- exclude port 587 from TLS NO-GO feature #2875
- strip haraka-plugin- prefixes off plugin names in config/plugins #2873
- pass smtp.ini config from Server into connections & transactions #2872
- add ability to disable SMTPUTF8 advertisement #2866
- assure headers.max_lines is initialized as integer #2878
- require haraka-net-utils >= 1.2.2 #2876
- add config options for OAR & AR headers #2855
- plugins.js: also strip haraka-plugin prefix from plugin.name #2846
- smtp_forward/spamssassin: grab refs of conn/txn to avoid crashes due to lack of existence. #2847
- outbound: add extended reason to bounce message #2843
- hgrep: replaced perl script with shell script #2842
- connection: send temp error when requested #2841
- headers: updated deprecated messages #2845
- hmail: socket.on -> socket.once #2838
- hmail: check for zero length queue file #2835
- outbound: add os.hostname() as default for outbound HELO #2813
- use node v10's mkdir instead of mkdirp #2797
- CI: drop appveyor and Travis #2784
- lint: add 'prefer-template'
- update async to version 3.2.0 #2764
- update redis to version 3.0.0 #2759
- remove deprecated max_unrecognized_commands from config #2755
- CI: add ES2017 support, drop node 8 #2740
- fix broken bannering on nested mime parts #2736
- restore TLS version info, set correctly #2723
- better error message when invalid HELO hostname is rejected
- bring STARTTLS "TLS NO-GO" feature in line with Outbound's #2792
- add listener for secureConnect #2828
- removed plugins/data.headers to haraka-plugin-headers #2826
- add zero-length queue size check
- send temp instead of hard error when asked to by
unrecognized_command
- Allow web interface to be bound to unix socket #2768
- tls: add configurable minVersion to tls socket options #2738
- connection_close_message: added ability to override close connection message replacing
closing connection. Have a jolly good day.
#2730 - add JSON format for logging #2739
- support binding web interface to unix socket
- check for punycode domain names when resolving MX, avoid crash #2861
- wait until entire message is spooled when spool_after in use #2840
- hmail: add missing space in temp_fail emitter #2837
- fix outbound config reloading after outbound split #2802
- smtp_forward: remove redundant outbound hook #2796
- smtp_forward: this plugin does not use the queue_outbound hook anymore #2795
- Fix connection pool not being unique when hosts and ports were equal between domains #2789
- fix connection pool not being unique when hosts and ports were equal between domains #2788
- Fix outbound.bounce_message To: header (and add Auto-Submitted) #2782
- Fix support for DKIM signing when forwarding and aliasing is enabled #2776
- Better error message when EHLO hostname does not have a dot #2775
- fix bannering on nested mime parts #2737
- TLS: don't abort loading certs in config/tls dir when an error is encountered. Process every cert file and then emit errors. #2729
- restore TLS version, correctly #2723
- conn: remove TLS version from header #2648
- Actually enforce using key for INTERNALCMD #2643
- trans: assign conditions to named vars #2638
- drop node.js v6 support #2632
- conn: use is_local instead of localhost addr tests #2627
- spamassassin: spamassassin: strip useless WS from tests #2624
- es6: many updates #2615, #2674, #2680
- systemctl: update service definition #2612
- lint: bracket style to match newer eslint:recommended #2680
- lint: use object shorthands (eslint:recommended) #2680
- logger: use safer Object.prototype.hasOwnProperty #2680
- outbound: permit # char in SMTP status code response #2689
- dkim_sign: improve docs, add tests, es6 updates #2649
- dkim_sign: restore default key signing feature #2649
- tmp module: update to latest #2614
- semver: update to latest #2616, #2651
- async: update to latest #2653, #2664
- repo cleanup: replaced deprecated plugins with list #2681
- spf: es6 patterns, results.pass, test improvements, es6 patterns #2700
- spf: add config option to fail on NONE #2644
- mailheader: fully quality header name in _remove_more #2647
- haraka: Connection.createConnection is not a constructor #2618
- problems with japanese characters in body and part header #2675
- toobusy: fix hook name (connect_pre -> connect) #2672
- outbound: watch for socket timeouts #2687
- outbound: permit # char prefix in SMTP status code response #2691
- mailheader: strip whitespace between encoded-words #2702
- early_talker: skip if sender has good karma #2551
- dockerfile: update to node 10 #2552
- Update deprecated usages of Buffer #2553
- early_talker: extend reasons to skip checking #2564
- tls: add 'ca' option (for CA root file) #2571
- outbound: little cleanups #2572
- smtp_client: pass pool_timeout to new SMTPClient #2574
- server: default to nodes=1 (was undefined) #2573
- test/server: use IPv4 127.0.0.1 instead of localhost #2584
- queue/smtp_*: add v3 upgrade notice and config setting #2585
- spf: use the skip config for helo/ehlo checks #2587
- spf: avoid 2nd EHLO evaluation if EHLO host is identical #2592
- queue.js refactoring #2593
- Log dkim_sign parse errors with connection ID #2596
- Update ipaddr.js to the latest version #2599
- make inactivity timeout match docs #2607
- Implement SIGTERM graceful shutdown if pid is 1 #2547
- tls: require validated certs on some ports with requireAuthorized #2554
- spamassassin: disable checks when requested #2564
- clamd: permit skipping for relay clients #2564
- outbound: exported outbound.temp_fail_queue, outbound.delivery_queue and add TimerQueue.discard()
- status: new plugin #2577
- mf.resolvable: reduce timeout by one second (so < plugin.timeout) #2544
- LMTP blocks under stress #2556
- invalid DKIM when empty body #2410
- prevent running callback multiple times on TLS unix socket #2509
- add missing callback when listing queue and empty directory
- correct MIME parsing when charset: utf8 and encoding: 8bit #2582
- spamassassin: default check flags to true #2583
