diff options
| author |   Gilles Chehade <gilles@poolp.org> | 2020-01-08 16:38:21 +0100 |
|---|---|---|
| committer | Gilles Chehade <gilles@poolp.org> | 2020-01-08 16:38:21 +0100 |
| commit | 886b35650959083bcb66d4c994011d6108190e35 (patch) | |
| tree | 1a416528da5d7cc0e545f7fe5a210cd399475813 | |
| parent | Merge branch 'master' into libtls (diff) | |
| parent | sync (diff) | |
| download | OpenSMTPD-886b35650959083bcb66d4c994011d6108190e35.tar.xz OpenSMTPD-886b35650959083bcb66d4c994011d6108190e35.zip | |
Merge branch 'master' into libtls
| -rw-r--r-- | smtpd/lka_filter.c | 74 | ||||
| -rw-r--r-- | smtpd/mta_session.c | 30 | ||||
| -rw-r--r-- | smtpd/parse.y | 47 | ||||
| -rw-r--r-- | smtpd/parser.c | 7 | ||||
| -rw-r--r-- | smtpd/report_smtp.c | 24 | ||||
| -rw-r--r-- | smtpd/smtp_session.c | 45 | ||||
| -rw-r--r-- | smtpd/smtpctl.c | 4 | ||||
| -rw-r--r-- | smtpd/smtpd.conf.5 | 10 | ||||
| -rw-r--r-- | smtpd/smtpd.h | 11 |
9 files changed, 196 insertions, 56 deletions
diff --git a/smtpd/lka_filter.c b/smtpd/lka_filter.c index d8d0652b..9141c39f 100644 --- a/smtpd/lka_filter.c +++ b/smtpd/lka_filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lka_filter.c,v 1.57 2019/12/21 11:47:34 gilles Exp $ */ +/* $OpenBSD: lka_filter.c,v 1.60 2020/01/08 01:41:11 gilles Exp $ */ /* * Copyright (c) 2018 Gilles Chehade <gilles@poolp.org> @@ -54,6 +54,8 @@ static int filter_builtins_connect(struct filter_session *, struct filter *, uin static int filter_builtins_helo(struct filter_session *, struct filter *, uint64_t, const char *); static int filter_builtins_mail_from(struct filter_session *, struct filter *, uint64_t, const char *); static int filter_builtins_rcpt_to(struct filter_session *, struct filter *, uint64_t, const char *); +static int filter_builtins_data(struct filter_session *, struct filter *, uint64_t, const char *); +static int filter_builtins_commit(struct filter_session *, struct filter *, uint64_t, const char *); static void filter_result_proceed(uint64_t); static void filter_result_junk(uint64_t); @@ -78,6 +80,7 @@ struct filter_session { int fcrdns; char *helo; + char *username; char *mail_from; enum filter_phase phase; @@ -95,14 +98,14 @@ static struct filter_exec { { FILTER_AUTH, "auth", filter_builtins_notimpl }, { FILTER_MAIL_FROM, "mail-from", filter_builtins_mail_from }, { FILTER_RCPT_TO, "rcpt-to", filter_builtins_rcpt_to }, - { FILTER_DATA, "data", filter_builtins_notimpl }, + { FILTER_DATA, "data", filter_builtins_data }, { FILTER_DATA_LINE, "data-line", filter_builtins_notimpl }, { FILTER_RSET, "rset", filter_builtins_notimpl }, { FILTER_QUIT, "quit", filter_builtins_notimpl }, { FILTER_NOOP, "noop", filter_builtins_notimpl }, { FILTER_HELP, "help", filter_builtins_notimpl }, { FILTER_WIZ, "wiz", filter_builtins_notimpl }, - { FILTER_COMMIT, "commit", filter_builtins_notimpl }, + { FILTER_COMMIT, "commit", filter_builtins_commit }, }; struct filter { @@ -528,6 +531,7 @@ lka_filter_end(uint64_t reqid) free(fs->rdns); free(fs->helo); free(fs->mail_from); + free(fs->username); free(fs->lastparam); free(fs); log_trace(TRACE_FILTERS, "%016"PRIx64" filters