1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-20 20:22:38 +02:00
Commit Graph

2803 Commits

Author SHA1 Message Date
Alexander Graf
fbd945390d cleaned imports and fixed datetime and passlib use 2021-06-29 16:13:04 +02:00
Dimitri Huisman
6dc1a19390
Merge branch 'master' into import-export 2021-06-29 15:26:51 +02:00
bors[bot]
fc1a663da2
Merge #1754
1754: centralize Webmail authentication behind the admin panel (SSO) r=mergify[bot] a=nextgens

## What type of PR?

Enhancement: it centralizes the authentication of webmails to the admin interface.

## What does this PR do?

It implements the glue required for webmails to do SSO using the admin interface.
One of the main advantages of centralizing things this way is that it reduces significantly the attack surface available to an unauthenticated attacker (no webmail access until there is a valid Flask session).

Others include the ability to implement 2FA down the line and rate-limit things as required.

### Related issue(s)
- #783

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-06-29 12:32:21 +00:00
bors[bot]
4ff90683ca
Merge #1758 #1776
1758: Implement a simpler credential cache (alternative to #1755) r=mergify[bot] a=nextgens

## What type of PR?

Feature: it implements a credential cache to speedup authentication requests.

## What does this PR do?

Credentials are stored in cold-storage using a slow, salted/iterated hash function to prevent offline bruteforce attacks. This creates a performance bottleneck for no valid reason (see the
rationale/long version on https://github.com/Mailu/Mailu/issues/1194#issuecomment-762115549).

The new credential cache makes things fast again.

This is the simpler version of #1755 (with no new dependencies)

### Related issue(s)
- close #1411
- close #1194 
- close #1755

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1776: optimize generation of transport nexthop r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix and enhancement.

## What does this PR do?

Possibly there should be more input validation when editing a relay, but for now this tries to make the best out of the existing "smtp" attribute while maintaining backwards compatibility. When relay is empty, the transport's nexthop is the MX of the relayed domain to fix #1588 

```
RELAY			NEXTHOP						TRANSPORT
empty			use MX of relay domain				smtp:domain
:port			use MX of relay domain and use port	smtp:domain:port
target			resolve A/AAAA of target			smtp:[target]
target:port		resolve A/AAAA of target and use port	smtp:[target]:port
mx:target		resolve MX of target				smtp:target
mx:target:port	resolve MX of target and use port	smtp:target:port
lmtp:target		resolve A/AAAA of target			lmtp:target
lmtp:target:port	resolve A/AAAA of target and use port	lmtp:target:port

target can also be an IPv4 or IPv6 address (an IPv6 address must be enclosed in []: [2001:DB8::]).
```

When there is proper input validation and existing database entries are migrated this function can be made much shorter again.

### Related issue(s)
- closes #1588 
- closes #1815 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2021-06-29 12:15:03 +00:00
bors[bot]
d1eab083f5
Merge #1831
1831: Fix roundcube database env configuration r=mergify[bot] a=parisni

## What type of PR?

bug-fix

## What does this PR do?

Both roundcube and mailu admin website can be backed by postgres/mysql. Before this PR, the `DB_FLAVOR` is shared by both services. However, the other roundcube dedicated DB params are prefixed with `ROUNDCUBE_`. (eg: `ROUNDCUBE_DB_NAME`)
There is no reason to share the DB_FLAVOR for both: This PR makes them be considered independently to make things clear and avoid bugs.
Also, the roundcube_db_flavor and db_flavor are made separated in this PR. However for simplicity, the template generator bind them : roundcube_db_flavor = db_flavor. This makes the template generator UI more simple. I considered most of the time people want to have both roundcube and mailu share the same RDBMS.

Also, AFAIK the internal postgresql service is deprecated and will be removed in 1.9. This is why this PR does not integrate roundcube in postgres when the internal DB is choosen: in case of internal postgres, the roundcube is backed with sqlite.

Both documentation and setup website have been updated accordingly.

### Related issue(s)
- Auto close an issue like: closes #1648 #1471

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: parisni <nicolas.paris@riseup.net>
Co-authored-by: Nicolas Paris <nicolas.paris@riseup.net>
2021-06-29 11:58:39 +00:00
Dimitri Huisman
52005cf4e9
Update list of trusted authors.
Now the list of trusted authors reflects the contributors group again.
2021-06-29 13:57:49 +02:00
bors[bot]
8370896253
Merge #1837
1837: Set static hostname for antispam to preserve history.  r=mergify[bot] a=Diman0

## What type of PR?
bug-fix

## What does this PR do?
It addresses bug #561. Rspamd stores the history in redis. The key for storing the history contains the hostname. On recreation of the docker container, the hostname changes and for this reason the rspamd history is lost. Setting a fixed hostname resolves this. Upon recreating the antispam container the history is retained. 

