1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Commit Graph

743 Commits

Author SHA1 Message Date
Jaume Barber
af251216b0 Translated using Weblate (English)
Currently translated at 11.0% (18 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
2021-03-03 11:35:47 +00:00
Dario Ernst
b6716f0d74 Remove "CHUNKING" capability from nginx-smtp
With `CHUNKING`set as a capability, nginx advertises this capability to
clients at a stage where the SMTP dialog does not seem to be forwarded
to the proxy-target (postfix) yet. Nginx' SMTP parser itself does not
support the `BDAT` command issued as part of a chunke-d dialog. This makes
Nginx respond with a `250 2.0.0 OK` and close the connection, after the
mail-data got sent by the client — without forwarding this to the
proxy-target.

With this, users mail can be lost.

Furthermore, when a user uses a sieve filter to forward mail, dovecot
sometimes chunks the forwarded mail when sending it through `front`.
These forwards then fail.

Removing `CHUNKING` from the capabilities fixes this behavior.
2021-02-20 13:03:08 +01:00
Florent Daigniere
aa8cb98906 Set sensible cookie options 2021-02-18 15:47:13 +01:00
lub
88f992de16 show flash messages again
This basically restores the behaviour, that got removed in
ecdf0c25b3 during refactoring.
2021-02-13 13:36:05 +01:00
Mordi Sacks
f56af3053a
Removed email address 2021-01-17 01:28:25 +02:00
Michael Wyraz
2b37be9889 Use alpine 3.13 to fix CVE-2020-25275 and CVE-2020-24386 2021-01-15 10:56:49 +01:00
dependabot[bot]
54ccfdf975
Bump cryptography from 2.6.1 to 3.2 in /core/admin
Bumps [cryptography](https://github.com/pyca/cryptography) from 2.6.1 to 3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/2.6.1...3.2)

Signed-off-by: dependabot[bot] <support@github.com>
2020-11-21 11:15:31 +00:00
ofthesun9
d32e73c5bc Fix letsencrypt access to certbot for the mail-letsencrypt flavour 2020-11-17 10:26:41 +01:00
bors[bot]
3ca81913fc
Merge #1654
1654: Ensure that the rendered file ends with newline in order to make `pos… r=mergify[bot] a=tremlin

## What type of PR?

Bugfix

## What does this PR do?

This fixes #1580 

### Related issue(s)
- closes #1580

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.


Co-authored-by: Thomas Rehn <thomas.rehn@initos.com>
2020-11-15 14:13:06 +00:00
cbachert
72a9ec5b7c Fix extract_host_port port separation
Regex quantifier should be lazy to make port separation work.
2020-10-24 00:25:53 +01:00
Thomas Rehn
05ab244638 Ensure that the rendered file ends with newline in order to make postconf work correctly 2020-10-04 16:36:37 +02:00
Dimitri Huisman
78890a97ff Preparations for 1.8 release. 2020-10-01 20:32:05 +02:00
bors[bot]
5c36dc4f54
Merge #1611
1611: Adds own server on port 80 for letsencrypt and redirect r=mergify[bot] a=elektro-wolle

## What type of PR?

Bugfix

## What does this PR do?

Handle letsencrypt route to `.well-known` by own server configuration within nginx.

### Related issue(s)
closes #1564

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Wolfgang Jung <w.jung@polyas.de>
2020-09-26 05:57:27 +00:00
anrc
59bc4f7aea
Remove the username from the milter_headers
Rspamd adds the name of the authenticated user by default. Setting add_smtp_user to false prevents the login to be leaked.
2020-09-24 13:16:25 +02:00
bors[bot]
92bf736da4
Merge #1635
1635: Add support for AUTH LOGIN authentication mechanism for relaying emai… r=mergify[bot] a=Diman0

…l via smart hosts.

## What type of PR?

Feature

## What does this PR do?

This PR adds support to postfix for AUTH LOGIN authentication mechanism. This enables using smart hosts which only offer AUTH LOGIN. 

