Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

"Plastic gun. Ingenious. More coffee, please." -- The Phantom comics

computers / comp.mail.sendmail / Re: pre-requisites for _FFR_MTA_STS

SubjectAuthor
* sendmail snapshot 8.17.0.0Claus Aßmann
`* Re: sendmail snapshot 8.17.0.0Alex Haut
 `- Re: pre-requisites for _FFR_MTA_STSClaus Aßmann

1
sendmail snapshot 8.17.0.0

<s6s85u$par$1@news.misty.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=130&group=comp.mail.sendmail#130

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!aioe.org!goblin3!goblin.stu.neva.ru!news.misty.com!.POSTED!not-for-mail
From: ml+sendm...@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: sendmail snapshot 8.17.0.0
Date: Tue, 4 May 2021 19:43:58 +0000 (UTC)
Organization: MGT Consulting
Lines: 85
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <s6s85u$par$1@news.misty.com>
NNTP-Posting-Host: kiel.esmtp.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: news.misty.com 1620157438 25947 195.244.235.220 (4 May 2021 19:43:58 GMT)
X-Complaints-To: abuse@misty.com
NNTP-Posting-Date: Tue, 4 May 2021 19:43:58 +0000 (UTC)
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Tue, 4 May 2021 19:43 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

sendmail snapshot 8.17.0.0 is available for testing. It offers
even more functionality to control the input from clients: rejecting
HTTP commands at more stages and a new ruleset check_other.

8.17.0/8.17.0 202X/XX/XX
Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533)
is available when using the compile time option USE_EAI
(see also devtools/Site/site.config.m4.sample for other
required settings) and the cf option SmtpUTF8.
For mail submission the new command line option -U must
be used to specify SMTPUTF8.
Please test and provide feedback.
Experimental support for SMTP MTA Strict Transport Security
(MTA-STS, see RFC 8461) is available when using
- the compile time option _FFR_MTA_STS,
- FEATURE(sts), which implicitly sets the cf option
StrictTransportSecurity,
- postfix-mta-sts-resolver, see
https://github.com/Snawoot/postfix-mta-sts-resolver.git
New ruleset check_other which is called for all unknown SMTP
commands in the server and for commands which do not
have specific rulesets, e.g., NOOP and VERB.
New ruleset clt_features which can be used to select features
in the SMTP client per server. Currently only two
flags are available: D/M to disable DANE/MTA-STS,
respectively.
Avoid leaking session macros for an envelope between
delivery attempts to different servers. This problem
could have affected check_compat.
Avoid leaking actual SMTP replies between delivery attempts
to different servers which could cause bogus logging
of reply= entries.
Change default SMTP reply code for STARTTLS related problems
from 403 to 454 to better match the RFCs.
Fix a theoretical buffer overflow when encountering an
unknown/unsupported socket address family on an
operating system where sa_data is larger than 30
(the standard is 14). Based on patch by Toomas Soome.
Previously the commands GET, POST, CONNECT, or USER terminate
a connection immediately only if sent as first command.
Now this is also done if any of these is sent directly
after STARTTLS or if the 'h' option is set via
srv_features.
CONFIG: New FEATURE(`check_other') to provide a default
check_other ruleset.
MAIL.LOCAL: Enhance some error messages to simplify
troubleshooting.
Portability:
Add support for Darwin 19.
Added Files:
cf/feature/check_other.m4
cf/feature/sts.m4
devtools/OS/Darwin.19.x

Available at:
https://ftp.sendmail.org/snapshots/sendmail.8.17.0.0.tar.gz
https://ftp.sendmail.org/snapshots/sendmail.8.17.0.0.tar.gz.sig

SHA256 (sendmail.8.17.0.0.tar.gz) = 786734fb6b6c1a14fa58beab90df9ed4dbcfe59128181e072066529e3284ad07
SHA256 (sendmail.8.17.0.0.tar.gz.sig) = 8620871eadbb66a753e1e3ceef75bed181c19b8cb4cabb5633cea6fa5c10580a
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJgkaGKAAoJEExm6o1L7hvulioP/juftpkYyugwh0jrZGcMPcea
S0ENbdW6vkPh1x2DgJokpStXYyw1W5sTXCXPOR21xHlf1ncAbQjuWqiNPqub70cz
kY61LioMyz4zndA7vpKPRXp6cPA1oCVm0JbboBDu0YMh2xDViMBs+nriAaWf8nVS
1Ui5KykvbUJ8Wz7MoBj0f/DCp9qUR21RBa72uM2C49KC7JUe4JD2j1DdeFHJNiL9
PTdS6mO0PpYl6E12DPr8gAJs8QEks83B9JGGUjUZUyUqyNXywcpZQwE0xXMTiCVE
UJoxPafk+sfE2amj6/y/9jEZvGY+dhVVI4fNBXfbKLI2ik2fFY/AUNS02iduDm9I
kjDGSykG/6i8YkhGOJx8G5Wbqvf9E9Bk2ZPSb86gjKu5211/AouVbiLGkKdtX8i4
PHEFCQOFwL92F3Gp/V5fOU6YGG1CQOYNPE+EWOFde/+WXQm0hJBZGv/x4qnzbKwn
v42iw9xg6H5QEhjyNMf1h6OfMQyOHqKH3ee5bgrQjUD2jFJteCWteVcXiar7iAgu
kiPSwcFPp4xiHBpU7yCbsIW095R7QRTbTi439f+3v102cXHspA6gD1Mc8JW4OHV2
hbEOZoTF8d/MMO9RMQX+gAn0DwhvlIVq+6Dgy/TRcUsPnlxixXO4Tfp38zKW6W43
8GJ+NlbGbZzcf0Vs8Z+J
=15Q4
-----END PGP SIGNATURE-----

