infrastructure/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2025-06-27 19:08:15 +03:00
Code Issues Packages Projects Releases Wiki Activity
mox/smtpserver
History
Mechiel Lukkien 833a67fe3d add config option to disable tls client auth during tls handshakes 
to work around clients, like the gmail smtp client, that tries to
authenticate with a webpki-issued certificate (which we don't know).

i tried specifying a list of accepted (subjects of) CA certs during the
tls handshake (with just 1 entry, with "xmox.nl" as common name), which
clients can use to influence their cert selection.  however, the gmail
smtp client ignores it, so not a solution for the issue where this was
raised. also, specifying a list of accepted certs could cause other
clients to not send their client cert anymore, breaking existing setups.

i also considered only asking for tls client auth when at least one
account has a tls pubkey configured. but decided against it since any
account can add one on their own (without system admin interaction),
changing behaviour of the system and potentially breaking existing
submission/tls configs.

we now also print the "subject" and "issuer" of certs when tls client
auth fails, should be useful for future debugging.

for issue #359
2025-06-09 12:33:10 +02:00
..
alias_test.go
In tests, make initializing store/, its switchboard and an account more consistent.
2025-03-15 11:15:23 +01:00
alignment.go
switch to slog.Logger for logging, for easier reuse of packages by external software
2023-12-14 13:45:52 +01:00
analyze.go
add config option to an account destination to reject messages that don't pass a dmarc-like aligned spf/aligned dkim check
2025-02-15 17:34:06 +01:00
dnsbl.go
switch to slog.Logger for logging, for easier reuse of packages by external software
2023-12-14 13:45:52 +01:00
dsn.go
ensure senderaccount is always set for messages in queue
2024-04-28 11:03:47 +02:00
error.go
for imap/smtp syntax errors, only echo the remaining buffer if the connection is authenticated
2023-03-10 11:32:34 +01:00
fuzz_test.go
add config option to disable tls client auth during tls handshakes
2025-06-09 12:33:10 +02:00
limitwriter.go
mox!
2023-01-30 14:27:06 +01:00
main_test.go
Fail tests if unhandled panics happened.
2025-03-06 11:35:43 +01:00
mx.go
implement dnssec-awareness throughout code, and dane for incoming/outgoing mail delivery
2023-10-10 12:09:35 +02:00
parse_test.go
mox!
2023-01-30 14:27:06 +01:00
parse.go
add parser of Authentication-Results, and fix bugs it found in our generated headers
2024-03-13 17:35:53 +01:00
rejects.go
Improve expunged message/UID tracking in IMAP sessions, track synchronization history for mailboxes/annotations.
2025-03-06 11:35:44 +01:00
reputation_test.go
add more details to x-mox-reason message header added during delivery, for understanding why a message is accepted/rejected
2024-10-04 16:01:30 +02:00
reputation.go
add more details to x-mox-reason message header added during delivery, for understanding why a message is accepted/rejected
2024-10-04 16:01:30 +02:00
server_test.go
add config option to disable tls client auth during tls handshakes
2025-06-09 12:33:10 +02:00
server.go
add config option to disable tls client auth during tls handshakes
2025-06-09 12:33:10 +02:00