missytake
532d094a08
CI: check whether cmdeploy dns --zonefile works
2024-01-19 20:36:49 +01:00
missytake
0cea5840df
CI: don't reset staging.testrun.org after each run
2024-01-19 20:36:49 +01:00
missytake
45686778ea
unbound: ensure systemd service can be started after root keys were generated
2024-01-19 20:36:49 +01:00
missytake
45108d9c93
CI: deploy on staging.testrun.org and if it works, on nine.testrun.org
2024-01-19 20:36:49 +01:00
missytake
3665d957a7
tests: fix tests for new fastCGI route and DKIM responses
2024-01-17 11:23:04 +01:00
link2xt
86940b2ee1
Stop requesting DMARC reports
...
Nobody reads these XML reports
and we know our DKIM is valid
when `cmdeploy dns` is happy.
2024-01-17 01:37:54 +00:00
link2xt
24fb9eb65b
Nicer /new URL for new accounts and redirect GET requests
...
If user types in https://nine.testrun.org/new manually
in the browser, at least Firefox and Brave suggest
to open the app after following the redirect.
2024-01-15 13:06:29 +00:00
link2xt
700256c273
Split DKIM checks into separate rules
...
Now errors distinguish between missing DKIM singature,
missing DNS entry or invalid DKIM signature.
2024-01-15 02:36:10 +00:00
link2xt
d575d62b18
rspamd: give the reason to MTA when incoming mail is rejected
...
This is not secret but makes it easier for mail server admins
to debug why chatmail does not accept their emails.
If the server generates bounce messages, users will also see this
and can redirect to their server support.
It also shows up in /var/log/rspamd/rspamd.log on chatmail server.
2024-01-14 13:12:46 +00:00
link2xt
8cdf8ce376
Merge 'rspamd' branch, replacing OpenDKIM with rspamd
...
This adds DKIM and SPF checks and replaces OpenDKIM with rspamd for
DKIM signing.
2024-01-14 09:30:31 +00:00
link2xt
7c9abfbde3
Reject on DKIM PERMFAIL and SPF PERMFAIL as well
2024-01-14 09:19:04 +00:00
link2xt
95de87a325
Fixup rspamd disabled.conf deployment message
2024-01-14 08:45:39 +00:00
link2xt
5366df8dc6
Replace rspamd rule weights with a strict rule
2024-01-14 08:45:23 +00:00
link2xt
0a6db5161d
Remove unused _configure_opendkim
2024-01-12 19:05:23 +00:00
link2xt
62e25e44fd
Disable ratelimit module like other modules
2024-01-12 18:56:11 +00:00
link2xt
ce9fe920dc
Do not return anything from remove_opendkim()
2024-01-12 18:47:57 +00:00
link2xt
c171866faf
Actually disable phising, rbl and hfilter
2024-01-12 18:46:07 +00:00
missytake
7758c94e31
rspamd: remove redis (not needed)
2024-01-12 15:49:06 +00:00
missytake
66debb9245
lint fixes, final touch
2024-01-12 15:49:06 +00:00
missytake
3542232393
rspamd: reject emails with invalid SPF, DKIM, DMARC
2024-01-12 15:49:06 +00:00
missytake
536c12d989
tests: use generic recipient for DKIM testing
2024-01-12 15:49:06 +00:00
missytake
265403e110
revert "Significantly lower ratelimit"
2024-01-12 15:49:01 +00:00
missytake
fd679af577
rspamd: generate DKIM keys with rspamadm
2024-01-12 15:47:36 +00:00
missytake
ecbf135549
rspamd: install rspamd + redis
2024-01-12 15:47:36 +00:00
missytake
7b90b936dd
tests: add test for rejecting SPF & DMARC fails
2024-01-12 15:47:36 +00:00
missytake
17a919ee53
lint: fix 3 issues
2024-01-12 15:47:36 +00:00
missytake
1b15ec0eae
rspamd: Significantly lower ratelimit; without read receipts this should be more than fine
2024-01-12 15:47:36 +00:00
missytake
bf863f05b6
rspamd: add redis-server for caching
2024-01-12 15:47:36 +00:00
missytake
a2316beab1
rspamd: disable RBL checks
2024-01-12 15:47:36 +00:00
missytake
28fc91f5f3
rspamd: add rate limiting
2024-01-12 15:47:36 +00:00
missytake
67062677b0
disable some unnecessary rspamd modules
2024-01-12 15:47:36 +00:00
missytake
faf8ffe678
do DKIM signing with rspamd instead of openDKIM
2024-01-12 15:47:36 +00:00
missytake
5821098699
DNS: added www subdomain to zonefile
2024-01-12 13:34:23 +00:00
link2xt
542d63888a
nginx: redirect www. to non-www
2024-01-12 13:34:23 +00:00
link2xt
449f8a014c
Fix indentation in nginx.conf.j2
2024-01-12 13:34:23 +00:00
link2xt
57764d0cf5
dns: require www. subdomain and request TLS certificate for it
2024-01-12 13:34:23 +00:00
link2xt
c39a79e26a
dns: check mta-sts CNAME directly without resolving to IP
2024-01-12 13:34:23 +00:00
link2xt
b6622fc68e
chore: run scripts/cmdeploy fmt
2024-01-12 12:18:28 +00:00
link2xt
75b41641f0
doveauth: fix home directory returned from lookup_passdb
...
It is currently unused, but better have it correct
in case of enabling debugging options such as rawlogs.
2024-01-08 16:40:08 +00:00
link2xt
30a61972fb
Update autoconfig XML URL with RFC draft
...
Old page does not exist anymore and linking to web archive is not nice.
2024-01-08 16:33:04 +01:00
missytake
bcc54602ee
postfix: cleanup submission headers
2024-01-05 12:13:31 +01:00
missytake
f9998d5721
tests: if sender's public IP address is in the Received header
2024-01-05 12:13:31 +01:00
nudeldudel
8605ceba5e
Update master.cf.j2
...
Add submission-header-cleanup to reduce the meta-data
2024-01-05 12:13:31 +01:00
missytake
30bcf9ff77
www: change nine.testrun.org occurence to mail_domain
2024-01-05 12:12:52 +01:00
link2xt
70b0e9d5e5
postfix: increase compatibility_level to 3.6
2023-12-27 00:29:12 +01:00
missytake
fdd533aa3b
acmetool: stop nginx so acmetool-redirector can start
2023-12-25 23:45:40 +01:00
link2xt
a44ed0aeb3
Use dig +short option to simplify DNS parsing
...
Without this option parsing of answer was flaky
as for long records like
_submission._tcp.nine.testrun.org.
dig printed the result with a space rather
than tab as a separator and .split("\t") did not work.
This change makes the `dig` command print the answer
in the form we need so there is no need for complex parsing
other than taking the first line.
`-r` option is added to make sure options are not changed by .digrc
in the root home directory.
2023-12-22 21:49:12 +00:00
link2xt
f5bfa6bd56
test: test scanning QR code
2023-12-21 22:22:38 +00:00
link2xt
81a6f8808b
fix: escape login and password when passed from dovecot to doveauth
...
This should allow to use / in the password
2023-12-21 22:22:38 +00:00
link2xt
be3685519f
Document ports 80 and 443 and add more hyperlinks
2023-12-21 16:16:17 +00:00