happy new year 2019, a personal post

TL;DR: Way too many things happened in a six months timeframe. This post won't need a TL;DR as I'll keep it short. Generalized anxiety disorder and alexithymia. Late 2018, I’ve been diagnosed with generalized anxiety disorder and alexithymia a couple weeks apart. The anxiety disorder didn’t really come as a surprise as I know very well the traumatic experience that led to the disorder. It’ll still take a lot of hours of hypnosis to continue cleaning up trauma after trauma, but taking care of it and releasing some of the traumas has improved considerably my anxiety. [Read More]

OpenSMTPD now supports regex in match rules

TL;DR: regex table lookups were introduced for builtin filters. After a few weeks of working solely on filters, I wanted to work on something else. Using the same mechanism, all match criterias using tables can support regex. K_REGEX lookups The table mechanism is used within OpenSMTPD to perform all kinds of lookups. Recently, while working on builtin filters, I introduced the K_REGEX lookup type allowing tables to serve regex(3) patterns. [Read More]

more on OpenSMTPD filters

TL;DR: Not this time, pal/gal, I took hours writing this post, you'll take a few minutes reading it all. Oh, and merry X-mas :-* A bit of short-sighted history The filtering feature has been introduced only recently in OpenSMTPD, first presented on this blog a month ago. I had a working proof-of-concept running on my laptop and my plan was to start bringing the code to the OpenBSD tree, small chunks by small chunks, through a serie of diffs. [Read More]

OpenSMTPD proc filters & fc-rDNS

TL;DR: I *FINALFUCKINGLY* commited proc filters support allowing full filtering in OpenSMTPD. eric@ implemented fc-rDNS lookups. fc-rDNS fc-rDNS, or forward-confirmed reverse DNS, consists in performing a reverse DNS lookup to determine the hostname associated to an IP address… then performing a DNS lookup on that hostname to check if it resolves back to the IP address. On my request, eric@ implemented fc-rDNS lookups in our SMTP engine, causing OpenSMTPD to perform the double lookup upon clients connections. [Read More]

OpenSMTPD reporting update

TL;DR: The reporting mechanism has been described shortly in my previous article about both reporting and filters. Let's focus a bit more on the reporting bits this time. The format is improving further and has extended to outgoing trafic reporting. Reporting In previous article, I described the events reporting mechanism that has been introduced in the development branch of OpenSMTPD. To sum it up, you could now write an event processor as simple as a shell script reading its stdin on a loop: [Read More]

OpenSMTPD released and upcoming filters preview

TL;DR: Filters have been a (the most ?) long awaited feature in OpenSMTPD. I finally committed most of the filters code to OpenBSD. There is still a bit of work required but the trickiest parts are done. This article describes how filters are implemented and what to expect. OpenSMTPD 6.4.0 was released ! We have released OpenSMTPD 6.4.0 last week without filters. I won’t expand on the features in the 6. [Read More]

switching to OpenSMTPD new config

TL;DR: Switching to new config is not too hard and can be done in minutes. The new config is also a new queue that is not backwards compatible. The easiest way is to flush the mail queue before switching. We came up with a solution to help maintainers of more complex setups. Switching from old config to new config The new OpenSMTPD configuration grammar is slightly different from the current one, rules are no longer stated as single lines, but the conversion from previous ruleset to new ruleset isn’t that hard. [Read More]

OpenSMTPD new config

TL;DR: OpenBSD #p2k18 hackathon took place at Epitech in Nantes. I was organizing the hackathon but managed to make progress on OpenSMTPD. As mentionned at EuroBSDCon the one-line per rule config format was a design error. A new configuration grammar is almost ready and the underlying structures are simplified. Refactor removes ~750 lines of code and solves _many_ issues that were side-effects of the design error. New features are going to be unlocked thanks to this. [Read More]

Install OpenBSD on dedibox with full-disk encryption

TL;DR: I run several "dedibox" servers at online.net, all powered by OpenBSD. OpenBSD is not officially supported so you have to work-around. Running full-disk encrypted OpenBSD there is a piece of cake. As a bonus, my first steps within a brand new booted machine ;-) Step #0: choosing your server OpenBSD is not officially supported, I can’t guarantee that this will work for you on any kind of server online. [Read More]


TL;DR: deraadt@ thought it would be nice to have a spf fetch utility in base. Aaron Poffenberger wrote a shell-based `spf_fetch` utility. I wrote a C-based `spfwalk` utility that's `pledge()`-ed. The `spfwalk` utility got merged to `smtpctl`. What’s SPF in a few words SPF is the Sender Policy Framework, a standard to verify the domain name of an e-mail sender. Long story short, the SMTP protocol does not come with a way to authenticate a domain and, during an SMTP session, nothing really prevents a sender from pretending to come from any domain: [Read More]