Haraka

3.0.3 - 2024-02-07

Added

• feat(auth_vpopmaild): when outbound, assure the envelope domain matches AUTH domain #3265
• docs(outbound): remove example setting outbound_ip #3253
• doc(Plugins.md): add pi-queue-kafka #3247
• feat(rabbitmq_amqplib): configurable optional queue arguments #3239
• feat(clamd): add x-haraka-virus header #3207

Fixed

• Fix: add empty string as param to .join() on bounce. #3237
• Update links in documentation #3234
• fix(ob/hmail):Add filename to the error for easy debugging
• fix(ob/queue): Ignore 'error.' prefixed files in the queue because corrupted

Changed

• docs(outbound): remove example of outbound_ip #3253
• transaction: simplify else condition in add_data #3252
• q/smtp_forward: always register get_mx hook #3204
• dep(pi-es): bump version to 8.0.2 #3206
• dep(redis): bump version to 4.6.7 #3193
• dep(pi-spf): bump version to 1.2.4
• dep(net-utils): bump version to 1.5.3
• dep(pi-redis): bump version to 2.0.6
• dep(tld): bump version to 1.2.0
• remove defunct config files: lookup_rdns.strict.ini, lookup_rdns.strict.timeout, lookup_rdns.strict.whitelist, lookup_rdns.strict.whitelist_regex, rcpt_to.blocklist, rdns.allow_regexps, rdns.deny_regexps

Fixed

• feat(q_forward): add LMTP routing handling #3199
• chore(q_forward): tighten up queue.wants handling #3199
• doc(q_forward): improve markdown formatting #3199
• helo.checks: several fixes, #3191
• q/smtp_forward: correct path to next_hop #3186
• don't leak addr parsing errors into SMTP conversation #3185
• connection: handle dns.reverse invalid throws on node v20 #3184
• rename redis command setex to setEx #3181

Changed

• test(helo.checks): add regression tests for #3191 #3195
• connection: handle dns.reverse invalid throws on node v20
• build(deps): bump ipaddr.js from 2.0.1 to 2.1.0 #3194
• chore: bump a few dependency versions #3184
• dns_list_base: avoid test failure when public DNS used #3184
• doc(outbound.ini) update link #3159
• doc(clamd.md) fixed spelling error #3155

• 1dae4b9e fix(bin/haraka): set server.cfg and pass to conn
• ed574777 dep(pi-spf): bump version 1.1.3 to 1.2.0
• 899eb9e6 update changes
• 3d9312ff fix: dkim_verify fails to find record #3149
• 02b74f9e lint: move eslint config
• b179dc1e plugins: Add haraka-plugin-outbound-logger to registry (#3146)
• d701c14e Fixed error messages for help options (#3142)

3.0.0 - 2022-12-17

Added

• feat: prevent local delivery loop when target exchange resolves to a local hostname #3002
• feat: format DKIM signature to multiline #2991

Fixed

• fix(tls): redis promise syntax for tls & ob/tls #3064
• fix(attachment): error handling with complex archive #3035
• fix(smtp_client): run "secured" once, fixes #3020
• fix(smtp_client): add missing $ char in front of interpolated string
• fix(auth_proxy): run "secured" only once, improvement for #3022
• fix(helo): remove multi-check from should_skip #3041
• fix(outbound): outbound local mx check #3010
• fix(outbound): prevent delivery loop when target MX resolves to local hostname #3002
• fix(conn): socket can't be released when disconnect after DATA command #2994

Changed

• dep(generic-pool): remove pooling from outbound #3115
• smtp_client: disable pooling in get_client_plugin, #3113
• smtp_forward: restore ability to enable queue_outbound #3119
• ./mailbody & ./mailheader moved to haraka-email-message #3071
• config/plugins: update name of uribl plugin
• doc(queue.js) spelling & grammar improvement #3051
• doc(rails): add haraka-plugin-queue-rails #2995
• doc(smtp.ini): correct spelling of SMTPUTF8 #2993
• style(es6): use optional chaining when accessing transactions #2732
• style(smtp_client): pass args as objects (was positional)
• style(plugin/*): transaction guarding #3032
• dep(spf): remove to separate plugin #3078
• dep(iconv): removed, declared in haraka-email-message)
• dep(haraka-plugin-redis)!: 1.0 -> 2.0 #3038
• dep(redis)!: 3.1 -> 4.1 #3058
• dep(generic-pool): remove pooling from outbound #3115
• smtp_client: remove smtp_* pooling support in #3113
• dep: bump plugin versions #3063
• dep: bump haraka-plugin-asn from 1.0.9 to 2.0.0 #3062
• dep(redis): 3.1 -> 4.1 #3058
• dep(nopt): 5 -> 6.0.0 #3076
• dep(haraka-plugin-fcrdns): 1.0.3 -> 1.1.0 #3076
• dep(haraka-plugin-redis): 1.0 -> 2.0 #3038
• dep(nodemailer): 6.7.0 to 6.7.2 #3000, #3004
• dep: add explicit dependency on node-gyp 9
• ci: github action tweaks #3047
• chore: transaction guarding #3032
• ci: enable windows node 16 testing #3036
• chore: update phusion image #2988
• chore: add lots of if (!transaction) return in places #2732
• chore(test): build shims for windows-2022 & node on windows #3052
• chore(test): restore CI tests to working order #3030
• dkim_sign: reformat dkim signature to multi-line #2991
• dkim_sign: remove spurious error logging #3034
• tls: add force_tls option to the ToDo object
• fix(banner): banner was inserted erroneously into text attachments
• outbound: remove hardcoded AUTH PLAIN authorization identity
• outbound: set acquireTimeoutMillis to prevent constant reconnect to unreachable servers
• style(smtp_client): pass args as objects (was positional)
• uribl: timeout DNS 1 second before plugin, #3077
• uribl: load .ini config to plugin.cfg, add basic tests #3077

Changes

• added ability to define a default relay in relay_dest_domains
• spamassassin: replace msg_too_big & should_check with should_skip #2972
• spamassassin: allow returning DENYSOFT on errors #2967
• dep: use caret version range for all dependencies #2965
• outbound: disable outbound to localhost by default #2952
• connection error logging: use key-value paris #2921
• tls: change default to NOT send TLS client certs #2902
• dep: redis is now a dependency #2896
• use address-rfc2821 2.0.0
• http: use CDN for bootstrap/jquery, drop bower #2891
• drop support for node 10 #2890

New features

• tls: require secure and verified sockets for configured hosts/domains
• tls: add no_starttls_ports - an array of incoming ports where STARTTLS is not advertised
• outbound: add local_mx_ok config #2952
• skip plugins at runtime by pushing name into transaction.skip_plugins #2966
• outbound: add ability to specify delay times for temporary fails in temp_fail_intervals #2969

Fixes

• bounce: correctly set fail recipients #2901
• bounce: correctly set bounce recipients #2899
• Get local_ip from getsockname() instead of server properties #2914
• Received header TLS section adheres more closely to RFC 8314 #2903
• use RFC-2045 Quoted-Printable in email message body
• use RFC-2047 Q encoded-words in email headers

Changes

• bump verions of several dependencies #2888
• propagate hmail notes to split copies #2887
• log.ini: add json to list of formats in config doc #2881
• exclude port 587 from TLS NO-GO feature #2875
• strip haraka-plugin- prefixes off plugin names in config/plugins #2873
• pass smtp.ini config from Server into connections & transactions #2872

New features

• add ability to disable SMTPUTF8 advertisement #2866

Fixes

• assure headers.max_lines is initialized as integer #2878
• require haraka-net-utils >= 1.2.2 #2876

