Tags: foxcpp/maddy
Tags
maddy 0.8.0 maddy now requires Go 1.23 toolchain to build. "go" command in Go 1.21+ will automatically download newer toolchain if necessary. Obsolete SASL LOGIN mechanism is no longer enabled by default. To re-enable its support, use `sasl_login` directive in endpoint configuration. If STARTTLS support is requested for connection in `target.smtp` and the target server does not support STARTTLS message will not be sent over plaintext connection. `require_tls` directive is deprecated and will be removed in a future release. `attempt_starttls` directive is deprecated and is equivalent to the newly added `starttls` directive. If STARTTLS command is rejected by the remote server or connection error happens before STARTTLS completes (that is, no TLS handshake takes place) then unauthenticated TLS or plaintext fallback is no longer attempted. > Thanks @drdaeman for the work! maddy now supports HAProxy PROXY protocol for IMAP and SMTP endpoints via `proxy_protocol` directive. Both v1 (text) and v2 (binary) versions are supported. There is also additional support for second TLS layer between proxy and maddy that can be configured using proxy_protocol.tls directive. Built-in ACME client can be configured to set DNS-01 challenge records using RFC 2136 protocol. Support is not compiled-in by default and should be enabled using libdns_rfc2136 build tag. Built-in ACME client can not be configured to delegate DNS-01 challenge to the https://github.com/joohoi/acme-dns server. Support should be enabled via libdns_acmedns build tag. * check.milter can now connect to milters using Unix sockets (PR #622) (Thanks @mmatous!). * libdns/gandi: Upgraded to the latest version of gandi libdns, which fixes an issue where new records could not be created (PR #673). * Add missing global tls_client directive (Issue #674). * target/remote: Improve handling of stale connections in pool to prevent resource leaks (Issue #675). * modify/replace_sender: Support replacing empty MAIL FROM addresses. * target/queue: Fix infinite retries after reducing max_tries (Issue #678). * imapsql: Fix cross compilation error (Issue #681). * imapsql: Make modernc.org SQLite driver usable (Issue #723). * config/tls: Disable TLS session tickets (Issue #730). * dmarc: Add support for sending from TLD domains (Issue #736). * tls/acme: Actually use test_ca * build: make "build.sh install" reusable (Thanks @oidq!). * docker: Allow to specify additional build tags via Docker build argument. * endpoint/smtp: Recipients limit is now advertised via LIMITS SMTP extension
maddy 0.7.1 - cfgparser: Do not interpet absolute paths relatively to the config dir (#592). - target/remote: Fix isVerifyError not working correctly on Go 1.20 (#612). - smtpconn/pool: Fix idle connections almost never cleaned up (#596). - target/remote: Fix wrong DNS query type in DANE lookups for IPv6-only hosts (#631). - go-smtp: Mitigate SMTP smuggling issue (#661). - endpoint/smtp: Detect cancelled rDNS lookup correctly (#626). - check/spf: Handle empty MAIL FROM in accordance with RFC 7208. == Misc - storage/imapsql: Add support for transpiled SQLite driver == Tests - Fix cover_test.go deadlock on Go 1.20. == Distribution & packaging - build.sh: Allow to run ./build.sh install without go command available (#569). - dist/systemd: Ease umask restrictions, making files RW for maddy group (#569). - dist/systemd: Depend on network-online.target (#617). == Documentation - Improve Markdown formatting and grammar (#600, #614, #662). - Fix a bunch of links being broken (#601, #602, #667). - email_with_domains -> email_with_domain (#609, #613). - Fix wrong SPF record suggestion (#640). - Fix number of sigs for modifiers.dkim sign_fields (#643). - Explicitly mention that referencing config block from global directive won't work.
