1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Commit Graph

165 Commits

Author SHA1 Message Date
Pierre Jaury
3fa44613b1 Add a default babel configuration 2016-10-02 14:56:33 +02:00
Pierre Jaury
3ade5641d9 Fix the confirmation form 2016-10-02 14:53:01 +02:00
Pierre Jaury
0beeeade41 Enable Babel for all views 2016-10-02 14:52:50 +02:00
Pierre Jaury
a3ad45c8ac Use babel for base views 2016-10-02 14:43:48 +02:00
Pierre Jaury
fe035114e9 Enable Babel for forms 2016-10-02 14:37:06 +02:00
Pierre Jaury
d3436668d8 Enable Babel 2016-10-02 14:23:44 +02:00
Pierre Jaury
676a9a5d2c Do not redirect users to admin pages, fix #74 2016-10-02 10:14:53 +02:00
Pierre Jaury
c028a3799d Write an equivalence test for domains, fixes #65
(cherry picked from commit 144f427088)
2016-10-02 10:13:45 +02:00
kaiyou
1ae8fe6af1 Merge pull request #73 from diresi/junk_filter
dovecot: use rspamd X-Spamd-Result percentage to evaluate spam
2016-10-02 09:46:48 +02:00
Pierre Jaury
c02faada94 Remove deprecated references to flask_wtf.Form, fix #72 2016-10-02 09:33:07 +02:00
Pierre Jaury
e7399e6926 Add a development run.py script 2016-10-02 09:19:34 +02:00
Christoph Rissner
b9de28e910 dovecot: use rspamd X-Spamd-Result percentage to evaluate spam
- configures dovecot to use the spamtest sieve plugins
- configures sieve to read the score from X-Spamd-Result: headers
- before.sieve applies the ${spam_threshold} to the spamtest percentage
- freeposte.db stores a percentage for ${spam_threshold}
- migrate freeposte.db spam_threshold from X/15 to percentages

the filter investigates the overall ratio of the `rspamd` header
`X-Spamd-Result` that looks something like this:

X-Spamd-Result: default: True [12.36 / 15.00]
 RBL_SPAMHAUS_XBL(4.00)[]
 BAYES_SPAM(3.06)[92.67%]
 RBL_SPAMHAUS_XBL_ANY(4.00)[]
 ONCE_RECEIVED_STRICT(4.00)[]
 HFILTER_HELO_BAREIP(3.00)[]
 RBL_SORBS_DUL(2.00)[]
 HFILTER_HOSTNAME_UNKNOWN(2.50)[]
 RBL_SPAMHAUS_PBL(2.00)[]
 RBL_SORBS_RECENT(1.50)[]
 MIME_UNKNOWN(0.10)[application/x-rar-compressed]
 RDNS_NONE(1.00)[]
 RBL_SORBS(0.00)[]
 R_SPF_NEUTRAL(0.00)[?all]
 ONCE_RECEIVED(0.10)[]
 RBL_SEM(1.00)[]
 MIME_HTML_ONLY(0.20)[]
 RBL_UCEPROTECT_LEVEL1(1.00)[]
 MIME_GOOD(-0.10)[multipart/mixed]

the sieve `spamtest :percent :value` in this case would be
   100*12.36/15 = 82.4%
2016-09-30 11:21:29 +02:00
Pierre Jaury
525089a531 Do not leak information about existing domains or users 2016-09-13 20:59:25 +02:00
Pierre Jaury
2cb4a44b5a Display fetchmail errors to the user, fixes #23 2016-09-10 13:05:55 +02:00
kaiyou
18253b1dd3 Merge pull request #61 from vhf/admin-creation
Allow admin creation after initial setup
2016-09-09 12:36:02 +02:00
Victor Felder
3976a5b38e Allow admin creation after initial setup 2016-09-09 11:07:05 +02:00
Victor Felder
97d952d7f1 Fix a typo 2016-09-09 11:06:43 +02:00
Pierre Jaury
e24da96e58 Add some documentation to access decorators 2016-08-29 20:30:59 +02:00
Pierre Jaury
09bec055fd Fix domain deletion permissions 2016-08-29 20:22:44 +02:00
Pierre Jaury
c1f9b61dac Add a simple permission audit script 2016-08-29 20:18:00 +02:00
Pierre Jaury
f8dcef22ef Fix the manager deletion behaviour 2016-08-29 19:40:18 +02:00
Pierre Jaury
f541a951de Remove obsolete utils module 2016-08-29 19:36:37 +02:00
Pierre Jaury
713318f097 Clean imports and remove calls to the utils module 2016-08-29 19:35:09 +02:00
Pierre Jaury
ee9a416696 Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00
Pierre Jaury
4e4f2b8037 First shot at improving access control, related to #42
A couple of things are important to note for this commit:
- it only implements the new access control for alias and admin management
- the access control code is located in access.py

The idea behind simpler access control is auditability. There have been a
couple of bugs related to functions not checking permissions properly. If
checking permissions is as simple as decorating a function, exporting the
permission scheme for an audit should be simple.

