Change Log

2.5.2 -> 2.6

  • New --log-format option (eg. --log-format=address,port).
  • New --server-smtp-config nostrictparsing option to allow missing RCPT-TO angle brackets.
  • The SMTP server converts incoming e-mail addresses to RFC-5890 A-labels by default (see NEWS).
  • The mx: filter accepts an IP address in the envelope forward-to field, not just a domain name.
  • Pop-by-name sub-directories are automatically created if necessary.
  • The --forward-to domain names can be UTF-8.
  • Windows configuration files always use UTF-8 character encoding.
  • The Windows installer puts options in emailrelay.cfg, not emailrelay-start.bat.
  • The Windows service wrapper will read emailrelay.cfg if there is no batch file.
  • The SMTP client EHLO parameter is controlled by --domain (as in v2.3) but IP address if not a FQDN.
  • The emailrelay-submit utility can parse recipient addresses out of content headers.
  • On Windows --no-daemon is deprecated in favour of --show=window.
  • The Windows event loop supports more concurrent connections [bug-id #59].

2.5.1 -> 2.5.2

  • Windows build scripts reworked.
  • Filters can be Windows PowerShell .ps1 scripts.
  • Fix for client protocol [bug-id #57].

2.5 -> 2.5.1

  • Filters can control the SMTP server's error response code.
  • Proxying with --immediate passes back SMTP reponses more faithfully.
  • The --disable-admin build-time configure option is restored.
  • New smtp disable admin command to disable new SMTP sessions.
  • Fewer Windows handles inherited by filter programs [bug-id #55].
  • Fix for --dnsbl option parsing.

2.4 -> 2.5

  • Multiple configurations in one process.
  • SMTP PIPELINING (RFC-2920).
  • SMTP CHUNKING/8BITMIME 'BDAT' extension (RFC-3030), disabled by default.
  • SMTP SMTPUTF8 extension (RFC-6531), disabled by default.
  • No 7-bit/8-bit check on received message content (see NEWS file).
  • New built-in filters: deliver:, split:, copy:, mx:, msgid:.
  • New built-in address verifier: account:
  • No .local files (see NEWS file).
  • PAM authentication is now enabled with --server-auth=pam: not /pam.
  • Client authentication details can be given directly from the command-line.
  • Multiple client authentication secrets, selected by a new envelope field.
  • Main binary can act as a simple submission tool (configure --enable-submission).

2.3 -> 2.4

  • Multiple --filter and --client-filter options allowed.
  • TLS key and certificate files can be specified separately.
  • Finer control when using --anonymous (eg. --anonymous=server).
  • The auth-config options can distinguish between TLS and non-TLS authentication.
  • Hourly log file rotation using h (eg. --log-file=log.d.h).
  • Listening file descriptors can be inherited from the parent process (see --interface).
  • Listening ports on Windows use exclusive binding.
  • The Linux event loop uses epoll by default rather than select.
  • Some support for message routing (see NEWS).
  • Fix of error handling in network client filters (--client-filter=net:...) [bug-id #50].

2.2 -> 2.3

  • Unix domain sockets supported (eg. --interface=/tmp/smtp.s).
  • Windows event log not used for verbose logging (prefer --log-file).
  • New admin forward command to trigger forwarding without waiting.
  • Optional base64 encoding of passwords in secrets files (plain:b).
  • Support for MbedTLS version 3.

2.1 -> 2.2

  • Connections from IPv4 'private use' addresses are allowed by default (see --remote-clients).
  • Interface names can be used with --interface (eg. --interface=eth0).
  • New --server-tls-connection option for server-side implicit TLS.
  • New --forward-to-some option to permit some message recipients to be rejected.
  • New --log-address option to aid adaptive firewalling.
  • Dynamic log file rolling when using --log-file=d.
  • Choice of syslog 'facility' on Linux with --syslog=local0 etc.
  • Pipelined SMTP QUIT commands sent by broken clients are tolerated.
  • Better handling of overly-verbose or unkillable --filter scripts.
  • Optional epoll event loop on Linux (configure --enable-epoll).
  • Some internationalisation support (see NEWS file).
  • Support for Windows XP restored when built with mingw-w64.
  • C++ 2011 compiler is required.

