By default all internal HTTP requests are now blocked, unless mailpit is started with the `--allow-internal-http-requests` flag (env `MP_ALLOW_INTERNAL_HTTP_REQUESTS=true`).
This goes against the RFC5321 recommendation, however enforcing the recommended limits is clearly causing issues with users, and it appears no investigated SMTP servers enforce the strict limits either.
When a message is forwarded or released, Mailpit introduces itself as
`localhost` to the upstream server. This happens because `net/smtp` forces the
value to be `localhost` if `client.Hello` is not called. This is explicitly
documented at https://pkg.go.dev/net/smtp#Client.Hello
Therefore, both `internal/smtpd/relay.go` (`createRelaySMTPClient`) and
`internal/smtpd/forward.go` (`createForwardingSMTPClient`) should either call
`client.Hello(os.Hostname())` or create a config (perhaps `config.HeloHostname`)
and use `client.Hello()` with that value immediately before returning from
either of those functions. (The HELO/EHLO command comes after TLS negotiation
but before any other SMTP commands.) This commit does the former.
Without this feature, Mailpit cannot be used in combination with Google
Workspace's SMTP Relay functionality, as it rejects any connection that
identifies itself as `localhost`.
Relates to #146
* fix: use single-line response when UIDL has an argument
The test changes included here don't necessarily deal with the fact that
the response used to be multi-line: the failure wouldn't occur during
the `c.Uidl()` calls, but rather on the next one as the client would
still have data from the server to receive, causing a parsing error like
so:
pop3_test.go:103: strconv.Atoi: parsing "unique-id": invalid syntax
The server now correctly replies with a single line response when an
argument is passed, as required by [the spec][1]
[1]: https://www.rfc-editor.org/rfc/rfc1939.html#page-12
* fix: UIDL accepts at most one argument
- Removed deprecated `thumbnailParams` struct from `thumbnails.go`.
- Updated `server_test.go` to use an anonymous struct for response unmarshalling.
- Enhanced `swagger.json` with detailed definitions for SendRequest and SendMessageResponse.
- Introduced new `swaggerParams.go` to define Swagger parameters for various API endpoints.
- Created `swaggerResponses.go` to define Swagger responses for API endpoints.
- Cleaned up unused JSON error message definitions and consolidated error responses.
- Improved documentation for Chaos triggers and web UI configuration responses.
- Updated error handling to use the error return value for resource closures in tests and functions, ensuring proper error reporting.
- Replaced direct calls to `Close()` with deferred functions that handle errors gracefully.
- Improved readability by using `strings.ReplaceAll` instead of `strings.Replace` for string manipulation.
- Enhanced network connection handling by adding default cases for unsupported network types.
- Updated HTTP response handling to use the appropriate status codes and error messages.
- Removed unused variables and commented-out code to clean up the codebase.
Squashed commit of the following:
commit 1ed713dd8de2adb7d761e20bb8018804c2e27ea6
Author: Ralph Slooten <axllent@gmail.com>
Date: Wed Jun 18 17:03:36 2025 +1200
Refactor latest version caching, add console logging if update checks fails
commit bf880e583372d81a0597bc263ab22f6989e48fa9
Author: Ben Edmunds <Tigger2014@users.noreply.github.com>
Date: Wed Jun 18 05:52:35 2025 +0100
Fix: Improve version polling, add thread safety and exponential backoff (#523)
* make version polling thread safe and add expo backoff
* tidy up
