| Age | Commit message (Collapse) | Author |
|---|
|
prompted by mail from illya meyer
ok gilles
|
|
(it is, but only for root, which i'll address in separate commit);
ok mp gilles
|
|
|
|
|
|
Reported by renegm on GitHub:
<https://github.com/OpenSMTPD/OpenSMTPD/issues/1257>
ok gilles@
|
|
from philipp plus openbsd at bureaucracy de
- within the "ca" section, refer to "listen on" and "action ... relay",
which is the actual syntax
ok op
|
|
ok op
|
|
table for non-crypt(3) authentication. tables configured with auth that
support K_AUTH are asked to check if a user and passwd are valid rather
than asked to provide the password for a user so smtpd does crypt(3) on
its side. helps with cases like ldap or custom auth.
ok op@
|
|
leave prototypes with functions in OpenSMTPD-extras
ok op@
|
|
ok gilles@
|
|
The error message is not really used, it just gets translated to a
TEMPFAIL, but it allows to have mandatory logging of errors instead
of relying on tables to hopefully log something.
To ease the transition, don't make it mandatory in smtpd(8) yet,
but document it as such.
ok millert@, gilles@
|
|
while here also do a s/fatalx/fatal since getline() sets errno on
failure.
ok millert@, gilles@
|
|
ok gilles@
|
|
point out that it is supposed to wrap around and fix the misleading
example, then highlight that not-found can only be returned by empty
tables.
ok gilles@
|
|
|
|
This adds "config|protocol|0.7" during the filters handshake, like
was done for the tables too, so that the filters can know the version
of the protocol right from the start.
ok gilles@
|
|
|
|
|
|
|
|
|
|
|
|
Using imsg for the "proc" table (external programs) has proven quite
painful in practice since a lot of smtpd internals (structs, enums,
etc..) have to be kept in sync with the various tables implementations.
Instead, a filter-like protocol for tables decouples the implementations
and allows to write and test tables easily.
The new text-based transport protocol is documented in the (added)
smtpd-tables(7) manpage.
The old imsg protocol is no longer supported and existing tables have to
be converted. In particular, users of opensmtpd-extras tables will need
install the new opensmtpd-table-* packages.
With lots of suggestions and improvements from gilles and a tweak
from Philipp (philipp+openbsd [at] bureaucracy [dot] de), thanks!
ok gilles
|
|
|
|
The file parser splits the line on the ':' character too for key-value
tables, and so mis-parses IPv6 addresses. The "::1 localhost" example
in table(5) is actually parsed as key "" and value ":1 localhost".
For list tables, the "# @list" marker can be used as a workaround, but
for key-valued the parser has to be fixed.
There are also some weird edge cases when splitting the lines.
Now the parser always splits on the first whitespace or colon, and then
strips the spaces. For lines starting with '[' the parser will jump to
the matching ']' before attempting to split. So, for example:
[::1]:localhost becomes "[::1]" -> "localhost"
[::1] example.org becomes "[::1]" -> "example.org"
foo: bar becomes "foo" -> "bar"
foo::bar becomes "foo" -> ":bar"
foo : bar becomes "foo" -> ": bar"
etc...
This only affects the parser for file table(5)s and makemap(8). Inline
tables or "proc" tables are unaffected.
ok gilles@
|
|
|
|
ok tb@
|
|
|
|
due to a swapped strlcpy() arguments we don't save the ORCPT argument
after validation. There's no buffer overflow since dsn_orcpt is zeroed.
Spotted by Tassilo Philipp, thanks!
ok millert gilles
|
|
- add a pointer to the section when documenting the `mda' keyword
- rename the section to MDA COMMANDS
- document also what happens when the MDA doesn't exit with status 0
- add the missing environment variables
- sort the variables
- minor other tweaks to the text
with several improvements from jmc, ok jmc
|
|
this adds some initial commentary for how MDAs should behave and
in what environment they are executed.
diff from Philipp (philipp+openbsd [at] bureaucracy [dot] de) with
some tweaks from Richard Toohey and me.
ok gilles@
|
|
mostly for compatibility with postfix since some mdas (like
public-inbox) make use of it.
diff from Philipp (philipp+openbsd [at] bureaucracy [dot] de)
ok gilles@
|
|
|
|
this prevents the reuse of T_HASH tables in T_LIST contexts when the key
column actually makes sense by itself.
diff from Philipp (philipp+openbsd [at] bureaucracy [dot] de)
|
|
These are supposed to parse the same file format but have subtle
difference in the handling of comments, continuation lines and escaping.
Converge both to the simpler smtpd parser which doesn't handle
continuation lines nor escaping, and support comments only at the start
of the line.
improvements and ok millert@
|
|
|
|
The mbox delivery is handled apart from the other delivery methods.
Since the mda is already hardcoded in mda_mbox(), there's no need to
fill the command string in parse.y. While here also assess that for
mbox deliveries the command is unset at delivery time too.
based on a diff by gilles
ok gilles@, millert@
|
|
dispatcher, no .forward file except that of the alternate delivery user
is processed.
ok gilles@, millert@
|
|
any recipient .forward file except that of the alternate delivery user.
ok millert@
|
|
in a .forward file so disallow custom commands and file reading, only allow
setting forward addresses and users.
as root is no longer allowed to run any MDA but mbox, we can be stricter on
the setup of the MDA process and refuse to exec anything that's not an mbox
dispatcher.
tested by op@ who edited a root envelope to simulate an exploit injecting a
custom command in a root envelope, smtpd refused to exec.
ok millert@ and op@
|
|
This is a backout of revision 1.278. Delivery via lmtp is not
limited to running mail.lmtp, it may also be modified by a user's
.forward file (if any). OK gilles@
|
|
RFC5322 allows for escapes using \ inside quotes. Otherwise, headers
such as
From: "\"Doe, John\"" <op>
get mangled as "\"Doe@localhost, John\" <op> since \ would be treated as
ordinary character and not the escape for the quote.
Bug reported by TobiasEgg on the OpenSMTPD-portable github repository.
ok millert@
|
|
Most of the conversion is simple there is just log_imsg() that can
no longer display the fd since imsg_get_fd() can only be called once.
OK op@
|
|
Rework parse_sockaddr() to not reach inet_pton() with a brace-wrapped
IPv6 address.
Issue reported by Kirill Miazine.
ok millert@
|
|
ss_to_text() already wraps ipv6 addresses in braces, so no need to do it
again and no need to do that for IPv4 addresses too.
ok millert@
|
|
We expected the ORCPT parameter to be a valid rfc822 address. This is
wrong on multiple levels:
- any other IANA-registered "addr-type" can be used
- the parameter may be encoded and we didn't decode it prior validation
- RFC3461 explicitly states that "[..] the address associated with the
ORCPT keyword is NOT constrained to conform to the syntax rules for
that 'addr-type'".
Instead, just validate the xtext and preserve the ORCPT value as-is.
Issue originally reported by Tim Kuijsten, Tassilo Philipp and others.
ok millert@
|
|
There are two different parser for table(5)s with different edge cases.
Adjust the documentation to what the strictier of the two (smtpd
internal parser) accepts, even if makemap(8) allows for more.
In particular, adjust the description for the comments (that cannot be
'anywhere in the file'), document the special comment @list and mention
that splitting is done on the colon character too.
ok and many improvements from jmc@
|
|
|
|
If the first header starts with a space but still contains a colon
character, it is added to the body mail effectively appending it to the
Received header due to the folding rules.
Issue reported by Crystal Kolipe
ok millert@, giovanni@
|
|
ok millert@
|
|
since AF_UNSPEC is zero.
|
