forked from marlam/msmtp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
582 lines (485 loc) · 22.6 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
Version 1.8.26:
- Add support for SCRAM-SHA-256-PLUS and SCRAM-SHA-1-PLUS authentication, and
prefer SCRAM methods over the PLAIN method because of their superior
properties.
- With --read-envelope-from, a Resent-From header is now used if it is present
and appears before any From header
Version 1.8.25:
- No significant changes, just bug fixes.
Version 1.8.24:
- Added a new configuration command 'from_full_name' to set a full name for the
From header (like -F on the command line)
- Fixed the allow_from_override command
Version 1.8.23:
- The msmtpq script was updated.
Version 1.8.22:
- The msmtpq script was updated.
Version 1.8.21:
- Added a new configuration command 'eval' to replace the current configuration
file line with the output of a command (similar to passwordeval, but more
general).
- Added a new configuration command 'set_msgid_header' with the default setting
'auto'. This adds a Message-ID header to the mail if none is present.
- msmtpd now adds a Received header
Version 1.8.20:
- Added a new configuration command 'allow_from_override'. When off, the --from
option does not override the envelope-from address anymore.
Version 1.8.19:
- Fixed a security problem in msmtpd: mail addresses starting with '-' could be
interpreted as options of the pipe command.
Version 1.8.18:
- No significant changes.
Version 1.8.17:
- msmtpd now supports logging to syslog or to a file with the option --log,
and authentication (for special use cases) with the option --auth.
Version 1.8.16:
- The 'from' command now accepts patterns (as in shell file name matching)
so that many envelope from addresses given with --from can match the
same account
- Added support for %H, %C, %M in the domain command
- msmtpd now supports sysexits.h error codes from the pipe command
Version 1.8.15:
- Added support for SCRAM-SHA-256 authentication via GNU SASL
Version 1.8.14:
- Added support for libtls as an alternative to GnuTLS
Version 1.8.13:
- Added support for XOAUTH2, the predecessor of OAUTHBEARER.
- The passwordeval command can now handle very long input, which can be
necessary for OAUTHBEARER and XOAUTH2.
- GnuTLS >= 3.4 is required
Version 1.8.12:
- msmtpd now supports session reuse and improves standards compliance
- Automatic account matching now supports subaddresses. For example,
[email protected] will match account [email protected].
Version 1.8.11:
- Add a new undisclosed_recipients command and --undisclosed-recipients option
to replace To, Cc, Bcc with a single "To: undisclosed-recipients:;" header.
- Improved handling of temporary files on Windows systems.
- Re-enabled support for systems lacking vasprintf(), such as IBM i PASE.
Version 1.8.10:
- The msmtpq script was fixed (the fix in 1.8.9 was incomplete)
Version 1.8.9:
- The msmtpq script was fixed (it was accidently broken in 1.8.8)
Version 1.8.8:
- Added a new socket command and --socket option to connect via local sockets.
- Added a new tls_host_override command and --tls-host-override option to
override the host name used for TLS verification.
- Added a new set_from_header command and --set-from-header option with three
settings:
- on: always set a From header, possibly replacing an existing one
- off: never set a From header
- auto: add a From header if there is none (this is the default).
This replaces the add_missing_from_header option (which remains supported).
- Added a new set_date_header command and --set-date-header option with two
settings:
- off: never set a Date header
- auto: add a Date header if there is none (this is the default).
This replaces the add_missing_date_header option (which remains supported).
- Fixed the handling of empty From headers with --read-recipients/-t.
- Fixed the source_ip command for proxies.
Version 1.8.7:
- The from command now supports the patterns %U, %H, %C, %M that are replaced
with user name, host name, canonicalized host name, and the contents of
/etc/mailname. This replaces the old auto_from and maildomain commands (which
remain supported).
Version 1.8.6:
- Aliases are now expanded recursively
- Minor bug fixes
Version 1.8.5:
- Fixed OAUTHBEARER.
- Support for TLS client certificates via PKCS11 devices, e.g. smart cards.
- Various small bug fixes and improvements.
Version 1.8.4:
- Added support for the OAUTHBEARER authentication method.
- Several minor bug fixes.
