Carview!

CARVIEW

MOTORHOMES

Select Language

HTTP/2 200 date: Tue, 29 Jul 2025 21:43:21 GMT content-type: application/atom+xml; charset=utf-8 content-length: 147099 vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With etag: W/"e637a21a325fe600fa1ba0bad5eaec34" cache-control: max-age=0, private, must-revalidate strict-transport-security: max-age=31536000; includeSubdomains; preload x-frame-options: deny x-content-type-options: nosniff x-xss-protection: 0 referrer-policy: no-referrer-when-downgrade content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/ server: github.com accept-ranges: bytes set-cookie: _gh_sess=5nc2bV7M4XbKhNrcU8MxwZ988U42q3%2FJwaJIsK321E8z14AVFCj%2F22ObaZ35Hs80t7r%2B0U0XTOiU%2Bb0lVut4pWl7uk%2FKsA3T0IzMenmkfgYegmzhKbpF4TiFfcg%2FSFWlGBch0GPqnWrwxcJgHmv%2FSxEEDyOWozM53XbCzFw4jvFMjAmt0f%2BKrxbBkEHMSU5sQJiMMZvOd2%2B222C1YrPYcv%2FjK%2FfJrjBdEEZEDqtRLkmTfjSoKXNGbW4vKpsQ%2FPOkcOVGja8OoiCDFtjLPYSfEw%3D%3D--9G9FF%2BeyYe07fDBy--1VONQihHfs8ErZ%2BPblRIaQ%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax set-cookie: _octo=GH1.1.1880572711.1753825400; Path=/; Domain=github.com; Expires=Wed, 29 Jul 2026 21:43:20 GMT; Secure; SameSite=Lax set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Wed, 29 Jul 2026 21:43:20 GMT; HttpOnly; Secure; SameSite=Lax x-github-request-id: D0D6:136EFA:1033C43:1358846:68894078 tag:github.com,2008:https://github.com/mjl-/mox/releases Tags from mox 2025-04-18T19:25:54Z tag:github.com,2008:Repository/595136650/v0.0.15 2025-04-18T19:47:02Z v0.0.15 v0.0.15 New features - Implement IMAP NOTIFY extension from RFC 5465. Where IDLE is for monitoring a single mailbox, NOTIFY allows monitoring many/all mailboxes in an account at once. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/8bab38eac4c543fef3e6d008d7d720e6a30484c0"><tt>8bab38e</tt></a>) - Implement IMAP UIDONLY extension, RFC 9586, greatly reducing data accounting and memory use for IMAP connections (once clients support it). (<a class="commit-link" href="https://github.com/mjl-/mox/commit/507ca73b96ac0a5af16047a6e6e9dd707e8d784a"><tt>507ca73</tt></a>) - Implement IMAP MULTISEARCH extension, searching multiple mailboxes with a single command. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/479bf291248947db02553a963f9e9162be9665fa"><tt>479bf29</tt></a>) - Implement IMAP PREVIEW extension (RFC 8970), and store previews in the message database. Automatically generated and stored on first request for existing messages, or during delivery for new messages. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/aa631c604c1922d0eef8e2a2227c58310c759cb8"><tt>aa631c6</tt></a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/6ab31c15b79879200fa67ae040a35847a823aa25"><tt>6ab31c1</tt></a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/3ac38aacca279219f420dd64f7ee119e06aa7208"><tt>3ac38aa</tt></a>) - Implement IMAP REPLACE extension, RFC 8508, used for replacing drafts as they are typed. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/92a87acfcbb550b12e16dc6676bc73a0a007ef0f"><tt>92a87ac</tt></a>) - Implement MULTIAPPEND extension, RFC 3502, for appending multiple messages in a single command, useful for importing messages into a mailbox. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/78e0c0255f8d4bfb225cfca4325f2050895d5920"><tt>78e0c02</tt></a>) - Implement IMAP METADATA extension, RFC 5464 (<a class="commit-link" href="https://github.com/mjl-/mox/commit/f30c44eddb208ef871b96d6789a47ea1a8fc987a"><tt>f30c44e</tt></a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/28091364514efe0080aabad2acfdacffa14cb38f"><tt>2809136</tt></a>, <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/290">#290</a>) - Implement RFC 9590, returning metadata in the IMAP extended list command (<a class="commit-link" href="https://github.com/mjl-/mox/commit/0ed820e3b084e1d1cbd4e95a5457692519694108"><tt>0ed820e</tt></a>) - Implement IMAP "INPROGRESS" response code (RFC 9585) for keepalive and progress reportng during long search. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/cc5e3165eaf6ed3abe8b2eb8b79d0b9bcdfcabc0"><tt>cc5e316</tt></a>) - Announce support for IMAP NAMESPACE extension in imap capabilities line. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/95d2002e776213df40c3e576acc6f1bc62ff04fd"><tt>95d2002</tt></a>) - Implement IMAP WITHIN extension, RFC 5032, for additional search command criteria. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/5e4d80d48e1d33843f6a95aa26cfbc320f1f8f6e"><tt>5e4d80d</tt></a>) - Implement IMAP CREATE-SPECIAL-USE extension for the mailbox create command, part of RFC 6154. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/dcaa99a85c0021d1c4aa0ddd7d199b730097b643"><tt>dcaa99a</tt></a>) - Implement IMAP SAVEDATE extension, RFC 8514. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/7288e038e67fa877a8a568ff67cfd850f07bbbf3"><tt>7288e03</tt></a>) - Keep track of login attempts, both successful and failures. Now shown in account and admin interfaces. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/1277d78cb1a0daa1825e4f470e3bd8ec59b6de90"><tt>1277d78</tt></a>) - Add config domain option for multiple localpart catch all separators, e.g. both "+" and "-", for addresses you+anything@example.com and you-anything@example.com. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/301">#301</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/9a8bb1134b1b358a600e313477e7ef54a5b411ec"><tt>9a8bb11</tt></a>) - Add account config option to prevent the account for setting their own custom password, only allowing mox to generate a new password, and enable by default for new accounts. Should prevent password reuse and users picking weak passwords, but does not prevent password phishing. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/286">#286</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/3e53abc4dbed4e6d72733ea1a25b22cd7a55ceb9"><tt>3e53abc</tt></a>) - Add config options to disable a domain and to disable logins for an account. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/175">#175</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/2d3d726f058067bc0be94d8a7c9f8b0a6cbcdae5"><tt>2d3d726</tt></a>) - Add account config option to reject incoming deliveries with an error during the smtp transaction. Useful for rejecting deliveries to specific addresses when a catchall is configured. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/156">#156</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/3e2695323c1e80ada525514c9da47c8b5d8b5486"><tt>3e26953</tt></a>) - webmail: Add buttons to download a message as eml, and export 1 or more messages as mbox/maildir in zip/tgz/tar, like for entire mailboxes. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/a5d74eb7185ccf7fc4f578aed9830473b3837312"><tt>a5d74eb</tt></a>) - webmail: Add button to create a mailbox below another one, for convenience. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/ef77f58e086b8dba1705d03382ad8354be138384"><tt>ef77f58</tt></a>) - webmail: Add button to mark a mailbox and its children as read. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/ad26fd265d58fd3de358dce916eb76ce1de49203"><tt>ad26fd2</tt></a>) Improvements - Write base64 message parts with 76 data bytes on a line instead of 78, as required by RFC 2045 (MIME). The 78 byte lines work as well, except that SpamAssassin gives them a higher spam score. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/69d2699961683d7325a7e86c5d056f169d10894d"><tt>69d2699</tt></a>) - Change "mox backup $destdir" from storing only data files to $destdir to storing them under $destdir/data and now also copying config files, to $destdir/config. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/150">#150</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/76e96ee673f83be3566fd8d2a252a32eaf920c0d"><tt>76e96ee</tt></a>) - quickstart: Check if domain was registered recently using RDAP, and warn about potential deliverability issues. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/2f0997682beb5c655cdc22a384cf929dbf080ab5"><tt>2f09976</tt></a>) - Hide version number from smtp banner and imap ID command response (when unauthenticated), and web interfaces. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/68729fa5a31223b949785ccfb7edbe5fe0bf15dc"><tt>68729fa</tt></a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/3a3a11560e1770db8f38598fd666080cb5575ce8"><tt>3a3a115</tt></a>, <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/322">#322</a>) - When adding a new domain, only set up RSA DKIM keys, not ed25519. The ed25519 key is causing admin confusion due to many other mail servers not recognizing the keys and sending DMARC reports containing unhelpful DKIM verification errors. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/299">#299</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/2fc75b5b7b7baff2565407b4c106af9a1a861c9c"><tt>2fc75b5</tt></a>) - webmail: Reconnect automatically in more cases, changing the "stop reconnection automatically" period from 10 minutes to 5 seconds. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/5dcf67476166ddfcb6b2fdc3f76d0ffb4e8074e3"><tt>5dcf674</tt></a>) - webmail: For "cid"/content-id's used in html, look for them in all other parts, not just when there is a multipart/related in the message. Fixes displaying messages sent by the gmail app, which sends messages with a MIME form of multipart/mixed containing text/html and image/jpeg. We were only resolving "cid"s in multipart/related, now we resolve them anywhere in the message. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/327">#327</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/462568d878e7a1df5c7f2b018a8cef29117d8319"><tt>462568d</tt></a>) - Add support for negotiating IMAP and SMTP on the HTTPS port 443 using TLS ALPN "imap" and "smtp". Intended for future use with chatmail servers. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/pull/255">#255</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/3c77e076e228881ca4bed78a213abfd74e364ea6"><tt>3c77e07</tt></a>) - imapserver: Return all the optional extensible fields for "fetch" attribute "bodystructure", notably for content-disposition. Makes the gmail apps show image attachments properly, instead of rendering the image bytes as (garbled) text. This requires reparsing all messages, which is done automatically, in the background, on first account open after the upgrade (<a class="commit-link" href="https://github.com/mjl-/mox/commit/2defbce0bc05d93c6c4c63f1d2f8d545879d311b"><tt>2defbce</tt></a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/31c22618f5de84547906ab3734e0c9d5fa0e32f9"><tt>31c2261</tt></a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/07533252b33b01366eb2b3efda28c930eca59deb"><tt>0753325</tt></a>, <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/327">#327</a>, <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/217">#217</a>) - webmail: When composing, no longer remove the last remaining To address with the ctrl+backspace shortcut. Too easy to trigger accidentally, almost never done intentionally. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/70aedddc90963150c24750696bae467932adf7f8"><tt>70aeddd</tt></a>) - Improve expunged message/UID tracking in IMAP sessions, track synchronization history for mailboxes/annotations. We now delay removing message files from disk until the last reference in any session goes away (e.g. after sending an IMAP EXPUNGE/VANISHED response to all connected IMAP clients with the mailbox open). (<a class="commit-link" href="https://github.com/mjl-/mox/commit/577944310cb6b651716d184ae4afa449117330f7"><tt>5779443</tt></a>) - When removing an account, wait until the last account reference has gone away before removing the account files. We store intent to remove in the database, until we get to it, possibly at next startup in case of sudden shutdown. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/ac4b006ecd917a13f44a3ccda0f820c22da3f167"><tt>ac4b006</tt></a>) - imapserver: Don't keep account write-locked during IMAP FETCH command, for responsiveness during large mailbox syncs. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/128">#128</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/b822533df31d3b8b0f12827e295226d0c5e539e3"><tt>b822533</tt></a>) - Add prometheus metrics for errors when getting certificates through ACME (typically from let's encrypt), and add alerting rule. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/e5e15a3965c2b811bac72326166ee679ccb02d8c"><tt>e5e15a3</tt></a>) - webmail: When forwarding a message, include the subject,date,from,reply-to,to,cc headers in the message (<a class="commit-link" href="https://github.com/mjl-/mox/commit/1c4bf8909c455d3c8fc6beecd8b1d8813664bf8f"><tt>1c4bf89</tt></a>) - Also unicode-normalize usernames (email addresses) when logging into the imapserver and webapps. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/c7354cc22b2241ebc7a51a52d1054e7fc7c7765b"><tt>c7354cc</tt></a>) - When delivering over smtp, do not require the other server to announce the 8bitmime extension for 8-bit data unless in pedantic mode. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/pull/287">#287</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/46c1693ee9353fb1838ca0fb8c3ec81874f21823"><tt>46c1693</tt></a>) - Do not use results from junk filter if we have less than 50 positive classifications to base the decision on. Useful for new accounts, we don't want to start rejecting incoming messages when there's too little information to decide. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/64">#64</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/6aa2139a54c91700894cf6796b9e5cdc885138eb"><tt>6aa2139</tt></a>) - Admin check: Do not raise error when forward-confirmed reverse dns does not match hostname. Probably relatively common with setups involving NAT. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/239">#239</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/acc1c133b022c6759686b0258cb4ff4cde7df522"><tt>acc1c13</tt></a>) - Add config option to an account destination to reject messages that don't pass a dmarc-like aligned spf/aligned dkim check. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/6da5f8f586ac57a0932e33af8a58122f5874b795"><tt>6da5f8f</tt></a>) - cli: Add subcommand "mox admin imapserve $preauthaddress", for admins to open a preauthenticated imap connection for an account, even if it is disabled for logins (useful for migrations). (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/175">#175</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/49e2eba52bb026e163d128f1bc17ceea0b4966f1"><tt>49e2eba</tt></a>) - webmail: In message view, under More, add button to open currently displayed part (either text or html) as raw text (but decoded if in base64/quoted-printable/etc). (<a class="commit-link" href="https://github.com/mjl-/mox/commit/008de1cafb3474df58f8704e59a1b92bb5e0eae2"><tt>008de1c</tt></a>) - cli: Add subcommand "mox config account list", printing all accounts and whether they are disabled. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/1b2b152cb5d3bed205861d07ea479514a6c7ff03"><tt>1b2b152</tt></a>) - For the web interfaces, ensure the effective configured http paths end in a slash to prevent 404's and/or errors accessing the web interfaces, preventing admin confusion. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/325">#325</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/3e128d744e7fc7466638aa3367e54ab8a9c180a0"><tt>3e128d7</tt></a>) Bug fixes - smtp: Add data reader fuzzer + fix OOB read. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/f10bb2c1ae22c959a9b782461e5cdd330de51c12"><tt>f10bb2c</tt></a>) - webmail: When completing a recipient address, quote the "name" if necessary for proper interpretation. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/305">#305</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/1c58d382803ccec1be80b020799ee3034a79df9b"><tt>1c58d38</tt></a>) - After queueing a message in the web api's, prevent context cancelation (e.g. aborted http connections) from completing the operation in full. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/b37faa06bdd2a433f7ee1e2a09a8a75b14024887"><tt>b37faa0</tt></a>) - smtpserver: In localserve mode, don't reject messages "From" domain "localhost" if localhost doesn't resolve to an IP through DNS. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/d0b241499fc373bc6043d3ae86e27600ce86d56e"><tt>d0b2414</tt></a>) - webserver: Don't raise a 500 server error for static file requests with overlong names. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/aa2b24d861fd5635ea2a6f5be2977b14eb68d57b"><tt>aa2b24d</tt></a>) - webmail: Fix parsing search filter "start:<date>" and "end:<date>". (<a class="commit-link" href="https://github.com/mjl-/mox/commit/091faa8048e0ba9fa15c710931166dfefee4e08d"><tt>091faa8</tt></a>) - webmail: Fix dark mode, broken since v0.0.14. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/278">#278</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/d08e0d3882dda12f9e6318301c2ed4bbe3ef57dd"><tt>d08e0d3</tt></a>) - webmail: Fix nil pointer dereference when searching for attachment types, eg "a:spreadsheet" (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/272">#272</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/0203dfa9d981d016c2574ff793358a192d374ff8"><tt>0203dfa</tt></a>) - imapserver: Return proper response for FETCH of "BODY[1.MIME]" where 1 is a message (<a class="commit-link" href="https://github.com/mjl-/mox/commit/39c21f80cd319474b62519f95c5bb7e25ecf1346"><tt>39c21f8</tt></a>) - imapserver: Properly accept literal8 for APPEND, since we claim to implement the BINARY extension (<a class="commit-link" href="https://github.com/mjl-/mox/commit/88a68e91439da4efb8d24d74bc235e5b039b0c6e"><tt>88a68e9</tt></a>) - In domain/dns self-check, for unused services, check in SRV records that port is 0 like how we told users to configure it and fix checking for errors during srv lookups, and show the value we got but didn't expect; show config snippet for HostTLSRPT if it isn't configured; don't warn about reverse dns resolving to multiple names. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/9dff879164b3c9da4a32138b1bf2631922eb1ee5"><tt>9dff879</tt></a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/3d0dc3a79db894f043b208051a0a1dd21b216cbd"><tt>3d0dc3a</tt></a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/6f678125a56d08045abb4863fd46b3a8a9da779d"><tt>6f67812</tt></a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/1d6f45e592290b9e46057a51c1fa23183b1e8161"><tt>1d6f45e</tt></a>) Update procedure Before upgrading, do a dry-run first. - Make a temporary backup with the old mox version: `mox-v0.0.14 backup data/tmp/testupgrade` - Verify that all is well with the old version: `mox-v0.0.14 verifydata data/tmp/testupgrade` - Verify the state with the new version: `mox-v0.0.15 verifydata data/tmp/testupgrade` With a successful dry-run, the upgrade should go smoothly. Make a new backup again with `mox-v0.0.14 backup data/tmp/backup` (the previous backup was modified by the dry-run, so couldn't be used to restore!), replace the binary and restart. For further details, see <a href="https://www.xmox.nl/faq/#hdr-how-do-i-upgrade-my-mox-installation">https://www.xmox.nl/faq/#hdr-how-do-i-upgrade-my-mox-installation</a> If you run into any problems, please create a bug report. Manual update actions Additional manual actions to consider: - You may want to modify your backup scripts: "mox backup" now writes a data/ and config/ directory to the backup destination directory. Previously it only wrote data files, directly to the backup destination directory. - You may want to disable signing with ed25519 DKIM keys to reduce noise in DMARC reports from other mail servers that often don't understand ed25519 keys. Make sure you do keep signing with an RSA key. - You may want to add the new prometheus alerting rule for "mox_autotls_cert_request_errors_total", alerting on errors when fetching/refreshing certificates with ACME. See prometheus.rules in the mox repository. Thanks Thanks to everyone on irc/matrix/slack and the issue tracker for providing feedback, and asking & answering questions. Much appreciated! In particular: ulrichwisser, eric l, kjetilho, Myp3a, mattfbacon, janc13, dstotijn, Eygem, martin, rawtaz, ilijamt, skyguy, mattanja, BlankEclair, gdunstone, unguamorray, DanielG, RobSlgm, ally9335, x8x, exander77, s0ph0s-dog, odama626, wneessen, omartijn, sam-willsey, QuadrupleA, hrstoyanov, mtgxx, martinjanda, shleeable, haraldrudell, and more. If you have open bug reports/issues mentioned in this release, please verify the issue is resolved and either close the issue or write a comment. Thanks! Special thanks to NLnet foundation for sponsoring development. mjl- tag:github.com,2008:Repository/595136650/v0.0.14 2025-01-20T12:17:54Z v0.0.14 v0.0.14 New features - Implement TLS client certificate authentication using their public keys (not other certificate properties, so no name/expiration/constraint validation). Accounts can add multiple TLS public keys, e.g. one for each mail client. For use with SMTP/IMAP and the "external" SASL authentication mechanism. IMAP "preauth" is enabled with TLS certificate authentication, but can be disabled per key. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/8804d6b60ec058e9584c03384a04a93e102d63ba"><tt>8804d6b</tt></a>) Improvements - quickstart: Write all output to a file "quickstart.log" for later reference (<a class="commit-link" href="https://github.com/mjl-/mox/commit/2255ebcf11869c936c2c49db7527e12a5cf8003e"><tt>2255ebc</tt></a>) - smtpserver: Add an option for the smtp delivery listener to enable/disable tls session tickets. (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/237">#237</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/e59f894a94c21347d1c3e70d72375926e00850da"><tt>e59f894</tt></a>) - smtpserver: Add prometheus metric and alerting rule for failing starttls handshakes for incoming deliveries. (related to issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/237">#237</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/afb182cb14def32987f11200539806af83bb30c5"><tt>afb182c</tt></a>) - webmail: Split pasted address into multiple address, by commas. (PR <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/pull/252">#252</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/501f594a0af59a0cf56a62f731bc627a078045f0"><tt>501f594</tt></a>) - Clarify that "aliases" are more small-scale lists, not additional addresses for an account. And make "public posting" the default for new aliases. (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/244">#244</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/0e338b0530c35da21dd80e84b80c793eb9e236b8"><tt>0e338b0</tt></a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/cbe418ec593442cc6d59707b6831b1f4a8070dbf"><tt>cbe418e</tt></a>) - smtpserver: When doing slow writes due to spammy incoming delivery, try a bit harder to prevent a timeout for the other side (if it is mox/itself!) (<a class="commit-link" href="https://github.com/mjl-/mox/commit/5a14a5b067ac10d4883906d15755e24c8bb25a4a"><tt>5a14a5b</tt></a>) - quickstart: For -existing-webserver, also add tls key/cert placeholder for mail.$domain. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/5320ec1c5bc8aa50d73b3770874f8f10ddbd7349"><tt>5320ec1</tt></a>) - Do not try to get a tls cert for autoconfig.<domain> at startup if there is no listener with autoconfig enabled. Reduces needless logging in setups that don't use autoconfig. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/35af7e30a6ad3c20a09692d9c568cd7fe4caac50"><tt>35af7e3</tt></a>) - "mox retrain" command: Make the "account" parameter optional, retraining all accounts when absent. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/94fb48c2dc022c761725cbb02184e151e04f4a8d"><tt>94fb48c</tt></a>) - webmail: Move config options for showing keyboard shortcuts and for showing additional headers from localstorage to the settings popup, storing their values on the server. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/3f727cf38094e69a99f15b455e995b735b85c53a"><tt>3f727cf</tt></a>) - webmail: Don't bind to shortcuts ctrl-l, ctrl-u and ctrl-I since they are commonly used in browsers. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/4d3c4115f823272fa6069349838a4c042ddf2f78"><tt>4d3c411</tt></a>) - webapi: Add Content-Disposition and Filename to the payload of incoming webhooks (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/258">#258</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/42793834f8b6112a40e0ee9508c40c6e1798d23d"><tt>4279383</tt></a>) - Add ability to include custom CSS & JS in web interfaces (webmail, webaccount, webadmin), and use css variables in webmail for easier customization. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/96d86ad6f1e6ede1a31ddaeecb02666cd553dcac"><tt>96d86ad</tt></a>, related to issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/114">#114</a>) - webmail: When marking message as unread, also clear its (non)junk flags (<a class="commit-link" href="https://github.com/mjl-/mox/commit/1f604c6a3db41edb248ec914c44f78aaf8731cf6"><tt>1f604c6</tt></a>) - webaccount: Update text about opening apple mobileconfig profile files, it has gotten harder to use in iOS18. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/636bb91df6d827187d358dd1198d56765a9ec222"><tt>636bb91</tt></a>) - admin: Better handling of disabled MTA-STS during self-check. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/7f5e1087d42d5d7bf57649c5c6a2155c3706ce39"><tt>7f5e108</tt></a>) - admin: In self-check for SPF records against our IPs, don't try checking the unspecified addresses (0.0.0.0 and ::), and warn if there are no explicitly configured IPs. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/726c0931f77db09d7d03c5ca319c70d737e54f1d"><tt>726c093</tt></a>) - autoconfig: More RFC compliant SRV service not available DNS records (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/240">#240</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/355488028db494844d4970d79668811edfccd121"><tt>3554880</tt></a>) Bug fixes - Fix verifying DANE-TA connections for outgoing email deliveries where the DANE-TA record is not for the first certificate in the chain after the leaf certifiate. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/f7666d1582fe0812a868f226b2aee338d1d07268"><tt>f7666d1</tt></a>) - junk filter: Fix adjusting word counts after train/untrain. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/17baf9a8830c92a669299649c111d420c655ff1e"><tt>17baf9a</tt></a>) - Log when mox root process cannot forward signals to unprivileged child and give the mox.service permissions to send such signals. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/32d4e9a14c2598ee64bb6fc461b5784fe64a5bc7"><tt>32d4e9a</tt></a>) - webadmin: When loading page with webserver routes, internal services would always be shown with "admin" as internal services, and saving the handler would overwrite the correct setting. (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/264">#264</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/965a2b426fae8b0119ea7f65dd3d8398bf3fb7ff"><tt>965a2b4</tt></a>) - When opening an account by email address, such as during login attempts, and the address is an alias, fail with proper error "no such credentials" instead of with error "no such account" and printing a stack trace. (for issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/238">#238</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/3d4cd004309469fb1fddbf3f89afc5ab111823ac"><tt>3d4cd00</tt></a>) - webmail: Fix using the compose window/popup after saving a draft message failed. (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/256">#256</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/ee48cf0dfd46a889ecf0a6dbf579912b9f95875d"><tt>ee48cf0</tt></a>) - webmail: Fix css to not show text on button (actually html "a" element for links) for downloaded (visited) attachments in blue. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/f7193bd4c321544c51c67f5ff1d25d9c330df0b8"><tt>f7193bd</tt></a>) Update procedure After updating, run "mox retrain" to retrain the bayesian junk filter for all accounts. Retraining an account with many messages can require quite some working memory. Due to a bug (now fixed), reclassifying messages as (non)-junk updated the scores of words incorrectly, sometimes resulting in very high (non)-junk reputation of some words. The junk filter should perform better after retraining. If you are using the mox.service systemd unit file on Linux, you should add "CAP_KILL" to CapabilityBoundingSet (and reload & restart the service) so graceful shut downs are faster. Before upgrading, do a dry-run first. - Make a temporary backup with the old mox version: `mox-v0.0.13 backup data/tmp/testupgrade` - Verify that all is well with the old version: `mox-v0.0.13 verifydata data/tmp/testupgrade` - Verify the state with the new version: `mox-v0.0.14 verifydata data/tmp/testupgrade` With a successful dry-run, the upgrade should go smoothly. Make a new backup with `mox-v0.0.13 backup data/tmp/backup` (the previous backup was modified by the dry-run, so couldn't be used to restore!), replace the binary and restart. For further details, see <a href="https://www.xmox.nl/faq/#hdr-how-do-i-upgrade-my-mox-installation">https://www.xmox.nl/faq/#hdr-how-do-i-upgrade-my-mox-installation</a> If you run into any problems, please create a bug report. Thanks Thanks for all the contributions/bug reports/feedback/discussions, much appreciated! Special thanks to: exander77, bwbroersma, Robby-, wneessen, kiekerjan, robbo5000, morki, laura-lilly, ally9335, spectral369, mattfbacon, mwyvr, s0ph0s-dog, soheilpro and many more! mjl- tag:github.com,2008:Repository/595136650/v0.0.13 2024-11-06T23:11:08Z v0.0.13 v0.0.13 This release fixes TLS interoperability with incoming deliveries from Microsoft servers by disabling TLS session tickets. If you have MTA-STS and/or DANE enabled, TLS is required for successful delivery, and updating to v0.0.13 is required to receive messages from Microsoft again. TLS session tickets may be enabled again in a future release, possibly per port/service. Improvements - In the IMAP server, for the "bodystructure" response item to a "FETCH" command, add the content-type parameters for multiparts so IMAP clients will get the MIME boundary without having to parse the message themselves. (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/217">#217</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/8fa197b19dfea22f3215e1768e8d90001f0ded06"><tt>8fa197b</tt></a>) - Add an HTTP handler for the acme http-01 validiation mechanism to all plain http (non-tls) webservers (ports), not only to the one listening on port 80. (#issue 218, <a class="commit-link" href="https://github.com/mjl-/mox/commit/0fbf24160c65f8dd8855533cfaa2b485ee6764d9"><tt>0fbf241</tt></a>) - Properly link to matrix room so users can find it. (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/226">#226</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/76f7b9ebf64cf05132eccc1c0f13b38a79726d6e"><tt>76f7b9e</tt></a>) Bug fixes - Disable session tickets for tls to workaround deliverability issues with incoming email from Microsoft over smtp with starttls. Without this fix, email from Microsoft is no long coming in. (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/237">#237</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/22c8911bf3f768931d93f599b0eb03882d1c78e3"><tt>22c8911</tt></a>) - In the SMTP server, when logging about problems with recipients, actually show which recipients were present in the session. (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/232">#232</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/598c5ea6ac9f4a5ac0b6404102b776818f11b6d4"><tt>598c5ea</tt></a>). - Webmail: During "send and archive", don't fail with error message when message that is being responded to is already in archive folder. (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/233">#233</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/879477a01f72fa9202bef8acc652ec8970da1bc7"><tt>879477a</tt></a>) - Webmail: if we don't have loaded account settings yet, abort loading the popup after showing an error that the settings aren't available yet. (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/218">#218</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/04305722a783902d1410beb622686135ad9f4c84"><tt>0430572</tt></a>) Update instructions Before upgrading, do a dry-run first. - Make a temporary backup with the old mox version: `mox-v0.0.12 backup data/tmp/testupgrade` - Verify that all is well with the old version: `mox-v0.0.12 verifydata data/tmp/testupgrade` - Verify the state with the new version: `mox-v0.0.13 verifydata data/tmp/testupgrade` With a successful dry-run, the upgrade should go smoothly. Make a new backup with `mox-v0.0.12 backup data/tmp/backup` (the previous backup was modified by the dry-run, so couldn't be used to restore!), replace the binary and restart. For further details, see <a href="https://www.xmox.nl/faq/#hdr-how-do-i-upgrade-my-mox-installation">https://www.xmox.nl/faq/#hdr-how-do-i-upgrade-my-mox-installation</a> If you run into any problems, please create a bug report. Thanks Thanks for all the contributions/bug reports/feedback/discussions, much appreciated! Special thanks to mdavids, danieleggert, startup-001-steve, snabb, mattfbacon, mgkirs, exander77. Development on mox is funded through the NLnet NGI0 Entrust Fund, <a href="https://nlnet.nl/entrust/">https://nlnet.nl/entrust/</a>, with financial support from the European Commission's Next Generation Internet programme. mjl- tag:github.com,2008:Repository/595136650/v0.0.12 2024-10-06T12:11:46Z v0.0.12 v0.0.12 Improvements - webmail: Change many inline styles to using css classes, and add dark mode. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/pull/163">#163</a> by mattfbacon, <a class="commit-link" href="https://github.com/mjl-/mox/commit/a16c08681b7181d7d3eb04246caa9132348bc035"><tt>a16c086</tt></a>) - webmail: In compose window, merge close & cancel button, and align buttons on the right. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/4d28a02621f248df0d8f2a35c594fe4f9cbcb3ac"><tt>4d28a02</tt></a>) - mox backup: Add hint about systemd ReadWritePaths if hardlinking fails on linux due to cross-device link. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/170">#170</a> by rdelaage, <a class="commit-link" href="https://github.com/mjl-/mox/commit/44a6927379cd7b674f9d06e7fe28fc7cdfb3366d"><tt>44a6927</tt></a>) - mox backup: Clarify behaviour with destination directory, and exit code. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/172">#172</a> by RobSlgm, <a class="commit-link" href="https://github.com/mjl-/mox/commit/1fc8f165f75ee54fa7cb25fc9becdde59b8b0345"><tt>1fc8f16</tt></a>) - When removing account, remove its data directory instead of leaving it around. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/162">#162</a> by RobSlgm & x8x, <a class="commit-link" href="https://github.com/mjl-/mox/commit/30ac690c8f64558487a26bc6797c9cb7ac034d7d"><tt>30ac690</tt></a>) - Give more helpful pointers for dns-related setup, such as troubleshooting dns resolving, and multi-line dkim dns records. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/158">#158</a>, <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/164">#164</a>, vipas84, RobSlgm, <a class="commit-link" href="https://github.com/mjl-/mox/commit/83004bb18e3cd2d525fee82ad9a754dde6c77a2f"><tt>83004bb</tt></a>) - Improve http request handling for internal services (web interfaces) and multiple domains. The handler for /admin/ is now only enabled on the listener (machine) host name by default, no longer all hosted domains. The internal handlers (for admin, account, webmail, webapi), can now also be explicitly configured in the webserver section, for additional/custom endpoints to serve those services on. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/160">#160</a> by TragicLifeHu, <a class="commit-link" href="https://github.com/mjl-/mox/commit/614576e409a6e2f115bc6c11bd03a50b9b45ddec"><tt>614576e</tt></a>) - During DNS self-check, if the SRV records with just a dot (for a non-existent service), is missing, show as warning, not as error. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/184">#184</a> by morki, <a class="commit-link" href="https://github.com/mjl-/mox/commit/e350af7eed6804a32f8f9729bf99aa7de9f2b717"><tt>e350af7</tt></a>) - During DNS self-check, warn when DANE is not configured (through static host keys), instead of showing "OK". (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/185">#185</a> by morki, <a class="commit-link" href="https://github.com/mjl-/mox/commit/73373a19c1347e781aed16a76419ba41e2a1620d"><tt>73373a1</tt></a>) - Systemd service file now syslogs as facility "mail". (by kiekerjan, <a class="commit-link" href="https://github.com/mjl-/mox/commit/151bd1a9c0446accb176091477f3c8a7b95d04df"><tt>151bd1a</tt></a>) - Add favicon to web interfaces. Admins can use the webserver config to serve a different file. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/186">#186</a> by morki, <a class="commit-link" href="https://github.com/mjl-/mox/commit/c629ae26afee9976f7c6530ecff86f561108606e"><tt>c629ae2</tt></a>) - Attempts at improving interoperability with SMTP clients and the "login" SASL authentication mechanism. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/51">#51</a> by hmfaysal, <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/223">#223</a> by gdunstone & wneessen, <a class="commit-link" href="https://github.com/mjl-/mox/commit/aead73883601ecb259e7a27d834bcbaf8e4af07a"><tt>aead738</tt></a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/7ecc3f68ce9218e3881eadc4a5d213905018a16d"><tt>7ecc3f6</tt></a>) - Recognize more charsets than utf-8/iso-8859-1/us-ascii when parsing message headers with addresses. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/204">#204</a> by morki, <a class="commit-link" href="https://github.com/mjl-/mox/commit/5678b03324864f01668f47c6a78e2d56efe456e5"><tt>5678b03</tt></a>) - webapi: Implement adding "alternative files" to messages sent with the Send method. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/188">#188</a> by morki, <a class="commit-link" href="https://github.com/mjl-/mox/commit/6c488ead0b9ea8e11e5aff28b706121ee36d9401"><tt>6c488ea</tt></a>) - webmail: Add setting to show html version of a message by default, instead of text version. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/196">#196</a> by GildedHonour, <a class="commit-link" href="https://github.com/mjl-/mox/commit/b77f44ab5819e7bf67fd040a628013e325c00a6b"><tt>b77f44a</tt></a>) - When login sessions to admin/account/webmail interfaces expiry or are no longer valid, explain the reason in the message above the login form. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/202">#202</a> by ally9335, <a class="commit-link" href="https://github.com/mjl-/mox/commit/a977082b89db0cabb742c1e8c32e448650e91288"><tt>a977082</tt></a>) - webapi: Add "RcptTo" to webapi MessageGet result. (mattanja on matrix, <a class="commit-link" href="https://github.com/mjl-/mox/commit/b0c4b090102cfdcb3a2ef112fc3f4487ec21ea40"><tt>b0c4b09</tt></a>) - webadmin: At managing aliases, mention an alias member won't receive a message if the member address is in the message From header. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/220">#220</a> by wneessen, <a class="commit-link" href="https://github.com/mjl-/mox/commit/bbc419c6ab913b1ecb6246bea1081919028b4e7b"><tt>bbc419c</tt></a>) - In ACME port config option, explain why using a HTTPS reverse proxy will not work for ACME tls-alpn-01 verification. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/218">#218</a> by mgkirs, <a class="commit-link" href="https://github.com/mjl-/mox/commit/7d3f3071561b29d1abbbe7c287fd1906542d6c86"><tt>7d3f307</tt></a>) - Add more details to X-Mox-Reason message header added during delivery, for understanding why a message is accepted/rejected. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/179">#179</a> by Fell, <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/157">#157</a> by mattfbacon, <a class="commit-link" href="https://github.com/mjl-/mox/commit/32b549b260a113fb25d48fa3a52214c59dd72a5b"><tt>32b549b</tt></a>) - Many small improvements. Bug fixes - webadmin: Propagate error when quota size cannot be parsed, improve parsing and hint in error message. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/115">#115</a> by pmarini-nc, <a class="commit-link" href="https://github.com/mjl-/mox/commit/72be3e8423f6aa3f0d457b8e836819b44eb2a864"><tt>72be3e8</tt></a>) - webadmin: Don't show js runtime typecheck errors for invalid values in DMARC and TLS reports. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/161">#161</a> by RobSlgm, <a class="commit-link" href="https://github.com/mjl-/mox/commit/a2c9cfc55be686f1e650d9150ae5a06268a23690"><tt>a2c9cfc</tt></a>) - webmail: In list of From address to use in compose window, don't add the catchall address. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/1a0a396713ab58de002bfbe285fe5f44b05ab334"><tt>1a0a396</tt></a>) - webmail: Only show "edit" button on drafts, and similar for "e" shortcut. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/8254e9ce66d284c59fa37cb34d8d63f5a7663ece"><tt>8254e9c</tt></a>) - webadmin: Show correct host TLSRPT record in dns selfcheck, and make all suggested dns records absolute. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/182">#182</a> by mdavids, <a class="commit-link" href="https://github.com/mjl-/mox/commit/9bab3124f6fac31b455ddbdebf46ad0507445334"><tt>9bab312</tt></a>) - Show the same SPF record for a domain in the dnsrecords and dnscheck output/pages. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/176">#176</a> by rdelaage & RobSlgm, <a class="commit-link" href="https://github.com/mjl-/mox/commit/7e54280a9d9df32db894ff11b45fcaeb7c1d24da"><tt>7e54280</tt></a>) - Fix parsing message headers with addresses that need double quotes. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/199">#199</a> by gene-hightower, <a class="commit-link" href="https://github.com/mjl-/mox/commit/016fde8d783247129613b16b60dbe14e2a855b51"><tt>016fde8</tt></a>) - Reject attempts at STARTTLS for SMTP & IMAP when no TLS config is present. Instead of dereferencing a nil pointer, which is caught by the go runtime, with fallback error handling gracefully closing the SMTP connection. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/a7bdc41cd40706f8f8e54e20bec869827e61c98b"><tt>a7bdc41</tt></a>) - For certain errors during SCRAM authentication, handle errors more gracefully instead of aborting the connection. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/222">#222</a> by wneessen, <a class="commit-link" href="https://github.com/mjl-/mox/commit/c7315cb72d65814d1ad29b83469eb34457fe4d2c"><tt>c7315cb</tt></a>) - For messages retired from the delivery queue, set "success" field properly, and include the SMTP code/enhanced code on success too (not only on failure). (<a class="commit-link" href="https://github.com/mjl-/mox/commit/fdc0560ac4e73e7a7f938971717b84f21efcd765"><tt>fdc0560</tt></a>) - webmail: Fix loading a "view" (messages in a mailbox) when the "initial" message cannot be parsed. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/219">#219</a> by wneessen, <a class="commit-link" href="https://github.com/mjl-/mox/commit/fb65ec0676ab382bcbc42e0b34a2473c228bed60"><tt>fb65ec0</tt></a>) - smtpclient: Handle server closing connection after writing its response to RCPT TO in pipelined mode. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/198">#198</a> by soheilpro, <a class="commit-link" href="https://github.com/mjl-/mox/commit/17346d6def1db7a6fec294afa36232286e9b06fd"><tt>17346d6</tt></a>) - imapserver: Prevent unbounded memory allocations when handling a command (solves same problem as in <a title="CVE-2024-34055" href="https://github.com/advisories/GHSA-crp5-539g-qwq6">CVE-2024-34055</a>). (<a class="commit-link" href="https://github.com/mjl-/mox/commit/aef99a72d8f8da30530f4a8f6b4eac6f9a44aa05"><tt>aef99a7</tt></a>) - For incoming SMTP deliveries with STARTTLS, use certificate of hostname if SNI hostname is unknown. Instead of failing the connection because no certificates are available. Fixes interoperability with SMTP clients that do opportunistic SMTP without sending a hostname. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/206">#206</a> by RobSlgm, <a class="commit-link" href="https://github.com/mjl-/mox/commit/62bd2f442731670a34c39926b064dfa34bb5d7ac"><tt>62bd2f4</tt></a>) Update instructions Before upgrading, do a dry-run first. - Make a temporary backup with the old mox version: `mox-v0.0.11 backup data/tmp/testupgrade` - Verify that all is well with the old version: `mox-v0.0.11 verifydata data/tmp/testupgrade` - Verify the state with the new version: `mox-v0.0.12 verifydata data/tmp/testupgrade` With a successful dry-run, the upgrade should go smoothly. Make a new backup with `mox-v0.0.11 backup data/tmp/backup` (the previous backup was modified by the dry-run, so couldn't be used to restore!), replace the binary and restart. For further details, see <a href="https://www.xmox.nl/faq/#hdr-how-do-i-upgrade-my-mox-installation">https://www.xmox.nl/faq/#hdr-how-do-i-upgrade-my-mox-installation</a> If you run into any problems, please create a bug report. After upgrading, you may want to run "mox reparse" to parse the message headers of all messages in all accounts. Message headers for addresses with character sets other than us-ascii/utf-8/iso-8859-1 will be fixed. Thanks Thanks for all contributions, bug reports, feedback and discussions. It improves mox, keep it coming! Development on mox is funded through the NLnet NGI0 Entrust Fund, <a href="https://nlnet.nl/entrust/">https://nlnet.nl/entrust/</a>, with financial support from the European Commission's Next Generation Internet programme. mjl- tag:github.com,2008:Repository/595136650/v0.0.11 2024-04-30T19:38:14Z v0.0.11 v0.0.11 New features - Improve queue management (<a class="commit-link" href="https://github.com/mjl-/mox/commit/40ade995a5e5cc40bc8cf8fb3b94e4e508079097"><tt>40ade99</tt></a>) - Add option to put messages in the queue "on hold", preventing delivery attempts until taken off hold again. - Add "hold rules", to automatically mark some/all submitted messages as "on hold", e.g. from a specific account or to a specific domain. - Add operation to "fail" a message, causing a DSN to be delivered to the sender. previously we could only drop a message from the queue. - Update admin page & add new cli tools for these operations, with new filtering rules for selecting the messages to operate on. In the admin interface, add filtering and checkboxes to select a set of messages to operate on. - Add a webapi and webhooks for a simple HTTP/JSON-based API, helps with sending transactional email. (for issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/31">#31</a> by cuu508, <a class="commit-link" href="https://github.com/mjl-/mox/commit/09fcc492234ea494b66f6508ebb63486670e3647"><tt>09fcc49</tt></a>) - Webapi allows submitting messages without having to compose the message yourself, and without having to know SMTP. - Webhooks makes it easy to process delivery failure/success updates, without needing IMAP and process DSNs. - History about outgoing/sent messages can be kept for a configurable interval, per account. Also for the new webhook queue. - Messages can be delivered with a "unique SMTP MAIL FROM" address, using a unique id after the localpart catchall separator, e.g. `you+<unique>@example.org`. - Automatic suppression list management, protecting server reputation. - Extra metadata can be attached through the webapi, or through X-Mox-Extra-<key>: <value> headers during SMTP submission. - Most settings are per-account, configurable through config file and account web interface. The webapi must be enabled in mox.conf through field WebAPIHTTP(s). - Gopherwatch.org was created to validate this functionality, and it can now operate either with SMTP/IMAP or webapi/webhooks. - Add aliases/lists: when sending to an alias, the message gets delivered to all members. (for issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/57">#57</a> by hmfaysal, issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/99">#99</a> by naturalethic, feedback by damir & marin, <a class="commit-link" href="https://github.com/mjl-/mox/commit/960a51242d51fa48f1ff4f275181fd56c11a070f"><tt>960a512</tt></a>). - IMAP quota extension (RFC 9208), so mail clients can show disk usage (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/115">#115</a> by pmarini, <a class="commit-link" href="https://github.com/mjl-/mox/commit/4dea2de343748b219383a8c4db56062c633fd672"><tt>4dea2de</tt></a>) - Webmail: when moving a single message out of/to the inbox, ask if user wants to create/remove a rule to automatically do that server-side for future deliveries, either based on list-id header if present, or message-from address. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/6c0439cf7b9e172e3be61510362196cda0b2c076"><tt>6c0439c</tt></a>) - Webmail: add server-side stored settings, initially for signature, top/bottom reply and showing the security indicator bars below address input fields. (for issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/102">#102</a> by nixigaj, <a class="commit-link" href="https://github.com/mjl-/mox/commit/70adf353ee07f3c0885c6e3d07211f8de81575b6"><tt>70adf35</tt></a>) - Webmail: for replies/forwards, add button "send and archive thread" next to the "send" button, and give it a control+shift+Enter shortcut. (for issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/135">#135</a> by mattfbacon, <a class="commit-link" href="https://github.com/mjl-/mox/commit/5229d01601ad110f30ee4b29039ae9c87bce3f08"><tt>5229d01</tt></a>) - Webmail: store composed message as draft until send, ask about unsaved changes when closing compose window. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/9529ae0bd4f7d504fb5d9fa5681aa0a3715262a0"><tt>9529ae0</tt></a>) - Webmail: remember server-side per from-address whether we should show the text/html/html-with-external-resources version of a message. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/0f735a17100b81cc2f83ced4de4b1391a10a03ad"><tt>0f735a1</tt></a>) Improvements - Add account config option to skip first-time sender delay for incoming messages over SMTP. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/8b2c97808d8875a817e4de0eab66ffd9ed408201"><tt>8b2c978</tt></a>) - In quickstart, check if outgoing SMTP connection on port 25 can be made. New cloud machines tend to have the port blocked, early warning is helpful. (reported by arnt, <a class="commit-link" href="https://github.com/mjl-/mox/commit/0262f4621e13a4a7e85bbb5abc21a470d6950111"><tt>0262f46</tt></a>) - In quickstart, use "postmaster@" for the contact address with the ACME account for Let's Encrypt if the initial address has a non-ASCII localpart, to prevent account registration from failing. (reported by arnt, <a class="commit-link" href="https://github.com/mjl-/mox/commit/f4b6e14cb9f74d837da2eaff8c563caa20e431ba"><tt>f4b6e14</tt></a>) - Add a "direct" transport, that allows influencing behaviour of the normal delivery mechanism of dialing MX records: The IP address family can be limited to IPv4 or IPv6 (either may not have proper reverse DNS set up). (for issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/149">#149</a>, PR <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/pull/153">#153</a> by lmeunier, <a class="commit-link" href="https://github.com/mjl-/mox/commit/be570d1c7d3de0ddacb011b6411a302d7f7e9f9e"><tt>be570d1</tt></a>) - Also give delivery another try with 5xx response when it happens during MAIL FROM/RCPT TO, not only EHLO as before. (related to <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/149">#149</a>, PR <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/pull/152">#152</a> by lmeunier, <a class="commit-link" href="https://github.com/mjl-/mox/commit/feb8e6c37947b21baaa7dcf724ade0f2435a8280"><tt>feb8e6c</tt></a>) - Make error messages around syntax errors in config files related to spurious spaces more helpful/understandable. (reported by arnt, <a class="commit-link" href="https://github.com/mjl-/mox/commit/6516a27689cbbacdf9653238500a9857eadcc32a"><tt>6516a27</tt></a>) - In SMTP server, reevaluate if SMTPUTF8 extension is needed for delivery, to prevent potential delivery problems to servers that don't implement SMTPUTF8. (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/145">#145</a>, by lmeunier, <a class="commit-link" href="https://github.com/mjl-/mox/commit/9c5d2341629f598c298f4b9ae14009d108d814af"><tt>9c5d234</tt></a>) - When importing maildir, use file mtime as received timestamp if no timestamp is available in filename. (based on message from abdul h, <a class="commit-link" href="https://github.com/mjl-/mox/commit/6d38a1e9a4bb5d266c2789910676585af76359bd"><tt>6d38a1e</tt></a>) - If webauth login cookie is missing, and forwarding was configured, hint that reverse proxy may be stripping path. (for issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/151">#151</a> by naturalethic, <a class="commit-link" href="https://github.com/mjl-/mox/commit/afc47c8108f8961274ffd4260286ac627e4092d3"><tt>afc47c8</tt></a>) - Webmail: When adding submitted message to Sent mailbox, keep any Bcc address in Bcc header. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/c9451d4d065e321eb73d51559c3bd7d96bcd17c7"><tt>c9451d4</tt></a>) - Make more of the dynamic config options (in domains.conf) configurable through the web interfaces, instead of requiring editing the config file. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/baf4df55a6cd17f5992a0135b62122f0cff22729"><tt>baf4df5</tt></a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/a69887bfabe3bbb317e803f6cb12ecf4c24d343c"><tt>a69887b</tt></a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/e702f45d32d30fcbbcd10c2d17c62c6cd509df16"><tt>e702f45</tt></a>) - Webmail: Allow resizing of compose window, and remember width/height for viewport dimension. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/e8bbaa451b130be546b0849c38739de7363fdd3b"><tt>e8bbaa4</tt></a>) - Webmail: Show all images (inline and attachment) below the text part (for the text view, not for html view). (<a class="commit-link" href="https://github.com/mjl-/mox/commit/3a58b2a1f49f34309b629501f3a613a22ff67b9c"><tt>3a58b2a</tt></a>) - Webmail: Add export functionality, similar to existing option in account web interface, but not also possible per mailbox or hierarchy. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/bf5cfca6b99feabd7e8b3a283d9770101acd0d7b"><tt>bf5cfca</tt></a>) - Webmail: ctrl+Backspace on empty address input field removes the field (<a class="commit-link" href="https://github.com/mjl-/mox/commit/b54e903f015ac9237bbf1072f43919d8ad8cd3c5"><tt>b54e903</tt></a>) - Localserve: delivery from queue now goes through the smtp server instead of directly from queue to local accounts. To go through the full regular delivery paths. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/1cf747764266ed65dbf340e1b05fa65fb8e23cb1"><tt>1cf7477</tt></a>) - Many small improvements. Bug fixes - Always properly escape values in Authentication-Results header added to incoming messages. Some generated values could have characters that weren't escaped. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/2c9cb5b847a7708ba401351e092098048eb8297b"><tt>2c9cb5b</tt></a>) - Fix logging in on account and webmail interface for account names (not email addresses) with non-ASCII characters. (reported by arnt, <a class="commit-link" href="https://github.com/mjl-/mox/commit/666f84edead68ed68483d0eb3803954d98b93d5c"><tt>666f84e</tt></a>) - Update to latest bstore with a fix for ordering of certain database results. Only a single query in mox would have triggered the issue, with no expected impact. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/d34dd8aae6ca4ccf0981bd36bbdf96d7e5128372"><tt>d34dd8a</tt></a>) - For incoming TLS connections (HTTPS, but also SMTP and IMAP) for unrecognized domain names (for which we don't have a TLS certificate), don't respond with an "internal error" TLS alert, but with an "unrecognized name" alert. More helpful to user figuring out what's going on. (reported by arnt, <a class="commit-link" href="https://github.com/mjl-/mox/commit/89a9a8bc97962754b8ba8e57e92eb27db3829f26"><tt>89a9a8b</tt></a>). Update instructions Before upgrading, do a dry-run first. - Make a temporary backup with the old mox version: `mox-v0.0.10 backup data/tmp/testupgrade` - Verify that all is well with the old version: `mox-v0.0.10 verifydata data/tmp/testupgrade` - Verify the state with the new version: `mox-v0.0.11 verifydata data/tmp/testupgrade` With a successful dry-run, the upgrade should go smoothly. Make a new backup with `mox-v0.0.10 backup data/tmp/backup` (the previous backup was modified by the dry-run, so couldn't be used to restore!), replace the binary and restart. For further details, see <a href="https://www.xmox.nl/faq/#hdr-how-do-i-upgrade-my-mox-installation">https://www.xmox.nl/faq/#hdr-how-do-i-upgrade-my-mox-installation</a> If you run into any problems, please create a bug report. Thanks Thanks for contributions and/or feedback from: pmarini, tabatinga0xffff, lmeunier, alex, arnt, abdul h, cuu508, naturalethic, nixigaj, mattfbacon, jsfan3, hmfaysal, damir & marin from sartura, RobSlgm, daftaupe, vipas84, TragicLifeHu, manaus0xff, jdlawrie, Bloomers7577, kbrgmn (and all those I missed). Feedback, feature requests, bug reports, contributions (start small!) are all welcome. An easy way to help mox is to use it and spread the word! Development on mox is funded through the NLnet NGI0 Entrust Fund, <a href="https://nlnet.nl/entrust/">https://nlnet.nl/entrust/</a>, with financial support from the European Commission's Next Generation Internet programme. mjl- tag:github.com,2008:Repository/595136650/v0.0.10 2024-03-09T19:29:42Z v0.0.10 v0.0.10 New features - Implement SMTP "FUTURERELEASE" extension in SMTP server. For submitting a message for delivery from the queue at a time in the future, e.g. tomorrow morning 9:00. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/93c52b01a02d9f4558a0c9eb29b8accc21b6da66"><tt>93c52b0</tt></a>) - Delivery from the queue to multiple recipients in a single SMTP transaction, transferring data only once. This is only done for recipients with the same recipient domain. The maximum recipients limit from the RFC 9422 SMTP LIMITS is honored and mox now announces its own limit. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/47ebfa81526cb87bd44f4452fcb080fda1be515a"><tt>47ebfa8</tt></a>) - Allow configuring DNS blocklists (DNSBLs) only for monitoring, without using them for incoming email. Previously, mox would only monitor DNSBLs that are used for incoming connections. But it is useful to know if your IPs are on a blocklist, unrelated to whether you're using the blocklist. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/15e450df61173701fbbf2be52bf2e944cbe4b0f7"><tt>15e450d</tt></a>) Improvements - Mox has a separate website now, <a href="https://www.xmox.nl">https://www.xmox.nl</a>. It should be more friendly for first-time visitors than the github page. It also has an initial video, with more to come. Content, except images/videos, is in the mox git repository, so functionality and documentation can be changed together. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/0bc30729440cc61bbaddf9c84f1f9431eba7300d"><tt>0bc3072</tt></a>) - Fix interpreting a per-account negative total size quota as "no limit", overriding the global/default setting. (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/115">#115</a> by pmarini-nc) - Webmail: When Q/B-word-decoding attachment filenames, recognize more character set encodings. (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/113">#113</a> by jsfan3) - Webmail: show unicode for internationalized email addresses by default. Not the xn-- names, which are not user-friendly. A hover still shows the xn-- names. After talking to arnt at FOSDEM. - Localparts of addresses are now normalized to Unicode NFC throughout mox, including for incoming deliveries. Previously, incoming SMTPUTF8 deliveries with non-NFC-normalized unicode localparts (e.g. with separate code points for accents and such (NFD)) would not be accepted. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/8e6fe7459b6f9478e83097ea8c96b06708b58941"><tt>8e6fe74</tt></a>) - The PRECIS (RFC 8265) password profile is now applied when setting/using passwords. It prevents confusing users who use unusual unicode whitespace codepoints in their passwords. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/c57aeac7f09eb003f5475a9882a0640264b533f2"><tt>c57aeac</tt></a>) - Webmail: Implement registering "mailto:" links. Click the new button in the Help popup to register. From Hans-Jörg. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/ee1db2dde705a70dc353ae039f1b1880c6678341"><tt>ee1db2d</tt></a>) - In DSNs, show the full (multiline) SMTP response, not just the first line. It often has helpful details. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/50c13965a72bf4f2fbf75c9b676315ae553f9ec9"><tt>50c1396</tt></a>) - More DSN improvements: put the full SMTP reply in field Diagnostic-Code (<a class="commit-link" href="https://github.com/mjl-/mox/commit/1c934f0103d51ccc321f89a4776a67d99dd41bd3"><tt>1c934f0</tt></a>), when delivering a local DSN add Delivered-To header (<a class="commit-link" href="https://github.com/mjl-/mox/commit/79da4faaa1e7cdf944ef3d35a2fc0c2d97894ae7"><tt>79da4fa</tt></a>), when parsing an incoming DSN set the Action field (e.g. failed, delayed) (<a class="commit-link" href="https://github.com/mjl-/mox/commit/f6497b1aaf65e80b0dc5d96e143c834aefc7185f"><tt>f6497b1</tt></a>), match DSN to threads based on Referenced/In-Reply-To only, not subject (<a class="commit-link" href="https://github.com/mjl-/mox/commit/13923e4b7bfe30a9bfd67e7abbadc8bf0bfbc2d0"><tt>13923e4</tt></a>). - In quickstart and self-check, improve the check whether resolver verifies DSNSEC. We were looking up NS on ".", but some DNSSEC-verifying resolvers respond to that with unauthentic data. (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/139">#139</a> by triatic) - More helpful instructions about setting up a DNSSEC-verifying resolver, and how to test it. (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/131">#131</a> by romner-set) - Relevant for reusable components: the "slog" package from golang.org/x/exp is now replaced with slog from the standard library. Function signatures have changed. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/d1b87cdb0da173fb15c33e38ac81a57494c8d226"><tt>d1b87cd</tt></a>) Bug fixes - smtpserver: Spurious \r were sometimes injected when fixing up crlf line endings for incoming messages. The check could look at wrong a buffer, seemingly randomly incorrectly concluding a \r was missing before a \n. Messages with the extra \r added shouldn't cause any trouble. You can find these messages with "grep -rn $'\r\r$' data/accounts/$youraccount/msg/", remove one \r manually and run "mox fixmsgsize $youraccount" to reparse the message. (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/117">#117</a>, by haraldrudell) - Deliveries could seemingly randomly but consistencly fail with an incorrect diagnostic about the message containing a bare newline. It would happy due to crlf handling around buffer starts/ends. (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/129">#129</a> by x8x) - When adding a message to the queue for delivery, set the correct local account, so DSNs about delivery failures go to the correct user, not the postmaster account. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/dc83ad1df55914c763d5235beaa8364e806df05f"><tt>dc83ad1</tt></a>) - imapserver: In a sequence/uid pattern, the "*" would in some cases be interpreted as the first message, but it should always be the last message in a mailbox. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/14aa85482e0e2baf2c515adb29ab6a7718150a44"><tt>14aa854</tt></a>). - Fix displaying DMARC reports with empty values for some fields. The TypeScript checks would reject them for being invalid enums, empty strings are now part of the enum. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/20812dcf62aff3e5796f95b6cbe92ce2a4942294"><tt>20812dc</tt></a>) - In outgoing TLS reports, always use DNS ASCII A-labels, not unicode U-labels. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/62be829df078f93e12bd7a1adbdbe604d23f1946"><tt>62be829</tt></a>) - For domains configured only for TLS/DMARC reporting, don't reject messages to that domain during submission, but deliver them as normal. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/1d9e80fd705945e21983fe8bc0a1e81377c2aad1"><tt>1d9e80f</tt></a>) - smtpclient: Treat server's size limit of SIZE=0 as "no limit", instead of failing to deliver. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/39bfa4338a124f3908b4b38f5af5a98fb6d9e50f"><tt>39bfa43</tt></a>) - Accept TLS reports that reference multiple domains, and that mix reports about hosts and recipient domains. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/e0c36edb8f1b13a9e9acfab08842ac2f200c9b1a"><tt>e0c36ed</tt></a>) - Admin: Prevent writing out an invalid domains.conf that cannot be parsed again. Happened when the last address of an account was removed through the admin web interface. (issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/133">#133</a> by ally9335) - Webmail: sending to invalid addresses could result in (failing) attempts to an empty address instead of returning an error message to the user. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/63cef8e3a59bd09dbca863854bec7d40c444715e"><tt>63cef8e</tt></a>) Update instructions Before upgrading, do a dry-run first. - Make a temporary backup with the old mox version: `mox-v0.0.9 backup data/tmp/testupgrade` - Verify that all is well with the old version: `mox-v0.0.9 verifydata data/tmp/testupgrade` - Verify the state with the new version: `mox-v0.0.10 verifydata data/tmp/testupgrade` With a successful dry-run, the upgrade should go smoothly. Make a new backup with `mox-v0.0.9 backup data/tmp/backup` (the previous backup was modified by the dry-run, so couldn't be used to restore!), replace the binary and restart. For further details, see <a href="https://www.xmox.nl/faq/#hdr-how-do-i-upgrade-my-mox-installation">https://www.xmox.nl/faq/#hdr-how-do-i-upgrade-my-mox-installation</a> If you run into any problems, please create a bug report. Thanks Thanks for contributions and/or feedback from: haraldrudell, x8x, romner-set, triatic, mteege, Hans-Jörg, arnt, jsfan3, pmarini-nc, ArnoSen, andreasheil, theduke, daluntw, lmeunier, ally9335, p-rintz, daftaupe (and everyone at the FOSDEM email devroom, and all those I missed). Feedback, feature requests, bug reports, contributions (start small!) are all welcome. An easy way to help mox is to use it and spread the word! Development on mox is funded through the NLnet NGI0 Entrust Fund, <a href="https://nlnet.nl/entrust/">https://nlnet.nl/entrust/</a>, with financial support from the European Commission's Next Generation Internet programme. mjl- tag:github.com,2008:Repository/595136650/v0.0.9 2024-01-09T11:06:34Z v0.0.9 v0.0.9 New features - Per-account disk space quota. Mox now tracks the total size of messages in an account (overhead from the message index database or file system is not included). A maximum disk usage can be configured globally and/or per account. If configured, the maximum allowed disk usage is enforced. By default, no maximum is configured. Setting quota for accounts can prevent a single account from filling up the disks. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/d73bda7511192a903d56bcf25a503fccee67be36"><tt>d73bda7</tt></a>) - When suggesting CAA DNS records (specifying which Certificate Authorities are allowed to sign certificates for a domain), suggest variants that bind to the ACME account ID, and restricts the validation methods to those used by mox. Should prevent MitM close to a machine from requesting TLS certificates through ACME as seen on the internet recently. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/db3fef4981f25f080803d78b491ca6615b0d9577"><tt>db3fef4</tt></a>) - Add config file fields for ACME external account binding (EAB). Some ACME providers require EAB to link an ACME account with a non-ACME account at the provider. With EAB, more ACME providers can be used with mox. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/ee1094e1cb7cb344c88d1c62e7c8d59dd4310ff0"><tt>ee1094e</tt></a>) - Implement the PLUS-variants of the SCRAM authentication mechanisms: SCRAM-SHA-256-PLUS and SCRAM-SHA-1-PLUS. The PLUS variants add TLS channel binding: Authentication only succeeds if the client and server are on the same TLS connection. Authentication will fail if there is a MitM (that has a valid TLS certificate). (<a class="commit-link" href="https://github.com/mjl-/mox/commit/e7478ed6acb9dd6220fe2b95e0e1b246f93bd3de"><tt>e7478ed</tt></a>) - Use a `mail.<domain>` CNAME for the SMTP (submission) and IMAP servers of a domain, pointing to the mail server host name. Before, clients were instructed to configure the mail server host name directly, but that makes it harder to migrate the domain to another mail server in the future: All clients would need to update their settings. A CNAME can be pointed to a new server without requiring changes to client settings. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/da3ed38a5cb07617690e6a0b2f484e78a79eefc5"><tt>da3ed38</tt></a>) Improvements - The admin, account and mail web interfaces now use session cookie-based authentication (with csrf) instead of HTTP authentication. These interfaces now have a "logout" button (not possible with HTTP authentication). (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/58">#58</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/0f8bf2f220887078d4f3b54efff643c93580e9ed"><tt>0f8bf2f</tt></a>) - Webmail: Don't automatically mark unclassified messages in the Rejects mailbox as non-junk when reading them. For all other mailboxes the behaviour is unchanged. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/416113af723a77de03799975a4f3555ea80995c7"><tt>416113a</tt></a>) - Webmail: Ask user to reload the application when the server version has changed. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/8e37fadc131054c094d22629ef4a4932ad79b116"><tt>8e37fad</tt></a>) - Webmail: In the message view, show the DMARC status of the domain of the message "From" address. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/fb81effe45cf657112f5744c01359e5d8bb847b8"><tt>fb81eff</tt></a>) - Webmail: When composing, leave out our own address when replying. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/7c1879da828c949cfdee3155df023d63f49b0bbc"><tt>7c1879d</tt></a>) - Junk filtering: Make content-based filtering for first-time senders more strict for messages delivered over non-TLS connections, or when the addressee isn't in a To/Cc message header. Common for junk, uncommon for non-junk. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/2ff87a0f9c84e1931d5396fe745d07ce46be6d72"><tt>2ff87a0</tt></a>) - SMTP server: after "MAIL FROM:" and "RCPT TO:" commands, allow a space (which is invalid syntax) also for delivery. We only allowed it for submission, assuming only (submitting) mail clients or spammers had sloppy SMTP implementations. In practice, also legitimate delivering mail servers have sloppy implementations. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/101">#101</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/af5da176239b3eca22046a1d92cacfc60bd0ef9d"><tt>af5da17</tt></a>) - When generating a Authentication-Results message header (with results for SPF/DKIM/DMARC/etc), put each result on a new line for better readability. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/2710a5b97122e1c8576ef94d2040314766533ac8"><tt>2710a5b</tt></a>) - Make many non-server Go packages more easily reusable. Package imports were changed so more packages can be imported without pulling in mox internals. See <a href="https://github.com/mjl-/moxtools">https://github.com/mjl-/moxtools</a> for a tool that reuses Go packages. It is deployed publicly at <a href="https://tools.xmox.nl/">https://tools.xmox.nl/</a>. As part of this change, mox now uses Go's slog package for logging. Changes in the API's between releases are tracked at <a href="https://github.com/mjl-/mox/tree/main/apidiff">https://github.com/mjl-/mox/tree/main/apidiff</a>. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/5b20cba50aa1e7d81678b36f925e1cc6e2c99438"><tt>5b20cba</tt></a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/72ac1fde29fb56ac27468d51ce7987e4225f6f55"><tt>72ac1fd</tt></a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/f3a35a67663e839ffe467f7539b90826596a6c86"><tt>f3a35a6</tt></a>) - SMTP server: for submission, if a message has a Return-Path header, only fail in pedantic mode. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/103">#103</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/57fc37af2296bfa7114abd8dffd8edb88efec2e7"><tt>57fc37a</tt></a>) - Webmail: For messages in the Sent mailbox, show To/Cc/Bcc in italic, and show all correspondents in collapsed threads. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/104">#104</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/802dcef192c028cf4462336b8beb311796b8ff0f"><tt>802dcef</tt></a>) - The admin and account web interfaces were changed from JavaScript to TypeScript, making it easier to maintain. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/a9940f9855d430760c888a43001f347064340d51"><tt>a9940f9</tt></a>). - Implement IMAP-UTF-7 more fully, and allow creating mailboxes with "special" characters: "&" (the IMAP-UTF-7 escape character), "#" (the IMAP namespace character), "*" and "%" (matching characters). These were not allowed out of caution, but occur in real-world mailbox names. Mox now uses IMAP-UTF-7 when sending mailbox names for clients that did not enable IMAP4rev2 or UTF8=ACCEPT. Before, mox would always send UTF-8, but not all clients understand that, and it can cause confusion with IMAP-UTF-7 and "&" escaping. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/110">#110</a>, <a class="commit-link" href="https://github.com/mjl-/mox/commit/d84c96eca585490bc1f9ca42cbcf7e364c6a766c"><tt>d84c96e</tt></a>) - IMAP server: Add STATUS=SIZE as capability. It was already implemented as part of IMAP4rev2, but older clients won't recognize that. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/59bffa470153629da99bb0eddfe80571be745a17"><tt>59bffa4</tt></a>) - And more smaller improvements. Bug fixes - SMTP server and SMTP smuggling: Mox was itself not vulnerable to SMTP smuggling, treating only "\r\n.\r\n" as end of transaction. But two improvements have been made: (<a class="commit-link" href="https://github.com/mjl-/mox/commit/1f9b640d9ae8dbd92d90fa3a5e26caaa67411eb8"><tt>1f9b640</tt></a>) 1. Bare carriage returns are no longer accepted during SMTP transactions. Bugs in other mail servers can lead them to accept other sequences as end-of-transaction, notably "\r.\r". Mox would accept submitted messages with that sequence for delivery. Such messages could trigger bugs in other mail servers causing them to materialize non-existent messages. By no longer accepting bare carriage returns in submitted messages, mox can no longer be used to trigger the "\r.\r"-bug in other mail servers. SMTP transactions with a bare carriage return now result in an error mentioning SMTP smuggling. Mox can still store messages with bare carriage returns, e.g. from imports. Mox already added missing carriage returns to bare newlines. 2. A bug in mox caused sequences of "\nX\n" for any X (including "\n.\n") to result in a temporary processing error. For "\n.\n" this accidentially was fine behaviour, for other characters the bug has been fixed. Any sequence of "\r\n.\r\n" where one or both carriage returns are missing now result in an error mentioning SMTP smuggling. - IMAP server: The on-disk message size was not correctly calculated for messages added with the APPEND command (typically used for imported messages and when a mail client sends a message) when bare newlines ("\n") got a missing carriage return added ("\r\n"). This would cause errors when attempting to read the message. If you are affected by this, run "mox fixmsgsize <account>" to fix up incorrect message sizes. Reported by daftaupe. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/02eb7b50330ef671fa25e4895531a7de12711e8c"><tt>02eb7b5</tt></a>) - SMTP server: When writing "slow responses" (when a message is deemed junk), ensure the total response time isn't too long (slightly less than 30 seconds). Slow responses were writing 1 byte per second. With a long response (e.g. long error message), a sending mail server may not consume a full response. If mox was the sending server, it would report a timeout after 30 seconds. Report by naturalethic. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/fbc18d522d29514d097b5ce62dd64a252cc0738d"><tt>fbc18d5</tt></a>) - IMAP server: Only send "OLDNAME" in a response to the LIST command when IMAP4rev2 is enabled. IMAP4rev1 clients (most common) don't understand it. From duesee with imap-flow. (<a class="commit-link" href="https://github.com/mjl-/mox/commit/41e3d1af10579de6c7a718906061d03b38aba613"><tt>41e3d1a</tt></a>) Update instructions Before upgrading, do a dry-run first. - Make a temporary backup with the old mox version: `mox-v0.0.8 backup data/tmp/testupgrade` - Verify that all is well with the old version: `mox-v0.0.8 verifydata data/tmp/testupgrade` - Verify the state with the new version: `mox-v0.0.9 verifydata data/tmp/testupgrade` With a successful dry-run, the upgrade should go smoothly. Make a new backup with `mox-v0.0.8 backup data/tmp/backup` (the previous backup was modified by the dry-run, so couldn't be used to restore!), replace the binary and restart. For further details, see <a href="https://github.com/mjl-/mox#how-do-i-upgrade-my-mox-installation">https://github.com/mjl-/mox#how-do-i-upgrade-my-mox-installation</a> If you run into any problems, please create a bug report. After upgrading, you may want to: - Run "mox fixmsg <account>" if you've imported messages over IMAP that have bare newlines ("\n" instead of "\r\n"). - Configure your email clients to use authentication mechanism SCRAM-SHA-256-PLUS for SMTP (submission) and IMAP, if they support it. If mail clients have trouble logging in after upgrading, they may be picking a SCRAM PLUS variant without properly supporting it. Explicitly configuring the non-PLUS authentication mechanism should fix the problem and ensures a MitM cannot downgrade the chosen authentication mechanism by altering the list of supported authentication mechanisms. - Change the CAA records for your domains to include the ACME account id and allowed validation methods. See the suggested DNS records for each configured domain. - Set disk usage quota, either globally for all accounts or per account. See QuotaMessageSize in mox.conf, <a href="https://pkg.go.dev/github.com/mjl-/mox/config">https://pkg.go.dev/github.com/mjl-/mox/config</a>. - Add `ClientSettingsDomain: mail.