v0.6.0: S/MIME, Auto-discovery, Quicksend and more

Welcome to go-mail v0.6.0! This release brings some cool new features. We hope you enjoy!

S/MIME signing support

The PRs #298 and #406 add S/MIME signing support to go-mail. We support RSA and ECDSA keys for the time being. Two new methods have been added to the Msg type: Msg.SignWithKeypair which allows message signing by providing seperate crypto.PrivateKey and x509.Certificate parts and Msg.SignWithTLSCertificate which allows to sign messages by providing a corresponding tls.Certificate. Please keep in mind that this is a completely new feature and while we did thorough testing there might be some edge cases that haven't been checked so far. Feedback for this feature is welcome. If you run into issues, please open a Github issue accordingly. This feature has been contributed by @theexiile1305 and has been extended by myself. Big thanks a lot to @theexiile1305 for their contribution!

SMTP authentication auto-discovery

PRs #373 and #374 implement a new SMTP auth mechanism to automatically discover and select the strongest supported SMTP authentication type. This feature simplifies the authentication process for users and enhances security by prioritizing stronger mechanisms based on server capabilities.

Quicksend

PR #378 introduces the QuickSend function for sending emails quickly with TLS and optional SMTP authentication. This feature is similar to the SendMail method of the net/smtp package, but makes use of all go-mail Client and Msg features, including error checking and validations. In essence this new method will create a new client that connects to the server at addr, switches to TLS if possible, authenticates with the optional AuthData provided in auth and create a new simple Msg with the provided subject string and message bytes as body. The message will be sent using from as sender address and will be delivered to every address in rcpts. QuickSend will always send as text/plain ContentType. For the SMTP authentication, if auth is not nil and AuthData.Auth is set to true, it will try to autodiscover the best SMTP authentication mechanism supported by the server. If auth is set to true but autodiscover is not able to find a suitable authentication mechanism or if the authentication fails, the mail delivery will fail completely.

Support for io/fs.FS attachments/embeds

The PR #376 adds support for generic file systems that satisfy the fs.FS interface. Since embed.FS is such a file system, the embed.FS has been refactored to make use of the more generic fs.FS code. It also introduces two new methods Msg.AttachFromIOFS and Msg.EmbedFromIOFS.

More robust concurrency-/thread-safety

Goroutines are easy, but concurrency is hard, and since we added concurrency just with the latest release, some issues were to be expected. With #386 a concurrency issues was fixed when a user would use DialAndSend or DialAndSendWithContext in concurrent goroutines instead of using a single Client and then just using Send within the goroutines. With PR #386 the overall concurrency-safety is made more reliable.

Improved filename sanitization in MIME headers

PR #388 introduced proper filename sanitization for attachments and embedded files. It will repace invalid characters with underscore _ characters before encoding them. This prevents control (like new lines) and special characters like backslash or quotes from causing issues in MIME headers and file systems. As a side effect this prevents newline characters from introducing a potential vulnerability by using filenames with newlines characters in it. We also make sure that the Content-Description header is properly encoded now.

Unix domain socket support

PR #408 adds support for connecting to unix domain sockets instead of a TCP connection. This can be easily established by prefixing the hostname with unix://. This feature has been requested by the Forgejo project. Thanks to them for their input on this.

More test overhauling

Following the test suite overhaul of the 0.5.2 release, with #361 the test suite for the go-mail SMTP client has also been completely rewritten for better coverage as well.

What's Changed

• SMTP client tests overhaul by @wneessen in #361
• Fix spelling in some tests by @wneessen in #362
• Remove CC0-1.0 license by @wneessen in #363
• Expose error code in SendError by @wneessen in #368
• Enable gosec linter and add exclusion rules by @wneessen in #370
• Add SMTP authentication auto-discovery by @wneessen in #373
• Add support for SMTP auto-discovery authentication by @wneessen in #374
• Support attachments/embeds via io/fs.FS by @wneessen in #376
• Add QuickSend feature by @wneessen in #378
• Add mutex for concurrent send protection by @wneessen in #381
• Fix concurrency issue in DialAndSendWithContext by @wneessen in #386
• Remove unused opts parameter docstring by @wneessen in #387
• Improve filename sanitization in MIME headers by @wneessen in #388
• Support of S/MIME Signing by @theexiile1305 in #298
• Refactor and extend S/MIME signing support by @wneessen in #406
• Unix domain socket support by @wneessen in #408
• Prepare 0.6.0 release by @wneessen in #409

CI/CD maintenance changes

• Bump golang.org/x/crypto from 0.28.0 to 0.29.0 by @dependabot in #358
• Bump sonarsource/sonarqube-scan-action from 3.0.0 to 3.1.0 by @dependabot in #359
• Bump github/codeql-action from 3.27.0 to 3.27.1 by @dependabot in #360
• Bump github/codeql-action from 3.27.1 to 3.27.2 by @dependabot in #364
• Bump github/codeql-action from 3.27.2 to 3.27.3 by @dependabot in #367
• Bump sonarsource/sonarqube-scan-action from 3.1.0 to 4.0.0 by @dependabot in #366
• Bump fsfe/reuse-action from 4.0.0 to 5.0.0 by @dependabot in #369
• Bump github/codeql-action from 3.27.3 to 3.27.4 by @dependabot in #372
• Bump codecov/codecov-action from 4.6.0 to 5.0.1 by @dependabot in #371
• Bump codecov/codecov-action from 5.0.1 to 5.0.2 by @dependabot in #375
• Bump step-security/harden-runner from 2.10.1 to 2.10.2 by @dependabot in #377
• Bump codecov/codecov-action from 5.0.2 to 5.0.4 by @dependabot in #379
• Bump actions/dependency-review-action from 4.4.0 to 4.5.0 by @dependabot in #382
• Bump codecov/codecov-action from 5.0.4 to 5.0.7 by @dependabot in #383
• Bump github/codeql-action from 3.27.4 to 3.27.5 by @dependabot in #384
• [StepSecurity] ci: Harden GitHub Actions by @step-security-bot in #391
• Bump sonarsource/sonarqube-scan-action from 4.0.0 to 4.1.0 by @dependabot in #393
• Bump github/codeql-action from 3.27.5 to 3.27.6 by @dependabot in #394
• Bump golang.org/x/text from 0.20.0 to 0.21.0 by @dependabot in #396
• Bump golang.org/x/crypto from 0.29.0 to 0.30.0 by @dependabot in #395
• Bump codecov/codecov-action from 5.0.7 to 5.1.1 by @dependabot in #397
• Bump github/codeql-action from 3.27.6 to 3.27.7 by @dependabot in #399
• Bump actions/setup-go from 5.1.0 to 5.2.0 by @dependabot in #398
• Bump golang.org/x/crypto from 0.30.0 to 0.31.0 by @dependabot in #400
• Bump github/codeql-action from 3.27.7 to 3.27.9 by @dependabot in #401
• Bump sonarsource/sonarqube-scan-action from 4.1.0 to 4.2.1 by @dependabot in #402
• Bump actions/upload-artifact from 4.4.3 to 4.5.0 by @dependabot in #403
• Bump golang.org/x/crypto from 0.31.0 to 0.32.0 by @dependabot in #405

New Contributors

• @theexiile1305 made their first contribution in #298

Full Changelog: v0.5.2...v0.6.0