On Tue, Jul 23, 2019 at 10:54:57AM +0200, Klemens Nanni wrote:
> On Tue, Jul 23, 2019 at 08:18:18AM +0200, Gilles Chehade wrote:
> > it should definitely default to 25 in my opinion, disregarding if people
> > use "relay host" for submission or not.
> Fine with me; I
On Tue, Jul 23, 2019 at 10:20:10PM +0200, Sebastian Benoit wrote:
> Gilles Chehade(gil...@poolp.org) on 2019.07.23 09:06:33 +0200:
> > On Tue, Jul 23, 2019 at 08:51:54AM +0200, Sebastien Marie wrote:
> > > On Mon, Jul 22, 2019 at 11:26:28PM +0200, Klemens Nanni wrote:
>
On Wed, Jul 24, 2019 at 12:18:05AM +0200, Klemens Nanni wrote:
> On Tue, Jul 23, 2019 at 09:06:33AM +0200, Gilles Chehade wrote:
> > On Tue, Jul 23, 2019 at 08:51:54AM +0200, Sebastien Marie wrote:
> > > it seems to me this url is wrong. the '@' in username
On Tue, Jul 23, 2019 at 08:51:38PM +0200, Ingo Schwarze wrote:
> Hi Gilles,
>
> Gilles Chehade wrote on Tue, Jul 23, 2019 at 08:27:06AM +0200:
> > On Mon, Jul 22, 2019 at 05:05:01PM -0400, Kurt Mosiejczuk wrote:
>
> >> This is a diff for that changes the example
On Tue, Jul 23, 2019 at 12:15:26PM +0200, Klemens Nanni wrote:
> On Tue, Jul 23, 2019 at 11:00:04AM +0200, Gilles Chehade wrote:
> > there is no schema today that should default to 587, unless
> > submission:// is introduced as an alias to smtp+tls AND port 587.
> Alright; thi
0
@@ -169,10 +169,9 @@ sa_to_text(const struct sockaddr *sa)
const struct in6_addr *in6_addr;
in6 = (const struct sockaddr_in6 *)sa;
- (void)strlcpy(buf, "IPv6:", sizeof(buf));
- p = buf + 5;
+ p = buf;
in6_a
;proc = $5;
> + dict_set(conf->sc_filters_dict, $2, filter_config);
> +} proc_params {
> + dict_set(conf->sc_processors_dict, filter_config->proc, processor);
> + processor = NULL;
> + filter_config = NULL;
> +}
> +|
> FILTER STRING PHASE {
> if (dict_get(conf->sc_filters_dict, $2)) {
> yyerror("filter already exists with that name: %s", $2);
>
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
On Fri, Aug 23, 2019 at 07:33:29PM +0200, Martijn van Duren wrote:
> On 8/23/19 7:06 PM, Gilles Chehade wrote:
> > On Fri, Aug 23, 2019 at 09:03:51AM +0200, Martijn van Duren wrote:
> >> Hello,
> >>
> >
> > Hello,
> >
> >
> >> When r
gt; >>struct filter_session *fs;
> >>
> >>(void)strlcpy(buffer, line, sizeof buffer);
> >> - if ((ep = strchr(buffer, '|')) == NULL)
> >> - return 0;
> >> - *ep = 0;
> >> + ep = strchr(buffer, '|');
> >
mtpname, SMTPD_NAME);
> s->banner_sent = 1;
> + snprintf(textstring, sizeof(textstring), "ESMTP %s", SMTPD_NAME);
> + report_smtp_link_greeting("smtp-in", s->id, s->smtpname, textstring);
> }
>
> void
> Index: smtpd.h
&g
o I added a
> similar check there.
>
> I'd like you to double-check whether the fix is indeed correct.
>
Yes, your understanding of the problem is correct and your diff also, so
I committed it a minute ago, thanks !
I'm curious about what configuration allowed you to hit th
nter is an example of one).
So:
a- do we leave '\r' in the body ?
b- do we turn '\r' into '\n'
c- do we keep strict behavior ?
d- do we keep strict behavior + provide a knob for '\r' to work ?
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
> this we need to make it fit within the specifications:
>
> [...]
>
> This means stop opportunistic scanning for '\r' in iobuf!
