Skip to content

Tags

Tags give the ability to mark specific points in history as being important
  • v0.5.0
    e4fb72ec · maddy 0.5.0 ·
    maddy 0.5.0
    
    == New features
    
    * Experimental: Built-in ACME client (GH #3)
    
    Currently supports only dns-01 challenge with a limited set of
    providers. See documentation for details.
    
    * S3-backed storage for message contents (GH #304)
    
    * Local sender authorization (GH #268)
    
    * LDAP BindDN authentication (GH #273)
    
    * storage/imapsql: Implement auth_map
    * storage/imapsql: Implement delivery_map
    
    This functionality allows imapsql storage backend to be correctly
    used with non-email-based authentication providers.
    In particular, this unbreaks PAM and shadow modules.
    
    * Implement table.chain module
    
    * Implement table.email_localpart as a helper to strip domain from emails
    
    == Improvements
    
    * Implement client timeouts for target.remote and target.smtp
    * endpoint/smtp: Add max_header_size
    
    == Fixes
    
    * check/spf: Change default action for softfail to 'ignore'
    * endpoint/smtp: Allow to change the line length limit enforced by go-smtp
    * table/sql_query: Allow to use numbered parameters in queries
    * auth/plain_separate: Make configuration directives actually work
    * table/file: Allow table to be created without specifying files in inline args
    * config/tls: Fix custom loader configuration reading
    
    == Removed functionality
    
    * check/dns: Mark require_matching_echo as deprecated
    * config/tls: Remove deprecated "tls CERT KEY" syntax
    * Remove deprecated 0.3 module name aliases
    
  • v0.4.4
    9a6fdbf3 · maddy 0.4.4 ·
    == maddy 0.4.4
    
    > *The* long awaited release!
    
    === Outbound SMTP
    
    * target/remote: Force MX domain to be FQDN when looking up TLSA records (GH #321)
    * Fix two issues in handling of DSN messages in SMTP pipeline and checks (GH #327)
    * dns: Attempt to use 127.0.0.1 if no DNS servers are configured in system
    * target/queue: Do not attempt to do atomic overwrite for metadata on Windows (GH #334)
    
    === Inbound SMTP
    
    * endpoint/smtp: Unbreak `MAIL FROM:<>` handling (GH #337)
    * endpoint/smtp: Release Msg limiter correctly if pipeline.Start fails (GH #348)
    
    === Misc
    
    * config/tls: Fix tls_client parsing (Thanks @AluisioASG!)
    
    === Documentation
    
    * docs: Replace foxcpp.dev/maddy with maddy.email
    * docs: Remove reference to local_modifiers from multiple-domains.md
    * docs: fixed small error (Thanks @0xflotus!)
    * Fix a typo in maddy-smtp man doc (Thanks @Defman21!)
    
    === Docker
    
    This release changes how Docker image is built reverting default directories
    behavior to what 0.4.2 did but implemented in a different way so we have
    the best of both worlds.
    
    Docker users no longer have to specify config path while using maddyctl.
    
    === build.sh
    
    * Allow setting build tags
    * Do not try to install man pages if they were not built
    
    === 3rd party libraries
    
    * go-smtp now uses Postfix success responses
    * go-msgauth/dkim now supports both RSA public key formats
      (see https://github.com/emersion/go-msgauth/issues/43)
    
  • v0.4.3
    cd1d5276 · maddy 0.4.3 ·
    maddy 0.4.3
    
    === SMTP server
    
    - Auto-buffer code no longer truncates large messages;
    - DANE implementation has been rewritten from scratch to fix many issues;
      Thanks @vdukhovni!
    - Domains in envelope addresses and EHLO are now always treated as FQDN to
      avoid quirks when system has search domains configured;
    - target.lmtp no longer attempts to use STARTTLS by default;
    - allow_body_subset directive has been removed from check.dkim code since it is
      no longer supported upstream;
    - A bug has been fixed in the DKIM canonicalization code that caused some
      messages to be signed or verified incorrectly (go-msgauth issue);
    - Fix target.lmtp actually acting as target.smtp when defined in a top-level
      config; Thanks @reivilibre!
    
