Merge branch 'master' of github.com:mailu/mailu

master
kaiyou 6 years ago
commit 7c82be904f

@ -7,7 +7,7 @@ COPY requirements-prod.txt requirements.txt
RUN apk add --no-cache openssl \ RUN apk add --no-cache openssl \
&& apk add --no-cache --virtual build-dep openssl-dev libffi-dev python-dev build-base \ && apk add --no-cache --virtual build-dep openssl-dev libffi-dev python-dev build-base \
&& pip install -r requirements.txt \ && pip install -r requirements.txt \
&& apk del build-dep && apk del --no-cache build-dep
COPY mailu ./mailu COPY mailu ./mailu
COPY migrations ./migrations COPY migrations ./migrations

@ -57,7 +57,7 @@ default_config = {
'RECAPTCHA_PUBLIC_KEY': '', 'RECAPTCHA_PUBLIC_KEY': '',
'RECAPTCHA_PRIVATE_KEY': '', 'RECAPTCHA_PRIVATE_KEY': '',
# Advanced settings # Advanced settings
'PASSWORD_SCHEME': 'SHA512-CRYPT', 'PASSWORD_SCHEME': 'BLF-CRYPT',
# Host settings # Host settings
'HOST_IMAP': 'imap', 'HOST_IMAP': 'imap',
'HOST_POP3': 'imap', 'HOST_POP3': 'imap',

@ -276,7 +276,8 @@ class User(Base, Email):
else: else:
return self.email return self.email
scheme_dict = {'SHA512-CRYPT': "sha512_crypt", scheme_dict = {'BLF-CRYPT': "bcrypt",
'SHA512-CRYPT': "sha512_crypt",
'SHA256-CRYPT': "sha256_crypt", 'SHA256-CRYPT': "sha256_crypt",
'MD5-CRYPT': "md5_crypt", 'MD5-CRYPT': "md5_crypt",
'CRYPT': "des_crypt"} 'CRYPT': "des_crypt"}

@ -1,6 +1,7 @@
alembic==0.9.9 alembic==0.9.9
asn1crypto==0.24.0 asn1crypto==0.24.0
Babel==2.5.3 Babel==2.5.3
bcrypt==3.1.4
blinker==1.4 blinker==1.4
certifi==2018.4.16 certifi==2018.4.16
cffi==1.11.5 cffi==1.11.5

@ -17,3 +17,4 @@ tabulate
PyYAML PyYAML
PyOpenSSL PyOpenSSL
dnspython dnspython
bcrypt

@ -120,12 +120,18 @@ WEBSITE=https://mailu.io
# Advanced settings # Advanced settings
################################### ###################################
# Log driver for front service. Possible values:
# json-file (default)
# journald (On systemd platforms, useful for Fail2Ban integration)
# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!)
LOG_DRIVER=json-file
# Docker-compose project name, this will prepended to containers names. # Docker-compose project name, this will prepended to containers names.
COMPOSE_PROJECT_NAME=mailu COMPOSE_PROJECT_NAME=mailu
# Default password scheme used for newly created accounts and changed passwords # Default password scheme used for newly created accounts and changed passwords
# (value: SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT) # (value: BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT)
PASSWORD_SCHEME=SHA512-CRYPT PASSWORD_SCHEME=BLF-CRYPT
# Header to take the real ip from # Header to take the real ip from
REAL_IP_HEADER= REAL_IP_HEADER=

@ -6,6 +6,8 @@ services:
image: mailu/nginx:$VERSION image: mailu/nginx:$VERSION
restart: always restart: always
env_file: .env env_file: .env
logging:
driver: $LOG_DRIVER
ports: ports:
- "$BIND_ADDRESS4:80:80" - "$BIND_ADDRESS4:80:80"
- "$BIND_ADDRESS4:443:443" - "$BIND_ADDRESS4:443:443"

