Re: smtpd: remove implicit listen on socket
> On 26. Nov 2019, at 07:44, Gilles Chehade wrote: > > hello, > > smtpd has an implicit listener which is "listen on socket". > > I propose that we write it explicitely in the default config and give up > with this last bit of implicit configuration. > > The goal behind that is to stop having implicit behaviors but it is also > to improve security in the daemon: > > OpenSMTPD uses /var/run/smtpd.sock both as a control socket AND enqueuer > socket, which means that socket is rw-rw-rw- and the control process has > the charge of checking uid of caller and if permission is allowed to run > a specific command. > > I think we should really have a control socket and one/many SMTP sockets > so the control socket could be given tigher filesystem permissions while > we could also allow multiple enqueue sockets with different permissions, > and control them through the smtpd.conf ruleset like we do for any other > connection. > > The first step towards that is this diff. > > ok ? ok jung@ > Index: smtpd.conf > === > RCS file: /cvs/src/etc/mail/smtpd.conf,v > retrieving revision 1.13 > diff -u -p -r1.13 smtpd.conf > --- smtpd.conf25 Nov 2019 13:30:04 - 1.13 > +++ smtpd.conf26 Nov 2019 06:27:11 - > @@ -5,6 +5,8 @@ > > table aliases file:/etc/mail/aliases > > +listen on socket > + > # To accept external mail, replace with: listen on all > # > listen on lo0 > > > > -- > Gilles Chehade @poolpOrg > > https://www.poolp.orgpatreon: https://www.patreon.com/gilles >
Re: smtpd: remove implicit listen on socket
On Tue, Nov 26, 2019 at 07:44:26AM +0100, Gilles Chehade wrote: > The first step towards that is this diff. OK kn
smtpd: remove implicit listen on socket
hello, smtpd has an implicit listener which is "listen on socket". I propose that we write it explicitely in the default config and give up with this last bit of implicit configuration. The goal behind that is to stop having implicit behaviors but it is also to improve security in the daemon: OpenSMTPD uses /var/run/smtpd.sock both as a control socket AND enqueuer socket, which means that socket is rw-rw-rw- and the control process has the charge of checking uid of caller and if permission is allowed to run a specific command. I think we should really have a control socket and one/many SMTP sockets so the control socket could be given tigher filesystem permissions while we could also allow multiple enqueue sockets with different permissions, and control them through the smtpd.conf ruleset like we do for any other connection. The first step towards that is this diff. ok ? Index: smtpd.conf === RCS file: /cvs/src/etc/mail/smtpd.conf,v retrieving revision 1.13 diff -u -p -r1.13 smtpd.conf --- smtpd.conf 25 Nov 2019 13:30:04 - 1.13 +++ smtpd.conf 26 Nov 2019 06:27:11 - @@ -5,6 +5,8 @@ table aliases file:/etc/mail/aliases +listen on socket + # To accept external mail, replace with: listen on all # listen on lo0 -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles
