All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.
This version introduces breaking changes in the configuration file. Please read the UPGRADING.md file for more information on how to upgrade from previous versions.
- Distributed and fault-tolerant SMTP message queues.
- Distributed rate-limiting and fail2ban.
- Expressions in configuration files.
- Do not include
STATUSin IMAPNOOPresponses (#234). - Allow multiple SMTP
HELOcommands. - Redirect OAuth using a
301instead of a307code.
Please read the UPGRADING.md file for more information on how to upgrade from previous versions.
- Built-in fail2ban and IP address/mask blocking (#164).
- CLI: Read URL and credentials from environment variables (#88).
- mySQL driver: Add
max-allowed-packetsetting (#201).
- Unified storage settings for all services (read the UPGRADING.md for details)
- IMAP retrieval of auto-encrypted emails (#203).
- mySQL driver: Parse
timeout.waitproperty as duration (#202). X-Forwarded-Forheader on JMAP Rate-Limit does not work (#208).- Use timeouts in install script (#138).
Please read the UPGRADING.md file for more information on how to upgrade from previous versions.
- ACME support for automatic TLS certificate generation and renewal (#160).
- TLS certificate hot-reloading.
- HAProxy protocol support (#36).
- IMAP command
SEARCH <seqnum>is using UIDs rather than sequence numbers. - IMAP responses to
APPENDandEXPUNGEshould includeHIGHESTMODSEQwhenCONDSTOREis enabled.
- SMTP smuggling protection: Sanitization of outgoing messages that do not use
CRLFas line endings. - SMTP sender validation for authenticated users: Added the
session.auth.must-match-senderconfiguration option to enforce that the sender address used in theMAIL FROMcommand matches the authenticated user or any of their associated e-mail addresses.
- Invalid DKIM signatures for empty message bodies.
- IMAP command
SEARCH BEFOREis not properly parsed. - IMAP command
FETCHfails to parse single arguments without parentheses. - IMAP command
ENABLE QRESYNCshould also enableCONDSTOREextension. - IMAP response to
ENABLEcommand does not include enabled capabilities list. - IMAP response to
FETCH ENVELOPEshould not returnNILwhen theFromheader is missing.
This version requires a database migration and introduces breaking changes in the configuration file. Please read the UPGRADING.md file for more information.
- Performance enhancements:
- Messages are parsed only once and their offsets stored in the database, which avoids having to parse them on every
FETCHrequest. - Background full-text indexing.
- Optimization of database access functions.
- Messages are parsed only once and their offsets stored in the database, which avoids having to parse them on every
- Storage layer improvements:
- In addition to
FoundationDBandSQLite, now it is also possible to useRocksDB,PostgreSQLandmySQLas a storage backend. - Blobs can now be stored in any of the supported data stores, it is no longer limited to the file system or S3/MinIO.
- Full-text searching con now be done internally or delegated to
ElasticSearch. - Spam databases can now be stored in any of the supported data stores or
Redis. It is no longer necessary to have an SQL server to use the spam filter.
- In addition to
- Internal directory:
- User account, groups and mailing lists can now be managed directly from Stalwart without the need of an external LDAP or SQL directory.
- HTTP API to manage users, groups, domains and mailing lists.
- IMAP4rev1
Recentflag support, which improves compatibility with old IMAP clients. - LDAP bind authentication, to support some LDAP servers such as
lldapwhich do not expose the userPassword attribute. - Messages marked a spam by the spam filter can now be automatically moved to the account's
Junk Mailfolder. - Automatic creation of JMAP identities.
- Spamhaus DNSBL return codes.
- CLI tool reports authentication errors rather than a parsing error.
- JMAP for Quotas support (RFC9425)
- JMAP Blob Management Extension support (RFC9404)
- Spam Filter - Empty header rules.
- Daylight savings time support for crontabs.
- JMAP
oldStatedoesn’t reflect in*/changes(#56)
- Dockerfile entrypoint script.
bayes_is_balancedfunction.
This version introduces some breaking changes in the configuration file. Please read the UPGRADING.md file for more information.
- Built-in Spam and Phishing filter.
- Scheduled queries on some directory types.
- In-memory maps and lists containing glob or regex patterns.
- Remote retrieval of in-memory list/maps with fallback mechanisms.
