| #
8380d000 |
| 07-May-2024 |
op <op@openbsd.org> |
change the smtpd table protocol
Using imsg for the "proc" table (external programs) has proven quite
painful in practice since a lot of smtpd internals (structs, enums,
etc..) have to be kept in syn
change the smtpd table protocol
Using imsg for the "proc" table (external programs) has proven quite
painful in practice since a lot of smtpd internals (structs, enums,
etc..) have to be kept in sync with the various tables implementations.
Instead, a filter-like protocol for tables decouples the implementations
and allows to write and test tables easily.
The new text-based transport protocol is documented in the (added)
smtpd-tables(7) manpage.
The old imsg protocol is no longer supported and existing tables have to
be converted. In particular, users of opensmtpd-extras tables will need
install the new opensmtpd-table-* packages.
With lots of suggestions and improvements from gilles and a tweak
from Philipp (philipp+openbsd [at] bureaucracy [dot] de), thanks!
ok gilles
show more ...
|
| #
c392a889 |
| 02-Mar-2024 |
op <op@openbsd.org> |
bump version to 7.5.0
|
| #
d7df8c18 |
| 11-Feb-2024 |
op <op@openbsd.org> |
unify smtpd and makemap table parser
These are supposed to parse the same file format but have subtle
difference in the handling of comments, continuation lines and escaping.
Converge both to the s
unify smtpd and makemap table parser
These are supposed to parse the same file format but have subtle
difference in the handling of comments, continuation lines and escaping.
Converge both to the simpler smtpd parser which doesn't handle
continuation lines nor escaping, and support comments only at the start
of the line.
improvements and ok millert@
show more ...
|
| #
03e780bb |
| 02-Feb-2024 |
gilles <gilles@openbsd.org> |
there's no good reason to allow smtpd to execute custom command set by root
in a .forward file so disallow custom commands and file reading, only allow
setting forward addresses and users.
as root i
there's no good reason to allow smtpd to execute custom command set by root
in a .forward file so disallow custom commands and file reading, only allow
setting forward addresses and users.
as root is no longer allowed to run any MDA but mbox, we can be stricter on
the setup of the MDA process and refuse to exec anything that's not an mbox
dispatcher.
tested by op@ who edited a root envelope to simulate an exploit injecting a
custom command in a root envelope, smtpd refused to exec.
ok millert@ and op@
show more ...
|
| #
cd8603db |
| 03-Jan-2024 |
op <op@openbsd.org> |
relax ORCPT syntax validation
We expected the ORCPT parameter to be a valid rfc822 address. This is
wrong on multiple levels:
- any other IANA-registered "addr-type" can be used
- the parameter
relax ORCPT syntax validation
We expected the ORCPT parameter to be a valid rfc822 address. This is
wrong on multiple levels:
- any other IANA-registered "addr-type" can be used
- the parameter may be encoded and we didn't decode it prior validation
- RFC3461 explicitly states that "[..] the address associated with the
ORCPT keyword is NOT constrained to conform to the syntax rules for
that 'addr-type'".
Instead, just validate the xtext and preserve the ORCPT value as-is.
Issue originally reported by Tim Kuijsten, Tassilo Philipp and others.
ok millert@
show more ...
|
| #
2e9bd56e |
| 08-Nov-2023 |
op <op@openbsd.org> |
RFC 7505 ("Null MX") handling
mail delivery will not be attempted if a domain advertises a single MX
record with preference 0 and a zero-length label.
based on an initial diff from Philipp (philipp
RFC 7505 ("Null MX") handling
mail delivery will not be attempted if a domain advertises a single MX
record with preference 0 and a zero-length label.
based on an initial diff from Philipp (philipp+openbsd [at] bureaucracy
[dot] de), thanks!
ok jung@
show more ...
|
| #
388138a3 |
| 29-Sep-2023 |
op <op@openbsd.org> |
bump version to 7.4.0
|
| #
8c6e4223 |
| 17-Jun-2023 |
op <op@openbsd.org> |
bump version to 7.3.0
|
| #
0dcffd0d |
| 31-May-2023 |
op <op@openbsd.org> |
add missing include of time.h
spotted after a report on OpenSMTPD-portable. While here include
sys/time.h in smtpd.h, as noted in event_init(3), since it includes
event.h.
ok millert@
|
| #
2574a043 |
| 25-May-2023 |
op <op@openbsd.org> |
remove two unused defines
last PROC_COUNT use was removed with the switch to fork+exec by eric@ in
2016, CA_FILE with the removal of cert.c two years ago.
ok tb@, kn@
|
| #
41b8cf0b |
| 18-Feb-2022 |
millert <millert@openbsd.org> |
Revert changes to use the new libtls signer api
There are bugs in the new libtls signer that can lead to a crash.
OK tb@ jsing@
|
| #
3abbdc76 |
| 12-Feb-2022 |
eric <eric@openbsd.org> |
use new libtls signer api
ok tb@
|
| #
89818320 |
| 10-Feb-2022 |
millert <millert@openbsd.org> |
Do not verify the cert or CA for a relay using opportunistic TLS.
If a relay is not explicitly configured to use TLS but the remote
side supports STARTTLS, we will try to use it. However, in this
ca
Do not verify the cert or CA for a relay using opportunistic TLS.
If a relay is not explicitly configured to use TLS but the remote
side supports STARTTLS, we will try to use it. However, in this
case we should not verify the cert or CA (which may be self-signed).
This restores the relay behavior before the switch to libtls was made.
There is no change if the relay is explicitly configured to use TLS.
OK eric@
show more ...
|
| #
6669a8ea |
| 22-Sep-2021 |
eric <eric@openbsd.org> |
bump version to 7.0.0
|
| #
ceeebefe |
| 28-Jul-2021 |
benno <benno@openbsd.org> |
add format attribute to vaararg functions.
millert@ thinks its useful.
|
| #
d3140113 |
| 14-Jun-2021 |
eric <eric@openbsd.org> |
add required headers for smtpd.h and remove unnecessary ones in other files.
ok jung@
|
| #
8a42180c |
| 21-Apr-2021 |
eric <eric@openbsd.org> |
unplug unused certificate verification code, now that this is done by libtls.
ok tb@ millert@
|
| #
79c9d8a6 |
| 11-Apr-2021 |
eric <eric@openbsd.org> |
do not build unused code and remove uneeded dependency on libm.
ok tb@
|
| #
6f0676d9 |
| 10-Apr-2021 |
eric <eric@openbsd.org> |
bump smtpd version
|
| #
a040621a |
| 09-Apr-2021 |
eric <eric@openbsd.org> |
allow to specify tls ciphers and protocols on listeners
ok tb@
|
| #
82e75344 |
| 31-Mar-2021 |
eric <eric@openbsd.org> |
turn log_trace() into a macro to prevent evaluating the format string
parameters when tracing is not enabled.
ok millert@
|
| #
32bd51d0 |
| 31-Mar-2021 |
eric <eric@openbsd.org> |
allow to specify tls protocols and ciphers on relay actions
ok espie@ sthen@ tb@
|
| #
eed85469 |
| 05-Mar-2021 |
eric <eric@openbsd.org> |
Start porting smtpd to libtls.
Note that it changes the way SNI works: The certificate to use is now
selected by looking at the names found in the certificates themselves,
rather than the names of t
Start porting smtpd to libtls.
Note that it changes the way SNI works: The certificate to use is now
selected by looking at the names found in the certificates themselves,
rather than the names of the pki entries in the configuration file.
The set of certificates for a tls listener must be defined explicitly by
using the pki listener option multiple times.
ok tb@
show more ...
|
| #
ad380068 |
| 19-Jan-2021 |
claudio <claudio@openbsd.org> |
Do the KAME embedded scope fixup in the two places where getifaddrs() is
used. With this there should be no more embedded scopes left and therefor
in6addr_to_text() can be removed. getnameinfo() will
Do the KAME embedded scope fixup in the two places where getifaddrs() is
used. With this there should be no more embedded scopes left and therefor
in6addr_to_text() can be removed. getnameinfo() will just do the right
thing now.
OK eric@
show more ...
|
| #
1a5b831a |
| 31-Dec-2020 |
martijn <martijn@openbsd.org> |
Rename the pony process to dispatcher and klondike to crypto.
From gilles@
OK millert@ giovanni@
|