Haraka 3.0.3 → 3.0.4

package/Changes.md

@@ -1,12 +1,110 @@
-
 ### Unreleased
 
+### [3.0.4] - 2024-08-21
+
+#### Added
+
+- doc: add CONTRIBUTORS #3312
+- tls_socket: `config/tls` dir loading is now recursive
+
+#### Changed
+
+- prefix node libs with 'node:' #3359
+- .gitignore: add config/me and config/*.pem
+- auth_base: enable disabling constrain_sender at runtime #3298
+- auth_base: skip constrain_sender when auth user has no domain #3319
+- avg: repackaged as NPM module #3347
+- bounce: repackaged plugin as NPM module #3341
+- clamd: repackaged plugin as NPM module
+- config/plugins: consistent formatting #3359
+- connection: check remote is connected before queue #3338
+  - improve log message for queue* hooks, fixes #2998
+  - support IPv6 when setting remote.is_private #3295
+  - in setTLS, replace forEach with for...of
+  - NOTE: remove a handful of 3.0 sunset property names #3315
+- contrib/plugin2npm.sh: fix path to package.json #3359
+- deps: bump all versions to latest #3303, #3344, #3391
+- dkim: repackaged as NPM module #3311
+- esets: repackaged as NPM module #3353
+- greylist: repackaged as NPM module
+- helo.checks: require a successful HELO/EHLO #3352
+- new NPM plugin dns-list, repackages dnsbl, dnswl, backscatterer #3313
+- when using message-stream, don't send default options #3290
+- rcpt_to.host_list: add connection ID to log messages #3322
+- line_socket: remove unused callback #3344
+- logger: don't load outbound (race condition). Instead, set name property #3322
+- logger: extend add_log_methods to Classes (connection, plugins, hmail) #3322
+- logger: when logging via `logger` methods, use short names #3322
+- logger: check Object.hasOwn to avoid circular deps
+- mail_from.resolvable: refactored, leaning on improved net_utils #3322
+  - fixes haraka/haraka-net-utils#88
+- messagesniffer: repackaged as NPM module
+- outbound
+  - check for local_mx only when default route is used #3307
+  - client_pool: use tls_socket directly (shed line_socket)
+  - client_pool: sock.name is now JSON of socket args
+  - client_pool.get_client & release_client: arity of 5 -> 2
+  - mx_lookup: make it async/await
+  - mx_lookup: deleted. Logic moved into net_utils #3322
+  - use net_utils.HarkaMx for get_mx parsing #3344
+  - emit log message when ignoring local MX #3285
+  - pass in config when initiating txn #3315
+  - minor es6 updates #3315, #3322
+  - logging improvements #3322
+    - was: [-] [core] [outbound] Failed to get socket: Outbound connection error: Error: connect ECONNREFUSED 172.16.16.14:25
+    - now: [A63B62DF-F3B8-4096-8996-8CE83494A188.1.1] [outbound] Failed to get socket: connect ECONNREFUSED 172.16.16.14:25
+  - shorter logger syntax: logger.loginfo -> logger.info
+  - remove log prefixes of `[outbound] `, no longer needed
+  - delete try_deliver_host. Use net_utils to resolve MX hosts to IPs #3322
+  - remove config setting ipv6_enabled #3322
+  - remove undocumented use of send_email with arity of 2. #3322
+  - encapsulate force_tls logic into get_force_tls #3322
+  - es6(async/promise): pre_send_trans_email_respond, process_delivery
+- queue/lmtp: refactored for DRY and improved readability #3322
+- smtp_client: pass connect_timeout, maybe fixes #3281
+- spamassassin: repackaged as NPM module #3348
+- style(es6): more for...of loops
+- deps: moved attachment, spf, & dkim into optional deps
+- doc(Plugins.md): update registry
+- doc(Outbound.md): improve GHFM formatting
+- remove last vestiges of header_hide_version (long ago renamed)
+- server.js: use the local logger methods
+  - es6(async): _graceful, get_smtp_server, setup_smtp_listeners
+  - replace async.eachLimit with Promise.all batches
+- status: replace async.map with Promise.allSettled
+- get Haraka version from utils.getVersion (which includes git id if running from repo)
+- tls_socket: remove secureConnection. Fixes #2743
+  - getSocketOpts is now async
+  - parse_x509 is now async
+  - shed dependency on caolin/async & openssl-wrapper
+  - get_certs_dir is now async
+    - completely refactored.
+- transaction: init with conn.init_transaction, always pass in cfg #3315
+- test: add a connection.response test case with DSN #3305
+- test: convert test runner to mocha
+- test: rename tests -> test (where test runner expect) #3340
+
+#### Fixed
+
+- fix(logger): refactor add_log_methods, don't set extra `loglog*` names
+- doc(connection): update rfc7001 URL
+- fix(bin/haraka): list NPM installed plugin #3310
+- fix(bin/haraka): get hook list from doc/Plugins #3306
+- fix(outbound): call cb even if no MX is found #3294
+- fix(helo.checks): declare reject.literal_mismatch as boolean #3293
+- fix(outbound): allow LHLO over insecure socket if TLS is forced #3278
+- fix(outbound): include return path param SMTPUTF8 when required #3289
+- fix(outbound): replace empty Message-ID header #3288
+- fix(outbound): don't send SNI servername when connecting to an IP
+- fix(outbound): chown queue dir after creation #3291
+- fix(server): async endpoint.bind() and await in server.js #3366
+- fix(outbound): get_mx DNS error handling #3376
+
 ### [3.0.3] - 2024-02-07
 
 #### Added
 
 - feat(auth_vpopmaild): when outbound, assure the envelope domain matches AUTH domain #3265
-- docs(outbound): remove example setting outbound_ip #3253
 - doc(Plugins.md): add pi-queue-kafka #3247
 - feat(rabbitmq_amqplib): configurable optional queue arguments #3239
 - feat(clamd): add x-haraka-virus header #3207
@@ -31,7 +129,6 @@
 - dep(tld): bump version to 1.2.0
 - remove defunct config files: lookup_rdns.strict.ini, lookup_rdns.strict.timeout, lookup_rdns.strict.whitelist, lookup_rdns.strict.whitelist_regex, rcpt_to.blocklist, rdns.allow_regexps, rdns.deny_regexps
 
-
 ### [3.0.2] - 2023-06-12
 
 #### Fixed
@@ -55,7 +152,6 @@
 - doc(outbound.ini) update link #3159
 - doc(clamd.md) fixed spelling error #3155
 
-
 ### [3.0.1] - 2023-01-19
 
 #### Fixed
@@ -69,7 +165,6 @@
 - plugins: Add haraka-plugin-outbound-logger to registry #3146
 - dep(pi-spf): bump version 1.1.3 to 1.2.0
 
-
 ### [3.0.0] - 2022-12-17
 
 #### Added
@@ -81,7 +176,7 @@
 
 - fix(tls): redis promise syntax for tls & ob/tls #3064
 - fix(attachment): error handling with complex archive #3035
-- fix(smtp_client): run "secured" once, fixes  #3020
+- fix(smtp_client): run "secured" once, fixes #3020
 - fix(smtp_client): add missing `$` char in front of interpolated string
 - fix(auth_proxy): run "secured" only once, improvement for #3022
 - fix(helo): remove multi-check from should_skip #3041
@@ -104,16 +199,16 @@
 - style(plugin/\*): transaction guarding #3032
 - dep(spf): remove to separate plugin #3078
 - dep(iconv): removed, declared in haraka-email-message)
-- dep(haraka-plugin-redis)!: 1.0 -> 2.0  #3038
+- dep(haraka-plugin-redis)!: 1.0 -> 2.0 #3038
 - dep(redis)!: 3.1 -> 4.1 #3058
 - dep(generic-pool): remove pooling from outbound #3115
 - smtp_client: remove smtp_\* pooling support in #3113
 - dep: bump plugin versions #3063
 - dep: bump haraka-plugin-asn from 1.0.9 to 2.0.0 #3062
 - dep(redis): 3.1 -> 4.1 #3058
-- dep(nopt): 5 -> 6.0.0  #3076
-- dep(haraka-plugin-fcrdns): 1.0.3 -> 1.1.0  #3076
-- dep(haraka-plugin-redis): 1.0 -> 2.0  #3038
+- dep(nopt): 5 -> 6.0.0 #3076
+- dep(haraka-plugin-fcrdns): 1.0.3 -> 1.1.0 #3076
+- dep(haraka-plugin-redis): 1.0 -> 2.0 #3038
 - dep(nodemailer): 6.7.0 to 6.7.2 #3000, #3004
 - dep: add explicit dependency on node-gyp 9
 - ci: github action tweaks #3047
@@ -133,14 +228,13 @@
 - uribl: timeout DNS 1 second before plugin, #3077
 - uribl: load .ini config to plugin.cfg, add basic tests #3077
 
+### 2.8.28 - 2021-10-14
 
-## 2.8.28 - 2021-10-14
-
-### Changes
+#### Changes
 
 - breaking: dkim.js has changed the constructor opts
 - tls_socket: more flexible pem file parsing #2986
-    - move bad certs into different directory, avoid test suite noise
+  - move bad certs into different directory, avoid test suite noise
 - added ability to define a default relay in relay_dest_domains
 - spamassassin: replace msg_too_big & should_check with should_skip #2972
 - spamassassin: allow returning DENYSOFT on errors #2967
@@ -151,9 +245,9 @@
 - dep: redis is now a dependency #2896
 - use address-rfc2821 2.0.0
 - http: use CDN for bootstrap/jquery, drop bower #2891
-- drop support for node 10  #2890
+- drop support for node 10 #2890
 
-### New features
+#### New features
 
 - tls: require secure and verified sockets for configured hosts/domains
 - DKIM plugin has got a couple of config options now
@@ -162,7 +256,7 @@
 - skip plugins at runtime by pushing name into transaction.skip_plugins #2966
 - outbound: add ability to specify delay times for temporary fails in `temp_fail_intervals` #2969
 
-### Fixes
+#### Fixes
 
 - bounce: correctly set fail recipients #2901
 - bounce: correctly set bounce recipients #2899
@@ -171,10 +265,9 @@
 - use RFC-2045 Quoted-Printable in email message body
 - use RFC-2047 Q encoded-words in email headers
 
+### 2.8.27 - 2021-01-05
 
-## 2.8.27 - 2021-01-05
-
-### Changes
+#### Changes
 
 - bump verions of several dependencies #2888
 - propagate hmail notes to split copies #2887
@@ -183,1221 +276,1279 @@
 - strip _haraka-plugin-_ prefixes off plugin names in config/plugins #2873
 - pass smtp.ini config from Server into connections & transactions #2872
 
