SD-3996 4.6 release documentation (#750)

* SD-3996 4.6 release documentation * typo * tweaks as per reviews
SparkPost · Oct 26, 2023 · 15f2516 · 15f2516
1 parent 86d01a4
commit 15f2516
Show file tree

Hide file tree

Showing 10 changed files with 58 additions and 81 deletions.
diff --git a/content/momentum/4/4-tls-macros.md b/content/momentum/4/4-tls-macros.md
@@ -15,71 +15,18 @@ The tls_macros module must be loaded in a configuration file, as follows:
 `tls_macros {}`
 ### <a name="tls_macros.macros"></a> TLS Logging Macros
 
-[Table 71.2, “TLS Logging Macros”](/momentum/4/4-tls-macros#tls-macros-table) lists the TLS logging macros.
-
 <a name="tls-macros-table"></a> 
 
-
 | Macro | Description | Examples |
 | --- | --- | --- |
-| outbound_tls:outbound_tls | Whether TLS was used or not | 
-
-*   SMTP ("SMTP" = no TLS)
-
-*   TLS
-
-*   unknown
-
- |
-| outbound_tls:outbound_tls_type | TLS type of connection | 
-
-When TLS is being used, this matches the value of the TLS configuration variable.
-
-*   no ("no" = no TLS)
-
-*   ifavailable
-
-*   required
-
- |
+| outbound_tls:outbound_tls | Indicates whether TLS was used or not | * SMTP ("SMTP" = no TLS)<br>* TLS<br>* unknown |
+| outbound_tls:outbound_tls_type | When TLS is being used, this matches the value of the TLS configuration variable. | * no ("no" = no TLS)<br> * ifavailable<br> * required |
 | outbound_tls:local_ip | IP address to which the message was sent | 1.2.3.4 |
-| outbound_tls:outbound_tls_cipher | Cipher suite for TLS session | 
-
-Currently, the cipher suite names are specific to the TLS library used and are different between OpenSSL and GNUTLS.
-
-*   For OpenSSL: ECDHE_RSA_AES_128_GCM_SHA256
-
-*   For GNUTLS: AES256-GCM-SHA384
-
- |
-| outbound_tls:outbound_tls_cipher_algbits | 
-
-*   For OpenSSL: outbound_tls_cipher_algbits returns the bits processed by chosen algorithm.
-
-*   For GNUTLS: outbound_tls_cipher_algbits returns the key size.
-
- |   |
-| outbound_tls:outbound_tls_cipher_usebits | 
-
-*   For OpenSSL: outbound_tls_cipher_usebits returns the secret bits used by chosen cipher.
-
-*   For GNUTLS: outbound_tls_cipher_usebits returns the key size.
-
- |   |
-| outbound_tls:outbound_tls_protocol | TLS/SSL protocol version string | 
-
-*   For OpenSSL: TLSv1.2
-
-*   For GNUTLS: TLS1.2
-
- |
-| outbound_tls:outbound_tls_verified | Whether the certificate passed verification (including subject verification) | 
-
-*   verified
-
-*   unverified
-
- |
+| outbound_tls:outbound_tls_cipher | Cipher suite for TLS session | For OpenSSL: ECDHE_RSA_AES_128_GCM_SHA256<br> For GNUTLS: AES256-GCM-SHA384 |
+| outbound_tls:outbound_tls_cipher_algbits | For OpenSSL: outbound_tls_cipher_algbits returns the bits processed by chosen algorithm.<br> For GNUTLS: outbound_tls_cipher_algbits returns the key size. |   |
+| outbound_tls:outbound_tls_cipher_usebits | For OpenSSL: outbound_tls_cipher_usebits returns the secret bits used by chosen cipher.<br> For GNUTLS: outbound_tls_cipher_usebits returns the key size. |   |
+| outbound_tls:outbound_tls_protocol | TLS/SSL protocol version string | For OpenSSL: TLSv1.2<br> For GNUTLS: TLS1.2 |
+| outbound_tls:outbound_tls_verified | Whether the certificate passed verification (including subject verification) | * verified<br>* unverified |
 | outbound_tls:outbound_tls_issuer | Issuer from TLS certificate | ca.test.messagesystems.com |
 | outbound_tls:outbound_tls_subject | Subject from TLS certificate | server.ectest.examplecompany.com |
 

diff --git a/content/momentum/4/config/tls-ciphers.md b/content/momentum/4/config/tls-ciphers.md
@@ -1,5 +1,5 @@
 ---
-lastUpdated: "03/26/2020"
+lastUpdated: "09/26/2023"
 title: "tls_ciphers"
 description: "tls ciphers specify allowable ciphers for TLS inbound and outbound sessions TLS Ciphers DEFAULT NORMAL Configuration Change Support for GNUTLS is available as of version 4 1 for SMTP reception and SMTP deliveries only This option specifies the allowable ciphers for a TLS session The allowable ciphers must be a..."
 ---
@@ -18,7 +18,7 @@ tls_ciphers — specify allowable ciphers for TLS inbound and outbound sessions
 
 **Configuration Change. ** Support for GNUTLS is available as of version 4.1 for SMTP reception and SMTP deliveries only.
 
