Re: smtpd: use libtls signer

On Sun, Jan 30, 2022 at 10:55:40AM +0100, Eric Faurot wrote: > Hi. > > This diff makes use of the new libtls signer api to simplify tls privsep. Updated diff after libtls signer api tweak by jsing@ Eric. Index: ca.c ===

smtpd: use libtls signer

1.40 +++ ca.c26 Jan 2022 14:01:15 - @@ -1,6 +1,7 @@ /* $OpenBSD: ca.c,v 1.40 2021/06/14 17:58:15 eric Exp $*/ /* + * Copyright (c) 2021 Eric Faurot * Copyright (c) 2014 Reyk Floeter * Copyright (c) 2012 Gilles Chehade * @@ -17,45 +18,23 @@ * OR IN CONNECTION

smtpd: srs and ruleset evaluation

Hi. A user reported that decoded SRS addresses are not correctly evaluated against the ruleset. That's because the ruleset always matches against the expanded address ("dest") and not the original address ("rcpt"). This diff should fix it. Eric. Index: lka_session.c

smtpd: unnecessary "no certificate presented" log message

Except for specific cases, SMTP servers do not expect client certificates for TLS sessions. The log message for missing certificate is not very useful in practice (handshake fails before if it was required anyway), and it is even confusing for people. I think it can go away. Eric. Index:

Re: add table_procexec in smtpd

On Wed, Jun 09, 2021 at 05:41:36PM -0400, Aisha Tammy wrote: > Hi, > Here is the updated diff, which removes table_proc and adds table_procexec > as the default backend when no backend name matches. > Hi. I'm not opposed to the idea, but I have a couple of comments: First, if the two

Re: smtpd: includes cleanup

Hi. Slightly updated diff, including sys/tree.h in smtpd.h. Eric. Index: aliases.c === RCS file: /cvs/src/usr.sbin/smtpd/aliases.c,v retrieving revision 1.78 diff -u -p -r1.78 aliases.c --- aliases.c 28 Apr 2020 21:46:43 -

Re: smtpd: includes cleanup

On Thu, May 27, 2021 at 08:13:36AM -0600, Todd C. Miller wrote: > On Thu, 27 May 2021 13:14:30 +0200, Eric Faurot wrote: > > > New diff with small tweaks. > > It looks like you are relying on sys/queue.h being included implicitly. > Since smtpd.h uses the TAILQ macros,

Re: smtpd: includes cleanup

New diff with small tweaks. Eric. Index: aliases.c === RCS file: /cvs/src/usr.sbin/smtpd/aliases.c,v retrieving revision 1.78 diff -u -p -r1.78 aliases.c --- aliases.c 28 Apr 2020 21:46:43 - 1.78 +++ aliases.c 26 May

smtpd: includes cleanup

Cruft has accumulated on that front. This diff cleans it up: the few headers that are directly required for smtpd.h are included there, and unnecessary includes are removed from the rest of the files. Eric. Index: aliases.c === RCS

smtpd: err/errx -> fatal/fatalx

This diff replaces calls to err(3)/errx(3) with fatal()/fatalx() from log.c for code that runs in the deamon (we want errors logged to syslog, not stderr). It's pretty mechanical, with two things to note: The call to default_config() has to be done after log_init() in smtpd.c, and log_init() is

smtpd: unused code

This diff removes more unused code. Eric. Index: config.c === RCS file: /cvs/src/usr.sbin/smtpd/config.c,v retrieving revision 1.55 diff -u -p -r1.55 config.c --- config.c9 Apr 2021 16:43:43 - 1.55 +++ config.c25

smtp: more tls options

The new -T option in smtp(1) allows to plug more TLS parameters easily. For completeness and consistency, this diff adds the following: cafile=: override the default root certificates nosni: disable SNI completely noverify: synonym for -C that can be recycled servername=: synonym for -S

Re: smtp(1): protocols and ciphers

Here is an updated diff integrating different suggestions I received. - use -T (for TLS) instead of -O - use getsubopt(3) which I didn't know - manpage tweaks Eric. Index: smtp.1 === RCS file: /cvs/src/usr.sbin/smtpd/smtp.1,v

smtp(1): protocols and ciphers

Hello. This diff allows to specify protcols and ciphers in smtp(1). I thought it was cleaner to added a generic -O option flag for this. Eric. Index: smtp.1 === RCS file: /cvs/src/usr.sbin/smtpd/smtp.1,v retrieving revision 1.9

Re: smtpd: remove tls_accept/tls_connect callbacks

On Wed, Apr 21, 2021 at 11:21:51AM +0200, Eric Faurot wrote: > There is actually no reason to defer calls to tls_accept_socket() and > tls_connect_socket() in an event callback. The code can be simplified > by a great deal. It also eliminates the issue of keeping a reference > to

smtpd: remove tls_accept/tls_connect callbacks

There is actually no reason to defer calls to tls_accept_socket() and tls_connect_socket() in an event callback. The code can be simplified by a great deal. It also eliminates the issue of keeping a reference to the listener tls context in the io structure. Eric. Index: ioev.c

Re: smtpd: more unused code

On Sun, Apr 11, 2021 at 01:54:32PM +0200, Eric Faurot wrote: > Certificate verification is done by libtls. The former code is not used > anymore and can be unplugged. Anyone willing to ok this? > Eric. > > Inde

Re: smtpd: more unused code

On Mon, Apr 12, 2021 at 07:56:57AM -0400, Dave Voutila wrote: > > Eric Faurot writes: > > > Certificate verification is done by libtls. The former code is not used > > anymore and can be unplugged. > > Should cert.c be removed? I don't think it's used by smtp{d,ctl}

smtpd: more unused code

Certificate verification is done by libtls. The former code is not used anymore and can be unplugged. Eric. Index: dispatcher.c === RCS file: /cvs/src/usr.sbin/smtpd/dispatcher.c,v retrieving revision 1.2 diff -u -p -r1.2

smtpd: unused files and dependency

Do not build unused files and remove related prototypes. Also remove bogus libm dependency. Index: smtpd.h === RCS file: /cvs/src/usr.sbin/smtpd/smtpd.h,v retrieving revision 1.666 diff -u -p -r1.666 smtpd.h --- smtpd.h 10 Apr

smtp: dead code

This diff removes unused code and lib depends from smtp(1). Eric. Index: smtpc.c === RCS file: /cvs/src/usr.sbin/smtpd/smtpc.c,v retrieving revision 1.14 diff -u -p -r1.14 smtpc.c --- smtpc.c 5 Mar 2021 12:37:32 - 1.14

smtpd: tls ciphers and protocols on listeners

Hi, This diff allows to specify tls ciphers and protocols on listen rules, as it's been done already for relay actions. While there, sanitize error checking on protocols config in the mta. Eric. Index: config.c === RCS file:

smtpd: default mta ciphers

If not cipher list is specified for a relay rule, fallback to the global cipher list if defined, rather than libtls default. This is closer to the previous behavior. Eric. Index: mta.c === RCS file: /cvs/src/usr.sbin/smtpd/mta.c,v

Re: smtpd: trace and vfprintf %s NULL

Any objection or ok? On Sat, Mar 27, 2021 at 12:52:11PM +0100, Eric Faurot wrote: > Hello. > > I get reports from people seeing "vfprintf %s NULL" in their logs > recently. The problem is in a function that should be fixed, > but that function is only expected to

smtpd: trace and vfprintf %s NULL

Hello. I get reports from people seeing "vfprintf %s NULL" in their logs recently. The problem is in a function that should be fixed, but that function is only expected to but used for debug traces. This diff turns log_trace() into a macro, so the parameters are not needlessly evaluated when

smtpd: set protocols and ciphers

Hi. This diff allows to specify the protocol versions and ciphers to use for outgoing TLS sessions on a per relay basis. Eric. Index: mta.c === RCS file: /cvs/src/usr.sbin/smtpd/mta.c,v retrieving revision 1.235 diff -u -p -r1.235

smtpd: use mx name for sni

As spotted by krw@, the mta should use the mx hostname for sni, not the reverse dns for the peer address. Eric. Index: mta_session.c === RCS file: /cvs/src/usr.sbin/smtpd/mta_session.c,v retrieving revision 1.139 diff -u -p -r1.139

Re: smtpd: use libtls

Hi. The diff seems to work for the few people who tested it (thanks). Anyone wants to ok this? Eric. Index: ca.c === RCS file: /cvs/src/usr.sbin/smtpd/ca.c,v retrieving revision 1.37 diff -u -p -r1.37 ca.c --- ca.c31 Dec

Re: smtpd: use libtls

No much report so far. Anybody had a chance to test this? Here is the same diff again with manpage update this time. Eric. Index: ca.c === RCS file: /cvs/src/usr.sbin/smtpd/ca.c,v retrieving revision 1.37 diff -u -p -r1.37 ca.c ---

smtpd: use libtls

There has been a plan for some time now to make smtpd use libtls instead of openssl. Recent changes in libtls allow to move forward with this. Here is a diff to start the switch. I've tried to keep it as small as possible, sticking to the necessary changes. There is still a lot of code that can

Re: smtp(1) add authentication

On Sun, Dec 20, 2020 at 07:58:56PM +0100, Martijn van Duren wrote: > Playing around with the filter API I want an easier way to send mail > with authentication instead of doing the transaction manually via > openssl or via bloated mailclients. Turns out we already have all the > plumbing in place

smtpd: simplify codepath

When creating a tls session on an incoming connection, a useless roundtrip through the lka is made (see cert.c) to retreive a certificate which is not used anyway: the necessary contexts have already been set up for all pki names (in smtp.c:smtp_setup_events()). This diff makes the codepath more

smtpd: fix catch-all in virtual aliases

Hi. When a catch-all entry (@) is used in a virtual alias table, it eventually (and mistakenly) catches everything that expands to a username. For example, with: f...@example.com user @catchall "f...@example.com" expands to "user" as expected, but then "user" expands to

smtpd: simplify aliases_get()

Hi, The current code for aliases_get() is a bit contorted I think. This diff makes it clearer. Eric. Index: aliases.c === RCS file: /cvs/src/usr.sbin/smtpd/aliases.c,v retrieving revision 1.77 diff -u -p -r1.77 aliases.c ---

Re: resolv.conf(5) says options inet6 does nothing

On Thu, Apr 23, 2020 at 10:34:39AM -0600, Theo de Raadt wrote: > It says the keyword gets parsed, but then does performs no action. > > But that is different from not parsing it. > > Additionally, this explains an option which other systems support, and > by explaining it this way, it is also

Re: smtpd: trailing CR

On Tue, Apr 21, 2020 at 07:08:48AM +, gil...@poolp.org wrote: > April 21, 2020 4:28 AM, "Todd C. Miller" wrote: > > > On Mon, 20 Apr 2020 15:01:31 +0200, Eric Faurot wrote: > > > >> There has been a discussion a while ago about the issue of trailing CR

smtpd: fix smtpctl discover

Hi again, We had a report of a crash when running "smtpctl discover" on an envelope that has a invalid dispatcher (action name changed in the config). The issue is that the dispatcher is not checked after the envelope is loaded as a result of the discover command. But adding the check

smtpd: trailing CR

Hi, There has been a discussion a while ago about the issue of trailing CR in smtp lines (https://marc.info/?l=openbsd-tech=156890805128121=2). It is agreed that stripping an optional CR at io level is a problem because the information is lost and there is no way to take a specific action at the

smtpd: fix report event format

Some users had issues with report events for MAIL FROM and RCPT TO when "|" appear in the mail address (yes, it seems to happen), because that's also the field separator. To make parsing the report lines a bit more straightforward, it's better to put the address as the last field. Note that this

smtpd: use CRLF in local enqueuer

This diff makes the local enqueuer use CRLF line ending during the SMTP dialog, as required by the protocol. Eric. Index: enqueue.c === RCS file: /cvs/src/usr.sbin/smtpd/enqueue.c,v retrieving revision 1.117 diff -u -p -r1.117

