Age | Commit message (Collapse) | Author |
|
changes - map the previous configuration to the equivalent in the new
groups. This will be revisited post release.
Discussed with beck@
|
|
|
|
this will be forbidden. The remaining pledge(2) calls after chroot(2) are still
kept.
OK semarie@ "it is time now"
|
|
|
|
the program
- Add error message to syslog if privdrop didn't succeed and then exit
- Remove lint comments
OK beck@ after his suggestion and also looks good to jca@
|
|
- check for root privileges, otherwise exit early with an appropriate
status code and a formatted string;
- be more specific with chroot()/chdir() checks.
OK beck@
|
|
|
|
this loads the tls certificate files pre-pledge then does the bulk of the tls
setup goo pledged.
|
|
All the work done by Ricardo Mestre <serial@helheim.mooo.com> - Thanks.
|
|
quite involved, due to tls_read potentially needing to write and tls_write
potentially needing to read (in the reneg case); that not fitting the spamd
model too well - it needs to keep a little more state.
help & ok bluhm & beck
|
|
STARTTLS dance. ok millert
|
|
and issue a new EHLO after STARTTLS. The misunderstaning seems to be common,
so we'll still grok MAIL FROM right after the STARTTLS dance, as well as
accepting a second EHLO. ok phessler beck millert
|
|
with bluhm
|
|
jointly with jsing@
|
|
ok jsing@
|
|
divert-to has many advantages over rdr-to for proxies. For example,
it is much easier to use, requires less code, does not depend on
/dev/pf, works in-band without the asynchronous lookup (DIOCNATLOOK
ioctl), saves us from additional port allocations by the rdr/NAT code,
and even avoids potential collisions and race conditions that could
theoretically happen with the lookup.
Heads up: users will have to update their spamd PF rules from rdr-to
to divert-to. spamd now also listens to 127.0.0.1 instead of "any"
(0.0.0.0) by default which should be fine with most setups but has to
be considered for some special configurations.
Based on a diff is almost two years old but got delayed several times
... beck@: "now is the time to get it in" :)
Tested by many
With help from okan@
OK okan@ beck@ millert@
|
|
handling along the way.
Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert
|
|
is embedded in each struct con so the descriptors can't get out of
sync with the pfd[] array. OK deraadt@
|
|
|
|
that includes all currently supported protocols (TLSv1.0, TLSv1.1 and
TLSv1.2). Change all users of libtls to use TLS_PROTOCOLS_ALL so that they
maintain existing behaviour.
Discussed with tedu@ and reyk@.
|
|
Rationale: when you publish DANE records for certificate pinning, you MUST
offer TLS on the indicated service. Not offering TLS is verboten since
that would re-open the door for a MitM. This is obviously fundamentally
incompatible with having spamd in front of your mailservers - spamd kinda
is a MitM here, but intentional and utterly valid.
DANE is desirable because it allows one to not have to trust the broken
SSL CA model, and, depending on the mode chosen, even show the SSL cert
mafia the middle finger by not needing them at all.
ok reyk jsing bob
|
|
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
|
|
|
|
|
|
a union that can store either ipv4 or ipv6. The old method used
4x as much memory as was really needed for ipv4. The spamd-setup
protocol has changed from: tag;message;a/m;a/m;a/m...\n
to :tag;message;af;count;a/m;a/m;a/m...[af;count;a/m;a/m;a/m]\n
OK phessler@ "nice" beck@
|
|
connection buffer. Significantly speeds up spamd-setup for lage
blacklists. Also free the buffer when we are done with it so memory
can be returned to the system (as it can grow quite large).
OK deraadt@
|
|
o doreply() just calls build_reply()
o remove a few dead stores and useless variables
o use the asprintf() return value
OK deraadt@
|
|
Use <fcntl.h> instead of <sys/{file,fcntl}.h>
ok krw@
|
|
|
|
OK beck@
|
|
ok beck phessler
|
|
from Liam J. Foy
|
|
millert, camield..
|
|
|
|
recyle of a fd which is still set.
ok claudio
|
|
typically when a client just flings commands at us without looking
for responses and then gets confused.
ok jsing@
|
|
|
|
error out.
Add a new user _rwalld for rpc.rwalld, and use that instead
of nobody, also unconditionally drop to _rwalld not only
if rpc.rwalld was started with euid 0 (as root).
ok deraadt@
|
|
A number of small improvements:
- patch for empty lines and comments in alloweddomains_file
- remove some whitespaces at end of line.
- document comment and empty line handling
- Remove unused parameter 'r' from getopt in spamd.c, it is removed in the 'switch statement'
but not in getopt.
http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/spamd/spamd.c.diff?r1=1.94;r2=1.95;f=h
- replace atoi with strtonum
- make debug output more usefull, display only what will be synced and not a second
message which prints always "sync trapped %s"
- some cosemtic and whitespace fixes.
|
|
ok beck@
|
|
noticed and patch from Piotr Sikora <piotr@sikora.nu>
|
|
ok millert@
|
|
|
|
|
|
1) Implement the NOOP command, which now seems necessary for certain
windows mail wrappers and sender verification schemes. Tested by me
and sidcarter@symonds.net, who noticed the problem on his site.
ok millert@
2) Change the behaviour of the maxblack parameter, instead of hanging
up immediately on new blacklisted connections when the maxblack parameter
is reached, we instead make spamd not stutter at them, so the connection
is instead completed quickly. This seems to handle peaks and spikes
much better than the old way of doing this.
ok deraadt@, with some man page changes by jmc@
|
|
|
|
address than the primary one. spamd will trap hosts that contact this
address first without first contacting the primary.
- get it in, deraadt@
|
|
than a hardcoded value.
ok reyk@, deraadt@ with knfisms and saner variable names
|
|
ok jmc@, reyk@
|
|
commit with the U of A value, which may not be safe on all GENERICs with
an unmodified kern.maxfiles
|