1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Commit Graph

1402 Commits

Author SHA1 Message Date
Florent Daigniere
ccd2cad4f1 Autodiscovery microsoft style 2022-03-16 14:04:02 +01:00
Florent Daigniere
523cee1680 Autoconfig mozilla-style 2022-03-16 14:04:02 +01:00
bors[bot]
0b25854de0
Merge #2210
2210: Add input validation for domain creation r=mergify[bot] a=0pc0deFR

## What type of PR?

bug-fix

## What does this PR do?

This patch add the input validation for domain creation.

### Related issue(s)
- Mention an issue like: #1817
- Auto close an issue like: closes #1817


Co-authored-by: Kevin Falcoz <0pc0defr@gmail.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2022-03-12 12:34:30 +00:00
İbrahim Akyel
f65e2fc469 Feature: Marking "Read" spam mails 2022-03-11 16:58:50 +03:00
Florent Daigniere
a7f9a35fa1
Merge branch 'master' into fix2274 2022-03-09 19:33:04 +01:00
Florent Daigniere
a4ed464170 doh 2022-03-09 19:29:39 +01:00
Florent Daigniere
0bfbb3bcd4
doh 2022-03-08 13:10:27 +01:00
Florent Daigniere
cd3eee4c51 ghostwheel42's suggestion 2022-03-07 09:09:36 +01:00
Florent Daigniere
d723326b8e style 2022-03-07 09:04:40 +01:00
Florent Daigniere
f01d8cd9b9 improve 2022-03-05 18:41:06 +01:00
Florent Daigniere
7b9c4e01f7 improve 2022-03-05 18:36:27 +01:00
Florent Daigniere
91de20c49c Fix exception in logs
This was occuring when you had square brackets in the domain part
2022-03-05 18:22:58 +01:00
Florent Daigniere
8cf76afbab Catch the ValueError instead 2022-03-05 18:01:30 +01:00
Florent Daigniere
08aa32a5df Revert "Don't bother running the query without an address"
This reverts commit dc81979550.
2022-03-05 17:59:44 +01:00
Florent Daigniere
7ce7f2096b belt, braces and suspenders 2022-03-05 14:54:54 +01:00
Florent Daigniere
dc81979550 Don't bother running the query without an address
This should solve the following in admin logs:
"WARNING in nginx: Invalid user 'xxxx': (builtins.ValueError)
invalid email address (no "@")"
2022-03-05 14:33:20 +01:00
Pumba98
f1952d0e97
Update start.py 2022-02-27 13:44:26 +01:00
bors[bot]
2e9b14d536
Merge #2254
2254: Send ISRG_X1 on port 25, make DANE pin that r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Ensure we send ISRG_X1 in the handshake on port 25 (non-interactive, size doesn't really matter).

Update the DANE pin to reflect the change.

I am not sure whether we will need to add --preferred-chain= in the future; This may be the case when letsencrypt decides to use X2/the ECDSA chain

This needs to be tested on a letsencrypt account that isn't mine (I'm opted in for the alternate cert chains)

### Related issue(s)
- closes #2138

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

There's already a towncrier news for it

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-02-24 13:22:57 +00:00
Florent Daigniere
f9869b1d79 ghostwheel42's suggestions 2022-02-24 12:45:30 +01:00
Dimitri Huisman
c40a0f4b80 Change link in warning to master. Master is always available. 1.9 will be unavaiable in the future. 2022-02-23 10:48:53 +00:00
Florent Daigniere
ab35492589 the first time the loop runs we don't have the second cert 2022-02-20 12:02:30 +01:00
Florent Daigniere
0816cb9497 simplify as per ghostwheel42's suggestion 2022-02-20 11:56:21 +01:00
Florent Daigniere
7166e7d2b2 Implement #2213: slow transports 2022-02-19 18:37:37 +01:00
Florent Daigniere
e4a32b55f5 Send ISRG_X1 on port 25, make DANE pin that 2022-02-19 14:35:45 +01:00
Florent Daigniere
d3e7ea5389 spell it out 2022-02-19 13:30:36 +01:00
Florent Daigniere
a8dc20962a workaround a bug in coredns 2022-02-19 13:02:52 +01:00
Dimitri Huisman
55a601de5a Add missing import for validators, improve behaviour when an error occurs. 2022-02-17 13:09:15 +00:00
Dimitri Huisman
7d801c560c Improve if statement 2022-02-17 12:45:35 +00:00
Florent Daigniere
9466ad4131 fix #2220 2022-02-13 15:40:20 +01:00
Ezra Buehler
5d6b295013 Add support for custom NGINX config
Including *.conf files in /etc/nginx/conf.d same as the default NGINX
configuration gives the user more flexibility.
2022-02-09 07:26:23 +01:00
bors[bot]
855f3b065b
Merge #2211
2211: Ensure we use IMAP IDLE like it's supposed to work r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Increase IMAP IDLE time from 2min to 29mins: this should massively help reduce network traffic & increase battery life of clients

