1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-16 10:59:53 +02:00
Commit Graph

1696 Commits

Author SHA1 Message Date
Florent Daigniere
66b7c76836 Doh. Without this email delivery from RELAYNET is broken 2023-02-09 16:04:13 +01:00
bors[bot]
aea7407044
Merge #2646
2646: Smarter ratelimit r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Only account for **distinct** usernames in the IP rate-limiter.

This enables to have a much tighter default as a user with a misconfigured device will now only account for a single attempt.

The goal here is to make the rate-limiter more acceptable and to avoid people disabling it altogether.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2023-02-09 12:18:41 +00:00
bors[bot]
46429ab247
Merge #2640
2640: Add env variable to set sieve_vacation_to_header_ignore_envelope r=mergify[bot] a=nwinkelstraeter

When used with SRS the vacation plugin creates a reply with SRS in the To: header which does not look nice for the recipient. Setting sieve_vacation_to_header_ignore_envelope will use the headers from the original source message instead of potentially rewritten ones.

Without this option auto-replies are sent with a To header with SRS, e.g `SRS0=uetG=43=sender.com=user@autoresponder.com`
With this option they are sent with just `user@sender.com`

This option is for whatever reason not part of the [pigeonhole docs](https://doc.dovecot.org/configuration_manual/sieve/extensions/vacation/) but it is documented here: 34431d7a67/NEWS (L338)

## What type of PR?

enhancement

## What does this PR do?
This PR adds an environment variable to the set the `sieve_vacation_to_header_ignore_envelope` configuration

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly



Co-authored-by: Nico Winkelsträter <nico.winkelstraeter@initos.com>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-02-09 10:08:48 +00:00
Nico Winkelsträter
9cb2ef7632 Let vacation plugin ignore envelope sender to avoid SRS recipient
This is done by setting sieve_vacation_to_header_ignore_envelope to yes
The envelope is rewritten by recipent_canonical_maps to reverse SRS after the plugin checks it
so we need the plugin to ignore it at this point.
2023-02-09 11:01:35 +01:00
Florent Daigniere
085bac6e08 Change AUTH_RATELIMIT_IP_V6_MASK from /56 to /48 2023-02-07 09:54:50 +01:00
Alexander Graf
fa084d7b1c
Styling only 2023-02-07 08:54:13 +01:00
Florent Daigniere
caa8412d82 close #1236: Allow + in localpart of addresses 2023-02-06 13:00:17 +01:00
Florent Daigniere
294ac4adb2 Revert "Clarify"
This reverts commit 35e9bfb8ab.
2023-02-04 17:08:26 +01:00
Florent Daigniere
35e9bfb8ab Clarify 2023-02-04 16:54:25 +01:00
Florent Daigniere
d30f71234d Apply the mask on the IP too 2023-02-04 16:50:43 +01:00
Florent Daigniere
a60159a0db update defaults, rephrase doc 2023-02-04 16:46:27 +01:00
Florent Daigniere
e2a25c79fc only account attempts for distinct usernames in ratelimits 2023-02-04 16:36:16 +01:00
Dimitri Huisman
44ad14811d
Missed some IF statements that must be modified for normalized config. 2023-02-01 11:12:05 +00:00
Dimitri Huisman
d9a6777d9d
Forgot to adapt some IF statements. All config is normalized now for front.
So true/false now matches the boolean value True/False.
Instead if {% IF X == 'true' %} we should now use {% IF X %}
2023-02-01 08:51:53 +00:00
bors[bot]
4a24bd9e24
Merge #2638
2638: further finishing touches for restful api r=mergify[bot] a=Diman0

- Fix setup utility setting correct value to env var API. It now also sets `false` when the API is disabled in the setup utility.
- Fix IF statement for enabling API in nginx.conf. Setting a different value than `API=true` in mailu.env now disabled the API endpoint in nginx.
- Use safer command for regenerating example API token. It uses crypto.getRandomValues() (as suggested by nextgens) which should be more random than the previously used method. 

## What type of PR?

bug-fix

## What does this PR do?

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-01-31 20:34:48 +00:00
Dimitri Huisman
7bcac3bbaa
Get the value from the correct dict (args) 2023-01-31 17:26:32 +00:00
Alexander Graf
ab5caac6f7
Remove webmail cookies on logout. 2023-01-31 17:34:59 +01:00
Dimitri Huisman
75afe1092d
Use server-side password generator for generating token.
Fix setup correctly writing the value for API to mailu.env
Normalize env vars for front container.
Update reverse proxy with API information.
2023-01-31 12:37:25 +00:00
Dimitri Huisman
0673d32306
Fix setup utility setting correct value to env var API
Fix IF statement for enabling API in nginx.conf
Use safer command for regenerating example API token.
2023-01-30 13:16:07 +00:00
Alexander Graf
50fc1cb8b3
Move version style to app.css 2023-01-30 10:49:11 +01:00
Alexander Graf
8f425ce081
Move unit to data-attr and fix defaulting to 1 2023-01-30 10:49:11 +01:00
Alexander Graf
f00059d10c
Show mailu version in web interface after logging in 2023-01-30 10:49:11 +01:00
Alexander Graf
8b0b87984d
Duh. Fix macros call 2023-01-30 10:49:10 +01:00
Alexander Graf
2fa0461803
Fix sliders 2023-01-30 10:49:10 +01:00
Alexander Graf
31e974f829
Add edit button to admin and manager lists 2023-01-30 10:49:10 +01:00
Alexander Graf
3af3aa9395
Show quota in domain list 2023-01-30 10:49:10 +01:00
Alexander Graf
65595d139a
Set default sort order for all lists 2023-01-30 10:49:10 +01:00
bors[bot]
3a1cecbe21
Merge #2636
2636: Fix out of office replies r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Fix sieve/out of office replies by adding SUBNET to rspamd's local_networks.

