self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-02 09:02:08 +02:00
Code Issues Releases Activity

Run aspell

Browse Source
This commit is contained in:
Florent Daigniere 2023-10-20 09:20:30 +02:00
parent efcf7a1581
commit af511308c9
16 changed files with 35 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -17,7 +17,7 @@ Features
Main features include:
- **Standard email server**, IMAP and IMAP+, SMTP and Submission with autoconfiguration profiles for clients
- **Standard email server**, IMAP and IMAP+, SMTP and Submission with auto-configuration profiles for clients
- **Advanced email features**, aliases, domain aliases, custom routing, full-text search of email attachments
- **Web access**, multiple Webmails and administration interface
- **User features**, aliases, auto-reply, auto-forward, fetched accounts, managesieve

2
core/admin/mailu/ui/templates/client.html
View File

@ -60,6 +60,6 @@
{%- endcall %}
<blockquote>
{% trans %}If you use an Apple device,{% endtrans %}
<a href="/apple.mobileconfig">{% trans %}click here to autoconfigure it.{% endtrans %}</a>
<a href="/apple.mobileconfig">{% trans %}click here to auto-configure it.{% endtrans %}</a>
</blockquote>
{%- endblock %}

6
docs/antispam.rst
View File

@ -33,7 +33,7 @@ Rspamd rejects non-compliant email messages and email messages that contain viru
* In the administration web interface, under settings under Antispam 'Enable spam filter' must be ticked. If this option is disabled, then all email messages will automatically go to the inbox folder. Except for email messages with a score of 15 or higher, as these email messages are rejected by Rspamd.
* In the administration web interface, under settings under Antispam, the user defined spam filter tolerance must be configured. The default value is 80%. The lower the spam filter tolerance, the more false positives (ham classified as spam). The user can change this setting to finetune when an email message is classified as spam.
* In the administration web interface, under settings under Antispam, the user defined spam filter tolerance must be configured. The default value is 80%. The lower the spam filter tolerance, the more false positives (ham classified as spam). The user can change this setting to fine-tune when an email message is classified as spam.
* Dovecot extracts the X-Spam-Level email header from the email message and converts the spam score (0 - 15) to a 0 - 100 percent scale. This spam score is compared with the user defined spam filter tolerance. If the spam score is lower than the user defined spam filter tolerance, then the email message is accepted. In logic:
@ -110,7 +110,7 @@ The following steps have to be taken to configure an additional symbol (rule) th
* no action: allow message. The email message will be allowed without a spam score being added in the mail header. This can be used for creating a whitelist filter.
* soft reject: temporarily delay message (this is used, for instance, to greylist or ratelimit messages)
* soft reject: temporarily delay message (this is used, for instance, to greylist or rate-limit messages)
To move an email message to the Junk (Spam) folder, a score of 15 can be used in combination with the action "add header".
The above example configuration will reject all emails send from domains that are listed in '/etc/rspamd/override.d/blacklist.inc'.
@ -158,7 +158,7 @@ For more information on using the multimap filter see the official `multimap doc
Can I change the list of authorized file attachments?
-----------------------------------------------------
Mailu rejects emails with file attachements it deems to be "executable" or otherwise dangerous. If you would like to tweak the block list, you can do so using the following commands:
Mailu rejects emails with file attachments it deems to be "executable" or otherwise dangerous. If you would like to tweak the block list, you can do so using the following commands:
.. code-block:: bash

4
docs/compose/requirements.rst
View File

@ -43,7 +43,7 @@ make sure that you either:
- setup a root *ext4* partition,
- or setup a root *btrfs* partition,
- or leave enough unpartitionned space for a dedicated *ext4* or *btrfs*
- or leave enough unpartitioned space for a dedicated *ext4* or *btrfs*
partition.
If you chose to create a dedicated partition, simply mount it to
@ -74,7 +74,7 @@ default Debian install:
apt-get autoremove --purge exim4 exim4-base
Finally, Docker relies heavily on ``iptables`` for port forwardings. You
Finally, Docker relies heavily on ``iptables`` for port forwarding. You
should use ``iptables-persistent`` (or any equivalent tool on other
systems) for managing persistent rules. If you were brave enough to switch to
``nftables``, you will have to rollback until official support is released

10
docs/configuration.rst
View File

@ -49,8 +49,8 @@ accounts for a specific IP subnet as defined in
The ``AUTH_RATELIMIT_USER`` (default: 50/day) holds a security setting for fighting
attackers that attempt to guess a user's password (typically using a password
bruteforce attack). The value defines the limit of distinct authentication attempts
allowed for any given account within a specific timeframe. Multiple attempts for the
brute-force attack). The value defines the limit of distinct authentication attempts
allowed for any given account within a specific time-frame. Multiple attempts for the
same account with the same password only counts for one.
The ``AUTH_RATELIMIT_EXEMPTION_LENGTH`` (default: 86400) is the number of seconds
@ -102,7 +102,7 @@ by setting ``INBOUND_TLS_ENFORCE`` to ``True``. Please note that this is forbidd
internet facing hosts according to e.g. `RFC 3207`_ , because this prevents MTAs without STARTTLS
support or e.g. mismatching TLS versions to deliver emails to Mailu.
The ``SCAN_MACROS`` (default: True) setting controls whether Mailu will endavour
The ``SCAN_MACROS`` (default: True) setting controls whether Mailu will endeavor
to reject emails containing documents with malicious macros. Under the hood, it uses
`mraptor from oletools`_ to determine whether a macro is malicious or not.
@ -168,11 +168,11 @@ in the admin interface, while ``SITENAME`` is a customization option for
every Web interface.
- ``LOGO_BACKGROUND`` sets a custom background colour for the brand logo
in the topleft of the main admin interface.
in the top-left of the main admin interface.
For a list of colour codes refer to this page of `w3schools`_.
- ``LOGO_URL`` sets a URL for a custom logo. This logo replaces the Mailu
logo in the topleft of the main admin interface.
logo in the top-left of the main admin interface.
.. _`w3schools`: https://www.w3schools.com/cssref/css_colors.asp

2
docs/contributors/guidelines.rst
View File

@ -93,7 +93,7 @@ Configuration files should be compiled at runtime by the container `start.py`
script and all conditional syntax should be handled using Jinja logic.
The `socrate` Python package should include relevant functions for container
lifecycle management.
life-cycle management.
Anything that is not static, i.e. able to change at runtime, either due to
configuration in the admin UI or user behavior, should take advantage of the

4
docs/contributors/memo.rst
View File

@ -8,7 +8,7 @@ Mailu uses Babel for internationalization and localization. Before any
of your work is merged, you must make sure that your strings are internationalized
using Babel.
If you used ``_``, ``trans`` blocks and other Babel syntaxes in your code, run the
If you used ``_``, ``trans`` blocks and other Babel syntax in your code, run the
following command to update the POT file:
.. code-block:: bash
@ -26,7 +26,7 @@ Please resolve fuzzy strings to the best of your knowledge.
Update information files
------------------------
If you added a feature or fixed a bug or committed anything that is worth mentionning
If you added a feature or fixed a bug or committed anything that is worth mentioning
for the next upgrade, add it in the ``CHANGELOG.md`` file.
Also, if you would like to be mentioned by name or add a comment in ``AUTHORS.md``,

4
docs/contributors/workflow.rst
View File

@ -19,8 +19,8 @@ This is a community project, thus commits should be readable enough for any of
the contributors to guess the content by simply reading the comment or find a
proper commit when one knows what they are looking for.
Usual standards remain: write english comments, single line short comments and
additional multiline if required (keep in mind that the most important piece
Usual standards remain: write English comments, single line short comments and
additional multi-line if required (keep in mind that the most important piece
of information should fit in the first line).
Branches

6
docs/database.rst
View File

@ -25,9 +25,9 @@ To switch to a different database back-end:
1. Drop into a shell inside the admin container as you'll need to execute multiple commands. E.g. `docker exec -i $(docker compose ps -q admin) bash`
2. Initialize the new database backend: `flask mailu db init`
2. Initialize the new database back-end: `flask mailu db init`
3. Migrate the new database backend to the current state: `flask mailu db upgrade`
3. Migrate the new database back-end to the current state: `flask mailu db upgrade`
4. Import the configuration export: `flask mailu config-import -v < /data/mail-config.yml`
@ -216,4 +216,4 @@ Optionally you can remove left-over files which were used by the old database:
.. note::
Roundcube does not offer a migration tool for moving from SQLite to PostgreSQL.
In case roundcube is used, the Mailu setup utility can be used to specify SQLite for the roundcube database backend.
In case roundcube is used, the Mailu setup utility can be used to specify SQLite for the roundcube database back-end.

10
docs/faq.rst
View File

@ -192,7 +192,7 @@ This means it can be scaled horizontally. For more information, refer to :ref:`k
*Issue reference:* `165`_, `520`_.
How to achieve HA / failover?
How to achieve HA / fail-over?
`````````````````````````````
The mailboxes and databases for Mailu are kept on the host filesystem under ``$ROOT/``.
@ -287,7 +287,7 @@ I want to integrate Nextcloud 15 (and newer) with Mailu
If a domain name (e.g. example.com) is specified, then this makes sure that only users from this domain will be allowed to login.
After successfull login the domain part will be stripped and the rest used as username in Nextcloud. e.g. 'username@example.com' will be 'username' in Nextcloud. Disable this behaviour by changing true (the fifth parameter) to false.
After successful login the domain part will be stripped and the rest used as username in Nextcloud. e.g. 'username@example.com' will be 'username' in Nextcloud. Disable this behaviour by changing true (the fifth parameter) to false.
*Issue reference:* `575`_.
@ -473,7 +473,7 @@ Re-starting the smtp container will be required for changes to take effect.
.. _`2213`: https://github.com/Mailu/Mailu/issues/2213
My emails are getting defered, what can I do?
My emails are getting deferred, what can I do?
`````````````````````````````````````````````
Emails are asynchronous and it's not abnormal for them to be defered sometimes. That being said, Mailu enforces secure connections where possible using DANE and MTA-STS, both of which have the potential to delay indefinitely delivery if something is misconfigured.
@ -731,8 +731,8 @@ Restart the Fail2Ban service.
Users can't change their password from webmail
``````````````````````````````````````````````
All users have the abilty to login to the admin interface. Non-admin users
have only restricted funtionality such as changing their password and the
All users have the ability to login to the admin interface. Non-admin users
have only restricted functionality such as changing their password and the
spam filter weight settings.
*Issue reference:* `503`_.

2
docs/index.rst
View File

@ -23,7 +23,7 @@ popular groupware.
Main features include:
- **Standard email server**, IMAP and IMAP+, SMTP and Submission with autoconfiguration profiles for clients
- **Standard email server**, IMAP and IMAP+, SMTP and Submission with auto-configuration profiles for clients
- **Advanced email features**, aliases, domain aliases, custom routing, full-text search of email attachments
- **Web access**, multiple Webmails and administration interface
- **User features**, aliases, auto-reply, auto-forward, fetched accounts, managesieve

6
docs/releases.rst
View File

@ -342,9 +342,9 @@ A fair amount of work went in this release; In no particular order:
- outbound SMTP connections from Mailu are now enjoying some protection against active attackers thanks to DANE and MTA-STS support. Specific policies can be configured for specific destinations thanks to ``tls_policy_maps`` and configuring your system to publish a policy has been documented in the FAQ.
- outbound emails can now be rate-limited (to mitigate SPAM in case an account is taken over)
- long term storage of passwords has been rethought to enable stronger protection against offline attackers (switch to iterated and salted SHA+bcrypt) while enabling much better performance (credential cache). Please encourage your users to use tokens where appropriate and keep in mind that existing hashes will be converted on first use to the new format.
- session handling has been reworked from the grounds up: they have been switched from client side (cookies) to server-side, unified (SSO, expiry, lifetime) accross all web-facing applications and some mitigations against session fixation have been implemented.
- rate limiting has seen many improvements: It is now deployed on all entry points (SMTP/IMAP/POP3/WEB/WEBMAIL) and configured to defeat both password bruteforces (thanks to a limit against total number of failed attempts against an account over a period) and password spraying (thanks to a limit for each client on the total number of non-existing accounts that can be queried). Exemption mechanisms have been put in place (device tokens, dynamic IP whitelists) to ensure that genuine clients and users won't be affected by default and the default configuration thought to fit most usecases.
- if you use letsencrypt, Mailu is now configured to offer both RSA and ECC certificates to clients; It will OSCP stapple its replies where appropriate
