Merge branch 'release/v1.17.0'

.github/workflows/close-stale-issues.yml

@@ -12,12 +12,12 @@ jobs:
     steps:
       - uses: actions/[email protected]
         with:
-          days-before-issue-stale: 14
-          days-before-issue-close: 7
+          days-before-issue-stale: 7
+          days-before-issue-close: 3
           exempt-issue-labels: "enhancement,bug,javascript,docker"
           stale-issue-label: "stale"
-          stale-issue-message: "This issue is stale because it has been open for 14 days with no activity."
-          close-issue-message: "This issue was closed because it has been inactive for 7 days since being marked as stale."
+          stale-issue-message: "This issue has been marked as stale because it has been open for 7 days with no activity."
+          close-issue-message: "This issue was closed because there has been no activity since being marked as stale."
           days-before-pr-stale: -1
           days-before-pr-close: -1
           repo-token: ${{ secrets.GITHUB_TOKEN }}

CHANGELOG.md

@@ -2,6 +2,26 @@
 
 Notable changes to Mailpit will be documented in this file.
 
+## [v1.17.0]
+
+### Chore
+- Update caniemail database
+- Update node dependencies
+- Update Go dependencies
+- Auto-rotate thumbnail images based on exif data
+- Replace disintegration/imaging with kovidgoyal/imaging to fix CVE-2023-36308
+- Update API documentation regarding date/time searches & timezones
+- Move Link check & HTML check features out of beta
+- Remove deprecated --disable-html-check option
+
+### Feature
+- Option to auto relay for matching recipient expression only ([#274](https://github.com/axllent/mailpit/issues/274))
+- Add UI settings screen
+
+### Fix
+- Add delay to close database on fatal exit ([#280](https://github.com/axllent/mailpit/issues/280))
+
+
 ## [v1.16.0]
 
 ### Chore

cmd/root.go

@@ -34,14 +34,15 @@ Documentation:
 			os.Exit(1)
 		}
 		if err := storage.InitDB(); err != nil {
-			logger.Log().Error(err.Error())
+			logger.Log().Fatal(err.Error())
 			os.Exit(1)
 		}
 
 		go server.Listen()
 
 		if err := smtpd.Listen(); err != nil {
-			logger.Log().Error(err.Error())
+			storage.Close()
+			logger.Log().Fatal(err.Error())
 			os.Exit(1)
 		}
 	},
@@ -96,7 +97,6 @@ func init() {
 	rootCmd.Flags().StringVar(&config.UITLSCert, "ui-tls-cert", config.UITLSCert, "TLS certificate for web UI (HTTPS) - requires ui-tls-key")
 	rootCmd.Flags().StringVar(&config.UITLSKey, "ui-tls-key", config.UITLSKey, "TLS key for web UI (HTTPS) - requires ui-tls-cert")
 	rootCmd.Flags().StringVar(&server.AccessControlAllowOrigin, "api-cors", server.AccessControlAllowOrigin, "Set API CORS Access-Control-Allow-Origin header")
-	rootCmd.Flags().BoolVar(&config.DisableHTMLCheck, "disable-html-check", config.DisableHTMLCheck, "Disable the HTML check functionality (web UI & API)")
 	rootCmd.Flags().BoolVar(&config.BlockRemoteCSSAndFonts, "block-remote-css-and-fonts", config.BlockRemoteCSSAndFonts, "Block access to remote CSS & fonts")
 	rootCmd.Flags().StringVar(&config.EnableSpamAssassin, "enable-spamassassin", config.EnableSpamAssassin, "Enable integration with SpamAssassin")
 	rootCmd.Flags().BoolVar(&config.AllowUntrustedTLS, "allow-untrusted-tls", config.AllowUntrustedTLS, "Do not verify HTTPS certificates (link checker & screenshots)")
@@ -116,8 +116,9 @@ func init() {
 	rootCmd.Flags().BoolVar(&smtpd.DisableReverseDNS, "smtp-disable-rdns", smtpd.DisableReverseDNS, "Disable SMTP reverse DNS lookups")
 
 	// SMTP relay
-	rootCmd.Flags().StringVar(&config.SMTPRelayConfigFile, "smtp-relay-config", config.SMTPRelayConfigFile, "SMTP configuration file to allow releasing messages")
-	rootCmd.Flags().BoolVar(&config.SMTPRelayAllIncoming, "smtp-relay-all", config.SMTPRelayAllIncoming, "Relay all incoming messages via external SMTP server (caution!)")
+	rootCmd.Flags().StringVar(&config.SMTPRelayConfigFile, "smtp-relay-config", config.SMTPRelayConfigFile, "SMTP relay configuration file to allow releasing messages")
+	rootCmd.Flags().BoolVar(&config.SMTPRelayAll, "smtp-relay-all", config.SMTPRelayAll, "Auto-relay all new messages via external SMTP server (caution!)")
+	rootCmd.Flags().StringVar(&config.SMTPRelayMatching, "smtp-relay-matching", config.SMTPRelayMatching, "Auto-relay new messages to only matching recipients (regular expression)")
 