Version 1.8.3:
- This version fixes a security problem that affects version 1.8.2 (older
versions are not affected): when the new default value system for
tls_trust_file is used, the result of certificate verification was not
properly checked.
Version 1.8.2:
- To simplify TLS setup, the tls_trust_file command has a new default value
'system' that selects the system default trust. Now you just need tls=on to
use TLS; the other TLS options are only required in special cases.
To make this work without breaking compatibility with older msmtp versions,
tls_fingerprint now overrides tls_trust_file, and tls_certcheck=off overrides
both (previously, you could not specify contradicting options).
- To simplify setup, a new option '--configure <mailaddress>' was added that
automatically generates a configuration file for a given mail address.
However, this only works if the mail domain publishes appropriate SRV records.
Version 1.8.1:
- Fixed our TLS code to support TLS 1.3 with GnuTLS.
Version 1.8.0:
- A minimal SMTP server called msmtpd was added that listens on the local host
and pipes mails to msmtp (or another program). It is intended to be used with
system services that cannot be configured to call msmtp directly. You can
disable it with the configure option --without-msmtpd.
- Using OpenSSL is discouraged and may not be supported in the future. Please
use GnuTLS instead. The reasons are explained here:
https://marlam.de/msmtp/news/openssl-discouraged/
- As using GNU SASL is most likely unnecessary, it is disabled by default now.
Since everything uses TLS nowadays and thus can use PLAIN authentication, you
really only need it for GSSAPI.
- If your system requires a library for IDN support, libidn2 is now used instead
of the older libidn.
- The CRAM-MD5 authentication method is marked as obsolete / insecure and will
not be chosen automatically anymore.
- The passwordeval command does not require the password to be terminated by a
new line character anymore.
- The new logfile_time_format command allows to customize log file time stamps.
- Builtin default port numbers are now used instead of consulting /etc/services.
- Support for DJGPP and for systems lacking vasprintf(), mkstemp(), or tmpfile()
is removed.
Version 1.6.8:
- Add --source-ip option and source_ip command to bind the outgoing connection
to a specific source IP address.
- Enable SNI for TLS
Version 1.6.7:
- Add support for ~/.config/msmtp/config as configuration file
- Add network timeout handling on Windows
- Fix command line handling of SHA256 TLS fingerprints
- Fix SIGPIPE handling (affects at least Mac OS X)
- Add french translation, and update german translation
Version 1.6.6:
- Fix a memory leak and a double-free in msmtp_read_headers(), triggered by read
errors.
Version 1.6.5:
- Support SHA256 fingerprints for tls_fingerprint, and mark both SHA1 and MD5 as
deprecated.
Version 1.6.4:
- The system default policy is used with GnuTLS instead of a hardcoded one.
Version 1.6.3:
- A bug in SOCKS support was fixed.
- Handling non-fatal errors in TLS handshakes was fixed.
Version 1.6.2:
- A bug was fixed that prevented consecutive Bcc headers from being removed
properly.
Version 1.6.1:
- The new configure option --with-tls replaces --with-ssl.
- A new configure option --disable-gai-idn was added.
Version 1.6.0:
- Support for SOCKS proxies was added. This allows msmtp to be used with Tor.
- GNOME Keyring support now uses libsecret instead of libgnome-keyring. It is
now documented how to use secret-tool to manage passwords for msmtp; the
obsolete msmtp-gnome-tool script is removed.
- Configuration file security is now only checked if the file actually contains
secrets such as passwords. (If you still store passwords in the configuration
file, consider using the passwordeval command or a key ring instead.)
- The GSSAPI authentication method is not chosen automatically anymore, you have
to request it manually if you really want to use it.
- From: and Date: headers are now added to mails if necessary, for compatibility
with sendmail, postfix, exim, and other MTAs. This can be disabled with the
add_missing_from_header and add_missing_date_header commands.
- Libidn is not required for IDN support anymore on systems where getaddrinfo()
supports the AI_IDN flag and the GnuTLS version is >= 3.4.0.
- The new remove_bcc_headers command replaces the old keepbcc command (but the
old command is still supported for compatibility).
- SSLv3 is disabled, and the obsolete tls_force_sslv3 command and
--tls-force-sslv3 option have no effect anymore.
Version 1.4.32:
- A recipient list on the command line is now parsed as if it appeared in a
mail header.
Version 1.4.31:
- No significant changes.
Version 1.4.30:
- No significant changes.
Version 1.4.29:
- The obsolete service name "ssmtp" was replaced with "smtps".
Version 1.4.28:
- No significant changes.
Version 1.4.27:
- No significant changes.
Version 1.4.26:
- A new version of the msmtpq script fixes serious bugs. To update to the new
version of the script, you need to remove the old msmtpQ symlink, change
msmtpQ to msmtpq in your MUA config, and use msmtp-queue for queue management.
Version 1.4.25:
- DIGEST-MD5 authentication is not considered secure any longer. See RFC 6331.
- Support for alias expansion was added. See the aliases command and --aliases
option.
Version 1.4.24:
- The build system was updated, and as a consequence some options to the
configure script have changed. See './configure --help'.
- The license of the manual was changed from the GNU FDL to a very simple
permissive license.
- The unmaintained pt_BR translation was removed.
Version 1.4.23:
- No significant changes.
Version 1.4.22:
- A new command 'passwordeval' with a corresponding '--passwordeval' option
allows to set the password to the output of a command.
Version 1.4.21:
- No significant changes.
Version 1.4.20:
- Added support for authentication mechanism SCRAM-SHA-1 via GNU SASL.
- The new command tls_fingerprint allows one to trust one particular TLS
certificate, in case tls_trust_file cannot be used for some reason.
- The new script msmtp-gnome-tool.py manages Gnome Keyring passwords for msmtp.
Version 1.4.19:
- When using OpenSSL, msmtp now correctly handles NUL characters in the Common
Name and Subject Alternative Name fields of certificates. This fixes a
security problem. Note that msmtp is not affected by this problem if GnuTLS is
used.
Version 1.4.18:
- No significant changes.
Version 1.4.17:
- Msmtp now also reads SYSCONFDIR/netrc if the password was not found in
~/.netrc.
- Support for the GNOME keyring was added by Satoru SATOH.
Version 1.4.16:
- No significant changes.
Version 1.4.15:
- The configuration command tls_crl_file was added. This allows to use
certificate revocation lists (CRLs) during certificate verification.
- The configuration command tls_min_dh_prime_bits was added. This may be needed
to use TLS/SSL with servers that use a small Diffie-Hellman (DH) prime size.
- The configuration command tls_priorities was added. This allows to fine tune
TLS/SSL session parameters.
Version 1.4.14:
- The -t option now properly supports Resent-* headers.
- The --read-envelope-from option was added. It allows to read the envelope from
address from the From header.
- The environment variables SMTPSERVER and EMAIL can be used to configure msmtp
for simple use cases.
- Support for the Mac OS X keychain was added by Jay Soffian.
Version 1.4.13:
- Useful scripts are now distributed in the scripts subdirectory.
- The license was updated to GPLv3 or later (source code) and GFDLv1.2 or later
(documentation).
Version 1.4.12:
- No significant changes.
Version 1.4.11:
- Security improvements:
- TLS requires tls_trust_file or a disabled tls_certcheck now, so that it is
not silently vulnerable to man-in-the-middle attacks.
- NTLM authentication is considered insecure because it is undocumented. It is
therefore not used automatically without TLS anymore.
Version 1.4.10:
- No significant changes.
Version 1.4.9:
- No significant changes.
Version 1.4.8:
- No significant changes.
Version 1.4.7:
- The configuration command tls_force_sslv3 was added. This is needed to use
TLS/SSL with some old and broken servers.
Version 1.4.6:
- The options to the configure script have changed! See the first few
paragraphs of INSTALL for details.
- Optional support for Internationalized Domain Names (IDN) was added.
GNU Libidn is required for this.
Version 1.4.5:
- Only minor tweaks.
Version 1.4.4:
- Support for the sendmail -F option (accepted but ignored).
- Removed the OpenSSL exception note from the license information.
Version 1.4.3:
- Automatic envelope-from addresses are only generated when auto_from is enabled
with the new auto_from command or --auto-from option.
This allow empty envelope from addresses to be set with the from command or
--from option.
Version 1.4.2:
- The 'connect_timeout' setting was replaced by a 'timeout' setting that applies
to all network operations. The old option and command are still accepted, but
they are not restricted to connection attempts anymore.
- Native language support (NLS) was added. Currently the only supported language
besides english is german, but it is easy to add more translations (hint,
hint)!
Version 1.4.1:
- Only bug fixes, no new features.
Version 1.4.0:
- This is the new stable release of msmtp.
BEWARE: When upgrading from 1.2.4, note that
- Authentication is not enabled automatically anymore! Insert the command
"auth on" into account definitions that need it.
- Some command line options have changed!
- Summary of new features since 1.2.4:
- Sendmail compatible command line options, including -t, -N, and -R
- New long options to configure almost everything on the command line
- Optional account selection with -f/--from
- Support for a system wide configuration file
- Optional automatic construction of envelope from addresses
- More flexible account definitions
- Configurable connection timeouts
- Improved log file logging
- Syslog logging
- Improved TLS/SSL support
- Support for LMTP
- Support for the EXTERNAL and GSSAPI authentication methods
- Support for .netrc and password prompting
- Rewritten documentation, available in various formats
- New since 1.3.9:
- No new features, but minor improvements mainly regarding interoperability
and performance. And some minor bug fixes.
Version 1.3.9:
- Added support for the .netrc file: If a password is needed but none is given,
msmtp will try to find it in ~/.netrc, and if that fails, msmtp will prompt
you for it.
- The authentication user name is included in the log if authentication is used.
Suggested by Jim Fohlin.
- An account from the system configuration file cannot be partially changed in
the user configuration file anymore; it must be replaced completely instead.
- Added LMTP support.
Version 1.3.8:
- The default values from a defaults section in a system configuration file
are not valid in the user configuration file anymore, to prevent changes in
the system configuration file from breaking user setups.
Version 1.3.7:
- The user configuration file is required to have no more permissions than
0600 (user read/write).
- Added specialisation to account definitions. See documentation of the
account command and the example files.
- Added the new connect_timeout command and --connect-timeout option.
- The password will be prompted for if none is given in the configuration file.
Version 1.3.6:
- New documentation!
It was rewritten using texinfo, which allows easy generation of html and pdf
documents.
The man page is still up to date and will not be dropped.
- A new configuration file command ("defaults") to set default values for all
following accounts was added. Suggested by Jim Fohlin.
- Support for EXTERNAL authentication was added.
- You need GnuTLS >= 1.2.0 now if you want GnuTLS support.
- bug fixes!
Version 1.3.5:
- A system wide configuration file SYSCONFDIR/msmtprc will be used if it exists.
It's settings will be overridden by the the user configuration file.
Use the --sysconfdir configure option to set SYSCONFDIR to something other
than /usr/local/etc.
- If no envelope from address is given, msmtp will construct one using the user
name and the mail domain (if given).
- New command/options pairs:
- maildomain/--maildomain to set the domain part of constructed envelope from
addresses
- syslog/--syslog to enable logging to syslog
Version 1.3.4:
- Just some cleanups and bugfixes. The built-in CRAM-MD5 code works again.
Version 1.3.3:
- support for Remote Message Queue Starting (RMQS) was added, see option --rmqs
- msmtp can now print information about the peer's TLS certificate.
Use --serverinfo (or --debug) to see it
- If you want GnuTLS as your TLS library, you need a version >= 1.1.23 now
Version 1.3.2:
- You need gsasl or libgsasl >= 0.2.4 if you want GNU SASL support
- Various bugfixes
Version 1.3.1:
- fixed the -t option
Version 1.3.0:
- INCOMPATIBLE CHANGES:
- configuration file:
- The auth command is now *required* to activate authentication. Just
setting user name and password is not enough anymore
- The tls_nostarttls command should be changed to "tls_starttls off",
though the old command is still supported
- The tls_nocertcheck command should be changed to "tls_certcheck off",
though the old command is still supported
- command line:
- Changed short options (because of collision with sendmail options):
-p is now -P
-F is now -C
-v is not available anymore, use --version
-h is not available anymore, use --help
- If you used -f/--from without -a/--account to override the envelope from
address of the default account, you have to use --account=default
explicitly now, because otherwise msmtp tries to find an account matching
the from address
- NEW FEATURES:
- Sendmail compatible interface
- Almost all options can now be set on the command line
- Support for the sendmail -t option (read additional recipient addresses
from the To, Cc, and Bcc headers of the mail)
- You can choose the account using the -f/--from option:
If you use -f/--from but not -a/--account, the first account of the
configuration file that has a matching envelope from address will be used
- GSSAPI authentication (you need GNU SASL >= 0.2.3 with GSSAPI support)
- New command ntlmdomain to set the domain parameter for NTLM authentication
- CHANGES:
- Long option support on all platforms (thanks to gnulib)
- Enhanced almost all commands to allow unsetting of features
- Changed log file information: Instead of conffile/account, log
information about host, tls, auth, and from.
