Tests:
- Configuration parameters are set properly after fresh app setup according to
'doveconf'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't add TLS debugging information to Received: header.
- Drop unused fingerprint digest configuration. They are only used when
smtpd_tls_security_level is set to 'fingerprint' in which case certifying
authorities are ignored.
- Drop alterations to TLS low/high cipher lists. They are not used since
tls_ciphers are all set to 'medium'.
Tests:
- No configuration errors are reported by postfix in its logs after startup.
- 'postconf' shows that the new configuration parameters are set properly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Use LetsEncrypt component to perform TLS certificate copying instead of custom
implementation.
- Use two components to copy the certificates to dovecot and postfix separately.
- Add support for multiple domains using SNI. Provide all the certificates. Use
primary domain's certificate as the fallback certificate.
- Drop the diagnose/repair approach due to its complexity.
Tests:
- Installing the app works. After installation, all TLS parameters are show as
expected by 'postconf' command and 'doveconf' command.
- A default domain is selected by default. This will reflect as primary domain
in TLS certificate configuration.
- When primary domain is changed, the configuration is updated to reflect the
default certificate path but SNI configuration is unchanged in dovecot and
postfix.
- Postfix and dovecot are restarted after setup.
- There are no configuration error shows in postfix/dovecot logs.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Mostly for consistency. Will be useful when uninstall action is implemented.
Tests:
- Installation of email server app works without errors.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Test:
- Submit the domain form unchanged. Message is printed that settings are
unchanged.
- Submit the domain form with changes. Message is printed that domain has been
updated. Configuration reflects the new domain.
- On page load, the current domain is shown in the domain configuration form.
- Clicking the repair button the service alert section triggers the repair
operations as seen in the console.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- By default, receive mail for all the domains on the system.
- Allow user to select a primary domain. This domain is used for TLS
certificate, automatically adding domain to sender address, etc.
- Don't expose postfix configuration parameters.
Tests:
- On installation, the domain list populated in postfix. Primary domain is
the one set in the config module. If it is not set, any other domain from
configured domains is taken.
- When not installed, adding/removing domains does not cause errors.
- Changing the domain in the domain view works. mydomain has the primary domain
set. myhostname has primary domain set. mydestination has default values and in
addition has all the domains on the system.
- /etc/mailname is populated with the primary domain.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- For zoph, drop dependency on php7.4 as it will cause issues for future
versions of php. The dependency was a hack and not needed for Bullseye and
higher.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This keeps the LE module working better when the domain name is changed after
startup.
Tests:
- Untested. The module is not enabled yet. LE functionality in email server is
not fully functional.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
WAL journaling mode is causing problems with postfix unable to open the database
despite ownership and permission changes. Default is the DELETE rollback journal
mode. The former gives more performance but in our case, writes are very rare
and the DB is used mostly just for reads.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Creating home directories is no longer necessary. We store all mail in /var/mail
and don't allow use of direct access to mail folder.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Delivering mail to home directory is only needed when users are expected to
login via terminal and use command line tools for accessing their email. In
FreedomBox, we expect users to use GUI tools such as Thunderbird and K-9 Mail to
access their mail. So, POP3 and IMAP access sufficient.
Not trying to compatible with command line mail tools means that high
performance mailbox storage formats can be chosen. This is important to ensure
that accessing mail via IMAP is fast. In future, we can consider enabling full
text search using Apache Solr.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Most modern setups simply use to PAM to lookup local recipients instead of
integrating directly with LDAP. libnss-ldapd package that we install and
configure connects the password database with LDAP. Anyone then using PAM need
not be aware of LDAP integration. This reduces extra configuration and many
problems that come along with it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Typical mail systems are configured to work on usernames or virtual usernames.
UIDs/GIDs are only needed at the final moment when delivering mails to user
inboxes that need to have proper UID/GID set.
- This makes it easy for dovecot to simply use PAM authentication instead of
having to use LDAP.
- Trying to hide UID from email headers is no longer necessary. Received: header
is important for debugging mail delivery across the chain. Don't miss out.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Parse arguments in a readable way.
- Convert decorator into simple call.
- Make a simple call instead of looking for subcommand.
- Don't setup logging in global scope.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Based on what is already done in domains.py at the time of setting the
configuration.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- All the views are reachable using buttons.
- Add title to the domains page as tabs are removed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- In FreedomBox we will obtain and manage certificates automatically. No need
for forms to manage TLS certificates
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Trim the button labels.
- Style the usual buttons as default buttons.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Use the IntergrityError exception instead of a complex query to ignore an
already existing alias.
- When retrieving existing aliases, use explicit list of columns instead of * so
that schema updates adding columns won't fail the code using the row results.
- Use terminology used by post fix. "name" for the name of the alias. "value"
for the mapping.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Postfix has the ability to use sqlite3 databases directly. There is no need to
synchronize to a hash db and then use that.
- Store the aliases database in /var/lib/postfix/. This will make backup and
restore easier and remove dependence on FreedomBox and its data directory.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- In the list form, the values are already sanitized as they are retrieved from
the database. Don't refuse to manage existing aliases that don't fit the format.
- In the create form, the form already sanitizes as necessary.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
