This patch adds a new docker directory, which contains a Dockerfile plus
some additional configuration for creating a container that runs
chasquid+dovecot+letsencrypt.
It also updates the gitlab CI pipeline to automatically build and
publish an image on each commit.
This is experimental and likely to break.
Instead of use readthedocs.org, point to the self-hosted version of the
rendered documentation.
We still use mkdocs to generate it, it's just more practical and
consistent to self-host the documentation.
This patch adds configuration to integrate with readthedocs.org, using
mkdocs as rendering engine.
It also does minor documentation updates, to tidy some things up
(clearer titles, move some documentation from the root into docs/, etc).
The tests might start running and attempting to do DNS resolutions
before minidns has come up, which can cause false positives and flaky
tests.
This patch makes the entrypoint wait until minidns has come up, to fix
the problem.
The golang image has been updated to use Debian buster. In that version,
msmtp is now setgid, which means glibc sanitizes the environment before
forking and $HOSTALIASES will be ignored, which breaks the tests.
This patch works around the problem by removing the setgid bit from
msmtp.
The submission_over_tls_address configuration option has existed for a
long time, but was not properly documented.
This patch adds it to the manpage, as well as printing it in the
configuration output on startup.
The integration tests are automatically run in a gitlab CI pipeline,
using docker.
This patch adds a link to the current status, like we do for the Go test
that are run in Travis, for convenience.
This patch contains some minor updates to docs/howto.md for simplicity
and readability.
In particular removing the "testing" qualifier from Debian, since the
guide can be used on Debian stable, and also removing a clarification in
a comment about a very old version of chasquid.
The test/t-14-tls_tracking test relies on Go 1.8 features, but since we
used to support Go 1.7, the test had a version check.
Since now the minimum Go version supported is 1.9, we can remove this
check.
The maillog package will write to the system logger if it can't write to
the mail log. It does this only once to avoid spamming the system logger
on misconfigurations.
This patch adds a test for this condition.
We want to test that autodetection works with closed sockets, as we
explicitly support that scenario: chasquid might be up before dovecot
is, and we still want the detection to work.
The code is written that way, but we had no tests for it until now,
because we were blocked on the unix listeners supporting
SetUnlinkOnClose, which appeared in Go 1.8.
Now that the minimum Go version has been raised past that, we can
implement the test.
Now that we raised the minimum Go version to 1.9, we can make use of
expvar's .Value methods to simplify some of the STS tests.
This patch makes those simplifications, which do not change the logic of
the tests themselves.
There are a few context.WithDeadline calls that can be simplified by
using context.WithTimeout.
At the time they were added, WithTimeout was too new so we didn't want
to depend on it. But now that the minimum Go version has been raised to
1.9, we can simplify the calls.
This patch does that simplification, which is purely mechanical, and
does not change the logic itself.
As of a29dc8fd (2019-04-26), golang.org/x/crypto requires math/bits.
math/bits was introduced in Go 1.9, so we can no longer build from head
using 1.7.
Building using Debian's packaged dependencies should work just fine, but
since we want Travis to build from head, this commit updates the minimum
supported version to 1.9.
This patch contains some changes to generate tidier DSNs, which should
make them slightly more readable.
In particular, it also makes it able to handle multi-line errors much
better than before.
When handling a connection, today we only set a deadline after each
command received.
However, this does not cover our initial greeting, or the initial TLS
handshake (if the socket is TLS), so a connection can hang
indefininitely at that stage.
This patch fixes that by setting a deadline earlier, before we send or
receive anythong on the connection.
Our non-delivery status notifications are quite simple today, but that
makes it much more difficult to support internationalization and
cross-language reporting.
There is a standard for internationalized DSNs, RFC 6533 (which builds
on top of the structured DSNs from RFC 3464).
This patch changes our DSN messages to be based on those standards, so
it is easier for MUAs to display reports according to the users'
languages preferences.
Note we still use message/rfc822 + 8bit to transmit the message, instead
of message/global, for compatibility reasons. This seems to be more
universally compatible, but the decision might be revisited in the
future. See RFC 5335 (section 4.6 in particular).
This patch contains some minor code style improvements, to leave the
linter happier and generally follow best practices in some areas where
things snuck through.
