[SECURITY] maddy 0.7.1

This release, among other fixes, includes the fix for the zero-day "SMTP smuggling" vulnerability. Detailed analysis: https://www.postfix.org/smtp-smuggling.html Until 0.7.1 maddy was a "email service B".

Fixes

• cfgparser: Do not interpet absolute paths relatively to the config dir (#592).
• target/remote: Fix isVerifyError not working correctly on Go 1.20 (#612).
• smtpconn/pool: Fix idle connections almost never cleaned up (#596).
• target/remote: Fix wrong DNS query type in DANE lookups for IPv6-only hosts (#631).
• [SECURITY] go-smtp: Mitigate SMTP smuggling issue (#661).
• endpoint/smtp: Detect cancelled rDNS lookup correctly (#626).
• check/spf: Handle empty MAIL FROM in accordance with RFC 7208.

Misc

• storage/imapsql: Add support for transpiled SQLite driver

Tests

• Fix cover_test.go deadlock on Go 1.20.

Distribution & packaging

• build.sh: Allow to run ./build.sh install without go command available (#569).
• dist/systemd: Ease umask restrictions, making files RW for maddy group (#569).
• dist/systemd: Depend on network-online.target (#617).

Documentation

• Improve Markdown formatting and grammar (#600, #614, #662).
• Fix a bunch of links being broken (#601, #602, #667).
• email_with_domains -> email_with_domain (#609, #613).
• Fix wrong SPF record suggestion (#640).
• Fix number of sigs for modifiers.dkim sign_fields (#643).
• Explicitly mention that referencing config block from global directive won't work.

maddy 0.7.0

New features

• Add NetAuth authentication integration.

NetAuth is a network identity and authentication provider meant
to be used as a LDAP replacement.

See https://www.netauth.org/about/ for details.

• Implement auth_map and storage_map at endpoint level.

This makes auth_map do what its name implies. Old auth_map in storage
module is deprecated and will be removed in the next release.

Now more options are supported for multiplie domain configurations.
See https://maddy.email/multiple-domains/ for details.

• table: Implement email_with_domains and email_localpart_optional module

Meant to be used with authentication and authorization configuration
to ensure correct(tm) email address parsing and formatting.

• Add IAM, AWS config, Minio config file credentials options for S3 storage.

• tls/acme: Add support for delegating DNS-01 challenge to a different domain (#588)

Fixes

• Remove references to man.5 from build.sh.
• Make graceful shutdown work correctly with OpenMetrics endpoint.
• auth/ldap: Fix "bind unauth" config directive parsing.
• auth/ldap: Send empty username by default when doing unauthenticated bind.
• auth/ldap: Fix connection pool leak (#546).
• auth/ldap: Fix STARTTLS support (PR #580).
• endpoint/smtp: Fix connection limit leak when FROM:<> is used (PR #561).
• Improve domain validation function (#554).
• Use dev versions of libdns modules (#461).
• storage/imapsql: Fix messages without \Recent flag not being displayed (#549).
• storage/imapsql: Increase open mailbox limit to 100k.

Documentation

• Fix a lot of typos.
• Add description of dkim key algorithym ed25519.
• Improve documentation of how delivery_map is supposed to be used for custom
  authentication support.
• Replace maddyctl with maddy.
• Improve authorize_sender documentation

maddy 0.6.3

This release does not include most changes from master branch (intended to become 0.7) and is instead based on 0.6.2.

Bugfixes

• [security] Fix authentication bypass if SASL authorization username is used (GHSA-4g76-w3xw-2x6w, CVE-2023-27582).

maddy 0.6.2

Bugfixes

• Fix empty IMAP folders being shown sometimes (#512)
• Fix maddyctl imap-msgs lists crash (#509)
• Fix maddyctl imap-msgs remove being no-op (#510)
• pass_table: fix user hash creation (#507)

Docs

• Update Arch repository and Docker instructions links

Misc

• cli: Warn about upcoming --uid=true change

maddy 0.6.1

⚠️ Release is recalled due to severe issues. Use 0.6.2 instead.

