On 10/14/10 17:06, Ted Unangst wrote:
On Thu, Oct 14, 2010 at 10:47 AM, Gilles Chehadegil...@openbsd.org wrote:
eric@ has written an (awesome :p) asynchronous resolver that allows us to do
non-blocking DNS lookups.
Why not use the evdns resolver in libevent? If you're already using
On 10/14/10 17:30, Ted Unangst wrote:
On Thu, Oct 14, 2010 at 11:17 AM, Gilles Chehadegil...@poolp.org wrote:
we don't have evdns in our libevent and I'm pretty confident it's not going
to happen any time soon given how many times I heard no fucking way by
different hackers :p
On Thu, Oct 14, 2010 at 04:47:26PM +0200, Gilles Chehade wrote:
Dear tech@,
eric@ has written an (awesome :p) asynchronous resolver that allows us to do
non-blocking DNS lookups.
As of today, smtpd implements non-blocking lookups through a fork+imsg hack,
creating a socketpair() and a new
On 10/15/10 10:50, Gilles Chehade wrote:
Hi tech@,
A new tarball has been uploaded yesterday, it contains the fixes eric@ wrote
for the issues reported on asr.
For now, only two issues have been reported on smtpd:
1- smtpd does not catch up changes to /etc/resolv.conf;
2- smtpd does not look
On 10/30/10 17:23, Peter J. Philipp wrote:
On Sat, Oct 30, 2010 at 04:55:36PM +0200, Gilles Chehade wrote:
Hi tech@,
A new tarball with all reported issues fixed is available at:
http://www.poolp.org/~gilles/smtpd-asyncdns.tar.gz
smtpd now catches changes in /etc/resolv.conf and should
in a cheese burger ?
Gilles
again !
:wq
Gilles
--
Gilles Chehade
freelance developer/sysadmin/consultant
http://www.poolp.org
the server reply (for AUTH and STARTTLS) during the EHLO
phase.
diff looks ok by me, i'll wait for jacekm@ to get a chance to review
it as he may have local changes to client.c before I commit it
tomorrow.
Thanks !
Gilles
--
Gilles Chehade
freelance developer/sysadmin/consultant
\o/
Gilles
On Fri, Nov 13, 2009 at 12:41:14PM +0100, Martin Hedenfalk wrote:
Hello,
I've been writing a small ldap server recently and thought I'd see if
there was any interest in such a thing here. It's ISC-licensed with a
small and readable code base. Still in a very early stage
Hi Seth,
It is a known issue, I actually had pulled the code for inet_net_pton()
from NetBSD many months ago, when I first realized inet6 masks were not
working in smtpd, but then I got sucked into other stuff and forgot it.
I'll review the diff again ... :-)
Thanks,
Gilles
On Fri, Apr 30
disconnect from session fd98324226959da6
debug: smtp: 0x122aab01000: deleting session: disconnected
dmesg attached.
smtpd.conf:
# $OpenBSD: smtpd.conf,v 1.6 2013/01/26 09:38:25 gilles Exp $
# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more
in there. I'll have
a look at this.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Thu, Feb 05, 2015 at 09:30:12PM -0600, Abel Abraham Camarillo Ojeda wrote:
On Tue, Dec 9, 2014 at 1:40 AM, Gilles Chehade gil...@poolp.org wrote:
Now, if you auth using another mechanism (ie: listen [...] auth table)
in theory we do not have the same limitation but I think it will fail
if not in comment and not on a
whitespace */
+ if (!comment buffer[i] != ')' !isspace((int)buffer[i]))
pos_component = i;
}
--
Gilles Chehade
https://www.poolp.org @poolpOrg
*, ...);
const char *log_sockaddr(struct sockaddr *);
/* ntp.c */
--
1.9.1
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Tue, Jan 06, 2015 at 07:24:45PM +0100, Jonas 'Sortie' Termansen wrote:
On 01/06/2015 12:11 PM, Gilles Chehade wrote:
Index: smtp_session.c
===
RCS file: /cvs/src/usr.sbin/smtpd/smtp_session.c,v
retrieving revision 1.221
On Wed, Jan 07, 2015 at 09:37:08AM +0100, Gilles Chehade wrote:
On Tue, Jan 06, 2015 at 07:24:45PM +0100, Jonas 'Sortie' Termansen wrote:
On 01/06/2015 12:11 PM, Gilles Chehade wrote:
Index: smtp_session.c
===
RCS file
like they are a valid format.
Have others seen emails like these? Should opensmtpd be rejecting them?
I can recreate those wrong formatted emails with this .forward file, I
remember it worked when there was sendmail.
Giovanni
I could reproduce, I'll work on a fix right away
--
Gilles
On Fri, May 08, 2015 at 11:23:22AM +0200, Gilles Chehade wrote:
On Thu, May 07, 2015 at 11:58:49AM +0200, Giovanni Bechis wrote:
On Wed, May 06, 2015 at 09:33:02PM -0400, James Turner wrote:
So I'm not quite sure how to explain this but I'm getting similiar
emails to the one below
On Sat, May 02, 2015 at 12:27:46PM +0800, Nathanael Rensen wrote:
The smtpd enqueue -S option does not take an argument.
committed, thanks
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Fri, May 08, 2015 at 01:48:38PM -0600, Todd C. Miller wrote:
On Fri, 08 May 2015 12:12:46 +0200, Gilles Chehade wrote:
Now the problem is that if the .forward references a |/path it forks
a mda (which prepends From), and if mda is sendmail then... it ends up
calling mail.local which
On Mon, Apr 06, 2015 at 01:12:05PM +0200, Mike Burns wrote:
On 2015-04-04 18.24.38 -0700, Philip Guenther wrote:
the original diff is fine and should be applied.
Thanks. Any other OKs/anyone want to apply this?
Yes, this is ok, I'll apply
--
Gilles Chehade
https://www.poolp.org
descriptors.
Links:
http://www.openbsd.org/errata56.html
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/025_smtpd.patch.sig
http://www.openbsd.org/errata57.html
http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/008_smtpd.patch.sig
--
Gilles Chehade
https://www.poolp.org
--
Gilles Chehade
https://www.poolp.org @poolpOrg
;-)
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Fri, Aug 14, 2015 at 09:40:32PM +, Larry Hynes wrote:
On 2015-08-14, Gilles Chehade gil...@poolp.org wrote:
On Thu, Aug 13, 2015 at 09:06:00AM +0100, Jason McIntyre wrote:
On Thu, Aug 13, 2015 at 03:21:56AM +0100, Larry Hynes wrote:
This is a minor quibble, and possibly a purely
until the unlock to bring the new changes.
You can either install smtpd w/ filters support from the tarballs on the
opensmtpd.org website, or wait till I commit everything in -current soon
or install sendmail wait for OpenBSD 5.9.
--
Gilles Chehade
https://www.poolp.org
On Wed, Oct 21, 2015 at 10:41:16PM +0200, Gregor Best wrote:
> Nice to see rubber duck debugging working. The attached patch seems to
> be enough
>
Thanks.
There is work in progress to shring the pledge list but I have
committed this meanwhile to fix the immediate issue.
--
Gille
During the last few months, researchers from Qualys Security have done
an audit of smtpd and have identified multiple reliability and security
issues.
The issues affect 5.6, 5.7 and forthcoming 5.8 release.
Patches are available. Apply the patch, rebuild smtpd and restart the
daemon.
5.6:
On Fri, Oct 02, 2015 at 05:17:39AM +0200, Gilles Chehade wrote:
> During the last few months, researchers from Qualys Security have done
> an audit of smtpd and have identified multiple reliability and security
> issues.
>
> The issues affect 5.6, 5.7 and forthcoming 5.8 releas
also haven't enabled the fts5 backend at this time.
>
> Now we could change strategies and I could only create a diff of the
> changes we actually want and then remove all these extra files from our
> tree and the use commit rather then import going forward.
>
> I would be fine w
achieved on specific recipients if desired:
> +Further access control may be achieved on specific recipients if desired:
> .Bl -tag -width Ds
> .It Xo
> .Ic recipient
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Tue, Dec 22, 2015 at 09:27:29AM -0800, Serguey Parkhomovsky wrote:
> Since the default backend for the aliases table was recently changed
> from db to file, change the examples in smtpd.conf.5 to use the file
> backend as well.
