1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Commit Graph

2618 Commits

Author SHA1 Message Date
Florent Daigniere
f8362d04e4 Switch to openssl to workaround alpine 2021-08-03 13:44:56 +02:00
Florent Daigniere
474e5aa527 document 2021-07-05 17:11:09 +02:00
Florent Daigniere
72735ab320 remove cyrus-sasl-plain 2021-07-05 17:08:05 +02:00
Florent Daigniere
0211c06c37 don't need sudo here 2021-07-05 15:54:04 +02:00
Florent Daigniere
420afa53f8 Upgrade to alpine 3.14 2021-07-05 15:50:49 +02:00
bors[bot]
4a5f6b1f92
Merge
1791: Enhanced session handling r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

- replaces flask_kvsession and simplekv with a mailu-specific session store
- call cleanup_sessions before first request and not on startup.
  this allows to run cmdline actions without redis (and makes it faster)
- allow running without redis for debugging purposes by setting MEMORY_SESSIONS to True
- don't sign session id, as it has plenty of entropy (as suggested by nextgens)
- adds method to prune a user's sessions

### Related issue(s)
- enhances and close 


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2021-07-04 18:04:15 +00:00
bors[bot]
a61e17c777
Merge
1846: fix newsfragment of  r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

moves newsfragment to correct location.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2021-07-04 12:39:51 +00:00
Alexander Graf
8b71a92219 use fixed msg for key derivation 2021-07-03 22:32:47 +02:00
Alexander Graf
87fe34e0a3 fix newsfragment of 2021-07-03 19:35:44 +02:00
bors[bot]
062205ee80
Merge
1841: Update version of roundcube webmail and carddav plugin. r=mergify[bot] a=ghostwheel42

## What type of PR?

Security-update for roundcube-webmailer.

## What does this PR do?

This PR updates the Roundcube webmail to the latest version, also updates the roundcube carddav-plugin to a new version.

- roundcube 1.4.11
- carddav 4.1.2

### Related issue(s)

This PR superseeds PR 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2021-07-03 12:45:59 +00:00
bors[bot]
20db642795
Merge
1843: fix bugs in model and schema introduced by  r=mergify[bot] a=ghostwheel42

## What type of PR?

bug fix. linter complained about "== True" but with sqlalchemy this is correct

## What does this PR do?

### Related issue(s)
closes 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2021-07-03 11:42:09 +00:00
Alexander Graf
92896ae646 fix bugs in model and schema introduced by 2021-07-03 11:40:32 +02:00
Alexander Graf
2045ae2e10 updated changelog file 2021-07-02 22:47:51 +02:00
Alexander Graf
6740c77e43 small bugfix for exception 2021-07-02 18:44:21 +02:00
Alexander Graf
14bdeb5e1e Update version of roundcube webmail and carddav plugin.
This is a security update.

- roundcube 1.4.11
- carddav 4.1.2
2021-06-30 12:36:11 +02:00
Alexander Graf
fab3168c23 Merge remote-tracking branch 'upstream/master' into kvsession 2021-06-29 16:38:38 +02:00
bors[bot]
7481a6d272
Merge
1604: Added CLI command to export and import the configuration r=mergify[bot] a=ghostwheel42

## What type of PR?

enhancement

## What does this PR do?

This PR adds a `config-dump` cli command and updates the `config-update` cli command to
handle all possible items and parameters.
This was done by adding generic **to_dict** and **from_dict** methods to the Base model, so it should be quite future-proof.
The changes to `config-update` are backwards-compatible to the old command.
I've only removed the undocumented yaml-section _managers_ - managers can now be defined in the _users_ section.

The YAML now looks like this:

```
  aliases:
    - email: email@example.com
      destination:
        - address@example.com
  
  domains:
    - name: example.com
      alternatives:
        - alternative.tld
  
  relays:
    - name: relay.example.com
      smtp: mx.example.com
  
  users:
    - email: postmaster@example.com
      displayed_name: 'Postmaster'
      enable_imap: true
      enable_pop: false
      enabled: true
      forward_destination:
        - address@remote.example.com
      forward_enabled: true
      forward_keep: true
      global_admin: true
      manager_of:
        - example.com
      password: '{BLF-CRYPT}$2b$12$...'
      spam_enabled: true
      spam_threshold: 80

```

### Related issue(s)
- Closes issue 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2021-06-29 14:18:02 +00:00
Alexander Graf
fbd945390d cleaned imports and fixed datetime and passlib use 2021-06-29 16:13:04 +02:00
Dimitri Huisman
6dc1a19390
Merge branch 'master' into import-export 2021-06-29 15:26:51 +02:00
bors[bot]
fc1a663da2
Merge
1754: centralize Webmail authentication behind the admin panel (SSO) r=mergify[bot] a=nextgens

## What type of PR?

Enhancement: it centralizes the authentication of webmails to the admin interface.

## What does this PR do?

It implements the glue required for webmails to do SSO using the admin interface.
One of the main advantages of centralizing things this way is that it reduces significantly the attack surface available to an unauthenticated attacker (no webmail access until there is a valid Flask session).

Others include the ability to implement 2FA down the line and rate-limit things as required.

### Related issue(s)
- 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-06-29 12:32:21 +00:00
bors[bot]
4ff90683ca
Merge
1758: Implement a simpler credential cache (alternative to ) r=mergify[bot] a=nextgens

## What type of PR?

Feature: it implements a credential cache to speedup authentication requests.

## What does this PR do?

Credentials are stored in cold-storage using a slow, salted/iterated hash function to prevent offline bruteforce attacks. This creates a performance bottleneck for no valid reason (see the
rationale/long version on https://github.com/Mailu/Mailu/issues/1194#issuecomment-762115549).

The new credential cache makes things fast again.

This is the simpler version of  (with no new dependencies)

### Related issue(s)
- close 
- close  
- close 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1776: optimize generation of transport nexthop r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix and enhancement.

## What does this PR do?

Possibly there should be more input validation when editing a relay, but for now this tries to make the best out of the existing "smtp" attribute while maintaining backwards compatibility. When relay is empty, the transport's nexthop is the MX of the relayed domain to fix  

```
RELAY			NEXTHOP						TRANSPORT
empty			use MX of relay domain				smtp:domain
:port			use MX of relay domain and use port	smtp:domain:port
target			resolve A/AAAA of target			smtp:[target]
target:port		resolve A/AAAA of target and use port	smtp:[target]:port
mx:target		resolve MX of target				smtp:target
mx:target:port	resolve MX of target and use port	smtp:target:port
lmtp:target		resolve A/AAAA of target			lmtp:target
lmtp:target:port	resolve A/AAAA of target and use port	lmtp:target:port

target can also be an IPv4 or IPv6 address (an IPv6 address must be enclosed in []: [2001:DB8::]).
```

When there is proper input validation and existing database entries are migrated this function can be made much shorter again.

### Related issue(s)
- closes  
- closes  

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2021-06-29 12:15:03 +00:00
bors[bot]
d1eab083f5
Merge
1831: Fix roundcube database env configuration r=mergify[bot] a=parisni

## What type of PR?

bug-fix

## What does this PR do?

Both roundcube and mailu admin website can be backed by postgres/mysql. Before this PR, the `DB_FLAVOR` is shared by both services. However, the other roundcube dedicated DB params are prefixed with `ROUNDCUBE_`. (eg: `ROUNDCUBE_DB_NAME`)
There is no reason to share the DB_FLAVOR for both: This PR makes them be considered independently to make things clear and avoid bugs.
Also, the roundcube_db_flavor and db_flavor are made separated in this PR. However for simplicity, the template generator bind them : roundcube_db_flavor = db_flavor. This makes the template generator UI more simple. I considered most of the time people want to have both roundcube and mailu share the same RDBMS.

