eric/mailpit
1
0
Fork 0
mirror of https://github.com/axllent/mailpit.git synced 2026-06-27 22:46:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,799 Commits 2 Branches 191 Tags
034a480a39ac9d8798e657ab02fc191a32be0b8a
Commit Graph

225 Commits

Author SHA1 Message Date
Ralph Slooten
034a480a39 Chore: Refactor addMessageTag function to remove mutex and ensure safe concurrent inserts 2026-05-09 16:48:05 +12:00
Ralph Slooten
f575b53854 Chore: Refactor pruneMessages function to eliminate duplicate ID checks using a map 2026-05-09 16:43:40 +12:00
Ralph Slooten
d469aac87c Chore: Optimize MarkRead and MarkUnread functions to reduce database calls and improve performance 2026-05-09 16:40:27 +12:00
Ralph Slooten
e4c3442e39 Chore: Enhance SetMessageTags function to improve tag handling and batch deletions 2026-05-09 16:35:21 +12:00
Ralph Slooten
f11fc1ffe0 Chore: Optimize tag retrieval by batching message IDs in List and Search functions 2026-05-09 16:27:58 +12:00
Ralph Slooten
40c5936f79 Chore: Refactor MarkRead and MarkUnread functions to only broadcast changes of modified messages 2026-05-09 16:13:05 +12:00
Ralph Slooten
8bc966e618 Chore: Refactor Prometheus metrics implementation and remove unused dependencies 2026-05-06 16:28:43 +12:00
Ralph Slooten
878c68bb49 Chore: Replace lithammer/shortuuid with custom shortuuid implementation and update tests 2026-05-05 17:09:55 +12:00
Ralph Slooten
123ec9a354 Chore: Remove logrus dependency and implement slog-based logging 2026-05-05 16:48:33 +12:00
Ralph Slooten
794077a836 Use strings.TrimSuffix instead of strings.TrimRight for schema ID extraction 2026-04-04 12:20:33 +13:00
Ralph Slooten
3a4c7766e9 Feature: Add option to disable auto-VACUUMing of the SQLite database (#661) 2026-03-29 17:29:02 +13:00
Ralph Slooten
ee9863289a Chore: Refactor timezone handling in searchQueryBuilder 2026-03-10 12:07:52 +13:00
Ralph Slooten
fc0b016549 Chore: Improve transaction handling in pruneMessages and fix loop continuation in InitDB 2026-03-10 11:53:36 +13:00
Ralph Slooten
c1db706677 Update inline TLS verification docs for healthcheck and link checks 2026-03-09 12:44:39 +13:00
Ralph Slooten
51e327f259 Fix: Update SQL query to use tenant when using is:tagged filter 2026-03-09 11:37:40 +13:00
Ville Skyttä
ba00ea5a21 Chore: Switch to math/rand/v2 
Insignificant as in tests only, but there's no particular reason not to.
 2026-03-07 22:54:04 +13:00
Ville Skyttä
2afc52c6fe Chore: Refactor code with go fix 
Done with `go fix ./...` using go 1.26.0.
 2026-03-03 16:03:28 +13:00
Ralph Slooten
4f651e4f14 Chore: Update caniemail test database 2026-02-25 12:10:33 +13:00
Ralph Slooten
10ad4df8cc Security: Prevent Server-Side Request Forgery (SSRF) via Link Check API ([GHSA-mpf7-p9x7-96r3](https://github.com/axllent/mailpit/security/advisories/GHSA-mpf7-p9x7-96r3)) 
By default all internal HTTP requests are now blocked, unless mailpit is started with the `--allow-internal-http-requests` flag (env  `MP_ALLOW_INTERNAL_HTTP_REQUESTS=true`).
 2026-02-24 14:22:02 +13:00
Ralph Slooten
632113fcc5 Fix: Include 8BITMIME in SMTPD EHLO response (#648) 2026-02-24 11:25:19 +13:00
Ralph Slooten
e2b1b2d0fe Code cleanup 2026-02-01 15:58:31 +13:00
Ralph Slooten
5414695508 Test: Add message summary attachment checksum tests 2026-02-01 15:34:06 +13:00
Ralph Slooten
0bfbb4cc5f Feature: Include message attachment checksums (MD5, SHA1 & SHA254) in API message summary 2026-02-01 15:34:05 +13:00
Ralph Slooten
464ff68c34 Fix: Prevent nested MAIL command during an active SMTP transaction (#623) 2026-01-25 10:05:28 +13:00
Ralph Slooten
9383c5876b Fix: Ensure SMTP HELO/EHLO command is issued before MAIL FROM as per RFC 5321 (#621) 2026-01-23 17:27:13 +13:00
Ralph Slooten
a3616e52d9 Chore: Increase allowed SMTP email address length to 1024 chars & return clearer SMTP responses for failures (#620) 
This goes against the RFC5321 recommendation, however enforcing the recommended limits is clearly causing issues with users, and it appears no investigated SMTP servers enforce the strict limits either.
 2026-01-23 16:46:29 +13:00
Ralph Slooten
1679a0aba5 Security: Prevent Server-Side Request Forgery (SSRF) via HTML Check API ([GHSA-6jxm-fv7w-rw5j](https://github.com/axllent/mailpit/security/advisories/GHSA-6jxm-fv7w-rw5j)) 2026-01-18 11:58:24 +13:00
Ralph Slooten
4a4c149eed Formatting 2026-01-18 11:57:23 +13:00
Ralph Slooten
181cb0714a Test: Add maximum email length validation tests - RFC5321 (section 4.5.3.1) 2026-01-18 11:51:23 +13:00
Ralph Slooten
00d52d5931 Fix: Validate maximum lengths of email addresses - RFC5321 (section 4.5.3.1) 2026-01-18 11:51:23 +13:00
Ralph Slooten
050da038af Test: Add SMTP tests for address compliancy (RFC 5322) and header injection 2026-01-18 11:51:23 +13:00
Ralph Slooten
36cc06c125 Security: Ensure SMTP TO & FROM addresses are RFC 5322 compliant and prevent header injection ([GHSA-54wq-72mp-cq7c](https://github.com/axllent/mailpit/security/advisories/GHSA-54wq-72mp-cq7c)) 2026-01-18 11:50:33 +13:00
Ralph Slooten
2734efbc66 Test: Update tag tests with length limits and @ character 2026-01-17 11:22:19 +13:00
Ralph Slooten
7cda4a36f1 Chore: Allow @ character in message tags & set max length to 100 characters per tag 2026-01-17 11:12:45 +13:00
Ralph Slooten
45b3676e52 Fix: Auto-tagging using SMTP username using plain auth (#617) 2026-01-16 13:50:15 +13:00
Ralph Slooten
5e4bdb78b8 Test: Add inline message tests 2025-12-20 16:45:57 +13:00
Ralph Slooten
46ccf866b2 Chore: Update caniemail test database 2025-11-26 17:32:49 +13:00
Ralph Slooten
7d6aab4e01 Refactor imports and improve logging in SMTP relay functionality 2025-11-26 16:30:28 +13:00
Dennis
0f0a5d942f Feature: Optionally propagate SMTP errors (#588) 
* forward smtp errors

