New features
- Implement IMAP NOTIFY extension from RFC 5465. Where IDLE is for monitoring a
single mailbox, NOTIFY allows monitoring many/all mailboxes in an account at
once. (8bab38e) - Implement IMAP UIDONLY extension, RFC 9586, greatly reducing data
accounting and memory use for IMAP connections (once clients support it).
(507ca73) - Implement IMAP MULTISEARCH extension, searching multiple mailboxes with a single
command. (479bf29) - Implement IMAP PREVIEW extension (RFC 8970), and store previews in
the message database. Automatically generated and stored on first request for
existing messages, or during delivery for new messages. (aa631c6,
6ab31c1, 3ac38aa) - Implement IMAP REPLACE extension, RFC 8508, used for replacing drafts
as they are typed. (92a87ac) - Implement MULTIAPPEND extension, RFC 3502, for appending multiple messages in
a single command, useful for importing messages into a mailbox. (78e0c02) - Implement IMAP METADATA extension, RFC 5464 (f30c44e,
2809136, #290) - Implement RFC 9590, returning metadata in the IMAP extended list
command (0ed820e) - Implement IMAP "INPROGRESS" response code (RFC 9585) for keepalive
and progress reportng during long search. (cc5e316) - Announce support for IMAP NAMESPACE extension in imap
capabilities line. (95d2002) - Implement IMAP WITHIN extension, RFC 5032, for additional search command
criteria. (5e4d80d) - Implement IMAP CREATE-SPECIAL-USE extension for the mailbox
create command, part of RFC 6154. (dcaa99a) - Implement IMAP SAVEDATE extension, RFC 8514. (7288e03)
- Keep track of login attempts, both successful and failures. Now shown in
account and admin interfaces. (1277d78) - Add config domain option for multiple localpart catch all separators, e.g.
both "+" and "-", for addresses you+anything@example.com and
you-anything@example.com. (#301, 9a8bb11) - Add account config option to prevent the account for setting their own custom
password, only allowing mox to generate a new password, and enable by default
for new accounts. Should prevent password reuse and users picking weak
passwords, but does not prevent password phishing. (#286, 3e53abc) - Add config options to disable a domain and to disable logins for an account.
(#175, 2d3d726) - Add account config option to reject incoming deliveries with an error during
the smtp transaction. Useful for rejecting deliveries to specific addresses when
a catchall is configured. (#156, 3e26953) - webmail: Add buttons to download a message as eml, and export 1 or more
messages as mbox/maildir in zip/tgz/tar, like for entire mailboxes.
(a5d74eb) - webmail: Add button to create a mailbox below another one, for convenience.
(ef77f58) - webmail: Add button to mark a mailbox and its children as read.
(ad26fd2)
Improvements
- Write base64 message parts with 76 data bytes on a line instead of 78, as
required by RFC 2045 (MIME). The 78 byte lines work as well, except that
SpamAssassin gives them a higher spam score.
(69d2699) - Change "mox backup $destdir" from storing only data files to $destdir to
storing them under $destdir/data and now also copying config files, to
$destdir/config. (#150, 76e96ee) - quickstart: Check if domain was registered recently using RDAP, and warn
about potential deliverability issues. (2f09976) - Hide version number from smtp banner and imap ID command response (when
unauthenticated), and web interfaces. (68729fa, 3a3a115, #322) - When adding a new domain, only set up RSA DKIM keys, not ed25519. The ed25519
key is causing admin confusion due to many other mail servers not recognizing
the keys and sending DMARC reports containing unhelpful DKIM verification
errors. (#299, 2fc75b5) - webmail: Reconnect automatically in more cases, changing the "stop
reconnection automatically" period from 10 minutes to 5 seconds. (5dcf674) - webmail: For "cid"/content-id's used in html, look for them in all other
parts, not just when there is a multipart/related in the message. Fixes
displaying messages sent by the gmail app, which sends messages with a MIME form
of multipart/mixed containing text/html and image/jpeg. We were only resolving
"cid"s in multipart/related, now we resolve them anywhere in the message. (#327,
462568d) - Add support for negotiating IMAP and SMTP on the HTTPS port 443 using TLS
ALPN "imap" and "smtp". Intended for future use with chatmail servers. (#255,
3c77e07) - imapserver: Return all the optional extensible fields for "fetch" attribute
"bodystructure", notably for content-disposition. Makes the gmail apps show
image attachments properly, instead of rendering the image bytes as (garbled)
text. This requires reparsing all messages, which is done automatically, in the
background, on first account open after the upgrade (2defbce, 31c2261,
0753325, #327, #217) - webmail: When composing, no long
8A1D
er remove the last remaining To address with
the ctrl+backspace shortcut. Too easy to trigger accidentally, almost never done
intentionally. (70aeddd) - Improve expunged message/UID tracking in IMAP sessions, track synchronization
history for mailboxes/annotations. We now delay removing message files from disk
until the last reference in any session goes away (e.g. after sending an IMAP
EXPUNGE/VANISHED response to all connected IMAP clients with the mailbox open).
(5779443) - When removing an account, wait until the last account reference has gone away
before removing the account files. We store intent to remove in the database,
until we get to it, possibly at next startup in case of sudden shutdown.
(ac4b006) - imapserver: Don't keep account write-locked during IMAP FETCH command, for
responsiveness during large mailbox syncs. (#128, b822533) - Add prometheus metrics for errors when getting certificates through ACME
(typically from let's encrypt), and add alerting rule. (e5e15a3) - webmail: When forwarding a message, include the
subject,date,from,reply-to,to,cc headers in the message (1c4bf89) - Also unicode-normalize usernames (email addresses) when logging into the
imapserver and webapps. (c7354cc) - When delivering over smtp, do not require the other server to announce the
8bitmime extension for 8-bit data unless in pedantic mode. (#287, 46c1693) - Do not use results from junk filter if we have less than 50 positive
classifications to base the decision on. Useful for new accounts, we don't want
to start rejecting incoming messages when there's too little information to
decide. (#64, 6aa2139) - Admin check: Do not raise error when forward-confirmed reverse dns does not
match hostname. Probably relatively common with setups involving NAT. (#239,
acc1c13) - Add config option to an account destination to reject messages that don't
pass a dmarc-like aligned spf/aligned dkim check. (6da5f8f) - cli: Add subcommand "mox admin imapserve $preauthaddress", for admins to open
a preauthenticated imap connection for an account, even if it is disabled for
logins (useful for migrations). (#175, 49e2eba) - webmail: In message view, under More, add button to open currently displayed
part (either text or html) as raw text (but decoded if in
base64/quoted-printable/etc). (008de1c) - cli: Add subcommand "mox config account list", printing all accounts and
whether they are disabled. (1b2b152) - For the web interfaces, ensure the effective configured http paths end in a
slash to prevent 404's and/or errors accessing the web interfaces, preventing
admin confusion. (#325, 3e128d7)
Bug fixes
- smtp: Add data reader fuzzer + fix OOB read. (f10bb2c)
- webmail: When completing a recipient address, quote the "name" if necessary
for proper interpretation. (#305, 1c58d38) - After queueing a message in the web api's, prevent context cancelation (e.g.
aborted http connections) from completing the operation in full. (b37faa0) - smtpserver: In localserve mode, don't reject messages "From" domain
"localhost" if localhost doesn't resolve to an IP through DNS. (d0b2414) - webserver: Don't raise a 500 server error for static file requests with
overlong names. (aa2b24d) - webmail: Fix parsing search filter "start:" and "end:".
(091faa8) - webmail: Fix dark mode, broken since v0.0.14. (#278, d08e0d3)
- webmail: Fix nil pointer dereference when searching for attachment types, eg
"a:spreadsheet" (#272, 0203dfa) - imapserver: Return proper response for FETCH of "BODY[1.MIME]" where 1 is a
message (39c21f8) - imapserver: Properly accept literal8 for APPEND, since we claim to implement
the BINARY extension (88a68e9) - In domain/dns self-check, for unused services, check in SRV records that port
is 0 like how we told users to configure it and fix checking for errors during
srv lookups, and show the value we got but didn't expect; show config snippet
for HostTLSRPT if it isn't configured; don't warn about reverse dns resolving to
multiple names. (9dff879, 3d0dc3a, 6f67812, 1d6f45e)
Update procedure
Before upgrading, do a dry-run first.
- Make a temporary backup with the old mox version:
mox-v0.0.14 backup data/tmp/testupgrade - Verify that all is well with the old version:
mox-v0.0.14 verifydata data/tmp/testupgrade - Verify the state with the new version:
mox-v0.0.15 verifydata data/tmp/testupgrade
With a successful dry-run, the upgrade should go smoothly. Make a new backup
again with mox-v0.0.14 backup data/tmp/backup (the previous backup was
modified by the dry-run, so couldn't be used to restore!), replace the binary
and restart. For further details, see
https://www.xmox.nl/faq/#hdr-how-do-i-upgrade-my-mox-installation
If you run into any problems, please create a bug report.
Manual update actions
Additional manual actions to consider:
- You may want to modify your backup scripts: "mox backup" now writes a data/
and config/ directory to the backup destination directory. Previously it only
wrote data files, directly to the backup destination directory. - You may want to disable signing with ed25519 DKIM keys to reduce noise in
DMARC reports from other mail servers that often don't understand ed25519 keys.
Make sure you do keep signing with an RSA key. - You may want to add the new prometheus alerting rule for
"mox_autotls_cert_request_errors_total", alerting on errors when
fetching/refreshing certificates with ACME. See prometheus.rules in the mox
repository.
Thanks
Thanks to everyone on irc/matrix/slack and the issue tracker for providing
feedback, and asking & answering questions. Much appreciated! In particular:
ulrichwisser, eric l, kjetilho, Myp3a, mattfbacon, janc13, dstotijn, Eygem,
martin, rawtaz, ilijamt, skyguy, mattanja, BlankEclair, gdunstone, unguamorray,
DanielG, RobSlgm, ally9335, x8x, exander77, s0ph0s-dog, odama626, wneessen,
omartijn, sam-willsey, QuadrupleA, hrstoyanov, mtgxx, martinjanda, shleeable,
haraldrudell, and more.
If you have open bug reports/issues mentioned in this release, please verify
the issue is resolved and either close the issue or write a comment. Thanks!
Special thanks to NLnet foundation for sponsoring development.