If we fail to put the message in the queue (e.g. because we're out of
storage space, or the aliases-resolve hook errored out), it should be
considered a transient failure.
Currently we return a permanent error, which is misleading, as we want
clients to retry in these situations.
So this patch changes the error returned accordingly.
This patch updates the auto-generated code to match the latest tooling
versions.
In particular, the protobufs are regenerated, and the new version no
longer supports unkeyed literals, so some minor changes are needed.
Other than that, the cipher list is extended with the latest ciphers.
This patch implements two new hooks: alias-resolve and alias-exists.
They are called during the aliases resolution process, to allow for more
complex integration with other systems, such as storing the aliases in a
database.
See the included documentation for more details.
The spf library has gained support for macros, but to process them
properly, a new function needs to be called with the full sender
address, spf.CheckHostWithSender.
This patch updates chasquid's calls to the new API.
Some tests did not make use of testlib.RemoveIfOk, which resulted in
some duplication; this patch fixes that.
While at it, userdb tests have its own simpler variant, so add some
safety checks to it.
The MTA-STS standard explicitly says the maximum max_age is 1 year.
This patch adds a check to the STS library to enforce this. Policies
with max_age > 1y will be treated as invalid.
See this email thread for some discussion on the topic:
https://mailarchive.ietf.org/arch/msg/uta/bnUjy9jxM_Va-lDXVtbB32zIkYI
The submission_over_tls_address configuration option has existed for a
long time, but was not properly documented.
This patch adds it to the manpage, as well as printing it in the
configuration output on startup.
The maillog package will write to the system logger if it can't write to
the mail log. It does this only once to avoid spamming the system logger
on misconfigurations.
This patch adds a test for this condition.
We want to test that autodetection works with closed sockets, as we
explicitly support that scenario: chasquid might be up before dovecot
is, and we still want the detection to work.
The code is written that way, but we had no tests for it until now,
because we were blocked on the unix listeners supporting
SetUnlinkOnClose, which appeared in Go 1.8.
Now that the minimum Go version has been raised past that, we can
implement the test.
Now that we raised the minimum Go version to 1.9, we can make use of
expvar's .Value methods to simplify some of the STS tests.
This patch makes those simplifications, which do not change the logic of
the tests themselves.
There are a few context.WithDeadline calls that can be simplified by
using context.WithTimeout.
At the time they were added, WithTimeout was too new so we didn't want
to depend on it. But now that the minimum Go version has been raised to
1.9, we can simplify the calls.
This patch does that simplification, which is purely mechanical, and
does not change the logic itself.
This patch contains some changes to generate tidier DSNs, which should
make them slightly more readable.
In particular, it also makes it able to handle multi-line errors much
better than before.
When handling a connection, today we only set a deadline after each
command received.
However, this does not cover our initial greeting, or the initial TLS
handshake (if the socket is TLS), so a connection can hang
indefininitely at that stage.
This patch fixes that by setting a deadline earlier, before we send or
receive anythong on the connection.
Our non-delivery status notifications are quite simple today, but that
makes it much more difficult to support internationalization and
cross-language reporting.
There is a standard for internationalized DSNs, RFC 6533 (which builds
on top of the structured DSNs from RFC 3464).
This patch changes our DSN messages to be based on those standards, so
it is easier for MUAs to display reports according to the users'
languages preferences.
Note we still use message/rfc822 + 8bit to transmit the message, instead
of message/global, for compatibility reasons. This seems to be more
universally compatible, but the decision might be revisited in the
future. See RFC 5335 (section 4.6 in particular).
This patch contains some minor code style improvements, to leave the
linter happier and generally follow best practices in some areas where
things snuck through.
In the upcoming Go release, logging from a finished testing.T triggers a
panic. In the courier tests, this is possible because we don't wait for
completion of fakeServer before ending the test.
This patch makes the tests wait for fakeServer to finish before exiting,
removing the race.
Despite its loose appearance, the "Received" header has a reasonably
standarized format.
We were not following the standard format as closely as we should; this
rarely causes problems in this particular case, but there's no need to
deviate from it.
This patch changes the Received header generation as follows:
- The "from" section now uses the remote address as canonical (for
non-authenticated users) which provides more valuable information
than the user-supplied EHLO address (which is also included).
- The remote authenticated user is now hidden, for additional privacy.
- Use the "with" optional clause.
- Use the standard way of printing TLS cipher suite.
- Use the standard way of printing address literals.
MTA-STS has been published as RFC 8461, with no major changes since the
last draft we updated (-18).
This patch updates the documentation accordingly (no code changes).
Instead of pre-filtering the MX list based on STS policy, just check
if it's allowed before each attempt, and skip it if not.
This simplifies the code.
This patch updates the STS implementation from draft version 02 to 18.
The main changes are:
- Policy is now in an ad-hoc format instead of JSON (😒).
- Minor policy well-known URL change (now ends in ".txt").
- Enforce HTTP media type == text/plain, as with the ad-hoc format this
becomes much more important.
- Simplify wildcard mx matching (same algorithm), extend test cases.
- Valid modes are "enforce" (as before), "testing" (replaces "report"),
and "none" (new).
This commit brings back the experimental MTA-STS (Strict Transport
Security) implementation, removed in commit
7f5bedf4aa.
We will continue development in the "sts" branch, subject to rebase,
until it is ready to be integrated into "next" again.
This patch adds more tests for the dovecot library, in particular:
- Protocol errors (invalid versions, etc.).
- Invalid command (cli-specific test).
- Connection breakups.
This patch adds some test cases for I/O errors, in particular when
reading, writing and listing from files that don't exist or that we
shouldn't have permissions to access.
This patch makes chasquid reload domaininfo periodically, so it notices
any external changes made to it.
It is in line with what we do for aliases and authentication already,
and makes it possible for external removals an additions to the
domaininfo database to be picked up without a restart.
Some transient issues might take more than 12h to resolve, specially if
they happen overnight.
20h gives a bit more margin for retries, while still being short enough
so that users are notified early.
This patch adds a missing docstrings for exported identifiers, and
adjust some of the existing ones to match the standard style.
In some cases, the identifiers were un-exported after noticing they had
no external users.
Besides improving documentation, it also reduces the linter noise
significantly.
In the protoio tests, we were using unkeyed fields in some composite
literals. This can cause confusion and makes the code more brittle wrt.
future changes. go vet also complains about this.
This patch fixes the issue by adding the field names to the struct
initializations.
This patch extends various packages and integration tests, increasing
test coverage. They're small enough that it's not worth splitting them
up, as it would add a lot of noise to the history.
We don't expect the AddHeader function to be given an empty key;
however, if that were to happen, it currently crashes.
This patch fixes the bug, while also adding tests for that and other
similar cases.
Dovecot has options for changing the formatting of usernames; for
example, dropping the domain part, or replacing characters.
chasquid's implementation, however, fails to handle this well, as it
expects the reply to contain the username exactly as requested.
This patch fixes the problem by making chasquid ignoring the returned
username, which is unused anyway. The protocol is unambiguous enough.
Tests are also amended to always exercise this case.
