diff options
| author | Eric Faurot <eric@cvs.openbsd.org> | 2013-11-06 10:01:30 +0000 |
|---|---|---|
| committer | Eric Faurot <eric@cvs.openbsd.org> | 2013-11-06 10:01:30 +0000 |
| commit | 0960f1497adeed8214c7f1943c6de212fb3a594f (patch) | |
| tree | 25860af318c0a4b313f827eeb6284b9a69bd7284 /usr.sbin/smtpd/to.c | |
| parent | 278e0e70a50aa814408ee0756a520e3d0c54f626 (diff) | |
Much much improved config parser and related changes.
Simplify code and do not impose an order on conditions and rule options.
Format changes that may require smtpd.conf update for some setups:
- SSL certificates are no longer automatically loaded, but must be
explicitely declared using the "pki" keyword.
- "certificate" option becomes "pki" in listener and accept rules.
- "ssl://" becomes "secure://" in relay via rules.
- "helo" becomes "hostnames" in relay rules
New features:
- accept rules do not need an explicit action, in which case alias table
or .forward must provide one.
- new "forward-only" action to force relaying and reject rcpts that expand
as local delivery.
- "!" (negation) modifier on rule matching conditions.
- new "recipient" rule matching condition.
- new "verify" option on listeners and relay rules to reject invalid
certificates.
Other changes:
- remember the helo name advertised on incoming mail and use it for sending
bounces.
- bump envelope version (existing envelopes are updated on-the-fly).
Diffstat (limited to 'usr.sbin/smtpd/to.c')
| -rw-r--r-- | usr.sbin/smtpd/to.c | 41 |
1 files changed, 30 insertions, 11 deletions
diff --git a/usr.sbin/smtpd/to.c b/usr.sbin/smtpd/to.c index 8e3a93f1bf9..b9da9be0274 100644 --- a/usr.sbin/smtpd/to.c +++ b/usr.sbin/smtpd/to.c @@ -1,4 +1,4 @@ -/* $OpenBSD: to.c,v 1.11 2013/10/28 10:32:17 eric Exp $ */ +/* $OpenBSD: to.c,v 1.12 2013/11/06 10:01:29 eric Exp $ */ /* * Copyright (c) 2009 Jacek Masiulaniec <jacekm@dobremiasto.net> @@ -321,8 +321,12 @@ text_to_relayhost(struct relayhost *relay, const char *s) { static const struct schema { const char *name; - uint8_t flags; + uint16_t flags; } schemas [] = { + /* + * new schemas should be *appended* otherwise the default + * schema index needs to be updated later in this function. + */ { "smtp://", 0 }, { "lmtp://", F_LMTP }, { "smtp+tls://", F_TLS_OPTIONAL }, @@ -330,8 +334,8 @@ text_to_relayhost(struct relayhost *relay, const char *s) { "tls://", F_STARTTLS }, { "smtps+auth://", F_SMTPS|F_AUTH }, { "tls+auth://", F_STARTTLS|F_AUTH }, - { "ssl://", F_SMTPS|F_STARTTLS }, - { "ssl+auth://", F_SMTPS|F_STARTTLS|F_AUTH }, + { "secure://", F_SMTPS|F_STARTTLS }, + { "secure+auth://", F_SMTPS|F_STARTTLS|F_AUTH }, { "backup://", F_BACKUP } }; const char *errstr = NULL; @@ -414,10 +418,10 @@ relayhost_to_text(const struct relayhost *relay) bzero(buf, sizeof buf); switch (relay->flags) { case F_SMTPS|F_STARTTLS|F_AUTH: - strlcat(buf, "ssl+auth://", sizeof buf); + strlcat(buf, "secure+auth://", sizeof buf); break; case F_SMTPS|F_STARTTLS: - strlcat(buf, "ssl://", sizeof buf); + strlcat(buf, "secure://", sizeof buf); break; case F_STARTTLS|F_AUTH: strlcat(buf, "tls+auth://", sizeof buf); @@ -425,12 +429,18 @@ relayhost_to_text(const struct relayhost *relay) case F_SMTPS|F_AUTH: strlcat(buf, "smtps+auth://", sizeof buf); break; + case F_STARTTLS|F_TLS_VERIFY: + strlcat(buf, "tls://", sizeof buf); + break; case F_STARTTLS: strlcat(buf, "tls://", sizeof buf); break; case F_SMTPS: strlcat(buf, "smtps://", sizeof buf); break; + case F_SMTPS|F_TLS_VERIFY: + strlcat(buf, "smtps://", sizeof buf); + break; case F_BACKUP: strlcat(buf, "backup://", sizeof buf); break; @@ -501,19 +511,26 @@ rule_to_text(struct rule *r) bzero(buf, sizeof buf); strlcpy(buf, r->r_decision == R_ACCEPT ? "accept" : "reject", sizeof buf); if (r->r_tag[0]) { - strlcat(buf, " on ", sizeof buf); + strlcat(buf, " tagged ", sizeof buf); + if (r->r_nottag) + strlcat(buf, "! ", sizeof buf); strlcat(buf, r->r_tag, sizeof buf); } strlcat(buf, " from ", sizeof buf); + if (r->r_notsources) + strlcat(buf, "! ", sizeof buf); strlcat(buf, r->r_sources->t_name, sizeof buf); + strlcat(buf, " for ", sizeof buf); + if (r->r_notdestination) + strlcat(buf, "! ", sizeof buf); switch (r->r_desttype) { case DEST_DOM: if (r->r_destination == NULL) { - strlcat(buf, " for any", sizeof buf); + strlcat(buf, " any", sizeof buf); break; } - strlcat(buf, " for domain ", sizeof buf); + strlcat(buf, " domain ", sizeof buf); strlcat(buf, r->r_destination->t_name, sizeof buf); if (r->r_mapping) { strlcat(buf, " alias ", sizeof buf); @@ -522,11 +539,11 @@ rule_to_text(struct rule *r) break; case DEST_VDOM: if (r->r_destination == NULL) { - strlcat(buf, " for any virtual ", sizeof buf); + strlcat(buf, " any virtual ", sizeof buf); strlcat(buf, r->r_mapping->t_name, sizeof buf); break; } - strlcat(buf, " for domain ", sizeof buf); + strlcat(buf, " domain ", sizeof buf); strlcat(buf, r->r_destination->t_name, sizeof buf); strlcat(buf, " virtual ", sizeof buf); strlcat(buf, r->r_mapping->t_name, sizeof buf); @@ -564,6 +581,8 @@ rule_to_text(struct rule *r) strlcat(buf, r->r_value.buffer, sizeof buf); strlcat(buf, "\"", sizeof buf); break; + case A_NONE: + break; } return buf; |