summaryrefslogtreecommitdiff
path: root/usr.sbin/smtpd/parse.y
AgeCommit message (Collapse)Author
2015-08-19do not cast result from xcalloc(); it is in scopeTheo de Raadt
2015-02-08Use AI_ADDRCONFIG when resolv hosts on startup.Reyk Floeter
OK henning@
2015-01-20use <limits.h> comprehensively. For now try to push <> includes toTheo de Raadt
each .c file, and out of the .h files. To avoid overinclude. ok gilles, in principle. If this has been done right, -portable should become easier to maintain.
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
2014-11-20Don't allow embedded nul characters in strings.Jonathan Gray
Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer. pfctl parse.y patch from and ok deraadt@
2014-11-16Convert the logic in yyerror(). Instead of creating a temporaryAlexander Bluhm
format string, create a temporary message. OK doug@
2014-11-14Add gcc printf format attributes to yyerror() in parse.y files.Doug Hogan
No yyerror() calls needed to be changed. ok bluhm@
2014-07-09add a "no-dsn" listener option to disable DSN extension.Eric Faurot
2014-07-09config parser improvements:Eric Faurot
- fail if the same option is specified multiple times on a listener - prompt for queue encryption key after config parsing, not during. - add ip addresses to localnames table - prepare for filters
2014-07-08update filter configuration parsing (not plugged yet)Eric Faurot
2014-04-19add missing strlcpy() check in create_filter_chain() that would cause smtpdGilles Chehade
to fatal at startup if truncation occured and we had enabled filters (void) cast a strlcpy() that cannot truncate
2014-04-19add missing strlcpy() checks in create_filter() that would cause smtpd toGilles Chehade
fatal at startup if truncation occured and we had enabled filters
2014-04-19add missing strlcpy() check in is_if_in_group() to detect and warn aboutGilles Chehade
the truncation rather than failing the ioctl() call that follows.
2014-04-19add missing strlcpy() check when parsing "backup hostname" in smtpd.conf,Gilles Chehade
it could lead to smtpd not finding itself in a MX lookup if a hostname is specified that exceeds the max hostname len. while at it, add a missing free()
2014-04-19(void) cast strlcpy() calls that cannot truncateGilles Chehade
2014-03-25reword error message when a table has an invalid configuration file, it hasGilles Chehade
confused a few people ok eric@
2014-02-04pki code cleanupEric Faurot
- rename "struct ssl" and "cert" to "struct pki" and "cert" to "pki_name" - inherit pki conf on fork instead of passing it through imsg at startup - implement SNI on smtp listeners
2014-01-22relax the cfg file secrecy check slightly to allow group readabilityHenning Brauer
default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
2013-12-26bcopy -> memmoveEric Faurot
bzero -> memset
2013-12-05bogus ';'Eric Faurot
2013-11-30do not hardcode scheduler batch size, and reduce default limit to avoidEric Faurot
hammering effects.
2013-11-28limit the number of envelopes to recall in the hoststat cache.Eric Faurot
2013-11-25use u_char for buffers in yylex, for ctype calls, as done in all otherTheo de Raadt
parse.y in the tree issue found by millert, ok gilles
2013-11-21correctly set verify flag on the listenerEric Faurot
2013-11-20Rework the mda and scheduler to use the holdq mechanism instead ofEric Faurot
tempfail for limiting the number of pending deliveries to the same user. This allows to reach optimal delivery time even in case of burst, while keeping the number of inflight envelopes low.
2013-11-19Add a limit on the number of inflight envelopes. The scheduler suspendsEric Faurot
scheduling of mta/mda envelopes until the number of inflight envelopes falls below that line.
2013-11-13Fix case-folding issue with pki names. They are case-insensitive.Eric Faurot
Make sure a pki entry exists when used in a listen or relay rule.
2013-11-06Much much improved config parser and related changes.Eric Faurot
Simplify code and do not impose an order on conditions and rule options. Format changes that may require smtpd.conf update for some setups: - SSL certificates are no longer automatically loaded, but must be explicitely declared using the "pki" keyword. - "certificate" option becomes "pki" in listener and accept rules. - "ssl://" becomes "secure://" in relay via rules. - "helo" becomes "hostnames" in relay rules New features: - accept rules do not need an explicit action, in which case alias table or .forward must provide one. - new "forward-only" action to force relaying and reject rcpts that expand as local delivery. - "!" (negation) modifier on rule matching conditions. - new "recipient" rule matching condition. - new "verify" option on listeners and relay rules to reject invalid certificates. Other changes: - remember the helo name advertised on incoming mail and use it for sending bounces. - bump envelope version (existing envelopes are updated on-the-fly).
2013-10-27Make the filter infrastructure move forward.Eric Faurot
This is a work-in-progress and it's not supposed to be useable for now.
