New features

• Improve queue management (40ade99)
  • Add option to put messages in the queue "on hold", preventing delivery
    attempts until taken off hold again.
  • Add "hold rules", to automatically mark some/all submitted messages as "on
    hold", e.g. from a specific account or to a specific domain.
  • Add operation to "fail" a message, causing a DSN to be delivered to the
    sender. previously we could only drop a message from the queue.
  • Update admin page & add new cli tools for these operations, with new
    filtering rules for selecting the messages to operate on. In the admin
    interface, add filtering and checkboxes to select a set of messages to operate
    on.
• Add a webapi and webhooks for a simple HTTP/JSON-based API, helps with
  sending transactional email. (for issue #31 by cuu508, 09fcc49)
  • Webapi allows submitting messages without having to compose the message
    yourself, and without having to know SMTP.
  • Webhooks makes it easy to process delivery failure/success updates, without
    needing IMAP and process DSNs.
  • History about outgoing/sent messages can be kept for a configurable interval,
    per account. Also for the new webhook queue.
  • Messages can be delivered with a "unique SMTP MAIL FROM" address, using a
    unique id after the localpart catchall separator, e.g.
    you+<unique>@example.org.
  • Automatic suppression list management, protecting server reputation.
  • Extra metadata can be attached through the webapi, or through
    X-Mox-Extra-: headers during SMTP submission.
  • Most settings are per-account, configurable through config file and
    account web interface. The webapi must be enabled in mox.conf through field
    WebAPIHTTP(s).
  • Gopherwatch.org was created to validate this functionality, and it can now
    operate either with SMTP/IMAP or webapi/webhooks.
• Add aliases/lists: when sending to an alias, the message gets delivered to all
  members. (for issue #57 by hmfaysal, issue #99 by naturalethic, feedback by
  damir & marin, 960a512).
• IMAP quota extension (RFC 9208), so mail clients can show disk usage (issue
  #115 by pmarini, 4dea2de)
• Webmail: when moving a single message out of/to the inbox, ask if user wants
  to create/remove a rule to automatically do that server-side for future
  deliveries, either based on list-id header if present, or message-from address.
  (6c0439c)
• Webmail: add server-side stored settings, initially for signature, top/bottom
  reply and showing the security indicator bars below address input fields.
  (for issue #102 by nixigaj, 70adf35)
• Webmail: for replies/forwards, add button "send and archive thread" next to
  the "send" button, and give it a control+shift+Enter shortcut. (for issue #135
  by mattfbacon, 5229d01)
• Webmail: store composed message as draft until send, ask about unsaved changes
  when closing compose window. (9529ae0)
• Webmail: remember server-side per from-address whether we should show the
  text/html/html-with-external-resources version of a message. (0f735a1)

Improvements

• Add account config option to skip first-time sender delay for incoming
  messages over SMTP. (8b2c978)
• In quickstart, check if outgoing SMTP connection on port 25 can be made. New
  cloud machines tend to have the port blocked, early warning is helpful.
  (reported by arnt, 0262f46)
• In quickstart, use "postmaster@" for the contact address with the ACME account
  for Let's Encrypt if the initial address has a non-ASCII localpart, to prevent
  account registration from failing. (reported by arnt, f4b6e14)
• Add a "direct" transport, that allows influencing behaviour of the normal
  delivery mechanism of dialing MX records: The IP address family can be limited
  to IPv4 or IPv6 (either may not have proper reverse DNS set up). (for issue
  #149, PR #153 by lmeunier, be570d1)
• Also give delivery another try with 5xx response when it happens during MAIL
  FROM/RCPT TO, not only EHLO as before. (related to #149, PR #152 by lmeunier,
  feb8e6c)
• Make error messages around syntax errors in config files related to
  spurious spaces more helpful/understandable. (reported by arnt, 6516a27)
• In SMTP server, reevaluate if SMTPUTF8 extension is needed for delivery, to
  prevent potential delivery problems to servers that don't implement SMTPUTF8.
  (issue #145, by lmeunier, 9c5d234)
• When importing maildir, use file mtime as received timestamp if no timestamp
  is available in filename. (based on message from abdul h, 6d38a1e)
• If webauth login cookie is missing, and forwarding was configured, hint that
  reverse proxy may be stripping path. (for issue #151 by naturalethic,
  afc47c8)
• Webmail: When adding submitted message to Sent mailbox, keep any Bcc address
  in Bcc header. (c9451d4)
• Make more of the dynamic config options (in domains.conf) configurable through
  the web interfaces, instead of requiring editing the config file. (baf4df5,
  a69887b, e702f45)
• Webmail: Allow resizing of compose window, and remember width/height for
  viewport dimension. (e8bbaa4)
• Webmail: Show all images (inline and attachment) below the text part (for the
  text view, not for html view). (3a58b2a)
• Webmail: Add export functionality, similar to existing option in account web
  interface, but not also possible per mailbox or hierarchy. (bf5cfca)
• Webmail: ctrl+Backspace on empty address input field removes the field (b54e903)
• Localserve: delivery from queue now goes through the smtp server instead of
  directly from queue to local accounts. To go through the full regular delivery
  paths. (1cf7477)
• Many small improvements.

Bug fixes

• Always properly escape values in Authentication-Results header added to
  incoming messages. Some generated values could have characters that weren't
  escaped. (2c9cb5b)
• Fix logging in on account and webmail interface for account names (not email
  addresses) with non-ASCII characters. (reported by arnt, 666f84e)
• Update to latest bstore with a fix for ordering of certain database results.
  Only a single query in mox would have triggered the issue, with no expected
  impact. (d34dd8a)
• For incoming TLS connections (HTTPS, but also SMTP and IMAP) for unrecognized
  domain names (for which we don't have a TLS certificate), don't respond with an
  "internal error" TLS alert, but with an "unrecognized name" alert. More helpful
  to user figuring out what's going on. (reported by arnt, 89a9a8b).

Update instructions

Before upgrading, do a dry-run first.

• Make a temporary backup with the old mox version:
  mox-v0.0.10 backup data/tmp/testupgrade
• Verify that all is well with the old version:
  mox-v0.0.10 verifydata data/tmp/testupgrade
• Verify the state with the new version:
  mox-v0.0.11 verifydata data/tmp/testupgrade

With a successful dry-run, the upgrade should go smoothly. Make a new backup
with mox-v0.0.10 backup data/tmp/backup (the previous backup was modified by
the dry-run, so couldn't be used to restore!), replace the binary and restart.
For further details, see
https://www.xmox.nl/faq/#hdr-how-do-i-upgrade-my-mox-installation

If you run into any problems, please create a bug report.

Thanks

Thanks for contributions and/or feedback from: pmarini, tabatinga0xffff,
lmeunier, alex, arnt, abdul h, cuu508, naturalethic, nixigaj, mattfbacon,
jsfan3, hmfaysal, damir & marin from sartura, RobSlgm, daftaupe, vipas84,
TragicLifeHu, manaus0xff, jdlawrie, Bloomers7577, kbrgmn (and all those I
missed).

Feedback, feature requests, bug reports, contributions (start small!) are all
welcome. An easy way to help mox is to use it and spread the word!

Development on mox is funded through the NLnet NGI0 Entrust Fund,
https://nlnet.nl/entrust/, with financial support from the European
Commission's Next Generation Internet programme.