It seems like https://github.com/stalwartlabs/mail-auth is a lot more powerful and useful. We probably want to move to that

There are currently seemingly 2 ways of connecting this to rspamd.

One being the milter proto and the other one using the http api. On first sight, the http one seems a lot nicer.

I asked about this in https://matrix.to/#/!tNuTutAsraCZsJFZOS:matrix.org/$kijaM-MAMgzHYcpBBhQwLteRbSFFNu3Om_pZBzt7Sew?via=matrix.org&via=midnightthoughts.space (their irc) what the best option is.

It probably makes sense to do this using some kind of modular trait thingy to be able to integrate alternatives too.

Double Public Key Signing Function Oracle Attack on ed25519-dalek

Versions of ed25519-dalek prior to v2.0 model private and public keys as
separate types which can be assembled into a Keypair, and also provide APIs
for serializing and deserializing 64-byte private/public keypairs.

Such APIs and serializations are inherently unsafe as the public key is one of
the inputs used in the deterministic computation of the S part of the signature,
but not in the R value. An adversary could somehow use the signing function as
an oracle that allows arbitrary public keys as input can obtain two signatures
for the same message sharing the same R and only differ on the S part.

Unfortunately, when this happens, one can easily extract the private key.

Revised public APIs in v2.0 of ed25519-dalek do NOT allow a decoupled
private/public keypair as signing input, except as part of specially labeled
"hazmat" APIs which are clearly labeled as being dangerous if misused.

See advisory page for additional details.

• https://www.rfc-editor.org/rfc/rfc6154.html

Currently we don't try tls which breaks sending to mailcow it seems.

A small web presence and maybe a (secured) demo email server over at https://erooster.email would be nice

Email clients that are known fully working

• None

Email clients known to be able to send emails

• k9mail
• thunderbird

Email clients known to display messages

• k9mail
• thunderbird

Software or providers that (tend to) accept our emails

• Google
• postfix with rspamd and postscreen
• onsite Exchange seems to work (sample set of 1 test both directions)

• Allow changing cert names
• Allow setting maildir path in config
• Prebuilt packages?
• Add a manpage

Sentry Issue: EROOSTER-3

Figure out what wants to call "MGLNDD" and figure out what "MGLNDD" is

Some benchmarks would be nice to find issues with and performance gains or regressions.

This is more a "cool to have" feature to add along the way and should be a compiletime flag.

Basically I receive lots of spam on my test instance. I was wondering if I can safely accept this.

The differences needed would be:

• It should pretend to accept stuff and behave like an open relay
• It should fully not compile the sending parts of the server to make sure this doesnt actually send emails ever.
• It should send things to rspamd
• It should log the content and requests to a file format on disk
• It should generate a list of shasums to check if we got it before.
  • The sum must be only over the body
  • If it is seen multiple times we record the target address among the previous attempt
• We should record the rspamd result
• We should auto commit new files to git
• We should have a way to send undetected things to rspamd to make sure they have learned this.

Sentry Issue: EROOSTER-7

[a0e520ad-5ed6-4d35-94f9-bf7ad861a4e9] Error sending email via tls on port 465: invalid peer certificate contents: invalid peer certificate: CertNotValidForName

webpki: CPU denial of service in certificate path building

When this crate is given a pathological certificate chain to validate, it will
spend CPU time exponential with the number of candidate certificates at each
step of path building.

Both TLS clients and TLS servers that accept client certificate are affected.

This was previously reported in
<briansmith/webpki#69> and re-reported recently
by Luke Malinowski.

rustls-webpki is a fork of this crate which contains a fix for this issue
and is actively maintained.

See advisory page for additional details.

It shouldn't be too hard to make logs and a jail for fail2ban :) It seems this currently attracts a lot of fuzzers and attackers. Banning them would be quite nice. In the future an integration with rspamd would be nice as well.

Currently, we have a dangling \r\n.\r\n in our mails. :) We should cut that away.

Marvin Attack: potential key recovery through timing sidechannels

Impact

Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key.

Patches

No patch is yet available, however work is underway to migrate to a fully constant-time implementation.

Workarounds

The only currently available workaround is to avoid using the rsa crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer is fine.

