Age | Commit message (Collapse) | Author |
|
since AF_UNSPEC is zero.
|
|
DSN is implicitly enabled when using `listen on sock' but it's not for
the implicit socket, avoid this incoherence by enabling it on the
implicit socket too.
Report and diff by Tassilo Philipp (tphilipp at potion-studios dot com)
ok millert@
|
|
This augments the grammar for tables and filter listing so that a
newline is allowed after a comma. i.e. these now works as expected:
table foo {
"one",
"two"
}
listen on socket filter {
"foo",
"bar"
}
based on a diff from tim@
ok millert@, tim@
|
|
diff from Philipp (philipp+openbsd [at] bureaucracy [dot] de), thanks!
ok sthen@
|
|
mail delivery will not be attempted if a domain advertises a single MX
record with preference 0 and a zero-length label.
based on an initial diff from Philipp (philipp+openbsd [at] bureaucracy
[dot] de), thanks!
ok jung@
|
|
It's easier to see that it's never used un-initialized.
ok tb@
|
|
mostly for -portable; on darwin suseconds_t is an int.
ok tb@
|
|
Since listener->port is in network byte order we need to compare
against htons(587). The fix for this got dropped in the rewrite
in revision 1.335.
|
|
|
|
diff originally by tb@, tweaked to apply after the useless logging
methods removal.
ok tb
|
|
Instead of wrapping all the methods of the RSA and ECDSA ENGINE,
duplicate the default and override only the ones that are actually
needed for the privsep crypto engine.
part of a larger diff that's ok tb@
|
|
Fields which can contain a '|' character are kept last to avoid
ambiguities so move result before username; link-auth was likely forgot
in r1.61 of lka_filter.c when the same treatment was applied to other
events.
Discovered after a report on -portable due to filter-rspamd crashing.
ok millert@
|
|
it's a noop; nowadays both LibreSSL and OpenSSL libcrypto and libssl
initialize themselves automatically before doing anything.
noticed by jsing, ok tb
|
|
per RFC3521 § 4.1.1.9 the NOOP command allows optionally one argument
that SHOULD be ignored. For semplicity, relax it to allow anything after it.
Original diff by Sebastian J. Bronner, GitHub PR 1150, tweaked by me to
add smtp_check_noop().
Gilles agrees, ok millert@
|
|
noticed and ok millert@
|
|
Don't copy in a buffer the filter' output for parsing as we may truncate
filter-dataline (i.e. the mail body). Instead, parse the string by
advancing the pointer without copying or modifications.
Issue reported by Joachim Schneider on the OpenSMTPD-portable
repository.
ok millert@
|
|
logging went away but the no-op callback remained.
noticed by tb@
|
|
ok millert@
|
|
smtpd and the bits it needs in libtls are the only consumer left of
ECDSA_METHOD, which is long deprecated. This paves the way for the
removal in libcrypto.
The diff is from gilles' work on OpenSMTPD-portable, with minor changes
by me.
ok tb@, jsing@
|
|
|
|
|
|
spotted after a report on OpenSMTPD-portable. While here include
sys/time.h in smtpd.h, as noted in event_init(3), since it includes
event.h.
ok millert@
|
|
last PROC_COUNT use was removed with the switch to fork+exec by eric@ in
2016, CA_FILE with the removal of cert.c two years ago.
ok tb@, kn@
|
|
pathname and junk are both optional, but indipendently so.
ok aisha, millert
|
|
errno doesn't generally contains anything useful after libtls functions,
and in most cases it's explicitly cleared to avoid misuse, so change a
few fatal() calls to fatalx() when logging libtls failures. Also, add
the real error string, via tls_error() or tls_config_error(), that was
missing before.
ok millert@
|
|
while here adjust the spacing in some of the touched lines.
requested by deraadt@, ok tb@
|
|
spotted while diffing with -portable, where tz is marked as const.
ok tb@
|
|
ok millert@
|
|
ok millert@
|
|
|
|
according to rfc3461 4.3
OK millert@
|
|
|
|
It is simpler to compute the length based on the start and end
pointers and pass that value to memcpy(), adding an explicit NUL
terminator after copying. OK op@
|
|
It is not legal to use %{mda} in anything but an mda wrapper.
mda_expand_token() will now return an error when %{mda} is used and
mda_command is NULL. OK op@
|
|
ok miod@ millert@
|
|
various *d, *conf, *ctl files (where relevant) and simple;
also makes "man -k routing" more useful;
help from claudio and florian
ok claudio florian millert
|
|
|
|
avoid using inet_pton(3) which doesn't support scoped ipv6 address, and use
getaddrinfo(3) instead of.
ok millert@ florian@ kn@
|
|
any parts of his diff not taken are noted on tech
|
|
If multiple recipients are specified but only one is valid, use the
first entry in the recipient list for the Received: header, not the
value from the last "RCPT TO:" command (which could be invalid).
From Chris Waddey
|
|
Found the hard way by renaud <at> allard <dot> it
OK eric@, gilles@, millert@
|
|
IPv6 addresses have been formatted as "[address]" in envelope files
for years. This was supposed to be removed after the 6.6 release
but got forgotten. Noticed by kn@, OK deraadt@ kn@
|
|
jmc@ dislikes a comma before "then" in a conditional, so leave those
untouched.
ok jmc@
|
|
|
|
This restores the documented behavior that was broken by the fix
for opportunistic TLS. OK semarie@.
|
|
There are bugs in the new libtls signer that can lead to a crash.
OK tb@ jsing@
|
|
ok tb@
|
|
If a relay is not explicitly configured to use TLS but the remote
side supports STARTTLS, we will try to use it. However, in this
case we should not verify the cert or CA (which may be self-signed).
This restores the relay behavior before the switch to libtls was made.
There is no change if the relay is explicitly configured to use TLS.
OK eric@
|
|
... including those inlined into print_dname(). This also fixes
-Wunused-but-set-variable warnings warnings in smtpd and smtpctl.
The code was imported with asr and then copied around.
ok deraadt@ guenther@
|
|
macro-build a replacement for sccsid, and was done without any concern
for namespace damage. Unfortunately this practice started infecting
other code as others were unaware they didn't need the file.
ok millert guenther
|