- Don't add TLS debugging information to Received: header.
- Drop unused fingerprint digest configuration. They are only used when
smtpd_tls_security_level is set to 'fingerprint' in which case certifying
authorities are ignored.
- Drop alterations to TLS low/high cipher lists. They are not used since
tls_ciphers are all set to 'medium'.
Tests:
- No configuration errors are reported by postfix in its logs after startup.
- 'postconf' shows that the new configuration parameters are set properly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Use LetsEncrypt component to perform TLS certificate copying instead of custom
implementation.
- Use two components to copy the certificates to dovecot and postfix separately.
- Add support for multiple domains using SNI. Provide all the certificates. Use
primary domain's certificate as the fallback certificate.
- Drop the diagnose/repair approach due to its complexity.
Tests:
- Installing the app works. After installation, all TLS parameters are show as
expected by 'postconf' command and 'doveconf' command.
- A default domain is selected by default. This will reflect as primary domain
in TLS certificate configuration.
- When primary domain is changed, the configuration is updated to reflect the
default certificate path but SNI configuration is unchanged in dovecot and
postfix.
- Postfix and dovecot are restarted after setup.
- There are no configuration error shows in postfix/dovecot logs.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- By default, receive mail for all the domains on the system.
- Allow user to select a primary domain. This domain is used for TLS
certificate, automatically adding domain to sender address, etc.
- Don't expose postfix configuration parameters.
Tests:
- On installation, the domain list populated in postfix. Primary domain is
the one set in the config module. If it is not set, any other domain from
configured domains is taken.
- When not installed, adding/removing domains does not cause errors.
- Changing the domain in the domain view works. mydomain has the primary domain
set. myhostname has primary domain set. mydestination has default values and in
addition has all the domains on the system.
- /etc/mailname is populated with the primary domain.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Creating home directories is no longer necessary. We store all mail in /var/mail
and don't allow use of direct access to mail folder.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Most modern setups simply use to PAM to lookup local recipients instead of
integrating directly with LDAP. libnss-ldapd package that we install and
configure connects the password database with LDAP. Anyone then using PAM need
not be aware of LDAP integration. This reduces extra configuration and many
problems that come along with it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Typical mail systems are configured to work on usernames or virtual usernames.
UIDs/GIDs are only needed at the final moment when delivering mails to user
inboxes that need to have proper UID/GID set.
- This makes it easy for dovecot to simply use PAM authentication instead of
having to use LDAP.
- Trying to hide UID from email headers is no longer necessary. Received: header
is important for debugging mail delivery across the chain. Don't miss out.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Parse arguments in a readable way.
- Convert decorator into simple call.
- Make a simple call instead of looking for subcommand.
- Don't setup logging in global scope.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Postfix has the ability to use sqlite3 databases directly. There is no need to
synchronize to a hash db and then use that.
- Store the aliases database in /var/lib/postfix/. This will make backup and
restore easier and remove dependence on FreedomBox and its data directory.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Avoid flake8 warnings.
- Makes the call more explicitly readable in case an exception is expected but
check=True is not passed by mistake.
Tests:
- Many tests are skipped since the changes are considered trivial.
check=False is already the default for subprocess.run() method.
- actions/package: Install an app when it is not installed.
- actions/upgrade: Run manual upgrades.
- actions/users: Change a user password. Login. Create/remove a user.
- actions/zoph: Restore a database.
- container: On a fresh repository, run ./container up,ssh,stop,destroy for a
testing container.
- plinth/action_utils.py: Enable/disable an app that has a running service.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Done automatically by running isort . in top level directory.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- ugettext functions will be removed in Django 4.0. Each use emits a warning
when running with Django 3.2. Since we have warnings enabled in developer mode,
we see quite a few messages because of this.
- ugettext is already a simple alias of gettext. So, no regressions are
expected.
Tests:
- Accessing an affected app in UI with Django 3.2 and Django 2.2 works fine.
- Using Django 3.2 there are no warnings related to removal of ugettext
functions.
- Ran regular unit tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Better error handling
- You may retroactively diagnose and fix problems
- Shows the most important issues first
audit.models.Diagnosis
- Added JSON serialization (needed for IPC)
- Replaced ambiguous vocabulary
- Provided a sorting key
audit, diagnosis
- Support title translation
- View: security.html -> email_security.html
- Setup: will not install Redis
- Setup: put clamav packages on hold
- Crash recovery: opening firewall ports becomes the last post action
- Crash recovery: group postconf.set_many into small transactions
- Crash recovery: safer postconf.set_master_cf_options
- Make extensive use of the milter protocol
- Milter: add X-Fbx- headers to emails
- All submitted mails go to smtp:localhost:10025 for filtering
- Header privacy for submitted mails
- Rspamd: be able to inject and replace FreedomBox-managed config
- Reserve special addresses for future use
Known issue: internal emails do not go through spam filtering
- Move render_tabs into plinth.views
- Move admin_tabs and user_tabs into the class
- New interproc module contains inter-process functions
- New helper methods in TabMixin
email_server:
- `-i` option passes all remaining arguments to action
- delete unused "touch file" option
Views:
- delete broken links
- add tabs to every page
- separate admin tabs from user tabs
- Separate alias database from system
- Block mail to system users, without backscatter
- Alias management UI for non-admin users
- Enabling/Disabling aliases (mails to /dev/null)
Misc. changes
- Daemon management
- Backup information
- Postconf diagnostics interface
- New class: `MainCfDiagnosis`
- "Advise and repair" mechanism reduces the number of postconf calls
- File locking: lock acquisition moved into audit module
- Enables finer-grained control
- Rewrote action script to eliminate stdin communication
- Changed return type of audit.*.get()
- An audit can return multiple lines of diagnostics
- Move recommended endpoint URLs into function docstrings
