Re: smtpd: unnecessary "no certificate presented" log message

2021-06-30 Thread Leo Unglaub
certificate is not very useful in practice (handshake fails before if it was required anyway), and it is even confusing for people. I think it can go away. Eric. Index: smtp_session.c === RCS file: /cvs/src/usr.sbin/smtpd/smtp_session.c,v

Re: smtpd: unnecessary "no certificate presented" log message

2021-06-30 Thread Todd C . Miller
On Wed, 30 Jun 2021 14:37:44 +0200, Eric Faurot wrote: > Except for specific cases, SMTP servers do not expect client > certificates for TLS sessions. The log message for missing certificate > is not very useful in practice (handshake fails before if it was > required anyway), and it is even

smtpd: unnecessary "no certificate presented" log message

2021-06-30 Thread Eric Faurot
: smtp_session.c === RCS file: /cvs/src/usr.sbin/smtpd/smtp_session.c,v retrieving revision 1.431 diff -u -p -r1.431 smtp_session.c --- smtp_session.c 14 Jun 2021 17:58:16 - 1.431 +++ smtp_session.c 30 Jun 2021 08:09:29 -

Re: add table_procexec in smtpd

2021-06-22 Thread gilles
> > I am unsure what you mean by a handshake. > sure, so let's look at procexec for filters: - when the server starts, it forks the filters and begins a handshake with each of them, emitting the following (for example): config|smtpd-version|6.6.1 config|smtp-session-timeout|300

Re: add table_procexec in smtpd

2021-06-22 Thread Aisha Tammy
me issues, this is precisely so that there’s no > > need to bump every other day as we already figured what was needed for > > third party adding to interoperate with smtpd. > > This also has the advantage that you can have a single parser handle these > > different API instead of

Re: add table_procexec in smtpd

2021-06-12 Thread Gilles CHEHADE
; The protocol is based on the filter protocol, follows the same logic and line > header to solve the same issues, this is precisely so that there’s no need to > bump every other day as we already figured what was needed for third party > adding to interoperate with smtpd. > This als

Re: add table_procexec in smtpd

2021-06-12 Thread Gilles CHEHADE
> On 12 Jun 2021, at 18:57, Aisha Tammy wrote: > > On 6/12/21 9:15 AM, Eric Faurot wrote: >> On Wed, Jun 09, 2021 at 05:41:36PM -0400, Aisha Tammy wrote: >>> Hi, >>> Here is the updated diff, which removes table_proc and adds >>> table_procexec as the default backend when no backend name

Re: add table_procexec in smtpd

2021-06-12 Thread Aisha Tammy
On 6/12/21 9:15 AM, Eric Faurot wrote: On Wed, Jun 09, 2021 at 05:41:36PM -0400, Aisha Tammy wrote: Hi, Here is the updated diff, which removes table_proc and adds table_procexec as the default backend when no backend name matches. Hi. I'm not opposed to the idea, but I have a couple of

Re: add table_procexec in smtpd

2021-06-12 Thread Eric Faurot
On Wed, Jun 09, 2021 at 05:41:36PM -0400, Aisha Tammy wrote: > Hi, > Here is the updated diff, which removes table_proc and adds table_procexec > as the default backend when no backend name matches. > Hi. I'm not opposed to the idea, but I have a couple of comments: First, if the two

Re: add table_procexec in smtpd

2021-06-09 Thread Aisha Tammy
Hi, Here is the updated diff, which removes table_proc and adds table_procexec as the default backend when no backend name matches. With this diff, I have the following configuration for smtpd: # $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles Exp $ # This is the smtpd server

Re: add table_procexec in smtpd

2021-06-09 Thread Gilles CHEHADE
ckends just need to be relinked to the new library, since >> the opensmtpd-extras are expected to match specific opensmtpd releases (no >> backwards compatibility) and they are rebuilt whenever a package is created, >> this isn’t as big and hurtful as it looks. >> >&g

Re: add table_procexec in smtpd

2021-06-09 Thread Aisha Tammy
agree that maybe this should not be done simultaneously to introducing procexec but I still don’t think the way it is introduced here is the proper way: Ultimately you want to be able to do: table foobar mytable:/etc/smtpd/mytable.conf and not be aware that there’s a table-procexec

Re: add table_procexec in smtpd

2021-06-09 Thread Gilles CHEHADE
ge is created, this isn’t as big and hurtful as it looks. I agree that maybe this should not be done simultaneously to introducing procexec but I still don’t think the way it is introduced here is the proper way: Ultimately you want to be able to do: table foobar mytable:/

