Commit graph

84 commits

Author SHA1 Message Date
Mechiel Lukkien
cafbfc5fdf
tweaks to backup & verifydata tool to make a typical backup+verifydata produce no output
for easy use in a crontab
2023-06-01 11:34:28 +02:00
Mechiel Lukkien
aad5a5bcb9
add a "backup" subcommand to make consistent backups, and a "verifydata" subcommand to verify a backup before restoring, and add tests for future upgrades
the backup command will make consistent snapshots of all the database files. i
had been copying the db files before, and it usually works. but if the file is
modified during the backup, it is inconsistent and is likely to generate errors
when reading (can be at any moment in the future, when reading some db page).
"mox backup" opens the database file and writes out a copy in a transaction.
it also duplicates the message files.

before doing a restore, you could run "mox verifydata" on the to-be-restored
"data" directory. it check the database files, and compares the message files
with the database.

the new "gentestdata" subcommand generates a basic "data" directory, with a
queue and a few accounts. we will use it in the future along with "verifydata"
to test upgrades from old version to the latest version. both when going to the
next version, and when skipping several versions. the script test-upgrades.sh
executes these tests and doesn't do anything at the moment, because no releases
have this subcommand yet.

inspired by a failed upgrade attempt of a pre-release version.
2023-05-26 19:26:51 +02:00
Mechiel Lukkien
753ec56b3d
make "mailbox" parameter to unlisted command "bumpuidvalidity" optional, to update the uidvalidity for all mailboxes
useful after a database restore.
2023-05-22 18:11:42 +02:00
Mechiel Lukkien
1f5ab1b795
fix language in comments
found through goreportcard.com
2023-05-22 15:04:06 +02:00
Mechiel Lukkien
e81930ba20
update to latest bstore (with support for an index on a []string: Message.DKIMDomains), and cyclic data types (to be used for Message.Part soon); also adds a context.Context to database operations. 2023-05-22 14:40:36 +02:00
Mechiel Lukkien
b571dd4b28
implement a catchall address for a domain
by specifying a "destination" in an account that is just "@" followed by the
domain, e.g. "@example.org". messages are only delivered to the catchall
address when no regular destination matches (taking the per-domain
catchall-separator and case-sensisitivity into account).

for issue #18
2023-03-29 21:11:43 +02:00
Mechiel Lukkien
d36419170b
also use -loglevel in localserve, and fail if the loglevel is invalid 2023-03-20 13:01:49 +01:00
Mechiel Lukkien
19ea0d9a58
make all helpall output go to the same file descriptor 2023-03-12 15:25:16 +01:00
Mechiel Lukkien
5535515fcb
move sendmail to separate file 2023-03-12 15:22:23 +01:00
Mechiel Lukkien
317dc78397
add pedantic mode (used by localserve) that refuses some behaviour that is invalid according to specifications and that we normally accept for compatibility 2023-03-12 15:16:01 +01:00
Mechiel Lukkien
0099197d00
add "mox localserve" subcommand, for running mox locally for email-related testing/developing
localserve creates a config for listening on localhost for
imap/smtp/submission/http, on port numbers 1000 + the common service port
numbers. all incoming email is accepted (if checks pass), and a few pattern in
localparts are recognized and result in delivery errors.
2023-03-12 11:40:00 +01:00
Mechiel Lukkien
5742ed1537
when logging email addresses with IDNA domain and/or special characters or utf8 in localpart, log both native utf8 form and form with escape localpart and ascii-only domain
the idea is to make it clear from the logging if non-ascii characters are used.

this is implemented by making mlog recognize if a field value that will be
logged has a LogString method. if so, that value is logged. dns.Domain,
smtp.Address, smtp.Localpart, smtp.Path now have a LogString method.

some explicit calls to String have been replaced to LogString, and some %q
formatting have been replaced with %s, because the escaped localpart would
already have double quotes, and double doublequotes aren't easy to read.
2023-03-09 20:18:34 +01:00
Mechiel Lukkien
8b0706e02d
for WebRedirect, don't "match" when the destination URL has the same scheme,host,path, for doing http -> https redirects without loops
you can already get most http to https redirects through DontRedirectPlainHTTP
in WebHandler, but that needs handlers for all paths.

now you can just set up a redirect for a domain and all its path to baseurl
https://domain (leaving other webdirect fields empty). when the request comes
in with plain http, the redirect to https is done. that next request will also
evaluate the same redirect rule. but it will not cause a match because it would
redirect to the same scheme,host,path. so next webhandlers get a chance to
serve.

also clarify in webhandlers docs that also account & admin built-in handlers
run first.

