2735: Mailu 2.0 release r=mergify[bot] a=Diman0
## What type of PR?
feature
## What does this PR do?
Changes for releasing Mailu 2.0. I must still proofread the release notes I wrote.
### Related issue(s)
- closes#2215
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2733: Ensure we always ask for the existing password before allowing a change r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
Ensure we always ask for the existing password before allowing a change.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2732: Only account for distinct attempts in rate limits r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
Only account for distinct attempts in rate limits. This is solving the problem related to users changing their passwords and having their client hammer the old credentials.
Reduce the default to 50 distinct passwords per day
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2725: Fix access to radicale r=mergify[bot] a=Diman0
## What type of PR?
bug-fix
## What does this PR do?
Fix the access issue to radicale. I did not create a newsfragment, because this works fine on 1.9. This was only broken on master.
### Related issue(s)
- closes#2723
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2717: nginx: Allow HTTP and/or TCP ports to accept the PROXY protocol r=mergify[bot] a=OdyX
This is a feature proposal, as a followup to close#2300, with a cleaner split proposal.
Co-authored-by: Didier 'OdyX' Raboud <odyx@raksha.ch>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Didier Raboud <odyx@debian.org>
Remove database choice from setup.
Remove the old *DB_* database env variables from the documentation.
The env vars are deprecated now. They will be removed after the upcoming
Mailu release.
2709: Validate proxy ip with PROXY_AUTH_WHITELIST r=mergify[bot] a=Diman0
## What type of PR?
bug fix
## What does this PR do?
The Proxy code validated the real client ip against the proxy auth whitelist. It should be the proxy ip that is checked. That is changed with this PR.
### Related issue(s)
- closes#2708
- #2692
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [n/a] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2690: Change rspamd override system to use .include with lowest priority. r=mergify[bot] a=Diman0
## What does this PR do?
All override files are used as if they were placed in the rspamd local.d folder.
New override system for Rspamd. In the old system, all files were placed in the Rspamd overrides folder. These overrides would override everything, including the Mailu Rspamd config.
Now overrides are placed in /overrides.
If you use your own map files, change the location to /override/myMapFile.map in the corresponding conf file. It works as following.
* If the override file overrides a Mailu defined config file, it will be included in the Mailu config file with lowest priority. It will merge with existing sections.
* If the override file does not override a Mailu defined config file, then the file will be placed in the rspamd local.d folder. It will merge with existing sections.
For more information, see the description of the local.d folder on the rspamd website: https://www.rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
## What type of PR?
enhancement
### Related issue(s)
- closes#2555
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2703: Paranoia: drop the headers we don't use r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
Paranoia: drop the headers we don't use. This ensures there is no misunderstanding in between front and the other containers.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2566: Make it clear that we don't delete users r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Make it clear that we don't delete users. Users can and should be disabled when not in use anymore.
### Related issue(s)
- closes#1820
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
All override files are used as if they were placed in the rspamd
local.d folder.
From the newsfragment:
New override system for Rspamd. In the old system, all files were placed in the Rspamd overrides folder.
These overrides would override everything, including the Mailu Rspamd config.
Now overrides are placed in /overrides.
If you use your own map files, change the location to /override/myMapFile.map in the corresponding conf file.
It works as following.
* If the override file overrides a Mailu defined config file,
it will be included in the Mailu config file with lowest priority.
It will merge with existing sections.
* If the override file does not override a Mailu defined config file,
then the file will be placed in the rspamd local.d folder.
It will merge with existing sections.
For more information, see the description of the local.d folder on the rspamd website:
https://www.rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
2664: Fix the bug reported by fastlorenzo r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Fix the bug reported by fastlorenzo: when using proxy-auth, if the user doesn't exist you have to hit the URL twice.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2646: Smarter ratelimit r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
Only account for **distinct** usernames in the IP rate-limiter.
This enables to have a much tighter default as a user with a misconfigured device will now only account for a single attempt.
