| Age | Commit message (Collapse) | Author |
|---|
|
|
|
this loads the tls certificate files pre-pledge then does the bulk of the tls
setup goo pledged.
|
|
All the work done by Ricardo Mestre <serial@helheim.mooo.com> - Thanks.
|
|
quite involved, due to tls_read potentially needing to write and tls_write
potentially needing to read (in the reneg case); that not fitting the spamd
model too well - it needs to keep a little more state.
help & ok bluhm & beck
|
|
STARTTLS dance. ok millert
|
|
and issue a new EHLO after STARTTLS. The misunderstaning seems to be common,
so we'll still grok MAIL FROM right after the STARTTLS dance, as well as
accepting a second EHLO. ok phessler beck millert
|
|
with bluhm
|
|
|
|
jointly with jsing@
|
|
ok jsing@
|
|
|
|
from steve shockley
ok sthen
|
|
ok jmc@
|
|
divert-to has many advantages over rdr-to for proxies. For example,
it is much easier to use, requires less code, does not depend on
/dev/pf, works in-band without the asynchronous lookup (DIOCNATLOOK
ioctl), saves us from additional port allocations by the rdr/NAT code,
and even avoids potential collisions and race conditions that could
theoretically happen with the lookup.
Heads up: users will have to update their spamd PF rules from rdr-to
to divert-to. spamd now also listens to 127.0.0.1 instead of "any"
(0.0.0.0) by default which should be fine with most setups but has to
be considered for some special configurations.
Based on a diff is almost two years old but got delayed several times
... beck@: "now is the time to get it in" :)
Tested by many
With help from okan@
OK okan@ beck@ millert@
|
|
handling along the way.
Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert
|
|
|
|
is embedded in each struct con so the descriptors can't get out of
sync with the pfd[] array. OK deraadt@
|
|
|
|
ok schwarze@
|
|
that includes all currently supported protocols (TLSv1.0, TLSv1.1 and
TLSv1.2). Change all users of libtls to use TLS_PROTOCOLS_ALL so that they
maintain existing behaviour.
Discussed with tedu@ and reyk@.
|
|
split it; while here, zap trailing whitespace;
|
|
Rationale: when you publish DANE records for certificate pinning, you MUST
offer TLS on the indicated service. Not offering TLS is verboten since
that would re-open the door for a MitM. This is obviously fundamentally
incompatible with having spamd in front of your mailservers - spamd kinda
is a MitM here, but intentional and utterly valid.
DANE is desirable because it allows one to not have to trust the broken
SSL CA model, and, depending on the mode chosen, even show the SSL cert
mafia the middle finger by not needing them at all.
ok reyk jsing bob
|
|
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
|
|
|
|
|
|
a union that can store either ipv4 or ipv6. The old method used
4x as much memory as was really needed for ipv4. The spamd-setup
protocol has changed from: tag;message;a/m;a/m;a/m...\n
to :tag;message;af;count;a/m;a/m;a/m...[af;count;a/m;a/m;a/m]\n
OK phessler@ "nice" beck@
|
|
reading the config socket by clearing the entire blacklist struct
instead of just the tag string. Also avoid holes in the blacklist
array on error since the code can't cope with them. OK beck@
|
|
connection buffer. Significantly speeds up spamd-setup for lage
blacklists. Also free the buffer when we are done with it so memory
can be returned to the system (as it can grow quite large).
OK deraadt@
|
|
o doreply() just calls build_reply()
o remove a few dead stores and useless variables
o use the asprintf() return value
OK deraadt@
|
|
Use <fcntl.h> instead of <sys/{file,fcntl}.h>
ok krw@
|
|
for quite some time. Mop up the last few, by using /dev/random where we
actually want it, or not even mentioning arandom where it is irrelevant.
|
|
Fix example while here.
ok back@
|
|
Avoid potential integer overflow in the size argument of malloc() and
realloc() by using reallocarray() to avoid unchecked multiplication.
ok deraadt@
|
|
|
|
|
|
ok beck@
|
|
OK beck@
|
|
ok okan kettenis
|
|
ok beck phessler
|
|
ok beck phessler
|
|
ok beck phessler
|
|
with backwards compatibility for records with 32-bit times.
OK deraadt@ beck@
|
|
with guenther
|
|
remove the db conversion from BTREE to HASH.
ok beck@
|
|
to no longer be relevant;
ok beck
|
|
from Liam J. Foy
|
|
millert, camield..
|
|
|
|
recyle of a fd which is still set.
ok claudio
|
|
ok jmc@
|