2.0.1 -> 2.1

  • Backwards compatibility features for 1.9-to-2.0 transition removed.
  • Better handling of too-many-connections on Windows.
  • New --idle-timeout option for server-side connections.
  • Support for RFC-5782 DNSBL blocking (--dnsbl).
  • Filter scripts are given the path of the envelope file in argv2.
  • Message files can be edited by --client-filter scripts.
  • Better support for CRAM-SHAx authentication.
  • New --client-auth-config and --server-auth-config options.
  • New --show option on windows to better control the user interface style.
  • The --pop option always requires --pop-auth.
  • No message is spooled if all its envelope recipients are local-mailboxes.
  • TLS cipher name added to Received line as per RFC-8314 4.3.
  • Certificate contents are not logged.
  • Timestamp parts of spool filenames no longer limited to six digits.

2.0 -> 2.0.1

  • Make PLAIN client authentication work against servers with broken 334 responses.

1.9.2 -> 2.0

  • Improved IPv6 support, with IPv4 and IPv6 used independently at run-time (see --interface).
  • Server process is not blocked during --filter or --address-verifier execution, if multi-threaded.
  • Support for the mbedTLS TLS library as an alternative to OpenSSL (configure --with-mbedtls).
  • TLS server certificates specified with new --server-tls-certificate option, not --server-tls.
  • TLS servers enable client certificate verification with --server-tls-verify, not --tls-config.
  • TLS clients can verify server certificates with --client-tls-verify and --client-tls-verify-name.
  • The --tls-config option works differently (see NEWS file).
  • New --client-tls-server-name option for server name identification (SNI).
  • New --client-tls-required option to force client connections to use TLS.
  • New --server-tls-required option to force remote SMTP clients to use STARTTLS.
  • New --forward-on-disconnect option replaces --poll=0.
  • The --anonymous option now suppresses the Received line, whatever the --domain.
  • The second field in the secrets file indicates the password encoding, not AUTH mechanism.
  • The --verifier option is now --address-verifier, with simplified command-line parameters.
  • Command-line file paths can use @app as a prefix to be relative to the executable directory.
  • Command-line file paths can be relative to the startup cwd even when daemonised.
  • Filter exit codes between 104 and 107 are interpreted differently (see NEWS file).
  • Message rejection reasons passed back to the submitting SMTP client are much less verbose.
  • Forwarding events are queued up if the forwarding client is still busy from last time.
  • The bind address for outgoing connections is no longer taken from first unqualified --interface address [bug-id #27].
  • The SMTP client protocol tries more than one authentication mechanism.
  • Some support for XOAUTH2 client-side authentication.
  • Client protocol sends QUIT with a socket shutdown().
  • The Windows commdlg list-view widget is used for the server status pages.
  • The Windows connection-lookup feature is withdrawn (--peer-lookup).
  • Several build-time configure options like --disable-pop are withdrawn.
  • C++ 2011 is preferred, and required for multi-threading.
  • Support for very old versions of Windows is dropped.

1.9.1 -> 1.9.2

  • Fixed a leak in the event-loop garbage collection.
  • A local hostname that fails to resolve is not an error.
  • A warning is emitted if there is more than one client authentication secret.
  • Multiple --interface options are allowed separately on the command-line.
  • Added a new --client-interface option.
  • The Received line is formatted as per RFC-3848 (with ESMTPSA).
  • The LOGIN and PLAIN mechanisms in the secrets file are now equivalent.
  • The Windows service wrapper can use a configuration file to locate the startup batch file.
  • Simplified the implementation of the GUI installation program.
  • Reworded the read error: disconnected log message.
  • Less verbose logging of no more messages to send.
  • Qt4 or Qt5 selected by the configure script.
  • Improved the RPM spec file.

1.9 -> 1.9.1

  • Updated OpenSSL from 1.0.1e to 1.0.1g in the Windows build.

1.8.2 -> 1.9

  • Added negotiated TLS/SSL for POP (ie. STLS).
  • The first two fields in the secrets files are reordered (with backwards compatibility).
  • Added Linux PAM authentication (configure --with-pam and then --server-auth=/pam).
  • Optional protocol-specific --interface qualifiers, eg. --interface smtp=127.0.0.1,pop=192.168.1.1.
  • Outgoing client connection bound with the first --interface or --interface client=... address.
  • Support for SMTP-over-TLS on outgoing client connection (--client-tls-connection) (cf. STARTTLS)
  • Support for SOCKS 4a on outgoing client connection, eg. --forward-to example.com:25@127.0.0.1:9050.
  • TLS configuration options (--tls-config=...) for SSLv2/3 fallback etc.
  • No Received line added if --anonymous and an empty --domain name.
  • Error text for all recipients rejected is now more accurately one or more recipients rejected.
  • New behaviour for --client-filter exit values of 100 and over.
  • New commands on the admin interface, failures and unfail-all.
  • Shorter descriptions in the usage help unless --verbose.
  • New default spool directory location on windows, now under system32.
  • Windows project files for MSVC 2012 included.
  • Removed support for Windows NT and Windows 9x.
  • Better support for Windows Vista and Windows 7.
  • Removed Windows --icon option.
  • Removed --enable-fhs option for configure (see INSTALL document for equivalent usage).
  • Added --log-file option to redirect stderr.
  • Added Windows --peer-lookup option.
  • Fix for MD5 code in 64-bit builds.

