2023-01-30 16:27:06 +03:00
|
|
|
// Package tlsrptdb stores reports from "SMTP TLS Reporting" in its database.
|
|
|
|
|
package tlsrptdb
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"fmt"
|
|
|
|
|
"os"
|
|
|
|
|
"path/filepath"
|
|
|
|
|
"sync"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/prometheus/client_golang/prometheus"
|
|
|
|
|
"github.com/prometheus/client_golang/prometheus/promauto"
|
|
|
|
|
|
|
|
|
|
"github.com/mjl-/bstore"
|
|
|
|
|
|
|
|
|
|
"github.com/mjl-/mox/dns"
|
|
|
|
|
"github.com/mjl-/mox/mlog"
|
|
|
|
|
"github.com/mjl-/mox/mox-"
|
|
|
|
|
"github.com/mjl-/mox/tlsrpt"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
xlog = mlog.New("tlsrptdb")
|
|
|
|
|
|
add a "backup" subcommand to make consistent backups, and a "verifydata" subcommand to verify a backup before restoring, and add tests for future upgrades
the backup command will make consistent snapshots of all the database files. i
had been copying the db files before, and it usually works. but if the file is
modified during the backup, it is inconsistent and is likely to generate errors
when reading (can be at any moment in the future, when reading some db page).
"mox backup" opens the database file and writes out a copy in a transaction.
it also duplicates the message files.
before doing a restore, you could run "mox verifydata" on the to-be-restored
"data" directory. it check the database files, and compares the message files
with the database.
the new "gentestdata" subcommand generates a basic "data" directory, with a
queue and a few accounts. we will use it in the future along with "verifydata"
to test upgrades from old version to the latest version. both when going to the
next version, and when skipping several versions. the script test-upgrades.sh
executes these tests and doesn't do anything at the moment, because no releases
have this subcommand yet.
inspired by a failed upgrade attempt of a pre-release version.
2023-05-26 20:26:51 +03:00
|
|
|
DBTypes = []any{TLSReportRecord{}}
|
|
|
|
|
DB *bstore.DB
|
|
|
|
|
mutex sync.Mutex
|
2023-01-30 16:27:06 +03:00
|
|
|
|
|
|
|
|
metricSession = promauto.NewCounterVec(
|
|
|
|
|
prometheus.CounterOpts{
|
2023-02-08 23:01:15 +03:00
|
|
|
Name: "mox_tlsrptdb_session_total",
|
2023-01-30 16:27:06 +03:00
|
|
|
Help: "Number of sessions, both success and known result types.",
|
|
|
|
|
},
|
|
|
|
|
[]string{"type"}, // Known result types, and "success"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
knownResultTypes = map[tlsrpt.ResultType]struct{}{
|
|
|
|
|
tlsrpt.ResultSTARTTLSNotSupported: {},
|
|
|
|
|
tlsrpt.ResultCertificateHostMismatch: {},
|
|
|
|
|
tlsrpt.ResultCertificateExpired: {},
|
|
|
|
|
tlsrpt.ResultTLSAInvalid: {},
|
|
|
|
|
tlsrpt.ResultDNSSECInvalid: {},
|
|
|
|
|
tlsrpt.ResultDANERequired: {},
|
|
|
|
|
tlsrpt.ResultCertificateNotTrusted: {},
|
|
|
|
|
tlsrpt.ResultSTSPolicyInvalid: {},
|
|
|
|
|
tlsrpt.ResultSTSWebPKIInvalid: {},
|
|
|
|
|
tlsrpt.ResultValidationFailure: {},
|
|
|
|
|
tlsrpt.ResultSTSPolicyFetch: {},
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// TLSReportRecord is a TLS report as a database record, including information
|
|
|
|
|
// about the sender.
|
|
|
|
|
//
|
|
|
|
|
// todo: should be named just Record, but it would cause a sherpa type name conflict.
|
|
|
|
|
type TLSReportRecord struct {
|
|
|
|
|
ID int64 `bstore:"typename Record"`
|
|
|
|
|
Domain string `bstore:"index"` // Domain to which the TLS report applies.
|
|
|
|
|
FromDomain string
|
|
|
|
|
MailFrom string
|
|
|
|
|
Report tlsrpt.Report
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-22 15:40:36 +03:00
|
|
|
func database(ctx context.Context) (rdb *bstore.DB, rerr error) {
|
2023-01-30 16:27:06 +03:00
|
|
|
mutex.Lock()
|
|
|
|
|
defer mutex.Unlock()
|
add a "backup" subcommand to make consistent backups, and a "verifydata" subcommand to verify a backup before restoring, and add tests for future upgrades
the backup command will make consistent snapshots of all the database files. i
had been copying the db files before, and it usually works. but if the file is
modified during the backup, it is inconsistent and is likely to generate errors
when reading (can be at any moment in the future, when reading some db page).
