Just released a new filter-rspamd with your diff, thanks
> On 14 Jun 2023, at 19:23, Omar Polo wrote:
>
> Hello,
>
> the `link-auth' event hash the user first and the result of the
> operation after; this breaks when a username has a '|' character in
> it. Since this is triggered by the
Hello,
As discussed, this looks correct to me
> On 22 Sep 2021, at 15:46, Eric Faurot wrote:
>
> Hi.
>
> A user reported that decoded SRS addresses are not correctly evaluated
> against the ruleset. That's because the ruleset always matches against
> the expanded address ("dest") and not the
> On 29 Aug 2021, at 16:14, Peter J. Philipp wrote:
>
> On Sun, Aug 29, 2021 at 07:16:20AM -0600, Theo de Raadt wrote:
>> Is there a strong reason why this has to be in that specific library?
>
> Not really. I did see gnutls has dane functions and openssl has them too.
> I can stick to just
Re-sending, I forgot to cc: aisha & tech:
> On 12 Jun 2021, at 22:47, Gilles CHEHADE wrote:
>
>>
>> On 12 Jun 2021, at 15:15, Eric Faurot wrote:
>>
>> On Wed, Jun 09, 2021 at 05:41:36PM -0400, Aisha Tammy wrote:
>>> Hi,
>>> Here is
> On 12 Jun 2021, at 18:57, Aisha Tammy wrote:
>
> On 6/12/21 9:15 AM, Eric Faurot wrote:
>> On Wed, Jun 09, 2021 at 05:41:36PM -0400, Aisha Tammy wrote:
>>> Hi,
>>> Here is the updated diff, which removes table_proc and adds
>>> table_procexec as the default backend when no backend name
> On 9 Jun 2021, at 17:13, Aisha Tammy wrote:
>
>
>
> On 6/9/21 10:34 AM, Gilles CHEHADE wrote:
>>
>>> On 9 Jun 2021, at 15:47, Aisha Tammy wrote:
>>>
>>> On 6/9/21 5:19 AM, Gilles CHEHADE wrote:
>>>> Hi,
>>>>
> On 9 Jun 2021, at 15:47, Aisha Tammy wrote:
>
> On 6/9/21 5:19 AM, Gilles CHEHADE wrote:
>> Hi,
>>
>> I wrote table_procexec (despite the copyright which I copy-pasted and forgot
>> to replace author) so just providing a bit of insight:
> Ah, I did
Hi,
I wrote table_procexec (despite the copyright which I copy-pasted and forgot to
replace author) so just providing a bit of insight:
table_procexec was written as a proof of concept for a new table protocol
inspired by the filter protocol to make it easier to write privsep table
backends
Been running it for a few days, no regressions so far
> On 5 Feb 2021, at 09:35, Eric Faurot wrote:
>
> No much report so far.
> Anybody had a chance to test this?
> Here is the same diff again with manpage update this time.
>
> Eric.
>
> Index: ca.c
>
Hello,
The following diff plugs a memory leak in regex lookups.
Cheers,
diff --git a/usr.sbin/smtpd/table.c b/usr.sbin/smtpd/table.c
index 4691..d1578403 100644
--- a/usr.sbin/smtpd/table.c
+++ b/usr.sbin/smtpd/table.c
@@ -470,6 +470,7 @@ table_regex_match(const char *string, const char
> On 20 Dec 2020, at 18:15, Chris Bennett
> wrote:
>
> On Sun, Dec 20, 2020 at 09:51:35AM +0100, Gilles CHEHADE wrote:
>>
>>
>>> On 20 Dec 2020, at 07:13, Sebastien Marie wrote:
>>>
>>> On Sat, Dec 19, 2020 at 10:36:32PM +, gil.
Ping ?
> On 14 Dec 2020, at 11:34, Gilles Chehade wrote:
>
> Hello,
>
> Upon termination, the parent process will call parent_shutdown() which will
> in turn call mproc_clear() to properly terminate IPC with child processes.
>
> In mproc_clear(), event_del() is calle
> On 20 Dec 2020, at 10:14, Sebastien Marie wrote:
>
> On Sat, Dec 19, 2020 at 11:19:10PM -0700, Theo de Raadt wrote:
>> There are thousands of people with smtpd configurations, and sysmerge
>> is not going to handle this.
>>
>> We cannot expect them all to change their files. This is
> On 20 Dec 2020, at 10:03, Gilles CHEHADE wrote:
>
>
>> On 20 Dec 2020, at 07:19, Theo de Raadt wrote:
>>
>> There are thousands of people with smtpd configurations, and sysmerge
>> is not going to handle this.
>>
>> We cannot expect the
> On 20 Dec 2020, at 03:21, Theo de Raadt wrote:
>
> Todd C. Miller wrote:
>
>> I like this direction but I worry about breaking existing configs.
>> How are we going to alert existing users that they need to update
>> their configs if the behavior silently changes?
>
> I think the
> On 20 Dec 2020, at 07:19, Theo de Raadt wrote:
>
> There are thousands of people with smtpd configurations, and sysmerge
> is not going to handle this.
>
> We cannot expect them all to change their files. This is madness.
>
> Gilles, I think you should be adding an option that blocks it
> On 20 Dec 2020, at 07:13, Sebastien Marie wrote:
>
> On Sat, Dec 19, 2020 at 10:36:32PM +, gil...@poolp.org wrote:
>> Hello,
>>
>> Whenever a rule with a local action (mbox, maildir, lmtp or mda) is matched,
>> smtpd will
>> attempt to search for a ~/.forward file in the recipient
> On 20 Dec 2020, at 02:09, Todd C. Miller wrote:
>
> I like this direction but I worry about breaking existing configs.
> How are we going to alert existing users that they need to update
> their configs if the behavior silently changes?
>
> - todd
I agree and this diff was more to suggest
Hello,
Upon termination, the parent process will call parent_shutdown() which will in
turn call mproc_clear() to properly terminate IPC with child processes.
In mproc_clear(), event_del() is called but a check is lacking to ensure
event_add() was called prior to this.
