Merge branch 'release/v1.6.14'

@see #119

CHANGELOG.md

@@ -2,6 +2,74 @@
 
 Notable changes to Mailpit will be documented in this file.
 
+## [v1.6.14]
+
+### Feature
+- Add ability to delete or mark search results read
+- Set tags via X-Tags message header
+
+### Libs
+- Update node modules
+
+
+## [v1.6.13]
+
+### Feature
+- Add SMTP LOGIN authentication method for message relay
+
+
+## [v1.6.12]
+
+### Feature
+- Add Message-Id to MessageSummary ([#116](https://github.com/axllent/mailpit/issues/116))
+
+### Swagger
+- Update swagger field descriptions, add MessageID
+
+
+## [v1.6.11]
+
+### Libs
+- Update node modules
+- Update Go modules
+
+### UI
+- Check for secure context instead of HTTPS ([#114](https://github.com/axllent/mailpit/issues/114))
+
+
+## [v1.6.10]
+
+### Libs
+- Update node modules
+- Update Go modules
+
+### UI
+- Remove "Noto Color Emoji" from default bootstrap font list
+
+
+## [v1.6.9]
+
+### API
+- Return blank 200 response for OPTIONS requests (CORS)
+
+### Bugfix
+- Correctly escape JS cid regex
+
+### Libs
+- Update node modules
+- Update Go modules
+
+
+## [v1.6.8]
+
+### Bugfix
+- Fix Date display when message doesn't contain a Date header
+
+### Feature
+- Add allowlist to filter recipients before relaying messages ([#109](https://github.com/axllent/mailpit/issues/109))
+- Add `-S` short flag for sendmail `--smtp-addr`
+
+
 ## [v1.6.7]
 
 ### Bugfix

README.md

@@ -24,11 +24,11 @@ Mailpit is inspired by [MailHog](#why-rewrite-mailhog), but much, much faster.
 - Advanced mail search ([see wiki](https://github.com/axllent/mailpit/wiki/Mail-search))
 - Message tagging ([see wiki](https://github.com/axllent/mailpit/wiki/Tagging))
 - Real-time web UI updates using web sockets for new mail
-- Optional browser notifications for new mail (HTTPS only)
+- Optional browser notifications for new mail (HTTPS and `localhost` only)
 - Configurable automatic email pruning (default keeps the most recent 500 emails)
 - Email storage either in a temporary or persistent database ([see wiki](https://github.com/axllent/mailpit/wiki/Email-storage))
 - Fast SMTP processing & storing - approximately 70-100 emails per second depending on CPU, network speed & email size, easily handling tens of thousands of emails
-- SMTP relaying / message release - relay messages via a different SMTP server ([see wiki](https://github.com/axllent/mailpit/wiki/SMTP-relay))
+- SMTP relaying / message release - relay messages via a different SMTP server including an optional allowlist of accepted recipients ([see wiki](https://github.com/axllent/mailpit/wiki/SMTP-relay))
 - Optional SMTP with STARTTLS & SMTP authentication, including an "accept anything" mode ([see wiki](https://github.com/axllent/mailpit/wiki/SMTP-with-STARTTLS-and-authentication))
 - Optional HTTPS for web UI ([see wiki](https://github.com/axllent/mailpit/wiki/HTTPS))
 - Optional basic authentication for web UI ([see wiki](https://github.com/axllent/mailpit/wiki/Basic-authentication))

cmd/sendmail.go

@@ -27,7 +27,7 @@ func init() {
 
 	// these are simply repeated for cli consistency
 	sendmailCmd.Flags().StringVarP(&fromAddr, "from", "f", fromAddr, "SMTP sender")
-	sendmailCmd.Flags().StringVar(&smtpAddr, "smtp-addr", smtpAddr, "SMTP server address")
+	sendmailCmd.Flags().StringVarP(&smtpAddr, "smtp-addr", "S", smtpAddr, "SMTP server address")
 	sendmailCmd.Flags().BoolVarP(&sendmail.Verbose, "verbose", "v", false, "Verbose mode (sends debug output to stderr)")
 	sendmailCmd.Flags().BoolP("long-b", "b", false, "Ignored. This flag exists for sendmail compatibility.")
 	sendmailCmd.Flags().BoolP("long-i", "i", false, "Ignored. This flag exists for sendmail compatibility.")

config/config.go

@@ -11,6 +11,7 @@ import (
 	"strings"
 
 	"github.com/axllent/mailpit/utils/logger"
+	"github.com/axllent/mailpit/utils/tools"
 	"github.com/mattn/go-shellwords"
 	"github.com/tg123/go-htpasswd"
 	"gopkg.in/yaml.v3"
@@ -41,7 +42,7 @@ var (
 	// UIAuthFile for basic authentication
 	UIAuthFile string
 
-	// UIAuth used for euthentication
+	// UIAuth used for authentication
 	UIAuth *htpasswd.File
 
 	// Webroot to define the base path for the UI and API
@@ -71,8 +72,8 @@ var (
 	// SMTPCLITags is used to map the CLI args
 	SMTPCLITags string
 
-	// TagRegexp is the allowed tag characters
-	TagRegexp = regexp.MustCompile(`^([a-zA-Z0-9\-\ \_]){3,}$`)
+	// ValidTagRegexp represents a valid tag
+	ValidTagRegexp = regexp.MustCompile(`^([a-zA-Z0-9\-\ \_]){3,}$`)
 
 	// SMTPTags are expressions to apply tags to new mail
 	SMTPTags []AutoTag
@@ -86,7 +87,7 @@ var (
 	// ReleaseEnabled is whether message releases are enabled, requires a valid SMTPRelayConfigFile
 	ReleaseEnabled = false
 
-	// SMTPRelayAllIncoming is whether to relay all incoming messages via preconfgured SMTP server.
+	// SMTPRelayAllIncoming is whether to relay all incoming messages via pre-configured SMTP server.
 	// Use with extreme caution!
 	SMTPRelayAllIncoming = false
 
@@ -111,15 +112,17 @@ type AutoTag struct {
 
 // SMTPRelayConfigStruct struct for parsing yaml & storing variables
 type smtpRelayConfigStruct struct {
-	Host          string `yaml:"host"`
-	Port          int    `yaml:"port"`
-	STARTTLS      bool   `yaml:"starttls"`
-	AllowInsecure bool   `yaml:"allow-insecure"`
-	Auth          string `yaml:"auth"`        // none, plain, cram-md5
-	Username      string `yaml:"username"`    // plain & cram-md5
-	Password      string `yaml:"password"`    // plain
-	Secret        string `yaml:"secret"`      // cram-md5
-	ReturnPath    string `yaml:"return-path"` // allows overriding the boune address
+	Host                     string `yaml:"host"`
+	Port                     int    `yaml:"port"`
+	STARTTLS                 bool   `yaml:"starttls"`
+	AllowInsecure            bool   `yaml:"allow-insecure"`
+	Auth                     string `yaml:"auth"`                // none, plain, login, cram-md5
+	Username                 string `yaml:"username"`            // plain & cram-md5
+	Password                 string `yaml:"password"`            // plain
+	Secret                   string `yaml:"secret"`              // cram-md5
+	ReturnPath               string `yaml:"return-path"`         // allow overriding the bounce address
+	RecipientAllowlist       string `yaml:"recipient-allowlist"` // regex, if set needs to match for mails to be relayed
+	RecipientAllowlistRegexp *regexp.Regexp
 }
 