Also, AFAIK the internal postgresql service is deprecated and will be removed in 1.9. This is why this PR does not integrate roundcube in postgres when the internal DB is choosen: in case of internal postgres, the roundcube is backed with sqlite.

Both documentation and setup website have been updated accordingly.

### Related issue(s)
- Auto close an issue like: closes  

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: parisni <nicolas.paris@riseup.net>
Co-authored-by: Nicolas Paris <nicolas.paris@riseup.net>
2021-06-29 11:58:39 +00:00
Dimitri Huisman
52005cf4e9
Update list of trusted authors.
Now the list of trusted authors reflects the contributors group again.
2021-06-29 13:57:49 +02:00
bors[bot]
8370896253
Merge
1837: Set static hostname for antispam to preserve history.  r=mergify[bot] a=Diman0

## What type of PR?
bug-fix

## What does this PR do?
It addresses bug . Rspamd stores the history in redis. The key for storing the history contains the hostname. On recreation of the docker container, the hostname changes and for this reason the rspamd history is lost. Setting a fixed hostname resolves this. Upon recreating the antispam container the history is retained. 

### Related issue(s)
- Closes 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2021-06-29 08:08:58 +00:00
Dimitri Huisman
ef5741ef80 Add newsfragment 2021-06-29 08:07:43 +00:00
Dimitri Huisman
8998e21f7b Set static hostname for antispam to preserve history. See 2021-06-29 07:59:24 +00:00
bors[bot]
c49e064ff7
Merge
1836: Test ci parallel r=Diman0 a=Diman0

## What type of PR?

enhancement

## What does this PR do?

Changes CI workflow to run all tests in parellel.  After performing some tests (see   ), I determined that using actions/cache to only cache a tar.gz. file with all build images and use this for all parallel tests is the fasted solution.

With Travis builds took ~30 minutes. Now each build runs for a maximum of 20 minutes (bors test and merge on master).
Bors r+ runs take about ~16/17 minutes.

### Related issue(s)
- Auto close an issue like: closes 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
2021-06-29 07:13:37 +00:00
Dimitri Huisman
1566dfb077
Forgot to add condition to load docker images step 2021-06-29 08:58:44 +02:00
bors[bot]
d9da8e4bb2
Merge
1746: DNS records for client autoconfiguration (RFC6186) r=Diman0 a=nextgens

## What type of PR?

Feature

## What does this PR do?

Add instructions on how to configure rfc6186 DNS records for client autoconfiguration

### Related issue(s)
- 
- 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-06-29 06:50:27 +00:00
Dimitri Huisman
b2840fed26
Update CI.yml 2021-06-28 22:51:23 +02:00
Dimitri Huisman
cf894dae03
Merge branch 'Mailu:master' into test-ci-parallel 2021-06-28 22:50:34 +02:00
Dimitri Huisman
75ee2cd1f7
Added manual trigger for workflow
Workflow file only triggers if it resides in the branch. If an old PR based on the mailu repo without CI.yml is tested, then the workflow run will not trigger. The merged commit on TESTING/STAGING branch does not contain the required CI.yml workflow file after all. In these cases simply run the workflow manually on the TESTING or STAGING branch,
2021-06-28 22:38:01 +02:00
Dimitri Huisman
c2b1f23652 It helps to also load the docker images for the tests. 2021-06-27 09:44:38 +00:00
Dimitri Huisman
c6da021106 Forgot to adapt all creat folder steps 2021-06-27 09:31:39 +00:00
Dimitri Huisman
782ffc084f Fixed typo 2021-06-27 09:26:11 +00:00
Dimitri Huisman
0468fb2064 Forgot to set permissions on images folder. Added changelog. 2021-06-27 09:24:17 +00:00
Dimitri Huisman
2f51fe6688 using != uses 2021-06-27 09:07:41 +00:00
Dimitri Huisman
a6ec14b42a Fixed spacing in CI.yml 2021-06-27 08:56:59 +00:00
Dimitri Huisman
e16e9f19fd Run test jobs in parallel for CI/CD. 2021-06-27 08:54:17 +00:00
Nicolas Paris
e4ad3a868c
Fix typo
Co-authored-by: decentral1se <1991377+decentral1se@users.noreply.github.com>
2021-06-27 10:50:15 +02:00
Nicolas Paris
7386257ded
Fix typo
Co-authored-by: decentral1se <1991377+decentral1se@users.noreply.github.com>
2021-06-27 10:47:28 +02:00
Nicolas Paris
ab7264df0c
Fix typo
Co-authored-by: decentral1se <1991377+decentral1se@users.noreply.github.com>
2021-06-27 10:46:41 +02:00
Nicolas Paris
c0c8c4a551
Fix typo
Co-authored-by: decentral1se <1991377+decentral1se@users.noreply.github.com>
2021-06-27 10:46:28 +02:00
Nicolas Paris
b560d1f369
Improve english
Co-authored-by: decentral1se <1991377+decentral1se@users.noreply.github.com>
2021-06-27 10:38:32 +02:00
bors[bot]
5d1264e381
Merge
1694: update compression algorithms for current dovecot r=nextgens a=lub

