1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-22 22:13:11 +02:00
Commit Graph

170 Commits

Author SHA1 Message Date
Till Skrodzki
c48e00ee26 Do not call .split() on RELAYNETS if not specified 2021-11-09 12:22:53 +01:00
DjVinnii
225160610b Set default TZ in Dockerfiles 2021-11-04 14:22:12 +01:00
DjVinnii
1d6809193b Add tzdata to core 2021-11-02 11:18:21 +01:00
Florent Daigniere
8dad40f67c doh 2021-11-01 12:48:48 +01:00
Florent Daigniere
9d474f32a6 RELAYNETS is comma separated! 2021-10-31 19:47:16 +01:00
Alexander Graf
9bc685c30b removed some more whitespace 2021-10-29 15:34:00 +02:00
Florent Daigniere
502affbe66 Use the regexp engine since we have one 2021-10-03 10:14:49 +02:00
Florent Daigniere
a349190e52 simplify 2021-10-02 10:19:57 +02:00
Florent Daigniere
995ce8d437 Remove OUTCLEAN_ADDRESS
I believe that this isn't relevant anymore as we don't use OpenDKIM
anymore

Background on:
https://bofhskull.wordpress.com/2014/03/25/postfix-opendkim-and-missing-from-header/
2021-10-01 14:54:04 +02:00
Alexander Graf
05c79b0e3c copy (and not parse) mta sts override config 2021-09-09 18:45:39 +02:00
Alexander Graf
b02ceab72f handle DEFER_ON_TLS_ERROR as bool
use /conf/mta-sts-daemon.yml when override is missing
2021-09-09 18:00:48 +02:00
bors[bot]
d464187477
Merge
1964: Alpine3.14.2 r=mergify[bot] a=nextgens

Upgrade to alpine 3.14.2, retry upgrading unbound & switch back to libressl

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-09-06 15:59:10 +00:00
Florent Daigniere
7aa403573d no with here 2021-09-05 19:06:20 +02:00
Florent Daigniere
9888efe55d Document as suggested on #mailu-dev 2021-09-05 18:23:08 +02:00
Florent Daigniere
d7c2b510c7 Give alpine 3.14.2 a shot 2021-09-01 18:56:44 +02:00
Florent Daigniere
4abf49edf4 indent 2021-09-01 09:15:13 +02:00
Florent Daigniere
489520f067 forgot about alpine/lmdb 2021-09-01 08:41:39 +02:00
Florent Daigniere
a1da4daa4c Implement the DANE-only lookup policyd
https://github.com/Snawoot/postfix-mta-sts-resolver/issues/67 for
context
2021-08-31 20:24:06 +02:00
Florent Daigniere
67db72d774 Behave like documented 2021-08-30 17:00:12 +02:00
Florent Daigniere
05b57c972e remove the static policy as it will override MTA-STS and DANE 2021-08-30 14:44:13 +02:00
Florent Daigniere
a8142dabbe Introduce DEFER_ON_TLS_ERROR
This will default to True and defer emails that fail even "loose"
validation of DANE or MTA-STS

It should work most of the time but if it doesn't and you would rather
see your emails delivered, you can turn it off.
2021-08-30 14:21:28 +02:00
Florent Daigniere
52d3a33875 Remove the domains that have a valid MTA-STS policy
gmail.com
comcast.net
mail.ru
googlemail.com
wp.pl
2021-08-29 17:41:55 +02:00
Florent Daigniere
4f96e99144 MTA-STS (use rather than publish policies) 2021-08-29 17:40:37 +02:00
Florent Daigniere
65a27b1c7f add additional options to make DANE easier 2021-08-20 14:18:07 +02:00
Florent Daigniere
fb8d52ceb2 Merge branch 'master' of https://github.com/Mailu/Mailu into tls_policy_map 2021-08-20 14:17:34 +02:00
bors[bot]
b57df78dac
Merge
1916: Ratelimit outgoing emails per user r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

A conflict-free version of  implementing per-user sender limits

### Related issue(s)
- close  
- close 
- close  

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2021-08-18 19:28:28 +00:00
Florent Daigniere
0b16291153 doh 2021-08-14 08:49:28 +02:00
Florent Daigniere
1db08018da Ensure that we get certificate validation on top90
I have found a list of the top100 email destinations online and ran them
through a script to ensure that all of their MX servers had valid
configuration... this is the result
2021-08-14 08:48:42 +02:00
Florent Daigniere
b066a5e2ac add a default tls_policy_map 2021-08-14 08:48:42 +02:00
Florent Daigniere
1df79f8132 give PFS a chance 2021-08-14 08:48:04 +02:00
Florent Daigniere
925105075c this is required in fact 2021-08-13 20:35:40 +02:00
Florent Daigniere
772e5efb7d Disable pipelining to prevent bypass 2021-08-11 22:47:29 +02:00
Florent Daigniere
2b05e72ce4 Revert "maybe fix the tests"
This reverts commit f971b47fb9.
2021-08-10 08:51:55 +02:00
Florent Daigniere
f971b47fb9 maybe fix the tests 2021-08-10 08:22:23 +02:00
Florent Daigniere
4a871c0905 this causes trouble with the test 2021-08-09 23:29:17 +02:00
Florent Daigniere
55cdb1a534 be explicit about what we support 2021-08-09 17:42:33 +02:00
Florent Daigniere
ecadf46ac6 fix PFS 2021-08-09 17:39:15 +02:00
Florent Daigniere
de3620da4a Don't send credentials in clear ever 2021-08-09 17:29:42 +02:00
Florent Daigniere
4535c42e70 This isn't required 2021-08-09 17:29:42 +02:00
Florent Daigniere
1101e401e8 Apply the restriction on the right port 2021-08-09 14:58:58 +02:00
Florent Daigniere
d6ce5d0c06 Remove a warning: limits don't apply to trusted hosts 2021-08-08 20:21:24 +02:00
Florent Daigniere
bcdc137677 Alpine has removed support for btree and hash 2021-08-08 19:18:33 +02:00
Florent Daigniere
1438253a06 Ratelimit outgoing emails per user 2021-08-08 09:21:14 +02:00
Florent Daigniere
d44608ed04 Merge remote-tracking branch 'upstream/master' into upgrade-alpine 2021-08-03 13:46:47 +02:00
bors[bot]
bf65a1248f
Merge
1885: fix 1884: always lookup a FQDN r=mergify[bot] a=nextgens

## What type of PR?

bugfix

## What does this PR do?

Fix bug . Ensure that we avoid the musl resolver bug by always looking up a FQDN

### Related issue(s)
- closes 

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-07-24 19:09:56 +00:00
Florent Daigniere
fa915d7862 Fix 1294 ensure podop's socket is owned by postfix 2021-07-24 14:39:40 +02:00
Florent Daigniere
9d2629a04e fix 1884: always lookup a FQDN 2021-07-24 12:40:38 +02:00
Florent Daigniere
1d65529c94 The lookup could fail; ensure we set something 2021-07-18 18:43:20 +02:00
Florent Daigniere
8bc1d6c08b Replace PUBLIC_HOSTNAME/IP in Received headers
This will ensure that we don't get spam points for not respecting the
RFC
2021-07-18 18:24:46 +02:00
Florent Daigniere
72735ab320 remove cyrus-sasl-plain 2021-07-05 17:08:05 +02:00