From: Matthias Schmidt Date: Mon, 4 Feb 2008 10:11:41 +0000 (+0000) Subject: Add a new config option to dma(8). If a user wants to use plain text SMTP X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dfce7456eb76e2dd42b00638e97b8b43093cc8ac;p=people%2Fms%2Fdma.git Add a new config option to dma(8). If a user wants to use plain text SMTP login over an insecure connection, he has to set the INSECURE option in the config file. Otherwise plain text login is only available over encrypted connections. Discussed-with: corecode@ --- diff --git a/conf.c b/conf.c index 02a7ca9..47af9e5 100644 --- a/conf.c +++ b/conf.c @@ -32,7 +32,7 @@ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $DragonFly: src/libexec/dma/conf.c,v 1.1 2008/02/02 18:20:51 matthias Exp $ + * $DragonFly: src/libexec/dma/conf.c,v 1.2 2008/02/04 10:11:41 matthias Exp $ */ #include @@ -241,6 +241,8 @@ parse_conf(const char *config_path, struct config *config) config->features |= SECURETRANS; else if (strcmp(word, "DEFER") == 0) config->features |= DEFER; + else if (strcmp(word, "INSECURE") == 0) + config->features |= INSECURE; } } diff --git a/dma.8 b/dma.8 index 1fb168e..bdbc104 100644 --- a/dma.8 +++ b/dma.8 @@ -29,7 +29,7 @@ .\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $DragonFly: src/libexec/dma/dma.8,v 1.5 2008/02/04 08:58:54 matthias Exp $ +.\" $DragonFly: src/libexec/dma/dma.8,v 1.6 2008/02/04 10:11:41 matthias Exp $ .\" .Dd February 4, 2008 .Dt DMA 8 @@ -197,6 +197,14 @@ Only useful together with (string, default=empty) .Xc Path to your SSL certificate file. +.It Ic SECURE Xo +(boolean, default=commented) +.Xc +Change this entry to +.Sq INSECURE +to use plain text SMTP login over an insecure connection. +You have to rename this variable manually to prevent that you send your +password accidently over an insecure connection. .It Ic DEFER Xo (boolean, default=commented) .Xc diff --git a/dma.h b/dma.h index 42813b7..644e380 100644 --- a/dma.h +++ b/dma.h @@ -32,7 +32,7 @@ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $DragonFly: src/libexec/dma/dma.h,v 1.2 2008/02/03 11:06:17 matthias Exp $ + * $DragonFly: src/libexec/dma/dma.h,v 1.3 2008/02/04 10:11:41 matthias Exp $ */ #ifndef DMA_H @@ -63,6 +63,7 @@ #define SECURETRANS 0x4 /* SSL/TLS in general */ #define TLSINIT 0x8 /* Flag for TLS init phase */ #define DEFER 0x10 /* Defer mails */ +#define INSECURE 0x20 /* Allow plain login w/o encryption */ struct stritem { SLIST_ENTRY(stritem) next; diff --git a/net.c b/net.c index 7373aaa..dc2d5a4 100644 --- a/net.c +++ b/net.c @@ -32,7 +32,7 @@ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $DragonFly: src/libexec/dma/net.c,v 1.3 2008/02/04 08:58:54 matthias Exp $ + * $DragonFly: src/libexec/dma/net.c,v 1.4 2008/02/04 10:11:41 matthias Exp $ */ #include @@ -304,17 +304,28 @@ deliver_remote(struct qitem *it, const char **errmsg) } if (do_auth == 1) { - syslog(LOG_INFO, "%s: Use SMTP authentication", it->queueid); - error = smtp_login(it, fd, a->login, a->password); - if (error < 0) { - syslog(LOG_ERR, "%s: remote delivery failed:" - " SMTP login failed: %m", it->queueid); - return (-1); - } - /* SMTP login is not available, so try without */ - else if (error > 0) - syslog(LOG_ERR, "%s: SMTP login not available. Try without", + /* + * Check if the user wants plain text login without using + * encryption. + */ + if (((config->features & SECURETRANS) == 0) && + ((config->features & INSECURE) != 0)) { + syslog(LOG_INFO, "%s: Use SMTP authentication", it->queueid); + error = smtp_login(it, fd, a->login, a->password); + if (error < 0) { + syslog(LOG_ERR, "%s: remote delivery failed:" + " SMTP login failed: %m", it->queueid); + return (-1); + } + /* SMTP login is not available, so try without */ + else if (error > 0) + syslog(LOG_ERR, "%s: SMTP login not available." + " Try without", it->queueid); + } else { + syslog(LOG_ERR, "%s: Skip SMTP login. ", + it->queueid); + } } send_remote_command(fd, "MAIL FROM:<%s>", it->sender);