1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Commit Graph

485 Commits

Author SHA1 Message Date
Florent Daigniere
d44608ed04 Merge remote-tracking branch 'upstream/master' into upgrade-alpine 2021-08-03 13:46:47 +02:00
Florent Daigniere
fa915d7862 Fix 1294 ensure podop's socket is owned by postfix 2021-07-24 14:39:40 +02:00
Dimitri Huisman
67e00bb1e7 Add changelog 2021-07-22 14:56:30 +00:00
Yaron Shahrabani
1aeff3b67c
Added a change note
As per https://github.com/Mailu/Mailu/pull/1873#issuecomment-882271176
2021-07-21 10:18:15 +03:00
bors[bot]
0031f262cc
Merge #1871
1871: Replace PUBLIC_HOSTNAME/IP with real data in Received headers r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

This will ensure that we don't get spam points for not respecting the RFC (gmail is notorious for not liking it)

### Related issue(s)
- close #1448
- #466
- #191

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-07-20 12:13:19 +00:00
Dimitri Huisman
2e883c7ae2 Add changelog 2021-07-20 11:44:29 +00:00
Florent Daigniere
8bc1d6c08b Replace PUBLIC_HOSTNAME/IP in Received headers
This will ensure that we don't get spam points for not respecting the
RFC
2021-07-18 18:24:46 +02:00
bors[bot]
de0536c694
Merge #1858
1858: Docs: Replace hardcoded journald logpath with systemd backend r=mergify[bot] a=networkException

The file at /var/log/messages is not universal for every
distribution. Fail2ban can access journald logs directly
by using the systemd backend.

## What type of PR?

documentation

## What does this PR do?

The path /var/log/messages does not apply for Ubuntu 20.04 for example, because of that I have looked
at alternative ways to access journald in fail2ban. The proper way seems to be to use the systemd
backend, this patch updates the documentation accordingly.

### Related issue(s)
*none*

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: networkException <git@nwex.de>
2021-07-14 17:53:15 +00:00
Florent Daigniere
a0dcd46483 fix #1861: Handle colons in passwords 2021-07-14 09:27:00 +02:00
networkException
f80e04a8c5
Docs: Replace hardcoded journald logpath with systemd backend
The file at /var/log/messages is not universal for every
distribution. Fail2ban can access journald logs directly
by using the systemd backend.
2021-07-08 22:10:23 +02:00
bors[bot]
66ea28b50a
Merge #1845
1845: Update rainloop to 1.16.0 r=mergify[bot] a=nextgens

## What type of PR?

Security-update for rainloop.

## What does this PR do?

Upgrade to rainloop v1.16

### Related issue(s)
- #1829

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-07-06 09:13:21 +00:00
Florent Daigniere
474e5aa527 document 2021-07-05 17:11:09 +02:00
Florent Daigniere
11917a5011 mend 2021-07-04 19:18:53 +02:00
Alexander Graf
87fe34e0a3 fix newsfragment of #1841 2021-07-03 19:35:44 +02:00
Florent Daigniere
d75c8469d3 Update rainloop to 1.16.0 2021-07-03 15:10:34 +02:00
Alexander Graf
2045ae2e10 updated changelog file 2021-07-02 22:47:51 +02:00
Alexander Graf
14bdeb5e1e Update version of roundcube webmail and carddav plugin.
This is a security update.

- roundcube 1.4.11
- carddav 4.1.2
2021-06-30 12:36:11 +02:00
Dimitri Huisman
6dc1a19390
Merge branch 'master' into import-export 2021-06-29 15:26:51 +02:00
bors[bot]
fc1a663da2
Merge #1754
1754: centralize Webmail authentication behind the admin panel (SSO) r=mergify[bot] a=nextgens

## What type of PR?

Enhancement: it centralizes the authentication of webmails to the admin interface.

## What does this PR do?

It implements the glue required for webmails to do SSO using the admin interface.
One of the main advantages of centralizing things this way is that it reduces significantly the attack surface available to an unauthenticated attacker (no webmail access until there is a valid Flask session).

Others include the ability to implement 2FA down the line and rate-limit things as required.

### Related issue(s)
- #783

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-06-29 12:32:21 +00:00
bors[bot]
4ff90683ca
Merge #1758 #1776
1758: Implement a simpler credential cache (alternative to #1755) r=mergify[bot] a=nextgens

## What type of PR?

Feature: it implements a credential cache to speedup authentication requests.

## What does this PR do?

Credentials are stored in cold-storage using a slow, salted/iterated hash function to prevent offline bruteforce attacks. This creates a performance bottleneck for no valid reason (see the
rationale/long version on https://github.com/Mailu/Mailu/issues/1194#issuecomment-762115549).

The new credential cache makes things fast again.

This is the simpler version of #1755 (with no new dependencies)

### Related issue(s)
- close #1411
- close #1194 
- close #1755

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1776: optimize generation of transport nexthop r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix and enhancement.

## What does this PR do?

Possibly there should be more input validation when editing a relay, but for now this tries to make the best out of the existing "smtp" attribute while maintaining backwards compatibility. When relay is empty, the transport's nexthop is the MX of the relayed domain to fix #1588 

```
RELAY			NEXTHOP						TRANSPORT
empty			use MX of relay domain				smtp:domain
:port			use MX of relay domain and use port	smtp:domain:port
target			resolve A/AAAA of target			smtp:[target]
target:port		resolve A/AAAA of target and use port	smtp:[target]:port
mx:target		resolve MX of target				smtp:target
mx:target:port	resolve MX of target and use port	smtp:target:port
lmtp:target		resolve A/AAAA of target			lmtp:target
lmtp:target:port	resolve A/AAAA of target and use port	lmtp:target:port

target can also be an IPv4 or IPv6 address (an IPv6 address must be enclosed in []: [2001:DB8::]).
```

When there is proper input validation and existing database entries are migrated this function can be made much shorter again.

### Related issue(s)
- closes #1588 
- closes #1815 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2021-06-29 12:15:03 +00:00
bors[bot]
d1eab083f5
Merge #1831
1831: Fix roundcube database env configuration r=mergify[bot] a=parisni

## What type of PR?

bug-fix

## What does this PR do?

Both roundcube and mailu admin website can be backed by postgres/mysql. Before this PR, the `DB_FLAVOR` is shared by both services. However, the other roundcube dedicated DB params are prefixed with `ROUNDCUBE_`. (eg: `ROUNDCUBE_DB_NAME`)
There is no reason to share the DB_FLAVOR for both: This PR makes them be considered independently to make things clear and avoid bugs.
Also, the roundcube_db_flavor and db_flavor are made separated in this PR. However for simplicity, the template generator bind them : roundcube_db_flavor = db_flavor. This makes the template generator UI more simple. I considered most of the time people want to have both roundcube and mailu share the same RDBMS.

Also, AFAIK the internal postgresql service is deprecated and will be removed in 1.9. This is why this PR does not integrate roundcube in postgres when the internal DB is choosen: in case of internal postgres, the roundcube is backed with sqlite.

Both documentation and setup website have been updated accordingly.

