OpenSMTPD is a FREE implementation of the SMTP protocol with some common extensions. It allows ordinary machines to exchange e-mails with systems speaking the SMTP protocol. It implements a fairly large part of RFC5321 and can already cover a large range of use-cases.

It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, Linux and macOS.

The archives are now available from the main site at www.OpenSMTPD.org

We would like to thank the OpenSMTPD community for their help in testing the snapshots, reporting bugs, contributing code and packaging for other systems.

Dependencies note:

This release builds with LibreSSL, or OpenSSL >= 1.1.

It's preferable to depend on LibreSSL as OpenSMTPD is written and tested with that dependency. OpenSSL library is considered as a best effort target TLS library and provided as a commodity, LibreSSL has become our target TLS library.

Changes in this release:

• Don't reject single character AUTH PLAIN passwords.
• Fix address family typo (PF_INET->PF_INET6).
• Various documentation improvements.
• Removed support for world-writable mail spools.
• Updated contrib mail.local and lockspool.
• Don't die if garbage is being sent on the local socket.

This release includes the OpenBSD errata 005 which fixes CVE-2025-62875.

Checksums:

SHA256 (opensmtpd-7.8.0p0.tar.gz) =
4034de2e92c61fa83eedadb1d8d8bdfe65e57eb50ce9679e0140950e34ca4ab7

Verify:

Starting with version 5.7.1, releases are signed with signify(1).

You can obtain the public key from our website, check with our community
that it has not been altered on its way to your machine.

$ wget https://www.opensmtpd.org/archives/opensmtpd-20181026.pub

Once you are confident the key is correct, you can verify the release as
described below:

1. download both release tarball and matching signature file to same directory:

    $ wget https://www.opensmtpd.org/archives/opensmtpd-7.8.0p0.sum.sig
    $ wget https://www.opensmtpd.org/archives/opensmtpd-7.8.0p0.tar.gz
   

2. use signify to verify that signature file is properly signed and that the
   checksum matches the release tarball you downloaded:

    $ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-7.8.0p0.sum.sig
    Signature Verified
    opensmtpd-7.8.0p0.tar.gz: OK
   

If you don't get an OK message, then something is not right and you should not install without first understanding why it failed.

Support:

You are encouraged to register to our general purpose mailing-list: http://www.opensmtpd.org/list.html

The "Official" IRC channel for the project is at:
#opensmtpd @ irc.libera.chat

Support us:

The project is maintained by volunteers, you can support us by:

• donating time to help test development branch during development cycle
• donating money to either one of the OpenBSD or OpenSMTPD project
• sponsoring developers through direct donations or patreon
• sponsoring developers through contracts to write features

Get in touch with us by e-mail or on IRC for more informations.

Reporting Bugs:

Please read http://www.opensmtpd.org/report.html
Security bugs should be reported directly to security@opensmtpd.org
Other bugs may be reported to bugs@opensmtpd.org

OpenSMTPD is a FREE implementation of the SMTP protocol with some common extensions. It allows ordinary machines to exchange e-mails with systems speaking the SMTP protocol. It implements a fairly large part of RFC5321 and can already cover a large range of use-cases.

It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, Linux and OSX.

The archives are now available from the main site at www.OpenSMTPD.org

We would like to thank the OpenSMTPD community for their help in testing the snapshots, reporting bugs, contributing code and packaging for other systems.

This is a major release with bug fixes and documentation improvements.

Dependencies note:

This release builds with LibreSSL, or OpenSSL >= 1.1.

It's preferable to depend on LibreSSL as OpenSMTPD is written and tested with that dependency. OpenSSL library is considered as a best effort target TLS library and provided as a commodity, LibreSSL has become our target TLS library.

Changes in this release:

• mail.lmtp: Correctly propagate LMTP permanent failures to smtpd.
• Fixed connect filter request documentation in smtpd-filters(7).
• Updated to new imsg APIs.

Checksums:

SHA256 (opensmtpd-7.7.0p0.tar.gz) =
b0953da1ce2cbfe4be139cdb19aa935fbfab42cf0a993d425b37a397dc483968

Verify:

Starting with version 5.7.1, releases are signed with signify(1).

