Commit graph

82 commits

Author SHA1 Message Date
Mechiel Lukkien
6706c5c84a
add basic webserver that can do most of what i need
- serve static files, serving index.html or optionally listings for directories
- redirects
- reverse-proxy, forwarding requests to a backend

these are configurable through the config file. a domain and path regexp have to
be configured. path prefixes can be stripped.  configured domains are added to
the autotls allowlist, so acme automatically fetches certificates for them.

all webserver requests now have (access) logging, metrics, rate limiting.
on http errors, the error message prints an encrypted cid for relating with log files.

this also adds a new mechanism for example config files.
2023-02-28 22:19:24 +01:00
Mechiel Lukkien
fbfbd97947
connecction -> connection
from mteege
2023-02-28 20:43:31 +01:00
Mechiel Lukkien
994b5b9a0a
fix serving mta-sts policy files
i broke it 3 days ago when adding support for serving it through external reverse proxy.

report by mteege, thanks!
2023-02-28 20:40:52 +01:00
Mechiel Lukkien
da3fefd42e
explain to user they should pick a random, unguessable password
and help with a button to generate one.
2023-02-27 21:29:27 +01:00
Mechiel Lukkien
67c97c6499
on admin page, show warning when user hasn't enabled "check updates"
and send Accept-header when fetching changelog, so we can show an html version
instead of json when requested by regular browsers.
2023-02-27 15:03:37 +01:00
Mechiel Lukkien
92e018e463
change mox to start as root, bind to network sockets, then drop to regular unprivileged mox user
makes it easier to run on bsd's, where you cannot (easily?) let non-root users
bind to ports <1024. starting as root also paves the way for future improvements
with privilege separation.

unfortunately, this requires changes to how you start mox. though mox will help
by automatically fix up dir/file permissions/ownership.

if you start mox from the systemd unit file, you should update it so it starts
as root and adds a few additional capabilities:

        # first update the mox binary, then, as root:
        ./mox config printservice >mox.service
        systemctl daemon-reload
        systemctl restart mox
        journalctl -f -u mox &
        # you should see mox start up, with messages about fixing permissions on dirs/files.

if you used the recommended config/ and data/ directory, in a directory just for
mox, and with the mox user called "mox", this should be enough.

if you don't want mox to modify dir/file permissions, set "NoFixPermissions:
true" in mox.conf.

if you named the mox user something else than mox, e.g. "_mox", add "User: _mox"
to mox.conf.

if you created a shared service user as originally suggested, you may want to
get rid of that as it is no longer useful and may get in the way. e.g. if you
had /home/service/mox with a "service" user, that service user can no longer
access any files: only mox and root can.

this also adds scripts for building mox docker images for alpine-supported
platforms.

the "restart" subcommand has been removed. it wasn't all that useful and got in
the way.

and another change: when adding a domain while mtasts isn't enabled, don't add
the per-domain mtasts config, as it would cause failure to add the domain.

based on report from setting up mox on openbsd from mteege.
and based on issue #3. thanks for the feedback!
2023-02-27 12:19:55 +01:00
belst
8e178d9a1f fix config options 2023-02-26 15:57:28 +01:00
Mechiel Lukkien
0ede7f78c1
add option to handle autoconfig and mta-sts requests without TLS, for when it is reverse proxied
for #5 with hints from belst & idnovic
2023-02-25 11:28:15 +01:00
Mechiel Lukkien
ac3a3e496e
make api urls relative, so they can work then being reverse proxied
for #5, found by belst
2023-02-25 11:20:07 +01:00
Mechiel Lukkien
f2fd6241a0
do not bind to port 443 for tls-alpn01 if there is no ACME configured
for #2
2023-02-22 23:22:42 +01:00
Mechiel Lukkien
cc3a2c9bc8
make it possible to serve https on a different port than 443 through configuration
so you can run mox on openbsd with port redirects in pf.conf.

in the future, starting as root, binding the sockets, and passing the bound
sockets to a new unprivileged process should be implemented, but this should
get openbsd users going.

from discussion with mteege
2023-02-18 16:53:06 +01:00
Mechiel Lukkien
fb3794e31b
only send \NonExistent for IMAP4rev2, and automatically subscribe to imported mailboxes 2023-02-17 18:35:11 +01:00
Mechiel Lukkien
c65731ac56
fix 3 cases of shadowed variables (other than "err")
2 of these were actual bugs.
2023-02-16 13:24:51 +01:00
Mechiel Lukkien
5c33640aea
consistently use log.Check for logging errors that "should not happen", don't influence application flow
sooner or later, someone will notice one of these messages, which will lead us
to a bug.
2023-02-16 13:22:00 +01:00
Mechiel Lukkien
ef8e5fa1a8
on accounts page, fix opening destination with utf8
by decoding location.hash
2023-02-16 10:26:28 +01:00
Mechiel Lukkien
5336032088
add funtionality to import zip/tgz with maildirs/mboxes to account page
so users can easily take their email out of somewhere else, and import it into mox.

this goes a little way to give feedback as the import progresses: upload
progress is shown (surprisingly, browsers aren't doing this...), imported
mailboxes/messages are counted (batched) and import issues/warnings are
displayed, all sent over an SSE connection. an import token is stored in
sessionstorage. if you reload the page (e.g. after a connection error), the
browser will reconnect to the running import and show its progress again. and
you can just abort the import before it is finished and committed, and nothing
will have changed.

