You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

542 lines
21 KiB

Version 1.8.17:
- msmtpd now supports logging to syslog or to a file with the option --log,
and authentication (for special use cases) with the option --auth.
Version 1.8.16:
- The 'from' command now accepts patterns (as in shell file name matching)
so that many envelope from addresses given with --from can match the
same account
- Added support for %H, %C, %M in the domain command
- msmtpd now supports sysexits.h error codes from the pipe command
Version 1.8.15:
- Added support for SCRAM-SHA-256 authentication via GNU SASL
Version 1.8.14:
- Added support for libtls as an alternative to GnuTLS
Version 1.8.13:
- Added support for XOAUTH2, the predecessor of OAUTHBEARER.
- The passwordeval command can now handle very long input, which can be
necessary for OAUTHBEARER and XOAUTH2.
- GnuTLS >= 3.4 is required
Version 1.8.12:
- msmtpd now supports session reuse and improves standards compliance
- Automatic account matching now supports subaddresses. For example, will match account
Version 1.8.11:
- Add a new undisclosed_recipients command and --undisclosed-recipients option
to replace To, Cc, Bcc with a single "To: undisclosed-recipients:;" header.
- Improved handling of temporary files on Windows systems.
- Re-enabled support for systems lacking vasprintf(), such as IBM i PASE.
Version 1.8.10:
- The msmtpq script was fixed (the fix in 1.8.9 was incomplete)
Version 1.8.9:
- The msmtpq script was fixed (it was accidently broken in 1.8.8)
Version 1.8.8:
- Added a new socket command and --socket option to connect via local sockets.
- Added a new tls_host_override command and --tls-host-override option to
override the host name used for TLS verification.
- Added a new set_from_header command and --set-from-header option with three
- on: always set a From header, possibly replacing an existing one
- off: never set a From header
- auto: add a From header if there is none (this is the default).
This replaces the add_missing_from_header option (which remains supported).
- Added a new set_date_header command and --set-date-header option with two
- off: never set a Date header
- auto: add a Date header if there is none (this is the default).
This replaces the add_missing_date_header option (which remains supported).
- Fixed the handling of empty From headers with --read-recipients/-t.
- Fixed the source_ip command for proxies.
Version 1.8.7:
- The from command now supports the patterns %U, %H, %C, %M that are replaced
with user name, host name, canonicalized host name, and the contents of
/etc/mailname. This replaces the old auto_from and maildomain commands (which
remain supported).
Version 1.8.6:
- Aliases are now expanded recursively
- Minor bug fixes
Version 1.8.5:
- Support for TLS client certificates via PKCS11 devices, e.g. smart cards.
- Various small bug fixes and improvements.
Version 1.8.4:
- Added support for the OAUTHBEARER authentication method.
- Several minor bug fixes.
Version 1.8.3:
- This version fixes a security problem that affects version 1.8.2 (older
versions are not affected): when the new default value system for
tls_trust_file is used, the result of certificate verification was not
properly checked.
Version 1.8.2:
- To simplify TLS setup, the tls_trust_file command has a new default value
'system' that selects the system default trust. Now you just need tls=on to
use TLS; the other TLS options are only required in special cases.
To make this work without breaking compatibility with older msmtp versions,
tls_fingerprint now overrides tls_trust_file, and tls_certcheck=off overrides
both (previously, you could not specify contradicting options).
- To simplify setup, a new option '--configure <mailaddress>' was added that
automatically generates a configuration file for a given mail address.
However, this only works if the mail domain publishes appropriate SRV records.
Version 1.8.1:
- Fixed our TLS code to support TLS 1.3 with GnuTLS.
Version 1.8.0:
- A minimal SMTP server called msmtpd was added that listens on the local host
and pipes mails to msmtp (or another program). It is intended to be used with
system services that cannot be configured to call msmtp directly. You can
disable it with the configure option --without-msmtpd.
