Changelog

2.5.1 - 20250506

• fix remove local socket from "limits" plugin
• fix user quotas warnings email target
• fix removed huge debug outputs from haraka
• fix run all internal crons as mail user
• fix prevent depreciation notices
• fix update string variables to new PHP format
• use prod env for all internal commands
• update JMS serializer library
• fix invalid quota form transform
• replace custom sendmail with msmtp

2.5.0 - 20250505

• Debian Bookworm
• Dovecot 2.4
• PHP 8.2
• Z-Push 2.7.5
• Domain quota system for PRO users!
• ClamAV 1.4.2
• Roundcube 1.6.10
• fix #1127 title translation
• fix #1128 removed SORBS.net
• update configs to latest Haraka version
• remove localhost from free relay (Sieve moved to internal sendmail alternative)
• fix message for blocked outbound to help users
• fix dnsbl check - remove non-unique items
• minor design evolution
• fix missing protocol in Elasticsearch docs
• fix date log discrepancy
• fix php 8.4 depreciations
• fix #1118 make navbar static
• fix Kernel to latest symfony stable
• fix #1121 add port 465 to diagnostics

2.4.10 - 20241203

• DNSBL list revisited
• refactor self-IP resolution
• updated dependencies

2.4.9 - 20241018

• fix #1089 remove zero bytes at startup
• fix #1086 separate version check outside cron file
• ES fix API key and HTTP basic authorization
• internal only redirects feature
• redirects to all domain's boxes (*@example.com)
• optional WebDAV

2.4.8 - 20240905

• fix missing DKIM when email was SRSed
• fix missing ARC/DKIM in cases when From header should be parsed
• remove redundant LMTP header in case of Dovecot local delivery
• add full mail regex filter to rspamd multimap

2.4.7 - 20240806

• Roundcube 1.6.8
• fix #1081 error 500 if box name is empty

2.4.6 - 20240702

• Node 22
• RSPAMD multimap filters
• removed nginx absolute redirects

2.4.5 - 20240610

• Roundcube 1.6.7
• fix DNS crash part 3

2.4.4 - 20240605

• fix obnoxious DAV debug PHP notice
• fix DNS crash part 2

2.4.3 - 20240604

• fix queryMx ESERVFAIL crash
• fix missing Haraka logs
• add option to debug DAV

2.4.2 - 20240530

• fix custom TLS settings for Haraka

2.4.1 - 20240524

• fix #1047: SPF check is always neutral

2.4.0 - 20240521

• ARC implementation
• BIMI implementation
• addedd customizable regex rspamd filter (via web ui)
• fix mixed charset score (rspamd)
• fix fuzzy learning (rspamd)
• more strict DMARC in wizard

2.3.21 - 20240315

• fix #1038 error in log viewer
• fix DNSBL test with public resolvers
• fix and test DAV for EM Client, iOS Apple mail

2.3.20 - 20240226

• Roundcube 1.6.6
• DAV redirect for Apple devices
• DAV fix auth
• internals cleaning and refactoring for Symfony update

2.3.19 - 20240129

• update FREE version NodeJS to prevent privs issue
• wide code refactor
• remove dead code at multiple places

2.3.18 - 20231214

• revert to NodeJS v18, details later
• add csv export to logs
• fixed typo in layer limits image

2.3.17 - 20231204

• fix rspamd config typo

2.3.16 - 20231204

• fix #1022, ref #1018 get rid of statx enabled coretools interaction
• get rid of missing file error when installing
• fix invalid template in Quarantine controller
• fix #1024 show delivery logs to domain administrator
• fix #974 fuzzy check to actually work
• fix #998 add ElasticSearch index to delivery_result.type
• fix #1000 roundcube db update to container init
• fix #674 allow all local reverse proxies

2.3.15 - 20231107

• Node.js version 20
• Roundcube 1.6.5
• fix deprecated command message for le:renew

2.3.14 - 20230902

• fix #991 limiting realtime table size
• cipher list for legacy clients fix
• fix outbound submission TLS settings for failing connections
• multiple updated dependencies

2.3.13 - 20230502

• fix SMTP crash when peer has obsolete TLS
• fix MAIL FROM/RCPT TO parser error leak
• fix zero-bytes queue file crash

2.3.12 - 20230411

• updated Lescript to 0.3.0
• ref #973 fix domain forward in middle of the path
• fix missing roundcube config message
• fix #973 fix configuration of RSPAMD DMARC reporting
• red #974 add debug messages for sieve learn spam/ham
• php 7.4 + debian:stable
• fix paginator to add first row
• english language tuning
• remove Goutte and update some deps

2.3.11 - 20230203

• fix #955 remove / from valid domain characters
• fix missing discard flag
• fix invalid address in redirect target
• roundcube 1.6.1
• new feature: custom domain outbound ip&hello
• enhanced pagination
• multiple minor design fixes and changes

2.3.10 - 20221115

• fix #959 missing path at reconnect at p0f plugin
• fix #960 use INTL_IDNA_VARIANT_UTS46 and fix return codes of validations
• removed AUTH PLAIN authorization identity for smart delivery
• DQS implementation documented at https://poste.io/doc/dqs-implementation
• rewritten multiple internal plugins with async/await
• update deprecated Haraka plugin paths
• loading latest version tag info with additional checks

2.3.9 - 20220829

• prevent assuming Spamhaus's error as positive

2.3.8 - 20220614

• regular update
• Elasticearch integration
• fix Dovecot expunge (truncate mailbox)
• Roundcube 1.5.2
• fix attachment.js error handling with complex archive Haraka#3035
• Node.js 16

2.3.7 - 20220307

• fix hanging redis connections causing multiple internal problems
• fix prevent setting empty password when editing user

2.3.6 - 20220110

• fix prevent account self-disable
• fix #918 forbid domain admin manipulate rights

2.3.5 - 20211215

• update roundcube to 1.5.1
• fix #895 eliminate lmtp queue hook and process directly without side efects
• fix #899 handle situations where inodes not available (ex. brtfs)
• fix #905 remove line before add at config.inc.php
• fix #904 OPTIONS WebDAV request forbidden
• fix privacy plugin to not remove X-MS-Exchange-SenderADCheck which might be included in DKIM hash (redirects might be affected)
• fix move auth/poste before karma punishments
• fix invalid domain quota view
• show redirects in log viewer
• fix #887 remove auth-ws from symfony firewall
• fix HTTP 500 when password is invalid
• initial implementation of elasticsearch for log search (PRO only)
• multiple typos and small changes

2.3.4 - 20210910

• fix invalid SRS when relaying emails without AUTH
• fix delivery MX resolution where invalid dns host appears

2.3.3 - 20210909

• fix #886 mail ending in wrong mailboxes when using domain bin (+test)
• fix CZ translation of quarantine count

2.3.2 - 20210907

• rewriten forwarding system - aliases/redirects are handled inside of haraka itself (not with sieve scripts)
• raised session lifetime for roundcube
• fix HTTP 500 at install instruction
• shorten healthcheck time to 30s
• fix missing bsdtar for attachment plugin
• added missing CZ login screen translation
• multiple minor improvements

2.3.1 - 20210809

• multiple form submit errors fixed

2.3.0 - 20210803

• fix #871 raw log is always cleaned, no matter the settings
• major rewrite to upgrade to latest stable Symfony
• update to latest Roundcube
• rewrite of build and testing system

2.2.32 - 20210507

• regular update
• removed SafeBrowsing at freshclam.conf
• fixed deprecation warnings by node
• build z-push download fix

2.2.31 - 20210329

• regular update due https://security-tracker.debian.org/tracker/CVE-2021-3449 (apt update && apt upgrade in container is also sufficient)
• fix info leakage of roundcube version

2.2.30 - 20210310

• fix domain administrator rights escalation
• fix list of domain leakage for domain administrators

2.2.29 - 20210126 hotfix

• fix automatical blocking of limited senders

2.2.27 - 20210121

• fix check amount of recipients with limits when it could send over quota
• fix numerous problems with cron failing on 'NUMBER OF HARD LINKS > 1'
• fix #820 add edit header
• fix #818 loop in rotated roundcube logs

2.2.26 - 20201124

• fix #813, #814 lower remote peer TLS config expectation

2.2.25 - 20201119 (revert quarantine)

• fix "statx" problem in older docker installations

2.2.24 - 20201116 (quarantine)

• fix #800 add new self-signed cert
• fix #802 adjust nginx healthcheck port according to env
• remove tls no-go feature for submission since it doesn't make sense anyway ref #807
• fix #808 allow changing box domain super admin only
• raise timeout for log search

2.2.23 - 20200925

• regularly clear redis pubsub connections
• fix "invalid IP address" message
• fix another outbound loop
• fix Haraka sending EHLO twice in special case

2.2.22 - 20200901 (back to the school)

• added discard option on mailbox (especially handy for bounced dmarc reports to prevent loops)
• fix #791 don't try deliver to invalid MX IPs
• introduced short term raw logs cleaning since summaries should be enough for long term
• fixed zero length queue file crash
• fixed multiple looping problems inside mailserver
• lowered redis idle timeouts
• raised timeouts for web log search
• relay hitting limit notice fix

2.2.21 - 20200604

• quckfix of cron check of latest version

2.2.20 - 20200603

• underlaying distribution upgraded to Debian bullseye
• PHP 7.4
• added notices for hiting relay limits
• fix redis subscribed connections overflow
• change freshclam to be `nice` to CPU
• fix #752 empty envelope FROM read receipt accept
• Symfony admin deps updated
• fix #762 move roundcube logs outside container
• fix #760 replace pgrep with more basic ps | grep, due bug in procps-ng
• Roundcube updated to 1.4.5
• fix #756 remove healthcheck on rspamd or clamd if disabled
• fix #751 IP Stats lack reverse DNS on 2.2.19
• fix DDOS of poste.io servers by version check

2.2.19 - 20200319

• fix #735 replace ssl_min_protocol in proper dovecots file
• fix #739, fix #740 longer wait for LE's verification
• fix #737 adjust clamav cron when clamav disabled
• major rewrite of testsuite
• fix broken charts
• add ability to change box address
• add DISABLE_RSPAMD env variable
• fix #695 remove multiple JS leaks
• fix #718 mark dmarc-records@ box reserved
• fix documentation and labels about port 465 according to latest RFC

2.2.2 - 20200212

• force nodejs to allow TLS lower than v1.2
• custom TLS settings docs at https://poste.io/doc/custom-tls
• fix #729 brand name greeting message
• fix #730: Queued items are invisible
• fix remove whitelisting localhost when roundcube user is authed

2.2.1 - 20200120

• update to Roundcube 1.4.2
• relieve on default minimal required TLS to v1.1 for Haraka & Dovecot
• fix #728 replace help line with openspf.org with open-spf.org
• fix #723 price PER YEAR
• fix #725 replace maxmind's geolite with https://github.com/analogic/ipgeo
• remove clamav ScanOnAccess deprecation warning
• fix subject view when inspection is on
• fix #713 add ability to set TLS settings (login requirements, minimal TLS version, allowed ciphers) through server.ini
• fix #720 disable rspamd dkin signing (we sign at Haraka)
• fix #716 Queue JS foreach on undefined
• fix #714 raise paging limit to more impossible number
• fix #712 invalid port in error message
• fix #719 add ident to roundcube to track real user IP address
• fix #709 check http code for new roundcube
• fix #708 sudo: setrlimit(RLIMIT_CORE): Operation not permitted
• add "force route" feature for domain
• fix #700 php-fpm security issue (not really an issue)
• temporary disable R_MIXED_CHARSET due https://github.com/rspamd/rspamd/issues/3156

2.2.0 - 20191113

• update to Roundcube 1.4
• update to Nodejs 12
• updated minimal TLS version to TLSv1.2 and ciphers to "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" according to https://ssl-config.mozilla.org/ intermediate settings
• fix perms on /etc/cron.d scripts
• fix OpenBLAS blas_thread_init: pthread_create failed...
• fix default API sandbox body format to JSON
• set Roundcube elastic skin as default
• switch on some Roundcube plugins (notifications most notably)
• fix multiple http queue inspections responses content-type errors (mostly ff affected)
• fix #704 setting connect_timeout to 60 (Kerio connect waits 30s+ by default)
• fix #701 add stats to API
• fix #697 js use "substr" instead of "substring"

2.1.11 - 20191001

• fix logger for Lets encrypt

2.1.10 - 20190930

• fix #691, fix #690 ACMEv2 certificate generation

2.1.9 - 20190920

• Roundcube 1.3.10!
• fix search icons in FF in wrong place
• nicer messages for relay limits
• allow caldav OPTIONS call unauthenticated

2.1.8 - 20190722

• fix #544 rcpt_database blocking already reversed SRSed senders
• ref #544 add autoreply targets filter
• fix #655 properly connect to IPv6 when doing connection diagnosis
• fix http 500 when generating summary from invalid dmarc reports
• fix postmaster+letsencrypt tag when sending alerts
• dependencies ugprade
• adjusting sabre/dav config
• + multiple minor enhancements

2.1.7 - 20190624

• fix #665 Roundcube leaks smtp logs

2.1.6 - 20190620

• fix #651 force 40 redirects if there is 0 due historic reasons
• fix #652 restrict events catching to queue-box only
• fix #653 add fallback for browsers not supporting html5 type="date"
• ref #656 add tagging to faq
• fix #658 empty domain generates exception
• roundcube 1.3.9
• experimental CalDAV+CarDAV implementation (Settings>Advanced>DAV)

2.1.5 - 20190426

• fix #626 internal change in redirects/domain-bins handling + add test for bug case
• missing reply when password mismatch
• apply limits per recipient rather than queued email

2.1.4 - 20190409

• fix #625 invalid absolute path for multiple binaries (+add tests)
• fix #628 revert ssl_cipher_list to stable value
• fix #630 add diffie hellman params to dovecot config

2.1.3 - 20190329

• fix #624 redirected emails are not properly logged
• fix #620 delete domain dkim button
• fix #623 lower clamav plugin timeouts to prevent reject
• fix #607 fix dovecot ssl settings
• ref #624 move callback past redis expire call
• Node.js 10

2.1.2 - 20190328

• fix #587 [UX] filled search field via js is not showing right numbers
• fix #593 rcpt_database multiplies checks with every recipient
• fix #588 [UX] add "search logs" to quarantined items
• fix #591 [UX] queue: "no items found" should be after ajax done
• fix #592 [UX] queue: "search logs" should search target email when bounce at least
• fix #587 [UX] filled search field via js is not showing right numbers
• fix #612 don't react on dovecot's stderr so strictly
• fix #608 doc typo
• fix missing validator on box's domain
• fix erroneous limit's autoblock of box account/domain
• log results in JSON for conn&tx (for future use)
• karma treshold set from -8 to -10 to avoid false positives
• updated chart.js to latest
• added latest version check
• poste.io is now built with drone.io!

2.1.1 - 20190203

• revert enabling Haraka outbound pools - in some cases it might block delivery
• fix #582 remove passwords even from debug
• fix #583 invalid escape at username regex html add form
• fix #581 set last selected domain to session
• fix #584 "submit & new" buttons at multiple place
• fix #585 don't except connections not sending rcpt
• move limits counter to hook_data not hook_mail

2.1.0 - 20190129

• fix #522 parse only one default interface
• fix #548 cont-init: proper chown server.ini
• fix #558 remove useless sieve_path getter
• fix #562 remove "0 = unlimited" notice from sieve settings label
• ref #559 randomize route results if there are multiple same routes
• fix #569 proper rights for /var/log/admin-app at cont-init
• fix #566 add missing dot to FQDNs at DNS diag
• fix #563 remove /webmail/ if -e DISABLE_ROUNDCUBE=true
• fix #546 allow download dmarc reports
• fix #543 sort and parse multiple deliveries to array at delivery log viewer
• fix #550 load multiple FS dependent counters only with ajax to make loading faster
• fix #549 advanced DMARC reporting
• fix #574 don't ever log passwords in communication debug
• fix #564 don't be strict on non-bruteforce and connect only clients
• fix error when listing non-existing DMARC directory as domain admin
• ability to set up custom reference ID per email box (for PRO only)
• make connection tests available to FREE
• add "me" SPF to dns server diagnostics
• fix relay limits transaction counting problem
• rspamd patch to make DMARC reports DKIM valid
• Dovecot 2.2 -> Dovecot 2.3
• more strict usernames, only characters allowed: A-Z, 0-9, _ and dot
• Queue manager

2.0.23 - 20181219

• fix not showing form errors for multiple fields #551 and #548
• fixed build errors with FREE image

2.0.21/22 - 20181218

• fix #542 disable karma for authenticated senders on port 25
• fix #545 filter only .xml files and delete *.gz
• fix #539 hset instead of hincr at guard to properly set lastseen
• fix #538 skip dmarc-reports rspamd check to
• fix #536 overlimit user is blocked but in invalid way
• fix #537 add bounce tag for missing mail from
• fix #523 add inspection plugin (add Subject to logs and can copy every email to some address)
• fix #533 add last seen to guard items
• fix #535 allow to produce and send DMARC reports
• fix #509 continue with checks after we forward domain (priv customer configuration)
• fix #528 multiple deleting problems - clearstatcache before creating symlink
• fix #529 config option to quarantine for misbehaving connections or disable entirely
• ref #531 multiple fixes of search ui
• fix #512 removing subnet from ip address from link in blocking email report
• fix #518 remove nginx auth subrequest body and length and properly link var/rspamd for saving rules
• fix #526 don't do SRS on bounce
• fix #522, #525 add HTTPS_PORT and HTTP_PORT settings to internal redirects also
• ref #520 add redis statistics cmd
• fix #524 forbid disabled users to use 587
• fix #515 missing /data/var/clamav directory creation
• fix #471 Sieve limits settings
• fix #508 add tooltips over flags with country name and code
• temporary disabled outbound polling (until queue and pools inspection will be done)
• missing dkim_verify haraka plugin enabled
• raised default value for block bad connections
• lot of small details

2.0.20 - 20181119

• ref #492 add missing validation for multiple fields
• fix #493 perms fixing for logrotate
• fix #494 don't change subject if email is going to be quarantined
• fix #492 match semicolon at munge_subject init also
• fix #495 add additional action for out of office filter
• add referenceId to user,domain (API only)
• prevent merging DMARC records with same IP but different results

• fix #491 [Haraka] removed huge penalty per email line
• [Haraka] don't send RST to dovecot LMTP (multiple fatal crashes)
• [Haraka] add rspamd, clamd local_ip exemption availability

