maddy 0.5.0

== New features

* Experimental: Built-in ACME client (GH #3)

Currently supports only dns-01 challenge with a limited set of
providers. See documentation for details.

* S3-backed storage for message contents (GH #304)

* Local sender authorization (GH #268)

* LDAP BindDN authentication (GH #273)

* storage/imapsql: Implement auth_map
* storage/imapsql: Implement delivery_map

This functionality allows imapsql storage backend to be correctly
used with non-email-based authentication providers.
In particular, this unbreaks PAM and shadow modules.

* Implement table.chain module

* Implement table.email_localpart as a helper to strip domain from emails

== Improvements

* Implement client timeouts for target.remote and target.smtp
* endpoint/smtp: Add max_header_size

== Fixes

* check/spf: Change default action for softfail to 'ignore'
* endpoint/smtp: Allow to change the line length limit enforced by go-smtp
* table/sql_query: Allow to use numbered parameters in queries
* auth/plain_separate: Make configuration directives actually work
* table/file: Allow table to be created without specifying files in inline args
* config/tls: Fix custom loader configuration reading

== Removed functionality

* check/dns: Mark require_matching_echo as deprecated
* config/tls: Remove deprecated "tls CERT KEY" syntax
* Remove deprecated 0.3 module name aliases

== maddy 0.4.4

> *The* long awaited release!

=== Outbound SMTP

* target/remote: Force MX domain to be FQDN when looking up TLSA records (GH #321)
* Fix two issues in handling of DSN messages in SMTP pipeline and checks (GH #327)
* dns: Attempt to use 127.0.0.1 if no DNS servers are configured in system
* target/queue: Do not attempt to do atomic overwrite for metadata on Windows (GH #334)

=== Inbound SMTP

* endpoint/smtp: Unbreak `MAIL FROM:<>` handling (GH #337)
* endpoint/smtp: Release Msg limiter correctly if pipeline.Start fails (GH #348)

=== Misc

* config/tls: Fix tls_client parsing (Thanks @AluisioASG!)

=== Documentation

* docs: Replace foxcpp.dev/maddy with maddy.email
* docs: Remove reference to local_modifiers from multiple-domains.md
* docs: fixed small error (Thanks @0xflotus!)
* Fix a typo in maddy-smtp man doc (Thanks @Defman21!)

=== Docker

This release changes how Docker image is built reverting default directories
behavior to what 0.4.2 did but implemented in a different way so we have
the best of both worlds.

Docker users no longer have to specify config path while using maddyctl.

=== build.sh

* Allow setting build tags
* Do not try to install man pages if they were not built

=== 3rd party libraries

* go-smtp now uses Postfix success responses
* go-msgauth/dkim now supports both RSA public key formats
  (see https://github.com/emersion/go-msgauth/issues/43)

maddy 0.4.3

=== SMTP server

- Auto-buffer code no longer truncates large messages;
- DANE implementation has been rewritten from scratch to fix many issues;
  Thanks @vdukhovni!
- Domains in envelope addresses and EHLO are now always treated as FQDN to
  avoid quirks when system has search domains configured;
- target.lmtp no longer attempts to use STARTTLS by default;
- allow_body_subset directive has been removed from check.dkim code since it is
  no longer supported upstream;
- A bug has been fixed in the DKIM canonicalization code that caused some
  messages to be signed or verified incorrectly (go-msgauth issue);
- Fix target.lmtp actually acting as target.smtp when defined in a top-level
  config; Thanks @reivilibre!

=== IMAP server

- HZ-GB-2312 encoding collation support is reenabled. Upstream security issue
  has been fixed;

=== build.sh

build.sh script has been replaced with a much more simple implementation
that works with any POSIX shell and is more portable in general.

Thanks @Binklebonk, @hugmouse and @herbygillot for helping testing it on
non-Linux platforms.

=== Misc

- All uses of deprecated 0.3 module names have been replaced with up-to-date
  names;

=== Documentation

- Dovecot integration tutorial has been updated to avoid circular dependency in
  startup; Thanks @reivilibre!
- All uses of deprecated 0.3 module names have been replaced with up-to-date
  names; Thanks @reivilibre for spotting some of them!

maddy 0.4.2

== Fixes

* check/milter: Add missing handler for milter.ActTempFail ('t')
* msgpipeline: Fix log messages missing for sub-pipelines
* msgpipeline: Fix effective_rcpt in log messages being wrong when sub-pipelines do rewriting
* endpoint/smtp: Fix handling of empty messages in auto-buffer code
* endpoint/smtp: Auto-create directory for "fs" buffer mode

maddy 0.4.1

== Fixes

* check/rspamd: Fix sending of message header leading to incorrect results.

