Add a new config option to dma(8). If a user wants to use plain text SMTP

login over an insecure connection, he has to set the INSECURE option in
the config file.  Otherwise plain text login is only available over encrypted
connections.

Discussed-with: corecode@

diff --git a/conf.c b/conf.c
index 02a7ca9f92d86a0d21bd8246183d8ff72d4e9971..47af9e5202a5719d742216fc2b0c542b520fda20 100644 (file)
--- a/conf.c
+++ b/conf.c
@@ -32,7 +32,7 @@
  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $DragonFly: src/libexec/dma/conf.c,v 1.1 2008/02/02 18:20:51 matthias Exp $
+ * $DragonFly: src/libexec/dma/conf.c,v 1.2 2008/02/04 10:11:41 matthias Exp $
  */
 
 #include <err.h>
@@ -241,6 +241,8 @@ parse_conf(const char *config_path, struct config *config)
                                config->features |= SECURETRANS;
                        else if (strcmp(word, "DEFER") == 0)
                                config->features |= DEFER;
+                       else if (strcmp(word, "INSECURE") == 0)
+                               config->features |= INSECURE;
                }
        }
 

diff --git a/dma.8 b/dma.8
index 1fb168e4f1009973ce38b587c95c7471a5fe994d..bdbc1047c00894d8772e1e31836bcc840d3076cc 100644 (file)
--- a/dma.8
+++ b/dma.8
@@ -29,7 +29,7 @@
 .\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $DragonFly: src/libexec/dma/dma.8,v 1.5 2008/02/04 08:58:54 matthias Exp $
+.\" $DragonFly: src/libexec/dma/dma.8,v 1.6 2008/02/04 10:11:41 matthias Exp $
 .\"
 .Dd February 4, 2008
 .Dt DMA 8
@@ -197,6 +197,14 @@ Only useful together with
 (string, default=empty)
 .Xc
 Path to your SSL certificate file.
+.It Ic SECURE Xo
+(boolean, default=commented)
+.Xc
+Change this entry to
+.Sq INSECURE
+to use plain text SMTP login over an insecure connection.
+You have to rename this variable manually to prevent that you send your
+password accidently over an insecure connection.
 .It Ic DEFER Xo
 (boolean, default=commented)
 .Xc

diff --git a/dma.h b/dma.h
index 42813b7d088a3c17aac592cf8f788529784f1bba..644e380bee01f56f82a8a12142dd4260fb3462d8 100644 (file)
--- a/dma.h
+++ b/dma.h
@@ -32,7 +32,7 @@
  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $DragonFly: src/libexec/dma/dma.h,v 1.2 2008/02/03 11:06:17 matthias Exp $
+ * $DragonFly: src/libexec/dma/dma.h,v 1.3 2008/02/04 10:11:41 matthias Exp $
  */
 
 #ifndef DMA_H
@@ -63,6 +63,7 @@
 #define SECURETRANS    0x4             /* SSL/TLS in general */
 #define TLSINIT                0x8             /* Flag for TLS init phase */
 #define DEFER          0x10            /* Defer mails */
+#define INSECURE       0x20            /* Allow plain login w/o encryption */
 
 struct stritem {
        SLIST_ENTRY(stritem) next;

diff --git a/net.c b/net.c
index 7373aaa40507af15d2929ac1494c1ab748dca031..dc2d5a40cc6c640fe282096b14d5990e7f49ea4b 100644 (file)
--- a/net.c
+++ b/net.c
@@ -32,7 +32,7 @@
  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $DragonFly: src/libexec/dma/net.c,v 1.3 2008/02/04 08:58:54 matthias Exp $
+ * $DragonFly: src/libexec/dma/net.c,v 1.4 2008/02/04 10:11:41 matthias Exp $
  */
 
 #include <sys/param.h>
@@ -304,17 +304,28 @@ deliver_remote(struct qitem *it, const char **errmsg)
        }
 
        if (do_auth == 1) {
-               syslog(LOG_INFO, "%s: Use SMTP authentication", it->queueid);
-               error = smtp_login(it, fd, a->login, a->password);
-               if (error < 0) {
-                       syslog(LOG_ERR, "%s: remote delivery failed:"
-                               " SMTP login failed: %m", it->queueid);
-                       return (-1);
-               }
-               /* SMTP login is not available, so try without */
-               else if (error > 0)
-                       syslog(LOG_ERR, "%s: SMTP login not available. Try without",
+               /*
+                * Check if the user wants plain text login without using
+                * encryption.
+                */
+               if (((config->features & SECURETRANS) == 0) &&
+                   ((config->features & INSECURE) != 0)) {
+                       syslog(LOG_INFO, "%s: Use SMTP authentication",
                                it->queueid);
+                       error = smtp_login(it, fd, a->login, a->password);
+                       if (error < 0) {
+                               syslog(LOG_ERR, "%s: remote delivery failed:"
+                                       " SMTP login failed: %m", it->queueid);
+                               return (-1);
+                       }
+                       /* SMTP login is not available, so try without */
+                       else if (error > 0)
+                               syslog(LOG_ERR, "%s: SMTP login not available."
+                                       " Try without", it->queueid);
+               } else {
+                       syslog(LOG_ERR, "%s: Skip SMTP login. ",
+                               it->queueid);
+               }
        }
 
        send_remote_command(fd, "MAIL FROM:<%s>", it->sender);