Releases: wneessen/go-mail
v0.6.0: S/MIME, Auto-discovery, Quicksend and more
Welcome to go-mail v0.6.0! This release brings some cool new features. We hope you enjoy!
S/MIME signing support
The PRs #298 and #406 add S/MIME signing support to go-mail. We support RSA and ECDSA keys for the time being. Two new methods have been added to the Msg
type: Msg.SignWithKeypair
which allows message signing by providing seperate crypto.PrivateKey
and x509.Certificate
parts and Msg.SignWithTLSCertificate
which allows to sign messages by providing a corresponding tls.Certificate
. Please keep in mind that this is a completely new feature and while we did thorough testing there might be some edge cases that haven't been checked so far. Feedback for this feature is welcome. If you run into issues, please open a Github issue accordingly. This feature has been contributed by @theexiile1305 and has been extended by myself. Big thanks a lot to @theexiile1305 for their contribution!
SMTP authentication auto-discovery
PRs #373 and #374 implement a new SMTP auth mechanism to automatically discover and select the strongest supported SMTP authentication type. This feature simplifies the authentication process for users and enhances security by prioritizing stronger mechanisms based on server capabilities.
Quicksend
PR #378 introduces the QuickSend
function for sending emails quickly with TLS and optional SMTP authentication. This feature is similar to the SendMail
method of the net/smtp
package, but makes use of all go-mail Client
and Msg
features, including error checking and validations. In essence this new method will create a new client that connects to the server at addr
, switches to TLS if possible, authenticates with the optional AuthData
provided in auth
and create a new simple Msg
with the provided subject
string and message
bytes as body. The message will be sent using from
as sender address and will be delivered to every address in rcpts
. QuickSend will always send as text/plain
ContentType. For the SMTP authentication, if auth
is not nil
and AuthData.Auth
is set to true
, it will try to autodiscover the best SMTP authentication mechanism supported by the server. If auth
is set to true
but autodiscover is not able to find a suitable authentication mechanism or if the authentication fails, the mail delivery will fail completely.
Support for io/fs.FS attachments/embeds
The PR #376 adds support for generic file systems that satisfy the fs.FS
interface. Since embed.FS
is such a file system, the embed.FS
has been refactored to make use of the more generic fs.FS
code. It also introduces two new methods Msg.AttachFromIOFS
and Msg.EmbedFromIOFS
.
More robust concurrency-/thread-safety
Goroutines are easy, but concurrency is hard, and since we added concurrency just with the latest release, some issues were to be expected. With #386 a concurrency issues was fixed when a user would use DialAndSend
or DialAndSendWithContext
in concurrent goroutines instead of using a single Client
and then just using Send
within the goroutines. With PR #386 the overall concurrency-safety is made more reliable.
Improved filename sanitization in MIME headers
PR #388 introduced proper filename sanitization for attachments and embedded files. It will repace invalid characters with underscore _
characters before encoding them. This prevents control (like new lines) and special characters like backslash or quotes from causing issues in MIME headers and file systems. As a side effect this prevents newline characters from introducing a potential vulnerability by using filenames with newlines characters in it. We also make sure that the Content-Description
header is properly encoded now.
Unix domain socket support
PR #408 adds support for connecting to unix domain sockets instead of a TCP connection. This can be easily established by prefixing the hostname with unix://
. This feature has been requested by the Forgejo project. Thanks to them for their input on this.
More test overhauling
Following the test suite overhaul of the 0.5.2 release, with #361 the test suite for the go-mail SMTP client has also been completely rewritten for better coverage as well.
What's Changed
- SMTP client tests overhaul by @wneessen in #361
- Fix spelling in some tests by @wneessen in #362
- Remove CC0-1.0 license by @wneessen in #363
- Expose error code in SendError by @wneessen in #368
- Enable gosec linter and add exclusion rules by @wneessen in #370
- Add SMTP authentication auto-discovery by @wneessen in #373
- Add support for SMTP auto-discovery authentication by @wneessen in #374
- Support attachments/embeds via io/fs.FS by @wneessen in #376
- Add QuickSend feature by @wneessen in #378
- Add mutex for concurrent send protection by @wneessen in #381
- Fix concurrency issue in DialAndSendWithContext by @wneessen in #386
- Remove unused opts parameter docstring by @wneessen in #387
- Improve filename sanitization in MIME headers by @wneessen in #388
- Support of S/MIME Signing by @theexiile1305 in #298
- Refactor and extend S/MIME signing support by @wneessen in #406
- Unix domain socket support by @wneessen in #408
- Prepare 0.6.0 release by @wneessen in #409
CI/CD maintenance changes
- Bump golang.org/x/crypto from 0.28.0 to 0.29.0 by @dependabot in #358
- Bump sonarsource/sonarqube-scan-action from 3.0.0 to 3.1.0 by @dependabot in #359
