Momentum 5.3.0 Changelog
This section will list all of the major changes that happened with the release of Momentum 5.3.0. Depending on installation type, all changes may not be applicable
| Type | Ticket | Description |
|---|---|---|
| Feature | — | spamassassin module is a supported SpamAssassin client (SPAMC protocol over spamd), replacing the legacy, Sieve-based spamc module. |
| Feature | I-1064 | Added support for license signatures using ECDSA P-256 with SHA-256. |
| Feature | I-1141 | Added an optional limit query parameter to the /stats/queues/mailq HTTP API, controlling how many binding/domain pairs are ranked and returned. |
| Feature | I-1152 | Added new fail all and fail all quiet console commands, plus optional --meta / --header filtering on other fail commands to selectively fail queued messages by metadata or RFC822 header match. |
| Feature | I-1172 | Added the ec_spool_check utility, which performs a read-only scan of a spool directory and reports metadata, body, and orphan-marker failures without driving traffic through Momentum. |
| Feature | I-1214 | Removed msys-nodejs RPM from the Momentum bundle, to be replaced with the 3rd-party nodejs package. Node.js LTS 24+ must be installed separately from the system or a vendor repository. |
| Feature | I-1216 | Added the log_hires_timestamp option to emit microsecond-resolution timestamps in the mainlog, bouncelog, rejectlog, paniclog, custom logs, chunk logs, and message generation logs, preserving event ordering when reading multiple log files together. |
| Feature | I-1225 | Added optional --meta / --header filtering to the reroute queue console command, to selectively move queued messages by metadata or RFC822 header match. |
| Enhancement | I-1276 | The supported range of OpenSSL covers 1.1.1 (RHEL 8) through the 3.5.x series — all pre-1.1.1 compatibility code has been retired. A few obsolete TLS settings were removed as part of this change; see the note below. |
| Feature | TASK-144964 | The tls_ec_curve_names option now accepts a colon-separated list of curve or TLS group short names in preference order, instead of a single curve. |
| Feature | TASK-198522 | New DNS configuration options to rate-limit MX lookups, preventing query bursts from overwhelming the DNS infrastructure. |
| Fix | TASK-227757 | ha_proxy_client now re-resolves a hostname-based ha_proxy_server during each health check, so backend IP changes are picked up automatically without restart. |
NOTE: OpenSSL cleanup (I-1276) — configuration impact. No action is required in any of the cases below, but you may tidy up your configuration if you wish.
The following settings are obsolete as of 5.3.0 and are silently ignored if still present; they can be deleted from ecelerity.conf and from any console scripts:
ssl_lock_method— configuration optioncrypto_lock_method— configuration optiontls rekey— console command (thetls show cacheoutput no longer includes a "Temp RSA key" line)
In addition, the following tls_protocols (and equivalent tls_ciphers) protocol tokens are still accepted for backward compatibility but no longer take effect, because the protocols are not negotiated on OpenSSL 1.1.1 and later:
SSLv2,SSLv3— removed or disabled within OpenSSL itself and never negotiatedTLSv1.0,TLSv1.1— deprecated and, on platforms such as RHEL 8 (DEFAULT crypto policy), restricted to TLS 1.2 and TLS 1.3
As a result, tls_protocols = "+ALL" resolves to TLS 1.2 and TLS 1.3 on a typical deployment.
Finally, crypto_engine is version-dependent rather than removed: it has no effect on OpenSSL 3.x builds (including the 3.5.x series), because the ENGINE API it relies on was removed in OpenSSL 3.0 in favor of the provider model. It continues to work on OpenSSL 1.1.1 builds such as RHEL 8. On OpenSSL 3.x, configure the appropriate OpenSSL provider at the library level instead.