Qsmtp changelog

New releases will be announced on the qsmtp-announce mailing list. You can subscribe by sending an empty mail to qsmtp-announce-subscribe@opensource.sf-tec.de.

A detailed changelog can be found when looking at the git log.

0.39 (released 2023-08-28) MD5 sum: e42d69d563482172cdff7095762f579f SHA256 sum: b0134266b2ff3d34ca6b36362a0689c6e55327d4f55e9536e1c5a08b6ac7b08a

• Qsmtpd: hide SSL error details from SMTP client
• Qsmtpd: allow the SSL key to be stored independent of the certificate
• Qsmtpd: allow an additional argument for checkpassword authentication
• Qsmtpd: fix filtering out invalid characters in SPF records on platforms where "char" is unsigned by default (e.g. ARM)
• Qsmtpd: fix truncated "Received" lines with newer gcc versions
• Qsmtpd: fix endless loop on SSL protocol level errors
• add dumpipbl tool to show the files written by addipbl

0.38 (released 2020-10-09) MD5 sum: 2d9b3414b7c10d192bbe2446bf24572d SHA256 sum: 47429277b1597b92d9c48a3fb5fc9454f5719e7d20fb12fb3dba4b91d2be4c28

• many portability fixes for BSD like systems
• Qremote: allow the SSL key to be stored independent of the certificate

0.37 (released 2020-01-06) MD5 sum: 80c41d5554c457a815f60d483ea695a4 SHA256 sum: 08ae026d2a1ae8aa76495b181f41a01a45431757d9e4e13db9725e12170b18f6

• implement NULL MX (RfC 7505)
• Qremote: add actual DANE support
• Qremote: try to get TLS certificate authentication working with TLSv1.3
• fix build errors on FreeBSD and MacOS

0.36 (released 2019-07-28) MD5 sum: 4be599a11fe314116e9e49985ce4a721 SHA256 sum: 44748dff872ed8d3fb04014ee396361a338a2668941fc32d703b00da8cb63b29

• SPF: properly handle multiple TXT records for a single domain

0.35 (released 2018-10-23) MD5 sum: ec39142780977f2f5566cc6532a8b73f SHA256 sum: eb5cd5c50b9f692f2449a75bda4c8350a33011c26c37425315d19f1b9fcbf1ec

• namebl and dnsbl filters now support !inherit
• improved compatibilty with OpenSSL 1.1
• fixed endless loop when unusual long (>510 byte) network replies should be send, can lead to DoS

0.34 (released 2016-08-13) MD5 sum: f19e78fa97710c8dca9cda6b67b71436 SHA256 sum: dd72eb4140cbb38903c84ef5f0d6c9dffeed63ccc15916ca118f88bfb6210ac2

• Qsmtpd: fix BDAT mode to work at all
• Qsmtpd: detect invalid AUTH types that begin with a supported string
• Qremote: do the TLSA DNS query before opening the SMTP socket to avoid SMTP timeouts if the DNS server does not respond

0.33 (released 2016-06-15) MD5 sum: bed2769f113c7e72ee2a33d1fbfbb717 SHA256 sum: 7f84997ac5e7f3d4fa0dfeeb4e4cf269daadbc7e7def281d5596456eb283652f

• Qsmtpd: fix eating remaining mail data after syntax error
• Qsmtpd: fix sequence confusion when check2822 errors are raised at mail end, i. e. mails without body
• Qsmtpd: check much earlier for too many recipients
• Qsmtpd: fix dnsbl filter never blocking any mails (broken since 0.29)

0.32 (released 2016-05-21) MD5 sum: 9b006d79f0746a392f8fdc435ac4137a

• Qsmtpd: fromdomain filter rejects "::" IPv6 address when "no localhost" setting is active
• Qsmtpd: fix completely broken rSPF implementation
• Qsmtpd: fix memleak if whitednsbl is used
• Qsmtpd: fix whitednsbl presence overriding any dnsbl match
• Qsmtpd: check free space in queue without requiring special permissions
• Qremote: add linebreak after "sender was rejected" message in bounce
• Qsurvey: fix domains with multiple mail servers