2.0.19 - 20181101

• fix #486 and #487 added source IP test, connection testing at installation form
• ref #481 add HTTP_PORT and HTTPS_PORT env vars
• fix #485 add basic exception error 500 page for better support
• fix #483 add GeoIP flags
• fix #479 fully use localizednumber filter, in transchoices also
• fix #484 hide memory chart on older kernels without MemAvailable
• fix #475 [Cron] NUMBER OF HARD LINKS > 1
• fix #472 p0f find default interface
• fix #473 fix ajax loads and IP reverses
• fix #474 add default domain to roundcube
• ref #474 fix default domain loading
• fix #453 dashboard rework
• fix #424 more precise last message parsing
• fix #455 add xlist capability
• fix #461 use free_space < sqrt(total_space * 0.07) to trigger space warnings
• ref #461 move "email.regards" from pro to free translations
• fix #464 invalid order of folder GeoIP creation
• fix #466 properly purge all emails and attachments
• fix #470 /etd/dovecot/sieve permissions
• ref #441 initial implementation of login policy (http admin)

2.0.18 - 20180924

• IMPORTANT fix #450 cron is not running daily jobs (notices, cleaning...)
• fix #449 admin DNSBL check is not working
• fix #442 fix ownership only if parent directory has different owner → faster startup time
• fix #434 button to empty box
• fix #443 save last search through session
• fix #444 add used/available memory to status
• adding option to download and use MaxMind's GeoLite2
• send LE notice email immediately after cert renew before daemons restart
• smaller build due removing apt upgrade from top build layer (~11MB)
• design nitpicks

2.0.17 - 20180919

• fix #445 inaccessible new box link due js mutable variable

2.0.16 - 20180918

• fix #431 incorrect quota report when disabling
• fix #436 Rename vacation to "out of office"
• fix #415 lowercase all "email" keys in stats
• fix #417 RSPAMD UI requires password when accessed through reverse proxy
• fix sort DMARC summary report
• fix sum of DMARC summary reports
• fix invalid counting for "*" relay limits
• fix automatic build due failing sid-slim update
• spelling&typos

2.0.15 - 20180803

• fix #410 push relay subnets to submission also
• fix #410 raise sieve_max_redirects
• fix #412 broken log download
• fix #414 Add RSPAMD UI to administration
• fix #406 allow limiting IP ranges
• fix #411 move blacklist from IP to CIDR subnets
• fix #413 check if user is disabled at rcpt_database.js
• re-add port 465 for some legacy installation
• add default auth domain for haraka&dovecot

2.0.14 - 20180724

• fix #391 use combined cert with intermediate for Haraka
• fix #393 change headings font to Roboto slab
• fix #394 add checks if dmarc dir exist
• fix #359 ignore whitelisting for rcpt_database plugin
• fix #404 relaying limit search not working
• fix #403 add missingok for clamav logrotate
• fix #408 remove link to host_list to properly detect changes
• fix #6 add simple DMARC summary report
• fix spam untrain when moving to trash
• lot of text corrections

2.0.13 - 20180712

• fix #366 failing LMTP delivery keeps crashing worker

2.0.12 - 20180711

• fix #389 user unable to change password + test
• fix #385 added connection diagnostics
• fix multiple cron errors
• a lot of cosmetic and internal-only changes

2.0.11 - 20180703

• fix html escaping at Haraka bounce messages
• fix #333 adding low free space alert
• fix #334 adding low user quota alert
• fix #335 wording corrections
• fix #375 option to create 1024 bit dkim key
• fix #339 regular DNSBL test
• fix #379 sender blacklist/whitelist stat hook
• fix #378 wording corrections (Thanks again Scott, you are awesome!)
• fix tls port 587 autodiscovery for outlook
• move to debian:sid
• fix rights for compilable sieve scripts at /etc/dovecot/sieve (autolearn)
• fix #372 remove fixstates commands due breaking sync after restart
• storage usage for domains
• a lot of cosmetic and internal-only changes

2.0.9 - 20180618

• fix #362 path of s6-svc at logrotate
• fix #361 missing subtitle
• fix #364 block ylmf-pc clients
• fix #365 don't apply quota to localhost messages
• fix transaction log linking
• complete czech translation
• a lot of minor changes

