Commit graph

686 commits

Author SHA1 Message Date
Mechiel Lukkien
707d3a3fa0
store rejects for 14 days, and don't keep them as neutral by default so they won't cause outright rejects for repeated delivery attempts of spam messages
the previous default, marking the messages as junk had the interesting effect
of training the junk filter. rejecting could have been the result of the
sending IP being in the DNSBL. so the DNSBL helped to automatically train the
junk filter. perhaps we can keep that in the future and just not take messages
from the rejects mailbox into account when evaluating the reputation for
incoming deliveries.
2023-02-13 10:47:20 +01:00
Mechiel Lukkien
87854cfde3
change some log levels from info to debug, and use lower case log messages 2023-02-11 23:54:22 +01:00
Mechiel Lukkien
bf04fb8a1a
improve training of junk filter
before, we used heuristics to decide when to train/untrain a message as junk or
nonjunk: the message had to be seen, be in certain mailboxes. then if a message
was marked as junk, it was junk. and otherwise it was nonjunk. this wasn't good
enough: you may want to keep some messages around as neither junk or nonjunk.
and that wasn't possible.

ideally, we would just look at the imap $Junk and $NotJunk flags. the problem
is that mail clients don't set these flags, or don't make it easy. thunderbird
can set the flags based on its own bayesian filter. it has a shortcut for
marking Junk and moving it to the junk folder (good), but the counterpart of
notjunk only marks a message as notjunk without showing in the UI that it was
marked as notjunk. there is also no "move and mark as notjunk" mechanism. e.g.
"archive" does not mark a message as notjunk. ios mail and mutt don't appear to
have any way to see or change the $Junk and $NotJunk flags.

what email clients do have is the ability to move messages to other
mailboxes/folders. so mox now has a mechanism that allows you to configure
mailboxes that automatically set $Junk or $NotJunk (or clear both) when a
message is moved/copied/delivered to that folder. e.g. a mailbox called junk or
spam or rejects marks its messags as junk. inbox, postmaster, dmarc, tlsrpt,
neutral* mark their messages as neither junk or notjunk. other folders mark
their messages as notjunk. e.g. list/*, archive. this functionality is
optional, but enabled with the quickstart and for new accounts.

also, mox now keeps track of the previous training of a message and will only
untrain/train if needed. before, there probably have been duplicate or missing
(un)trainings.

this also includes a new subcommand "retrain" to recreate the junkfilter for an
account. you should run it after updating to this version. and you should
probably also modify your account config to include the AutomaticJunkFlags.
2023-02-11 23:00:12 +01:00
Mechiel Lukkien
a4306ef783
let's attempt irc & the gopher slack as places of discussion 2023-02-11 13:35:07 +01:00
Mechiel Lukkien
d48d19b840
in account web page, allow user to configure rulesets for delivery
for example, by matching incoming messags on smtp mail from, verified domains
(spf/dkim), headers. then delivering to a configured mailbox. for mailing
lists, if a verified domain matches, regular spam checks can be skipped.

this was already possible by editing the configuration file, but only admins
can edit that file. now users can manage their own rulesets.
2023-02-10 23:47:19 +01:00
Mechiel Lukkien
dcc31e4964
fix some spelling, markdown 2023-02-10 19:43:02 +01:00
Mechiel Lukkien
9419ee15dd
slow down connections for spammy deliveries, and too many failed authentications, and sleep for 15 seconds before delivering messages by first-time senders
similar to greylisting, but not quite the same: with greylisting you would
always reject the first delivery attempt with a temporary failure. with the
hope that spammers won't retry their deliveries. the spams i've been receiving
seem to be quite consistent though. and we would keep rejecting them anyway.

we slow down the spammy connections to waste some of the resources of a
spammer. this may slow their campaigns down a bit, leaving a bit more time to
take measures.

we do the same with connections that have their 3rd authentication failure,
typically password guess attempts.

