57 lines
1.9 KiB
Diff
57 lines
1.9 KiB
Diff
|
diff -Nur -x '*.orig' -x '*.rej' qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm mezzanine_patched_qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm
|
||
|
--- qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm 2015-02-11 23:00:25.000000000 +0100
|
||
|
+++ mezzanine_patched_qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm 2015-12-16 22:37:30.919445045 +0100
|
||
|
@@ -241,7 +241,8 @@
|
||
|
}
|
||
|
|
||
|
my $offer_auth = 1;
|
||
|
- if ($self->transaction->notes('tls_enabled') && ($self->config('tls_before_auth'))[0]) {
|
||
|
+ if (($self->transaction->notes('tls_enabled') || $self->transaction->notes('tls_force_disabled')) &&
|
||
|
+ ($self->config('tls_before_auth'))[0]) {
|
||
|
$offer_auth = 0;
|
||
|
}
|
||
|
|
||
|
diff -Nur -x '*.orig' -x '*.rej' qpsmtpd-0.95/plugins/tls mezzanine_patched_qpsmtpd-0.95/plugins/tls
|
||
|
--- qpsmtpd-0.95/plugins/tls 2015-02-11 23:00:25.000000000 +0100
|
||
|
+++ mezzanine_patched_qpsmtpd-0.95/plugins/tls 2015-12-16 22:33:23.603427932 +0100
|
||
|
@@ -133,9 +133,15 @@
|
||
|
}
|
||
|
|
||
|
sub hook_ehlo {
|
||
|
- my ($self, $transaction) = @_;
|
||
|
+ my ($self, $transaction, $host) = @_;
|
||
|
return DECLINED unless $self->can_do_tls;
|
||
|
return DECLINED if $self->connection->notes('tls_enabled');
|
||
|
+ return DECLINED unless $host;
|
||
|
+ if ($self->_is_in_notls($host)) {
|
||
|
+ $self->log(LOGINFO, "Disabling TLS as host matches one of the notls config file");
|
||
|
+ $self->connection->notes('tls_force_disabled', 1);
|
||
|
+ return DECLINED;
|
||
|
+ }
|
||
|
return DENY, "Command refused due to lack of security"
|
||
|
if $transaction->notes('ssl_failed');
|
||
|
my $cap = $transaction->notes('capabilities') || [];
|
||
|
@@ -197,6 +203,22 @@
|
||
|
return DECLINED;
|
||
|
}
|
||
|
|
||
|
+sub _is_in_notls {
|
||
|
+ my ($self, $host) = @_;
|
||
|
+
|
||
|
+ $host = lc $host;
|
||
|
+ foreach my $line ($self->qp->config('notls')) {
|
||
|
+ # If line is a regex
|
||
|
+ if ($line =~ /[\{\}\[\]\(\)\^\$\|\*\+\?\\\!]/ && $host =~ /$line/) {
|
||
|
+ return 1;
|
||
|
+ }
|
||
|
+ if ($host eq lc $line) {
|
||
|
+ return 1;
|
||
|
+ }
|
||
|
+ }
|
||
|
+ return;
|
||
|
+}
|
||
|
+
|
||
|
sub _convert_to_ssl {
|
||
|
my ($self) = @_;
|
||
|
|