-### New features
+#### New features
 
 - add ability to disable SMTPUTF8 advertisement #2866
 
-### Fixes
+#### Fixes
 
 - assure headers.max_lines is initialized as integer #2878
-- require haraka-net-utils >= 1.2.2  #2876
-
-
-## 2.8.26 - 2020-11-18
-
-### Changes
-
-* add config options for OAR & AR headers #2855
-* plugins.js: also strip haraka-plugin prefix from plugin.name #2846
-* smtp_forward/spamssassin: grab refs of conn/txn to avoid crashes due to lack of existence. #2847
-* outbound: add extended reason to bounce message #2843
-* hgrep: replaced perl script with shell script #2842
-* connection: send temp error when requested #2841
-* headers: updated deprecated messages #2845
-* hmail: socket.on -> socket.once #2838
-* hmail: check for zero length queue file #2835
-* outbound: add os.hostname() as default for outbound HELO #2813
-* use node v10's mkdir instead of mkdirp #2797
-* CI: drop appveyor and Travis #2784
-* lint: add 'prefer-template'
-* update async to version 3.2.0 #2764
-* update redis to version 3.0.0 #2759
-* remove deprecated max_unrecognized_commands from config #2755
-* CI: add ES2017 support, drop node 8 #2740
-* fix broken bannering on nested mime parts #2736
-* restore TLS version info, set correctly #2723
-* better error message when invalid HELO hostname is rejected
-* bring STARTTLS "TLS NO-GO" feature in line with Outbound's #2792
-* add listener for secureConnect #2828
-* removed plugins/data.headers to haraka-plugin-headers #2826
-* add zero-length queue size check
-* send temp instead of hard error when asked to by `unrecognized_command`
-
-### New features
-
-* Allow web interface to be bound to unix socket #2768
-* tls: add configurable minVersion to tls socket options #2738
-* connection_close_message: added ability to override close connection message replacing `closing connection. Have a jolly good day.` #2730
-* add JSON format for logging #2739
-* support binding web interface to unix socket
-
-### Fixes
-
-* check for punycode domain names when resolving MX, avoid crash #2861
-* wait until entire message is spooled when spool_after in use #2840
-* hmail: add missing space in temp_fail emitter #2837
-* fix outbound config reloading after outbound split #2802
-* smtp_forward: remove redundant outbound hook #2796
-* smtp_forward: this plugin does not use the queue_outbound hook anymore #2795
-* Fix connection pool not being unique when hosts and ports were equal between domains #2789
-* fix connection pool not being unique when hosts and ports were equal between domains #2788
-* Fix outbound.bounce_message To: header (and add Auto-Submitted) #2782
-* Fix support for DKIM signing when forwarding and aliasing is enabled #2776
-* Better error message when EHLO hostname does not have a dot #2775
-* fix bannering on nested mime parts #2737
-* TLS: don't abort loading certs in config/tls dir when an error is encountered. Process every cert file and then emit errors. #2729
-* restore TLS version, correctly #2723
-
-
-## 2.8.25 - 2019-10-11
-
-### Changes
-
-* conn: remove TLS version from header #2648
-* Actually enforce using key for INTERNALCMD #2643
-* trans: assign conditions to named vars #2638
-* drop node.js v6 support #2632
-* conn: use is_local instead of localhost addr tests #2627
-* spamassassin: spamassassin: strip useless WS from tests #2624
-* es6: many updates #2615, #2674, #2680
-* systemctl: update service definition #2612
-* lint: bracket style to match newer eslint:recommended #2680
-* lint: use object shorthands (eslint:recommended) #2680
-* logger: use safer Object.prototype.hasOwnProperty #2680
-* outbound: permit # char in SMTP status code response #2689
-* dkim_sign: improve docs, add tests, es6 updates #2649
-* dkim_sign: restore default key signing feature #2649
-* tmp module: update to latest #2614
-* semver: update to latest #2616, #2651
-* async: update to latest #2653, #2664
-* repo cleanup: replaced deprecated plugins with list #2681
-* spf: es6 patterns, results.pass, test improvements, es6 patterns #2700
-
-### New features
-
-* spf: add config option to fail on NONE #2644
-
-### Fixes
-
-* mailheader: fully quality header name in _remove_more #2647
-* haraka: Connection.createConnection is not a constructor #2618
-* problems with japanese characters in body and part header #2675
-* toobusy: fix hook name (connect_pre -> connect) #2672
-* outbound: watch for socket timeouts #2687
-* outbound: permit # char prefix in SMTP status code response #2691
-* mailheader: strip whitespace between encoded-words #2702
-
-
-## 2.8.24 - Mar 12, 2019
-
-### Changes
-
-* early_talker: skip if sender has good karma #2551
-* dockerfile: update to node 10 #2552
-* Update deprecated usages of Buffer #2553
-* early_talker: extend reasons to skip checking #2564
-* tls: add 'ca' option (for CA root file) #2571
-* outbound: little cleanups #2572
-* smtp_client: pass pool_timeout to new SMTPClient #2574
-* server: default to nodes=1 (was undefined) #2573
-* test/server: use IPv4 127.0.0.1 instead of localhost #2584
-* queue/smtp_*: add v3 upgrade notice and config setting #2585
-* spf: use the skip config for helo/ehlo checks #2587
-* spf: avoid 2nd EHLO evaluation if EHLO host is identical #2592
-* queue.js refactoring #2593
-* Log dkim_sign parse errors with connection ID #2596
-* Update ipaddr.js to the latest version #2599
-* make inactivity timeout match docs #2607
-
-### New Features
-
-* Implement SIGTERM graceful shutdown if pid is 1 #2547
-* tls: require validated certs on some ports with requireAuthorized #2554
-* spamassassin: disable checks when requested #2564
-* clamd: permit skipping for relay clients #2564
-* outbound: exported outbound.temp_fail_queue, outbound.delivery_queue and add TimerQueue.discard()
-* status: new plugin #2577
-
-### Fixes
-
-* mf.resolvable: reduce timeout by one second (so < plugin.timeout) #2544
-* LMTP blocks under stress #2556
-* invalid DKIM when empty body #2410
-* prevent running callback multiple times on TLS unix socket #2509
-* add missing callback when listing queue and empty directory
-* correct MIME parsing when charset: utf8 and encoding: 8bit #2582
-* spamassassin: default check flags to true #2583
-* smtp_client: destroy when connection gets conn timeout error #2604
-* on error and timeout, remove listeners and destroy conn. #2606
-
-
-## 2.8.23 - Nov 18, 2018
-
-### Changes
-
-* tighten Haraka pattern in .gitignore #2542
-
-
-## 2.8.22 - Nov 17, 2018
-
-### New Features
-
-* enable tls/ssl for rabbitmq amqplib plugin #2518
-
-### Fixes
-
-* hmail: don't send RSET to LMTP #2530
-
-### Changes
-
-* clamd: add check.authenticated, check.private_ip, check.local_ip option
-* use get_decoded on headers that may be encoded #2537
-* connection: move max_mime_part config load to connection init #2528
-* outbound: init TLS when we send email, not when old queue file is loaded #2503
-
-### Changes
-
-* relay: update port 465 doc #2522
-* hmail: log the correct err message #2531
-* ob/tls: consistently use obtls (vs plugin) for "this" name #2524
-* outbound: add domain to loginfo message #2523
-* Add connection.remote.is_local #2532
-* update license #2525
-* perf: move max_mime_parts config load to connection init #2529
-* update semver to version 5.6.0 #2517
-* added hint to encrypted file authentication #2514
-* dkim_sign: improved log messages #2499
-* ehlo_hello_message: config/ehlo_hello_message can be used to overwrite the EHLO/HELO msg replacing `, Haraka is at your service` #2498
-* connection: add connection.remote.is_local flag for detecting loopback and link local IPs
-* add .name to outbound TLS for logs  #2492
-
-## 2.8.21 - Jul 20, 2018
-
-### New Features
-
-* outbound: skip STARTTLS after remote host fails TLS upgrade #2429
-* dns_list_base: introduce global plugin.lookback_is_rejected flag #2422
-
-### Fixes
-
-* replace all _ chars in hostnames with code points #2485
-* Don't die on invalid commands #2481
-* outbound: check list exists before attempting to use it #2478
-    * refactor outbound/hmail.process_ehlo_data #2488
-* tls: skip when redis is undefined #2472
-* Don't run delivered hook on LMTP fail #2470
-* Add tls_socket.load_tls_ini() to tls.register() #2465
-
-### Changes
-
-* outbound/tls: make into a class #2474
-* plugins: clear timeout on cancel #2477
-* txn.parse_body consistently a boolean #2476
-* update ipaddr.js to version 1.8.0 #2468
-
-
-## 2.8.20 - Jun 29, 2018
-
-* New Features
-    * n/a
-* Fixes
-    * data_headers: check defined-ness of hdr_address *after* try/catch #2458
-    * tls: remove tls.ini loading from plugins/tls #2459
-    * tls: remove invalid opt from load_tls_ini #2456
-    * outbound: escape values in HTML bounce correctly #2446
-    * dkim_sign: catch exceptions when address-rfc2822 fails to parse From #2457
-* Changes
-    * logger: Add "obj" log param to log hook that contains log data by type #2425
-    * logger: include outbound client ID in logging #2425
-    * logger: allow specifying uuid in params when logging #2425
-
-## 2.8.19 - Jun 26, 2018
-
-* New features
-    * outbound: received_header=disabled supresses outbound Received header addition. #2409
-    * auth_base.js: `check_plain_passwd` and `check_cram_md5_passwd` can now pass `message` and `code` to callback routine
-    * spf: allow bypass for relay and AUTH clients #2417
-    * spf: optionally add OpenSPF help text to rejection #2417
-    * auth_base: prevent storing of AUTH password in connection.notes.auth_passwd by setting plugin.blackout_password. #2421
-* Fixes
-    * Mitigate MIME part explosion attack #2447
-    * Always prefix ClamAV with a Received header #2407
-    * plugins/data.headers.js: wrap address-rfc2822 header parse into try block #2373
-    * tls_socket: as client, only apply TLS opts if config is valid #2414
-    * when installing, creates config/me if missing #2413
-    * queue/qmail-queue: fix a 2nd crash bug when client disconnects unexpectedly #2360
-    * remove desconstruction of SMTP commands to prevent exception #2398
-    * attstream: return self so that pipe() calls can be chained together. #2424
-    * outbound: fix dotfile cleanup to consider platform-based prefix. #2395
-    * outbound: fix handling of LMTP socket when a socket path is specified. #2376
-* Changes
-    * relay: move relay acl check to connect_init so flag is set earlier #2442
-    * process\_title: add total recipients, avg rcpts/msg, recipients/sec cur/avg/max and messages/conn #2389
-    * when relaying is set in a transaction, don't persist beyond the transaction #2393
-    * connection.set supports dot delimited path syntax #2390
-    * remove deprecated (since 2.8.16) ./dsn.js
-    * Add transaction.msg_status property that reflects message status. #2427
-    * Add transaction.notes.proxy object that hold HAProxy details. #2427
-    * spamassassin: make relay header configurable. #2418
-    * deprecate max_unrecognized_commands plugin in favor of limit. #2402
-    * xclient: add support for DESTADDR/DESTPORT. #2396
-
-## 2.8.18 - Mar 8, 2018
-
-* New features
-    * smtp_forward: domain configuration is now chosen based on domain_selector #2346
-* Fixes
-    * queue/qmail-queue: fix crash bug when client disconnects unexpectedly #2360
-    * tls: fix crash bug in `unrecognized_command` hook
-    * `dkim_key_gen.sh`: improve usability and parameter parsing #2355
-* Changes
-    * document `force_shutdown_timeout` and `graceful_shutdown` settings #2350
-
-## 2.8.17 - Feb 16, 2017
-
-* New Features
-    * SMTPS port is configurable #2269
-    * smtp_forward: enable_outbound can be set per domain #2335
-* Fixes
-    * Fix ability to set log level to emerg #2128
-    * outbound/hmail: use Buffer to correctly read binary file data + tests #2231
-    * quarantine: consolidate 2x hook_init_master functions
-    * tls_socket: restore SNI functionality, emit count of TLS certs #2293
-    * fix smtp_client error handling #2298
-    * fix outbound pools #2317
-    * add openssl-wrapper as dependency #2320
-    * replace _ chars in hostnames with code points #2324
-    * add this.removeAllListeners('connection-error') #2323
-    * Fix crashing on RSET #2328
-    * Prevent data headers crit fail #2329
-    * Fix undefined max_lines in log message #2337
-* Changes
-    * line_socket: remove superfluous function #2339
-    * consistent end of function declaration semicolon #2336
-    * connection: assure hostname is set #2338
-    * smtp_client: Fix log message typo #2334
-    * Update ipaddr.js to version 1.6.0 #2333
-    * Warn on max_header_lines #2331
-    * update jquery version #2322
-    * plugins: add SRS plugin to registry #2318
-    * tls_socket: only generate dhparam.pem on master process #2313
-    * add ENOTFOUND to also check A record #2310
-    * smtp_forward: correct config file name in docs #2309
-    * reduce severity of iconv conversion failure #2307
-    * Add txn UUID to "250 Message Queued" #2305
-    * mailheader: reduce log level priority #2299
-    * greylist: only log redis DB errors when exist #2295
-    * data.headers: reduce undef MLM logerror to logdebug #2294
-    * quarantine: consolidate 2x hook_init_master() #2292
-    * move test_queue to queue/test #2291
-    * in haraka plugin test mode, add server.notes #2248
-    * outbound/hmail: refactor #2238
-    * outbound/hmail: add JSON sanity test before JSON.parse #2231
-    * outbound/index: use newer Buffer.from syntax #2231
-    * outbound/hmail: make haraka queue files human friendly #2231
-    * plugins/rcpt_to.ldap -> haraka-plugin-rcpt-ldap #2144
-    * plugins/auth/auth_ldap -> haraka-plugin-auth-ldap #2144
-    * plugins/smtp_forward: enable_outbound can be enabled/disabled for specific domains
-    * auth_proxy: read TLS key and cert files from tls.ini #2212
-    * README: typo fixes #2210
-    * incorrect RCPT TO reply message #2227
-    * Resolve decoding bug when root part is base64 encoded. #2204
-    * Resolve base64 data truncation #2188
-    * Fix damaged encoding when body is non-utf #2187
-    * Fix disconnect hooks #2184
-    * ability to set log level to emerg #2128
-    * Improve docs for `Address` objects #2224
-    * connection: replace 3x ternaries with get_remote() #2169
-    * connection.local.host populated with hostname (from config/me) #2165
-    * connection.local.info populated with Haraka/version #2196
-    * npm packaged plugins:
-        * plugins/rcpt_to.ldap -> haraka-plugin-rcpt-ldap #2144
-        * plugins/auth/auth_ldap -> haraka-plugin-auth-ldap #2144
-        * plugins/graph -> haraka-plugin-graph #2185
-    * config: replace ./config.js with haraka-config #2119
-    * Replace concatenated strings with template literals (#2129) in:
-        * attachment #2260
-        * bin/spf #2129
-        * bin/dkimverify #2278
-        * connection #2129, #2243
-        * delay_deny #2264
-        * dkim #2216
-        * dsn #2265
-        * host_pool #2198, #2245
