Commit graph

132 commits

Author SHA1 Message Date
Mechiel Lukkien
a9b2bc8cec
replace use of docker registry docker.io (hub.docker.com) with self-hosted r.xmox.nl
when setting up the docker organization account for mox it already felt off.
depending on such a party to serve binaries didn't feel great to begin with.
after clarifying online discussions of docker's vague announcement of removing
free team organizations it was clearly time to move off hub.docker.com.  best to
self-host.

r.xmox.nl is hosted with the new github.com/mjl-/vex.

pinging issue #3
2023-03-20 09:35:49 +01:00
Mechiel Lukkien
a6e603e1df
another rfc 2023-03-20 08:52:45 +01:00
Mechiel Lukkien
9d03e2b135
add prometheus rules for mox 2023-03-12 22:14:42 +01:00
Mechiel Lukkien
ad49941302
add notes on release process 2023-03-12 21:52:07 +01:00
Mechiel Lukkien
7681f8bdc8
for localserve, validate the incoming message
it must be completely parsable.
normally, if we receive a message that we cannot fully parse, we accept it and
treat it as opaque application/octet-stream.

also make it more clear that localserve accepts email intended for any email
address.
2023-03-12 21:42:28 +01:00
Mechiel Lukkien
19ea0d9a58
make all helpall output go to the same file descriptor 2023-03-12 15:25:16 +01:00
Mechiel Lukkien
5535515fcb
move sendmail to separate file 2023-03-12 15:22:23 +01:00
Mechiel Lukkien
317dc78397
add pedantic mode (used by localserve) that refuses some behaviour that is invalid according to specifications and that we normally accept for compatibility 2023-03-12 15:16:01 +01:00
Mechiel Lukkien
132f08913b
log msgfrom for incoming delivered messages 2023-03-12 13:22:51 +01:00
Mechiel Lukkien
10daf3cb81
make http(s) path for serving the account and admin pages configurable
so you can use the host (domain) name of the mail server for serving other
resources too. the default is is still that account is served on /, and so
takes all incoming requests before giving webhandlers a chance.

mox localserve now serves the account pages on /account/
2023-03-12 11:52:15 +01:00
Mechiel Lukkien
0099197d00
add "mox localserve" subcommand, for running mox locally for email-related testing/developing
localserve creates a config for listening on localhost for
imap/smtp/submission/http, on port numbers 1000 + the common service port
numbers. all incoming email is accepted (if checks pass), and a few pattern in
localparts are recognized and result in delivery errors.
2023-03-12 11:40:00 +01:00
Mechiel Lukkien
bddc8e4062
also configure acme validation with http-01, and fix a bug that caused tls cert refresh at startup to not always run
we already do acme tls-alpn-01 validation, and still require it (we could relax
this at some point). http-01 is easy to add.

the bug was that the list of acme managers and hosts to refresh was overwritten
by another listener. the listeners are a map, and we range over it, so the
order we handle them is random. if the public listener was handled first, and
an internal handler later, the list was reset again.
2023-03-10 17:55:37 +01:00
Mechiel Lukkien
f60ad1452f
use configured tls ca config for all tls connections, so https as well
and add documentation for developers for setting up certificates with manual
local CA (with cfssl) or local ACME CA (with pebble).
2023-03-10 16:25:18 +01:00
Mechiel Lukkien
47b88550be
add a little explanation about sconf, the config file syntax 2023-03-10 11:42:50 +01:00
Mechiel Lukkien
f9eae88aba
for imap/smtp syntax errors, only echo the remaining buffer if the connection is authenticated 2023-03-10 11:32:34 +01:00
Mechiel Lukkien
e413c906b1
if the first smtp or imap command is invalid, shut down the connection instead of trying to read more
this is quite common on the internet. the other side may be trying some other
protocol, e.g. http, or some common vulnerability. we don't want to spam our
own logs with multiple invalid lines. if the first command is valid, but later
are not, we'll keep trying to process them. so this only affects protocol
sessions that are very likely not smtp/imap.

also remove a few more sleeps during tests, making imapserver and smtpserver tests a bit faster.
2023-03-10 10:23:43 +01:00
Mechiel Lukkien
2c07645ab4
deprecate having only localparts in an Account's Destinations, it should always be a full email address
current behaviour isn't intuitive. it's not great to have to attempt parsing
the strings as both localpart and email address. so we deprecate the
localpart-only behaviour. when we load the config file, and it has
localpart-only Destinations keys, we'll change them to full addresses in
memory. when an admin causes a write of domains.conf, it'll automatically be
fixed. we log an error with a deprecated notice for each localpart-only
destinations key.

sometime in the future, we can remove the old localpart-only destination
support. will be in the release notes then.

also start keeping track of update notes that need to make it in the release
notes of the next release.

for issue #18
2023-03-09 22:13:56 +01:00
Mechiel Lukkien
5742ed1537
when logging email addresses with IDNA domain and/or special characters or utf8 in localpart, log both native utf8 form and form with escape localpart and ascii-only domain
the idea is to make it clear from the logging if non-ascii characters are used.

this is implemented by making mlog recognize if a field value that will be
logged has a LogString method. if so, that value is logged. dns.Domain,
smtp.Address, smtp.Localpart, smtp.Path now have a LogString method.

some explicit calls to String have been replaced to LogString, and some %q
formatting have been replaced with %s, because the escaped localpart would
already have double quotes, and double doublequotes aren't easy to read.
2023-03-09 20:18:34 +01:00
Mechiel Lukkien
eb26e9b921
when rejecting a message, add field "msgfrom" to the logging line 2023-03-09 17:21:27 +01:00
Mechiel Lukkien
b0641a1901
mention the github watch release feature to stay up to date, and link to the rss feeds
if you watch for a release, you will get an email when a new release is created.
when a new tag is created, github does not notify you. so i will be creating
github releases for newly added tags, so it's easier to stay up to date with
that feature.
2023-03-09 16:50:24 +01:00
Mechiel Lukkien
e6df84a8de
add config field "IPsNATed" to listener, indicating the IPs are not the actual public IPs but are NATed, to skip a few DNS checks
the dns check was returning errors that could not be fixed with that setup,
which makes the checks much less useful.

for issue #17
2023-03-09 15:24:06 +01:00
Mechiel Lukkien
8b0706e02d
for WebRedirect, don't "match" when the destination URL has the same scheme,host,path, for doing http -> https redirects without loops
you can already get most http to https redirects through DontRedirectPlainHTTP
in WebHandler, but that needs handlers for all paths.

now you can just set up a redirect for a domain and all its path to baseurl
https://domain (leaving other webdirect fields empty). when the request comes
in with plain http, the redirect to https is done. that next request will also
evaluate the same redirect rule. but it will not cause a match because it would
redirect to the same scheme,host,path. so next webhandlers get a chance to
serve.

also clarify in webhandlers docs that also account & admin built-in handlers
run first.

related to issue #16
2023-03-08 23:29:44 +01:00
Mechiel Lukkien
a9ef0f2aea
add "mox dkim sign", useful for testing signatures
for issue #15
2023-03-07 21:59:55 +01:00
Mechiel Lukkien
39a097a5d4
add timezone db files to docker images 2023-03-07 16:53:55 +01:00
Mechiel Lukkien
ba75c73716
update to latest golang.org/x/crypto 2023-03-06 08:35:57 +01:00
Mechiel Lukkien
b2e6c29849
only check the autotls hostnames once when serving
not twice: for root process and for child process
2023-03-05 23:56:02 +01:00
Mechiel Lukkien
1bee32679a
tweak to email message with updates, and cleanup temporary changelog file in case of delivery error 2023-03-05 23:15:34 +01:00
Mechiel Lukkien
f867bcfa21
add updates serve command to serve a json or html version of the changelog.json, with contents based on ?from= query string 2023-03-05 22:38:29 +01:00
Mechiel Lukkien
dfd7b721ae
add warning about weak password when setting password via cli too 2023-03-05 16:42:34 +01:00
Mechiel Lukkien
dedc90f455
at startup, with acme, if the config has explicitly configured public ips (the default with the quickstart), lookup the host names allowed for acme validation and warn about ips that mox is not configured to listen on
i've seen this cause acme validation failures 3 times now, so give a hint in
the logs to new users. also for issue #13.
2023-03-05 16:22:23 +01:00
Mechiel Lukkien
845a72d07a
in quickstart, add -hostname flag and check public ips with 2 dnsbl's
- if the guessed hostname is not correct, you can specify one yourself. useful
  if you generate a config locally and deploy to a different machine.
- if explicit public ips are found, check them with spamhaus and spamcop DNSBLs
  and warn if they are listed, with links to check more DNSBLs. should prevent
  disappointment later on.
2023-03-05 15:40:26 +01:00
Mechiel Lukkien
ce54c6f1db
add hint on how to access your admin endpoint 2023-03-05 13:48:24 +01:00
Mechiel Lukkien
80bff3c076
typo's 2023-03-05 13:39:24 +01:00
Mechiel Lukkien
2e47540f22
in imapclient, when sending "astring" (atom or string), actually return the string when we need to quote it
from pexarkh, issue #11
2023-03-04 09:22:14 +01:00
Mechiel Lukkien
2768f5ec16
in imapclient, make Noop() send the noop command, not capabilities
from pexarkh, issue #12
2023-03-04 09:21:29 +01:00
Mechiel Lukkien
a168633ad0
add FAQ about minimum requirements to run mox
for issue #10
2023-03-04 01:04:54 +01:00
Mechiel Lukkien
15e262b043
make it easier to run with existing webserver
- make it easier to run with an existing webserver. the quickstart now has a new option for that, it generates a different mox.conf, and further instructions such as configuring the tls keys/certs and reverse proxy urls. and changes to make autoconfig work in that case too.
- when starting up, request a tls cert for the hostname and for the autoconfig endpoint. the first will be requested soon anyway, and the autoconfig cert is needed early so the first autoconfig request doesn't time out (without helpful message to the user by at least thunderbird). and don't request the certificate before the servers are online. the root process was now requesting the certs, before the child process was serving on the tls port.
- add examples of configs generated by the quickstart.
- enable debug logging in config from quickstart, to give user more info.

for issue #5
2023-03-04 00:49:02 +01:00
Mechiel Lukkien
73bfc58453
fix handling of reputation for messages that were moved out of the rejects mailbox
the idea of the rejects mailbox is to show messages that were rejected.  you can
look there, and if you see a message that should have been delivered, you can
move it to your inbox or archive.  next time a deliver attempt by that user is
attempted, they should be accepted, because you corrected the reject.  but that
wasn't happening, because the reputation-calculation is per-delivery mailbox
(e.g. Inbox) and we look at MailboxOrigID when calculating the reputation. and
that was set to the Rejects mailbox id, so the message wasn't considered. the
same applies to moving messages from Rejects to Junk (to train your filter).

we now keep track of a MailboxDestinedID, that is set to the mailbox that we
would have delivered to if we would not have rejected the message. then, when a
message is moved out of the Rejects mailbox, we change MailboxOrigID to
MailboxDestinedID. this essentially makes the message look like it was
delivered normally.
2023-03-03 13:19:27 +01:00
Mechiel Lukkien
30c79faff2
fix problem with spf where we would generate errors about too many void lookups
the problem was that we only looked up either the ipv4 or ipv6 address when
evaluating spf directives, depending on the incoming smtp connection. for
example, for spf directive "a", we would lookup the requested domain. if that
domain has an ipv4 address but no ipv6 address, and the incoming connection is
ipv6, we would count a void lookup. but we shouldn't: there is a record for
that name, it just doesn't match the address (family).
2023-03-03 11:45:19 +01:00
Mechiel Lukkien
1073ca2795
in readme, add link to docker hub, and add your changes will be under mit license too 2023-03-02 20:22:26 +01:00
Mechiel Lukkien
286411cf82
fix formatting of multiple ptr host names in admin dns check page
from mteege, thanks!
2023-03-02 20:07:02 +01:00
Mechiel Lukkien
6abee87aa3
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
  e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
  performance of server), another for duration until full response is sent to
  client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
  and hitting "save", the changes take effect immediately. the page itself
  doesn't look very well-designed (many input fields, makes it look messy). i
  have an idea to improve it (explained in admin.html as todo) by making the
  layout look just like the config file. not urgent though.

i've already changed my websites/webapps over.

the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 18:15:54 +01:00
Mechiel Lukkien
6706c5c84a
add basic webserver that can do most of what i need
- serve static files, serving index.html or optionally listings for directories
- redirects
- reverse-proxy, forwarding requests to a backend

these are configurable through the config file. a domain and path regexp have to
be configured. path prefixes can be stripped.  configured domains are added to
the autotls allowlist, so acme automatically fetches certificates for them.

all webserver requests now have (access) logging, metrics, rate limiting.
on http errors, the error message prints an encrypted cid for relating with log files.

this also adds a new mechanism for example config files.
2023-02-28 22:19:24 +01:00
Mechiel Lukkien
fbfbd97947
connecction -> connection
from mteege
2023-02-28 20:43:31 +01:00
Mechiel Lukkien
994b5b9a0a
fix serving mta-sts policy files
i broke it 3 days ago when adding support for serving it through external reverse proxy.

report by mteege, thanks!
2023-02-28 20:40:52 +01:00
Mechiel Lukkien
c9190337e6
another rfc (we don't implement it) 2023-02-27 22:35:07 +01:00
Mechiel Lukkien
d670e68745
make error message about listeners with a missing tls config more helpful for users
by pointing out which section is causing the need for a tls config.
2023-02-27 21:42:27 +01:00
Mechiel Lukkien
da3fefd42e
explain to user they should pick a random, unguessable password
and help with a button to generate one.
2023-02-27 21:29:27 +01:00
Mechiel Lukkien
aed8360002
more permissions in mox.service to ease with upgrade to v0.0.2
- CAP_FSETID looks needed to make accessing setgid dirs work.
- CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH are needed to access the existing config/mox.conf.
- CAP_FOWNER seems needed to chmod the config/ and data/ files.
- RestrictSUIDSGID=yes has to be off for chmod to work
2023-02-27 15:48:37 +01:00
Mechiel Lukkien
cfa6554d03
move sieve up to roadmap, and add jmap there as well, and add questions about staying up to date and learning more about email 2023-02-27 15:04:53 +01:00