about summary refs log tree commit diff stats
path: root/scripts (unfollow)
Commit message (Collapse)Author
5 daysscripts/get_dns.sh: InitBenedikt Peetz
This script is useful, when migrating from a hosted DNS server to our own. An example output looks like this (for `get_dns.sh b-peetz.de`): ``` (A) 92.60.38.179 [b-peetz.de] (AAAA) 2a03:4000:33:25b::4f4e [b-peetz.de] (CAA) 0 issue "letsencrypt.org" [b-peetz.de] (CNAME) <Not set> [b-peetz.de] (DNAME) <Not set> [b-peetz.de] (MX) 10 mail.foss-syndicate.org. [b-peetz.de] (NS) second-dns.netcup.net. [b-peetz.de] (NS) third-dns.netcup.net. [b-peetz.de] (NS) root-dns.netcup.net. [b-peetz.de] (SOA) root-dns.netcup.net. dnsadmin.netcup.net. 2025012510 28800 7200 1209600 86400 [b-peetz.de] (SRV) <Not set> [b-peetz.de] (TXT) "v=spf1 +mx -all" [b-peetz.de] (PTR) <Not set> [b-peetz.de] (DNSKEY) <Not set> [b-peetz.de] (DS) <Not set> [b-peetz.de] (SSHFP) <Not set> [b-peetz.de] (TLSA) <Not set> [b-peetz.de] (OPENPGPKEY) <Not set> [b-peetz.de] (SVCB) <Not set> [b-peetz.de] (HTTPS) <Not set> [b-peetz.de] (TXT) "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZ0lbL3BHTuWmiRj/8ZqbEsKK/yBrhXeKDmu8Oj1IGGbQCiqxGkkrdUMzRrZD+6hH0OWjppqc4Sw/oC8ilgSzSntYzkygGjM/7uBLhWVgLjcO7ovsoF7GIldhXcQSD/3hbI0QOoMV2/w7dEZmbYsulw6b2m8FbSAHPn+RvGmwjzQIDAQAB" [mail._domainkey.b-peetz.de] (TXT) "v=DMARC1; p=reject" [_dmarc.b-peetz.de] ```
5 daysmodules/stalwart-mail: Remove now unneeded `allowInsecureSmtp` optionBenedikt Peetz
5 daystests/email-dns: InitBenedikt Peetz
This test is somewhat involved, but tries to exercise our full mail handling capabilities. It effectively only tests that alice can send a message to bob, but it checks nearly all security mechanisms (DNSSEC is currently still missing).
5 dayspkgs/fetchmail-common-name: Patch fetchmail to accept certificates without ↵Benedikt Peetz
common name Pebble gives you SAN only certificates.
5 daystest/email-ip: Rename from the general `email` testBenedikt Peetz
5 daysmodules/stalwart-mail-free: Remove all `security` dependent checks if it's nullBenedikt Peetz
5 dayspkgs/stalwart-mail-free: Avoid running `stalwart-mail`'s testsBenedikt Peetz
5 dayspkgs/stalwart-mail-free: Update `cargoHash`Benedikt Peetz
5 daysmodules/stalwart-mail: Capitalize default mailboxesBenedikt Peetz
This seems to be somewhat of a standart.
5 daysmodules/stalwart-mail: Also listen on :25 without SSL but with STARTTLSBenedikt Peetz
This is important, so that other MTA can send us mail.
5 daysmodules/stalwart-mail: Set a default value for `principals`Benedikt Peetz
5 daysmodules/stalwart-mail: Include full systemd service and set correct dependenciesBenedikt Peetz
This also starts `nginx` so that we can complete http-01 acme challenges.
5 daysmodules/stalwart-mail: Select DKIM keys per-domainBenedikt Peetz
5 daysmodules/stalwart-mail: Avoid hardcoding `vhack.eu` email addressBenedikt Peetz
5 daysmodules/dns: Add service dependenciesBenedikt Peetz
5 daysmodules/dns: Set a reasonable verbosity levelBenedikt Peetz
The default is way too quiet.
5 daysmodules/dns: Provide the option to open the required firewall portsBenedikt Peetz
5 daysmodules/dns: Remove `lib.debug` callsBenedikt Peetz
5 daysmodules/dns/dns/types/records/PTR.nix: Special case for reverse IP lookupsBenedikt Peetz
This makes implementing a DNS server in tests easier.
5 dayspkgs/stalwart-mail-free: Also patch to use the platform CA storeBenedikt Peetz
This is needed for the test. The general changes are caused by the requirement to update the `chargoHash`, which currently only works with this counter intuitive attribute overriding.
5 daysmodules/dns/dns/types/records/MTA-STS.nix: InitBenedikt Peetz
5 daysmodules/dns/dns/types/records/DMARC.nix: Reference the correct RFCBenedikt Peetz
RFC 7208 is titled “Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1”, whilst RFC 7489 is titled “Domain-based Message Authentication, Reporting, and Conformance (DMARC)”
5 days.envrc: Add ./scripts to PATHBenedikt Peetz
5 daysscripts/testInteractive: Actually build the *interactive* test driverBenedikt Peetz
Otherwise, the experience is simply worse.