- Fixed a security problem in msmtpd: mail addresses starting with '-'
could be interpreted as options of the pipe command.
- msmtpd now supports logging to syslog or to a file with the
option --log, and authentication (for special use cases) with the
option --auth.
- The 'from' command now accepts patterns (as in shell file name
matching) so that many envelope from addresses given with --from can
match the same account
- Added support for %H, %C, %M in the domain command
- msmtpd now supports sysexits.h error codes from the pipe command
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
The following distfiles were unfetchable (possibly fetched
conditionally?):
./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch
Changelog:
Version 1.8.15:
- Added support for SCRAM-SHA-256 authentication via GNU SASL
Version 1.8.14:
- Added support for libtls as an alternative to GnuTLS
Version 1.8.13:
- Added support for XOAUTH2, the predecessor of OAUTHBEARER.
- The passwordeval command can now handle very long input, which can be
necessary for OAUTHBEARER and XOAUTH2.
- GnuTLS >= 3.4 is required
Changes:
1.8.12
------
- msmtpd now supports session reuse and improves standards compliance
- Automatic account matching now supports subaddresses. For example,
user+detail@example.com will match account user@example.com.
Changelog:
Version 1.8.11:
- Add a new undisclosed_recipients command and --undisclosed-recipients option
to replace To, Cc, Bcc with a single "To: undisclosed-recipients:;" header.
- Improved handling of temporary files on Windows systems.
- Re-enabled support for systems lacking vasprintf(), such as IBM i PASE.
Changes:
1.8.10
------
- The msmtpq script was fixed (it was accidently broken in 1.8.8)
[that was partially fixed in 1.8.9, that was omitted in the release notes]
- Updated translations.
- New serbian translation is included.
1.8.8
-----
- Added a new socket command and --socket option to connect via local sockets.
- Added a new tls_host_override command and --tls-host-override option to
override the host name used for TLS verification.
- Added a new set_from_header command and --set-from-header option with three
settings:
- on: always set a From header, possibly replacing an existing one
- off: never set a From header
- auto: add a From header if there is none (this is the default).
This replaces the add_missing_from_header option (which remains supported).
- Added a new set_date_header command and --set-date-header option with two
settings:
- off: never set a Date header
- auto: add a Date header if there is none (this is the default).
This replaces the add_missing_date_header option (which remains supported).
- Fixed the handling of empty From headers with --read-recipients/-t.
- Fixed the source_ip command for proxies.
Changes:
1.8.7
-----
- Extend `from' command that sets the envelope from address: the
patterns %U, %H, %C, %M are now replaced with user name, host name,
canonicalized host name, and the contents of /etc/mailname. This is
useful for system-wide installations and is more powerful than the old
auto_from and maildomain commands, which are now deprecated (but still
supported, of course).
1.8.6
-----
- Aliases are now expanded recursively
- Minor bug fixes
Changes:
1.8.5
-----
- Fixed OAUTHBEARER.
- Support for TLS client certificates via PKCS11 devices, e.g. smart cards.
- Various small bug fixes and improvements.
Changes:
1.8.3
-----
This version fixes a security problem that affects version 1.8.2
(older versions are not affected): when the new default value system
for tls_trust_file is used, the result of certificate verification
was not properly checked.
Changes:
Version 1.8.2:
- To simplify TLS setup, the tls_trust_file command has a new default value
'system' that selects the system default trust. Now you just need tls=on to
use TLS; the other TLS options are only required in special cases.
To make this work without breaking compatibility with older msmtp versions,
tls_fingerprint now overrides tls_trust_file, and tls_certcheck=off overrides
both (previously, you could not specify contradicting options).
- To simplify setup, a new option '--configure <mailaddress>' was added that
automatically generates a configuration file for a given mail address.
However, this only works if the mail domain publishes appropriate SRV records.
