OpenSMTPD

OpenBSD SMTP Server
	"We deliver"
Developer(s)	The OpenBSD Project
Initial release	5.3 / 17 March 2013;10 years ago
Stable release	7.4.0p1 / 16 November 2023;0 days ago
Repository	cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/
Written in	C
Operating system	OpenBSD, FreeBSD, NetBSD, Linux, macOS
Platform	Cross-platform
Standard(s)	RFC 5321
Type	Mail transfer agent
License	ISC
Website	www.opensmtpd.org
As of	July 2016

Last updated November 17, 2023

OpenSMTPD (also known as OpenBSD SMTP Server) is a Unix daemon implementing the Simple Mail Transfer Protocol to deliver messages on a local machine or to relay them to other SMTP servers. It was publicly released on 17 March 2013 with version number 5.3, after being in development since late 2008.

Its portable version, like that of OpenSSH, is developed as a child project which adds the portability code to the OpenBSD version and releases it separately. The portable version was initiated by Charles Longeau and adds support for multiple operating systems including NetBSD, FreeBSD, DragonFly BSD, and several Linux distributions.

History

The development of OpenSMTPD was motivated by a combination of issues with current SMTP daemons: difficult configuration, complicated and difficult to audit code, and unsuitable licensing.^[5]^[6] OpenSMTPD was designed to solve these problems and make mail exchanges accessible to a wider user-base. After a period of development, OpenSMTPD first appeared in OpenBSD 4.6.^[7] The first release shipped with OpenBSD 5.3.^[1]^[2]^[8]

On 2 October 2015, the results of a security audit were released. Version 5.4.4p1 was audited, and nine issues were found.^[9] As a result, OpenSMTPD 5.7.2 was released to address these issues.^[10]

On 28 January 2020, a vulnerability in OpenSMTPD was disclosed that could be remotely exploited to run arbitrary shell commands as root. OpenSMTPD 6.6.2 was released to fix the vulnerability.^[11]

Goals

OpenSMTPD is an attempt by the OpenBSD team to produce an SMTP daemon implementation that is secure, reliable, high performance, simple to security audit and trivial to set up and administer. Code is designed to keep the memory, CPU and disk requirements as low as possible but it is admitted that large mail systems are not intended to be run on low-end machines, and trade-offs are made where higher memory usage would bring indisputable benefits.^[12]

As such, the design goals for OpenSMTPD are: security, ease of use, and performance. Security in OpenSMTPD is achieved by robust validity check in the network input path, use of bounded buffer operations via strlcpy, and privilege separation to mitigate the effects of possible security bugs exploiting the daemon through privilege escalation. In order to simplify the use of SMTP, OpenSMTPD implements a smaller set of functionalities than those available in other SMTP daemons, the objective is to provide enough features to satisfy typical usage at the risk of unsuitability for esoteric or niche requirements.

Related Research Articles

Sendmail is a general purpose internetwork email routing facility that supports many kinds of mail-transfer and delivery methods, including the Simple Mail Transfer Protocol (SMTP) used for email transport over the Internet.

The Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In operation since before 1985, NTP is one of the oldest Internet protocols in current use. NTP was designed by David L. Mills of the University of Delaware.

Theo de Raadt is a South African-born software engineer who lives in Calgary, Alberta, Canada. He is the founder and leader of the OpenBSD and OpenSSH projects and was also a founding member of NetBSD. In 2004, De Raadt won the Free Software Award for his work on OpenBSD and OpenSSH.

chroot is an operation on Unix and Unix-like operating systems that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name files outside the designated directory tree. The term "chroot" may refer to the chroot(2) system call or the chroot(8) wrapper program. The modified environment is called a chroot jail.

Systrace is a computer security utility which limits an application's access to the system by enforcing access policies for system calls. This can mitigate the effects of buffer overflows and other security vulnerabilities. It was developed by Niels Provos and runs on various Unix-like operating systems.

netcat is a computer networking utility for reading from and writing to network connections using TCP or UDP. The command is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of connection its user could need and has a number of built-in capabilities.

Postfix is a free and open-source mail transfer agent (MTA) that routes and delivers electronic mail.

<span class="mw-page-title-main">OpenNTPD</span> Implementation of the Network Time Protocol

OpenNTPD is a Unix daemon implementing the Network Time Protocol to synchronize the local clock of a computer system with remote NTP servers. It is also able to act as an NTP server to NTP-compatible clients.

The Openwall Project is a source for various software, including Openwall GNU/*/Linux (Owl), a security-enhanced Linux distribution designed for servers. Openwall patches and security extensions have been included into many major Linux distributions.

Advanced Configuration and Power Interface (ACPI) is an open standard that operating systems can use to discover and configure computer hardware components, to perform power management, auto configuration, and status monitoring. First released in December 1996, ACPI aims to replace Advanced Power Management (APM), the MultiProcessor Specification, and the Plug and Play BIOS (PnP) Specification. ACPI brings power management under the control of the operating system, as opposed to the previous BIOS-centric system that relied on platform-specific firmware to determine power management and configuration policies. The specification is central to the Operating System-directed configuration and Power Management (OSPM) system. ACPI defines hardware abstraction interfaces between the device's firmware, the computer hardware components, and the operating systems.

seccomp is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit , sigreturn , read and write to already-open file descriptors. Should it attempt any other system calls, the kernel will either just log the event or terminate the process with SIGKILL or SIGSYS. In this sense, it does not virtualize the system's resources but isolates the process from them entirely.

<span class="mw-page-title-main">OpenBGPD</span>

OpenBGPD, also known as OpenBSD Border Gateway Protocol Daemon, is a server software program that allows general purpose computers to be used as routers. It is a Unix system daemon that provides a free, open-source implementation of the Border Gateway Protocol version 4. This allows a machine to exchange routes with other systems that speak BGP.

The OpenBSD operating system focuses on security and the development of security features. According to author Michael W. Lucas, OpenBSD "is widely regarded as the most secure operating system available anywhere, under any licensing terms."

There are a number of Unix-like operating systems based on or descended from the Berkeley Software Distribution (BSD) series of Unix variant options. The three most notable descendants in current use are FreeBSD, OpenBSD, and NetBSD, which are all derived from 386BSD and 4.4BSD-Lite, by various routes. Both NetBSD and FreeBSD started life in 1993, initially derived from 386BSD, but in 1994 migrated to a 4.4BSD-Lite code base. OpenBSD was forked from NetBSD in 1995. Other notable derivatives include DragonFly BSD, which was forked from FreeBSD 4.8, and Apple Inc.'s iOS and macOS, with its Darwin base including a large amount of code derived from FreeBSD.

The Portable C Compiler is an early compiler for the C programming language written by Stephen C. Johnson of Bell Labs in the mid-1970s, based in part on ideas proposed by Alan Snyder in 1973, and "distributed as the C compiler by Bell Labs... with the blessing of Dennis Ritchie."

FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD). The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular open-source BSD operating system, accounting for more than three-quarters of all installed and permissively licensed BSD systems.

OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. The OpenBSD project emphasizes portability, standardization, correctness, proactive security, and integrated cryptography.

OpenSSH is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.

systemd Suite of system components for Linux

systemd is a software suite that provides an array of system components for Linux operating systems. The main aim is to unify service configuration and behavior across Linux distributions. Its primary component is a "system and service manager" – an init system used to bootstrap user space and manage user processes. It also provides replacements for various daemons and utilities, including device management, login management, network connection management, and event logging. The name systemd adheres to the Unix convention of naming daemons by appending the letter d. It also plays on the term "System D", which refers to a person's ability to adapt quickly and improvise to solve problems.

LibreSSL is an open-source implementation of the Transport Layer Security (TLS) protocol. The implementation is named after Secure Sockets Layer (SSL), the deprecated predecessor of TLS, for which support was removed in release 2.3.0. The OpenBSD project forked LibreSSL from OpenSSL 1.0.1g in April 2014 as a response to the Heartbleed security vulnerability, with the goals of modernizing the codebase, improving security, and applying development best practices.

References

1 2 "OpenBSD 5.3 introduces stable SMTPD". h-online.com. 1 May 2013.
1 2 "OpenSMTPD 5.3 released". poolp.org. Archived from the original on 16 April 2016. Retrieved 9 July 2015.
↑ Polo, Omar (25 October 2023). "OpenSMTPD 7.4.0p0 Released". openbsd-announce (Mailing list). Retrieved 25 October 2023.
1 2 "OpenSMTPD Portable Release". OpenBSD. Retrieved 15 October 2015.
↑ "OpenSMTPD Goals". opensmtpd.org.
↑ Corbet, Jonathan (27 May 2009). "Coming soon: OpenSMTPD". Linux Weekly News (LWN). Retrieved 6 April 2012.
↑ "OpenBSD 4.6". openbsd.org.
↑ "OpenBSD 5.3". openbsd.org.
↑ "OpenSMTPD Audit Report". Qualys. 2 October 2015. Retrieved 11 October 2015.
↑ "Announce: OpenSMTPD 5.7.2 released" . Retrieved 11 October 2015.
↑ "Unpleasant vulnerability in OpenSMTPD". LWN.net. Retrieved 30 January 2020.
↑ "OpenSMTPD Goals". opensmtpd.org.

External links

Official website
smtpd(8) – OpenBSD System Manager's Manual
93495 OpenSMTPD TLS Support Socket Exhaustion Remote DoS ^{[ permanent dead link ]}

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[h-online-1] 1 2 "OpenBSD 5.3 introduces stable SMTPD". h-online.com. 1 May 2013.

[opensmtpd_5.3-2] 1 2 "OpenSMTPD 5.3 released". poolp.org. Archived from the original on 16 April 2016. Retrieved 9 July 2015.

[3] Polo, Omar (25 October 2023). "OpenSMTPD 7.4.0p0 Released". openbsd-announce (Mailing list). Retrieved 25 October 2023.

[portable-4] 1 2 "OpenSMTPD Portable Release". OpenBSD. Retrieved 15 October 2015.

[5] "OpenSMTPD Goals". opensmtpd.org.

[6] Corbet, Jonathan (27 May 2009). "Coming soon: OpenSMTPD". Linux Weekly News (LWN). Retrieved 6 April 2012.

[7] "OpenBSD 4.6". openbsd.org.

[8] "OpenBSD 5.3". openbsd.org.

[9] "OpenSMTPD Audit Report". Qualys. 2 October 2015. Retrieved 11 October 2015.

[10] "Announce: OpenSMTPD 5.7.2 released" . Retrieved 11 October 2015.

[11] "Unpleasant vulnerability in OpenSMTPD". LWN.net. Retrieved 30 January 2020.

[12] "OpenSMTPD Goals". opensmtpd.org.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

v t e The OpenBSD Project
Operating system	OpenBSD version history security features
Related projects	bio CARP httpd fdm LibreSSL mandoc mg OpenBGPD OpenIKED OpenNTPD OpenOSPFD OpenSMTPD OpenSSH PF pfsync sensors sndio spamd sudo tmux Xenocara cwm
People	Theo de Raadt Niels Provos
Organizations	OpenBSD Foundation
Publications	OpenBSD Journal