- Using OpenSSL is discouraged and may not be supported in the future. Please
use GnuTLS instead. The reasons are explained here:
- As using GNU SASL is most likely unnecessary, it is disabled by default now.
Since everything uses TLS nowadays and thus can use PLAIN authentication, you
really only need it for GSSAPI.
- If your system requires a library for IDN support, libidn2 is now used instead
of the older libidn.
- The CRAM-MD5 authentication method is marked as obsolete / insecure and will
not be chosen automatically anymore.
- The passwordeval command does not require the password to be terminated by a
new line character anymore.
- The new logfile_time_format command allows to customize log file time stamps.
- Builtin default port numbers are now used instead of consulting /etc/services.
- Support for DJGPP and for systems lacking vasprintf(), mkstemp(), or tmpfile()
is removed.
Version 1.6.8:
- Add --source-ip option and source_ip command to bind the outgoing connection
to a specific source IP address.
- Enable SNI for TLS
Version 1.6.7:
- Add support for ~/.config/msmtp/config as configuration file
- Add network timeout handling on Windows
- Fix command line handling of SHA256 TLS fingerprints
- Fix SIGPIPE handling (affects at least Mac OS X)
- Add french translation, and update german translation
Version 1.6.6:
- Fix a memory leak and a double-free in msmtp_read_headers(), triggered by read
Version 1.6.5:
- Support SHA256 fingerprints for tls_fingerprint, and mark both SHA1 and MD5 as
Version 1.6.4:
- The system default policy is used with GnuTLS instead of a hardcoded one.
Version 1.6.3:
- A bug in SOCKS support was fixed.
- Handling non-fatal errors in TLS handshakes was fixed.
Version 1.6.2:
- A bug was fixed that prevented consecutive Bcc headers from being removed
Version 1.6.1:
- The new configure option --with-tls replaces --with-ssl.
- A new configure option --disable-gai-idn was added.
Version 1.6.0:
- Support for SOCKS proxies was added. This allows msmtp to be used with Tor.
- GNOME Keyring support now uses libsecret instead of libgnome-keyring. It is
now documented how to use secret-tool to manage passwords for msmtp; the
obsolete msmtp-gnome-tool script is removed.
- Configuration file security is now only checked if the file actually contains
secrets such as passwords. (If you still store passwords in the configuration
file, consider using the passwordeval command or a key ring instead.)
- The GSSAPI authentication method is not chosen automatically anymore, you have
to request it manually if you really want to use it.
- From: and Date: headers are now added to mails if necessary, for compatibility
with sendmail, postfix, exim, and other MTAs. This can be disabled with the
add_missing_from_header and add_missing_date_header commands.
- Libidn is not required for IDN support anymore on systems where getaddrinfo()
supports the AI_IDN flag and the GnuTLS version is >= 3.4.0.
- The new remove_bcc_headers command replaces the old keepbcc command (but the
old command is still supported for compatibility).
- SSLv3 is disabled, and the obsolete tls_force_sslv3 command and
--tls-force-sslv3 option have no effect anymore.
Version 1.4.32:
- A recipient list on the command line is now parsed as if it appeared in a
mail header.
Version 1.4.31:
- No significant changes.
Version 1.4.30:
- No significant changes.
Version 1.4.29:
- The obsolete service name "ssmtp" was replaced with "smtps".
Version 1.4.28:
- No significant changes.
Version 1.4.27:
- No significant changes.
Version 1.4.26:
- A new version of the msmtpq script fixes serious bugs. To update to the new
version of the script, you need to remove the old msmtpQ symlink, change
msmtpQ to msmtpq in your MUA config, and use msmtp-queue for queue management.
Version 1.4.25:
- DIGEST-MD5 authentication is not considered secure any longer. See RFC 6331.
- Support for alias expansion was added. See the aliases command and --aliases
Version 1.4.24:
- The build system was updated, and as a consequence some options to the
configure script have changed. See './configure --help'.