* check/milter, auth/plain_separate are now actually usable.

* address: Fix some addresses being incorrectly considered to be invalid (#275)

maddy 0.4.0

== GPLv3

After short discussion and collecting necessary agreements, decision was
made to change Maddy Mail Server source code license to GNU Public
License Version 3.

See GH#253 for details.

== Deprecated functionality, breaking changes for 0.5

Work is being done to stabilize maddy interfaces including configuration
format and all data structures. Therefore, since 0.4, development
strictly follows Semantic Versioning 2, in particular - all breaking
changes are announced in advance as "deprecated" before actual change
happens. Therefore, this version does not include any breaking changes
but 0.5 will.

* A lot of modules have been renamed to match "namespaced" modules
  proposal. Warning with correct names will be printed on start
  with config using old names.

* STARTTLS Everywhere list support is deprecated and is replaced with
  no-op stub.

* TLS certificate loading has been moved to use modules framework.
  "tls CERT KEY" will need to be changed to "tls file CERT KEY".

== New features

* Expose performance and usage statistics in OpenMetrics
  (Prometheus) format. See openmetrics.md.

* Allow external commands to be used for overwriting IMAP folder and
  flags on delivery. See GH#202 and maddy-imap(5) for details.

* Directly integrate with rspamd using its HTTP protocol
  instead of shell script + rspamc.

* Reuse SMTP connections to MXs to avoid unnecessary handshake overhead
  when sending a lot of messages to a single domain.
   (experimental)

* Implement server-side SNI support - multiple certificate-key pairs can
  be specified with "file" loader.

== Enhancements

* Implement SMTP REQUIRETLS extension

* imapsql: Implement SORT and THREAD=ORDEREDSUBJECT extensions
  (experimental)

* endpoint/imap: Implement NAMESPACE extension

* imapsql: Fix flags-only search returning duplicate IDs (GH#251)

* msgpipeline: Permit duplicate destination/source rules

* table: Allow using regexp table without replacement specified

* build.sh: Add ability to set build tags

* build.sh: Add sudo checks (thanks @hugmouse!)

* check/spf: Make sure error value from library is always reported in logs

* config/tls: Remove unnecesary GODEBUG setting code

== Bug fixes

* imapsql: Improve meta-data loading perfomance for Thunderbird by properly
  caching X-Priority field

* Fix SPF policy parser bug resulting in false permerror on some ip6 rules (#254)

* storage/imapsql: Fix incorrect module name in log messages related to delivery errors

== Documentation

* Add page on Mailman 3 integration

* Add page on rspamd integration

* Split maddy(1) and maddy(5)

* Improve setting-up.md (thanks @schrodinger)

* Remove fail2ban from initial configuration

* Clarify configuration for multiple domains

maddy 0.3.3

== Bug fixes

* Fix CRLF mangled into LF by net/textproto and incorrect RFC822.SIZE reported
  by go-imap-sql as a result of that.
    (18657def692614a487c56eb5d387c73a568a4b88)

* Fix maddyctl imap-msgs list showing only the last message by default
    (b2b38bffa7e5c411740b3bf1d61f7a9f87c6503e)

* Fix attachments reported as 0 bytes
    (fb2b3a56bc8db0580aafadf0c15e19f69174f582)

* Fix messages listed twice by RainLoop
    (abba51612d36a0ea0e7640b4d0b71ffcec2dd846)

* Fix maddyctl creds set-password being no-op
    (78f77136e24e916f49f1e9d5407f18a3630efe8f)

* Mangle CRLF in Diagnostic-Code DSN field
    (18657def692614a487c56eb5d387c73a568a4b88, see GH#245)

* Add missing msg_id field for 'RCPT error' message
    (20fe5ad376614fbb802a84d23f85da42486e05fe)

* Fix SMTP enhanced code included in extra lines of multi-line SMTP status
    (18657def692614a487c56eb5d387c73a568a4b88)

== Misc

* Hide "operation was canceled" errors for async rDNS lookup
    (fcebfa2d3adf02392598fc20b38354dfd9f7f17a)

maddy 0.3.2

== SECURITY ISSUES

* Update golang.org/x/text to v0.3.3 (fixes potential DoS)

See CVE-2020-14040 and https://go-review.googlesource.com/c/text/+/238238
for details.

