CVS: cvs.openbsd.org: src

2024-06-09 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2024/06/09 04:13:05

Modified files:
usr.sbin/smtpd : lka.c smtpd-api.h smtpd-tables.7 table.c 

Log message:
introduce a new K_AUTH service to allow offloading the credentials to a
table for non-crypt(3) authentication. tables configured with auth that
support K_AUTH are asked to check if a user and passwd are valid rather
than asked to provide the password for a user so smtpd does crypt(3) on
its side. helps with cases like ldap or custom auth.

ok op@



CVS: cvs.openbsd.org: src

2024-02-19 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2024/02/19 14:00:19

Modified files:
usr.sbin/smtpd : parse.y 

Log message:
no need to be as strict with table formats on various match constraints,
this prevents the reuse of T_HASH tables in T_LIST contexts when the key
column actually makes sense by itself.

diff from Philipp (philipp+openbsd [at] bureaucracy [dot] de)



CVS: cvs.openbsd.org: src

2024-02-02 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2024/02/02 16:33:42

Modified files:
usr.sbin/smtpd : lka_session.c 

Log message:
when an alternate delivery user is provided in a dispatcher, do not process
any recipient .forward file except that of the alternate delivery user.

ok millert@



CVS: cvs.openbsd.org: src

2024-02-02 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2024/02/02 15:02:12

Modified files:
usr.sbin/smtpd : lka_session.c smtpd.c smtpd.h 

Log message:
there's no good reason to allow smtpd to execute custom command set by root
in a .forward file so disallow custom commands and file reading, only allow
setting forward addresses and users.

as root is no longer allowed to run any MDA but mbox, we can be stricter on
the setup of the MDA process and refuse to exec anything that's not an mbox
dispatcher.

tested by op@ who edited a root envelope to simulate an exploit injecting a
custom command in a root envelope, smtpd refused to exec.

ok millert@ and op@



CVS: cvs.openbsd.org: src

2020-02-03 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/02/03 08:53:52

Modified files:
usr.sbin/smtpd : mta_session.c smtp_session.c 

Log message:
ORCPT addresses are prefixed with an address type, the stricter check cause
the prefix to be rejected as it contains a character not allowed in address

reported by Scott Vanderbilt



CVS: cvs.openbsd.org: src

2020-02-03 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/02/03 08:41:22

Modified files:
usr.sbin/smtpd : mda_mbox.c parse.y smtpd.c smtpd.h 

Log message:
now that mail.local(8) relies on lockspool(1) for mailbox locking, have the
mailbox created by smtpd for mbox before privileges are dropped then we can
call mail.local(8) with the recipient privileges.

ok millert@



CVS: cvs.openbsd.org: src

2020-02-02 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/02/02 15:13:48

Modified files:
usr.sbin/smtpd : mail.lmtp.c mda_unpriv.c parse.y 

Log message:
add SENDER to mda environment and teach lmtp to use that instead of command
line parameter. this allows simplifying lmtp command line and it would have
prevented the unpriv command exec for LMTP in recent advisory.

ok millert@ and jung@



CVS: cvs.openbsd.org: src

2020-02-01 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/02/01 08:33:46

Modified files:
usr.sbin/smtpd : smtp_session.c 

Log message:
be much stricter about ORCPT, it isn't in the code path of local delivery
and doesn't have an associated context variable, but let's be paranoid.

ok millert@



CVS: cvs.openbsd.org: src

2020-02-01 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/02/01 05:54:38

Modified files:
usr.sbin/smtpd : smtpd.c 

Log message:
condition to enter mda_mbox() is too strict, if user have commands in their
forward file they're not supposed to enter that code path.



CVS: cvs.openbsd.org: src

2020-01-31 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/01/31 15:01:20

Modified files:
usr.sbin/smtpd : parse.y smtpd-defines.h smtpd.c smtpd.h 
usr.sbin/smtpd/smtpd: Makefile 
Added files:
usr.sbin/smtpd : mda_mbox.c 

Log message:
introduce mda_mbox() to handle mbox delivery in its own code path, and make
it use execle() since we know all parameters and don't need command line to
be parsed.

ok millert@ and jung@



CVS: cvs.openbsd.org: www

2020-01-31 Thread Gilles Chehade
CVSROOT:/cvs
Module name:www
Changes by: gil...@cvs.openbsd.org  2020/01/31 03:01:02

Modified files:
opensmtpd  : security.html 

Log message:
new grammar was introduced with 6.4.0, not 6.0.0



CVS: cvs.openbsd.org: www

2020-01-29 Thread Gilles Chehade
CVSROOT:/cvs
Module name:www
Changes by: gil...@cvs.openbsd.org  2020/01/29 14:43:06

Modified files:
opensmtpd  : security.html 

Log message:
update security.html page of opensmtpd.org to reflect last advisory



CVS: cvs.openbsd.org: www

2020-01-28 Thread Gilles Chehade
CVSROOT:/cvs
Module name:www
Changes by: gil...@cvs.openbsd.org  2020/01/28 15:02:38

Modified files:
opensmtpd  : index.html 

Log message:
OpenSMTPD 6.6.2 released to address vulnerability discovered by Qualys



CVS: cvs.openbsd.org: src

2020-01-28 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/01/28 14:39:20

Modified files:
usr.sbin/smtpd : Tag: OPENBSD_6_6 smtp_session.c 

Log message:
this is errata 6.6/019_smtpd_exec.patch.sig



CVS: cvs.openbsd.org: src

2020-01-28 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/01/28 14:38:28

Modified files:
usr.sbin/smtpd : Tag: OPENBSD_6_5 smtp_session.c 

Log message:
this is errata 6.5/030_smtpd_exec.patch.sig



CVS: cvs.openbsd.org: src

2020-01-28 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/01/28 14:37:29

Modified files:
usr.sbin/smtpd : Tag: OPENBSD_6_6 mta_session.c 

Log message:
this is errata 6.6/018_smtpd_tls.patch.sig



CVS: cvs.openbsd.org: src

2020-01-28 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/01/28 14:36:28

Modified files:
usr.sbin/smtpd : Tag: OPENBSD_6_5 mta_session.c 

Log message:
this is errata 6.5/029_smtpd_tls.patch.sig



CVS: cvs.openbsd.org: src

2020-01-28 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/01/28 14:35:00

Modified files:
usr.sbin/smtpd : smtp_session.c 

Log message:
Fix a security vulnerability discovered by Qualys which can lead to a
privileges escalation on mbox deliveries and unprivileged code execution
on lmtp deliveries, due to a logic issue causing a sanity check to be
missed.

ok eric@, millert@



CVS: cvs.openbsd.org: src

2020-01-20 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/01/20 03:18:20

Modified files:
usr.sbin/smtpd : mta_session.c 

Log message:
opportunistic tls downgrade logic is more complex than it should and can in
some cases lead to a sanity check fatal() being hit. rework the logic so it
is simpler and makes the sanity check fatal() unreachable.

ok eric@ millert@



CVS: cvs.openbsd.org: src

2020-01-07 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/01/07 18:41:11

Modified files:
usr.sbin/smtpd : lka_filter.c parse.y smtpd.conf.5 smtpd.h 

Log message:
allow using the session username in builtin filters when available



CVS: cvs.openbsd.org: src

2020-01-07 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/01/07 17:33:29

Modified files:
usr.sbin/smtpd : lka_filter.c 

Log message:
enable builtin filtering for commit phase



CVS: cvs.openbsd.org: src

2020-01-07 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/01/07 17:30:44

Modified files:
usr.sbin/smtpd : lka_filter.c 

Log message:
emable builtin filtering for phase DATA, no idea why we didn't earlier as
the grammar allowed it and the code was already there.