0.31 (released 2016-02-22) MD5 sum: 9d3a546314c1f7d7b84c9ba6531f7ce3

• Qsmtpd: fix stack corruption when additional arguments are given to MAIL FROM
• Qsmtpd: support magic entry !inherit in some configuration files (e.g. badmailfrom) to also include the parent file contents
• Qremote: require OpenSSL 1.0.2 for control/tlshosts/ functionality
• disable SSLv2 and SSLv3 support

0.30 (released 2015-12-26) MD5 sum: 7b4751a87c149acc85e384120b2138a7

• fixed several CMake issues
• Qsmtpd: enforce at least 2048 bit DH params

0.29 (released 2014-09-23) MD5 sum: 20a0d4b07ef9abdb4541d3c9b288cdc9

• support for openat() and friends is now mandatory
• usage of select() has been replaced by poll()
• Qsmtpd: expose less internal details about queue failures
• Qsmtpd: log the TLS cipher that was used when an email was received using STARTTLS
• Qsmtpd: write syntactically correct Received:-line even if authhide is set
• Qsmtpd: allow to select the TLS cert also by port
• Qsmtpd: fix wrong config scope being written to logfile on rejection for some filters
• Qsmtpd: fix SIZE check if free space in queue can't be read
• Qsmtpd: fix multi-recipient bounce detection if more than 2 recipients are given
• Qsmtpd: also detect ORCHID and IPv6 documentation net addresses as being invalid in fromdomain filter
• Qsmtpd: fix fromdomain filter not detecting if one MX entry is a loopback net and the other one is a private net
• Qsmtpd: fix possible buffer overrun with very short addresses and long TLDs in wildcardns filter
• Qsmtpd: fix leaking of MAIL FROM: identity memory and settings if multiple MAIL FROM: commands are seen
• Qsmtpd: update wildcardns filter example
• Qsmtpd: several fixes for SPF cornercases
• Qsmtpd: SSL clientcert authentication code should be working now
• Qremote: log the TLS cipher that was used when an email was sent using STARTTLS
• Qremote: better handling during errors, including syntax errors from the server, during connect and greeting phase
• Qremote: fix filtering out 127/8 and 0.0.0.0 as MX entries
• Qremote: detect if DANE DNS records are present and enforce STARTTLS in case they are (no DNSSEC or certificate validation yet)

0.28 (released 2014-06-07) MD5 sum: eb9dd313ba9c40d6f010ada099ea8a40

• Qsmtpd: fix IPv6 ipbl files being misread
• Qremote: fix crash when filtering out local IP addresses if an interface has no addresses at all
• Qsurvey: also log the remote servers SSL certificates
• several cleanups and improvements for SSL error cases
• fix several small leaks and other oddities spotted by Coverity scanner

0.27 (released 2014-02-16) MD5 sum: 7552275942c602586796e99809ebe670

• Qsmtpd: the spffriends files are no longer a list of host names, but ipbl format files
• Qsmtpd: authentication using TLS certificates now also looks at the common name field, allowing not only single users but also whole hosts to be authenticated for relaying
• Qsmtpd: TLS authentication code is now enabled
• Qsmtpd: fix and add some enhanced status codes
• Qsmtpd: add stricter checking in CRAM-MD5 authentication before passing the input to the backend
• Qremote: the file outgoingip6 may now hold an IP address used to bind to when sending mail via IPv6
• Qremote: prefer IPv6 addresses over IPv4 ones if both have the same MX priority
• Qsurvey: several improvements, e.g. IPv6 support and symlinking from domain names to IP address directories
• Qsurvey now depends on the availability of the openat() syscall
• much of the AUTH and userbackend has been refactored

0.26 (released 2013-12-19) MD5 sum: 2d668a92edf45873bd187b80076ea5aa

• Qsmtpd: fix inverted vpopbounce logic for .qmail-default files

0.25 (released 2013-12-18) MD5 sum: 577b9b85ee781578c1eb0505942c2db7

• Qremote: fix some bugs in MIME boundary detection
• Qremote: fix sending email to IP address
• Qremote: add support for control/smtproutes.d/
• Qremote: fix some smtproute cornercases
• Qremote: fix Base64 recoding not always honoring requested line length
• Qsmtpd: drop remaining support code for OpenSSL 0.9.6
• Qsmtpd: fix several memleaks
• Qsmtpd: fix wrong behavior (message not sent to network) if username or password in LOGIN authentication is empty
• Qsmtpd: fix double free on bounce message with multiple recipients
• Qsmtpd: disable the pfixpol code, it was only half implemented anyway
• Qsmtpd: fix address matching when sending to local IP address
• Qsmtpd: add missing enhanced status codes on "line too long" message
• Qsmtpd: allow usernames like "filterconf" if doing user existence checks in vpopmail directories
• Linux/Sparc is now a known good target platform.

