- reup: Delete, because retrying AUTH has been broken ever since TLS was
added to authup.
- authup: Fix AUTH retries under TLS by inlining the retry logic.
- fixsmtpio: Fix process-management bugs in "Ensure STARTTLS resets all
state by restarting qmail-smtpd."
- Manual pages: considerably improve clarity of authup(8) and
fixsmtpio(8). Mention s6-ucspitlsd, a new UCSPI-TLS server
implementation coming soon to s6-networking.
Instead:
1. Package makefiles including their own options.mk
2. Packages say "SUBST_CLASSES+=djberrno" to get the hack, if needed
3. Packages adjust SUBST_FILES.djberrno, if needed
Should fix bulk build failures due to multiple inclusions of options.mk
and/or incorrect definitions of DJB_ERRNO_HACK.
Approved during the freeze by wiz@.
- Add qmail-qfilter-addtlsheader, a filter to add a Received header with
TLS protocol and ciphers.
- Fix spurious errors when initializing TLS environment.
authup. Changes:
- fixsmtpio: Set FIXSMTPIOTLS in the environment when TLS has been negotiated.
When upgrading, be sure to add _this_ entry to control/fixsmtpio:
# Remove greeting for child process restarted after upgrading to STARTTLS
FIXSMTPIOTLS:greeting::2*::
- fixsmtpio: Fix "out of memory" errors with big attachments by handling
DATA specially (no parsing or copying).
- FIXSMTPIODEBUG: log our pid and child's basename and pid.
- fixsmtpio: Ensure STARTTLS resets all state by restarting qmail-smtpd.
When upgrading, be sure to add this entry to control/fixsmtpio:
# Remove greeting for child process restarted after upgrading to STARTTLS
SSL_CIPHER:greeting::2*::
- NOFIXSMTPIO: new environment variable to perform no filtering.
- FIXSMTPIODEBUG: prefix program name to log messages.
- Compile as C99.
- Have die_nomem() log two levels of call stack.
- Have get_one() log one caller further.
- Avoid extern in declarations.
- Empty next_pile and free event when done.
- Use acceptutils' stralloc wrappers in tls_info().
- Don't call tls_info(): no point setting TLS connection environment
variables when our child has already forked.
- Add STARTTLS support to fixsmtpio(8), which needs to terminate TLS in
order to continue observing requests and responses and do its job.
- Restore missing trailing " ESMTP" in greeting.
- Fix all warnings in acceptutils code.
- Document FIXSMTPIODEBUG, UCSPITLS, and DISABLETLS.
- Implement SMTP "STARTTLS" and POP3 "STLS", relying on sslserver's UCSPI-TLS.
Derived from s/qmail's implementation.
- Catch up to s/qmail's base64 implementation.
- Implement POP3 "CAPA" verb for POP3.
- Require admin to describe child program in control/{pop3,smtp}capabilities.
- Fix regression from qmail-popup: sleep after auth failure for SMTP only.
- Update authup(8) manual page.
pkgsrc changes:
- Replace security/stunnel dependency with net/ucspi-ssl.
qmail. It avoids patch conflicts, adds new user-controlled features, and
is more consistent with qmail's design.
To SMTP-authenticate users without patching ofmipd(8) or qmail-smtpd(8),
compose the following programs into your configuration:
- reup runs a program repeatedly until it succeeds.
- authup offers SMTP or POP3 authentication and calls checkpassword.
- checknotroot refuses to run as UID 0.
- fixsmtpio filters SMTP I/O and exit status to suit authup.
