cqrenet/relay
3
0
Fork 0
mirror of https://github.com/chatmail/relay.git synced 2026-05-10 16:04:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
753 Commits 219 Branches 12 Tags
ac1f2dadad71adf98702e006c52f09a1e99051eb
Commit Graph

218 Commits

Author SHA1 Message Date
holger krekel
ac1f2dadad introduce max_message_size config option 2024-07-28 19:51:05 +02:00
holger krekel
4858a67be1 run filtermail as dedicated user 2024-07-28 19:02:22 +02:00
missytake
4db953b22b cmdeploy re-add -y for pyinfra 3 2024-07-28 16:30:34 +02:00
missytake
8e847093da chore: require pyinfra v3 2024-07-28 16:30:34 +02:00
missytake
023253ad9c cmdeploy: skip warnings only in pyinfra 3; pyinfra crashes otherwise 2024-07-28 16:30:34 +02:00
holger krekel
765f081f6f refactor password/login-timestamp handling into a User object 2024-07-28 11:12:00 +02:00
holger krekel
686f32d6b3 implement and test migration from sqlite to storing password in userdir 2024-07-28 11:12:00 +02:00
holger krekel
353d3bfb3f introduce last-login proxy 2024-07-28 11:12:00 +02:00
holger krekel
28f357b598 write last login differently 2024-07-28 11:12:00 +02:00
link2xt
052fb64a3d nginx: use numbers for upstream ports 
Otherwise nginx fails when user actually tries to connect,
logs have errors such as
`invalid port in upstream "127.0.0.1:imaps"`
and
`invalid port in upstream "127.0.0.1:submissions"`.
 2024-07-17 17:13:05 +00:00
holger krekel
d3c29b2f6e rename chatmail_domain to mail_domain like is used everywhere else 2024-07-16 10:34:08 +02:00
holger krekel
c593906c26 fix dns zone file comment syntax 2024-07-16 10:34:08 +02:00
holger krekel
27eea671dc fix pyinfra run to account for new pyinfra release 2024-07-16 10:34:08 +02:00
holger krekel
79a9d2345b more tests and refinements 2024-07-16 10:34:08 +02:00
holger krekel
c3caddcec9 separate between required and recommended entries 2024-07-16 10:34:08 +02:00
holger krekel
6d90182d2e add DNS tests, make remote ssh-exec errors show locally, cleanup ssh-bootstrap 2024-07-16 10:34:08 +02:00
holger krekel
ea503a6075 restructure DNS checks 2024-07-16 10:34:08 +02:00
holger krekel
ffe313528e simplify remote zone-file checking and insist for "dns" subcommand that all records are present 2024-07-16 10:34:08 +02:00
holger krekel
9b5b4c3787 - better debugging for DNS queries 
- don't try to guess IP addresses but insist on A and AAAA records
- try to allow ipv4 or ipv6 only zones
- move chatmail.zone generation to jinja so we can have conditionals
 2024-07-16 10:34:08 +02:00
holger krekel
c5bf3188a4 report back on ip determination -- deal with failure to obtain ip address 2024-07-16 10:34:08 +02:00
holger krekel
254fe95394 postfix was hitting the "100 clients" smtp-submission connected limit (DC apps) and switched to stress mode which brings more randomness/relay to smtp-connections. We now allow 5K because it should be fine for the machine. 2024-07-13 17:19:15 +02:00
holger krekel
ac61ac082e Revert "postfix: fix timeout to 300s on submission ports" 
This reverts commit 39584c7b7d.
 2024-07-13 16:13:54 +02:00
link2xt
39584c7b7d postfix: fix timeout to 300s on submission ports 
Otherwise smtpd reduces it to 10s on "overload".
 2024-07-13 11:46:20 +02:00
link2xt
4ebc4f3069 postfix: do not lookup client hostnames 2024-07-13 11:45:54 +02:00
missytake
9c09d50e8f acmetool: reload nginx after requesting new cert 2024-07-12 11:07:35 +02:00
link2xt
283045dc4a Multiplex HTTPS, IMAP and SMTP on port 443 
Services are distinguished based on ALPN.
For example,
    openssl s_client -connect example.org:443 -alpn smtp
gives SMTP connection and
    openssl s_client -connect example.org:443 -alpn imap
gives IMAP connection.
 2024-07-11 10:30:46 +00:00
holger krekel
180cfb3951 get rid of xfailing test 2024-07-11 12:08:33 +02:00
holger krekel
610637da80 don't report on xfail, it's useless 2024-07-11 02:16:08 +02:00
holger krekel
a7ef6ee35b don't use kwargs for overrides parameter 2024-07-10 19:20:51 +02:00
holger krekel
fc09653de3 remove all occurences of hardcoded /home/vmail for database and mailbox dirs 2024-07-10 19:20:51 +02:00
holger krekel
c8661fd135 introduce "mailboxes_dir" config ini option to avoid hardcoding /home/vmail/mail/.... 
in source code and to improve testability.
 2024-07-10 19:20:51 +02:00
holger krekel
a1f0a3e23b Apply suggestions from code review 
Co-authored-by: link2xt <link2xt@testrun.org>
 2024-07-09 19:12:55 +02:00
holger krekel
66c7115cfc run removal of inactive users daily 2024-07-09 19:12:55 +02:00
holger krekel
698d328620 don't do PTR reverse checking 2024-07-08 21:48:27 +02:00
holger krekel
85bb301255 feat: faster and simpler DNS checks, better ip-address determination (#346) 
* drastically reduce round-trips for dns checks, and do it during 'run' and 'dns' sub commands 
* provide progress-dots for dns checks and "--verbose" for seeing what is executed remotely 
* introduce ssh-mediated remote python function execution mechanism
 2024-07-08 20:10:52 +02:00
link2xt
0d61c13c58 DKIM-sign Content-Type and oversign all signed headers 
Oversigning (including header name in DKIM-Signature
more times that it appears in the mail) prevents
adding more headers with the same name
without invalidating DKIM signature.

