It does not work because of `smtpd_proxy_filter`
forwarding the message to filtermail
and we cleanup the message once
filtermail reinjects it on port 10025.
I tested with -tls1_2 option
of openssl s_client
that TLS 1.2 connections
are no longer possible
on any ports except port 25.
Port 25 requires at least TLS 1.2
for encrypted connections.
`authclean` cleanup server is used by
reinjecting smtpd running on localhost:10025 by default.
It runs after filtermail
and currently removes `Received` header
to avoid leaking IP address.
Can as well be used to replace `Subject` lines
with `Subject: [...]`.
If there are multiple `Subject` lines,
all of them should be replaced.
This allows us to avoid dealing with
localized subjects, including SecureJoin
messages `vc-request` and `vg-request`
which can have Subject lines like
Subject: =?utf-8?q?Nachricht_von_nrn178fi4=40nine=2Etestrun=2Eorg?=
unbound-control is not installed out of the box
and even once installed `flush_zone` does not seem
to work reliably.
Instead of trying to flush the cache from unbound,
we now query authoritative nameserver directly using `dig`.
perform_initial_checks may exit early
and not add `acme_account_url` if required DNS
records are not found.
In this case other `cmdeploy run` fails
with KeyError.
To avoid this, `acme_account_url` should always be set.
Unlike DNS checks, running acmetool
may not fail due to network errors,
so it is more reliable and should be checked first.
I wanted to add `COMPRESS=DEFLATE`,
but it should be added only for sessions
that are logged in because `COMPRESS`
command does not work before logging in.
Dovecot already does it correctly
if we don't overwrite the capability string.
* Improve README for first setup
* DNS: fix flushing DNS when requesting records
* DNS: actually check whether mta-sts record is set correctly
* DNS: add changelog
* DNS: also check for www CNAME record
* DNS: fix tests
* lint: update ruff to 0.6.5 locally
