| Age | Commit message (Collapse) | Author |
|---|
|
scan_scaled(3) to support the quantifiers rather than rolling my own code.
prompted by jacekm@
|
|
|
|
or so ...
okayd by jacekm@ a while ago
|
|
was reported by nicm@ which spent a couple hours with me trying to
understand what was causing the bug, and helping me write and test fix.
|
|
Nudge by deraadt@
|
|
|
|
while there factor some common code (from jacekm input)
ok jacekm@
|
|
Fix two memleaks in purge_config().
First problem spotted by parfait, the other ones - by myself.
"looks good" gilles@
|
|
valid map id, then we have no way to know for these structures if they have
a reference to a map, or if the member was not set. make map id start at 1.
|
|
smtpd is now capable of looking primary domains at runtime in a set, which
means that the following becomes possible:
map "primary" { source db "/etc/mail/primary.db" }
accept for domain map "primary" deliver to mbox
while at it fix a couple bugs in the aliases resolution path which caused
recipients to bounce if a ruleset did not have an "accept for local" rule
"diff reads good" jacekm@, flush queue & make clean
|
|
for multiple aliases maps that can be attached at the rule level. with it,
you can for example define different aliases maps for different domains or
different aliases maps for the same domain depending on the client source:
map "localiases" { source db "/etc/mail/localiases.db" }
map "netaliases" { source db "/etc/mail/netaliases.db" }
accept from 192.168.0.0/16 for local alias "localiases" deliver to mbox
accept from all for local alias "netaliases" deliver to mbox
idea discussed with jacekm@ and various other hackers, diff contains some
bug fixes too which were not part of the original diff. man page follows
very shortly ... make clean & flush queue !
|
|
of: accept for virtual map "mapname" ...
discussed with jacekm@
|
|
options but they will all share the same ruleset. this means that there
is no way to have a rule apply to a session established on one listener
but not applied on another.
this commit brings initial support for tagging listeners and having the
rules able to match these specific listeners. The following will define
a rule which will only apply to interfaces tagged as "mynet":
listen on lo0 # implicit lo0 tag
listen on fxp0 tag mynet
listen on fxp1 tag mynet
accept on mynet for domain "example.org" deliver to mbox
|
|
teach smtpd how to deliver using specific user permissions:
accept for virtual map "foo" deliver to maildir "/m/%d/%u" user foo
will deliver mail under /m/domain/user as user foo
idea and initial diff discussed with jacekm@
|
|
domains. this means that:
- virtual domains no longer deliver to a local user when not told to
- they no longer attempt to resolve aliases when not told to
- they no longer need an explicit rule in smtpd.conf for EACH domain
- the "virtual" map is no longer hardcoded
- smtpd no longer needs a restart to support a new domain
instead we introduce the: accept for virtual map "mapname" [...] syntax
which refers to a map that can be manipulated at runtime.
idea discussed and okayd with jacekm@
|
|
required. Requested by jmc@, gilles@ ok.
|
|
default; from gilles@
|
|
configuration reloading without killing active sessions; ok jacekm@
|
|
host which requests client certificates:
accept [...] relay via [...] ssl certificate "mycert"
diff from Josh Elsasser <josh@elsasser.org>, tested and okayed by me with
no change but the addition of status 554 to the state machine to deal with
remote host telling us it doesn't like our certificate.
|
|
that the ip address/subnet parsing isn't done in the same way as
in other daemons.
fix by gilles@
|
|
that has an implicit local source. instead we create static "localhost" map
before the configuration file is parsed, we fill it with every single local
address we can find, and we have rules with implicit local source reference
that special map.
this unbreaks a behavior which I hated and which prevented:
accept for all relay
from accepting relaying if LOCAL session was initiated on any interface but
lo0.
|
|
the configuration file again and replace current configuration with new one
in all processes. what we don't support yet is graceful restart, clients in
sessions at the moment of the reload will have a temp failure thrown at 'em
which is ok RFC-wise but which we will try to improve anyway.
tested with various setups, "diff reads good" jacekm@
|
|
when a certificate name was explicitely provided. This would cause imsg to
fatal() because with some configurations, it would look for the wrong name
in the ssl tree and would fail to find the proper cert.
issue spotted by Gregory Edigarov <gregory.edigarov@gmail.com>, I found the
fix just a few minutes ago when I succeeded to reproduce the issue...
|
|
1) kill the ssmtp keyword in "ssmtp listen on ...";
2) kill the use keyword in "... use certificate foo";
3) tls no longer implicit, user must explicitely use the tls or smtps option.
4) for "relay via", move the tls/smtps options to right after the
port specification; makes it similar to "listen on".
These directives:
ssmtp listen on fxp0 use ceritifate "foo"
accept for all relay via tls "mx.bar.com"
now become:
listen on fxp0 smtps certificate "foo"
accept for all relay via "mx.bar.com" tls
ok gilles@
|
|
allocations fails.
looks right deraadt, krw
ok henning
|
|
because of a missing htons()
|
|
"localhost" and system hostname. this allows us to ship with a config file
that goes: accept for local deliver to mbox , and which will allow us to
have mail working sanely out of the box.
|
|
can be turned on by adding "enable auth" to a "relay via" rule. this made
me rework the mx resolution so that it is done by the mta process and not
the runner process anymore.
|
|
if someone comes with good rationale why this is needed, we'll consider it,
meanwhile it's more work than it looks like and it brings a lot of pain.
discussed with jacekm@ and deraadt@
|
|
ok jacekm@
|
|
no binary changes
ok gilles@
|
|
store a lot of its session related code, but this is just not right and
this commit starts making mta code aware of struct session. This will
ease the implementation of ssl sessions in mta.
while at it, make mta autodetect port to use if it isn't provided in a
rule but can be derived from a parameter (i.e: "relay via ssmtp ...").
|
|
"ssl" while providing mta with the informations it needs to do its work.
|
|
- allow "from all" so that the ugly "accept from { 0.0.0.0/0, ::/0 }"
construct becomes a nice looking "accept from all"
ok jacekm@
|
|
supported, AUTH LOGIN will follow soon. AUTH will only work if a
listen directive has "enable auth" keywords, AND session is safe
(ssmtp or starttls).
|
|
"accept for { domain "foo", domain "bar" } ..."
From Nicholas Mariott <nicholas.marriott@gmail.com>
|
|
|
|
|
|
too late, ie. at alias resolution time, and it's only a log_info.
Move the check to parse.y, and make daemon die if m_src != S_DB.
ok gilles@
|
|
ok gilles
|
|
hostname in a listen statement (ie: listen on lo0)
request by deraadt@ a while ago, ok jacekm@
|
|
and fix some of the errors caught by this. Part of a general push to
make yyerror() -Wformat clean throughout the tree.
|
|
|
|
provided to "relay via" rules, once in parse.y once in lka.c, fix.
- rename struct address to struct relayhost, introduce struct mxhost which
not only holds the sockaddr_storage, but also additionnal flags we
want forwarded to the mta process.
- propagate the change
|
|
allow port to become optionnal (implicit 25) or provided by value
or name.
|
|
listen directive has no matching certificate. it sounds like a
critical failure when it just means "no tls support".
- minor log_debug() addition in smtp.c
|
|
a client. it must be set to the highest value we have from all of
the extensions which are/will be implemented.
- replace all occurences of STRLEN define with MAX_LINE_SIZE, kill STRLEN
|
|
|
|
|
|
|
