mirror of
https://github.com/Mailu/Mailu.git
synced 2024-12-04 10:24:41 +02:00
Run aspell
This commit is contained in:
parent
efcf7a1581
commit
af511308c9
@ -17,7 +17,7 @@ Features
|
||||
|
||||
Main features include:
|
||||
|
||||
- **Standard email server**, IMAP and IMAP+, SMTP and Submission with autoconfiguration profiles for clients
|
||||
- **Standard email server**, IMAP and IMAP+, SMTP and Submission with auto-configuration profiles for clients
|
||||
- **Advanced email features**, aliases, domain aliases, custom routing, full-text search of email attachments
|
||||
- **Web access**, multiple Webmails and administration interface
|
||||
- **User features**, aliases, auto-reply, auto-forward, fetched accounts, managesieve
|
||||
|
@ -60,6 +60,6 @@
|
||||
{%- endcall %}
|
||||
<blockquote>
|
||||
{% trans %}If you use an Apple device,{% endtrans %}
|
||||
<a href="/apple.mobileconfig">{% trans %}click here to autoconfigure it.{% endtrans %}</a>
|
||||
<a href="/apple.mobileconfig">{% trans %}click here to auto-configure it.{% endtrans %}</a>
|
||||
</blockquote>
|
||||
{%- endblock %}
|
||||
|
@ -33,7 +33,7 @@ Rspamd rejects non-compliant email messages and email messages that contain viru
|
||||
|
||||
* In the administration web interface, under settings under Antispam 'Enable spam filter' must be ticked. If this option is disabled, then all email messages will automatically go to the inbox folder. Except for email messages with a score of 15 or higher, as these email messages are rejected by Rspamd.
|
||||
|
||||
* In the administration web interface, under settings under Antispam, the user defined spam filter tolerance must be configured. The default value is 80%. The lower the spam filter tolerance, the more false positives (ham classified as spam). The user can change this setting to finetune when an email message is classified as spam.
|
||||
* In the administration web interface, under settings under Antispam, the user defined spam filter tolerance must be configured. The default value is 80%. The lower the spam filter tolerance, the more false positives (ham classified as spam). The user can change this setting to fine-tune when an email message is classified as spam.
|
||||
|
||||
* Dovecot extracts the X-Spam-Level email header from the email message and converts the spam score (0 - 15) to a 0 - 100 percent scale. This spam score is compared with the user defined spam filter tolerance. If the spam score is lower than the user defined spam filter tolerance, then the email message is accepted. In logic:
|
||||
|
||||
@ -110,7 +110,7 @@ The following steps have to be taken to configure an additional symbol (rule) th
|
||||
|
||||
* no action: allow message. The email message will be allowed without a spam score being added in the mail header. This can be used for creating a whitelist filter.
|
||||
|
||||
* soft reject: temporarily delay message (this is used, for instance, to greylist or ratelimit messages)
|
||||
* soft reject: temporarily delay message (this is used, for instance, to greylist or rate-limit messages)
|
||||
|
||||
To move an email message to the Junk (Spam) folder, a score of 15 can be used in combination with the action "add header".
|
||||
The above example configuration will reject all emails send from domains that are listed in '/etc/rspamd/override.d/blacklist.inc'.
|
||||
@ -158,7 +158,7 @@ For more information on using the multimap filter see the official `multimap doc
|
||||
Can I change the list of authorized file attachments?
|
||||
-----------------------------------------------------
|
||||
|
||||
Mailu rejects emails with file attachements it deems to be "executable" or otherwise dangerous. If you would like to tweak the block list, you can do so using the following commands:
|
||||
Mailu rejects emails with file attachments it deems to be "executable" or otherwise dangerous. If you would like to tweak the block list, you can do so using the following commands:
|
||||
|
||||
.. code-block:: bash
|
||||
|
||||
|
@ -43,7 +43,7 @@ make sure that you either:
|
||||
|
||||
- setup a root *ext4* partition,
|
||||
- or setup a root *btrfs* partition,
|
||||
- or leave enough unpartitionned space for a dedicated *ext4* or *btrfs*
|
||||
- or leave enough unpartitioned space for a dedicated *ext4* or *btrfs*
|
||||
partition.
|
||||
|
||||
If you chose to create a dedicated partition, simply mount it to
|
||||
@ -74,7 +74,7 @@ default Debian install:
|
||||
apt-get autoremove --purge exim4 exim4-base
|
||||
|
||||
|
||||
Finally, Docker relies heavily on ``iptables`` for port forwardings. You
|
||||
Finally, Docker relies heavily on ``iptables`` for port forwarding. You
|
||||
should use ``iptables-persistent`` (or any equivalent tool on other
|
||||
systems) for managing persistent rules. If you were brave enough to switch to
|
||||
``nftables``, you will have to rollback until official support is released
|
||||
|
@ -49,8 +49,8 @@ accounts for a specific IP subnet as defined in
|
||||
|
||||
The ``AUTH_RATELIMIT_USER`` (default: 50/day) holds a security setting for fighting
|
||||
attackers that attempt to guess a user's password (typically using a password
|
||||
bruteforce attack). The value defines the limit of distinct authentication attempts
|
||||
allowed for any given account within a specific timeframe. Multiple attempts for the
|
||||
brute-force attack). The value defines the limit of distinct authentication attempts
|
||||
allowed for any given account within a specific time-frame. Multiple attempts for the
|
||||
same account with the same password only counts for one.
|
||||
|
||||
The ``AUTH_RATELIMIT_EXEMPTION_LENGTH`` (default: 86400) is the number of seconds
|
||||
@ -102,7 +102,7 @@ by setting ``INBOUND_TLS_ENFORCE`` to ``True``. Please note that this is forbidd
|
||||
internet facing hosts according to e.g. `RFC 3207`_ , because this prevents MTAs without STARTTLS
|
||||
support or e.g. mismatching TLS versions to deliver emails to Mailu.
|
||||
|
||||
The ``SCAN_MACROS`` (default: True) setting controls whether Mailu will endavour
|
||||
The ``SCAN_MACROS`` (default: True) setting controls whether Mailu will endeavor
|
||||
to reject emails containing documents with malicious macros. Under the hood, it uses
|
||||
`mraptor from oletools`_ to determine whether a macro is malicious or not.
|
||||
|
||||
@ -168,11 +168,11 @@ in the admin interface, while ``SITENAME`` is a customization option for
|
||||
every Web interface.
|
||||
|
||||
- ``LOGO_BACKGROUND`` sets a custom background colour for the brand logo
|
||||
in the topleft of the main admin interface.
|
||||
in the top-left of the main admin interface.
|
||||
For a list of colour codes refer to this page of `w3schools`_.
|
||||
|
||||
- ``LOGO_URL`` sets a URL for a custom logo. This logo replaces the Mailu
|
||||
logo in the topleft of the main admin interface.
|
||||
logo in the top-left of the main admin interface.
|
||||
|
||||
.. _`w3schools`: https://www.w3schools.com/cssref/css_colors.asp
|
||||
|
||||
|
@ -93,7 +93,7 @@ Configuration files should be compiled at runtime by the container `start.py`
|
||||
script and all conditional syntax should be handled using Jinja logic.
|
||||
|
||||
The `socrate` Python package should include relevant functions for container
|
||||
lifecycle management.
|
||||
life-cycle management.
|
||||
|
||||
Anything that is not static, i.e. able to change at runtime, either due to
|
||||
configuration in the admin UI or user behavior, should take advantage of the
|
||||
|
@ -8,7 +8,7 @@ Mailu uses Babel for internationalization and localization. Before any
|
||||
of your work is merged, you must make sure that your strings are internationalized
|
||||
using Babel.