 // VerifyConfig wil do some basic checking
@@ -217,8 +220,8 @@ func VerifyConfig() error {
 		for _, a := range args {
 			t := strings.Split(a, "=")
 			if len(t) > 1 {
-				tag := strings.TrimSpace(t[0])
-				if !TagRegexp.MatchString(tag) || len(tag) == 0 {
+				tag := tools.CleanTag(t[0])
+				if !ValidTagRegexp.MatchString(tag) || len(tag) == 0 {
 					return fmt.Errorf("Invalid tag (%s) - can only contain spaces, letters, numbers, - & _", tag)
 				}
 				match := strings.TrimSpace(strings.ToLower(strings.Join(t[1:], "=")))
@@ -283,6 +286,11 @@ func parseRelayConfig(c string) error {
 		if SMTPRelayConfig.Username == "" || SMTPRelayConfig.Password == "" {
 			return fmt.Errorf("SMTP relay host username or password not set for PLAIN authentication (%s)", c)
 		}
+	} else if SMTPRelayConfig.Auth == "login" {
+		SMTPRelayConfig.Auth = "login"
+		if SMTPRelayConfig.Username == "" || SMTPRelayConfig.Password == "" {
+			return fmt.Errorf("SMTP relay host username or password not set for LOGIN authentication (%s)", c)
+		}
 	} else if strings.HasPrefix(SMTPRelayConfig.Auth, "cram") {
 		SMTPRelayConfig.Auth = "cram-md5"
 		if SMTPRelayConfig.Username == "" || SMTPRelayConfig.Secret == "" {
@@ -296,6 +304,18 @@ func parseRelayConfig(c string) error {
 
 	logger.Log().Infof("[smtp] enabling message relaying via %s:%d", SMTPRelayConfig.Host, SMTPRelayConfig.Port)
 
+	allowlistRegexp, err := regexp.Compile(SMTPRelayConfig.RecipientAllowlist)
+
+	if SMTPRelayConfig.RecipientAllowlist != "" {
+		if err != nil {
+			return fmt.Errorf("failed to compile recipient allowlist regexp: %e", err)
+		}
+
+		SMTPRelayConfig.RecipientAllowlistRegexp = allowlistRegexp
+		logger.Log().Infof("[smtp] recipient allowlist is active with the following regexp: %s", SMTPRelayConfig.RecipientAllowlist)
+
+	}
+
 	return nil
 }
 

docs/apiv1/Message.md

@@ -15,6 +15,7 @@ Returns a JSON summary of the message and attachments.
 ```json
 {
   "ID": "d7a5543b-96dd-478b-9b60-2b465c9884de",
+  "MessageID": "12345.67890@localhost",
   "Read": true,
   "From": {
     "Name": "John Doe",
@@ -31,6 +32,7 @@ Returns a JSON summary of the message and attachments.
   "ReplyTo": [],
   "Subject": "Message subject",
   "Date": "2016-09-07T16:46:00+13:00",
+  "Tags": ["test"],
   "Text": "Plain text MIME part of the email",
   "HTML": "HTML MIME part (if exists)",
   "Size": 79499,

docs/apiv1/Messages.md

@@ -31,9 +31,11 @@ List messages in the mailbox. Messages are returned in the order of latest recei
   "unread": 500,
   "count": 50,
   "start": 0,
+  "tags": ["test"],
   "messages": [
     {
       "ID": "1c575821-70ba-466f-8cee-2e1cf0fcdd0f",
+      "MessageID": "12345.67890@localhost",
       "Read": false,
       "From": {
         "Name": "John Doe",
@@ -54,6 +56,7 @@ List messages in the mailbox. Messages are returned in the order of latest recei
       "Bcc": [],
       "Subject": "Message subject",
       "Created": "2022-10-03T21:35:32.228605299+13:00",
+      "Tags": ["test"],
       "Size": 6144,
       "Attachments": 0
     },

docs/apiv1/Search.md

@@ -30,6 +30,7 @@ Matching messages are returned in the order of latest received to oldest.
   "messages": [
     {
       "ID": "1c575821-70ba-466f-8cee-2e1cf0fcdd0f",
+      "MessageID": "12345.67890@localhost",
       "Read": false,
       "From": {
         "Name": "John Doe",

go.mod

@@ -9,13 +9,13 @@ require (
 	github.com/gorilla/mux v1.8.0
 	github.com/gorilla/websocket v1.5.0
 	github.com/jhillyerd/enmime v0.11.1
-	github.com/k3a/html2text v1.1.0
+	github.com/k3a/html2text v1.2.1
 	github.com/klauspost/compress v1.16.5
 	github.com/leporo/sqlf v1.4.0
 	github.com/mattn/go-shellwords v1.0.12
 	github.com/mhale/smtpd v0.8.0
 	github.com/satori/go.uuid v1.2.0
-	github.com/sirupsen/logrus v1.9.0
+	github.com/sirupsen/logrus v1.9.2
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
 	github.com/tg123/go-htpasswd v1.2.1
@@ -36,7 +36,7 @@ require (
 	github.com/jaytaylor/html2text v0.0.0-20230321000545-74c2419ad056 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
 	github.com/kr/pretty v0.3.0 // indirect
-	github.com/mattn/go-isatty v0.0.18 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
@@ -44,17 +44,17 @@ require (
 	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
-	golang.org/x/crypto v0.8.0 // indirect
+	golang.org/x/crypto v0.9.0 // indirect
 	golang.org/x/image v0.7.0 // indirect
 	golang.org/x/mod v0.10.0 // indirect
-	golang.org/x/net v0.9.0 // indirect
-	golang.org/x/sys v0.7.0 // indirect
-	golang.org/x/tools v0.8.0 // indirect
+	golang.org/x/net v0.10.0 // indirect
+	golang.org/x/sys v0.8.0 // indirect
+	golang.org/x/tools v0.9.1 // indirect
 	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
 	lukechampine.com/uint128 v1.3.0 // indirect
 	modernc.org/cc/v3 v3.40.0 // indirect
 	modernc.org/ccgo/v3 v3.16.13 // indirect
-	modernc.org/libc v1.22.5 // indirect
+	modernc.org/libc v1.22.6 // indirect
 	modernc.org/mathutil v1.5.0 // indirect
 	modernc.org/memory v1.5.0 // indirect
 	modernc.org/opt v0.1.3 // indirect

go.sum

@@ -61,8 +61,8 @@ github.com/jhillyerd/enmime v0.11.1 h1:U6ToGVxfxNQQhKrAaGxtwOf7Zqksb8AQ3j1CyAWOk
 github.com/jhillyerd/enmime v0.11.1/go.mod h1:EktNOa/V6ka9yCrfoB2uxgefp1lno6OVdszW0iQ5LnM=
 github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/k3a/html2text v1.1.0 h1:ks4hKSTdiTRsLr0DM771mI5TvsoG6zH7m1Ulv7eJRHw=
-github.com/k3a/html2text v1.1.0/go.mod h1:ieEXykM67iT8lTvEWBh6fhpH4B23kB9OMKPdIBmgUqA=
+github.com/k3a/html2text v1.2.1 h1:nvnKgBvBR/myqrwfLuiqecUtaK1lB9hGziIJKatNFVY=
+github.com/k3a/html2text v1.2.1/go.mod h1:ieEXykM67iT8lTvEWBh6fhpH4B23kB9OMKPdIBmgUqA=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
 github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
@@ -76,8 +76,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leporo/sqlf v1.4.0 h1:SyWnX/8GSGOzVmanG0Ub1c04mR9nNl6Tq3IeFKX2/4c=
 github.com/leporo/sqlf v1.4.0/go.mod h1:pgN9yKsAnQ+2ewhbZogr98RcasUjPsHF3oXwPPhHvBw=
-github.com/mattn/go-isatty v0.0.18 h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp98=
-github.com/mattn/go-isatty v0.0.18/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
 github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
@@ -104,8 +104,8 @@ github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTE
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
-github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.9.2 h1:oxx1eChJGI6Uks2ZC4W1zpLlVgqB8ner4EuQwV4Ik1Y=
+github.com/sirupsen/logrus v1.9.2/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
@@ -131,8 +131,8 @@ github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyC
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
-golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
+golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
+golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
 golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.7.0 h1:gzS29xtG1J5ybQlv0PuyfE3nmc6R4qB73m6LUUmvFuw=
 golang.org/x/image v0.7.0/go.mod h1:nd/q4ef1AKKYl/4kft7g+6UyGbdiqWqTP1ZAbRoV7Rg=
@@ -145,12 +145,12 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
-golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
+golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -159,8 +159,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
-golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
@@ -175,8 +175,8 @@ golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y=
-golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4=
+golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo=
+golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -194,25 +194,19 @@ modernc.org/ccgo/v3 v3.16.13 h1:Mkgdzl46i5F/CNR/Kj80Ri59hC8TKAhZrYSaqvkwzUw=
 modernc.org/ccgo/v3 v3.16.13/go.mod h1:2Quk+5YgpImhPjv2Qsob1DnZ/4som1lJTodubIcoUkY=
 modernc.org/ccorpus v1.11.6 h1:J16RXiiqiCgua6+ZvQot4yUuUy8zxgqbqEEUuGPlISk=
 modernc.org/httpfs v1.0.6 h1:AAgIpFZRXuYnkjftxTAZwMIiwEqAfk8aVB2/oA6nAeM=
-modernc.org/libc v1.22.4 h1:wymSbZb0AlrjdAVX3cjreCHTPCpPARbQXNz6BHPzdwQ=
-modernc.org/libc v1.22.4/go.mod h1:jj+Z7dTNX8fBScMVNRAYZ/jF91K8fdT2hYMThc3YjBY=
-modernc.org/libc v1.22.5 h1:91BNch/e5B0uPbJFgqbxXuOnxBQjlS//icfQEGmvyjE=
-modernc.org/libc v1.22.5/go.mod h1:jj+Z7dTNX8fBScMVNRAYZ/jF91K8fdT2hYMThc3YjBY=
+modernc.org/libc v1.22.6 h1:cbXU8R+A6aOjRuhsFh3nbDWXO/Hs4ClJRXYB11KmPDo=
+modernc.org/libc v1.22.6/go.mod h1:jj+Z7dTNX8fBScMVNRAYZ/jF91K8fdT2hYMThc3YjBY=
 modernc.org/mathutil v1.5.0 h1:rV0Ko/6SfM+8G+yKiyI830l3Wuz1zRutdslNoQ0kfiQ=
 modernc.org/mathutil v1.5.0/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
 modernc.org/memory v1.5.0 h1:N+/8c5rE6EqugZwHii4IFsaJ7MUhoWX07J5tC/iI5Ds=
 modernc.org/memory v1.5.0/go.mod h1:PkUhL0Mugw21sHPeskwZW4D6VscE/GQJOnIpCnW6pSU=
 modernc.org/opt v0.1.3 h1:3XOZf2yznlhC+ibLltsDGzABUGVx8J6pnFMS3E4dcq4=
 modernc.org/opt v0.1.3/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0=
-modernc.org/sqlite v1.21.2 h1:ixuUG0QS413Vfzyx6FWx6PYTmHaOegTY+hjzhn7L+a0=
-modernc.org/sqlite v1.21.2/go.mod h1:cxbLkB5WS32DnQqeH4h4o1B0eMr8W/y8/RGuxQ3JsC0=
 modernc.org/sqlite v1.22.1 h1:P2+Dhp5FR1RlVRkQ3dDfCiv3Ok8XPxqpe70IjYVA9oE=
 modernc.org/sqlite v1.22.1/go.mod h1:OrDj17Mggn6MhE+iPbBNf7RGKODDE9NFT0f3EwDzJqk=
 modernc.org/strutil v1.1.3 h1:fNMm+oJklMGYfU9Ylcywl0CO5O6nTfaowNsh2wpPjzY=
 modernc.org/strutil v1.1.3/go.mod h1:MEHNA7PdEnEwLvspRMtWTNnp2nnyvMfkimT1NKNAGbw=
-modernc.org/tcl v1.15.1 h1:mOQwiEK4p7HruMZcwKTZPw/aqtGM4aY00uzWhlKKYws=
 modernc.org/tcl v1.15.2 h1:C4ybAYCGJw968e+Me18oW55kD/FexcHbqH2xak1ROSY=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
 modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
-modernc.org/z v1.7.0 h1:xkDw/KepgEjeizO2sNco+hqYkU12taxQFqPEmgm1GWE=
 modernc.org/z v1.7.3 h1:zDJf6iHjrnB+WRD88stbXokugjyc0/pB91ri1gO6LZY=

sendmail/cmd/cmd.go

@@ -56,7 +56,7 @@ func Run() {
 
