/[smeserver]/rpms/qpsmtpd/sme9/qpsmtpd-0.84-notls_conf.patch
ViewVC logotype

Annotation of /rpms/qpsmtpd/sme9/qpsmtpd-0.84-notls_conf.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Fri May 15 14:00:44 2015 UTC (9 years ago) by vip-ire
Branch: MAIN
CVS Tags: qpsmtpd-0_84-14_el6_sme, qpsmtpd-0_96-5_el6_sme, qpsmtpd-0_84-16_el6_sme, qpsmtpd-0_96-1_el6_sme, qpsmtpd-0_96-6_el6_sme, qpsmtpd-0_96-8_el6_sme, qpsmtpd-0_96-7_el6_sme, qpsmtpd-0_96-2_el6_sme, qpsmtpd-0_84-13_el6_sme, qpsmtpd-0_96-4_el6_sme, qpsmtpd-0_96-3_el6_sme, qpsmtpd-0_96-10_el6_sme, qpsmtpd-0_96-11_el6_sme, qpsmtpd-0_84-17_el6_sme, qpsmtpd-0_84-18_el6_sme, qpsmtpd-0_96-9_el6_sme, qpsmtpd-0_84-15_el6_sme, HEAD 
* Fri May 15 2015 Daniel Berteaud <daniel@firewall-services.com> 0.84-13.sme
- New notls conf to set hosts you dont want to advertize STARTTLS to [SME: 8863]
1 vip-ire 1.1 diff -Nur qpsmtpd-0.84/lib/Qpsmtpd/SMTP.pm qpsmtpd-0.84_bz8863/lib/Qpsmtpd/SMTP.pm
2     --- qpsmtpd-0.84/lib/Qpsmtpd/SMTP.pm 2015-05-15 15:38:15.796000000 +0200
3     +++ qpsmtpd-0.84_bz8863/lib/Qpsmtpd/SMTP.pm 2015-05-15 15:39:30.602000000 +0200
4     @@ -240,7 +240,11 @@
5     }
6    
7     # Check if we should only offer AUTH after TLS is completed
8     - my $tls_before_auth = ($self->config('tls_before_auth') ? ($self->config('tls_before_auth'))[0] && $self->transaction->notes('tls_enabled') : 0);
9     + my $tls_before_auth = ($self->config('tls_before_auth') ?
10     + (
11     + ($self->config('tls_before_auth'))[0] &&
12     + ($self->transaction->notes('tls_enabled') || $self->connection->notes('tls_force_disabled'))
13     + ) : 0);
14     if ( %auth_mechanisms && !$tls_before_auth) {
15     push @capabilities, 'AUTH '.join(" ",keys(%auth_mechanisms));
16     $self->{_commands}->{'auth'} = "";
17     diff -Nur qpsmtpd-0.84/plugins/tls qpsmtpd-0.84_bz8863/plugins/tls
18     --- qpsmtpd-0.84/plugins/tls 2015-05-15 15:38:15.791000000 +0200
19     +++ qpsmtpd-0.84_bz8863/plugins/tls 2015-05-15 15:55:06.719000000 +0200
20     @@ -107,9 +107,15 @@
21     }
22    
23     sub hook_ehlo {
24     - my ($self, $transaction) = @_;
25     + my ($self, $transaction, $host) = @_;
26     return DECLINED unless $self->can_do_tls;
27     return DECLINED if $self->connection->notes('tls_enabled');
28     + return DECLINED unless $host;
29     + if ($self->_is_in_notls($host)) {
30     + $self->log(LOGINFO, "Disabling TLS as host matches one of the notls config file");
31     + $self->connection->notes('tls_force_disabled', 1);
32     + return DECLINED;
33     + }
34     return DENY, "Command refused due to lack of security" if $transaction->notes('ssl_failed');
35     my $cap = $transaction->notes('capabilities');
36     $cap ||= [];
37     @@ -165,6 +171,22 @@
38     return DECLINED;
39     }
40    
41     +sub _is_in_notls {
42     + my ($self, $host) = @_;
43     +
44     + $host = lc $host;
45     + foreach my $line ($self->qp->config('notls')) {
46     + # If line is a regex
47     + if ($line =~ /[\{\}\[\]\(\)\^\$\|\*\+\?\\\!]/ && $host =~ /$line/) {
48     + return 1;
49     + }
50     + if ($host eq lc $line) {
51     + return 1;
52     + }
53     + }
54     + return;
55     +}
56     +
57     sub _convert_to_ssl {
58     my ($self) = @_;
59    
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed