summaryrefslogtreecommitdiff
path: root/usr.sbin/smtpd
AgeCommit message (Collapse)Author
2023-12-03set the socket family too to mirror the LISTEN case; no-op in practiceOmar Polo
since AF_UNSPEC is zero.
2023-12-03enable DSN (Delivery Status Notification) for the implicit socket tooOmar Polo
DSN is implicitly enabled when using `listen on sock' but it's not for the implicit socket, avoid this incoherence by enabling it on the implicit socket too. Report and diff by Tassilo Philipp (tphilipp at potion-studios dot com) ok millert@
2023-12-01allow tables and filter over multiple linesOmar Polo
This augments the grammar for tables and filter listing so that a newline is allowed after a comma. i.e. these now works as expected: table foo { "one", "two" } listen on socket filter { "foo", "bar" } based on a diff from tim@ ok millert@, tim@
2023-11-16consider an MX of "localhost" as it were a "Null MX"Omar Polo
diff from Philipp (philipp+openbsd [at] bureaucracy [dot] de), thanks! ok sthen@
2023-11-08RFC 7505 ("Null MX") handlingOmar Polo
mail delivery will not be attempted if a domain advertises a single MX record with preference 0 and a zero-length label. based on an initial diff from Philipp (philipp+openbsd [at] bureaucracy [dot] de), thanks! ok jung@
2023-11-03initialize `format' earlierOmar Polo
It's easier to see that it's never used un-initialized. ok tb@
2023-11-03cast tv_usec to long for *printfOmar Polo
mostly for -portable; on darwin suseconds_t is an int. ok tb@
2023-10-09Add Message-Id as needed for messages received on the submission port.Todd C. Miller
Since listener->port is in network byte order we need to compare against htons(587). The fix for this got dropped in the rewrite in revision 1.335.
2023-09-29bump version to 7.4.0Omar Polo
2023-07-11drop engine supportOmar Polo
diff originally by tb@, tweaked to apply after the useless logging methods removal. ok tb
2023-07-11remove the useless logging methodsOmar Polo
Instead of wrapping all the methods of the RSA and ECDSA ENGINE, duplicate the default and override only the ones that are actually needed for the privsep crypto engine. part of a larger diff that's ok tb@
2023-07-07swap link-auth filter argumentsOmar Polo
Fields which can contain a '|' character are kept last to avoid ambiguities so move result before username; link-auth was likely forgot in r1.61 of lka_filter.c when the same treatment was applied to other events. Discovered after a report on -portable due to filter-rspamd crashing. ok millert@
2023-06-25remove ssl_init()Omar Polo
it's a noop; nowadays both LibreSSL and OpenSSL libcrypto and libssl initialize themselves automatically before doing anything. noticed by jsing, ok tb
2023-06-23smtpd: allow arguments on NOOPOmar Polo
per RFC3521 § 4.1.1.9 the NOOP command allows optionally one argument that SHOULD be ignored. For semplicity, relax it to allow anything after it. Original diff by Sebastian J. Bronner, GitHub PR 1150, tweaked by me to add smtp_check_noop(). Gilles agrees, ok millert@
2023-06-21clear errno before strtoull as it may already be set to ERANGEOmar Polo
noticed and ok millert@
2023-06-21avoid truncation of filtered data linesOmar Polo
Don't copy in a buffer the filter' output for parsing as we may truncate filter-dataline (i.e. the mail body). Instead, parse the string by advancing the pointer without copying or modifications. Issue reported by Joachim Schneider on the OpenSMTPD-portable repository. ok millert@
2023-06-18remove ca_verify_cb(). was initially used for debugging, then theOmar Polo
logging went away but the no-op callback remained. noticed by tb@
2023-06-18sync imsg_to_str() with the list of imsg types in smtpd.hOmar Polo
ok millert@
2023-06-18smtpd: switch ECDSA_METHOD usage to EC_KEY_METHODOmar Polo
smtpd and the bits it needs in libtls are the only consumer left of ECDSA_METHOD, which is long deprecated. This paves the way for the removal in libcrypto. The diff is from gilles' work on OpenSMTPD-portable, with minor changes by me. ok tb@, jsing@
2023-06-17bump version to 7.3.0Omar Polo
2023-06-11fix typo: 'hash buffer to small' -> too smallOmar Polo
2023-05-31add missing include of time.hOmar Polo
spotted after a report on OpenSMTPD-portable. While here include sys/time.h in smtpd.h, as noted in event_init(3), since it includes event.h. ok millert@
2023-05-25remove two unused definesOmar Polo
last PROC_COUNT use was removed with the switch to fork+exec by eric@ in 2016, CA_FILE with the removal of cert.c two years ago. ok tb@, kn@
2023-05-19fix markup for `maildir' in smtpd.conf(5)Omar Polo
pathname and junk are both optional, but indipendently so. ok aisha, millert
2023-05-16some fatal -> fatalx to improved loggingOmar Polo
errno doesn't generally contains anything useful after libtls functions, and in most cases it's explicitly cleared to avoid misuse, so change a few fatal() calls to fatalx() when logging libtls failures. Also, add the real error string, via tls_error() or tls_config_error(), that was missing before. ok millert@
2023-05-15cast to '(long long)' instead of '(long long int)'Omar Polo
while here adjust the spacing in some of the touched lines. requested by deraadt@, ok tb@
2023-05-10constify day, month and tzOmar Polo
spotted while diffing with -portable, where tz is marked as const. ok tb@
2023-05-10cast time_t to long long for printf, reduces the diff with -portableOmar Polo
ok millert@
2023-05-10add a few missing headers, reduces the diff with -portableOmar Polo
ok millert@
2023-05-10remove trailing whitespaceOmar Polo
2023-05-04Be more economical with returning bodys in bounce messagesChristopher Zimmermann
according to rfc3461 4.3 OK millert@
2023-03-26Another missing #include <openssl/err.h>Theo Buehler
2023-03-19mda_expand_format: simplify token name extraction for %{name}Todd C. Miller
It is simpler to compute the length based on the start and end pointers and pass that value to memcpy(), adding an explicit NUL terminator after copying. OK op@
2023-03-19Fix a potential NULL dereference in the unpriv child expanding %{mda}.Todd C. Miller
It is not legal to use %{mda} in anything but an mda wrapper. mda_expand_token() will now return an error when %{mda} is used and mda_command is NULL. OK op@
2023-03-08Delete obsolete /* ARGSUSED */ lint comments.Philip Guenther
ok miod@ millert@
2023-03-02improve the Nd lines such that the format is consistent for theJason McIntyre
various *d, *conf, *ctl files (where relevant) and simple; also makes "man -k routing" more useful; help from claudio and florian ok claudio florian millert
2023-02-08usr.sbin: missing void to appease clang 15's -Wstrict-prototype.Theo Buehler
2023-02-06smtpd(8) could abort due to a connection from a local, scoped ipv6 address.Sebastien Marie
avoid using inet_pton(3) which doesn't support scoped ipv6 address, and use getaddrinfo(3) instead of. ok millert@ florian@ kn@
2022-12-28spelling fixes; from paul tagliamonteJason McIntyre
any parts of his diff not taken are noted on tech
2022-10-20Display the correct recipient in a Received: header with one recipient.Todd C. Miller
If multiple recipients are specified but only one is valid, use the first entry in the recipient list for the Received: header, not the value from the last "RCPT TO:" command (which could be invalid). From Chris Waddey
2022-09-26Fix a use after free in case mta_tls_init fails.Martijn van Duren
Found the hard way by renaud <at> allard <dot> it OK eric@, gilles@, millert@
2022-09-24ascii_load_sockaddr: Remove old IPv6 address parsing for envelope files.Todd C. Miller
IPv6 addresses have been formatted as "[address]" in envelope files for years. This was supposed to be removed after the 6.6 release but got forgotten. Noticed by kn@, OK deraadt@ kn@
2022-03-31man pages: add missing commas between subordinate and main clausesChristian Weisgerber
jmc@ dislikes a comma before "then" in a conditional, so leave those untouched. ok jmc@
2022-02-25Whitespace.Rob Pierce
2022-02-18Enable TLS verify by default for outbound "smtps://" and "smtp+tls://".Todd C. Miller
This restores the documented behavior that was broken by the fix for opportunistic TLS. OK semarie@.
2022-02-18Revert changes to use the new libtls signer apiTodd C. Miller
There are bugs in the new libtls signer that can lead to a crash. OK tb@ jsing@
2022-02-12use new libtls signer apiEric Faurot
ok tb@
2022-02-10Do not verify the cert or CA for a relay using opportunistic TLS.Todd C. Miller
If a relay is not explicitly configured to use TLS but the remote side supports STARTTLS, we will try to use it. However, in this case we should not verify the cert or CA (which may be self-signed). This restores the relay behavior before the switch to libtls was made. There is no change if the relay is explicitly configured to use TLS. OK eric@
2022-01-20remove unused variable from all copies of _asr_strdname()Christian Weisgerber
... including those inlined into print_dname(). This also fixes -Wunused-but-set-variable warnings warnings in smtpd and smtpctl. The code was imported with asr and then copied around. ok deraadt@ guenther@
2021-12-13including sys/cdefs.h manually started as a result of netbsd trying toTheo de Raadt
macro-build a replacement for sccsid, and was done without any concern for namespace damage. Unfortunately this practice started infecting other code as others were unaware they didn't need the file. ok millert guenther