github mjl-/mox v0.0.14
on GitHub

22 hours ago

New features

  • Implement TLS client certificate authentication using their public keys (not
    other certificate properties, so no name/expiration/constraint validation).
    Accounts can add multiple TLS public keys, e.g. one for each mail client. For
    use with SMTP/IMAP and the "external" SASL authentication mechanism. IMAP
    "preauth" is enabled with TLS certificate authentication, but can be disabled
    per key. (8804d6b)

Improvements

  • quickstart: Write all output to a file "quickstart.log" for later reference
    (2255ebc)
  • smtpserver: Add an option for the smtp delivery listener to enable/disable tls
    session tickets. (issue #237, e59f894)
  • smtpserver: Add prometheus metric and alerting rule for failing starttls
    handshakes for incoming deliveries. (related to issue #237, afb182c)
  • webmail: Split pasted address into multiple address, by commas. (PR #252,
    501f594)
  • Clarify that "aliases" are more small-scale lists, not additional addresses
    for an account. And make "public posting" the default for new aliases. (issue
    #244, 0e338b0, cbe418e)
  • smtpserver: When doing slow writes due to spammy incoming delivery, try a bit
    harder to prevent a timeout for the other side (if it is mox/itself!)
    (5a14a5b)
  • quickstart: For -existing-webserver, also add tls key/cert placeholder for
    mail.$domain. (5320ec1)
  • Do not try to get a tls cert for autoconfig. at startup if there is no
    listener with autoconfig enabled. Reduces needless logging in setups that don't
    use autoconfig. (35af7e3)
  • "mox retrain" command: Make the "account" parameter optional, retraining all
    accounts when absent. (94fb48c)
  • webmail: Move config options for showing keyboard shortcuts and for showing
    additional headers from localstorage to the settings popup, storing their values
    on the server. (3f727cf)
  • webmail: Don't bind to shortcuts ctrl-l, ctrl-u and ctrl-I since they are
    commonly used in browsers. (4d3c411)
  • webapi: Add Content-Disposition and Filename to the payload of incoming
    webhooks (issue #258, 4279383)
  • Add ability to include custom CSS & JS in web interfaces (webmail, webaccount,
    webadmin), and use css variables in webmail for easier customization.
    (96d86ad, related to issue #114)
  • webmail: When marking message as unread, also clear its (non)junk flags
    (1f604c6)
  • webaccount: Update text about opening apple mobileconfig profile files, it has
    gotten harder to use in iOS18. (636bb91)
  • admin: Better handling of disabled MTA-STS during self-check. (7f5e108)
  • admin: In self-check for SPF records against our IPs, don't try checking the
    unspecified addresses (0.0.0.0 and ::), and warn if there are no explicitly
    configured IPs. (726c093)
  • autoconfig: More RFC compliant SRV service not available DNS records (issue
    #240, 3554880)

Bug fixes

  • Fix verifying DANE-TA connections for outgoing email deliveries where the
    DANE-TA record is not for the first certificate in the chain after the leaf
    certifiate. (f7666d1)
  • junk filter: Fix adjusting word counts after train/untrain. (17baf9a)
  • Log when mox root process cannot forward signals to unprivileged child and
    give the mox.service permissions to send such signals. (32d4e9a)
  • webadmin: When loading page with webserver routes, internal services would
    always be shown with "admin" as internal services, and saving the handler would
    overwrite the correct setting. (issue #264, 965a2b4)
  • When opening an account by email address, such as during login attempts, and
    the address is an alias, fail with proper error "no such credentials" instead of
    with error "no such account" and printing a stack trace. (for issue #238,
    3d4cd00)
  • webmail: Fix using the compose window/popup after saving a draft message
    failed. (issue #256, ee48cf0)
  • webmail: Fix css to not show text on button (actually html "a" element for
    links) for downloaded (visited) attachments in blue. (f7193bd)

Update procedure

After updating, run "mox retrain" to retrain the bayesian junk filter for all
accounts. Retraining an account with many messages can require quite some
working memory. Due to a bug (now fixed), reclassifying messages as (non)-junk
updated the scores of words incorrectly, sometimes resulting in very high
(non)-junk reputation of some words. The junk filter should perform better
after retraining.

If you are using the mox.service systemd unit file on Linux, you should add
"CAP_KILL" to CapabilityBoundingSet (and reload & restart the service) so
graceful shut downs are faster.

Before upgrading, do a dry-run first.

  • Make a temporary backup with the old mox version:
    mox-v0.0.13 backup data/tmp/testupgrade
  • Verify that all is well with the old version:
    mox-v0.0.13 verifydata data/tmp/testupgrade
  • Verify the state with the new version:
    mox-v0.0.14 verifydata data/tmp/testupgrade

With a successful dry-run, the upgrade should go smoothly. Make a new backup
with mox-v0.0.13 backup data/tmp/backup (the previous backup was modified by
the dry-run, so couldn't be used to restore!), replace the binary and restart.
For further details, see
https://www.xmox.nl/faq/#hdr-how-do-i-upgrade-my-mox-installation

If you run into any problems, please create a bug report.

Thanks

Thanks for all the contributions/bug reports/feedback/discussions, much
appreciated! Special thanks to: exander77, bwbroersma, Robby-, wneessen,
kiekerjan, robbo5000, morki, laura-lilly, ally9335, spectral369, mattfbacon,
mwyvr, s0ph0s-dog, soheilpro and many more!

Downloading & compiling

See https://www.xmox.nl/install/#hdr-download.

Check out latest releases or
releases around mjl-/mox v0.0.14

Don't miss a new mox release

NewReleases is sending notifications on new releases.

Get notifications