 	// override defaults from cli flags
 	flag.StringVarP(&fromAddr, "from", "f", fromAddr, "SMTP sender address")
-	flag.StringVar(&smtpAddr, "smtp-addr", smtpAddr, "SMTP server address")
+	flag.StringVarP(&smtpAddr, "smtp-addr", "S", smtpAddr, "SMTP server address")
 	flag.BoolVarP(&Verbose, "verbose", "v", false, "Verbose mode (sends debug output to stderr)")
 	flag.BoolP("long-b", "b", false, "Ignored. This flag exists for sendmail compatibility.")
 	flag.BoolP("long-i", "i", false, "Ignored. This flag exists for sendmail compatibility.")

server/apiv1/api.go

@@ -147,7 +147,7 @@ func GetMessage(w http.ResponseWriter, r *http.Request) {
 	//	Parameters:
 	//	  + name: ID
 	//	    in: path
-	//	    description: Message ID
+	//	    description: Database ID
 	//	    required: true
 	//	    type: string
 	//
@@ -188,7 +188,7 @@ func DownloadAttachment(w http.ResponseWriter, r *http.Request) {
 	//	Parameters:
 	//	  + name: ID
 	//	    in: path
-	//	    description: Message ID
+	//	    description: Database ID
 	//	    required: true
 	//	    type: string
 	//	  + name: PartID
@@ -237,7 +237,7 @@ func GetHeaders(w http.ResponseWriter, r *http.Request) {
 	//	Parameters:
 	//	  + name: ID
 	//	    in: path
-	//	    description: Message ID
+	//	    description: Database ID
 	//	    required: true
 	//	    type: string
 	//
@@ -284,7 +284,7 @@ func DownloadRaw(w http.ResponseWriter, r *http.Request) {
 	//	Parameters:
 	//	  + name: ID
 	//	    in: path
-	//	    description: Message ID
+	//	    description: Database ID
 	//	    required: true
 	//	    type: string
 	//
@@ -330,7 +330,7 @@ func DeleteMessages(w http.ResponseWriter, r *http.Request) {
 	//	Parameters:
 	//	  + name: ids
 	//	    in: body
-	//	    description: Message IDs to delete
+	//	    description: Database IDs to delete
 	//	    required: false
 	//	    type: DeleteRequest
 	//
@@ -381,7 +381,7 @@ func SetReadStatus(w http.ResponseWriter, r *http.Request) {
 	//	Parameters:
 	//	  + name: ids
 	//	    in: body
-	//	    description: Message IDs to update
+	//	    description: Database IDs to update
 	//	    required: false
 	//	    type: SetReadStatusRequest
 	//
@@ -459,7 +459,7 @@ func SetTags(w http.ResponseWriter, r *http.Request) {
 	//	Parameters:
 	//	  + name: ids
 	//	    in: body
-	//	    description: Message IDs to update
+	//	    description: Database IDs to update
 	//	    required: true
 	//	    type: SetTagsRequest
 	//
@@ -502,7 +502,7 @@ func ReleaseMessage(w http.ResponseWriter, r *http.Request) {
 	//
 	// # Release message
 	//
-	// Release a message via a preconfigured external SMTP server..
+	// Release a message via a pre-configured external SMTP server..
 	//
 	//	Consumes:
 	//	- application/json
@@ -515,7 +515,7 @@ func ReleaseMessage(w http.ResponseWriter, r *http.Request) {
 	//	Parameters:
 	//	  + name: ID
 	//	    in: path
-	//	    description: Message ID
+	//	    description: Database ID
 	//	    required: true
 	//	    type: string
 	//		+ name: to
@@ -554,10 +554,17 @@ func ReleaseMessage(w http.ResponseWriter, r *http.Request) {
 	}
 
 	for _, to := range tos {
-		if _, err := mail.ParseAddress(to); err != nil {
+		address, err := mail.ParseAddress(to)
+
+		if err != nil {
 			httpError(w, "Invalid email address: "+to)
 			return
 		}
+
+		if config.SMTPRelayConfig.RecipientAllowlistRegexp != nil && !config.SMTPRelayConfig.RecipientAllowlistRegexp.MatchString(address.Address) {
+			httpError(w, "Mail address does not match allowlist: "+to)
+			return
+		}
 	}
 
 	reader := bytes.NewReader(msg)
@@ -650,3 +657,10 @@ func getStartLimit(req *http.Request) (start int, limit int) {
 
 	return start, limit
 }
+
+// GetOptions returns a blank response
+func GetOptions(w http.ResponseWriter, r *http.Request) {
+
+	w.Header().Set("Content-Type", "text/plain")
+	_, _ = w.Write([]byte(""))
+}

server/apiv1/thumbnails.go

@@ -39,12 +39,12 @@ func Thumbnail(w http.ResponseWriter, r *http.Request) {
 	//	Parameters:
 	//	  + name: ID
 	//	    in: path
-	//	    description: message id
+	//	    description: Database ID
 	//	    required: true
 	//	    type: string
 	//	  + name: PartID
 	//	    in: path
-	//	    description: attachment part id
+	//	    description: Attachment part ID
 	//	    required: true
 	//	    type: string
 	//

server/apiv1/webui.go

@@ -20,6 +20,8 @@ type webUIConfiguration struct {
 		SMTPServer string
 		// Enforced Return-Path (if set) for relay bounces
 		ReturnPath string
+		// Allowlist of accepted recipients
+		RecipientAllowlist string
 	}
 }
 
@@ -45,6 +47,7 @@ func WebUIConfig(w http.ResponseWriter, r *http.Request) {
 	if config.ReleaseEnabled {
 		conf.MessageRelay.SMTPServer = fmt.Sprintf("%s:%d", config.SMTPRelayConfig.Host, config.SMTPRelayConfig.Port)
 		conf.MessageRelay.ReturnPath = config.SMTPRelayConfig.ReturnPath
+		conf.MessageRelay.RecipientAllowlist = config.SMTPRelayConfig.RecipientAllowlist
 	}
 
 	bytes, _ := json.Marshal(conf)

server/server.go

@@ -68,10 +68,10 @@ func Listen() {
 	isReady.Store(true)
 
 	if config.UITLSCert != "" && config.UITLSKey != "" {
-		logger.Log().Infof("[http] starting secure server on https://%s%s", logger.CleanIP(config.HTTPListen), config.Webroot)
+		logger.Log().Infof("[http] starting secure server on https://%s%s", logger.CleanHTTPIP(config.HTTPListen), config.Webroot)
 		logger.Log().Fatal(http.ListenAndServeTLS(config.HTTPListen, config.UITLSCert, config.UITLSKey, nil))
 	} else {
-		logger.Log().Infof("[http] starting server on http://%s%s", logger.CleanIP(config.HTTPListen), config.Webroot)
+		logger.Log().Infof("[http] starting server on http://%s%s", logger.CleanHTTPIP(config.HTTPListen), config.Webroot)
 		logger.Log().Fatal(http.ListenAndServe(config.HTTPListen, nil))
 	}
 }
@@ -94,6 +94,9 @@ func defaultRoutes() *mux.Router {
 	r.HandleFunc(config.Webroot+"api/v1/info", middleWareFunc(apiv1.AppInfo)).Methods("GET")
 	r.HandleFunc(config.Webroot+"api/v1/webui", middleWareFunc(apiv1.WebUIConfig)).Methods("GET")
 
+	// return blank 200 response for OPTIONS requests for CORS
+	r.PathPrefix(config.Webroot + "api/v1/").Handler(middleWareFunc(apiv1.GetOptions)).Methods("OPTIONS")
+
 	return r
 }
 
@@ -122,7 +125,7 @@ func middleWareFunc(fn http.HandlerFunc) http.HandlerFunc {
 
 		if AccessControlAllowOrigin != "" && strings.HasPrefix(r.RequestURI, config.Webroot+"api/") {
 			w.Header().Set("Access-Control-Allow-Origin", AccessControlAllowOrigin)
-			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT")
+			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS")
 			w.Header().Set("Access-Control-Allow-Headers", "*")
 		}
 
@@ -161,7 +164,7 @@ func middlewareHandler(h http.Handler) http.Handler {
 
 		if AccessControlAllowOrigin != "" && strings.HasPrefix(r.RequestURI, config.Webroot+"api/") {
 			w.Header().Set("Access-Control-Allow-Origin", AccessControlAllowOrigin)
-			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT")
+			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS")
 			w.Header().Set("Access-Control-Allow-Headers", "*")
 		}
 

server/smtpd/smtp.go

@@ -2,14 +2,48 @@ package smtpd
 
 import (
 	"crypto/tls"
+	"errors"
 	"fmt"
+	"net/mail"
 	"net/smtp"
 
 	"github.com/axllent/mailpit/config"
+	"github.com/axllent/mailpit/utils/logger"
 )
 
+func allowedRecipients(to []string) []string {
+	if config.SMTPRelayConfig.RecipientAllowlistRegexp == nil {
+		return to
+	}
+
+	var ar []string
+
+	for _, recipient := range to {
+		address, err := mail.ParseAddress(recipient)
+
+		if err != nil {
+			logger.Log().Warnf("ignoring invalid email address: %s", recipient)
+			continue
+		}
+
+		if !config.SMTPRelayConfig.RecipientAllowlistRegexp.MatchString(address.Address) {
+			logger.Log().Debugf("[smtp] not allowed to relay to %s: does not match the allowlist %s", recipient, config.SMTPRelayConfig.RecipientAllowlist)
+		} else {
+			ar = append(ar, recipient)
+		}
+	}
+
+	return ar
+}
+
 // Send will connect to a pre-configured SMTP server and send a message to one or more recipients.
 func Send(from string, to []string, msg []byte) error {
+	recipients := allowedRecipients(to)
+
+	if len(recipients) == 0 {
+		return errors.New("no valid recipients")
+	}
+
 	addr := fmt.Sprintf("%s:%d", config.SMTPRelayConfig.Host, config.SMTPRelayConfig.Port)
 
 	c, err := smtp.Dial(addr)
@@ -35,6 +69,10 @@ func Send(from string, to []string, msg []byte) error {
 		a = smtp.PlainAuth("", config.SMTPRelayConfig.Username, config.SMTPRelayConfig.Password, config.SMTPRelayConfig.Host)
 	}
 
+	if config.SMTPRelayConfig.Auth == "login" {
+		a = LoginAuth(config.SMTPRelayConfig.Username, config.SMTPRelayConfig.Password)
+	}
+
 	if config.SMTPRelayConfig.Auth == "cram-md5" {
 		a = smtp.CRAMMD5Auth(config.SMTPRelayConfig.Username, config.SMTPRelayConfig.Secret)
 	}
@@ -48,7 +86,7 @@ func Send(from string, to []string, msg []byte) error {
 		return err
 	}
 
-	for _, addr := range to {
+	for _, addr := range recipients {
 		if err = c.Rcpt(addr); err != nil {
 			return err
 		}
@@ -69,3 +107,33 @@ func Send(from string, to []string, msg []byte) error {
 
 	return c.Quit()
 }
+
+// Custom implementation of LOGIN SMTP authentication
+// @see https://gist.github.com/andelf/5118732
+type loginAuth struct {
+	username, password string
+}
+
+// LoginAuth authentication
+func LoginAuth(username, password string) smtp.Auth {
+	return &loginAuth{username, password}
+}
+
+func (a *loginAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {
+	return "LOGIN", []byte{}, nil
+}
+
+func (a *loginAuth) Next(fromServer []byte, more bool) ([]byte, error) {
+	if more {
+		switch string(fromServer) {
+		case "Username:":
+			return []byte(a.username), nil
+		case "Password:":
+			return []byte(a.password), nil
+		default:
+			return nil, errors.New("Unknown fromServer")
+		}
+	}
+
+	return nil, nil
+}

server/smtpd/smtpd.go

@@ -42,7 +42,7 @@ func mailHandler(origin net.Addr, from string, to []string, data []byte) error {
 	// if enabled, this will route the email 1:1 through to the preconfigured smtp server
 	if config.SMTPRelayAllIncoming {
 		if err := Send(from, to, data); err != nil {
-			logger.Log().Errorf("[smtp] error relaying message: %s", err.Error())
+			logger.Log().Warnf("[smtp] error relaying message: %s", err.Error())
 		} else {
 			logger.Log().Debugf("[smtp] relayed message from %s via %s:%d", from, config.SMTPRelayConfig.Host, config.SMTPRelayConfig.Port)
 		}

server/ui-src/App.vue

@@ -74,6 +74,13 @@ export default {
 		},
 		canNext: function () {
 			return this.total > (this.start + this.count);
+		},
+		unreadInSearch: function () {
+			if (!this.searching) {
+				return false;
+			}
+
+			return this.items.filter(i => !i.Read).length;
 		}
 	},
 
@@ -83,7 +90,7 @@ export default {
 			this.currentPath = window.location.hash.slice(1);
 		});
 
-		this.notificationsSupported = 'https:' == document.location.protocol
+		this.notificationsSupported = window.isSecureContext
 			&& ("Notification" in window && Notification.permission !== "denied");
 		this.notificationsEnabled = this.notificationsSupported && Notification.permission == "granted";
 
@@ -230,14 +237,14 @@ export default {
 						let a = d.Inline[i];
 						if (a.ContentID != '') {
 							d.HTML = d.HTML.replace(
-								new RegExp('(=["\']?)(cid:' + a.ContentID + ')(["|\'|\s|\/|>|;])', 'g'),
+								new RegExp('(=["\']?)(cid:' + a.ContentID + ')(["|\'|\\s|\\/|>|;])', 'g'),
 								'$1' + window.location.origin + window.location.pathname + 'api/v1/message/' + d.ID + '/part/' + a.PartID + '$3'
 							);
 						}
 						if (a.FileName.match(/^[a-zA-Z0-9\_\-\.]+$/)) {
 							// some old email clients use the filename
 							d.HTML = d.HTML.replace(
-								new RegExp('(=["\']?)(' + a.FileName + ')(["|\'|\s|\/|>|;])', 'g'),
+								new RegExp('(=["\']?)(' + a.FileName + ')(["|\'|\\s|\\/|>|;])', 'g'),
 								'$1' + window.location.origin + window.location.pathname + 'api/v1/message/' + d.ID + '/part/' + a.PartID + '$3'
 							);
 						}
@@ -250,14 +257,14 @@ export default {
 						let a = d.Attachments[i];
 						if (a.ContentID != '') {
 							d.HTML = d.HTML.replace(
-								new RegExp('(=["\']?)(cid:' + a.ContentID + ')(["|\'|\s|\/|>|;])', 'g'),
+								new RegExp('(=["\']?)(cid:' + a.ContentID + ')(["|\'|\\s|\\/|>|;])', 'g'),
 								'$1' + window.location.origin + window.location.pathname + 'api/v1/message/' + d.ID + '/part/' + a.PartID + '$3'
 							);
 						}
 						if (a.FileName.match(/^[a-zA-Z0-9\_\-\.]+$/)) {
 							// some old email clients use the filename
 							d.HTML = d.HTML.replace(
-								new RegExp('(=["\']?)(' + a.FileName + ')(["|\'|\s|\/|>|;])', 'g'),
+								new RegExp('(=["\']?)(' + a.FileName + ')(["|\'|\\s|\\/|>|;])', 'g'),
 								'$1' + window.location.origin + window.location.pathname + 'api/v1/message/' + d.ID + '/part/' + a.PartID + '$3'
 							);
 						}
@@ -304,6 +311,24 @@ export default {
 			});
 		},
 
+		// delete messages displayed in current search
+		deleteSearch: function () {
+			let ids = this.items.map(item => item.ID);
+
+			if (!ids.length) {
+				return false;
+			}
+
+			let self = this;
+			let uri = 'api/v1/messages';
+			self.delete(uri, { 'ids': ids }, function (response) {
+				window.location.hash = "";
+				self.scrollInPlace = true;
+				self.loadMessages();
+			});
+		},
+
+		// delete all messages from mailbox
 		deleteAll: function () {
 			let self = this;
 			let uri = 'api/v1/messages';
@@ -313,6 +338,7 @@ export default {
 			});
 		},
 
+		// mark current message as read
 		markUnread: function () {
 			let self = this;
 			if (!self.message) {
@@ -326,6 +352,7 @@ export default {
 			});
 		},
 
+		// mark all messages in mailbox as read
 		markAllRead: function () {
 			let self = this;
 			let uri = 'api/v1/messages'
@@ -336,6 +363,24 @@ export default {
 			});
 		},
 
+		// mark messages in current search as read
+		markSearchRead: function () {
+			let ids = this.items.map(item => item.ID);
+
+			if (!ids.length) {
+				return false;
+			}
+
+			let self = this;
+			let uri = 'api/v1/messages';
+			self.put(uri, { 'read': true, 'ids': ids }, function (response) {
+				window.location.hash = "";
+				self.scrollInPlace = true;
+				self.loadMessages();
+			});
+		},
+
+		// mark selected messages as read
 		markSelectedRead: function () {
 			let self = this;
 			if (!self.selected.length) {
@@ -349,6 +394,7 @@ export default {
 			});
 		},
 
+		// mark selected messages as unread
 		markSelectedUnread: function () {
 			let self = this;
 			if (!self.selected.length) {
@@ -362,7 +408,7 @@ export default {
 			});
 		},
 
-		// test of any selected emails are unread
+		// test if any selected emails are unread
 		selectedHasUnread: function () {
 			if (!this.selected.length) {
 				return false;
@@ -609,7 +655,8 @@ export default {
 		},
 
 		setMessageToast: function (m) {
-			if (this.toastMessage) {
+			// don't display if browser notifications are enabled, or a toast is already displayed
+			if (this.notificationsEnabled || this.toastMessage) {
 				return;
 			}
 
@@ -708,7 +755,8 @@ export default {
 						<span v-if="!total" class="ms-2">Mailpit</span>
 					</a>
 					<div v-if="total" class="ms-md-2 d-flex bg-white border rounded-start flex-fill position-relative">
-						<input type="text" class="form-control border-0" v-model.trim="search" placeholder="Search mailbox">
+						<input type="text" class="form-control border-0" aria-label="Search" v-model.trim="search"
+							placeholder="Search mailbox">
 						<span class="btn btn-link position-absolute end-0 text-muted" v-if="search"
 							v-on:click="resetSearch"><i class="bi bi-x-circle"></i></span>
 					</div>
@@ -719,14 +767,29 @@ export default {
 			</form>
 		</div>
 		<div class="col-12 col-lg-5 text-end mt-2 mt-lg-0" v-if="!message && total">
-			<button v-if="total" class="btn btn-danger float-start d-md-none me-2" data-bs-toggle="modal"
-				data-bs-target="#DeleteAllModal" title="Delete all messages">
+			<button v-if="searching && items.length" class="btn btn-danger float-start d-md-none me-2"
+				data-bs-toggle="modal" data-bs-target="#DeleteSearchModal" :disabled="!items" title="Delete results">
+				<i class="bi bi-trash-fill"></i>
+			</button>
+			<button v-else class="btn btn-danger float-start d-md-none me-2" data-bs-toggle="modal"
+				data-bs-target="#DeleteAllModal" :disabled="!total || searching" title="Delete all messages">
 				<i class="bi bi-trash-fill"></i>
 			</button>
 
+			<!-- TODO
 			<button v-if="unread" class="btn btn-light float-start d-md-none" data-bs-toggle="modal"
 				data-bs-target="#MarkAllReadModal" title="Mark all read">
 				<i class="bi bi-check2-square"></i>
+			</button> -->
+
+			<button v-if="searching && items.length" class="btn btn-light float-start d-md-none" data-bs-toggle="modal"
+				data-bs-target="#MarkSearchReadModal" :disabled="!unreadInSearch"
+				:title="'Mark ' + formatNumber(unreadInSearch) + ' read'">
+				<i class="bi bi-check2-square"></i>
+			</button>
+			<button v-else class="btn btn-light float-start d-md-none" data-bs-toggle="modal"
+				data-bs-target="#MarkAllReadModal" :disabled="!unread || searching">
+				<i class="bi bi-check2-square"></i>
 			</button>
 
 			<select v-model="limit" v-on:change="loadMessages" class="form-select form-select-sm d-inline w-auto me-2"
@@ -765,10 +828,10 @@ export default {
 					class="list-group-item list-group-item-action" :class="!searching && !message ? 'active' : ''">
 					<template v-if="isConnected">
 						<i class="bi bi-envelope-fill me-1" v-if="!searching && !message"></i>
-						<i class="bi bi-arrow-return-left" v-else></i>
+						<i class="bi bi-arrow-return-left me-1" v-else></i>
 					</template>
 					<i class="bi bi-arrow-clockwise me-1" v-else></i>
-					<span v-if="message" class="ms-1">Return</span>
+					<span v-if="message" class="ms-1 me-1">Return</span>
 					<span v-else class="ms-1">Inbox</span>
 					<span class="badge rounded-pill ms-1 float-end text-bg-secondary" title="Unread messages">
 						{{ formatNumber(unread) }}
@@ -776,38 +839,49 @@ export default {
 				</a>
 
 				<template v-if="!message && !selected.length">
-					<button class="list-group-item list-group-item-action" data-bs-toggle="modal"
+					<button v-if="searching && items.length" class="list-group-item list-group-item-action"
+						data-bs-toggle="modal" data-bs-target="#MarkSearchReadModal" :disabled="!unreadInSearch">
+						<i class="bi bi-eye-fill me-1"></i>
+						Mark {{ formatNumber(unreadInSearch) }} read
+					</button>
+					<button v-else class="list-group-item list-group-item-action" data-bs-toggle="modal"
 						data-bs-target="#MarkAllReadModal" :disabled="!unread || searching">
-						<i class="bi bi-eye-fill"></i>
+						<i class="bi bi-eye-fill me-1"></i>
 						Mark all read
 					</button>
 
-					<button class="list-group-item list-group-item-action" data-bs-toggle="modal"
+					<button v-if="searching && items.length" class="list-group-item list-group-item-action"
+						data-bs-toggle="modal" data-bs-target="#DeleteSearchModal" :disabled="!items">
+						<i class="bi bi-trash-fill me-1 text-danger"></i>
+						Delete {{ formatNumber(items.length) }} results
+					</button>
+					<button v-else class="list-group-item list-group-item-action" data-bs-toggle="modal"
 						data-bs-target="#DeleteAllModal" :disabled="!total || searching">
 						<i class="bi bi-trash-fill me-1 text-danger"></i>
 						Delete all
 					</button>
+
 					<button class="list-group-item list-group-item-action" data-bs-toggle="modal"
 						data-bs-target="#EnableNotificationsModal"
 						v-if="isConnected && notificationsSupported && !notificationsEnabled">
-						<i class="bi bi-bell"></i>
+						<i class="bi bi-bell me-1"></i>
 						Enable alerts
 					</button>
 				</template>
 				<template v-if="!message && selected.length">
 					<button class="list-group-item list-group-item-action" :disabled="!selectedHasUnread()"
 						v-on:click="markSelectedRead">
-						<i class="bi bi-eye-fill"></i>
+						<i class="bi bi-eye-fill me-1"></i>
 						Mark read
 					</button>
 					<button class="list-group-item list-group-item-action" :disabled="!selectedHasRead()"
 						v-on:click="markSelectedUnread">
-						<i class="bi bi-eye-slash"></i>
+						<i class="bi bi-eye-slash me-1"></i>
 						Mark unread
 					</button>
 					<button class="list-group-item list-group-item-action" v-on:click="deleteMessages">
 						<i class="bi bi-trash-fill me-1 text-danger"></i>
-						Delete
+						Delete selected
 					</button>
 					<button class="list-group-item list-group-item-action" v-on:click="selected = []">
 						<i class="bi bi-x-circle me-1"></i>
@@ -819,7 +893,7 @@ export default {
 			<template v-if="!selected.length && tags.length && !message">
 				<h6 class="mt-4 text-muted"><small>Tags</small></h6>
 				<div class="list-group mt-2 mb-5">
-					<button class="list-group-item list-group-item-action" v-for="tag in tags"
+					<button class="list-group-item list-group-item-action small" v-for="tag in tags"
 						v-on:click="tagSearch($event, tag)" :class="inSearch(tag) ? 'active' : ''">
 						<i class="bi bi-tag-fill" v-if="inSearch(tag)"></i>
 						<i class="bi bi-tag" v-else></i>
@@ -928,6 +1002,29 @@ export default {
 		</div>
 	</div>
 
+	<!-- Modal -->
+	<div class="modal fade" id="DeleteSearchModal" tabindex="-1" aria-labelledby="DeleteSearchModalLabel"
+		aria-hidden="true">
+		<div class="modal-dialog">
+			<div class="modal-content">
+				<div class="modal-header">
+					<h5 class="modal-title" id="DeleteSearchModalLabel">
+						Delete {{ formatNumber(items.length) }} search result<span v-if="items.length > 1">s</span>?
+					</h5>
+					<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+				</div>
+				<div class="modal-body">
+					This will permanently delete {{ formatNumber(items.length) }} message<span v-if="total > 1">s</span>.
+				</div>
+				<div class="modal-footer">
+					<button type="button" class="btn btn-outline-secondary" data-bs-dismiss="modal">Cancel</button>
+					<button type="button" class="btn btn-danger" data-bs-dismiss="modal"
+						v-on:click="deleteSearch">Delete</button>
+				</div>
+			</div>
+		</div>
+	</div>
+
 	<!-- Modal -->
 	<div class="modal fade" id="MarkAllReadModal" tabindex="-1" aria-labelledby="MarkAllReadModalLabel" aria-hidden="true">
 		<div class="modal-dialog">
@@ -948,6 +1045,30 @@ export default {
 		</div>
 	</div>
 
+	<!-- Modal -->
+	<div class="modal fade" id="MarkSearchReadModal" tabindex="-1" aria-labelledby="MarkSearchReadModalLabel"
+		aria-hidden="true">
+		<div class="modal-dialog">
+			<div class="modal-content">
+				<div class="modal-header">
+					<h5 class="modal-title" id="MarkSearchReadModalLabel">
+						Mark {{ formatNumber(unreadInSearch) }} search result<span v-if="unreadInSearch > 1">s</span> as
+						read?
+					</h5>
+					<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+				</div>
+				<div class="modal-body">
+					This will mark {{ formatNumber(unreadInSearch) }} message<span v-if="unread > 1">s</span> as read.
+				</div>
+				<div class="modal-footer">
+					<button type="button" class="btn btn-outline-secondary" data-bs-dismiss="modal">Cancel</button>
+					<button type="button" class="btn btn-success" data-bs-dismiss="modal"
+						v-on:click="markSearchRead">Confirm</button>
+				</div>
+			</div>
+		</div>
+	</div>
+
 	<!-- Modal -->
 	<div class="modal fade" id="EnableNotificationsModal" tabindex="-1" aria-labelledby="EnableNotificationsModalLabel"
 		aria-hidden="true">

server/ui-src/assets/_bootstrap_variables.scss

@@ -1,3 +1,7 @@
+// Removed "Noto Color Emoji" from list re: https://github.com/axllent/mailpit/issues/92
+$font-family-sans-serif: system-ui, -apple-system, "Segoe UI", Roboto, "Helvetica Neue", "Noto Sans", "Liberation Sans",
+    Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";
+
 $link-decoration: none;
 $primary: #2c3e50;
 $list-group-disabled-color: #adb5bd;

server/ui-src/assets/bootstrap.scss

@@ -4,6 +4,7 @@
 // Configuration
 @import "../../../node_modules/bootstrap/scss/functions";
 @import "../../../node_modules/bootstrap/scss/variables";
+@import "../../../node_modules/bootstrap/scss/variables-dark";
 @import "../../../node_modules/bootstrap/scss/maps";
 @import "../../../node_modules/bootstrap/scss/mixins";
 @import "../../../node_modules/bootstrap/scss/utilities";

server/ui-src/templates/MessageRelease.vue

@@ -83,6 +83,11 @@ export default {
 						<div class="invalid-feedback">Invalid email address</div>
 					</div>
 				</div>
+				<div class="form-text text-center" v-if="relayConfig.MessageRelay.RecipientAllowlist != ''">
+					Note: A recipient allowlist has been configured. Any mail address not matching it will be rejected.
+					<br class="d-none d-md-inline">
+					Configured allowlist: <b>{{ relayConfig.MessageRelay.RecipientAllowlist }}</b>
+				</div>
 				<div class="form-text text-center">
 					Note: For testing purposes, a unique Message-Id will be generated on send.
 					<br class="d-none d-md-inline">

server/ui/api/v1/swagger.json

@@ -66,7 +66,7 @@
         "parameters": [
           {
             "type": "string",
-            "description": "Message ID",
+            "description": "Database ID",
             "name": "ID",
             "in": "path",
             "required": true
@@ -103,7 +103,7 @@
         "parameters": [
           {
             "type": "string",
-            "description": "Message ID",
+            "description": "Database ID",
             "name": "ID",
             "in": "path",
             "required": true
@@ -142,7 +142,7 @@
         "parameters": [
           {
             "type": "string",
-            "description": "Message ID",
+            "description": "Database ID",
             "name": "ID",
             "in": "path",
             "required": true
@@ -183,14 +183,14 @@
         "parameters": [
           {
             "type": "string",
-            "description": "message id",
+            "description": "Database ID",
             "name": "ID",
             "in": "path",
             "required": true
           },
           {
             "type": "string",
-            "description": "attachment part id",
+            "description": "Attachment part ID",
             "name": "PartID",
             "in": "path",
             "required": true
@@ -224,7 +224,7 @@
         "parameters": [
           {
             "type": "string",
-            "description": "Message ID",
+            "description": "Database ID",
             "name": "ID",
             "in": "path",
             "required": true
@@ -242,7 +242,7 @@
     },
     "/api/v1/message/{ID}/release": {
       "post": {
-        "description": "Release a message via a preconfigured external SMTP server..",
+        "description": "Release a message via a pre-configured external SMTP server..",
         "consumes": [
           "application/json"
         ],
@@ -261,7 +261,7 @@
         "parameters": [
           {
             "type": "string",
-            "description": "Message ID",
+            "description": "Database ID",
             "name": "ID",
             "in": "path",
             "required": true
@@ -347,11 +347,11 @@
         "operationId": "SetReadStatus",
         "parameters": [
           {
-            "description": "Message IDs to update",
+            "description": "Database IDs to update",
             "name": "ids",
             "in": "body",
             "schema": {
-              "description": "Message IDs to update",
+              "description": "Database IDs to update",
               "type": "object",
               "$ref": "#/definitions/SetReadStatusRequest"
             }
@@ -385,11 +385,11 @@
         "operationId": "Delete",
         "parameters": [
           {
-            "description": "Message IDs to delete",
+            "description": "Database IDs to delete",
             "name": "ids",
             "in": "body",
             "schema": {
-              "description": "Message IDs to delete",
+              "description": "Database IDs to delete",
               "type": "object",
               "$ref": "#/definitions/DeleteRequest"
             }
@@ -466,12 +466,12 @@
         "operationId": "SetTags",
         "parameters": [
           {
-            "description": "Message IDs to update",
+            "description": "Database IDs to update",
             "name": "ids",
             "in": "body",
             "required": true,
             "schema": {
-              "description": "Message IDs to update",
+              "description": "Database IDs to update",
               "type": "object",
               "$ref": "#/definitions/SetTagsRequest"
             }
@@ -751,6 +751,10 @@
           "description": "Database ID",
           "type": "string"
         },
+        "MessageID": {
+          "description": "Message ID",
+          "type": "string"
+        },
         "Read": {
           "description": "Read status",
           "type": "boolean"
@@ -901,6 +905,10 @@
               "description": "Whether message relaying (release) is enabled",
               "type": "boolean"
             },
+            "RecipientAllowlist": {
+              "description": "Allowlist of accepted recipients",
+              "type": "string"
+            },
             "ReturnPath": {
               "description": "Enforced Return-Path (if set) for relay bounces",
               "type": "string"

storage/database.go

@@ -117,10 +117,6 @@ type DBMailSummary struct {
 	To   []*mail.Address
 	Cc   []*mail.Address
 	Bcc  []*mail.Address
-	// Subject     string
-	// Size        int
-	// Inline      int
-	// Attachments int
 }
 
 // InitDB will initialise the database
@@ -211,7 +207,7 @@ func Close() {
 
 // Store will save an email to the database tables
 func Store(body []byte) (string, error) {
-	// Parse message body with enmime.
+	// Parse message body with enmime
 	env, err := enmime.ReadEnvelope(bytes.NewReader(body))
 	if err != nil {
 		logger.Log().Warningf("[db] %s", err.Error())
@@ -255,7 +251,16 @@ func Store(body []byte) (string, error) {
 		return "", err
 	}
 
-	tagData := findTags(&body)
+	// extract tags from body matches based on --tag
+	tagStr := findTagsInRawMessage(&body)
+
+	// extract tags from X-Tags header
+	headerTags := strings.TrimSpace(env.Root.Header.Get("X-Tags"))
+	if headerTags != "" {
+		tagStr += "," + headerTags
+	}
+
+	tagData := uniqueTagsFromString(tagStr)
 
 	tagJSON, err := json.Marshal(tagData)
 	if err != nil {
@@ -303,6 +308,7 @@ func Store(body []byte) (string, error) {
 
 	c.Created = created
 	c.ID = id
+	c.MessageID = messageID
 	c.Attachments = attachments
 	c.Subject = subject
 	c.Size = size
@@ -321,7 +327,7 @@ func List(start, limit int) ([]MessageSummary, error) {
 	results := []MessageSummary{}
 
 	q := sqlf.From("mailbox").
-		Select(`Created, ID, Subject, Metadata, Size, Attachments, Read, Tags`).
+		Select(`Created, ID, MessageID, Subject, Metadata, Size, Attachments, Read, Tags`).
 		OrderBy("Created DESC").
 		Limit(limit).
 		Offset(start)
@@ -329,6 +335,7 @@ func List(start, limit int) ([]MessageSummary, error) {
 	if err := q.QueryAndClose(nil, db, func(row *sql.Rows) {
 		var created int64
 		var id string
+		var messageID string
 		var subject string
 		var metadata string
 		var size int
@@ -337,7 +344,7 @@ func List(start, limit int) ([]MessageSummary, error) {
 		var read int
 		em := MessageSummary{}
 
-		if err := row.Scan(&created, &id, &subject, &metadata, &size, &attachments, &read, &tags); err != nil {
+		if err := row.Scan(&created, &id, &messageID, &subject, &metadata, &size, &attachments, &read, &tags); err != nil {
 			logger.Log().Error(err)
 			return
 		}
@@ -354,6 +361,7 @@ func List(start, limit int) ([]MessageSummary, error) {
 
 		em.Created = time.UnixMilli(created)
 		em.ID = id
+		em.MessageID = messageID
 		em.Subject = subject
