maddy 0.8.0

[foxcpp]

Important changes

SASL LOGIN disabled by default

Obsolete SASL LOGIN mechanism is no longer enabled by default. To re-enable
its support, use sasl_login directive in endpoint configuration.

STARTTLS plaintext fallback removed in target.smtp

If STARTTLS support is requested for connection in target.smtp
and the target server does not support STARTTLS message will not be
sent over plaintext connection.

require_tls directive is deprecated and will be removed in a future release.
attempt_starttls directive is deprecated and is equivalent to
the newly added starttls directive.

STARTTLS plaintext fallback in target.remote is more strict

If STARTTLS command is rejected by the remote server or connection error
happens before STARTTLS completes (that is, no TLS handshake takes place)
then unauthenticated TLS or plaintext fallback is no longer attempted.

New features

PROXY protocol support

Thanks @drdaeman for the work!

maddy now supports HAProxy PROXY protocol for IMAP and SMTP endpoints
via proxy_protocol directive. Both v1 (text) and v2 (binary) versions
are supported. There is also additional support for second TLS layer
between proxy and maddy that can be configured using proxy_protocol.tls
directive.

RFC 2136 libdns provider

Built-in ACME client can be configured to set DNS-01 challenge records
using RFC 2136 protocol.

Support is not compiled-in by default and should be enabled using
libdns_rfc2136 build tag.

ACME-DNS libdns provider

Built-in ACME client can not be configured to delegate DNS-01 challenge
to the https://github.com/joohoi/acme-dns server.

Support should be enabled via libdns_acmedns build tag.

Bug fixes

• check.milter can now connect to milters using Unix sockets (PR fix(milter): remove erroneous path check #622) (Thanks @mmatous!).
• libdns/gandi: Upgraded to the latest version of gandi libdns, which fixes an issue where new records could not be created (PR upgrade Gandi libdns to 1.0.3 #673).
• Add missing global tls_client directive (Issue cannot specify tls_client directive #674).
• target/remote: Improve handling of stale connections in pool to prevent resource leaks (Issue Maddy sometimes blocks new connections while cleaning up stale connections #675).
• modify/replace_sender: Support replacing empty MAIL FROM addresses.
• target/queue: Fix infinite retries after reducing max_tries (Issue queue: infinite retries after reducing max_tries and bogus retry interval #678).
• imapsql: Fix cross compilation error (Issue cross compilation error : pq.Error does not implement error (method Error has pointer receiver) #681).
• imapsql: Make modernc.org SQLite driver usable (Issue imapsql: NewBackend (initSchema): create table users: SQL logic error: AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY (1) #723).
• config/tls: Disable TLS session tickets (Issue Unable to receive mail from outlook servers #730).
• dmarc: Add support for sending from TLD domains (Issue DMARC align check may broken if TLD is used to send mails #736).
• tls/acme: Actually use test_ca

Misc improvements

• build: make "build.sh install" reusable (Thanks @oidq!).
• docker: Allow to specify additional build tags via Docker build argument.
• endpoint/smtp: Recipients limit is now advertised via LIMITS SMTP extension

Build attestation

• SLSA Build Attestation for x86_64 linux-muslc build: https://github.com/foxcpp/maddy/attestations/4617983
• SLSA Build Attestation for Docker image: https://github.com/foxcpp/maddy/attestations/4617988

---

This discussion was created from the release maddy 0.8.0.