From 2034ba414f22b0bdc00cbcf9f639e4ded1007418 Mon Sep 17 00:00:00 2001 From: Julie Zhao Date: Thu, 10 Jul 2025 14:08:09 -0400 Subject: [PATCH 01/12] nit change for 5.0 (#787) --- content/momentum/4/index.md | 4 ++-- content/momentum/4/modules/spf.md | 3 ++- content/momentum/navigation.yml | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/content/momentum/4/index.md b/content/momentum/4/index.md index b44a1473f..d0fc236ec 100644 --- a/content/momentum/4/index.md +++ b/content/momentum/4/index.md @@ -1,6 +1,6 @@ --- lastUpdated: "09/30/2024" -title: "Momentum 4.x" +title: "Momentum 4.x and later" description: "Message Systems Inc Copyright 2014-2024 Message Systems Inc Confidential Proprietary Abstract This book documents Momentum 4 Document generated on 2024 Sep 30 Table of Contents Preface 1 Typographical Conventions Used in This Document I Introduction to Momentum 1 Components 2 Life of A Message 3 Roles and Behaviors 4 Licensed..." --- @@ -14,7 +14,7 @@ Confidential & Proprietary. **Abstract** -This book documents Momentum 4. +This book documents Momentum 4 and later. Document generated on: 2024-Sep-30 diff --git a/content/momentum/4/modules/spf.md b/content/momentum/4/modules/spf.md index 5f56b4eb1..f066df392 100644 --- a/content/momentum/4/modules/spf.md +++ b/content/momentum/4/modules/spf.md @@ -104,7 +104,8 @@ Set the default rule for a domain not implementing SPF. The default behavior is _Introduced in Momentum 5.0._ -Postpones the SPF check until the `RCPTTO` phase. This might be useful when the received message is accepted by a relay webhook that does not perform a SPF validation. +Postpones the SPF check until the `RCPTTO` phase. This might be useful to allow SPF validation based +on `RCPTTO` address. diff --git a/content/momentum/navigation.yml b/content/momentum/navigation.yml index 549c401ea..80a109491 100644 --- a/content/momentum/navigation.yml +++ b/content/momentum/navigation.yml @@ -1,5 +1,5 @@ - link: /momentum/4 - title: Momentum 4.x + title: Momentum 4.x and later items: - link: /momentum/4/4-preface title: Preface From 16dea7b315b663a8f5604644e9c4ca4f78a0cc6a Mon Sep 17 00:00:00 2001 From: Julie Zhao Date: Thu, 10 Jul 2025 14:09:33 -0400 Subject: [PATCH 02/12] update supported values for header_canon for ARC sealing (#788) --- content/momentum/4/lua/ref-msys-validate-openarc-sign.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/momentum/4/lua/ref-msys-validate-openarc-sign.md b/content/momentum/4/lua/ref-msys-validate-openarc-sign.md index cd9f93db9..b18eb7e6c 100644 --- a/content/momentum/4/lua/ref-msys-validate-openarc-sign.md +++ b/content/momentum/4/lua/ref-msys-validate-openarc-sign.md @@ -56,7 +56,7 @@ This function takes the following parameters: * `header_canon` – header canonicalization setting. - Supported values are `relaxed`, `simple`. Defaults to `relaxed`. + The only supported value is `relaxed`. * `body_canon` – body canonicalization setting From fdd0ebf350c7f1894b5459a21064b886732aa8b8 Mon Sep 17 00:00:00 2001 From: Julie Zhao Date: Thu, 10 Jul 2025 14:13:52 -0400 Subject: [PATCH 03/12] TASK-5830: TLSRPT (#791) --- .../4/hooks/core-smtp-tls-reporting.md | 123 ++++++++++++++++++ content/momentum/4/hooks/index.md | 3 +- 2 files changed, 125 insertions(+), 1 deletion(-) create mode 100644 content/momentum/4/hooks/core-smtp-tls-reporting.md diff --git a/content/momentum/4/hooks/core-smtp-tls-reporting.md b/content/momentum/4/hooks/core-smtp-tls-reporting.md new file mode 100644 index 000000000..3865d6776 --- /dev/null +++ b/content/momentum/4/hooks/core-smtp-tls-reporting.md @@ -0,0 +1,123 @@ +--- +lastUpdated: "05/10/2025" +title: "smtp_tls_reporting" +description: "hook invoked after every TLS events for reporting purpose rfc8460 TLSRPT" +--- + + +## Name + +smtp_tls_reporting - This hook is added in 5.1 and allows you inspect a SMTP TLS reporting data + point in JSON format. + +## Synopsis + +`#include "hooks/core/smtp_tls_reporting.h"` + +`int core_smtp_tls_reporting(void closure, struct json_object *json)` + + +## Description + +This hook is called upon: +- any TLSRPT (rfc8460) defined failures, before a TLS connection is attempted, + normally during TLS policy (including MTA-STS, TLSA/DANE) fetching stage. +- TLS negotiation failures or successes during outbound delivery when MTA-STS or TLSA/DANE is enabled. + **Currently, only enabled on domains with successfully fetched MTA-STS policies or DANE TLSA records **. + +The JSON fields and values are defined in `tlsrpt.h`, with most of the field names the same as + defined in the RFC: https://datatracker.ietf.org/doc/html/rfc8460. + +The following JSON fields are not defined in the RFC: +* `epoch` - epoch time of when the hook is invoked +* `type` - whether the data is for a successful TLS connection or a