qpsmtpd/sme9/qpsmtpd-0.95-notls_conf.patch

diff -Nur -x '*.orig' -x '*.rej' qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm mezzanine_patched_qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm
--- qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm    2015-02-11 23:00:25.000000000 +0100
+++ mezzanine_patched_qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm  2015-12-16 22:37:30.919445045 +0100
@@ -241,7 +241,8 @@
     }
 
     my $offer_auth = 1;
-    if ($self->transaction->notes('tls_enabled') && ($self->config('tls_before_auth'))[0]) {
+    if (($self->transaction->notes('tls_enabled') || $self->transaction->notes('tls_force_disabled')) &&
+        ($self->config('tls_before_auth'))[0]) {
         $offer_auth = 0;
     }
 
diff -Nur -x '*.orig' -x '*.rej' qpsmtpd-0.95/plugins/tls mezzanine_patched_qpsmtpd-0.95/plugins/tls
--- qpsmtpd-0.95/plugins/tls    2015-02-11 23:00:25.000000000 +0100
+++ mezzanine_patched_qpsmtpd-0.95/plugins/tls  2015-12-16 22:33:23.603427932 +0100
@@ -133,9 +133,15 @@
 }
 
 sub hook_ehlo {
-    my ($self, $transaction) = @_;
+    my ($self, $transaction, $host) = @_;
     return DECLINED unless $self->can_do_tls;
     return DECLINED if $self->connection->notes('tls_enabled');
+    return DECLINED unless $host;
+    if ($self->_is_in_notls($host)) {
+        $self->log(LOGINFO, "Disabling TLS as host matches one of the notls config file");
+        $self->connection->notes('tls_force_disabled', 1);
+        return DECLINED;
+    }
     return DENY, "Command refused due to lack of security"
       if $transaction->notes('ssl_failed');
     my $cap = $transaction->notes('capabilities') || [];
@@ -197,6 +203,22 @@
     return DECLINED;
 }
 
+sub _is_in_notls {
+    my ($self, $host) = @_;
+
+    $host = lc $host;
+    foreach my $line ($self->qp->config('notls')) {
+        # If line is a regex
+        if ($line =~ /[\{\}\[\]\(\)\^\$\|\*\+\?\\\!]/ && $host =~ /$line/) {
+            return 1;
+        }
+        if ($host eq lc $line) {
+            return 1;
+        }
+    }
+    return;
+}
+
 sub _convert_to_ssl {
     my ($self) = @_;
 
1	diff -Nur -x '.orig' -x '.rej' qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm mezzanine_patched_qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm
2	--- qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm 2015-02-11 23:00:25.000000000 +0100
3	+++ mezzanine_patched_qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm 2015-12-16 22:37:30.919445045 +0100
4	@@ -241,7 +241,8 @@
5	}
6
7	my $offer_auth = 1;
8	- if ($self->transaction->notes('tls_enabled') && ($self->config('tls_before_auth'))[0]) {
9	+ if (($self->transaction->notes('tls_enabled') \|\| $self->transaction->notes('tls_force_disabled')) &&
10	+ ($self->config('tls_before_auth'))[0]) {
11	$offer_auth = 0;
12	}
13
14	diff -Nur -x '.orig' -x '.rej' qpsmtpd-0.95/plugins/tls mezzanine_patched_qpsmtpd-0.95/plugins/tls
15	--- qpsmtpd-0.95/plugins/tls 2015-02-11 23:00:25.000000000 +0100
16	+++ mezzanine_patched_qpsmtpd-0.95/plugins/tls 2015-12-16 22:33:23.603427932 +0100
17	@@ -133,9 +133,15 @@
18	}
19
20	sub hook_ehlo {
21	- my ($self, $transaction) = @_;
22	+ my ($self, $transaction, $host) = @_;
23	return DECLINED unless $self->can_do_tls;
24	return DECLINED if $self->connection->notes('tls_enabled');
25	+ return DECLINED unless $host;
26	+ if ($self->_is_in_notls($host)) {
27	+ $self->log(LOGINFO, "Disabling TLS as host matches one of the notls config file");
28	+ $self->connection->notes('tls_force_disabled', 1);
29	+ return DECLINED;
30	+ }
31	return DENY, "Command refused due to lack of security"
32	if $transaction->notes('ssl_failed');
33	my $cap = $transaction->notes('capabilities') \|\| [];
34	@@ -197,6 +203,22 @@
35	return DECLINED;
36	}
37
38	+sub _is_in_notls {
39	+ my ($self, $host) = @_;
40	+
41	+ $host = lc $host;
42	+ foreach my $line ($self->qp->config('notls')) {
43	+ # If line is a regex
44	+ if ($line =~ /[\{\}\[\]\(\)\^\$\\|\*\+\?\\\!]/ && $host =~ /$line/) {
45	+ return 1;
46	+ }
47	+ if ($host eq lc $line) {
48	+ return 1;
49	+ }
50	+ }
51	+ return;
52	+}
53	+
54	sub _convert_to_ssl {
55	my ($self) = @_;
56