maddy 0.5.0

New features

• Experimental: Built-in ACME client (GH #3)

Currently supports only dns-01 challenge with a limited set of
providers. See documentation for details.

• S3-backed storage for message contents (GH #304)

• Local sender authorization (GH #268)

• LDAP BindDN authentication (GH #273)

• storage/imapsql: Implement auth_map

• storage/imapsql: Implement delivery_map

This functionality allows imapsql storage backend to be correctly
used with non-email-based authentication providers.
In particular, this unbreaks PAM and shadow modules.

• Implement table.chain module

• Implement table.email_localpart as a helper to strip domain from emails

Improvements

• Implement client timeouts for target.remote and target.smtp
• endpoint/smtp: Add max_header_size

Fixes

• check/spf: Change default action for softfail to 'ignore'
• endpoint/smtp: Allow to change the line length limit enforced by go-smtp
• table/sql_query: Allow to use numbered parameters in queries
• auth/plain_separate: Make configuration directives actually work
• table/file: Allow table to be created without specifying files in inline args
• config/tls: Fix custom loader configuration reading

Removed functionality

• check/dns: Mark require_matching_echo as deprecated
• config/tls: Remove deprecated "tls CERT KEY" syntax
• Remove deprecated 0.3 module name aliases

maddy 0.4.4

The long awaited release!

Outbound SMTP

• target/remote: Force MX domain to be FQDN when looking up TLSA records (GH #321)
• Fix two issues in handling of DSN messages in SMTP pipeline and checks (GH #327)
• dns: Attempt to use 127.0.0.1 if no DNS servers are configured in system
• target/queue: Do not attempt to do atomic overwrite for metadata on Windows (GH #334)

Inbound SMTP

• endpoint/smtp: Unbreak MAIL FROM:<> handling (GH #337)
• endpoint/smtp: Release Msg limiter correctly if pipeline.Start fails (GH #348)

Misc

• config/tls: Fix tls_client parsing (Thanks @AluisioASG!)

Documentation

• docs: Replace foxcpp.dev/maddy with maddy.email
• docs: Remove reference to local_modifiers from multiple-domains.md
• docs: fixed small error (Thanks @0xflotus!)
• Fix a typo in maddy-smtp man doc (Thanks @Defman21!)

Docker

This release changes how Docker image is built reverting default directories
behavior to what 0.4.2 did but implemented in a different way so we have
the best of both worlds.

build.sh

• Allow setting build tags
• Do not try to install man pages if they were not built

3rd party libraries

• go-smtp now uses Postfix success responses
• go-msgauth/dkim now supports both RSA public key formats
  (see emersion/go-msgauth#43)

maddy 0.4.3

GitHub is having troubles with our tarballs again, as usual, binary artifacts are also available at https://foxcpp.dev/maddy-builds/0.4.3/.

Changes

SMTP server

• Auto-buffer code no longer truncates large messages;
• DANE implementation has been rewritten from scratch to fix many issues;
  Thanks @vdukhovni!
• Domains in envelope addresses and EHLO are now always treated as FQDN to
  avoid quirks when system has search domains configured;
• target.lmtp no longer attempts to use STARTTLS by default;
• allow_body_subset directive has been removed from check.dkim code since it is
  no longer supported upstream;
• A bug has been fixed in the DKIM canonicalization code that caused some
  messages to be signed or verified incorrectly (go-msgauth issue);
• Fix target.lmtp actually acting as target.smtp when defined in a top-level
  config; Thanks @reivilibre!

IMAP server

• HZ-GB-2312 encoding collation support is reenabled. Upstream security issue
  has been fixed;

build.sh

build.sh script has been replaced with a much more simple implementation
that works with any POSIX shell and is more portable in general.

Thanks @Binklebonk, @hugmouse and @herbygillot for helping testing it on
non-Linux platforms.

Misc

• All uses of deprecated 0.3 module names have been replaced with up-to-date
  names;

Documentation

• Dovecot integration tutorial has been updated to avoid circular dependency in
  startup; Thanks @reivilibre!
• All uses of deprecated 0.3 module names have been replaced with up-to-date
  names; Thanks @reivilibre for spotting some of them!

maddy 0.4.2

Users of binary packages or Docker image are encouraged to upgrade to get a fix for CVE-2020-28362 that comes with Go 1.15.5

Note: Binary artifacts for this release were removed due to being broken. Source build should be used.

