Merge pull request #2850 from postalserver/release-please--branches--main

chore(main): release 3.1.0

.github/workflows/ci.yml

@@ -115,4 +115,4 @@ jobs:
           target: full
           build-args: |
             VERSION=${{ needs.release-please.outputs.version }}
-          platforms: linux/amd64,linux/arm64/v8
+          platforms: linux/amd64

.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "3.0.0"
+  ".": "3.1.0"
 }

CHANGELOG.md

@@ -2,6 +2,47 @@
 
 This file contains all the latest changes and updates to Postal.
 
+## [3.1.0](https://github.com/postalserver/postal/compare/3.0.2...3.1.0) (2024-03-06)
+
+
+### Features
+
+* configurable trusted proxies for web requests ([3785c99](https://github.com/postalserver/postal/commit/3785c998513c634d225b489ccb43e926ce3f270a))
+
+
+### Bug Fixes
+
+* **message-dequeuer:** ensure SMTP endpoints are sent to SMTP sender appropriately ([e2d642c](https://github.com/postalserver/postal/commit/e2d642c0cbf443550886d90abc3a6edf3e4bc4fc)), closes [#2853](https://github.com/postalserver/postal/issues/2853)
+* **smtp-server:** listen on all interfaces by default ([d1e5b68](https://github.com/postalserver/postal/commit/d1e5b68200ea4b9710cc8714afb3271bad1f4f66)), closes [#2852](https://github.com/postalserver/postal/issues/2852)
+* **smtp-server:** remove ::ffff: from the start of ipv4 addresses ([0dc7359](https://github.com/postalserver/postal/commit/0dc7359431001c9ef1222913f8d1344093397596))
+* **smtp-server:** reset ansi sequence after logging ([9bf6152](https://github.com/postalserver/postal/commit/9bf6152060ffb8b611b66818c1d1ac7c929b7ffe))
+* **ui:** fixes typo on queue page ([33513a7](https://github.com/postalserver/postal/commit/33513a77c0df24d832ab7ed5237d68e2b1bde887))
+* **web-server:** allow for trusted proxies not be set ([4e1deb2](https://github.com/postalserver/postal/commit/4e1deb2d2aeb61d9dddb3729916411c94e73c1c6))
+
+
+### Styles
+
+* **rubocop:** use _ when not using a variable in helm config exporter ([2c20ba6](https://github.com/postalserver/postal/commit/2c20ba65f64ccb0f8174e3f523dedb3806478782))
+
+## [3.0.2](https://github.com/postalserver/postal/compare/3.0.1...3.0.2) (2024-03-05)
+
+
+### Bug Fixes
+
+* default to listening on all addresses when using legacy config ([48f6494](https://github.com/postalserver/postal/commit/48f6494240eb0374d5f865425b362e6f306b2653))
+
+
+### Miscellaneous Chores
+
+* removing arm64 support until we can get a reasonable build pipeline sorted ([e8e44f5](https://github.com/postalserver/postal/commit/e8e44f54b09426c8a04e466bc037851a0833d124))
+
+## [3.0.1](https://github.com/postalserver/postal/compare/3.0.0...3.0.1) (2024-03-05)
+
+
+### Bug Fixes
+
+* fix issue with sending mail when smtp relays are configured ([6dd6e29](https://github.com/postalserver/postal/commit/6dd6e29929c70eaa8b9d3b33c184996b0b6abb82))
+
 ## [3.0.0](https://github.com/postalserver/postal/compare/2.3.2...3.0.0) (2024-03-04)
 
 This version of Postal introduces a number of larger changes. Please be sure to follow the [upgrade guide](https://docs.postalserver.io/getting-started/upgrade-to-v3) when upgrading to Postal v3. Highlights include:

app/lib/message_dequeuer/incoming_message_processor.rb

@@ -163,7 +163,7 @@ module MessageDequeuer
 
       case queued_message.message.endpoint
       when SMTPEndpoint
-        sender = @state.sender_for(SMTPSender, queued_message.message.recipient_domain, nil, servers: [queued_message.message.endpoint])
+        sender = @state.sender_for(SMTPSender, queued_message.message.recipient_domain, nil, servers: [queued_message.message.endpoint.to_smtp_client_server])
       when HTTPEndpoint
         sender = @state.sender_for(HTTPSender, queued_message.message.endpoint)
       when AddressEndpoint

