mail-server | Nodejs mail server we are using at vanila.io | Runtime Evironment library

I found in a forum about fail2ban that nft could be the problem. For some reason the nft firewall blocked every port.

Executing sudo nft flush ruleset will remove every rule from nft and solved my problem.

I searched hours to find this solution, so I figured I should share it here.

from my understanding, you are re-exporting the keys from key.js.

try this in key.js:

Add to your existing try block additional catch blocks for java.util.ServiceConfigurationError and java.lang.RuntimeException. If you are seeing ServiceConfigurationError then either the context classloader needs to be changed the batch server has the wrong JavaMail artifact like the API only version of JavaMail without the method bodies.

You can also turn on mail debugging. Here is an example with both changes but only apply one at a time and test each change independently.

I presume you're using the config package. I've created an example app in Windows 10 to test all this using the below file structure. I suspect you just need to omit the quotes, e.g.

Most of the WebMail service providers with free-service support basic/mobile web-browser and ofcourse supports general/full web-browser.
These type of service provider's web-mail-servers can detect user's (client-side) web-browser software, by detecting the User-Agent string & can switch & transfer to that mode of specific web-pages.

Below solution # 1 worked on basic lightweight web-browser, so it partially answers your question's 1st part,
and solution # 2 is the answer for your 2nd & 3rd part of the question.

SOLUTION # 1 :
Web Access Based Solution For Basic Web-Browsers:
In basic web-browser "qutebrowser" (with JS support) just goto https://www.mail.com/ website.

• "Mail.com" web-servers will detect your browser & approximate location & connect your browser into appropriate web-servers related to those, just enable JS for only 7 sites/addresses shown in below, that should be sufficient, to access (view, send, receive) your emails.
• I have tested "qutebrowser" v1.13.1 on MacOSX Catalina (64bit-only macOS) & it works fine, by the way qutebrowser installer for MacOSX is 144MB as it includes all dependencies, & so it uses half-gigabyte space after decompress.
• if your basic/lightweight web-browser does not support JS, then this solution # 1 will not work, So wait for someone else to answer with a solution for that problem.
  
  

SOLUTION # 2 :
Website/webmail/Web-Service Access Based Solution For Thunderbird (Email-Client):
this solution/process is the preferred way, as mentioned in above/OP's Question.
Tested + worked on Thunderbird ( v68.12.1 ).

• Load "BrowseInTab" Thunderbird addon : Thunderbird > Tools > Addons > in "Find More Extensions" box, type: BrowseInTab
  click on [ + Add To Thunderbird ] button > "Add" > restart Thunderbird.

• now send a HTML-formatted email (not plain-text Email) , into any one of the email-address (or email account) that is already setup in your Thunderbird, in that email you must send an URL LINK, this link: https://www.mail.com/
  If you need to connect to a different site, then change above site.

• goto Thunderbird "Preferences"/"Options"/Settings > Privacy > goto "Web Content" section.
  
  it should by-default have the option "Accept Cookies From Sites" unselected, for now keep it like that, (if not unseleted, then unselect it), in that row in right side, there is a button [ Exceptions ], click on that, then type-in (or copy from here) each of below web-address (URL) into the "Address of Website" textbox, & then press [ Add ]/[ Allow ] button, after all 7-sites are entered, then press [ Save Changes ]:

  Mail.com (Mobile/Basic Version) web-service:

  1. https://www.Mail.com/
  2. https://dl.Mail.com/
  3. https://Login.Mail.com/
  4. https://Navigator-lxa.Mail.com/
  5. https://3c-lxa.Mail.com/
  6. https://s.uiCDN.com/
  7. https://js.ui-portal.de/
  • Above list is valid for users in (southern) California, USA.
  • NOTE: number 4 & 5 web-addresses (or URL(s) or site-addresses) may be DIFFERENT for your location.
  • FF = Firefox . TB = Thunderbird.
  • EXCEPTION / EXCLUSION LIST (BASIC/MOBILE VERSION) : How To Obtain Basic/Mobile Version Service URLs ? To find out, what exact URLs/sites are used by BASIC or MOBILE version web-service (for-example: "Mail.com"), you will have to load "NoScript", "User-Agent Switcher", "User-Agent Switcher and Manager" addons on a regular FF=Firefox web-browser . Start TB, send yourself one HTML based email with an URL/LINK in it, either this URL/LINK: "http://UserAgentString.com/" or this "https://what-is-my.com/browser/user-agent/" , open that message/email in TB , right-click on url/link , click-on "Open Link in New Tab" , TB will open the URL/LINK in a new browser-tab inside TB . Copy user-agent string code of your TB that will be shown there . Open another browser-tab in FF , and set/change that FF tab's User-Agent string by using the User-Agent switching/changing addon, & set/change default User-Agent string of FF into the User-Agent string code obtained from TB . Then visit the "https://www.Mail.com/" website in that FF tab , Mail.com website/web-service will provide web-pages to Firefox tab, based on Thunderbird's User-Agent string code that we setup in FF earlier . One by one allow+add URLs which MUST be approved/allowed in NoScript addon, for the Mail.com web-service to work . Now we have a list, this is the EXCEPTION LIST for using basic/mobile web-service.
  • add "Mail.com" web-addresses in NoScript addon except for the number 4 & 5 . When you will "sign-in" into "https://www.Mail.com/" website, then you will see, immediately after sign-in with correct email-address & correct password, that, Firefox web-browser's URL bar is showing a slightly different website address, MAY BE its not exactly same as number 4 shown as above, write down the part after the word "navigator-" or the "3c-" . So this new part of server-name word is what you have to use after the "navigator-" for the above URL/web-address # 4 in your case, and use that same part also after the "3c-" for the URL # 5 . So now you know & can enter the correct URL # 4 & 5 , so enter those inside the Thunderbird's Cookie EXCEPTION list.

• goto the received email which has the link https://www.mail.com/
  in Thunderbird (TB) > right-click on that link > you will see an new option "Open Link in New Tab", use that, a new browser Tab will open up in Thunderbird.

• now you can access (view, receive, send) your emails on "Mail.com" site itself directly, from your Email-client program, over port-443 based secured+encrypted (HTTPS + TLS/SSL) connection.

• This Tab in TB should stay open, when you close/open TB next time.

• regularly clear TRACKING-DATA (aka: COOKIES) inside TB.

• Since you're using (basic browser) web browser tab(s) inside Thunderbird, & it will not-only connect with primary webmail website, but will also connect with too many different types of websites, So you MUST also install protection addon : AdBlock (or alternative) addon to stop intrusive/annoying/data-stealing ADs. I prefer to use uBlock-Origin addon. But user may Allow simple or Text based small ADs which do not steal (your data) & has obtained your specific permission.

If you/user want to use "Mail.com" mail services normally, thru default general full version web UI (user-interface), but inside the Thunderbird browser-tab (or inside other minimal or basic web-browser), then, also allow these URLs (along with previous 7-URLs in above), as "Mail.com" uses these for full version UI:

• Mail.com (Full/default Version) web-service:
  8. https://Account-lxa.Mail.com/
  9. https://MyAccount.Mail.com/
  10. https://mobileMailDeref.Mail.com/
  11. https://api.taboola.com/
  12. https://img.ui-portal.de/
  13. https://cats-tam.ui-portal.de/
  14. https://uim.tifbs.net/
  15. https://plus.Mail.com/
  16. https://mailDeref.Mail.com/
  17. https://cdn.taboola.com/
  18. https://Home.Navigator-lxa.Mail.com/
  19. https://lps.Navigator-lxa.Mail.com/
  20. https://trackbar.Navigator-lxa.Mail.com/
  21. https://epimetheus.Navigator-lxa.Mail.com/
  22. https://js-sec.indexWW.com/
  23. https://AddressBook.Navigator-lxa.Mail.com/
  24. https://ooEditor.Mail.com/
  25. https://ADclient.uimServ.net/
  You may/should AVOID adding below:
  26. Advertisements from https://c.Amazon-ADsystem.com/ , location tracking from https://GeoLocation.OneTrust.com/, usage profiling+tracking,etc from https://www.GoogleTagServices.com/

If you look into above multiple web-services, it can be very easily said, "Mail.com" DO NOT RESPECT USER's PRIVACY-RIGHTS, AND "Mail.com" IS VIOLATING+ABUSING PRIVACY-RIGHTS , they are sharing PRIVATE data with too many ESP (external-service-providers) (aka: TPSP = 3rd-party service providers), vendors, etc , using too many APIs from ESP/TPSP, vendors, etc.