You can obtain the public key from our website, check with our community
that it has not been altered on its way to your machine.

$ wget https://www.opensmtpd.org/archives/opensmtpd-20181026.pub

Once you are confident the key is correct, you can verify the release as
described below:

1. download both release tarball and matching signature file to same directory:

   $ wget https://www.opensmtpd.org/archives/opensmtpd-7.7.0p0.sum.sig
   $ wget https://www.opensmtpd.org/archives/opensmtpd-7.7.0p0.tar.gz
   

2. use signify to verify that signature file is properly signed and that the
   checksum matches the release tarball you downloaded:

   $ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-7.7.0p0.sum.sig
   Signature Verified
   opensmtpd-7.7.0p0.tar.gz: OK
   

If you don't get an OK message, then something is not right and you should not
install without first understanding why it failed.

Support:

You are encouraged to register to our general purpose mailing-list:
http://www.opensmtpd.org/list.html

The "Official" IRC channel for the project is at:
#opensmtpd @ irc.libera.chat

Support us:

The project is maintained by volunteers, you can support us by:

• donating time to help test development branch during development cycle
• donating money to either one of the OpenBSD or OpenSMTPD project
• sponsoring developers through direct donations or patreon
• sponsoring developers through contracts to write features

Get in touch with us by e-mail or on IRC for more informations.

Reporting Bugs:

Please read http://www.opensmtpd.org/report.html
Security bugs should be reported directly to security@opensmtpd.org
Other bugs may be reported to bugs@opensmtpd.org

OpenSMTPD is a FREE implementation of the SMTP protocol with some common extensions. It allows ordinary machines to exchange e-mails with systems speaking the SMTP protocol. It implements a fairly large part of RFC5321 and can already cover a large range of use-cases.

It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, Linux and OSX.

The archives are now available from the main site at www.OpenSMTPD.org

We would like to thank the OpenSMTPD community for their help in testing the snapshots, reporting bugs, contributing code and packaging for other systems.

This is a minor release.

Changes in this release:

• fixed distribution tarball (#1264) by @likle, thank you!
• added missing forward(5) documentation fix, noticed by Philipp Takacs, thank you!

If you're upgrading from 7.5 or earlier, please note the OpenSMTPD-extras has been deprecated and the tables need to be replaced with the new ones. See the OpenSMTPD-extras README.md for the notes on how to upgrade. No configuration changes are needed.

Checksums:

SHA256 (opensmtpd-7.6.0p1.tar.gz) = b27c806982a6653a2637f810ae7a45372b9a7ff99350ee1003746503ff0e4a97

Verify:

Starting with version 5.7.1, releases are signed with signify(1).

You can obtain the public key from our website, check with our community that it has not been altered on its way to your machine.

$ wget https://www.opensmtpd.org/archives/opensmtpd-20181026.pub

Once you are confident the key is correct, you can verify the release as described below:

1. download both release tarball and matching signature file to same directory:

   $ wget https://www.opensmtpd.org/archives/opensmtpd-7.6.0p1.sum.sig
   $ wget https://www.opensmtpd.org/archives/opensmtpd-7.6.0p1.tar.gz
   

2. use signify to verify that signature file is properly signed and that the checksum matches the release tarball you downloaded:

   $ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-7.6.0p1.sum.sig
   Signature Verified
   opensmtpd-7.6.0p1.tar.gz: OK
   

If you don't get an OK message, then something is not right and you should not install without first understanding why it failed.

Support:

You are encouraged to register to our general purpose mailing-list: http://www.opensmtpd.org/list.html

The "Official" IRC channel for the project is at: #opensmtpd @ irc.libera.chat

Support us:

The project is maintained by volunteers, you can support us by:

• donating time to help test development branch during development cycle
• donating money to either one of the OpenBSD or OpenSMTPD project
• sponsoring developers through direct donations or patreon
• sponsoring developers through contracts to write features

Get in touch with us by e-mail or on IRC for more informations.

