BaruwaOS 6.10.7

New Features

Support wildcard subdomains in lists manager

Prior to this update wildcard subdomains were not supported in the approved and banned lists.

It is now possible to add wildcard subdomains for the from addresses when listing emails and domains.

Support for disabling SMTP legacy TLS versions

An option has been added to baruwa-setup to allow for the disabling of the legacy TLS versions TLS1.0 and TLS1.1 on all SMTP ports 25, 465 and 587.

Support for TLS version 1.3 for SMTP

TLS version 1.3 support has been add for SMTP traffic.

Security Improvements

NCSC-NL guidelines

The NCSC-NL guidelines have been implemented, scanning your web interface address on internet.nl should give you 100% score.

With the appropriate configuration scanning your mail domain should give you 100% score as well.

Dynamic Lets-encrypt CA validation

The built in ACME client has been updated to use dynamic CA validation for the lets-encrypt CA certificates.

DNS Improvements

Stub zones for datafeeds

The system DNS server is now configured to use stub zones for DNS requires to our datafeeds.

Specific DNSBL return codes

MTA DNSBL checks now lookup specific return codes ensuring that mail is not rejected as happened when bl.spamcop.net domain was not renewed and queries where returning a response for every possible lookup.

Depreciations

None

Known Issues

None