### Related issue(s)
- Closes #561

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2021-06-29 08:08:58 +00:00
Dimitri Huisman
ef5741ef80 Add newsfragment 2021-06-29 08:07:43 +00:00
Dimitri Huisman
8998e21f7b Set static hostname for antispam to preserve history. See #561 2021-06-29 07:59:24 +00:00
bors[bot]
c49e064ff7
Merge #1836
1836: Test ci parallel r=Diman0 a=Diman0

## What type of PR?

enhancement

## What does this PR do?

Changes CI workflow to run all tests in parellel.  After performing some tests (see #1830  ), I determined that using actions/cache to only cache a tar.gz. file with all build images and use this for all parallel tests is the fasted solution.

With Travis builds took ~30 minutes. Now each build runs for a maximum of 20 minutes (bors test and merge on master).
Bors r+ runs take about ~16/17 minutes.

### Related issue(s)
- Auto close an issue like: closes #1830

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
2021-06-29 07:13:37 +00:00
Dimitri Huisman
1566dfb077
Forgot to add condition to load docker images step 2021-06-29 08:58:44 +02:00
bors[bot]
d9da8e4bb2
Merge #1746
1746: DNS records for client autoconfiguration (RFC6186) r=Diman0 a=nextgens

## What type of PR?

Feature

## What does this PR do?

Add instructions on how to configure rfc6186 DNS records for client autoconfiguration

### Related issue(s)
- #224
- #498

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-06-29 06:50:27 +00:00
Dimitri Huisman
b2840fed26
Update CI.yml 2021-06-28 22:51:23 +02:00
Dimitri Huisman
cf894dae03
Merge branch 'Mailu:master' into test-ci-parallel 2021-06-28 22:50:34 +02:00
Dimitri Huisman
75ee2cd1f7
Added manual trigger for workflow
Workflow file only triggers if it resides in the branch. If an old PR based on the mailu repo without CI.yml is tested, then the workflow run will not trigger. The merged commit on TESTING/STAGING branch does not contain the required CI.yml workflow file after all. In these cases simply run the workflow manually on the TESTING or STAGING branch,
2021-06-28 22:38:01 +02:00
Dimitri Huisman
c2b1f23652 It helps to also load the docker images for the tests. 2021-06-27 09:44:38 +00:00
Dimitri Huisman
c6da021106 Forgot to adapt all creat folder steps 2021-06-27 09:31:39 +00:00
Dimitri Huisman
782ffc084f Fixed typo 2021-06-27 09:26:11 +00:00
Dimitri Huisman
0468fb2064 Forgot to set permissions on images folder. Added changelog. 2021-06-27 09:24:17 +00:00
Dimitri Huisman
2f51fe6688 using != uses 2021-06-27 09:07:41 +00:00
Dimitri Huisman
a6ec14b42a Fixed spacing in CI.yml 2021-06-27 08:56:59 +00:00
Dimitri Huisman
e16e9f19fd Run test jobs in parallel for CI/CD. 2021-06-27 08:54:17 +00:00
Nicolas Paris
e4ad3a868c
Fix typo
Co-authored-by: decentral1se <1991377+decentral1se@users.noreply.github.com>
2021-06-27 10:50:15 +02:00
Nicolas Paris
7386257ded
Fix typo
Co-authored-by: decentral1se <1991377+decentral1se@users.noreply.github.com>
2021-06-27 10:47:28 +02:00
Nicolas Paris
ab7264df0c
Fix typo
Co-authored-by: decentral1se <1991377+decentral1se@users.noreply.github.com>
2021-06-27 10:46:41 +02:00
Nicolas Paris
c0c8c4a551
Fix typo
Co-authored-by: decentral1se <1991377+decentral1se@users.noreply.github.com>
2021-06-27 10:46:28 +02:00
Nicolas Paris
b560d1f369
Improve english
Co-authored-by: decentral1se <1991377+decentral1se@users.noreply.github.com>
2021-06-27 10:38:32 +02:00
bors[bot]
5d1264e381
Merge #1694
1694: update compression algorithms for current dovecot r=nextgens a=lub

## What type of PR?

enhancement

## What does this PR do?

This adds additional compression algorithms in accordance with
https://doc.dovecot.org/configuration_manual/zlib_plugin/

### Related issue(s)

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
2021-06-26 23:38:35 +00:00
bors[bot]
92281c04f3
Merge #1806
1806: Reflect override settings for postfix r=mergify[bot] a=ineiti

## What type of PR?

(documentation)

## What does this PR do?

Fixes path in the documentation setting, and also adds how to change postfix.cf

Co-authored-by: Linus Gasser <linus.gasser@epfl.ch>
2021-06-26 23:21:36 +00:00
bors[bot]
a1345114bc
Merge #1649 #1673
1649: Update docs/reverse.rst with Traefik v2+ info r=mergify[bot] a=patryk-tech

## What type of PR?

Documentation

## What does this PR do?

Adds information about using Traefik v2+ as a reverse proxy.

### Related issue(s)
Closes #1503 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1673: Remove rspamd unused env var from start script r=mergify[bot] a=cbachert

## What type of PR?
Cleanup

## What does this PR do?
Remove unused environment variable FRONT_ADDRESS in rspamd. FRONT_ADDRESS references were removed with commit 8172f3e in PR #727 like mentioned in chat https://matrix.to/#/!MINuyJjJSrfowljYCK:tedomum.net/$160401946364NGNmI:imninja.net?via=huisman.xyz&via=matrix.org&via=imninja.net
```
Mailu$ grep -r "FRONT_ADDRESS" core/rspamd/
core/rspamd/start.py:os.environ["FRONT_ADDRESS"] = system.get_host_address_from_environment("FRONT", "front")
```

### Related issue(s)
N/A

## Prerequistes
- [x] Documentation updated accordingly: No documentation to update
- [x] Add to changelog: Minor change

Co-authored-by: Patryk Tech <git@patryk.tech>
Co-authored-by: cbachert <cbachert@users.noreply.github.com>
2021-06-26 21:59:25 +00:00
Dimitri Huisman
24200ddb67 Forgot to remove duplicate steps when switching back to sequential workflow 2021-06-26 21:49:37 +00:00
bors[bot]
2d3adbbfcc
Merge #1718 #1793
1718: Warn people off of the documentation's K8s recipe. r=mergify[bot] a=c4lliope

Based on a discussion on Matrix (2020.12.19),
the helm charts are the way to go.

1793: Fix Typo in Dutch Translation r=mergify[bot] a=DjVinnii

## What type of PR?

Enhancement

## What does this PR do?

There were 2 typos in the Dutch translation file. These typos are being fixed with this PR.

### Related issue(s)
- None


Co-authored-by: Grace <30454698+c4lliope@users.noreply.github.com>
Co-authored-by: Vincent Kling <vincentkling@msn.com>
2021-06-26 21:14:51 +00:00
Dimitri Huisman
606c039a6f Switch back to sequential workflow 2021-06-26 21:00:51 +00:00
Dimitri Huisman
006da4c5e4
My mistake. A typo 2021-06-26 21:52:51 +02:00
Dimitri Huisman
fb30a62629
Create CI.yml 2021-06-26 21:52:09 +02:00
Dimitri Huisman
c6a38bbbcc
Update CI.yml 2021-06-26 21:50:55 +02:00
Dimitri Huisman
30c77912ad
Merge pull request #1833 from Diman0/switch-ci-cd
Switch to github actions for CI/CD
2021-06-26 21:27:43 +02:00
Dimitri Huisman
54dd4cf224 Added new docker repo for test image. Adapted deploy script to use env var for test repo name. Modified travis references to github actions references in docs. Added changelog entry. 2021-06-26 19:16:56 +00:00
Dimitri Huisman
58235bcc44 Switch to github actions for CI/CD 2021-06-26 08:25:15 +00:00
parisni
f4c76d49c1 Add changelog entry 2021-06-19 09:30:32 +02:00
parisni
a9548e4cbd Remove mailu/roundcube shared host 2021-06-19 09:20:23 +02:00
parisni
14307c83c1 Document databases variable and deprecation 2021-06-19 09:12:46 +02:00
parisni
84e59c0a6e Add missing roundcube_db_flavor 2021-06-19 01:22:23 +02:00
parisni
d2803f6f46 Update setup website 2021-06-19 00:38:53 +02:00
parisni
278878d48d Remove unused deps 2021-06-18 23:36:14 +02:00
parisni
5386e33af3 Reformat python 2021-06-18 23:21:24 +02:00
parisni
49c5c0eba6 Split mailu / roundcube db config
There is no reason to share the flavor since at least the dbname shall be different.
2021-06-18 23:20:25 +02:00
Alexander Graf
3f23e199f6 modified generation of session key and added refresh
- the session key is now generated using
  - a hash of the uid seeded by the apps secret_key (size: SESSION_KEY_BITS)
  - a random token (size: 128 bits)
  - the session's creation time (size: 32 bits)

- redis server side sessions are now refreshed after 1/2 the session lifetime
  even if not modified
- the cookie is also updated if necessary
2021-06-17 17:53:15 +02:00
Alexander Graf
9ef8aaf698 removed double confiog and fixed shaker 2021-06-16 22:06:28 +02:00
Alexander Graf
a1fd44fced added lmtp: prefix and documentation 2021-06-16 16:19:31 +02:00