summaryrefslogtreecommitdiff
path: root/libexec/spamd/spamd.c
AgeCommit message (Collapse)Author
2016-07-13Adjust existing tls_config_set_cipher() callers for TLS cipher groupJoel Sing
changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release. Discussed with beck@
2016-05-17tyopJeremie Courreges-Anglas
2016-04-27Remove pledge(2)'s that are called before chroot(2) since in the near futureRicardo Mestre
this will be forbidden. The remaining pledge(2) calls after chroot(2) are still kept. OK semarie@ "it is time now"
2016-04-10per rfc, ehlo responses contain hostname, then options. from dyn+bsdTed Unangst
2016-03-25- Both checks for pw are not needed since it was already done at the start ofmestre
the program - Add error message to syslog if privdrop didn't succeed and then exit - Remove lint comments OK beck@ after his suggestion and also looks good to jca@
2016-03-10- add a define for "_spamd" user like others OpenBSD daemons;Gleydson Soares
- check for root privileges, otherwise exit early with an appropriate status code and a formatted string; - be more specific with chroot()/chdir() checks. OK beck@
2015-12-12Remove NULL-checks before free(). ok tb@mmcc
2015-12-10tighten the pledge for spamd, from Ricardo Mestre <serial@helheim.mooo.com>Bob Beck
this loads the tls certificate files pre-pledge then does the bulk of the tls setup goo pledged.
2015-12-08Initially pledge spamdBob Beck
All the work done by Ricardo Mestre <serial@helheim.mooo.com> - Thanks.
2015-12-05adjust to newer tls_read/_write semantics.Henning Brauer
quite involved, due to tls_read potentially needing to write and tls_write potentially needing to read (in the reneg case); that not fitting the spamd model too well - it needs to keep a little more state. help & ok bluhm & beck
2015-12-02in response to EHLO, don't offer STARTTLS if we already completed theHenning Brauer
STARTTLS dance. ok millert
2015-12-02I misread the standard when adding TLS; clients are supposed to start overHenning Brauer
and issue a new EHLO after STARTTLS. The misunderstaning seems to be common, so we'll still grok MAIL FROM right after the STARTTLS dance, as well as accepting a second EHLO. ok phessler beck millert
2015-12-02fix error messages to say tls_write after tls_write and not tls_read...Henning Brauer
with bluhm
2015-09-10read, tls_read, and tls_write return ssize_tBob Beck
jointly with jsing@
2015-09-10fix after libtls api changesBob Beck
ok jsing@
2015-05-18Change spamd to use divert-to instead of rdr-to.Reyk Floeter
divert-to has many advantages over rdr-to for proxies. For example, it is much easier to use, requires less code, does not depend on /dev/pf, works in-band without the asynchronous lookup (DIOCNATLOOK ioctl), saves us from additional port allocations by the rdr/NAT code, and even avoids potential collisions and race conditions that could theoretically happen with the lookup. Heads up: users will have to update their spamd PF rules from rdr-to to divert-to. spamd now also listens to 127.0.0.1 instead of "any" (0.0.0.0) by default which should be fine with most setups but has to be considered for some special configurations. Based on a diff is almost two years old but got delayed several times ... beck@: "now is the time to get it in" :) Tested by many With help from okan@ OK okan@ beck@ millert@
2015-04-18Convert many atoi() calls to strtonum(), adding range checks and failureTheo de Raadt
handling along the way. Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert
2015-03-12Use poll(2) instead of select(2). A pointer to the struct pollfdTodd C. Miller
is embedded in each struct con so the descriptors can't get out of sync with the pfd[] array. OK deraadt@
2015-02-22Set the TLS ciphers to "compat" mode, restoring the previous behaviour.Joel Sing
2015-02-12Change TLS_PROTOCOLS_DEFAULT to be TLSv1.2 only. Add a TLS_PROTOCOLS_ALLJoel Sing
that includes all currently supported protocols (TLSv1.0, TLSv1.1 and TLSv1.2). Change all users of libtls to use TLS_PROTOCOLS_ALL so that they maintain existing behaviour. Discussed with tedu@ and reyk@.
