Today, we only require that Docker integration tests use a Go version
>= 1.20. In practice, it almost always picks the latest version.
For consistency, this patch requests it to run the latest Go version.
Today, the step to build the Docker public image depends on the coverage
run. This dependency isn't necessary, as the coverage could be failing
for a variety of reasons (e.g. codecov being down) and doesn't signal
any problem with chasquid itself.
So this patch fixes that: if the integration tests pass, then that is
good enough for building the public image.
There's an inconsistency between chasquid (which uses `--config_dir`) and
chasquid-util (which uses `--configdir`).
That is prone to cause confusion, so this patch renames chasquid-util's
flag, leaving the old one as deprecated with a warning message.
Closes https://github.com/albertito/chasquid/pull/60.
Amended-by: Alberto Bertogli <albertito@blitiri.com.ar>
Added test case for the deprecated option, adjusted commit message.
Microsoft SMTP servers have a bug that prevents them from successfully
establishing a TLS connection against modern Go TLS servers, and some
OpenSSL versions. It also doesn't fall back to plain-text, so this has
been causing deliverablity issues.
The problem started by the end of 2024 and it's still not fixed.
Unfortunately, because they're quite a big provider and are not fixing
their problem, it is worth to do a server-side workaround.
This patch implements that workaround: it disables TLS session tickets.
There is no security impact for doing so, and there is a small
performance penalty which is likely to be insignificant for chasquid's
main use cases.
This workaround should be removed once Microsoft fixes their problem.
We are going to make a 1.15.1 release for this, which this patch also
documents.
Thanks to Michael (l6d-dev@github) for reporting this issue and
suggesting this workaround!
See https://github.com/albertito/chasquid/issues/64 and
https://github.com/golang/go/issues/70232 for more details.
This commit updates the uses of math/rand to math/rand/v2, which was
released in Go 1.22 (2024-02).
The new package is generally safer, see https://go.dev/blog/randv2 for
the details.
There are no user-visible changes, it is only adjusting the name of
functions, simplify some code thanks to v2 having a better API, etc.
Authenticated users are intentionally allowed to send email as other users or
domains. This is a design choice made to balance simplicity of operation and
use.
However, it can be surprising and it's not obvious, so this patch adds a
note to the documentation about it.
Thanks to Matěj Volf for suggesting this improvement!
Fixes: https://github.com/albertito/chasquid/issues/62
This patch adds a document with guidelines for contributing to chasquid.
It includes suggestions for how to ask questions, how to send patches
(and the expectations around them), and documents how the different
branches are used.
Thanks to raspbeguy (https://github.com/raspbeguy) for suggesting this
improvement.
`chasquid-util user-add` is meant to create the domain directory if it
doesn't exist; however there's a bug that makes this not happen, and
instead the command fails with:
Error writing database: open <path>: no such file or directory
This patch fixes the issue and adds a test to ensure we don't have any
regressions on this behaviour.
Thanks to raspbeguy (https://github.com/raspbeguy) for reporting this
issue (on IRC).
This patch regenerates the auto-generated files. There are no
significant changes.
- Protobuf files updated the comment formatting to match recent changes
in Go libraries.
- IANA assignment for a AEGIS (currently an IETF draft) has been
updated.
- The link to the human-readable IANA assignment tables from the
generator was manually updated.
This patch adds a fail2ban filter configuration example for chasquid.
It can be used to configure fail2ban to detect IPs causing connection
churn or high rate of errors.
The ToCRLF/StringToCRLF functions are not very performance critical, but
we call it for each mail, and the current implementation is very
inefficient (mainly because it goes one byte at a time).
This patch replaces it with a better implementation that goes line by line.
The new implementation of ToCRLF is ~40% faster, and StringToCRLF is ~60%
faster.
```
$ benchstat old.txt new.txt
goos: linux
goarch: amd64
pkg: blitiri.com.ar/go/chasquid/internal/normalize
cpu: 13th Gen Intel(R) Core(TM) i9-13900T
│ old.txt │ new.txt │
│ sec/op │ sec/op vs base │
ToCRLF-32 162.96µ ± 6% 95.42µ ± 12% -41.44% (p=0.000 n=10)
StringToCRLF-32 190.70µ ± 14% 76.51µ ± 6% -59.88% (p=0.000 n=10)
geomean 176.3µ 85.44µ -51.53%
```
ssl.wrap_socket() has been deprecated and is no longer functional in
Python 3.12: https://docs.python.org/3/whatsnew/3.12.html#ssl.
This patch replaces it with the equivalent (in this context)
ssl.SSLContext.
The timestamp string in the t= and x= headers is an "unsigned decimal
integer", but time.Unix takes an int64. Today we parse it as uint64 and
then cast it, but this can cause issues with overflow and type
conversion.
This patch fixes that by parsing the timestamps as signed integers, and
then checking they're positive.
This patch makes chasquid log how many users, aliases and DKIM keys were
loaded for each domain.
This makes it easier to confirm changes, and troubleshoot problems
related to these per-domain configuration files.
Today, when starting up, if there's an error reading the users or
aliases files, we only log but do not exit. And then those files will
not be attempted to be read on the periodic reload.
