add required headers for smtpd.h and remove unnecessary ones in other files.

ok jung@

store smtp session username in envelope and allow ruleset to match specific
users or mailaddr:

match auth "gilles@openbsd.org" [...]
match auth "@openbsd.org" [...]

ok eric@

fix a logic bug in ruleset matching that makes `from socket` rules possibly
crash depending on how the ruleset is crafted.

fix a possible crash when combining "from rdns", nested virtual aliases and
a particular sequence of rules causing "from rdns" to be hit again from the
expanded aliases. this requires crafting a spec

fix a possible crash when combining "from rdns", nested virtual aliases and
a particular sequence of rules causing "from rdns" to be hit again from the
expanded aliases. this requires crafting a specific configuration.

show more ...

add 'from rdns' to ruleset match criterias making it possible to match
envelopes created by sessions that had or did not have an rDNS:

match from rdns [...] action "local"
match !from rdns [

add 'from rdns' to ruleset match criterias making it possible to match
envelopes created by sessions that had or did not have an rDNS:

match from rdns [...] action "local"
match !from rdns [...] reject

show more ...

properly implement the "from socket" match criteria, so it is now possible
to specifically match a connection that happened through the local enqueuer

remove the tag workaround for table_create() and table_find(),
now that static tables handle their updates internally.

ok gilles@

simplify code

ok gilles@

introduce a table_match() function to check for a key in a table

ok gilles@

get rid of the unused dict argument in table lookup and fetch api.

ok gilles@

introduce new matching criteria 'from rdns' to match sessions based on rDNS
of the client, works with literal and tables, both string and regex:

match from rdns "mx1.poolp.org" for any action blahb

introduce new matching criteria 'from rdns' to match sessions based on rDNS
of the client, works with literal and tables, both string and regex:

match from rdns "mx1.poolp.org" for any action blahblah

show more ...

since we already support regex lookups in tables for builtin filters, let's
also support regex lookups in match rule criterias performing table lookups

ok millert@

rework the table API so that it takes a struct smtpd * context in parameter
of functions creating, looking up or destroying tables.

this is a first step in cleaning up parse.y so it doesn't have sid

rework the table API so that it takes a struct smtpd * context in parameter
of functions creating, looking up or destroying tables.

this is a first step in cleaning up parse.y so it doesn't have side effects
outside of parse_config(), bringing nothing but making code cleaner.

ok millert@

show more ...

switch smtpd to new grammar

ok eric@

allow negation of authenticated keyword:
accept ! authenticated [...]

ok sunil@, jung@

introduce "authenticated" parameter so rules may apply to authenticated
sessions specifically

ok eric@, sunil@, jung@

aliases_virtual_check() has been unneeded for a while

ok jung@, ok sunil@, ok millert@

use <limits.h> comprehensively. For now try to push <> includes to
each .c file, and out of the .h files. To avoid overinclude.
ok gilles, in principle. If this has been done right, -portable shou

use <limits.h> comprehensively. For now try to push <> includes to
each .c file, and out of the .h files. To avoid overinclude.
ok gilles, in principle. If this has been done right, -portable should
become easier to maintain.

show more ...

Update the table API: lookup functions can take an optional parameters
dictionnary (currently not set). While there, add a helper for forking
external backends, and remove unused table functions.

ok

Update the table API: lookup functions can take an optional parameters
dictionnary (currently not set). While there, add a helper for forking
external backends, and remove unused table functions.

ok gilles@

show more ...

Much much improved config parser and related changes.
Simplify code and do not impose an order on conditions and rule options.

Format changes that may require smtpd.conf update for some setups:

- S

Much much improved config parser and related changes.
Simplify code and do not impose an order on conditions and rule options.

Format changes that may require smtpd.conf update for some setups:

- SSL certificates are no longer automatically loaded, but must be
explicitely declared using the "pki" keyword.
- "certificate" option becomes "pki" in listener and accept rules.
- "ssl://" becomes "secure://" in relay via rules.
- "helo" becomes "hostnames" in relay rules

New features:

- accept rules do not need an explicit action, in which case alias table
or .forward must provide one.
- new "forward-only" action to force relaying and reject rcpts that expand
as local delivery.
- "!" (negation) modifier on rule matching conditions.
- new "recipient" rule matching condition.
- new "verify" option on listeners and relay rules to reject invalid
certificates.

Other changes:

- remember the helo name advertised on incoming mail and use it for sending
bounces.
- bump envelope version (existing envelopes are updated on-the-fly).

show more ...

sync with OpenSMTPD 5.3.2

ok gilles@

Sync with our smtpd repo:

* first bricks of ldap and sqlite support (not finished but both working)
* new table API to replace map API, all lookups are done through tables
* improved handling of tem

Sync with our smtpd repo:

* first bricks of ldap and sqlite support (not finished but both working)
* new table API to replace map API, all lookups are done through tables
* improved handling of temporary errors throughout the daemon
* improved scheduler and mta logic: connection reuse, optimizes batches
* improved queue: more tolerant to admin errors, new layout, less disk-IO
* improved memory usage under high load
* SSL certs/keys isolated to lookup process to avoid facing network
* VIRTUAL support improved, fully virtual setups possible now
* runtime tracing of processes through smtpctl trace
* ssl_privsep.c sync-ed with relayd
* ssl.c no longer contains smtpd specific interfaces
* smtpd-specific ssl bits moved to ssl_smtpd.c
* update mail address in copyright

FLUSH YOUR QUEUE. FLUSH YOUR QUEUE. FLUSH YOUR QUEUE. FLUSH YOUR QUEUE.

smtpd.conf(5) simplified, it will require adaptations

ok eric@

show more ...

Cleanups and improvements:

* Log more events (especially client session) and use a better scheme
for that: each messages is prefixed with a token to easily identify
its class:
- info/warn/de

Cleanups and improvements:

* Log more events (especially client session) and use a better scheme
for that: each messages is prefixed with a token to easily identify
its class:
- info/warn/debug: general server messages
- smtp-in: smtp client connections
- relay: status update for relayed messages
- delivery: status update for local deliveries

* Implement "smtpctl monitor" to display updates of selected internal
counters.

* When reloading the on-disk queue at startup do not commit a message
if no envelope was submitted for that message.

* Remove unused stuff in the config parser.

ok gilles@

show more ...

Make map_lookup() and make_compare() set errno on failure to distinguish
between "no match" and "internal error" (e.g. missing or broken db file).
Adapt alias expansion and ruleset matching code to c

Make map_lookup() and make_compare() set errno on failure to distinguish
between "no match" and "internal error" (e.g. missing or broken db file).
Adapt alias expansion and ruleset matching code to check for such errors,
in which case the current processing is aborted, and a temporary failure
is reported to the smtp session.

ok gilles@

show more ...

- replace "from all" and "for all" with "from any" and "for any"

ok eric@, chl@