- Bump github/codeql-action from 3.27.0 to 3.27.1 by @dependabot in #360
- Bump github/codeql-action from 3.27.1 to 3.27.2 by @dependabot in #364
- Bump github/codeql-action from 3.27.2 to 3.27.3 by @dependabot in #367
- Bump sonarsource/sonarqube-scan-action from 3.1.0 to 4.0.0 by @dependabot in #366
- Bump fsfe/reuse-action from 4.0.0 to 5.0.0 by @dependabot in #369
- Bump github/codeql-action from 3.27.3 to 3.27.4 by @dependabot in #372
- Bump codecov/codecov-action from 4.6.0 to 5.0.1 by @dependabot in #371
- Bump codecov/codecov-action from 5.0.1 to 5.0.2 by @dependabot in #375
- Bump step-security/harden-runner from 2.10.1 to 2.10.2 by @dependabot in #377
- Bump codecov/codecov-action from 5.0.2 to 5.0.4 by @dependabot in #379
- Bump actions/dependency-review-action from 4.4.0 to 4.5.0 by @dependabot in #382
- Bump codecov/codecov-action from 5.0.4 to 5.0.7 by @dependabot in #383
- Bump github/codeql-action from 3.27.4 to 3.27.5 by @dependabot in #384
- [StepSecurity] ci: Harden GitHub Actions by @step-security-bot in #391
- Bump sonarsource/sonarqube-scan-action from 4.0.0 to 4.1.0 by @dependabot in #393
- Bump github/codeql-action from 3.27.5 to 3.27.6 by @dependabot in #394
- Bump golang.org/x/text from 0.20.0 to 0.21.0 by @dependabot in #396
- Bump golang.org/x/crypto from 0.29.0 to 0.30.0 by @dependabot in #395
- Bump codecov/codecov-action from 5.0.7 to 5.1.1 by @dependabot in #397
- Bump github/codeql-action from 3.27.6 to 3.27.7 by @dependabot in #399
- Bump actions/setup-go from 5.1.0 to 5.2.0 by @dependabot in #398
- Bump golang.org/x/crypto from 0.30.0 to 0.31.0 by @dependabot in #400
- Bump github/codeql-action from 3.27.7 to 3.27.9 by @dependabot in #401
- Bump sonarsource/sonarqube-scan-action from 4.1.0 to 4.2.1 by @dependabot in #402
- Bump actions/upload-artifact from 4.4.3 to 4.5.0 by @dependabot in #403
- Bump golang.org/x/crypto from 0.31.0 to 0.32.0 by @dependabot in #405
New Contributors
- @theexiile1305 made their first contribution in #298
Full Changelog: v0.5.2...v0.6.0
v0.5.2: Better tests, minor bug fixes, unencrypted auth methods and fig-support.
Welcome to go-mail v0.5.2! This release is mainly a maintenance release.
fig.StringUnmarshaler support for SMTPAuthType
With #341 we introduce support for the fig.StringUnmarshaler
interface for SMTPAuthType
. This allows users of fig to reference the mail.SMTPAuthType
directly in their fig config.
Allow unencrypted PLAIN and LOGIN smtp authentication
The PR #344 introduced two new SMTPAuthType
types: SMTPAuthPlainNoEnc
and SMTPAuthLoginNoEnc
. Both allow PLAIN and LOGIN authentication over unencrypted connections. This can be useful if the connection has already been secured in a different way (e. g. a SSH tunnel).
Overhaul of the test suite and GH workflow
The PRs #348, #349 and #352 are a full overhaul of the go-mail test suite. Almost all tests have been rewritten to better coverage, visibility and maintainability. We've now covered +92% of all code. The Github workflow was also improved and is now less error prone.
During the tests rewrite a couple of minor bugs were found and fixed on the way:
- Add error check for nil SMTP authentication method 1c8b290
- Add error handling for nil DialContextFunc 35f92f2
- Set fallbackPort to 0 in SetTLSPortPolicy 3efd2b5
- Move delivery status update after writer close check 42c6379
- Remove redundant connection check in auth function 5e3ebcc
- Remove redundant connection check in send function 45ebcb9
- Add nil check for smtpClient in checkConn function 4a8ac76
- Refactor error handling in eml parser 769783f
- Initialize address header map and enforce single 'From' address 08fe44c
- Fix ToFromString to handle and trim empty addresses c99b6c3
- Refine CcFromString to handle spaces and empty addresses 855d7f0
- Improve BccFromString to handle spaces and empty addresses f079ea0
- Refactor SetDate to use SetDateWithValue ae15a12
- Initialize genHeader in RequestMDNTo method 4f97cd8
- Refactor RequestMDNAddTo 4fe9022
- Follow upstream for HELO during Quit bug 8353b4b - The reported upstream bug was caused by this PR. See: golang/go#70011
What's Changed
- Fix spelling errors by @wneessen in #340
- Add fig.StringUnmarshaler support for SMTPAuthType by @wneessen in #341
- Allow unencrypted PLAIN and LOGIN smtp authentication by @wneessen in #344
- Overhaul test suite and GH CI workflow by @wneessen in #348
- Add base-ref and head-ref to Dependency Review action by @wneessen in #349
- More test improvements by @wneessen in #352
- Fix(close): Access to nil variable causes panic by @sonalys in #353
- Add test for closing a nil smtpclient by @wneessen in #354
CI/CD maintenance changes
- Bump actions/dependency-review-action from 4.3.4 to 4.3.5 by @dependabot in #343
- Bump github/codeql-action from 3.26.13 to 3.27.0 by @dependabot in #345
- Bump actions/setup-go from 5.0.2 to 5.1.0 by @dependabot in #346
- Bump sonarsource/sonarqube-quality-gate-action from dc2f7b0dd95544cd550de3028f89193576e958b9 to 8406f4f1edaffef38e9fb9c53eb292fc1d7684fa by @dependabot in #351
- Bump actions/dependency-review-action from 4.3.5 to 4.4.0 by @dependabot in #350
New Contributors
Full Changelog: v0.5.1...v0.5.2
v0.5.1: SMTP auth fixes and logging optimizations
Welcome to go-mail v0.5.1! This release brings a bug fix and some optimizations around logging.