### Related issue(s)
- Auto close an issue like: closes #1633

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [n/a] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2020-09-23 20:08:15 +00:00
Dimitri Huisman
d9e7b8249b Add support for AUTH LOGIN authentication mechanism for relaying email via smart hosts. 2020-09-23 19:59:00 +02:00
lub
66db1f8fd0 add OCSP stapling to nginx.conf
It's not added in tls.conf, because apparently the mail ssl module
doesnt' support OCSP stapling.

https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
^ exists

https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_stapling
^ missing

When the configured certificate doesn't have OCSP information, it'll
just log a warning during startup.
2020-09-12 01:35:10 +02:00
lub
0cb0a26d95 relax TLS settings on port 25
Because basically every MTA out there uses opportunistic TLS _in
the best case_, it's actually counter productive to use such strict
settings.

The alternative to a handshake error is often an unencrypted submission,
which is basically the opposite of what strict ssl_protocols and
ssl_ciphers tries to achieve.

Even big and established providers like Amazon SES are incompatible with the current
settings.

This reverts commit 2ddf46ad2b.
2020-09-10 20:38:15 +02:00
Wolfgang Jung
1f4e9165fa Disables unencrypted http on TLS_ERROR 2020-09-09 21:35:08 +02:00
Wolfgang Jung
f999e3de08 Adds own server on port 80 for letsencrypt and redirect 2020-09-03 23:18:57 +02:00
lub
05e2af1802
fix small typo in Auth-SSL 2020-09-02 15:16:10 +02:00
lub
f0f873ffe7 add option to enforce inbound starttls 2020-09-01 21:48:09 +02:00
lub
02cfe326d3 support using files for SECRET_KEY and DB_PW
this enables usage of e.g. docker swarm secrets instead of exposing the
passwords directly via environment variables

just use DB_PW_FILE and SECRET_KEY_FILE instead of DB_PW and SECRET_KEY
2020-08-30 01:04:36 +02:00
ofthesun9
539114a3d6
Merge branch 'master' into test-alpine-3.12 2020-08-09 16:37:45 +02:00
bors[bot]
47be453aac
Merge #1557
1557: Explicitly define ProxyFix options r=mergify[bot] a=brian-maloney

## What type of PR?
bug-fix

## What does this PR do?
This PR explicitly defines the options for the ProxyFix module, which fixes a regression in admin behind a reverse proxy.

### Related issue(s)
- #1309

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.

This is a bugfix, so not doc changes, and it's an extremely minor change.


Co-authored-by: Brian Maloney <3286425+brian-maloney@users.noreply.github.com>
2020-08-09 12:41:05 +00:00
bors[bot]
535b95bca7
Merge #1538
1538: Introduce environment variable to control dovecot full-text-search r=mergify[bot] a=tremlin

## What type of PR?

Enhancement

## What does this PR do?

In #1320 a full-text-search feature was enabled in Dovecot by default. Since this can have a big impact on performance, I think it's preferable to offer an option to disable the feature if it is not needed. This PR doesn't change the default behavior (FTS on).

### Related issue(s)
- #1320

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordinagly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Thomas Rehn <thomas.rehn@initos.com>
2020-08-09 12:12:39 +00:00
bors[bot]
64f21d5b84
Merge #1478 #1501 #1532 #1543
1478: Allow to enforce TLS for outbound r=mergify[bot] a=micw

 using OUTBOUND_TLS_LEVEL=encrypt (default is 'may')

## What type of PR?

enhancement

## What does this PR do?

Add an option to postfix to enforce outbound traffic to be TLS encrypted.

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1501: In setup/flavor, change DMARC RUA and RUF email default settings r=mergify[bot] a=ofthesun9

## What type of PR?
bug-fix

## What does this PR do?
This PR changes the default value used to set DMARC_RUA and DMARC_RUF:
DMARC_RUA and DMARC_RUF defaults will reuse the value defined for POSTMASTER,
instead of 'admin' as previously.
Please note that the setup tool doesn't allow (yet?) to define dmarc_rua nor dmarc_ruf, so the default value is indeed used for the time being.

