Dan Langille | 25 Mar 20:21 2014

Any chance of a new release?

Hello,

Any chance of a new release?  I ask because I encountered this bug:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693179

which is fixed by this patch:

  https://github.com/smtpd/qpsmtpd/commit/1bfebd0bfd5e86f8ed4f770ba54846dc9d18e0ab

which went in about a year ago.

Four years without a new release is a long time.

Thanks.

— 
Dan Langille
dvl <at> biglist.com

Steve Freegard | 15 Jan 20:43 2014

Re: qpsmtpd as a mail proxy for outgoing mail

Bojan,

This seems like a reasonable thing to do and not impossible to do at all.

I moved from qpsmtpd a while ago and I'm using Haraka now (see 
https://github.com/baudehlo/Haraka) and you could probably do this by 
hacking a couple of the existing plugins if you know a bit of Javascript 
(smtp_proxy.js and auth_proxy.js).

Regards,
Steve.

On 15/01/14 14:45, Bojan Čekrlić wrote:
> Hi list,
>
> I've been looking around for this solution and qpsmtpd seems to be the 
> closest thing that I found. Let me explain:
>
> I would like to do something similar with SMTP that Perdition 
> (http://horms.net/projects/perdition/) does for IMAP/POP. Namely, when 
> the user authenticates, his conversation would be forwarded to target 
> outgoing mail server, based on his authentication details.
>
> Basically have one SMTP "gateway" that forwards outgoing mail based on 
> user credentials.
>
> As qsmtpd already has a plugin that autenticates against another SMTP 
> server (http://wiki.qpsmtpd.org/doku.php?id=plugins:auth:auth_smtpd) 
> and perl already has libraries for talking to SMTP, it seems this 
> wouldn't be impossible to do with qsmtpd.
(Continue reading)

Bojan Čekrlić | 15 Jan 15:45 2014

qpsmtpd as a mail proxy for outgoing mail

Hi list,

I've been looking around for this solution and qpsmtpd seems to be the 
closest thing that I found. Let me explain:

I would like to do something similar with SMTP that Perdition 
(http://horms.net/projects/perdition/) does for IMAP/POP. Namely, when 
the user authenticates, his conversation would be forwarded to target 
outgoing mail server, based on his authentication details.

Basically have one SMTP "gateway" that forwards outgoing mail based on 
user credentials.

As qsmtpd already has a plugin that autenticates against another SMTP 
server (http://wiki.qpsmtpd.org/doku.php?id=plugins:auth:auth_smtpd) and 
perl already has libraries for talking to SMTP, it seems this wouldn't 
be impossible to do with qsmtpd.

The $100 question: has anybody had any experience setting up a 
configuration like this? Is it even possible with qsmtpd?

Thank you,
B

Walt Mankowski | 30 Nov 16:43 2013
Picon

Fatal errors with Net-DNS-0.73

I installed the new version of Net::DNS last night (version 0.73) and
that caused qpsmtpd to fail with a fatal error.  Here's what I see in
the logs:

2013-11-30 10:04:04 ***  FATAL PROGRAM ERROR!!        Unknown method 'default'
2013-11-30 10:04:04 ***  which the program has attempted to call for the object:
2013-11-30 10:04:04 ***
2013-11-30 10:04:04 ***  ;; EDNS version 0
2013-11-30 10:04:04 ;;        flags:  0000
2013-11-30 10:04:04 ;;        rcode:  NOERROR
2013-11-30 10:04:04 ;;        size:   512
2013-11-30 10:04:04 ;;        option: 
2013-11-30 10:04:04 
2013-11-30 10:04:04 ***
2013-11-30 10:04:04 ***  This object does not have a method 'default'.  THIS IS A BUG
2013-11-30 10:04:04 ***  IN THE CALLING SOFTWARE, which incorrectly assumes that the
2013-11-30 10:04:04 ***  object would be of a particular type.  The type of an object
2013-11-30 10:04:04 ***  should be checked before calling any of its methods.
2013-11-30 10:04:04  at
/home/waltman/perl5/perlbrew/perls/perl-5.18.1/lib/site_perl/5.18.1/i686-linux-thread-multi/Net/DNS/Packet.pm
line 183.
2013-11-30 10:04:04   Net::DNS::Packet::data(Net::DNS::Packet=HASH(0x9dd8280)) called at
/home/waltman/perl5/perlbrew/perls/perl-5.18.1/lib/site_perl/5.18.1/i686-linux-thread-multi/Net/DNS/Resolver/Base.pm
line 500
2013-11-30 10:04:04   Net::DNS::Resolver::Base::send(Net::DNS::Resolver=HASH(0x928b5a0),
"66.175.208.152") called at
/home/waltman/perl5/perlbrew/perls/perl-5.18.1/lib/site_perl/5.18.1/i686-linux-thread-multi/Net/DNS/Resolver/Base.pm
line 490
2013-11-30 10:04:04   Net::DNS::Resolver::Base::query(Net::DNS::Resolver=HASH(0x928b5a0),
"66.175.208.152") called at lib/Qpsmtpd/TcpServer.pm line 160
(Continue reading)

Ask Bjørn Hansen | 5 Aug 20:29 2013

Moved website to github

Hi everyone,

First of all apologies for my absence and thank you in particular to Matt Simerson who's kept the project
more or less alive.

Robert migrated the website to github pages; I just updated the old site to redirect to the new:

	http://smtpd.develooper.com/ -> http://smtpd.github.io/qpsmtpd/

A bunch of you have commit access there now and also to the main repository:

	https://github.com/smtpd/qpsmtpd/

Thank you for all the fun over the last ~12 years.  :-)

Ask

--

-- 
Ask Bjørn Hansen, http://askask.com/

KW Distribution | 6 May 17:49 2013

KW Distribution 17 MSI sans OS a un prix ...

Si vous ne visualisez pas correctement ce mail, cliquez ici


Tel:04 86 800 800 Mail:vente <at> kw-distribution.com

Découvrez notre site
Se désinscrire

Luigi Noris | 1 May 19:28 2013
Picon

db suite plugin

Hello, I try to use db suite plugin because I need to share the DB of greylisting with two server. My intention
is to use a remote mysql server but I unable to understand where and how specify the server IP or name in the
db_base config.

Thx in adv,

Gigi Noris

Matt Simerson | 30 Apr 05:23 2013
Picon

I found the future by dredging in the past


I found myself wanting to check for clients who are adding illegal whitespace after the MAIL FROM and RCPT TO
commands.  Before I started hacking, I did a quick search and found this thread:

Stricter parsing of mail from: and rcpt to:

http://grokbase.com/t/perl/qpsmtpd/04cmjwqh9p/stricter-parsing-of-mail-from-and-rcpt-to/oldest

The gist of the thread is that a number of people were for stricter parsing, a number were against, and
nothing happened. A similar exchange was had regarding angle brackets, except that time hooks were added
allowing plugins to rewrite the address, adding the missing angle brackets.

For other similar purposes, Qpsmtpd::Command was added, and the ability to substitute ones own parser was
added, probably about the same time the parse_addr_withhelo plugin was added. 

But I don't need an entirely new parser. I just want to do something quick and fun like:

   if ( 'from: ' eq lc substr($envelope_header, 0, 6) ) {
        $self->adjust_karma(-1);
   };

After reading the proposed solutions, the one I adopted was storing the unparsed line in a connection note,
making it available to plugins that wish to inspect and act upon it.

Matt

PS: I find it amusing that 7 or 8 years later, clients inserting that space have a 97+% correlation with
infected PCs. Not enough to block based on it, but more than enough to cast suspicious glances.

--- a/lib/Qpsmtpd/SMTP.pm
+++ b/lib/Qpsmtpd/SMTP.pm
 <at>  <at>  -354,6 +354,7  <at>  <at>  sub mail {
     }

     $self->log(LOGDEBUG, "full from_parameter: $line");
+    $self->connection->notes('envelope_from', $line);
     $self->run_hooks("mail_parse", $line);
 }

 <at>  <at>  -442,6 +443,7  <at>  <at>  sub mail_respond {

 sub rcpt {
     my ($self, $line) =  <at> _;
+    $self->connection->notes('envelope_rcpt', $line);
     $self->run_hooks("rcpt_parse", $line);
 }

Matt Simerson | 30 Apr 04:30 2013
Picon

clamdscan plugin defaults


Within the register sub of the clamdscan plugin, is this little nugget:

    # Set some sensible defaults
    $self->{'_args'}{'deny_viruses'} ||= 'yes';
    $self->{'_args'}{'max_size'}     ||= 128;
    $self->{'_args'}{'scan_all'}     ||= 0;

Having a default enable for denying viruses is sensible enough. 

But a max_size of 128K? You mean all a virus author needs to do is attach an image to his virus laden message to
evade virus scanning on a qpsmtpd server?  Is that really a sensible default?  

My first inclination is that max_size should default to whatever $config->data_bytes is set to. Why would
such a low limit be considered sensible?

The other thing I'm questioning is why scan_all=0 is the 'sensible' default.  If one is going to bother
running a virus scanner, it would seem the "safe" choice is to scan everything. Should it be as easy as
inserting an illegal character into the Content-Type field value (which would get ignored later), to
bypass multipart detection, and thus virus scanning?

Matt
Matt Simerson | 26 Apr 10:47 2013
Picon

new feature: DKIM message signing


I added a signing feature to my DKIM plugin. 

https://github.com/qpsmtpd-dev/qpsmtpd-dev/blob/master/plugins/dkim

Matt

PS: for added pleasure, I also added a script that makes deploying DKIM really, really easy.  How easy?

	# cd ~smtpd/config/dkim
	# ./dkim_key_gen.sh example.org

Voila. Keys and selector generated. Now DNS needs to be updated. I made that easy too:

	# cat example.org/dns

apr2013._domainkey TXT "v=DKIM1;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/Wu1fd74UXwH//0uiX/6C0hkv3I/PdeTxfnzHN6GrehJpCYBd1BKuigduwt/wZFVgUopwxmcjxSK6qrkADtHC+ZiqC/sqcVuVDhnvzkIgd7dYhqBcVORg6f8Eg8132yPkmHyDm588qKfdFSEUVgBqSfqZg4ZdG4Uq5erHAyQIEcs0h7xqUKJKA5xJWdRwaVYbNkNDAscax1WrSvMHQkKBf5bWUtkMGc/HeoZ6T3VTn5Le0OgLoINj4lNTFfT6toXsbZsKzOaUYacnWVOq2v2lWgghOMRQHYPr7ldl2E7/6sNSpNT8KXAiT7wlfE+/xXg+0DyQq/ahKaPgAecCCFiwIDAQAB"

Tell the world that the ONLY mail servers that send mail from this domain are DKIM signed and/or bear our MX
and A records.

With SPF:

        SPF "v=spf1 mx a -all"
        TXT "v=spf1 mx a -all"

With DMARC:

_dmarc  TXT "v=DMARC1; p=reject; adkim=s; aspf=r; rua=mailto:dmarc-feedback <at> example.org;
ruf=mailto:dmarc-feedback <at> 'example.org; pct=100"

With DomainKeys (deprecated)

_domainkey TXT "o=-; t=y; r=postmaster <at> example.org"

For more information about DKIM and SPF policy, the documentation within each plugin contains a longer
discussion and links to more detailed information:

   perldoc plugins/dkim
   perldoc plugins/sender_permitted_from

Matt Simerson | 26 Apr 10:38 2013
Picon

plugin announcement: DMARC


NAME
       Domain-based Message Authentication, Reporting and Conformance

SYNOPSIS
       DMARC: an extremely reliable means to authenticate email.

DESCRIPTION
       From the DMARC Draft: "DMARC operates as a policy layer atop DKIM and
       SPF. These technologies are the building blocks of DMARC as each is
       widely deployed, supported by mature tools, and is readily available to
       both senders and receivers. They are complementary, as each is
       resilient to many of the failure modes of the other."

       DMARC provides a way to exchange authentication information and
       policies among mail servers.

       DMARC benefits domain owners by preventing others from impersonating
       them. A domain owner can reliably tell other mail servers that "if it
       doesn't originate from this list of servers (SPF) and it is not signed
       (DKIM), then reject it!" DMARC also provides domain owners with a means
       to receive feedback and determine that their policies are working as
       desired.

       DMARC benefits mail server operators by providing them with an
       extremely reliable (as opposed to DKIM or SPF, which both have
       reliability issues when used independently) means to block forged
       emails. Is that message really from PayPal, Chase, Gmail, or Facebook?
       Since those organizations, and many more, publish DMARC policies,
       operators have a definitive means to know.

Instructions on how to use the plugin, how to deploy DMARC to protect ones own domains, and more is included
as POD in the plugin.

Available in the qpsmtpd-dev repo:

	https://github.com/qpsmtpd-dev/qpsmtpd-dev/blob/master/plugins/dmarc

As contrasted to most qpsmtpd plugins, DMARC provides an extremely reliable basis for message rejection.
Better still, it's based on the published policies of the domain the message purports to be from (in the
From: header), making it complementary to SPF, which checks the Envelope FROM sender.  

If you find that SpamAssassin isn't catching all the forged  <at> google.com emails that the Win bots are
sending, this plugin will do the trick. It'll also stop all the forged [a-z]{6} <at> yahoo.com spams those
senders haven't made it onto a DNSBL yet.  The largest *legitimate* email senders have deployed DMARC
records.  And now I have too. :-)

Matt

Gmane