1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-12 10:45:38 +02:00
Commit Graph

3688 Commits

Author SHA1 Message Date
Alexander Graf
5179cf0618
Fix localpart splitting and make code more readable. 2022-07-28 16:20:01 +02:00
adamward-git
b4df9407d0
Update general.rst
Component changing sentence correction.
2022-07-28 20:02:51 +08:00
adamward-git
a91e0a47eb
Update faq.rst
Fix broken archive.org link.
My preference is still to use archive.org in case the original blog post goes away.
2022-07-28 19:56:46 +08:00
adamward-git
58170b4f0a
Update database.rst
Spelling correction.
See https://writingexplained.org/incase-or-in-case-difference 
"Incase is a misspelling of encase"
2022-07-28 19:44:31 +08:00
Ray
8e8c4937da
fix FAQ typo
Stripped as in whitespace, not striped as in tiger
2022-07-27 20:44:10 -04:00
adamward-git
1d9c29cb8d
Update setup.rst
Revert block edit.
2022-07-26 19:29:46 +08:00
adamward-git
c72b3a0d33
Update guidelines.rst 2022-07-26 18:27:22 +08:00
Adam Ward
c423eabc07 Documentation:
- spelling corrections
 - minor grammar changes.
2022-07-26 18:16:18 +08:00
Dimitri Huisman
2a527a38cf Deny access to hidden files for snappymail 2022-07-15 14:34:39 +00:00
bors[bot]
e50f6c58c0
Merge #2360
2360: roundcube: disable apache2 access log r=mergify[bot] a=pommi

## What type of PR?

bug-fix

## What does this PR do?

It disables the access log of apache2 in the roundcube webmail container. Requests are already logged by the front container. The requests logged in the roundcube container contained contained the wrong client IP: the IP address of the front container.

----

Original PR:

~~Roundcube webmail is accessed through the nginx reverse proxy in the front container. Each access logline logged by apache2 in the roundcube container did not contain the actual client IP address, but the IP address of the front container, for example:~~

```
192.168.203.3 - - [28/May/2022:12:33:52 +0000] "POST /?_task=mail&_action=refresh HTTP/1.1" 200 677 "https://[REDACTED]/roundcube/?_task=mail&_mbox=INBOX" "Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0"
^
IP address of the front container
```

~~By enabling the apache2 remoteip module and configuring it to get the actual client IP address from the X-Forwarded-For header, it logs the correct client IP address to the access log.~~

### Related issue(s)
- None

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

**No changelog or documentation necessary for this minor change.**


Co-authored-by: Pim van den Berg <pim@nethuis.nl>
2022-07-07 09:18:58 +00:00
bors[bot]
3844339899
Merge #2364
2364: Update Dockerfile r=mergify[bot] a=twekkel

apt is intended for interactive usage, for scripts use apt-get (https://manpages.debian.org/bullseye/apt/apt.8.en.html) to avoid warnings.

## What type of PR?

minor enhancement

## What does this PR do?

replace apt with apt-get to avoid below warning

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.


## Prerequisites

-

Co-authored-by: Eddy Vervest <57325478+twekkel@users.noreply.github.com>
2022-07-06 16:12:15 +00:00
Dimitri Huisman
ee78a34da4 Process code review feedback
Remove unneeded IF statement in /admin block in nginx.conf of front.
Fix contributions made to Dockerfile, add missing trailing \ and add back curl
Change healthcheck to monitoring page of fpm. Now we check nginx and fpm.
2022-07-06 13:42:13 +00:00
Dimitri Huisman
9d0c49a844 Merge branch 'feature-switch-snappymail' of github.com:Diman0/Mailu into feature-switch-snappymail 2022-07-06 13:28:55 +00:00
Dimitri Huisman
d19208d3d1 Merge branch 'master' of github.com:Mailu/Mailu into feature-switch-snappymail 2022-07-06 12:35:21 +00:00
bors[bot]
e91f28082b
Merge #2384
2384: Re-enable the built-in nginx resolver for traffic going through the mail plugin r=mergify[bot] a=Diman0

## What type of PR?

Bug-fix

## What does this PR do?
Re-enable the built-in nginx resolver for traffic going through the mail plugin
This is required for passing rDNS/ptr information to postfix.
The mail proxy uses the resolver info for passing XCLIENT info.
See http://nginx.org/en/docs/mail/ngx_mail_proxy_module.html#xclient
Without this info rspamd will flag all messages with DHFILTER_HOSTNAME_UNKNOWN due to the missing rDNS/ptr info.