session-end", reqid); @@ -884,7 +888,6 @@ filter_protocol(uint64_t reqid, enum filter_phase phase, const char *param) param = nparam; break; case FILTER_STARTTLS: - case FILTER_AUTH: /* TBD */ break; default: @@ -1108,6 +1111,47 @@ filter_check_helo_regex(struct filter *filter, const char *key) } static int +filter_check_auth(struct filter *filter, const char *username) +{ + int ret = 0; + + if (!filter->config->auth) + return 0; + + ret = username ? 1 : 0; + + return filter->config->not_auth < 0 ? !ret : ret; +} + +static int +filter_check_auth_table(struct filter *filter, enum table_service kind, const char *key) +{ + int ret = 0; + + if (filter->config->auth_table == NULL) + return 0; + + if (key && table_match(filter->config->auth_table, kind, key) > 0) + ret = 1; + + return filter->config->not_auth_table < 0 ? !ret : ret; +} + +static int +filter_check_auth_regex(struct filter *filter, const char *key) +{ + int ret = 0; + + if (filter->config->auth_regex == NULL) + return 0; + + if (key && table_match(filter->config->auth_regex, K_REGEX, key) > 0) + ret = 1; + return filter->config->not_auth_regex < 0 ? !ret : ret; +} + + +static int filter_check_mail_from_table(struct filter *filter, enum table_service kind, const char *key) { int ret = 0; @@ -1209,6 +1253,10 @@ filter_builtins_global(struct filter_session *fs, struct filter *filter, uint64_ filter_check_src_regex(filter, ss_to_text(&fs->ss_src)) || filter_check_helo_table(filter, K_DOMAIN, fs->helo) || filter_check_helo_regex(filter, fs->helo) || + filter_check_auth(filter, fs->username) || + filter_check_auth_table(filter, K_STRING, fs->username) || + filter_check_auth_table(filter, K_CREDENTIALS, fs->username) || + filter_check_auth_regex(filter, fs->username) || filter_check_mail_from_table(filter, K_MAILADDR, fs->mail_from) || filter_check_mail_from_regex(filter, fs->mail_from); } @@ -1239,6 +1287,18 @@ filter_builtins_rcpt_to(struct filter_session *fs, struct filter *filter, uint64 filter_check_rcpt_to_regex(filter, param); } +static int +filter_builtins_data(struct filter_session *fs, struct filter *filter, uint64_t reqid, const char *param) +{ + return filter_builtins_global(fs, filter, reqid); +} + +static int +filter_builtins_commit(struct filter_session *fs, struct filter *filter, uint64_t reqid, const char *param) +{ + return filter_builtins_global(fs, filter, reqid); +} + static void report_smtp_broadcast(uint64_t, const char *, struct timeval *, const char *, const char *, ...) __attribute__((__format__ (printf, 5, 6))); @@ -1410,6 +1470,12 @@ void lka_report_smtp_link_auth(const char *direction, struct timeval *tv, uint64_t reqid, const char *username, const char *result) { + struct filter_session *fs; + + if (strcmp(result, "pass") == 0) { + fs = tree_xget(&sessions, reqid); + fs->username = xstrdup(username); + } report_smtp_broadcast(reqid, direction, tv, "link-auth", "%s|%s\n", username, result); } diff --git a/smtpd/mta_session.c b/smtpd/mta_session.c index c951f60e..84d00bcb 100644 --- a/smtpd/mta_session.c +++ b/smtpd/mta_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mta_session.c,v 1.125 2019/12/21 17:43:49 gilles Exp $ */ +/* $OpenBSD: mta_session.c,v 1.129 2020/01/08 00:05:38 gilles Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -106,6 +106,8 @@ struct mta_session { char *helo; char *mxname; + char *username; + int flags; int attempt; @@ -178,9 +180,7 @@ static void mta_report_link_greeting(struct mta_session *, const char *); static void mta_report_link_identify(struct mta_session *, const char *, const char *); static void mta_report_link_tls(struct mta_session *, const char *); static void mta_report_link_disconnect(struct mta_session *); -#if 0 static void mta_report_link_auth(struct mta_session *, const char *, const char *); -#endif static void mta_report_tx_reset(struct mta_session *, uint32_t); static void mta_report_tx_begin(struct mta_session *, uint32_t); static void mta_report_tx_mail(struct mta_session *, uint32_t, const char *, int); @@ -411,6 +411,7 @@ mta_free(struct mta_session *s) relay = s->relay; route = s->route; + free(s->username); free(s->mxname); free(s); stat_decrement("mta.session", 1); @@ -662,6 +663,14 @@ again: break; case MTA_AUTH_PLAIN: + memset(ibuf, 0, sizeof ibuf); + if (base64_decode(s->relay->secret, (unsigned char *)ibuf, + sizeof(ibuf)-1) == -1) { + log_debug("debug: mta: %p: credentials too large on session", s); + mta_error(s, "Credentials too large"); + break; + } + s->username = xstrdup(ibuf+1); mta_send(s, "AUTH PLAIN %s", s->relay->secret); break; @@ -677,6 +686,7 @@ again: mta_error(s, "Credentials too large"); break; } + s->username = xstrdup(ibuf+1); memset(obuf, 0, sizeof obuf); base64_encode((unsigned char *)ibuf + 1, strlen(ibuf + 1), obuf, sizeof obuf); @@ -824,6 +834,7 @@ again: } else mta_send(s, "RCPT TO:<%s>", e->dest); + mta_report_tx_envelope(s, s->task->msgid, e->id); s->rcptcount++; break; @@ -972,15 +983,18 @@ mta_response(struct mta_session *s, char *line) case MTA_AUTH_PLAIN: if (line[0] != '2') { mta_error(s, "AUTH rejected: %s", line); + mta_report_link_auth(s, s->username, "fail"); s->flags |= MTA_FREE; return; } + mta_report_link_auth(s, s->username, "pass"); mta_enter_state(s, MTA_READY); break; case MTA_AUTH_LOGIN: if (strncmp(line, "334 ", 4) != 0) { mta_error(s, "AUTH rejected: %s", line); + mta_report_link_auth(s, s->username, "fail"); s->flags |= MTA_FREE; return; } @@ -990,6 +1004,7 @@ mta_response(struct mta_session *s, char *line) case MTA_AUTH_LOGIN_USER: if (strncmp(line, "334 ", 4) != 0) { mta_error(s, "AUTH rejected: %s", line); + mta_report_link_auth(s, s->username, "fail"); s->flags |= MTA_FREE; return; } @@ -999,9 +1014,11 @@ mta_response(struct mta_session *s, char *line) case MTA_AUTH_LOGIN_PASS: if (line[0] != '2') { mta_error(s, "AUTH rejected: %s", line); + mta_report_link_auth(s, s->username, "fail"); s->flags |= MTA_FREE; return; } + mta_report_link_auth(s, s->username, "pass"); mta_enter_state(s, MTA_READY); break; @@ -1012,9 +1029,6 @@ mta_response(struct mta_session *s, char *line) else delivery = IMSG_MTA_DELIVERY_TEMPFAIL; - mta_report_tx_mail(s, s->task->msgid, s->task->sender, - delivery == IMSG_MTA_DELIVERY_TEMPFAIL ? -1 : 0); - mta_flush_task(s, delivery, line, 0, 0); mta_enter_state(s, MTA_RSET); return; @@ -1101,8 +1115,6 @@ mta_response(struct mta_session *s, char *line) case '2': mta_report_tx_rcpt(s, s->task->msgid, e->dest, 1); - mta_report_tx_envelope(s, - s->task->msgid, e->id); break; case '4': mta_report_tx_rcpt(s, @@ -1851,7 +1863,6 @@ mta_report_link_disconnect(struct mta_session *s) report_smtp_link_disconnect("smtp-out", s->id); } -#if 0 static void mta_report_link_auth(struct mta_session *s, const char *user, const char *result) { @@ -1860,7 +1871,6 @@ mta_report_link_auth(struct mta_session *s, const char *user, const char *result report_smtp_link_auth("smtp-out", s->id, user, result); } -#endif static void mta_report_tx_reset(struct mta_session *s, uint32_t msgid) diff --git a/smtpd/parse.y b/smtpd/parse.y index f0fa6c8f..1bc9f917 100644 --- a/smtpd/parse.y +++ b/smtpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.272 2019/12/21 11:07:38 gilles Exp $ */ +/* $OpenBSD: parse.y,v 1.273 2020/01/08 01:41:11 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -1599,6 +1599,25 @@ negation HELO REGEX tables { } ; +filter_phase_check_auth: +negation AUTH { + filter_config->not_auth = $1 ? -1 : 1; + filter_config->auth = 1; +} +; +filter_phase_check_auth_table: +negation AUTH tables { + filter_config->not_auth_table = $1 ? -1 : 1; + filter_config->auth_table = $3; +} +; +filter_phase_check_auth_regex: +negation AUTH REGEX tables { + filter_config->not_auth_regex = $1 ? -1 : 1; + filter_config->auth_regex = $4; +} +; + filter_phase_check_mail_from_table: negation MAIL_FROM tables { filter_config->not_mail_from_table = $1 ? -1 : 1; @@ -1641,9 +1660,20 @@ filter_phase_check_helo_table | filter_phase_check_helo_regex | filter_phase_global_options; +filter_phase_auth_options: +filter_phase_check_helo_table | +filter_phase_check_helo_regex | +filter_phase_check_auth | +filter_phase_check_auth_table | +filter_phase_check_auth_regex | +filter_phase_global_options; + filter_phase_mail_from_options: filter_phase_check_helo_table | filter_phase_check_helo_regex | +filter_phase_check_auth | +filter_phase_check_auth_table | +filter_phase_check_auth_regex | filter_phase_check_mail_from_table | filter_phase_check_mail_from_regex | filter_phase_global_options; @@ -1651,6 +1681,9 @@ filter_phase_global_options; filter_phase_rcpt_to_options: filter_phase_check_helo_table | filter_phase_check_helo_regex | +filter_phase_check_auth | +filter_phase_check_auth_table | +filter_phase_check_auth_regex | filter_phase_check_mail_from_table | filter_phase_check_mail_from_regex | filter_phase_check_rcpt_to_table | @@ -1660,6 +1693,9 @@ filter_phase_global_options; filter_phase_data_options: filter_phase_check_helo_table | filter_phase_check_helo_regex | +filter_phase_check_auth | +filter_phase_check_auth_table | +filter_phase_check_auth_regex | filter_phase_check_mail_from_table | filter_phase_check_mail_from_regex | filter_phase_global_options; @@ -1684,6 +1720,9 @@ filter_phase_global_options; filter_phase_commit_options: filter_phase_check_helo_table | filter_phase_check_helo_regex | +filter_phase_check_auth | +filter_phase_check_auth_table | +filter_phase_check_auth_regex | filter_phase_check_mail_from_table | filter_phase_check_mail_from_regex | filter_phase_global_options; @@ -1708,6 +1747,11 @@ EHLO { } MATCH filter_phase_helo_options filter_action_builtin ; +filter_phase_auth: +AUTH { +} MATCH filter_phase_auth_options filter_action_builtin +; + filter_phase_mail_from: MAIL_FROM { filter_config->phase = FILTER_MAIL_FROM; @@ -1764,6 +1808,7 @@ filter_phase: filter_phase_connect | filter_phase_helo | filter_phase_ehlo +| filter_phase_auth | filter_phase_mail_from | filter_phase_rcpt_to | filter_phase_data diff --git a/smtpd/parser.c b/smtpd/parser.c index df90e508..24b92094 100644 --- a/smtpd/parser.c +++ b/smtpd/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.41 2017/07/31 16:38:33 gilles Exp $ */ +/* $OpenBSD: parser.c,v 1.42 2020/01/06 11:02:38 gilles Exp $ */ /* * Copyright (c) 2013 Eric Faurot <eric@openbsd.org> @@ -219,6 +219,11 @@ cmd_run(int argc, char **argv) return (node->cmd(np, np ? param : NULL)); fail: + if (TAILQ_FIRST(&node->children) == NULL) { + fprintf(stderr, "invalid command\n"); + return (-1); + } + fprintf(stderr, "possibilities are:\n"); TAILQ_FOREACH(tmp, &node->children, entry) { for (j = 0; j < i; j++) diff --git a/smtpd/report_smtp.c b/smtpd/report_smtp.c index ab17901f..80f36fc7 100644 --- a/smtpd/report_smtp.c +++ b/smtpd/report_smtp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: report_smtp.c,v 1.10 2019/09/19 14:40:53 gilles Exp $ */ +/* $OpenBSD: report_smtp.c,v 1.11 2020/01/07 23:03:37 gilles Exp $ */ /* * Copyright (c) 2018 Gilles Chehade <gilles@poolp.org> @@ -174,15 +174,6 @@ void report_smtp_tx_mail(const char *direction, uint64_t qid, uint32_t msgid, const char *address, int ok) { struct timeval tv; - char buffer[SMTPD_MAXMAILADDRSIZE]; - char *p; - - if ((p = strchr(address, '<')) == NULL) - return; - (void)strlcpy(buffer, p + 1, sizeof buffer); - if ((p = strchr(buffer, '>')) == NULL) - return; - *p = '\0'; gettimeofday(&tv, NULL); @@ -191,7 +182,7 @@ report_smtp_tx_mail(const char *direction, uint64_t qid, uint32_t msgid, const c m_add_timeval(p_lka, &tv); m_add_id(p_lka, qid); m_add_u32(p_lka, msgid); - m_add_string(p_lka, buffer); + m_add_string(p_lka, address); m_add_int(p_lka, ok); m_close(p_lka); } @@ -200,15 +191,6 @@ void report_smtp_tx_rcpt(const char *direction, uint64_t qid, uint32_t msgid, const char *address, int ok) { struct timeval tv; - char buffer[SMTPD_MAXMAILADDRSIZE]; - char *p; - - if ((p = strchr(address, '<')) == NULL) - return; - (void)strlcpy(buffer, p + 1, sizeof buffer); - if ((p = strchr(buffer, '>')) == NULL) - return; - *p = '\0'; gettimeofday(&tv, NULL); @@ -217,7 +199,7 @@ report_smtp_tx_rcpt(const char *direction, uint64_t qid, uint32_t msgid, const c m_add_timeval(p_lka, &tv); m_add_id(p_lka, qid); m_add_u32(p_lka, msgid); - m_add_string(p_lka, buffer); + m_add_string(p_lka, address); m_add_int(p_lka, ok); m_close(p_lka); } diff --git a/smtpd/smtp_session.c b/smtpd/smtp_session.c index 373a476a..1038da45 