On OpenBSD, this doesn’t
er called from forkmda()");
log_debug("debug: smtpd: forking mda for session %016"PRIx64
": %s as %s", id, deliver->userinfo.username,
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
@
table aliases file:/etc/mail/aliases
+listen on socket
+
# To accept external mail, replace with: listen on all
#
listen on lo0
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
On Mon, Nov 25, 2019 at 08:30:21AM +0100, Gilles Chehade wrote:
> On Mon, Nov 25, 2019 at 01:09:20AM +0100, Joerg Jung wrote:
> > On Sun, Nov 24, 2019 at 10:54:14AM +0100, Gilles Chehade wrote:
> > >
> > > Ten years ago, it seemed a very neat idea that OpenSMTPD wou
On Mon, Nov 25, 2019 at 01:09:20AM +0100, Joerg Jung wrote:
> On Sun, Nov 24, 2019 at 10:54:14AM +0100, Gilles Chehade wrote:
> >
> > Ten years ago, it seemed a very neat idea that OpenSMTPD would have some
> > implicit defaults to avoid people creating open relays.
e explicit notation to default config,
then put a startup warning in the next release so configurations are not
broken but people spot that this is no longer encouraged and we can then
later kill it.
--
Gilles Chehade @poolpOrg
https://www.poolp
> diff -u -p -r1.389 smtp_session.c
> --- smtp_session.c20 Feb 2019 11:56:27 - 1.389
> +++ smtp_session.c24 Apr 2019 09:33:35 -
> @@ -1078,7 +1078,7 @@ smtp_io(struct io *io, int evt, void *ar
>
> case IO_DATAIN:
> nextline:
> - line = io_getline(s->io, );
> + line = io_getline_rn(s->io, );
> if ((line == NULL && io_datalen(s->io) >= SMTP_LINE_MAX) ||
> (line && len >= SMTP_LINE_MAX)) {
> s->flags |= SF_BADINPUT;
> @@ -2727,7 +2727,7 @@ filter_session_io(struct io *io, int evt
> switch (evt) {
> case IO_DATAIN:
> nextline:
> - line = io_getline(tx->filter, );
> + line = io_getline_rn(tx->filter, );
> /* No complete line received */
> if (line == NULL)
> return;
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
io_set_write(io);
- return;
- }
-
/* Message body */
eom = 0;
if (s->state == STATE_BODY) {
@@ -2792,7 +2783,7 @@ filter_session_io(struct io *io, int evt, void *arg)
switch (evt) {
case IO_DATAIN:
nextline:
-
xing iobuf is not a two liner and it affects virtually all of
the daemon and at this point we're looking for stability in the code, so
unless eric@ or you can come up with a diff that's trivial and that will
not affect any code paths beyond smtp client and filter getlines(), I'll
prefer a degraded
- do we leave '\r' in the body ?
b- do we turn '\r' into '\n'
c- do we keep strict behavior ?
d- do we keep strict behavior + provide a knob for '\r' to work ?
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
o I added a
> similar check there.
>
> I'd like you to double-check whether the fix is indeed correct.
>
Yes, your understanding of the problem is correct and your diff also, so
I committed it a minute ago, thanks !
I'm curious about what configuration allowed you to hit this though,
/cvs/src/usr.sbin/smtpd/smtpd.h,v
> retrieving revision 1.632
> diff -u -p -r1.632 smtpd.h
> --- smtpd.h 23 Aug 2019 07:09:52 - 1.632
> +++ smtpd.h 28 Aug 2019 08:32:33 -
> @@ -310,6 +310,7 @@ enum imsg_type {
>
> IMSG_REPORT_SMTP_LINK_CONNECT,
> IMSG_REPORT_SMTP_LINK_DISCONNECT,
> + IMSG_REPORT_SMTP_LINK_GREETING,
> IMSG_REPORT_SMTP_LINK_IDENTIFY,
> IMSG_REPORT_SMTP_LINK_TLS,
> IMSG_REPORT_SMTP_LINK_AUTH,
> @@ -1332,6 +1333,8 @@ void lka_report_register_hook(const char
> void lka_report_smtp_link_connect(const char *, struct timeval *, uint64_t,
> const char *, int,
> const struct sockaddr_storage *, const struct sockaddr_storage *);
> void lka_report_smtp_link_disconnect(const char *, struct timeval *,
> uint64_t);
> +void lka_report_smtp_link_greeting(const char *, uint64_t, struct timeval *,
> const char *,
> +const char *);
> void lka_report_smtp_link_identify(const char *, struct timeval *, uint64_t,
> const char *, const char *);
> void lka_report_smtp_link_tls(const char *, struct timeval *, uint64_t,
> const char *);
> void lka_report_smtp_link_auth(const char *, struct timeval *, uint64_t,
> const char *, const char *);
> @@ -1501,6 +1504,8 @@ int queue_message_walk(struct envelope *
> void report_smtp_link_connect(const char *, uint64_t, const char *, int,
> const struct sockaddr_storage *, const struct sockaddr_storage *);
> void report_smtp_link_disconnect(const char *, uint64_t);
> +void report_smtp_link_greeting(const char *, uint64_t, const char *,
> +const char *);
> void report_smtp_link_identify(const char *, uint64_t, const char *, const
> char *);
> void report_smtp_link_tls(const char *, uint64_t, const char *);
> void report_smtp_link_auth(const char *, uint64_t, const char *, const char
> *);
>
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
processor->ready)
> + fatalx("Non-register message before register|"
> + "ready: %s", line);
> + else if (strncmp(line, "filter-result|", 14) == 0 ||
> +
On Fri, Aug 23, 2019 at 07:33:29PM +0200, Martijn van Duren wrote:
> On 8/23/19 7:06 PM, Gilles Chehade wrote:
> > On Fri, Aug 23, 2019 at 09:03:51AM +0200, Martijn van Duren wrote:
> >> Hello,
> >>
> >
> > Hello,
> >
> >
> >> When r
ct_set(conf->sc_filters_dict, $2, filter_config);
> +} proc_params {
> + dict_set(conf->sc_processors_dict, filter_config->proc, processor);
> + processor = NULL;
> + filter_config = NULL;
> +}
> +|
> FILTER STRING PHASE {
> if (dict_get(conf->sc_filters_dict, $2)) {
> yyerror("filter already exists with that name: %s", $2);
>
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
uct sockaddr_in6 *)sa;
- (void)strlcpy(buf, "IPv6:", sizeof(buf));
- p = buf + 5;
+ p = buf;
in6_addr = >sin6_addr;
- (void)bsnprintf(p, NI_MAXHOST, "%s", in6addr_t
On Tue, Jul 23, 2019 at 12:15:26PM +0200, Klemens Nanni wrote:
> On Tue, Jul 23, 2019 at 11:00:04AM +0200, Gilles Chehade wrote:
> > there is no schema today that should default to 587, unless
> > submission:// is introduced as an alias to smtp+tls AND port 587.
