On Tue, Aug 04, 2015 at 04:00:58PM -0700, Doug Hogan wrote:
> On Tue, Aug 04, 2015 at 04:02:10PM +0200, L?VAI D?niel wrote:
> > I maybe have overlooked something, but this syntax mentioned in the
> > manual didn't work:
> >
> > accept from any for domain "..." relay backup verify expire 30d
> >
> > ... on the other hand, this has been working:
> > accept from any for domain "..." relay backup tls verify expire 30d
> >
> > ... and writing only 'tls' also did work.
>
> This looks like the correct documentation fix to me.
>
> In usr.sbin/smtpd/parse.y, opt_relay allows TLS or TLS VERIFY.
> opt_relay_via allows for VERIFY but that's not reachable from RELAY
> relay.
>
> > Index: smtpd.conf.5
> > ===================================================================
> > RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v
> > retrieving revision 1.126
> > diff -p -u -r1.126 smtpd.conf.5
> > --- smtpd.conf.5 4 Jun 2015 14:23:00 -0000 1.126
> > +++ smtpd.conf.5 4 Aug 2015 13:53:50 -0000
> > @@ -311,7 +311,7 @@ This parameter may use conversion specif
> > .Op Ic hostname Ar name
> > .Op Ic hostnames No < Ns Ar names Ns >
> > .Op Ic pki Ar pkiname
> > -.Op Ic tls | verify
> > +.Op Ic tls | tls verify
> > .Ek
> > .Xc
> > .Pp
>
if this were the case, i'd say we want:
[tls [verify]]
but the doc currently says:
Note that the tls and verify options are mutually exclusive and
should only be used in private networks as they will prevent
proper relaying on the Internet.
so the fix proposed is not enough (or too much ;)
jmc
