Adds a detailed diagram describing
all paths a message can take,
that takes into account postfix services.
Additionally, adds OpenDKIM to dependency
diagram.
Fixes: #771
Signed-off-by: Jagoda Ślązak <jslazak@jslazak.com>
Co-authored-by: missytake <missytake@systemli.org>
This will remove all headers possible during LMTP delivery, except:
- From: required or core does not process the message correctly.
Also required for cleartext compatibility.
- Message-Id: required for clients to know which messages have been
downloaded
- Chat-Is-Post-Message: is required for our attachment previews
- Content-Type: required
- For Cleartext compability: To, CC, In-Reply-To, References, Subject,
and Date
- For Chatmail future expansion, allow Chat-*
- Permit the entire Secure-Join* namespace
Co-authored-by: holger krekel <holger@merlinux.eu>
## 0.7.0 - 2026-05-26
### Bug Fixes
- Do not crash if accepting new connection fails
### Documentation
- *(readme)* Remove docs for options removed in da9a116
### Features
- [**breaking**] Remove passthrough options that allowed unencrypted mail to pass
Signed-off-by: Jagoda Ślązak <jslazak@jslazak.com>
With "default" (like it was for SMTP) or not set (like it was for IMAP),
both TLS and STARTTLS are tried.
Trying STARTTLS against TLS port is going to timeout
because in STARTTLS server talks first,
but when connected to TLS port the server
waits for TLS client hello and does not send anything.
Should not actually matter in tests which connect successfully
on the first try because implicit TLS is tried first.
Postfix does not have jitter for deferred mails
and scans the queue periodically every
queue_run_delay (<https://www.postfix.org/postconf.5.html#queue_run_delay>).
As a result it is likely
to try delivering many deferred messages
at the same time.
Normally the number of outgoing connections
should be low even with unreachable destinations,
but after the server downtime
or if admin flushes the queue manually
it is possible that a lot of messages
to the same unreachable destination
expire at once and are moved
from "deferred" into the "active" queue.
Trying to deliver them all at once
may make the server run out of memory
by starting many LMTP clients.
Limiting the number of LMTP processes
turns OOM problem into head of line blocking problem.
Messages sent to reachable destinations
will be delayed as well,
but at least deferred messages will
get distributed over time.
In this case "active" queue may grow
(up to qmgr_message_active_limit defaulting to 20000),
but then admin may notice the problem
and solve it e.g. by making the destinations reachable
or setting up a transport map to route
messages for known dead servers into discard transport.
Eventually the problem should be solved
by filtermail-transport quickly returning temporary errors
for destinations which already have many messages queued,
then we can reduce "maxproc" further.
We never want to defer email with a tepporary error when it has destination
that we cannot deliver locally and don't want to relay.
To avoid doing this accidentally, set default action to "reject"
and then override it with the minimal restrictions per smtpd.
Submission ports already had smtpd_relay_restrictions=permit_sasl_authenticated,reject override.
Each smtpd port must have at least one of
reject, reject_unauth_destination, defer, defer_if_permit, defer_unauth_destination
according to <https://www.postfix.org/postconf.5.html#smtpd_relay_restrictions>.
I have set smtpd_relay_restrictions=reject_unauth_destination for port 25 and incoming reinject port,
and smtpd_relay_restrictions=permit_mynetworks,reject for outgoing reinject port.
docker-dispatch.yaml previously only fired on push to main and manual
workflow_dispatch, so tagging 1.11.0 did not build the release image.
This change adds matching of X.Y.Z tag.
* config: comment out values in chatmail.ini.f, so defaults take precedence
* config: remove testrun-specific overrides
* config: remove filtermail ports from default ini
This was originally based on Jagoda's https://github.com/chatmail/relay/pull/874
but then the postfix config was simplified, and it comes with a simpler and more robust test.
