diff options
author | Gilles CHEHADE <gilles@poolp.org> | 2021-01-19 09:59:34 +0100 |
---|---|---|
committer | Gilles CHEHADE <gilles@poolp.org> | 2021-01-19 09:59:34 +0100 |
commit | b6303fa87b11a11a973d908c99d9dd81bd2c6b27 (patch) | |
tree | fa4363aa2a6eac12ee406e5d1d6d7d168583141e | |
parent | Rename the pony process to dispatcher and klondike to crypto. (diff) | |
parent | doc: fix typos (diff) | |
download | OpenSMTPD-b6303fa87b11a11a973d908c99d9dd81bd2c6b27.tar.xz OpenSMTPD-b6303fa87b11a11a973d908c99d9dd81bd2c6b27.zip |
Merge branch 'master' of ssh://github.com/OpenSMTPD/OpenSMTPD
-rw-r--r-- | .builds/freebsd.yml | 2 | ||||
-rw-r--r-- | README.md | 143 | ||||
-rw-r--r-- | ci/README.md | 8 | ||||
-rw-r--r-- | contrib/libexec/encrypt/encrypt.c | 36 |
4 files changed, 135 insertions, 54 deletions
diff --git a/.builds/freebsd.yml b/.builds/freebsd.yml index 51993106..4bc386d1 100644 --- a/.builds/freebsd.yml +++ b/.builds/freebsd.yml @@ -8,7 +8,7 @@ packages: - libressl - libasr - py37-ansible -- db6 +- db5 - python3 - python37 - python @@ -1,66 +1,118 @@ # OpenSMTPD -[![Version](https://img.shields.io/badge/Version-6.7.1p1-brihtgreen.svg)](https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/6.7.1p1) +[![Version](https://img.shields.io/badge/Version-6.8.0p2-brihtgreen.svg)](https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/v6.8.0p2) [![Coverity Scan analysis](https://scan.coverity.com/projects/278/badge.svg)](https://scan.coverity.com/projects/opensmtpd-opensmtpd) [![Packaging status](https://repology.org/badge/tiny-repos/opensmtpd.svg)](https://repology.org/project/opensmtpd/versions) [![License: ISC](https://img.shields.io/badge/License-ISC-blue.svg)](https://www.isc.org/licenses/) - OpenSMTPD is a FREE implementation of the server-side SMTP protocol as -defined by [RFC 5321](https://tools.ietf.org/html/rfc5321), with some +defined by [ RFC 5321 ](https://tools.ietf.org/html/rfc5321), with some additional standard extensions. It allows ordinary machines to exchange e-mails with other systems speaking the SMTP protocol. -OpenSMTPD runs on top of the OpenBSD operating system but also has a -portable version that can build and run on several systems, including: +OpenSMTPD runs on various [ Unix ](https://en.wikipedia.org/wiki/Unix) +and Unix-like operating systems including: -* Linux -* FreeBSD -* NetBSD -* DragonFly +- Linux +- [ FreeBSD ](https://www.freebsd.org) +- [ OpenBSD ](https://www.openbsd.org) +- [ NetBSD ](https://www.netbsd.org) +- [ DragonFlyBSD ](https://www.dragonflybsd.org) +- [ OSX ](https://en.wikipedia.org/wiki/MacOS) For more information: http://www.opensmtpd.org/portable.html -People interested about OpenSMTPD are encouraged to subscribe to our -mailing list: http://www.opensmtpd.org/list.html +If you are looking for a comprehensive manual on how to build your own mail server +visit our [wiki](https://github.com/OpenSMTPD/OpenSMTPD/wiki). + + +## Get In Touch + +If you want to stay up to day with most recent developments or chat about +OpenSMTPD you can: -and to join the IRC channel: #OpenSMTPD @ irc.freenode.net +- subscribe to our mailing list: http://www.opensmtpd.org/list.html +- join the IRC channel: `#opensmtpd` @ [ irc.freenode.net ](https://freenode.net/) +- submit a bug report or a feature request here on [ GitHub ](https://github.com/OpenSMTPD/OpenSMTPD) +- visit GitHub's [discussions page](https://github.com/OpenSMTPD/OpenSMTPD/discussions) -The manual pages are available online at https://www.opensmtpd.org/manual.html, + +## Documentation + +The manual pages are available [online](https://www.opensmtpd.org/manual.html), which you are encouraged to contribute to. -Cheers! + +## Install Via Package Manager + +Many distributions already provide a packaged version of opensmtpd. All you need +to do is install it via your package manager. + +> :warning: **Some distributions might ship