CVS: cvs.openbsd.org: src

2020-01-07 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/01/07 17:05:38

Modified files:
usr.sbin/smtpd : mta_session.c smtp_session.c 

Log message:
reorder reporting events so they are triggered _after_ protocol-server
events. this ensures that both smtp-in and smtp-out receive the events
in the same order.



CVS: cvs.openbsd.org: src

2020-01-07 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/01/07 16:09:02

Modified files:
usr.sbin/smtpd : mta_session.c 

Log message:
generate tx-envelope before tx-rcpt like for smtp-in



CVS: cvs.openbsd.org: src

2020-01-07 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/01/07 16:03:37

Modified files:
usr.sbin/smtpd : mta_session.c report_smtp.c smtp_session.c 

Log message:
fix reporting of tx-mail and tx-rcpt for smtp-out



CVS: cvs.openbsd.org: src

2020-01-07 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/01/07 15:39:02

Modified files:
usr.sbin/smtpd : mta_session.c 

Log message:
generate link-auth reporting event for outgoing sessions



CVS: cvs.openbsd.org: src

2020-01-06 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/01/06 06:42:42

Modified files:
usr.sbin/smtpd : smtpd-filters.7 

Log message:
make it more explicit that filters are unique processes



CVS: cvs.openbsd.org: src

2020-01-06 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/01/06 04:03:06

Modified files:
usr.sbin/smtpd : smtpctl.c 

Log message:
do not allow passing options to smtpctl encrypt



CVS: cvs.openbsd.org: src

2020-01-06 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/01/06 04:02:38

Modified files:
usr.sbin/smtpd : parser.c 

Log message:
provide a better error message for invalid smtpctl commands



CVS: cvs.openbsd.org: www

2020-01-06 Thread Gilles Chehade
CVSROOT:/cvs
Module name:www
Changes by: gil...@cvs.openbsd.org  2020/01/06 02:05:33

Modified files:
.  : mail.html 

Log message:
m...@opensmtpd.org is not handled by majordomo, add link to instructions



CVS: cvs.openbsd.org: src

2020-01-03 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2020/01/03 15:01:29

Modified files:
usr.sbin/smtpd : smtp_session.c 

Log message:
upon return of authentication we log the username and generate an smtp-in
report for the authentication result, however we use a buffer that is too
small and usernames from virtual accounts may get truncated in logs.

reported by Bjorn Kalkbrenner



CVS: cvs.openbsd.org: src

2019-12-21 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/21 10:43:49

Modified files:
usr.sbin/smtpd : mta_session.c 

Log message:
upon connect to remote host extract hostname from banner when possible then
generate link-greeting smtp-out report event



CVS: cvs.openbsd.org: src

2019-12-21 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/21 04:47:34

Modified files:
usr.sbin/smtpd : lka_filter.c 

Log message:
if a filter was attached to a relay action in config, notify instance that
it can register smtp-out events



CVS: cvs.openbsd.org: src

2019-12-21 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/21 04:07:38

Modified files:
usr.sbin/smtpd : lka_filter.c mta_session.c parse.y 

Log message:
start bringing smtp-out reporting code, lacks some events still



CVS: cvs.openbsd.org: src

2019-12-21 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/21 03:40:20

Modified files:
usr.sbin/smtpd : smtpd.h 

Log message:
add FILTER_SUBSYSTEM_SMTP_OUT to filter_subsystem enum and add filter name
to struct dispatcher_remote, this will reduce the smtp-out reporting diff



CVS: cvs.openbsd.org: src

2019-12-21 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/21 03:34:07

Modified files:
usr.sbin/smtpd : mta.c 

Log message:
keep track of the relay action in relays, will be used for smtp-out
reporting



CVS: cvs.openbsd.org: src

2019-12-21 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/21 03:34:33

Modified files:
usr.sbin/smtpd : mta_session.c 

Log message:
keep track of DATA length in mta_session, will be needed for smtp-out
reporting



CVS: cvs.openbsd.org: src

2019-12-21 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/21 03:23:37

Modified files:
usr.sbin/smtpd : lka.c lka_filter.c smtp_session.c smtpd.h 

Log message:
do not pass rdns, fcrdns, ss_src and ss_dest with IMSG_FILTER_SMTP_BEGIN,
but gather the information from the link-connect reporting event instead.
this removes redundant code and makes it easier to prepare for smtp-out.