Yes this re-introduces these `cannot resolve` error  messages. If we really want to get rid of these, then we can consider logging to a rsyslog daemon where we filter out these messages.

### Related issue(s)
- Auto close an issue like: closes #2368

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [n/a] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2022-07-06 09:18:32 +00:00
Dimitri Huisman
4b491d9de5 Re-enable the built-in nginx resolver for traffic going through the mail plugin.
This is required for passing rDNS/ptr information to postfix.
The mail proxy uses the resolver info for passing XCLIENT info.
See http://nginx.org/en/docs/mail/ngx_mail_proxy_module.html#xclient
Without this info rspamd will flag all messages with DHFILTER_HOSTNAME_UNKNOWN due to the missing rDNS/ptr info.
2022-07-06 08:51:59 +00:00
Pim van den Berg
6f884c6c93 roundcube: disable access log
As per discussion in #2360: The front container (nginx reverse proxy) is
already logging all requests, disable the access logs for apache2 in the
roundcube container completely.
2022-06-16 14:26:27 +02:00
enginefeeder101
82860d0f80
Moved parsing environment variable to global application config dictionary
Per requested changes added the ``DEFAULT_SPAM_THRESHOLD`` to the main
application configuration dictionary in ``configuration.py`` and updated
``models.py`` accordingly.
No error handling is added, as that was not required.
2022-06-08 17:13:38 +02:00
enginefeeder101
4da0ff1856
Documentation for configurable default spam threshold 2022-06-08 16:59:55 +02:00
enginefeeder101
6c83d25312
Configurable default spam threshold used for new users
This commit adds functionality to set a custom default spam threshold
for new users. The environment variable ``DEFAULT_SPAM_THRESHOLD`` can
be used for this purpose. When not set, it defaults back to 80%, as the
default value was before
If ``DEFAULT_SPAM_THRESHOLD`` is set to a value that Python cannot
parse as an integer, a ValueError is thrown. There is no error handling
for that case built-in.
2022-06-08 16:59:28 +02:00
bors[bot]
519ef804a7
Merge #2370
2370: Fix docs build error r=mergify[bot] a=Diman0

Set language to English for sphinx in conf.py

The docs have always been generated with the option to treat warnings as errors. 
Recently (due to an update?) sphinx-build reports using language=None as a warning. It is expected that a specific
language is set. This causes the build to fail. ALL open PR's are affected by this.
```
Warning, treated as error:
Invalid configuration value found: 'language = None'. Update your configuration to a valid langauge code. Falling back to 'en' (English).
```


## What type of PR?

bug-fix



Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2022-06-07 13:07:32 +00:00
Dimitri Huisman
5ef383f572 Set language to English for sphinx in conf.py.
The docs have always been generated with the option to treat
warnings as errors. Recently sphinx-build reports using
language=None as a warning. It is expected that a specific
language is set.
2022-06-07 11:20:07 +00:00
Eddy Vervest
baea3d4086
Update Dockerfile
missed this one
2022-05-30 19:18:35 +02:00
Eddy Vervest
c4c442d000
Update Dockerfile
apt is intended for interactive usage, for scripts use apt-get (https://manpages.debian.org/bullseye/apt/apt.8.en.html) to avoid warnings.
2022-05-30 18:38:32 +02:00
bors[bot]
c2d85ecc32
Merge #2325
2325: postfix: wrap IPv6 CIDRs in square brackets for RELAYNETS r=mergify[bot] a=pommi

## What type of PR?

bug-fix

## What does this PR do?

This PR wraps IPv6 CIDRs in the `RELAYNETS` environment variable in square brackets for the postfix configuration.

The `RELAYNETS` environment variable is used for configuring both postfix `mynetworks` and rspamd `local_networks`. Postfix requires IPv6 addresses to be wrapped in square brackets (eg. `[2001:db8::]/64`).