>
committed, thanks
--
Gilles Chehade
https://w
; +
> memset(, 0, sizeof args);
> addargs(, "%s", "makemap");
> for (i = 0; i < argc; i++)
> @@ -1021,6 +1025,7 @@ main(int argc, char **argv)
>
> return makema
On Tue, Dec 22, 2015 at 09:56:29PM +0100, Gilles Chehade wrote:
> On Tue, Dec 22, 2015 at 12:49:07PM -0800, Serguey Parkhomovsky wrote:
> > Rev 1.141 of smtpctl.c killed mail queueing for me:
> >
> > $ echo "test" | mail -s test sparkhom
> > $ send-m
rs if they have space-containing values :)
> Please see the patch attached.
>
I understand and agree with you about the problem, however I haven't been able
to convince hackers that space-separated key-value pairs were annoying enough.
I think this diff makes sense, waiting for other ok's
gille
cal", both in ambiguity and it
new ways the ruleset can match sessions.
If you're interested to work on it, I'd be happy to discuss this with you
so you can come up with a diff :-)
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Tue, Feb 09, 2016 at 09:23:17AM -0500, Peter Bisroev wrote:
> Hi Gilles
>
Hi,
>
>
> > We have faced a similar issue with filters and my thoughts are that we need
> > a
> > listen on socket of some kind, similar to your listen on local.
> >
> &
On Thu, Feb 11, 2016 at 05:28:50PM -0500, Peter Bisroev wrote:
> Hi Gilles,
>
> Please find my diff inline to enable "listen on socket" feature that we have
> discussed. I have tested the diff with currently two supported listen options
> for this listener, mask-send
On Fri, Feb 12, 2016 at 04:29:23PM -0500, Peter Bisroev wrote:
> Hi Gilles,
>
Hi,
> While looking over smtp_enqueue(), I have noticed that setting of
> hostname is a noop. It looks like a leftover code from a bugfix in here
> (http://cvsweb.openbsd.org/cgi-bin/cvsweb/src
On Sat, Feb 13, 2016 at 08:32:23PM +0100, Joerg Jung wrote:
> On Fri, Feb 12, 2016 at 05:00:59PM -0500, Peter Bisroev wrote:
> > > Just in case the previous diff is OK, I am attaching the patch to the
> > > smtpd.conf man page.
> >
> > Hi Gilles,
> >
> &
retrieving revision 1.272
> diff -u -p -r1.272 smtpd.c
> --- usr.sbin/smtpd/smtpd.c27 Jan 2016 12:46:03 - 1.272
> +++ usr.sbin/smtpd/smtpd.c1 Feb 2016 19:22:33 -
> @@ -667,8 +667,6 @@ main(int argc, char *argv[])
>
> fork_peers();
>
> -
nely placing the `$' to denote extended lines, depending on what
type of character is the character that goes beyond ncol
If there's something that seems suspiciously absent from that list,
perhaps it's something I've overlooked and haven't tested
myself. Hopefully that helps somewhat.
--
S. Gilles
> And even if there were a few people who would use it, i don't
> quite see how it would be better for them than what we already
> have. I mean, http://man.openbsd.org/ works with text browsers
> on text-only terminals.
>
maybe we could provide MaaS (man a
e default is 4h.
> -.It Ic ca Ar hostname Ic ca Ar cafile
> +.It Ic ca Ar hostname Ic certificate Ar cafile
> Associate a custom CA certificate located in
> .Ar cafile
> with
--
Gilles Chehade
https://www.poolp.org @poolpOrg
IPPROTO_IPV6, IPV6_V6ONLY, , sizeof(on)) == -1)
> + log_warn("setsockopt IPV6_V6ONLY");
> +#endif
> +
> if (la->rtable != -1 &&
> setsockopt(la->fd, SOL_SOCKET, SO_RTABLE, >rtable,
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Tue, May 17, 2016 at 04:16:09PM +0200, Henning Brauer wrote:
> * Gilles Chehade <gil...@poolp.org> [2016-05-17 15:56]:
> > On Tue, May 17, 2016 at 08:27:42AM -0500, Brent Cook wrote:
> > > This patch came by way of the openntpd github. Linux (and possibly others)
&g
ll people to restart smtpd, but even then i'm not sure this is the
> business of afterboot(8). look at the text immediately after, which
> shows how to change the mailer to accept external connections: it makes
> no mention of restarting smtpd. in general, that's a normal pattern.
