> Hello, > > OpenBSD 7.3 ships with the code used to build OpenSMTPD 7.3.0 portable, > so you're not "affected" by this release: releases announced here are a > port of OpenSMTPD for other systems. > > Gilles > > > June 17, 2023 6:21 PM, [email protected] wrote: >
Thanks so much Gilles the blood pressure came to normal! >> Hello >> >> Please excuse my question, if i am lost! >> >> I have 3 e-mail servers using OpenSMTPD that come with OpenBSD 7.3. >> >> Does this complicated thing that you mentioned is going to affect my >> servers? >> >> I use OpenBSD because its simplicity! >> >> Thanks. >> >>> OpenSMTPD 7.3.0p0 has just been released. >>> >>> OpenSMTPD is a FREE implementation of the SMTP protocol with some >>> common >>> extensions. It allows ordinary machines to exchange e-mails with >>> systems >>> speaking the SMTP protocol. It implements a fairly large part of >>> RFC5321 >>> and can already cover a large range of use-cases. >>> >>> It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, Linux and OSX. >>> >>> The archives are now available from the main site at www.OpenSMTPD.org >>> >>> We would like to thank the OpenSMTPD community for their help in >>> testing >>> the snapshots, reporting bugs, contributing code and packaging for >>> other >>> systems. >>> >>> This is a major release with multiple bug fixes and new features. >>> >>> Dependencies note: >>> ================== >>> >>> This release builds with LibreSSL, or OpenSSL > 1.1.1 optionally with >>> LibreTLS. >>> >>> LibreTLS 3.7.0 has a known regression with OpenSSL 3+, so please use >>> the bundled one using the `--with-bundled-libtls' configure flag until >>> it is updated. >>> >>> It's preferable to depend on LibreSSL as OpenSMTPD is written and >>> tested >>> with that dependency. OpenSSL library is considered as a best effort >>> target TLS library and provided as a commodity, LibreSSL has become our >>> target TLS library. >>> >>> Changes in this release: >>> ======================== >>> >>> Includes the following security fixes: >>> - OpenBSD 7.2 errata 20 "smtpd(8) could abort due to a >>> connection from a local, scoped ipv6 address" >>> - OpenBSD 7.2 errata 22 "Out of bounds accesses in libc resolver" >>> >>> Configuration changes: >>> - The certificate to use is now selected by looking at the names >>> found in the certificates themselves rather than the `pki` name. >>> The set of certificates for a TLS listener must be defined >>> explicitly by using the `pki` listener option multiple times. >>> >>> Synced with OpenBSD 7.3: >>> - OpenBSD 6.9: >>> * Introduced smtp(1) `-a` to perform authentication before sending >>> a message. >>> * Fixed a memory leak in smtpd(8) resolver. >>> * Prevented a crash due to premature release of resources by the >>> smtpd(8) filter state machine. >>> * Switch to libtls internally. >>> * Change the way SNI works in smtpd.conf(5). TLS listeners may be >>> configured with multiple certificates. The matching is based on >>> the names included in the certificates. >>> * Allow to specify TLS protocols and ciphers per listener and >>> relay action. >>> - OpenBSD 7.0: >>> * Fixed incorrect status code for expired mails resulting in >>> misleading bounce report in smtpd(8). >>> * Added TLS options `cafile=(path)`, `nosni`, `noverify` and >>> `servername=(name)` to smtp(1). >>> * Allowed specification of TLS ciphers and protocols in smtp(1). >>> - OpenBSD 7.1: >>> * Stop verifying the cert or CA for a relay using opportunistic TLS. >>> * Enabled TLS verify by default for outbound "smtps://" and >>> "smtp+tls://", restoring documented smtpd(8) behavior. >>> - OpenBSD 7.3: >>> * Prevented smtpd(8) abort due to a connection from a local, >>> scoped ipv6 address. >>> >>> Portable layer changes: >>> - libbsd and libtls are now optionally used if found. >>> + Added `--with-libbsd`/`--without-libbsd` configure flag to enable >>> linking to libbsd-overlay. >>> + Added `--with-bundled-libtls` to force the usage of the bundled >>> libtls. >>> >>> LibreTLS 3.7.0 (last version at the time of writing) and previous >>> have a regression with OpenSSL 3+, so please use the bundled one. >>> See the GitHub issue #1171 for more info. >>> >>> - Updated and cleanup of the OpenBSD compats. >>> + Ported `res_randomid()` from OpenBSD. >>> >>> - The configure option `--with-path-CAfile` shouldn't be required >>> anymore in most systems but it is retained since it could be useful in >>> some configuration when using the bundled libtls. >>> >>> - Various minor portability fixes. >>> >>> Checksums: >>> ========== >>> >>> SHA256 (opensmtpd-7.3.0p0.tar.gz) = >>> 2dd7a5a8ca127be7eb491540405684acb3dd04d93ad23d7709accd2b0450cae6 >>> >>> Verify: >>> ======= >>> >>> Starting with version 5.7.1, releases are signed with signify(1). >>> >>> You can obtain the public key from our website, check with our >>> community >>> that it has not been altered on its way to your machine. >>> >>> $ wget https://www.opensmtpd.org/archives/opensmtpd-20181026.pub >>> >>> Once you are confident the key is correct, you can verify the release >>> as >>> described below: >>> >>> 1- download both release tarball and matching signature file to same >>> directory: >>> >>> $ wget https://www.opensmtpd.org/archives/opensmtpd-7.3.0p0.sum.sig >>> $ wget https://www.opensmtpd.org/archives/opensmtpd-7.3.0p0.tar.gz >>> >>> 2- use `signify` to verify that signature file is properly signed and >>> that >>> the >>> checksum matches the release tarball you downloaded: >>> >>> for portable version: >>> $ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-7.3.0p0.sum.sig >>> Signature Verified >>> opensmtpd-7.3.0p0.tar.gz: OK >>> >>> If you don't get an OK message, then something is not right and you >>> should >>> not >>> install without first understanding why it failed. >>> >>> Support: >>> ======== >>> >>> You are encouraged to register to our general purpose mailing-list: >>> http://www.opensmtpd.org/list.html >>> >>> The "Official" IRC channel for the project is at: >>> #opensmtpd @ irc.libera.chat >>> >>> Support us: >>> ======== >>> >>> The project is maintained by volunteers, you can support us by: >>> >>> - donating time to help test development branch during development >>> cycle >>> - donating money to either one of the OpenBSD or OpenSMTPD project >>> - sponsoring developers through direct donations or patreon >>> - sponsoring developers through contracts to write features >>> >>> Get in touch with us by e-mail or on IRC for more informations. >>> >>> Reporting Bugs: >>> =============== >>> >>> Please read http://www.opensmtpd.org/report.html >>> Security bugs should be reported directly to [email protected] >>> Other bugs may be reported to [email protected] >
