View | Details | Raw Unified | Return to bug 256608
Collapse All | Expand All

(-)./dma/conf.c (-1 / +1 lines)
Lines 236-242 Link Here
236
		} else if (strcmp(word, "OPPORTUNISTIC_TLS") == 0 && data == NULL)
236
		} else if (strcmp(word, "OPPORTUNISTIC_TLS") == 0 && data == NULL)
237
			config.features |= TLS_OPP;
237
			config.features |= TLS_OPP;
238
		else if (strcmp(word, "SECURETRANSFER") == 0 && data == NULL)
238
		else if (strcmp(word, "SECURETRANSFER") == 0 && data == NULL)
239
			config.features |= SECURETRANS;
239
			config.features |= SECURETRANSFER;
240
		else if (strcmp(word, "DEFER") == 0 && data == NULL)
240
		else if (strcmp(word, "DEFER") == 0 && data == NULL)
241
			config.features |= DEFER;
241
			config.features |= DEFER;
242
		else if (strcmp(word, "INSECURE") == 0 && data == NULL)
242
		else if (strcmp(word, "INSECURE") == 0 && data == NULL)
(-)./dma/crypto.c (-4 / +6 lines)
Lines 46-53 Link Here
46
46
47
#include "dma.h"
47
#include "dma.h"
48
48
49
int verify_server_fingerprint(const X509 *cert);
50
51
static int
49
static int
52
init_cert_file(SSL_CTX *ctx, const char *path)
50
init_cert_file(SSL_CTX *ctx, const char *path)
53
{
51
{
Lines 80-86 Link Here
80
	return (0);
78
	return (0);
81
}
79
}
82
80
83
int
81
static int
84
verify_server_fingerprint(const X509 *cert)
82
verify_server_fingerprint(const X509 *cert)
85
{
83
{
86
	unsigned char fingerprint[EVP_MAX_MD_SIZE] = {0};
84
	unsigned char fingerprint[EVP_MAX_MD_SIZE] = {0};
Lines 145-151 Link Here
145
	/*
143
	/*
146
	 * If the user wants STARTTLS, we have to send EHLO here
144
	 * If the user wants STARTTLS, we have to send EHLO here
147
	 */
145
	 */
148
	if (((feature & SECURETRANS) != 0) &&
146
	if (((feature & SECURETRANSFER) != 0) &&
149
	     (feature & STARTTLS) != 0) {
147
	     (feature & STARTTLS) != 0) {
150
		/* TLS init phase, disable SSL_write */
148
		/* TLS init phase, disable SSL_write */
151
		config.features |= NOSSL;
149
		config.features |= NOSSL;
Lines 161-166 Link Here
161
					return (0);
159
					return (0);
162
				}
160
				}
163
			}
161
			}
162
		} else {
163
			syslog(LOG_ERR, "remote delivery deferred: could not perform server greeting: %s",
164
				neterr);
165
			return (1);
164
		}
166
		}
165
167
166
		/* End of TLS init phase, enable SSL_write/read */
168
		/* End of TLS init phase, enable SSL_write/read */
(-)./dma/dfcompat.c (-1 / +1 lines)
Lines 96-102 Link Here
96
	void *nptr;
96
	void *nptr;
97
97
98
	nptr = realloc(ptr, size);
98
	nptr = realloc(ptr, size);
99
	if (!nptr && ptr)
99
	if (!nptr && ptr && size != 0)
100
		free(ptr);
100
		free(ptr);
101
	return (nptr);
101
	return (nptr);
102
}
102
}
(-)./dma/dma.8 (-4 / +7 lines)
Lines 82-88 Link Here
82
.Pp
82
.Pp
83
All other
83
All other
84
.Ar mode Ns
84
.Ar mode Ns
85
s are are ignored.
85
s are ignored.
86
.It Fl D
86
.It Fl D
87
Don't run in the background.
87
Don't run in the background.
88
Useful for debugging.
88
Useful for debugging.
Lines 216-222 Link Here
216
Path to the
216
Path to the
217
.Sq auth.conf
217
.Sq auth.conf
218
file.
218
file.
219
.It Ic SECURETRANS Xo
219
.It Ic SECURETRANSFER Xo
220
(boolean, default=commented)
220
(boolean, default=commented)
221
.Xc
221
.Xc
222
Uncomment if you want TLS/SSL secured transfer.
