Add more recommended best practice and fix a few mistakes.
1. SPF record should also be available via MX hostname (more precisely, HELO hostname we identify as)
2. MTA-STS requires an TXT record
3. TLSRPT can be used to get information about MTA-STS breakage.
4. Use p=quarantine in DMARC
5. Recommend deploying DANE in addition to MTA-STS
* Update setting-up.md
replacing hostname mx.example.org by example.org accordingly to the rest of the tutorial which doesn't refer to it (i.e. DNS configuration).
* readding MX1, with more detail
* adding A entry for mx1
* fixing ========
Now imapsql module does not handle authentication. (it was not doing it so well
anyway)
sql_table module was introduced and used in the default configuration as
a replacement for functionality that was implemented by imapsql before.
Parts of maddyctl code were rewritten to make it work transparently with
any IMAP backend or credentials store.
Closes#212.
Remove examples/ dir reference from REDME. It no longer exists.
Mention scdoc in installation tutorial.
Fix vim joke formatting.
Mention systemctl daemon-reload in intallation tutorial.
New script build.sh is much more suitable for downstream packaging
(e.g. ./build.sh package) than hacked together package.sh wrapper for
get.sh while still being usable for "effort-less" installation.
Additionally, hostname setting in get.sh is flawed in many ways and is
not reimplemented in build.sh.
build.sh has proper command line options that allow to customize build
configuration and installation prefixes.
Documentation page get.sh is removed since all applicable environment
variables and flags are documented in ./build.sh --help.
build.sh can be called from the source directory to build maddy from
*this* source instead of forced 'go get' that was used in get.sh.
However, if build.sh is called not from the source directory, it clones
the repo and (optionally) uses the specified commit. This keeps build.sh
usable in curl|bash commands.
Due to the way source code is fetched, build.sh uses Git tags instead of
Go module versions as get.sh did.
Use of inotify and possibly other mechanisms poses portability risks.
Notably, "cross-platform" abstractions such as fsnotify library remove
access to certain features that are important to use it correctly in
some cases e.g. it is preferable to listen only for IN_CLOSE_WRITE on
Linux instead of IN_MODIFY to prevent races and unexpected failures.
Pooling approach avoids such problems by either running reload code at a
different time than actual renewal or retrying later if parse fails.
With certificates being renewed before expiry (e.g. 1 week before) delay
is not a signficiant problem.
Closes#160.
DANE is complex and requires its own (potentially lengthy) tutorial on
how to configure it properly. MTA-STS, on the other hand, is designed to
be simple to deploy so recommend to configure it in the Setting up
tutorial.
