On Wed, 2020-02-12 at 11:53 -0600, Tom Browder wrote: > I started looking in to use of OpenSMPTD for a mail server and have > installed it from Debian packages. > > In the process of reading a blog article by the current developer I > discovered the upstream is now at version 6.6.2p1+ after some serious > security issues were discovered by SSL Labs (Qualys). Note that > Debian > 10 is only at version 6.0.3p1!
Are the security issues you are worried about not already fixed in Debian's package? To check, you can look at the changelog for the security update released two weeks ago... https://metadata.ftp-master.debian.org/changelogs//main/o/opensmtpd/opensmtpd_6.0.3p1-5+deb10u3_changelog If you really want a newer version, buster-backports contains 6.6.2p1 but note that backports don't get official security support. -- Tixy
