Back to Changelog
v1.0.282
Antispam hardening suite (Bayes learning, local DNSBL, OpenDMARC, postscreen, DANE, MTA-STS) plus backend fixes
New Features
6- SpamAssassin Bayes auto-learning: corrected Bayes DB permissions and added Junk/Sent mailbox learning cron for improved spam detection accuracy
- Local DNSBL resolver: bundled BIND configured as a localhost-only recursive resolver with DNSSEC validate-except so that Spamhaus, URIBL and SURBL lookups resolve reliably instead of being blocked by shared public resolvers
- OpenDMARC inbound DMARC verification milter: header-only mode, scored by SpamAssassin for inbound policy enforcement without message rejection
- Postscreen + conservative Spamhaus RBL integration: opt-in, default OFF, reduces connection-level spam before content filtering
- Outbound DANE (DNSSEC TLSA): opt-in, requires a local validating resolver; protects outbound SMTP against MITM and downgrade attacks
- MTA-STS policy builder core: testable infrastructure for policy/DNS/ID generation
Bug Fixes
5- WordPress install now validates the admin email address format before provisioning
- SSH security bar update flow: stable apply and dismiss behavior
- Bundled PHP and Postfix outbound CA trust is now OS-adaptive (resolves certificate verify failures on Debian/Ubuntu)
- Mailbox ownership self-heal runs at boot to prevent ownership drift after upgrades
- Migration pipeline: guaranteed password generation for new users and async user delete