A new version of swaks is currently available for download. This release contains a decent number of tweaks, bug fixes, and reworks. It features new support for the XCLIENT testing protocol (which originates in postfix-land but is in use elsewhere), and quite a few enhancements to the SSL/TLS subsystem.

In the pipeline for the next release of swaks are support for PRDR, a rework of the interactive IO system, and a reasonable header encoding system. If you have a feature you’ve wanted in Swaks, now would be a good time to ask!

Downloads:

• Project Page: http://jetmore.org/john/code/swaks/
• v20130209.0 distribution: http://jetmore.org/john/code/swaks/swaks-20130209.0.tar.gz
• v20130209.0 script only: http://jetmore.org/john/code/swaks/swaks-20130209.0/swaks
• v20130209.0 reference: http://jetmore.org/john/code/swaks/swaks-20130209.0/doc/ref.txt
• v20130209.0 changelog: http://jetmore.org/john/code/swaks/swaks-20130209.0/doc/Changes.txt

New Features:

• Support for the XCLIENT SMTP extension (see http://www.postfix.org/XCLIENT_README.html)
• Added –no-send-hints, –no-receive-hints, and –no-info-hints output control options
• The TLS subsystem got a major facelift, including
• Added –tls-cert and –tls-key options to specify the certificate Swaks will use when negotiationg TLS (debian bug 497654)
• Added more error checking and logging around protocol negotiation
• Added tlsv1_1 and tlsv1_2 as “known” protocol versions
• Added –tls-protocol option
• Added –tls-cipher option
• Added –tls-verify option
• Added –tls-ca-path option

Notable Changes:

• The TLS information lines have changed some:
• Changed “w/” to “with” and “peer subject DN” to “peer DN”
• Changed the TLS cipher line from just NAME to VERSION:NAME:BITS
• Added new line stating the DN of local cert or that none is being used
• If the negotiated protocol version is unknown, print raw version number
• Changes to –dump output
• Added –tls-get-peer-cert setting
• Added locally-available TLS/SSL protocol versions
• Swaks no longer attempts to send QUIT down a connection when TLS negotiation fails. This may cause issues with the use of –tls-optional

Notable Bugs Fixed:

• Previous release did not properly “cancel” SASL session when server did not behave properly (reported by Erwan Legrand)
• Swaks would send QUIT twice in specific cases involving mail rejections, the –quit-after option, and –pipeline
• Swaks would die silently during errors in the SSL protocol negotiation (-tlsc -p 25 would cause it)
• Swaks could fail to handle the end of a TLS session over a pipe transport when the server has closed the connection but Swaks is expecting to read more data