Now imapsql module does not handle authentication. (it was not doing it so well
anyway)
sql_table module was introduced and used in the default configuration as
a replacement for functionality that was implemented by imapsql before.
Parts of maddyctl code were rewritten to make it work transparently with
any IMAP backend or credentials store.
Closes#212.
This allows modules (and any other code) to implement arbitrary actions
on server shutdown and "reload". Later will be used to address issues
like #160. There are no plans to implement complete configuration
reloading, however, since it adds a lot of problems to the modules
framework and it is believed to be "not worth it" at the moment.
Closes#130.
maddy(1) was incorrect calling them 'statedir' and 'runtimedir'.
Name with 'dir' is preferred since it is more explicit. Use of
underscores is consistent with other directives.
Allow to override DNS resolver address via the -debug.dnsoverride flag
and SMTP port via -debug.smtpport.
All flags are not available unless maddy is built using the 'debugflags'
tag.
The intention is to keep to repo root clean while the list of packages
is slowly growing.
Additionally, a bunch of small (~30 LoC) files in the repo root is
merged into a single maddy.go file, for the same reason.
Most of the internal code is moved into the internal/ directory. Go
toolchain will make it impossible to import these packages from external
applications.
Some packages are renamed and moved into the pkg/ directory in the root.
According to https://github.com/golang-standards/project-layout this is
the de-facto standard to place "library code that's ok to use by
external applications" in.
To clearly define the purpose of top-level directories, README.md files
are added to each.
This support is based on github.com/foxcpp/go-msgauth fork until
emerison/go-msgauth#13 gets merged.
Further extensions are required to make sure only messages we can
actually "take responsibility for" are signed.
RSA-2048 is used as a default algorithm when generating new keys.
RSA-4096 can cause trouble with UDP-only DNS due to responses being
bigger than 512 octets. RSA-1024 is too weak and explicitly
disallowed in maddy for new keys. It could be possible to use Ed25519
but support is not widely deployed yet (according to warning in rspamd
docs dated 2019-09). Users concerned about security of RSA-2048 can
switch to RSA-4096 or Ed25519, keeping relevant problems in mind.
Ed25519 key format uses PKCS#8, this seems to be different from other
implementations that just dump key material into a file without any
wrapping. Interoperability is not considered to encourage key
rotation when migration, which is a good thing to do anyway.
There is no option to use "body limit", since it is dangerous
and go-msgauth/dkim does not support it for signing.
The default set of signed header fields is the list used by rspamd.
Most "core" fields are oversigned to provide strict integrity.
"Conditional oversigning" similar to rspamd is not implemented, though
it may be useful, further research is required.
Multi-tentant configuration with DKIM and DMARC is much more verbose,
configuration example is added to config.d/multitentant-dkim.conf to
explain how to make it work.
To support unusual configuration syntax, endpoint modules (imap, smtp,
etc) relied on rather awkward code using modName+instName+aliases as
arguments. This commit replaces old handling with use of special
signature similar to inlineArgs introduced in 1edd031.
Endpoint modules are placed in a separate 'registry' and use
different initialization callback signature for simplicity. This makes
them inaccessible for other modules, though they are not supposed to be
anyway.
Endpoint modules are initialized before other modules. This allows
detecting unused configuration blocks by checking for modules
that were not lazily initalized after endpoint initialization.
This relies on endpoint modules being essentially "roots" of
instances dependency tree.
Idea of "semantical module names" is completely dropped now and so
HACKING.md is updated to not mention it.
Now they are represented by implementations of the log.Output interface
instead of just callbacks. This allows to add additional methods to it.
Mainly, it was done for purpose of Close method for flushing and closing
log files. This is important to make runtime logger reinitialization
(e.g. log rotation) possible.
Additionally, documentation now explains goroutine-safety of logger
objects.
It makes sense to allow having default of bool flag to true and
allow writing 'name no' to disable it. This allows getting rid of
"dont", "no" etc in names or certain directives which are meant to be
enabled by default. IMO 'do_x no' looks better than 'dont_do_x'
Allows faster and simpler implementation for cases when maddy
is running as a privileged user.
Automatic fallback to helper binary is not implemented since otherwise
config directive 'use_helper no' would make less sense and config.Map
does not support "enums" (true/false/not-specified) yet.
Closes#127.
Root package now contains only initialization code and 'dummy' module.
Each module now got its own package. Module packages are grouped by
their main purpose (storage/, target/, auth/, etc). Shared code is
placed in these "group" packages.
Parser for module references in config is moved into config/module.
Code shared by tests (mock modules, etc) is placed in testutils.
This allows more readable configuration files without additional
explanations in cases where a single module is used for multiple
purposes.
Also cleans up certain problems with modules that rely on block
names having certain semantics (e.g. endpoint modules).
* Drop most of the implicit defaults in favor of explicit configuration
We no longer follow caddy's "zero-configuration" approach. Mail is much
more complex than HTTP and we want to be explicit about things, always.
* Remove commented out directives from maddy.conf
