• downloaded new setup.sh

This is not necessary these days. You can use docker exec / docker compose exec to get into the container and run the setup command which supports the same features. The setup.sh script is mostly for some minor convenience now and runs the same setup commands within the container.

If I pull 12.1.0 now will everything just work out of the box?

Hard to say.

Some users had non-standard configuration where they replaced the Dovecot config file we updated in v12. This caused problems for them until they applied the same changes for SASL.

What about DKIM/DMARC? Is this going to continue to work just like with 11.3.1?

It has had some changes, but from what I've heard RSPAMD differs a little as well. You could first try with the default OpenDKIM / OpenDMARC that you'd already have, and later switch?

I was not involved much in the rspamd work, and the main maintainer for this is quite busy for a while. I recall more work going on to improve the rspamd support with v13, you may want to stick with what has been working for you so far? It'll be switched to default in a future major version.

If I missed some upgrade-documentation, please point me to it! Thanks.

The release notes sometimes differ from the Changelog file, but most changes are documented there for awareness. And provide reference links to work on those changes which can go into much more technical detail.

We don't tend to have migration/upgrade guides beyond that. We're rather limited on time and do our best to document what we can and raise awareness of anything critical. Other than that you can try looking at bug reports (some closed and resolved). Not everything is added to release notes or changelog, but we do tag the version to related issues / work, such as:

• milestone:v12.1.0
• milestone:v12.0.0
• Likewise for an upcoming 13, might reveal some bugs / fixes that are queued up.

I'm using OPENDKIM at the moment. Can I reuse the existing keys for RSPAMD by just copying them over to the RSPAM directory, or do they have to be re-generated? Or is it recommended to continue to use OPENDKIM?

I think the keys are compatible. We have a way to generate keys from each tool which will output slightly differently, but that's not an issue IIRC. However rspamd requires extra configuration (as described in the docs), so you might want to just keep it simple by regenerating, or if viable, send a test mail with the existing keys in use, and if that works you should be all good.

I don't think there's any issue with using opendkim. One of the other maintainers still uses that without issues AFAIK (I don't use DMS myself).

Thanks for the answer. I upgraded to 12.1.0 now, using ENABLE_OPENDKIM=0. In rspamd you can use the old opendkim keys, I just had to rename them and put them in the according rspamd directory. DKIM seems to work fine with rspamd. Rspamd itself is a different beast. Had to (wanted to) disable a few modules enabled by default (like RBL). Still fighting a bit with the configuration, have to read the Rspamd docs a bit I guess. In general the upgrade went through fine.