Merge branch 'release/v1.13.1'

axllent · Jan 27, 2024 · e812d12 · e812d12
2 parents 7f31fb7 + 0bff5fa
commit e812d12
Show file tree

Hide file tree

Showing 13 changed files with 410 additions and 345 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,22 @@
 
 Notable changes to Mailpit will be documented in this file.
 
+## [v1.13.1]
+
+### Chore
+- Update node dependencies
+- Update Go dependencies
+
+### Feature
+- Add TLSRequired option for smtpd ([#241](https://github.com/axllent/mailpit/issues/241))
+
+### Fix
+- Workaround for specific field searches containing unicode characters ([#239](https://github.com/axllent/mailpit/issues/239))
+
+### UI
+- Only show number of messages ignored statistics if `--ignore-duplicate-ids` is set
+
+
 ## [v1.13.0]
 
 ### Chore

diff --git a/cmd/root.go b/cmd/root.go
@@ -101,7 +101,8 @@ func init() {
 	rootCmd.Flags().BoolVar(&config.SMTPAuthAcceptAny, "smtp-auth-accept-any", config.SMTPAuthAcceptAny, "Accept any SMTP username and password, including none")
 	rootCmd.Flags().StringVar(&config.SMTPTLSCert, "smtp-tls-cert", config.SMTPTLSCert, "TLS certificate for SMTP (STARTTLS) - requires smtp-tls-key")
 	rootCmd.Flags().StringVar(&config.SMTPTLSKey, "smtp-tls-key", config.SMTPTLSKey, "TLS key for SMTP (STARTTLS) - requires smtp-tls-cert")
-	rootCmd.Flags().BoolVar(&config.SMTPAuthAllowInsecure, "smtp-auth-allow-insecure", config.SMTPAuthAllowInsecure, "Enable insecure PLAIN & LOGIN authentication")
+	rootCmd.Flags().BoolVar(&config.SMTPTLSRequired, "smtp-tls-required", config.SMTPTLSRequired, "Require TLS SMTP encryption")
+	rootCmd.Flags().BoolVar(&config.SMTPAuthAllowInsecure, "smtp-auth-allow-insecure", config.SMTPAuthAllowInsecure, "Allow insecure PLAIN & LOGIN SMTP authentication")
 	rootCmd.Flags().BoolVar(&config.SMTPStrictRFCHeaders, "smtp-strict-rfc-headers", config.SMTPStrictRFCHeaders, "Return SMTP error if message headers contain <CR><CR><LF>")
 	rootCmd.Flags().IntVar(&config.SMTPMaxRecipients, "smtp-max-recipients", config.SMTPMaxRecipients, "Maximum SMTP recipients allowed")
 	rootCmd.Flags().StringVar(&config.SMTPAllowedRecipients, "smtp-allowed-recipients", config.SMTPAllowedRecipients, "Only allow SMTP recipients matching a regular expression (default allow all)")
@@ -161,6 +162,9 @@ func initConfigFromEnv() {
 	auth.SetSMTPAuth(os.Getenv("MP_SMTP_AUTH"))
 	config.SMTPTLSCert = os.Getenv("MP_SMTP_TLS_CERT")
 	config.SMTPTLSKey = os.Getenv("MP_SMTP_TLS_KEY")
+	if getEnabledFromEnv("MP_SMTP_TLS_REQUIRED") {
+		config.SMTPTLSRequired = true
+	}
 	if getEnabledFromEnv("MP_SMTP_AUTH_ACCEPT_ANY") {
 		config.SMTPAuthAcceptAny = true
 	}

diff --git a/config/config.go b/config/config.go
@@ -52,6 +52,11 @@ var (
 	// SMTPTLSKey file
 	SMTPTLSKey string
 
+	// SMTPTLSRequired to enforce TLS
+	// The only allowed commands are NOOP, EHLO, STARTTLS and QUIT (as specified in RFC 3207) until
+	// the connection is upgraded to TLS i.e. until STARTTLS is issued.
+	SMTPTLSRequired bool
+
 	// SMTPAuthFile for SMTP authentication
 	SMTPAuthFile string
 