2013-10-25local enqueuer improvements:Eric Faurot
- parse the whole input before trying to establish the connection to the local socket: fixes timeout problems when reading the output of a long running program. - use sendmail(8)-like exit status.
2013-07-19Many MTA improvements:Eric Faurot
- Better transient error handling logic: failing destinations are automatically disabled for a while. When a destination is active again, ask the scheduler to retry previous envelopes immediatly. - More informative error report when all routes fail for a mail. - Implement a "smtpctl show hoststats" command to get the latest stat message per MX domain. - Implement a "smtpctl show routes" command to show the state the currently known routes to remote MXs. - Implement a "smtpctl resume route" command to re-enable a route that has been disabled. - Do not hardcode limits - Minor code improvements
2013-07-19Assorted queue improvements:Eric Faurot
- cleanup the internal queue backend API and get rid of the QOP_* thing. - implement a queue_proc backend - rename queue_fsqueue.c to queue_fs - enable support for queue encryption - add an envelope cache - better logging and error reporting
2013-07-19Add a table_proc backend for delegating table lookups to anotherEric Faurot
process. Stop building experimental table_sqlite and table_ldap as they will be provided as external backends.
2013-07-19Allow to specify an address family on a listenerEric Faurot
2013-07-19Improve and document the way the default server name is found.Eric Faurot
2013-06-03No need to set backend var here, it's always set before to the same value.Vadim Zhukov
okay gilles@, eric@
2013-05-24sync with OpenSMTPD 5.3.2Eric Faurot
ok gilles@
2013-03-06as done in ospf{,6}d/relayd, sync yyerror in various other daemons withStuart Henderson
that from bgpd, so that it logs to syslog when daemonized.
2013-02-17disable queue compression temporarily, we lack the smtpctl bitsGilles Chehade
2013-02-14- smtpctl trace expand, enables tracing of aliases expansionGilles Chehade
- replace "users" keyword with "userbase" when providing alternate userbase - disambiguise expansion nodes when expanding across domains and userbases - allow use of '=' instead of '=>' when declaring a mapping ok eric@
2013-02-05add missing free in config parserGilles Chehade
ok eric
2013-01-28allow lookups from backends in "accept for [...] virtual" contextGilles Chehade
2013-01-26Sync with our smtpd repo:Gilles Chehade
* first bricks of ldap and sqlite support (not finished but both working) * new table API to replace map API, all lookups are done through tables * improved handling of temporary errors throughout the daemon * improved scheduler and mta logic: connection reuse, optimizes batches * improved queue: more tolerant to admin errors, new layout, less disk-IO * improved memory usage under high load * SSL certs/keys isolated to lookup process to avoid facing network * VIRTUAL support improved, fully virtual setups possible now * runtime tracing of processes through smtpctl trace * ssl_privsep.c sync-ed with relayd * ssl.c no longer contains smtpd specific interfaces * smtpd-specific ssl bits moved to ssl_smtpd.c * update mail address in copyright FLUSH YOUR QUEUE. FLUSH YOUR QUEUE. FLUSH YOUR QUEUE. FLUSH YOUR QUEUE. smtpd.conf(5) simplified, it will require adaptations ok eric@
2012-11-12Cleanups and improvements:Eric Faurot
* Log more events (especially client session) and use a better scheme for that: each messages is prefixed with a token to easily identify its class: - info/warn/debug: general server messages - smtp-in: smtp client connections - relay: status update for relayed messages - delivery: status update for local deliveries * Implement "smtpctl monitor" to display updates of selected internal counters. * When reloading the on-disk queue at startup do not commit a message if no envelope was submitted for that message. * Remove unused stuff in the config parser. ok gilles@
2012-10-14introduce map_file.c which will deprecate map_stdio.cGilles Chehade
The idea is to have a file-backed map but to have smtpd(8) cache the maps so that it cannot be partially read if edited while mail is received. The file is read and converted to a static map (map_static.c), changes aren't visible to smtpd until an explicit: smtpctl update map which reads file, builds a new static map and invalidates the former. partial-read issue discussed with beck@ and halex@ idea to convert internally to a static map by eric@ diff ok eric@ and chl@
2012-10-11- replace "from all" and "for all" with "from any" and "for any"Gilles Chehade
ok eric@, chl@
2012-10-09- allow a listen statement to impose tls on its clients;Gilles Chehade
- make listen statements impose authentication if 'auth' is specified and to make it optional if 'auth-optional' is specified; - sync documentation accordingly with ideas and input from beck@ and halex@, ok eric@
2012-10-08disk space is cheap but we still want to limit the default size of a bodyGilles Chehade
to a sane default for everyone.
2012-10-04default map source to S_PLAIN, this allows us to simplify smtpd.conf:Gilles Chehade
map aliases source plain "/etc/mail/aliases" can be reduced to: map aliases "/etc/mail/aliases"
2012-09-30use xmalloc(), xcalloc() and xmemdup() helpersCharles Longeau
ok gilles@