"mox backup" opens the database file and writes out a copy in a transaction.
it also duplicates the message files.
before doing a restore, you could run "mox verifydata" on the to-be-restored
"data" directory. it check the database files, and compares the message files
with the database.
the new "gentestdata" subcommand generates a basic "data" directory, with a
queue and a few accounts. we will use it in the future along with "verifydata"
to test upgrades from old version to the latest version. both when going to the
next version, and when skipping several versions. the script test-upgrades.sh
executes these tests and doesn't do anything at the moment, because no releases
have this subcommand yet.
inspired by a failed upgrade attempt of a pre-release version.
2023-05-26 20:26:51 +03:00
|
|
|
if DB == nil {
|
2023-01-30 16:27:06 +03:00
|
|
|
p := mox.DataDirPath("tlsrpt.db")
|
|
|
|
|
os.MkdirAll(filepath.Dir(p), 0770)
|
add a "backup" subcommand to make consistent backups, and a "verifydata" subcommand to verify a backup before restoring, and add tests for future upgrades
the backup command will make consistent snapshots of all the database files. i
had been copying the db files before, and it usually works. but if the file is
modified during the backup, it is inconsistent and is likely to generate errors
when reading (can be at any moment in the future, when reading some db page).
"mox backup" opens the database file and writes out a copy in a transaction.
it also duplicates the message files.
before doing a restore, you could run "mox verifydata" on the to-be-restored
"data" directory. it check the database files, and compares the message files
with the database.
the new "gentestdata" subcommand generates a basic "data" directory, with a
queue and a few accounts. we will use it in the future along with "verifydata"
to test upgrades from old version to the latest version. both when going to the
next version, and when skipping several versions. the script test-upgrades.sh
executes these tests and doesn't do anything at the moment, because no releases
have this subcommand yet.
inspired by a failed upgrade attempt of a pre-release version.
2023-05-26 20:26:51 +03:00
|
|
|
db, err := bstore.Open(ctx, p, &bstore.Options{Timeout: 5 * time.Second, Perm: 0660}, DBTypes...)
|
2023-01-30 16:27:06 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
add a "backup" subcommand to make consistent backups, and a "verifydata" subcommand to verify a backup before restoring, and add tests for future upgrades
the backup command will make consistent snapshots of all the database files. i
had been copying the db files before, and it usually works. but if the file is
modified during the backup, it is inconsistent and is likely to generate errors
when reading (can be at any moment in the future, when reading some db page).
"mox backup" opens the database file and writes out a copy in a transaction.
it also duplicates the message files.
before doing a restore, you could run "mox verifydata" on the to-be-restored
"data" directory. it check the database files, and compares the message files
with the database.
the new "gentestdata" subcommand generates a basic "data" directory, with a
queue and a few accounts. we will use it in the future along with "verifydata"
to test upgrades from old version to the latest version. both when going to the
next version, and when skipping several versions. the script test-upgrades.sh
executes these tests and doesn't do anything at the moment, because no releases
have this subcommand yet.
inspired by a failed upgrade attempt of a pre-release version.
2023-05-26 20:26:51 +03:00
|
|
|
DB = db
|
2023-01-30 16:27:06 +03:00
|
|
|
}
|
add a "backup" subcommand to make consistent backups, and a "verifydata" subcommand to verify a backup before restoring, and add tests for future upgrades
the backup command will make consistent snapshots of all the database files. i
had been copying the db files before, and it usually works. but if the file is
modified during the backup, it is inconsistent and is likely to generate errors
when reading (can be at any moment in the future, when reading some db page).
