simple-login / app Goto Github PK

https://medium.com/@harwoeck/password-and-credential-management-in-2018-56f43669d588#39ab

#195

Just did a fresh rebuild. Will post my SES setup later;

After the fresh build, my activation email had a bad activate url;

Templates contain divs with class="bg-white" and "introjs-tooltip". This breaks the dark theme.

grep -nri 'bg-white'
auth/templates/auth/fido.html:14:  <div class="bg-white p-6" style="margin: auto">
auth/templates/auth/mfa.html:10:  <div class="bg-white p-6" style="margin: auto">
dashboard/templates/dashboard/unsubscribe.html:11:  <div class="col-md-6 offset-md-3 text-center bg-white p-3 mt-5">
dashboard/templates/dashboard/lifetime_licence.html:10:  <div class="bg-white p-6" style="max-width: 60em; margin: auto">
dashboard/templates/dashboard/mfa_cancel.html:9:  <div class="bg-white p-6" style="max-width: 60em; margin: auto">
dashboard/templates/dashboard/custom_alias.html:11:  <div class="bg-white p-6 mt-5" style="max-width: 55em; margin: auto">
dashboard/templates/dashboard/mfa_setup.html:12:  <div class="bg-white p-6" style="max-width: 60em; margin: auto">
dashboard/templates/dashboard/directory.html:35:        <div class="pl-3 py-2 bg-white">
dashboard/templates/dashboard/billing.html:11:  <div class="bg-white p-6" style="max-width: 60em; margin: auto">
dashboard/templates/dashboard/fido_cancel.html:9:  <div class="bg-white p-6" style="max-width: 60em; margin: auto">
dashboard/templates/dashboard/fido_setup.html:14:  <div class="bg-white p-6" style="max-width: 60em; margin: auto">
oauth/templates/oauth/authorize_nonlogin_user.html:4:  <div class="bg-white p-6" style="margin: auto; max-width: 600px">

When I register a new user, the created_at time in account_activation is set to an hour back from current, and the expired time is set to current, so I can never get activated (without updating activated manually). I've tried setting TZ on all of the containers, changing the timezone in the VPS to UTC, all to no avail. Where are these times coming from?

Oh, and what's is_admin in the user table? Is there an admin interface?

You've made incredible progress on SL BTW, well done. I first came across it when you announced it on r/selfhosted, and it's come along by leaps and bounds since.

Please consider adding PayPal to your Sponsor button so I can add a once-off donation. I'm not ready to commit to monthly. :)

Seems like more recently, Simple login is attempting to forward to email to me AS the original sender.

With Amazon SES, this leads to message rejects, because I'm only authorized to send the email under my domain

Can we add something that maybe can disable this spoofing, if desired?

MESSAGE:
https://pastebin.com/rEzw5yrB

Any tips if my AWS IP appears on spamhaus blacklist?

Also, occasionally after a few emails forward, i start getting timeouts to googles smtp servers. Is there a fix for this?

.google.com[172.217.197.26]:25: Connection timed out
Jan 24 10:44:55 ip-172-31-59-45 postfix/smtp[19445]: connect to alt1.gmail-smtp-in.l.google.com[64.233.186.27]:25: Connection timed out
Jan 24 10:45:25 ip-172-31-59-45 postfix/smtp[19445]: connect to alt2.gmail-smtp-in.l.google.com[209.85.202.27]:25: Connection timed out
Jan 24 10:45:55 ip-172-31-59-45 postfix/smtp[19445]: connect to alt3.gmail-smtp-in.l.google.com[66.102.1.27]:25: Connection timed out
Jan 24 10:46:25 ip-172-31-59-45 postfix/smtp[19445]: connect to alt4.gmail-smtp-in.l.google.com[172.217.218.27]:25: Connection timed out

Hi,

just a quick question before I try to "mass-create" aliases (I need several hundred):
Do I need to add any artificial wait timeout between POST /api/alias/custom/new or can I send them "as fast as possible"?

Hello there, I'm looking at simple login and it looks solid, I would like to be able to create aliases programmatically and for this I was looking for such an API. Could you point me in the right direction?

Hey guys,

Not a critical priority thing here, but I am noticing what seems to be a very odd issue and I'm not sure if it's something I did wrong or can fix or what.

So initially when setting this up to try it out, I configured postfix to send outbound email via my Gmail SMTP relay, as historically this has worked well for me for other self hosted services.

While this worked, the problem became evident when I tried to send (outbound) via one of my created aliases. Because I'm claiming to send from '[email protected]' via my [email protected], Gmail sees this and doesn't like the spoofing and consequently puts a big yellow warning message saying "Be careful with this message. This may be a spoofed message. The message claims to have been sent from your account, but Gmail couldn't verify the actual source...".

So, I ended up reconfiguring the Postfix main config file SMTP settings so that outbound mail would be sent via a sendinblue SMTP account instead. And like that, outbound emails from any of my aliases actually looked as though then were from that address. So problem solved!

Until.....I now have noticed that every daily admin email sent out to my Gmail address is also showing that same exact 'possible spoof warning' notification. So it's almost as though my initial setup with Postfix SMTP relay via Gmail is still being remembered somehow by whatever process or whatever trigger the daily admin email. Am I crazy here? What could I be missing and/or what steps would you recommend following to try to get more details on this and/or steps to try to fix? Thank you!

I used an alias to sign up for the trello page to see your roadmap.

My server caught an error attempting to forward the email

Hello,

Great app but how do I set it so that when a random alias is created it uses my domain by default?

I will be following this project closely.

I was reading the privacy policy at https://simplelogin.io/privacy and thought some things might be better clarified.

Example: On the dashboard, you can see the activity of an Alias and on it you can see some metadata such as the date of the email forwarding, the sender and the recipient.

In addition to this data in the dashboard, there must surely be other data from postfix, nginx, etc.

So, since metadata is also important data, besides the content of the message itself, what is the way SimpleLogin handles this data? How is it stored? For how long? Is it deleted right after use? Who has access? Are they encrypted on your server? Is it possible to read the content of messages while they are in the postfix queue? How do the laws of the country where SimpleLogin works affect all this?

There are other things that could be detailed as well, like deleting an active account: will everything be deleted immediately? will any data still be stored?

What is SimpleLogin's PGP/GPG key? Who are the people who maintain this service? How financially sustainable is it?

A security page could also be created, explaining more details about how data is protected, STARTTLS, PFS, DNSSEC, MTA-STS, TLS-RPT, DMARC, SPF and DKIM, Security Headers, etc.

I think a better explanation of all this can make the service much more reliable.

btw, I saw that you recently added support for PGP encryption. This is a big step!

SQLite supports a limited subset of ALTER TABLE which does not include the ALTER COLUMN feature, this migration (and many others) will fail under SQLite engine:

I found no easy solution yet, except to manually write the migrations (yet it is a lot of work). For me, the best way is providing a SQL schema so people using SQLite can import directly into their database without using the migration from alembic, others may use the migration normally.

Hey,

mentioned my issue on reddit for anonaddy and since someone in simplelogins sub spoilered that pgp is comming i wanted to mention it here, too:
https://www.reddit.com/r/AnonAddy/comments/ffryws/how_do_you_use_anonaddy_relativly_new_and_not/

only sent some testmails on simplelogin, yet since using it with pgp wasn't there yet but i'm not bound to anonaddy, yet (only found both of you last week)

issue: when using a different alias with every website there is no easy way to check if for example i got an email from amazon if the adress it went to is the one i gave amazon or if someone else lost my mail and i got a fake phishingmail.

not sure how to solve this for simplelogin but perhaps put the name of the alias in front of the original subject? or if you add the same "replace subjectline" that anonaddy has replace it with aliasname?

as i said i'm not sure which one of you i will ultimatly go to( - or just have both for comparison :P) but that might be a quality of life feature ;)

Brand new install, even prior to certbot.

Just activated my account and set it to premium. I get a server error when attempting to create my first custom alias. Sentry info below;

AttributeError: 'NoneType' object has no attribute 'strip'
  File "flask/app.py", line 1832, in full_dispatch_request
    rv = self.dispatch_request()
  File "flask/app.py", line 1818, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "flask_login/utils.py", line 261, in decorated_view
    return func(*args, **kwargs)
  File "app/dashboard/views/custom_alias.py", line 49, in custom_alias
    current_user, alias_prefix, alias_suffix, user_custom_domains
  File "app/dashboard/views/custom_alias.py", line 81, in verify_prefix_suffix
    alias_suffix = alias_suffix.strip()

POST:

curl \
 -X POST \
 --compressed \
 -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3" \
 -H "Accept-Encoding: gzip, deflate" \
 -H "Accept-Language: en-US,en;q=0.9,es;q=0.8" \
 -H "Cache-Control: max-age=0" \
 -H "Connection: close" \
 -H "Content-Length: 11" \
 -H "Content-Type: application/x-www-form-urlencoded" \
 -H "Dnt: 1" \
 -H "Host: localhost:7777" \
 -H "Origin: http://mail.XXXXXXX.info" \
 -H "Referer: http://mail.XXXXX.info/dashboard/custom_alias" \
 -H "Upgrade-Insecure-Requests: 1" \
 -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36" \
 --data "prefix=dave" \
 "http://localhost:7777/dashboard/custom_alias"

Hi,

When I try to create on my self hosted solution a new Alias with my own letters/words, I always end up in:
"Server error, Looks like we are having some server issues..., We are notified and will look at this issue asap!".
However Random Aliases and UUIDs works fine.

I tried to narrow down the issue but I get stucked as well I also didn't found a helpful log file.
Do you observered a similar issue before?
Where is the best place to start debugging?
Any hints which I should try or can check?

Thanks

Sending a wrong method to an API endpoint results in a HTTP 500 with html content. (ex: GET to POST or POST to GET)

Traceback (most recent call last):
  File "/home/sibren/Proj/app/venv/lib/python3.7/site-packages/flask/app.py", line 1832, in full_dispatch_request
    rv = self.dispatch_request()
  File "/home/sibren/Proj/app/venv/lib/python3.7/site-packages/flask/app.py", line 1810, in dispatch_request
    self.raise_routing_exception(req)
  File "/home/sibren/Proj/app/venv/lib/python3.7/site-packages/flask/app.py", line 1793, in raise_routing_exception
    raise request.routing_exception
  File "/home/sibren/Proj/app/venv/lib/python3.7/site-packages/flask/ctx.py", line 336, in match_request
    self.url_adapter.match(return_rule=True)
  File "/home/sibren/Proj/app/venv/lib/python3.7/site-packages/werkzeug/routing.py", line 1785, in match
    raise MethodNotAllowed(valid_methods=list(have_match_for))
werkzeug.exceptions.MethodNotAllowed: 405 Method Not Allowed: The method is not allowed for the requested URL.

How can I update my SimpleLogin instance? I am searching through documentation how can I update it but I can't find anything about it...

(Sorry if this question seems a bit obvious to some, but I can't find how and I'm not familiar with docker).

I've started the process of upgrading to version 3.0.1, as I was previously running version 2.0.0 I planned to do it in the outlined steps.

First off I upgraded to 2.1.0 without issue, but it in the process of upgrading to 2.1.2 I've encountered this issue when hitting the dashboard.

2020-04-21 17:24:29,211 - sl - ERROR - 9 - server:296 - error_handler - (psycopg2.errors.UndefinedTable) relation "alias" does not exist
LINE 2: FROM client_user LEFT OUTER JOIN alias AS alias_1 ON alias_1...
                                         ^

[SQL: SELECT client_user.id AS client_user_id, client_user.created_at AS client_user_created_at, client_user.updated_at AS client_user_updated_at, client_user.user_id AS client_user_user_id, client_user.client_id AS client_user_client_id, client_user.alias_id AS client_user_alias_id, client_user.name AS client_user_name, client_user.default_avatar AS client_user_default_avatar, alias_1.id AS alias_1_id, alias_1.created_at AS alias_1_created_at, alias_1.updated_at AS alias_1_updated_at, alias_1.user_id AS alias_1_user_id, alias_1.email AS alias_1_email, alias_1.enabled AS alias_1_enabled, alias_1.custom_domain_id AS alias_1_custom_domain_id, alias_1.automatic_creation AS alias_1_automatic_creation, alias_1.directory_id AS alias_1_directory_id, alias_1.note AS alias_1_note, alias_1.mailbox_id AS alias_1_mailbox_id, client_1.id AS client_1_id, client_1.created_at AS client_1_created_at, client_1.updated_at AS client_1_updated_at, client_1.oauth_client_id AS client_1_oauth_client_id, client_1.oauth_client_secret AS client_1_oauth_client_secret, client_1.name AS client_1_name, client_1.home_url AS client_1_home_url, client_1.published AS client_1_published, client_1.user_id AS client_1_user_id, client_1.icon_id AS client_1_icon_id
FROM client_user LEFT OUTER JOIN alias AS alias_1 ON alias_1.id = client_user.alias_id LEFT OUTER JOIN client AS client_1 ON client_1.id = client_user.client_id
WHERE client_user.user_id = %(user_id_1)s]
[parameters: {'user_id_1': 1}]
(Background on this error at: http://sqlalche.me/e/f405)
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/sqlalchemy/engine/base.py", line 1246, in _execute_context
    cursor, statement, parameters, context
  File "/usr/local/lib/python3.7/site-packages/sqlalchemy/engine/default.py", line 581, in do_execute
    cursor.execute(statement, parameters)
psycopg2.errors.UndefinedTable: relation "alias" does not exist

I had a quick dig around in the codebase but come up short, I was under the impression the database only had changes between v2 to v3 but seemingly I've possibly done something wrong. Thanks!

https://github.com/jjmontesl/codenamize or some variant would be awesome for choosing email addresses.

That modification to the title is quite annoying. As you probably know, Gmail, Outlook, and some self-hosting mail servers such as mailcow support to forward their email to another address, which is pretty similar to how SL works. (Sender->Relay Addr->Actual Receiver).

However, they neither change the title of the email nor the displayed sender (i.e. they keep the original John Wick <[email protected]> instead of doing John Wick via Gmail Forwarding <[email protected]>). Why SL consider this modification is required?

Hi SL Team,

thanks for this great project and your high activity in supporting it.
Individual mails are a perfect thing.

I absolutely prefer your solution for login-mails to reduce spam and increased privacy.
Together with the self-hosting option to further more reduces mails which are routed over unknown server it’s a must have. 😉

However while I investigate the self-hosting option I faced some issues:

1. Mail server are hard to manage, need deep knowledge and running accessible for everybody in the internet.
   Mistakes can cause ugly behavior with worst case get hacked and act as on open mail relay.
2. As a private person which has usually a dynamic IP its tricky to get mails sent out without dieing in spam filters directly.
3. To host SL on a provider you need a bigger package to install everything what’s needed and risks are the same like 1)

For me and probably for a lot more people it would be a great option to run in a more secure and less offense environment. I also guess, that the majority will use a selfhosted SL server only for themselves.

My idea is, if a package is providable to run SL behind an existing mail server/service which comes together with your own domain. In this case SL could fetch the mails, progress it and send out over the according smtp to the final mailbox.

For this solution the important and critical stuff will be managed by professionals on the hoster site and the smart logic behind will be done by SL.

Do you think Is this possible and realizable?

However there are points and questions which I could not answer by myself:
If a (spam) mail receives SL server and the alias is blocked will it be "not accepted", "bounced" or "discarded"?

Thanks a lot an keep this project alive.

Likely because of this line in the source

Received: from [240.0.0.3] (unknown [240.0.0.3]) by mx1.simplelogin.co (Postfix) with ESMTP id 24C385C1F7

How are emails encrypted between the sender and simplelogin and between simplelogin and the forwarded address? Do you support DANE?

Some services add the header Content-Transfer-Encoding: quoted-printable to email and this breaks Thunderbird + Enigmail automatic decryption.

This bug was reported here
https://sourceforge.net/p/enigmail/forum/support/thread/47de861f44/#

Maybe SimpleLogin could remove it during forwarding?

There seems to be a bug in the iOS/ipadOS app. When I try to access the app via the share function in safari on ipad, the cancel button has no effect on the "create alias" window from simplelogin. I have to swipe the window down to close it.

Hello,

I just discovered your website from a recent post you made on DEV (Why we left AWS).

I must say, I am happy someone finally took the time to build a proper solution around the idea of "alias-per-website" email. I am even more glad you are French. So big kuddos to you!

It is actually something I have been doing for quite some time (5+ years), albeit more manually.

I have a domain registered at OVH, which comes with a basic MX Plan with up to 1000 aliases.

Right now, I have 438 aliases (yeah, I don't really clean up unused one, unless I start receiving spam through them).

I manage my aliases using the OVH API and a Python script (see Indigo744/ovh-manage-email-alias-python).

It works quite well. Alias creation is (usually) fast and I never missed an email.

However, the biggest downside is that I can't send mail from these aliases. So when I need to have a discussion with, let's say, a technical support for an online service, my original email is disclosed.

So your solution would allow me to continue as before, but with the added benefits of keeping my original email secure!

Now I'm wondering how I would migrate from OVH to your solution? With that amount of existing aliases, I really don't want to do it by hand.

I see two approaches:

1. Using a custom-made Python script as a bridge between the OVH API and your API
2. Using an import feature
   Like from a text file (one address per line, or CSV even)
   => this would be a feature request

Additionally, do you offer an export feature? I am always thinking for the long term (and the sustainability of a solution). So while I really wish you success, I want to be able to easily get all my current aliases from SimpleLogin (a CSV would suffice).

Thank your for your insight.

I seem to be struggling to send the activation email due to issues with the postgres db

Maillog

Jan 23 23:45:06 ip-172-31-59-45 postfix/trivial-rewrite[5669]: warning: connect to pgsql server localhost: could not connect to server: Connection refused??Is the server running on host "localhost" (127.0.0.1) and accepting??TCP/IP connections on port 5432??

root@ip-172-31-59-45:~# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                      NAMES
348d9e88da2c        simplelogin/app     "yacron -c /code/cro…"   4 days ago          Up 4 minutes                                   sl-cron
7933ea24f373        simplelogin/app     "python email_handle…"   4 days ago          Up 4 minutes        0.0.0.0:20381->20381/tcp   sl-email
58869fcb6dfd        simplelogin/app     "gunicorn wsgi:app -…"   4 days ago          Up 4 minutes        0.0.0.0:7777->7777/tcp     sl-app
fc73436f558a        postgres            "docker-entrypoint.s…"   4 days ago          Up 2 minutes        5432/tcp                   sl-db

root@ip-172-31-59-45:~# docker exec -it sl-db psql -U emailalias simplelogin
psql (12.1 (Debian 12.1-1.pgdg100+1))
Type "help" for help.

simplelogin=# SELECT domain FROM custom_domain WHERE domain='%s' AND verified=true UNION SELECT '%s' WHERE '%s' = 'XXXXXXX.info' LIMIT 1;
 domain
--------
(0 rows)

More postfix logs

root@ip-172-31-59-45:~# Jan 24 00:02:52 ip-172-31-59-45 postfix/smtpd[7722]: connect from unknown[1.1.1.4]
Jan 24 00:02:52 ip-172-31-59-45 postfix/trivial-rewrite[7151]: warning: connect to pgsql server localhost: could not connect to server: Connection refused??Is the server running on host "localhost" (127.0.0.1) and accepting??TCP/IP connections on port 5432??
Jan 24 00:02:52 ip-172-31-59-45 postfix/trivial-rewrite[7151]: warning: relay_domains: pgsql:/etc/postfix/pgsql-relay-domains.cf: table lookup problem
Jan 24 00:02:52 ip-172-31-59-45 postfix/trivial-rewrite[7151]: warning: relay_domains lookup failure
Jan 24 00:02:52 ip-172-31-59-45 postfix/trivial-rewrite[7151]: warning: relay_domains: pgsql:/etc/postfix/pgsql-relay-domains.cf: table lookup problem
Jan 24 00:02:52 ip-172-31-59-45 postfix/trivial-rewrite[7151]: warning: relay_domains lookup failure
Jan 24 00:02:52 ip-172-31-59-45 postfix/smtpd[7722]: NOQUEUE: reject: RCPT from unknown[1.1.1.4]: 451 4.3.0 <[email protected]>: Temporary lookup failure; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[1.1.1.4]>
Jan 24 00:02:52 ip-172-31-59-45 postfix/smtpd[7722]: lost connection after RSET from unknown[1.1.1.4]
Jan 24 00:02:52 ip-172-31-59-45 postfix/smtpd[7722]: disconnect from unknown[1.1.1.4] ehlo=1 mail=1 rcpt=0/1 rset=1 commands=3/4

When you change your email address in your account settings the old one will still be registered as an active account however you can't sign in to it.

I encountered this issue when I was trying to change my email address back after mistakenly changing it to the wrong one. I'm just told that the email address I'm trying to change to is already registered with an account however when I go to reset the password to that account I don't receive any emails.

Maybe I'm missing something, but I was expecting something like a block button to no longer forward emails from that address.

When I see the list of emails that have been forwarded for that alias (web and app) I'd like to be able to click that email and get options for this sender, especially the option to block further mails (e.g. newsletters).

At the moment it is not clear to me how any emails can be blocked or what would increase the Email blocked counter.

I tried to send a test mail to self-hosted SimpleLogin, but python email_handler.py report an error as below:

May  3 17:59:49 exch mail.sh[3138]: 2020-05-04 00:59:49,460 - sl - DEBUG - 3138 - email_handler:860 - handle_DATA - ===>> New message, mail from [email protected], rctp tos ['[email protected]']
May  3 18:00:21 exch mail.sh[3138]: SMTP session exception
May  3 18:00:21 exch mail.sh[3138]: Traceback (most recent call last):
May  3 18:00:21 exch mail.sh[3138]:   File "/srv/sl/.pyenv/versions/3.7.7/lib/python3.7/site-packages/aiosmtpd/smtp.py", line 315, in _handle_client
May  3 18:00:21 exch mail.sh[3138]:     await method(arg)
May  3 18:00:21 exch mail.sh[3138]:   File "/srv/sl/.pyenv/versions/3.7.7/lib/python3.7/site-packages/aiosmtpd/smtp.py", line 690, in smtp_DATA
May  3 18:00:21 exch mail.sh[3138]:     status = await self._call_handler_hook('DATA')
May  3 18:00:21 exch mail.sh[3138]:   File "/srv/sl/.pyenv/versions/3.7.7/lib/python3.7/site-packages/aiosmtpd/smtp.py", line 122, in _call_handler_hook
May  3 18:00:21 exch mail.sh[3138]:     status = await hook(self, self.session, self.envelope, *args)
May  3 18:00:21 exch mail.sh[3138]:   File "email_handler.py", line 867, in handle_DATA
May  3 18:00:21 exch mail.sh[3138]:     smtp = SMTP(POSTFIX_SERVER, 25)
May  3 18:00:21 exch mail.sh[3138]:   File "/srv/sl/.pyenv/versions/3.7.7/lib/python3.7/smtplib.py", line 251, in __init__
May  3 18:00:21 exch mail.sh[3138]:     (code, msg) = self.connect(host, port)
May  3 18:00:21 exch mail.sh[3138]:   File "/srv/sl/.pyenv/versions/3.7.7/lib/python3.7/smtplib.py", line 336, in connect
May  3 18:00:21 exch mail.sh[3138]:     self.sock = self._get_socket(host, port, self.timeout)
May  3 18:00:21 exch mail.sh[3138]:   File "/srv/sl/.pyenv/versions/3.7.7/lib/python3.7/smtplib.py", line 307, in _get_socket
May  3 18:00:21 exch mail.sh[3138]:     self.source_address)
May  3 18:00:21 exch mail.sh[3138]:   File "/srv/sl/.pyenv/versions/3.7.7/lib/python3.7/socket.py", line 728, in create_connection
May  3 18:00:21 exch mail.sh[3138]:     raise err
May  3 18:00:21 exch mail.sh[3138]:   File "/srv/sl/.pyenv/versions/3.7.7/lib/python3.7/socket.py", line 716, in create_connection
May  3 18:00:21 exch mail.sh[3138]:     sock.connect(sa)
May  3 18:00:21 exch mail.sh[3138]: TimeoutError: [Errno 110] Connection timed out

Anyone can tell me what's wrong?