2.0.8 - 20180606

• fix #356 rspamd not really rotating
• fix #355 privacy plugin strips headers for local targets
• fix #349 skip privacy plugin when delivering from remote source
• fix #353 off by one find interval fix at cronned tasks
• fix #345 separate outbound cipher list
• ref #347 disable rspamd graylisting entirely
• fix #350 missing user .dovecot.sieve cause 500 when editing
• fix #343 restrict forwarding/domain-bin to local domains only
• fix #345 optionally disable bad connection blocking
• fix #341 loading invalid settings
• add headers from p0f to email
• dovecot change antispam plugin to imap_sieve for spam learning
• remove relay networks and authed users from munge_subject
• added rspamd stats output
• translations moved to translation.keys (czech tranlation temporarily removed)
• early_talker disabled when relaying
• a lot of minor changes

2.0.7 - 20180521

• fix #330 cron errors
• fix #332 separated junk and trash cleaning
• fix #331 suggest hostname from system and add docker -h to getting started
• fix #311 ability to add custom haraka plugins (see https://poste.io/doc/extending-mailserver)
• fix #320 more consistent terminology (thanks Scott!)
• bump chartjs version, fixed charts direction + adding arrow
• fix #329 non-cached reverses moved to ajax
• fix #321 block_bad_connections has its own counters instead of depending on karma; plugin now counts wasted connections without sending emails only
• fix #328 admin notices system
• fix #326 implemented safety autoblock after reaching relay limit + notice to admin
• lot of minor changes

2.0.6 20180511

• fix #316 get rid of no such directory message when dir not exist
• fix #317 change labels, add suffixes, revisit tab javascript behaviour
• fix #225 in case of freshclam fail try to remove mirrors.dat and start again
• fix #318 error reporting on multiple cronjobs
• fix #277 fully implemented IDN + couple tests, Huray

2.0.5 20180510

• fix #306 write to localised date log filename
• fix #310 sanitize reverse hostname at logs
• fix #309 wording / phrasing
• fix #314 outlook autoconfig port
• fix #312 invalid API post box description
• fix #305 make privacy great again
• simplified and fixed docker cloud build with hooks

2.0.4 20180508

• fix #298 make cleaning configurable
• fix #132 maximal attachment size configurable
• fix #213 Trash and Junk are automatically deleted after configurable period
• fix #300 missing @Expose on domainAdmin variable
• fix #303 disable blocking for relaying
• fix #302 add pagination to quarantine + fix search
• fix #307 move button + add link to redirect add
• partially fix #305 set received_header to current hostname
• fix not working doveadm -A
• added link to changelog
• fix strict return types on some API calls causing internal error
• fix validation to allow asterisk for IP relay limits
• multiple build fixes
• typos

2.0.3 20180502

• fix #289 typos
• fix #297 invalid SMTP route port parsing
• fix #295 managesieved doesn't start due missing sieve in protocols
• fix build versioning for PRO version

2.0.2 20180427

• fix #231 strict "From:" vs "MAIL FROM:" vs username check - functionality which prevents forged From email header for authenticated users
• fix #285 roundcube autotest working again
• fix #224 API for checking email delivery status
• fix #76 API for Lets Encrypt control

2.0.1 20180423

• fix #279, #282 not working z-push and missing z-push test
• fix #278 change "block" label to "quarantine"
• fix #275 fixed paging at API
• fix #273 fixed outlook autodiscovery (thanks pcjmfranken!)
• fix #240 removed extra cert
• better build - smaller image size

2.0.0 20170119

• QPSMTPD → Haraka
• Qmail → Haraka
• Spamassassin → RSPAMD
• Better statistics (Haraka + Redis)
• More descriptive logs (thanks Haraka)
• Addedd relay limits (thanks Haraka)
• Addedd blacklist&whitelist (thanks Haraka)
• Addedd Quarantine (thanks Haraka)
• SRS
• lot of minor changes