Re: add table_procexec in smtpd

2021-06-09 Thread Aisha Tammy
$ # This is the smtpd server system-wide configuration file. # See smtpd.conf(5) for more information. table paliases file:/etc/mail/aliases table aliases "proc-exec:/usr/local/bin/aliases_procexec root.t...@bsd.ac" listen on socket # To accept external mai

Re: add table_procexec in smtpd

2021-06-09 Thread Gilles CHEHADE
rs, > Aisha > > diff --git a/usr.sbin/smtpd/smtpctl/Makefile b/usr.sbin/smtpd/smtpctl/Makefile > index ef8148be8c9..2e8beff1ad1 100644 > --- a/usr.sbin/smtpd/smtpctl/Makefile > +++ b/usr.sbin/smtpd/smtpctl/Makefile > @@ -48,6 +48,7 @@ SRCS+= table_static.c > SRCS+=

Re: smtpd: includes cleanup

2021-06-09 Thread Eric Faurot
Hi. Slightly updated diff, including sys/tree.h in smtpd.h. Eric. Index: aliases.c === RCS file: /cvs/src/usr.sbin/smtpd/aliases.c,v retrieving revision 1.78 diff -u -p -r1.78 aliases.c --- aliases.c 28 Apr 2020 21:46:43 -

Re: add table_procexec in smtpd

2021-06-08 Thread Aisha Tammy
Hi, I've attached a slightly updated patch for the procexec. Ping for someone to take a look :) Cheers, Aisha diff --git a/usr.sbin/smtpd/smtpctl/Makefile b/usr.sbin/smtpd/smtpctl/Makefile index ef8148be8c9..2e8beff1ad1 100644 --- a/usr.sbin/smtpd/smtpctl/Makefile +++ b/usr.sbin/smtpd/smtpctl

add table_procexec in smtpd

2021-05-31 Thread Aisha Tammy
Hi all, I've attached a diff to add table_procexec as a table backend in smtpd(8). This imports the table_procexec from opensmtpd-extras, which is available upstream but is not present in the port. I've successfully replaced the standard aliases table table aliases file:/etc/mail/aliases

Re: smtpd: includes cleanup

2021-05-27 Thread Eric Faurot
On Thu, May 27, 2021 at 08:13:36AM -0600, Todd C. Miller wrote: > On Thu, 27 May 2021 13:14:30 +0200, Eric Faurot wrote: > > > New diff with small tweaks. > > It looks like you are relying on sys/queue.h being included implicitly. > Since smtpd.h uses the TAILQ macros, should it include

Re: smtpd: includes cleanup

2021-05-27 Thread Todd C . Miller
On Thu, 27 May 2021 13:14:30 +0200, Eric Faurot wrote: > New diff with small tweaks. It looks like you are relying on sys/queue.h being included implicitly. Since smtpd.h uses the TAILQ macros, should it include sys/queue.h itself? - todd

Re: smtpd: includes cleanup

2021-05-27 Thread Eric Faurot
New diff with small tweaks. Eric. Index: aliases.c === RCS file: /cvs/src/usr.sbin/smtpd/aliases.c,v retrieving revision 1.78 diff -u -p -r1.78 aliases.c --- aliases.c 28 Apr 2020 21:46:43 - 1.78 +++ aliases.c 26 May

smtpd: includes cleanup

2021-05-26 Thread Eric Faurot
file: /cvs/src/usr.sbin/smtpd/aliases.c,v retrieving revision 1.78 diff -u -p -r1.78 aliases.c --- aliases.c 28 Apr 2020 21:46:43 - 1.78 +++ aliases.c 26 May 2021 20:15:02 - @@ -16,19 +16,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include

Re: smtpd: err/errx -> fatal/fatalx

2021-05-26 Thread Todd C . Miller
On Wed, 26 May 2021 16:24:42 +0200, Eric Faurot wrote: > This diff replaces calls to err(3)/errx(3) with fatal()/fatalx() from > log.c for code that runs in the deamon (we want errors logged to > syslog, not stderr). It's pretty mechanical, with two things to note: > > The call to

smtpd: err/errx -> fatal/fatalx

2021-05-26 Thread Eric Faurot
() is called early in smtpctl.c, since it uses files (iobuf.c) that uses the log api. It still logs to stderr though. Eric. Index: bounce.c === RCS file: /cvs/src/usr.sbin/smtpd/bounce.c,v retrieving revision 1.83 diff -u -p -r1.83 bounce.c