Changes

• add config options for OAR & AR headers #2855
• plugins.js: also strip haraka-plugin prefix from plugin.name #2846
• smtp_forward/spamssassin: grab refs of conn/txn to avoid crashes due to lack of existence. #2847
• outbound: add extended reason to bounce message #2843
• hgrep: replaced perl script with shell script #2842
• connection: send temp error when requested #2841
• headers: updated deprecated messages #2845
• hmail: socket.on -> socket.once #2838
• hmail: check for zero length queue file #2835
• outbound: add os.hostname() as default for outbound HELO #2813
• use node v10's mkdir instead of mkdirp #2797
• CI: drop appveyor and Travis #2784
• lint: add 'prefer-template'
• update async to version 3.2.0 #2764
• update redis to version 3.0.0 #2759
• remove deprecated max_unrecognized_commands from config #2755
• CI: add ES2017 support, drop node 8 #2740
• fix broken bannering on nested mime parts #2736
• restore TLS version info, set correctly #2723
• better error message when invalid HELO hostname is rejected
• bring STARTTLS "TLS NO-GO" feature in line with Outbound's #2792
• add listener for secureConnect #2828
• removed plugins/data.headers to haraka-plugin-headers #2826
• add zero-length queue size check
• send temp instead of hard error when asked to by unrecognized_command

New features

• Allow web interface to be bound to unix socket #2768
• tls: add configurable minVersion to tls socket options #2738
• connection_close_message: added ability to override close connection message replacing closing connection. Have a jolly good day. #2730
• add JSON format for logging #2739
• support binding web interface to unix socket

Fixes

• check for punycode domain names when resolving MX, avoid crash #2861
• wait until entire message is spooled when spool_after in use #2840
• hmail: add missing space in temp_fail emitter #2837
• fix outbound config reloading after outbound split #2802
• smtp_forward: remove redundant outbound hook #2796
• smtp_forward: this plugin does not use the queue_outbound hook anymore #2795
• Fix connection pool not being unique when hosts and ports were equal between domains #2789
• fix connection pool not being unique when hosts and ports were equal between domains #2788
• Fix outbound.bounce_message To: header (and add Auto-Submitted) #2782
• Fix support for DKIM signing when forwarding and aliasing is enabled #2776
• Better error message when EHLO hostname does not have a dot #2775
• fix bannering on nested mime parts #2737
• TLS: don't abort loading certs in config/tls dir when an error is encountered. Process every cert file and then emit errors. #2729
• restore TLS version, correctly #2723

Changes

• conn: remove TLS version from header #2648
• Actually enforce using key for INTERNALCMD #2643
• trans: assign conditions to named vars #2638
• drop node.js v6 support #2632
• conn: use is_local instead of localhost addr tests #2627
• spamassassin: spamassassin: strip useless WS from tests #2624
• es6: many updates #2615, #2674, #2680
• systemctl: update service definition #2612
• lint: bracket style to match newer eslint:recommended #2680
• lint: use object shorthands (eslint:recommended) #2680
• logger: use safer Object.prototype.hasOwnProperty #2680
• outbound: permit # char in SMTP status code response #2689
• dkim_sign: improve docs, add tests, es6 updates #2649
• dkim_sign: restore default key signing feature #2649
• tmp module: update to latest #2614
• semver: update to latest #2616, #2651
• async: update to latest #2653, #2664
• repo cleanup: replaced deprecated plugins with list #2681
• spf: es6 patterns, results.pass, test improvements, es6 patterns #2700

New features

• spf: add config option to fail on NONE #2644

Fixes

• mailheader: fully quality header name in _remove_more #2647
• haraka: Connection.createConnection is not a constructor #2618
• problems with japanese characters in body and part header #2675
• toobusy: fix hook name (connect_pre -> connect) #2672
• outbound: watch for socket timeouts #2687
• outbound: permit # char prefix in SMTP status code response #2691
• mailheader: strip whitespace between encoded-words #2702

Changes

• early_talker: skip if sender has good karma #2551
• dockerfile: update to node 10 #2552
• Update deprecated usages of Buffer #2553
• early_talker: extend reasons to skip checking #2564
• tls: add 'ca' option (for CA root file) #2571
• outbound: little cleanups #2572
• smtp_client: pass pool_timeout to new SMTPClient #2574
• server: default to nodes=1 (was undefined) #2573
• test/server: use IPv4 127.0.0.1 instead of localhost #2584
• queue/smtp_*: add v3 upgrade notice and config setting #2585
• spf: use the skip config for helo/ehlo checks #2587
• spf: avoid 2nd EHLO evaluation if EHLO host is identical #2592
• queue.js refactoring #2593
• Log dkim_sign parse errors with connection ID #2596
• Update ipaddr.js to the latest version #2599
• make inactivity timeout match docs #2607

New Features

• Implement SIGTERM graceful shutdown if pid is 1 #2547
• tls: require validated certs on some ports with requireAuthorized #2554
• spamassassin: disable checks when requested #2564
• clamd: permit skipping for relay clients #2564
• outbound: exported outbound.temp_fail_queue, outbound.delivery_queue and add TimerQueue.discard()
• status: new plugin #2577

Fixes

• mf.resolvable: reduce timeout by one second (so < plugin.timeout) #2544
• LMTP blocks under stress #2556
• invalid DKIM when empty body #2410
• prevent running callback multiple times on TLS unix socket #2509
• add missing callback when listing queue and empty directory
• correct MIME parsing when charset: utf8 and encoding: 8bit #2582
• spamassassin: default check flags to true #2583
• smtp_client: destroy when connection gets conn timeout error #2604
• on error and timeout, remove listeners and destroy conn. #2606

2.8.22 - Nov 17, 2018

New Features

• enable tls/ssl for rabbitmq amqplib plugin #2518

Fixes

• hmail: don't send RSET to LMTP #2530

Changes

• clamd: add check.authenticated, check.private_ip, check.local_ip option
• use get_decoded on headers that may be encoded #2537
• connection: move max_mime_part config load to connection init #2528
• outbound: init TLS when we send email, not when old queue file is loaded #2503

Changes

• relay: update port 465 doc #2522
• hmail: log the correct err message #2531
• ob/tls: consistently use obtls (vs plugin) for "this" name #2524
• outbound: add domain to loginfo message #2523
• Add connection.remote.is_local #2532
• update license #2525
• perf: move max_mime_parts config load to connection init #2529
• update semver to version 5.6.0 #2517
• added hint to encrypted file authentication #2514
• dkim_sign: improved log messages #2499
• ehlo_hello_message: config/ehlo_hello_message can be used to overwrite the EHLO/HELO msg replacing , Haraka is at your service #2498
• connection: add connection.remote.is_local flag for detecting loopback and link local IPs
• add .name to outbound TLS for logs #2492

• New Features
  • n/a
• Fixes
  • data_headers: check defined-ness of hdr_address after try/catch #2458
  • tls: remove tls.ini loading from plugins/tls #2459
  • tls: remove invalid opt from load_tls_ini #2456
  • outbound: escape values in HTML bounce correctly #2446
  • dkim_sign: catch exceptions when address-rfc2822 fails to parse From #2457
• Changes
  • logger: Add "obj" log param to log hook that contains log data by type #2425
  • logger: include outbound client ID in logging #2425
  • logger: allow specifying uuid in params when logging #2425

New Features

• outbound: skip STARTTLS after remote host fails TLS upgrade #2429
• dns_list_base: introduce global plugin.lookback_is_rejected flag #2422

Fixes

• replace all _ chars in hostnames with code points #2485
• Don't die on invalid commands #2481
• outbound: check list exists before attempting to use it #2478
  • refactor outbound/hmail.process_ehlo_data #2488
• tls: skip when redis is undefined #2472
• Don't run delivered hook on LMTP fail #2470
• Add tls_socket.load_tls_ini() to tls.register() #2465

Changes

• outbound/tls: make into a class #2474
• plugins: clear timeout on cancel #2477
• txn.parse_body consistently a boolean #2476
• update ipaddr.js to version 1.8.0 #2468

