On Mon, Nov 25, 2019 at 08:30:21AM +0100, Gilles Chehade wrote:
> On Mon, Nov 25, 2019 at 01:09:20AM +0100, Joerg Jung wrote:
> > On Sun, Nov 24, 2019 at 10:54:14AM +0100, Gilles Chehade wrote:
> > >
> > > Ten years ago, it seemed a very neat idea that OpenSMTPD would have some
> > > implicit defaults to avoid people creating open relays.
> > >
> > > Back then I was trying to make the smtpd.conf as compact as possible and
> > > came up with the very nice idea of "implicit local" so that we would get
> > > a very compact:
> > >
> > > accept for any relay
> > >
> > > which would not be an open relay as it translated to:
> > >
> > > accept from local for any relay
> > >
> > >
> > > This idea was carried when we moved the syntax to match/action.
> > >
> > > I think this was an error from the beginning and we should only have the
> > > explicit notation as I see a trend in people coming up with:
> > >
> > > match for domain foobar.org action "deliver"
> > >
> > > which, read loud, seems to imply that mail for domain foobar.org will be
> > > delivered but which actually fails because it translates as:
> > >
> > > match from local for domain foobar.org action "deliver"
> > >
> > > and actually limits the scope to local users...
> > >
> > > People keep making this mistake over and over which as safe as it is, is
> > > a serious hint that the mistake is on smtpd's side.
> > >
> > >
> > > Is there strong objection to move to a mode where implicit notation will
> > > no longer be allowed ?
> >
> > No objections. Yes, please make the notation explicit and remove the
> > syntactic sugar which often seems to be the reason for confusions.
> >
> > > This could start with us adding the explicit notation to default config,
> > > then put a startup warning in the next release so configurations are not
> > > broken but people spot that this is no longer encouraged and we can then
> > > later kill it.
> >
> > Sounds like a good plan to me.
> >
>
> This diff makes default smtpd.conf use the explicit notation.
>
> ok ?
>
and this diff makes smtpd warn at startup that implicit rules were used:
laptop$ doas smtpd
smtpd: ruleset relies on implicit 'from' at line 10
smtpd: ruleset relies on implicit 'for' at line 11
laptop$
alternatively these warnx() can be turned into errx() if we want to
go right away into explicit mode without warning for a release.
Index: parse.y
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/parse.y,v
retrieving revision 1.264
diff -u -p -r1.264 parse.y
--- parse.y 12 Nov 2019 21:02:42 -0000 1.264
+++ parse.y 25 Nov 2019 07:39:28 -0000
@@ -1313,10 +1313,12 @@ MATCH {
rule = xcalloc(1, sizeof *rule);
} match_options action {
if (!rule->flag_from) {
+ warnx("ruleset relies on implicit 'from' at line %d",
file->lineno);
rule->table_from = strdup("<localhost>");
rule->flag_from = 1;
}
if (!rule->flag_for) {
+ warnx("ruleset relies on implicit 'for' at line %d",
file->lineno);
rule->table_for = strdup("<localnames>");
rule->flag_for = 1;
}
--
Gilles Chehade @poolpOrg
https://www.poolp.org patreon: https://www.patreon.com/gilles
