From: Jason McIntyre Subject: Re: smtpd document relay ca option To: tech@openbsd.org Date: Thu, 25 Jul 2024 15:01:37 +0100 On Thu, Jul 25, 2024 at 01:47:31PM +0200, Philipp wrote: > Hi > > I have noticed that the ca option for relay is not documented in the > action section of smtpd.conf(5). I have a patch for this. > hi. i think it was probably felt that the scenario was already covered by this text: ca caname cert cafile Associate the Certificate Authority (CA) certificate file cafile with ca entry caname. The ca entry can be referenced in listener rules and relay actions. however since we do list it for "listener rules" i guess we should be consistent either way, so i agree it makes sense to document it. i don;t actually like the terminology "listener rules" and "relay action" though. the rules are "listen on" and "action ... relay". so updated diff: - sort your text into the correct place - use "listen on" and "action ... relay" looking for smtpd dev yays or nays... jmc Index: smtpd.conf.5 =================================================================== RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v diff -u -p -r1.271 smtpd.conf.5 --- smtpd.conf.5 24 Mar 2024 06:22:18 -0000 1.271 +++ smtpd.conf.5 25 Jul 2024 13:55:53 -0000 @@ -230,6 +230,14 @@ with higher priority. Operate as a backup mail exchanger delivering messages to any mail exchanger with higher priority than mail exchanger identified as .Ar name . +.It Cm ca Ar caname +For secure connections, +use the certificate authority associated with +.Ar caname +(declared in a +.Ic ca +directive) +to validate the server's identity. .It Cm helo Ar heloname Advertise .Ar heloname @@ -366,7 +374,11 @@ Associate the Certificate Authority (CA) .Ar cafile with ca entry .Ar caname . -The ca entry can be referenced in listener rules and relay actions. +The ca entry can be referenced in +.Cm listen on +and +.Cm action ... relay +rules. .It Ic filter Ar chain-name Ic chain Brq Ar filter-name Op , Ar ... Register a chain of filters .Ar chain-name ,