1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-12 10:45:38 +02:00
Commit Graph

1993 Commits

Author SHA1 Message Date
Florent Daigniere
ab3dd11db8 As per review 2023-08-15 19:32:41 +02:00
Florent Daigniere
a1f9fb4347 Prevent rspamc zombies, ensure that triggering learn-spam works 2023-08-15 10:46:13 +02:00
Florent Daigniere
25b89a732b Set the flag when reset by command line too 2023-08-12 09:03:15 +02:00
Florent Daigniere
7b13ceb693 API and cmdline 2023-08-12 08:51:42 +02:00
Florent Daigniere
dec339800f Make new signups change passwords too 2023-08-12 08:07:10 +02:00
Florent Daigniere
6c144f8e12 simplify 2023-08-12 07:14:10 +02:00
Florent Daigniere
6bda856420 doh 2023-08-11 10:00:05 +02:00
Florent Daigniere
a5f3c7eaf2 Implement downgrade 2023-08-11 09:12:36 +02:00
Florent Daigniere
193b3d522a l10n 2023-08-11 09:09:07 +02:00
Florent Daigniere
786da5e08c clarify 2023-08-11 09:03:42 +02:00
Florent Daigniere
bd4c40b596 Prune sessions that are unrelated when changing passwords 2023-08-10 12:27:47 +02:00
Florent Daigniere
9bcbbdee02 Implement a 'force-password-change' feature 2023-08-10 12:06:15 +02:00
Florent Daigniere
e7e169f1c1 Fix the obvious issue 2023-08-09 19:10:07 +02:00
Florent Daigniere
f3cd401450 PROXY_PROTOCOL=all-but-http for traefik 2023-08-09 15:31:14 +02:00
Florent Daigniere
64ce3d1c96 Implement a busy loop for letsencrypt 2023-08-09 15:28:07 +02:00
bors[bot]
1e457bb6ba
Merge #2898
2898: take care of sieve too r=nextgens a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

This is a follow-up to #2895 sieve can also trigger the rate limit... and a stack-trace.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2023-08-07 09:16:47 +00:00
Florent Daigniere
9b7bb3b7f5
doh 2023-08-07 11:15:53 +02:00
Florent Daigniere
1413001705 take care of sieve too 2023-08-07 09:06:02 +02:00
Alexander Graf
2d9b348eb0
Update python deps to fix CVEs and build 2023-08-06 17:03:51 +02:00
Florent Daigniere
40b5e7ca39 Avoid a stack-trace when the ratelimit is hit 2023-08-05 18:24:11 +02:00
bors[bot]
890f847f6c
Merge #2677
2677: Apply DEFAULT_QUOTA to user creation admin ui page r=mergify[bot] a=PMExtra

## What type of PR?

Feature

## What does this PR do?

Apply `DEFAULT_QUOTA` settings to user creation admin ui page.

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] ~In case of feature or enhancement: documentation updated accordingly~
- [ ] ~Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.~

I'm sorry for that I'm not good at English to update the documentation. But this is not a completed new feature. `DEFAULT_QUOTA` is an existing configuration. I just completed the behaviors. Although this configuration was never documented.

Co-authored-by: PM Extra <pm@jubeat.net>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2023-06-28 10:22:18 +00:00
bors[bot]
69229436cf
Merge #2866
2866: Improve tokens (add ipranges) r=nextgens a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Allow multiple IP addresses/networks to be set for tokens.

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-06-26 10:02:58 +00:00
Florent Daigniere
a6d217c455 increase the number of postfix workers 2023-06-24 18:54:18 +02:00
Florent Daigniere
372f008eab bugfix for dovecot-proxy 2023-06-23 16:01:24 +02:00
Florent Daigniere
fbc2f47003 bugfix for dovecot-proxy 2023-06-23 15:57:37 +02:00
Florent Daigniere
8597bb0ebe add migration 2023-06-23 15:56:51 +02:00
Florent Daigniere
29cd857c5f Allow multiple IP addresses/networks to be set for tokens 2023-06-23 15:56:41 +02:00
Florent Daigniere
f143aa3dc8 Use dovecot-proxy where appropriate 2023-06-05 10:23:30 +02:00
Florent Daigniere
15569c62df Fix the bug @ghost has reported 2023-06-02 14:53:25 +02:00
Florent Daigniere
50f8a5cb65 Ensure we log which account is invalid 2023-06-02 11:39:42 +02:00
Florent Daigniere
22edc15de2
Update core/admin/mailu/internal/views/auth.py 2023-05-31 11:36:28 +02:00
Dimitri Huisman
8c206e8a9b
Retrieve raw password on the correct location 2023-05-31 09:08:03 +00:00
Dimitri Huisman
10a3d1eabb
Get the password from the source.
Remove password from response (not needed)
2023-05-30 15:06:32 +00:00
Dimitri Huisman
008cbdb6b1
Also url encode the password when authentication fails 2023-05-30 14:31:29 +00:00
Dimitri Huisman
5f94be871c
Authentication failed for email clients when the password contained a non latin-1 character. 2023-05-30 14:09:16 +00:00
bors[bot]
589c426601
Merge #2818
2818: Improve auth-related logging r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Improve auth-related logging

