All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.
To upgrade replace the stalwart-mail
binary and then upgrade to the latest web-admin.
- Delivery and DMARC Troubleshooting (#420).
- Support for external email addresses on mailing lists (#152).
- Azure blob storage support.
- Some mails can't be moved out of the junk folder (#670).
- Out of bound index error on Sieve script (#941).
- Missing
User-Agent
header for ACME (#937). - UTF8 support in IMAP4rev1 (#948).
- Account alias owner leak on autodiscover.
- Include all events in OTEL traces + Include spanId in webhooks.
- Implement
todo!()
causing panic on concurrency and rate limits. - Mark SQL store as active if used as a telemetry store.
- Discard empty form submissions.
To upgrade replace the stalwart-mail
binary and then upgrade to the latest web-admin.
- Enterprise license automatic renewals before expiration (disabled by default).
- Allow to LDAP search using bind dn instead of auth bind connection when bind auth is enabled (#873)
- Include
preferred_username
andemail
in OIDCid_token
. - Verify roles and permissions when creating or modifying accounts (#874)
To upgrade replace the stalwart-mail
binary.
- Data store CLI.
- Tokenizer performance issue (#863)
- Incorrect AI model endpoint setting.
To upgrade replace the stalwart-mail
binary and then upgrade to the latest web-admin.
- Detect and ban port scanners as well as other forms of abuse (#820).
- ACME External Account Binding support (#379).
- The settings
server.fail2ban.*
have been moved toserver.auto-ban.*
. - The event
security.brute-force-ban
is nowsecurity.abuse-ban
.
- Do not send SPF failures reports to local domains.
- Allow
nonce
in OAuth code requests. - Warn when there are errors migrating domains rather than aborting migration.
To upgrade replace the stalwart-mail
binary and then upgrade to the latest web-admin. Enterprise users wishing to use the new LLM-powered spam filter should also upgrade the spam filter rules.
- AI-powered Spam filtering and Sieve scripting (Enterprise feature).
- The untrusted Sieve interpreter now has the
vnd.stalwart.expressions
extension enabled by default. This allows Sieve users to use theeval
function to evaluate expressions in their scripts. If you would like to disable this extension, you can do so by addingvnd.stalwart.expressions
tosieve.untrusted.disabled-capabilities
.
- S3-compatible backends: Retry on
5xx
errors. - OIDC: Include
nonce
parameter inid_token
response.
To upgrade first upgrade the webadmin and then replace the stalwart-mail
binary. If you read these instructions too late, you can upgrade to the latest web-admin using curl -k -u admin:yourpass https://yourserver/api/update/webadmin
.
- OpenID Connect server (#298).
- OpenID Connect backend support (Enterprise feature).
- OpenID Connect Dynamic Client Registration (#4)
- OAuth 2.0 Dynamic Client Registration Protocol (RFC7591) (#136)
- OAuth 2.0 Token Introspection (RFC7662).
- Contact form submission handling.
webadmin.path
setting to override unpack directory (#792).
- Missing
LIST-STATUS
from RFC5819 in IMAP capability responses (#816). - Do not allow tenant domains to be deleted if they have members (#812).
- Tenant principal limits (#810).
To upgrade replace the stalwart-mail
binary.
OAUTHBEARER
SASL support in all services (#627).
- Fixed
migrate_directory
range scan (#784).
This version includes breaking changes to how accounts are stored. Please read UPGRADING.md for details.
- Multi-tenancy (Enterprise feature).
- Branding (Enterprise feature).
- Roles and permissions.
- Full-text search re-indexing.
- Partial database backups (#497).
- IMAP
IDLE
support for command pipelining, aka the Apple Mail iOS 18 bug (#765). - Case insensitive INBOX
fileinto
(#763). - Properly decode undelete account name (#761).
To upgrade replace the stalwart-mail
binary and then upgrade to the latest web-admin.
- Support for global Sieve scripts that can be used by users to filter their incoming mail.
- Allow localhost to override HTTP access controls to prevent lockouts.
- Sieve runtime error default log level is now
debug
.
