OpenSMTPD Changelog

What's new in OpenSMTPD 5.7.1

Aug 23, 2015

Improved logging:
logging format has changed to ease parsing and be less verbose
multi-line responses are now logged
Improved documentation:
portions of man pages have been rewritten to clarify them
more examples for common use-cases have been added
format specifiers have been documented
forward-only has been documented
Improved TLS / crypto:
privileges-separated RSA engine
better cope with errors in opportunistic TLS
ciphers and curves can now be selected
pki/ca interface has been reworked to allow custom CA
certificate verification code has been greatly simplified
SNI code has been simplified too
switched to 2048-bits DH params by default
Assorted improvements:
domain-append is now supported
support for SMTP-level filtering of users-provided senders
initial support for masquerading
usernames no longer need to be restricted to MAX_LOG_NAME
DSN can now be generated without content or with headers only
better handle IPv6 addresses in relay via rules
fix unnecessary long delays relaying from backup to primary MX
fd-exhaustion detection has been simplified
reworked enqueuer
the +-tag uses .tag folder if it exists, Maildir otherwise
maildir:/path is now a supported expansion for aliases
Experimental:
filters plumbing is now always enabled
the filter API is now available, though considered experimental

New in OpenSMTPD 5.4.1p1 (Dec 23, 2013)

Improved configuration file:
removed last known ambiguity in grammar
much simpler configuration for TLS-enabled hosts
most parameters are now swappable in listen and accept rules
conditions may be negated (ie: accept from ! ...)
forward-only rules can be declared to impose ~/.forward files
new "recipient" keyword allows accept rule to provide a whitelist
sender and recipient tables accept wildcard in their domains
/!\ configuration file must be edited with this new release ! /!\
/!\ please refer to smtpd.conf(5) and use smtpd -nf smtpd.conf /!\
/!\ to validate. /!\
TLS generic improvements:
support for TLS Perfect Forward Secrecy
support for providing custom CA certificate
MTA improvements:
mta may now require remote hosts to present valid certificates
always attempt TLS before falling back to plaintext
always present certificate if one is available
AUTH LOGIN now supported
mta can now specify a EHLO-hostname when relaying
SMTP server improvements:
inet4-only and inet6-only listeners are now possible
listeners may now hide the From part in a Received-line
listeners may require clients to provide a valid certificate
banner hostname can now be dynamically fetched from a table
Queue improvements:
Introduce an envelope cache in the queue to improve disk-IO pattern
smtpctl(8) improvements:
show relays: displays list of currently active relays
show routes: displays status of routes currently known by smtpd
show hosts: displays list of known remote MX
show hoststats: display status of last delivery for active domains
resume route: resumes route temporarily disable by the MTA
pause/resume envelope: allows pausing individual envelopes
pause/resume message: allows pausing individual messages
encrypt: allows generating credentials suitable for authentication
show message/envelope is now compression/encryption aware
documentation:
table(5) describes format for static, file and db backends
sendmail(8) describes our "sendmail" interface
Reduced memory-usage in both general and stressed cases
OpenSMTPD now automagically upgrades queue if format changes !
Support Qmail-like "sticky home"
Support for authenticating users from a credentials table
Introduce passwd(5) table backend for user and credentials lookup
Expansion variables in ~/.forward now supports modifiers
much more efficient scheduler !
And a lot of minor bug-fixes and internal cleanup !
Experimental:
SQLite table backend
LDAP table backend
MySQL table backend
Postgres table backend
Portable:
Completely reworked autotools layout
Limitations:
No filters support yet (we're almost there)
No masquerading or address rewrite yet (we're almost there)