2015-02-07add STARTTLS support, using the shiny libtls.Henning Brauer
Rationale: when you publish DANE records for certificate pinning, you MUST offer TLS on the indicated service. Not offering TLS is verboten since that would re-open the door for a MitM. This is obviously fundamentally incompatible with having spamd in front of your mailservers - spamd kinda is a MitM here, but intentional and utterly valid. DANE is desirable because it allows one to not have to trust the broken SSL CA model, and, depending on the mode chosen, even show the SSL cert mafia the middle finger by not needing them at all. ok reyk jsing bob
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
2015-01-13Move debug printf for duplicate af to correct location.Todd C. Miller
2015-01-13Remove bogus getopt.h include.Todd C. Miller
2015-01-13Use address-family specific lists of addr/mask entries instead ofTodd C. Miller
a union that can store either ipv4 or ipv6. The old method used 4x as much memory as was really needed for ipv4. The spamd-setup protocol has changed from: tag;message;a/m;a/m;a/m...\n to :tag;message;af;count;a/m;a/m;a/m...[af;count;a/m;a/m;a/m]\n OK phessler@ "nice" beck@
2014-12-30Use a 1MB realloc() increment instead of an 8KB one for the configTodd C. Miller
connection buffer. Significantly speeds up spamd-setup for lage blacklists. Also free the buffer when we are done with it so memory can be returned to the system (as it can grow quite large). OK deraadt@
2014-12-29Minor cleanup:Todd C. Miller
o doreply() just calls build_reply() o remove a few dead stores and useless variables o use the asprintf() return value OK deraadt@
2014-11-23Delete a bunch of unnecessary #includesPhilip Guenther
Use <fcntl.h> instead of <sys/{file,fcntl}.h> ok krw@
2014-10-09obvious reallocarray() conversionsTheo de Raadt
2014-03-26strdup() returns NULL if out of memory, we should check it.Gleydson Soares
OK beck@
2013-11-19repair format strings for time_t, and some missing protosTheo de Raadt
ok beck phessler
2012-06-19use warn() instead of perror(), like the rest of the code doesTheo de Raadt
from Liam J. Foy
2012-04-19rate-limit accept(); small tweaks and such along the way from gilles,Theo de Raadt
millert, camield..
2012-04-18merge some whitespace changes before bigger changesTheo de Raadt
2012-04-13Don't assume that the new conffd is a unset in the fd_set, it could be aTheo de Raadt
recyle of a fd which is still set. ok claudio
2010-01-14drop connections to confused clients who do repeated command failures -Bob Beck
typically when a client just flings commands at us without looking for responses and then gets confused. ok jsing@
2010-01-11KNFBob Beck
2009-05-20Do not fall back to using nobody if _user is missing, butThordur I. Bjornsson
error out. Add a new user _rwalld for rpc.rwalld, and use that instead of nobody, also unconditionally drop to _rwalld not only if rpc.rwalld was started with euid 0 (as root). ok deraadt@
2009-04-20PR 6090 - from Olli Hauer <ohauer@gmx.de>Bob Beck
A number of small improvements: - patch for empty lines and comments in alloweddomains_file - remove some whitespaces at end of line. - document comment and empty line handling - Remove unused parameter 'r' from getopt in spamd.c, it is removed in the 'switch statement' but not in getopt. http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/spamd/spamd.c.diff?r1=1.94;r2=1.95;f=h - replace atoi with strtonum - make debug output more usefull, display only what will be synced and not a second message which prints always "sync trapped %s" - some cosemtic and whitespace fixes.
2008-07-11shut off an annoying gcc warning.Reyk Floeter
ok beck@
2007-11-03PR 5621 - spamd doesn't clear the last entry from an empty TRAP list,Bob Beck
noticed and patch from Piotr Sikora <piotr@sikora.nu>
2007-04-13fix helo to error out if no domain is providedBob Beck
ok millert@
2007-03-26use new license, ok deraadt@Bob Beck
2007-03-26Copyright - I should share the blame.Bob Beck
2007-03-26A couple of spamd improvementsBob Beck
1) Implement the NOOP command, which now seems necessary for certain windows mail wrappers and sender verification schemes. Tested by me and sidcarter@symonds.net, who noticed the problem on his site. ok millert@ 2) Change the behaviour of the maxblack parameter, instead of hanging up immediately on new blacklisted connections when the maxblack parameter is reached, we instead make spamd not stutter at them, so the connection is instead completed quickly. This seems to handle peaks and spikes much better than the old way of doing this. ok deraadt@, with some man page changes by jmc@
2007-03-07sync usage(); ok deraadtJason McIntyre
2007-03-06Add -M option to specify a local address that is a lower priority MXBob Beck
address than the primary one. spamd will trap hosts that contact this address first without first contacting the primary. - get it in, deraadt@
2007-03-06Make the maximum number of connections dependant on kern.maxfiles ratherBob Beck
than a hardcoded value. ok reyk@, deraadt@ with knfisms and saner variable names
2007-03-05remove -r option that didn't work anyway.Bob Beck
ok jmc@, reyk@
2007-03-05revert unintentional MAXCON change back to 800, accidentally did lastBob Beck
commit with the U of A value, which may not be safe on all GENERICs with an unmodified kern.maxfiles