tweak readme

2024-12-26 16:33:47 +03:00 · 2023-09-24 12:34:46 +02:00 · 2023-09-24 12:34:46 +02:00 · 024c13c551
commit 024c13c551
parent 55febe304e
1 changed files with 92 additions and 68 deletions
--- a/README.md
+++ b/README.md
@ -7,21 +7,18 @@ See Quickstart below to get started.
 - Quick and easy to start/maintain mail server, for your own domain(s).
 - SMTP (with extensions) for receiving, submitting and delivering email.
 - IMAP4 (with extensions) for giving email clients access to email.
- Automatic TLS with ACME, for use with Let's Encrypt and other CA's.
+- Webmail for reading/sending email from the browser.
- SPF, verifying that a remote host is allowed to send email for a domain.
+- SPF/DKIM/DMARC for authenticating messages/delivery, also DMARC reports.
- DKIM, verifying that a message is signed by the claimed sender domain,
+- Reputation tracking, learning (per user) host-, domain- and
-  and for signing emails sent by mox for others to verify.
+  sender address-based reputation from (Non-)Junk email classification.
 - DMARC, for enforcing SPF/DKIM policies set by domains. Incoming DMARC
  aggregate reports are analyzed.
 - Reputation tracking, learning (per user) host- and domain-based reputation from
  (Non-)Junk email.
 - Bayesian spam filtering that learns (per user) from (Non-)Junk email.
 - Slowing down senders with no/low reputation or questionable email content
  (similar to greylisting). Rejected emails are stored in a mailbox called Rejects
  for a short period, helping with misclassified legitimate synchronous
  signup/login/transactional emails.
- Internationalized email, with unicode names in domains and usernames
+- Internationalized email, with unicode in email address usernames
-  ("localparts").
+  ("localparts"), and in domain names (IDNA).
 - Automatic TLS with ACME, for use with Let's Encrypt and other CA's.
 - TLSRPT, parsing reports about TLS usage and issues.
 - MTA-STS, for ensuring TLS is used whenever it is required. Both serving of
  policies, and tracking and applying policies of remote servers.
@ -32,11 +29,10 @@ See Quickstart below to get started.
 - Autodiscovery (with SRV records, Microsoft-style, Thunderbird-style, and Apple
  device management profiles) for easy account setup (though client support is
  limited).
 - Webmail for reading/sending email from the browser.
 - Webserver with serving static files and forwarding requests (reverse
  proxy), so port 443 can also be used to serve websites.
 - Prometheus metrics and structured logging for operational insight.
- "localserve" subcommand for running mox locally for email-related
+- "mox localserve" subcommand for running mox locally for email-related
  testing/developing, including pedantic mode.
 Mox is available under the MIT-license and was created by Mechiel Lukkien,
@ -63,16 +59,19 @@ Verify you have a working mox binary:
 Note: Mox only compiles for/works on unix systems, not on Plan 9 or Windows.
 You can also run mox with docker image `r.xmox.nl/mox`, with tags like `v0.0.1`
-and `v0.0.1-go1.20.1-alpine3.17.2`, see https://r.xmox.nl/r/mox/.  See
+and `v0.0.1-go1.20.1-alpine3.17.2`, see https://r.xmox.nl/r/mox/. Though new
-docker-compose.yml in this repository for instructions on starting. You must run
+docker images aren't (automatically) generated for new Go runtime/compile
-docker with host networking, because mox needs to find your actual public IP's
+releases. See docker-compose.yml in this repository for instructions on
-and get the remote IPs for incoming connections, not a local/internal NAT IP.
+starting. It is important to run with docker host networking, so mox can use
 the public IPs and has correct remote IP information for incoming connections
 (important for junk filtering and rate-limiting). Given these caveats, it's
 recommended to run mox without docker.
 # Quickstart
 The easiest way to get started with serving email for your domain is to get a
-vm/machine dedicated to serving email, name it [host].[domain] (e.g.
+(virtual) machine dedicated to serving email, name it [host].[domain] (e.g.
 mail.example.com), login as root, and run:
 	# Create mox user and homedir (or pick another name or homedir):
@ -84,16 +83,17 @@ mail.example.com), login as root, and run:
 	# Generate config files for your address/domain:
 	./mox quickstart you@example.com
-The quickstart creates an account, generates a password and configuration
+The quickstart creates configuration files for the domain and account,
-files, prints the DNS records you need to manually create and prints commands
+generates an admin and account password, prints the DNS records you need to add
-to start mox and optionally install mox as a service.
+and prints commands to start mox and optionally install mox as a service.
