| Age | Commit message (Collapse) | Author |
|---|
|
suggested by djm@ on hackers@, diff ok djm@
|
|
ok gilles@
|
|
* first bricks of ldap and sqlite support (not finished but both working)
* new table API to replace map API, all lookups are done through tables
* improved handling of temporary errors throughout the daemon
* improved scheduler and mta logic: connection reuse, optimizes batches
* improved queue: more tolerant to admin errors, new layout, less disk-IO
* improved memory usage under high load
* SSL certs/keys isolated to lookup process to avoid facing network
* VIRTUAL support improved, fully virtual setups possible now
* runtime tracing of processes through smtpctl trace
* ssl_privsep.c sync-ed with relayd
* ssl.c no longer contains smtpd specific interfaces
* smtpd-specific ssl bits moved to ssl_smtpd.c
* update mail address in copyright
FLUSH YOUR QUEUE. FLUSH YOUR QUEUE. FLUSH YOUR QUEUE. FLUSH YOUR QUEUE.
smtpd.conf(5) simplified, it will require adaptations
ok eric@
|
|
ok gilles@
|
|
* Log more events (especially client session) and use a better scheme
for that: each messages is prefixed with a token to easily identify
its class:
- info/warn/debug: general server messages
- smtp-in: smtp client connections
- relay: status update for relayed messages
- delivery: status update for local deliveries
* Implement "smtpctl monitor" to display updates of selected internal
counters.
* When reloading the on-disk queue at startup do not commit a message
if no envelope was submitted for that message.
* Remove unused stuff in the config parser.
ok gilles@
|
|
with gilles and eric, tested by me and gilles
ok gilles@
|
|
correct (uid 0, no rights for g/o).
Initial diff by Sunil Nimmagadda.
ok gilles@ chl@
|
|
Change ssl_session_init to ssl_smtp_init and make it simpler: only create
an SSL* from the SSL_CTX* passed as parameter, so it does not have to know
about the struct session itself. Kill some dead prototypes while there.
ok chl@ gilles@
|
|
ok eric@
|
|
a better separation between io and protocol logic. As a side-effect,
it fixes a couple of long-standing issues in the io path, and
hopefully add fresh ones instead. Kill client.c in the process.
ok gilles@
|
|
tested @ home
|
|
establishing a ssl session. will be investigated and reenabled soon
asked and commited on behalf of gilles@
ok gilles@
|
|
ok gilles@
|
|
bits from relayd, ok chl@, ok eric@
|
|
caching, don't try to negotiate an RFC 4507-style session ticket,
as it would be useless and some (broken and non-compliant) servers
choke on TLS extension negotiation.
ok gilles@
|
|
tested by gilles@
ok gilles@ eric@
|
|
correctly freed by SSL_free() at the end of the session.
Plug a leak in the mta.
ok! gilles@
|
|
simpler and hopefully saner way.
ok gilles@ chl@
|
|
|
|
if a ssl_connect() call needs to retry because of SSL_WANT_READ or
SSL_WANT_WRITE, set the proper event flag instead of keeping the default
one which is both read and write.
|
|
|
|
discussed with and ok gilles@
|
|
exchange. if no DH parameters are found, fallback to builtin parameters
as was done until now.
since we now accept user-provided DH parameters, make smtpd more strict
and fatal() if the parameters are bogus.
bump the key size of the DH parameters from 512bits to 1024bits, it might
be bumped further after some more research.
thanks to mikeb@ for his suggestions
diff ok mikeb@ , man ok jmc@
|
|
|
|
"ok and no need to keep them for yourself" gilles@
|
|
is way more optimized than what we had earlier and there's definitely stuff
we want to keep, however it is early optimization that doesn't account for
many features and makes them hard (if not impossible) to write without
ugly workarounds that ruin the purpose of the optimizations.
the backout goes to 30 May's right before the commit and catches up on all
the non-queue related commits that happened since then.
i'll work on reintroducing the ideas from this queue when the basic
features we expect from a MTA are implemented.
suggested on tech@ about a week ago, no objections, several "please make
smtpd move forward" mails from hackers and tech readers.
|
|
|
|
|
|
Major goals:
1) Fix bad performance caused by the runner process doing full queue
read in 1s intervals. My Soekris can now happily accept >50 msg/s
while having multi-thousand queue; before, one hundred queue would
bring the system to its knees.
