Commit graph

795 commits

Author SHA1 Message Date
Mechiel Lukkien
3d4cd00430
when opening an account by email address, such as during login attempts, and address is an alias, fail with proper error "no such credentials" instead of with error "no such account", which printing a stack trace
was encountered during smtp session. but could also happen for imapserver and
webmail.

in smtpserver, we now log error messages for smtp errors that cause us to print
a stack trace. would have made logging output more helpful (without having to
turn on trace-level logging).

hopefully solves issue #238 by mwyvr, thanks for reporting!
2024-11-10 23:20:17 +01:00
Mechiel Lukkien
0e338b0530
for aliases, enable "public posting" by default when creating an alias
and explain in more detail what it means in the webadmin interface.
will hopefully bring less confusion.

for issue #244 by exander77, thanks for reporting
2024-11-10 22:25:08 +01:00
Mechiel Lukkien
c13f1814fc
also use "SRV 0 0 port ." in webadmin pages
for issue #240, thanks bwbroersma for reporting and patch
2024-11-10 22:24:47 +01:00
Benjamin W. Broersma
355488028d
More RFC compliant SRV service not available
Fix #240.
2024-11-07 15:01:02 +01:00
Mechiel Lukkien
68c130f60e
add v0.0.13 to website 2024-11-06 23:20:44 +01:00
Mechiel Lukkien
22c8911bf3
disable tls session tickets to workaround deliverability issues with incoming email from microsoft
for issue #237
2024-11-06 10:19:23 +01:00
startup-001-steve
76f7b9ebf6
added link to Matrix Chat Room
and make matrix.to url a link and wrap text
2024-11-01 12:11:10 +01:00
Mechiel Lukkien
8fa197b19d
imapserver: for the "bodystructure" fetch response item, add the content-type parameters for multiparts so clients will get the mime boundary without having to parse the message themselves
"bodystructure" is like "body", but bodystructure allows returning more
information. we chose not to do that, initially because it was easier to
implement, and more recently because we can't easily return the additional
content-md5 field for leaf parts (since we don't have it in parsed form). but
now we just return the extended form for multiparts, and non-extended form for
leaf parts. likely no one would be looking for any content-md5-value for leaf
parts anyway. knowing the boundary is much more likely to be useful.

for issue #217 by danieleggert, thanks for reporting!
2024-11-01 11:28:25 +01:00
Mechiel Lukkien
598c5ea6ac
smtpserver: when logging recipients, actually show something about the recipient
before this change, we were logging an empty string, which turned into "[]",
looking like an empty array. misleading and unhelpful.

this is fixed by making struct fields on type recipient "exported" so they can
get logged, and by changing the logging code to log nested
struct/pointer/interface fields if we would otherwise wouldn't log anything
(when only logging more basic data types).

we'll now get log lines like:

	l=info m="deliver attempt to unknown user(s)" pkg=smtpserver recipients="[addr=bogus@test.example]"

for issue #232 by snabb, thanks for reporting!
2024-11-01 10:38:31 +01:00
Mechiel Lukkien
879477a01f
webmail: during "send and archive", don't fail with error message when message that is being responded to is already in archive folder
before this change, when archiving, we would move all messages from the thread
that are in the same mailbox as that of the response message to the archive
mailbox. so if the message that was being responsed to was already in the
archive mailbox, the message would be moved from archive mailbox to archive
mailbox, resulting in an error.

with this change, when archiving, we move the thread messages that are in the
same mailbox as is currently open (independent of the mailbox the message lives
in, a common situation in the threading view). if there is no open mailbox
(search results), we still use the mailbox of the message being responded to as
reference.

with this new approach, we won't get errors moving a message to an archive
mailbox when it's already there. well, you can still get that error, but then
you've got the archive mailbox open, or you're in a search result and
responding to an archived message. the error should at least help understand
that nothing is happening.

we are only moving the messages from one active/reference mailbox because we
don't want to move messages from the thread that are in the Sent mailbox, and
we also don't want to move duplicate messages (cross-posts to mailing lists)
that are in other mailboxes. moving only the messages from the current active
mailbox seems safe, and should do what is what users would expect most of the
time.