"mox backup" opens the database file and writes out a copy in a transaction.
it also duplicates the message files.
before doing a restore, you could run "mox verifydata" on the to-be-restored
"data" directory. it check the database files, and compares the message files
with the database.
the new "gentestdata" subcommand generates a basic "data" directory, with a
queue and a few accounts. we will use it in the future along with "verifydata"
to test upgrades from old version to the latest version. both when going to the
next version, and when skipping several versions. the script test-upgrades.sh
executes these tests and doesn't do anything at the moment, because no releases
have this subcommand yet.
inspired by a failed upgrade attempt of a pre-release version.
2023-05-26 20:26:51 +03:00
|
|
|
return DB, nil
|
2023-01-30 16:27:06 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Init opens and possibly initializes the database.
|
|
|
|
|
func Init() error {
|
2023-05-22 15:40:36 +03:00
|
|
|
_, err := database(mox.Shutdown)
|
2023-01-30 16:27:06 +03:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Close closes the database connection.
|
|
|
|
|
func Close() {
|
|
|
|
|
mutex.Lock()
|
|
|
|
|
defer mutex.Unlock()
|
add a "backup" subcommand to make consistent backups, and a "verifydata" subcommand to verify a backup before restoring, and add tests for future upgrades
the backup command will make consistent snapshots of all the database files. i
had been copying the db files before, and it usually works. but if the file is
modified during the backup, it is inconsistent and is likely to generate errors
when reading (can be at any moment in the future, when reading some db page).
"mox backup" opens the database file and writes out a copy in a transaction.
it also duplicates the message files.
before doing a restore, you could run "mox verifydata" on the to-be-restored
"data" directory. it check the database files, and compares the message files
with the database.
the new "gentestdata" subcommand generates a basic "data" directory, with a
queue and a few accounts. we will use it in the future along with "verifydata"
to test upgrades from old version to the latest version. both when going to the
next version, and when skipping several versions. the script test-upgrades.sh
executes these tests and doesn't do anything at the moment, because no releases
have this subcommand yet.
inspired by a failed upgrade attempt of a pre-release version.
2023-05-26 20:26:51 +03:00
|
|
|
if DB != nil {
|
|
|
|
|
err := DB.Close()
|
2023-02-16 15:22:00 +03:00
|
|
|
xlog.Check(err, "closing database")
|
add a "backup" subcommand to make consistent backups, and a "verifydata" subcommand to verify a backup before restoring, and add tests for future upgrades
the backup command will make consistent snapshots of all the database files. i
had been copying the db files before, and it usually works. but if the file is
modified during the backup, it is inconsistent and is likely to generate errors
when reading (can be at any moment in the future, when reading some db page).
"mox backup" opens the database file and writes out a copy in a transaction.
it also duplicates the message files.
before doing a restore, you could run "mox verifydata" on the to-be-restored
"data" directory. it check the database files, and compares the message files
with the database.
the new "gentestdata" subcommand generates a basic "data" directory, with a
queue and a few accounts. we will use it in the future along with "verifydata"
to test upgrades from old version to the latest version. both when going to the
next version, and when skipping several versions. the script test-upgrades.sh
executes these tests and doesn't do anything at the moment, because no releases
have this subcommand yet.
inspired by a failed upgrade attempt of a pre-release version.
2023-05-26 20:26:51 +03:00
|
|
|
DB = nil
|
2023-01-30 16:27:06 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// AddReport adds a TLS report to the database.
|
|
|
|
|
//
|
|
|
|
|
// The report should have come in over SMTP, with a DKIM-validated
|
|
|
|
|
// verifiedFromDomain. Using HTTPS for reports is not recommended as there is no
|
|
|
|
|
// authentication on the reports origin.
|
|
|
|
|
//
|
|
|
|
|
// The report is currently required to only cover a single domain in its policy
|
|
|
|
|
// domain. Only reports for known domains are added to the database.
|
|
|
|
|
//
|
|
|
|
|
// Prometheus metrics are updated only for configured domains.