Re: smtpd: unused code

2021-05-25 Thread Todd C . Miller
On Tue, 25 May 2021 22:50:32 +0200, Eric Faurot wrote: > This diff removes more unused code. OK millert@ - todd

smtpd: unused code

2021-05-25 Thread Eric Faurot
This diff removes more unused code. Eric. Index: config.c === RCS file: /cvs/src/usr.sbin/smtpd/config.c,v retrieving revision 1.55 diff -u -p -r1.55 config.c --- config.c9 Apr 2021 16:43:43 - 1.55 +++ config.c25

Re: smtpd: remove tls_accept/tls_connect callbacks

2021-05-19 Thread Theo Buehler
On Wed, Apr 28, 2021 at 02:27:11PM +0200, Eric Faurot wrote: > On Wed, Apr 21, 2021 at 11:21:51AM +0200, Eric Faurot wrote: > > There is actually no reason to defer calls to tls_accept_socket() and > > tls_connect_socket() in an event callback. The code can be simplified > > by a great deal. It

Re: smtpd: remove tls_accept/tls_connect callbacks

2021-04-28 Thread Eric Faurot
the listener tls context in the io structure. Did anyone had a chance to look at it? > Eric. > > > Index: ioev.c > === > RCS file: /cvs/src/usr.sbin/smtpd/ioev.c,v > retrieving revision 1.45 > diff -u -p -r1.45

smtpd: remove tls_accept/tls_connect callbacks

2021-04-21 Thread Eric Faurot
=== RCS file: /cvs/src/usr.sbin/smtpd/ioev.c,v retrieving revision 1.45 diff -u -p -r1.45 ioev.c --- ioev.c 5 Apr 2021 15:50:11 - 1.45 +++ ioev.c 21 Apr 2021 08:35:29 - @@ -64,7 +64,6 @@ struct io { int

Re: smtpd: more unused code

2021-04-20 Thread Todd C . Miller
On Tue, 20 Apr 2021 18:38:08 +0200, Eric Faurot wrote: > On Sun, Apr 11, 2021 at 01:54:32PM +0200, Eric Faurot wrote: > > Certificate verification is done by libtls. The former code is not used > > anymore and can be unplugged. > > Anyone willing to ok this? OK millert@ - todd

Re: smtpd: more unused code

2021-04-20 Thread Eric Faurot
x: dispatcher.c > === > RCS file: /cvs/src/usr.sbin/smtpd/dispatcher.c,v > retrieving revision 1.2 > diff -u -p -r1.2 dispatcher.c > --- dispatcher.c 5 Mar 2021 12:37:32 - 1.2 > +++ dispatcher.c 11 Apr 2021 11:46:17 - > @@ -64,11 +64,6 @@ dis

Re: smtpd: more unused code

2021-04-12 Thread Eric Faurot
== > > RCS file: /cvs/src/usr.sbin/smtpd/dispatcher.c,v > > retrieving revision 1.2 > > diff -u -p -r1.2 dispatcher.c > > --- dispatcher.c5 Mar 2021 12:37:32 - 1.2 > > +++ dispatcher.c

Re: smtpd: more unused code

2021-04-12 Thread Dave Voutila
c. > > Index: dispatcher.c > === > RCS file: /cvs/src/usr.sbin/smtpd/dispatcher.c,v > retrieving revision 1.2 > diff -u -p -r1.2 dispatcher.c > --- dispatcher.c 5 Mar 2021 12:37:32 - 1.2 > +++ dispatch

smtpd: more unused code

2021-04-11 Thread Eric Faurot
Certificate verification is done by libtls. The former code is not used anymore and can be unplugged. Eric. Index: dispatcher.c === RCS file: /cvs/src/usr.sbin/smtpd/dispatcher.c,v retrieving revision 1.2 diff -u -p -r1.2

Re: smtpd: unused files and dependency

2021-04-10 Thread Theo Buehler
On Sat, Apr 10, 2021 at 02:59:36PM +0200, Eric Faurot wrote: > Do not build unused files and remove related prototypes. > Also remove bogus libm dependency. ok tb > > Index: smtpd.h > === > RCS file: /cvs/src/usr.

smtpd: unused files and dependency

2021-04-10 Thread Eric Faurot
Do not build unused files and remove related prototypes. Also remove bogus libm dependency. Index: smtpd.h === RCS file: /cvs/src/usr.sbin/smtpd/smtpd.h,v retrieving revision 1.666 diff -u -p -r1.666 smtpd.h --- smtpd.h 10 Apr

smtpd: tls ciphers and protocols on listeners

2021-04-06 Thread Eric Faurot
/src/usr.sbin/smtpd/config.c,v retrieving revision 1.54 diff -u -p -r1.54 config.c --- config.c5 Mar 2021 12:37:32 - 1.54 +++ config.c6 Apr 2021 10:24:18 - @@ -252,6 +252,8 @@ purge_config(uint8_t what) if (what & PURGE_LISTENERS) { while ((l = TAILQ_F

