1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Commit Graph

614 Commits

Author SHA1 Message Date
Hossein Hosni
4718b95f33 Add towncrier entry 2023-09-18 00:53:33 +03:30
Florent Daigniere
9402a3beec Upgrade webmails
roundcube 1.6.3
rcmcarddav 5.1.0
snappymail 2.28.4
2023-09-16 10:38:26 +02:00
Alexander Graf
b12bdef4b8
Add newsfragment 2023-09-10 11:27:06 +02:00
Florent Daigniere
5402d00be0 Maybe fix fetchmail when used with pop3 2023-08-30 13:17:50 +02:00
bors[bot]
585549ce92
Merge #2924
2924: Remove the usage of capabilities, use port 8080 for admin r=nextgens a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

In the real world users can't get them to work... I wonder if they use patched-up kernels or if xattrs are lost somehow... in any case, we can do without capabilities so let's do that.

Ensure that dovecot doesn't attempt to bind a v6 socket if SUBNET6 is not configured

Also, document that systemd-resolve may cause trouble with DNSSEC.

### Related issue(s)
- closes #2906
- closes #2913

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-08-29 06:19:42 +00:00
Florent Daigniere
b2a5a80e12 Ensure that dovecot doesn't bind v6 if not required 2023-08-28 11:56:25 +02:00
Florent Daigniere
562cd8c135 Remove the usage of capabilities use port 8080
In the real world users can't get them to work...
2023-08-28 11:34:51 +02:00
Florent Daigniere
086c05a42c Make rspamd retry for longer when connecting to clamav 2023-08-25 14:47:51 +02:00
Florent Daigniere
1731f45d83 Delete the PID file to avoid race conditions
Apparently sometimes the podop subprocess can be re-assigned the same
PID when the container is restarted, causing havok.
2023-08-25 13:40:22 +02:00
bors[bot]
fb97cec238
Merge #2901
2901: Force pw change r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

Allow administrators to force a user to change his password. Prune web-sessions on password change.

### Related issue(s)
- closes #2877 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2023-08-20 21:12:55 +00:00
Florent Daigniere
a1f9fb4347 Prevent rspamc zombies, ensure that triggering learn-spam works 2023-08-15 10:46:13 +02:00
Florent Daigniere
bd4c40b596 Prune sessions that are unrelated when changing passwords 2023-08-10 12:27:47 +02:00
Helmuth Breitenfellner
5d8b1940e1 Add a newsfragment for CHANGELOG 2023-08-08 21:45:11 +02:00
Dimitri Huisman
4cf9993117
Fix issue #2811. Clamav Healthcheck created zombie processes 2023-06-28 08:33:04 +00:00
bors[bot]
69229436cf
Merge #2866
2866: Improve tokens (add ipranges) r=nextgens a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Allow multiple IP addresses/networks to be set for tokens.

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-06-26 10:02:58 +00:00
Florent Daigniere
a6d217c455 increase the number of postfix workers 2023-06-24 18:54:18 +02:00
Florent Daigniere
ea0f63ae0d newsfragment 2023-06-24 16:13:05 +02:00
Florent Daigniere
29cd857c5f Allow multiple IP addresses/networks to be set for tokens 2023-06-23 15:56:41 +02:00
Florent Daigniere
50f8a5cb65 Ensure we log which account is invalid 2023-06-02 11:39:42 +02:00
Dimitri Huisman
5f94be871c
Authentication failed for email clients when the password contained a non latin-1 character. 2023-05-30 14:09:16 +00:00
bors[bot]
589c426601
Merge #2818
2818: Improve auth-related logging r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Improve auth-related logging

### Related issue(s)
- closes #2803 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2023-05-30 09:01:42 +00:00
bors[bot]
b6c093dfd6
Merge #2790
2790: Implement managesieve support r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

This is a better a alternative to #2773

Expose managesieve to the outside world.