• New features
  • outbound: received_header=disabled supresses outbound Received header addition. #2409
  • auth_base.js: check_plain_passwd and check_cram_md5_passwd can now pass message and code to callback routine
  • spf: allow bypass for relay and AUTH clients #2417
  • spf: optionally add OpenSPF help text to rejection #2417
  • auth_base: prevent storing of AUTH password in connection.notes.auth_passwd by setting plugin.blackout_password. #2421
• Fixes
  • Mitigate MIME part explosion attack #2447
  • Always prefix ClamAV with a Received header #2407
  • plugins/data.headers.js: wrap address-rfc2822 header parse into try block #2373
  • tls_socket: as client, only apply TLS opts if config is valid #2414
  • when installing, creates config/me if missing #2413
  • queue/qmail-queue: fix a 2nd crash bug when client disconnects unexpectedly #2360
  • remove desconstruction of SMTP commands to prevent exception #2398
  • attstream: return self so that pipe() calls can be chained together. #2424
  • outbound: fix dotfile cleanup to consider platform-based prefix. #2395
  • outbound: fix handling of LMTP socket when a socket path is specified. #2376
• Changes
  • relay: move relay acl check to connect_init so flag is set earlier #2442
  • process_title: add total recipients, avg rcpts/msg, recipients/sec cur/avg/max and messages/conn #2389
  • when relaying is set in a transaction, don't persist beyond the transaction #2393
  • connection.set supports dot delimited path syntax #2390
  • remove deprecated (since 2.8.16) ./dsn.js
  • Add transaction.msg_status property that reflects message status. #2427
  • Add transaction.notes.proxy object that hold HAProxy details. #2427
  • spamassassin: make relay header configurable. #2418
  • deprecate max_unrecognized_commands plugin in favor of limit. #2402
  • xclient: add support for DESTADDR/DESTPORT. #2396

• New features
  • smtp_forward: domain configuration is now chosen based on domain_selector #2346
• Fixes
  • queue/qmail-queue: fix crash bug when client disconnects unexpectedly #2360
  • tls: fix crash bug in unrecognized_command hook
  • dkim_key_gen.sh: improve usability and parameter parsing #2355
• Changes
  • document force_shutdown_timeout and graceful_shutdown settings #2350

