some fatal -> fatalx to improved logging

errno doesn't generally contains anything useful after libtls functions,
and in most cases it's explicitly cleared to avoid misuse, so change a
few fatal() c

some fatal -> fatalx to improved logging

errno doesn't generally contains anything useful after libtls functions,
and in most cases it's explicitly cleared to avoid misuse, so change a
few fatal() calls to fatalx() when logging libtls failures. Also, add
the real error string, via tls_error() or tls_config_error(), that was
missing before.

ok millert@

show more ...

Revert changes to use the new libtls signer api
There are bugs in the new libtls signer that can lead to a crash.
OK tb@ jsing@

use new libtls signer api

ok tb@

add required headers for smtpd.h and remove unnecessary ones in other files.

ok jung@

replaces calls to err(3)/errx(3) with fatal()/fatalx() from log.c
for code that runs in the daemon.

ok florian@ millert@

allow to specify tls ciphers and protocols on listeners

ok tb@

do not request client certificate unless required

issue hit by florian@
diff by jsing@

ok tb@

Start porting smtpd to libtls.

Note that it changes the way SNI works: The certificate to use is now
selected by looking at the names found in the certificates themselves,
rather than the names of t

Start porting smtpd to libtls.

Note that it changes the way SNI works: The certificate to use is now
selected by looking at the names found in the certificates themselves,
rather than the names of the pki entries in the configuration file.
The set of certificates for a tls listener must be defined explicitly by
using the pki listener option multiple times.

ok tb@

show more ...

this introduces experimental proxy v2 support which is fairly isolated to a
single proxy.c file, importing it to work in tree

initial work from Antoine Kaufmann <toni@famkaufmann.info>

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

show more ...

remove dead code

ok gilles@

do some imsg renaming to make them more clear

bring the first bits of DATA filtering plumbing but bypass it for now

ok eric@

only apply filter rules to filtered interfaces

bring plumbing for builtin filters

ok millert@, eric@, jung@

Implement a generic interface to forward resolver queries to the lka
process. Use it for the reverse lookups required by smtp and mta.

Until now, DNS-related lookups were implemented using ad-hoc I

Implement a generic interface to forward resolver queries to the lka
process. Use it for the reverse lookups required by smtp and mta.

Until now, DNS-related lookups were implemented using ad-hoc IMSGs
between the lka and other processes. It turns out to be confusing and
difficult to maintain/extend. So we want to replace this with a better
set of IMSGs matching the standard resolver interface.

ok gilles@

show more ...

split smtp_accept() in two parts: the accept part, the session init part,
while at it allow smtp_session() to receive a pre-allocated struct io

ok millert@
diff contributed by Antoine Kaufmann

no need to check the sending process in imsg handlers when there is no
ambiguity: just use a single switch.

ok gilles@ sunil@

- filters are currently broken, do not allow using them until we're done

Nuke session_socket_blockmode() and session_socket_linger(). Use
the identical io_set_blocking() and io_set_linger().

Since both are always called to turn off blocking or lingering,
nuke the paramet

Nuke session_socket_blockmode() and session_socket_linger(). Use
the identical io_set_blocking() and io_set_linger().

Since both are always called to turn off blocking or lingering,
nuke the parameter and associated enum in favour of "just doing the
right thing".

While passing remove the unneeded last parameter to the remaining
fcntl(F_GETFL).

Finally, rename the functions to io_set_nonblocking() and
io_set_nolinger() for clarity.

No functional change.

Started with a sweep of fcntl() usage inspired by guenther@.

ok gilles@

show more ...

handle enqueuer socket as a regular listener that can be configured with
"listen on socket". this simplifies a bit of code, removes some special
cases and will allow attaching filters & masking sourc

handle enqueuer socket as a regular listener that can be configured with
"listen on socket". this simplifies a bit of code, removes some special
cases and will allow attaching filters & masking source just as on lo0.

diff from Peter Bisroev <peter@int19h.net>
ok gilles@, jung@

show more ...

remove some noop leftover code from an earlier cleanup

diff from Peter Bisroev <peter@int19h.net>

adjust a debug message to use decimal instead of hex

ok gilles millert

remove spaces after '!'

no binary change

ok millert

refactor a bit to move the SNI handling away from smtp_session into smtp

ok sunil@, jung@