The goal here is to make the rate-limiter more acceptable and to avoid people disabling it altogether.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2640: Add env variable to set sieve_vacation_to_header_ignore_envelope r=mergify[bot] a=nwinkelstraeter
When used with SRS the vacation plugin creates a reply with SRS in the To: header which does not look nice for the recipient. Setting sieve_vacation_to_header_ignore_envelope will use the headers from the original source message instead of potentially rewritten ones.
Without this option auto-replies are sent with a To header with SRS, e.g `SRS0=uetG=43=sender.com=user@autoresponder.com`
With this option they are sent with just `user@sender.com`
This option is for whatever reason not part of the [pigeonhole docs](https://doc.dovecot.org/configuration_manual/sieve/extensions/vacation/) but it is documented here: 34431d7a67/NEWS (L338)
## What type of PR?
enhancement
## What does this PR do?
This PR adds an environment variable to the set the `sieve_vacation_to_header_ignore_envelope` configuration
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
Co-authored-by: Nico Winkelsträter <nico.winkelstraeter@initos.com>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
This is done by setting sieve_vacation_to_header_ignore_envelope to yes
The envelope is rewritten by recipent_canonical_maps to reverse SRS after the plugin checks it
so we need the plugin to ignore it at this point.
2638: further finishing touches for restful api r=mergify[bot] a=Diman0
- Fix setup utility setting correct value to env var API. It now also sets `false` when the API is disabled in the setup utility.
- Fix IF statement for enabling API in nginx.conf. Setting a different value than `API=true` in mailu.env now disabled the API endpoint in nginx.
- Use safer command for regenerating example API token. It uses crypto.getRandomValues() (as suggested by nextgens) which should be more random than the previously used method.
## What type of PR?
bug-fix
## What does this PR do?
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2636: Fix out of office replies r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Fix sieve/out of office replies by adding SUBNET to rspamd's local_networks.
Webmails are now on a different subnet.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2633: Don't apply antispoof rules on locally generated emails r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Don't apply antispoof rules on locally generated emails; This was breaking the auto-responder and sieve rules.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2631: Restful api finishing touches r=mergify[bot] a=Diman0
## What type of PR?
enhancement
## What does this PR do?
Some finishing touches for the restful api.
- Make the API configurable via the setup utility.
- Configured exactly the same as the ADMIN and WEBMAIL.
- We have a single config (API) that configures whether it is exposed (via front). Just like ADMIN. The API is always reachable by directly connecting to the admin container.
- API_TOKEN does not enable/disable the API anymore. When it is not configured, an error is returned (via the internet browser) that the API_TOKEN must be configured in mailu.env.
- Fix some small bugs in the setup utility ( selecting none in the dropdown boxes, now correctly changes the config)
- Update Flask-RestX to 1.0.5. This resolves the deprecation warnings introduced by Flask-RestX.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2628: Set default for FETCHMAIL_ENABLED r=mergify[bot] a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
Set the default for FETCHMAIL_ENABLED to true in the admin container.
This keeps existing functionality for people upgrading without re-creating the `mailu.env`.
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2627: Add SUBNET6 to places where SUBNET is used r=nextgens a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
Also add SUBNET6 where SUBNET is used.
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2625: Disable fetchmail r=mergify[bot] a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
Only show "fetched accounts" button in user list when fetchmail feature is enabled.
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2613: Enhance network segregation r=nextgens a=nextgens
## What type of PR?
enhancement
## What does this PR do?
- put radicale and webmail on their own network: this is done for security: that way they have no privileged access anywhere (no access to redis, no access to XCLIENT, ...)
- remove the EXPOSE statements from the dockerfiles. These ports are for internal comms and are not meant to be exposed in any way to the outside world.
### Related issue(s)
- #2611
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2624: Move runtime environment variables to the end r=nextgens a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
This moves the environment variables used at runtime from the system to the base image.
It's a workaround for a strange build issue observed when building with hardened malloc enabled.
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2464: Introduce RESTful API r=mergify[bot] a=Diman0
## What type of PR?
Feature
## What does this PR do?
Introduces a RESTful API for changing the complete Mailu config.