Reporting Bugs:

Please read http://www.opensmtpd.org/report.html
Security bugs should be reported directly to security@opensmtpd.org
Other bugs may be reported to bugs@opensmtpd.org

OpenSMTPD is a FREE implementation of the SMTP protocol with some common extensions. It allows ordinary machines to exchange e-mails with systems speaking the SMTP protocol. It implements a fairly large part of RFC5321 and can already cover a large range of use-cases.

It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, Linux and OSX.

The archives are now available from the main site at www.OpenSMTPD.org

We would like to thank the OpenSMTPD community for their help in testing the snapshots, reporting bugs, contributing code and packaging for other systems.

This is a major release with multiple bug fixes and new features.

Dependencies note:

This release builds with LibreSSL, or OpenSSL >= 1.1.

It's preferable to depend on LibreSSL as OpenSMTPD is written and tested with that dependency. OpenSSL library is considered as a best effort target TLS library and provided as a commodity, LibreSSL has become our target TLS library.

Changes in this release:

• Introduced a new K_AUTH service to allow offloading the credentials to a proc table for non-crypt(3) authentication. Helps with use cases like LDAP or custom auth.

• Implement report responses for proc-filters too.

• Changed the table protocol to a simpler text-based one. Existing proc tables needs to be updated since old ones won't work. The new protocol is documented in smtpd-tables(7).

• Fixed the parsing of IPv6 addresses in file-backed table(5).

• Document expected MDA behavior and the environment set by OpenSMTPD.

• Set ORIGINAL_RECIPIENT in the environment of MDA scripts for compatibility with postfix.

• Updated the bundled libtls.

When upgrading from 7.5 or earlier release, please note the OpenSMTPD-extras has been deprecated and the tables need to be replaced with the new ones. See the OpenSMTPD-extras README.md for the notes on how to upgrade. No configuration changes are needed.

Checksums:

SHA256 (opensmtpd-7.6.0p0.tar.gz) = 4cc7f8caf0ba74a2932361e17dd03bd1c938178347a91c7f0c57a68a50623ce5

Verify:

Starting with version 5.7.1, releases are signed with signify(1).

You can obtain the public key from our website, check with our community that it has not been altered on its way to your machine.

$ wget https://www.opensmtpd.org/archives/opensmtpd-20181026.pub

Once you are confident the key is correct, you can verify the release as described below:

1. download both release tarball and matching signature file to same directory:

   $ wget https://www.opensmtpd.org/archives/opensmtpd-7.6.0p0.sum.sig
   $ wget https://www.opensmtpd.org/archives/opensmtpd-7.6.0p0.tar.gz
   

2. use signify to verify that signature file is properly signed and that the checksum matches the release tarball you downloaded:

   $ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-7.6.0p0.sum.sig
   Signature Verified
   opensmtpd-7.6.0p0.tar.gz: OK
   

If you don't get an OK message, then something is not right and you should not install without first understanding why it failed.

Support:

You are encouraged to register to our general purpose mailing-list: http://www.opensmtpd.org/list.html

The "Official" IRC channel for the project is at: #opensmtpd @ irc.libera.chat

Support us:

The project is maintained by volunteers, you can support us by:

• donating time to help test development branch during development cycle
• donating money to either one of the OpenBSD or OpenSMTPD project
• sponsoring developers through direct donations or patreon
• sponsoring developers through contracts to write features

Get in touch with us by e-mail or on IRC for more informations.

Reporting Bugs:

Please read http://www.opensmtpd.org/report.html
Security bugs should be reported directly to security@opensmtpd.org
Other bugs may be reported to bugs@opensmtpd.org

OpenSMTPD 7.5.0p0

OpenSMTPD is a FREE implementation of the SMTP protocol with some common extensions. It allows ordinary machines to exchange e-mails with systems speaking the SMTP protocol. It implements a fairly large part of RFC5321 and can already cover a large range of use-cases.

It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, Linux and OSX.

