There is a list of upcoming/planned features on the TODO page.
If you have a feature you need or would like, feel free to put an issue on the issue tracker or take a look at the Contributing section for information on how you could implement the functionality yourself.
Blackhole now officially supports Python 3.10.
Blackhole now officially supports Pyston 2.2 and above.
Release to update PyPI pages to remove references to Travis CI.
Blackhole now officially supports Python 3.9.
Blackhole no longer supports Python 3.6.
Blackhole now officially supports Python 3.8 and PyPy3. There are issues using blackhole with uvloop on PyPy3 so that usecase is not supported.
Blackhole now officially supports Python 3.7.
Version bump release.
This is a small release that brings improvements to the test system and has no changes that will impact users. It only has changes that affect Travis CI and updates for make targets and tox.
Mostly a bugfix release.
Added new command
blackhole_config to display config options on command line.
Introduced the ability to use uvloop in place of the default
The 2.1.5 release is actually a tiny bug fix release that I’m combining with the large 2.1.4 release.
Squashed bugs related to
socket.socket failing in child processes. These squashed bugs fix IPv6 which had a tendency of not working as expected.
Added communication between supervisor and children, allow children to be restarted if they fail to communicate to the supervisor.
delay are configured in a listener directive, that listener will ignore the global mode and delay options for that listener. Setting mode and delay on a listener will also disable Dynamic Switches for that listener, automatically.
Internal module loading changes
Added test utilities to the test suite.
The blackhole environment will be reset for each test.
Added a lot of testing to supervisor, worker and child functionality.
--quiet mode to suppress warnings when using
-ls/--less-secure, running as the root user or not using the tls_dhparams option.
Improved shutdown procedure, now does a much better job of disconnecting clients and closing everything before exiting.
Added an internal counter of invalid SMTP commands. Mitigate DoS attacks, maximum failed commands per connection is 10. Clients that violate this rule get disconnected.
Squashed a bug that caused children to not properly apply their TLS context.
Squashed a bug that caused workers to be spawned with their old privileges when combined with the
--daemon flags and a reduced privilege user and group.
Squashed a bug that caused the pid file to retain old privileges when given a reduced privilege user and group and the
(This is actually the planned 2.1.0 release, but PyPI refused to let me use that version number)
SIZE= being parsed in the
Huge overhaul of testing, finally almost all of
Added worker processes.
SMTP Submission (port 587) is automatically used as a listener alongside port 25.
SIZE= checks in
MAIL FROM command, rather than waiting until
Added EXPN verb. – EXPN
Updated many verbs to allow on-the-fly modification of return codes. – Dynamic responses
Added a list of Supported commands/verbs & parameters
Fixed a misspelled TLS cipher.
CDHE-ECDSA-AES128-GCM-SHA256 should have been written as
ECDHE-ECDSA-AES128-GCM-SHA256. This typo simply meant that cipher was unavailable for use, the other nine strong ciphers were/are still fully available.
Configuration options document compiled.
In-line comments in configuration files are now supported and the comment is ignored.
listen = :25, :::25 # IPv4 and IPv6
Will be read as.
listen = :25, :::25
Large scale documentation updates. Pretty much everything should be fully documented now, including all
SystemExit calls including their return codes.
Added an option to disable
ssl.OP_SINGLE_ECDH_USE. Reduces CPU overhead at the expense of security. Disabled by default, warns if used. Slightly better for high load environments. – Command line options
Fixed a TLS cipher listing issue.
Fixed bug with TLS context not being passed to the socket listener.
Added error catching to
socket.SO_REUSEPORT – on some systems this is available while still triggering a Protocol Error and causing blackhole to crash. The error catching will attempt to set this option if it’s available but silently ignore it if it errors.
Added failsafe checks for IPv6 functionality. – If you specify an IPv6 listener but Python or the kernel have not been compiled with IPv6 support, an error will be returned.
Moved out functionality for creating sockets and TLS contexts to separate control functions.
Added warning for TLS being used with no Diffie Hellman ephemeral parameters being configured. – Configuration options
Added further security to TSL. The following options are now enforced.
ssl.OP_CIPHER_SERVER_PREFERENCE. See the Python documentation for more information on the flags.
Added IPv6 support.
Added email headers to SIZE checks. Resolves a potential DoS risk.
Enable or disable dynamic switches in configuration.
Fixed a bug with dynamic switches not being processed.
Re-added the ability to configure max message size. Displays in EHLO and enforced in DATA command. Default is 512000 bytes (512 KB).
Added tls_dhparams options for loading Diffie Hellman ephemeral parameters.
Added SMTP AUTH mechanisms. Currently PLAIN, LOGIN and CRAM-MD5 are supported.
Added pidfile and related self tests to config_test command.
No changes in particular except documentation changes. Tag was created specifically for release to PyPI.
Added HELP verb that lists all available SMTP verbs. Sending
HELP <COMMAND> will return the syntax for the specified command.
C: HELP S: 250 Supported commands: DATA EHLO ETRN HELO... C: HELP HELO S: 250 Syntax: HELO domain.tld C: HELP INVALID S: 501 Supported commands: DATA EHLO ETRN HELO...
TLS settings changed based on format taken from https://docs.python.org/3/library/ssl.html#ssl-security.
TLS ‘modern’ ciphers enforced, ciphers taken from https://wiki.mozilla.org/Security/Server_Side_TLS.
0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD 0xCC,0x14 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20(256) Mac=AEAD 0xCC,0x13 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=ChaCha20(256) Mac=AEAD 0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD 0xC0,0x24 - ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 0xC0,0x23 - ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 0xC0,0x27 - ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
Now requires Python 3.5 or above.
Removed config options from command line args. Now only available in config file.
Removed ‘offline’ and ‘unavailable’ modes.
Refactored init.d/debian-ubuntu/blackhole, added configtest target.
Removed reliance on all third party libraries.
Removed deiman third party library and built it in.
Debug flag no longer gives a warning.
Delay flag is no longer a blocking method, now non-blocking and asynchronous.
A lot of status codes have been removed.