Softpedia >Linux >Communications >Email >MeTA1 >  Changelog

MeTA1 Changelog

What's new in MeTA1 1.1 Alpha 0.0

Sep 11, 2014
  • 2014-07-07 Change in behaviour: if relaying is allowed via STARTTLS or AUTH, and the flag delay_checks is set, then access map entries that deny access using the cltresolve: tag will be overridden. Requested by Matthias Waechter.
  • 2014-06-07 New option -n for milter-regex to check the syntax of a configuration file, e.g., milter-regex -c new.conf -dn would show any errors in new.conf.
  • 2014-06-05 Print also OpenSSL version string instead of just the version number when requested (smtps/smtpc -VV)
  • 2014-05-31 Handle temporary map lookup failures for configuration data better.
  • 2014-05-28 Increase size for values in access map that contain configuration data, e.g., smtpc_rcpt_conf:. The size was not increased when new options where added, thus possibly causing temporary lookup failures.

New in MeTA1 1.0 Alpha 21.0 (Feb 18, 2014)

  • A new flag for the tls section (smtps only) has been added: request_cert: request a (client) cert. This flag is set by default and can be turned off via the usual negation methods, e.g., dont_request_cert.
  • The SMTP test client smtpc2 supports STARTTLS.
  • The size of cert information (cert_subject, cert_issuer) has been limited to SM_TLS_NAME_MAX (1024). Data that is longer will now be truncated; previously no data would have been recorded if a maximum size was exceeded.
  • If the compile time option FFR_CERT_PINNING is set then smtpc will try to handle TLS handshake failures automatically: first it will try different TLS version (1.0, 1.1, 1.2) if those are available, and finally it will fall back to not using STARTTLS with that server (based on IP address) again. See doc/README.* for details.

New in MeTA1 1.0 Alpha 20.0 (Jan 21, 2014)

  • 2014-01-18 Cert pinning is available as experimental feature (compile time option FFR_CERT_PINNING).
  • 2014-01-16 Read errors in smtps are now logged as NOTICE instead of WARN as there are too many clients that simply disconnect.
  • 2014-01-15 tls_requirement violation are logged as WARN (instead of INFO or NOTICE).
  • 2014-01-09 The SMTP test servers smtps{2,3} support STARTTLS now too.
  • 2013-12-24 mcp now handles also "soft" errors to avoid repeated restarts of services.
  • 2013-12-22 mcp will no longer try to restart services that depend on a permanently failed service.

New in MeTA1 1.0 Alpha 19.0 (Dec 27, 2013)

  • 2013-12-18 MeTA1 smtps crashed on recent FreeBSD/OpenBSD versions running amd64 due to a misaligned stack in sha1_block_data_order_ssse3. A workaround has been implemented for statethreads, but it is not yet clear whether this is the proper fix.
  • 2013-12-12 Fix DKIM tests on some 64 bit platforms. Note: the problem affected only some tests (they were written in a platform-dependent way), not the DKIM signing code itself.
  • 2013-12-07 If MTA_TLS_DEBUG is used as compile time option, information about TLS handling (esp. handshake) is logged.
  • 2013-12-03 Details about TLS problems during an SMTP session are now logged with the session id to make it easier to correlate them (previously it was basically just a dump of ERR_get_error_line_data(3)).
  • 2013-11-29 INCOMPATIBLE CHANGE: The lookup algorithm in maps for IP addresses requires now that subnets end with their delimiter (./:), similar to subdomains. Otherwise it is not clear what
  • cltaddr:10 relay
  • means: an IPv4 or an IPv6 net? This removes the ambiguity:
  • cltaddr:10: relay
  • cltaddr:10. relay
  • Affected tags are cltaddr, icm, icr, oci, ocm, ocr, octo, smtpc_session_conf. Note: cltaddr can also appear in the RHS for protectedrcpt.
  • 2013-11-28 Add IPv6 support for cltaddr: values in protectedrcpt.
  • 2013-11-23 contrib/femail.c: fixed dot stuffing algorithm so leading dots are not lost.
  • 2013-11-20 IPv6 addresses are represented in the "non-compressed" form, i.e., "::" to denote a sequence of zeros is not used. This allows the map lookup mechanism of removing less significant parts to work.

New in MeTA1 1.0 Alpha 18.0 (Nov 26, 2013)

  • Do not start smar if no nameservers are configured. This can only happen if no nameservers are configured, the flag use_resolvconf is not explicitly cleared, and /etc/resolv.conf does not contain any nameserver entries. If the flag is cleared then smar uses 127.0.0.1 by default.
  • Be less restrictive about what is considered a "good enough" result for DNS lookups. Previously it was required to receive an address record for at least one of the lowest preference MXs, now receiving an address record for any MX is sufficient. This will at least get the mail closer to its destination instead of waiting for the DNS problem to be resolved.
  • Add experimental, untested, support for certificate revocation lists: CRL_file and CRL_directory.
  • Log session id in tls_verify_cert_cb so the information can be correlated with the correct session.
  • New option cert_fps for tls_requirements which can be used to specify a list of (SHA-1) fingerprints, one of which must match the fingerprint of the cert presented by the server.
  • New option root_ca_subjects for tls_requirements which can be used to specify a list of CNs, one of which must match the CN of the root CA cert that signed the cert presented by the server.

New in MeTA1 1.0 Alpha 17.0 (Nov 4, 2013)

  • 2013-10-19 New option for tls section: verify_depth: this specifies the limit up to which depth certificates in a chain are used during the verification procedure. If the certificate chain is longer than allowed, the certificates above the limit are ignored (quoted from SSL_CTX_set_verify_depth(3)).
  • 2013-10-17 Work around a (linker?) problem on Darwin so MeTA1 configures, compiles, and works on it. Tested on Darwin 12.4.0 using Apple LLVM version 5.0 (clang-500.2.75) (based on LLVM 3.3svn), Target: x86_64-apple-darwin12.4.0.
  • 2013-10-12 Enhance logging for TLS requirement violations in smtpc.

New in MeTA1 1.0 Alpha 16.0 (Oct 21, 2013)

  • It is now possible to override a DNSBL rejection via a "from:" entry too provided the RHS is quick:ok.
  • subjectAltName in certs are now extracted provided they are of type DNS and can be used for a new option "hostnames" in tls_requirements.

New in MeTA1 1.0 Alpha 15.0 (Aug 29, 2013)

  • 2013-08-24 Use the appropriate time_t related macros/functions from the library when transferring data (DEFEDB).
  • 2013-08-21 Fix configure script to detect getaddrinfo() on SunOS 5.x.
  • 2013-04-26 Upgrade statethreads to 1.9: adds support for Darwin and more event systems, e.g., kqueue and epoll.
  • 2013-04-26 Fix configuration on systems that need nameser_compat.h

New in MeTA1 1.0 Alpha 14.0 (Dec 3, 2012)

  • 2012-11-29 Enable basic DH support for STARTTLS in SMTP server.
  • 2012-11-02 If a limit for outgoing connections was reached, the scheduler previously only tried other servers with the same MX preference (in contrast to actual temporary SMTP problems which would of course go through all available servers as specified in the RFCs). This behaviour was changed to try the next server even if it has a different MX preference in order to speed up delivery (the previous behaviour was implemented to avoid hitting "off site backup MX" servers which could make the overall deliver to the actual recipient longer, however, it seems very few sites actually still use those kind of setups).

New in MeTA1 1.0 Alpha 13.0 (Nov 1, 2012)

  • 2012-10-26 New option for smtps: CAlist_file: if specified, it is used instead of CAcert_file for SSL_CTX_set_client_CA_list(3) which sets the list of CAs sent to the client when requesting a client certificate.
  • 2012-10-25 Log a warning if the content of CAcert_file is not usable for SSL_load_client_CA_file(3), i.e., it does not contain certificates in the proper format.
  • 2012-10-12 --enable-DKIM can now be used even if --disable-TLS is used.
  • 2012-10-11 session_features for smtps do not require --enable-TLS anymore as there are options that are not STARTTLS related.

New in MeTA1 1.0.Alpha12.0 (Oct 4, 2012)

  • 2012-09-26 Increase the required log level for issuing a warning for a read error due to a timeout in smtps if this happens between transactions. This avoid logging warnings for those clients that keep a session open for long times (just in case another transaction might become available).
  • 2012-09-13 Unfortunately some people are not able to read RFCs but try to implement mail programs nevertheless. To deal with one of their errors, the allow_space_after_colon_for_MAIL_and_RCPT option has been implemented for smtps. It allows a space after the colon in the MAIL and RCPT commands, e.g., MAIL FROM: <[email protected]>
  • 2012-08-06 Fix link for hosts that can cause problems with grey listing. Problem noted by Alastair Hogge.

New in MeTA1 1.0.Alpha11.0 (Apr 4, 2012)

  • This version fixes a bug for messages that have header modifications but are not delivered on the first try, in which case header modifications were not included in subsequent tries.

New in MeTA1 1.0.Alpha10.0 (Feb 16, 2012)

  • This release fixes two minor problems: logging syntax errors for RCPT and a potential configure hang on SunOS 5.x if conf.cache is not used.

New in MeTA1 1.0.Alpha8.0 (Dec 1, 2011)

  • This version provides fixes for an undeliverable delay DSN and an inconsistency in the smtpc timing measurements.

New in MeTA1 1.0.Alpha7.0 (Nov 1, 2011)

  • This release introduces some new features such as detailed timings for smtpc, and fixes a few bugs, most notably a protocol violation in reuse_connection (which is still marked as "experimental" in the documentation).

New in MeTA1 1.0.Alpha6.0 (Sep 29, 2011)

  • This release adds a new DSN format which matches the specification of RFC 3464 and fixes some minor problems.

New in MeTA1 1.0.Alpha5.0 (Sep 5, 2011)

  • 2011-08-19 If all DKIM sign subsections have a from option but none of them matches the From: header, then previously the first subsection would be used for DKIM signing anyway.
  • 2011-08-12 Add a tls subsection to session_features for smtpc such that some STARTTLS related options can be set per server.

New in MeTA1 1.0.Alpha4.0 (Aug 2, 2011)

  • 2011-07-27 Properly print configuration file values that use GB as unit.
  • 2011-07-26 If a recipient was not even scheduled for delivery by smtpc, then the log entry stating that could show a bogus value for delay=, i.e., the number of seconds since the epoch. Now a value of 0 will be shown instead.
  • 2011-07-06 Fix regression: adaptive timeouts for LMTP responses to the end of a message were broken when those timeouts were extended for other protocol stages.

New in MeTA1 1.0.Alpha2.0 (Jun 1, 2011)

  • Adaptive timeouts -- which were previously only implemented for reading the reply to the final dot (end of message) -- are now used for all protocol stages in smtpc.

New in MeTA1 1.0.Alpha1.0 (May 3, 2011)

  • This release adds the user_realm option to the auth subsection for smtps and includes some minor enhancements.

New in MeTA1 1.0.PreAlpha42.0 (Mar 2, 2011)

  • 2011-02-28 The documented tag smtpc_session_conf for entries in qmgr_conf was misspelled in the source code as smtpc_sess_conf. If you have entries in the map using that tag then those need to be changed to smtpc_session_conf now.
  • 2011-02-23 A new advanced option for qmgr has been added to the subsection DEFEDB: hash_table_entries specifies the initial size for in-memory cache of entries in DEFEDB in order of the next time to try.
  • 2011-02-23 The defaults for disk_space_min and disk_space_ok have been increased to 64MB and 1GB, respectively.
  • 2011-02-21 When an smtps process terminates, decrease the internal counter for the number of open connections in qmgr to avoid aborted sessions being counted against connections_max.
  • 2011-02-19 mcp now checks all global configuration options instead of ignoring unknown entries.
  • 2011-02-15 The default for double_bounce_address has been changed to doublebounce@HOSTNAME, and mails from "" to that address are now discarded by smtps (to break mail loops).
  • 2011-02-13 If smtpc repeatedly fails to deliver a mail due to a timeout when reading the reply to the final dot (end of message), qmgr will increase the limit on subsequent attempts.
  • 2011-02-08 If a DSN was created, qmgr might not correctly decrease an internal counter which in turn would cause an item to stay in the active queue. If this happens repeatedly, the active queue may fill up and cause qmgr to stop accepting further mails.
  • 2011-01-29 If smtps is told temporarily not to send message to qmgr, it will now not invoke accept(2), but wait until qmgr tells it to go ahead again. Previously smtps would accept connections and reject them with a 421 error at the SMTP level.
  • 2011-01-28 If IQDB fills up then qmgr throttles smtps to slow down. However, the corresponding "unthrottle" action did not work because a wrong macro was used.
  • 2011-01-27 mcp now enforces the form "-X" (where X is a single character) for the pass_id option.
  • 2011-01-26 smar used a single configuration parser context structure per client for parsing a structured right hand side in mailertable. However, that structure is actually modified during parsing and hence cannot be shared between invocations. This has been fixed by using a non-shared structure for parsing.
  • 2011-01-25 If a process S failed permanently and another process C, which was listed in restart_dependencies of S, exited with a (recoverable) error, then it could happen that process C is restarted by mcp. Now mcp checks whether a terminated process C depends on a permanently failed process S in which case mcp does not restart C anymore.
  • 2011-01-22 Elliptic curve cryptography can be used if the underlying TLS implementation version supports it (e.g., OpenSSL 1.0).
  • 2011-01-21 NOTE: Incompatible change: several configuration options have been renamed, if those are used in an existing configuration file, they must be replaced when upgrading
  • 2011-01-14 A DKIM signature was wrong if several headers with the same name were included. This has been resolved by signing headers in reverse order. A new option total_header_len has been added to limit the amount of memory used for this approach (previously the message was streamed to the hashing algorithm with almost no overhead).
  • 2011-01-08 Hash table maps now can enforce unique keys, which is done for some internal maps, including mt in smar. Previously, duplicate keys were silently accepted.
  • 2011-01-07 The configuration for DKIM signing has been changed to allow selecting different options based on the From: address. NOTE: This is an incompatible change, any existing configuration that uses DKIM signing must be modified by moving the options "domain", "selector", and "keyfile" into a subsection called "sign".