1.8.1 -> 1.8.2

  • Fix namespaces for gcc 3.4.

1.8 -> 1.8.1

  • Changed the definition of --as-proxy to use --poll 0 rather than --immediate [bug-id 1961652].
  • Fixed stalling bug when using server-side TLS/SSL (--server-tls) [bug-id 1961655].
  • Improved Debian packaging for Linux (make deb).

1.7 -> 1.8

  • Speed optimisations (as identified by KCachegrind/valgrind in KDevelop).
  • Build-time size optimisations (eg. ./configure --disable-exec --enable-small-exceptions ...).
  • Build-time options to reduce runtime library dependencies (eg. ./configure --disable-dns --disable-identity).
  • New switch to limit the size of submitted messages (--size).
  • New semantics for --poll 0, providing a good alternative to --immediate when proxying.
  • SMTP client protocol emits a RSET after a rejected recipient as a workround for broken server protocols.
  • SMTP client protocol continues if the server advertises AUTH but the client has no authentication secrets.
  • When a message cannot be forwarded the offending SMTP protocol response number, if any, is put in the envelope file.
  • A warning is printed if logging is requested but both stderr and syslog are disabled.
  • A cross-compiling toolchain builder script added for running on mips-based routers (extra/mips).
  • New example scripts for SMTP multicasting and editing envelope files.
  • Improved native support for Mac OS X (10.5) with graphical installation from disk image.
  • Compatibility with gcc 2.95 restored.

1.6 -> 1.7

  • TLS/SSL support for SMTP using OpenSSL (./configure --with-openssl with --client-tls and --server-tls).
  • Authentication mechanism PLAIN added.
  • Some tightening up of the SMTP server protocol.
  • Windows service wrapper has an --uninstall option.
  • Windows installation GUI uninstalls the service before reinstalling it.

1.5 -> 1.6

  • GPLv3 licence (see http://gplv3.fsf.org).
  • New --prompt-timeout switch for the timeout when waiting for the initial 220 prompt from the SMTP server.
  • Fix for flow-control assertion error when the POP server sends a very long list of spooled messages.
  • Wildcard matching for trusted IP addresses in the authentication secrets file can now use CIDR notation.
  • More fine-grained switching of effective user-id to read files and directories when running as root.
  • Fewer new client connections when proxying.
  • The server drops the connection if a remote SMTP client causes too many protocol errors.
  • More complete implementation of --hidden on Windows.
  • Scanner switch (--scanner) replaced by a more general --filter and --client-filter switch syntax.
  • Support for address verification (--verifier) over the network.
  • Better support for running as a Windows service (emailrelay-service --install).
  • Utility filter program emailrelay-filter-copy exits with 100 if it deletes the envelope file.
  • Windows cscript.exe wrapper is added automatically to non-bat/exe --filter command-lines.
  • Installation GUI makes backups of the files it edits and preserves authentication secrets.
  • Installation GUI can install init.d links.
  • Experimental SpamAssassin spamc/spamd protocol support.
  • Acceptance tests added to the distribution.

1.4 -> 1.5

  • New installation and configuration GUI using TrollTech Qt 4.x (./configure --enable-gui)
  • Default address verifier accepts all addresses as valid and never treats them as local mailboxes.
  • Fix for server exit bug when failing to send data down a newly accepted connection.
  • Spooled content files can be left in the parent directory to save diskspace when using --pop-by-name.
  • Client protocol improved for the case where there are no valid recipients.
  • New --syslog switch to override --no-syslog.
  • New --filter-timeout switch added.
  • Support for --foo=bar switch syntax (ie. with =).
  • Multiple listening interfaces allowed with a comma-separated --interface list.
  • New --filter utility called emailrelay-filter-copy to support --pop-by-name.
  • Documentation also created in docbook format (requires xmlto).
  • Windows installation document revised.

