diff --git a/CHANGELOG.md b/CHANGELOG.md index 42f87129..1a2d73c2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,23 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). +## [0.10.4] - 2024-10-08 + +To upgrade replace the `stalwart-mail` binary and then upgrade to the latest web-admin. + +### Added +- Detect and ban port scanners as well as other forms of abuse (#820). +- ACME External Account Binding support (#379). + +### Changed +- The settings `server.fail2ban.*` have been moved to `server.auto-ban.*`. +- The event `security.brute-force-ban` is now `security.scan-ban`. + +### Fixed +- Do not send SPF failures reports to local domains. +- Allow `nonce` in OAuth code requests. +- Warn when there are errors migrating domains rather than aborting migration. + ## [0.10.3] - 2024-10-07 To upgrade replace the `stalwart-mail` binary and then upgrade to the latest web-admin. Enterprise users wishing to use the new LLM-powered spam filter should also upgrade the spam filter rules. diff --git a/Cargo.lock b/Cargo.lock index c535e225..77b570e2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1052,7 +1052,7 @@ dependencies = [ [[package]] name = "common" -version = "0.10.3" +version = "0.10.4" dependencies = [ "aes-gcm-siv", "ahash 0.8.11", @@ -1668,7 +1668,7 @@ dependencies = [ [[package]] name = "directory" -version = "0.10.3" +version = "0.10.4" dependencies = [ "ahash 0.8.11", "argon2", @@ -3010,7 +3010,7 @@ checksum = "edcd27d72f2f071c64249075f42e205ff93c9a4c5f6c6da53e79ed9f9832c285" [[package]] name = "imap" -version = "0.10.3" +version = "0.10.4" dependencies = [ "ahash 0.8.11", "common", @@ -3222,7 +3222,7 @@ dependencies = [ [[package]] name = "jmap" -version = "0.10.3" +version = "0.10.4" dependencies = [ "aes", "aes-gcm", @@ -3303,7 +3303,7 @@ dependencies = [ [[package]] name = "jmap_proto" -version = "0.10.3" +version = "0.10.4" dependencies = [ "ahash 0.8.11", "fast-float", @@ -3660,7 +3660,7 @@ dependencies = [ [[package]] name = "mail-server" -version = "0.10.3" +version = "0.10.4" dependencies = [ "common", "directory", @@ -3679,7 +3679,7 @@ dependencies = [ [[package]] name = "managesieve" -version = "0.10.3" +version = "0.10.4" dependencies = [ "ahash 0.8.11", "bincode", @@ -3957,7 +3957,7 @@ dependencies = [ [[package]] name = "nlp" -version = "0.10.3" +version = "0.10.4" dependencies = [ "ahash 0.8.11", "bincode", @@ -4511,7 +4511,7 @@ dependencies = [ [[package]] name = "pop3" -version = "0.10.3" +version = "0.10.4" dependencies = [ "common", "directory", @@ -6081,7 +6081,7 @@ checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "smtp" -version = "0.10.3" +version = "0.10.4" dependencies = [ "ahash 0.8.11", "bincode", @@ -6197,7 +6197,7 @@ checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3" [[package]] name = "stalwart-cli" -version = "0.10.3" +version = "0.10.4" dependencies = [ "clap", "console", @@ -6228,7 +6228,7 @@ checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" [[package]] name = "store" -version = "0.10.3" +version = "0.10.4" dependencies = [ "ahash 0.8.11", "arc-swap", @@ -6872,7 +6872,7 @@ dependencies = [ [[package]] name = "trc" -version = "0.10.3" +version = "0.10.4" dependencies = [ "ahash 0.8.11", "base64 0.22.1", @@ -7115,7 +7115,7 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" [[package]] name = "utils" -version = "0.10.3" +version = "0.10.4" dependencies = [ "ahash 0.8.11", "base64 0.22.1", diff --git a/README.md b/README.md index 715aa92e..6f333075 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ Key features: - **Secure and robust**: - Encryption at rest with **S/MIME** or **OpenPGP**. - Automatic TLS certificate provisioning with [ACME](https://datatracker.ietf.org/doc/html/rfc8555) using `TLS-ALPN-01`, `DNS-01` or `HTTP-01` challenges. - - Automated blocking of hosts that perform brute-force attacks or scans (aka **fail2ban**). + - Automated blocking of IP addresses that attack, abuse or scan the server for exploits. - Rate limiting. - Security audited (read the [report](https://stalw.art/blog/security-audit)). - Memory safe (thanks to Rust). diff --git a/crates/cli/Cargo.toml b/crates/cli/Cargo.toml index 3e15e607..335a48a4 100644 --- a/crates/cli/Cargo.toml +++ b/crates/cli/Cargo.toml @@ -5,7 +5,7 @@ authors = ["Stalwart Labs Ltd. "] license = "AGPL-3.0-only OR LicenseRef-SEL" repository = "https://github.com/stalwartlabs/cli" homepage = "https://github.com/stalwartlabs/cli" -version = "0.10.3" +version = "0.10.4" edition = "2021" readme = "README.md" resolver = "2" diff --git a/crates/common/Cargo.toml b/crates/common/Cargo.toml index 3f6e19dc..f7778225 100644 --- a/crates/common/Cargo.toml +++ b/crates/common/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "common" -version = "0.10.3" +version = "0.10.4" edition = "2021" resolver = "2" diff --git