OK.
 Thanks your help virtual_aliases work fine now. On to the next thing :)

I'm considering having the debconf auto-configuration apply that setting by
default, since I'm having difficulty thinking of situations where it wouldn't
be the right thing for out-of-the-box situations.


-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: can't get require_resolvable_fromhost to work

[Devin Carraway]

On Fri, Mar 24, 2006 at 12:33:36PM +1100, john habermann wrote:
 plugin in now works fine. I will submit a bug report to the debian
 package as it would be good to mention this in the comments for that
 plugin.

Please do.



Devin

Re: Split plugins dir

[Devin Carraway]

This is something I've been patching into Debian's qpsmtpd for a while, since
it provides a cleaner way to override the distributed plugins than to replace
them (where they'll cause problems on upgrades.)  It's also necessary for LFS
compliance, placing the plugins over under /usr/share instead of
homedir-relative.

Here's the patch involved (marked as for 0.30rc2, but it applies to 0.32 with
just a little fuzz).  It doesn't work entirely properly -- it can trigger
infinite recursion if plugins are actually present in more than one directory,
IIRC (can't recall for sure, I haven't touched it in a while.)

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2
#! /bin/sh /usr/share/dpatch/dpatch-run
## 99-unnamed.dpatch by  [EMAIL PROTECTED]
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.

@DPATCH@

diff -aruN qpsmtpd-0.30rc2.multiinterface/lib/Qpsmtpd.pm 
qpsmtpd-0.30rc2.config-plugindirs/lib/Qpsmtpd.pm
--- qpsmtpd-0.30rc2.multiinterface/lib/Qpsmtpd.pm   2005-07-01 
19:08:37.0 -0700
+++ qpsmtpd-0.30rc2.config-plugindirs/lib/Qpsmtpd.pm2005-07-05 
16:48:21.0 -0700
@@ -19,14 +19,18 @@
   my $configdir = $self-config_dir(logging);
   my $configfile = $configdir/logging;
   my @loggers = $self-_config_from_file($configfile,'logging');
-  my $dir = $self-plugin_dir;
 
-  $self-_load_plugins($dir, @loggers);
-
-  foreach my $logger (@loggers) {
-$self-log(LOGINFO, Loaded $logger);
-  }
+  $configdir = $self-config_dir('plugin_dirs');
+  $configfile = $configdir/plugin_dirs;
+  my @plugin_dirs = $self-_config_from_file($configfile,'plugin_dirs');
   
+  for my $dir (@plugin_dirs) {
+my @loaded = $self-_load_plugins($dir, @loggers);
+foreach my $logger (@loaded) {
+  $self-log(LOGINFO, Loaded $logger);
+}
+  }
+
   return @loggers;
 }
   
@@ -117,9 +121,15 @@
   return $configdir;
 }
 
-sub plugin_dir {
-my ($name) = ($0 =~ m!(.*?)/([^/]+)$!);
-my $dir = $name/plugins;
+sub plugin_dirs {
+my $self = shift;
+my @plugin_dirs = $self-config('plugin_dirs');
+
+unless (@plugin_dirs) {
+my ($name) = ($0 =~ m!(.*?)/([^/]+)$!);
+@plugin_dirs = ( $name/plugins );
+}
+return @plugin_dirs;
 }
 
 sub get_qmail_config {
@@ -174,13 +184,14 @@
   $self-{hooks} = {};
   
   my @plugins = $self-config('plugins');
+  my @loaded;
 
-  my $dir = $self-plugin_dir;
-  $self-log(LOGNOTICE, loading plugins from $dir);
+  for my $dir ($self-plugin_dirs) {
+$self-log(LOGNOTICE, loading plugins from $dir);
+push @loaded, $self-_load_plugins($dir, @plugins);
+  }
 
-  @plugins = $self-_load_plugins($dir, @plugins);
-  
-  return @plugins;
+  return @loaded;
 }
 
 sub _load_plugins {

Re: 0.32 Outlook and TLS

[Devin Carraway]

On Mon, Feb 27, 2006 at 06:38:27PM -0800, Ask Bj?rn Hansen wrote:
 (Aside: it would be nice to have qpsmtpd run on multiple ports  
 without having to run another
 copy.)
 
 I think with the 0.40/trunk branch that'll be a lot easier to do.
 (Personally I like using the firewall software to do it -- like you  
 are doing it now).

It's a pretty short adjustment to forkserver; we already can listen on
multiple addresses, allowing a port number to be included is easy enough.

Index: qpsmtpd-forkserver
===
--- qpsmtpd-forkserver  (revision 623)
+++ qpsmtpd-forkserver  (working copy)
@@ -56,8 +56,8 @@
 if ($PORT =~ /^(\d+)$/) { $PORT = $1 } else { usage }
 @LOCALADDR = ( '0.0.0.0' ) if [EMAIL PROTECTED];
 for (0..$#LOCALADDR) {
-  if ($LOCALADDR[$_] =~ /^([\d\w\-.]+)$/) {
-$LOCALADDR[$_] = $1;
+  if ($LOCALADDR[$_] =~ /^([\d\w\-.]+)(?::(\d+))?$/) {
+$LOCALADDR[$_] = { 'addr' = $1, 'port' = $2 || $PORT };
   } else {
 usage;
   }
@@ -94,13 +94,13 @@
 
 # establish SERVER socket(s), bind and listen.
 for my $listen_addr (@LOCALADDR) {
-  my $server = IO::Socket::INET-new(LocalPort = $PORT,
- LocalAddr = $listen_addr,
+  my $server = IO::Socket::INET-new(LocalPort = $listen_addr-{'port'},
+ LocalAddr = $listen_addr-{'addr'},
  Proto = 'tcp',
  Reuse = 1,
  Blocking  = 0,
  Listen= SOMAXCONN )
-or die Creating TCP socket $listen_addr:$PORT: $!\n;
+or die Creating TCP socket $listen_addr-{'addr'}:$listen_addr-{'port'}: 
$!\n;
   IO::Handle::blocking($server, 0);
   $select-add($server);
 }

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: Error running nslookup from plugin

[Devin Carraway]

On Sat, Feb 04, 2006 at 04:16:40AM +, [EMAIL PROTECTED] wrote:
   First, I am doing a reverse lookup, and I didn't see that Net::DNS
 would work for that. Of course, maybe I didn't see the forest for the
 trees. If someone tells me it's possible, then I'll have another look.

% perl -MNet::DNS -e 'print map { $_-ptrdname.\n } 
(Net::DNS::Resolver-new-query(163.223.251.63.in-addr.arpa,PTR)-answer)' 
x3.develooper.com


-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: Redirecting log output

[Devin Carraway]

On Fri, Jan 13, 2006 at 04:18:18PM -0800, Ask Bj?rn Hansen wrote:
 On Jan 13, 2006, at 3:07 PM, Devin Carraway wrote:
 
 This might do what you're after (thought I'd checked it into the  
 qpsmtpd svn,
 but I seem not to have):
 
 http://devin.com/qpsmtpd/logging/file
 
 Please do.  :-)

Okay, though I've been meaning to merge with Peter Holzer's variant, which
adds more specific file selection, per-session logging and reopening pipe
logs.  I've been slacking on that, but can probably steal some time this week
for it.

Do you want the syslog logging plugin too, while I'm at it?


-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: Redirecting log output

[Devin Carraway]

On Fri, Jan 13, 2006 at 04:56:51PM -0500, Swallow, Harold wrote:
 I would like to see the log output but Postfix is
 starting qpsmtpd and the log info is not available.
 
 How can the ::log() output be redirected to a file?

This might do what you're after (thought I'd checked it into the qpsmtpd svn,
but I seem not to have):

http://devin.com/qpsmtpd/logging/file

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: forkserver: when to drop privileges

[Devin Carraway]

On Mon, Nov 21, 2005 at 10:52:39PM +0100, Peter J. Holzer wrote:
 privileges after loading the modules is definitely bad: There is a good
 chance that the logfiles will be created with owner root, but later
 forkserver will run as a non-privileged user and be unable to reopen
 them.

And behold, this was just filed as Debian Bug#342336.  Could have sworn I
tested it with a purge/install/connect loop.