Re: smtpd: add support for cidr in hostname resolution for spf walk

On Tue, Nov 12, 2019 at 02:16:25PM +0100, Quentin Rameau wrote: Hello > Hello, > > Here's a patch for smtpctl spf resolution, adding support for target > specified as a hostname + cidr. > > Yes, SPF lets you specify targets like a:example.com/24. > > Due to the async and recursive nature of

Re: smtpd handling of \r in DATA part

On Thu, Sep 19, 2019 at 05:48:17PM +, gil...@poolp.org wrote: > > To me, the only real problem with '\r' is at the end of lines. It's > > confusing > > since you never really know whether it's part of the content or the > > protocol. > > > > So I suggest that we strip all '\r' found at the

Re: smtpd handling of \r in DATA part

On Thu, Sep 19, 2019 at 05:46:47PM +0200, Gilles Chehade wrote: > Hello, > > The RFC for SMTP states the following (section 2.3.8): > > In addition, the appearance of "bare" "CR" or "LF" characters in text > (i.e., either without the other) has a long history of causing > problems in

Re: smtp(1) certificate validation

On Tue, Sep 10, 2019 at 06:12:12PM +0100, Stuart Henderson wrote: > > + if (!SSL_CTX_load_verify_locations(ssl_ctx, "/etc/ssl/cert.pem", NULL)) > > shouldn't that use X509_get_default_cert_file()? Yes, that looks better. Updated locally. Eric.

Re: smtp(1) certificate validation

On Fri, Sep 06, 2019 at 08:41:21AM +0200, Eric Faurot wrote: > Hi, > > This patch adds the missing bits for verifying the server certificate > in smtp(1). Take two: now check the name(s) of the server certificate. I borrowed code from libtls for now. This will be cleaned up whe

smtp(1) certificate validation

Hi, This patch adds the missing bits for verifying the server certificate in smtp(1). Eric. Index: smtpc.c === RCS file: /cvs/src/usr.sbin/smtpd/smtpc.c,v retrieving revision 1.8 diff -u -p -r1.8 smtpc.c --- smtpc.c 2 Sep 2019

Re: gethostbyname return TRY_AGAIN on network outage

Hi. Your diff looks correct. I can't see a reason for the "ar_datalen == -1" special case here. According to my tests, gethostbyname() with a bogus nameserver (not responding, not reachable, ...) now fails with TRY_AGAIN, but still fails with HOST_NOT_FOUND if "bind" is not set on the lookup

smtpd: update table api

Hi. This diff changes the internal table interface. The backends now return results as formatted strings, parsing is delegated to the upper layer. It's been lightly tested already, but more tests would be very welcome, especially with setups involving lots of tables (including external ones).

smtpd: force TLS when relaying

There is currently no way to force TLS on a relay rule in general, and force certificate checking. Typical use case: a secondary MX needing to relay safely to lower preference MXs. This diff below allows the "tls" option to be used alone, including on non-smarthost relay rules, to specify that

smtpd: flags cleanup in mta

With the recent changes in the smarthost syntax, and the removal of the "secure" keyword, it's now possible to clarify the mta code by changing the TLS option from a set flags to exclusive values. This is far less confusing. More cleanup to come in mta_session.c after that. Eric. Index: mta.c