In the upcoming Go release, logging from a finished testing.T triggers a
panic. In the courier tests, this is possible because we don't wait for
completion of fakeServer before ending the test.
This patch makes the tests wait for fakeServer to finish before exiting,
removing the race.
The integration tests depend on having a DNS server that resolves
"localhost", which is unfortunate but currently unavoidable given
glibc's limitations ($HOSTALIASES only works on DNS-level aliases, and
does not do lookups in /etc/hosts).
Even under docker, this makes the tests depend on the DNS server, and
whether it resolves localhost or not.
In order to make the docker tests more hermetic and isolated from the
environment, this patch introduces a docker entrypoint that, within the
container, will launch minidns and override /etc/resolv.conf to use it.
This guarantees that the tests will be able to resolve localhost, and
also avoid accidental reliance on external DNS zones.
This is a mini-DNS server for testing purposes.
This can be used to set up hermetic tests in containers, and work around
glibc's limitation of being unable to create per-process host aliases.
In the loop integration test, we detect looping via checking the expvars
of chasquid, and waiting for the loop counter to be 1.
However, if chasquid is fast enough, it will go up to 2 before the
detection notices. This is because the DSN that gets generated also
loops (as expected).
Despite its loose appearance, the "Received" header has a reasonably
standarized format.
We were not following the standard format as closely as we should; this
rarely causes problems in this particular case, but there's no need to
deviate from it.
This patch changes the Received header generation as follows:
- The "from" section now uses the remote address as canonical (for
non-authenticated users) which provides more valuable information
than the user-supplied EHLO address (which is also included).
- The remote authenticated user is now hidden, for additional privacy.
- Use the "with" optional clause.
- Use the standard way of printing TLS cipher suite.
- Use the standard way of printing address literals.
Docker creates intermediate layers on each command (for most commands),
but the COPY was invalidating them too early, every time it runs it was
generating a different layer.
This patch moves the COPY down to the bottom, and adds a bit more
organization to the commands below.
This patch adds DKIM signing using https://github.com/driusan/dkim tools
to the example hook.
It also adds an optional integration test to exercise signing and
verification, and corresponding documentation.
codefresh.io now requires to be logged in to view the status, and very
extensive permissions to even log in.
So I've removed the hook from the repository.
MTA-STS has been published as RFC 8461, with no major changes since the
last draft we updated (-18).
This patch updates the documentation accordingly (no code changes).
When regenerating the manpages, the mtime of the pod files is used.
That mtime can change based on file and repository manipulations,
because git does not preserve mtimes.
This causes unnecessary regenerations which require manual cleanups in
order to avoid cluttering the history unnecessarily.
This patch makes the generate script set the mtime of the pod files to
the time of the last git commit that affected them, if they have not
changed since. This avoids unnecessary changes and makes the script
easier to use.
There's one file that needed adjustment to match its last commit time,
that is also included here.
The current dovecot config for integration test t-11-dovecot is not
compatible with dovecot 2.3. There are some new services which want to
change the group owner for some files to the default, and that does not
work when run as non-root.
The errors look like:
master: Error: service(stats): chown(/tmp/chasquid-dovecot-test/run/stats-writer, 4294967295, 127) failed: Operation not permitted
master: Error: service(imap-hibernate): chown(/tmp/chasquid-dovecot-test/run/imap-hibernate, 4294967295, 127) failed: Operation not permitted
master: Error: service(dict): chown(/tmp/chasquid-dovecot-test/run/dict, 4294967295, 127) failed: Operation not permitted
master: Error: service(dict-async): chown(/tmp/chasquid-dovecot-test/run/dict-async, 4294967295, 127) failed: Operation not permitted
master: Fatal: Failed to start listeners
(127 is the "dovecot" user)
So this patch adds some config settings to set the group manually for
these services, which is backwards compatible with 2.2.
Eventually we will stop supporting 2.2 for tests, at which point we can
change to just setting default_internal_group.
It's better to be explicit about version upgrades where no changes were
needed, so this patch updates the UPGRADING.md file to include them.
Note it includes the upcoming 0.06 version, for which no
backwards-incompatible change is expected.