* lint and formatting

* forward smtp errors in forward-impl
 2025-11-26 16:17:44 +13:00
Ralph Slooten
6ccc294a1e Chore: Update caniemail test database 2025-09-14 22:23:44 +12:00
Ralph Slooten
7d74516270 Fix: Move HELO/EHLO hostname setting to the correct position in SMTP client creation (#558) 2025-08-26 12:17:01 +12:00
Peter Krawczyk
8ce6fc0db5 Chore: Set HELO/EHLO hostname when connecting to external SMTP server (#556) 
When a message is forwarded or released, Mailpit introduces itself as
`localhost` to the upstream server. This happens because `net/smtp` forces the
value to be `localhost` if `client.Hello` is not called. This is explicitly
documented at https://pkg.go.dev/net/smtp#Client.Hello

Therefore, both `internal/smtpd/relay.go` (`createRelaySMTPClient`) and
`internal/smtpd/forward.go` (`createForwardingSMTPClient`) should either call
`client.Hello(os.Hostname())` or create a config (perhaps `config.HeloHostname`)
and use `client.Hello()` with that value immediately before returning from
either of those functions. (The HELO/EHLO command comes after TLS negotiation
but before any other SMTP commands.) This commit does the former.

Without this feature, Mailpit cannot be used in combination with Google
Workspace's SMTP Relay functionality, as it rejects any connection that
identifies itself as `localhost`.

Relates to #146
 2025-08-22 16:04:03 +12:00
Ralph Slooten
0faa71310e Chore: Update caniemail test database 2025-08-17 12:35:45 +12:00
Felipe
343db8bb61 Fix: Support optional UIDL argument in POP3 server (#552) 
* fix: use single-line response when UIDL has an argument

The test changes included here don't necessarily deal with the fact that
the response used to be multi-line: the failure wouldn't occur during
the `c.Uidl()` calls, but rather on the next one as the client would
still have data from the server to receive, causing a parsing error like
so:

    pop3_test.go:103: strconv.Atoi: parsing "unique-id": invalid syntax

The server now correctly replies with a single line response when an
argument is passed, as required by [the spec][1]

[1]: https://www.rfc-editor.org/rfc/rfc1939.html#page-12

* fix: UIDL accepts at most one argument
 2025-08-17 12:24:53 +12:00
Ralph Slooten
4619d9be88 Chore: Update caniemail test database 2025-08-10 21:18:23 +12:00
Ralph Slooten
41ef4ecd60 Rename smtp-silently-drop-rejected-recipients to smtp-ignore-rejected-recipients 2025-08-10 21:04:22 +12:00
Matthias Gliwka
39d80df809 Feature: Allow rejected SMTP recipients to be silently dropped (#549) 2025-08-10 20:34:26 +12:00
Ralph Slooten
507217844b Security: Add ReadHeaderTimeout to Prometheus metrics server 2025-07-25 20:39:13 +12:00
Ralph Slooten
5a4d13b15a Security: Prevent integer overflow conversion to uint64 2025-07-25 20:33:27 +12:00
Ralph Slooten
fbc1dc6118 Do not expose unnecessary Prometheus functions 2025-07-25 20:33:27 +12:00