CVS: cvs.openbsd.org: src

2019-12-20 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/21 00:16:02

Modified files:
usr.sbin/smtpd : smtp_session.c 

Log message:
do not generate smtp reports for unfiltered sessions, the events will be
discarded in lookup process anyways and this goes in the way of smtp-out
work



CVS: cvs.openbsd.org: src

2019-12-18 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/18 03:00:39

Modified files:
usr.sbin/smtpd : config.c parse.y smtpd.c smtpd.h 

Log message:
give a better name to a couple functions and struct fields related to
filters, no functional change



CVS: cvs.openbsd.org: src

2019-12-17 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/18 00:57:52

Modified files:
usr.sbin/smtpd : lka.c mta.c parse.y smtpd.conf.5 smtpd.h 

Log message:
teach relay action how to do domain-based relay host, this allows declaring
a single relay action with a mapping of relay hosts per domain.

ok eric@



CVS: cvs.openbsd.org: src

2019-12-14 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/14 10:12:44

Modified files:
usr.sbin/smtpd : mail.mboxfile.c 

Log message:
failing fsync() with EINVAL should not cause a TempFail in mboxfile,
it means the file was most likely a device not supporting fsync() so
we can't do much and retrying isn't going to help.



CVS: cvs.openbsd.org: src

2019-12-14 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/14 09:24:52

Modified files:
usr.sbin/smtpd : lka_filter.c parse.y smtpd.conf.5 smtpd.h 

Log message:
introduce a bypass keyword so that builtin filters can bypass processing of
a phase when a condition is met

suggested by several people including jung@, ok jung@



CVS: cvs.openbsd.org: src

2019-12-13 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/13 12:58:59

Modified files:
usr.sbin/smtpd : smtpd.conf.5 

Log message:
fix DKIM example

mistake spotted by jmc@



CVS: cvs.openbsd.org: src

2019-12-13 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/13 11:13:08

Modified files:
usr.sbin/smtpd : smtpd-filters.7 

Log message:
occuring -> occurring

spotted by jmc@



CVS: cvs.openbsd.org: src

2019-12-13 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/13 06:21:24

Modified files:
usr.sbin/smtpd : spfwalk.c 

Log message:
add support for CIDR in a: spf atoms

diff from Quentin Rameau 



CVS: cvs.openbsd.org: src

2019-12-13 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/13 05:48:05

Removed files:
usr.sbin/smtpd : lka_proc.c 

Log message:
file no longer exists



CVS: cvs.openbsd.org: src

2019-12-13 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/13 05:43:56

Modified files:
usr.sbin/smtpd : lka_filter.c 
usr.sbin/smtpd/smtpd: Makefile 

Log message:
lka_proc.c had common code to fork a proc filter for lka_filter.c and
lka_report.c, but now that lka_filter.c encompasses all the filter API,
we might as well merge lka_proc.c and its handful of functions in it.



CVS: cvs.openbsd.org: src

2019-12-13 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/13 01:14:51

Modified files:
usr.sbin/smtpd : smtpd.c 

Log message:
add IMSG_REPORT_SMTP_LINK_GREETING, IMSG_REPORT_SMTP_LINK_IDENTIFY and
IMSG_REPORT_SMTP_LINK_AUTH to imsg_to_str()



CVS: cvs.openbsd.org: src

2019-12-12 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/12 17:31:20

Modified files:
usr.sbin/smtpd : smtpd.conf.5 

Log message:
update examples, document that DKIM signing may be achieved through the
opensmtpd-filter-dkimsign and opensmtpd-filter-rspamd packages without the
queue reinjection trick used for dkimproxy.



