Hi,
for all folks who still use TLS encryption, I update UCSPI-SSL (0.94) and
Qmail/Spamcontrol (2.7.31).
Apart from two bug fixes, the following is new:
- qmail-pop3d session can be made mandatory STLS encrypted (if possible),
thus not leaking the userid/password (in case APOP is not an option).
The 'enriched' UCSPITLS environment variable (by means of '!': force and
'-': skip) can be used for qmail-pop3d connections in the same manner as
for qmail-smtpd.
- qmail-smtpd supports now X.509 client cert based authentication/relaying.
However, this probably requires ucspi-ssl 0.94 because the mandatory
hostname verification can be disabled by using the additional option '-m'
complementing '-Z' and '-z'.
- qmail-smtpd allows in addition to demand that the email address presented
in the DN has to match the 'Mail From:' address. For this case, the
LOCALMFCHECK variable supports now the character '?' triggering this
comparison.
Sources:
UCSPI-SSL: http://www.fehcom.de/ipnet/ucspi-ssl.html
Spamcontrol: http://www.fehcom.de/qmail/spamcontrol.html
Don't hesitate to send any problems you've obsererd with current
developments to me.
The SW ist 64 bit save and compiles well with clang.
Best regards.
--eh.
--
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ | PGP-Key-Id: 7E4034BE
for all folks who still use TLS encryption, I update UCSPI-SSL (0.94) and
Qmail/Spamcontrol (2.7.31).
Apart from two bug fixes, the following is new:
- qmail-pop3d session can be made mandatory STLS encrypted (if possible),
thus not leaking the userid/password (in case APOP is not an option).
The 'enriched' UCSPITLS environment variable (by means of '!': force and
'-': skip) can be used for qmail-pop3d connections in the same manner as
for qmail-smtpd.
- qmail-smtpd supports now X.509 client cert based authentication/relaying.
However, this probably requires ucspi-ssl 0.94 because the mandatory
hostname verification can be disabled by using the additional option '-m'
complementing '-Z' and '-z'.
- qmail-smtpd allows in addition to demand that the email address presented
in the DN has to match the 'Mail From:' address. For this case, the
LOCALMFCHECK variable supports now the character '?' triggering this
comparison.
Sources:
UCSPI-SSL: http://www.fehcom.de/ipnet/ucspi-ssl.html
Spamcontrol: http://www.fehcom.de/qmail/spamcontrol.html
Don't hesitate to send any problems you've obsererd with current
developments to me.
The SW ist 64 bit save and compiles well with clang.
Best regards.
--eh.
--
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/ | PGP-Key-Id: 7E4034BE