for issue #233 by mattfbacon, thanks for reporting!
2024-11-01 09:39:40 +01:00
Mechiel Lukkien
04305722a7
webmail: if we don't have loaded account settings yet, abort loading the popup after showing an error that the settings aren't available yet
missing returning/throwing error.

based on screenshot with unhandled js error in issue #218 by mgkirs
2024-10-10 14:29:52 +02:00
Mechiel Lukkien
0fbf24160c
add a handler for the acme http-01 validiation mechanism to all plain http (non-tls) webservers (ports), not only to the one listening on port 80
because this mechanism is most needed behind a reverse proxy, where acme
tls-alpn-01 won't work (because the reverse proxy won't pass on the alpn
extensions). if that's the case, there is obviously a webserver on port 443.
and it likely also running on port 80. so before this change, if tls-alpn-01
isn't available, http-01 also wasn't available, leaving no validation
mechanisms.

for issue #218 by mgkirs, thanks for reporting and details. hope this helps.
2024-10-10 14:04:13 +02:00
Mechiel Lukkien
354b9f4d98
tweak docs for release process 2024-10-06 13:07:11 +02:00
Mechiel Lukkien
bd842d3ff5
add upcoming release to website, and rotate apidiff 2024-10-06 12:48:56 +02:00
Mechiel Lukkien
5699686870
generate apidiff 2024-10-06 10:46:50 +02:00
Mechiel Lukkien
fdc0560ac4
for messages retired from the delivery queue, set "success" field properly, and include the smtp code/enhanced code on success too (not only on failure)
noticed some time ago when looking at my retired messages queue.
2024-10-05 11:06:42 +02:00
Mechiel Lukkien
fb65ec0676
webmail: fix loading a "view" (messages in a mailbox) when the "initial" message cannot be parsed
when we send a list of messages from the mox backend to the js frontend, we
include a parsed form of the "initial" message: the one we immediately show,
typically the top-most (unread) message. however, if that message could not be
parsed (due to invalid header syntax), we would fail the entire operation of
loading the view.

with this change, we simply don't return a parsed form of an initial message if
we cannot parse it. that will cause the webmail frontend to not select &
display a message immediately. if you then try to open the message, you'll
still get an error message as before. but at least the view has been loaded,
and you can open the raw message to inspect the contents.

for issue #219 by wneessen
2024-10-05 09:50:40 +02:00
Mechiel Lukkien
5d97bf198a
add support for parsing the imap "bodystructure" extensible form
not generating it yet from imapserver because we don't have content-md5
available. we could send "nil" instead of any actual content-md5 header (and
probably no contemporary messages include a content-md5 header), but it would
not be correct. if no known clients have problems in practice with absent
extensible data, it's better to just leave the bodystructure as is, with
extensible data.

for issue #217 by danieleggert
2024-10-04 22:55:43 +02:00
Mechiel Lukkien
81c179bb4c
fix embarrasing bug in checking if string is ascii
result reversed

for issue #179 and issue #157
2024-10-04 20:05:28 +02:00
Mechiel Lukkien
edb6e8d15c
webmail: fix displaying a message in separate window if there was no known viewmode (text or html or html with externals)
we were sending a zero value for ViewMode, which the frontend js rejected
during parsing.

noticed during testing.
2024-10-04 16:37:32 +02:00
Mechiel Lukkien
32b549b260
add more details to x-mox-reason message header added during delivery, for understanding why a message is accepted/rejected
we add various information while analysing an incoming message. like
dkim/spf/ip reputation. and content-based junk filter threshold/result and
ham/spam words used.

for issue #179 by Fell and #157 by mattfbacon
2024-10-04 16:01:30 +02:00
Mechiel Lukkien
98d0ff22bb
update to latest dependencies 2024-10-04 09:44:59 +02:00
Mechiel Lukkien
9a4fa8633f
add missing file from previous commit 2024-10-04 09:34:37 +02:00
Mechiel Lukkien
8f7fc3773b
add subcommand that prints licenses, and link to licenses from the webadmin/webaccount/webmail interfaces 2024-10-04 09:31:31 +02:00
Mechiel Lukkien
7d3f307156
acme port config option, explain why using a https reverse proxy will not work for acme tls-alpn-01 verification
related to #218 by mgkirs
2024-10-03 21:16:19 +02:00
Mechiel Lukkien
7ecc3f68ce
for the smtp login method, use challenges "Username:" and "Password:" as attempt to improve interoperability
there is only an internet-draft about the required behaviour. it says clients
should ignore the strings. some clients do check the string. most servers
appear to use "Username:" and "Password:" as challenge. we'll follow them,
hoping to improve interoperability.

