remove the built-in domain check when adding a custom domain

CHANGELOG

@@ -6,6 +6,23 @@ The version corresponds to SimpleLogin Docker `image tag`.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.6.2] - 2022-06-15
+- support dot in alias prefix
+- Set the "X-SimpleLogin-Envelope-To" to the alias during forward
+- Use a different format for VERP
+- use same footer as landing page
+- remove obsolete endpoints /alias/custom/new, /alias/options, /v2/alias/options, /v3/alias/options
+- support search on contact page
+- Better search using Postgres fulltext search
+- Use AGPL license instead of MIT
+- auto-create alias rule for custom domain
+- use re2 instead of re to avoid ReDOS attack
+- Use alembic instead of flask migrate which depends on flask-sqlalchemy
+- Remove flask-sqlalchemy
+- Able to block sender
+- subdomain
+- GPDR data export
+
 ## [3.4.0] - 2021-04-06
 Support ARM arch
 Remove unused config like DEBUG, CLOUDWATCH, DKIM_PUBLIC_KEY_PATH, DKIM_DNS_VALUE

Dockerfile

@@ -5,7 +5,7 @@ COPY ./static/package*.json /code/static/
 RUN cd /code/static && npm install
 
 # Main image
-FROM python:3.7
+FROM python:3.10
 
 # Keeps Python from generating .pyc files in the container
 ENV PYTHONDONTWRITEBYTECODE 1
@@ -13,7 +13,7 @@ ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1
 
 # Add poetry to PATH
-ENV PATH="${PATH}:/root/.poetry/bin"
+ENV PATH="${PATH}:/root/.local/bin"
 
 WORKDIR /code
 
@@ -24,7 +24,7 @@ COPY poetry.lock pyproject.toml ./
 RUN pip install -U pip \
     && apt-get update \
     && apt install -y curl netcat gcc python3-dev gnupg git libre2-dev \
-    && curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python - \
+    && curl -sSL https://install.python-poetry.org | python3 - \
     # Remove curl and netcat from the image
     && apt-get purge -y curl netcat \
     # Run poetry

README.md

@@ -329,8 +329,8 @@ smtpd_recipient_restrictions =
    reject_unknown_recipient_domain,
    permit_mynetworks,
    reject_unauth_destination,
-   reject_rbl_client zen.spamhaus.org,
-   reject_rbl_client bl.spamcop.net,
+   reject_rbl_client zen.spamhaus.org=127.0.0.[2..11],
+   reject_rbl_client bl.spamcop.net=127.0.0.2,
    permit
 ```
 
@@ -345,6 +345,7 @@ password = mypassword
 dbname = simplelogin
 
 query = SELECT domain FROM custom_domain WHERE domain='%s' AND verified=true
+    UNION SELECT domain FROM public_domain WHERE domain='%s'
     UNION SELECT '%s' WHERE '%s' = 'mydomain.com' LIMIT 1;
 ```
 
@@ -360,6 +361,7 @@ dbname = simplelogin
 
 # forward to smtp:127.0.0.1:20381 for custom domain AND email domain
 query = SELECT 'smtp:127.0.0.1:20381' FROM custom_domain WHERE domain = '%s' AND verified=true
+    UNION SELECT 'smtp:127.0.0.1:20381' FROM public_domain WHERE domain = '%s'
     UNION SELECT 'smtp:127.0.0.1:20381' WHERE '%s' = 'mydomain.com' LIMIT 1;
 ```
 
@@ -424,7 +426,7 @@ docker run --rm \
     -v $(pwd)/dkim.pub.key:/dkim.pub.key \
     -v $(pwd)/simplelogin.env:/code/.env \
     --network="sl-network" \
-    simplelogin/app:3.4.0 flask db upgrade
+    simplelogin/app:4.6.3-beta alembic upgrade head
 ```
 
