Subject: Announce: OpenSMTPD 5.7.3 released

OpenSMTPD 5.7.3 has just been released.

OpenSMTPD is a FREE implementation of the SMTP protocol with some common
extensions. It allows ordinary machines to exchange e-mails with systems
speaking the SMTP protocol. It implements a fairly large part of RFC5321
and can already cover a large range of use-cases.

It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, OSX and Linux.

The archives are now available from the main site at www.OpenSMTPD.org

We would like to thank the OpenSMTPD community for their help in testing
the snapshots, reporting bugs, contributing code and packaging for other
systems.

This is a minor release with security and reliability fixes only.
You are encouraged to update as soon as possible.

Issues fixed in this release (since 5.7.2):
===========================================

- fix an mda buffer truncation bug which allows a user to create forward
  files that pass session checks but fail delivery later down the chain,
  within the user mda [0]
- fix remote buffer overflow in unprivileged pony process [1]
- reworked offline enqueue to better protect against hardlink attacks [2]


[0] reported by Holger Jahn
[1] reported by Jason A. Donenfeld
[2] reported by Qualys Security


Checksums:
==========

  SHA256 (opensmtpd-5.7.3.tar.gz) =
  a922dcf75804d700c2d83aa0b4121b0fc11d6ccbc729c71bf519279a24e9d39f

  SHA256 (opensmtpd-5.7.3p1.tar.gz) =
  848a3c72dd22b216bb924b69dc356fc297e8b3671ec30856978950208cba74dd


Verify:
=======

Starting with version 5.7.1, releases are signed with signify(1).

You can obtain the public key from our website, check with our community
that it has not been altered on its way to your machine.

Once you are confident the key is correct, you can verify the release as
described below:

1- get the signature file corresponding to the tarball you're installing

   $ wget https://www.opensmtpd.org/archives/opensmtpd-5.7.3.sum.sig


2- check that the tarball matches the checksum:

   $ sha256 opensmtpd-5.7.3.tar.gz
   SHA256 (opensmtpd-5.7.3.tar.gz) =
   a922dcf75804d700c2d83aa0b4121b0fc11d6ccbc729c71bf519279a24e9d39f
   $ cat opensmtpd-5.7.3.sum.sig |tail -1 | cut -d= -f2
    a922dcf75804d700c2d83aa0b4121b0fc11d6ccbc729c71bf519279a24e9d39f


3- verify that the signature file was not forged:

   $ signify -V -e -p opensmtpd.pub -m opensmtpd-5.7.3.sum
   Signature Verified


Support:
========

You are encouraged to register to our general purpose mailing-list:
    http://www.opensmtpd.org/list.html

The "Official" IRC channel for the project is at:
    #OpenSMTPD @ irc.freenode.net


Reporting Bugs:
===============

Please read http://www.opensmtpd.org/report.html
Security bugs should be reported directly to security@opensmtpd.org
Other bugs may be reported to bugs@opensmtpd.org

OpenSMTPD is brought to you by Gilles Chehade, Eric Faurot and
Sunil Nimmagadda.