When an IPv6 address is not wrapped in square brackets in the postfix configuration for `mynetworks` it results in this error while processing an incoming email from an IPv6 sender:
```
postfix/smtpd[340]: warning: 2001:db8::/64 is unavailable. unsupported dictionary type: 2001
postfix/smtpd[340]: warning: smtpd_client_event_limit_exceptions: 2001:db8::/64: table lookup problem
```

The sender sees an error and the incoming email is refused:
```
451 4.3.0 <unknown[2001:xxx:xxx:xxx:xxx:xxx:xxx:xxx]>: Temporary lookup failure
```

I tried to work around this issue by wrapping the IPv6 CIDR in square brackets in the `RELAYNETS` environment variable, but it segfaults rspamd, because it can't deal with this non-standard IPv6 notation used by postfix:
```
kernel: [4305632.603704] rspamd[1954299]: segfault at 0 ip 00007fb848983871 sp 00007ffe02cc6d1
8 error 4 in ld-musl-x86_64.so.1[7fb848948000+48000]
```

### Related issue(s)
- #2293
- #2272

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

**No changelog or documentation necessary for this minor change.**

Co-authored-by: Pim van den Berg <pim@nethuis.nl>
2022-05-28 14:13:40 +00:00
Pim van den Berg
e8b7d6afed roundcube: log actual client ip by using apache2 remoteip
Roundcube webmail is accessed through the nginx reverse proxy in the
front container. Each access logline logged by apache2 in the roundcube
container did not contain the actual client IP address, but the IP
address of the front container, for example:

> 192.168.203.3 - - [28/May/2022:12:33:52 +0000] "POST /?_task=mail&_action=refresh HTTP/1.1" 200 677 "https://[REDACTED]/roundcube/?_task=mail&_mbox=INBOX" "Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0"
  ^
  IP address of the front container

By enabling the apache2 remoteip module and configuring it to get the
actual client IP address from the X-Forwarded-For header, it logs the
correct client IP address to the access log.
2022-05-28 15:02:47 +02:00
Pim van den Berg
d495052b52 postfix: wrap IPv6 CIDRs in square brackets for RELAYNETS
The RELAYNETS environment variable is used for configuring both postfix
`mynetworks` and rspamd `local_networks`. Postfix requires IPv6
addresses to be wrapped in square brackets (eg. [2001:db8::]/64).
2022-05-26 20:11:02 +02:00
bors[bot]
92a8da499a
Merge #2278
2278: Feature: Ability to change marking spam emails as "Read" r=mergify[bot] a=Riscue

## What type of PR?

Feature

## What does this PR do?

Changes the default behavior of marking all incoming spam as read, giving the user a chance to decide. Parameter set to True default. Nothing will be changed unless user uncheck it.

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: İbrahim Akyel <ibrahim@ibrahimakyel.com>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2022-05-25 07:09:27 +00:00
Alexander Graf
e75201bb34
Add default to column spam_mark_as_read 2022-05-25 08:54:10 +02:00
Florent Daigniere
74c5e92628 Switch to ffdhe3072 to enable RFC 7919
The idea being:
- it's a "nothing up my sleeves" group
- it may help shave off some bytes of the SSL handshake; That being
said, I doubt that clients that are modern enough to support this RFC
won't offer an EC kex

https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe3072.pem
2022-05-24 17:42:30 +02:00
Florent Daigniere
04b7ddfffd Merge remote-tracking branch 'upstream/master' into Riscue-master 2022-05-22 19:01:31 +02:00
Florent Daigniere
d2aa647a9f l10n 2022-05-22 19:00:46 +02:00
Florent Daigniere
c5c2ee9f1c
simplify 2022-05-22 18:02:13 +02:00
bors[bot]
e519ec9ae6
Merge #2310
2310: Update deprecated rspamd config option r=mergify[bot] a=henniaufmrenni

## What type of PR?

Configuration update

## What does this PR do?

This is just a small config update to get rid of the following warning message:
`lua; antivirus.lua:109: CLAM_VIRUS [clamav]: Using attachments_only is deprecated. Please use scan_mime_parts = true instead`

As per the rspamd documentation https://rspamd.com/doc/modules/antivirus.html
> attachments_only = true; # Before 1.8.1
> scan_mime_parts = true; # After 1.8.1

The currently used version of rspamd is 3.1.

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: henniaufmrenni <henniaufmrenni@keinvergessen.org>
2022-05-18 19:48:26 +00:00
bors[bot]
e92c67b118
Merge #2338
2338: Update X-XSS-Protection to current recommendation r=mergify[bot] a=AvverbioPronome

See:

- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection and
- https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-xss-protection

## What type of PR?

Slight enhancement

## What does this PR do?

This PR turns off the XSS auditor in the few browsers that still have one.