a/crates/common/src/listener/blocked.rs b/crates/common/src/listener/blocked.rs index 40720b72..643ff95c 100644 --- a/crates/common/src/listener/blocked.rs +++ b/crates/common/src/listener/blocked.rs @@ -79,7 +79,7 @@ impl Security { // Parse blocked HTTP paths let mut http_banned_paths = config - .values("server.fail2ban.http-banned-paths") + .values("server.auto-ban.scan.paths") .filter_map(|(_, v)| { let v = v.trim(); if !v.is_empty() { @@ -117,17 +117,17 @@ impl Security { allowed_ip_addresses, allowed_ip_networks, auth_fail_rate: config - .property_or_default::>("server.fail2ban.authentication", "100/1d") + .property_or_default::>("server.auto-ban.auth.rate", "100/1d") .unwrap_or_default(), rcpt_fail_rate: config - .property_or_default::>("server.fail2ban.invalid-rcpt", "35/1d") + .property_or_default::>("server.auto-ban.abuse.rate", "35/1d") .unwrap_or_default(), loiter_fail_rate: config - .property_or_default::>("server.fail2ban.loitering", "150/1d") + .property_or_default::>("server.auto-ban.loiter.rate", "150/1d") .unwrap_or_default(), http_banned_paths, scanner_fail_rate: config - .property_or_default::>("server.fail2ban.scanner", "30/1d") + .property_or_default::>("server.auto-ban.scan.rate", "30/1d") .unwrap_or_default(), } } diff --git a/crates/directory/Cargo.toml b/crates/directory/Cargo.toml index 2b2f450b..ef457a41 100644 --- a/crates/directory/Cargo.toml +++ b/crates/directory/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "directory" -version = "0.10.3" +version = "0.10.4" edition = "2021" resolver = "2" diff --git a/crates/imap/Cargo.toml b/crates/imap/Cargo.toml index 696971d8..0c58f468 100644 --- a/crates/imap/Cargo.toml +++ b/crates/imap/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "imap" -version = "0.10.3" +version = "0.10.4" edition = "2021" resolver = "2" diff --git a/crates/jmap-proto/Cargo.toml b/crates/jmap-proto/Cargo.toml index cf755ef3..93c98982 100644 --- a/crates/jmap-proto/Cargo.toml +++ b/crates/jmap-proto/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "jmap_proto" -version = "0.10.3" +version = "0.10.4" edition = "2021" resolver = "2" diff --git a/crates/jmap/Cargo.toml b/crates/jmap/Cargo.toml index 98d7821a..d6422aea 100644 --- a/crates/jmap/Cargo.toml +++ b/crates/jmap/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "jmap" -version = "0.10.3" +version = "0.10.4" edition = "2021" resolver = "2" diff --git a/crates/main/Cargo.toml b/crates/main/Cargo.toml index 315682e0..a35e1c99 100644 --- a/crates/main/Cargo.toml +++ b/crates/main/Cargo.toml @@ -7,7 +7,7 @@ homepage = "https://stalw.art" keywords = ["imap", "jmap", "smtp", "email", "mail", "server"] categories = ["email"] license = "AGPL-3.0-only OR LicenseRef-SEL" -version = "0.10.3" +version = "0.10.4" edition = "2021" resolver = "2" diff --git a/crates/managesieve/Cargo.toml b/crates/managesieve/Cargo.toml index 2f845b04..bb719cb8 100644 --- a/crates/managesieve/Cargo.toml +++ b/crates/managesieve/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "managesieve" -version = "0.10.3" +version = "0.10.4" edition = "2021" resolver = "2" diff --git a/crates/nlp/Cargo.toml b/crates/nlp/Cargo.toml index 6dc7239c..59f63682 100644 --- a/crates/nlp/Cargo.toml +++ b/crates/nlp/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "nlp" -version = "0.10.3" +version = "0.10.4" edition = "2021" resolver = "2" diff --git a/crates/pop3/Cargo.toml b/crates/pop3/Cargo.toml index 2a6b761f..13031238 100644 --- a/crates/pop3/Cargo.toml +++ b/crates/pop3/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "pop3" -version = "0.10.3" +version = "0.10.4" edition = "2021" resolver = "2" diff --git a/crates/smtp/Cargo.toml b/crates/smtp/Cargo.toml index 0475c17e..61580d93 100644 --- a/crates/smtp/Cargo.toml +++ b/crates/smtp/Cargo.toml @@ -7,7 +7,7 @@ homepage = "https://stalw.art/smtp" keywords = ["smtp", "email", "mail", "server"] categories = ["email"] license = "AGPL-3.0-only OR LicenseRef-SEL" -version = "0.10.3" +version = "0.10.4" edition = "2021" resolver = "2" diff --git a/crates/store/Cargo.toml b/crates/store/Cargo.toml index f82b6ab5..98ef8ac3 100644 --- a/crates/store/Cargo.toml +++ b/crates/store/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "store" -version = "0.10.3" +version = "0.10.4" edition = "2021" resolver = "2" diff --git a/crates/trc/Cargo.toml b/crates/trc/Cargo.toml index f43c1542..b99f09fc 100644 --- a/crates/trc/Cargo.toml +++ b/crates/trc/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "trc" -version = "0.10.3" +version = "0.10.4" edition = "2021" resolver = "2" diff --git a/crates/utils/Cargo.toml b/crates/utils/Cargo.toml index 96b4e531..e213c3cf 100644 --- a/crates/utils/Cargo.toml +++ b/crates/utils/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "utils" -version = "0.10.3" +version = "0.10.4" edition = "2021" resolver = "2"