| Age | Commit message (Collapse) | Author |
|---|
|
global certificate
|
|
|
|
code, no functional change but this makes code easier to read, and will
ease implementing DANE later on.
|
|
code that handles the same imsg's too
ok sunil@, ok jung@
|
|
senders table allows to restrict the addresses that an authenticated
user can use in the SMTP dialogue.
Ok gilles@
|
|
cleanup and later on for DANE support
|
|
|
|
ok jung@
|
|
ok sunil@, ok jung@
|
|
|
|
ok deraadt@
|
|
leads us to reuse it.
|
|
each .c file, and out of the .h files. To avoid overinclude.
ok gilles, in principle. If this has been done right, -portable should
become easier to maintain.
|
|
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
|
|
ok gilles@
|
|
rather than going through the parent process. simplify code in the meantime.
|
|
dictionnary (currently not set). While there, add a helper for forking
external backends, and remove unused table functions.
ok gilles@
|
|
declaration was not bumped down causing us to pass extra junk leading to a
crash in the pki lookup code. i'm amazed no one else crashed on that :-/
reported by Olivier Antoine who kindly provided access to his box
|
|
is handling some async requests and shouldn't be busy with sync RSA.
ok gilles@
|
|
implementation for relayd(8). The smtpd(8) pony processes (mta
client, smtp server) don't keep the private keys in memory but send
their private key operations as imsgs to the "lookup"/mta process.
It's worth mentioning that this prevents acidental private key leakage
as it could have been caused by "Heartbleed".
ok gilles@
|
|
reported by Stefan Sieg
ok gilles@
|
|
reported by jturner@
ok gilles@
|
|
process managing message reception, delivery and transfer. Mostly
mechanical, but very intrusive as it required to rewamp all IMSG to
fix ambiguities.
with and ok gilles@
|
|
- rename "struct ssl" and "cert" to "struct pki" and "cert" to "pki_name"
- inherit pki conf on fork instead of passing it through imsg at startup
- implement SNI on smtp listeners
|
|
|
|
|
|
tempfail for limiting the number of pending deliveries to the same
user. This allows to reach optimal delivery time even in case of
burst, while keeping the number of inflight envelopes low.
|
|
|
|
Make sure a pki entry exists when used in a listen or relay rule.
|
|
Simplify code and do not impose an order on conditions and rule options.
Format changes that may require smtpd.conf update for some setups:
- SSL certificates are no longer automatically loaded, but must be
explicitely declared using the "pki" keyword.
- "certificate" option becomes "pki" in listener and accept rules.
- "ssl://" becomes "secure://" in relay via rules.
- "helo" becomes "hostnames" in relay rules
New features:
- accept rules do not need an explicit action, in which case alias table
or .forward must provide one.
- new "forward-only" action to force relaying and reject rcpts that expand
as local delivery.
- "!" (negation) modifier on rule matching conditions.
- new "recipient" rule matching condition.
- new "verify" option on listeners and relay rules to reject invalid
certificates.
Other changes:
- remember the helo name advertised on incoming mail and use it for sending
bounces.
- bump envelope version (existing envelopes are updated on-the-fly).
|
|
Log ssl certificate validation errors.
Fix several ssl-related leaks.
|
|
|
|
another smtpd instance is running. Close the inherited socket in
every forked process but control.
|
|
now happens in queue_init(), and backends take the queue passwd as
parameter in their init function.
Remove useless SMTPD_FILTER_USER while there.
|
|
|
|
ok gilles@
|
|
consistency and clarity. Remove useless and confusing extra byte in
a few arrays based on this define.
ok gilles@
|
|
- replace "users" keyword with "userbase" when providing alternate userbase
- disambiguise expansion nodes when expanding across domains and userbases
- allow use of '=' instead of '=>' when declaring a mapping
ok eric@
|
|
- handle getsockname() error in smtp_connected()
- accept '/' as part of user-part, expand to ':' as done by qmail
- fix wrong check in mda leading to bogus Return-Path header
- fix aliases parsing when there's a white space between key and separator
- some cosmethic cleanup
|
|
- improve logging of the transfer process
trace by me, logging by eric
|
|
* first bricks of ldap and sqlite support (not finished but both working)
* new table API to replace map API, all lookups are done through tables
* improved handling of temporary errors throughout the daemon
* improved scheduler and mta logic: connection reuse, optimizes batches
* improved queue: more tolerant to admin errors, new layout, less disk-IO
* improved memory usage under high load
* SSL certs/keys isolated to lookup process to avoid facing network
* VIRTUAL support improved, fully virtual setups possible now
* runtime tracing of processes through smtpctl trace
* ssl_privsep.c sync-ed with relayd
* ssl.c no longer contains smtpd specific interfaces
* smtpd-specific ssl bits moved to ssl_smtpd.c
* update mail address in copyright
FLUSH YOUR QUEUE. FLUSH YOUR QUEUE. FLUSH YOUR QUEUE. FLUSH YOUR QUEUE.
smtpd.conf(5) simplified, it will require adaptations
ok eric@
|
|
* Log more events (especially client session) and use a better scheme
for that: each messages is prefixed with a token to easily identify
its class:
- info/warn/debug: general server messages
- smtp-in: smtp client connections
- relay: status update for relayed messages
- delivery: status update for local deliveries
* Implement "smtpctl monitor" to display updates of selected internal
counters.
* When reloading the on-disk queue at startup do not commit a message
if no envelope was submitted for that message.
* Remove unused stuff in the config parser.
ok gilles@
|
|
The idea is to have a file-backed map but to have smtpd(8) cache the maps
so that it cannot be partially read if edited while mail is received. The
file is read and converted to a static map (map_static.c), changes aren't
visible to smtpd until an explicit: smtpctl update map which reads file,
builds a new static map and invalidates the former.
partial-read issue discussed with beck@ and halex@
idea to convert internally to a static map by eric@
diff ok eric@ and chl@
|
|
between "no match" and "internal error" (e.g. missing or broken db file).
Adapt alias expansion and ruleset matching code to check for such errors,
in which case the current processing is aborted, and a temporary failure
is reported to the smtp session.
ok gilles@
|
|
ie:
reject from 192.168.1.0/24 for domain "openbsd.org"
accept from 192.168.0.0/16 for domain "openbsd.org" deliver to mbox
it was documented but not working.
ok eric@ & chl@
|
|
"wow!" gilles@
|
|
ok eric@
|
|
Adapt a lot of functions in chain to use const args where required.
ok gilles@
|
|
The goal is to eventually have only the lka see the rules.
ok gilles@ chl@
|
|
ok gilles@
|
