Merge branch 'release/0.1.0'

Resolves #4

.chglog/CHANGELOG.tpl.md

@@ -0,0 +1,48 @@
+# Changelog
+
+Notable changes to Mailpit will be documented in this file.
+
+
+{{ if .Versions -}}
+{{ if .Unreleased.CommitGroups -}}
+## [Unreleased]
+
+{{ if .Unreleased.CommitGroups -}}
+{{ range .Unreleased.CommitGroups -}}
+### {{ .Title }}
+{{ range .Commits -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{ end }}
+{{ end }}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+
+{{ range .Versions }} 
+{{- if .CommitGroups -}}
+## {{ .Tag.Name }}
+
+{{ range .CommitGroups -}}
+### {{ .Title }}
+{{ range .Commits -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{ end }}
+{{ end }}
+{{ end -}}
+
+{{- if .MergeCommits -}}
+### Pull Requests
+{{ range .MergeCommits -}}
+- {{ .Header }}
+{{ end }}
+{{ end -}}
+
+{{- if .NoteGroups -}}
+{{ range .NoteGroups -}}
+### {{ .Title }}
+{{ range .Notes }}
+{{ .Body }}
+{{ end }}
+{{ end -}}
+{{ end -}}
+{{ end -}}

.chglog/RELEASE.tpl.md

@@ -0,0 +1,12 @@
+{{ if .Versions -}}
+{{ range .Versions }} 
+{{- if .CommitGroups -}}
+{{ range .CommitGroups -}}
+### {{ .Title }}
+{{ range .Commits -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{ end }}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}

.chglog/config.yml

@@ -0,0 +1,28 @@
+style: github
+template: CHANGELOG.tpl.md
+info:
+  title: CHANGELOG
+  repository_url: https://github.com/axllent/mailpit
+options:
+  commits:
+    # filters:
+    #   Type:
+    #     - feat
+    #     - fix
+    #     - perf
+    #     - refactor
+  commit_groups:
+    title_maps:
+      feature: Feature
+      fix: Fix
+    #   perf: Performance Improvements
+    #   refactor: Code Refactoring
+  header:
+    pattern: "^(\\w*)(?:\\(([\\w\\$\\.\\-\\*\\s]*)\\))?\\:\\s(.*)$"
+    pattern_maps:
+      - Type
+      - Scope
+      - Subject
+  notes:
+    keywords:
+      - BREAKING CHANGE

.dockerignore

@@ -0,0 +1,2 @@
+/node_modules
+/mailpit

.github/workflows/build-docker.yml

@@ -0,0 +1,37 @@
+on:
+  release:
+    types: [created]
+
+name: Build docker images
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Get tag
+      id: tag
+      uses: dawidd6/action-get-tag@v1
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v2
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v2
+
+    - name: Login to DockerHub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+
+    - name: Build and push
+      uses: docker/build-push-action@v3
+      with:
+        context: .
+        platforms: linux/amd64,linux/arm64,linux/arm
+        build-args: |
+          "VERSION=${{ steps.tag.outputs.tag }}"
+        push: true
+        tags: axllent/mailpit:latest,axllent/mailpit:${{ steps.tag.outputs.tag }}

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,72 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "develop" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "develop" ]
+  schedule:
+    - cron: '34 23 * * 4'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go', 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+        
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #   echo "Run, Build Application using script"
+    #   ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

.github/workflows/release-build.yml

@@ -38,6 +38,7 @@ jobs:
         goos: ${{ matrix.goos }}
         goarch: ${{ matrix.goarch }}
         binary_name: "mailpit"
+        pre_command: export CGO_ENABLED=0
         asset_name: mailpit-${{ matrix.goos }}-${{ matrix.goarch }}
         extra_files: LICENSE README.md
         md5sum: false

.github/workflows/test.yml

@@ -16,6 +16,14 @@ jobs:
       with:
         go-version: ${{ matrix.go-version }}
     - uses: actions/checkout@v3
+    - uses: actions/cache@v3
+      with:
+        path: |
+          ~/.cache/go-build
+          ~/go
+        key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-
     - run: go test ./storage -v
     - run: go test ./storage -bench=.
     

CHANGELOG.md

@@ -1,15 +1,79 @@
 # Changelog
 
-## [0.0.3]
-
-- Bugfix: Update to clover-v2.0.0-alpha.2 to fix sorting
+Notable changes to Mailpit will be documented in this file.
 
 
-## [0.0.2]
+## 0.1.0
 
-- Unread message statistics & updates
+### Feature
+- SMTP STARTTLS & SMTP authentication support
 
 
-## [0.0.1-beta]
+## 0.0.9
+
+### Bugfix
+- Include read status in search results
+
+### Feature
+- HTTPS option for web UI
+
+### Testing
+- Memory & physical database tests
+
+
+## 0.0.8
+
+### Bugfix
+- Fix total/unread count after failed message inserts
+
+### UI
+- Add project links to help in CLI
+
+
+## 0.0.7
+
+### Bugfix
+- Command flag should be `--auth-file`
+
+
+## 0.0.6
+
+### Bugfix
+- Disable CGO when building multi-arch binaries
+
+
+## 0.0.5
+
+### Feature
+- Basic authentication support
+
+
+## 0.0.4
+
+### Bugfix
+- Update to clover-v2.0.0-alpha.2 to fix sorting
+
+### Tests
+- Add search tests
+
+### UI
+- Add date to console log
+- Add space in To fields
+- Cater for messages without From email address
+- Minor UI & logging changes
+- Add space in To fields
+- cater for messages without From email address
+
+
+## 0.0.3
+
+### Bugfix
+- Update to clover-v2.0.0-alpha.2 to fix sorting
+
+
+## 0.0.2
+
+### Feature
+- Unread statistics
+
 
-- First release

Dockerfile

@@ -0,0 +1,20 @@
+FROM golang:alpine as builder
+
+ARG VERSION=dev
+
+COPY . /app
+
+WORKDIR /app
+
+RUN apk add --no-cache git npm && \
+npm install && npm run package && \
+CGO_ENABLED=0 go build -ldflags "-s -w -X github.com/axllent/mailpit/cmd.Version=${VERSION}" -o /mailpit
+
+
+FROM alpine:latest
+
+COPY --from=builder /mailpit /mailpit
+
+RUN apk add --no-cache tzdata
+
+ENTRYPOINT ["/mailpit"]

README-BUILDING.md

@@ -1,45 +0,0 @@
-# Building Mailpit from source
-
-Go (>= version 1.8) and npm are required to compile mailpit from source.
-
-```
-git clone git@github.com:axllent/mailpit.git
-cd mailpit
-```
-
-## Building the UI
-
-The Mailpit web user interface is built with node. In the project's root (top) directory run the following to install the required node modules:
-
-
-### Installing the node modules
-```
-npm install
-```
-
-
-### Building the web UI
-
-```
-npm run build
-```
-
-You can also run `npm run watch` which will watch for changes and rebuild the HTML/CSS/JS automatically when changes are detected.
-Please note that you must restart Mailpit (`go run .`) to run with the changes.
-
-
-## Build the mailpit binary
-
-One you have the assets compiled, you can build mailpit as follows:
-```
-go build -ldflags "-s -w"
-```
-
-## Building a stand-alone sendmail binary
-
-This step is unnecessary, however if you do not intend to either symlink `sendmail` to mailpit or configure your existing sendmail to route mail to mailpit, you can optionally build a stand-alone sendmail binary.
-
-```
-cd sendmail
-go build -ldflags "-s -w"
-```

README.md

@@ -6,6 +6,8 @@ It acts as both an SMTP server, and provides a web interface to view all capture
 
 Mailpit is inspired by [MailHog](#why-rewrite-mailhog), but much, much faster.
 
+![Mailpit](https://raw.githubusercontent.com/axllent/mailpit/develop/screenshot.png)
+
 
 ## Features
 
@@ -13,26 +15,26 @@ Mailpit is inspired by [MailHog](#why-rewrite-mailhog), but much, much faster.
 - SMTP server (default `0.0.0.0:1025`)
 - Web UI to view emails (HTML format, text, source and MIME attachments, default `0.0.0.0:8025`)
 - Real-time web UI updates using web sockets for new mail
-- Email storage in either memory or disk (using [CloverDB](https://github.com/ostafen/clover)) - note that in-memory has a physical limit of 1MB per email
 - Configurable automatic email pruning (default keeps the most recent 500 emails)
+- Email storage either in memory or disk ([see wiki](https://github.com/axllent/mailpit/wiki/Email-storage))
 - Fast SMTP processing & storing - approximately 300-600 emails per second depending on CPU, network speed & email size
 - Can handle tens of thousands of emails
+- Optional SMTP with STARTTLS & SMTP authentication ([see wiki](https://github.com/axllent/mailpit/wiki/SMTP-with-STARTTLS-and-authentication))
+- Optional HTTPS for web UI ([see wiki](https://github.com/axllent/mailpit/wiki/HTTPS))
+- Optional basic authentication for web UI ([see wiki](https://github.com/axllent/mailpit/wiki/Basic-authentication))
+- Multi-architecture [Docker images](https://github.com/axllent/mailpit/wiki/Docker-images)
 
 
 ## Planned features
 
-- Optional HTTPS for web UI
-- Optional basic authentication for web UI
-- Optional authentication for SMTP
 - Browser notifications for new mail (HTTPS only)
-- Docker container
 
 
 ## Installation
 
 Download a pre-built binary in the [releases](https://github.com/axllent/mailpit/releases/latest). The `mailpit` can be placed in your `$PATH`, or simply run as `./mailpit`. See `mailpit -h` for options.
 
-To build mailpit from source see [building from source](README-BUILDING.md).
+To build Mailpit from source see [building from source](https://github.com/axllent/mailpit/wiki/Building-from-source).
 
 
 ### Configuring sendmail
@@ -44,11 +46,11 @@ You can use `mailpit sendmail` as your sendmail configuration in `php.ini`:
 sendmail_path = /usr/local/bin/mailpit sendmail
 ```
 
-If mailpit is found on the same host as sendmail, you can symlink the mailpit binary to sendmail, eg: `ln -s /usr/local/bin/mailpit /usr/sbin/sendmail`  (only if mailpit is running on default 1025 port).
+If Mailpit is found on the same host as sendmail, you can symlink the Mailpit binary to sendmail, eg: `ln -s /usr/local/bin/mailpit /usr/sbin/sendmail`  (only if Mailpit is running on default 1025 port).
 
 You can use your default system `sendmail` binary to route directly to port `1025` (configurable) by calling `/usr/sbin/sendmail -S localhost:1025`.
 
-You can build a mailpit-specific sendmail binary from source ( see [building from source](README-BUILDING.md)).
+You can build a Mailpit-specific sendmail binary from source (see [building from source](https://github.com/axllent/mailpit/wiki/Building-from-source)).
 
 
 ## Why rewrite MailHog?

cmd/root.go

@@ -20,7 +20,11 @@ var rootCmd = &cobra.Command{
 	Short: "Mailpit is an email testing tool for developers",
 	Long: `Mailpit is an email testing tool for developers.
 
-It acts as an SMTP server, and provides a web interface to view all captured emails.`,
+It acts as an SMTP server, and provides a web interface to view all captured emails.
+
+Documentation:
+  https://github.com/axllent/mailpit
+  https://github.com/axllent/mailpit/wiki`,
 	Run: func(_ *cobra.Command, _ []string) {
 		if err := config.VerifyConfig(); err != nil {
 			logger.Log().Error(err.Error())
@@ -60,9 +64,12 @@ func SendmailExecute() {
 func init() {
 	// hide autocompletion
 	rootCmd.CompletionOptions.HiddenDefaultCmd = true
-	// rootCmd.Flags().SortFlags = false
-	// hide help
+	rootCmd.Flags().SortFlags = false
+	// hide help command
 	rootCmd.SetHelpCommand(&cobra.Command{Hidden: true})
+	// hide help flag
+	rootCmd.PersistentFlags().BoolP("help", "h", false, "This help")
+	rootCmd.PersistentFlags().Lookup("help").Hidden = true
 
 	// defaults from envars if provided
 	if len(os.Getenv("MP_DATA_DIR")) > 0 {
@@ -77,10 +84,53 @@ func init() {
 	if len(os.Getenv("MP_MAX_MESSAGES")) > 0 {
 		config.MaxMessages, _ = strconv.Atoi(os.Getenv("MP_MAX_MESSAGES"))
 	}
+	if len(os.Getenv("MP_AUTH_FILE")) > 0 {
+		config.UIAuthFile = os.Getenv("MP_AUTH_FILE")
+	}
+	if len(os.Getenv("MP_UI_AUTH_FILE")) > 0 {
+		config.UIAuthFile = os.Getenv("MP_UI_AUTH_FILE")
+	}
+	if len(os.Getenv("MP_SMTP_AUTH_FILE")) > 0 {
+		config.SMTPAuthFile = os.Getenv("MP_SMTP_AUTH_FILE")
+	}
+	// deprecated 2022/08/06
+	if len(os.Getenv("MP_SSL_CERT")) > 0 {
+		config.UISSLCert = os.Getenv("MP_SSL_CERT")
+	}
+	// deprecated 2022/08/06
+	if len(os.Getenv("MP_SSL_KEY")) > 0 {
+		config.UISSLKey = os.Getenv("MP_SSL_KEY")
+	}
+	if len(os.Getenv("MP_UI_SSL_CERT")) > 0 {
+		config.UISSLCert = os.Getenv("MP_UI_SSL_CERT")
+	}
+	if len(os.Getenv("MP_UISSL_KEY")) > 0 {
+		config.UISSLKey = os.Getenv("MP_UI_SSL_KEY")
+	}
 
 	rootCmd.Flags().StringVarP(&config.DataDir, "data", "d", config.DataDir, "Optional path to store peristent data")
 	rootCmd.Flags().StringVarP(&config.SMTPListen, "smtp", "s", config.SMTPListen, "SMTP bind interface and port")
 	rootCmd.Flags().StringVarP(&config.HTTPListen, "listen", "l", config.HTTPListen, "HTTP bind interface and port for UI")
-	rootCmd.Flags().IntVarP(&config.MaxMessages, "max", "m", config.MaxMessages, "Max number of messages per mailbox")
+	rootCmd.Flags().IntVarP(&config.MaxMessages, "max", "m", config.MaxMessages, "Max number of messages to store")
+
+	rootCmd.Flags().StringVar(&config.UIAuthFile, "ui-auth-file", config.UIAuthFile, "A password file for web UI authentication")
+	rootCmd.Flags().StringVar(&config.UISSLCert, "ui-ssl-cert", config.UISSLCert, "SSL certificate for web UI - requires ui-ssl-key")
+	rootCmd.Flags().StringVar(&config.UISSLKey, "ui-ssl-key", config.UISSLKey, "SSL key for web UI - requires ui-ssl-cert")
+
+	rootCmd.Flags().StringVar(&config.SMTPAuthFile, "smtp-auth-file", config.SMTPAuthFile, "A password file for SMTP authentication")
+	rootCmd.Flags().StringVar(&config.SMTPSSLCert, "smtp-ssl-cert", config.SMTPSSLCert, "SSL certificate for SMTP - requires smtp-ssl-key")
+	rootCmd.Flags().StringVar(&config.SMTPSSLKey, "smtp-ssl-key", config.SMTPSSLKey, "SSL key for SMTP - requires smtp-ssl-cert")
+
 	rootCmd.Flags().BoolVarP(&config.VerboseLogging, "verbose", "v", false, "Verbose logging")
+
+	// deprecated 2022/08/06
+	rootCmd.Flags().StringVarP(&config.UIAuthFile, "auth-file", "a", config.UIAuthFile, "A password file for web UI authentication")
+	rootCmd.Flags().StringVar(&config.UISSLCert, "ssl-cert", config.UISSLCert, "SSL certificate - requires ssl-key")
+	rootCmd.Flags().StringVar(&config.UISSLKey, "ssl-key", config.UISSLKey, "SSL key - requires ssl-cert")
+	rootCmd.Flags().Lookup("auth-file").Hidden = true
+	rootCmd.Flags().Lookup("auth-file").Deprecated = "use --ui-auth-file"
+	rootCmd.Flags().Lookup("ssl-cert").Hidden = true
+	rootCmd.Flags().Lookup("ssl-cert").Deprecated = "use --ui-ssl-cert"
+	rootCmd.Flags().Lookup("ssl-key").Hidden = true
+	rootCmd.Flags().Lookup("ssl-key").Deprecated = "use --ui-ssl-key"
 }

config/config.go

@@ -2,7 +2,11 @@ package config
 
 import (
 	"errors"
+	"fmt"
+	"os"
 	"regexp"
+
+	"github.com/tg123/go-htpasswd"
 )
 
 var (
@@ -21,13 +25,32 @@ var (
 	// VerboseLogging for console output
 	VerboseLogging = false
 
-	// NoLogging for testing
+	// NoLogging for tests
 	NoLogging = false
 
-	// SSLCert @TODO
-	SSLCert string
-	// SSLKey @TODO
-	SSLKey string
+	// UISSLCert file
+	UISSLCert string
+
+	// UISSLKey file
+	UISSLKey string
+
+	// UIAuthFile for basic authentication
+	UIAuthFile string
+
+	// UIAuth used for euthentication
+	UIAuth *htpasswd.File
+
+	// SMTPSSLCert file
+	SMTPSSLCert string
+
+	// SMTPSSLKey file
+	SMTPSSLKey string
+
+	// SMTPAuthFile for SMTP authentication
+	SMTPAuthFile string
+
+	// SMTPAuth used for euthentication
+	SMTPAuth *htpasswd.File
 )
 
 // VerifyConfig wil do some basic checking
@@ -40,5 +63,71 @@ func VerifyConfig() error {
 		return errors.New("HTTP bind should be in the format of <ip>:<port>")
 	}
 
+	if UIAuthFile != "" {
+		if !isFile(UIAuthFile) {
+			return fmt.Errorf("HTTP password file not found: %s", UIAuthFile)
+		}
+
+		a, err := htpasswd.New(UIAuthFile, htpasswd.DefaultSystems, nil)
+		if err != nil {
+			return err
+		}
+		UIAuth = a
+	}
+
+	if UISSLCert != "" && UISSLKey == "" || UISSLCert == "" && UISSLKey != "" {
+		return errors.New("you must provide both a UI SSL certificate and a key")
+	}
+
+	if UISSLCert != "" {
+		if !isFile(UISSLCert) {
+			return fmt.Errorf("SSL certificate not found: %s", UISSLCert)
+		}
+
+		if !isFile(UISSLKey) {
+			return fmt.Errorf("SSL key not found: %s", UISSLKey)
+		}
+	}
+
+	if SMTPSSLCert != "" && SMTPSSLKey == "" || SMTPSSLCert == "" && SMTPSSLKey != "" {
+		return errors.New("you must provide both an SMTP SSL certificate and a key")
+	}
+
+	if SMTPSSLCert != "" {
+		if !isFile(SMTPSSLCert) {
+			return fmt.Errorf("SMTP SSL certificate not found: %s", SMTPSSLCert)
+		}
+
+		if !isFile(SMTPSSLKey) {
+			return fmt.Errorf("SMTP SSL key not found: %s", SMTPSSLKey)
+		}
+	}
+
+	if SMTPAuthFile != "" {
+		if !isFile(SMTPAuthFile) {
+			return fmt.Errorf("SMTP password file not found: %s", SMTPAuthFile)
+		}
+
+		if SMTPSSLCert == "" {
+			return errors.New("SMTP authentication requires SMTP encryption")
+		}
+
+		a, err := htpasswd.New(SMTPAuthFile, htpasswd.DefaultSystems, nil)
+		if err != nil {
+			return err
+		}
+		SMTPAuth = a
+	}
+
 	return nil
 }
+
+// IsFile returns if a path is a file
+func isFile(path string) bool {
+	info, err := os.Stat(path)
+	if os.IsNotExist(err) || !info.Mode().IsRegular() {
+		return false
+	}
+
+	return true
+}

go.mod

@@ -13,9 +13,11 @@ require (
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.5.0
 	github.com/spf13/pflag v1.0.5
+	github.com/tg123/go-htpasswd v1.2.0
 )
 
 require (
+	github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962 // indirect
 	github.com/cention-sany/utf7 v0.0.0-20170124080048-26cad61bd60a // indirect
 	github.com/cespare/xxhash v1.1.0 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
@@ -45,8 +47,9 @@ require (
 	github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	go.opencensus.io v0.23.0 // indirect
-	golang.org/x/net v0.0.0-20220728211354-c7608f3a8462 // indirect
-	golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect
+	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect
+	golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b // indirect
+	golang.org/x/sys v0.0.0-20220803195053-6e608f9ce704 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 )

go.sum

@@ -1,5 +1,7 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962 h1:KeNholpO2xKjgaaSyd+DyQRrsQjhbSeS7qe4nEw8aQw=
+github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962/go.mod h1:kC29dT1vFpj7py2OvG1khBdQpo3kInWP+6QipLbdngo=
 github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
@@ -175,6 +177,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
+github.com/tg123/go-htpasswd v1.2.0 h1:UKp34m9H467/xklxUxU15wKRru7fwXoTojtxg25ITF0=
+github.com/tg123/go-htpasswd v1.2.0/go.mod h1:h7IzlfpvIWnVJhNZ0nQ9HaFxHb7pn5uFJYLlEUJa2sM=
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU=
 github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc=
@@ -187,9 +191,12 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
 go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
 go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
 golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -206,8 +213,9 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210501142056-aec3718b3fa0/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
-golang.org/x/net v0.0.0-20220728211354-c7608f3a8462 h1:UreQrH7DbFXSi9ZFox6FNT3WBooWmdANpU+IfkT1T4I=
 golang.org/x/net v0.0.0-20220728211354-c7608f3a8462/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b h1:3ogNYyK4oIQdIKzTu68hQrr4iuVxF3AxKl9Aj/eDrw0=
+golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -226,8 +234,9 @@ golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 h1:WIoqL4EROvwiPdUtaip4VcDdpZ4kha7wBWZrbVKCIZg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220803195053-6e608f9ce704 h1:Y7NOhdqIOU8kYI7BxsgL38d0ot0raxvcW+EMQU2QrT4=
+golang.org/x/sys v0.0.0-20220803195053-6e608f9ce704/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

logger/logger.go

@@ -28,7 +28,7 @@ func Log() *logrus.Logger {
 		log.Out = os.Stdout
 		log.SetFormatter(&logrus.TextFormatter{
 			FullTimestamp:   true,
-			TimestampFormat: "15:04:05",
+			TimestampFormat: "2006/01/02 15:04:05",
 			ForceColors:     true,
 		})
 	}

server/server.go

@@ -34,28 +34,37 @@ func Listen() {
 	go websockets.MessageHub.Run()
 
 	r := mux.NewRouter()
-	r.HandleFunc("/api/mailboxes", gzipHandlerFunc(apiListMailboxes))
-	r.HandleFunc("/api/{mailbox}/messages", gzipHandlerFunc(apiListMailbox))
-	r.HandleFunc("/api/{mailbox}/search", gzipHandlerFunc(apiSearchMailbox))
-	r.HandleFunc("/api/{mailbox}/delete", gzipHandlerFunc(apiDeleteAll))
+	r.HandleFunc("/api/mailboxes", middleWareFunc(apiListMailboxes))
+	r.HandleFunc("/api/{mailbox}/messages", middleWareFunc(apiListMailbox))
+	r.HandleFunc("/api/{mailbox}/search", middleWareFunc(apiSearchMailbox))
+	r.HandleFunc("/api/{mailbox}/delete", middleWareFunc(apiDeleteAll))
 	r.HandleFunc("/api/{mailbox}/events", apiWebsocket)
-	r.HandleFunc("/api/{mailbox}/{id}/source", gzipHandlerFunc(apiDownloadSource))
-	r.HandleFunc("/api/{mailbox}/{id}/part/{partID}", gzipHandlerFunc(apiDownloadAttachment))
-	r.HandleFunc("/api/{mailbox}/{id}/delete", gzipHandlerFunc(apiDeleteOne))
-	r.HandleFunc("/api/{mailbox}/{id}/unread", gzipHandlerFunc(apiUnreadOne))
-	r.HandleFunc("/api/{mailbox}/{id}", gzipHandlerFunc(apiOpenMessage))
-	r.HandleFunc("/api/{mailbox}/search", gzipHandlerFunc(apiSearchMailbox))
-	r.PathPrefix("/").Handler(gzipHandler(http.FileServer(http.FS(serverRoot))))
+	r.HandleFunc("/api/{mailbox}/{id}/source", middleWareFunc(apiDownloadSource))
+	r.HandleFunc("/api/{mailbox}/{id}/part/{partID}", middleWareFunc(apiDownloadAttachment))
+	r.HandleFunc("/api/{mailbox}/{id}/delete", middleWareFunc(apiDeleteOne))
+	r.HandleFunc("/api/{mailbox}/{id}/unread", middleWareFunc(apiUnreadOne))
+	r.HandleFunc("/api/{mailbox}/{id}", middleWareFunc(apiOpenMessage))
+	r.PathPrefix("/").Handler(middlewareHandler(http.FileServer(http.FS(serverRoot))))
 	http.Handle("/", r)
 
-	if config.SSLCert != "" && config.SSLKey != "" {
+	if config.UIAuthFile != "" {
+		logger.Log().Info("[http] enabling web UI basic authentication")
+	}
+
+	if config.UISSLCert != "" && config.UISSLKey != "" {
 		logger.Log().Infof("[http] starting secure server on https://%s", config.HTTPListen)
-		log.Fatal(http.ListenAndServeTLS(config.HTTPListen, config.SSLCert, config.SSLKey, nil))
+		log.Fatal(http.ListenAndServeTLS(config.HTTPListen, config.UISSLCert, config.UISSLKey, nil))
 	} else {
 		logger.Log().Infof("[http] starting server on http://%s", config.HTTPListen)
 		log.Fatal(http.ListenAndServe(config.HTTPListen, nil))
 	}
+}
 
+// BasicAuthResponse returns an basic auth response to the browser
+func basicAuthResponse(w http.ResponseWriter) {
+	w.Header().Set("WWW-Authenticate", `Basic realm="Login"`)
+	w.WriteHeader(http.StatusUnauthorized)
+	w.Write([]byte("Unauthorised.\n"))
 }
 
 type gzipResponseWriter struct {
@@ -67,9 +76,24 @@ func (w gzipResponseWriter) Write(b []byte) (int, error) {
 	return w.Writer.Write(b)
 }
 
-// GzipHandlerFunc http middleware
-func gzipHandlerFunc(fn http.HandlerFunc) http.HandlerFunc {
+// MiddleWareFunc http middleware adds optional basic authentication
+// and gzip compression.
+func middleWareFunc(fn http.HandlerFunc) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
+		if config.UIAuthFile != "" {
+			user, pass, ok := r.BasicAuth()
+
+			if !ok {
+				basicAuthResponse(w)
+				return
+			}
+
+			if !config.UIAuth.Match(user, pass) {
+				basicAuthResponse(w)
+				return
+			}
+		}
+
 		if !strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
 			fn(w, r)
 			return
@@ -82,8 +106,25 @@ func gzipHandlerFunc(fn http.HandlerFunc) http.HandlerFunc {
 	}
 }
 
-func gzipHandler(h http.Handler) http.Handler {
+// MiddlewareHandler http middleware adds optional basic authentication
+// and gzip compression
+func middlewareHandler(h http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+
+		if config.UIAuthFile != "" {
+			user, pass, ok := r.BasicAuth()
+
+			if !ok {
+				basicAuthResponse(w)
+				return
+			}
+
+			if !config.UIAuth.Match(user, pass) {
+				basicAuthResponse(w)
+				return
+			}
+		}
+
 		if !strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
 			h.ServeHTTP(w, r)
 			return
@@ -95,14 +136,14 @@ func gzipHandler(h http.Handler) http.Handler {
 	})
 }
 
-// FourOFour returns a standard 404 meesage
+// FourOFour returns a basic 404 message
 func fourOFour(w http.ResponseWriter) {
 	w.WriteHeader(http.StatusNotFound)
 	w.Header().Set("Content-Type", "text/plain")
 	fmt.Fprint(w, "404 page not found")
 }
 
-// HTTPError returns a standard 404 meesage
+// HTTPError returns a basic error message (400 response)
 func httpError(w http.ResponseWriter, msg string) {
 	w.WriteHeader(http.StatusBadRequest)
 	w.Header().Set("Content-Type", "text/plain")

server/ui-src/App.vue

@@ -408,7 +408,7 @@ export default {
 				<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
 			</div>
 			<div class="modal-body">
-				This will permanently delete all messages.
+				This will permanently delete {{ formatNumber(total) }} message<span v-if="total > 1">s</span>.
 			</div>
 			<div class="modal-footer">
 				<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button>
@@ -418,5 +418,4 @@ export default {
 		</div>
 	</div>
 
-	
 </template>

server/ui-src/templates/Message.vue

@@ -80,7 +80,8 @@ export default {
 					<th>From</th>
 					<td>
 						<span v-if="message.From">
-							{{ message.From.Name + " <" + message.From.Address +">" }}
+							<span v-if="message.From.Name">{{ message.From.Name + " " }}</span>
+							<span v-if="message.From.Address">&lt;{{ message.From.Address }}&gt;</span>
 						</span>
 						<span v-else>
 							[ Unknown ]

server/websockets/client.go

@@ -9,6 +9,7 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/axllent/mailpit/config"
 	"github.com/gorilla/websocket"
 )
 
@@ -52,32 +53,6 @@ type Client struct {
 	send chan []byte
 }
 
-// // readPump pumps messages from the websocket connection to the hub.
-// //
-// // The application runs readPump in a per-connection goroutine. The application
-// // ensures that there is at most one reader on a connection by executing all
-// // reads from this goroutine.
-// func (c *Client) readPump() {
-// 	defer func() {
-// 		c.hub.unregister <- c
-// 		c.conn.Close()
-// 	}()
-// 	c.conn.SetReadLimit(maxMessageSize)
-// 	c.conn.SetReadDeadline(time.Now().Add(pongWait))
-// 	c.conn.SetPongHandler(func(string) error { c.conn.SetReadDeadline(time.Now().Add(pongWait)); return nil })
-// 	for {
-// 		_, message, err := c.conn.ReadMessage()
-// 		if err != nil {
-// 			if websocket.IsUnexpectedCloseError(err, websocket.CloseGoingAway) {
-// 				log.Printf("error: %v", err)
-// 			}
-// 			break
-// 		}
-// 		message = bytes.TrimSpace(bytes.Replace(message, newline, space, -1))
-// 		c.hub.Broadcast <- message
-// 	}
-// }
-
 // writePump pumps messages from the hub to the websocket connection.
 //
 // A goroutine running writePump is started for each connection. The
@@ -124,16 +99,39 @@ func (c *Client) writePump() {
 
 // ServeWs handles websocket requests from the peer.
 func ServeWs(hub *Hub, w http.ResponseWriter, r *http.Request) {
+	if config.UIAuthFile != "" {
+		if config.UIAuthFile != "" {
+			user, pass, ok := r.BasicAuth()
+
+			if !ok {
+				basicAuthResponse(w)
+				return
+			}
+
+			if !config.UIAuth.Match(user, pass) {
+				basicAuthResponse(w)
+				return
+			}
+		}
+	}
+
 	conn, err := upgrader.Upgrade(w, r, nil)
 	if err != nil {
 		log.Println(err)
 		return
 	}
+
 	client := &Client{hub: hub, conn: conn, send: make(chan []byte, 256)}
 	client.hub.register <- client
 
 	// Allow collection of memory referenced by the caller by doing all work in
 	// new goroutines.
 	go client.writePump()
-	// go client.readPump()
+}
+
+// BasicAuthResponse returns an basic auth response to the browser
+func basicAuthResponse(w http.ResponseWriter) {
+	w.Header().Set("WWW-Authenticate", `Basic realm="Login"`)
+	w.WriteHeader(http.StatusUnauthorized)
+	w.Write([]byte("Unauthorised.\n"))
 }

smtpd/smtpd.go

@@ -4,11 +4,12 @@ import (
 	"bytes"
 	"net"
 	"net/mail"
+	"regexp"
 
 	"github.com/axllent/mailpit/config"
 	"github.com/axllent/mailpit/logger"
 	"github.com/axllent/mailpit/storage"
-	s "github.com/mhale/smtpd"
+	"github.com/mhale/smtpd"
 )
 
 func mailHandler(origin net.Addr, from string, to []string, data []byte) error {
@@ -19,7 +20,15 @@ func mailHandler(origin net.Addr, from string, to []string, data []byte) error {
 	}
 
 	if _, err := storage.Store(storage.DefaultMailbox, data); err != nil {
-		logger.Log().Errorf("error storing message: %s", err.Error())
+		// Value with size 4800709 exceeded 1048576 limit
+		re := regexp.MustCompile(`(Value with size \d+ exceeded \d+ limit)`)
+		tooLarge := re.FindStringSubmatch(err.Error())
+		if len(tooLarge) > 0 {
+			logger.Log().Errorf("[db] error storing message: %s", tooLarge[0])
+		} else {
+			logger.Log().Errorf("[db] error storing message")
+			logger.Log().Errorf(err.Error())
+		}
 		return err
 	}
 
@@ -28,12 +37,45 @@ func mailHandler(origin net.Addr, from string, to []string, data []byte) error {
 	return nil
 }
 
+func authHandler(remoteAddr net.Addr, mechanism string, username []byte, password []byte, shared []byte) (bool, error) {
+	return config.SMTPAuth.Match(string(username), string(password)), nil
+}
+
 // Listen starts the SMTPD server
 func Listen() error {
-	logger.Log().Infof("[smtp] starting on %s", config.SMTPListen)
-	if err := s.ListenAndServe(config.SMTPListen, mailHandler, "Mailpit", ""); err != nil {
-		return err
+	if config.SMTPSSLCert != "" {
+		logger.Log().Info("[smtp] enabling TLS")
+	}
+	if config.SMTPAuthFile != "" {
+		logger.Log().Info("[smtp] enabling authentication")
 	}
 
-	return nil
+	logger.Log().Infof("[smtp] starting on %s", config.SMTPListen)
+
+	return listenAndServe(config.SMTPListen, mailHandler, authHandler)
+}
+
+func listenAndServe(addr string, handler smtpd.Handler, authHandler smtpd.AuthHandler) error {
+	srv := &smtpd.Server{
+		Addr:         addr,
+		Handler:      handler,
+		Appname:      "Mailpit",
+		Hostname:     "",
+		AuthHandler:  nil,
+		AuthRequired: false,
+	}
+
+	if config.SMTPAuthFile != "" {
+		srv.AuthHandler = authHandler
+		srv.AuthRequired = true
+	}
+
+	if config.SMTPSSLCert != "" {
+		err := srv.ConfigureTLS(config.SMTPSSLCert, config.SMTPSSLKey)
+		if err != nil {
+			return err
+		}
+	}
+
+	return srv.ListenAndServe()
 }

storage/database.go

@@ -185,6 +185,8 @@ func Store(mailbox string, b []byte) (string, error) {
 	fromData := addressToSlice(env, "From")
 	if len(fromData) > 0 {
 		from = fromData[0]