A few sites offer the option to encrypt emails with your public key, such as Github, so encryption in SimpleLogin is not required.

Creating a new mailbox in SL, adding the github alias to it (or moving the existing one) and not enabling encryption would be a solution, but it is not possible to create a mailbox with an email address that is already in use. So it would be necessary to create another one with a different email address, and also create a new key pair. Well, I don't think that would be the best way to solve this.

So, something like a bypass for some aliases in a mailbox that has public key encryption enabled would be an option to solve this. What do you think? Is that possible to implement? Any other suggestions?

Well, I use firefox with ghacks-user.js and the clipboard is disabled for security reasons, as explained here: Block websites from reading or modifying Clipboard contents in Firefox
.

And the only option of copy the API is with this function that was disabled.

Of course this is not a bug with simplelogin, but it would be ideal to have another option to copy that key.

Hey guys,

I'm getting the following error after attempting to deploy this and trying to create an account or send a password reset email:

Server error
Looks like we are having some server issues...

We are notified and will look at this issue asap!

No other info that I can find. Any thoughts as to how I can go about troubleshooting this? I followed all of the instructions...the only difference in my setup is that I'm trying to deploy this behind a reverse proxy, but I've made it so that "app.mydomain.com" successfully allows me to reach the SL login page so I think that part should be fine. Any suggestions? Thanks!

EDIT: I managed to pull logs from the mail app docker container, and here is what they say. Unfortunately I still don't know what they mean. Any thoughts?

`2020-01-19 23:54:28,947 - sl - DEBUG - 8 - server:226 - after_request - 192.168.1.25 GET /auth/forgot_password ImmutableMultiDict([]) 200

2020-01-19 23:54:30,378 - sl - DEBUG - 9 - email_utils:168 - send_email - message-id 157947807037.9.18242150938864440985@63bb1ff3494a

2020-01-19 23:54:30,383 - sl - DEBUG - 9 - email_utils:172 - send_email - Date header: Sun, 19 Jan 2020 23:54:30 -0000

2020-01-19 23:54:30,487 - sl - ERROR - 9 - server:285 - error_handler - {'[email address redacted]': (451, b'4.3.0 <[email address redacted]>: Temporary lookup failure')}

Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1832, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1818, in dispatch_request
return self.view_functionsrule.endpoint
File "/code/app/auth/views/forgot_password.py", line 27, in forgot_password
send_reset_password_email(user)
File "/code/app/dashboard/views/setting.py", line 193, in send_reset_password_email
email_utils.send_reset_password_email(user.email, user.name, reset_password_link)
File "/code/app/email_utils.py", line 60, in send_reset_password_email
"reset-password.html", name=name, reset_password_link=reset_password_link
File "/code/app/email_utils.py", line 180, in send_email
smtp.sendmail(SUPPORT_EMAIL, to_email, msg_raw)
File "/usr/local/lib/python3.7/smtplib.py", line 881, in sendmail
raise SMTPRecipientsRefused(senderrs)
smtplib.SMTPRecipientsRefused: {'[email address redacted]': (451, b'4.3.0 <[email address redacted]>: Temporary lookup failure')}

2020-01-19 23:54:30,489 - sl - DEBUG - 9 - server:226 - after_request - 192.168.1.25 POST /auth/forgot_password ImmutableMultiDict([]) 500
`

EDIT: Managed to get the above figured out through a lot of digging...I had to modify the Postgres command to include '-p 5432:5432' parameter otherwise for some reason Postfix wasn't able to connect to it.

One more question now - is it possible to remove the "chat" or "cat" or "meo" or etc. before "@domainname.com" in aliases? Forgive me if this is a noobish question, but what is the purpose of this? Thanks!

Currently there's a strict MX priority requirement for:
mx1.simplelogin.co - 10
mx2.simplelogin.co - 20

I don't think it matters what priorities these are, only that mx1 has a lower priority than mx2, this priority requirement should be removed.

On the custom domain summary and details page, the number of aliases is woefully less than my actual count of aliases. I logged out and logged in and the count doesn't change.

thanks for a great service!

I tried to use simplelogin.io and self-hosted version and got the same result. I can receive email confirmation message but not emails from simple login aliases. Everything works well if I use yandex mail as mailbox for simple login. Also I tried to setup email forwarding from yandex mail to Gmail and this way I cannot receive emails from simple login alias at my Gmail inbox.

I have installed an instance of simplelogin and I have realized that the links in the onboarding messages point to app.simplelogin.io and not my own instance.

Is it possible to change that ? And is it possible to add a parameter to deactivate completely onboarding email?

Thank you for this great project!

You guys are doing a great job. I wish I found this project earlier.

Just a small question, why not run postfix in a container ?

I just want to dockerise all the services, I don't want to install any service on my docker host.

I already run my own SMTP server I don't really want to have to fire up a second one when I already have one working quite well is there a way to do this where I can just use that?

I'd like to disable registration

Are there any plans for supporting the WebAuthn?

I'd like to be able to (automatically) clear the logs of all the emails that have been forwarded.
Ideally I'd be able to do it both manually (for example the flush logs function in pihole) and automatically, such as delete all logs that are older than 7 days.

i.e. instead of store contact information on the server (which could be riskful), what about use some special patterns to translate the reply address(s) to the actual contact address?

For example, let's say [email protected] -> [email protected], instead of store [email protected] in DB and create a key for it, we may use: reply-to={a-mail-box#example.com}[email protected]as reply address and just parse original address from it.

By doing that, we don't need to store contacts anymore, and users may create a reply addresses on-the-fly (just construct an address according to the format).

Can we not throw an exception for when someone attempts to send an email to an alias we've previously deleted?

Hey guys...I filed an issue in the extension repo but wondering if this wasn't a better place possibly for it due to being able to look through server logs or something...but I'm honestly not sure how to troubleshoot this one. The browser extension used to work, and then out of nowhere it seemingly just stopped working. I can access the SL web UI perfectly fine both internal or external.

However, generating an API key and applying the custom URL and key to the extension results in the error in the title. Oddly enough, if I click "Manage Aliases" in the lower left corner, I get directed the the https://[my_url]/dashboard/ URL but the page says:

You need to login to see this page.
We are sorry but you are not authorized to access this page.

If I then click "Login", I can log in successfully and see the dashboard. If I then re-click on the extension and re-click on "Manage Aliases", a new tab opens up to the same https://[my_url]/dashboard/ which results in the same error message and the cycle can repeat itself indefinitely. Nothing has really changed on my end configuration wise, don't know why this would have suddenly stopped working.

Having an older version of SL I tried updating to the latest, but that unfortunately didn't resolve the issue either.

I should also note that if I log in at https://[my_url]/ and then open a new tab and attempt to go to https://[my_url]/ again, it automatically shows me as logged in, etc. So it's not a new-tab related issue or anything like that. It's like the extension just stopped communicating with my instance. This also happens locally and remotely, across different browsers, in or out of incognito mode, etc. I even tried blowing everything away - docker images, containers, volumes, etc. and recreating everything from scratch - same result. What could I be missing and how could I troubleshoot this? Any thoughts? Thanks!

EDIT:

I configured my application on SimpleLogin and I configured rocket chat with the oauth2 settings from this site. When I click the login button on my rocket chat dire, I'm redirected to SimpleLogin, but I'm immediately redirected back to rocket chat with the error:

"No matching login attempt found"

I'm really not sure how to proceed with this. Any suggestions appreciated.

When replying to an email received via an alias, most email clients will quote the email at the bottom.
This will contain the reverse alias:

On DATE, NAME - local at domain.tld [email protected] wrote:

When replying the original sender will see this in the email body and see you're using simplelogin. Might it be an idea to find and replace '[email protected]' with the corresponding destination, (and perhaps even remove the email part next to the name) in the email body?

1. Receive email from '[email protected]' on alias (without name)

From: none via SimpleLogin
 <[email protected]>

(Maybe also display the email here)
2. Reply to reverse alias from mailbox
3. Resulting email to '[email protected]' will not contain a 'To:' header

Mon, 11 May 2020 12:29:42 +0200 (CEST)
Subject: Test2
From: [email protected]

test