1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-16 10:59:53 +02:00
Commit Graph

1985 Commits

Author SHA1 Message Date
Florent Daigniere
e6b9285f86 Send rport too 2023-04-21 11:04:08 +02:00
Florent Daigniere
d4bc99626f Ensure we log rport 2023-04-21 10:29:28 +02:00
Florent Daigniere
0025d06c4e maybe fix healthcheck 2023-04-21 10:08:32 +02:00
Florent Daigniere
915c1a75f1 Make it generic. Should we implement TARPIT? 2023-04-21 09:21:11 +02:00
Florent Daigniere
2d8b2b15fe tweak-logs 2023-04-21 09:13:11 +02:00
Florent Daigniere
4b02b2bd65 Add health-check 2023-04-21 08:59:42 +02:00
Florent Daigniere
cf0b440b2a Remove another useless message 2023-04-20 19:58:09 +02:00
Florent Daigniere
86ff5f7b71 Merge remote-tracking branch 'upstream/master' into managesieve-proxy 2023-04-20 18:53:17 +02:00
Florent Daigniere
21982478fb warning is enough 2023-04-20 18:01:16 +02:00
Florent Daigniere
281800d946 Try to do the same for ARM64, log a message if we do 2023-04-20 17:59:14 +02:00
Florent Daigniere
ede331f657 LD_PRELOAD may not be in ENV 2023-04-20 17:46:27 +02:00
Florent Daigniere
107b0ab5ff Implement managesieve support 2023-04-20 15:36:17 +02:00
bors[bot]
6710a29c5e
Merge #2772
2772: Always exempt app-tokens from rate limits r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Always exempt app-tokens from rate limits
Ensure that unsuccessful login attempts against a valid account hit the ip-based rate-limit too

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-04-20 10:12:01 +00:00
Florent Daigniere
5a55d1824e Make it happen post-deduplication 2023-04-16 12:57:20 +02:00
Florent Daigniere
21ed7b69a8 ratelimit: ensure we hit the ip-ratelimit on unsuccesful attempts
against a valid account
2023-04-16 11:30:14 +02:00
Florent Daigniere
775033391a doh 2023-04-14 13:56:39 +02:00
Florent Daigniere
c363378005 Always exempt app-tokens from rate limits 2023-04-14 12:51:43 +02:00
Florent Daigniere
b6ed4fd83e fix #2764 2023-04-14 10:09:51 +02:00
Florent Daigniere
7b08232049 Sanitize logs as appropriate 2023-04-13 14:46:12 +02:00
Florent Daigniere
8686e5154f Fix #2720 2023-04-12 12:33:33 +02:00
Florent Daigniere
845eff0055 fix 2757 2023-04-08 12:27:32 +02:00
Florent Daigniere
a09c23d8de Fix it 2023-04-08 11:32:46 +02:00
Dimitri Huisman
c54271db32
Fix config-import. Config with dkim key could not be imported. 2023-04-07 14:19:17 +00:00
bors[bot]
0cc7c2fd05
Merge #2735
2735: Mailu 2.0 release r=mergify[bot] a=Diman0

## What type of PR?

feature

## What does this PR do?
Changes for releasing Mailu 2.0.  I must still proofread the release notes I wrote.

### Related issue(s)
- closes #2215

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-04-05 07:03:37 +00:00
Dimitri Huisman
5f14c8ced1
Fix unmet dependency 2023-04-04 12:51:59 +00:00
Dimitri Huisman
a2655e3c79
Update dependencies with CVEs 2023-04-04 12:35:27 +00:00
Florent Daigniere
94ef62a884 Don't rate-limit port 25, ever. 2023-04-04 12:47:11 +02:00
Florent Daigniere
ab7b82d05b Clarify 2023-04-04 11:33:34 +02:00
Florent Daigniere
040dd82d3e fix bug 2023-04-04 11:30:59 +02:00
Dimitri Huisman
e88fa6a1f5
Merge branch 'master' into new-release-mailu 2023-04-04 08:00:25 +00:00
bors[bot]
b68e132369
Merge #2733
2733: Ensure we always ask for the existing password before allowing a change r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Ensure we always ask for the existing password before allowing a change.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-04-04 07:11:56 +00:00
bors[bot]
cae01a36b4
Merge #2732
2732: Only account for distinct attempts in rate limits r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Only account for distinct attempts in rate limits. This is solving the problem related to users changing their passwords and having their client hammer the old credentials.

Reduce the default to 50 distinct passwords per day

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2023-04-03 20:40:10 +00:00
Dimitri Huisman
453acad21f
Initial changes for Mailu 2.0 release 2023-04-02 16:45:42 +00:00
Florent Daigniere
c0f1f58f55 No need for that 2023-04-02 18:03:44 +02:00
Florent Daigniere
7dc2912770
Update core/admin/mailu/limiter.py
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
2023-04-02 17:11:16 +02:00
Florent Daigniere
52de10a5e5 resets don't need the current password 2023-04-02 16:41:12 +02:00
Florent Daigniere
616e4a7734 Ensure we always ask for the existing password before allowing a change 2023-04-02 16:35:15 +02:00
Florent Daigniere
795a7bafa2 should never happen but heh 2023-04-01 12:22:44 +02:00
Florent Daigniere
04a2cdab2f Only account for distinct attempts in rate limits 2023-04-01 11:33:02 +02:00
bors[bot]
be5214bb68
Merge #2725
2725: Fix access to radicale r=mergify[bot] a=Diman0

## What type of PR?

bug-fix

## What does this PR do?

Fix the access issue to radicale. I did not create a newsfragment, because this works fine on 1.9. This was only broken on master. 

### Related issue(s)
- closes #2723

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-03-29 06:35:39 +00:00
Dimitri Huisman
36069e3e06
Fix access to radicale 2023-03-28 20:01:43 +00:00
Dimitri Huisman
57a42ff3c8
Update instructions for syncing alpine image 2023-03-28 21:04:22 +02:00
Dimitri Huisman
250a200edb
Mirror alpine image to ghcr.io/mailu docker org to prevent docker pull rate limit.
Use mirrored ghcr.io/mailu/alpine image as base image.
2023-03-28 18:23:35 +00:00
bors[bot]
83c44740f6
Merge #2717
2717: nginx: Allow HTTP and/or TCP ports to accept the PROXY protocol r=mergify[bot] a=OdyX

This is a feature proposal, as a followup to close #2300, with a cleaner split proposal.

