Re: OpenSMTPD build on OpenSSL 1.1.x

[Gilles Chehade]

Hu, this doesn't look like latest checkout from portable, can you double
check ?

Le mer. 14 août 2019 à 22:17, Denis Fateyev  a écrit :

> Hello Gilles,
>
> Tried to rebuild on Fedora 30, but got compile errors (providing below
> with warnings in case if you find them useful):
> --- < cut here > ---
> gcc -DHAVE_CONFIG_H -I. -I../..  -I../../smtpd -I../../openbsd-compat
> -I../../openbsd-compat/err_h -I../../openbsd-compat/paths_h -I.
> -I/usr/include  -DSMTPD_CONFDIR=\"/etc/opensmtpd\"
> -DPATH_CHROOT=\"/var/empty/smtpd\" -DPATH_SMTPCTL=\"/usr/sbin/smtpctl\"
> -DPATH_MAILLOCAL=\"/usr/libexec/opensmtpd/mail.local\"
> -DPATH_LIBEXEC=\"/usr/libexec/opensmtpd\" -DHAVE_CONFIG_H -DIO_SSL
> -DCA_FILE=\"/etc/pki/tls/cert.pem\" -O2 -g -pipe -Wall
> -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS
> -fexceptions -fstack-protector-strong -grecord-gcc-switches
> -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
> -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic
> -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
>  -fPIC -DPIC -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
> -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign
> -Wno-unused-result -fno-strict-aliasing -fno-builtin-memset -D_BSD_SOURCE
> -D_DEFAULT_SOURCE  -D_GNU_SOURCE -DNEED_EVENT_ASR_RUN -c -o
> ../../smtpd/smtpd-ca.o `test -f '../../smtpd/ca.c' || echo
> './'`../../smtpd/ca.c
> ../../smtpd/aliases.c: In function 'aliases_get':
> ../../smtpd/aliases.c:56:23: warning: variable 'userbase' set but not used
> [-Wunused-but-set-variable]
>56 |  struct table*userbase = NULL;
>   |   ^~~~
> ../../smtpd/aliases.c: In function 'aliases_virtual_get':
> ../../smtpd/aliases.c:114:23: warning: variable 'userbase' set but not
> used [-Wunused-but-set-variable]
>   114 |  struct table*userbase = NULL;
>   |   ^~~~
> gcc -DHAVE_CONFIG_H -I. -I../..  -I../../smtpd -I../../openbsd-compat
> -I../../openbsd-compat/err_h -I../../openbsd-compat/paths_h -I.
> -I/usr/include  -DSMTPD_CONFDIR=\"/etc/opensmtpd\"
> -DPATH_CHROOT=\"/var/empty/smtpd\" -DPATH_SMTPCTL=\"/usr/sbin/smtpctl\"
> -DPATH_MAILLOCAL=\"/usr/libexec/opensmtpd/mail.local\"
> -DPATH_LIBEXEC=\"/usr/libexec/opensmtpd\" -DHAVE_CONFIG_H -DIO_SSL
> -DCA_FILE=\"/etc/pki/tls/cert.pem\" -O2 -g -pipe -Wall
> -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS
> -fexceptions -fstack-protector-strong -grecord-gcc-switches
> -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
> -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic
> -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
>  -fPIC -DPIC -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
> -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign
> -Wno-unused-result -fno-strict-aliasing -fno-builtin-memset -D_BSD_SOURCE
> -D_DEFAULT_SOURCE  -D_GNU_SOURCE -DNEED_EVENT_ASR_RUN -c -o
> ../../smtpd/smtpd-compress_backend.o `test -f
> '../../smtpd/compress_backend.c' || echo './'`../../smtpd/compress_backend.c
> ../../smtpd/ca.c: In function 'ca_X509_verify':
> ../../smtpd/ca.c:204:47: error: dereferencing pointer to incomplete type
> 'X509_STORE_CTX' {aka 'struct x509_store_ctx_st'}
>   204 |*errstr = X509_verify_cert_error_string(xsc->error);
>   |   ^~
> ../../smtpd/ca.c: At top level:
> ../../smtpd/ca.c:307:1: error: variable 'rsae_method' has initializer but
> incomplete type
>   307 | static RSA_METHOD rsae_method = {
>   | ^~
> ../../smtpd/ca.c:308:2: warning: excess elements in struct initializer
>   308 |  "RSA privsep engine",
>   |  ^~~~
> ../../smtpd/ca.c:308:2: note: (near initialization for 'rsae_method')
> ../../smtpd/ca.c:309:2: warning: excess elements in struct initializer
>   309 |  rsae_pub_enc,
>   |  ^~~~
> ../../smtpd/ca.c:309:2: note: (near initialization for 'rsae_method')
> ../../smtpd/ca.c:310:2: warning: excess elements in struct initializer
>   310 |  rsae_pub_dec,
>   |  ^~~~
> ../../smtpd/ca.c:310:2: note: (near initialization for 'rsae_method')
> ../../smtpd/ca.c:311:2: warning: excess elements in struct initializer
>   311 |  rsae_priv_enc,
>   |  ^
> ../../smtpd/ca.c:311:2: note: (near initialization for 'rsae_method')
> ../../smtpd/ca.c:312:2: warning: excess elements in struct initializer
>   312 |  rsae_priv_dec,
>   |  ^
> ../../smtpd/ca.c:312:2: note: (near initialization for 'rsae_method')
> ../../smtpd/ca.c:313:2: warning: excess elements in struct initializer
>   313 |  rsae_mod_exp,
>   |  ^~~~
> ../../smtpd/ca.c:313:2: note: (near initialization for 'rsae_method')
> ../../smtpd/ca.c:314:2: warning: excess elements in struct initializer
>   314 |  rsae_bn_mod_exp,
>   |  ^~~
> ../../smtpd/ca.c:314:2: note: (near initialization for 'rsae_meth

filter-rspamd available for testing

[Jakub Jirutka]

Hi Gilles,

I'm testing OpenSMTPD on Alpine Linux (musl libc) built from the last
commit from the portable branch [1] and filters don't work.

The filter script gets the following lines on the start of OpenSMTPD:

config|smtp-session-timeout|300\n
config|ready\n

Right after reading "config|ready" I print the following lines to STDOUT:

register|filter|smtp-in|data-line\n
register|filter|smtp-in|commit\n
register|ready\n

No problem so far. But when I send a message via sendmail(1), OpenSMTPD
processes it, but doesn't feed any input to the script. The script is
running and when I kill OpenSMTPD, it's gracefully exited (STDIN  is
closed, the script finishes).

I've even tried to register all the reporters and filters as
filter-rspamd do, i.e. emit exactly the same output, but no change.

My smtpd.conf:

table aliases file:/etc/smtpd/aliases
filter "my-filter" proc-exec "/etc/smtpd/filter.sh"
listen on lo filter "my-filter"

action "local" mbox alias 
match for local action "local"

Jakub

[1]:
https://github.com/OpenSMTPD/OpenSMTPD/commit/772da22936c8d80f7ad3284ea7e5bdbfdbee2efb

P.S.: misc+get-04...@opensmtpd.org doesn't work.

On 8/13/19 10:56 PM, gil...@opensmtpd.org wrote:
> Hello,
> 
> I have made available my filter-rspamd for testing:
> 
> 
> https://github.com/poolpOrg/filter-rspamd
> 
> 
> A port was done for OpenBSD, I'm waiting for okays but OpenBSD users will be 
> able to setup antispam with:
> 
> pkg_add rspamd filter-rspamd
> 
> 
> and adding the filter bits to smtpd.conf:
> 
> filter "rspamd" proc-exec "/usr/local/bin/filter-rspamd"
> listen on ... filter "rspamd"
> 
> 
> I have been running with this filter for a while now, so have other people.
> 
> You need to be running OpenSMTPD from OpenBSD -current or from the Github 
> repository.
> 
> Please test and report !
> 



signature.asc
Description: OpenPGP digital signature