| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-09-23 | Revert agentx support for now, we're too close to release. | Martijn van Duren | |
| requested by deraadt@ | |||
| 2020-09-23 | Add support for agentx to smtpd. | Martijn van Duren | |
| This is based around NETWORK-SERVICES-MIB from RFC2788 and MTA-MIB from RFC2789, but does not export the full spec. Hopefully this will expand in the future. People who want to use this against net-snmp (currently the only option known to me at the time of writing) may want to add -I -mta_sendmail to the flags, so net-snmp doesn't throw garbage into the mib-2.28 subtree. | |||
| 2020-09-22 | Allow handling long lines in an aliases table. | Martijn van Duren | |
| Pointed out by AIsha Tammy (openbsd <dot> bugs <at> aisha <dot> cc) Original diff by Edgar Pettijohn (edgar <at> pettijohn-web <dot> com) OK tb@ | |||
| 2020-09-16 | Add the admd keyword. This can be used by filters interested in the | Martijn van Duren | |
| Authentication-Results header. OK giovanni@ | |||
| 2020-09-14 | Fix handling of user names containing '@' symbols. | Todd C. Miller | |
| It is possible to have a user name of the form foo@bar in the URL. When splitting user name from host name, split at the last '@', not the first one. From Josh Rickmar | |||
| 2020-09-14 | Document "pki" option for relay delivery too; from Nick Gasson | Todd C. Miller | |
| OK jmc@ martijn@ | |||
| 2020-09-14 | All buffers are in rw-memory, but lookup_record has it defined as | Martijn van Duren | |
| const char *. Remove the const so things compile a little cleaner. Pointer out by Mark Patruck <mark <at> wrapped <dot> cx>. Thanks | |||
| 2020-09-14 | Make "spf walk" report if an spf-record has macro's and can't be resolved. | Martijn van Duren | |
| Originally reported by and OK on earlier version giovanni@ Looks good to deraadt@ feedback and OK jmc@ feedback semarie@ OK sthen@ | |||
| 2020-08-27 | add missing "regex" keyword; from heddi nabbisen | Jason McIntyre | |
| ok martijn | |||
| 2020-06-09 | set TLS SNI when relaying to host | Sebastien Marie | |
| ok beck@ "looks reasonable" millert@ | |||
| 2020-06-01 | Run lmtp deliveries as SMTPD_USER instead of the recipient user. | Christopher Zimmermann | |
| ok millert@ | |||
| 2020-05-21 | Correct getsockname(2)/getpeername(2) usage. | Todd C. Miller | |
| Fixes an uninitialized variable and a potential stack overflow with IPv6 connections. From Leah Neukirchen; OK eric@ deraadt@ | |||
| 2020-05-06 | Only allow forkmda() to be called from a local action dispatcher. | Todd C. Miller | |
| From gilles@, OK deraadt@ jung@ | |||
| 2020-04-28 | In virtual alias context, do not try to match catchall entries for | Eric Faurot | |
| usernames, but only for email addresses. fixes an issue where usernames always expand to the @ wildcard if defined in the virtual alias file. discussed with Gilles Chehade ok millert@ | |||
| 2020-04-25 | update filter documentation after protocol change | Eric Faurot | |
| from Gilles Chehade | |||
| 2020-04-25 | point out that the "junk" filter decision adds the X-Spam header | Eric Faurot | |
| from Ryan Kavanagh | |||
| 2020-04-24 | strip trailing CRs at smtp level rather than io level | Eric Faurot | |
| ok millert@ | |||
| 2020-04-23 | ce examples of "Ar arg Ar arg" with "Ar arg arg" and stop the spread; | Jason McIntyre | |
| 2020-04-22 | Check for the dispatcher name in the envelope validation function. | Eric Faurot | |
| Fixes a possible crash and caching issue when manually moving an envelope to the queue with smtpctl discover. ok millert@ | |||
| 2020-04-17 | switch email and result fields in mail-from/rcpt-to event reports | Eric Faurot | |
| and bump protocol version. discussed with jung@, martijn@ and Gilles. ok jung@ | |||
| 2020-04-10 | When failing to validate a peer TLS certificate in the MTA due to the | Bob Beck | |
| desired name of the MX not being present in the certificate, log that this is he reason for the failure and the name we couldn't find in the cert. ok millert@ martijn@ | |||
| 2020-04-08 | bump smtpd version | Eric Faurot | |
| 2020-03-18 | use CRLF line-ending during the SMTP dialog in the local enqueuer | Eric Faurot | |
| ok millert@ | |||
| 2020-03-17 | Exit when m_get_string() returns NULL to prevent nullptr dereference in | tobhe | |
| strlen(). ok millert@ | |||
| 2020-03-16 | Initialize session.rcptto to NULL before parsing command line optinos. | Todd C. Miller | |
| Otherwise, if neither -r nor -u is specified, it will be used uninitialized. Found by tobhe@; OK tobhe@ deraadt@ | |||
| 2020-03-15 | Add missing casts to unsigned char when using ctype(3). | Todd C. Miller | |
