maddy 0.8.1

This release includes target.smtp STARTTLS change that originally should have been included in 0.8.0 but was accidentally reverted.

Build attestation

Release artifacts built via GitHub Actions run https://github.com/foxcpp/maddy/actions/runs/12964852891

SLSA Build Attestation for x86_64 linux-musl build: https://github.com/foxcpp/maddy/attestations/4622297
SLSA Build Attestation for Docker image: https://github.com/foxcpp/maddy/attestations/4622340

maddy 0.8.0

Important changes

Go 1.23

maddy now requires Go 1.23 toolchain to build. "go" command in Go 1.21+
will automatically download newer toolchain if necessary.

SASL LOGIN disabled by default

Obsolete SASL LOGIN mechanism is no longer enabled by default. To re-enable
its support, use sasl_login directive in endpoint configuration.

STARTTLS plaintext fallback removed in target.smtp

⚠️ The change is accidentally not included in 0.8, see 0.8.1

If STARTTLS support is requested for connection in target.smtp
and the target server does not support STARTTLS message will not be
sent over plaintext connection.

This change does not affect outbound delivery via MX records/port 25.
The default configuration for these is to require TLS (even if the certificate is invalid)

• this is controlled by min_tls_level encrypted in configuration.

require_tls directive is deprecated and will be removed in a future release.
attempt_starttls directive is deprecated and is equivalent to
the newly added starttls directive.

STARTTLS plaintext fallback in target.remote is more strict

If STARTTLS command is rejected by the remote server or connection error
happens before STARTTLS completes (that is, no TLS handshake takes place)
then unauthenticated TLS or plaintext fallback is no longer attempted.

New features

PROXY protocol support

Thanks @drdaeman for the work!

maddy now supports HAProxy PROXY protocol for IMAP and SMTP endpoints
via proxy_protocol directive. Both v1 (text) and v2 (binary) versions
are supported. There is also additional support for second TLS layer
between proxy and maddy that can be configured using proxy_protocol.tls
directive.

RFC 2136 libdns provider

Built-in ACME client can be configured to set DNS-01 challenge records
using RFC 2136 protocol.

Support is not compiled-in by default and should be enabled using
libdns_rfc2136 build tag.

ACME-DNS libdns provider

Built-in ACME client can not be configured to delegate DNS-01 challenge
to the https://github.com/joohoi/acme-dns server.

Support should be enabled via libdns_acmedns build tag.

Bug fixes

• check.milter can now connect to milters using Unix sockets (PR #622) (Thanks @mmatous!).
• libdns/gandi: Upgraded to the latest version of gandi libdns, which fixes an issue where new records could not be created (PR #673).
• Add missing global tls_client directive (Issue #674).
• target/remote: Improve handling of stale connections in pool to prevent resource leaks (Issue #675).
• modify/replace_sender: Support replacing empty MAIL FROM addresses.
• target/queue: Fix infinite retries after reducing max_tries (Issue #678).
• imapsql: Fix cross compilation error (Issue #681).
• imapsql: Make modernc.org SQLite driver usable (Issue #723).
• config/tls: Disable TLS session tickets (Issue #730).
• dmarc: Add support for sending from TLD domains (Issue #736).
• tls/acme: Actually use test_ca

Misc improvements

• build: make "build.sh install" reusable (Thanks @oidq!).
• docker: Allow to specify additional build tags via Docker build argument.
• endpoint/smtp: Recipients limit is now advertised via LIMITS SMTP extension

Build attestation

• SLSA Build Attestation for x86_64 linux-muslc build: https://github.com/foxcpp/maddy/attestations/4617983
• SLSA Build Attestation for Docker image: https://github.com/foxcpp/maddy/attestations/4617988

[SECURITY] maddy 0.7.1

This release, among other fixes, includes the fix for the zero-day "SMTP smuggling" vulnerability. Detailed analysis: https://www.postfix.org/smtp-smuggling.html Until 0.7.1 maddy was a "email service B".

Fixes

• cfgparser: Do not interpet absolute paths relatively to the config dir (#592).
• target/remote: Fix isVerifyError not working correctly on Go 1.20 (#612).
• smtpconn/pool: Fix idle connections almost never cleaned up (#596).
• target/remote: Fix wrong DNS query type in DANE lookups for IPv6-only hosts (#631).
• [SECURITY] go-smtp: Mitigate SMTP smuggling issue (#661).
• endpoint/smtp: Detect cancelled rDNS lookup correctly (#626).
• check/spf: Handle empty MAIL FROM in accordance with RFC 7208.

Misc

• storage/imapsql: Add support for transpiled SQLite driver

Tests

• Fix cover_test.go deadlock on Go 1.20.

Distribution & packaging

• build.sh: Allow to run ./build.sh install without go command available (#569).
• dist/systemd: Ease umask restrictions, making files RW for maddy group (#569).
• dist/systemd: Depend on network-online.target (#617).

Documentation

• Improve Markdown formatting and grammar (#600, #614, #662).
• Fix a bunch of links being broken (#601, #602, #667).
• email_with_domains -> email_with_domain (#609, #613).
• Fix wrong SPF record suggestion (#640).
• Fix number of sigs for modifiers.dkim sign_fields (#643).
• Explicitly mention that referencing config block from global directive won't work.

maddy 0.7.0

New features

• Add NetAuth authentication integration.

NetAuth is a network identity and authentication provider meant
to be used as a LDAP replacement.

See https://www.netauth.org/about/ for details.

• Implement auth_map and storage_map at endpoint level.

This makes auth_map do what its name implies. Old auth_map in storage
module is deprecated and will be removed in the next release.

