Swaks Release 20130209.0 Available

A new version of swaks is currently available for download. This release contains a decent number of tweaks, bug fixes, and reworks. It features new support for the XCLIENT testing protocol (which originates in postfix-land but is in use elsewhere), and quite a few enhancements to the SSL/TLS subsystem.

In the pipeline for the next release of swaks are support for PRDR, a rework of the interactive IO system, and a reasonable header encoding system. If you have a feature you’ve wanted in Swaks, now would be a good time to ask!


New Features:

  • Support for the XCLIENT SMTP extension (see http://www.postfix.org/XCLIENT_README.html)
  • Added –no-send-hints, –no-receive-hints, and –no-info-hints output control options
  • The TLS subsystem got a major facelift, including
    • Added –tls-cert and –tls-key options to specify the certificate Swaks will use when negotiationg TLS (debian bug 497654)
    • Added more error checking and logging around protocol negotiation
    • Added tlsv1_1 and tlsv1_2 as “known” protocol versions
    • Added –tls-protocol option
    • Added –tls-cipher option
    • Added –tls-verify option
    • Added –tls-ca-path option

Notable Changes:

  • The TLS information lines have changed some:
    • Changed “w/” to “with” and “peer subject DN” to “peer DN”
    • Changed the TLS cipher line from just NAME to VERSION:NAME:BITS
    • Added new line stating the DN of local cert or that none is being used
    • If the negotiated protocol version is unknown, print raw version number
  • Changes to –dump output
    • Added –tls-get-peer-cert setting
    • Added locally-available TLS/SSL protocol versions
  • Swaks no longer attempts to send QUIT down a connection when TLS negotiation fails. This may cause issues with the use of –tls-optional

Notable Bugs Fixed:

  • Previous release did not properly “cancel” SASL session when server did not behave properly (reported by Erwan Legrand)
  • Swaks would send QUIT twice in specific cases involving mail rejections, the –quit-after option, and –pipeline
  • Swaks would die silently during errors in the SSL protocol negotiation (-tlsc -p 25 would cause it)
  • Swaks could fail to handle the end of a TLS session over a pipe transport when the server has closed the connection but Swaks is expecting to read more data

Leave a Reply

Your email address will not be published. Required fields are marked *