This release fixes detection of server capabilities, in particular the list of supported authentication methods: the last method reported by the server was not recognized by mpop. This bug was introduced in version 1.4.19.
The bug was found and fixed by Michaƫl Cadilhac. Thank you very much!
Furthermore, translations were updated. Thanks again to everyone at translationproject.org!This release adds support for SCRAM-SHA-*-PLUS authentication, and prefers to use the SCRAM methods if they are available. A few corner case bugs were fixed. Translations were updated, thanks again to everyone at translationproject.org!
By the way: 20 years ago (on June 8), mpop version 0.1.0 was released. This was the first public version. It appeared 11 months after msmtp, and both still share a large part of their source code.
This release fixes XOAUTH2 authentication problems and updates translations (including a new Swedish translation).
This release adds a new configuration command eval that replaces
the current configuration file line with the output of a command (similar to
passwordeval, but more general).
Furthermore, a few minor problems were corrected and the documentation and translations were updated.
This release fixes a few minor problems related to translations and the documentation.
This release adds a new minimal POP3 server called mpopd.
You can use it as a gateway between mpop and mail software such as Thunderbird that
cannot use local mail boxes directly and insists on using a POP3 server.
Similarly, msmtpd (part of msmtp)
can now be used as a gateway between a msmtp and mail software that
insists on using an SMTP server.
So now you can have full control over incoming and outgoing mail, including all the processing and filtering
with any tools you want, while still using a mail client that does not give you these options itself.
See the msmtpd and
mpopd documentation for examples.
This release fixes a potential crash (null pointer dereference) that happens when the server does not support the UIDL command.
Furthermore, for configurations using libtls instead of GnuTLS, the tls_fingerprint and tls_certcheck commands
were fixed.
A recent security analysis of STARTTLS revealed
many problems of STARTTLS (as opposed to immediate TLS) in mail clients and servers.
The researchers published their fake mail server
software that can be used for testing client software such as mpop.
I used this software to test mpop and found no problems related to STARTTLS, but I would be grateful if someone
could double check this in case I missed something. Please let me know your results,
I will update this news item accordingly!
I did however find a potential null-pointer dereference if the server does not support the UIDL command.
This is now fixed in the git repository.
This release adds support for SCRAM-SHA-256 authentication via libgsasl thanks to Simon Josefsson. It also updates translations.
This release adds support for the libtls library (provided by the LibreSSL project), thanks to Nihal Jere.
This is the third TLS library supported by mpop. Use the --with-tls= option of the configure script to choose one.
Here's an overview:
--with-tls=gnutls): The default choice. Full feature set.--with-tls=libtls): A brand new addition. Already with full feature set.--with-tls=openssl): Old code, in bad shape. Needs to be updated or it will be removed.
This release add support for XOAUTH2 authentication, the predecessor of OAUTHBEARER that is still in use.
The passwordeval command can now handle long inputs for these methods.
Furthermore, translations were updated. Thanks again to the translators at translationproject.org!
Portability was improved. There should be no "permission denied" errors for temporary files on Windows systems anymore.
Translations were updated. Thanks again to the translators at translationproject.org!
Christian Tenllado documented how to use msmtp with OAuth2 authentication for Gmail. The same approach should also work for mpop.
This version updates internationalization files and includes a new serbian translation. Thanks to the translators at translationproject.org!
This version includes the folowing changes:
socket command and --socket option to connect via local sockets.tls_host_override command and --tls-host-override option to
override the host name used for TLS verification.source_ip command for proxies.This minor update fixes a build problem on MinGW and synchronizes some source files with msmtp.
This minor update fixes a build problem on Cygwin and updates the Vim syntax files.
This version fixes OAUTHBEARER authentication, adds support for TLS client certificates via PKCS11 devices such as smart cards, and fixes a few minor bugs.
This version adds support for the OAUTHBEARER authentication method and fixes a few minor bugs.
The git repository contains new support for the OAUTHBEARER authentication
method, formerly known as XOAUTH2, a method pushed mainly by Google.
This means mpop can now use an OAuth2 token for authentication by setting
auth oauthbearer in the configuration file. The token is typically
passed to mpop via the passwordeval command since it changes
regularly.
However, mpop does not provide a way to generate such a token. This depends on
your mail provider.
Since I do not use this method myself, it would be great if you could test this
feature and maybe document how to generate the necessary token for your mail
provider, so that I can add examples to the documentation.
Looking forward to your feedback!
The source code moved to git.marlam.de, see the updated download instructions.
The reason is that gitlab vanished from Debian stable and there is no working upgrade path
to the version in Debian backports. Sorry for the inconvenience.
This version fixes a security problem that affects version 1.4.2 (older versions are not affected):
when the new default value system for tls_trust_file is used, the result
of certificate verification was not properly checked.
Update 2019-02-14: The same problem in msmtp has been assigned CVE-2019-8337. This is the patch that fixes it (included in version 1.4.3).
This version simplifies configuration:
--configure user@example.com option automatically
generates a configuration for the given mail address. This works for domains
that publish appropriate SRV records (as they should according to RFC 8314).tls on to activate TLS because
there is a new default value for tls_trust_file that selects
the system default trust.
This version fixes a bug that broke TLS 1.3 support.
Furthermore, translations are now handled by the Translation Project, and a new Ukrainian
translation is already included in this release. Many thanks to the translators!
If you do not want to upgrade to the 1.4 series yet but you need TLS 1.3 support, you can apply this patch to mpop version 1.2.8 or 1.0.29.
This is the first release of the new stable release series. Noteworthy changes since 1.2.8:
passwordeval command does not require the password to be terminated by a
new line character anymore.This is a release candidate for the upcoming 1.4.x stable release series. The following changes were made:
It is recommended to use mpop with GnuTLS instead of OpenSSL. The upcoming version of mpop will not use OpenSSL automatically anymore, and if you choose it manually, you will get a warning.
The reasons for this are listed in this news entry for msmtp (mpop and msmtp use the same TLS code).
New in this release:
~/.config/mpop/config as configuration file--source-ip option or source_ip commandNew in this release:
~/.config/mpop/config as configuration file
After many years, this project moved from Sourceforge to a self-hosted gitlab instance:
https://gitlab.marlam.de/marlam/mpop.
Older news are stored in the news archive.