1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Commit Graph

838 Commits

Author SHA1 Message Date
Florent Daigniere
b9becd8649 make sessions expire 2021-03-09 14:21:02 +01:00
Florent Daigniere
a1d32568d6 Regenerate session-ids to prevent session fixation 2021-03-09 14:20:22 +01:00
Florent Daigniere
d459c37432 make session IDs 128bits 2021-03-09 14:20:22 +01:00
Florent Daigniere
22af5b8432 Switch to server-side sessions in redis 2021-03-09 14:20:22 +01:00
Alexander Graf
dd2e218375 Merge remote-tracking branch 'upstream/master' into import-export 2021-03-09 13:31:21 +01:00
Florent Daigniere
96ae54d04d CryptContext should be a singleton 2021-03-09 12:05:46 +01:00
Florent Daigniere
5f05fee8b3 Don't need regexps anymore 2021-03-09 12:05:46 +01:00
Florent Daigniere
1c5b58cba4 Remove scheme_dict 2021-03-09 12:05:46 +01:00
Florent Daigniere
df230cb482 Refactor auth under nginx.check_credentials() 2021-03-09 12:05:46 +01:00
Florent Daigniere
f9ed517b39 Be specific token length 2021-03-09 12:05:46 +01:00
Florent Daigniere
d0b34f8e24 Move CREDENTIAL_ROUNDS to advanced settings 2021-03-09 12:05:46 +01:00
Florent Daigniere
fda758e2b4 remove merge artifact 2021-03-09 12:04:42 +01:00
Florent Daigniere
57a6abaf50 Remove {scheme} from the DB if mailu has set it 2021-03-09 12:04:42 +01:00
Florent Daigniere
7137ba6ff1 Misc improvements to PASSWORD_SCHEME
- remove PASSWORD_SCHEME altogether
- introduce CREDENTIAL_ROUNDS
- migrate all old hashes to the current format
- auto-detect/enable all hash types that passlib supports
- upgrade passlib to 1.7.4 (see #1706: ldap_salted_sha512 support)
2021-03-09 12:04:42 +01:00
Florent Daigniere
00b001f76b Improve the token storage format
shortcomings of the previous format included:
- 1000x slower than it should be (no point in adding rounds since there
 is enough entropy: they are not bruteforceable)
- vulnerable to DoS as explained in
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha256_crypt.html#security-issues
2021-03-09 12:04:42 +01:00
Florent Daigniere
eb7895bd1c Don't do more work than necessary (/webdav)
This is also fixing tokens on /webdav/
2021-03-09 12:04:42 +01:00
Florent Daigniere
58b2cdc428 Don't do more work than necessary 2021-03-09 12:04:42 +01:00
bors[bot]
464e46b02b
Merge #1765
1765: Set sensible cookie flags on the admin app r=mergify[bot] a=nextgens

## What type of PR?

Bugfix

## What does this PR do?

It sets the right flags on the session cookie issued by the admin app.
This should probably be backported as the lack of secure flag on TLS-enabled setup is a high risk vulnerability.

SameSite is hardening / helps against CSRF on modern browsers
HTTPOnly is hardening / helps reduce the impact of XSS

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-03-09 09:25:04 +00:00
bors[bot]
47d6c697d0
Merge #1763
1763: show flash messages again r=mergify[bot] a=lub

## What type of PR?

bug-fix

## What does this PR do?
This basically restores the behaviour, that got removed in
ecdf0c25b3 during refactoring.

### Related issue(s)
- noticed it while reviewing #1756

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [-] In case of feature or enhancement: documentation updated accordingly
- [-] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
2021-03-08 11:53:10 +00:00
bors[bot]
cca4b50915
Merge #1607
1607: _FILE variables for Docker swarm secrets r=mergify[bot] a=lub

## What type of PR?

enhancement

## What does this PR do?

This PR enables usage of DB_PW_FILE and SECRET_KEY_FILE instead of DB_PW and SECRET_KEY to load these values from files instead of supplying them directly. That way it's possible to use Docker secrets.

### Related issue(s)


## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
2021-03-08 09:07:10 +00:00
Florent Daigniere
0dcc059cd6 Add a new knob as discussed on matrix with lub 2021-03-05 22:26:46 +01:00
Jaume Barber
5bb67dfcbb Translated using Weblate (Basque)
Currently translated at 100.0% (151 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/eu/
2021-03-04 18:46:27 +00:00
Jaume Barber
a49b9d7974 Translated using Weblate (Catalan)
Currently translated at 99.3% (150 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ca/
2021-03-04 18:46:26 +00:00
Jaume Barber
cd9992f79c Translated using Weblate (Swedish)
Currently translated at 74.2% (121 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/sv/
2021-03-04 18:46:25 +00:00
Jaume Barber
afae5d1c24 Translated using Weblate (Russian)
Currently translated at 88.3% (144 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ru/
2021-03-04 18:46:25 +00:00
Jaume Barber
7a01a63389 Translated using Weblate (Portuguese)
Currently translated at 88.3% (144 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/pt/
2021-03-04 18:46:24 +00:00
Jaume Barber
480ec29d3d Translated using Weblate (Italian)
Currently translated at 91.4% (149 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/it/
2021-03-04 18:46:24 +00:00
Jaume Barber
5e96a4bfcf Translated using Weblate (Spanish)
Currently translated at 91.4% (149 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/es/
2021-03-04 18:46:24 +00:00
Jaume Barber
6143d66eb8 Translated using Weblate (English)
Currently translated at 39.2% (64 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
2021-03-04 18:46:24 +00:00
Anonymous
6da5978870 Translated using Weblate (German)
Currently translated at 88.3% (144 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/de/
2021-03-04 18:46:24 +00:00
Anonymous
58c22fd2c6 Translated using Weblate (English)
Currently translated at 38.6% (63 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
2021-03-03 18:18:39 +00:00
Jaume Barber
0dc8817f32 Translated using Weblate (English)
Currently translated at 38.6% (63 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
2021-03-03 18:18:39 +00:00
Anonymous
3d17000ceb Translated using Weblate (English)
Currently translated at 29.4% (48 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
2021-03-03 17:57:27 +00:00
Jaume Barber
a2933d00f3 Translated using Weblate (English)
Currently translated at 29.4% (48 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
2021-03-03 17:57:26 +00:00
Jaume Barber
7c0158c5f8 Translated using Weblate (English)
Currently translated at 17.7% (29 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
2021-03-03 17:17:18 +00:00
Anonymous
7de94275a0 Translated using Weblate (English)
Currently translated at 17.7% (29 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
2021-03-03 17:17:18 +00:00
Jaume Barber
43133d8515 Added translation using Weblate (Basque) 2021-03-03 17:05:23 +00:00
Jaume Barber
5e0aa65c8d Translated using Weblate (Italian)
Currently translated at 96.3% (157 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/it/
2021-03-03 17:03:23 +00:00
Jaume Barber
725cdc270c Translated using Weblate (Spanish)
Currently translated at 100.0% (163 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/es/
2021-03-03 12:37:52 +00:00
Weblate
a571704a9d Merge branch 'origin/master' into Weblate. 2021-03-03 11:35:49 +00:00
Jaume Barber
b9c2dc1a79 Translated using Weblate (Catalan)
Currently translated at 98.6% (149 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ca/
2021-03-03 11:35:49 +00:00
Anonymous
3a9a133226 Translated using Weblate (English)
Currently translated at 11.0% (18 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
2021-03-03 11:35:47 +00:00
Jaume Barber
af251216b0 Translated using Weblate (English)
Currently translated at 11.0% (18 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
2021-03-03 11:35:47 +00:00
Alexander Graf
b55b53b781 optimize generation of transport nexthop 2021-02-26 20:51:58 +01:00
Alexander Graf
0a9f732faa added docstring to Logger. use generators. 2021-02-22 20:35:23 +01:00
Alexander Graf
bde7a2b6c4 moved import logging to schema
- yaml-import is now logged via schema.Logger
- iremoved relative imports - not used in other mailu modules
- removed develepment comments
- added Mailconfig.check method to check for duplicate domain names
- converted .format() to .format_map() where possible
- switched to yaml multiline dump for dkim_key
- converted dkim_key import from regex to string functions
- automatically unhide/unexclude explicitly specified attributes on dump
- use field order when loading to stabilize import
- fail when using 'hash_password' without 'password'
- fixed logging of dkim_key
- fixed pruning and deleting of lists
- modified error messages
- added debug flag and two verbosity levels
2021-02-19 18:01:02 +01:00
Florent Daigniere
aa8cb98906 Set sensible cookie options 2021-02-18 15:47:13 +01:00
Alexander Graf
e4c83e162d fixed colorize auto detection 2021-02-16 17:59:43 +01:00
Alexander Graf
e46d4737b0 merged changes from api without api 2021-02-16 17:12:45 +01:00
Alexander Graf
4b9886b139 Merge remote-tracking branch 'upstream/master' into import-export 2021-02-16 16:24:30 +01:00
Alexander Graf
10435114ec updated remarks and docs 2021-02-16 15:36:01 +01:00
Alexander Graf
1e2b5f26ab don't handle nested lists 2021-02-16 13:34:02 +01:00
Alexander Graf
70a1c79f81 handle prune and delete for lists and backrefs 2021-02-15 22:57:37 +01:00
Alexander Graf
8929912dea remove OrderedDict - not necessary in python>=3.7 2021-02-15 21:56:58 +01:00
Alexander Graf
3937986e76 Convert OrderedDict to dict for output 2021-02-15 10:01:35 +01:00
Alexander Graf
68caf50154 new import/export using marshmallow 2021-02-15 00:46:59 +01:00
lub
88f992de16 show flash messages again
This basically restores the behaviour, that got removed in
ecdf0c25b3 during refactoring.
2021-02-13 13:36:05 +01:00
Florent Daigniere
2e749abe61 DNS records for client autoconfiguration (RFC6186) 2021-02-07 18:50:26 +01:00
Florent Daigniere
b49554bec1 merge artifact 2021-02-07 18:12:00 +01:00
Florent Daigniere
ef637f51b7 derive the SSO keys from a KDF 2021-02-07 17:58:19 +01:00
Florent Daigniere
906a051925 Make rainloop use internal auth 2021-02-07 17:50:17 +01:00
Alexander Graf
1c9abf6e48 updated requirements for import/export
api reqs (flask-restx, ...) are still missing
2021-01-24 19:27:22 +01:00
Alexander Graf
902b398127 next step for import/export yaml & json 2021-01-24 19:07:48 +01:00
Mordi Sacks
f56af3053a
Removed email address 2021-01-17 01:28:25 +02:00
Alexander Graf
65b1ad46d9 order yaml data and allow callback on import
- in yaml the primary key is now always first
- calling a function on import allows import to be more verbose
- skip "fetches" when empty
2021-01-15 13:57:20 +01:00
Alexander Graf
8213d044b2 added docstrings, use f-strings, cleanup
- idna.encode does not encode upper-case letters,
  so .lower() has to be called on value not on result
- split email-address on '@' only once
- converted '*'.format(*) to f-strings
- added docstrings
- removed from_dict method
- code cleanup/style (list concat, exceptions, return&else, line-length)
- added TODO comments on possible future changes
2021-01-15 13:53:47 +01:00
Alexander Graf
31a903f959 revived & renamed config-fns. cosmetics.
- revived original config-update function for backwards compability
- renamed config-dump to config-export to be in line with config-import
- converted '*'.format(*) to f-strings
- converted string-concatenation to f-strings
2021-01-15 13:45:36 +01:00
Alexander Graf
c24bff1c1b added config_import using marshmallow 2021-01-14 01:11:04 +01:00
Alexander Graf
7413f9b7b4 config_dump now using marshmallow 2021-01-13 00:05:43 +01:00
Alexander Graf
dc42d375e2 added filtering of keys and default value 2021-01-08 14:22:59 +01:00
Alexander Graf
82cf0d843f fix sqlalchemy column definitions 2021-01-08 14:22:11 +01:00
Alexander Graf
b3f8dacdad add docstrings and make linter happy 2021-01-08 14:17:28 +01:00
Alexander Graf
6629aa3ff8 first try at api using flask-restx & marshmallow 2021-01-06 17:05:21 +01:00
Alexander Graf
4c258f5a6b cosmetic changes & make linter happy
renamed single letter variables (m => match)
renamed classmethod arguments to cls (model)
removed shadowing of variables (hash, context)
shortened unneeded lambda functions (id)
converted type ... is to isinstance(...)
removed unneded imports (flask)
2021-01-06 16:45:55 +01:00
Alexander Graf
7229c89de1 ConfigManager should not replace app.config
Updated ConfigManager to only modify app.config and not replace it.
Swagger does not play well, when app.config is not a real dict and
it is not necessary to keep ConfigManager around after init.

