Christoph Lukas | 22 Feb 12:15 2016
Picon

Logging: Missing lines, truncated data

Hello list,

I'm hoping you can help me with a spot of bother I ran into:

The logs written to syslog and file are missing lines, while certain 
lines are truncated.

For example, this is the incomming session that sent the "WELCOME to 
qpsmtpd <at> perl.org" mail:
(timestamps after the first line are removed for readability)

   Mon Feb 22 10:55:34 2016 mail[17615]: US
   mail[17615]: Linux 2.6.x
   mail[17615]: pass, not spontaneous
   mail[17615]: skip, no match
   mail[17615]: karma 1 (1)
   mail[17615]: pass
   mail[17615]: pass
   mail[17615]: 220 mailin.firc.de ESMTP qpsmtpd 0.96/v0.96 ready; send 
us your mail, but not your spam.
   mail[17615]: dispatching EHLO x6.develooper.com
   mail[17615]: karma 1 (2)
   mail[17615]: pass
   mail[17615]: 250-mailin.firc.de Hi x6.develooper.com [207.171.7.86]
   mail[17615]: 250-PIPELINING
   mail[17615]: 250-8BITMIME
   mail[17615]: 250 STARTTLS
   mail[17615]: dispatching MAIL FROM:<qpsmtpd-return- <at> perl.org>
   mail[17615]: pass, perl.org has MX at mx.develooper.com
   mail[17615]: pass, no zones
(Continue reading)

Etilem | 26 Jan 22:54 2016
Picon

qpsmtpd_report.pl


Hi,

I have written a script to report some 250/450/550 infos from
qpsmtpd.log LOGINFO level, feel free to review and test it, here is the
uri to get it : 

	http://www.etilem.net/perl/qpsmtpd_report.pl

best regards,

--
Etilem

Chris Dallimore | 19 Dec 15:57 2015
Picon

uribl plugin issues

I had some problems with the uribl plugin:
- Always returning "pass, No URIs found in mail"
- URLs split over lines causing lookups to truncated domains
- Whitelist not being actioned ( for the second "while ($l =~ m{" loop )

I've made some changes that work for me, but it likely needs reviewing 
from those with more knowledge:

--- a/plugins/uribl
+++ b/plugins/uribl
 <at>  <at>  -271,6 +271,7  <at>  <at> 

          if ($l =~ /(.*)=$/) {
              push  <at> qp_continuations, $1;
+            next;
          }
          elsif ( <at> qp_continuations) {
              $l = join('',  <at> qp_continuations, $l);
 <at>  <at>  -404,10 +405,13  <at>  <at> 
                ? 3
                : 2;
              if (
-                exists $self->{whitelist_zones}
-                ->{join('.',  <at> host_domains[($cutoff - 1) .. 
$#host_domains])})
+                exists $self->{whitelist_zones}->{
+                    join('.',
+                          <at> host_domains[($#host_domains - $cutoff + 1)
+                           .. $#host_domains])
+                }
(Continue reading)

Chris Dallimore | 17 Dec 18:17 2015
Picon

helo plugin fails to match badhelo

The helo plugin fails to match any entries in badhelo, as the 
is_regex_match sub returns after the first (usually unsuccessful) test.

This works for me:

--- a/plugins/helo
+++ b/plugins/helo
 <at>  <at>  -301,40 +301,27  <at>  <at> 

  sub is_in_badhelo {
      my ($self, $host) =  <at> _;
-
-    my $error = "I do not believe you are $host.";
+    my $error = "Your HELO hostname is not allowed";

      $host = lc $host;
      foreach my $bad ($self->qp->config('badhelo')) {
          if ($bad =~ /[\{\}\[\]\(\)\^\$\|\*\+\?\\\!]/) {    # it's a regexp
-            return $self->is_regex_match($host, $bad);
+            #$self->log( LOGDEBUG, "is regex ($bad)");
+            if (substr($bad, 0, 1) eq '!') {
+                $bad = substr $bad, 1;
+                if ($host !~ /$bad/) {
+                    #$self->log( LOGDEBUG, "matched negative pattern 
(\!$bad)");
+                    return $error, "badhelo negative pattern match 
(\!$bad)";
          }
-        if ($host eq lc $bad) {
-            return $error, "in badhelo";
(Continue reading)

frank | 20 Jul 07:34 2015

relay plugin ignores empty $ENV{RELAYCLIENT}

Upgrading from a heavily customized and ancient version, I've always used 
an empty $RELAYCLIENT in my tcpserver configs but the latest version 
ignores the empty variable. This fixed it for me.

-frank

diff --git a/plugins/relay b/plugins/relay
index fdae3ad..6c7974b 100644
--- a/plugins/relay
+++ b/plugins/relay
 <at>  <at>  -230,7 +230,7  <at>  <at>  sub hook_connect {
          return DECLINED;
      }

-    if ($ENV{RELAYCLIENT}) {
+    if (defined $ENV{RELAYCLIENT}) {
          $self->qp->connection->relay_client(1);
          $self->log(LOGINFO, "pass, enabled by env");
          return DECLINED;

frank | 20 Jul 07:19 2015

badrcptto ignores $reason

The badrcptto plugin says it lets you give a custom response for a 
matching regex but the code doesn't appear to use it. Shouldn't it be 
something like this?

Thanks
-frank

diff --git a/plugins/badrcptto b/plugins/badrcptto
index 0dec099..eb3d31c 100644
--- a/plugins/badrcptto
+++ b/plugins/badrcptto
 <at>  <at>  -66,7 +66,7  <at>  <at>  sub hook_rcpt {
          if ($self->is_match($to, lc($bad), $host)) {
              $self->adjust_karma(-2);
              if ($reason) {
-                return DENY, "mail to $bad not accepted here";
+                return DENY, $reason;
              }
              else {
                  return Qpsmtpd::DSN->no_such_user(

Chris Dallimore | 9 Jun 19:51 2015
Picon

hosts_allow plugin

Hi,

I'm still a novice and learning, but I'm playing with 0.95 and have come 
across an issue with the hosts_allow plugin.
Specifically this part in sub in_hosts_allow:

             $const = Qpsmtpd::Constants::return_code($const) || DECLINED;
             if ($const =~ /deny/i) {
                 $self->log(LOGINFO, "fail, $message");
             }

The second line can seemingly never be true, as the preceding line has 
replaced the value of $const read from the config file with a return 
/code/ (e.g. 901).

Should there also be a 'return $const, $message;' to return the failure 
before reaching:
             $self->log(LOGDEBUG, "pass, $const, $message");
             return $const, $message;

as always logs a 'pass', regardless of the actual response.

There'll undoubtedly be a more elegant way, but as a kludge for me, I've 
changed this to:

         if (join('.', unpack('C4', inet_aton($remote) & $mask)) eq $net) {
             my $action = $const;
             $const = Qpsmtpd::Constants::return_code($const) || DECLINED;
             if ($action =~ /deny/i) {
                 $self->log(LOGINFO, "fail, $message");
(Continue reading)

jrd | 7 Jun 13:09 2015

karma plugin

    From: Matt Simerson <matt <at> tnpi.net>
    Date: Sat, 6 Jun 2015 20:23:46 -0700

Thanks Matt.  Bits below.

    > On Jun 6, 2015, at 12:16 PM, postmaster <at> jrd.org wrote:
    > 
    > Are there any users of the karma plugin out there?

    [matt <at> mail] ~smtpd/smtpd % grep karma config/plugins 
    karma penalty_box 0 reject 0

    Heh, I still qualify. Barely...I have one last host running Qpsmtpd.

    > I've been trying
    > to set it up, and so far failing.  When I enable it in my plugins
    > file, qpsmtpd fails to start.  The last line in the log, and the only
    > thing that looks like it's trying to start up karma is
    > 
    > Sat Jun 06 15:13:24 2015 g2[7780]: karma hooking pre-connection
    > 
    > I've googled around a bit but come up empty.  Is there something
    > special about karma that I should be doing?  Other hints on how to
    > debug where it's going off the rails?

    Hard to say. Make sure that the QP user can write to ./, so that
    karma can write its DB files to disk. Probably best to gist the
    output so we can see what other clues might be there.

Pretty sure I'm not failing on write permissions.  Also pretty sure
(Continue reading)

postmaster | 6 Jun 21:16 2015

karma plugin

Are there any users of the karma plugin out there?  I've been trying
to set it up, and so far failing.  When I enable it in my plugins
file, qpsmtpd fails to start.  The last line in the log, and the only
thing that looks like it's trying to start up karma is

Sat Jun 06 15:13:24 2015 g2[7780]: karma hooking pre-connection

I've googled around a bit but come up empty.  Is there something
special about karma that I should be doing?  Other hints on how to
debug where it's going off the rails?

TIA...

Craig Jungers | 14 May 00:38 2015
Picon

Minimal Use of Qpsmtpd

I'm trying to just use qpsmtpd to stop multiple connections from spam servers. Some .eu servers are trying to sent 35 or 40 emails at a time... they get rejected but it takes up my server's resources to do it. But I want to wait and set up qpsmtpd to check blacklists later. I'm using Postfix. 

Is this relatively easy to do? I'm not an smtp novice but new to qpsmtpd.

Craig
Charlie Brady | 28 Jan 14:24 2015
Picon
Picon

CVE-2015-0235 exposure via qpsmtpd?


As you can see in the advisory:

http://www.openwall.com/lists/oss-security/2015/01/27/9

exim allows remote exploit of a buffer overflow in glibc.

Has anybody done an analysis of qpsmtpd to see whether there is a code 
path via qpsmtpd (and plugins) and perl which allows the same exploit?


Gmane