Qsmtp-0.29: Qsmtp version 0.29

• support for openat() and friends is now mandatory
• usage of select() has been replaced by poll()
• Qsmtpd: expose less internal details about queue failures
• Qsmtpd: log the TLS cipher that was used when an email was received using STARTTLS
• Qsmtpd: write syntactically correct Received:-line even if authhide is set
• Qsmtpd: allow to select the TLS cert also by port
• Qsmtpd: fix wrong config scope being written to logfile on rejection for some filters
• Qsmtpd: fix SIZE check if free space in queue can't be read
• Qsmtpd: fix multi-recipient bounce detection if more than 2 recipients are given
• Qsmtpd: also detect ORCHID and IPv6 documentation net addresses as being invalid in fromdomain filter
• Qsmtpd: fix fromdomain filter not detecting if one MX entry is a loopback net and the other one is a private net
• Qsmtpd: fix possible buffer overrun with very short addresses and long TLDs in wildcardns filter
• Qsmtpd: fix leaking of MAIL FROM: identity memory and settings if multiple MAIL FROM: commands are seen
• Qsmtpd: update wildcardns filter example
• Qsmtpd: several fixes for SPF cornercases
• Qsmtpd: SSL clientcert authentication code should be working now
• Qremote: log the TLS cipher that was used when an email was sent using STARTTLS
• Qremote: better handling during errors, including syntax errors from the server, during connect and greeting phase
• Qremote: fix filtering out 127/8 and 0.0.0.0 as MX entries
• Qremote: detect if DANE DNS records are present and enforce STARTTLS in case they are (no DNSSEC or certificate validation yet)

Qsmtp-0.28: Qsmtp version 0.28

• Qsmtpd: fix IPv6 ipbl files being misread
• Qremote: fix crash when filtering out local IP addresses if an interface has no addresses at all
• Qsurvey: also log the remote servers SSL certificates
• several cleanups and improvements for SSL error cases
• fix several small leaks and other oddities spotted by Coverity scanner

Qsmtp-0.27: Qsmtp version 0.27

• Qsmtpd: the spffriends files are no longer a list of host names, but ipbl format files
• Qsmtpd: authentication using TLS certificates now also looks at the common name field, allowing not only single users but also whole hosts to be authenticated for relaying
• Qsmtpd: TLS authentication code is now enabled
• Qsmtpd: fix and add some enhanced status codes
• Qsmtpd: add stricter checking in CRAM-MD5 authentication before passing the input to the backend
• Qremote: the file outgoingip6 may now hold an IP address used to bind to when sending mail via IPv6
• Qremote: prefer IPv6 addresses over IPv4 ones if both have the same MX priority
• Qsurvey: several improvements, e.g. IPv6 support and symlinking from domain names to IP address directories
• Qsurvey now depends on the availability of the openat() syscall
• much of the AUTH and userbackend has been refactored

Qsmtp-0.26: Qsmtp version 0.26

• Qsmtpd: fix inverted vpopbounce logic for .qmail-default files

Qsmtp-0.25: Qsmtp version 0.25

• Qremote: fix some bugs in MIME boundary detection
• Qremote: fix sending email to IP address
• Qremote: add support for control/smtproutes.d/
• Qremote: fix some smtproute cornercases
• Qremote: fix Base64 recoding not always honoring requested line length
• Qsmtpd: drop remaining support code for OpenSSL 0.9.6
• Qsmtpd: fix several memleaks
• Qsmtpd: fix wrong behavior (message not sent to network) if username or password in LOGIN authentication is empty
• Qsmtpd: fix double free on bounce message with multiple recipients
• Qsmtpd: disable the pfixpol code, it was only half implemented anyway
• Qsmtpd: fix address matching when sending to local IP address
• Qsmtpd: add missing enhanced status codes on "line too long" message
• Qsmtpd: allow usernames like "filterconf" if doing user existence checks in vpopmail directories
• Linux/Sparc is now a known good target platform.

Qsmtp-0.24: Qsmtp version 0.24

• Qremote: allow control/smtproutes to point to localhost if a port different from 25 is used
• Qremote: better command pipelining
• Qremote: fix crash when all MX records point back to localhost (introduced in 0.23)
• Qsmtpd: authentication is required in submission mode (i.e. when run on port 587)
• Qsmtpd: improve check for usability of checkpassword helper
• Qsmtpd: reject unencoded 8 bit data in incoming Date, From, and Message-Id headers
• Qsmtpd: allow IP-specific SSL certificates
• Qsmtpd: ignore the client order of SSL ciphers if a preferred list is configured
• fix error handling in ssl_timeoutread()