Re: smtpd: default mta ciphers

2021-04-03 Thread Giovanni Bechis
On 4/1/21 4:34 PM, Eric Faurot wrote: > If not cipher list is specified for a relay rule, fallback to > the global cipher list if defined, rather than libtls default. > This is closer to the previous behavior. > > Eric. > makes sense. ok giovanni@ Cheers Giovanni OpenPGP_signature

Re: smtpd: default mta ciphers

2021-04-01 Thread Todd C . Miller
On Thu, 01 Apr 2021 16:34:33 +0200, Eric Faurot wrote: > If not cipher list is specified for a relay rule, fallback to > the global cipher list if defined, rather than libtls default. > This is closer to the previous behavior. OK millert@ - todd

smtpd: default mta ciphers

2021-04-01 Thread Eric Faurot
If not cipher list is specified for a relay rule, fallback to the global cipher list if defined, rather than libtls default. This is closer to the previous behavior. Eric. Index: mta.c === RCS file: /cvs/src/usr.sbin/smtpd/mta.c,v

Re: smtpd: trace and vfprintf %s NULL

2021-03-31 Thread Eric Faurot
but used for debug traces. > > This diff turns log_trace() into a macro, so the parameters > are not needlessly evaluated when tracing is not set. > > Eric. > > Index: smtpd.h > === > RCS file: /cvs/src/usr.sbin/s

Re: smtpd: set protocols and ciphers

2021-03-28 Thread Theo Buehler
On Thu, Mar 25, 2021 at 06:52:13PM +0100, Eric Faurot wrote: > Hi. > > This diff allows to specify the protocol versions and ciphers > to use for outgoing TLS sessions on a per relay basis. Yes, I think we need this. ok tb

smtpd: trace and vfprintf %s NULL

2021-03-27 Thread Eric Faurot
uated when tracing is not set. Eric. Index: smtpd.h === RCS file: /cvs/src/usr.sbin/smtpd/smtpd.h,v retrieving revision 1.662 diff -u -p -r1.662 smtpd.h --- smtpd.h 5 Mar 2021 12:37:32 - 1.662 +++ smtpd.h 23 Mar 202

smtpd: set protocols and ciphers

2021-03-25 Thread Eric Faurot
Hi. This diff allows to specify the protocol versions and ciphers to use for outgoing TLS sessions on a per relay basis. Eric. Index: mta.c === RCS file: /cvs/src/usr.sbin/smtpd/mta.c,v retrieving revision 1.235 diff -u -p -r1.235

Re: smtpd: use mx name for sni

2021-03-07 Thread Todd C . Miller
On Sun, 07 Mar 2021 21:47:45 +0100, Eric Faurot wrote: > As spotted by krw@, the mta should use the mx hostname for sni, not > the reverse dns for the peer address. Yes, this matches the previous behavior with ssl_check_name(). OK millert@ - todd

Re: smtpd: use mx name for sni

2021-03-07 Thread Theo Buehler
== > RCS file: /cvs/src/usr.sbin/smtpd/mta_session.c,v > retrieving revision 1.139 > diff -u -p -r1.139 mta_session.c > --- mta_session.c 5 Mar 2021 12:37:32 - 1.139 > +++ mta_session.c 7 Mar 2021 20:18:42 - > @@ -1596,7 +1596,7 @@ mta_tls_init(str

smtpd: use mx name for sni

2021-03-07 Thread Eric Faurot
As spotted by krw@, the mta should use the mx hostname for sni, not the reverse dns for the peer address. Eric. Index: mta_session.c === RCS file: /cvs/src/usr.sbin/smtpd/mta_session.c,v retrieving revision 1.139 diff -u -p -r1.139

Re: smtpd: use libtls

2021-03-02 Thread Theo Buehler
On Sat, Feb 13, 2021 at 06:26:02PM +0100, Eric Faurot wrote: > Hi. > > The diff seems to work for the few people who tested it (thanks). > Anyone wants to ok this? I read through the diff several times, but I'm not familiar with smtpd so cannot claim a thorough review. Nothing real

install smtpd-filters(7)?

