summaryrefslogtreecommitdiff
path: root/usr.sbin/smtpd/smtpd.c
AgeCommit message (Collapse)Author
2017-01-09smtpd joins the 7 other daemons that share the same log.c file.Reyk Floeter
The only major difference was the "log_trace" concept that is only used by smtpd - move it from log.c into util.c and make it a local concept. This also needed to rename the global "verbose" variable to "tracing" in a few places. OK krw@ gilles@ eric@
2016-10-19add -F to usage() too;Jason McIntyre
2016-09-08Streamline the daemon shutdown sequence.Eric Faurot
Only the parent process handles SIGTERM and SIGINT. Upon receiving one of those, it closes all imsg sockets and waitpid() for the children. It fatal()s if one of the sockets is closed unexpectedly. Other processes exit() "normally" when one of the imsg sockets is closed. ok gilles@ sunil@
2016-09-06use closefrom() before reexec to make sure the new process only getsEric Faurot
the imsg socket. ok gilles@ sunil@
2016-09-04The smtpd processes are not expected to ever leave their event loop.Eric Faurot
So stop pretending that the *_shutdown() functions could ever be called in this context, and just fatal() if event_dispatch() returns. ok gilles@ sunil@ giovanni@
2016-09-04Remove the "smtpctl stop" command.Eric Faurot
The daemon is stopped with kill(1). ok gilles@
2016-09-01remove noop functionEric Faurot
ok sunil@
2016-09-01get rid of the imsg buffer usage profiling code.Eric Faurot
ok gilles@ jung@ sunil@
2016-08-19make smtpd less verbose at startupEric Faurot
ok gilles@ sunil@ jung@ millert@
2016-06-20with new fork+reexec, in case of failure in init of any child processGilles Chehade
causing it to exit, we could end up with a NULL deref in parent. free commit offered by eric@, ok gilles@
2016-06-07use io_set_nonblocking() instead of SOCK_NONBLOCKING to reduce delta withGilles Chehade
-portable
2016-05-28Implement the fork+exec pattern in smtpd.Eric Faurot
The parent process forks child processes and re-exec each of them with an additional "-x <proc>" argument. During the early setup phase, the parent process sends ipc socket pairs to interconnect the child processes as needed, and it passes the queue encryption key to the queue if necessary. When this is done, all processes have their environment set as in the fork-only case, and they can start doing their work as before. ok gilles@ jung@
2016-04-21Use automatic DH parameters, instead of fixed ones. Also disable DHE byJoel Sing
default since it is computationally expensive and a potential DoS vector. ok gilles@
2016-03-17Last parameter to execl[e]() functions *must* be cast to a pointer.Kenneth R Westerback
Just NULL is not good practise as NULL is theoretically allowed to be an integer rather than a pointer. Use (char *)NULL consistently instead of scattering a few (char *)0 and (void *)NULL into the mix. Prompted by and probably ok deraadt@ millert@ kettenis@ Definitely ok mestre@ ratchov@
2016-02-05use SMTPD_NAME defineJoerg Jung
ok gilles
2016-02-02Remove setproctitle() for the parent process. Because rc.d(8) uses processStuart Henderson
titles (including flags) to distinguish between daemons, this makes it possible to manage multiple copies of a daemon using the normal infrastructure by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@
2016-01-27Check imsg data length before use.Sunil Nimmagadda
Ok jung@ gilles@ eric@
2016-01-18Load pki keys before daemon(3). Keys with passphrase require accessSunil Nimmagadda
to stdin. Ok millert@ jung@ gilles@
2016-01-04switch to /usr/local/libexec when looking for -extras and drop loop iteratingJoerg Jung
paths this effectively reverts table.c r1.21 which was mainly introduced for a smooth transition in -current ok gilles
2015-12-28remove spaces after '!'Joerg Jung
no binary change ok millert
2015-12-20remove redundant logGilles Chehade
2015-12-14remove trailing whitespaceJoerg Jung
ok sunil gilles
2015-12-12remove CA from pki and no longer allow specifying a CA with 'pki' keyword.Gilles Chehade
introduce 'ca' keyword to allow specifying a custom CA. making CA part of pki was a bad idea and several people hit use-cases that plain couldn't work. instead of: pki foobar.org ca "/etc/mail/CA.pem" use now: ca foobar.org certificate "/etc/mail/CA.pem" ok sunil@, jung@
2015-12-12Implement senders map.Sunil Nimmagadda
senders table allows to restrict the addresses that an authenticated user can use in the SMTP dialogue. Ok gilles@
2015-12-12prepare load_pki_tree() for pki/ca splitGilles Chehade
2015-12-12In the configuration test mode (smtpd -n) setup queue crypto iff aSunil Nimmagadda
valid queue key is specified. Ok gilles@ jung@
2015-12-11New '-F' option to let smtpd run in foreground while logging toSunil Nimmagadda
syslog. Ok gilles@ jung@
2015-12-10free sc_queue_key only when it points to something other than "stdin"Sunil Nimmagadda
string literal. Ok gilles@
2015-12-10Do not fatal when a log_warn suffices.Sunil Nimmagadda
Ok jung@ gilles@
2015-12-08Let smtpd shutdown gracefully with a zero exit code when the privSunil Nimmagadda
process receives a SIGINT/SIGTERM. Initial diff by nfnty <git@nfnty.se> Ok gilles@ jung@ millert@
2015-12-05Remove a few NULL-checks before free().mmcc
2015-12-01whitespaceGilles Chehade
2015-11-30when looking up tables, start in /usr/local/libexec before /usr/libexec, soGilles Chehade
ports/packages can be installed in the proper place ok jung@
2015-11-30mechanical rename of some IMSG constantsGilles Chehade
ok sunil@, ok jung@
2015-11-05Implement smtpctl uncorrupt <msgid>Sunil Nimmagadda
"uncorrupt" moves envelopes from corrupt bucket back to the queue for further discovery by the daemon. After correcting the corrupt envelopes, admin could now... # smtpctl uncorrupt msgid # smtpctl discover msgid to schedule the messages. Ok gilles@
2015-10-29Implement smtpctl discover <evpid|msgid>.Sunil Nimmagadda
discover subcommand schedules envelopes manually moved to the queue. It triggers a queue walk searching for envelopes with the given id, schedules them and informs the user number of envelopes scheduled. Admins no longer would need to restart the daemon to discover manually moved messages. Ok gilles@
2015-10-26remove unneeded pidfile() from smtpdJoerg Jung
ok gilles
2015-10-22delivery to maildir needs pledge fattrGilles Chehade
from Gregor Best <gbe@unobtanium.de>
2015-10-17LMTP delivery requires "inet unix".Sunil Nimmagadda
Ok millert@ gilles@
2015-10-17smtpd starts rather robustly with a gigantic pledge request group (keepTheo de Raadt
in mind that a gigantic group is already < ~50% of POSIX). It then grinds these down bit by bit as it sets up privsep for the various processes. At startup, smtpd will need the new "id" request as well. ok gilles tedu
2015-10-16add flock to pledge request, needed by delivery_filenameGilles Chehade
ok millert@
2015-10-14pledge() privileged processGilles Chehade
ok deraadt@
2015-10-14Convert fgetln to getline.Sunil Nimmagadda
Ok millert@ eric@ gilles@
2015-10-13offline queue is no longer user-writable, do not attempt resetting fchflagsGilles Chehade
it serves no purpose. ok millert@, ok jung@, ok eric@
2015-10-12do not umask() [with the wrong umask] around mkstemp() calls, no matterTheo de Raadt
how broken other systems are. ok guenther gilles
2015-10-09upon smtpd restart, when scanning the offline queue, unlink 0-sized offlineGilles Chehade
messages as they are left-overs from an errored enqueue. ok millert@, ok eric@
2015-10-06we don't need this temporary buffer since we're going to strdup() it rightGilles Chehade
away anyways ok eric@
2015-10-06fix values passed to umask(), they should be octal.Gilles Chehade
the permissions are even more restrictive than they should. misc bug reported by qualys
2015-10-02prevent users from playing hardlink/symlink/mkfifo games with their offlineGilles Chehade
messages and ~/.forward files. this allowed a local user to hang smtpd or even reset chflags and read first line of any arbitrary file. while at it, do not fatal() on unexpected cause of SIGCHLD as this allows a specially crafted mda to cause smtpd to exit. reporte by Qualys Security
2015-06-03Do not assume that asprintf() clears the pointer on failure, whichTodd C. Miller
is non-portable. Also add missing asprintf() return value checks. OK deraadt@ guenther@ doug@