Here's the patch I'm testing before upload.  If any plugins do ultimately need
root, we might so an extra load_plugins() before dropping privileges, using a
different configuration file or something along those lines.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2
Index: 0.31.1/qpsmtpd-forkserver
===
--- 0.31.1/qpsmtpd-forkserver   (revision 582)
+++ 0.31.1/qpsmtpd-forkserver   (working copy)
@@ -129,7 +129,6 @@
 
 # Load plugins here
 my $qpsmtpd = Qpsmtpd::TcpServer-new();
-$qpsmtpd-load_plugins;
 
 # Drop privileges
 my (undef, undef, $quid, $qgid) = getpwnam $USER or
@@ -138,7 +137,6 @@
 while (my ($name,$passwd,$gid,$members) = getgrent()) {
 my @m = split(/ /, $members);
 if (grep {$_ eq $USER} @m) {
-   ::log(LOGINFO,$USER is member of group $name($gid));
$groups .=  $gid;
 }
 }
@@ -149,6 +147,8 @@
   die unable to change uid: $!\n;
 $ = $quid;
 
+$qpsmtpd-load_plugins;
+
 ::log(LOGINFO,Listening on port $PORT);
 ::log(LOGINFO, 'Running as user '.
(getpwuid($) || $) .

Re: strange

[Devin Carraway]

On Fri, Aug 26, 2005 at 12:40:52AM +0200, Pascal Dreissen wrote:
 I know i had this trouble in the past also.. but i cannot find anymore
 how to fix this.

In the qpsmtpd-forkserver and qpsmtpd scripts, you'll see two lines like
these:

delete $ENV{ENV};
$ENV{PATH} = '/bin:/usr/bin:/var/qmail/bin';

Change the first one (in whichever of the two you use) to read like this:

delete @ENV{'ENV','BASH_ENV','CDPATH','IFS'};

... that should allow it to be started.  Alternately you can use 'unset
BASH_ENV' prior to starting qpsmtpd, which should address the immediate
problem.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: 0.31 release candidate 2

[Devin Carraway]

On Tue, Aug 23, 2005 at 12:17:32AM -0400, Bob Dodds wrote:
 A per plugin deb or rpm could install into qpsmtpd with
 minimal meddling that way. Maintaining debs rpms for
 qpsmtpd installs with a given set of plugins would be
 easy to maintain without scripting edits of config/plugins.

It can anyway, even without having qpsmtpd check the config path where it
found the reference to the plugin.  Being able to $include a directory, e.g.
/etc/qpsmtpd/plugins.d/, allows supplemental plugin packages to configure
themselves.  Plugins installed from the package manager, moreover, are free to
install themselves in /usr/share/qpsmtpd/plugins/ alongside qpsmtpd's own, a
situation which doesn't even require multiple plugin dirs.

Writing code to edit a system config file after an admin has been in there is
a treacherous affair, and most package maintainers try strenuously to avoid
it.  The approach I've taken with the Debian packaging is to store all the
auto-config and debconf-configured files in separate clobbered-on-install
files and $include them into the main config with an explanation of their
function and how to disable the automatic config.


-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: 0.31 release candidate 2

[Devin Carraway]

Speaking of configuration, I'd been meaning to pass this along for a while.
As part of the Debian packaging job I needed to write quite a bit of basic
documentation into the qpsmtpd config files, which might be useful to the
source distribution at large -- our plugins file documentation especially is
pretty thin.

It's written for Debian, but the Debian-specific bits are fairly well
isolated.  Help yourselves to any of it.

http://devin.com/qpsmtpd/debian/releases/0.30-4/etc/

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: 0.31 release candidate 2

[Devin Carraway]

On Sat, Aug 20, 2005 at 07:38:24PM +0200, Peter J. Holzer wrote:
 * My patch for a configurable plugin_dir (needed for the RPMs directory
   structure).
[...]
 I agree that the last two are largely my personal preference, but the
 first two I consider bug fixes, and the third really helps with
 packaging for FHS-compliant systems, so I would like to see these three
 patches in 0.31-final. Should I resubmit them?

I ship a similar patch with Debian's qpsmtpd, for FHS compliance.  It varies
from Peter's original in allowing multiple values in plugin_dirs and checking
for plugins in each -- this helps provide sysadmins with a safe spot to drop
their own plugins or override the distributed ones without worrying about
interfering with the package management.

No problems here waiting until 0.32, but I'd like to see one of these land.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: 0.31 release candidate 2

[Devin Carraway]

On Wed, Aug 17, 2005 at 03:40:38PM -0700, Ask Bj?rn Hansen wrote:
 We better get 0.31 finished before John comes back, so if anyone  
 wants to test:

I've had branches/[EMAIL PROTECTED] (or near it) running on my test/secondary 
with the
Debian-specific patches for a couple of weeks without incident.  I've updated
it to 0.31rc2 and so far it behaves similarly.  I'll keep an eye on it.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: patch: configfile include support

[Devin Carraway]

Here's a revision of the same.  Applies to 0.31's lib/Qpsmtpd.pm.
Functionally identical to the previous version, but I factored out the one
piece which could be factored without making a referential mess of things.
That one piece is the expansion of a directory into a list of files and the
inclusion of each, which I wasn't originally going to implement at all, but
Matt had put it in the original inclusion code in load_plugins() and I'm leery
of taking the regression now.

Tested against 0.31 tip.  The original version of this change is in the Debian
qpsmtpd, used to separate the auto-generated configuration from the
admin-edited parts (clobbering an admin's manual configuration is forbidden,
but un-edited configs must be replaced whenever they change.)

diffstat:

Qpsmtpd.pm |   92 + 
1 files changed, 68 insertions(+), 24 deletions(-)

(delta is mostly comments and error checking)

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2
Index: lib/Qpsmtpd.pm
===
--- lib/Qpsmtpd.pm  (revision 529)
+++ lib/Qpsmtpd.pm  (working copy)
@@ -159,18 +159,84 @@
 }
 
 sub _config_from_file {
-  my ($self, $configfile, $config) = @_;
+  my ($self, $configfile, $config, $visited) = @_;
   return unless -e $configfile;
+
+  $visited ||= [];
+  push @{$visited}, $configfile;
+
   open CF, $configfile or warn $$ could not open configfile $configfile: 
$! and return;
   my @config = CF;
   chomp @config;
   @config = grep { length($_) and $_ !~ m/^\s*#/ and $_ =~ m/\S/} @config;
   close CF;
-  #$self-log(10, returning get_config for $config 
,Data::Dumper-Dump([EMAIL PROTECTED], [qw(config)]));
+
+  my $pos = 0;
+  while ($pos  @config) {
+# recursively pursue an $include reference, if found.  An inclusion which
+# begins with a leading slash is interpreted as a path to a file and will
+# supercede the usual config path resolution.  Otherwise, the normal
+# config_dir() lookup is employed (the location in which the inclusion
+# appeared receives no special precedence; possibly it should, but it'd
+# be complicated beyond justifiability for so simple a config system.
+if ($config[$pos] =~ /^\s*\$include\s+(\S+)\s*$/) {
+  my ($includedir, $inclusion) = ('', $1);
+
+  splice @config, $pos, 1; # remove the $include line
+  if ($inclusion !~ /^\//) {
+$includedir = $self-config_dir($inclusion);
+$inclusion = $includedir/$inclusion;
+  }
+
+  if (grep($_ eq $inclusion, @{$visited})) {
+$self-log(LOGERROR, Circular \$include reference in config 
$config:);
+$self-log(LOGERROR, From $visited-[0]:);
+$self-log(LOGERROR,   includes $_)
+  for (@{$visited}[1..$#{$visited}], $inclusion);
+return wantarray ? () : undef;
+  }
+  push @{$visited}, $inclusion;
+
+  for my $inc ($self-expand_inclusion_($inclusion, $configfile)) {
+my @insertion = $self-_config_from_file($inc, $config, $visited);
+splice @config, $pos, 0, @insertion;   # insert the inclusion
+$pos += @insertion;
+  }
+} else {
+  $pos++;
+}
+  }
+
   $self-{_config_cache}-{$config} = [EMAIL PROTECTED];
+
   return wantarray ? @config : $config[0];
 }
 
+sub expand_inclusion_ {
+  my $self = shift;
+  my $inclusion = shift;
+  my $context = shift;
+  my @includes;
+
+  if (-d $inclusion) {
+$self-log(LOGDEBUG, inclusion of directory $inclusion from $context);
+
+if (opendir(INCD, $inclusion)) {
+  @includes = map { $inclusion/$_ }
+(grep { -f $inclusion/$_ and !/^\./ } readdir INCD);
+  closedir INCD;
+} else {
+  $self-log(LOGERROR, Couldn't open directory $inclusion,.
+referenced from $context ($!));
+}
+  } else {
+$self-log(LOGDEBUG, inclusion of file $inclusion from $context);
+@includes = ( $inclusion );
+  }
+  return @includes;
+}
+
+
 sub load_plugins {
   my $self = shift;
   
@@ -195,28 +261,6 @@
   for my $plugin_line (@plugins) {
 my ($plugin, @args) = split ' ', $plugin_line;
 
-if (lc($plugin) eq '$include') {
-  my $inc = shift @args;
-  my $config_dir = $self-config_dir($inc);
-  if (-d $config_dir/$inc) {
-$self-log(LOGDEBUG, Loading include dir: $config_dir/$inc);
-opendir(DIR, $config_dir/$inc) || die opendir($config_dir/$inc): 
$!;
-my @plugconf = sort grep { -f $_ } map { $config_dir/$inc/$_ } grep 
{ !/^\./ } readdir(DIR);
-closedir(DIR);
-foreach my $f (@plugconf) {
-push @ret, $self-_load_plugins($dir, $self-_config_from_file($f, 
plugins));
-}
-  }
-  elsif (-f $config_dir/$inc) {
-$self-log(LOGDEBUG, Loading include file: $config_dir/$inc);
-push @ret, $self-_load_plugins($dir, 

qpsmtpd in Debian

[Devin Carraway]

For anyone who's into that sort of thing:

http://packages.debian.org/unstable/mail/qpsmtpd

This is 0.30, which mercifully held still for the packaging effort.

The only plugins included are those in qpsmtpd svn, plus my own logging and
exim-queue plugins specifically written for Debian (exim4 is Debian's default
MTA).  I may uploaded a qpsmtpd-plugins package with third-party plugins not
in svn, but haven't started on that yet.


-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: qpsmtpd in Debian

[Devin Carraway]

On Thu, Jul 28, 2005 at 05:43:56PM -0400, Matt Sergeant wrote:
 Great news. Any chance you'll be donating your exim-queue plugin to the 
 project?

I've been planning to check it into the qpsmtpd svn, along with a few other
distro-related fixes that came out of the packaging effort.  Held off this
long because exim-queue hasn't been updated for the recent plugin API change
yet.  But yes, I'll get it in.

BTW, in case anyone's lunging for APT, check that you're getting 0.30-2 or
read http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319724 when installing.
0.30-1 has a problem with its auto-configuration code which only manifests
under APT.  The mirrors may not have 0.30-2 yet, since Debian's ftp-master was
down for a few days recently (colo move) and there's a hefty backlog of
uploads.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Two logging plugins

[Devin Carraway]

Two simple log plugins arising from the Debian packaging work -- one logging
into a file (explicitly, not by redirecting stderr), one into syslog.

Written for the old plugin API, since I'm working against 0.30rc2.  Will
update and check in at 0.31 or thenabouts.

http://devin.com/qpsmtpd/logging/file
http://devin.com/qpsmtpd/logging/syslog

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: PATCH: let forkserver listen on multiple interfaces

[Devin Carraway]

On Wed, Jul 06, 2005 at 03:40:55PM -0400, Charlie Brady wrote:
 That's an added complication, and more code - which usually means that 
 more things can go wrong. In what circumstances would someone want more 
 than one interface, but not all interfaces?

Anytime you've got it paired with (and spooling into) a local MTA on
127.0.0.1, but want qpsmtpd on all or some of the external interfaces.  For
example, when you're running Exim for local semi-trusted users, and only want
to impose the spam filtering cost on external untrusted ones.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

PATCH: let forkserver listen on multiple interfaces

[Devin Carraway]

Forkserver can accept a --listen-address switch to listen on a particular
address/interface instead of 0.0.0.0, but only one.  This expands the handling
of that switch so as to listen on any number of local addresses, using
IO::Select to manage them.  The default is a single socket on 0.0.0.0, as
usual.

Tested lightly; it works fine on my spam-only secondary MX, and isn't
perturbed by having interfaces dropped or similar surprises, but I haven't
subjected it to much stress yet.

And since I was one line away -- is there any remaining good reason why the
default port for forkserver is 2525?  This has the look of development or
testing leftovers.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2
Index: qpsmtpd-forkserver
===
--- qpsmtpd-forkserver  (revision 460)
+++ qpsmtpd-forkserver  (working copy)
@@ -10,6 +10,7 @@
 use Qpsmtpd::TcpServer;
 use Qpsmtpd::Constants;
 use IO::Socket;
+use IO::Select;
 use Socket;
 use Getopt::Long;
 use POSIX qw(:sys_wait_h :errno_h :signal_h);
@@ -19,7 +20,7 @@
 # Configuration
 my $MAXCONN   = 15;# max simultaneous connections
 my $PORT  = 2525;  # port number
-my $LOCALADDR = '0.0.0.0'; # ip address to bind to
+my @LOCALADDR;  # ip address(es) to bind to
 my $USER  = 'smtpd';   # user to suid to
 my $MAXCONNIP = 5;  # max simultaneous connections from one IP
 my $PID_FILE   = '/var/run/qpsmtpd.pid';
@@ -27,7 +28,9 @@
 sub usage {
 print EOT;
 usage: qpsmtpd-forkserver [ options ]
- -l, --listen-address addr : listen on a specific address; default 0.0.0.0
+ -l, --listen-address addr : listen on specific address(es); can be specified
+ multiple times for multiple bindings.  Default is
+0.0.0.0 (all interfaces).
  -p, --port P  : listen on a specific port; default 2525
  -c, --limit-connections N : limit concurrent connections to N; default 15
  -u, --user U  : run as a particular user (default 'smtpd')
@@ -38,7 +41,7 @@
 }
 
 GetOptions('h|help' = \usage,
-   'l|listen-address=s' = \$LOCALADDR,
+   'l|listen-address=s' = [EMAIL PROTECTED],
'c|limit-connections=i' = \$MAXCONN,
'm|max-from-ip=i' = \$MAXCONNIP,
'p|port=i' = \$PORT,
@@ -48,7 +51,14 @@
 
 # detaint the commandline
 if ($PORT =~ /^(\d+)$/) { $PORT = $1 } else { usage }
-if ($LOCALADDR =~ /^([\d\w\-.]+)$/) { $LOCALADDR = $1 } else { usage }
[EMAIL PROTECTED] = ( '0.0.0.0' ) if [EMAIL PROTECTED];
+for (0..$#LOCALADDR) {
+  if ($LOCALADDR[$_] =~ /^([\d\w\-.]+)$/) {
+$LOCALADDR[$_] = $1;
+  } else {
+usage;
+  }
+}
 if ($USER =~ /^([\w\-]+)$/) { $USER = $1 } else { usage }
 if ($MAXCONN =~ /^(\d+)$/) { $MAXCONN = $1 } else { usage }
 if ($PID_FILE =~ m#^(/[\w\d/\-.]+)$#) { $PID_FILE = $1 } else { usage }
@@ -77,14 +87,19 @@
 $SIG{INT} = \HUNTSMAN;
 $SIG{TERM} = \HUNTSMAN;
 
-# establish SERVER socket, bind and listen.
-my $server = IO::Socket::INET-new(LocalPort = $PORT,
-  LocalAddr = $LOCALADDR,
-   Proto = 'tcp',
-   Reuse = 1,
-   Listen= SOMAXCONN )
-  or die Creating TCP socket $LOCALADDR:$PORT: $!\n;
+my $select = new IO::Select;
 
+# establish SERVER socket(s), bind and listen.
+for my $listen_addr (@LOCALADDR) {
+  my $server = IO::Socket::INET-new(LocalPort = $PORT,
+ LocalAddr = $listen_addr,
+ Proto = 'tcp',
+ Reuse = 1,
+ Listen= SOMAXCONN )
+or die Creating TCP socket $listen_addr:$PORT: $!\n;
+  $select-add($server);
+}
+
 if (-e $PID_FILE) {
   open PID, +$PID_FILE
 or die open pid_file: $!\n;
@@ -139,9 +154,16 @@
 sleep(1) ;
 $running = scalar keys %childstatus;
   }
-my $hisaddr = accept(my $client, $server);
-if (!$hisaddr) {
-# possible something condition...
+
+  my @ready = $select-can_read();
+  next if [EMAIL PROTECTED];
+  # accept one connection per loop
+  my $server = shift @ready;
+
+  my ($client, $hisaddr) = $server-accept;
+
+if (!$client) {
+::log(LOGERROR,Error accepting new connection: $!);
 next;
 }
 my ($port, $iaddr) = sockaddr_in($hisaddr);
@@ -181,7 +203,7 @@
 # all children should have different seeds, to prevent conflicts
 srand( time ^ ($$ + ($$  15)) );
 
-close($server);
+$_-close for $select-handles;
 
 $SIG{$_} = 'DEFAULT' for keys %SIG;
 $SIG{ALRM} = sub { 

Re: PATCH: config and plugin directories

[Devin Carraway]

On Mon, Jul 04, 2005 at 07:50:43AM +1000, Gordon Rowell wrote:
 Peter J. Holzer wrote:
 [...]
 This one makes the config directory and the plugin directory
 configurable.
 
 The config dir is taken from an env. variable QPSMTPD_CONFIG, if it
 exists.
 [...]
 
 Yes, please!

Thirded.  I've been working on the packaging of qpsmtpd for upload to Debian
this week (yes, Gavin, we shipped Sarge, and I'm embarassed to admit that
because of the strange order in which I was reading my mail that day, you were
the first announcement to that effect I saw. :))  From Debian's standpoint,
patching in the desired paths is okay, but being able to specify them
explicitly is better -- fewer patches to maintain.

(Thanks, Peter!)

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: qpsmtpd packages

[Devin Carraway]

On Mon, Jun 06, 2005 at 04:48:51PM +0200, Peter J. Holzer wrote:
 The RPMs were built for RH 7.3, but it should be possible to simply
 rebuild the source rpm. If you use apt, you can add 

Ah, cool.  I filed an ITP to include qpsmtpd into Debian proper, but I'm
putting off actual work until Sarge releases.

'Couse, I decided to postpone until post-sarge back when Sarge was looking to
be a late-2004 kind of thing.  :P


-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: Suggested change to check_badrcptto

[Devin Carraway]

On Sun, Feb 20, 2005 at 11:35:50AM -0800, Robert Spier wrote:
  I'd suggest if a name is followed by an exclamation mark, this means do a 
  DENYHARD, otherwise it does a plain DENY (ie tim - will reject this 
  recipient, tim ! will reject all emails that include tim amongst the 
  recipients).
 
 I think it would be cleaner to do this as a wrapped plugin and two
 separate config files.[1]

I think it was better the first time.  The two behaviors are isomorphic except 
in returning one different value for one different input.  If it required a
backwards-incomptible change in the config syntax it'd be another matter, but
this seems a natural extension to what the plugin did before which contradicts
no other extensions I can anticipate.

It's also fits well with sendmail's /etc/mail/access file, which (though I
dont' care for the conflation in lookup key) enables particular entries to
trigger various failure codes/messages, enable relaying, etc.

Not crazy about the bang as an errorcode selector, though.  If a line in
badrcptto is doing to trigger a DENYHARD, it may as well say DENYHARD (or DENY
or DISCONNECT or whatever) and eliminate the uncertainty.


-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: New uribl

[Devin Carraway]

[ shameless self-reply ]

For anyone who downloaded the plugin after this announcement, you might want
to update -- I realized that I'd never ported over support from uri_badip for
quoted-printable demunging, which many spammers use -- splitting a URL across
a couple of lines with a = continuation inbetween, or just encoding random
bits of the URL with =XX hex codes.  URI- and HTML-encoding were already
reversed, but now quoted-printable is as well.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: New uribl

[Devin Carraway]

On Thu, Oct 21, 2004 at 09:48:13AM -0500, Peter Eisch wrote:
 As spamassassin can do this out of the box, are you using this
  - without spamassassin at all,
  - in place of SA's URIBL,
  - in addition to SA's URIBL with 'deny',
  - in addition to SA's URIBL with 'add-header'?

Not that you asked me, but the main reason to run the uribl plugin if you're
already planning to run SA is if you're planning to use uribl in deny mode.
The uribl plugin is much smaller and quicker than SA, and SURBL has a pretty
good kill ratio, which can reduce per-mail processing costs.  In general I've
structured my qpsmtpd config to put off calling spamassassin to the end, when
every other plugin that could have denied the mail has passed on it.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

New uribl

[Devin Carraway]

I've posted a new uribl plugin at http://devin.com/qpsmtpd/uribl .

This update adds support for composite BLs, such as multi.surbl.org, which
help reduce query traffic by issuing a single query and checking for lists
selected from a bitmask.  Pass/fail is now determined from the A record match
rather than TXT, as preferred by the SURBL operators and by DNSBLs in general.

I also added patterns to find bare www.domain.tld-style URLs in mail, and
support for matches in different URIBLs to trigger different actions.  The
code also got some general cleanup and reworking.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: Question for the masters

[Devin Carraway]

On Tue, Oct 05, 2004 at 05:41:38PM -0500, Ed McLain wrote:
 the plugin is only reading score/tests back from the socket.  Is there any
 way to run the full spamc client and have it dump back out the full
 message modified the rebuild the transaction object in qpsmtpd?  I've been

Probably several, but here's one:

http://devin.com/qpsmtpd/spamassassin_spamc


-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: Mystery messages

[Devin Carraway]

On Sun, Sep 26, 2004 at 08:28:06AM -0400, John Peacock wrote:
 i.e. nothing in the DATA section whatsoever. This isn't legitimate 
 mail in any sense whatsoever (since there's no mail there, only an 
 envelope). It's completely illegitimate. It violates RFC 2822. It 
 communicates nothing.
 
 Except that ezmlm _will_ accept that envelope-only message to 
 administrative addresses (like a moderate reply).  So, technically 
 speaking, the envelope alone contains enough information for at least one 
 purpose, hence shouldn't be blocked outright without recourse, which is why 
 I agree with Michael that this belongs in a plugin.  And the slightly 
 amended check_basicheaders I added to CVS does exactly this.

Empty mail does communicate two things -- sender and recipient.  Either of
those two, usually the recipient, can be significant.  Mailing list
confirmations come to mind; so do the confirmation addresses used by
pseudonymous remailers, where the final stage in nym creation is to cause
something to be sent to an unpredictable challenge address
([EMAIL PROTECTED]) sent only to the nym creator.

At the same time, zero-length messages have about the same communicative value
to spammers.  I've seen and been irritated by them too, but there wasn't any
pitch, just an email address which itself wasn't meaningful.  The only
usefulness I can anticipate for spammers is if they were to try to pitch a
website whose hostname appeared in the sender address or something, which
seems awfully low-percentage, even for them.  But that itself seems orthogonal
to the issue of accepting empty messages, since they can try to advertise in
envelope sender addresses today, whether with empty mail or not.


-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

Re: Files left in ~smtpd/tmp

[Devin Carraway]

On Tue, Sep 14, 2004 at 12:08:32PM -0700, Ask Bj?rn Hansen wrote:
 As Devin said, unlinking the files on ALRM will just hide the problem 
 -- so I don't like that.

It may hide the problem, but hiding the problem is preferable to filling up
tmp IMO.  And it needn't hide the problem -- if we put a DESTROY method in the
transaction object, and ensure that it logs the name, size and mtime of
anything it unlinks at LOGINFO or therebaouts, we're in a better position to
debug what's dropping files than today, because the message is right next to
the other pertinent log entries instead of on the other end of a lot of log
grepping.

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2

cvs commit: qpsmtpd/lib/Qpsmtpd TcpServer.pm

[Devin Carraway]

cvsuser 04/07/31 23:56:33

  Modified:lib/Qpsmtpd TcpServer.pm
  Log:
  Log the connecting client hostname/address, rather than waiting for the
  SMTP greeting.
  