100644 --- a/smtpd/smtp_session.c +++ b/smtpd/smtp_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtp_session.c,v 1.419 2020/01/03 22:01:29 gilles Exp $ */ +/* $OpenBSD: smtp_session.c,v 1.421 2020/01/08 00:05:38 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -797,7 +797,6 @@ smtp_session_imsg(struct mproc *p, struct imsg *imsg) s->tx->msgid = msgid; s->tx->evp.id = msgid_to_evpid(msgid); s->tx->rcptcount = 0; - smtp_report_tx_begin(s, s->tx->msgid); smtp_reply(s, "250 %s Ok", esc_code(ESC_STATUS_OK, ESC_OTHER_STATUS)); } else { @@ -913,9 +912,9 @@ smtp_session_imsg(struct mproc *p, struct imsg *imsg) m_end(&m); s = tree_xpop(&wait_queue_commit, reqid); if (!success) { - smtp_tx_free(s->tx); smtp_reply(s, "421 %s Temporary failure", esc_code(ESC_STATUS_TEMPFAIL, ESC_OTHER_MAIL_SYSTEM_STATUS)); + smtp_tx_free(s->tx); smtp_enter_state(s, STATE_QUIT); return; } @@ -923,6 +922,8 @@ smtp_session_imsg(struct mproc *p, struct imsg *imsg) smtp_reply(s, "250 %s %08x Message accepted for delivery", esc_code(ESC_STATUS_OK, ESC_OTHER_STATUS), s->tx->msgid); + smtp_report_tx_commit(s, s->tx->msgid, s->tx->odatalen); + smtp_report_tx_reset(s, s->tx->msgid); log_info("%016"PRIx64" smtp message " "msgid=%08x size=%zu nrcpt=%zu proto=%s", @@ -1732,14 +1733,14 @@ smtp_filter_phase(enum filter_phase phase, struct smtp_session *s, const char *p static void smtp_proceed_rset(struct smtp_session *s, const char *args) { + smtp_reply(s, "250 %s Reset state", + esc_code(ESC_STATUS_OK, ESC_OTHER_STATUS)); + if (s->tx) { if (s->tx->msgid) smtp_tx_rollback(s->tx); smtp_tx_free(s->tx); } - - smtp_reply(s, "250 %s Reset state", - esc_code(ESC_STATUS_OK, ESC_OTHER_STATUS)); } static void @@ -2110,12 +2111,15 @@ smtp_reply(struct smtp_session *s, char *fmt, ...) } log_trace(TRACE_SMTP, "smtp: %p: >>> %s", s, buf); + smtp_report_protocol_server(s, buf); switch (buf[0]) { case '2': if (s->tx) { - if (s->last_cmd == CMD_MAIL_FROM) + if (s->last_cmd == CMD_MAIL_FROM) { + smtp_report_tx_begin(s, s->tx->msgid); smtp_report_tx_mail(s, s->tx->msgid, s->cmd + 10, 1); + } else if (s->last_cmd == CMD_RCPT_TO) smtp_report_tx_rcpt(s, s->tx->msgid, s->cmd + 8, 1); } @@ -2177,7 +2181,6 @@ smtp_reply(struct smtp_session *s, char *fmt, ...) } io_xprintf(s->io, "%s\r\n", buf); - smtp_report_protocol_server(s, buf); } static void @@ -2558,8 +2561,6 @@ smtp_tx_commit(struct smtp_tx *tx) m_add_msgid(p_queue, tx->msgid); m_close(p_queue); tree_xset(&wait_queue_commit, tx->session->id, tx->session); - smtp_report_tx_commit(tx->session, tx->msgid, tx->odatalen); - smtp_report_tx_reset(tx->session, tx->msgid); smtp_filter_data_end(tx->session); } @@ -3043,19 +3044,39 @@ smtp_report_tx_begin(struct smtp_session *s, uint32_t msgid) static void smtp_report_tx_mail(struct smtp_session *s, uint32_t msgid, const char *address, int ok) { + char mailaddr[SMTPD_MAXMAILADDRSIZE]; + char *p; + if (! SESSION_FILTERED(s)) return; - report_smtp_tx_mail("smtp-in", s->id, msgid, address, ok); + if ((p = strchr(address, '<')) == NULL) + return; + (void)strlcpy(mailaddr, p + 1, sizeof mailaddr); + if ((p = strchr(mailaddr, '>')) == NULL) + return; + *p = '\0'; + + report_smtp_tx_mail("smtp-in", s->id, msgid, mailaddr, ok); } static void smtp_report_tx_rcpt(struct smtp_session *s, uint32_t msgid, const char *address, int ok) { + char mailaddr[SMTPD_MAXMAILADDRSIZE]; + char *p; + if (! SESSION_FILTERED(s)) return; - report_smtp_tx_rcpt("smtp-in", s->id, msgid, address, ok); + if ((p = strchr(address, '<')) == NULL) + return; + (void)strlcpy(mailaddr, p + 1, sizeof mailaddr); + if ((p = strchr(mailaddr, '>')) == NULL) + return; + *p = '\0'; + + report_smtp_tx_rcpt("smtp-in", s->id, msgid, mailaddr, ok); } static void diff --git a/smtpd/smtpctl.c b/smtpd/smtpctl.c index a985172a..129abb51 100644 --- a/smtpd/smtpctl.c +++ b/smtpd/smtpctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpctl.c,v 1.165 2019/07/23 08:11:10 gilles Exp $ */ +/* $OpenBSD: smtpctl.c,v 1.166 2020/01/06 11:03:06 gilles Exp $ */ /* * Copyright (c) 2013 Eric Faurot <eric@openbsd.org> @@ -945,7 +945,7 @@ do_encrypt(int argc, struct parameter *argv) if (argv) p = argv[0].u.u_str; - execl(PATH_ENCRYPT, "encrypt", p, (char *)NULL); + execl(PATH_ENCRYPT, "encrypt", "--", p, (char *)NULL); errx(1, "execl"); } diff --git a/smtpd/smtpd.conf.5 b/smtpd/smtpd.conf.5 index 74f3ca6e..8f67e917 100644 --- a/smtpd/smtpd.conf.5 +++ b/smtpd/smtpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: smtpd.conf.5,v 1.246 2019/12/19 13:34:45 jmc Exp $ +.\" $OpenBSD: smtpd.conf.5,v 1.248 2020/01/08 10:02:17 jmc Exp $ .\" .\" Copyright (c) 2008 Janne Johansson <jj@openbsd.org> .\" Copyright (c) 2009 Jacek Masiulaniec <jacekm@dobremiasto.net> @@ -17,7 +17,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .\" -.Dd $Mdocdate: December 19 2019 $ +.Dd $Mdocdate: January 8 2020 $ .Dt SMTPD.CONF 5 .Os .Sh NAME @@ -979,8 +979,10 @@ but other data must have been already submitted before they are available. .It rdns Pf < Ar table Ns > Ta session has a reverse DNS in table .It src Pf < Ar table Ns > Ta source address is in table .It helo Pf < Ar table Ns > Ta helo name is in table -.It mail-from Pf < Ar table Ns > Ta sender address is in table -.It rcpt-to Pf < Ar table Ns > Ta recipient address is in table +.It auth Ta session is authenticated +.It auth Pf < Ar table Ns > Ta session username is in table +.It mail-from Pf < Ar table Ns > Ta sender address is in table +.It rcpt-to Pf < Ar table Ns > Ta recipient address is in table .El .Pp These conditions may all be negated by prefixing them with an exclamation mark: diff --git a/smtpd/smtpd.h b/smtpd/smtpd.h index 27aed0d0..3c2a6a5a 100644 --- a/smtpd/smtpd.h +++ b/smtpd/smtpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpd.h,v 1.649 2019/12/21 10:40:20 gilles Exp $ */ +/* $OpenBSD: smtpd.h,v 1.650 2020/01/08 01:41:11 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -1095,6 +1095,15 @@ struct filter_config { int8_t not_helo_regex; struct table *helo_regex; + int8_t not_auth; + int8_t auth; + + int8_t not_auth_table; + struct table *auth_table; + + int8_t not_auth_regex; + struct table *auth_regex; + int8_t not_mail_from_table; struct table *mail_from_table; |