Re: smtpd remove implicit ruleset behavior
Gilles Chehade (2019-11-25 08:43 +0100): > and this diff makes smtpd warn at startup that implicit rules were used: > > laptop$ doas smtpd > smtpd: ruleset relies on implicit 'from' at line 10 > smtpd: ruleset relies on implicit 'for' at line 11 > laptop$ Without context it may not be obvious what the problem is. Perhaps something like this instead? smtpd: line 10: use of implicit 'from' is deprecated
Re: smtpd remove implicit ruleset behavior
On Mon, Nov 25, 2019 at 08:30:21AM +0100, Gilles Chehade wrote:
> On Mon, Nov 25, 2019 at 01:09:20AM +0100, Joerg Jung wrote:
> > On Sun, Nov 24, 2019 at 10:54:14AM +0100, Gilles Chehade wrote:
> > >
> > > Ten years ago, it seemed a very neat idea that OpenSMTPD would have some
> > > implicit defaults to avoid people creating open relays.
> > >
> > > Back then I was trying to make the smtpd.conf as compact as possible and
> > > came up with the very nice idea of "implicit local" so that we would get
> > > a very compact:
> > >
> > > accept for any relay
> > >
> > > which would not be an open relay as it translated to:
> > >
> > > accept from local for any relay
> > >
> > >
> > > This idea was carried when we moved the syntax to match/action.
> > >
> > > I think this was an error from the beginning and we should only have the
> > > explicit notation as I see a trend in people coming up with:
> > >
> > > match for domain foobar.org action "deliver"
> > >
> > > which, read loud, seems to imply that mail for domain foobar.org will be
> > > delivered but which actually fails because it translates as:
> > >
> > > match from local for domain foobar.org action "deliver"
> > >
> > > and actually limits the scope to local users...
> > >
> > > People keep making this mistake over and over which as safe as it is, is
> > > a serious hint that the mistake is on smtpd's side.
> > >
> > >
> > > Is there strong objection to move to a mode where implicit notation will
> > > no longer be allowed ?
> >
> > No objections. Yes, please make the notation explicit and remove the
> > syntactic sugar which often seems to be the reason for confusions.
> >
> > > This could start with us adding the explicit notation to default config,
> > > then put a startup warning in the next release so configurations are not
> > > broken but people spot that this is no longer encouraged and we can then
> > > later kill it.
> >
> > Sounds like a good plan to me.
> >
>
> This diff makes default smtpd.conf use the explicit notation.
>
> ok ?
>
and this diff makes smtpd warn at startup that implicit rules were used:
laptop$ doas smtpd
smtpd: ruleset relies on implicit 'from' at line 10
smtpd: ruleset relies on implicit 'for' at line 11
laptop$
alternatively these warnx() can be turned into errx() if we want to
go right away into explicit mode without warning for a release.
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/smtpd/parse.y,v
retrieving revision 1.264
diff -u -p -r1.264 parse.y
--- parse.y 12 Nov 2019 21:02:42 - 1.264
+++ parse.y 25 Nov 2019 07:39:28 -
@@ -1313,10 +1313,12 @@ MATCH {
rule = xcalloc(1, sizeof *rule);
} match_options action {
if (!rule->flag_from) {
+ warnx("ruleset relies on implicit 'from' at line %d",
file->lineno);
rule->table_from = strdup("");
rule->flag_from = 1;
}
if (!rule->flag_for) {
+ warnx("ruleset relies on implicit 'for' at line %d",
file->lineno);
rule->table_for = strdup("");
rule->flag_for = 1;
}
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles
Re: smtpd remove implicit ruleset behavior
On Mon, Nov 25, 2019 at 01:09:20AM +0100, Joerg Jung wrote: > On Sun, Nov 24, 2019 at 10:54:14AM +0100, Gilles Chehade wrote: > > > > Ten years ago, it seemed a very neat idea that OpenSMTPD would have some > > implicit defaults to avoid people creating open relays. > > > > Back then I was trying to make the smtpd.conf as compact as possible and > > came up with the very nice idea of "implicit local" so that we would get > > a very compact: > > > > accept for any relay > > > > which would not be an open relay as it translated to: > > > > accept from local for any relay > > > > > > This idea was carried when we moved the syntax to match/action. > > > > I think this was an error from the beginning and we should only have the > > explicit notation as I see a trend in people coming up with: > > > > match for domain foobar.org action "deliver" > > > > which, read loud, seems to imply that mail for domain foobar.org will be > > delivered but which actually fails because it translates as: > > > > match from local for domain foobar.org action "deliver" > > > > and actually limits the scope to local