Some use cases, like receive-only MTAs, need domain users for receiving
emails, but have no real need for passwords since they will never use
submission.
Today, that is not supported, and those use-cases require the
administrator to come up with a password unnecessarily, adding
complexity and possibly risk.
This patch implements "receive-only users", which don't have a valid
password, thus exist for the purposes of delivering mail, but always
fail authentication.
See https://github.com/albertito/chasquid/issues/44 for more details and
rationale.
Thanks to xavierg who suggested this feature on IRC.
The aliases-add subcommand was added before aliases hooks were
implemented and polished, it is undocumented, and the implementation is
nowadays a bit brittle, has some rough edges, and adds significant code
complexity to chasquid-util.
AFAIK nobody is using it either (checked with some specific folks
directly, and it's not very discoverable either).
For all those reasons, this patch removes it.
This patch makes chasquid-util's aliases-resolve and domaininfo-remove
commands talk to the chasquid server (via the new localrpc server).
For aliases-resolve, currently has fairly hacky logic which reimplements
a bunch of the servers', and is also incomplete because it does not
support hooks.
In this patch we fix that by having it talk to the server, where we get
authoritative responses and have no issues with aliases hooks. This
resolves https://github.com/albertito/chasquid/issues/18.
For domaininfo-remove, currently its implementation is also very hacky
since it manipulates files behind the servers' back and without even
using the internal library.
In this patch we fix that by doing the operation through the server,
avoiding the need for those hacks, and also remove the need to manually
reload the server afterwards.
Some MTAs reject client connections unless the local name (used in the
HELO/EHLO command) looks like an FQDN. Currently, smtp-check always uses
`localhost`, which does not look like an FQDN.
This patch adds a command line flag to smtp-check to specify the
local name to be used.
Fixes https://github.com/albertito/chasquid/issues/37.
Amended-by: Alberto Bertogli <albertito@blitiri.com.ar>
Minor edits to the commit message, adjust flag name, go fmt.
Go 1.20 finally includes proper support for instrumenting binaries for
coverage. This allows us to drop quite a few hacks and workarounds that
we used for it, and we can now also test exiting cases.
The downside is that coverage tests now require Go 1.20, but it is an
acceptable price to pay for the more accurate results.
Normal integration tests are unchanged.
This patch updates the coverage testing infrastructure to make use of
the new Go 1.20 features.
This patch updates the shell scripts with some of the common best
practices, which should make them more resilient to unusual failures and
unexpected environments (in particular, directories with spaces).
Most of these were identified by shellcheck.
This patch changes several internal packages to receive and pass tracing
annotations, making use of the new tracing library, so we can have
better debugging information.
ioutil package was deprecated in Go 1.16, replace all uses with their
respective replacements.
This patch was generated with a combination of `gofmt -r`, `eg`, and
manually (for `ioutil.ReadDir`).
This patch implements support for catch-all aliases, where users can add
a `*: destination` alias. Mails sent to unknown users (or other aliases)
will not be rejected, but sent to the indicated destination instead.
Please see https://github.com/albertito/chasquid/issues/23 and
https://github.com/albertito/chasquid/pull/24 for more discussion and
background.
Thanks to Alex Ellwein (aellwein@github) for the alternative patch and
help with testing; and to ThinkChaos (ThinkChaos@github) for help with
testing.
If the `drop_characters` or `suffix_separators` options are set to "",
currently instead of the empty string, their default value is used instead.
This is a bug, and it also happens on other config options, but because
the others have to be set in order for chasquid to function, it's not a
problem in practice.
Thanks Björn Busse (bbusse@github) for finding and reporting this
problem, on irc and in https://github.com/albertito/chasquid/issues/25.
This patch fixes the problem by marking these fields explicitly
optional, which enables presence testing, as described in the protobuf
documentation:
https://github.com/protocolbuffers/protobuf/blob/master/docs/field_presence.md.
Today, we use `golang.org/x/crypto/ssh/terminal` to read passwords. That
package is obsolete, replaced with `golang.org/x/term`.
We couldn't move them because term wasn't compatible with Go 1.11 which
was our oldest supported Go version.
Now that we moved to Go 1.15 as the oldest supported version, we can do
the update.
Some LMTP servers (like dovecot) can't handle UTF8 addresses in the LMTP
commands. This can be problematic if we want to use them with UTF8
domains or usernames, which are well supported by chasquid.
To help workaround this issue, this patch adds a new -to_puny flag for
mda-lmtp, that makes it encode `from` and `recipient` in punycode.
That way, the server will get punycode-encoded (ASCII) strings in the
LTMP commands.
This can be particularly convenient when the recipients are ASCII
(because they're under the mail server control), but `from` may not be
(because it comes from the network).
The docopt-go library is quite convenient, but it has been abandoned for
a while :(
Since we only use it for chasquid-util, this patch removes it and
replaces it with a custom small parser, that is a reasonable fit for the
required use cases.
The patch also adds a couple of tests to increase coverage.
NOTE: docopt-go accepted some undocumented behaviour, in particular the
use of "-a b" instead of "-a=b". The new parser does not, so some
user scripts may require updating.
I think this should be rare enough not to be worth the complexity of
adjusting the parser to allow it.
This patch adds a minor test to dovecot-auth-cli to verify that the
check for invalid number of arguments is working as expected.
It's mostly for consistency, as the utility is only used for testing
purposes.
This makes it more clear how to specify which domain the user being
operated on is the sub-command targeting when using `--help`.
Amended-by: Alberto Bertogli <albertito@blitiri.com.ar>
Update code to match the updated parameter name.
The dovecot-auth-cli binary can be useful to debug and troubleshoot
dovecot auth issues.