 This command could take a while to download the `simplelogin/app` docker image.
@@ -439,7 +441,7 @@ docker run --rm \
     -v $(pwd)/dkim.key:/dkim.key \
     -v $(pwd)/dkim.pub.key:/dkim.pub.key \
     --network="sl-network" \
-    simplelogin/app:3.4.0 python init_app.py
+    simplelogin/app:4.6.3-beta python init_app.py
 ```
 
 Now, it's time to run the `webapp` container!
@@ -455,7 +457,7 @@ docker run -d \
     -p 127.0.0.1:7777:7777 \
     --restart always \
     --network="sl-network" \
-    simplelogin/app:3.4.0
+    simplelogin/app:4.6.3-beta
 ```
 
 Next run the `email handler`
@@ -471,7 +473,7 @@ docker run -d \
     -p 127.0.0.1:20381:20381 \
     --restart always \
     --network="sl-network" \
-    simplelogin/app:3.4.0 python email_handler.py
+    simplelogin/app:4.6.3-beta python email_handler.py
 ```
 
 And finally the `job runner`
@@ -486,7 +488,7 @@ docker run -d \
     -v $(pwd)/dkim.pub.key:/dkim.pub.key \
     --restart always \
     --network="sl-network" \
-    simplelogin/app:3.4.0 python job_runner.py
+    simplelogin/app:4.6.3-beta python job_runner.py
 ```
 
 ### Nginx

app/config.py

@@ -480,3 +480,5 @@ DISABLE_CREATE_CONTACTS_FOR_FREE_USERS = False
 PARTNER_API_TOKEN_SECRET = os.environ.get("PARTNER_API_TOKEN_SECRET") or (
     FLASK_SECRET + "partnerapitoken"
 )
+
+SQLALCHEMY_POOL_PRE_PING = "SQLALCHEMY_POOL_PRE_PING" in os.environ

app/dashboard/views/custom_domain.py

@@ -43,9 +43,7 @@ def custom_domain():
                 if new_domain.startswith("https://"):
                     new_domain = new_domain[len("https://") :]
 
-                if SLDomain.get_by(domain=new_domain):
-                    flash("A custom domain cannot be a built-in domain.", "error")
-                elif CustomDomain.get_by(domain=new_domain):
+                if CustomDomain.get_by(domain=new_domain):
                     flash(f"{new_domain} already used", "error")
                 elif get_email_domain_part(current_user.email) == new_domain:
                     flash(

docs/upgrade.md

@@ -4,10 +4,54 @@ No emails or any data is lost in the upgrade process. The same process is by the
 
 Sometimes upgrading to a major version might require running a manual migration. This is for example the case when upgrading to 2.0.0. In this case please follow the corresponding migration first before running these scripts.
 
-If you are running versions prior to 3x, please:
+If you are running versions prior to 4.x.x, please:
 
-1. first upgrade to 2.1.2 then
-2. upgrade to the latest version which is 3.4.0
+1. first upgrade to 3.4.0 then
+2. upgrade to the latest version which is 4.6.3-beta
+
+<details>
+<summary>After upgrade to 4.x.x from 3.4.0</summary>
+<p>
+
+Please update `/etc/postfix/pgsql-relay-domains.cf` to the following. Make sure to replace `mydomain.com` by your actual domain.
+
+```
+# postgres config
+hosts = localhost
+user = myuser
+password = mypassword
+dbname = simplelogin
+
+query = SELECT domain FROM custom_domain WHERE domain='%s' AND verified=true
+    UNION SELECT domain FROM public_domain WHERE domain='%s'
+    UNION SELECT '%s' WHERE '%s' = 'mydomain.com' LIMIT 1;
+```
+
+and `/etc/postfix/pgsql-transport-maps.cf` to
+
+```
+# postgres config
+hosts = localhost
+user = myuser
+password = mypassword
+dbname = simplelogin
+
+# forward to smtp:127.0.0.1:20381 for custom domain AND email domain
+query = SELECT 'smtp:127.0.0.1:20381' FROM custom_domain WHERE domain = '%s' AND verified=true
+    UNION SELECT 'smtp:127.0.0.1:20381' FROM public_domain WHERE domain = '%s'
+    UNION SELECT 'smtp:127.0.0.1:20381' WHERE '%s' = 'mydomain.com' LIMIT 1;
+```
+
+Please run the following command to update the `email_log` table:
+
+```bash
+docker exec -it sl-db psql -U myuser simplelogin
+update email_log set alias_id=(select alias_id from contact where contact.id = email_log.contact_id);
+exit
+```
+
+</p>
+</details>
 
