Re: MDA command buffer length

2015-10-05 Thread Gilles Chehade
On Mon, Oct 05, 2015 at 02:15:55PM +1300, Holger Jahn wrote: > Hi there, > > After playing with MDA delivery in smtpd.conf on two servers, I found that > there seems to be an internal command line buffer overflow after 256 bytes. > > Consider the following MDA config setting: > > deliver to mda

Re: Remotely triggerable buffer overflow in OpenSMTPD

2015-10-05 Thread Gilles Chehade
On Mon, Oct 05, 2015 at 12:38:50AM +0200, Jason A. Donenfeld wrote: > Hi folks, > > I'm passing the gauntlet for anyone who wants to analyze this for > impact etc. There's a remotely triggerable buffer overflow in > OpenBSD's OpenSMTPD -- the latest version, 5.7.2 -- reachable by > sending

Re: Remotely triggerable buffer overflow in OpenSMTPD

2015-10-05 Thread Joerg Jung
> On 05 Oct 2015, at 00:38, Jason A. Donenfeld wrote: > > At some point we might want a CVE for this. > Please, next time you publish such a security issue -- give developers a chance to provide patches, *before* going public. Think of the production servers which run

Re: Remotely triggerable buffer overflow in OpenSMTPD

2015-10-05 Thread Gilles Chehade
On Mon, Oct 05, 2015 at 10:38:34AM +0200, Joerg Jung wrote: > > > On 05 Oct 2015, at 00:38, Jason A. Donenfeld wrote: > > > > At some point we might want a CVE for this. > > > > Please, next time you publish such a security issue -- give developers a > chance > to provide

/var/run -> /run

2015-10-05 Thread Jason A. Donenfeld
Hi folks, Some distributions are using /run instead of /var/run. In the Gentoo package, somebody changed it recently to do this: sed -i -e '/pidfile_path/s:_PATH_VARRUN:"/run/":' openbsd-compat/pidfile.c This isn't very pretty. Is there a switch to --configure for making this happen? And if

Re: /var/run -> /run

2015-10-05 Thread Gilles Chehade
On Mon, Oct 05, 2015 at 11:07:16AM +0200, Jason A. Donenfeld wrote: > Hi folks, > > Some distributions are using /run instead of /var/run. In the Gentoo > package, somebody changed it recently to do this: > > sed -i -e '/pidfile_path/s:_PATH_VARRUN:"/run/":' openbsd-compat/pidfile.c > > This

Re: /var/run -> /run

2015-10-05 Thread Jason A. Donenfeld
On Mon, Oct 5, 2015 at 11:12 AM, Gilles Chehade wrote: > yes, please fill a feature request on the tracker Done: https://github.com/OpenSMTPD/OpenSMTPD/issues/637 > > it won't be part of the release i'll do this morning. No problem; there's no rush for this. -- You received

Re: MDA command buffer length

2015-10-05 Thread Eric Faurot
On Mon, Oct 05, 2015 at 02:15:55PM +1300, Holger Jahn wrote: > Hi there, > > After playing with MDA delivery in smtpd.conf on two servers, I found that > there seems to be an internal command line buffer overflow after 256 bytes. > > Consider the following MDA config setting: > > deliver to mda

Re: MDA command buffer length

2015-10-05 Thread Holger Jahn
On 10/05/2015 08:38 PM, Gilles Chehade wrote: This looks like a truncation in the forward expansion code, it should have caused the mail to be rejected, I'll have a look today. Can you tell me which version you are using ? 5.7.1p1 on Arch Linux. -- You received this mail because you are

Announce: OpenSMTPD 5.7.3 released

2015-10-05 Thread Gilles Chehade
OpenSMTPD 5.7.3 has just been released. OpenSMTPD is a FREE implementation of the SMTP protocol with some common extensions. It allows ordinary machines to exchange e-mails with systems speaking the SMTP protocol. It implements a fairly large part of RFC5321 and can already cover a large range of

Relay with vmap

2015-10-05 Thread Alberto Mijares
Hi guys, I need a relay server for specific virtual addresses. This sounds good to me accept from any for any virtual relay table file should look like peter@myfirstdomain peter@emailprovider jhon@mysecondomain jhon@anotheremailprovider ... and so... However, it doesn't work.