Regression fix for SMTP authentication
With v0.5.0 we unintentionally introduced a regression for the SMTP authentication part of go-mail - at least for some edge cases. As reported in #332, in case the user did not provide an explicit SMTP authentication option, the Client
would fail with an "server does not support SMTP AUTH" error. The quick work-around was setting SMTP Auth to "Custom" as pointed out in #328. While it improved the security of the package, as it would not skip authentication if none was given, it was breaking in some edge cases and the "Custom" auth type was not meant to be the default.
We now changed the SMTPAuthNoAuth
from an empty string to "NOAUTH". This value is set as default for the Client
in NewClient
. This way we always have a fixed assignment and an empty string would not skip authentication. The auth()
method has been updated to either assign the smtp.Auth
function if SMTPAuthType
is not set to "NOAUTH" or skip the part there is already an auth function set (this would only happen when SetSMTPAuthCustom
or WithSMTPAuthCustom
were used).
If SMTPAuthType
is set to an empty string, the authentication assignment would fail as it is a not supported mechanism, therefore making sure that the client wouldn't accidentaly skip the authentication at all.
We are sorry if this broke your code with the v0.5.0 release. Thanks to @james-d-elliott and @ugexe for reporting this and for testing the fix.
SMTP authentication data logging
go-mail claims to ship with sane defaults. While this is true, there was one aspect where this wasn't true: debug logging. The debug logger would potentially expose SMTP authentication data to the logs, which could pose a risk. With v0.5.1 we now redact SMTP authentication data by default as a sane and secure default. We realize though, that you sometimes need access to the authentication data. Therefore two new options were introduced to the Client
: WithLogAuthData()
and SetLogAuthData(bool)
. With either of these you can instruct the Client
to log full SMTP authentication data again.
Simplification of the message ID generation
As pointed out by @mitar in #326, the way we generated the message ID was much to complicated using different sources of randomness while already using a secure string generator. #329 simplied the message ID generation to only use the secure string generator and get rid of the rest of the strings and numbers we added to the message ID. We now have 64 possible characters to generate a 22 character long string, which provides approx. 132 bits of entropy. This should more than enough to guarantee a unique ID for each message.
What's Changed
- Simplify message id generation and get rid of randnum by @wneessen in #329
- Redact logging of SMTP authentication data by @wneessen in #338
- Add default SMTP authentication type to NewClient by @wneessen in #335
- code duplication reduction for jsonlog.go and stdlog.go by @sarff in #336
CI/CD maintenance changes
- Bump actions/upload-artifact from 4.4.0 to 4.4.1 by @dependabot in #331
- Bump github/codeql-action from 3.26.11 to 3.26.12 by @dependabot in #330
- Bump actions/upload-artifact from 4.4.1 to 4.4.2 by @dependabot in #333
- Bump actions/upload-artifact from 4.4.2 to 4.4.3 by @dependabot in #334
- Bump github/codeql-action from 3.26.12 to 3.26.13 by @dependabot in #337
New Contributors
Full Changelog: v0.5.0...v0.5.1
v0.5.0: Concurrency-safety, SCRAM-SHA, improved error handling and better GoDoc documentation // *POTENTIALLY BREAKING*
Welcome to go-mail v0.5.0! This release is a big one, bringing new features and improvements to the go-mail codebase!
Goroutine-/thread-safety (Potentially breaking)
With #307 we've made go-mail goroutine-safe by introducing a sync.Mutex
. Concurrency-safety was a much requested feature, now allowing you to dial your Client
and then use that Client
in different goroutines. While we've added a lot of new tests (including a test SMTP server to which we connect to in different goroutines), this feature has not been extensively tested in an production environment. Therefore we've marked this features (and respectively this release) as a potentially breaking release. If you plan to use go-mail in a concurrency scenario, please test properly and report back any issues.
SCRAM-SHA-1(-PLUS) / SCRAM-SHA-256(-PLUS) SMTP authentication support
With #310 we have introduced SMTP authentication functions for SCRAM-SHA-1(-PLUS) and SCRAM-SHA-256(-PLUS). Most of the ground work was contributed by @drakkan. @wneessen cleaned up the code a bit, added channel bindings support and added several test cases.
SCRAM-SHA-X(-PLUS) isn't commonly supported, yet but I've tested the code with Dovecot (no channel binding support) and mox (supports both) and the code seems to be working properly. Feedback from using SCRAM with other systems is appreciated!
Thanks again to @drakkan for the excellent WIP code.
Improved error handling
With #301 the error handling was refactored in accordance to #168. Errors are not nested into each other anymore. The send logic for a single message has been moved to the non-version-specific Client.go while the version-specific only handle multi-message handling and error combination. Error messages now also refer to a message ID of the message that failed (if present), for easier debugging.
Thanks to @mitar for pointing out the flaws in the old error handling system and for suggesting the improvements.
Enhanced SMTP LOGIN authentication handling
With #312 we've refactored the SMTP LOGIN auth handling, to improve compatibility with various server responses.
In detail: before, we were only roughly following the Microsoft Spec they defined for MS Outlook.
Meaning:
- Sending AUTH LOGIN (server might responds with "Username:")
- Sending the username (server might responds with "Password:")
- Sending the password (server authenticates)
This is the common approach for most mail systems/providers and is the specified way by Microsoft in their MS-XLOGIN spec.
Yet, there is also an old IETF draft for SMTP AUTH LOGIN that states for clients:
The contents of both challenges SHOULD be ignored.
Since there is no official standard RFC and we've seen different implementations of this mechanism (sending "Username:", "Username", "username", "User name", etc.) we now follow the IETF-Draft instead and ignore any server challange to allow compatiblity with most mail servers/providers. This way it works with servers that follow the Microsoft way but also any other kind of implementation (like i. e. Mox).
Improved GoDoc documentation
With #324 we revises the GoDoc documenation comments for the whole package. It provides much more details for each method in a more standardised format, allowing users of the package to get better information on what does what. This is especially helpful for LSP implementations like gopls.
Simplified random number generation
The random methods for generating random numbers have been simplified and the use of crypto/rand
has been replaced by math/rand
or math/rand/v2
(depending on the used Go version). We've realized that for our use cases, math/rand
will provide enough randomness. It simplies the randNum
code a lot.
Dependencies (Potentially breaking)
So far, we were always commited to keep go-mail dependency-free, meaning only relying on the Go Stdlib. So far this has been working well and we believe that people appreciate that no further dependcies are added to their project, when they import go-mail. Yet, we've finally reached a point, where adding new features might require us to import some limited dependencies. This happened with the SCRAM support in #310. We've done a poll beforehand to see if the community is fine with this and the common agreement is, that people are ok with a limited, well curated list of external packages as long as the packages are still maintained and have a good security reputation. Therefore this release adds the first dependencies to go-mail - both from the Go extended library:
golang.org/x/crypto
golang.org/x/text
As your codebase might not allow for additional dependencies, this feature is also marked as Potentially breaking
We hope you like this release and a big thanks goes out the community that contributed to this release.
What's Changed
- Improved error handling by @wneessen in #301
- Improved client error testing by @wneessen in #302
- More test coverage by @wneessen in #303
- go-mail goroutine-/thread-safety by @wneessen in #307
- SCRAM-SHA-1(-PLUS) / SCRAM-SHA-256(-PLUS) support by @wneessen in #310
- Enhance SMTP LOGIN auth and add comprehensive tests by @wneessen in #312
- Update test recipient email in client tests by @wneessen in #316
- More test coverage for smtp/auth by @wneessen in #317
- Add support for SCRAM-SHA-1-PLUS and SCRAM-SHA-256-PLUS by @wneessen in #323
- Revision of the GoDoc documentation by @wneessen in #324
CI/CD maintenance changes
- Bump step-security/harden-runner from 2.9.1 to 2.10.1 by @dependabot in #297
- Bump github/codeql-action from 3.26.6 to 3.26.7 by @dependabot in #299
- Bump github/codeql-action from 3.26.7 to 3.26.8 by @dependabot in #300
- Bump sonarsource/sonarqube-scan-action from 0c0f3958d90fc466625f1d1af1f47bddd4cc6bd1 to f885e52a7572cf7943f28637e75730227df2dbf2 by @dependabot in #304
- Bump github/codeql-action from 3.26.8 to 3.26.9 by @dependabot in #306
- Bump sonarsource/sonarqube-scan-action from f885e52a7572cf7943f28637e75730227df2dbf2 to 884b79409bbd464b2a59edc326a4b77dc56b2195 by @dependabot in #305
- Bump github/codeql-action from 3.26.9 to 3.26.10 by @dependabot in #309
- Fix GitHub actions by @wneessen in #315
- Bump golang/govulncheck-action from 1.0.3 to 1.0.4 by @dependabot in #314
- Bump codecov/codecov-action from 4.5.0 to 4.6.0 by @dependabot in #313
- Bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by @dependabot in #318
- Bump github/codeql-action from 3.26.10 to 3.26.11 by @dependabot in #321
- Update GH test workflows by @wneessen in #319
- Update GitHub Actions paths for Go and workflow files by @wneessen in #322
Full Changelog: v0.4.4...v0.5.0
v0.4.4: Re-release due to checksum mismatch
This release is identical to v0.4.3. Nothing changed. Due to an unfortunate misclick on my end, v0.4.3 was released twice which caused a checksum mismatch for some users. This release fixes the issue by releasing as a new tag.
Sorry for the inconveniences this caused.