222
Uncomment if you want TLS/SSL secured transfer.
Lines 225-232 Link Here
225
.Xc
225
.Xc
226
Uncomment if you want to use STARTTLS.
226
Uncomment if you want to use STARTTLS.
227
Only useful together with
227
Only useful together with
228
.Sq SECURETRANS .
228
.Sq SECURETRANSFER .
229
.It Ic FINGERPRINT Xo
229
.It Ic FINGERPRINT Xo
230
(string, default=empty)
231
.Xc
230
Pin the server certificate by specifying its SHA256 fingerprint.
232
Pin the server certificate by specifying its SHA256 fingerprint.
231
Only makes sense if you use a smarthost.
233
Only makes sense if you use a smarthost.
232
.It Ic OPPORTUNISTIC_TLS Xo
234
.It Ic OPPORTUNISTIC_TLS Xo
Lines 240-246 Link Here
240
be encrypted if the remote server supports STARTTLS, but an unencrypted
242
be encrypted if the remote server supports STARTTLS, but an unencrypted
241
delivery will still be made if the negotiation fails.
243
delivery will still be made if the negotiation fails.
242
Only useful together with
244
Only useful together with
243
.Sq SECURETRANS
245
.Sq SECURETRANSFER
244
and
246
and
245
.Sq STARTTLS .
247
.Sq STARTTLS .
246
.It Ic CERTFILE Xo
248
.It Ic CERTFILE Xo
Lines 314-319 Link Here
314
.Ql Sm off Va username @percolator .
316
.Ql Sm off Va username @percolator .
315
.Sm on
317
.Sm on
316
.It Ic NULLCLIENT Xo
318
.It Ic NULLCLIENT Xo
319
(boolean, default=commented)
317
.Xc
320
.Xc
318
Bypass aliases and local delivery, and instead forward all mails to
321
Bypass aliases and local delivery, and instead forward all mails to
319
the defined
322
the defined
(-)./dma/dma.c (-14 / +16 lines)
Lines 331-338 Link Here
331
331
332
	switch (error) {
332
	switch (error) {
333
	case 0:
333
	case 0:
334
		delqueue(it);
335
		syslog(LOG_INFO, "<%s> delivery successful", it->addr);
334
		syslog(LOG_INFO, "<%s> delivery successful", it->addr);
335
		delqueue(it);
336
		exit(EX_OK);
336
		exit(EX_OK);
337
337
338
	case 1:
338
	case 1:
Lines 422-430 Link Here
422
{
422
{
423
	struct sigaction act;
423
	struct sigaction act;
424
	char *sender = NULL;
424
	char *sender = NULL;
425
	char *own_name = NULL;
425
	struct queue queue;
426
	struct queue queue;
426
	int i, ch;
427
	int i, ch;
427
	int nodot = 0, showq = 0, queue_only = 0;
428
	int nodot = 0, showq = 0, queue_only = 0, newaliases = 0;
428
	int recp_from_header = 0;
429
	int recp_from_header = 0;
429
430
430
	set_username();
431
	set_username();
Lines 458-476 Link Here
458
	bzero(&queue, sizeof(queue));
459
	bzero(&queue, sizeof(queue));
459
	LIST_INIT(&queue.queue);
460
	LIST_INIT(&queue.queue);
460
461
461
	if (strcmp(basename(argv[0]), "mailq") == 0) {
462
	own_name = basename(argv[0]);
463
464
	if (strcmp(own_name, "mailq") == 0) {
462
		argv++; argc--;
465
		argv++; argc--;
463
		showq = 1;
466
		showq = 1;
464
		if (argc != 0)
467
		if (argc != 0)
465
			errx(EX_USAGE, "invalid arguments");
468
			errx(EX_USAGE, "invalid arguments");
466
		goto skipopts;
469
		goto skipopts;
467
	} else if (strcmp(argv[0], "newaliases") == 0) {
470
	} else if (strcmp(own_name, "newaliases") == 0) {
468
		logident_base = "dma";
471
		newaliases = 1;
469
		setlogident(NULL);
472
		goto skipopts;
470
471
		if (read_aliases() != 0)
472
			errx(EX_SOFTWARE, "could not parse aliases file `%s'", config.aliases);
473
		exit(EX_OK);
474
