anonaddy

• Updated to Vue 3
• Added API token details end point - https://app.anonaddy.com/docs/#api-token
• Added a new auth flow that will allow an API token to be automatically created and retrieved using a username and password. This will make logging into the browser extension easier in the future

• Added inline encryption (PGP/Inline) option for each recipient. This will only encrypt and forward the plain text of a message so only enable if you are sure.
• Added protected headers, this will hide the email subject and replace it with "...", it means the message subject is also encrypted in the message body. Many mail clients including Mozilla Thunderbird are able to automatically decrypt and display the original message subject when an email arrives.

• Added version to anonaddy.php config file for the Docker image
• Added extra stateful domain to sanctum.php config for the Docker image
• Fixed incorrect recipient "key" tooltip - closes https://github.com/anonaddy/docker/issues/155

• Added fallback to ANONADDY_VERSION environment variable for Docker image, thanks @crazy-max.

• Fix app-version undefined array key error in Docker image, closes https://github.com/anonaddy/docker/issues/156

• Upgraded to Laravel Sanctum v3
• Upgrade to Laravel UI v4
• Added expiry option when creating API tokens - 1 day, 1 week, 1 month, 1 year or no expiry
• Fixed issue where messages that have attachments with an invalid content type were not forwarded

Changes

This release migrates from Laravel Passport to Laravel Sanctum for API authentication.

Note

Upgrading to this release will drop all Laravel Passport database tables and you will need to re-create your new Sanctum API tokens from the settings page.

After upgrading you can safely remove the following from your .env file:

PASSPORT_PERSONAL_ACCESS_CLIENT_ID=client-id-value
PASSPORT_PERSONAL_ACCESS_CLIENT_SECRET=unhashed-client-secret-value

• Removed the exception thrown in the GitVersionHelper class as it was causing issues with the Docker image - https://github.com/anonaddy/docker/issues/142

• Fixed issue with Sender: header being passed through which was changing the envelope from address

If you wish to enable TLS for the local SMTP connections you can update your .env file as follows:

# The from name to be used for outgoing email notifications from AnonAddy
MAIL_FROM_NAME=Example
# The from address to be used for outgoing email notifications from AnonAddy
[email protected]
MAIL_DRIVER=smtp
MAIL_HOST=mail.example.com
MAIL_PORT=25
MAIL_ENCRYPTION=tls
MAIL_EHLO_DOMAIN=mail.example.com
MAIL_VERIFY_PEER=true

Where MAIL_EHLO_DOMAIN is the same value as your mail server's hostname.

• Messages with invalid Message-IDs can now be forwarded
• Fixed "Sender" header type

Updates

• This release has breaking changes, please see below.
• Upgrade from Laravel 8 to Laravel 9
• Swiftmailer has been deprecated so this upgrade has meant migrating over to Symfony mailer which has proved quite tricky
• Upgrade to v3 of Laravel WebAuthn (closes #298)
• PHP 8.1 is now required due to requirements of Laravel WebAuthn

Breaking Changes

• PHP v8.1 is now the minimum version required so you will need to install this on your server by running the following commands:

sudo apt install php8.1-fpm php8.1-common php8.1-mysql php8.1-dev php8.1-gmp php8.1-mbstring php8.1-dom php8.1-gd php8.1-imagick php8.1-opcache php8.1-soap php8.1-zip php8.1-cli php8.1-curl php8.1-mailparse php8.1-gnupg php8.1-redis -y

You must then update the user & group in /etc/php/8.1/fpm/pool.d/www.conf to the user that your web application is run by, in the self-hosting instructions I used a user called johndoe:

user = johndoe
group = johndoe
listen.owner = johndoe
listen.group = johndoe

Restart php8.1-fpm to reflect the changes.

sudo service php8.1-fpm restart

You will also need to update your web application's Nginx config e.g. /etc/nginx/conf.d/example.com.conf:

location ~ \.php$ {
    fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
    include fastcgi_params;
}

Changing from php8.0-fpm.sock to php8.1-fpm.sock. Then restart nginx:

sudo service nginx restart

Once you've done the above you can update the application by running the usual commands found at the end of the self-hosting instructions.

• Closed #215 and #240
• Updated data returned by API to make endpoints consistent

• Fixed #277, updated code column type from string to text.

Updates

• This release has breaking changes, please see below (It is recommended to backup your database before upgrading to this version)
• The additional_usernames table has been renamed usernames
• The main account username has been moved from the users table to the usernames table
• Any one of your usernames can now be used to login to your account

Motivation for this update

• Reduces the number of database queries for each incoming email
• Allows a user to login with any of their usernames (previously it was just the main one they signed up with)
• Allows a user to deactivate their main account username as they could with additional usernames previously
• Will allow the user to update their account's default username in the future
• Moves usernames structure to be inline with the current recipients structure

Breaking Changes

• Update required to /etc/postfix/mysql-virtual-alias-domains-and-subdomains.cf

user = anonaddy
password = your-database-password
hosts = 127.0.0.1
dbname = anonaddy_database
query = SELECT (SELECT 1 FROM usernames WHERE '%s' IN (CONCAT(username, '.example.com'))) AS usernames, (SELECT 1 FROM domains WHERE domain = '%s' AND domain_verified_at IS NOT NULL) AS domains LIMIT 1;

Notice the removal of the SELECT query for the users table and the fact that the additional_usernames table has been renamed to usernames. You can view the difference here.

• Update required to the check_access stored procedure (this can be updated from the command line sudo mysql -u root -p)

DELIMITER $$

USE `anonaddy_database`$$

DROP PROCEDURE IF EXISTS `check_access`$$

CREATE PROCEDURE `check_access`(alias_email VARCHAR(254) charset utf8)
BEGIN
    DECLARE no_alias_exists int(1);
    DECLARE alias_action varchar(30) charset utf8;
    DECLARE username_action varchar(30) charset utf8;
    DECLARE domain_action varchar(30) charset utf8;
    DECLARE alias_domain varchar(254) charset utf8;

    SET alias_domain = SUBSTRING_INDEX(alias_email, '@', -1);

    # We only want to carry out the checks if it is a full RCPT TO address without any + extension
    IF LOCATE('+',alias_email) = 0 THEN

        SET no_alias_exists = CASE WHEN NOT EXISTS(SELECT NULL FROM aliases WHERE email = alias_email) THEN 1 ELSE 0 END;

        # If there is an alias, check if it is deactivated or deleted
        IF NOT no_alias_exists THEN
            SET alias_action = (SELECT
                IF(deleted_at IS NULL,
                'DISCARD',
                'REJECT Address does not exist')
            FROM
                aliases
            WHERE
                email = alias_email
                AND (active = 0
                OR deleted_at IS NOT NULL));
        END IF;

        # If the alias is deactivated or deleted then increment its blocked count and return the alias_action
        IF alias_action IN('DISCARD','REJECT Address does not exist') THEN
            UPDATE
                aliases
            SET
                emails_blocked = emails_blocked + 1
            WHERE
                email = alias_email;

            SELECT alias_action;
        ELSE
            SELECT
            (
            SELECT
                CASE
                    WHEN no_alias_exists
                    AND catch_all = 0 THEN "REJECT Address does not exist"
                    WHEN active = 0 THEN "DISCARD"
                    ELSE NULL
                END
            FROM
                usernames
            WHERE
                alias_domain IN ( CONCAT(username, '.example.com')) ),
            (
            SELECT
                CASE
                    WHEN no_alias_exists
                    AND catch_all = 0 THEN "REJECT Address does not exist"
                    WHEN active = 0 THEN "DISCARD"
                    ELSE NULL
                END
            FROM
                domains
            WHERE
                domain = alias_domain) INTO username_action, domain_action;

            # If all actions are NULL then we can return 'DUNNO' which will prevent Postfix from trying substrings of the alias
            IF username_action IS NULL AND domain_action IS NULL THEN
                SELECT 'DUNNO';
            ELSEIF username_action IN('DISCARD','REJECT Address does not exist') THEN
                SELECT username_action;
            ELSE
                SELECT domain_action;
            END IF;
        END IF;
    ELSE
        # This means the alias must have a + extension so we will ignore it
        SELECT NULL;
    END IF;
 END$$

DELIMITER ;

Notice again the removal of the SELECT query for the users table and that the additional_usernames table has been renamed to usernames. You can view the difference here.

• Added option to allow/disallow each recipient the ability to reply/send from your aliases
• Added option in settings to generate a new backup code whilst keeping current 2FA method #231
• Added email notification when account's default recipient is updated

• Fixed webauthn config after upgrade to v2
• Added check for X-AnonAddy-Dmarc-Allow header added by Rspamd custom routine (see below)

Potentially breaking changes

If you are still running OpenDMARC / OpenDKIM and not Rspamd then this update will likely break your ability to reply/send from aliases as the above header will not be present. I recommend migrating to Rspamd if possible since it has many more features and is extremely fast.