- Ignore INBOX case on Sieve's
fileinto
(#725) - Local keys parsing and retrieval issues.
- Lookup reload does not include database settings.
- Account count is incorrect.
To upgrade replace the stalwart-mail
binary and then upgrade to the latest web-admin.
- Dashboard (Enterprise feature)
- Alerts (Enterprise feature)
- SYN Flood (session "loitering") attack protection (#482)
- Mailbox brute force protection (#688)
- Mail from is allowed (
session.mail.is-allowed
) expression (#609)
authentication.fail2ban
setting renamed toserver.fail2ban.authentication
.- Added elapsed times to message filtering events.
- Include queueId in MTA Hooks (#708)
- Do not insert empty keywords in FTS index.
To upgrade replace the stalwart-mail
binary and then upgrade to the latest web-admin.
- Message delivery history (Enterprise feature)
- Live tracing and logging (Enterprise feature)
- SQL Read Replicas (Enterprise feature)
- Distributed S3 Blob Store (Enterprise feature)
- Autodiscover request parser issues.
- Do not create tables when using SQL as an external directory (fixes #291)
- Do not hardcode logger id (fixes #348)
- Include
Forwarded-For IP
address inhttp.request-url
event (fixes #682)
To upgrade replace the stalwart-mail
binary and then upgrade to the latest web-admin.
- Metrics support (closes #478)
- OpenTelemetry Push Exporter
- Prometheus Pull Exporter (closes #275)
- HTTP endpoint access controls (closes #266 #329 #542)
- Add
options
setting to PostgreSQL driver (closes #662) - Add
isActive
property to defaults on Sieve/get JMAP method (closes #624)
- Perform
must-match-sender
checks after sender rewriting (closes #394) - Only perform email ingest duplicate check on the target mailbox (closes #632)
- Properly parse
Forwarded
andX-Forwarded-For
headers (fixes #669) - Resolve DKIM macros when generating DNS records (fixes #666)
- Fixed
is_local_domain
Sieve function (fixes #622)
To upgrade replace the stalwart-mail
binary and then upgrade to the latest web-admin. This version includes breaking changes to the Webhooks configuration and produces a slightly different log output, read UPGRADING.md for details.
- Improved and faster tracing and logging.
- Customizable event logging levels.
- ManageSieve: Return capabilities after successful
STARTTLS
- Do not provide
{auth_authen}
Milter macro unless the user is authenticated
To upgrade replace the stalwart-mail
binary.
- Restore deleted e-mails (Enterprise Edition only)
- Kubernetes (K8S) livenessProbe and readinessProbe endpoints.
- Avoid sending reports for DMARC/delivery reports (#173)
- Refresh old FoundationDB read transactions (#520)
- Subscribing shared mailboxes doesn't work (#251)
To upgrade replace the stalwart-mail
binary.
- Fix TOTP validation order.
- Increase Jemalloc page size on armv7 builds.
To upgrade replace the stalwart-mail
binary and then upgrade to the latest web-admin.
- Two-factor authentication with Time-based One-Time Passwords (#436)
- Application passwords (#479).
- Option to disable user accounts.
- DANE success on EndEntity match regardless of TrustAnchor validation.
- Fix ManageSieve GETSCRIPT response: Add missing CRLF (#563)
- Do not return CAPABILITIES after ManageSieve AUTH=PLAIN SASL exchange (#548)
- POP3 QUIT must write a response (#568)
To upgrade replace the stalwart-mail
binary and then upgrade to the latest web-admin and spam filter versions.
- Webhooks support (#480)
- MTA Hooks (like milter but over HTTP)
- Manually train and test spam classifier (#473 #264 #257 #471)
- Allow configuring default mailbox names, roles and subscriptions (#125 #290 #458 #498)
- Include
robots.txt
(#542)
- Milter support on all SMTP stages (#183)
- Do not announce
STARTTLS
if the listener does not support it.
- Incoming reports stored in the wrong subspace (#543)
- Return
OK
after a successful ManageSieve SASL authentication flow (#187) - Case-insensitive search in settings API (#487)
- Fix
session.rcpt.script
default variable name (#502)
To upgrade replace the stalwart-mail
binary and then upgrade to the latest web-admin and spam filter versions.