- session handling has been reworked from the grounds up: they have been switched from client side (cookies) to server-side, unified (SSO, expiry, lifetime) across all web-facing applications and some mitigations against session fixation have been implemented.
- rate limiting has seen many improvements: It is now deployed on all entry points (SMTP/IMAP/POP3/WEB/WEBMAIL) and configured to defeat both password bruteforces (thanks to a limit against total number of failed attempts against an account over a period) and password spraying (thanks to a limit for each client on the total number of non-existing accounts that can be queried). Exemption mechanisms have been put in place (device tokens, dynamic IP whitelists) to ensure that genuine clients and users won't be affected by default and the default configuration thought to fit most use-cases.
- if you use letsencrypt, Mailu is now configured to offer both RSA and ECC certificates to clients; It will OSCP staple its replies where appropriate
Updated Admin interface

4
docs/reverse.rst
View File

@ -4,7 +4,7 @@ Using an external reverse proxy
One of Mailu's use cases is as part of a larger services platform, where maybe
other Web services are available on other FQDNs served from the same IP address.
In such a configuration, one would usually run a frontend reverse proxy to serve all
In such a configuration, one would usually run a front-end reverse proxy to serve all
Web contents based on criteria like the requested hostname (virtual hosts).
.. _traefik_proxy:
@ -134,4 +134,4 @@ in mailu.env:
TLS_FLAVOR=mail-letsencrypt
WEBROOT_REDIRECT=/sso/login
Using the above configuration, Traefik will proxy all the traffic related to Mailu's FQDNs without requiring dupplicate certificates.
Using the above configuration, Traefik will proxy all the traffic related to Mailu's FQDNs without requiring duplicate certificates.

2
docs/webadministration.rst
View File

@ -252,7 +252,7 @@ The menu item Antispam opens the Rspamd webgui. For more information how spam fi
The spam filtering page also contains a section that describes how to create a local blacklist for blocking email messages from specific domains.
The Rspamd webgui offers basic functions for setting metric actions, scores, viewing statistics and learning.
The following settings are not persisent and are *lost* when the Antispam container is recreated or restarted:
The following settings are not persistent and are *lost* when the Antispam container is recreated or restarted:
* On the configuration tab, any changes to config files that do not reside in /var/lib or /etc/rspamd/override.d. The last location is mapped to the Mailu overrides folder.

4
setup/templates/steps/compose/02_services.html
View File

@ -61,7 +61,7 @@ the security implications caused by such an increase of attack surface.<p>
Enable oletools
</label>
<i>Oletools scans documents in email attachements for malicious macros. It has a much lower memory footprint than a full-fledged anti-virus.</i>
<i>Oletools scans documents in email attachments for malicious macros. It has a much lower memory footprint than a full-fledged anti-virus.</i>
</div>
<div class="form-check form-check-inline">
@ -70,7 +70,7 @@ the security implications caused by such an increase of attack surface.<p>
Enable Tika
</label>
<i>Tika enables the functionality for searching through attachments. Tika scans documents in email attachments, process (OCR, keyword extraction) and then index them in a way they can be efficiently searched. This requires significant ressources (RAM, CPU and storage).</i>
<i>Tika enables the functionality for searching through attachments. Tika scans documents in email attachments, process (OCR, keyword extraction) and then index them in a way they can be efficiently searched. This requires significant resources (RAM, CPU and storage).</i>
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>

2
setup/templates/steps/config.html
View File

@ -10,7 +10,7 @@
<p>In the following sections we need to set the postmaster address. This is a combination of the <i>postmaster</i> local part and the <i>main mail domain</i>.
The <i>main mail domain</i> is also used as </i>"server display name"</i>. This is the way the SMTP server identifies itself when connecting to others.
The Postmaster will get an e-mail address &lt;postmaster&gt;@&lt;main_domain&gt;. This address will receive the DMARC "rua" and "ruf" reports.
Or in plain english: if receivers start to classify your mail as spam, this postmaster will be informed.</p>
Or in plain English: if receivers start to classify your mail as spam, this postmaster will be informed.</p>
<div class="form-group">
<label>