### Related issue(s)
- close #2773
- #428
- #113
- #81
- #1222

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-05-26 14:11:33 +00:00
bors[bot]
9921b1c224
Merge #2829
2829: update docs r=mergify[bot] a=nextgens

## What type of PR?

documentation

## What does this PR do?

Update the documentation:
 - debian Stretch -> debian stable (see #2826)
 - docker 24.0.0 is broken (see #2827)
 - document how to get rid of "mount: Deactivated successfully" messages from moby (see #2797)

### Related issue(s)
- closes #2826
- closes #2827 
- closes #2797

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-05-19 15:25:12 +00:00
Florent Daigniere
41757334e2 update docs 2023-05-19 14:58:51 +02:00
Florent Daigniere
cab27f77c1 Don't send ooo messages to noreply@ 2023-05-16 10:29:39 +02:00
Florent Daigniere
6ee913502e Improve auth-related logging 2023-05-06 17:37:16 +02:00
Florent Daigniere
bee8ce9357 Fix2805 2023-05-06 09:06:12 +02:00
Florent Daigniere
1512493764 Fix roundcube's spellchecker 2023-04-27 12:43:38 +02:00
Florent Daigniere
167cd93153 Merge remote-tracking branch 'upstream/master' into managesieve-proxy 2023-04-22 17:59:50 +02:00
Florent Daigniere
e71c653c8c fix #2139 2023-04-22 08:24:36 +02:00
Florent Daigniere
36fcb9b830 dovecot is creating zombies 2023-04-21 17:27:59 +02:00
Florent Daigniere
eec9d1201f Fix logs in the SMTP container 2023-04-21 15:56:47 +02:00
Florent Daigniere
86ff5f7b71 Merge remote-tracking branch 'upstream/master' into managesieve-proxy 2023-04-20 18:53:17 +02:00
Florent Daigniere
ede331f657 LD_PRELOAD may not be in ENV 2023-04-20 17:46:27 +02:00
Florent Daigniere
107b0ab5ff Implement managesieve support 2023-04-20 15:36:17 +02:00
bors[bot]
6710a29c5e
Merge #2772
2772: Always exempt app-tokens from rate limits r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Always exempt app-tokens from rate limits
Ensure that unsuccessful login attempts against a valid account hit the ip-based rate-limit too

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-04-20 10:12:01 +00:00
bors[bot]
d8f6a53a1e
Merge #2771
2771: Sanitize logs as appropriate r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

- Sanitize logs as appropriate. 
- change the healthcheck of radicale to something less verbose
- disable hardened-malloc if we detect a processor not supporting the AVX extension set

Should we backport something like that? It could be argued it's a bugfix.

### Related issue(s)
- close #2644 
- close #2764
- #2541

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-04-20 09:23:25 +00:00
Dario Ernst
b0c71559d0 Whitelist all mailso* stream types in snuffleupagus for snappymail
For attachment download in snappymail to work, at least mailsoliteral is
needed. The additionally used stream types (from looking at the
snappymail source) have also been added, to ensure compatability with
whatever feature might rely on them ….
2023-04-17 14:43:13 +02:00
Florent Daigniere
21ed7b69a8 ratelimit: ensure we hit the ip-ratelimit on unsuccesful attempts
against a valid account
2023-04-16 11:30:14 +02:00
Florent Daigniere
c363378005 Always exempt app-tokens from rate limits 2023-04-14 12:51:43 +02:00
Florent Daigniere
b6ed4fd83e fix #2764 2023-04-14 10:09:51 +02:00
Florent Daigniere
7b08232049 Sanitize logs as appropriate 2023-04-13 14:46:12 +02:00
Florent Daigniere
8686e5154f Fix #2720 2023-04-12 12:33:33 +02:00
Florent Daigniere
a09c23d8de Fix it 2023-04-08 11:32:46 +02:00
Dimitri Huisman
c54271db32
Fix config-import. Config with dkim key could not be imported. 2023-04-07 14:19:17 +00:00
Dimitri Huisman
c6c4cd71f6
Add release note for PR 2748 2023-04-07 10:41:43 +00:00
Dimitri Huisman
0faae50302
Improve releases.rst.
Add extra links to relevant sections in documentation.
Add example of using the new override location for rspamd.
Add clarification  in rspamd section for rspamd override change and new autoconfig.* endpoint
2023-04-06 09:04:04 +00:00
Dimitri Huisman
ddcdf8b82a
Fix tag-release step in workflow which prevented github releases from being created automatically.
Cause was that a specific method is required for assigning multi-line strings in github workflow files:
https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
2023-04-06 07:46:28 +00:00
Dimitri Huisman
8cd5c15dc7
Newsfragment for releasing Mailu 2.0 2023-04-05 07:32:44 +00:00
Dimitri Huisman
ee252224b5
Process latest towncrier entries into changelog.md 2023-04-04 08:03:49 +00:00
Dimitri Huisman
e88fa6a1f5
Merge branch 'master' into new-release-mailu 2023-04-04 08:00:25 +00:00
bors[bot]
b68e132369
Merge #2733
2733: Ensure we always ask for the existing password before allowing a change r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Ensure we always ask for the existing password before allowing a change.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-04-04 07:11:56 +00:00
bors[bot]
cae01a36b4
Merge #2732
2732: Only account for distinct attempts in rate limits r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Only account for distinct attempts in rate limits. This is solving the problem related to users changing their passwords and having their client hammer the old credentials.