  Revision  ChangesPath
  1.11  +2 -1  qpsmtpd/lib/Qpsmtpd/TcpServer.pm
  
  Index: TcpServer.pm
  ===
  RCS file: /cvs/public/qpsmtpd/lib/Qpsmtpd/TcpServer.pm,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -w -r1.10 -r1.11
  --- TcpServer.pm  5 Jun 2004 10:06:44 -   1.10
  +++ TcpServer.pm  1 Aug 2004 06:56:33 -   1.11
  @@ -18,6 +18,7 @@
   my $remote_host = $ENV{TCPREMOTEHOST} || ( $ENV{TCPREMOTEIP} ? 
[$ENV{TCPREMOTEIP}] : [noip!]);
   my $remote_info = $ENV{TCPREMOTEINFO} ? [EMAIL PROTECTED] : $remote_host;
   my $remote_ip   = $ENV{TCPREMOTEIP};
  +$self-log(LOGNOTICE, Connection from $remote_info [$remote_ip]);
   
   # if the local dns resolver doesn't filter it out we might get
   # ansi escape characters that could make a ps axw do funny
  @@ -67,7 +68,7 @@
 my ($self, $code, @messages) = @_;
 while (my $msg = shift @messages) {
   my $line = $code . (@messages?-: ).$msg;
  -$self-log(LOGDEBUG, $line);
  +$self-log(LOGDEBUG, $line);
   print $line\r\n or ($self-log(LOGERROR, Could not print [$line]: $!), 
return 0);
 }
 return 1;
  
  
  

cvs commit: qpsmtpd/plugins check_earlytalker

[Devin Carraway]

cvsuser 04/08/01 00:08:07

  Modified:plugins  check_earlytalker
  Log:
  Incorporate suggestions and part of a patch from Mark Powell:
  - Make the awkward silence at connection configurable (default still 1sec)
  - Add an option to defer reaction to the HELO to the MAIL-FROM command
instead, anticipating broken SMTP agents that don't gracefully handle
disconnection after greeting.
  
  Also made the specific response configurable (soft, hard, nothing).
  
  Revision  ChangesPath
  1.3   +76 -15qpsmtpd/plugins/check_earlytalker
  
  Index: check_earlytalker
  ===
  RCS file: /cvs/public/qpsmtpd/plugins/check_earlytalker,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -w -r1.2 -r1.3
  --- check_earlytalker 5 Mar 2004 12:46:24 -   1.2
  +++ check_earlytalker 1 Aug 2004 07:08:07 -   1.3
  @@ -4,28 +4,68 @@
   
   =head1 DESCRIPTION
   
  -Hooks connect, checks to see if the remote host starts talking before
  -we've issued a 2xx greeting.  If so, we're likely looking at a
  -direct-to-MX spam agent which pipelines its entire SMTP conversation,
  -and will happily dump an entire spam into our mail log even if later
  -tests deny acceptance.
  +Checks to see if the remote host starts talking before we've issued a 2xx
  +greeting.  If so, we're likely looking at a direct-to-MX spam agent which
  +pipelines its entire SMTP conversation, and will happily dump an entire spam
  +into our mail log even if later tests deny acceptance.
   
  -Such clients gets a 450 error code.  
  +Depending on configuration, clients which behave in this way are either
  +immediately disconnected with a deny or denysoft code, or else are issued this
  +on all mail/rcpt commands in the transaction.
   
  -=head1 TODO
  +=head1 CONFIGURATION
   
  -Make how long we wait before reading from the socket configurable
  -(currently 1 second)
  +=over 4
   
  -Make the soft/hard response code configurable (currently DENYSOFT)
  +=item wait [integer]
  +
  +The number of seconds to delay the initial greeting to see if the connecting
  +host speaks first.  The default is 1.
  +
  +=item action [string: deny, denysoft, log]
  +
  +What to do when matching an early-talker -- the options are Ideny,
  +Idenysoft or Ilog.
  +
  +If Ilog is specified, the connection will be allowed to proceed as normal,
  +and only a warning will be logged.
  +
  +The default is Idenysoft.
  +
  +=item defer-reject [boolean]
  +
  +When an early-talker is detected, if this option is set to a true value, the
  +SMTP greeting will be issued as usual, but all RCPT/MAIL commands will be
  +issued a deny or denysoft (depending on the value of Iaction).  The default
  +is to react at the SMTP greeting stage by issuing the apropriate response code
  +and terminating the SMTP connection.
  +
  +=back
   
   =cut
   
   use IO::Select;
   
  +use warnings;
  +use strict;
  +
   sub register {
  -  my ($self, $qp) = @_;
  +  my ($self, $qp, @args) = @_;
  +
  +  if (@args % 2) {
  + $self-log(LOGERROR, Unrecognized/mismatched arguments);
  + return undef;
  +  }
  +  $self-{_args} = {
  + 'wait' = 1,
  + 'action' = 'denysoft',
  + 'defer-reject' = 0,
  + @args,
  +  };
 $self-register_hook('connect', 'connect_handler');
  +  $self-register_hook('mail', 'mail_handler')
  +if $self-{_args}-{'defer-reject'};
  +  1;
   }
   
   sub connect_handler {
  @@ -33,10 +73,31 @@
 my $in = new IO::Select;
 
 $in-add(\*STDIN) || return DECLINED;
  -  if ($in-can_read(1)) {
  -$self-log(LOGDEBUG, remote host started talking before we said hello);
  -return (DENYSOFT, Don't be rude and talk before I say hello!);
  +  if ($in-can_read($self-{_args}-{'wait'})) {
  +$self-log(LOGNOTICE, 'remote host started talking before we said hello');
  +if ($self-{_args}-{'defer-reject'}) {
  + $self-qp-connection-notes('earlytalker', 1);
  +} else {
  +  my $msg = 'Connecting host started transmitting before SMTP greeting';
  +  return (DENY,$msg) if $self-{_args}-{'action'} eq 'deny';
  +  return (DENYSOFT,$msg) if $self-{_args}-{'action'} eq 'denysoft';
  +}
  +  } else {
  +$self-log(LOGINFO, 'remote host said nothing spontaneous, proceeding');
 }
  -  $self-log(LOGINFO,remote host said nothing spontaneous, proceeding);
 return DECLINED;
   }
  +
  +sub mail_handler {
  +  my ($self, $txn) = @_;
  +  my $msg = 'Connecting host started transmitting before SMTP greeting';
  +
  +  return DECLINED unless $self-qp-connection-notes('earlytalker');
  +  return (DENY,$msg) if $self-{_args}-{'action'} eq 'deny';
  +  return (DENYSOFT,$msg) if $self-{_args}-{'action'} eq 'denysoft';
  +  return DECLINED;
  +}
  +
  +
  +1;
  +
  
  
  

Re: check_earlytalker.diff

[Devin Carraway]

On Sun, Aug 01, 2004 at 03:02:19PM +0100, Mark Powell wrote:
 Isn't that what qpsmtpd is doing? Just delaying the failure allows the
 other to do it's logging?

No, the trouble is that qpsmtpd didn't log its connections.  Instead, if
your loglevel set high enough to get the SMTP conversation logged, you'd
get the remote IP from the HELO (or possibly from tcpserver).  Since the
greeting is the first order of business it wasn't a big deal, but it was
still happening uncomfortably late when we're looking at detection
methods that preceede the greeting.

Besides some of your patch, yesterday I also checked in a one-liner that
gives us that logging -- the first thing that qpsmtpd emits on startup
now resembles:

Aug  1 14:58:01 atlantic qmail-smtpd: 14400 Connection from [127.0.0.1] [127.0.0.1]


   Looks like we have a crossed purpose on this one. As I said, it makes my
 life much easier when investigating user's complaints if I have extra
 logging info. I still run qpsmtpd at the debug level. I planned to turn it
 down after a while, but there is always useful info there which allows me
 to make a better decision on what happened. Each of our relays is
 producing almost 1GB of logging info per day (the vast majority of it
 qpsmtpd), but the disk and cpu load of all that logging and those
 connections staying around a little longer than they could is still
 acceptable.

Logging is cheap (just ask my employers :)).  I run at LOGINFO rather
than LOGDEBUG, but I do habitually patch things to log the entire SMTP
conversation.

Hopefully one of us will get around to log classing or channelling or
bitmasks or another approach to let folks enable logging of various
kinds of events rather than just using levels, so one could say I want
the SMTP dialogue, and also the info-level notices from plugins, but
don't bother me telling me what plugins are getting loaded every time.