>
> i know afterboot(8) is a little different though.
>
> still, i would be inclined to say let's just zap the newaliases sentence.
>
agreed
--
Gilles Chehade
https://www.poolp.org @poolpOrg
if (f->f_file < 0) {
> f->f_type = F_UNUSED;
> - logerrorx(p);
> + logerror(p);
> break;
> }
> if (isatty(f->f_file)) {
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
wd file will contain an entry like
> @@ -199,9 +197,9 @@ maildir folder are mapped to the single
> In this example, Dovecot is used as an IMAP server.
>
>
> -# export
> PKG_PATH=http://your.local.mirror/pub/OpenBSD/%c/packages/%a
> -# pkg_add dovecot
> and the kernel that spreads the inconsistency inside userland.
>
> Kernel and userland best practices are already quite different, including
> this in that list is the lesser evil.
>
I would love to remove this from smtpd to reduce diff with portable,
so i'm generally ok with the idea
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Mon, Feb 20, 2017 at 09:37:28PM +0100, Eric Faurot wrote:
> Report the errno set by getifaddrs(3) if the setup for AI_ADDRCONFIG fails,
> rather than a non-informative EAI_FAIL. Compare to -1 for error detection
> while here.
>
> Eric.
ok gilles@
> Index: asr/g
> I had - lazily - only removed the Z_MASK test.
>
> Updated diff, that includes bits for asr_debug.c. First hunk still here
> for basic testing. Packets with the AD or CD flags are no longer
> discarded, given the new Z_MASK #define. (I don't see a reason to
> discard packets
the control socket.
>
> Additionally, make sure that vmd never fatal()s when receiving an
> invalid imsg from an arbitrary user over the control socket.
>
ok gilles@
> diff --git usr.sbin/vmd/control.c usr.sbin/vmd/control.c
> index 5e0141f..cda7df9 100644
> --- usr.sbin/vmd
the features of libutil's openpty function.
> Additionally, make sure that the ttys are closed correctly on shutdown.
>
ok gilles@
> diff --git usr.sbin/vmd/config.c usr.sbin/vmd/config.c
> index f35a3b3..a16c143 100644
> --- usr.sbin/vmd/config.c
> +++ usr.sbin/vmd/config.c
> @@
"event=failed-command address=%s host=%s "
> + "command=\"AUTH PLAIN (...)\" result=\"%.*s\"",
> + s->id, ss_to_text(>ss), s->hostname, n, buf);
> }
> else if (s->state == STATE_AUTH_USERNAME) {
> - log_info("smtp-in: Failed command on session %016"PRIx64
> - ": \"AUTH LOGIN (username)\" => %.*s", s->id, n,
> buf);
> + log_info("%016"PRIx64" smtp "
> + "event=failed-command address=%s host=%s "
> + "command=\"AUTH LOGIN (username)\" result=\"%.*s\"",
> + s->id, ss_to_text(>ss), s->hostname, n, buf);
> }
> else if (s->state == STATE_AUTH_PASSWORD) {
> - log_info("smtp-in: Failed command on session %016"PRIx64
> - ": \"AUTH LOGIN (password)\" => %.*s", s->id, n,
> buf);
> + log_info("%016"PRIx64" smtp "
> + "event=failed-command address=%s host=%s "
> + "command=\"AUTH LOGIN (password)\" result=\"%.*s\"",
> + s->id, ss_to_text(>ss), s->hostname, n, buf);
> }
> else {
> strnvis(tmp, s->cmd, sizeof tmp, VIS_SAFE | VIS_CSTYLE);
> log_info("%016"PRIx64" smtp "
> - "event=failed-command command=\"%s\"
> result=\"%.*s\"",
> - s->id, tmp, n, buf);
> + "event=failed-command address=%s host=%s
> command=\"%s\" "
> + "result=\"%.*s\"",
> + s->id, ss_to_text(>ss), s->hostname, tmp, n,
> buf);
> }
> break;
> }
--
Gilles Chehade
https://www.poolp.org @poolpOrg
VE,
> IMSG_CTL_SCHEDULE,
> IMSG_CTL_SHOW_STATUS,
> - IMSG_CTL_SHUTDOWN,
> IMSG_CTL_TRACE_DISABLE,
> IMSG_CTL_TRACE_ENABLE,
> IMSG_CTL_UPDATE_TABLE,
> @@ -572,7 +571,7 @@ struct smtpd {
> #define SMTPD_OPT_NOACTION 0x0002
> uint32_tsc_opts;
>
> -#define SMTPD_EXITING0x0001
> +#define SMTPD_EXITING0x0001 /* unused */
> #define SMTPD_MDA_PAUSED 0x0002
> #define SMTPD_MTA_PAUSED 0x0004
> #define SMTPD_SMTP_PAUSED0x0008
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
; + fatalx("exited event loop");
>
> return (0);
> }
> Index: smtpd.c
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/smtpd.c,v
> retrieving revision 1.283
> diff -u -p -r1.283 smtpd.c
> --- smtpd.c 4 Sep 2016 09:33:49 - 1.283
> +++ smtpd.c 4 Sep 2016 14:37:31 -
> @@ -1050,8 +1050,8 @@ smtpd(void) {
> "getpw sendfd proc exec id inet unix", NULL) == -1)
> err(1, "pledge");
>
> - if (event_dispatch() < 0)
> - fatal("smtpd: event_dispatch");
> + event_dispatch();
> + fatalx("exited event loop");
>
> return (0);
> }
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
fix a bug where the specified family was ignored if the listener
> is given as a hostname.
>
>
i like it, ok
please commit soon so people get a chance to spot any error we didn't
gilles
> Index: parse.y
> ==
waitpid(WAIT_MYPGRP, NULL, 0);
> @@ -292,8 +292,8 @@ parent_shutdown(int ret)
>
> unlink(SMTPD_SOCKET);
>
> - log_warnx("warn: parent terminating");
> - exit(ret);
> + log_info("Exiting");
> + exit(0);
> }
>
> static void
> @@ -333,16 +333,17 @@ static void
> parent_sig_handler(int sig, short event, void *p)
> {
> struct child*child;
> - int die = 0, die_gracefully = 0, status, fail;
> + int status, fail;
> pid_tpid;
> char*cause;
>
> switch (sig) {
> case SIGTERM:
> case SIGINT:
> - log_info("info: %s, shutting down", strsignal(sig));
> - die_gracefully = 1;
> - /* FALLTHROUGH */
> + log_debug("debug: got signal %d", sig);
> + parent_shutdown();
> + /* NOT REACHED */
> +
> case SIGCHLD:
> do {
> int len;
> @@ -379,7 +380,6 @@ parent_sig_handler(int sig, short event,
>
> switch (child->type) {
> case CHILD_DAEMON:
> - die = 1;
> if (fail)
> log_warnx("warn: lost child: %s %s",
> child->title, cause);
> @@ -434,10 +434,6 @@ parent_sig_handler(int sig, short event,
> free(cause);
> } while (pid > 0 || (pid == -1 && errno == EINTR));
>
> - if (die)
> - parent_shutdown(1);
> - else if (die_gracefully)
> - parent_shutdown(0);
> break;
> default:
> fatalx("smtpd: unexpected signal");
> @@ -1597,7 +1593,7 @@ imsg_dispatch(struct mproc *p, struct im
> int msg;
>
> if (imsg == NULL) {
> - exit(1);
> + imsg_callback(p, imsg);
> return;
> }
>
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
dmin
deciding to do so.
Then, we have changed permissions only twice in about 9 years of smtpd.
Both times we only required a one-time fix, kind of a flag day, to make
the transition and never hear about it again. It doesn't make sense for
me to add code that will stay
ata is queued. So the
> > api user does not have to worry about it.