failure. + `0` - failure; `1` - success + +**An example JSON for a success**: + +``` +{ + "epoch": 1746712864, + "type": 1, + "policy": { + "policy-type": "sts", + "policy-domain": "test.bird.com", + "policy-string": [ + "version: STSv1", + "mode: enforce", + "mx: mx.bird.com", + "mx: server.ectest.OMNITI.com", + "max_age: 604800" + ] + }, + "sending-mta-ip": "127.0.0.1", + "receiving-mx-hostname": "server.ectest.OMNITI.com", + "receiving-ip": "127.0.0.1" +} +``` + +**An example JSON for a failure**: + +``` +{ + "epoch": 1746629177, + "type": 0, + "policy": { + "policy-type": "sts", + "policy-domain": "mismatch.cert.com", + "policy-string": [ + "version: STSv1", + "mode: enforce", + "mx: test.bird.com", + "max_age: 86400" + ] + }, + "result-type": "certificate-host-mismatch", + "failure-reason-code": "4.7.5 [internal] SSL certificate subject does not match host", + "sending-mta-ip": "127.0.0.1", + "receiving-mx-hostname": "test.BIRD.com", + "receiving-ip": "127.0.0.1" +} +``` + + +**Return Values** + +This hook returns `int`, but for now the return value has no significance. + + +**Threading** + +This hook could be called in any thread. Please avoid doing time consuming tasks in the hook's + implementation. + + +### Example: a Lua implementation of the hook to log the JSON into the `paniclog` + +``` + require("msys.core"); + require("json") + + local mod = {} + + function mod:core_smtp_tls_reporting(js) + print("tls report: ", js) -- log the whole JSON + if js.type == 0 then -- failure + print(string.format("TLSRPT: %s@%s@%s", js.policy["policy-domain"], + js.policy["policy-type"], js["result-type"])) + else -- success + print(string.format("TLSRPT: %s@%s@%s", js.policy["policy-domain"], + js.policy["policy-type"], "OK")) + end + end + + msys.registerModule("tlsrpt", mod); +``` + +**Example of the paniclog output from the above Lua hook**: +``` +1746712864:scriptlet: tls report: { "epoch": 1746712864, "type": 1, "policy": { "policy-type": "sts", "policy-domain": "test.bird.com", "policy-string": [ "version: STSv1", "mode: enforce", "mx: mx.bird.com", "mx: server.ectest.OMNITI.com", "max_age: 604800" ] }, "sending-mta-ip": "127.0.0.1", "receiving-mx-hostname": "server.ectest.OMNITI.com", "receiving-ip": "127.0.0.1" } +1746712864:scriptlet: TLSRPT: test.bird.com@sts@OK +1746719856:scriptlet: tls report: { "epoch": 1746719856, "type": 0, "policy": { "policy-type": "sts", "policy-domain": "mismatch.cert.com", "policy-string": [ "version: STSv1", "mode: enforce", "mx: test.bird.com", "max_age: 86400" ] }, "result-type": "certificate-host-mismatch", "failure-reason-code": "4.7.5 [internal] SSL certificate subject does not match host", "sending-mta-ip": "127.0.0.1", "receiving-mx-hostname": "test.BIRD.com", "receiving-ip": "127.0.0.1" } +1746719856:scriptlet: TLSRPT: mismatch.cert.com@sts@certificate-host-mismatch +``` diff --git a/content/momentum/4/hooks/index.md b/content/momentum/4/hooks/index.md index 24c2ab346..7b54beefc 100644 --- a/content/momentum/4/hooks/index.md +++ b/content/momentum/4/hooks/index.md @@ -16,7 +16,8 @@ description: "This chapter includes hook point and C function reference material | [ec_httpsrv_register_auth](/momentum/4/apis-ec-httpsrv-register-auth) | Register an HTTP handler for authenticating a URI | | [ec_httpsrv_request_local_address](/momentum/4/apis-ec-httpsrv-request-local-address) | Returns the local IP address from the current session | | [ec_httpsrv_request_peer_address](/momentum/4/apis-ec-httpsrv-request-peer-address) | Returns the remote peer address from the current session | -| [inbound_smtp_tls_post_accept](/momentum/4/hooks/inbound-smtp-tls-post-accept) | Modify the message state after the tls handshake in esmtp_tls_accept (available in 4.4.0 or higher) | +| [inbound_smtp_tls_post_accept](/momentum/4/hooks/inbound-smtp-tls-post-accept) | Modify the message state after the tls handshake in esmtp_tls_accept (available in 4.4.0 or higher) | +| [core_smtp_tls_reporting](/momentum/4/hooks/core-smtp-tls-reporting) | Report TLS events for TLSRPT (TLS reporting) | This chapter includes hook point and C function reference material that is specific to Momentum 4. From 9bb280784413699557cae9dc7e1cfedb9d715639 Mon Sep 17 00:00:00 2001 From: Julie Zhao Date: Thu, 10 Jul 2025 14:14:47 -0400 Subject: [PATCH 04/12] TASk-3786: outbound_smtp_auth supporting XOAUTH2 (#792) --- content/momentum/4/modules/index.md | 4 +- .../momentum/4/modules/outbound-smtp-auth.md | 72 +++++++----- .../4/modules/outbound-smtp-auth_v0.md | 105 ++++++++++++++++++ 3 files changed, 150 insertions(+), 31 deletions(-) create mode 100644 content/momentum/4/modules/outbound-smtp-auth_v0.md diff --git a/content/momentum/4/modules/index.md b/content/momentum/4/modules/index.md index 7514c8398..e9a6bad73 100644 --- a/content/momentum/4/modules/index.md +++ b/content/momentum/4/modules/index.md @@ -1,5 +1,5 @@ --- -lastUpdated: "03/01/2025" +lastUpdated: "05/30/2025" title: "Category File" type: "custom" name: "Modules Reference" @@ -63,7 +63,7 @@ description: "Table of Contents 71 1 Introduction 71 2 ac auth Authentication Ha | [openarc](/momentum/4/modules/openarc) | Open Source ARC | | [opendkim](/momentum/4/modules/opendkim) | Open Source DKIM | | [outbound_audit](/momentum/4/modules/outbound-audit) | Outbound traffic analytics | -| [outbound_smtp_auth(modules.outbound_smtp_auth.php) | +| [outbound_smtp_auth](/momentum/4/modules/outbound-smtp-auth) | Outbound authentication | | [persist_io](/momentum/4/modules/persistio) | Persistent IO Wrapper | | [pipe_io](/momentum/4/modules/pipeio) | Pipe IO Wrapper | | [pipe_transport](/momentum/4/modules/pipe-transport) | Module | diff --git a/content/momentum/4/modules/outbound-smtp-auth.md b/content/momentum/4/modules/outbound-smtp-auth.md index 3af2c8ba9..5e9cb9f32 100644 --- a/content/momentum/4/modules/outbound-smtp-auth.md +++ b/content/momentum/4/modules/outbound-smtp-auth.md @@ -1,42 +1,43 @@ --- -lastUpdated: "03/26/2020" +lastUpdated: "05/30/2025" title: "outbound_smtp_auth" -description: "This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail It currently supports the AUTH LOGIN and AUTH PLAIN methods of authentication You can specify the parameters in configuration or in lua..." +description: "This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail It currently supports the AUTH LOGIN, AUTH PLAIN and AUTH XOAUTH2 methods of authentication You can specify the parameters in configuration or in lua..." --- - + -This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail. It currently supports the 'AUTH LOGIN' and 'AUTH PLAIN' methods of authentication. You can specify the parameters in configuration or in lua, or use a combination of both. +This module enables users to specify authentication parameters for a given set of messages so that +Momentum will authenticate against the peer server when it sends outbound mail. It currently +supports the `AUTH LOGIN`, `AUTH PLAIN` and `AUTH XOAUTH2` methods of authentication. + You can specify the parameters in configuration or in lua, or use a combination of both. ### Note This module makes heavy use of message contexts to facilitate authentication. If it is enabled, you risk having extra I/O unless `keep_message_dicts_in_memory` is on. -**Configuration Change. ** This feature is available in Momentum 4.2 and later. +**Configuration Change** This module is refactored in Momentum 5.1, but this feature is available in + Momentum 4.2 and later. `AUTH XOAUTH2` support is added in 5.1. ### Configuration -Configuration variables are listed below. These values can all be changed and overridden by setting context variables with the same name as the options in lua. All variables are valid in the binding group, binding, domain, and global scopes. +Configuration variables are listed below. These values can all be changed and overridden by setting + message context variables with the same name as the options in lua. + All variables are valid in the binding group, binding, domain, and global scopes.
-
outbound_smtp_auth_key
- -
- -A unique key that can be used in lua to look up authorization details in a database. It enables you to easily trigger custom behavior based on a configuration scope. The default value is `false`. - -
-
outbound_smtp_auth_pass
-The password that will be passed to the remote server. The default value is `false`. +The password or auth token (e.g. for `AUTH XOAUTH2`) that will be passed to the remote server. + It has no default value. ### Note -Setting the password in configuration will leave it as plaintext. To set the password more securely, dynamically retrieve it from a data store in lua and set it in the context variable that corresponds to this option. +Setting the password in configuration will leave it as plaintext. + To set the password more securely, it's recommended to dynamically retrieve it from a data store + in lua and set it in the context variable that corresponds to this option.
@@ -44,7 +45,8 @@ Setting the password in configuration will leave it as plaintext. To set the pas
-Determines what authentication protocol should be used. The only supported values are 'PLAIN' and 'LOGIN'. The default value is `false`. +Determines what authentication protocol should be used. The only supported values are `PLAIN`, + `LOGIN` and `XOAUTH2`. It has no default value.
@@ -52,7 +54,7 @@ Determines what authentication protocol should be used. The only supported value
-The username that will be passed to the remote server. The default value is `false`. +The username that will be passed to the remote server. It has no default value.
@@ -60,25 +62,33 @@ The username that will be passed to the remote server. The default value is `fal ### Usage +A hook `outbound_smtp_auth_config(msg)` is added by this module to allow per message auth settings. + The settings in `ec_message` context will override the configuration values. + This hook is called in delivery/scheduler thread before sending SMTP `AUTH` command. + Please avoid blocking or lengthy operations when implementing this hook. + Basic examples of usage are provided below. -The following example shows how you can extend the new hook and set the username and password in lua. +The following example shows how you can extend the new hook and set the username and password in lua + for each message. - + ``` -function mod:outbound_smtp_auth_config(msg, ac, vctx) - print('NOTICE: outbound_smtp_auth_config Lua hook called'); - print('NOTICE: msg:['.. tostring(msg) ..']') - msg:context_set(VCTX_MESS, 'outbound_smtp_auth_user', 'foo') - msg:context_set(VCTX_MESS, 'outbound_smtp_auth_pass', 'bar') +function mod:outbound_smtp_auth_config(msg) + --print('NOTICE: outbound_smtp_auth_config Lua hook called'); + msg:context_set(VCTX_MESS, 'outbound_smtp_auth_type', 'XOAUTH2') + -- credential taken from example here: + -- https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth + msg:context_set(VCTX_MESS, 'outbound_smtp_auth_user', 'test@contoso.onmicrosoft.com') + msg:context_set(VCTX_MESS, 'outbound_smtp_auth_pass', 'EwBAAl3BAAUFFpUAo7J3Ve0bjLBWZWCclRC3EoAA') end ``` The following example shows how to use the new configuration variables to set distinct authorization parameters for two different domains. - + ``` @@ -90,13 +100,17 @@ Domain "messagesystems.com" { Outbound_SMTP_AUTH_Type = "LOGIN" Outbound_SMTP_AUTH_User = "msys" Outbound_SMTP_AUTH_Pass = "msys" - Outbound_SMTP_AUTH_Key = "somestring" } Domain "sparkpost.com" { Outbound_SMTP_AUTH_Type = "PLAIN" Outbound_SMTP_AUTH_user = "sparkpost" Outbound_SMTP_AUTH_pass = "sparkpost" - Outbound_SMTP_AUTH_Key = "someotherstring" } -``` \ No newline at end of file + +Domain "bird.com" { + Outbound_SMTP_AUTH_Type = "XOAUTH2" + Outbound_SMTP_AUTH_user = "test@contoso.onmicrosoft.com" + Outbound_SMTP_AUTH_pass = "EwBAAl3BAAUFFpUAo7J3Ve0bjLBWZWCclRC3EoAA" +} +``` diff --git a/content/momentum/4/modules/outbound-smtp-auth_v0.md b/content/momentum/4/modules/outbound-smtp-auth_v0.md new file mode 100644 index 000000000..f22db898e --- /dev/null +++ b/content/momentum/4/modules/outbound-smtp-auth_v0.md @@ -0,0 +1,105 @@ +--- +lastUpdated: "03/26/2020" +title: "outbound_smtp_auth_v0" +description: "This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail It currently supports the AUTH LOGIN and AUTH PLAIN methods of authentication You can specify the parameters in configuration or in lua..." +--- + + + +** This module is deprecated and replaced by the new +[outbound_smtp_auth](/momentum/4/modules/outbound-smtp-auth) module since 5.1. ** + +This module enables users to specify authentication parameters for a given set of messages so that Momentum will authenticate against the peer server when it sends outbound mail. It currently supports the 'AUTH LOGIN' and 'AUTH PLAIN' methods of authentication. You can specify the parameters in configuration or in lua, or use a combination of both. + +### Note + +This module makes heavy use of message contexts to facilitate authentication. If it is enabled, you risk having extra I/O unless `keep_message_dicts_in_memory` is on. + +**Configuration Change. ** This feature is available in Momentum 4.2 and later. + +### Configuration + +Configuration variables are listed below. These values can all be changed and overridden by setting context variables with the same name as the options in lua. All variables are valid in the binding group, binding, domain, and global scopes. + +
+ +
outbound_smtp_auth_key
+ +
+ +A unique key that can be used in lua to look up authorization details in a database. It enables you to easily trigger custom behavior based on a configuration scope. The default value is `false`. + +
+ +
outbound_smtp_auth_pass
+ +
+ +The password that will be passed to the remote server. The default value is `false`. + +### Note + +Setting the password in configuration will leave it as plaintext. To set the password more securely, dynamically retrieve it from a data store in lua and set it in the context variable that corresponds to this option. + +
+ +
outbound_smtp_auth_type
+ +
+ +Determines what authentication protocol should be used. The only supported values are 'PLAIN' and 'LOGIN'. The default value is `false`. + +
+ +
outbound_smtp_auth_user
+ +
+ +The username that will be passed to the remote server. The default value is `false`. + +
+ +
+ +### Usage + +Basic examples of usage are provided below. + +The following example shows how you can extend the new hook and set the username and password in lua. + + + + +``` +function mod:outbound_smtp_auth_v0_config(msg, ac, vctx) + print('NOTICE: outbound_smtp_auth_v0_config Lua hook called'); + print('NOTICE: msg:['.. tostring(msg) ..']') + msg:context_set(VCTX_MESS, 'outbound_smtp_auth_user', 'foo') + msg:context_set(VCTX_MESS, 'outbound_smtp_auth_pass', 'bar') +end +``` + +The following example shows how to use the new configuration variables to set distinct authorization parameters for two different domains. + + + + +``` +outbound_smtp_auth_v0 { } + +Keep_Message_Dicts_In_Memory = true + +Domain "messagesystems.com" { + Outbound_SMTP_AUTH_Type = "LOGIN" + Outbound_SMTP_AUTH_User = "msys" + Outbound_SMTP_AUTH_Pass = "msys" + Outbound_SMTP_AUTH_Key = "somestring" +} + +Domain "sparkpost.com" { + Outbound_SMTP_AUTH_Type = "PLAIN" + Outbound_SMTP_AUTH_user = "sparkpost" + Outbound_SMTP_AUTH_pass = "sparkpost" + Outbound_SMTP_AUTH_Key = "someotherstring" +} +``` From 0eece23afa2ba0e4cdd0b3c23f0938c4f78e36e4 Mon Sep 17 00:00:00 2001 From: Kris Kelley Date: Thu, 10 Jul 2025 14:16:07 -0400 Subject: [PATCH 05/12] TASK-6411 IPv6 improvements, draft 5.1 changelog (#794) --- content/momentum/4/modules/auth-radius.md | 8 ++++---- content/momentum/4/modules/mail-loop.md | 2 +- content/momentum/4/modules/mxip.md | 2 +- content/momentum/4/modules/url-ripper.md | 2 +- content/momentum/changelog/5/5-0.md | 2 +- content/momentum/changelog/5/5-1.md | 17 +++++++++++++++++ content/momentum/changelog/5/index.md | 3 ++- content/momentum/navigation.yml | 2 ++ 8 files changed, 29 insertions(+), 9 deletions(-) create mode 100644 content/momentum/changelog/5/5-1.md diff --git a/content/momentum/4/modules/auth-radius.md b/content/momentum/4/modules/auth-radius.md index b9b8c0c93..804bb1197 100644 --- a/content/momentum/4/modules/auth-radius.md +++ b/content/momentum/4/modules/auth-radius.md @@ -16,15 +16,15 @@ The following example demonstrates how to configure Momentum to pass LOGIN crede ``` # Configure the RADIUS client auth_radius { - NAS-IP-Address = 10.0.0.1 # the IP address of this SMTP server + NAS-IP-Address = fd01:345::1 # the IP address of this SMTP server server "one" { host = "radius-1.example.com" secret = "secret1" max_tries = "1" timeout = "30" } - server "two" { - host = "radius-2.example.com" + server "ipv6wport" { + host = "[2001:fd3::1]:2812" secret = "secret2" max_tries = "2" timeout = "30" @@ -85,7 +85,7 @@ RADIUS servers can be defined using the dictionary syntax shown above; the dicti
-The hostname or IP address of the RADIUS server. If a colon is present in the string then the left side of the string will be used as the hostname/IP address and the right hand side will be used as the port number on the server. If left unspecified, the RADIUS standard port number of 1812 will be used. +The hostname or IP address of the RADIUS server. The hostname/IP address can be followed by a colon and the port number on the server. If left unspecified, the RADIUS standard port number of 1812 will be used. An IPv6 address must be enclosed in brackets if a port was added.
diff --git a/content/momentum/4/modules/mail-loop.md b/content/momentum/4/modules/mail-loop.md index d9533bf43..29d0f68c8 100644 --- a/content/momentum/4/modules/mail-loop.md +++ b/content/momentum/4/modules/mail-loop.md @@ -8,7 +8,7 @@ description: "The mail loop module provides automatic suppression of potential m The mail_loop module provides automatic suppression of potential mail loops with two standard mechanisms: -* Suppression of delivery attempts to any configured IP interfaces on the machine. +* Suppression of delivery attempts to any configured IP interfaces on the machine, including IPv6. * Suppression of messages with more than a specified number of Received headers. diff --git a/content/momentum/4/modules/mxip.md b/content/momentum/4/modules/mxip.md index ef2382cdd..3af005363 100644 --- a/content/momentum/4/modules/mxip.md +++ b/content/momentum/4/modules/mxip.md @@ -63,7 +63,7 @@ mxip.example. 86400 IN NS localhost. The mxip module implements a dns_get_As hook in order to augment the DNS resolution behaviour. If your integration or deployment also implements a dns_get_As hook, then you may not be able to use the mxip module. -The mxip module only supports IPv4 addresses in the hostname field of MX records. IPv6 addresses are explicitly not supported by the mxip module. +The mxip module supports IPv4 (and IPv6 as of Momentum 5.1) addresses in the hostname field of MX records. The mxip module can be configured as follows: diff --git a/content/momentum/4/modules/url-ripper.md b/content/momentum/4/modules/url-ripper.md index 69975f204..7ea8cc95b 100644 --- a/content/momentum/4/modules/url-ripper.md +++ b/content/momentum/4/modules/url-ripper.md @@ -62,7 +62,7 @@ Explicitly specifies headers from which emails (and in turn mailbox domains) sho
-Describes the base domain under which prospects should be resolved. +Describes the base domain under which prospects should be resolved. To utilize the IPv6 support added in Momentum 5.1, select a DNSBL server that supports IPv6 addresses.
