Don't allow embedded nul characters in strings.
Fixes a pfctl crash with an anchor name containing
an embedded nul found with the afl fuzzer.

pfctl parse.y patch from and ok deraadt@

Convert the logic in yyerror(). Instead of creating a temporary
format string, create a temporary message.
OK doug@

Add gcc printf format attributes to yyerror() in parse.y files.
No yyerror() calls needed to be changed.

ok bluhm@

add a "no-dsn" listener option to disable DSN extension.

config parser improvements:

- fail if the same option is specified multiple times on a listener
- prompt for queue encryption key after config parsing, not during.
- add ip addresses to localnames t

config parser improvements:

- fail if the same option is specified multiple times on a listener
- prompt for queue encryption key after config parsing, not during.
- add ip addresses to localnames table
- prepare for filters

show more ...

update filter configuration parsing (not plugged yet)

add missing strlcpy() check in create_filter_chain() that would cause smtpd
to fatal at startup if truncation occured and we had enabled filters

(void) cast a strlcpy() that cannot truncate

add missing strlcpy() checks in create_filter() that would cause smtpd to
fatal at startup if truncation occured and we had enabled filters

add missing strlcpy() check in is_if_in_group() to detect and warn about
the truncation rather than failing the ioctl() call that follows.

add missing strlcpy() check when parsing "backup hostname" in smtpd.conf,
it could lead to smtpd not finding itself in a MX lookup if a hostname is
specified that exceeds the max hostname len.

while

add missing strlcpy() check when parsing "backup hostname" in smtpd.conf,
it could lead to smtpd not finding itself in a MX lookup if a hostname is
specified that exceeds the max hostname len.

while at it, add a missing free()

show more ...

(void) cast strlcpy() calls that cannot truncate

reword error message when a table has an invalid configuration file, it has
confused a few people

ok eric@

pki code cleanup

- rename "struct ssl" and "cert" to "struct pki" and "cert" to "pki_name"
- inherit pki conf on fork instead of passing it through imsg at startup
- implement SNI on smtp listeners

relax the cfg file secrecy check slightly to allow group readability
default permissions and mtree NOT changed.
prodded by benno, ok phessler benno jmatthew theo pelikan florian

bcopy -> memmove
bzero -> memset

bogus ';'

do not hardcode scheduler batch size, and reduce default limit to avoid
hammering effects.

limit the number of envelopes to recall in the hoststat cache.

use u_char for buffers in yylex, for ctype calls, as done in all other
parse.y in the tree
issue found by millert, ok gilles

correctly set verify flag on the listener

Rework the mda and scheduler to use the holdq mechanism instead of
tempfail for limiting the number of pending deliveries to the same
user. This allows to reach optimal delivery time even in case of

Rework the mda and scheduler to use the holdq mechanism instead of
tempfail for limiting the number of pending deliveries to the same
user. This allows to reach optimal delivery time even in case of
burst, while keeping the number of inflight envelopes low.

show more ...

Add a limit on the number of inflight envelopes. The scheduler suspends
scheduling of mta/mda envelopes until the number of inflight envelopes
falls below that line.

Fix case-folding issue with pki names. They are case-insensitive.
Make sure a pki entry exists when used in a listen or relay rule.

Much much improved config parser and related changes.
Simplify code and do not impose an order on conditions and rule options.

Format changes that may require smtpd.conf update for some setups:

- S

Much much improved config parser and related changes.
Simplify code and do not impose an order on conditions and rule options.

Format changes that may require smtpd.conf update for some setups:

- SSL certificates are no longer automatically loaded, but must be
explicitely declared using the "pki" keyword.
- "certificate" option becomes "pki" in listener and accept rules.
- "ssl://" becomes "secure://" in relay via rules.
- "helo" becomes "hostnames" in relay rules

New features:

- accept rules do not need an explicit action, in which case alias table
or .forward must provide one.
- new "forward-only" action to force relaying and reject rcpts that expand
as local delivery.
- "!" (negation) modifier on rule matching conditions.
- new "recipient" rule matching condition.
- new "verify" option on listeners and relay rules to reject invalid
certificates.

Other changes:

- remember the helo name advertised on incoming mail and use it for sending
bounces.
- bump envelope version (existing envelopes are updated on-the-fly).

show more ...

Make the filter infrastructure move forward.
This is a work-in-progress and it's not supposed to be useable for now.