2021-02-27 Thread Andrew Hewus Fresh
It would be nice to have this reference installed, would this be the right place to do that? (ok, mostly I want to link https://man.openbsd.org/smtpd-filter.7 from https://github.com/afresh1/OpenSMTPd-Filter/) Comments, OK? Index: usr.sbin/smtpd/smtpd/Makefile

Re: smtpd: use libtls

2021-02-13 Thread Eric Faurot
Hi. The diff seems to work for the few people who tested it (thanks). Anyone wants to ok this? Eric. Index: ca.c === RCS file: /cvs/src/usr.sbin/smtpd/ca.c,v retrieving revision 1.37 diff -u -p -r1.37 ca.c --- ca.c31 Dec

Re: smtpd: use libtls

2021-02-05 Thread Gilles CHEHADE
ric. > > Index: ca.c > === > RCS file: /cvs/src/usr.sbin/smtpd/ca.c,v > retrieving revision 1.37 > diff -u -p -r1.37 ca.c > --- ca.c 31 Dec 2020 08:27:15 - 1.37 > +++ ca.c 19 Jan 2021 11:09:54 - > @@ -69,6 +69,7 @@ stati

Re: smtpd: use libtls

2021-02-05 Thread Eric Faurot
No much report so far. Anybody had a chance to test this? Here is the same diff again with manpage update this time. Eric. Index: ca.c === RCS file: /cvs/src/usr.sbin/smtpd/ca.c,v retrieving revision 1.37 diff -u -p -r1.37 ca.c

Re: smtpd: use libtls

2021-01-27 Thread Aisha Tammy
On 1/27/21 7:29 AM, gil...@poolp.org wrote: > January 27, 2021 9:47 AM, "Lauri Tirkkonen" wrote: > >> On Wed, Jan 27 2021 09:36:31 +0100, Eric Faurot wrote: >> >>> There has been a plan for some time now to make smtpd use libtls >>> instead of o

Re: smtpd: use libtls

2021-01-27 Thread gilles
January 27, 2021 9:47 AM, "Lauri Tirkkonen" wrote: > On Wed, Jan 27 2021 09:36:31 +0100, Eric Faurot wrote: > >> There has been a plan for some time now to make smtpd use libtls >> instead of openssl. Recent changes in libtls allow to move forward >>

Re: smtpd: use libtls

2021-01-27 Thread Lauri Tirkkonen
On Wed, Jan 27 2021 09:36:31 +0100, Eric Faurot wrote: > There has been a plan for some time now to make smtpd use libtls > instead of openssl. Recent changes in libtls allow to move forward > with this. Here is a diff to start the switch. I've tried to keep > it as small as possib

smtpd: use libtls

2021-01-27 Thread Eric Faurot
There has been a plan for some time now to make smtpd use libtls instead of openssl. Recent changes in libtls allow to move forward with this. Here is a diff to start the switch. I've tried to keep it as small as possible, sticking to the necessary changes. There is still a lot of code that can

Re: [diff] src/usr.sbin/smtpd: change process names

2020-12-30 Thread Giovanni Bechis
On 12/30/20 9:27 AM, Martijn van Duren wrote: > On Tue, 2020-12-29 at 08:57 +0100, Giovanni Bechis wrote: >> On 12/20/20 12:21 AM, gil...@poolp.org wrote: >>> December 19, 2020 11:26 PM, "Martijn van Duren" >>> wrote: >>> Personally I'd rather wait to keep the names in sync, especially

Re: [diff] src/usr.sbin/smtpd: change process names

2020-12-30 Thread Todd C . Miller
On Wed, 30 Dec 2020 09:27:34 +0100, Martijn van Duren wrote: > On Tue, 2020-12-29 at 08:57 +0100, Giovanni Bechis wrote: > > On 12/20/20 12:21 AM, gil...@poolp.org wrote: > > > December 19, 2020 11:26 PM, "Martijn van Duren" alat.at> wrote: > > > > > > > Personally I'd rather wait to keep the

Re: [diff] src/usr.sbin/smtpd: change process names

2020-12-30 Thread Martijn van Duren
e. >  Giovanni > Here's the final diff that moves pony.c to dispatcher.c and (including in smtpd.h). OK? martijn@ Index: bounce.c === RCS file: /cvs/src/usr.sbin/smtpd/bounce.c,v retrieving revision 1.82 diff -u -p -r1.8