---

1.0.7 20171120

• fix #238 Let's encrypt missing agreement
• minor fixes

1.0.6 20170703

• fix #150 adding default smtp route configuration (aka smarthost)
• fix #205 removing karma recipients check
• fix #207 DMARC parser
• fix #209 grep falsely marks some logs as binary
• added DCC and PYZOR
• fix #5 "?" in delivery logs mailaddress
• s/qmail used now for delivery
• a lot of minor fixes

1.0.5 20170620

• fix #202 server domains leaking to domain administrator redirect create form
• privacy plugin (removes client info for outgoing emails)
• smtp auth moved to database
• added stack test for roundcube and couple email headers
• updated to Ubuntu Zesty, hello to smaller image
• removed unnecessary packages to reduce attack surface

1.0.4 20170611

• fix #197 missing DKIM signatures

1.0.3 20170609

• fix #196 recipient log missing when sending through 587/465 introduced in previous version
• fix #80 domain forwarding
• fix #71 domain bin aka catch all address
• fix #133 recognizing filters inconsistency

1.0.2 2017067

• submission port separated to another qpsmtpd service with different setting (#192)
• RoundCube 1.2.5, SMTP set to port 587
• fix #191 slow loading of dashboard - moved to ajax
• fix #189 remember domain of last added box
• fix #188 better domain select drop down

1.0.1 20170411

• optimized administration loading speed
• #130: redirects not working created from API, removed requirement for passwordPlaintext
• #180: poste.c compilation warnings
• #181: CMD quota fix
• #182: leaking formating from CMD API
• #179 added link to administration from roundcube default template
• rewritten build system, added multiple functional tests of whole stack

1.0-beta-8 20170203

• updated to latest Ubuntu (OpenSSL vulnerabilities)
• RoundCube 1.2.3
• #143: RoundCube attachment size

1.0-beta-7 20161001

• #120: charts for SMTP&delivery on dashboard
• #108: added redirect field to API to allow "alias" creation
• #109: command line option to disable/enable account
• #112: removed IP from dashboard logs for better grouping
• #114: make spamassassin persistent
• #115: spelling
• #116: fixes some error messages when restarting container
• #126: added reverse DNS for IP in logs and log viewer
• #122: fixed error message in rcpt_database plugin

1.0-beta-6 20160830

• added attachments logging module for future blocking
• removed headers plugin from filters since it have no effect on spam
• sieve autoreply directed to SMTP for signing with DKIM
• reverted to forkserver since there are some strange situations where mailserver stop responding
• #113: adding missing modules for spamassassin
• #111: fixing regexps for chrome
• removed recent.spam.dnsbl.sorbs.net zone from dsnbl - banned proper mailservers like gmail

1.0-beta-5 20160808

• #96: moving DNSBL filter after AUTH
• #98: removing errornous weekly cron messages
• #103: removing errornous daily cron messages
• #102: Enigma plugin: Keys directory isn't writeable
• updating admin dependencies (mainly lescript)

1.0-beta-4 20160715

• fix #95: properly restart mail daemons
• fixing missing exposed port 80, 443
• fix #92: adding redirect from "/admin" to "/admin/"
• fix #97: wrong container IP message after start

1.0-beta-3 20160713

• #92: missing bootstrap.php.cache
• #93: no-penalty arg for socket auth communication (http://wiki2.dovecot.org/Design/AuthProtocol)
• #93: qpsmtpd forkserver -> prefork
• #93: enabled karma plugin for quicker pass earlytalker plugin if enough karma
• added robots.txt
• fixed croned processes (run-parts are not accepting *.sh files)
• disconnect immediately if client in DNSBL

1.0-beta-2 20160708

• #90: missing poste command
• #91: poste email:list, domain:list not working
• #47: Support for GPG, S/MIME in webmail
• fixed Let's encrypt auto-renew (limit set to 14 days)

1.0-beta 20160704

• fixed minor bugs and typos
• underlaying system changed to xenial
• removed Supervisor, added S6 provisioning layer
• simplified build process (-120MB on image)
• PHP5 → PHP7
• added changelog :)

0.1.1