- The license of the manual was changed from the GNU FDL to a very simple
permissive license.
- The unmaintained pt_BR translation was removed.
Version 1.4.23:
- No significant changes.
Version 1.4.22:
- A new command 'passwordeval' with a corresponding '--passwordeval' option
allows to set the password to the output of a command.
Version 1.4.21:
- No significant changes.
Version 1.4.20:
- Added support for authentication mechanism SCRAM-SHA-1 via GNU SASL.
- The new command tls_fingerprint allows one to trust one particular TLS
certificate, in case tls_trust_file cannot be used for some reason.
- The new script manages Gnome Keyring passwords for msmtp.
Version 1.4.19:
- When using OpenSSL, msmtp now correctly handles NUL characters in the Common
Name and Subject Alternative Name fields of certificates. This fixes a
security problem. Note that msmtp is not affected by this problem if GnuTLS is
Version 1.4.18:
- No significant changes.
Version 1.4.17:
- Msmtp now also reads SYSCONFDIR/netrc if the password was not found in
- Support for the GNOME keyring was added by Satoru SATOH.
Version 1.4.16:
- No significant changes.
Version 1.4.15:
- The configuration command tls_crl_file was added. This allows to use
certificate revocation lists (CRLs) during certificate verification.
- The configuration command tls_min_dh_prime_bits was added. This may be needed
to use TLS/SSL with servers that use a small Diffie-Hellman (DH) prime size.
- The configuration command tls_priorities was added. This allows to fine tune
TLS/SSL session parameters.
Version 1.4.14:
- The -t option now properly supports Resent-* headers.
- The --read-envelope-from option was added. It allows to read the envelope from
address from the From header.
- The environment variables SMTPSERVER and EMAIL can be used to configure msmtp
for simple use cases.
- Support for the Mac OS X keychain was added by Jay Soffian.
Version 1.4.13:
- Useful scripts are now distributed in the scripts subdirectory.
- The license was updated to GPLv3 or later (source code) and GFDLv1.2 or later
Version 1.4.12:
- No significant changes.
Version 1.4.11:
- Security improvements:
- TLS requires tls_trust_file or a disabled tls_certcheck now, so that it is
not silently vulnerable to man-in-the-middle attacks.
- NTLM authentication is considered insecure because it is undocumented. It is
therefore not used automatically without TLS anymore.
Version 1.4.10:
- No significant changes.
Version 1.4.9:
- No significant changes.
Version 1.4.8:
- No significant changes.
Version 1.4.7:
- The configuration command tls_force_sslv3 was added. This is needed to use
TLS/SSL with some old and broken servers.
Version 1.4.6:
- The options to the configure script have changed! See the first few
paragraphs of INSTALL for details.
- Optional support for Internationalized Domain Names (IDN) was added.
GNU Libidn is required for this.
Version 1.4.5:
- Only minor tweaks.
Version 1.4.4:
- Support for the sendmail -F option (accepted but ignored).
- Removed the OpenSSL exception note from the license information.
Version 1.4.3:
- Automatic envelope-from addresses are only generated when auto_from is enabled
with the new auto_from command or --auto-from option.
This allow empty envelope from addresses to be set with the from command or
--from option.
Version 1.4.2:
- The 'connect_timeout' setting was replaced by a 'timeout' setting that applies
to all network operations. The old option and command are still accepted, but
they are not restricted to connection attempts anymore.
- Native language support (NLS) was added. Currently the only supported language
besides english is german, but it is easy to add more translations (hint,
Version 1.4.1:
- Only bug fixes, no new features.
Version 1.4.0:
- This is the new stable release of msmtp.
BEWARE: When upgrading from 1.2.4, note that
- Authentication is not enabled automatically anymore! Insert the command
"auth on" into account definitions that need it.
- Some command line options have changed!