Version 1.2.4:
- No new features.
Version 1.2.3:
- IPv6 support on Windows systems
- The configuration file supports all commands and arguments related to
TLS and authentication, even if TLS and/or GNU SASL support is not
compiled in
- The GNU SASL library is not required to support DIGEST-MD5 and NTLM
anymore. This means you can now use the packaged versions of the library
from Gentoo or Debian sarge.
- You can use the -v/--version option to find out which authentication
methods are supported.
Version 1.2.2:
- Enhancements to the logfile command:
- All available information is now written to the logfile (new fields:
mailsize=..., smtpmsg='...', errormsg='...').
- Logging to standard output is possible by using "logfile -"
Version 1.2.1:
- No new features.
Version 1.2.0:
- This version can be compiled without TLS/SSL support; use
--disable-ssl if you really want that.
- Read the entries for versions 1.1.x for more changes since the last
stable version 1.0.0.
Version 1.1.3:
- New option -i for compatibility with mail(1).
- New 'logfile' command; see man page for details.
Version 1.1.2:
- No user visible changes.
Version 1.1.1:
- The tls_nostarttls command now sets the default port to 465 (ssmtp).
Version 1.1.0:
- Support for SMTP command pipelining. On high latency networks, this
may increase transmission speed, especially when sending to many
recipients.
- The short option for --file, -f, has changed to -F
- A new option --from/-f is available to set the envelope from address.
- A new option --serverinfo/-S is available to print information
about the capabilities and limitations of an SMTP server
Version 1.0.0:
- New feature: tilde expansion for filenames in the configuration file
Version 0.7.2:
- This version adds native support for Windows 9x/ME/NT/2000/XP/2003
(with MinGW) and DOS (with DJGPP and the Watt32 library).
Version 0.7.1:
- New command: 'domain'
- New options: --pretend and --debug
Version 0.7.0:
- Support for DSN (Delivery Status Notifications) was added via
the new commands 'dsn_notify' and 'dsn_return'.
- The 'tls_nocertcheck' command was added. It disables all server
certificate checks. Use it if you get certificate check errors but
still want to use the SMTP server with TLS/SSL.
- The 'nostarttls' command is now called 'tls_nostarttls'.
Please update your configuration file.
Version 0.6.5:
- License clarification:
msmtp is released under the GPL with the additional exemption that
compiling, linking, and/or using OpenSSL is allowed.
- If you want to use GnuTLS instead of OpenSSL, you will now need
GnuTLS >= 1.0.0 and libgcrypt >= 1.1.90!
- msmtp now works on systems that lack IPv6 support
- msmtp now accepts arbitrary long lines in mails
Version 0.6.4:
- fixed configuration file code
Version 0.6.3:
- portability fix for Mac OS X (Randolph Fritz)
- fixed --disable-gsasl configure option
- man page improvements
Version 0.6.2:
- use GNU Autotools (Christophe Nowicki)
- fixed wildcard support in server certificate's Common Name field
Version 0.6.1:
- improved certificate check/verification with OpenSSL
- code cleanups
Version 0.6.0:
- Added sanity checks of server certificate when using TLS
- Strict server certificate verification with tls_trust_file command
- Possibility to send client certificate if requested (tls_key_file and
tls_cert_file commands)
- Optional support for GnuTLS instead of OpenSSL
- Optional support for GSASL (adds DIGEST-MD5 and NTLM authentication methods)
- Arguments in the configuration file may now contain blanks
- Removed the possibility to choose the TLS version with the tls command
- Proper recognition of server capabilities (EHLO response)