### Related issue(s)
- Auto close an issue like: closes #1648 #1471

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: parisni <nicolas.paris@riseup.net>
Co-authored-by: Nicolas Paris <nicolas.paris@riseup.net>
2021-06-29 11:58:39 +00:00
Dimitri Huisman
ef5741ef80 Add newsfragment 2021-06-29 08:07:43 +00:00
bors[bot]
c49e064ff7
Merge #1836
1836: Test ci parallel r=Diman0 a=Diman0

## What type of PR?

enhancement

## What does this PR do?

Changes CI workflow to run all tests in parellel.  After performing some tests (see #1830  ), I determined that using actions/cache to only cache a tar.gz. file with all build images and use this for all parallel tests is the fasted solution.

With Travis builds took ~30 minutes. Now each build runs for a maximum of 20 minutes (bors test and merge on master).
Bors r+ runs take about ~16/17 minutes.

### Related issue(s)
- Auto close an issue like: closes #1830

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
2021-06-29 07:13:37 +00:00
bors[bot]
d9da8e4bb2
Merge #1746
1746: DNS records for client autoconfiguration (RFC6186) r=Diman0 a=nextgens

## What type of PR?

Feature

## What does this PR do?

Add instructions on how to configure rfc6186 DNS records for client autoconfiguration

### Related issue(s)
- #224
- #498

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-06-29 06:50:27 +00:00
Dimitri Huisman
0468fb2064 Forgot to set permissions on images folder. Added changelog. 2021-06-27 09:24:17 +00:00
bors[bot]
5d1264e381
Merge #1694
1694: update compression algorithms for current dovecot r=nextgens a=lub

## What type of PR?

enhancement

## What does this PR do?

This adds additional compression algorithms in accordance with
https://doc.dovecot.org/configuration_manual/zlib_plugin/

### Related issue(s)

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
2021-06-26 23:38:35 +00:00
bors[bot]
a1345114bc
Merge #1649 #1673
1649: Update docs/reverse.rst with Traefik v2+ info r=mergify[bot] a=patryk-tech

## What type of PR?

Documentation

## What does this PR do?

Adds information about using Traefik v2+ as a reverse proxy.

### Related issue(s)
Closes #1503 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1673: Remove rspamd unused env var from start script r=mergify[bot] a=cbachert

## What type of PR?
Cleanup

## What does this PR do?
Remove unused environment variable FRONT_ADDRESS in rspamd. FRONT_ADDRESS references were removed with commit 8172f3e in PR #727 like mentioned in chat https://matrix.to/#/!MINuyJjJSrfowljYCK:tedomum.net/$160401946364NGNmI:imninja.net?via=huisman.xyz&via=matrix.org&via=imninja.net
```
Mailu$ grep -r "FRONT_ADDRESS" core/rspamd/
core/rspamd/start.py:os.environ["FRONT_ADDRESS"] = system.get_host_address_from_environment("FRONT", "front")
```

### Related issue(s)
N/A

## Prerequistes
- [x] Documentation updated accordingly: No documentation to update
- [x] Add to changelog: Minor change

Co-authored-by: Patryk Tech <git@patryk.tech>
Co-authored-by: cbachert <cbachert@users.noreply.github.com>
2021-06-26 21:59:25 +00:00
Dimitri Huisman
54dd4cf224 Added new docker repo for test image. Adapted deploy script to use env var for test repo name. Modified travis references to github actions references in docs. Added changelog entry. 2021-06-26 19:16:56 +00:00
parisni
f4c76d49c1 Add changelog entry 2021-06-19 09:30:32 +02:00
lub
18f5a2fc11 update newsfragment #1694 2021-06-16 15:01:55 +02:00
bors[bot]
42cefab4c2
Merge #1760
1760: Security updates to postgresql r=mergify[bot] a=WebSpider

## What type of PR?

Security update

## What does this PR do?

It fixes vulnerabilities in the sudo package in the postgresql optional container documented in
CVE-2021-23240, CVE-2021-3156 and CVE-2021-23239

### Related issue(s)

None

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Nils Vogels <n.vogels@aves-it.nl>
2021-06-04 07:56:29 +00:00
Florent Daigniere
ae9206e968 Implement a simple credential cache 2021-06-04 09:41:12 +02:00
DjVinnii
60766f6d80 Add CHANGELOG fragments 2021-04-12 14:50:13 +02:00
Alexander Graf
dc5464f254 Merge remote-tracking branch 'upstream/master' into import-export 2021-03-10 18:32:19 +01:00
Florent Daigniere
dd3d03f06d Merge remote-tracking branch 'upstream/master' into webmail-sso 2021-03-10 14:41:12 +01:00
bors[bot]
9c57f2ac39
Merge #1785
1785: Fix bug #1660 (don't replace nested headers) r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Don't replace nested headers (typically in forwarded/attached emails). This will ensure we don't break cryptographic signatures.

### Related issue(s)
- close #1660

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-03-10 10:14:29 +00:00
bors[bot]
25e8910b89
Merge #1783
1783: Switch to server-side sessions r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

It simplifies session management.
- it ensures that sessions will eventually expire (*)
- it implements some mitigation against session-fixation attacks
- it switches from client-side to server-side sessions (in Redis)

It doesn't prevent us from (re)-implementing a "remember_me" type of feature if that's considered useful by some.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-03-10 09:44:31 +00:00
bors[bot]
327884e07c
Merge #1610
1610: add option to enforce inbound starttls r=mergify[bot] a=lub

## What type of PR?

Feature

## What does this PR do?
It implements a check in the auth_http handler to check for Auth-SSL == on and otherwise returns a 530 starttls error.
If INBOUND_TLS_ENFORCE is not set the behaviour is still the same as before, so existing installations should be unaffected.

Although there is a small difference to e.g. smtpd_tls_security_level of Postfix.

Postfix already throws a 530 after mail from, but this solution only throws it after rcpt to. auth_http is only the request after rcpt to, so it's not possible to do it earlier.

### Related issue(s)
#1328 is kinda related, although this PR doesn't solve the issue that the headers will still display ESMTP instead of ESMTPS

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
2021-03-10 09:14:23 +00:00
bors[bot]
7469bb7087
Merge #1638
1638: Remove the username from the milter_headers r=mergify[bot] a=githtz

Rspamd adds the name of the authenticated user by default. Setting add_smtp_user to false prevents the login to be leaked.

## What type of PR?
Enhancement

## What does this PR do?
This PR prevents the user login to be leaked in sent emails (for example using an alias)

### Related issue(s)
Closes https://github.com/Mailu/Mailu/issues/1465

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: anrc <15327800+githtz@users.noreply.github.com>
2021-03-10 07:30:25 +00:00
lub
f3f0a4d86d
Merge branch 'master' into enforce-tls-admin 2021-03-09 23:40:51 +01:00
Florent Daigniere
b872b46097 towncrier 2021-03-09 20:13:31 +01:00
Florent Daigniere
97be7359fe towncrier 2021-03-09 19:47:34 +01:00
Alexander Graf
dd2e218375 Merge remote-tracking branch 'upstream/master' into import-export 2021-03-09 13:31:21 +01:00
Florent Daigniere
45e5cb9bb3 Improve the towncrier messages 2021-03-09 12:05:46 +01:00
Florent Daigniere
927bd2bd8e towncrier 2021-03-09 12:04:42 +01:00
bors[bot]
81f8cbec56
Merge #1711 #1712
1711: fix typo in faq.rst r=Diman0 a=tomwojcik



1712: Add details for postfix-overrides r=mergify[bot] a=sholl

## What type of PR?

Documentation clarification

## What does this PR do?

### Related issue(s)

this clarifies the FAQ about overrides and fixes #1628 


Co-authored-by: Tomasz Wójcik <tomwojcik@users.noreply.github.com>
Co-authored-by: Stephan Holl <stephan@holl-land.de>
Co-authored-by: Stephan Holl <1610827+sholl@users.noreply.github.com>
2021-03-08 10:10:52 +00:00
bors[bot]
ce0c93a681
Merge #1618
1618: add OCSP stapling to nginx.conf r=mergify[bot] a=lub

It's not added in tls.conf, because apparently the mail ssl module
doesnt' support OCSP stapling.

https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
^ exists

https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_stapling
^ missing

When the configured certificate doesn't have OCSP information, it'll
just log a warning during startup.

## What type of PR?

enhancement

## What does this PR do?

It enables OCSP stapling for the http server. OCSP stapling reduces roundtrips for the client and reduces load on OCSP responders.

### Related issue(s)
- fixes  #1616

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
2021-03-08 09:39:25 +00:00
bors[bot]
cca4b50915
Merge #1607
1607: _FILE variables for Docker swarm secrets r=mergify[bot] a=lub

## What type of PR?

enhancement

## What does this PR do?

This PR enables usage of DB_PW_FILE and SECRET_KEY_FILE instead of DB_PW and SECRET_KEY to load these values from files instead of supplying them directly. That way it's possible to use Docker secrets.

### Related issue(s)


## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
2021-03-08 09:07:10 +00:00
Alexander Graf
68caf50154 new import/export using marshmallow 2021-02-15 00:46:59 +01:00
Nils Vogels
3b7ecb3a8b Add changelog 2021-02-11 12:12:06 +01:00
Florent Daigniere
2e749abe61 DNS records for client autoconfiguration (RFC6186) 2021-02-07 18:50:26 +01:00
Florent Daigniere
99c7420f92 towncrier 2021-02-07 17:51:19 +01:00
Alexander Graf
1da7e5b8d2 Merge remote-tracking branch 'upstream/master' into api 2021-01-24 19:10:24 +01:00
Michael Wyraz
2b37be9889 Use alpine 3.13 to fix CVE-2020-25275 and CVE-2020-24386 2021-01-15 10:56:49 +01:00
Stephan Holl
6ba40bc0d7 Add newsfragment 2020-12-23 18:53:56 +01:00
Alexander Graf
63176f4878 Merge remote-tracking branch 'upstream/master' into import-export 2020-11-30 22:03:10 +01:00
ronivay
96bf16605c fix changelog entry from feature to misc 2020-11-23 09:27:55 +02:00
ronivay
1ef62f5a2f changelog entry for #1696 2020-11-23 09:17:40 +02:00
lub
2606ace1df add changelog for #1694 2020-11-21 12:39:42 +01:00
ofthesun9
d32e73c5bc Fix letsencrypt access to certbot for the mail-letsencrypt flavour 2020-11-17 10:26:41 +01:00
bors[bot]
d2ff6769cc
Merge #1669 #1672
1669: Fix extract_host_port port separation r=mergify[bot] a=cbachert

Regex quantifier should be lazy to make port separation work.

## What type of PR?
bug-fix

## What does this PR do?
The "extract_host_port" function in admin/mailu/internal/nginx.py and optional/fetchmail/fetchmail.py is not actually separating host and port due to the `(.*)` part of the regex being too generous. Lazy quantifier `(.*?)` allows the other capturing groups to match.

### Related issue(s)
- No issue raised for this

## Prerequistes
- [x] Documentation updated accordingly: N/A, bug-fix
- [x] Add [changelog] entry file: Added towncrier newsfragment with second commit

1672: mark radio buttons in setup utility as required r=mergify[bot] a=lub

## What type of PR?
bug-fix

## What does this PR do?
mark radio buttons in setup utility as required

Otherwise it's possible to submit the form without selecting e.g. any
flavor, which would need additional handling on the server side.

### Related issue(s)

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: cbachert <cbachert@users.noreply.github.com>
Co-authored-by: lub <git@lubiland.de>
2020-11-15 10:24:09 +00:00
lub
b159275057 manually merge wrongly named news fragments
see https://github.com/twisted/towncrier#news-fragments for a list of
default news fragment types
2020-10-27 12:13:06 +01:00
cbachert
862086ea37 Fix extract_host_port port separation
Add towncrier newsfragment
2020-10-24 21:52:21 +01:00
Alexander Graf
dfc34b2165 Merge remote-tracking branch 'upstream/master' into import-export 2020-10-23 16:16:29 +02:00
Dimitri Huisman
78890a97ff Preparations for 1.8 release. 2020-10-01 20:32:05 +02:00
Patryk Tech
ef71bc04cb Update docs/reverse.rst with Traefik v2+ info 2020-10-01 13:51:19 +03:00
Alexander Graf
45bf6d1b4a Merge remote-tracking branch 'upstream/master' into import-export 2020-09-29 08:41:23 +02:00
bors[bot]
62c54ea57f
Merge #1592
1592: Add documentation for the web administration gui. r=mergify[bot] a=Diman0

## What type of PR?

Documentation

## What does this PR do?

This PR adds the section Web Administration Interface to the documentation site which completely documents all available settings in the web administration interface.

### Related issue(s)
- Closes issue #1590 (please close this issue for me)

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ Done ] In case of feature or enhancement: documentation updated accordingly
- [ Done ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
2020-09-27 08:03:49 +00:00
bors[bot]
5c36dc4f54
Merge #1611
1611: Adds own server on port 80 for letsencrypt and redirect r=mergify[bot] a=elektro-wolle

## What type of PR?

Bugfix

## What does this PR do?

Handle letsencrypt route to `.well-known` by own server configuration within nginx.

### Related issue(s)
closes #1564

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Wolfgang Jung <w.jung@polyas.de>
2020-09-26 05:57:27 +00:00
anrc
3f037e2f08
Add changelog 2020-09-24 16:53:42 +02:00
Dimitri Huisman
a662c3f6f1 Changed change log file to correct filename 2020-09-23 20:04:36 +02:00
Dimitri Huisman
d9e7b8249b Add support for AUTH LOGIN authentication mechanism for relaying email via smart hosts. 2020-09-23 19:59:00 +02:00
lub
e8b6747080 add newsfragemnt for #1618 2020-09-12 01:38:37 +02:00
Wolfgang Jung
f999e3de08 Adds own server on port 80 for letsencrypt and redirect 2020-09-03 23:18:57 +02:00
lub
d348477efc add towncrier for 1610 2020-09-01 21:50:21 +02:00
lub
714fa044e0 add towncrier for #1607 2020-08-30 01:19:42 +02:00
Alexander Graf
0cf91f35a4 moved change log entry to towncrier 2020-08-27 16:08:15 +02:00
Dimitri Huisman
b3e9e1bd1a Add documentation for the web administration gui. 2020-08-18 20:42:58 +02:00
Dimitri Huisman
1544bc4a95 Add documentation in regard to the spam filter in Mailu. Added all suggestions from Liquidat and Nebukadneza.. 2020-08-11 20:59:25 +02:00
bors[bot]
3e533a84ae
Merge #1526
1526: Use Radicale 3.x for webdav service r=mergify[bot] a=ofthesun9

- remove -f flag in Dockerfile CMD
- remove deprecated daemon and dns_lookup settings from radicale.conf
- move realm setting from [server] to [auth] in radicale.conf
- add newsfragment

## What type of PR?
Miscellaneous

## What does this PR do?
Modifications in Dockerfile and radicale.conf to get Radicale 3.0 service building properly.
Functional tests would be needed before merge.

