diff options
| author | Laurent Bercot <ska-skaware@skarnet.org> | 2026-04-18 13:49:06 +0000 |
|---|---|---|
| committer | Laurent Bercot <ska-skaware@skarnet.org> | 2026-04-18 13:49:06 +0000 |
| commit | 0abe71af12ac88eed440bb7f5e6324e679ac5cf5 (patch) | |
| tree | ade7a3e673817ccf0c0c6369c1b88db8cc84a511 | |
| parent | afc46cad9ae4d6df594820c6cd7f10bf6b5a0271 (diff) | |
| download | smtpd-starttls-proxy-0abe71af12ac88eed440bb7f5e6324e679ac5cf5.tar.gz | |
Update deps; update qmail-remote's doc for tls
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | README | 2 | ||||
| -rw-r--r-- | doc/index.html | 10 | ||||
| -rw-r--r-- | doc/qmail-remote.html | 15 | ||||
| -rw-r--r-- | doc/upgrade.html | 2 | ||||
| -rw-r--r-- | package/deps-build | 2 |
6 files changed, 25 insertions, 9 deletions
@@ -6,7 +6,8 @@ In 0.1.0.0 - Support for disabling RPATH at configure time. - Adaptation to skalibs-2.15.0.0. - New binary: qmail-remote. Comes with a qmail-remote-io helper. -This is a full implementation of qmail's SMTP client. +This is a full implementation of qmail's SMTP client, with +extra features. In 0.0.2.1 @@ -5,6 +5,8 @@ smtpd-starttls-proxy - a STARTTLS implementation for mail servers before the SMTP server on your command line. It interposes itself between the client commands and the server, and implements STARTTLS on behalf of the server. + The smtpd-starttls-proxy package also comes with a modern +replacement for qmail's qmail-remote SMTP client. See https://skarnet.org/software/smtpd-starttls-proxy/ for details. diff --git a/doc/index.html b/doc/index.html index d2a3ef9..3121361 100644 --- a/doc/index.html +++ b/doc/index.html @@ -25,6 +25,14 @@ inetd-like mail servers that do not already support it. </p> +<p> + It comes with a chainloading binary implementing server-side +STARTTLS, as well as a full-featured modern replacement for +<a href="https://cr.yp.to/qmail.html">qmail</a>'s +<a href="http://qmail.org/qmail-manual-html/man8/qmail-remote.html">qmail-remote</a> +SMTP client. +</p> + <hr /> <h2> Installation </h2> @@ -44,7 +52,7 @@ library. </li> 2.4.1.2 or later. It's a build-time requirement. It's also a run-time requirement if you link against the shared version of the s6-dns library. </li> <li> <a href="//skarnet.org/software/s6-networking/">s6-networking</a> version -2.7.3.0 or later. It's a build-time and run-time requirement. </li> +2.8.0.0 or later. It's a build-time and run-time requirement. </li> </ul> <h3> Licensing </h3> diff --git a/doc/qmail-remote.html b/doc/qmail-remote.html index fd8a395..cde8643 100644 --- a/doc/qmail-remote.html +++ b/doc/qmail-remote.html @@ -95,7 +95,9 @@ certificate validation. If the path ends with a slash, like <tt>/etc/ssl/certs/< then it is interpreted as a directory containing hashes to the certificates. If it does not, like <tt>/etc/ssl/cert.pem</tt>, then it is interpreted as a big PEM file containing all the trust anchors. If the file is nonexistent or empty, -or only contains a newline, then STARTTLS is not attempted. </dd> +or only contains a newline, then STARTTLS is not attempted. Note that the +trust anchor list is only useful when <tt>tlsstrictness</tt> is 2 (see below), +but you still need a non-empty list in order to attempt STARTTLS. </dd> <dt> <tt>clientcert</tt> </dt> <dd> If this file exists and is nonempty, it must contain the path to a client @@ -118,7 +120,10 @@ STARTTLS command fails. <strong>1</strong> means that <tt>qmail-remote</tt> will attempt to find a server that supports STARTTLS in order to transmit its e-mail, but will fallback to cleartext if it cannot find any. <strong>2</strong> means that <tt>qmail-remote</tt> will flat out refuse to send e-mail to servers that do not -support STARTTLS or fail to set it up. </dd> +support STARTTLS or fail to set it up. It will also properly verify certificates, +whereas a value lower than 2 doesn't care if the certificate chain does not begin +with a trusted anchor (since it would eventually fall back on an insecure +transport anyway). </dd> </dl> <h2 id="implementation"> Implementation notes </h2> @@ -163,10 +168,10 @@ exchange is actually handled by a separate binary: shows a <tt>qmail-remote-io</tt> process under <tt>qmail-rspawn</tt> instead of the regular <tt>qmail-remote</tt>, that is normal, it means that <tt>qmail-remote</tt> has found a suitable server and is transmitting its -data. If there is a +data. If <tt>qmail-remote</tt> has a <a href="qmail-remote-io.html">qmail-remote-io</a> +child that itself has a <a href="https://skarnet.org/software/s6-networking/s6-tlsc-io.html">s6-tlsc-io</a> -process running as the child of <tt>qmail-remote-io</tt>, it means that the -connection is happening under TLS. </li> +child, it means that the transfer is happening under TLS. </li> </ul> </body> diff --git a/doc/upgrade.html b/doc/upgrade.html index 7ee8df0..6968ffa 100644 --- a/doc/upgrade.html +++ b/doc/upgrade.html @@ -29,7 +29,7 @@ dependency bumped to 2.15.0.0 </li> dependency bumped to 2.15.0.0 </li> <li> New dependency: <a href="//skarnet.org/software/s6-dns/">s6-dns</a> 2.4.1.2 </li> <li> <a href="//skarnet.org/software/s6-networking/">s6-networking</a> -dependency bumped to 2.7.3.0 and made mandatory. </li> +dependency bumped to 2.8.0.0 and made mandatory. </li> </ul> <h2> in 0.0.2.1 </h2> diff --git a/package/deps-build b/package/deps-build index c10cbaf..f2102a0 100644 --- a/package/deps-build +++ b/package/deps-build @@ -1,4 +1,4 @@ true true /package/prog/skalibs 2.15.0.0 libskarnet true false /package/admin/s6 2.15.0.0 libs6 true false /package/web/s6-dns 2.4.1.2 libs6dns -true false /package/net/s6-networking 2.7.3.0 +true false /package/net/s6-networking 2.8.0.0 |