|
|
|
|
|
func AddReport(ctx context.Context, verifiedFromDomain dns.Domain, mailFrom string, r *tlsrpt.Report) error {
|
|
|
|
|
log := xlog.WithContext(ctx)
|
|
|
|
|
|
2023-05-22 15:40:36 +03:00
|
|
|
db, err := database(ctx)
|
2023-01-30 16:27:06 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(r.Policies) == 0 {
|
|
|
|
|
return fmt.Errorf("no policies in report")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var reportdom, zerodom dns.Domain
|
|
|
|
|
record := TLSReportRecord{0, "", verifiedFromDomain.Name(), mailFrom, *r}
|
|
|
|
|
|
|
|
|
|
for _, p := range r.Policies {
|
|
|
|
|
pp := p.Policy
|
|
|
|
|
|
|
|
|
|
// Check domain, they must all be the same for now (in future, with DANE, this may
|
|
|
|
|
// no longer apply).
|
|
|
|
|
d, err := dns.ParseDomain(pp.Domain)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Errorx("invalid domain in tls report", err, mlog.Field("domain", pp.Domain), mlog.Field("mailfrom", mailFrom))
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
if _, ok := mox.Conf.Domain(d); !ok {
|
|
|
|
|
log.Info("unknown domain in tls report, not storing", mlog.Field("domain", d), mlog.Field("mailfrom", mailFrom))
|
|
|
|
|
return fmt.Errorf("unknown domain")
|
|
|
|
|
}
|
|
|
|
|
if reportdom != zerodom && d != reportdom {
|
2023-03-09 22:18:34 +03:00
|
|
|
return fmt.Errorf("multiple domains in report %s and %s", reportdom, d)
|
2023-01-30 16:27:06 +03:00
|
|
|
}
|
|
|
|
|
reportdom = d
|
|
|
|
|
|
|
|
|
|
metricSession.WithLabelValues("success").Add(float64(p.Summary.TotalSuccessfulSessionCount))
|
|
|
|
|
for _, f := range p.FailureDetails {
|
|
|
|
|
var result string
|
|
|
|
|
if _, ok := knownResultTypes[f.ResultType]; ok {
|
|
|
|
|
result = string(f.ResultType)
|
|
|
|
|
} else {
|
|
|
|
|
result = "other"
|
|
|
|
|
}
|
|
|
|
|
metricSession.WithLabelValues(result).Add(float64(f.FailedSessionCount))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
record.Domain = reportdom.Name()
|
2023-05-22 15:40:36 +03:00
|
|
|
return db.Insert(ctx, &record)
|
2023-01-30 16:27:06 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Records returns all TLS reports in the database.
|
|
|
|
|
func Records(ctx context.Context) ([]TLSReportRecord, error) {
|
2023-05-22 15:40:36 +03:00
|
|
|
db, err := database(ctx)
|
2023-01-30 16:27:06 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2023-05-22 15:40:36 +03:00
|
|
|
return bstore.QueryDB[TLSReportRecord](ctx, db).List()
|
2023-01-30 16:27:06 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// RecordID returns the report for the ID.
|
|
|
|
|
func RecordID(ctx context.Context, id int64) (TLSReportRecord, error) {
|
2023-05-22 15:40:36 +03:00
|
|
|
db, err := database(ctx)
|
2023-01-30 16:27:06 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return TLSReportRecord{}, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
e := TLSReportRecord{ID: id}
|
2023-05-22 15:40:36 +03:00
|
|
|
err = db.Get(ctx, &e)
|
2023-01-30 16:27:06 +03:00
|
|
|
return e, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// RecordsPeriodDomain returns the reports overlapping start and end, for the given
|
|
|
|
|
// domain. If domain is empty, all records match for domain.
|
|
|
|
|
func RecordsPeriodDomain(ctx context.Context, start, end time.Time, domain string) ([]TLSReportRecord, error) {
|
2023-05-22 15:40:36 +03:00
|
|
|
db, err := database(ctx)
|
2023-01-30 16:27:06 +03:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-22 15:40:36 +03:00
|
|
|
q := bstore.QueryDB[TLSReportRecord](ctx, db)
|
2023-01-30 16:27:06 +03:00
|
|
|
if domain != "" {
|
|
|
|
|
q.FilterNonzero(TLSReportRecord{Domain: domain})
|
|
|
|
|
}
|
|
|
|
|
q.FilterFn(func(r TLSReportRecord) bool {
|
|
|
|
|
dr := r.Report.DateRange
|
|
|
|
|
return !dr.Start.Before(start) && dr.Start.Before(end) || dr.End.After(start) && !dr.End.After(end)
|
|
|
|
|
})
|
|
|
|
|
return q.List()
|
|
|
|
|
}
|