search

mjl- / mox

modern full-featured open source secure mail server for low-maintenance self-hosted email
https://www.xmox.nl
MIT License
3.64k stars 108 forks source link

Feedback v0.0.3 #30

Open inigoserna opened 1 year ago

inigoserna commented 1 year ago

Hi,

I've just migrated a couple of small domains from postfix+opendkim+dovecot to mox v0.0.3 (AMD64 binary). The server runs Fedora 38. Mox is behid nginx (it proxies some complex sites: rainloop, nextcloud…), and I manage letsencrypt certificates by myself. As the server installation is new I can't send emails for some weeks (provider's spam protection), so I haven't been able to test sending emails.

Configuration has been fairly easy, except my own mess with administration port (I was using autoconfig/mta-sms port). Perhaps it should be mentioned clearer that admin username is blank. Anyway my main problem was that /etc/letsencrypt is owned by root:root, and mox reads the certificates after dropping root permissions to mox user, so I've had to chgrp some directories and files (cert and key).

I've successfully sent emails to different users of the configured domains. IMAP also worked perfectly with these clients: mbsync, rainloop webmail, and Android's AquaMail app.

Some features I would appreciate:

Thanks a lot and congratulations for mox!

inigoserna commented 1 year ago

EDIT: there is an issue with mbsync imap client.

After syncthing all folders and logging out, it seems the connection is not properly closed, and after ~30s the socket breaks with some error messages. In the terminal, mbsync waits, and after these 30s it finishes without any message.

I copy last mox log messages with LogLevel=tracepath:

May 14 12:14:55 __mail.domain.com__ mox[365312]: l=trace m="C: 15 CLOSE\r\n" pkg=imapserver cid=18819c0c177 delta=40.730125ms username=__user@domain.com__
May 14 12:14:55 __mail.domain.com__ mox[365312]: l=trace m="S: 15 OK CLOSE done\r\n" pkg=imapserver cid=18819c0c177 delta="887.273µs" username=__user@domain.com__
May 14 12:14:55 __mail.domain.com__ mox[365312]: l=debug m="imap command done" pkg=imapserver cmd=close duration="918.832µs" cid=18819c0c177 delta="74.059µs" username=__user@domain.com__
May 14 12:14:55 __mail.domain.com__ mox[365312]: l=trace m="C: 16 LOGOUT\r\n" pkg=imapserver cid=18819c0c177 delta=40.054144ms username=__user@domain.com__
May 14 12:14:55 __mail.domain.com__ mox[365312]: l=trace m="S: * BYE thanks\r\n16 OK LOGOUT done\r\n" pkg=imapserver cid=18819c0c177 delta="107.952µs" username=__user@domain.com__
May 14 12:14:55 __mail.domain.com__ mox[365312]: l=debug m="imap command done" pkg=imapserver cmd=logout duration="77.826µs" cid=18819c0c177 delta="57.128µs" username=__user@domain.com__
May 14 12:15:25 __mail.domain.com__ mox[365312]: l=info m="imap command ioerror" err="reading line from remote: read tcp __IP_SERVER__:993->__IP_SRC__:41086: i/o timeout (fatal io error)" pkg=imapserver cmd= duration=30.00066739s cid=18819c0c177 delta=30.00059297s username=__user@domain.com__
May 14 12:15:25 __mail.domain.com__ mox[365312]: l=info m="connection closed" err="reading line from remote: read tcp __IP_SERVER__:993->__IP_SRC__:41086: i/o timeout (fatal io error)" pkg=imapserver cid=18819c0c177 delta="194.835µs" username=__user@domain.com__

I noted that if I run mbsync from terminal emails are sync'ed, but with the wait and those messages in mox. If I run mbsync in background (systemd timer, 1 minute) emails are not sync'ed.

mjl- commented 1 year ago

hi @inigoserna, thanks for the feedback, much appreciated.

my main problem was that /etc/letsencrypt is owned by root:root, and mox reads the certificates after dropping root permissions to mox user

good one, i think it makes more sense for mox to read those files when still running as root. i'm adding it to my todo list.

except my own mess with administration port (I was using autoconfig/mta-sms port)

you may have run into a bug that was fixed recently that influence autoconfig/mta-sts (only if you hadn't enabled them both at the same time): https://github.com/mjl-/mox/commit/f6ed860ccb4911e41dda374238d834f680006612

Show username in logs for IMAP connections (info level and upper).

sounds reasonable. and we already log this with tracing. same for authenticated smtp (for submission). adding to the list.

Something like pflogsumm that generates daily/weekly/monthly reports/statistics which could also be sent by email

ah yes, this sounds useful. would mean mox would have to collect a bit more statistics, at least for rejected incoming messages/connections, and failed outgoing delivery attempts. but it's useful to have. i'm adding it to the list, but there are quite a few items with higher priority.

Calendaring server

agreed, already on the list, but probably won't have time to work on it soon.

it seems the connection is not properly closed, and after ~30s the socket breaks with some error messages.

i'll have a look at this soon. will post an update when i make progress!