this also imports flags/keywords from mbox files.
2023-02-16 09:57:27 +01:00
Mechiel Lukkien
4a58b8f434
export more imap flags (eg $Junk/$NotJunk/$Forwarded) with maildirs, in dovecot-keywords file
and let the subcommand "export" use the same export code as the accounts page.
2023-02-13 22:37:25 +01:00
Mechiel Lukkien
3de6642b3a
implement exporting of all mailboxes/messages as zip/tgz of mbox/maildir 2023-02-13 18:04:05 +01:00
Mechiel Lukkien
ad51ffc365
make account web page configurable separately from admin, add http auth rate limiting
ideally both account & admin web pages should be on non-public ips (e.g. a
wireguard tunnel). but during setup, users may not have that set up, and they
may want to configure the admin/account pages on their public ip's. the auth
rate limiting should make it less of issue.

users can now also only put the account web page publicly available. useful for
if you're the admin and you have a vpn connection, but your other/external
users do not have a vpn into your mail server. to make the account page more
easily findable, the http root serves the account page. the admin page is still
at /admin/, to prevent clash with potential account pages, but if no account
page is present, you are helpfully redirected from / to /admin/.

this also adds a prometheus metric counting how often auth attempts have been
rate limited.
2023-02-13 13:53:47 +01:00
Mechiel Lukkien
bf04fb8a1a
improve training of junk filter
before, we used heuristics to decide when to train/untrain a message as junk or
nonjunk: the message had to be seen, be in certain mailboxes. then if a message
was marked as junk, it was junk. and otherwise it was nonjunk. this wasn't good
enough: you may want to keep some messages around as neither junk or nonjunk.
and that wasn't possible.

ideally, we would just look at the imap $Junk and $NotJunk flags. the problem
is that mail clients don't set these flags, or don't make it easy. thunderbird
can set the flags based on its own bayesian filter. it has a shortcut for
marking Junk and moving it to the junk folder (good), but the counterpart of
notjunk only marks a message as notjunk without showing in the UI that it was
marked as notjunk. there is also no "move and mark as notjunk" mechanism. e.g.
"archive" does not mark a message as notjunk. ios mail and mutt don't appear to
have any way to see or change the $Junk and $NotJunk flags.

what email clients do have is the ability to move messages to other
mailboxes/folders. so mox now has a mechanism that allows you to configure
mailboxes that automatically set $Junk or $NotJunk (or clear both) when a
message is moved/copied/delivered to that folder. e.g. a mailbox called junk or
spam or rejects marks its messags as junk. inbox, postmaster, dmarc, tlsrpt,
neutral* mark their messages as neither junk or notjunk. other folders mark
their messages as notjunk. e.g. list/*, archive. this functionality is
optional, but enabled with the quickstart and for new accounts.

also, mox now keeps track of the previous training of a message and will only
untrain/train if needed. before, there probably have been duplicate or missing
(un)trainings.

this also includes a new subcommand "retrain" to recreate the junkfilter for an
account. you should run it after updating to this version. and you should
probably also modify your account config to include the AutomaticJunkFlags.
2023-02-11 23:00:12 +01:00
Mechiel Lukkien
d48d19b840
in account web page, allow user to configure rulesets for delivery
for example, by matching incoming messags on smtp mail from, verified domains
(spf/dkim), headers. then delivering to a configured mailbox. for mailing
lists, if a verified domain matches, regular spam checks can be skipped.

this was already possible by editing the configuration file, but only admins
can edit that file. now users can manage their own rulesets.
2023-02-10 23:47:19 +01:00
Mechiel Lukkien
8bdca09b7b
on admin index page, show number of messages in queue next to link to the queue list 2023-02-08 19:42:21 +01:00
Mechiel Lukkien
e2516444b1
add comment about the embedded html files
after review note by jonathan hall, thanks!
2023-02-06 15:26:24 +01:00
Mechiel Lukkien
37713a974c
consistently use finally {} for cleanup in html/js 2023-02-06 15:23:33 +01:00
Mechiel Lukkien
6cbe4d5d37
allow unsetting a log level through subcommand and add admin page for settng log level 2023-02-06 15:17:46 +01:00
Mechiel Lukkien
e52c9d36a6
support cram-md5 authentication for imap and smtp
and change thunderbird autoconfiguration to use it.

unfortunately, for microsoft autodiscover, there appears to be no way to
request secure password negotiation. so it will default to plain text auth.

cram-md5 is less secure than scram-sha-*, but thunderbird does not yet support
scram auth. it currently chooses "plain", sending the literal password over the
connection (which is TLS-protected, but we don't want to receive clear text
passwords). in short, cram-md5 is better than nothing...

for cram-md5 to work, a new set of derived credentials need to be stored in the
database. so you need to save your password again to make it work. this was
also the case with the scram-sha-1 addition, but i forgot to mention it then.
2023-02-05 16:29:03 +01:00
Mechiel Lukkien
ae60cdac7e
allow requesting a certificate for autodiscover.<domain>, but don't recommend a DNS record that would make requests to it.
this may help testing again in the future. autodiscover with outlook is not
working now.
2023-02-03 17:53:45 +01:00
Mechiel Lukkien
c21b8c0d54
add reverse ip checks during quickstart and in "check dns" admin page/subcommand
- and don't have a global variable "d" in the big checkDomain function in http/admin.go.
- and set loglevel from command-line flag again after loading the config file, for all subcommands except "serve".
2023-02-03 15:54:34 +01:00
Mechiel Lukkien
2239f38232
actually get monospace font 2023-02-02 16:04:09 +01:00
Mechiel Lukkien
b723f938d8
longer timeout for domain dns/connectivity check
mostly to allow the first check to succeed. tls certificates will be requested then.
2023-02-02 12:58:33 +01:00
Mechiel Lukkien
045d7566d4
use rel=noopener noreferrer on more links
and make it easier with link() function. and get rid of some globals.
2023-02-01 21:53:43 +01:00
Mechiel Lukkien
cb229cb6cf
mox! 2023-01-30 14:27:06 +01:00