* add allow_ipv6 config option
* add ipv6 config changes to cmdeploy
* fix name of config option for ipv6 in config.py
* move configure ipv6 before service start
* Use templates for disabling ipv6
* lint
* fix parameters in _configure_dovecot
* dont pass domain to _configure_nginx
* make disable_ipv6 boolean
Co-authored-by: missytake <missytake@systemli.org>
* implement namis suggestions reg boolean for ipv6
* Update chatmaild/src/chatmaild/config.py
Co-authored-by: missytake <missytake@systemli.org>
* ruff
* ruff again :)
* fix merge conflict
* CI: add CI machine with IPv6 disabled
* CI: fix sed statement
* CI: fix ubuntu reset
* CI: separate cert storage for staging2 and staging-ipv4
* add DNS records to proper zone
* CI: ignore if folders are missing
* CI: renames are not needed like this
* CI: fix default DNS zone for ipv4
* CI: use debian 12 instead of ubuntu, tired of trying to guess the correct image
* remove duplicared listen on 8443
* use jinja templates for disable_ipv6
* remove unused variable
* add missing % sign in jinja tempalte
* more fun with jinja syntax
* CI: proper rsync paths for acme & DKIM caching
* Changelog: add disable_ipv6 config option
---------
Co-authored-by: missytake <missytake@systemli.org>
Co-authored-by: holger krekel <holger@merlinux.eu>
Otherwise nginx fails when user actually tries to connect,
logs have errors such as
`invalid port in upstream "127.0.0.1:imaps"`
and
`invalid port in upstream "127.0.0.1:submissions"`.
- don't try to guess IP addresses but insist on A and AAAA records
- try to allow ipv4 or ipv6 only zones
- move chatmail.zone generation to jinja so we can have conditionals
Services are distinguished based on ALPN.
For example,
openssl s_client -connect example.org:443 -alpn smtp
gives SMTP connection and
openssl s_client -connect example.org:443 -alpn imap
gives IMAP connection.
* drastically reduce round-trips for dns checks, and do it during 'run' and 'dns' sub commands
* provide progress-dots for dns checks and "--verbose" for seeing what is executed remotely
* introduce ssh-mediated remote python function execution mechanism
Oversigning (including header name in DKIM-Signature
more times that it appears in the mail) prevents
adding more headers with the same name
without invalidating DKIM signature.
We don't want middleboxes to insert a second From header,
adding Cc field to mails that don't have one etc.
LMTP does not deduplicate messages
if sieve plugin is used.
We don't check for Auto-Submitted header anymore
as iOS application has a notification service
and should not display "You have a new message".