See https://peterkieser.com/2011/03/25/androids-k-9-mail-battery-life-and-dovecots-push-imap/

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2022-02-03 12:44:25 +00:00
Florent Daigniere
224880822f
remove space 2022-02-03 11:31:33 +01:00
Florent Daigniere
3d7b9fe194 Ensure we use IMAP IDLE like it's supposed to work
imap_idle_notify_interval = 2 mins -> 29 mins

See https://peterkieser.com/2011/03/25/androids-k-9-mail-battery-life-and-dovecots-push-imap/
2022-02-01 18:17:34 +01:00
Kevin Falcoz
278d74ce6f
Add title attribute on user-panel div 2022-02-01 13:53:11 +01:00
Kevin Falcoz
3fe1dbe881
Add input validation for domain creation 2022-02-01 13:08:30 +01:00
Kevin Falcoz
c69f886a73 Update code with ghostwheel42 comments 2022-02-01 09:10:51 +01:00
Kevin Falcoz
3e394faf92
Patch function "Display Name" into admin page 2022-01-31 16:40:37 +01:00
Florent Daigniere
f6ebf9fda2
Update tls.conf 2022-01-31 11:19:00 +01:00
Florent Daigniere
68ff6c8337
Use ISRG_ROOT_X1 as DST_ROOT is not available 2022-01-31 11:18:21 +01:00
Sebastian Klemke
a6b4b9ae52 Removed ssl_trusted_certificate configuration setting from nginx.
Resolves an nginx startup issue when letsencrypt or
mail-letsencrypt is enabled.

Fixes #2199
2022-01-31 08:03:58 +01:00
Sebastian Klemke
89a86e9dda disabled rsyslogd pidfile 2022-01-22 17:15:51 +01:00
Florent Daigniere
b9e614145f there too 2022-01-21 15:01:23 +01:00
Florent Daigniere
b7fb8c661a switch to new API 2022-01-21 14:54:49 +01:00
Billy Chan
90394d7d8c 🎨 use resolver.resolve 2022-01-21 21:17:37 +08:00
shing6326
32446f03e7
Update start.py
fix missing leading . for the resolver test
2022-01-21 15:47:22 +08:00
bors[bot]
1e53530164
Merge #2144
2144: Enable unbound by default, warn if the DNS resolver doesn't work r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Enable unbound by default, warn if the DNS resolver doesn't work

### Related issue(s)
- close #2135

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2022-01-12 13:21:49 +00:00
Florent Daigniere
a9da0c084a
syntax error 2022-01-12 13:44:17 +01:00
Florent Daigniere
a2f6243382
remove the error variable 2022-01-12 13:34:18 +01:00
Florent Daigniere
b12616b93f
Make the recommendation clearer 2022-01-12 09:55:14 +01:00
Alexander Graf
f809be39bf
supply missing fields argument 2022-01-11 18:53:01 +01:00
bors[bot]
e3e3700187
Merge #2150
2150: fix 2145: exceptions may be thrown when login is invalid or rate-limits exceeded r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Exceptions may be thrown when login is invalid or rate-limits exceeded for those running very recent builds of 1.9

For some reason I haven't caught it while testing #2130... that's when it was introduced.

### Related issue(s)
- close #2145
- close #2146
- #2130



Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-01-07 10:38:16 +00:00
Florent Daigniere
7bd1fd3489 fix 2145 2022-01-07 09:07:32 +01:00
Florent Daigniere
6425f440d3 fix 2147 2022-01-07 08:55:55 +01:00
Florent Daigniere
379fe18f7a test dns resolvers at startup 2022-01-05 18:49:30 +01:00
Florent Daigniere
98973223fd
reduce TTL to 1d 2022-01-05 11:37:29 +01:00
Florent Daigniere
792893caae change TTL to 1y 2022-01-05 10:41:25 +01:00
Florent Daigniere
671f3e382a Fix 2138: Pin DANE with the full cert 2022-01-05 10:38:27 +01:00
Florent Daigniere
7f89a29790 Fix 2125
Make the caller responsible to know whether the rate-limit code should
be called or not
2022-01-03 13:38:21 +01:00
bors[bot]
65d905fe62
Merge #2099
2099: update Dockerfile to alpine 3.14.3 r=mergify[bot] a=willofr

## What type of PR?
Security fix

## What does this PR do?
Updated the Dockerfile to use the latest alpine version 3.14.3 where several CVEs have been fixed: https://alpinelinux.org/posts/Alpine-3.14.3-released.html
New images successfully built on my test env.

