1
0
mirror of https://github.com/Mailu/Mailu.git synced 2025-01-22 03:39:05 +02:00

2047 Commits

Author SHA1 Message Date
Florent Daigniere
7d39741c47 Make webmails use a different port without proxy protocol 2023-05-09 12:06:04 +02:00
Florent Daigniere
a9c92f19ef Add this endpoint back too 2023-05-09 09:54:52 +02:00
Florent Daigniere
2e26c7ad80 change healtcheck again 2023-05-09 09:51:53 +02:00
Florent Daigniere
6ee913502e Improve auth-related logging 2023-05-06 17:37:16 +02:00
Florent Daigniere
bee8ce9357 Fix2805 2023-05-06 09:06:12 +02:00
Florent Daigniere
88f7ab48f7 Deal with certwatcher too 2023-04-27 09:26:24 +02:00
Florent Daigniere
1d0c4e67aa noticket 2023-04-23 09:11:58 +02:00
Florent Daigniere
167cd93153 Merge remote-tracking branch 'upstream/master' into managesieve-proxy 2023-04-22 17:59:50 +02:00
Florent Daigniere
7e46e1491e as requested in review 2023-04-22 10:37:44 +02:00
Florent Daigniere
5d93ae205e Simplify the health-check 2023-04-21 17:36:24 +02:00
Florent Daigniere
36fcb9b830 dovecot is creating zombies 2023-04-21 17:27:59 +02:00
Florent Daigniere
eec9d1201f Fix logs in the SMTP container 2023-04-21 15:56:47 +02:00
Florent Daigniere
e6b9285f86 Send rport too 2023-04-21 11:04:08 +02:00
Florent Daigniere
d4bc99626f Ensure we log rport 2023-04-21 10:29:28 +02:00
Florent Daigniere
0025d06c4e maybe fix healthcheck 2023-04-21 10:08:32 +02:00
Florent Daigniere
915c1a75f1 Make it generic. Should we implement TARPIT? 2023-04-21 09:21:11 +02:00
Florent Daigniere
2d8b2b15fe tweak-logs 2023-04-21 09:13:11 +02:00
Florent Daigniere
4b02b2bd65 Add health-check 2023-04-21 08:59:42 +02:00
Florent Daigniere
cf0b440b2a Remove another useless message 2023-04-20 19:58:09 +02:00
Florent Daigniere
86ff5f7b71 Merge remote-tracking branch 'upstream/master' into managesieve-proxy 2023-04-20 18:53:17 +02:00
Florent Daigniere
21982478fb warning is enough 2023-04-20 18:01:16 +02:00
Florent Daigniere
281800d946 Try to do the same for ARM64, log a message if we do 2023-04-20 17:59:14 +02:00
Florent Daigniere
ede331f657 LD_PRELOAD may not be in ENV 2023-04-20 17:46:27 +02:00
Florent Daigniere
107b0ab5ff Implement managesieve support 2023-04-20 15:36:17 +02:00
bors[bot]
6710a29c5e
Merge #2772
2772: Always exempt app-tokens from rate limits r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Always exempt app-tokens from rate limits
Ensure that unsuccessful login attempts against a valid account hit the ip-based rate-limit too

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-04-20 10:12:01 +00:00
Florent Daigniere
5a55d1824e Make it happen post-deduplication 2023-04-16 12:57:20 +02:00
Florent Daigniere
21ed7b69a8 ratelimit: ensure we hit the ip-ratelimit on unsuccesful attempts
against a valid account
2023-04-16 11:30:14 +02:00
Florent Daigniere
775033391a doh 2023-04-14 13:56:39 +02:00
Florent Daigniere
c363378005 Always exempt app-tokens from rate limits 2023-04-14 12:51:43 +02:00
Florent Daigniere
b6ed4fd83e fix #2764 2023-04-14 10:09:51 +02:00
Florent Daigniere
7b08232049 Sanitize logs as appropriate 2023-04-13 14:46:12 +02:00
Florent Daigniere
8686e5154f Fix #2720 2023-04-12 12:33:33 +02:00
Florent Daigniere
845eff0055 fix 2757 2023-04-08 12:27:32 +02:00
Florent Daigniere
a09c23d8de Fix it 2023-04-08 11:32:46 +02:00
Dimitri Huisman
c54271db32
Fix config-import. Config with dkim key could not be imported. 2023-04-07 14:19:17 +00:00
bors[bot]
0cc7c2fd05
Merge #2735
2735: Mailu 2.0 release r=mergify[bot] a=Diman0

## What type of PR?

feature

## What does this PR do?
Changes for releasing Mailu 2.0.  I must still proofread the release notes I wrote.

### Related issue(s)
- closes #2215

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-04-05 07:03:37 +00:00
Dimitri Huisman
5f14c8ced1
Fix unmet dependency 2023-04-04 12:51:59 +00:00
Dimitri Huisman
a2655e3c79
Update dependencies with CVEs 2023-04-04 12:35:27 +00:00
Florent Daigniere
94ef62a884 Don't rate-limit port 25, ever. 2023-04-04 12:47:11 +02:00
Florent Daigniere
ab7b82d05b Clarify 2023-04-04 11:33:34 +02:00
Florent Daigniere
040dd82d3e fix bug 2023-04-04 11:30:59 +02:00
Dimitri Huisman
e88fa6a1f5
Merge branch 'master' into new-release-mailu 2023-04-04 08:00:25 +00:00
bors[bot]
b68e132369
Merge #2733
2733: Ensure we always ask for the existing password before allowing a change r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Ensure we always ask for the existing password before allowing a change.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-04-04 07:11:56 +00:00
bors[bot]
cae01a36b4
Merge #2732
2732: Only account for distinct attempts in rate limits r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Only account for distinct attempts in rate limits. This is solving the problem related to users changing their passwords and having their client hammer the old credentials.

Reduce the default to 50 distinct passwords per day

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2023-04-03 20:40:10 +00:00
Dimitri Huisman
453acad21f
Initial changes for Mailu 2.0 release 2023-04-02 16:45:42 +00:00
Florent Daigniere
c0f1f58f55 No need for that 2023-04-02 18:03:44 +02:00
Florent Daigniere
7dc2912770
Update core/admin/mailu/limiter.py
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
2023-04-02 17:11:16 +02:00
Florent Daigniere
52de10a5e5 resets don't need the current password 2023-04-02 16:41:12 +02:00
Florent Daigniere
616e4a7734 Ensure we always ask for the existing password before allowing a change 2023-04-02 16:35:15 +02:00
Florent Daigniere
795a7bafa2 should never happen but heh 2023-04-01 12:22:44 +02:00