    === IMAP server
    
    - HZ-GB-2312 encoding collation support is reenabled. Upstream security issue
      has been fixed;
    
    === build.sh
    
    build.sh script has been replaced with a much more simple implementation
    that works with any POSIX shell and is more portable in general.
    
    Thanks @Binklebonk, @hugmouse and @herbygillot for helping testing it on
    non-Linux platforms.
    
    === Misc
    
    - All uses of deprecated 0.3 module names have been replaced with up-to-date
      names;
    
    === Documentation
    
    - Dovecot integration tutorial has been updated to avoid circular dependency in
      startup; Thanks @reivilibre!
    - All uses of deprecated 0.3 module names have been replaced with up-to-date
      names; Thanks @reivilibre for spotting some of them!
    
  • v0.4.2
    maddy 0.4.2
    
    == Fixes
    
    * check/milter: Add missing handler for milter.ActTempFail ('t')
    * msgpipeline: Fix log messages missing for sub-pipelines
    * msgpipeline: Fix effective_rcpt in log messages being wrong when sub-pipelines do rewriting
    * endpoint/smtp: Fix handling of empty messages in auto-buffer code
    * endpoint/smtp: Auto-create directory for "fs" buffer mode
    
  • v0.4.1
    maddy 0.4.1
    
    == Fixes
    
    * check/rspamd: Fix sending of message header leading to incorrect results.
    
    * check/milter, auth/plain_separate are now actually usable.
    
    * address: Fix some addresses being incorrectly considered to be invalid (#275)
    
  • v0.4.0
    maddy 0.4.0
    
    == GPLv3
    
    After short discussion and collecting necessary agreements, decision was
    made to change Maddy Mail Server source code license to GNU Public
    License Version 3.
    
    See GH#253 for details.
    
    == Deprecated functionality, breaking changes for 0.5
    
    Work is being done to stabilize maddy interfaces including configuration
    format and all data structures. Therefore, since 0.4, development
    strictly follows Semantic Versioning 2, in particular - all breaking
    changes are announced in advance as "deprecated" before actual change
    happens. Therefore, this version does not include any breaking changes
    but 0.5 will.
    
    * A lot of modules have been renamed to match "namespaced" modules
      proposal. Warning with correct names will be printed on start
      with config using old names.
    
    * STARTTLS Everywhere list support is deprecated and is replaced with
      no-op stub.
    
    * TLS certificate loading has been moved to use modules framework.
      "tls CERT KEY" will need to be changed to "tls file CERT KEY".
    
    == New features
    
    * Expose performance and usage statistics in OpenMetrics
      (Prometheus) format. See openmetrics.md.
    
    * Allow external commands to be used for overwriting IMAP folder and
      flags on delivery. See GH#202 and maddy-imap(5) for details.
    
    * Directly integrate with rspamd using its HTTP protocol
      instead of shell script + rspamc.
    
    * Reuse SMTP connections to MXs to avoid unnecessary handshake overhead
      when sending a lot of messages to a single domain.
       (experimental)
    
    * Implement server-side SNI support - multiple certificate-key pairs can
      be specified with "file" loader.
    
    == Enhancements
    
    * Implement SMTP REQUIRETLS extension
    
    * imapsql: Implement SORT and THREAD=ORDEREDSUBJECT extensions
      (experimental)
    
    * endpoint/imap: Implement NAMESPACE extension
    
    * imapsql: Fix flags-only search returning duplicate IDs (GH#251)
    
    * msgpipeline: Permit duplicate destination/source rules
    
    * table: Allow using regexp table without replacement specified
    
    * build.sh: Add ability to set build tags
    
    * build.sh: Add sudo checks (thanks @hugmouse!)
    
    * check/spf: Make sure error value from library is always reported in logs
    
    * config/tls: Remove unnecesary GODEBUG setting code
    
    == Bug fixes
    
    * imapsql: Improve meta-data loading perfomance for Thunderbird by properly
      caching X-Priority field
    
    * Fix SPF policy parser bug resulting in false permerror on some ip6 rules (#254)
    
    * storage/imapsql: Fix incorrect module name in log messages related to delivery errors
    
    == Documentation
    
    * Add page on Mailman 3 integration
    
    * Add page on rspamd integration
    
    * Split maddy(1) and maddy(5)
    
    * Improve setting-up.md (thanks @schrodinger)
    
    * Remove fail2ban from initial configuration
    
    * Clarify configuration for multiple domains
    
  • v0.3.3
    maddy 0.3.3
    
    == Bug fixes
    
    * Fix CRLF mangled into LF by net/textproto and incorrect RFC822.SIZE reported
      by go-imap-sql as a result of that.
        (18657def692614a487c56eb5d387c73a568a4b88)
    
    * Fix maddyctl imap-msgs list showing only the last message by default
        (b2b38bffa7e5c411740b3bf1d61f7a9f87c6503e)
    
    * Fix attachments reported as 0 bytes
        (fb2b3a56bc8db0580aafadf0c15e19f69174f582)
    
    * Fix messages listed twice by RainLoop
        (abba51612d36a0ea0e7640b4d0b71ffcec2dd846)
    
    * Fix maddyctl creds set-password being no-op
        (78f77136e24e916f49f1e9d5407f18a3630efe8f)
    
    * Mangle CRLF in Diagnostic-Code DSN field
        (18657def692614a487c56eb5d387c73a568a4b88, see GH#245)
    
    * Add missing msg_id field for 'RCPT error' message
        (20fe5ad376614fbb802a84d23f85da42486e05fe)
    
    * Fix SMTP enhanced code included in extra lines of multi-line SMTP status
        (18657def692614a487c56eb5d387c73a568a4b88)
    
    == Misc
    
    * Hide "operation was canceled" errors for async rDNS lookup
        (fcebfa2d3adf02392598fc20b38354dfd9f7f17a)
    
  • v0.3.2
    maddy 0.3.2
    
    == SECURITY ISSUES
    
    * Update golang.org/x/text to v0.3.3 (fixes potential DoS)
    
    See CVE-2020-14040 and https://go-review.googlesource.com/c/text/+/238238
    for details.
    
    == Bug fixes
    
    For imapsql IMAP backend:
    * Fix handling of * seqset
    * Add missing counters update for EXPUNGE
      Thanks @yesnomaybeyes for helping in issue investigation.
    * Do not assume clients specify date in APPEND command
    * Fix creating index on MySQL (https://github.com/foxcpp/go-imap-sql/pull/31)
      Thanks @wjywbs.
    
    == Documentation changes
    
    * Extend copyright notice to include contributors
    * Fix formatting and fix possibly confusing MTA-STS example
    * Fix wrong name of 'targets' directive for smtp_downstream
    
    == Misc
    
    * build.sh: Do not switch to X.Y-fixes branch if version is manually selected
    * dist: Add missing [Install] section to systemd units
    
  • v0.3.1
    maddy 0.3.1
    
    == Bug fixes
    
    * limits: Fix "rate" directive parser handling for 2 arguments
    * endpoint/smtp: Fix panic if connection is closed in the middle of receiving body
    * endpoint/smtp: Fix limit leak in case of aborted transaction
    
    == Documentation improvements
    
    * Change github to github.com in 0.3 migration guide (#237)
    * Mention per-source domain limiting option
    
    == Misc
    
    * build.sh: Switch to X.Y-fixes branch if it exists
    
  • v0.3.0
    maddy 0.3.0
    
    **Stability:** This version is believed to be stable enough for use in use
    non-critical deployments.
    
    == Breaking changes
    
    * Minimal supported Go version is increased to Go 1.14
    
    maddy keeps tracking latest Go version to benefit from language and
    library improvements.
    
    build.sh script will automatically download a newer toolchain version
    if system installed version is too old.
    
    * Fully separate authentication from IMAP access
    
    Now there is no uniform database that is used both for IMAP index and
    authenticaiton. This allows completely independent implementation and
    leveraging of maddy modular framework for more flexible authentication
    documentation.
    
    This is a breaking change that also affects how password hashes are
    calculated and requires destructive changes to databases created in
    0.2 order to use with 0.3. A migration utility is created to assist
    with that. See Upgrading page in documentation for detailed instructions.
    
