The manpages are generated from pod files using pod2man, but it has been
a long time since we last re-generated them, and the new versions of
pod2man generate significantly different (and simpler) pages.
So this patch just regenerates the man pages, to make future changes
easier and more self contained to review.
Today, the maximum number of items in the queue, as well as how long we
keep attempting to send each item, is hard-coded and not changed by end
users.
While they are totally adequate for chasquid's main use cases, it can
still be useful for some users to change them.
So this patch adds two new configuration options for those settings.
They're marked experimental for now, so we can adjust them if needed
after they get more exposure.
Thanks to Lewis Ross-Jones <lewis_r_j@hotmail.com> for suggesting this
improvement, and help with testing it.
This patch implements "via" aliases, which let us explicitly select a
server to use for delivery.
This feature is useful in different scenarios, such as a secondary MX
server that forwards all incoming email to a primary.
For now, it is experimental and the syntax and semantics are subject to
change.
This patch implements support for aliases that contain '*' as the
destination user.
In that case, we replace it with the original user.
For example, `*: *@pond` will redirect `lilly@domain` to `lilly@pond`.
This is experimental for now, and marked as such in the documentation.
The semantics can be subtle, so we may need to adjust them later.
There's an inconsistency between chasquid (which uses `--config_dir`) and
chasquid-util (which uses `--configdir`).
That is prone to cause confusion, so this patch renames chasquid-util's
flag, leaving the old one as deprecated with a warning message.
Closes https://github.com/albertito/chasquid/pull/60.
Amended-by: Alberto Bertogli <albertito@blitiri.com.ar>
Added test case for the deprecated option, adjusted commit message.
Microsoft SMTP servers have a bug that prevents them from successfully
establishing a TLS connection against modern Go TLS servers, and some
OpenSSL versions. It also doesn't fall back to plain-text, so this has
been causing deliverablity issues.
The problem started by the end of 2024 and it's still not fixed.
Unfortunately, because they're quite a big provider and are not fixing
their problem, it is worth to do a server-side workaround.
This patch implements that workaround: it disables TLS session tickets.
There is no security impact for doing so, and there is a small
performance penalty which is likely to be insignificant for chasquid's
main use cases.
This workaround should be removed once Microsoft fixes their problem.
We are going to make a 1.15.1 release for this, which this patch also
documents.
Thanks to Michael (l6d-dev@github) for reporting this issue and
suggesting this workaround!
See https://github.com/albertito/chasquid/issues/64 and
https://github.com/golang/go/issues/70232 for more details.
Authenticated users are intentionally allowed to send email as other users or
domains. This is a design choice made to balance simplicity of operation and
use.
However, it can be surprising and it's not obvious, so this patch adds a
note to the documentation about it.
Thanks to Matěj Volf for suggesting this improvement!
Fixes: https://github.com/albertito/chasquid/issues/62
This patch adds a document with guidelines for contributing to chasquid.
It includes suggestions for how to ask questions, how to send patches
(and the expectations around them), and documents how the different
branches are used.
Thanks to raspbeguy (https://github.com/raspbeguy) for suggesting this
improvement.
We've had a couple of reported issues about the difficulty of setting up
new clients, or confusion due to using broken clients:
- https://github.com/albertito/chasquid/pull/46
- https://github.com/albertito/chasquid/issues/52
This patch adds the first version of a "Clients" document that includes
requirements for all clients, configuration examples, and a list of
known-problematic client software.
The goal is to help reduce friction and confusion when setting up
clients.
The document needs more polishing and examples, which hopefully will be
added later.
Fixes https://github.com/albertito/chasquid/issues/48.
The SMTP smuggling vulnerability fixed in 1.13 (and 1.11.1) has been
given a CVE number: CVE-2023-52354
(https://nvd.nist.gov/vuln/detail/CVE-2023-52354).
This patch adds a link to it in the release notes, for ease of reference.
chasquid v1.11.1 was released on 2023-12-26 with a backport of the
security fixes from 1.13.
This was requested by users of Debian stable, who are on 1.11.
Some use cases, like receive-only MTAs, need domain users for receiving
emails, but have no real need for passwords since they will never use
submission.
Today, that is not supported, and those use-cases require the
administrator to come up with a password unnecessarily, adding
complexity and possibly risk.
This patch implements "receive-only users", which don't have a valid
password, thus exist for the purposes of delivering mail, but always
fail authentication.
See https://github.com/albertito/chasquid/issues/44 for more details and
rationale.
Thanks to xavierg who suggested this feature on IRC.
Today, when a user sets an alias with drop characters and/or suffixes,
those go unused, since we always "clean" addresses before alias
resolution.
This results in unexpected and surprising behaviour, and it's not
properly documented either.
This patch resolves this unexpected behaviour as follows:
- Drop characters are ignored, both at parsing time and at lookup time.
- Lookups are done including the suffixes first, and if that results in
no matches, they are retried without suffixes.
This results in aliases working more intuitively for the most common use
cases: of users wanting to have different aliases for specific suffixes,
and not having to care for drop characters.
Hooks can be used to get different behaviour if needed, since the first
lookup is done with the address as-is.
Thanks to znerol@ (lo+github@znerol.ch) for reporting this, and the
discussion on how to fix it, in
https://github.com/albertito/chasquid/issues/41.
Since commit e6c6df45, `chasquid-util alias-resolve` talks to the server
and returns authoritative answers.
This patch updates docs/aliases.md to reflect that, which was missed in
the original set of changes.
This patch makes chasquid-util's aliases-resolve and domaininfo-remove
commands talk to the chasquid server (via the new localrpc server).
For aliases-resolve, currently has fairly hacky logic which reimplements
a bunch of the servers', and is also incomplete because it does not
support hooks.
In this patch we fix that by having it talk to the server, where we get
authoritative responses and have no issues with aliases hooks. This
resolves https://github.com/albertito/chasquid/issues/18.
For domaininfo-remove, currently its implementation is also very hacky
since it manipulates files behind the servers' back and without even
using the internal library.
In this patch we fix that by doing the operation through the server,
avoiding the need for those hacks, and also remove the need to manually
reload the server afterwards.
Some systems, like GitHub, can use `docs/SECURITY.md` to inform users on
how to report security issues.
This patch adds one to the tree. It is not linked explicitly in mkdocs
because the same information is already covered in the doc index and
README already.
Some MTAs reject client connections unless the local name (used in the
HELO/EHLO command) looks like an FQDN. Currently, smtp-check always uses
`localhost`, which does not look like an FQDN.
This patch adds a command line flag to smtp-check to specify the
local name to be used.
Fixes https://github.com/albertito/chasquid/issues/37.
Amended-by: Alberto Bertogli <albertito@blitiri.com.ar>
Minor edits to the commit message, adjust flag name, go fmt.
This patch updates the shell scripts with some of the common best
practices, which should make them more resilient to unusual failures and
unexpected environments (in particular, directories with spaces).
Most of these were identified by shellcheck.
This patch changes several internal packages to receive and pass tracing
annotations, making use of the new tracing library, so we can have
better debugging information.
This patch implements support for catch-all aliases, where users can add
a `*: destination` alias. Mails sent to unknown users (or other aliases)
will not be rejected, but sent to the indicated destination instead.
Please see https://github.com/albertito/chasquid/issues/23 and
https://github.com/albertito/chasquid/pull/24 for more discussion and
background.
Thanks to Alex Ellwein (aellwein@github) for the alternative patch and
help with testing; and to ThinkChaos (ThinkChaos@github) for help with
testing.
The install guide mentions that the `certs/` directory can be symlinked,
but doesn't cover permissions much, so it's easy for users to be
confused (like it happened in
https://github.com/albertito/chasquid/issues/26).
This patch adds a bit more details on how to set up certificates, to
hopefully reduce the chances of confusion.
This patch simplifies the internal alias lookup logic, unifying it
across Resolve and Exists.
As part of this, the `alias-exists` hook is removed. It was redundant to
begin with, although it enabled a potential optimization, it isn't worth
the complexity. The timeout for execution of both was the same.
This change should be backwards-compatible because `alias-resolve` is
still used, and the semantics haven't changed.
Document that only haproxy's PROXY protocol v1 is supported. This can
help users configure their instance and avoid trying to set up other
versions.
Thanks to Björn Busse (bbuse@github) for reporting this!
This patch adds some basic instructions to the documentation on how to
set up DKIM, using the tools supported by the example hook.
It's not meant to be a full DKIM how-to, but to help someone who already
knows enough, or who is complementing it with a more general purpose
DKIM guide.
This patch adds support in the default hook for using dkimpy for DKIM
signing.
Unfortunately, dkimpy binaries have the same name as driusan/dkim's, so
we need to use --help to disambiguate. It's not pretty but it should
work, and is quite self contained.
Also, for the integration tests, we still need driusan/dkim because
dkimpy lacks the features needed. Specifically, dkimpy's dkimverify
can't be made to use custom DNS, or override the TXT values in any way,
so we can't verify that the generated signature is reasonable.
Thanks to ne9z@github for suggesting this change and providing an
alternative patch in https://github.com/albertito/chasquid/pull/19.
Some deployments already have users that authenticate without a domain.
Today, we refuse to even consider those, and reject them at parsing time.
However, it is a use-case worth supporting, at least with some
restrictions that make the complexity manageable.
This patch changes the auth package to support authenticating users
without an "@domain" part.
Those requests will always be directly passed on to the fallback
authenticator, if available.
The dovecot fallback authenticator can already handle this case just fine.
Currently, chasquid attempts to auto-detect dovecot sockets when
starting up (if needed). If autodetection fails, chasquid emits an
error, continues serving, and never tries again.
This can be problematic if chasquid starts up before dovecot, and at the
time the dovecot sockets are not present (e.g. after a reboot). In that
case, chasquid will not use dovecot for authentication even after
dovecot has started.
This patch changes the autodetect logic, by doing autodetection at
startup and on each request, until we find a working pair of sockets.
Once we do, they're used consistently.
That way, if dovecot is not ready when chasquid starts, it's not a
problem and chasquid will start using dovecot once it becomes available.
Thanks to Thor77 (thor77@thor77.org) for reporting and helping
troubleshoot this issue.
There's a known issue in versions 0.07 to 1.5 where the post-data hook
invocation can fail if the dkimsign binary exists, due to a bug in the
post-data hook check.
This was fixed by commit b6248f3, but it is found on occasion since the
current Debian stable ships 0.07, and Ubuntu 20.04 LTS ships 1.2.
So this patch adds it to the known issues list.
It's common that people running old releases (for example, because of
their Linux distribution version) run into issues that have already been
fixed.
It can be convenient to have a list of the most common known issues and,
when available, their workarounds.
This patch creates the documentation page for them, currently empty. It
will be filled in subsequent patches.
This patch adds a new link to the RBL checking suggestion, since the
existing one doesn't work with IPv6, and it's important to get good
coverage.
While at it, it also fixes the path to mda-lmtp, which was wrong before.
The docopt-go library is quite convenient, but it has been abandoned for
a while :(
Since we only use it for chasquid-util, this patch removes it and
replaces it with a custom small parser, that is a reasonable fit for the
required use cases.
The patch also adds a couple of tests to increase coverage.
NOTE: docopt-go accepted some undocumented behaviour, in particular the
use of "-a b" instead of "-a=b". The new parser does not, so some
user scripts may require updating.
I think this should be rare enough not to be worth the complexity of
adjusting the parser to allow it.