Reduce the default to 50 distinct passwords per day

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2023-04-03 20:40:10 +00:00
Dimitri Huisman
453acad21f
Initial changes for Mailu 2.0 release 2023-04-02 16:45:42 +00:00
Florent Daigniere
920f817009 LOG_DRIVER just doesn't work 2023-04-02 17:09:43 +02:00
Florent Daigniere
616e4a7734 Ensure we always ask for the existing password before allowing a change 2023-04-02 16:35:15 +02:00
Florent Daigniere
04a2cdab2f Only account for distinct attempts in rate limits 2023-04-01 11:33:02 +02:00
Didier 'OdyX' Raboud
d9ed3cd179
nginx: Allow http and/or mail servers to accept the PROXY protocol
See #2300 for the initial proposal
2023-03-28 09:08:38 +02:00
Dimitri Huisman
709edb522b
Introduce connection string (database url) for roundcube.
Remove database choice from setup.
Remove the old *DB_* database env variables from the documentation.
The env vars are deprecated now. They will be removed after the upcoming
Mailu release.
2023-03-26 12:21:00 +00:00
Dimitri Huisman
5bd528319b
Provide a changelog for minor releases. The github release will now:
* Provide the changelog message from the newsfragment of the PR that triggered the backport.
* Provide a github link to the PR/issue of the PR that was backported.

Switch to building multi-arch images. The images build for pull requests, master and production
are now multi-arch images for the architectures:
* linux/amd64
* linux/arm64/v8
* linux/arm/v7

Enhance CI/CD workflow with retry functionality. All steps for building images are now automatically
retried. If a build temporarily fails due to a network error, the retried step will still succeed.
2023-03-21 14:47:37 +00:00
bors[bot]
5044c78740
Merge #2709
2709: Validate proxy ip with PROXY_AUTH_WHITELIST r=mergify[bot] a=Diman0

## What type of PR?

bug fix

## What does this PR do?
The Proxy code validated the real client ip against the proxy auth whitelist. It should be the proxy ip that is checked. That is changed with this PR.

### Related issue(s)
- closes #2708
- #2692

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [n/a] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-03-18 13:26:59 +00:00
bors[bot]
c15595836a
Merge #2690
2690: Change rspamd override system to use .include with lowest priority. r=mergify[bot] a=Diman0

## What does this PR do?

All override files are used as if they were placed in the rspamd local.d folder.

New override system for Rspamd. In the old system, all files were placed in the Rspamd overrides folder. These overrides would override everything, including the Mailu Rspamd config.

Now overrides are placed in /overrides.
If you use your own map files, change the location to /override/myMapFile.map in the corresponding conf file. It works as following.
* If the override file overrides a Mailu defined config file, it will be included in the Mailu config file with lowest priority. It will merge with existing sections.
* If the override file does not override a Mailu defined config file, then the file will be placed in the rspamd local.d folder. It will merge with existing sections.

For more information, see the description of the local.d folder on the rspamd website: https://www.rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories

## What type of PR?

enhancement

### Related issue(s)
- closes #2555 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-03-18 10:01:23 +00:00
Dimitri Huisman
25b9db4b00
Proxy endpoint was checking real client ip instead of proxy ip
for validating PROXY_AUTH_WHITELIST
2023-03-18 08:14:46 +00:00
bors[bot]
5fbfb3cb1c
Merge #2566
2566: Make it clear that we don't delete users r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Make it clear that we don't delete users. Users can and should be disabled when not in use anymore.

### Related issue(s)
- closes #1820

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
2023-03-17 11:55:11 +00:00
Dimitri Huisman
c6c2805196
Update changelog with extra info. 2023-03-17 12:54:18 +01:00
bors[bot]
1d360055b7
Merge #2705
2705: Switch from docker.io to ghcr.io for deploying images r=nextgens a=Diman0

## What type of PR?

enhancement

## What does this PR do?
As we all know, docker has announced that they will stop with free docker organisations. The Mailu project used this. In about a month, the mailu docker org stops to exist and all images will be deleted.