### Related issue(s)
closes #1463 

## Prerequistes
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1532: Replace SMPT with SMTP r=mergify[bot] a=dhoppe



1543: Disable Health checks on swarm mode r=mergify[bot] a=ofthesun9

ref: https://github.com/moby/moby/issues/35451

## What type of PR?
bug-fix

## What does this PR do?
Modify the docker-compose.yml template used by setup (swarm flavor) to disable Health checks on swarm mode for each service

### Related issue(s)
closes #1289

## Prerequistes
- [x]  add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
Co-authored-by: ofthesun9 <olivier@ofthesun.net>
Co-authored-by: Dennis Hoppe <github@debian-solutions.de>
2020-08-08 16:01:16 +00:00
Brian Maloney
6bd14506c0
Explicitly define ProxyFix options
Even though these seem to be the defaults, since 1.7 x_proto was not being honored (see #1309), this fixes this issue for me.
2020-06-28 17:27:45 -04:00
Dennis Hoppe
f3ac4e9397
Remove unused variables 2020-06-16 15:45:11 +02:00
ofthesun9
1d35b1283d Adjust python required packages for alpine:3.12 2020-06-15 22:57:49 +02:00
ofthesun9
cff2e76269 Switching to alpine:3.12 2020-06-15 17:32:56 +02:00
Thomas Rehn
fc47b736ea introduce environment variable to control dovecot full-text-search 2020-06-14 19:26:05 +02:00
ofthesun9
381bf747cc Check permissions using postfix set-permissions 2020-05-04 18:18:32 +00:00
ofthesun9
3a9c9d0436 Fixed typo 2020-05-04 17:15:15 +00:00
ofthesun9
67caf0c8cf Check /queue permissions before postfix start
postfix and posdrop id might have changed after base image change
2020-05-04 15:41:53 +00:00
Michael Wyraz
e4454d776a Allow to enforce TLS for outbound using OUTBOUND_TLS_LEVEL=encrypt (default is 'may') 2020-05-02 20:58:07 +02:00
bors[bot]
5648669c61
Merge #1293
1293: Remove `reject_unverified_recipient` from `smtpd_client_restrictions` r=mergify[bot] a=SunMar


## What type of PR?

Bug-fix

## What does this PR do?

It removes recipient verification, as it broke my catch-all address.

Fix for #1292, though I'm not sure if this is the right way to fix the issue. It was added in 175349a224.

### Related issue(s)
Fix for #1292 and a revert of 175349a224.


Co-authored-by: SunMar <SunMar@users.noreply.github.com>
2020-05-02 07:59:07 +00:00
bors[bot]
15a0d7303c
Merge #1399 #1417
1399: Remove SPF type SPF record #1394 r=mergify[bot] a=bladeswords

As mentioned in #1394 - In accordance with RFC 7208, offer only TXT RRs for SPF.
Agree with @Nebukadneza - but not sure how to go about telling people to remove the old record...

## What type of PR?

Documentation

## What does this PR do?
Removes the recommendation to add a SPF RR for SPF records, as this is no longer RFC complaint and often causes issues to maintain two records.

### Related issue(s)
- closes #1394

## Prerequistes
None


1417: docker-compose exec needs a -T flag if no TTY is allocated r=mergify[bot] a=ofthesun9

This flag is missing in 00_create_users.sh and is failing the tests on travis arm architecture

## What type of PR?
This PR is an enhancement/bugfix needed to allow usage of travis to test and deploy on arm platform
Before the PR, tests are failing with the msg: "the input device is not a TTY"

## What does this PR do?
This PR add -T flag for the docker-compose exec occurences found in 00_create_users.sh


Co-authored-by: bladeswords <bladeswords@users.noreply.github.com>
Co-authored-by: Dario Ernst <dario@kanojo.de>
Co-authored-by: ofthesun9 <olivier@ofthesun.net>
2020-05-01 00:23:11 +00:00
Weblate
066f2bac07 Merge branch 'origin/master' into Weblate. 2020-04-26 13:09:42 +00:00
Jaume Barber
6c25d20c83 Translated using Weblate (Catalan)
Currently translated at 100.0% (151 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ca/
2020-04-26 13:09:41 +00:00
ofthesun9
885a0b5167 Relearn messages for fuzzy storage
This PR add a rspamc fuzzy_del to ham & spam scripts, in order to cover
move from Junk list to Ham list and vice versa
2020-04-09 09:16:29 +02:00
bors[bot]
60b9a3e2f0
Merge #1389
1389: Prefer specific alias over wildcard, regardless of case r=mergify[bot] a=Nebukadneza

## What type of PR?
bug-fix

## What does this PR do?
Since direct addresses (not aliases) are case-insensitive since a while,
it makes sense for aliases to behave the same. Up until now, a wildcard
alias could trump a alias not-matching-the-case of the incoming address.
This clarifies this behavior.

## Notes
I realize that the if-hell down there isn’t nice. What it is, however, is quite clear and easy to read. I’m hoping that if anyone ever gets confused in the future, this will make the current behavior transparent. For me, that was more important than a minimal amount of statements/branches …

### Related issue(s)
closes #1387

## Prerequistes
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dario Ernst <github@kanojo.de>
2020-03-28 05:59:16 +00:00
bors[bot]
8844dc67fa
Merge #1392
1392: Use environment variables for cert paths/names in nginx certwatcher r=mergify[bot] a=Nebukadneza

## What type of PR?
bug-fix

## What does this PR do?
Previously, nginx certwatcher would only react to the hardcoded paths. It should have
honored the enviroment variables that are used by config.py too for this.
 
### Related issue(s)
closes #903

## Prerequistes
- [x] no feature or enhancement
- [x] minor/internal change


Co-authored-by: Dario Ernst <github@kanojo.de>
2020-03-27 07:56:35 +00:00
SunMar
ac6b8d62dd Remove reject_unverified_recipient from smtpd_client_restrictions
Fix for #1292, though I'm not sure if this is the right way to fix the issue. It was added in 175349a224.
2020-03-18 22:22:11 +01:00
bors[bot]
5004e62607
Merge #1398
1398: Update crypto to be modern and inline with tls.conf r=mergify[bot] a=bladeswords

Updated to match tls.conf and be aligned to more modern cryptographic standards and only use currently secure protocols and ciphers.

## What type of PR?

bugfix

## What does this PR do?
Update to use more modern cryptographic techniques
### Related issue(s)
- Addresses comment raised in 4f973f6

## Prerequistes
None


Co-authored-by: bladeswords <bladeswords@users.noreply.github.com>
2020-03-18 10:39:57 +00:00
bors[bot]
67b48f55fd
Merge #1393
1393: Ignore newlines and comment-lines in postfix overrides r=mergify[bot] a=Nebukadneza

## What type of PR?
enhancement

## What does this PR do?
To make postfix override files understandable and readable, users may
want to insert empty newlines and #-commented lines in their postfix
override files too. This will now ignore such bogus-lines and not send
them to `postconf`, which produced ugly errors in the past.

### Related issue(s)
closes #1098

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dario Ernst <github@kanojo.de>
2020-03-12 16:30:29 +00:00
bors[bot]
575f6b1691
Merge #1296 #1322 #1337 #1358
1296: fetchmail: print unhandled exceptions, but don't crash r=Nebukadneza a=Al2Klimov

fixes #1295

1322: Bump validators from 0.12.5 to 0.12.6 in /core/admin r=Nebukadneza a=dependabot[bot]

Bumps [validators](https://github.com/kvesteri/validators) from 0.12.5 to 0.12.6.
<details>
<summary>Changelog</summary>

*Sourced from [validators's changelog](https://github.com/kvesteri/validators/blob/master/CHANGES.rst).*