Co-authored-by: Didier 'OdyX' Raboud <odyx@raksha.ch>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Didier Raboud <odyx@debian.org>
2023-03-28 15:52:25 +00:00
Didier 'OdyX' Raboud
cd7dc7baea
nginx behind proxy: provide a healthcheck for localhost over port 10204 2023-03-28 14:13:59 +02:00
Didier 'OdyX' Raboud
e31dc0eb90
l10n fr: uppercase accented 'status' 2023-03-28 13:22:56 +02:00
Didier 'OdyX' Raboud
45f1a4b5f7
l10n fr: add DNS TLS and autoconfig translations 2023-03-28 13:22:41 +02:00
Didier 'OdyX' Raboud
4d6457af1a
l10n fr: fix Relayed domains' plural 2023-03-28 13:22:23 +02:00
Didier 'OdyX' Raboud
2e40467376
nginx with PROXY protocol for mail; only set_real_ip_from in 'all' and 'mail' alternatives 2023-03-28 09:09:11 +02:00
Dimitri Huisman
991dd647cb
nginx: fix proxy settings when PROXY protocol is used
Tested-By: Didier Raboud <odyx@raksha.ch>
2023-03-28 09:08:39 +02:00
Didier 'OdyX' Raboud
d9ed3cd179
nginx: Allow http and/or mail servers to accept the PROXY protocol
See #2300 for the initial proposal
2023-03-28 09:08:38 +02:00
Dimitri Huisman
6d31831cf5
Sigh. Forgot to actually save the modified requirements-dev.txt file.
Remove the pinned version for requirements for dev.
The blocking issue is resolved, so no need to pin the old version.
2023-03-26 13:28:40 +00:00
Dimitri Huisman
709edb522b
Introduce connection string (database url) for roundcube.
Remove database choice from setup.
Remove the old *DB_* database env variables from the documentation.
The env vars are deprecated now. They will be removed after the upcoming
Mailu release.
2023-03-26 12:21:00 +00:00
bors[bot]
5044c78740
Merge #2709
2709: Validate proxy ip with PROXY_AUTH_WHITELIST r=mergify[bot] a=Diman0

## What type of PR?

bug fix

## What does this PR do?
The Proxy code validated the real client ip against the proxy auth whitelist. It should be the proxy ip that is checked. That is changed with this PR.

### Related issue(s)
- closes #2708
- #2692

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [n/a] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-03-18 13:26:59 +00:00
bors[bot]
c15595836a
Merge #2690
2690: Change rspamd override system to use .include with lowest priority. r=mergify[bot] a=Diman0

## What does this PR do?

All override files are used as if they were placed in the rspamd local.d folder.

New override system for Rspamd. In the old system, all files were placed in the Rspamd overrides folder. These overrides would override everything, including the Mailu Rspamd config.

Now overrides are placed in /overrides.
If you use your own map files, change the location to /override/myMapFile.map in the corresponding conf file. It works as following.
* If the override file overrides a Mailu defined config file, it will be included in the Mailu config file with lowest priority. It will merge with existing sections.
* If the override file does not override a Mailu defined config file, then the file will be placed in the rspamd local.d folder. It will merge with existing sections.

For more information, see the description of the local.d folder on the rspamd website: https://www.rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories

## What type of PR?

enhancement

### Related issue(s)
- closes #2555 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-03-18 10:01:23 +00:00
Dimitri Huisman
ee1f0f94a3
Don't use the header when we don't need it. 2023-03-18 09:17:21 +00:00
Dimitri Huisman
f20208fb4b
Fix error in check for proxy scenario 2023-03-18 09:05:18 +00:00
Dimitri Huisman
4912fa1dff
Fix a typo. 2023-03-18 08:55:32 +00:00
Dimitri Huisman
20bf0e8a65
Add fix for wrong redirect in proxy scenario and accessing WEBROOT_REDIRECT 2023-03-18 08:40:45 +00:00
Dimitri Huisman
29bfc9dd9d
Add fallback just in case X-Forwarded-By is empty. 2023-03-18 08:16:30 +00:00
Dimitri Huisman
25b9db4b00
Proxy endpoint was checking real client ip instead of proxy ip
for validating PROXY_AUTH_WHITELIST
2023-03-18 08:14:46 +00:00
bors[bot]
1d9791ceaa
Merge #2703
2703: Paranoia: drop the headers we don't use r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Paranoia: drop the headers we don't use. This ensures there is no misunderstanding in between front and the other containers.

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-03-17 15:38:25 +00:00
bors[bot]
5fbfb3cb1c
Merge #2566
2566: Make it clear that we don't delete users r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Make it clear that we don't delete users. Users can and should be disabled when not in use anymore.

### Related issue(s)
- closes #1820

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
2023-03-17 11:55:11 +00:00
Dimitri Huisman
c482c71f6c
Add missing () 2023-03-16 22:49:07 +01:00
Florent Daigniere
698f1f377c Check https://attackshipsonfi.re/p/exploiting-cors-misconfigurations out 2023-03-16 08:12:46 +01:00
Florent Daigniere
8eb1542f64 Paranoia: drop the headers we don't use 2023-03-16 08:07:57 +01:00
Dimitri Huisman
31faee4218
Merge branch 'master' into delete-disable 2023-03-15 18:16:46 +01:00
Florent Daigniere
1831ca3b1e Handle WEBROOT_REDIRECT better 2023-03-14 09:40:43 +01:00
Florent Daigniere
e1739befc0 Make it work for /admin/antispam too 2023-03-13 08:40:29 +01:00
Florent Daigniere
f44cd24bf8 doh 2023-03-12 19:54:27 +01:00
Florent Daigniere
925c753f40 Merge branch 'master' of https://github.com/Mailu/Mailu into guess-target 2023-03-12 19:43:05 +01:00
Florent Daigniere
b607375603 Fix 2692: make the external auth proxy usable 2023-03-12 19:40:44 +01:00
Florent Daigniere
dd912169fb Make the login page guess where to redirect 2023-03-12 18:07:25 +01:00
Florent Daigniere
1b045b4a94 Introduce AUTH_PROXY_LOGOUT_URL 2023-03-12 18:07:25 +01:00
Dimitri Huisman
45177bd25a
bring back removed blank lines 2023-03-09 08:30:58 +00:00
Dimitri Huisman
7ce28bd6e9
Fix some small errors 2023-03-09 08:28:18 +00:00
Dimitri Huisman
8861ce6edb
Change rspamd override system to use include with lowest priority.
All override files are used as if they were placed in the rspamd
local.d folder.