== Bug fixes

For imapsql IMAP backend:
* Fix handling of * seqset
* Add missing counters update for EXPUNGE
  Thanks @yesnomaybeyes for helping in issue investigation.
* Do not assume clients specify date in APPEND command
* Fix creating index on MySQL (https://github.com/foxcpp/go-imap-sql/pull/31)
  Thanks @wjywbs.

== Documentation changes

* Extend copyright notice to include contributors
* Fix formatting and fix possibly confusing MTA-STS example
* Fix wrong name of 'targets' directive for smtp_downstream

== Misc

* build.sh: Do not switch to X.Y-fixes branch if version is manually selected
* dist: Add missing [Install] section to systemd units

maddy 0.3.1

== Bug fixes

* limits: Fix "rate" directive parser handling for 2 arguments
* endpoint/smtp: Fix panic if connection is closed in the middle of receiving body
* endpoint/smtp: Fix limit leak in case of aborted transaction

== Documentation improvements

* Change github to github.com in 0.3 migration guide (#237)
* Mention per-source domain limiting option

== Misc

* build.sh: Switch to X.Y-fixes branch if it exists

maddy 0.3.0

**Stability:** This version is believed to be stable enough for use in use
non-critical deployments.

== Breaking changes

* Minimal supported Go version is increased to Go 1.14

maddy keeps tracking latest Go version to benefit from language and
library improvements.

build.sh script will automatically download a newer toolchain version
if system installed version is too old.

* Fully separate authentication from IMAP access

Now there is no uniform database that is used both for IMAP index and
authenticaiton. This allows completely independent implementation and
leveraging of maddy modular framework for more flexible authentication
documentation.

This is a breaking change that also affects how password hashes are
calculated and requires destructive changes to databases created in
0.2 order to use with 0.3. A migration utility is created to assist
with that. See Upgrading page in documentation for detailed instructions.

== New features

* Preliminary milter client implementation

This release introduces limited implementation of milter client protocol. Due
to a number of differences between how maddy handles internal filtering and
protocol model "milters" currently cannot make most modifications to the
message content and is limited to prepending headers and quarantining or
rejecting message.

* source_in, destination_in directives for message pipeline

Directives `source_in` and `destination_in` allow matching of message senders
or recipients against lists sources from table modules (files, SQL queries,
etc). See maddy-smtp(5) for details.

* Dovecot authentication client support

maddy now implements client side of Dovecot authentication protocol allowing it
to be used with Dovecot as an IMAP server instead of builtin server.

* Dovecot-compatible sasld endpoint

Additional, maddy also implements Dovecot-compatible sasld endpoint
that allows it to be used as a source for authentication data for other
servers that support Dovecot authentication protocol (e.g. SMTP servers like
Postfix).

* lmtp_downstream delivery target

maddy now has full implementation of LMTP client allowing messages to be
forwarded to other software that speaks LMTP protocol.

* endpoint/smtp: Allow to choose the IP to use for outbound smtp.

* modify/dkim: Allow to sign emails from subdomains using a top domain key

== Improvements

* cmd/maddyctl: Create a set of typical mailboxes on IMAP account creation
* endpoint/smtp: Send 535 on permanent authentication failure
* target: Make Received generation more robust in case of missing data
* config: Support scheme:IP:PORT syntax for endpoint declaration

== Bug fixes

* storage/imapsql: Fix SPECIAL-USE support being accidentally disabled
* Fix and improve -v flag description
* endpoint/smtp: Fix missing server hostname in Received header
* target/remote: Do not fail delivery with null return path

== Documentation improvements

* Fix a number of links in documentation
* Add page about IMAP-only configuration
* Mention disabled HZGB2312 support
* Add smtp-only.md page
* Add imap-only.md page
* Add FAQ page
* Add upgrading instructions page

maddy 0.2.1

**Stability:** This version is believed to be stable enough for use in use
non-critical deployments.

== SECURITY ISSUES

* Fixed out-of-memory crash triggered by buggy encoding implementation
  (8edcd9183df6ca53e2872367632b18b1cc0461ab) (see GHSA-8jp9-qm2r-p877)

== Bug fixes

* dist: Remove unnessecary log prefix matching for fail2ban filter (979effb4597e229837b4c155d736aa11d30acc50)
  Thanks @bn4t!

* check/dkim: Fix a couple of issues in error handling (076fc0d508f3116c1fc54b886ac62e1d3ae24e34)

  DKIM signatures with missing required fields were still considered
  passing for purposes of action selection.

  dkim.IsPermFail/dkim.IsTempFail calls were checking the wrong error
  object.

