The kumomta-dev container
image is now
a multiarch image, supporting both linux/amd64 and linux/arm64
architectures. Simply use docker pull ghcr.io/kumocorp/kumomta-dev:latest
to get the appropriate architecture.
Split out the banner waiting portion of
connect_timeout into
a new banner_timeout
option to make it easier to manage the system behavior if, for example, the
connection is blocked by a firewall. You can now set the connection timeout
to a smaller value while keeping the banner timeout at a more RFC-compliant,
longer, value. #196
New kcli rebind and
/api/admin/rebind/v1 HTTP
endpoint to allow moving/rebinding messages from one scheduled queue to
another. There is an optional corresponding
rebind_message event for more
advanced rebinding logic. #209
Moved JSON and TOML functions into a new
kumo.serde module. Those functions are
also still available under the kumo module for backwards compatibility
sake, but will be removed in a future release. You should standardize on the
new kumo.serde module name moving forwards.
Added YAML serialization/deserialization functions to
kumo.serde.
You may now run kumod --validate to perform extended validation checks
of the helper configuration in your policy. This can be performed offline/concurrently
with a running kumod. The output is human readable. The exit code will
be 0 when no validation errors are detected, non-zero otherwise. #211
Rejection log records now capture the triggering incoming SMTP command
line, or, in the case of the technical difficulties error message,
the stack trace of the triggering issue. This information is available
in log_record.response.command.
Add explicit close method to AMQP, HTTP, Kafka and SQLite client objects.
SMTP client log records now include the source_address in addition to
the egress_pool and egress_source that were already present in the
record. source_address includes proxy server information. #40#154
Improved diagnostics around connectivity issues in KumoProxy
New TLS related options for
kumo.make_egress_path:
tls_prefer_openssl, openssl_cipher_list, openssl_cipher_suites,
openssl_options, rustls_cipher_suites.
Improved granularity of scheduled queue maintainer wakeups when small
a retry_interval is configured. Previously this was fixed at 1 minute,
but now it will scale to smaller values.
Fixes
Using expiration in a DKIM signer would unconditionally raise an error and
prevent reception of the incoming message.
Invalid structured headers, such as Message-ID, in combination with other message
body conformance issues could cause
msg:check_fix_conformance to
raise an error instead of fixing the issue. #216
Didn't expand the requested SASL mech when responding 504 5.5.4 AUTH {sasl_mech}
not supported to unsupported authentication mechanisms.
Delayed messages were scheduled 1-step further along the exponental backoff schedule
than intended; rather than being initially delayed for 20 minutes, they would be
delayed for 40 minutes.
MTA-STS: failed to load the policy for some sites due to a redirect caused
by a trailing dot in the policy domain