>
Sure but fixing iobuf is not a two liner and it affects virtually all of
the daemon and at this point we're looking for stability
ly(s, "500 %s is only allowed before ",
- esc_code(ESC_STATUS_PERMFAIL, ESC_OTHER_STATUS));
- smtp_enter_state(s, STATE_QUIT);
- io_set_write(io);
- return;
- }
-
/*
> RCS file: /cvs/src/usr.sbin/smtpd/smtp_session.c,v
> retrieving revision 1.389
> diff -u -p -r1.389 smtp_session.c
> --- smtp_session.c20 Feb 2019 11:56:27 - 1.389
> +++ smtp_session.c24 Apr 2019 09:33:35 -
> @@ -1078,7 +1078,7 @@ smtp_io(struct io *io, int evt, void *ar
>
> case IO_DATAIN:
> nextline:
> - line = io_getline(s->io, &len);
> + line = io_getline_rn(s->io, &len);
> if ((line == NULL && io_datalen(s->io) >= SMTP_LINE_MAX) ||
> (line && len >= SMTP_LINE_MAX)) {
> s->flags |= SF_BADINPUT;
> @@ -2727,7 +2727,7 @@ filter_session_io(struct io *io, int evt
> switch (evt) {
> case IO_DATAIN:
> nextline:
> - line = io_getline(tx->filter, &len);
> + line = io_getline_rn(tx->filter, &len);
> /* No complete line received */
> if (line == NULL)
> return;
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
version of my own complex smtpd.conf to new grammar:
https://poolp.org/posts/2018-05-21/switching-to-opensmtpd-new-config/
I have also compiled a list of directives recognized by the parser which
I intend to use for regress tests:
https://poolp.org/~gilles/smtpd.conf
As for the reasons b
On Thu, May 24, 2018 at 04:38:17PM -0400, Rupert Gallagher wrote:
> On Thu, May 24, 2018 at 14:18, Gilles Chehade wrote:
>
> > In effect, instead of having:
> > accept from any for local deliver to mbox
> >
> > You will have:
> > action "my_action&
On 2018-05-30T11:50:37+0200, Stefan Sperling wrote:
> Comments inline. I think this still needs a lot of work...
Thanks for the review; replies inline (and omitted where the reply
is the same as one above). By the time you read this, I'll have
pushed the changes I mention to my branch in hboetes'
ely not up for reworking all of mg. It seems
better that this patch, as it is, remain off to the side in case
someone wants to use it themselves.
--
S. Gilles
tials.
> +This option is usable only with
> +.Cm host
> +option.
> +The credential table format is described in
> +.Xr table 5 .
> .It Cm mail\-from Ar mailaddr
> Use
> .Ar mailaddr
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
t;no-dsn", NODSN },
> + { "no-verify", NOVERIFY },
> { "on", ON },
> { "pki",PKI },
> { "port", PORT },
> Index: mta.c
> ==
6:35 - 1.183
> +++ smtpd.conf.5 31 May 2018 19:56:04 -
> @@ -205,6 +205,9 @@ to advertise during the HELO phase.
> .It Cm host Ar relay-url
> Do not perform MX lookups but relay messages to the relay host described by
> .Ar relay-url .
> +If the url uses tls, th
On 2018-06-01T11:02:57+0200, Stefan Sperling wrote:
> On Wed, May 30, 2018 at 04:01:57PM -0400, S. Gilles wrote:
> > On 2018-05-30T09:17:22-0600, Theo de Raadt wrote:
> > > This approach seems misguided. Let me tell a story.
> > >
> > > More than two decade
On Sat, Jun 02, 2018 at 10:32:52PM +0200, Denis Fondras wrote:
> Applying otto@'s diff to smtpd.
> Fixes an off-by-one line count when using include statements.
>
> Ok ?
>
tested, ok gilles@
> Index: parse.y
>
dest) == -E2BIG) {
// overflow
}
and that strscpy() is essentially strlcpy() in NIH disguise:
ssize_t
strscpy(char *dest, const char *src, size_t count)
{
ssize_t ret;
if ((ret = strlcpy(dest, src, count)) >= count)
return -E2BIG;
ap from that other
> OS I mentioned, so that's my reason for this line of thinking slash
> pipe-dreaming ;)
>
quite amazing to watch tedu talk to another tedu :-|
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
savemail(expand(cp), mtf);
>
> /* Setup sendmail arguments. */
> -*ap++ = "send-mail";
> +*ap++ = "sendmail";
> *ap++ = "-i";
> *ap++ = "-t";
> cp = hp->h_from ? hp->h_from : valu
response);
> return 1;
> + }
> +
> + if ((ep = strchr(response, '|'))) {
> + parameter = ep + 1;
> + *ep = 0;
> }
>
> if (strcmp(response, "proceed") != 0 &&
>
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
g list
> + (https://www.mail-archive.com/misc@opensmtpd.org/";>Archive).
> The
>list is not moderated, however registration is required.
>
>To register, simply send a mail to
>
> Sergey
>
--
Gilles Chehade
ng the explicit notation to default config,
then put a startup warning in the next release so configurations are not
broken but people spot that this is no longer encouraged and we can then
later kill it.
--
Gilles Chehade @poolpOrg
https://www.
On Mon, Nov 25, 2019 at 01:09:20AM +0100, Joerg Jung wrote:
> On Sun, Nov 24, 2019 at 10:54:14AM +0100, Gilles Chehade wrote:
> >
> > Ten years ago, it seemed a very neat idea that OpenSMTPD would have some
> > implicit defaults to avoid people creating open relays.
>
On Mon, Nov 25, 2019 at 08:30:21AM +0100, Gilles Chehade wrote:
> On Mon, Nov 25, 2019 at 01:09:20AM +0100, Joerg Jung wrote:
> > On Sun, Nov 24, 2019 at 10:54:14AM +0100, Gilles Chehade wrote:
> > >
> > > Ten years ago, it seemed a very neat idea that OpenSMTPD wou
@
table aliases file:/etc/mail/aliases
+listen on socket
+
# To accept external mail, replace with: listen on all
#
listen on lo0
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
commited thanks !
gilles
On Wed, May 20, 2009 at 08:42:45AM +0200, giovanni wrote:
> Index: smtpctl.c
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/smtpctl.c,v
> retrieving revision 1.24
> diff -u -p -u -r1.24 smtpctl.c
branch.
Gilles, dns at poolp.org is unresponsive, so I decided to put it here.
Hi Gregory,
I'll look into it Friday as I am swamped right now, but I don't like
much this idea as 2) and 3) can be achieved through 1) in my opinion
but I'll wait until I read your diff to comment.
This was discussed with Gregory in private but for the record and archives:
I think this doesn't belong here and should be part of a login script which
would take care of forking the executable, or calling the function exported
from some shared lib. This feeling is shared by others too.
G
hanks again !
:wq
Gilles
--
Gilles Chehade
freelance developer/sysadmin/consultant
http://www.poolp.org
gt; Note that although AUTH is advertised, smtpd misses it.
>
good catch
> I have included a patch that fixes the problem and that also only
> parses the server reply (for AUTH and STARTTLS) during the EHLO
> phase.
>
diff looks ok by me, i'll wait for jacekm@ to get a c
\o/
Gilles
On Fri, Nov 13, 2009 at 12:41:14PM +0100, Martin Hedenfalk wrote:
> Hello,
>
> I've been writing a small ldap server recently and thought I'd see if
> there was any interest in such a thing here. It's ISC-licensed with a
> small and readable code bas
Hi Seth,
It is a known issue, I actually had pulled the code for inet_net_pton()
from NetBSD many months ago, when I first realized inet6 masks were not
working in smtpd, but then I got sucked into other stuff and forgot it.
I'll review the diff again ... :-)
Thanks,
Gilles
On Fri, A
poll and select already use it).
>
> ok?
>
I haven't observed the issue but the diff is ok by me
--
Gilles Chehade
hi ted,
the diff is ok by me
gilles
On Sun, Aug 22, 2010 at 05:56:32PM -0400, Ted Unangst wrote:
> I think this is slightly better, though there isn't much functional
> change. This code certainly gets around...
>
> Index:
On Tue, Aug 31, 2010 at 07:29:16AM +, Mark Lumsden wrote:
> Remove unused variable, linkfail. Unused since v1.6.
>
> ok?
>
> mark
>
yup, it should have been removed in 1.6, ok gilles@
> Index: stat.c
>
ok by me, commited
gilles
On 09/06/10 11:48, Gregory Edigarov wrote:
Hi everybody,
The following diff adds sender expansions to OpenSMTPD.
