Tags: rfesi/maddy
Tags
maddy 0.4.2
== Fixes
* check/milter: Add missing handler for milter.ActTempFail ('t')
* msgpipeline: Fix log messages missing for sub-pipelines
* msgpipeline: Fix effective_rcpt in log messages being wrong when sub-pipelines do rewriting
* endpoint/smtp: Fix handling of empty messages in auto-buffer code
* endpoint/smtp: Auto-create directory for "fs" buffer mode
maddy 0.4.1 == Fixes * check/rspamd: Fix sending of message header leading to incorrect results. * check/milter, auth/plain_separate are now actually usable. * address: Fix some addresses being incorrectly considered to be invalid (foxcpp#275)
maddy 0.4.0 == GPLv3 After short discussion and collecting necessary agreements, decision was made to change Maddy Mail Server source code license to GNU Public License Version 3. See GH#253 for details. == Deprecated functionality, breaking changes for 0.5 Work is being done to stabilize maddy interfaces including configuration format and all data structures. Therefore, since 0.4, development strictly follows Semantic Versioning 2, in particular - all breaking changes are announced in advance as "deprecated" before actual change happens. Therefore, this version does not include any breaking changes but 0.5 will. * A lot of modules have been renamed to match "namespaced" modules proposal. Warning with correct names will be printed on start with config using old names. * STARTTLS Everywhere list support is deprecated and is replaced with no-op stub. * TLS certificate loading has been moved to use modules framework. "tls CERT KEY" will need to be changed to "tls file CERT KEY". == New features * Expose performance and usage statistics in OpenMetrics (Prometheus) format. See openmetrics.md. * Allow external commands to be used for overwriting IMAP folder and flags on delivery. See GH#202 and maddy-imap(5) for details. * Directly integrate with rspamd using its HTTP protocol instead of shell script + rspamc. * Reuse SMTP connections to MXs to avoid unnecessary handshake overhead when sending a lot of messages to a single domain. (experimental) * Implement server-side SNI support - multiple certificate-key pairs can be specified with "file" loader. == Enhancements * Implement SMTP REQUIRETLS extension * imapsql: Implement SORT and THREAD=ORDEREDSUBJECT extensions (experimental) * endpoint/imap: Implement NAMESPACE extension * imapsql: Fix flags-only search returning duplicate IDs (GH#251) * msgpipeline: Permit duplicate destination/source rules * table: Allow using regexp table without replacement specified * build.sh: Add ability to set build tags * build.sh: Add sudo checks (thanks @hugmouse!) * check/spf: Make sure error value from library is always reported in logs * config/tls: Remove unnecesary GODEBUG setting code == Bug fixes * imapsql: Improve meta-data loading perfomance for Thunderbird by properly caching X-Priority field * Fix SPF policy parser bug resulting in false permerror on some ip6 rules (foxcpp#254) * storage/imapsql: Fix incorrect module name in log messages related to delivery errors == Documentation * Add page on Mailman 3 integration * Add page on rspamd integration * Split maddy(1) and maddy(5) * Improve setting-up.md (thanks @schrodinger) * Remove fail2ban from initial configuration * Clarify configuration for multiple domains
maddy 0.3.3
== Bug fixes
* Fix CRLF mangled into LF by net/textproto and incorrect RFC822.SIZE reported
by go-imap-sql as a result of that.
(18657de)
* Fix maddyctl imap-msgs list showing only the last message by default
(b2b38bf)
* Fix attachments reported as 0 bytes
(fb2b3a5)
* Fix messages listed twice by RainLoop
(abba516)
* Fix maddyctl creds set-password being no-op
(78f7713)
* Mangle CRLF in Diagnostic-Code DSN field
(18657de, see GH#245)
* Add missing msg_id field for 'RCPT error' message
(20fe5ad)
* Fix SMTP enhanced code included in extra lines of multi-line SMTP status
(18657de)
== Misc
* Hide "operation was canceled" errors for async rDNS lookup
(fcebfa2)
maddy 0.3.2 == SECURITY ISSUES * Update golang.org/x/text to v0.3.3 (fixes potential DoS) See CVE-2020-14040 and https://go-review.googlesource.com/c/text/+/238238 for details. == Bug fixes For imapsql IMAP backend: * Fix handling of * seqset * Add missing counters update for EXPUNGE Thanks @yesnomaybeyes for helping in issue investigation. * Do not assume clients specify date in APPEND command * Fix creating index on MySQL (foxcpp/go-imap-sql#31) Thanks @wjywbs. == Documentation changes * Extend copyright notice to include contributors * Fix formatting and fix possibly confusing MTA-STS example * Fix wrong name of 'targets' directive for smtp_downstream == Misc * build.sh: Do not switch to X.Y-fixes branch if version is manually selected * dist: Add missing [Install] section to systemd units
maddy 0.3.1 == Bug fixes * limits: Fix "rate" directive parser handling for 2 arguments * endpoint/smtp: Fix panic if connection is closed in the middle of receiving body * endpoint/smtp: Fix limit leak in case of aborted transaction == Documentation improvements * Change github to github.com in 0.3 migration guide (foxcpp#237) * Mention per-source domain limiting option == Misc * build.sh: Switch to X.Y-fixes branch if it exists
maddy 0.3.0 **Stability:** This version is believed to be stable enough for use in use non-critical deployments. == Breaking changes * Minimal supported Go version is increased to Go 1.14 maddy keeps tracking latest Go version to benefit from language and library improvements. build.sh script will automatically download a newer toolchain version if system installed version is too old. * Fully separate authentication from IMAP access Now there is no uniform database that is used both for IMAP index and authenticaiton. This allows completely independent implementation and leveraging of maddy modular framework for more flexible authentication documentation. This is a breaking change that also affects how password hashes are calculated and requires destructive changes to databases created in 0.2 order to use with 0.3. A migration utility is created to assist with that. See Upgrading page in documentation for detailed instructions. == New features * Preliminary milter client implementation This release introduces limited implementation of milter client protocol. Due to a number of differences between how maddy handles internal filtering and protocol model "milters" currently cannot make most modifications to the message content and is limited to prepending headers and quarantining or rejecting message. * source_in, destination_in directives for message pipeline Directives `source_in` and `destination_in` allow matching of message senders or recipients against lists sources from table modules (files, SQL queries, etc). See maddy-smtp(5) for details. * Dovecot authentication client support maddy now implements client side of Dovecot authentication protocol allowing it to be used with Dovecot as an IMAP server instead of builtin server. * Dovecot-compatible sasld endpoint Additional, maddy also implements Dovecot-compatible sasld endpoint that allows it to be used as a source for authentication data for other servers that support Dovecot authentication protocol (e.g. SMTP servers like Postfix). * lmtp_downstream delivery target maddy now has full implementation of LMTP client allowing messages to be forwarded to other software that speaks LMTP protocol. * endpoint/smtp: Allow to choose the IP to use for outbound smtp. * modify/dkim: Allow to sign emails from subdomains using a top domain key == Improvements * cmd/maddyctl: Create a set of typical mailboxes on IMAP account creation * endpoint/smtp: Send 535 on permanent authentication failure * target: Make Received generation more robust in case of missing data * config: Support scheme:IP:PORT syntax for endpoint declaration == Bug fixes * storage/imapsql: Fix SPECIAL-USE support being accidentally disabled * Fix and improve -v flag description * endpoint/smtp: Fix missing server hostname in Received header * target/remote: Do not fail delivery with null return path == Documentation improvements * Fix a number of links in documentation * Add page about IMAP-only configuration * Mention disabled HZGB2312 support * Add smtp-only.md page * Add imap-only.md page * Add FAQ page * Add upgrading instructions page
maddy 0.2.1 **Stability:** This version is believed to be stable enough for use in use non-critical deployments. == SECURITY ISSUES * Fixed out-of-memory crash triggered by buggy encoding implementation (8edcd91) (see GHSA-8jp9-qm2r-p877) == Bug fixes * dist: Remove unnessecary log prefix matching for fail2ban filter (979effb) Thanks @bn4t! * check/dkim: Fix a couple of issues in error handling (076fc0d) DKIM signatures with missing required fields were still considered passing for purposes of action selection. dkim.IsPermFail/dkim.IsTempFail calls were checking the wrong error object. * storage/imapsql: Fix Close deadlock in case of EnableUpdatePipe fail (96a3b96) * Fix inconsistency in SASLAuth logger name for endpoints (6b87eb9) (foxcpp#221) * log: Strip extra newline from Logger.Write output (ebccff0) == Documentation improvements * Add missing packages for compilation and fail2ban setup (cfe3436) Thanks @bn4t! * Fix small typo (b96acd5) Thanks @bn4t! * Clarify SECURITY.md (244b030) * Update outdated tutorials (b472734)
maddy 0.2.0
**Stability:** This version is believed to be stable enough for use in use
non-critical deployments. Database structure for `sql` (imapsql) module is
compatible with 0.1. Configuration requires some changes.
== Incompatible changes & migration notes
- `alias_file` is replaced with generic `rewrite_rcpt` module that can use any "table"-like structure for lookups.
**Migration**: Replace `alias_file /etc/maddy/aliases` with `alias file_table /etc/maddy/aliases`.
If multiple
- `rewrite_rcpt` now relies on tables to handle regexp and static replacements.
**Migration**: Replace `replace_rcpt postmaster postmaster@$(primary_domain)`
with `replace_rcpt static { entry postmaster postmaster@$(primary_domain)`.
Replace `replace_rcpt "(.+)\+(.+)@(.+)" "$1@$3"` with
`replace_rcpt regexp "(.+)\+(.+)@(.+)" "$1@$3"`.
- Module `sql` is renamed to `imapsql`. Change its name in the
configuration block definition for `local_mailboxes`/`local_authdb`.
- Configuration parser now requires a new line after `}` closing the block.
== New features
- Authentication code is refined and generalized. It permits the implementation
of additional more complex SASL mechanisms such as TLS client certificate
authentication and OAuth2 support. These are not implemented in 0.2 though.
What is currently accessible is the ability to use multiple password-based
authentication providers to allow user login based on any match from any
credentials store configured.
- Generic Postfix-like string lookup abstraction is introduced. Alias rewriting
is updated to use. Additionally, it is possible to use it for password-based
authentication now. Currently implemented "tables" are: `identity` (returns
the lookup key), `dummy` (empty table), `sql_table` (returns the result of
a SQL query), `static` (hardcoded mapping), `regexp` (Regular
Expression-based rewrite of lookup key).
- `sign_dkim` module now supports multiple domains in a single configuration,
avoiding the need for complex dispatching.
- `maddy -v` output now includes compile-time defaults for `state_dir`,
`runtime_dir` and configuration path.
- `build.sh` script can now customize default values for `state_dir` and
`runtime_dir`.
== Bug fixes
* Fix race in `file_table` reload test (a91d8c2)
* Fix misuse of TriesCount in queue (ceda725)
* Fix queue retry delay calculation (4b3e7ce)
=== maddy 0.1.1
This release includes no server code changes.
=== Change log
Documentation
Mention prebuilt binaries in the setup tutorial
Be more specific about build.sh dependencies
Remove "in early development" disclaimers
Several minor edits (8f1d572)
Build script (build.sh)
Use absolute path to the Go toolchain in PATH
Check GOMOD value correctly
Remove wget dependency
PreviousNext