summaryrefslogtreecommitdiffstats
path: root/libexec/spamd/spamd.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* By now we are already confident that pledge(2) "just works(tm)" and that it canmestre2019-08-061-10/+1
| | | | | | | | | | | be used to effectively remove filesystem access. That being said, in spamd(8) when I pledge(2)d it the main priv process got "stdio inet" which means there's no fs access at all so calling chroot(2)/chdir(2) here doesn't get us any additional protection. Just remove them. OK deraadt@ and no objections from schwarze@
* More "explicitely" -> "explicitly" in various comments.krw2018-10-221-2/+2
| | | | ok guenther@ tb@ deraadt@
* nuke trailing whitespacebeck2018-04-261-3/+3
|
* Make blacklist entries override the whitelist. When running spamdmillert2017-10-181-2/+56
| | | | | | | | in greylisting mode, it is not uncommon for an IP to get whitelisted before it shows up on a spam blacklist. With this change, spamd will check its blacklists before adding a WHITE entry to the <spamd-white> pf table. If the IP matches a blacklist, the WHITE entry will be removed. OK phessler@
* Check for asprintf() returning -1 instead of assuming that themillert2017-10-121-2/+3
| | | | pointer will remain unchanged when fails. OK deraadt@
* fix missing \ on \n, spotted by Edgar Pettijohnbeck2017-04-061-2/+2
|
* check EAGAIN in the correct place,beck2017-01-231-3/+3
| | | | noticed and ok phessler@
* Switch spamd to nonblocking descriptors so we can count on getting abeck2017-01-231-2/+9
| | | | | short write when the socket buffers are full, instead of blocking. ok benno@ claudio@
* - spamd(8)'s -l accepts an IP address as argument to bind(2) and it callsmestre2017-01-171-11/+17
| | | | | | | | | | | | | | | | | inet_pton(3) to check if it's valid and since that function doesn't provide a proper errno (POSIX doesn't mandate to do so) then if a string is given we may get this message: spamd: inet_pton: Undefined error: 0 - Instead replace that code to use getaddrinfo(3) from which is possible to get a proper error message, and at the same time being able to parse IPs and hostnames (if either the IP or host is not local then the next bind(2) will fail) - By default without arguments, spamd(8) will still bind(2) to 127.0.0.1 as it did before With feedback from deraadt@ and OK beck@
* Check return value of tls_config_set_protocols(3) and bail out in case ofmestre2016-11-301-2/+3
| | | | | | failure Feedback and OK jsing@
* Remove redundant & when clearing hostname variable, as per otto@'s requestmestre2016-11-081-2/+2
|
* Replace bzero(3) with memset(3)mestre2016-11-071-2/+2
| | | | OK deraadt@
* must close our fd unconditionally and not just in the !TLS case; tls_closehenning2016-09-061-3/+3
| | | | | | | | | doesn't do that for us. found, analyzed and patch supplied by Martin Proyer <martin at proyer dot net>, many thanks! ok bcook funny since I just discussed a somewhat mysterious spamd-TLS issue with bob and brent over breakfast yesterday in cambridge - not sure it is this one, if it is I've been intensively digging in the wrong corner, almost "missing the obvious"
* Adjust existing tls_config_set_cipher() callers for TLS cipher groupjsing2016-07-131-2/+2
| | | | | | | changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release. Discussed with beck@
* tyopjca2016-05-171-2/+2
|
* Remove pledge(2)'s that are called before chroot(2) since in the near futuremestre2016-04-271-4/+1
| | | | | | | this will be forbidden. The remaining pledge(2) calls after chroot(2) are still kept. OK semarie@ "it is time now"
* per rfc, ehlo responses contain hostname, then options. from dyn+bsdtedu2016-04-101-2/+4
|
* - Both checks for pw are not needed since it was already done at the start ofmestre2016-03-251-7/+5
| | | | | | | | the program - Add error message to syslog if privdrop didn't succeed and then exit - Remove lint comments OK beck@ after his suggestion and also looks good to jca@
* - add a define for "_spamd" user like others OpenBSD daemons;gsoares2016-03-101-5/+14
| | | | | | | | - check for root privileges, otherwise exit early with an appropriate status code and a formatted string; - be more specific with chroot()/chdir() checks. OK beck@
* Remove NULL-checks before free(). ok tb@mmcc2015-12-121-5/+3
|
* tighten the pledge for spamd, from Ricardo Mestre <serial@helheim.mooo.com>beck2015-12-101-27/+36
| | | | | this loads the tls certificate files pre-pledge then does the bulk of the tls setup goo pledged.
* Initially pledge spamdbeck2015-12-081-12/+24
| | | | All the work done by Ricardo Mestre <serial@helheim.mooo.com> - Thanks.
* adjust to newer tls_read/_write semantics.henning2015-12-051-21/+53
| | | | | | | quite involved, due to tls_read potentially needing to write and tls_write potentially needing to read (in the reneg case); that not fitting the spamd model too well - it needs to keep a little more state. help & ok bluhm & beck
* in response to EHLO, don't offer STARTTLS if we already completed thehenning2015-12-021-2/+3
| | | | STARTTLS dance. ok millert
* I misread the standard when adding TLS; clients are supposed to start overhenning2015-12-021-2/+2
| | | | | | and issue a new EHLO after STARTTLS. The misunderstaning seems to be common, so we'll still grok MAIL FROM right after the STARTTLS dance, as well as accepting a second EHLO. ok phessler beck millert
* fix error messages to say tls_write after tls_write and not tls_read...henning2015-12-021-3/+4
| | | | with bluhm
* read, tls_read, and tls_write return ssize_tbeck2015-09-101-3/+3
| | | | jointly with jsing@
* fix after libtls api changesbeck2015-09-101-12/+17
| | | | ok jsing@
* Change spamd to use divert-to instead of rdr-to.reyk2015-05-181-12/+5
| | | | | | | | | | | | | | | | | | | | | divert-to has many advantages over rdr-to for proxies. For example, it is much easier to use, requires less code, does not depend on /dev/pf, works in-band without the asynchronous lookup (DIOCNATLOOK ioctl), saves us from additional port allocations by the rdr/NAT code, and even avoids potential collisions and race conditions that could theoretically happen with the lookup. Heads up: users will have to update their spamd PF rules from rdr-to to divert-to. spamd now also listens to 127.0.0.1 instead of "any" (0.0.0.0) by default which should be fine with most setups but has to be considered for some special configurations. Based on a diff is almost two years old but got delayed several times ... beck@: "now is the time to get it in" :) Tested by many With help from okan@ OK okan@ beck@ millert@
* Convert many atoi() calls to strtonum(), adding range checks and failurederaadt2015-04-181-18/+15
| | | | | handling along the way. Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert
* Use poll(2) instead of select(2). A pointer to the struct pollfdmillert2015-03-121-97/+103
| | | | | is embedded in each struct con so the descriptors can't get out of sync with the pfd[] array. OK deraadt@
* Set the TLS ciphers to "compat" mode, restoring the previous behaviour.jsing2015-02-221-2/+5
|
* Change TLS_PROTOCOLS_DEFAULT to be TLSv1.2 only. Add a TLS_PROTOCOLS_ALLjsing2015-02-121-1/+3
| | | | | | | | that includes all currently supported protocols (TLSv1.0, TLSv1.1 and TLSv1.2). Change all users of libtls to use TLS_PROTOCOLS_ALL so that they maintain existing behaviour. Discussed with tedu@ and reyk@.
* add STARTTLS support, using the shiny libtls.henning2015-02-071-12/+122
| | | | | | | | | | | | Rationale: when you publish DANE records for certificate pinning, you MUST offer TLS on the indicated service. Not offering TLS is verboten since that would re-open the door for a MitM. This is obviously fundamentally incompatible with having spamd in front of your mailservers - spamd kinda is a MitM here, but intentional and utterly valid. DANE is desirable because it allows one to not have to trust the broken SSL CA model, and, depending on the mode chosen, even show the SSL cert mafia the middle finger by not needing them at all. ok reyk jsing bob
* Replace <sys/param.h> with <limits.h> and other less dirty headers wherederaadt2015-01-161-8/+12
| | | | | | | | | possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
* Move debug printf for duplicate af to correct location.millert2015-01-131-7/+9
|
* Remove bogus getopt.h include.millert2015-01-131-2/+1
|
* Use address-family specific lists of addr/mask entries instead ofmillert2015-01-131-25/+86
| | | | | | | | a union that can store either ipv4 or ipv6. The old method used 4x as much memory as was really needed for ipv4. The spamd-setup protocol has changed from: tag;message;a/m;a/m;a/m...\n to :tag;message;af;count;a/m;a/m;a/m...[af;count;a/m;a/m;a/m]\n OK phessler@ "nice" beck@
* Use a 1MB realloc() increment instead of an 8KB one for the configmillert2014-12-301-24/+12
| | | | | | | connection buffer. Significantly speeds up spamd-setup for lage blacklists. Also free the buffer when we are done with it so memory can be returned to the system (as it can grow quite large). OK deraadt@
* Minor cleanup:millert2014-12-291-26/+10
| | | | | | | o doreply() just calls build_reply() o remove a few dead stores and useless variables o use the asprintf() return value OK deraadt@
* Delete a bunch of unnecessary #includesguenther2014-11-231-3/+2
| | | | | | Use <fcntl.h> instead of <sys/{file,fcntl}.h> ok krw@
* obvious reallocarray() conversionsderaadt2014-10-091-2/+2
|
* strdup() returns NULL if out of memory, we should check it.gsoares2014-03-261-1/+3
| | | | OK beck@
* repair format strings for time_t, and some missing protosderaadt2013-11-191-7/+15
| | | | ok beck phessler
* use warn() instead of perror(), like the rest of the code doesderaadt2012-06-191-7/+7
| | | | from Liam J. Foy
* rate-limit accept(); small tweaks and such along the way from gilles,deraadt2012-04-191-33/+72
| | | | millert, camield..
* merge some whitespace changes before bigger changesderaadt2012-04-181-4/+7
|
* Don't assume that the new conffd is a unset in the fd_set, it could be aderaadt2012-04-131-3/+2
| | | | | recyle of a fd which is still set. ok claudio
* drop connections to confused clients who do repeated command failures -beck2010-01-141-2/+10
| | | | | | | typically when a client just flings commands at us without looking for responses and then gets confused. ok jsing@
* KNFbeck2010-01-111-8/+8
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.