| Age | Commit message (Collapse) | Author |
|---|
|
the configuration file again and replace current configuration with new one
in all processes. what we don't support yet is graceful restart, clients in
sessions at the moment of the reload will have a temp failure thrown at 'em
which is ok RFC-wise but which we will try to improve anyway.
tested with various setups, "diff reads good" jacekm@
|
|
- Make the condition when STARTTLS and AUTH are advertised & accepted
more readable.
ok gilles@
|
|
interface for a different MTA. Use the binary in /usr/libexec
directly instead.
Based on remark claudio@ made in passing.
ok gilles@
|
|
|
|
strictness:
- Drop clients attempting command pipelining; protects the daemon
from all kinds of abuse.
- Replace F_EVLOCKED flag with F_WRITEONLY which has cleaner sematics:
when up, session must not be destroyed nor read from, but may be
written to.
- Write callback becomes a central place for enabling EV_READ.
- Delay bufferevent creation until after ssl handshake is completed.
A bunch of session error stats were added to smtpctl's "show stats".
These could help spotting event masking errors in the future.
ok gilles@
|
|
|
|
- Improve RFC compliance: CNAMEs are resolved, equal preference MXs
are randomized, relaying via MX that has equal/lower preference
than local server is prevented, decision on when to treat domain
name as implicit MX is better.
ok gilles@
|
|
first action of an enum and we allocated a struct using calloc, but we did
not properly initialize the action for authenticated users.
while at it, change the name of path action flags so that we know at first
sight that they are path related.
this diff fixes the immediate issue but still needs work.
ok jacekm@, "we'll work out a long term solution"
|
|
|
|
bufferevent_settimeout instead of rolling our own; ok gilles@
|
|
|
|
The approach is to save cmdline + stdin in a file under a newly
added directory /var/spool/smtpd/offline (uid 0 gid 0 mode 1777).
Next time daemon starts, it uses information in that directory
to replay sendmail on user's behalf.
ok gilles@
|
|
of regularly walking session tree in search of idle clients. Gives
the smtp process a chance to become idle.
As a bonus, add smtp.sessions.timeout counter to "smtpctl show stats".
ok gilles@
|
|
and -F cmdline args. Also, date and Message-Id headers are added
when missing.
The main trouble with the current enqueue code is that it requires
dealing with problems in the control process that are already solved
in the smtp process, ie. duplicating a lot of code which interacts
with untrusted clients. This diff solves this by making sendmail
obtain a SMTP socket from smtp via smtpd.sock, and using that socket
to deliver the message. For smtpd it looks as if connection was
made from the network, only difference being the F_MESSAGE_ENQUEUED
message flag, handy when differentation between local and remote
deliveries is wanted.
Most of the features come from the femail program, created by henning@.
Additional testing by Nigel J. Taylor.
ok gilles@, henning@ happy with smtpd using femail code
|
|
|
|
1) kill the ssmtp keyword in "ssmtp listen on ...";
2) kill the use keyword in "... use certificate foo";
3) tls no longer implicit, user must explicitely use the tls or smtps option.
4) for "relay via", move the tls/smtps options to right after the
port specification; makes it similar to "listen on".
These directives:
ssmtp listen on fxp0 use ceritifate "foo"
accept for all relay via tls "mx.bar.com"
now become:
listen on fxp0 smtps certificate "foo"
accept for all relay via "mx.bar.com" tls
ok gilles@
|
|
not to be taken into account if they had no ~/.forward file AND were the
result of an alias expansion that expanded to more than one username.
while at it, I spotted another bug where I would check T_MDA_MESSAGE on
the flags field instead of the type field. the bug could cause two MDA
message to end up in the same batch which is no longer valid.
|
|
|
|
to also share the statistics structure, still being worked on
|
|
deal with deliveries, it now uses struct session just like mta and smtp
processes. we now keep the mbox and message descriptors in the session,
saving space in struct message which is now as small as we can make it.
