Skip to content

Releases: mjl-/mox

v0.0.3

22 Apr 06:38
v0.0.3
517fb31
Compare
Choose a tag to compare

Update instructions: No special steps required other than updating the binary.

Important bug fixes:

  • When dkim-signing submitted messages, use the domain from the "message from
    header" instead of "smtp mail from". If you had an account with multiple
    addresses in different domains, then with some mail clients the DKIM signature
    on outgoing messages could be for the wrong domain.

Changes:

  • Add "mox localserve", a subcommand for running mox locally for email-related
    testing/developing. Localserve creates a config for listening on localhost
    for imap/smtp/submission/http, on port numbers 1000 + the common service port
    numbers. All incoming email is accepted (if checks pass), and a few pattern in
    localparts are recognized and result in delivery errors.
  • Implement configurable (rate) limits on outgoing messages, per account. By
    default an account can send 1000 messages per day, to max 200 first-time
    receivers. The goal is to limit damage spammers can do with compromised
    accounts.
  • In domains.conf, for an account, the Destinations mapping will now always use
    full email addresses, no longer localparts relative to the Domain configured
    for the account. The old form with just a localpart is still accepted. When
    writing domains.conf through the cli commands or admin web pages, the
    destinations will automatically be written with full email addresses. In the
    future, support for the localpart-only form will be removed.
  • Implement a catchall address for a domain, an address without localpart (i.e.
    starting with "@"). If an incoming message does not match a
    configured address, it is delivered to the account configured that has the
    catchall address configured.
  • ACME TLS certificate validation can also be done with method http-01
    (previously only with tls-alpn-01).
  • If you run mox behind a NAT, you can now specify "IPsNATed: true" in the SMTP
    listener to skip a few DNS checks that previously would always fail due to the
    IPs being NATed.
  • Add subcommand "mox dkim sign", useful for testing signatures.
  • For a "WebRedirect" rule, don't match a request if the destination URL would
    result in the same URL, causing a redirect. By not matching, the next
    configuration rules are evaluated for a match.
  • Various smaller technical and user-experience improvements.

Thanks to everyone who sent in feedback (e.g. by creating an issue on github).
It's much appreciated and essential for improving mox!

v0.0.2

09 Mar 15:19
v0.0.2
ba75c73
Compare
Choose a tag to compare

Update instructions

Follow these instructions if you are updating an existing installation.

Mox now starts as root to bind to network sockets, then starts a less
privileged process to run mox. Update the mox systemd service file and restart,
as root:

# update mox binary to v0.0.2
./mox config printservice >mox.service
systemctl daemon-reload
journalctl -f -u mox &
systemctl restart mox
# If you configured backups, keep in mind files are now owned by
# mox:root, your backup tools need access to the files.

Changes

  • Start up as root, bind network sockets, then drop privileges to a process as
    user mox to do the actual work. Makes it easier to run mox on BSDs, and paves
    the way for future privilege separation work.

  • Add a webserver, with support for reverse proxying, serving static files,
    configurable redirects. With ACME of course. Takes away need to configure mox
    behind an existing webserver/reverse proxy, greatly simplifying
    configuration/operation.

  • Add docker images and script to build images.

  • Make it possible to run mox behind an existing webserver/reverse proxy too.
    Also add quickstart flag to make it easier to generate a config file for this
    case.

  • Quickstart improvements: Add flag to generate a config for a specified host
    name (instead of guessing). If we found public IPs, check them with popular DNS
    blocklists and warn user if they are listed.

  • Add encrypted cid to SMTP error response lines, for easier debugging.

  • Fix importing of junk messages that the junk filter cannot parse.

  • Fix bug verifying SPF. For IP lookups (e.g. for mechanism "a"), we would only
    look up with the same address family as the incoming connection. If there was no
    record, we counted a void lookup. This could lead to incorrect SPF failures, we
    reached the void lookup limit when we shouldn't. If the record exists for
    another address family (a vs aaaa), we shouldn't count a void lookup.

  • Fix reputation learning of messages that were initially delivered to the
    Rejects mailbox and then moved out. If you marked them as junk or nonjunk (e.g.
    by moving to Archive or Junk), we should use the message for reputation
    calculation of new incoming messages, but we weren't.

  • Lots of smaller improvements, bug fixes.

Thanks for reporting issues: mteege, hismailbulut, belst, idnovic, Jens,
the-solipsist, pexarkh, sherief, gedw99, agucova, lormayna, and everyone I
forgot. Thanks for all your feedback, discussions, suggestions! It shaped these
changes, and changes to come.

Download

See https://github.com/mjl-/mox#download