|
||||
|
||||
If you used ``_``, ``trans`` blocks and other Babel syntaxes in your code, run the
|
||||
If you used ``_``, ``trans`` blocks and other Babel syntax in your code, run the
|
||||
following command to update the POT file:
|
||||
|
||||
.. code-block:: bash
|
||||
@ -26,7 +26,7 @@ Please resolve fuzzy strings to the best of your knowledge.
|
||||
Update information files
|
||||
------------------------
|
||||
|
||||
If you added a feature or fixed a bug or committed anything that is worth mentionning
|
||||
If you added a feature or fixed a bug or committed anything that is worth mentioning
|
||||
for the next upgrade, add it in the ``CHANGELOG.md`` file.
|
||||
|
||||
Also, if you would like to be mentioned by name or add a comment in ``AUTHORS.md``,
|
||||
|
@ -19,8 +19,8 @@ This is a community project, thus commits should be readable enough for any of
|
||||
the contributors to guess the content by simply reading the comment or find a
|
||||
proper commit when one knows what they are looking for.
|
||||
|
||||
Usual standards remain: write english comments, single line short comments and
|
||||
additional multiline if required (keep in mind that the most important piece
|
||||
Usual standards remain: write English comments, single line short comments and
|
||||
additional multi-line if required (keep in mind that the most important piece
|
||||
of information should fit in the first line).
|
||||
|
||||
Branches
|
||||
|
@ -25,9 +25,9 @@ To switch to a different database back-end:
|
||||
|
||||
1. Drop into a shell inside the admin container as you'll need to execute multiple commands. E.g. `docker exec -i $(docker compose ps -q admin) bash`
|
||||
|
||||
2. Initialize the new database backend: `flask mailu db init`
|
||||
2. Initialize the new database back-end: `flask mailu db init`
|
||||
|
||||
3. Migrate the new database backend to the current state: `flask mailu db upgrade`
|
||||
3. Migrate the new database back-end to the current state: `flask mailu db upgrade`
|
||||
|
||||
4. Import the configuration export: `flask mailu config-import -v < /data/mail-config.yml`
|
||||
|
||||
@ -216,4 +216,4 @@ Optionally you can remove left-over files which were used by the old database:
|
||||
|
||||
.. note::
|
||||
Roundcube does not offer a migration tool for moving from SQLite to PostgreSQL.
|
||||
In case roundcube is used, the Mailu setup utility can be used to specify SQLite for the roundcube database backend.
|
||||
In case roundcube is used, the Mailu setup utility can be used to specify SQLite for the roundcube database back-end.
|
||||
|
10
docs/faq.rst
10
docs/faq.rst
@ -192,7 +192,7 @@ This means it can be scaled horizontally. For more information, refer to :ref:`k
|
||||
|
||||
*Issue reference:* `165`_, `520`_.
|
||||
|
||||
How to achieve HA / failover?
|
||||
How to achieve HA / fail-over?
|
||||
`````````````````````````````
|
||||
|
||||
The mailboxes and databases for Mailu are kept on the host filesystem under ``$ROOT/``.
|
||||
@ -287,7 +287,7 @@ I want to integrate Nextcloud 15 (and newer) with Mailu
|
||||
|
||||
|
||||
If a domain name (e.g. example.com) is specified, then this makes sure that only users from this domain will be allowed to login.
|
||||
After successfull login the domain part will be stripped and the rest used as username in Nextcloud. e.g. 'username@example.com' will be 'username' in Nextcloud. Disable this behaviour by changing true (the fifth parameter) to false.
|
||||
After successful login the domain part will be stripped and the rest used as username in Nextcloud. e.g. 'username@example.com' will be 'username' in Nextcloud. Disable this behaviour by changing true (the fifth parameter) to false.
|
||||
|
||||
*Issue reference:* `575`_.
|
||||
|
||||
@ -473,7 +473,7 @@ Re-starting the smtp container will be required for changes to take effect.
|
||||
|
||||
.. _`2213`: https://github.com/Mailu/Mailu/issues/2213
|
||||
|
||||
My emails are getting defered, what can I do?
|
||||
My emails are getting deferred, what can I do?
|
||||
`````````````````````````````````````````````
|
||||
|
||||
Emails are asynchronous and it's not abnormal for them to be defered sometimes. That being said, Mailu enforces secure connections where possible using DANE and MTA-STS, both of which have the potential to delay indefinitely delivery if something is misconfigured.
|
||||
@ -731,8 +731,8 @@ Restart the Fail2Ban service.
|
||||
Users can't change their password from webmail
|
||||
``````````````````````````````````````````````
|
||||
|
||||
All users have the abilty to login to the admin interface. Non-admin users
|
||||
have only restricted funtionality such as changing their password and the
|
||||
All users have the ability to login to the admin interface. Non-admin users
|
||||
have only restricted functionality such as changing their password and the
|
||||
spam filter weight settings.
|
||||
|
||||
*Issue reference:* `503`_.
|
||||
|
@ -23,7 +23,7 @@ popular groupware.
|
||||
|
||||
Main features include:
|
||||
|
||||
- **Standard email server**, IMAP and IMAP+, SMTP and Submission with autoconfiguration profiles for clients
|
||||
- **Standard email server**, IMAP and IMAP+, SMTP and Submission with auto-configuration profiles for clients
|
||||
- **Advanced email features**, aliases, domain aliases, custom routing, full-text search of email attachments
|
||||
- **Web access**, multiple Webmails and administration interface
|
||||
- **User features**, aliases, auto-reply, auto-forward, fetched accounts, managesieve
|
||||
|
@ -342,9 +342,9 @@ A fair amount of work went in this release; In no particular order:
|
||||
- outbound SMTP connections from Mailu are now enjoying some protection against active attackers thanks to DANE and MTA-STS support. Specific policies can be configured for specific destinations thanks to ``tls_policy_maps`` and configuring your system to publish a policy has been documented in the FAQ.
|
||||
- outbound emails can now be rate-limited (to mitigate SPAM in case an account is taken over)
|
||||
- long term storage of passwords has been rethought to enable stronger protection against offline attackers (switch to iterated and salted SHA+bcrypt) while enabling much better performance (credential cache). Please encourage your users to use tokens where appropriate and keep in mind that existing hashes will be converted on first use to the new format.
|
||||
- session handling has been reworked from the grounds up: they have been switched from client side (cookies) to server-side, unified (SSO, expiry, lifetime) accross all web-facing applications and some mitigations against session fixation have been implemented.
|
||||
- rate limiting has seen many improvements: It is now deployed on all entry points (SMTP/IMAP/POP3/WEB/WEBMAIL) and configured to defeat both password bruteforces (thanks to a limit against total number of failed attempts against an account over a period) and password spraying (thanks to a limit for each client on the total number of non-existing accounts that can be queried). Exemption mechanisms have been put in place (device tokens, dynamic IP whitelists) to ensure that genuine clients and users won't be affected by default and the default configuration thought to fit most usecases.
|
||||
- if you use letsencrypt, Mailu is now configured to offer both RSA and ECC certificates to clients; It will OSCP stapple its replies where appropriate
|
||||
- session handling has been reworked from the grounds up: they have been switched from client side (cookies) to server-side, unified (SSO, expiry, lifetime) across all web-facing applications and some mitigations against session fixation have been implemented.
|
||||
- rate limiting has seen many improvements: It is now deployed on all entry points (SMTP/IMAP/POP3/WEB/WEBMAIL) and configured to defeat both password bruteforces (thanks to a limit against total number of failed attempts against an account over a period) and password spraying (thanks to a limit for each client on the total number of non-existing accounts that can be queried). Exemption mechanisms have been put in place (device tokens, dynamic IP whitelists) to ensure that genuine clients and users won't be affected by default and the default configuration thought to fit most use-cases.
|
||||
- if you use letsencrypt, Mailu is now configured to offer both RSA and ECC certificates to clients; It will OSCP staple its replies where appropriate
|
||||
|
||||
|
||||
Updated Admin interface
|
||||
|
@ -4,7 +4,7 @@ Using an external reverse proxy
|
||||
One of Mailu's use cases is as part of a larger services platform, where maybe
|
||||
other Web services are available on other FQDNs served from the same IP address.
|
||||
|
||||
In such a configuration, one would usually run a frontend reverse proxy to serve all
|
||||
In such a configuration, one would usually run a front-end reverse proxy to serve all
|
||||
Web contents based on criteria like the requested hostname (virtual hosts).
|
||||
|
||||
.. _traefik_proxy:
|
||||
@ -134,4 +134,4 @@ in mailu.env:
|
||||
TLS_FLAVOR=mail-letsencrypt
|
||||
WEBROOT_REDIRECT=/sso/login
|
||||
|
||||
Using the above configuration, Traefik will proxy all the traffic related to Mailu's FQDNs without requiring dupplicate certificates.
|
||||
Using the above configuration, Traefik will proxy all the traffic related to Mailu's FQDNs without requiring duplicate certificates.
|
||||
|
@ -252,7 +252,7 @@ The menu item Antispam opens the Rspamd webgui. For more information how spam fi
|
||||
The spam filtering page also contains a section that describes how to create a local blacklist for blocking email messages from specific domains.
|
||||
The Rspamd webgui offers basic functions for setting metric actions, scores, viewing statistics and learning.
|
||||
|
||||
The following settings are not persisent and are *lost* when the Antispam container is recreated or restarted:
|
||||
The following settings are not persistent and are *lost* when the Antispam container is recreated or restarted:
|
||||
|
||||
* On the configuration tab, any changes to config files that do not reside in /var/lib or /etc/rspamd/override.d. The last location is mapped to the Mailu overrides folder.
|
||||
|
||||
|
@ -61,7 +61,7 @@ the security implications caused by such an increase of attack surface.<p>
|
||||
Enable oletools
|
||||
</label>
|
||||
|
||||
<i>Oletools scans documents in email attachements for malicious macros. It has a much lower memory footprint than a full-fledged anti-virus.</i>
|
||||
<i>Oletools scans documents in email attachments for malicious macros. It has a much lower memory footprint than a full-fledged anti-virus.</i>
|
||||
</div>
|
||||
|
||||
<div class="form-check form-check-inline">
|
||||
@ -70,7 +70,7 @@ the security implications caused by such an increase of attack surface.<p>
|
||||
Enable Tika
|
||||
</label>
|
||||
|
||||
<i>Tika enables the functionality for searching through attachments. Tika scans documents in email attachments, process (OCR, keyword extraction) and then index them in a way they can be efficiently searched. This requires significant ressources (RAM, CPU and storage).</i>
|
||||
<i>Tika enables the functionality for searching through attachments. Tika scans documents in email attachments, process (OCR, keyword extraction) and then index them in a way they can be efficiently searched. This requires significant resources (RAM, CPU and storage).</i>
|
||||
</div>
|
||||
|
||||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
|
||||
|
@ -10,7 +10,7 @@
|
||||
<p>In the following sections we need to set the postmaster address. This is a combination of the <i>postmaster</i> local part and the <i>main mail domain</i>.
|
||||
The <i>main mail domain</i> is also used as </i>"server display name"</i>. This is the way the SMTP server identifies itself when connecting to others.
|
||||
The Postmaster will get an e-mail address <postmaster>@<main_domain>. This address will receive the DMARC "rua" and "ruf" reports.
|
||||
Or in plain english: if receivers start to classify your mail as spam, this postmaster will be informed.</p>
|
||||
Or in plain English: if receivers start to classify your mail as spam, this postmaster will be informed.</p>
|
||||
|
||||
<div class="form-group">
|
||||
<label>
|
||||
|
Loading…
Reference in New Issue
Block a user