diff --git a/content/momentum/changelog/5/5-0.md b/content/momentum/changelog/5/5-0.md index ab9423726..a991dcc84 100644 --- a/content/momentum/changelog/5/5-0.md +++ b/content/momentum/changelog/5/5-0.md @@ -1,7 +1,7 @@ --- lastUpdated: "03/01/2025" title: "Momentum 5.0 Changelog" -description: "Momentum 5.0 was released on 2024-03-01. This section will list all of the major changes that happened with the release of Momentum 5.0. Depending on installation type, all changes may not be applicable" +description: "Momentum 5.0 was released on 2025-03-01. This section will list all of the major changes that happened with the release of Momentum 5.0. Depending on installation type, all changes may not be applicable" --- This section will list all of the major changes that happened with the release of **Momentum 5.0**. Depending on installation type, all changes may not be applicable diff --git a/content/momentum/changelog/5/5-1.md b/content/momentum/changelog/5/5-1.md new file mode 100644 index 000000000..f9759f2c4 --- /dev/null +++ b/content/momentum/changelog/5/5-1.md @@ -0,0 +1,17 @@ +--- +lastUpdated: "06/11/2025" +title: "Momentum 5.1 Changelog" +description: "Momentum 5.1 was released on 2025-07-01. This section will list all of the major changes that happened with the release of Momentum 5.1. Depending on installation type, all changes may not be applicable" +--- + +This section will list all of the major changes that happened with the release of **Momentum 5.1**. Depending on installation type, all changes may not be applicable + + + +| Type | Ticket | Description | +| --- | --- | --- | +| Fix | | | +| Feature | TASK-6489 | Add IPv6 support to rbldnsd RBL lookups performed with the msys.pbp module | +| Feature | TASK-2248 | Add IPv6 support to mail_loop module | +| Feature | TASK-6411 | Add IPv6 support to url_ripper module | +| Feature | TASK-6411 | Add IPv6 support to auth_radius module | diff --git a/content/momentum/changelog/5/index.md b/content/momentum/changelog/5/index.md index ccc90d143..c58ad108e 100644 --- a/content/momentum/changelog/5/index.md +++ b/content/momentum/changelog/5/index.md @@ -1,5 +1,5 @@ --- -lastUpdated: "03/01/2025" +lastUpdated: "06/11/2025" title: "Category File" type: "custom" name: "Momentum 5.x Changelogs" @@ -7,3 +7,4 @@ description: "Momentum 5.x Changelogs" --- * [Momentum 5.0 Changelogs](/momentum/changelog/5/5-0) +* [Momentum 5.1 Changelogs](/momentum/changelog/5/5-1) diff --git a/content/momentum/navigation.yml b/content/momentum/navigation.yml index 80a109491..b4709adee 100644 --- a/content/momentum/navigation.yml +++ b/content/momentum/navigation.yml @@ -1981,6 +1981,8 @@ - link: /momentum/changelog/5 title: Momentum 5.x Changelog items: + - link: /momentum/changelog/5/5-1 + title: Momentum 5.1 Changelog - link: /momentum/changelog/5/5-0 title: Momentum 5.0 Changelog - link: /momentum/changelog/4 From 888b11f450e8f6fbaa2166a503d29d8e85f3aee5 Mon Sep 17 00:00:00 2001 From: Doug Koerich Date: Thu, 10 Jul 2025 16:01:50 -0300 Subject: [PATCH 06/12] TASK-10736: Highlight on the outbound-smtp-auth configuration change Signed-off-by: Doug Koerich --- content/momentum/4/modules/outbound-smtp-auth.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/momentum/4/modules/outbound-smtp-auth.md b/content/momentum/4/modules/outbound-smtp-auth.md index 5e9cb9f32..87cd9e392 100644 --- a/content/momentum/4/modules/outbound-smtp-auth.md +++ b/content/momentum/4/modules/outbound-smtp-auth.md @@ -15,11 +15,11 @@ supports the `AUTH LOGIN`, `AUTH PLAIN` and `AUTH XOAUTH2` methods of authentica This module makes heavy use of message contexts to facilitate authentication. If it is enabled, you risk having extra I/O unless `keep_message_dicts_in_memory` is on. -**Configuration Change** This module is refactored in Momentum 5.1, but this feature is available in - Momentum 4.2 and later. `AUTH XOAUTH2` support is added in 5.1. - ### Configuration +> This module is refactored in Momentum 5.1, but this feature is available in + Momentum 4.2 and later. `AUTH XOAUTH2` support is added in 5.1. + Configuration variables are listed below. These values can all be changed and overridden by setting message context variables with the same name as the options in lua. All variables are valid in the binding group, binding, domain, and global scopes. From 857cd287c3de56fe682ca34793999850c3c40a1d Mon Sep 17 00:00:00 2001 From: Doug Koerich Date: Fri, 11 Jul 2025 09:36:44 -0300 Subject: [PATCH 07/12] TASK-10736: Final version of 5.1 changelog; EOL updates Signed-off-by: Doug Koerich --- content/momentum/4/eol-policy.md | 3 ++- content/momentum/changelog/5/5-1.md | 20 ++++++++++++++------ 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/content/momentum/4/eol-policy.md b/content/momentum/4/eol-policy.md index e46193da8..7670ff65a 100644 --- a/content/momentum/4/eol-policy.md +++ b/content/momentum/4/eol-policy.md @@ -63,7 +63,8 @@ Momentum version 5 became GA on March 1, 2025. Therefore: | Momentum 4.6.0 | 2023/10/20 | 2024/12/19 | 2024/12/31³ | | Momentum 4.7.0 | 2023/12/19 | 2025/10/17 | 2027/3/1 | | Momentum 4.8.0 | 2024/10/17 | 2026/3/1 | 2027/3/1 | -| **Momentum 5.0.0** | 2025/3/1 | TBD | TBD | +| Momentum 5.0.0 | 2025/3/1 | 2026/7/1 | TBD | +| **Momentum 5.1.0** | 2025/7/1 | TBD | TBD | > ¹ Momentum 4.4.x was superseded by 4.6, which was the last version supporting CentOS 7. > diff --git a/content/momentum/changelog/5/5-1.md b/content/momentum/changelog/5/5-1.md index f9759f2c4..08da17ba2 100644 --- a/content/momentum/changelog/5/5-1.md +++ b/content/momentum/changelog/5/5-1.md @@ -1,5 +1,5 @@ --- -lastUpdated: "06/11/2025" +lastUpdated: "07/01/2025" title: "Momentum 5.1 Changelog" description: "Momentum 5.1 was released on 2025-07-01. This section will list all of the major changes that happened with the release of Momentum 5.1. Depending on installation type, all changes may not be applicable" --- @@ -10,8 +10,16 @@ This section will list all of the major changes that happened with the release o | Type | Ticket | Description | | --- | --- | --- | -| Fix | | | -| Feature | TASK-6489 | Add IPv6 support to rbldnsd RBL lookups performed with the msys.pbp module | -| Feature | TASK-2248 | Add IPv6 support to mail_loop module | -| Feature | TASK-6411 | Add IPv6 support to url_ripper module | -| Feature | TASK-6411 | Add IPv6 support to auth_radius module | +| Feature | | Support for ARM 64-bits architecture (`aarch64`) in MTAs running in Red Hat Enterprise Linux 9 version | +| Feature | | New hook for SMTP [TLSRPT](/momentum/4/hooks/core-smtp-tls-reporting) (TLS reporting) support in MTS-STS or DANE enabled domains | +| Feature | | Added support for TLS connections to RabbitMQ servers for webhook delivery | +| Feature | | Added IPv6 support to some modules:
- rbldnsd RBL lookups performed with `msys.pbp`
- `mail_loop`
- `url_ripper`
- `auth_radius` | +| Feature | | Added support for `XOAUTH2` authentication method to [outbound_smtp_auth](/momentum/4/modules/outbound-smtp-auth) module | +| Feature | | Added originating IP address and port to the `msg_gen` context for a "Received" header of a message injected via REST API | +| Feature | | New **unbound** configuration for timeout | +| Fix | TASK-1557 | `outbound-throttle-messages` set to 0 (zero) means "no limit" in adaptive rules (as per documentation) | +| Fix | TASK-4533 | Fixed a potential crash on MTA-STS TXT record expiry | +| Fix | TASK-5418 | Limited ARC header canonicalization to `relaxed` only | +| Fix | TASK-5719 | Postpone spool of messages generated by Sieve API [generate_mail_raw](/momentum/3/3-reference/sieve-ref-generate-mail-raw) until the final validation | +| Security Fix | TASK-5684 | Updated minor version of NodeJS (now 20.19.0) with CVE fixes | +| Security Fix | TASK-6406 | Updated minor versions of Erlang (now 25.3.2.20) and RabbitMQ (now 3.11.24) with CVE fixes | From 383aedfa1ffea5bbc775ed74010a327e67545b6b Mon Sep 17 00:00:00 2001 From: Doug Koerich Date: Fri, 11 Jul 2025 09:47:21 -0300 Subject: [PATCH 08/12] TASK-10736: Removed unbound change from changelog Signed-off-by: Doug Koerich --- content/momentum/changelog/5/5-1.md | 1 - content/momentum/changelog/5/index.md | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/content/momentum/changelog/5/5-1.md b/content/momentum/changelog/5/5-1.md index 08da17ba2..54525d367 100644 --- a/content/momentum/changelog/5/5-1.md +++ b/content/momentum/changelog/5/5-1.md @@ -16,7 +16,6 @@ This section will list all of the major changes that happened with the release o | Feature | | Added IPv6 support to some modules:
- rbldnsd RBL lookups performed with `msys.pbp`
- `mail_loop`
- `url_ripper`
- `auth_radius` | | Feature | | Added support for `XOAUTH2` authentication method to [outbound_smtp_auth](/momentum/4/modules/outbound-smtp-auth) module | | Feature | | Added originating IP address and port to the `msg_gen` context for a "Received" header of a message injected via REST API | -| Feature | | New **unbound** configuration for timeout | | Fix | TASK-1557 | `outbound-throttle-messages` set to 0 (zero) means "no limit" in adaptive rules (as per documentation) | | Fix | TASK-4533 | Fixed a potential crash on MTA-STS TXT record expiry | | Fix | TASK-5418 | Limited ARC header canonicalization to `relaxed` only | diff --git a/content/momentum/changelog/5/index.md b/content/momentum/changelog/5/index.md index c58ad108e..cf012177f 100644 --- a/content/momentum/changelog/5/index.md +++ b/content/momentum/changelog/5/index.md @@ -1,5 +1,5 @@ --- -lastUpdated: "06/11/2025" +lastUpdated: "07/01/2025" title: "Category File" type: "custom" name: "Momentum 5.x Changelogs" From 0589acc359e1531c5bc1bd3fc2aa48d45507e2af Mon Sep 17 00:00:00 2001 From: Doug Koerich Date: Fri, 11 Jul 2025 10:04:46 -0300 Subject: [PATCH 09/12] TASK-10736: Being more specific about