We also treat "file does not exist" as an error for users file, but not
aliases file, resulting in inconsistent behaviour between the two.
All of this makes some classes of problems (like permission errors) more
difficult to spot and troubleshoot. For example,
https://github.com/albertito/chasquid/issues/55.
So this patch makes errors reading users/aliases files on startup a
fatal error, and also unifies the "file does not exist" behaviour to
make it not an error in both cases.
Note that the behaviour on the periodic reload is unchanged: treat these
errors as fatal too. This may be changed in future patches.
Unfortunately, `go get` rejects repos that have files with ':':
https://github.com/golang/go/issues/28001.
We have one such file in the tests.
This prevents some of the Go tooling from working on the latest release,
including pkg.go.dev.
So, as a workaround we use a compatible file name in the repository, and
rename it when running the test. This is very hacky, but it's okay for a
single test.
The `latest` tag is meant to track the `main` branch, but I just noticed
it hasn't been pushed out in a while. This is because the conditional
gating the push on the branch being `main` is incorrect.
This patch fixes the problem by using the correct conditional on the
branch name.
The current .gitignore pattern doesn't work when the private test cases
are a symlink, which can be convenient.
This patch fixes it by changing the pattern to match symlinks as well as
directories.
This patch adds a cross-tool integration check that uses
driusan/dkim's dkimverify to confirm it can verify our own DKIM signatures.
It is optional, since the tool may not be present.
This patch removes the integration tests that covered using driusan/dkim
and dkimpy's tools in the example hook.
Now that we have internal DKIM support, the example hook doesn't attempt
to use them, so we can remove the tests that cover it.
Those tools, and other DKIM implementations, can still be used in the
post-data hook just as before.
To send mails, today some tests use msmtp and others our internal smtpc.py.
This works, but msmtp slows down the tests significantly, and smtpc.py
is also not particularly fast, and also has some limitations.
This patch introduces a new SMTP client tool written in Go, and makes
almost all the tests use it.
Some tests still remain on msmtp, mainly for client-check compatibility.
It's likely that this will be moved in later patches to a separate
special-purpose test.
With this patch, integration tests take ~20% less time than before.
Dovecot applies an authentication penalty, where it delays failed attempts.
Because we intentionally do bad authentications for testing, this slows
downs the tests significantly. So this patch disables it.
Our tests invoke a variety of helpers, some of them are written in Go.
Today, we call "go build" (directly or indirectly via "go run"), which is
a bit wasteful and slows down the tests.
This patch makes the tests only build our Go helpers once every 10s at
most.
The solution is a bit hacky but in the context of these tests, it's
practical.
The generate_cert cache has a bug because it uses the directory's age,
which won't necessarily change, and it was always re-generating
certificates after 10m.
This patch fixes the bug by checking the age of the private key file
instead of the directory.
This patch adds tests to verify how safeio behaves when *os.File
operations return various errors.
To do this, we allow the possibility of wrapping os.CreateTemp, so we
can simulate the errors during testing.
This is not pretty, but the code is small enough that the readability
overhead is minimal, and we get a lot of tests from it.
We've had a couple of reported issues about the difficulty of setting up
new clients, or confusion due to using broken clients:
- https://github.com/albertito/chasquid/pull/46
- https://github.com/albertito/chasquid/issues/52
This patch adds the first version of a "Clients" document that includes
requirements for all clients, configuration examples, and a list of
known-problematic client software.
The goal is to help reduce friction and confusion when setting up
clients.
The document needs more polishing and examples, which hopefully will be
added later.
Fixes https://github.com/albertito/chasquid/issues/48.
Nearly all the github actions we rely on have increased their major
version, at least to update the Node.js version they run on, since the
previous one is being deprecated and will eventually become unsupported.
So this patch updates all the versions of the github actions we use.
Unfortunately, but understandably, Cirrus CI no longer offers enough
free compute credits to run our tests reliably.
They're currently only used to run the Go tests on FreeBSD.
In the future, this might be replaced with something else; but until a
proper replacement can be found and tested, remove it to avoid
introducing noise in the CI results.
Since we moved the Docker workflows to Github (after v1.10), they have
not been running on tags, so there are no tagged docker images for
v1.11, v1.12 and v1.13.
This is (hopefully) because we're not explicitly asking for the workflow
to be run on tag pushes.
This patch (hopefully) fixes that by adding an explicit section in the
config to make it run on tag pushes.
Thanks to Christoph Mewes (xrstf@github) for reporting this in
https://github.com/albertito/chasquid/issues/51.
The SMTP smuggling vulnerability fixed in 1.13 (and 1.11.1) has been
given a CVE number: CVE-2023-52354
(https://nvd.nist.gov/vuln/detail/CVE-2023-52354).
This patch adds a link to it in the release notes, for ease of reference.
This prevents chasquid from attempting to look for certs under a
non-directory, e.g. `/etc/chasquid/domains/.gitignore/certs`.
Amended-by: Alberto Bertogli <albertito@blitiri.com.ar>
Adjusted commit message, applied `go fmt`.
chasquid v1.11.1 was released on 2023-12-26 with a backport of the
security fixes from 1.13.
This was requested by users of Debian stable, who are on 1.11.