Re: [diff] src/usr.sbin/smtpd: change process names

2020-12-30 Thread Giovanni Bechis
On 12/20/20 12:21 AM, gil...@poolp.org wrote: > December 19, 2020 11:26 PM, "Martijn van Duren" > wrote: > >> Personally I'd rather wait to keep the names in sync, especially since >> it's an easy 2 line diff that can easily be incorperated in the bigger >> thing. But it's not something I'm

Re: [diff] src/usr.sbin/smtpd: change process names

2020-12-27 Thread gilles
he diff that changes all references to pony into dispatcher. >> >> I didn't rename pony.c to dispatcher.c as this would break the diff, but if >> this gets >> committed I'll submit a diff for the rename + Makefile bit >> >> diff --git a/usr.sbin/smtpd

Re: smtpd: trim down on filter processes

2020-12-27 Thread Todd C . Miller
On Sun, 27 Dec 2020 18:41:22 +0100, Martijn van Duren wrote: > Because filters use system(3) after forking we get 2 processes for every > filter: one for waiting for system(3) to return and one running the actual > filter. > > Since the extra smtpd process does absolutely noth

Re: smtpd: trim down on filter processes

2020-12-27 Thread Martijn van Duren
use system(3) after forking we get 2 processes for every > > filter: one for waiting for system(3) to return and one running the actual > > filter. > > > > Since the extra smtpd process does absolutely nothing we can just as easily > > copy over what system(3) does internal

Re: smtpd: trim down on filter processes

2020-12-27 Thread Theo de Raadt
: > Because filters use system(3) after forking we get 2 processes for every > filter: one for waiting for system(3) to return and one running the actual > filter. > > Since the extra smtpd process does absolutely nothing we can just as easily > copy over what system(3) does int

smtpd: trim down on filter processes

2020-12-27 Thread Martijn van Duren
Because filters use system(3) after forking we get 2 processes for every filter: one for waiting for system(3) to return and one running the actual filter. Since the extra smtpd process does absolutely nothing we can just as easily copy over what system(3) does internally for execve and call

Re: [diff] src/usr.sbin/smtpd: change process names

2020-12-27 Thread Martijn van Duren
he diff that changes all references to pony into dispatcher. > > > > > > I didn't rename pony.c to dispatcher.c as this would break the diff, but > > > if this gets > > > committed I'll submit a diff for the rename + Makefile bit > > > > > > diff

Re: [diff] src/usr.sbin/smtpd: change process names

2020-12-27 Thread Martijn van Duren
her.c as this would break the diff, but if > this gets > committed I'll submit a diff for the rename + Makefile bit > > > > diff --git a/usr.sbin/smtpd/bounce.c b/usr.sbin/smtpd/bounce.c > index e6fc55780a1..455da6ff8b1 100644 > --- a

[diff] src/usr.sbin/smtpd: plug a memory leak in regex lookups

2020-12-23 Thread Gilles CHEHADE
Hello, The following diff plugs a memory leak in regex lookups. Cheers, diff --git a/usr.sbin/smtpd/table.c b/usr.sbin/smtpd/table.c index 4691..d1578403 100644 --- a/usr.sbin/smtpd/table.c +++ b/usr.sbin/smtpd/table.c @@ -470,6 +470,7 @@ table_regex_match(const char *string, const char

Re: [diff] src/usr.sbin/smtpd: plug a memory leak in regex lookups

2020-12-23 Thread Martijn van Duren
Committed, thanks. On Wed, 2020-12-23 at 08:54 +0100, Gilles CHEHADE wrote: > Hello, > > The following diff plugs a memory leak in regex lookups. > > Cheers, > > > diff --git a/usr.sbin/smtpd/table.c b/usr.sbin/smtpd/table.c > index 4691..d1578403 100644 >

Re: [diff] usr.sbin/smtpd: fix event handling upon exit

2020-12-22 Thread Todd C . Miller
OK millert@ - todd

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-20 Thread Gilles CHEHADE
..@poolp.org wrote: >>>> Hello, >>>> >>>> Whenever a rule with a local action (mbox, maildir, lmtp or mda) is >>>> matched, smtpd will >>>> attempt to search for a ~/.forward file in the recipient directory and >>>> process it.

