This patch implements support for incoming connections wrapped in the
HAProxy protocol v1.
This is useful when running chasquid behind a HAProxy server, as it
needs the original source IP to perform SPF checks.
This patch is a reimplementation of one originally provided by Denys
Vitali in pull request #15, except the logic for the protocol handling
is moved to a new package, and the smtpsrv.Conn handling of the source
IP is simplified.
It is marked as experimental for now, since we want to give it a bit
more exposure just in case the option/api needs adjustment.
Thanks a lot to Denys Vitali (@denysvitali in github) for sending the
original patch for this, and helping test it!
Some utilities might want to access the EHLO/HELO domain in the
post-data hook (for example, to do additional SPF validations).
This patch implements that support, including sanitizing the EHLO domain
on the environment variable to reduce the risk of problems.
This patch updates and extends the links to the distribution packages,
referencing them from the README (it's more likely to be what the reader
wants to see), and also extending the Arch packaging with binary package
information.
This patch makes chasquid's monitoring server expose an OpenMetrics
metrics endpoint.
It adds a new package "expvarom" which implements an HTTP handler that
exports expvar variables in the OpenMetrics text format.
Then, the handler is registered by the monitoring server at /metrics
(where most things expect it to be).
The existing exported variables are also extended with descriptions,
which is optional, but improves the readability of the metrics.
This patch adds support for writing maillog to stdout and stderr, which
can be desirable in certain environments.
Thanks to Denys Vitali <denys@denv.it> who sent an alternative patch for
this functionality.
This patch allows the configuration values to be overridden from the
command-line, with a new -config_overrides flag.
There is a fairly specific use case for this, when editing the
configuration file is not feasible or convenient (e.g. running an
user-supplied configuration in a managed environment).
The SMTP courier, which handles outgoing connections, uses the domain of
the envelope's from as the domain in the HELO/EHLO greeting.
This works fine in practice, but ideally the domain used in the greeting
should match the reverse DNS record. This used to be more relevant but
nowadays it is not really enforced; however, it sometimes comes up in
self checks, and might cause some confusion when troubleshooting.
So this patch makes it use the configured hostname instead, which is
under the users' control and more likely to be compliant. It also
simplifies the code.
The documentation of the hostname configuration option is also updated
to mention this behaviour.
Thanks to Jonas Seydel (thor77) for bringing this up.
There is an AUR package for chasquid, so this patch adds references to
it in the documentation.
Thanks to Max Mazurov (fox.cpp@disroot.org) for adding the package.
This patch adds a section on dovecot authentication troubleshooting,
with common suggestions that can help identify what is going on when
the chasquid-dovecot interaction isn't working as expected.
When an alias has a remote destination, chasquid uses sender rewriting
(also known as SRS [1]) to forward the email without risking being in
violation of SPF policies.
See https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme for more
details.
This, however, wasn't documented anywhere, as noted in
https://github.com/albertito/chasquid/issues/6.
This patch adds a paragraph to the alias documentation explaining this
behaviour.
This patch updates the installation guide to try to make the
installation section more readable.
It also assumes a modern Go environment is installed, which
simplifies the process of building from source.
This patch implements two new hooks: alias-resolve and alias-exists.
They are called during the aliases resolution process, to allow for more
complex integration with other systems, such as storing the aliases in a
database.
See the included documentation for more details.
Rspamd (https://rspamd.com/) is a popular open-source spam filtering
system.
This patch adds integration with it in the example hook, which uses the
rspamc client to get a veredict, similar to what it does for
Spamassassin.
This patch replaces test/README, which was becoming a bit outdated, with
a more general description of the different tests at a high level, and
includes it in the documentation index.
In authentication requests sent to dovecot, chasquid uses the full
addresses, "user@domain". However this wasn't mentioned in the
documentation, and could cause some confusion.
So this patch adds an explicit clarification about this in the dovecot
integration documentation.
This patch adds a new docker directory, which contains a Dockerfile plus
some additional configuration for creating a container that runs
chasquid+dovecot+letsencrypt.
It also updates the gitlab CI pipeline to automatically build and
publish an image on each commit.
This is experimental and likely to break.
This patch adds configuration to integrate with readthedocs.org, using
mkdocs as rendering engine.
It also does minor documentation updates, to tidy some things up
(clearer titles, move some documentation from the root into docs/, etc).
The submission_over_tls_address configuration option has existed for a
long time, but was not properly documented.
This patch adds it to the manpage, as well as printing it in the
configuration output on startup.
This patch contains some minor updates to docs/howto.md for simplicity
and readability.
In particular removing the "testing" qualifier from Debian, since the
guide can be used on Debian stable, and also removing a clarification in
a comment about a very old version of chasquid.
This patch adds DKIM signing using https://github.com/driusan/dkim tools
to the example hook.
It also adds an optional integration test to exercise signing and
verification, and corresponding documentation.
When regenerating the manpages, the mtime of the pod files is used.
That mtime can change based on file and repository manipulations,
because git does not preserve mtimes.
This causes unnecessary regenerations which require manual cleanups in
order to avoid cluttering the history unnecessarily.
This patch makes the generate script set the mtime of the pod files to
the time of the last git commit that affected them, if they have not
changed since. This avoids unnecessary changes and makes the script
easier to use.
There's one file that needed adjustment to match its last commit time,
that is also included here.
This patch adds a chasquid-util subcommand to remove a domain
information entry.
The main use case is to manually allow a security level downgrade, after
performing manual verification.
This patch adds man pages for chasquid's main commands and
configuration. They are generated using pod2man (commonly used for this,
and included with perl in most distributions).
The generated man pages are included to avoid introducing a dependency
for such simple task, similar to how we handle protocol buffer generated
files.
This patch adds a brief how-to guide for setting up an email server with
Debian, dovecot and chasquid.
It is incomplete, but has enough information that it's ok to include it.
This patch adds dovecot support to the chasquid daemon, using the
internal dovecot library added in previous patches.
Dovecot support is still considered EXPERIMENTAL and may be reverted, or
changed in backwards-incompatible ways.
The patch also adds the corresponding integration test, which brings up
a dovecot server with a custom configuration, and tests chasquid's
authentication against it. If dovecot is not installed, the test is
skipped.