    == New features
    
    * Preliminary milter client implementation
    
    This release introduces limited implementation of milter client protocol. Due
    to a number of differences between how maddy handles internal filtering and
    protocol model "milters" currently cannot make most modifications to the
    message content and is limited to prepending headers and quarantining or
    rejecting message.
    
    * source_in, destination_in directives for message pipeline
    
    Directives `source_in` and `destination_in` allow matching of message senders
    or recipients against lists sources from table modules (files, SQL queries,
    etc). See maddy-smtp(5) for details.
    
    * Dovecot authentication client support
    
    maddy now implements client side of Dovecot authentication protocol allowing it
    to be used with Dovecot as an IMAP server instead of builtin server.
    
    * Dovecot-compatible sasld endpoint
    
    Additional, maddy also implements Dovecot-compatible sasld endpoint
    that allows it to be used as a source for authentication data for other
    servers that support Dovecot authentication protocol (e.g. SMTP servers like
    Postfix).
    
    * lmtp_downstream delivery target
    
    maddy now has full implementation of LMTP client allowing messages to be
    forwarded to other software that speaks LMTP protocol.
    
    * endpoint/smtp: Allow to choose the IP to use for outbound smtp.
    
    * modify/dkim: Allow to sign emails from subdomains using a top domain key
    
    == Improvements
    
    * cmd/maddyctl: Create a set of typical mailboxes on IMAP account creation
    * endpoint/smtp: Send 535 on permanent authentication failure
    * target: Make Received generation more robust in case of missing data
    * config: Support scheme:IP:PORT syntax for endpoint declaration
    
    == Bug fixes
    
    * storage/imapsql: Fix SPECIAL-USE support being accidentally disabled
    * Fix and improve -v flag description
    * endpoint/smtp: Fix missing server hostname in Received header
    * target/remote: Do not fail delivery with null return path
    
    == Documentation improvements
    
    * Fix a number of links in documentation
    * Add page about IMAP-only configuration
    * Mention disabled HZGB2312 support
    * Add smtp-only.md page
    * Add imap-only.md page
    * Add FAQ page
    * Add upgrading instructions page
    
  • v0.2.1
    maddy 0.2.1
    
    **Stability:** This version is believed to be stable enough for use in use
    non-critical deployments.
    
    == SECURITY ISSUES
    
    * Fixed out-of-memory crash triggered by buggy encoding implementation
      (8edcd9183df6ca53e2872367632b18b1cc0461ab) (see GHSA-8jp9-qm2r-p877)
    
    == Bug fixes
    
    * dist: Remove unnessecary log prefix matching for fail2ban filter (979effb4597e229837b4c155d736aa11d30acc50)
      Thanks @bn4t!
    
    * check/dkim: Fix a couple of issues in error handling (076fc0d508f3116c1fc54b886ac62e1d3ae24e34)
    
      DKIM signatures with missing required fields were still considered
      passing for purposes of action selection.
    
      dkim.IsPermFail/dkim.IsTempFail calls were checking the wrong error
      object.
    
    * storage/imapsql: Fix Close deadlock in case of EnableUpdatePipe fail (96a3b964485e17cb4d97481660b42557fafd5c58)
    
    * Fix inconsistency in SASLAuth logger name for endpoints (6b87eb98eb0451a84c8b91dd1dce461bedd59d47)
      (#221)
    
    * log: Strip extra newline from Logger.Write output (ebccff03ae11ed00bc30cb266df0a55d12941923)
    
    == Documentation improvements
    
    * Add missing packages for compilation and fail2ban setup (cfe34368f7181b41d6560812f9fcb83cf8d85b3f)
      Thanks @bn4t!
    
    * Fix small typo (b96acd5259fa8d30989000bc2a1bfa8c089c158c)
      Thanks @bn4t!
    
    * Clarify SECURITY.md (244b03005124ebb131ed1ae8621f598a8ddff285)
    
    * Update outdated tutorials (b472734713f039300de56867aada6c4e1319b2ac)
    
  • v0.2.0
    maddy 0.2.0
    
    **Stability:** This version is believed to be stable enough for use in use
    non-critical deployments. Database structure for `sql` (imapsql) module is
    compatible with 0.1. Configuration requires some changes.
    