- smtp_client: destroy when connection gets conn timeout error #2604
- on error and timeout, remove listeners and destroy conn. #2606
- tighten Haraka pattern in .gitignore #2542
- enable tls/ssl for rabbitmq amqplib plugin #2518
- hmail: don't send RSET to LMTP #2530
- clamd: add check.authenticated, check.private_ip, check.local_ip option
- use get_decoded on headers that may be encoded #2537
- connection: move max_mime_part config load to connection init #2528
- outbound: init TLS when we send email, not when old queue file is loaded #2503
- relay: update port 465 doc #2522
- hmail: log the correct err message #2531
- ob/tls: consistently use obtls (vs plugin) for "this" name #2524
- outbound: add domain to loginfo message #2523
- Add connection.remote.is_local #2532
- update license #2525
- perf: move max_mime_parts config load to connection init #2529
- update semver to version 5.6.0 #2517
- added hint to encrypted file authentication #2514
- dkim_sign: improved log messages #2499
- ehlo_hello_message: config/ehlo_hello_message can be used to overwrite the EHLO/HELO msg replacing
, Haraka is at your service
#2498 - connection: add connection.remote.is_local flag for detecting loopback and link local IPs
- add .name to outbound TLS for logs #2492
- outbound: skip STARTTLS after remote host fails TLS upgrade #2429
- dns_list_base: introduce global plugin.lookback_is_rejected flag #2422
- replace all _ chars in hostnames with code points #2485
- Don't die on invalid commands #2481
- outbound: check list exists before attempting to use it #2478
- refactor outbound/hmail.process_ehlo_data #2488
- tls: skip when redis is undefined #2472
- Don't run delivered hook on LMTP fail #2470
- Add tls_socket.load_tls_ini() to tls.register() #2465
- outbound/tls: make into a class #2474
- plugins: clear timeout on cancel #2477
- txn.parse_body consistently a boolean #2476
- update ipaddr.js to version 1.8.0 #2468
- New Features
- n/a
- Fixes
- data_headers: check defined-ness of hdr_address after try/catch #2458
- tls: remove tls.ini loading from plugins/tls #2459
- tls: remove invalid opt from load_tls_ini #2456
- outbound: escape values in HTML bounce correctly #2446
- dkim_sign: catch exceptions when address-rfc2822 fails to parse From #2457
- Changes
- logger: Add "obj" log param to log hook that contains log data by type #2425
- logger: include outbound client ID in logging #2425
- logger: allow specifying uuid in params when logging #2425
- New features
- outbound: received_header=disabled supresses outbound Received header addition. #2409
- auth_base.js:
check_plain_passwd
andcheck_cram_md5_passwd
can now passmessage
andcode
to callback routine - spf: allow bypass for relay and AUTH clients #2417
- spf: optionally add OpenSPF help text to rejection #2417
- auth_base: prevent storing of AUTH password in connection.notes.auth_passwd by setting plugin.blackout_password. #2421
- Fixes
- Mitigate MIME part explosion attack #2447
- Always prefix ClamAV with a Received header #2407
- plugins/data.headers.js: wrap address-rfc2822 header parse into try block #2373
- tls_socket: as client, only apply TLS opts if config is valid #2414
- when installing, creates config/me if missing #2413
- queue/qmail-queue: fix a 2nd crash bug when client disconnects unexpectedly #2360
- remove desconstruction of SMTP commands to prevent exception #2398
- attstream: return self so that pipe() calls can be chained together. #2424
- outbound: fix dotfile cleanup to consider platform-based prefix. #2395
- outbound: fix handling of LMTP socket when a socket path is specified. #2376
- Changes
- relay: move relay acl check to connect_init so flag is set earlier #2442
- process_title: add total recipients, avg rcpts/msg, recipients/sec cur/avg/max and messages/conn #2389
- when relaying is set in a transaction, don't persist beyond the transaction #2393
- connection.set supports dot delimited path syntax #2390
- remove deprecated (since 2.8.16) ./dsn.js
- Add transaction.msg_status property that reflects message status. #2427
- Add transaction.notes.proxy object that hold HAProxy details. #2427
- spamassassin: make relay header configurable. #2418
- deprecate max_unrecognized_commands plugin in favor of limit. #2402
- xclient: add support for DESTADDR/DESTPORT. #2396
- New features
- smtp_forward: domain configuration is now chosen based on domain_selector #2346
- Fixes
- queue/qmail-queue: fix crash bug when client disconnects unexpectedly #2360
- tls: fix crash bug in
unrecognized_command
hook dkim_key_gen.sh
: improve usability and parameter parsing #2355
- Changes
- document
force_shutdown_timeout
andgraceful_shutdown
settings #2350
- document
- New Features
- SMTPS port is configurable #2269
- smtp_forward: enable_outbound can be set per domain #2335
- Fixes
- Fix ability to set log level to emerg #2128
- outbound/hmail: use Buffer to correctly read binary file data + tests #2231
- quarantine: consolidate 2x hook_init_master functions
- tls_socket: restore SNI functionality, emit count of TLS certs #2293
- fix smtp_client error handling #2298
- fix outbound pools #2317
- add openssl-wrapper as dependency #2320
- replace _ chars in hostnames with code points #2324
- add this.removeAllListeners('connection-error') #2323
- Fix crashing on RSET #2328
- Prevent data headers crit fail #2329
- Fix undefined max_lines in log message #2337
- Changes
- line_socket: remove superfluous function #2339
- consistent end of function declaration semicolon #2336
- connection: assure hostname is set #2338
- smtp_client: Fix log message typo #2334
- Update ipaddr.js to version 1.6.0 #2333
- Warn on max_header_lines #2331
- update jquery version #2322
- plugins: add SRS plugin to registry #2318
- tls_socket: only generate dhparam.pem on master process #2313
- add ENOTFOUND to also check A record #2310
- smtp_forward: correct config file name in docs #2309
- reduce severity of iconv conversion failure #2307
- Add txn UUID to "250 Message Queued" #2305