Anything that can be configured in the web administration interface, can also be configured via the Mailu RESTful API.
Via the swagger.json endpoint the complete OpenAPI specification can be retrieved.
Via the endpoint swaggerui, a web client is available which shows all the endpoints, data models and allows you to submit requests.
See docs/api.rst and docs/configuration.rst for details for enabling it.
### Related issue(s)
- closes#445
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2603: Enable HAPROXY protocol on SUBNET r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
- Enable HAPROXY in between front and imap: With this we avoid running into the limitations of ``mail_max_userip_connections`` and the logfiles reflect the real IP.
- Enable HAPROXY in between front and smtp: with this postfix and rspamd are aware of whether TLS was used or not on the last hop. In practice this won't work as nginx doesn't send PROTO yet.
- Discard redundant log messages from postfix
With all of this, not only are the logs easier to understand but ``doveadm who`` also works as one would expect.
### Related issue(s)
- closes#894
- #1328
- closes#1364
- #1705
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2596: db.String without length cause an error in migration for MySQL DB r=mergify[bot] a=csthiang
## What type of PR?
bug-fix
## What does this PR do?
For MySQL, `db.String` requires a length because db.String gets translated to `VARCHAR` in MySQL and `VARCHAR` requires a length. I was considering adding a length to it but since the affected fields were used to store CommaSeparatedList and json-encoded string, I have a feeling it can be quite large in the future. `db.Text` seems to fit into this use case but please correct me if I am wrong.
This actually affects a DB migration with the following error:
```
File "/app/venv/bin/flask", line 8, in <module>
sys.exit(main())
File "/app/venv/lib/python3.10/site-packages/flask/cli.py", line 1047, in main
cli.main()
File "/app/venv/lib/python3.10/site-packages/click/core.py", line 1055, in main
rv = self.invoke(ctx)
File "/app/venv/lib/python3.10/site-packages/click/core.py", line 1657, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/app/venv/lib/python3.10/site-packages/click/core.py", line 1657, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/app/venv/lib/python3.10/site-packages/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/app/venv/lib/python3.10/site-packages/click/core.py", line 760, in invoke
return __callback(*args, **kwargs)
File "/app/venv/lib/python3.10/site-packages/click/decorators.py", line 26, in new_func
return f(get_current_context(), *args, **kwargs)
File "/app/venv/lib/python3.10/site-packages/flask/cli.py", line 357, in decorator
return __ctx.invoke(f, *args, **kwargs)
File "/app/venv/lib/python3.10/site-packages/click/core.py", line 760, in invoke
return __callback(*args, **kwargs)
File "/app/venv/lib/python3.10/site-packages/flask_migrate/cli.py", line 149, in upgrade
_upgrade(directory, revision, sql, tag, x_arg)
File "/app/venv/lib/python3.10/site-packages/flask_migrate/__init__.py", line 98, in wrapped
f(*args, **kwargs)
File "/app/venv/lib/python3.10/site-packages/flask_migrate/__init__.py", line 185, in upgrade
command.upgrade(config, revision, sql=sql, tag=tag)
File "/app/venv/lib/python3.10/site-packages/alembic/command.py", line 322, in upgrade
script.run_env()
File "/app/venv/lib/python3.10/site-packages/alembic/script/base.py", line 569, in run_env
util.load_python_file(self.dir, "env.py")
File "/app/venv/lib/python3.10/site-packages/alembic/util/pyfiles.py", line 94, in load_python_file
module = load_module_py(module_id, path)
File "/app/venv/lib/python3.10/site-packages/alembic/util/pyfiles.py", line 110, in load_module_py
spec.loader.exec_module(module) # type: ignore
File "<frozen importlib._bootstrap_external>", line 883, in exec_module
File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
File "/app/migrations/env.py", line 99, in <module>
run_migrations_online()
File "/app/migrations/env.py", line 92, in run_migrations_online
context.run_migrations()
File "<string>", line 8, in run_migrations
