strict certificate validation. The "no-verify" becomes optional.
ok gilles@ millert@ semarie@
-/* $OpenBSD: mta.c,v 1.225 2018/09/19 05:31:12 eric Exp $ */
+/* $OpenBSD: mta.c,v 1.226 2018/09/24 16:14:34 eric Exp $ */
/*
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
return;
}
+ if (dispatcher->u.remote.tls_required) {
+ /* Reject relay if smtp+notls:// is requested */
+ if (relayh.tls == RELAY_TLS_NO) {
+ log_warnx("warn: TLS required for action \"%s\"",
+ evp->dispatcher);
+ m_create(p_queue, IMSG_MTA_DELIVERY_TEMPFAIL, 0, 0, -1);
+ m_add_evpid(p_queue, evp->id);
+ m_add_string(p_queue, "TLS required for relaying");
+ m_add_int(p_queue, ESC_OTHER_STATUS);
+ m_close(p_queue);
+ return;
+ }
+ /* Update smtp:// to smtp+tls:// */
+ if (relayh.tls == RELAY_TLS_OPPORTUNISTIC)
+ relayh.tls = RELAY_TLS_STARTTLS;
+ }
+
relay = mta_relay(evp, &relayh);
/* ignore if we don't know the limits yet */
if (relay->limits &&
if (!key.authlabel[0])
key.authlabel = NULL;
- if (dispatcher->u.remote.smarthost &&
+ if ((key.tls == RELAY_TLS_STARTTLS || key.tls == RELAY_TLS_SMTPS) &&
dispatcher->u.remote.tls_noverify == 0)
key.flags |= RELAY_TLS_VERIFY;
-/* $OpenBSD: parse.y,v 1.221 2018/09/07 07:35:31 miko Exp $ */
+/* $OpenBSD: parse.y,v 1.222 2018/09/24 16:14:34 eric Exp $ */
/*
* Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
dispatcher->u.remote.smarthost = strdup(t->t_name);
}
-| TLS NO_VERIFY {
- if (dispatcher->u.remote.smarthost == NULL) {
- yyerror("tls no-verify may not be specified without host on a dispatcher");
+| TLS {
+ if (dispatcher->u.remote.tls_required == 1) {
+ yyerror("tls already specified for this dispatcher");
YYERROR;
}
- if (dispatcher->u.remote.tls_noverify == 1) {
- yyerror("tls no-verify already specified for this dispatcher");
+ dispatcher->u.remote.tls_required = 1;
+}
+| TLS NO_VERIFY {
+ if (dispatcher->u.remote.tls_required == 1) {
+ yyerror("tls already specified for this dispatcher");
YYERROR;
}
+ dispatcher->u.remote.tls_required = 1;
dispatcher->u.remote.tls_noverify = 1;
}
| AUTH tables {
-.\" $OpenBSD: smtpd.conf.5,v 1.204 2018/09/10 12:42:17 jmc Exp $
+.\" $OpenBSD: smtpd.conf.5,v 1.205 2018/09/24 16:14:34 eric Exp $
.\"
.\" Copyright (c) 2008 Janne Johansson <jj@openbsd.org>
.\" Copyright (c) 2009 Jacek Masiulaniec <jacekm@dobremiasto.net>
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\"
-.Dd $Mdocdate: September 10 2018 $
+.Dd $Mdocdate: September 24 2018 $
.Dt SMTPD.CONF 5
.Os
.Sh NAME
.Dq smtps
protocols for authentication.
Server certificates for those protocols are verified by default.
-.It Cm tls no-verify
-Do not require a valid certificate for the specified host.
+.It Cm tls Op no-verify
+Require TLS to be used when relaying, using mandatory STARTTLS by default.
+When used with a smarthost, the protocol must not be
+.Dq smtp+notls:// .
+If
+.Op no-verify
+is specified, do not require a valid certificate.
.It Cm auth Pf < Ar table Ns >
Use the mapping
.Ar table
-/* $OpenBSD: smtpd.h,v 1.561 2018/09/19 05:31:12 eric Exp $ */
+/* $OpenBSD: smtpd.h,v 1.562 2018/09/24 16:14:34 eric Exp $ */
/*
* Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
char *smarthost;
char *auth;
+ int tls_required;
int tls_noverify;
int backup;
projects / openbsd / commitdiff