### Related issue(s)
None

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Will <will@packer-output-c8fcfb40-3d93-4475-8f87-e14a9dd683b6>
Co-authored-by: willofr <willofr@users.noreply.github.com>
2021-12-31 12:06:53 +00:00
bors[bot]
3eca813182
Merge #2116
2116: fix 2114: redirect old path r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Old paths may still be cached in browsers, it's easy enough to redirect them

### Related issue(s)
- close #2114


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-12-30 15:24:51 +00:00
Florent Daigniere
c4675e6e75 fix 2114: redirect old path 2021-12-30 15:29:56 +01:00
Dimitri Huisman
b4d3d4b3c9 Preparations for 1.9 release. 2021-12-29 14:40:45 +00:00
Erriez
4b0694705c Fix build dependencies pycares 2021-12-24 12:17:57 +01:00
Dimitri Huisman
51d94b8d14 Fix issue 2102 2021-12-22 17:40:51 +00:00
Will
b2abbc8856 update Dockerfile to alpine 3.14.3 2021-12-22 09:19:44 +00:00
Florent Daigniere
bee6e980e3 doh 2021-12-21 16:23:27 +01:00
Florent Daigniere
58d0faff7f ensure we clear the token on delete() 2021-12-21 15:59:00 +01:00
Florent Daigniere
2b29cfb3f0 fix cleanup_sessions() 2021-12-21 15:55:59 +01:00
Florent Daigniere
f0247a2faf Use self where appropriate 2021-12-21 15:45:05 +01:00
Florent Daigniere
c161a2c987 syntax 2021-12-21 15:42:12 +01:00
bors[bot]
18865bf03b
Merge #2094
2094: Sessions tweaks r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

- Make all sessions permanent, introduce SESSION_TIMEOUT and PERMANENT_SESSION_LIFETIME.
- Prevent the creation of a session before there is a login attempt
- Ensure that webmail tokens are in sync with sessions

### Related issue(s)
- close #2080 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2021-12-21 13:08:48 +00:00
Dimitri Huisman
d40be05117 Fix missing edit buttons in alias, relay and fetchmail lists in admin. 2021-12-21 12:10:04 +00:00
Florent Daigniere
a28c7f903e do it once 2021-12-21 09:50:01 +01:00
Dimitri Huisman
f88daa1e77 Add missing cast to int 2021-12-20 21:07:25 +00:00
Florent Daigniere
5f313310d4 regenerate() shouldn't extend lifetime 2021-12-20 09:37:11 +01:00
Florent Daigniere
fe18cf9743 Fix 2080
Ensure that webmail tokens are in sync with sessions
2021-12-19 23:24:44 +01:00
Florent Daigniere
02c93c44f2 Tweak sessions
simplify:
- make all sessions permanent by default
- update the TTL of sessions on access (save always)
- fix session-expiry, modulo 8byte precision
2021-12-19 20:52:51 +01:00
Florent Daigniere
ea96a68eb4 don't create a session if we don't have to 2021-12-19 20:48:29 +01:00
bors[bot]
7c03878347
Merge #1441 #2090
1441: Rsyslog logging for postfix r=mergify[bot] a=micw


## What type of PR?

enhancement

## What does this PR do?
Changes postfix logging from stdout to rsyslog:
* stdout logging still enabled
* internal test request log messages are filtered out by rsyslog
* optional logging to file via POSTFIX_LOG_FILE env variable

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


2090: fix 2086 r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Fix a bug I've introduced in ae8db08bd

### Related issue(s)
- close #2086

Co-authored-by: Michael Wyraz <michael@wyraz.de>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-12-18 16:32:19 +00:00
Florent Daigniere
346ace5fb3 Make webmail the default action 2021-12-18 15:38:07 +01:00
bors[bot]
634318adba
Merge #2072
2072: use dovecot-fts-xapian from alpine package r=mergify[bot] a=willofr

## What type of PR?

enhancement

## What does this PR do?
use dovecot-fts-xapian from alpine packages repository (newer) instead of compiling an older version from source
see https://pkgs.alpinelinux.org/package/edge/community/x86/dovecot-fts-xapian

### Related issue(s)
No

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: willofr <willofr@users.noreply.github.com>
2021-12-18 13:39:16 +00:00
Florent Daigniere
09926702d6 fix 2086 2021-12-18 13:59:31 +01:00
bors[bot]
e7f77875e2
Merge #2084
2084: Fix #2078 (login to webmail did not work when WEB_WEBMAIL=/ was set) r=mergify[bot] a=Diman0

## What type of PR?

bug-fix

## What does this PR do?
It fixes #2078. Login from SSO page to webmail did not work if WEB_WEBMAIL=/ was set in mailu.env.

