iRedAPD icon indicating copy to clipboard operation
iRedAPD copied to clipboard

Published 20 hours ago verified publisher icon iredmail

ANN: We're working on a new milter program to replace iRedAPD

Open iredmail opened this issue 3 years ago • 25 comments
trafficstars

Dear all,

Just want to share with you that we're developing a new milter program to replace iRedAPD, so don't feel sad if not many commits here.

Why?

iRedAPD doesn't get full email message (headers + body), hence it cannot do advanced access control based on info in headers and body. But milter can do this.

More details

  • The milter program is written in Golang programming language.
    • The final program is only one binary file, very easy to deploy and upgrade.
    • It's expected to run faster than iRedAPD.
  • All iRedAPD plugins will be implemented in first stable release (v1.0).
  • Source code will be published when v1.0 is out, all further development will be open source too.
  • We accept requests for paid plugin development too.

If you need some new features which are not yet implemented in iRedAPD, reply below to let us know. :)

Updates

  • Aug 9: finished milter framework, still tune it and start porting iRedAPD plugins.

TODO

  • Plugins:
    • [x] amavisd_wblist
    • [x] greylisting
    • [x] ldap_force_change_password
    • [x] ldap_maillist_access_policy
    • [x] reject_null_sender. Aug 9.
    • [x] reject_sender_login_mismatch
    • [ ] senderscore
    • [x] sql_alias_access_policy
    • [x] sql_force_change_password
    • [x] sql_ml_access_policy
    • [x] throttle
    • [x] wblist_rdns
    • [ ] whitelist_outbound_recipient
    • ~reject_to_hostname~ [Removed in milter]

iredmail avatar Aug 09 '22 11:08 iredmail

Feature requests: -Full DKIM/SPF -Compliant ARC support -DMARC: handle sending of dmarc responses -Proper functioning of throttling & such when combined with Dovecot Submission (needed for BURL & such) (see: https://doc.dovecot.org/admin_manual/submission_server/)

gizahNL avatar Aug 25 '22 08:08 gizahNL

Thanks @gizahNL.

  • First stable release of this milter program will just offer same features as iRedAPD.
  • DKIM signing / verification, SPF verification, ARC support, DMARC, all these are on our todo list, but each may take some time.

iredmail avatar Aug 26 '22 11:08 iredmail

Request from iRedMail forum: Add Warning/Disclaimer to all email from external domains

  • multi-lang support

iredmail avatar Aug 27 '22 01:08 iredmail

Block clients based on country (GeoIP).

iredmail avatar Sep 16 '22 04:09 iredmail

I don't know if milter is responsible to things like replacing body or adding disclaimers, because having any alternative a bit modern to altermime, witch can add better the disclaimers or edit content... can be great (For example, companies wanting that below signature has to be any image and not below all message, and so on..) altermime at basic funcionality works but I think is somewhat basic

kprkpr avatar Sep 28 '22 14:09 kprkpr

I don't know if milter is responsible to things like replacing body or adding disclaimers

Yes this is what milter can do.

iredmail avatar Sep 29 '22 02:09 iredmail

Could the database primary keys be UUID, or some other machine-specific unique value such as snowflakeid? This would help make high-availability setups more achievable.

thinkwelltwd avatar Nov 23 '22 00:11 thinkwelltwd

SQL high-availability (multi-master) cluster should avoid this issue internally. :)

iredmail avatar Nov 23 '22 07:11 iredmail

SQL high-availability (multi-master) cluster should avoid this issue internally. :)

Yes, PKs are indeed internal, and Multi Master is an internal detail.

Designing the new database schema with HA in mind is what I'm driving at. Sequences are one of the hard problems with HA and force database replication to be synchronous. Avoiding primary key sequences will make HA / MultiMaster options much more flexible.

Edit:

Here's an example ticket from cockroachdb (largely compatible with postgres) warning that sequences are slower than UUIDs.

Also, on yugabyte (distrbuted SQL db based on postgres), the xCluster limitations for multi-master recommend UUIDs and avoiding sequences.

thinkwelltwd avatar Nov 23 '22 12:11 thinkwelltwd

MySQL doesn't have column type "uuid", if we store uuid as string in MySQL, it's much slower than BIGINT (as primary key).

iredmail avatar Nov 24 '22 07:11 iredmail

I'm not advocating for UUID specifically; but rather a non-sequential value with uniqueness properties that make it suitable for generating values on multiple systems.

I'd be well satisfied with snowflakeid, as I'd mentioned in my original post. snowflakeid is stored as bigint, and could be generated in application code, or as a database function.

thinkwelltwd avatar Nov 24 '22 13:11 thinkwelltwd

Feature request: Add a warning text at the beginning of message body if email is sent from external user.

iredmail avatar Dec 07 '22 15:12 iredmail

Feature request: SRS.

iredmail avatar Jan 29 '23 04:01 iredmail

Hello,

Do you have updates and the release schedule on this project?

Thank you

donatid avatar Feb 12 '23 09:02 donatid

  • Our focus was shifted to the new product (iRedMail Pro[1]) when the milter was about 80% done, now the new product is 70% done.
  • We will work out a milter program without any iRedAPD plugins first in about 2 months - since iRedAPD works well and no rush to replace it.

[1] https://docs.iredmail.org/pro.html

iRedMail Pro will combine all features offered by classical shell-based iRedMail installer, iRedMail Easy platform, and iRedAdmin-Pro. All features of iRedMail installer and iRedMail Easy (except support tickets) are 100% done.

iredmail avatar Feb 12 '23 14:02 iredmail

Thanks for the explanation. I can't wait for the new milter apps.

donatid avatar Feb 13 '23 01:02 donatid

Sounds really great. I also switched to golang for some tools :smile: https://github.com/git001/caddyv2-upload .
Happy to help if needed

Let me add a plugin request here for the future:
MTA-STS Resolver something like https://github.com/Snawoot/postfix-mta-sts-resolver

git001 avatar Apr 11 '23 11:04 git001

Hello, wandering what is the timeline of the SRS milter program. We have another problem. With SRS checks enabled, we get SPF fails in spamassassin: FORGED_SPF_HELO=1 SPF_FAIL=0.001 (manually lowered the score)

But it should pass: Received-SPF: Pass (protection.outlook.com: domain of domain.si designates 195.245.xxx.xxx as permitted sender) receiver=protection.outlook.com; client-ip=195.245.xxx.xxx; helo=mail.domain.si; pr=C

Quite a lot of legal messages are going into SPAM, and customers are getting annoyed. Because we have a lot of forwarding emails, we cannot disable SRS. Thank you for checking this one. T

l00v3 avatar Jun 08 '23 09:06 l00v3

Hello @iredmail, are there any news on this?

l00v3 avatar Sep 20 '23 09:09 l00v3

Preparing to release milter with just one plugin "reject_forged_sender" in first stable version.

Since iRedAPD is working fine, we tend to replace it slowly to save our time.

let me know if you want to help test it.

iredmail avatar Sep 20 '23 12:09 iredmail

I don't want to be rude or anything, and I know you have a lot of work, but shouldn't this be a quite high priority? And yes, I can help test it. Also we have @249 issue since the beginning.

l00v3 avatar Apr 03 '24 08:04 l00v3

We're busy working on the iRedMail Enterprise Edition (EE) (https://www.iredmail.org/ee.html), and v1.0-beta3 is out today. You can give it a try if you're interested. https://docs.iredmail.org/install.iredmail.enterprise.html

iRedMail EE combines iRedMail installer + iRedMail Easy platform + iRedAdmin-Pro in one single binary, it's the highest priority.

We will try to finish this milter after iRedMail EE 1.0 stable release. Sorry about this.

iredmail avatar Apr 03 '24 08:04 iredmail

Is the new Milter to replace iredAPD on track for release in 2024

jfwelstead avatar May 30 '24 20:05 jfwelstead