- Macros and support for including files from TOML config files.
config.tomlis now split in multiple TOML files for better organization.- BREAKING: Configuration key prefix
jmap.sieve(JMAP Sieve Interpreter) has been renamed tosieve.untrusted. - BREAKING: Configuration key prefix
sieve(SMTP Sieve Interpreter) has been renamed tosieve.trusted.
- Option to allow invalid certificates on outbound SMTP connections.
- Option to disable ansi colors on
stdout.
- SMTP reject messages are now logged as
inforather thandebug.
- Support for reading environment variables from the configuration file using the
!ENV_VAR_NAMEspecial keyword. - Option to disable ANSI color codes in logs.
- Querying directories from a Sieve script is now done using the
query()method fromeval. Your scripts will need to be updated, please refer to the new syntax.
- IPrev lookups of IPv4 mapped to IPv6 addresses.
- Journal logging support
- IMAP support for UTF8 APPEND
- Replaced
rpgpwithsequoia-pgpdue to rpgp bug.
- Fix: IMAP folders that contain a & can't be used (#90)
- Fix: Ignore empty lines in IMAP requests
- Option to disable IMAP All Messages folder (#68).
- Option to allow unencrypted SMTP AUTH (#72)
- Support for
rcpt-domainkey inrcpt.relaySMTP rule evaluation.
- SMTP strategy
Ipv6thenIpv4returns only IPv6 addresses (#70) - Invalid IMAP
FETCHresponses for non-UTF-8 messages (#70) - Allow
STATUSandACLIMAP operations on virtual mailboxes. - IMAP
SELECT QRESYNCwithout specifying a UID causes panic (#67) - Milter
DATAcommand is sent after headers which causes ClamAV to hang. - Sieve
redirectof unmodified messages does not work.
- Arithmetic and logical expression evaluation in Sieve scripts.
- Support for storing query results in Sieve variables.
- Results of SPF, DKIM, ARC, DMARC and IPREV checks available as environment variables in Sieve scripts.
- Configurable protocol flags for Milter filters.
- Fall-back to plain text when
STARTTLSfails andstarttlsis set tooptional.
- Do not panic when
hash = 0in reports. (#60) - JMAP Session resource returns
EmailSubmissioncapabilities using arrays rather than objects. - ManageSieve
PUTSCRIPTshould replace existing scripts.
- TCP listener option
nodelay.
- SMTP: Allow disabling
STARTTLS. - JMAP: Support for
OPTIONSHTTP method.
- JMAP: Support for setting custom HTTP response headers (#52)
- SMTP: Missing envelope keys in rewrite rules (#25)
- SMTP: Remove CRLF from Milter headers
- JMAP/IMAP: Successful authentication requests should not count when rate limiting
- IMAP: Case insensitive Inbox selection
- IMAP: Automatically create Inbox for group accounts
- Encryption at rest with S/MIME or OpenPGP.
- Support for referencing context variables from dynamic values.
- Support for PKCS8v1 ED25519 keys (#20).
- Automatic retry for import/export blob downloads (#14)
- Sender and recipient address rewriting using regular expressions and sieve scripts.
- Subaddressing and catch-all addresses using regular expressions (#10).
- Dynamic variables in SMTP rules.
- Added CLI to Docker container (#19).
- Workaround for a bug in
sqlxthat caused SQL time-outs (#15). - Support for ED25519 certificates in PEM files (#20).
- Better handling of concurrent IMAP UID map modifications (#17).
- LDAP domain lookups from SMTP rules.
- Milter filter support.
- Match IP address type using /0 mask (#16).
- Support for OpenLDAP password hashing schemes between curly brackets (#8).
- Add CA certificates to Docker runtime (#5).
- LDAP and SQL authentication.
- subaddressing and catch-all addresses.
- S3-compatible storage.
- Merged the
stalwart-jmap,stalwart-imapandstalwart-smtprepositories intostalwart-mail. - Removed clustering module and replaced it with a FoundationDB backend option.
- Integrated Stalwart SMTP into Stalwart JMAP.
- Rewritten JMAP protocol parser.
- Rewritten store backend.
- Rewritten IMAP server to have direct access to the message store (no more IMAP proxy).
- Replaced
actixwithhyper.