@@ -167,15 +172,15 @@ func VerifyConfig() error {
 
 	re := regexp.MustCompile(`.*:\d+$`)
 	if !re.MatchString(SMTPListen) {
-		return errors.New("SMTP bind should be in the format of <ip>:<port>")
+		return errors.New("[smtp] bind should be in the format of <ip>:<port>")
 	}
 	if !re.MatchString(HTTPListen) {
-		return errors.New("HTTP bind should be in the format of <ip>:<port>")
+		return errors.New("[ui] HTTP bind should be in the format of <ip>:<port>")
 	}
 
 	if UIAuthFile != "" {
 		if !isFile(UIAuthFile) {
-			return fmt.Errorf("HTTP password file not found: %s", UIAuthFile)
+			return fmt.Errorf("[ui] HTTP password file not found: %s", UIAuthFile)
 		}
 		b, err := os.ReadFile(UIAuthFile)
 		if err != nil {
@@ -187,36 +192,42 @@ func VerifyConfig() error {
 	}
 
 	if UITLSCert != "" && UITLSKey == "" || UITLSCert == "" && UITLSKey != "" {
-		return errors.New("You must provide both a UI TLS certificate and a key")
+		return errors.New("[ui] you must provide both a UI TLS certificate and a key")
 	}
 
 	if UITLSCert != "" {
 		if !isFile(UITLSCert) {
-			return fmt.Errorf("TLS certificate not found: %s", UITLSCert)
+			return fmt.Errorf("[ui] TLS certificate not found: %s", UITLSCert)
 		}
 
 		if !isFile(UITLSKey) {
-			return fmt.Errorf("TLS key not found: %s", UITLSKey)
+			return fmt.Errorf("[ui] TLS key not found: %s", UITLSKey)
 		}
 	}
 
 	if SMTPTLSCert != "" && SMTPTLSKey == "" || SMTPTLSCert == "" && SMTPTLSKey != "" {
-		return errors.New("You must provide both an SMTP TLS certificate and a key")
+		return errors.New("[smtp] You must provide both an SMTP TLS certificate and a key")
 	}
 
 	if SMTPTLSCert != "" {
 		if !isFile(SMTPTLSCert) {
-			return fmt.Errorf("SMTP TLS certificate not found: %s", SMTPTLSCert)
+			return fmt.Errorf("[smtp] TLS certificate not found: %s", SMTPTLSCert)
 		}
 
 		if !isFile(SMTPTLSKey) {
-			return fmt.Errorf("SMTP TLS key not found: %s", SMTPTLSKey)
+			return fmt.Errorf("[smtp] TLS key not found: %s", SMTPTLSKey)
 		}
+	} else if SMTPTLSRequired {
+		return errors.New("[smtp] TLS cannot be required without an SMTP TLS certificate and key")
+	}
+
+	if SMTPTLSRequired && SMTPAuthAllowInsecure {
+		return errors.New("[smtp] TLS cannot be required while also allowing insecure authentication")
 	}
 
 	if SMTPAuthFile != "" {
 		if !isFile(SMTPAuthFile) {
-			return fmt.Errorf("SMTP password file not found: %s", SMTPAuthFile)
+			return fmt.Errorf("[smtp] password file not found: %s", SMTPAuthFile)
 		}
 
 		b, err := os.ReadFile(SMTPAuthFile)
@@ -230,23 +241,23 @@ func VerifyConfig() error {
 	}
 
 	if auth.SMTPCredentials != nil && SMTPAuthAcceptAny {
-		return errors.New("SMTP authentication cannot use both credentials and --smtp-auth-accept-any")
+		return errors.New("[smtp] authentication cannot use both credentials and --smtp-auth-accept-any")
 	}
 
 	if SMTPTLSCert == "" && (auth.SMTPCredentials != nil || SMTPAuthAcceptAny) && !SMTPAuthAllowInsecure {
-		return errors.New("SMTP authentication requires TLS encryption, run with `--smtp-auth-allow-insecure` to allow insecure authentication")
+		return errors.New("[smtp] authentication requires TLS encryption, run with `--smtp-auth-allow-insecure` to allow insecure authentication")
 	}
 
 	validWebrootRe := regexp.MustCompile(`[^0-9a-zA-Z\/\-\_\.@]`)
 	if validWebrootRe.MatchString(Webroot) {
-		return fmt.Errorf("Invalid characters in Webroot (%s). Valid chars include: [a-z A-Z 0-9 _ . - / @]", Webroot)
+		return fmt.Errorf("invalid characters in Webroot (%s). Valid chars include: [a-z A-Z 0-9 _ . - / @]", Webroot)
 	}
 
 	s := strings.TrimRight(path.Join("/", Webroot, "/"), "/") + "/"
 	Webroot = s
 
 	if WebhookURL != "" && !isValidURL(WebhookURL) {
-		return fmt.Errorf("Webhook URL does not appear to be a valid URL (%s)", WebhookURL)
+		return fmt.Errorf("webhook URL does not appear to be a valid URL (%s)", WebhookURL)
 	}
 
 	if EnableSpamAssassin != "" {
@@ -255,7 +266,6 @@ func VerifyConfig() error {
 
 		if err := spamassassin.Ping(); err != nil {
 			logger.Log().Warnf("[spamassassin] ping: %s", err.Error())
-		} else {
 		}
 	}
 