an old version of opensmtpd** Be +> careful and check the version number to ensure you are running a secure +> version + +### Ubuntu/Debian + + sudo apt install opensmtpd + +### Archlinux + +Has a [ dedicated wiki page ](https://wiki.archlinux.org/index.php/OpenSMTPD#Installation) -# How to build, configure and use Portable OpenSMTPD +### Alpine Linux -## Dependencies + apk install opensmtpd -Portable OpenSMTPD relies on: - * autoconf (http://www.gnu.org/software/autoconf/) - * automake (http://www.gnu.org/software/automake/) - * bison (http://www.gnu.org/software/bison/) - or byacc (http://invisible-island.net/byacc/byacc.html) - * libevent (http://libevent.org/) - * libtool (http://www.gnu.org/software/libtool/) - * libressl (https://www.libressl.org/) - or OpenSSL (https://www.openssl.org/) +### Fedora -By default OpenSMTPD expects latest versions of all dependencies unless noted otherwise. + yum install opensmtpd -Note that some distributions have different packages for a same library, you should always use the `-dev` or `-devel` package (for example, `libevent-dev` or `libevent-devel`) if you're going to build OpenSMTPD yourself. +## Install From Source -## Get the source - git clone git://github.com/OpenSMTPD/OpenSMTPD.git opensmtpd +### Install Dependencies +OpenSMTPD relies on: + - [ autoconf ](http://www.gnu.org/software/autoconf/) + - [ automake ](http://www.gnu.org/software/automake/) + - [ bison ](http://www.gnu.org/software/bison/) + or [ byacc ](http://invisible-island.net/byacc/byacc.html) + - [ libevent ](http://libevent.org/) + - [ libtool ](http://www.gnu.org/software/libtool/) + - [ libressl ](https://www.libressl.org/) + or [ OpenSSL ](https://www.openssl.org/) + +You will also need a C compiler and git if you are cloning the git repository + +By default OpenSMTPD expects latest versions of all dependencies unless noted +otherwise. + +Note that some distributions have different packages for a same library, you +should always use the `-dev` or `-devel` package (for example, `libevent-dev` +or `libevent-devel`) if you're going to build OpenSMTPD yourself. + +### Get The Source Code + +Clone from github: + + git clone https://github.com/OpenSMTPD/OpenSMTPD.git + + +[Download tarball](https://github.com/OpenSMTPD/OpenSMTPD/archive/v6.8.0p2.zip) + +Latest release can always be found [here](https://github.com/OpenSMTPD/OpenSMTPD/releases/latest) + + + +### Compile -## Build cd opensmtpd* ./bootstrap # Only if you build from git sources @@ -68,28 +120,29 @@ Note that some distributions have different packages for a same library, you sho make sudo make install -### Special notes for FreeBSD/DragonFlyBSD/Mac OS X: + +#### Special notes for FreeBSD/DragonFlyBSD/Mac OS X: Please launch configure with special directive about libevent and libasr directory: -### FreeBSD / DragonFlyBSD: +#### FreeBSD / DragonFlyBSD: ./configure --with-libasr=/usr/local -### MacOS: +#### MacOS: ./configure --with-libevent=/opt/local Though MacOS includes a copy of bison in the bases system, you will need to install a more recent version from, e.g., MacPorts. -## Install +### Install sudo make install -## Setup historical interface +### Setup historical interface OpenSMTPD provides a single utility `smtpctl` to control the daemon and the local submission subsystem. @@ -119,17 +172,17 @@ setting the appropriate symbolic links: The OpenSMTPD project leaves it up to the package maintainers to setup the -links in their packages as it is very hard for us to accomodate all systems -with the prefered method in a clean way. +links in their packages as it is very hard for us to accommodate all systems +with the preferred method in a clean way. -## Configure /etc/smtpd.conf +### Configure /etc/smtpd.conf -Please have a look at the complete format description of smtpd.conf -configuration file (https://man.openbsd.org/smtpd.conf) +Please have a look at the complete format description of `smtpd.conf` +[configuration file](https://man.openbsd.org/smtpd.conf) -## Add OpenSMTPD users +### Add OpenSMTPD users To operate, OpenSMTPD requires at least one user, by default `_smtpd`; and preferably two users, by default `_smtpd` and `_smtpq`. @@ -144,18 +197,18 @@ script allows overriding these using the options: `--with-user-smtpd`, `--with-user-queue`, and `--with-group-queue`. -### NetBSD, Linux (Debian, Arch Linux, ...) +#### NetBSD, Linux (Debian, Arch Linux, ...) mkdir /var/empty useradd -c "SMTP Daemon" -d /var/empty -s /sbin/nologin _smtpd useradd -c "SMTPD Queue" -d /var/empty -s /sbin/nologin _smtpq -### DragonFlyBSD, FreeBSD +#### DragonFlyBSD, FreeBSD pw useradd _smtpd -c "SMTP Daemon" -d /var/empty -s /sbin/nologin pw useradd _smtpq -c "SMTPD Queue" -d /var/empty -s /sbin/nologin -### Mac OS X +#### Mac OS X First we need a group with an unused GID below `500`, list the current ones used: @@ -188,7 +241,7 @@ Add a user - here we have picked `444`: repeat for the `_smtpq` user. -## Launch smtpd +### Launch smtpd First, kill any running sendmail/exim/qmail/postfix or other. diff --git a/ci/README.md b/ci/README.md index 2eee08f1..f27a25e4 100644 --- a/ci/README.md +++ b/ci/README.md @@ -1,6 +1,6 @@ # Continuous Integration -This directory contains CI/CD related scripts and resources +This directory contains CI/CD related scripts and resources. CI/CD process leverages GitHub Actions as a primary automation platform since up to 20 parallel workflows are available for opensource projects. @@ -8,7 +8,7 @@ up to 20 parallel workflows are available for opensource projects. On high level we have multiple dimensions to test: - OS Distribution - - TLS library implementation: libress, openssl + - TLS library implementation: libressl, openssl - libc implementations: glibc, musl - compiler: gcc, clang (not yet tested) @@ -19,8 +19,8 @@ tests. ## Directory strucuture -- [docker](#dockerfiles) dockerfiles for various distributions -- [scripts](#scripts) useful scripts for ci/cd automation +- [docker](#dockerfiles) dockerfiles for various distributions. +- [scripts](#scripts) useful scripts for ci/cd automation. ## Design Considerations diff --git a/contrib/libexec/encrypt/encrypt.c b/contrib/libexec/encrypt/encrypt.c index 80275921..e525fd27 100644 --- a/contrib/libexec/encrypt/encrypt.c +++ b/contrib/libexec/encrypt/encrypt.c @@ -25,11 +25,31 @@ #include <string.h> #include <unistd.h> +#ifndef CRYPT_GENSALT_IMPLEMENTS_DEFAULT_PREFIX #define PASSWORD_LEN 128 +#endif #define SALT_LEN 16 +struct hashing_method { + char *prefix; + unsigned long count; +}; + static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; +static struct hashing_method ids[] = { + {"$y$", 8}, + {"$gy$", 8}, + {"$7$", 8}, + {"$2a$", 10}, + {"$2b$", 10}, + {"$2y$", 10}, + {"$6$", 5000}, + {"$5$", 5000}, + {"$3$", 1}, + {"$2$", 10}, + {"$1$", 1000} +}; static void to64(char *, long int, int); static void print_passwd(const char *); @@ -66,20 +86,28 @@ main(int argc, char *argv[]) void print_passwd(const char *string) { - const char *ids[] = { "2a", "6", "5", "3", "2", "1", NULL }; const char *id; char salt[SALT_LEN+1]; +#ifndef CRYPT_GENSALT_IMPLEMENTS_DEFAULT_PREFIX char buffer[PASSWORD_LEN]; +#else + char *buffer; +#endif int n; const char *p; + int nb_ids = sizeof(ids) / sizeof(ids[0]); for (n = 0; n < SALT_LEN; ++n) to64(&salt[n], arc4random_uniform(0xff), 1); salt[SALT_LEN] = '\0'; - for (n = 0; ids[n]; n++) { - id = ids[n]; - (void)snprintf(buffer, sizeof buffer, "$%s$%s$", id, salt); + for (n = 0; n < nb_ids; n++) { + id = ids[n].prefix; +#ifndef CRYPT_GENSALT_IMPLEMENTS_DEFAULT_PREFIX + (void)snprintf(buffer, sizeof buffer, "%s%s$", id, salt); +#else + buffer = crypt_gensalt(id, ids[n].count, NULL, 0); +#endif if ((p = crypt(string, buffer)) == NULL) continue; if (strncmp(p, buffer, strlen(buffer)) != 0) |