Re: smtpd: improve syntax for relay host

Hi. Same diff with associated manpage update. If there is no objection, I'd like to commit this quickly. Eric. Index: smtpd.conf.5 === RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v retrieving revision 1.199 diff -u -p -r1.199

smtpd: improve syntax for relay host

For clarity and consistency, we'd like to change the url-like schemes used for specifying smarthost relays in smtpd.conf, to make them match what has been set for smtp(1). The proposed changes are as follow: - the "+auth" specifier is removed: it is implied by the presence of an auth label in

smtpd: improve message parser

:35:17 eric Exp $ */ + +/* + * Copyright (c) 2018 Eric Faurot + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * +

smtpd: improve internal resolver interface

RCS file: resolver.c diff -N resolver.c --- /dev/null 1 Jan 1970 00:00:00 - +++ resolver.c 20 Jul 2018 17:25:15 - @@ -0,0 +1,366 @@ +/* $OpenBSD$ */ + +/* + * Copyright (c) 2017-2018 Eric Faurot + * + * Permissi

Re: smtpd: make relay to smarthost to verify TLS by default

On Thu, May 31, 2018 at 04:06:31PM +0200, Sebastien Marie wrote: > Hi, > > When using smarthost ("host" option of "relay") for outgoing mails, TLS > connection aren't verified. If it could make sens for standard MX, I > think it would be better to verify the connection by default if the user >

smtpd: simplify header rewrite code-path

Hi. The smtp message parser uses the header_domain_append_callback() and header_masquerade_callback() functions to add missing domains in header fields, and rewrite the sender in the From field if required. The two functions are basically the same, except that the latter also rewrites the sender

Re: smtpd: remove filter leftovers

On Tue, Aug 29, 2017 at 10:26:19AM +0200, Eric Faurot wrote: > Now that the filter code path has been short-circuited, start removing stub > smtp_filter_*() indirections. I'm doing this one function at a time to keep > the diffs simple, starting with smtp_filter_connect(). Actually the

smtpd: remove filter leftovers

Now that the filter code path has been short-circuited, start removing stub smtp_filter_*() indirections. I'm doing this one function at a time to keep the diffs simple, starting with smtp_filter_connect(). Eric. Index: smtp_session.c

smtpd: tweak static table parser

Hi, The current static (file) table parser is a bit clumsy. It tries to determine the type (mapping or list entry) of each line independently by splitting on allowed separators (" \t:") without using any context, then fails if the type is not what's expected. It's impossible to define a list of

smtpd: simplify table parser

Remove the table_static_parse() indirection for parsing the file content. The "type" parameter is useless since the "(t->t_type & type)" test is always true. I think this is a left-over from the old design when table parsing was done in context of its intended use in the global config. Eric.

[patch] remove smtpd filter code

Hi, Experimental support for filters has been removed some time ago from the config parser. Now we want to get rid of the remaining code. It's not that trivial, so we proceed in several steps. The first (and trickiest) one is to bypass the filter code for incoming smtp sessions, so that

Re: SSHFP with EDNS0/DNSSEC

On Wed, Jul 12, 2017 at 07:45:36AM +0200, Christian Barthel wrote: > Hi, > > earlier this year, jca@ worked on support for DNSSEC and the EDNS0 > extension [1] and committed this work at [2] (thanks!). I tried this > with SSHFP records to check authenticity of hosts with DNSSEC; but ssh >

Re: smtpd session hang

On Fri, Jun 16, 2017 at 09:11:29AM +0200, Gilles Chehade wrote: > On Fri, Jun 16, 2017 at 01:05:25AM +0300, Henri Kemppainen wrote: > > I had a little debugging session with awolk@ over at #openbsd-daily. His > > smtpd would over time end up with hung sessions that never timeout. > > > > The

Re: asr: support for RES_USE_DNSSEC

On Sat, Feb 25, 2017 at 11:17:37PM +0100, Peter J. Philipp wrote: > Hi, > > I'm not the best in reading patches, so I'm going to query you. Does > your patch check for the "AD" flag from the resolver? As basically a > DNSSEC able recursive nameserver should set this meaning it has >

Re: asr: support for RES_USE_DNSSEC

On Sat, Feb 25, 2017 at 05:55:36PM +0100, Jeremie Courreges-Anglas wrote: > > This flag is useful for software that wants to rely on the resolver to > perform DNSSEC validation. Among the use cases there are DANE and SSHFP > records, and the obvious interfaces that I think are useful are >

