void smtp_tls_list_init(void) { if (*var_smtp_tls_policy) { tls_policy = maps_create(SMTP_X(TLS_POLICY), var_smtp_tls_policy, DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); if (*var_smtp_tls_per_site) msg_warn("%s ignored when %s is not empty.", SMTP_X(TLS_PER_SITE), SMTP_X(TLS_POLICY)); return; } if (*var_smtp_tls_per_site) { tls_per_site = maps_create(SMTP_X(TLS_PER_SITE), var_smtp_tls_per_site, DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); } }
void smtp_sasl_initialize(void) { /* * Sanity check. */ if (smtp_sasl_passwd_map || smtp_sasl_impl) msg_panic("smtp_sasl_initialize: repeated call"); if (*var_smtp_sasl_passwd == 0) msg_fatal("specify a password table via the `%s' configuration parameter", SMTP_X(SASL_PASSWD)); /* * Open the per-host password table and initialize the SASL library. Use * shared locks for reading, just in case someone updates the table. */ smtp_sasl_passwd_map = maps_create("smtp_sasl_passwd", var_smtp_sasl_passwd, DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); if ((smtp_sasl_impl = xsasl_client_init(var_smtp_sasl_type, var_smtp_sasl_path)) == 0) msg_fatal("SASL library initialization"); /* * Initialize optional supported mechanism matchlist */ if (*var_smtp_sasl_mechs) smtp_sasl_mechs = string_list_init(MATCH_FLAG_NONE, var_smtp_sasl_mechs); /* * Initialize the 535 SASL authentication failure cache. */ if (*var_smtp_sasl_auth_cache_name) { #ifdef HAVE_SASL_AUTH_CACHE smtp_sasl_auth_cache = smtp_sasl_auth_cache_init(var_smtp_sasl_auth_cache_name, var_smtp_sasl_auth_cache_time); #else msg_warn("not compiled with TLS support -- " "ignoring the %s setting", SMTP_X(SASL_AUTH_CACHE_NAME)); #endif } }
static void post_init(char *unused_name, char **unused_argv) { static const NAME_MASK lookup_masks[] = { SMTP_HOST_LOOKUP_DNS, SMTP_HOST_FLAG_DNS, SMTP_HOST_LOOKUP_NATIVE, SMTP_HOST_FLAG_NATIVE, 0, }; static const NAME_MASK dns_res_opt_masks[] = { SMTP_DNS_RES_OPT_DEFNAMES, RES_DEFNAMES, SMTP_DNS_RES_OPT_DNSRCH, RES_DNSRCH, 0, }; static const NAME_CODE dns_support[] = { SMTP_DNS_SUPPORT_DISABLED, SMTP_DNS_DISABLED, SMTP_DNS_SUPPORT_ENABLED, SMTP_DNS_ENABLED, #if (RES_USE_DNSSEC != 0) && (RES_USE_EDNS0 != 0) SMTP_DNS_SUPPORT_DNSSEC, SMTP_DNS_DNSSEC, #endif 0, SMTP_DNS_INVALID, }; if (*var_smtp_dns_support == 0) { /* Backwards compatible empty setting */ smtp_dns_support = var_disable_dns ? SMTP_DNS_DISABLED : SMTP_DNS_ENABLED; } else { smtp_dns_support = name_code(dns_support, NAME_CODE_FLAG_NONE, var_smtp_dns_support); if (smtp_dns_support == SMTP_DNS_INVALID) msg_fatal("invalid %s: \"%s\"", SMTP_X(DNS_SUPPORT), var_smtp_dns_support); var_disable_dns = (smtp_dns_support == SMTP_DNS_DISABLED); } /* * Select hostname lookup mechanisms. */ if (smtp_dns_support == SMTP_DNS_DISABLED) smtp_host_lookup_mask = SMTP_HOST_FLAG_NATIVE; else smtp_host_lookup_mask = name_mask(SMTP_X(HOST_LOOKUP), lookup_masks, var_smtp_host_lookup); if (msg_verbose) msg_info("host name lookup methods: %s", str_name_mask(SMTP_X(HOST_LOOKUP), lookup_masks, smtp_host_lookup_mask)); /* * Session cache instance. */ if (*var_smtp_cache_dest || var_smtp_cache_demand) #if 0 smtp_scache = scache_multi_create(); #else smtp_scache = scache_clnt_create(var_scache_service, var_scache_proto_tmout, var_ipc_idle_limit, var_ipc_ttl_limit); #endif /* * Select DNS query flags. */ smtp_dns_res_opt = name_mask(SMTP_X(DNS_RES_OPT), dns_res_opt_masks, var_smtp_dns_res_opt); }
