1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-20 20:22:38 +02:00
Commit Graph

3915 Commits

Author SHA1 Message Date
Eddy Vervest
c4c442d000
Update Dockerfile
apt is intended for interactive usage, for scripts use apt-get (https://manpages.debian.org/bullseye/apt/apt.8.en.html) to avoid warnings.
2022-05-30 18:38:32 +02:00
bors[bot]
c2d85ecc32
Merge #2325
2325: postfix: wrap IPv6 CIDRs in square brackets for RELAYNETS r=mergify[bot] a=pommi

## What type of PR?

bug-fix

## What does this PR do?

This PR wraps IPv6 CIDRs in the `RELAYNETS` environment variable in square brackets for the postfix configuration.

The `RELAYNETS` environment variable is used for configuring both postfix `mynetworks` and rspamd `local_networks`. Postfix requires IPv6 addresses to be wrapped in square brackets (eg. `[2001:db8::]/64`).

When an IPv6 address is not wrapped in square brackets in the postfix configuration for `mynetworks` it results in this error while processing an incoming email from an IPv6 sender:
```
postfix/smtpd[340]: warning: 2001:db8::/64 is unavailable. unsupported dictionary type: 2001
postfix/smtpd[340]: warning: smtpd_client_event_limit_exceptions: 2001:db8::/64: table lookup problem
```

The sender sees an error and the incoming email is refused:
```
451 4.3.0 <unknown[2001:xxx:xxx:xxx:xxx:xxx:xxx:xxx]>: Temporary lookup failure
```

I tried to work around this issue by wrapping the IPv6 CIDR in square brackets in the `RELAYNETS` environment variable, but it segfaults rspamd, because it can't deal with this non-standard IPv6 notation used by postfix:
```
kernel: [4305632.603704] rspamd[1954299]: segfault at 0 ip 00007fb848983871 sp 00007ffe02cc6d1
8 error 4 in ld-musl-x86_64.so.1[7fb848948000+48000]
```

### Related issue(s)
- #2293
- #2272

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

**No changelog or documentation necessary for this minor change.**

Co-authored-by: Pim van den Berg <pim@nethuis.nl>
2022-05-28 14:13:40 +00:00
Pim van den Berg
e8b7d6afed roundcube: log actual client ip by using apache2 remoteip
Roundcube webmail is accessed through the nginx reverse proxy in the
front container. Each access logline logged by apache2 in the roundcube
container did not contain the actual client IP address, but the IP
address of the front container, for example:

> 192.168.203.3 - - [28/May/2022:12:33:52 +0000] "POST /?_task=mail&_action=refresh HTTP/1.1" 200 677 "https://[REDACTED]/roundcube/?_task=mail&_mbox=INBOX" "Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0"
  ^
  IP address of the front container

By enabling the apache2 remoteip module and configuring it to get the
actual client IP address from the X-Forwarded-For header, it logs the
correct client IP address to the access log.
2022-05-28 15:02:47 +02:00
Pim van den Berg
d495052b52 postfix: wrap IPv6 CIDRs in square brackets for RELAYNETS
The RELAYNETS environment variable is used for configuring both postfix
`mynetworks` and rspamd `local_networks`. Postfix requires IPv6
addresses to be wrapped in square brackets (eg. [2001:db8::]/64).
2022-05-26 20:11:02 +02:00
bors[bot]
92a8da499a
Merge #2278
2278: Feature: Ability to change marking spam emails as "Read" r=mergify[bot] a=Riscue

## What type of PR?

Feature

## What does this PR do?

Changes the default behavior of marking all incoming spam as read, giving the user a chance to decide. Parameter set to True default. Nothing will be changed unless user uncheck it.

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: İbrahim Akyel <ibrahim@ibrahimakyel.com>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2022-05-25 07:09:27 +00:00
Alexander Graf
e75201bb34
Add default to column spam_mark_as_read 2022-05-25 08:54:10 +02:00
Florent Daigniere
74c5e92628 Switch to ffdhe3072 to enable RFC 7919
The idea being:
- it's a "nothing up my sleeves" group
- it may help shave off some bytes of the SSL handshake; That being
said, I doubt that clients that are modern enough to support this RFC
won't offer an EC kex

https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe3072.pem
2022-05-24 17:42:30 +02:00
Florent Daigniere
04b7ddfffd Merge remote-tracking branch 'upstream/master' into Riscue-master 2022-05-22 19:01:31 +02:00
Florent Daigniere
d2aa647a9f l10n 2022-05-22 19:00:46 +02:00
Florent Daigniere
c5c2ee9f1c
simplify 2022-05-22 18:02:13 +02:00
bors[bot]
e519ec9ae6
Merge #2310
2310: Update deprecated rspamd config option r=mergify[bot] a=henniaufmrenni