If your phone sends your voice, fingerprint, face, etc your PRIVATE biometric data outside of your phone into remote server for processing or whatever, then that is huge THEFT & STEALING AND Violation+Abuse of Privacy-Rights , because phone can use builtin+INTERNAL software, tools, etc for processing.

So similar way, the services that for-example: "Mail.com", a WebMail service provider needs, those must be used+processed INSIDE the "Mail.com" SERVERS (inside Mail.com's premise & under their control), their ESP/TPSP/vendors,etc can have remote access into their software (inside "Mail.com" server), but not any access into user's PRIVATE DATA/database, etc . Private data must not travel/copied outside of "Mail.com" servers . So "Mail.com" should create different sub-domain for their each ESP/TPSP/vendor,etc.

If a person/entity really wishes to NOT violate/abuse human-rights , then there are always (many) ways for that.

OAUTH:
various (remote) web-service & other online service providers may/often use OAuth (OAuth 2.0, etc) based verification to allow user to sign-in/login into their site/service-site from user's/client's software . OAuth verification process need to save a token as a Cookie inside your web-browser software , this process uses HTTPS/443 protocol based connection via a web-browser . If your web-browser blocks cookies, to create safety, from tracking cookies of various human-rights violating websites/web-services, etc , then you/user have to allow OAuth verification related specific cookies by adding specific OAuth verification related websites/webservices, into your web-browser's Cookie/Script EXCEPTION LIST . After that OAuth verification related sign-in/login will succeed & an approved token as a cookie will be saved . OAuth verification may use one or few more extra web-sites/URLs from your (remote) service provider, than the sites that are generally used for a general login/sign-in . When this token/cookie is saved & available inside a client software, then it can be used to verify user's client-software (that i connecting with (remote) service provider) for various other protocol based services, for-example: IMAP/POP3, SMTP mail-server services, IM(instant-messaging) chat network services, etc, etc.

Normally without OAuth, user have to verify from the client software's connection into the (remote) web-server that it is indeed he himself (or she herself) is accessing the (remote) web-services, by providing the password (web-service access main/master password) as a proof each time, or by saving this main/master password inside the software . So if this client software is hacked or a backdoor/bug/vulnerability is found then harmful entity may/will also have the main/master password and takeover your account . But this risk can be reduced, by saving a token/cookie instead of the main/master password, and use that token/cookie to prove that its you who is accessing the service from that client software . If you suspect there was a remote access event occurred in your computer/device, then just clear saved token/cookie/password, & re-verify via OAuth to save a new token/cookie . Harmful entity when obtains the token/cookie can access your some data, but not all data, as other sensitive data access (may) require entering main/master password.

So even OAuth has weakness^{1, 2, 3} & strength¹, so use wisely where & when appropriate . When its used with other SECURED process only THEN it can be better.

Client software/app which cannot handle web-browser connection to use OAuth, for those type of app/clients, you can go into your web-service provider's website, find-out the section that allows to generate/create a TP(Third-Party) App Access Key (AAK) code, or Secure Mail Key (SMK) code, etc . This type of (app access key) code should be used as password in/with your client-software, then main/master-password remains safe . This is much better solution than OAuth.
Some service-providers will allow you to use (app) access-key in your client-software first, then they will also allow to use OAuth if you need-to.

TB = Thunderbird .

EXCEPTION / EXCLUSION LIST (OAUTH RELATED) : First, please follow the procedure shown in above "Mail.com" section on How to find-out & add EXCEPTION to allow BASIC/MOBILE VERSION based access service by using a basic web-browser (or by using builtin browser-tab inside TB email-client software).
Then Begin OAuth verification process in your client software , open OAuth verification URL in a web-browser (or open inside TB's builtin browser-tab) , in bottomside near app border AND in topside URL bar, you will see which web-sites it is attempting to connect or connecting, etc , either take screen-shot picture(s) whenever URL/website changes by pressing specific screenshot buttons , or write down each URLs when URL changes.
If only one extra site/website is needed for OAuth, then after adding that one site (in EXCEPTION list) , oauth verification will complete, but as it is still not yet inside the Exception list, OAuth will not succeed , So add the URL/website in web-browser's (or TB's) Cookie/Script EXCEPTION list . And again initiate OAuth verification in your client software/app . this time it will succeed.
If oauth verification need to use multiple sites, then you will also have to add multiple times different URLs in EXCEPTION list, and you also have to initiate oauth verification process multiple times from client software.
When oauth succeeds then you're done.
Time to share that list with others (please mention if 2FA option was enabled in your case or not).
Share only URL portion, not the portion that is after the left-side first single / slash: https://websiteURL.com/...

For example, below pictures showing OAuth verification process during adding a new mail-account inside Thunderbird email client software.

• after pressing the "Done" button during adding/creating New Mail-Account in Thunderbird=TB , TB email client software has initiated OAuth2 verification process in browser-tab
  
• after adding few more yahoo related URLs into Exception-list, Yahoo asking user to Sign-In with Yahoo main/master password, to verify & find-out indeed an authentic user has initiated this process or not
  
• Yahoo verifying user is authentic or not with 2FA type of verification, showing 2FA verification options
  
• Yahoo sending 2FA notification in their Yahoo Mail mobile app in user's smartphone
• Yahoo asking user to approve TB client/app for OAuth
  
• Thunderbird email client app is approved & added into authorized/approved app list, and it can be seen (via Firefox) inside Yahoo Mail web-access site's Recent Activity section
  
• Even though in above picture, the URL https://api.login.yahoo.com/ is shown, but actually i needed to approve only https://jsapi.login.yahoo.com/ in EXCEPTION list.
• in below goto Yahoo section to see which exact URLs were approved & needed for OAuth2.0
  End of OAUTH section.

Yahoo (Basic/Mobile Version) web-service:
This section contains info on what needs to be allowed in Thunderbird basic-browser tab, to access Yahoo "free" emails over their webmail web-service interface, to do basic functions: view new emails, or send emails. Below # 1 site is the webmail login/access site.

1. https://mail.yahoo.com/ Mail.Yahoo.com
2. https://login.yahoo.com/
3. https://s.yimg.com/
4. https://data.mail.yahoo.com/

• List is valid for users in (southern) California, USA, so it will be different based on different location. If you have Yahoo app on your phone, Yahoo may send user-sign-in event verification notice in it, once you select "yes" or allow it, basic browser in TB should take you to yahoo Inbox . NoScript on Firefox was used to obtain the list . Above list will be further different if you use their basic-HTML version site. List will be different if you've subscribed/changed your account into a different type of account. List will be different if you've enabled 2FA for your account . Follow above "Mail.com" section to apply it.

Yahoo also has these MOBILE (aka: BASIC-service friendly, aka: BASIC/HTML version) access sites:
• https://login.yahoo.com/?.src=ym&lang=&done=https%3A%2F%2Fmail.yahoo.com%2Fneo%2Fb%2Flaunch
• https://m.yahoo.com/
• https://us.m.yahoo.com/p/mail

For accessing Yahoo emails via "OAuth2" authentication-method, just add these two URLs as cookie [ Exceptions ] in TB,etc email-clients:
• https://login.yahoo.com/
• https://api.login.yahoo.com/

For accessing Yahoo emails via their full-version (web mail access) website inside Thunderbird's (or Firefox's) browser-tab , use above four URLs and below URL list . These will be slightly different based on your/user's location, etc.

Microsoft Outlook/Hotmail/Live,etc (Basic/Mobile Version) web-service:
This section contains info on what needs to be allowed in Thunderbird basic-browser tab, to access MS Outlook/Live/Hotmail "free" emails over their webmail web-service interface, to do basic functions: view new emails, or send emails. Below # 1 site is the webmail login/access site.

1. https://outlook.live.com/ Outlook.Live.com
2. https://login.live.com/
3. https://logincdn.msauth.net/
4. https://outlook-1.cdn.office.net/

• List is valid for users in (southern) California, USA, so it will be different based on different location. NoScript on Firefox was used to obtain the list . List will be further different if you use their basic-HTML version site. List will be different if you've subscribed/changed your account into a different type of account. List will be different if you've enabled 2FA for your account . Follow above "Mail.com" section to apply it.

Microsoft mail services also has these Mobile (aka: Basic-service friendly, aka: BASIC/HTML version) webmail access sites:
• https://mssl.mail.live.com/m/?bfv=wm
• https://mobile.live.com/hm
• https://profile.live.com/contacts?bfv=um
• https://mail.live.com/m
• https://wls.live.com
• https://mobile.msn.com/pocketpc/

For accessing emails thru "OAuth2" auth-method , use/add above four URLs & below one URL in TB's Cookie [ Exceptions ] list:
5. https://login.microsoftonline.com/

For accessing emails thru full-version webmail access website, lots of URLs need to be added into Exception list.

Push Microsoft to use TLS/SSL based encryption security, instead of StartTLS encryption security, as TLS/SSL is far far more secured+safer than StartTLS.

GMail (Basic/Mobile Version) web-service:
This section contains info on what needs to be allowed in Thunderbird basic-browser tab, to access Gmail (from Google) "free" emails over their webmail web-service interface, to do basic functions: view new emails, or send emails. Below # 1 site is the webmail login/access site.

1. https://mail.google.com/ mail.Google.com
2. https://accounts.google.com/
3. https://ssl.gstatic.com/
4. https://www.gstatic.com/

• List is valid for users in (southern) California, USA, so it will be different based on different location . NoScript on Firefox was used to obtain the list . List will be further different if you use their basic-HTML version site. List will be different if you've subscribed/changed your account into a different type of account. List will be different if you've enabled 2FA for your account . Follow above "Mail.com" section to apply it.

GMail also has these Mobile (aka: Basic-service friendly, aka: BASIC/HTML version) webmail access sites:
• https://mail.google.com/mail/u/0/h/1pq68r75kzvdr/?v%3Dlui
• https://m.gmail.com/
• https://mail.google.com/mail/x/gdlakb-/gp/
• https://mail.google.com/a/[Your-Domain]/x/1gjikl11t3cl1
• https://www.google.com/ig/mobile?output=pda

For accessing GMail/Google-Mail emails via "OAuth2" authentication-method , add these three URL exceptions in TB,etc email-client's cookie Exception list:
• https://accounts.google.com/
• https://ssl.gstatic.com/
• https://www.gstatic.com/

For accessing emails thru full-version webmail access website, lots of URLs need to be added into Exception list.

You need to do 2 things

1. go to folder where you cloned modoboa git repo and run:

You have a bad idea of "modern" thinking. The new way of doing things is actually using extensions, frameworks etc etc... - reusable code is the word in this fast expanding it world

Back in like '90s or '80s people didn't have the internet so widely available or available at all and if you wanted to (lets say) make connection between two computers (think NASA or something) you would have to write your own protocols (POP or IMAP) from scratch and spend weeks or even months in programming.

Now its 2020. and we have a lot of reusable code widely available, repositories, open-source software etc... you get the picture

Sure you can write you own authentication in php in like a week or you can simply download

Net_Socket (i have 1.2.2) -> https://pear.php.net/package/Net_Socket/download/ Net_SMTP (i have 1.9.2) -> https://pear.php.net/package/Net_SMTP/download/ Mail_extension (I have version 1.4.1) -> https://pear.php.net/package/Mail/download/

extract everything with 7-zip and structure it like this

your main folder

Add and header like this

Some friendly advice -- you probably want to use an off-the-shelf MTA like postfix, exim4, or sendmail if you just want to receive mail on your local machine.

I say this because I have literally spent a good hunk of my career implementing MTAs and feel I should warn you that this is a solved problem that allows you to have complete control over your mail traffic, and there are some very tricky issues to solve to write an MTA that works at scale with large mail volumes.

That said, SMTP (note spelling) is a very simple protocol, and a great "first protocol" to implement if you're interested in that stuff. It would be very easy to write one in NodeJS.

The first edition you'd be interested in was released some time around 1982, as RFC-821, aka IETF STD-10. It was then updated over the years to RFC-2821 and a bunch of related specs, but basic RFC-821 support will get you what you need to talk to 99% of hosts on the Internet today. (That number will go down as you need ESMTP support for TLS - but this is not much harder nor much different).

Your daemon will need to listen on port 25, and need to process commands like this: