cmail-mta / cmail Goto Github PK

Currently, a port can be TLSONLY without a certificate, leading to illegal memory access

Have the parameter to a 'reject' router be the message printed in the RCPT TO response.

(from-local) -> replace with local part of ENVELOPE-FROM
(from-domain) -> replace with domain part of ENVELOPE-FROM
(to-local) -> replace with local part of ENVELOPE-TO
(to-domain) -> replace with domain part of ENVELOPE-TO

This would mainly imply fleshing out the router at https://github.com/cmail-mta/cmail/blob/master/cmail-smtpd/route.c#L123 a bit.

Like a button or something

Deleting lots (1k+) of mail via the POP DELE command takes a lot of time after issuing QUIT (due to repeated filesystem hits), possibly timing out client connections/disabling new connections/disrupting active sessions/enabling DoS attacks.

Marking mails for deletion in the database and bulk-deleting them with one statement should fix this.

• manpage
• homepage

It might be useful to have a button for logging out of the admin panel

Start by reading the RFCs and/or the lcov results and design new tests against functionality that could use more coverage.

Reference points:

• Test directory TODO files
• Already implemented tests
• RFCs
• lcov Coverage Reports

Creating these is slightly more advanced than creating tests against already implemented protocols, as they should first be validated against another IMAP implementation before being able to use them as implementation reference for cmail-imapd.

Most useful would probably be domain sockets.

This functionality would be useful for

• Controlling daemon functionality (starting interval runs, etc)
• Getting telemetry data (for munin, etc)

eg. Logger config

Kick clients after n failed commands

When not detaching, the logger might also consider writing at least critical messages to stderr for additional output.

start-stop-daemon seems to have problems stopping the services

docu docu docu !!!!

New expressions do not show up, no error message is being shown

The Received-header prepended to every Mail processed by the system contains potentially sensitive information (mostly the remote addresss). This might optionally be filtered on authenticated connections.

The mailserver which makes the final delivery (to a mailbox) MUST insert a return-path line at the beginning of the mail header.

https://tools.ietf.org/html/rfc5321#section-4.4

Configurable via the config files, for feeding data into monitoring tools like munin

In order to minimize startup time, introduce a new parameter to the bind config statement specifying a file to read the dhparameters from.

I can't edit the order (number) in the webadmin-panel.

...by counting Received: Headers

Pass the prepared query_authdata statement instead

...for later extraction via control mechanisms (see #30)

Greylisting in the initial SMTP dialog triggers the branch marked at
https://github.com/cmail-mta/cmail/blob/master/cmail-dispatchd/logic.c#L173
which does not insert a failure log entry, resulting in retries every interval.

e.g. SIGUSR1 (possibly problematic) or a named pipe

add php session

Could also be integrated into address management view as an input box that filters the expressions shown.

Should be easy to do by hooking up the password input at
https://github.com/cmail-mta/cmail/blob/master/cmail-webadmin/index.html#L39
with a cmail.login() call upon encountering a return character

eg. Postgres

User databases are currently attached with the SQLite ATTACH DATABASE facility.
This has some side effects such as locking all attached databases when entering an exclusive transaction on the master database as well as introducing limits on the number of user databases attached.

The way to solve this would be to have SQLite connection handles per database, which should be doable because we currently do not use cross-database queries.

The backing store allows for (and some scenarios would strongly benefit from) signed order values.

MSA should check the database schema version. When in logmode there is now error when database version is not the same (but you can get prepare statement compile errors). Prepared statement compile errors should also been reported in stderr when logfile is enabled.