%U for sender localpart
%D for sender domainpart
--- lka.c.orig Sun Jun 20 12:56:26 2010
+++ lka.c Sun Sep 5 16:41:37 2010
@@ -55,11 +55,11
h->rule.r_value.path);
+ ret = lka_expand(path->rule.r_value.path,
sizeof(path->rule.r_value.path), path, &message.sender);
+ log_debug("lka_expand: after: [%s]", path->rule.r_value.path);
+ if (! ret) {
+ log_debug("lka_expand: returned failure.");
+ return 0;
+ }
+
message.recipient = *path;
sep = strchr(message.session_hostname, '@');
if (sep) {
@@ -715,6 +702,7 @@ lka_queue_append(struct smtpd *env, stru
s->id, 0, -1, &message, sizeof message);
TAILQ_REMOVE(&s->deliverylist, path, entry);
free(path);
+ return 1;
}
int
--
Gilles Chehade
freelance developer/sysadmin/consultant
http://www.poolp.org
se gcc still (erroneously) complains about initializing to { 0 }.
If that's a serious concern, I can send another version using memset.
I don't have commit access, so if this goes through someone else will
have to finalize it.
ely placing the `$' to denote extended lines, depending on what
type of character is the character that goes beyond ncol
If there's something that seems suspiciously absent from that list,
perhaps it's something I've overlooked and haven't tested
myself. Hopefully that helps somewhat.
--
S. Gilles
mtpd/smtpd.c,v
> retrieving revision 1.272
> diff -u -p -r1.272 smtpd.c
> --- usr.sbin/smtpd/smtpd.c27 Jan 2016 12:46:03 - 1.272
> +++ usr.sbin/smtpd/smtpd.c1 Feb 2016 19:22:33 -
> @@ -667,8 +667,6 @@ main(int argc, char *argv[])
>
> fork_peer
cal", both in ambiguity and it
new ways the ruleset can match sessions.
If you're interested to work on it, I'd be happy to discuss this with you
so you can come up with a diff :-)
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Tue, Feb 09, 2016 at 09:23:17AM -0500, Peter Bisroev wrote:
> Hi Gilles
>
Hi,
>
>
> > We have faced a similar issue with filters and my thoughts are that we need
> > a
> > listen on socket of some kind, similar to your listen on local.
> >
> >
On Thu, Feb 11, 2016 at 05:28:50PM -0500, Peter Bisroev wrote:
> Hi Gilles,
>
> Please find my diff inline to enable "listen on socket" feature that we have
> discussed. I have tested the diff with currently two supported listen options
> for this listener, mask-send
On Fri, Feb 12, 2016 at 04:29:23PM -0500, Peter Bisroev wrote:
> Hi Gilles,
>
Hi,
> While looking over smtp_enqueue(), I have noticed that setting of
> hostname is a noop. It looks like a leftover code from a bugfix in here
> (http://cvsweb.openbsd.org/cgi-bin/cvsweb/src
On Sat, Feb 13, 2016 at 08:32:23PM +0100, Joerg Jung wrote:
> On Fri, Feb 12, 2016 at 05:00:59PM -0500, Peter Bisroev wrote:
> > > Just in case the previous diff is OK, I am attaching the patch to the
> > > smtpd.conf man page.
> >
> > Hi Gilles,
> >
> &
wo days.
> The default is 4h.
> -.It Ic ca Ar hostname Ic ca Ar cafile
> +.It Ic ca Ar hostname Ic certificate Ar cafile
> Associate a custom CA certificate located in
> .Ar cafile
> with
--
Gilles Chehade
https://www.poolp.org @poolpOrg
ikely the
> service would see much real-world use.
>
> And even if there were a few people who would use it, i don't
> quite see how it would be better for them than what we already
> have. I mean, http://man.openbsd.org/ works with text browsers
>
On Tue, May 30, 2017 at 05:26:08PM -0500, Edgar Pettijohn wrote:
> fix typo
thanks, will commit
when sending diffs, please inline them instead of attaching as it is
easier for us to work with them that way
Gilles
> Index:
ases" did whatever is necessary for the
> table type you have in use so you don't need to think about it and the
> documentation can be simple..)