This patch adds a small help message to make it easier for users to
understand how to use it.
This patch allows the configuration values to be overridden from the
command-line, with a new -config_overrides flag.
There is a fairly specific use case for this, when editing the
configuration file is not feasible or convenient (e.g. running an
user-supplied configuration in a managed environment).
Currently, the config package logs errors itself, in addition to
returning them.
That is confusing and results in some duplication of logging.
This patch makes config just return errors, and adjusts the callers
to log them properly.
There is a new protobuf library (and corresponding code generator) for
Go: google.golang.org/protobuf.
It is fairly compatible with the previous v1 API
(github.com/golang/protobuf), but there are some changes.
This patch adjusts the code and generated files to the new API.
The on-wire/on-disk format remains unchanged so this should be
transparent to the users.
The linter complains that we're not checking for errors, but on some
cases it's on code paths were it is reasonable to do so (e.g. we're
closing the connection and it's a best-effort write).
This patch adjusts the code to make those cases explicit.
When creating a database directory, we were missing the check to see if
it had succeeded, which would make issues more difficult to troubleshoot.
This patch adds the missing check.
docopt.Parse is deprecated. This patch updates the code to the newer
variant, ParseDoc, since the default options are what we want.
There are no functional changes.
smtp-check exits on the first error, which is not ideal when
troubleshooting, as seeing only one error can mask others, or make it
more difficult to find the underlying cause.
This patch improves how smtp-check reports errors by tweaking the
presentation a bit, as well as perform almost all checks regardless of
whether they pass or not.
The spf library has gained support for macros, but to process them
properly, a new function needs to be called with the full sender
address, spf.CheckHostWithSender.
This patch updates chasquid's calls to the new API.
This commit brings back the experimental MTA-STS (Strict Transport
Security) implementation, removed in commit
7f5bedf4aa.
We will continue development in the "sts" branch, subject to rebase,
until it is ready to be integrated into "next" again.
This patch adds more tests for the dovecot library, in particular:
- Protocol errors (invalid versions, etc.).
- Invalid command (cli-specific test).
- Connection breakups.
Many areas of the dovecot library are tested via chamuyero scripts, but
these were not being included in the coverage report.
This patch extends the dovecot-auth-cli tests so that they are now
coverage-aware.
This patch adds a chasquid-util subcommand to remove a domain
information entry.
The main use case is to manually allow a security level downgrade, after
performing manual verification.
This patch adds a missing docstrings for exported identifiers, and
adjust some of the existing ones to match the standard style.
In some cases, the identifiers were un-exported after noticing they had
no external users.
Besides improving documentation, it also reduces the linter noise
significantly.
This patch adds some tooling and scripts to generate test coverage
information.
Unfortunately, this involves some hacks as Go does not have support for
generating coverage-enabled binaries, or merging coverage reports; but
overall it's not very intrusive.
This patch adds a new package which implements two basic primitives for
authenticating against dovecot ("user exists", and "check password").
It is still experimental/work in progress.
The mda-lmtp tests are missing a file in the repository, which causes the
test to fail. This went unnoticed because they are not included in the
automated test suite, which will be fixed in a follow-up patch.
This patch adds the mising test file, with a harder to miss name.
Either the recipient or from addresses can be "<>" to indicate the null
address. mda-lmtp does not handle that well, as it sends "<<>>" which is
invalid.
This patch fixes that by special-casing them, which is unfortunate but
reasonably common.
mda-lmtp is a very basic MDA that uses LMTP to do the mail delivery.
It takes command line arguments similar to maildrop or procmail, reads an
email via standard input, and sends it over the given LMTP server.
Supports connecting to LMTP servers over UNIX sockets and TCP.
Since chasquid does not support direct LMTP local delivery, this can be
used as a workaround instead.
Example of use:
$ mda-lmtp --addr localhost:1234 -f juan@casa -d jose < email
This commit removes the experimental MTA-STS (Strict Transport Security)
implementation for now, as it's not up to date with the latest draft.
Development will continue on the "sts" branch, but this way it won't
block releases until it is ready.
Commits reverted:
- cb6500b993
- 0eeb964534
- e66288e4b4
- 216cf47ffa
- d66b06de51
- fe00750e39
- 933ab54cd8
This EXPERIMENTAL patch has a basic implementation of MTA-STS (Strict
Transport Security), based on the current draft at
https://tools.ietf.org/html/draft-ietf-uta-mta-sts-02.
It integrates the policy fetching and checking into the smtp-check tool
for convenience, but not yet in chasquid itself.
This is a proof of concept. Many features and tests are missing; in
particular, there is no caching at all yet.
When adding a user, chasquid-util should create the domain directory if
it doesn't exist, but currently doesn't do that.
This patch fixes this by adding the missing os.MkdirAll call.
Thanks to Martin Ferrari for the bug report!
This patch changes chasquid-util's subcommands and parameters to
(hopefully) make them more user friendly and intuitive by default.
The changes include defaulting the configuration to /etc/chasquid, and
using full addresses as usernames.
It also adds some shell tests to cover most of the functionality.
This patch is the result of running go vet, go fmt -s and the linter,
and fixing some of the things they noted/suggested.
There shouldn't be any significant logic changes, it's mostly
readability improvements.
This patch implements local username normalization using PRECIS
(https://tools.ietf.org/html/rfc7564,
https://tools.ietf.org/html/rfc7613)
It makes chasquid accept local email and authentication regardless of
the case. It covers both userdb and aliases.
Note that non-local usernames remain untouched.
This patch adds a package for evaluating SPF, as defined by RFC 7208
(https://tools.ietf.org/html/rfc7208).
It doesn't implement 100% of the RFC, but it coves enough to handle the
most common cases, and will fail open on the others.