static void pre_init(char *unused_name, char **unused_argv) { int use_tls; static const NAME_CODE addr_pref_map[] = { INET_PROTO_NAME_IPV6, SMTP_MISC_FLAG_PREF_IPV6, INET_PROTO_NAME_IPV4, SMTP_MISC_FLAG_PREF_IPV4, INET_PROTO_NAME_ANY, 0, 0, -1, }; /* * Turn on per-peer debugging. */ debug_peer_init(); /* * SASL initialization. */ if (var_smtp_sasl_enable) #ifdef USE_SASL_AUTH smtp_sasl_initialize(); #else msg_warn("%s is true, but SASL support is not compiled in", SMTP_X(SASL_ENABLE)); #endif if (*var_smtp_tls_level != 0) #ifdef USE_TLS switch (tls_level_lookup(var_smtp_tls_level)) { case TLS_LEV_SECURE: case TLS_LEV_VERIFY: case TLS_LEV_DANE_ONLY: case TLS_LEV_FPRINT: case TLS_LEV_ENCRYPT: var_smtp_use_tls = var_smtp_enforce_tls = 1; break; case TLS_LEV_DANE: case TLS_LEV_MAY: var_smtp_use_tls = 1; var_smtp_enforce_tls = 0; break; case TLS_LEV_NONE: var_smtp_use_tls = var_smtp_enforce_tls = 0; break; default: /* tls_level_lookup() logs no warning. */ /* session_tls_init() assumes that var_smtp_tls_level is sane. */ msg_fatal("Invalid TLS level \"%s\"", var_smtp_tls_level); } #endif use_tls = (var_smtp_use_tls || var_smtp_enforce_tls); /* * Initialize the TLS data before entering the chroot jail */ if (use_tls || var_smtp_tls_per_site[0] || var_smtp_tls_policy[0]) { #ifdef USE_TLS TLS_CLIENT_INIT_PROPS props; /* * We get stronger type safety and a cleaner interface by combining * the various parameters into a single tls_client_props structure. * * Large parameter lists are error-prone, so we emulate a language * feature that C does not have natively: named parameter lists. */ smtp_tls_ctx = TLS_CLIENT_INIT(&props, log_param = SMTP_X(TLS_LOGLEVEL), log_level = var_smtp_tls_loglevel, verifydepth = var_smtp_tls_scert_vd, cache_type = X_SMTP(TLS_MGR_SCACHE), cert_file = var_smtp_tls_cert_file, key_file = var_smtp_tls_key_file, dcert_file = var_smtp_tls_dcert_file, dkey_file = var_smtp_tls_dkey_file, eccert_file = var_smtp_tls_eccert_file, eckey_file = var_smtp_tls_eckey_file, CAfile = var_smtp_tls_CAfile, CApath = var_smtp_tls_CApath, mdalg = var_smtp_tls_fpt_dgst); smtp_tls_list_init(); #else msg_warn("TLS has been selected, but TLS support is not compiled in"); #endif } /* * Flush client. */ flush_init(); /* * Session cache domain list. */ if (*var_smtp_cache_dest) smtp_cache_dest = string_list_init(MATCH_FLAG_RETURN, var_smtp_cache_dest); /* * EHLO keyword filter. */ if (*var_smtp_ehlo_dis_maps) smtp_ehlo_dis_maps = maps_create(SMTP_X(EHLO_DIS_MAPS), var_smtp_ehlo_dis_maps, DICT_FLAG_LOCK); /* * PIX bug workarounds. */ if (*var_smtp_pix_bug_maps) smtp_pix_bug_maps = maps_create(SMTP_X(PIX_BUG_MAPS), var_smtp_pix_bug_maps, DICT_FLAG_LOCK); /* * Generic maps. */ if (*var_prop_extension) smtp_ext_prop_mask = ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension); if (*var_smtp_generic_maps) smtp_generic_maps = maps_create(SMTP_X(GENERIC_MAPS), var_smtp_generic_maps, DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); /* * Header/body checks. */ smtp_header_checks = hbc_header_checks_create( SMTP_X(HEAD_CHKS), var_smtp_head_chks, SMTP_X(MIME_CHKS), var_smtp_mime_chks, SMTP_X(NEST_CHKS), var_smtp_nest_chks, smtp_hbc_callbacks); smtp_body_checks = hbc_body_checks_create( SMTP_X(BODY_CHKS), var_smtp_body_chks, smtp_hbc_callbacks); /* * Server reply filter. */ if (*var_smtp_resp_filter) smtp_chat_resp_filter = dict_open(var_smtp_resp_filter, O_RDONLY, DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); /* * Address family preference. */ if (*var_smtp_addr_pref) { smtp_addr_pref = name_code(addr_pref_map, NAME_CODE_FLAG_NONE, var_smtp_addr_pref); if (smtp_addr_pref < 0) msg_fatal("bad %s value: %s", SMTP_X(ADDR_PREF), var_smtp_addr_pref); } }