2) Introduce Qmail-like scheduler that doesn't write as much to the
disk so that it needs less code for servicing error conditions,
which in some places can be tricky to get right.
3) Introduce separation between the scheduler and the backend; these
two queue aspects shouldn't be too tied too each other. This means
that eg. storing queue in SQL requires rewrite of just queue_backend.c.
4) Make on-disk queue format architecture independent, and more
easily extensible, to reduce number of flag days in the future.
Minor goals:
ENOSPC no longer prevents delivery attempts, fixed session limiting
for relayed mail, improved batching of "relay via" mails, human-readable
mailq output, "show queue raw" command, clearer logging, sending
of single bounce about multiple recipients, exact delay= computation,
zero delay between deliveries while within session limit (currently
1s delay between re-scheduling is enforced), mta no longer requests
content fd, corrected session limit for bounce submissions, tiny
<100B queue files instead of multi-KB, detect loops before accepting
mail, reduce traffic on imsg channels by killing enormous struct
submit_status.
|
|
ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.
ok henning gilles claudio jacekm deraadt
|
|
|
|
buf_read (and in ssl_buf_read).
|
|
|
|
to work with smtpd; ok jacekm@, on behalf of gilles@ who doesnt have access to a safe machine
|
|
process to relay mails. ok gilles@
|
|
configuration reloading without killing active sessions; ok jacekm@
|
|
|
|
host which requests client certificates:
accept [...] relay via [...] ssl certificate "mycert"
diff from Josh Elsasser <josh@elsasser.org>, tested and okayed by me with
no change but the addition of status 554 to the state machine to deal with
remote host telling us it doesn't like our certificate.
|
|
process individually whenever stats need to be fetched, keep stats
in MAP_ANON shared memory allocated by parent.
This means control has direct access to stats and can respond very
quickly without troubling any other daemon processes.
ok gilles@
|
|
as we would exit earlier if either one is NULL.
diff by giovanni <qgiovanni@gmail.com>, had been sitting in my mbox for a
while, okayed by jacek and I
|
|
strictness:
- Drop clients attempting command pipelining; protects the daemon
from all kinds of abuse.
- Replace F_EVLOCKED flag with F_WRITEONLY which has cleaner sematics:
when up, session must not be destroyed nor read from, but may be
written to.
- Write callback becomes a central place for enabling EV_READ.
- Delay bufferevent creation until after ssl handshake is completed.
A bunch of session error stats were added to smtpctl's "show stats".
These could help spotting event masking errors in the future.
ok gilles@
|
|
|
|
1) kill the ssmtp keyword in "ssmtp listen on ...";
2) kill the use keyword in "... use certificate foo";
3) tls no longer implicit, user must explicitely use the tls or smtps option.
4) for "relay via", move the tls/smtps options to right after the
port specification; makes it similar to "listen on".
These directives:
ssmtp listen on fxp0 use ceritifate "foo"
accept for all relay via tls "mx.bar.com"
now become:
listen on fxp0 smtps certificate "foo"
accept for all relay via "mx.bar.com" tls
ok gilles@
|
|
to also share the statistics structure, still being worked on
|
|
s->s_l field. this commit fixes a crash in mta caused by a NULL deref.
|
|
F_SECURE. while at it, add "smtp.sessions.aborted" which keeps track of
sessions which were interrupted before completion.
|
|
count, but also the total sessions count, ssmtp sessions (both current and
total) and starttls sessions (both current and total)
# ./smtpctl/smtpctl show stats|grep smtp.sessions
smtp.sessions = 0
smtp.sessions.active = 0
smtp.sessions.ssmtp = 0
smtp.sessions.ssmtp.active = 0
smtp.sessions.starttls = 0
smtp.sessions.starttls.active = 0
#
|
|
accept for domain "openbsd.org" relay via tls "mx.example.org"
to ensure the relaying of mail for whoever@openbsd.org will happen through
a secure tls (STARTTLS) session. failure to establish a tls session will be
considered as a permanent failure. As a side effect:
accept for domain "openbsd.org" relay via ssl "mx.example.org"
can now work as well and ensure that the relaying happens through ssmtp OR
tls, but never through an unsafe channel. no need to specify a port, they
are automatically detected if not specified.
still a work in progress, don't expect that it will work flawlessly.
|
|
accept for domain "openbsd.org" relay via ssmtp "mx1.example.org"
to ensure that deliveries for whatever@openbsd.org goes through an SSL session
to mx1.example.org
|
|
|