We don't want middleboxes to insert a second From header,
adding Cc field to mails that don't have one etc.
 2024-07-08 14:27:11 +00:00
holger krekel
15f79e0826 remove fix-file-owner which takes forever on servers with many mail directories 
(it's unclear why this is still needed and should be fixed differently in any case)
 2024-07-06 10:31:41 +02:00
holger krekel
3d96f0fdfa Support iterating over all users with doveadm commands (#344) 2024-07-06 01:19:57 +00:00
link2xt
733b9604ba dovecot: enable gzip compression on disk 2024-07-05 20:13:03 +00:00
link2xt
969fdd7995 Remove sieve to enable hardlink deduplication in LMTP 
LMTP does not deduplicate messages
if sieve plugin is used.

We don't check for Auto-Submitted header anymore
as iOS application has a notification service
and should not display "You have a new message".
 2024-07-05 19:22:26 +00:00
link2xt
b1d11d7747 Revert 57c29c14a4 
Apparently this causes outlook.com messages to be rejected
even though they don't use `l=` tag.
 2024-07-03 20:36:31 +00:00
link2xt
17389b8667 Increase number of logged in IMAP sessions to 50000 2024-07-01 17:20:23 +00:00
Christian Hagenest
f7ef236ac8 Revert "CI: disable requesting new certs for staging.testrun.org" 
This reverts commit 127d9d6460.
 2024-06-18 14:49:37 +02:00
link2xt
57c29c14a4 Reject DKIM signatures that do not cover the whole message body 2024-06-18 02:48:54 +00:00
missytake
501b12564c tests: mark expunged test as slow 2024-06-06 14:14:31 +02:00
missytake
4271573e15 DNS: don't check DNS on cmdeploy init anymore 2024-06-04 14:30:39 +02:00
Christian Hagenest
777a7addd2 Ensure cron is installed #282 (#310) 2024-05-27 14:04:40 +02:00
Christian Hagenest
4e65291304 fix up 2024-05-19 17:09:35 +02:00
Christian Hagenest
505ad36b36 fix nginx.conf 2024-05-19 17:09:35 +02:00
Christian Hagenest
e06c3631b2 nginx logs => journald 2024-05-19 17:09:35 +02:00