-        * logger #2277, #2246
-        * mailbody #2280
-        * max_unrecognised_commands #2171
-        * outbound/hmail #2259
-        * outbound/index #2249
-        * outbound/todo #2233
-        * plugins #2239
-        * plugins/aliases #2229
-        * plugins/attachment #2155
-        * plugins/auth_base #2252
-        * plugins/avg #2156
-        * plugins/backscatterer #2261
-        * plugins/bounce #2229
-        * plugins/clamd #2237
-        * plugins/connect.rdns_access #2262
-        * plugins/data.headers #2263
-        * plugins/data.uribl #2258
-        * plugins/helo.checks #2255
-        * plugins/rcpt_to.in_host_list #2253
-        * plugins/spamassassin #2256
-        * plugins/profile #2170
-        * plugins/rcpt_to.host_list_base #2254
-        * plugins/relay #2174
-        * plugins/relay_acl #2177
-        * plugins/spf #2266
-        * plugins/toobusy #2186
-        * plugins/xclient #2159
-        * rfc1869 #2159
-        * smtp_client #2129, #2208
-        * tests/host_pool #2159
-    * use es6 destructuring (#2075) in:
-        * connection #2230
-        * dkim #2232
-    * use es6 classes (#2133) in:
-        * attachment #2260
-        * attachment_stream #2215
-        * chunkemitter #2219
-        * dkim #2206
-        * dsn #2247
-        * host_pool #2194
-        * mailheader #2213
-        * mailbody #2213
-        * smtp_client #2221
-        * spf #2214
-        * tls_socket #2190
-        * timer_queue #2226
-        * outbound/hmail #2197
-        * outbound/todo #2233
-    * Automatically set connection.remote.is_private when connection.remote.ip is set #2192
-    * Add remove_msgid and remove_date options to outbound.send_email #2209
-    * Add origin option to outbound.send_mail #2314
-
-
-## 2.8.16 - Sep 30, 2017
-
-* Changes
-    * additional tests get var -> const/let medicine #2122
-    * move connection states into haraka-constants #2121
-    * lint: remove useless escapes #2117
-    * lint: switch no-var to error #2109
-    * rspamd: repackaged as NPM module #2106
-    * dsn: repackaged as NPM module haraka-dsn #2105
-    * outbound: add results when queueing #2103
-    * spamassassin: skip adding headers when value is empty #2102
-    * Replace console.log with stdout #2100
-    * update js-yaml to version 3.10.0 #2097
-    * repackage p0f plugin to NPM #2076
-    * ES6: replace var with const or let  #2073
-
-* New Features
-    * Bounces can have an HTML part #2091
-* Fixes
-    * daemon cwd #2126
-    * updated fcrdns plugin name passed to results #2115
-    * tls: only apply default key/cert paths when undefined #2111
-    * dkim_verify: fix formatting of auth results #2107
-    * smtp_forward: consistently use queue.wants #2107
-    * haraka was adding TLS header on non-TLS connection #2103
-    * dkim typo fix #2101
-    * fix rfc2231 parsing code to cope with continuation #2089
-
-## 2.8.15 - Sep 10, 2017
-
-* Changes
-    * Permit log settings to be set w/o LOG prefix #2057
-    * additional results storing in smtp_forward and quarantine #2067
-    * publish p0f plugin to NPM #2076
-    * smtp_forward stores queue note at queue.wants #2083
-    * Remove unused folders from installation #2088
-    * smtp_forward stores queue note at queue.wants #2083
-    * add get/set to conn/txn.notes #2082
-    * additional results storing in smtp_forward and quarantine #2067
-    * Permit log settings to be set w/o LOG prefix #2057
-    * support INFO *and* LOGINFO as config settings #2056
-    * log.ini, new default location for log related settings #2054
-    * dcc: replace with npm packaged version #2052
-    * qmd: replace rcpt_to.qmail_deliverable with npm #2051
-    * rspamd: pass SPF evaluation #2050
-    * add logfmt support #2047
-    * update ipaddr.js to version 1.5.0 #2037
-    * update redis to version 2.8.0 #2033
-    * disable graceful for SIGTERM #2028
-    * add additional integration tests #2026
-    * move most npm packaged plugins into optionalDependencies #2023
-* New Features
-    * TLS certificate directory (config/tls) #2032
-    * plugins can specify a queue plugin & next_hop route #2067
-    * connection/transaction notes now have get/set #2082
-* Fixes
-    * haraka cli will now create folders if they don't exist #2088
-    * maybe fix for #1852 503 response #2064
-    * crash when 'AUTH LOGIN' is sent after a successful auth #2039
-    * docs: fixed swaks test command #2034
-    * dkim: prevent dkim_verify from causing 'cannot pipe' #1693
-
-## 2.8.14 - Jul 26, 2017
-
-* Changes
-    * Fix auth plugin failure when re-selecting auth method #2000
-    * don't crash Haraka when invalid YAML config encountered #2013
-    * update semver to version 5.4.0 #2015
-    * relay docs: correct the config file name #2012
-    * rename config/xclient.hosts to match plugin & docs #2014
-    * build_todo() is part of the outbound/index.js api #2016
-    * update js-yaml to version 3.9.0 #2002
-    * outbound/hmail: use WRITE_EXCL from haraka-constants #2011
-    * replace plugins/log.elasticsearch with npm packaged #2004
-    * Remove two spurious log statements #1989
-    * access: rebuild blacklist upon change (vs supplement) #1990
-    * deliver to qmail-queue with LF line endings (not CRLF) #1997
-    * doc: add note that smtp_forward only supports STARTTLS #1988
-    * import Plugins.md from v3 #1991
-    * update async to 2.5.0 #1982
-    * update iconv to 2.3.0 #1981
-    * require node.js v6+ #1958
-    * update ipaddr.js to 1.4.0 #1972
-    * support newer address-rfc2822 #1970
-    * update node-address-rfc2821 version to 1.1.1 #1968
-    * outbound: be consistent with todo.domain #1960
-    * bump haraka-results required version #1949
-    * logger: load in a setImmediate call #1948
-    * logger: strip intermediate \n chars #1947
-    * tls consistency cleanups #1851
-    * Get pool config handling simplifcation #1868
-        * add integration test: send message w/smtp_client
-    * replace some legacy code with es6 #1862
-    * update async to version 2.2.0 #1863
-    * update ipaddr.js to version 1.3.0 #1857
-    * update redis to version 2.7.0 #1854
-    * assure conn/tran still exists before storing results #1849
-    * moved tls.ini parsing to net_utils #1848
-    * smtp forward dest split routing #1847
-    * rspamd: refactor complex condition into function #1840
-    * block js attachments #1837
-    * helo.checks: bring plugin into alignment with docs #1833
-    * when proxy enabled, update remote.is_private too #1811
-    * create an outbound queue filename handler #1792
-    * replace fcrdns with npm package #1810
-    * add an additional node_modules plugin search path #1805
-    * Set graceful shutdown off by default #1927
-    * Allow outbound pools to be disabled #1917
-    * Outbound split and move into folder #1850
-    * don't emit binary characters into the logs #1902
-    * Add .editorconfig #1884
-    * tls: remove interim variables #1871
-* New Features
-    * Use punycode domain (support SMTPUTF8) #1944
-    * Added RabbitMQ vhost support #1866
-    * clamav: allow "Unknown Result" and Socket Error to try next host #1931
-    * outbound client certificates #1908
-    * Implement the missing upgrade method on SMTPClient #1901
-    * Remove typo from relay.md #1886
-* Fixes
-    * outbound: fix queue not loaded for single process #1941
-    * outbound: Fix undefined variable platformDOT in hmail.js #1943
-    * outbound: fix undefined FsyncWriteStream var #1953
-    * Fix cluster messaging for node v6+ #1938
-    * outbound: fix loading under cluster. #1934
-    * Check pool exists before delete #1937
-    * be more strict in attachment filename matching #1957
-    * doc typo fix #1963
-    * RabbitMQ: fix encoding of user and password string #1964
-    * spf: improve modifier regexp #1859
-    * rabbitmq doc typo in config file name #1865
-    * URL to manual was 404, point to Plugins.md #1844
-    * smtp_client: set idleTimeout to 1s < pool_timeout #1842
-    * fix broken continuations #1843
-    * doc error for the 'check.authenticated' setting in rspamd plugin #1834
-    * emit _the_ result, not all of them #1829
-    * fix outbound logger #1827
-    * fix forwarding with client auth over TLS (forward to gmail) #1803
-    * Don't blow the stack on qstat #1930
-    * run dumped logs through log plugins, not console #1929
-    * Fix path parsing bug on Windows platform #1919
-    * helo: make sure list_re is defined before access #1903
-    * TLS: handle case where OCSP server is unavailable #1880
-    * rspamd: add missing 'default' keyword #1856
-    * disable naïve comment stripping #1876
-
-## 2.8.13 - Feb 03, 2017
-
-* Changes
-    * new [haraka-plugin-limit](https://github.com/haraka/haraka-plugin-limit) #1785
-        * replaces plugin/limit, plugin/rate_limit, and haraka-plugin-outbound-rate-limit
-    * p0f: skip on private IPs (normally empty) #1758
-    * spf: skip for outbound when context != myself #1763
-    * redis: plugins using redis can inherit redis config #1777
-    * redis: replace plugins/redis with haraka-plugin-redis #1786
-    * lint: require space before function declaration #1784
-    * lint: added eslint:recommended #1790
-    * logger: remove logger.colorize code for legacy node versions
-* New Features
-    * redis: add `redis_subscribe_pattern()` #1766
-    * queue/discard: add ENV that permits discarding #1791
-* Improvements
-    * rspamd: improve response parsing #1770
-    * restore Windows testing to working state #1755
-    * elasticsearch: use UTC dates for index creation #1771
-    * tls: fix dhparam usage example syntax #1774
-    * typo: logerr -> logerror #1776
-    * when generating long DKIM keys, include a BIND compatible folded key #1775
-    * in haraka-test-fixtures, access results via fixtures.results #1783
-    * integration test: end to end server testing #1791
-* Bug Fixes
-    * spf: restore functionality for relay context=myself #1759
-    * rate_limit:if incr creates a new record, assure it has a TTL #1781
-    * tls: do not create a top level secureContext #1787
-    * dnswl: swap lines to fix missing inherited methods #1793
-    * dnswl: fix config loader callback syntax #1794
-    * tests/plugins: unset process.env.HARAKA to avoid side effects that interfere with other tests
-    * remove auth_flat_file sample auth user #1796
-
-
-## 2.8.12 - Jan 03, 2017
-
-* Changes
-    * plugin/karma -> npm packaged haraka-plugin-karma #1747
-    * update generic-pool 2.4.2 -> 2.5.0
-* New Features
-    * Added option to bypass SpamAssassin headers' merge #1745
-* Improvements
-    * reduce severity of debug message #1744
-    * fix misleading entries in config/tls.ini #1734
-    * Misc. performance improvements #1738
-    * set tls.sessionIdContext property (for Thunderbird compat) #1740
-* Bug Fixes
-    * Swap lines to avoid clobbering response array #1743
-
-
-## 2.8.11 - Nov 24, 2016
-
-* Changes
-    * rename core_require to haraka_require #1708
-    * move log.syslog to haraka-plugin-syslog #1698
-    * remove tls.ini loading and is_no_tls_host to net_utils #1690
-    * replace ./utils with npm packaged haraka-utils #1720
-    * require node 4
-    * karma: add .top TLD scoring #1714
-
-* New Features
-    * Implement OCSP Stapling #1724
-
-* Improvements
-    * show help for npm packaged plugins included in core #1698
-    * use tls.connect for client #1682
-    * bring port 465 SMTPS TLS config support on par with STARTTLS #1667
-    * use tls.connect instead of createSecurePair #1678
-    * redis: improve error handling in tests #
-    * replace / path seperators with path.\* for cross platform compat #1713
-
-* Bug Fixes
-    * dkim_sign: per-domain key finding fixed #1707
-    * Rspamd: restore spam report header #1702
-    * auth/vpopmail: do not toString() when null #1695
-    * fix outbound to avoid recursive reading key/cert after refactoring #1692
-    * tls: fix option servername (not hostname) #1728
-    * correct Auth-Results cleaning #1726
-    * fix results for connection.remote_host and NXDOMAIN #1716
-
-
-## 2.8.10 - Oct 20, 2016
-
-* Changes
-    * use standard npm syntax for lint and tests #1646
-    * remove ./net_utils to haraka-net-utils #1644
-    * remove incorrect and unused spf.hello_host #1635
-    * remove rogue DENYSOFT copy-pasta error #1634
-    * update async to v2 #1545
-    * remove plugin/dir support from base haraka #1668
-        * use node_modules_dir support instead
-    * use TLSSocket instead of createSecurePair #1672
-    * refactor plugins/tls #1670
-    * moved watch plugin to npm as haraka-plugin-watch #1657
-    * normalize proxy properties #1650
-
-* New Features
-    * added connection.remote.is_private boolean #1648
-    * added additional TLS options (@typingArtist) #1651
-    * added wildcard boolean support to config loader #1680
-    * tls: allow multiple key and cert parameters for RSA+ECDSA #1663
-    * permit specifying haraka plugins w/o haraka-plugin- prefix #1645
-        * in config/plugins and resultstore
-
-* Improvements
-    * connection.geoip replaced by haraka-plugin-geoip #1645
-    * connection.asn replaced by haraka-plugin-asn #1645
-    * permit specifying npm packaged plugins w/o haraka-plugin prefix #1647
-    * normalized connection properties #1547, #1577
-    * Rspamd: fix spambar for negative scores #1630
-    * set connection.remote.is_private early
-        * replace calls to net_utils with remote.is_private test
-
-* Bug Fixes
-    * Tidy-up graceful shutdown and fix for non-cluster mode #1639
-    * Fix data.headers plugin crash #1641
-    * Fix access plugin crash #1640
-    * Minor DKIM fix #1642
-    * do not set TLS timer if timeout=0 #1632
-    * do not overwrite config/host_list on install #1637
-    * correct smtp_forward cfg for multiple rcpts #1680
-    * fix TLS timeout errors #1665
-
-
-## 2.8.9 - Oct 02, 2016
-
-* Changes
-
-* New Features
-    * Support outbound.pool_timeout of 0 to effectively disable pooling. #1561
-    * Added never_add_headers option to rspamd plugin. #1562
-    * rcpt_to.routes URI format w/ LMTP support #1568
-
-* Improvements
-    * The delay_deny plugin now has a whitelist mode (vs blacklist). #1564
-    * Don't show the private key in logs for dkim_sign. #1565
-    * update geoip for compat with newer ES (#1622)
-    * drop node 0.10 testing / official support (#1621)
-    * watch plugin displays UUIDs as URL (#1624)
-    * Catch errors on header decode in rfc2231 #1599
-    * Attachment plugin updates (#1606)
-    * add outbound.ini pool_timeout example setting #1584
-
-* Bug Fixes
-    * Fixed some small documentation issues. #1573, #1616, #1612
-    * Fixed AUTH PLAIN when it spreads over two lines. #1550
-    * Fixed dkim_verify calling next() too soon. #1566
-    * Fixed bugs with outbound pools who shutdown before we QUIT. #1561, #1572
-    * outbound issues #1615, #1603
-    * Fixed adding/removing headers in rspamd plugin. #1562