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ?] In case of feature or enhancement: documentation updated accordingly
- [x ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Giuseppe C <1191978+AvverbioPronome@users.noreply.github.com>
Co-authored-by: Your Name <you@example.com>
2022-05-18 19:28:33 +00:00
bors[bot]
68e1d28726
Merge #2348
2348: Silence some errors in nginx r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

It silences some errors in nginx by disabling the built-in resolver stub.
"could not be resolved (3: Host not found) while in resolving client address, client:"

I've talked about it on #mailu-dev ; There is a possibility that this has an impact on performance.

### Related issue(s)
- closes #2346
- #2290
- #1789

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-05-18 15:57:54 +00:00
Florent Daigniere
cb656fc9fd Silence some errors in nginx
"could not be resolved (3: Host not found) while in resolving client
address, client:"
2022-05-13 18:05:22 +02:00
Your Name
374ee8c636 towncrier fragment 2338 about X-XSS-Protection removal 2022-05-10 22:47:42 +02:00
Your Name
f7a3ecee2c remove X-XSS-Protection header from nginx.conf 2022-05-10 22:41:10 +02:00
Giuseppe C
389438d18b
Update X-XSS-Protection to current recommendation
See:

- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection and
- https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-xss-protection
2022-05-08 21:11:01 +02:00
bors[bot]
e86412453a
Merge #2336
2336: helm-chart is now in sync; update the wording r=mergify[bot] a=nextgens

## What type of PR?

documentation

## What does this PR do?

Don't mislead users into setting up 1.8 if they use k8s; There is no reason to anymore.

### Related issue(s)
- #2333
- closes #2316


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-05-07 15:48:07 +00:00
Florent Daigniere
e80bcfbfd0 Clarify that upgrades require a container restart 2022-05-07 17:28:51 +02:00
Florent Daigniere
4ff9582e13 Warn about rollbacks not working 2022-05-07 17:28:18 +02:00
Florent Daigniere
ebf378aaae helm-chart is now in sync; update the wording 2022-05-07 15:37:57 +02:00
bors[bot]
038412ab62
Merge #2332
2332: Correct typo r=mergify[bot] a=gliptak

## What type of PR?

documentation

## What does this PR do?

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Gábor Lipták <gliptak@gmail.com>
2022-05-02 12:13:20 +00:00
Gábor Lipták
70b4c44e30
Correct typo 2022-05-01 22:30:29 -04:00
bors[bot]
20bdceba70
Merge #2331
2331: Add data/fetchmail to mkdir command r=mergify[bot] a=ghostwheel42

## What type of PR?

documentation

## What does this PR do?

### Related issue(s)

closes #2314


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2022-04-29 09:46:14 +00:00
Alexander Graf
78ec24f156
Add data/fetchmail to mkdir command 2022-04-29 08:39:43 +02:00
bors[bot]
c09253ede3
Merge #2323
2323: Fix Postfix FileExistsError on startup r=mergify[bot] a=Pumba98

## What type of PR?

bug-fix

## What does this PR do?

I'm running mailu with the mailu helm-chart on kubernetes. Sometimes when a Pod restarts I get the following error during startup:
```
Process Process-1:
Traceback (most recent call last):
File "/usr/lib/python3.9/multiprocessing/process.py", line 315, in _bootstrap
self.run()
File "/usr/lib/python3.9/multiprocessing/process.py", line 108, in run
self._target(*self._args, **self._kwargs)
File "/start.py", line 18, in start_podop
os.mkdir('/dev/shm/postfix',mode=0o700)
FileExistsError: [Errno 17] File exists: '/dev/shm/postfix'
INFO:MAIN:MTA-STS daemon starting...
```

But that does not prevent the container startup. When mails arrive it will fail with something like:

```
postfix/trivial-rewrite[94979]: warning: connect to /tmp/podop.socket: No such file or directory
postfix/trivial-rewrite[94979]: warning: table socketmap:unix:/tmp/podop.socket:transport lookup error: No such file or directory
postfix/trivial-rewrite[94979]: warning: socketmap:unix:/tmp/podop.socket:transport lookup error for "*"
```

I'm running this quick fix now since almost two months without problems. Maybe you got a better approach how to solve this, but this works fine for me.

### Related issue(s)
- none

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

<!--
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
--->

**No changelog or documentation necessary for this minor change.**


Co-authored-by: Pumba98 <mail@pumba98.de>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2022-04-18 11:04:14 +00:00
Florent Daigniere
193d835abe
Use os.makedirs instead 2022-04-18 11:19:50 +02:00