-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++

Re: check_earlytalker.diff

[Devin Carraway]

On Sat, Jul 31, 2004 at 04:38:41PM +0100, Mark Powell wrote:
 +Such clients get a configurable 450 or 550 return code. The error is sent 
 +at the rcpt to: stage, as some clients get confused about failure at any other 
 point.
 +This also allows you to log the from and to address of these jokers :)

Any client that starts talking before hello is already confused and
deserves no sympathy.  Hence why my original version of earlytalker
actually hung up the TCP connect at that point.

This isn't the spot to fix delayed logging, though.  The smtpd should
log this up front at connect time.

 +Bhard  determines whether a hard or soft deny is given to the client

'hard' is one of three choices (hard, soft, disconnect), so this should
be 'action' with those three, not a boolean.

 +  $self-{_args}-{wait} = 1;
 +  $self-{_args}-{hard} = 0;
 +  %{$self-{_args}} = @args;

Que?

-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++

Re: check_earlytalker.diff

[Devin Carraway]

Sorry for my original tone, I was a bit irritated at the time, in large
part on unrelated issues.

On Sat, Jul 31, 2004 at 09:20:25PM +0100, Mark Powell wrote:
  Hence why my original version of earlytalker actually hung up the TCP
  connect at that point.
 
 Your plugin returns DENYSOFT. That's not a hang up. See your paragraph
 below about the 3 choices. Don't take offence that someone modified your
 code. It's open source?

What's in CVS isn't the original version; Ask changed it from my
original, which used a DENY and immediate hangup.  The hangup part of
the patch wasn't applied until some time later.

http://www.mail-archive.com/[EMAIL PROTECTED]/msg00185.html


  This isn't the spot to fix delayed logging, though.  The smtpd should
  log this up front at connect time.
 
 I'm not sure what that means. I find logging of from and to helpful on any
 connection whether blocked or not. This makes later investigation of
 user's woes much easier. Maybe your users are differnet from mine?

If from/to actually occur and lead to a decision on what the code will
do, sure.  As for just logging what host connected to you, qpsmtpd
should be doing that, not the plugin.

 Makes the following code shorter. Don't have to check whether the values
 are defined. The arguments are optional, allowing a current config/plugins
 to function as planned.
   Your comments could be much more helpful. Isn't that the raison d'etre
 of such a list?

Keith has already clarified this with the ideal fix, but one other to
consider is to use the ||= conditional-assign operator and || short
circuiting to accomplish this, as in:

my %x = (@args);
$x{foo} ||= 'bar';

This can often be as terse and easy to read, though since it does a
truth-test it's best replaced with an if-defined when the default has
zero as a legitimate value.

I think I saw this in one of your other patches from this morning, also,
though I forget which one.

-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++

Re: NOOP handler

[Devin Carraway]

On Sun, Jul 04, 2004 at 07:40:51PM +0100, Mark Powell wrote:
   Had some dialup joker today, opening 45 smtp connections and doing
 nothing on them, but a NOOP every 30s. Four hours later they were all
 still there, until I killed them and blocked the IP.
   Can we have the possibility of a noop handler, so a plugin could prevent
 this?

Hm.  While we might as well have a no-op hook, the attacker could have
staged the same sort of attack with a gradual cycle of mail/rcpt/rset
commands.  A better countermeasure for this one would be a per-client
max-connections limit.  Won't do much against a zombie attack, but it'd
deal with this sort.

-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++

Re: cvs commit: qpsmtpd/plugins authdeny authnull authsql

[Devin Carraway]

On Tue, Jun 29, 2004 at 02:52:11PM -0700, Jim Winstead wrote:
authsql - Authenticate to vpopmail via MySQL
 
 maybe this should have a more descriptive name -- auth_vpopmail_mysql?

Let's not build any more assumptions about SQL engines in than are
justified; Perl has DBI, and DBI can connect to most anything given a
simple dbistr.

Rather than renaming the plugin, let's just plan to make the dbistr (or
something used to build it) configurable, and move the db login
authentication out to configuration right next to the dbistr.

-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++


signature.asc
Description: Digital signature

Re: cvs commit: qpsmtpd/plugins authdeny authnull authsql

[Devin Carraway]

On Tue, Jun 29, 2004 at 04:13:19PM -0700, Jim Winstead wrote:
 the main reason i brought it up wasn't so much that it refers to MySQL,
 but vpopmail. i didn't look at the plugin too closely, but i'm guessing
 that it presumes a particular schema.

If it does, and it can't be reduced to a column and tablename (similar
to Apache's auth_*sql modules), then sure, such a specialization would
be justified.

-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++

exim BSMTP queue plugin

[Devin Carraway]

We've got backend queue plugins for qmail, postfix and SMTP forwarding;
here's one for Exim.  It uses exim's BSMTP (batched SMTP) interface,
which basically amounts to sending in an entire SMTP conversation on a
pipe without waiting for answers.

The current implementation presumes that you're doing all your filtering
in qpsmtpd, and only using exim to deliver or relay.  Hence if the BSMTP
exchange yields a failure, it will always be soft-denied, even if exim
issued a hard-deny.  It also wastes some I/O on a tempfile when it could
probably safely use IPC::Open2.

I've been testing it against Exim 4; I can't recall offhand whether Exim
3 had a BSMTP (-bS) interface or not.

http://devin.com/qpsmtpd/exim-bsmtp

-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++


signature.asc
Description: Digital signature

Re: exim BSMTP queue plugin

[Devin Carraway]

On Mon, Jun 28, 2004 at 03:59:44AM -0700, Ask Bj?rn Hansen wrote:
 http://devin.com/qpsmtpd/exim-bsmtp
 
 Very cool!  It looks good, except for the license.  If you'd like it to 
 be in the standard distribution it'll have to have to be licensed as 
 the rest of qpsmtpd (the MIT license).   I can probably be talked into 
 including something licensed as Perl as well, but not the GPL alone.

I'm fine with dual licensure; I just needed to grab a license off the
proverbial shelf, realizing that I've been posting plugins without clear
copyright (and hence unredistributable).

-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++

Re: URI IP CIDR-range checker plugin

[Devin Carraway]

On Fri, Jun 18, 2004 at 06:49:01PM +1000, Andrew Pam wrote:
 You probably won't be getting any email from me then, as I'm located
 in Australia which is in the Asia-Pacific region under APNIC.
 
 Not recommended.

A categorial reject of all mail referencing sites hosted in
APNIC-maintained ranges would be a lousy idea, yes.  A probabilistic one
would be less so, but still cuts an unnecessarily broad swath and
includes some prominent babies in the bathwater -- two of them being my
employer and APNIC itself.  :)

I'm currently flagging all of APNIC's space for testing purposes, as I
said, and to compare with rejects from SURBL or spamassassin to see what
degree of locality exists in spammer hosting arrangements.  My hope is
that many of them will cluster into the same ISPs and confined address
ranges.  No data yet.

-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++


signature.asc
Description: Digital signature

Re: Spam Assassin Plugin Problem

[Devin Carraway]

On Fri, Jun 18, 2004 at 09:53:03AM -0700, Lincoln Turner wrote:
 The problem is that the qpsmtpd plugin only seems to read the FIRST 
 headers, hence it passes the email through as ham.

(disclaimer: I have nothing to do with the spamassassin plugin, I just
fixed the same problem in my spamc variant recently)

Nice tactic on the spammers' part.  Here's a patch which should address
it.  I'd be nice to have this functionality in spamassassin/spamd
itself, though I can see why it was omitted.

-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++
Index: spamassassin
===
RCS file: /cvs/public/qpsmtpd/plugins/spamassassin,v
retrieving revision 1.10
diff -u -r1.10 spamassassin
--- spamassassin10 Jun 2004 06:26:18 -  1.10
+++ spamassassin18 Jun 2004 17:04:27 -
@@ -89,6 +89,10 @@
   $self-log(6, check_spam);
   return (DECLINED) if $transaction-body_size  500_000;
 
+  $transaction-header-delete($_)
+   for ('X-Spam-Flag',  'X-Spam-Status', 'X-Spam-Level',
+'X-Spam-Checker-Version');
+
   my $remote  = 'localhost';
   my $port= 783;
   if ($port =~ /\D/) { $port = getservbyname($port, 'tcp') }


signature.asc
Description: Digital signature

cvs commit: qpsmtpd/plugins check_badmailfrom check_badrcptto

[Devin Carraway]

cvsuser 04/06/17 22:47:45

  Modified:plugins  check_badmailfrom check_badrcptto
  Log:
  Perform checks on MAIL-FROM and RCPT-TO case insensitively.
  
  Revision  ChangesPath
  1.5   +2 -1  qpsmtpd/plugins/check_badmailfrom
  
  Index: check_badmailfrom
  ===
  RCS file: /cvs/public/qpsmtpd/plugins/check_badmailfrom,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -w -r1.4 -r1.5
  --- check_badmailfrom 31 Aug 2003 08:24:06 -  1.4
  +++ check_badmailfrom 18 Jun 2004 05:47:45 -  1.5
  @@ -30,11 +30,12 @@
and $sender-host  $sender-user);
   
 my $host = lc $sender-host;
  -  my $from = $sender-user . '@' . $host;
  +  my $from = lc($sender-user) . '@' . $host;
   
 for my $bad (@badmailfrom) {
   $bad =~ s/^\s*(\S+).*/$1/;
   next unless $bad;
  +$bad = lc $bad;
   warn Bad badmailfrom config: No \@ sign in $bad\n and next unless $bad =~ 
m/\@/;
   $transaction-notes('badmailfrom', Mail from $bad not accepted here)
 if ($bad eq $from)
  
  
  
  1.4   +2 -1  qpsmtpd/plugins/check_badrcptto
  
  Index: check_badrcptto
  ===
  RCS file: /cvs/public/qpsmtpd/plugins/check_badrcptto,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -w -r1.3 -r1.4
  --- check_badrcptto   21 Apr 2004 12:42:45 -  1.3
  +++ check_badrcptto   18 Jun 2004 05:47:45 -  1.4
  @@ -10,8 +10,9 @@
 my @badrcptto = $self-qp-config(badrcptto) or return (DECLINED);
 return (DECLINED) unless $recipient-host  $recipient-user;
 my $host = lc $recipient-host;
  -  my $from = $recipient-user . '@' . $host;
  +  my $from = lc($recipient-user) . '@' . $host;
 for my $bad (@badrcptto) {
  +$bad = lc $bad;
   $bad =~ s/^\s*(\S+)/$1/;
   return (DENY, mail to $bad not accepted here)
 if $bad eq $from;
  
  
  

max-size tweak for clamav

[Devin Carraway]

One of a number of similar changes I've made lately, this adds a maximum
size constraint on clamav.  This eliminates the situation where clamav
doesn't finish its scan before the SMTP timeout alarm goes off, which
(a) wastes CPU time and blocks large email, and (b) leaves big files in
the tmpdir.  Viruses are seldom if ever found in large files these days,
so scanning them is largely a waste of time anyway.

On this subject, given the number of plugins that write the mail out to
a tempfile before passing it to something external (clamav, spamc, etc),
I'd like to suggest an addition to Qpsmtpd::Transaction.  It'd be good
to have a call to (a) guarantee that the mail is on disk, and (b) return
a filename for it (with the expectation that it won't be altered).  Then
we could skip out on repetitive tmpfile generation and cleanup in
various plugins (in which it's lots simpler to snag stdin from a file
than to deal with getting stdin+stdout pipes set up.)

(this is a merge from my own copy of the clamav plugin, since my
production qpsmtpd is a ways behind CVS; it looks sane but I haven't
tested the merged copy)

-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++
Index: clamav
===
RCS file: /cvs/public/qpsmtpd/plugins/clamav,v
retrieving revision 1.3
diff -u -r1.3 clamav
--- clamav  5 Mar 2004 12:46:24 -   1.3
+++ clamav  15 Jun 2004 15:54:54 -
@@ -7,6 +7,9 @@
   my ($self, $qp, @args) = @_;
   $self-register_hook(data_post, clam_scan);
 
+  # default scan size limit of 512k
+  $self-{_max_size} = 1024 * 512;
+
   if (@args  0) {
 # Untaint scanner location
 if ($args[0] =~ /^(\/[\/\-\_\.a-z0-9A-Z]*)$/) {
@@ -15,16 +18,36 @@
   $self-log(LOGERROR, FATAL ERROR: Unexpected characters in clamav argument 1);
   exit 3;
 }
-$self-log(LOGWARN, WARNING: Ignoring additional arguments.) if (@args  1);
+if (@args  2) {
+  if ($args[0] =~ /^(\d+)$/) {
+$self-{_max_size} =  $1;
+  } else {
+$self-log(LOGERROR, FATAL ERROR: Unexpected characters in clamav argument 
2);
+exit 3;
+  }
+}
+$self-log(LOGWARN, WARNING: Ignoring additional arguments.) if (@args  2);
   } else {
 $self-{_clamscan_loc} = /usr/local/bin/clamscan;
   }
+
 }
  
 sub clam_scan {
   my ($self, $transaction) = @_;
  
-  my ($temp_fh, $filename) = tempfile();
+  if ($transaction-body_size  $self-{_max_size}) {
+   $self-log(2, 'Mail too large to scan ('.
+   $transaction-body_size .  vs $self-{_max_size}) );
+   return (DECLINED);
+  }
+
+  my $spool_dir = $self-qp-config('spool_dir') ?
+  $self-qp-config('spool_dir')
+ : Qpsmtpd::Utils::tildeexp('~/tmp/');
+
+  my ($temp_fh, $filename) = tempfile(qpsmtpd.clamav.XX,
+ DIR = $spool_dir);
   print $temp_fh $transaction-header-as_string;
   print $temp_fh \n;
   $transaction-body_resetpos;


signature.asc
Description: Digital signature

Re: newer still check_spamhelo (was Re: newer check_spamhelo (was Re: RFC: new check_spamhelo))

[Devin Carraway]

On Tue, Jun 15, 2004 at 04:04:23PM +0100, Mark Powell wrote:
   Here is the latest check_spamhelo that surrounds each regexp, with
 simply '^'  '$'. Slashes are not needed to surround a regexp anymore. See
 the attached badhelo for some examples.

Excellent, much cleaner.

   Passing the argument 'checkip', in addition to 'rfc', will also check
 that the IP address given in an IPv4 address literal actually matches that
 of the connection.

Yummy, though I'd be somewhat concerned about environments placing their
outbound mailservers behind NAT firewalls.  Still, the proportion of
servers both (a) doing that and (b) issuing IP HELOs is probably
vanishingly small.

 # A lot of spammers use the following which are not used by the real domain owners

I've seen excite.com also, so you might consider adding that.

Ask, Mark has pretty well superceded my original check_spamhelo with
this, so once this is adequately tested I suggest deprecating or
replacing mine in favor of this one.

-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++


signature.asc
Description: Digital signature

Re: RFC: new check_spamhelo

[Devin Carraway]

On Sun, Jun 13, 2004 at 01:45:15AM -0700, Ask Bj?rn Hansen wrote:
 It requires a core patch. I wonder if a new return code might not be 
 useful here, so you could do:
 
   return CUSTOM, 501, Syntax error in EHLO argument;
 
 Ask - any thoughts on that?
 
 DECLINED / OK / ... has other meanings than just what we return to the 
 client.
 
 I think I'd rather see an extension so if the second part of the return 
 result is a three digit number we'll pass that back as the code and use 
 the third part as the message.

What about making it possible to return a composite there instead, e.g.:

return { action = DENY, code = 501 }, IP RFC-compliant;


-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++

Re: RFC: new check_spamhelo

[Devin Carraway]

On Sun, Jun 13, 2004 at 12:52:31AM +0100, Mark Powell wrote:
   Attached are some changes I made to check_spamhelo today. I wanted the
 plugin to do a little more in dropping those conversations from external
 sites that have HELO's which forge hosts, domains, and IP addresses.
   It provides wildcards in badhelo so you can block HELO arguments
 pretending to be your domain e.g.

Splendid; I've thought off and on since writing spamhelo about dealing
with the IP address tests and never gotten around to it.  I often see a
pattern where I'll get three or four consecutive connects from different
IPs, all of whom will issue a HELO containing my own IP address; because
I deny that HELO they go away, but there are a handful of others around.

If you're going to do partial matches on the HELO, though, why not just
do it via perl or glob patterns?  Once you start supporting such matches
you're already spending the compute time, so you may as well go the rest
of the way.