1.3.3 -> 1.4

  • POP3 server (enable with --pop, disable at build-time with ./configure --disable-pop).
  • Fix for logging reentrancy bug (affects ./configure --enable-debug with --debug).
  • Fix to ensure sockets are always non-blocking (affects --scanner).
  • Allow --verifier scripts to reject addresses with a temporary 4xx error code.
  • Automatic re-reading of secrets files.
  • Write to the Windows event log even if no write access to the registry.
  • Modification of set-group-id policy if not started as root.
  • Better checking of spool directory access on startup.
  • New emailrelay-submit.sh example script for submitting messages for --pop-by-name.
  • The --dont-listen switch is now --no-smtp.
  • Better IPv6 support (Linux only).

1.3.2 -> 1.3.3

  • No bind() for outgoing connections [bug-id 1051689].
  • Updated rpm spec file [bug-id 1224850].
  • Fix for gcc3.4 compilation error in md5.cpp.
  • Fix for glob()/size_t compilation warning.
  • Documentation of auth switches corrected.
  • State-machine template type declaration modernised, possibly breaking older compilers.

1.3.1 -> 1.3.2

  • Fix for core dump when --client-filter pre-processing fails.
  • Revised code structure to prepare for asynchronous pre-processing.
  • Better diagnostics when pre-processor exec() fails.
  • Better cleanup of empty and orphaned files.

1.3 -> 1.3.1

  • Windows resource leak from CreateProcess() fixed.
  • Windows dialog box double-close fix.
  • Some documentation for the --scanner switch.
  • New usage patterns section in the user guide.

1.2 -> 1.3

  • Client protocol waits for a greeting from the server on startup [bug-id 842156].
  • Fix for incorrect backslash normalisation on --verifier command-lines containing spaces [bug-id 890646].
  • Verifier programs can now summarily abort a connection using an exit value of 100.
  • New --anonymous switch that reduces information leakage to the SMTP client and disables VRFY.
  • Better validation of MAIL-FROM and RCPT-TO formatting.
  • Rewrite of low-level MD5 code.
  • Performance tuning.
  • Template emailrelay.conf gets installed in /etc.
  • New switches for the configure script.
  • More JavaScript example scripts.

1.1.2 -> 1.2

  • The --filter and --verifier arguments interpreted as command-lines; spaces in executable paths now need escaping.
  • The --interface switch applies to outgoing connections too.
  • New --client-filter switch to do synchronous message processing before sending.
  • Keeps authentication after a rset command.
  • Fix for dangling reference bug, seen after quit command on Windows.
  • JavaScript examples in the documentation.

1.1.1 -> 1.1.2

  • Earlier check for un-bindable ports on startup, and later fork()ing [bug-id 776972].
  • Resolved the file-descriptor kludge for --verifier on Windows.
  • Less strict about failing eight bit messages sent to servers with no 8BITMIME extension.
  • Supplementary group memberships revoked at startup if root or suid.
  • Pre-processor (--filter) program's standard output searched for a failure reason string.
  • Undocumented --scanner switch added for asynchronous processing by a separate network server.

1.1.0 -> 1.1.1

  • Restored the fix for building with gcc2.96.
  • Support for MinGW builds on Windows.
  • More reasonable size of the --help --verbose message box on Windows.
  • Windows --icon switch changed from -i to -c to avoid conflicting with --interface.
  • Shows next server address correctly in the configuration report when using --forward-to.
  • Fix for make install when man2html is not available.
  • Updated init script.

1.0.2 -> 1.1.0

  • In proxy mode unexpected client-side disconnects and timeouts do not leave .bad files [see also bug-id 659039].
  • By default proxy mode does not interpret addresses for local delivery (--postmaster).
  • Polling option added (--poll) to rescan the spool directory periodically.
  • New special exit code (103) for the pre-processor to trigger immediate polling; 100 to 107 now reserved.
  • Orphaned zero-length content files are deleted properly if the server-side dialogue is cut short.
  • The --interface switch applies to the --admin interface too.
  • Improved internal event architecture using slot/signal design pattern, and fewer singleton classes.
  • Event notification available through the administration interface.
  • New --hidden switch for Windows.
  • Syslog output includes process-id.
  • Support for Sun WorkShop 5.0 added.
  • Documentation overhaul.

1.0.0 -> 1.0.2

  • Support for trusted IP addresses, allowing certain clients to avoid authentication.
  • Address verifier interface extended to include authentication information.
  • New public mail relay section added to the user guide.
  • Example verifier scripts etc. added to the reference guide.