+	} else if env.GetHeader("From") != "" {
+		from = &mail.Address{Name: env.GetHeader("From")}
 	}
 
 	obj := CloverStore{
@@ -207,6 +209,8 @@ func Store(mailbox string, b []byte) (string, error) {
 		return "", err
 	}
 
+	statsAddNewMessage(mailbox)
+
 	// save the raw email in a separate collection
 	raw := clover.NewDocument()
 	raw.Set("_id", id)
@@ -216,15 +220,14 @@ func Store(mailbox string, b []byte) (string, error) {
 	if err != nil {
 		// delete the summary because the data insert failed
 		logger.Log().Debugf("[db] error inserting raw message, rolling back")
-		_ = DeleteOneMessage(mailbox, id)
+		DeleteOneMessage(mailbox, id)
+
 		return "", err
 	}
 
-	statsAddNewMessage(mailbox)
-
 	count++
 	if count%100 == 0 {
-		logger.Log().Infof("%d messages added (%s per 100)", count, time.Since(per100start))
+		logger.Log().Infof("100 messages added in %s", time.Since(per100start))
 
 		per100start = time.Now()
 	}
@@ -311,7 +314,7 @@ func List(mailbox string, start, limit int) ([]data.Summary, error) {
 
 // Search returns a summary of items mathing a search. It searched the SearchText field.
 func Search(mailbox, search string, start, limit int) ([]data.Summary, error) {
-	sq := fmt.Sprintf("(?i)%s", regexp.QuoteMeta(search))
+	sq := fmt.Sprintf("(?i)%s", cleanString(regexp.QuoteMeta(search)))
 	q, err := db.FindAll(clover.NewQuery(mailbox).
 		Skip(start).
 		Limit(limit).
@@ -324,12 +327,12 @@ func Search(mailbox, search string, start, limit int) ([]data.Summary, error) {
 	results := []data.Summary{}
 
 	for _, d := range q {
-		cs := &CloverStore{}
+		cs := &data.Summary{}
 		if err := d.Unmarshal(cs); err != nil {
 			return nil, err
 		}
-
-		results = append(results, cs.Summary(d.ObjectId()))
+		cs.ID = d.ObjectId()
+		results = append(results, *cs)
 	}
 
 	return results, nil
@@ -348,25 +351,6 @@ func CountUnread(mailbox string) (int, error) {
 	)
 }
 
-// Summary generated a message summary. ID must be supplied
-// as this is not stored within the CloverStore but rather the
-// *clover.Document
-func (c *CloverStore) Summary(id string) data.Summary {
-	s := data.Summary{
-		ID:          id,
-		From:        c.From,
-		To:          c.To,
-		Cc:          c.Cc,
-		Bcc:         c.Bcc,
-		Subject:     c.Subject,
-		Created:     c.Created,
-		Size:        c.Size,
-		Attachments: c.Attachments,
-	}
-
-	return s
-}
-
 // GetMessage returns a data.Message generated from the {mailbox}_data collection.
 // ID must be supplied as this is not stored within the CloverStore but rather the
 // *clover.Document
@@ -393,12 +377,11 @@ func GetMessage(mailbox, id string) (*data.Message, error) {
 	fromData := addressToSlice(env, "From")
 	if len(fromData) > 0 {
 		from = fromData[0]
+	} else if env.GetHeader("From") != "" {
+		from = &mail.Address{Name: env.GetHeader("From")}
 	}
 
-	date, err := env.Date()
-	if err != nil {
-		// date =
-	}
+	date, _ := env.Date()
 
 	obj := data.Message{
 		ID:      q.ObjectId(),
@@ -518,11 +501,18 @@ func UnreadMessage(mailbox, id string) error {
 
 // DeleteOneMessage will delete a single message from a mailbox
 func DeleteOneMessage(mailbox, id string) error {
+	q, err := db.FindById(mailbox, id)
+	if err != nil {
+		return err
+	}
+
+	unreadStatus := !q.Get("Read").(bool)
+
 	if err := db.DeleteById(mailbox, id); err != nil {
 		return err
 	}
 
-	statsDeleteOneMessage(mailbox)
+	statsDeleteOneMessage(mailbox, unreadStatus)
 
 	return db.DeleteById(mailbox+"_data", id)
 }

storage/database_test.go

@@ -1,12 +1,17 @@
 package storage
 
 import (
+	"bytes"
 	"fmt"
 	"io/ioutil"
+	"math/rand"
+	"os"
+	"path"
 	"testing"
 	"time"
 
 	"github.com/axllent/mailpit/config"
+	"github.com/jhillyerd/enmime"
 )
 
 var (
@@ -15,8 +20,10 @@ var (
 )
 
 func TestTextEmailInserts(t *testing.T) {
-	setup()
+	setup(false)
+	t.Log("Testing memory storage")
 
+RepeatTest:
 	start := time.Now()
 	for i := 0; i < 1000; i++ {
 		if _, err := Store(DefaultMailbox, testTextEmail); err != nil {
@@ -52,11 +59,20 @@ func TestTextEmailInserts(t *testing.T) {
 	t.Logf("deleted 1,000 text emails in %s\n", time.Since(delStart))
 
 	db.Close()
+	if config.DataDir == "" {
+		setup(true)
+		t.Logf("Testing physical storage to %s", config.DataDir)
+		defer os.RemoveAll(config.DataDir)
+		goto RepeatTest
+	}
+
 }
 
 func TestMimeEmailInserts(t *testing.T) {
-	setup()
+	setup(false)
+	t.Log("Testing memory storage")
 
+RepeatTest:
 	start := time.Now()
 	for i := 0; i < 1000; i++ {
 		if _, err := Store(DefaultMailbox, testMimeEmail); err != nil {
@@ -92,11 +108,19 @@ func TestMimeEmailInserts(t *testing.T) {
 	t.Logf("deleted 1,000 mime emails in %s\n", time.Since(delStart))
 
 	db.Close()
+	if config.DataDir == "" {
+		setup(true)
+		t.Logf("Testing physical storage to %s", config.DataDir)
+		defer os.RemoveAll(config.DataDir)
+		goto RepeatTest
+	}
 }
 
 func TestRetrieveMimeEmail(t *testing.T) {
-	setup()
+	setup(false)
+	t.Log("Testing memory storage")
 
+RepeatTest:
 	id, err := Store(DefaultMailbox, testMimeEmail)
 	if err != nil {
 		t.Log("error ", err)
@@ -123,10 +147,98 @@ func TestRetrieveMimeEmail(t *testing.T) {
 	assertEqual(t, len(attachmentData.Content), msg.Attachments[0].Size, "attachment size does not match")
 	inlineData, err := GetAttachmentPart(DefaultMailbox, id, msg.Inline[0].PartID)
 	assertEqual(t, len(inlineData.Content), msg.Inline[0].Size, "inline attachment size does not match")
+
+	db.Close()
+
+	if config.DataDir == "" {
+		setup(true)
+		t.Logf("Testing physical storage to %s", config.DataDir)
+		defer os.RemoveAll(config.DataDir)
+		goto RepeatTest
+	}
+}
+
+func TestSearch(t *testing.T) {
+	setup(false)
+	t.Log("Testing memory storage")
+
+RepeatTest:
+	for i := 0; i < 1000; i++ {
+		msg := enmime.Builder().
+			From(fmt.Sprintf("From %d", i), fmt.Sprintf("from-%d@example.com", i)).
+			Subject(fmt.Sprintf("Subject line %d end", i)).
+			Text([]byte(fmt.Sprintf("This is the email body %d <jdsauk;dwqmdqw;>.", i))).
+			To(fmt.Sprintf("To %d", i), fmt.Sprintf("to-%d@example.com", i))
+
+		env, err := msg.Build()
+		if err != nil {
+			t.Log("error ", err)
+			t.Fail()
+		}
+
+		buf := new(bytes.Buffer)
+
+		if err := env.Encode(buf); err != nil {
+			t.Log("error ", err)
+			t.Fail()
+		}
+
+		if _, err := Store(DefaultMailbox, buf.Bytes()); err != nil {
+			t.Log("error ", err)
+			t.Fail()
+		}
+	}
+
+	for i := 1; i < 101; i++ {
+		// search a random something that will return a single result
+		searchIndx := rand.Intn(4) + 1
+		var search string
+		switch searchIndx {
+		case 1:
+			search = fmt.Sprintf("from-%d@example.com", i)
+		case 2:
+			search = fmt.Sprintf("to-%d@example.com", i)
+		case 3:
+			search = fmt.Sprintf("Subject line %d end", i)
+		default:
+			search = fmt.Sprintf("the email body %d jdsauk dwqmdqw", i)
+		}
+
+		summaries, err := Search(DefaultMailbox, search, 0, 200)
+		if err != nil {
+			t.Log("error ", err)
+			t.Fail()
+		}
+
+		assertEqual(t, len(summaries), 1, "1 search result expected")
+
+		assertEqual(t, summaries[0].From.Name, fmt.Sprintf("From %d", i), "\"From\" name does not match")
+		assertEqual(t, summaries[0].From.Address, fmt.Sprintf("from-%d@example.com", i), "\"From\" address does not match")
+		assertEqual(t, summaries[0].To[0].Name, fmt.Sprintf("To %d", i), "\"To\" name does not match")
+		assertEqual(t, summaries[0].To[0].Address, fmt.Sprintf("to-%d@example.com", i), "\"To\" address does not match")
+		assertEqual(t, summaries[0].Subject, fmt.Sprintf("Subject line %d end", i), "\"Subject\" does not match")
+	}
+
+	// search something that will return 200 rsults
+	summaries, err := Search(DefaultMailbox, "This is the email body", 0, 200)
+	if err != nil {
+		t.Log("error ", err)
+		t.Fail()
+	}
+	assertEqual(t, len(summaries), 200, "200 search results expected")
+
+	db.Close()
+
+	if config.DataDir == "" {
+		setup(true)
+		t.Logf("Testing physical storage to %s", config.DataDir)
+		defer os.RemoveAll(config.DataDir)
+		goto RepeatTest
+	}
 }
 
 func BenchmarkImportText(b *testing.B) {
-	setup()
+	setup(false)
 
 	for i := 0; i < b.N; i++ {
 		if _, err := Store(DefaultMailbox, testTextEmail); err != nil {
@@ -139,7 +251,7 @@ func BenchmarkImportText(b *testing.B) {
 }
 
 func BenchmarkImportMime(b *testing.B) {
-	setup()
+	setup(false)
 
 	for i := 0; i < b.N; i++ {
 		if _, err := Store(DefaultMailbox, testMimeEmail); err != nil {
@@ -150,9 +262,16 @@ func BenchmarkImportMime(b *testing.B) {
 	db.Close()
 }
 
-func setup() {
+func setup(dataDir bool) {
 	config.NoLogging = true
 	config.MaxMessages = 0
+
+	if dataDir {
+		config.DataDir = fmt.Sprintf("%s-%d", path.Join(os.TempDir(), "mailpit-tests"), time.Now().UnixNano())
+	} else {
+		config.DataDir = ""
+	}
+
 	if err := InitDB(); err != nil {
 		panic(err)
 	}
@@ -168,7 +287,6 @@ func setup() {
 	if err != nil {
 		panic(err)
 	}
-
 }
 
 func assertEqual(t *testing.T, a interface{}, b interface{}, message string) {

storage/stats.go

@@ -63,13 +63,23 @@ func statsAddNewMessage(mailbox string) {
 	statsLock.Unlock()
 }
 
-// Deleting one will always mean it was read
-func statsDeleteOneMessage(mailbox string) {
+// Delete one message from the totals. If the message was unread,
+// then it will also deduct one from the Unread status.
+func statsDeleteOneMessage(mailbox string, unread bool) {
 	statsLock.Lock()
 	s, ok := mailboxStats[mailbox]
 	if ok {
+		// deduct from the totals
+		if s.Total > 0 {
+			s.Total = s.Total - 1
+		}
+		// only deduct if the original was unread
+		if unread && s.Unread > 0 {
+			s.Unread = s.Unread - 1
+		}
+
 		mailboxStats[mailbox] = data.MailboxStats{
-			Total:  s.Total - 1,
+			Total:  s.Total,
 			Unread: s.Unread,
 		}
 	}

storage/utils.go

@@ -42,17 +42,20 @@ func createSearchText(env *enmime.Envelope) string {
 		b.WriteString(a.FileName + " ")
 	}
 
-	d := b.String()
-
-	// remove/replace new lines
-	re := regexp.MustCompile(`(\r?\n|\t|>|<|"|:|\,|;)`)
-	d = re.ReplaceAllString(d, " ")
-	// remove duplicate whitespace and trim
-	d = strings.ToLower(strings.Join(strings.Fields(strings.TrimSpace(d)), " "))
+	d := cleanString(b.String())
 
 	return d
 }
 
+// cleanString removed unwanted characters from stored search text and search queries
+func cleanString(str string) string {
+	// remove/replace new lines
+	re := regexp.MustCompile(`(\r?\n|\t|>|<|"|:|\,|;)`)
+	str = re.ReplaceAllString(str, " ")
+	// remove duplicate whitespace and trim
+	return strings.ToLower(strings.Join(strings.Fields(strings.TrimSpace(str)), " "))
+}
+
 // Auto-prune runs every 5 minutes to automatically delete oldest messages
 // if total is greater than the threshold
 func pruneCron() {