New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add detection of configuration based on SRV records (RFC6186) #4719
Conversation
I'm going to contribute some automated tests and fix the issues mentioned over the weekend but I thought it would be nice to get it out into the open to get eyes on it. |
Thanks for working on this 👍 Actually using this method to discover server settings comes with the same problems as mentioned here: #3879 (review) For now I think it would be best to limit this pull request to the |
app/autodiscovery/src/main/java/com/fsck/k9/autodiscovery/srvrecords/SrvServiceDiscovery.kt
Outdated
Show resolved
Hide resolved
app/autodiscovery/src/main/java/com/fsck/k9/autodiscovery/srvrecords/SrvServiceDiscovery.kt
Outdated
Show resolved
Hide resolved
app/autodiscovery/src/main/java/com/fsck/k9/autodiscovery/srvrecords/SrvServiceDiscovery.kt
Outdated
Show resolved
Hide resolved
app/autodiscovery/src/main/java/com/fsck/k9/autodiscovery/srvrecords/SrvServiceDiscovery.kt
Outdated
Show resolved
Hide resolved
app/autodiscovery/src/main/java/com/fsck/k9/autodiscovery/srvrecords/SrvServiceDiscovery.kt
Outdated
Show resolved
Hide resolved
app/autodiscovery/src/main/java/com/fsck/k9/autodiscovery/srvrecords/SrvServiceDiscovery.kt
Outdated
Show resolved
Hide resolved
@cketti I won't reply individually to the comments as I'm generally in agreement with you with most of them, especially around "graceful failure". Thanks for your comments :) |
949032f
to
7f8c7d7
Compare
@cketti Would there be an issue in me using JUnit-QuickCheck to write property-based tests? I feel the number of variables to account for could easily become quite high. I feel like there are many outcomes that depend only on one or two variables. It would be useful to generate data in the test that might account for situations where the SRV records have weird data. Hopefully that makes at least a little sense. I posted this just before going to sleep :) |
Without concrete example I currently don't see how it could be useful. Just go for it and I'll have a look at the result? |
bc9e978
to
113c045
Compare
If "XML Discovery" yields no connection settings, query SRV records on the domain portion of the email address. This will help increase the likelihood of being able to set up accounts with only the email and password. This implementation prefers TLS incoming servers (IMAPs/POP3s) with the lowest priority value. If neither can be found, it will fall back to using IMAP/POP3 with STARTTLS security. It is then left to finishAutoSetup() to handle testing of the connection. Things this commit hasn't covered: * Domain validation ("the user should be alerted if the SRV target is not part of the email domain") * Setting SSL/TLS security for the outbound server (it assumes STARTTLS currently) NB: I attempted to merge the code that @daquexian had worked on but it has drifted so far behind master that the amount of effort to merge that in would be very large. References thunderbird#2530
Among a few minor style/convention changes, add an interface for the SRV resolver and remove POP3/POP3S support.
Allow SrvServiceDiscovery to be initialized with arbitrary SrvResolution interface implementation Add test for null happy-path case (no SRV records)
Previous commit was missing the required dependencies. This commit fixes that.
be8641f
to
a3b109a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel like this is close to completion @cketti with the following caveats worth considering:
-
It is probably advisable for us to check if the email domain is the parent of any servers returned in SRV records and check with the user (in case of DNS hijacking). This does feel outside the scope of this PR though and something that would be implemented higher up the stack before validating the settings and we maybe should see how this fits into Automatic account setup / server settings autodiscovery #4721
-
How can we determine the security setting for the SMTP server? There is no differentiation like IMAP/IMAPS in RFC6186. Should we assume STARTTLS? Or possibly attempt SSL/TLS depending on port number?
NB: I'm not a self-identified Kotlin/Java/Android developer so I may have done things in a weird/non-standard way - please let me know if this is the case. 😄
|
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks 👍
As you mentioned, this does have security implications. When implementing the plan outlined in #4721 we'll have to distinguish between trusted server settings and those we can only use after checking with the user. That's one of the reasons I don't want to use this in AccountSetupBasics
just yet.
app/autodiscovery/src/main/java/com/fsck/k9/autodiscovery/srvrecords/SrvServiceDiscovery.kt
Outdated
Show resolved
Hide resolved
app/autodiscovery/src/main/java/com/fsck/k9/autodiscovery/srvrecords/SrvServiceDiscovery.kt
Outdated
Show resolved
Hide resolved
app/autodiscovery/src/main/java/com/fsck/k9/autodiscovery/srvrecords/SrvServiceDiscovery.kt
Outdated
Show resolved
Hide resolved
app/autodiscovery/src/main/java/com/fsck/k9/autodiscovery/srvrecords/SrvServiceDiscovery.kt
Outdated
Show resolved
Hide resolved
app/autodiscovery/src/main/java/com/fsck/k9/autodiscovery/srvrecords/SrvServiceDiscovery.kt
Show resolved
Hide resolved
app/autodiscovery/src/test/java/com/fsck/k9/autodiscovery/srvrecords/SrvServiceDiscoveryTest.kt
Outdated
Show resolved
Hide resolved
app/autodiscovery/src/test/java/com/fsck/k9/autodiscovery/srvrecords/SrvServiceDiscoveryTest.kt
Outdated
Show resolved
Hide resolved
app/autodiscovery/src/test/java/com/fsck/k9/autodiscovery/srvrecords/SrvServiceDiscoveryTest.kt
Outdated
Show resolved
Hide resolved
app/autodiscovery/src/test/java/com/fsck/k9/autodiscovery/srvrecords/SrvServiceDiscoveryTest.kt
Outdated
Show resolved
Hide resolved
app/ui/src/main/java/com/fsck/k9/activity/setup/AccountSetupBasics.java
Outdated
Show resolved
Hide resolved
It's not doing anything useful and was responsible for at least one bug.
* Rename SrvResolver and interface to use standard semantics * Add visual line separation between arrange, act, assert test blocks
* Reorder classes / functions by importance * Move SrvResolver interface to its own file * Use functional approach to retrieving mail services
Git history was manually cleaned up.
Thanks 👍 I manually cleaned up the Git history dfe2698 and merged the changes just now. |
@livmackintosh: Do you want to continue working on this? Unfortunately, the plan outlined in #4721 is quite a lot of work. But if I know someone is willing to work on it, I'd be happy to break it down into more manageable tasks. |
Awesome. I created issue #4759 with a description of what I think is a reasonable next step. |
Really cool! Do we check the validity of the SRV record with DNSSEC? |
@monperrus: Not yet, but the code isn't used yet. The plan is to trust host names under the email domain and records signed via DNSSEC. |
Might pick up on some of this this evening, just been crazy busy lately 😄 |
If "XML Discovery" yields no connection settings, query SRV records
on the domain portion of the email address. This will help increase
the likelihood of being able to set up accounts with only the email and
password.
NB: I attempted to merge the code that @daquexian had worked on but it
has drifted so far behind master that the amount of effort to merge that
in would be very large.
References:
#865
#2530