summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* qmail-remote: show EHLO response even after connection has been droppedHEADmastermanuel2026-01-191-23/+29
| | | | | | | | | | | | | | | | | | this was actually way harder than assumed. turns out we need to issue HELO after EHLO, in case EHLO is not supported. however qmail overwrites the old reply as soon as we issue the next command. furthermore some mail servers drop the connection after issueing a 5xx reply. we only notice this after reading from the socket which usually happens on the next smtp commmand. so we need to run HELO to determine if the connection has been dropped, however running HELO truncates the EHLO reply we want to show in the bounce message. and we have TLS-required as possible variants. so after EHLO fails.. * in TLS-required: show EHLO reponse in case EHLO code is non-success * in non-TLS: copy EHLO response, issue HELO, show EHLO response in case connection dies, otherwise show HELO response
* Fix utf8received failing to detect empty newlines (body starts)manuel2025-01-271-1/+4
| | | | This resulted in invalid mail encoding (bare LF, \r\n\n)
* Do not enable legacy TLS version any longermanuel2025-01-222-3/+0
|
* Fix `implicit declaration of function` in install-big/hiermanuel2024-11-285-34/+23
|
* smtp: add support for auth fail reason passed from dovecot authmanuel2024-11-281-6/+27
|
* Add support for "require TLS"-settingsmanuel2023-09-262-13/+56
|
* qmail-smtpd: code cleanupmanuel2023-09-251-4/+4
|
* qmail-smtpd: reduce security level to 0 on port 25manuel2023-08-171-2/+2
|
* qmail-smtpd: print tls error message on stderrmanuel2023-08-171-1/+5
|
* fix openssl compatibility with <3.0manuel2023-08-101-3/+5
|
* openssl: ignore unexpected EOF + only 1 session ticketmanuel2023-08-102-0/+6
|
* Disable TLS renegotiationmanuel2023-08-102-0/+4
|
* Get rid of useless "User and password not set, continuing withoutmanuel2023-08-101-4/+4
| | | | authentication...." message
* Use ASN1_STRING_...-functions where possiblemanuel2023-08-101-1/+1
|
* dnsmxip: sync validated outputmanuel2023-08-101-1/+1
|
* DANE: only enabled if MX lookup has been validatedmanuel2023-08-101-28/+23
| | | | additionally require TLSA RRs to be validated as well
* add support for querying DNSSEC ad (validated) flagmanuel2023-08-1010-37/+45
| | | | also migrate from deprecated resolver functions
* qmail-remote: disable QMTPmanuel2023-08-091-0/+2
|
* Make qmail openssl 3.0 compatiblemanuel2023-08-083-282/+130
| | | | | | | - remove support for loading custom DH params from pem. use opensslconf if really required - remove support for loading custom ec group from params - reimplement DANE support using openssl DANE functions
* dnstlsa: fix missing paranthesismanuel2023-08-081-4/+4
|
* dnstlsa: remove stdio.hmanuel2023-08-071-1/+0
|
* dnstlsa: remove commentmanuel2023-08-071-1/+1
|
* remove "shar"-supportmanuel2023-08-071-80/+0
|
* add dns_tlsa(...) and dnstlsa utilitymanuel2023-08-074-1/+156
|
* add NOSESSIONHEADER env variablemanuel2023-04-045-25/+26
|
* SMTP: add support for required TLSmanuel2022-05-191-0/+5
|
* Add support for an alternative (ECDSA) certificatemanuel2022-01-261-8/+19
|
* Require HELO/EHLO before MAILManuel Mausz2021-08-161-2/+5
|
* Add X-UD-Smtp-Session to qmail-injectmanuel2020-11-202-2/+53
|
* Add X-UD-Smtp-Session to unauthed smtp session aswellmanuel2020-11-205-20/+29
|
* Require TLS 1.2 or above for smtp auth/submissionmanuel2020-08-311-4/+3
|
* sendmail: remove -bs and -bpmanuel2020-08-251-3/+3
|
* Revert "Rewrite 554 smtp code for web.de/gmx.net/1&1 servers"manuel2020-06-021-17/+1
| | | | This reverts commit f2ef25deb1aa356d41cdd3f6e46d9a68c48bfce0.
* Make sure to limit max alloc sizemanuel2020-05-191-0/+5
| | | | see https://www.qualys.com/2020/05/19/cve-2005-1513/remote-code-execution-qmail.txt
* Rewrite 554 smtp code for web.de/gmx.net/1&1 serversmanuel2019-12-021-1/+17
|
* increase recipients limit to 300manuel2019-06-121-1/+1
|
* SMTP: limit max errors to 20manuel2019-06-111-24/+40
|
* max recipients: make error message more consistentmanuel2019-06-111-1/+1
|
* Add max recipients limitmanuel2019-06-111-1/+10
|
* Fix compile warnings...Manuel Mausz2019-06-1194-124/+200
|
* Only do deferrals in case qmail-remote does not spawnmanuel2019-05-281-1/+2
|
* Fix CVE-2011-1431manuel2019-04-101-1/+4
|
* Remove client certificate left oversmanuel2019-02-012-24/+0
|
* Disable TLS 1.0 only for smtp auth/submissionmanuel2018-12-261-4/+7
|
* Disable TLS 1.0manuel2018-12-041-1/+1
|
* plus addressing improvementsmanuel2018-10-152-23/+34
| | | | | * first `+` splits local part from sub-address * prioritize plus addressing over domain wildcards
* Enable PRIORITIZE_CHACHA per defaultmanuel2018-09-173-3/+6
|
* More OpenSSL 1.1 compatibilitymanuel2018-06-281-0/+4
|
* OpenSSL 1.1 compatibilityManuel Mausz2018-06-278-137/+125
| | | | | | | | | | | | | | This adds compatibility for OpenSSL 1.1 Since renegotiation is removed from TLS 1.3 we also removed support for authentication via client certificates (control/tlsclients). In general this is still supported by TLS 1.3 however I'm just lazy and we don't need this feature anyway. This also adds optional support for OpenSSL configuration commands for qmail-smtpd and qmail-remote. Commands are loaded from control/opensslconf. For a list of supported commands see https://www.openssl.org/docs/man1.0.2/ssl/SSL_CONF_cmd.html#SUPPORTED-CONFIGURATION-FILE-COMMANDS
* work around a libval bugmanuel2018-04-161-0/+3
|
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-03 17:55:15 +0000