1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Commit Graph

3977 Commits

Author SHA1 Message Date
Florent Daigniere
6b2cb95a7d This is not required anymore 2022-11-13 14:17:37 +01:00
Florent Daigniere
a508eeaafb Use /dev/shm for tmp 2022-11-13 14:16:44 +01:00
Florent Daigniere
f2f430af5d Redirect the logs where they belong 2022-11-13 14:07:40 +01:00
Florent Daigniere
06c0c78956 Hardening: run the http and php as different users 2022-11-13 13:44:35 +01:00
Florent Daigniere
d7b80e94a4 try again. 2022-11-12 16:21:28 +01:00
Florent Daigniere
7ebac75045 fix tests 2022-11-12 16:11:38 +01:00
Florent Daigniere
f3a91d1a18 enable APCu 2022-11-12 16:00:55 +01:00
Florent Daigniere
b488e57602 debug 2022-11-12 15:39:11 +01:00
Florent Daigniere
225322fe88 More hardening 2022-11-12 15:34:43 +01:00
Florent Daigniere
ad17b10c8e redirects should be HTTP/302 2022-11-12 15:31:47 +01:00
Florent Daigniere
4517ce23a6 Aliases be damned. 2022-11-12 15:28:01 +01:00
Florent Daigniere
6d8cc9083b test 2022-11-12 15:21:04 +01:00
Florent Daigniere
729838c8fe Grrr. 2022-11-12 15:12:22 +01:00
Florent Daigniere
1379a58352 Basic hardening 2022-11-12 14:50:30 +01:00
Florent Daigniere
50f94a282f doh 2022-11-12 14:35:17 +01:00
Florent Daigniere
710dde1faf Fix #948: ensure the admin panel is disabled 2022-11-12 14:27:32 +01:00
Florent Daigniere
7e722cd0c3 fix #2250: ensure rainloop uses _ADDRESS 2022-11-12 14:10:50 +01:00
Florent Daigniere
224f2f4508 This isn't used anymore
The healthcheck is now done by fpm
2022-11-12 14:01:01 +01:00
Florent Daigniere
a8d405cb48 Verify the gpg signature of webmails 2022-11-12 12:25:03 +01:00
Florent Daigniere
ae64c6cc30 Doh 2022-11-12 11:51:12 +01:00
Florent Daigniere
13adf4aeec Fix tests 2022-11-12 11:46:59 +01:00
Florent Daigniere
1edef755f1 Fix bug #2466 2022-11-12 11:40:23 +01:00
Florent Daigniere
dc9e2a3e70 Upgrade Snappymail to 2.21 and merge the webmail containers 2022-11-12 11:34:58 +01:00
bors[bot]
8a90f83bd0
Merge #2514
2514: Update deps r=mergify[bot] a=ghostwheel42

## What type of PR?

update python dependencies

## What does this PR do?

Update python deps in base image


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2022-11-11 15:53:25 +00:00
Florent Daigniere
f11c451403 Restrict it to arch where there is a package 2022-11-11 14:12:54 +01:00
Florent Daigniere
97df65e9ef Switch to GrapheneOS's hardened_malloc
This was suggested during the dev meeting of the 18/09/22.

It may break things and it may make things unbearably slow
2022-11-11 13:56:04 +01:00
bors[bot]
8d392e8056
Merge #2524
2524: Update the webmail images r=mergify[bot] a=Diman0

Update the webmail images.
Roundcube
  - Switch to base image (alpine)
  - Switch to php-fpm

SnappyMail
  - Switch to base image
  - Upgrade php7 to php8.

## What type of PR?

Feature

## What does this PR do?
Update the webmail images.
Roundcube
  - Switch to base image (alpine)
  - Switch to php-fpm

SnappyMail
  - Switch to base image
  - Upgrade php7 to php8.

### Related issue(s)
- closes #1521

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2022-11-11 12:38:46 +00:00
Dimitri Huisman
0e5443a867
Update php8 to php81. Update snappymail to 2.19.4 2022-11-11 12:08:27 +00:00
Dimitri Huisman
59c5b152b2
Switch to using set -euxo pipefail for better error handling
-e immediately exit when a command fails. No further commands are processed.
-o pipefail, if a series of piped commands fail, do NOt return the last commands returncode, but DO return the return code of the failing command in the pipeline series
-u, raise an error when an unset variable is used. Not using this results in an empty value being used and the script being executed differently without you knowing why.
-x, print each command before executing it. Actual arguments are expanded. So you see the command with the actual parameter values. This is printed in red in the buildx log output.
2022-11-11 09:10:45 +01:00
Dimitri Huisman
f6cdfb3392
Allow Healthcheck requests over IPv6 2022-11-11 08:40:07 +01:00
Dimitri Huisman
2a894cb15d
Process nextgens review remarks 2022-11-10 20:03:26 +01:00
Dimitri Huisman
92f270c94e
Update the webmail images:
Roundcube
  - Switch to base image (alpine)
  - Switch to php-fpm
SnappyMail
  - Switch to base image
  - Upgrade php7 to php8.
2022-11-10 15:51:22 +00:00
bors[bot]
745c211c4a
Merge #2523
2523: fix JS error r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

It fixes a bug whereby one may have to click twice on the submit button depending on timing.

e.trigger() will error out on most browsers.

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-09 15:34:37 +00:00
bors[bot]
0839490beb
Merge #2479
2479: Rework the anti-spoofing rule r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

We shouldn't assume that Mailu is the only MTA allowed to send emails on behalf of the domains it hosts.
We should also ensure that it's non-trivial for email-spoofing of hosted domains to happen

Previously we were preventing any spoofing of the envelope from; Now we are preventing spoofing of both the envelope from and the header from unless some form of authentication passes (is a RELAYHOST, SPF, DKIM, ARC)

### Related issue(s)
- close #2475

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-09 15:16:36 +00:00
Florent Daigniere
c91c9df134 fix error 2022-11-09 11:52:53 +01:00
bors[bot]
cf6da1492e
Merge #2157
2157: configure datatables via html5 data attributes r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

allows to sort most columns as a human would expect

### Related issue(s)
- closes #2154 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2022-11-08 16:10:49 +00:00
Vincent Kling
728afdd34a Add basic logging for FETCHMAIL_ENABLED and FETCHMAIL_DELAY 2022-11-08 16:51:35 +01:00
Alexander Graf
e0d2432c6b
Rename data-ordered to data-sort 2022-11-08 16:22:24 +01:00
Alexander Graf
2a4402cdc2
Fix datatable for list fo sign-up domains 2022-11-08 13:27:57 +01:00
Alexander Graf
af6cf5fd1d
Fix language selector without session 2022-11-08 13:27:57 +01:00
Alexander Graf
2778641e78
Fix screen reader title of language selector 2022-11-08 13:27:56 +01:00
Alexander Graf
4776094ea7
Configure datatables on missing tables, add sign in button to sso page. 2022-11-08 13:27:56 +01:00
Alexander Graf
6218b36372
configure datatables via html5 data attributes 2022-11-08 13:27:56 +01:00
Alexander Graf
1ae9156756
Add bcyrpt as direct dependency for better crypto. Also some updates 2022-11-08 13:27:33 +01:00
Alexander Graf
a74396a9ef
Fix wtforms usage 2022-11-08 13:27:33 +01:00
Alexander Graf
047413185e
Mask Flask-SQLAlchemy >= 3.0.0 for now as it breaks mailu 2022-11-08 13:27:33 +01:00
Alexander Graf
7e36694b64
Update python deps 2022-11-08 13:27:33 +01:00
Vincent Kling
4a74cd9afe Resolve conflict 2022-11-08 11:56:08 +01:00
Vincent Kling
6901b0f05e Implement FETCHMAIL_ENABLED in fetchmail.py 2022-11-08 11:47:20 +01:00
bors[bot]
896e7fb54b
Merge #2500
2500: Password policy enforcement r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

It enforces that all new passwords set by users are at least 8 characters in length and checks all users' passwords at login time against HIBP.

The HIBP part requires javascript and Mailu to be accessed over HTTPS to work but degrades gracefully (no message will be shown if the requirements are not met).

It was a conscious choice to implement it at this level: administrators can set weaker passwords using non-HTTP based interfaces.

### Related issue(s)
- close #2208
- close #287

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2022-11-08 07:55:25 +00:00