From 3c174389b64581dd91581c424f7299f637e1f00c Mon Sep 17 00:00:00 2001 From: ljf Date: Sun, 19 Apr 2020 00:48:54 +0200 Subject: [PATCH 01/11] [enh] Add some details --- data/hooks/diagnosis/24-mail.py | 13 ++++++++----- locales/ca.json | 2 +- locales/en.json | 19 +++++++++++-------- locales/eo.json | 2 +- locales/es.json | 2 +- locales/fr.json | 2 +- tests/test_i18n_keys.py | 7 +++++++ 7 files changed, 30 insertions(+), 17 deletions(-) diff --git a/data/hooks/diagnosis/24-mail.py b/data/hooks/diagnosis/24-mail.py index 0ce1f3f25..27903c9e9 100644 --- a/data/hooks/diagnosis/24-mail.py +++ b/data/hooks/diagnosis/24-mail.py @@ -59,8 +59,8 @@ class MailDiagnoser(Diagnoser): yield dict(meta={"test": "outgoing_port_25", "ipversion": ipversion}, data={}, status="ERROR", - summary="diagnosis_mail_ougoing_port_25_blocked", - details=["diagnosis_mail_ougoing_port_25_blocked_details", + summary="diagnosis_mail_outgoing_port_25_blocked", + details=["diagnosis_mail_outgoing_port_25_blocked_details", "diagnosis_mail_outgoing_port_25_blocked_relay_vpn"]) @@ -76,18 +76,21 @@ class MailDiagnoser(Diagnoser): data={}, ipversion=ipversion) except Exception as e: - yield dict(meta={"test": "mail_ehlo", "ipversion": ipversion}, + yield dict(meta={"test": "mail_ehlo", "reason": "remote_server_failed", + "ipversion": ipversion}, data={"error": str(e)}, status="WARNING", summary="diagnosis_mail_ehlo_could_not_diagnose", details=["diagnosis_mail_ehlo_could_not_diagnose_details"]) continue - if r["status"] == "error_smtp_unreachable": + if r["status"] != "ok": + summary = r["status"].replace("error_smtp_", "diagnosis_mail_ehlo_") yield dict(meta={"test": "mail_ehlo", "ipversion": ipversion}, data={}, status="ERROR", - summary="diagnosis_mail_ehlo_unavailable") + summary=summary, + details=[summary + "_details"]) elif r["helo"] != self.ehlo_domain: yield dict(meta={"test": "mail_ehlo", "ipversion": ipversion}, data={"wrong_ehlo": r["helo"], "right_ehlo": self.ehlo_domain}, diff --git a/locales/ca.json b/locales/ca.json index 0ea0d91f6..c20b94d6e 100644 --- a/locales/ca.json +++ b/locales/ca.json @@ -571,7 +571,7 @@ "apps_catalog_obsolete_cache": "La memòria cau del catàleg d'aplicacions és buida o obsoleta.", "apps_catalog_update_success": "S'ha actualitzat el catàleg d'aplicacions!", "diagnosis_mail_ougoing_port_25_ok": "El port de sortida 25 no està bloquejat i els correus es poden enviar a altres servidors.", - "diagnosis_mail_ougoing_port_25_blocked": "Sembla que el port de sortida 25 està bloquejat. Hauríeu d'intentar desbloquejar-lo al panell de configuració del proveïdor d'accés a internet (o allotjador). Mentrestant, el servidor no podrà enviar correus a altres servidors.", + "diagnosis_mail_outgoing_port_25_blocked": "Sembla que el port de sortida 25 està bloquejat. Hauríeu d'intentar desbloquejar-lo al panell de configuració del proveïdor d'accés a internet (o allotjador). Mentrestant, el servidor no podrà enviar correus a altres servidors.", "diagnosis_description_mail": "Correu electrònic", "migration_description_0013_futureproof_apps_catalog_system": "Migrar al nou sistema de catàleg d'aplicacions resistent al pas del temps", "app_upgrade_script_failed": "Hi ha hagut un error en el script d'actualització de l'aplicació", diff --git a/locales/en.json b/locales/en.json index 4a0aefca8..63cef236b 100644 --- a/locales/en.json +++ b/locales/en.json @@ -189,12 +189,17 @@ "diagnosis_mail_outgoing_port_25_blocked_details": "You should first try to unblock it in your internet service provider (or hosting provider) configuration panel or by sending a ticket to your hosting provider. Meanwhile, the server won't be able to send emails to other servers.", "diagnosis_mail_outgoing_port_25_blocked_relay_vpn": "Some providers won't let you unblock outgoing port 25 because they don't care about Net Neutrality.
- Some of them provide the alternative of using a mail server relay though it implies that the relay will be able to spy on your email traffic.
- A privacy-friendly alternative is to use a VPN *with a dedicated public IP* to bypass this kind of limits. See https://yunohost.org/#/vpn_advantage
- Finally, it's also possible to change of provider", "diagnosis_mail_ehlo_ok": "Postfix mail service answer correctly from outside", - "diagnosis_mail_ehlo_unavailable": "Postfix mail service don't answer to EHLO request on IPv{ipversion}", - "diagnosis_mail_ehlo_wrong": "A mail server answers {wrong_ehlo} instead {right_ehlo} on IPv{ipversion}", - "diagnosis_mail_ehlo_could_not_diagnose": "Could not diagnose if postfix mail server is reachable from outside in IPv{ipversion}.", - "diagnosis_mail_ehlo_could_not_diagnose_details": "{error}", + "diagnosis_mail_ehlo_unreachable": "SMTP server unreachable on IPv{ipversion}", + "diagnosis_mail_ehlo_unreachable_details": "Could not open a connection on port 25 through IPv{ipversion}, probably because of a firewall, port forwarding issue or postfix service down", + "diagnosis_mail_ehlo_bad_answer": "A non-SMTP service answered on port 25 on IPv{ipversion}", + "diagnosis_mail_ehlo_bad_answer_details": "It could be due to an other machine answering instead of your server.", + "diagnosis_mail_ehlo_wrong": "An other SMTP server answers on IPv{ipversion}", + "diagnosis_mail_ehlo_wrong_details": "The remote diagnoser return a wrong EHLO answer from your IPv{ipversion}.
Received: {wrong_ehlo}
Expected: {right_ehlo}
You probably have a port forwarding issue or a reverse proxy server unconfigured for mail.", + "diagnosis_mail_ehlo_could_not_diagnose": "Could not diagnose if postfix mail server is reachable from outside", + "diagnosis_mail_ehlo_could_not_diagnose_details": "Error: {error}", "diagnosis_mail_fcrdns_ok": "Your reverse DNS is well configured", "diagnosis_mail_fcrdns_dns_missing": "No reverse DNS defined for the ip {ip}", + "diagnosis_mail_fcrdns_dns_missing_details": "You can configure it on ", "diagnosis_mail_fcrdns_different_from_ehlo_domain": "Your reverse DNS {rdns_domain} is different from your EHLO domain {ehlo_domain} on {ip}", "diagnosis_mail_blacklist_ok": "IPs and domains used by this server to send mail are not on most used email blacklists", "diagnosis_mail_blacklist_listed_by": "{item} is blacklisted on {blacklist_name}", @@ -220,8 +225,7 @@ "diagnosis_description_mail": "Email", "diagnosis_description_regenconf": "System configurations", "diagnosis_description_security": "Security checks", - "diagnosis_ports_could_not_diagnose": "Could not diagnose if ports are reachable from outside in IPv{ipversion}.", - "diagnosis_ports_could_not_diagnose_details": "Error: {error}", + "diagnosis_ports_could_not_diagnose": "Could not diagnose if ports are reachable from outside. Error: {error}", "diagnosis_ports_unreachable": "Port {port} is not reachable from outside.", "diagnosis_ports_partially_unreachable": "Port {port} is not reachable from outside in IPv{failed}.", "diagnosis_ports_ok": "Port {port} is reachable from outside.", @@ -229,8 +233,7 @@ "diagnosis_ports_forwarding_tip": "To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config", "diagnosis_http_hairpinning_issue": "Your local network does not seem to have hairpinning enabled.", "diagnosis_http_hairpinning_issue_details": "This is probably because of your ISP box / router. As a result, people from outside your local network will be able to access your server as expected, but not people from inside the local network (like you, probably?). You may be able to improve the situation by having a look at https://yunohost.org/dns_local_network", - "diagnosis_http_could_not_diagnose": "Could not diagnose if domains are reachable from outside in IPv{ipversion}.", - "diagnosis_http_could_not_diagnose_details": "Error: {error}", + "diagnosis_http_could_not_diagnose": "Could not diagnose if domain is reachable from outside. Error: {error}", "diagnosis_http_ok": "Domain {domain} is reachable through HTTP from outside the local network.", "diagnosis_http_timeout": "Timed-out while trying to contact your server from outside. It appears to be unreachable.