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

Re: sendmail snapshot 8.17.0.0

<b3bf4932-ec5d-4a55-a142-4d211eb84d68n@googlegroups.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=140&group=comp.mail.sendmail#140

  copy link   Newsgroups: comp.mail.sendmail
X-Received: by 2002:a05:622a:2d2:: with SMTP id a18mr18407889qtx.296.1620573038994;
Sun, 09 May 2021 08:10:38 -0700 (PDT)
X-Received: by 2002:a5b:f41:: with SMTP id y1mr28273466ybr.163.1620573038769;
Sun, 09 May 2021 08:10:38 -0700 (PDT)
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.mail.sendmail
Date: Sun, 9 May 2021 08:10:38 -0700 (PDT)
In-Reply-To: <s6s85u$par$1@news.misty.com>
Injection-Info: google-groups.googlegroups.com; posting-host=74.103.45.242; posting-account=Ql-QGQoAAAAKArkTQ9b8iVcz0j7SpopW
NNTP-Posting-Host: 74.103.45.242
References: <s6s85u$par$1@news.misty.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <b3bf4932-ec5d-4a55-a142-4d211eb84d68n@googlegroups.com>
Subject: Re: sendmail snapshot 8.17.0.0
From: hqu...@gmail.com (Alex Haut)
Injection-Date: Sun, 09 May 2021 15:10:38 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
 by: Alex Haut - Sun, 9 May 2021 15:10 UTC

Hi Claus.

I did not see _FFR_TLS_ALTNAMES listed as a pre-requisite for _FFR_MTA_STS. Not sure this was expected, but thought to let you know.

cc -M -I. -I../../include -DNEWDB -DNETINET6 -DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS -DMAP_REGEX -DSOCKETMAP -DTLS_EC -DDNSSEC_TEST -DUSE_EAI -D_FFR_MTA_STS -DMILTER main.c alias.c arpadate.c bf..c collect.c conf.c control.c convtime.c daemon.c deliver.c domain.c envelope.c err.c headers.c macro.c map.c mci.c milter.c mime.c parseaddr.c queue.c ratectrl.c readcf.c recipient.c sasl.c savemail.c sfsasl.c shmticklib.c sm_resolve.c srvrsmtp.c stab.c stats.c sysexits.c timers.c tlsh.c tls.c trace.c udb.c usersmtp.c util.c version.c >> Makefile
conf.c:6603:4: error: invalid preprocessing directive #ERROR
6603 | # ERROR: "_FFR_MTA_STS requires _FFR_TLS_ALTNAMES"
| ^~~~~
make[1]: *** [Makefile:402: depend] Error 1

Re: pre-requisites for _FFR_MTA_STS

<s79bp7$1sr$1@news.misty.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=141&group=comp.mail.sendmail#141

  copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!paganini.bofh.team!goblin3!goblin.stu.neva.ru!news.misty.com!.POSTED!not-for-mail
From: ml+sendm...@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: pre-requisites for _FFR_MTA_STS
Date: Sun, 9 May 2021 19:05:11 +0000 (UTC)
Organization: MGT Consulting
Lines: 14
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <s79bp7$1sr$1@news.misty.com>
References: <s6s85u$par$1@news.misty.com> <b3bf4932-ec5d-4a55-a142-4d211eb84d68n@googlegroups.com>
NNTP-Posting-Host: kiel.esmtp.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: news.misty.com 1620587111 1947 195.244.235.220 (9 May 2021 19:05:11 GMT)
X-Complaints-To: abuse@misty.com
NNTP-Posting-Date: Sun, 9 May 2021 19:05:11 +0000 (UTC)
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Sun, 9 May 2021 19:05 UTC

Alex Haut wrote:

> I did not see _FFR_TLS_ALTNAMES listed as a pre-requisite for _FFR_MTA_STS. Not sure
> this was expected, but thought to let you know.

None of the pre-requisites were listed -- I've added them to the
release notes, but I'm not sure that's a good place. Suggestions?

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor