Anything that can be configured in the web administration interface,
can also be configured via the Mailu RESTful API.
See the section Advanced configuration in the configuration reference
for the relevant settings in mailu.env for enabling the API.
(API, WEB_API, API_TOKEN).
main
Dimitri Huisman2 years agocommitted byAlexander Graf
'email':fields.String(description='The email address of the user',example='John.Doe@example.com',attribute='_email'),
'password':fields.String(description='PBKDF2-HMAC-SHA256 based password of the user. For more info see passlib.hash.pbkdf2_sha256',example='$pbkdf2-sha256$1$.6UI/S.nXIk8jcbdHx3Fhg$98jZicV16ODfEsEZeYPGHU3kbrUrvUEXOPimVSQDD44'),
'comment':fields.String(description='A description for the user. This description is shown on the Users page',example='my comment'),
'quota_bytes':fields.Integer(description='The maximum quota for the user’s email box in bytes',example='1000000000'),
'global_admin':fields.Boolean(description='Make the user a global administrator'),
'enabled':fields.Boolean(description='Enable the user. When an user is disabled, the user is unable to login to the Admin GUI or webmail or access his email via IMAP/POP3 or send mail'),
'enable_imap':fields.Boolean(description='Allow email retrieval via IMAP'),
'enable_pop':fields.Boolean(description='Allow email retrieval via POP3'),
'forward_enabled':fields.Boolean(description='Enable auto forwarding'),
'forward_destination':fields.List(fields.String(description='Email address to forward emails to'),example='Other@example.com'),
'forward_keep':fields.Boolean(description='Keep a copy of the forwarded email in the inbox'),
'reply_enabled':fields.Boolean(description='Enable automatic replies. This is also known as out of office (ooo) or out of facility (oof) replies'),
'reply_subject':fields.String(description='Optional subject for the automatic reply',example='Out of office'),
'reply_body':fields.String(description='The body of the automatic reply email',example='Hello, I am out of office. I will respond when I am back.'),
'reply_startdate':fields.Date(description='Start date for automatic replies in YYYY-MM-DD format.',example='2022-02-10'),
'reply_enddate':fields.Date(description='End date for automatic replies in YYYY-MM-DD format.',example='2022-02-22'),
'displayed_name':fields.String(description='The display name of the user within the Admin GUI',example='John Doe'),
'spam_enabled':fields.Boolean(description='Enable the spam filter'),
'spam_mark_as_read':fields.Boolean(description='Enable marking spam mails as read'),
'spam_threshold':fields.Integer(description='The user defined spam filter tolerance',example='80'),
})
user_fields_post=api.model('UserCreate',{
'email':fields.String(description='The email address of the user',example='John.Doe@example.com',attribute='_email',required=True),
'raw_password':fields.String(description='The raw (plain text) password of the user. Mailu will hash the password using PBKDF2-HMAC-SHA256',example='secret',required=True),
'comment':fields.String(description='A description for the user. This description is shown on the Users page',example='my comment'),
'quota_bytes':fields.Integer(description='The maximum quota for the user’s email box in bytes',example='1000000000'),
'global_admin':fields.Boolean(description='Make the user a global administrator'),
'enabled':fields.Boolean(description='Enable the user. When an user is disabled, the user is unable to login to the Admin GUI or webmail or access his email via IMAP/POP3 or send mail'),
'enable_imap':fields.Boolean(description='Allow email retrieval via IMAP'),
'enable_pop':fields.Boolean(description='Allow email retrieval via POP3'),
'forward_enabled':fields.Boolean(description='Enable auto forwarding'),
'forward_destination':fields.List(fields.String(description='Email address to forward emails to'),example='Other@example.com'),
'forward_keep':fields.Boolean(description='Keep a copy of the forwarded email in the inbox'),
'reply_enabled':fields.Boolean(description='Enable automatic replies. This is also known as out of office (ooo) or out of facility (oof) replies'),
'reply_subject':fields.String(description='Optional subject for the automatic reply',example='Out of office'),
'reply_body':fields.String(description='The body of the automatic reply email',example='Hello, I am out of office. I will respond when I am back.'),
'reply_startdate':fields.Date(description='Start date for automatic replies in YYYY-MM-DD format.',example='2022-02-10'),
'reply_enddate':fields.Date(description='End date for automatic replies in YYYY-MM-DD format.',example='2022-02-22'),
'displayed_name':fields.String(description='The display name of the user within the Admin GUI',example='John Doe'),
