#
d579b21a |
| 06-Dec-2009 |
jacekm <jacekm@openbsd.org> |
fix previous
|
#
7ba3f6ff |
| 05-Dec-2009 |
chl <chl@openbsd.org> |
fix interface tagging listeners in the ipv6 case
while there factor some common code (from jacekm input)
ok jacekm@
|
#
c6f2f3e6 |
| 12-Nov-2009 |
jacekm <jacekm@openbsd.org> |
Fix a memleak in parse_config(). Correct return code in few error paths. Fix two memleaks in purge_config().
First problem spotted by parfait, the other ones - by myself.
"looks good" gilles@
|
#
f1d60823 |
| 05-Nov-2009 |
gilles <gilles@openbsd.org> |
some structures reference the maps they use by their id, if we allow 0 as a valid map id, then we have no way to know for these structures if they have a reference to a map, or if the member was not
some structures reference the maps they use by their id, if we allow 0 as a valid map id, then we have no way to know for these structures if they have a reference to a map, or if the member was not set. make map id start at 1.
show more ...
|
#
9cb67f70 |
| 03-Nov-2009 |
gilles <gilles@openbsd.org> |
teach makemap how to build a set, which is a map containing only keys. smtpd is now capable of looking primary domains at runtime in a set, which means that the following becomes possible:
map "pri
teach makemap how to build a set, which is a map containing only keys. smtpd is now capable of looking primary domains at runtime in a set, which means that the following becomes possible:
map "primary" { source db "/etc/mail/primary.db" } accept for domain map "primary" deliver to mbox
while at it fix a couple bugs in the aliases resolution path which caused recipients to bounce if a ruleset did not have an "accept for local" rule
"diff reads good" jacekm@, flush queue & make clean
show more ...
|
#
42606448 |
| 03-Nov-2009 |
gilles <gilles@openbsd.org> |
this commit removes the hardcoded special "aliases" map and brings support for multiple aliases maps that can be attached at the rule level. with it, you can for example define different aliases maps
this commit removes the hardcoded special "aliases" map and brings support for multiple aliases maps that can be attached at the rule level. with it, you can for example define different aliases maps for different domains or different aliases maps for the same domain depending on the client source:
map "localiases" { source db "/etc/mail/localiases.db" } map "netaliases" { source db "/etc/mail/netaliases.db" }
accept from 192.168.0.0/16 for local alias "localiases" deliver to mbox accept from all for local alias "netaliases" deliver to mbox
idea discussed with jacekm@ and various other hackers, diff contains some bug fixes too which were not part of the original diff. man page follows very shortly ... make clean & flush queue !
show more ...
|
#
9210f0ea |
| 19-Oct-2009 |
gilles <gilles@openbsd.org> |
change virtual rule so that it reads: accept for virtual "mapname", instead of: accept for virtual map "mapname" ...
discussed with jacekm@
|
#
0d084127 |
| 19-Oct-2009 |
gilles <gilles@openbsd.org> |
currently, smtpd is capable of having multiple listeners with different options but they will all share the same ruleset. this means that there is no way to have a rule apply to a session established
currently, smtpd is capable of having multiple listeners with different options but they will all share the same ruleset. this means that there is no way to have a rule apply to a session established on one listener but not applied on another.
this commit brings initial support for tagging listeners and having the rules able to match these specific listeners. The following will define a rule which will only apply to interfaces tagged as "mynet":
listen on lo0 # implicit lo0 tag listen on fxp0 tag mynet listen on fxp1 tag mynet
accept on mynet for domain "example.org" deliver to mbox
show more ...
|
#
49ee354d |
| 19-Oct-2009 |
gilles <gilles@openbsd.org> |
users within virtual domains do not necessarily map to a real user account, teach smtpd how to deliver using specific user permissions:
accept for virtual map "foo" deliver to maildir "/m/%d/%u" us
users within virtual domains do not necessarily map to a real user account, teach smtpd how to deliver using specific user permissions:
accept for virtual map "foo" deliver to maildir "/m/%d/%u" user foo
will deliver mail under /m/domain/user as user foo
idea and initial diff discussed with jacekm@
show more ...
|
#
8c175df0 |
| 11-Oct-2009 |
gilles <gilles@openbsd.org> |
implement proper virtual domains instead of faking them on top of primary domains. this means that:
- virtual domains no longer deliver to a local user when not told to - they no longer attempt to r
implement proper virtual domains instead of faking them on top of primary domains. this means that:
- virtual domains no longer deliver to a local user when not told to - they no longer attempt to resolve aliases when not told to - they no longer need an explicit rule in smtpd.conf for EACH domain - the "virtual" map is no longer hardcoded - smtpd no longer needs a restart to support a new domain
instead we introduce the: accept for virtual map "mapname" [...] syntax which refers to a map that can be manipulated at runtime.
idea discussed and okayd with jacekm@
show more ...
|
#
d12ef65c |
| 16-Sep-2009 |
jacekm <jacekm@openbsd.org> |
Do not print "could not load cert" warning at startup if certificate is not required. Requested by jmc@, gilles@ ok.