Also, this still does not address the information leakage related to 404 errors
when an object does not exist, independently of permissions the user has over
the domain.
2016-08-28 15:23:57 +02:00
Pierre Jaury
3ea3bc1d8e Enforce permission checks for admin management 2016-08-27 15:05:30 +02:00
Pierre Jaury
6dc9131b97 Fix the wildcard migration script, fixes #53 2016-08-23 22:46:21 +02:00
Pierre Jaury
e3197f9156 Have the admin interface listen on localhost 2016-08-21 15:01:07 +02:00
Pierre Jaury
8601d5b8db Fix #49 when deleting a global admin 2016-08-20 12:46:29 +02:00
Pierre Jaury
0d3c75aa89 Fix a migration issue with wildcard aliases 2016-08-20 12:23:55 +02:00
Pierre Jaury
84769cab3e Switch to form-based confirmations, fixes #20 2016-08-19 10:49:05 +02:00
Pierre Jaury
5a69ada041 Add an action confirmation form, related to #20 2016-08-19 10:36:13 +02:00
Pierre Jaury
58337d7dd6 Set a proper default for spam thresholds 2016-08-18 20:42:55 +02:00
Pierre Jaury
1ce0bf2ef7 Update the user settings view with a slider 2016-08-18 20:42:35 +02:00
Pierre Jaury
0371da6307 Add the migration script for wildcard aliases, related to #38 2016-08-15 22:35:25 +02:00
XYunknown
6d4243ec66 Adding SQL Like format for aliases 2016-08-15 21:01:53 +02:00
Pierre Jaury
b3d7b657ab Remove deprecated flask.ext imports 2016-08-13 20:51:54 +02:00
Pierre Jaury
9640d59aca Fix #25, serve static resources locally 2016-08-13 20:39:36 +02:00
Pierre Jaury
689c022a4a Get back to a single forward destination 2016-08-13 20:01:40 +02:00
Pierre Jaury
678a5c8065 Fix #22, use ellipsis for overflowing text 2016-08-11 16:56:50 +02:00
Pierre Jaury
c07211677c Fix the default value for comma separated lists 2016-08-11 16:32:50 +02:00
Pierre Jaury
163494cb78 Use readonly attribute instead of disabled 2016-08-11 16:06:52 +02:00
Pierre Jaury
6af7a07e77 Avoid having an empty entry in destionation fields 2016-08-11 15:41:12 +02:00
Pierre Jaury
5581f1b0d9 Related to #19, fix the alias creation page 2016-08-11 14:27:01 +02:00
Pierre Jaury
dcaf3e3473 Fix #30, use cascade deletion on domains 2016-08-11 14:13:56 +02:00
Pierre Jaury
49a1281976 Display the alias list properly 2016-08-11 13:52:03 +02:00
Pierre Jaury
5f36e6f4f2 Related to #19, implement domain specific field and database type 2016-08-11 13:33:04 +02:00
Pierre Jaury
aace1c2d78 Get back to serving CDN assets, related to #25 2016-06-26 13:48:56 +02:00
Pierre Jaury
1673631e69 Fix the columns in the fetch list 2016-06-26 12:41:25 +02:00
Pierre Jaury
f8a220e72a Serve local assets only 2016-06-26 11:18:14 +02:00
Pierre Jaury
21bec865b3 Fix permission management when editing/deleting fetches 2016-06-25 19:48:10 +02:00
Pierre Jaury
58ec3597ab Fix te DKIM DNS example 2016-06-25 19:08:21 +02:00
Pierre Jaury
6a3af51785 Add a confirmation modal when regenerating keys 2016-06-25 16:10:30 +02:00
Pierre Jaury
66a1b50cc9 Sign outgoing emails using DKIM 2016-06-25 16:06:52 +02:00
Pierre Jaury
24680957f7 Handle DKIM key generation and storage 2016-06-25 15:50:05 +02:00
Pierre Jaury
2fa8b879db Display domain SPF and DMARC example entries, fixes #15 2016-06-25 14:51:02 +02:00
Pierre Jaury
1c132fe92e Add migratoin scripts to the docker container 2016-06-25 14:25:53 +02:00
Pierre Jaury
2095b3f189 Fix the admin creation command 2016-06-25 14:25:22 +02:00
Pierre Jaury
ec12ee9703 Fix a last typo in the migration script, fixes #17 2016-06-25 14:17:45 +02:00
Pierre Jaury
cc013560d9 Perform automatic database migration 2016-06-25 14:11:34 +02:00
Pierre Jaury
