Merge remote-tracking branch 'upstream/master' into upgrade-alpine

core/admin/Dockerfile

@@ -26,7 +26,7 @@ WORKDIR /app
 COPY requirements-prod.txt requirements.txt
 RUN apk add --no-cache openssl curl postgresql-libs mariadb-connector-c \
   && apk add --no-cache --virtual build-dep \
-  openssl-dev libffi-dev python3-dev build-base postgresql-dev mariadb-connector-c-dev \
+  openssl-dev libffi-dev python3-dev build-base postgresql-dev mariadb-connector-c-dev cargo \
   && pip3 install -r requirements.txt \
   && apk del --no-cache build-dep
 

core/admin/mailu/internal/views/auth.py

@@ -63,7 +63,7 @@ def basic_authentication():
     authorization = flask.request.headers.get("Authorization")
     if authorization and authorization.startswith("Basic "):
         encoded = authorization.replace("Basic ", "")
-        user_email, password = base64.b64decode(encoded).split(b":")
+        user_email, password = base64.b64decode(encoded).split(b":", 1)
         user = models.User.query.get(user_email.decode("utf8"))
         if nginx.check_credentials(user, password.decode('utf-8'), flask.request.remote_addr, "web"):
             response = flask.Response()

core/admin/mailu/models.py

@@ -57,10 +57,9 @@ class IdnaEmail(db.TypeDecorator):
 
     def process_bind_param(self, value, dialect):
         """ encode unicode domain part of email address to punycode """
-        localpart, domain_name = value.rsplit('@', 1)
+        localpart, domain_name = value.lower().rsplit('@', 1)
         if '@' in localpart:
             raise ValueError('email local part must not contain "@"')
-        domain_name = domain_name.lower()
         return f'{localpart}@{idna.encode(domain_name).decode("ascii")}'
 
     def process_result_value(self, value, dialect):
@@ -272,11 +271,12 @@ class Domain(Base):
             return dkim.strip_key(dkim_key).decode('utf8')
 
     def generate_dkim_key(self):
-        """ generate and activate new DKIM key """
+        """ generate new DKIM key """
         self.dkim_key = dkim.gen_key()
 
     def has_email(self, localpart):
         """ checks if localpart is configured for domain """
+        localpart = localpart.lower()
         for email in chain(self.users, self.aliases):
             if email.localpart == localpart:
                 return True
@@ -355,8 +355,8 @@ class Email(object):
     @email.setter
     def email(self, value):
         """ setter for email - sets _email, localpart and domain_name at once """
-        self.localpart, self.domain_name = value.rsplit('@', 1)
-        self._email = value
+        self._email = value.lower()
+        self.localpart, self.domain_name = self._email.rsplit('@', 1)
 
     @staticmethod
     def _update_localpart(target, value, *_):
@@ -371,8 +371,8 @@ class Email(object):
     @classmethod
     def __declare_last__(cls):
         # gets called after mappings are completed
-        sqlalchemy.event.listen(User.localpart, 'set', cls._update_localpart, propagate=True)
-        sqlalchemy.event.listen(User.domain_name, 'set', cls._update_domain_name, propagate=True)
+        sqlalchemy.event.listen(cls.localpart, 'set', cls._update_localpart, propagate=True)
+        sqlalchemy.event.listen(cls.domain_name, 'set', cls._update_domain_name, propagate=True)
 
     def sendmail(self, subject, body):
         """ send an email to the address """
@@ -389,8 +389,7 @@ class Email(object):
     def resolve_domain(cls, email):
         """ resolves domain alternative to real domain """
         localpart, domain_name = email.rsplit('@', 1) if '@' in email else (None, email)
-        alternative = Alternative.query.get(domain_name)
-        if alternative:
+        if alternative := Alternative.query.get(domain_name):
             domain_name = alternative.domain_name
         return (localpart, domain_name)
 
@@ -401,12 +400,14 @@ class Email(object):
         localpart_stripped = None
         stripped_alias = None
 
-        if os.environ.get('RECIPIENT_DELIMITER') in localpart:
-            localpart_stripped = localpart.rsplit(os.environ.get('RECIPIENT_DELIMITER'), 1)[0]
+        delim = os.environ.get('RECIPIENT_DELIMITER')
+        if delim in localpart:
+            localpart_stripped = localpart.rsplit(delim, 1)[0]
 
         user = User.query.get(f'{localpart}@{domain_name}')
         if not user and localpart_stripped:
             user = User.query.get(f'{localpart_stripped}@{domain_name}')
+
         if user:
             email = f'{localpart}@{domain_name}'
 
@@ -416,15 +417,15 @@ class Email(object):
                     destination.append(email)
             else:
                 destination = [email]
+
             return destination
 
         pure_alias = Alias.resolve(localpart, domain_name)
-        stripped_alias = Alias.resolve(localpart_stripped, domain_name)
 
         if pure_alias and not pure_alias.wildcard:
             return pure_alias.destination
 
-        if stripped_alias:
+        if stripped_alias := Alias.resolve(localpart_stripped, domain_name):
             return stripped_alias.destination
 
         if pure_alias:

core/admin/mailu/ui/templates/user/reply.html

@@ -14,7 +14,7 @@
   {{ form.hidden_tag() }}
   {{ macros.form_field(form.reply_enabled,
       onchange="if(this.checked){$('#reply_subject,#reply_body,#reply_enddate,#reply_startdate').removeAttr('readonly')}
-                else{$('#reply_subject,#reply_body,#reply_enddate').attr('readonly', '')}") }}
+                else{$('#reply_subject,#reply_body,#reply_enddate,#reply_startdate').attr('readonly', '')}") }}
   {{ macros.form_field(form.reply_subject,
       **{("rw" if user.reply_enabled else "readonly"): ""}) }}
     {{ macros.form_field(form.reply_body, rows=10,

core/admin/mailu/ui/views/domains.py

@@ -74,6 +74,8 @@ def domain_details(domain_name):
 def domain_genkeys(domain_name):
     domain = models.Domain.query.get(domain_name) or flask.abort(404)
     domain.generate_dkim_key()
+    models.db.session.add(domain)
+    models.db.session.commit()
     return flask.redirect(
         flask.url_for(".domain_details", domain_name=domain_name))
 

core/admin/package.json

@@ -2,34 +2,30 @@
   "name": "mailu",
   "version": "1.0.0",
   "description": "Mailu admin assets",
-  "main": "assest/index.js",
+  "main": "assets/index.js",
+  "directories": {
+    "lib": "lib"
+  },
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1"
   },
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "@babel/core": "^7.4.4",
-    "@babel/preset-env": "^7.4.4",
-    "admin-lte": "^2.4.10",
-    "babel-loader": "^8.0.5",
-    "bootstrap": "^3.4.1",
+    "@babel/core": "^7.14.6",
+    "admin-lte": "^2.4.18",
+    "babel-loader": "^8.0.6",
     "css-loader": "^2.1.1",
     "expose-loader": "^0.7.5",
-    "file-loader": "^3.0.1",
-    "font-awesome": "^4.7.0",
-    "font-awesome-loader": "^1.0.2",
-    "jQuery": "^1.7.4",
-    "less": "^3.9.0",
+    "jquery": "^3.6.0",
+    "less": "^3.13.1",
     "less-loader": "^5.0.0",
-    "mini-css-extract-plugin": "^0.6.0",
-    "node-sass": "^4.12.0",
-    "popper.js": "^1.15.0",
-    "sass-loader": "^7.1.0",
-    "select2": "^4.0.7-rc.0",
-    "style-loader": "^0.23.1",
-    "url-loader": "^1.1.2",
-    "webpack": "^4.30.0",
-    "webpack-cli": "^3.3.2"
+    "mini-css-extract-plugin": "^1.2.1",
+    "node-sass": "^4.13.1",
+    "sass-loader": "^7.3.1",
+    "select2": "^4.0.13",
+    "url-loader": "^2.3.0",
+    "webpack": "^4.33.0",
+    "webpack-cli": "^3.3.12"
   }
 }