What's Changed
- Bump github/codeql-action from 3.26.2 to 3.26.3 by @dependabot in #289
- Bump github/codeql-action from 3.26.3 to 3.26.4 by @dependabot in #290
- Bump github/codeql-action from 3.26.4 to 3.26.5 by @dependabot in #291
- Bump github/codeql-action from 3.26.5 to 3.26.6 by @dependabot in #292
- Bump sonarsource/sonarqube-quality-gate-action from 72f24ebf1f81eda168a979ce14b8203273b7c3ad to dc2f7b0dd95544cd550de3028f89193576e958b9 by @dependabot in #293
- Bump actions/upload-artifact from 4.3.6 to 4.4.0 by @dependabot in #294
- Update doc.go by @wneessen in #295
Full Changelog: v0.4.3...v0.4.4
v0.4.3: Maintenance release
Welcome to go-mail v0.4.3! This is mainly a maintenance release introducing some minor fixes and improvements. I want to go back to tighter release schedule, so the users that provided PRs don't have to wait too long for their PRs to make it into a release.
I want to thank @NorbertHauriel, @alfa-alex and @lipangeng for their contributions to this release!
What's Changed
- Add GetBoundary method and corresponding test by @wneessen in #253
- fix(typo): Error text in DialAndSendWithContext by @NorbertHauriel in #263
- Add 7bit support for EML parsing by @wneessen in #270
- Refactor: Handle missing Content-Type as plain text by @wneessen in #272
- Fix typo / inconsistency in Msg method by @alfa-alex in #278
- Support lowercase username and password challenge by @lipangeng in #282
- Fix linter errors by @wneessen in #283
- Fix CI/CD pipeline by @wneessen in #285
CI/CD maintenance changes
- Bump github/codeql-action from 3.25.10 to 3.25.11 by @dependabot in #252
- Bump sonarsource/sonarqube-scan-action from 2.2.0 to 2.3.0 by @dependabot in #254
- Bump fsfe/reuse-action from 3.0.0 to 4.0.0 by @dependabot in #255
- Bump actions/upload-artifact from 4.3.3 to 4.3.4 by @dependabot in #256
- Bump actions/setup-go from 5.0.1 to 5.0.2 by @dependabot in #257
- Bump github/codeql-action from 3.25.11 to 3.25.12 by @dependabot in #259
- Bump actions/dependency-review-action from 4.3.3 to 4.3.4 by @dependabot in #258
- Bump step-security/harden-runner from 2.8.1 to 2.9.0 by @dependabot in #260
- Bump github/codeql-action from 3.25.12 to 3.25.13 by @dependabot in #261
- Bump github/codeql-action from 3.25.13 to 3.25.14 by @dependabot in #264
- Bump ossf/scorecard-action from 2.3.3 to 2.4.0 by @dependabot in #266
- Bump github/codeql-action from 3.25.14 to 3.25.15 by @dependabot in #265
- Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by @dependabot in #267
- Bump actions/upload-artifact from 4.3.4 to 4.3.5 by @dependabot in #273
- Bump step-security/harden-runner from 2.9.0 to 2.9.1 by @dependabot in #274
- Bump github/codeql-action from 3.25.15 to 3.26.0 by @dependabot in #275
- Bump actions/upload-artifact from 4.3.5 to 4.3.6 by @dependabot in #276
- Bump sonarsource/sonarqube-scan-action from 2.3.0 to 3.0.0 by @dependabot in #277
- Bump github/codeql-action from 3.26.0 to 3.26.1 by @dependabot in #280
- Bump github/codeql-action from 3.26.1 to 3.26.2 by @dependabot in #281
New Contributors
- @NorbertHauriel made their first contribution in #263
- @alfa-alex made their first contribution in #278
- @lipangeng made their first contribution in #282
Full Changelog: v0.4.2...v0.4.3
v0.4.2: EML parsing, AuthTypes, SMTP/Fallback port selection and more
This release of go-mail brings some new features as well as some code clean up and stability improvments.
EML parsing
With #145 / #249 a new parsing feature has been added to go-mail which allows the user to parse generic EML files into a go-mail Msg
struct. This is helpful if you have a already sent mail and want to re-use it with go-mail. Three new public methods have been added: EMLToMsgFromString
, EMLToMsgFromReader
and EMLToMsgFromFile
, allowing the user to parse the EML from different sources.
Caveat: Even though I put lots of efforts into testing this new feature and I am certain that most cases should work without issue, emails are still a complex topic with lots of written and unwritten standards. There might be some special cases in which the parsing might be off. In this case, please raise an issue with an example of the mail, so that I can have a look.
SMTPAuthNoAuth AuthType
The SMTPAuthNoAuth
AuthType has been added as convenience feature. It is equivalent to performing no authentication at all. It can be used for mail servers that do not support/require authentication. It is still advised to use the Client without the WithSMTPAuth
option, instead.
Refactoring of variable names for readability
When I started go-mail, I was following the Go best practices document, choosing mostly single-character variable names. Looking at the code base size of go-mail and considering how many people work with the code base and actually contribute to the project now, I think this was the wrong decision, as it makes it hard for contributors to follow the code - especially given that I have not followed the recommendation of using more descriptive variables names for global context variables. Therefore with #182 I've refactored all variable names for better readability.
Note: The code in the smtp/
directory has been left untouched so that syncing with the upstream stdlib is not made more complicated than it has to be.
Refinement of the SMTP port selection and fallback logic
It has been pointed out in #181 that the changes to the default ports and fallback ports wasn't well thought through. With #207 this behaviour has been reworked. The clients' functions WithSSLPort
, WithTLSPortPolicy
, SetTLSPortPolicy
, and SetSSLPort
were revised to avoid overriding previously set ports. Additionally, the deprecation notes have been removed and replaced with notes on best-practice recommendations, referring the new *Port()
methods.
User-Agent skipping
With #178 and option to skip the setting of the User-Agent has been added. This option is suitable for scenarios like SMTP proxies where headers are conditionally passed based on receipt. Thanks a lot to @gegorov2030 for their contribution!
What's Changed
- Update SMTP authentication mechanisms and related tests by @wneessen in #177
- Add an option to skip adding a User-Agent by @gegorov2030 in #178
- Refactor variable names for readability by @wneessen in #182
- [StepSecurity] Apply security best practices by @step-security-bot in #185
- Add SPDX license headers to GitHub workflow files by @wneessen in #191
- Bump actions/dependency-review-action from 2.5.1 to 4.2.3 by @dependabot in #189
- Bump ossf/scorecard-action from 2.0.6 to 2.3.1 by @dependabot in #190
- Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by @dependabot in #188
- Bump codecov/codecov-action from 3.1.6 to 4.1.0 by @dependabot in #187
- Bump github/codeql-action from 1.1.39 to 3.24.9 by @dependabot in #186
- Add read permissions to GitHub workflow files by @wneessen in #192
- Implement fuzzing by @wneessen in #193
- Add OpenSSF Best Practices badge to README.md by @wneessen in #194
- [StepSecurity] ci: Harden GitHub Actions by @step-security-bot in #195
- Add OpenSSF Scorecard badge to README by @wneessen in #196
- Full test coverage in B64LineBreaker by @wneessen in #197
- Bump actions/setup-go from 3.5.0 to 5.0.0 by @dependabot in #201
- Bump fsfe/reuse-action from 1.3.0 to 3.0.0 by @dependabot in #200
- Bump actions/dependency-review-action from 4.2.3 to 4.2.4 by @dependabot in #199
- Bump actions/upload-artifact from 3.1.3 to 4.3.1 by @dependabot in #198
- Bump actions/dependency-review-action from 4.2.4 to 4.2.5 by @dependabot in #202
- Bump codecov/codecov-action from 4.1.0 to 4.1.1 by @dependabot in #203
- Bump sonarsource/sonarqube-scan-action from 9ad16418d1dd6d28912bc0047ee387e90181ce1c to 53c3e3207fe4b8d52e2f1ac9d6eb1d2506f626c0 by @dependabot in #204
- Bump codecov/codecov-action from 4.1.1 to 4.2.0 by @dependabot in #206
- Bump sonarsource/sonarqube-quality-gate-action from f9fe214a5be5769c40619de2fff2726c36d2d5eb to 72f24ebf1f81eda168a979ce14b8203273b7c3ad by @dependabot in #205
- Refine SMTP port selection and fallback logic by @wneessen in #207
- Update format string in Debugf method calls in tests by @wneessen in #208
- Bump github/codeql-action from 3.24.9 to 3.24.10 by @dependabot in #209
- Bump codecov/codecov-action from 4.2.0 to 4.3.0 by @dependabot in #210
- Bump github/codeql-action from 3.24.10 to 3.25.0 by @dependabot in #211
- Bump github/codeql-action from 3.25.0 to 3.25.1 by @dependabot in #213
- Bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in #214
- Bump github/codeql-action from 3.25.1 to 3.25.2 by @dependabot in #216
- Bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in #215
- Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in #217
- Bump github/codeql-action from 3.25.2 to 3.25.3 by @dependabot in #218
- Bump step-security/harden-runner from 2.7.0 to 2.7.1 by @dependabot in #221
- Bump golangci/golangci-lint-action from 5.0.0 to 5.1.0 by @dependabot in #220
- Bump actions/dependency-review-action from 4.2.5 to 4.3.1 by @dependabot in #219
- Bump actions/dependency-review-action from 4.3.1 to 4.3.2 by @dependabot in #222
- Bump codecov/codecov-action from 4.3.0 to 4.3.1 by @dependabot in #223
- Bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #224
- Bump golangci/golangci-lint-action from 5.1.0 to 5.3.0 by @dependabot in #225
- Update README.md by @wneessen in #226
- Bump golangci/golangci-lint-action from 5.3.0 to 6.0.0 by @dependabot in #227
- Bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @dependabot in #230
- Bump github/codeql-action from 3.25.3 to 3.25.5 by @dependabot in #231
- Bump golangci/golangci-lint-action from 6.0.0 to 6.0.1 by @dependabot in #229
- Bump codecov/codecov-action from 4.3.1 to 4.4.0 by @dependabot in #232
- Bump github/codeql-action from 3.25.5 to 3.25.6 by @dependabot in #234
- Bump codecov/codecov-action from 4.4.0 to 4.4.1 by @dependabot in #233
- Bump step-security/harden-runner from 2.7.1 to 2.8.0 by @dependabot in #235
- Bump sonarsource/sonarqube-scan-action from 2.0.2 to 2.1.0 by @dependabot in #236
- Sync with upstream by @wneessen in #237
- Bump github/codeql-action from 3.25.6 to 3.25.7 by @dependabot in #238
- Bump golang/govulncheck-action from 1.0.2 to 1.0.3 by @dependabot in #239
- Bump github/codeql-action from 3.25.7 to 3.25.8 by @dependabot in #241
- Bump actions/dependency-review-action from 4.3.2 to 4.3.3 by @dependabot in #243
- Bump step-security/harden-runner from 2.8.0 to 2.8.1 by @dependabot in #244
- Bump codecov/codecov-action from 4.4.1 to 4.5.0 by @dependabot in #245
- Bump sonarsource/sonarqube-scan-action from 2.1.0 to 2.2 by @dependabot in #247
- Bump githu...
