search

snimmagadda / pop3d

POP3 Daemon with POP3S, STARTTLS extensions.
6 stars 4 forks source link

Implement configuration using OpenBSD's parse.y #9

Closed lukateras closed 7 years ago

lukateras commented 9 years ago

pop3d(8) definitely needs some sort of configuration. I'd like to implement it, but I'm not sure how will it look like. @snimmagadda, could you help me?

Probably something like:

listen on egress tls [certificate /etc/ssl/example.crt] [key /etc/ssl/example.key] [port 995]

mbox [from /var/mail/%u]
# or: maildir [from ~/maildir]

The first line seems to be fine, but I'm not sure what syntax to use for mbox/maildir.

snimmagadda commented 9 years ago

I never spent much time thinking of a configuration syntax as I felt command line args suffices for the few configuration options.

Feel free to refer to smtpd.conf(5) for some inspiration, something like... listen on ... serve maildir [from ~/maildir] serve mbox [ from /var/mail/%u]

lukateras commented 9 years ago

Defaults are fine for me, but some people don't want to run unsecured POP3, for instance. Or they want to provide custom certificate/key paths. Or maybe they want a custom port, or a custom interface to listen on.

Sure, I did look at smtpd.conf(5). I think I'll implement a parser that supports such configuration:

ext_if="egress"

listen on $ext_if port 1234 # custom port, 110 by default
listen on $ext_if tls certificate "/etc/ssl/yourdomain.crt" \
                      key "/etc/ssl/private/yourdomain.key" 

serve mbox from /var/mail/%u

I'd like to implement tls options like in httpd.conf(5). Unfortunately it doesn't make sense to use pki syntax like in smtpd.conf(5) because there is no way to know the hostname before TLS.

poolpOrg commented 9 years ago

Same applies for smtpd, it still makes sense if you intend to support SNI which people tend to expect nowadays. On May 24, 2015 7:12 AM, Yegor Timoschenko notifications@github.com wrote:Defaults are fine for me, but some people don't want to run unsecured POP3, for instance. Or they want to provide custom certificate/key paths. Or maybe they want a custom port, or a custom interface to listen on.

Sure, I did look at smtpd.conf(5). I think I'll implement a parser that supports such configuration:

ext_if="egress"

listen on $ext_if port 1234 # custom port, 110 by default listen on $ext_if tls certificate "/etc/ssl/yourdomain.crt" \ key "/etc/ssl/private/yourdomain.key"

serve mbox from /var/mail/%u

I'd like to implement tls options like in httpd.conf(5). Unfortunately it doesn't make sense to use pki syntax like in smtpd.conf(5) because there is no way to know the hostname before TLS.

—Reply to this email directly or view it on GitHub.

lukateras commented 9 years ago

SNI will do the trick, thanks! But I'd like to wait until libtls provides an API for that. It was already discussed with jsing@, I guess.

poolpOrg commented 9 years ago

On Sun, May 24, 2015 at 01:24:36AM -0700, Yegor Timoschenko wrote:

SNI will do the trick, thanks! But I'd like to wait until libtls provides an API for that. It was already discussed with jsing@, I guess.

There is a middle-term plan for switching smtpd to libtls so I'm also going to push for an API for that in it ;-)

Gilles Chehade

https://www.poolp.org @poolpOrg