- First of the list is the most important one and may be used as "primary"
domain in apps.
- Change the return type of DomainName.list() from set to list so that order can
be preserved. Update all users of the API accordingly. Add type hints to all the
methods using this API to catch any errors.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Add two sieve scripts for spam/ham learning. When the user moves a mail
from anywhere to junk, or from junk to anywhere (except for trash) the
mail is piped into the respective rspamc learn_spam/learn_ham command.
The rspamc command is run as the mail user and the command requires that
the user can connect to localhost:11334. Because of that, add the mail
user to the allowed users that can access protected services.
The sievec compilation of the new scripts requre the dovecot-antispam
package, so install it and increment the email version number.
Closes: #2487
Imroves: #56
Tests done:
1. Apply the patches on an existing install
2. Confirm the firewall and the email app get updated
3. Move a mail from inbox to junk and confirm that rspamd statistics for
"Learned" mails increment by one.
4. Move back the mail from junk to inbox and confirm the number
increments again.
5. Move the mail to trash and confirm the script doesn't execute.
6. Repeat steps 3-5 with mail_debug = yes in /etc/dovecot/dovecot.conf
and confirm the script esxecution further by reading the debug logs.
[Sunil]
- Split the configuration file 90-freedombox-sieve.conf into
90-freedombox-imap.conf and merge the remaining with 95-freedombox-sieve.conf.
- These changes do not need dovecot-anitspam package. Remove it from packages
list for the app.
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Instead of just the primary domain. This bring us closer to working equally
well on all the domains.
- App version number has not be incremented because it has already been
incremented for this release cycle.
Tests:
- When re-running the setup of email app. Notice that all the domains have DKIM
keys now.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Benedek Nagy <contact@nbenedek.me>
See the spam score for an email sent with these settings:
https://www.mail-tester.com/test-jy6unbdzu
Tests done:
1. Install the email app with version 4, then check out the files:
```
ls -la /var/lib/rspamd/dkim/ ; cat /etc/rspamd/local.d/dkim_signing.conf
total 4
dr-x------ 1 _rspamd _rspamd 50 Jan 1 19:14 .
drwxr-x--- 1 _rspamd _rspamd 16936 Jan 1 20:21 ..
-r-------- 1 root root 1704 Jan 1 19:14 freedombox.local.dkim.key
cat: /etc/rspamd/local.d/dkim_signing.conf: No such file or directory
```
2. Apply the patches and update the app:
```
ls -la /var/lib/rspamd/dkim/ ; cat /etc/rspamd/local.d/dkim_signing.conf
total 4
dr-x------ 1 _rspamd _rspamd 50 Jan 1 19:14 .
drwxr-x--- 1 _rspamd _rspamd 16936 Jan 1 20:22 ..
-r-------- 1 _rspamd _rspamd 1704 Jan 1 19:14 freedombox.local.dkim.key
allow_username_mismatch = true;
sign_authenticated = true;
use_domain = "header";
domain {
freedombox.local {
path = "/var/lib/rspamd/dkim/freedombox.local.dkim.key";
selector = "dkim";
}
}
```
3. Configure example.com as a domain under Name Services, then also change the primary domain in the email app and confirm it completes without errors.
Also see:
```
ls -la /var/lib/rspamd/dkim/ ; cat /etc/rspamd/local.d/dkim_signing.conf
total 8
dr-x------ 1 _rspamd _rspamd 90 Jan 1 21:15 .
drwxr-x--- 1 _rspamd _rspamd 16936 Jan 1 21:17 ..
-r-------- 1 _rspamd _rspamd 1704 Jan 1 21:15 example.com.dkim.key
-r-------- 1 _rspamd _rspamd 1704 Jan 1 19:14 freedombox.local.dkim.key
allow_username_mismatch = true;
sign_authenticated = true;
use_domain = "header";
domain {
example.com {
path = "/var/lib/rspamd/dkim/example.com.dkim.key";
selector = "dkim";
}
}
```
4. Uninstall the app and perform a fresh install, confirm it completes succesfully.
The configurations in /etc/rspamd/local.d/dkim_signing.conf have been
verified to work on a throw-away VPS setup.
Once merged, this should be mentioned here: https://discuss.freedombox.org/t/solved-email-messages-not-signed-with-dkim/2387
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
[sunil: Add comment explaining allow_username_mismatch option]
[sunil: Drop an unused variable, added docstrings]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Config app description is as expected.
- Config form does not show domain name field anymore.
- Submitting the form with changes works.
- Names app has correct link for configuring static domain name. Clicking it
takes to page for setting domain name.
- On startup, static domian name signal is sent properly if set. Otherwise no
signal is send.
- Change domain name form shows correct value for current domain name.
- Change domain name form sets the value for domain name properly.
- Page title is correct.
- Validations works.
- Add/remove domain name signals are sent properly.
- Success message as shown expected
- /etc/hosts is updated as expected.
- Unit tests work.
- Functional tests on ejabberd, letsencrypt, matrix, email, jsxc, openvpn
- After freshly starting the service. Visiting names app shows correct list of
domains.
- ejabberd:
- Installs works as expected. Currently set domain_name is setup properly.
Copy certificate happens on proper domain.
- Changing the domain sets the domain properly in ejabberd configuration.
- Ejabberd app page shows link to name services instead of config app.
Clicking works as expected.
- letsencrypt:
- When no domains are configured, the link to 'Configure domains' is to the
names app.
- matrix-synapse:
- Domain name is properly shown in the status.
- email:
- Primary domain name is shows properly in the app page.
- Setting new primary domain works.
- When installing, domain set as static domain name is prioritized as primary
domain.
- jsxc:
- Show the current static domain name in the domain field. BOSH server is
available.
- openvpn:
- Show the current static domain in profile is set otherwise show the current
hostname.
- If domain name is not set, downloaded OpenVPN profile shows hostname.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- This includes the envelope size, so the actual size of the message and
attachments is somewhat lower.
Tests:
- Install the app freshly with the patch. Notice that message_size_limit is set
to 102400000 by running 'postconf message_size_limit'.
- Install the app without the patch. Apply patche and notice that the app is
updated. Notice that message_size_limit is set to 102400000 by running 'postconf
message_size_limit'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Try to mark class variables in component classes.
- Leave typing hints generic, such as 'list' and 'dict' where content is usually
not filled, too complex, or context is unimportant.
- backups: Handle failure for tarfile extraction so that methods are not called
on potentially None valued variables.
- backups: Prevent potentially passing a keyword argument twice.
- dynamicdns: Deal properly with outcome of urlparsing.
- ejabberd: Deal with failed regex match
- email: Fix a mypy compliant when iterating a filtered list.
- tor: Don't reuse variables for different typed values.
- tor: Don't reuse variables for different typed values.
- operation: Return None explicitly.
- operation: Ensure that keyword argument is not repeated.
Tests:
- Where only typing hints were modified and no syntax error came up, additional
testing was not done.
- `mypy --ignore-missing-imports .` run successfully.
- Generate developer documentation.
- Service runs without errors upon start up.
- backups: Listing and restoring specific apps from a backup works.
- backups: Mounting a remote backup repository works.
- NOT TESTED: dynamicdns: Migrating from old style configuration works.
- ejabberd: Verify that setting coturn configuration works.
- email: Test that showing configuration from postfix works.
- tor: Orport value is properly shown.
- transmission: Configuration values are properly set.
- users: Running unit tests as root works.
- operation: Operation status messages are show properly during app install.
- ./setup.py install runs
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work (uninstall test does not work)
- Initial setup works
- Domains are setup
- Home is setup (others don't have permission for /var/mail)
- Aliases configuration is setup
- Postfix is setup
- rspamd is setup
- Changing primary domain works
- Adding/removing domains works
- Error during operations is handle properly: getting dkim key
- Setting up DKIM key when changing, adding/removing domain works
- Showing DKIM key in app page works
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Currently, privileged actions are not allowed under top-level plinth module.
They are only allowed under each app module. Allow privileged actions under
plinth module.
- Currently, privileged actions are not allowed under a sub-module of
'privileged' package. They are allowed only in 'privileged' module. Allow
sub-modules under 'privileged' package.
Tests:
- Email app functional tests pass
- Functional tests for apps using package and service privileged methods pass
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is recommended by PEP-0597: https://peps.python.org/pep-0597/
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Unified querying, reduce random writes for SD cards, eliminate need for separate
log rotation.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Not very critical. Reduce complexity. Re-implement later at framework level.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
There is nothing related to LDAP in the module. It actually configures postfix.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Remove unnecessary complex crash handler needed due to setting the service
configuration in two steps. Merge the two step into one after which crash
handler is not needed.
- Drop '_unsafe' API and verify all keys and values for sanity.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The module does not interact with kernel audit system or is not related to
security logging. The 'privileged' makes us pay more attension.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
