ANNOUNCE: Haraka v2.3.0

A new year and a new Haraka. This series of changes is rather large, and so anyone deploying over a current installation is urged to test carefully before deploying to production. Having said that we have performed extensive testing on production systems, including a bedding-in session at Craigslist.

The big changes in this release include some new plugins including vpopmaild auth, Qmail::Deliverable recipient checking, DKIM signing support, a bounce plugin for dealing with unwanted bounces, a geoip plugin, a karma plugin like the Qpsmtpd one, and a delay_deny plugin to control when rejections occur. Updated documentation for all these can be found on our web site.

Full list of changes below in order they appeared:

  • Fixes to memory leak when watching config files for changes
  • Support for badly formatted MAIL FROM/RCPT TO lines
  • Fix a memory corruption when fixing line endings
  • Fix breakpoints in plugins when using node inspector
  • Reload config in relay_force_routing without restart
  • Don’t re-attempt TLS upgrade if upgraded already and STARTTLS is re-advertised
  • Improved outbound logging
  • Pass failed recipients to bounce hook in outbound processing
  • Added startup checks to ensure Haraka has been installed correctly
  • Handle case of Haraka server running out of disk space better
  • In mail_from.is_resolvable: move re_bogus_ip into config
  • Added auth/auth_vpopmaild plugin – SMTP AUTH against a vpopmaild server
  • Fixed graph plugin to work with sqlite3
  • Added rcpt_to.qmail_deliverable plugin – Authenticate inbound RCPT TOs against Qmail::Deliverable daemon
  • Added data.headers plugin which merges all the functionality of other default header checks into one manageable place. This deprecates data.noreceived, data.rfc5322_header_checks, and data.nomsgid
  • Added documentation for logging system
  • Added DKIM per-domain signing support
  • Added p0f plugin
  • In relay_acl, if host is allowed by acl, don’t deny the recipient because the domain isn’t in the allow list
  • Add Authentication-Results header (RFC 5451) to all emails
  • Fixed writing the todo file in outbound for newer Node versions
  • Added Karma plugin to support penalizing consistently evil senders
  • Added GeoIP plugin including distance calculation from your mail server
  • Added bounce plugin for handling incoming bounce messages in various ways
  • Fix underscores in documentation so web version doesn’t look so weird
  • By default prevent SMTP AUTH unless on a private IP or using TLS WARNING: May break some uses of Haraka, but is worth it for security
  • In lookup_rdns.strict, check whitelist before looking up IP
  • Big rewrite of the SpamAssassin plugin for simplicity and mainly to pass through X-Spam-* headers provided
  • Added delay_deny plugin allowing more flexibility on when to reject mail
  • Improvements to ini file parsing allowing floats and negative integers, and specifying boolean keys
  • Fix issue causing a CRIT/crash with lost transaction/connection while sending inbound to ongoing SMTP server
  • Allow setting of spamd_user for spamassassin plugin

Big thanks to our contributors for all these changes, especially Matt Simerson who we have stolen from the Qpsmtpd project and Steve Freegard who continues his tireless work on the project.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s