> Alright; thi
On Tue, Jul 23, 2019 at 08:51:38PM +0200, Ingo Schwarze wrote:
> Hi Gilles,
>
> Gilles Chehade wrote on Tue, Jul 23, 2019 at 08:27:06AM +0200:
> > On Mon, Jul 22, 2019 at 05:05:01PM -0400, Kurt Mosiejczuk wrote:
>
> >> This is a diff for that changes the example
On Wed, Jul 24, 2019 at 12:18:05AM +0200, Klemens Nanni wrote:
> On Tue, Jul 23, 2019 at 09:06:33AM +0200, Gilles Chehade wrote:
> > On Tue, Jul 23, 2019 at 08:51:54AM +0200, Sebastien Marie wrote:
> > > it seems to me this url is wrong. the '@' in username should be
On Tue, Jul 23, 2019 at 10:20:10PM +0200, Sebastian Benoit wrote:
> Gilles Chehade(gil...@poolp.org) on 2019.07.23 09:06:33 +0200:
> > On Tue, Jul 23, 2019 at 08:51:54AM +0200, Sebastien Marie wrote:
> > > On Mon, Jul 22, 2019 at 11:26:28PM +0200, Klemens Nanni wrote:
>
On Tue, Jul 23, 2019 at 10:54:57AM +0200, Klemens Nanni wrote:
> On Tue, Jul 23, 2019 at 08:18:18AM +0200, Gilles Chehade wrote:
> > it should definitely default to 25 in my opinion, disregarding if people
> > use "relay host" for submission or not.
> Fine with me; I
text_to_relayhost(struct relayhost *rela
> > relay->port = 0;
> >
> > /* first, we extract the label if any */
> > - if ((q = strchr(p, '@')) != NULL) {
> > + if ((q = strrchr(p, '@')) != NULL) {
> > *q = 0;
> > if (strlcpy(relay->authlabel, p, sizeof (relay->authlabel))
> > >= sizeof (relay->authlabel))
> >
>
> --
> Sebastien Marie
>
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
-952,14 +952,14 @@ table other-relays file:/etc/mail/other-
> listen on lo0
> listen on egress
>
> -action "mbox" mbox alias
> -action "relay" relay
> +action local-mbox mbox alias
> +action inet-mail relay
>
> -match for local action "mbox"
> -match for any action "relay"
> +match for local action local-mbox
> +match for any action inet-mail
> match !from src mail\-from "@example.com" for any \e
>reject
> -match from any for domain example.com action "mbox"
> +match from any for domain example.com action local-mbox
> .Ed
> .Sh SEE ALSO
> .Xr mailer.conf 5 ,
>
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
0,
> 587 },
> + { "smtp+notls://", RELAY_TLS_NO,0,
> 25 },
> + { "lmtp://",RELAY_TLS_NO, RELAY_LMTP,
> 0 },
> + { "smtps://", RELAY_TLS_
gt; p = beg + len;
> if (*p == ':') {
> - relay->port = strtonum(p+1, 1, 0x, );
> + relay->port = strtonum(p+1, 1, IPPORT_HILASTAUTO, );
> if (errstr)
> return 0;
> }
>
--
Gilles Chehade
7 +352,7 @@ text_to_relayhost(struct relayhost *rela
> relay->port = 0;
>
> /* first, we extract the label if any */
> - if ((q = strchr(p, '@')) != NULL) {
> + if ((q = strrchr(p, '@')) != NULL) {
>
if ((fd = mkstemp(sfn)) == -1 ||
> - (ofp = fdopen(fd, "w+")) == NULL) {
> - int saved_errno = errno;
> - if (fd != -1) {
> - unlink(sfn);
&g
phase, param);
> if (nparam)
> free(nparam);
> }
>
> static void
> -filter_protocol_next(uint64_t token, uint64_t reqid, enum filter_phase
> phase, const char *param)
> +filter_protocol_next(uint64_t token, uint64_t req
will be read.
I don't see what was wrong here :-/
> .Pp
> .Fn tls_config_set_cert_mem
> sets the public certificate directly from memory.
> .Pp
> .Fn tls_config_set_crl_file
> -sets the filename used to load a file containing the
> +sets the file used to load a file contain
HALLENGEDIR KEYTYPE
> +%token DOMAIN ALTERNATIVE NAMES CERT FULL CHAIN KEY SIGN WITH
> CHALLENGEDIR
> %token YES NO
> %token INCLUDE
> %token ERROR
> @@ -108,6 +108,7 @@ typedef struct {
> %token STRING
> %token
ACCOUNT
> -%token DOMAIN ALTERNATIVE NAMES CERT FULL CHAIN KEY SIGN WITH
> CHALLENGEDIR KEYTYPE
> +%token DOMAIN ALTERNATIVE NAMES CERT FULL CHAIN KEY SIGN WITH
> CHALLENGEDIR
> %token YES NO
> %token INCLUDE
> %token ERROR
> @@ -260,13 +260,15 @@ do
ION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> > - */
> > -
> > -#include
> > -#include
> > -#include
> > -
> > -#include
> > -#include
> > -#include
> > -
> > -#include "rsa.h"
> > -
> > -/*
> > - * Default number of bits when creating a new key.