## 0.6.6 - 2026-05-12
### Bug Fixes
- Return HTTP 200 because madmail expects it, and make sure https is immediately retried when SMTP fails
### Features
- Improved SMTP error responses
### Miscellaneous Tasks
- Remove mac and windows from matrix tests
- Run cmlxc tests in all classic/classic-ipv4/madmail combinations
Signed-off-by: Jagoda Ślązak <jslazak@jslazak.com>
* dovecot: enable login names with square brackets
* config: make IPv4-only relays use self-signed TLS certs
* postfix: make delivery for IP-only relays work
* cmdeploy: skip DNS checks for IPv4 only relays
* www: generate dclogin codes for IPv4-only relays
* opendkim: disable DKIM signing on ipv4-only relays
* get delivery working
* get tests working on IPv4 only machine
* doc: document IPv4-only relays
* dns: warn if mail_domain is an IP, instead of checking DNS
* config: validate domains when formatting them
* ci: add cmlxc testing for no-DNS relays
* ci: run no-dns and normal CI in parallel
* retain "config.mail_domain" as the domain part of @ email addresses, so for ipv4 relays "[1.2.3.4]" and introduce config.ipv4_relay and config.mail_domain_bare helpers.
* ci: migrate from --no-dns to --type ipv4 for cmlxc compatibility
* cleanup dead code, fix docs, fixate cmlxc version
---------
Co-authored-by: missytake <missytake@systemli.org>
replaces #870fix#851
* fix(dns): address possible IndexError
* fix(dns): remove redundant docstring
* fix(dns): don't make NS explicit if None
* bump cmlxc to 0.13.5 which fixes a powerdns config issue
* remove the unneccessary SOA mocks, simplify mock tests, and run ruff format
Co-authored-by: holger krekel <holger@merlinux.eu>
Commit 825831e purges resolvconf, however the unbound service
activates a 'wants' unit for async resolvconf updates. This
results in errors in systemd startup as the unit will now always fail.
Stop and disable the unbound-resolvconf unit activation
Correct the systemd unit modifications in 98bc1503 that lead to startup
failures in some instances. Switch to After+Wants = network-online.target
and add RestartSec=2s to give late-binding more interfaces time to appear.
In the deployer, capture the files.template() return value and
appropriately set need_restart and daemon_reload.
For compatibility with madmail,
we want to use path with no leading
slash. This change saves us from
having to follow redirects.
Signed-off-by: Jagoda Ślązak <jslazak@jslazak.com>
On push to main send a repository_dispatch event to chatmail/docker with
relay_ref, relay_sha, and relay_sha_short.
This triggers docker-ci.yaml to build a new Docker image from
the updated relay code, push to GHCR, and eventually run integration
tests via cmlxc's reusable lxc-test workflow.
Requires DOCKER_DISPATCH_TOKEN secret with repo scope on
chatmail/docker.
Also set workflow_dispatch to allow manual triggering of Docker builds
from any relay branch via the GitHub UI.
This change reverts 06560dd071
Main reason for using the same address for sending
as the one used in DNS is to pass FCrDNS
(forward-confirmed reverse DNS) checks:
IP address used by SMTP client should resolve
to the domain which in turn resolves to the same IP.
chatmail relays don't do check reverse DNS
for incoming connections,
but other email servers may do and reject email
if the check does not pass.
Most chatmail relays only have one IP address per address family,
so this configuration does not change anything.
For chatmail relays that have multiple addresses
and only publishing one IP to DNS,
source address used for outgoing SMTP connections
should be the public IP.
This can be ensured by configuring the source
address in the routing table,
e.g. with the `src` argument
to `ip route add/change/replace` command.
Solving this by binding SMTP client address
on the application level prevents chatmail relays
from configuring alternative routes.
Besides, some chatmail relays are NATed
and NAT is responsible for translating the address to the public one,
in which case using `smtp_bind_address_enforce`
will result in unnecessarily deferring all mails.
missytake
Jagoda Estera Ślązak
feld
link2xt
holger krekel
j4n
punkero-org
Jagoda Ślązak