This project is mirrored from Pull mirroring updated .
  1. 19 Jun, 2022 2 commits
  2. 11 Mar, 2022 2 commits
  3. 05 Mar, 2022 1 commit
  4. 27 Feb, 2022 2 commits
    • Alberto Bertogli's avatar
      modules: Update spf to 1.3.0 · d3c18aa4
      Alberto Bertogli authored
      This patch updates the dependency on from v1.2.0
      to v1.3.0, which includes a few bug fixes.
      There are no code changes needed, just some minor adjustment to the
      tests due to error strings changing.
      The go.mod "go" keyword is also bumped up to 1.15 since it's the minimum
      supported version since commit e444fe1f (2021-10-05).
    • Alberto Bertogli's avatar
      docs: Expand certificate section on the install guide · 8083e274
      Alberto Bertogli authored
      The install guide mentions that the `certs/` directory can be symlinked,
      but doesn't cover permissions much, so it's easy for users to be
      confused (like it happened in
      This patch adds a bit more details on how to set up certificates, to
      hopefully reduce the chances of confusion.
  5. 21 Jan, 2022 4 commits
    • Alberto Bertogli's avatar
      aliases: Add tracing to Exists and Resolve · d7ca50c3
      Alberto Bertogli authored
      This patch adds tracing to aliases' Exist and Resolve functions, to help
      troubleshoot problems with alias resolution.
    • Alberto Bertogli's avatar
      aliases: Skip resolution logic for non-local addresses · feb10299
      Alberto Bertogli authored
      This patch skips the resolution logic if the address is not local.
      Today, the resolution logic handles that case transparently, and returns
      the original email address, so this should be a no-op.
      However, having an explicit early check makes the resolution logic more
      robust, and will simplify future patches.
      Note this also means that the `alias-resolve` hook is no longer run for
      non-local aliases, which should also help simplify their implementation.
    • Alberto Bertogli's avatar
      aliases: Simplify lookup logic, remove alias-exists hook · 67d0064f
      Alberto Bertogli authored
      This patch simplifies the internal alias lookup logic, unifying it
      across Resolve and Exists.
      As part of this, the `alias-exists` hook is removed. It was redundant to
      begin with, although it enabled a potential optimization, it isn't worth
      the complexity. The timeout for execution of both was the same.
      This change should be backwards-compatible because `alias-resolve` is
      still used, and the semantics haven't changed.
    • Alberto Bertogli's avatar
      config: Support "" values for `drop_characters` and `suffix_separators` · fa1db7d8
      Alberto Bertogli authored
      If the `drop_characters` or `suffix_separators` options are set to "",
      currently instead of the empty string, their default value is used instead.
      This is a bug, and it also happens on other config options, but because
      the others have to be set in order for chasquid to function, it's not a
      problem in practice.
      Thanks Björn Busse (bbusse@github) for finding and reporting this
      problem, on irc and in
      This patch fixes the problem by marking these fields explicitly
      optional, which enables presence testing, as described in the protobuf
  6. 06 Dec, 2021 1 commit
  7. 26 Nov, 2021 1 commit
    • Alberto Bertogli's avatar
      courier: Add tests for STS policy checks · 02322a74
      Alberto Bertogli authored
      This patch adds tests for STS policy checks in combination with TLS
      security levels.
      This helps ensure we're detecting mis-matches of TLS status
      (plain/insecure/secure) and STS policy enforcement.
  8. 29 Oct, 2021 1 commit
  9. 25 Oct, 2021 2 commits
    • Alberto Bertogli's avatar
      courier: Use explicit certificate validation in the SMTP courier · 643f7576
      Alberto Bertogli authored
      When using STARTTLS, the SMTP courier needs to determine whether the
      server certificates are valid or not.
      Today, that's implemented via connecting once with full certificate
      verification, and if that fails, reconnecting with verification
      This works okay in practice, but it is slower on insecure servers (due
      to the reconnection), and some of them even complain because we connect
      too frequently, causing delivery problems. The latter has only been
      observed once, on the MX servers.
      To improve on that situation, this patch makes the courier do the TLS
      connection only once, and uses the verification results directly.
      The behaviour of the server is otherwise unchanged. The only difference
      is that when delivering mail to servers that have invalid certificates,
      we now connect once instead of twice.
      The tests are expanded to increase coverage for this particular case.
    • Alberto Bertogli's avatar
      testlib: Add GenerateCert function · 90d38555
      Alberto Bertogli authored
      This patch moves the GenerateCert function from the smtpsrv tests to the
      common testlib, so it can be used by other tests in the future.