-    * Fixed process_title not shutting down. #1560
-    * fix a spurious error emitted by p0f (#1623)
-    * fix header version hiding (#1617)
-    * messagestream returns destination (#1610)
-    * plugins.getdenyfn now passed 3rd params arg (#1591)
-    * Fix scope of spf logdebug (#1598)
-    * fix rabbitmq deliveryMode bug (#1594)
-    * fix dkim_sign TypeError with null mail_from.host (#1592)
-    * fix dkim_sign attempting to lower an undefined (#1587)
-
-## 2.8.8 - Jul 20, 2016
-
-* Changes
-    * removed UPGRADE.doc to [wiki](https://github.com/haraka/Haraka/wiki/Upgrade-Haraka)
-
-* Improvements
-    * support + wildcard in aliases plugin #1531
-    * Support dkim_sign with outbound.send_email() #1512
-    * spf: always check remote IP, then public IP if != pass #1528
-    * spf: diplay IP used for SPF eval #1528
-
-* Bug Fixes
-    * handle missing wss section in http.ini #1542
-    * fix leak on socket write error #1541
-    * add results property to outbound transaction #1535
-    * don't unref unref'd wss server #1521
-
-## 2.8.7 - Jun 18, 2016
-
-* Changes
-    * Fix geoip test
-
-* Improvements
-    * Allow alias plugin to explode to a list of aliases
-    * Support IPv6 literals in HELO tests (#1507 thanks @gramakri)
-    * Make ldap plugin use the modified address if a rcpt hook
-      changes it (#1501 thanks @darkpixel)
-
-* Bug Fixes
-    * Fix loading plugins as npm modules (#1513)
-    * More DKIM fixes (#1506 thanks @zllovesuki)
-    * Fix the long failing host-pool-timer test (#1508)
-    * Fix clean shutdown of redis with new shutdown code
-      (#1504 and #1502 thanks @darkpixel)
-    * More fixes to clean shutdown (#1503)
-
-## 2.8.6 - Jun 06, 2016
-
-* Bug Fixes
-    * Fix loading under Node v4 which sends a blank message
-    * Fix quit (SIGINT) when running without nodes=
-
-## 2.8.5 - Jun 04, 2016
-
-* Changes
-    * The connection object is now passed to `get_plain_passwd`. Older
-      modules should continue to work as-is.
-    * The reseed_rng plugin now just uses the Crypto module from core.
-      Though it seems this plugin should be irrelevant with newer versions
-      of node.js
-
-* New Features
-    * Outbound mail now uses pooled connections, only sending a `QUIT`
-      message if the connection has been idle for a while.
-
-* Improvements
-    * Shut down and reload (via `haraka -c <path> --graceful`) is now
-      graceful - allowing current connections to finish and plugins
-      to clean up before ending.
-
-* Bug Fixes
-    * Bind maxmind version to ignore API change (#1492)
-    * Fix encodings when banners are used (#1477)
-    * Various DKIM fixes (#1495)
-
-## 2.8.4 - May 24, 2016
-
-* Bug Fixes
-    * Fix plugin loading override when installed (#1471)
-
-## 2.8.3 - May 18, 2016
-
-* Bug Fixes
-    * Fix config overriding for core modules (#1468)
-
-## 2.8.2 - May 17, 2016
-
-* Changes
-    * Added Node v6 to travis tests
-
-* New Features
-    * Added bin/haraka --qunstick <domain> to flush all mails
-      for that domain (#1460)
-
-* Improvements
-    * Make bin/haraka --qlist show much more information (#1452)
-    * Allow CIDR ranges in no_tls_hosts (#1450)
-
-* Bug Fixes
-    * 2.8.0 was shipped with a broken config/plugins. (#1453)
-    * Stop haraka dying when ldap connections fail (#1456)
-    * Pick up domain specific config correctly in ldap (#1456)
-
-## 2.8.0 - May 06, 2016
-
-* Changes
-    * updated dependency versions (#1426, #1425)
-    * use utf8 encoding for body filters (#1429)
-    * remove spameatingmonkey from tests (#1421)
-    * replace ./constants.js with haraka-constants (#1353)
-    * Document HMail and TODO items (#1343)
-    * Copy only a minimal config/\* by default (#1341).
-    * cfreader/\* removed to haraka/haraka-config (#1350)
-    * outbound and smtp_client honor tls.ini settings (#1350)
-    * outbound TLS defaults to enabled
-    * lint: remove all unused variables (#1358)
-    * replace ./address.js with address-rfc2181 (#1359)
-
-* New Features
-    * smtp_forward: accepts a list of backend hosts, thanks @kgeoss (#1333)
-    * config: add array[] syntax to INI files (#1345)
-    * plugins.js: support require('./config') in plugins
-    * Load plugin config from own folder and merge (#1335)
-    * Allow original email's Subject to be included in bounce message (#1337)
-    * new queue/smtp_bridge plugin, thanks @jesucarr (#1351)
-
-* Improvements
-    * early_talker: supports IP whitelisting (#1423)
-    * loading plugins as packages (#1278)
-    * removed TLD stuff to haraka/haraka-tld (#1301)
-    * removed unused 'require('redis') in plugins/karma (#1348)
-    * improved MIME header support per rfc2231 (#1344)
-    * tls options can be defined for outbound and smtp\_\* (#1357)
-    * explicitly disable SSLv2 (#1395)
-    * cache STUN results
-    * xclient plugin improvements (#1405)
-    * tls: Set verify=NO correctly when no certificate presented (#1400)
-    * improved message header decoding (#1403, #1406)
-    * bounce: skip single_recipient check for relays/private_ips (#1385)
-    * rspamd docs: Clarify usage of check.private_ip (#1383)
-    * if rcpt_to returns DSN in msg, log it properly (#1375)
-
-* Bug Fixes
-    * fix out-of-range errors from banner insertion (#1334)
-    * dkim_verify: Call next only after message_stream ended (#1330)
-    * outbound: remove type check from pid match (#1322)
-    * lint: enable no-shadown and remove all shadow variables (#1349)
-    * spf: fix log_debug syntax (#1416)
-    * auto_proxy: fix a starttls loop (#1392)
-    * fcrdns: corrected err variable name (#1391)
-    * rspamd: Fix undefined variable (#1396)
-    * dkim_verify: Fix header handling (#1371)
-    * smtp_client: fix remote_ip (#1362)
-
-
-## 2.7.3 - Feb 04, 2016
-
-* Changes
-    * smtp_proxy & qmail-queue: default to enabled for outbound deliveries
-      (previously used Outbound), to better matches user expectations.
-
-* New Features
-    * outbound: allow passing notes to send_email (#1295)
-
-* Improvements
-    * logging: emit log message queue before shutting down (#1296)
-    * result_store: permit redis pub/sub to work when host != localhost (#1277)
-    * tests: quiet the extremely verbose messages (#1282)
-    * rspamd: add timeout error handling (#1276)
-    * watch: fix display of early_talker results (#1281)
-    * spamassassin: publish results to result_store (#1280)
-    * karma: can now connect to redis on hosts other than localhost (#1275)
-    * geoip & p0f: don't log empty/null values from RFC 1918 connects (#1267)
-    * redis: make plugin params match docs (#1273)
-    * mailbody: small refactoring (#1315)
-    * smtp_proxy & qmail-queue: default to enabled for outbound (#1308)
-
-* Bug Fixes
-    * redis: use correct path for db.select (#1273)
-    * count errors correctly (#1274)
-    * logger: ignore null arguments (#1299)
-    * connection: pause for hook_reset_transaction (#1303)
-    * rcpt_to.routes: update redis usage for compat with redis plugin (#1302)
-    * smtp_forward: use correct config path to auth settings (#1327)
-    * messagestream: correctly pass options parameter to get_data (#1316)
-    * spf: honour configuration for mfrom scope (#1322)
-    * outbound: Add missing dash to 'Final-Recipient' header name (#1320)
-
-
-## 2.7.2 - Dec 15, 2015
-
-* Bug Fixes
-    * Revert a change that broke plugin loading
-
-
-## 2.7.1 - Dec 14, 2015
-
-* New Features
-    * added debian init.d file (#1255) @slattery
-
-* Improvements
-    * smtp_forward auth settings now work (#430)
-    * better handling of broken messages (#1234)
-    * Docker: use latest Phusion image && stdout (#1238, #1239)
-    * Clean up plugin loading a tiny bit (#1242)
-    * make dkim keydir case insensitive (1251)
-    * ignore DNS errors that aren't errors (#1247)
-    * outbound doc updates (#1258) @Currerius
-    * outbound: return DENYSOFT on queue error (#1264)
-    * smtp_client: if enable_tls is set and TLS files missing, warn (#1266)
-
-* Bug Fixes
-    * Don't sent empty headers to rspamd (#1230)
-    * Fix auth_base.js key need to be a string - number.toString() (#1228)
-    * fix bug with empty charset= on mime parts … (#1225)
-    * Fix "passwd" check crash with numeric password. (#1254)
-    * result_store: show arrays when not empty (#1261)
-
-
-## 2.7.0 - Oct 07, 2015
-
-* New Features
-    * SPF bounce check
-    * rspamd plugin (@fatalbanana)
-    * watch plugin
-    * limit plugin (connection concurrency, errors, unrecognized commands)
-    * plugins can now be npm packages (see also #946)
-    * built-in HTTP server (Express backed)
-    * ESETS AV plugin
-    * DCC plugin (incomplete)
-    * Add LOGIN support to XCLIENT
-    * backscatterer plugin
-    * full IPv4 & IPv6 compatibility inbound #1120, #1123, #1154 (@Dexus)
-    * Early talker #1075 (@smfreegard, @msimerson)
-    * permit loading of plugins in node_modules #1056 (@msimerson)
-
-* Improvements
-    * Fix anti_spoof by use config #1171
-    * Add license clause #1170
-    * package.json dependencies and travis update #1147, #1168 (@Dexus)
-    * logging: remove node-syslog and strong-fork-syslog with modern-syslog #1145 (@Dexus)
-    * aliases: support for email, user and host aliases #1149 (@Dexus)
-    * add docs for use private key with TLS #1130 (@Dexus)
-    * outbound: ENOENT on dotfile - compatibility for windows #1129 (@Dexus)
-    * plugin/attachment: block more attachment file types #1191 (@Dexus)
-    * remove double functions #1126 (@Dexus)
-    * Outbound Bounce messages according to RFC3464 #1189 (@hatsebutz)
-    * toobusy: only run checks if toobusy.js installed and loads
-    * HAProxy: set local_ip, local_port and remote_port
-    * save auth pass/fail/user to result_store
-    * ini files no longer require values (useful for storing lists)
-    * connection: add MAIL and RCPT to results
-    * results_store: enable 'emit' feature for .push()
-    * add support for custom Outbound Received header value (@zombified)
-    * save smtp_forward result to result_store
-    * auth_base: permit a return message (@DarkSorrow)
-    * add DSN.create() and RFC 4954 support
-    * enhanced pipelining support
-    * added config/access.domains with some tips (@EyePulp)
-    * Add SSL detection over plain-text socket
-    * earlytalker: store results
-    * bounce: make it safe to check non_local_msgid
-    * AVG: store results, added defer options
-    * tls: change createCredentials to tls.createSecureContext (@DarkSorrow)
-    * update dependency versions (esp async 0.2.9 -> 1.0.0)
-    * ASN docs: add FTP download note for routeviews
-    * karma: removed concurrency limits (see limit plugin) and penalty feature
-    * added utils.elapsed()
-    * deny message includes hostname
-    * Add Fisher-Yates shuffle to randomize lookup order in data.uribl
-    * change default message size limit to 25mb
-    * auth_base: save auth results
-    * upgrade toobusy plugin to toobusy-js (@alexkavon)
-    * configfile: permit / char in ini keys
-    * added utils.node_min()
-    * added result_store.get_all()
-    * updated ubuntu upstart script
-    * plugin/rate_limit: return in no custom default is set 0 = unlimited #1186, #1185
-    * Outbound.send_email: added dot-stuffing #1176, #1165 (@hatsebutz)
-    * make sure server object is availabe to plugins loaded from node_modules #1162 (@bmonty)
-    * Net_utils.get_ips_by_host #1160 (@msimerson)
-    * fcrdns: don't log error for ENODATA #1140 (@msimerson)
-    * improve MUA detection #1137 (@msimerson)
-    * tls: tmp disable for hosts that fail STARTTLS #1136 (@msimerson)
-    * karma: skip deny on outbound hooks #1100 (@msimerson)
-    * Store HAProxy IP in connection object #1097 (@smfreegard)
-    * Remove UUID from queued message #1092 (@smfreegard)
-
-* Bug Fixes
-    * fix windows build and test failures #1076 (@msimerson)
-    * Fix plugin ordering #1081 (@smfreegard)
-    * Fix distance reporting to X-Haraka-GeoIP for geoip-lite #1086 (@smfreegard)
-    * uribl: prevent calling next() more than 1x #1138 (@msimerson)
-    * Fix so constants are imported when plugin is loaded from node_modules. #1133 (@bmonty)
-    * Include STMP-code in bounce-reason string for upstream 5XX responses #1117 (@hatsebutz)
-    * TLS fixes: add timed_out flag and karma should not run deny hook on it. #1109 (@smfreegard)
-    * Fix port to number instead of string for HAProxy #1108 (@DarkSorrow)
-    * Plugin dcc: fixed syntax error #1164 (@hatsebutz)
-    * config: fix flat files if \r\n lines #1187 (@Dexus)
-    * corrected hook_rcpt log code hook_rcpt_ok returns CONT
-    * fix crash bug when loglevel = LOGDEBUG
-    * corrected pathname in rcpt.ldap plugin (@abhas)
-    * added helo.checks boolean for proto_mismatch
-    * make rate_limit redis keys always expire @celesteking
-    * dkim_sign: Buffer.concat expects an array of buffers
-    * transaction: check discard_data before adding line end (@DarkSorrow)
-    * fix 8-bit msg not displayed properly in gmail
-    * fcrdns: always init results
-    * TLS timer on error
-    * dkim_verify: fixed timeout issue
-    * smtp\_[proxy|forward]: correct authentication example
-    * Fork child workers after init_master hook
-    * connection: return 450/550 for plugin DENY\* (was 452/552)
-    * spamassassin: don't call next() when transaction gone
-    * outbound: fix crash when sending bounce mail
-    * auth_base: fix bad protocol in auth_base.js #1121 (@Dexus)
-    * outbound: Fix HELO/rDNS issue while using multiple outbound ip #1128 (@Dexus)
-    * connection: Fix bug when client disconnect after sending data #1193
-    * Fix connect.geoip bug #1144 (@smfreegard)
-    * Fix tiny bug in messagesniffer #1198 (@smfreegard)
-
-## 2.6.1 - Mar 27, 2015
-
-* added sedation timers for config file re-reading
-* Add AUTH support to outbound
-* tests/spf: quiet excessive DEBUG noise
-* allow domains with underscore
-* correct name of domains config file in access
-* Fix SMTP AUTH in smtp_forward/proxy and add docs
-* Fix opts not being passed to HMailItem \_bounce function
-* log.syslog will try strong-fork-syslog (for node 0.12 compat)
-* improvements to Plugin docs
-* rename net_utils.is_rfc1918 -> is_private_ip
-    * IPv6 compat
-    * test coverage
-    * add IPv6 unique local fc00::/7
-* pre-populated config/plugins
-* added utils.extend, copies props onto objects
-
-## 2.6.0 - Feb 21, 2015
-
-* other bug fixes
-* updated a few tests so test suite passes on Windows
-* log.syslog: handle failure to load node-syslog
-* plugin directory is $ENV definable (@martin1yness)
-* logging timestamps were static, fixed by @cloudbuy
-* queue/rabbitmq_amqplib, new plugin for RabbitMQ using amqplib (@esevece)
-* outbound:
-    * plugins can set the outbound IP (during get_mx)
-    * only replace line endings if not \r\n
-    * bannering fixes
-    * added support for per recipient routes
-* tls: don't register hooks upless certs exist