-A dedicated machine is highly recommended because modern email requires HTTPS,
+A machine that doesn't already run a webserver is highly recommended because
-and mox currently needs it for automatic TLS.  You could combine mox with an
+modern email requires HTTPS, and mox currently needs it for automatic TLS.  You
-existing webserver, but it requires more configuration. If you want to serve
+could combine mox with an existing webserver, but it requires a lot more
-websites on the same machine, consider using the webserver built into mox. If
+configuration. If you want to serve websites on the same machine, consider using
-you want to run an existing webserver on port 443/80, see "mox help quickstart",
+the webserver built into mox. It's pretty good! If you want to run an existing
-it'll tell you to run "./mox quickstart -existing-webserver you@example.com".
+webserver on port 443/80, see "mox help quickstart", it'll tell you to run
 "./mox quickstart -existing-webserver you@example.com".
 After starting, you can access the admin web interface on internal IPs.
@ -115,37 +115,48 @@ The code is heavily cross-referenced with the RFCs for readability/maintainabili
 ## Roadmap
 - DANE and DNSSEC
- Non-HTTP-based authentication for webmail/webadmin/webaccount.
+- Authentication other than HTTP-basic for webmail/webadmin/webaccount
- Per-domain webmail and imap/smtp host name (and TLS cert) and client settings.
+- Per-domain webmail and IMAP/SMTP host name (and TLS cert) and client settings
 - Sending DMARC and TLS reports (currently only receiving)
 - Require TLS SMTP extension (RFC 8689)
- Prepare data storage for JMAP
+- Sending DMARC and TLS reports (currently only receiving)
- Calendaring
+- Make mox Go packages more easily reusable, each pulling in fewer (internal)
  dependencies
 - HTTP-based API for sending messages and receiving delivery feedback
 - Calendaring with CalDAV/iCal
 - More IMAP extensions (PREVIEW, WITHIN, IMPORTANT, COMPRESS=DEFLATE,
  CREATE-SPECIAL-USE, SAVEDATE, UNAUTHENTICATE, REPLACE, QUOTA, NOTIFY,
  MULTIAPPEND, OBJECTID, MULTISEARCH)
 - ARC, with forwarded email from trusted source
 - Forwarding (to an external address)
 - Add special IMAP mailbox ("Queue?") that contains queued but
-  not-yet-delivered messages
+  not-yet-delivered messages, updated with IMAP flags/keywords/tags.
 - OAUTH2 support, for single sign on
 - Sieve for filtering (for now see Rulesets in the account config)
 - Expose threading through IMAP extension
 - Autoresponder (out of office/vacation)
 - OAUTH2 support, for single sign on
 - Privilege separation, isolating parts of the application to more restricted
  sandbox (e.g. new unauthenticated connections)
 - Using mox as backup MX
 - ARC, with forwarded email from trusted source
 - JMAP
 - Autoresponder (out of office/vacation)
 - HTTP-based API for sending messages and receiving delivery feedback
 - Milter support, for integration with external tools
 - IMAP extensions for "online"/non-syncing/webmail clients (SORT (including
  DISPLAYFROM, DISPLAYTO), THREAD, PARTIAL, CONTEXT=SEARCH CONTEXT=SORT ESORT,
  FILTERS)
 - IMAP Sieve extension, to run Sieve scripts after message changes (not only
  new deliveries)
 - Improve support for mobile clients with extensions: IMAP URLAUTH, SMTP
  CHUNKING and BINARYMIME, IMAP CATENATE
 There are many smaller improvements to make as well, search for "todo" in the code.
-## Not supported
+## Not supported/planned
 But perhaps in the future...
 - Mailing list manager
 - Functioning as SMTP relay
 - Forwarding (to an external address)
 - POP3
 - Delivery to (unix) OS system users
 - Mailing list manager
 - Support for pluggable delivery mechanisms
 - iOS Mail push notifications (with XAPPLEPUSHSERVICE undocumented imap
  extension and hard to get APNS certificate)
@ -156,18 +167,22 @@ But perhaps in the future...
 ## Why a new mail server implementation?
 Mox aims to make "running a mail server" easy and nearly effortless. Excellent
-quality mail server software exists, but getting a working setup typically
+quality (open source) mail server software exists, but getting a working setup
-requires you configure half a dozen services (SMTP, IMAP, SPF/DKIM/DMARC, spam
+typically requires you configure half a dozen services (SMTP, IMAP,
-filtering). That seems to lead to people no longer running their own mail
+SPF/DKIM/DMARC, spam filtering), which are often written in C (where small bugs
-servers, instead switching to one of the few centralized email providers. Email
+often have large consequences). That seems to lead to people no longer running
-with SMTP is a long-time decentralized messaging protocol. To keep it
+their own mail servers, instead switching to one of the few centralized email
-decentralized, people need to run their own mail server. Mox aims to make that
+providers. Email with SMTP is a long-time decentralized messaging protocol. To
-easy.
+keep it decentralized, people need to run their own mail server. Mox aims to
 make that easy.