when we accept a message by a first-time sender, we sleep for 15 seconds before
actually delivering them. known-good senders don't have to wait. if the message
turns out to be a spammer, at least we've consumed one of their connections,
and they cannot deliver at too high a rate to us because of the max open
connection limit.
2023-02-08 21:45:32 +01:00
Mechiel Lukkien
6623cb435a
rename metric after its package 2023-02-08 21:01:15 +01:00
Mechiel Lukkien
8bdca09b7b
on admin index page, show number of messages in queue next to link to the queue list 2023-02-08 19:42:21 +01:00
Mechiel Lukkien
2154392bd8
add basic rate limiters
limiting is done based on remote ip's, with 3 ip mask variants to limit networks
of machines. often with two windows, enabling short bursts of activity, but not
sustained high activity. currently only for imap and smtp, not yet http.

limits are currently based on:
- number of open connections
- connection rate
- limits after authentication failures. too many failures, and new connections will be dropped.
- rate of delivery in total number of messages
- rate of delivery in total size of messages

the limits on connections and authentication failures are in-memory. the limits
on delivery of messages are based on stored messages.

the limits themselves are not yet configurable, let's use this first.

in the future, we may also want to have stricter limits for senders without any
reputation.
2023-02-07 23:18:15 +01:00
Mechiel Lukkien
1617b7c0d6
add jitter to the retries by the queue 2023-02-06 16:08:21 +01:00
Mechiel Lukkien
e2516444b1
add comment about the embedded html files
after review note by jonathan hall, thanks!
2023-02-06 15:26:24 +01:00
Mechiel Lukkien
37713a974c
consistently use finally {} for cleanup in html/js 2023-02-06 15:23:33 +01:00
Mechiel Lukkien
6cbe4d5d37
allow unsetting a log level through subcommand and add admin page for settng log level 2023-02-06 15:17:46 +01:00
Mechiel Lukkien
4202fbe108
make the setaccountpassword talk through ctl
otherwise, setting a password will block if something has the account open,
e.g. any imap connection. so in practice it only worked when mox isn't running.
2023-02-06 11:31:46 +01:00
Mechiel Lukkien
52e7054c49
fix typo's
some through goreportcard.com
2023-02-06 11:00:11 +01:00
Mechiel Lukkien
9792158324
improve quickstart and readme for better first-time experience
- make the example commands in the readme more likely to succeed, especially
  for people who are not familiar with go and its toolchain.
- improve probability that the correct configuration is generated, especially
  the hostname. previously, if the quickstart email address was "some.domain",
  and the machine where you ran the quickstart was "myhost", the hostname used
  for the configuration was assumed to be "myhost.some.domain". but this is often
  not correct, especially when configuring mox to serve mail on a subdomain of an
  existing domain. mox will now try to determine the host name by a reverse
  lookup of the public ips it found. and it will warn if there are no/multiple
  candidates.

based on feedback from erik dubbelboer, thanks!
2023-02-05 21:25:48 +01:00
Mechiel Lukkien
f6964d2d42
add notes on tests with microsoft outlook.
summary: i haven't been able to send email.
2023-02-05 17:54:00 +01:00
Mechiel Lukkien
e52c9d36a6
support cram-md5 authentication for imap and smtp
and change thunderbird autoconfiguration to use it.

unfortunately, for microsoft autodiscover, there appears to be no way to
request secure password negotiation. so it will default to plain text auth.

cram-md5 is less secure than scram-sha-*, but thunderbird does not yet support
scram auth. it currently chooses "plain", sending the literal password over the
connection (which is TLS-protected, but we don't want to receive clear text
passwords). in short, cram-md5 is better than nothing...

for cram-md5 to work, a new set of derived credentials need to be stored in the
database. so you need to save your password again to make it work. this was
also the case with the scram-sha-1 addition, but i forgot to mention it then.
2023-02-05 16:29:03 +01:00
Mechiel Lukkien
f83fe79f96
"make check-shadow" now produces useful output 2023-02-05 16:28:44 +01:00
Mechiel Lukkien
642a328ae1
add support for SCRAM-SHA-1
the idea is that clients may not support SCRAM-SHA-256, but may support
SCRAM-SHA-1. if they do support the 256 variant, they'll use it.