## What type of PR?

Configuration update

## What does this PR do?

This is just a small config update to get rid of the following warning message:
`lua; antivirus.lua:109: CLAM_VIRUS [clamav]: Using attachments_only is deprecated. Please use scan_mime_parts = true instead`

As per the rspamd documentation https://rspamd.com/doc/modules/antivirus.html
> attachments_only = true; # Before 1.8.1
> scan_mime_parts = true; # After 1.8.1

The currently used version of rspamd is 3.1.

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: henniaufmrenni <henniaufmrenni@keinvergessen.org>
2022-05-18 19:48:26 +00:00
bors[bot]
e92c67b118
Merge #2338
2338: Update X-XSS-Protection to current recommendation r=mergify[bot] a=AvverbioPronome

See:

- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection and
- https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-xss-protection

## What type of PR?

Slight enhancement

## What does this PR do?

This PR turns off the XSS auditor in the few browsers that still have one.

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ?] In case of feature or enhancement: documentation updated accordingly
- [x ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Giuseppe C <1191978+AvverbioPronome@users.noreply.github.com>
Co-authored-by: Your Name <you@example.com>
2022-05-18 19:28:33 +00:00
bors[bot]
68e1d28726
Merge #2348
2348: Silence some errors in nginx r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

It silences some errors in nginx by disabling the built-in resolver stub.
"could not be resolved (3: Host not found) while in resolving client address, client:"

I've talked about it on #mailu-dev ; There is a possibility that this has an impact on performance.

### Related issue(s)
- closes #2346
- #2290
- #1789

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-05-18 15:57:54 +00:00
Florent Daigniere
cb656fc9fd Silence some errors in nginx
"could not be resolved (3: Host not found) while in resolving client
address, client:"
2022-05-13 18:05:22 +02:00
Your Name
374ee8c636 towncrier fragment 2338 about X-XSS-Protection removal 2022-05-10 22:47:42 +02:00
Your Name
f7a3ecee2c remove X-XSS-Protection header from nginx.conf 2022-05-10 22:41:10 +02:00
Giuseppe C
389438d18b
Update X-XSS-Protection to current recommendation
See:

- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection and
- https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-xss-protection
2022-05-08 21:11:01 +02:00
bors[bot]
e86412453a
Merge #2336
2336: helm-chart is now in sync; update the wording r=mergify[bot] a=nextgens

## What type of PR?

documentation

## What does this PR do?

Don't mislead users into setting up 1.8 if they use k8s; There is no reason to anymore.

### Related issue(s)
- #2333
- closes #2316


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-05-07 15:48:07 +00:00
Florent Daigniere
e80bcfbfd0 Clarify that upgrades require a container restart 2022-05-07 17:28:51 +02:00
Florent Daigniere
4ff9582e13 Warn about rollbacks not working 2022-05-07 17:28:18 +02:00
Florent Daigniere
ebf378aaae helm-chart is now in sync; update the wording 2022-05-07 15:37:57 +02:00
bors[bot]
038412ab62
Merge #2332
2332: Correct typo r=mergify[bot] a=gliptak

## What type of PR?

documentation

## What does this PR do?

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Gábor Lipták <gliptak@gmail.com>
2022-05-02 12:13:20 +00:00
Gábor Lipták
70b4c44e30
Correct typo 2022-05-01 22:30:29 -04:00
bors[bot]
20bdceba70
Merge #2331
2331: Add data/fetchmail to mkdir command r=mergify[bot] a=ghostwheel42

## What type of PR?

documentation

## What does this PR do?

### Related issue(s)

closes #2314


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2022-04-29 09:46:14 +00:00
Alexander Graf
78ec24f156
Add data/fetchmail to mkdir command 2022-04-29 08:39:43 +02:00
bors[bot]
c09253ede3
Merge #2323
2323: Fix Postfix FileExistsError on startup r=mergify[bot] a=Pumba98