> 0.12.6 (2019-05-08)
> ^^^^^^^^^^^^^^^^^^^
> 
> - Fixed domain validator for single character domains ([#118](https://github-redirect.dependabot.com/kvesteri/validators/issues/118), pull request courtesy kingbuzzman)
</details>
<details>
<summary>Commits</summary>

- See full diff in [compare view](https://github.com/kvesteri/validators/commits)
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=validators&package-manager=pip&previous-version=0.12.5&new-version=0.12.6)](https://help.github.com/articles/configuring-automated-security-fixes)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Mailu/Mailu/network/alerts).

</details>

1337: Add IPv6 to allow_nets r=Nebukadneza a=PhilRW

Roundcube was not connecting to sieve with IPv6 enabled.

Fixes #1336

1358: Add port to relay if it contains a colon r=Nebukadneza a=PhilRW

## What type of PR?

enhancement

## What does this PR do?

Allows relaying domains to non-standard SMTP ports by appending `:port` to the destination host/IP. E.g., `mx1.internal:2525`

### Related issue(s)

Closes #1357 


## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Alexander A. Klimov <grandmaster@al2klimov.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Philip Rosenberg-Watt <p.rosenberg-watt@cablelabs.com>
2020-03-12 13:20:00 +00:00
Weblate
e9ddb2ddcc Merge branch 'origin/master' into Weblate. 2020-03-11 23:03:59 +00:00
Jaume Barber
a2fa52170c Translated using Weblate (Catalan)
Currently translated at 98.6% (149 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ca/
2020-03-11 23:03:52 +00:00
Jaume Barber
aafcbadb23 Translated using Weblate (Italian)
Currently translated at 98.7% (161 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/it/
2020-03-11 23:03:51 +00:00
Jaume Barber
ecb8e07da2 Translated using Weblate (Spanish)
Currently translated at 98.7% (161 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/es/
2020-03-11 23:03:51 +00:00
Jae Beojkkoch
ca82380bcf Translated using Weblate (English)
Currently translated at 7.9% (13 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
2020-03-11 23:03:51 +00:00
bors[bot]
ecae6872f3
Merge #1395 #1396
1395: Remove duplicate ports line r=mergify[bot] a=Nebukadneza


## What type of PR?
enhancement

## What does this PR do?

### Related issue(s)
closes #1079

## Prerequistes
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1396: Use pyyaml safe_load instead of load r=mergify[bot] a=Nebukadneza




## What type of PR?
enhancement

## What does this PR do?
Since load in unsafe (ref: https://msg.pyyaml.org/load),
switch the only occurrance of `yaml.load` that i could
find to safe_load.

### Related issue(s)
closes #1085

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dario Ernst <github@kanojo.de>
2020-03-10 23:57:46 +00:00
bors[bot]
a28e30b93b
Merge #1320
1320: Add xapian full-text-search plugin to dovecot r=mergify[bot] a=Nebukadneza

## What type of PR?
Enhancement

## What does this PR do?
Currently we are not able to offer our users a FTS experience after the
demise of lucene due to unfixed coredumps with musl/alpine.
We now add lucene, the only remaining maintained small/lean FTS plugin
for dovecot. It is quite simple to add to our stack: A two-stage docker
build is used to compile the fts plugin in the first stage, and copy
over only the resulting plugin-artifact to the second stage, which is
our usual dovecot container. Configuration is also minimal.

There was a upstream issue where bodies were not able to be searched for subwords, but fortunately it was fixed quite quickly. We currently need to wait for a new release to use a stable tag in our `Dockerfile`.