Also added "API" flag to config (default: disabled).
2021-01-06 16:31:03 +01:00
Alexander Graf
3b35180b41 cosmetic changes 2020-12-20 23:50:26 +01:00
Alexander Graf
815f47667b update dkim-key on commit only 2020-12-20 23:49:42 +01:00
Alexander Graf
0a594aaa2c cosmetic changes 2020-12-20 23:45:27 +01:00
Alexander Graf
3064a1dcff removed call to (undefined) cli 2020-12-20 23:38:55 +01:00
Alexander Graf
0051b93077 removed unused variable 2020-12-16 22:39:50 +01:00
Alexander Graf
2cd3acdc1a Merge remote-tracking branch 'upstream/master' into import-export 2020-12-16 22:39:09 +01:00
Alexander Graf
63176f4878 Merge remote-tracking branch 'upstream/master' into import-export 2020-11-30 22:03:10 +01:00
dependabot[bot]
54ccfdf975
Bump cryptography from 2.6.1 to 3.2 in /core/admin
Bumps [cryptography](https://github.com/pyca/cryptography) from 2.6.1 to 3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/2.6.1...3.2)

Signed-off-by: dependabot[bot] <support@github.com>
2020-11-21 11:15:31 +00:00
Alexander Graf
adc9c70c3e added dump option to dump dns data of domains 2020-10-24 22:31:32 +02:00
Alexander Graf
2a5c46c890 Allow to dump only selected sections 2020-10-24 22:31:31 +02:00
Alexander Graf
500967b2f5 ignore dkim_publickey when updating config 2020-10-24 22:31:29 +02:00
Alexander Graf
c46f9328f7 also dump dkim_publickey. allow key generation. 2020-10-24 22:31:26 +02:00
Alexander Graf
acc728109b validate dkim keys and allow removal 2020-10-24 22:31:13 +02:00
cbachert
72a9ec5b7c Fix extract_host_port port separation
Regex quantifier should be lazy to make port separation work.
2020-10-24 00:25:53 +01:00
Alexander Graf
dfc34b2165 Merge remote-tracking branch 'upstream/master' into import-export 2020-10-23 16:16:29 +02:00
Dimitri Huisman
78890a97ff Preparations for 1.8 release. 2020-10-01 20:32:05 +02:00
Alexander Graf
8e14aa80ee documented options and added help text 2020-09-04 12:57:40 +02:00
Alexander Graf
9d2327b0f1 add space for more human readable indentation
add a newline before main sections
add some spaces to indent
2020-09-04 12:32:51 +02:00
lub
05e2af1802
fix small typo in Auth-SSL 2020-09-02 15:16:10 +02:00
lub
f0f873ffe7 add option to enforce inbound starttls 2020-09-01 21:48:09 +02:00
lub
02cfe326d3 support using files for SECRET_KEY and DB_PW
this enables usage of e.g. docker swarm secrets instead of exposing the
passwords directly via environment variables

just use DB_PW_FILE and SECRET_KEY_FILE instead of DB_PW and SECRET_KEY
2020-08-30 01:04:36 +02:00
Alexander Graf
69ccf791d2 fixed data import via from_dict
- stabilized CommaSeparatedList by sorting values
- CommaSeparatedList can now handle list and set input

- from_dict now handles mapped keys
- from_dict now handles null values

- class Domain: handle dkim-key None correctly
- class User: delete obsolete keys after converting
- class Alias: now uses Email._dict_input
2020-08-26 23:16:37 +02:00
Alexander Graf
190e7a709b renamed config-dump option --verbose to --full 2020-08-26 23:14:27 +02:00
Alexander Graf
5c0efe82cf implemented config_update and config_dump
enhanced data model with to_dict and from_dict methods
added config_dump function to manage command
config_update now uses new data model methods
2020-08-26 11:27:38 +02:00
Alexander Graf
c26ddd3c68 fixed user's destination property
self.forward_destination is a list (and not string)
2020-08-26 11:19:01 +02:00
Alexander Graf
5dfccdafe9 fixed some minor typos, removed unused variable 2020-08-26 11:11:23 +02:00
ofthesun9
539114a3d6
Merge branch 'master' into test-alpine-3.12 2020-08-09 16:37:45 +02:00
Brian Maloney
6bd14506c0
Explicitly define ProxyFix options
Even though these seem to be the defaults, since 1.7 x_proto was not being honored (see #1309), this fixes this issue for me.
2020-06-28 17:27:45 -04:00
ofthesun9
1d35b1283d Adjust python required packages for alpine:3.12 2020-06-15 22:57:49 +02:00
ofthesun9
cff2e76269 Switching to alpine:3.12 2020-06-15 17:32:56 +02:00
bors[bot]
15a0d7303c
Merge #1399 #1417
1399: Remove SPF type SPF record #1394 r=mergify[bot] a=bladeswords

As mentioned in #1394 - In accordance with RFC 7208, offer only TXT RRs for SPF.
Agree with @Nebukadneza - but not sure how to go about telling people to remove the old record...

## What type of PR?

Documentation

## What does this PR do?
Removes the recommendation to add a SPF RR for SPF records, as this is no longer RFC complaint and often causes issues to maintain two records.