related to issue #16
2023-03-08 23:29:44 +01:00
Mechiel Lukkien
a9ef0f2aea
add "mox dkim sign", useful for testing signatures
for issue #15
2023-03-07 21:59:55 +01:00
Mechiel Lukkien
b2e6c29849
only check the autotls hostnames once when serving
not twice: for root process and for child process
2023-03-05 23:56:02 +01:00
Mechiel Lukkien
f867bcfa21
add updates serve command to serve a json or html version of the changelog.json, with contents based on ?from= query string 2023-03-05 22:38:29 +01:00
Mechiel Lukkien
dfd7b721ae
add warning about weak password when setting password via cli too 2023-03-05 16:42:34 +01:00
Mechiel Lukkien
15e262b043
make it easier to run with existing webserver
- make it easier to run with an existing webserver. the quickstart now has a new option for that, it generates a different mox.conf, and further instructions such as configuring the tls keys/certs and reverse proxy urls. and changes to make autoconfig work in that case too.
- when starting up, request a tls cert for the hostname and for the autoconfig endpoint. the first will be requested soon anyway, and the autoconfig cert is needed early so the first autoconfig request doesn't time out (without helpful message to the user by at least thunderbird). and don't request the certificate before the servers are online. the root process was now requesting the certs, before the child process was serving on the tls port.
- add examples of configs generated by the quickstart.
- enable debug logging in config from quickstart, to give user more info.

for issue #5
2023-03-04 00:49:02 +01:00
Mechiel Lukkien
6abee87aa3
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
  e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
  performance of server), another for duration until full response is sent to
  client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
  and hitting "save", the changes take effect immediately. the page itself
  doesn't look very well-designed (many input fields, makes it look messy). i
  have an idea to improve it (explained in admin.html as todo) by making the
  layout look just like the config file. not urgent though.

i've already changed my websites/webapps over.

the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 18:15:54 +01:00
Mechiel Lukkien
6706c5c84a
add basic webserver that can do most of what i need
- serve static files, serving index.html or optionally listings for directories
- redirects
- reverse-proxy, forwarding requests to a backend

these are configurable through the config file. a domain and path regexp have to
be configured. path prefixes can be stripped.  configured domains are added to
the autotls allowlist, so acme automatically fetches certificates for them.

all webserver requests now have (access) logging, metrics, rate limiting.
on http errors, the error message prints an encrypted cid for relating with log files.

this also adds a new mechanism for example config files.
2023-02-28 22:19:24 +01:00
Mechiel Lukkien
92e018e463
change mox to start as root, bind to network sockets, then drop to regular unprivileged mox user
makes it easier to run on bsd's, where you cannot (easily?) let non-root users
bind to ports <1024. starting as root also paves the way for future improvements
with privilege separation.

unfortunately, this requires changes to how you start mox. though mox will help
by automatically fix up dir/file permissions/ownership.

if you start mox from the systemd unit file, you should update it so it starts
as root and adds a few additional capabilities:

        # first update the mox binary, then, as root:
        ./mox config printservice >mox.service
        systemctl daemon-reload
        systemctl restart mox
        journalctl -f -u mox &
        # you should see mox start up, with messages about fixing permissions on dirs/files.

if you used the recommended config/ and data/ directory, in a directory just for
mox, and with the mox user called "mox", this should be enough.

if you don't want mox to modify dir/file permissions, set "NoFixPermissions:
true" in mox.conf.

if you named the mox user something else than mox, e.g. "_mox", add "User: _mox"
to mox.conf.

if you created a shared service user as originally suggested, you may want to
get rid of that as it is no longer useful and may get in the way. e.g. if you
had /home/service/mox with a "service" user, that service user can no longer
access any files: only mox and root can.

this also adds scripts for building mox docker images for alpine-supported
platforms.

the "restart" subcommand has been removed. it wasn't all that useful and got in
the way.

and another change: when adding a domain while mtasts isn't enabled, don't add
the per-domain mtasts config, as it would cause failure to add the domain.

based on report from setting up mox on openbsd from mteege.
and based on issue #3. thanks for the feedback!
2023-02-27 12:19:55 +01:00
Mechiel Lukkien
4e5030ff38
fix output of "mox checkupdate", and specify changes to be from newest to oldest 2023-02-17 20:14:26 +01:00
Mechiel Lukkien
5c33640aea
consistently use log.Check for logging errors that "should not happen", don't influence application flow
sooner or later, someone will notice one of these messages, which will lead us
to a bug.
2023-02-16 13:22:00 +01:00
Mechiel Lukkien
23b530ae36
use config/mox.conf as default path for the config file
this matches how the quickstart recommends setting up mox.
i've been running "./mox -config/mox.conf" from there for admin commands, but
"mox" is enough now.
2023-02-13 22:40:45 +01:00
Mechiel Lukkien
bf04fb8a1a
improve training of junk filter
before, we used heuristics to decide when to train/untrain a message as junk or
nonjunk: the message had to be seen, be in certain mailboxes. then if a message
was marked as junk, it was junk. and otherwise it was nonjunk. this wasn't good
enough: you may want to keep some messages around as neither junk or nonjunk.
and that wasn't possible.

ideally, we would just look at the imap $Junk and $NotJunk flags. the problem
is that mail clients don't set these flags, or don't make it easy. thunderbird
can set the flags based on its own bayesian filter. it has a shortcut for
marking Junk and moving it to the junk folder (good), but the counterpart of
notjunk only marks a message as notjunk without showing in the UI that it was
marked as notjunk. there is also no "move and mark as notjunk" mechanism. e.g.
"archive" does not mark a message as notjunk. ios mail and mutt don't appear to
have any way to see or change the $Junk and $NotJunk flags.

what email clients do have is the ability to move messages to other
mailboxes/folders. so mox now has a mechanism that allows you to configure
mailboxes that automatically set $Junk or $NotJunk (or clear both) when a
message is moved/copied/delivered to that folder. e.g. a mailbox called junk or
spam or rejects marks its messags as junk. inbox, postmaster, dmarc, tlsrpt,
neutral* mark their messages as neither junk or notjunk. other folders mark
their messages as notjunk. e.g. list/*, archive. this functionality is
optional, but enabled with the quickstart and for new accounts.

also, mox now keeps track of the previous training of a message and will only
untrain/train if needed. before, there probably have been duplicate or missing
(un)trainings.

this also includes a new subcommand "retrain" to recreate the junkfilter for an
account. you should run it after updating to this version. and you should
probably also modify your account config to include the AutomaticJunkFlags.
2023-02-11 23:00:12 +01:00
Mechiel Lukkien
6cbe4d5d37
allow unsetting a log level through subcommand and add admin page for settng log level 2023-02-06 15:17:46 +01:00
Mechiel Lukkien
4202fbe108
make the setaccountpassword talk through ctl
otherwise, setting a password will block if something has the account open,
e.g. any imap connection. so in practice it only worked when mox isn't running.
2023-02-06 11:31:46 +01:00
Mechiel Lukkien
52e7054c49
fix typo's
some through goreportcard.com
2023-02-06 11:00:11 +01:00
Mechiel Lukkien
e52c9d36a6
support cram-md5 authentication for imap and smtp
and change thunderbird autoconfiguration to use it.

unfortunately, for microsoft autodiscover, there appears to be no way to
request secure password negotiation. so it will default to plain text auth.

cram-md5 is less secure than scram-sha-*, but thunderbird does not yet support
scram auth. it currently chooses "plain", sending the literal password over the
connection (which is TLS-protected, but we don't want to receive clear text
passwords). in short, cram-md5 is better than nothing...

for cram-md5 to work, a new set of derived credentials need to be stored in the
database. so you need to save your password again to make it work. this was
also the case with the scram-sha-1 addition, but i forgot to mention it then.
2023-02-05 16:29:03 +01:00
Mechiel Lukkien
ffb2a10a4e
add two new log levels for tracing sensitive auth protocol messages, and bulk data messages
named "traceauth" and "tracedata".

with this, you can (almost) enable trace logging without fear of logging
sensitive data or ddos'ing your log server.

the caveat is that the imap login command has already printed the line as
regular trace before we can decide it should not be. can be fixed soon.
2023-02-03 20:33:19 +01:00
Mechiel Lukkien
c21b8c0d54
add reverse ip checks during quickstart and in "check dns" admin page/subcommand
- and don't have a global variable "d" in the big checkDomain function in http/admin.go.
- and set loglevel from command-line flag again after loading the config file, for all subcommands except "serve".
2023-02-03 15:54:34 +01:00
Mechiel Lukkien
8bbaa38c74
improve sendmail
- when sendmail is invoked to sent to a local user, eg "root", send to a
  configured defaultaddress instead. previously, we would fail printing usage.
- add a subcommand that prints the config file, /etc/moxsubmit.conf.
- follow the STARTTLS setting.
- fix running as just plain sendmail.
2023-02-03 14:15:34 +01:00
Mechiel Lukkien
ba077dadd0
in dkim-signature header, allow FWS anywhere in "z=" (copied headers), and prevent panic in cli command "mox dkim verify" when a dkim-signature cannot be parsed
the BNF for "z=" does not show FWS is allowed (while it does in other places,
eg base64), but the text above the BNF explains it in words.
2023-02-03 13:29:47 +01:00
Mechiel Lukkien
cb229cb6cf
mox! 2023-01-30 14:27:06 +01:00