> > - */
> > -#defineKBITS 4096
> > -
> > -/*
> > - * Create an RSA key with the default KBITS number of bits.
> > - */
> > -EVP_PKEY *
> > -rsa_key_create(FILE *f, const char *fname)
> > -{
> > - EVP_PKEY_CTX*ctx = NULL;
> > - EVP_PKEY*pkey = NULL;
> > -
> > - /* First, create the context and the key. */
> > -
> > - if ((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL) {
> > - warnx("EVP_PKEY_CTX_new_id");
> > - goto err;
> > - } else if (EVP_PKEY_keygen_init(ctx) <= 0) {
> > - warnx("EVP_PKEY_keygen_init");
> > - goto err;
> > - } else if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, KBITS) <= 0) {
> > - warnx("EVP_PKEY_set_rsa_keygen_bits");
> > - goto err;
> > - } else if (EVP_PKEY_keygen(ctx, ) <= 0) {
> > - warnx("EVP_PKEY_keygen");
> > - goto err;
> > - }
> > -
> > - /* Serialise the key to the disc. */
> > -
> > - if (PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL))
> > - goto out;
> > -
> > - warnx("%s: PEM_write_PrivateKey", fname);
> > -err:
> > - EVP_PKEY_free(pkey);
> > - pkey = NULL;
> > -out:
> > - EVP_PKEY_CTX_free(ctx);
> > - return pkey;
> > -}
> > -
> > -
> > -EVP_PKEY *
> > -rsa_key_load(FILE *f, const char *fname)
> > -{
> > - EVP_PKEY*pkey;
> > -
> > - pkey = PEM_read_PrivateKey(f, NULL, NULL, NULL);
> > - if (pkey == NULL) {
> > - warnx("%s: PEM_read_PrivateKey", fname);
> > - return NULL;
> > - } else if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA)
> > - return pkey;
> > -
> > - warnx("%s: unsupported key type", fname);
> > - EVP_PKEY_free(pkey);
> > - return NULL;
> > -}
> > Index: rsa.h
> > ===
> > RCS file: rsa.h
> > diff -N rsa.h
> > --- rsa.h 31 Aug 2016 22:01:42 - 1.1
> > +++ /dev/null 1 Jan 1970 00:00:00 -
> > @@ -1,23 +0,0 @@
> > -/* $Id: rsa.h,v 1.1 2016/08/31 22:01:42 florian Exp $ */
> > -/*
> > - * Copyright (c) 2016 Kristaps Dzonsons
> > - *
> > - * Permission to use, copy, modify, and distribute this software for any
> > - * purpose with or without fee is hereby granted, provided that the above
> > - * copyright notice and this permission notice appear in all copies.
> > - *
> > - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
> > - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> > - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
> > - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
> > - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
> > - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
> > - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> > - */
> > -#ifndef RSA_H
> > -#define RSA_H
> > -
> > -EVP_PKEY *rsa_key_create(FILE *, const char *);
> > -EVP_PKEY *rsa_key_load(FILE *, const char *);
> > -
> > -#endif /* ! RSA_H */
>
>
>
>
> --
> I'm not entirely sure you are real.
>
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
/* Serialise the key to the disc. */
> -
> - if (PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL))
> - goto out;
> -
> - warnx("%s: PEM_write_PrivateKey", fname);
> -err:
> - EVP_PKEY_free(pkey);
> - pkey = NULL;
> -out:
> - EVP_PKEY_CTX_free(ctx);
> - return pkey;
> -}
> -
> -
> -EVP_PKEY *
> -rsa_key_load(FILE *f, const char *fname)
> -{
> - EVP_PKEY*pkey;
> -
> - pkey = PEM_read_PrivateKey(f, NULL, NULL, NULL);
> - if (pkey == NULL) {
> - warnx("%s: PEM_read_PrivateKey", fname);
> - return NULL;
> - } else if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA)
> - return pkey;
> -
> - warnx("%s: unsupported key type", fname);
> - EVP_PKEY_free(pkey);
> - return NULL;
> -}
> Index: rsa.h
> ===
> RCS file: rsa.h
> diff -N rsa.h
> --- rsa.h 31 Aug 2016 22:01:42 - 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -
> @@ -1,23 +0,0 @@
> -/* $Id: rsa.h,v 1.1 2016/08/31 22:01:42 florian Exp $ */
> -/*
> - * Copyright (c) 2016 Kristaps Dzonsons
> - *
> - * Permission to use, copy, modify, and distribute this software for any
> - * purpose with or without fee is hereby granted, provided that the above
> - * copyright notice and this permission notice appear in all copies.
> - *
> - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
> - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
> - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
> - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
> - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
> - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> - */
> -#ifndef RSA_H
> -#define RSA_H
> -
> -EVP_PKEY *rsa_key_create(FILE *, const char *);
> -EVP_PKEY *rsa_key_load(FILE *, const char *);
> -
> -#endif /* ! RSA_H */
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
On Wed, Jun 05, 2019 at 08:39:51AM +0200, Renaud Allard wrote:
>
>
> On 6/5/19 8:20 AM, Gilles Chehade wrote:
> > On Tue, Jun 04, 2019 at 03:54:11PM +0200, Renaud Allard wrote:
> > >
> > >
> > > On 6/3/19 11:53 AM, Renaud Allard wrote:
> > > &
ITS 4096
> -
> -/*
> - * Create an RSA key with the default KBITS number of bits.
