stalwartlabs/mail-server v0.5.1

on GitHub

[0.5.1] - 2024-01-02

Added

• SMTP smuggling protection: Sanitization of outgoing messages that do not use CRLF as line endings.
• SMTP sender validation for authenticated users: Added the session.auth.must-match-sender configuration option to enforce that the sender address used in the MAIL FROM command matches the authenticated user or any of their associated e-mail addresses.

Changed

Fixed

• Invalid DKIM signatures for empty message bodies.
• IMAP command SEARCH BEFORE is not properly parsed.
• IMAP command FETCH fails to parse single arguments without parentheses.
• IMAP command ENABLE QRESYNC should also enable CONDSTORE extension.
• IMAP response to ENABLE command does not include enabled capabilities list.
• IMAP response to FETCH ENVELOPE should not return NIL when the From header is missing.