add a webapi and webhooks for a simple http/json-based api

for applications to compose/send messages, receive delivery feedback, and
maintain suppression lists.

this is an alternative to applications using a library to compose messages,
submitting those messages using smtp, and monitoring a mailbox with imap for
DSNs, which can be processed into the equivalent of suppression lists. but you
need to know about all these standards/protocols and find libraries. by using
the webapi & webhooks, you just need a http & json library.

unfortunately, there is no standard for these kinds of api, so mox has made up
yet another one...

matching incoming DSNs about deliveries to original outgoing messages requires
keeping history of "retired" messages (delivered from the queue, either
successfully or failed). this can be enabled per account. history is also
useful for debugging deliveries. we now also keep history of each delivery
attempt, accessible while still in the queue, and kept when a message is
retired. the queue webadmin pages now also have pagination, to show potentially
large history.

a queue of webhook calls is now managed too. failures are retried similar to
message deliveries. webhooks can also be saved to the retired list after
completing. also configurable per account.

messages can be sent with a "unique smtp mail from" address. this can only be
used if the domain is configured with a localpart catchall separator such as
"+". when enabled, a queued message gets assigned a random "fromid", which is
added after the separator when sending. when DSNs are returned, they can be
related to previously sent messages based on this fromid. in the future, we can
implement matching on the "envid" used in the smtp dsn extension, or on the
"message-id" of the message. using a fromid can be triggered by authenticating
with a login email address that is configured as enabling fromid.

suppression lists are automatically managed per account. if a delivery attempt
results in certain smtp errors, the destination address is added to the
suppression list. future messages queued for that recipient will immediately
fail without a delivery attempt. suppression lists protect your mail server
reputation.

submitted messages can carry "extra" data through the queue and webhooks for
outgoing deliveries. through webapi as a json object, through smtp submission
as message headers of the form "x-mox-extra-<key>: value".

to make it easy to test webapi/webhooks locally, the "localserve" mode actually
puts messages in the queue. when it's time to deliver, it still won't do a full
delivery attempt, but just delivers to the sender account. unless the recipient
address has a special form, simulating a failure to deliver.

admins now have more control over the queue. "hold rules" can be added to mark
newly queued messages as "on hold", pausing delivery. rules can be about
certain sender or recipient domains/addresses, or apply to all messages pausing
the entire queue. also useful for (local) testing.

new config options have been introduced. they are editable through the admin
and/or account web interfaces.

the webapi http endpoints are enabled for newly generated configs with the
quickstart, and in localserve. existing configurations must explicitly enable
the webapi in mox.conf.

gopherwatch.org was created to dogfood this code. it initially used just the
compose/smtpclient/imapclient mox packages to send messages and process
delivery feedback. it will get a config option to use the mox webapi/webhooks
instead. the gopherwatch code to use webapi/webhook is smaller and simpler, and
developing that shaped development of the mox webapi/webhooks.

for issue #31 by cuu508

mox-/config.go

@@ -61,6 +61,8 @@ var (
 	Conf              = Config{Log: map[string]slog.Level{"": slog.LevelError}}
 )
 
+var ErrConfig = errors.New("config error")
+
 // Config as used in the code, a processed version of what is in the config file.
 //
 // Use methods to lookup a domain/account/address in the dynamic configuration.
@@ -317,10 +319,11 @@ func (c *Config) allowACMEHosts(log mlog.Log, checkACMEHosts bool) {
 // todo future: write config parsing & writing code that can read a config and remembers the exact tokens including newlines and comments, and can write back a modified file. the goal is to be able to write a config file automatically (after changing fields through the ui), but not loose comments and whitespace, to still get useful diffs for storing the config in a version control system.
 
