Release Notes: This release fixes one security related bug by properly closing file descriptors (except stdin, stdout, and stderr) before executing programs. This bug could enable local users to interfere with an open SMTP connection if they can execute their own program for mail delivery (e.g., via procmail or the prog mailer).
Release Notes: This version fixes some problems, mostly related to IPv6. Unfortunately the Build script of 8.14.8 contains a regression, causing it to work improperly on some operating systems. A patch is available.
Release Notes: This version fixes the handling of NUL characters ('\0') in mail bodies by the MIME conversion functions, which are used even if no explicit conversion is happening, e.g., if MaxMimeHeaderLength is not zero, as well as some other problems.
Release Notes: This release fixed a problem where if a server offered two AUTH lines, the MTA would not read them after STARTTLS has been used and hence SMTP AUTH for the client side would fail. Hostnames are no longer cached internally in a non-case sensitive way, as that may cause addresses to change from lower case to upper case or vice versa. An issue where it was possible that new queue runners could not be started if MaxQueueChildren was set was fixed. A 8.14.6.milter.EHLOmacros patch is also available.
Release Notes: SMTP extensions are no longer cached across connections, as the cache is based on hostname, which may not be a unique identifier for a server, i.e. different machines may have the same hostname but provide different SMTP extensions. Out-of-bounds access is avoided in case a resolver reply for a DNS map lookup returns a size larger than 1K. The interrupt signal handler has been cleaned up to avoid invoking functions that are not signal-safe. At most, two AUTH lines are read from a server to avoid a memory exhaustion DoS attack against the client.
Release Notes: This version fixed a problem where some certificate authorities do not properly check the requests they are signing and hence allow spoofing via an embedded NUL in the CN entry. A workaround for a Linux resolver problem has been added to avoid core dumps. A bug where the value of headers, e.g., Precedence, Content-Type, et.al., was not extracted correctly thus preventing them from being recognized properly was fixed. An erroneous reduction of the length limitation on a return path was fixed.
Release Notes: The MTA accessed storage after it free()d it. This was a regression introduced in 8.14.2. The libmilter state engine did not deal correctly with milters that requested the omission of protocol steps during the negotiation callback.
Release Notes: This release fixes some problems. For example, fixes were made for a bug in the milter function smfi_chgfrom() which could cause the loss of a message body, the handling of queued messages with 8 bit characters in From: or To: header which could be "mistaken" for internal control characters during a queue run and trigger various consistency checks, and the handling of lines longer than MAXLINE-1 characters in certain cases.
Release Notes: If a milter rejected a recipient, the MTA still kept it in its list of recipients, and delivered to it if the transaction was accepted. The new DaemonPortOptions that begin with a lower case character can now be set.
Release Notes: Headers are 8-bit "transparent" and the milter API has been extended.