Commit graph

772 commits

Author SHA1 Message Date
s0ph0s
cd223d9e57 Merge branch 'main' of https://github.com/mjl-/mox into tls-alpn-mux 2024-12-07 01:13:55 -05:00
s0ph0s
775c2f215e Enable configuration in IMAPS/Submissions sections
I think this is the smallest I can make this patch.
2024-12-07 01:13:32 -05:00
Mechiel Lukkien
0a77bc5955
tweak doucmentation for sasl and scram 2024-12-06 15:59:22 +01:00
Mechiel Lukkien
ce75852b7c
add missing space in x-mox-reason that's been bothering me for a while 2024-12-06 15:49:22 +01:00
Mechiel Lukkien
b750668152
add metrics that track how many error/warn/info logging is happening 2024-12-06 15:07:42 +01:00
Mechiel Lukkien
056b571fb6
webmail: don't consume keyboard events while login form is open
e.g. ctrl-l, for going to address bar to go to another site.
2024-12-06 14:57:20 +01:00
Mechiel Lukkien
e59f894a94
add an option for the smtp delivery listener to enable/disable tls session tickets
the field is optional. if absent, the default behaviour is currently to disable
session tickets. users can set the option if they want to try if delivery from
microsoft is working again. in a  future version, we can switch the default to
enabling session tickets.

the previous fix was to disable session tickets for all tls connections,
including https. that was a bit much.

for issue #237
2024-12-06 14:50:02 +01:00
Mechiel Lukkien
42793834f8
add Content-Disposition and Filename to the payload of incoming webhooks
for each message part. The ContentDisposition value is the base value without
header key/value parameters. the Filename field is the likely filename of the
part. the different email clients encode filenames differently. there is a
standard mime mechanism from rfc 2231. and there is the q/b-word-encoding from
rfc 2047. instead of letting users of the webhook api deal with those
differences, we provide just the parsed filename.

for issue #258 by morki, thanks for reporting!
2024-12-06 14:19:39 +01:00
Mechiel Lukkien
8804d6b60e
implement tls client certificate authentication
the imap & smtp servers now allow logging in with tls client authentication and
the "external" sasl authentication mechanism. email clients like thunderbird,
fairemail, k9, macos mail implement it. this seems to be the most secure among
the authentication mechanism commonly implemented by clients. a useful property
is that an account can have a separate tls public key for each device/email
client.  with tls client cert auth, authentication is also bound to the tls
connection. a mitm cannot pass the credentials on to another tls connection,
similar to scram-*-plus. though part of scram-*-plus is that clients verify
that the server knows the client credentials.

for tls client auth with imap, we send a "preauth" untagged message by default.
that puts the connection in authenticated state. given the imap connection
state machine, further authentication commands are not allowed. some clients
don't recognize the preauth message, and try to authenticate anyway, which
fails. a tls public key has a config option to disable preauth, keeping new
connections in unauthenticated state, to work with such email clients.

for smtp (submission), we don't require an explicit auth command.

both for imap and smtp, we allow a client to authenticate with another
mechanism than "external". in that case, credentials are verified, and have to
be for the same account as the tls client auth, but the adress can be another
one than the login address configured with the tls public key.

only the public key is used to identify the account that is authenticating. we
ignore the rest of the certificate. expiration dates, names, constraints, etc
are not verified. no certificate authorities are involved.

users can upload their own (minimal) certificate. the account web interface
shows openssl commands you can run to generate a private key, minimal cert, and
a p12 file (the format that email clients seem to like...) containing both
private key and certificate.

the imapclient & smtpclient packages can now also use tls client auth. and so
does "mox sendmail", either with a pem file with private key and certificate,
or with just an ed25519 private key.

there are new subcommands "mox config tlspubkey ..." for
adding/removing/listing tls public keys from the cli, by the admin.
2024-12-06 10:08:17 +01:00
Mechiel Lukkien
5f7831a7f0
move config-changing code from package mox-/ to admin/
needed for upcoming changes, where (now) package admin needs to import package
store. before, because package store imports mox- (for accessing the active
config), that would lead to a cyclic import. package mox- keeps its active
config, package admin has the higher-level config-changing functions.
2024-12-02 22:03:18 +01:00
Mechiel Lukkien
de435fceba
switch to math/rand/v2 in most places
this allows removing some ugly instantiations of an rng based on the current
time.