    == Incompatible changes & migration notes
    
    - `alias_file` is replaced with generic `rewrite_rcpt` module that can use any "table"-like structure for lookups.
       **Migration**: Replace `alias_file /etc/maddy/aliases` with `alias file_table /etc/maddy/aliases`.
      If multiple
    
    - `rewrite_rcpt` now relies on tables to handle regexp and static replacements.
      **Migration**: Replace `replace_rcpt postmaster postmaster@$(primary_domain)`
      with `replace_rcpt static { entry postmaster postmaster@$(primary_domain)`.
      Replace `replace_rcpt "(.+)\+(.+)@(.+)" "$1@$3"` with
      `replace_rcpt regexp "(.+)\+(.+)@(.+)" "$1@$3"`.
    
    - Module `sql` is renamed to `imapsql`. Change its name in the
      configuration block definition for `local_mailboxes`/`local_authdb`.
    
    - Configuration parser now requires a new line after `}` closing the block.
    
    == New features
    
    - Authentication code is refined and generalized. It permits the implementation
      of additional more complex SASL mechanisms such as TLS client certificate
      authentication and OAuth2 support. These are not implemented in 0.2 though.
      What is currently accessible is the ability to use multiple password-based
      authentication providers to allow user login based on any match from any
      credentials store configured.
    
    - Generic Postfix-like string lookup abstraction is introduced. Alias rewriting
      is updated to use. Additionally, it is possible to use it for password-based
      authentication now. Currently implemented "tables" are: `identity` (returns
      the lookup key), `dummy` (empty table), `sql_table` (returns the result of
      a SQL query), `static` (hardcoded mapping), `regexp` (Regular
      Expression-based rewrite of lookup key).
    
    - `sign_dkim` module now supports multiple domains in a single configuration,
      avoiding the need for complex dispatching.
    
    - `maddy -v` output now includes compile-time defaults for `state_dir`,
      `runtime_dir` and configuration path.
    
    - `build.sh` script can now customize default values for `state_dir` and
      `runtime_dir`.
    
    == Bug fixes
    
    * Fix race in `file_table` reload test (a91d8c2)
    * Fix misuse of TriesCount in queue (ceda725)
    * Fix queue retry delay calculation (4b3e7ce)
    
  • v0.1.1
    8f1d5729 · docs: Several minor edits ·
    === maddy 0.1.1
    
    This release includes no server code changes.
    
    === Change log
    
    Documentation
    
        Mention prebuilt binaries in the setup tutorial
        Be more specific about build.sh dependencies
        Remove "in early development" disclaimers
        Several minor edits (8f1d572)
    
    Build script (build.sh)
    
        Use absolute path to the Go toolchain in PATH
        Check GOMOD value correctly
        Remove wget dependency
    
  • v0.1.0
    === maddy 0.1.0
    
    **Stability:** This version is believed to be stable enough for use in
    use non-critical deployments. Backward compatibility for database
    structures and configuration syntax is not promised but will be
    maintained if possible.
    
    === Implemented features
    
    - IMAP4rev1 (RFC 3501) server implementation with some basic extensions
    - SMTP (RFC 5321) server implementation with per-source, per-destination
    delivery and filtering support
    - Experimental local storage backend & IMAP index based on relational DB
    - Sender authentication methods for inbound messages: DKIM, DMARC, SPF
    - Remote server authentication methods for outbound messages: MTA-STS,
    DANE, DNSSEC-aware resolver, STARTTLS Everywhere rule-set support
    - PAM-based user authentication (not used by default)
    
    In the end, it is not very flexible in some corners at the moment but if
    you just want a generic mail server set-up, it will not be a big
    trouble.
    
    === Known issues
    
    - IMAP sequence numbers are not properly synchronized, making concurrent
    mailbox access potentially unsafe, though the chance of actual data
    damage is pretty small. See issue #188 for details.
    - Support for IP literals in e-mail addresses is disabled. Attempt to
    use them will result in a permanent error.