Bring them up from the DMARC reporting section to the mailserver toplevel so they become reusable for the upcoming TLSRPT integration. We default to the first domain in the domains option, if not set explicitly, so that `systemDomain` doesn't become a blocker for existing setups. We still encourage picking out the intended one, which is likely the one used for the MX hostname. This also simplifies the DMARC reporting configuration, which doesn't need to be so fine-grained. Co-Authored-By: Emily <git@emilylange.de>
117 lines
4.9 KiB
ReStructuredText
117 lines
4.9 KiB
ReStructuredText
Release Notes
|
|
=============
|
|
|
|
NixOS 25.11
|
|
-----------
|
|
|
|
- The ``systemName`` and ``systemDomain`` options have been introduced to have
|
|
reusable configurations for automated reports (DMARC, TLSRPT). They come with
|
|
reasonable defaults, but it is suggested to check and change them as needed.
|
|
- DMARC reports are now sent with the ``noreply-dmarc`` localpart from the
|
|
system domain.
|
|
|
|
NixOS 25.05
|
|
-----------
|
|
|
|
- OpenDKIM has been removed and DKIM signing is now handled by Rspamd, which only supports ``relaxed`` canoncalizaliaton.
|
|
(`merge request <https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/merge_requests/374>`__)
|
|
- Rspamd now connects to Redis over its Unix Domain Socket by default
|
|
(`merge request <https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/merge_requests/375>`__)
|
|
|
|
- If you need to revert TCP connections, configure ``mailserver.redis.address`` to reference the value of ``config.services.redis.servers.rspamd.bind``.
|
|
- The integration with policyd-spf was removed and SPF handling is now fully based on Rspamd scoring.
|
|
(`merge request <https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/merge_requests/380>`__)
|
|
- Switch to the more efficient `fts-flatcurve` indexer for full text search
|
|
(`merge request <https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/merge_requests/361>`__).
|
|
|
|
This makes use of a new index, which will be automatically re-generated the
|
|
next time a folder is searched.
|
|
The operation is now quick enough to be performed "just-in-time".
|
|
Alternatively, all indices can be immediately re-generated for all users and
|
|
folders by running
|
|
|
|
.. code-block:: bash
|
|
|
|
doveadm fts rescan -u '*' && doveadm index -u '*' -q '*'
|
|
|
|
The previous index (which is not automatically discarded to allow rollbacks)
|
|
can be cleaned up by removing all the `xapian-indexes` directories within
|
|
``mailserver.indexDir``.
|
|
- Individual domains can now be excluded from DMARC Reporting through ``mailserver.dmarcReporting.excludedDomains``.
|
|
(`merge request <https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/merge_requests/297>`__)
|
|
- Configuring ``mailserver.forwards`` is now possible when the setup relies on LDAP.
|
|
(`merge request <https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/merge_requests/313>`__)
|
|
- Support for TLS 1.1 was disabled in accordance with `Mozilla's recommendations <https://ssl-config.mozilla.org/#server=postfix>`_.
|
|
(`merge request <https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/merge_requests/234>`__)
|
|
|
|
NixOS 24.11
|
|
-----------
|
|
|
|
- No new feature, only bug fixes and documentation improvements
|
|
|
|
NixOS 24.05
|
|
-----------
|
|
|
|
- Add new option ``acmeCertificateName`` which can be used to support
|
|
wildcard certificates
|
|
|
|
NixOS 23.11
|
|
-----------
|
|
|
|
- Add basic support for LDAP users
|
|
- Add support for regex (PCRE) aliases
|
|
|
|
NixOS 23.05
|
|
-----------
|
|
|
|
- Existing ACME certificates can be reused without configuring NGINX
|
|
- Certificate scheme is no longer a number, but a meaningful string instead
|
|
|
|
NixOS 22.11
|
|
-----------
|
|
|
|
- Allow Rspamd to send DMARC reporting
|
|
(`merge request <https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/merge_requests/244>`__)
|
|
|
|
NixOS 22.05
|
|
-----------
|
|
|
|
- Make NixOS Mailserver options discoverable from search.nixos.org
|
|
- Add a roundcube setup guide in the documentation
|
|
|
|
NixOS 21.11
|
|
-----------
|
|
|
|
- Switch default DKIM body policy from simple to relaxed
|
|
(`merge request <https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/merge_requests/247>`__)
|
|
- Ensure locally-delivered mails have the X-Original-To header
|
|
(`merge request <https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/merge_requests/243>`__)
|
|
- NixOS Mailserver options are detailed in the `documentation
|
|
<https://nixos-mailserver.readthedocs.io/en/latest/options.html>`__
|
|
- New options ``dkimBodyCanonicalization`` and
|
|
``dkimHeaderCanonicalization``
|
|
- New option ``certificateDomains`` to generate certificate for
|
|
additional domains (such as ``imap.example.com``)
|
|
|
|
NixOS 21.05
|
|
-----------
|
|
|
|
- New `fullTextSearch` option to search in messages (based on Xapian)
|
|
(`Merge Request <https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/merge_requests/212>`__)
|
|
- Flake support
|
|
(`Merge Request <https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/merge_requests/200>`__)
|
|
- New `openFirewall` option defaulting to `true`
|
|
- We moved from Freenode to Libera Chat
|
|
|
|
NixOS 20.09
|
|
-----------
|
|
|
|
- IMAP and Submission with TLS wrapped-mode are now enabled by default
|
|
on ports 993 and 465 respectively
|
|
- OpenDKIM is now sandboxed with Systemd
|
|
- New `forwards` option to forwards emails to external addresses
|
|
(`Merge Request <https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/merge_requests/193>`__)
|
|
- New `sendingFqdn` option to specify the fqdn of the machine sending
|
|
email (`Merge Request <https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/merge_requests/187>`__)
|
|
- Move the Gitlab wiki to `ReadTheDocs
|
|
<https://nixos-mailserver.readthedocs.io/en/latest/>`_
|