>
It is not that simple because newaliases works when you have one aliases
database (e.g. /etc/mail/aliases). This is the case on the default setup
but smtpd supports per-rule aliases mappings and for example the MX that
I run for poolp.org and opensmtpd.org has two different sets of aliases,
one for each domain, and now newaliases can't work anymore.
We can hack it so it works in some cases but it will never be able to do
the work correctly for non-default configurations and we will still have
to provide and document the smtpctl command.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Wed, May 31, 2017 at 09:53:38AM -0500, Jimmy Hess wrote:
> On Wed, May 31, 2017 at 6:34 AM, Gilles Chehade wrote:
>
> > It is not that simple because newaliases works when you have one aliases
> > database (e.g. /etc/mail/aliases). This is the case on the default setup
>
>oev) == 0)
> smtp_data_io_done(s);
> - } else if (io_paused(s->io, IO_IN)) {
> +
> + if (io_paused(s->io, IO_IN)) {
> log_debug("debug: smtp: %p: filter congestion over:
> resuming session", s);
> io_resume(s->io, IO_IN);
> }
>
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
ave been able to leak more than 5 fd, it
> > > should not have been able to exhaust, is this what you observed ?
>
> For the record, we discussed this with Gilles on irc and while we saw
> more than a dozen leaked fds, it's okay as smtpd will allow as many
> incoming sessio
t; - write message content directly to the file.
>
> There should be no functionnal change.
>
this should be tested by many people right away to spot subtle regressions
ok gilles@
> Index: pony.c
> ===
> RCS file: /cvs
On Fri, Aug 04, 2017 at 02:56:21PM +0200, Gilles Chehade wrote:
> On Fri, Aug 04, 2017 at 01:13:06PM +0200, Eric Faurot wrote:
> > Hi,
> >
> > Experimental support for filters has been removed some time ago from
> > the config parser. Now we want to get rid of the r
he old design when table parsing was
> done in context of its intended use in the global config.
>
this is a leftover from when tables were called maps and used to be
declared with a type
ok gilles@
> Index: table_static.c
> ===
efine list of entries
> containing a separator.
>
> Existing table files should still be working as expected.
> As a bonus, parse errors are now logged with line number.
>
as discussed, i think it's a neat idea
the diff is ok gilles@ too
> Index: table_static.c
> ===
a time to keep
> > the diffs simple, starting with smtp_filter_connect().
>
> Actually the complete diff is simple enough.
>
yes
ok gilles@
> Index: smtp_session.c
> ===
> RCS file: /cvs/src/usr.sbin/smt
s_family == AF_INET6 && setsockopt(la->fd,
> + IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) == -1)
> + log_warn("setsockopt IPV6_V6ONLY");
> +#endif
> +
> if (la->rtable != -1 &&
> setsockopt(la->fd, SOL_SOCKET, SO_RTABLE, &la->rtable,
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Tue, May 17, 2016 at 04:16:09PM +0200, Henning Brauer wrote:
> * Gilles Chehade [2016-05-17 15:56]:
> > On Tue, May 17, 2016 at 08:27:42AM -0500, Brent Cook wrote:
> > > This patch came by way of the openntpd github. Linux (and possibly others)
> > > will atte
e pairs if they have space-containing values :)
> Please see the patch attached.
>
I understand and agree with you about the problem, however I haven't been able
to convince hackers that space-separated key-value pairs were annoying enough.
I think this diff makes sense, waiting for other o
if (f->f_file < 0) {
> f->f_type = F_UNUSED;
> - logerrorx(p);
> + logerror(p);
> break;
> }
> if (isatty(f->f_file)) {
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
pler to
> tell people to restart smtpd, but even then i'm not sure this is the
> business of afterboot(8). look at the text immediately after, which
> shows how to change the mailer to accept external connections: it makes
> no mention of restarting smtpd. in general, that's a normal pattern.
>
> i know afterboot(8) is a little different though.
>
> still, i would be inclined to say let's just zap the newaliases sentence.
