Date | Commit message (Collapse) |
|
SpamAssassin often misses messages which contain viruses,
so ClamAV should fill that gap nicely.
|
|
Unfortunately, people screw up addresses enough and
for this to be a real problem.
|
|
|
|
This will allow users to run importers off existing mail
accounts where they may not have access to run -mda.
Currently, we only support Maildirs, but IMAP ought to be
doable.
|
|
We will scrub for importing archives, so ensure it is usable
outside of the delivery routine.
|
|
Disable this since we handle imperfect data from
an imperfect world.
|
|
Apparently, it's possible to have read-only bodies in
Email::MIME objects. Haven't gotten a chance to reliably
reproduce it, though...
|
|
Followup-to: 1365e185d817cdc2de04968c37f597d92226a13b
("view: inline message reply into message view")
|
|
We no longer scrub content, and instead reject things by
default. Further reduce mentions of ssoma and minor formatting
tweaks.
|
|
Debian 8.5 is out and fixes the Xapian corruption bug, so
no need to recommend jessie-backports anymore.
ref: https://www.debian.org/News/2016/20160604
|
|
We'll show a nasty warning in the UI instead of triggering
a perl warning about an undefined variable.
|
|
It should be possible to serve the contents of a public-inbox
over NNTP but not HTTP.
|
|
Oops, maybe this could be auto-maintained somehow...
|
|
This removes the Email::Filter dependency as well as the
signature-breaking scrubber code. We now prefer to
reject unacceptable messages and grudgingly (and blindly)
mirror messages we're not the primary endpoint for.
|
|
This is transactional and hopefully safer in case we hit SIGSEGV
or SIGKILL during processing, as the tmp/ copy will remain on
the FS even if DESTROY/END handlers are not called.
|
|
This filter API should be independent of Email::Filter and
hopefully less intrusive to long running processes.
|
|
Email::Filter doesn't offer any functionality we need, here;
and our dependency on Email::Filter will gradually be removed
since it (and Email::LocalDelivery) seem abandoned and we
can have more-fine-grained control by rolling our own Maildir
delivery which can work transactionally.
|
|
Remove mbox tests since mbox is unreliable due to raciness
and incompatible implementations. We will drop support for
mbox emergency destinations, soon.
|
|
Totally unnecessary...
|
|
We'll be relying on our spawn implementation, for now;
since it'll be consistent with the rest of our code and
can optionally take advantage of vfork.
|
|
Since ssoma is optional, here, IPC::Run shall also be optional.
(And it may be removed entirely in the future).
|
|
We still pull it in via Email::LocalDelivery, but that
dependency will go away, soon.
|
|
Or whatever the appropriate Perl terminology, is...
And we will need to do something appropriate for other
encodings, too. I still barely understand Perl Unicode
despite attempting to understand the docs over the years..
|
|
For our daemons, killing only the master process is enough.
Killing the entire control group (as done by default in
systemd) may cause subprocesses such as git to shut down
unexpectedly.
Having systemd kill workers directly will also cause an
immediate shutdown since the master would've already signaled
the workers; and workers will die after two shutdown requests.
|
|
We need to ensure we show the message body ASAP since
the thread generation via Xapian could take a while
and maybe even raise an exception or crash.
|
|
Since our daemons are built to take advantage of socket activation,
provide example files to allow systems administrators to hit the
ground running with systemd.
Example init files for other systems greatly appreciated.
|
|
They're effectively noops anyways, and we don't want to be
holding a reference to the read end of the parent pipe.
|
|
Otherwise, URLs can be crafted to inject HTML.
|
|
Thanks to Let's Encrypt and getssl, we can afford to have
HTTPS for our own hosting, and www.gnu.org has been accessible
over HTTPS for a long while.
While we're at it, update the copyright years, too.
|
|
Oops, pesky users of single-character email addresses!
|
|
This makes unsubscribing easier and frictionless.
|
|
We don't want people following links from archivers and
breaking archival.
|
|
* unsubscribe:
unsubscribe.milter: use default postfork dispatcher
unsubscribe: prevent decrypt from showing random crap
examples/unsubscribe-psgi@.service: disable worker processes
unsubscribe: bad URL fixup
unsubscribe: get off mah lawn^H^H^Hist
|
|
While we may end up mirroring lists which allow HTML mail,
encourage plain-text for compatibility since all current
inboxes we host are text-only.
|
|
Oops, needless waste of space.
|
|
Oops :x Add an additional test for live data for any
unprintable characters, too, since this could be a dangerous
source of HTML injection.
|
|
This should reduce link following for replies and improve
visibility. This should also reduce cache overhead/footprint
for crawlers.
|
|
Oops, this quiets down a warning seen in logs.
|
|
No need to duplicate the string when transforming it;
learned from studying SpamAssassin 3.4.1
|
|
We cannot let a client monopolize the single-threaded server
even if it can drain the socket buffer faster than we can
emit data.
While we're at it, acknowledge the this behavior (which happens
naturally) in httpd/async.
The same idea is present in NNTP for the long_response code.
This is the HTTP followup to:
commit 0d0fde0bff97 ("nntp: introduce long response API for streaming")
commit 79d8bfedcdd2 ("nntp: avoid signals for long responses")
|
|
User input is imperfect, do not pollute our mail logs with
warnings we cannot fix. This is documented in the
Email::MIME::ContentType manpage so it should remain supported.
|
|
Still a work in progress, but SearchView no longer depends
on Plack::Request at all and Feed is getting there.
We now parse all query parameters up front, but we may do
that lazily again in the future.
|
|
Accessing $env directly is faster and we will eventually
remove all Plack::Request dependencies.
|
|
Plack::Request is unnecessary overhead for this given the
strictness of git-http-backend. Furthermore, having to make
commit 311c2adc8c63 ("avoid Plack::Request parsing body")
to avoid tempfiles should not have been necessary.
|
|
Oops, we totally forgot to automate testing for this :x
|
|
We can't leave them lingering in the parent process at
all due to the risk of corruption with multiple processes.
|
|
We cannot have strftime using the local timezone for %z.
This fixes output when a server is not running UTC.
|
|
Ugh, this is a nasty corruption bug and I can't recommend
this project for Debian 8.0 users without documenting this.
|
|
It's no longer a part of the stock Perl distribution,
and we don't need a whole module for just one function.
|
|
Most of its functionality is in the PublicInbox::Inbox class.
While we're at it, we no longer auto-create newsgroup names
based on the inbox name, since newsgroup names probably deserve
some thought when it comes to hierarchy.
|