 		em.Size = size
 		em.Attachments = attachments
@@ -373,7 +381,7 @@ func List(start, limit int) ([]MessageSummary, error) {
 }
 
 // Search will search a mailbox for search terms.
-// The search is broken up by segments (exact phrases can be quoted), and interprits specific terms such as:
+// The search is broken up by segments (exact phrases can be quoted), and interprets specific terms such as:
 // is:read, is:unread, has:attachment, to:<term>, from:<term> & subject:<term>
 // Negative searches also also included by prefixing the search term with a `-` or `!`
 func Search(search string, start, limit int) ([]MessageSummary, error) {
@@ -399,6 +407,7 @@ func Search(search string, start, limit int) ([]MessageSummary, error) {
 	if err := q.QueryAndClose(nil, db, func(row *sql.Rows) {
 		var created int64
 		var id string
+		var messageID string
 		var subject string
 		var metadata string
 		var size int
@@ -408,7 +417,7 @@ func Search(search string, start, limit int) ([]MessageSummary, error) {
 		var ignore string
 		em := MessageSummary{}
 
-		if err := row.Scan(&created, &id, &subject, &metadata, &size, &attachments, &read, &tags, &ignore, &ignore, &ignore, &ignore); err != nil {
+		if err := row.Scan(&created, &id, &messageID, &subject, &metadata, &size, &attachments, &read, &tags, &ignore, &ignore, &ignore, &ignore); err != nil {
 			logger.Log().Error(err)
 			return
 		}
@@ -425,6 +434,7 @@ func Search(search string, start, limit int) ([]MessageSummary, error) {
 
 		em.Created = time.UnixMilli(created)
 		em.ID = id
+		em.MessageID = messageID
 		em.Subject = subject
 		em.Size = size
 		em.Attachments = attachments
@@ -470,7 +480,7 @@ func GetMessage(id string) (*Message, error) {
 	messageID := strings.Trim(env.GetHeader("Message-ID"), "<>")
 
 	returnPath := strings.Trim(env.GetHeader("Return-Path"), "<>")
-	if returnPath == "" {
+	if returnPath == "" && from != nil {
 		returnPath = from.Address
 	}
 
@@ -491,7 +501,7 @@ func GetMessage(id string) (*Message, error) {
 
 			logger.Log().Debugf("[db] %s does not contain a date header, using received datetime", id)
 
-			date = time.UnixMicro(created)
+			date = time.UnixMilli(created)
 		}); err != nil {
 			logger.Log().Error(err)
 		}
@@ -881,7 +891,7 @@ func IsUnread(id string) bool {
 	return unread == 1
 }
 
-// MessageIDExists blaah
+// MessageIDExists checks whether a Message-ID exists in the DB
 func MessageIDExists(id string) bool {
 	var total int
 

storage/search.go

@@ -14,7 +14,7 @@ func searchParser(args []string, start, limit int) *sqlf.Stmt {
 	}
 
 	q := sqlf.From("mailbox").
-		Select(`Created, ID, Subject, Metadata, Size, Attachments, Read, Tags,
+		Select(`Created, ID, MessageID, Subject, Metadata, Size, Attachments, Read, Tags,
 			IFNULL(json_extract(Metadata, '$.To'), '{}') as ToJSON,
 			IFNULL(json_extract(Metadata, '$.From'), '{}') as FromJSON,
 			IFNULL(json_extract(Metadata, '$.Cc'), '{}') as CcJSON,

storage/structs.go

@@ -69,6 +69,8 @@ type Attachment struct {
 type MessageSummary struct {
 	// Database ID
 	ID string
+	// Message ID
+	MessageID string
 	// Read status
 	Read bool
 	// From address

storage/tags.go

@@ -3,23 +3,21 @@ package storage
 import (
 	"context"
 	"encoding/json"
-	"regexp"
 	"sort"
 	"strings"
 
 	"github.com/axllent/mailpit/config"
 	"github.com/axllent/mailpit/utils/logger"
+	"github.com/axllent/mailpit/utils/tools"
 	"github.com/leporo/sqlf"
 )
 
-// SetTags will set the tags for a given message ID, used via API
+// SetTags will set the tags for a given database ID, used via API
 func SetTags(id string, tags []string) error {
 	applyTags := []string{}
-	reg := regexp.MustCompile(`\s+`)
 	for _, t := range tags {
-		t = strings.TrimSpace(reg.ReplaceAllString(t, " "))
-
-		if t != "" && config.TagRegexp.MatchString(t) && !inArray(t, applyTags) {
+		t = tools.CleanTag(t)
+		if t != "" && config.ValidTagRegexp.MatchString(t) && !inArray(t, applyTags) {
 			applyTags = append(applyTags, t)
 		}
 	}
@@ -42,26 +40,25 @@ func SetTags(id string, tags []string) error {
 	return err
 }
 
-// Used to auto-apply tags to new messages
-func findTags(message *[]byte) []string {
-	tags := []string{}
+// Find tags set via --tags in raw message.
+// Returns a comma-separated string.
+func findTagsInRawMessage(message *[]byte) string {
+	tagStr := ""
 	if len(config.SMTPTags) == 0 {
-		return tags
+		return tagStr
 	}
 
 	str := strings.ToLower(string(*message))
 	for _, t := range config.SMTPTags {
-		if !inArray(t.Tag, tags) && strings.Contains(str, t.Match) {
-			tags = append(tags, t.Tag)
+		if strings.Contains(str, t.Match) {
+			tagStr += "," + t.Tag
 		}
 	}
 
-	sort.Strings(tags)
-
-	return tags
+	return tagStr
 }
 
-// Get message tags from the database for a given message ID.
+// Get message tags from the database for a given database ID
 // Used when parsing a raw email.
 func getMessageTags(id string) []string {
 	tags := []string{}
@@ -84,3 +81,31 @@ func getMessageTags(id string) []string {
 
 	return tags
 }
+
+// UniqueTagsFromString will split a string with commas, and extract a unique slice of formatted tags
+func uniqueTagsFromString(s string) []string {
+	tags := []string{}
+
+	if s == "" {
+		return tags
+	}
+
+	parts := strings.Split(s, ",")
+	for _, p := range parts {
+		w := tools.CleanTag(p)
+		if w == "" {
+			continue
+		}
+		if config.ValidTagRegexp.MatchString(w) {
+			if !inArray(w, tags) {
+				tags = append(tags, w)
+			}
+		} else {
+			logger.Log().Debugf("[db] ignoring invalid tag: %s", w)
+		}
+	}
+
+	sort.Strings(tags)
+
+	return tags
+}

storage/utils.go

@@ -75,7 +75,7 @@ func dbCron() {
 		time.Sleep(60 * time.Second)
 		start := time.Now()
 
-		// check if database contains deleted data and has not beein in use
+		// check if database contains deleted data and has not been in use
 		// for 5 minutes, if so VACUUM
 		currentTime := time.Now()
 		diff := currentTime.Sub(dbLastAction)
@@ -167,6 +167,7 @@ func isFile(path string) bool {
 	return true
 }
 
+// InArray tests if a string in within an array. It is not case sensitive.
 func inArray(k string, arr []string) bool {
 	k = strings.ToLower(k)
 	for _, v := range arr {

utils/logger/logger.go

@@ -54,7 +54,7 @@ func PrettyPrint(i interface{}) {
 }
 
 // CleanIP returns a human-readable IP for the logging interface
-// when starting services. It translates [::]:<port> to "localhost:<port>"
+// when starting services. It translates [::]:<port> to "0.0.0.0:<port>"
 func CleanIP(s string) string {
 	re := regexp.MustCompile(`^\[\:\:\]\:\d+`)
 	if re.MatchString(s) {
@@ -63,3 +63,14 @@ func CleanIP(s string) string {
 
 	return s
 }
+
+// CleanHTTPIP returns a human-readable IP for the logging interface
+// when starting services. It translates [::]:<port> to "localhost:<port>"
+func CleanHTTPIP(s string) string {
+	re := regexp.MustCompile(`^\[\:\:\]\:\d+`)
+	if re.MatchString(s) {
+		return "localhost:" + s[5:]
+	}
+
+	return s
+}

utils/tools/message.go

@@ -1,4 +1,4 @@
-// Package tools provides various methods for variouws things
+// Package tools provides various methods for various things
 package tools
 
 import (
@@ -23,7 +23,7 @@ func RemoveMessageHeaders(msg []byte, headers []string) ([]byte, error) {
 	reBlank := regexp.MustCompile(`^\s+`)
 
 	for _, hdr := range headers {
-		// case-insentitive
+		// case-insensitive
 		reHdr := regexp.MustCompile(`(?i)^` + regexp.QuoteMeta(hdr+":"))
 
 		// header := []byte(hdr + ":")

utils/tools/tags.go

@@ -0,0 +1,25 @@
+package tools
+
+import (
+	"regexp"
+	"strings"
+)
+
+var (
+	// Invalid tag characters regex
+	tagsInvalidChars = regexp.MustCompile(`[^a-zA-Z0-9\-\ \_]`)
+
+	// Regex to catch multiple spaces
+	multiSpaceRe = regexp.MustCompile(`(\s+)`)
+)
+
+// CleanTag returns a clean tag, removing whitespace and invalid characters
+func CleanTag(s string) string {
+	s = strings.TrimSpace(
+		multiSpaceRe.ReplaceAllString(
+			tagsInvalidChars.ReplaceAllString(s, " "),
+			" ",
+		),
+	)
+	return s
+}