#
a28b0a1d |
| 15-Sep-2012 |
eric <eric@openbsd.org> |
When enqueueing from the local socket, the input address is faked as "::1". This is confusing and even broken, as systems running with ipv6 disabled on lo0 will not be able to enqueue mails using the
When enqueueing from the local socket, the input address is faked as "::1". This is confusing and even broken, as systems running with ipv6 disabled on lo0 will not be able to enqueue mails using the local socket.
So instead, use AF_LOCAL and print it as "local" in envelopes/maps. Add it to the "localhost" and "all" maps accordingly, and fix the ruleset matching.
ok gilles@ chl@
show more ...
|
#
d5d1789d |
| 08-Sep-2012 |
chl <chl@openbsd.org> |
remove unused header
ok gilles@
|
#
fb3e4771 |
| 01-Sep-2012 |
gilles <gilles@openbsd.org> |
- remove crypto_backend - remove support for encrypted queue, it will be reintroduced later after pouring more thinking into it
if you had it enabled, flush your queue before updating
|
#
491ec059 |
| 30-Aug-2012 |
gilles <gilles@openbsd.org> |
- import latest aldap.[ch] and ber.[ch] from ypldap - revive map_ldap.c by updating it to the current API
diff by Mathieu Masson who played puzzle with an oooold changeset of mine, this import is to
- import latest aldap.[ch] and ber.[ch] from ypldap - revive map_ldap.c by updating it to the current API
diff by Mathieu Masson who played puzzle with an oooold changeset of mine, this import is to let us work on it in tree, it won't work as is.
idea ok eric@ and chl@
show more ...
|
#
bc9fb152 |
| 29-Aug-2012 |
naddy <naddy@openbsd.org> |
switch the default queue encryption to AES-128 I'm committing this on behalf of gilles@
|
#
e1829a2f |
| 29-Aug-2012 |
gilles <gilles@openbsd.org> |
Introduce the crypto_backend API and provide support for... encrypted queue using the new API. By default, OpenSMTPD does not provide queue encryption, but it can be enabled with "queue encryption [a
Introduce the crypto_backend API and provide support for... encrypted queue using the new API. By default, OpenSMTPD does not provide queue encryption, but it can be enabled with "queue encryption [args]" and will transparently encrypt/decrypt envelopes/messages as they hit the queue.
By default, it will use Blowfish in CBC mode with a different random IV for each envelope and message. User provided key is expanded using sha256 but a different cipher and digest may be specified in smtpd.conf
Queue encryption is compatible with compression and if both options are set it will do them in correct order and transparently.
tested by chl@, a few users and myself ok chl@ and I
show more ...
|
#
858abddc |
| 26-Aug-2012 |
gilles <gilles@openbsd.org> |
- use the same compression algorithm, gzip, for message file and envelopes - rename compress_zlib.c to compress_gzip.c
with this commit it is possible to inspect a compressed queue with gzcat :)
|
#
0e8cc8ec |
| 25-Aug-2012 |
chl <chl@openbsd.org> |
Add compress_backend, allowing compression of messages and envelopes in the queue. To use it, just add "queue compress" in smtpd.conf. For now, only zlib is used.
lots of feedback from eric@ and gil
Add compress_backend, allowing compression of messages and envelopes in the queue. To use it, just add "queue compress" in smtpd.conf. For now, only zlib is used.
lots of feedback from eric@ and gilles@
ok eric@ gilles@
show more ...
|
#
a2389673 |
| 21-Aug-2012 |
eric <eric@openbsd.org> |
Allow smtpd to work as a backup MX, relaying only to MXs with higher priority in the DNS record. For example:
accept for domain "foo.org" relay backup "mx3.foo.org"
will relay mails for "foo.org
Allow smtpd to work as a backup MX, relaying only to MXs with higher priority in the DNS record. For example:
accept for domain "foo.org" relay backup "mx3.foo.org"
will relay mails for "foo.org" using only hosts with higher priority (i.e. lower value) than "mx3.foo.org", which is supposed to be the current server.
If the specified backup MX is not found in the DNS record, relaying works as normal.
ok gilles@
show more ...
|
#
d2241734 |
| 19-Aug-2012 |
chl <chl@openbsd.org> |
coding style: replace all occurences of u_int* with uint*
ok eric@
|
#
b286edf3 |
| 08-Jul-2012 |
gilles <gilles@openbsd.org> |
- plug text_to_relayhost() in parse.y to support relay URLs. - document the new URL syntax in smtpd.conf.5 - replace starttls:// schema with tls://
Beware, "relay via" rules should now be expressed
- plug text_to_relayhost() in parse.y to support relay URLs. - document the new URL syntax in smtpd.conf.5 - replace starttls:// schema with tls://
Beware, "relay via" rules should now be expressed with a relay URL:
accept [...] relay via "mx1.example.org" smtps port 465 becomes accept [...] relay via "smtps://mx1.example.org"
This will allow using mappings of relays with different protocols and options.
Make sure to update your smtpd.conf if you relay via !
ok eric, ok chl
show more ...
|
#
a099aaf3 |
| 13-May-2012 |
gilles <gilles@openbsd.org> |
- cleanup parse.y by removing lots of code that should not have been there, but in ruleset.c and util.c instead.
- introduce the new map_compare() map API call to allow iterating over keys and c
- cleanup parse.y by removing lots of code that should not have been there, but in ruleset.c and util.c instead.
- introduce the new map_compare() map API call to allow iterating over keys and comparing them with provided key using provided function. this allows checking a partial key in a key set, very useful for comparing an address to a set of netmask.