app/lib/smtp_server/server.rb

@@ -112,21 +112,23 @@ module SMTPServer
               # Accept the connection
               new_io = io.accept
               increment_prometheus_counter :postal_smtp_server_connections_total
+              # Get the client's IP address and strip `::ffff:` for consistency.
+              client_ip_address = new_io.remote_address.ip_address.sub(/\A::ffff:/, "")
               if Postal::Config.smtp_server.proxy_protocol?
                 # If we are using the haproxy proxy protocol, we will be sent the
                 # client's IP later. Delay the welcome process.
                 client = Client.new(nil)
                 if Postal::Config.smtp_server.log_connections?
-                  client.logger&.debug "Connection opened from #{new_io.remote_address.ip_address}"
+                  client.logger&.debug "Connection opened from #{client_ip_address}"
                 end
               else
                 # We're not using the proxy protocol so we already know the client's IP
-                client = Client.new(new_io.remote_address.ip_address)
+                client = Client.new(client_ip_address)
                 if Postal::Config.smtp_server.log_connections?
-                  client.logger&.debug "Connection opened from #{new_io.remote_address.ip_address}"
+                  client.logger&.debug "Connection opened from #{client_ip_address}"
                 end
                 # We know who the client is, welcome them.
-                client.logger&.debug "Client identified as #{new_io.remote_address.ip_address}"
+                client.logger&.debug "Client identified as #{client_ip_address}"
                 new_io.print("220 #{Postal::Config.postal.smtp_hostname} ESMTP Postal/#{client.trace_id}")
               end
               # Register the client and its socket with nio4r
@@ -205,7 +207,7 @@ module SMTPServer
 
                   result = [result] unless result.is_a?(Array)
                   result.compact.each do |iline|
-                    client.logger&.debug "\e[34m=> #{iline.strip}"
+                    client.logger&.debug "\e[34m=> #{iline.strip}\e[0m"
                     begin
                       io.write(iline.to_s + "\r\n")
                       io.flush

app/models/smtp_endpoint.rb

@@ -47,4 +47,8 @@ class SMTPEndpoint < ApplicationRecord
     routes.each { |r| r.update(endpoint: nil, mode: "Reject") }
   end
 
+  def to_smtp_client_server
+    SMTPClient::Server.new(hostname, port: port || 25, ssl_mode: ssl_mode)
+  end
+
 end

app/senders/smtp_sender.rb

@@ -250,7 +250,7 @@ class SMTPSender < BaseSender
         SMTPClient::Server.new(relay.host, relay.port, ssl_mode: relay.ssl_mode)
       end.compact
 
-      @smtp_relays = hosts.empty? ? nil : hosts
+      @smtp_relays = relays.empty? ? nil : relays
     end
 
   end

app/views/servers/queue.html.haml

@@ -8,7 +8,7 @@
 - if @messages.empty?
   .pageContent--compact
     .noData.noData--clean
-      %h2.noData__title Your queue is current empty.
+      %h2.noData__title Your queue is currently empty.
       %p.noData__text
         Messages which haven't yet been delivered successfully will appear in your queue until
         we've delivered them or we've given up trying.

config/initializers/trusted_proxies.rb

@@ -1,15 +1,10 @@
 # frozen_string_literal: true
 
-module Rack
+Rack::Request.ip_filter = lambda { |ip|
-  class Request
+  if Postal::Config.postal.trusted_proxies&.any? { |net| net.include?(ip) } ||
-
+     ip.match(/\A127\.0\.0\.1\Z|\A::1\Z|\Afd[0-9a-f]{2}:.+|\Alocalhost\Z|\Aunix\Z|\Aunix:/i)
-    module Helpers
+    true
-
+  else
-      def trusted_proxy?(ip)
+    false
-        ip =~ /^127\.0\.0\.1$|^localhost$|^unix$$/i
-      end
-
-    end
-
-  end
   end
+}