-This option specifies the allowable ciphers for a TLS session. The allowable ciphers must be a subset of the available ciphers on the host system.
+This option specifies the allowable ciphers for a TLS session using TLSv1.2 or below. The allowable ciphers must be a subset of the available ciphers on the host system.  For TLSv1.3, see [tlsv13_ciphersuites](/momentum/4/config/tls-v13_ciphersuites).
 
 **OpenSSL**
 

diff --git a/content/momentum/4/install-upgrade-packages.md b/content/momentum/4/install-upgrade-packages.md
@@ -4,9 +4,10 @@ title: "Install / Upgrade the Packages"
 description: "The installation and upgrade instructions in Chapters 8 through 11 are only applicable in their entirety for Momentum 4 x releases prior to 4 2 28 For release 4 2 28 and beyond please refer to the installation and upgrade PDF documents available under the desired release's folder on the..."
 ---
 
-### Warning
+| **WARNING** |
+| -- |
+| **The installation and upgrade instructions in this section are only applicable in their entirety for Momentum 4.x releases prior to 4.2.28.** For release 4.2.28 and beyond, please refer to the installation and upgrade PDF documents available under the desired release's folder on the Message Systems Support website's [Downloads page](https://support.messagesystems.com/start.php/). If you are uncertain as to which document is applicable to your situation, please contact your technical support representative.|
 
-**The installation and upgrade instructions in Chapters 8 through 11 are only applicable in their entirety for Momentum 4.x releases prior to 4.2.28.**                                                                                                                                                 For release 4.2.28 and beyond, please refer to the installation and upgrade PDF documents available under the desired release's folder on the Message Systems Support website's [Downloads page](https://support.messagesystems.com/start.php/). If you are uncertain as to which document is applicable to your situation, please contact your technical support representative.
 
 Ensure that you are in the `/var/tmp/momentum-4.2.1.50062` directory, then install the appropriate packages on each node type, as directed in the following steps.
 

diff --git a/content/momentum/4/new-installation.md b/content/momentum/4/new-installation.md
@@ -5,9 +5,10 @@ description: "The installation and upgrade instructions in Chapters 8 through 11
 ---
 
 
-### Warning
+| **WARNING** |
+| -- |
+| **The installation and upgrade instructions in this section are only applicable in their entirety for Momentum 4.x releases prior to 4.2.28.** For release 4.2.28 and beyond, please refer to the installation and upgrade PDF documents available under the desired release's folder on the Message Systems Support website's [Downloads page](https://support.messagesystems.com/start.php/). If you are uncertain as to which document is applicable to your situation, please contact your technical support representative.|
 
-**The installation and upgrade instructions in Chapters 8 through 11 are only applicable in their entirety for Momentum 4.x releases prior to 4.2.28.**                                                                                                                                                 For release 4.2.28 and beyond, please refer to the installation and upgrade PDF documents available under the desired release's folder on the Message Systems Support website's [Downloads page](https://support.messagesystems.com/start.php/). If you are uncertain as to which document is applicable to your situation, please contact your technical support representative.
 
 This section documents the installation procedures for use in either a local or Amazon Web Services (AWS) environment. This installation can be scaled for a variety of installation configurations, including singlenode, a cluster with three combined Platform and Analytics nodes, and two-tiered topologies that have multiple Platform and multiple, separate Analytics nodes.
 

diff --git a/content/momentum/4/upgrade-single-node.md b/content/momentum/4/upgrade-single-node.md
@@ -5,9 +5,10 @@ description: "The installation and upgrade instructions in Chapters 8 through 11
 ---
 
 
-### Warning
+| **WARNING** |
+| -- |
+| **The installation and upgrade instructions in this section are only applicable in their entirety for Momentum 4.x releases prior to 4.2.28.** For release 4.2.28 and beyond, please refer to the installation and upgrade PDF documents available under the desired release's folder on the Message Systems Support website's [Downloads page](https://support.messagesystems.com/start.php/). If you are uncertain as to which document is applicable to your situation, please contact your technical support representative.|
 
-**The installation and upgrade instructions in Chapters 8 through 11 are only applicable in their entirety for Momentum 4.x releases prior to 4.2.28.**                                                                                                                                                 For release 4.2.28 and beyond, please refer to the installation and upgrade PDF documents available under the desired release's folder on the Message Systems Support website's [Downloads page](https://support.messagesystems.com/start.php/). If you are uncertain as to which document is applicable to your situation, please contact your technical support representative.
 
 <a name="idp401488"></a> 
 

diff --git a/content/momentum/4/upgrade-two-tier-configuration-rolling.md b/content/momentum/4/upgrade-two-tier-configuration-rolling.md
@@ -5,9 +5,9 @@ description: "The installation and upgrade instructions in Chapters 8 through 11
 ---
 
 
-### Warning
-
-**The installation and upgrade instructions in Chapters 8 through 11 are only applicable in their entirety for Momentum 4.x releases prior to 4.2.28.**                                                                                                                                                 For release 4.2.28 and beyond, please refer to the installation and upgrade PDF documents available under the desired release's folder on the Message Systems Support website's [Downloads page](https://support.messagesystems.com/start.php/). If you are uncertain as to which document is applicable to your situation, please contact your technical support representative.
+| **WARNING** |
+| -- |
+| **The installation and upgrade instructions in this section are only applicable in their entirety for Momentum 4.x releases prior to 4.2.28.** For release 4.2.28 and beyond, please refer to the installation and upgrade PDF documents available under the desired release's folder on the Message Systems Support website's [Downloads page](https://support.messagesystems.com/start.php/). If you are uncertain as to which document is applicable to your situation, please contact your technical support representative.|
 
 <a name="idp1094736"></a> 
 

diff --git a/content/momentum/4/using-dkim.md b/content/momentum/4/using-dkim.md
@@ -1,11 +1,12 @@
 ---
-lastUpdated: "03/26/2020"
+lastUpdated: "09/26/2023"
 title: "Using DomainKeys Identified Mail (DKIM) Signatures"
 description: "Domain Keys Identified Mail DKIM is a mechanism that allows verification of the source and contents of email messages Using DKIM sending domains can include a cryptographic signature in outgoing email messages A message's signature may be verified by any or all MT As during transit and by the Mail..."
 ---
 
 
-DomainKeys Identified Mail (DKIM) is a mechanism that allows verification of the source and contents of email messages. Using DKIM, sending domains can include a cryptographic signature in outgoing email messages. A message's signature may be verified by any (or all) MTAs during transit and by the Mail User Agent (MUA) upon delivery. A verified signature indicates the message was sent by the sending domain and the message was not altered in transit. A signature that fails verification indicates the message may have been altered during transit or that the sender is fraudulently using the sending domain name. Unsigned messages contain no guarantee about the sending domain or integrity of the message contents. For more information about DKIM, see [draft-ietf-dkim-base-00](http://tools.ietf.org/html/draft-ietf-dkim-base-00).
+DomainKeys Identified Mail (DKIM) is a mechanism that allows verification of the source and contents of email messages. Using DKIM, sending domains can include a cryptographic signature in outgoing email messages. A message's signature may be verified by any (or all) MTAs during transit and by the Mail User Agent (MUA) upon delivery. A verified signature indicates the message was sent by the sending domain and the message was not altered in transit. A signature that fails verification indicates the message may have been altered during transit or that the sender is fraudulently using the sending domain name. Unsigned messages contain no guarantee about the sending domain or integrity of the message contents.
+For more information about DKIM, see [RFC 6376](https://www.rfc-editor.org/rfc/rfc6376.html).
 
 To determine subsequent handling of incoming email messages, service providers may use the success/failure of DKIM signature verification or the lack of a DKIM signature. The provider can drop invalid messages without impacting the final recipient, exposing the results of DKIM verification directly to the recipient, or exposing the lack of a signature directly to the recipient. Additionally, service providers may use signature verification as the basis for persistent reputation profiles to support anti-spam policy systems or to share with other service providers.
 
@@ -60,13 +61,13 @@ To control how OpenDKIM signing statistics are recorded, see [signing_stats](/mo
 
 ### <a name="using_dkim.generating"></a> Generating DKIM Keys
 
-The OpenSSL cryptography toolkit is used to generate RSA keys for DKIM. As an example, the following openssl commands are used to generate public and private keys for the domain `example.com` with a selector called `dkim1024`. Typically, the directory `/opt/msys/ecelerity/etc/conf/dkim` is used for key storage.
+The OpenSSL cryptography toolkit is used to generate RSA keys for DKIM. As an example, the following openssl commands are used to generate public and private keys for the domain `example.com` with a selector called `dkim2048`. Typically, the directory `/opt/msys/ecelerity/etc/conf/dkim` is used for key storage.
 
 ```
 # mkdir -p /opt/msys/ecelerity/etc/conf/dkim/example.com
-# openssl genrsa -out /opt/msys/ecelerity/etc/conf/dkim/example.com/dkim1024.key 1024
-# openssl rsa -in /opt/msys/ecelerity/etc/conf/dkim/example.com/dkim1024.key \
-        -out /opt/msys/ecelerity/etc/conf/dkim/example.com/dkim1024.pub -pubout -outform PEM
+# openssl genrsa -out /opt/msys/ecelerity/etc/conf/dkim/example.com/dkim2048.key 2048
+# openssl rsa -in /opt/msys/ecelerity/etc/conf/dkim/example.com/dkim2048.key \
+        -out /opt/msys/ecelerity/etc/conf/dkim/example.com/dkim2048.pub -pubout -outform PEM
 ```
 
