summaryrefslogtreecommitdiff
path: root/usr.sbin/smtpd
AgeCommit message (Collapse)Author
2020-06-09set TLS SNI when relaying to hostSebastien Marie
ok beck@ "looks reasonable" millert@
2020-06-01Run lmtp deliveries as SMTPD_USER instead of the recipient user.Christopher Zimmermann
ok millert@
2020-05-21Correct getsockname(2)/getpeername(2) usage.Todd C. Miller
Fixes an uninitialized variable and a potential stack overflow with IPv6 connections. From Leah Neukirchen; OK eric@ deraadt@
2020-05-06Only allow forkmda() to be called from a local action dispatcher.Todd C. Miller
From gilles@, OK deraadt@ jung@
2020-04-28In virtual alias context, do not try to match catchall entries forEric Faurot
usernames, but only for email addresses. fixes an issue where usernames always expand to the @ wildcard if defined in the virtual alias file. discussed with Gilles Chehade ok millert@
2020-04-25update filter documentation after protocol changeEric Faurot
from Gilles Chehade
2020-04-25point out that the "junk" filter decision adds the X-Spam headerEric Faurot
from Ryan Kavanagh
2020-04-24strip trailing CRs at smtp level rather than io levelEric Faurot
ok millert@
2020-04-23 ce examples of "Ar arg Ar arg" with "Ar arg arg" and stop the spread;Jason McIntyre
2020-04-22Check for the dispatcher name in the envelope validation function.Eric Faurot
Fixes a possible crash and caching issue when manually moving an envelope to the queue with smtpctl discover. ok millert@
2020-04-17switch email and result fields in mail-from/rcpt-to event reportsEric Faurot
and bump protocol version. discussed with jung@, martijn@ and Gilles. ok jung@
2020-04-10When failing to validate a peer TLS certificate in the MTA due to theBob Beck
desired name of the MX not being present in the certificate, log that this is he reason for the failure and the name we couldn't find in the cert. ok millert@ martijn@
2020-04-08bump smtpd versionEric Faurot
2020-03-18use CRLF line-ending during the SMTP dialog in the local enqueuerEric Faurot
ok millert@
2020-03-17Exit when m_get_string() returns NULL to prevent nullptr dereference intobhe
strlen(). ok millert@
2020-03-16Initialize session.rcptto to NULL before parsing command line optinos.Todd C. Miller
Otherwise, if neither -r nor -u is specified, it will be used uninitialized. Found by tobhe@; OK tobhe@ deraadt@
2020-03-15Add missing casts to unsigned char when using ctype(3).Todd C. Miller
From Hiltjo Posthuma
2020-03-08Rewrite qp_encoded_write.Martijn van Duren
Among the fixes are: - Don't count a leading dot, since it's part of smtp and not the message. - Let qp_encoded_write handle line wrappings, since it can do a better job at the bookkeeping than the caller - Make sure a soft linebreak that starts with a dot is escaped for the SMTP-layer - Only encode a space character if it's followed by a hard linebreak, since this is the only case mandated by RFC5321 and it gives a more readable output and saves a few additional bytes. - Fix that we actually limit the encoded linelength to 76 characters as specified in RFC5321. Feedback and OK eric@
2020-02-25fsqueue_envelope_dump() returns 0 on temporary failure, not -1.Todd C. Miller
We should only exit the loop that creates the queue file if we successfully created the file or we've exceeded the max number of tries. From gilles@ based on feedback from Qualys.
2020-02-24Cast argument of ctype(3) macros to unsigned char, not int.Todd C. Miller
Similar to a diff from Hiltjo Posthum. OK jung@ deraadt@
2020-02-24Bump version to 6.6.4 for errata and to match -portable.Todd C. Miller
2020-02-24Fix two security vulnerabilities discovered by Qualys.Todd C. Miller
An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.
2020-02-12Standardize argument naming for "sourceaddr" and unify the wording a bit,Ingo Schwarze
similar to what deraadt@ recently did in other manual pages.
2020-02-03ORCPT addresses are prefixed with an address type, the stricter check causeGilles Chehade
the prefix to be rejected as it contains a character not allowed in address reported by Scott Vanderbilt
2020-02-03now that mail.local(8) relies on lockspool(1) for mailbox locking, have theGilles Chehade
mailbox created by smtpd for mbox before privileges are dropped then we can call mail.local(8) with the recipient privileges. ok millert@
2020-02-02add SENDER to mda environment and teach lmtp to use that instead of commandGilles Chehade
line parameter. this allows simplifying lmtp command line and it would have prevented the unpriv command exec for LMTP in recent advisory. ok millert@ and jung@
2020-02-01be much stricter about ORCPT, it isn't in the code path of local deliveryGilles Chehade
and doesn't have an associated context variable, but let's be paranoid. ok millert@
2020-02-01condition to enter mda_mbox() is too strict, if user have commands in theirGilles Chehade
forward file they're not supposed to enter that code path.
2020-01-31introduce mda_mbox() to handle mbox delivery in its own code path, and makeGilles Chehade
it use execle() since we know all parameters and don't need command line to be parsed. ok millert@ and jung@
2020-01-30Bump smtpd version after recent changessolene
ok gilles@
2020-01-28Fix a security vulnerability discovered by Qualys which can lead to aGilles Chehade
privileges escalation on mbox deliveries and unprivileged code execution on lmtp deliveries, due to a logic issue causing a sanity check to be missed. ok eric@, millert@
2020-01-20opportunistic tls downgrade logic is more complex than it should and can inGilles Chehade
some cases lead to a sanity check fatal() being hit. rework the logic so it is simpler and makes the sanity check fatal() unreachable. ok eric@ millert@
2020-01-08remove literal tab from a column list;Jason McIntyre
2020-01-08allow using the session username in builtin filters when availableGilles Chehade
2020-01-08enable builtin filtering for commit phaseGilles Chehade
2020-01-08emable builtin filtering for phase DATA, no idea why we didn't earlier asGilles Chehade
the grammar allowed it and the code was already there.
2020-01-08reorder reporting events so they are triggered _after_ protocol-serverGilles Chehade
events. this ensures that both smtp-in and smtp-out receive the events in the same order.
2020-01-07generate tx-envelope before tx-rcpt like for smtp-inGilles Chehade
2020-01-07fix reporting of tx-mail and tx-rcpt for smtp-outGilles Chehade
2020-01-07generate link-auth reporting event for outgoing sessionsGilles Chehade
2020-01-06make it more explicit that filters are unique processesGilles Chehade
2020-01-06do not allow passing options to smtpctl encryptGilles Chehade
2020-01-06provide a better error message for invalid smtpctl commandsGilles Chehade
2020-01-03upon return of authentication we log the username and generate an smtp-inGilles Chehade
report for the authentication result, however we use a buffer that is too small and usernames from virtual accounts may get truncated in logs. reported by Bjorn Kalkbrenner
2019-12-21upon connect to remote host extract hostname from banner when possible thenGilles Chehade
generate link-greeting smtp-out report event
2019-12-21if a filter was attached to a relay action in config, notify instance thatGilles Chehade
it can register smtp-out events
2019-12-21start bringing smtp-out reporting code, lacks some events stillGilles Chehade
2019-12-21add FILTER_SUBSYSTEM_SMTP_OUT to filter_subsystem enum and add filter nameGilles Chehade
to struct dispatcher_remote, this will reduce the smtp-out reporting diff
2019-12-21keep track of DATA length in mta_session, will be needed for smtp-outGilles Chehade
reporting
2019-12-21keep track of the relay action in relays, will be used for smtp-outGilles Chehade
reporting