Version 1.8.1:
- Fixed our TLS code to support TLS 1.3 with GnuTLS.
pkgsrc changes:
- Update HOMEPAGE and MASTER_SITES
- Remove inet6 option (it was actually a no-op)
- Adjust libidn dependency to libidn2 per 1.8.0 change
- Cleanup the options.mk a bit: no need to add pkg-config to USE_TOOLS, it was
already needed as tool and remove all --with-*-prefix= because pkg-config is
used for that
Changes:
Version 1.8.0:
- A minimal SMTP server called msmtpd was added that listens on the local host
and pipes mails to msmtp (or another program). It is intended to be used with
system services that cannot be configured to call msmtp directly. You can
disable it with the configure option --without-msmtpd.
- Using OpenSSL is discouraged and may not be supported in the future. Please
use GnuTLS instead. The reasons are explained here:
https://marlam.de/msmtp/news/openssl-discouraged/
- As using GNU SASL is most likely unnecessary, it is disabled by default now.
Since everything uses TLS nowadays and thus can use PLAIN authentication, you
really only need it for GSSAPI.
- If your system requires a library for IDN support, libidn2 is now used instead
of the older libidn.
- The CRAM-MD5 authentication method is marked as obsolete / insecure and will
not be chosen automatically anymore.
- The passwordeval command does not require the password to be terminated by a
new line character anymore.
- The new logfile_time_format command allows to customize log file time stamps.
- Builtin default port numbers are now used instead of consulting /etc/services.
- Support for DJGPP and for systems lacking vasprintf(), mkstemp(), or tmpfile()
is removed.
Version 1.6.8:
- Add --source-ip option and source_ip command to bind the outgoing connection
to a specific source IP address.
- Enable SNI for TLS
Version 1.6.7:
- Add support for ~/.config/msmtp/config as configuration file
- Add network timeout handling on Windows
- Fix command line handling of SHA256 TLS fingerprints
- Fix SIGPIPE handling (affects at least Mac OS X)
- Add french translation, and update german translation
msmtp provides MacOS X Keychain support by using the configuration
option `--with-macosx-keyring`. With this setting enabled passwords
for msmtp can be stored in the MacOS X keychain.
From Thomas Merkel in NetBSD/pkgsrc#14
pkgsrc changes:
- (cosmetic) fix a pkglint warning and proper indent variables in options.mk
Changes:
Version 1.6.5:
- Support SHA256 fingerprints for tls_fingerprint, and mark both SHA1 and MD5 as
deprecated.
pkgsrc changes:
- Remove patches/patch-src_Makefile.in that seems no more needed
Changes:
Version 1.6.3:
- A bug in SOCKS support was fixed.
- Handling non-fatal errors in TLS handshakes was fixed.
pkgsrc changes:
- gnome-keyring option has changed to secret option to reflect the upstream
change. For more information please read the changelog below.
Changes:
Version 1.6.1:
- The new configure option --with-tls replaces --with-ssl.
- A new configure option --disable-gai-idn was added.
Version 1.6.0:
- Support for SOCKS proxies was added. This allows msmtp to be used with Tor.
- GNOME Keyring support now uses libsecret instead of libgnome-keyring. It is
now documented how to use secret-tool to manage passwords for msmtp; the
obsolete msmtp-gnome-tool script is removed.
- Configuration file security is now only checked if the file actually contains
secrets such as passwords. (If you still store passwords in the configuration
file, consider using the passwordeval command or a key ring instead.)
- The GSSAPI authentication method is not chosen automatically anymore, you have
to request it manually if you really want to use it.
- From: and Date: headers are now added to mails if necessary, for compatibility
with sendmail, postfix, exim, and other MTAs. This can be disabled with the
add_missing_from_header and add_missing_date_header commands.
- Libidn is not required for IDN support anymore on systems where getaddrinfo()
supports the AI_IDN flag and the GnuTLS version is >= 3.4.0.
- The new remove_bcc_headers command replaces the old keepbcc command (but the
old command is still supported for compatibility).
- SSLv3 is disabled, and the obsolete tls_force_sslv3 command and
--tls-force-sslv3 option have no effect anymore.
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