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-20 Thread Chris Bennett
ule with a local action (mbox, maildir, lmtp or mda) is > >> matched, smtpd will > >> attempt to search for a ~/.forward file in the recipient directory and > >> process it. This > >> may be convenient for some setups but it is an implicit behavior that's > >> not

Re: [diff] usr.sbin/smtpd: fix event handling upon exit

2020-12-20 Thread Gilles CHEHADE
on exit. > > Gilles > > > diff --git a/usr.sbin/smtpd/mproc.c b/usr.sbin/smtpd/mproc.c > index bde229e1..dac38af2 100644 > --- a/usr.sbin/smtpd/mproc.c > +++ b/usr.sbin/smtpd/mproc.c > @@ -90,7 +90,8 @@ mproc_clear(struct mproc *p) > { > log_debug(

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-20 Thread Gilles CHEHADE
> On 20 Dec 2020, at 10:14, Sebastien Marie wrote: > > On Sat, Dec 19, 2020 at 11:19:10PM -0700, Theo de Raadt wrote: >> There are thousands of people with smtpd configurations, and sysmerge >> is not going to handle this. >> >> We cannot expe

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-20 Thread Gilles CHEHADE
> On 20 Dec 2020, at 10:03, Gilles CHEHADE wrote: > > >> On 20 Dec 2020, at 07:19, Theo de Raadt wrote: >> >> There are thousands of people with smtpd configurations, and sysmerge >> is not going to handle this. >> >> We cannot expect the

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-20 Thread Gilles CHEHADE
> On 20 Dec 2020, at 03:21, Theo de Raadt wrote: > > Todd C. Miller wrote: > >> I like this direction but I worry about breaking existing configs. >> How are we going to alert existing users that they need to update >> their configs if the behavior silently changes? > > I think the

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-20 Thread Gilles CHEHADE
> On 20 Dec 2020, at 07:19, Theo de Raadt wrote: > > There are thousands of people with smtpd configurations, and sysmerge > is not going to handle this. > > We cannot expect them all to change their files. This is madness. > > Gilles, I think you should be addi

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-20 Thread Gilles CHEHADE
> On 20 Dec 2020, at 07:13, Sebastien Marie wrote: > > On Sat, Dec 19, 2020 at 10:36:32PM +, gil...@poolp.org wrote: >> Hello, >> >> Whenever a rule with a local action (mbox, maildir, lmtp or mda) is matched, >> smtpd will >> attempt to search

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-20 Thread Gilles CHEHADE
> On 20 Dec 2020, at 02:09, Todd C. Miller wrote: > > I like this direction but I worry about breaking existing configs. > How are we going to alert existing users that they need to update > their configs if the behavior silently changes? > > - todd I agree and this diff was more to suggest

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-20 Thread Sebastien Marie
On Sat, Dec 19, 2020 at 11:19:10PM -0700, Theo de Raadt wrote: > There are thousands of people with smtpd configurations, and sysmerge > is not going to handle this. > > We cannot expect them all to change their files. This is madness. Well, it wouldn't be the first time.

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-19 Thread Theo de Raadt
There are thousands of people with smtpd configurations, and sysmerge is not going to handle this. We cannot expect them all to change their files. This is madness. Gilles, I think you should be adding an option that blocks it optionally, and then some operators can use that. If they wish. I

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-19 Thread Sebastien Marie
On Sat, Dec 19, 2020 at 10:36:32PM +, gil...@poolp.org wrote: > Hello, > > Whenever a rule with a local action (mbox, maildir, lmtp or mda) is matched, > smtpd will > attempt to search for a ~/.forward file in the recipient directory and > process it. This > may b

Re: [diff] src/usr.sbin/smtpd: change process names

2020-12-19 Thread gilles
s > thing it can go in right now. > Fair enough :-) Below is the diff that changes all references to pony into dispatcher. I didn't rename pony.c to dispatcher.c as this would break the diff, but if this gets committed I'll submit a diff for the rename + Makefile bit diff --git a/usr.sbin/

[diff] src/usr.sbin/smtpd: add allow-exec to explicitly allow commands from aliases

2020-12-19 Thread gilles
rather than as the smtpd user... but historically commands have been ran from aliases so the aliases expansion supports running custom commands. With this diff, an admin must explicitly allow commands to be ran from aliases: action "local_users" maildir alias allow-exec otherwis

[diff] src/usr.sbin/smtpd: add allow-exec to explicitly allow custom mda

2020-12-19 Thread gilles
Hello, As is done in other MTA, smtpd allows execution of a custom command in forward files so users can plug their procmail, fdm and other. It is currently not possible to allow the users to forward their mail through a .forward file without also allowing them to run a custom mda. This diff

[diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-19 Thread gilles
Hello, Whenever a rule with a local action (mbox, maildir, lmtp or mda) is matched, smtpd will attempt to search for a ~/.forward file in the recipient directory and process it. This may be convenient for some setups but it is an implicit behavior that's not overridable and not always wanted