-* removed contrib/geolite-mirror-simple.pl (replaced by
+- require haraka-net-utils >= 1.2.2 #2876
+
+### 2.8.26 - 2020-11-18
+
+#### Changes
+
+- add config options for OAR & AR headers #2855
+- plugins.js: also strip haraka-plugin prefix from plugin.name #2846
+- smtp_forward/spamssassin: grab refs of conn/txn to avoid crashes due to lack of existence. #2847
+- outbound: add extended reason to bounce message #2843
+- hgrep: replaced perl script with shell script #2842
+- connection: send temp error when requested #2841
+- headers: updated deprecated messages #2845
+- hmail: socket.on -> socket.once #2838
+- hmail: check for zero length queue file #2835
+- outbound: add os.hostname() as default for outbound HELO #2813
+- use node v10's mkdir instead of mkdirp #2797
+- CI: drop appveyor and Travis #2784
+- lint: add 'prefer-template'
+- update async to version 3.2.0 #2764
+- update redis to version 3.0.0 #2759
+- remove deprecated max_unrecognized_commands from config #2755
+- CI: add ES2017 support, drop node 8 #2740
+- fix broken bannering on nested mime parts #2736
+- restore TLS version info, set correctly #2723
+- better error message when invalid HELO hostname is rejected
+- bring STARTTLS "TLS NO-GO" feature in line with Outbound's #2792
+- add listener for secureConnect #2828
+- removed plugins/data.headers to haraka-plugin-headers #2826
+- add zero-length queue size check
+- send temp instead of hard error when asked to by `unrecognized_command`
+
+#### New features
+
+- Allow web interface to be bound to unix socket #2768
+- tls: add configurable minVersion to tls socket options #2738
+- connection_close_message: added ability to override close connection message replacing `closing connection. Have a jolly good day.` #2730
+- add JSON format for logging #2739
+- support binding web interface to unix socket
+
+#### Fixes
+
+- check for punycode domain names when resolving MX, avoid crash #2861
+- wait until entire message is spooled when spool_after in use #2840
+- hmail: add missing space in temp_fail emitter #2837
+- fix outbound config reloading after outbound split #2802
+- smtp_forward: remove redundant outbound hook #2796
+- smtp_forward: this plugin does not use the queue_outbound hook anymore #2795
+- Fix connection pool not being unique when hosts and ports were equal between domains #2789
+- fix connection pool not being unique when hosts and ports were equal between domains #2788
+- Fix outbound.bounce_message To: header (and add Auto-Submitted) #2782
+- Fix support for DKIM signing when forwarding and aliasing is enabled #2776
+- Better error message when EHLO hostname does not have a dot #2775
+- fix bannering on nested mime parts #2737
+- TLS: don't abort loading certs in config/tls dir when an error is encountered. Process every cert file and then emit errors. #2729
+- restore TLS version, correctly #2723
+
+### 2.8.25 - 2019-10-11
+
+#### Changes
+
+- conn: remove TLS version from header #2648
+- Actually enforce using key for INTERNALCMD #2643
+- trans: assign conditions to named vars #2638
+- drop node.js v6 support #2632
+- conn: use is_local instead of localhost addr tests #2627
+- spamassassin: spamassassin: strip useless WS from tests #2624
+- es6: many updates #2615, #2674, #2680
+- systemctl: update service definition #2612
+- lint: bracket style to match newer eslint:recommended #2680
+- lint: use object shorthands (eslint:recommended) #2680
+- logger: use safer Object.prototype.hasOwnProperty #2680
+- outbound: permit # char in SMTP status code response #2689
+- dkim_sign: improve docs, add tests, es6 updates #2649
+- dkim_sign: restore default key signing feature #2649
+- tmp module: update to latest #2614
+- semver: update to latest #2616, #2651
+- async: update to latest #2653, #2664
+- repo cleanup: replaced deprecated plugins with list #2681
+- spf: es6 patterns, results.pass, test improvements, es6 patterns #2700
+
+#### New features
+
+- spf: add config option to fail on NONE #2644
+
+#### Fixes
+
+- mailheader: fully quality header name in \_remove_more #2647
+- haraka: Connection.createConnection is not a constructor #2618
+- problems with japanese characters in body and part header #2675
+- toobusy: fix hook name (connect_pre -> connect) #2672
+- outbound: watch for socket timeouts #2687
+- outbound: permit # char prefix in SMTP status code response #2691
+- mailheader: strip whitespace between encoded-words #2702
+
+### 2.8.24 - Mar 12, 2019
+
+#### Changes
+
+- early_talker: skip if sender has good karma #2551
+- dockerfile: update to node 10 #2552
+- Update deprecated usages of Buffer #2553
+- early_talker: extend reasons to skip checking #2564
+- tls: add 'ca' option (for CA root file) #2571
+- outbound: little cleanups #2572
+- smtp_client: pass pool_timeout to new SMTPClient #2574
+- server: default to nodes=1 (was undefined) #2573
+- test/server: use IPv4 127.0.0.1 instead of localhost #2584
+- queue/smtp_*: add v3 upgrade notice and config setting #2585
+- spf: use the skip config for helo/ehlo checks #2587
+- spf: avoid 2nd EHLO evaluation if EHLO host is identical #2592
+- queue.js refactoring #2593
+- Log dkim_sign parse errors with connection ID #2596
+- Update ipaddr.js to the latest version #2599
+- make inactivity timeout match docs #2607
+
+#### New Features
+
+- Implement SIGTERM graceful shutdown if pid is 1 #2547
+- tls: require validated certs on some ports with requireAuthorized #2554
+- spamassassin: disable checks when requested #2564
+- clamd: permit skipping for relay clients #2564
+- outbound: exported outbound.temp_fail_queue, outbound.delivery_queue and add TimerQueue.discard()
+- status: new plugin #2577
+
+#### Fixes
+
+- mf.resolvable: reduce timeout by one second (so < plugin.timeout) #2544
+- LMTP blocks under stress #2556
+- invalid DKIM when empty body #2410
+- prevent running callback multiple times on TLS unix socket #2509
+- add missing callback when listing queue and empty directory
+- correct MIME parsing when charset: utf8 and encoding: 8bit #2582
+- spamassassin: default check flags to true #2583
+- smtp_client: destroy when connection gets conn timeout error #2604
+- on error and timeout, remove listeners and destroy conn. #2606
+
+### 2.8.23 - Nov 18, 2018
+
+#### Changes
+
+- tighten Haraka pattern in .gitignore #2542
+
+### 2.8.22 - Nov 17, 2018
+
+#### New Features
+
+- enable tls/ssl for rabbitmq amqplib plugin #2518
+
+#### Fixes
+
+- hmail: don't send RSET to LMTP #2530
+
+#### Changes
+
+- clamd: add check.authenticated, check.private_ip, check.local_ip option
+- use get_decoded on headers that may be encoded #2537
+- connection: move max_mime_part config load to connection init #2528
+- outbound: init TLS when we send email, not when old queue file is loaded #2503
+- relay: update port 465 doc #2522
+- hmail: log the correct err message #2531
+- ob/tls: consistently use obtls (vs plugin) for "this" name #2524
+- outbound: add domain to loginfo message #2523
+- Add connection.remote.is_local #2532
+- update license #2525
+- perf: move max_mime_parts config load to connection init #2529
+- update semver to version 5.6.0 #2517
+- added hint to encrypted file authentication #2514
+- dkim_sign: improved log messages #2499
+- ehlo_hello_message: config/ehlo_hello_message can be used to overwrite the EHLO/HELO msg replacing `, Haraka is at your service` #2498
+- connection: add connection.remote.is_local flag for detecting loopback and link local IPs
+- add .name to outbound TLS for logs #2492
+
+### 2.8.21 - Jul 20, 2018
+
+#### New Features
+
+- outbound: skip STARTTLS after remote host fails TLS upgrade #2429
+- dns_list_base: introduce global plugin.lookback_is_rejected flag #2422
+
+#### Fixes
+
+- replace all \_ chars in hostnames with code points #2485
+- Don't die on invalid commands #2481
+- outbound: check list exists before attempting to use it #2478
+  - refactor outbound/hmail.process_ehlo_data #2488
+- tls: skip when redis is undefined #2472
+- Don't run delivered hook on LMTP fail #2470
+- Add tls_socket.load_tls_ini() to tls.register() #2465
+
+#### Changes
+
+- outbound/tls: make into a class #2474
+- plugins: clear timeout on cancel #2477
+- txn.parse_body consistently a boolean #2476
+- update ipaddr.js to version 1.8.0 #2468
+
+### 2.8.20 - Jun 29, 2018
+
+#### Fixes
+
+- data_headers: check defined-ness of hdr_address _after_ try/catch #2458
+- tls: remove tls.ini loading from plugins/tls #2459
+- tls: remove invalid opt from load_tls_ini #2456
+- outbound: escape values in HTML bounce correctly #2446
+- dkim_sign: catch exceptions when address-rfc2822 fails to parse From #2457
+
+#### Changes
+
+- logger: Add "obj" log param to log hook that contains log data by type #2425
+- logger: include outbound client ID in logging #2425
+- logger: allow specifying uuid in params when logging #2425
+
+### 2.8.19 - Jun 26, 2018
+
+#### New features
+
+- outbound: received_header=disabled supresses outbound Received header addition. #2409
+- auth_base.js: `check_plain_passwd` and `check_cram_md5_passwd` can now pass `message` and `code` to callback routine
+- spf: allow bypass for relay and AUTH clients #2417
+- spf: optionally add OpenSPF help text to rejection #2417
+- auth_base: prevent storing of AUTH password in connection.notes.auth_passwd by setting plugin.blackout_password. #2421
+
+#### Fixes
+
+- Mitigate MIME part explosion attack #2447
+- Always prefix ClamAV with a Received header #2407
+- plugins/data.headers.js: wrap address-rfc2822 header parse into try block #2373
+- tls_socket: as client, only apply TLS opts if config is valid #2414
+- when installing, creates config/me if missing #2413
+- queue/qmail-queue: fix a 2nd crash bug when client disconnects unexpectedly #2360
+- remove desconstruction of SMTP commands to prevent exception #2398
+- attstream: return self so that pipe() calls can be chained together. #2424
+- outbound: fix dotfile cleanup to consider platform-based prefix. #2395
+- outbound: fix handling of LMTP socket when a socket path is specified. #2376
+
+#### Changes
+
+- relay: move relay acl check to connect_init so flag is set earlier #2442
+- process_title: add total recipients, avg rcpts/msg, recipients/sec cur/avg/max and messages/conn #2389
+- when relaying is set in a transaction, don't persist beyond the transaction #2393
+- connection.set supports dot delimited path syntax #2390
+- remove deprecated (since 2.8.16) ./dsn.js
+- Add transaction.msg_status property that reflects message status. #2427
+- Add transaction.notes.proxy object that hold HAProxy details. #2427
+- spamassassin: make relay header configurable. #2418
+- deprecate max_unrecognized_commands plugin in favor of limit. #2402
+- xclient: add support for DESTADDR/DESTPORT. #2396
+
+### 2.8.18 - Mar 8, 2018
+
+#### New features
+
+- smtp_forward: domain configuration is now chosen based on domain_selector #2346
+
+#### Fixes
+
+- queue/qmail-queue: fix crash bug when client disconnects unexpectedly #2360
+- tls: fix crash bug in `unrecognized_command` hook
+- `dkim_key_gen.sh`: improve usability and parameter parsing #2355
+
+#### Changes
+
+- document `force_shutdown_timeout` and `graceful_shutdown` settings #2350
+
+### 2.8.17 - Feb 16, 2017
+
+#### New Features
+
+- SMTPS port is configurable #2269
+- smtp_forward: enable_outbound can be set per domain #2335
+
+#### Fixes
+
+- Fix ability to set log level to emerg #2128
+- outbound/hmail: use Buffer to correctly read binary file data + tests #2231
+- quarantine: consolidate 2x hook_init_master functions
+- tls_socket: restore SNI functionality, emit count of TLS certs #2293
+- fix smtp_client error handling #2298
+- fix outbound pools #2317
+- add openssl-wrapper as dependency #2320
+- replace \_ chars in hostnames with code points #2324
+- add this.removeAllListeners('connection-error') #2323
+- Fix crashing on RSET #2328
+- Prevent data headers crit fail #2329
+- Fix undefined max_lines in log message #2337
+
+#### Changes
+
+- line_socket: remove superfluous function #2339
+- consistent end of function declaration semicolon #2336
+- connection: assure hostname is set #2338
+- smtp_client: Fix log message typo #2334
+- Update ipaddr.js to version 1.6.0 #2333
+- Warn on max_header_lines #2331
+- update jquery version #2322
+- plugins: add SRS plugin to registry #2318
+- tls_socket: only generate dhparam.pem on master process #2313
+- add ENOTFOUND to also check A record #2310
+- smtp_forward: correct config file name in docs #2309
+- reduce severity of iconv conversion failure #2307
+- Add txn UUID to "250 Message Queued" #2305
+- mailheader: reduce log level priority #2299
+- greylist: only log redis DB errors when exist #2295
+- data.headers: reduce undef MLM logerror to logdebug #2294
+- quarantine: consolidate 2x hook_init_master() #2292
+- move test_queue to queue/test #2291
+- in haraka plugin test mode, add server.notes #2248
+- outbound/hmail: refactor #2238
+- outbound/hmail: add JSON sanity test before JSON.parse #2231
+- outbound/index: use newer Buffer.from syntax #2231
+- outbound/hmail: make haraka queue files human friendly #2231
+- plugins/rcpt_to.ldap -> haraka-plugin-rcpt-ldap #2144
+- plugins/auth/auth_ldap -> haraka-plugin-auth-ldap #2144
+- plugins/smtp_forward: enable_outbound can be enabled/disabled for specific domains
+- auth_proxy: read TLS key and cert files from tls.ini #2212
+- README: typo fixes #2210
+- incorrect RCPT TO reply message #2227
+- Resolve decoding bug when root part is base64 encoded. #2204
+- Resolve base64 data truncation #2188
+- Fix damaged encoding when body is non-utf #2187
+- Fix disconnect hooks #2184
+- ability to set log level to emerg #2128
+- Improve docs for `Address` objects #2224
+- connection: replace 3x ternaries with get_remote() #2169
+- connection.local.host populated with hostname (from config/me) #2165
+- connection.local.info populated with Haraka/version #2196
+- npm packaged plugins:
+  - plugins/rcpt_to.ldap -> haraka-plugin-rcpt-ldap #2144
+  - plugins/auth/auth_ldap -> haraka-plugin-auth-ldap #2144
+  - plugins/graph -> haraka-plugin-graph #2185
+- config: replace ./config.js with haraka-config #2119
+- Replace concatenated strings with template literals (#2129) in:
+  - attachment #2260
+  - bin/spf #2129
+  - bin/dkimverify #2278
+  - connection #2129, #2243
+  - delay_deny #2264
+  - dkim #2216
+  - dsn #2265
+  - host_pool #2198, #2245
+  - logger #2277, #2246
+  - mailbody #2280
+  - max_unrecognised_commands #2171
+  - outbound/hmail #2259
+  - outbound/index #2249
+  - outbound/todo #2233
+  - plugins #2239
+  - plugins/aliases #2229
+  - plugins/attachment #2155
+  - plugins/auth_base #2252
+  - plugins/avg #2156
+  - plugins/backscatterer #2261
+  - plugins/bounce #2229
+  - plugins/clamd #2237
+  - plugins/connect.rdns_access #2262
+  - plugins/data.headers #2263
+  - plugins/data.uribl #2258
+  - plugins/helo.checks #2255
