| Age | Commit message (Collapse) | Author |
|---|
|
|
|
not to be taken into account if they had no ~/.forward file AND were the
result of an alias expansion that expanded to more than one username.
while at it, I spotted another bug where I would check T_MDA_MESSAGE on
the flags field instead of the type field. the bug could cause two MDA
message to end up in the same batch which is no longer valid.
|
|
|
|
|
|
|
|
- Unignore SIGPIPE, otherwise it remains ignored in forked mda.
- Use closefrom(2) to close all descriptors apart from stdin/stdout/stderr.
ok gilles@
|
|
external mda; ok gilles@
|
|
retried later; ok gilles@
|
|
from OpenSSH; ok gilles@
|
|
process that does the opening, this commit does some cleanup, and fixes a
bug I experienced today which was caused by a use-after-free.
I did some testing to make sure a user cannot cause smtpd to deadlock, or
loop, with broken setups (self-referencing forwards/aliases, empty files,
broken files...), but if you are playing with aliases/forwards PLEASE let
me know of any bug you run into.
|
|
we are done expanding aliases/forwards, and cleanup a bit the expansion
code so that I can soon remove some of the duplication.
|
|
causing them not to be handled when a user's homedir is set to mode 0700. I
still need to do some cleanup and make sure it works as it should, but this
diff provides better behavior than what we had.
|
|
lockspool(1). this means our mbox delivery follows a code path that has
become almost identical to external mda deliveries. this is the first
of a serie of diffs actually...
lockspool(1) suggestion by deraadt@, mail.local(8) idea by jacekm@, and
fix and testing by me
|
|
- Introduce secure_file, based on secure_filename from OpenSSH, it
checks that mbox has right perms, and that path components are
trustworthy, too.
ok gilles@
|
|
since fsync is done in final safe_fclose; ok gilles@
|
|
|
|
explicit; ok gilles@
|
|
path *; ok gilles@
|
|
ok gilles@
|
|
ok jacekm@ gilles@
|
|
ok jacekm@
|
|
relayd at n2k9, and adapted to smtpd; ok gilles@
|
|
three quarters of that limit (a session typically has 3 descriptors). when
we hit that limit, we stop accepting connections, and when client closes a
session, we start accepting connections again. this prevents us from going
into a session that is likely to fail because of scarce resources.
idea discussed with jacekm@, code mostly ripped from relayd
|
|
ok gilles@
|
|
|
|
clients would still be able to connect. instead, at pause time we
close and remove the listeners, and at resume time we request the
parent to reconfigure all listeners.
discussed with pyr@
|
|
wether it is maildir, mbox or external mda. rearrange a bit of code to also
simplify most delivery methods by moving their common code to common place.
while at it change some mode_t to int where it was wrongly used and unlink
temporary maildir file if we fail to deliver for some reason.
discussed with and ok jacek@
|
|
|
|
- when authenticating user, instead of doing a getpwnam() and checking the
passwd field, issue a call to auth_userokay(), this will allow the
use of login scripts to implement custom authentications without
bloating smtpd.
|
|
|
|
|
|
to use this interface consistently; ok chl@ gilles@
|
|
From: Nicholas Marriott <nicholas.marriott@gmail.com>
|
|
following line, this commit brings support for the latter which was
not supported yet.
- AUTH LOGIN is now supported, allowing smtp auth support on clients that
do not support AUTH PLAIN (ie: my mobile phone for instance ;)
|
|
is not supposed to happen but better safe than sorry.
suggested by jacekm@
- while at it, remove the locking of delivery file we create when doing a
Maildir delivery. the purpose of Maildir is to prevent the need
for locking in the first place ... I must have been tired that day.
|
|
is not good at all. As a result, under heavy load messages would be
kept in queue, and delayed for hours just because we failed locking
a few times. This commit makes smtpd distinguish between lock fails
and "regular" temporary fails.
- delivery scheduler will reschedule immediately a message that couldn't be
delivered because of a lock fail. If we fail to lock too many times
we fallback to previous "delay increase" logic.
"looks sane" jacekm@
|
|
queue, and removed from disk by runner.
On startup, clean /incoming by moving msgs within it to /purge.
ok gilles@
|
|
|
|
chrooted) is now in charge of doing the scheduling of deliveries,
and the dispatching of messages to MDA and MTA. queue process only
does inserts/updates/removals from the queue and can no longer be
so busy that it delays answers to imsg from smtp server.
|
|
queue process did not answer fast enough to an imsg. spotted by
Jacek Masiulaniec <jacekm@dobremiasto.net>
- queue layout was mostly to bootstrap the project, it does not behave good
under load, it does complex things to stay in a recoverable state
and it probably didnt do it too well. New queue code is simpler,
smaller and allows for atomic submissions (a mail can never be in a
state where it needs to be recovered). It still needs some work but
works better than previous code, no regression.
|
|
wd reset to / rather than current working directory.
From Jacek Masiulaniec <jacekm@dobremiasto.net>
|
|
open()/flock() constructs as chl@ says it prevents him from doing
a portable build.
discussed with chl@, diff is common work from him and myself
|
|
- err() -> fatal()
Both by Jacek Masiulaniec <jacekm@dobremiasto.net>
|
|
what causes the mailbox lock bug i'm observing under heavy load.
|
|
ok gilles@
|
|
|
|
from Jacek Masiulaniec <jacekm@dobremiasto.net>
|
|
|
|
will probably miss this change when working on more important matters,
so it is probably better to sort them now. there is a risk of losing
the tags if a change needs to be reverted too.
written with excellent advice from jmc@
ok gilles@
|
|
and Jim Razmus;
|