- POP3 support.
- DKIM signature length exploit protection.
- Faster email deletion.
- Junk/Trash folder auto-expunge and changelog auto-expiry (#403)
- IP allowlists.
- HTTP Strict Transport Security option.
- Add TLS Reporting DNS entry (#464).
- Use separate account for master user.
- Include server hostname in SMTP greetings (#448).
- IP addresses trigger
R_SUSPICIOUS_URL
false positive (#461 #419). - JMAP identities should not return null signatures.
- Include authentication headers and check queue quotas on Sieve message forwards.
- ARC seal using just one signature.
- Remove technical subdomains from MTA-STS policies and TLS records (#429).
This version uses a different database layout which is incompatible with previous versions. Please read the UPGRADING.md file for more information on how to upgrade from previous versions.
- Clustering support with node auto-discovery and partition-tolerant failure detection.
- Autoconfig and MS Autodiscover support (#336)
- New variables
retry_num
,notify_num
,last_error
addlast_status
available in queue expressions. - Performance improvements, in particular for FoundationDB.
- Improved full-text indexing with lower disk space usage.
- MTA-STS policy management.
- TLSA Records generation for DANE (#397)
- Queued message visualization from the web-admin.
- Master user support.
- Make
certificate.*
local keys by default. - Removed
server.run-as.*
settings. - Add Microsoft Office Macro types to bad mime types (#391)
- mySQL TLS support (#415)
- Resolve file macros after dropping root privileges.
- Updated order of SPF Records (#395).
- Avoid duplicate accountIds when using case insensitive external directories (#399)
authenticated_as
variable not usable for must-match-sender (#372)- Remove
StandardOutput
,StandardError
in service (#390) - SMTP
AUTH=LOGIN
compatibility issues with Microsoft Outlook (#400)
To upgrade replace the stalwart-mail
binary and then upgrade to the latest web-admin version.
- Full database export and import functionality
- Add --help and --version command line arguments (#365)
- Allow catch-all addresses when validating must match sender
- Add
groupOfUniqueNames
to the list of LDAP object classes
- Trim spaces in DNS-01 ACME secrets (#382)
- Allow only one journald tracer (#375)
authenticated_as
variable not usable for must-match-sender (#372)- Fixed
BOGUS_ENCRYPTED_AND_TEXT
spam filter rule - Fixed parsing of IPv6 DNS server addresses
To upgrade replace the stalwart-mail
binary and then upgrade to the latest web-admin version.
- Support for
DNS-01
andHTTP-01
ACME challenges (#226) - Configurable external resources (#355)
- Startup failure when Elasticsearch is down/starting up (#334)
- URL decode path elements in REST API.
To upgrade replace the stalwart-mail
binary.
- Make initial admin password configurable via env (#311)
- WebAdmin download URL.
- Remove ASN.1 DER structure from DKIM ED25519 public keys.
- Filter out invalid timestamps on log entries.
This version uses a different database layout and introduces multiple breaking changes in the configuration files. Please read the UPGRADING.md file for more information on how to upgrade from previous versions.
- Web-based administration interface.
- REST API for management and configuration.
- Automatic RSA and ED25519 DKIM key generation.
- Support for compressing binaries in the blob store (#227).
- Improved performance accessing IMAP mailboxes with a large number of messages.
- Support for custom DNS resolvers.
- Support for multiple loggers with different levels and outputs.
- Store quotas as
u64
rather thanu32
. - Second IDLE connections disconnects the first one (#280).
- Use relaxed DNS parsing, allowing underscores in DNS labels (#172).
- Escape regexes within
matches()
expressions (#155). - ManageSieve LOGOUT should reply with
OK
instead ofBYE
.
This version introduces breaking changes in the configuration file. Please read the UPGRADING.md file for more information on how to upgrade from previous versions.
- Distributed and fault-tolerant SMTP message queues.
- Distributed rate-limiting and fail2ban.
- Expressions in configuration files.
- Do not include
STATUS
in IMAPNOOP
responses (#234). - Allow multiple SMTP
HELO
commands. - Redirect OAuth using a
301
instead of a307
code.