> - */
> -EVP_PKEY *
> -rsa_key_create(FILE *f, const char *fname)
> -{
> - EVP_PKEY_CTX*ctx = NULL;
> - EVP_PKEY*pkey = NULL;
> -
> - /* First, create the context and the key. */
> -
> - if ((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL) {
> - warnx("EVP_PKEY_CTX_new_id");
> - goto err;
> - } else if (EVP_PKEY_keygen_init(ctx) <= 0) {
> - warnx("EVP_PKEY_keygen_init");
> - goto err;
> - } else if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, KBITS) <= 0) {
> - warnx("EVP_PKEY_set_rsa_keygen_bits");
> - goto err;
> - } else if (EVP_PKEY_keygen(ctx, ) <= 0) {
> - warnx("EVP_PKEY_keygen");
> - goto err;
> - }
> -
> - /* Serialise the key to the disc. */
> -
> - if (PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL))
> - goto out;
> -
> - warnx("%s: PEM_write_PrivateKey", fname);
> -err:
> - EVP_PKEY_free(pkey);
> - pkey = NULL;
> -out:
> - EVP_PKEY_CTX_free(ctx);
> - return pkey;
> -}
> -
> -
> -EVP_PKEY *
> -rsa_key_load(FILE *f, const char *fname)
> -{
> - EVP_PKEY*pkey;
> -
> - pkey = PEM_read_PrivateKey(f, NULL, NULL, NULL);
> - if (pkey == NULL) {
> - warnx("%s: PEM_read_PrivateKey", fname);
> - return NULL;
> - } else if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA)
> - return pkey;
> -
> - warnx("%s: unsupported key type", fname);
> - EVP_PKEY_free(pkey);
> - return NULL;
> -}
> Index: rsa.h
> ===
> RCS file: /cvs/src/usr.sbin/acme-client/rsa.h,v
> retrieving revision 1.1
> diff -u -p -r1.1 rsa.h
> --- rsa.h 31 Aug 2016 22:01:42 - 1.1
> +++ rsa.h 4 Jun 2019 13:50:28 -
> @@ -18,6 +18,6 @@
> #define RSA_H
>
> EVP_PKEY *rsa_key_create(FILE *, const char *);
> -EVP_PKEY *rsa_key_load(FILE *, const char *);
> +EVP_PKEY *key_load(FILE *, const char *);
>
> #endif /* ! RSA_H */
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
; + (https://www.mail-archive.com/misc@opensmtpd.org/;>Archive).
> The
>list is not moderated, however registration is required.
>
>To register, simply send a mail to
>
> Sergey
>
--
Gilles Chehade @poolpOrg
return 1;
> + }
> +
> + if ((ep = strchr(response, '|'))) {
> + parameter = ep + 1;
> + *ep = 0;
> }
>
> if (strcmp(response, "proceed") != 0 &&
>
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
ail(expand(cp), mtf);
>
> /* Setup sendmail arguments. */
> -*ap++ = "send-mail";
> +*ap++ = "sendmail";
> *ap++ = "-i";
> *ap++ = "-t";
> cp = hp->h_from ? hp->h_from : value(&qu
so that's my reason for this line of thinking slash
> pipe-dreaming ;)
>
quite amazing to watch tedu talk to another tedu :-|
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
rc, sizeof dest) == -E2BIG) {
// overflow
}
and that strscpy() is essentially strlcpy() in NIH disguise:
ssize_t
strscpy(char *dest, const char *src, size_t count)
{
ssize_t ret;
if ((ret = strlcpy(dest, src, count)) >= count)
return -E2BIG;
retu
On Tue, Nov 20, 2018 at 04:12:13PM -0600, Edgar Pettijohn wrote:
>
> >
> > why db ?
>
> Do you need makemap for file backend?
>
oh gosh am I dumb.
your diff is ok, ignore me, will commit later today.
--
Gilles Chehade
should stick to the file backend which is the best one for
the general case.
The db backend is an extension of the file backend and unless you have a
very specific use case, it brings no benefit whatsoever. It ISN'T faster
than the file backend and unless you have
dge)
> + # Skip bridge in the installer.
> ?? return
> ?????????? ;;
> ?? *)?? _cmds[${#_cmds[*]}]="ifconfig $_if ${_c[@]}"
>
>
> Cheers
>
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
o
> .Op Ic \&!
> .Cm rcpt\-to
> @@ -538,6 +543,11 @@ Specify that transactions's MAIL FROM sh
> .Xc
> Specify that transaction's RCPT TO should match the string or list table
> .Ar recipient .
> +The
> +.Ar recipient
> +may contain complete email addresses or apply to an entire domain if prefixed
> +with
> +.Sq @ .
> .It Xo
> .Op Ic \&!
> .Cm tag Ar tag
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Thu, Oct 25, 2018 at 07:24:33AM +0100, Raf Czlonka wrote:
> On Thu, Oct 25, 2018 at 07:11:47AM BST, Gilles Chehade wrote:
> >
> > smtpd will _always_ display a 'starttls' log line when the TLS channel
> > starts,
> > disregarding if TLS was started at con
attempted to connect in plaintext then upgrade
a session on a host that didn't speak plaintext and expected sessions to speak
TLS from the start.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
ch_a);
> + lookup_record(T_, *(ap) + 2, dispatch_);
> continue;
> }
> if (strncasecmp("exists:", *ap, 7) == 0) {
--
Gilles Chehade
https://www.poolp.org @poolpOrg
0
> },
> + { "lmtp://", RELAY_TLS_NO,RELAY_LMTP
> },
> + { "smtps://", RELAY_TLS_SMTPS, 0
> }
> };
> const char *errstr = NULL;
> char *p, *q;
> @@ -344,6 +345,7 @@ text_to_relayhost(struct relayhost *rela
> else
> p = buffer + strlen(schemas[i].name);
>
> + relay->tls = schemas[i].tls;
> relay->flags = schemas[i].flags;
>
> /* need to specify an explicit port for LMTP */
> @@ -395,7 +397,8 @@ text_to_relayhost(struct relayhost *rela
> return 0;
> if (relay->authlabel[0]) {
> /* disallow auth on non-tls scheme. */
> - if (!(relay->flags & (RELAY_STARTTLS | RELAY_SMTPS)))
> + if (relay->tls != RELAY_TLS_STARTTLS &&
> + relay->tls != RELAY_TLS_SMTPS)
> return 0;
> relay->flags |= RELAY_AUTH;
> }
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Mon, Sep 03, 2018 at 11:43:02PM +0800, Michael Mikonos wrote:
> On Mon, Sep 03, 2018 at 02:24:49PM +0800, Michael Mikonos wrote:
> > On Sat, Sep 01, 2018 at 11:31:49PM +0200, Gilles Chehade wrote:
> > > On Sat, Sep 01, 2018 at 09:20:59PM +0800, Michael Mikonos wr
Alias
> > table.