### Related issue(s)
- https://github.com/Mailu/Mailu/pull/1176
- https://github.com/Mailu/Mailu/pull/1297
- https://github.com/Mailu/Mailu/issues/751
- **Upstream-issues which is the cause for the `TODO` in the `Dockerfile`**: https://github.com/grosjo/fts-xapian/issues/32

## Prerequistes
- [ ] Wait for upstream to prepare new release after https://github.com/grosjo/fts-xapian/issues/32 — so that we can use a stable tag in our `Dockerfile`
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dario Ernst <dario@kanojo.de>
Co-authored-by: Dario Ernst <dario.ernst@rommelag.com>
2020-03-10 23:30:14 +00:00
bladeswords
8010595dd2
Remove SPF type SPF record #1394
As mentioned in #1394 - In accordance with RFC 7208, offer only TXT RRs for SPF.
Agree with @Nebukadneza - but not sure how to go about telling people to remove the old record...
2020-03-09 23:22:13 +11:00
bladeswords
2ddf46ad2b
Update crypto to be modern and inline with tls.conf
Updated to match tls.conf and be aligned to more modern cryptographic standards and only use currently secure protocols and ciphers.
2020-03-09 23:12:02 +11:00
Dario Ernst
23f21f8b9c Use pyyaml safe_load instead of load
Since load in unsafe (ref: https://msg.pyyaml.org/load),
switch the only occurrance of `yaml.load` that i could
find to safe_load.

closes #1085
2020-03-07 19:08:52 +00:00
Dario Ernst
dbcab06587 Ignore newlines and comment-lines in postfix overrides
To make postfix override files understandable and readable, users may
want to insert empty newlines and #-commented lines in their postfix
override files too. This will now ignore such bogus-lines and not send
them to `postconf`, which produced ugly errors in the past.

closes #1098
2020-03-07 18:20:56 +00:00
Dario Ernst
09024c8008 Use environment variables for cert paths/names in nginx certwatcher
Previously, nginx certwatcher would only react to the hardcoded paths. It should have
honored the enviroment variables that are used by config.py too for this.

closes #903
2020-03-07 17:17:17 +00:00
bors[bot]
b8b1699f9e
Merge #1359
1359: Refactor the rate limiting code r=mergify[bot] a=kaiyou

## What type of PR?

Enhancement

## What does this PR do?

Rate limiting was already redesigned to use Python limits. This
introduced some unexpected behavior, including the fact that only
one criteria is supported per limiter. Docs and setup utility are
updated with this in mind.

Also, the code was made more generic, so limiters can be delivered
for something else than authentication. Authentication-specific
code was moved directly to the authentication routine.

### Related issue(s)

No specific issue.

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: kaiyou <pierre@jaury.eu>
2020-03-07 09:50:04 +00:00
Dario Ernst
8626326559 Fix dovecot dockerfile (accidentally broken in previous commit) 2020-03-07 10:21:21 +01:00
dependabot[bot]
94cfc31e04
Bump validators from 0.12.5 to 0.12.6 in /core/admin
Bumps [validators](https://github.com/kvesteri/validators) from 0.12.5 to 0.12.6.
- [Release notes](https://github.com/kvesteri/validators/releases)
- [Changelog](https://github.com/kvesteri/validators/blob/master/CHANGES.rst)
- [Commits](https://github.com/kvesteri/validators/commits)

Signed-off-by: dependabot[bot] <support@github.com>
2020-03-06 15:33:41 +00:00
bors[bot]
a3c6002a0a
Merge #1321
1321: Upgrading nginx TLS configuration r=mergify[bot] a=radtkedev

## What type of PR?

Enhancement

## What does this PR do?

Upgrades the TLS protocols and ciphers to the recommended "Intermediate Configuration" and sets the "Old Configuration" for port 25 (SMTP) based on the [Mozilla SSL Configuration Generator](https://ssl-config.mozilla.org/) and adjusted for the nginx mail proxy.

Co-authored-by: Tom Radtke <tom@radtke.dev>
2020-03-06 15:33:03 +00:00
Dario Ernst
dfe092eb46 Use names for docker build stages in dovecot Dockerfile 2020-03-06 16:11:59 +01:00
bors[bot]
1ca4d6769c
Merge #1349
1349: Add support for SRS, related to #328 r=mergify[bot] a=kaiyou

## What type of PR?

Feature

## What does this PR do?

It implements SRS using a Python SRS library.

### Related issue(s)
- closes #328 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: kaiyou <pierre@jaury.eu>
2020-03-06 15:05:43 +00:00
Dario Ernst
da2dda49d4 Prefer specific alias over wildcard, regardless of case
Since direct addresses (not aliases) are case-insensitive since a while,
it makes sense for aliases to behave the same. Up until now, a wildcard
alias could trump a alias not-matching-the-case of the incoming address.
This clarifies this behavior.

closes #1387
2020-03-06 13:56:48 +01:00
NeroPcStation
365f21007d Translated using Weblate (Polish)
Currently translated at 90.2% (147 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/pl/
2020-02-17 20:23:38 +00:00
kaiyou
8e88f1b8c3 Refactor the rate limiting code
Rate limiting was already redesigned to use Python limits. This
introduced some unexpected behavior, including the fact that only
one criteria is supported per limiter. Docs and setup utility are
updated with this in mind.

Also, the code was made more generic, so limiters can be delivered
for something else than authentication. Authentication-specific
code was moved directly to the authentication routine.
2020-02-09 17:38:18 +01:00
Philip Rosenberg-Watt
ff1dfec39a Add port to relay if it contains a colon
This closes #1357
2020-02-09 08:05:24 -07:00
Philip Rosenberg-Watt
27e37577c6 Add IPv6 to allow_nets
Roundcube was not connecting to sieve with IPv6 enabled.

Fixes #1336
2020-02-03 14:53:04 -07:00
Weblate
b248f6a800 Merge branch 'origin/master' into Weblate 2020-01-31 01:23:00 +00:00
Andrási István
395a0d14dc Translated using Weblate (Hungarian)
Currently translated at 100.0% (163 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/hu/
2020-01-31 01:22:59 +00:00
bors[bot]
96f832835a
Merge #1278
1278: Limiter implementation r=kaiyou a=micw

## What type of PR?

(Feature, enhancement, bug-fix, documentation)

## What does this PR do?

Adds a custom limter based on the "limits" lirary that counts up on failed auths only

### Related issue(s)
- closes #1195
- closes #634

## Prerequistes

- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
Co-authored-by: micw <michael@wyraz.de>
2020-01-30 07:19:35 +00:00
Dario Ernst
99ecaee7b9 Use a released git-tag for fts-xapian 2020-01-23 22:35:30 +01:00
Tom Radtke
4f973f63e6
Upgrading nginx TLS configuration 2020-01-20 10:09:11 +01:00
bors[bot]
761fade9a9
Merge #1316
1316: Fix the encoding of incoming user email and password r=mergify[bot] a=kaiyou

## What type of PR?

Bug fix

## What does this PR do?

As described in the changes, RFC2616 states that header should be considered ISO8859-1 in HTTP, which obviously nginx does not really care about when forwarding the password from SMTP authentication to the backend. Hence, we need to encode-then-decode passwords to get the proper value in case a special char is in there.

### Related issue(s)
- This fixes #1139 
- This is also related to #1281 
- This is also related to #1139

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: kaiyou <pierre@jaury.eu>
2020-01-19 17:25:19 +00:00
Dario Ernst
e499d5a804 Add xapian full-text-search plugin to dovecot
Currently we are not able to offer our users a FTS experience after the
demise of lucene due to unfixed coredumps with musl/alpine.
We now add lucene, the only remaining maintained small/lean FTS plugin
for dovecot. It is quite simple to add to our stack: A two-stage docker
build is used to compile the fts plugin in the first stage, and copy
over only the resulting plugin-artifact to the second stage, which is
our usual dovecot container. Configuration is also minimal.
2020-01-19 11:28:43 +01:00
Tom Radtke
9d213b213a
Upgrading to a 2048-bit DKIM key 2020-01-16 16:47:27 +01:00
Torben Jensen
6f910c5738 Translated using Weblate (Danish)
Currently translated at 80.8% (122 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/da/
2020-01-14 18:22:25 +00:00
kaiyou
bd69b7a491 Add support for SRS, related to #328 2020-01-14 01:18:30 +01:00
kaiyou
9b7a027d6f Fix the encoding of incoming user email and password 2020-01-13 20:34:24 +01:00
Weblate
869f230e0d Merge branch 'origin/master' into Weblate 2020-01-13 11:44:10 +00:00
Torben Jensen
619a87a821 Added translation using Weblate (Danish) 2020-01-13 11:44:09 +00:00
bors[bot]
812439332a
Merge #1299
1299: Don't remove the address extension in postfix r=mergify[bot] a=RobertMe