Bugfixes

• Fixed missing IMAP IDLE capability, again... (#504)
• Fixed broken storage.imapsql schema upgrade

Broken storage.imapsql schema upgrade

If you happen to run 0.6.0 and got error about schema being
too old, you need to run the following SQL query on your imapsql.db
before you will be able to use 0.6.1:

UPDATE schema_version SET version = 6;

maddy 0.6.0

⚠️ Release is recalled due to severe issues. Use 0.6.2 instead.

Breaking changes

• check: Remove require_matching_echo (deprecated in 0.5) (#280)
• modify/dkim: Remove require_sender_match from code (#465)

New features

• maddyctl and maddy executables are merged

To start the server: maddy run ...
Other maddyctl subcommands are available
similiarly: maddy imap-acct, etc

• Support 1-N recipient address expansion (#401)

For example, when using table.regexp:

replace_rcpt regexp "root@(.+)" "admin1@$1" "admin2@$1"

Or table.file:

[email protected]: [email protected], [email protected]

For SQL-based tables, just add multiple rows with the same key (address to be replaced).

• Add more placeholders for imap_filter (PR #449)

{rcpt_to} (SMTP RCPT TO), {original_rcpt_to} (SMTP RCPT TO before any local rewrites), {subject}.

• storage/imapsql: Add support for using PostgreSQL broker for updates

It is used automatically, so now it is safe run multiple maddy server instancesusing the same PostgreSQL DB.

Bugfixes

• Migrate to go-imap v2 (#188)

go-imap v2 is my fork of emersion/go-imap library that makes
massive changes to the server code.

In particular, it fixes long-standing issue of update handling
being non conforming to RFC 3501.

• check/spf: Fix "lookup limit reached" for some conforming records (#487)
• cmd/maddyctl: Fix --argon2-time setting memory instead of time (PR #502)
• check/spf: Ignore SPF permerr and temperr by default (#485)
• Move closing the default logger after printing configuration errors
• Fix TLS Internal Error caused by SNI-unuware clients when ACME is used (#467)

Documentation changes

• docs: Add Docker-specific documentation
• docs: Convert manual pages into per-module Markdown pages

Misc

• Go 1.17 is required now
• Dockerfile: Use TLS filenames same as certbot (#350)
• Dockerfile: Put Docker-specific config in the repo
• ci: Set OCI labels in built Docker image
• ci: Use docker buildx and qemu to build ARM64 images (#404)

maddy 0.5.4

Bugfixes

• auth/pam: Fix double-free crash (GH #272)
• [security] auth/pam: Check for account/password expiry (GHSA-6cp7-g972-w9m9)
• endpoint/smtp: Fix incoming message log record having no msg_id

maddy 0.5.3

Docker image changes

maddy image is now also available at ghcr.io registry:

docker pull ghcr.io/foxcpp/maddy:0.5

Currently this is just an experiment, we are not sure if we will fully migrate to it.

Image tags no longer include v prefix with the exception of v0.5 still being updated to maintain compatibility for people that use this tag.

docker pull foxcpp/maddy:0.5.3 # instead of foxcpp/maddy:v0.5.3

Bug fixes

• Fix errors from LMTP downstream being ignored (#453)
• Make it possible to use dovecot_sasl auth with TCP sockets (#450, thanks @jonlundy)
• Fix MAIL after STARTTLS causing panic
• Fix IMAP IDLE capability missing (#446)

Misc

• Add target.remote force_ipv4 option (#442, thanks @delthas)

maddy 0.5.2

Bug fixes

• Correctly apply Read Timeout to implicit TLS handshake
• [security] auth/shadow: Remove support for MD5-based hashes
• check/spf: Print "deferred" message only if SPF check failed

maddy 0.5.1

Bug fixes

• table/sql_table: Fix incorrect for PostgreSQL type being used in table creation (GH #386)
• endpoint/smtp: Fix limitedReader causing message body read to loop forever (GH #403, GH #389)
• storage/blob/s3: Fix PutObject goroutines leaking if message write is aborted (GH #395)
• storage/blob/s3: Force a smaller PartSize when blob size is unknown (GH #395)
• storage/blob: Pass blobSize to go-imap-sql (GH #395)
• storage/blob/s3: Correctly handle PutObject errors (GH #387)

Misc

• libdns: Add namecheap provider (GH #392)

Added only if maddy is built with Go 1.16.

• Add postmaster address rewrite back to default config (GH #384)