1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Commit Graph

485 Commits

Author SHA1 Message Date
Florent Daigniere
6ee913502e Improve auth-related logging 2023-05-06 17:37:16 +02:00
Florent Daigniere
1512493764 Fix roundcube's spellchecker 2023-04-27 12:43:38 +02:00
Florent Daigniere
e71c653c8c fix #2139 2023-04-22 08:24:36 +02:00
Florent Daigniere
36fcb9b830 dovecot is creating zombies 2023-04-21 17:27:59 +02:00
Florent Daigniere
eec9d1201f Fix logs in the SMTP container 2023-04-21 15:56:47 +02:00
Florent Daigniere
ede331f657 LD_PRELOAD may not be in ENV 2023-04-20 17:46:27 +02:00
bors[bot]
6710a29c5e
Merge #2772
2772: Always exempt app-tokens from rate limits r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Always exempt app-tokens from rate limits
Ensure that unsuccessful login attempts against a valid account hit the ip-based rate-limit too

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-04-20 10:12:01 +00:00
bors[bot]
d8f6a53a1e
Merge #2771
2771: Sanitize logs as appropriate r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

- Sanitize logs as appropriate. 
- change the healthcheck of radicale to something less verbose
- disable hardened-malloc if we detect a processor not supporting the AVX extension set

Should we backport something like that? It could be argued it's a bugfix.

### Related issue(s)
- close #2644 
- close #2764
- #2541

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-04-20 09:23:25 +00:00
Dario Ernst
b0c71559d0 Whitelist all mailso* stream types in snuffleupagus for snappymail
For attachment download in snappymail to work, at least mailsoliteral is
needed. The additionally used stream types (from looking at the
snappymail source) have also been added, to ensure compatability with
whatever feature might rely on them ….
2023-04-17 14:43:13 +02:00
Florent Daigniere
21ed7b69a8 ratelimit: ensure we hit the ip-ratelimit on unsuccesful attempts
against a valid account
2023-04-16 11:30:14 +02:00
Florent Daigniere
c363378005 Always exempt app-tokens from rate limits 2023-04-14 12:51:43 +02:00
Florent Daigniere
b6ed4fd83e fix #2764 2023-04-14 10:09:51 +02:00
Florent Daigniere
7b08232049 Sanitize logs as appropriate 2023-04-13 14:46:12 +02:00
Florent Daigniere
8686e5154f Fix #2720 2023-04-12 12:33:33 +02:00
Florent Daigniere
a09c23d8de Fix it 2023-04-08 11:32:46 +02:00
Dimitri Huisman
c54271db32
Fix config-import. Config with dkim key could not be imported. 2023-04-07 14:19:17 +00:00
Dimitri Huisman
c6c4cd71f6
Add release note for PR 2748 2023-04-07 10:41:43 +00:00
Dimitri Huisman
0faae50302
Improve releases.rst.
Add extra links to relevant sections in documentation.
Add example of using the new override location for rspamd.
Add clarification  in rspamd section for rspamd override change and new autoconfig.* endpoint
2023-04-06 09:04:04 +00:00
Dimitri Huisman
ddcdf8b82a
Fix tag-release step in workflow which prevented github releases from being created automatically.
Cause was that a specific method is required for assigning multi-line strings in github workflow files:
https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
2023-04-06 07:46:28 +00:00
Dimitri Huisman
8cd5c15dc7
Newsfragment for releasing Mailu 2.0 2023-04-05 07:32:44 +00:00
Dimitri Huisman
ee252224b5
Process latest towncrier entries into changelog.md 2023-04-04 08:03:49 +00:00
Dimitri Huisman
e88fa6a1f5
Merge branch 'master' into new-release-mailu 2023-04-04 08:00:25 +00:00
bors[bot]
b68e132369
Merge #2733
2733: Ensure we always ask for the existing password before allowing a change r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Ensure we always ask for the existing password before allowing a change.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-04-04 07:11:56 +00:00
bors[bot]
cae01a36b4
Merge #2732
2732: Only account for distinct attempts in rate limits r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Only account for distinct attempts in rate limits. This is solving the problem related to users changing their passwords and having their client hammer the old credentials.

Reduce the default to 50 distinct passwords per day

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2023-04-03 20:40:10 +00:00
Dimitri Huisman
453acad21f
Initial changes for Mailu 2.0 release 2023-04-02 16:45:42 +00:00
Florent Daigniere
920f817009 LOG_DRIVER just doesn't work 2023-04-02 17:09:43 +02:00
Florent Daigniere
616e4a7734 Ensure we always ask for the existing password before allowing a change 2023-04-02 16:35:15 +02:00
Florent Daigniere
04a2cdab2f Only account for distinct attempts in rate limits 2023-04-01 11:33:02 +02:00
Didier 'OdyX' Raboud
d9ed3cd179
nginx: Allow http and/or mail servers to accept the PROXY protocol
See #2300 for the initial proposal
2023-03-28 09:08:38 +02:00
Dimitri Huisman
709edb522b
Introduce connection string (database url) for roundcube.
Remove database choice from setup.
Remove the old *DB_* database env variables from the documentation.
The env vars are deprecated now. They will be removed after the upcoming
Mailu release.
2023-03-26 12:21:00 +00:00
Dimitri Huisman
5bd528319b
Provide a changelog for minor releases. The github release will now:
* Provide the changelog message from the newsfragment of the PR that triggered the backport.
* Provide a github link to the PR/issue of the PR that was backported.

Switch to building multi-arch images. The images build for pull requests, master and production
are now multi-arch images for the architectures:
* linux/amd64
* linux/arm64/v8
* linux/arm/v7

Enhance CI/CD workflow with retry functionality. All steps for building images are now automatically
retried. If a build temporarily fails due to a network error, the retried step will still succeed.
2023-03-21 14:47:37 +00:00
bors[bot]
5044c78740
Merge #2709
2709: Validate proxy ip with PROXY_AUTH_WHITELIST r=mergify[bot] a=Diman0

## What type of PR?

bug fix

## What does this PR do?
The Proxy code validated the real client ip against the proxy auth whitelist. It should be the proxy ip that is checked. That is changed with this PR.

### Related issue(s)
- closes #2708
- #2692

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [n/a] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-03-18 13:26:59 +00:00
bors[bot]
c15595836a
Merge #2690
2690: Change rspamd override system to use .include with lowest priority. r=mergify[bot] a=Diman0

## What does this PR do?

All override files are used as if they were placed in the rspamd local.d folder.

New override system for Rspamd. In the old system, all files were placed in the Rspamd overrides folder. These overrides would override everything, including the Mailu Rspamd config.

Now overrides are placed in /overrides.
If you use your own map files, change the location to /override/myMapFile.map in the corresponding conf file. It works as following.
* If the override file overrides a Mailu defined config file, it will be included in the Mailu config file with lowest priority. It will merge with existing sections.
* If the override file does not override a Mailu defined config file, then the file will be placed in the rspamd local.d folder. It will merge with existing sections.

For more information, see the description of the local.d folder on the rspamd website: https://www.rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories

## What type of PR?

enhancement

### Related issue(s)
- closes #2555 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-03-18 10:01:23 +00:00
Dimitri Huisman
25b9db4b00
Proxy endpoint was checking real client ip instead of proxy ip
for validating PROXY_AUTH_WHITELIST
2023-03-18 08:14:46 +00:00
bors[bot]
5fbfb3cb1c
Merge #2566
2566: Make it clear that we don't delete users r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Make it clear that we don't delete users. Users can and should be disabled when not in use anymore.

### Related issue(s)
- closes #1820

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
2023-03-17 11:55:11 +00:00
Dimitri Huisman
c6c2805196
Update changelog with extra info. 2023-03-17 12:54:18 +01:00
bors[bot]
1d360055b7
Merge #2705
2705: Switch from docker.io to ghcr.io for deploying images r=nextgens a=Diman0

## What type of PR?

enhancement

## What does this PR do?
As we all know, docker has announced that they will stop with free docker organisations. The Mailu project used this. In about a month, the mailu docker org stops to exist and all images will be deleted.

This PR modifies the CI/CD workflow (github actions) to use ghcr.io as the container registry for deployed images. The images are first build with `-build` appended to the tag. These images are also used in the test step. Only in the deploy phase, are the final tags added (as it should be). This makes sure new images are only available after the deployment step.

The setup utility is updated to use `ghcr.io/mailu` as the docker_org.

All references to the docker org `mailu` have been replaced with `ghcr.io/mailu` in the documentation.

I confirmed via my Mailu_Fork repo that the github workflow works fine. 
https://github.com/Diman0/Mailu_Fork/actions/runs/4440118095

### Related issue(s)
- closes #2704 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-03-17 08:01:41 +00:00
bors[bot]
86ad4c93a9
Merge #2697
2697: Make the login page guess where to redirect r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Make the login page guess where to redirect.

If you access /admin/ and get redirected to /sso/login, it's only fair that it redirects you back to /admin afterwards.

This is also changing the interface for external proxy authentication, making it simpler to configure.

### Related issue(s)
- close #2692
- #1972

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
2023-03-16 22:29:53 +00:00
Dimitri Huisman
06ac7f507d
Add changelog entry. 2023-03-16 18:27:20 +00:00
Dimitri Huisman
31faee4218
Merge branch 'master' into delete-disable 2023-03-15 18:16:46 +01:00
Dimitri Huisman
b99828c4f6
Fix broken link. Add extra clarification for login targets. 2023-03-15 16:04:30 +00:00
Florent Daigniere
22bb0594da Upgrade snappymail to v2.26.4 2023-03-15 08:43:39 +01:00
bors[bot]
31a85397dd
Merge #2694
2694: fix #2693 r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Tweak the snuffleupagus rules to make roundcube's caldav work. While at it I have also grepped for other similar cases/problems.

### Related issue(s)
- close #2693

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-03-12 21:04:51 +00:00
Florent Daigniere
925c753f40 Merge branch 'master' of https://github.com/Mailu/Mailu into guess-target 2023-03-12 19:43:05 +01:00
Florent Daigniere
b607375603 Fix 2692: make the external auth proxy usable 2023-03-12 19:40:44 +01:00
Florent Daigniere
dd912169fb Make the login page guess where to redirect 2023-03-12 18:07:25 +01:00
Florent Daigniere
1b045b4a94 Introduce AUTH_PROXY_LOGOUT_URL 2023-03-12 18:07:25 +01:00
bors[bot]
f0b3689732
Merge #2676
2676: Czech translation r=mergify[bot] a=S474N

Czech translation

## What type of PR?

Czech translation

## What does this PR do?
Add czech translation


Co-authored-by: S474N <S474N@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-03-12 16:15:19 +00:00
Dimitri Huisman
17c68ca86e
Add changelog entry for PR2676 2023-03-12 16:01:35 +00:00
Florent Daigniere
61ca539d6d Merge branch 'master' of https://github.com/Mailu/Mailu into fail2ban-update 2023-03-12 11:18:25 +01:00