From the newsfragment:
New override system for Rspamd. In the old system, all files were placed in the Rspamd overrides folder.
These overrides would override everything, including the Mailu Rspamd config.

Now overrides are placed in /overrides.
If you use your own map files, change the location to /override/myMapFile.map in the corresponding conf file.
It works as following.
* If the override file overrides a Mailu defined config file,
  it will be included in the Mailu config file with lowest priority.
  It will merge with existing sections.
* If the override file does not override a Mailu defined config file,
  then the file will be placed in the rspamd local.d folder.
  It will merge with existing sections.

For more information, see the description of the local.d folder on the rspamd website:
https://www.rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
2023-03-09 08:21:45 +00:00
PM Extra
4858f76057
Fix user create form 2023-02-24 13:51:41 +08:00
PM Extra
74fabccda6
Fix updating the default quota_bytes in the form 2023-02-24 09:42:59 +08:00
PM Extra
54667b2789
Fix UserForm of Admin UI 2023-02-23 20:54:37 +08:00
PM Extra
80d861523b
Apply DEFAULT_QUOTA to user creation admin ui page 2023-02-23 20:32:19 +08:00
S474N
92be819053
Update messages.po 2023-02-21 16:26:50 +01:00
S474N
d6757514af
Czech translation
Czech translation
2023-02-21 16:20:57 +01:00
bors[bot]
0de2430868
Merge #2664
2664: Fix the bug reported by fastlorenzo r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Fix the bug reported by fastlorenzo: when using proxy-auth, if the user doesn't exist you have to hit the URL twice.

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-02-20 12:39:04 +00:00
Florent Daigniere
fed5ab1564 Alpine 3.17.2 2023-02-16 14:28:54 +01:00
Florent Daigniere
6a4d8603fc Create the user before logging it in 2023-02-14 13:41:46 +01:00
Florent Daigniere
f125420400 Fix the bug reported by fastlorenzo 2023-02-14 11:33:16 +01:00
Florent Daigniere
66b7c76836 Doh. Without this email delivery from RELAYNET is broken 2023-02-09 16:04:13 +01:00
bors[bot]
aea7407044
Merge #2646
2646: Smarter ratelimit r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Only account for **distinct** usernames in the IP rate-limiter.

This enables to have a much tighter default as a user with a misconfigured device will now only account for a single attempt.

The goal here is to make the rate-limiter more acceptable and to avoid people disabling it altogether.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2023-02-09 12:18:41 +00:00
bors[bot]
46429ab247
Merge #2640
2640: Add env variable to set sieve_vacation_to_header_ignore_envelope r=mergify[bot] a=nwinkelstraeter

When used with SRS the vacation plugin creates a reply with SRS in the To: header which does not look nice for the recipient. Setting sieve_vacation_to_header_ignore_envelope will use the headers from the original source message instead of potentially rewritten ones.

Without this option auto-replies are sent with a To header with SRS, e.g `SRS0=uetG=43=sender.com=user@autoresponder.com`
With this option they are sent with just `user@sender.com`

This option is for whatever reason not part of the [pigeonhole docs](https://doc.dovecot.org/configuration_manual/sieve/extensions/vacation/) but it is documented here: 34431d7a67/NEWS (L338)

## What type of PR?

enhancement

## What does this PR do?
This PR adds an environment variable to the set the `sieve_vacation_to_header_ignore_envelope` configuration

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly



Co-authored-by: Nico Winkelsträter <nico.winkelstraeter@initos.com>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-02-09 10:08:48 +00:00
Nico Winkelsträter
9cb2ef7632 Let vacation plugin ignore envelope sender to avoid SRS recipient
This is done by setting sieve_vacation_to_header_ignore_envelope to yes
The envelope is rewritten by recipent_canonical_maps to reverse SRS after the plugin checks it
so we need the plugin to ignore it at this point.
2023-02-09 11:01:35 +01:00
Florent Daigniere
085bac6e08 Change AUTH_RATELIMIT_IP_V6_MASK from /56 to /48 2023-02-07 09:54:50 +01:00
Alexander Graf
fa084d7b1c
Styling only 2023-02-07 08:54:13 +01:00
Florent Daigniere
caa8412d82 close #1236: Allow + in localpart of addresses 2023-02-06 13:00:17 +01:00
Florent Daigniere
294ac4adb2 Revert "Clarify"
This reverts commit 35e9bfb8ab.
2023-02-04 17:08:26 +01:00
Florent Daigniere
35e9bfb8ab Clarify 2023-02-04 16:54:25 +01:00
Florent Daigniere
d30f71234d Apply the mask on the IP too 2023-02-04 16:50:43 +01:00
Florent Daigniere
a60159a0db update defaults, rephrase doc 2023-02-04 16:46:27 +01:00
Florent Daigniere
e2a25c79fc only account attempts for distinct usernames in ratelimits 2023-02-04 16:36:16 +01:00
Dimitri Huisman
44ad14811d
Missed some IF statements that must be modified for normalized config. 2023-02-01 11:12:05 +00:00
Dimitri Huisman
d9a6777d9d
Forgot to adapt some IF statements. All config is normalized now for front.
So true/false now matches the boolean value True/False.
Instead if {% IF X == 'true' %} we should now use {% IF X %}
2023-02-01 08:51:53 +00:00
bors[bot]
4a24bd9e24
Merge #2638
2638: further finishing touches for restful api r=mergify[bot] a=Diman0

- Fix setup utility setting correct value to env var API. It now also sets `false` when the API is disabled in the setup utility.
- Fix IF statement for enabling API in nginx.conf. Setting a different value than `API=true` in mailu.env now disabled the API endpoint in nginx.
- Use safer command for regenerating example API token. It uses crypto.getRandomValues() (as suggested by nextgens) which should be more random than the previously used method. 

## What type of PR?

bug-fix

## What does this PR do?

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-01-31 20:34:48 +00:00
Dimitri Huisman
7bcac3bbaa
Get the value from the correct dict (args) 2023-01-31 17:26:32 +00:00
Alexander Graf
ab5caac6f7
Remove webmail cookies on logout. 2023-01-31 17:34:59 +01:00
Dimitri Huisman
75afe1092d
Use server-side password generator for generating token.
Fix setup correctly writing the value for API to mailu.env
Normalize env vars for front container.
Update reverse proxy with API information.
2023-01-31 12:37:25 +00:00
Dimitri Huisman
0673d32306
Fix setup utility setting correct value to env var API
Fix IF statement for enabling API in nginx.conf
Use safer command for regenerating example API token.
2023-01-30 13:16:07 +00:00
Alexander Graf
50fc1cb8b3
Move version style to app.css 2023-01-30 10:49:11 +01:00
Alexander Graf
8f425ce081
Move unit to data-attr and fix defaulting to 1 2023-01-30 10:49:11 +01:00
Alexander Graf
f00059d10c
Show mailu version in web interface after logging in 2023-01-30 10:49:11 +01:00
Alexander Graf
8b0b87984d
Duh. Fix macros call 2023-01-30 10:49:10 +01:00
Alexander Graf
2fa0461803
Fix sliders 2023-01-30 10:49:10 +01:00
Alexander Graf
31e974f829
Add edit button to admin and manager lists 2023-01-30 10:49:10 +01:00
Alexander Graf
3af3aa9395
Show quota in domain list 2023-01-30 10:49:10 +01:00
Alexander Graf
65595d139a
Set default sort order for all lists 2023-01-30 10:49:10 +01:00
bors[bot]
3a1cecbe21
Merge #2636
2636: Fix out of office replies r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Fix sieve/out of office replies by adding SUBNET to rspamd's local_networks.

Webmails are now on a different subnet.

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-01-30 09:32:18 +00:00
Florent Daigniere
ae7061c561 Doh 2023-01-30 10:29:37 +01:00
Florent Daigniere
802ab533d2 Upgrade to alpine 3.17.1
New openssl, new dovecot
2023-01-29 18:13:49 +01:00
Florent Daigniere
e326393f03 fix ooo 2023-01-29 15:47:19 +01:00
Alexander Graf
21ac230cce
Make olefy.py listen on all interfaces 2023-01-28 19:40:26 +01:00
Alexander Graf
842be9b7c3
Skip listen to v6 when SUBNET6 is not set 2023-01-28 19:40:23 +01:00
Alexander Graf
1ad1d8d95d
Rewrite generation of gunicorn cmdline 2023-01-28 19:39:40 +01:00
Chris Schäpers
35331a4295
Make gunicorn IPv6 conditional
Only listen on [::]:80 in case SUBNET6 is defined, otherwise do the normal :80
2023-01-28 19:39:39 +01:00
Chris
9f6848110a
Make gunicorn listen on ipv6 2023-01-28 19:39:39 +01:00
bors[bot]
db2a490256
Merge #2633
2633: Don't apply antispoof rules on locally generated emails r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Don't apply antispoof rules on locally generated emails; This was breaking the auto-responder and sieve rules.

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-01-28 15:05:38 +00:00
Florent Daigniere
46f05cb651 Merge branch 'master' of https://github.com/Mailu/Mailu into reduce-logging 2023-01-28 14:28:26 +01:00
Florent Daigniere
36623188b5 Don't apply antispoof rules on locally generated emails 2023-01-28 14:12:14 +01:00
bors[bot]
179c624116
Merge #2631
2631: Restful api finishing touches r=mergify[bot] a=Diman0

## What type of PR?

enhancement

## What does this PR do?
Some finishing touches for the restful api.

- Make the API configurable via the setup utility.  
  - Configured exactly the same as the ADMIN and WEBMAIL. 
- We have a single config (API) that configures whether it is exposed (via front). Just like ADMIN. The API is always reachable by directly connecting to the admin container.
- API_TOKEN does not enable/disable the API anymore. When it is not configured, an error is returned (via the internet browser) that the API_TOKEN must be configured in mailu.env.
- Fix some small bugs in the setup utility ( selecting none in the dropdown boxes, now correctly changes the config)
- Update Flask-RestX to 1.0.5. This resolves the deprecation warnings introduced by Flask-RestX.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-01-27 18:46:57 +00:00
Alexander Graf
30efdf557f
Re-enable cli action user_delete with "disable" as default 2023-01-27 10:28:27 +01:00
bors[bot]
43e500faf5
Merge #2628
2628: Set default for FETCHMAIL_ENABLED r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

Set the default for FETCHMAIL_ENABLED to true in the admin container.
This keeps existing functionality for people upgrading without re-creating the `mailu.env`.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2023-01-27 07:53:10 +00:00
Dimitri Huisman
18b900699c
Bump version of Flask-RESTX to 1.0.5.
This resolves all deprecation warnings caused by Flask-RESTX.
2023-01-25 16:12:14 +00:00
Dimitri Huisman
d6e7314f05
Make API configurable via the setup utility
Fix some small bugs in the setup utility
Improve documentation on the API.
2023-01-25 15:30:25 +00:00
Alexander Graf
c4ca1cffaf
Set default for FETCHMAIL_ENABLED 2023-01-25 12:20:17 +01:00
Alexander Graf
5c968256e6
Really fix creation of deep structures using import in update mode 2023-01-25 10:34:44 +01:00
bors[bot]
151601744f
Merge #2627
2627: Add SUBNET6 to places where SUBNET is used r=nextgens a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

Also add SUBNET6 where SUBNET is used.

Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2023-01-24 16:58:04 +00:00
bors[bot]
6d994525c4
Merge #2625
2625: Disable fetchmail r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

Only show "fetched accounts" button in user list when fetchmail feature is enabled.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2023-01-24 11:34:44 +00:00
Alexander Graf
10562233ca
Add SUBNET6 to places where SUBNET is used 2023-01-24 12:15:36 +01:00
bors[bot]
7e60ba4e98
Merge #2613
2613: Enhance network segregation r=nextgens a=nextgens

## What type of PR?

enhancement

## What does this PR do?

- put radicale and webmail on their own network: this is done for security: that way they have no privileged access anywhere (no access to redis, no access to XCLIENT, ...)
- remove the EXPOSE statements from the dockerfiles. These ports are for internal comms and are not meant to be exposed in any way to the outside world.

### Related issue(s)
- #2611

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-01-24 09:28:29 +00:00
Alexander Graf
1697da6e23
Disable "Fetched accounts" button in user list. 2023-01-23 20:50:56 +01:00
bors[bot]
dae9e9242b
Merge #2624
2624: Move runtime environment variables to the end r=nextgens a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

This moves the environment variables used at runtime from the system to the base image.
It's a workaround for a strange build issue observed when building with hardened malloc enabled.



Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2023-01-13 09:58:34 +00:00
bors[bot]
bbf0ac5d47
Merge #2464
2464: Introduce RESTful API r=mergify[bot] a=Diman0

## What type of PR?

Feature

## What does this PR do?
Introduces a RESTful API for changing the complete Mailu config.
Anything that can be configured in the web administration interface, can also be configured via the Mailu RESTful API.

