2924: Remove the usage of capabilities, use port 8080 for admin r=nextgens a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
In the real world users can't get them to work... I wonder if they use patched-up kernels or if xattrs are lost somehow... in any case, we can do without capabilities so let's do that.
Ensure that dovecot doesn't attempt to bind a v6 socket if SUBNET6 is not configured
Also, document that systemd-resolve may cause trouble with DNSSEC.
### Related issue(s)
- closes#2906
- closes#2913
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2818: Improve auth-related logging r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
Improve auth-related logging
### Related issue(s)
- closes#2803
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2703: Paranoia: drop the headers we don't use r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
Paranoia: drop the headers we don't use. This ensures there is no misunderstanding in between front and the other containers.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2613: Enhance network segregation r=nextgens a=nextgens
## What type of PR?
enhancement
## What does this PR do?
- put radicale and webmail on their own network: this is done for security: that way they have no privileged access anywhere (no access to redis, no access to XCLIENT, ...)
- remove the EXPOSE statements from the dockerfiles. These ports are for internal comms and are not meant to be exposed in any way to the outside world.
### Related issue(s)
- #2611
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2603: Enable HAPROXY protocol on SUBNET r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
- Enable HAPROXY in between front and imap: With this we avoid running into the limitations of ``mail_max_userip_connections`` and the logfiles reflect the real IP.
- Enable HAPROXY in between front and smtp: with this postfix and rspamd are aware of whether TLS was used or not on the last hop. In practice this won't work as nginx doesn't send PROTO yet.
- Discard redundant log messages from postfix
With all of this, not only are the logs easier to understand but ``doveadm who`` also works as one would expect.
### Related issue(s)
- closes#894
- #1328
- closes#1364
- #1705
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
With this we avoid running into the limitations of
mail_max_userip_connections (see #894 amd #1364) and the
logfiles as well as ``doveadm who`` give an accurate picture.
Anything that can be configured in the web administration interface,
can also be configured via the Mailu RESTful API.
See the section Advanced configuration in the configuration reference
for the relevant settings in mailu.env for enabling the API.
(API, WEB_API, API_TOKEN).