1.0.0 -> 1.0.1

  • In proxy mode unexpected client-side disconnects and timeouts result in .bad files [bug-id 659039].
  • Require successful AUTH before MAIL FROM when using --server-auth.
  • Better word-wrap on --help output.
  • Use of RedHat's functions code, and support for chkconfig, added to the init.d script.
  • Builds with gcc3.2 (1.0.0-pl5).
  • Fix for files left as busy after a connection failure in proxy mode bug-id 631032.
  • Trivial documentation fixes (1.0.0-pl3).
  • Fix for the double-dot escape bug in the client protocol bug-id 611624.
  • Fix build when using gcc2.96 rather than gcc2.95 (1.0.0-pl1).
  • Fix default spool directory in example scripts (1.0.0-pl1).

0.9.9 -> 1.0.0

  • Briefer --help output; works with --verbose.
  • Option to listen on a specific network interface (--interface).
  • Option for an external address verifier program (--verifier).
  • Some Linux Standard Base stuff added to the init.d script.
  • Pid files world-readable and deleted on abnormal termination.
  • Compiles with gcc 3.0 and intel 6.0.
  • Autoconf tweak for MacOS X.
  • Corrected the Received: typo [bug-id 572236].
  • EHLO response parsing is now case-insensitive [bug-id 561522].
  • Fewer missing-secrets warnings [bug-id 564987].

0.9.8 -> 0.9.9

  • More flexible logging options (--verbose and --debug work better).
  • File Hierarchy Standard (FHS) option for configure (--enable-fhs).
  • FHS-compatible RPMs.
  • Spool files writeable by pre-processor when server started as root.
  • Default directories in executables and scripts come from configure.
  • The init.d script is renamed emailrelay (was emailrelay.sh).
  • Man pages are gzipped when installed.
  • Fix for access violation under Windows NT when client disconnects.
  • Use of event log when compiled on Windows NT.
  • Fix for info-after-flush bug when using the administration interface. [rc2]
  • New resubmit script. [rc2]
  • Submit utility works under Windows. [rc2]
  • Improved Windows project files. [rc2]

0.9.7 -> 0.9.8

  • Fix for running pre-processor (--filter) as root.
  • Ignore bogus AUTH=LOGIN lines in EHLO response.
  • Submit utility improved to work with mutt.
  • Installation of submit man page.

0.9.6 -> 0.9.7

  • CRAM-MD5 authentication mechanism added.
  • Revoke root permissions at start up, and reclaim them when needed.
  • Allow mail pre-processing (--filter) when started as root.
  • Domain-override switch (--domain) added.
  • Non-privileged user switch (--user) added.
  • Better handling of NarrowPipe exception (ie. 8-bit message to 7-bit server).
  • Allow null return path in MAIL-FROM.
  • Reject recipients which look like <user>@localhost (as used by fetchmail for local delivery).
  • Treat recipients which look like postmaster@localhost or postmaster@<fqdn> as local postmaster.
  • Optional timestamps on log output (--log-time).
  • Fix EHLO to HELO fallback for 501/502 responses in client protocol.
  • Submission utility emailrelay-submit added.
  • HTML4.0 compliant HTML documentation, using CSS.

0.9.5 -> 0.9.6

  • SMTP AUTHentication extension -- LOGIN mechanism only.
  • Client-side protocol timeout.
  • Client-side connection timeout.
  • Preprocessor can cancel further message processing.
  • Client's IP address recorded in envelope files.
  • Multiple hard-coded listening addresses supported at compile-time.
  • Fix for automatic reopening of stderr stream.

0.9.4 -> 0.9.5

Windows fixes and improvements...

  • system-tray + dialog-box user interface
  • fix for dropped connections
  • fix for content file deletion
  • fix for directory iterator

0.9.3 -> 0.9.4

  • Fixed memory leak when no --log switch.
  • Windows build is more gui and less command-line.
  • Info command added to the administration interface.
  • Doxygen files removed from binary RPM.

0.9.2 -> 0.9.3

  • Proxy mode (--immediate and --as-proxy).
  • Message pre-processing (--filter).
  • Message store classes better separated using abstract interfaces.
  • Improved notification script, with MIME encoding.
  • Builds with old 2.91 version of gcc.

0.9.1 -> 0.9.2

  • Better autoconf detection.
  • Workround for FreeBSD uname() feature.
  • Added missing .sh_ files to the distribution.
  • Fixed a benign directory iterator bug.
  • Use of gcc's exception header.

0.9 -> 0.9.1

  • Improved documentation from doxygen.
  • More complete use of namespaces.
  • Experimental compile-time support for IPv6.