Simon Schubert [Tue, 21 Jul 2009 23:21:44 +0000 (01:21 +0200)]
dma: don't block when trying to aquire a queue file
We might race with some other process, so it is imperative to treat a
locked file as a soft error instead of blocking on the file until the
other process unlocks it.
Simon Schubert [Mon, 20 Jul 2009 19:53:32 +0000 (21:53 +0200)]
dma: rewrite file management
Close files as early as possible, possibly re-open them later. This is
so that we avoid filedesc sharing problems completely and that we won't
run out of fdesc in case of a large queue.
Simon Schubert [Thu, 16 Jul 2009 11:43:28 +0000 (13:43 +0200)]
dma: treat encrypted connections as secure
Users have to set the INSECURE config option to allow dma to send
plaintext passwords on login. This commit allows dma to send plaintext
passwords through TLS connections even if the INSECURE config option is
not set.
The downside is that this allows a man-in-the-middle attack on the
password exchange. The only solution to this is checking the server
certificate, but we don't do that (yet).
Simon Schubert [Thu, 16 Jul 2009 09:54:44 +0000 (11:54 +0200)]
dma: correctly initialize error before delivering mail
error is used to return failure or success from deliver_remote(). However
error is also used before, so we have to make sure that it is initialized
to 0, else a previous (non-fatal) error could pull through, even if the
delivery was successful.
Simon Schubert [Thu, 9 Jul 2009 21:24:35 +0000 (23:24 +0200)]
dma: prevent races from sharing fd between children
On fork, fds are shared between children. If two processes work on
different recipients, but on the same queue file, they might get
confused when the fd (and thus the offset) is shared. Prevent this by
re-opening the queue file after fork.
Reported-by: Daniel Roethlisberger <daniel@roe.ch>
Simon Schubert [Thu, 9 Jul 2009 20:21:26 +0000 (22:21 +0200)]
dma: constify bounce reason and avoid strdup
We don't need to care about freeing the bounce reason string, because
bounce is only called once. Convert all bounce reason strings to
const char * and avoid calling strdup() on them. Dynamic strings from
asprintf() need some de-const massaging.
Simon Schubert [Thu, 9 Jul 2009 19:15:54 +0000 (21:15 +0200)]
dma: provide proper bounce error message
This may not be the best solution - the error message buffer has now
turned dynamic, but the only alternative I see is to make it a static
array in net.c... and I'm not quite sure if I want to do that just now.
Simon Schubert [Thu, 9 Jul 2009 12:37:16 +0000 (14:37 +0200)]
dma: lock temp files on creation
Lock the temporary files after creating them to protect from a "dma -q"
run at just the wrong time causing a double delivery attempt for
the same message.
Simon Schubert [Thu, 9 Jul 2009 12:37:15 +0000 (14:37 +0200)]
dma: treat a QUIT error as merely a warning
RFC 2821 only mandates that a QUIT error should abort an unfinished
transaction, and since we've reached this point, the DATA command has
succeeded and the message has been accepted for delivery by the remote
end. Thus, just warn about it.
Simon Schubert [Thu, 9 Jul 2009 12:37:15 +0000 (14:37 +0200)]
dma: properly log last remote status message
Store the last error or status message received from the remote server in
the neterr[] buffer and display it instead of the meaningless %m in
remote delivery syslog messages.
This reverts the .forward commit. I committed the code to early, there are some
bugs inside (queue handling broken and some security issues). I back this out
until we have more time to fix all the issues or rewrite some parts from scratch.
This brings dma back in a fully working state, only the .forward stuff is gone.
Tested-by: Daniel Roethlisberger <daniel@roe.ch> and me
Ok-to-back-out: corecode@
Commit the remainder of Max's dma work (with minor modifications).
See Max mail on kernel@ [1] for further details.
* Support of .forward files (Note: dma is now setuid root)
* Send multiple mails at once
* Fix some style(9) issues (mostly return())
Some style(9) issues are still in the code. I take care if I have some
spare time :) Please test!
Submitted-by: Max Lindner <gisanka@gmail.com> Sponsored-by: Google Summer of Code 2008
[1] http://leaf.dragonflybsd.org/mailarchive/kernel/2008-08/msg00045.html
Add CRAM-MD5 authentication support for the DragonFly Mail Agent. This is the
first piece of Max's work for the Google Summer of Code 2008. All other
new features will follow after evaluation/review :)
Besides the CRAM code there is new code within base64.c (BSD licensed and
from the University of Stockholm) and within crypto.c derived from RFC 2104.
Note: This code is tested and works. If you find a bug, please report back
to the bugs@ list.
Thanks a lot for the good work Max.
Submitted-by: Max Lindner <gisanka@googlemail.com> Sponsored-by: Google Summer of Code 2008
o Rename TLSINIT to NOSSL
o Rename read_remote_command to read_remote. Replace the remote read method
with code from femail.c written by Henning Brauer of OpenBSD and licensed
under a BSD license. Return the first figure of the return code and check
the appropriate values.
o Read the server greeting at first and send EHLO afterwards.
o Remove check_for_smtp_error(). It is included in read_remote().
This commit fixes some of the issues in issue953. More code to come.
Add a new config option to dma(8). If a user wants to use plain text SMTP
login over an insecure connection, he has to set the INSECURE option in
the config file. Otherwise plain text login is only available over encrypted
connections.
dma is a small Mail Transport Agent (MTA), designed for home and office
use. It accepts mails from locally installed Mail User Agents (MUA) and
delivers the mails either locally or to a remote destination. Remote
delivery includes several features like TLS/SSL support and SMTP authen-
tication (AUTH LOGIN only).
dma is not intended as a replacement for real, big MTAs like sendmail(8)
or postfix(8). Consequently, dma does not listen on port 25 for incoming
connections.
Current list of features:
- Local mail delivery with alias-support
- Remote mail delivery either direct or via a smarthost
- TLS/SSL and STARTTLS support for encrypted connections
- virtualusers (address rewriting) support
- SMTP authentication (currently only plain SMTP login)
- Sendmail compatible command line options
- IPv6 support