A new version of swaks is currently available for download. This release contains a decent number of tweaks, bug fixes, and reworks. It features new support for the XCLIENT testing protocol (which originates in postfix-land but is in use elsewhere), and quite a few enhancements to the SSL/TLS subsystem.
In the pipeline for the next release of swaks are support for PRDR, a rework of the interactive IO system, and a reasonable header encoding system. If you have a feature you’ve wanted in Swaks, now would be a good time to ask!
Downloads:
- Project Page: http://jetmore.org/john/code/swaks/
- v20130209.0 distribution: http://jetmore.org/john/code/swaks/swaks-20130209.0.tar.gz
- v20130209.0 script only: http://jetmore.org/john/code/swaks/swaks-20130209.0/swaks
- v20130209.0 reference: http://jetmore.org/john/code/swaks/swaks-20130209.0/doc/ref.txt
- v20130209.0 changelog: http://jetmore.org/john/code/swaks/swaks-20130209.0/doc/Changes.txt
New Features:
- Support for the XCLIENT SMTP extension (see http://www.postfix.org/XCLIENT_README.html)
- Added –no-send-hints, –no-receive-hints, and –no-info-hints output control options
- The TLS subsystem got a major facelift, including
- Added –tls-cert and –tls-key options to specify the certificate Swaks will use when negotiationg TLS (debian bug 497654)
- Added more error checking and logging around protocol negotiation
- Added tlsv1_1 and tlsv1_2 as “known” protocol versions
- Added –tls-protocol option
- Added –tls-cipher option
- Added –tls-verify option
- Added –tls-ca-path option
Notable Changes:
- The TLS information lines have changed some:
- Changed “w/” to “with” and “peer subject DN” to “peer DN”
- Changed the TLS cipher line from just NAME to VERSION:NAME:BITS
- Added new line stating the DN of local cert or that none is being used
- If the negotiated protocol version is unknown, print raw version number
- Changes to –dump output
- Added –tls-get-peer-cert setting
- Added locally-available TLS/SSL protocol versions
- Swaks no longer attempts to send QUIT down a connection when TLS negotiation fails. This may cause issues with the use of –tls-optional
Notable Bugs Fixed:
- Previous release did not properly “cancel” SASL session when server did not behave properly (reported by Erwan Legrand)
- Swaks would send QUIT twice in specific cases involving mail rejections, the –quit-after option, and –pipeline
- Swaks would die silently during errors in the SSL protocol negotiation (-tlsc -p 25 would cause it)
- Swaks could fail to handle the end of a TLS session over a pipe transport when the server has closed the connection but Swaks is expecting to read more data