Now more options are supported for multiplie domain configurations.
See https://maddy.email/multiple-domains/ for details.

• table: Implement email_with_domains and email_localpart_optional module

Meant to be used with authentication and authorization configuration
to ensure correct(tm) email address parsing and formatting.

• Add IAM, AWS config, Minio config file credentials options for S3 storage.

• tls/acme: Add support for delegating DNS-01 challenge to a different domain (#588)

Fixes

• Remove references to man.5 from build.sh.
• Make graceful shutdown work correctly with OpenMetrics endpoint.
• auth/ldap: Fix "bind unauth" config directive parsing.
• auth/ldap: Send empty username by default when doing unauthenticated bind.
• auth/ldap: Fix connection pool leak (#546).
• auth/ldap: Fix STARTTLS support (PR #580).
• endpoint/smtp: Fix connection limit leak when FROM:<> is used (PR #561).
• Improve domain validation function (#554).
• Use dev versions of libdns modules (#461).
• storage/imapsql: Fix messages without \Recent flag not being displayed (#549).
• storage/imapsql: Increase open mailbox limit to 100k.

Documentation

• Fix a lot of typos.
• Add description of dkim key algorithym ed25519.
• Improve documentation of how delivery_map is supposed to be used for custom
  authentication support.
• Replace maddyctl with maddy.
• Improve authorize_sender documentation

maddy 0.6.3

This release does not include most changes from master branch (intended to become 0.7) and is instead based on 0.6.2.

Bugfixes

• [security] Fix authentication bypass if SASL authorization username is used (GHSA-4g76-w3xw-2x6w, CVE-2023-27582).

maddy 0.6.2

Bugfixes

• Fix empty IMAP folders being shown sometimes (#512)
• Fix maddyctl imap-msgs lists crash (#509)
• Fix maddyctl imap-msgs remove being no-op (#510)
• pass_table: fix user hash creation (#507)

Docs

• Update Arch repository and Docker instructions links

Misc

• cli: Warn about upcoming --uid=true change

maddy 0.6.1

⚠️ Release is recalled due to severe issues. Use 0.6.2 instead.

Bugfixes

• Fixed missing IMAP IDLE capability, again... (#504)
• Fixed broken storage.imapsql schema upgrade

Broken storage.imapsql schema upgrade

If you happen to run 0.6.0 and got error about schema being
too old, you need to run the following SQL query on your imapsql.db
before you will be able to use 0.6.1:

UPDATE schema_version SET version = 6;

maddy 0.6.0

⚠️ Release is recalled due to severe issues. Use 0.6.2 instead.

Breaking changes

• check: Remove require_matching_echo (deprecated in 0.5) (#280)
• modify/dkim: Remove require_sender_match from code (#465)

New features

• maddyctl and maddy executables are merged

To start the server: maddy run ...
Other maddyctl subcommands are available
similiarly: maddy imap-acct, etc

• Support 1-N recipient address expansion (#401)

For example, when using table.regexp:

replace_rcpt regexp "root@(.+)" "admin1@$1" "admin2@$1"

Or table.file:

[email protected]: [email protected], [email protected]

For SQL-based tables, just add multiple rows with the same key (address to be replaced).

• Add more placeholders for imap_filter (PR #449)

{rcpt_to} (SMTP RCPT TO), {original_rcpt_to} (SMTP RCPT TO before any local rewrites), {subject}.

• storage/imapsql: Add support for using PostgreSQL broker for updates

It is used automatically, so now it is safe run multiple maddy server instancesusing the same PostgreSQL DB.

Bugfixes

• Migrate to go-imap v2 (#188)

go-imap v2 is my fork of emersion/go-imap library that makes
massive changes to the server code.

In particular, it fixes long-standing issue of update handling
being non conforming to RFC 3501.

• check/spf: Fix "lookup limit reached" for some conforming records (#487)
• cmd/maddyctl: Fix --argon2-time setting memory instead of time (PR #502)
• check/spf: Ignore SPF permerr and temperr by default (#485)
• Move closing the default logger after printing configuration errors
• Fix TLS Internal Error caused by SNI-unuware clients when ACME is used (#467)

Documentation changes

• docs: Add Docker-specific documentation
• docs: Convert manual pages into per-module Markdown pages

Misc

• Go 1.17 is required now
• Dockerfile: Use TLS filenames same as certbot (#350)
• Dockerfile: Put Docker-specific config in the repo
• ci: Set OCI labels in built Docker image
• ci: Use docker buildx and qemu to build ARM64 images (#404)

maddy 0.5.4

Bugfixes

• auth/pam: Fix double-free crash (GH #272)
• [security] auth/pam: Check for account/password expiry (GHSA-6cp7-g972-w9m9)
• endpoint/smtp: Fix incoming message log record having no msg_id

maddy 0.5.3

Docker image changes

maddy image is now also available at ghcr.io registry:

docker pull ghcr.io/foxcpp/maddy:0.5

Currently this is just an experiment, we are not sure if we will fully migrate to it.

Image tags no longer include v prefix with the exception of v0.5 still being updated to maintain compatibility for people that use this tag.

docker pull foxcpp/maddy:0.5.3 # instead of foxcpp/maddy:v0.5.3

Bug fixes

• Fix errors from LMTP downstream being ignored (#453)
• Make it possible to use dovecot_sasl auth with TCP sockets (#450, thanks @jonlundy)
• Fix MAIL after STARTTLS causing panic
• Fix IMAP IDLE capability missing (#446)

Misc

• Add target.remote force_ipv4 option (#442, thanks @delthas)