1.9.0

Release 1.9.0

add TURN for audio calls, improve performance

1.8.0

The ecosystem is moving!

With the rolling v2.33 Delta Chat releases, users can switch from one relay to another: https://support.delta.chat/t/how-to-migrate-your-profile-to-another-relay-version-2-33/4441 - and this is just the first step!

Also, users can add "Debug calls" in the experimental settings now. This will enable 1on1 calls. Usually the connection is established peer-to-peer, but if their networks don't allow that, users on your relay will now be able to use your relay's TURN for establishing the connection. Note: this can lead to higher traffic, but typically doesn't use CPU, RAM, or disk space.

Interesting changelog items:

Customizability

• don't deploy the website if there are merge conflicts in the www folder (#714)

• Specify nginx.conf to only handle mail_domain, www, and mta-sts domains (#636)

• Add acme_email parameter to chatmail.ini for Let's Encrypt ACME email (#663)

• cmdeploy: make --ssh-host work with localhost (#659)

• Add --skip-dns-check argument to cmdeploy run command, which disables DNS record checking before installation. (#661)

Dropped legacy features

• Remove echobot (#753)

• Remove xstore@testrun.org from default passthrough recipients (#722)

Connectivity

• Setup TURN server for audio calls (#621)

• Require TLS 1.2 for outgoing SMTP connections (#685, #730)

• Require STARTTLS for incoming port 25 connections (#684, #730)

• Increase opendkim DNS Timeout from 5 to 60 seconds to reduce DKIM errors (#672)

Performance improvements

• save RAM, by not compressing IMAP connections by default anymore. enable imap_compress in chatmail.ini to restore old behavior: (#760)

• Rework expiry of message files and mailboxes in Python to only do a single iteration over sometimes millions of messages instead of doing "find" commands that iterate 9 times over the messages. Provide an "fsreport" CLI for more fine grained analysis of message files. (#637)

• made filtermail more efficient (#676 and #674)

Miscellaneous

• Add robots.txt to exclude all web crawlers (#732)

• acmetool: accept new Let's Encrypt ToS: https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf (#729)

• acmetool: use ECDSA keys instead of RSA (#689)

• Organized cmdeploy into install, configure, and activate stages (#695)

• acmetool: replace cronjob with a systemd timer (#719)

• Use max username length in newemail.py, not min (#648)

New Contributors <3

• @lig made their first contribution in #705
• @PromyLOPh made their first contribution in #712
• @alxndr42 made their first contribution in #714
• @maikelthedev made their first contribution in #743
• @j4n made their first contribution in #747
• @Simon-Laux made their first contribution in #745
• @machocam made their first contribution in #767

Full Changelog: 1.7.0...1.8.0

New config items: `www_folder` and `delete_large_after`

1.7.0

Some of the improvements:

• use www_folder in chatmail.ini to choose from which path to build/upload the web site, or disable it (#618)
• use delete_large_after in chatmail.ini to choose after how many days large files are deleted (#555)
• deployment is aborted if server is already used for something different than chatmail (#568)
• by default, echobot can receive unencrypted messages again for test purposes (#556)
• dovecot is installed from download.delta.chat now instead of openSUSE Build Service (#590)
• chatmail/relay version is stored at /etc/chatmail-version (#573)
• push notification tokens are expired/refreshed after 90 days now (#583)

New Contributors! ❤️

• @s0ph0s-dog made their first contribution in #557
• @adonm made their first contribution in #566
• @snan made their first contribution in #575
• @cliffmccarthy made their first contribution in #607

Full Changelog: 1.6.0...1.7.0

Enforce end-to-end Encryption

1.6.0

Some elected changelog items

Enforce E2EE

• Enforce end-to-end encryption for incoming messages.
  New user address mailboxes now get a enforceE2EEincoming file
  which prohibits incoming cleartext messages from other domains.
  An outside MTA trying to submit a cleartext message will
  get a "523 Encryption Needed" response, see RFC5248.
  If the file does not exist (as it the case for all existing accounts)
  incoming cleartext messages are accepted.
  (#538)

• Enforce end-to-end encryption between local addresses
  (#535)

• replace Subject with [...] for all outgoing mails.
  (#481)

Delete big messages after 7 days

• cmdeploy dovecot: delete big messages after 7 days
  (#504)

DNS improvements

• cmdeploy dns: offer alternative DKIM record format for some web interfaces
  (#470)

• remove MTA-STS daemon
  (#488)

Migration support and DNS improvements

1.5.0

Some elected changelog items

DNS improvements

• fix checking for required DNS records
  (#412)

• query autoritative nameserver to bypass DNS cache
  (#424)

Migration support

• add guide to migrate chatmail to a new server
  (#429)

• add cmdeploy run --disable-mail to disable postfix/dovecot for migration
  (#428)

• add argument to cmdeploy run for specifying
  a different SSH host than mail_domain
  (#439)

Operations

• add support for specifying whole domains for recipient passthrough list
  (#408)

• trigger "apt upgrade" during "cmdeploy run"
  (#398)

• drop hispanilandia passthrough address, as it stopped service
  (#401)

Monitoring

• add mtail support (new optional mtail_address ini value)
  This defines the address on which mtail
  exposes its metrics collected from the logs.
  If you want to collect the metrics with Prometheus,
  setup a private network (e.g. WireGuard interface)
  and assign an IP address from this network to the host.
  If you do not plan to collect metrics,
  keep this setting unset.
  (#388)

Fix a bug that could lead to missed notifications and other issues

1.4.1

make another release

optimized resource usage / streamlined DNS

1.4.0

some elected changelog items

(see https://github.com/deltachat/chatmail/blob/main/CHANGELOG.md for full list of changes)

• Add disable_ipv6 config option to chatmail.ini.
  Required if the server doesn't have IPv6 connectivity.
  (#312)

• allow current K9/Thunderbird-mail releases to send encrypted messages
  outside by accepting their localized "encrypted subject" strings.
  (#370)

• Migrate and remove sqlite database in favor of password/lastlogin tracking
  in a user's maildir.
  (#379)

• Require pyinfra V3 installed on the client side,
  run ./scripts/initenv.sh to upgrade locally.
  (#378)

• BREAKING: new required chatmail.ini value 'delete_inactive_users_after = 100'
  which removes users from database and mails after 100 days without any login.
  (#350)

• Refine DNS checking to distinguish between "required" and "recommended" settings
  (#372)

• Make DNS-checking faster and more interactive, run it fully during "cmdeploy run",
  also introducing a generic mechanism for rapid remote ssh-based python function execution.
  (#346)

• Remove sieve to enable hardlink deduplication in LMTP
  (#343)

• dovecot: enable gzip compression on disk
  (#341)

• DKIM-sign Content-Type and oversign all signed headers
  (#296)

• Add nonci_accounts metric
  (#347)

• Multiplex HTTPS, IMAP and SMTP on port 443
  (#357)

1.3.0

Among other changes:

• The default for the delete_mails_after config value was changed from 40 to 20. If you also want this for your chatmail instance, change it in your local chatmail.ini file and run cmdeploy run.
• The logs are not saved to disk anymore. You can still view them with journalctl, but not after a reboot.
• We forked dovecot to include a patch which makes message transfer much faster. Apart from this change, it is just the same as the debian version. Read more here about how we are building it.