Intn is now IntN for our concurrency-safe prng wrapper to match the randv2 api.

v2 exists since go1.22, which we already require.
2024-11-29 13:45:19 +01:00
Mechiel Lukkien
96a3ecd52c
use reflect.TypeFor instead of kludgy reflect.TypeOf
TypeFor was introduced in go1.22, which we already require.
2024-11-29 13:17:13 +01:00
Mechiel Lukkien
afb182cb14
smtpserver: add prometheus metric for failing starttls handshakes for incoming deliveries
and add an alerting rule if the failure rate becomes >10% (e.g. expired
certificate).

the prometheus metrics includes a reason, including potential tls alerts, if
remote smtp clients would send those (openssl s_client -starttls does).

inspired by issue #237, where incoming connections were aborted by remote. such
errors would show up as "eof" in the metrics.
2024-11-29 12:43:21 +01:00
Mechiel Lukkien
09e7ddba9e
web apps: add autocomplete attribute for usernames and passwords
hinted at by chromium developer console
2024-11-29 10:40:22 +01:00
Mechiel Lukkien
96d86ad6f1
add ability to include custom css & js in web interface (webmail, webaccount, webadmin), and use css variables in webmail for easier customization
if files {webmail,webaccount,webadmin}.{css,js} exist in the configdir (where
the mox.conf file lives), their contents are included in the web apps.

the webmail now uses css variables, mostly for colors. so you can write a
custom webmail.css that changes the variables, e.g.:

	:root {
		--color: blue
	}

you can also look at css class names and override their styles.

in the future, we may want to make some css variables configurable in the
per-user settings in the webmail. should reduce the number of variables first.

any custom javascript is loaded first. if it defines a global function
"moxBeforeDisplay", that is called each time a page loads (after
authentication) with the DOM element of the page content as parameter. the
webmail is a single persistent page. this can be used to make some changes to
the DOM, e.g. inserting some elements. we'll have to see how well this works in
practice. perhaps some patterns emerge (e.g. adding a logo), and we can make
those use-cases easier to achieve.

helps partially with issue #114, and based on questions from laura-lilly on
matrix.
2024-11-29 10:17:07 +01:00
Mechiel Lukkien
9e8c8ca583
webmail: fix dragging the corner of the compose popup when it's on top of a message view with an iframe (for an html message)
the pointer events for moving the mouse would be consumed by the iframe. that
broke resizing of the compose popup.  we now disable pointerevents on the main
ui when we are dragging the corner of the compose popup.

this is similar to an earlier change about the draggable split bar between the
message list and the message view (when showing an html message).
2024-11-28 18:36:58 +01:00
Mechiel Lukkien
1f604c6a3d
webmail: when marking message as unread, also clear its (non)junk flags 2024-11-28 18:24:03 +01:00
Mechiel Lukkien
ee48cf0dfd
webmail: fix using the compose window/popup after saving a draft message failed
we kept the "save draft" promise, and would wait for it again for other
operations (eg close, save again, send), which wouldn't make progress.

can easily be reproduced by saving a message with a control character in an
address or the subject. saving the draft will fail.

for issue #256 by ally9335, thanks for reporting
2024-11-28 17:24:58 +01:00
Mechiel Lukkien
bd693805fd
webmail: tweak color for label about encrypted/signed messages
it wasn't very readable, probably since the change that introduced dark mode.
2024-11-28 16:46:24 +01:00
Mechiel Lukkien
d7f057709f
include goversion used to compile mox in the mox version 2024-11-28 16:28:05 +01:00
Mechiel Lukkien
636bb91df6
webaccount: tweak text about opening apple mobileconfig profile files, it has gotten harder to use in ios18
since ios18, downloaded files don't go immediately to the settings (which is
somewhat understandable given potential for abuse), but go to the Files app.
opening them in the Files app then adds them to the settings where they can be
installed.
2024-11-28 16:06:20 +01:00
Mechiel Lukkien
01deecb684
smtpserver: log an error message at debug level when we cannot parse a message for the smtputf8 check
instead of not logging any message. this should make it easier to debug.