unfortunately, thunderbird does not support scram-sha-1 either.
2023-02-05 12:30:14 +01:00
Mechiel Lukkien
49dd5b7ba9
work around missing timezone in timestamps in tls reports from microsoft 2023-02-05 10:55:34 +01:00
Mechiel Lukkien
ffb2a10a4e
add two new log levels for tracing sensitive auth protocol messages, and bulk data messages
named "traceauth" and "tracedata".

with this, you can (almost) enable trace logging without fear of logging
sensitive data or ddos'ing your log server.

the caveat is that the imap login command has already printed the line as
regular trace before we can decide it should not be. can be fixed soon.
2023-02-03 20:33:19 +01:00
Mechiel Lukkien
ae60cdac7e
allow requesting a certificate for autodiscover.<domain>, but don't recommend a DNS record that would make requests to it.
this may help testing again in the future. autodiscover with outlook is not
working now.
2023-02-03 17:53:45 +01:00
Mechiel Lukkien
c21b8c0d54
add reverse ip checks during quickstart and in "check dns" admin page/subcommand
- and don't have a global variable "d" in the big checkDomain function in http/admin.go.
- and set loglevel from command-line flag again after loading the config file, for all subcommands except "serve".
2023-02-03 15:54:34 +01:00
Mechiel Lukkien
8bbaa38c74
improve sendmail
- when sendmail is invoked to sent to a local user, eg "root", send to a
  configured defaultaddress instead. previously, we would fail printing usage.
- add a subcommand that prints the config file, /etc/moxsubmit.conf.
- follow the STARTTLS setting.
- fix running as just plain sendmail.
2023-02-03 14:15:34 +01:00
Mechiel Lukkien
ba077dadd0
in dkim-signature header, allow FWS anywhere in "z=" (copied headers), and prevent panic in cli command "mox dkim verify" when a dkim-signature cannot be parsed
the BNF for "z=" does not show FWS is allowed (while it does in other places,
eg base64), but the text above the BNF explains it in words.
2023-02-03 13:29:47 +01:00
Mechiel Lukkien
2239f38232
actually get monospace font 2023-02-02 16:04:09 +01:00
Mechiel Lukkien
b723f938d8
longer timeout for domain dns/connectivity check
mostly to allow the first check to succeed. tls certificates will be requested then.
2023-02-02 12:58:33 +01:00
Mechiel Lukkien
045d7566d4
use rel=noopener noreferrer on more links
and make it easier with link() function. and get rid of some globals.
2023-02-01 21:53:43 +01:00
Mechiel Lukkien
79a94a47c5
fix mentioning of domains.conf in quickstart 2023-02-01 21:42:04 +01:00
Mechiel Lukkien
020d0bb0fb
add scram-sha-256 for smtp
similar to imap. the code should be merged.
this also reads the abort-line after authentication failure.
2023-01-31 00:22:26 +01:00
Mechiel Lukkien
b40bb257d7
fix update check without last known version present
i.e. at first startup. lots of logging about waiting for 1h were printed, but
there was no sleep.
2023-01-31 00:16:01 +01:00
Mechiel Lukkien
0989a7d346
tweak readme, making urls clickable 2023-01-30 14:43:50 +01:00
Mechiel Lukkien
7076dd199b
rename filename that is invalid for the go module proxy
not found: create zip: testdata/importtest.maildir/cur/1642966915.1.mox:2,: malformed file path "testdata/importtest.maildir/cur/1642966915.1.mox:2,": invalid char ':'
2023-01-30 14:38:55 +01:00
Mechiel Lukkien
cb229cb6cf
mox! 2023-01-30 14:27:06 +01:00