From 113b7bd827f9f16c45e4403448f7a65b9c353f74 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sat, 18 Sep 2021 19:54:48 -0400 Subject: [PATCH] Disable SMTPUTF8 in Postfix because Dovecot LMTP doesn't support it and bounces messages that require SMTPUTF8 By not advertising SMTPUTF8 support at the start, senders may opt to transmit recipient internationalized domain names in IDNA form instead, which will be deliverable. Incoming mail with internationalized domains was probably working prior to our move to Ubuntu 18.04 when postfix's SMTPUTF8 support became enabled by default. The previous commit is retained because Mail-in-a-Box users might prefer to keep SMTPUTF8 on for outbound mail, if they are not using internationalized domains for email, in which case the previous commit fixes the 'relay access denied' error even if the emails aren't deliverable. --- CHANGELOG.md | 1 + README.md | 2 ++ management/mailconfig.py | 4 ++-- setup/mail-users.sh | 6 +++++- 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7dd0b9e..aef6cf9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ In Development Mail: +* "SMTPUTF8" is now disabled in Postfix. Because Dovecot still does not support SMTPUTF8, incoming mail to internationalized addresses was bouncing. This fixes incoming mail to internationalized domains (which was probably working prior to v0.40), but it will prevent sending outbound mail to addresses with internationalized local-parts. * Upgraded to Roundcube 1.5 Release Candidate. Firewall: diff --git a/README.md b/README.md index 92fab00..473dc1a 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,8 @@ It also includes system management tools: * A control panel for adding/removing mail users, aliases, custom DNS records, configuring backups, etc. * An API for all of the actions on the control panel +Internationalized domain names are supported and configured easily (but SMTPUTF8 is not supported, unfortunately). + It also supports static website hosting since the box is serving HTTPS anyway. (To serve a website for your domains elsewhere, just add a custom DNS "A" record in you Mail-in-a-Box's control panel to point domains to another server.) For more information on how Mail-in-a-Box handles your privacy, see the [security details page](security.md). diff --git a/management/mailconfig.py b/management/mailconfig.py index 0c58747..2fcb970 100755 --- a/management/mailconfig.py +++ b/management/mailconfig.py @@ -16,8 +16,8 @@ import idna def validate_email(email, mode=None): # Checks that an email address is syntactically valid. Returns True/False. - # Until Postfix supports SMTPUTF8, an email address may contain ASCII - # characters only; IDNs must be IDNA-encoded. + # An email address may contain ASCII characters only because Dovecot's + # authentication mechanism gets confused with other character encodings. # # When mode=="user", we're checking that this can be a user account name. # Dovecot has tighter restrictions - letters, numbers, underscore, and diff --git a/setup/mail-users.sh b/setup/mail-users.sh index c0320e7..b570f03 100755 --- a/setup/mail-users.sh +++ b/setup/mail-users.sh @@ -101,8 +101,12 @@ EOF # ### Destination Validation # Use a Sqlite3 database to check whether a destination email address exists, -# and to perform any email alias rewrites in Postfix. +# and to perform any email alias rewrites in Postfix. Additionally, we disable +# SMTPUTF8 because Dovecot's LMTP server that delivers mail to inboxes does +# not support it, and if a message is received with the SMTPUTF8 flag it will +# bounce. tools/editconf.py /etc/postfix/main.cf \ + smtputf8_enable=no \ virtual_mailbox_domains=sqlite:/etc/postfix/virtual-mailbox-domains.cf \ virtual_mailbox_maps=sqlite:/etc/postfix/virtual-mailbox-maps.cf \ virtual_alias_maps=sqlite:/etc/postfix/virtual-alias-maps.cf \