To make the coverage report a bit more accessible and easier to
navigate, this patch makes the coverage tests generate a new HTML
coverage report (in addition to the classic variant).
This patch updates the installation guide to try to make the
installation section more readable.
It also assumes a modern Go environment is installed, which
simplifies the process of building from source.
If we fail to put the message in the queue (e.g. because we're out of
storage space, or the aliases-resolve hook errored out), it should be
considered a transient failure.
Currently we return a permanent error, which is misleading, as we want
clients to retry in these situations.
So this patch changes the error returned accordingly.
This patch updates the auto-generated code to match the latest tooling
versions.
In particular, the protobufs are regenerated, and the new version no
longer supports unkeyed literals, so some minor changes are needed.
Other than that, the cipher list is extended with the latest ciphers.
This patch implements two new hooks: alias-resolve and alias-exists.
They are called during the aliases resolution process, to allow for more
complex integration with other systems, such as storing the aliases in a
database.
See the included documentation for more details.
Rspamd (https://rspamd.com/) is a popular open-source spam filtering
system.
This patch adds integration with it in the example hook, which uses the
rspamc client to get a veredict, similar to what it does for
Spamassassin.
smtp-check exits on the first error, which is not ideal when
troubleshooting, as seeing only one error can mask others, or make it
more difficult to find the underlying cause.
This patch improves how smtp-check reports errors by tweaking the
presentation a bit, as well as perform almost all checks regardless of
whether they pass or not.
This patch replaces test/README, which was becoming a bit outdated, with
a more general description of the different tests at a high level, and
includes it in the documentation index.
It is useful to run the integration tests both against the submitted
dependencies, based on Go module versions from the repository, as well
as the latest ones, to catch integration problems early.
This patch extends the .gitlab-ci.yml configuration to do that, by
optionally passing a flag to "go get" to update the modules.
When modules are configured, go will now attempt to fetch them on build,
using the proxy.
That causes the integration tests run via Docker to fail, because go
build attempts to contact the proxy within the test environment, which
has the external DNS resolvers disabled.
This patch fixes the problem by adjusting the pre-run fetch to use the
new modules system. We fetch the dependencies to the cache so that when
they're needed within the environment, they are present and there's no
need to use the proxy.
In authentication requests sent to dovecot, chasquid uses the full
addresses, "user@domain". However this wasn't mentioned in the
documentation, and could cause some confusion.
So this patch adds an explicit clarification about this in the dovecot
integration documentation.
The spf library has gained support for macros, but to process them
properly, a new function needs to be called with the full sender
address, spf.CheckHostWithSender.
This patch updates chasquid's calls to the new API.
Some tests did not make use of testlib.RemoveIfOk, which resulted in
some duplication; this patch fixes that.
While at it, userdb tests have its own simpler variant, so add some
safety checks to it.
In some distributions, including newer Debian versions, msmtp is
installed as setgid.
That prevents $HOSTALIASES from being honoured, which breaks the tests.
This patch works around the problem by creating a copy of the binary,
which will not have the setgid bit set.
The MTA-STS standard explicitly says the maximum max_age is 1 year.
This patch adds a check to the STS library to enforce this. Policies
with max_age > 1y will be treated as invalid.
See this email thread for some discussion on the topic:
https://mailarchive.ietf.org/arch/msg/uta/bnUjy9jxM_Va-lDXVtbB32zIkYI
Python 2 is approaching end of life, and we only need it to run
the mail_diff test utility.
This patch updates mail_diff to run on Python 3, which only needed minor
changes.
This patch adds a new docker directory, which contains a Dockerfile plus
some additional configuration for creating a container that runs
chasquid+dovecot+letsencrypt.
It also updates the gitlab CI pipeline to automatically build and
publish an image on each commit.
This is experimental and likely to break.
Instead of use readthedocs.org, point to the self-hosted version of the
rendered documentation.
We still use mkdocs to generate it, it's just more practical and
consistent to self-host the documentation.
This patch adds configuration to integrate with readthedocs.org, using
mkdocs as rendering engine.
It also does minor documentation updates, to tidy some things up
(clearer titles, move some documentation from the root into docs/, etc).
The tests might start running and attempting to do DNS resolutions
before minidns has come up, which can cause false positives and flaky
tests.
This patch makes the entrypoint wait until minidns has come up, to fix
the problem.
The golang image has been updated to use Debian buster. In that version,
msmtp is now setgid, which means glibc sanitizes the environment before
forking and $HOSTALIASES will be ignored, which breaks the tests.
This patch works around the problem by removing the setgid bit from
msmtp.
The submission_over_tls_address configuration option has existed for a
long time, but was not properly documented.
This patch adds it to the manpage, as well as printing it in the
configuration output on startup.
The integration tests are automatically run in a gitlab CI pipeline,
using docker.
This patch adds a link to the current status, like we do for the Go test
that are run in Travis, for convenience.
This patch contains some minor updates to docs/howto.md for simplicity
and readability.
In particular removing the "testing" qualifier from Debian, since the
guide can be used on Debian stable, and also removing a clarification in
a comment about a very old version of chasquid.
The test/t-14-tls_tracking test relies on Go 1.8 features, but since we
used to support Go 1.7, the test had a version check.
Since now the minimum Go version supported is 1.9, we can remove this
check.
The maillog package will write to the system logger if it can't write to
the mail log. It does this only once to avoid spamming the system logger
on misconfigurations.
This patch adds a test for this condition.
We want to test that autodetection works with closed sockets, as we
explicitly support that scenario: chasquid might be up before dovecot
is, and we still want the detection to work.
The code is written that way, but we had no tests for it until now,
because we were blocked on the unix listeners supporting
SetUnlinkOnClose, which appeared in Go 1.8.
Now that the minimum Go version has been raised past that, we can
implement the test.
Now that we raised the minimum Go version to 1.9, we can make use of
expvar's .Value methods to simplify some of the STS tests.
This patch makes those simplifications, which do not change the logic of
the tests themselves.
There are a few context.WithDeadline calls that can be simplified by
using context.WithTimeout.
At the time they were added, WithTimeout was too new so we didn't want
to depend on it. But now that the minimum Go version has been raised to
1.9, we can simplify the calls.
This patch does that simplification, which is purely mechanical, and
does not change the logic itself.
As of a29dc8fd (2019-04-26), golang.org/x/crypto requires math/bits.
math/bits was introduced in Go 1.9, so we can no longer build from head
using 1.7.
Building using Debian's packaged dependencies should work just fine, but
since we want Travis to build from head, this commit updates the minimum
supported version to 1.9.
This patch contains some changes to generate tidier DSNs, which should
make them slightly more readable.
In particular, it also makes it able to handle multi-line errors much
better than before.
When handling a connection, today we only set a deadline after each
command received.
However, this does not cover our initial greeting, or the initial TLS
handshake (if the socket is TLS), so a connection can hang
indefininitely at that stage.
This patch fixes that by setting a deadline earlier, before we send or
receive anythong on the connection.
Our non-delivery status notifications are quite simple today, but that
makes it much more difficult to support internationalization and
cross-language reporting.
There is a standard for internationalized DSNs, RFC 6533 (which builds
on top of the structured DSNs from RFC 3464).
This patch changes our DSN messages to be based on those standards, so
it is easier for MUAs to display reports according to the users'
languages preferences.
Note we still use message/rfc822 + 8bit to transmit the message, instead
of message/global, for compatibility reasons. This seems to be more
universally compatible, but the decision might be revisited in the
future. See RFC 5335 (section 4.6 in particular).
This patch contains some minor code style improvements, to leave the
linter happier and generally follow best practices in some areas where
things snuck through.