- Summary of new features since 1.2.4:
- Sendmail compatible command line options, including -t, -N, and -R
- New long options to configure almost everything on the command line
- Optional account selection with -f/--from
- Support for a system wide configuration file
- Optional automatic construction of envelope from addresses
- More flexible account definitions
- Configurable connection timeouts
- Improved log file logging
- Syslog logging
- Improved TLS/SSL support
- Support for LMTP
- Support for the EXTERNAL and GSSAPI authentication methods
- Support for .netrc and password prompting
- Rewritten documentation, available in various formats
- New since 1.3.9:
- No new features, but minor improvements mainly regarding interoperability
and performance. And some minor bug fixes.
Version 1.3.9:
- Added support for the .netrc file: If a password is needed but none is given,
msmtp will try to find it in ~/.netrc, and if that fails, msmtp will prompt
you for it.
- The authentication user name is included in the log if authentication is used.
Suggested by Jim Fohlin.
- An account from the system configuration file cannot be partially changed in
the user configuration file anymore; it must be replaced completely instead.
- Added LMTP support.
Version 1.3.8:
- The default values from a defaults section in a system configuration file
are not valid in the user configuration file anymore, to prevent changes in
the system configuration file from breaking user setups.
Version 1.3.7:
- The user configuration file is required to have no more permissions than
0600 (user read/write).
- Added specialisation to account definitions. See documentation of the
account command and the example files.
- Added the new connect_timeout command and --connect-timeout option.
- The password will be prompted for if none is given in the configuration file.
Version 1.3.6:
- New documentation!
It was rewritten using texinfo, which allows easy generation of html and pdf
The man page is still up to date and will not be dropped.
- A new configuration file command ("defaults") to set default values for all
following accounts was added. Suggested by Jim Fohlin.
- Support for EXTERNAL authentication was added.
- You need GnuTLS >= 1.2.0 now if you want GnuTLS support.
- bug fixes!
Version 1.3.5:
- A system wide configuration file SYSCONFDIR/msmtprc will be used if it exists.
It's settings will be overridden by the the user configuration file.
Use the --sysconfdir configure option to set SYSCONFDIR to something other
than /usr/local/etc.
- If no envelope from address is given, msmtp will construct one using the user
name and the mail domain (if given).
- New command/options pairs:
- maildomain/--maildomain to set the domain part of constructed envelope from
- syslog/--syslog to enable logging to syslog
Version 1.3.4:
- Just some cleanups and bugfixes. The built-in CRAM-MD5 code works again.
Version 1.3.3:
- support for Remote Message Queue Starting (RMQS) was added, see option --rmqs
- msmtp can now print information about the peer's TLS certificate.
Use --serverinfo (or --debug) to see it
- If you want GnuTLS as your TLS library, you need a version >= 1.1.23 now
Version 1.3.2:
- You need gsasl or libgsasl >= 0.2.4 if you want GNU SASL support
- Various bugfixes
Version 1.3.1:
- fixed the -t option
Version 1.3.0:
- configuration file:
- The auth command is now *required* to activate authentication. Just
setting user name and password is not enough anymore
- The tls_nostarttls command should be changed to "tls_starttls off",
though the old command is still supported
- The tls_nocertcheck command should be changed to "tls_certcheck off",
though the old command is still supported
- command line:
- Changed short options (because of collision with sendmail options):
-p is now -P
-F is now -C
-v is not available anymore, use --version
-h is not available anymore, use --help
- If you used -f/--from without -a/--account to override the envelope from
address of the default account, you have to use --account=default
explicitly now, because otherwise msmtp tries to find an account matching
the from address
- Sendmail compatible interface
- Almost all options can now be set on the command line
- Support for the sendmail -t option (read additional recipient addresses
from the To, Cc, and Bcc headers of the mail)
- You can choose the account using the -f/--from option:
If you use -f/--from but not -a/--account, the first account of the
configuration file that has a matching envelope from address will be used
- GSSAPI authentication (you need GNU SASL >= 0.2.3 with GSSAPI support)
- New command ntlmdomain to set the domain parameter for NTLM authentication
- Long option support on all platforms (thanks to gnulib)
- Enhanced almost all commands to allow unsetting of features
- Changed log file information: Instead of conffile/account, log
information about host, tls, auth, and from.
Version 1.2.4:
- No new features.
Version 1.2.3:
- IPv6 support on Windows systems
- The configuration file supports all commands and arguments related to
TLS and authentication, even if TLS and/or GNU SASL support is not
compiled in
- The GNU SASL library is not required to support DIGEST-MD5 and NTLM
anymore. This means you can now use the packaged versions of the library
from Gentoo or Debian sarge.
- You can use the -v/--version option to find out which authentication
methods are supported.
Version 1.2.2:
- Enhancements to the logfile command:
- All available information is now written to the logfile (new fields:
mailsize=..., smtpmsg='...', errormsg='...').
- Logging to standard output is possible by using "logfile -"
Version 1.2.1:
- No new features.
Version 1.2.0:
- This version can be compiled without TLS/SSL support; use
--disable-ssl if you really want that.
- Read the entries for versions 1.1.x for more changes since the last
stable version 1.0.0.
Version 1.1.3:
- New option -i for compatibility with mail(1).
- New 'logfile' command; see man page for details.
Version 1.1.2:
- No user visible changes.
Version 1.1.1:
- The tls_nostarttls command now sets the default port to 465 (ssmtp).
Version 1.1.0:
- Support for SMTP command pipelining. On high latency networks, this
may increase transmission speed, especially when sending to many
- The short option for --file, -f, has changed to -F
- A new option --from/-f is available to set the envelope from address.
- A new option --serverinfo/-S is available to print information
about the capabilities and limitations of an SMTP server
Version 1.0.0:
- New feature: tilde expansion for filenames in the configuration file
Version 0.7.2:
- This version adds native support for Windows 9x/ME/NT/2000/XP/2003
(with MinGW) and DOS (with DJGPP and the Watt32 library).
Version 0.7.1:
- New command: 'domain'
- New options: --pretend and --debug
Version 0.7.0:
- Support for DSN (Delivery Status Notifications) was added via
the new commands 'dsn_notify' and 'dsn_return'.
- The 'tls_nocertcheck' command was added. It disables all server
certificate checks. Use it if you get certificate check errors but
still want to use the SMTP server with TLS/SSL.
- The 'nostarttls' command is now called 'tls_nostarttls'.
Please update your configuration file.
Version 0.6.5:
- License clarification:
msmtp is released under the GPL with the additional exemption that
compiling, linking, and/or using OpenSSL is allowed.
- If you want to use GnuTLS instead of OpenSSL, you will now need
GnuTLS >= 1.0.0 and libgcrypt >= 1.1.90!
- msmtp now works on systems that lack IPv6 support
- msmtp now accepts arbitrary long lines in mails
Version 0.6.4:
- fixed configuration file code
Version 0.6.3:
- portability fix for Mac OS X (Randolph Fritz)
- fixed --disable-gsasl configure option
- man page improvements
Version 0.6.2:
- use GNU Autotools (Christophe Nowicki)
- fixed wildcard support in server certificate's Common Name field
Version 0.6.1:
- improved certificate check/verification with OpenSSL
- code cleanups
Version 0.6.0:
- Added sanity checks of server certificate when using TLS
- Strict server certificate verification with tls_trust_file command
- Possibility to send client certificate if requested (tls_key_file and
tls_cert_file commands)
- Optional support for GnuTLS instead of OpenSSL
- Optional support for GSASL (adds DIGEST-MD5 and NTLM authentication methods)
- Arguments in the configuration file may now contain blanks
- Removed the possibility to choose the TLS version with the tls command
- Proper recognition of server capabilities (EHLO response)