users... > > > > People keep making this mistake over and over which as safe as it is, is > > a serious hint that the mistake is on smtpd's side. > > > > > > Is there strong objection to move to a mode where implicit notation will > > no longer be allowed ? > > No objections. Yes, please make the notation explicit and remove the > syntactic sugar which often seems to be the reason for confusions. > > > This could start with us adding the explicit notation to default config, > > then put a startup warning in the next release so configurations are not > > broken but people spot that this is no longer encouraged and we can then > > later kill it. > > Sounds like a good plan to me. > This diff makes default smtpd.conf use the explicit notation. ok ? Index: smtpd.conf === RCS file: /cvs/src/etc/mail/smtpd.conf,v retrieving revision 1.11 diff -u -p -r1.11 smtpd.conf --- smtpd.conf 4 Jun 2018 21:10:58 - 1.11 +++ smtpd.conf 25 Nov 2019 07:28:48 - @@ -15,5 +15,5 @@ action "relay" relay # Uncomment the following to accept external mail for domain "example.org" # # match from any for domain "example.org" action "local" -match for local action "local" -match for any action "relay" +match from local for local action "local" +match from local for any action "relay" -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles
Re: smtpd remove implicit ruleset behavior
> Hello, Hi Gilles, > Is there strong objection to move to a mode where implicit notation will > no longer be allowed ? I think that's a good idea regarding the growing of matching facilities in smtpd, as long as we make sure the removal of implicit "from local" doesn't turn somehow into an implicit "from any", which it won't anyway.
Re: smtpd remove implicit ruleset behavior
On 10:54 Sun 24 Nov, Gilles Chehade wrote: > Hello, > > Ten years ago, it seemed a very neat idea that OpenSMTPD would have some > implicit defaults to avoid people creating open relays. > > Back then I was trying to make the smtpd.conf as compact as possible and > came up with the very nice idea of "implicit local" so that we would get > a very compact: > > accept for any relay > > which would not be an open relay as it translated to: > > accept from local for any relay > > > This idea was carried when we moved the syntax to match/action. > > I think this was an error from the beginning and we should only have the > explicit notation as I see a trend in people coming up with: > > match for domain foobar.org action "deliver" > > which, read loud, seems to imply that mail for domain foobar.org will be > delivered but which actually fails because it translates as: > > match from local for domain foobar.org action "deliver" > > and actually limits the scope to local users... > > People keep making this mistake over and over which as safe as it is, is > a serious hint that the mistake is on smtpd's side. > > > Is there strong objection to move to a mode where implicit notation will > no longer be allowed ? > > > This could start with us adding the explicit notation to default config, > then put a startup warning in the next release so configurations are not > broken but people spot that this is no longer encouraged and we can then > later kill it. Please do.
smtpd remove implicit ruleset behavior
Hello, Ten years ago, it seemed a very neat idea that OpenSMTPD would have some implicit defaults to avoid people creating open relays. Back then I was trying to make the smtpd.conf as compact as possible and came up with the very nice idea of "implicit local" so that we would get a very compact: accept for any relay which would not be an open relay as it translated to: accept from local for any relay This idea was carried when we moved the syntax to match/action. I think this was an error from the beginning and we should only have the explicit notation as I see a trend in people coming up with: match for domain foobar.org action "deliver" which, read loud, seems to imply that mail for domain foobar.org will be delivered but which actually fails because it translates as: match from local for domain foobar.org action "deliver" and actually limits the scope to local users... People keep making this mistake over and over which as safe as it is, is a serious hint that the mistake is on smtpd's side. Is there strong objection to move to a mode where implicit notation will no longer be allowed ? This could start with us adding the explicit notation to default config, then put a startup warning in the next release so configurations are not broken but people spot that this is no longer encouraged and we can then later kill it. -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles
