The embedded hickory DNS resolver was updated to version 0.25.
If you are using
kumo.dns.configure_resolver be
aware that hickory has changed its configuration schema and that you may need
to update your configuration to match; be sure to test this before trying to
deploy to production.
There is now an artificial limit of 128 concurrent MX lookups that are
permitted to be in-flight at any given time. In prior versions there was
no limit. You can adjust this via the new
kumo.dns.set_mx_concurrency_limit
function.
Other Changes and Enhancements
SMTP Server: TLS parameters will now be cached for up to 5 minutes at
a time, making it easier for a server to pick up an updated certificate
file. In prior versions, the TLS parameters would be held for the lifetime
of the process, requiring a restart to pick up a changed certificate/key
pair.
SMTP Server: new via,
peer, and
meta options for
SMTP listeners enable metadata (and other existing listener options) to
be conditionally set based on the source and local address of the
incoming SMTP session.
SMTP Server: new
smtp_server_connection_accepted
event allows custom processing prior to returning the banner to the client.
SMTP Server: new
smtp_server_get_dynamic_parameters
event allows dynamically amending listener configuration to support IP-based
virtual service.
Updated the hickory DNS resolver to 0.25. While no kumomta-user-visible
changes are anticipated as a result of this upgrade, it is a fairly
significant release of the DNS resolver so please report unexpected
changes in behavior around DNS.
Added example and recommended default shaping configuration for the
TSA daemon to the default shaping.toml file.
If you are running on a system where
kumo.available_parallelism
returns an inaccurate value (such as an overcommitted VM), then you may
now export KUMO_AVAILABLE_PARALLELISM into the launching environment to
override the value to something more appropriate, which helps to scale
the various thread pools more appropriately.
New systemd environment override files for both kumod and tsa-daemon. These
are useful for setting the KUMO_AVAILABLE_PARALLELISM variable mentioned in
the item above. See the
commit
for details.
Ready Queue Maintenance is now carried out in a new readyq_qmaint thread
pool. In previous versions, it was handled by the qmaint thread pool. If
you were tuning via
kumo.set_qmaint_threads in a prior
version, you may need to review and adjust both that and the corresponding
kumo.set_ready_qmaint_threads
tuning.
New
system_shutdown_timeout
option to specify how long we should wait for an in-flight delivery attempt
to wrap up before terminating it once we have received a request to shutdown
kumod.
kcli top: you may now scroll through the metrics using the arrow keys
(to move one metric at a time), page up/down (10 at a time) and home/end
(to move to the top/bottom). Pressing f edits a fuzzy matching filter.
Pressing Tab moves through tabs and allows viewing heatmap vizualizations.
#372
Disabled DANE in the default shaping.toml for the office365-dane provider.
We cannot default DANE to on without a guarantee that the DNS/resolver
situation is correctly deployed with DNSSEC and without also knowing that
we're configure to use openssl.
MX lookups now participate in lruttl cache thundering herd protection.
In prior versions, we could potentially issue multiple concurrent requests
for the same name.
Singleton wheel now spawns batches of messages when promoting them to
the ready queue, helping to ensure more even time keeping when there are
domains with slow DNS.
Add caching and, more importantly, negative caching in the queue insertion
code paths when checking for admin bounce entries. This improves performance
on systems with a large number of admin bounce entries.
Improved performance of TSA state storage, which in turn improves
latency in tsa-daemon response times when many automation rules are triggering.
Specifying validation_options for the shaping helper without explicitly
setting the new http_timeout could lead to a missing field error when
running kumod --validate.
tsa-daemon now increases its soft NOFILE limit to match its hard limit
on startup (just as we do in kumod), which helps to avoid issues with
running out of file descriptors on systems with very large core counts.
Shutdown could take longer than the 300s permitted by kumomta.service
when lua delivery handlers are experiencing delays, leading to systemd
issuing a SIGKILL.
Loading an ed25519 private key via kumo.dkim.ed25519_signer would always
fail. #368
Rebuilding a MIME message (such as via msg:check_fix_conformance) that had
binary attachments would incorrectly re-interpret the bytes as windows-1252
encoded characters, damaging the attachment.