Portable-only changes:

• add missing include of stdio.h for fparseln(3) on FreeBSD
• fix a typo in the configure
• use fatal() instead of err(3) in xclosefrom()
• don't add "-lcrypto -lssl" thrice
• fix the build of the bundled libtls with LibreSSL
• force the use of the bundled libtls and libasr
• append, not prepend, to LIBS during automatic configuration
• do not add -L/usr/local/lib or -L/usr/lib, nor -I/usr/local/include or -I/usr/include, as consequence of missing --with-libevent
• optionally link libbsd-ctor too

OpenSMTPD is a FREE implementation of the SMTP protocol with some common extensions. It allows ordinary machines to exchange e-mails with systems speaking the SMTP protocol. It implements a fairly large part of RFC5321 and can already cover a large range of use-cases.

It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, Linux and OSX.

The archives are now available from the main site at www.OpenSMTPD.org

We would like to thank the OpenSMTPD community for their help in testing the snapshots, reporting bugs, contributing code and packaging for other systems.

This is a major release with multiple bug fixes and new features.

Dependencies note:

This release builds with LibreSSL, or OpenSSL > 1.1.1 optionally with LibreTLS.

LibreTLS 3.7.0 has a known regression with OpenSSL 3+, so please use the bundled one using the --with-bundled-libtls configure flag until it is updated.

It's preferable to depend on LibreSSL as OpenSMTPD is written and tested with that dependency. OpenSSL library is considered as a best effort target TLS library and provided as a commodity, LibreSSL has become our target TLS library.

Changes in this release:

Includes the following security fixes:

• OpenBSD 7.2 errata 20 "smtpd(8) could abort due to a connection from a local, scoped ipv6 address"
• OpenBSD 7.2 errata 22 "Out of bounds accesses in libc resolver"

Configuration changes:

• The certificate to use is now selected by looking at the names found in the certificates themselves rather than the pki name. The set of certificates for a TLS listener must be defined explicitly by using the pki listener option multiple times.

Synced with OpenBSD 7.3:

• OpenBSD 6.8:
  • Run LMTP deliveries as the smtpd user instead of the recipient user.
• OpenBSD 6.9:
  • Introduced smtp(1) -a to perform authentication before sending a message.
  • Fixed a memory leak in smtpd(8) resolver.
  • Prevented a crash due to premature release of resources by the smtpd(8) filter state machine.
  • Switch to libtls internally.
  • Change the way SNI works in smtpd.conf(5). TLS listeners may be configured with multiple certificates. The matching is based on the names included in the certificates.
  • Allow to specify TLS protocols and ciphers per listener and relay action.
• OpenBSD 7.0:
  • Fixed incorrect status code for expired mails resulting in misleading bounce report in smtpd(8).
  • Added TLS options cafile=(path), nosni, noverify and servername=(name) to smtp(1).
  • Allowed specification of TLS ciphers and protocols in smtp(1).
• OpenBSD 7.1:
  • Stop verifying the cert or CA for a relay using opportunistic TLS.
  • Enabled TLS verify by default for outbound "smtps://" and "smtp+tls://", restoring documented smtpd(8) behavior.
• OpenBSD 7.3:
  • Prevented smtpd(8) abort due to a connection from a local, scoped ipv6 address.

Portable layer changes:

• libbsd and libtls are now optionally used if found.

  • Added --with-libbsd/--without-libbsd configure flag to enable linking to libbsd-overlay.
  • Added --with-bundled-libtls to force the usage of the bundled libtls.
    LibreTLS 3.7.0 (last version at the time of writing) and previous have a regression with OpenSSL 3+, so please use the bundled one. See the GitHub issue #1171 for more info.

• Updated and cleanup of the OpenBSD compats.

  • Ported res_randomid() from OpenBSD.

• The configure option --with-path-CAfile shouldn't be required anymore in most systems but it is retained since it could be useful in some configuration when using the bundled libtls.

• Various minor portability fixes.

Checksums:

SHA256 (opensmtpd-7.3.0p0.tar.gz) = 2dd7a5a8ca127be7eb491540405684acb3dd04d93ad23d7709accd2b0450cae6

Verify:

Starting with version 5.7.1, releases are signed with signify(1).

You can obtain the public key from our website, check with our community that it has not been altered on its way to your machine.