  10. 08 Oct, 2021 4 commits
    • Alberto Bertogli's avatar
      courier: Use DNSError.IsNotFound to identify NXDOMAIN · ed38945f
      Alberto Bertogli authored
      When resolving MX records, we need to distinguish between "no such
      domain" and other kinds of errors. Before Go 1.13, this was not
      possible, so we had a workaround that assumed any permanent error was a
      "no such domain", which is not great, but functional.
      Now that our minimum supported version is Go 1.15, we can remove the
      This patch replaces the workaround with proper logic using
      DNSError.IsNotFound to identify NXDOMAIN results when resolving MX
      This requires to adjust a few tests, that used to work on environments
      where resolving unknown domains (used for testing) returned a permanent
      error, and now they no longer do so. Instead of relying on this
      environmental property, we make the affected tests use our own DNS
      server, which should make them more hermetic and reproducible.
    • Alberto Bertogli's avatar
      smtpsrv: Remove obsolete call to tls.BuildNameToCertificate · 6633f078
      Alberto Bertogli authored
      tls.BuildNameToCertificate has been deprecated, and calling it is no
      longer necessary since Go 1.14.
      Now that our minimum supported Go version is 1.15, we can remove it.
    • Alberto Bertogli's avatar
      test: Simplify dovecot config in integration test · e1a71105
      Alberto Bertogli authored
      In the Dovecot integration test, we can now simplify the configuration
      as we assume Dovecot 2.3 is the minimum version supported for testing
      (as that's the one from Debian stable at the moment).
    • Alberto Bertogli's avatar
      chasquid-util: Update ReadPassword dependency · fcdc49d7
      Alberto Bertogli authored
      Today, we use `` to read passwords. That
      package is obsolete, replaced with ``.
      We couldn't move them because term wasn't compatible with Go 1.11 which
      was our oldest supported Go version.
      Now that we moved to Go 1.15 as the oldest supported version, we can do
      the update.
  11. 04 Oct, 2021 2 commits
    • Alberto Bertogli's avatar
      travis: Remove Travis CI configuration · 07c133fd
      Alberto Bertogli authored
      Travis hasn't worked in a while, is shutting down for most projects, and
      we have already removed it from all public documentation.
      Also all the functionality it provided is now provided by GitLab CI.
      This patch removes the obsolete Travis configuration file.
    • Alberto Bertogli's avatar
      gitlab: Update minimal supported version · e444fe1f
      Alberto Bertogli authored
      With the new Debian stable release, we now support back to Go 1.15.
      Update the automated tests to reflect this.
  12. 03 Sep, 2021 1 commit
    • Alberto Bertogli's avatar
      docker: Install libcap2-bin binary · a5bd8cbc
      Alberto Bertogli authored
      The latest Debian stable images don't include the `setcap` binary by
      default like they used to.
      Our Docker build depends on it, so this patch makes the Dockerfile
      install the libcap2-bin package (which contains the `setcap` binary).
  13. 14 Aug, 2021 1 commit
  14. 30 Jul, 2021 1 commit
  15. 25 Jul, 2021 1 commit
    • Alberto Bertogli's avatar
      docs: Add DKIM setup instructions · d53c1d2b
      Alberto Bertogli authored
      This patch adds some basic instructions to the documentation on how to
      set up DKIM, using the tools supported by the example hook.
      It's not meant to be a full DKIM how-to, but to help someone who already
      knows enough, or who is complementing it with a more general purpose
      DKIM guide.
  16. 21 Jul, 2021 1 commit
    • Alberto Bertogli's avatar
      hooks: Add dkimpy support · 270a071c
      Alberto Bertogli authored
      This patch adds support in the default hook for using dkimpy for DKIM
      Unfortunately, dkimpy binaries have the same name as driusan/dkim's, so
      we need to use --help to disambiguate. It's not pretty but it should
      work, and is quite self contained.
      Also, for the integration tests, we still need driusan/dkim because
      dkimpy lacks the features needed. Specifically, dkimpy's dkimverify
      can't be made to use custom DNS, or override the TXT values in any way,
      so we can't verify that the generated signature is reasonable.
      Thanks to ne9z@github for suggesting this change and providing an
      alternative patch in
  17. 14 Jul, 2021 1 commit
    • Alberto Bertogli's avatar
      test: Skip integration tests if $HOSTALIASES is not functional · d78056af
      Alberto Bertogli authored
      Most integration tests depend on the $HOSTALIASES environment variable
      being functional. That variable works on most systems, but not all. In
      particular, systems with `systemd-resolved` can cause the variable to be
      This was reported by Alex Ellwein in
      This patch makes the affected tests to be skipped if $HOSTALIASES is not
      working properly. It also removes unnecessary hosts files from tests
      which don't need it, and documents this behaviour.