maddy 0.7.0 == New features * Add NetAuth authentication integration. NetAuth is a network identity and authentication provider meant to be used as a LDAP replacement. See https://www.netauth.org/about/ for details. * Implement auth_map and storage_map at endpoint level. This makes auth_map do what its name implies. Old auth_map in storage module is deprecated and will be removed in the next release. Now more options are supported for multiplie domain configurations. See https://maddy.email/multiple-domains/ for details. * table: Implement email_with_domains and email_localpart_optional module Meant to be used with authentication and authorization configuration to ensure correct(tm) email address parsing and formatting. * Add IAM, AWS config, Minio config file credentials options for S3 storage. * tls/acme: Add support for delegating DNS-01 challenge to a different domain (#588) == Fixes * Remove references to man.5 from build.sh. * Make graceful shutdown work correctly with OpenMetrics endpoint. * auth/ldap: Fix "bind unauth" config directive parsing. * auth/ldap: Send empty username by default when doing unauthenticated bind. * auth/ldap: Fix connection pool leak (#546). * auth/ldap: Fix STARTTLS support (PR #580). * endpoint/smtp: Fix connection limit leak when FROM:<> is used (PR #561). * Improve domain validation function (#554). * Use dev versions of libdns modules (#461). * storage/imapsql: Fix messages without \Recent flag not being displayed (#549). * storage/imapsql: Increase open mailbox limit to 100k. == Documentation * Fix a lot of typos. * Add description of dkim key algorithym ed25519. * Improve documentation of how delivery_map is supposed to be used for custom authentication support. * Replace `maddyctl` with maddy. * Improve authorize_sender documentation
maddy 0.6.3 == Bugfixes * [security] Fix authentication bypass if SASL authorization username is used (GHSA-4g76-w3xw-2x6w, CVE-2023-27582).
maddy 0.6.2 == Bugfixes * Fix empty IMAP folders being shown sometimes (#512) * Fix maddyctl imap-msgs lists crash (#509) * Fix maddyctl imap-msgs remove being no-op (#510) * pass_table: fix user hash creation (#507) == Docs * Update Arch repository and Docker instructions links == Misc * cli: Warn about upcoming --uid=true change
maddy 0.6.1 == Bugfixes * Fixed missing IMAP IDLE capability, again... (#504) * Fixed broken storage.imapsql schema upgrade == Broken storage.imapsql schema upgrade If you happen to run 0.6.0 and got error about schema being too old, you need to run the following SQL query on your imapsql.db before you will be able to use 0.6.1: > UPDATE schema_version SET version = 6;
maddy 0.6.0 == Breaking changes * check: Remove require_matching_echo (deprecated in 0.5) (#280) * modify/dkim: Remove require_sender_match from code (#465) == New features * maddyctl and maddy executables are merged To start the server: maddy run ... Other maddyctl subcommands are available similiarly: maddy imap-acct, etc * Support 1-N recipient address expansion (#401) For example, when using table.regexp: ``` replace_rcpt regexp "root@(.+)" "admin1@$1" "admin2@$1" ``` Or table.file: ``` [email protected]: [email protected], [email protected] ``` For SQL-based tables, just add multiple rows with the same key (address to be replaced). * Add more placeholders for imap_filter (PR #449) {rcpt_to} (SMTP RCPT TO), {original_rcpt_to} (SMTP RCPT TO before any local rewrites), {subject}. * storage/imapsql: Add support for using PostgreSQL broker for updates It is used automatically, so now it is safe run multiple maddy server instancesusing the same PostgreSQL DB. == Bugfixes * Migrate to go-imap v2 (#188) go-imap v2 is my fork of emersion/go-imap library that makes massive changes to the server code. In particular, it fixes long-standing issue of update handling being non conforming to RFC 3501. * check/spf: Fix "lookup limit reached" for some conforming records (#487) * cmd/maddyctl: Fix --argon2-time setting memory instead of time (PR #502) * check/spf: Ignore SPF permerr and temperr by default (#485) * Move closing the default logger after printing configuration errors * Fix TLS Internal Error caused by SNI-unuware clients when ACME is used (#467) == Documentation changes * docs: Add Docker-specific documentation * docs: Convert manual pages into per-module Markdown pages == Misc * Go 1.17 is required now * Dockerfile: Use TLS filenames same as certbot (#350) * Dockerfile: Put Docker-specific config in the repo * ci: Set OCI labels in built Docker image * ci: Use docker buildx and qemu to build ARM64 images (#404)
maddy 0.5.3 == Bug fixes * Fix errors from LMTP downstream being ignored (#453) * Make it possible to use dovecot_sasl auth with TCP sockets (#450, thanks @jonlundy) * Fix MAIL after STARTTLS causing panic * Fix IMAP IDLE capability missing (#446) == Misc * Add target.remote force_ipv4 option (#442, thanks @delthas)
PreviousNext