 	// POP3 server
 	rootCmd.Flags().StringVar(&config.POP3Listen, "pop3", config.POP3Listen, "POP3 server bind interface and port")
@@ -155,6 +156,10 @@ func init() {
 	rootCmd.Flags().BoolVar(&config.SMTPRequireSTARTTLS, "smtp-tls-required", config.SMTPRequireSTARTTLS, "smtp-require-starttls")
 	rootCmd.Flags().Lookup("smtp-tls-required").Hidden = true
 	rootCmd.Flags().Lookup("smtp-tls-required").Deprecated = "use --smtp-require-starttls"
+
+	// DEPRECATED FLAG 2024/04/13 - no longer used
+	rootCmd.Flags().BoolVar(&config.DisableHTMLCheck, "disable-html-check", config.DisableHTMLCheck, "Disable the HTML check functionality (web UI & API)")
+	rootCmd.Flags().Lookup("disable-html-check").Hidden = true
 }
 
 // Load settings from environment
@@ -201,9 +206,6 @@ func initConfigFromEnv() {
 	if len(os.Getenv("MP_API_CORS")) > 0 {
 		server.AccessControlAllowOrigin = os.Getenv("MP_API_CORS")
 	}
-	if getEnabledFromEnv("MP_DISABLE_HTML_CHECK") {
-		config.DisableHTMLCheck = true
-	}
 	if getEnabledFromEnv("MP_BLOCK_REMOTE_CSS_AND_FONTS") {
 		config.BlockRemoteCSSAndFonts = true
 	}
@@ -252,8 +254,9 @@ func initConfigFromEnv() {
 	// SMTP relay
 	config.SMTPRelayConfigFile = os.Getenv("MP_SMTP_RELAY_CONFIG")
 	if getEnabledFromEnv("MP_SMTP_RELAY_ALL") {
-		config.SMTPRelayAllIncoming = true
+		config.SMTPRelayAll = true
 	}
+	config.SMTPRelayMatching = os.Getenv("MP_SMTP_RELAY_MATCHING")
 	config.SMTPRelayConfig = config.SMTPRelayConfigStruct{}
 	config.SMTPRelayConfig.Host = os.Getenv("MP_SMTP_RELAY_HOST")
 	if len(os.Getenv("MP_SMTP_RELAY_PORT")) > 0 {
@@ -333,6 +336,10 @@ func initDeprecatedConfigFromEnv() {
 		logger.Log().Warn("ENV MP_SMTP_TLS_REQUIRED has been deprecated, use MP_SMTP_REQUIRE_STARTTLS")
 		config.SMTPRequireSTARTTLS = true
 	}
+	if getEnabledFromEnv("MP_DISABLE_HTML_CHECK") {
+		logger.Log().Warn("ENV MP_DISABLE_HTML_CHECK has been deprecated and is no longer used")
+		config.DisableHTMLCheck = true
+	}
 }
 
 // Wrapper to get a boolean from an environment variable

config/config.go

@@ -83,9 +83,6 @@ var (
 	// IgnoreDuplicateIDs will skip messages with the same ID
 	IgnoreDuplicateIDs bool
 
-	// DisableHTMLCheck used to disable the HTML check in bother the API and web UI
-	DisableHTMLCheck = false
-
 	// BlockRemoteCSSAndFonts used to disable remote CSS & fonts
 	BlockRemoteCSSAndFonts = false
 
@@ -117,9 +114,15 @@ var (
 	// ReleaseEnabled is whether message releases are enabled, requires a valid SMTPRelayConfigFile
 	ReleaseEnabled = false
 
-	// SMTPRelayAllIncoming is whether to relay all incoming messages via pre-configured SMTP server.
+	// SMTPRelayAll is whether to relay all incoming messages via pre-configured SMTP server.
 	// Use with extreme caution!
-	SMTPRelayAllIncoming = false
+	SMTPRelayAll = false
+
+	// SMTPRelayMatching if set, will auto-release to recipients matching this regular expression
+	SMTPRelayMatching string
+
+	// SMTPRelayMatchingRegexp is the compiled version of SMTPRelayMatching
+	SMTPRelayMatchingRegexp *regexp.Regexp
 
 	// POP3Listen address - if set then Mailpit will start the POP3 server and listen on this address
 	POP3Listen = "[::]:1110"
@@ -153,6 +156,9 @@ var (
 
 	// RepoBinaryName on Github for updater
 	RepoBinaryName = "mailpit"
+
+	// DisableHTMLCheck DEPRECATED 2024/04/13 - kept here to display console warning only
+	DisableHTMLCheck = false
 )
 
 // AutoTag struct for auto-tagging
@@ -361,6 +367,11 @@ func VerifyConfig() error {
 		return fmt.Errorf("webhook URL does not appear to be a valid URL (%s)", WebhookURL)
 	}
 
+	// DEPRECATED 2024/04/13
+	if DisableHTMLCheck {
+		logger.Log().Warn("--disable-html-check has been deprecated and is no longer used")
+	}
+
 	if EnableSpamAssassin != "" {
 		spamassassin.SetService(EnableSpamAssassin)
 		logger.Log().Infof("[spamassassin] enabled via %s", EnableSpamAssassin)
@@ -400,7 +411,7 @@ func VerifyConfig() error {
 		}
 
 		SMTPAllowedRecipientsRegexp = restrictRegexp
-		logger.Log().Infof("[smtp] only allowing recipients matching the following regexp: %s", SMTPAllowedRecipients)
+		logger.Log().Infof("[smtp] only allowing recipients matching regexp: %s", SMTPAllowedRecipients)
 	}
 
 	if err := parseRelayConfig(SMTPRelayConfigFile); err != nil {
@@ -412,13 +423,28 @@ func VerifyConfig() error {
 		return err
 	}
 
-	if !ReleaseEnabled && SMTPRelayAllIncoming {
-		return errors.New("[smtp] relay config must be set to relay all messages")
+	if !ReleaseEnabled && SMTPRelayAll || !ReleaseEnabled && SMTPRelayMatching != "" {
+		return errors.New("[relay] a relay configuration must be set to auto-relay any messages")
 	}
 
-	if SMTPRelayAllIncoming {
+	if SMTPRelayMatching != "" {
+		if SMTPRelayAll {
+			logger.Log().Warnf("[relay] ignoring smtp-relay-matching when smtp-relay-all is enabled")
+		} else {
+			restrictRegexp, err := regexp.Compile(SMTPRelayMatching)
+			if err != nil {
+				return fmt.Errorf("[relay] failed to compile smtp-relay-matching regexp: %s", err.Error())
+			}
+
+			SMTPRelayMatchingRegexp = restrictRegexp
+			logger.Log().Infof("[relay] auto-relaying new messages to recipients matching \"%s\" via %s:%d",
+				SMTPRelayMatching, SMTPRelayConfig.Host, SMTPRelayConfig.Port)
+		}
+	}
+
+	if SMTPRelayAll {
 		// this deserves a warning
-		logger.Log().Warnf("[smtp] enabling automatic relay of all new messages via %s:%d", SMTPRelayConfig.Host, SMTPRelayConfig.Port)
+		logger.Log().Warnf("[relay] auto-relaying all new messages via %s:%d", SMTPRelayConfig.Host, SMTPRelayConfig.Port)
 	}
 
 	return nil
@@ -451,7 +477,7 @@ func parseRelayConfig(c string) error {
 
 	// DEPRECATED 2024/03/12
 	if SMTPRelayConfig.RecipientAllowlist != "" {
-		logger.Log().Warn("[smtp] relay 'recipient-allowlist' is deprecated, use 'allowed_recipients' instead")
+		logger.Log().Warn("[smtp] relay 'recipient-allowlist' is deprecated, use 'allowed-recipients' instead")
 		if SMTPRelayConfig.AllowedRecipients == "" {
 			SMTPRelayConfig.AllowedRecipients = SMTPRelayConfig.RecipientAllowlist
 		}
@@ -496,9 +522,8 @@ func validateRelayConfig() error {
 
 	logger.Log().Infof("[smtp] enabling message relaying via %s:%d", SMTPRelayConfig.Host, SMTPRelayConfig.Port)
 
-	allowlistRegexp, err := regexp.Compile(SMTPRelayConfig.AllowedRecipients)
-
 	if SMTPRelayConfig.AllowedRecipients != "" {
+		allowlistRegexp, err := regexp.Compile(SMTPRelayConfig.AllowedRecipients)
 		if err != nil {
 			return fmt.Errorf("[smtp] failed to compile relay recipient allowlist regexp: %s", err.Error())
 		}

go.mod

@@ -1,17 +1,19 @@
 module github.com/axllent/mailpit
 
-go 1.20
+go 1.21.0
+
+toolchain go1.22.1
 
 require (
 	github.com/PuerkitoBio/goquery v1.9.1
 	github.com/araddon/dateparse v0.0.0-20210429162001-6b43995a97de
 	github.com/axllent/semver v0.0.1
-	github.com/disintegration/imaging v1.6.2
-	github.com/gomarkdown/markdown v0.0.0-20240328165702-4d01890c35c0
+	github.com/gomarkdown/markdown v0.0.0-20240419095408-642f0ee99ae2
 	github.com/gorilla/mux v1.8.1
 	github.com/gorilla/websocket v1.5.1
 	github.com/jhillyerd/enmime v1.2.0
 	github.com/klauspost/compress v1.17.8
+	github.com/kovidgoyal/imaging v1.6.3
 	github.com/leporo/sqlf v1.4.0
 	github.com/lithammer/shortuuid/v4 v4.0.0
 	github.com/mhale/smtpd v0.8.2
@@ -26,7 +28,7 @@ require (
 	golang.org/x/text v0.14.0
 	golang.org/x/time v0.5.0
 	gopkg.in/yaml.v3 v3.0.1
-	modernc.org/sqlite v1.29.6
+	modernc.org/sqlite v1.29.8
 )
 
 require (