@@ -269,23 +279,23 @@ func VerifyConfig() error {
 			if len(t) > 1 {
 				tag := tools.CleanTag(t[0])
 				if !ValidTagRegexp.MatchString(tag) || len(tag) == 0 {
-					return fmt.Errorf("Invalid tag (%s) - can only contain spaces, letters, numbers, - & _", tag)
+					return fmt.Errorf("[tag] invalid tag (%s) - can only contain spaces, letters, numbers, - & _", tag)
 				}
 				match := strings.TrimSpace(strings.ToLower(strings.Join(t[1:], "=")))
 				if len(match) == 0 {
-					return fmt.Errorf("Invalid tag match (%s) - no search detected", tag)
+					return fmt.Errorf("[tag] invalid tag match (%s) - no search detected", tag)
 				}
 				SMTPTags = append(SMTPTags, AutoTag{Tag: tag, Match: match})
 			} else {
-				return fmt.Errorf("Error parsing tags (%s)", a)
+				return fmt.Errorf("[tag] error parsing tags (%s)", a)
 			}
 		}
 	}
 
 	if SMTPAllowedRecipients != "" {
 		restrictRegexp, err := regexp.Compile(SMTPAllowedRecipients)
 		if err != nil {
-			return fmt.Errorf("Failed to compile smtp-allowed-recipients regexp: %s", err.Error())
+			return fmt.Errorf("[smtp] failed to compile smtp-allowed-recipients regexp: %s", err.Error())
 		}
 
 		SMTPAllowedRecipientsRegexp = restrictRegexp
@@ -297,7 +307,7 @@ func VerifyConfig() error {
 	}
 
 	if !ReleaseEnabled && SMTPRelayAllIncoming {
-		return errors.New("SMTP relay config must be set to relay all messages")
+		return errors.New("[smtp] relay config must be set to relay all messages")
 	}
 
 	if SMTPRelayAllIncoming {
@@ -315,7 +325,7 @@ func parseRelayConfig(c string) error {
 	}
 
 	if !isFile(c) {
-		return fmt.Errorf("SMTP relay configuration not found: %s", SMTPRelayConfigFile)
+		return fmt.Errorf("[smtp] relay configuration not found: %s", SMTPRelayConfigFile)
 	}
 
 	data, err := os.ReadFile(c)
@@ -328,7 +338,7 @@ func parseRelayConfig(c string) error {
 	}
 
 	if SMTPRelayConfig.Host == "" {
-		return errors.New("SMTP relay host not set")
+		return errors.New("[smtp] relay host not set")
 	}
 
 	if SMTPRelayConfig.Port == 0 {
@@ -341,20 +351,20 @@ func parseRelayConfig(c string) error {
 		SMTPRelayConfig.Auth = "none"
 	} else if SMTPRelayConfig.Auth == "plain" {
 		if SMTPRelayConfig.Username == "" || SMTPRelayConfig.Password == "" {
-			return fmt.Errorf("SMTP relay host username or password not set for PLAIN authentication (%s)", c)
+			return fmt.Errorf("[smtp] relay host username or password not set for PLAIN authentication (%s)", c)
 		}
 	} else if SMTPRelayConfig.Auth == "login" {
 		SMTPRelayConfig.Auth = "login"
 		if SMTPRelayConfig.Username == "" || SMTPRelayConfig.Password == "" {
-			return fmt.Errorf("SMTP relay host username or password not set for LOGIN authentication (%s)", c)
+			return fmt.Errorf("[smtp] relay host username or password not set for LOGIN authentication (%s)", c)
 		}
 	} else if strings.HasPrefix(SMTPRelayConfig.Auth, "cram") {
 		SMTPRelayConfig.Auth = "cram-md5"
 		if SMTPRelayConfig.Username == "" || SMTPRelayConfig.Secret == "" {
-			return fmt.Errorf("SMTP relay host username or secret not set for CRAM-MD5 authentication (%s)", c)
+			return fmt.Errorf("[smtp] relay host username or secret not set for CRAM-MD5 authentication (%s)", c)
 		}
 	} else {
-		return fmt.Errorf("SMTP relay authentication method not supported: %s", SMTPRelayConfig.Auth)
+		return fmt.Errorf("[smtp] relay authentication method not supported: %s", SMTPRelayConfig.Auth)
 	}
 
 	ReleaseEnabled = true
@@ -365,7 +375,7 @@ func parseRelayConfig(c string) error {
 
 	if SMTPRelayConfig.RecipientAllowlist != "" {
 		if err != nil {
-			return fmt.Errorf("Failed to compile relay recipient allowlist regexp: %s", err.Error())
+			return fmt.Errorf("[smtp] failed to compile relay recipient allowlist regexp: %s", err.Error())
 		}
 
 		SMTPRelayConfig.RecipientAllowlistRegexp = allowlistRegexp

diff --git a/go.mod b/go.mod
@@ -8,11 +8,11 @@ require (
 	github.com/axllent/semver v0.0.1
 	github.com/disintegration/imaging v1.6.2
 	github.com/gomarkdown/markdown v0.0.0-20231222211730-1d6d20845b47
-	github.com/google/uuid v1.5.0
+	github.com/google/uuid v1.6.0
 	github.com/gorilla/mux v1.8.1
 	github.com/gorilla/websocket v1.5.1
 	github.com/jhillyerd/enmime v1.1.0
-	github.com/klauspost/compress v1.17.4
+	github.com/klauspost/compress v1.17.5
 	github.com/leporo/sqlf v1.4.0
 	github.com/mhale/smtpd v0.8.2
 	github.com/reiver/go-telnet v0.0.0-20180421082511-9ff0b2ab096e
@@ -60,7 +60,7 @@ require (
 	lukechampine.com/uint128 v1.3.0 // indirect
 	modernc.org/cc/v3 v3.41.0 // indirect
 	modernc.org/ccgo/v3 v3.16.15 // indirect
-	modernc.org/libc v1.40.6 // indirect
+	modernc.org/libc v1.40.7 // indirect
 	modernc.org/mathutil v1.6.0 // indirect
 	modernc.org/memory v1.7.2 // indirect
 	modernc.org/opt v0.1.3 // indirect

diff --git a/go.sum b/go.sum
@@ -55,8 +55,8 @@ github.com/gomarkdown/markdown v0.0.0-20231222211730-1d6d20845b47 h1:k4Tw0nt6lwr
 github.com/gomarkdown/markdown v0.0.0-20231222211730-1d6d20845b47/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 h1:Xim43kblpZXfIBQsbuBVKCudVG457BR2GZFIz3uw3hQ=
-github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
-github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
 github.com/gorilla/css v1.0.1 h1:ntNaBIghp6JmvWnxbZKANoLyuXTPZ4cAMlo6RyhlbO8=
 github.com/gorilla/css v1.0.1/go.mod h1:BvnYkspnSzMmwRK+b8/xgNPLiIuNZr6vbZBTPQ2A3b0=
@@ -72,8 +72,8 @@ github.com/jhillyerd/enmime v1.1.0 h1:ubaIzg68VY7CMCe2YbHe6nkRvU9vujixTkNz3EBvZO
 github.com/jhillyerd/enmime v1.1.0/go.mod h1:FRFuUPCLh8PByQv+8xRcLO9QHqaqTqreYhopv5eyk4I=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
-github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4=
-github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
+github.com/klauspost/compress v1.17.5 h1:d4vBd+7CHydUqpFBgUEKkSdtSugf9YFmSkvUYPquI5E=
+github.com/klauspost/compress v1.17.5/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
@@ -218,8 +218,8 @@ modernc.org/ccgo/v3 v3.16.15 h1:KbDR3ZAVU+wiLyMESPtbtE/Add4elztFyfsWoNTgxS0=
 modernc.org/ccgo/v3 v3.16.15/go.mod h1:yT7B+/E2m43tmMOT51GMoM98/MtHIcQQSleGnddkUNI=
 modernc.org/ccorpus v1.11.6 h1:J16RXiiqiCgua6+ZvQot4yUuUy8zxgqbqEEUuGPlISk=
 modernc.org/httpfs v1.0.6 h1:AAgIpFZRXuYnkjftxTAZwMIiwEqAfk8aVB2/oA6nAeM=
-modernc.org/libc v1.40.6 h1:141JHq3SjhOOCjECBgD4K8VgTFOy19CnHwroC08DAig=
-modernc.org/libc v1.40.6/go.mod h1:YAXkAZ8ktnkCKaN9sw/UDeUVkGYJ/YquGO4FTi5nmHE=
+modernc.org/libc v1.40.7 h1:oeLS0G067ZqUu+v143Dqad0btMfKmNS7SuOsnkq0Ysg=
+modernc.org/libc v1.40.7/go.mod h1:YAXkAZ8ktnkCKaN9sw/UDeUVkGYJ/YquGO4FTi5nmHE=
 modernc.org/mathutil v1.6.0 h1:fRe9+AmYlaej+64JsEEhoWuAYBkOtQiMEU7n/XgfYi4=
 modernc.org/mathutil v1.6.0/go.mod h1:Ui5Q9q1TR2gFm0AQRqQUaBWFLAhQpCwNcuhBOSedWPo=
 modernc.org/memory v1.7.2 h1:Klh90S215mmH8c9gO98QxQFsY+W451E8AnzjoE2ee1E=