References

This vulnerability was discovered as part of the "Marvin Attack", which revealed several implementations of RSA including OpenSSL had not properly mitigated timing sidechannel attacks.

See advisory page for additional details.

Known todos:

• #12
• #13
• Make sure we don't crash the job if only one of the servers didn't like our email.
• dmarc (This is more something for the web interface to generate. I added it to my test setup now)
• spf (This is more something for the web interface to generate. I added it to my test setup now)
• dkim (we dont verify it at this stage)
• Use STARTTLS when sending
• dane
• arc
• Notify the user about the messages' status, similar to how postfix does
• Fix parser: Failed to parse fetch arguments: "Parsing Error: VerboseError { errors: [(\" RFC822.HEADER FLAGS)\", Char(')')), (\"(UID RFC822.SIZE RFC822.HEADER FLAGS)\", Context(\"fetch_arguments\"))] }" request was (UID RFC822.SIZE RFC822.HEADER FLAGS) (Turns out we got deprecated requests)

And likely more...

We seem to currently not make emails case insensitive. This should be fixed as it leads to issues.

Other mailservers add a Received header to the message when they receive the message. We should also do this.

In https://github.com/MTRNord/erooster/blob/main/src/smtp_servers/sending.rs#L316

The none case means we had no suffix. So we need to just return the string in that case instead of omitting it.

https://docs.rs/arc-swap/latest/arc_swap/index.html

Some docker files would be nice to make deployment easier.

For now only the server. Later also a docker compose for pg14, the server and then a Web interface

Having a Prometheus endpoint to easily discover issues would be nice. Also adds an easy way to monitor this.

A Webserver will be needed anyway for an api to manage this with later on.

Seems like thunderbird is quite unhappy with them. I am not sure what is going on there.

dotenv is Unmaintained

dotenv by description is meant to be used in development or testing only.

Using this in production may or may not be advisable.

Alternatives

The below may or may not be feasible alternative(s):

• dotenvy

See advisory page for additional details.

memmap is unmaintained

The author of the memmap crate is unresponsive.

Maintained alternatives:

• memmap2

See advisory page for additional details.

Hey, I was just looking through your code. I noticed that you have a verify_password function and a change_password function.

It would probably be more ideal from a security perspective if you called the verify_password function inside the change_password function. This will allow you to reuse your change_password function (when you start to implement multiple ways to access the system. I.e. Website, terminal, etc.) It'll prevent you from forgetting to add a verification into every implementation.

I noticed when you create a new user, you use the change_password function as well here:
https://github.com/MTRNord/erooster/blob/b7c1da4c3fba816b3fc25e94a92d2b7826b283ac/src/cmds/eroosterctl.rs#L270

If you wanted to refactor it you could add the password field to your add_user SQL query/function. then add in a current_password parameter to your change_password function, and then call verify_password inside change_password.
After all it makes more sense, since you aren't 'changing' a password that hasn't been set.

I hope that makes sense. This is an interesting project and I'd be happy to contribute if you're accepting PR's.

Tests are outdated again.

I think? Need to double check. It may explain the jumpy list in thunderbird.

https://www.rfc-editor.org/rfc/rfc8689.html

Requires Dane and Dnssec 1 2 3

ansi_term is Unmaintained

The maintainer has adviced this crate is deprecated and will not
receive any maintenance.

The crate does not seem to have much dependencies and may or may not be ok to use as-is.

Last release seems to have been three years ago.

Possible Alternative(s)

The below list has not been vetted in any way and may or may not contain alternatives;

• anstyle
• console
• nu-ansi-term
• owo-colors
• yansi

See advisory page for additional details.

Tracking issue for (known) stuff missing for K9mail to work:

• support the UID SEARCH command

Marvin Attack: potential key recovery through timing sidechannels

Impact

Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key.

Patches

No patch is yet available, however work is underway to migrate to a fully constant-time implementation.

Workarounds

The only currently available workaround is to avoid using the rsa crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer is fine.

References

This vulnerability was discovered as part of the "Marvin Attack", which revealed several implementations of RSA including OpenSSL had not properly mitigated timing sidechannel attacks.

See advisory page for additional details.

As per https://datatracker.ietf.org/doc/html/rfc2683#autoid-22 we should NOT have global UIDs. Instead they should be per mailbox (aka. folder)

Stage 1

• Build a cli
  • Allow creation of users
  • Allow deletion of users
  • Allow changing passwords
    • Allow changing passwords in already argon2 hashed form so that the admin doesn't know the password
  • Allow creation of aliases
  • Allow removal of aliases
  • Allow moving aliases

Stage 2

• Build a Web interface
• Port same features as cli has
• Allow multiple domains
• Allow dkim relevant things to be set up (see mailu)
• Allow users to change their own passwords.

Reference: mailu and mailcow.

mach is unmaintained

Last release was almost 4 years ago.

Maintainer(s) seem to be completely unreachable.

Possible Alternative(s)

These may or may not be suitable alternatives and have not been vetted in any way;

• mach2 - direct fork

See advisory page for additional details.

https://www.rfc-editor.org/rfc/rfc5530.html

It may be that we don't follow all the state checks yet. While this usually will just crash the connection, we should make sure to print proper errors in those cases instead.

serde_cbor is unmaintained

The serde_cbor crate is unmaintained. The author has archived the github repository.

Alternatives proposed by the author:

• ciborium
• minicbor

See advisory page for additional details.

Potential segfault in the time crate

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

The affected functions from time 0.2.7 through 0.2.22 are:

• time::UtcOffset::local_offset_at
• time::UtcOffset::try_local_offset_at
• time::UtcOffset::current_local_offset
• time::UtcOffset::try_current_local_offset
• time::OffsetDateTime::now_local
• time::OffsetDateTime::try_now_local

The affected functions in time 0.1 (all versions) are:

• at
• at_utc
• now

Non-Unix targets (including Windows and wasm) are unaffected.

Patches

Pending a proper fix, the internal method that determines the local offset has been modified to always return None on the affected operating systems. This has the effect of returning an Err on the try_* methods and UTC on the non-try_* methods.

Users and library authors with time in their dependency tree should perform cargo update, which will pull in the updated, unaffected code.

Users of time 0.1 do not have a patch and should upgrade to an unaffected version: time 0.2.23 or greater or the 0.3 series.

Workarounds

No workarounds are known.

References

time-rs/time#293

See advisory page for additional details.

• Add postgres dep
• Figure out how configs are supposed to work with flakes

Currently, this is maildir only.

We can provide a trait for example to abstract this in the future if someone wants to use some other backend for their mail.

We seem to not yet correctly parse the args for fetch:

Sentry Issue: EROOSTER-2

panic: Failed to parse fetch arguments: "Parsing Error: VerboseError { errors: [(\".PEEK[HEADER.FIELDS (From To Cc Bcc Subject Date Message-ID Priority X-Priority References Newsgroups In-Reply-To Content-Type Reply-To x-spamd-result x-spam-score x-rspamd-score x-spam-status x-mailscanner-spamcheck X-Spam-Flag x-spam-level)])\", Char(')')), (\"(UID RFC822.SIZE FLAGS BODY.PEEK[HEADER.FIELDS (From To Cc Bcc Subject Date Message-ID Priority X-Priority References Newsgroups In-Reply-To Content-Type Reply-To x-spamd-result x-spam-score x-rspamd-score x-spam-status x-mailscanner-spamcheck X-Spam-Flag x-spam-level)])\", Context(\"fetch_arguments\"))] }"
  File "panicking.rs", line 584, in rust_begin_unwind
  ?, in erooster::imap_commands::uid::Uid::exec::{{closure}}
  ?, in erooster::imap_commands::Data::parse::{{closure}}
  ?, in tokio::runtime::task::core::CoreStage<T>::poll
  ?, in tokio::runtime::task::harness::poll_future
...
(21 additional frame(s) were not displayed)

Currently, this is hard-tied into the Postgres db. It would be nice to allow multiple auth mechanisms to be added.

Based on: https://www.reddit.com/r/rust/comments/uyxxrg/comment/iaak1ls/?utm_source=share&utm_medium=web2x&context=3