+  - plugins/rcpt_to.in_host_list #2253
+  - plugins/spamassassin #2256
+  - plugins/profile #2170
+  - plugins/rcpt_to.host_list_base #2254
+  - plugins/relay #2174
+  - plugins/relay_acl #2177
+  - plugins/spf #2266
+  - plugins/toobusy #2186
+  - plugins/xclient #2159
+  - rfc1869 #2159
+  - smtp_client #2129, #2208
+  - tests/host_pool #2159
+- use es6 destructuring (#2075) in:
+  - connection #2230
+  - dkim #2232
+- use es6 classes (#2133) in:
+  - attachment #2260
+  - attachment_stream #2215
+  - chunkemitter #2219
+  - dkim #2206
+  - dsn #2247
+  - host_pool #2194
+  - mailheader #2213
+  - mailbody #2213
+  - smtp_client #2221
+  - spf #2214
+  - tls_socket #2190
+  - timer_queue #2226
+  - outbound/hmail #2197
+  - outbound/todo #2233
+- Automatically set connection.remote.is_private when connection.remote.ip is set #2192
+- Add remove_msgid and remove_date options to outbound.send_email #2209
+- Add origin option to outbound.send_mail #2314
+
+### 2.8.16 - Sep 30, 2017
+
+#### Changes
+
+  - additional tests get var -> const/let medicine #2122
+  - move connection states into haraka-constants #2121
+  - lint: remove useless escapes #2117
+  - lint: switch no-var to error #2109
+  - rspamd: repackaged as NPM module #2106
+  - dsn: repackaged as NPM module haraka-dsn #2105
+  - outbound: add results when queueing #2103
+  - spamassassin: skip adding headers when value is empty #2102
+  - Replace console.log with stdout #2100
+  - update js-yaml to version 3.10.0 #2097
+  - repackage p0f plugin to NPM #2076
+  - ES6: replace var with const or let #2073
+
+#### New Features
+
+- Bounces can have an HTML part #2091
+
+#### Fixes
+
+- daemon cwd #2126
+- updated fcrdns plugin name passed to results #2115
+- tls: only apply default key/cert paths when undefined #2111
+- dkim_verify: fix formatting of auth results #2107
+- smtp_forward: consistently use queue.wants #2107
+- haraka was adding TLS header on non-TLS connection #2103
+- dkim typo fix #2101
+- fix rfc2231 parsing code to cope with continuation #2089
+
+### 2.8.15 - Sep 10, 2017
+
+#### Changes
+
+- Permit log settings to be set w/o LOG prefix #2057
+- additional results storing in smtp_forward and quarantine #2067
+- publish p0f plugin to NPM #2076
+- smtp_forward stores queue note at queue.wants #2083
+- Remove unused folders from installation #2088
+- smtp_forward stores queue note at queue.wants #2083
+- add get/set to conn/txn.notes #2082
+- additional results storing in smtp_forward and quarantine #2067
+- Permit log settings to be set w/o LOG prefix #2057
+- support INFO _and_ LOGINFO as config settings #2056
+- log.ini, new default location for log related settings #2054
+- dcc: replace with npm packaged version #2052
+- qmd: replace rcpt_to.qmail_deliverable with npm #2051
+- rspamd: pass SPF evaluation #2050
+- add logfmt support #2047
+- update ipaddr.js to version 1.5.0 #2037
+- update redis to version 2.8.0 #2033
+- disable graceful for SIGTERM #2028
+- add additional integration tests #2026
+- move most npm packaged plugins into optionalDependencies #2023
+
+#### New Features
+
+- TLS certificate directory (config/tls) #2032
+- plugins can specify a queue plugin & next_hop route #2067
+- connection/transaction notes now have get/set #2082
+
+#### Fixes
+
+- haraka cli will now create folders if they don't exist #2088
+- maybe fix for #1852 503 response #2064
+- crash when 'AUTH LOGIN' is sent after a successful auth #2039
+- docs: fixed swaks test command #2034
+- dkim: prevent dkim_verify from causing 'cannot pipe' #1693
+
+### 2.8.14 - Jul 26, 2017
+
+#### Changes
+
+- Fix auth plugin failure when re-selecting auth method #2000
+- don't crash Haraka when invalid YAML config encountered #2013
+- update semver to version 5.4.0 #2015
+- relay docs: correct the config file name #2012
+- rename config/xclient.hosts to match plugin & docs #2014
+- build_todo() is part of the outbound/index.js api #2016
+- update js-yaml to version 3.9.0 #2002
+- outbound/hmail: use WRITE_EXCL from haraka-constants #2011
+- replace plugins/log.elasticsearch with npm packaged #2004
+- Remove two spurious log statements #1989
+- access: rebuild blacklist upon change (vs supplement) #1990
+- deliver to qmail-queue with LF line endings (not CRLF) #1997
+- doc: add note that smtp_forward only supports STARTTLS #1988
+- import Plugins.md from v3 #1991
+- update async to 2.5.0 #1982
+- update iconv to 2.3.0 #1981
+- require node.js v6+ #1958
+- update ipaddr.js to 1.4.0 #1972
+- support newer address-rfc2822 #1970
+- update node-address-rfc2821 version to 1.1.1 #1968
+- outbound: be consistent with todo.domain #1960
+- bump haraka-results required version #1949
+- logger: load in a setImmediate call #1948
+- logger: strip intermediate \n chars #1947
+- tls consistency cleanups #1851
+- Get pool config handling simplifcation #1868
+  - add integration test: send message w/smtp_client
+- replace some legacy code with es6 #1862
+- update async to version 2.2.0 #1863
+- update ipaddr.js to version 1.3.0 #1857
+- update redis to version 2.7.0 #1854
+- assure conn/tran still exists before storing results #1849
+- moved tls.ini parsing to net_utils #1848
+- smtp forward dest split routing #1847
+- rspamd: refactor complex condition into function #1840
+- block js attachments #1837
+- helo.checks: bring plugin into alignment with docs #1833
+- when proxy enabled, update remote.is_private too #1811
+- create an outbound queue filename handler #1792
+- replace fcrdns with npm package #1810
+- add an additional node_modules plugin search path #1805
+- Set graceful shutdown off by default #1927
+- Allow outbound pools to be disabled #1917
+- Outbound split and move into folder #1850
+- don't emit binary characters into the logs #1902
+- Add .editorconfig #1884
+- tls: remove interim variables #1871
+
+#### New Features
+
+- Use punycode domain (support SMTPUTF8) #1944
+- Added RabbitMQ vhost support #1866
+- clamav: allow "Unknown Result" and Socket Error to try next host #1931
+- outbound client certificates #1908
+- Implement the missing upgrade method on SMTPClient #1901
+- Remove typo from relay.md #1886
+
+#### Fixes
+
+- outbound: fix queue not loaded for single process #1941
+- outbound: Fix undefined variable platformDOT in hmail.js #1943
+- outbound: fix undefined FsyncWriteStream var #1953
+- Fix cluster messaging for node v6+ #1938
+- outbound: fix loading under cluster. #1934
+- Check pool exists before delete #1937
+- be more strict in attachment filename matching #1957
+- doc typo fix #1963
+- RabbitMQ: fix encoding of user and password string #1964
+- spf: improve modifier regexp #1859
+- rabbitmq doc typo in config file name #1865
+- URL to manual was 404, point to Plugins.md #1844
+- smtp_client: set idleTimeout to 1s < pool_timeout #1842
+- fix broken continuations #1843
+- doc error for the 'check.authenticated' setting in rspamd plugin #1834
+- emit _the_ result, not all of them #1829
+- fix outbound logger #1827
+- fix forwarding with client auth over TLS (forward to gmail) #1803
+- Don't blow the stack on qstat #1930
+- run dumped logs through log plugins, not console #1929
+- Fix path parsing bug on Windows platform #1919
+- helo: make sure list_re is defined before access #1903
+- TLS: handle case where OCSP server is unavailable #1880
+- rspamd: add missing 'default' keyword #1856
+- disable naïve comment stripping #1876
+
+### 2.8.13 - Feb 03, 2017
+
+#### Changes
+
+- new [haraka-plugin-limit](https://github.com/haraka/haraka-plugin-limit) #1785
+  - replaces plugin/limit, plugin/rate_limit, and haraka-plugin-outbound-rate-limit
+- p0f: skip on private IPs (normally empty) #1758
+- spf: skip for outbound when context != myself #1763
+- redis: plugins using redis can inherit redis config #1777
+- redis: replace plugins/redis with haraka-plugin-redis #1786
+- lint: require space before function declaration #1784
+- lint: added eslint:recommended #1790
+- logger: remove logger.colorize code for legacy node versions
+
+#### New Features
+
+- redis: add `redis_subscribe_pattern()` #1766
+- queue/discard: add ENV that permits discarding #1791
+
+#### Improvements
+
+- rspamd: improve response parsing #1770
+- restore Windows testing to working state #1755
+- elasticsearch: use UTC dates for index creation #1771
+- tls: fix dhparam usage example syntax #1774
+- typo: logerr -> logerror #1776
+- when generating long DKIM keys, include a BIND compatible folded key #1775
+- in haraka-test-fixtures, access results via fixtures.results #1783
+- integration test: end to end server testing #1791
+
+#### Fixes
+
+- spf: restore functionality for relay context=myself #1759
+- rate_limit:if incr creates a new record, assure it has a TTL #1781
+- tls: do not create a top level secureContext #1787
+- dnswl: swap lines to fix missing inherited methods #1793
+- dnswl: fix config loader callback syntax #1794
+- tests/plugins: unset process.env.HARAKA to avoid side effects that interfere with other tests
+- remove auth_flat_file sample auth user #1796
+
+### 2.8.12 - Jan 03, 2017
+
+#### Changes
+
+- plugin/karma -> npm packaged haraka-plugin-karma #1747
+- update generic-pool 2.4.2 -> 2.5.0
+
+#### New Features
+
+- Added option to bypass SpamAssassin headers' merge #1745
+
+#### Improvements
+
+- reduce severity of debug message #1744
+- fix misleading entries in config/tls.ini #1734
+- Misc. performance improvements #1738
+- set tls.sessionIdContext property (for Thunderbird compat) #1740
+
+#### Fixes
+
+- Swap lines to avoid clobbering response array #1743
+
+### 2.8.11 - Nov 24, 2016
+
+#### Changes
+
+- rename core_require to haraka_require #1708
+- move log.syslog to haraka-plugin-syslog #1698
+- remove tls.ini loading and is_no_tls_host to net_utils #1690
+- replace ./utils with npm packaged haraka-utils #1720
+- require node 4
+- karma: add .top TLD scoring #1714
+
+#### New Features
+
+- Implement OCSP Stapling #1724
+
+#### Improvements
+
+- show help for npm packaged plugins included in core #1698
+- use tls.connect for client #1682
+- bring port 465 SMTPS TLS config support on par with STARTTLS #1667
+- use tls.connect instead of createSecurePair #1678
+- redis: improve error handling in tests #
+- replace / path seperators with path.* for cross platform compat #1713
+
+#### Fixes
+
+- dkim_sign: per-domain key finding fixed #1707
+- Rspamd: restore spam report header #1702
+- auth/vpopmail: do not toString() when null #1695
+- fix outbound to avoid recursive reading key/cert after refactoring #1692
+- tls: fix option servername (not hostname) #1728
+- correct Auth-Results cleaning #1726
+- fix results for connection.remote_host and NXDOMAIN #1716
+
+### 2.8.10 - Oct 20, 2016
+
+#### Changes
+
+- use standard npm syntax for lint and tests #1646
+- remove ./net_utils to haraka-net-utils #1644
+- remove incorrect and unused spf.hello_host #1635
+- remove rogue DENYSOFT copy-pasta error #1634
+- update async to v2 #1545
+- remove plugin/dir support from base haraka #1668
+  - use node_modules_dir support instead
+- use TLSSocket instead of createSecurePair #1672
+- refactor plugins/tls #1670
+- moved watch plugin to npm as haraka-plugin-watch #1657
+- normalize proxy properties #1650
+
+#### New Features
+
+- added connection.remote.is_private boolean #1648
+- added additional TLS options (@typingArtist) #1651
+- added wildcard boolean support to config loader #1680
+- tls: allow multiple key and cert parameters for RSA+ECDSA #1663
+- permit specifying haraka plugins w/o haraka-plugin- prefix #1645
+  - in config/plugins and resultstore
+
+#### Improvements
+
+- connection.geoip replaced by haraka-plugin-geoip #1645
+- connection.asn replaced by haraka-plugin-asn #1645
+- permit specifying npm packaged plugins w/o haraka-plugin prefix #1647
+- normalized connection properties #1547, #1577
+- Rspamd: fix spambar for negative scores #1630
+- set connection.remote.is_private early
+  - replace calls to net_utils with remote.is_private test
+
+#### Fixes
+
+- Tidy-up graceful shutdown and fix for non-cluster mode #1639
+- Fix data.headers plugin crash #1641
+- Fix access plugin crash #1640
+- Minor DKIM fix #1642
+- do not set TLS timer if timeout=0 #1632
+- do not overwrite config/host_list on install #1637
+- correct smtp_forward cfg for multiple rcpts #1680
+- fix TLS timeout errors #1665
+
+### 2.8.9 - Oct 02, 2016
+
+#### New Features
+
+- Support outbound.pool_timeout of 0 to effectively disable pooling. #1561
+- Added never_add_headers option to rspamd plugin. #1562
+- rcpt_to.routes URI format w/ LMTP support #1568
+
+#### Improvements
+
+- The delay_deny plugin now has a whitelist mode (vs blacklist). #1564
+- Don't show the private key in logs for dkim_sign. #1565
+- update geoip for compat with newer ES (#1622)
+- drop node 0.10 testing / official support (#1621)
+- watch plugin displays UUIDs as URL (#1624)
+- Catch errors on header decode in rfc2231 #1599
+- Attachment plugin updates (#1606)
+- add outbound.ini pool_timeout example setting #1584
+
+#### Fixes
+
+- Fixed some small documentation issues. #1573, #1616, #1612
+- Fixed AUTH PLAIN when it spreads over two lines. #1550
+- Fixed dkim_verify calling next() too soon. #1566
+- Fixed bugs with outbound pools who shutdown before we QUIT. #1561, #1572
+- outbound issues #1615, #1603
+- Fixed adding/removing headers in rspamd plugin. #1562
+- Fixed process_title not shutting down. #1560
+- fix a spurious error emitted by p0f (#1623)
+- fix header version hiding (#1617)
+- messagestream returns destination (#1610)
+- plugins.getdenyfn now passed 3rd params arg (#1591)
+- Fix scope of spf logdebug (#1598)
+- fix rabbitmq deliveryMode bug (#1594)
+- fix dkim_sign TypeError with null mail_from.host (#1592)
+- fix dkim_sign attempting to lower an undefined (#1587)
+
+### 2.8.8 - Jul 20, 2016
+
+#### Changes
+
+- removed UPGRADE.doc to [wiki](https://github.com/haraka/Haraka/wiki/Upgrade-Haraka)
+
+#### Improvements
+
+- support + wildcard in aliases plugin #1531
+- Support dkim_sign with outbound.send_email() #1512
+- spf: always check remote IP, then public IP if != pass #1528
+- spf: diplay IP used for SPF eval #1528
+
+#### Fixes
+
+- handle missing wss section in http.ini #1542
+- fix leak on socket write error #1541
+- add results property to outbound transaction #1535
+- don't unref unref'd wss server #1521
+
+### 2.8.7 - Jun 18, 2016
+
+#### Changes
+
+- Fix geoip test
+
+#### Improvements
+
+- Allow alias plugin to explode to a list of aliases
+- Support IPv6 literals in HELO tests (#1507 thanks @gramakri)
+- Make ldap plugin use the modified address if a rcpt hook
+  changes it (#1501 thanks @darkpixel)
+
+#### Fixes
+
+- Fix loading plugins as npm modules (#1513)
+- More DKIM fixes (#1506 thanks @zllovesuki)
+- Fix the long failing host-pool-timer test (#1508)
+- Fix clean shutdown of redis with new shutdown code
+  (#1504 and #1502 thanks @darkpixel)
+- More fixes to clean shutdown (#1503)