> >
> > Thanks,
> > Matt
> >
>
> [...]
>
>
> i think your diff reads better than what's there now. gilles, eric?
>
agreed
--
Gilles Chehade
https://www.poolp.org @poolpOrg
gt; +.It Cm wrapper Ar name
> > +Use the wrapper specified in
> > +.Cm mda wrapper.
>
> that looks correct (i think). but with one adjustment - there should be
> a space between "wrapper" and the full stop.
>
> gilles? eric?
>
yes this reads
trlen(s) - strlen(val);
> + sym = strndup(s, len);
> + if (sym == NULL)
> + errx(1, "%s: strndup", __func__);
>
> ret = symset(sym, val + 1, 1);
> free(sym);
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
tate: unknown state");
> + fatalx("%s: bad state %d", __func__, proto->state);
> }
> #undef smtp_client_state
> }
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
> + /* no schema, default to smtp:// */
> + i = 0;
> p = buffer;
> }
> else
> @@ -397,10 +393,13 @@ text_to_relayhost(struct relayhost *rela
> return 0;
> if ((relay->flags & RELAY_LMTP) && (relay->port == 0))
> return 0;
> - if (relay->authlabel[0] == '\0' && relay->flags & RELAY_AUTH)
> - return 0;
> - if (relay->authlabel[0] != '\0' && !(relay->flags & RELAY_AUTH))
> - return 0;
> + if (relay->authlabel[0]) {
> + /* disallow auth on non-tls scheme. */
> + if (!(relay->flags & (RELAY_STARTTLS | RELAY_SMTPS)))
> + return 0;
> + relay->flags |= RELAY_AUTH;
> + }
> +
> return 1;
> }
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
message_printf(tx, "%s:%s\n", res.hdr, res.value);
> + break;
> +
> + case RFC5322_HEADER_CONT:
>
> - ret = rfc2822_parser_feed(>rfc2822_parser, line);
> - if (ret == -1)
> - tx-
980,16 @@ pushfile(const char *name, int secret)
> free(nfile);
> return (NULL);
> }
> - nfile->lineno = 1;
> + nfile->lineno = TAILQ_EMPTY() ? 1 : 0;
> + nfile->ungetsize = 16;
> + nfile->ungetbuf = malloc(nfile->ungetsize);
> + if (nfile->ungetbuf == NULL) {
> + log_warn("warn: malloc");
> + fclose(nfile->stream);
> + free(nfile->name);
> + free(nfile);
> + return (NULL);
> + }
> TAILQ_INSERT_TAIL(, nfile, entry);
> return (nfile);
> }
> @@ -1973,6 +2005,7 @@ popfile(void)
> TAILQ_REMOVE(, file, entry);
> fclose(file->stream);
> free(file->name);
> + free(file->ungetbuf);
> free(file);
> file = prev;
> return (file ? 0 : EOF);
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
1.183
> +++ smtpd.conf.5 31 May 2018 19:56:04 -
> @@ -205,6 +205,9 @@ to advertise during the HELO phase.
> .It Cm host Ar relay-url
> Do not perform MX lookups but relay messages to the relay host described by
> .Ar relay-url .
> +If the url uses tls, the certificate w
NODSN },
> + { "no-verify", NOVERIFY },
> { "on", ON },
> { "pki",PKI },
> { "port", PORT },
> Index: mta.c
> ==========
tials.
> +This option is usable only with
> +.Cm host
> +option.
> +The credential table format is described in
> +.Xr table 5 .
> .It Cm mail\-from Ar mailaddr
> Use
> .Ar mailaddr
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Thu, May 24, 2018 at 04:38:17PM -0400, Rupert Gallagher wrote:
> On Thu, May 24, 2018 at 14:18, Gilles Chehade <gil...@poolp.org> wrote:
>
> > In effect, instead of having:
> > accept from any for local deliver to mbox
> >
> > You will have:
> >
safer, removed a lot of
very unpleasant side-effects most people didn't even realize existed ...
until they hit that one case for which we had no way to work around.
Anyways,
looking forward for you to test and report how it works for you :-)
--
Gilles Chehade
h
tree_xset(_ssl_init, s->id, s);
> + return;
> + }
> +
> + smtp_send_banner(s);
> }
>
> static void
> @@ -2416,48 +2318,6 @@ smtp_queue_rollback(struct smtp_session
> m_create(p_queue, IMSG_SMTP_MESSAGE_ROLLBACK, 0, 0, -1);
> m_add_msgid(p_queue, s->tx->msgid);
> m_close(p_queue);
> -}
> -
> -static void
> -smtp_filter_connect(struct smtp_session *s, struct sockaddr *sa)
> -{
> - tree_xset(_filter, s->id, s);
> - smtp_filter_response(s->id, QUERY_CONNECT, FILTER_OK, 0, NULL);
> -}
> -
> -static void
> -smtp_filter_eom(struct smtp_session *s)
> -{
> - tree_xset(_filter, s->id, s);
> - smtp_filter_response(s->id, QUERY_EOM, FILTER_OK, 0, NULL);
> -}
> -
> -static void
> -smtp_filter_helo(struct smtp_session *s)
> -{
> - tree_xset(_filter, s->id, s);
> - smtp_filter_response(s->id, QUERY_HELO, FILTER_OK, 0, NULL);
> -}
> -
> -static void
> -smtp_filter_mail(struct smtp_session *s)
> -{
> - tree_xset(_filter, s->id, s);
> - smtp_filter_response(s->id, QUERY_MAIL, FILTER_OK, 0, NULL);
> -}
> -
> -static void
> -smtp_filter_rcpt(struct smtp_session *s)
> -{
> - tree_xset(_filter, s->id, s);
> - smtp_filter_response(s->id, QUERY_RCPT, FILTER_OK, 0, NULL);
> -}
> -
> -static void
> -smtp_filter_data(struct smtp_session *s)
> -{
> - tree_xset(_filter, s->id, s);
> - smtp_filter_response(s->id, QUERY_DATA, FILTER_OK, 0, NULL);
> }
>
> static void
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
, valp);
> + }
>
> - if ((valp == keyp || valp == NULL) && t->t_type == T_LIST)
> - table_add(t, keyp, NULL);
> - else if ((valp != keyp && valp != NULL) && t->t_type == T_HASH)
> - table_add(t, keyp, valp);
> - else
> - goto end;
> + if (ferror(fp)) {
> + log_warn("%s: getline", t->t_config);
> + goto end;
> }
> +
> /* Accept empty alias files; treat them as hashes */
> if (t->t_type == T_NONE && t->t_backend->services & K_ALIAS)
> t->t_type = T_HASH;
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
_type = (valp == keyp || valp == NULL) ? T_LIST :
> T_HASH;
> -
> - if (!(t->t_type & type))
> - goto end;
>
> if ((valp == keyp || valp == NULL) && t->t_type == T_LIST)
> table_add(t, keyp, NULL);
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Fri, Aug 04, 2017 at 02:56:21PM +0200, Gilles Chehade wrote:
> On Fri, Aug 04, 2017 at 01:13:06PM +0200, Eric Faurot wrote:
> > Hi,
> >
> > Experimental support for filters has been removed some time ago from
> > the config parser. Now we want to get rid of t
set(_filter, s->id, s);
> - filter_mailaddr(s->id, QUERY_MAIL, >tx->evp.sender);
> + smtp_filter_response(s->id, QUERY_MAIL, FILTER_OK, 0, NULL);
> }
>
> static void
> smtp_filter_rcpt(struct smtp_session *s)
> {
> tree_xset(_filter, s->id, s);
> - filter_mailaddr(s->id, QUERY_RCPT, >tx->evp.rcpt);
> + smtp_filter_response(s->id, QUERY_RCPT, FILTER_OK, 0, NULL);
> }
>
> static void
> smtp_filter_data(struct smtp_session *s)
> {
> tree_xset(_filter, s->id, s);
> - filter_line(s->id, QUERY_DATA, NULL);
> + smtp_filter_response(s->id, QUERY_DATA, FILTER_OK, 0, NULL);
> }
>
> static void
> @@ -2624,11 +2517,6 @@ smtp_filter_dataline(struct smtp_session
> if (ret == 0) {
> s->tx->msgflags |= MF_ERROR_MALFORMED;
> return;
> - }
> -
> - if (io_queued(s->tx->oev) > DATA_HIWAT && !io_paused(s->io, IO_IN)) {
> - log_debug("debug: smtp: %p: filter congestion: pausing
> session", s);
> - io_pause(s->io, IO_IN);
> }
> }
>
> Index: smtpd.h
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/smtpd.h,v
> retrieving revision 1.533
> diff -u -p -r1.533 smtpd.h
> --- smtpd.h 27 Jul 2017 18:48:30 - 1.533
> +++ smtpd.h 4 Aug 2017 09:53:16 -
> @@ -1200,18 +1200,6 @@ int expand_to_text(struct expand *, char
> RB_PROTOTYPE(expandtree, expandnode, nodes, expand_cmp);
>
>
> -/* filter.c */
> -void filter_postfork(void);
> -void filter_configure(void);
> -void filter_connect(uint64_t, const struct sockaddr *,
> -const struct sockaddr *, const char *, const char *);
> -void filter_mailaddr(uint64_t, int, const struct mailaddr *);
> -void filter_line(uint64_t, int, const char *);
> -void filter_eom(uint64_t, int, size_t);
> -void filter_event(uint64_t, int);
> -void filter_build_fd_chain(uint64_t, int);
> -
> -
> /* forward.c */
> int forwards_get(int, struct expand *);
>
> Index: smtpd/Makefile
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/smtpd/Makefile,v
> retrieving revision 1.87
> diff -u -p -r1.87 Makefile
> --- smtpd/Makefile26 May 2017 21:30:00 - 1.87
> +++ smtpd/Makefile3 Aug 2017 09:55:57 -
> @@ -17,7 +17,6 @@ SRCS+= dns.c
> SRCS+= envelope.c
> SRCS+= esc.c
> SRCS+= expand.c
> -SRCS+= filter.c
> SRCS+= forward.c
> SRCS+= iobuf.c
> SRCS+= ioev.c
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
accommodate (with an fd reserve).
> The lower limits are on outgoing connections.
>
> New diff with reordered code. I'll see if I can get Adam to run one more
> round of testing..
>
Committed thanks :)
--
Gilles Chehade
https://www.poolp.org @poolpOrg
= 0)
> smtp_data_io_done(s);
> - } else if (io_paused(s->io, IO_IN)) {
> +
> + if (io_paused(s->io, IO_IN)) {
> log_debug("debug: smtp: %p: filter congestion over:
> resuming session", s);
> io_resume(s->io, IO_IN);
> }
>
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Wed, May 31, 2017 at 09:53:38AM -0500, Jimmy Hess wrote:
> On Wed, May 31, 2017 at 6:34 AM, Gilles Chehade <gil...@poolp.org> wrote:
>
> > It is not that simple because newaliases works when you have one aliases
> > database (e.g. /etc/mail/aliases). This is the c
eful if "newaliases" did whatever is necessary for the
> table type you have in use so you don't need to think about it and the
> documentation can be simple..)
>
It is not that simple because newaliases works when you have one aliases
database (e.g. /etc/mail/aliases). This is the case on the default setup
but smtpd supports per-rule aliases mappings and for example the MX that
I run for poolp.org and opensmtpd.org has two different sets of aliases,
one for each domain, and now newaliases can't work anymore.
We can hack it so it works in some cases but it will never be able to do
the work correctly for non-default configurations and we will still have
to provide and document the smtpctl command.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
> m_create(s->p, IMSG_MTA_DNS_HOST_END, 0, 0, -1);
> m_add_id(s->p, s->reqid);
> m_add_int(s->p, DNS_EINVAL);
--
Gilles Chehade
https://www.poolp.org @poolpOrg
> +++ smtp_session.c11 May 2017 10:16:54 -
> @@ -962,8 +962,7 @@ smtp_session_imsg(struct mproc *p, struc
> io_set_read(s->io);
> io_start_tls(s->io, ssl);
>
> - explicit_bzero(resp_ca_cert->cert, resp_ca_cert->cert_len);
> - free(resp_ca_cert->cert);
> + freezero(resp_ca_cert->cert, resp_ca_cert->cert_len);
> free(resp_ca_cert);
> return;
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
the situation.
Sadly, "clear" is something the OpenSSL folks are unfamiliar with...
--
Gilles Chehade
https://www.poolp.org @poolpOrg
);
> > } else {
> > ic->ic_flags &= ~IEEE80211_F_PSK;
> > memset(ic->ic_psk, 0, sizeof(ic->ic_psk));
> > @@ -496,6 +528,8 @@ ieee80211_ioctl(struct ifnet *ifp, u_lon
> > break;
> > kr = (struct ieee80211_keyrun *)data;
> > error = ieee80211_keyrun(ic, kr->i_macaddr);
> > + if (error == 0 && (ic->ic_flags & IEEE80211_F_WEPON))
> > + ieee80211_disable_wep(ic);
> > break;
> > case SIOCS80211POWER:
> > if ((error = suser(curproc, 0)) != 0)
> >
>
> --
> Antoine
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
vsw)
> {
> diff --git usr.sbin/vmd/vmd.h usr.sbin/vmd/vmd.h
> index e371112..26d345c 100644
> --- usr.sbin/vmd/vmd.h
> +++ usr.sbin/vmd/vmd.h
> @@ -185,6 +185,7 @@ struct vmd {
> struct switchlist *vmd_switches;
>
> int vmd_fd;
> + int vmd_ptmfd;
> };
>
> /* vmd.c */
> @@ -197,6 +198,8 @@ void vm_stop(struct vmd_vm *, int);
> void vm_remove(struct vmd_vm *);
> int vm_register(struct privsep *, struct vmop_create_params *,
> struct vmd_vm **, uint32_t);
> +int vm_opentty(struct vmd_vm *);
> +void vm_closetty(struct vmd_vm *);
> void switch_remove(struct vmd_switch *);
> struct vmd_switch *switch_getbyname(const char *);
> char *get_string(uint8_t *, size_t);
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
case IMSG_VMDOP_LOAD:
> case IMSG_VMDOP_RELOAD:
> case IMSG_CTL_RESET:
> @@ -384,6 +404,8 @@ control_dispatch_imsg(int fd, short event, void *arg)
> return;
>
> fail:
> + if (ret == 0)
> + ret = EINVAL;
> imsg_compose_event(>iev, IMSG_CTL_FAIL,
> 0, 0, -1, , sizeof(ret));
> imsg_flush(>iev.ibuf);
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
name);
> - if (as->as_ctx->ac_options & RES_USE_EDNS0)
> - _asr_pack_edns0(, MAXPACKETSZ);
> + if (as->as_ctx->ac_options & (RES_USE_EDNS0 | RES_USE_DNSSEC))
> + _asr_pack_edns0(, MAXPACKETSZ,
> + as->as_ctx->ac_options & RES_USE_DNSSEC);
> if (p.err) {
> DPRINT("error packing query");
> errno = EINVAL;
> Index: net/resolver.3
> ===
> RCS file: /d/cvs/src/lib/libc/net/resolver.3,v
> retrieving revision 1.36
> diff -u -p -r1.36 resolver.3
> --- net/resolver.318 Feb 2017 19:23:05 - 1.36
> +++ net/resolver.327 Feb 2017 07:25:11 -
> @@ -199,9 +199,6 @@ uses 4096 bytes as input buffer size.
> Request that the resolver uses
> Domain Name System Security Extensions (DNSSEC),
> as defined in RFCs 4033, 4034, and 4035.
> -On
> -.Ox
> -this option does nothing.
> .El
> .Pp
> The
>
>
> --
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
faddrs() != 0)
> + if (getifaddrs() == -1)
> return (-1);
>
> as->as.ai.flags |= ASYNC_NO_INET | ASYNC_NO_INET6;
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
wd file will contain an entry like
> @@ -199,9 +197,9 @@ maildir folder are mapped to the single
> In this example, Dovecot is used as an IMAP server.
>
>
> -# export
> PKG_PATH=http://your.local.mirror/pub/OpenBSD/%c/packages/%a
> -# pkg_add dovecot
> and the kernel that spreads the inconsistency inside userland.
>
> Kernel and userland best practices are already quite different, including
> this in that list is the lesser evil.
>
I would love to remove this from smtpd to reduce diff with portable,
so i'm generally ok with the idea
--
Gilles Chehade
https://www.poolp.org @poolpOrg
;io)) {
> s->flags |= SF_BADINPUT;
> smtp_reply(s, "500 %s %s: Pipelining not supported",
> esc_code(ESC_STATUS_PERMFAIL, ESC_INVALID_COMMAND),
> @@ -1321,7 +1313,7 @@ smtp_io(struct io *io, int evt, void *ar
}
> > smtp_message_end(s);
> > @@ -1198,7 +1182,6 @@ smtp_filter_fd(uint64_t id, int fd)
> > smtp_reply(s, "421 %s: Temporary Error",
> > esc_code(ESC_STATUS_TEMPFAIL,
> > ESC_OTHER_MAIL_SYSTEM_STATUS));
> >
1 - 100 of 207 matches
Mail list logo