rather than a confusing set of flags.
ok gilles@
-/* $OpenBSD: mta.c,v 1.222 2018/08/22 10:11:43 eric Exp $ */
+/* $OpenBSD: mta.c,v 1.223 2018/09/08 10:05:07 eric Exp $ */
/*
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
}
memset(&relayh, 0, sizeof(relayh));
+ relayh.tls = RELAY_TLS_OPPORTUNISTIC;
if (smarthost && !text_to_relayhost(&relayh, smarthost)) {
log_warnx("warn: Failed to parse smarthost %s", smarthost);
m_create(p_queue, IMSG_MTA_DELIVERY_TEMPFAIL, 0, 0, -1);
key.flags |= RELAY_MX;
} else {
key.domain = mta_domain(e->dest.domain, 0);
- if (!(relayh->flags & RELAY_STARTTLS))
- key.flags |= RELAY_TLS_OPTIONAL;
}
+ key.tls = relayh->tls;
key.flags |= relayh->flags;
key.port = relayh->port;
key.authlabel = relayh->authlabel;
r = xcalloc(1, sizeof *r);
TAILQ_INIT(&r->tasks);
r->id = generate_uid();
+ r->tls = key.tls;
r->flags = key.flags;
r->domain = key.domain;
r->backupname = key.backupname ?
(void)strlcat(buf, tmp, sizeof buf);
}
- if (relay->flags & RELAY_STARTTLS) {
- (void)strlcat(buf, sep, sizeof buf);
- (void)strlcat(buf, "starttls", sizeof buf);
- }
-
- if (relay->flags & RELAY_SMTPS) {
- (void)strlcat(buf, sep, sizeof buf);
+ (void)strlcat(buf, sep, sizeof buf);
+ switch(relay->tls) {
+ case RELAY_TLS_OPPORTUNISTIC:
+ (void)strlcat(buf, "smtp", sizeof buf);
+ break;
+ case RELAY_TLS_STARTTLS:
+ (void)strlcat(buf, "smtp+tls", sizeof buf);
+ break;
+ case RELAY_TLS_SMTPS:
(void)strlcat(buf, "smtps", sizeof buf);
+ break;
+ case RELAY_TLS_NO:
+ if (relay->flags & RELAY_LMTP)
+ (void)strlcat(buf, "lmtp", sizeof buf);
+ else
+ (void)strlcat(buf, "smtp+notls", sizeof buf);
+ break;
+ default:
+ (void)strlcat(buf, "???", sizeof buf);
}
if (relay->flags & RELAY_AUTH) {
if (a->domain > b->domain)
return (1);
+ if (a->tls < b->tls)
+ return (-1);
+ if (a->tls > b->tls)
+ return (1);
+
if (a->flags < b->flags)
return (-1);
if (a->flags > b->flags)
-/* $OpenBSD: mta_session.c,v 1.109 2018/09/05 10:15:41 eric Exp $ */
+/* $OpenBSD: mta_session.c,v 1.110 2018/09/08 10:05:07 eric Exp $ */
/*
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
if (relay->flags & RELAY_LMTP)
s->flags |= MTA_LMTP;
- switch (relay->flags & (RELAY_SSL|RELAY_TLS_OPTIONAL)) {
- case RELAY_SSL:
- s->flags |= MTA_FORCE_ANYSSL;
- s->flags |= MTA_WANT_SECURE;
- break;
- case RELAY_SMTPS:
+ switch (relay->tls) {
+ case RELAY_TLS_SMTPS:
s->flags |= MTA_FORCE_SMTPS;
s->flags |= MTA_WANT_SECURE;
break;
- case RELAY_STARTTLS:
+ case RELAY_TLS_STARTTLS:
s->flags |= MTA_FORCE_TLS;
s->flags |= MTA_WANT_SECURE;
break;
- case RELAY_TLS_OPTIONAL:
+ case RELAY_TLS_OPPORTUNISTIC:
/* do not force anything, try tls then smtp */
break;
- default:
+ case RELAY_TLS_NO:
s->flags |= MTA_FORCE_PLAIN;
+ break;
+ default:
+ fatalx("bad value for relay->tls: %d", relay->tls);
}
if (relay->flags & RELAY_BACKUP)
-/* $OpenBSD: smtpd.h,v 1.558 2018/09/04 13:04:42 gilles Exp $ */
+/* $OpenBSD: smtpd.h,v 1.559 2018/09/08 10:05:07 eric Exp $ */
/*
* Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
#define F_RECEIVEDAUTH 0x800
#define F_MASQUERADE 0x1000
+#define RELAY_TLS_OPPORTUNISTIC 0
+#define RELAY_TLS_STARTTLS 1
+#define RELAY_TLS_SMTPS 2
+#define RELAY_TLS_NO 3
-#define RELAY_STARTTLS 0x01
-#define RELAY_SMTPS 0x02
-#define RELAY_TLS_OPTIONAL 0x04
-#define RELAY_SSL (RELAY_STARTTLS | RELAY_SMTPS)
#define RELAY_AUTH 0x08
#define RELAY_BACKUP 0x10
#define RELAY_MX 0x20
struct relayhost {
uint16_t flags;
+ int tls;
char hostname[HOST_NAME_MAX+1];
uint16_t port;
char authlabel[PATH_MAX];
struct dispatcher *dispatcher;
struct mta_domain *domain;
struct mta_limits *limits;
+ int tls;
int flags;
char *backupname;
int backuppref;
-/* $OpenBSD: to.c,v 1.32 2018/09/03 11:30:14 eric Exp $ */
+/* $OpenBSD: to.c,v 1.33 2018/09/08 10:05:07 eric Exp $ */
/*
* Copyright (c) 2009 Jacek Masiulaniec <jacekm@dobremiasto.net>
{
static const struct schema {
const char *name;
- uint16_t flags;
+ int tls;
+ uint16_t flags;
} schemas [] = {
/*
* new schemas should be *appended* otherwise the default
* schema index needs to be updated later in this function.
*/
- { "smtp://", RELAY_TLS_OPTIONAL },
- { "smtp+tls://", RELAY_STARTTLS },
- { "smtp+notls://", 0 },
- { "lmtp://", RELAY_LMTP },
- { "smtps://", RELAY_SMTPS }
+ { "smtp://", RELAY_TLS_OPPORTUNISTIC, 0 },
+ { "smtp+tls://", RELAY_TLS_STARTTLS, 0 },
+ { "smtp+notls://", RELAY_TLS_NO, 0 },
+ { "lmtp://", RELAY_TLS_NO, RELAY_LMTP },
+ { "smtps://", RELAY_TLS_SMTPS, 0 }
};
const char *errstr = NULL;
char *p, *q;
else
p = buffer + strlen(schemas[i].name);
+ relay->tls = schemas[i].tls;
relay->flags = schemas[i].flags;
/* need to specify an explicit port for LMTP */
return 0;
if (relay->authlabel[0]) {
/* disallow auth on non-tls scheme. */
- if (!(relay->flags & (RELAY_STARTTLS | RELAY_SMTPS)))
+ if (relay->tls != RELAY_TLS_STARTTLS &&
+ relay->tls != RELAY_TLS_SMTPS)
return 0;
relay->flags |= RELAY_AUTH;
}
projects / openbsd / commitdiff