CVS: cvs.openbsd.org: src

2019-12-12 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/12 15:10:47

Modified files:
usr.sbin/smtpd : lka.c lka_proc.c parse.y smtpd-filters.7 
 smtpd.c smtpd.h 

Log message:
filter protocol has an initial handshake within which smtpd tells filters
about a few global configuration informations. this makes smtpd tell proc
filters for which subsystem they are registered allowing them to register
only events that are relevant.



CVS: cvs.openbsd.org: src

2019-12-12 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/12 13:49:06

Removed files:
usr.sbin/smtpd : lka_report.c 

Log message:
remove file, code was moved to a different file



CVS: cvs.openbsd.org: src

2019-12-12 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/12 13:47:39

Modified files:
usr.sbin/smtpd : lka_filter.c 
usr.sbin/smtpd/smtpd: Makefile 

Log message:
move the lka_report.c code into lka_filter.c, they were originally split as
the reporting API came first but in the end, filters rely on reporting then
reporting requires a proc filter, so they're just two pieces of a same API.



CVS: cvs.openbsd.org: src

2019-12-12 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/12 07:36:59

Added files:
usr.sbin/smtpd : smtpd-filters.7 

Log message:
start documenting the proc filter API, this is a work in progress, not
installed yet



CVS: cvs.openbsd.org: src

2019-12-09 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/12/09 13:36:22

Modified files:
usr.sbin/smtpd : lka_filter.c lka_report.c 

Log message:
swap two fields in the filter response protocol to match order of fields in
the query protocol. this difference was overlooked and is error-prone for a
filter developer. bump filter protocol.

when you update your smtpd, if you use filters, they'll need to be updated.

spotted by Chris Ross 



CVS: cvs.openbsd.org: src

2019-11-26 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/11/26 13:42:35

Modified files:
usr.sbin/smtpd : smtpd.conf.5 

Log message:
document that listen on socket can have filters attached

original diff from Ryan Kavanagh , slightly rearranged



CVS: cvs.openbsd.org: src

2019-11-26 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/11/26 13:26:22

Modified files:
usr.sbin/smtpd : mail.lmtp.c 

Log message:
in mail.lmtp.c, split LMTP connection fd into two FILE * streams

diff from fgma on github



CVS: cvs.openbsd.org: src

2019-11-26 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/11/26 13:14:38

Modified files:
etc/mail   : smtpd.conf 

Log message:
make implicit "listen on socket" explicit, the default config no longer has
any implicit behavior

ok eric@, kn@



CVS: cvs.openbsd.org: src

2019-11-25 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/11/26 00:50:01

Modified files:
usr.sbin/smtpd : parse.y smtpd.conf.5 

Log message:
allow using 'auth' as an origin:

match from auth [...]

will match any authenticated session, disregarding where it comes from



CVS: cvs.openbsd.org: src

2019-11-25 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/11/26 00:28:37

Modified files:
usr.sbin/smtpd : parse.y 

Log message:
whitespaces



CVS: cvs.openbsd.org: src

2019-11-25 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/11/25 23:10:20

Modified files:
usr.sbin/smtpd : parse.y smtpd.conf.5 

Log message:
mail-from and rcpt-to already carry origin and destination, so we can make
them a "for" and "from" parameter and allow grammar to express:

match from mail-from gil...@openbsd.org for rcpt-to e...@openbsd.org

rather than:

match from any mail-from gil...@openbsd.org \
for domain openbsd.org rcpt-to e...@openbsd.org [...]

ok eric@, jung@, millert@



CVS: cvs.openbsd.org: src

2019-11-25 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/11/25 07:23:00

Modified files:
usr.sbin/smtpd : smtpd.conf.5 

Log message:
document that rules can match specific users or user lists now



CVS: cvs.openbsd.org: src

2019-11-25 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/11/25 07:18:33

Modified files:
usr.sbin/smtpd : envelope.c ruleset.c smtp_session.c smtpd.h 

Log message:
store smtp session username in envelope and allow ruleset to match specific
users or mailaddr:

match auth "gil...@openbsd.org" [...]
match auth "@openbsd.org" [...]

ok eric@



CVS: cvs.openbsd.org: src

2019-11-25 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/11/25 06:30:04

Modified files:
etc/mail   : smtpd.conf 

Log message:
use explicit from notation in default config

ok eric@



CVS: cvs.openbsd.org: src

2019-11-19 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/11/19 15:04:04

Modified files:
usr.sbin/smtpd : smtpd.conf.5 

Log message:
fix typos in smtpd.conf.5

from Ryan Kavanagh



CVS: cvs.openbsd.org: src

2019-11-12 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/11/12 14:02:42

Modified files:
usr.sbin/smtpd : parse.y smtpd.conf.5 

Log message:
a long long time ago, there was no such thing as "from socket" and the
socket listener was tagged "local" so we could trick "from local" into
matching non-network connections.

this hack was removed years ago and the socket listener still had this
"local" tag hardcoded. this commit teaches parse.y how to assign a tag
to a socket listener and removes the hardcoded "local".



CVS: cvs.openbsd.org: src

2019-11-12 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/11/12 13:21:46

Modified files:
usr.sbin/smtpd : ruleset.c to.c 

Log message:
fix a logic bug in ruleset matching that makes `from socket` rules possibly
crash depending on how the ruleset is crafted.



CVS: cvs.openbsd.org: src

2019-11-11 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/11/11 10:20:25

Modified files:
usr.sbin/smtpd : spfwalk.c 

Log message:
fix 'mx:' mechanism in smtpd spf walk

diff from Quentin Rameau 



CVS: cvs.openbsd.org: www

2019-11-05 Thread Gilles Chehade
CVSROOT:/cvs
Module name:www
Changes by: gil...@cvs.openbsd.org  2019/11/05 12:18:30

Modified files:
opensmtpd  : index.html 

Log message:
minor release 6.6.1 fixes many issues in the portable layer of opensmtpd to
bring back support for most Linux distros, disregarding if Glibc or Musl or
OpenSSL or LibreSSL.



CVS: cvs.openbsd.org: src

2019-11-03 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/11/03 17:05:38

Modified files:
usr.sbin/smtpd : ruleset.c 

Log message:
fix a possible crash when combining "from rdns", nested virtual aliases and
a particular sequence of rules causing "from rdns" to be hit again from the
expanded aliases. this requires crafting a specific configuration.



CVS: cvs.openbsd.org: src

2019-11-03 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/11/03 16:58:51

Modified files:
usr.sbin/smtpd : smtpd.h 

Log message:
6.6.0 -> 6.6.1



CVS: cvs.openbsd.org: src

2019-11-01 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/11/01 21:16:45

Modified files:
usr.sbin/smtpd : ssl_verify.c 

Log message:
switch ASN1_STRING_data() with constified ASN1_STRING_get0_data()



CVS: cvs.openbsd.org: www

2019-10-26 Thread Gilles Chehade
CVSROOT:/cvs
Module name:www
Changes by: gil...@cvs.openbsd.org  2019/10/26 06:51:15

Modified files:
opensmtpd  : donations.html index.html portable.html 
Added files:
opensmtpd/announces: release-6.6.0.txt 

Log message:
opensmtpd-6.6.0 is out



CVS: cvs.openbsd.org: src

2019-10-04 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/10/04 02:34:29

Modified files:
usr.sbin/smtpd : smtp_session.c 

Log message:
remove strict \r check, the downside overweights the advantages, we'll
revisit a proper fix post release

committing on behalf of martijn@, ok eric@ and I



CVS: cvs.openbsd.org: src

2019-10-03 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/10/03 02:51:43

Modified files:
usr.sbin/smtpd : spfwalk.c 

Log message:
no need to increment argv and decrement argc, we're not using them later



CVS: cvs.openbsd.org: src

2019-10-03 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/10/03 02:50:08

Modified files:
usr.sbin/smtpd : mda.c 

Log message:
no need to set n to 0 right before assigning it ret value from io_printf()



CVS: cvs.openbsd.org: src

2019-10-03 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/10/03 01:03:24

Modified files:
usr.sbin/smtpd : iobuf.c 

Log message:
remove useless check and dead code



CVS: cvs.openbsd.org: src

2019-10-02 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/10/02 23:50:28

Modified files:
usr.sbin/smtpd : mproc.c 

Log message:
check imsg_flush() return value and fatal() if == -1



CVS: cvs.openbsd.org: src

2019-10-02 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/10/02 23:48:33

Modified files:
usr.sbin/smtpd : mda.c 

Log message:
make it obvious we don't care about text_to_mailaddr() return values, we've
already checked it upfront and wouldn't reach this point if it didn't parse
correctly.



CVS: cvs.openbsd.org: src

2019-10-02 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/10/02 23:46:55

Modified files:
usr.sbin/smtpd : mail.lmtp.c 

Log message:
free() destination server copy, not a real leak since the program is short
lived but still



CVS: cvs.openbsd.org: src

2019-10-02 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/10/02 23:42:57

Modified files:
usr.sbin/smtpd : lka_report.c 

Log message:
fix wrong sizeof in lka reporters init



CVS: cvs.openbsd.org: src

2019-10-02 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/10/02 23:08:21

Modified files:
usr.sbin/smtpd : smtp_session.c 

Log message:
we should never hit the smtp reports with an s->tx set to NULL but better
be safe than sorry, check upfront



CVS: cvs.openbsd.org: src

2019-10-02 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/10/02 23:04:45

Modified files:
usr.sbin/smtpd : smtp_session.c 

Log message:
fix possible use-after-free in error code path



CVS: cvs.openbsd.org: src

2019-10-02 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/10/02 22:51:15

Modified files:
usr.sbin/smtpd : table_proc.c 

Log message:
fatal() if imsg_flush() call fails in table proc



CVS: cvs.openbsd.org: src

2019-10-02 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/10/02 22:49:12

Modified files:
usr.sbin/smtpd : util.c 

Log message:
fix memory leak in error code path



CVS: cvs.openbsd.org: src

2019-09-30 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/09/30 07:27:12

Modified files:
usr.sbin/smtpd : lka_proc.c 

Log message:
add smtpd-version config key in filters handshake



CVS: cvs.openbsd.org: src

2019-09-29 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/09/29 04:14:19

Modified files:
usr.sbin/smtpd : spfwalk.c 

Log message:
- remove specific cases for +a and +mx as the + prefix is handled earlier
- support mx: notation

diff from Quentin Rameau 



CVS: cvs.openbsd.org: src

2019-09-29 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/09/29 04:03:49

Modified files:
usr.sbin/smtpd : smtpd.h srs.c util.c 

Log message:
SRS uses base64 encoding for the checksum, however while this is ok when we
only have MTA in the loop, some implementations like Dovecot's LMTP dislike
finding '/' in an e-mail address. Since checksum is meant to be verified at
the MX that generated the SRS encoding, use alternate rfc354 base64 encode,
swapping '/' with '_' and '+' with '-'.

ok eric@ millert@



CVS: cvs.openbsd.org: src

2019-09-20 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/09/20 11:46:05

Modified files:
usr.sbin/smtpd : config.c lka_session.c mta.c mta_session.c 
 parse.y smtpd.conf.5 smtpd.h 
usr.sbin/smtpd/smtpd: Makefile 
Added files:
usr.sbin/smtpd : srs.c 

Log message:
teach smtpd how to do SRS so hosts that act as forwarders don't break SPF.
this basic implementation does SRS0/SRS1 encoding/decoding, validating time
and checksums.

with insight from semarie@, ok eric@ and millert@



CVS: cvs.openbsd.org: src

2019-09-19 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/09/19 10:00:59

Modified files:
usr.sbin/smtpd : envelope.c smtp_session.c to.c 

Log message:
second attempt at fixing how we display inet6 addresses in smtpd. this diff
is simpler than my initial reverted attempt, corrects the likely reason for
the initial revert and has been running successfully for the day on my MX
with tons of incoming and outgoing inet6 trafic.

ok millert@



CVS: cvs.openbsd.org: src

2019-09-19 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/09/19 08:40:53

Modified files:
usr.sbin/smtpd : report_smtp.c 

Log message:
in tx-mail / tx-rcpt reports, do not pass the brackets <> and remove any
of the MAIL FROM / RCPT TO options. filters use the mail-from and rcpt-to
hooks to retrieve these should they need it.

fixes bogus tx-mail / tc-rcpt reports



CVS: cvs.openbsd.org: src

2019-09-19 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/09/19 01:35:36

Modified files:
usr.sbin/smtpd : mda_variables.c smtpd.h 

Log message:
unescape / and ^ in the general delivery case, they only need to be for
maildir

ok eric@



CVS: cvs.openbsd.org: www

2019-09-18 Thread Gilles Chehade
CVSROOT:/cvs
Module name:www
Changes by: gil...@cvs.openbsd.org  2019/09/18 09:03:38

Modified files:
.  : 66.html 

Log message:
smtpd also gained proxy-v2 support



CVS: cvs.openbsd.org: www

2019-09-16 Thread Gilles Chehade
CVSROOT:/cvs
Module name:www
Changes by: gil...@cvs.openbsd.org  2019/09/16 12:25:29

Modified files:
.  : 66.html 

Log message:
fill the opensmtpd part



CVS: cvs.openbsd.org: src

2019-09-14 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/09/14 00:20:27

Modified files:
usr.sbin/smtpd : mta.c 

Log message:
in mta_relay_cmp() properly check that authlabel or backupname are not NULL
before comparing their value with other relays

diff from Caspar Schutijser 



CVS: cvs.openbsd.org: src

2019-09-11 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/09/11 14:06:26

Modified files:
usr.sbin/smtpd : lka_filter.c 

Log message:
when replace tree_xget() with tree_get() ... actually use tree_get() so the
change actually does something.



CVS: cvs.openbsd.org: src

2019-09-10 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/09/10 13:30:12

Modified files:
usr.sbin/smtpd : lka_filter.c 

Log message:
do not use tree_xget() between filters resume as a session may legitimately
go away due to a disconnection before a filter responds.

diff from martijn@, committing on his behalf



CVS: cvs.openbsd.org: src

2019-09-10 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/09/10 01:03:16

Modified files:
usr.sbin/smtpd : lka_report.c 

Log message:
simplify lka reporting functions by moving the reqid inside the broadcast
function: reqid is a mandatory part of the header. lka reporting functions
now only append their own specific parameters.

ok martijn@



CVS: cvs.openbsd.org: src

2019-09-04 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/09/04 02:30:36

Modified files:
usr.sbin/smtpd : lka_report.c lka_filter.c 

Log message:
bump version



CVS: cvs.openbsd.org: src

2019-09-04 Thread Gilles Chehade
CVSROOT:/cvs
Module name:src
Changes by: gil...@cvs.openbsd.org  2019/09/04 01:38:20

Modified files:
usr.sbin/smtpd : lka_filter.c 

Log message:
disallow proc filters from responding with junk action at commit

spotted by martijn@



  1   2   3   4   5   6   7   8   9   10   >