The archives are now available from the main site at www.OpenSMTPD.org

We would like to thank the OpenSMTPD community for their help in testing the snapshots, reporting bugs, contributing code and packaging for other systems.

This is a major release with multiple bug fixes and new features.

Dependencies note:

This release builds with LibreSSL, or OpenSSL >= 1.1.

It's preferable to depend on LibreSSL as OpenSMTPD is written and tested with that dependency. OpenSSL library is considered as a best effort target TLS library and provided as a commodity, LibreSSL has become our target TLS library.

Changes in this release:

• Added support for RFC 7505 "Null MX" handling and treat an MX of "localhost" as it were a "Null MX".
• Allow inline tables and filter listings in smtpd.conf(5) to span over multiple lines.
• Enabled DSN for the implicit socket too.
• Added the no-dsn option for listen on socket too.
• Reject headers that start with a space or a tab.
• Fixed parsing of the ORCPT parameter.
• Fixed table lookups of IPv6 addresses.
• Fixed handling of escape characters in To, From and Cc headers.
• Run LMTP deliveries as the recipient user again.
• Disallow custom commands and file reading in root's .forward file.
• Do not process other users .forward files when an alternate delivery user is provided in a dispatcher.
• Unify the table(5) parser used in smtpd(8) and makemap(8).
• Allow to use table(5) mappings on various match constraints.

Portability fixes:

• re-add ASR_IPV4_BEFORE_IPV6 compile-time knob to prefer connecting to IPv6 instead of IPv4.
• update asr(3) and imsg with OpenBSD.
• fixed rpath handling on NetBSD in the configure.

Checksums:

SHA256 (opensmtpd-7.5.0p0.tar.gz) = 84f5c1393c0c1becc72ceea971e0abd7075b2ca7e4e1f8909b83edfd8de0c39c

Verify:

Starting with version 5.7.1, releases are signed with signify(1).

You can obtain the public key from our website, check with our community that it has not been altered on its way to your machine.

$ wget https://www.opensmtpd.org/archives/opensmtpd-20181026.pub

Once you are confident the key is correct, you can verify the release as described below:

1. download both release tarball and matching signature file to same directory:

   $ wget https://www.opensmtpd.org/archives/opensmtpd-7.5.0p0.sum.sig
   $ wget https://www.opensmtpd.org/archives/opensmtpd-7.5.0p0.tar.gz
   

2. use signify to verify that signature file is properly signed and that the checksum matches the release tarball you downloaded:

   $ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-7.5.0p0.sum.sig
   Signature Verified
   opensmtpd-7.5.0p0.tar.gz: OK
   

If you don't get an OK message, then something is not right and you should not install without first understanding why it failed.

Support:

You are encouraged to register to our general purpose mailing-list: http://www.opensmtpd.org/list.html

The "Official" IRC channel for the project is at: #opensmtpd @ irc.libera.chat

Support us:

The project is maintained by volunteers, you can support us by:

• donating time to help test development branch during development cycle
• donating money to either one of the OpenBSD or OpenSMTPD project
• sponsoring developers through direct donations or patreon
• sponsoring developers through contracts to write features

Get in touch with us by e-mail or on IRC for more informations.

Reporting Bugs:

Please read http://www.opensmtpd.org/report.html
Security bugs should be reported directly to security@opensmtpd.org
Other bugs may be reported to bugs@opensmtpd.org

Changelog:

• run LMTP deliveires as the recipient user (again).
• do not execute commands from root's .forward file, nor allow expanding.
• when an alternate delivery user is provided for a dispatcher, skip other users forward files.
• reject invalid headers that start with blanks.
• relax ORCPT syntax validation.
• use smtpd' table parser in makemap(8) too.
• fix and improve the table(5) file format documentation.
• fixed handling of escaping inside quotes in From, To and Cc headers.
• fix table lookups of IPv6 address.
• allow to use a key-pair table on various match constraints where only list tables were previously allowed.
• allow inline tables and filter to span over multiple lines.
• enable DSN (Delivery Status Notification) for the implicit socket too.
• add the no-dsn option to listen on socket too.

