#
41eef22f |
| 20-Nov-2014 |
jsg <jsg@openbsd.org> |
Don't allow embedded nul characters in strings. Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
|
#
e78bcbdd |
| 16-Nov-2014 |
bluhm <bluhm@openbsd.org> |
Convert the logic in yyerror(). Instead of creating a temporary format string, create a temporary message. OK doug@
|
#
0f79392c |
| 14-Nov-2014 |
doug <doug@openbsd.org> |
Add gcc printf format attributes to yyerror() in parse.y files. No yyerror() calls needed to be changed.
ok bluhm@
|
#
ad286364 |
| 09-Jul-2014 |
eric <eric@openbsd.org> |
add a "no-dsn" listener option to disable DSN extension.
|
#
bf397b35 |
| 09-Jul-2014 |
eric <eric@openbsd.org> |
config parser improvements:
- fail if the same option is specified multiple times on a listener - prompt for queue encryption key after config parsing, not during. - add ip addresses to localnames t
config parser improvements:
- fail if the same option is specified multiple times on a listener - prompt for queue encryption key after config parsing, not during. - add ip addresses to localnames table - prepare for filters
show more ...
|
#
4a858bf2 |
| 08-Jul-2014 |
eric <eric@openbsd.org> |
update filter configuration parsing (not plugged yet)
|
#
325d28ef |
| 19-Apr-2014 |
gilles <gilles@openbsd.org> |
add missing strlcpy() check in create_filter_chain() that would cause smtpd to fatal at startup if truncation occured and we had enabled filters
(void) cast a strlcpy() that cannot truncate
|
#
a3468cca |
| 19-Apr-2014 |
gilles <gilles@openbsd.org> |
add missing strlcpy() checks in create_filter() that would cause smtpd to fatal at startup if truncation occured and we had enabled filters
|
#
6d177801 |
| 19-Apr-2014 |
gilles <gilles@openbsd.org> |
add missing strlcpy() check in is_if_in_group() to detect and warn about the truncation rather than failing the ioctl() call that follows.
|
#
523ccb3a |
| 19-Apr-2014 |
gilles <gilles@openbsd.org> |
add missing strlcpy() check when parsing "backup hostname" in smtpd.conf, it could lead to smtpd not finding itself in a MX lookup if a hostname is specified that exceeds the max hostname len.
while
add missing strlcpy() check when parsing "backup hostname" in smtpd.conf, it could lead to smtpd not finding itself in a MX lookup if a hostname is specified that exceeds the max hostname len.
while at it, add a missing free()
show more ...
|
#
7c7bcfab |
| 19-Apr-2014 |
gilles <gilles@openbsd.org> |
(void) cast strlcpy() calls that cannot truncate
|
#
cb1bbb86 |
| 25-Mar-2014 |
gilles <gilles@openbsd.org> |
reword error message when a table has an invalid configuration file, it has confused a few people
ok eric@
|
#
1c3ac238 |
| 04-Feb-2014 |
eric <eric@openbsd.org> |
pki code cleanup
- rename "struct ssl" and "cert" to "struct pki" and "cert" to "pki_name" - inherit pki conf on fork instead of passing it through imsg at startup - implement SNI on smtp listeners
|
#
7140c133 |
| 22-Jan-2014 |
henning <henning@openbsd.org> |
relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
|
#
c1392a69 |
| 26-Dec-2013 |
eric <eric@openbsd.org> |
bcopy -> memmove bzero -> memset
|
#
59a7be59 |
| 05-Dec-2013 |
eric <eric@openbsd.org> |
bogus ';'
|
#
5eb26528 |
| 30-Nov-2013 |
eric <eric@openbsd.org> |
do not hardcode scheduler batch size, and reduce default limit to avoid hammering effects.
|
#
fde6b8cd |
| 28-Nov-2013 |
eric <eric@openbsd.org> |
limit the number of envelopes to recall in the hoststat cache.
|
#
15eede4f |
| 25-Nov-2013 |
deraadt <deraadt@openbsd.org> |
use u_char for buffers in yylex, for ctype calls, as done in all other parse.y in the tree issue found by millert, ok gilles
|
#
78d5f296 |
| 21-Nov-2013 |
eric <eric@openbsd.org> |
correctly set verify flag on the listener
|
#
7eed50e8 |
| 20-Nov-2013 |
eric <eric@openbsd.org> |
Rework the mda and scheduler to use the holdq mechanism instead of tempfail for limiting the number of pending deliveries to the same user. This allows to reach optimal delivery time even in case of
Rework the mda and scheduler to use the holdq mechanism instead of tempfail for limiting the number of pending deliveries to the same user. This allows to reach optimal delivery time even in case of burst, while keeping the number of inflight envelopes low.
show more ...
|
#
a56bd6de |
| 19-Nov-2013 |
eric <eric@openbsd.org> |
Add a limit on the number of inflight envelopes. The scheduler suspends scheduling of mta/mda envelopes until the number of inflight envelopes falls below that line.
|
#
de342239 |
| 13-Nov-2013 |
eric <eric@openbsd.org> |
Fix case-folding issue with pki names. They are case-insensitive. Make sure a pki entry exists when used in a listen or relay rule.
|
#
cc81b7c6 |
| 06-Nov-2013 |
eric <eric@openbsd.org> |
Much much improved config parser and related changes. Simplify code and do not impose an order on conditions and rule options.
Format changes that may require smtpd.conf update for some setups:
- S
Much much improved config parser and related changes. Simplify code and do not impose an order on conditions and rule options.
Format changes that may require smtpd.conf update for some setups:
- SSL certificates are no longer automatically loaded, but must be explicitely declared using the "pki" keyword. - "certificate" option becomes "pki" in listener and accept rules. - "ssl://" becomes "secure://" in relay via rules. - "helo" becomes "hostnames" in relay rules
New features:
- accept rules do not need an explicit action, in which case alias table or .forward must provide one. - new "forward-only" action to force relaying and reject rcpts that expand as local delivery. - "!" (negation) modifier on rule matching conditions. - new "recipient" rule matching condition. - new "verify" option on listeners and relay rules to reject invalid certificates.
Other changes:
- remember the helo name advertised on incoming mail and use it for sending bounces. - bump envelope version (existing envelopes are updated on-the-fly).
show more ...
|
#
6191ddca |
| 27-Oct-2013 |
eric <eric@openbsd.org> |
Make the filter infrastructure move forward. This is a work-in-progress and it's not supposed to be useable for now.
|