While at it, plugged a memory leak and did some cosmethic changes
This was the last planned change to our struct message which means that
later changes will no longer require a queue flush before rebuild.
|
|
struct session where it really belongs.
|
|
Use it to display the date in received from header and when we
store headers.
ok jacekm@
|
|
|
|
from OpenSSH; ok gilles@
|
|
|
|
can be turned on by adding "enable auth" to a "relay via" rule. this made
me rework the mx resolution so that it is done by the mta process and not
the runner process anymore.
|
|
writing a small app that sent out of order imsg's. prevent this by use
of a state machine and read event masking.
issue spotted by jacekm@, temporary fix by me. there are ideas around
this, but we want to experiment them a bit and they are low priority.
|
|
used and by moving the rcpt count in struct session where it really belongs
while at it, remove some unused splay tree generation in mfa
|
|
process that does the opening, this commit does some cleanup, and fixes a
bug I experienced today which was caused by a use-after-free.
I did some testing to make sure a user cannot cause smtpd to deadlock, or
loop, with broken setups (self-referencing forwards/aliases, empty files,
broken files...), but if you are playing with aliases/forwards PLEASE let
me know of any bug you run into.
|
|
|
|
is notified so that the session does not hang
|
|
causing them not to be handled when a user's homedir is set to mode 0700. I
still need to do some cleanup and make sure it works as it should, but this
diff provides better behavior than what we had.
|
|
lockspool(1). this means our mbox delivery follows a code path that has
become almost identical to external mda deliveries. this is the first
of a serie of diffs actually...
lockspool(1) suggestion by deraadt@, mail.local(8) idea by jacekm@, and
fix and testing by me
|
|
- Introduce secure_file, based on secure_filename from OpenSSH, it
checks that mbox has right perms, and that path components are
trustworthy, too.
ok gilles@
|
|
and queue.inserts.local; ok gilles@
|
|
a token so that it is possible to do: smtpctl schedule <message id/uid>
introduce F_MESSAGE_FORCESCHEDULE which lets the runner schedule a message
even if the retry delay has not been expired.
F_MESSAGE_ENQUEUED is a valid flag for a message and should not cause an\
errx() in smtpctl show queue
|
|
and uid do not look wrong. this was not needed earlier because we only deal
with message id's coming from trusted sources, but smtpctl will soon have a
new feature which requires us to deal with user provided message id's.
|
|
getnameinfo internally; ok gilles@
|
|
|
|
- decline source routing at MAIL FROM, strip at RCPT TO
ok gilles@
|
|
gilles@, pyr@ and henning@, diff ok gilles@.
|
|
|
|
relayd at n2k9, and adapted to smtpd; ok gilles@
|
|
|
|
F_SECURE. while at it, add "smtp.sessions.aborted" which keeps track of
sessions which were interrupted before completion.
|
|
count, but also the total sessions count, ssmtp sessions (both current and
total) and starttls sessions (both current and total)
# ./smtpctl/smtpctl show stats|grep smtp.sessions
smtp.sessions = 0
smtp.sessions.active = 0
smtp.sessions.ssmtp = 0
smtp.sessions.ssmtp.active = 0
smtp.sessions.starttls = 0
smtp.sessions.starttls.active = 0
#
|
|
being called again with F_EVLOCK set. this fixes a bug where disconnect
after smtpd sends greeting and before entering any command failed to go
into session_destroy().
while at it, rename the "smtp.clients" statistic to "smtp.sessions" and
add counters to struct s_smtp so that I can add ssmtp and starttls with
my next commit ;)
|
|
look ok gilles@
|
|
three quarters of that limit (a session typically has 3 descriptors). when
we hit that limit, we stop accepting connections, and when client closes a
session, we start accepting connections again. this prevents us from going
into a session that is likely to fail because of scarce resources.
idea discussed with jacekm@, code mostly ripped from relayd
|
|
hit under certain conditions; while tracking the bug I ran into other bugs
which were kind of related and could cause us to hit a fatal() too.
fix by me, but with lots of testing and investigation with jacekm@,
ok jacekm@
|