	}
473
	}
475
474
476
	opterr = 0;
475
	opterr = 0;
Lines 481-487 Link Here
481
			if (optarg[0] == 'c' || optarg[0] == 'm') {
480
			if (optarg[0] == 'c' || optarg[0] == 'm') {
482
				break;
481
				break;
483
			}
482
			}
484
			/* else FALLTRHOUGH */
483
			/* Else FALLTHROUGH */
485
		case 'b':
484
		case 'b':
486
			/* -bX is being ignored, except for -bp */
485
			/* -bX is being ignored, except for -bp */
487
			if (optarg[0] == 'p') {
486
			if (optarg[0] == 'p') {
Lines 491-497 Link Here
491
				queue_only = 1;
490
				queue_only = 1;
492
				break;
491
				break;
493
			}
492
			}
494
			/* else FALLTRHOUGH */
493
			/* Else FALLTHROUGH */
495
		case 'D':
494
		case 'D':
496
			daemonize = 0;
495
			daemonize = 0;
497
			break;
496
			break;
Lines 511-517 Link Here
511
			/* -oX is being ignored, except for -oi */
510
			/* -oX is being ignored, except for -oi */
512
			if (optarg[0] != 'i')
511
			if (optarg[0] != 'i')
513
				break;
512
				break;
514
			/* else FALLTRHOUGH */
513
			/* Else FALLTHROUGH */
515
		case 'O':
514
		case 'O':
516
			break;
515
			break;
517
		case 'i':
516
		case 'i':
Lines 545-551 Link Here
545
				doqueue = 1;
544
				doqueue = 1;
546
				break;
545
				break;
547
			}
546
			}
548
			/* FALLTHROUGH */
547
			/* Else FALLTHROUGH */
549
548
550
		default:
549
		default:
551
			fprintf(stderr, "invalid argument: `-%c'\n", optopt);
550
			fprintf(stderr, "invalid argument: `-%c'\n", optopt);
Lines 595-600 Link Here
595
594
596
	if (read_aliases() != 0)
595
	if (read_aliases() != 0)
597
		errlog(EX_SOFTWARE, "could not parse aliases file `%s'", config.aliases);
596
		errlog(EX_SOFTWARE, "could not parse aliases file `%s'", config.aliases);
597
598
	if (newaliases)
599
		return(0);
598
600
599
	if ((sender = set_from(&queue, sender)) == NULL)
601
	if ((sender = set_from(&queue, sender)) == NULL)
600
		errlog(EX_SOFTWARE, NULL);
602
		errlog(EX_SOFTWARE, NULL);
(-)./dma/dma.h (-1 / +2 lines)
Lines 63-69 Link Here
63
#define CON_TIMEOUT	(5*60)		/* Connection timeout per RFC5321 */
63
#define CON_TIMEOUT	(5*60)		/* Connection timeout per RFC5321 */
64
64
65
#define STARTTLS	0x002		/* StartTLS support */
65
#define STARTTLS	0x002		/* StartTLS support */
66
#define SECURETRANS	0x004		/* SSL/TLS in general */
66
#define SECURETRANSFER	0x004		/* SSL/TLS in general */
67
#define NOSSL		0x008		/* Do not use SSL */
67
#define NOSSL		0x008		/* Do not use SSL */
68
#define DEFER		0x010		/* Defer mails */
68
#define DEFER		0x010		/* Defer mails */
69
#define INSECURE	0x020		/* Allow plain login w/o encryption */
69
#define INSECURE	0x020		/* Allow plain login w/o encryption */
Lines 239-244 Link Here
239
239
240
/* util.c */
240
/* util.c */
241
const char *hostname(void);
241
const char *hostname(void);
242
const char *systemhostname(void);
242
void setlogident(const char *, ...) __attribute__((__format__ (__printf__, 1, 2)));
243
void setlogident(const char *, ...) __attribute__((__format__ (__printf__, 1, 2)));
243
void errlog(int, const char *, ...) __attribute__((__format__ (__printf__, 2, 3)));
244
void errlog(int, const char *, ...) __attribute__((__format__ (__printf__, 2, 3)));
244
void errlogx(int, const char *, ...) __attribute__((__format__ (__printf__, 2, 3)));
245
void errlogx(int, const char *, ...) __attribute__((__format__ (__printf__, 2, 3)));
(-)./dma/dns.c (-5 lines)
Lines 271-281 Link Here
271
271
272
	*he = hosts;
272
	*he = hosts;
273
	return (err);
273
	return (err);
274
275
	free(ans);
276
	if (hosts != NULL)
277
		free(hosts);
278
	return (err);
279
}
274
}
280
275
281
#if defined(TESTING)
276
#if defined(TESTING)
(-)./dma/local.c (-1 / +1 lines)
Lines 82-88 Link Here
82
		for (i = 3; i <= maxfd; ++i)
82
		for (i = 3; i <= maxfd; ++i)
83
			close(i);
83
			close(i);
84
84
85
		execl(LIBEXEC_PATH "/dma-mbox-create", "dma-mbox-create", name, NULL);
85
		execl(LIBEXEC_PATH "/dma-mbox-create", "dma-mbox-create", name, (char *)NULL);
86
		syslog(LOG_ERR, "cannot execute "LIBEXEC_PATH"/dma-mbox-create: %m");
86
		syslog(LOG_ERR, "cannot execute "LIBEXEC_PATH"/dma-mbox-create: %m");
87
		exit(EX_SOFTWARE);
87
		exit(EX_SOFTWARE);
88
88
(-)./dma/mail.c (-6 / +6 lines)
Lines 72-78 Link Here
72
	error = fprintf(bounceq.mailf,
72
	error = fprintf(bounceq.mailf,
73
		"Received: from MAILER-DAEMON\n"
73
		"Received: from MAILER-DAEMON\n"
74
		"\tid %s\n"
74
		"\tid %s\n"
75
		"\tby %s (%s);\n"
75
		"\tby %s (%s on %s);\n"
76
		"\t%s\n"
76
		"\t%s\n"
77
		"X-Original-To: <%s>\n"
77
		"X-Original-To: <%s>\n"
78
		"From: MAILER-DAEMON <>\n"
78
		"From: MAILER-DAEMON <>\n"
Lines 90-96 Link Here
90
		"%s\n"
90
		"%s\n"
91
		"\n",
91
		"\n",
92
		bounceq.id,
92
		bounceq.id,
93
		hostname(), VERSION,
93
		hostname(), VERSION, systemhostname(),
94
		rfc822date(),
94
		rfc822date(),
95
		it->addr,
95
		it->addr,
96
		it->sender,
96
		it->sender,
Lines 190-197 Link Here
190
		switch (*s) {
190
		switch (*s) {
191
		case ' ':
191
		case ' ':
192
		case '\t':
192
		case '\t':
193
			s++;
193
			ps->state = MAIN;
194
			/* continue */
195
			break;
194
			break;
196
195
197
		default:
196
		default:
Lines 200-205 Link Here
200
				goto newaddr;
199
				goto newaddr;
201
			return (0);
200
			return (0);
202
		}
201
		}
202
		break;
203
203
204
	case QUIT:
204
	case QUIT:
205
		return (0);
205
		return (0);
Lines 364-375 Link Here
364
		"Received: from %s (uid %d)\n"
364
		"Received: from %s (uid %d)\n"
365
		"\t(envelope-from %s)\n"
365
		"\t(envelope-from %s)\n"
366
		"\tid %s\n"
366
		"\tid %s\n"
367
		"\tby %s (%s);\n"
367
		"\tby %s (%s on %s);\n"
368
		"\t%s\n",
368
		"\t%s\n",
369
		username, useruid,
369
		username, useruid,
370
		queue->sender,
370
		queue->sender,
371
		queue->id,
371
		queue->id,
372
		hostname(), VERSION,
372
		hostname(), VERSION, systemhostname(),
373
		rfc822date());
373
		rfc822date());
374
	if ((ssize_t)error < 0)
374
	if ((ssize_t)error < 0)
375
		return (-1);
375
		return (-1);
(-)./dma/net.c (-6 / +6 lines)
Lines 95-101 Link Here
95
	strcat(cmd, "\r\n");
95
	strcat(cmd, "\r\n");
96
	len = strlen(cmd);
96
	len = strlen(cmd);
97
97
98
	if (((config.features & SECURETRANS) != 0) &&
98
	if (((config.features & SECURETRANSFER) != 0) &&
99
	    ((config.features & NOSSL) == 0)) {
99
	    ((config.features & NOSSL) == 0)) {
100
		while ((s = SSL_write(config.ssl, (const char*)cmd, len)) <= 0) {
100
		while ((s = SSL_write(config.ssl, (const char*)cmd, len)) <= 0) {
101
			s = SSL_get_error(config.ssl, s);
101
			s = SSL_get_error(config.ssl, s);
Lines 148-154 Link Here
148
			memmove(buff, buff + pos, len - pos);
148
			memmove(buff, buff + pos, len - pos);
149
			len -= pos;
149
			len -= pos;
150
			pos = 0;
150
			pos = 0;
151
			if (((config.features & SECURETRANS) != 0) &&
151
			if (((config.features & SECURETRANSFER) != 0) &&
152
			    (config.features & NOSSL) == 0) {
152
			    (config.features & NOSSL) == 0) {
153
				if ((rlen = SSL_read(config.ssl, buff + len, sizeof(buff) - len)) == -1) {
153
				if ((rlen = SSL_read(config.ssl, buff + len, sizeof(buff) - len)) == -1) {
154
					strlcpy(neterr, ssl_errstr(), sizeof(neterr));
154
					strlcpy(neterr, ssl_errstr(), sizeof(neterr));
Lines 271-277 Link Here
271
	// LOGIN
271
	// LOGIN
272
	if (features->auth.login) {
272
	if (features->auth.login) {
273
		if ((config.features & INSECURE) != 0 ||
273
		if ((config.features & INSECURE) != 0 ||
274
		    (config.features & SECURETRANS) != 0) {
274
		    (config.features & SECURETRANSFER) != 0) {
275
			/* Send AUTH command according to RFC 2554 */
275
			/* Send AUTH command according to RFC 2554 */
276
			send_remote_command(fd, "AUTH LOGIN");
276
			send_remote_command(fd, "AUTH LOGIN");
277
			if (read_remote(fd, 0, NULL) != 3) {
277
			if (read_remote(fd, 0, NULL) != 3) {
Lines 347-353 Link Here
347
close_connection(int fd)
347
close_connection(int fd)
348
{
348
{
349
	if (config.ssl != NULL) {
349
	if (config.ssl != NULL) {
350
		if (((config.features & SECURETRANS) != 0) &&
350
		if (((config.features & SECURETRANSFER) != 0) &&
351
		    ((config.features & NOSSL) == 0))
351
		    ((config.features & NOSSL) == 0))
352
			SSL_shutdown(config.ssl);
352
			SSL_shutdown(config.ssl);
353
		SSL_free(config.ssl);
353
		SSL_free(config.ssl);
Lines 497-503 Link Here
497
        } while (0)
497
        } while (0)
498
498
499
	/* Check first reply from remote host */
499
	/* Check first reply from remote host */
500
	if ((config.features & SECURETRANS) == 0 ||
500
	if ((config.features & SECURETRANSFER) == 0 ||
501
	    (config.features & STARTTLS) != 0) {
501
	    (config.features & STARTTLS) != 0) {
502
		config.features |= NOSSL;
502
		config.features |= NOSSL;
503
		READ_REMOTE_CHECK("connect", 2);
503
		READ_REMOTE_CHECK("connect", 2);
Lines 505-511 Link Here
505
		config.features &= ~NOSSL;
505
		config.features &= ~NOSSL;
506
	}
506
	}
507
507
508
	if ((config.features & SECURETRANS) != 0) {
508
	if ((config.features & SECURETRANSFER) != 0) {
509
		error = smtp_init_crypto(fd, config.features, &features);
509
		error = smtp_init_crypto(fd, config.features, &features);
510
		if (error == 0)
510
		if (error == 0)
511
			syslog(LOG_DEBUG, "SSL initialization successful");
511
			syslog(LOG_DEBUG, "SSL initialization successful");
(-)./dma/util.c (+19 lines)
Lines 99-104 Link Here
99
	}
99
	}
100
100
101
local:
101
local:
102
	snprintf(name, sizeof(name), "%s", systemhostname());
103
104
	initialized = 1;
105
	return (name);
106
}
107
108
const char *
109
systemhostname(void)
110
{
111
#ifndef HOST_NAME_MAX
112
#define HOST_NAME_MAX	255
113
#endif
114
	static char name[HOST_NAME_MAX+1];
115
	static int initialized = 0;
116
	char *s;
117
118
	if (initialized)
119
		return (name);
120
102
	if (gethostname(name, sizeof(name)) != 0)
121
	if (gethostname(name, sizeof(name)) != 0)
103
		*name = 0;
122
		*name = 0;
104
	/*
123
	/*

Return to bug 256608