fa30a71e66 Remove deprecated initdb script 2016-06-25 14:05:04 +02:00
Pierre Jaury
cca6eee8db Add the first database revision 2016-06-25 14:04:30 +02:00
Pierre Jaury
014993ee6e Add utility functions to manage.py 2016-06-25 14:02:50 +02:00
Pierre Jaury
5d7b3b981d Initialize the migration system 2016-06-25 12:57:47 +02:00
Pierre Jaury
215ba74275 Remove non-minimized static assets 2016-06-19 15:38:48 +02:00
Pierre Jaury
4853e54f0b Replace tagsinput with select2 2016-06-19 15:36:15 +02:00
Pierre Jaury
0668f9abc9 Fix the user create form 2016-06-15 21:08:03 +02:00
Pierre Jaury
5c1441486b Fix permissions for non-admin users 2016-06-15 21:07:47 +02:00
Pierre Jaury
7f7ff4d722 Fix #9, do not reuse the flask_login object for updates, query instead 2016-05-30 22:03:58 +02:00
Pierre Jaury
e22f4b29b6 Fix a bug when updating the forward address 2016-05-29 17:06:06 +02:00
Pierre Jaury
82ec86afd8 Do not always add objects to the session before committing 2016-05-06 23:27:11 +02:00
Pierre Jaury
9efc798246 Store the state of reply and forward settings being enabled 2016-05-04 16:12:56 +02:00
Pierre Jaury
493fcf3a58 Use populate_obj to update objects 2016-05-01 21:12:08 +02:00
Pierre Jaury
d3b13c2412 Use SQLAlchemy Session.get instead of filter_by 2016-05-01 20:09:47 +02:00
Pierre Jaury
3eca6864c3 Rename the generic 'address' to 'email' 2016-05-01 20:04:40 +02:00
Pierre Jaury
5343a397ff Fix the link to the fetchmail list 2016-04-30 13:17:13 +02:00
Pierre Jaury
f832b74c85 Redirect to the fetch list after creation 2016-04-28 20:09:44 +02:00
Pierre Jaury
30ecbf81cd First fetchmail implementation 2016-04-28 20:07:38 +02:00
Pierre Jaury
c56a51f7b7 Fix references to the deprecrated admin_of field 2016-04-24 19:42:02 +02:00
Pierre Jaury
340edc629e Implement admin and manager management 2016-04-24 19:17:40 +02:00
Pierre Jaury
e2faf8e1be Fix the logo link 2016-04-24 18:06:04 +02:00
Pierre Jaury
5677c85368 Rename /status to /services 2016-04-24 18:03:56 +02:00
Pierre Jaury
78abe64068 Fix the behavior of the 'enable reply' checkbox 2016-04-24 16:49:54 +02:00
Pierre Jaury
85a9ae4361 Add a basic service status page 2016-04-20 22:37:17 +02:00
Pierre Jaury
3a4703b764 Implement auto-forward and auto-reply 2016-04-20 21:20:02 +02:00
Pierre Jaury
18af763293 Store the full address as a computed field 2016-04-20 21:15:30 +02:00
Pierre Jaury
8cc2a90ba0 Remove personal TODO file 2016-04-12 20:03:51 +02:00
Pierre Jaury
96ee0ea45d Use a single domain form 2016-03-22 21:22:49 +01:00
Pierre Jaury
22c095aef4 Improve the action buttons 2016-03-22 21:15:57 +01:00
Pierre Jaury
ad879bc9f5 Add a confirmation dialog before deleting items 2016-03-22 21:10:53 +01:00
Pierre Jaury
ec0304456b Add fields to enable and/or disable pop and imap 2016-03-22 21:05:08 +01:00
Pierre Jaury
49b33aba88 Use a single form for both creating and updating aliases 2016-03-22 20:45:30 +01:00
Pierre Jaury
19707ae3b3 Improve the alias forms 2016-03-22 20:34:21 +01:00
Pierre Jaury
398e7c1183 Improve forms for user creation an deletion 2016-03-22 19:47:15 +01:00
Pierre Jaury
77d426e084 Fix some typos 2016-03-20 15:37:48 +01:00
Pierre Jaury
40d4a22240 Switched to blueprints for the main app 2016-03-20 15:36:56 +01:00
Pierre Jaury
1c1c8e9cf6 Disable debugging un run.py 2016-03-20 11:43:05 +01:00
Pierre Jaury
54fb9cf60a Add a global admin account when initializing the database 2016-03-20 11:41:53 +01:00
Pierre Jaury
c52cf53310 Prefill alias forms 2016-03-20 11:39:04 +01:00
Pierre Jaury
8fb2e58661 Support adding comments to records 2016-03-20 11:38:37 +01:00