* storage/imapsql: Fix Close deadlock in case of EnableUpdatePipe fail (96a3b964485e17cb4d97481660b42557fafd5c58)

* Fix inconsistency in SASLAuth logger name for endpoints (6b87eb98eb0451a84c8b91dd1dce461bedd59d47)
  (#221)

* log: Strip extra newline from Logger.Write output (ebccff03ae11ed00bc30cb266df0a55d12941923)

== Documentation improvements

* Add missing packages for compilation and fail2ban setup (cfe34368f7181b41d6560812f9fcb83cf8d85b3f)
  Thanks @bn4t!

* Fix small typo (b96acd5259fa8d30989000bc2a1bfa8c089c158c)
  Thanks @bn4t!

* Clarify SECURITY.md (244b03005124ebb131ed1ae8621f598a8ddff285)

* Update outdated tutorials (b472734713f039300de56867aada6c4e1319b2ac)

maddy 0.2.0

**Stability:** This version is believed to be stable enough for use in use
non-critical deployments. Database structure for `sql` (imapsql) module is
compatible with 0.1. Configuration requires some changes.

== Incompatible changes & migration notes

- `alias_file` is replaced with generic `rewrite_rcpt` module that can use any "table"-like structure for lookups.
   **Migration**: Replace `alias_file /etc/maddy/aliases` with `alias file_table /etc/maddy/aliases`.
  If multiple

- `rewrite_rcpt` now relies on tables to handle regexp and static replacements.
  **Migration**: Replace `replace_rcpt postmaster postmaster@$(primary_domain)`
  with `replace_rcpt static { entry postmaster postmaster@$(primary_domain)`.
  Replace `replace_rcpt "(.+)\+(.+)@(.+)" "$1@$3"` with
  `replace_rcpt regexp "(.+)\+(.+)@(.+)" "$1@$3"`.

- Module `sql` is renamed to `imapsql`. Change its name in the
  configuration block definition for `local_mailboxes`/`local_authdb`.

- Configuration parser now requires a new line after `}` closing the block.

== New features

- Authentication code is refined and generalized. It permits the implementation
  of additional more complex SASL mechanisms such as TLS client certificate
  authentication and OAuth2 support. These are not implemented in 0.2 though.
  What is currently accessible is the ability to use multiple password-based
  authentication providers to allow user login based on any match from any
  credentials store configured.

- Generic Postfix-like string lookup abstraction is introduced. Alias rewriting
  is updated to use. Additionally, it is possible to use it for password-based
  authentication now. Currently implemented "tables" are: `identity` (returns
  the lookup key), `dummy` (empty table), `sql_table` (returns the result of
  a SQL query), `static` (hardcoded mapping), `regexp` (Regular
  Expression-based rewrite of lookup key).

- `sign_dkim` module now supports multiple domains in a single configuration,
  avoiding the need for complex dispatching.

- `maddy -v` output now includes compile-time defaults for `state_dir`,
  `runtime_dir` and configuration path.

- `build.sh` script can now customize default values for `state_dir` and
  `runtime_dir`.

== Bug fixes

* Fix race in `file_table` reload test (a91d8c2)
* Fix misuse of TriesCount in queue (ceda725)
* Fix queue retry delay calculation (4b3e7ce)

=== maddy 0.1.1

This release includes no server code changes.

=== Change log

Documentation

    Mention prebuilt binaries in the setup tutorial
    Be more specific about build.sh dependencies
    Remove "in early development" disclaimers
    Several minor edits (8f1d572)

Build script (build.sh)

    Use absolute path to the Go toolchain in PATH
    Check GOMOD value correctly
    Remove wget dependency

=== maddy 0.1.0

**Stability:** This version is believed to be stable enough for use in
use non-critical deployments. Backward compatibility for database
structures and configuration syntax is not promised but will be
maintained if possible.

=== Implemented features

- IMAP4rev1 (RFC 3501) server implementation with some basic extensions
- SMTP (RFC 5321) server implementation with per-source, per-destination
delivery and filtering support
- Experimental local storage backend & IMAP index based on relational DB
- Sender authentication methods for inbound messages: DKIM, DMARC, SPF
- Remote server authentication methods for outbound messages: MTA-STS,
DANE, DNSSEC-aware resolver, STARTTLS Everywhere rule-set support
- PAM-based user authentication (not used by default)

In the end, it is not very flexible in some corners at the moment but if
you just want a generic mail server set-up, it will not be a big
trouble.

=== Known issues

- IMAP sequence numbers are not properly synchronized, making concurrent
mailbox access potentially unsafe, though the chance of actual data
damage is pretty small. See issue #188 for details.
- Support for IP literals in e-mail addresses is disabled. Attempt to
use them will result in a permanent error.