doc/config/environment-variables.md

@@ -17,6 +17,7 @@ This document contains all the environment variables which are available for thi
 | `POSTAL_USE_RESENT_SENDER_HEADER` | Boolean | Append a Resend-Sender header to all outgoing e-mails | true |
 | `POSTAL_SIGNING_KEY_PATH` | String | Path to the private key used for signing | config/postal/signing.key |
 | `POSTAL_SMTP_RELAYS` | Array of strings | An array of SMTP relays in the format of smtp://host:port |  |
+| `POSTAL_TRUSTED_PROXIES` | Array of strings | An array of IP addresses to trust for proxying requests to Postal (in addition to localhost addresses) |  |
 | `WEB_SERVER_DEFAULT_PORT` | Integer | The default port the web server should listen on unless overriden by the PORT environment variable | 5000 |
 | `WEB_SERVER_DEFAULT_BIND_ADDRESS` | String | The default bind address the web server should listen on unless overriden by the BIND_ADDRESS environment variable | 127.0.0.1 |
 | `WEB_SERVER_MAX_THREADS` | Integer | The maximum number of threads which can be used by the web server | 5 |

doc/config/yaml.yml

@@ -27,6 +27,8 @@ postal:
   signing_key_path: config/postal/signing.key
   # An array of SMTP relays in the format of smtp://host:port
   smtp_relays: []
+  # An array of IP addresses to trust for proxying requests to Postal (in addition to localhost addresses)
+  trusted_proxies: []
 
 web_server:
   # The default port the web server should listen on unless overriden by the PORT environment variable

lib/postal/config_schema.rb

@@ -84,6 +84,12 @@ module Postal
           }
         end
       end
+
+      string :trusted_proxies do
+        array
+        description "An array of IP addresses to trust for proxying requests to Postal (in addition to localhost addresses)"
+        transform { |ip| IPAddr.new(ip) }
+      end
     end
 
     group :web_server do
@@ -227,7 +233,7 @@ module Postal
 
       string :default_bind_address do
         description "The default bind address the SMTP server should listen on unless overriden by the BIND_ADDRESS environment variable"
-        default "127.0.0.1"
+        default "::"
       end
 
       integer :default_health_server_port do

lib/postal/helm_config_exporter.rb

@@ -12,7 +12,7 @@ module Postal
 
       @schema.groups.each do |group_name, group|
         path << group_name
-        group.attributes.each do |name, attr|
+        group.attributes.each do |name, _|
           env_var = Konfig::Sources::Environment.path_to_env_var(path + [name])
           contents << <<~VAR.strip
             {{ include "app.envVar" (dict "name" "#{env_var}" "spec" .Values.postal.#{path.join('.')}.#{name} "root" . ) }}

lib/postal/legacy_config_source.rb

@@ -53,7 +53,7 @@ module Postal
       "gelf.facility" => -> (c) { c.dig("logging", "graylog", "facility") },
 
       "smtp_server.default_port" => -> (c) { c.dig("smtp_server", "port") },
-      "smtp_server.default_bind_address" => -> (c) { c.dig("smtp_server", "bind_address") },
+      "smtp_server.default_bind_address" => -> (c) { c.dig("smtp_server", "bind_address") || "::" },
       "smtp_server.tls_enabled" => -> (c) { c.dig("smtp_server", "tls_enabled") },
       "smtp_server.tls_certificate_path" => -> (c) { c.dig("smtp_server", "tls_certificate_path") },
       "smtp_server.tls_private_key_path" => -> (c) { c.dig("smtp_server", "tls_private_key_path") },

spec/lib/message_dequeuer/incoming_message_processor_spec.rb

@@ -422,7 +422,7 @@ module MessageDequeuer
       it "gets a sender from the state and sends the message to it" do
         smtp_sender_double = double("SMTPSender")
         expect(smtp_sender_double).to receive(:send_message).with(queued_message.message).and_return(SendResult.new)
-        expect(state).to receive(:sender_for).with(SMTPSender, message.recipient_domain, nil, { servers: [endpoint] }).and_return(smtp_sender_double)
+        expect(state).to receive(:sender_for).with(SMTPSender, message.recipient_domain, nil, { servers: [kind_of(SMTPClient::Server)] }).and_return(smtp_sender_double)
         processor.process
       end
     end