 ## Where is the documentation?
-See all commands and help text at https://pkg.go.dev/github.com/mjl-/mox/, and
+See all commands and help output at https://pkg.go.dev/github.com/mjl-/mox/.
-example config files at https://pkg.go.dev/github.com/mjl-/mox/config/.
+
 See the commented example config files at
 https://pkg.go.dev/github.com/mjl-/mox/config/. They often contain enough
 documentation about a feature and how to configure it.
 You can get the same information by running "mox" without arguments to list its
 subcommands and usage, and "mox help [subcommand]" for more details.
@ -190,7 +205,8 @@ Similarly, see the export functionality on the accounts web page and the "mox
 export maildir" and "mox export mbox" subcommands to export email.
 Importing large mailboxes may require a lot of memory (a limitation of the
-current database). Splitting up mailboxes in smaller parts would help.
+current database). Splitting up mailboxes in smaller parts (e.g. 100k messages)
 would help.
 ## How can I help?
@ -207,8 +223,9 @@ compatibility issues, limitations, anti-spam measures, specification
 violations, that would be interesting to hear about.
 Pull requests for bug fixes and new code are welcome too. If the changes are
-large, it helps to start a discussion (create a ticket) before doing all the
+large, it helps to start a discussion (create an "issue") before doing all the
-work. It's best to get started with a small change, and go from there!
+work. In practice, starting with a small contribution and growing from there has
 the highest chance of success.
 By contributing (e.g. code), you agree your contributions are licensed under the
 MIT license (like mox), and have the rights to do so.
@ -228,8 +245,8 @@ setaccountpassword".
 The admin can change the password of any account through the admin page, at
 http://localhost/admin/ by default (leave username empty when logging in).
-The account and admin pages are served on localhost on your mail server.
+The account and admin pages are served on localhost for configs created with
-To access these from your browser, run
+the quickstart.  To access these from your browser, run
 `ssh -L 8080:localhost:80 you@yourmachine` locally and open
 http://localhost:8080/[...].
@ -240,8 +257,13 @@ The admin password can be changed with "mox setadminpassword".
 Unfortunately, mox does not yet provide an option for that. Mox does spam
 filtering based on reputation of received messages. It will take a good amount
 of work to share that information with a backup MX. Without that information,
-spammers could use a backup MX to get their spam accepted. Until mox has a
+spammers could use a backup MX to get their spam accepted.
-proper solution, you can simply run a single SMTP server.
+
 Until mox has a proper solution, you can simply run a single SMTP server. The
 author has run a single mail server for over a decade without issues. Machines
 and network connectivity are stable nowadays, and email delivery will be
 retried for many hours during temporary errors (e.g. when rebooting a machine
 after updates).
 ## How do I stay up to date?
@ -270,18 +292,19 @@ and the release you're upgrading to.
 Before upgrading, make a backup of the data directory with `mox backup
 <destdir>`. This writes consistent snapshots of the database files, and
-duplicates message files from the queue and accounts.  Using the new mox
+duplicates message files from the outgoing queue and accounts.  Using the new
-binary, run `mox verifydata <backupdir>` (do NOT use the "live" data
+mox binary, run `mox verifydata <backupdir>` (do NOT use the "live" data
 directory!) for a dry run. If this fails, an upgrade will probably fail too.
-Important: verifydata with the new mox binary can modify the database files
+Important: verifydata with the new mox binary can modify the database files (due
-(due to automatic schema upgrades). So make a fresh backup again before the
+to automatic schema upgrades). So make a fresh backup again before the actual
-actual upgrade. See the help output of the "backup" and "verifydata" commands
+upgrade. See the help output of the "backup" and "verifydata" commands for more
-for more details.
+details.
-During backup, message files are hardlinked if possible. Using a destination
+During backup, message files are hardlinked if possible, and copied otherwise.
-directory like `data/tmp/backup` increases the odds hardlinking succeeds: the
+Using a destination directory like `data/tmp/backup` increases the odds
-default systemd service file specifically mounts the data directory, causing
+hardlinking succeeds: the default mox systemd service file mounts
-attempts to outside it to fail with an error about cross-device linking.
+the data directory separately, so hardlinks to outside the data directory are
 cross-device and will fail.
 If an upgrade fails and you have to restore (parts) of the data directory, you
 should run `mox verifydata <datadir>` (with the original binary) on the
@ -359,9 +382,10 @@ helps you set up a system that doesn't trigger most of the technical signals
 a mail server or address for the first time. Sending from a newly registered
 domain. Sending messages with content that resembles known spam messages.
-Should your email be rejected, you will typically get an error message that
+Should your email be rejected, you will typically get an error message during
-explains why. In the case of big email providers the error message often has
+the SMTP transaction that explains why. In the case of big email providers the
-instructions on how to prove to them you are a legimate sender.
+error message often has instructions on how to prove to them you are a legimate
 sender.
 ## Can I use existing TLS certificates/keys?