$ wget https://www.opensmtpd.org/archives/opensmtpd-20181026.pub

Once you are confident the key is correct, you can verify the release as described below:

1. download both release tarball and matching signature file to same directory:

$ wget https://www.opensmtpd.org/archives/opensmtpd-7.3.0p0.sum.sig
$ wget https://www.opensmtpd.org/archives/opensmtpd-7.3.0p0.tar.gz

2. use signify to verify that signature file is properly signed and that the
   checksum matches the release tarball you downloaded:

for portable version:

$ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-7.3.0p0.sum.sig
Signature Verified
opensmtpd-7.3.0p0.tar.gz: OK

If you don't get an OK message, then something is not right and you should not install without first understanding why it failed.

Support:

You are encouraged to register to our general purpose mailing-list: http://www.opensmtpd.org/list.html.

The "Official" IRC channel for the project is at:
#opensmtpd @ irc.libera.chat

Support us:

The project is maintained by volunteers, you can support us by:

• donating time to help test development branch during development cycle
• donating money to either one of the OpenBSD or OpenSMTPD project
• sponsoring developers through direct donations or patreon
• sponsoring developers through contracts to write features

Get in touch with us by e-mail or on IRC for more informations.

Reporting Bugs:

Please read http://www.opensmtpd.org/report.html
Security bugs should be reported directly to security@opensmtpd.org
Other bugs may be reported to bugs@opensmtpd.org

Changes since the last release: (may be incomplete)

• Synced with OpenBSD 7.3.
  Includes the following security fixes:

  • OpenBSD 7.2 errata 20 "smtpd(8) could abort due to a connection from a local, scoped ipv6 address"
  • OpenBSD 7.2 errata 22 "Out of bounds accesses in libc resolver"

• Optionally use libbsd and libtls.

• Updated bundled libtls.
  Includes fixes with OpenSSL 3.x

  Please use --with-bundled-libtls since LibreTLS 3.7.0 (last version at the time of writing) has a regression with OpenSSL 3.x. See the github issue #1171 for more info.

• Updated and cleanup of the OpenBSD compats.

• Ported res_randomid() from OpenBSD.

• The configure option --with-path-CAfile shouldn't be required anymore for most systems, but it is retained since it could be useful in some configuration when using the bundled libtls.

• Various minor portability fixes.

Changes since the last release: (may be incomplete)

• synced with OpenBSD 7.3
• bundled libtls updated (fixes issues with OpenSSL 3.x)
• updated and cleanup of the OpenBSD compats
• ported res_randomid() from OpenBSD
• optionally use libbsd and libtls
• added --with-bundled-libtls configure knob to work around LibreTLS regressions on OpenSSL 3.x
• remove now useless --with-path-CAfile
• various minor portability fixes

• fixes a packaging issue causing asr.h to be installed in target system
• fixes a possible crash in the MTA when establishing IPv6 connections

New Features:

• Allowed use of the smtpd(8) session username in built-in filters when available.
• Introduced a bypass keyword to smtpd(8) so that built-in filters can bypass processing when a condition is met.
• Allowed use of 'auth' as an origin in smtpd.conf(5).
• Allowed use of mail-from and rctp-to as for and from parameters in smtpd.conf(5).

Bug fixes:

• Ensured legacy ssl(8) session ID is persistent during a client TLS session, fixing an issue using TLSv1.3 with smtp.mail.yahoo.com.
• Fixed security vulnerabilities in smtpd(8). Corrected an out-of-bounds read in smtpd allowing an attacker to inject arbitrary commands into the envelope file to be executed as root, and ensured privilege revocation in smtpctl(8) to prevent arbitrary commands from being run with the _smtpq group.
• Allowed mail.local(8) to be run as non-root, opening a pipe to lockspool(1) for file locking.
• Fixed a security vulnerability in smtpd(8) which could lead to a privilege escalation on mbox deliveries and unprivileged code execution on lmtp deliveries.
• Added support for CIDR in a: spf atoms in smtpd(8).
• Fixed a possible crash in smtpd(8) when combining "from rdns" with nested virtual aliases under a particular configuration.

Experimental Features:

• Introduced smtp-out event reporting.
• Improved filtering protocol.

SECURITY RELEASE

An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.

• switch default configuration to maildir
• allow mbox to deliver to users without requiring privileges in the daemon
• allow lmtp to receive sender/recipient in environment

THIS IS A CRITICAL SECURITY BUGFIX RELEASE

Fix possible privilege escalation found by Qualys.