## What type of PR?
Bugfix

## What does this PR do?
Currently when the mail address is looked up by Postfix (using the admin
part) the address extension is removed. This is due to the address
extension being removed to look up the user, and afterwards returning
the users mail address. But by not returning the mail address including
the address extension it also isn't part anymore in the LMTP
communication to Dovecot. So Dovecot doesn't know about the extension,
and in turn the address extension can't be used in Sieve mail filtering.

This change fixes that by returning the original address by just
concatinating the "localpart" and domain again when the user is found.

### Related issue(s)
Fixes #982

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Robert Meijers <robert.meijers@gmail.com>
2020-01-10 17:52:27 +00:00
Weblate
97b9098eb9 Merge branch 'origin/master' into Weblate 2020-01-06 12:22:07 +00:00
Angedestenebres
c09f046ba7 Translated using Weblate (French)
Currently translated at 100.0% (163 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/fr/
2020-01-06 12:22:06 +00:00
micw
7688caa784
Add missing self. 2020-01-05 19:44:06 +01:00
Michael Wyraz
ace475d23c Certwatcher: Use polling observer to workaround some symlink limitations 2020-01-04 14:39:31 +01:00
Robert Meijers
989e4d5db5 Don't remove the address extension in postfix
Currently when the mail address is looked up by Postfix (using the admin
part) the address extension is removed. This is due to the address
extension being removed to look up the user, and afterwards returning
the users mail address. But by not returning the mail address including
the address extension it also isn't part anymore in the LMTP
communication to Dovecot. So Dovecot doesn't know about the extension,
and in turn the address extension can't be used in Sieve mail filtering.

This change fixes that by returning the original address by just
concatinating the "localpart" and domain again when the user is found.

Fixes #982
2019-12-27 21:11:50 +01:00
Weblate
2b503332a0 Merge branch 'origin/master' into Weblate 2019-12-18 15:06:55 +00:00
Marc Riera
ba7364d5e9 Added translation using Weblate (Catalan) 2019-12-18 15:06:54 +00:00
Michael Wyraz
70f797dbd9 Don't raise rate limit exception on hit(), only on check() 2019-12-16 18:47:21 +01:00
Michael Wyraz
a7f787f914 Make rate limit for subnet (webmail) configurable 2019-12-16 18:46:17 +01:00
Michael Wyraz
bee80b5c64 Remove rate limit reset 2019-12-06 11:02:21 +01:00
Michael Wyraz
889386b4a6 Limiter implementation 2019-12-06 09:35:21 +01:00
Michael Wyraz
fb9ddbca7a Install p3-yarn as dependency for podop 2019-12-04 20:05:42 +01:00
Michael Wyraz
09ee3ce95c Install py3-multidict from repository before installing socrate to avoid the need of gcc during build 2019-12-04 19:05:14 +01:00
Mordi Sacks
ebc39b5308 Translated using Weblate (Hebrew)
Currently translated at 6.0% (9 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/he/
2019-11-27 22:20:29 +00:00
Weblate
2d6aa77925 Merge branch 'origin/master' into Weblate 2019-11-26 21:21:22 +00:00
Mordi Sacks
5b23e30b39 Added translation using Weblate (Hebrew) 2019-11-26 21:21:21 +00:00