> >
> > Eric.
>
> Ok sunil@
>
been running with my server patched since yesterday, no regression
ok gilles@
> >
> > Index: ioev.c
> > =
On Mon, Nov 21, 2016 at 08:46:32PM +0100, Eric Faurot wrote:
> The api user should not have to care about normalizing the io input
> buffer (i.e. resetting the read/write pos in the buffer).
> Do it internally when reloading the io event.
>
yes please, ok gilles@
>
r each new io internally
> - use struct io pointer in the rest of the code
> - remove remaining uses of iobuf_*
>
> The diff is mostly mechanical.
>
ok gilles@
been running with this since saturday morning and tested both out and
in path, as well as bounce,
e user pointer is passed as parameter to the io
> callback instead of having the user dereference the io structure. There
> are places where the callback function is triggered outside of the io
> layer. It's not desirable, and it needs to be fixed in a separate diff.
&
quired, cascade */
> -
> - case IO_TLSVERIFIED:
> - x = SSL_get_peer_certificate(s->io.ssl);
> - if (x) {
> - log_info("%016"PRIx64" smtp "
> - "event=client-cert-check address=%s host=%s
> result=\"%s\"",
> - s->id, ss_to_text(>ss), s->hostname,
> - (s->flags & SF_VERIFIED) ? "success" : "failure");
> - X509_free(x);
> - }
> -
> - if (s->listener->flags & F_SMTPS) {
> - stat_increment("smtp.smtps", 1);
> - io_set_write(>io);
> - smtp_send_banner(s);
> - }
> - else {
> - stat_increment("smtp.tls", 1);
> - smtp_enter_state(s, STATE_HELO);
> - }
> - break;
>
> case IO_DATAIN:
> nextline:
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
; names in some cases.
>
> The point is of course to be able remove the use of iobuf_*() in the rest
> of the daemon.
>
yay, ok gilles@
please tell me the next diff removes iobuf_* :-p
> Index: ioev.c
> ===
>
the situation.
Sadly, "clear" is something the OpenSSL folks are unfamiliar with...
--
Gilles Chehade
https://www.poolp.org @poolpOrg
);
> > } else {
> > ic->ic_flags &= ~IEEE80211_F_PSK;
> > memset(ic->ic_psk, 0, sizeof(ic->ic_psk));
> > @@ -496,6 +528,8 @@ ieee80211_ioctl(struct ifnet *ifp, u_lon
> > break;
> > kr = (struct ieee80211_keyrun *)data;
> > error = ieee80211_keyrun(ic, kr->i_macaddr);
> > + if (error == 0 && (ic->ic_flags & IEEE80211_F_WEPON))
> > + ieee80211_disable_wep(ic);
> > break;
> > case SIOCS80211POWER:
> > if ((error = suser(curproc, 0)) != 0)
> >
>
> --
> Antoine
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
om the old design when table parsing was
> done in context of its intended use in the global config.
>
this is a leftover from when tables were called maps and used to be
declared with a type
ok gilles@
> Index: table_static.c
> ===
write message content directly to the file.
>
> There should be no functionnal change.
>
this should be tested by many people right away to spot subtle regressions
ok gilles@
> Index: pony.c
> ===
> RCS file: /cvs/src/
On Fri, Aug 04, 2017 at 02:56:21PM +0200, Gilles Chehade wrote:
> On Fri, Aug 04, 2017 at 01:13:06PM +0200, Eric Faurot wrote:
> > Hi,
> >
> > Experimental support for filters has been removed some time ago from
> > the config parser. Now we want to get rid of t
> +++ smtp_session.c11 May 2017 10:16:54 -
> @@ -962,8 +962,7 @@ smtp_session_imsg(struct mproc *p, struc
> io_set_read(s->io);
> io_start_tls(s->io, ssl);
>
> - explicit_bzero(resp_ca_cert->cert, resp_ca_cert->cert_len);
> - free(resp_ca_cert->cert);
> + freezero(resp_ca_cert->cert, resp_ca_cert->cert_len);
> free(resp_ca_cert);
> return;
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Tue, May 30, 2017 at 05:26:08PM -0500, Edgar Pettijohn wrote:
> fix typo
thanks, will commit
when sending diffs, please inline them instead of attaching as it is
easier for us to work with them that way
Gilles
> Index:
On Wed, May 31, 2017 at 09:53:38AM -0500, Jimmy Hess wrote:
> On Wed, May 31, 2017 at 6:34 AM, Gilles Chehade <gil...@poolp.org> wrote:
>
> > It is not that simple because newaliases works when you have one aliases
> > database (e.g. /etc/mail/aliases). This is the c
eful if "newaliases" did whatever is necessary for the
> table type you have in use so you don't need to think about it and the
> documentation can be simple..)
