| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this was actually way harder than assumed. turns out we need to issue
HELO after EHLO, in case EHLO is not supported. however qmail overwrites
the old reply as soon as we issue the next command. furthermore some
mail servers drop the connection after issueing a 5xx reply. we only
notice this after reading from the socket which usually happens on the
next smtp commmand.
so we need to run HELO to determine if the connection has been
dropped, however running HELO truncates the EHLO reply we want to show
in the bounce message. and we have TLS-required as possible variants.
so after EHLO fails..
* in TLS-required: show EHLO reponse in case EHLO code is non-success
* in non-TLS: copy EHLO response, issue HELO, show EHLO response in case
connection dies, otherwise show HELO response
|
| |
|
|
| |
This resulted in invalid mail encoding (bare LF, \r\n\n)
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
authentication...." message
|
| | |
|
| |
|
|
| |
additionally require TLSA RRs to be validated as well
|
| | |
|
| |
|
|
|
|
|
| |
- remove support for loading custom DH params from pem.
use opensslconf if really required
- remove support for loading custom ec group from params
- reimplement DANE support using openssl DANE functions
|
| |
|
|
| |
This reverts commit f2ef25deb1aa356d41cdd3f6e46d9a68c48bfce0.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds compatibility for OpenSSL 1.1
Since renegotiation is removed from TLS 1.3 we also removed support for
authentication via client certificates (control/tlsclients). In general
this is still supported by TLS 1.3 however I'm just lazy and we don't
need this feature anyway.
This also adds optional support for OpenSSL configuration commands for
qmail-smtpd and qmail-remote. Commands are loaded from control/opensslconf.
For a list of supported commands see
https://www.openssl.org/docs/man1.0.2/ssl/SSL_CONF_cmd.html#SUPPORTED-CONFIGURATION-FILE-COMMANDS
|
| | |
|
| | |
|
| |
|
|
|
| |
qmail-remote assumes host is not null terminated. IDN requires null termination
so subtract the trailing NULL after appending.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
libval returns VAL_DANE_NOERROR if domain is insecure and no TLSA RR
exists. we should stop all further dane handling in this case
|
| | |
|
| |
|
|
| |
When the TLS handshake fails, retry delivery with TLS disabled
|
| |
|
|
|
|
|
|
| |
After an SMTP connection attempt times out, qmail-remote records
the relevant IP address. If the same address fails again (after
at least two minutes with no intervening successful connections),
qmail-remote assumes that further attempts will fail for at least
another hour.
|
| |
|
|
|
|
|
|
| |
This patch changes qmail-remote to skip over MX servers that greet with
codes 400 to 499 and to bounce mail when any MX server that qmail tries
greets with a code 500 to 599.
see http://www-dt.e-technik.uni-dortmund.de/~ma/qmail/patch-qmail-1.03-rfc2821.diff
|
| |
|
|
|
|
|
|
| |
UltraDNS started blocking UDP-ANY queries so this is a problem.
This will disable domain canonicalization of the envelope address
of outgoing messages. This is as specified by RFC 1123 section 5.2.2.
However this requirement is obsolete and modern MTAs have disabled it
too.
|
| | |
|
| |
|
|
| |
qmail-1.03-qmtpc
|
| | |
|
| |
|