>
agreed
--
Gilles Chehade
https://www.poolp.org @poolpOrg
> %.*s", s->id, n, buf);
> + log_info("%016"PRIx64" smtp "
> + "event=failed-command address=%s host=%s "
> + "command=\"AUTH PLAIN (...)\" result=\"%.*s\"",
> + s->id, ss_to_text(&s->ss), s->hostname, n, buf);
> }
> else if (s->state == STATE_AUTH_USERNAME) {
> - log_info("smtp-in: Failed command on session %016"PRIx64
> - ": \"AUTH LOGIN (username)\" => %.*s", s->id, n,
> buf);
> + log_info("%016"PRIx64" smtp "
> + "event=failed-command address=%s host=%s "
> + "command=\"AUTH LOGIN (username)\" result=\"%.*s\"",
> + s->id, ss_to_text(&s->ss), s->hostname, n, buf);
> }
> else if (s->state == STATE_AUTH_PASSWORD) {
> - log_info("smtp-in: Failed command on session %016"PRIx64
> - ": \"AUTH LOGIN (password)\" => %.*s", s->id, n,
> buf);
> + log_info("%016"PRIx64" smtp "
> + "event=failed-command address=%s host=%s "
> + "command=\"AUTH LOGIN (password)\" result=\"%.*s\"",
> + s->id, ss_to_text(&s->ss), s->hostname, n, buf);
> }
> else {
> strnvis(tmp, s->cmd, sizeof tmp, VIS_SAFE | VIS_CSTYLE);
> log_info("%016"PRIx64" smtp "
> - "event=failed-command command=\"%s\"
> result=\"%.*s\"",
> - s->id, tmp, n, buf);
> + "event=failed-command address=%s host=%s
> command=\"%s\" "
> + "result=\"%.*s\"",
> + s->id, ss_to_text(&s->ss), s->hostname, tmp, n,
> buf);
> }
> break;
> }
--
Gilles Chehade
https://www.poolp.org @poolpOrg
_CTL_REMOVE,
> IMSG_CTL_SCHEDULE,
> IMSG_CTL_SHOW_STATUS,
> - IMSG_CTL_SHUTDOWN,
> IMSG_CTL_TRACE_DISABLE,
> IMSG_CTL_TRACE_ENABLE,
> IMSG_CTL_UPDATE_TABLE,
> @@ -572,7 +571,7 @@ struct smtpd {
> #define SMTPD_OPT_NOACTION 0x0002
> uint32_tsc_opts;
>
> -#define SMTPD_EXITING0x0001
> +#define SMTPD_EXITING0x0001 /* unused */
> #define SMTPD_MDA_PAUSED 0x0002
> #define SMTPD_MTA_PAUSED 0x0004
> #define SMTPD_SMTP_PAUSED0x0008
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
; + fatalx("exited event loop");
>
> return (0);
> }
> Index: smtpd.c
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/smtpd.c,v
> retrieving revision 1.283
> diff -u -p -r1.283 smtpd.c
> --- smtpd.c 4 Sep 2016 09:33:49 - 1.283
> +++ smtpd.c 4 Sep 2016 14:37:31 -
> @@ -1050,8 +1050,8 @@ smtpd(void) {
> "getpw sendfd proc exec id inet unix", NULL) == -1)
> err(1, "pledge");
>
> - if (event_dispatch() < 0)
> - fatal("smtpd: event_dispatch");
> + event_dispatch();
> + fatalx("exited event loop");
>
> return (0);
> }
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
>pid, SIGTERM);
> + mproc_clear(p_ca);
> + mproc_clear(p_pony);
> + mproc_clear(p_control);
> + mproc_clear(p_lka);
> + mproc_clear(p_scheduler);
> + mproc_clear(p_queue);
>
> do {
> pid = waitpid(WAIT_MYPGRP, NULL, 0);
> @@ -292,8 +292,8 @@ parent_shutdown(int ret)
>
> unlink(SMTPD_SOCKET);
>
> - log_warnx("warn: parent terminating");
> - exit(ret);
> + log_info("Exiting");
> + exit(0);
> }
>
> static void
> @@ -333,16 +333,17 @@ static void
> parent_sig_handler(int sig, short event, void *p)
> {
> struct child*child;
> - int die = 0, die_gracefully = 0, status, fail;
> + int status, fail;
> pid_tpid;
> char*cause;
>
> switch (sig) {
> case SIGTERM:
> case SIGINT:
> - log_info("info: %s, shutting down", strsignal(sig));
> - die_gracefully = 1;
> - /* FALLTHROUGH */
> + log_debug("debug: got signal %d", sig);
> + parent_shutdown();
> + /* NOT REACHED */
> +
> case SIGCHLD:
> do {
> int len;
> @@ -379,7 +380,6 @@ parent_sig_handler(int sig, short event,
>
> switch (child->type) {
> case CHILD_DAEMON:
> - die = 1;
> if (fail)
> log_warnx("warn: lost child: %s %s",
> child->title, cause);
> @@ -434,10 +434,6 @@ parent_sig_handler(int sig, short event,
> free(cause);
> } while (pid > 0 || (pid == -1 && errno == EINTR));
>
> - if (die)
> - parent_shutdown(1);
> - else if (die_gracefully)
> - parent_shutdown(0);
> break;
> default:
> fatalx("smtpd: unexpected signal");
> @@ -1597,7 +1593,7 @@ imsg_dispatch(struct mproc *p, struct im
> int msg;
>
> if (imsg == NULL) {
> - exit(1);
> + imsg_callback(p, imsg);
> return;
> }
>
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
fix a bug where the specified family was ignored if the listener
> is given as a hostname.
