qpsmtpd/sme9/qpsmtpd-0.84-notls_conf.patch

diff -Nur qpsmtpd-0.84/lib/Qpsmtpd/SMTP.pm qpsmtpd-0.84_bz8863/lib/Qpsmtpd/SMTP.pm
--- qpsmtpd-0.84/lib/Qpsmtpd/SMTP.pm    2015-05-15 15:38:15.796000000 +0200
+++ qpsmtpd-0.84_bz8863/lib/Qpsmtpd/SMTP.pm     2015-05-15 15:39:30.602000000 +0200
@@ -240,7 +240,11 @@
     }
 
     # Check if we should only offer AUTH after TLS is completed
-    my $tls_before_auth = ($self->config('tls_before_auth') ? ($self->config('tls_before_auth'))[0] && $self->transaction->notes('tls_enabled') : 0); 
+    my $tls_before_auth = ($self->config('tls_before_auth') ?
+      ( 
+        ($self->config('tls_before_auth'))[0] &&
+          ($self->transaction->notes('tls_enabled') || $self->connection->notes('tls_force_disabled'))
+      ) : 0);
     if ( %auth_mechanisms && !$tls_before_auth) {
         push @capabilities, 'AUTH '.join(" ",keys(%auth_mechanisms));    
         $self->{_commands}->{'auth'} = "";
diff -Nur qpsmtpd-0.84/plugins/tls qpsmtpd-0.84_bz8863/plugins/tls
--- qpsmtpd-0.84/plugins/tls    2015-05-15 15:38:15.791000000 +0200
+++ qpsmtpd-0.84_bz8863/plugins/tls     2015-05-15 15:55:06.719000000 +0200
@@ -107,9 +107,15 @@
 }
 
 sub hook_ehlo {
-    my ($self, $transaction) = @_;
+    my ($self, $transaction, $host) = @_;
     return DECLINED unless $self->can_do_tls;
     return DECLINED if $self->connection->notes('tls_enabled');
+    return DECLINED unless $host;
+    if ($self->_is_in_notls($host)) {
+        $self->log(LOGINFO, "Disabling TLS as host matches one of the notls config file");
+        $self->connection->notes('tls_force_disabled', 1);
+        return DECLINED;
+    }
     return DENY, "Command refused due to lack of security" if $transaction->notes('ssl_failed');
     my $cap = $transaction->notes('capabilities');
     $cap ||= [];
@@ -165,6 +171,22 @@
     return DECLINED;
 }
 
+sub _is_in_notls {
+    my ($self, $host) = @_;
+
+    $host = lc $host;
+    foreach my $line ($self->qp->config('notls')) {
+        # If line is a regex
+        if ($line =~ /[\{\}\[\]\(\)\^\$\|\*\+\?\\\!]/ && $host =~ /$line/) {
+            return 1;
+        }
+        if ($host eq lc $line) {
+            return 1;
+        }
+    }
+    return;
+}
+
 sub _convert_to_ssl {
     my ($self) = @_;
 
1	diff -Nur qpsmtpd-0.84/lib/Qpsmtpd/SMTP.pm qpsmtpd-0.84_bz8863/lib/Qpsmtpd/SMTP.pm
2	--- qpsmtpd-0.84/lib/Qpsmtpd/SMTP.pm 2015-05-15 15:38:15.796000000 +0200
3	+++ qpsmtpd-0.84_bz8863/lib/Qpsmtpd/SMTP.pm 2015-05-15 15:39:30.602000000 +0200
4	@@ -240,7 +240,11 @@
5	}
6
7	# Check if we should only offer AUTH after TLS is completed
8	- my $tls_before_auth = ($self->config('tls_before_auth') ? ($self->config('tls_before_auth'))[0] && $self->transaction->notes('tls_enabled') : 0);
9	+ my $tls_before_auth = ($self->config('tls_before_auth') ?
10	+ (
11	+ ($self->config('tls_before_auth'))[0] &&
12	+ ($self->transaction->notes('tls_enabled') \|\| $self->connection->notes('tls_force_disabled'))
13	+ ) : 0);
14	if ( %auth_mechanisms && !$tls_before_auth) {
15	push @capabilities, 'AUTH '.join(" ",keys(%auth_mechanisms));
16	$self->{_commands}->{'auth'} = "";
17	diff -Nur qpsmtpd-0.84/plugins/tls qpsmtpd-0.84_bz8863/plugins/tls
18	--- qpsmtpd-0.84/plugins/tls 2015-05-15 15:38:15.791000000 +0200
19	+++ qpsmtpd-0.84_bz8863/plugins/tls 2015-05-15 15:55:06.719000000 +0200
20	@@ -107,9 +107,15 @@
21	}
22
23	sub hook_ehlo {
24	- my ($self, $transaction) = @_;
25	+ my ($self, $transaction, $host) = @_;
26	return DECLINED unless $self->can_do_tls;
27	return DECLINED if $self->connection->notes('tls_enabled');
28	+ return DECLINED unless $host;
29	+ if ($self->_is_in_notls($host)) {
30	+ $self->log(LOGINFO, "Disabling TLS as host matches one of the notls config file");
31	+ $self->connection->notes('tls_force_disabled', 1);
32	+ return DECLINED;
33	+ }
34	return DENY, "Command refused due to lack of security" if $transaction->notes('ssl_failed');
35	my $cap = $transaction->notes('capabilities');
36	$cap \|\|= [];
37	@@ -165,6 +171,22 @@
38	return DECLINED;
39	}
40
41	+sub _is_in_notls {
42	+ my ($self, $host) = @_;
43	+
44	+ $host = lc $host;
45	+ foreach my $line ($self->qp->config('notls')) {
46	+ # If line is a regex
47	+ if ($line =~ /[\{\}\[\]\(\)\^\$\\|\*\+\?\\\!]/ && $host =~ /$line/) {
48	+ return 1;
49	+ }
50	+ if ($host eq lc $line) {
51	+ return 1;
52	+ }
53	+ }
54	+ return;
55	+}
56	+
57	sub _convert_to_ssl {
58	my ($self) = @_;
59