 All DKIM verification implementations must support key sizes of 512, 768, 1024, 1536, and 2048 bits. A signer may choose to sign messages using any of these sizes and may use a different size for different selectors. Larger key sizes provide greater security but impose higher CPU costs during message signing and verification.
@@ -75,6 +76,8 @@ All DKIM verification implementations must support key sizes of 512, 768, 1024,
 
 Note that Google requires all senders to sign with a 1024 bit or greater DKIM key size.
 
+It is recommended that a key size of at least 2048 bits is used.
+
 The resulting public key should look similar to:
 
 ```
@@ -86,10 +89,10 @@ Q7jIOnF5fG9AQNd1UQIDAQAB
 -----END PUBLIC KEY-----
 ```
 
-Once the public and private keys have been generated, create a DNS text record for `dkim1024._domainkey.example.com`. The DNS record contains several DKIM "tag=value" pairs and should be similiar to the record shown below:
+Once the public and private keys have been generated, create a DNS text record for `dkim2048._domainkey.example.com`. The DNS record contains several DKIM "tag=value" pairs and should be similiar to the record shown below:
 
 ```
-dkim1024._domainkey.example.com. 86400 IN TXT
+dkim2048._domainkey.example.com. 86400 IN TXT
 "v=DKIM1; k=rsa; h=sha256; t=y; p=MHww...QAB"
 ```
 
@@ -117,7 +120,7 @@ Key type. This tag defines the syntax and semantics of the p= tag value. Current
 
 <dd>
 
-Hash algorithm. Currently, this tag should have the value "sha1" or "sha256".
+Hash algorithm. Currently, this tag should have the value "sha1" or "sha256".  Use of sha256 is strongly recommended.
 
 </dd>
 

diff --git a/content/momentum/changelog/4/4-6.md b/content/momentum/changelog/4/4-6.md
@@ -0,0 +1,21 @@
+---
+lastUpdated: "09/20/2023"
+title: "Momentum 4.6 Changelog"
+description: "Momentum 4.6 was released on 2023-10-TBD. This section will list all of the major changes that happened with the release of Momentum 4.6. Depending on installation type, all changes may not be applicable"
+---
+
+This section will list all of the major changes that happened with the release of **Momentum 4.6**. Depending on installation type, all changes may not be applicable
+
+<a name="changelog.4.6.table"></a>
+
+| Type | Ticket | Description |
+| --- | --- | --- |
+| Fix | SD-3601 | JSON syntax in message Subject can cause invalid JSON in message events |
+| Fix | SD-3756 | Fix age-based outbound_throttle_messages |
+| Fix | SD-3757 | Adaptive reset command doesn't work on not-recently-used domain |
+| Fix | SD-3758 | Adaptive does not enforce outbound_throttle_messages values < 1 |
+| Fix | SD-3977 | Positive adjustments of adaptive settings ignored until 12h has passed |
+| Fix | SD-4001 | Crash after reroute command |
+| Fix | SD-4009 | Crash with certain lengths of user:pwd in SMTP AUTH LOGIN |
+| Feature | SD-3947 | Support OpenSSL 1.1.1 and TLSv1.3 |
+| Feature | SD-3987 | Add configuration directives for TLSv1.3 ciphersuites |
diff --git a/content/momentum/changelog/4/index.md b/content/momentum/changelog/4/index.md
@@ -1,11 +1,12 @@
 ---
-lastUpdated: "05/08/2023"
+lastUpdated: "09/20/2023"
 title: "Category File"
 type: "custom"
 name: "Momentum 4.x Changelogs"
 description: "Momentum 4.x Changelogs"
 ---
 
+* [Momentum 4.6 Changelogs](/momentum/changelog/4/4-6)
 * [Momentum 4.4.1 Changelogs](/momentum/changelog/4/4-4-1)
 * [Momentum 4.4.0 Changelogs](/momentum/changelog/4/4-4-0)
 * [Momentum 4.3.1 Changelogs](/momentum/changelog/4/4-3-1)

diff --git a/content/momentum/navigation.yml b/content/momentum/navigation.yml
@@ -1965,6 +1965,8 @@
     - link: /momentum/changelog/4
       title: Momentum 4.x Changelog
       items: 
+        - link: /momentum/changelog/4/4-6
+          title: Momentum 4.6 Changelog
         - link: /momentum/changelog/4/4-4-1
           title: Momentum 4.4.1 Changelog
         - link: /momentum/changelog/4/4-4-0