File "/app/venv/lib/python3.10/site-packages/alembic/runtime/environment.py", line 853, in run_migrations
self.get_context().run_migrations(**kw)
File "/app/venv/lib/python3.10/site-packages/alembic/runtime/migration.py", line 623, in run_migrations
step.migration_fn(**kw)
File "/app/migrations/versions/f4f0f89e0047_.py", line 18, in upgrade
with op.batch_alter_table('fetch') as batch:
File "/usr/lib/python3.10/contextlib.py", line 142, in __exit__
next(self.gen)
File "/app/venv/lib/python3.10/site-packages/alembic/operations/base.py", line 381, in batch_alter_table
impl.flush()
File "/app/venv/lib/python3.10/site-packages/alembic/operations/batch.py", line 111, in flush
fn(*arg, **kw)
File "/app/venv/lib/python3.10/site-packages/alembic/ddl/impl.py", line 322, in add_column
self._exec(base.AddColumn(table_name, column, schema=schema))
File "/app/venv/lib/python3.10/site-packages/alembic/ddl/impl.py", line 195, in _exec
return conn.execute(construct, multiparams)
File "/app/venv/lib/python3.10/site-packages/sqlalchemy/engine/base.py", line 1380, in execute
return meth(self, multiparams, params, _EMPTY_EXECUTION_OPTS)
File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/ddl.py", line 80, in _execute_on_connection
return connection._execute_ddl(
File "/app/venv/lib/python3.10/site-packages/sqlalchemy/engine/base.py", line 1469, in _execute_ddl
compiled = ddl.compile(
File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/elements.py", line 502, in compile
return self._compiler(dialect, **kw)
File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/ddl.py", line 32, in _compiler
return dialect.ddl_compiler(dialect, self, **kw)
File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/compiler.py", line 463, in __init__
self.string = self.process(self.statement, **compile_kwargs)
File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/compiler.py", line 498, in process
return obj._compiler_dispatch(self, **kwargs)
File "/app/venv/lib/python3.10/site-packages/sqlalchemy/ext/compiler.py", line 548, in <lambda>
lambda *arg, **kw: existing(*arg, **kw),
File "/app/venv/lib/python3.10/site-packages/sqlalchemy/ext/compiler.py", line 604, in __call__
expr = fn(element, compiler, **kw)
File "/app/venv/lib/python3.10/site-packages/alembic/ddl/base.py", line 190, in visit_add_column
add_column(compiler, element.column, **kw),
File "/app/venv/lib/python3.10/site-packages/alembic/ddl/base.py", line 330, in add_column
text = "ADD COLUMN %s" % compiler.get_column_specification(column, **kw)
File "/app/venv/lib/python3.10/site-packages/sqlalchemy/dialects/mysql/base.py", line 1714, in get_column_specification
self.dialect.type_compiler.process(
File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/compiler.py", line 532, in process
return type_._compiler_dispatch(self, **kw)
File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/visitors.py", line 82, in _compiler_dispatch
return meth(self, **kw)
File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/compiler.py", line 5028, in visit_type_decorator
return self.process(type_.type_engine(self.dialect), **kw)
File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/compiler.py", line 532, in process
return type_._compiler_dispatch(self, **kw)
File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/visitors.py", line 82, in _compiler_dispatch
return meth(self, **kw)
File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/compiler.py", line 5006, in visit_string
return self.visit_VARCHAR(type_, **kw)
File "/app/venv/lib/python3.10/site-packages/sqlalchemy/dialects/mysql/base.py", line 2214, in visit_VARCHAR
raise exc.CompileError(
sqlalchemy.exc.CompileError: VARCHAR requires a length on dialect mysql
[2022-12-22 09:23:12 +0000] [17] [INFO] Starting gunicorn 20.1.0
[2022-12-22 09:23:12 +0000] [17] [INFO] Listening at: http://0.0.0.0:80 (17)
[2022-12-22 09:23:12 +0000] [17] [INFO] Using worker: gthread
[2022-12-22 09:23:12 +0000] [18] [INFO] Booting worker with pid: 18
```
### Related issue(s)
none
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Johnson Thiang <jthiang@pop-os.localdomain>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
This is not perfect...
- dovecot now complains about waitpid/finding a new process
- postfix is still regularly pinging rspamd / his milter and that
generates a few lines worth of logs each time.
With this we avoid running into the limitations of
mail_max_userip_connections (see #894 amd #1364) and the
logfiles as well as ``doveadm who`` give an accurate picture.
Anything that can be configured in the web administration interface,
can also be configured via the Mailu RESTful API.
See the section Advanced configuration in the configuration reference
for the relevant settings in mailu.env for enabling the API.
(API, WEB_API, API_TOKEN).
2528: Implement #2510: oletools integration r=mergify[bot] a=nextgens
## What type of PR?
Feature
## What does this PR do?
OLETools now flags documents with macros and rejects suspicious ones. We also block executable file extensions by default (but don't perform inspection in archives: you can tell users to zip-up whatever needs sending).
### Related issue(s)
- closes#2510
- closes#2511
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2588: IMAP folder names may contain characters outside of \w: [a-zA-Z0-9] r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
IMAP folder names may contain characters outside of \w: [a-zA-Z0-9]. Typically it may be subfolders...
I have also simplified the regexp since we strip spaces the line below.
This is used for "external accounts"/fetchmail.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2562: Dynamic address resolution everywhere r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
Use dynamic address resolution everywhere.
Derive a new key for admin/SECRET_KEY
Cleanup the environment
This should allow restarting containers.
### Related issue(s)
- closes#1341
- closes#1013
- closes#1430
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2577: Autofocus the login form on /sso/login r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
Autofocus the login form on /sso/login
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2571: Upgrade to alpine 3.17.0 r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
Upgrade to alpine 3.17.0.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2564: Misc dovecot config changes r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
- fix RECIPIENT_DELIMITER (wrong scope, was ignored)
This can be confirmed using: ``$nc imap 2525 ...`` and delivering to a VERP address
- drop privileges of the LMTP daemon
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2565: Fix DB downgrade r=mergify[bot] a=nextgens
Fix DB downgrade. This isn't used in normal operations but is wrong nevertheless.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2568: Fix a bug preventing users without IMAP access to access the webmails r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Fix a bug preventing users without IMAP access to access the webmails
### Related issue(s)
- close#2451
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2542: Implement header authentication via external proxy r=mergify[bot] a=nextgens
## What type of PR?
Feature
## What does this PR do?
Implement header authentication via external proxy
### Related issue(s)
- closes#1972
- closes#2183
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
2559: Turns out that php81-ctype is required by roundcube r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
It solves:
```
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "NOTICE: PHP message: PHP Fatal error: Uncaught Error: Call to undefined function Masterminds\HTML5\Parser\ctype_alpha() in /var/www/roundcube/vendor/masterminds/html5/src/HTML5/Parser/Tokenizer.php:140"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "Stack trace:"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#0 /var/www/roundcube/vendor/masterminds/html5/src/HTML5/Parser/Tokenizer.php(82): Masterminds\HTML5\Parser\Tokenizer->consumeData()"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#1 /var/www/roundcube/vendor/masterminds/html5/src/HTML5.php(161): Masterminds\HTML5\Parser\Tokenizer->parse()"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#2 /var/www/roundcube/vendor/masterminds/html5/src/HTML5.php(89): Masterminds\HTML5->parse('<html>\n <hea...', Array)"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#3 /var/www/roundcube/program/lib/Roundcube/rcube_washtml.php(700): Masterminds\HTML5->loadHTML('<html>\n <hea...')"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#4 /var/www/roundcube/program/actions/mail/index.php(975): rcube_washtml->wash('<html>\n <hea...')"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#5 /var/www/roundcube/program/actions/mail/index.php(1019): rcmail_action_mail_index::wash_html('<!doctype html>...', Array, Array)"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#6 /var/www/roundcube/program/actions/mail/show.php(720): rcmail_action_mail_index::pr..."