+
+### 2.8.6 - Jun 06, 2016
+
+#### Fixes
+
+- Fix loading under Node v4 which sends a blank message
+- Fix quit (SIGINT) when running without nodes=
+
+### 2.8.5 - Jun 04, 2016
+
+#### Changes
+
+- The connection object is now passed to `get_plain_passwd`. Older modules should continue to work as-is.
+- The reseed_rng plugin now just uses the Crypto module from core. Though it seems this plugin should be irrelevant with newer versions of node.js
+
+#### New Features
+
+- Outbound mail now uses pooled connections, only sending a `QUIT` message if the connection has been idle for a while.
+
+#### Improvements
+
+- Shut down and reload (via `haraka -c <path> --graceful`) is now graceful - allowing current connections to finish and plugins to clean up before ending.
+
+#### Fixes
+
+- Bind maxmind version to ignore API change (#1492)
+- Fix encodings when banners are used (#1477)
+- Various DKIM fixes (#1495)
+
+### 2.8.4 - May 24, 2016
+
+#### Fixes
+
+- Fix plugin loading override when installed (#1471)
+
+### 2.8.3 - May 18, 2016
+
+#### Fixes
+
+- Fix config overriding for core modules (#1468)
+
+### 2.8.2 - May 17, 2016
+
+#### Changes
+
+- Added Node v6 to travis tests
+
+#### New Features
+
+- Added bin/haraka --qunstick <domain> to flush all mails
+    for that domain (#1460)
+
+#### Improvements
+
+- Make bin/haraka --qlist show much more information (#1452)
+- Allow CIDR ranges in no_tls_hosts (#1450)
+
+#### Fixes
+
+- 2.8.0 was shipped with a broken config/plugins. (#1453)
+- Stop haraka dying when ldap connections fail (#1456)
+- Pick up domain specific config correctly in ldap (#1456)
+
+### 2.8.0 - May 06, 2016
+
+#### Changes
+
+- updated dependency versions (#1426, #1425)
+- use utf8 encoding for body filters (#1429)
+- remove spameatingmonkey from tests (#1421)
+- replace ./constants.js with haraka-constants (#1353)
+- Document HMail and TODO items (#1343)
+- Copy only a minimal config/* by default (#1341).
+- cfreader/* removed to haraka/haraka-config (#1350)
+- outbound and smtp_client honor tls.ini settings (#1350)
+- outbound TLS defaults to enabled
+- lint: remove all unused variables (#1358)
+- replace ./address.js with address-rfc2181 (#1359)
+
+#### New Features
+
+- smtp_forward: accepts a list of backend hosts, thanks @kgeoss (#1333)
+- config: add array[] syntax to INI files (#1345)
+- plugins.js: support require('./config') in plugins
+- Load plugin config from own folder and merge (#1335)
+- Allow original email's Subject to be included in bounce message (#1337)
+- new queue/smtp_bridge plugin, thanks @jesucarr (#1351)
+
+#### Improvements
+
+- early_talker: supports IP whitelisting (#1423)
+- loading plugins as packages (#1278)
+- removed TLD stuff to haraka/haraka-tld (#1301)
+- removed unused 'require('redis') in plugins/karma (#1348)
+- improved MIME header support per rfc2231 (#1344)
+- tls options can be defined for outbound and smtp_* (#1357)
+- explicitly disable SSLv2 (#1395)
+- cache STUN results
+- xclient plugin improvements (#1405)
+- tls: Set verify=NO correctly when no certificate presented (#1400)
+- improved message header decoding (#1403, #1406)
+- bounce: skip single_recipient check for relays/private_ips (#1385)
+- rspamd docs: Clarify usage of check.private_ip (#1383)
+- if rcpt_to returns DSN in msg, log it properly (#1375)
+
+#### Fixes
+
+- fix out-of-range errors from banner insertion (#1334)
+- dkim_verify: Call next only after message_stream ended (#1330)
+- outbound: remove type check from pid match (#1322)
+- lint: enable no-shadown and remove all shadow variables (#1349)
+- spf: fix log_debug syntax (#1416)
+- auto_proxy: fix a starttls loop (#1392)
+- fcrdns: corrected err variable name (#1391)
+- rspamd: Fix undefined variable (#1396)
+- dkim_verify: Fix header handling (#1371)
+- smtp_client: fix remote_ip (#1362)
+
+### 2.7.3 - Feb 04, 2016
+
+#### Changes
+
+- smtp_proxy & qmail-queue: default to enabled for outbound deliveries (previously used Outbound), to better matches user expectations.
+
+#### New Features
+
+- outbound: allow passing notes to send_email (#1295)
+
+#### Improvements
+
+- logging: emit log message queue before shutting down (#1296)
+- result_store: permit redis pub/sub to work when host != localhost (#1277)
+- tests: quiet the extremely verbose messages (#1282)
+- rspamd: add timeout error handling (#1276)
+- watch: fix display of early_talker results (#1281)
+- spamassassin: publish results to result_store (#1280)
+- karma: can now connect to redis on hosts other than localhost (#1275)
+- geoip & p0f: don't log empty/null values from RFC 1918 connects (#1267)
+- redis: make plugin params match docs (#1273)
+- mailbody: small refactoring (#1315)
+- smtp_proxy & qmail-queue: default to enabled for outbound (#1308)
+
+#### Fixes
+
+- redis: use correct path for db.select (#1273)
+- count errors correctly (#1274)
+- logger: ignore null arguments (#1299)
+- connection: pause for hook_reset_transaction (#1303)
+- rcpt_to.routes: update redis usage for compat with redis plugin (#1302)
+- smtp_forward: use correct config path to auth settings (#1327)
+- messagestream: correctly pass options parameter to get_data (#1316)
+- spf: honour configuration for mfrom scope (#1322)
+- outbound: Add missing dash to 'Final-Recipient' header name (#1320)
+
+### 2.7.2 - Dec 15, 2015
+
+#### Fixes
+
+- Revert a change that broke plugin loading
+
+### 2.7.1 - Dec 14, 2015
+
+#### New Features
+
+- added debian init.d file (#1255) @slattery
+
+#### Improvements
+
+- smtp_forward auth settings now work (#430)
+- better handling of broken messages (#1234)
+- Docker: use latest Phusion image && stdout (#1238, #1239)
+- Clean up plugin loading a tiny bit (#1242)
+- make dkim keydir case insensitive (1251)
+- ignore DNS errors that aren't errors (#1247)
+- outbound doc updates (#1258) @Currerius
+- outbound: return DENYSOFT on queue error (#1264)
+- smtp_client: if enable_tls is set and TLS files missing, warn (#1266)
+
+#### Fixes
+
+- Don't sent empty headers to rspamd (#1230)
+- Fix auth_base.js key need to be a string - number.toString() (#1228)
+- fix bug with empty charset= on mime parts … (#1225)
+- Fix "passwd" check crash with numeric password. (#1254)
+- result_store: show arrays when not empty (#1261)
+
+### 2.7.0 - Oct 07, 2015
+
+#### New Features
+
+- SPF bounce check
+- rspamd plugin (@fatalbanana)
+- watch plugin
+- limit plugin (connection concurrency, errors, unrecognized commands)
+- plugins can now be npm packages (see also #946)
+- built-in HTTP server (Express backed)
+- ESETS AV plugin
+- DCC plugin (incomplete)
+- Add LOGIN support to XCLIENT
+- backscatterer plugin
+- full IPv4 & IPv6 compatibility inbound #1120, #1123, #1154 (@Dexus)
+- Early talker #1075 (@smfreegard, @msimerson)
+- permit loading of plugins in node_modules #1056 (@msimerson)
+
+#### Improvements
+
+- Fix anti_spoof by use config #1171
+- Add license clause #1170
+- package.json dependencies and travis update #1147, #1168 (@Dexus)
+- logging: remove node-syslog and strong-fork-syslog with modern-syslog #1145 (@Dexus)
+- aliases: support for email, user and host aliases #1149 (@Dexus)
+- add docs for use private key with TLS #1130 (@Dexus)
+- outbound: ENOENT on dotfile - compatibility for windows #1129 (@Dexus)
+- plugin/attachment: block more attachment file types #1191 (@Dexus)
+- remove double functions #1126 (@Dexus)
+- Outbound Bounce messages according to RFC3464 #1189 (@hatsebutz)
+- toobusy: only run checks if toobusy.js installed and loads
+- HAProxy: set local_ip, local_port and remote_port
+- save auth pass/fail/user to result_store
+- ini files no longer require values (useful for storing lists)
+- connection: add MAIL and RCPT to results
+- results_store: enable 'emit' feature for .push()
+- add support for custom Outbound Received header value (@zombified)
+- save smtp_forward result to result_store
+- auth_base: permit a return message (@DarkSorrow)
+- add DSN.create() and RFC 4954 support
+- enhanced pipelining support
+- added config/access.domains with some tips (@EyePulp)
+- Add SSL detection over plain-text socket
+- earlytalker: store results
+- bounce: make it safe to check non_local_msgid
+- AVG: store results, added defer options
+- tls: change createCredentials to tls.createSecureContext (@DarkSorrow)
+- update dependency versions (esp async 0.2.9 -> 1.0.0)
+- ASN docs: add FTP download note for routeviews
+- karma: removed concurrency limits (see limit plugin) and penalty feature
+- added utils.elapsed()
+- deny message includes hostname
+- Add Fisher-Yates shuffle to randomize lookup order in data.uribl
+- change default message size limit to 25mb
+- auth_base: save auth results
+- upgrade toobusy plugin to toobusy-js (@alexkavon)
+- configfile: permit / char in ini keys
+- added utils.node_min()
+- added result_store.get_all()
+- updated ubuntu upstart script
+- plugin/rate_limit: return in no custom default is set 0 = unlimited #1186, #1185
+- Outbound.send_email: added dot-stuffing #1176, #1165 (@hatsebutz)
+- make sure server object is availabe to plugins loaded from node_modules #1162 (@bmonty)
+- Net_utils.get_ips_by_host #1160 (@msimerson)
+- fcrdns: don't log error for ENODATA #1140 (@msimerson)
+- improve MUA detection #1137 (@msimerson)
+- tls: tmp disable for hosts that fail STARTTLS #1136 (@msimerson)
+- karma: skip deny on outbound hooks #1100 (@msimerson)
+- Store HAProxy IP in connection object #1097 (@smfreegard)
+- Remove UUID from queued message #1092 (@smfreegard)
+
+#### Fixes
+
+- fix windows build and test failures #1076 (@msimerson)
+- Fix plugin ordering #1081 (@smfreegard)
+- Fix distance reporting to X-Haraka-GeoIP for geoip-lite #1086 (@smfreegard)
+- uribl: prevent calling next() more than 1x #1138 (@msimerson)
+- Fix so constants are imported when plugin is loaded from node_modules. #1133 (@bmonty)
+- Include STMP-code in bounce-reason string for upstream 5XX responses #1117 (@hatsebutz)
+- TLS fixes: add timed_out flag and karma should not run deny hook on it. #1109 (@smfreegard)
+- Fix port to number instead of string for HAProxy #1108 (@DarkSorrow)
+- Plugin dcc: fixed syntax error #1164 (@hatsebutz)
+- config: fix flat files if \r\n lines #1187 (@Dexus)
+- corrected hook_rcpt log code hook_rcpt_ok returns CONT
+- fix crash bug when loglevel = LOGDEBUG
+- corrected pathname in rcpt.ldap plugin (@abhas)
+- added helo.checks boolean for proto_mismatch
+- make rate_limit redis keys always expire @celesteking
+- dkim_sign: Buffer.concat expects an array of buffers
+- transaction: check discard_data before adding line end (@DarkSorrow)
+- fix 8-bit msg not displayed properly in gmail
+- fcrdns: always init results
+- TLS timer on error
+- dkim_verify: fixed timeout issue
+- smtp\_[proxy|forward]: correct authentication example
+- Fork child workers after init_master hook
+- connection: return 450/550 for plugin DENY* (was 452/552)
+- spamassassin: don't call next() when transaction gone
+- outbound: fix crash when sending bounce mail
+- auth_base: fix bad protocol in auth_base.js #1121 (@Dexus)
+- outbound: Fix HELO/rDNS issue while using multiple outbound ip #1128 (@Dexus)
+- connection: Fix bug when client disconnect after sending data #1193
+- Fix connect.geoip bug #1144 (@smfreegard)
+- Fix tiny bug in messagesniffer #1198 (@smfreegard)
+
+### 2.6.1 - Mar 27, 2015
+
+- added sedation timers for config file re-reading
+- Add AUTH support to outbound
+- tests/spf: quiet excessive DEBUG noise
+- allow domains with underscore
+- correct name of domains config file in access
+- Fix SMTP AUTH in smtp_forward/proxy and add docs
+- Fix opts not being passed to HMailItem \_bounce function
+- log.syslog will try strong-fork-syslog (for node 0.12 compat)
+- improvements to Plugin docs
+- rename net_utils.is_rfc1918 -> is_private_ip
+  - IPv6 compat
+  - test coverage
+  - add IPv6 unique local fc00::/7
+- pre-populated config/plugins
+- added utils.extend, copies props onto objects
+
+### 2.6.0 - Feb 21, 2015
+
+- other bug fixes
+- updated a few tests so test suite passes on Windows
+- log.syslog: handle failure to load node-syslog
+- plugin directory is $ENV definable (@martin1yness)
+- logging timestamps were static, fixed by @cloudbuy
+- queue/rabbitmq_amqplib, new plugin for RabbitMQ using amqplib (@esevece)
+- outbound:
+  - plugins can set the outbound IP (during get_mx)
+  - only replace line endings if not \r\n
+  - bannering fixes
+  - added support for per recipient routes
+- tls: don't register hooks upless certs exist
+- removed contrib/geolite-mirror-simple.pl (replaced by
   docs update pointing to maxmind-geolite-mirror)
-* rcpt.routes: new plugin by @msimerson
-* make haproxy IPv6 compatible
-* record_envelope_addresses: new plugin by @deburau
-* prevent_credential_leaks: new plugin by @smfreegard
-* config:
-    * configfile: added .yaml support
-    * improved config file 'watch' logic
-    * Allow hyphens in params in config files (@abhas)
-    * cached requests include options in cache key name
-* asn: updates for node 0.11 compat
-* dnsbl: use aysync.each vs forEach (avoid race condition)
-* spamassassin: improved config loading and test coverage
-* geoip: deprecate geoip-lite in favor of maxmind, IPv6 compatible
-* disable SSLv3 (due to POODLE)
-* dkim & spf, updates for node 0.11 compatibiilty
-* karma: move neighbor scoring from code to karma.ini
-    * move excludes list to karma.ini
-    * apply awards before adding message header & permit rejection at queue
-    * karma.ini: score updates for access & uribl plugins
-    * score denials issued by skipped plugins
-    * add scores for specific DNSBLs
-* add transaction body filters (@chazomaticus)
-    * change bannering to use them
-* helo.checks: fix timeout bug
-    * match_re now validates and pre-compiles all REs
-    * Add new proto_mismatch check
-* p0f: add register(), load config once, early
-* server: improved config handling
-* data.headers: add Delivered-To check
-* rcpt_to.ldap: new plugin by @abhas
-* smtp_client: only load tls_* when cfg.enable_tls
-* added plugins/host_list_base
-* Platform independent temp dir (thanks @martinvd)
-* move deprecated docs into docs/deprecated
-* Switch to Phusion baseimage instead of stock Ubuntu (thanks @Synchro)
-* dkim_verify: new plugin by @smfreegard
-* many new tests
-* improved URI parser (for URIBL plugin)
-* Allow mixed case STARTTLS command
-* Install Node via package manager (Mohd Rozi)
-* Fix a couple crit errors (@Illirgway)
-* Add noisy/bulk out-of-band rule support to MessaageSniffer plugin
-* initial support for rabbitmq plugin (@samuelharden)
-* bounce, added non_local_msgid checks and much faster lookups
-* vpopmail: fail faster during a CRAM-MD5 auth attempt with an invalid user
-* fcrdns: handle a null hostname
-* Improve HAProxy support code and documentation
-* tls: reworked for efficiency and linear style
-* access: test hostname validity before PSL lookup
-    * load lists into objects (vs arrays), for much faster runtime access
-* host_list: huge performance increase, esp for many hosts
-
-## 2.5.0 - May 24, 2014
-
-* added automated build testing via Travis-CI.org
-* fixed dkim_sign crash issue #560
-* geoip can discover external IP via net_utils.get_public_ip
-* geoip: skip private IPs
-* qmd: when relaying, validate MAIL FROM against QMD, add per-domain
+- rcpt.routes: new plugin by @msimerson
+- make haproxy IPv6 compatible
+- record_envelope_addresses: new plugin by @deburau
+- prevent_credential_leaks: new plugin by @smfreegard
+- config:
+  - configfile: added .yaml support
+  - improved config file 'watch' logic
+  - Allow hyphens in params in config files (@abhas)
+  - cached requests include options in cache key name
+- asn: updates for node 0.11 compat
+- dnsbl: use aysync.each vs forEach (avoid race condition)
+- spamassassin: improved config loading and test coverage
+- geoip: deprecate geoip-lite in favor of maxmind, IPv6 compatible
+- disable SSLv3 (due to POODLE)
+- dkim & spf, updates for node 0.11 compatibiilty
+- karma: move neighbor scoring from code to karma.ini
+  - move excludes list to karma.ini
+  - apply awards before adding message header & permit rejection at queue
+  - karma.ini: score updates for access & uribl plugins
+  - score denials issued by skipped plugins
+  - add scores for specific DNSBLs
+- add transaction body filters (@chazomaticus)
+  - change bannering to use them
+- helo.checks: fix timeout bug
+  - match_re now validates and pre-compiles all REs
+  - Add new proto_mismatch check
+- p0f: add register(), load config once, early
+- server: improved config handling
+- data.headers: add Delivered-To check
+- rcpt_to.ldap: new plugin by @abhas
+- smtp*client: only load tls*- when cfg.enable_tls
+- added plugins/host_list_base
+- Platform independent temp dir (thanks @martinvd)
+- move deprecated docs into docs/deprecated
+- Switch to Phusion baseimage instead of stock Ubuntu (thanks @Synchro)
+- dkim_verify: new plugin by @smfreegard
+- many new tests
+- improved URI parser (for URIBL plugin)
+- Allow mixed case STARTTLS command
+- Install Node via package manager (Mohd Rozi)
+- Fix a couple crit errors (@Illirgway)
+- Add noisy/bulk out-of-band rule support to MessaageSniffer plugin
+- initial support for rabbitmq plugin (@samuelharden)
+- bounce, added non_local_msgid checks and much faster lookups
+- vpopmail: fail faster during a CRAM-MD5 auth attempt with an invalid user
+- fcrdns: handle a null hostname
+- Improve HAProxy support code and documentation
+- tls: reworked for efficiency and linear style
+- access: test hostname validity before PSL lookup
+  - load lists into objects (vs arrays), for much faster runtime access
+- host_list: huge performance increase, esp for many hosts
+
+### 2.5.0 - May 24, 2014
+
+- added automated build testing via Travis-CI.org
+- fixed dkim_sign crash issue #560
+- geoip can discover external IP via net_utils.get_public_ip
+- geoip: skip private IPs
+- qmd: when relaying, validate MAIL FROM against QMD, add per-domain
   configurations, added reject option, added tests and bug fixes.
-* net_utils: added is_ipv4_literal, is_public_suffix, get_public_ip, added
+- net_utils: added is_ipv4_literal, is_public_suffix, get_public_ip, added
   tests, shed some CamelCase.
-* asn: looksup up ASN of connection, uses 3 providers, tests providers, saves
+- asn: looksup up ASN of connection, uses 3 providers, tests providers, saves
   results, optionally adds headers. Includes tests.
-* access: new plugin that merges rdns_access, mail_from.access, and
+- access: new plugin that merges rdns_access, mail_from.access, and
   rcpt_to.access.
-* fcrdns: new plugin (Forward Confirmed Reverse DNS)
-* bounce: new plugin (merges
-* data.headers: new plugin added direct_to_mx, check & reject settings, added MLM detection,
+- fcrdns: new plugin (Forward Confirmed Reverse DNS)
+- bounce: new plugin (merges
+- data.headers: new plugin added direct_to_mx, check & reject settings, added MLM detection,
   tests.
-* helo.checks: refactored, better config handling, new tests (match_rdns,
+- helo.checks: refactored, better config handling, new tests (match_rdns,
   mismatch, results), reject option.
-* results_store: store processing results in data structures (vs notes)
-* spf: refactored, added outbound checks when relaying, added 15 tests,
-* dnsbl: return errors as Error objects, reduce list to unique zones, added
+- results_store: store processing results in data structures (vs notes)
+- spf: refactored, added outbound checks when relaying, added 15 tests,
+- dnsbl: return errors as Error objects, reduce list to unique zones, added
   tests, added search=multi option, handle ENOTFOUND error, added reject=false option.
-* dns_list_base: bug fixes (race condition, returning invalid results)
-* bounce: refactored, each check has enable and reject switches, added tests,
+- dns_list_base: bug fixes (race condition, returning invalid results)
+- bounce: refactored, each check has enable and reject switches, added tests,
   added bad_bounce_to
-* clamav: add virus name to results, better config parsing, typo fixes
-* uribl:
-* mf_resolvable:
-* tls: add link to wiki article on TLS setup
-* relay_acl: fix issue #428, refactored, don't crash when relay_dest_domains.ini
+- clamav: add virus name to results, better config parsing, typo fixes
+- uribl:
+- mf_resolvable:
+- tls: add link to wiki article on TLS setup
+- relay_acl: fix issue #428, refactored, don't crash when relay_dest_domains.ini
   missing, added tests
-* fix mx mechanism when no records are returned
-* vpopmaild: added per-domain feature
-* karma: added whitelist award, pass through temp (DENYSOFT) errors, made
+- fix mx mechanism when no records are returned
+- vpopmaild: added per-domain feature
+- karma: added whitelist award, pass through temp (DENYSOFT) errors, made
   tarpit variable, configurable reject hooks, doc rewrite, ASN awards, fix penalty days calculation, new DSL for karma awards,
-* bannering fixes
-* added log\* stubs to test/fixtures/[plugin|connection]
-* tests/fixtures/stub_plugin: set name property
-* config: corrected handling of config.arg gets, fix caching bug, fix boolean
+- bannering fixes
+- added log* stubs to test/fixtures/[plugin|connection]
+- tests/fixtures/stub_plugin: set name property
+- config: corrected handling of config.arg gets, fix caching bug, fix boolean
   handling, added missing 'type' handling.
-* Adding the option of using CIDR ranges in the haproxy_hosts file
-* tarpit: added config option hooks_to_delay, added docs
-* contrib/haraka.bsd.rc: startup file for \*BSD
-* Store attachment headers on stream
-* Record accepted domains at hook_rcpt and improve queue/lmtp
-* return after next() in the whitelist checks
-* Add new -o option to bin/haraka
-
-## 2.4.0 - Feb 12, 2014
-
-* Trim whitespace when reading "list" type config files (such as config/plugins)
-* Added LMTP via queue/lmtp plugin
-* Fixed bug in outbound when temp failing some of the recipients that would prevent delivery working to those recipients for future delivery attempts
-* Add additional details/parameters to delivered hook for outbound mail
-* Removed the hmail.bounce_extra object as that information now stored with the rcpt_to list
-* Store the RCPT TO rejection reason on the address object
-
-
-## 2.3.0 - Feb 07, 2014
-
-* Fix memory leak when watching config files for changes
-* Support for badly formatted MAIL FROM/RCPT TO lines
-* Fix a memory corruption when fixing line endings
-* Fix breakpoints in plugins when using node inspector
-* Reload config in relay_force_routing without restart
-* Don't re-attempt TLS upgrade if upgraded already and STARTTLS is re-advertised
-* Improved outbound logging
-* Pass failed recipients to bounce hook in outbound processing
-* Added startup checks to ensure Haraka has been installed correctly
-* Handle case of Haraka server running out of disk space better
-* In mail_from.is_resolvable: move re_bogus_ip into config
-* Added auth/auth_vpopmaild plugin - SMTP AUTH against a vpopmaild server
-* Fixed graph plugin to work with sqlite3
-* Added rcpt_to.qmail_deliverable plugin - Authenticate inbound RCPT TOs against Qmail::Deliverable daemon
-* Added data.headers plugin which merges header checks into one place.
+- Adding the option of using CIDR ranges in the haproxy_hosts file
+- tarpit: added config option hooks_to_delay, added docs
+- contrib/haraka.bsd.rc: startup file for *BSD
+- Store attachment headers on stream
+- Record accepted domains at hook_rcpt and improve queue/lmtp
+- return after next() in the whitelist checks
+- Add new -o option to bin/haraka
+
+### 2.4.0 - Feb 12, 2014
+
+- Trim whitespace when reading "list" type config files (such as config/plugins)
+- Added LMTP via queue/lmtp plugin
+- Fixed bug in outbound when temp failing some of the recipients that would prevent delivery working to those recipients for future delivery attempts
+- Add additional details/parameters to delivered hook for outbound mail
+- Removed the hmail.bounce_extra object as that information now stored with the rcpt_to list
+- Store the RCPT TO rejection reason on the address object
+
+### 2.3.0 - Feb 07, 2014
+
+- Fix memory leak when watching config files for changes
+- Support for badly formatted MAIL FROM/RCPT TO lines
+- Fix a memory corruption when fixing line endings
+- Fix breakpoints in plugins when using node inspector
+- Reload config in relay_force_routing without restart
+- Don't re-attempt TLS upgrade if upgraded already and STARTTLS is re-advertised
+- Improved outbound logging
+- Pass failed recipients to bounce hook in outbound processing
+- Added startup checks to ensure Haraka has been installed correctly
+- Handle case of Haraka server running out of disk space better
+- In mail_from.is_resolvable: move re_bogus_ip into config
+- Added auth/auth_vpopmaild plugin - SMTP AUTH against a vpopmaild server
+- Fixed graph plugin to work with sqlite3
+- Added rcpt_to.qmail_deliverable plugin - Authenticate inbound RCPT TOs against Qmail::Deliverable daemon
+- Added data.headers plugin which merges header checks into one place.
   Deprecates data.noreceived, data.rfc5322_header_checks, and data.nomsgid.
-* Added documentation for logging system
-* Added DKIM per-domain signing support
-* Added p0f plugin
-* In relay_acl, if host is allowed by acl, don't deny the recipient because the domain isn't in the allow list
-* Add Authentication-Results header (RFC 5451) to all emails
-* Fixed writing the todo file in outbound for newer Node versions
-* Added Karma plugin to support penalizing consistently evil senders
-* Added GeoIP plugin including distance calculation from your mail server
-* Added bounce plugin for handling incoming bounce messages in various ways
-* Fix underscores in documentation so web version doesn't look so weird
-* By default prevent SMTP AUTH unless on a private IP or using TLS WARNING: May break some uses of Haraka, but is worth it for security
-* In lookup_rdns.strict, check whitelist before looking up IP
-* Big rewrite of the SpamAssassin plugin for simplicity and mainly to pass through X-Spam-* headers provided
-* Added delay_deny plugin allowing more flexibility on when to reject mail
-* Improvements to ini file parsing allowing floats and negative integers, and specifying boolean keys
-* Fix issue causing a CRIT/crash with lost transaction/connection while sending inbound to ongoing SMTP server
-* Allow setting of spamd_user for spamassassin plugin
-
-
-## 2.0.0 - Nov 28, 2012
-
-* Various fixes to SMTP AUTH code, including providing SMTP AUTH to inbound
+- Added documentation for logging system
+- Added DKIM per-domain signing support
+- Added p0f plugin
+- In relay_acl, if host is allowed by acl, don't deny the recipient because the domain isn't in the allow list
+- Add Authentication-Results header (RFC 5451) to all emails
+- Fixed writing the todo file in outbound for newer Node versions
+- Added Karma plugin to support penalizing consistently evil senders
+- Added GeoIP plugin including distance calculation from your mail server
+- Added bounce plugin for handling incoming bounce messages in various ways
+- Fix underscores in documentation so web version doesn't look so weird
+- By default prevent SMTP AUTH unless on a private IP or using TLS WARNING: May break some uses of Haraka, but is worth it for security
+- In lookup_rdns.strict, check whitelist before looking up IP
+- Big rewrite of the SpamAssassin plugin for simplicity and mainly to pass through X-Spam-* headers provided
+- Added delay_deny plugin allowing more flexibility on when to reject mail
+- Improvements to ini file parsing allowing floats and negative integers, and specifying boolean keys
+- Fix issue causing a CRIT/crash with lost transaction/connection while sending inbound to ongoing SMTP server
+- Allow setting of spamd_user for spamassassin plugin
+
+### 2.0.0 - Nov 28, 2012
+
+- Various fixes to SMTP AUTH code, including providing SMTP AUTH to inbound
   mail forwarders.
-* Updates to process_title plugin to show more details
-* Changed transaction.data_lines to a Stream (this will break all code which
+- Updates to process_title plugin to show more details
+- Changed transaction.data_lines to a Stream (this will break all code which
   uses transaction.data_lines currently - see the migration guide)
-* Changed attachments to be a Stream (this will break some code which uses
+- Changed attachments to be a Stream (this will break some code which uses
   transaction.attachment_hooks - see the migration guide)
-* Capture and log signals sent to Haraka
-* Various performance improvements
-* Fixed a memory leak in connection pool
-* Improvements to TLS compatibility
-* RFC compliance improvements with greeting, EHLO/HELO, QUIT, and dot stuffing
-* Throw exception with set_banner as it is now non-functional. Will be returned in a future version.
-* Small fixes to data.uribl
-
-## 1.4.0 -
+- Capture and log signals sent to Haraka
+- Various performance improvements
+- Fixed a memory leak in connection pool
+- Improvements to TLS compatibility
+- RFC compliance improvements with greeting, EHLO/HELO, QUIT, and dot stuffing
+- Throw exception with set_banner as it is now non-functional. Will be returned in a future version.
+- Small fixes to data.uribl
 
+### 1.4.0 -
 
 [3.0.0]: https://github.com/haraka/Haraka/releases/tag/3.0.0
-[3.0.1]: https://github.com/haraka/Haraka/releases/tag/3.0.1
-[3.0.2]: https://github.com/haraka/Haraka/releases/tag/3.0.2
-[3.0.3]: https://github.com/haraka/Haraka/releases/tag/3.0.3
+[3.0.1]: https://github.com/haraka/Haraka/releases/tag/v3.0.1
+[3.0.2]: https://github.com/haraka/Haraka/releases/tag/v3.0.2
+[3.0.3]: https://github.com/haraka/Haraka/releases/tag/v3.0.3
+[3.0.4]: https://github.com/haraka/Haraka/releases/tag/3.0.4