Port25 just launched PowerMTA v4.0r16.
Below are a few highlights of this build:
- bundles OpenSSL v1.0.1h given the very recent vulnerabilities reported in prior versions of OpenSSL;
- ability to disable certain cryptographic protocols used for STARTTLS on a per domain basis, allowing for both greater control and to workaround compatibility issues between OpenSSL 1.0.1g/h and some email security appliance solutions. The new per domain directives are “smtp-tls-allow-sslv2”, “smtp-tls-allow-sslv3” and “smtp-tls-allow-tlsv1” .
- expanded DKIM signing functionality with a new per domain directive “dkim-disallow-adding-headers”
, to help minimize DKIM replay attacks when additional headers are added after signing.