[enh] Be able to disable ipv6 for smtp

data/hooks/conf_regen/19-postfix

@@ -35,7 +35,8 @@ do_pre_regen() {
     > "${default_dir}/postsrsd"
 
   # adapt it for IPv4-only hosts
-  if [ ! -f /proc/net/if_inet6 ]; then
+  ipv6="$(yunohost settings get 'smtp.ipv6')"
+  if [ "$ipv6" == "False" ] || [ ! -f /proc/net/if_inet6 ]; then
     sed -i \
       's/ \[::ffff:127.0.0.0\]\/104 \[::1\]\/128//g' \
       "${postfix_dir}/main.cf"

data/hooks/diagnosis/24-mail.py

@@ -12,6 +12,7 @@ from moulinette.utils.filesystem import read_yaml
 
 from yunohost.diagnosis import Diagnoser
 from yunohost.domain import _get_maindomain, domain_list
+from yunohost.settings import settings_get
 
 DEFAULT_DNS_BLACKLIST = "/usr/share/yunohost/other/dnsbl_list.yml"
 
@@ -95,7 +96,8 @@ class MailDiagnoser(Diagnoser):
                 yield dict(meta={"test": "mail_ehlo", "ipversion": ipversion},
                            data={"wrong_ehlo": r["helo"], "right_ehlo": self.ehlo_domain},
                            status="ERROR",
-                           summary="diagnosis_mail_ehlo_wrong")
+                           summary="diagnosis_mail_ehlo_wrong",
+                           details=["diagnosis_mail_ehlo_wrong_details"])
 
 
     def check_fcrdns(self):
@@ -106,20 +108,30 @@ class MailDiagnoser(Diagnoser):
         """
 
         for ip in self.ips:
+            if ":" in ip:
+                details = ["diagnosis_mail_fcrdns_nok_details",
+                           "diagnosis_mail_fcrdns_nok_alternatives_6"]
+            else:
+                details = ["diagnosis_mail_fcrdns_nok_details",
+                           "diagnosis_mail_fcrdns_nok_alternatives_4"]
+
             try:
                 rdns_domain, _, _ = socket.gethostbyaddr(ip)
             except socket.herror:
                 yield dict(meta={"test": "mail_fcrdns", "ip": ip},
                            data={"ehlo_domain": self.ehlo_domain},
                            status="ERROR",
-                           summary="diagnosis_mail_fcrdns_dns_missing")
+                           summary="diagnosis_mail_fcrdns_dns_missing",
+                           details=details)
                 continue
             if rdns_domain != self.ehlo_domain:
+                details = ["diagnosis_mail_fcrdns_different_from_ehlo_domain_details"] + details
                 yield dict(meta={"test": "mail_fcrdns", "ip": ip},
                            data={"ehlo_domain": self.ehlo_domain,
                                  "rdns_domain": rdns_domain},
                            status="ERROR",
-                           summary="diagnosis_mail_fcrdns_different_from_ehlo_domain")
+                           summary="diagnosis_mail_fcrdns_different_from_ehlo_domain",
+                           details=details)
 
 
     def check_blacklist(self):
@@ -210,12 +222,13 @@ class MailDiagnoser(Diagnoser):
             if global_ipv4:
                 outgoing_ips.append(global_ipv4)
 
-        ipv6 = Diagnoser.get_cached_report("ip", {"test": "ipv6"}) or {}
-        if ipv6.get("status") == "SUCCESS":
-            outgoing_ipversions.append(6)
-            global_ipv6 = ipv6.get("data", {}).get("global", {})
-            if global_ipv6:
-                outgoing_ips.append(global_ipv6)
+        if settings_get("smtp.ipv6"):
+            ipv6 = Diagnoser.get_cached_report("ip", {"test": "ipv6"}) or {}
+            if ipv6.get("status") == "SUCCESS":
+                outgoing_ipversions.append(6)
+                global_ipv6 = ipv6.get("data", {}).get("global", {})
+                if global_ipv6:
+                    outgoing_ips.append(global_ipv6)
         return (outgoing_ipversions, outgoing_ips)
 
 def main(args, env, loggers):