Fixes

• check/milter: Add missing handler for milter.ActTempFail ('t') (thanks @hugmouse!)
• msgpipeline: Fix log messages missing for sub-pipelines
• msgpipeline: Fix effective_rcpt in log messages being wrong when sub-pipelines do rewriting
• endpoint/smtp: Fix handling of empty messages in auto-buffer code
• endpoint/smtp: Auto-create directory for "fs" buffer mode

maddy 0.4.1

Fixes

• check/rspamd: Fix sending of message header leading to incorrect results.

• check/milter, auth/plain_separate are now actually usable.

• address: Fix some addresses being incorrectly considered to be invalid (#275)

maddy 0.4.0

GitHub is having problems uploading artifacts, grab them from https://foxcpp.dev/maddy-builds/0.4.0/

GPLv3

After short discussion and collecting necessary agreements, decision was
made to change Maddy Mail Server source code license to GNU Public
License Version 3.

See GH#253 for details.

Deprecated functionality, breaking changes for 0.5

Work is being done to stabilize maddy interfaces including configuration
format and all data structures. Therefore, since 0.4, development
strictly follows Semantic Versioning 2, in particular - all breaking
changes are announced in advance as "deprecated" before actual change
happens. Therefore, this version does not include any breaking changes
but 0.5 will.

• A lot of modules have been renamed to match "namespaced" modules
  proposal. Warning with correct names will be printed on start
  with config using old names.

• STARTTLS Everywhere list support is deprecated and is replaced with
  no-op stub.

• TLS certificate loading has been moved to use modules framework.
  "tls CERT KEY" will need to be changed to "tls file CERT KEY".

New features

• Expose performance and usage statistics in OpenMetrics
  (Prometheus) format. See openmetrics.md.

• Allow external commands to be used for overwriting IMAP folder and
  flags on delivery. See GH#202 and maddy-imap(5) for details.

• Directly integrate with rspamd using its HTTP protocol
  instead of shell script + rspamc.

• Reuse SMTP connections to MXs to avoid unnecessary handshake overhead
  when sending a lot of messages to a single domain.
  (experimental)

• Implement server-side SNI support - multiple certificate-key pairs can
  be specified with "file" loader.

Enhancements

• Implement SMTP REQUIRETLS extension

• imapsql: Implement SORT and THREAD=ORDEREDSUBJECT extensions
  (experimental)

• endpoint/imap: Implement NAMESPACE extension

• imapsql: Fix flags-only search returning duplicate IDs (GH#251)

• msgpipeline: Permit duplicate destination/source rules

• table: Allow using regexp table without replacement specified

• build.sh: Add ability to set build tags

• build.sh: Add sudo checks (thanks @hugmouse!)

• check/spf: Make sure error value from library is always reported in logs

• config/tls: Remove unnecesary GODEBUG setting code

Bug fixes

• imapsql: Improve meta-data loading perfomance for Thunderbird by properly
  caching X-Priority field

• Fix SPF policy parser bug resulting in false permerror on some ip6 rules (#254)

• storage/imapsql: Fix incorrect module name in log messages related to delivery errors

Documentation

• Add page on Mailman 3 integration

• Add page on rspamd integration

• Split maddy(1) and maddy(5)

• Improve setting-up.md (thanks @schrodinger)

• Remove fail2ban from initial configuration

• Clarify configuration for multiple domains

maddy 0.3.3

Note: We are in the progress of changing maddy source code license from MIT to GPLv3.
This is the last release to have all code available under MIT license.

Note: GitHub refused to accept maddy-0.3.3+gd95e4f9-x86_64-linux-musl.tar.zst attachment. A good reminder that artifacts for all releases are available from https://foxcpp.dev/maddy-builds/

Bug fixes

• Fix CRLF mangled into LF by net/textproto and incorrect RFC822.SIZE reported
  by go-imap-sql as a result of that.
  (18657de)

• Fix maddyctl imap-msgs list showing only the last message by default
  (b2b38bf)

• Fix attachments reported as 0 bytes
  (fb2b3a5)

• Fix messages listed twice by RainLoop
  (abba516)

• Fix maddyctl creds set-password being no-op
  (78f7713)

• Mangle CRLF in Diagnostic-Code DSN field
  (18657de, see GH#245)

• Add missing msg_id field for 'RCPT error' message
  (20fe5ad)

• Fix SMTP enhanced code included in extra lines of multi-line SMTP status
  (18657de)

Misc

• Hide "operation was canceled" errors for async rDNS lookup
  (fcebfa2)

maddy 0.3.2

SECURITY ISSUES

• Update golang.org/x/text to v0.3.3 (fixes potential DoS)

See CVE-2020-14040 and https://go-review.googlesource.com/c/text/+/238238
for details.