New in MeTA1 1.0.PreAlpha41.0 (Dec 29, 2010)

  • This version adds basic support for DKIM signing, an option to mcp to specify how to treat configuration errors, and several other enhancements.

New in MeTA1 1.0.PreAlpha40.0 (Nov 29, 2010)

  • This version adds more control over outgoing connections, including restricting the number of transactions per session.

New in MeTA1 1.0.PreAlpha39.0 (Oct 19, 2010)

  • 2010-10-12 Added checks to misc/sm.check.sh to ensure that group members are set up properly.
  • 2010-10-12 Avoid a race condition in libdns which could cause the library not to send a DNS request to a DNS server. However, a subsequent, different query by the application would send both the previous and the new DNS request thus making the problem almost impossible to notice.

New in MeTA1 1.0.PreAlpha38.0 (Sep 28, 2010)

  • This version fixes a bug in the error handling for incoming mail if IQDB is being filled to capacity.

New in MeTA1 1.0.PreAlpha37.0 (Aug 30, 2010)

  • This release fixes a build problem on Linux/i386 and introduces two experimental compile time options to set an IP address for the SMTP client and the maximum delivery rate.

New in MeTA1 1.0.PreAlpha36.0 (Jul 12, 2010)

  • MeTA1 1.0.PreAlpha36.0 is available for testing. It introduces a new configuration element called conditions. These allow to specify a boolean expression which makes a configuration subsection optional. For now this must be activated with the compile time option SS_COND, and is only available for the SMTP server to perform checks at some SMTP stages. This feature is for demonstration purposes and will be enhanced later on. For example, it may select features based on some conditions. It is basically an enhancement to the access map which specifies a very limited set of conditions, e.g., whether a client IP address matches an entry which in turn can be used to reject a connection, or select session features. These conditions could also be used elsewhere, e.g., in qmgr to dynamically select timeouts or retry limits. This new feature is experimental and likely to change in subsequent versions. Feedback is appreciated.

New in MeTA1 1.0.PreAlpha35.0 (May 10, 2010)

  • A structured right hand side in mailertable can now specify also flags. Currently only MX_lookup is available. Use no_MX_lookup to suppress MX lookups, e.g., { protocol=esmtp; flags=no_MX_lookup; host=HOST.SOME.DOMAIN; }

New in MeTA1 1.0.PreAlpha34.0 (Mar 23, 2010)

  • Work around a problem in OpenSSL: simply setting "no cache" mode is seemingly not sufficient to turn of the TLS session cache; some clients may trigger a TLS cache lookup but the server will fail to perform it and log an error like this: SSL_GET_PREV_SESSION:session id context uninitialized:ssl_sess.c:413 Problem noted by Matthias Waechter.
  • The communication between the various modules has been changed, hence it is required to use all MeTA1 modules from the same release.
  • New compile time option: MTA_NETINET6 (not available via configure yet, it must be explicitly set of CPPFLAGS). Currently, this only adds the option to use inet6 sockets for smtps. This is causes a change in the log format: "ip" is used instead of "ipv4" (for those places where smtps is involved).
  • In some cases smtps could create one more thread than configured.

New in MeTA1 1.0.PreAlpha28.0 (Jan 5, 2009)

  • Several patches related to pmilter functionality have been added.