v0.4.1: Improved logging, attachment removing, delivery status indicaton and more *POTENTIALLY BREAKING*
This release of go-mail brings some new features as well as some code clean up and stability improvments.
Improved logging interface (Potentially Breaking Change)
The debug logging system in go-mail has been refactored. A new custom log type Log
was introduced, that includes the message direction, format and arguments. The Logger
interface and the Stdlog
implementation were modified to accept this new type. This change is breaking custom implementations of the Logger
interface, but the new interface provides much more flexibility (#136/#141). Additionally we added support for JSON logging (#142) using the log/slog
package that has been added to the stdlib in Go 1.21.
This change is breaking custom logger implementations
Removal of attachments/embeds
#147 adds support for removing all attachments/embeds/parts from a Msg
. This allows to re-use a Msg
and allows for replacing message parts.
The following methods can be used:
Msg.UnsetAllAttachments()
Msg.UnsetAllEmbeds()
Msg.UnsetAllParts()
Thanks to @leahoop for their first PR!
Reading of multiple addresses from a single comma-separated string
#155/#152 add support for three new methods that allow to read multiple recipient addresses for the TO:
, CC:
and BCC:
fields from a single comma-separated string.
The following methods have been added:
Msg.ToFromString(string)
Msg.CcFromString(string)
Msg.BccFromString(string)
Thanks to @suntong for requesting this useful feature!
Delivery status indication for messages
With #167 we added support for delivery status indication of messages. This is especially helpful for bulk mailings to identify if a message was actually delivered or not. A helper method IsDelivered
has been added that will return true
after successful delivery of a Msg
. Thanks to @mitar for requesting this useful feature!
Making use of best practice default ports and fallback ports
When using SSL or STARTTLS, so far the default port was always 25, which is against best practices as described in RFC8314, section 3.3. With #170 we've deprecated the WithSSL()
and WithTLSPolicy
options in favour of WithSSLPort(bool)
and WithTLSPortPolicy(TLSPolicy)
.
WithSSLPort
tells theClient
to use a SSL/TLS connection and automatically sets the port to 465.WithTLSPortPolicy
tells the client to use the provided TLSPolicy and sets the correct port automatically. Port 587 is used forTLSMandatory
andTLSOpportunistic
.NoTLS
will allways use port 25. If the connection fails withTLSOpportunistic
, a plaintext connection is attempted on port 25 as a fallback.
Thanks to @muhlemmer for raising the request and providing the first part of the PR.
AUTH LOGIN extension draft
We've added support for the auth login extension draft. This effectively is a draft that expired and was deprecated in favor of the AUTH PLAIN SASL extension (#163).
Thanks to @james-d-elliott for the PR!
Code cleanup and stability
The codebase has been reviewed and a couple of potential nil pointer dereferences have been identified and fixed.
Additionally, a potential panic has been fixed in fileFromReader
(#161) - thanks to @rami-dabain for their first PR!
What's Changed
- Replace hardcoded '2' in Output with const CallDepth by @wneessen in #137
- Fix nil pointer dereference in msgwriter due to missing error handling by @wneessen in #139
- Update Go version to 1.21 in GitHub workflows by @wneessen in #140
- Refactor logging for clearer messaging direction by @wneessen in #141
- #142 Add structured JSON logger and associated tests by @wneessen in #143
- #147 add remove attachments and embeds methods by @leahoop in #148
- Feature/147 add method to remove any attachmentembed by @wneessen in #149
- Add new methods and tests for handling email addresses by @wneessen in #155
- Eleminate potential null pointer exceptions by @wneessen in #157
- Added return error to
fileFromReader
by @rami-dabain in #161 - feat(smtp): auth login extension draft support by @james-d-elliott in #163
- Upstream sync / refine function comments to include return type GoDoc links by @wneessen in #165
- Add delivery status indication for messages by @wneessen in #167
- Update FreeBSD version in .cirrus.yml by @wneessen in #169
- Add default ports and fallback behavior for SSL and TLS by @wneessen and @muhlemmer in #170
- Add Charset support for message parts by @wneessen in #172
- Add "X-Auto-Response-Suppress" header and update SetBulk method by @wneessen in #173
- Update Go version in GitHub workflow files by @wneessen in #174
New Contributors
- @leahoop made their first contribution in #148
- @rami-dabain made their first contribution in #161
- @muhlemmer made their first contribution in #170
Full Changelog: v0.4.0...v0.4.1
v0.4.0: Custom dial contexts and OAUTH2 support
This release adds two great improvements to go-mail.