based on delivery issue due to smtputf8 seen by wneessen.
2024-11-25 13:25:12 +01:00
s0ph0s
a183a9b174 Add support for negotiating IMAP, SMTP & HTTP on 443
This PR adds support for negotiating IMAP, SMTP & HTTP on the configured HTTPS port using TLS ALPN. This is intended to be useful for deploying Mox as a chatmail server. The upstream implementation of chatmail servers uses `imap` and `smtp` as the “next protocol” values for IMAP and SMTP, respectively: https://github.com/deltachat/chatmail/blob/main/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2#L16-L17

To test, configure Mox as is standard for the `mox localserve` mode, but add this block under `Listeners.local`:
```sconf
		AutoconfigHTTPS:
			Enabled: true
			Port: 1443
```

Then run Mox and use OpenSSL’s s_client mode to connect to the local instance:
```
> openssl s_client -quiet -connect localhost:1443 -alpn smtp
depth=0 O = mox localserve, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 O = mox localserve, CN = localhost
verify return:1
220 localhost ESMTP mox 7f5e1087d42d5d7bf57649c5c6a2155c3706ce39+modifications
HELO test
550 5.5.0 your ehlo domain does not resolve to an IP address (htqp11_GJOmHEhSs_Y03eg)
QUIT
221 2.0.0 okay thanks bye
^C
> openssl s_client -quiet -crlf -connect localhost:1443 -alpn imap
depth=0 O = mox localserve, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 O = mox localserve, CN = localhost
verify return:1
* OK [CAPABILITY IMAP4rev2 IMAP4rev1 ENABLE LITERAL+ IDLE SASL-IR BINARY UNSELECT UIDPLUS ESEARCH SEARCHRES MOVE UTF8=ACCEPT LIST-EXTENDED SPECIAL-USE LIST-STATUS AUTH=SCRAM-SHA-256-PLUS AUTH=SCRAM-SHA-256 AUTH=SCRAM-SHA-1-PLUS AUTH=SCRAM-SHA-1 AUTH=CRAM-MD5 ID APPENDLIMIT=9223372036854775807 CONDSTORE QRESYNC STATUS=SIZE QUOTA QUOTA=RES-STORAGE AUTH=PLAIN] mox imap
c1 STARTTLS
c1 BAD STARTTLS unrecognized syntax/command: tls already active
^C
> openssl s_client -quiet -crlf -connect localhost:1443
depth=0 O = mox localserve, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 O = mox localserve, CN = localhost
verify return:1
GET / HTTP/1.1
Host: localhost

HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Content-Type-Options: nosniff
Date: Mon, 25 Nov 2024 07:28:00 GMT
Content-Length: 19

404 page not found
^C
```

As part of this change, I had to `go get golang.org/x/net/http2`. (The default `http.Server` supports HTTP2 if you leave it alone, but that built-in support is deactivated if I set `TLSNextProto` to a non-nil value. To ensure that Mox continues to support HTTP2, [the Go documentation](https://pkg.go.dev/net/http@go1.23.3#hdr-HTTP_2) directs folks with "…more complex configurations…" to import x/net/http2.) Go decided that it also wanted to update a bunch of other dependencies while it was at it. This has caused the large number of dependency updates. I can revert these and attempt a more surgical addition of the http2 library, if you’d like.

There are also two major deficiencies in this code that I’d like advice on correcting:
1. Right now, this ALPN feature is enabled when Mox is configured to provide Autoconfigure services to mail clients. I chose to do this because it was relatively straightforward to implement. However, the resulting behavior is extremely non-obvious. **How would you recommend exposing the ALPN feature in the configuration?**
2. I’m not sure what the best way to expose the private `serve()` functions in `imapserver` and `smtpserver` are. The current implementation creates a public function called `ServeConn()` in each module that just calls the private `serve()` function with all the same arguments, but this feels redundant. **Would you recommend making the `serve()` functions public, using public wrappers but with a more limited set of parameters, or something else entirely?**

Thanks!
2024-11-25 02:48:42 -05:00
Mechiel Lukkien
7f5e1087d4
admin: better handling of disabled mta-sts during self-check
if admin has disabled mta-sts for a domain, we still check for records &
policies, but won't mark it as error when they don't exist. we do now keep
warning that mta-sts isn't enabled, otherwise we would start showing a green
"ok".

this also fixes the mta-sts code returning ErrNoPolicy when mtasts.<domain>
doesn't exist. the dns lookup is done with the reguler "net" package dns lookup
code, not through adns, so we look for two types of DNSError's.

noticed a while ago when testing with MTA-STS while debugging TLS connection
issues with MS.
2024-11-24 13:30:29 +01:00
Mechiel Lukkien
726c0931f7
admin: in self-check for spf records against our ip's, don't try checking the unspecified addresses (0.0.0.0 and ::), and warn if there are no explicitly configured ips
based on question by spectral369 on #mox on matrix
2024-11-24 12:41:00 +01:00
Matt Fellenz
501f594a0a
Split paste into addr field by commas 2024-11-23 15:11:57 +01:00
Mechiel Lukkien
32d4e9a14c
log when mox root process cannot forward signals to unprivileged child
and give the mox.service permissions to send such signals.
2024-11-21 21:59:36 +01:00
Mechiel Lukkien
3d4cd00430
when opening an account by email address, such as during login attempts, and address is an alias, fail with proper error "no such credentials" instead of with error "no such account", which printing a stack trace
was encountered during smtp session. but could also happen for imapserver and
webmail.

in smtpserver, we now log error messages for smtp errors that cause us to print
a stack trace. would have made logging output more helpful (without having to
turn on trace-level logging).

hopefully solves issue #238 by mwyvr, thanks for reporting!
2024-11-10 23:20:17 +01:00
Mechiel Lukkien
0e338b0530
for aliases, enable "public posting" by default when creating an alias
and explain in more detail what it means in the webadmin interface.
will hopefully bring less confusion.

for issue #244 by exander77, thanks for reporting
2024-11-10 22:25:08 +01:00
Mechiel Lukkien
c13f1814fc
also use "SRV 0 0 port ." in webadmin pages
for issue #240, thanks bwbroersma for reporting and patch
2024-11-10 22:24:47 +01:00
Benjamin W. Broersma
355488028d
More RFC compliant SRV service not available
Fix #240.
2024-11-07 15:01:02 +01:00
Mechiel Lukkien
68c130f60e
add v0.0.13 to website 2024-11-06 23:20:44 +01:00
Mechiel Lukkien
22c8911bf3
disable tls session tickets to workaround deliverability issues with incoming email from microsoft
for issue #237
2024-11-06 10:19:23 +01:00
startup-001-steve
76f7b9ebf6
added link to Matrix Chat Room
and make matrix.to url a link and wrap text
2024-11-01 12:11:10 +01:00
Mechiel Lukkien
8fa197b19d
imapserver: for the "bodystructure" fetch response item, add the content-type parameters for multiparts so clients will get the mime boundary without having to parse the message themselves
"bodystructure" is like "body", but bodystructure allows returning more
information. we chose not to do that, initially because it was easier to
implement, and more recently because we can't easily return the additional
content-md5 field for leaf parts (since we don't have it in parsed form). but
now we just return the extended form for multiparts, and non-extended form for
leaf parts. likely no one would be looking for any content-md5-value for leaf
parts anyway. knowing the boundary is much more likely to be useful.

for issue #217 by danieleggert, thanks for reporting!
2024-11-01 11:28:25 +01:00
Mechiel Lukkien
598c5ea6ac
smtpserver: when logging recipients, actually show something about the recipient
before this change, we were logging an empty string, which turned into "[]",
looking like an empty array. misleading and unhelpful.

this is fixed by making struct fields on type recipient "exported" so they can
get logged, and by changing the logging code to log nested
struct/pointer/interface fields if we would otherwise wouldn't log anything
(when only logging more basic data types).

we'll now get log lines like:

	l=info m="deliver attempt to unknown user(s)" pkg=smtpserver recipients="[addr=bogus@test.example]"

for issue #232 by snabb, thanks for reporting!
2024-11-01 10:38:31 +01:00
Mechiel Lukkien
879477a01f
webmail: during "send and archive", don't fail with error message when message that is being responded to is already in archive folder
before this change, when archiving, we would move all messages from the thread
that are in the same mailbox as that of the response message to the archive
mailbox. so if the message that was being responsed to was already in the
archive mailbox, the message would be moved from archive mailbox to archive
mailbox, resulting in an error.

with this change, when archiving, we move the thread messages that are in the
same mailbox as is currently open (independent of the mailbox the message lives
in, a common situation in the threading view). if there is no open mailbox
(search results), we still use the mailbox of the message being responded to as
reference.

with this new approach, we won't get errors moving a message to an archive
mailbox when it's already there. well, you can still get that error, but then
you've got the archive mailbox open, or you're in a search result and
responding to an archived message. the error should at least help understand
that nothing is happening.

we are only moving the messages from one active/reference mailbox because we
don't want to move messages from the thread that are in the Sent mailbox, and
we also don't want to move duplicate messages (cross-posts to mailing lists)
that are in other mailboxes. moving only the messages from the current active
mailbox seems safe, and should do what is what users would expect most of the
time.

for issue #233 by mattfbacon, thanks for reporting!
2024-11-01 09:39:40 +01:00
Mechiel Lukkien
04305722a7
webmail: if we don't have loaded account settings yet, abort loading the popup after showing an error that the settings aren't available yet
missing returning/throwing error.

based on screenshot with unhandled js error in issue #218 by mgkirs
2024-10-10 14:29:52 +02:00
Mechiel Lukkien
0fbf24160c
add a handler for the acme http-01 validiation mechanism to all plain http (non-tls) webservers (ports), not only to the one listening on port 80
because this mechanism is most needed behind a reverse proxy, where acme
tls-alpn-01 won't work (because the reverse proxy won't pass on the alpn
extensions). if that's the case, there is obviously a webserver on port 443.
and it likely also running on port 80. so before this change, if tls-alpn-01
isn't available, http-01 also wasn't available, leaving no validation
mechanisms.

for issue #218 by mgkirs, thanks for reporting and details. hope this helps.
2024-10-10 14:04:13 +02:00
Mechiel Lukkien
354b9f4d98
tweak docs for release process 2024-10-06 13:07:11 +02:00
Mechiel Lukkien
bd842d3ff5
add upcoming release to website, and rotate apidiff 2024-10-06 12:48:56 +02:00
Mechiel Lukkien
5699686870
generate apidiff 2024-10-06 10:46:50 +02:00
Mechiel Lukkien
fdc0560ac4
for messages retired from the delivery queue, set "success" field properly, and include the smtp code/enhanced code on success too (not only on failure)
noticed some time ago when looking at my retired messages queue.
2024-10-05 11:06:42 +02:00
Mechiel Lukkien
fb65ec0676
webmail: fix loading a "view" (messages in a mailbox) when the "initial" message cannot be parsed
when we send a list of messages from the mox backend to the js frontend, we
include a parsed form of the "initial" message: the one we immediately show,
typically the top-most (unread) message. however, if that message could not be
parsed (due to invalid header syntax), we would fail the entire operation of
loading the view.

with this change, we simply don't return a parsed form of an initial message if
we cannot parse it. that will cause the webmail frontend to not select &
display a message immediately. if you then try to open the message, you'll
still get an error message as before. but at least the view has been loaded,
and you can open the raw message to inspect the contents.

for issue #219 by wneessen
2024-10-05 09:50:40 +02:00
Mechiel Lukkien
5d97bf198a
add support for parsing the imap "bodystructure" extensible form
not generating it yet from imapserver because we don't have content-md5
available. we could send "nil" instead of any actual content-md5 header (and
probably no contemporary messages include a content-md5 header), but it would
not be correct. if no known clients have problems in practice with absent
extensible data, it's better to just leave the bodystructure as is, with
extensible data.

for issue #217 by danieleggert
2024-10-04 22:55:43 +02:00
Mechiel Lukkien
81c179bb4c
fix embarrasing bug in checking if string is ascii
result reversed

for issue #179 and issue #157
2024-10-04 20:05:28 +02:00
Mechiel Lukkien
edb6e8d15c
webmail: fix displaying a message in separate window if there was no known viewmode (text or html or html with externals)
we were sending a zero value for ViewMode, which the frontend js rejected
during parsing.

noticed during testing.
2024-10-04 16:37:32 +02:00
Mechiel Lukkien
32b549b260
add more details to x-mox-reason message header added during delivery, for understanding why a message is accepted/rejected
we add various information while analysing an incoming message. like
dkim/spf/ip reputation. and content-based junk filter threshold/result and
ham/spam words used.

for issue #179 by Fell and #157 by mattfbacon
2024-10-04 16:01:30 +02:00
Mechiel Lukkien
98d0ff22bb
update to latest dependencies 2024-10-04 09:44:59 +02:00
Mechiel Lukkien
9a4fa8633f
add missing file from previous commit 2024-10-04 09:34:37 +02:00