Larry Nedry wrote: > Is there any documentation that describes the where and why of a plugin > location in the config/plugins file?
To add to what Peter said, the documentation is not entirely clear on this topic, something that we would be happy to receive a patch to correct. ;-) The big picture is that there are multiple places during the SMTP transaction, and for each transition point, qpsmtpd provides a hook (or three) that plugins can use to interact with the system. More on hooks in a minutee. Within each hook, the plugins fire in First In First Out order (so the earlier in the config/plugins file a line appears, the earlier that plugin will fire for that hook). The order of the hooks is (more or less) exactly the order that they are described in the README.hooks file (which is probably by design, but since it doesn't mention this fact, that isn't clear). The hooks correspond directly to the phases of a SMTP transction (broad strokes here): connect - everything up to when the server (qpsmtpd) sends the 220 banner to the client; a hook at this point can already check the IP address of the sender and start checking blacklists (for example). helo/ehlo - this fires after the remote client sends its first greeting line (in response to the banner); the server will respond with capabilities (in the case of EHLO) that describe which SMTP extensions are valid (like TLS or AUTH). mail - this is the MAIL FROM hook and can be used to whitelist addresses which might fail later for some other reason. rcpt - this is the RCPT TO hook, and is typically used to validate that either the recipient address is one that this server will accept (local) or that the client is permitted to relay (see AUTH below). data - the last chance the qpsmptd server has a chance to DENY a remote sender before the actual message content is transmitted; not that helpful on its own, but see below. queue - after a message has been accepted for delivery, this hook is used to actually perform that delivery (whether that is local, relay to another server, or whatever). In addition to those large division, there are a couple of steps that can take place between ehlo and mail: tls - if the server has been set up with tls (and has a certificate defined), one of the capabilities that will be sent in response to EHLO is TLS; the remote client must initiate the session via STARTTLS, the SSL session is initialized and the rest of the communication occurs over a secure channel. auth - if the server has been provided with one or more auth methods, that will also be part of the capabilities advertised in response to the EHLO; the remote client will need to choose one of the provided AUTH methods and complete a login, at which point qpsmtpd will effectively consider that client to be local (for relay purposes). To round out this discussion, many of the above hooks have pre and post variants, which fire before or after the hook completes. For example, data_post happens after the client has sent the entire message body, but before the message has been queued. This is where your antivirus scanning or header scanning can be done. To keep things clear in my mind, I try to order my plugins together, so all of the connect plugins are in a clump, followed by the mail plugins, rcpt plugins, data_post plugins, and so forth. The confusing thing comes in where a given plugin may have two hooks (the blacklist plugins hook connect and rcpt (so they have time to perform the RBL check in the background). And a plugin like tls can be at the end of the config/plugins file, yet still function correctly since it hooks ehlo. Does that make anything clearer? It helps to have a good understanding of how SMTP works; qpsmtpd is still very much an advanced server for that reason... John
