Download: http://www.courier-mta.org/download.php
This release adds a patch to the stable code that flushes an internal input buffer when the SMTP server receives a STARTTLS command from a sending client.
Changes:• Although TLS is effective against the general kind of man-in-the-middle attacks, depending on the SMTP client's behavior an attacker could've still modified the message's sender address and recipients (but not access the envelope or the message body that's sent after TLS is enabled, nor modify it). Note that a party that's capable of hijacking a TLS connection can always filter out the server's STARTTLS capability, preventing STARTTLS, and, it's basically game over. Still, this patch is needed in uncommon, custom configurations where where the sender requires STARTTLS, or which uses client certificate authentication.
pgpPwaYgStDlB.pgp
Description: PGP signature
------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