Re: asr: support for RES_USE_DNSSEC

On Sat, Feb 25, 2017 at 07:24:48PM +0100, Jeremie Courreges-Anglas wrote: > Jeremie Courreges-Anglas writes: > > > This flag is useful for software that wants to rely on the resolver to > > perform DNSSEC validation. Among the use cases there are DANE and SSHFP > > records, and

asr: slightly better error reporting for getnameinfo()

Report the errno set by getifaddrs(3) if the setup for AI_ADDRCONFIG fails, rather than a non-informative EAI_FAIL. Compare to -1 for error detection while here. Eric. Index: asr/getaddrinfo_async.c === RCS file:

Re: asr EDNS0 support

On Sat, Feb 18, 2017 at 03:53:54PM +0100, Jeremie Courreges-Anglas wrote: > > > Seems to work fine here. We already use a 4096 bytes input buffer, the > edns0 option makes libc advertize this to the DNS resolver. nsd, > unbound, dig(1) and ports/net/isc-bind support this feature. I'm not >

smtpd: hide struct io

Hi, After the recent series of cleanups, it is now possible to make struct io opaque: - move struct io definition in ioev.c - replace io_init/io_clear with io_new/io_free - allocate an iobuf for each new io internally - use struct io pointer in the rest of the code - remove remaining uses of

smtpd: more internal cleanups

Hi. When using the internal io api, the caller had to explicitely reset an io event in some cases (basically when data is buffered outside of an io callback context) which could easily be missed. This has been the cause of some of smtpd bugs in the past (hanging sessions). After the recent

smtpd: simplify internal io api

The api user should not have to care about normalizing the io input buffer (i.e. resetting the read/write pos in the buffer). Do it internally when reloading the io event. Eric. Index: bounce.c === RCS file:

smtpd: internal cleanups, part 3

Hi, Next step towards hiding the struct io internals. This diff adds new io_*() api functions for dealing with buffered data. They are simple wrappers around their iobuf_*() counterpart, with better names in some cases. The point is of course to be able remove the use of iobuf_*() in the rest

smtpd: internal cleanups, part 2

This diff removes the IO_TLSVERIFIED which is not a io event, and inlines the necessary code where the callback functions are called for this event. Eric. Index: ioev.c === RCS file: /cvs/src/usr.sbin/smtpd/ioev.c,v retrieving

smtpd: internal cleanups

Hi, I'm working on improving the async io interface in smtpd, make it simpler to use and less error-prone. The short-term goal is to make the io structure opaque. With this first diff, the user pointer is passed as parameter to the io callback instead of having the user dereference the io

smtpd config parsing cleanup

Because of the small ad hoc changes that were made here and there over the years, the listener config code has become a bit convoluted I think. Here is a little cleanup to: - have all listener creation functions take listen_opts as param, and call config_listener() when done, which adds the

smtpd shutdown cleanup

Previously, all processes would shutdown on receiving SIGINT or SIGTERM. When going down, the parent process would kill all the other process and waitpid() them. Now, only the parent process handles SIGTERM and SIGINT, other processes ignore them. Upon receiving one of these signals, the parent

Another step in cleaning the smtpd exit path.

The smtpd processes are not expected to ever leave their event loop. So stop pretending that the *_shutdown() functions could ever be called in this context, and just fatal() if event_dispatch() returns. Eric. Index: ca.c === RCS

Re: smtpctl stop

On Sat, Sep 03, 2016 at 08:12:20PM +0200, Gilles Chehade wrote: > On Sat, Sep 03, 2016 at 08:09:25PM +0200, Eric Faurot wrote: > > Hi, > > > > Here is a diff to remove the "smtpctl stop" command. > > The proper way to stop a daemon is kill(1)/pkill(1) only. &g

smtpctl stop

Hi, Here is a diff to remove the "smtpctl stop" command. The proper way to stop a daemon is kill(1)/pkill(1) only. It makes no sense to have different code path for that. Eric. Index: control.c === RCS file:

Re: smtpd 5.9.1 vs 6.0 & possible corner case / regression

Can you guys try this diff? Eric. Index: rfc2822.c === RCS file: /cvs/src/usr.sbin/smtpd/rfc2822.c,v retrieving revision 1.7 diff -u -p -r1.7 rfc2822.c --- rfc2822.c 4 Feb 2016 22:35:17 - 1.7 +++ rfc2822.c 20 Aug 2016

Re: Bug in gethostbyaddr and patch to solve

On Mon, Aug 25, 2014 at 10:39:59PM -0500, Vladimir Támara Patiño wrote: Using tcpdump in a firewall with 5.5 (also happens with 5.4 and I guess with current) and certain addres of the LAN I got always a segfault. It is a bug within the function gethostbyaddr. It can be reproduced with the

Re: problem with gethostbyaddr() on OBSD 5.4?

On Sun, Feb 02, 2014 at 03:12:36PM +0100, IMAP List Administration wrote: [I forgot to send this to the list] Hi Eric, On 02/01/2014 11:43 AM, Eric Faurot wrote: The following diff fixes the problems with the example IPs you gave us. - subsequent PTR records are now set as aliases

Re: problem with gethostbyaddr() on OBSD 5.4?

On Sat, Feb 01, 2014 at 01:17:21AM +0100, IMAP List Administration wrote: Hello Folks, I run a Postfix MTA on OpenBSD. Recently I migrated the server from OBSD v5.3 to v5.4. Soon afterwards I noticed postfix was falsely rejecting mails based on a FCrDNS (forward-confirmed reverse DNS)

make async resolver API public

/null 1 Jan 1970 00:00:00 - +++ include/asr.h 26 Dec 2013 16:50:20 - @@ -0,0 +1,100 @@ +/* $OpenBSD: asr.h,v 1.7 2013/07/12 14:36:21 eric Exp $*/ +/* + * Copyright (c) 2012 Eric Faurot e...@openbsd.org + * + * Permission to use, copy, modify, and distribute this software

Re: [UPDATE] www/papers/index.html - Eric's OpenSMTPd presentation

--- index.html 23 Mar 2013 17:56:07 - 1.166 +++ index.html 2 Apr 2013 13:01:44 - @@ -18,6 +18,13 @@ h3Presentations: AsiaBSDCon 2013/h3 blockquote font color=#009000strong +a href=https://poolp.org/~eric/asiabsdcon2013-smtpd/;OpenSMTPD: We deliver!/a, +Eric Faurot +/strong

smtpd alias expansion updated, please test

Hi, I have just commited a rather deep change to the alias expansion logic in smtpd. It fixes a bug reported by halex@ in virtual maps, where an alias expanding to two different virtual users would end up being sent only to the first one. Alias expansion is tricky. We want to make sure that the

fix/add defines for ehci registers

They are only necessary for split isochronous transactions, which are not currently supported. So nothing uses those at the moment, but it doesn't hurt to have them right. Eric. Index: ehcireg.h === RCS file:

small fix in ehci

actually read the register from the right place, and simplify code a bit. Index: ehci.c === RCS file: /cvs/src/sys/dev/usb/ehci.c,v retrieving revision 1.117 diff -u -r1.117 ehci.c --- ehci.c 3 Jul 2011 15:47:17 -

Re: smtpd w/ async DNS

On Sat, Oct 30, 2010 at 07:26:00PM +0200, Peter J. Philipp wrote: I had a look at the pack.c file where the DNS compression is being handled. It looks good to me. But I have one concern that needs to be confirmed. In function dname_expand() on lines: 54 ptr =

Re: smtpd w/ async DNS

On Thu, Oct 14, 2010 at 03:20:06PM -0600, Theo de Raadt wrote: On Thu, Oct 14, 2010 at 11:57 AM, Mike Belopuhov m...@crypt.org.ru wrote: this dns code has a serious flaw. you use arc4random to allocate request IDs. this is a bad decision, as you actually want a non-repeating property.