0.24 (released 2013-11-03) MD5 sum: 3890db2fc298d541ead7746ebc8ebe21

• Qremote: allow control/smtproutes to point to localhost if a port different from 25 is used
• Qremote: better command pipelining
• Qremote: fix crash when all MX records point back to localhost (introduced in 0.23)
• Qsmtpd: authentication is required in submission mode (i.e. when run on port 587)
• Qsmtpd: improve check for usability of checkpassword helper
• Qsmtpd: reject unencoded 8 bit data in incoming Date, From, and Message-Id headers
• Qsmtpd: allow IP-specific SSL certificates
• Qsmtpd: ignore the client order of SSL ciphers if a preferred list is configured
• fix error handling in ssl_timeoutread()

0.23 (released 2012-12-23) MD5 sum: 33f8ca78b15c2f96dee88d69cc115ee7

• Qsmtpd will now act as a limited Message Submission Agent (see RfC 6409) when run on port 587, adding e.g. the Date: and Message-Id: header field if not present (instead of rejecting such mails as invalid)
• Qsmtpd: fix timezone printed in Date: and Received: line timestamps
• Qsmtpd: allow any modifier name in SPF and ignore them if unknown
• Qsmtpd: fix handling of too long input lines
• Qsmtpd: fix some errors in detecting incoming CR/LF errors
• Qremote: ignore addresses of the local machine when trying delivery via MX records
• fix some memleaks

0.22 (released 2012-03-26) MD5 sum: 7263af9c1fd14e76c9ba4c7455f64ae2

• Security: this release fixes the vulnerability described in CVE-2011-1431.
• Qremote: always accept multiline greeting (previously available as the "AOL" patch)
• Qremote: make pedantic behaviour regarding status codes configurable (the former "undefined_statuscodes" patch, now available as CMake option QREMOTE_PEDANTIC_STATUS_CODES)
• Qremote: fix crash if control/smtproutes has lines without colons
• Qremote: fix memleak when control/outgoingip is present
• Qsmtpd: fix missing hostname entry in Received: line if client has no reverse DNS
• Qsmtpd: enforce synchronisation points if client uses PIPELINING
• Qsmtpd: log the port of the SMTP client in the Received: line
• Qsmtpd: improve log message when user filter fails
• always terminate program if writing to network fails with ETIMEDOUT or ECONNRESET

0.21 (released 2011-09-19) MD5 sum: 0a648aab0c1ea875b2833c96ff2c137e

• Warning: the patches from the doc/patches/ subdirectory are accidentially already applied. So if you are used to apply them and this fails: this is not your fault. Everything is fine.
• if IPV4ONLY compile option is set the unpatched version of ucspi-tcp can be used
• when Qremote recodes a mail no comment will be added to the Content-Transfer-Encoding header, but an extra X-MIME-Autoconverted header is used
• fix a crash when the domain has "ptr" in the SPF entry but the connecting host has no validated hostnames.

0.20 (released 2011-06-13) MD5 sum: 8a207f4999ea0f98548201b24b33736c

• make SPF PTR work at all
• some fixes to SPF URL-encoding
• some fixes for SPF include: handling
• more minor SPF fixes
• fix IPv6 DNSBLs
• fix some cornercases were screwed mails with e.g. missing multipart boundaries need to be recoded by Qremote
• fix Received-SPF line not containing the remote HELO if it matched the DNS reverse lookup of the connecting server
• do not use EBADE errno code as that is not available on FreeBSD
• fix message size filter not returning an enhanced SMTP status code in the error message
• reorder message filters so that "whitelistauth" is checked before "nomail" so one can easily set up an environment where only authenticated users may send mail to one recipient
• remove the localpart length check (change was available as an addon patch until now)
• fix quoted-printable recoding not recoding the last character before a soft linebreak