```
see https://github.com/roundcube/roundcubemail/issues/7049
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2546: Implement a GUI for WILDCARD_SENDERS r=mergify[bot] a=nextgens
## What type of PR?
Feature
## What does this PR do?
- Implement a GUI for WILDCARD_SENDERS
### Related issue(s)
- closes#2372
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2544: Fix#2242: Make quotas adjustable in 50MiB increments r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
Make quotas adjustable in 50MiB increments
### Related issue(s)
- closes#2242
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2550: Webmail hardening r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
Add [Snuffleupagus](https://github.com/jvoisin/snuffleupagus/) (a modern Suhosin replacement) to protect webmails.
It may be possible to harden further, by encrypting some of the cookies and auditing the usage of gpg more closely.
This seems to work for me.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2543: Fix#2231: make public announcements work r=nextgens a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Ensure public announcements bypass filters.
They can still time-out... but this is already a big improvement that we should be able to backport.
### Related issue(s)
- closes#2231
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2529: Improve fetchmail r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
Improve fetchmail:
- allow delivery via LMTP (faster, bypassing the filters)
- allow several folders to be retrieved
- run fetchmail as non-root
- tweak the compose file to ensure we have all the dependencies
### Related issue(s)
- closes#1231
- closes#2246
- closes#711
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2547: Disable libhardened-malloc for non x86. r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Support is going to be a nightmare if RPI4 is not working; We can always reintroduce it later.
### Related issue(s)
- closes#2541
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2538: Fix the ARM build again r=mergify[bot] a=nextgens
I have double-checked from the builder and this works.
gcc -v from the alpine image tells me that we have ``--enable-default-pie``
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2537: Fix the armv7 build (again)! r=mergify[bot] a=nextgens
Revert "simplify": ghostwheel42's approach was right
This reverts commit 04f6bd2633.
Without the build still errors-out because of ``set -euxo pipefail``
see https://github.com/Mailu/Mailu/actions/runs/3479399158/jobs/5817902589
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2483: Introduce FETCHMAIL_ENABLED r=mergify[bot] a=DjVinnii
## What type of PR?
Enhancement
## What does this PR do?
Add `FETCHMAIL_ENABLED` to enable/disable the Fetchmail functionality in the Admin UI.
### Related issue(s)
- closes#2127
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
2535: fix the linux/arm/v7 build r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
The arm builder is running aarch64 ... and there is no package for arm/v7
Co-authored-by: Vincent Kling <v.kling@vinniict.nl>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2525: Switch to GrapheneOS's hardened_malloc r=mergify[bot] a=nextgens
## What type of PR?
Feature
## What does this PR do?
Switch to GrapheneOS's hardened_malloc
This was suggested during the dev meeting of the 18/09/22.
It may break things and it may make things unbearably slow... but it should also make the exploitation of memory corruption bugs a lot harder.
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
2534: Close#2533: document SQLALCHEMY_DATABASE_URI r=mergify[bot] a=nextgens
## What type of PR?
documentation
## What does this PR do?
document SQLALCHEMY_DATABASE_URI
### Related issue(s)
- closes#2533
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2530: disable SESSION_COOKIE_SECURE when TLS_FLAVOR=notls r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
People are unlikely to proxy everything
### Related issue(s)
- closes#2527
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2514: Update deps r=mergify[bot] a=ghostwheel42
## What type of PR?
update python dependencies
## What does this PR do?
Update python deps in base image
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2523: fix JS error r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
It fixes a bug whereby one may have to click twice on the submit button depending on timing.
e.trigger() will error out on most browsers.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2479: Rework the anti-spoofing rule r=mergify[bot] a=nextgens
## What type of PR?
Feature
## What does this PR do?
We shouldn't assume that Mailu is the only MTA allowed to send emails on behalf of the domains it hosts.
We should also ensure that it's non-trivial for email-spoofing of hosted domains to happen
Previously we were preventing any spoofing of the envelope from; Now we are preventing spoofing of both the envelope from and the header from unless some form of authentication passes (is a RELAYHOST, SPF, DKIM, ARC)
### Related issue(s)
- close#2475
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