|
#
69a8a95a |
| 05-Jun-2009 |
jacekm <jacekm@openbsd.org> |
if path in "deliver to maildir path" is omitted, use ~/Maildir by default; from gilles@
|
#
fcba321c |
| 02-Jun-2009 |
gilles <gilles@openbsd.org> |
make env->sc_listeners and env->sc_ssl pointers, one step further toward configuration reloading without killing active sessions; ok jacekm@
|
#
a711f13c |
| 30-May-2009 |
gilles <gilles@openbsd.org> |
It is now possible to specify a certificate to use when relaying to another host which requests client certificates:
accept [...] relay via [...] ssl certificate "mycert"
diff from Josh Elsasser <
It is now possible to specify a certificate to use when relaying to another host which requests client certificates:
accept [...] relay via [...] ssl certificate "mycert"
diff from Josh Elsasser <josh@elsasser.org>, tested and okayed by me with no change but the addition of status 554 to the state machine to deal with remote host telling us it doesn't like our certificate.
show more ...
|
#
b52e5317 |
| 27-May-2009 |
jacekm <jacekm@openbsd.org> |
temporary fix to a ruleset processing bug that stems from the fact that the ip address/subnet parsing isn't done in the same way as in other daemons.
fix by gilles@
|
#
9b6703b2 |
| 21-May-2009 |
gilles <gilles@openbsd.org> |
no longer create a dynamic map with 127.0.0.1 and ::1 for every single rule that has an implicit local source. instead we create static "localhost" map before the configuration file is parsed, we fil
no longer create a dynamic map with 127.0.0.1 and ::1 for every single rule that has an implicit local source. instead we create static "localhost" map before the configuration file is parsed, we fill it with every single local address we can find, and we have rules with implicit local source reference that special map.
this unbreaks a behavior which I hated and which prevented:
accept for all relay
from accepting relaying if LOCAL session was initiated on any interface but lo0.
show more ...
|
#
9aa27f7f |
| 20-May-2009 |
gilles <gilles@openbsd.org> |
first step towards configuration reload in smtpd, smtpctl reload will parse the configuration file again and replace current configuration with new one in all processes. what we don't support yet is
first step towards configuration reload in smtpd, smtpctl reload will parse the configuration file again and replace current configuration with new one in all processes. what we don't support yet is graceful restart, clients in sessions at the moment of the reload will have a temp failure thrown at 'em which is ok RFC-wise but which we will try to improve anyway.
tested with various setups, "diff reads good" jacekm@
show more ...
|
#
057d62de |
| 12-Apr-2009 |
gilles <gilles@openbsd.org> |
Code assumed the certificate name to always match the interface name, even when a certificate name was explicitely provided. This would cause imsg to fatal() because with some configurations, it woul
Code assumed the certificate name to always match the interface name, even when a certificate name was explicitely provided. This would cause imsg to fatal() because with some configurations, it would look for the wrong name in the ssl tree and would fail to find the proper cert.
issue spotted by Gregory Edigarov <gregory.edigarov@gmail.com>, I found the fix just a few minutes ago when I succeeded to reproduce the issue...
show more ...
|
#
126ac712 |
| 09-Apr-2009 |
jacekm <jacekm@openbsd.org> |
change syntax of the "listen on" and "relay via" directives: 1) kill the ssmtp keyword in "ssmtp listen on ..."; 2) kill the use keyword in "... use certificate foo"; 3) tls no longer implicit, user
change syntax of the "listen on" and "relay via" directives: 1) kill the ssmtp keyword in "ssmtp listen on ..."; 2) kill the use keyword in "... use certificate foo"; 3) tls no longer implicit, user must explicitely use the tls or smtps option. 4) for "relay via", move the tls/smtps options to right after the port specification; makes it similar to "listen on".
These directives:
ssmtp listen on fxp0 use ceritifate "foo" accept for all relay via tls "mx.bar.com"
now become:
listen on fxp0 smtps certificate "foo" accept for all relay via "mx.bar.com" tls
ok gilles@
show more ...
|
#
7fc93de0 |
| 31-Mar-2009 |
tobias <tobias@openbsd.org> |
Fixed memory leaks which would occur if the second of two memory allocations fails.
looks right deraadt, krw ok henning
|
#
6fcffac0 |
| 19-Mar-2009 |
gilles <gilles@openbsd.org> |
when listen was declared without a port parameter, it would get it wrong because of a missing htons()
|
#
ed390170 |
| 16-Mar-2009 |
gilles <gilles@openbsd.org> |
in accept rules, support "for local" as a destination which is an alias to "localhost" and system hostname. this allows us to ship with a config file that goes: accept for local deliver to mbox , a
in accept rules, support "for local" as a destination which is an alias to "localhost" and system hostname. this allows us to ship with a config file that goes: accept for local deliver to mbox , and which will allow us to have mail working sanely out of the box.
show more ...
|
#
df982ec9 |
| 09-Mar-2009 |
gilles <gilles@openbsd.org> |
add basic support for outgoing authentication (AUTH PLAIN over ssl) which can be turned on by adding "enable auth" to a "relay via" rule. this made me rework the mx resolution so that it is done by t
add basic support for outgoing authentication (AUTH PLAIN over ssl) which can be turned on by adding "enable auth" to a "relay via" rule. this made me rework the mx resolution so that it is done by the mta process and not the runner process anymore.
show more ...
|
#
2d45bb56 |
| 08-Mar-2009 |
gilles <gilles@openbsd.org> |
supporting delivery to a mbox that's not in _PATH_MAILDIR is not supported, if someone comes with good rationale why this is needed, we'll consider it, meanwhile it's more work than it looks like and
supporting delivery to a mbox that's not in _PATH_MAILDIR is not supported, if someone comes with good rationale why this is needed, we'll consider it, meanwhile it's more work than it looks like and it brings a lot of pain.
discussed with jacekm@ and deraadt@
show more ...
|
#
36d2baff |
| 22-Feb-2009 |
form <form@openbsd.org> |
replace MAX* constants by sizeof where possible
ok jacekm@
|