| Age | Commit message (Collapse) | Author |
|---|
|
not to be taken into account if they had no ~/.forward file AND were the
result of an alias expansion that expanded to more than one username.
while at it, I spotted another bug where I would check T_MDA_MESSAGE on
the flags field instead of the type field. the bug could cause two MDA
message to end up in the same batch which is no longer valid.
|
|
|
|
to also share the statistics structure, still being worked on
|
|
deal with deliveries, it now uses struct session just like mta and smtp
processes. we now keep the mbox and message descriptors in the session,
saving space in struct message which is now as small as we can make it.
While at it, plugged a memory leak and did some cosmethic changes
This was the last planned change to our struct message which means that
later changes will no longer require a queue flush before rebuild.
|
|
struct session where it really belongs.
|
|
Use it to display the date in received from header and when we
store headers.
ok jacekm@
|
|
|
|
from OpenSSH; ok gilles@
|
|
|
|
can be turned on by adding "enable auth" to a "relay via" rule. this made
me rework the mx resolution so that it is done by the mta process and not
the runner process anymore.
|
|
writing a small app that sent out of order imsg's. prevent this by use
of a state machine and read event masking.
issue spotted by jacekm@, temporary fix by me. there are ideas around
this, but we want to experiment them a bit and they are low priority.
|
|
used and by moving the rcpt count in struct session where it really belongs
while at it, remove some unused splay tree generation in mfa
|
|
process that does the opening, this commit does some cleanup, and fixes a
bug I experienced today which was caused by a use-after-free.
I did some testing to make sure a user cannot cause smtpd to deadlock, or
loop, with broken setups (self-referencing forwards/aliases, empty files,
broken files...), but if you are playing with aliases/forwards PLEASE let
me know of any bug you run into.
|
|
|
|
is notified so that the session does not hang
|
|
causing them not to be handled when a user's homedir is set to mode 0700. I
still need to do some cleanup and make sure it works as it should, but this
diff provides better behavior than what we had.
|
|
lockspool(1). this means our mbox delivery follows a code path that has
become almost identical to external mda deliveries. this is the first
of a serie of diffs actually...
lockspool(1) suggestion by deraadt@, mail.local(8) idea by jacekm@, and
fix and testing by me
|
|
- Introduce secure_file, based on secure_filename from OpenSSH, it
checks that mbox has right perms, and that path components are
trustworthy, too.
ok gilles@
|
|
and queue.inserts.local; ok gilles@
|
|
a token so that it is possible to do: smtpctl schedule <message id/uid>
introduce F_MESSAGE_FORCESCHEDULE which lets the runner schedule a message
even if the retry delay has not been expired.
F_MESSAGE_ENQUEUED is a valid flag for a message and should not cause an\
errx() in smtpctl show queue
|
|
and uid do not look wrong. this was not needed earlier because we only deal
with message id's coming from trusted sources, but smtpctl will soon have a
new feature which requires us to deal with user provided message id's.
|
|
getnameinfo internally; ok gilles@
|
|
|
|
- decline source routing at MAIL FROM, strip at RCPT TO
ok gilles@
|
|
gilles@, pyr@ and henning@, diff ok gilles@.
|
|
|
|
relayd at n2k9, and adapted to smtpd; ok gilles@
|
|
|
|
F_SECURE. while at it, add "smtp.sessions.aborted" which keeps track of
sessions which were interrupted before completion.
|
|
count, but also the total sessions count, ssmtp sessions (both current and
total) and starttls sessions (both current and total)
# ./smtpctl/smtpctl show stats|grep smtp.sessions
smtp.sessions = 0
smtp.sessions.active = 0
smtp.sessions.ssmtp = 0
smtp.sessions.ssmtp.active = 0
smtp.sessions.starttls = 0
smtp.sessions.starttls.active = 0
#
|
|
being called again with F_EVLOCK set. this fixes a bug where disconnect
after smtpd sends greeting and before entering any command failed to go
into session_destroy().
while at it, rename the "smtp.clients" statistic to "smtp.sessions" and
add counters to struct s_smtp so that I can add ssmtp and starttls with
my next commit ;)
|
|
look ok gilles@
|
|
three quarters of that limit (a session typically has 3 descriptors). when
we hit that limit, we stop accepting connections, and when client closes a
session, we start accepting connections again. this prevents us from going
into a session that is likely to fail because of scarce resources.
idea discussed with jacekm@, code mostly ripped from relayd
|
|
hit under certain conditions; while tracking the bug I ran into other bugs
which were kind of related and could cause us to hit a fatal() too.
fix by me, but with lots of testing and investigation with jacekm@,
ok jacekm@
|
|
|
|
prototype to smtpd.h
spotted and diff from Oleg Safiullin <form@pdp-11.org.ru>
|
|
as well as for some outgoing messages, this is fixed now
|
|
accept for domain "openbsd.org" relay via tls "mx.example.org"
to ensure the relaying of mail for whoever@openbsd.org will happen through
a secure tls (STARTTLS) session. failure to establish a tls session will be
considered as a permanent failure. As a side effect:
accept for domain "openbsd.org" relay via ssl "mx.example.org"
can now work as well and ensure that the relaying happens through ssmtp OR
tls, but never through an unsafe channel. no need to specify a port, they
are automatically detected if not specified.
still a work in progress, don't expect that it will work flawlessly.
|
|
accept for domain "openbsd.org" relay via ssmtp "mx1.example.org"
to ensure that deliveries for whatever@openbsd.org goes through an SSL session
to mx1.example.org
|
|
the remaining code was moved to queue_shared.c; ok gilles@
|
|
state field from struct batch and propagate the change
|
|
write handler has been changed to set the bufferevent that's in there
rather than the one in struct batch. since struct batch is no longer doing
anything useful for events handling, we can remove many fields of it.
|
|
store a lot of its session related code, but this is just not right and
this commit starts making mta code aware of struct session. This will
ease the implementation of ssl sessions in mta.
while at it, make mta autodetect port to use if it isn't provided in a
rule but can be derived from a parameter (i.e: "relay via ssmtp ...").
|
|
clients would still be able to connect. instead, at pause time we
close and remove the listeners, and at resume time we request the
parent to reconfigure all listeners.
discussed with pyr@
|
|
1) queue never reads /queue.
2) queue writes to /queue only at message injection time.
3) runner does all reading, and all writing apart from 2).
ok gilles@
|
|
consists of checking headers for a custom header, but we also count how many
hops the mail went through and use a hard limit (currently set to 100 as was
recommanded by RFC) as a safe-guard.
idea discussed with jacekm@, qmail approach suggested by claudio@ a long time
ago
|
|
used by queue process but also by runner, while at it change the prototype
of queue_open_message_file() so it takes the message id and not a batch,
runner process requires the decriptor before it even starts building a
batch.
|
|
provided recipient even after aliases/forwards expansion, we'll need this
for loop detection.
message id and uid being MAXPATHLEN long is a waste, define MAX_ID_SIZE
which is currently set to 64 (but can probably be further reduced) and
make sure that structures and the few strlcpy's use the right define.
original idea by jacekm@ a while ago
|
|
without "talking" smtp to listeners. currently, a big part of the server
side code is done (and requires a cleanup), next step is to get it usable
properly from a mail user agent.
|
|
sharedqueue.c file, smtpctl cannot link queue.o without creating a mess
otherwise. while at it, move some prototypes to smtpd.h as they will be
needed by enqueue code
|