for issue #223 by gdunstone, and with analysis from wneessen of go-mail.
thanks!
2024-10-03 20:29:40 +02:00
Mechiel Lukkien
bbc419c6ab
in webadmin when managing aliases, mention an alias member won't receive a message if the member address is in the message From header
this is a typical case if you made an alias to test how it works, with your
account. we may have to make this behaviour optional in the future.

for issue #220 by wneessen, thanks for reporting!
2024-10-03 20:20:14 +02:00
Mechiel Lukkien
c7315cb72d
handle scram errors more gracefully, not aborting the connection
for some errors during the scram authentication protocol, we would treat some
errors that a client connection could induce as server errors, printing a stack
trace and aborting the connection.

this change recognizes those errors and sends regular "authentication failed"
or "protocol error" error messages to the client.

for issue #222 by wneessen, thanks for reporting
2024-10-03 15:18:09 +02:00
Mechiel Lukkien
b0c4b09010
add "RcptTo" to webapi MessageGet result
otherwise, if the recipient was a bcc, there's no good way to see why the
message was received.

incoming webhooks already have this rcptto field, but that's not always the
moment you want to process it.

for mattanja on matrix, thanks for reporting!
2024-09-30 10:43:48 +02:00
Mechiel Lukkien
a7bdc41cd4
reject attempts at starttls for smtp & imap when no tls config is present
we didn't announce starttls as capability, but clients can still try them. we
would try to do a handshake with a nil certificate, which would cause a
goroutine panic (which is handled gracefully, shutting down the connection).

found with code that was doing starttls unconditionally.
2024-09-15 17:18:50 +02:00
Mechiel Lukkien
0977b7a6d3
get rid of some more gnulinuxisms
to get builds on openbsd going
2024-09-14 20:53:21 +02:00
Mechiel Lukkien
661e77c622
remove linuxism
should make build get further on openbsd
2024-09-14 14:22:39 +02:00
Mechiel Lukkien
b7ba0482ba
don't run install scripts when installing js dependencies 2024-09-08 09:49:24 +02:00
Mechiel Lukkien
594182aae5
webmail: rename query string param "token" to "singleUseToken" to be less scary in access logs
these singleusetokens can be redeemed once. so when you see it in the logs, it
can't be used again. they are short-lived anyway.

this change should help prevent me periodically investigating token handling...
2024-08-23 15:08:27 +02:00
Mechiel Lukkien
a977082b89
when login sessions to admin/account/webmail interfaces expiry or are no longer valid, explain the behaviour in the message
before, we would just say "session expired". now we say "session expired (after
12 hours inactivity)" (for admin) or "session expired (after 24 hours
inactivity)" for account/webmail. for unknown sessions in the admin interface,
we also explain that server restarts and 10 more new sessions can be the
reason.

for issue #202 by ally9335
2024-08-23 14:48:45 +02:00
Mechiel Lukkien
dfe4a54e0b
webmail: when a ui element (eg button) is disabled, make that clear with styles
since we have more of our own styling (probably since dark mode), we weren't
indicating anymore that a button was disabled. this actually only applies to
the button for the current mailbox of a message, when attempting to move it.

we now don't show any hover effects in that case, and we show the button
semitransparent.
2024-08-23 14:28:05 +02:00
Mechiel Lukkien
b77f44ab58
webmail: add setting to show html version of a message by default, instead of text version
related to issue #196 by GildedHonour
2024-08-23 14:02:55 +02:00
Mechiel Lukkien
fe9afb40bc
webmail: for html-only messages, ensure the "html" button is shown as active
instead of both "html" and "html with external resources" being shown as inactive.
2024-08-23 13:39:16 +02:00
Mechiel Lukkien
a485df830d
webapi: minor tweaks in docs 2024-08-23 12:12:13 +02:00
Mechiel Lukkien
6c488ead0b
webapi: implement adding "alternative files" to messages sent with the Send method
with new field "AlternativeFiles" in the JSON body, or with "alternativefile" form file uploads.

can be used if there is a (full) alternative representation (alternative to
text and/or html part), like a calendar item, or PDF file.

for issue #188 by morki
2024-08-23 12:00:25 +02:00
Mechiel Lukkien
62bd2f4427
for incoming smtp deliveries with starttls, use cert of hostname if sni hostname is unknown
instead of failing the connection because no certificates are available.

this may improve interoperability. perhaps the remote smtp client that's doing
the delivery will decide they do like the tls cert for our (mx) hostname after
all.

this only applies to incoming smtp deliveries. for other tls connections
(https, imaps/submissions and imap/submission with starttls) we still cause
connections for unknown sni hostnames to fail. if case no sni was present, we
were already falling back to a cert for the (listener/mx) hostname, that
behaviour hasn't changed.

for issue #206 by RobSlgm
2024-08-23 11:04:21 +02:00
Mechiel Lukkien
7e7f6d48f1
install latest versions of staticcheck & shadow
they tend to break each 6 months with a new go toolchain.
listing fixed versions probably causes more failures than always using the
latest versions.
2024-08-22 22:06:30 +02:00
Mechiel Lukkien
17346d6def
smtpclient: handle server closing connection after writing its response to RCPT TO
if icloud.com has your ip blocklisted, it will close the smtp connection after
writing a response to RCPT TO, before writing a response to a pipelined DATA
command. this is similar to the case (already handled) where a mail server
would close the connection after a response to MAIL FROM when pipelined.

we now recognize this situation (unexpected EOF before we get a response to
DATA, with all RCPT TO's failed), and treat the last response to RCPT TO as the
result.

for issue #198 by soheilpro, thanks for reporting and sending an smtpclient
trace that showed the behaviour.
2024-08-22 21:59:53 +02:00
Mechiel Lukkien
c16162eebc
update to golang.org/x/{crypto,net,text,sync,tools}@latest 2024-08-22 20:45:35 +02:00
Mechiel Lukkien
09b13ed4d5
update to golang.org/x/mod@latest 2024-08-22 20:41:06 +02:00
Mechiel Lukkien
e7e023c6d0
update dependency golang.org/x/sys to latest 2024-08-22 20:39:41 +02:00
Mechiel Lukkien
5678b03324
recognize more charsets than utf-8/iso-8859-1/us-ascii when parsing message headers with address
as they occur in From/To headers, for example: "From:
=?iso-8859-2?Q?Krist=FDna?= <k@example.com>".  we are using net/mail to parse
such headers. most address-parsing functions in that package will only decode
charsets utf-8, iso-8859-1 and us-ascii. we have to be careful to always use
net/mail.AddressParser with a WordDecoder that understands more that the
basics.

for issue #204 by morki, thanks for reporting!
2024-08-22 17:36:49 +02:00
Mechiel Lukkien
0bb4501472
update to latest bbolt (db library) v1.3.11
with a fix for releasing pages allocated during a transaction that was rolled
back.

also bumps required go version to go1.22
2024-08-22 16:22:09 +02:00
Mechiel Lukkien
016fde8d78
fix parsing message headers with addresses that need double quotes
we are using Go's net/mail to parse message headers. it can parse addresses,
and properly decodes email addresses with double quotes (e.g. " "@example.com).
however, it gives us an address without the double quotes in the localpart,
effectively an invalid address. we now have a workaround to parse such
not-quite-addresses.

for issue #199 reported by gene-hightower, thanks for reporting!
2024-08-22 16:03:52 +02:00
Mechiel Lukkien
79b641cdc6
webmail: remove todo for vi editing mode in textarea
users should install a plugin.
i wrote https://addons.mozilla.org/en-US/firefox/addon/vi-editing-mode/, seems
good enough for now.
2024-08-19 15:55:32 +02:00