- introduce new map kind K_NETADDR - implement K_NETADDR for map_db and map_stdio - teach ruleset checking how to use the map_compare() with K_NETADDR
we can now do the following:
map "srcaddr" source plain "/etc/mail/srcaddr.txt"
accept from map srcaddr for domain "openbsd.org" [...]
show more ...
|
#
73b37b80 |
| 12-May-2012 |
gilles <gilles@openbsd.org> |
- remove unused sources S_EXT, S_DYN and S_EXT from enum map_src - continue simplification of parse.y - remove "for network", if we ever need it we can reimport, probably no one knows of that undoc
- remove unused sources S_EXT, S_DYN and S_EXT from enum map_src - continue simplification of parse.y - remove "for network", if we ever need it we can reimport, probably no one knows of that undocumented strange feature ;-) - change syntax for virtual domains configuration:
accept for virtual vmap [...] <- wrong accept for virtual map vmap [...] <- right
the reason for this change is that we will soon implement relay rules through maps and that keeping that syntax would make it inconsistent with the other rules.
- update man pages for makemap and smtpd.conf to reflect changes
ok eric@, looks ok chl@
show more ...
|
#
dc7c3a33 |
| 12-May-2012 |
gilles <gilles@openbsd.org> |
- simplify a bit maps by removing fields which are still unused years after the initial ambitious implementation: byebye map type & map flags
- simplify a bit parse.y by removing assignations to t
- simplify a bit maps by removing fields which are still unused years after the initial ambitious implementation: byebye map type & map flags
- simplify a bit parse.y by removing assignations to these otherwise unused fields
- remove the DNS map source, it may be a good idea, but we can just add it when we plan to implement it (if we do)
- make the { } options in map declaration, it's been annoying me for a long time now, this allows the following to work:
map "foobar" source plain "/etc/mail/foobar"
- update smtpd.conf.5 accordingly ;-)
show more ...
|
#
75cb8543 |
| 16-Apr-2012 |
chl <chl@openbsd.org> |
add missing header needed by str* and mem* functions
ok gilles@
|
#
a224a58c |
| 13-Dec-2011 |
gilles <gilles@openbsd.org> |
- introduce delivery backend API (delivery.c) - move each delivery method to it's own delivery backend - simplify smtpd.c accordingly - rename A_EXT -> A_MDA since that's what we really do
ok eric@
|
#
89771262 |
| 08-Dec-2011 |
todd <todd@openbsd.org> |
check for NULL ->ifa_addr, found the hard way by yours truly on his phone ok chl@ & gilles@
|
#
c50073ca |
| 27-Oct-2011 |
chl <chl@openbsd.org> |
Use PRI{x,d}64 in format strings instead of %llx, %lld or %qd to print {u_,}int64_t or time_t
While there, cast some time_t to int64_t
These will fix build warnings for portable smptd
ok gilles@ e
Use PRI{x,d}64 in format strings instead of %llx, %lld or %qd to print {u_,}int64_t or time_t
While there, cast some time_t to int64_t
These will fix build warnings for portable smptd
ok gilles@ eric@
show more ...
|
#
f32af914 |
| 23-Oct-2011 |
eric <eric@openbsd.org> |
a few important fixes:
- use correct endianness when dumping/loading port - use the right flag set when dumping/loading flags - keep and use the authmap name when needed, rather than an id that mi
a few important fixes:
- use correct endianness when dumping/loading port - use the right flag set when dumping/loading flags - keep and use the authmap name when needed, rather than an id that might change when smtpd is restarted - dump/load the authmap name with the envelope - remove the rule struct from rq_batch as only the relay info is useful
ok gilles@
show more ...
|
#
b92a8e4f |
| 01-Sep-2011 |
chl <chl@openbsd.org> |
add missing header needed by bsearch()
ok gilles@
|
#
57048e8b |
| 01-Sep-2011 |
chl <chl@openbsd.org> |
- if no filter is setup, do not overwrite the data line with filtmsg buffer - remove annoying debug lines - disable back filters at smtpd.conf level
committing on behalf of gilles@
|
#
b55cb1ae |
| 31-Aug-2011 |
gilles <gilles@openbsd.org> |
add support for per-line DATA callbacks, this allows filters to take their decisions *while* the message is being received by the client.
|
#
05c06c9e |
| 27-Aug-2011 |
gilles <gilles@openbsd.org> |
initial support for a session-time filtering API
currently only HELO/EHLO, MAIL, RCPT are supported, however ... I have voluntarily disabled filters at smtpd.conf level so people don't play with it
initial support for a session-time filtering API
currently only HELO/EHLO, MAIL, RCPT are supported, however ... I have voluntarily disabled filters at smtpd.conf level so people don't play with it until the API has stabilized a bit
discussed with several people in private, no one opposed the feature
show more ...
|
#
3439d476 |
| 09-Jun-2011 |
gilles <gilles@openbsd.org> |
'relay as' and 'relay via as' rules allow smtpd to rewrite the user part, the domain part or the entire address of the sender at the SMTP sesssion level. this is not masquerade but allows smtpd to co
'relay as' and 'relay via as' rules allow smtpd to rewrite the user part, the domain part or the entire address of the sender at the SMTP sesssion level. this is not masquerade but allows smtpd to communicate with hosts that do a check of SMTP sender fqdn.
sent to tech@, a couple 'no regression' feedbacks
show more ...
|
#
6f09a7b0 |
| 22-May-2011 |
gilles <gilles@openbsd.org> |
teach smtpd how to listen on an interface group so that we can do: listen on egress listen on wlan
idea unvoluntarily suggested by Mikolaj Kucharski a few weeks ago, unslacked after theo suggested
teach smtpd how to listen on an interface group so that we can do: listen on egress listen on wlan
idea unvoluntarily suggested by Mikolaj Kucharski a few weeks ago, unslacked after theo suggested it again.
show more ...
|