Merge branch 'proposal'

2 files changed, 242 insertions, 43 deletions

diff --git a/tutors/email/index.php b/tutors/email/index.php
index 08139e1..1a100b3 100644
--- a/tutors/email/index.php
+++ b/tutors/email/index.php
@@ -1,64 +1,165 @@
 <?php include('../../header.php'); ?>
+
 <section class="banner">
-	<h1>Email Setup</h1>
+	<h1>Email setup</h1>
 </section>
 
 <section class="quiet flexible">
 	<div>
 		<p>
-			This guide is for Gmail users only. While most of this guide will also be applicable to other mail providers, additional steps may be required.
+			Every tutor is expected to use a <em>@carpentertutoring.com</em> email address to facilitate client communication. This guide will walk you through setting up your email from scratch and configuring your mail client to use it.
 		</p>
 
-		<h2>Receiving Mail</h2>
-
 		<p>
-			Once your <a href="/">carpentertutoring.com</a> email address is created, you will receive a verification email. In order to receive mail in your personal address from this alias, you will have to click the confirmation link in the verification email. Once complete, you can start receiving mail immediately.
+			You have two options for using your new email address. The first is <em>standalone</em> which allows you to use the mail client of your choice to send and receive mail. Some popular desktop clients are Apple's Mail app, Mozilla Thunderbird, and Microsoft Outlook. Popular mobile mail clients include the iOS Mail app and K-9 Mail for Android. Your mailbox will remain on the Carpenter Tutoring mail server and in no way interact with any personal or private mail accounts you have on other systems.
 		</p>
 
-		<h2>Sending Mail</h2>
-
-		<p>
-			Sending mail from your <a href="/">carpentertutoring.com</a> address requires a small amount of setup.
-		</p>
-
-		<h3>App Password</h3>
-
 		<p>
-			Google 2-Step Verification requires you to first generate an App Password for your personal Gmail account. Note that <em>you must have 2-Step Verification turned on for your account in order to forward sent mail to your Carpenter Tutoring alias</em>. You can verify whether you have 2-Step Verification turned on for your Google account by <a href="https://myaccount.google.com/signinoptions/two-step-verification">visiting this link to your Google account settings</a>. If 2-Step Verification is turned off, turn it on and proceed with the following steps.
+			Your second choice is <em>forwarding</em>, where all of your Carpenter Tutoring mail will forward to a personal email address of your choice. Your personal email provider will need to be configured to send mail as your Carpenter Tutoring address for any client communication. The amount of setup is the same, but this method allows you to use a client such as <em>GMail</em> for managing mail.
 		</p>
 
 		<p>
-		<ol>
-			<li>On your computer, open <a href="https://myaccount.google.com/apppasswords" target="_blank">App Passwords</a>.</li>
-			<li>In the bottom of the window, click <em>Select app</em> and choose <em>Mail</em> from the list.</li>
-			<li>Click <em>Select device</em> and choose <em>Other...</em> and enter "Carpenter Tutoring" in the box.</li>
-			<li>Click <em>Generate</em>. You will see 16 letters and numbers in a yellow box. Copy this or write it down for the next step.</li>
-			<li>Click <em>Done</em>. Keep in mind you will not be able to see the App Password anymore. If you forget it before the next step, you will have to create a new one.</li>
-		</ol>
+			Remember you can change your decision anytime. See "Getting help" below.
 		</p>
 
-		<p>
-
-		<h3>Mail forwarding</h3>
-
-		<ol>
-			<li>On your computer, open <a href="https://mail.google.com" target="_blank">Gmail</a>.</li>
-			<li>In the top right, click settings (⚙️) and then <em>See all settings</em>.</li>
-			<li>Click the <em>Accounts and import</em> or <em>Accounts</em> tab.</li>
-			<li>In the "Send mail as" section, click <em>Add another email address</em>.</li>
-			<li>Enter your name and the address you want to send from. This will be your <a href="/">carpentertutoring.com</a> address. Leave the "Treat as an alias" box checked.</li>
-			<li>Click <em>Next Step</em>.</li>
-			<li>For the "SMTP server" enter <em>smtp.gmail.com</em>. Select <em>465</em> for the port.</li>
-			<li>For the username and password you will enter your personal Gmail address (with "@gmail.com" suffix) and the App Password you generated in the previous step.</li>
-			<li>Check "Secured connection using SSL (recommended)" and click <em>Add Account</em>.</li>
-			<li>Return to the "Send mail as" section on the settings page and look for "When replying to a message." Check "Reply from the same address the message was sent to." This will ensure you respond to tutoring inquiries with your Carpenter Tutoring address and personal mail with your Gmail address.</li>
-		</ol>
-
-		</p>
-
-		<p>Now you should be able to immediately send mail as your Carpenter Tutoring alias. To test this, compose a new message an check the "From" box. You should see a menu there where you can choose which address to send mail from.</p>
-
-		<p>Thank you for being a part of Carpenter Tutoring!</p>
+		<?php
+		if (empty($_POST['password'])) {
+		?>
+			<h2>Create a mail account</h2>
+			<form method="post" action="/tutors/email/index.php#submit">
+				<label for="name">Your full name
+					<input type="text" name="name" placeholder="Amy Carpenter" required />
+				</label>
+
+				<label for="password">Your new Carpenter Tutoring email password
+					<input type="password" name="password" minlength="8" placeholder="8 character minimum" required />
+				</label>
+
+				<label for="forward">Personal email address for forwarding
+					<input type="email" name="forward" placeholder="leave blank to use a standalone mail client" />
+				</label>
+
+				<button type="submit" class="button" alt="submit">Set me up</button>
+			</form>
+		<?
+		}
+		?>
+
+		<?php
+		if (!empty($_POST['password']) && !empty($_POST['name'])) {
+			// encrypt email and add to logins queue
+			$descriptorspec = array(
+				0 => array('pipe', 'r'),
+				1 => array('file', '/var/ct_logins', 'a'),
+				2 => array('file', '/var/log/ct_mail_submit.log', 'a')
+			);
+			$process = proc_open('smtpctl encrypt', $descriptorspec, $pipes);
+			fwrite($pipes[0], $_POST['password']);
+			fclose($pipes[0]);
+
+			// include name and generated email in logins queue
+			$logins_queue = fopen('/var/ct_logins', 'a');
+			fprintf($logins_queue, '\n%s\n', $_POST['name']);
+
+			$names = explode(' ', strtolower($_POST['name']));
+
+			$last = $names[1][0];
+			$first = $names[0];
+			$email = "$first$last@carpentertutoring.com";
+			fprintf($logins_queue, '%s\n\n', $email);
+
+			// close queue
+			fclose($logins_queue);
+		?>
+			<h2 id="submit">Configuring your mail client</h2>
+
+			Thank you! Now we're setting up your mailbox. Once it's ready you may begin configuring your mail client based on the method you chose above. If you're unable to complete the below steps due to authentication issues, please wait 24 hours and try again. If you have questions or difficulty, see "Getting help" below.
+
+			<?php
+			if (empty($_POST['forward'])) {
+			?>
+				<h3>Standalone mail</h3>
+
+				<p>
+					Instructions for configuring a mail client vary somewhat based on the application. Regardless of the client you choose, the "Connection details" below will be the same. Save them for future use, or in case your <em>@carpentertutoring.com</em> address isn't ready yet.
+				</p>
+
+				<p>
+				<ul>
+					<li><a href="https://support.apple.com/en-us/HT201320">iOS Mail app</a></li>
+					<li><a href="https://support.microsoft.com/en-us/office/set-up-email-in-the-mail-app-7ff79e8b-439b-4b47-8ff9-3f9a33166c60">Mail app for Windows 10 or Windows 11</a></li>
+					<li><a href="https://support.mozilla.org/en-US/kb/manual-account-configuration">Mozilla Thunderbird</a></li>
+				</ul>
+				</p>
+
+				<h3>Connection details</h2>
+					<p>
+						Note that if you already have an email address which we've communicated to you, use that instead of the one provided below as your username.
+					</p>
+
+					<pre>
+SMTP server: mail.53hor.net
+Connection security: STARTTLS
+Authentication method: normal password
+SMTP port: 587
+SMTP password: (use the password you just submitted)
+SMTP username: <?php printf('%s', $email) ?>
+
+
+IMAP server: mail.53hor.net
+Connection security: STARTTLS
+Authentication method: normal password
+IMAP port: 143
+IMAP password: (use the password you just submitted)
+IMAP username: <?php printf('%s', $email) ?>
+</pre>
+				<?php
+			} else {
+				?>
+					<h3>Gmail forwarding</h3>
+
+					<p>
+						Once your <em>@carpentertutoring.com</em> email address is created, you will begin receiving forwarded email in your Gmail inbox. Sending mail from your <em>@carpentertutoring.com</em> address via Gmail requires a small amount of setup.
+					</p>
+
+					<p>
+
+					<ol>
+						<li>On your computer, open <a href="https://mail.google.com" target="_blank">Gmail</a>.</li>
+						<li>In the top right, click settings (⚙️) and then <em>See all settings</em>.</li>
+						<li>Click the <em>Accounts and import</em> or <em>Accounts</em> tab.</li>
+						<li>In the "Send mail as" section, click <em>Add another email address</em>.</li>
+						<li>Enter your name and the address you want to send from. This will be your <em>@carpentertutoring.com</em> address. Leave the "Treat as an alias" box checked.</li>
+						<li>Click <em>Next Step</em>.</li>
+						<li>For the "SMTP server" enter <em>mail.53hor.net</em>. Select <em>587</em> for the port.</li>
+						<li>For the username and password you will enter your new Carpenter Tutoring address (with "@carpentertutoring.com" suffix) and the password you submitted in the previous step.</li>
+						<li>Check "Secured connection using TLS (recommended)" and click <em>Add Account</em>.</li>
+						<li>Gmail will prompt you to verify your new address. You should receive a confirmation code in your inbox, forwarded from your <em>@carpentertutoring.com</em> address. Use it to complete the alias setup.</li>
+						<li>Return to the "Send mail as" section on the settings page and look for "When replying to a message." Check "Reply from the same address the message was sent to." This will ensure you respond to tutoring inquiries with your Carpenter Tutoring address and personal mail with your Gmail address.</li>
+
+					</ol>
+					</p>
+
+					<h3>Other webmail clients</h3>
+
+					<p>
+						Setup instructions for other popular webmail clients are largely the same. The configuration options for IMAP and SMTP should be identical. Below is a list of setup instructions for common providers.
+					</p>
+					<p>
+					<ul>
+						<li><a href="https://support.microsoft.com/en-gb/office/add-or-remove-an-email-alias-in-outlook-com-459b1989-356d-40fa-a689-8f285b13f1f2">Outlook.com (MS Hotmail)</a></li>
+						<li><a href="https://support.apple.com/guide/icloud/add-and-manage-email-aliases-mm6b1a490a/icloud">iCloud.com (Apple iCloud)</a></li>
+
+					</ul>
+					</p>
+			<?php
+			}
+		}
+			?>
+			<h2>Getting help</h2>
+			<p>
+				If you encounter difficulty or have questions throughout any part of this process, please reach out to <a href="webmaster@carpentertutoring.com">webmaster@carpentertutoring.com</a> and we'll get in touch to help.
+			</p>
 	</div>
 
 </section>
diff --git a/tutors/email/proposal.php b/tutors/email/proposal.php
new file mode 100644
index 0000000..84d7daf
--- /dev/null
+++ b/tutors/email/proposal.php
@@ -0,0 +1,98 @@
+<?php include('../../header.php'); ?>
+<section class="banner">
+	<h1>Migrate from Google Domains to Porkbun w/self-hosted email</h1>
+</section>
+
+<section class="quiet flexible">
+	<div>
+		<p>
+			This proposal documents migrating the Carpenter Tutoring domain name and email forwarding structure away from Google Domains to a dual Porkbun and self-hosted structure.
+		</p>
+
+		<h2>Impetus</h2>
+
+		<p>
+			Google is selling off Google Domains to Squarespace at an undisclosed date. This was announced 2023-06-05 and is <a href="https://support.google.com/domains/answer/13689670">documented here</a>.
+			Google Domains provided the following key features for Carpenter Tutoring:
+
+		<ol>
+			<li>A domain registrar, mapping carpentertutoring.com to an IP address. This allowed us to serve both the company homepage and cloud storage (Nextcloud) applications to clients and tutors.</li>
+			<li>Free mail forwarding, allowing every new tutor to have a @carpentertutoring.com email address with which they can send mail to and receive mail from clients.</li>
+			<li>DNS controls to automate certificate renewal, providing both the homepage and Nextcloud instance with TLS.</li>
+			<li>Close integration with Google Business Profile, the primary non-homepage web presence for Carpenter Tutoring.</li>
+		</ol>
+		</p>
+
+		<p>
+			These services are critical to the operation of Carpenter Tutoring and therefore must be replaced with the next best substitute as soon as possible. Their replacement must continue to be resilient and protected against change to minimise rework. This is especially important given the growing number of independent contractors joining Carpenter Tutoring in the past three months.
+		</p>
+
+		<h2>Existing costs</h2>
+
+		<p>
+			All Google Domains services are available for $12.00 per year for Carpenter Tutoring. The homepage and Nextcloud are self-hosted for the cost of electricity and maintenance by Carpenter Tutoring itself. For the purposes of this document, those costs are negligible.
+		</p>
+
+		<h2>Path of no action</h2>
+
+		<p>
+			If no action is taken, the carpentertutoring.com domain will be transferred to Squarespace. Google promises no interruption of service as a result of the migration. Squarespace assures users that their existing registrations will be financially covered for the remainder of their registration period. Since carpentertutoring.com renews in January each year, the business would pay nothing to be migrated to Squarespace until January.
+		</p>
+
+		<p>
+			Ironically, Squarespace provides email forwarding features for small businesses <a href="https://www.squarespace.com/professional-email">by reselling Google Workspace</a>. The cost of Google Workspace mail accounts for all tutors is prohibitive for Carpenter Tutoring and will not be considered. This means Squarespace does not offer a low-cost or free mail delivery service for independent contractors.
+		</p>
+
+		<p>
+			Squarespace, being more than a domain registrar, <a href="https://www.squarespace.com/pricing">offers bundle plans</a> with website builders, custom domains, product inventory and checkout carts, and SEO tools. The majority of these tools offer no immediate or near future value to Carpenter Tutoring, and would therefore be an upsell on the essential services Carpenter Tutoring needs today.
+		</p>
+
+		<p>
+			For these reasons, Squarespace cannot be considered a viable alternative to Google Domains. A third-party replacement is required to maintain existing operability and costs.
+		</p>
+
+		<h2>Path of equivalent cost and minimal functionality</h2>
+
+		<p>
+			Porkbun also offers one-way email forwarding for $3.00 per address per year. For ten tutors this would be $30.00 billed annually and does not account for domain registration costs. While much more affordable, it is critical for tutors to be able to send mail to clients as well as receive it. Therefore this is not an option.
+		</p>
+
+		<h2>Path of higher cost and equivalent functionality</h2>
+
+		<p>
+			To quickly get set up and running again with little operational overhead, Porkbun offers mail hosting for $2.00 per month per inbox. For ten tutors this would be $240.00 billed annually and does not take into account the domain registration costs. Every tutor would receive a dedicated webmail interface and be able to configure two-way forwarding just like they had previously. As the number of tutors grows, this starts to become less cost-effective compared to other options.
+		</p>
+
+		<h2>Path of low cost and increased functionality</h2>
+
+		<p>
+			The optimal solution that provides the lowest cost and the highest comparable functionality is transferring domains only to Porkbun and implementing self-hosted email on the Carpenter Tutoring web server. This will provide a virtually unlimited number of tutors with a virtual unlimited capacity mailbox each. It also provides Carpenter Tutoring with greater control over company data and communications. Additional forwarding addresses can be constructed for information "blurb"s or mailing lists.
+		</p>
+
+		<p>
+			The cost of this solution is the accounted for domain registration fee ($9.73 renewal, $11.48 one-time transfer). The operating cost of the mail server is the electricity powering the existing homepage and Nextcloud instance.
+		</p>
+
+		<h2>Architecture</h2>
+
+		<p>
+			Here is a rough architectural overview.
+			Porkbun registers the domain name and DNS configuration pointing MX records to MTA mail.53hor.net. At mail.53hor.net are an SMTP server and an IMAP server. Every tutor gets a virtual user and mailbox and the appropriate configuration to use any mail client of their choice.
+		</p>
+
+		<p>
+			Spam filters prevent unwarranted and unwanted messages from arriving on all tutors' inboxes. Common rules can be set up to redirect known spam away from inboxes and into junk for all tutors. Additionally, DKIM is configured to make sure mail is delivered to major tech mail providers (Google, Microsoft, Apple) who require it.
+		</p>
+
+		<h2>Implementation</h2>
+
+		<p>OpenSMTPD is used as an MTA, sending mail and running the necessary actions on incoming and outgoing mail requests. Dovecot exists as an IMAP virtual mailbox for tutors to authenticate with and check mail. Rspamd is a spam filter integrating with Dovecot.
+		</p>
+
+		<p>Useful starting information <a href="https://www.davd.io/tags/mail/">here</a>.</p>
+
+	</div>
+
+</section>
+
+<?php include('../../footer.php'); ?>