OpenSMTPD advisory dissected
https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/ [poolp.org]
2020-01-31 21:13
tags:
bugfix
development
email
exploit
openbsd
programming
security
turtles
Qualys contacted by e-mail to tell me they found a vulnerability in OpenSMTPD and would send me the encrypted draft for advisory. Receiving this kind of e-mail when working on a daemon that can’t revoke completely privileges is not a thing you want to read, particularly when you know how efficient they are at spotting a small bug and leveraging into a full-fledged clusterfuck.
Legacy code bad, even when it’s freshly written legacy code.
OpenSMTPD released and upcoming filters preview
https://poolp.org/posts/2018-11-03/opensmtpd-released-and-upcoming-filters-preview/ [poolp.org]
2018-11-08 19:36
tags:
email
openbsd
release
update
I won’t expand on the features in the 6.4 release as I already wrote about the configuration file changes, the issues that required it and the refactors involved, this was the one true major feature of the release. One notable aspect though is that we dropped our support for OpenSSL in favor of LibreSSL, and THAT I should expand upon ;-)
And looking forward...
Filters have been a (the most ?) long awaited feature in OpenSMTPD. I finally committed most of the filters code to OpenBSD.