## What type of PR?

enhancement

## What does this PR do?

This adds additional compression algorithms in accordance with
https://doc.dovecot.org/configuration_manual/zlib_plugin/

### Related issue(s)

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
2021-06-26 23:38:35 +00:00
bors[bot]
92281c04f3
Merge
1806: Reflect override settings for postfix r=mergify[bot] a=ineiti

## What type of PR?

(documentation)

## What does this PR do?

Fixes path in the documentation setting, and also adds how to change postfix.cf

Co-authored-by: Linus Gasser <linus.gasser@epfl.ch>
2021-06-26 23:21:36 +00:00
bors[bot]
a1345114bc
Merge
1649: Update docs/reverse.rst with Traefik v2+ info r=mergify[bot] a=patryk-tech

## What type of PR?

Documentation

## What does this PR do?

Adds information about using Traefik v2+ as a reverse proxy.

### Related issue(s)
Closes  

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1673: Remove rspamd unused env var from start script r=mergify[bot] a=cbachert

## What type of PR?
Cleanup

## What does this PR do?
Remove unused environment variable FRONT_ADDRESS in rspamd. FRONT_ADDRESS references were removed with commit 8172f3e in PR  like mentioned in chat https://matrix.to/#/!MINuyJjJSrfowljYCK:tedomum.net/$160401946364NGNmI:imninja.net?via=huisman.xyz&via=matrix.org&via=imninja.net
```
Mailu$ grep -r "FRONT_ADDRESS" core/rspamd/
core/rspamd/start.py:os.environ["FRONT_ADDRESS"] = system.get_host_address_from_environment("FRONT", "front")
```

### Related issue(s)
N/A

## Prerequistes
- [x] Documentation updated accordingly: No documentation to update
- [x] Add to changelog: Minor change

Co-authored-by: Patryk Tech <git@patryk.tech>
Co-authored-by: cbachert <cbachert@users.noreply.github.com>
2021-06-26 21:59:25 +00:00
Dimitri Huisman
24200ddb67 Forgot to remove duplicate steps when switching back to sequential workflow 2021-06-26 21:49:37 +00:00
bors[bot]
2d3adbbfcc
Merge
1718: Warn people off of the documentation's K8s recipe. r=mergify[bot] a=c4lliope

Based on a discussion on Matrix (2020.12.19),
the helm charts are the way to go.

1793: Fix Typo in Dutch Translation r=mergify[bot] a=DjVinnii

## What type of PR?

Enhancement

## What does this PR do?

There were 2 typos in the Dutch translation file. These typos are being fixed with this PR.

### Related issue(s)
- None


Co-authored-by: Grace <30454698+c4lliope@users.noreply.github.com>
Co-authored-by: Vincent Kling <vincentkling@msn.com>
2021-06-26 21:14:51 +00:00
Dimitri Huisman
606c039a6f Switch back to sequential workflow 2021-06-26 21:00:51 +00:00