0.19 (released 2011-01-24) MD5 sum: b0f1a4d4f4747f5ca518bca0916fc13b

• Fix crash on invalid SPF tokens introduced in 0.18

0.18 (released 2011-01-20) MD5 sum: 223965c91558146b53363061ff6c0fa9

• the SMTP logging of Qsmtpd can now also be controlled by setting an environment variable QSMTPD_DEBUG
• Qsmtpd has now uses the qmail-queue replacement from QMAILQUEUEAUTH environment if the user is authenticated
• setting the SMTP timeout on 64 bit system could lead to stack corruption
• memleak fixes in AUTH LOGIN
• AUTH LOGIN now works with usernames and passwords longer than 64 characters
• fixes in Qremote for mails with long header lines but without need for recoding in body
• email addresses with IPv6 literals were not handled correctly
• control files with trailing whitespace were not properly handled
• the MIME header handling was taking stuff after a ';' as comments because I misread RfC 822
• other minor MIME bugs fixed
• if Qremote lost the connection because of timeout or peer reset the entry in the reject mail and syslog were exchanged
• SPF-Received header now follows the form of RfC 4408
• many bugfixes all over the place in SPF code

0.17 (released 2010-10-18) MD5 sum: 8623906ec6f3630d98a931cc130cb96b

• Fix black- and whitelisting of IPv6 addresses and networks.
• Fix Qremote inserting too many dots when sending mail that has lines beginning with more than one dot
• Fix Qremote overwriting the Content-Transfer-Encoding of MIME parts that did not need to be recoded rendering these MIME parts unusable by the recipients.

0.16 (released 2010-09-10) MD5 sum: e2f1e3f22223f4af6ae41df41c77da1d

• Fix some crashes because of buffer overflows.

0.15 (released 2010-07-30) MD5 sum: ea476c814168c1292d5aa7bd3c3e3a17

• Fix a wrong function attribution that would allow gcc to do invalid optimizations that would lead to crashes.

0.14 (released 2010-07-28) MD5 sum: 12c53eaa3fb1a78e5a733d094970d593

• fix the use of an uninitialized variable when loading one-line configuration files (like control/me) causing all kinds of breakage
• the BUILD_DOC flag can be passed to CMake now to switch generation and installation of docs and man pages on and off (defaults to on)

Note: the version number in the tarball says "0.14svn". I will not change the tarball, but have fixed it in the tag in the repository. Just remove that "svn" from QSMTP_VERSION_EXTRAVERSION in the CMakeLists.txt

0.13 (released 2010-07-26) MD5 sum: 10f438c926ab25db1f4bbd5d528262eb

• Qsmtpd: rejecting mail with SMTP space bug is now a user policy
• Qsmtpd: fix SPF parser to not ignore the statement directly after an include:
• some improvements found by the new unit tests, like parsing errors in control files, base64 linebreak issues and so on
• several build fixes and CMake improvements

0.12 (released 2008-12-24) MD5 sum: becc1373333a31e634c44e92c7dbdd3b

• Qsmtpd: add the "nomail" filter
• Qsmtpd: make the AUTH types configurable at runtime

0.11 (released 2008-01-16) MD5 sum: 21cbc80dc67228553a6fea9365b8963b

• Fix SPF parser to work with gmail.com addresses
• Implent all compile time switches as CMake options
• Add patch to allow sending mails even if server returns undefined status codes

0.10 (released 2007-09-03) MD5 sum: 4479cac835c1b9042f7f16d297ef89ef

• move to CMake generated Makefiles
• Qremote: add support for wrapping long header lines
• Qsmtpd: fix 0 timeout if e.g. control/rcpthosts is not found
• Qsmtpd: allow nonexisting control/rcpthosts
• Qsmtpd: allow AUTH parameter in MAIL FROM command (requirement in RfC 2554)
• Qsmtpd: print remote IP when connection dies or times out
• Qsmtpd: lot of rework in CHUNKING code
• Qsmtpd and Qremote: CHUNKING support must be explicitely enabled at compile time
• Qremote: Fix multipart detection when sending mails with attachments
• Qremote: fix crash if connect() fails on all remote IP addresses
• Qremote: implement control/outgoingip
• Qsmtpd: introduce "noapos" filter to reject sender addresses containing apostrophs
• Qsmtpd: don't break transmission in DATA when client sends garbage
• Qsmtpd: send and receive fixes around CRLF sequences
• and the usual bunch of documentation and other small fixes

0.9 (released 2005-12-09) MD5 sum: 5b3666714af2617e1318c405bb0029ac

• Get rid of OWFATPATH in Makefile, use LDFLAGS to set path to libowfat.a
• Add patch to allow Outlook users to send mail even with this broken SMTP engine
• Fix handling of local mail addresses containing uppercase characters
• Fix bugs in MIME recoding

0.8 (released 2005-11-02) MD5 sum: 9c9903563ca8816fca60c4deab1eb06c

• Remove dependency on cdb.a from qmail or vpopmail: cdb_seek() reimplemented
• Small improvement in code building SMTP command line in Qremote
• Fix ordering of rcpt_filters to get better results on DNS problems

0.7 (released 2005-08-25) MD5 sum: e0659664f53065be56c40235285ffbe8

• Allow Qremote to recode a message to quoted-printable if next server does not support 8BITMIME
• Fix bug in control file handling leading to crashes if file contains comments
• Fix some SPF rejection messages to use correct SMTP status codes
• Fix bug if sending status messages to network that need to be folded (unlikely to be hit)
• CHUNKING support for Qsmtpd
• Add filter for DNS wildcards (the sitefinder thing)
• Don't return 2 different errors if vpopmail directory is not readable for qmaild user
• Allow recipients like <user@[192.0.2.4]>, IPv6 version is also supported
• Add libowfat connector module so you don't have to patch and rebuild libowfat
• Fix AUTH not being announced if vchkpw is mode 1711

0.6 (released 2005-06-26) MD5 sum: 3a4812837cd716b0329542513955aa78

• Fix crash caused by too short buffer for authentication log message
• Fix fcshell compilation
• Remove implicit dependency on qmail-remote-SIZE.diff, you now should get Qremote working with a plain qmail-1.03 installation
• Announce BODY=7BIT or BODY=8BITMIME to remote server in Qremote

0.5 (released 2005-04-18) MD5 sum: 3c32fe1623c2626b80a6fb88c42aea5e

• Fix debugging functions
• Fix SMTP AUTH always failing
• Use mmap() on message data in Qremote to get less overhead
• Accept server replys containing only the reply code
• Fix greeting handling in Qremote (patch is shipped that allows to send mails to AOL.com even with their broken mailer)
• Fix possible endless loop
• Fix crash if user with rspf file get's a bounce message

0.4 (released 2005-04-06) MD5 sum: 089a1ea513ac15dd1c68204ed12830fd

• Fix endless loop on program termination
• Fix deadlock in Qremote if remote server does not support PIPELINING
• Fix always getting "can't connect to any server" if domain is listed in control/smtproutes
• Add support for default route in control/smtproutes
• Add missing error message if too big message is rejected
• Fix Qremote sending LAST 2 times if using CHUNKING

0.3 (released 2005-04-02) MD5 sum: 3732d948af451f1fc406818508dfb1df

• Added Qremote.
• Fixed tons of bugs, including endless loops eating all CPU time, memleaks and other funny stuff.
• Added complete SPF engine.
• Many more features, cleanups etc.
• Made it working: I have some hosts really using it.

0.2 (released 2004-10-14) MD5 sum: d2c75780cdb173ca461469d1d3aefe99

• Fixed a bug in ask_dnsmx trying to access memory beyond the end of the list
• Fixed getsetting
• Fixed memory leak and bug in loading filterconf if only domain config exists.
• Added "make install"
• Fixed nobounce callback for cases where EHLO is the same as clients reverse lookup
• Fixed libowfat diff not to crash due to uninitialised variabled
• Added doc/INSTALL
• Added doc/vpopmail.diff
• Also reject my IP as helo if it is enclosed in []
• Don't filter on broken HELO per default, use per-user setting on this.
• Fix many other bugs.

0.1 (released 2004-10-13) MD5 sum: 7d7e2689305edc7bbe698fa315c39cde

Initial release. Basic features should work, including STARTTLS and AUTH.