OpenSMTPD-portable specific changes:

• re-add ASR_IPV4_BEFORE_IPV6 compile-time knob to prefer connecting to IPv6 instead of IPv4.
• update asr_run(3) and imsg with OpenBSD.
• configure: readd -R usage on NetBSD, mistakenly dropped in previous release.

OpenSMTPD is a FREE implementation of the SMTP protocol with some common extensions. It allows ordinary machines to exchange e-mails with systems speaking the SMTP protocol. It implements a fairly large part of RFC5321 and can already cover a large range of use-cases.

It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, Linux and OSX.

The archives are now available from the main site at www.OpenSMTPD.org

We would like to thank the OpenSMTPD community for their help in testing the snapshots, reporting bugs, contributing code and packaging for other systems.

This is a minor release with multiple bug fixes.

Dependencies note:

This release builds with LibreSSL, or OpenSSL >= 1.1.

It's preferable to depend on LibreSSL as OpenSMTPD is written and tested with that dependency. OpenSSL library is considered as a best effort target TLS library and provided as a commodity, LibreSSL has become our target TLS library.

Changes in this release:

• Fixed potential crash with LibreSSL versions prior 3.8 due to
  arc4random_buf() symbol clash.

• Fixed manpage install path; reintroduced --with-mantype

• Fixed typo in the configure help string: it's --without-libbsd

• Fixed a couple of issues on MacOS:

  • Fixed typo that resulted in the re-declaration of strlcpy() and strlcat()
  • Cast suseconds_t to long for *printf
  • Fixed res_hnok() and b64_{pton,ntop}() discovery

Checksums:

SHA256 (opensmtpd-7.4.0p1.tar.gz) = 9e82a2ec9419e181d4ca27d8e3ebe5d129fded5ba84022ff4d11a73f8edb70b5

Verify:

Starting with version 5.7.1, releases are signed with signify(1).

You can obtain the public key from our website, check with our community that it has not been altered on its way to your machine.

$ wget https://www.opensmtpd.org/archives/opensmtpd-20181026.pub

Once you are confident the key is correct, you can verify the release as described below:

1. download both release tarball and matching signature file to same directory:

$ wget https://www.opensmtpd.org/archives/opensmtpd-7.4.0p1.sum.sig
$ wget https://www.opensmtpd.org/archives/opensmtpd-7.4.0p1.tar.gz

2. use signify to verify that signature file is properly signed and that the checksum matches the release tarball you downloaded:

$ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-7.4.0p1.sum.sig
Signature Verified
opensmtpd-7.4.0p1.tar.gz: OK

If you don't get an OK message, then something is not right and you should not install without first understanding why it failed.

Support:

You are encouraged to register to our general purpose mailing-list: http://www.opensmtpd.org/list.html

The "Official" IRC channel for the project is at: #opensmtpd @ irc.libera.chat

Support us:

The project is maintained by volunteers, you can support us by:

• donating time to help test development branch during development cycle
• donating money to either one of the OpenBSD or OpenSMTPD project
• sponsoring developers through direct donations or patreon
• sponsoring developers through contracts to write features

Get in touch with us by e-mail or on IRC for more informations.

Reporting Bugs:

Please read http://www.opensmtpd.org/report.html
Security bugs should be reported directly to security@opensmtpd.org
Other bugs may be reported to bugs@opensmtpd.org

OpenSMTPD is a FREE implementation of the SMTP protocol with some common extensions. It allows ordinary machines to exchange e-mails with systems speaking the SMTP protocol. It implements a fairly large part of RFC5321 and can already cover a large range of use-cases.

It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, Linux and OSX.

The archives are now available from the main site at www.OpenSMTPD.org

We would like to thank the OpenSMTPD community for their help in testing the snapshots, reporting bugs, contributing code and packaging for other systems.

This is a major release with multiple bug fixes.

Dependencies note:

This release builds with LibreSSL, or OpenSSL >= 1.1 optionally with LibreTLS.

