CVSROOT: /cvs Module name: src Changes by: gil...@cvs.openbsd.org 2012/08/29 10:26:17
Modified files: usr.sbin/smtpd : compress_backend.c mta.c parse.y queue_backend.c smtp.c smtpd.c smtpd.conf.5 smtpd.h usr.sbin/smtpd/makemap: Makefile usr.sbin/smtpd/smtpctl: Makefile usr.sbin/smtpd/smtpd: Makefile Added files: usr.sbin/smtpd : crypto_backend.c Log message: Introduce the crypto_backend API and provide support for... encrypted queue using the new API. By default, OpenSMTPD does not provide queue encryption, but it can be enabled with "queue encryption [args]" and will transparently encrypt/decrypt envelopes/messages as they hit the queue. By default, it will use Blowfish in CBC mode with a different random IV for each envelope and message. User provided key is expanded using sha256 but a different cipher and digest may be specified in smtpd.conf Queue encryption is compatible with compression and if both options are set it will do them in correct order and transparently. tested by chl@, a few users and myself ok chl@ and I