| From Hiltjo Posthuma | |||
| 2020-03-08 | Rewrite qp_encoded_write. | Martijn van Duren | |
| Among the fixes are: - Don't count a leading dot, since it's part of smtp and not the message. - Let qp_encoded_write handle line wrappings, since it can do a better job at the bookkeeping than the caller - Make sure a soft linebreak that starts with a dot is escaped for the SMTP-layer - Only encode a space character if it's followed by a hard linebreak, since this is the only case mandated by RFC5321 and it gives a more readable output and saves a few additional bytes. - Fix that we actually limit the encoded linelength to 76 characters as specified in RFC5321. Feedback and OK eric@ | |||
| 2020-02-25 | fsqueue_envelope_dump() returns 0 on temporary failure, not -1. | Todd C. Miller | |
| We should only exit the loop that creates the queue file if we successfully created the file or we've exceeded the max number of tries. From gilles@ based on feedback from Qualys. | |||
| 2020-02-24 | Cast argument of ctype(3) macros to unsigned char, not int. | Todd C. Miller | |
| Similar to a diff from Hiltjo Posthum. OK jung@ deraadt@ | |||
| 2020-02-24 | Bump version to 6.6.4 for errata and to match -portable. | Todd C. Miller | |
| 2020-02-24 | Fix two security vulnerabilities discovered by Qualys. | Todd C. Miller | |
| An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group. | |||
| 2020-02-12 | Standardize argument naming for "sourceaddr" and unify the wording a bit, | Ingo Schwarze | |
| similar to what deraadt@ recently did in other manual pages. | |||
| 2020-02-03 | ORCPT addresses are prefixed with an address type, the stricter check cause | Gilles Chehade | |
| the prefix to be rejected as it contains a character not allowed in address reported by Scott Vanderbilt | |||
| 2020-02-03 | now that mail.local(8) relies on lockspool(1) for mailbox locking, have the | Gilles Chehade | |
| mailbox created by smtpd for mbox before privileges are dropped then we can call mail.local(8) with the recipient privileges. ok millert@ | |||
| 2020-02-02 | add SENDER to mda environment and teach lmtp to use that instead of command | Gilles Chehade | |
| line parameter. this allows simplifying lmtp command line and it would have prevented the unpriv command exec for LMTP in recent advisory. ok millert@ and jung@ | |||
| 2020-02-01 | be much stricter about ORCPT, it isn't in the code path of local delivery | Gilles Chehade | |
| and doesn't have an associated context variable, but let's be paranoid. ok millert@ | |||
| 2020-02-01 | condition to enter mda_mbox() is too strict, if user have commands in their | Gilles Chehade | |
| forward file they're not supposed to enter that code path. | |||
| 2020-01-31 | introduce mda_mbox() to handle mbox delivery in its own code path, and make | Gilles Chehade | |
| it use execle() since we know all parameters and don't need command line to be parsed. ok millert@ and jung@ | |||
| 2020-01-30 | Bump smtpd version after recent changes | solene | |
| ok gilles@ | |||
| 2020-01-28 | Fix a security vulnerability discovered by Qualys which can lead to a | Gilles Chehade | |
| privileges escalation on mbox deliveries and unprivileged code execution on lmtp deliveries, due to a logic issue causing a sanity check to be missed. ok eric@, millert@ | |||
| 2020-01-20 | opportunistic tls downgrade logic is more complex than it should and can in | Gilles Chehade | |
| some cases lead to a sanity check fatal() being hit. rework the logic so it is simpler and makes the sanity check fatal() unreachable. ok eric@ millert@ | |||
| 2020-01-08 | remove literal tab from a column list; | Jason McIntyre | |
| 2020-01-08 | allow using the session username in builtin filters when available | Gilles Chehade | |
| 2020-01-08 | enable builtin filtering for commit phase | Gilles Chehade | |
| 2020-01-08 | emable builtin filtering for phase DATA, no idea why we didn't earlier as | Gilles Chehade | |
| the grammar allowed it and the code was already there. | |||
| 2020-01-08 | reorder reporting events so they are triggered _after_ protocol-server | Gilles Chehade | |
| events. this ensures that both smtp-in and smtp-out receive the events in the same order. | |||
| 2020-01-07 | generate tx-envelope before tx-rcpt like for smtp-in | Gilles Chehade | |
| 2020-01-07 | fix reporting of tx-mail and tx-rcpt for smtp-out | Gilles Chehade | |
| 2020-01-07 | generate link-auth reporting event for outgoing sessions | Gilles Chehade | |
| 2020-01-06 | make it more explicit that filters are unique processes | Gilles Chehade | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |