File: relnotes.md

package info (click to toggle)
chasquid 1.16.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 2,744 kB
  • sloc: sh: 1,325; python: 341; makefile: 78
file content (270 lines) | stat: -rw-r--r-- 8,463 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
 

# Release notes

This file contains notes for each release, summarizing changes and explicitly
noting backward-incompatible changes or known security issues.


## 1.16.0 (2025-06-08)

- Minor bug fixes to `chasquid-util`.
- Return error on invalid aliases lines.
- Support [`*` as an alias destination user](aliases.md#catch-all)
  *(experimental)*.
- Implement ["via" aliases](aliases.md#via) *(experimental)*.
- Make the max queue size and give up time
  [configurable](man/chasquid.conf.5.md) *(experimental)*.


## 1.15.0 (2025-01-17)

- Exit if there's an error reading users/aliases files on startup.
- Log how many things were loaded for each domain.
- Add fail2ban filter configuration example.

### 1.15.1 (2025-03-30)

Implement a workaround for a Microsoft bug in TLS session ticket handling,
that is causing deliverability issues, and they are being too slow at fixing.

See this [chasquid issue](https://github.com/albertito/chasquid/issues/64),
this [Go issue](https://github.com/golang/go/issues/70232) and this
[Postfix thread](https://www.mail-archive.com/postfix-users@postfix.org/msg104308.html)
for more details.


## 1.14.0 (2024-04-21)

- Add built-in [DKIM](dkim.md) signing and verification.
- Rename `master` branch to `main`. Docker users pulling from the `master`
  docker label should update the label accordingly. No action is needed if
  using `latest`.
- Starting with this release, version numbers will be
  [SemVer](https://semver.org/)-compatible, to help integration with other
  software that expects it (e.g. [pkg.go.dev](https://pkg.go.dev/)).


## 1.13 (2023-12-24)

Security fixes:

- Strict CRLF enforcement in DATA contents, to prevent [SMTP smuggling
  attacks](https://www.postfix.org/smtp-smuggling.html)
  ([CVE-2023-52354](https://nvd.nist.gov/vuln/detail/CVE-2023-52354)). \
  [RFC5322](https://www.rfc-editor.org/rfc/rfc5322#section-2.3) and
  [RFC5321](https://www.rfc-editor.org/rfc/rfc5321#section-2.3.8) say
  that the only valid newline terminator in SMTP is CRLF. \
  When an invalid newline terminator is found in an incoming message, the
  connection is now aborted immediately (previous releases also accepted
  LF-terminated lines). \
  The MTA courier now uses CRLF-terminated lines (previous releases used
  LF-terminated lines).

Other changes:

- Add support for receive-only users.
- Reject empty listening addresses, to help prevent accidental
  misconfiguration. To prevent chasquid from listening, just comment out the
  entry in the config.
- `docker/add-user.sh`: Support getting email and password from env variables.


## 1.12 (2023-10-07)

- Support [aliases with drop characters and
  suffix separators](aliases.md#drop-characters-and-suffix-separators).
- Improved delivery on some low-level TLS negotiation errors.
- `smtp-check`: Add flag to specify local name.
- `chasquid-util`: `aliases-resolve` and `domaininfo-remove` subcommands now
  talk to the running server. That results in more authoritative answers, and
  performance improvements.
- `chasquid-util`: Remove `aliases-add` subcommand. This was an undocumented
  command that was added a while ago, and there is no need for it anymore.
- Handle symlinks under the `certs/` directory.


## 1.11 (2023-02-19)

- New tracing library for improved observability.
- Update [fuzz tests](tests.md#fuzz-tests) to the new standard infrastructure.

### 1.11.1 (2023-12-26)

Backport the security fixes from 1.13 (*Strict CRLF enforcement in DATA
contents*, fixes
[CVE-2023-52354](https://nvd.nist.gov/vuln/detail/CVE-2023-52354)).


## 1.10 (2022-09-01)

- Support [catch-all aliases](aliases.md#catch-all).
- Fix bug in Docker image with user-provided certificates.
- Miscellaneous test improvements.


## 1.9 (2022-03-05)

- Improve certificate validation logic in the SMTP courier.
- Remove `alias-exists` hook, and improve aliases resolution logic.
- Support `""` values for `drop_characters` and `suffix_separators` in the
  configuration file.


## 1.8 (2021-07-30)

- Stricter error checking to help prevent cross-protocol attacks
  (like [ALPACA](https://alpaca-attack.com/)).
- Allow authenticating users without an `@domain` part.
- Add integration for
  [chasquid-rspamd](https://github.com/Thor77/chasquid-rspamd) and
  [dkimpy](https://launchpad.net/dkimpy/) in the example hook.
- Add a `-to_puny` option to mda-lmtp, to punycode-encode addresses.
- Use `application/openmetrics-text` as content type in the openmetrics
  exporter.


## 1.7 (2021-05-31)

- chasquid-util no longer depends on the unmaintained docopt-go.
  If you relied on undocumented parsing behaviour before, your invocations may
  need adjustment.  In particular, `--a b` is no longer supported, and `--a=b`
  must be used instead.
- Improve handling of errors when talking to Dovecot for authentication.
- Fix handling of `hostname` option in the Docker image.
- Miscellaneous documentation and test improvements.


## 1.6 (2020-11-22)

- Pass the EHLO domain to the post-data hook.
- Add /exit endpoint to monitoring server.
- Implement HAProxy protocol support (experimental).
- Documentation updates.


## 1.5 (2020-09-12)

- Add OpenMetrics exporter (compatible with Prometheus).
- Support log rotation via SIGHUP, and other misc. logging improvements.
- Fix error code on transient authentication issues.
- Fix rspamd greylist action handling in the default hook.
- Miscellaneous monitoring server improvements.


## 1.4 (2020-05-22)

- Use the configured hostname in outgoing SMTP HELO/EHLO.
- Allow config overrides from the command line.
- Miscellaneous test improvements and code cleanups.


## 1.3 (2020-04-12)

- Improved handling of DNS temporary errors.
- Documentation updates (use of SRS when forwarding, Dovecot troubleshooting,
  Arch installation instructions).
- Miscellaneous test improvements and cleanups.


## 1.2 (2019-12-06)

Security fixes:

- DoS through memory exhaustion due to not limiting the line length (on both
  incoming and outgoing connections). Thanks to Max Mazurov
  (fox.cpp@disroot.org) for the initial report.

Release notes:

- Fix handling of excessive long lines on incoming and outgoing connections.
- Better error codes when DATA size exceeded the maximum.
- New documentation sections (monitoring, release notes).
- Many miscellaneous test improvements.


## 1.1 (2019-10-26)

- Added hooks for aliases resolution.
- Added rspamd integration in the default post-data hook.
- Added chasquid-util aliases-add subcommand.
- Expanded SPF support.
- Documentation and test improvements.
- Minor bug fixes.


## 1.0 (2019-07-15)

No backwards-incompatible changes. No more are expected within this major
version.

- Fixed a bug on early connection deadline handling.
- Make DSN tidier, especially in handling multi-line errors.
- Miscellaneous test improvements.


## 0.07 (2019-01-19)

No backwards-incompatible changes.

- Send enhanced status codes.
- Internationalized Delivery Status Notifications (DSN).
- Miscellaneous test improvements.
- DKIM integration examples and test.


## 0.06 (2018-07-22)

No backwards-incompatible changes.

- New MTA-STS (Strict Transport Security) checking.


## 0.05 (2018-06-05)

No backwards-incompatible changes.

- Lots of new tests.
- Added a how-to and manual pages.
- Periodic reload of domaininfo, support removing entries manually.
- Dovecot auth support no longer considered experimental.


## 0.04 (2018-02-10)

No backwards-incompatible changes.

- Add Dovecot authentication support (experimental).
- Miscellaneous bug fixes to mda-lmtp and tests.


## 0.03 (2017-07-15)

**Backwards-incompatible changes:**

- The default MTA binary has changed. It's now maildrop by default.
  If you relied on procmail being the default, add the following to
  `/etc/chasquid/chasquid.conf`: `mail_delivery_agent_bin: "procmail"`.
- chasquid now listens on a third port, submission-on-TLS.
  If using systemd, copy the `etc/systemd/system/chasquid-submission_tls.socket`
  file to `/etc/systemd/system/`, and start it.


Release notes:

- Support submission (directly) over TLS (submissions/smtps/port 465).
- Change the default MDA binary to `maildrop`.
- Add a very basic MDA that uses LMTP to do the mail delivery.


## 0.02 (2017-03-03)

No backwards-incompatible changes.

- Improved configuration checks and safeguards.
- Fall back through the MX list on errors.
- Experimental MTA-STS implementation (disabled by default).


## 0.01 (2016-11-03)

Initial release.