remove more filter-related cruft

ok gilles@

65535 is a valid port to listen on.
Off-by-one pointed out by and diff from Kris Katterjohn katterjohn AT
gmail, thanks!
chris@ pointed out that more than httpd(8) is effected.
OK gilles@

Remove "listen secure" syntax from smtpd.conf. It's broken since a couple of
months and noone complained.

Users should replace existing "listen secure" directives with two separate
"tls" and "smtps"

Remove "listen secure" syntax from smtpd.conf. It's broken since a couple of
months and noone complained.

Users should replace existing "listen secure" directives with two separate
"tls" and "smtps" listeners. i.e. a line like

listen on $iface tls pki $pki

has to be replaced with

listen on $iface tls pki $pki
listen on $iface smtps pki $pki

Relaying syntax is not affected by this change.

suggested by eric
ok gilles

show more ...

- filters are currently broken, do not allow using them until we're done

fix incoming tls-require regression, introduced with last parse.y cleanup
causing the flag not to be propagated down to the listener

ok eric@

allow negation of authenticated keyword:
accept ! authenticated [...]

ok sunil@, jung@

Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more
modern TAILQ_FOREACH_SAFE().

No intentional functional change.

ok millert@ bluhm@ gilles@

Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ
with more modern TAILQ_FOREACH(). This what symget() was already
doing.

Add paranoia '{}' around body of symget()'s TAILQ_FOREACH(

Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ
with more modern TAILQ_FOREACH(). This what symget() was already
doing.

Add paranoia '{}' around body of symget()'s TAILQ_FOREACH().

No intentional functional change.

ok bluhm@ otto@

show more ...

assign an id to each rule in the ruleset, first step towards an MTA layer
and scheduler simplification

ok eric@

listener configuration cleanup:

- have all listener creation functions take listen_opts as param,
and call config_listener() when done, which adds the listener(s)
to the current config list of l

listener configuration cleanup:

- have all listener creation functions take listen_opts as param,
and call config_listener() when done, which adds the listener(s)
to the current config list of listeners.
- make the fallback chain between interface(), host_v4() host_v6()
and host_dns() obvious when creating an if_listener.
- fix a bug where the specified family was ignored if the listener
is given as a hostname.

ok gilles@ sunil@

show more ...

introduce "authenticated" parameter so rules may apply to authenticated
sessions specifically

ok eric@, sunil@, jung@

allow overriding the subaddressing delimiter with subaddressing-delimiter
keyword, the default is still +

ok eric@, sunil@

when configuring the daemon, assign values to the structure being conf-ed,
not the global structure. this worked by accident.

ok eric@

flag the local socket listener as local.
clarify check for local listeners.

ok gilles@ millert@

do not allow whitespace in macro names, i.e. "this is" = "a variable".
change this in all config parsers in our tree that support macros.
problem reported by sven falempin.

feedback from henning@, s

do not allow whitespace in macro names, i.e. "this is" = "a variable".
change this in all config parsers in our tree that support macros.
problem reported by sven falempin.

feedback from henning@, stsp@, deraadt@
ok florian@ mikeb@

show more ...

Use automatic DH parameters, instead of fixed ones. Also disable DHE by
default since it is computationally expensive and a potential DoS vector.

ok gilles@

the default address family for a listener was set too late and would
override the value provided by the user if any. this commit moves the
initialization earlier to avoid this.

issue reported by and

the default address family for a listener was set too late and would
override the value provided by the user if any. this commit moves the
initialization earlier to avoid this.

issue reported by and fix ok jturner@

show more ...

handle enqueuer socket as a regular listener that can be configured with
"listen on socket". this simplifies a bit of code, removes some special
cases and will allow attaching filters & masking sourc

handle enqueuer socket as a regular listener that can be configured with
"listen on socket". this simplifies a bit of code, removes some special
cases and will allow attaching filters & masking source just as on lo0.

diff from Peter Bisroev <peter@int19h.net>
ok gilles@, jung@

show more ...

remove leftovers of (gone) curve option

ok gilles

Let smtpd start on machines without a FQDN as hostname.

Ok millert@ gilles@ jung@

switch to /usr/local/libexec when looking for -extras and drop loop iterating
paths

this effectively reverts table.c r1.21 which was mainly introduced for a smooth
transition in -current

ok gilles

remove spaces after '!'

no binary change

ok millert

remove CA from pki and no longer allow specifying a CA with 'pki' keyword.
introduce 'ca' keyword to allow specifying a custom CA.
making CA part of pki was a bad idea and several people hit use-case

remove CA from pki and no longer allow specifying a CA with 'pki' keyword.
introduce 'ca' keyword to allow specifying a custom CA.
making CA part of pki was a bad idea and several people hit use-cases that
plain couldn't work.

instead of:
pki foobar.org ca "/etc/mail/CA.pem"

use now:
ca foobar.org certificate "/etc/mail/CA.pem"


ok sunil@, jung@

show more ...

whitespaces

when using senders map to restrict email address a user may use in SMTP
dialogue, if `masquerade' is used as a parameter then rewrite the email
address of the DATA From header to the email address in

when using senders map to restrict email address a user may use in SMTP
dialogue, if `masquerade' is used as a parameter then rewrite the email
address of the DATA From header to the email address in the map.

show more ...