qpsmtpd-plugins/sme10/qpsmtpd-plugins-bz10126.patch

diff -Nur qpsmtpd-plugins-openfusion-20050429.old/plugins/whitelist_soft qpsmtpd-plugins-openfusion-20050429/plugins/whitelist_soft
--- qpsmtpd-plugins-openfusion-20050429.old/plugins/whitelist_soft      2005-03-29 00:02:37.000000000 -0500
+++ qpsmtpd-plugins-openfusion-20050429/plugins/whitelist_soft  1969-12-31 19:00:00.000000000 -0500
@@ -1,223 +0,0 @@
-=head1 NAME
-
-whitelist_soft - whitelist override for other qpsmtpd plugins
-
-
-=head1 DESCRIPTION
-
-The whitelist_soft plugin allows selected hosts or senders or recipients 
-to be whitelisted as exceptions to later plugin processing. It is a more
-conservative variant of Devin Carraway's 'whitelist' plugin.
-
-
-=head1 CONFIGURATION
-
-To enable the plugin, add it to the qpsmtpd/config/plugins file as usual.
-It should precede any plugins you might wish to whitelist for.
-
-Several configuration files are supported, corresponding to different
-parts of the SMTP conversation:
-
-=over 4
-
-=item whitelisthosts
-
-Any IP address (or start-anchored fragment thereof) listed in the
-whitelisthosts file is exempted from any further validation during 
-'connect', and can be selectively exempted at other stages by 
-plugins testing for a 'whitelisthost' connection note.
-
-Similarly, if the environment variable $WHITELISTCLIENT is set
-(which can be done by tcpserver), the connection will be exempt from
-further 'connect' validation, and the host can be selectively 
-exempted by other plugins testing for a 'whitelistclient' connection 
-note.
-
-=item whitelisthelo
-
-Any host that issues a HELO matching an entry in whitelisthelo will
-be exempted from further validation at the 'helo' stage. Subsequent
-plugins can test for a 'whitelisthelo' connection note. Note that 
-this does not actually amount to an authentication in any meaningful 
-sense.
-
-=item whitelistsenders
-
-If the envelope sender of a mail (that which is sent as the MAIL FROM)
-matches an entry in whitelistsenders, or if the hostname component 
-matches, the mail will be exempted from any further validation within
-the 'mail' stage. Subsequent plugins can test for this exemption as a 
-'whitelistsender' transaction note.
-
-=item whitelistrcpt
-
-If any recipient of a mail (that sent as the RCPT TO) matches an
-entry from whitelistrcpt, or if the hostname component matches, no 
-further validation will be required for this recipient. Subsequent 
-plugins can test for this exemption using a 'whitelistrcpt' 
-transaction note, which holds the count of whitelisted recipients.
-
-=back
-
-whitelist_soft also supports per-recipient whitelisting when using
-the per_user_config plugin. To enable the per-recipient behaviour 
-(delaying all whitelisting until the rcpt part of the smtp 
-conversation, and using per-recipient whitelist configs, if 
-available), pass a true 'per_recipient' argument in the
-config/plugins invocation i.e.
-
-  whitelist_soft per_recipient 1
-
-By default global and per-recipient whitelists are merged; to turn off
-the merge behaviour pass a false 'merge' argument in the config/plugins
-invocation i.e.
-
-  whitelist_soft per_recipient 1 merge 0
-
-
-=head1 BUGS
-
-Whitelist lookups are all O(n) linear scans of configuration files, even
-though they're all associative lookups.  Something should be done about
-this when CDB/DB/GDBM configs are supported.
-
-
-=head1 AUTHOR
-
-Based on the 'whitelist' plugin by Devin Carraway <qpsmtpd@devin.com>.
-
-Modified by Gavin Carr <gavin@openfusion.com.au> to not inherit 
-whitelisting across hooks, but use per-hook whitelist notes instead.
-This is a more conservative approach e.g. whitelisting an IP will not
-automatically allow relaying from that IP.
-
-=cut
-
-my $VERSION = 0.02;
-
-# Default is to merge whitelists in per_recipient mode
-my %MERGE = ( merge => 1 );
-
-sub register {
-  my ($self, $qp, %arg) = @_;
-  
-  $self->{_per_recipient} = 1 if $arg{per_recipient};
-  $MERGE{merge} = $arg{merge} if defined $arg{merge};
-
-  # Normal mode - whitelist per hook
-  unless ($arg{per_recipient}) {
-    $self->register_hook("connect", "check_host");
-    $self->register_hook("helo", "check_helo");
-    $self->register_hook("ehlo", "check_helo");
-    $self->register_hook("mail", "check_sender");
-    $self->register_hook("rcpt", "check_rcpt");
-  } 
-  # Per recipient mode - defer all whitelisting to rcpt hook
-  else {
-    $self->register_hook("rcpt", "check_host");
-    $self->register_hook("helo", "helo_helper");
-    $self->register_hook("ehlo", "helo_helper");
-    $self->register_hook("rcpt", "check_helo");
-    $self->register_hook("rcpt", "check_sender");
-    $self->register_hook("rcpt", "check_rcpt");
-  }
-}
-
-sub check_host {
-  my ($self, $transaction, $rcpt) = @_;
-  my $ip = $self->qp->connection->remote_ip || return (DECLINED);
-
-  # From tcpserver
-  if (exists $ENV{WHITELISTCLIENT}) {
-    $self->qp->connection->notes('whitelistclient', 1);
-    $self->log(2,"host $ip is a whitelisted client");
-    return OK;
-  }
-
-  my $config_arg = $self->{_per_recipient} ? { rcpt => $rcpt, %MERGE } : {};
-  for my $h ($self->qp->config('whitelisthosts', $config_arg)) {
-    if ($h eq $ip or $ip =~ /^\Q$h\E/) {
-      $self->qp->connection->notes('whitelisthost', 1);
-      $self->log(2,"host $ip is a whitelisted host");
-      return OK;
-    }
-  }
-  return DECLINED;
-}
-
-sub helo_helper {
-  my ($self, $transaction, $helo) = @_;
-  $self->{_whitelist_soft_helo} = $helo;
-  return DECLINED;
-}
-
-sub check_helo {
-  my ($self, $transaction, $helo) = @_;
-
-  # If per_recipient will be rcpt hook, and helo actually rcpt
-  my $config_arg = {};
-  if ($self->{_per_recipient}) {
-    $config_arg = { rcpt => $helo, %MERGE };
-    $helo = $self->{_whitelist_soft_helo};
-  }
-
-  for my $h ($self->qp->config('whitelisthelo', $config_arg)) {
-    if ($helo and lc $h eq lc $helo) {
-      $self->qp->connection->notes('whitelisthelo', 1);
-      $self->log(2,"helo host $helo in whitelisthelo");
-      return OK;
-    }
-  }
-  return DECLINED;
-}
-
-sub check_sender {
-  my ($self, $transaction, $sender) = @_;
-
-  # If per_recipient will be rcpt hook, and sender actually rcpt
-  my $config_arg = {};
-  if ($self->{_per_recipient}) {
-    $config_arg = { rcpt => $sender, %MERGE };
-    $sender = $transaction->sender;
-  }
-
-  return DECLINED if $sender->format eq '<>';
-  my $addr = lc $sender->address or return DECLINED;
-  my $host = lc $sender->host or return DECLINED;
-
-  for my $h ($self->qp->config('whitelistsenders', $config_arg)) {
-    next unless $h;
-    $h = lc $h;
-
-    if ($addr eq $h or $host eq $h) {
-      $transaction->notes('whitelistsender', 1);
-      $self->log(2,"envelope sender $addr in whitelistsenders");
-      return OK;
-    }
-  }
-  return DECLINED;
-}
-
-sub check_rcpt {
-  my ($self, $transaction, $rcpt) = @_;
-
-  my $addr = lc $rcpt->address or return DECLINED;
-  my $host = lc $rcpt->host or return DECLINED;
-
-  my $config_arg = $self->{_per_recipient} ? { rcpt => $rcpt, %MERGE } : {};
-  for my $h ($self->qp->config('whitelistrcpt', $config_arg)) {
-    next unless $h;
-    $h = lc $h;
-
-    if ($addr eq $h or $host eq $h) {
-      my $note = $transaction->notes('whitelistrcpt');
-      $transaction->notes('whitelistrcpt', ++$note);
-      $self->log(2,"recipient $addr in whitelistrcpt");
-      return OK;
-    }
-  }
-  return DECLINED;
-}
-
-# arch-tag: 15a093f1-2960-4dbe-be72-584d7ff1d92a
-
1	unnilennium	1.1	diff -Nur qpsmtpd-plugins-openfusion-20050429.old/plugins/whitelist_soft qpsmtpd-plugins-openfusion-20050429/plugins/whitelist_soft
2			--- qpsmtpd-plugins-openfusion-20050429.old/plugins/whitelist_soft 2005-03-29 00:02:37.000000000 -0500
3			+++ qpsmtpd-plugins-openfusion-20050429/plugins/whitelist_soft 1969-12-31 19:00:00.000000000 -0500
4			@@ -1,223 +0,0 @@
5			-=head1 NAME
6			-
7			-whitelist_soft - whitelist override for other qpsmtpd plugins
8			-
9			-
10			-=head1 DESCRIPTION
11			-
12			-The whitelist_soft plugin allows selected hosts or senders or recipients
13			-to be whitelisted as exceptions to later plugin processing. It is a more
14			-conservative variant of Devin Carraway's 'whitelist' plugin.