### Related issue(s)
- closes #2803 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2023-05-30 09:01:42 +00:00
bors[bot]
b6c093dfd6
Merge #2790
2790: Implement managesieve support r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

This is a better a alternative to #2773

Expose managesieve to the outside world.

### Related issue(s)
- close #2773
- #428
- #113
- #81
- #1222

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-05-26 14:11:33 +00:00
Florent Daigniere
cab27f77c1 Don't send ooo messages to noreply@ 2023-05-16 10:29:39 +02:00
Florent Daigniere
c68f4d93cf Merge remote-tracking branch 'origin/improve-logs' into improve-logs 2023-05-13 11:59:22 +02:00
Florent Daigniere
1ffb78103f quote the comments 2023-05-13 11:55:54 +02:00
Florent Daigniere
1042911732
Update nginx.py
Fix typo
2023-05-12 21:14:39 +02:00
Florent Daigniere
e88199e274
Update nginx.py
Doh
2023-05-12 20:27:29 +02:00
Florent Daigniere
c60e2fa52c add token.comment too 2023-05-12 19:41:32 +02:00
Florent Daigniere
bd3986131d review 2023-05-12 19:35:06 +02:00
Florent Daigniere
632fe1908a Rename as requested by reviewer 2023-05-10 09:54:56 +02:00
Florent Daigniere
c44537d318 Need this too 2023-05-09 12:17:16 +02:00
Florent Daigniere
7d39741c47 Make webmails use a different port without proxy protocol 2023-05-09 12:06:04 +02:00
Florent Daigniere
a9c92f19ef Add this endpoint back too 2023-05-09 09:54:52 +02:00
Florent Daigniere
2e26c7ad80 change healtcheck again 2023-05-09 09:51:53 +02:00
Florent Daigniere
6ee913502e Improve auth-related logging 2023-05-06 17:37:16 +02:00
Florent Daigniere
bee8ce9357 Fix2805 2023-05-06 09:06:12 +02:00
Florent Daigniere
88f7ab48f7 Deal with certwatcher too 2023-04-27 09:26:24 +02:00
Florent Daigniere
1d0c4e67aa noticket 2023-04-23 09:11:58 +02:00
Florent Daigniere
167cd93153 Merge remote-tracking branch 'upstream/master' into managesieve-proxy 2023-04-22 17:59:50 +02:00
Florent Daigniere
7e46e1491e as requested in review 2023-04-22 10:37:44 +02:00
Florent Daigniere
5d93ae205e Simplify the health-check 2023-04-21 17:36:24 +02:00
Florent Daigniere
36fcb9b830 dovecot is creating zombies 2023-04-21 17:27:59 +02:00
Florent Daigniere
eec9d1201f Fix logs in the SMTP container 2023-04-21 15:56:47 +02:00
Florent Daigniere
e6b9285f86 Send rport too 2023-04-21 11:04:08 +02:00
Florent Daigniere
d4bc99626f Ensure we log rport 2023-04-21 10:29:28 +02:00
Florent Daigniere
0025d06c4e maybe fix healthcheck 2023-04-21 10:08:32 +02:00
Florent Daigniere
915c1a75f1 Make it generic. Should we implement TARPIT? 2023-04-21 09:21:11 +02:00
Florent Daigniere
2d8b2b15fe tweak-logs 2023-04-21 09:13:11 +02:00
Florent Daigniere
4b02b2bd65 Add health-check 2023-04-21 08:59:42 +02:00
Florent Daigniere
cf0b440b2a Remove another useless message 2023-04-20 19:58:09 +02:00
Florent Daigniere
86ff5f7b71 Merge remote-tracking branch 'upstream/master' into managesieve-proxy 2023-04-20 18:53:17 +02:00
Florent Daigniere
21982478fb warning is enough 2023-04-20 18:01:16 +02:00
Florent Daigniere
281800d946 Try to do the same for ARM64, log a message if we do 2023-04-20 17:59:14 +02:00
Florent Daigniere
ede331f657 LD_PRELOAD may not be in ENV 2023-04-20 17:46:27 +02:00
Florent Daigniere
107b0ab5ff Implement managesieve support 2023-04-20 15:36:17 +02:00
bors[bot]
6710a29c5e
Merge #2772
2772: Always exempt app-tokens from rate limits r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Always exempt app-tokens from rate limits
Ensure that unsuccessful login attempts against a valid account hit the ip-based rate-limit too

