Despite being incomplete, it can be still be useful and provide
protection for users.
The missing part is the report generation, which is defined as a part of
a minimal implementation by RFC 7489, though.
Setting up communication mediums for feedback and other stuff. At this
point I already decided to use GitHub issue tracker as a task
tracker only, not as a generic Q&A board as some projects do.
Given amount of steps actually needed to install maddy, it makes sense
to automate at least some of them.
Also, since maddy repo is replicated on foxcpp.dev/maddy,
it can be used like this:
curl https://foxcpp.dev/maddy/get.sh | bash
That's, of course, is a partial solution. In future, package
repository least for Debian will be created with properly built
packages.
Response to possible complaints about curl|bash:
There is not that much difference between that and cloning repo
to run 'make install'. People who care can inspect the script
either way and ones who don't care... well, don't care.
Example $(hostname) is now equal to $(primary_domain).
$(local_domains) now contains only $(primary_domain).
tls directive contains values that represent certbot
store structure, allowing easier configuration by symlinking
/etc/maddy/certs to /etc/letscrypt/live.
Features section:
- Put stuff into 4 categories
- Extend list of planned features.
maddyctl section is merged into Building section.
Configuration section is merged into Quick start to actually provide
step-by-step instructions for initial configuration.
System users, PostgreSQL, multi-tenant config sections are
removed. They are considered "advanced" and so just
add noise to README which is supposed to be an introduction.
They will be extended into complete tutorials and published
on Project Wiki.
This support is based on github.com/foxcpp/go-msgauth fork until
emerison/go-msgauth#13 gets merged.
Further extensions are required to make sure only messages we can
actually "take responsibility for" are signed.
RSA-2048 is used as a default algorithm when generating new keys.
RSA-4096 can cause trouble with UDP-only DNS due to responses being
bigger than 512 octets. RSA-1024 is too weak and explicitly
disallowed in maddy for new keys. It could be possible to use Ed25519
but support is not widely deployed yet (according to warning in rspamd
docs dated 2019-09). Users concerned about security of RSA-2048 can
switch to RSA-4096 or Ed25519, keeping relevant problems in mind.
Ed25519 key format uses PKCS#8, this seems to be different from other
implementations that just dump key material into a file without any
wrapping. Interoperability is not considered to encourage key
rotation when migration, which is a good thing to do anyway.
There is no option to use "body limit", since it is dangerous
and go-msgauth/dkim does not support it for signing.
The default set of signed header fields is the list used by rspamd.
Most "core" fields are oversigned to provide strict integrity.
"Conditional oversigning" similar to rspamd is not implemented, though
it may be useful, further research is required.
Multi-tentant configuration with DKIM and DMARC is much more verbose,
configuration example is added to config.d/multitentant-dkim.conf to
explain how to make it work.
This commit majorly updates all Markdown documents by attempting to maintain a consistent (80 columns per line) formatting and addresses some display bugs in other Markdown renderers due to improper use of Markdown - GitHub is a little broken. But it also addresses grammar and even makes semantical changes to some paragraphs.
Notably, in README.md, section "System authentication helper binaries" had relatively severe changes.
To future contributors: if trying to maintain any kind of wrapping standard, I suggest using special extensions, like Rewrap for VSCode.
Now it is not tied go-imap-sql details (with the exception of special
features), allowing it to be used with other storage backends that will
be added in the future.
--unsafe flag is removed and now maddyctl explicitly asks for
confirmation in cases where transaction may be unsafe for connected
clients. --yes flag disables that. In the future, maddy can be
extended with IPC interface to push updates so it this restriction
can be lifted altogether.
1. There is only one version for maddy and imapsql-ctl utility.
This prevents confusion about compatibility.
2. Modified imapsql-ctl understands maddy config format, this allows
it to read needed values from it without the need for lengthy commmand
line arguments.
Closes#148.
Now modules are documented in separate man pages depending on their
main purpose. This generally keeps things more organised than with
one huge maddy.conf(5) page to document everything.
- fsstore is now required, this is reflected by documentation updates.
Upstream commits:
* 8ee5c96 Fix handling of "null" compression
* d6bc61c Add support for zstd compression
* aa76135 Implement support for LZ4 compression support
* cde9a24 Update VersionStr constant
* 2008a7b Remove schema upgrade operations for older versions
* b6668d0 Remove section about Internal/External BLOBs from README
* e91826c cmd/imapsql-ctl: Remove support for reading driver/DSN from text file
* 0dca68f Rename imapsql.Store -> imapsql.FSStore
* 4071c69 Remove support for handling messages in table rows
* 4c8996e Remove most of the code for storing messages in table rows
* b682ac1 Skip header in openBody if needHeader = false
* 2a263c3 Require fsstore to be used
* 45b437d Remove CI job for testing with MariaDB
* 8d30346 Add 'go 1.12' to go.mod
Now exterrors.IsTemporary should be used to check whether error is a
temporary one.
This implementation relies on Go 1.13 error inspection primitives and
thus increases minimal Go version required by maddy accordingly.
A lot of stuff ranging from 'building from source' to configuration
is explained in much more detail.
Table of Contents is added to make navigation easier.
Go 1.11.X before 1.11.4 incorrectly handles checksums generated by Go
1.12. We should tell users to use Go 1.11.4 to avoid checksum
verification errors.
Currently we have only 0.0.1 which is basically useless. We don't want
to get users confused because the command without version specification
will download latest release.
* Drop most of the implicit defaults in favor of explicit configuration
We no longer follow caddy's "zero-configuration" approach. Mail is much
more complex than HTTP and we want to be explicit about things, always.
* Remove commented out directives from maddy.conf