• New Features
  • SMTPS port is configurable #2269
  • smtp_forward: enable_outbound can be set per domain #2335
• Fixes
  • Fix ability to set log level to emerg #2128
  • outbound/hmail: use Buffer to correctly read binary file data + tests #2231
  • quarantine: consolidate 2x hook_init_master functions
  • tls_socket: restore SNI functionality, emit count of TLS certs #2293
  • fix smtp_client error handling #2298
  • fix outbound pools #2317
  • add openssl-wrapper as dependency #2320
  • replace _ chars in hostnames with code points #2324
  • add this.removeAllListeners('connection-error') #2323
  • Fix crashing on RSET #2328
  • Prevent data headers crit fail #2329
  • Fix undefined max_lines in log message #2337
• Changes
  • line_socket: remove superfluous function #2339
  • consistent end of function declaration semicolon #2336
  • connection: assure hostname is set #2338
  • smtp_client: Fix log message typo #2334
  • Update ipaddr.js to version 1.6.0 #2333
  • Warn on max_header_lines #2331
  • update jquery version #2322
  • plugins: add SRS plugin to registry #2318
  • tls_socket: only generate dhparam.pem on master process #2313
  • add ENOTFOUND to also check A record #2310
  • smtp_forward: correct config file name in docs #2309
  • reduce severity of iconv conversion failure #2307
  • Add txn UUID to "250 Message Queued" #2305
  • mailheader: reduce log level priority #2299
  • greylist: only log redis DB errors when exist #2295
  • data.headers: reduce undef MLM logerror to logdebug #2294
  • quarantine: consolidate 2x hook_init_master() #2292
  • move test_queue to queue/test #2291
  • in haraka plugin test mode, add server.notes #2248
  • outbound/hmail: refactor #2238
  • outbound/hmail: add JSON sanity test before JSON.parse #2231
  • outbound/index: use newer Buffer.from syntax #2231
  • outbound/hmail: make haraka queue files human friendly #2231
  • plugins/rcpt_to.ldap -> haraka-plugin-rcpt-ldap #2144
  • plugins/auth/auth_ldap -> haraka-plugin-auth-ldap #2144
  • plugins/smtp_forward: enable_outbound can be enabled/disabled for specific domains
  • auth_proxy: read TLS key and cert files from tls.ini #2212
  • README: typo fixes #2210
  • incorrect RCPT TO reply message #2227
  • Resolve decoding bug when root part is base64 encoded. #2204
  • Resolve base64 data truncation #2188
  • Fix damaged encoding when body is non-utf #2187
  • Fix disconnect hooks #2184
  • ability to set log level to emerg #2128
  • Improve docs for Address objects #2224
  • connection: replace 3x ternaries with get_remote() #2169
  • connection.local.host populated with hostname (from config/me) #2165
  • connection.local.info populated with Haraka/version #2196
  • npm packaged plugins:
    • plugins/rcpt_to.ldap -> haraka-plugin-rcpt-ldap #2144
    • plugins/auth/auth_ldap -> haraka-plugin-auth-ldap #2144
    • plugins/graph -> haraka-plugin-graph #2185
    • plugins/graph -> haraka-plugin-graph #2185
  • config: replace ./config.js with haraka-config #2119
  • Replace concatenated strings with template literals (#2129) in:
    • attachment #2260
    • bin/spf #2129
    • bin/dkimverify #2278
    • connection #2129, #2243
    • delay_deny #2264
    • dkim #2216
    • dsn #2265
    • host_pool #2198, #2245
    • logger #2277, #2246
    • mailbody #2280
    • max_unrecognised_commands #2171
    • outbound/hmail #2259
    • outbound/index #2249
    • outbound/todo #2233
    • plugins #2239
    • plugins/aliases #2229
    • plugins/attachment #2155
    • plugins/auth_base #2252
    • plugins/avg #2156
    • plugins/backscatterer #2261
    • plugins/bounce #2229
    • plugins/clamd #2237
    • plugins/connect.rdns_access #2262
    • plugins/data.headers #2263
    • plugins/data.uribl #2258
    • plugins/helo.checks #2255
    • plugins/rcpt_to.in_host_list #2253
    • plugins/spamassassin #2256
    • plugins/profile #2170
    • plugins/rcpt_to.host_list_base #2254
    • plugins/relay #2174
    • plugins/relay_acl #2177
    • plugins/spf #2266
    • plugins/toobusy #2186
    • plugins/xclient #2159
    • rfc1869 #2159
    • smtp_client #2129, #2208
    • tests/host_pool #2159
  • use es6 destructuring (#2075) in:
    • connection #2230
    • dkim #2232
  • use es6 classes (#2133) in:
    • attachment #2260
    • attachment_stream #2215
    • chunkemitter #2219
    • dkim #2206
    • dsn #2247
    • host_pool #2194
    • mailheader #2213
    • mailbody #2213
    • smtp_client #2221
    • spf #2214
    • tls_socket #2190
    • timer_queue #2226
    • outbound/hmail #2197
    • outbound/todo #2233
  • Automatically set connection.remote.is_private when connection.remote.ip is set #2192
  • Add remove_msgid and remove_date options to outbound.send_email #2209
  • Add origin option to outbound.send_mail #2314