It's preferable to depend on LibreSSL as OpenSMTPD is written and tested with that dependency. OpenSSL library is considered as a best effort target TLS library and provided as a commodity, LibreSSL has become our target TLS library.

Changes in this release:

• Avoid truncation of filtered data lines.
  Lines in the email body passed through a filter were truncated to
  roughly LINE_MAX bytes.

• Allow arguments on NOOP.

• Swap link-auth filter arguments and bump filter protocol version.
  It was ambiguous in the case the user name would contain a '|' character.

• Add Message-ID as needed for messages received on the submission port.
  This was dropped during the incoming message parser refactor in 2018.

• Drop ENGINE support.

• Updated the bundled copy of libtls.
  This includes the removal of the support for TLS v1.0 and 1.1 as they were "MUST NOT use" for more than two years already.

The neverending cleanup of the -portable layer continued. This includes the complete rework of some parts:

• Rework of the configure script:

  • use AC_SYSTEM_EXTENSIONS
  • better checks for libraries using AC_SEARCH_LIBS
  • dropped some useless and/or redundant checks
  • better checks for functions, shouldn't yield false-positives
  • various simplification to the -portable layer thanks to these
    changes

• Simplified the bootstrap script.

Checksums:

SHA256 (opensmtpd-7.4.0p0.tar.gz) = c181ccc3434a11e583619e00028520d457fe062e34dc03beea358078220ce374

Verify:

Starting with version 5.7.1, releases are signed with signify(1).

You can obtain the public key from our website, check with our community that it has not been altered on its way to your machine.

$ wget https://www.opensmtpd.org/archives/opensmtpd-20181026.pub

Once you are confident the key is correct, you can verify the release as described below:

1. download both release tarball and matching signature file to same directory:

$ wget https://www.opensmtpd.org/archives/opensmtpd-7.4.0p0.sum.sig
$ wget https://www.opensmtpd.org/archives/opensmtpd-7.4.0p0.tar.gz

2. use signify to verify that signature file is properly signed and that the checksum matches the release tarball you downloaded:

$ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-7.4.0p0.sum.sig
Signature Verified
opensmtpd-7.4.0p0.tar.gz: OK

If you don't get an OK message, then something is not right and you should not install without first understanding why it failed.

Support:

You are encouraged to register to our general purpose mailing-list: http://www.opensmtpd.org/list.html

The "Official" IRC channel for the project is at: #opensmtpd @ irc.libera.chat

Support us:

The project is maintained by volunteers, you can support us by:

• donating time to help test development branch during development cycle
• donating money to either one of the OpenBSD or OpenSMTPD project
• sponsoring developers through direct donations or patreon
• sponsoring developers through contracts to write features

Get in touch with us by e-mail or on IRC for more informations.

Reporting Bugs:

Please read http://www.opensmtpd.org/report.html
Security bugs should be reported directly to security@opensmtpd.org
Other bugs may be reported to bugs@opensmtpd.org

• avoid truncation of filtered data lines
  Lines in the email body passed through a filter were truncated to roughly LINE_MAX bytes. (#1192)

• allow arguments on NOOP
  Based on an initial diff by @sjbronner, thank you! (#1150)

• swap link-auth filter arguments and bump filter protocol version
  It was ambiguous in the case the user name would contain a | character. (#1213)

• drop ENGINE support

• sync'ed bundled copy of libtls
  This includes the removal of the support for TLSv1.0 and 1.1. They were "MUST NOT use" for more than two years already.

• The neverending cleanup of the -portable layer continued.
  This including complete rework of some parts.

• rework of the configure script:

  • use AC_SYSTEM_EXTENSIONS
  • better checks for libraries using AC_SEARCH_LIBS
  • dropped useless and/or redundant checks
  • better checks for functions, shouldn't yield false-positives
  • various simplification to the -portable layer thanks to these changes

• simplified bootstrap by using autoreconf

Portable-only changes:

• avoid potential use of uninitialized the bundled copy of ASN1_time_parse

  This could lead to a failure during STARTTLS and a subsequent downgrade to plaintext.

• backport the ENGINE removal to build with the latest LibreSSL