Please read the UPGRADING.md file for more information on how to upgrade from previous versions.
- Built-in fail2ban and IP address/mask blocking (#164).
- CLI: Read URL and credentials from environment variables (#88).
- mySQL driver: Add
max-allowed-packet
setting (#201).
- Unified storage settings for all services (read the UPGRADING.md for details)
- IMAP retrieval of auto-encrypted emails (#203).
- mySQL driver: Parse
timeout.wait
property as duration (#202). X-Forwarded-For
header on JMAP Rate-Limit does not work (#208).- Use timeouts in install script (#138).
Please read the UPGRADING.md file for more information on how to upgrade from previous versions.
- ACME support for automatic TLS certificate generation and renewal (#160).
- TLS certificate hot-reloading.
- HAProxy protocol support (#36).
- IMAP command
SEARCH <seqnum>
is using UIDs rather than sequence numbers. - IMAP responses to
APPEND
andEXPUNGE
should includeHIGHESTMODSEQ
whenCONDSTORE
is enabled.
- SMTP smuggling protection: Sanitization of outgoing messages that do not use
CRLF
as line endings. - SMTP sender validation for authenticated users: Added the
session.auth.must-match-sender
configuration option to enforce that the sender address used in theMAIL FROM
command matches the authenticated user or any of their associated e-mail addresses.
- Invalid DKIM signatures for empty message bodies.
- IMAP command
SEARCH BEFORE
is not properly parsed. - IMAP command
FETCH
fails to parse single arguments without parentheses. - IMAP command
ENABLE QRESYNC
should also enableCONDSTORE
extension. - IMAP response to
ENABLE
command does not include enabled capabilities list. - IMAP response to
FETCH ENVELOPE
should not returnNIL
when theFrom
header is missing.
This version requires a database migration and introduces breaking changes in the configuration file. Please read the UPGRADING.md file for more information.
- Performance enhancements:
- Messages are parsed only once and their offsets stored in the database, which avoids having to parse them on every
FETCH
request. - Background full-text indexing.
- Optimization of database access functions.
- Messages are parsed only once and their offsets stored in the database, which avoids having to parse them on every
- Storage layer improvements:
- In addition to
FoundationDB
andSQLite
, now it is also possible to useRocksDB
,PostgreSQL
andmySQL
as a storage backend. - Blobs can now be stored in any of the supported data stores, it is no longer limited to the file system or S3/MinIO.
- Full-text searching con now be done internally or delegated to
ElasticSearch
. - Spam databases can now be stored in any of the supported data stores or
Redis
. It is no longer necessary to have an SQL server to use the spam filter.
- In addition to
- Internal directory:
- User account, groups and mailing lists can now be managed directly from Stalwart without the need of an external LDAP or SQL directory.
- HTTP API to manage users, groups, domains and mailing lists.
- IMAP4rev1
Recent
flag support, which improves compatibility with old IMAP clients. - LDAP bind authentication, to support some LDAP servers such as
lldap
which do not expose the userPassword attribute. - Messages marked a spam by the spam filter can now be automatically moved to the account's
Junk Mail
folder. - Automatic creation of JMAP identities.
- Spamhaus DNSBL return codes.
- CLI tool reports authentication errors rather than a parsing error.
- JMAP for Quotas support (RFC9425)
- JMAP Blob Management Extension support (RFC9404)
- Spam Filter - Empty header rules.
- Daylight savings time support for crontabs.
- JMAP
oldState
doesn’t reflect in*/changes
(#56)
- Dockerfile entrypoint script.
bayes_is_balanced
function.
This version introduces some breaking changes in the configuration file. Please read the UPGRADING.md file for more information.
- Built-in Spam and Phishing filter.
- Scheduled queries on some directory types.
- In-memory maps and lists containing glob or regex patterns.
- Remote retrieval of in-memory list/maps with fallback mechanisms.