-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++

URIBL plugin

[Devin Carraway]

Saw on slashdot, liked the idea (it's occurred to me before, but I
didn't really think through it that thoroughly), so here's a first-stab
implementation.  Could use some refinement in the URI matching,
bare-hostname detection, that sort of thing, but it seems to work.  I
don't advise running it in reject mode until it's had more of a
shakedown.

(also found at http://devin.com/qpsmtpd/uribl)

-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++
#!/usr/bin/perl -w

=head1 NAME

uribl - URIBL blocking plugin for qmpsmtpd

=head1 DESCRIPTION

This plugin implements the URIBL proposal, such as the Spam URI Realtime
Blocklist (SURBL; see http://surbl.org/).  Incoming messages are scanned
for URIs, which are then checked against one or more URIBLs in a fashion
similar to DNSBL systems.

=head1 CONFIGURATION

To enable the plugin, add it to I~qpsmtpd/config/plugins.  The list of
URIBLs to check should be placed in Iuribl_zones in the config directory
(typically I~qpsmtpd/config).

You may specify the following config option(s):

=over 4

=item action

Specifies what to do when a URI is matched in a URIBL.  Available options are
Iadd-header (the default) Ideny and Idenysoft.  If set to add-header, an
X-URIBL-Match: header will be added explaining the URIBL entry found.  If set
to 'deny,' the delivery will be declined with a hard failure.  If set to
denysoft, the delivery will be soft failed (this is probably not a good idea.)

=back

=head1 BUGS

Does not yet detect URIs munged by URI percentage-style escape codes,
and may miss some other munging as well.

Does not attempt to pick out non-URI style hostnames, such as a bare
www.domain.tld.

=head1 AUTHOR

Written by Devin Carraway [EMAIL PROTECTED].  Newer versions may be found
(or not) at http://devin.com/qpsmtpd/.

=cut

use Net::DNS::Resolver;

use strict;
use warnings;

sub register {
my ($self, $qp, %args) = @_;

$self-{action} = $args{action} || 'add-header';
$self-register_hook('data_post', 'data_handler');
}

sub data_handler {
my ($self, $txn) = @_;
my $l;
my %sockets;
my @uribl_zones = $self-qp-config('uribl_zones');
$self-log(0, URIBL zones: .join(',',@uribl_zones));
@uribl_zones or return DECLINED;
my $res = new Net::DNS::Resolver or return DECLINED;

$txn-body_resetpos;
while ($l = $txn-body_getline) {
chomp $l;
last if !$l;
}
while ($l = $txn-body_getline) {
chomp;
if ($l =~ m{\w{3,16}://(?:\S+@)?(\d{7,})(?::\d+)?([/?\s]|$)}) {
my @octets = (
(($1  24)  0xff),
(($1  16)  0xff),
(($1  8)  0xff),
($1  0xff)
);
my $fwd = join('.', @octets);
my $rev = join('.', reverse @octets);
$self-log(2, uribl: matched pure-integer ipaddr $1 ($fwd));
$sockets{$rev\t$_} ||= $res-bgsend($rev.$_., 'txt')
for @uribl_zones;
}
elsif ($l =~ m{\w{3,16}://(?:\S+@)?(\d+)\.(\d+)\.(\d+)\.(\d+)}) {
my $rev = $4.$3.$2.$1;
$self-log(2, uribl: matched URI ipaddr $1.$2.$3.$4);
$sockets{$rev\t$_} ||= $res-bgsend($rev.$_., 'txt')
for @uribl_zones;
}
elsif ($l =~ m{\w{3,16}://(?:\S+@)?([\w\-.]+\.\w+)}) {
$self-log(2, uribl: matched URI hostname $1);
$sockets{$1\t$_} ||= $res-bgsend($1.$_., 'txt')
for @uribl_zones;
}
}
$txn-body_resetpos;

my %matches;
while (keys %sockets) {
my $c = 0;
for my $s (keys %sockets) {
unless ($sockets{$s}) {
delete $sockets{$s};
next;
}
next unless $res-bgisready($sockets{$s});
my $packet = $res-bgread($sockets{$s});
unless ($packet) {
delete $sockets{$s};
next;
}
for my $rr ($packet-answer) {
$matches{$s} = $rr-txtdata
if $rr-type eq 'TXT';
}
delete $sockets{$s};
$c++;
}
sleep 0.1 if keys %sockets and !$c;
}
for (keys %matches) {
my ($host, $uribl) = split /\t

Re: whitelisting an ip in china

[Devin Carraway]

On Thu, Jan 29, 2004 at 04:38:24PM +0200, Aric Fedida wrote:
 So now the question is, how do I whitelist a certain ip address, so that
 qpsmtpd plugins will be bypassed for that ip address?

As a halfway measure, you could whitelist their HELO with the whitelist
plugin I posted here a while back.  Whitelisting a remote host is a
valid case, I'll see what would be involved there.


-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++


signature.asc
Description: Digital signature

Re: whitelisting an ip in china

[Devin Carraway]

[crass self reply]

On Thu, Jan 29, 2004 at 11:02:49AM -0800, Devin Carraway wrote:
 As a halfway measure, you could whitelist their HELO with the whitelist
 plugin I posted here a while back.  Whitelisting a remote host is a
 valid case, I'll see what would be involved there.

Okay, I feel stupid.  Code to do this is already in the whitelist plugin
-- drop their IP in the whitelisthosts file and it'll work fine.


-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++

Re: First time denysoft plugin

[Devin Carraway]

On Fri, May 30, 2003 at 10:04:24PM +1000, Gavin Carr wrote:
 A while ago Matt Sergeant mentioned he'd implemented a plugin that he
 couldn't release that returned a denysoft on the first connection from 
 an IP address, on the theory that spammers don't queue, they just fire

Hmm, that reminds me -- Matt, it's been a couple of months, how's it
been working out for you?

-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++

Re: First time denysoft

[Devin Carraway]

On Tue, Apr 01, 2003 at 04:43:57PM +0100, Matt Sergeant wrote:
 I didn't invent this idea - lots of people have suggested it before now.
 It's just dead easy to implement in qpsmtpd... The theory is that spammers
 don't queue - they fire and forget. The only system that would queue is an
 open relay, and those seem to be few and far between these days.

I'm dubious about the utility of this scheme, given that it only works
with direct-to-MX spammers, who tend to originate from negligent ISPs
and hence would exhibit a fair degree of address locality.  You could
improve it some by aging out entries in the table, but at the expense of
ongoing delays in legitimate mail.

In terms of maximizing true-positives, this might work a bit better
hashed on the MAIL FROM value, which in spam tend to be either entirely
random usernames on the front of a webmail provider, or one-shot
addresses.  However, it'd make trouble with VERPs, BTSes, etc.

-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++

Re: Spamassassin problem

[Devin Carraway]

On Sun, Mar 23, 2003 at 12:45:21AM +0200, Skaag Argonius wrote:
 - It seems like SA hangs forever when checking messages that contain
 attachments.

Does this happen when you pipe the same messages into spamc?  Neither
the SA plugin nor qpsmtpd know anything about attachments.  You might
try setting 'timeout 15' in the plugin config -- if the problem goes
away, then spamd is for whatever reason hanging on the mail long enough
for spamc to give up.


 - spamd or spamc are not reading the spamassassin config file
 (/etc/spamassassin/local.cf)

What arguments were used to run spamd?


 - It looks like specifying parameters to spamassassin in the config, is not
 really working. Is there a  workaround for this?

This isn't feasible using spamc, and IMO wasn't a good idea originally.
Options germane to spamassassin can be set in
~qpsmtpd/.spamassassin/user_prefs.  Options to spamc itself can be
configured in ~qpsmtd/config/plugins -- see the spamc manpage.  Spamc's
options are largely unneeded on conventional setups.


 - Should I specify the -v flag for spamassassin (vpopmail), if I'm using
 vpopmail?

Give it to spamd instead.  Note that in such a case you'll need to have
spamc connect as user vpopmail (specify user vpopmail in
config/plugins).


-- 
Devin  \ aqua(at)devin.com, 1024D/E9ABFCD2;  http://www.devin.com
Carraway \ IRC: Requiem  GCS/CC/L s-:--- !a !tv C$ ULB+++$ O+@ P L+++