• Changes
  • additional tests get var -> const/let medicine #2122
  • move connection states into haraka-constants #2121
  • lint: remove useless escapes #2117
  • lint: switch no-var to error #2109
  • rspamd: repackaged as NPM module #2106
  • dsn: repackaged as NPM module haraka-dsn #2105
  • outbound: add results when queueing #2103
  • spamassassin: skip adding headers when value is empty #2102
  • Replace console.log with stdout #2100
  • update js-yaml to version 3.10.0 #2097
  • repackage p0f plugin to NPM #2076
  • ES6: replace var with const or let #2073
• Fixes
  • daemon cwd #2126
  • updated fcrdns plugin name passed to results #2115
  • tls: only apply default key/cert paths when undefined #2111
  • dkim_verify: fix formatting of auth results #2107
  • smtp_forward: consistently use queue.wants #2107
  • haraka was adding TLS header on non-TLS connection #2103
  • dkim typo fix #2101
  • fix rfc2231 parsing code to cope with continuation #2089

2.8.15 - Sep 10, 2017

• Changes
  • Remove unused folders from installation #2088
  • smtp_forward stores queue note at queue.wants #2083
  • add get/set to conn/txn.notes #2082
  • additional results storing in smtp_forward and quarantine #2067
  • Permit log settings to be set w/o LOG prefix #2057
  • support INFO and LOGINFO as config settings #2056
  • log.ini, new default location for log related settings #2054
  • dcc: replace with npm packaged version #2052
  • qmd: replace rcpt_to.qmail_deliverable with npm #2051
  • rspamd: pass SPF evaluation #2050
  • add logfmt support #2047
  • update ipaddr.js to version 1.5.0 #2037
  • update redis to version 2.8.0 #2033
  • disable graceful for SIGTERM #2028
  • add additional integration tests #2026
  • move most npm packaged plugins into optionalDependencies #2023
• New Features
  • TLS certificate directory (config/tls) #2032
  • plugins can specify a queue plugin & next_hop route #2067
  • connection/transaction notes now have get/set #2082
• Fixes
  • haraka cli will now create folders if they don't exist #2088
  • maybe fix for #1852 503 response #2064
  • crash when 'AUTH LOGIN' is sent after a successful auth #2039
  • docs: fixed swaks test command #2034
  • dkim: prevent dkim_verify from causing 'cannot pipe' #1693

2.8.14 - Jul 26, 2017

• Changes
  • Fix auth plugin failure when re-selecting auth method #2000
  • don't crash Haraka when invalid YAML config encountered #2013
  • update semver to version 5.4.0 #2015
  • relay docs: correct the config file name #2012
  • rename config/xclient.hosts to match plugin & docs #2014
  • build_todo() is part of the outbound/index.js api #2016
  • update js-yaml to version 3.9.0 #2002
  • outbound/hmail: use WRITE_EXCL from haraka-constants #2011
  • replace plugins/log.elasticsearch with npm packaged #2004
  • Remove two spurious log statements #1989
  • access: rebuild blacklist upon change (vs supplement) #1990
  • deliver to qmail-queue with LF line endings (not CRLF) #1997
  • doc: add note that smtp_forward only supports STARTTLS #1988
  • import Plugins.md from v3 #1991
  • update async to 2.5.0 #1982
  • update iconv to 2.3.0 #1981
  • require node.js v6+ #1958
  • update ipaddr.js to 1.4.0 #1972
  • support newer address-rfc2822 #1970
  • update node-address-rfc2821 version to 1.1.1 #1968
  • outbound: be consistent with todo.domain #1960
  • bump haraka-results required version #1949
  • logger: load in a setImmediate call #1948
  • logger: strip intermediate \n chars #1947
  • tls consistency cleanups #1851
  • Get pool config handling simplifcation #1868
    • add integration test: send message w/smtp_client
  • replace some legacy code with es6 #1862
  • update async to version 2.2.0 #1863
  • update ipaddr.js to version 1.3.0 #1857
  • update redis to version 2.7.0 #1854
  • assure conn/tran still exists before storing results #1849
  • moved tls.ini parsing to net_utils #1848
  • smtp forward dest split routing #1847
  • rspamd: refactor complex condition into function #1840
  • block js attachments #1837
  • helo.checks: bring plugin into alignment with docs #1833
  • when proxy enabled, update remote.is_private too #1811
  • create an outbound queue filename handler #1792
  • replace connect.fcrdns with npm package #1810
  • add an additional node_modules plugin search path #1805
  • Set graceful shutdown off by default #1927
  • Allow outbound pools to be disabled #1917
  • Outbound split and move into folder #1850
  • don't emit binary characters into the logs #1902
  • Add .editorconfig #1884
  • tls: remove interim variables #1871
• New Features
  • Use punycode domain (support SMTPUTF8) #1944
  • Added RabbitMQ vhost support #1866
  • clamav: allow "Unknown Result" and Socket Error to try next host #1931
  • outbound client certificates #1908
  • Implement the missing upgrade method on SMTPClient #1901
  • Remove typo from relay.md #1886
• Fixes
  • outbound: fix queue not loaded for single process #1941
  • outbound: Fix undefined variable platformDOT in hmail.js #1943
  • outbound: fix undefined FsyncWriteStream var #1953
  • Fix cluster messaging for node v6+ #1938
  • outbound: fix loading under cluster. #1934
  • Check pool exists before delete #1937
  • be more strict in attachment filename matching #1957
  • doc typo fix #1963
  • RabbitMQ: fix encoding of user and password string #1964
  • spf: improve modifier regexp #1859
  • rabbitmq doc typo in config file name #1865
  • URL to manual was 404, point to Plugins.md #1844
  • smtp_client: set idleTimeout to 1s < pool_timeout #1842
  • fix broken continuations #1843
  • doc error for the 'check.authenticated' setting in rspamd plugin #1834
  • emit the result, not all of them #1829
  • fix outbound logger #1827
  • fix forwarding with client auth over TLS (forward to gmail) #1803
  • Don't blow the stack on qstat #1930
  • run dumped logs through log plugins, not console #1929
  • Fix path parsing bug on Windows platform #1919
  • helo: make sure list_re is defined before access #1903
  • TLS: handle case where OCSP server is unavailable #1880
  • rspamd: add missing 'default' keyword #1856
  • disable naïve comment stripping #1876

