qpsmtpd/sme9/qpsmtpd-0.95-notls_conf.patch

diff -Nur -x '*.orig' -x '*.rej' qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm mezzanine_patched_qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm
--- qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm    2015-02-11 23:00:25.000000000 +0100
+++ mezzanine_patched_qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm  2015-12-16 22:37:30.919445045 +0100
@@ -241,7 +241,8 @@
     }
 
     my $offer_auth = 1;
-    if ($self->transaction->notes('tls_enabled') && ($self->config('tls_before_auth'))[0]) {
+    if (($self->transaction->notes('tls_enabled') || $self->transaction->notes('tls_force_disabled')) &&
+        ($self->config('tls_before_auth'))[0]) {
         $offer_auth = 0;
     }
 
diff -Nur -x '*.orig' -x '*.rej' qpsmtpd-0.95/plugins/tls mezzanine_patched_qpsmtpd-0.95/plugins/tls
--- qpsmtpd-0.95/plugins/tls    2015-02-11 23:00:25.000000000 +0100
+++ mezzanine_patched_qpsmtpd-0.95/plugins/tls  2015-12-16 22:33:23.603427932 +0100
@@ -133,9 +133,15 @@
 }
 
 sub hook_ehlo {
-    my ($self, $transaction) = @_;
+    my ($self, $transaction, $host) = @_;
     return DECLINED unless $self->can_do_tls;
     return DECLINED if $self->connection->notes('tls_enabled');
+    return DECLINED unless $host;
+    if ($self->_is_in_notls($host)) {
+        $self->log(LOGINFO, "Disabling TLS as host matches one of the notls config file");
+        $self->connection->notes('tls_force_disabled', 1);
+        return DECLINED;
+    }
     return DENY, "Command refused due to lack of security"
       if $transaction->notes('ssl_failed');
     my $cap = $transaction->notes('capabilities') || [];
@@ -197,6 +203,22 @@
     return DECLINED;
 }
 
+sub _is_in_notls {
+    my ($self, $host) = @_;
+
+    $host = lc $host;
+    foreach my $line ($self->qp->config('notls')) {
+        # If line is a regex
+        if ($line =~ /[\{\}\[\]\(\)\^\$\|\*\+\?\\\!]/ && $host =~ /$line/) {
+            return 1;
+        }
+        if ($host eq lc $line) {
+            return 1;
+        }
+    }
+    return;
+}
+
 sub _convert_to_ssl {
     my ($self) = @_;
 
1	vip-ire	1.1	diff -Nur -x '.orig' -x '.rej' qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm mezzanine_patched_qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm
2			--- qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm 2015-02-11 23:00:25.000000000 +0100
3			+++ mezzanine_patched_qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm 2015-12-16 22:37:30.919445045 +0100
4			@@ -241,7 +241,8 @@
5			}
6
7			my $offer_auth = 1;
8			- if ($self->transaction->notes('tls_enabled') && ($self->config('tls_before_auth'))[0]) {
9			+ if (($self->transaction->notes('tls_enabled') \|\| $self->transaction->notes('tls_force_disabled')) &&
10			+ ($self->config('tls_before_auth'))[0]) {
11			$offer_auth = 0;
12			}
13
14			diff -Nur -x '.orig' -x '.rej' qpsmtpd-0.95/plugins/tls mezzanine_patched_qpsmtpd-0.95/plugins/tls
15			--- qpsmtpd-0.95/plugins/tls 2015-02-11 23:00:25.000000000 +0100
16			+++ mezzanine_patched_qpsmtpd-0.95/plugins/tls 2015-12-16 22:33:23.603427932 +0100
17			@@ -133,9 +133,15 @@
18			}
19
20			sub hook_ehlo {
21			- my ($self, $transaction) = @_;
22			+ my ($self, $transaction, $host) = @_;
23			return DECLINED unless $self->can_do_tls;
24			return DECLINED if $self->connection->notes('tls_enabled');
25			+ return DECLINED unless $host;
26			+ if ($self->_is_in_notls($host)) {
27			+ $self->log(LOGINFO, "Disabling TLS as host matches one of the notls config file");
28			+ $self->connection->notes('tls_force_disabled', 1);
29			+ return DECLINED;
30			+ }
31			return DENY, "Command refused due to lack of security"
32			if $transaction->notes('ssl_failed');
33			my $cap = $transaction->notes('capabilities') \|\| [];
34			@@ -197,6 +203,22 @@
35			return DECLINED;
36			}
37
38			+sub _is_in_notls {
39			+ my ($self, $host) = @_;
40			+
41			+ $host = lc $host;
42			+ foreach my $line ($self->qp->config('notls')) {
43			+ # If line is a regex
44			+ if ($line =~ /[\{\}\[\]\(\)\^\$\\|\*\+\?\\\!]/ && $host =~ /$line/) {
45			+ return 1;
46			+ }
47			+ if ($host eq lc $line) {
48			+ return 1;
49			+ }
50			+ }
51			+ return;
52			+}
53			+
54			sub _convert_to_ssl {
55			my ($self) = @_;
56