ARM architecture Signed-off-by: Doug Koerich --- content/momentum/changelog/5/5-1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/momentum/changelog/5/5-1.md b/content/momentum/changelog/5/5-1.md index 54525d367..d19166c66 100644 --- a/content/momentum/changelog/5/5-1.md +++ b/content/momentum/changelog/5/5-1.md @@ -10,7 +10,7 @@ This section will list all of the major changes that happened with the release o | Type | Ticket | Description | | --- | --- | --- | -| Feature | | Support for ARM 64-bits architecture (`aarch64`) in MTAs running in Red Hat Enterprise Linux 9 version | +| Feature | | Support for ARMv8.2 64-bits architecture (`aarch64`) in MTAs running in Red Hat Enterprise Linux 9 version | | Feature | | New hook for SMTP [TLSRPT](/momentum/4/hooks/core-smtp-tls-reporting) (TLS reporting) support in MTS-STS or DANE enabled domains | | Feature | | Added support for TLS connections to RabbitMQ servers for webhook delivery | | Feature | | Added IPv6 support to some modules:
- rbldnsd RBL lookups performed with `msys.pbp`
- `mail_loop`
- `url_ripper`
- `auth_radius` | From 269c0b2e34821995fd12d08b61a1805d14da97cf Mon Sep 17 00:00:00 2001 From: Doug Koerich Date: Fri, 11 Jul 2025 13:59:02 -0300 Subject: [PATCH 10/12] TASK-10736: Changed description upon review Signed-off-by: Doug Koerich --- content/momentum/changelog/5/5-1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/momentum/changelog/5/5-1.md b/content/momentum/changelog/5/5-1.md index d19166c66..f6552f79e 100644 --- a/content/momentum/changelog/5/5-1.md +++ b/content/momentum/changelog/5/5-1.md @@ -15,7 +15,7 @@ This section will list all of the major changes that happened with the release o | Feature | | Added support for TLS connections to RabbitMQ servers for webhook delivery | | Feature | | Added IPv6 support to some modules:
- rbldnsd RBL lookups performed with `msys.pbp`
- `mail_loop`
- `url_ripper`
- `auth_radius` | | Feature | | Added support for `XOAUTH2` authentication method to [outbound_smtp_auth](/momentum/4/modules/outbound-smtp-auth) module | -| Feature | | Added originating IP address and port to the `msg_gen` context for a "Received" header of a message injected via REST API | +| Feature | | Added "Received" header for a message injected via REST API | | Fix | TASK-1557 | `outbound-throttle-messages` set to 0 (zero) means "no limit" in adaptive rules (as per documentation) | | Fix | TASK-4533 | Fixed a potential crash on MTA-STS TXT record expiry | | Fix | TASK-5418 | Limited ARC header canonicalization to `relaxed` only | From 420c9a6b3eb65d00b77f220551be158c692b4f26 Mon Sep 17 00:00:00 2001 From: Doug Koerich Date: Mon, 21 Jul 2025 14:13:41 -0300 Subject: [PATCH 11/12] TASK-10736: Replacing msys- with system packages Signed-off-by: Doug Koerich --- content/momentum/changelog/5/5-1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/momentum/changelog/5/5-1.md b/content/momentum/changelog/5/5-1.md index f6552f79e..596a65491 100644 --- a/content/momentum/changelog/5/5-1.md +++ b/content/momentum/changelog/5/5-1.md @@ -21,4 +21,4 @@ This section will list all of the major changes that happened with the release o | Fix | TASK-5418 | Limited ARC header canonicalization to `relaxed` only | | Fix | TASK-5719 | Postpone spool of messages generated by Sieve API [generate_mail_raw](/momentum/3/3-reference/sieve-ref-generate-mail-raw) until the final validation | | Security Fix | TASK-5684 | Updated minor version of NodeJS (now 20.19.0) with CVE fixes | -| Security Fix | TASK-6406 | Updated minor versions of Erlang (now 25.3.2.20) and RabbitMQ (now 3.11.24) with CVE fixes | +| Security Fix | TASK-31876 | Replaced `msys-` versions of Erlang, RabbitMQ, and NGINX with system-provided packages | From 8c3b5d6bd3b5d5e8d9acee33766fa0fe61cfdc40 Mon Sep 17 00:00:00 2001 From: Doug Koerich Date: Mon, 21 Jul 2025 16:23:19 -0300 Subject: [PATCH 12/12] TASK-10736: Rewording removal of msys- packages Signed-off-by: Doug Koerich --- content/momentum/changelog/5/5-1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/momentum/changelog/5/5-1.md b/content/momentum/changelog/5/5-1.md index 596a65491..4cb6f5e6d 100644 --- a/content/momentum/changelog/5/5-1.md +++ b/content/momentum/changelog/5/5-1.md @@ -21,4 +21,4 @@ This section will list all of the major changes that happened with the release o | Fix | TASK-5418 | Limited ARC header canonicalization to `relaxed` only | | Fix | TASK-5719 | Postpone spool of messages generated by Sieve API [generate_mail_raw](/momentum/3/3-reference/sieve-ref-generate-mail-raw) until the final validation | | Security Fix | TASK-5684 | Updated minor version of NodeJS (now 20.19.0) with CVE fixes | -| Security Fix | TASK-31876 | Replaced `msys-` versions of Erlang, RabbitMQ, and NGINX with system-provided packages | +| Security Fix | TASK-31876 | Removed `msys-` versions of Erlang, RabbitMQ, and NGINX, to be replaced with 3rd-party packages |