### Related issue(s)
- closes #1394

## Prerequistes
None


1417: docker-compose exec needs a -T flag if no TTY is allocated r=mergify[bot] a=ofthesun9

This flag is missing in 00_create_users.sh and is failing the tests on travis arm architecture

## What type of PR?
This PR is an enhancement/bugfix needed to allow usage of travis to test and deploy on arm platform
Before the PR, tests are failing with the msg: "the input device is not a TTY"

## What does this PR do?
This PR add -T flag for the docker-compose exec occurences found in 00_create_users.sh


Co-authored-by: bladeswords <bladeswords@users.noreply.github.com>
Co-authored-by: Dario Ernst <dario@kanojo.de>
Co-authored-by: ofthesun9 <olivier@ofthesun.net>
2020-05-01 00:23:11 +00:00
Weblate
066f2bac07 Merge branch 'origin/master' into Weblate. 2020-04-26 13:09:42 +00:00
Jaume Barber
6c25d20c83 Translated using Weblate (Catalan)
Currently translated at 100.0% (151 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ca/
2020-04-26 13:09:41 +00:00
bors[bot]
60b9a3e2f0
Merge #1389
1389: Prefer specific alias over wildcard, regardless of case r=mergify[bot] a=Nebukadneza

## What type of PR?
bug-fix

## What does this PR do?
Since direct addresses (not aliases) are case-insensitive since a while,
it makes sense for aliases to behave the same. Up until now, a wildcard
alias could trump a alias not-matching-the-case of the incoming address.
This clarifies this behavior.

## Notes
I realize that the if-hell down there isn’t nice. What it is, however, is quite clear and easy to read. I’m hoping that if anyone ever gets confused in the future, this will make the current behavior transparent. For me, that was more important than a minimal amount of statements/branches …

### Related issue(s)
closes #1387

## Prerequistes
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dario Ernst <github@kanojo.de>
2020-03-28 05:59:16 +00:00
bors[bot]
575f6b1691
Merge #1296 #1322 #1337 #1358
1296: fetchmail: print unhandled exceptions, but don't crash r=Nebukadneza a=Al2Klimov

fixes #1295

1322: Bump validators from 0.12.5 to 0.12.6 in /core/admin r=Nebukadneza a=dependabot[bot]

Bumps [validators](https://github.com/kvesteri/validators) from 0.12.5 to 0.12.6.
<details>
<summary>Changelog</summary>

*Sourced from [validators's changelog](https://github.com/kvesteri/validators/blob/master/CHANGES.rst).*

> 0.12.6 (2019-05-08)
> ^^^^^^^^^^^^^^^^^^^
> 
> - Fixed domain validator for single character domains ([#118](https://github-redirect.dependabot.com/kvesteri/validators/issues/118), pull request courtesy kingbuzzman)
</details>
<details>
<summary>Commits</summary>

- See full diff in [compare view](https://github.com/kvesteri/validators/commits)
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=validators&package-manager=pip&previous-version=0.12.5&new-version=0.12.6)](https://help.github.com/articles/configuring-automated-security-fixes)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Mailu/Mailu/network/alerts).

</details>

1337: Add IPv6 to allow_nets r=Nebukadneza a=PhilRW

Roundcube was not connecting to sieve with IPv6 enabled.

Fixes #1336

1358: Add port to relay if it contains a colon r=Nebukadneza a=PhilRW

## What type of PR?

enhancement

## What does this PR do?

Allows relaying domains to non-standard SMTP ports by appending `:port` to the destination host/IP. E.g., `mx1.internal:2525`

### Related issue(s)

Closes #1357 


## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Alexander A. Klimov <grandmaster@al2klimov.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Philip Rosenberg-Watt <p.rosenberg-watt@cablelabs.com>
2020-03-12 13:20:00 +00:00
Weblate
e9ddb2ddcc Merge branch 'origin/master' into Weblate. 2020-03-11 23:03:59 +00:00
Jaume Barber
a2fa52170c Translated using Weblate (Catalan)
Currently translated at 98.6% (149 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ca/
2020-03-11 23:03:52 +00:00
Jaume Barber
aafcbadb23 Translated using Weblate (Italian)
Currently translated at 98.7% (161 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/it/
2020-03-11 23:03:51 +00:00
Jaume Barber
ecb8e07da2 Translated using Weblate (Spanish)
Currently translated at 98.7% (161 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/es/
2020-03-11 23:03:51 +00:00
Jae Beojkkoch
ca82380bcf Translated using Weblate (English)
Currently translated at 7.9% (13 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
2020-03-11 23:03:51 +00:00
bladeswords
8010595dd2
Remove SPF type SPF record #1394
As mentioned in #1394 - In accordance with RFC 7208, offer only TXT RRs for SPF.
Agree with @Nebukadneza - but not sure how to go about telling people to remove the old record...
2020-03-09 23:22:13 +11:00
Dario Ernst
23f21f8b9c Use pyyaml safe_load instead of load
Since load in unsafe (ref: https://msg.pyyaml.org/load),
switch the only occurrance of `yaml.load` that i could
find to safe_load.

closes #1085
2020-03-07 19:08:52 +00:00
bors[bot]
b8b1699f9e
Merge #1359
1359: Refactor the rate limiting code r=mergify[bot] a=kaiyou

## What type of PR?

Enhancement

## What does this PR do?

Rate limiting was already redesigned to use Python limits. This
introduced some unexpected behavior, including the fact that only
one criteria is supported per limiter. Docs and setup utility are
updated with this in mind.

Also, the code was made more generic, so limiters can be delivered
for something else than authentication. Authentication-specific
code was moved directly to the authentication routine.

### Related issue(s)

No specific issue.

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: kaiyou <pierre@jaury.eu>
2020-03-07 09:50:04 +00:00
dependabot[bot]
94cfc31e04
Bump validators from 0.12.5 to 0.12.6 in /core/admin
Bumps [validators](https://github.com/kvesteri/validators) from 0.12.5 to 0.12.6.
- [Release notes](https://github.com/kvesteri/validators/releases)
- [Changelog](https://github.com/kvesteri/validators/blob/master/CHANGES.rst)
- [Commits](https://github.com/kvesteri/validators/commits)

Signed-off-by: dependabot[bot] <support@github.com>
2020-03-06 15:33:41 +00:00
bors[bot]
1ca4d6769c
Merge #1349
1349: Add support for SRS, related to #328 r=mergify[bot] a=kaiyou

## What type of PR?

Feature

## What does this PR do?

It implements SRS using a Python SRS library.

### Related issue(s)
- closes #328 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: kaiyou <pierre@jaury.eu>
2020-03-06 15:05:43 +00:00
Dario Ernst
da2dda49d4 Prefer specific alias over wildcard, regardless of case
Since direct addresses (not aliases) are case-insensitive since a while,
it makes sense for aliases to behave the same. Up until now, a wildcard
alias could trump a alias not-matching-the-case of the incoming address.
This clarifies this behavior.

closes #1387
2020-03-06 13:56:48 +01:00
NeroPcStation
365f21007d Translated using Weblate (Polish)
Currently translated at 90.2% (147 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/pl/
2020-02-17 20:23:38 +00:00
kaiyou
8e88f1b8c3 Refactor the rate limiting code
Rate limiting was already redesigned to use Python limits. This
introduced some unexpected behavior, including the fact that only
one criteria is supported per limiter. Docs and setup utility are
updated with this in mind.

Also, the code was made more generic, so limiters can be delivered
for something else than authentication. Authentication-specific
code was moved directly to the authentication routine.
2020-02-09 17:38:18 +01:00
Philip Rosenberg-Watt
ff1dfec39a Add port to relay if it contains a colon
This closes #1357
2020-02-09 08:05:24 -07:00
Philip Rosenberg-Watt
27e37577c6 Add IPv6 to allow_nets
Roundcube was not connecting to sieve with IPv6 enabled.

Fixes #1336
2020-02-03 14:53:04 -07:00
Weblate
b248f6a800 Merge branch 'origin/master' into Weblate 2020-01-31 01:23:00 +00:00
Andrási István
395a0d14dc Translated using Weblate (Hungarian)
Currently translated at 100.0% (163 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/hu/
2020-01-31 01:22:59 +00:00
bors[bot]
96f832835a
Merge #1278
1278: Limiter implementation r=kaiyou a=micw

## What type of PR?

(Feature, enhancement, bug-fix, documentation)

## What does this PR do?

Adds a custom limter based on the "limits" lirary that counts up on failed auths only

### Related issue(s)
- closes #1195
- closes #634

## Prerequistes

- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
Co-authored-by: micw <michael@wyraz.de>
2020-01-30 07:19:35 +00:00
bors[bot]
761fade9a9
Merge #1316
1316: Fix the encoding of incoming user email and password r=mergify[bot] a=kaiyou

## What type of PR?

Bug fix

## What does this PR do?

As described in the changes, RFC2616 states that header should be considered ISO8859-1 in HTTP, which obviously nginx does not really care about when forwarding the password from SMTP authentication to the backend. Hence, we need to encode-then-decode passwords to get the proper value in case a special char is in there.

