I-Exim 4.97 sele ikhutshiwe kwaye ezi ziimpawu zayo ezintsha

khululiwe

I-Exim yiarhente yothutho lweposi

I inguqulelo entsha ye-Exim 4.97, efika emva kwe-3 RC kwaye kolu kukhutshwa okutsha kuphunyeziwe iimpawu ezintsha, kunye nokuphuculwa kwangaphakathi, ukulungiswa kunye nokunye.

Kulabo abangazi khululiwe, Kuya kufuneka uyazi ukuba le umphathi weposi (Ummeli wezoThutho lweMeyile, uhlala eyi-MTA) iphuhliswe ukuba isetyenziswe kwiinkqubo ezininzi ze-Unix, kubandakanya iGNU / Linux.

Este Unobhetyebhetye olukhulu kwiindlela imiyalezo engayilandela ngokwemvelaphi yazo kunye ne-por ukwazisa ukusebenza kolawulo logaxekile, uluhlu lweebhloko ezisekwe kwi-DNS (I-DNSBL), ii-virus, ulawulo lwe-relay, abasebenzisi kunye nemimandla ebonakalayo nabanye, Ezicwangciswe ngakumbi okanye zigcinwa ngokulula kwaye zigcinwa.

Iprojekthi inamaxwebhu afanelekileyo, imizekelo "yokwenza" imisebenzi ethile. Exim isasazwa simahla phantsi kwelayisenisi yeGNU GPL.

Iimpawu ezintsha eziphambili ze-Exim 4.97

Kolu guqulelo lutsha oluvezwa Exim 4.97, Kuqatshelwe ukuba usetyenziso lwe exim_msgdate luphunyeziwe ukuguqula izichazi zomyalezo (ID yomyalezo) kwifomati ebonakalayo, ngokunjalookanye nabalawuli bemigca Ngoku zinokuqalwa kwinkqubo enye yangasemva.

Olunye utshintsho olugqamayo kolu guqulelo lutsha lwe-Exim 4.97 lu isiganeko esitsha esiphakanyiswe kumxhasi kunye necala lomncedisi xa uqinisekiso lusilela nge-SMTP AUTH, ikwaqaqambisa inkxaso yeemacros ezichazwe kwangaphambili ukwandisa izinto, abaqhubi, iimeko kunye nezinto eziguquguqukayo, kunye umgca womyalelo ukhetho lokubonisa kuphela umyalezo we-ID emgceni kunye nokukwazi ukuqwalasela i-SNI ye-TLS kwi-${readsocket } umsebenzisi wokwandisa.

Kwelinye icala, kuyakhankanywa ukuba Ubuthathaka obuhlanu obuchongiweyo bulungisiwe ekupheleni kukaSeptemba, ezintathu zazo (CVE-2023-42115, CVE-2023-42116, CVE-2023-42117) ikuvumela ukuba usebenzise ikhowudi yakho ukude ngaphandle koqinisekiso kumncedisi ngamalungelo kwinkqubo eyamkela uxhulumaniso kwizibuko lenethiwekhi 25, kunye nezimbini eziseleyo (I-CVE-2023-42114 kunye neCVE-2023-42119) inokubangela ukuvuza kwememori kwinkqubo yokusebenzela izicelo zomsebenzi womnatha.

Uphumezo loqhagamshelo lwe-SMTP olushukumiweyo lwe-TLS-on-connect port, ukuqala i-TLS, njengoko kwakunjalo emva. Ulandelelwano olutsha lulungelelanisa ngcono nokuziphatha kwe-STARTTLS kwaye ivumela ukhuseleko ngokuchasene nokuhlaselwa kwe-cryptographic processing payload, nangona ilutshintsho olungqongqo olungaxhaswanga. Kwakhona, kunqanda ukuthumela nayiphi na impendulo yemposiso ye-SMTP yoqhagamshelwano ACL okanye host_reject_connection, kumazibuko TLS-on-connect.

Olunye utshintsho Yintoni ebalaseleyo kolu guqulelo lutsha lwe-Exim 4.97:

  • Ukukwazi ukuseta izinto eziguquguqukayo zongezwe kwindlela yovavanyo lolwandiso lomtya olubizwa xa uqhuba Exim nge "-kube«.
  • Umahluko wongezwa $ umthumeli_helo_verified equlathe isiphumo sokusebenzisa i ACL "qinisekisa = helo".
  • Kuqinisekiswe ukwandiswa kwangaphambili (phambi kokusetyenziswa) kokhetho I-SMTP "max_rcpt".
  • Ikhetho tls_eccurve ye-OpenSSL ivumela ukufumana uluhlu lwamagama eqela.
  • Umsebenzisi wongeziweyo ukwahlula imigca eeheader ezinde.
  • Iintetho eziqhelekileyo zivumelekile kwisilungisi ACL remove_header.
  • Umahluko wongezwa $recipients_list ngoluhlu lwabamamkeli abasinda ngokuchanekileyo.
  • Iparameter yaphunyezwa Isikhethi se-log_select ukubonisa ii-ID zoqhagamshelwano ezingenayo.
  • Kwi-OpenSSL ukulayishwa kwakhona okuzenzekelayo kovavanyo lwe-OCSP yomncedisi olungisiweyo kwalungiswa ukususela kwixesha elidlulileyo, ukuba ifayile enovavanyo yayinegama elingatshintshwanga, iimvavanyo ezintsha zaye zalungiswa.
    zilayishwe phezu kwezindala.
  • I-OpenSSL ilungise umcimbi kunye nabathengi abadala abafuna inkxaso ye-TLS kwiinguqulelo ezingaphambi kwe-TLSv1,2. Ngaphambili, iinguqulelo ezintsha ze-OpenSSL zazivumela ulungelelwaniso olubanzi lwenkqubo ukuba lubhale ngaphezulu useto lwe-Exim.
  • Ukusetyenziswa kwemeko ye-ACL "encrypted" ngoku ivumelekile ukuba isetyenziswe kwi-HELO/EHLO ACLs.

Khuphela i-Exim 4.97

Ukufumana le nguqulo intsha ye-Exim 4.97 Kuya kufuneka uye kwiwebhusayithi esemthethweni apho kwicandelo lokukhuphela unokufumana amakhonkco ahambelana nale nguqulo intsha. Ikhonkco yile.


Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.