      Thanks to Alex Ellwein and foxcpp@ for reporting and helping investigate
      this issue!
  18. 08 Jul, 2021 1 commit
  19. 25 Jun, 2021 1 commit
    • Alberto Bertogli's avatar
      mda-lmtp: Add -to_puny, to punycode-encode addresses · 8f1f943f
      Alberto Bertogli authored
      Some LMTP servers (like dovecot) can't handle UTF8 addresses in the LMTP
      commands. This can be problematic if we want to use them with UTF8
      domains or usernames, which are well supported by chasquid.
      To help workaround this issue, this patch adds a new -to_puny flag for
      mda-lmtp, that makes it encode `from` and `recipient` in punycode.
      That way, the server will get punycode-encoded (ASCII) strings in the
      LTMP commands.
      This can be particularly convenient when the recipients are ASCII
      (because they're under the mail server control), but `from` may not be
      (because it comes from the network).
  20. 11 Jun, 2021 7 commits
    • Alberto Bertogli's avatar
      trace: Remove restriction on tracing pages · f137702f
      Alberto Bertogli authored
      By default, currently only allows the tracing
      pages to be seen from localhost.
      This restriction can be confusing for people accessing the monitoring
      server remotely, and adds no value in our environment.
      The monitoring server already exports very sensitive information, and
      must be enabled with care, and is not on by default. This is well
      This patch removes the restriction, making all the monitoring pages
      equally accessible.
    • Alberto Bertogli's avatar
      auth: Allow users without a domain · cfe0e48c
      Alberto Bertogli authored
      Some deployments already have users that authenticate without a domain.
      Today, we refuse to even consider those, and reject them at parsing time.
      However, it is a use-case worth supporting, at least with some
      restrictions that make the complexity manageable.
      This patch changes the auth package to support authenticating users
      without an "@domaiN" part.
      Those requests will always be directly passed on to the fallback
      authenticator, if available.
      The dovecot fallback authenticator can already handle this case just fine.
    • Alberto Bertogli's avatar
      expvarom: Use `application/openmetrics-text` as content type · 099e2e22
      Alberto Bertogli authored
      The openmetrics proposed standard says we should use the
      `application/openmetrics-text` content type when exporting the metrics.
      Currently we use `text/plain` for backwards compatibility with
      Prometheus, but the new content type is apparently supported since 2018,
      so it should be safe to update to match the current proposed standard.
    • Alberto Bertogli's avatar
      smtpsrv: Reject HTTP commands · 8c8e64dc
      Alberto Bertogli authored
      To help with defense-in-depth on cross-protocol attacks (e.g., this patch makes chasquid reject HTTP
    • Alberto Bertogli's avatar
      smtpsrv: Close the connection after 3 errors (lowering from 10) · 85305f4b
      Alberto Bertogli authored
      Today, we close the connection after 10 errors. While this is fine for
      normal use, it is unnecessarily large.
      Lowering it to 3 helps with defense-in-depth for cross-protocol attacks
      (e.g., while still being large enough for
      useful troubleshooting and normal operation.
      As part of this change, we also remove the AUTH-specific failures limit,
      because they're covered by the connection limit.
    • Alberto Bertogli's avatar
      smtpsrv: Quote unknown commands for debugging · 44eb0b90
      Alberto Bertogli authored
      When we receive unknown commands, we use the first 6 bytes for
      troubleshooting (e.g. put them in traces and exported metrics).
      While this is safe, since the different places know how to quote them
      properly, it makes things more difficult to analyse, since it's not
      uncommon to see be binary blobs.
      This patch makes us use the ascii-quoted version instead, to make things
      easier to analyze.
    • Alberto Bertogli's avatar
      modules: Add missing sum · 27f4356f
      Alberto Bertogli authored
      This patch adds a missing sum, that is used by the
      coverage view generator, so it was missed in the last general update.
  21. 06 Jun, 2021 1 commit
  22. 05 Jun, 2021 1 commit
    • Alberto Bertogli's avatar
      trace: Use request tracing in auth and domaininfo · b9f147fa
      Alberto Bertogli authored
      This patch adds tracing for the auth and domaininfo modules. In the
      latter, we replace the long-running event with the short-term request
      tracing, which is more practical and useful.
      There are no logic changes, it only adds tracing instrumentation to help
  23. 31 May, 2021 1 commit