 <details>
 <summary>After upgrade to 3x from 2x</summary>
@@ -119,17 +163,17 @@ for user in User.query.all():
 </p>
 </details>
 
-## Upgrade to the latest version 3.4.0
+## Upgrade to the latest version 4.6.3-beta
 
 ```bash
 # Pull the latest version
-sudo docker pull simplelogin/app:3.4.0
+sudo docker pull simplelogin/app:4.6.3-beta
 
 # Stop SimpleLogin containers
 sudo docker stop sl-email sl-migration sl-app sl-db sl-job-runner
 
 # Make sure to remove these containers to avoid conflict
-sudo docker rm -f sl-email sl-migration sl-app sl-db
+sudo docker rm -f sl-email sl-migration sl-app sl-db sl-job-runner
 
 # create ./sl/upload/ if not exist
 mkdir -p ./sl/upload/
@@ -155,7 +199,7 @@ sudo docker run --rm \
     -v $(pwd)/dkim.pub.key:/dkim.pub.key \
     -v $(pwd)/simplelogin.env:/code/.env \
     --network="sl-network" \
-    simplelogin/app:3.4.0 flask db upgrade
+    simplelogin/app:4.6.3-beta alembic upgrade head
 
 # Run init data
 sudo docker run --rm \
@@ -166,7 +210,7 @@ sudo docker run --rm \
     -v $(pwd)/dkim.key:/dkim.key \
     -v $(pwd)/dkim.pub.key:/dkim.pub.key \
     --network="sl-network" \
-    simplelogin/app:3.4.0 python init_app.py
+    simplelogin/app:4.6.3-beta python init_app.py
 
 # Run the webapp container
 sudo docker run -d \
@@ -179,7 +223,7 @@ sudo docker run -d \
     -p 127.0.0.1:7777:7777 \
     --restart always \
     --network="sl-network" \
-    simplelogin/app:3.4.0
+    simplelogin/app:4.6.3-beta
 
 # Run the email handler container
 sudo docker run -d \
@@ -192,7 +236,7 @@ sudo docker run -d \
     -p 127.0.0.1:20381:20381 \
     --restart always \
     --network="sl-network" \
-    simplelogin/app:3.4.0 python email_handler.py
+    simplelogin/app:4.6.3-beta python email_handler.py
     
 # Run the job runner
 docker run -d \
@@ -204,7 +248,7 @@ docker run -d \
     -v $(pwd)/dkim.pub.key:/dkim.pub.key \
     --restart always \
     --network="sl-network" \
-    simplelogin/app:3.4.0 python job_runner.py
+    simplelogin/app:4.6.3-beta python job_runner.py
     
 ```
 

server.py

@@ -140,6 +140,10 @@ def create_app() -> Flask:
     # enable to print all queries generated by sqlalchemy
     # app.config["SQLALCHEMY_ECHO"] = True
 
+    if config.SQLALCHEMY_POOL_PRE_PING:
+        # to handle the "server closed the connection unexpectedly" error
+        app.config["SQLALCHEMY_ENGINE_OPTIONS"] = {"pool_pre_ping": True}
+
     app.secret_key = FLASK_SECRET
 
     app.config["TEMPLATES_AUTO_RELOAD"] = True