I found myself wanting to check for clients who are adding illegal whitespace after the MAIL FROM and RCPT TO commands. Before I started hacking, I did a quick search and found this thread:
Stricter parsing of mail from: and rcpt to: http://grokbase.com/t/perl/qpsmtpd/04cmjwqh9p/stricter-parsing-of-mail-from-and-rcpt-to/oldest The gist of the thread is that a number of people were for stricter parsing, a number were against, and nothing happened. A similar exchange was had regarding angle brackets, except that time hooks were added allowing plugins to rewrite the address, adding the missing angle brackets. For other similar purposes, Qpsmtpd::Command was added, and the ability to substitute ones own parser was added, probably about the same time the parse_addr_withhelo plugin was added. But I don't need an entirely new parser. I just want to do something quick and fun like: if ( 'from: ' eq lc substr($envelope_header, 0, 6) ) { $self->adjust_karma(-1); }; After reading the proposed solutions, the one I adopted was storing the unparsed line in a connection note, making it available to plugins that wish to inspect and act upon it. Matt PS: I find it amusing that 7 or 8 years later, clients inserting that space have a 97+% correlation with infected PCs. Not enough to block based on it, but more than enough to cast suspicious glances. --- a/lib/Qpsmtpd/SMTP.pm +++ b/lib/Qpsmtpd/SMTP.pm @@ -354,6 +354,7 @@ sub mail { } $self->log(LOGDEBUG, "full from_parameter: $line"); + $self->connection->notes('envelope_from', $line); $self->run_hooks("mail_parse", $line); } @@ -442,6 +443,7 @@ sub mail_respond { sub rcpt { my ($self, $line) = @_; + $self->connection->notes('envelope_rcpt', $line); $self->run_hooks("rcpt_parse", $line); }