 // must be called with lock held.
+// Returns ErrConfig if the configuration is not valid.
 func writeDynamic(ctx context.Context, log mlog.Log, c config.Dynamic) error {
 	accDests, errs := prepareDynamicConfig(ctx, log, ConfigDynamicPath, Conf.Static, &c)
 	if len(errs) > 0 {
-		return errs[0]
+		return fmt.Errorf("%w: %v", ErrConfig, errs[0])
 	}
 
 	var b bytes.Buffer
@@ -1272,8 +1275,52 @@ func prepareDynamicConfig(ctx context.Context, log mlog.Log, dynamicPath string,
 			}
 			acc.NotJunkMailbox = r
 		}
+
+		acc.ParsedFromIDLoginAddresses = make([]smtp.Address, len(acc.FromIDLoginAddresses))
+		for i, s := range acc.FromIDLoginAddresses {
+			a, err := smtp.ParseAddress(s)
+			if err != nil {
+				addErrorf("invalid fromid login address %q in account %q: %v", s, accName, err)
+			}
+			// We check later on if address belongs to account.
+			dom, ok := c.Domains[a.Domain.Name()]
+			if !ok {
+				addErrorf("unknown domain in fromid login address %q for account %q", s, accName)
+			} else if dom.LocalpartCatchallSeparator == "" {
+				addErrorf("localpart catchall separator not configured for domain for fromid login address %q for account %q", s, accName)
+			}
+			acc.ParsedFromIDLoginAddresses[i] = a
+		}
+
 		c.Accounts[accName] = acc
 
+		if acc.OutgoingWebhook != nil {
+			u, err := url.Parse(acc.OutgoingWebhook.URL)
+			if err == nil && (u.Scheme != "http" && u.Scheme != "https") {
+				err = errors.New("scheme must be http or https")
+			}
+			if err != nil {
+				addErrorf("parsing outgoing hook url %q in account %q: %v", acc.OutgoingWebhook.URL, accName, err)
+			}
+
+			// note: outgoing hook events are in ../queue/hooks.go, ../mox-/config.go, ../queue.go and ../webapi/gendoc.sh. keep in sync.
+			outgoingHookEvents := []string{"delivered", "suppressed", "delayed", "failed", "relayed", "expanded", "canceled", "unrecognized"}
+			for _, e := range acc.OutgoingWebhook.Events {
+				if !slices.Contains(outgoingHookEvents, e) {
+					addErrorf("unknown outgoing hook event %q", e)
+				}
+			}
+		}
+		if acc.IncomingWebhook != nil {
+			u, err := url.Parse(acc.IncomingWebhook.URL)
+			if err == nil && (u.Scheme != "http" && u.Scheme != "https") {
+				err = errors.New("scheme must be http or https")
+			}
+			if err != nil {
+				addErrorf("parsing incoming hook url %q in account %q: %v", acc.IncomingWebhook.URL, accName, err)
+			}
+		}
+
 		// todo deprecated: only localpart as keys for Destinations, we are replacing them with full addresses. if domains.conf is written, we won't have to do this again.
 		replaceLocalparts := map[string]string{}
 
@@ -1423,6 +1470,25 @@ func prepareDynamicConfig(ctx context.Context, log mlog.Log, dynamicPath string,
 			}
 		}
 
+		// Now that all addresses are parsed, check if all fromid login addresses match
+		// configured addresses.
+		for i, a := range acc.ParsedFromIDLoginAddresses {
+			// For domain catchall.
+			if _, ok := accDests["@"+a.Domain.Name()]; ok {
+				continue
+			}
+			dc := c.Domains[a.Domain.Name()]
+			lp, err := CanonicalLocalpart(a.Localpart, dc)
+			if err != nil {
+				addErrorf("canonicalizing localpart for fromid login address %q in account %q: %v", acc.FromIDLoginAddresses[i], accName, err)
+				continue
+			}
+			a.Localpart = lp
+			if _, ok := accDests[a.Pack(true)]; !ok {
+				addErrorf("fromid login address %q for account %q does not match its destination addresses", acc.FromIDLoginAddresses[i], accName)
+			}
+		}
+
 		checkRoutes("routes for account", acc.Routes)
 	}