qpsmtpd/qpsmtpd-0.95-notls_conf.patch

57 lines
1.9 KiB
Diff
Raw Normal View History

diff -Nur -x '*.orig' -x '*.rej' qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm mezzanine_patched_qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm
--- qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm 2015-02-11 23:00:25.000000000 +0100
+++ mezzanine_patched_qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm 2015-12-16 22:37:30.919445045 +0100
@@ -241,7 +241,8 @@
}
my $offer_auth = 1;
- if ($self->transaction->notes('tls_enabled') && ($self->config('tls_before_auth'))[0]) {
+ if (($self->transaction->notes('tls_enabled') || $self->transaction->notes('tls_force_disabled')) &&
+ ($self->config('tls_before_auth'))[0]) {
$offer_auth = 0;
}
diff -Nur -x '*.orig' -x '*.rej' qpsmtpd-0.95/plugins/tls mezzanine_patched_qpsmtpd-0.95/plugins/tls
--- qpsmtpd-0.95/plugins/tls 2015-02-11 23:00:25.000000000 +0100
+++ mezzanine_patched_qpsmtpd-0.95/plugins/tls 2015-12-16 22:33:23.603427932 +0100
@@ -133,9 +133,15 @@
}
sub hook_ehlo {
- my ($self, $transaction) = @_;
+ my ($self, $transaction, $host) = @_;
return DECLINED unless $self->can_do_tls;
return DECLINED if $self->connection->notes('tls_enabled');
+ return DECLINED unless $host;
+ if ($self->_is_in_notls($host)) {
+ $self->log(LOGINFO, "Disabling TLS as host matches one of the notls config file");
+ $self->connection->notes('tls_force_disabled', 1);
+ return DECLINED;
+ }
return DENY, "Command refused due to lack of security"
if $transaction->notes('ssl_failed');
my $cap = $transaction->notes('capabilities') || [];
@@ -197,6 +203,22 @@
return DECLINED;
}
+sub _is_in_notls {
+ my ($self, $host) = @_;
+
+ $host = lc $host;
+ foreach my $line ($self->qp->config('notls')) {
+ # If line is a regex
+ if ($line =~ /[\{\}\[\]\(\)\^\$\|\*\+\?\\\!]/ && $host =~ /$line/) {
+ return 1;
+ }
+ if ($host eq lc $line) {
+ return 1;
+ }
+ }
+ return;
+}
+
sub _convert_to_ssl {
my ($self) = @_;