1. The most common cause for this issue is that you did not correctly configure port forwarding for port 80.
2. Also make sure that the web server nginx is running
3. On more complex setups: make sure that a firewall or reverse-proxy is not interfering.", "diagnosis_http_connection_error": "Connection error: could not connect to the requested domain, it's very likely unreachable.", diff --git a/locales/eo.json b/locales/eo.json index 87e062ea2..9c1aed008 100644 --- a/locales/eo.json +++ b/locales/eo.json @@ -515,7 +515,7 @@ "app_upgrade_script_failed": "Eraro okazis en la skripto pri ĝisdatiga programo", "diagnosis_diskusage_verylow": "Stokado {mountpoint} (sur aparato {device)) restas nur {free} ({free_percent}%) spaco. Vi vere konsideru purigi iom da spaco.", "diagnosis_ram_verylow": "La sistemo nur restas {available} ({available_percent}%) RAM! (el {total})", - "diagnosis_mail_ougoing_port_25_blocked": "Eliranta haveno 25 ŝajnas esti blokita. Vi devas provi malŝlosi ĝin en via agorda panelo de provizanto (aŭ gastiganto). Dume la servilo ne povos sendi retpoŝtojn al aliaj serviloj.", + "diagnosis_mail_outgoing_port_25_blocked": "Eliranta haveno 25 ŝajnas esti blokita. Vi devas provi malŝlosi ĝin en via agorda panelo de provizanto (aŭ gastiganto). Dume la servilo ne povos sendi retpoŝtojn al aliaj serviloj.", "diagnosis_http_bad_status_code": "Ne povis atingi vian servilon kiel atendite, ĝi redonis malbonan statuskodon. Povas esti, ke alia maŝino respondis anstataŭ via servilo. Vi devus kontroli, ke vi ĝuste redonas la havenon 80, ke via nginx-agordo ĝisdatigas kaj ke reverso-prokuro ne interbatalas.", "main_domain_changed": "La ĉefa domajno estis ŝanĝita", "yunohost_postinstall_end_tip": "La post-instalado finiĝis! Por fini vian agordon, bonvolu konsideri:\n - aldonado de unua uzanto tra la sekcio 'Uzantoj' de la retadreso (aŭ 'yunohost user create ' en komandlinio);\n - diagnozi problemojn atendantajn solvi por ke via servilo funkciu kiel eble plej glate tra la sekcio 'Diagnosis' de la retadministrado (aŭ 'yunohost diagnosis run' en komandlinio);\n - legante la partojn 'Finigi vian agordon' kaj 'Ekkoni Yunohost' en la administra dokumentado: https://yunohost.org/admindoc.", diff --git a/locales/es.json b/locales/es.json index 6a55378da..de9eb91c6 100644 --- a/locales/es.json +++ b/locales/es.json @@ -554,7 +554,7 @@ "diagnosis_swap_none": "El sistema no tiene mas espacio de intercambio. Considera agregar por lo menos 256 MB de espacio de intercambio para evitar que el sistema se quede sin memoria.", "diagnosis_swap_notsomuch": "Al sistema le queda solamente {total} de espacio de intercambio. Considera agregar al menos 256 MB para evitar que el sistema se quede sin memoria.", "diagnosis_mail_ougoing_port_25_ok": "El puerto de salida 25 no esta bloqueado y los correos electrónicos pueden ser enviados a otros servidores.", - "diagnosis_mail_ougoing_port_25_blocked": "El puerto de salida 25 parece estar bloqueado. Intenta desbloquearlo con el panel de configuración de tu proveedor de servicios de Internet (o proveedor de halbergue). Mientras tanto, el servidor no podrá enviar correos electrónicos a otros servidores.", + "diagnosis_mail_outgoing_port_25_blocked": "El puerto de salida 25 parece estar bloqueado. Intenta desbloquearlo con el panel de configuración de tu proveedor de servicios de Internet (o proveedor de halbergue). Mientras tanto, el servidor no podrá enviar correos electrónicos a otros servidores.", "diagnosis_regenconf_allgood": "Todos los archivos de configuración están en linea con la configuración recomendada!", "diagnosis_regenconf_manually_modified": "El archivo de configuración {file} fue modificado manualmente.", "diagnosis_regenconf_manually_modified_details": "Esto este probablemente BIEN siempre y cuando sepas lo que estas haciendo ;) !", diff --git a/locales/fr.json b/locales/fr.json index f029a1d13..faf2837a3 100644 --- a/locales/fr.json +++ b/locales/fr.json @@ -551,7 +551,7 @@ "diagnosis_security_all_good": "Aucune vulnérabilité de sécurité critique n'a été trouvée.", "apps_catalog_init_success": "Système de catalogue d'applications initialisé !", "apps_catalog_failed_to_download": "Impossible de télécharger le catalogue des applications {apps_catalog}:{error}", - "diagnosis_mail_ougoing_port_25_blocked": "Le port sortant 25 semble être bloqué. Vous devriez essayer de le débloquer dans le panneau de configuration de votre fournisseur de services Internet (ou hébergeur). En attendant, le serveur ne pourra pas envoyer de courrier électronique à d'autres serveurs.", + "diagnosis_mail_outgoing_port_25_blocked": "Le port sortant 25 semble être bloqué. Vous devriez essayer de le débloquer dans le panneau de configuration de votre fournisseur de services Internet (ou hébergeur). En attendant, le serveur ne pourra pas envoyer de courrier électronique à d'autres serveurs.", "domain_cannot_remove_main_add_new_one": "Vous ne pouvez pas supprimer '{domain:s}' car il s'agit du domaine principal et de votre seul domaine. Vous devez d'abord ajouter un autre domaine à l'aide de 'yunohost domain add ', puis définir comme domaine principal à l'aide de ' yunohost domain main-domain -n ' et vous pouvez ensuite supprimer le domaine '{domain:s}' à l'aide de 'yunohost domain remove {domain:s}'.'", "diagnosis_security_vulnerable_to_meltdown_details": "Pour résoudre ce problème, vous devez mettre à niveau votre système et redémarrer pour charger le nouveau noyau Linux (ou contacter votre fournisseur de serveur si cela ne fonctionne pas). Voir https://meltdownattack.com/ pour plus d'informations.", "diagnosis_description_basesystem": "Système de base", diff --git a/tests/test_i18n_keys.py b/tests/test_i18n_keys.py index 0d5af33f6..20e9dd8a0 100644 --- a/tests/test_i18n_keys.py +++ b/tests/test_i18n_keys.py @@ -122,6 +122,13 @@ def find_expected_string_keys(): yield "password_listed" for i in [1, 2, 3, 4]: yield "password_too_simple_%s" % i + + checks = ["outgoing_port_25_ok", "ehlo_ok", "fcrdns_ok", + "blacklist_ok", "queue_ok", "ehlo_bad_answer", + "ehlo_unreachable", "ehlo_bad_answer_details", + "ehlo_unreachable_details", ] + for check in checks: + yield "diagnosis_mail_%" ############################################################################### # Load en locale json keys # From 55957d77b09386c48362590702a306029983fe9d Mon Sep 17 00:00:00 2001 From: ljf Date: Sun, 19 Apr 2020 00:52:28 +0200 Subject: [PATCH 02/11] [fix] Key queue_to_big --- data/hooks/diagnosis/24-mail.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/hooks/diagnosis/24-mail.py b/data/hooks/diagnosis/24-mail.py index 27903c9e9..608bfd931 100644 --- a/data/hooks/diagnosis/24-mail.py +++ b/data/hooks/diagnosis/24-mail.py @@ -192,7 +192,7 @@ class MailDiagnoser(Diagnoser): yield dict(meta={"test": "mail_queue"}, data={'nb_pending': pending_emails}, status="WARNING", - summary="diagnosis_mail_queue_too_many_pending_emails") + summary="diagnosis_mail_queue_too_big") else: yield dict(meta={"test": "mail_queue"}, data={'nb_pending': pending_emails}, From dae8adff4b21aaa74657ae317c9caf2b717ae42f Mon Sep 17 00:00:00 2001 From: ljf Date: Sun, 19 Apr 2020 01:02:30 +0200 Subject: [PATCH 03/11] [fix] rebase issue --- locales/en.json | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/locales/en.json b/locales/en.json index 63cef236b..3be85fd35 100644 --- a/locales/en.json +++ b/locales/en.json @@ -225,7 +225,8 @@ "diagnosis_description_mail": "Email", "diagnosis_description_regenconf": "System configurations", "diagnosis_description_security": "Security checks", - "diagnosis_ports_could_not_diagnose": "Could not diagnose if ports are reachable from outside. Error: {error}", + "diagnosis_ports_could_not_diagnose": "Could not diagnose if ports are reachable from outside.", + "diagnosis_ports_could_not_diagnose_details": "Error: {error}", "diagnosis_ports_unreachable": "Port {port} is not reachable from outside.", "diagnosis_ports_partially_unreachable": "Port {port} is not reachable from outside in IPv{failed}.", "diagnosis_ports_ok": "Port {port} is reachable from outside.", @@ -233,7 +234,8 @@ "diagnosis_ports_forwarding_tip": "To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config", "diagnosis_http_hairpinning_issue": "Your local network does not seem to have hairpinning enabled.", "diagnosis_http_hairpinning_issue_details": "This is probably because of your ISP box / router. As a result, people from outside your local network will be able to access your server as expected, but not people from inside the local network (like you, probably?). You may be able to improve the situation by having a look at https://yunohost.org/dns_local_network", - "diagnosis_http_could_not_diagnose": "Could not diagnose if domain is reachable from outside. Error: {error}", + "diagnosis_http_could_not_diagnose": "Could not diagnose if domain is reachable from outside.", + "diagnosis_http_could_not_diagnose_details": "Error: {error}", "diagnosis_http_ok": "Domain {domain} is reachable through HTTP from outside the local network.", "diagnosis_http_timeout": "Timed-out while trying to contact your server from outside. It appears to be unreachable.
1. The most common cause for this issue is that you did not correctly configure port forwarding for port 80.
2. Also make sure that the web server nginx is running
3. On more complex setups: make sure that a firewall or reverse-proxy is not interfering.", "diagnosis_http_connection_error": "Connection error: could not connect to the requested domain, it's very likely unreachable.", From 0ac1cfb31aea189c44671f3b889057c2e6c4c1cc Mon Sep 17 00:00:00 2001 From: ljf Date: Sun, 19 Apr 2020 01:04:02 +0200 Subject: [PATCH 04/11] [fix] rebase issue --- locales/en.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/locales/en.json b/locales/en.json index 3be85fd35..92067229f 100644 --- a/locales/en.json +++ b/locales/en.json @@ -225,7 +225,7 @@ "diagnosis_description_mail": "Email", "diagnosis_description_regenconf": "System configurations", "diagnosis_description_security": "Security checks", - "diagnosis_ports_could_not_diagnose": "Could not diagnose if ports are reachable from outside.", + "diagnosis_ports_could_not_diagnose": "Could not diagnose if ports are reachable from outside in IPv{ipversion}.", "diagnosis_ports_could_not_diagnose_details": "Error: {error}", "diagnosis_ports_unreachable": "Port {port} is not reachable from outside.", "diagnosis_ports_partially_unreachable": "Port {port} is not reachable from outside in IPv{failed}.", @@ -234,7 +234,7 @@ "diagnosis_ports_forwarding_tip": "To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config", "diagnosis_http_hairpinning_issue": "Your local network does not seem to have hairpinning enabled.", "diagnosis_http_hairpinning_issue_details": "This is probably because of your ISP box / router. As a result, people from outside your local network will be able to access your server as expected, but not people from inside the local network (like you, probably?). You may be able to improve the situation by having a look at https://yunohost.org/dns_local_network", - "diagnosis_http_could_not_diagnose": "Could not diagnose if domain is reachable from outside.", + "diagnosis_http_could_not_diagnose": "Could not diagnose if domain is reachable from outside in IPv{ipversion}.", "diagnosis_http_could_not_diagnose_details": "Error: {error}", "diagnosis_http_ok": "Domain {domain} is reachable through HTTP from outside the local network.", "diagnosis_http_timeout": "Timed-out while trying to contact your server from outside. It appears to be unreachable.
1. The most common cause for this issue is that you did not correctly configure port forwarding for port 80.
2. Also make sure that the web server nginx is running
3. On more complex setups: make sure that a firewall or reverse-proxy is not interfering.", From a7a0f93102b617f7a344498a496c3fbc5d84b09a Mon Sep 17 00:00:00 2001 From: ljf Date: Sun, 19 Apr 2020 01:05:36 +0200 Subject: [PATCH 05/11] [fix] rebase issue --- locales/en.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locales/en.json b/locales/en.json index 92067229f..8272fc86c 100644 --- a/locales/en.json +++ b/locales/en.json @@ -234,7 +234,7 @@ "diagnosis_ports_forwarding_tip": "To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config", "diagnosis_http_hairpinning_issue": "Your local network does not seem to have hairpinning enabled.", "diagnosis_http_hairpinning_issue_details": "This is probably because of your ISP box / router. As a result, people from outside your local network will be able to access your server as expected, but not people from inside the local network (like you, probably?). You may be able to improve the situation by having a look at https://yunohost.org/dns_local_network", - "diagnosis_http_could_not_diagnose": "Could not diagnose if domain is reachable from outside in IPv{ipversion}.", + "diagnosis_http_could_not_diagnose": "Could not diagnose if domains are reachable from outside in IPv{ipversion}.", "diagnosis_http_could_not_diagnose_details": "Error: {error}", "diagnosis_http_ok": "Domain {domain} is reachable through HTTP from outside the local network.", "diagnosis_http_timeout": "Timed-out while trying to contact your server from outside. It appears to be unreachable.
1. The most common cause for this issue is that you did not correctly configure port forwarding for port 80.
2. Also make sure that the web server nginx is running
3. On more complex setups: make sure that a firewall or reverse-proxy is not interfering.", From 91a07bdf08ee4eecdcb1734493fed31fccb7ecd3 Mon Sep 17 00:00:00 2001 From: ljf Date: Sun, 19 Apr 2020 01:07:06 +0200 Subject: [PATCH 06/11] [fix] tests i18n key --- tests/test_i18n_keys.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_i18n_keys.py b/tests/test_i18n_keys.py index 20e9dd8a0..c845a2e3e 100644 --- a/tests/test_i18n_keys.py +++ b/tests/test_i18n_keys.py @@ -128,7 +128,7 @@ def find_expected_string_keys(): "ehlo_unreachable", "ehlo_bad_answer_details", "ehlo_unreachable_details", ] for check in checks: - yield "diagnosis_mail_%" + yield "diagnosis_mail_%" % check ############################################################################### # Load en locale json keys # From 9d0074d71bb53f9a0ac6a6d28acf1a74aef7b521 Mon Sep 17 00:00:00 2001 From: ljf Date: Sun, 19 Apr 2020 01:15:21 +0200 Subject: [PATCH 07/11] [fix] tests i18n key --- tests/test_i18n_keys.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_i18n_keys.py b/tests/test_i18n_keys.py index c845a2e3e..7546f51aa 100644 --- a/tests/test_i18n_keys.py +++ b/tests/test_i18n_keys.py @@ -128,7 +128,7 @@ def find_expected_string_keys(): "ehlo_unreachable", "ehlo_bad_answer_details", "ehlo_unreachable_details", ] for check in checks: - yield "diagnosis_mail_%" % check + yield "diagnosis_mail_%s" % check ############################################################################### # Load en locale json keys # From 4686673bb52c6181cbed60105917cb32d9c43a3d Mon Sep 17 00:00:00 2001 From: ljf Date: Sun, 19 Apr 2020 02:30:23 +0200 Subject: [PATCH 08/11] [enh] Be able to disable ipv6 for smtp --- data/hooks/conf_regen/19-postfix | 3 ++- data/hooks/diagnosis/24-mail.py | 31 ++++++++++++++++++++++--------- locales/en.json | 9 ++++++--- src/yunohost/settings.py | 1 + 4 files changed, 31 insertions(+), 13 deletions(-) diff --git a/data/hooks/conf_regen/19-postfix b/data/hooks/conf_regen/19-postfix index 0f09f0299..172438f37 100755 --- a/data/hooks/conf_regen/19-postfix +++ b/data/hooks/conf_regen/19-postfix @@ -35,7 +35,8 @@ do_pre_regen() { > "${default_dir}/postsrsd" # adapt it for IPv4-only hosts - if [ ! -f /proc/net/if_inet6 ]; then + ipv6="$(yunohost settings get 'smtp.ipv6')" + if [ "$ipv6" == "False" ] || [ ! -f /proc/net/if_inet6 ]; then sed -i \ 's/ \[::ffff:127.0.0.0\]\/104 \[::1\]\/128//g' \ "${postfix_dir}/main.cf" diff --git a/data/hooks/diagnosis/24-mail.py b/data/hooks/diagnosis/24-mail.py index 608bfd931..022b24114 100644 --- a/data/hooks/diagnosis/24-mail.py +++ b/data/hooks/diagnosis/24-mail.py @@ -12,6 +12,7 @@ from moulinette.utils.filesystem import read_yaml from yunohost.diagnosis import Diagnoser from yunohost.domain import _get_maindomain, domain_list +from yunohost.settings import settings_get DEFAULT_DNS_BLACKLIST = "/usr/share/yunohost/other/dnsbl_list.yml" @@ -95,7 +96,8 @@ class MailDiagnoser(Diagnoser): yield dict(meta={"test": "mail_ehlo", "ipversion": ipversion}, data={"wrong_ehlo": r["helo"], "right_ehlo": self.ehlo_domain}, status="ERROR", - summary="diagnosis_mail_ehlo_wrong") + summary="diagnosis_mail_ehlo_wrong", + details=["diagnosis_mail_ehlo_wrong_details"]) def check_fcrdns(self): @@ -106,20 +108,30 @@ class MailDiagnoser(Diagnoser): """ for ip in self.ips: + if ":" in ip: + details = ["diagnosis_mail_fcrdns_nok_details", + "diagnosis_mail_fcrdns_nok_alternatives_6"] + else: + details = ["diagnosis_mail_fcrdns_nok_details", + "diagnosis_mail_fcrdns_nok_alternatives_4"] + try: rdns_domain, _, _ = socket.gethostbyaddr(ip) except socket.herror: yield dict(meta={"test": "mail_fcrdns", "ip": ip}, data={"ehlo_domain": self.ehlo_domain}, status="ERROR", - summary="diagnosis_mail_fcrdns_dns_missing") + summary="diagnosis_mail_fcrdns_dns_missing", + details=details) continue if rdns_domain != self.ehlo_domain: + details = ["diagnosis_mail_fcrdns_different_from_ehlo_domain_details"] + details yield dict(meta={"test": "mail_fcrdns", "ip": ip}, data={"ehlo_domain": self.ehlo_domain, "rdns_domain": rdns_domain}, status="ERROR", - summary="diagnosis_mail_fcrdns_different_from_ehlo_domain") + summary="diagnosis_mail_fcrdns_different_from_ehlo_domain", + details=details) def check_blacklist(self): @@ -210,12 +222,13 @@ class MailDiagnoser(Diagnoser): if global_ipv4: outgoing_ips.append(global_ipv4) - ipv6 = Diagnoser.get_cached_report("ip", {"test": "ipv6"}) or {} - if ipv6.get("status") == "SUCCESS": - outgoing_ipversions.append(6) - global_ipv6 = ipv6.get("data", {}).get("global", {}) - if global_ipv6: - outgoing_ips.append(global_ipv6) + if settings_get("smtp.ipv6"): + ipv6 = Diagnoser.get_cached_report("ip", {"test": "ipv6"}) or {} + if ipv6.get("status") == "SUCCESS": + outgoing_ipversions.append(6) + global_ipv6 = ipv6.get("data", {}).get("global", {}) + if global_ipv6: + outgoing_ips.append(global_ipv6) return (outgoing_ipversions, outgoing_ips) def main(args, env, loggers): diff --git a/locales/en.json b/locales/en.json index 8272fc86c..0fc9ca777 100644 --- a/locales/en.json +++ b/locales/en.json @@ -185,7 +185,7 @@ "diagnosis_swap_notsomuch": "The system has only {total} swap. You should consider having at least 256 MB to avoid situations where the system runs out of memory.", "diagnosis_swap_ok": "The system has {total} of swap!", "diagnosis_mail_outgoing_port_25_ok": "Outgoing port 25 is open, emails can be sent", - "diagnosis_mail_outgoing_port_25_blocked": "Outgoing port 25 appears to be bloecked in IPv{ipversion}", + "diagnosis_mail_outgoing_port_25_blocked": "Outgoing port 25 appears to be blocked in IPv{ipversion}", "diagnosis_mail_outgoing_port_25_blocked_details": "You should first try to unblock it in your internet service provider (or hosting provider) configuration panel or by sending a ticket to your hosting provider. Meanwhile, the server won't be able to send emails to other servers.", "diagnosis_mail_outgoing_port_25_blocked_relay_vpn": "Some providers won't let you unblock outgoing port 25 because they don't care about Net Neutrality.
- Some of them provide the alternative of using a mail server relay though it implies that the relay will be able to spy on your email traffic.
- A privacy-friendly alternative is to use a VPN *with a dedicated public IP* to bypass this kind of limits. See https://yunohost.org/#/vpn_advantage
- Finally, it's also possible to change of provider", "diagnosis_mail_ehlo_ok": "Postfix mail service answer correctly from outside", @@ -199,8 +199,11 @@ "diagnosis_mail_ehlo_could_not_diagnose_details": "Error: {error}", "diagnosis_mail_fcrdns_ok": "Your reverse DNS is well configured", "diagnosis_mail_fcrdns_dns_missing": "No reverse DNS defined for the ip {ip}", - "diagnosis_mail_fcrdns_dns_missing_details": "You can configure it on ", - "diagnosis_mail_fcrdns_different_from_ehlo_domain": "Your reverse DNS {rdns_domain} is different from your EHLO domain {ehlo_domain} on {ip}", + "diagnosis_mail_fcrdns_nok_details": "You should first try to configure the reverse DNS with {ehlo_domain} on your internet service provider (or hosting provider) config panel or by sending a ticket to your hosting provider. Meanwhile, some outgoing mails won't be delivered.", + "diagnosis_mail_fcrdns_nok_alternatives_4": "Some providers won't let you configure it or the feature is broken on their config panel. If you are experiencing some server refusing your email for this reason, you could try those solutions:
- Some ISP provide the alternative of using a mail server relay though it implies that the relay will be able to spy on your email traffic.
- A privacy-friendly alternative is to use a VPN *with a dedicated public IP* to bypass this kind of limits. See https://yunohost.org/#/vpn_advantage
- Finally, it's also possible to change of provider", + "diagnosis_mail_fcrdns_nok_alternatives_6": "Some providers won't let you configure it or the feature is broken on their config panel in IPv6. If your reverse DNS is ok in IPv4, you can try to disable the use of IPv6 to send mail by running yunohost settings set smtp.ipv6 -v off ; yunohost tools regen-conf postfix. Note: with this last solution you won't be able to send or received emails from the rare ipv6 only servers.", + "diagnosis_mail_fcrdns_different_from_ehlo_domain": "The reverse DNS is different from your EHLO domain on {ip}", + "diagnosis_mail_fcrdns_different_from_ehlo_domain_details": "Current reverse DNS: {rdns_domain}
Expected value: {ehlo_domain}", "diagnosis_mail_blacklist_ok": "IPs and domains used by this server to send mail are not on most used email blacklists", "diagnosis_mail_blacklist_listed_by": "{item} is blacklisted on {blacklist_name}", "diagnosis_mail_blacklist_reason": "The blacklist explains: {reason}", diff --git a/src/yunohost/settings.py b/src/yunohost/settings.py index 72477e4de..c016e0809 100644 --- a/src/yunohost/settings.py +++ b/src/yunohost/settings.py @@ -70,6 +70,7 @@ DEFAULTS = OrderedDict([ ("security.postfix.compatibility", {"type": "enum", "default": "intermediate", "choices": ["intermediate", "modern"]}), ("pop3.enabled", {"type": "bool", "default": False}), + ("smtp.ipv6", {"type": "bool", "default": True}), ]) From ed75108142840090b7dd6f249ad4e39ffac6000c Mon Sep 17 00:00:00 2001 From: ljf Date: Sun, 19 Apr 2020 02:32:15 +0200 Subject: [PATCH 09/11] [fix] Cache duration --- data/hooks/diagnosis/24-mail.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/hooks/diagnosis/24-mail.py b/data/hooks/diagnosis/24-mail.py index 022b24114..0c89fd7e0 100644 --- a/data/hooks/diagnosis/24-mail.py +++ b/data/hooks/diagnosis/24-mail.py @@ -20,7 +20,7 @@ DEFAULT_DNS_BLACKLIST = "/usr/share/yunohost/other/dnsbl_list.yml" class MailDiagnoser(Diagnoser): id_ = os.path.splitext(os.path.basename(__file__))[0].split("-")[1] - cache_duration = 0 + cache_duration = 12 * 3600 dependencies = ["ip"] def run(self): From e6f0091f59b37be9bc6c365da98b26e5c50d59f5 Mon Sep 17 00:00:00 2001 From: ljf Date: Sun, 19 Apr 2020 03:45:59 +0200 Subject: [PATCH 10/11] [fix] Rename ipv6 mail settings + desc --- data/hooks/conf_regen/19-postfix | 2 +- locales/en.json | 1 + src/yunohost/settings.py | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/data/hooks/conf_regen/19-postfix b/data/hooks/conf_regen/19-postfix index 172438f37..10076b680 100755 --- a/data/hooks/conf_regen/19-postfix +++ b/data/hooks/conf_regen/19-postfix @@ -35,7 +35,7 @@ do_pre_regen() { > "${default_dir}/postsrsd" # adapt it for IPv4-only hosts - ipv6="$(yunohost settings get 'smtp.ipv6')" + ipv6="$(yunohost settings get 'smtp.allow_ipv6')" if [ "$ipv6" == "False" ] || [ ! -f /proc/net/if_inet6 ]; then sed -i \ 's/ \[::ffff:127.0.0.0\]\/104 \[::1\]\/128//g' \ diff --git a/locales/en.json b/locales/en.json index 0fc9ca777..fc4726aed 100644 --- a/locales/en.json +++ b/locales/en.json @@ -312,6 +312,7 @@ "global_settings_setting_security_postfix_compatibility": "Compatibility vs. security tradeoff for the Postfix server. Affects the ciphers (and other security-related aspects)", "global_settings_unknown_setting_from_settings_file": "Unknown key in settings: '{setting_key:s}', discard it and save it in /etc/yunohost/settings-unknown.json", "global_settings_setting_service_ssh_allow_deprecated_dsa_hostkey": "Allow the use of (deprecated) DSA hostkey for the SSH daemon configuration", + "global_settings_setting_smtp_allow_ipv6": "Allow the use of IPv6 to receive and send mail", "global_settings_unknown_type": "Unexpected situation, the setting {setting:s} appears to have the type {unknown_type:s} but it is not a type supported by the system.", "good_practices_about_admin_password": "You are now about to define a new administration password. The password should be at least 8 characters long—though it is good practice to use a longer password (i.e. a passphrase) and/or to use a variation of characters (uppercase, lowercase, digits and special characters).", "good_practices_about_user_password": "You are now about to define a new user password. The password should be at least 8 characters long—though it is good practice to use a longer password (i.e. a passphrase) and/or to a variation of characters (uppercase, lowercase, digits and special characters).", diff --git a/src/yunohost/settings.py b/src/yunohost/settings.py index c016e0809..db94e7429 100644 --- a/src/yunohost/settings.py +++ b/src/yunohost/settings.py @@ -70,7 +70,7 @@ DEFAULTS = OrderedDict([ ("security.postfix.compatibility", {"type": "enum", "default": "intermediate", "choices": ["intermediate", "modern"]}), ("pop3.enabled", {"type": "bool", "default": False}), - ("smtp.ipv6", {"type": "bool", "default": True}), + ("smtp.allow_ipv6", {"type": "bool", "default": True}), ]) From 40141c84f39b1f17a387ca55aa4505046a729e3c Mon Sep 17 00:00:00 2001 From: ljf Date: Sun, 19 Apr 2020 03:55:50 +0200 Subject: [PATCH 11/11] [enh] Auto update postfix on smtp.allow_ipv6 change --- src/yunohost/settings.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/yunohost/settings.py b/src/yunohost/settings.py index db94e7429..c1edadb93 100644 --- a/src/yunohost/settings.py +++ b/src/yunohost/settings.py @@ -321,6 +321,7 @@ def reconfigure_ssh(setting_name, old_value, new_value): if old_value != new_value: service_regen_conf(names=['ssh']) +@post_change_hook("smtp.allow_ipv6") @post_change_hook("security.postfix.compatibility") def reconfigure_postfix(setting_name, old_value, new_value): if old_value != new_value: