2018-10-18 15:57:43 +02:00
|
|
|
import os
|
2019-05-06 15:14:00 +02:00
|
|
|
|
2021-02-22 22:15:25 +02:00
|
|
|
from datetime import timedelta
|
2019-05-06 15:14:00 +02:00
|
|
|
from socrate import system
|
2021-10-16 16:06:13 +02:00
|
|
|
import ipaddress
|
2018-10-18 15:57:43 +02:00
|
|
|
|
|
|
|
|
DEFAULT_CONFIG = {
|
|
|
|
|
# Specific to the admin UI
|
|
|
|
|
'DOCKER_SOCKET': 'unix:///var/run/docker.sock',
|
|
|
|
|
'BABEL_DEFAULT_LOCALE': 'en',
|
|
|
|
|
'BABEL_DEFAULT_TIMEZONE': 'UTC',
|
|
|
|
|
'BOOTSTRAP_SERVE_LOCAL': True,
|
2019-08-23 00:29:00 +02:00
|
|
|
'RATELIMIT_STORAGE_URL': '',
|
2018-10-18 15:57:43 +02:00
|
|
|
'DEBUG': False,
|
2022-11-04 16:15:19 +02:00
|
|
|
'DEBUG_PROFILER': False,
|
2022-11-14 18:38:10 +02:00
|
|
|
'DEBUG_TB_INTERCEPT_REDIRECTS': False,
|
2022-11-04 16:15:19 +02:00
|
|
|
'DEBUG_ASSETS': '',
|
2018-10-18 15:57:43 +02:00
|
|
|
'DOMAIN_REGISTRATION': False,
|
2018-10-18 17:55:07 +02:00
|
|
|
'TEMPLATES_AUTO_RELOAD': True,
|
2021-04-04 14:35:31 +02:00
|
|
|
'MEMORY_SESSIONS': False,
|
2022-11-16 14:12:04 +02:00
|
|
|
'FETCHMAIL_ENABLED': False,
|
2018-11-14 14:58:54 +02:00
|
|
|
# Database settings
|
2018-12-10 16:30:53 +02:00
|
|
|
'DB_FLAVOR': None,
|
2018-11-14 14:58:54 +02:00
|
|
|
'DB_USER': 'mailu',
|
2018-12-10 16:30:53 +02:00
|
|
|
'DB_PW': None,
|
|
|
|
|
'DB_HOST': 'database',
|
2018-11-14 14:58:54 +02:00
|
|
|
'DB_NAME': 'mailu',
|
2022-10-20 13:41:35 +02:00
|
|
|
'SQLITE_DATABASE_FILE': 'data/main.db',
|
2019-01-17 15:58:47 +02:00
|
|
|
'SQLALCHEMY_DATABASE_URI': 'sqlite:////data/main.db',
|
2018-11-14 14:58:54 +02:00
|
|
|
'SQLALCHEMY_TRACK_MODIFICATIONS': False,
|
2018-10-18 15:57:43 +02:00
|
|
|
# Statistics management
|
|
|
|
|
'INSTANCE_ID_PATH': '/data/instance',
|
2021-12-29 16:40:45 +02:00
|
|
|
'STATS_ENDPOINT': '19.{}.stats.mailu.io',
|
2018-10-18 15:57:43 +02:00
|
|
|
# Common configuration variables
|
|
|
|
|
'SECRET_KEY': 'changeMe',
|
|
|
|
|
'DOMAIN': 'mailu.io',
|
|
|
|
|
'HOSTNAMES': 'mail.mailu.io,alternative.mailu.io,yetanother.mailu.io',
|
|
|
|
|
'POSTMASTER': 'postmaster',
|
2021-08-02 19:18:42 +02:00
|
|
|
'WILDCARD_SENDERS': '',
|
2018-10-18 15:57:43 +02:00
|
|
|
'TLS_FLAVOR': 'cert',
|
2020-09-01 21:48:09 +02:00
|
|
|
'INBOUND_TLS_ENFORCE': False,
|
2021-08-31 20:44:57 +02:00
|
|
|
'DEFER_ON_TLS_ERROR': True,
|
2021-09-24 09:57:28 +02:00
|
|
|
'AUTH_RATELIMIT_IP': '60/hour',
|
2021-09-23 18:40:49 +02:00
|
|
|
'AUTH_RATELIMIT_IP_V4_MASK': 24,
|
|
|
|
|
'AUTH_RATELIMIT_IP_V6_MASK': 56,
|
|
|
|
|
'AUTH_RATELIMIT_USER': '100/day',
|
2021-10-16 10:26:38 +02:00
|
|
|
'AUTH_RATELIMIT_EXEMPTION': '',
|
2021-09-23 18:40:49 +02:00
|
|
|
'AUTH_RATELIMIT_EXEMPTION_LENGTH': 86400,
|
2019-01-13 11:17:38 +02:00
|
|
|
'DISABLE_STATISTICS': False,
|
2018-10-18 15:57:43 +02:00
|
|
|
# Mail settings
|
|
|
|
|
'DMARC_RUA': None,
|
|
|
|
|
'DMARC_RUF': None,
|
2019-01-13 11:17:38 +02:00
|
|
|
'WELCOME': False,
|
2018-10-18 15:57:43 +02:00
|
|
|
'WELCOME_SUBJECT': 'Dummy welcome topic',
|
|
|
|
|
'WELCOME_BODY': 'Dummy welcome body',
|
|
|
|
|
'DKIM_SELECTOR': 'dkim',
|
|
|
|
|
'DKIM_PATH': '/dkim/{domain}.{selector}.key',
|
|
|
|
|
'DEFAULT_QUOTA': 1000000000,
|
2021-08-18 17:01:10 +02:00
|
|
|
'MESSAGE_RATELIMIT': '200/day',
|
2021-11-06 11:05:52 +02:00
|
|
|
'MESSAGE_RATELIMIT_EXEMPTION': '',
|
2021-10-09 18:28:50 +02:00
|
|
|
'RECIPIENT_DELIMITER': '',
|
2018-10-18 15:57:43 +02:00
|
|
|
# Web settings
|
|
|
|
|
'SITENAME': 'Mailu',
|
|
|
|
|
'WEBSITE': 'https://mailu.io',
|
2022-10-20 13:41:35 +02:00
|
|
|
'ADMIN': 'none',
|
2018-10-18 15:57:43 +02:00
|
|
|
'WEB_ADMIN': '/admin',
|
|
|
|
|
'WEB_WEBMAIL': '/webmail',
|
2019-02-13 11:48:32 +02:00
|
|
|
'WEBMAIL': 'none',
|
2018-10-18 15:57:43 +02:00
|
|
|
'RECAPTCHA_PUBLIC_KEY': '',
|
|
|
|
|
'RECAPTCHA_PRIVATE_KEY': '',
|
2021-09-06 09:08:51 +02:00
|
|
|
'LOGO_URL': None,
|
|
|
|
|
'LOGO_BACKGROUND': None,
|
2018-10-18 15:57:43 +02:00
|
|
|
# Advanced settings
|
2019-02-15 15:37:55 +02:00
|
|
|
'LOG_LEVEL': 'WARNING',
|
2021-04-04 14:35:31 +02:00
|
|
|
'SESSION_KEY_BITS': 128,
|
2021-12-19 21:52:51 +02:00
|
|
|
'SESSION_TIMEOUT': 3600,
|
|
|
|
|
'PERMANENT_SESSION_LIFETIME': 30*24*3600,
|
2022-11-15 13:47:38 +02:00
|
|
|
'SESSION_COOKIE_SECURE': None,
|
2021-02-09 09:56:06 +02:00
|
|
|
'CREDENTIAL_ROUNDS': 12,
|
2022-09-12 12:53:57 +02:00
|
|
|
'TLS_PERMISSIVE': True,
|
2021-11-05 15:44:12 +02:00
|
|
|
'TZ': 'Etc/UTC',
|
2022-06-08 17:13:38 +02:00
|
|
|
'DEFAULT_SPAM_THRESHOLD': 80,
|
2022-11-19 18:59:31 +02:00
|
|
|
'PROXY_AUTH_WHITELIST': '',
|
|
|
|
|
'PROXY_AUTH_HEADER': 'X-Auth-Email',
|
|
|
|
|
'PROXY_AUTH_CREATE': False,
|
2018-10-18 15:57:43 +02:00
|
|
|
# Host settings
|
|
|
|
|
'HOST_IMAP': 'imap',
|
2019-02-15 16:49:56 +02:00
|
|
|
'HOST_LMTP': 'imap:2525',
|
2018-10-18 15:57:43 +02:00
|
|
|
'HOST_POP3': 'imap',
|
|
|
|
|
'HOST_SMTP': 'smtp',
|
2019-02-15 16:49:56 +02:00
|
|
|
'HOST_AUTHSMTP': 'smtp',
|
|
|
|
|
'HOST_ADMIN': 'admin',
|
2018-10-18 15:57:43 +02:00
|
|
|
'HOST_WEBMAIL': 'webmail',
|
2019-02-15 16:49:56 +02:00
|
|
|
'HOST_WEBDAV': 'webdav:5232',
|
2019-02-15 15:37:55 +02:00
|
|
|
'HOST_REDIS': 'redis',
|
2019-02-15 16:49:56 +02:00
|
|
|
'HOST_FRONT': 'front',
|
2018-12-03 03:16:53 +02:00
|
|
|
'SUBNET': '192.168.203.0/24',
|
2022-09-01 15:08:26 +02:00
|
|
|
'SUBNET6': None
|
2018-10-18 15:57:43 +02:00
|
|
|
}
|
|
|
|
|
|
2021-11-03 23:21:26 +02:00
|
|
|
class ConfigManager:
|
2018-10-18 15:57:43 +02:00
|
|
|
""" Naive configuration manager that uses environment only
|
|
|
|
|
"""
|
|
|
|
|
|
2018-12-10 16:30:53 +02:00
|
|
|
DB_TEMPLATES = {
|
2019-01-17 08:32:12 +02:00
|
|
|
'sqlite': 'sqlite:////{SQLITE_DATABASE_FILE}',
|
2018-12-10 16:30:53 +02:00
|
|
|
'postgresql': 'postgresql://{DB_USER}:{DB_PW}@{DB_HOST}/{DB_NAME}',
|
2022-08-30 14:26:10 +02:00
|
|
|
'mysql': 'mysql+mysqlconnector://{DB_USER}:{DB_PW}@{DB_HOST}/{DB_NAME}'
|
2018-12-10 16:30:53 +02:00
|
|
|
}
|
|
|
|
|
|
2018-10-18 15:57:43 +02:00
|
|
|
def __init__(self):
|
2018-10-18 17:55:07 +02:00
|
|
|
self.config = dict()
|
|
|
|
|
|
2019-08-23 08:43:59 +02:00
|
|
|
def get_host_address(self, name):
|
|
|
|
|
# if MYSERVICE_ADDRESS is defined, use this
|
2021-11-03 23:21:26 +02:00
|
|
|
if f'{name}_ADDRESS' in os.environ:
|
|
|
|
|
return os.environ.get(f'{name}_ADDRESS')
|
2019-08-23 08:43:59 +02:00
|
|
|
# otherwise use the host name and resolve it
|
2021-11-03 23:21:26 +02:00
|
|
|
return system.resolve_address(self.config[f'HOST_{name}'])
|
2019-08-23 08:43:59 +02:00
|
|
|
|
|
|
|
|
def resolve_hosts(self):
|
2021-11-03 23:21:26 +02:00
|
|
|
for key in ['IMAP', 'POP3', 'AUTHSMTP', 'SMTP', 'REDIS']:
|
|
|
|
|
self.config[f'{key}_ADDRESS'] = self.get_host_address(key)
|
|
|
|
|
if self.config['WEBMAIL'] != 'none':
|
|
|
|
|
self.config['WEBMAIL_ADDRESS'] = self.get_host_address('WEBMAIL')
|
2019-01-25 13:28:24 +02:00
|
|
|
|
2020-08-30 01:04:36 +02:00
|
|
|
def __get_env(self, key, value):
|
|
|
|
|
key_file = key + "_FILE"
|
|
|
|
|
if key_file in os.environ:
|
|
|
|
|
with open(os.environ.get(key_file)) as file:
|
|
|
|
|
value_from_file = file.read()
|
|
|
|
|
return value_from_file.strip()
|
|
|
|
|
else:
|
|
|
|
|
return os.environ.get(key, value)
|
|
|
|
|
|
2019-01-13 11:17:38 +02:00
|
|
|
def __coerce_value(self, value):
|
|
|
|
|
if isinstance(value, str) and value.lower() in ('true','yes'):
|
|
|
|
|
return True
|
|
|
|
|
elif isinstance(value, str) and value.lower() in ('false', 'no'):
|
|
|
|
|
return False
|
|
|
|
|
return value
|
|
|
|
|
|
2018-10-18 17:55:07 +02:00
|
|
|
def init_app(self, app):
|
2021-11-03 23:21:26 +02:00
|
|
|
# get current app config
|
2018-10-18 17:55:07 +02:00
|
|
|
self.config.update(app.config)
|
2018-12-10 16:30:53 +02:00
|
|
|
# get environment variables
|
2018-10-18 17:55:07 +02:00
|
|
|
self.config.update({
|
2020-08-30 01:04:36 +02:00
|
|
|
key: self.__coerce_value(self.__get_env(key, value))
|
2018-10-18 15:57:43 +02:00
|
|
|
for key, value in DEFAULT_CONFIG.items()
|
2018-10-18 17:55:07 +02:00
|
|
|
})
|
2019-08-23 08:43:59 +02:00
|
|
|
self.resolve_hosts()
|
2019-01-13 11:17:38 +02:00
|
|
|
|
2018-12-10 16:30:53 +02:00
|
|
|
# automatically set the sqlalchemy string
|
|
|
|
|
if self.config['DB_FLAVOR']:
|
|
|
|
|
template = self.DB_TEMPLATES[self.config['DB_FLAVOR']]
|
|
|
|
|
self.config['SQLALCHEMY_DATABASE_URI'] = template.format(**self.config)
|
2019-02-15 16:07:23 +02:00
|
|
|
|
2022-11-04 19:54:59 +02:00
|
|
|
if not self.config.get('RATELIMIT_STORAGE_URL'):
|
|
|
|
|
self.config['RATELIMIT_STORAGE_URL'] = f'redis://{self.config["REDIS_ADDRESS"]}/2'
|
2022-11-04 23:20:08 +02:00
|
|
|
|
2021-11-03 23:21:26 +02:00
|
|
|
self.config['SESSION_STORAGE_URL'] = f'redis://{self.config["REDIS_ADDRESS"]}/3'
|
2021-02-18 13:31:45 +02:00
|
|
|
self.config['SESSION_COOKIE_SAMESITE'] = 'Strict'
|
|
|
|
|
self.config['SESSION_COOKIE_HTTPONLY'] = True
|
2022-11-15 13:47:38 +02:00
|
|
|
if self.config['SESSION_COOKIE_SECURE'] is None:
|
|
|
|
|
self.config['SESSION_COOKIE_SECURE'] = self.config['TLS_FLAVOR'] != 'notls'
|
2021-12-19 21:52:51 +02:00
|
|
|
self.config['SESSION_PERMANENT'] = True
|
2021-12-21 10:50:01 +02:00
|
|
|
self.config['SESSION_TIMEOUT'] = int(self.config['SESSION_TIMEOUT'])
|
|
|
|
|
self.config['PERMANENT_SESSION_LIFETIME'] = int(self.config['PERMANENT_SESSION_LIFETIME'])
|
|
|
|
|
self.config['AUTH_RATELIMIT_IP_V4_MASK'] = int(self.config['AUTH_RATELIMIT_IP_V4_MASK'])
|
|
|
|
|
self.config['AUTH_RATELIMIT_IP_V6_MASK'] = int(self.config['AUTH_RATELIMIT_IP_V6_MASK'])
|
2021-10-16 17:24:12 +02:00
|
|
|
self.config['AUTH_RATELIMIT_EXEMPTION'] = set(ipaddress.ip_network(cidr, False) for cidr in (cidr.strip() for cidr in self.config['AUTH_RATELIMIT_EXEMPTION'].split(',')) if cidr)
|
2021-11-08 10:23:24 +02:00
|
|
|
self.config['MESSAGE_RATELIMIT_EXEMPTION'] = set([s for s in self.config['MESSAGE_RATELIMIT_EXEMPTION'].lower().replace(' ', '').split(',') if s])
|
2022-11-04 23:20:08 +02:00
|
|
|
hostnames = [host.strip() for host in self.config['HOSTNAMES'].split(',')]
|
2021-09-09 11:58:27 +02:00
|
|
|
self.config['HOSTNAMES'] = ','.join(hostnames)
|
|
|
|
|
self.config['HOSTNAME'] = hostnames[0]
|
2022-06-08 17:13:38 +02:00
|
|
|
self.config['DEFAULT_SPAM_THRESHOLD'] = int(self.config['DEFAULT_SPAM_THRESHOLD'])
|
2022-11-19 18:59:31 +02:00
|
|
|
self.config['PROXY_AUTH_WHITELIST'] = set(ipaddress.ip_network(cidr, False) for cidr in (cidr.strip() for cidr in self.config['PROXY_AUTH_WHITELIST'].split(',')) if cidr)
|
2018-10-18 17:55:07 +02:00
|
|
|
|
2021-11-03 23:21:26 +02:00
|
|
|
# update the app config
|
|
|
|
|
app.config.update(self.config)
|
2018-10-18 15:57:43 +02:00
|
|
|
|