>
>
i like it, ok
please commit soon so people get a chance to spot any error we didn't
gilles
> Index: parse.y
> =
shouldn't be fixed without admin
deciding to do so.
Then, we have changed permissions only twice in about 9 years of smtpd.
Both times we only required a one-time fix, kind of a flag day, to make
the transition and never hear about it again. It doesn't make sense
the user pointer is passed as parameter to the io
> callback instead of having the user dereference the io structure. There
> are places where the callback function is triggered outside of the io
> layer. It's not desirable, and it needs to be fixed in a separa
;
> /* No verification required, cascade */
> -
> - case IO_TLSVERIFIED:
> - x = SSL_get_peer_certificate(s->io.ssl);
> - if (x) {
> - log_info("%016"PRIx64" smtp "
> - "event=client-cert-check address=%s host=%s
> result=\"%s\"",
> - s->id, ss_to_text(&s->ss), s->hostname,
> - (s->flags & SF_VERIFIED) ? "success" : "failure");
> - X509_free(x);
> - }
> -
> - if (s->listener->flags & F_SMTPS) {
> - stat_increment("smtp.smtps", 1);
> - io_set_write(&s->io);
> - smtp_send_banner(s);
> - }
> - else {
> - stat_increment("smtp.tls", 1);
> - smtp_enter_state(s, STATE_HELO);
> - }
> - break;
>
> case IO_DATAIN:
> nextline:
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
; names in some cases.
>
> The point is of course to be able remove the use of iobuf_*() in the rest
> of the daemon.
>
yay, ok gilles@
please tell me the next diff removes iobuf_* :-p
> Index: ioev.c
> ===
>
On Mon, Nov 21, 2016 at 08:46:32PM +0100, Eric Faurot wrote:
> The api user should not have to care about normalizing the io input
> buffer (i.e. resetting the read/write pos in the buffer).
> Do it internally when reloading the io event.
>
yes please, ok gilles@
>
data is queued. So the
> > api user does not have to worry about it.
> >
> > Eric.
>
> Ok sunil@
>
been running with my server patched since yesterday, no regression
ok gilles@
> >
> > Index: ioev.c
> >
r each new io internally
> - use struct io pointer in the rest of the code
> - remove remaining uses of iobuf_*
>
> The diff is mostly mechanical.
>
ok gilles@
been running with this since saturday morning and tested both out and
in path, as well as bounce,
descriptors.
Links:
http://www.openbsd.org/errata56.html
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/025_smtpd.patch.sig
http://www.openbsd.org/errata57.html
http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/008_smtpd.patch.sig
--
Gilles Chehade
https://www.poolp.org
or's prerogative stand (by which i mean i don;t plan to
> change this).
>
I'm not really emotional about "priorly", I like "previously" better.
I think the only reason for this choice was that I was tired, could not
recall "previously" and when priorly popped in my mind, look(1) told me
that it was a real word ;-)
--
Gilles Chehade
https://www.poolp.org @poolpOrg
(Actually, could we just *use*
> > /etc/moduli?)
>
That would be a nice idea yes
--
Gilles Chehade
https://www.poolp.org @poolpOrg
filter code required a huge refactor,
I decided to wait until the unlock to bring the new changes.
You can either install smtpd w/ filters support from the tarballs on the
opensmtpd.org website, or wait till I commit everything in -current soon
or install sendmail & wait for
On Fri, Aug 14, 2015 at 09:40:32PM +, Larry Hynes wrote:
> On 2015-08-14, Gilles Chehade wrote:
> > On Thu, Aug 13, 2015 at 09:06:00AM +0100, Jason McIntyre wrote:
> >> On Thu, Aug 13, 2015 at 03:21:56AM +0100, Larry Hynes wrote:
> >> > This is a minor quibble,
e also haven't enabled the fts5 backend at this time.
>
> Now we could change strategies and I could only create a diff of the
> changes we actually want and then remove all these extra files from our
> tree and the use commit rather then import going forward.
>
> I would
During the last few months, researchers from Qualys Security have done
an audit of smtpd and have identified multiple reliability and security
issues.
The issues affect 5.6, 5.7 and forthcoming 5.8 release.
Patches are available. Apply the patch, rebuild smtpd and restart the
daemon.
5.6:
http:/
On Fri, Oct 02, 2015 at 05:17:39AM +0200, Gilles Chehade wrote:
> During the last few months, researchers from Qualys Security have done
> an audit of smtpd and have identified multiple reliability and security
> issues.
>
> The issues affect 5.6, 5.7 and forthcoming 5.8 release.
&
On Wed, Oct 21, 2015 at 10:41:16PM +0200, Gregor Best wrote:
> Nice to see rubber duck debugging working. The attached patch seems to
> be enough
>
Thanks.
There is work in progress to shring the pledge list but I have
committed this meanwhile to fix the immediate issue.
--
Gille
d = 0;
> +
> memset(&args, 0, sizeof args);
> addargs(&args, "%s", "makemap");
> for (i = 0; i < argc; i++)
> @@ -1021,6 +1025,7 @@ main(int argc, char **argv)
>
>
On Tue, Dec 22, 2015 at 09:27:29AM -0800, Serguey Parkhomovsky wrote:
> Since the default backend for the aliases table was recently changed
> from db to file, change the examples in smtpd.conf.5 to use the file
> backend as well.
>
committed, thanks
--
Gilles Chehade
https://w
On Tue, Dec 22, 2015 at 09:56:29PM +0100, Gilles Chehade wrote:
> On Tue, Dec 22, 2015 at 12:49:07PM -0800, Serguey Parkhomovsky wrote:
> > Rev 1.141 of smtpctl.c killed mail queueing for me:
> >
> > $ echo "test" | mail -s test sparkhom
> > $ send-m
be achieved on specific recipients if desired:
> +Further access control may be achieved on specific recipients if desired:
> .Bl -tag -width Ds
> .It Xo
> .Ic recipient
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
t32_t)((x)[0]) << 24 | (uint32_t)((x)[1]) << 16 | (uint32_t)((x)[2]) << 8
> | (uint32_t)((x)[3]) << 0; }
> +#define LOAD64BE(y, x) { (y) = (uint64_t)((x)[0]) << 56 | (uint64_t)((x)[1])
> << 48 | (uint64_t)((x)[2]) << 40 | (uint64_t)((x)[3
g messages without specifying a domain for sender
> or recipient, the local domain is assumed. this was correctly handled
> at the smtp level, but headers were not updated to reflect that.
>
> issue experienced by several people, fix tested by ajacoutot@ and I
> ok eric@
>
&g
le_socketmap.c 11 Jul 2014 04:29:33 -
> @@ -125,7 +125,7 @@ table_socketmap_connect(const char *s)
> return 1;
>
> err:
> - if (sock) {
> + if (sock != -1) {
> close(sock);
> sock = -1;
&
; @@ -108,6 +108,7 @@ table_msg_dispatch(void)
> char res[4096];
> int type, r;
>
> + bzero(res, sizeof(res));
> switch (imsg.hdr.type) {
> case PROC_TABLE_OPEN:
> table_msg_get(
tart TLS
> > smtp: 0x122aab01000: STATE_HELO -> STATE_TLS
> > debug: lka: looking up pki "test.verlet.org"
> > debug: session_start_ssl: switching to SSL
> > debug: pony: rsae_priv_enc
> > smtp-in: Started TLS on session fd98324226959da6: version=TLSv1/SSLv3,
&
101 - 200 of 276 matches
Mail list logo
