OpenSMTPD

Last updated

OpenBSD SMTP Server
Developer(s) The OpenBSD Project
Initial release5.3 / 17 March 2013;11 years ago (2013-03-17) [1] [2]
Stable release
7.5.0p0 / 10 April 2024;5 months ago (2024-04-10) [3]
Repository cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/
Written in C
Operating system OpenBSD, FreeBSD, NetBSD, Linux, macOS [4]
Platform Cross-platform [4]
Standard(s) RFC 5321
Type Mail transfer agent
License ISC
Website www.opensmtpd.org   OOjs UI icon edit-ltr-progressive.svg
As ofJuly 2016

OpenSMTPD (also known as OpenBSD SMTP Server) is a Unix daemon implementing the Simple Mail Transfer Protocol to deliver messages on a local machine or to relay them to other SMTP servers. It was publicly released on 17 March 2013 with version number 5.3, after being in development since late 2008.

Contents

OpenSMTPD is primarily developed by Gilles Chehade, Eric Faurot and Charles Longeau as part of the OpenBSD project. Its design goals include security, reliability, ease of configuration, and support for common use cases. The source code is available under the ISC license.

Its portable version, like that of OpenSSH, is developed as a child project which adds the portability code to the OpenBSD version and releases it separately. The portable version was initiated by Charles Longeau and adds support for multiple operating systems including NetBSD, FreeBSD, DragonFly BSD, and several Linux distributions.

History

The development of OpenSMTPD was motivated by a combination of issues with current SMTP daemons: difficult configuration, complicated and difficult to audit code, and unsuitable licensing. [5] [6] OpenSMTPD was designed to solve these problems and make mail exchanges accessible to a wider user-base. After a period of development, OpenSMTPD first appeared in OpenBSD 4.6. [7] The first release shipped with OpenBSD 5.3. [1] [2] [8]

On 2 October 2015, the results of a security audit were released. Version 5.4.4p1 was audited, and nine issues were found. [9] As a result, OpenSMTPD 5.7.2 was released to address these issues. [10]

On 28 January 2020, a vulnerability in OpenSMTPD was disclosed that could be remotely exploited to run arbitrary shell commands as root. OpenSMTPD 6.6.2 was released to fix the vulnerability. [11] [12]

Goals

OpenSMTPD is an attempt by the OpenBSD team to produce an SMTP daemon implementation that is secure, reliable, high performance, simple to security audit and trivial to set up and administer. Code is designed to keep the memory, CPU and disk requirements as low as possible but it is admitted that large mail systems are not intended to be run on low-end machines, and trade-offs are made where higher memory usage would bring indisputable benefits. [13]

As such, the design goals for OpenSMTPD are: security, ease of use, and performance. Security in OpenSMTPD is achieved by robust validity check in the network input path, use of bounded buffer operations via strlcpy, and privilege separation to mitigate the effects of possible security bugs exploiting the daemon through privilege escalation. In order to simplify the use of SMTP, OpenSMTPD implements a smaller set of functionalities than those available in other SMTP daemons, the objective is to provide enough features to satisfy typical usage at the risk of unsuitability for esoteric or niche requirements.

Related Research Articles

<span class="mw-page-title-main">Sendmail</span> Open-source mail transfer agent

Sendmail is a general purpose internetwork email routing facility that supports many kinds of mail-transfer and delivery methods, including the Simple Mail Transfer Protocol (SMTP) used for email transport over the Internet.

<span class="mw-page-title-main">Network Time Protocol</span> Standard protocol for synchronizing time across devices

The Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In operation since before 1985, NTP is one of the oldest Internet protocols in current use. NTP was designed by David L. Mills of the University of Delaware.

<span class="mw-page-title-main">Theo de Raadt</span> Leader of the OpenBSD project (born 1968)

Theo de Raadt is a South African-born software engineer who lives in Calgary, Canada. He is the founder and leader of the OpenBSD and OpenSSH projects and was also a founding member of NetBSD. In 2004, De Raadt won the Free Software Award for his work on OpenBSD and OpenSSH.

chroot Operation that changes the apparent root directory in Unix-like systems

chroot is an operation on Unix and Unix-like operating systems that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name files outside the designated directory tree. The term "chroot" may refer to the chroot(2) system call or the chroot(8) wrapper program. The modified environment is called a chroot jail.

Systrace is a computer security utility which limits an application's access to the system by enforcing access policies for system calls. This can mitigate the effects of buffer overflows and other security vulnerabilities. It was developed by Niels Provos and runs on various Unix-like operating systems.

netcat Computer networking utility

netcat is a computer networking utility for reading from and writing to network connections using TCP or UDP. The command is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of connection its user could need and has a number of built-in capabilities.

<span class="mw-page-title-main">Postfix (software)</span> Mail transfer agent

Postfix is a free and open-source mail transfer agent (MTA) that routes and delivers electronic mail.

<span class="mw-page-title-main">OpenNTPD</span> Implementation of the Network Time Protocol

OpenNTPD is a Unix daemon implementing the Network Time Protocol to synchronize the local clock of a computer system with remote NTP servers. It is also able to act as an NTP server to NTP-compatible clients.

<span class="mw-page-title-main">Openwall Project</span> Software distributor

The Openwall Project is a source for various software, including Openwall GNU/*/Linux (Owl), a security-enhanced Linux distribution designed for servers. Openwall patches and security extensions have been included into many major Linux distributions.

