Release notes
This file contains notes for each release, summarizing changes and explicitly
noting backward-incompatible changes or known security issues.
1.14.0 (2024-04-21)
- Add built-in DKIM signing and verification.
- Rename
master
branch to main
. Docker users pulling from the master
docker label should update the label accordingly. No action is needed if
using latest
.
- Starting with this release, version numbers will be
SemVer-compatible, to help integration with other
software that expects it (e.g. pkg.go.dev).
1.13 (2023-12-24)
Security fixes:
- Strict CRLF enforcement in DATA contents, to prevent SMTP smuggling
attacks
(CVE-2023-52354). \
RFC5322 and
RFC5321 say
that the only valid newline terminator in SMTP is CRLF. \
When an invalid newline terminator is found in an incoming message, the
connection is now aborted immediately (previous releases also accepted
LF-terminated lines). \
The MTA courier now uses CRLF-terminated lines (previous releases used
LF-terminated lines).
Other changes:
- Add support for receive-only users.
- Reject empty listening addresses, to help prevent accidental
misconfiguration. To prevent chasquid from listening, just comment out the
entry in the config.
docker/add-user.sh
: Support getting email and password from env variables.
1.12 (2023-10-07)
- Support aliases with drop characters and
suffix separators.
- Improved delivery on some low-level TLS negotiation errors.
smtp-check
: Add flag to specify local name.
chasquid-util
: aliases-resolve
and domaininfo-remove
subcommands now
talk to the running server. That results in more authoritative answers, and
performance improvements.
chasquid-util
: Remove aliases-add
subcommand. This was an undocumented
command that was added a while ago, and there is no need for it anymore.
- Handle symlinks under the
certs/
directory.
1.11 (2023-02-19)
- New tracing library for improved observability.
- Update fuzz tests to the new standard infrastructure.
1.11.1 (2023-12-26)
Backport the security fixes from 1.13 (Strict CRLF enforcement in DATA
contents, fixes
CVE-2023-52354).
1.10 (2022-09-01)
- Support catch-all aliases.
- Fix bug in Docker image with user-provided certificates.
- Miscellaneous test improvements.
1.9 (2022-03-05)
- Improve certificate validation logic in the SMTP courier.
- Remove
alias-exists
hook, and improve aliases resolution logic.
- Support
""
values for drop_characters
and suffix_separators
in the
configuration file.
1.8 (2021-07-30)
- Stricter error checking to help prevent cross-protocol attacks
(like ALPACA).
- Allow authenticating users without an
@domain
part.
- Add integration for
chasquid-rspamd and
dkimpy in the example hook.
- Add a
-to_puny
option to mda-lmtp, to punycode-encode addresses.
- Use
application/openmetrics-text
as content type in the openmetrics
exporter.
1.7 (2021-05-31)
- chasquid-util no longer depends on the unmaintained docopt-go.
If you relied on undocumented parsing behaviour before, your invocations may
need adjustment. In particular,
--a b
is no longer supported, and --a=b
must be used instead.
- Improve handling of errors when talking to Dovecot for authentication.
- Fix handling of
hostname
option in the Docker image.
- Miscellaneous documentation and test improvements.
1.6 (2020-11-22)
- Pass the EHLO domain to the post-data hook.
- Add /exit endpoint to monitoring server.
- Implement HAProxy protocol support (experimental).
- Documentation updates.
1.5 (2020-09-12)
- Add OpenMetrics exporter (compatible with Prometheus).
- Support log rotation via SIGHUP, and other misc. logging improvements.
- Fix error code on transient authentication issues.
- Fix rspamd greylist action handling in the default hook.
- Miscellaneous monitoring server improvements.
1.4 (2020-05-22)
- Use the configured hostname in outgoing SMTP HELO/EHLO.
- Allow config overrides from the command line.
- Miscellaneous test improvements and code cleanups.
1.3 (2020-04-12)
- Improved handling of DNS temporary errors.
- Documentation updates (use of SRS when forwarding, Dovecot troubleshooting,
Arch installation instructions).
- Miscellaneous test improvements and cleanups.
1.2 (2019-12-06)
Security fixes:
- DoS through memory exhaustion due to not limiting the line length (on both
incoming and outgoing connections). Thanks to Max Mazurov
(fox.cpp@disroot.org) for the initial report.
Release notes:
- Fix handling of excessive long lines on incoming and outgoing connections.
- Better error codes when DATA size exceeded the maximum.
- New documentation sections (monitoring, release notes).
- Many miscellaneous test improvements.
1.1 (2019-10-26)
- Added hooks for aliases resolution.
- Added rspamd integration in the default post-data hook.
- Added chasquid-util aliases-add subcommand.
- Expanded SPF support.
- Documentation and test improvements.
- Minor bug fixes.
1.0 (2019-07-15)
No backwards-incompatible changes. No more are expected within this major
version.
- Fixed a bug on early connection deadline handling.
- Make DSN tidier, especially in handling multi-line errors.
- Miscellaneous test improvements.
0.07 (2019-01-19)
No backwards-incompatible changes.
- Send enhanced status codes.
- Internationalized Delivery Status Notifications (DSN).
- Miscellaneous test improvements.
- DKIM integration examples and test.
0.06 (2018-07-22)
No backwards-incompatible changes.
- New MTA-STS (Strict Transport Security) checking.
0.05 (2018-06-05)
No backwards-incompatible changes.
- Lots of new tests.
- Added a how-to and manual pages.
- Periodic reload of domaininfo, support removing entries manually.
- Dovecot auth support no longer considered experimental.
0.04 (2018-02-10)
No backwards-incompatible changes.
- Add Dovecot authentication support (experimental).
- Miscellaneous bug fixes to mda-lmtp and tests.
0.03 (2017-07-15)
Backwards-incompatible changes:
- The default MTA binary has changed. It's now maildrop by default.
If you relied on procmail being the default, add the following to
/etc/chasquid/chasquid.conf
: mail_delivery_agent_bin: "procmail"
.
- chasquid now listens on a third port, submission-on-TLS.
If using systemd, copy the
etc/systemd/system/chasquid-submission_tls.socket
file to /etc/systemd/system/
, and start it.
Release notes:
- Support submission (directly) over TLS (submissions/smtps/port 465).
- Change the default MDA binary to
maildrop
.
- Add a very basic MDA that uses LMTP to do the mail delivery.
0.02 (2017-03-03)
No backwards-incompatible changes.
- Improved configuration checks and safeguards.
- Fall back through the MX list on errors.
- Experimental MTA-STS implementation (disabled by default).
0.01 (2016-11-03)
Initial release.