/[smeserver]/rpms/qpsmtpd/sme9/qpsmtpd-0.84-notls_conf.patch
ViewVC logotype

Contents of /rpms/qpsmtpd/sme9/qpsmtpd-0.84-notls_conf.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Fri May 15 14:00:44 2015 UTC (9 years, 5 months ago) by vip-ire
Branch: MAIN
CVS Tags: qpsmtpd-0_84-14_el6_sme, qpsmtpd-0_96-5_el6_sme, qpsmtpd-0_84-16_el6_sme, qpsmtpd-0_96-1_el6_sme, qpsmtpd-0_96-6_el6_sme, qpsmtpd-0_96-8_el6_sme, qpsmtpd-0_96-7_el6_sme, qpsmtpd-0_96-2_el6_sme, qpsmtpd-0_84-13_el6_sme, qpsmtpd-0_96-4_el6_sme, qpsmtpd-0_96-3_el6_sme, qpsmtpd-0_96-10_el6_sme, qpsmtpd-0_96-11_el6_sme, qpsmtpd-0_84-17_el6_sme, qpsmtpd-0_84-18_el6_sme, qpsmtpd-0_96-9_el6_sme, qpsmtpd-0_84-15_el6_sme, HEAD
* Fri May 15 2015 Daniel Berteaud <daniel@firewall-services.com> 0.84-13.sme
- New notls conf to set hosts you dont want to advertize STARTTLS to [SME: 8863]

1 diff -Nur qpsmtpd-0.84/lib/Qpsmtpd/SMTP.pm qpsmtpd-0.84_bz8863/lib/Qpsmtpd/SMTP.pm
2 --- qpsmtpd-0.84/lib/Qpsmtpd/SMTP.pm 2015-05-15 15:38:15.796000000 +0200
3 +++ qpsmtpd-0.84_bz8863/lib/Qpsmtpd/SMTP.pm 2015-05-15 15:39:30.602000000 +0200
4 @@ -240,7 +240,11 @@
5 }
6
7 # Check if we should only offer AUTH after TLS is completed
8 - my $tls_before_auth = ($self->config('tls_before_auth') ? ($self->config('tls_before_auth'))[0] && $self->transaction->notes('tls_enabled') : 0);
9 + my $tls_before_auth = ($self->config('tls_before_auth') ?
10 + (
11 + ($self->config('tls_before_auth'))[0] &&
12 + ($self->transaction->notes('tls_enabled') || $self->connection->notes('tls_force_disabled'))
13 + ) : 0);
14 if ( %auth_mechanisms && !$tls_before_auth) {
15 push @capabilities, 'AUTH '.join(" ",keys(%auth_mechanisms));
16 $self->{_commands}->{'auth'} = "";
17 diff -Nur qpsmtpd-0.84/plugins/tls qpsmtpd-0.84_bz8863/plugins/tls
18 --- qpsmtpd-0.84/plugins/tls 2015-05-15 15:38:15.791000000 +0200
19 +++ qpsmtpd-0.84_bz8863/plugins/tls 2015-05-15 15:55:06.719000000 +0200
20 @@ -107,9 +107,15 @@
21 }
22
23 sub hook_ehlo {
24 - my ($self, $transaction) = @_;
25 + my ($self, $transaction, $host) = @_;
26 return DECLINED unless $self->can_do_tls;
27 return DECLINED if $self->connection->notes('tls_enabled');
28 + return DECLINED unless $host;
29 + if ($self->_is_in_notls($host)) {
30 + $self->log(LOGINFO, "Disabling TLS as host matches one of the notls config file");
31 + $self->connection->notes('tls_force_disabled', 1);
32 + return DECLINED;
33 + }
34 return DENY, "Command refused due to lack of security" if $transaction->notes('ssl_failed');
35 my $cap = $transaction->notes('capabilities');
36 $cap ||= [];
37 @@ -165,6 +171,22 @@
38 return DECLINED;
39 }
40
41 +sub _is_in_notls {
42 + my ($self, $host) = @_;
43 +
44 + $host = lc $host;
45 + foreach my $line ($self->qp->config('notls')) {
46 + # If line is a regex
47 + if ($line =~ /[\{\}\[\]\(\)\^\$\|\*\+\?\\\!]/ && $host =~ /$line/) {
48 + return 1;
49 + }
50 + if ($host eq lc $line) {
51 + return 1;
52 + }
53 + }
54 + return;
55 +}
56 +
57 sub _convert_to_ssl {
58 my ($self) = @_;
59

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed