Age | Commit message (Collapse) | Author |
|
process. Use it for the reverse lookups required by smtp and mta.
Until now, DNS-related lookups were implemented using ad-hoc IMSGs
between the lka and other processes. It turns out to be confusing and
difficult to maintain/extend. So we want to replace this with a better
set of IMSGs matching the standard resolver interface.
ok gilles@
|
|
of functions creating, looking up or destroying tables.
this is a first step in cleaning up parse.y so it doesn't have side effects
outside of parse_config(), bringing nothing but making code cleaner.
ok millert@
|
|
really help us with anything, propagate the change in codebase
ok millert@
|
|
ok gilles@
|
|
ok eric@
|
|
Based on a diff from Edgar Pettijohn.
Ok gilles@ eric@
|
|
operation return value.
Issue reported by 'Zelest' (Jesper Wallin).
Suggestions and ok eric@ gilles@.
|
|
ambiguity: just use a single switch.
ok gilles@ sunil@
|
|
many functions which are free(NULL)-compat
ok gilles
|
|
The only major difference was the "log_trace" concept that is only
used by smtpd - move it from log.c into util.c and make it a local
concept. This also needed to rename the global "verbose" variable to
"tracing" in a few places.
OK krw@ gilles@ eric@
|
|
Only the parent process handles SIGTERM and SIGINT. Upon receiving one
of those, it closes all imsg sockets and waitpid() for the children. It
fatal()s if one of the sockets is closed unexpectedly. Other processes
exit() "normally" when one of the imsg sockets is closed.
ok gilles@ sunil@
|
|
So stop pretending that the *_shutdown() functions could ever be called
in this context, and just fatal() if event_dispatch() returns.
ok gilles@ sunil@ giovanni@
|
|
smtpd and another daemon by adding supplementary groups
ok eric@
|
|
ok sunil@
|
|
The parent process forks child processes and re-exec each of them with
an additional "-x <proc>" argument. During the early setup phase, the
parent process sends ipc socket pairs to interconnect the child
processes as needed, and it passes the queue encryption key to the
queue if necessary. When this is done, all processes have their
environment set as in the fork-only case, and they can start doing
their work as before.
ok gilles@ jung@
|
|
are forked at startup
i thought i had committed this already, diff has been okayed several weeks
ago...
ok jung@, ok millert@, ok sunil@
|
|
the daemon memory space, makes -extras tables work again
reported by Tim van der Molen on misc@opensmtpd.org
verified together with sunil
ok gilles
|
|
no binary change
ok millert
|
|
ok sunil gilles
|
|
introduce 'ca' keyword to allow specifying a custom CA.
making CA part of pki was a bad idea and several people hit use-cases that
plain couldn't work.
instead of:
pki foobar.org ca "/etc/mail/CA.pem"
use now:
ca foobar.org certificate "/etc/mail/CA.pem"
ok sunil@, jung@
|
|
global certificate
|
|
|
|
code, no functional change but this makes code easier to read, and will
ease implementing DANE later on.
|
|
code that handles the same imsg's too
ok sunil@, ok jung@
|
|
senders table allows to restrict the addresses that an authenticated
user can use in the SMTP dialogue.
Ok gilles@
|
|
cleanup and later on for DANE support
|
|
|
|
ok jung@
|
|
ok sunil@, ok jung@
|
|
|
|
ok deraadt@
|
|
leads us to reuse it.
|
|
each .c file, and out of the .h files. To avoid overinclude.
ok gilles, in principle. If this has been done right, -portable should
become easier to maintain.
|
|
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
|
|
ok gilles@
|
|
rather than going through the parent process. simplify code in the meantime.
|
|
dictionnary (currently not set). While there, add a helper for forking
external backends, and remove unused table functions.
ok gilles@
|
|
declaration was not bumped down causing us to pass extra junk leading to a
crash in the pki lookup code. i'm amazed no one else crashed on that :-/
reported by Olivier Antoine who kindly provided access to his box
|
|
is handling some async requests and shouldn't be busy with sync RSA.
ok gilles@
|
|
implementation for relayd(8). The smtpd(8) pony processes (mta
client, smtp server) don't keep the private keys in memory but send
their private key operations as imsgs to the "lookup"/mta process.
It's worth mentioning that this prevents acidental private key leakage
as it could have been caused by "Heartbleed".
ok gilles@
|
|
reported by Stefan Sieg
ok gilles@
|
|
reported by jturner@
ok gilles@
|
|
process managing message reception, delivery and transfer. Mostly
mechanical, but very intrusive as it required to rewamp all IMSG to
fix ambiguities.
with and ok gilles@
|
|
- rename "struct ssl" and "cert" to "struct pki" and "cert" to "pki_name"
- inherit pki conf on fork instead of passing it through imsg at startup
- implement SNI on smtp listeners
|
|
|
|
|
|
tempfail for limiting the number of pending deliveries to the same
user. This allows to reach optimal delivery time even in case of
burst, while keeping the number of inflight envelopes low.
|
|
|
|
Make sure a pki entry exists when used in a listen or relay rule.
|
|
Simplify code and do not impose an order on conditions and rule options.
Format changes that may require smtpd.conf update for some setups:
- SSL certificates are no longer automatically loaded, but must be
explicitely declared using the "pki" keyword.
- "certificate" option becomes "pki" in listener and accept rules.
- "ssl://" becomes "secure://" in relay via rules.
- "helo" becomes "hostnames" in relay rules
New features:
- accept rules do not need an explicit action, in which case alias table
or .forward must provide one.
- new "forward-only" action to force relaying and reject rcpts that expand
as local delivery.
- "!" (negation) modifier on rule matching conditions.
- new "recipient" rule matching condition.
- new "verify" option on listeners and relay rules to reject invalid
certificates.
Other changes:
- remember the helo name advertised on incoming mail and use it for sending
bounces.
- bump envelope version (existing envelopes are updated on-the-fly).
|