Commit graph

9 commits

Author SHA1 Message Date
Mechiel Lukkien
5be4e91979
new items on roadmap, mention delivered-to rfc, fix wording in comments 2023-07-26 19:23:20 +02:00
Mechiel Lukkien
4819180de1
fix fetching errata after html changed 2023-06-27 19:31:47 +02:00
Mechiel Lukkien
e58fe31dd1
add all sieve rfc's and a few recent imap rfc's to the list, and update roadmap 2023-06-24 12:07:22 +02:00
Mechiel Lukkien
259928ab62
add reverse proxying websocket connections
if we recognize that a request for a WebForward is trying to turn the
connection into a websocket, we forward it to the backend and check if the
backend understands the websocket request. if so, we pass back the upgrade
response and get out of the way, copying bytes between the two. we do log the
total amount of bytes read from the client and written to the client. if the
backend doesn't respond with a websocke response, or an invalid one, we respond
with a regular non-websocket response. and we log details about the failed
connection, should help with debugging and any bug reports.

we don't try to parse the websocket framing, that's between the client and the
backend.  we could try to parse it, in part to protect the backend from bad
frames, but it would be a lot of work and could be brittle in the face of
extensions.

this doesn't yet handle websocket connections when a http proxy is configured.
we'll implement it when someone needs it. we do recognize it and fail the
connection.

for issue #25
2023-05-30 22:11:31 +02:00
Mechiel Lukkien
a6e603e1df
another rfc 2023-03-20 08:52:45 +01:00
Mechiel Lukkien
c9190337e6
another rfc (we don't implement it) 2023-02-27 22:35:07 +01:00
Mechiel Lukkien
e52c9d36a6
support cram-md5 authentication for imap and smtp
and change thunderbird autoconfiguration to use it.

unfortunately, for microsoft autodiscover, there appears to be no way to
request secure password negotiation. so it will default to plain text auth.

cram-md5 is less secure than scram-sha-*, but thunderbird does not yet support
scram auth. it currently chooses "plain", sending the literal password over the
connection (which is TLS-protected, but we don't want to receive clear text
passwords). in short, cram-md5 is better than nothing...

for cram-md5 to work, a new set of derived credentials need to be stored in the
database. so you need to save your password again to make it work. this was
also the case with the scram-sha-1 addition, but i forgot to mention it then.
2023-02-05 16:29:03 +01:00
Mechiel Lukkien
49dd5b7ba9
work around missing timezone in timestamps in tls reports from microsoft 2023-02-05 10:55:34 +01:00
Mechiel Lukkien
cb229cb6cf
mox! 2023-01-30 14:27:06 +01:00