| #
d8131725 |
| 19-Feb-2024 |
gilles <gilles@openbsd.org> |
no need to be as strict with table formats on various match constraints,
this prevents the reuse of T_HASH tables in T_LIST contexts when the key
column actually makes sense by itself.
diff from Phi
no need to be as strict with table formats on various match constraints,
this prevents the reuse of T_HASH tables in T_LIST contexts when the key
column actually makes sense by itself.
diff from Philipp (philipp+openbsd [at] bureaucracy [dot] de)
show more ...
|
| #
1dd9d999 |
| 03-Feb-2024 |
op <op@openbsd.org> |
leave the command for mbox delivery unset
The mbox delivery is handled apart from the other delivery methods.
Since the mda is already hardcoded in mda_mbox(), there's no need to
fill the command st
leave the command for mbox delivery unset
The mbox delivery is handled apart from the other delivery methods.
Since the mda is already hardcoded in mda_mbox(), there's no need to
fill the command string in parse.y. While here also assess that for
mbox deliveries the command is unset at delivery time too.
based on a diff by gilles
ok gilles@, millert@
show more ...
|
| #
954e2a27 |
| 02-Feb-2024 |
millert <millert@openbsd.org> |
Run lmtp deliveries as the recipient user, not SMTPD_USER (_smtpd).
This is a backout of revision 1.278. Delivery via lmtp is not
limited to running mail.lmtp, it may also be modified by a user's
.f
Run lmtp deliveries as the recipient user, not SMTPD_USER (_smtpd).
This is a backout of revision 1.278. Delivery via lmtp is not
limited to running mail.lmtp, it may also be modified by a user's
.forward file (if any). OK gilles@
show more ...
|
| #
c14a3ab8 |
| 03-Dec-2023 |
op <op@openbsd.org> |
add the `no-dsn' option to `listen on socket' too
ok millert@
|
| #
627ac936 |
| 03-Dec-2023 |
op <op@openbsd.org> |
set the socket family too to mirror the LISTEN case; no-op in practice
since AF_UNSPEC is zero.
|
| #
137da685 |
| 03-Dec-2023 |
op <op@openbsd.org> |
enable DSN (Delivery Status Notification) for the implicit socket too
DSN is implicitly enabled when using `listen on sock' but it's not for
the implicit socket, avoid this incoherence by enabling i
enable DSN (Delivery Status Notification) for the implicit socket too
DSN is implicitly enabled when using `listen on sock' but it's not for
the implicit socket, avoid this incoherence by enabling it on the
implicit socket too.
Report and diff by Tassilo Philipp (tphilipp at potion-studios dot com)
ok millert@
show more ...
|
| #
e9fdf334 |
| 01-Dec-2023 |
op <op@openbsd.org> |
allow tables and filter over multiple lines
This augments the grammar for tables and filter listing so that a
newline is allowed after a comma. i.e. these now works as expected:
table foo {
"on
allow tables and filter over multiple lines
This augments the grammar for tables and filter listing so that a
newline is allowed after a comma. i.e. these now works as expected:
table foo {
"one",
"two"
}
listen on socket filter {
"foo",
"bar"
}
based on a diff from tim@
ok millert@, tim@
show more ...
|
| #
7e71987f |
| 10-May-2023 |
op <op@openbsd.org> |
add a few missing headers, reduces the diff with -portable
ok millert@
|
| #
89818320 |
| 10-Feb-2022 |
millert <millert@openbsd.org> |
Do not verify the cert or CA for a relay using opportunistic TLS.
If a relay is not explicitly configured to use TLS but the remote
side supports STARTTLS, we will try to use it. However, in this
ca
Do not verify the cert or CA for a relay using opportunistic TLS.
If a relay is not explicitly configured to use TLS but the remote
side supports STARTTLS, we will try to use it. However, in this
case we should not verify the cert or CA (which may be self-signed).
This restores the relay behavior before the switch to libtls was made.
There is no change if the relay is explicitly configured to use TLS.
OK eric@
show more ...
|
| #
08f6ba19 |
| 15-Oct-2021 |
naddy <naddy@openbsd.org> |
Don't declare variables as "unsigned char *" that are passed to
functions that take "char *" arguments. Where such chars are
assigned to int or passed to ctype functions, explicitly cast them
to uns
Don't declare variables as "unsigned char *" that are passed to
functions that take "char *" arguments. Where such chars are
assigned to int or passed to ctype functions, explicitly cast them
to unsigned char.
For OpenBSD's clang, -Wpointer-sign has been disabled by default,
but when the parse.y code was built elsewhere, the compiler would
complain.
With help from millert@
ok benno@ deraadt@
show more ...
|
| #
d3140113 |
| 14-Jun-2021 |
eric <eric@openbsd.org> |
add required headers for smtpd.h and remove unnecessary ones in other files.
ok jung@
|
| #
ff01b044 |
| 26-May-2021 |
eric <eric@openbsd.org> |
replaces calls to err(3)/errx(3) with fatal()/fatalx() from log.c
for code that runs in the daemon.
ok florian@ millert@
|
| #
a040621a |
| 09-Apr-2021 |
eric <eric@openbsd.org> |
allow to specify tls ciphers and protocols on listeners
ok tb@
|
| #
32bd51d0 |
| 31-Mar-2021 |
eric <eric@openbsd.org> |
allow to specify tls protocols and ciphers on relay actions
ok espie@ sthen@ tb@
|
| #
eed85469 |
| 05-Mar-2021 |
eric <eric@openbsd.org> |
Start porting smtpd to libtls.
Note that it changes the way SNI works: The certificate to use is now
selected by looking at the names found in the certificates themselves,
rather than the names of t
Start porting smtpd to libtls.
Note that it changes the way SNI works: The certificate to use is now
selected by looking at the names found in the certificates themselves,
rather than the names of the pki entries in the configuration file.
The set of certificates for a tls listener must be defined explicitly by
using the pki listener option multiple times.
ok tb@
show more ...
|
| #
1997d66f |
| 23-Jan-2021 |
rob <rob@openbsd.org> |
Remove unused variables found by clang. Additional unused var spotted by eric@.
OK mvs@, eric@
|
| #
ad380068 |
| 19-Jan-2021 |
claudio <claudio@openbsd.org> |
Do the KAME embedded scope fixup in the two places where getifaddrs() is
used. With this there should be no more embedded scopes left and therefor
in6addr_to_text() can be removed. getnameinfo() will
Do the KAME embedded scope fixup in the two places where getifaddrs() is
used. With this there should be no more embedded scopes left and therefor
in6addr_to_text() can be removed. getnameinfo() will just do the right
thing now.
OK eric@
show more ...
|
| #
1a5b831a |
| 31-Dec-2020 |
martijn <martijn@openbsd.org> |
Rename the pony process to dispatcher and klondike to crypto.
From gilles@
OK millert@ giovanni@
|
| #
99399201 |
| 23-Sep-2020 |
martijn <martijn@openbsd.org> |
Revert agentx support for now, we're too close to release.
requested by deraadt@
|
| #
770825c6 |
| 23-Sep-2020 |
martijn <martijn@openbsd.org> |
Add support for agentx to smtpd.
This is based around NETWORK-SERVICES-MIB from RFC2788 and MTA-MIB from
RFC2789, but does not export the full spec. Hopefully this will expand in
the future.
People
Add support for agentx to smtpd.
This is based around NETWORK-SERVICES-MIB from RFC2788 and MTA-MIB from
RFC2789, but does not export the full spec. Hopefully this will expand in
the future.
People who want to use this against net-snmp (currently the only option
known to me at the time of writing) may want to add -I -mta_sendmail to the
flags, so net-snmp doesn't throw garbage into the mib-2.28 subtree.
show more ...
|
| #
f2bf7361 |
| 16-Sep-2020 |
martijn <martijn@openbsd.org> |
Add the admd keyword. This can be used by filters interested in the
Authentication-Results header.
OK giovanni@
|
| #
d8fe1c91 |
| 01-Jun-2020 |
chrisz <chrisz@openbsd.org> |
Run lmtp deliveries as SMTPD_USER instead of the recipient user.
ok millert@
|
| #
000eaaf0 |
| 24-Feb-2020 |
millert <millert@openbsd.org> |
Cast argument of ctype(3) macros to unsigned char, not int.
Similar to a diff from Hiltjo Posthum. OK jung@ deraadt@
|
| #
68213f7b |
| 03-Feb-2020 |
gilles <gilles@openbsd.org> |
now that mail.local(8) relies on lockspool(1) for mailbox locking, have the
mailbox created by smtpd for mbox before privileges are dropped then we can
call mail.local(8) with the recipient privilege
now that mail.local(8) relies on lockspool(1) for mailbox locking, have the
mailbox created by smtpd for mbox before privileges are dropped then we can
call mail.local(8) with the recipient privileges.
ok millert@
show more ...
|
| #
43304138 |
| 02-Feb-2020 |
gilles <gilles@openbsd.org> |
add SENDER to mda environment and teach lmtp to use that instead of command
line parameter. this allows simplifying lmtp command line and it would have
prevented the unpriv command exec for LMTP in r
add SENDER to mda environment and teach lmtp to use that instead of command
line parameter. this allows simplifying lmtp command line and it would have
prevented the unpriv command exec for LMTP in recent advisory.
ok millert@ and jung@
show more ...
|