### Related issue(s)
- This fixes #1139 
- This is also related to #1281 
- This is also related to #1139

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: kaiyou <pierre@jaury.eu>
2020-01-19 17:25:19 +00:00
Tom Radtke
9d213b213a
Upgrading to a 2048-bit DKIM key 2020-01-16 16:47:27 +01:00
Torben Jensen
6f910c5738 Translated using Weblate (Danish)
Currently translated at 80.8% (122 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/da/
2020-01-14 18:22:25 +00:00
kaiyou
bd69b7a491 Add support for SRS, related to #328 2020-01-14 01:18:30 +01:00
kaiyou
9b7a027d6f Fix the encoding of incoming user email and password 2020-01-13 20:34:24 +01:00
Weblate
869f230e0d Merge branch 'origin/master' into Weblate 2020-01-13 11:44:10 +00:00
Torben Jensen
619a87a821 Added translation using Weblate (Danish) 2020-01-13 11:44:09 +00:00
bors[bot]
812439332a
Merge #1299
1299: Don't remove the address extension in postfix r=mergify[bot] a=RobertMe

## What type of PR?
Bugfix

## What does this PR do?
Currently when the mail address is looked up by Postfix (using the admin
part) the address extension is removed. This is due to the address
extension being removed to look up the user, and afterwards returning
the users mail address. But by not returning the mail address including
the address extension it also isn't part anymore in the LMTP
communication to Dovecot. So Dovecot doesn't know about the extension,
and in turn the address extension can't be used in Sieve mail filtering.

This change fixes that by returning the original address by just
concatinating the "localpart" and domain again when the user is found.

### Related issue(s)
Fixes #982

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Robert Meijers <robert.meijers@gmail.com>
2020-01-10 17:52:27 +00:00
Angedestenebres
c09f046ba7 Translated using Weblate (French)
Currently translated at 100.0% (163 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/fr/
2020-01-06 12:22:06 +00:00
micw
7688caa784
Add missing self. 2020-01-05 19:44:06 +01:00
Robert Meijers
989e4d5db5 Don't remove the address extension in postfix
Currently when the mail address is looked up by Postfix (using the admin
part) the address extension is removed. This is due to the address
extension being removed to look up the user, and afterwards returning
the users mail address. But by not returning the mail address including
the address extension it also isn't part anymore in the LMTP
communication to Dovecot. So Dovecot doesn't know about the extension,
and in turn the address extension can't be used in Sieve mail filtering.

This change fixes that by returning the original address by just
concatinating the "localpart" and domain again when the user is found.

Fixes #982
2019-12-27 21:11:50 +01:00
Marc Riera
ba7364d5e9 Added translation using Weblate (Catalan) 2019-12-18 15:06:54 +00:00
Michael Wyraz
70f797dbd9 Don't raise rate limit exception on hit(), only on check() 2019-12-16 18:47:21 +01:00
Michael Wyraz
a7f787f914 Make rate limit for subnet (webmail) configurable 2019-12-16 18:46:17 +01:00
Michael Wyraz
bee80b5c64 Remove rate limit reset 2019-12-06 11:02:21 +01:00
Michael Wyraz
889386b4a6 Limiter implementation 2019-12-06 09:35:21 +01:00
Mordi Sacks
ebc39b5308 Translated using Weblate (Hebrew)
Currently translated at 6.0% (9 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/he/
2019-11-27 22:20:29 +00:00
Mordi Sacks
5b23e30b39 Added translation using Weblate (Hebrew) 2019-11-26 21:21:21 +00:00
Weblate
e736abbe6f Merge branch 'origin/master' into Weblate 2019-10-21 20:13:33 +00:00
Simen Kildahl Eriksen
87c6984b99 Translated using Weblate (Norwegian Bokmål)
Currently translated at 100.0% (151 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/nb_NO/
2019-10-21 20:13:32 +00:00
bors[bot]
0417c791ff
Merge #985
985: Permit raspberry pi (and other architectures) builds r=mergify[bot] a=abondis

## What type of PR?

Enhancement

## What does this PR do?

Add an option to select base images and permit building for different CPU architectures.

### Related issue(s)
N/A

## Prerequistes

- [X] documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Aurélien Bondis <aurelien.bondis@gmail.com>
Co-authored-by: Aurelien <aurelien.bondis@gmail.com>
2019-10-20 20:41:03 +00:00
Weblate
60e5f551f9 Merge branch 'origin/master' into Weblate 2019-10-20 17:54:42 +00:00
Simen Kildahl Eriksen
4c3af0b905 Added translation using Weblate (Norwegian Bokmål) 2019-10-20 17:54:41 +00:00
bors[bot]
9bae9b3078
Merge #1213
1213: Bump werkzeug from 0.15.2 to 0.15.3 in /core/admin r=mergify[bot] a=dependabot[bot]

Bumps [werkzeug](https://github.com/pallets/werkzeug) from 0.15.2 to 0.15.3.
<details>
<summary>Release notes</summary>

*Sourced from [werkzeug's releases](https://github.com/pallets/werkzeug/releases).*

> ## 0.15.3
> * Blog: https://palletsprojects.com/blog/werkzeug-0-15-3-released/
> * Changes: https://werkzeug.palletsprojects.com/en/0.15.x/changes/#version-0-15-3
> 
</details>
<details>
<summary>Changelog</summary>

*Sourced from [werkzeug's changelog](https://github.com/pallets/werkzeug/blob/master/CHANGES.rst).*

> Version 0.15.3
> --------------
> 
> Released 2019-05-14
> 
> -   Properly handle multi-line header folding in development server in
>     Python 2.7. (:issue:`1080`)
> -   Restore the ``response`` argument to :exc:`~exceptions.Unauthorized`.
>     (:pr:`1527`)
> -   :exc:`~exceptions.Unauthorized` doesn't add the ``WWW-Authenticate``
>     header if ``www_authenticate`` is not given. (:issue:`1516`)
> -   The default URL converter correctly encodes bytes to string rather
>     than representing them with ``b''``. (:issue:`1502`)
> -   Fix the filename format string in
>     :class:`~middleware.profiler.ProfilerMiddleware` to correctly handle
>     float values. (:issue:`1511`)
> -   Update :class:`~middleware.lint.LintMiddleware` to work on Python 3.
>     (:issue:`1510`)
> -   The debugger detects cycles in chained exceptions and does not time
>     out in that case. (:issue:`1536`)
> -   When running the development server in Docker, the debugger security
>     pin is now unique per container.
</details>
<details>
<summary>Commits</summary>

- [`9b1123a`](9b1123a779) release version 0.15.3
- [`00bc43b`](00bc43b167) unique debugger pin in Docker containers
- [`2cbdf2b`](2cbdf2b022) Merge pull request [#1542](https://github-redirect.dependabot.com/pallets/werkzeug/issues/1542) from asottile/exceptions_arent_always_hashable
- [`0e669f6`](0e669f6be5) Fix unhashable exception types
- [`bdc17e4`](bdc17e4cd1) Merge pull request [#1540](https://github-redirect.dependabot.com/pallets/werkzeug/issues/1540) from pallets/break-tb-cycle
- [`44e38c2`](44e38c2985) break cycle in chained exceptions
- [`777500b`](777500b646) Merge pull request [#1518](https://github-redirect.dependabot.com/pallets/werkzeug/issues/1518) from NiklasMM/fix/1510_lint-middleware-python3-compa...
- [`e00c7c2`](e00c7c2ced) Make LintMiddleware Python 3 compatible and add tests
- [`d590cc7`](d590cc7cf2) Merge pull request [#1539](https://github-redirect.dependabot.com/pallets/werkzeug/issues/1539) from pallets/profiler-format
- [`0388fc9`](0388fc95e6) update filename_format for ProfilerMiddleware.
- Additional commits viewable in [compare view](https://github.com/pallets/werkzeug/compare/0.15.2...0.15.3)
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=werkzeug&package-manager=pip&previous-version=0.15.2&new-version=0.15.3)](https://help.github.com/articles/configuring-automated-security-fixes)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Mailu/Mailu/network/alerts).

</details>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2019-10-13 23:00:19 +00:00
bors[bot]
dcda412b99
Merge #1211
1211: Split HOST_ANTISPAM in HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI r=mergify[bot] a=micw

## What type of PR?

bug-fix

## What does this PR do?

Fixes #1190 by separating HOST_ANTISPAM into HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI

### Related issue(s)
- closes #1190
- closes #1150

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
2019-10-13 19:44:25 +00:00
bors[bot]
35160b770d
Merge #1198 #1204 #1207 #1208
1198: Enable access log of admin service only for log levels of INFO and finer r=muhlemmer a=micw

## What type of PR?

bug fix

## What does this PR do?

### Related issue(s)
- closes #1197

## Prerequistes

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1204: Add initial admin account to kubernetes example r=muhlemmer a=micw

## What type of PR?

documentation

## What does this PR do?

Add INITIAL_ADMIN_* example to kubernetes configmap.yaml

### Related issue(s)

- closes #1201

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- docs example only

1207: Add Japanese translation r=muhlemmer a=IchikawaYukko

## What type of PR?

Translation

## What does this PR do?

Provide completed Japanese translation.

### Related issue(s)

None

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [*] In case of feature or enhancement: documentation updated accordingly
- [*] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1208: Persist mailqueue r=muhlemmer a=micw

## What type of PR?

bug-fix

## What does this PR do?

Makes postfix mailqueue presistent (for docker, swarm and kubernetes)

### Related issue(s)
- closes #1161

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
Co-authored-by: Michael Wyraz <michael.wyraz@evermind.de>
Co-authored-by: U-COREI3-3120M\市川ゆり子 <ichikawayuriko@yahoo.co.jp>
Co-authored-by: micw <michael@wyraz.de>
2019-10-13 19:01:20 +00:00
Michael Wyraz
a907fe4cac Split HOST_ANTISPAM in HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI 2019-10-13 20:13:02 +02:00
dependabot[bot]
ed204766b2
Bump werkzeug from 0.15.2 to 0.15.3 in /core/admin
Bumps [werkzeug](https://github.com/pallets/werkzeug) from 0.15.2 to 0.15.3.
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/master/CHANGES.rst)
- [Commits](https://github.com/pallets/werkzeug/compare/0.15.2...0.15.3)

Signed-off-by: dependabot[bot] <support@github.com>
2019-10-13 14:32:40 +00:00
U-COREI3-3120M\市川ゆり子
26955df7ae remove POT-Creation-Date, PO-Revision-Date 2019-10-12 19:20:55 +09:00
U-COREI3-3120M\市川ゆり子
efd628c338 add Japanese translation 2019-10-11 05:34:33 +09:00
bors[bot]
950a88bf0e
Merge #1196
1196: Change default password scheme to PBKDF2 (#1194) r=mergify[bot] a=hoellen

## What type of PR?
enhancement

## What does this PR do?
This PR change the default password scheme to PBKDF2. It is already changed in some places (e.g. [docs/compose/.env](https://github.com/Mailu/Mailu/blob/master/docs/compose/.env#L142)).

### Related issue(s)
closes #1194 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: hoellen <dev@hoellen.eu>
2019-10-08 06:06:25 +00:00
Michael Wyraz
d689a8eeb3 Enable access log of admin service only for log levels of INFO and finer 2019-10-08 07:29:33 +02:00
hoellen
d3dd4802f4 Change default password scheme to PBKDF2 (#1194) 2019-10-07 22:29:03 +02:00
Niduroki
b58f06c03e Add a title to Mailu-Admin pages 2019-09-25 19:29:26 +02:00
Michael Wyraz
de2f166bd1 Resolve HOST_* to *_ADDRESS only if *_ADDRESS is not already set 2019-08-31 18:18:58 +02:00
Aurélien Bondis
34079244a6 fix ARG positions 2019-08-30 10:24:08 -04:00
Aurélien Bondis
e1a4bf32a6 only insert qemu binary if building for arm 2019-08-23 15:24:21 -04:00
kaiyou
d50504fa2b Only set the redis address once, fixes #1125 2019-08-23 00:29:00 +02:00
bors[bot]
3e626b8500
Merge #940
940: Fix host variables r=mergify[bot] a=ionutfilip

## What type of PR?
bug-fix

## What does this PR do?

### Related issue(s)
- Fix #884

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.


Co-authored-by: Ionut Filip <ionut.philip@gmail.com>
Co-authored-by: Tim Möhlmann <muhlemmer@gmail.com>
2019-08-21 21:25:36 +00:00
bors[bot]
2785bca1f4
Merge #883
883: Admin create user enhancement r=mergify[bot] a=cr1st1p

## What type of PR?
Enhancement

## What does this PR do?
It allows the admin docker image to also create the admin user.
The idea is that in my kubernetes setup, I do not want to manually do anything, as such, I need a way for the admin user to also be created automatically without me getting inside the pod.
So I had to change the manage.py function that creates the user to allow different 'modes' (me, I'll be using 'ifmissing') and also start.py to call that functionality if appropriate environment variables are present.

So now, in my Deployment, I add 3 more environment variables and I get the admin user created, IF not already present.

### Related issue(s)
none?

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.


Co-authored-by: cristi <cristi.posoiu@gmail.com>
Co-authored-by: cr1st1p <cristi.posoiu@gmail.com>
Co-authored-by: Tim Möhlmann <muhlemmer@gmail.com>
2019-08-21 20:58:25 +00:00
Tim Möhlmann
348ea1a572
Remove obsolete log call 2019-08-21 21:33:49 +03:00
Ionut Filip
075417bf90 Merged master and fixed conflicts 2019-08-21 20:35:24 +03:00
Aurélien Bondis
124b1d4c71 rebase and update for 3.10, avoid adding qemu file to x86 images 2019-08-21 12:24:30 -04:00
Tim Möhlmann
7d964874e8
Cleanup spaces around '=' 2019-08-21 16:35:41 +03:00
Tim Möhlmann
52971ed42e
Use os.environment.get() 2019-08-21 16:34:25 +03:00
Mildred Ki'Lya
95dce5575b Parameterize redis address 2019-08-15 11:28:17 +02:00
hoellen
b720bedf72 Support domain literals for receiving emails 2019-08-15 00:20:55 +02:00
hoellen
bed2c6ea09 Revert "Error handling for idna encoding"
This reverts commit 10034526a1.
2019-08-14 01:02:07 +02:00
hoellen
10034526a1 Error handling for idna encoding 2019-07-28 08:32:02 +02:00
bors[bot]
2788909a13 Merge #1052
1052: Upgrade alpine to 3.10 r=mergify[bot] a=Nebukadneza

## What type of PR?
enhancement / bug-fix

## What does this PR do?
Upgrade the alpine base image to 3.10 and clean up ensuing problems. Also directly uses postfix foreground-running with stdout logging.

### Related issue(s)
closes #1049
closes #1051

Note: This is a duplicate effort of #1050 #1039 …

## Prerequistes
- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.

With these images, I have tested manually:
- Email receive to user
  - on main domain
  - on additional domain
  - via an alias on main-domain
  - via an alias on additional domain
  - via catchall
- Email reject
  - of eicar testfiles
- Email sending
- Fetchmail from legacy POP
- Front LE certificates
- Simple overriding for postfix (only postfix.cf), nginx, dovecot, rspamd
- Creating a CalDAV calendar and CardDAV entry using davx5

I have not (yet) tested:
- certdumper
- databases other than sqlite

Todo:
- [x] Get rid of podop at `git+https://github.com/Nebukadneza/Podop.git@fix_py37` once https://github.com/Mailu/Podop/pull/6 is merged
- [x] Bend Mailustart back to original repository
- [x] Test more (? also help wanted ?)

Co-authored-by: Thomas Sänger <thomas@gecko.space>
Co-authored-by: Dario Ernst <dario@kanojo.de>
Co-authored-by: Reto Glauser <git@blinkeye.ch>
2019-07-23 13:34:33 +00:00
kaiyou
23871d9180 Translated using Weblate (Russian)
Currently translated at 100.0% (163 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ru/
2019-07-22 06:23:32 +00:00
kaiyou
0281b5a595 Translated using Weblate (Italian)
Currently translated at 71.8% (117 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/it/
2019-07-22 06:23:32 +00:00
kaiyou
45789d3f22 Translated using Weblate (Hungarian)
Currently translated at 100.0% (163 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/hu/
2019-07-22 06:23:32 +00:00
Bambie07
e70d1e1455
fix dns dkim entry 2019-07-17 11:41:03 +02:00
Dario Ernst
8c2e22f666 Merge branch 'master' into HorayNarea-feat-upgrade-alpine 2019-07-14 13:10:30 +00:00
bors[bot]
f77e1bdd0e Merge #1048
1048: Refactor admin using webpack r=mergify[bot] a=kaiyou

## What type of PR?

Refactoring

## What does this PR do?

This PR brings some refactoring to the admin container :
- remove the dependency to mailustart and replace it with socrate
- remove static assets from the repo and use Webpack for building them


Co-authored-by: hoellen <dev@hoellen.eu>
Co-authored-by: kaiyou <pierre@jaury.eu>
2019-07-14 12:21:49 +00:00
Dario Ernst
0306be1eed Re-add missing MailuStar in admin
It turns out we were all blind and admin *does* use MailuStart
2019-07-14 10:27:57 +00:00
Dario Ernst
ce0c24e076 Merge branch 'master' into HorayNarea-feat-upgrade-alpine 2019-07-14 09:40:58 +00:00
Dario Ernst
53f754f5ac Remove MailuStart from admin and correct layer-sharing comments 2019-07-14 09:33:54 +00:00
hoellen
31464c5c44 Change image back to alpine 2019-07-09 11:21:44 +02:00
hoellen
b351841418 Expose jQuery for use outside Webpack build 2019-07-08 18:19:09 +02:00
hoellen
90f678de52 add app.css and fix align of menu button 2019-07-08 16:53:25 +02:00
hoellen
616d40d225 Update password in commandline 2019-07-08 10:50:08 +02:00
Dario Ernst
bb2edb6eb6 Revert "Move alpine version definition out to variable"
This reverts commit c787e4bdbd.
2019-06-30 11:39:48 +00:00
hoellen
81a8acf9ec fix resolve issue 2019-06-30 13:18:55 +02:00
Dario Ernst
c787e4bdbd Move alpine version definition out to variable 2019-06-26 21:14:59 +00:00
Dario Ernst
a253ca47fe Use official Mailu/MailuStart 2019-06-25 19:24:05 +00:00
Dario Ernst
d1f80cca99 Update Dockerfiles to most recent alpine 3.10 2019-06-25 19:24:05 +00:00
Thomas Sänger
ef3c6c407a upgrade alpine base-image 2019-06-25 19:23:40 +00:00
kaiyou
baa5a8a4e0 Fix hostname resolution 2019-06-24 23:54:53 +02:00
kaiyou
c20a502695 Do not forcefully resolve optional hostnames 2019-06-24 20:54:50 +02:00
kaiyou
a3abf8c353 Add the assets source 2019-06-23 23:31:07 +02:00
kaiyou
4b620ba5d1 Merge branch 'hoellen-fix-sidebar-toggle' into refactor-admin-webpack 2019-06-23 14:28:02 +02:00
kaiyou
c147a371d7 Merge branch 'fix-sidebar-toggle' of https://github.com/hoellen/Mailu into hoellen-fix-sidebar-toggle 2019-06-23 14:24:56 +02:00
kaiyou
2d3560b396 Fix select2 using webpack-built assets 2019-06-23 14:19:06 +02:00
kaiyou
c2a04ab1d4 Update the build configuration to use webpack and compiled assets 2019-06-23 14:19:06 +02:00
kaiyou
ecdf0c25b3 Use webpack for building static assets 2019-06-23 14:19:06 +02:00
kaiyou
d7747639e9 Remove the dependency to mailustart, introducing socrate 2019-06-23 14:19:05 +02:00
cristi
f2a009795b Merge branch 'master' into admin_create_user_enhancement 2019-05-20 23:17:22 +03:00
bors[bot]
f1f5aef7d3 Merge #931
931: Resolve webmail in admin r=mergify[bot] a=ionutfilip

## What type of PR?
bug-fix

## What does this PR do?
Implement mailustart to resolve webmail in admin

### Related issue(s)
Fix #716 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.


Co-authored-by: Ionut Filip <ionut.philip@gmail.com>
2019-05-09 06:46:09 +00:00
bors[bot]
2c90ac3334 Merge #962
962: Open some admin sidebar links in a new browser tab r=kaiyou a=mariooos

## What type of PR?

Enhancement

## What does this PR do?

Add target=_blank attribute to html <a href ...> tag in following admin sidebar links:
- Antispam
- Webmail
- Website
- Help


Co-authored-by: mariooos <48351788+mariooos@users.noreply.github.com>
2019-05-08 18:02:02 +00:00
bors[bot]
7021278bfb Merge #993
993: Make aliases case-insensitive (too) r=mergify[bot] a=Nebukadneza

Even though RFC5321 2.4 explains that local-parts are to be case-sensitive,
this does not seem to be how EMail is used today. Thus, instead of reverting
user-emails back to being case sensitive, let’s make aliases case-insensitive
too. Not only more consistent, this also allows users to enjoy receiving EMails
from large airlines or car-rental agencies onto their already existing aliases.

For the rare case of case sensitive aliases existing, let’s query for the
forced-lowercase alias only in the event that the preserved-case one isn’t
found …

closes #867

## What type of PR?
bug-fix

## What does this PR do?
Make aliases optionally case-insensitive: After attempting to resolve an alias in its preserved case, also attempt to match it case-insensitively.

This followed after some more thought from  #868 …

### Related issue(s)
closes #867

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dario Ernst <dario@kanojo.de>
2019-05-08 17:34:37 +00:00
bors[bot]
d76ba5ee39 Merge #1005
1005: distinguish disabled users in user list view by row color r=kaiyou a=zhuangyy

## What type of PR?

enhancement

## What does this PR do?

distinguish disabled users in user list view by row color

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Zhuang Yuyao <jssyan@qq.com>
2019-05-08 11:48:37 +00:00
kaiyou
645c423d09 Update messages.po (POEditor.com) 2019-05-07 09:24:31 +02:00
kaiyou
08bdc715bb Update messages.po (POEditor.com) 2019-05-07 09:24:29 +02:00
kaiyou
a150315c1d Added translation using Weblate (Japanese) 2019-05-07 07:21:09 +00:00
Weblate
abece125f4 Merge branch 'origin/master' into Weblate 2019-05-07 07:21:08 +00:00
kaiyou
d99ad5fe3e Added translation using Weblate (Hungarian) 2019-05-07 07:21:06 +00:00
kaiyou
b91c7f64ee Update messages.po (POEditor.com) 2019-05-07 09:15:56 +02:00
kaiyou
d929413784 Update messages.po (POEditor.com) 2019-05-07 09:15:54 +02:00
kaiyou
91c8ca1279 Update messages.po (POEditor.com) 2019-05-07 09:15:50 +02:00
kaiyou
c0263a2ae9 Update messages.po (POEditor.com) 2019-05-07 09:15:47 +02:00
kaiyou
80c57b597b Update messages.po (POEditor.com) 2019-05-07 09:15:45 +02:00
kaiyou
0566b00664 Update messages.po (POEditor.com) 2019-05-07 09:15:42 +02:00
kaiyou
c939b30e6b Update messages.po (POEditor.com) 2019-05-07 09:15:40 +02:00
kaiyou
308521ff9a Update messages.po (POEditor.com) 2019-05-07 09:15:37 +02:00
kaiyou
0ca18035e1 Update messages.po (POEditor.com) 2019-05-07 09:15:35 +02:00
kaiyou
8bcb4deb7e Update messages.po (POEditor.com) 2019-05-07 09:15:32 +02:00
kaiyou
65a61ad5c8 Added translation using Weblate (Icelandic) 2019-05-07 06:39:48 +00:00
kaiyou
57385df15c Deleted translation using Weblate (Icelandic) 2019-05-07 06:38:36 +00:00
kaiyou
cfc224352a Added translation using Weblate (Icelandic) 2019-05-07 06:33:36 +00:00
Zhuang Yuyao
67d5c8fcb3 distinguish disabled user in user list view by row color 2019-05-06 11:00:22 +08:00
Dario Ernst
e22324adcd Make aliases case-insensitive (too)
Even though RFC5321 2.4 explains that local-parts are to be case-sensitive,
this does not seem to be how EMail is used today. Thus, instead of reverting
user-emails back to being case sensitive, let’s make aliases case-insensitive
too. Not only more consistent, this also allows users to enjoy receiving EMails
from large airlines or car-rental agencies onto their already existing aliases.

For the rare case of case sensitive aliases existing, let’s query for the
forced-lowercase alias only in the event that the preserved-case one isn’t
found …

closes #867
2019-04-14 12:02:12 +00:00
hoellen
167e5a87e1 add sidebar toggle button 2019-04-14 11:52:01 +02:00
hoellen
92ef73fa74 update AdminLTE to version 2.4 2019-04-14 11:30:55 +02:00
mariooos
253ae9fad8 Open some admin sidebar links (Antispam, Webmail, Website, Help) in a new browser tab 2019-03-08 14:11:58 +01:00
Ionut Filip
ac0fc41421
Merge branch 'master' into replace-gethostbyname 2019-03-08 14:47:21 +02:00
Ionut Filip
dd7710951e
Replaced double quotes with single ones 2019-03-08 14:45:22 +02:00
Ionut Filip
0ce0b5ec02 Fix addresses in front 2019-02-18 15:41:22 +02:00
Ionut Filip
4c25c83419 HOST_* and *_ADDRESS variables cleanup 2019-02-18 14:46:48 +02:00
Ionut Filip
f9e3cd3c5d Use corret host_* variables 2019-02-15 16:49:56 +02:00
Ionut Filip
ef49357eb3 Update redis urls 2019-02-15 16:07:23 +02:00
Ionut Filip
43abbf4d63 Resolve redis and add logging 2019-02-15 15:37:55 +02:00
bors[bot]
211136f9b1 Merge #934
934: Pass optional arguments to domain model r=mergify[bot] a=ionutfilip

## What type of PR?
bug-fix

## What does this PR do?
Passing optional args to domain model when using cli.

### Related issue(s)
Fixes #933

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.


Co-authored-by: Ionut Filip <ionut.philip@gmail.com>
2019-02-13 21:58:49 +00:00
bors[bot]
d129733fac Merge #919
919: Install bash in alpine based images. r=mergify[bot] a=firvida

This fixes #918

Bash shell is used by default in Kubernetes' dashboard console, which is very
useful for admins.

## What type of PR?

bug-fix

## What does this PR do?

### Related issue(s)
- closes #918 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.


Co-authored-by: Abel Alfonso Fírvida Donéstevez <abel@merchise.org>
2019-02-13 21:31:25 +00:00
hoellen
62511b723b
Merge branch 'master' into fix-doc-commands-1 2019-02-13 19:31:39 +01:00
Ionut Filip
4d2844c1f5 Fixed arguments passed to domain 2019-02-13 16:43:45 +02:00
Roman Hoellen
1dfef1609a add domain cli to docs 2019-02-13 10:53:40 +01:00
Ionut Filip
cebc64a280 Resolve HOST_WEBMAIL in admin 2019-02-13 11:48:32 +02:00
Roman Hoellen
bc617cf8ec replace _ with - in cli options 2019-02-13 10:30:08 +01:00
Tim Möhlmann
111dae351a
Fix typo in migration file
Fixes #905
2019-02-12 18:17:38 +02:00
Abel Alfonso Fírvida Donéstevez
39444c794e Install bash in alpine based images.
This fix https://github.com/Mailu/Mailu/issues/918

Bash shell is used by default in Kubernetes' dashboard console, which is very
useful for admins.
2019-02-06 15:01:02 -05:00
bors[bot]
86b4242f82 Merge #886
886: Ipv6 support r=mergify[bot] a=muhlemmer

## What type of PR?

(Feature, enhancement, bug-fix, documentation) -> A bit of everything

## What does this PR do?

Document how to use ipv6nat. This, however triggers some kind of flaky behavior with the Docker DNS resolver, resulting in lookup failures between containers.  So all resolving needs to be done during container startup/configuration.

In order not to pollute every single start.py file, we've created a small library called [Mailu/MailuStart](https://github.com/Mailu/MailuStart). As an addition, this library also defines the template generation function, including its logging facility.

Note: `docker-compose.yml` downgrade is necessary, as IPv6 settings are not supported by the Docker Compose file format 3 😞  

### Related issue(s)
Supersedes  PR #844
- Fixes #827 
- Hopefully helps with #829 and #834

## No backport yet

This PR directly imports MailuStart from git. This makes it a bit more simple to implement on the short term an do some testing and probably some future improvements. When everything is proved stable, we will create a proper PyPi package with versioning and consider back porting.

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.


Co-authored-by: Ionut Filip <ionut.philip@gmail.com>
Co-authored-by: Tim Möhlmann <muhlemmer@gmail.com>
2019-02-06 12:56:40 +00:00
Tim Möhlmann
06457e9617
Merge branch 'master' into fix_fetches_create 2019-01-28 12:52:42 +02:00
cr1st1p
9b65a6c862
Merge branch 'master' into admin_create_user_enhancement 2019-01-25 23:36:06 +02:00
Ionut Filip
f8dffe5a19
Resolve hosts in admin 2019-01-25 17:26:45 +02:00
Dario Ernst
34b31727c4 Fix password validator for creating fetched accounts 2019-01-25 15:08:41 +01:00
cristi
a071181c61 Allow to automatically create admin account during startup. 2019-01-25 16:04:20 +02:00
hoellen
fba246e9a1 add wildcard option to cli (alias) 2019-01-24 21:32:22 +01:00
hoellen
808092c65e
Merge pull request #834 from hoellen/token-ipv6
allow ipv6 addresses for tokens
2019-01-23 21:30:13 +01:00
Tim Möhlmann
e341e0141f
Merge remote-tracking branch 'upstream/master' into token-ipv6 2019-01-22 13:55:56 +02:00
Manuel Vázquez Acosta
dfe5ddb18e
Check if sender address is not null before trying to check the domain. 2019-01-22 05:50:20 -05:00
Tim Möhlmann
fd236e4ea5
Fix syntax error 2019-01-17 18:06:40 +02:00
nathan-sain
23bad0e042
Set value for SQLALCHEMY_DATABASE_URI in admin DEFAULT_CONFIG to SQLite URI 2019-01-17 07:58:47 -06:00
nathan-sain
db8977e17a
Update SQLite DB file in DEFAULT_CONFIG and DB_TEMPLATES 2019-01-17 00:32:12 -06:00
hoellen
6dea8b422a
Merge pull request #839 from hoellen/fix-create-onupdate-default
fix default value for created_at and updated_at
2019-01-16 12:11:13 +01:00
hoellen
79c4edcaf1
Merge pull request #838 from hoellen/schema-maxUserQuota-1
Change quota columns type to BigInteger
2019-01-16 12:07:50 +01:00
hoellen
54169db7e3
Merge branch 'master' into fix-forward-validation 2019-01-15 18:55:08 +01:00
hoellen
9721df0bc5 fix default value for created_at and updated_at
Use date instead of datetime for created_at and updated_at.
2019-01-15 16:41:58 +01:00
hoellen
cfa7ca3838 Merge branch 'master' into schema-maxUserQuota-1 2019-01-15 16:22:54 +01:00
hoellen
f1e1c96c3b create migration file for changing quota to big integer 2019-01-15 15:32:00 +01:00
Ionut Filip
2d34f0ee52 Fixed auto-forward email validation 2019-01-15 14:03:09 +02:00
hoellen
c8758a6526 allow ipv6 addresses for tokens 2019-01-13 16:45:41 +01:00
hoellen
2af540a1c9 change quota columns to bigint 2019-01-13 16:40:28 +01:00
Dario Ernst
66df7a31b0 Unify and coerce booleans from env used in admin
At some places, the string that DOMAIN_REGISTRATION is got used like a boolean
(an easy misassumption to make while in python and dealing with the config
dict), making `DOMAIN_REGISTRATION=False` act as a truthy value. To stop such
future problems from happening, coerce environment config strings to real
bools.

closes #830
2019-01-13 10:22:32 +01:00
mergify[bot]
9175b15d49
Merge pull request #826 from Nebukadneza/reverse_user_alias_pref
Reverse the resolution order of user and alias
2019-01-11 16:28:35 +00:00
mergify[bot]
278bcfb13a
Merge pull request #814 from Nebukadneza/fix_delimiter_alias
Deliver mails to alias-stripped-of-delimeter, even if catchall exists
2019-01-11 14:06:35 +00:00
Dario Ernst
276dc3ffda Reverse the resolution order of user and alias
Since it’s common for wildcard~ish systems to prefer concrete objects over
wildcards, and aliases can be broad-wildcards (think catchall, %@xxx.tld), it
may be more intuitive for users that user-names rank higher than aliases. This
makes it impossible for user-names to be unreachable, since they can be
completely overridden by a catchall otherwise.

This changes default behavior, and is not configurable.

closes #815
2019-01-11 11:51:56 +01:00
Tim Möhlmann
8541ae2c46
Fix migration order after merge 2019-01-11 12:49:07 +02:00
mergify[bot]
99cd1d714b
Merge pull request #799 from hoellen/fix-domain-negative-values-1
don't allow negative values on domain creation/edit
2019-01-11 09:57:15 +00:00
Tim Möhlmann
2567646f47
Merge branch 'master' into fix-domain-negative-values-1 2019-01-11 11:32:30 +02:00
Ionut Filip
50343f354e Merge remote-tracking branch 'upstream/master' into feat-psql-support 2019-01-11 11:21:22 +02:00
Dario Ernst
b8d1beed29 Simplify alias-wildcard detection to not consider actual % anymore 2019-01-10 23:06:56 +01:00
Dario Ernst
10d2601963 Unsimplify alias precedence handling
As discussed with hoellen on matrix, since postfix indeed supports including
the recipient delimiter character in a verbatim alias, we should support so too
— and handle its precedence correctly. The clearer and simpler formulation of
the precedence-clauses are credit to @hoellen. Thanks!
2019-01-10 17:30:11 +01:00
mergify[bot]
161394a774
Merge pull request #817 from hoellen/fix-fetch-passwordfield-1
fix edit of fetched acc without changing password
2019-01-10 11:10:46 +00:00
Dario Ernst
ac64a75743 Simplify alias precedence handling; Remove bogus changelog 2019-01-10 10:28:57 +01:00
hoellen
7247b4b10c
Merge branch 'master' into fix-password-on-user-edit 2019-01-09 21:14:18 +01:00
hoellen
a59d5dad23 fix edit of fetched acc without changing password 2019-01-09 12:52:05 +01:00
hoellen
f08491dc46 fix forced password on user edit 2019-01-09 12:09:14 +01:00
Ionut Filip
2b0a2d561b Fix connection to mysql db 2019-01-09 12:53:59 +02:00
Dario Ernst
291f8a457b Deliver mails to alias-stripped-of-delimeter, even if catchall exists
This fixes delivery to an alias minus recipient delimiter in cases where a
wildcard alias would also match. For example,
* foo@xxx.tld
* %@xxx.tld
Sending to foo+spam@xxx.tld would get eaten by the catchall before this fix.
Now, the order of alias resolution is made clearer.

closes #813
2019-01-09 11:41:22 +01:00
hoellen
732b5fe161 change password field type in fetch creation/edit and add validators. 2019-01-08 19:44:27 +01:00
mergify[bot]
3b5f3af207
Merge pull request #778 from Nebukadneza/fix_recipient_delimiter
Attempt stripping recipient delimiter from localpart
2019-01-07 19:01:44 +00:00
Ionut Filip
9077bf7313 Merge remote-tracking branch 'upstream/master' into feat-psql-support 2019-01-07 16:29:50 +02:00
Ionut Filip
953aa04354 Added postgresql-libs to admin 2019-01-07 14:04:39 +02:00
Tim Möhlmann
561e2fda67
Merge remote-tracking branch 'upstream/master' into fix-favicon 2019-01-07 12:20:06 +02:00
hoellen
501ecf13c1 add migration script 2019-01-06 15:36:57 +01:00
Tim Möhlmann
a358b5305f
Merge pull request #797 from Mailu/upgrade-pyyaml
Upgrade PyYAML
2019-01-06 15:56:18 +02:00
Tim Möhlmann
4f93e09028
Implement favicon package
Credit to:
- https://stackoverflow.com/a/19590415/1816774
- https://realfavicongenerator.net/
2019-01-06 15:49:40 +02:00
Tim Möhlmann
284d54190a
Upgrade PyYAML to 4.2b4 2019-01-06 14:40:29 +02:00
hoellen
dda64fe91e allow to disable aliases or users for domains and don't allow negativ values on domain creation/edit 2019-01-05 13:52:13 +01:00
hoellen
8fe1e788b3 add missing route fixes 2019-01-04 21:18:51 +01:00
Tim Möhlmann
3c7bf58211
Upgrade PyYAML
CVE-2017-18342
Vulnerable versions: < 4.2b1
Patched version: 4.2b1
In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.
2019-01-04 21:52:43 +02:00
hoellen
d5d4d6c337 harden email address validation and fix routes with user_email 2019-01-04 18:05:56 +01:00
Ionut Filip
01ec6e7bf3 Removed undefined function 2019-01-04 16:48:51 +02:00
mergify[bot]
d483ef3c2a
Merge pull request #792 from hoellen/admin-broken-links-1
fix broken webmail and logo url in admin
2019-01-02 17:18:46 +00:00
Tim Möhlmann
74fe177297
Merge pull request #785 from TheLegend875/feat-displayed-name
Feature: send auto reply with displayed name
2019-01-02 19:14:17 +02:00
hoellen
f617e82c06 fix broken webmail and logo url in admin 2019-01-02 14:08:03 +01:00
Tim Möhlmann
4068c5b751
Versioning for mysqlclient and psycopg2 2018-12-31 18:22:24 +02:00
Tim Möhlmann
b2823c23b8
Merge remote-tracking branch 'upstream/master' into feat-psql-support 2018-12-31 18:20:39 +02:00
Tim Möhlmann
9eaeb80a27
Finalize merge with kaiyou/feat-multiple-db 2018-12-31 18:02:07 +02:00
TheLegend875
999d2a9557 changed default.sieve to send displayed name 2018-12-30 22:06:36 +01:00
TheLegend875
2954d84790 added necessary ui elements 2018-12-30 22:06:36 +01:00
TheLegend875
56f4d4c894 fixed auto-forward 2018-12-30 22:05:33 +01:00
TheLegend875
5bdbbf60d7 fixed display of username when not logged in 2018-12-28 19:30:23 +01:00
Dario Ernst
c2d45a47fe Attempt stripping recipient delimiter from localpart
Since postfix now asks us for the complete email over podop, which
includes the recipient-delimiter-and-what-follows not stripped, we need
to attempt to find both the verbatim localpart, as well as the localpart
stripped of the delimited part ….

Fixes #755
2018-12-27 16:31:59 +01:00
Tim Möhlmann
19df86f13f
Merge pull request #764 from usrpro/fix-alias-bug
Added regex validation for alias username
2018-12-27 11:54:43 +02:00
Tim Möhlmann
af086bbdbe
Include DKIM in VOLUME 2018-12-20 17:47:15 +02:00
Ionut Filip
8fc2846924 Added regex validation for alias username 2018-12-18 17:06:39 +02:00
Tim Möhlmann
3c4ee1b31e
Merge pull request #743 from kaiyou/master
Fixes #738 regarding application context
2018-12-14 11:09:27 +02:00
ofthesun9
97b3a85090
Merge pull request #737 from hoellen/fix-alias-match-behaviour
fix alias match behaviour
2018-12-13 20:34:09 +01:00
mergify-bot
09a50b6cfc Merge branch 'master' into 'master' 2018-12-13 19:14:20 +01:00
kaiyou
4060ac2223 Remove some forgotten debugging 2018-12-13 15:19:34 +01:00
kaiyou
087841d5b7 Fix the way we handle the application context
The init script was pushing an application context, which maked
flask.g global and persisted across requests. This was evaluated
to have a minimal security impact.

This explains/fixes #738: flask_wtf caches the csrf token in the
application context to have a single token per request, and only
sets the session attribute after the first generation.
2018-12-13 14:23:17 +01:00
kaiyou
b5f51b0e2e Update python dependencies 2018-12-13 14:10:43 +01:00
kaiyou
8707b0fcd7 Use a dictionary of db connection string templates 2018-12-10 15:30:53 +01:00
kaiyou
19f18e2240 Lowercase relays as well as other tables 2018-12-10 15:16:30 +01:00
kaiyou
7e388e472a Handle relay name as an Idna domain 2018-12-10 15:16:30 +01:00
kaiyou
871aa14c9a Lowercase every domain name and email 2018-12-10 15:16:30 +01:00
kaiyou
3df9b3962d Add default columns to the configuration table 2018-12-10 15:16:30 +01:00
kaiyou
b88f61f183 Name all constraints when creating them
Prefious commit set the constraint names for existing databases.
New databases can now have named constraints from the ground up.
2018-12-10 15:16:30 +01:00
kaiyou
b8282b1d46 Support named constraints for multiple backends
Supporting multiple backends requires that specific sqlite
collations are not used, thus lowercase is applied to all non
case-sensitive columns. However, lowercasing the database requires
temporary disabling foreign key constraints, which is not possible
on SQLite and requires we specify the constraint names.

This migration specific to sqlite and postgresql drops every
constraint, whether it is named or not, and recreates all of them
with known names so we can later disable them.
2018-12-10 15:16:30 +01:00
kaiyou
e022513a94 Fix support for postgres and mysql 2018-12-10 15:16:30 +01:00
kaiyou
a881a1a839 Revert "Make current migrations work with postgresql"
This reverts commit 9b9f3731f6.
2018-12-10 15:03:12 +01:00
kaiyou
76925e82f3 Revert "Implement CIText as NOCASE alternative in postgresql"
This reverts commit 0f3c1b9d15.
2018-12-10 15:01:27 +01:00
kaiyou
f52ae5535c Revert "Created function for returning email type"
This reverts commit 436055f02c.
2018-12-10 14:58:18 +01:00
kaiyou
f6520eace6 Merge branch 'feat-psql-support' of https://github.com/usrpro/Mailu into usrpro-feat-psql-support 2018-12-10 14:50:38 +01:00
hoellen
8fe9e695f3 prefer non-wildcard aliases over wildcard aliases 2018-12-10 08:40:10 +01:00
hoellen
79768c09f6 fix alias matching behaviour 2018-12-09 19:49:23 +01:00
Tim Möhlmann
8172f3eab8
Move the Mailu Docker network to a fixed subnet.
This will make network configuration and host based authentication
more robust, across different deployment platforms.
The options `RELAYNETS` and`POD_ADDRESS_RANGE` are kept for compatibility.
However, their usage have become optional.
2018-12-06 12:08:22 +02:00
kaiyou
b6aaf57be1 Merge branch 'refactor-config' of github.com:kaiyou/mailu into refactor-config 2018-12-06 10:33:21 +01:00
kaiyou
d0f07984b0 Merge remote-tracking branch 'upstream/master' into refactor-config 2018-12-06 10:23:43 +01:00
mergify[bot]
2d4bac03ad
Merge pull request #723 from usrpro/clean-healthcheck-logs
Admin: Prevent redirects during health checking
2018-12-05 18:09:14 +00:00
mergify[bot]
a382f74680
Merge pull request #705 from usrpro/fix-recaptcha
Fix recaptcha
2018-12-05 18:05:22 +00:00
mergify[bot]
37027cfce7
Merge pull request #633 from kaiyou/fix-sender-checks
Improve sender checks
2018-12-05 16:03:24 +00:00
Tim Möhlmann
d18cf7cb25
Prevent redirects during health checking 2018-12-05 17:43:42 +02:00
Tim Möhlmann
c9df311a0d
Set forward_destination to an empty list
The value of `None` resulted in an error, since a list was expected.
2018-12-04 16:22:18 +02:00
Tim Möhlmann
eff6c34632
Catch asterisk before resolve_domain
Asterisk results in IDNA error and a 500 return code.
2018-12-04 15:40:07 +02:00
Ionut Filip
7b8835070d Added tenacity retry fir migrations connection 2018-12-03 15:25:10 +02:00
David Rothera
88c174fb7a Query alternative table for domain matches
At present postfix checks this view for matches in the domain table and is used to accept/deny messages sent into it however it never checks for matches in the alternative table.

Fixes #718
2018-12-02 11:21:42 +00:00
Ionut Filip
436055f02c Created function for returning email type 2018-11-21 13:43:06 +01:00
Tim Möhlmann
47a3fd47b5
Fix DB_FLAVOR condition testing for models.py 2018-11-20 18:18:33 +02:00