- mailheader: reduce log level priority #2299
- greylist: only log redis DB errors when exist #2295
- data.headers: reduce undef MLM logerror to logdebug #2294
- quarantine: consolidate 2x hook_init_master() #2292
- move test_queue to queue/test #2291
- in haraka plugin test mode, add server.notes #2248
- outbound/hmail: refactor #2238
- outbound/hmail: add JSON sanity test before JSON.parse #2231
- outbound/index: use newer Buffer.from syntax #2231
- outbound/hmail: make haraka queue files human friendly #2231
- plugins/rcpt_to.ldap -> haraka-plugin-rcpt-ldap #2144
- plugins/auth/auth_ldap -> haraka-plugin-auth-ldap #2144
- plugins/smtp_forward: enable_outbound can be enabled/disabled for specific domains
- auth_proxy: read TLS key and cert files from tls.ini #2212
- README: typo fixes #2210
- incorrect RCPT TO reply message #2227
- Resolve decoding bug when root part is base64 encoded. #2204
- Resolve base64 data truncation #2188
- Fix damaged encoding when body is non-utf #2187
- Fix disconnect hooks #2184
- ability to set log level to emerg #2128
- Improve docs for
Address
objects #2224 - connection: replace 3x ternaries with get_remote() #2169
- connection.local.host populated with hostname (from config/me) #2165
- connection.local.info populated with Haraka/version #2196
- npm packaged plugins:
- plugins/rcpt_to.ldap -> haraka-plugin-rcpt-ldap #2144
- plugins/auth/auth_ldap -> haraka-plugin-auth-ldap #2144
- plugins/graph -> haraka-plugin-graph #2185
- config: replace ./config.js with haraka-config #2119
- Replace concatenated strings with template literals (#2129) in:
- attachment #2260
- bin/spf #2129
- bin/dkimverify #2278
- connection #2129, #2243
- delay_deny #2264
- dkim #2216
- dsn #2265
- host_pool #2198, #2245
- logger #2277, #2246
- mailbody #2280
- max_unrecognised_commands #2171
- outbound/hmail #2259
- outbound/index #2249
- outbound/todo #2233
- plugins #2239
- plugins/aliases #2229
- plugins/attachment #2155
- plugins/auth_base #2252
- plugins/avg #2156
- plugins/backscatterer #2261
- plugins/bounce #2229
- plugins/clamd #2237
- plugins/connect.rdns_access #2262
- plugins/data.headers #2263
- plugins/data.uribl #2258
- plugins/helo.checks #2255
- plugins/rcpt_to.in_host_list #2253
- plugins/spamassassin #2256
- plugins/profile #2170
- plugins/rcpt_to.host_list_base #2254
- plugins/relay #2174
- plugins/relay_acl #2177
- plugins/spf #2266
- plugins/toobusy #2186
- plugins/xclient #2159
- rfc1869 #2159
- smtp_client #2129, #2208
- tests/host_pool #2159
- use es6 destructuring (#2075) in:
- connection #2230
- dkim #2232
- use es6 classes (#2133) in:
- attachment #2260
- attachment_stream #2215
- chunkemitter #2219
- dkim #2206
- dsn #2247
- host_pool #2194
- mailheader #2213
- mailbody #2213
- smtp_client #2221
- spf #2214
- tls_socket #2190
- timer_queue #2226
- outbound/hmail #2197
- outbound/todo #2233
- Automatically set connection.remote.is_private when connection.remote.ip is set #2192
- Add remove_msgid and remove_date options to outbound.send_email #2209
- Add origin option to outbound.send_mail #2314
-
Changes
- additional tests get var -> const/let medicine #2122
- move connection states into haraka-constants #2121
- lint: remove useless escapes #2117
- lint: switch no-var to error #2109
- rspamd: repackaged as NPM module #2106
- dsn: repackaged as NPM module haraka-dsn #2105
- outbound: add results when queueing #2103
- spamassassin: skip adding headers when value is empty #2102
- Replace console.log with stdout #2100
- update js-yaml to version 3.10.0 #2097
- repackage p0f plugin to NPM #2076
- ES6: replace var with const or let #2073
-
New Features
- Bounces can have an HTML part #2091
-
Fixes
- daemon cwd #2126
- updated fcrdns plugin name passed to results #2115
- tls: only apply default key/cert paths when undefined #2111
- dkim_verify: fix formatting of auth results #2107
- smtp_forward: consistently use queue.wants #2107
- haraka was adding TLS header on non-TLS connection #2103
- dkim typo fix #2101
- fix rfc2231 parsing code to cope with continuation #2089
- Changes
- Permit log settings to be set w/o LOG prefix #2057
- additional results storing in smtp_forward and quarantine #2067
- publish p0f plugin to NPM #2076
- smtp_forward stores queue note at queue.wants #2083
- Remove unused folders from installation #2088
- smtp_forward stores queue note at queue.wants #2083
- add get/set to conn/txn.notes #2082
- additional results storing in smtp_forward and quarantine #2067
- Permit log settings to be set w/o LOG prefix #2057
- support INFO and LOGINFO as config settings #2056
- log.ini, new default location for log related settings #2054
- dcc: replace with npm packaged version #2052
- qmd: replace rcpt_to.qmail_deliverable with npm #2051
- rspamd: pass SPF evaluation #2050
- add logfmt support #2047
- update ipaddr.js to version 1.5.0 #2037
- update redis to version 2.8.0 #2033
- disable graceful for SIGTERM #2028
- add additional integration tests #2026
- move most npm packaged plugins into optionalDependencies #2023
- New Features
- TLS certificate directory (config/tls) #2032
- plugins can specify a queue plugin & next_hop route #2067
- connection/transaction notes now have get/set #2082
- Fixes
- haraka cli will now create folders if they don't exist #2088
- maybe fix for #1852 503 response #2064
- crash when 'AUTH LOGIN' is sent after a successful auth #2039
- docs: fixed swaks test command #2034
- dkim: prevent dkim_verify from causing 'cannot pipe' #1693
- Changes
- Fix auth plugin failure when re-selecting auth method #2000
- don't crash Haraka when invalid YAML config encountered #2013
- update semver to version 5.4.0 #2015
- relay docs: correct the config file name #2012
- rename config/xclient.hosts to match plugin & docs #2014
- build_todo() is part of the outbound/index.js api #2016
- update js-yaml to version 3.9.0 #2002
- outbound/hmail: use WRITE_EXCL from haraka-constants #2011
- replace plugins/log.elasticsearch with npm packaged #2004
- Remove two spurious log statements #1989
- access: rebuild blacklist upon change (vs supplement) #1990
- deliver to qmail-queue with LF line endings (not CRLF) #1997
- doc: add note that smtp_forward only supports STARTTLS #1988
- import Plugins.md from v3 #1991
- update async to 2.5.0 #1982
- update iconv to 2.3.0 #1981
- require node.js v6+ #1958
- update ipaddr.js to 1.4.0 #1972
- support newer address-rfc2822 #1970
- update node-address-rfc2821 version to 1.1.1 #1968
- outbound: be consistent with todo.domain #1960
- bump haraka-results required version #1949
- logger: load in a setImmediate call #1948
- logger: strip intermediate \n chars #1947
- tls consistency cleanups #1851
- Get pool config handling simplifcation #1868
- add integration test: send message w/smtp_client
- replace some legacy code with es6 #1862
- update async to version 2.2.0 #1863
- update ipaddr.js to version 1.3.0 #1857
- update redis to version 2.7.0 #1854
- assure conn/tran still exists before storing results #1849
- moved tls.ini parsing to net_utils #1848
- smtp forward dest split routing #1847
- rspamd: refactor complex condition into function #1840
- block js attachments #1837
- helo.checks: bring plugin into alignment with docs #1833
- when proxy enabled, update remote.is_private too #1811
- create an outbound queue filename handler #1792
- replace fcrdns with npm package #1810
- add an additional node_modules plugin search path #1805
- Set graceful shutdown off by default #1927
- Allow outbound pools to be disabled #1917
- Outbound split and move into folder #1850
- don't emit binary characters into the logs #1902
- Add .editorconfig #1884
- tls: remove interim variables #1871
- New Features
- Use punycode domain (support SMTPUTF8) #1944
- Added RabbitMQ vhost support #1866
- clamav: allow "Unknown Result" and Socket Error to try next host #1931
- outbound client certificates #1908
- Implement the missing upgrade method on SMTPClient #1901
- Remove typo from relay.md #1886
- Fixes
- outbound: fix queue not loaded for single process #1941
- outbound: Fix undefined variable platformDOT in hmail.js #1943
- outbound: fix undefined FsyncWriteStream var #1953
- Fix cluster messaging for node v6+ #1938
- outbound: fix loading under cluster. #1934
- Check pool exists before delete #1937
- be more strict in attachment filename matching #1957
- doc typo fix #1963
- RabbitMQ: fix encoding of user and password string #1964
- spf: improve modifier regexp #1859
- rabbitmq doc typo in config file name #1865
- URL to manual was 404, point to Plugins.md #1844
- smtp_client: set idleTimeout to 1s < pool_timeout #1842
- fix broken continuations #1843
- doc error for the 'check.authenticated' setting in rspamd plugin #1834
- emit the result, not all of them #1829
- fix outbound logger #1827
- fix forwarding with client auth over TLS (forward to gmail) #1803
- Don't blow the stack on qstat #1930
- run dumped logs through log plugins, not console #1929
- Fix path parsing bug on Windows platform #1919
- helo: make sure list_re is defined before access #1903
- TLS: handle case where OCSP server is unavailable #1880
- rspamd: add missing 'default' keyword #1856
- disable naïve comment stripping #1876
- Changes
- new haraka-plugin-limit #1785
- replaces plugin/limit, plugin/rate_limit, and haraka-plugin-outbound-rate-limit
- p0f: skip on private IPs (normally empty) #1758
- spf: skip for outbound when context != myself #1763
- redis: plugins using redis can inherit redis config #1777
- redis: replace plugins/redis with haraka-plugin-redis #1786
- lint: require space before function declaration #1784
- lint: added eslint:recommended #1790
- logger: remove logger.colorize code for legacy node versions
- new haraka-plugin-limit #1785
- New Features
- redis: add
redis_subscribe_pattern()
#1766 - queue/discard: add ENV that permits discarding #1791
- redis: add
- Improvements
- rspamd: improve response parsing #1770
- restore Windows testing to working state #1755
- elasticsearch: use UTC dates for index creation #1771
- tls: fix dhparam usage example syntax #1774
- typo: logerr -> logerror #1776
- when generating long DKIM keys, include a BIND compatible folded key #1775
- in haraka-test-fixtures, access results via fixtures.results #1783
- integration test: end to end server testing #1791
- Bug Fixes
- spf: restore functionality for relay context=myself #1759
- rate_limit:if incr creates a new record, assure it has a TTL #1781
- tls: do not create a top level secureContext #1787
- dnswl: swap lines to fix missing inherited methods #1793
- dnswl: fix config loader callback syntax #1794
- tests/plugins: unset process.env.HARAKA to avoid side effects that interfere with other tests
- remove auth_flat_file sample auth user #1796
- Changes
- plugin/karma -> npm packaged haraka-plugin-karma #1747
- update generic-pool 2.4.2 -> 2.5.0
- New Features
- Added option to bypass SpamAssassin headers' merge #1745
- Improvements
- reduce severity of debug message #1744
- fix misleading entries in config/tls.ini #1734
- Misc. performance improvements #1738
- set tls.sessionIdContext property (for Thunderbird compat) #1740
- Bug Fixes
- Swap lines to avoid clobbering response array #1743
-
Changes
- rename core_require to haraka_require #1708
- move log.syslog to haraka-plugin-syslog #1698
- remove tls.ini loading and is_no_tls_host to net_utils #1690
- replace ./utils with npm packaged haraka-utils #1720
- require node 4
- karma: add .top TLD scoring #1714
-
New Features
- Implement OCSP Stapling #1724
-
Improvements
- show help for npm packaged plugins included in core #1698
- use tls.connect for client #1682
- bring port 465 SMTPS TLS config support on par with STARTTLS #1667
- use tls.connect instead of createSecurePair #1678
- redis: improve error handling in tests #
- replace / path seperators with path.* for cross platform compat #1713
-
Bug Fixes
- dkim_sign: per-domain key finding fixed #1707
- Rspamd: restore spam report header #1702
- auth/vpopmail: do not toString() when null #1695
- fix outbound to avoid recursive reading key/cert after refactoring #1692
- tls: fix option servername (not hostname) #1728
- correct Auth-Results cleaning #1726
- fix results for connection.remote_host and NXDOMAIN #1716
-
Changes
- use standard npm syntax for lint and tests #1646
- remove ./net_utils to haraka-net-utils #1644
- remove incorrect and unused spf.hello_host #1635
- remove rogue DENYSOFT copy-pasta error #1634
- update async to v2 #1545
- remove plugin/dir support from base haraka #1668
- use node_modules_dir support instead
- use TLSSocket instead of createSecurePair #1672
- refactor plugins/tls #1670
- moved watch plugin to npm as haraka-plugin-watch #1657
- normalize proxy properties #1650
-
New Features
- added connection.remote.is_private boolean #1648
- added additional TLS options (@typingArtist) #1651
- added wildcard boolean support to config loader #1680
- tls: allow multiple key and cert parameters for RSA+ECDSA #1663
- permit specifying haraka plugins w/o haraka-plugin- prefix #1645
- in config/plugins and resultstore
-
Improvements
- connection.geoip replaced by haraka-plugin-geoip #1645
- connection.asn replaced by haraka-plugin-asn #1645
- permit specifying npm packaged plugins w/o haraka-plugin prefix #1647
- normalized connection properties #1547, #1577
- Rspamd: fix spambar for negative scores #1630
- set connection.remote.is_private early
- replace calls to net_utils with remote.is_private test
-
Bug Fixes
- Tidy-up graceful shutdown and fix for non-cluster mode #1639
- Fix data.headers plugin crash #1641
- Fix access plugin crash #1640
- Minor DKIM fix #1642
- do not set TLS timer if timeout=0 #1632
- do not overwrite config/host_list on install #1637
- correct smtp_forward cfg for multiple rcpts #1680
- fix TLS timeout errors #1665
-
Changes
-
New Features
- Support outbound.pool_timeout of 0 to effectively disable pooling. #1561
- Added never_add_headers option to rspamd plugin. #1562
- rcpt_to.routes URI format w/ LMTP support #1568
-
Improvements
- The delay_deny plugin now has a whitelist mode (vs blacklist). #1564
- Don't show the private key in logs for dkim_sign. #1565
- update geoip for compat with newer ES (#1622)
- drop node 0.10 testing / official support (#1621)
- watch plugin displays UUIDs as URL (#1624)
- Catch errors on header decode in rfc2231 #1599
- Attachment plugin updates (#1606)
- add outbound.ini pool_timeout example setting #1584
-
Bug Fixes
- Fixed some small documentation issues. #1573, #1616, #1612
- Fixed AUTH PLAIN when it spreads over two lines. #1550
- Fixed dkim_verify calling next() too soon. #1566
- Fixed bugs with outbound pools who shutdown before we QUIT. #1561, #1572
- outbound issues #1615, #1603
- Fixed adding/removing headers in rspamd plugin. #1562
- Fixed process_title not shutting down. #1560
- fix a spurious error emitted by p0f (#1623)
- fix header version hiding (#1617)
- messagestream returns destination (#1610)
- plugins.getdenyfn now passed 3rd params arg (#1591)
- Fix scope of spf logdebug (#1598)
- fix rabbitmq deliveryMode bug (#1594)
- fix dkim_sign TypeError with null mail_from.host (#1592)
- fix dkim_sign attempting to lower an undefined (#1587)
-
Changes
- removed UPGRADE.doc to wiki
-
Improvements
- support + wildcard in aliases plugin #1531
- Support dkim_sign with outbound.send_email() #1512
- spf: always check remote IP, then public IP if != pass #1528
- spf: diplay IP used for SPF eval #1528
-
Bug Fixes
- handle missing wss section in http.ini #1542
- fix leak on socket write error #1541
- add results property to outbound transaction #1535
- don't unref unref'd wss server #1521
-
Changes
- Fix geoip test
-
Improvements
- Allow alias plugin to explode to a list of aliases
- Support IPv6 literals in HELO tests (#1507 thanks @gramakri)
- Make ldap plugin use the modified address if a rcpt hook changes it (#1501 thanks @darkpixel)
-
Bug Fixes
- Fix loading plugins as npm modules (#1513)
- More DKIM fixes (#1506 thanks @zllovesuki)
- Fix the long failing host-pool-timer test (#1508)
- Fix clean shutdown of redis with new shutdown code (#1504 and #1502 thanks @darkpixel)
- More fixes to clean shutdown (#1503)
- Bug Fixes
- Fix loading under Node v4 which sends a blank message
- Fix quit (SIGINT) when running without nodes=
-
Changes
- The connection object is now passed to
get_plain_passwd
. Older modules should continue to work as-is. - The reseed_rng plugin now just uses the Crypto module from core. Though it seems this plugin should be irrelevant with newer versions of node.js
- The connection object is now passed to
-
New Features
- Outbound mail now uses pooled connections, only sending a
QUIT
message if the connection has been idle for a while.
- Outbound mail now uses pooled connections, only sending a
-
Improvements
- Shut down and reload (via
haraka -c <path> --graceful
) is now graceful - allowing current connections to finish and plugins to clean up before ending.
- Shut down and reload (via
-
Bug Fixes
- Bind maxmind version to ignore API change (#1492)
- Fix encodings when banners are used (#1477)
- Various DKIM fixes (#1495)
- Bug Fixes
- Fix plugin loading override when installed (#1471)
- Bug Fixes
- Fix config overriding for core modules (#1468)
-
Changes
- Added Node v6 to travis tests
-
New Features
- Added bin/haraka --qunstick to flush all mails for that domain (#1460)
-
Improvements
- Make bin/haraka --qlist show much more information (#1452)
- Allow CIDR ranges in no_tls_hosts (#1450)
-
Bug Fixes
- 2.8.0 was shipped with a broken config/plugins. (#1453)
- Stop haraka dying when ldap connections fail (#1456)
- Pick up domain specific config correctly in ldap (#1456)
-
Changes
- updated dependency versions (#1426, #1425)
- use utf8 encoding for body filters (#1429)
- remove spameatingmonkey from tests (#1421)
- replace ./constants.js with haraka-constants (#1353)
- Document HMail and TODO items (#1343)
- Copy only a minimal config/* by default (#1341).
- cfreader/* removed to haraka/haraka-config (#1350)
- outbound and smtp_client honor tls.ini settings (#1350)
- outbound TLS defaults to enabled
- lint: remove all unused variables (#1358)
- replace ./address.js with address-rfc2181 (#1359)
-
New Features
- smtp_forward: accepts a list of backend hosts, thanks @kgeoss (#1333)
- config: add array[] syntax to INI files (#1345)
- plugins.js: support require('./config') in plugins
- Load plugin config from own folder and merge (#1335)
- Allow original email's Subject to be included in bounce message (#1337)
- new queue/smtp_bridge plugin, thanks @jesucarr (#1351)
-
Improvements
- early_talker: supports IP whitelisting (#1423)
- loading plugins as packages (#1278)
- removed TLD stuff to haraka/haraka-tld (#1301)
- removed unused 'require('redis') in plugins/karma (#1348)
- improved MIME header support per rfc2231 (#1344)
- tls options can be defined for outbound and smtp_* (#1357)
- explicitly disable SSLv2 (#1395)
- cache STUN results
- xclient plugin improvements (#1405)
- tls: Set verify=NO correctly when no certificate presented (#1400)
- improved message header decoding (#1403, #1406)
- bounce: skip single_recipient check for relays/private_ips (#1385)
- rspamd docs: Clarify usage of check.private_ip (#1383)
- if rcpt_to returns DSN in msg, log it properly (#1375)
-
Bug Fixes
- fix out-of-range errors from banner insertion (#1334)
- dkim_verify: Call next only after message_stream ended (#1330)
- outbound: remove type check from pid match (#1322)
- lint: enable no-shadown and remove all shadow variables (#1349)
- spf: fix log_debug syntax (#1416)
- auto_proxy: fix a starttls loop (#1392)
- fcrdns: corrected err variable name (#1391)
- rspamd: Fix undefined variable (#1396)
- dkim_verify: Fix header handling (#1371)
- smtp_client: fix remote_ip (#1362)
-
Changes
- smtp_proxy & qmail-queue: default to enabled for outbound deliveries (previously used Outbound), to better matches user expectations.
-
New Features
- outbound: allow passing notes to send_email (#1295)
-
Improvements
- logging: emit log message queue before shutting down (#1296)
- result_store: permit redis pub/sub to work when host != localhost (#1277)
- tests: quiet the extremely verbose messages (#1282)
- rspamd: add timeout error handling (#1276)
- watch: fix display of early_talker results (#1281)
- spamassassin: publish results to result_store (#1280)
- karma: can now connect to redis on hosts other than localhost (#1275)
- geoip & p0f: don't log empty/null values from RFC 1918 connects (#1267)
- redis: make plugin params match docs (#1273)
- mailbody: small refactoring (#1315)
- smtp_proxy & qmail-queue: default to enabled for outbound (#1308)
-
Bug Fixes
- redis: use correct path for db.select (#1273)
- count errors correctly (#1274)
- logger: ignore null arguments (#1299)
- connection: pause for hook_reset_transaction (#1303)
- rcpt_to.routes: update redis usage for compat with redis plugin (#1302)
- smtp_forward: use correct config path to auth settings (#1327)
- messagestream: correctly pass options parameter to get_data (#1316)
- spf: honour configuration for mfrom scope (#1322)
- outbound: Add missing dash to 'Final-Recipient' header name (#1320)
- Bug Fixes
- Revert a change that broke plugin loading
-
New Features
- added debian init.d file (#1255) @slattery
-
Improvements
- smtp_forward auth settings now work (#430)
- better handling of broken messages (#1234)
- Docker: use latest Phusion image && stdout (#1238, #1239)
- Clean up plugin loading a tiny bit (#1242)
- make dkim keydir case insensitive (1251)
- ignore DNS errors that aren't errors (#1247)
- outbound doc updates (#1258) @Currerius
- outbound: return DENYSOFT on queue error (#1264)
- smtp_client: if enable_tls is set and TLS files missing, warn (#1266)
-
Bug Fixes
- Don't sent empty headers to rspamd (#1230)
- Fix auth_base.js key need to be a string - number.toString() (#1228)
- fix bug with empty charset= on mime parts … (#1225)
- Fix "passwd" check crash with numeric password. (#1254)
- result_store: show arrays when not empty (#1261)
-
New Features
- SPF bounce check
- rspamd plugin (@fatalbanana)
- watch plugin
- limit plugin (connection concurrency, errors, unrecognized commands)
- plugins can now be npm packages (see also #946)
- built-in HTTP server (Express backed)
- ESETS AV plugin
- DCC plugin (incomplete)
- Add LOGIN support to XCLIENT
- backscatterer plugin
- full IPv4 & IPv6 compatibility inbound #1120, #1123, #1154 (@Dexus)
- Early talker #1075 (@smfreegard, @msimerson)
- permit loading of plugins in node_modules #1056 (@msimerson)
-
Improvements
- Fix anti_spoof by use config #1171
- Add license clause #1170
- package.json dependencies and travis update #1147, #1168 (@Dexus)
- logging: remove node-syslog and strong-fork-syslog with modern-syslog #1145 (@Dexus)
- aliases: support for email, user and host aliases #1149 (@Dexus)
- add docs for use private key with TLS #1130 (@Dexus)
- outbound: ENOENT on dotfile - compatibility for windows #1129 (@Dexus)
- plugin/attachment: block more attachment file types #1191 (@Dexus)
- remove double functions #1126 (@Dexus)
- Outbound Bounce messages according to RFC3464 #1189 (@hatsebutz)
- toobusy: only run checks if toobusy.js installed and loads
- HAProxy: set local_ip, local_port and remote_port
- save auth pass/fail/user to result_store
- ini files no longer require values (useful for storing lists)
- connection: add MAIL and RCPT to results
- results_store: enable 'emit' feature for .push()
- add support for custom Outbound Received header value (@zombified)
- save smtp_forward result to result_store
- auth_base: permit a return message (@DarkSorrow)
- add DSN.create() and RFC 4954 support
- enhanced pipelining support
- added config/access.domains with some tips (@EyePulp)
- Add SSL detection over plain-text socket
- earlytalker: store results
- bounce: make it safe to check non_local_msgid
- AVG: store results, added defer options
- tls: change createCredentials to tls.createSecureContext (@DarkSorrow)
- update dependency versions (esp async 0.2.9 -> 1.0.0)
- ASN docs: add FTP download note for routeviews
- karma: removed concurrency limits (see limit plugin) and penalty feature
- added utils.elapsed()
- deny message includes hostname
- Add Fisher-Yates shuffle to randomize lookup order in data.uribl
- change default message size limit to 25mb
- auth_base: save auth results
- upgrade toobusy plugin to toobusy-js (@alexkavon)
- configfile: permit / char in ini keys
- added utils.node_min()
- added result_store.get_all()
- updated ubuntu upstart script
- plugin/rate_limit: return in no custom default is set 0 = unlimited #1186, #1185
- Outbound.send_email: added dot-stuffing #1176, #1165 (@hatsebutz)
- make sure server object is availabe to plugins loaded from node_modules #1162 (@bmonty)
- Net_utils.get_ips_by_host #1160 (@msimerson)
- fcrdns: don't log error for ENODATA #1140 (@msimerson)
- improve MUA detection #1137 (@msimerson)
- tls: tmp disable for hosts that fail STARTTLS #1136 (@msimerson)
- karma: skip deny on outbound hooks #1100 (@msimerson)
- Store HAProxy IP in connection object #1097 (@smfreegard)
- Remove UUID from queued message #1092 (@smfreegard)
-
Bug Fixes
- fix windows build and test failures #1076 (@msimerson)
- Fix plugin ordering #1081 (@smfreegard)
- Fix distance reporting to X-Haraka-GeoIP for geoip-lite #1086 (@smfreegard)
- uribl: prevent calling next() more than 1x #1138 (@msimerson)
- Fix so constants are imported when plugin is loaded from node_modules. #1133 (@bmonty)
- Include STMP-code in bounce-reason string for upstream 5XX responses #1117 (@hatsebutz)
- TLS fixes: add timed_out flag and karma should not run deny hook on it. #1109 (@smfreegard)
- Fix port to number instead of string for HAProxy #1108 (@DarkSorrow)
- Plugin dcc: fixed syntax error #1164 (@hatsebutz)
- config: fix flat files if \r\n lines #1187 (@Dexus)
- corrected hook_rcpt log code hook_rcpt_ok returns CONT
- fix crash bug when loglevel = LOGDEBUG
- corrected pathname in rcpt.ldap plugin (@abhas)
- added helo.checks boolean for proto_mismatch
- make rate_limit redis keys always expire @celesteking
- dkim_sign: Buffer.concat expects an array of buffers
- transaction: check discard_data before adding line end (@DarkSorrow)
- fix 8-bit msg not displayed properly in gmail
- fcrdns: always init results
- TLS timer on error
- dkim_verify: fixed timeout issue
- smtp_[proxy|forward]: correct authentication example
- Fork child workers after init_master hook
- connection: return 450/550 for plugin DENY* (was 452/552)
- spamassassin: don't call next() when transaction gone
- outbound: fix crash when sending bounce mail
- auth_base: fix bad protocol in auth_base.js #1121 (@Dexus)
- outbound: Fix HELO/rDNS issue while using multiple outbound ip #1128 (@Dexus)
- connection: Fix bug when client disconnect after sending data #1193
- Fix connect.geoip bug #1144 (@smfreegard)
- Fix tiny bug in messagesniffer #1198 (@smfreegard)
- added sedation timers for config file re-reading
- Add AUTH support to outbound
- tests/spf: quiet excessive DEBUG noise
- allow domains with underscore
- correct name of domains config file in access
- Fix SMTP AUTH in smtp_forward/proxy and add docs
- Fix opts not being passed to HMailItem _bounce function
- log.syslog will try strong-fork-syslog (for node 0.12 compat)
- improvements to Plugin docs
- rename net_utils.is_rfc1918 -> is_private_ip
- IPv6 compat
- test coverage
- add IPv6 unique local fc00::/7
- pre-populated config/plugins
- added utils.extend, copies props onto objects
- other bug fixes
- updated a few tests so test suite passes on Windows
- log.syslog: handle failure to load node-syslog
- plugin directory is $ENV definable (@martin1yness)
- logging timestamps were static, fixed by @cloudbuy
- queue/rabbitmq_amqplib, new plugin for RabbitMQ using amqplib (@esevece)
- outbound:
- plugins can set the outbound IP (during get_mx)
- only replace line endings if not \r\n
- bannering fixes
- added support for per recipient routes
- tls: don't register hooks upless certs exist
- removed contrib/geolite-mirror-simple.pl (replaced by docs update pointing to maxmind-geolite-mirror)
- rcpt.routes: new plugin by @msimerson
- make haproxy IPv6 compatible
- record_envelope_addresses: new plugin by @deburau
- prevent_credential_leaks: new plugin by @smfreegard
- config:
- configfile: added .yaml support
- improved config file 'watch' logic
- Allow hyphens in params in config files (@abhas)
- cached requests include options in cache key name
- asn: updates for node 0.11 compat
- dnsbl: use aysync.each vs forEach (avoid race condition)
- spamassassin: improved config loading and test coverage
- geoip: deprecate geoip-lite in favor of maxmind, IPv6 compatible
- disable SSLv3 (due to POODLE)
- dkim & spf, updates for node 0.11 compatibiilty
- karma: move neighbor scoring from code to karma.ini
- move excludes list to karma.ini
- apply awards before adding message header & permit rejection at queue
- karma.ini: score updates for access & uribl plugins
- score denials issued by skipped plugins
- add scores for specific DNSBLs
- add transaction body filters (@chazomaticus)
- change bannering to use them
- helo.checks: fix timeout bug
- match_re now validates and pre-compiles all REs
- Add new proto_mismatch check
- p0f: add register(), load config once, early
- server: improved config handling
- data.headers: add Delivered-To check
- rcpt_to.ldap: new plugin by @abhas
- smtp_client: only load tls_* when cfg.enable_tls
- added plugins/host_list_base
- Platform independent temp dir (thanks @martinvd)
- move deprecated docs into docs/deprecated
- Switch to Phusion baseimage instead of stock Ubuntu (thanks @Synchro)
- dkim_verify: new plugin by @smfreegard
- many new tests
- improved URI parser (for URIBL plugin)
- Allow mixed case STARTTLS command
- Install Node via package manager (Mohd Rozi)
- Fix a couple crit errors (@Illirgway)
- Add noisy/bulk out-of-band rule support to MessaageSniffer plugin
- initial support for rabbitmq plugin (@samuelharden)
- bounce, added non_local_msgid checks and much faster lookups
- vpopmail: fail faster during a CRAM-MD5 auth attempt with an invalid user
- fcrdns: handle a null hostname
- Improve HAProxy support code and documentation
- tls: reworked for efficiency and linear style
- access: test hostname validity before PSL lookup
- load lists into objects (vs arrays), for much faster runtime access
- host_list: huge performance increase, esp for many hosts
- added automated build testing via Travis-CI.org
- fixed dkim_sign crash issue #560
- geoip can discover external IP via net_utils.get_public_ip
- geoip: skip private IPs
- qmd: when relaying, validate MAIL FROM against QMD, add per-domain configurations, added reject option, added tests and bug fixes.
- net_utils: added is_ipv4_literal, is_public_suffix, get_public_ip, added tests, shed some CamelCase.
- asn: looksup up ASN of connection, uses 3 providers, tests providers, saves results, optionally adds headers. Includes tests.
- access: new plugin that merges rdns_access, mail_from.access, and rcpt_to.access.
- fcrdns: new plugin (Forward Confirmed Reverse DNS)
- bounce: new plugin (merges
- data.headers: new plugin added direct_to_mx, check & reject settings, added MLM detection, tests.
- helo.checks: refactored, better config handling, new tests (match_rdns, mismatch, results), reject option.
- results_store: store processing results in data structures (vs notes)
- spf: refactored, added outbound checks when relaying, added 15 tests,
- dnsbl: return errors as Error objects, reduce list to unique zones, added tests, added search=multi option, handle ENOTFOUND error, added reject=false option.
- dns_list_base: bug fixes (race condition, returning invalid results)
- bounce: refactored, each check has enable and reject switches, added tests, added bad_bounce_to
- clamav: add virus name to results, better config parsing, typo fixes
- uribl:
- mf_resolvable:
- tls: add link to wiki article on TLS setup
- relay_acl: fix issue #428, refactored, don't crash when relay_dest_domains.ini missing, added tests
- fix mx mechanism when no records are returned
- vpopmaild: added per-domain feature
- karma: added whitelist award, pass through temp (DENYSOFT) errors, made tarpit variable, configurable reject hooks, doc rewrite, ASN awards, fix penalty days calculation, new DSL for karma awards,
- bannering fixes
- added log* stubs to test/fixtures/[plugin|connection]
- tests/fixtures/stub_plugin: set name property
- config: corrected handling of config.arg gets, fix caching bug, fix boolean handling, added missing 'type' handling.
- Adding the option of using CIDR ranges in the haproxy_hosts file
- tarpit: added config option hooks_to_delay, added docs
- contrib/haraka.bsd.rc: startup file for *BSD
- Store attachment headers on stream
- Record accepted domains at hook_rcpt and improve queue/lmtp
- return after next() in the whitelist checks
- Add new -o option to bin/haraka
- Trim whitespace when reading "list" type config files (such as config/plugins)
- Added LMTP via queue/lmtp plugin
- Fixed bug in outbound when temp failing some of the recipients that would prevent delivery working to those recipients for future delivery attempts
- Add additional details/parameters to delivered hook for outbound mail
- Removed the hmail.bounce_extra object as that information now stored with the rcpt_to list
- Store the RCPT TO rejection reason on the address object
- Fix memory leak when watching config files for changes
- Support for badly formatted MAIL FROM/RCPT TO lines
- Fix a memory corruption when fixing line endings
- Fix breakpoints in plugins when using node inspector
- Reload config in relay_force_routing without restart
- Don't re-attempt TLS upgrade if upgraded already and STARTTLS is re-advertised
- Improved outbound logging
- Pass failed recipients to bounce hook in outbound processing
- Added startup checks to ensure Haraka has been installed correctly
- Handle case of Haraka server running out of disk space better
- In mail_from.is_resolvable: move re_bogus_ip into config
- Added auth/auth_vpopmaild plugin - SMTP AUTH against a vpopmaild server
- Fixed graph plugin to work with sqlite3
- Added rcpt_to.qmail_deliverable plugin - Authenticate inbound RCPT TOs against Qmail::Deliverable daemon
- Added data.headers plugin which merges header checks into one place. Deprecates data.noreceived, data.rfc5322_header_checks, and data.nomsgid.
- Added documentation for logging system
- Added DKIM per-domain signing support
- Added p0f plugin
- In relay_acl, if host is allowed by acl, don't deny the recipient because the domain isn't in the allow list
- Add Authentication-Results header (RFC 5451) to all emails
- Fixed writing the todo file in outbound for newer Node versions
- Added Karma plugin to support penalizing consistently evil senders
- Added GeoIP plugin including distance calculation from your mail server
- Added bounce plugin for handling incoming bounce messages in various ways
- Fix underscores in documentation so web version doesn't look so weird
- By default prevent SMTP AUTH unless on a private IP or using TLS WARNING: May break some uses of Haraka, but is worth it for security
- In lookup_rdns.strict, check whitelist before looking up IP
- Big rewrite of the SpamAssassin plugin for simplicity and mainly to pass through X-Spam-* headers provided
- Added delay_deny plugin allowing more flexibility on when to reject mail
- Improvements to ini file parsing allowing floats and negative integers, and specifying boolean keys
- Fix issue causing a CRIT/crash with lost transaction/connection while sending inbound to ongoing SMTP server
- Allow setting of spamd_user for spamassassin plugin
- Various fixes to SMTP AUTH code, including providing SMTP AUTH to inbound mail forwarders.
- Updates to process_title plugin to show more details
- Changed transaction.data_lines to a Stream (this will break all code which uses transaction.data_lines currently - see the migration guide)
- Changed attachments to be a Stream (this will break some code which uses transaction.attachment_hooks - see the migration guide)
- Capture and log signals sent to Haraka
- Various performance improvements
- Fixed a memory leak in connection pool
- Improvements to TLS compatibility
- RFC compliance improvements with greeting, EHLO/HELO, QUIT, and dot stuffing
- Throw exception with set_banner as it is now non-functional. Will be returned in a future version.
- Small fixes to data.uribl