<yourdomain>` to each domain in domains.conf, add the CNAME record as afterwards suggested in the DNS records page, and update client account settings to use the new host name. - For mox setups configured behind an existing webserver, add "Forwarded: true" to the (Admin|Account|Webmail)HTTP(S) sections in mox.conf. It causes them to use X-Forwarded-* headers for determining if HTTPS was active (for secure cookies), and for the IP used for rate limiting. Thanks Thanks for contributions and/or feedback from: Fell, duesee (and <a href="https://github.com/duesee/imap-flow/">https://github.com/duesee/imap-flow/</a>), daftaupe, naturalethic, jsfan3, Halyul, mattfbacon, jsaponara, pmarini (and those I missed). Feedback, feature requests, bug reports, contributions (start small!) are all welcome. An easy way to help mox is to use it and spread the word! Development on mox is funded through the NLnet NGI0 Entrust Fund, <a href="https://nlnet.nl/entrust/">https://nlnet.nl/entrust/</a>, with financial support from the European Commission's Next Generation Internet programme. mjl- tag:github.com,2008:Repository/595136650/v0.0.8 2023-11-22T22:25:23Z v0.0.8 v0.0.8 New features: - DNSSEC-awareness throughout the code base, based on <a href="https://github.com/mjl-/adns">https://github.com/mjl-/adns</a>, a fork of Go's DNS resolver. DNSSEC is a requirement for DANE (see below). If you don't have a DNSSEC-verifying stub resolver configured, DNS lookups are regarded as unverified. Installing unbound and and is still the recommended action. - DANE for incoming and outgoing delivery (RFCs 7672, 6698 and 7671). DANE is a mechanism to require verified TLS (with STARTTLS) for delivery over SMTP. Verification with DANE does not use the global WebPKI/PKIX pool of Certificate Authorities. With DANE, verification is done based on DNS records of type TLSA. These records specify (hashes of) public keys to allow (DANE-EE), ignoring expiration/hostname-match/issuing party, and/or they specify (hashes of) certificates of allowed certificates authorities (DANE-TA), regardless of whether those authorities are in the globally trusted WebPKI/PKIX CA pool. DANE requires that DNS records are DNSSEC-protected, both to protect the MX records and the TLSA records. MTA-STS (already implemented) has similar goals, but does use the WebPKI/PKIX Certificate Authorities pool, both to verify TLS certificates and to protect MX records. DANE and MTA-STS can coexist: In the default configuration, mox generates private keys, then retrieves certificates from Let's Encrypt for these private keys (through <a href="https://github.com/mjl-/autocert">https://github.com/mjl-/autocert</a>, a fork of golang.org/x/crypto/acme/autocert). These certificates are valid for MTA-STS, and TLSA records are generated for the keys for verification with DANE. For inbound delivery with DANE protection, your DNS records must be DNSSEC-protected. For outbound delivery with DANE protection, a trusted DNSSEC-verifying stub resolver is required. - Mox now compiles on Windows, so "mox localserve" and most other commands to work, but "mox serve" (the actual mail server) does not yet work. - "SMTP Require TLS Option" (RFC 8689), consisting of two mechanisms: 1. A REQUIRETLS SMTP extension to require verified TLS along each hop in message delivery, either through MTA-STS or DANE. 2. A message header "TLS-Required: No", that overrides any TLS requirement along the way as specified by any MTA-STS or DANE policy. These mechanisms can be used to ensure secure delivery, or to work around delivery issues due to TLS requirements. Mox remembers whether an SMTP server offered the REQUIRETLS extension. Webmail automatically selects it if all recipients support it. Webmail also lets the user select the "TLS-Required: No" header. - Outgoing DMARC reports (RFC 7489). Mox now stores the results of DMARC evaluations for inbound messages. These results can be viewed in the admin web pages. Reports are typically sent every 24 hours (covering a 24 UTC day), but will be sent for up to 1 hour intervals if requested by a domain. Sending DMARC reports is enabled by default, but can be disabled through new option NoOutgoingDMARCReports in mox.conf. Reporting addresses can be added to a suppression list, to reduce noise due to deliverability issues. Incoming DMARC reports were already implemented. - Outgoing SMTP TLS reporting (RFC 8460). When delivering outbound messages, the SMTP client will look up MTA-STS and/or DANE policies for TLS requirements, with a fallback to opportunistic TLS. The evaluated security policies, (TLS) connection success/failure counts, and any failure details, are stored. Reports are sent once per day to reporting addresses in the TLSRPT DNS record of a domain, over a 24 hour UTC day period. By default, reports are only sent if there was a failure. The pending results can be viewed in the admin web pages. Sending reports can be disabled with new option NoOutgoingTLSReports in mox.conf. Reports with only successes can be enabled through OutgoingTLSReportsForAllSuccess. Reporting addresses can be added to a suppression list to reduce noise due to delivery failures. Improvements: - Webmail: Recognize encoded file names in message attachments. Either with RFC2231-encoding (as specified) or Q/B-word encoding (as used in practice). (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/82">#82</a>) - Webmail: For portait images, don't let image extend beyond window height. - Webmail: Wrap long header lines, instead of showing horizontal scrollbar. - Webmail: Replying without having text selected now starts a top-post with an "On ... wrote:"-line. Replying with text selected still starts a bottom-post containing only the selected text, quoted. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/83">#83</a>) - Webmail: In the compose window, autoresize address input fields to match the content. - Webmail: When composing a message, show security properties of recipient addresses: Whether STARTTLS is known to be offered by the SMTP server (historically), whether MTA-STS is implemented, whether MX records are DNSSEC-signed, whether DANE is implemented, and whether REQUIRETLS is offered by the SMTP server (historically). - Webmail: Add clear marker between message header and body, so an HTML message cannot fake being part of the UI. - Webmail: If a "display name" of an address contains address-like characters ("@" or "<" or ">"), only display the actual email address in the message listing, not the display name. Should prevent confusion attacks with messages specifying an unrelated email address in the display name. - The suggested SRV DNS record for autodiscovery now points directly to the host name, not to a CNAME (which is technically invalid, but seems to work in practice). - When ACME-validation for a new TLS certificate fails, log error messages that may explain the reason. E.g. "your CAA record forbids Let's Encrypt from issuing certificates". - SMTP server: workaround for Windows Mail that has invalid additional space in its "AUTH PLAIN" command. - Fix delivery to recipient domains with an MX host containing an underscore, such as "_dc-mx.<id>.<domain>" as apparently used by cloudflare. From richard g. - When generating a DSN message (for delivery failure), try harder to DKIM-sign it: With a configured domain, also when sending from postmaster@mailhost.<domain>. - For incoming messages, track whether TLS and REQUIRETLS was used during delivery, and whether the message matched a forwarding or mailing list rule, and show it in the webmail. - In logging, change "fatal io error" to just "io error". The "fatal" sounds too serious, it's just the connection that will be closed. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/39">#39</a>) - Add rfc/xr.go to generate HTML pages with cross-referenced code and RFC. These HTML pages are published at <a href="https://www.xmox.nl/xr/dev/">https://www.xmox.nl/xr/dev/</a> - Webmail: In case of long lists of addresses in To/Cc/Bcc headers, only show the first 4 addresses along with a "More" button. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/98">#98</a>) - Clarify documentation on importing messages from the command-line, which can be unintuitive due to systemd service file mount points. (<a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/79">#79</a>) - Implement obsolete SASL LOGIN for submission, for interoperability with the new cloud Outlook. - Fix IMAP ESEARCH response for clients before IMAP4rev2, notably cloud Outlook. - Many small improvements. Bug fixes: - Security: When looking up MTA-STS policies, don't follow CNAME records for the recipient domain. A single unauthenticated CNAME response could redirect policy lookup to another domain. - Webmail: When replying to selected text consisting of characters in multiple unicode blocks, don't loose some of the selected text in the reply. - Don't parse DKIM "selectors" as IDNA domains. They are just DNS labels. Based on email from richard g. - Update to latest bstore (database library) to fix a bug with deleting/updating records. Problem found during development of new features, behaviour not seen in any committed version. - Webmail: Fix the date shown in the message headers. It was off by the timezone. - Fix concurrency bug with accessing a math/rand PRNG with Read. Mostly replaced with crypto/rand. Found during development and tests. - The queue page on the webadmin would fail with a JS error when a message was in the queue and no transport was configured (which is the default). - For domains configured only to accept DMARC reports, don't request an autoconfig TLS certificate through ACME at startup. - For incoming messages, convert bare newlines to carriage return+newline. The import code already did this. Having bare newlines could cause imapserver's fetch command to fail with a (connection) panic in some cases. Update instructions: Before upgrading, you should do a dry-run first: - Make a temporary backup with the old mox version: mox-v0.0.7 backup data/tmp/testupgrade - Verify that all is well with the old version: mox-v0.0.7 verifydata data/tmp/testupgrade - Verify the state with the new version: mox-v0.0.8 verifydata data/tmp/testupgrade With a successful dry-run, the upgrade should go smoothly. Make a new backup with `mox-v0.0.7 backup data/tmp/backup` (the previous backup used for the dry-run has been modified, so couldn't be used to restore!), replace the binary and restart. If you are upgrading from v0.0.6, see its upgrade instructions for commands to execute. It's better to immediately upgrade to v0.0.8 (see issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/71">#71</a>). If you run into any problems, please create an issue. After upgrading, you may want to configure DANE: To make use of DANE for outbound deliveries, make sure you have a trusted DNSSEC-verifying stub resolver. Unbound is recommended. Don't use systemd-resolved, its DNSSEC support is not ready for use. To make use of DANE for inbound deliveries, first make sure your DNS records are DNSSEC signed, and your DNS operator supports TLSA records. The SMTP TLS private keys ("host keys) should be added to the TLS section of the "public" listener in mox.conf. If you use ACME (e.g. with Let's Encrypt), you will want to use the private keys of existing certificates. Run "mox config ensureacmehostprivatekeys" to find existing or generate new private keys, and print the config snippets you'll have to apply to mox.conf. You may want to update your autodiscovery DNS record. See the "DNS check" admin page or run "mox config dnscheck <domain>". Thanks: Thanks for contributions and/or feedback from: taavi, naturalethic, mattfbacon, duesee, mpldr, richard g, ArnoSen (and those I missed). Feedback, requests, bug reports, contributions (start small!) are all welcome. Development on mox is funded through the NLnet NGI0 Entrust Fund, <a href="https://nlnet.nl/entrust/">https://nlnet.nl/entrust/</a>, with financial support from the European Commission's Next Generation Internet programme. mjl- tag:github.com,2008:Repository/595136650/v0.0.7 2023-10-05T20:57:58Z v0.0.7 v0.0.7 version: v0.0.7 date: 2023-09-24 Update instructions: Due to a bug with "expunging" (deleting) messages that were junk-filter-trained, messages that were removed from disk could be resurrected, causing errors when mox would later try to open such messages again. Before upgrading, you should first check and resolve this problem: - Find missing files by running: mox-v0.0.6 fixmsgsize - Create empty replacements for the missing files (use "touch data/accounts/..."). - Update the message metadata in the database for the newly created files: mox-v0.0.6 fixmsgsize (this will fix the previously missing files, but should no longer find new missing files) - Fix per-mailbox message/unread counts for each affected account, run: mox-v0.0.6 recalculatemailboxcounts <account> ("account" is the name as it appears in the data/accounts/ directory, not necessarily an email address) - The affected accounts will see the recreated empty messages, which can be deleted. Now with the storage consistency resolved, you can start with the upgrade. Mox v0.0.7 adds message threading, and all messages will be read and assigned a message thread. This is done in the background, in two steps, and may take a while. The first step adds Message-ID and a "thread base subject" to each message in the database. The second step reads through all messages and uses their References/In-Reply-To/Subject message headers to match threads. In testing, upgrading took approximately 1 minute per 100k messages, but it will depend on the hardware. Accounts are available for reading and delivery during the upgrade, but the webmail may tell you that threading is not yet available. You should do a dry-run of the upgrade first: - Make a temporary backup with the old mox version: mox-v0.0.6 backup data/tmp/testupgrade - Verify that all is well with the old version: mox-v0.0.6 verifydata data/tmp/testupgrade - Trigger the threading upgrade using the new version: mox-v0.0.7 openaccounts data/tmp/testupgrade <your-account-name> (it prints nothing until done; the live upgrade prints progress) - Verify the new state: mox-v0.0.7 verifydata data/tmp/testupgrade With a successful dry-run, the upgrade should go smoothly. Make a new backup with `mox-v0.0.6 backup data/tmp/backup` (the previous backup used for the dry-run has been modified, so couldn't be used to restore!), replace the binary and restart. After the upgrade, any accounts affected by the "missing file" problem should get their "uid validity" increased, so IMAP clients will resynchronize. Run "mox-v0.0.7 bumpuidvalidity <account>" for each affected account. The change is made directly in the database file, so no IMAP/webmail sessions should be active for the account. If any sessions are active, the database file is locked and "bumpuidvalidity" will print a timeout error. Briefly shutting down mox is an option, the bumpuidvalidity command operates quickly. Apologies for the inconvenience, mox aims to make administrating a mail server easier than this. If you run into any problems, please create an issue. New features: - Keep track of message threading, and add a threaded view to the webmail. Newly delivered messages are matched against threads, as are imported messages. The message threading is currently only exposed through the webmail client, not yet through IMAP. The webmail has new keyboard shortcuts to navigate between threads, collapse/expand them (with state remembered), or mute them (so new deliveries to the thread are marked as read). - Add option to accept DMARC and TLS reports for other domains. You would add the other domain in mox, and specify an alternative domain (of your regular dmarc/tls reporting address) for the recipient of the reports. The webadmin DNS-check page will show the required DNS records for delegated reporting. Incoming reports will be delivered to the configured reporting address, and processed by mox. - Easier account setup on Apple devices without device management profiles (.mobileconfig files). Download a profile from the account web interface, at an email address. Or open the QR-code to easily get the profile on a mobile device. For issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/65">#65</a> by x8x. - Transparent gzip compression when webserving files for selected content-types that are likely compressible. Both for static files (with a cache of compressed files, max 512MB stored in $datadir/tmp/httpstaticcompresscache), and for forwarded requests (gzip level "fast"). Compression can be enabled per handler. Improvements: - In SMTP server, for submission (with authenticated clients), don't fail on a bad domain/IP address in the EHLO command. With submission the domain/IP is irrelevant, and clients often fill in something that isn't strictly correct. No need to prevent those users from submitting email (except in pedantic mode). For issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/55">#55</a> reported by gimpf. - At top of config files, mention the config file format, and hints to prevent likely mistakes (given how sconf is different from what admins may be used to), including a pointer to the sconf documentation page. For issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/56">#56</a> reported by kikoreis. - Recognize when quickstart is probably run behind a NAT, possibly a container, and set the "NATIPs" field of the "public" listener in mox.conf accordingly. This triggers when you set up mox for a public domain, but only have private/loopback IPs on the machine. For issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/59">#59</a> reported by pmarini. - When moving a message out of Rejects mailbox, mark it as unread. For issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/63">#63</a> by x8x. - The "mox setaccountpassword" subcommand now takes an account name as parameter instead of an email address. The email address could be confusing in the face of wildcard addresses and a typo/non-explicitly-created address: The account holding the wildcard address would get a new password. For issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/68">#68</a> by x8x. - Make Mac OS X Mail use the special-use mailbox attributes so it finds the correct "Sent" and "Trash" mailboxes (instead of creating its own "Sent Messages" and "Deleted Messages" mailboxes). The IMAP server now unconditionally sends the special-use flags, even if the mail client doesn't request it. For issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/66">#66</a> by x8x. Bug fixes: - Fix expunging of messages marked junk/nonjunk. The messages would be marked as expunged, then the junkfilter would retrain and clear the expunged field again. This would cause the message to be resurrected while the on-disk message file was already removed. Trying to read such messages would fail. The update instructions should help fix the problem. - Fix "mox sendmail" when submitting over a TLS connection by setting the remote host name to verify the certificate of. Due to a logic bug the name wasn't set and the connection would fail due to the missing setting. - Don't generate duplicate suggested SPF record if hostname is equal to domain name, e.g. postmaster@mail.domain.example. Fixes issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/46">#46</a> reported by x8x. - Fix showing attachments of type text/plain in webmail, they weren't shown at all because they were skipped when parsing the message during webmail message processing. - Fix parsing the List-Post header in messages, for use in webmail when replying to a mailing list message. - When moving a message to the mailbox that has the special-use "junk" flag, mark the message as junk and retrain. This should have already worked just like the "AutomaticJunkFlags" config option, and the default account config already handles marking messages as junk based on that option, but the special-use flag should be recognized independently and now also takes precedence. - Set the correct special-use mailbox flag "\Drafts" instead of "\Draft" on the draft mailbox. Mail clients may have not found the correct drafts mailbox before. For issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/66">#66</a> by x8x. - Fix "mox bumpuidvalidity" to not create a (mostly harmless) uidvalidity inconsistency that "mox verifydata" will warn about. For issue <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/issues/61">#61</a> by x8x. - And quite a few smaller tweaks/improvements/fixes. Special thanks for contributions and/or feedback from: x8x, gimpf, kikoreis, pmarini, fairking, gedw99, hmfaysal (and those I missed). Feedback, requests, bug reports, contributions (start small!) are all welcome. Good news: Mox is now being funded for a year of continued development through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, <a href="https://nlnet.nl/project/Mox/">https://nlnet.nl/project/Mox/</a>! mjl- tag:github.com,2008:Repository/595136650/v0.0.6 2023-08-16T15:24:40Z v0.0.6 v0.0.6 Update instructions: Make a backup, replace the binary and restart. After the upgrade, the first time an account is opened with this new version, new message indexes are created and mailbox message count statistics are calculated. For large mailboxes, the time and memory this takes can be noticable. The upgrade tests take about 15 seconds on 570k messages on a thinkpad x1 from 2018, and run with a max memory data size of 768MB. Don't forget to make a backup of the data directory with your currently running mox before upgrading (e.g. "mox-v0.0.5 backup data/tmp/backup"). You can dry-run the upgrade by making a separate backup ("mox-v0.0.5 backup data/tmp/testupgrade") and running the "verifydata" command with the new mox version ("mox-v0.0.6 verifydata data/tmp/testupgrade"). Running "verifydata" with a newer mox will make changes to the database files, so don't run it on a backup you may need to restore. It is recommended to run the new "mox reparse" command after upgrading. It will reparse all messages with the improved message parsing code. For existing installations, the new webmail must be enabled manually in mox.conf with config options "WebmailHTTP" and/or "WebmailHTTPS", similar to "AccountHTTP(s)". See the example config printed by "mox config describe-static". If you are forwarding email to an address hosted with mox, you may want to configure the new "IsForward" and possibly "AcceptRejectsToMailbox" options in a delivery ruleset for better junk handling/analysis. If your mox is behind a NAT, and your mox.conf uses config option IPsNATed, you should switch to new config option NATIPs, and specify the public IPs that are NATed. New features: - Webmail, for reading/writing messages. It is similar to other regular and webmail clients, with a decent set of features for a first version (with more to come in the future). Webmail is enabled for new installs created with the quickstart. For more details about the implementation, see <a class="commit-link" href="https://github.com/mjl-/mox/commit/849b4ec9e9f9bf7cdd2862de9e2a2dd096858d5c"><tt>849b4ec</tt></a>. - IMAP extensions CONDSTORE and QRESYNC have been implemented. With CONDSTORE, changes to messages are tracked with a modification sequence, "modseq". This is used by mail clients both to efficiently find changes when reconnecting, and for conditionally storing updated message flags (only if modseq is still as expected). QRESYNC is an additional extension for faster full mailbox synchronization. These are useful by themselves, but keeping track of the "modseq" will also help with JMAP. Improvements: - Faster IMAP "STATUS" command (which checks mailbox status), because mox now keeps track of total/unseen/deleted number of messages in mailboxes. Noticable in larger mailbox (>50k messages). - Be less strict by default when parsing messages, and handle non-ascii/utf-8 encodings in message subjects. We already accepted messages with problems, but stored them mostly unparsed. IMAP clients would parse the message themselves so users wouldn't notice anything, but now that we have webmail it is more important to have parsed forms of messages for problematic messages. - Properly decode character encodings other than ASCII and UTF-8 when returning/searching text in messages. - Be more lenient for (authenticated) submission of email over SMTP (but not during regular SMTP delivery). Before, we were strict about certain protocol violations, but that wasn't helpful behaviour for legitimate users. In pedantic mode, mox still rejects these violating commands. - New config options "AcceptRejectsToMailbox" and "IsForward" in Rulesets, for handling incoming messages that are forwards from another address. By setting "AcceptRejectsToMailbox", if the junk analysis says a message is junk, the message is accepted during SMTP instead of rejected, but delivered to the configured mailbox. It isn't always a good idea to reject forwarded messages that are junk. By setting "IsForward", the junk analysis and future classification based on such a message is done differently. See the config option for details. (PR <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/pull/50">#50</a> by bobobo1618) - Add a KeepRejects options to account configurations, so the Rejects mailbox isn't automatically cleaned up. (PR <a class="issue-link js-issue-link" href="https://github.com/mjl-/mox/pull/49">#49</a> by bobobo1618) - Add option NATIPs to a listener in mox.conf for better handling when mox is configured behind a NAT. - "mox verifydata" now checks for more potential issues, and mox gained a few subcommands to fix those issues. Bug fixes: - Fix showing the progress while importing messages. Messages were still imported, but the SSE connection with progress updates was broken. - Fix potential delays in propagating changes to IMAP IDLE connections. - IMAP compliance: add missing space after continuation line ("+"). - IMAP compliance: add missing empty untagged response for SEARCH in case of no matches. - Fix the -existing-webserver flag for "mox quickstart". Its TLS key/cert check tripped it up. - And many more small fixes and improvements. Special thanks for contributions and/or feedback from: Mendel, bobobo1618, hmfaysal, x8x, kikoreis, gerben, andrii, liesbeth, morki, gedw99 and everyone I forgot. More feedback/bug reports welcome! mjl-

Original Source | Taken Source