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-04-20 10:12:01 +00:00
Florent Daigniere
5a55d1824e Make it happen post-deduplication 2023-04-16 12:57:20 +02:00
Florent Daigniere
21ed7b69a8 ratelimit: ensure we hit the ip-ratelimit on unsuccesful attempts
against a valid account
2023-04-16 11:30:14 +02:00
Florent Daigniere
775033391a doh 2023-04-14 13:56:39 +02:00
Florent Daigniere
c363378005 Always exempt app-tokens from rate limits 2023-04-14 12:51:43 +02:00
Florent Daigniere
b6ed4fd83e fix #2764 2023-04-14 10:09:51 +02:00
Florent Daigniere
7b08232049 Sanitize logs as appropriate 2023-04-13 14:46:12 +02:00
Florent Daigniere
8686e5154f Fix #2720 2023-04-12 12:33:33 +02:00
Florent Daigniere
845eff0055 fix 2757 2023-04-08 12:27:32 +02:00
Florent Daigniere
a09c23d8de Fix it 2023-04-08 11:32:46 +02:00
Dimitri Huisman
c54271db32
Fix config-import. Config with dkim key could not be imported. 2023-04-07 14:19:17 +00:00
bors[bot]
0cc7c2fd05
Merge #2735
2735: Mailu 2.0 release r=mergify[bot] a=Diman0

## What type of PR?

feature

## What does this PR do?
Changes for releasing Mailu 2.0.  I must still proofread the release notes I wrote.

### Related issue(s)
- closes #2215

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-04-05 07:03:37 +00:00
Dimitri Huisman
5f14c8ced1
Fix unmet dependency 2023-04-04 12:51:59 +00:00
Dimitri Huisman
a2655e3c79
Update dependencies with CVEs 2023-04-04 12:35:27 +00:00
Florent Daigniere
94ef62a884 Don't rate-limit port 25, ever. 2023-04-04 12:47:11 +02:00
Florent Daigniere
ab7b82d05b Clarify 2023-04-04 11:33:34 +02:00
Florent Daigniere
040dd82d3e fix bug 2023-04-04 11:30:59 +02:00
Dimitri Huisman
e88fa6a1f5
Merge branch 'master' into new-release-mailu 2023-04-04 08:00:25 +00:00
bors[bot]
b68e132369
Merge #2733
2733: Ensure we always ask for the existing password before allowing a change r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Ensure we always ask for the existing password before allowing a change.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-04-04 07:11:56 +00:00
bors[bot]
cae01a36b4
Merge #2732
2732: Only account for distinct attempts in rate limits r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Only account for distinct attempts in rate limits. This is solving the problem related to users changing their passwords and having their client hammer the old credentials.

Reduce the default to 50 distinct passwords per day

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2023-04-03 20:40:10 +00:00
Dimitri Huisman
453acad21f
Initial changes for Mailu 2.0 release 2023-04-02 16:45:42 +00:00
Florent Daigniere
c0f1f58f55 No need for that 2023-04-02 18:03:44 +02:00
Florent Daigniere
7dc2912770
Update core/admin/mailu/limiter.py
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
2023-04-02 17:11:16 +02:00
Florent Daigniere
52de10a5e5 resets don't need the current password 2023-04-02 16:41:12 +02:00
Florent Daigniere
616e4a7734 Ensure we always ask for the existing password before allowing a change 2023-04-02 16:35:15 +02:00
Florent Daigniere
795a7bafa2 should never happen but heh 2023-04-01 12:22:44 +02:00
Florent Daigniere
04a2cdab2f Only account for distinct attempts in rate limits 2023-04-01 11:33:02 +02:00
bors[bot]
be5214bb68
Merge #2725
2725: Fix access to radicale r=mergify[bot] a=Diman0

## What type of PR?

bug-fix

## What does this PR do?

Fix the access issue to radicale. I did not create a newsfragment, because this works fine on 1.9. This was only broken on master. 

### Related issue(s)
- closes #2723

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-03-29 06:35:39 +00:00
Dimitri Huisman
36069e3e06
Fix access to radicale 2023-03-28 20:01:43 +00:00
Dimitri Huisman
57a42ff3c8
Update instructions for syncing alpine image 2023-03-28 21:04:22 +02:00
Dimitri Huisman
250a200edb
Mirror alpine image to ghcr.io/mailu docker org to prevent docker pull rate limit.
Use mirrored ghcr.io/mailu/alpine image as base image.
2023-03-28 18:23:35 +00:00
bors[bot]
83c44740f6
Merge #2717
2717: nginx: Allow HTTP and/or TCP ports to accept the PROXY protocol r=mergify[bot] a=OdyX

This is a feature proposal, as a followup to close #2300, with a cleaner split proposal.

Co-authored-by: Didier 'OdyX' Raboud <odyx@raksha.ch>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Didier Raboud <odyx@debian.org>
2023-03-28 15:52:25 +00:00
Didier 'OdyX' Raboud
cd7dc7baea
nginx behind proxy: provide a healthcheck for localhost over port 10204 2023-03-28 14:13:59 +02:00
Didier 'OdyX' Raboud
e31dc0eb90
l10n fr: uppercase accented 'status' 2023-03-28 13:22:56 +02:00
Didier 'OdyX' Raboud
45f1a4b5f7
l10n fr: add DNS TLS and autoconfig translations 2023-03-28 13:22:41 +02:00
Didier 'OdyX' Raboud
4d6457af1a
l10n fr: fix Relayed domains' plural 2023-03-28 13:22:23 +02:00
Didier 'OdyX' Raboud
2e40467376
nginx with PROXY protocol for mail; only set_real_ip_from in 'all' and 'mail' alternatives 2023-03-28 09:09:11 +02:00
Dimitri Huisman
991dd647cb
nginx: fix proxy settings when PROXY protocol is used
Tested-By: Didier Raboud <odyx@raksha.ch>
2023-03-28 09:08:39 +02:00
Didier 'OdyX' Raboud
d9ed3cd179
nginx: Allow http and/or mail servers to accept the PROXY protocol
See #2300 for the initial proposal
2023-03-28 09:08:38 +02:00
Dimitri Huisman
6d31831cf5
Sigh. Forgot to actually save the modified requirements-dev.txt file.
Remove the pinned version for requirements for dev.
The blocking issue is resolved, so no need to pin the old version.
2023-03-26 13:28:40 +00:00
Dimitri Huisman
709edb522b
Introduce connection string (database url) for roundcube.
Remove database choice from setup.
Remove the old *DB_* database env variables from the documentation.
The env vars are deprecated now. They will be removed after the upcoming
Mailu release.
2023-03-26 12:21:00 +00:00
bors[bot]
5044c78740
Merge #2709
2709: Validate proxy ip with PROXY_AUTH_WHITELIST r=mergify[bot] a=Diman0

## What type of PR?

bug fix

## What does this PR do?
The Proxy code validated the real client ip against the proxy auth whitelist. It should be the proxy ip that is checked. That is changed with this PR.

### Related issue(s)
- closes #2708
- #2692

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [n/a] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-03-18 13:26:59 +00:00
bors[bot]
c15595836a
Merge #2690
2690: Change rspamd override system to use .include with lowest priority. r=mergify[bot] a=Diman0

## What does this PR do?

All override files are used as if they were placed in the rspamd local.d folder.

New override system for Rspamd. In the old system, all files were placed in the Rspamd overrides folder. These overrides would override everything, including the Mailu Rspamd config.

Now overrides are placed in /overrides.
If you use your own map files, change the location to /override/myMapFile.map in the corresponding conf file. It works as following.
* If the override file overrides a Mailu defined config file, it will be included in the Mailu config file with lowest priority. It will merge with existing sections.
* If the override file does not override a Mailu defined config file, then the file will be placed in the rspamd local.d folder. It will merge with existing sections.

