| Age | Commit message (Collapse) | Author |
|---|
|
|
|
bounce as soon as it hits mx2 in mx1 -> mx2 -> mx3 relay chain.
hint by sthen@, ok gilles@
|
|
- make sure queue_message_update() creates bounces using bounce_record()
- when mta sends update to queue and it sees that batch is flagged with
F_BATCH_PERMFAIL, only update the envelope error message if it doesn't
have F_MESSAGE_PERMFAIL set, otherwise we may lose the real reason why
we failed for that recipient. There's cleanup to do around that old
code, i'm sure we can get it simpler.
this commit fixes a bug pea@ spotted where a bounce message would not
display the reason of a failure when we generated it after failing to
deliver a relayed message.
|
|
|
|
|
|
idea by jacekm@ a few weeks ago, discussed with pyr
|
|
appear in a bounce message, and message_get_errormsg() to retrieve that
message.
- when loop is detected, call message_set_errormsg()
- in mta, call message_set_errormsg() for each recipient failure
- in mta, call message_set_errormsg() to copy batch errors to recipients if
we failed to deliver for a session related error
- when bouncing, add the recipient and error reason to the bounce message
|
|
work for real. As an added bonus, it simplifies it, makes it follow the
same code path as regular messages and kills quite some code from mta,
mda and store. There's still some work needed but the most painful part
is behind us now ;)
ok jacekm@
|
|
From: Josh Elsasser <josh@elsasser.org>
|
|
Currently the receiver fetches an imsg via imsg_get() and if he expects
an fd, he then calls imsg_get_fd() to fetch the next fd queued on the
imsgbuf from which the imsg came.
This changes hides the fd queueing mechanism to the API user. When closing
an imsg with an fd, the message is flagged so that the receiving end knows
it must dequeue the fd in imsg_get() and return it with the imsg structure.
This way there is no (less) possible screw up from imsg_get_fd() not being
called directly after imsg_get() by the user. The retreived imsg is
self-contained.
ok pyr@, "I like that" henning@
|
|
Stop pushing event handling in the imsg framework.
Instead, provide a small glue layer on top of both imsg and libevent.
This finally clearly separates event handling and imsg construction.
Sidetrack bonus: remove the mega-ugly hack of having a dummy imsg_event_add
stub in smtpctl.
ok jaceckm@
|
|
ok gilles@, jacekm@
|
|
|
|
configuration reloading without killing active sessions; ok jacekm@
|
|
to the routing daemons by claudio@; ok gilles@
|
|
when connect timesout and we close the fd, reset session fd to -1
in session_destroy(), only attempt to close session fd if != -1
fixes a fatal in session_destroy() which happened because we closed a fd
after a timeout, but the session still assumed the fd to be opened.
|
|
host which requests client certificates:
accept [...] relay via [...] ssl certificate "mycert"
diff from Josh Elsasser <josh@elsasser.org>, tested and okayed by me with
no change but the addition of status 554 to the state machine to deal with
remote host telling us it doesn't like our certificate.
|
|
|
|
- reorder alphabetically and add mta to the statistics
|
|
|
|
using newly introduced child struct.
Manage process titles centrally in struct smtpd.
ok gilles@
|
|
|
|
ok gilles@, jacekm@
|
|
|
|
- Improve RFC compliance: CNAMEs are resolved, equal preference MXs
are randomized, relaying via MX that has equal/lower preference
than local server is prevented, decision on when to treat domain
name as implicit MX is better.
ok gilles@
|
|
we need to explicitely set success and permanent failures, this way if we
hit any condition that we don't explicitely flag as permanent failure the
delivery will be rescheduled later.
while at it, made various checks more strict to prevent hiding bugs and a
bit of knr cleanups
discussed with and "reads good" jacekm@
|
|
|
|
ok gilles@ jacekm@
|
|
smtpd would treat the delivery as successful; ok gilles@
|
|
1) kill the ssmtp keyword in "ssmtp listen on ...";
2) kill the use keyword in "... use certificate foo";
3) tls no longer implicit, user must explicitely use the tls or smtps option.
4) for "relay via", move the tls/smtps options to right after the
port specification; makes it similar to "listen on".
These directives:
ssmtp listen on fxp0 use ceritifate "foo"
accept for all relay via tls "mx.bar.com"
now become:
listen on fxp0 smtps certificate "foo"
accept for all relay via "mx.bar.com" tls
ok gilles@
|
|
|
|
initialized.
spotted and diff by Matthew Haub <matthew.haub@alumni.adelaide.edu.au>
|
|
|
|
unless we do have F_AUTH set on the mxhost (which means we explicitely
mentionned authentication in config) and we did find credentials in the
secrets map. issue and initial diff from Rivo Nurges <rix@estpak.ee>
|
|
deal with deliveries, it now uses struct session just like mta and smtp
processes. we now keep the mbox and message descriptors in the session,
saving space in struct message which is now as small as we can make it.
While at it, plugged a memory leak and did some cosmethic changes
This was the last planned change to our struct message which means that
later changes will no longer require a queue flush before rebuild.
|
|
Use it to display the date in received from header and when we
store headers.
ok jacekm@
|
|
|
|
can be turned on by adding "enable auth" to a "relay via" rule. this made
me rework the mx resolution so that it is done by the mta process and not
the runner process anymore.
|
|
ok gilles@
|
|
getnameinfo internally; ok gilles@
|
|
ok jacekm@
|
|
ok gilles@
|
|
relayd at n2k9, and adapted to smtpd; ok gilles@
|
|
prototype to smtpd.h
spotted and diff from Oleg Safiullin <form@pdp-11.org.ru>
|
|
as well as for some outgoing messages, this is fixed now
|
|
|
|
accept for domain "openbsd.org" relay via tls "mx.example.org"
to ensure the relaying of mail for whoever@openbsd.org will happen through
a secure tls (STARTTLS) session. failure to establish a tls session will be
considered as a permanent failure. As a side effect:
accept for domain "openbsd.org" relay via ssl "mx.example.org"
can now work as well and ensure that the relaying happens through ssmtp OR
tls, but never through an unsafe channel. no need to specify a port, they
are automatically detected if not specified.
still a work in progress, don't expect that it will work flawlessly.
|
|
accept for domain "openbsd.org" relay via ssmtp "mx1.example.org"
to ensure that deliveries for whatever@openbsd.org goes through an SSL session
to mx1.example.org
|
|
|
|
as smtp_session.c does, so move all of the evbuffer_add_printf() calls out
of the way and replace them with session_respond() call.
|