• Changes
  • new haraka-plugin-limit #1785
    • replaces plugin/limit, plugin/rate_limit, and haraka-plugin-outbound-rate-limit
  • p0f: skip on private IPs (normally empty) #1758
  • spf: skip for outbound when context != myself #1763
  • redis: plugins using redis can inherit redis config #1777
  • redis: replace plugins/redis with haraka-plugin-redis #1786
  • lint: require space before function declaration #1784
  • lint: added eslint:recommended #1790
  • logger: remove logger.colorize code for legacy node versions
• New Features
  • redis: add redis_subscribe_pattern() #1766
  • queue/discard: add ENV that permits discarding #1791
• Improvements
  • rspamd: improve response parsing #1770
  • restore Windows testing to working state #1755
  • elasticsearch: use UTC dates for index creation #1771
  • tls: fix dhparam usage example syntax #1774
  • typo: logerr -> logerror #1776
  • when generating long DKIM keys, include a BIND compatible folded key #1775
  • in haraka-test-fixtures, access results via fixtures.results #1783
  • integration test: end to end server testing #1791
• Bug Fixes
  • spf: restore functionality for relay context=myself #1759
  • rate_limit:if incr creates a new record, assure it has a TTL #1781
  • tls: do not create a top level secureContext #1787
  • dnswl: swap lines to fix missing inherited methods #1793
  • dnswl: fix config loader callback syntax #1794
  • tests/plugins: unset process.env.HARAKA to avoid side effects that interfere with other tests
  • remove auth_flat_file sample auth user #1796

• Changes
  • plugin/karma -> npm packaged haraka-plugin-karma #1747
  • update generic-pool 2.4.2 -> 2.5.0
• New Features
  • Added option to bypass SpamAssassin headers' merge #1745
• Improvements
  • reduce severity of debug message #1744
  • fix misleading entries in config/tls.ini #1734
  • Misc. performance improvements #1738
  • set tls.sessionIdContext property (for Thunderbird compat) #1740
• Bug Fixes
  • Swap lines to avoid clobbering response array #1743