For clarity and consistency, we'd like to change the url-like schemes
used for specifying smarthost relays in smtpd.conf, to make them match
what has been set for smtp(1). The proposed changes are as follow:
- the "+auth" specifier is removed: it is implied by the presence of an
auth label in the rest of the string
- "secure://" is removed: use "smtp+tls://" or "smtps://" explicitely
- "tls://" is removed, and replaced by "smtp+tls://"
- "smtp://" becomes SMTP with opportunistic STARTTLS: use "smtp+notls://"
to disable TLS
- "smtp+tls://" becomes SMTP with mandatory STARTTLS: use "smtp://" for
opportunistic STARTTLS
It might look confusing (especially since the current schemes are
apparently not documented), but in practice, the update process is
very simple:
1) If you have "+auth" just remove it,
2) then rewrite the rest as follow:
smtp+tls:// -> smtp://
smtp:// -> smtp+notls://
tls:// -> smtp+tls://
smtps:// -> no change
lmtp:// -> no change
secure:// -> choose between smtp+tls:// and smtps://
For example, when relaying through a smarthost with authentication,
the change would be:
-action "foo" relay host "tls+auth://la...@smtp.example.com" auth <secrets>
+action "foo" relay host "smtp+tls://la...@smtp.example.com" auth <secrets>
or, when using smtps:
-action "foo" relay host "smtps+auth://la...@smtp.example.com" auth <secrets>
+action "foo" relay host "smtps://la...@smtp.example.com" auth <secrets>
The default remains SMTP with opportunistic STARTTLS, so a rule like
the following has the same behaviour as before:
action "foo" relay host "smtp.example.com"
Note that there is no impact on incoming or queued mails. The
consequences for running with the new schemes without updating the
config first are:
- an "smtp://" relay would start to do opportunistic STARTTLS, so at worst
mails would be sent over a secure channel instead of plain text.
- an "smtp+tls://" relay would not fallback to plain text if STARTTLS fails,
and the mail will tempfail.
- in all other cases, the mail will tempfail with a warning.
Does that look fine?
Eric.
Index: to.c
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/to.c,v
retrieving revision 1.31
diff -u -p -r1.31 to.c
--- to.c 7 Jun 2018 11:31:51 -0000 1.31
+++ to.c 29 Aug 2018 07:32:52 -0000
@@ -310,15 +310,11 @@ text_to_relayhost(struct relayhost *rela
* new schemas should be *appended* otherwise the default
* schema index needs to be updated later in this function.
*/
- { "smtp://", 0 },
+ { "smtp://", RELAY_TLS_OPTIONAL },
+ { "smtp+tls://", RELAY_STARTTLS },
+ { "smtp+notls://", 0 },
{ "lmtp://", RELAY_LMTP },
- { "smtp+tls://", RELAY_TLS_OPTIONAL },
- { "smtps://", RELAY_SMTPS },
- { "tls://", RELAY_STARTTLS },
- { "smtps+auth://", RELAY_SMTPS|RELAY_AUTH },
- { "tls+auth://", RELAY_STARTTLS|RELAY_AUTH },
- { "secure://", RELAY_SMTPS|RELAY_STARTTLS },
- { "secure+auth://", RELAY_SMTPS|RELAY_STARTTLS|RELAY_AUTH }
+ { "smtps://", RELAY_SMTPS }
};
const char *errstr = NULL;
char *p, *q;
@@ -341,8 +337,8 @@ text_to_relayhost(struct relayhost *rela
if (strstr(buffer, "://"))
return 0;
- /* no schema, default to smtp+tls:// */
- i = 2;
+ /* no schema, default to smtp:// */
+ i = 0;
p = buffer;
}
else
@@ -397,10 +393,13 @@ text_to_relayhost(struct relayhost *rela
return 0;
if ((relay->flags & RELAY_LMTP) && (relay->port == 0))
return 0;
- if (relay->authlabel[0] == '\0' && relay->flags & RELAY_AUTH)
- return 0;
- if (relay->authlabel[0] != '\0' && !(relay->flags & RELAY_AUTH))
- return 0;
+ if (relay->authlabel[0]) {
+ /* disallow auth on non-tls scheme. */
+ if (!(relay->flags & (RELAY_STARTTLS | RELAY_SMTPS)))
+ return 0;
+ relay->flags |= RELAY_AUTH;
+ }
+
return 1;
}