core/admin/requirements-prod.txt

@@ -5,7 +5,7 @@ bcrypt==3.1.6
 blinker==1.4
 cffi==1.12.3
 Click==7.0
-cryptography==3.2
+cryptography==3.4.7
 decorator==4.4.0
 dnspython==1.16.0
 dominate==2.3.5
@@ -25,7 +25,7 @@ idna==2.8
 infinity==1.4
 intervals==0.8.1
 itsdangerous==1.1.0
-Jinja2==2.10.1
+Jinja2==2.11.3
 limits==1.3
 Mako==1.0.9
 MarkupSafe==1.1.1
@@ -36,11 +36,11 @@ passlib==1.7.4
 psycopg2==2.8.2
 pycparser==2.19
 Pygments==2.8.1
-pyOpenSSL==19.0.0
+pyOpenSSL==20.0.1
 python-dateutil==2.8.0
 python-editor==1.0.4
 pytz==2019.1
-PyYAML==5.1
+PyYAML==5.4.1
 redis==3.2.1
 #alpine3:12 provides six==1.15.0
 #six==1.12.0

core/admin/start.py

@@ -19,7 +19,8 @@ if account is not None and domain is not None and password is not None:
     os.system("flask mailu admin %s %s '%s' --mode %s" % (account, domain, password, mode))
 
 start_command="".join([
-    "gunicorn -w 4 -b :80 ",
+    "gunicorn --threads ", str(os.cpu_count()),
+    " -b :80 ",
     "--access-logfile - " if (log.root.level<=log.INFO) else "",
     "--error-logfile - ",
     "--preload ",

core/postfix/conf/outclean_header_filter.cf

@@ -4,7 +4,7 @@
 # Remove the first line of the Received: header. Note that we cannot fully remove the Received: header
 # because OpenDKIM requires that a header be present when signing outbound mail. The first line is
 # where the user's home IP address would be.
-/^\s*Received:[^\n]*(.*)/         REPLACE Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])$1
+/^\s*Received:[^\n]*(.*)/         REPLACE Received: from authenticated-user ({{OUTCLEAN}} [{{OUTCLEAN_ADDRESS}}])$1
 
 # Remove other typically private information.
 /^\s*User-Agent:/        IGNORE

core/postfix/start.py

@@ -8,12 +8,13 @@ import logging as log
 import sys
 
 from podop   import run_server
+from pwd import getpwnam
 from socrate import system, conf
 
 log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "WARNING"))
 
 def start_podop():
-    os.setuid(100)
+    os.setuid(getpwnam('postfix').pw_uid)
     url = "http://" + os.environ["ADMIN_ADDRESS"] + "/internal/postfix/"
     # TODO: Remove verbosity setting from Podop?
     run_server(0, "postfix", "/tmp/podop.socket", [
@@ -36,6 +37,15 @@ os.environ["FRONT_ADDRESS"] = system.get_host_address_from_environment("FRONT",
 os.environ["ADMIN_ADDRESS"] = system.get_host_address_from_environment("ADMIN", "admin")
 os.environ["ANTISPAM_MILTER_ADDRESS"] = system.get_host_address_from_environment("ANTISPAM_MILTER", "antispam:11332")
 os.environ["LMTP_ADDRESS"] = system.get_host_address_from_environment("LMTP", "imap:2525")
+os.environ["OUTCLEAN"] = os.environ["HOSTNAMES"].split(",")[0]
+try:
+    _to_lookup = os.environ["OUTCLEAN"]
+    # Ensure we lookup a FQDN: @see #1884
+    if not _to_lookup.endswith('.'):
+        _to_lookup += '.'
+    os.environ["OUTCLEAN_ADDRESS"] = system.resolve_hostname(_to_lookup)
+except:
+    os.environ["OUTCLEAN_ADDRESS"] = "10.10.10.10"
 
 for postfix_file in glob.glob("/conf/*.cf"):
     conf.jinja(postfix_file, os.environ, os.path.join("/etc/postfix", os.path.basename(postfix_file)))