Via the swagger.json endpoint the complete OpenAPI specification can be retrieved.
Via the endpoint swaggerui, a web client is available which shows all the endpoints, data models and allows you to submit requests.

See docs/api.rst and docs/configuration.rst for details for enabling it.

### Related issue(s)
- closes #445 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-01-12 18:48:32 +00:00
Alexander Graf
712679b4d8
Duh 2023-01-12 18:19:35 +01:00
Alexander Graf
d558be20f6
Move runtime environment variables to the end 2023-01-12 15:23:00 +01:00
Alexander Graf
3b08b113bf
Fix ipv6 subnet for xclient_hosts 2023-01-12 15:15:52 +01:00
Dimitri Huisman
b0569035ae
Change PUT method to PATCH method.
This better reflects what the interface does.
2023-01-12 10:55:49 +00:00
Vetési Zoltán
e76e857ae7 Fix smtplib.LMTP wrong argument name: ip -> host 2023-01-11 18:05:19 +01:00
Florent Daigniere
052f8e41ba Upgrade to snuffleupagus 0.9.0 2023-01-10 12:28:38 +01:00
Florent Daigniere
ee6975b109 doh 2023-01-05 18:14:19 +01:00
Dimitri Huisman
bcceac359d
Merge branch 'apiv1' of https://github.com/ghostwheel42/Mailu into feature-445-restful-api-ghostwheel 2023-01-05 10:18:02 +00:00
Florent Daigniere
9d555b0eec Don't expose any port (suggestion from ghost) 2023-01-04 19:19:43 +01:00
Florent Daigniere
e85a2a7e99 Step1: expose managesieve, make the webmails use it 2023-01-04 14:51:15 +01:00
Florent Daigniere
b263db72df Restrict XHOST to where useful 2023-01-04 13:03:13 +01:00
Florent Daigniere
4d80c95c41 Fix authentication submission
Don't talk haproxy to postfix; it's more headaches than it is currently
worth.
2023-01-03 15:57:57 +01:00
bors[bot]
bba6c5bb88
Merge #2603
2603: Enable HAPROXY protocol on SUBNET r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

- Enable HAPROXY in between front and imap: With this we avoid running into the limitations of  ``mail_max_userip_connections`` and the logfiles reflect the real IP.
- Enable HAPROXY in between front and smtp: with this postfix and rspamd are aware of whether TLS was used or not on the last hop. In practice this won't work as nginx doesn't send PROTO yet.
- Discard redundant log messages from postfix

With all of this, not only are the logs easier to understand but ``doveadm who`` also works as one would expect.

### Related issue(s)
- closes #894
- #1328
- closes #1364
- #1705

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-12-31 16:53:52 +00:00
bors[bot]
52c17411bd
Merge #2596
2596: db.String without length cause an error in migration for MySQL DB r=mergify[bot] a=csthiang

## What type of PR?

bug-fix

## What does this PR do?

For MySQL, `db.String` requires a length because db.String gets translated to `VARCHAR` in MySQL and `VARCHAR` requires a length. I was considering adding a length to it but since the affected fields were used to store CommaSeparatedList and json-encoded string, I have a feeling it can be quite large in the future. `db.Text` seems to fit into this use case but please correct me if I am wrong.

This actually affects a DB migration with the following error:

```
  File "/app/venv/bin/flask", line 8, in <module>
    sys.exit(main())
  File "/app/venv/lib/python3.10/site-packages/flask/cli.py", line 1047, in main
    cli.main()
  File "/app/venv/lib/python3.10/site-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
  File "/app/venv/lib/python3.10/site-packages/click/core.py", line 1657, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/app/venv/lib/python3.10/site-packages/click/core.py", line 1657, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/app/venv/lib/python3.10/site-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/app/venv/lib/python3.10/site-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "/app/venv/lib/python3.10/site-packages/click/decorators.py", line 26, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/app/venv/lib/python3.10/site-packages/flask/cli.py", line 357, in decorator
    return __ctx.invoke(f, *args, **kwargs)
  File "/app/venv/lib/python3.10/site-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "/app/venv/lib/python3.10/site-packages/flask_migrate/cli.py", line 149, in upgrade
    _upgrade(directory, revision, sql, tag, x_arg)
  File "/app/venv/lib/python3.10/site-packages/flask_migrate/__init__.py", line 98, in wrapped
    f(*args, **kwargs)
  File "/app/venv/lib/python3.10/site-packages/flask_migrate/__init__.py", line 185, in upgrade
    command.upgrade(config, revision, sql=sql, tag=tag)
  File "/app/venv/lib/python3.10/site-packages/alembic/command.py", line 322, in upgrade
    script.run_env()
  File "/app/venv/lib/python3.10/site-packages/alembic/script/base.py", line 569, in run_env
    util.load_python_file(self.dir, "env.py")
  File "/app/venv/lib/python3.10/site-packages/alembic/util/pyfiles.py", line 94, in load_python_file
    module = load_module_py(module_id, path)
  File "/app/venv/lib/python3.10/site-packages/alembic/util/pyfiles.py", line 110, in load_module_py
    spec.loader.exec_module(module)  # type: ignore
  File "<frozen importlib._bootstrap_external>", line 883, in exec_module
  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
  File "/app/migrations/env.py", line 99, in <module>
    run_migrations_online()
  File "/app/migrations/env.py", line 92, in run_migrations_online
    context.run_migrations()
  File "<string>", line 8, in run_migrations
  File "/app/venv/lib/python3.10/site-packages/alembic/runtime/environment.py", line 853, in run_migrations
    self.get_context().run_migrations(**kw)
  File "/app/venv/lib/python3.10/site-packages/alembic/runtime/migration.py", line 623, in run_migrations
    step.migration_fn(**kw)
  File "/app/migrations/versions/f4f0f89e0047_.py", line 18, in upgrade
    with op.batch_alter_table('fetch') as batch:
  File "/usr/lib/python3.10/contextlib.py", line 142, in __exit__
    next(self.gen)
  File "/app/venv/lib/python3.10/site-packages/alembic/operations/base.py", line 381, in batch_alter_table
    impl.flush()
  File "/app/venv/lib/python3.10/site-packages/alembic/operations/batch.py", line 111, in flush
    fn(*arg, **kw)
  File "/app/venv/lib/python3.10/site-packages/alembic/ddl/impl.py", line 322, in add_column
    self._exec(base.AddColumn(table_name, column, schema=schema))
  File "/app/venv/lib/python3.10/site-packages/alembic/ddl/impl.py", line 195, in _exec
    return conn.execute(construct, multiparams)
  File "/app/venv/lib/python3.10/site-packages/sqlalchemy/engine/base.py", line 1380, in execute
    return meth(self, multiparams, params, _EMPTY_EXECUTION_OPTS)
  File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/ddl.py", line 80, in _execute_on_connection
    return connection._execute_ddl(
  File "/app/venv/lib/python3.10/site-packages/sqlalchemy/engine/base.py", line 1469, in _execute_ddl
    compiled = ddl.compile(
  File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/elements.py", line 502, in compile
    return self._compiler(dialect, **kw)
  File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/ddl.py", line 32, in _compiler
    return dialect.ddl_compiler(dialect, self, **kw)
  File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/compiler.py", line 463, in __init__
    self.string = self.process(self.statement, **compile_kwargs)
  File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/compiler.py", line 498, in process
    return obj._compiler_dispatch(self, **kwargs)
  File "/app/venv/lib/python3.10/site-packages/sqlalchemy/ext/compiler.py", line 548, in <lambda>
    lambda *arg, **kw: existing(*arg, **kw),
  File "/app/venv/lib/python3.10/site-packages/sqlalchemy/ext/compiler.py", line 604, in __call__
    expr = fn(element, compiler, **kw)
  File "/app/venv/lib/python3.10/site-packages/alembic/ddl/base.py", line 190, in visit_add_column
    add_column(compiler, element.column, **kw),
  File "/app/venv/lib/python3.10/site-packages/alembic/ddl/base.py", line 330, in add_column
    text = "ADD COLUMN %s" % compiler.get_column_specification(column, **kw)
  File "/app/venv/lib/python3.10/site-packages/sqlalchemy/dialects/mysql/base.py", line 1714, in get_column_specification
    self.dialect.type_compiler.process(
  File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/compiler.py", line 532, in process
    return type_._compiler_dispatch(self, **kw)
  File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/visitors.py", line 82, in _compiler_dispatch
    return meth(self, **kw)
  File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/compiler.py", line 5028, in visit_type_decorator
    return self.process(type_.type_engine(self.dialect), **kw)
  File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/compiler.py", line 532, in process
    return type_._compiler_dispatch(self, **kw)
  File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/visitors.py", line 82, in _compiler_dispatch
    return meth(self, **kw)
  File "/app/venv/lib/python3.10/site-packages/sqlalchemy/sql/compiler.py", line 5006, in visit_string
    return self.visit_VARCHAR(type_, **kw)
  File "/app/venv/lib/python3.10/site-packages/sqlalchemy/dialects/mysql/base.py", line 2214, in visit_VARCHAR
    raise exc.CompileError(
sqlalchemy.exc.CompileError: VARCHAR requires a length on dialect mysql
[2022-12-22 09:23:12 +0000] [17] [INFO] Starting gunicorn 20.1.0
[2022-12-22 09:23:12 +0000] [17] [INFO] Listening at: http://0.0.0.0:80 (17)
[2022-12-22 09:23:12 +0000] [17] [INFO] Using worker: gthread
[2022-12-22 09:23:12 +0000] [18] [INFO] Booting worker with pid: 18
```

### Related issue(s)
none

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Johnson Thiang <jthiang@pop-os.localdomain>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2022-12-29 16:08:44 +00:00
Florent Daigniere
ca44ccbe1c
Use the size other implementations default to 2022-12-29 17:02:05 +01:00
Alexander Graf
6f71ea833b
Update python dependencies as suggested by dependabot 2022-12-29 15:36:07 +01:00
Florent Daigniere
edd303f54d Modify the healtchecks to make them disapear from the logs.
This is not perfect...
- dovecot now complains about waitpid/finding a new process
- postfix is still regularly pinging rspamd / his milter and that
generates a few lines worth of logs each time.
2022-12-29 14:14:53 +01:00
Florent Daigniere
cd107182c1 comment 2022-12-29 11:04:16 +01:00
Florent Daigniere
8539344331 Reduce nginx ssl_session_cache to 3m each 2022-12-29 11:03:55 +01:00
Florent Daigniere
36b3a9f4fb Will fix it in another PR 2022-12-28 17:05:34 +01:00
Florent Daigniere
83ea708490 fix healthcheck 2022-12-28 16:55:24 +01:00
Florent Daigniere
7a2d06401a Tweak postfix logging 2022-12-28 16:55:24 +01:00
Florent Daigniere
55c1e55529 Same for front-smtp
This should enable postfix to have visibility on TLS usage and fix the
following: #1705
2022-12-28 15:40:35 +01:00
Florent Daigniere
4ae0d7d768 Enable HAPROXY protocol in between front and imap
With this we avoid running into the limitations of
 mail_max_userip_connections (see #894 amd #1364) and the
 logfiles as well as ``doveadm who`` give an accurate picture.
2022-12-28 14:17:00 +01:00
Alexander Graf
be40781394
Add default for WEB_API, re-add flask-restx to deps, remove whitespace 2022-12-27 14:28:25 +01:00
Alexander Graf
84ebab2cb4
Fix creation of deep structures using import in update mode 2022-12-27 12:53:22 +01:00
Dimitri Huisman
3cb8358090
Process review comments PR#2464
- When visiting root of WEB_API, the swaggerui is shown
- simplify the condition for endpoint WEB_API
2022-12-27 11:32:58 +01:00
Dimitri Huisman
39b0d44079
Use first() instead of all() for better performance
Actually return all data for Get user
Remove non-used code
2022-12-27 11:32:57 +01:00
Dimitri Huisman
f9b26bd934
Update User with newly introduced allow spoofing field 2022-12-27 11:32:57 +01:00
Dimitri Huisman
6347c18f8a
Process review comments (PR2464) 2022-12-27 11:32:57 +01:00
Dimitri Huisman
61d092922c
Process review comments (PR2464) 2022-12-27 11:32:57 +01:00
Dimitri Huisman
afb224e796
Update password hash description for user API endpoint 2022-12-27 11:32:57 +01:00
Dimitri Huisman
d4e5db5084
Remove unneeded comment 2022-12-27 11:32:56 +01:00
Dimitri Huisman
7a36f6bbb9
Use hmac.compare_digest to prevent timing attacks. 2022-12-27 11:32:56 +01:00
Dimitri Huisman
5c9cdfe1de
Introduction of the Mailu RESTful API.
Anything that can be configured in the web administration interface,
can also be configured via the Mailu RESTful API.
See the section Advanced configuration in the configuration reference
for the relevant settings in mailu.env for enabling the API.
(API, WEB_API, API_TOKEN).
2022-12-27 11:32:54 +01:00
Alexander Graf
866ad89dfc
first try at api using flask-restx & marshmallow 2022-12-27 11:20:59 +01:00
Alexander Graf
c30944404d
Add "API" flag to config (default: disabled) 2022-12-27 11:20:59 +01:00
Florent Daigniere
108958cabb drop privs better 2022-12-23 10:58:06 +01:00
bors[bot]
8d2bd6d9ff
Merge #2528
2528: Implement #2510: oletools integration r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

OLETools now flags documents with macros and rejects suspicious ones. We also block executable file extensions by default (but don't perform inspection in archives: you can tell users to zip-up whatever needs sending).

### Related issue(s)
- closes #2510
- closes #2511

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2022-12-22 16:14:19 +00:00
bors[bot]
8461a11ff4
Merge #2588
2588: IMAP folder names may contain characters outside of \w: [a-zA-Z0-9] r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

IMAP folder names may contain characters outside of \w: [a-zA-Z0-9]. Typically it may be subfolders...

I have also simplified the regexp since we strip spaces the line below.

This is used for "external accounts"/fetchmail.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-12-22 13:30:17 +00:00
Johnson Thiang
bd20ef04cc change field type to db.text 2022-12-22 18:10:13 +08:00
Shamil Nunhuck
7225cb0d3e
Drop rsyslog localhost messages with IPv6 address 2022-12-21 00:57:29 +00:00
Alexander Graf
c38e6aae4e
Add button to mailu-admin in roundcube task menu 2022-12-20 12:30:03 +01:00
Florent Daigniere
ef123f1b53 doh 2022-12-19 12:41:21 +01:00
Florent Daigniere
6241fbeb78 actually make it optional 2022-12-19 12:12:50 +01:00
Florent Daigniere
cea533ae57 Merge remote-tracking branch 'upstream/master' into oletools 2022-12-19 12:05:27 +01:00
Florent Daigniere
77d770a2d2 doh 2022-12-19 11:24:22 +01:00
bors[bot]
251db0b1af
Merge #2562
2562: Dynamic address resolution everywhere r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Use dynamic address resolution everywhere.
Derive a new key for admin/SECRET_KEY
Cleanup the environment

This should allow restarting containers.

### Related issue(s)
- closes #1341
- closes #1013
- closes #1430

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-12-19 10:12:26 +00:00
Florent Daigniere
df924b0864 doh 2022-12-19 11:04:25 +01:00
Florent Daigniere
0fa239da11 These tests are not required anymore 2022-12-19 10:43:40 +01:00
Florent Daigniere
c634b9ac04 IMAP folder names may contain characters outside of \w: [a-zA-Z0-9] 2022-12-19 10:33:05 +01:00
fastlorenzo
135207db3e
fix missing casting to int for SESSION_KEY_BITS
Signed-off-by: fastlorenzo <git@bernardi.be>
2022-12-14 01:00:23 +01:00
bors[bot]
50c7fa882e
Merge #2577
2577: Autofocus the login form on /sso/login r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Autofocus the login form on /sso/login

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-12-08 20:49:23 +00:00
bors[bot]
f169f81436
Merge #2571
2571: Upgrade to alpine 3.17.0 r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Upgrade to alpine 3.17.0.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-12-08 20:35:17 +00:00
Florent Daigniere
e42d029c25 normalize booleans 2022-12-08 17:41:33 +01:00
Florent Daigniere
ae6af92b1d it's called libretls! 2022-12-08 16:38:06 +01:00
Florent Daigniere
b630355d03 Autofocus the login form on /sso/login 2022-12-08 15:17:58 +01:00
Florent Daigniere
4e3874b0c1 Enable dynamic resolution of hostnames 2022-12-08 13:00:50 +01:00
Florent Daigniere
dfaba5bb17
No need for two commands here 2022-12-07 15:51:54 +01:00
fastlorenzo
0209825277
Add net_bind_service capability for python executable
Signed-off-by: fastlorenzo <git@bernardi.be>
2022-12-07 11:43:26 +01:00
Florent Daigniere
622e093122 not required anymore 2022-12-02 17:23:58 +01:00
Florent Daigniere
73107ba112 libressl-dev is broken in the new release 2022-12-02 17:19:11 +01:00
Florent Daigniere
619a5fbda2 Upgrade to alpine 3.17.0 2022-12-02 16:44:44 +01:00
bors[bot]
0bfe3f92a6
Merge #2564
2564: Misc dovecot config changes r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

- fix RECIPIENT_DELIMITER (wrong scope, was ignored)
This can be confirmed using: ``$nc imap 2525 ...`` and delivering to a VERP address
- drop privileges of the LMTP daemon

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-12-02 10:31:22 +00:00
bors[bot]
8c3da2815d
Merge #2565
2565: Fix DB downgrade r=mergify[bot] a=nextgens

Fix DB downgrade. This isn't used in normal operations but is wrong nevertheless.

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-12-02 10:23:17 +00:00
bors[bot]
cd5e6c896f
Merge #2568
2568: Fix a bug preventing users without IMAP access to access the webmails r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Fix a bug preventing users without IMAP access to access the webmails

### Related issue(s)
- close #2451

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-30 08:03:50 +00:00
Florent Daigniere
c565e69a01
as requested 2022-11-29 13:34:22 +01:00
Florent Daigniere
b553d025eb
remove newline 2022-11-29 13:32:40 +01:00
Florent Daigniere
00f07ef533 close #2451: prevent an auth-loop on webmails 2022-11-29 13:29:03 +01:00
Florent Daigniere
3e38e7b89d Remove the dependency on pyOpenSSL 2022-11-27 16:07:48 +01:00
Florent Daigniere
83ef6d773d Make it clear that we don't delete users 2022-11-27 14:14:00 +01:00
Florent Daigniere
98f16b1d47 Fix DB downgrade 2022-11-27 13:57:03 +01:00
Florent Daigniere
5da2ab8fd1 drop privs 2022-11-27 12:08:15 +01:00
Florent Daigniere
bf588d19a4 Fix RECIPIENT_DELIMITER 2022-11-27 10:58:07 +01:00
Florent Daigniere
86edc3a919 Close #1483: remove postfix's /queue/pid/master.pid 2022-11-27 09:56:04 +01:00
Florent Daigniere
c1062f3db2 set the umask 2022-11-25 17:53:25 +01:00
bors[bot]
033889dc95
Merge #2542 #2559
2542: Implement header authentication via external proxy r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

Implement header authentication via external proxy

### Related issue(s)
- closes #1972
- closes #2183

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


2559: Turns out that php81-ctype is required by roundcube r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

It solves:
```
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "NOTICE: PHP message: PHP Fatal error:  Uncaught Error: Call to undefined function Masterminds\HTML5\Parser\ctype_alpha() in /var/www/roundcube/vendor/masterminds/html5/src/HTML5/Parser/Tokenizer.php:140"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "Stack trace:"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#0 /var/www/roundcube/vendor/masterminds/html5/src/HTML5/Parser/Tokenizer.php(82): Masterminds\HTML5\Parser\Tokenizer->consumeData()"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#1 /var/www/roundcube/vendor/masterminds/html5/src/HTML5.php(161): Masterminds\HTML5\Parser\Tokenizer->parse()"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#2 /var/www/roundcube/vendor/masterminds/html5/src/HTML5.php(89): Masterminds\HTML5->parse('<html>\n    <hea...', Array)"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#3 /var/www/roundcube/program/lib/Roundcube/rcube_washtml.php(700): Masterminds\HTML5->loadHTML('<html>\n    <hea...')"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#4 /var/www/roundcube/program/actions/mail/index.php(975): rcube_washtml->wash('<html>\n    <hea...')"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#5 /var/www/roundcube/program/actions/mail/index.php(1019): rcmail_action_mail_index::wash_html('<!doctype html>...', Array, Array)"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#6 /var/www/roundcube/program/actions/mail/show.php(720): rcmail_action_mail_index::pr..."
```

see https://github.com/roundcube/roundcubemail/issues/7049


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-25 10:40:47 +00:00
bors[bot]
e0d42cadc0
Merge #2546
2546: Implement a GUI for WILDCARD_SENDERS r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

- Implement a GUI for WILDCARD_SENDERS

### Related issue(s)
- closes #2372

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2022-11-25 10:33:19 +00:00
Alexander Graf
b0990460a4
Fix error display 2022-11-25 11:32:21 +01:00
Alexander Graf
53720876b4
Colorize feature badges 2022-11-25 10:47:49 +01:00
Alexander Graf
a5eeab37e1
Add default for column allow_spoofing 2022-11-25 10:43:00 +01:00
Florent Daigniere
3721a6aa02 Merge branch 'master' of https://github.com/Mailu/Mailu into HEAD 2022-11-24 15:20:01 +01:00
bors[bot]
2104c04e3b
Merge #2544
2544: Fix #2242: Make quotas adjustable in 50MiB increments r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Make quotas adjustable in 50MiB increments

### Related issue(s)
- closes #2242

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-24 14:18:10 +00:00
Florent Daigniere
4c3c628ca4 dedup 2022-11-24 14:59:11 +01:00
Florent Daigniere
19bd9362d3 As suggested by ghost 2022-11-24 14:56:26 +01:00
Florent Daigniere
f1e5044dbe Add to the list, sort it 2022-11-24 14:39:12 +01:00
bors[bot]
a8630c5a3b
Merge #2550
2550: Webmail hardening r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Add [Snuffleupagus](https://github.com/jvoisin/snuffleupagus/) (a modern Suhosin replacement) to protect webmails.

It may be possible to harden further, by encrypting some of the cookies and auditing the usage of gpg more closely.

This seems to work for me.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-24 13:36:12 +00:00
Florent Daigniere
02f2679dc4 name collision 2022-11-24 13:51:54 +01:00
Florent Daigniere
b08d940d09 See https://github.com/decalage2/oletools/issues/659 2022-11-24 13:06:59 +01:00
Florent Daigniere
a8061f3ed3 doh 2022-11-24 12:25:41 +01:00
Florent Daigniere
12117cef37 Reduce the scope of the try: except 2022-11-24 12:16:25 +01:00
Florent Daigniere
612db96209 Block executable file extensions (closes #2511) 2022-11-24 12:09:15 +01:00
Florent Daigniere
709023ab5a dimitri said "block it"
So let's block any macro with AUTOEXEC
2022-11-24 12:04:03 +01:00
Florent Daigniere
3bdc57adbc Forgot this 2022-11-24 11:40:10 +01:00
Florent Daigniere
e43effab63 Glad there is a test 2022-11-24 11:08:13 +01:00
Florent Daigniere
d793c5eed8 Dup symbol 2022-11-24 11:01:12 +01:00
Florent Daigniere
e03d91a1ec Merge remote-tracking branch 'upstream/master' into oletools 2022-11-24 10:35:03 +01:00
Florent Daigniere
9fcff5e745 Pin what we get from edge 2022-11-24 10:13:04 +01:00
Florent Daigniere
63a12d9857 changes requested by ghost 2022-11-24 10:00:00 +01:00
Florent Daigniere
546884d10c ghost's requested changes 2022-11-24 09:31:27 +01:00
Florent Daigniere
7e1ab7978e Block VBA Stomping too 2022-11-23 18:56:16 +01:00
Florent Daigniere
4881e0db2a ghost is right, it should be pinned here too 2022-11-23 17:15:03 +01:00
Florent Daigniere
c1144612be
fix sorting 2022-11-23 17:13:15 +01:00
Florent Daigniere
4d8bd210c5
Update run_dev.sh 2022-11-23 17:07:48 +01:00
Florent Daigniere
ee512112fb
fix flask db history 2022-11-23 17:07:19 +01:00
Florent Daigniere
adacf579fc Rollback to mysql-connector-python==8.0.29
See #2553
2022-11-23 15:49:58 +01:00
Florent Daigniere
3e45a791cf Implement oletools to filter out bad macros 2022-11-23 15:42:46 +01:00
bors[bot]
9c6e9b05db
Merge #2543
2543: Fix #2231: make public announcements work r=nextgens a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Ensure public announcements bypass filters.

They can still time-out... but this is already a big improvement that we should be able to backport.

### Related issue(s)
- closes #2231

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-23 09:32:17 +00:00
Florent Daigniere
9e61a33cb2 Merge branch 'master' of https://github.com/Mailu/Mailu into webmail-hardening 2022-11-22 10:03:38 +01:00
Florent Daigniere
f994c8687e doh 2022-11-21 18:12:11 +01:00