### Related issue(s)
- closes #1512 

## Prerequistes
- [X] In case of feature or enhancement: documentation updated accordingly


Co-authored-by: ofthesun9 <olivier@ofthesun.net>
2020-08-09 13:09:33 +00:00
bors[bot]
535b95bca7
Merge #1538
1538: Introduce environment variable to control dovecot full-text-search r=mergify[bot] a=tremlin

## What type of PR?

Enhancement

## What does this PR do?

In #1320 a full-text-search feature was enabled in Dovecot by default. Since this can have a big impact on performance, I think it's preferable to offer an option to disable the feature if it is not needed. This PR doesn't change the default behavior (FTS on).

### Related issue(s)
- #1320

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordinagly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Thomas Rehn <thomas.rehn@initos.com>
2020-08-09 12:12:39 +00:00
bors[bot]
64f21d5b84
Merge #1478 #1501 #1532 #1543
1478: Allow to enforce TLS for outbound r=mergify[bot] a=micw

 using OUTBOUND_TLS_LEVEL=encrypt (default is 'may')

## What type of PR?

enhancement

## What does this PR do?

Add an option to postfix to enforce outbound traffic to be TLS encrypted.

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1501: In setup/flavor, change DMARC RUA and RUF email default settings r=mergify[bot] a=ofthesun9

## What type of PR?
bug-fix

## What does this PR do?
This PR changes the default value used to set DMARC_RUA and DMARC_RUF:
DMARC_RUA and DMARC_RUF defaults will reuse the value defined for POSTMASTER,
instead of 'admin' as previously.
Please note that the setup tool doesn't allow (yet?) to define dmarc_rua nor dmarc_ruf, so the default value is indeed used for the time being.

### Related issue(s)
closes #1463 

## Prerequistes
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1532: Replace SMPT with SMTP r=mergify[bot] a=dhoppe



1543: Disable Health checks on swarm mode r=mergify[bot] a=ofthesun9

ref: https://github.com/moby/moby/issues/35451

## What type of PR?
bug-fix

## What does this PR do?
Modify the docker-compose.yml template used by setup (swarm flavor) to disable Health checks on swarm mode for each service

### Related issue(s)
closes #1289

## Prerequistes
- [x]  add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
Co-authored-by: ofthesun9 <olivier@ofthesun.net>
Co-authored-by: Dennis Hoppe <github@debian-solutions.de>
2020-08-08 16:01:16 +00:00
ofthesun9
f48a13336f Disable Health checks on swarm mode
ref: https://github.com/moby/moby/issues/35451
2020-06-17 16:18:33 +02:00
Thomas Rehn
065447fd35 add feature description 2020-06-14 19:30:41 +02:00
ofthesun9
506b7e9372 Use Radicale 3.x for webdav service
- remove ==2.1.12 in Dockerfile pip3 install radicale
- remove -f flag in Dockerfile CMD
- remove deprecated daemon and dns_lookup settings from radicale.conf
- move realm setting from [server] to [auth] in radicale.conf
- add newsfragment
2020-05-28 14:57:54 +02:00
ofthesun9
b1f012d53b In setup/flavor, change DMARC rua and ruf email default settings
DMARC_RUA and DMARC_RUF defaults will reuse the value defined for POSTMASTER,
instead of 'admin' as previously
2020-05-12 10:46:29 +02:00
bors[bot]
0469e96f8e
Merge #1298
1298: Added carddav-plugin for roundcube webmail r=ofthesun9 a=sholl

## Feature

This PR enables the carddav contacts plugin for integration remote contact-repositories based on CardDAV.

## What does this PR do?

This PR enables the carddav contacts plugin for integration remote contact-repositories based on CardDAV.

### Related issue(s)
- Related #1230, at least for CardDAV.


## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly (not needed since the plugins of webmail is not mentioned in the docs.)
- [x] Changelog-entry added


Co-authored-by: Stephan Holl <stephan@holl-land.de>
2020-05-10 18:17:23 +00:00
bors[bot]
d00ccc16d7
Merge #1487
1487: Fix postfix queue permissions r=mergify[bot] a=ofthesun9

## What type of PR?
bug-fix (by anticipation of a potential change in base image)

## What does this PR do?
We need to check /queue permissions before starting postfix.
In case of postfix/postdrop uid/gid change, postfix would fail to start

### Related issue(s)
closes #1486 

## Prerequistes
- [x] In case of feature or enhancement: documentation updated accordingly


Co-authored-by: ofthesun9 <olivier@ofthesun.net>
2020-05-06 05:39:39 +00:00
ofthesun9
455814d51f Add newsfragment for pr1486 2020-05-04 18:55:01 +00:00
Tim Möhlmann
dd07b0e3aa
Postgresql: default SUBNET6 in pg_hba 2020-05-03 22:53:22 +03:00
Michael Wyraz
6234da3786 Add doc and changelog for OUTBOUND_TLS_LEVEL 2020-05-02 21:02:53 +02:00
bors[bot]
735e75764f
Merge #1380
1380: [Roundcube] DKIM sign message delivery reports r=mergify[bot] a=TheLegend875

This PR enables the From header for message delivery reports in Roundcube.
This ensures that the message delivery report is DKIM signed and therefore not not blocked or considered spam by receiving mailservers.


Co-authored-by: TheLegend875 <40040530+TheLegend875@users.noreply.github.com>
Co-authored-by: ofthesun9 <olivier@ofthesun.net>
2020-05-02 06:31:54 +00:00
bors[bot]
10e17fbb0b
Merge #1444
1444: Harden default configuration r=mergify[bot] a=Jarel1337



Co-authored-by: Vilgot Fredenberg <vilgot@fredenberg.xyz>
Co-authored-by: Tim Möhlmann <muhlemmer@gmail.com>
2020-05-01 22:01:27 +00:00
Tim Möhlmann
522fd99162
Create 1444.misc 2020-05-01 15:26:07 +03:00
bors[bot]
15a0d7303c
Merge #1399 #1417
1399: Remove SPF type SPF record #1394 r=mergify[bot] a=bladeswords

As mentioned in #1394 - In accordance with RFC 7208, offer only TXT RRs for SPF.
Agree with @Nebukadneza - but not sure how to go about telling people to remove the old record...

## What type of PR?

Documentation

## What does this PR do?
Removes the recommendation to add a SPF RR for SPF records, as this is no longer RFC complaint and often causes issues to maintain two records.

### Related issue(s)
- closes #1394

## Prerequistes
None


1417: docker-compose exec needs a -T flag if no TTY is allocated r=mergify[bot] a=ofthesun9

This flag is missing in 00_create_users.sh and is failing the tests on travis arm architecture

## What type of PR?
This PR is an enhancement/bugfix needed to allow usage of travis to test and deploy on arm platform
Before the PR, tests are failing with the msg: "the input device is not a TTY"

## What does this PR do?
This PR add -T flag for the docker-compose exec occurences found in 00_create_users.sh


Co-authored-by: bladeswords <bladeswords@users.noreply.github.com>
Co-authored-by: Dario Ernst <dario@kanojo.de>
Co-authored-by: ofthesun9 <olivier@ofthesun.net>
2020-05-01 00:23:11 +00:00
ofthesun9
32d7162d48 Newsfragment for #1438 2020-04-09 10:24:48 +02:00
ofthesun9
256cc0fc5a Adding fragment for PR#1381 (Fix #1381) 2020-04-02 20:08:27 +02:00
ofthesun9
108fc19409 Adding fragment for PR#1381 (Fix #1380) 2020-04-02 20:08:27 +02:00
bors[bot]
60b9a3e2f0
Merge #1389
1389: Prefer specific alias over wildcard, regardless of case r=mergify[bot] a=Nebukadneza

## What type of PR?
bug-fix

## What does this PR do?
Since direct addresses (not aliases) are case-insensitive since a while,
it makes sense for aliases to behave the same. Up until now, a wildcard
alias could trump a alias not-matching-the-case of the incoming address.
This clarifies this behavior.

## Notes
I realize that the if-hell down there isn’t nice. What it is, however, is quite clear and easy to read. I’m hoping that if anyone ever gets confused in the future, this will make the current behavior transparent. For me, that was more important than a minimal amount of statements/branches …

### Related issue(s)
closes #1387

## Prerequistes
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dario Ernst <github@kanojo.de>
2020-03-28 05:59:16 +00:00
Dario Ernst
df4f6f895d Add newfragment file for SPF vs. TXT records
closes #1394
2020-03-27 10:23:00 +01:00
bors[bot]
67b48f55fd
Merge #1393
1393: Ignore newlines and comment-lines in postfix overrides r=mergify[bot] a=Nebukadneza

## What type of PR?
enhancement

## What does this PR do?
To make postfix override files understandable and readable, users may
want to insert empty newlines and #-commented lines in their postfix
override files too. This will now ignore such bogus-lines and not send
them to `postconf`, which produced ugly errors in the past.

### Related issue(s)
closes #1098

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dario Ernst <github@kanojo.de>
2020-03-12 16:30:29 +00:00
bors[bot]
575f6b1691
Merge #1296 #1322 #1337 #1358
1296: fetchmail: print unhandled exceptions, but don't crash r=Nebukadneza a=Al2Klimov

fixes #1295

1322: Bump validators from 0.12.5 to 0.12.6 in /core/admin r=Nebukadneza a=dependabot[bot]

Bumps [validators](https://github.com/kvesteri/validators) from 0.12.5 to 0.12.6.
<details>
<summary>Changelog</summary>

*Sourced from [validators's changelog](https://github.com/kvesteri/validators/blob/master/CHANGES.rst).*

> 0.12.6 (2019-05-08)
> ^^^^^^^^^^^^^^^^^^^
> 
> - Fixed domain validator for single character domains ([#118](https://github-redirect.dependabot.com/kvesteri/validators/issues/118), pull request courtesy kingbuzzman)
</details>
<details>
<summary>Commits</summary>

- See full diff in [compare view](https://github.com/kvesteri/validators/commits)
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=validators&package-manager=pip&previous-version=0.12.5&new-version=0.12.6)](https://help.github.com/articles/configuring-automated-security-fixes)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Mailu/Mailu/network/alerts).

</details>

1337: Add IPv6 to allow_nets r=Nebukadneza a=PhilRW

Roundcube was not connecting to sieve with IPv6 enabled.

Fixes #1336

1358: Add port to relay if it contains a colon r=Nebukadneza a=PhilRW

## What type of PR?

enhancement

## What does this PR do?

Allows relaying domains to non-standard SMTP ports by appending `:port` to the destination host/IP. E.g., `mx1.internal:2525`

### Related issue(s)

Closes #1357 


## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Alexander A. Klimov <grandmaster@al2klimov.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Philip Rosenberg-Watt <p.rosenberg-watt@cablelabs.com>
2020-03-12 13:20:00 +00:00
bors[bot]
e41b072938
Merge #1268
1268: Roundcube db r=Nebukadneza a=micw

## What type of PR?

feature

## What does this PR do?

- makes roundcube work with mysql
- runs db init/upgrade scripts on startup
- redirects roundcube logs to stdout

### Related issue(s)
- preparations to solve #1226
- closes #1157 (side effect ;-) )

## Prerequistes

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
Co-authored-by: micw <michael@wyraz.de>
2020-03-12 12:52:25 +00:00
bors[bot]
a28e30b93b
Merge #1320
1320: Add xapian full-text-search plugin to dovecot r=mergify[bot] a=Nebukadneza

## What type of PR?
Enhancement

## What does this PR do?
Currently we are not able to offer our users a FTS experience after the
demise of lucene due to unfixed coredumps with musl/alpine.
We now add lucene, the only remaining maintained small/lean FTS plugin
for dovecot. It is quite simple to add to our stack: A two-stage docker
build is used to compile the fts plugin in the first stage, and copy
over only the resulting plugin-artifact to the second stage, which is
our usual dovecot container. Configuration is also minimal.

There was a upstream issue where bodies were not able to be searched for subwords, but fortunately it was fixed quite quickly. We currently need to wait for a new release to use a stable tag in our `Dockerfile`.

### Related issue(s)
- https://github.com/Mailu/Mailu/pull/1176
- https://github.com/Mailu/Mailu/pull/1297
- https://github.com/Mailu/Mailu/issues/751
- **Upstream-issues which is the cause for the `TODO` in the `Dockerfile`**: https://github.com/grosjo/fts-xapian/issues/32

## Prerequistes
- [ ] Wait for upstream to prepare new release after https://github.com/grosjo/fts-xapian/issues/32 — so that we can use a stable tag in our `Dockerfile`
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dario Ernst <dario@kanojo.de>
Co-authored-by: Dario Ernst <dario.ernst@rommelag.com>
2020-03-10 23:30:14 +00:00
Dario Ernst
dbcab06587 Ignore newlines and comment-lines in postfix overrides
To make postfix override files understandable and readable, users may
want to insert empty newlines and #-commented lines in their postfix
override files too. This will now ignore such bogus-lines and not send
them to `postconf`, which produced ugly errors in the past.

closes #1098
2020-03-07 18:20:56 +00:00
bors[bot]
1ca4d6769c
Merge #1349
1349: Add support for SRS, related to #328 r=mergify[bot] a=kaiyou

## What type of PR?

Feature

## What does this PR do?

It implements SRS using a Python SRS library.

### Related issue(s)
- closes #328 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: kaiyou <pierre@jaury.eu>
2020-03-06 15:05:43 +00:00
Dario Ernst
da2dda49d4 Prefer specific alias over wildcard, regardless of case
Since direct addresses (not aliases) are case-insensitive since a while,
it makes sense for aliases to behave the same. Up until now, a wildcard
alias could trump a alias not-matching-the-case of the incoming address.
This clarifies this behavior.

closes #1387
2020-03-06 13:56:48 +01:00
Philip Rosenberg-Watt
ff1dfec39a Add port to relay if it contains a colon
This closes #1357
2020-02-09 08:05:24 -07:00
kaiyou
6ad9b7c2b2 Add a newsfragment 2020-02-07 15:17:29 +01:00
bors[bot]
96f832835a
Merge #1278
1278: Limiter implementation r=kaiyou a=micw

## What type of PR?

(Feature, enhancement, bug-fix, documentation)

## What does this PR do?

Adds a custom limter based on the "limits" lirary that counts up on failed auths only

### Related issue(s)
- closes #1195
- closes #634

## Prerequistes

- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
Co-authored-by: micw <michael@wyraz.de>
2020-01-30 07:19:35 +00:00
Michael Wyraz
2cb42c31a6 Add changelog 2020-01-29 19:58:58 +01:00
Dario Ernst
99ecaee7b9 Use a released git-tag for fts-xapian 2020-01-23 22:35:30 +01:00
bors[bot]
9db709515a
Merge #1308
1308: Use redis 5 on k8s & add selector r=mergify[bot] a=der-eismann

## What type of PR?
Enhancement

## What does this PR do?
This PR is updating Redis to version 5 in the kubernetes manifests. It is already used in the compose and swarm files, so I don't expect any incompatibilities. There is no necessary migration, you just can't go back.
In addition I added a selector to the manifest and applied a consistent formatting.

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Philipp Trulson <philipp@trulson.de>
2020-01-23 16:22:02 +00:00
kaiyou
e80589dda4 Add the newsfragment 2020-01-13 20:42:51 +01:00
Philipp Trulson
3b9281501a Use redis 5 on k8s & add selector 2020-01-07 21:24:39 +01:00
Stephan Holl
432ba92a0d Added news for PR #1298 2019-12-26 21:45:59 +01:00
bors[bot]
f8a5dd000e
Merge #1241
1241: Change extensions/v1beta to apps/v1 to be compliant with Kubernetes 1.16 r=mergify[bot] a=WebSpider


## What type of PR?

Enhancement

## What does this PR do?

Changes to Kubernetes YAML files to be able to use this in Kubernetes 1.16

### Related issue(s)
- Fixes #1237

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- N/A In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: WebSpider <webspider@bitlair.nl>
Co-authored-by: micw <michael@wyraz.de>
2019-12-16 17:05:44 +00:00
bors[bot]
cfd838f310
Merge #1215
1215: Allow specifying the traefik version for cert dumping r=mergify[bot] a=timoschwarzer

## What type of PR?

Enhancement

## What does this PR do?

### Related issue(s)
- #1011 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Timo Schwarzer <me@timoschwarzer.com>
2019-12-09 11:55:17 +00:00
Michael Wyraz
c079f2ac4a Changelog 2019-12-06 09:38:25 +01:00
hoellen
18a625e209 add changelog 2019-11-21 21:18:07 +01:00
Michael Wyraz
e857b9d659 Document default antivirus behaviour, add an option to reject viruses 2019-11-19 11:31:09 +01:00
Dario Ernst
b374072892 Radicale: Use pip package instead of alpine repo
Required to fix failing builds caused by [alpine]upstream package rebuild against different python version
2019-11-17 14:54:57 +01:00
micw
887c293f14
Update 1241.fix 2019-11-15 19:41:55 +01:00
WebSpider
e73c7e5eeb Add changelog entry for #1241 2019-11-06 13:18:00 +01:00
Tim Möhlmann
4e4b071fb0
Move services into core and optional 2019-10-23 18:27:25 +03:00
Tim Möhlmann
45e0739302
Funding related documentation 2019-10-21 15:00:49 +03:00
bors[bot]
0417c791ff
Merge #985
985: Permit raspberry pi (and other architectures) builds r=mergify[bot] a=abondis

## What type of PR?

Enhancement

## What does this PR do?

Add an option to select base images and permit building for different CPU architectures.

### Related issue(s)
N/A

## Prerequistes

- [X] documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Aurélien Bondis <aurelien.bondis@gmail.com>
Co-authored-by: Aurelien <aurelien.bondis@gmail.com>
2019-10-20 20:41:03 +00:00
Tim Möhlmann
279acca6b2
Dovecot: Delete obsolete data volume 2019-10-15 10:41:05 +03:00
bors[bot]
dcda412b99
Merge #1211
1211: Split HOST_ANTISPAM in HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI r=mergify[bot] a=micw

## What type of PR?

bug-fix

## What does this PR do?

Fixes #1190 by separating HOST_ANTISPAM into HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI

### Related issue(s)
- closes #1190
- closes #1150

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
2019-10-13 19:44:25 +00:00
Timo Schwarzer
0c82caf817
Allow specifying the traefik version for cert dumping 2019-10-13 21:36:34 +02:00
bors[bot]
35160b770d
Merge #1198 #1204 #1207 #1208
1198: Enable access log of admin service only for log levels of INFO and finer r=muhlemmer a=micw

## What type of PR?

bug fix

## What does this PR do?

### Related issue(s)
- closes #1197

## Prerequistes

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1204: Add initial admin account to kubernetes example r=muhlemmer a=micw

## What type of PR?

documentation

## What does this PR do?

Add INITIAL_ADMIN_* example to kubernetes configmap.yaml

### Related issue(s)

- closes #1201

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- docs example only

1207: Add Japanese translation r=muhlemmer a=IchikawaYukko

## What type of PR?

Translation

## What does this PR do?

Provide completed Japanese translation.

### Related issue(s)

None

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [*] In case of feature or enhancement: documentation updated accordingly
- [*] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1208: Persist mailqueue r=muhlemmer a=micw

## What type of PR?

bug-fix

## What does this PR do?

Makes postfix mailqueue presistent (for docker, swarm and kubernetes)

### Related issue(s)
- closes #1161

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
Co-authored-by: Michael Wyraz <michael.wyraz@evermind.de>
Co-authored-by: U-COREI3-3120M\市川ゆり子 <ichikawayuriko@yahoo.co.jp>
Co-authored-by: micw <michael@wyraz.de>
2019-10-13 19:01:20 +00:00
Michael Wyraz
a907fe4cac Split HOST_ANTISPAM in HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI 2019-10-13 20:13:02 +02:00
bors[bot]
9c956a04ca
Merge #1183
1183: Fix rspamd-learn when moving mail from/to junk folder r=mergify[bot] a=Nebukadneza

Before, the ham/spam scripts got the rspamd-ip/port from the environment.
However, when checking the environment of these processes now, it seems
cleared. Maybe the new dovecot version now clears environment? — I couldn’t
find a hint.

In any case, using the common mechanism of injecting the ip/port from where
it’s definately known by the already-used jinja2-mechanism seems reasonably
safe.

## What type of PR?
bug-fix

## What does this PR do?
Instead of relying on dovecot passing our environment cleanly to sieve-called scripts, this explicitly injects the antispam ip/port into the spam/ham scripts used when moving files from/to the spam-folder. This required some management of the files, such as setting proper permissions after the jinja-run.

### Related issue(s)
fixes #1177 

## Prerequistes
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dario Ernst <dario@kanojo.de>
Co-authored-by: Dario Ernst <dario.ernst@rommelag.com>
2019-10-13 16:19:24 +00:00
bors[bot]
8d7f335e46
Merge #1131
1131: Use a more consistent towncrier template r=muhlemmer a=kaiyou

## What type of PR?

Enhancement

## What does this PR do?

It simply changes the towncrier template to match the existing changelog style

### Related issue(s)

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: kaiyou <pierre@jaury.eu>
2019-10-13 14:42:32 +00:00
U-COREI3-3120M\市川ゆり子
82b5e7d805 Add news fragments 1207.feature 2019-10-13 01:17:35 +09:00
Michael Wyraz
61045c1d2c Changelog 2019-10-11 08:51:41 +02:00
Michael Wyraz
d689a8eeb3 Enable access log of admin service only for log levels of INFO and finer 2019-10-08 07:29:33 +02:00
hoellen
d3dd4802f4 Change default password scheme to PBKDF2 (#1194) 2019-10-07 22:29:03 +02:00
bors[bot]
20e00ac0c4
Merge #1158
1158: Use nginx for kubernetes ingress r=kaiyou a=micw

## What type of PR?

enhancement

## What does this PR do?

Currently, kubernetes uses a complex ingress setting which is not portable across different ingress controllers. This PR simplifies the ingress and delegates everythins special to Mailu to the front container,

### Related issue(s)
- closes #1121
- closes #1117
- closes #1021
- closes #1045

## Prerequistes

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog]

Co-authored-by: Michael Wyraz <michael@wyraz.de>
2019-10-07 19:36:45 +00:00
Dario Ernst
88bfb0d17f Fix rspamd-learn when moving mail from/to junk folder
Before, the ham/spam scripts got the rspamd-ip/port from the environment.
However, when checking the environment of these processes now, it seems
cleared. Maybe the new dovecot version now clears environment? — I couldn’t
find a hint.

In any case, using the common mechanism of injecting the ip/port from where
it’s definately known by the already-used jinja2-mechanism seems reasonably
safe.
2019-09-27 19:53:09 +00:00
bors[bot]
e46153c0b1
Merge #1114
1114: Resolve HOST to ADDRESS only if ADDRESS is not already set r=mergify[bot] a=micw

## What type of PR?

bug-fix

## What does this PR do?

~Makes the rsolving from hosts to ips at startup configurable~

I rewrote the pull request after #940 was merged. Now it resolves HOSTs to ADDRESSes only of ADDRESSes are not already set. So on kubernetes we can jsut set the address and have working service discovery.

### Related issue(s)
- closes #1113

## Prerequistes

~Minor change, backward compatible~
Changelog will be added

Co-authored-by: Michael Wyraz <michael@wyraz.de>
2019-09-17 18:30:27 +00:00
Thomas Sänger
3245fb5112
changelog for capability-advertisement 2019-09-04 19:04:24 +02:00
Michael Wyraz
92645bcd4a Use nginx for kubernetes ingress 2019-09-03 10:27:10 +02:00
Michael Wyraz
de2f166bd1 Resolve HOST_* to *_ADDRESS only if *_ADDRESS is not already set 2019-08-31 18:18:58 +02:00
kaiyou
089ca7a003 Prepare release notes for 1.7 2019-08-22 23:27:21 +02:00
kaiyou
7f20499768 Use a more consistent towncrier template 2019-08-22 23:25:27 +02:00
Tim Möhlmann
5b07da7f7c
Changelog to towncrier 2019-08-22 11:46:06 +03:00
Tim Möhlmann
9058f357f2
Move from changlog to towncrier 2019-08-21 23:51:44 +03:00
Aurélien Bondis
7684eda5d5 add changelog 2019-08-21 12:02:24 -04:00
bors[bot]
47a40d17b7 Merge #1088
1088: Support domain literals (fix #1087) r=mergify[bot] a=hoellen

## What type of PR?
bug-fix

## What does this PR do?
This PR adds error handling for idna enocding. With telnet you now get a "Bad sender address syntax"  message.

```
> telnet mail.example.com 25

Connected to example.com.
Escape character is '^]'.
220 mail.example.com ESMTP ready
EHLO dummy.example.com
250-mail.example.com
250 STARTTLS
MAIL FROM: does-not-exist@[116.203.165.200]
250 2.0.0 OK
RCPT TO: some-user@example.com
501 5.1.7 Bad sender address syntax
Connection closed by foreign host.
```


### Related issue(s)
fix #1087

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: hoellen <dev@hoellen.eu>
2019-08-15 08:29:11 +00:00
hoellen
b720bedf72 Support domain literals for receiving emails 2019-08-15 00:20:55 +02:00
hoellen
bed2c6ea09 Revert "Error handling for idna encoding"
This reverts commit 10034526a1.
2019-08-14 01:02:07 +02:00
bors[bot]
1f2ae521d7 Merge #1084
1084: Allow subnet with host bit set in setup r=mergify[bot] a=hoellen

## What type of PR?
bug-fix

## What does this PR do?
This allows to set the host bit in the subnet while using the [setup](https://setup.mailu.io/1.6/). The host bits are now masked out to determine the appropriate network address. This means that e.g. `172.17.0.1/12` is now considered as `172.17.0.0/12`.
So new users are not confused by error messages while setup a new Mailu instance (as you can see the multiple requests in the Matrix chat).

ref: https://docs.python.org/3/library/ipaddress.html#ipaddress.IPv4Network

### Related issue(s)
closes #1083 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: hoellen <dev@hoellen.eu>
2019-07-28 19:36:43 +00:00
bors[bot]
f9ed1b74d9 Merge #1082
1082: Use socrate instead of Mailustart r=mergify[bot] a=hoellen

## What type of PR?

enhancement

## What does this PR do?
This PR updates the `Dockerfile`, `setup.py` and `config.py` of each image to support the new [Mailu/socrate](https://github.com/Mailu/socrate) python package. So [MailuStart](https://github.com/Mailu/MailuStart) is not used anymore for resolving DNS and configuration processing. 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: hoellen <dev@hoellen.eu>
2019-07-28 19:09:11 +00:00
hoellen
10034526a1 Error handling for idna encoding 2019-07-28 08:32:02 +02:00
hoellen
0e8bb507bf move changelog to the right directory 2019-07-26 07:27:54 +02:00
hoellen
463bbda302 Allow subnet with host bit set in setup 2019-07-25 11:55:40 +02:00
hoellen
8c2b136feb Update changelog 2019-07-25 10:53:27 +02:00
bors[bot]
2788909a13 Merge #1052
1052: Upgrade alpine to 3.10 r=mergify[bot] a=Nebukadneza

## What type of PR?
enhancement / bug-fix

## What does this PR do?
Upgrade the alpine base image to 3.10 and clean up ensuing problems. Also directly uses postfix foreground-running with stdout logging.

### Related issue(s)
closes #1049
closes #1051

Note: This is a duplicate effort of #1050 #1039 …

## Prerequistes
- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.

With these images, I have tested manually:
- Email receive to user
  - on main domain
  - on additional domain
  - via an alias on main-domain
  - via an alias on additional domain
  - via catchall
- Email reject
  - of eicar testfiles
- Email sending
- Fetchmail from legacy POP
- Front LE certificates
- Simple overriding for postfix (only postfix.cf), nginx, dovecot, rspamd
- Creating a CalDAV calendar and CardDAV entry using davx5

I have not (yet) tested:
- certdumper
- databases other than sqlite

Todo:
- [x] Get rid of podop at `git+https://github.com/Nebukadneza/Podop.git@fix_py37` once https://github.com/Mailu/Podop/pull/6 is merged
- [x] Bend Mailustart back to original repository
- [x] Test more (? also help wanted ?)

Co-authored-by: Thomas Sänger <thomas@gecko.space>
Co-authored-by: Dario Ernst <dario@kanojo.de>
Co-authored-by: Reto Glauser <git@blinkeye.ch>
2019-07-23 13:34:33 +00:00
Bambie07
282830c8aa
Create 1075.bugfix 2019-07-17 11:39:36 +02:00
Dario Ernst
8c2e22f666 Merge branch 'master' into HorayNarea-feat-upgrade-alpine 2019-07-14 13:10:30 +00:00
bors[bot]
f77e1bdd0e Merge #1048
1048: Refactor admin using webpack r=mergify[bot] a=kaiyou

## What type of PR?

Refactoring

## What does this PR do?

This PR brings some refactoring to the admin container :
- remove the dependency to mailustart and replace it with socrate
- remove static assets from the repo and use Webpack for building them


Co-authored-by: hoellen <dev@hoellen.eu>
Co-authored-by: kaiyou <pierre@jaury.eu>
2019-07-14 12:21:49 +00:00
Dario Ernst
ce0c24e076 Merge branch 'master' into HorayNarea-feat-upgrade-alpine 2019-07-14 09:40:58 +00:00
bors[bot]
22c326a9df Merge #1070
1070: use HTTP/1.1 for proxyied connections r=mergify[bot] a=HorayNarea

## What type of PR?
Feature/Enhancement

## What does this PR do?
[by default nginx uses HTTP/1.0 when proxying connections](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version), this PR changes that to HTTP/1.1 so keep-alive and other efficiency-improvements are available

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Thomas Sänger <thomas@gecko.space>
2019-07-12 16:40:20 +00:00
hoellen
37d4db514f update changelog 2019-07-12 09:22:07 +02:00
Thomas Sänger
c064f58f4d
update changelog 2019-07-11 22:46:05 +02:00
bors[bot]
ad8f547357 Merge #1067
1067: Update password in commandline r=hoellen a=hoellen

## What type of PR?

Feature

## What does this PR do?
Adds the ability to set/reset a user's password from the Mailu command line. Similar to the user command:
```
docker-compose exec admin flask mailu password myuser example.net 'password123'
```
With this we can reset the demo server password every few minutes (#987)

### Related issue(s)
closes #1066

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: hoellen <dev@hoellen.eu>
2019-07-09 07:50:10 +00:00
hoellen
589f524a58 fix destination of changelog file (#1010) 2019-07-08 15:53:57 +02:00
hoellen
616d40d225 Update password in commandline 2019-07-08 10:50:08 +02:00
Daniel Huber
515e95076a
Merge branch 'master' into feat-relay-auth 2019-06-26 19:52:54 +02:00
Dario Ernst
f97b3fc827 Add towncrier newsfragments 2019-06-25 19:24:05 +00:00
bors[bot]
829441def5 Merge #891
891: Update fetchmail to selfbuilt 7.0.0-alpha r=mergify[bot] a=Nebukadneza

## What type of PR?
enhancement

## What does this PR do?
Fetchmail in alpine is ~5 years old — and doesn’t support current SSL/TLS
variants anymore. This especially leads to our own fetchmail not being able to
pull mail from mailu itself. Since no new fetchmail release is on the horizon,
let’s build the lastest distribution artifact — which strangely is not
6.4.0-snapshot, but 7.0.0-alpha — ourselves.

### Related issue(s)
closes #808 

## Prerequistes
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.


Co-authored-by: Dario Ernst <dario@kanojo.de>
Co-authored-by: Nebukadneza <github@kanojo.de>
2019-06-25 06:29:35 +00:00
kaiyou
4b620ba5d1 Merge branch 'hoellen-fix-sidebar-toggle' into refactor-admin-webpack 2019-06-23 14:28:02 +02:00
kaiyou
c147a371d7 Merge branch 'fix-sidebar-toggle' of https://github.com/hoellen/Mailu into hoellen-fix-sidebar-toggle 2019-06-23 14:24:56 +02:00
kaiyou
7ec033b79b Add the towncrier newsfragment 2019-06-23 14:19:06 +02:00
kaiyou
eaa20ffbe3
Merge pull request #965 from Nebukadneza/better_certdumper
Use ldez/traefik-certs-dumper in certificate dumper, and make more robust
2019-06-23 14:11:59 +02:00
bors[bot]
ccecf3449e Merge #1010
1010: Move the localization effort to Weblate r=mergify[bot] a=kaiyou

## What type of PR?

documentation

## What does this PR do?

This PR updates documentation for us to move the localization effort outside of POEditor. POEditor had archived our project and it was linked to my account. I suggest we move to a Weblate instance (hosted at TeDomum for the part I setup).

### Related issue(s)
- closes #916 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: kaiyou <pierre@jaury.eu>
2019-06-06 15:17:48 +00:00
kaiyou
05925f4c45 Move the localization effort to Weblate 2019-05-07 09:34:33 +02:00
Dario Ernst
e22324adcd Make aliases case-insensitive (too)
Even though RFC5321 2.4 explains that local-parts are to be case-sensitive,
this does not seem to be how EMail is used today. Thus, instead of reverting
user-emails back to being case sensitive, let’s make aliases case-insensitive
too. Not only more consistent, this also allows users to enjoy receiving EMails
from large airlines or car-rental agencies onto their already existing aliases.

For the rare case of case sensitive aliases existing, let’s query for the
forced-lowercase alias only in the event that the preserved-case one isn’t
found …

closes #867
2019-04-14 12:02:12 +00:00
hoellen
167e5a87e1 add sidebar toggle button 2019-04-14 11:52:01 +02:00
Dario Ernst
1acd629e6f Use ldez/traefik-certs-dumper in certificate dumper, and make more robust
closes #820
2019-03-10 12:15:14 +00:00
Dario Ernst
5f4a6cf16b Update fetchmail to selfbuilt 7.0.0-alpha
Fetchmail in alpine is ~5 years old — and doesn’t support current SSL/TLS
variants anymore. This especially leads to our own fetchmail not being able to
pull mail from mailu itself. Since no new fetchmail release is on the horizon,
let’s build the lastest distribution artifact — which strangely is not
6.4.0-snapshot, but 7.0.0-alpha — ourselves.
2019-03-10 10:20:43 +00:00
Daniel Huber
7dcb2eb006
Add authentication for email relays 2019-03-04 18:54:53 +01:00
Ionut Filip
e548c4e531 Moved towncrier to project root 2019-02-14 16:33:45 +02:00
Ionut Filip
4a03e32882 Towncrieri implementation 2019-02-14 15:48:21 +02:00