- Macros and support for including files from TOML config files.
config.toml
is now split in multiple TOML files for better organization.- BREAKING: Configuration key prefix
jmap.sieve
(JMAP Sieve Interpreter) has been renamed tosieve.untrusted
. - BREAKING: Configuration key prefix
sieve
(SMTP Sieve Interpreter) has been renamed tosieve.trusted
.
- Option to allow invalid certificates on outbound SMTP connections.
- Option to disable ansi colors on
stdout
.
- SMTP reject messages are now logged as
info
rather thandebug
.
- Support for reading environment variables from the configuration file using the
!ENV_VAR_NAME
special keyword. - Option to disable ANSI color codes in logs.
- Querying directories from a Sieve script is now done using the
query()
method fromeval
. Your scripts will need to be updated, please refer to the new syntax.
- IPrev lookups of IPv4 mapped to IPv6 addresses.
- Journal logging support
- IMAP support for UTF8 APPEND
- Replaced
rpgp
withsequoia-pgp
due to rpgp bug.
- Fix: IMAP folders that contain a & can't be used (#90)
- Fix: Ignore empty lines in IMAP requests
- Option to disable IMAP All Messages folder (#68).
- Option to allow unencrypted SMTP AUTH (#72)
- Support for
rcpt-domain
key inrcpt.relay
SMTP rule evaluation.
- SMTP strategy
Ipv6thenIpv4
returns only IPv6 addresses (#70) - Invalid IMAP
FETCH
responses for non-UTF-8 messages (#70) - Allow
STATUS
andACL
IMAP operations on virtual mailboxes. - IMAP
SELECT QRESYNC
without specifying a UID causes panic (#67) - Milter
DATA
command is sent after headers which causes ClamAV to hang. - Sieve
redirect
of unmodified messages does not work.
- Arithmetic and logical expression evaluation in Sieve scripts.
- Support for storing query results in Sieve variables.
- Results of SPF, DKIM, ARC, DMARC and IPREV checks available as environment variables in Sieve scripts.
- Configurable protocol flags for Milter filters.
- Fall-back to plain text when
STARTTLS
fails andstarttls
is set tooptional
.
- Do not panic when
hash = 0
in reports. (#60) - JMAP Session resource returns
EmailSubmission
capabilities using arrays rather than objects. - ManageSieve
PUTSCRIPT
should replace existing scripts.
- TCP listener option
nodelay
.
- SMTP: Allow disabling
STARTTLS
. - JMAP: Support for
OPTIONS
HTTP method.
- JMAP: Support for setting custom HTTP response headers (#52)
- SMTP: Missing envelope keys in rewrite rules (#25)
- SMTP: Remove CRLF from Milter headers
- JMAP/IMAP: Successful authentication requests should not count when rate limiting
- IMAP: Case insensitive Inbox selection
- IMAP: Automatically create Inbox for group accounts
- Encryption at rest with S/MIME or OpenPGP.
- Support for referencing context variables from dynamic values.
- Support for PKCS8v1 ED25519 keys (#20).
- Automatic retry for import/export blob downloads (#14)
- Sender and recipient address rewriting using regular expressions and sieve scripts.
- Subaddressing and catch-all addresses using regular expressions (#10).
- Dynamic variables in SMTP rules.
- Added CLI to Docker container (#19).
- Workaround for a bug in
sqlx
that caused SQL time-outs (#15). - Support for ED25519 certificates in PEM files (#20).
- Better handling of concurrent IMAP UID map modifications (#17).
- LDAP domain lookups from SMTP rules.
- Milter filter support.
- Match IP address type using /0 mask (#16).
- Support for OpenLDAP password hashing schemes between curly brackets (#8).
- Add CA certificates to Docker runtime (#5).
- LDAP and SQL authentication.
- subaddressing and catch-all addresses.
- S3-compatible storage.
- Merged the
stalwart-jmap
,stalwart-imap
andstalwart-smtp
repositories intostalwart-mail
. - Removed clustering module and replaced it with a FoundationDB backend option.
- Integrated Stalwart SMTP into Stalwart JMAP.
- Rewritten JMAP protocol parser.
- Rewritten store backend.
- Rewritten IMAP server to have direct access to the message store (no more IMAP proxy).
- Replaced
actix
withhyper
.