This PR modifies the CI/CD workflow (github actions) to use ghcr.io as the container registry for deployed images. The images are first build with `-build` appended to the tag. These images are also used in the test step. Only in the deploy phase, are the final tags added (as it should be). This makes sure new images are only available after the deployment step.

The setup utility is updated to use `ghcr.io/mailu` as the docker_org.

All references to the docker org `mailu` have been replaced with `ghcr.io/mailu` in the documentation.

I confirmed via my Mailu_Fork repo that the github workflow works fine. 
https://github.com/Diman0/Mailu_Fork/actions/runs/4440118095

### Related issue(s)
- closes #2704 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-03-17 08:01:41 +00:00
bors[bot]
86ad4c93a9
Merge #2697
2697: Make the login page guess where to redirect r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Make the login page guess where to redirect.

If you access /admin/ and get redirected to /sso/login, it's only fair that it redirects you back to /admin afterwards.

This is also changing the interface for external proxy authentication, making it simpler to configure.

### Related issue(s)
- close #2692
- #1972

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
2023-03-16 22:29:53 +00:00
Dimitri Huisman
06ac7f507d
Add changelog entry. 2023-03-16 18:27:20 +00:00
Dimitri Huisman
31faee4218
Merge branch 'master' into delete-disable 2023-03-15 18:16:46 +01:00
Dimitri Huisman
b99828c4f6
Fix broken link. Add extra clarification for login targets. 2023-03-15 16:04:30 +00:00
Florent Daigniere
22bb0594da Upgrade snappymail to v2.26.4 2023-03-15 08:43:39 +01:00
bors[bot]
31a85397dd
Merge #2694
2694: fix #2693 r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Tweak the snuffleupagus rules to make roundcube's caldav work. While at it I have also grepped for other similar cases/problems.

### Related issue(s)
- close #2693

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-03-12 21:04:51 +00:00
Florent Daigniere
925c753f40 Merge branch 'master' of https://github.com/Mailu/Mailu into guess-target 2023-03-12 19:43:05 +01:00
Florent Daigniere
b607375603 Fix 2692: make the external auth proxy usable 2023-03-12 19:40:44 +01:00
Florent Daigniere
dd912169fb Make the login page guess where to redirect 2023-03-12 18:07:25 +01:00
Florent Daigniere
1b045b4a94 Introduce AUTH_PROXY_LOGOUT_URL 2023-03-12 18:07:25 +01:00
bors[bot]
f0b3689732
Merge #2676
2676: Czech translation r=mergify[bot] a=S474N

Czech translation

## What type of PR?

Czech translation

## What does this PR do?
Add czech translation


Co-authored-by: S474N <S474N@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-03-12 16:15:19 +00:00
Dimitri Huisman
17c68ca86e
Add changelog entry for PR2676 2023-03-12 16:01:35 +00:00
Florent Daigniere
61ca539d6d Merge branch 'master' of https://github.com/Mailu/Mailu into fail2ban-update 2023-03-12 11:18:25 +01:00
Florent Daigniere
7d21966114 fix #2693 2023-03-10 19:47:27 +01:00
Dimitri Huisman
8861ce6edb
Change rspamd override system to use include with lowest priority.
All override files are used as if they were placed in the rspamd
local.d folder.

From the newsfragment:
New override system for Rspamd. In the old system, all files were placed in the Rspamd overrides folder.
These overrides would override everything, including the Mailu Rspamd config.

Now overrides are placed in /overrides.
If you use your own map files, change the location to /override/myMapFile.map in the corresponding conf file.
It works as following.
* If the override file overrides a Mailu defined config file,
  it will be included in the Mailu config file with lowest priority.
  It will merge with existing sections.
* If the override file does not override a Mailu defined config file,
  then the file will be placed in the rspamd local.d folder.
  It will merge with existing sections.

For more information, see the description of the local.d folder on the rspamd website:
https://www.rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
2023-03-09 08:21:45 +00:00
Florent Daigniere
fed5ab1564 Alpine 3.17.2 2023-02-16 14:28:54 +01:00
Florent Daigniere
c55a06f85d towncrier 2023-02-10 11:52:59 +01:00
bors[bot]
aea7407044
Merge #2646
2646: Smarter ratelimit r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Only account for **distinct** usernames in the IP rate-limiter.

This enables to have a much tighter default as a user with a misconfigured device will now only account for a single attempt.

The goal here is to make the rate-limiter more acceptable and to avoid people disabling it altogether.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2023-02-09 12:18:41 +00:00
bors[bot]
46429ab247
Merge #2640
2640: Add env variable to set sieve_vacation_to_header_ignore_envelope r=mergify[bot] a=nwinkelstraeter

When used with SRS the vacation plugin creates a reply with SRS in the To: header which does not look nice for the recipient. Setting sieve_vacation_to_header_ignore_envelope will use the headers from the original source message instead of potentially rewritten ones.

Without this option auto-replies are sent with a To header with SRS, e.g `SRS0=uetG=43=sender.com=user@autoresponder.com`
With this option they are sent with just `user@sender.com`

This option is for whatever reason not part of the [pigeonhole docs](https://doc.dovecot.org/configuration_manual/sieve/extensions/vacation/) but it is documented here: 34431d7a67/NEWS (L338)

## What type of PR?

enhancement

## What does this PR do?
This PR adds an environment variable to the set the `sieve_vacation_to_header_ignore_envelope` configuration

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly



Co-authored-by: Nico Winkelsträter <nico.winkelstraeter@initos.com>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-02-09 10:08:48 +00:00
Florent Daigniere
9ef96e9c1e towncrier 2023-02-09 11:03:04 +01:00
bors[bot]
47fcf7de2d
Merge #2651
2651: Allow + in localpart of addresses to forward to r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Allow + in localpart of addresses to forward to

### Related issue(s)
- close #1236

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-02-06 12:15:50 +00:00
Florent Daigniere
caa8412d82 close #1236: Allow + in localpart of addresses 2023-02-06 13:00:17 +01:00
Florent Daigniere
0ec9f1797f Close #2258: sieve scripts should be utf8 encoded 2023-02-05 14:48:08 +01:00
Florent Daigniere
e2a25c79fc only account attempts for distinct usernames in ratelimits 2023-02-04 16:36:16 +01:00
bors[bot]
3a1cecbe21
Merge #2636
2636: Fix out of office replies r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Fix sieve/out of office replies by adding SUBNET to rspamd's local_networks.

Webmails are now on a different subnet.

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-01-30 09:32:18 +00:00
Florent Daigniere
802ab533d2 Upgrade to alpine 3.17.1
New openssl, new dovecot
2023-01-29 18:13:49 +01:00
Florent Daigniere
61f6e6018b towncrier 2023-01-29 15:48:50 +01:00
Alexander Graf
84d156d02f
Add towncrier file 2023-01-28 19:40:26 +01:00
bors[bot]
e1a85a450f
Merge #2634
2634: Upgrade webmails r=mergify[bot] a=nextgens

## What type of PR?

Enhancement

## What does this PR do?

Upgrade webmails: snappymail to 2.25.0, roundcube to 1.6.1 and carddav to 5.0.1

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-01-28 18:25:05 +00:00
Florent Daigniere
9d2046f43f Upgrade webmails 2023-01-28 16:59:09 +01:00
bors[bot]
db2a490256
Merge #2633
2633: Don't apply antispoof rules on locally generated emails r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Don't apply antispoof rules on locally generated emails; This was breaking the auto-responder and sieve rules.

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-01-28 15:05:38 +00:00
Florent Daigniere
46f05cb651 Merge branch 'master' of https://github.com/Mailu/Mailu into reduce-logging 2023-01-28 14:28:26 +01:00
Florent Daigniere
5304311e0e Doh 2023-01-28 14:14:38 +01:00
Florent Daigniere
36623188b5 Don't apply antispoof rules on locally generated emails 2023-01-28 14:12:14 +01:00
Florent Daigniere
e43f6524ea towncrier 2023-01-25 10:56:55 +01:00
bors[bot]
7e60ba4e98
Merge #2613
2613: Enhance network segregation r=nextgens a=nextgens

## What type of PR?

enhancement

## What does this PR do?

- put radicale and webmail on their own network: this is done for security: that way they have no privileged access anywhere (no access to redis, no access to XCLIENT, ...)
- remove the EXPOSE statements from the dockerfiles. These ports are for internal comms and are not meant to be exposed in any way to the outside world.