Rspamd config update required

Please update /etc/rspamd/local.d/milter_headers.conf so that is looks like this:

use = ["authentication-results", "remove-headers", "spam-header", "add_dmarc_allow_header"];

routines {
  remove-headers {
    headers {
      "X-Spam" = 0;
      "X-Spamd-Bar" = 0;
      "X-Spam-Level" = 0;
      "X-Spam-Status" = 0;
      "X-Spam-Flag" = 0;
    }
  }
  authentication-results {
    header = "X-AnonAddy-Authentication-Results";
    remove = 0;
  }
  spam-header {
    header = "X-AnonAddy-Spam";
    value = "Yes";
    remove = 0;
  }
}

custom {
  add_dmarc_allow_header = <<EOD
return function(task, common_meta)
  if task:has_symbol('DMARC_POLICY_ALLOW') then
    return nil,
    {['X-AnonAddy-Dmarc-Allow'] = 'Yes'},
    {['X-AnonAddy-Dmarc-Allow'] = 0},
    {}
  end

  return nil,
  {},
  {['X-AnonAddy-Dmarc-Allow'] = 0},
  {}
end
EOD;
}

The custom routine we've created add_dmarc_allow_header will simply add a header to messages that have the DMARC_POLICY_ALLOW symbol present Rspamd. We will use this to only allow replies / sends from aliases that are explicity permitted by their DMARC policy, in order to prevent anyone spoofing any of your recipient's email addresses.

The previous check just for the X-AnonAddy-Spam header was not enough since many major email providers have a DMARC policy of p=none such as Gmail and Hotmail. This means there is a chance your recipient address could be spoofed.

• Upgraded laravel-webauthn to v2
• Added X-AnonAddy-Original-Reply-To-Header header on forwarded emails - the original unaltered Reply-To: header
• Added Sender header on forwarded emails - the original unaltered Sender: header
• Fixed small bug in app/Rules/VerifiedRecipientId.php

• Added new headers to forwarded messages; X-AnonAddy-Authentication-Results - this gives information on SPF, DKIM and DMARC checks for the original message. X-AnonAddy-Original-Envelope-From - the original envelope from address. X-AnonAddy-Original-From-Header - the original unaltered From: header.
• Fixed #245 by using the From: header (if available) for verification on replies/sends from aliases
• Added an email notification when an attempt is made to send/reply from an alias which fails authentication checks
• Replies/sends from aliases will now fail if they do not pass authentication checks and have the spam header added by Rspamd, this is to prevent anyone else "spoofing" one of your recipients and being able to send messages from your aliases
• Updated SELF-HOSTING.md as below

Changes required to Rspamd config files (self-hosting instructions update)

Now let's setup the handling of DMARC for incoming messages, create a new file /etc/rspamd/local.d/dmarc.conf and enter the following inside:

actions = {
  quarantine = "add_header";
  reject = "reject";
}

Here we are telling Rspamd to add a header to any message that fails DMARC checks and has a policy of p=quarantine and to reject any message that fails DMARC checks with a policy p=reject. You can change reject to "add_header"; too if you would still like to see these messages.

Next we'll configure the headers to add, create a new file /etc/rspamd/local.d/milter_headers.conf and enter the following inside:

use = ["authentication-results", "remove-headers", "spam-header"];

routines {
  remove-headers {
    headers {
      "X-Spam" = 0;
      "X-Spamd-Bar" = 0;
      "X-Spam-Level" = 0;
      "X-Spam-Status" = 0;
      "X-Spam-Flag" = 0;
    }
  }
  authentication-results {
    header = "X-AnonAddy-Authentication-Results";
    remove = 0;
  }
  spam-header {
    header = "X-AnonAddy-Spam";
    value = "Yes";
    remove = 0;
  }
}

The authentication results header will give information on whether the message passed SPF, DKIM and DMARC checks and the spam header will be added if it fails any of these.

• Upgraded to Tailwind v3
• Added sort option to aliases API endpoint
• Added active filter to aliases API endpoint

• Added alias stats to account details endpoint
• Added pagination by default to GET aliases endpoint (100 per page by default)