Webmails are now on a different subnet.

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-01-30 09:32:18 +00:00
Florent Daigniere
ae7061c561 Doh 2023-01-30 10:29:37 +01:00
Florent Daigniere
802ab533d2 Upgrade to alpine 3.17.1
New openssl, new dovecot
2023-01-29 18:13:49 +01:00
Florent Daigniere
e326393f03 fix ooo 2023-01-29 15:47:19 +01:00
Alexander Graf
21ac230cce
Make olefy.py listen on all interfaces 2023-01-28 19:40:26 +01:00
Alexander Graf
842be9b7c3
Skip listen to v6 when SUBNET6 is not set 2023-01-28 19:40:23 +01:00
Alexander Graf
1ad1d8d95d
Rewrite generation of gunicorn cmdline 2023-01-28 19:39:40 +01:00
Chris Schäpers
35331a4295
Make gunicorn IPv6 conditional
Only listen on [::]:80 in case SUBNET6 is defined, otherwise do the normal :80
2023-01-28 19:39:39 +01:00
Chris
9f6848110a
Make gunicorn listen on ipv6 2023-01-28 19:39:39 +01:00
bors[bot]
db2a490256
Merge #2633
2633: Don't apply antispoof rules on locally generated emails r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Don't apply antispoof rules on locally generated emails; This was breaking the auto-responder and sieve rules.

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-01-28 15:05:38 +00:00
Florent Daigniere
46f05cb651 Merge branch 'master' of https://github.com/Mailu/Mailu into reduce-logging 2023-01-28 14:28:26 +01:00
Florent Daigniere
36623188b5 Don't apply antispoof rules on locally generated emails 2023-01-28 14:12:14 +01:00
bors[bot]
179c624116
Merge #2631
2631: Restful api finishing touches r=mergify[bot] a=Diman0

## What type of PR?

enhancement

## What does this PR do?
Some finishing touches for the restful api.

- Make the API configurable via the setup utility.  
  - Configured exactly the same as the ADMIN and WEBMAIL. 
- We have a single config (API) that configures whether it is exposed (via front). Just like ADMIN. The API is always reachable by directly connecting to the admin container.
- API_TOKEN does not enable/disable the API anymore. When it is not configured, an error is returned (via the internet browser) that the API_TOKEN must be configured in mailu.env.
- Fix some small bugs in the setup utility ( selecting none in the dropdown boxes, now correctly changes the config)
- Update Flask-RestX to 1.0.5. This resolves the deprecation warnings introduced by Flask-RestX.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-01-27 18:46:57 +00:00
bors[bot]
43e500faf5
Merge #2628
2628: Set default for FETCHMAIL_ENABLED r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

Set the default for FETCHMAIL_ENABLED to true in the admin container.
This keeps existing functionality for people upgrading without re-creating the `mailu.env`.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2023-01-27 07:53:10 +00:00
Dimitri Huisman
18b900699c
Bump version of Flask-RESTX to 1.0.5.
This resolves all deprecation warnings caused by Flask-RESTX.
2023-01-25 16:12:14 +00:00
Dimitri Huisman
d6e7314f05
Make API configurable via the setup utility
Fix some small bugs in the setup utility
Improve documentation on the API.
2023-01-25 15:30:25 +00:00
Alexander Graf
c4ca1cffaf
Set default for FETCHMAIL_ENABLED 2023-01-25 12:20:17 +01:00
Alexander Graf
5c968256e6
Really fix creation of deep structures using import in update mode 2023-01-25 10:34:44 +01:00
bors[bot]
151601744f
Merge #2627
2627: Add SUBNET6 to places where SUBNET is used r=nextgens a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

Also add SUBNET6 where SUBNET is used.

Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2023-01-24 16:58:04 +00:00
bors[bot]
6d994525c4
Merge #2625
2625: Disable fetchmail r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

Only show "fetched accounts" button in user list when fetchmail feature is enabled.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2023-01-24 11:34:44 +00:00
Alexander Graf
10562233ca
Add SUBNET6 to places where SUBNET is used 2023-01-24 12:15:36 +01:00
bors[bot]
7e60ba4e98
Merge #2613
2613: Enhance network segregation r=nextgens a=nextgens

## What type of PR?

enhancement

## What does this PR do?

- put radicale and webmail on their own network: this is done for security: that way they have no privileged access anywhere (no access to redis, no access to XCLIENT, ...)
- remove the EXPOSE statements from the dockerfiles. These ports are for internal comms and are not meant to be exposed in any way to the outside world.

### Related issue(s)
- #2611

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-01-24 09:28:29 +00:00
Alexander Graf
1697da6e23
Disable "Fetched accounts" button in user list. 2023-01-23 20:50:56 +01:00