tangled
alpha
login
or
join now
jcs.org
/
openbsd-src
0
fork
atom
jcs's openbsd hax
openbsd
0
fork
atom
overview
issues
pulls
pipelines
openbsd-src
/
libexec
/
spamd
/
at
rk3128
10 files
Makefile
add STARTTLS support, using the shiny libtls. Rationale: when you publish DANE records for certificate pinning, you MUST offer TLS on the indicated service. Not offering TLS is verboten since that would re-open the door for a MitM. This is obviously fundamentally incompatible with having spamd in front of your mailservers - spamd kinda is a MitM here, but intentional and utterly valid. DANE is desirable because it allows one to not have to trust the broken SSL CA model, and, depending on the mode chosen, even show the SSL cert mafia the middle finger by not needing them at all. ok reyk jsing bob
11 years ago
gdcopy.c
I am retiring my old email address; replace it with my OpenBSD one.
7 years ago
grey.c
Delete obsolete /* ARGSUSED */ lint comments.
3 years ago
grey.h
Remove the use of time_t in the greylist db file and use int64_t instead with backwards compatibility for records with 32-bit times. OK deraadt@ beck@
12 years ago
sdl.c
spelling fixes; from paul tagliamonte
3 years ago
sdl.h
Make blacklist entries override the whitelist. When running spamd in greylisting mode, it is not uncommon for an IP to get whitelisted before it shows up on a spam blacklist. With this change, spamd will check its blacklists before adding a WHITE entry to the <spamd-white> pf table. If the IP matches a blacklist, the WHITE entry will be removed. OK phessler@
8 years ago
spamd.8
Ever since I introduced pledge(2) on spamd(8) the chroot'ed process, if running in default, cannot get anywhere near the filesystem since its only promises are "stdio inet". Furthermore, in blacklist mode this same codepath is not chroot'ed but once again it gets the same pledge(2).
6 years ago
spamd.c
If a fd satisfies both POLLIN and POLLOUT in the same cycle, but the POLLIN resulted in a file close, the POLLOUT runs incorrectly which matters in the TLS context which attempts to read after free. from James J. Lippard ok millert
6 days ago
sync.c
spamd: convert to opaque HMAC_CTX
4 years ago
sync.h
version 2 of spamd sync protocol for two reasons: 1) ip addresses were accidentally being sent in host-byte order, which caused compatibility problems (spotted by jbg) 2) the sub-headers in the frame were not natively aligned, thus timeout values were incorrectly sent by 64-bit machines ok beck
18 years ago
jcs.org