Re: New development version [was: (no subject)]

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New development version [was: (no subject)]

Jakob Bohm-6
On 25/07/2017 03:17, Sam Varshavchik wrote:

> Download: http://www.courier-mta.org/download.html
>
> New development build of Courier is available. The major change is a
> top-to-bottom rewrite of the SMTP client, and a new mail filter
> (making use of the rewritten SMTP client). The SMTP client rewrite
> will result in a (several) version change bump, down the road.
>
> The OpenSSL 1.1.0 change is also in the courier-imap package, and the
> maildrop change in the maildrop package.
>
> Changes:
>
> - OpenSSL 1.1.0 update. Custom protocol level format selection has
> been deprecated. The TLS_PROTOCOL setting is removed from all
> configuration files, and the latest supported TLS version will always
> be used. No changes to the GnuTLS alternative option.
>
Is there (still?) a setting to configure the oldest TLS version to
accept (e.g. to accept or reject TLS 1.0 depending if that is needed
by any of the authorized clients)?

Have you included the (separate from the cipher priority list) ability to
set OpenSSL options from the courier configuration (this is a common
omission, I don't remember if courier is one of the affected programs).
Note that for OpenSSL, this would automatically include the ability to
set the minimum TLS version, but that might not be true for GnuTLS, and
the syntax would certainly differ.

> - maildrop: added the new "system" command.
>
> - The SMTP sending code has been rewritten and factored out into an
> internal library.
>
> - New "verifyfilter" module, a filter module that verifies the email
> sender address by initiating a callback connection to the sender's
> domain, using the internal SMTP library. The module is also available
> as a "verifysmtp" command-line tool, that does the same.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Courier-imap mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New development version [was: (no subject)]

Sam Varshavchik
Jakob Bohm writes:

> On 25/07/2017 03:17, Sam Varshavchik wrote:
>> Download: http://www.courier-mta.org/download.html
>>
>> New development build of Courier is available. The major change is a top-to-
>> bottom rewrite of the SMTP client, and a new mail filter (making use of the  
>> rewritten SMTP client). The SMTP client rewrite will result in a (several)  
>> version change bump, down the road.
>>
>> The OpenSSL 1.1.0 change is also in the courier-imap package, and the  
>> maildrop change in the maildrop package.
>>
>> Changes:
>>
>> - OpenSSL 1.1.0 update. Custom protocol level format selection has been  
>> deprecated. The TLS_PROTOCOL setting is removed from all configuration  
>> files, and the latest supported TLS version will always be used. No changes  
>> to the GnuTLS alternative option.
>>
> Is there (still?) a setting to configure the oldest TLS version to
> accept (e.g. to accept or reject TLS 1.0 depending if that is needed
> by any of the authorized clients)?
The *method() OpenSSL API calls that were directly controlled by this  
TLS_PROTOCOL setting are marked as deprecated in OpenSSL 1.0. Using them  
generates a compiler warning, and they're going to be gone at some point.  
There was no point in still using them, as the next major/minor/whatever  
update to OpenSSL will remove them completely from the API.

> Have you included the (separate from the cipher priority list) ability to
> set OpenSSL options from the courier configuration (this is a common
> omission, I don't remember if courier is one of the affected programs).
> Note that for OpenSSL, this would automatically include the ability to
> set the minimum TLS version, but that might not be true for GnuTLS, and
> the syntax would certainly differ.

Hmmm. That's a good point. Looks like those options were tied into the  
TLS_PROTOCOL setting; they all used the sole remaining protocol method  
selector; but also added the specific option setting. Yeah, I did remove all  
of that too, but looks like I'll need to bring it back.



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Courier-imap mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap

attachment0 (817 bytes) Download Attachment
Loading...