locales/en.json

@@ -185,7 +185,7 @@
     "diagnosis_swap_notsomuch": "The system has only {total} swap. You should consider having at least 256 MB to avoid situations where the system runs out of memory.",
     "diagnosis_swap_ok": "The system has {total} of swap!",
     "diagnosis_mail_outgoing_port_25_ok": "Outgoing port 25 is open, emails can be sent",
-    "diagnosis_mail_outgoing_port_25_blocked": "Outgoing port 25 appears to be bloecked in IPv{ipversion}",
+    "diagnosis_mail_outgoing_port_25_blocked": "Outgoing port 25 appears to be blocked in IPv{ipversion}",
     "diagnosis_mail_outgoing_port_25_blocked_details": "You should first try to unblock it in your internet service provider (or hosting provider) configuration panel or by sending a ticket to your hosting provider. Meanwhile, the server won't be able to send emails to other servers.",
     "diagnosis_mail_outgoing_port_25_blocked_relay_vpn": "Some providers won't let you unblock outgoing port 25 because they don't care about Net Neutrality.<br> - Some of them provide the alternative of <a href='https://yunohost.org/#/smtp_relay'>using a mail server relay</a> though it implies that the relay will be able to spy on your email traffic.<br>- A privacy-friendly alternative is to use a VPN *with a dedicated public IP* to bypass this kind of limits. See <a href='https://yunohost.org/#/vpn_advantage'>https://yunohost.org/#/vpn_advantage</a><br>- Finally, it's also possible to <a href='https://yunohost.org/#/isp'>change of provider</a>",
     "diagnosis_mail_ehlo_ok": "Postfix mail service answer correctly from outside",
@@ -199,8 +199,11 @@
     "diagnosis_mail_ehlo_could_not_diagnose_details": "Error: {error}",
     "diagnosis_mail_fcrdns_ok": "Your reverse DNS is well configured",
     "diagnosis_mail_fcrdns_dns_missing": "No reverse DNS defined for the ip {ip}",
-    "diagnosis_mail_fcrdns_dns_missing_details": "You can configure it on ",
-    "diagnosis_mail_fcrdns_different_from_ehlo_domain": "Your reverse DNS {rdns_domain} is different from your EHLO domain {ehlo_domain} on {ip}",
+    "diagnosis_mail_fcrdns_nok_details": "You should first try to configure the reverse DNS with <code>{ehlo_domain}</code> on your internet service provider (or hosting provider) config panel or by sending a ticket to your hosting provider. Meanwhile, some outgoing mails won't be delivered.",
+    "diagnosis_mail_fcrdns_nok_alternatives_4": "Some providers won't let you configure it or the feature is broken on their config panel. If you are experiencing some server refusing your email for this reason, you could try those solutions:<br> - Some ISP provide the alternative of <a href='https://yunohost.org/#/smtp_relay'>using a mail server relay</a> though it implies that the relay will be able to spy on your email traffic.<br>- A privacy-friendly alternative is to use a VPN *with a dedicated public IP* to bypass this kind of limits. See <a href='https://yunohost.org/#/vpn_advantage'>https://yunohost.org/#/vpn_advantage</a><br>- Finally, it's also possible to <a href='https://yunohost.org/#/isp'>change of provider</a>",
+    "diagnosis_mail_fcrdns_nok_alternatives_6": "Some providers won't let you configure it or the feature is broken on their config panel in IPv6. If your reverse DNS is ok in IPv4, you can try to disable the use of IPv6 to send mail by running <cmd>yunohost settings set smtp.ipv6 -v off ; yunohost tools regen-conf postfix</cmd>. Note: with this last solution you won't be able to send or received emails from the rare ipv6 only servers.",
+    "diagnosis_mail_fcrdns_different_from_ehlo_domain": "The reverse DNS is different from your EHLO domain on {ip}",
+    "diagnosis_mail_fcrdns_different_from_ehlo_domain_details": "Current reverse DNS: <code>{rdns_domain}</code><br>Expected value: <code>{ehlo_domain}</code>",
     "diagnosis_mail_blacklist_ok": "IPs and domains used by this server to send mail are not on most used email blacklists",
     "diagnosis_mail_blacklist_listed_by": "{item} is blacklisted on {blacklist_name}",
     "diagnosis_mail_blacklist_reason": "The blacklist explains: {reason}",

src/yunohost/settings.py

@@ -70,6 +70,7 @@ DEFAULTS = OrderedDict([
     ("security.postfix.compatibility", {"type": "enum", "default": "intermediate",
         "choices": ["intermediate", "modern"]}),
     ("pop3.enabled", {"type": "bool", "default": False}),
+    ("smtp.ipv6", {"type": "bool", "default": True}),
 ])