Changelog

Upcoming/planned features

There is a list of upcoming/planned features on the TODO page.

Two of the biggest upcoming features will be POP3 and IMAP4support, to help with email client development, tesing and whatever else you want to use it for.

If you have a feature you need or would like, feel free to put an issue on the issue tracker or take a look at the Contributing section for information on how you could implement the functionality yourself.

Current release

2.1.19

  • Blackhole now officially supports Python 3.10.

Past releases

2.1.18

  • Blackhole now officially supports Pyston 2.2 and above.

2.1.17

  • Release to update PyPI pages to remove references to Travis CI.

2.1.16

  • Blackhole now officially supports Python 3.9.

  • Blackhole no longer supports Python 3.6.

2.1.15

  • Blackhole now officially supports Python 3.8 and PyPy3. There are issues using blackhole with uvloop on PyPy3 so that usecase is not supported.

2.1.13

  • Blackhole now officially supports Python 3.7.

2.1.11

  • Version bump release.

2.1.10

  • This is a small release that brings improvements to the test system and has no changes that will impact users. It only has changes that affect Travis CI and updates for make targets and tox.

2.1.9

2.1.8

  • Mostly a bugfix release.

  • Added new command blackhole_config to display config options on command line.

2.1.7

  • Introduced the ability to use uvloop in place of the default asyncio.event_loop.

2.1.5

The 2.1.5 release is actually a tiny bug fix release that I’m combining with the large 2.1.4 release.

  • Bugfix for socket.SO_REUSEPORT.

  • Squashed bugs related to socket.socket failing in child processes. These squashed bugs fix IPv6 which had a tendency of not working as expected.

  • Added communication between supervisor and children, allow children to be restarted if they fail to communicate to the supervisor.

  • Added mode= and delay= optionals to the listen and tls_listen directives. Allowing listeners to spawn on specific ports and act in different ways.

    When mode and delay are configured in a listener directive, that listener will ignore the global mode and delay options for that listener. Setting mode and delay on a listener will also disable Dynamic Switches for that listener, automatically.

  • Internal module loading changes

  • Added test utilities to the test suite.

  • The blackhole environment will be reset for each test.

  • Added a lot of testing to supervisor, worker and child functionality.

  • Added a --quiet mode to suppress warnings when using -ls/--less-secure, running as the root user or not using the tls_dhparams option.

  • Added a warning when running the server as the root user without specifying a reduced privilege user and group.

  • Improved shutdown procedure, now does a much better job of disconnecting clients and closing everything before exiting.

  • Added an internal counter of invalid SMTP commands. Mitigate DoS attacks, maximum failed commands per connection is 10. Clients that violate this rule get disconnected.

2.1.3

  • Squashed a bug that caused children to not properly apply their TLS context.

2.1.2

  • Squashed a bug that caused workers to be spawned with their old privileges when combined with the -d or --daemon flags and a reduced privilege user and group.

  • Squashed a bug that caused the pid file to retain old privileges when given a reduced privilege user and group and the -d or --daemon flags.

2.1.1

(This is actually the planned 2.1.0 release, but PyPI refused to let me use that version number)

  • Fix SIZE= being parsed in the MAIL verb.

  • Huge overhaul of testing, finally almost all of blackhole.smtp.Smtpis tested.

  • Added worker processes.

2.0.14

  • SMTP Submission (port 587) is automatically used as a listener alongside port 25.

  • Added SIZE= checks in MAIL FROM command, rather than waiting until DATA.

  • Added EXPN verb. – EXPN

  • Updated many verbs to allow on-the-fly modification of return codes. – Dynamic responses

  • Added a list of Supported commands/verbs & parameters

2.0.13

  • Fixed a misspelled TLS cipher. CDHE-ECDSA-AES128-GCM-SHA256 should have been written as ECDHE-ECDSA-AES128-GCM-SHA256. This typo simply meant that cipher was unavailable for use, the other nine strong ciphers were/are still fully available.

  • Configuration options document compiled.

  • In-line comments in configuration files are now supported and the comment is ignored.

listen = :25, :::25  # IPv4 and IPv6

Will be read as.

listen = :25, :::25
  • Large scale documentation updates. Pretty much everything should be fully documented now, including all SystemExit calls including their return codes.

  • Added an option to disable ssl.OP_SINGLE_DH_USE and ssl.OP_SINGLE_ECDH_USE. Reduces CPU overhead at the expense of security. Disabled by default, warns if used. Slightly better for high load environments. – Command line options

2.0.12

  • Fixed a TLS cipher listing issue.

2.0.11

  • Fixed bug with TLS context not being passed to the socket listener.

2.0.10

  • Added error catching to socket.SO_REUSEPORT – on some systems this is available while still triggering a Protocol Error and causing blackhole to crash. The error catching will attempt to set this option if it’s available but silently ignore it if it errors.

2.0.9

2.0.8

  • Added IPv6 support.

2.0.7

  • Added email headers to SIZE checks. Resolves a potential DoS risk.

2.0.6

  • Enable or disable dynamic switches in configuration.

2.0.5

  • Fixed a bug with dynamic switches not being processed.

2.0.4

  • Dynamic Switches.

  • Re-added the ability to configure max message size. Displays in EHLO and enforced in DATA command. Default is 512000 bytes (512 KB).

  • Added tls_dhparams options for loading Diffie Hellman ephemeral parameters.

  • Added SMTP AUTH mechanisms. Currently PLAIN, LOGIN and CRAM-MD5 are supported.

  • Added pidfile and related self tests to config_test command.

2.0.3

No changes in particular except documentation changes. Tag was created specifically for release to PyPI.

2.0.2

  • Added HELP verb that lists all available SMTP verbs. Sending HELP <COMMAND> will return the syntax for the specified command.

C: HELP
S: 250 Supported commands: DATA EHLO ETRN HELO...
C: HELP HELO
S: 250 Syntax: HELO domain.tld
C: HELP INVALID
S: 501 Supported commands: DATA EHLO ETRN HELO...
  • TLS settings changed based on format taken from https://docs.python.org/3/library/ssl.html#ssl-security.

  • TLS ‘modern’ ciphers enforced, ciphers taken from https://wiki.mozilla.org/Security/Server_Side_TLS.

    0xC0,0x2C  -  ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2  Kx=ECDH  Au=ECDSA  Enc=AESGCM(256)    Mac=AEAD
    0xC0,0x30  -  ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2  Kx=ECDH  Au=RSA    Enc=AESGCM(256)    Mac=AEAD
    0xCC,0x14  -  ECDHE-ECDSA-CHACHA20-POLY1305  TLSv1.2  Kx=ECDH  Au=ECDSA  Enc=ChaCha20(256)  Mac=AEAD
    0xCC,0x13  -  ECDHE-RSA-CHACHA20-POLY1305    TLSv1.2  Kx=ECDH  Au=RSA    Enc=ChaCha20(256)  Mac=AEAD
    0xC0,0x2B  -  ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2  Kx=ECDH  Au=ECDSA  Enc=AESGCM(128)    Mac=AEAD
    0xC0,0x2F  -  ECDHE-RSA-AES128-GCM-SHA256    TLSv1.2  Kx=ECDH  Au=RSA    Enc=AESGCM(128)    Mac=AEAD
    0xC0,0x24  -  ECDHE-ECDSA-AES256-SHA384      TLSv1.2  Kx=ECDH  Au=ECDSA  Enc=AES(256)       Mac=SHA384
    0xC0,0x28  -  ECDHE-RSA-AES256-SHA384        TLSv1.2  Kx=ECDH  Au=RSA    Enc=AES(256)       Mac=SHA384
    0xC0,0x23  -  ECDHE-ECDSA-AES128-SHA256      TLSv1.2  Kx=ECDH  Au=ECDSA  Enc=AES(128)       Mac=SHA256
    0xC0,0x27  -  ECDHE-RSA-AES128-SHA256        TLSv1.2  Kx=ECDH  Au=RSA    Enc=AES(128)       Mac=SHA256
    

2.0.1

  • Now requires Python 3.5 or above.

  • Total refactoring. Now build on top of asynciousing async defand awaitstatements.

  • Removed config options from command line args. Now only available in config file.

  • Removed ‘offline’ and ‘unavailable’ modes.

  • Refactored init.d/debian-ubuntu/blackhole, added configtest target.

  • Removed reliance on all third party libraries.

  • Removed deiman third party library and built it in.

  • Debug flag no longer gives a warning.

  • Delay flag is no longer a blocking method, now non-blocking and asynchronous.

  • STARTTLS has been disabled, it’s not available with asyncio. - https://bugs.python.org/review/23749/

  • A lot of status codes have been removed.