## What type of PR?

bug-fix

## What does this PR do?

I'm running mailu with the mailu helm-chart on kubernetes. Sometimes when a Pod restarts I get the following error during startup:
```
Process Process-1:
Traceback (most recent call last):
File "/usr/lib/python3.9/multiprocessing/process.py", line 315, in _bootstrap
self.run()
File "/usr/lib/python3.9/multiprocessing/process.py", line 108, in run
self._target(*self._args, **self._kwargs)
File "/start.py", line 18, in start_podop
os.mkdir('/dev/shm/postfix',mode=0o700)
FileExistsError: [Errno 17] File exists: '/dev/shm/postfix'
INFO:MAIN:MTA-STS daemon starting...
```

But that does not prevent the container startup. When mails arrive it will fail with something like:

```
postfix/trivial-rewrite[94979]: warning: connect to /tmp/podop.socket: No such file or directory
postfix/trivial-rewrite[94979]: warning: table socketmap:unix:/tmp/podop.socket:transport lookup error: No such file or directory
postfix/trivial-rewrite[94979]: warning: socketmap:unix:/tmp/podop.socket:transport lookup error for "*"
```

I'm running this quick fix now since almost two months without problems. Maybe you got a better approach how to solve this, but this works fine for me.

### Related issue(s)
- none

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

<!--
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
--->

**No changelog or documentation necessary for this minor change.**


Co-authored-by: Pumba98 <mail@pumba98.de>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2022-04-18 11:04:14 +00:00
Florent Daigniere
193d835abe
Use os.makedirs instead 2022-04-18 11:19:50 +02:00
bors[bot]
9743639693
Merge #2317
2317: Add pytz module to webdav container r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

Get rid of radicale error "[ERROR] No module named 'pytz'"

### Related issue(s)
- closes #2315


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2022-04-11 16:43:17 +00:00
Alexander Graf
bb0a96c6f7
Add pytz module 2022-04-11 12:38:19 +02:00
henniaufmrenni
8eb8cb1f48 Update deprecated rspamd config option
This gets rid of the following error message:
lua; antivirus.lua:109: CLAM_VIRUS [clamav]: Using attachments_only is deprecated. Please use scan_mime_parts = true instead

As per the rspamd documentation https://rspamd.com/doc/modules/antivirus.html
attachments_only = true; # Before 1.8.1
scan_mime_parts = true; # After 1.8.1

The currently used version is rspamd 3.1.
2022-04-04 14:39:50 +02:00
bors[bot]
ecf929969a
Merge #2305
2305: Adding missing semicolon after remote_addr r=mergify[bot] a=spomata

## What type of PR?

Documentation

## What does this PR do?

Minor fix - missing semicolon after $remote_addr

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: spomata <49432438+spomata@users.noreply.github.com>
2022-04-02 11:28:52 +00:00
bors[bot]
6f89209f9f
Merge #2302
2302: Update alpine-linux to 3.14.5 - Zlib security FIX r=mergify[bot] a=willofr

## What type of PR?
Security fix

## What does this PR do?
Update alpine docker image to alpine-3.14.5

- closes #2291

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Will <will@packer-output-c8fcfb40-3d93-4475-8f87-e14a9dd683b6>
2022-04-02 10:33:34 +00:00
bors[bot]
ac2065f922
Merge #2299
2299: admin: graceful fail on user fetch in basic auth r=mergify[bot] a=hitech95

## What type of PR?

bug-fix

## What does this PR do?

### Related issue(s)
- catch errors coming from the ORM: closes #2296


Co-authored-by: hitech95 <nicveronese@gmail.com>
2022-04-02 10:13:52 +00:00
spomata
00b78b7350
Adding missing semicolon after remote_addr 2022-04-01 16:01:18 +02:00
Will
48f92b5991 create PR2302 changelog 2022-03-30 09:17:20 +00:00
Will
a54a784168 Update alpine-linux to 3.14.5 - Zlib security FIX 2022-03-30 09:08:28 +00:00
hitech95
fc8926493c admin: graceful fail on user fetch in basic auth
Signed-off-by: hitech95 <nicveronese@gmail.com>
2022-03-27 13:17:57 +02:00
Dimitri Huisman
dc7613b34a Fix healthcheck 2022-03-22 16:01:26 +00:00
Dimitri Huisman
af1cba2b30 Add changelog 2022-03-22 14:34:30 +00:00
Dimitri Huisman
22010ddb4f fix applications.ini 2022-03-22 09:18:51 +00:00
Dimitri Huisman
f2f859280c Merge remote-tracking branch 'origin/master' into feature-switch-snappymail 2022-03-22 09:14:53 +00:00
Dimitri Huisman
9519d07ba2 Switch from RainLoop to SnappyMail 2022-03-22 09:04:56 +00:00
bors[bot]
c15e4e6015
Merge #2276
2276: Autoconfig of email clients r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

It provides auto-configuration templates for email clients and encourages them to use implicit TLS (see https://nostarttls.secvuln.info/)

There are numerous caveats:
- it will only work if suitable DNS records are created and certificates obtained (autoconfig, autodiscover, ...)
- the mobileconfig file isn't signed
- the credentials will be prompted... we could/should provision a token on each request instead
- it currently doesn't advertise caldav
- it's IMAP only

### Related issue(s)
- close #224 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-03-22 08:53:47 +00:00
bors[bot]
bc509409e8
Merge #2290
2290: rspamd may trigger HFILTER_HOSTNAME_UNKNOWN if part of the delivery chain is using ipv6 r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

This PR addresses the problem raised in #2260 : where rspamd may trigger HFILTER_HOSTNAME_UNKNOWN if part of the delivery chain is using ipv6. It may affect non v6 enabled setup and this is why it's proposed for backport.

The PR also sturdies up the warning about enabling v6 (as discussed during the last dev-meeting).

AAAA lookups in nginx were disabled when SSO was introduced as IP addresses were used to differentiate in between logins from webmails and others. Nowadays Mailu uses ports instead, so there is no reason not to re-enable it.

### Related issue(s)
- closes #2260
- #2272

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-03-22 08:31:50 +00:00
Florent Daigniere
ca7fc34839 towncrier 2022-03-20 12:18:31 +01:00
Florent Daigniere
a88424d19f Sturdy up the warning about v6 in setup 2022-03-20 12:16:04 +01:00
Florent Daigniere
9b952da6c2 Allow nginx to lookup IPv6 addresses
It creates issues with RSPAMD/HFILTER_HOSTNAME_UNKNOWN on v6 enabled
setups see
https://github.com/Mailu/Mailu/issues/2260#issuecomment-1066797661
2022-03-20 12:11:50 +01:00
bors[bot]
8cc91bad75
Merge #2281 #2285 #2286 #2287
2281: Update alpine-linux to 3.14.4 - OpenSSL security FIX r=mergify[bot] a=willofr

## What type of PR?
Security fix

## What does this PR do?
Update Dockerfiles to use alpine-linux 3.14.4 which contains a security fix for openssl
https://alpinelinux.org/posts/Alpine-3.12.10-3.13.8-3.14.4-released.html

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


2285: Update names of language json files r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

language json files of datatables i18n have been renamed
this updates the mappings to the current names


2286: Fix typo in Traefik reverse proxy docs r=mergify[bot] a=ghostwheel42

Slight typo in the Traefik reverse proxy docs. Found through running into the issue on my own instance.

## What type of PR?

documentation

## What does this PR do?

Adds  #2282 to master


2287: Fix typo in docs: cert not certs r=mergify[bot] a=ghostwheel42

## What type of PR?

documentation

## What does this PR do?

just a typo

Co-authored-by: Will <will@packer-output-c8fcfb40-3d93-4475-8f87-e14a9dd683b6>
Co-authored-by: willofr <willofr@users.noreply.github.com>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Co-authored-by: DAHPr0gram3r <cbillwork02@gmail.com>
2022-03-18 22:36:50 +00:00
bors[bot]
a7149b83d4
Merge #2284
2284: Fixing AUTH_RATELIMIT_IP not working on imap/pop3/smtp r=mergify[bot] a=fischerscode

#2283

## What type of PR?

bug-fix

## What does this PR do?
This fixes AUTH_RATELIMIT_IP not working on imap/pop3/smtp.

### Related issue(s)
closes #2283

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.

Co-authored-by: Maximilian Fischer <github@maaeps.de>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2022-03-18 22:16:42 +00:00
Alexander Graf
2f75625140
Fix typo in docs: cert not certs 2022-03-18 22:49:47 +01:00