* use "relay" instead of "server" and "address" instead of "account"
* consistent Dovecot capitalization and striking relay in two places
* address missytake's comments: use "chatmail relay servers" sometimes -- it's still fine to talk about relays being, or running on, servers
* draft blocking of incoming non-encrypted mail
* create a new enforceE2EE file in address dirs by default and only accept incoming cleartext file if the enforceE2EE file is missing
* Update cmdeploy/src/cmdeploy/service/filtermail.service.f
Co-authored-by: l <link2xt@testrun.org>
* fix benchmark so they setup encryption
* hack around limitations of aiosmtpd's handliung of RCPTO options
* add tests, and split incoming/outgoing handlers for clarity
* document mailbox directory structure, some streamlining of features/E2EE in intro
* use SMTP response code "523 Encryption Needed"
* filtermail: care for the case that the recipient does not exist
Co-authored-by: missytake <missytake@systemli.org>
* Update chatmaild/src/chatmaild/filtermail.py
Co-authored-by: l <link2xt@testrun.org>
* Update chatmaild/src/chatmaild/filtermail.py
Co-authored-by: l <link2xt@testrun.org>
* remove debug info print
* ensure multipart/report type for mailer-daemon messages
* Allow sending out Autocrypt Setup Messages
---------
Co-authored-by: l <link2xt@testrun.org>
Co-authored-by: missytake <missytake@systemli.org>
* enforce encryption for in-server mails
* make tests work with chatmail server only support e2ee internally
* fix echobot test
* simplify quota-exceeded test
* work around rpc-server fixture changes
- e-mail -> email
- capitalization of software and protocols (Postfix, Dovecot, SMTP, etc)
Rephrased the install instructions to start by recommending the DNS records that cmdeploy is going to check for immediately anyway.
Refactored the migration guide to fix incorrect tar commands (wrong usage of -C flag) and suggest how to copy directly from server to server by logging in with SSH agent forwarding. The mail services should be disabled first before proceeding with any changes and also ensure the echobot and mail spool are copied over to the new server so no messages are lost.
Otherwise email providers which allow to bring your own domain
and use the same IP addresses for all customers
send wildcard certificate instead of the correct one
and Postfix refuses to connect with an error
server certificate verification failed for example.org[A.B.C.D]:25: num=62:hostname mismatch
It does not work because of `smtpd_proxy_filter`
forwarding the message to filtermail
and we cleanup the message once
filtermail reinjects it on port 10025.
I tested with -tls1_2 option
of openssl s_client
that TLS 1.2 connections
are no longer possible
on any ports except port 25.
Port 25 requires at least TLS 1.2
for encrypted connections.
`authclean` cleanup server is used by
reinjecting smtpd running on localhost:10025 by default.
It runs after filtermail
and currently removes `Received` header
to avoid leaking IP address.
Can as well be used to replace `Subject` lines
with `Subject: [...]`.
If there are multiple `Subject` lines,
all of them should be replaced.
This allows us to avoid dealing with
localized subjects, including SecureJoin
messages `vc-request` and `vg-request`
which can have Subject lines like
Subject: =?utf-8?q?Nachricht_von_nrn178fi4=40nine=2Etestrun=2Eorg?=