I tested that it works with
- WEB_WEBMAIL=/webmail
- WEB_WEBMAIL=/

### Related issue(s)
- closes #2078 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] n/a In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2021-12-15 09:54:37 +00:00
Florent Daigniere
d7a8235b89
Simplify 2021-12-15 10:53:47 +01:00
bors[bot]
08be233607
Merge #2058
2058: Implement versioning for CI/CD workflow. r=mergify[bot] a=Diman0

## What type of PR?

Feature!

## What does this PR do?
This PR introduces 3 things
- Add versioning (tagging) for branch x.y (1.8). E.g. 1.8.0, 1.8.1 etc.
  - docker repo will contain x.y (latest) and x.y.z (pinned version) images.
  - The X.Y.Z tag is incremented automatically. E.g. if 1.8.0 already exists, then the next merge on 1.8 will result in the new tag 1.8.1 being used.
- Make the version available in the image.
  -  For X.Y and X.Y.Z write the version (X.Y.Z) into /version on the image and add a label with version=X.Y.Z
	  -  This means that the latest X.Y image shows the pinned version (X.Y.Z e.g. 1.8.1) it was based on. Via the tag X.Y.Z you can see the commit hash that triggered the built.
  -  For master write the commit hash into /version on the image and add a label with version={commit hash}
-  Automatic releases. For x.y triggered builts (e.g. merge on 1.9) do a new github release for the pinned x.y.z (e.g. 1.9.2). 
  -  Release shows a static message (see RELEASE_TEMPLATE.md) that explains how to reach the newsfragments folder and change the branch to the tag (x.y.z) mentioned in the release. Now you can get the changelog by reading all newsfragment files in this folder.

This PR does not change anything to our workflow (what we (human persons) do). Our processes are still exactly the same. The above introduced logic is automatic. When we backport to X.Y all the magic for creating the pinned version X.Y.Z is handled by the CI/CD workflow.

### Related issue(s)
- closes #1182

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.

## Testing
Suggested testing steps. This should cover all situations including BORS. It does require that you use your own docker repo or temporarily create a new one.
Suggested testing steps.
1. Create new github repo.
2. Add the required docker secrets to the project (see beginning of CI.yml for the secret names), DOCKER_UN, DOCKER_PW, DOCKER_ORG, DOCKER_ORG_TESTS.
3. Clone the project.
4. Copy the contents of the PR to the cloned project.
5. Push to your new github repo.
6. Now master images are built. Check that images with tag master are pushed to your docker repo
7. Check with docker inspect nginx:master that it has the label version={commit hash}.
8. Run an image, run `docker-compose exec <name> cat /version`. Note that /version also contains the pinned version. For master the pinned version is the commit hash.
9. Create branch 1.8. 
10. Push branch 1.8 to repo.
11. Note that tags 1.8 and 1.8.0 are built and pushed to docker repo
12. Inspect label and /version. Note that 1.8 and 1.8.0 both show version 1.8.0.
13. Push another commit to branch 1.8.
14. Note that tags 1.8 and 1.8.1 are built and pushed to docker repo
15. Inspect label and /version. Note that 1.8 and 1.8.1 both show version 1.8.1.
16. Let's check BORS stuff.
17. Create branch testing.
18. Push the commit with the exact commit text (IMPORTANT!!): `Try #1234:`'.
19. Note that images are built and pushed for tag `pr-1234`.
20. Inspect label and /version. Note that the version is `pr-1234`.
20. Create branch staging.
21. Push the commit with commit text: `Merge #1234`.
22. Note that this image is not pushed to docker (as expected).

but you could also check the GH repo and docker repo I used:
https://github.com/Diman0/Mailu_Fork
https://hub.docker.com/r/diman/rainloop/tags

Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2021-12-15 09:29:08 +00:00
bors[bot]
d2a2a3a8bf
Merge #2076
2076: fix the default for DEFER_ON_TLS_ERROR r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

The default wasn't set anywhere

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-12-14 16:19:39 +00:00
Dimitri Huisman
fdb10cfb85 Start crond when POSTFIX_LOG_FILE is set 2021-12-14 15:47:16 +00:00
Dimitri Huisman
5bedcc1cb1 Fix #2078 2021-12-14 15:10:28 +00:00
Dimitri Huisman
d76773b1df Also check the SMTP port for webmail/token 2021-12-14 14:52:15 +00:00
Dimitri Huisman
f26fa8da84 Fix Webmail token check. Fix Auth-Port for Webmail. #2079 2021-12-14 11:26:33 +00:00
Florent Daigniere
593e3ac5a4 fix DEFER_ON_TLS_ERROR 2021-12-08 19:18:33 +01:00
willofr
841b29e794
revert back to alpine 3.14.2 as requested 2021-12-07 18:20:16 +01:00
willofr
73f5291cdb
Merge branch 'Mailu:master' into patch-1 2021-12-07 18:19:23 +01:00
Dimitri Huisman
53975684b8 Using Syslog is the new standard. It is not optional anymore. 2021-12-07 10:13:47 +00:00
willofr
84af3a3e50
use dovecot-fts-xapian from alpine package
I suggest using the dovecot-fts-xapian package from the alpine repository (newer) instead of compiling an older version from source:
see https://pkgs.alpinelinux.org/package/edge/community/x86/dovecot-fts-xapian
2021-12-06 21:43:06 +01:00
Florent Daigniere
4fffdd95e9 Reduce logging level 2021-12-05 15:07:06 +01:00
Dimitri Huisman
d5896fb2c6 Add log rotation (if logging to file). Make rsyslog the default. 2021-12-01 12:40:28 +00:00
Florent Daigniere
89a7a8ac13 Fix score of RCVD_NO_TLS_LAST 2021-11-25 15:29:31 +01:00
Florent Daigniere
1925b2e0fb Upgrade rspamd 2021-11-24 16:46:35 +01:00
Dimitri Huisman
567b5ef172
Merge branch 'master' into postfix-logging 2021-11-23 22:46:56 +01:00
Dimitri Huisman
0de2ec77c6 Process code review remarks #1441 2021-11-23 21:43:00 +00:00
Dimitri Huisman
f7677543c6 Process code review remarks
- Moved run to bottom of Dockerfile to allow using unmodified / cached states.
- Simplified bash code in deploy.sh.
- Improved the large bash one-liner in CI.yml. It could not handle >9 for 1.x.
2021-11-18 17:21:56 +00:00
Dimitri Huisman
56dd70cf4a Implement versioning for CI/CD workflow (see #1182). 2021-11-17 20:00:04 +00:00
Alexander Graf
aa1d605665
Merge remote-tracking branch 'upstream/master' into passlib 2021-11-16 10:21:08 +01:00
Alexander Graf
84a5514a97
fixed auto reply form 2021-11-12 12:19:45 +01:00
Alexander Graf
cf7914d050
fixed field iteration 2021-11-11 16:00:00 +01:00
Alexander Graf
fd5bdc8650
added localized date output 2021-11-11 12:20:52 +01:00
Alexander Graf
0315ed78d9
Merge remote-tracking branch 'upstream/master' into update_deps 2021-11-11 11:49:48 +01:00
Till Skrodzki
c48e00ee26 Do not call .split() on RELAYNETS if not specified 2021-11-09 12:22:53 +01:00
bors[bot]
56cbc56df7
Merge #2044
2044: Vault/rspamd: don't return any key for relayed domains r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR 

Don't return any key for relayed domains. We may want to revisit this (ARC signing)... but in the meantime it saves from a scary message in rspamd.
    
```signing failure: cannot request data from the vault url: /internal/rspamd/vault/v1/dkim/ ...```


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-11-08 16:01:10 +00:00
bors[bot]
78dd13a217
Merge #2042
2042: Add MESSAGE_RATELIMIT_EXEMPTION r=mergify[bot] a=nextgens

## What type of PR?

Enhancement

## What does this PR do?

Add a new knob called ```MESSAGE_RATELIMIT_EXEMPTION```.

### Related issue(s)
- #1774

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-11-08 15:29:50 +00:00
Florent Daigniere
6bf1a178b9 Go with ghostwheel42's suggestion 2021-11-08 09:34:02 +01:00
Florent Daigniere
b68033eb43 only parse it once 2021-11-08 09:23:24 +01:00
Alexander Graf
82e14f1292
Merge branch 'master' into update_deps 2021-11-07 21:25:08 +01:00
bors[bot]
f0188d9623
Merge #2034
2034: Add timezone to containers r=mergify[bot] a=DjVinnii

## What type of PR?

Enhancement

## What does this PR do?
This PR adds the tzdata package so that the environment variable `TZ` can be used to set the timezone of containers.

### Related issue(s)
- closes #1154 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: DjVinnii <vincentkling@msn.com>
2021-11-07 18:52:43 +00:00
Florent Daigniere
dc6e970a7f handle HTTP too 2021-11-07 12:41:29 +01:00
Florent Daigniere
bbef4bee27 Don't return any key for relayed domains
We may want to revisit this (ARC signing)... but in the meantime
it saves from a scary message in rspamd

signing failure: cannot request data from the vault url: /internal/rspamd/vault/v1/dkim/ ...
2021-11-07 12:20:31 +01:00
Florent Daigniere
6c6b0b161c Set the right flags on the rate_limit cookie 2021-11-06 10:45:59 +01:00
Florent Daigniere
f9373eacab Merge remote-tracking branch 'upstream/master' into misc 2021-11-06 10:05:59 +01:00
Florent Daigniere
5714b4f4b0 introduce MESSAGE_RATELIMIT_EXEMPTION 2021-11-06 10:05:52 +01:00
DjVinnii
30d7e72765 Move TZ to Advanced settings 2021-11-05 14:44:12 +01:00
DjVinnii
225160610b Set default TZ in Dockerfiles 2021-11-04 14:22:12 +01:00
DjVinnii
81e33d3679 Add default TZ to config manager 2021-11-04 13:21:37 +01:00
Alexander Graf
97e79a973f fix sso login button spacing again 2021-11-04 08:32:53 +01:00
Alexander Graf
73ab4327c2 updated database libraries (sqlalchemy etc.)
this is working fine, but introduces a sqlalchemy warning
when using config-import:

  /app/mailu/schemas.py:822:
    SAWarning: Identity map already had an identity for (...),
    replacing it with newly flushed object.
    Are there load operations occurring inside of an event handler
    within the flush?
2021-11-03 22:57:07 +01:00
Alexander Graf
4669374b9e use python wheels 2021-11-03 22:55:41 +01:00
Alexander Graf
85d86d4156 some more libs updated 2021-11-03 22:55:26 +01:00
Alexander Graf
ffd99c3fa8 updated flask
ConfigManager should not replace app.config - this is causing trouble
with some other flask modules (swagger).
Updated ConfigManager to only modify app.config and not replace it.
2021-11-03 22:21:26 +01:00
Alexander Graf
87884213c4 update misc helper libs 2021-11-03 22:03:51 +01:00
Alexander Graf
56f65d724d update babel 2021-11-03 21:52:59 +01:00
Alexander Graf
5238b00f0b update alembic 2021-11-03 21:33:39 +01:00
Alexander Graf
f613205fe1 update tenacity 2021-11-03 21:30:34 +01:00
Alexander Graf
833ccb5544 reload page using GET when selecting language 2021-11-03 20:38:00 +01:00
Alexander Graf
8b15820b01 fix sso login button spacing 2021-11-03 20:35:05 +01:00
Alexander Graf
26fb108a3f updated Flask-Login 2021-11-03 20:22:47 +01:00
Alexander Graf
abc4112242 updated Werkzeug, Click and Flask-Migrate 2021-11-03 20:12:20 +01:00
Alexander Graf
f1d7bedd1b fix display of range inputs (again) 2021-11-03 19:54:15 +01:00
Alexander Graf
13e6793c9f Merge remote-tracking branch 'upstream/master' into update_deps 2021-11-03 19:35:51 +01:00
Alexander Graf
aca1e13648 update socrate - will be removed later 2021-11-02 20:47:53 +01:00
Alexander Graf
866741bcbe updated WTForms-Components deps 2021-11-02 19:22:58 +01:00
Alexander Graf
ef19869cde updated redis 2021-11-02 18:06:26 +01:00
Alexander Graf
d8efd3057c updated idna 2021-11-02 17:52:25 +01:00
Alexander Graf
8ad8cde0e2 removed some obsolete requirements 2021-11-02 17:06:28 +01:00
Alexander Graf
3ac1b3d86c update pyyaml and pygments 2021-11-02 17:02:54 +01:00
Alexander Graf
40cdff4911 updated dnspython 2021-11-02 16:49:25 +01:00
Alexander Graf
dcbe55f062 updated crypto 2021-11-02 16:28:37 +01:00
Alexander Graf
771b2d1112 duh 2021-11-02 16:21:31 +01:00
Alexander Graf
23d0cd0466 update tabluate. fix audit.py and include in container 2021-11-02 15:55:20 +01:00
Alexander Graf
8d90a74624 update werkzeug to 1.x 2021-11-02 15:39:41 +01:00
bors[bot]
5e212ea46d
Merge #2036
2036: round display of range inputs to 2 decimals r=mergify[bot] a=ghostwheel42

## What type of PR?

small fix

## What does this PR do?

rounds display of range inputs to 2 decimals 

### Related issue(s)

- small fix to #1966

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2021-11-02 13:34:59 +00:00
Alexander Graf
80be3506da upgrade pip. completed reqs via pip freeze 2021-11-02 13:32:12 +01:00
Alexander Graf
598b2df5a0 update wtforms 2021-11-02 13:04:40 +01:00
Alexander Graf
e8b5f1a185 round display of range inputs to 2 decimals 2021-11-02 12:59:59 +01:00
DjVinnii
1d6809193b Add tzdata to core 2021-11-02 11:18:21 +01:00
Florent Daigniere
74b31dc407 Ensure that RCVD_NO_TLS_LAST doesn't add spam points 2021-11-01 17:52:12 +01:00
bors[bot]
11bbceb9cc
Merge #2032
2032: doh r=mergify[bot] a=nextgens

This should have been part of #2030

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-11-01 12:21:02 +00:00
Florent Daigniere
8dad40f67c doh 2021-11-01 12:48:48 +01:00
bors[bot]
e52a3de1b0
Merge #2027 #2030
2027: Make logs more quiet r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

It silences various useless log messages in front, specifically:
```
Oct 30 03:11:04 instance-20210109-1612 docker-front[1963]: 127.0.0.1 - - [30/Oct/2021:03:11:04 +0000] "GET /health HTTP/1.1" 301 162 "-" "curl/7.78.0"
Oct 30 03:11:04 instance-20210109-1612 docker-front[1963]: 127.0.0.1 - - [30/Oct/2021:03:11:04 +0000] "GET /health HTTP/2.0" 204 0 "-" "curl/7.78.0"
Oct 30 03:11:04 instance-20210109-1612 docker-front[1963]: 2021/10/30 03:11:04 [info] 476302#476302: *2622679 client 127.0.0.1 closed keepalive connection
Oct 30 03:13:02 instance-20210109-1612 docker-front[1963]: 127.0.0.1 - - [30/Oct/2021:03:13:02 +0000] "GET /auth/email HTTP/1.0" 200 0 "-" "-"
```

`@micw` has requested it for k8s

2030: Fix RELAYNETS r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

RELAYNETS should be comma separated like everything else; rspamd should also be aware of what is considered "trusted".

I am not sure whether ```local_networks``` is the right configuration option for it though

- close #360

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-11-01 08:48:41 +00:00
Florent Daigniere
2170e07731 Tell rspamd about RELAYNETS 2021-10-31 19:57:51 +01:00
Florent Daigniere
9d474f32a6 RELAYNETS is comma separated! 2021-10-31 19:47:16 +01:00
Florent Daigniere
f3c93212c6 The Rate-limiter should run after the deny 2021-10-31 19:41:12 +01:00
Florent Daigniere
53a0363b9e Deal with the noisy keepalive messages
We don't particularly care about HTTP... and that's what's noisy.
2021-10-30 15:39:13 +02:00
Florent Daigniere
80a85c27a9 Silent healthchecks in logs 2021-10-30 15:34:40 +02:00
Alexander Graf
9bc685c30b removed some more whitespace 2021-10-29 15:34:00 +02:00
Alexander Graf
8c31699baf fixed locale selector for no_NB 2021-10-29 15:29:20 +02:00
Alexander Graf
882a27f87c simplified if's and added external link icon 2021-10-29 15:07:25 +02:00
Alexander Graf
3141ffe791 removed some whitespace 2021-10-29 14:26:23 +02:00
Dimitri Huisman
6b16756d92 Fix acessing antispam via sidebar. 2021-10-29 09:22:46 +00:00
Dimitri Huisman
3449b67c86 Process code review remarks PR2023 2021-10-29 08:18:50 +00:00
Dimitri Huisman
8784971b7f Merge rate limiting and failed login logging 2021-10-28 18:55:35 +00:00
Dimitri Huisman
503044ef6e Reintroduce ProxyFix. Use two buttons for logging in. 2021-10-27 21:51:49 +00:00
Dimitri Huisman
c42ad8e71e Forgot to include changes for url_for of base.html 2021-10-27 18:49:36 +00:00
Dimitri Huisman
fb0f005343 Get rid of complicated prefix logic. Further simplify /static handling and nginx config. 2021-10-27 18:36:50 +00:00
Dimitri Huisman
da788ddee3 Merge branch 'fix-sso-1929' of github.com:Diman0/Mailu into fix-sso-1929 2021-10-27 12:38:18 +00:00
Dimitri Huisman
bdcc183165 Redirect to configured ENV VAR for Admin/Webmail, further simplify nginx config. 2021-10-27 11:24:10 +00:00
Dimitri Huisman
f1a60aa6ea Remove unneeded auth_request_set 2021-10-27 11:11:50 +00:00
Florent Daigniere
fee13e6c4b Save a redirect 2021-10-27 11:11:22 +02:00
Florent Daigniere
d3f07a0882 Simplify the handling of /static 2021-10-27 10:56:34 +02:00
Florent Daigniere
aee089f3b1 Ensure that static assets are readable 2021-10-27 10:55:47 +02:00
Dimitri Huisman
a47afec4ee Make logic more readable. 2021-10-27 08:22:36 +00:00
Dimitri Huisman
48764f0400 Ensure all requests from the page sso go through the page sso. 2021-10-27 08:06:53 +00:00
Dimitri Huisman
5232bd38fd Simplify webmail logout. 2021-10-26 12:07:36 +00:00
Dimitri Huisman
aab258d284 Move handling of logging out in admin, to sso logout page. 2021-10-26 11:54:25 +00:00
Dimitri Huisman
615743b331 Improve indendation of conditions. 2021-10-26 11:39:56 +00:00
Dimitri Huisman
5d81846c5d Introduce the shared stub /static for providing all static files 2021-10-26 11:30:06 +00:00
Dimitri Huisman
eb74a72a52 Moved locations to correct area in nginx.conf. 2021-10-26 07:35:06 +00:00
Dimitri Huisman
aa7380ffba Doh! 2021-10-25 20:00:00 +00:00
Dimitri Huisman
44d2448412 Updated SSO logic for webmails. Fixed small bug rate limiting. 2021-10-25 19:21:38 +00:00
Dimitri Huisman
f9eee0cbaf Adapt HEALTHCHECK to new URL 2021-10-25 17:43:53 +00:00
Dimitri Huisman
ed7adf52a6 Merge branch 'master' of github.com:Diman0/Mailu into fix-sso-1929 2021-10-25 17:31:25 +00:00
Dimitri Huisman
913a6304a7 Finishing touches. Introduce /static stub for handling all static files. 2021-10-25 17:24:41 +00:00
bors[bot]
a1192d8039
Merge #1987
1987: Enhancement to the rate limits r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Turn the rate-limiters into something useful (that won't fire for no reason).

- fix rate-limiting on /webdav/
- it changes the rate-limiting behaviour from limiting a single IP address to a subnet of a reasonable size (/24 on v4 and /56 on v6 both are now configurable) : AUTH_RATELIMIT_IP / AUTH_RATELIMIT_IP_V4_MASK / AUTH_RATELIMIT_IP_V6_MASK
- It ensures we only use IP-based rate-limits for attempts on accounts that do not exist
- it creates a new rate limit preventing attackers from targetting a specific user account (separate from what's above) : AUTH_RATELIMIT_USER
- it introduces a rate limiting exemption mechanism whereby, upon authentication, users will see their source-ip address being exempt for a specific amount of time AUTH_RATELIMIT_EXEMPTION_LENGTH. A similar mechanism is available for web-based sessions (see below)
- It introduces in AUTH_RATELIMIT_EXEMPTION a comma separated list of network CIDRs that will be exempt from both types of rate limiting
- it implements device-tokens, as described on https://owasp.org/www-community/Slow_Down_Online_Guessing_Attacks_with_Device_Cookies to ensure that genuine users aren't locked-out by a malicious attacker abusing the rate-limit feature.

Things that could be improved include:
- the IP-based rate limiter flags attempts against "non-existing" accounts: it could go further and flag the number of unique non-existing accounts attempted (to prevent the case of a user making a typo in his MUA configuration)
- the IP address exemption mechanism doesn't pin the exemption to a specific username: any real user can trivially bypass the rate limits (and attempt to brute-force someone else's account)

### Related issue(s)
- close #1926
- close #1745 
- close #1915


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Diman0 <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2021-10-16 15:52:47 +00:00
Florent Daigniere
693b578bbb The second strip isn't necessary 2021-10-16 17:24:12 +02:00
Florent Daigniere
1c6165213c better that way 2021-10-16 16:54:56 +02:00
Florent Daigniere
34497cff20 doh 2021-10-16 16:35:48 +02:00
Florent Daigniere
e8871dd77f doh 2021-10-16 16:06:13 +02:00
Florent Daigniere
5b72c32251 Doh 2021-10-16 15:44:26 +02:00
Florent Daigniere
19b784b198 Parse the network configuration only once
thanks @ghostwheel42
2021-10-16 15:18:41 +02:00
Florent Daigniere
98742268e6 Make it more readable 2021-10-16 15:12:20 +02:00
Florent Daigniere
94bbed9746 Ensure we have the right IP 2021-10-16 10:39:43 +02:00