>
It is not that simple because newaliases works when you have one aliases
database (e.g. /etc/mail/aliases). This is the case on the default setup
but smtpd supports per-rule aliases mappings and for example the MX that
I run for poolp.org and opensmtpd.org has two different sets of aliases,
one for each domain, and now newaliases can't work anymore.
We can hack it so it works in some cases but it will never be able to do
the work correctly for non-default configurations and we will still have
to provide and document the smtpctl command.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
= 0)
> smtp_data_io_done(s);
> - } else if (io_paused(s->io, IO_IN)) {
> +
> + if (io_paused(s->io, IO_IN)) {
> log_debug("debug: smtp: %p: filter congestion over:
> resuming session", s);
> io_resume(s->io, IO_IN);
> }
>
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
e to leak more than 5 fd, it
> > > should not have been able to exhaust, is this what you observed ?
>
> For the record, we discussed this with Gilles on irc and while we saw
> more than a dozen leaked fds, it's okay as smtpd will allow as many
> incoming sessions as the dtable can
ech=145338987910327=2
[1] https://github.com/hboetes/mg/tree/display-wide-characters
--
S. Gilles
diff --git a/basic.c b/basic.c
index 85d9f70..123e115 100644
--- a/basic.c
+++ b/basic.c
@@ -18,6 +18,7 @@
#include
#include
#include
+#include
#include "def.h"
@@ -269,1
at a time to keep
> > the diffs simple, starting with smtp_filter_connect().
>
> Actually the complete diff is simple enough.
>
yes
ok gilles@
> Index: smtp_session.c
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/sm
s
> containing a separator.
>
> Existing table files should still be working as expected.
> As a bonus, parse errors are now logged with line number.
>
as discussed, i think it's a neat idea
the diff is ok gilles@ too
> Index: table_static.c
>
on of my own complex smtpd.conf to new grammar:
https://poolp.org/posts/2018-05-21/switching-to-opensmtpd-new-config/
I have also compiled a list of directives recognized by the parser which
I intend to use for regress tests:
https://poolp.org/~gilles/smtpd.conf
As for the reaso
On Thu, May 24, 2018 at 04:38:17PM -0400, Rupert Gallagher wrote:
> On Thu, May 24, 2018 at 14:18, Gilles Chehade <gil...@poolp.org> wrote:
>
> > In effect, instead of having:
> > accept from any for local deliver to mbox
> >
> > You will have:
> >
ely not up for reworking all of mg. It seems
better that this patch, as it is, remain off to the side in case
someone wants to use it themselves.
--
S. Gilles
On 2018-05-30T11:50:37+0200, Stefan Sperling wrote:
> Comments inline. I think this still needs a lot of work...
Thanks for the review; replies inline (and omitted where the reply
is the same as one above). By the time you read this, I'll have
pushed the changes I mention to my branch in hboetes'
On Sat, Jun 02, 2018 at 10:32:52PM +0200, Denis Fondras wrote:
> Applying otto@'s diff to smtpd.
> Fixes an off-by-one line count when using include statements.
>
> Ok ?
>
tested, ok gilles@
> Index: parse.y
> =
1.183
> +++ smtpd.conf.5 31 May 2018 19:56:04 -
> @@ -205,6 +205,9 @@ to advertise during the HELO phase.
> .It Cm host Ar relay-url
> Do not perform MX lookups but relay messages to the relay host described by
> .Ar relay-url .
> +If the url uses tls, the certificate w
On 2018-06-01T11:02:57+0200, Stefan Sperling wrote:
> On Wed, May 30, 2018 at 04:01:57PM -0400, S. Gilles wrote:
> > On 2018-05-30T09:17:22-0600, Theo de Raadt wrote:
> > > This approach seems misguided. Let me tell a story.
> > >
> > > More than two de
NODSN },
> + { "no-verify", NOVERIFY },
> { "on", ON },
> { "pki",PKI },
> { "port", PORT },
> Index: mta.c
> ======
tials.
> +This option is usable only with
> +.Cm host
> +option.
> +The credential table format is described in
> +.Xr table 5 .
> .It Cm mail\-from Ar mailaddr
> Use
> .Ar mailaddr
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
errno = ERANGE;
> + return -1;
> + }
> +
> +#define N 256
> + alloc = N * (need / N) + ((need % N) ? N : 0);
> +#undef N
> + buf = reallocarray(b->buf, alloc, 1);
> + if (buf == NULL)
> + return -1;
> +
> + b-&g
tate: unknown state");
> + fatalx("%s: bad state %d", __func__, proto->state);
> }
> #undef smtp_client_state
> }
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
trlen(s) - strlen(val);
> + sym = strndup(s, len);
> + if (sym == NULL)
> + errx(1, "%s: strndup", __func__);
>
> ret = symset(sym, val + 1, 1);
> free(sym);
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
0
> },
> + { "lmtp://",RELAY_TLS_NO,RELAY_LMTP
> },
> + { "smtps://", RELAY_TLS_SMTPS, 0
> }
> };
> const char *errstr = NULL;
> char *p, *q;
> @@ -344,6 +345,7 @@ text_to_relayhost(struct relayhost *rela
> else
> p = buffer + strlen(schemas[i].name);
>
> + relay->tls = schemas[i].tls;
> relay->flags = schemas[i].flags;
>
> /* need to specify an explicit port for LMTP */
> @@ -395,7 +397,8 @@ text_to_relayhost(struct relayhost *rela
> return 0;
> if (relay->authlabel[0]) {
> /* disallow auth on non-tls scheme. */
> - if (!(relay->flags & (RELAY_STARTTLS | RELAY_SMTPS)))
> + if (relay->tls != RELAY_TLS_STARTTLS &&
> + relay->tls != RELAY_TLS_SMTPS)
> return 0;
> relay->flags |= RELAY_AUTH;
> }
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Mon, Sep 03, 2018 at 11:43:02PM +0800, Michael Mikonos wrote:
> On Mon, Sep 03, 2018 at 02:24:49PM +0800, Michael Mikonos wrote:
> > On Sat, Sep 01, 2018 at 11:31:49PM +0200, Gilles Chehade wrote:
> > > On Sat, Sep 01, 2018 at 09:20:59PM +0800, Michael Mikonos wr
Alias
> > table.
> >
> > Thanks,
> > Matt
> >
>
> [...]
>
>
> i think your diff reads better than what's there now. gilles, eric?
>
agreed
--
Gilles Chehade
https://www.poolp.org @poolpOrg
worst
> mails would be sent over a secure channel instead of plain text.
> - an "smtp+tls://" relay would not fallback to plain text if STARTTLS fails,
> and the mail will tempfail.
> - in all other cases, the m
ch_a);
> + lookup_record(T_, *(ap) + 2, dispatch_);
> continue;
> }
> if (strncasecmp("exists:", *ap, 7) == 0) {
--
Gilles Chehade
https://www.poolp.org @poolpOrg
On Thu, Oct 25, 2018 at 07:24:33AM +0100, Raf Czlonka wrote:
> On Thu, Oct 25, 2018 at 07:11:47AM BST, Gilles Chehade wrote:
> >
> > smtpd will _always_ display a 'starttls' log line when the TLS channel
> > starts,
> > disregarding if TLS was started at con
attempted to connect in plaintext then upgrade
a session on a host that didn't speak plaintext and expected sessions to speak
TLS from the start.
--
Gilles Chehade
https://www.poolp.org @poolpOrg
101 - 200 of 263 matches
Mail list logo