Bug fixes

For imapsql IMAP backend:

• Fix handling of * seqset
• Add missing counters update for EXPUNGE
  Thanks @yesnomaybeyes for helping in issue investigation.
• Do not assume clients specify date in APPEND command
• Fix creating index on MySQL (foxcpp/go-imap-sql#31)
  Thanks @wjywbs.

Documentation changes

• Extend copyright notice to include contributors
• Fix formatting and fix possibly confusing MTA-STS example
• Fix wrong name of 'targets' directive for smtp_downstream

Misc

• build.sh: Do not switch to X.Y-fixes branch if version is manually selected
• dist: Add missing [Install] section to systemd units

Build artifacts

Artifact	SHA-256
maddy executable (Linux, x86_64, musl)	b5789e134cab2d79369ffcb3f2150055761611df136493a161b157c3953f9cac
maddyctl executable (Linux, x86_64, musl)	ba348e548bd417891a6d0314226511e35256b075eb8bc5d5d7cccbe94cfdee11
Full Zstd tarball (Linux, x86_64, musl)	d9d059306f1902b7329027136835fea9374d315b6a3f6176c62838d296b653d3
Source code tarball	38d2e6461bf2e21747dfb8d8c1ce5ed3c4d57c5e3eb4327e336c275cd71fbdf9

🔒 Attached tarballs are signed using PGP key 3197 BBD9 5137 E682 A597 17B4 34BB 2007 0813 96F4

maddy 0.3.1

Bug fixes

• limits: Fix "rate" directive parser handling for 2 arguments
• endpoint/smtp: Fix panic if connection is closed in the middle of receiving body
• endpoint/smtp: Fix limit leak in case of aborted transaction

Documentation improvements

• Change github to github.com in 0.3 migration guide (#237)
• Mention per-source domain limiting option

Misc

• build.sh: Switch to X.Y-fixes branch if it exists

maddy 0.3.0

Stability: This version is believed to be stable enough for use in use
non-critical deployments.

Breaking changes

• Minimal supported Go version is increased to Go 1.14

maddy keeps tracking latest Go version to benefit from language and
library improvements.

build.sh script will automatically download a newer toolchain version
if system installed version is too old.

• Fully separate authentication from IMAP access

Now there is no uniform database that is used both for IMAP index and
authenticaiton. This allows completely independent implementation and
leveraging of maddy modular framework for more flexible authentication
documentation.

This is a breaking change that also affects how password hashes are
calculated and requires destructive changes to databases created in
0.2 order to use with 0.3. A migration utility is created to assist
with that. See Upgrading page in documentation for detailed instructions.

New features

• Preliminary milter client implementation

This release introduces limited implementation of milter client protocol. Due
to a number of differences between how maddy handles internal filtering and
protocol model "milters" currently cannot make most modifications to the
message content and is limited to prepending headers and quarantining or
rejecting message.

• source_in, destination_in directives for message pipeline

Directives source_in and destination_in allow matching of message senders
or recipients against lists sources from table modules (files, SQL queries,
etc). See maddy-smtp(5) for details.

• Dovecot authentication client support

maddy now implements client side of Dovecot authentication protocol allowing it
to be used with Dovecot as an IMAP server instead of builtin server.

• Dovecot-compatible sasld endpoint

Additional, maddy also implements Dovecot-compatible sasld endpoint
that allows it to be used as a source for authentication data for other
servers that support Dovecot authentication protocol (e.g. SMTP servers like
Postfix).

• lmtp_downstream delivery target

maddy now has full implementation of LMTP client allowing messages to be
forwarded to other software that speaks LMTP protocol.

• endpoint/smtp: Allow to choose the IP to use for outbound smtp.

• modify/dkim: Allow to sign emails from subdomains using a top domain key

Improvements

• cmd/maddyctl: Create a set of typical mailboxes on IMAP account creation
• endpoint/smtp: Send 535 on permanent authentication failure
• target: Make Received generation more robust in case of missing data
• config: Support scheme:IP:PORT syntax for endpoint declaration

Bug fixes

• storage/imapsql: Fix SPECIAL-USE support being accidentally disabled
• Fix and improve -v flag description
• endpoint/smtp: Fix missing server hostname in Received header
• target/remote: Do not fail delivery with null return path

Documentation improvements

• Fix a number of links in documentation
• Add page about IMAP-only configuration
• Mention disabled HZGB2312 support
• Add smtp-only.md page
• Add imap-only.md page
• Add FAQ page
• Add upgrading instructions page

Build artifacts

There is no binary tarballs for this release as Alpine Linux 3.12 ships Go 1.13. This will be addressed in the
future and this release will be amended.

🔒 Attached tarballs are signed using PGP key 3197 BBD9 5137 E682 A597 17B4 34BB 2007 0813 96F4