Commit graph

220 commits

Author SHA1 Message Date
Mechiel Lukkien
9792158324
improve quickstart and readme for better first-time experience
- make the example commands in the readme more likely to succeed, especially
  for people who are not familiar with go and its toolchain.
- improve probability that the correct configuration is generated, especially
  the hostname. previously, if the quickstart email address was "some.domain",
  and the machine where you ran the quickstart was "myhost", the hostname used
  for the configuration was assumed to be "myhost.some.domain". but this is often
  not correct, especially when configuring mox to serve mail on a subdomain of an
  existing domain. mox will now try to determine the host name by a reverse
  lookup of the public ips it found. and it will warn if there are no/multiple
  candidates.

based on feedback from erik dubbelboer, thanks!
2023-02-05 21:25:48 +01:00
Mechiel Lukkien
f6964d2d42
add notes on tests with microsoft outlook.
summary: i haven't been able to send email.
2023-02-05 17:54:00 +01:00
Mechiel Lukkien
e52c9d36a6
support cram-md5 authentication for imap and smtp
and change thunderbird autoconfiguration to use it.

unfortunately, for microsoft autodiscover, there appears to be no way to
request secure password negotiation. so it will default to plain text auth.

cram-md5 is less secure than scram-sha-*, but thunderbird does not yet support
scram auth. it currently chooses "plain", sending the literal password over the
connection (which is TLS-protected, but we don't want to receive clear text
passwords). in short, cram-md5 is better than nothing...

for cram-md5 to work, a new set of derived credentials need to be stored in the
database. so you need to save your password again to make it work. this was
also the case with the scram-sha-1 addition, but i forgot to mention it then.
2023-02-05 16:29:03 +01:00
Mechiel Lukkien
f83fe79f96
"make check-shadow" now produces useful output 2023-02-05 16:28:44 +01:00
Mechiel Lukkien
642a328ae1
add support for SCRAM-SHA-1
the idea is that clients may not support SCRAM-SHA-256, but may support
SCRAM-SHA-1. if they do support the 256 variant, they'll use it.

unfortunately, thunderbird does not support scram-sha-1 either.
2023-02-05 12:30:14 +01:00
Mechiel Lukkien
49dd5b7ba9
work around missing timezone in timestamps in tls reports from microsoft 2023-02-05 10:55:34 +01:00
Mechiel Lukkien
ffb2a10a4e
add two new log levels for tracing sensitive auth protocol messages, and bulk data messages
named "traceauth" and "tracedata".

with this, you can (almost) enable trace logging without fear of logging
sensitive data or ddos'ing your log server.

the caveat is that the imap login command has already printed the line as
regular trace before we can decide it should not be. can be fixed soon.
2023-02-03 20:33:19 +01:00
Mechiel Lukkien
ae60cdac7e
allow requesting a certificate for autodiscover.<domain>, but don't recommend a DNS record that would make requests to it.
this may help testing again in the future. autodiscover with outlook is not
working now.
2023-02-03 17:53:45 +01:00
Mechiel Lukkien
c21b8c0d54
add reverse ip checks during quickstart and in "check dns" admin page/subcommand
- and don't have a global variable "d" in the big checkDomain function in http/admin.go.
- and set loglevel from command-line flag again after loading the config file, for all subcommands except "serve".
2023-02-03 15:54:34 +01:00
Mechiel Lukkien
8bbaa38c74
improve sendmail
- when sendmail is invoked to sent to a local user, eg "root", send to a
  configured defaultaddress instead. previously, we would fail printing usage.
- add a subcommand that prints the config file, /etc/moxsubmit.conf.
- follow the STARTTLS setting.
- fix running as just plain sendmail.
2023-02-03 14:15:34 +01:00
Mechiel Lukkien
ba077dadd0
in dkim-signature header, allow FWS anywhere in "z=" (copied headers), and prevent panic in cli command "mox dkim verify" when a dkim-signature cannot be parsed
the BNF for "z=" does not show FWS is allowed (while it does in other places,
eg base64), but the text above the BNF explains it in words.
2023-02-03 13:29:47 +01:00
Mechiel Lukkien
2239f38232
actually get monospace font 2023-02-02 16:04:09 +01:00
Mechiel Lukkien
b723f938d8
longer timeout for domain dns/connectivity check
mostly to allow the first check to succeed. tls certificates will be requested then.
2023-02-02 12:58:33 +01:00
Mechiel Lukkien
045d7566d4
use rel=noopener noreferrer on more links
and make it easier with link() function. and get rid of some globals.
2023-02-01 21:53:43 +01:00
Mechiel Lukkien
79a94a47c5
fix mentioning of domains.conf in quickstart 2023-02-01 21:42:04 +01:00
Mechiel Lukkien
020d0bb0fb
add scram-sha-256 for smtp
similar to imap. the code should be merged.
this also reads the abort-line after authentication failure.
2023-01-31 00:22:26 +01:00
Mechiel Lukkien
b40bb257d7
fix update check without last known version present
i.e. at first startup. lots of logging about waiting for 1h were printed, but
there was no sleep.
2023-01-31 00:16:01 +01:00
Mechiel Lukkien
0989a7d346
tweak readme, making urls clickable 2023-01-30 14:43:50 +01:00
Mechiel Lukkien
7076dd199b
rename filename that is invalid for the go module proxy
not found: create zip: testdata/importtest.maildir/cur/1642966915.1.mox:2,: malformed file path "testdata/importtest.maildir/cur/1642966915.1.mox:2,": invalid char ':'
2023-01-30 14:38:55 +01:00
Mechiel Lukkien
cb229cb6cf
mox! 2023-01-30 14:27:06 +01:00