### Related issue(s)
- #2611

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-01-24 09:28:29 +00:00
bors[bot]
bbf0ac5d47
Merge #2464
2464: Introduce RESTful API r=mergify[bot] a=Diman0

## What type of PR?

Feature

## What does this PR do?
Introduces a RESTful API for changing the complete Mailu config.
Anything that can be configured in the web administration interface, can also be configured via the Mailu RESTful API.

Via the swagger.json endpoint the complete OpenAPI specification can be retrieved.
Via the endpoint swaggerui, a web client is available which shows all the endpoints, data models and allows you to submit requests.

See docs/api.rst and docs/configuration.rst for details for enabling it.

### Related issue(s)
- closes #445 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-01-12 18:48:32 +00:00
Florent Daigniere
052f8e41ba Upgrade to snuffleupagus 0.9.0 2023-01-10 12:28:38 +01:00
Dimitri Huisman
bcceac359d
Merge branch 'apiv1' of https://github.com/ghostwheel42/Mailu into feature-445-restful-api-ghostwheel 2023-01-05 10:18:02 +00:00
Florent Daigniere
8b9bb350ec towncrier 2023-01-04 15:11:29 +01:00
Florent Daigniere
4d80c95c41 Fix authentication submission
Don't talk haproxy to postfix; it's more headaches than it is currently
worth.
2023-01-03 15:57:57 +01:00
bors[bot]
bba6c5bb88
Merge #2603
2603: Enable HAPROXY protocol on SUBNET r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

- Enable HAPROXY in between front and imap: With this we avoid running into the limitations of  ``mail_max_userip_connections`` and the logfiles reflect the real IP.
- Enable HAPROXY in between front and smtp: with this postfix and rspamd are aware of whether TLS was used or not on the last hop. In practice this won't work as nginx doesn't send PROTO yet.
- Discard redundant log messages from postfix

With all of this, not only are the logs easier to understand but ``doveadm who`` also works as one would expect.

### Related issue(s)
- closes #894
- #1328
- closes #1364
- #1705

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-12-31 16:53:52 +00:00
Florent Daigniere
edd303f54d Modify the healtchecks to make them disapear from the logs.
This is not perfect...
- dovecot now complains about waitpid/finding a new process
- postfix is still regularly pinging rspamd / his milter and that
generates a few lines worth of logs each time.
2022-12-29 14:14:53 +01:00
Florent Daigniere
8539344331 Reduce nginx ssl_session_cache to 3m each 2022-12-29 11:03:55 +01:00
Florent Daigniere
163261d951 Towncrier 2022-12-28 16:55:24 +01:00
Alexander Graf
2f0f46c8fa
Add towncrier 2022-12-27 12:55:18 +01:00
Dimitri Huisman
5c9cdfe1de
Introduction of the Mailu RESTful API.
Anything that can be configured in the web administration interface,
can also be configured via the Mailu RESTful API.
See the section Advanced configuration in the configuration reference
for the relevant settings in mailu.env for enabling the API.
(API, WEB_API, API_TOKEN).
2022-12-27 11:32:54 +01:00
bors[bot]
8d2bd6d9ff
Merge #2528
2528: Implement #2510: oletools integration r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

OLETools now flags documents with macros and rejects suspicious ones. We also block executable file extensions by default (but don't perform inspection in archives: you can tell users to zip-up whatever needs sending).

### Related issue(s)
- closes #2510
- closes #2511

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2022-12-22 16:14:19 +00:00
Shamil Nunhuck
5264a3070b Added missing towncrier newsfragments 2022-12-21 01:03:34 +00:00
Alexander Graf
36a567c783
Add towncrier 2022-12-20 12:32:17 +01:00
Florent Daigniere
cea533ae57 Merge remote-tracking branch 'upstream/master' into oletools 2022-12-19 12:05:27 +01:00
bors[bot]
251db0b1af
Merge #2562
2562: Dynamic address resolution everywhere r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Use dynamic address resolution everywhere.
Derive a new key for admin/SECRET_KEY
Cleanup the environment

This should allow restarting containers.

### Related issue(s)
- closes #1341
- closes #1013
- closes #1430

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-12-19 10:12:26 +00:00
bors[bot]
50c7fa882e
Merge #2577
2577: Autofocus the login form on /sso/login r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Autofocus the login form on /sso/login

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-12-08 20:49:23 +00:00
Florent Daigniere
b630355d03 Autofocus the login form on /sso/login 2022-12-08 15:17:58 +01:00
Florent Daigniere
4e3874b0c1 Enable dynamic resolution of hostnames 2022-12-08 13:00:50 +01:00
Florent Daigniere
619a5fbda2 Upgrade to alpine 3.17.0 2022-12-02 16:44:44 +01:00
Florent Daigniere
00f07ef533 close #2451: prevent an auth-loop on webmails 2022-11-29 13:29:03 +01:00
Florent Daigniere
86edc3a919 Close #1483: remove postfix's /queue/pid/master.pid 2022-11-27 09:56:04 +01:00
bors[bot]
033889dc95
Merge #2542 #2559
2542: Implement header authentication via external proxy r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

Implement header authentication via external proxy

### Related issue(s)
- closes #1972
- closes #2183

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


2559: Turns out that php81-ctype is required by roundcube r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

It solves:
```
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "NOTICE: PHP message: PHP Fatal error:  Uncaught Error: Call to undefined function Masterminds\HTML5\Parser\ctype_alpha() in /var/www/roundcube/vendor/masterminds/html5/src/HTML5/Parser/Tokenizer.php:140"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "Stack trace:"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#0 /var/www/roundcube/vendor/masterminds/html5/src/HTML5/Parser/Tokenizer.php(82): Masterminds\HTML5\Parser\Tokenizer->consumeData()"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#1 /var/www/roundcube/vendor/masterminds/html5/src/HTML5.php(161): Masterminds\HTML5\Parser\Tokenizer->parse()"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#2 /var/www/roundcube/vendor/masterminds/html5/src/HTML5.php(89): Masterminds\HTML5->parse('<html>\n    <hea...', Array)"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#3 /var/www/roundcube/program/lib/Roundcube/rcube_washtml.php(700): Masterminds\HTML5->loadHTML('<html>\n    <hea...')"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#4 /var/www/roundcube/program/actions/mail/index.php(975): rcube_washtml->wash('<html>\n    <hea...')"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#5 /var/www/roundcube/program/actions/mail/index.php(1019): rcmail_action_mail_index::wash_html('<!doctype html>...', Array, Array)"
[25-Nov-2022 08:19:20] WARNING: [pool php] child 335 said into stderr: "#6 /var/www/roundcube/program/actions/mail/show.php(720): rcmail_action_mail_index::pr..."
```

see https://github.com/roundcube/roundcubemail/issues/7049


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-25 10:40:47 +00:00
bors[bot]
e0d42cadc0
Merge #2546
2546: Implement a GUI for WILDCARD_SENDERS r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

- Implement a GUI for WILDCARD_SENDERS

### Related issue(s)
- closes #2372

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2022-11-25 10:33:19 +00:00
Florent Daigniere
3721a6aa02 Merge branch 'master' of https://github.com/Mailu/Mailu into HEAD 2022-11-24 15:20:01 +01:00
bors[bot]
2104c04e3b
Merge #2544
2544: Fix #2242: Make quotas adjustable in 50MiB increments r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Make quotas adjustable in 50MiB increments

### Related issue(s)
- closes #2242

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-24 14:18:10 +00:00
bors[bot]
a8630c5a3b
Merge #2550
2550: Webmail hardening r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Add [Snuffleupagus](https://github.com/jvoisin/snuffleupagus/) (a modern Suhosin replacement) to protect webmails.

It may be possible to harden further, by encrypting some of the cookies and auditing the usage of gpg more closely.

This seems to work for me.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-24 13:36:12 +00:00
Florent Daigniere
d77bf119f8 towncrier 2022-11-24 12:47:13 +01:00
Florent Daigniere
3e45a791cf Implement oletools to filter out bad macros 2022-11-23 15:42:46 +01:00
bors[bot]
9c6e9b05db
Merge #2543
2543: Fix #2231: make public announcements work r=nextgens a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Ensure public announcements bypass filters.

They can still time-out... but this is already a big improvement that we should be able to backport.

### Related issue(s)
- closes #2231

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-23 09:32:17 +00:00
Florent Daigniere
e94f6eaf33 towncrier 2022-11-22 10:11:23 +01:00
Florent Daigniere
44c47586ea Fix potential permission problems 2022-11-21 17:50:57 +01:00
Florent Daigniere
d3d7916b58 Merge remote-tracking branch 'upstream/master' into upgrade-alpine 2022-11-21 17:22:15 +01:00
bors[bot]
c1da586444
Merge #2526
2526: Upgrade Snappymail to 2.21 and merge the webmail containers r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Upgrade Snappymail to 2.21 and merge the webmail containers. This will make the CI faster and should simplify things going forward (hardening but also allow running more than one webmail at the time, ...).

- enable APCu
- add new test to ensure we redirect to SSO and have disabled the admin panel
- add all the packaged dictionaries for spell checking
- harden the configuration of the webmails a bit (more to come in a separate PR)
- turn off deprecation warnings (php8.1 is too new)
- turn off error reporting (log them instead)
- return HTTP302 when we should
- gpg-verify the signature of the webmails we ship
- upgrade to snappymail 2.21, switch to the new json config format
- use socrates as it's meant to so that helm users can do their thing
- run the HTTPd and PHP as different users
- redirect the PHP errors to stderr

## Related issue(s)
- closes #2466
- closes #948
- closes #2250

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-21 15:28:57 +00:00
bors[bot]
553b02fb3d
Merge #2529
2529: Improve fetchmail r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Improve fetchmail:
- allow delivery via LMTP (faster, bypassing the filters)
- allow several folders to be retrieved
- run fetchmail as non-root
- tweak the compose file to ensure we have all the dependencies

### Related issue(s)
- closes #1231 
- closes #2246 
- closes #711

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2022-11-21 09:28:15 +00:00
Florent Daigniere
38507b2e1b Close #2372: Implement a GUI for WILDCARD_SENDERS 2022-11-20 10:19:28 +01:00
Florent Daigniere
cf7404e26c Fix #2242: Make quotas adjustable in 50MiB increments 2022-11-19 20:33:20 +01:00
Florent Daigniere
b20bf996ec Fix #2231: make public announcements work 2022-11-19 18:44:30 +01:00
Florent Daigniere
e2d4e3eb2e Implement header authentication via external proxy 2022-11-19 17:59:31 +01:00
Florent Daigniere
3cb87b6e49 Update entry 2022-11-17 18:10:53 +01:00
Florent Daigniere
3b5b00d87d towncrier 2022-11-17 16:37:17 +01:00
bors[bot]
f43c8c652e
Merge #2483 #2535
2483: Introduce FETCHMAIL_ENABLED r=mergify[bot] a=DjVinnii

## What type of PR?

Enhancement

## What does this PR do?
Add `FETCHMAIL_ENABLED` to enable/disable the Fetchmail functionality in the Admin UI.

### Related issue(s)
- closes #2127

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


2535: fix the linux/arm/v7 build r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

The arm builder is running aarch64 ... and there is no package for arm/v7


Co-authored-by: Vincent Kling <v.kling@vinniict.nl>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-16 12:30:33 +00:00
Florent Daigniere
08a9ab9a56 Improve fetchmail 2022-11-14 12:18:35 +01:00
Florent Daigniere
dc9e2a3e70 Upgrade Snappymail to 2.21 and merge the webmail containers 2022-11-12 11:34:58 +01:00
Florent Daigniere
97df65e9ef Switch to GrapheneOS's hardened_malloc
This was suggested during the dev meeting of the 18/09/22.

It may break things and it may make things unbearably slow
2022-11-11 13:56:04 +01:00
Dimitri Huisman
92f270c94e
Update the webmail images:
Roundcube
  - Switch to base image (alpine)
  - Switch to php-fpm
SnappyMail
  - Switch to base image
  - Upgrade php7 to php8.
2022-11-10 15:51:22 +00:00
bors[bot]
0839490beb
Merge #2479
2479: Rework the anti-spoofing rule r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

We shouldn't assume that Mailu is the only MTA allowed to send emails on behalf of the domains it hosts.
We should also ensure that it's non-trivial for email-spoofing of hosted domains to happen

Previously we were preventing any spoofing of the envelope from; Now we are preventing spoofing of both the envelope from and the header from unless some form of authentication passes (is a RELAYHOST, SPF, DKIM, ARC)

### Related issue(s)
- close #2475

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-09 15:16:36 +00:00
Alexander Graf
4b179d9008
Merge branch 'master' into hibp 2022-11-07 23:05:51 +01:00