summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-01-02Ported to OpenBSDHEADmasterGenadijus Paleckis
* In particular use /dev/pf for transparent client lookups
2011-10-21Add new make file bits for freshmeat uploadStef Walter
2011-10-21Add upload-release make target, and start signing releasesStef Walter
2011-10-21Release version 1.101.10Stef Walter
2011-10-21proxsmtpd: [PATCH] Close extra file descriptors for filter commandKeith Owens
Short form: Passing extra file descriptors to the filter command can prevent it from detecting EOF or EPIPE. Result, dead filter commands that never terminate. Close everything except fd 0, 1, 2 before running the filter command. Long form: At the point that the filter command is forked and executed, proxsmtd may have multiple children with multiple pipes open. fork() bumps the reference count on all the file descriptors that are open at that moment. When the parent closes its part of the pipe, the pipe fd may or may not be removed from the system, depending on how many children have accidentally inherited that pipe. The child code closes fd 0, 1 and 2, calls dup2() to map the pipes to 0, 1 and 2 then runs. If another child has accidentally bumped the reference count on the pipes to this child then fd 0 can have multiple writers. This prevents the filter from detecting EOF or EPIPE when proxsmtpd closes the pipe to this particular child. This bug is particularly evident if the filter program does another fork and uses more pipes to communicate with its own child. awk does this as a matter of course. The result is a dangling filter command just sitting there waiting for input and not detecting that stdin has been closed. The dangling commands are owned by pid 1 rather than proxsmtpd. The only way to get rid of them is to manually kill them.
2011-09-16Test build.Stef Walter
2011-09-16workaround for race between waitpid(-1) and waitpid(pid)Keith Owens
Sometimes waitpid(-1) in cb_check_data reaps a child that has just terminated, before waitpid(pid) in wait_process can reap it. Linux waitpid(pid,,WNOHANG) may not return an error if the child has already terminated, which results in wait_process looping waiting for the child which has already terminated. The symptom is a spurious "timeout waiting for filter command to exit".
2011-01-23Release version 1.9Stef Walter
2011-01-23Better message when skipping processing.Stef Walter
2011-01-23Parse MAIL FROM and RCPT TO properly, and skip authenticated.Stef Walter
2011-01-23Reject early before recipient server gets the envelope.Stef Walter
2011-01-23Add client IP address to log line.Stef Walter
2011-01-23Don't force connections to come from same source port.Stef Walter
Also allow address reuse for connections in time wait state.
2011-01-23Bump up the limit of top number of max connections.Stef Walter
Used to be 1024, now is 10240
2011-01-23Fix TransparentProxy option to better reflect different types of proxy.Stef Walter
2011-01-23Add a default reject messageStef Walter
2011-01-23Fix compiler warnings.Stef Walter
2011-01-23Refactor how data skip is done.Stef Walter
2011-01-23Send the proper data end signature to server.Stef Walter
2011-01-23Add status to logs for rejection and skippingStef Walter
2011-01-23Allow skipping processing data for unauthenticated connections.Stef Walter
2011-01-23Track client authentication correctly.Stef Walter
2011-01-23Implement reject filter for messages.Stef Walter
2011-01-23Enable IP_TRANSPARENT on the main socket as well.Stef Walter
2011-01-23Fix the build on ubuntu 10.4Stef Walter
2011-01-23Fix problems with the build of IP_TRANSPARENT support.Stef Walter
2011-01-23Ignore tarballsStef Walter
2011-01-23Fix spelling mistakes in configure output.Stef Walter
2011-01-23Proper build and configure support for transparent proxyStef Walter
2011-01-23Transparent proxying without running as root.Stef Walter
Using linux capabilitiy CAP_NET_ADMIN
2011-01-23Initial implementation of true transparent proxying on linux.Stef Walter
2011-01-23Fix problem on linux not detecting netfilter header.Stef Walter
2011-01-23Fix compiler warnings on 64-bit.Stef Walter
2011-01-23Reorganize to better match git.Stef Walter
2008-06-301.8 releaseStef Walter
2008-05-27 - Make the XFOWARD HELO available as a environment variable in scripts. ↵Stef Walter
[Glenn Matthys]
2007-10-26Fix uninitialized pid variable.Stef Walter
2007-06-21Send an RSET to the server after filter fails some data.Stef Walter
2007-05-28Use 'Stef' instead of 'Nate'Stef Walter
2007-03-20 - Resolve any DNS name for each connection.Stef Walter
2007-03-20Fix version string.Stef Walter
2006-11-14Version 1.6Stef Walter
2006-11-14Add header option back into proxsmtpStef Walter
2006-10-12Ignore built filesStef Walter
2006-10-12Add strcasestr which is missing on solaris. Stef Walter
2006-10-12Move last commit properly into 1.6 pre-release.Stef Walter
2006-09-27 - On FreeBSD fix problem where stderr wasn't processed when filter Stef Walter
didn't read stdin.
2006-09-27Commit release version increment.Stef Walter
2006-08-30Bring in some changes from ClamSMTPStef Walter
2006-08-30 - Added support for setting the REMOTE variable when an XFORWARD Stef Walter
command is seen.