'spam_enabled':fields.Boolean(description='Enable the spam filter'),
'spam_mark_as_read':fields.Boolean(description='Enable marking spam mails as read'),
'spam_threshold':fields.Integer(description='The user defined spam filter tolerance',example='80'),
})
user_fields_put=api.model('UserUpdate',{
'raw_password':fields.String(description='The raw (plain text) password of the user. Mailu will hash the password using PBKDF2-HMAC-SHA256',example='secret'),
'comment':fields.String(description='A description for the user. This description is shown on the Users page',example='my comment'),
'quota_bytes':fields.Integer(description='The maximum quota for the user’s email box in bytes',example='1000000000'),
'global_admin':fields.Boolean(description='Make the user a global administrator'),
'enabled':fields.Boolean(description='Enable the user. When an user is disabled, the user is unable to login to the Admin GUI or webmail or access his email via IMAP/POP3 or send mail'),
'enable_imap':fields.Boolean(description='Allow email retrieval via IMAP'),
'enable_pop':fields.Boolean(description='Allow email retrieval via POP3'),
'forward_enabled':fields.Boolean(description='Enable auto forwarding'),
'forward_destination':fields.List(fields.String(description='Email address to forward emails to'),example='Other@example.com'),
'forward_keep':fields.Boolean(description='Keep a copy of the forwarded email in the inbox'),
'reply_enabled':fields.Boolean(description='Enable automatic replies. This is also known as out of office (ooo) or out of facility (oof) replies'),
'reply_subject':fields.String(description='Optional subject for the automatic reply',example='Out of office'),
'reply_body':fields.String(description='The body of the automatic reply email',example='Hello, I am out of office. I will respond when I am back.'),
'reply_startdate':fields.Date(description='Start date for automatic replies in YYYY-MM-DD format.',example='2022-02-10'),
'reply_enddate':fields.Date(description='End date for automatic replies in YYYY-MM-DD format.',example='2022-02-22'),
'displayed_name':fields.String(description='The display name of the user within the Admin GUI',example='John Doe'),
'spam_enabled':fields.Boolean(description='Enable the spam filter'),
'spam_mark_as_read':fields.Boolean(description='Enable marking spam mails as read'),
'spam_threshold':fields.Integer(description='The user defined spam filter tolerance',example='80'),
The above will block flagged IPs for a week, you can of course change it to you needs.
The above will block flagged IPs for a week, you can of course change it to your needs.
4. In the mailu docker-compose set the logging driver of the Admin container to journald; and set the tag to mailu-admin
4. In the mailu docker-compose set the logging driver of the Admin container to journald; and set the tag to mailu-admin
@ -625,9 +625,34 @@ The above will block flagged IPs for a week, you can of course change it to you
maxretry = 10
maxretry = 10
action = docker-action
action = docker-action
The above will block flagged IPs for a week, you can of course change it to you needs.
The above will block flagged IPs for a week, you can of course change it to your needs.
7. Add the /etc/fail2ban/action.d/docker-action.conf
7. Add the /etc/fail2ban/filter.d/bad-auth-api.conf
..code-block:: bash
# Fail2Ban configuration file
[Definition]
failregex = .* Invalid API token provided by <HOST>.
ignoreregex =
journalmatch = CONTAINER_TAG=mailu-admin
8. Add the /etc/fail2ban/jail.d/bad-auth-api.conf
..code-block:: bash
[bad-auth-api]
enabled = true
backend = systemd
filter = bad-auth-api
bantime = 604800
findtime = 300
maxretry = 10
action = docker-action
The above will block flagged IPs for a week, you can of course change it to your needs.
9. Add the /etc/fail2ban/action.d/docker-action.conf
Option 1: Use plain iptables
Option 1: Use plain iptables
@ -678,7 +703,7 @@ Using iptables with ipset might reduce the system load in such attacks significa
Using DOCKER-USER chain ensures that the blocked IPs are processed in the correct order with Docker. See more in: https://docs.docker.com/network/iptables/
Using DOCKER-USER chain ensures that the blocked IPs are processed in the correct order with Docker. See more in: https://docs.docker.com/network/iptables/
1. Configure and restart the Fail2Ban service
10. Configure and restart the Fail2Ban service
Make sure Fail2Ban is started after the Docker service by adding a partial override which appends this to the existing configuration.
Make sure Fail2Ban is started after the Docker service by adding a partial override which appends this to the existing configuration.