Advanced Configuration and Power Interface (ACPI) is an open standard that operating systems can use to discover and configure computer hardware components, to perform power management, auto configuration, and status monitoring. It was first released in December 1996. ACPI aims to replace Advanced Power Management (APM), the MultiProcessor Specification, and the Plug and Play BIOS (PnP) Specification. ACPI brings power management under the control of the operating system, as opposed to the previous BIOS-centric system that relied on platform-specific firmware to determine power management and configuration policies. The specification is central to the Operating System-directed configuration and Power Management (OSPM) system. ACPI defines hardware abstraction interfaces between the device's firmware, the computer hardware components, and the operating systems.

seccomp is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit , sigreturn , read and write to already-open file descriptors. Should it attempt any other system calls, the kernel will either just log the event or terminate the process with SIGKILL or SIGSYS. In this sense, it does not virtualize the system's resources but isolates the process from them entirely.

<span class="mw-page-title-main">OpenBGPD</span> Open-source BGP daemon implementation

OpenBGPD, also known as OpenBSD Border Gateway Protocol Daemon, is a server software program that allows general purpose computers to be used as routers. It is a Unix system daemon that provides a free, open-source implementation of the Border Gateway Protocol version 4. This allows a machine to exchange routes with other systems that speak BGP.

The OpenBSD operating system focuses on security and the development of security features. According to author Michael W. Lucas, OpenBSD "is widely regarded as the most secure operating system available anywhere, under any licensing terms."

There are a number of Unix-like operating systems based on or descended from the Berkeley Software Distribution (BSD) series of Unix variant options. The three most notable descendants in current use are FreeBSD, OpenBSD, and NetBSD, which are all derived from 386BSD and 4.4BSD-Lite, by various routes. Both NetBSD and FreeBSD started life in 1993, initially derived from 386BSD, but in 1994 migrated to a 4.4BSD-Lite code base. OpenBSD was forked from NetBSD in 1995. Other notable derivatives include DragonFly BSD, which was forked from FreeBSD 4.8.

The Portable C Compiler is an early compiler for the C programming language written by Stephen C. Johnson of Bell Labs in the mid-1970s, based in part on ideas proposed by Alan Snyder in 1973, and "distributed as the C compiler by Bell Labs... with the blessing of Dennis Ritchie."

<span class="mw-page-title-main">FreeBSD</span> Free and open-source Unix-like operating system

FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD). The first version of FreeBSD was released in 1993 developed from 386BSD and the current version runs on IA-32, x86-64, ARM, PowerPC and RISC-V processors. The project is supported and promoted by the FreeBSD Foundation.

<span class="mw-page-title-main">OpenBSD</span> Operating system

OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. The OpenBSD project emphasizes portability, standardization, correctness, proactive security, and integrated cryptography.

<span class="mw-page-title-main">OpenSSH</span> Set of computer programs providing encrypted communication sessions

OpenSSH is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.

systemd Suite of system components for Linux

systemd is a software suite that provides an array of system components for Linux operating systems. The main aim is to unify service configuration and behavior across Linux distributions. Its primary component is a "system and service manager" — an init system used to bootstrap user space and manage user processes. It also provides replacements for various daemons and utilities, including device management, login management, network connection management, and event logging. The name systemd adheres to the Unix convention of naming daemons by appending the letter d. It also plays on the term "System D", which refers to a person's ability to adapt quickly and improvise to solve problems.

<span class="mw-page-title-main">LibreSSL</span> Open-source implementation of TLS protocols; forked from OpenSSL in 2014

LibreSSL is an open-source implementation of the Transport Layer Security (TLS) protocol. The implementation is named after Secure Sockets Layer (SSL), the deprecated predecessor of TLS, for which support was removed in release 2.3.0. The OpenBSD project forked LibreSSL from OpenSSL 1.0.1g in April 2014 as a response to the Heartbleed security vulnerability, with the goals of modernizing the codebase, improving security, and applying development best practices.

References

  1. 1 2 "OpenBSD 5.3 introduces stable SMTPD". h-online.com. 1 May 2013.
  2. 1 2 "OpenSMTPD 5.3 released". poolp.org. 17 March 2013. Retrieved 27 September 2024.
  3. Polo, Omar (10 April 2024). "OpenSMTPD 7.5.0p0 Released". openbsd-announce (Mailing list). Retrieved 27 September 2024.
  4. 1 2 "OpenSMTPD Portable Release". OpenBSD. Retrieved 15 October 2015.
  5. "OpenSMTPD Goals". opensmtpd.org.
  6. Corbet, Jonathan (27 May 2009). "Coming soon: OpenSMTPD". Linux Weekly News (LWN). Retrieved 6 April 2012.
  7. "OpenBSD 4.6". openbsd.org.
  8. "OpenBSD 5.3". openbsd.org.
  9. "OpenSMTPD Audit Report". Qualys. 2 October 2015. Retrieved 11 October 2015.
  10. "Announce: OpenSMTPD 5.7.2 released" . Retrieved 11 October 2015.
  11. "Unpleasant vulnerability in OpenSMTPD". LWN.net. Retrieved 30 January 2020.
  12. "OpenSMTPD advisory dissected" . Retrieved 30 January 2020.
  13. "OpenSMTPD Goals". opensmtpd.org.