- 🛠 fixes a packaging issue causing asr.h to be installed in target system
- 🛠 fixes a possible crash in the MTA when establishing IPv6 connections
v6.7.0.p1May 13, 2020
🚀 SECURITY RELEASE
An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.
🚀 Following the 6.6.2p1 release, various improvements were done in OpenBSD -current to mitigate the risk of similar bugs.
🚀 This release back-ports them to the portable version of OpenSMTPD.
v6.6.2January 28, 2020
🚀 release synchronized to 6.6.1 bump in the OpenBSD tree.
🚀 Changes in this release (since 6.6.0p1)
🛠 This is a bugfix release. No new features were added.
- 🛠 Fixed crash on recipient expansion #968
- 🛠 Fixed broken build with LibreSSL #944
- 🛠 Fixed crash in
arc4randomcaused by differences in OpenSSL vs LibreSSL compatibility layer plumbing #958
- 🛠 Fixed issue where
from anyrules never matched by IPv6 sources #969
- 🛠 Fixed crash that happened during mail relay on musl distros #929
- 🛠 Fixed multiple compilation warnings
#965 #966 #967 #978 #977 #975
v6.6.0October 13, 2019
🚀 This release builds with LibreSSL > 3.0.2 or OpenSSL > 1.1.0.
✅ It's preferable to depend on LibreSSL as OpenSMTPD is written and tested with that dependency. In addition, the features parity is not respected, some features will not be available with OpenSSL, like ECDSA server-side 🚀 certificates support in this release. OpenSSL library is considered as a best effort target TLS library and provided as a commodity, LibreSSL has become our target TLS library.
🚀 Changes in this release (since 6.4.0):
- 📚 various improvements to documentation and code
- reverse dns session matching criteria added to smtpd.conf(5)
- 👍 regex table lookup support added to smtpd.conf(5)
- 👍 introduced support for ECDSA certificates with an ECDSA privsep engine
- introduced builtin filters for basic filtering of incoming sessions
- introduced option to deliver junk to a Junk folder in mail.maildir(8)
- 🛠 fixed the smtp(1) client so it uses correct default port for SMTPS
- 🛠 fixed an smtpd(8) crash on excessively large input
- ensured mail rejected by an LMTP server stay queued
- introduced a filters API to allow writing standalone filters for smtpd
- 👍 introduced proxy-v2 support allowing smtpd to operate behind a proxy