We already require that outgoing connections
use STARTTLS so other servers need a valid TLS
certificate to accept messages from us.
It is then very unlikely that they cannot use TLS
to send messages to us.
Conversely, if they only can send messages to use without TLS,
it likely does not have STARTLS on its port 25
and then we don't want to accept messages from them
because we will likely not be able to reply.
Stalwart sends `NOTIFY=DELAY,FAILURE`
to request Delivery Status Notifications.
aiosmtpd does not support any parameters,
not just ORCPT, so we have to ignore all of them.
- Before proceeding with installation of Python dependencies, check
whether the 'gcc' command is available by running it with the
--version argument. If it is not available, print a helpful message
and exit.
- For the current set of Python dependencies, without GCC, the build
process fails when building the crypt-r package. According to the
error message, on my system the exact command it tries to run is
'x86_64-linux-gnu-gcc', but rather than depend on this variant
specifically, the script checks for the generic 'gcc' command, so as
to avoid coupling the check to an architecture or operating system.
Similar problems arise if we attempt to check for packages by name;
the compiler binary is provided by 'gcc-11', but the symlinks that
provide the unversioned commands (as used by the Python build) come
from a package named 'gcc'. Trying to be too precise in what we
check for could lead to unnecessary failures in some environments,
or become a maintenance challenge in the future. For that reason,
this change simply attempts to run 'gcc' and uses that as a
probably-sufficient proxy for having what the Python package install
will need.
High-security mode could be configured
to handle more connections by increasing process_limit,
but has problems logging in many users at once after
each Dovecot restart or config reload.
* draft blocking of incoming non-encrypted mail
* create a new enforceE2EE file in address dirs by default and only accept incoming cleartext file if the enforceE2EE file is missing
* Update cmdeploy/src/cmdeploy/service/filtermail.service.f
Co-authored-by: l <link2xt@testrun.org>
* fix benchmark so they setup encryption
* hack around limitations of aiosmtpd's handliung of RCPTO options
* add tests, and split incoming/outgoing handlers for clarity
* document mailbox directory structure, some streamlining of features/E2EE in intro
* use SMTP response code "523 Encryption Needed"
* filtermail: care for the case that the recipient does not exist
Co-authored-by: missytake <missytake@systemli.org>
* Update chatmaild/src/chatmaild/filtermail.py
Co-authored-by: l <link2xt@testrun.org>
* Update chatmaild/src/chatmaild/filtermail.py
Co-authored-by: l <link2xt@testrun.org>
* remove debug info print
* ensure multipart/report type for mailer-daemon messages
* Allow sending out Autocrypt Setup Messages
---------
Co-authored-by: l <link2xt@testrun.org>
Co-authored-by: missytake <missytake@systemli.org>
* enforce encryption for in-server mails
* make tests work with chatmail server only support e2ee internally
* fix echobot test
* simplify quota-exceeded test
* work around rpc-server fixture changes
Otherwise email providers which allow to bring your own domain
and use the same IP addresses for all customers
send wildcard certificate instead of the correct one
and Postfix refuses to connect with an error
server certificate verification failed for example.org[A.B.C.D]:25: num=62:hostname mismatch