For more information, see the description of the local.d folder on the rspamd website: https://www.rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories

## What type of PR?

enhancement

### Related issue(s)
- closes #2555 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-03-18 10:01:23 +00:00
Dimitri Huisman
ee1f0f94a3
Don't use the header when we don't need it. 2023-03-18 09:17:21 +00:00
Dimitri Huisman
f20208fb4b
Fix error in check for proxy scenario 2023-03-18 09:05:18 +00:00
Dimitri Huisman
4912fa1dff
Fix a typo. 2023-03-18 08:55:32 +00:00
Dimitri Huisman
20bf0e8a65
Add fix for wrong redirect in proxy scenario and accessing WEBROOT_REDIRECT 2023-03-18 08:40:45 +00:00
Dimitri Huisman
29bfc9dd9d
Add fallback just in case X-Forwarded-By is empty. 2023-03-18 08:16:30 +00:00
Dimitri Huisman
25b9db4b00
Proxy endpoint was checking real client ip instead of proxy ip
for validating PROXY_AUTH_WHITELIST
2023-03-18 08:14:46 +00:00
bors[bot]
1d9791ceaa
Merge #2703
2703: Paranoia: drop the headers we don't use r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Paranoia: drop the headers we don't use. This ensures there is no misunderstanding in between front and the other containers.

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-03-17 15:38:25 +00:00
bors[bot]
5fbfb3cb1c
Merge #2566
2566: Make it clear that we don't delete users r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Make it clear that we don't delete users. Users can and should be disabled when not in use anymore.

### Related issue(s)
- closes #1820

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
2023-03-17 11:55:11 +00:00
Dimitri Huisman
c482c71f6c
Add missing () 2023-03-16 22:49:07 +01:00
Florent Daigniere
698f1f377c Check https://attackshipsonfi.re/p/exploiting-cors-misconfigurations out 2023-03-16 08:12:46 +01:00
Florent Daigniere
8eb1542f64 Paranoia: drop the headers we don't use 2023-03-16 08:07:57 +01:00
Dimitri Huisman
31faee4218
Merge branch 'master' into delete-disable 2023-03-15 18:16:46 +01:00
Florent Daigniere
1831ca3b1e Handle WEBROOT_REDIRECT better 2023-03-14 09:40:43 +01:00
Florent Daigniere
e1739befc0 Make it work for /admin/antispam too 2023-03-13 08:40:29 +01:00
Florent Daigniere
f44cd24bf8 doh 2023-03-12 19:54:27 +01:00
Florent Daigniere
925c753f40 Merge branch 'master' of https://github.com/Mailu/Mailu into guess-target 2023-03-12 19:43:05 +01:00
Florent Daigniere
b607375603 Fix 2692: make the external auth proxy usable 2023-03-12 19:40:44 +01:00
Florent Daigniere
dd912169fb Make the login page guess where to redirect 2023-03-12 18:07:25 +01:00
Florent Daigniere
1b045b4a94 Introduce AUTH_PROXY_LOGOUT_URL 2023-03-12 18:07:25 +01:00
Dimitri Huisman
45177bd25a
bring back removed blank lines 2023-03-09 08:30:58 +00:00
Dimitri Huisman
7ce28bd6e9
Fix some small errors 2023-03-09 08:28:18 +00:00
Dimitri Huisman
8861ce6edb
Change rspamd override system to use include with lowest priority.
All override files are used as if they were placed in the rspamd
local.d folder.

From the newsfragment:
New override system for Rspamd. In the old system, all files were placed in the Rspamd overrides folder.
These overrides would override everything, including the Mailu Rspamd config.

Now overrides are placed in /overrides.
If you use your own map files, change the location to /override/myMapFile.map in the corresponding conf file.
It works as following.
* If the override file overrides a Mailu defined config file,
  it will be included in the Mailu config file with lowest priority.
  It will merge with existing sections.
* If the override file does not override a Mailu defined config file,
  then the file will be placed in the rspamd local.d folder.
  It will merge with existing sections.

For more information, see the description of the local.d folder on the rspamd website:
https://www.rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
2023-03-09 08:21:45 +00:00
PM Extra
4858f76057
Fix user create form 2023-02-24 13:51:41 +08:00
PM Extra
74fabccda6
Fix updating the default quota_bytes in the form 2023-02-24 09:42:59 +08:00
PM Extra
54667b2789
Fix UserForm of Admin UI 2023-02-23 20:54:37 +08:00
PM Extra
80d861523b
Apply DEFAULT_QUOTA to user creation admin ui page 2023-02-23 20:32:19 +08:00
S474N
92be819053
Update messages.po 2023-02-21 16:26:50 +01:00
S474N
d6757514af
Czech translation
Czech translation
2023-02-21 16:20:57 +01:00
bors[bot]
0de2430868
Merge #2664
2664: Fix the bug reported by fastlorenzo r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Fix the bug reported by fastlorenzo: when using proxy-auth, if the user doesn't exist you have to hit the URL twice.

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-02-20 12:39:04 +00:00
Florent Daigniere
fed5ab1564 Alpine 3.17.2 2023-02-16 14:28:54 +01:00
Florent Daigniere
6a4d8603fc Create the user before logging it in 2023-02-14 13:41:46 +01:00
Florent Daigniere
f125420400 Fix the bug reported by fastlorenzo 2023-02-14 11:33:16 +01:00
Florent Daigniere
66b7c76836 Doh. Without this email delivery from RELAYNET is broken 2023-02-09 16:04:13 +01:00
bors[bot]
aea7407044
Merge #2646
2646: Smarter ratelimit r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Only account for **distinct** usernames in the IP rate-limiter.

This enables to have a much tighter default as a user with a misconfigured device will now only account for a single attempt.

The goal here is to make the rate-limiter more acceptable and to avoid people disabling it altogether.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2023-02-09 12:18:41 +00:00
bors[bot]
46429ab247
Merge #2640
2640: Add env variable to set sieve_vacation_to_header_ignore_envelope r=mergify[bot] a=nwinkelstraeter

When used with SRS the vacation plugin creates a reply with SRS in the To: header which does not look nice for the recipient. Setting sieve_vacation_to_header_ignore_envelope will use the headers from the original source message instead of potentially rewritten ones.

Without this option auto-replies are sent with a To header with SRS, e.g `SRS0=uetG=43=sender.com=user@autoresponder.com`
With this option they are sent with just `user@sender.com`

This option is for whatever reason not part of the [pigeonhole docs](https://doc.dovecot.org/configuration_manual/sieve/extensions/vacation/) but it is documented here: 34431d7a67/NEWS (L338)

## What type of PR?

enhancement

## What does this PR do?
This PR adds an environment variable to the set the `sieve_vacation_to_header_ignore_envelope` configuration

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly



Co-authored-by: Nico Winkelsträter <nico.winkelstraeter@initos.com>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-02-09 10:08:48 +00:00
Nico Winkelsträter
9cb2ef7632 Let vacation plugin ignore envelope sender to avoid SRS recipient
This is done by setting sieve_vacation_to_header_ignore_envelope to yes
The envelope is rewritten by recipent_canonical_maps to reverse SRS after the plugin checks it
so we need the plugin to ignore it at this point.
2023-02-09 11:01:35 +01:00
Florent Daigniere
085bac6e08 Change AUTH_RATELIMIT_IP_V6_MASK from /56 to /48 2023-02-07 09:54:50 +01:00
Alexander Graf
fa084d7b1c
Styling only 2023-02-07 08:54:13 +01:00
Florent Daigniere
caa8412d82 close #1236: Allow + in localpart of addresses 2023-02-06 13:00:17 +01:00
Florent Daigniere
294ac4adb2 Revert "Clarify"
This reverts commit 35e9bfb8ab.
2023-02-04 17:08:26 +01:00
Florent Daigniere
35e9bfb8ab Clarify 2023-02-04 16:54:25 +01:00
Florent Daigniere
d30f71234d Apply the mask on the IP too 2023-02-04 16:50:43 +01:00
Florent Daigniere
a60159a0db update defaults, rephrase doc 2023-02-04 16:46:27 +01:00
Florent Daigniere
e2a25c79fc only account attempts for distinct usernames in ratelimits 2023-02-04 16:36:16 +01:00
Dimitri Huisman
44ad14811d
Missed some IF statements that must be modified for normalized config. 2023-02-01 11:12:05 +00:00
Dimitri Huisman
d9a6777d9d
Forgot to adapt some IF statements. All config is normalized now for front.
So true/false now matches the boolean value True/False.
Instead if {% IF X == 'true' %} we should now use {% IF X %}
2023-02-01 08:51:53 +00:00
bors[bot]
4a24bd9e24
Merge #2638
2638: further finishing touches for restful api r=mergify[bot] a=Diman0

- Fix setup utility setting correct value to env var API. It now also sets `false` when the API is disabled in the setup utility.
- Fix IF statement for enabling API in nginx.conf. Setting a different value than `API=true` in mailu.env now disabled the API endpoint in nginx.
- Use safer command for regenerating example API token. It uses crypto.getRandomValues() (as suggested by nextgens) which should be more random than the previously used method. 

## What type of PR?

bug-fix

## What does this PR do?

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-01-31 20:34:48 +00:00
Dimitri Huisman
7bcac3bbaa
Get the value from the correct dict (args) 2023-01-31 17:26:32 +00:00
Alexander Graf
ab5caac6f7
Remove webmail cookies on logout. 2023-01-31 17:34:59 +01:00
Dimitri Huisman
75afe1092d
Use server-side password generator for generating token.
Fix setup correctly writing the value for API to mailu.env
Normalize env vars for front container.
Update reverse proxy with API information.
2023-01-31 12:37:25 +00:00
Dimitri Huisman
0673d32306
Fix setup utility setting correct value to env var API
Fix IF statement for enabling API in nginx.conf
Use safer command for regenerating example API token.
2023-01-30 13:16:07 +00:00
Alexander Graf
50fc1cb8b3
Move version style to app.css 2023-01-30 10:49:11 +01:00
Alexander Graf
8f425ce081
Move unit to data-attr and fix defaulting to 1 2023-01-30 10:49:11 +01:00
Alexander Graf
f00059d10c
Show mailu version in web interface after logging in 2023-01-30 10:49:11 +01:00
Alexander Graf
8b0b87984d
Duh. Fix macros call 2023-01-30 10:49:10 +01:00
Alexander Graf
2fa0461803
Fix sliders 2023-01-30 10:49:10 +01:00
Alexander Graf
31e974f829
Add edit button to admin and manager lists 2023-01-30 10:49:10 +01:00
Alexander Graf
3af3aa9395
Show quota in domain list 2023-01-30 10:49:10 +01:00
Alexander Graf
65595d139a
Set default sort order for all lists 2023-01-30 10:49:10 +01:00
bors[bot]
3a1cecbe21
Merge #2636
2636: Fix out of office replies r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Fix sieve/out of office replies by adding SUBNET to rspamd's local_networks.

Webmails are now on a different subnet.

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-01-30 09:32:18 +00:00
Florent Daigniere
ae7061c561 Doh 2023-01-30 10:29:37 +01:00
Florent Daigniere
802ab533d2 Upgrade to alpine 3.17.1
New openssl, new dovecot
2023-01-29 18:13:49 +01:00
Florent Daigniere
e326393f03 fix ooo 2023-01-29 15:47:19 +01:00
Alexander Graf
21ac230cce
Make olefy.py listen on all interfaces 2023-01-28 19:40:26 +01:00
Alexander Graf
842be9b7c3
Skip listen to v6 when SUBNET6 is not set 2023-01-28 19:40:23 +01:00
Alexander Graf
1ad1d8d95d
Rewrite generation of gunicorn cmdline 2023-01-28 19:39:40 +01:00
Chris Schäpers
35331a4295
Make gunicorn IPv6 conditional
Only listen on [::]:80 in case SUBNET6 is defined, otherwise do the normal :80
2023-01-28 19:39:39 +01:00
Chris
9f6848110a
Make gunicorn listen on ipv6 2023-01-28 19:39:39 +01:00
bors[bot]
db2a490256
Merge #2633
2633: Don't apply antispoof rules on locally generated emails r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Don't apply antispoof rules on locally generated emails; This was breaking the auto-responder and sieve rules.

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-01-28 15:05:38 +00:00
Florent Daigniere
46f05cb651 Merge branch 'master' of https://github.com/Mailu/Mailu into reduce-logging 2023-01-28 14:28:26 +01:00
Florent Daigniere
36623188b5 Don't apply antispoof rules on locally generated emails 2023-01-28 14:12:14 +01:00
bors[bot]
179c624116
Merge #2631
2631: Restful api finishing touches r=mergify[bot] a=Diman0

## What type of PR?

enhancement

## What does this PR do?
Some finishing touches for the restful api.

- Make the API configurable via the setup utility.  
  - Configured exactly the same as the ADMIN and WEBMAIL. 
- We have a single config (API) that configures whether it is exposed (via front). Just like ADMIN. The API is always reachable by directly connecting to the admin container.
- API_TOKEN does not enable/disable the API anymore. When it is not configured, an error is returned (via the internet browser) that the API_TOKEN must be configured in mailu.env.
- Fix some small bugs in the setup utility ( selecting none in the dropdown boxes, now correctly changes the config)
- Update Flask-RestX to 1.0.5. This resolves the deprecation warnings introduced by Flask-RestX.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-01-27 18:46:57 +00:00
Alexander Graf
30efdf557f
Re-enable cli action user_delete with "disable" as default 2023-01-27 10:28:27 +01:00
bors[bot]
43e500faf5
Merge #2628
2628: Set default for FETCHMAIL_ENABLED r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

Set the default for FETCHMAIL_ENABLED to true in the admin container.
This keeps existing functionality for people upgrading without re-creating the `mailu.env`.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2023-01-27 07:53:10 +00:00
Dimitri Huisman
18b900699c
Bump version of Flask-RESTX to 1.0.5.
This resolves all deprecation warnings caused by Flask-RESTX.
2023-01-25 16:12:14 +00:00
Dimitri Huisman
d6e7314f05
Make API configurable via the setup utility
Fix some small bugs in the setup utility
Improve documentation on the API.
2023-01-25 15:30:25 +00:00
Alexander Graf
c4ca1cffaf
Set default for FETCHMAIL_ENABLED 2023-01-25 12:20:17 +01:00
Alexander Graf
5c968256e6
Really fix creation of deep structures using import in update mode 2023-01-25 10:34:44 +01:00
bors[bot]
151601744f
Merge #2627
2627: Add SUBNET6 to places where SUBNET is used r=nextgens a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

Also add SUBNET6 where SUBNET is used.

Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2023-01-24 16:58:04 +00:00
bors[bot]
6d994525c4
Merge #2625
2625: Disable fetchmail r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

Only show "fetched accounts" button in user list when fetchmail feature is enabled.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2023-01-24 11:34:44 +00:00
Alexander Graf
10562233ca
Add SUBNET6 to places where SUBNET is used 2023-01-24 12:15:36 +01:00
bors[bot]
7e60ba4e98
Merge #2613
2613: Enhance network segregation r=nextgens a=nextgens

## What type of PR?

enhancement

## What does this PR do?

- put radicale and webmail on their own network: this is done for security: that way they have no privileged access anywhere (no access to redis, no access to XCLIENT, ...)
- remove the EXPOSE statements from the dockerfiles. These ports are for internal comms and are not meant to be exposed in any way to the outside world.

### Related issue(s)
- #2611

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-01-24 09:28:29 +00:00
Alexander Graf
1697da6e23
Disable "Fetched accounts" button in user list. 2023-01-23 20:50:56 +01:00
bors[bot]
dae9e9242b
Merge #2624
2624: Move runtime environment variables to the end r=nextgens a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

This moves the environment variables used at runtime from the system to the base image.
It's a workaround for a strange build issue observed when building with hardened malloc enabled.



Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2023-01-13 09:58:34 +00:00
bors[bot]
bbf0ac5d47
Merge #2464
2464: Introduce RESTful API r=mergify[bot] a=Diman0

## What type of PR?

Feature

## What does this PR do?
Introduces a RESTful API for changing the complete Mailu config.
Anything that can be configured in the web administration interface, can also be configured via the Mailu RESTful API.

Via the swagger.json endpoint the complete OpenAPI specification can be retrieved.
Via the endpoint swaggerui, a web client is available which shows all the endpoints, data models and allows you to submit requests.

See docs/api.rst and docs/configuration.rst for details for enabling it.

### Related issue(s)
- closes #445 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-01-12 18:48:32 +00:00
Alexander Graf
712679b4d8
Duh 2023-01-12 18:19:35 +01:00
Alexander Graf
d558be20f6
Move runtime environment variables to the end 2023-01-12 15:23:00 +01:00