Re: [diff] src/usr.sbin/smtpd: change process names

2020-12-19 Thread gilles
il...@poolp.org wrote: > >> Hello, >> >> A very long time ago, smtpd had several more processes which then got >> factored >> into a single one. We couldn't find a decent name back then but since a >> hacker >> had requested a pony from me I temporarily named

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-19 Thread Theo de Raadt
Todd C. Miller wrote: > I like this direction but I worry about breaking existing configs. > How are we going to alert existing users that they need to update > their configs if the behavior silently changes? I think the configuration is backwards. Every endpoint box will need these new

[diff] src/usr.sbin/smtpd: change process names

2020-12-19 Thread gilles
Hello, A very long time ago, smtpd had several more processes which then got factored into a single one. We couldn't find a decent name back then but since a hacker had requested a pony from me I temporarily named the process "pony express" as it was in charge of delivering mail. L

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-19 Thread Todd C . Miller
I like this direction but I worry about breaking existing configs. How are we going to alert existing users that they need to update their configs if the behavior silently changes? - todd

Re: [diff] src/usr.sbin/smtpd: change process names

2020-12-19 Thread Todd C . Miller
I like it. I always forget which role the pony process performs. - todd

Re: [diff] src/usr.sbin/smtpd: change process names

2020-12-19 Thread Martijn van Duren
rtijn@ > > > > On Sat, 2020-12-19 at 22:06 +, gil...@poolp.org wrote: > > > > > Hello, > > > > > > A very long time ago, smtpd had several more processes which then got > > > factored > > > into a single one. We couldn

Re: [diff] src/usr.sbin/smtpd: change process names

2020-12-19 Thread Martijn van Duren
, 2020-12-19 at 22:06 +, gil...@poolp.org wrote: > Hello, > > A very long time ago, smtpd had several more processes which then got factored > into a single one. We couldn't find a decent name back then but since a hacker > had requested a pony from me I temporarily named th

Re: [diff] src/usr.sbin/smtpd: plug two memory leaks

2020-12-17 Thread gilles
December 17, 2020 4:02 PM, gil...@poolp.org wrote: > Hello, > > The following diffs plug two memory leaks in smtpd: > > a- in lka_filter.c, the name of the filter chain for a session is strdup()-ed > upon session allocation but not released upon session release. free() it &

[diff] src/usr.sbin/smtpd: plug two memory leaks

2020-12-17 Thread gilles
Hello, The following diffs plug two memory leaks in smtpd: a- in lka_filter.c, the name of the filter chain for a session is strdup()-ed upon session allocation but not released upon session release. free() it in lka_filter_end(). b- in smtp_session.c, filter io channel should be released when

Re: [diff] src/usr.sbin/smtpd: plug two memory leaks

2020-12-17 Thread Todd C . Miller
channel should be released when a tx is over, > but it isn't. call io_free() on the channel in smtp_tx_free() if we do > have a channel ready. > > diff --git a/usr.sbin/smtpd/lka_filter.c b/usr.sbin/smtpd/lka_filter.c > index 9891e6140a3..6eb0829efca 100644 > --- a/usr.sbin/smtpd/lk

[diff] usr.sbin/smtpd: fix event handling upon exit

2020-12-14 Thread GILLES CHEHADE
seem to cause any issue but on other systems with a different libevent, calling event_del() without a matching event_add() either causes a runtime warning or a crash upon exit. Gilles diff --git a/usr.sbin/smtpd/mproc.c b/usr.sbin/smtpd/mproc.c index bde229e1..dac38af2 100644 --- a/usr.sbin

Re: smtpd: relax ORCPT check again

2020-11-18 Thread gilles
gain by skipping the domain part check. >> >> Comments, OK? >> >> maybe just skip the check ONLY if domain part is empty ? > > Like in the diff below and assuming that domain part is always > nul terminated after text_to_mailaddr()? > This reads better IMO y

Re: smtpd: relax ORCPT check again

2020-11-18 Thread Joerg Jung
> Comments, OK? > > > > maybe just skip the check ONLY if domain part is empty ? > Like in the diff below and assuming that domain part is always nul terminated after text_to_mailaddr()? OK? Index: smtp_session.c ===

smtpd: relax ORCPT check again

2020-11-18 Thread Joerg Jung
check. Comments, OK? Thanks, Regards, Joerg [1] https://github.com/OpenSMTPD/OpenSMTPD/issues/1084 Index: smtp_session.c === RCS file: /cvs/src/usr.sbin/smtpd/smtp_session.c,v retrieving revision 1.426 diff -u -p -r1.426

  1   2   3   4   5   >