15			-
16			-
17			-=head1 CONFIGURATION
18			-
19			-To enable the plugin, add it to the qpsmtpd/config/plugins file as usual.
20			-It should precede any plugins you might wish to whitelist for.
21			-
22			-Several configuration files are supported, corresponding to different
23			-parts of the SMTP conversation:
24			-
25			-=over 4
26			-
27			-=item whitelisthosts
28			-
29			-Any IP address (or start-anchored fragment thereof) listed in the
30			-whitelisthosts file is exempted from any further validation during
31			-'connect', and can be selectively exempted at other stages by
32			-plugins testing for a 'whitelisthost' connection note.
33			-
34			-Similarly, if the environment variable $WHITELISTCLIENT is set
35			-(which can be done by tcpserver), the connection will be exempt from
36			-further 'connect' validation, and the host can be selectively
37			-exempted by other plugins testing for a 'whitelistclient' connection
38			-note.
39			-
40			-=item whitelisthelo
41			-
42			-Any host that issues a HELO matching an entry in whitelisthelo will
43			-be exempted from further validation at the 'helo' stage. Subsequent
44			-plugins can test for a 'whitelisthelo' connection note. Note that
45			-this does not actually amount to an authentication in any meaningful
46			-sense.
47			-
48			-=item whitelistsenders
49			-
50			-If the envelope sender of a mail (that which is sent as the MAIL FROM)
51			-matches an entry in whitelistsenders, or if the hostname component
52			-matches, the mail will be exempted from any further validation within
53			-the 'mail' stage. Subsequent plugins can test for this exemption as a
54			-'whitelistsender' transaction note.
55			-
56			-=item whitelistrcpt
57			-
58			-If any recipient of a mail (that sent as the RCPT TO) matches an
59			-entry from whitelistrcpt, or if the hostname component matches, no
60			-further validation will be required for this recipient. Subsequent
61			-plugins can test for this exemption using a 'whitelistrcpt'
62			-transaction note, which holds the count of whitelisted recipients.
63			-
64			-=back
65			-
66			-whitelist_soft also supports per-recipient whitelisting when using
67			-the per_user_config plugin. To enable the per-recipient behaviour
68			-(delaying all whitelisting until the rcpt part of the smtp
69			-conversation, and using per-recipient whitelist configs, if
70			-available), pass a true 'per_recipient' argument in the
71			-config/plugins invocation i.e.
72			-
73			- whitelist_soft per_recipient 1
74			-
75			-By default global and per-recipient whitelists are merged; to turn off
76			-the merge behaviour pass a false 'merge' argument in the config/plugins
77			-invocation i.e.
78			-
79			- whitelist_soft per_recipient 1 merge 0
80			-
81			-
82			-=head1 BUGS
83			-
84			-Whitelist lookups are all O(n) linear scans of configuration files, even
85			-though they're all associative lookups. Something should be done about
86			-this when CDB/DB/GDBM configs are supported.
87			-
88			-
89			-=head1 AUTHOR
90			-
91			-Based on the 'whitelist' plugin by Devin Carraway <qpsmtpd@devin.com>.
92			-
93			-Modified by Gavin Carr <gavin@openfusion.com.au> to not inherit
94			-whitelisting across hooks, but use per-hook whitelist notes instead.
95			-This is a more conservative approach e.g. whitelisting an IP will not
96			-automatically allow relaying from that IP.
97			-
98			-=cut
99			-
100			-my $VERSION = 0.02;
101			-
102			-# Default is to merge whitelists in per_recipient mode
103			-my %MERGE = ( merge => 1 );
104			-
105			-sub register {
106			- my ($self, $qp, %arg) = @_;
107			-
108			- $self->{_per_recipient} = 1 if $arg{per_recipient};
109			- $MERGE{merge} = $arg{merge} if defined $arg{merge};
110			-
111			- # Normal mode - whitelist per hook
112			- unless ($arg{per_recipient}) {
113			- $self->register_hook("connect", "check_host");
114			- $self->register_hook("helo", "check_helo");
115			- $self->register_hook("ehlo", "check_helo");
116			- $self->register_hook("mail", "check_sender");
117			- $self->register_hook("rcpt", "check_rcpt");
118			- }
119			- # Per recipient mode - defer all whitelisting to rcpt hook
120			- else {
121			- $self->register_hook("rcpt", "check_host");
122			- $self->register_hook("helo", "helo_helper");
123			- $self->register_hook("ehlo", "helo_helper");
124			- $self->register_hook("rcpt", "check_helo");
125			- $self->register_hook("rcpt", "check_sender");
126			- $self->register_hook("rcpt", "check_rcpt");
127			- }
128			-}
129			-
130			-sub check_host {
131			- my ($self, $transaction, $rcpt) = @_;
132			- my $ip = $self->qp->connection->remote_ip \|\| return (DECLINED);
133			-
134			- # From tcpserver
135			- if (exists $ENV{WHITELISTCLIENT}) {
136			- $self->qp->connection->notes('whitelistclient', 1);
137			- $self->log(2,"host $ip is a whitelisted client");
138			- return OK;
139			- }
140			-
141			- my $config_arg = $self->{_per_recipient} ? { rcpt => $rcpt, %MERGE } : {};
142			- for my $h ($self->qp->config('whitelisthosts', $config_arg)) {
143			- if ($h eq $ip or $ip =~ /^\Q$h\E/) {
144			- $self->qp->connection->notes('whitelisthost', 1);
145			- $self->log(2,"host $ip is a whitelisted host");
146			- return OK;
147			- }
148			- }
149			- return DECLINED;
150			-}
151			-
152			-sub helo_helper {
153			- my ($self, $transaction, $helo) = @_;
154			- $self->{_whitelist_soft_helo} = $helo;
155			- return DECLINED;
156			-}
157			-
158			-sub check_helo {
159			- my ($self, $transaction, $helo) = @_;
160			-
161			- # If per_recipient will be rcpt hook, and helo actually rcpt
162			- my $config_arg = {};
163			- if ($self->{_per_recipient}) {
164			- $config_arg = { rcpt => $helo, %MERGE };
165			- $helo = $self->{_whitelist_soft_helo};
166			- }
167			-
168			- for my $h ($self->qp->config('whitelisthelo', $config_arg)) {
169			- if ($helo and lc $h eq lc $helo) {
170			- $self->qp->connection->notes('whitelisthelo', 1);
171			- $self->log(2,"helo host $helo in whitelisthelo");
172			- return OK;
173			- }
174			- }
175			- return DECLINED;
176			-}
177			-
178			-sub check_sender {
179			- my ($self, $transaction, $sender) = @_;
180			-
181			- # If per_recipient will be rcpt hook, and sender actually rcpt
182			- my $config_arg = {};
183			- if ($self->{_per_recipient}) {
184			- $config_arg = { rcpt => $sender, %MERGE };
185			- $sender = $transaction->sender;
186			- }
187			-
188			- return DECLINED if $sender->format eq '<>';
189			- my $addr = lc $sender->address or return DECLINED;
190			- my $host = lc $sender->host or return DECLINED;
191			-
192			- for my $h ($self->qp->config('whitelistsenders', $config_arg)) {
193			- next unless $h;
194			- $h = lc $h;
195			-
196			- if ($addr eq $h or $host eq $h) {
197			- $transaction->notes('whitelistsender', 1);
198			- $self->log(2,"envelope sender $addr in whitelistsenders");
199			- return OK;
200			- }
201			- }
202			- return DECLINED;
203			-}
204			-
205			-sub check_rcpt {
206			- my ($self, $transaction, $rcpt) = @_;
207			-
208			- my $addr = lc $rcpt->address or return DECLINED;
209			- my $host = lc $rcpt->host or return DECLINED;
210			-
211			- my $config_arg = $self->{_per_recipient} ? { rcpt => $rcpt, %MERGE } : {};
212			- for my $h ($self->qp->config('whitelistrcpt', $config_arg)) {
213			- next unless $h;
214			- $h = lc $h;
215			-
216			- if ($addr eq $h or $host eq $h) {
217			- my $note = $transaction->notes('whitelistrcpt');
218			- $transaction->notes('whitelistrcpt', ++$note);
219			- $self->log(2,"recipient $addr in whitelistrcpt");
220			- return OK;
221			- }
222			- }
223			- return DECLINED;
224			-}
225			-
226			-# arch-tag: 15a093f1-2960-4dbe-be72-584d7ff1d92a
227			-