Currently, the config package logs errors itself, in addition to
returning them.
That is confusing and results in some duplication of logging.
This patch makes config just return errors, and adjusts the callers
to log them properly.
There is a new protobuf library (and corresponding code generator) for
Go: google.golang.org/protobuf.
It is fairly compatible with the previous v1 API
(github.com/golang/protobuf), but there are some changes.
This patch adjusts the code and generated files to the new API.
The on-wire/on-disk format remains unchanged so this should be
transparent to the users.
The linter complains that we're not checking for errors, but on some
cases it's on code paths were it is reasonable to do so (e.g. we're
closing the connection and it's a best-effort write).
This patch adjusts the code to make those cases explicit.
When creating a database directory, we were missing the check to see if
it had succeeded, which would make issues more difficult to troubleshoot.
This patch adds the missing check.
docopt.Parse is deprecated. This patch updates the code to the newer
variant, ParseDoc, since the default options are what we want.
There are no functional changes.
smtp-check exits on the first error, which is not ideal when
troubleshooting, as seeing only one error can mask others, or make it
more difficult to find the underlying cause.
This patch improves how smtp-check reports errors by tweaking the
presentation a bit, as well as perform almost all checks regardless of
whether they pass or not.
The spf library has gained support for macros, but to process them
properly, a new function needs to be called with the full sender
address, spf.CheckHostWithSender.
This patch updates chasquid's calls to the new API.
This commit brings back the experimental MTA-STS (Strict Transport
Security) implementation, removed in commit
7f5bedf4aa.
We will continue development in the "sts" branch, subject to rebase,
until it is ready to be integrated into "next" again.
This patch adds more tests for the dovecot library, in particular:
- Protocol errors (invalid versions, etc.).
- Invalid command (cli-specific test).
- Connection breakups.
Many areas of the dovecot library are tested via chamuyero scripts, but
these were not being included in the coverage report.
This patch extends the dovecot-auth-cli tests so that they are now
coverage-aware.
This patch adds a chasquid-util subcommand to remove a domain
information entry.
The main use case is to manually allow a security level downgrade, after
performing manual verification.
This patch adds a missing docstrings for exported identifiers, and
adjust some of the existing ones to match the standard style.
In some cases, the identifiers were un-exported after noticing they had
no external users.
Besides improving documentation, it also reduces the linter noise
significantly.
This patch adds some tooling and scripts to generate test coverage
information.
Unfortunately, this involves some hacks as Go does not have support for
generating coverage-enabled binaries, or merging coverage reports; but
overall it's not very intrusive.
This patch adds a new package which implements two basic primitives for
authenticating against dovecot ("user exists", and "check password").
It is still experimental/work in progress.
The mda-lmtp tests are missing a file in the repository, which causes the
test to fail. This went unnoticed because they are not included in the
automated test suite, which will be fixed in a follow-up patch.
This patch adds the mising test file, with a harder to miss name.
Either the recipient or from addresses can be "<>" to indicate the null
address. mda-lmtp does not handle that well, as it sends "<<>>" which is
invalid.
This patch fixes that by special-casing them, which is unfortunate but
reasonably common.
mda-lmtp is a very basic MDA that uses LMTP to do the mail delivery.
It takes command line arguments similar to maildrop or procmail, reads an
email via standard input, and sends it over the given LMTP server.
Supports connecting to LMTP servers over UNIX sockets and TCP.
Since chasquid does not support direct LMTP local delivery, this can be
used as a workaround instead.
Example of use:
$ mda-lmtp --addr localhost:1234 -f juan@casa -d jose < email
This commit removes the experimental MTA-STS (Strict Transport Security)
implementation for now, as it's not up to date with the latest draft.
Development will continue on the "sts" branch, but this way it won't
block releases until it is ready.
Commits reverted:
- cb6500b993
- 0eeb964534
- e66288e4b4
- 216cf47ffa
- d66b06de51
- fe00750e39
- 933ab54cd8
This EXPERIMENTAL patch has a basic implementation of MTA-STS (Strict
Transport Security), based on the current draft at
https://tools.ietf.org/html/draft-ietf-uta-mta-sts-02.
It integrates the policy fetching and checking into the smtp-check tool
for convenience, but not yet in chasquid itself.
This is a proof of concept. Many features and tests are missing; in
particular, there is no caching at all yet.
When adding a user, chasquid-util should create the domain directory if
it doesn't exist, but currently doesn't do that.
This patch fixes this by adding the missing os.MkdirAll call.
Thanks to Martin Ferrari for the bug report!
This patch changes chasquid-util's subcommands and parameters to
(hopefully) make them more user friendly and intuitive by default.
The changes include defaulting the configuration to /etc/chasquid, and
using full addresses as usernames.
It also adds some shell tests to cover most of the functionality.
This patch is the result of running go vet, go fmt -s and the linter,
and fixing some of the things they noted/suggested.
There shouldn't be any significant logic changes, it's mostly
readability improvements.
This patch implements local username normalization using PRECIS
(https://tools.ietf.org/html/rfc7564,
https://tools.ietf.org/html/rfc7613)
It makes chasquid accept local email and authentication regardless of
the case. It covers both userdb and aliases.
Note that non-local usernames remain untouched.
This patch adds a package for evaluating SPF, as defined by RFC 7208
(https://tools.ietf.org/html/rfc7208).
It doesn't implement 100% of the RFC, but it coves enough to handle the
most common cases, and will fail open on the others.
This patch adds a small utility called "smtp-check" that will perform basic
checks on the SMTP setup for the given domain.
Only basic things are implemented for now.
This patch adds a print-config option that will parse a config and print it
(in text protobuf format).
It can be used to validate configurations, and see what the effective
configuration is (that is, including the defaults).
This patch removes chasquid-userdb and adds a more generic and extensive
chasquid-util, that supports various operations on user databases as well as
aliases lookups.
The code is not very pretty but for now I took a more practical approach, the
tool is ancillary and can be tidied up later.
This patch adds a "chasquid-userdb" command line tool to check and add users
to chasquid's userdb files.
It's not pretty or very friendly, as it's meant to be used for testing for
now.
