summaryrefslogtreecommitdiff
path: root/usr.sbin/smtpd
AgeCommit message (Collapse)Author
2015-02-06Rename SSL_CTX_use_certificate_chain() to SSL_CTX_use_certificate_chain_mem().Reyk Floeter
As discussed with beck@ jsing@ and others OK beck@
2015-01-22LibreSSL now supports loading of CA certificates from memory, replaceReyk Floeter
the internal and long-serving ssl_ctx_load_verify_memory() function with a call to the SSL_CTX_load_verify_mem() API function. The ssl_privsep.c file with hacks for using OpenSSL in privsep'ed processes can now go away; portable versions of smtpd and relayd should start depending on LibreSSL or they have to carry ssl_privsep.c in openbsd-compat to work with legacy OpenSSL. No functional change. Based on previous discussions with gilles@ bluhm@ and many others OK bluhm@ (as part of the libcrypto/libssl/libtls diff)
2015-01-20use <limits.h> comprehensively. For now try to push <> includes toTheo de Raadt
each .c file, and out of the .h files. To avoid overinclude. ok gilles, in principle. If this has been done right, -portable should become easier to maintain.
2015-01-16SSL_CTX_use_certificate_chain() has been added to LibreSSL and thereReyk Floeter
is no need to keep a local copy in ssl_privsep.c. This adds a little burden on OpenSMTPD-portable because it will have to put it in openbsd-compat for compatibility with legacy OpenSSL. OK gilles@
2015-01-16The SSL/TLS session Id context is limited to 32 bytes. Instead ofReyk Floeter
using the name of relayd relay or smtpd pki, use a 32 byte arc4random buffer that should be unique for the context. This fixes an issue in OpenSMTPD when a long pki name could break the configuration. OK gilles@ benno@
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
2015-01-15when enqueueing offline mails from within the daemon session, we should notGilles Chehade
rely on getlogin() otherwise mail will end up enqueued as coming from user who started smtpd. bug spotted by deraadt@, diff ok todd@
2015-01-14recipient and sender lists now support the user+TAG notation, allowingGilles Chehade
among other things a secondary MX to filter recipients to be relayed to a primary MX even if they are using tags. there are other nice things to do with that feature, use your imagination. tested and ok florian@, tested by several users for a few days too
2015-01-14bring back reverted commits, the crash was unrelatedGilles Chehade
2015-01-11revert two latest commits until a crash is fixedGilles Chehade
2015-01-11unbreak the delivery_filename backend, now that it no longer prepends theGilles Chehade
From separator line but gets it injected in its iobuf by the mda process, we need to make sure not to escape the first 'From ' we receive. spotted by deraadt@
2015-01-09rename a variable to avoid a warningGilles Chehade
spotted by deraadt@
2015-01-07fix ctype casting bug spotted by Jonas 'Sortie' TermansenGilles Chehade
2015-01-06move the message parser init earlier to avoid a possible use after free inGilles Chehade
an unlikely error code path
2015-01-06fix whitespace and indentation, by Kyle MilzGilles Chehade
2015-01-05some third-party mda require a prepended From separator line, so remove theGilles Chehade
prepending from delivery_filename backend and prepend conditionally earlier in the code path if delivery method is through mda or filename. ok eric@
2014-12-24bump versionEric Faurot
2014-12-24Correctly fallback to PLAIN if opportunistics TLS fails during TLS handshake.Eric Faurot
fix by Stefan Sieg ok gilles
2014-12-24missing includeEric Faurot
2014-12-17Use log_warnx() not log_warn() for mail loop warning since errnoTodd C. Miller
is not set. OK gilles@
2014-12-14these are no longer used, removeGilles Chehade
2014-12-13Add DKIM signing example based on eric@'s asiabsdcon slidesTodd C. Miller
OK gilles@ jmc@
2014-12-08no need for arc4random_uniform() here, arc4random() does the jobGilles Chehade
spotted by deraadt@, ok eric@
2014-11-23some third-party applications generate malformed headers which we can stillGilles Chehade
parse correctly, do not reject message as malformed in this case
2014-11-20Don't allow embedded nul characters in strings.Jonathan Gray
Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer. pfctl parse.y patch from and ok deraadt@
2014-11-19two obvious markup fixes; from frankgroeneveld dot nlIngo Schwarze
2014-11-16Convert the logic in yyerror(). Instead of creating a temporaryAlexander Bluhm
format string, create a temporary message. OK doug@
2014-11-14Add gcc printf format attributes to yyerror() in parse.y files.Doug Hogan
No yyerror() calls needed to be changed. ok bluhm@
2014-11-12truncate dead.letterGilles Chehade
2014-11-06since domain appending is handled at the daemon level, don't try to do itGilles Chehade
in the enqueuer itself, it leads to broken headers
2014-11-05stop prepending the user id in local enqueuing Received lineGilles Chehade
2014-11-02increment s->datalen counter in append domain code to correctly account forGilles Chehade
the data we wrote
2014-11-02rework domain append by locating either the brackets or the last componentGilles Chehade
of an address and appending domain if not already there. this works better than trying to parse addresses and render them back, while allowing us to do the append "in place" and cope nicely with multi-line addresses.
2014-10-26when using the local enqueuer, if the internal SMTP session fails, copy theGilles Chehade
original message to ~/dead.letter so it's not lost
2014-10-25newaliases / makemap should parse multi-line aliases entriesGilles Chehade
2014-10-16disable SSLv3Gilles Chehade
ok jsing@
2014-10-15- allow empty headersGilles Chehade
2014-10-15when From, To and Cc headers present users without domains, append theGilles Chehade
listener hostname to avoid smtpd relaying a header that will be rewritten by the destination MX. ok eric@
2014-10-15add a (high) limit to the number of header lines we're willing to keep inGilles Chehade
memory for rewriting purposes, this will prevent sessions from sending an insanely large number of continuations to a single header and starve us.
2014-10-15fix memory leak in error pathGilles Chehade
2014-10-12do not allow header to termine with pending flagsGilles Chehade
2014-10-12to rewrite domain on incoming mails, we need to be able to extractGilles Chehade
rfc822 addresses from some headers and parse them into a structure that we can easily manipulate. this implementation will parse addresses in the following formats: user, user <addr>, "user" <addr>, "user name" <addr>
2014-10-12simple message parser to be used in smtp incoming sessions, not plugged yetGilles Chehade
2014-10-12local host is not "localhost", local host is env->sc_hostnameGilles Chehade
2014-10-08obvious reallocarray() useTheo de Raadt
2014-10-08restrict address lookups to configured address families.Eric Faurot
ok gilles@
2014-10-04some MUA will bypass the local enqueuer and send an empty BCC header in theGilles Chehade
DATA part of the SMTP transaction. force smtpd to strip these headers when it sees them.
2014-10-04Use getlogin() to determine real user name where possible.Todd C. Miller
OK guenther@ deraadt@
2014-10-02when no domain is specified in MAIL FROM or RCPT TO, assume local userGilles Chehade
2014-10-02no need to set the same field NULL twice ;-)Gilles Chehade
ok reyk@
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-17 06:20:44 +0000