Custom dial contexts
The newly added option allows for providing custom dial contexts, to use i. e. for some more extra processes in establish a connection such as using proxy, DNS hook, and so on. The dial context can be provided via the WithDialContextFunc
option on the Client
. Huge thanks to @sters for their contribution to the project!
OAUTH2 support
@drakkan (Developer of the excellent SFTPGO) added a new SMTP auth option for OAUTH2 authentication tokens (aka XOAUTH2). We now support Google and Microsoft O365 OAUTH2 authentication tokens. With this, go-mail now support 4 different SMTP Auth variants: LOGIN, PLAIN, CRAM-MD, XOAUTH2.
Thanks again @drakkan for this contribution and also big thanks to @james-d-elliott for helping to test this new option and providing their broad knowledge to this feature.
Other changes
We've synced up the changes that were made to the official go net/smtp package with our own copy. So this way go-mail is fully in sync with the official go package again.
What's Changed
- Sync upstream changes to net/smtp by @wneessen in #127
- Adding WithDialContextFunc client option by @sters in #128
- add Oauth2 support by @drakkan in #130
- Preparation for the v0.4.0 release: by @wneessen in #131
- oauth2: add more test cases by @drakkan in #132
New Contributors
Full Changelog: v0.3.9...v0.4.0
v0.3.9 SMTP client port, debug logging and more
This release is the biggest since the initial release of the library. While there wasn't really much change on the surface, there happend a lot under the hood.
net/smtp fork
go-mail heavily relies on the Go stdlib net/smtp
package. Unfortunately this lib is in feature freeze mode, so that enhancing/extending the package is not possible. This restricted us - at least to a certain degree - as we can't add features that would be useful for go-mail. For that reason we ported/forked the whole package over and adjusted all parts of go-mail to use it instead.
The original license has been imported and the license headers have been adjusted to reflect the go-mail's MIT license and the original Go BSD-3-Clause license. Additionally, the license headers have been converted to SPDX style.
Debug logging
Since we now have full control over the SMTP client part of go-mail, this allowed us to implement ldebug logging for the SMTP communication. Via the Client.WithDebugLog
client option the user can enable this feature. It will then make use of the new smtp/Client.SetDebugLog
method. Once the flag is set to true, the SMTP client will start logging incoming and outgoing messages to os.Stderr.
We've also implemented a simple log.Logger
interface, as well as a standard logger that satisfies this interface. This allows the user to provide a custom logger, as long as the interface is stasified. If no custom logger is provided, the Stdlog
will be used (which makes use of the Go stdlib again). Accordingly, a Client.WithLogger
option and Client.SetLogger
method have been implemented. Same applies for the smtp counterparts.
Details can be found in #102 and #115 .
More support for middlewares
With #108, #109 and #117 we provide more access to message parts (like attachments or embeds) for middlewares. Parts can now be gotten, set and deleted by middlewares.
Fix attachment reader consectuive writes
Msg.AttachReader()
would not output the attached file after consecutive writes (e.g. a write to a file and then send via Client). In #111 we fixed this behaviour by first reading the io.Reader into memory and then creating a new bytes.Reader
, which does support seeking. In the writeFunc
we then seek to position 0 after a successful io.Copy
. This is probably not the most memory efficient way of handling this, but otherwise we'll have to break the io.Reader
interface, which we do not want..
To compensate this, additionally, a new way of attaching/embedding files has been added: Msg.AttachReadSeeker()
and Msg.EmbedReadSeeker()
which take a io.ReadSeeker
as argument instead. These two methods will skip the reading into memory and make use of the Seek
method of the corresponding interface instead.
We recommend to make use of the new methods instead, to make the memory footprint low.
Special thanks
Special thanks go to @Karitham, @cvette and @halilylm for reporting bugs and/or providing PRs to address issues. Also big thanks to @james-d-elliott of the Authelia project for providing helpful insights on various issues with the library.
What's Changed
- Set up FreeBSD tests via CirrusCI by @wneessen in #99
- Fork the net/smtp package from Go's stdlib into go-mail by @wneessen in #100
- Implement SMTP client debug logging by @wneessen in #102
- Update documentation and copyright headers by @wneessen in #103
- Refactor DSN handling from client.go to smtp.go by @wneessen in #104
- Introducing Msg part deletion by @wneessen in #108
- Introduce GetEmbeds() and SetEmbeds() by @wneessen in #109
- Fix Attach/EmbedReader and implement Attach/EmbedReadSeeker by @wneessen in #111
- Go1.20 workflow updates by @wneessen in #113
- Update golangci-lint to Go 1.20 by @wneessen in #114
- Implement Logger interface by @wneessen in #115
- Provide more ways for middleware to interact with mail parts by @wneessen in #117
- fix: parsing of ReplyTo with special characters by @cvette in #118
- Make golangci-lint happy again by @wneessen in #120
- Remove defer from for loops by @wneessen in #122
New Contributors
Full Changelog: v0.3.8...v0.3.9