@ -26,36 +26,61 @@ for the ``VERSION_TAG`` branch, use:
wget https://mailu.io/VERSION_TAG/_downloads/docker-compose.yml wget https://mailu.io/VERSION_TAG/_downloads/docker-compose.yml
wget https://mailu.io/VERSION_TAG/_downloads/.env wget https://mailu.io/VERSION_TAG/_downloads/.env
Then open the ``.env`` file to setup the mail server. Modify the ``ROOT`` setting Important configuration variables
to match your setup directory if different from ``/mailu``. ---------------------------------
Modify the ``VERSION`` configuration in the ``.env`` file to reflect the version you picked. Open the ``.env`` file and review the following variable settings:
Set the common configuration values - Change ``ROOT`` if you have your setup directory in a different location then ``/mailu``.
----------------------------------- - Check ``VERSION`` to reflect the version you picked. (``master`` or ``1.5``).
Open the ``.env`` file and set configuration settings after reading the configuration Make sure to read the comments in the file and instructions from the :ref:`common_cfg` section.
documentation. Some settings are specific to the Docker Compose setup.
Modify ``BIND_ADDRESS4`` to match the public IP address assigned to your server. TLS certificates
This address should be configured on one of the network interfaces of the server. ````````````````
If the address is not configured directly (NAT) on any of the network interfaces or if
you would simply like the server to listen on all interfaces, use ``0.0.0.0``.
Modify ``BIND_ADDRESS6`` to match the public IPv6 address assigned to your server.
The behavior is identical to ``BIND_ADDRESS4``.
Set the ``TLS_FLAVOR`` to one of the following Set the ``TLS_FLAVOR`` to one of the following
values: values:
- ``cert`` is the default and requires certificates to be setup manually; - ``cert`` is the default and requires certificates to be setup manually;
- ``letsencrypt`` will use the Letsencrypt! CA to generate automatic ceriticates; - ``letsencrypt`` will use the *Letsencrypt!* CA to generate automatic ceriticates;
- ``mail`` is similar to ``cert`` except that TLS will only be served for - ``mail`` is similar to ``cert`` except that TLS will only be served for
emails (IMAP and SMTP), not HTTP (use it behind reverse proxies); emails (IMAP and SMTP), not HTTP (use it behind reverse proxies);
- ``mail-letsencrypt`` is similar to ``letsencrypt`` except that TLS will only be served for - ``mail-letsencrypt`` is similar to ``letsencrypt`` except that TLS will only be served for
emails (IMAP and SMTP), not HTTP (use it behind reverse proxies); emails (IMAP and SMTP), not HTTP (use it behind reverse proxies);
- ``notls`` will disable TLS, this is not recommended except for testing. - ``notls`` will disable TLS, this is not recommended except for testing.
.. note::
When using *Letsencrypt!* you have to make sure that the DNS ``A`` and ``AAAA`` records for the
all hostnames mentioned in the ``HOSTNAMES`` variable match with the ip adresses of you server.
Or else certificate generation will fail! See also: :ref:`dns_setup`.
Bind address
````````````
Modify ``BIND_ADDRESS4`` and ``BIND_ADDRESS6`` to match the public IP addresses assigned to your server. For IPv6 you will need the ``<global>`` scope address.
You can find those addresses by running the following:
.. code-block:: bash
[root@mailu ~]$ ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 125.189.138.127 netmask 255.255.255.0 broadcast 5.189.138.255
inet6 fd21:aab2:717c:cc5a::1 prefixlen 64 scopeid 0x0<global>
inet6 fe2f:2a73:43a8:7a1b::1 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:3c:b2:23 txqueuelen 1000 (Ethernet)
RX packets 174866612 bytes 127773819607 (118.9 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 19905110 bytes 2191519656 (2.0 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
If the address is not configured directly (NAT) on any of the network interfaces or if
you would simply like the server to listen on all interfaces, use ``0.0.0.0`` and ``::``. Note that running is this mode is not supported and can lead to `issues`_.
.. _issues: https://github.com/Mailu/Mailu/issues/641
Enable optional features Enable optional features
------------------------ ------------------------

@ -1,12 +1,20 @@
Mailu configuration settings Mailu configuration settings
============================ ============================
.. _common_cfg:
Common configuration Common configuration
-------------------- --------------------
The ``SECRET_KEY`` **must** be changed for every setup and set to a 16 bytes The ``SECRET_KEY`` **must** be changed for every setup and set to a 16 bytes
randomly generated value. It is intended to secure authentication cookies randomly generated value. It is intended to secure authentication cookies
among other critical uses. among other critical uses. This can be generated with a utility such as *pwgen*,
which can be installed on most Linux systems:
.. code-block:: bash
apt-get install pwgen
pwgen 16 1
The ``DOMAIN`` holds the main e-mail domain for the server. This email domain The ``DOMAIN`` holds the main e-mail domain for the server. This email domain
is used for bounce emails, for generating the postmaster email and other is used for bounce emails, for generating the postmaster email and other

@ -5,39 +5,51 @@ Docker containers
----------------- -----------------
The development environment is quite similar to the production one. You should always use The development environment is quite similar to the production one. You should always use
the ``master`` version when developing. Simply add a build directive to the images the ``master`` version when developing.
you are working on in the ``docker-compose.yml``:
.. code-block:: yaml Building images
```````````````
webdav: We supply a separate ``test/build.yml`` file for
build: ./optional/radicale convenience. To build all Mailu containers:
image: mailu/$WEBDAV:$VERSION
restart: always
env_file: .env
volumes:
- "$ROOT/dav:/data"
admin:
build: ./core/admin
image: mailu/admin:$VERSION
restart: always
env_file: .env
volumes:
- "$ROOT/data:/data"
- "$ROOT/dkim:/dkim"
- /var/run/docker.sock:/var/run/docker.sock:ro
depends_on:
- redis
The build these containers.
.. code-block:: bash .. code-block:: bash
docker-compose build admin webdav docker-compose -f tests/build.yml build
Then you can simply start the stack as normal, newly-built images will be used. The ``build.yml`` file has two variables:
#. ``$DOCKER_ORG``: First part of the image tag. Defaults to *mailu* and needs to be changed
only when pushing to your own Docker hub account.
#. ``$VERSION``: Last part of the image tag. Defaults to *local* to differentiate from pulled
images.
To re-build only specific containers at a later time.
.. code-block:: bash
docker-compose -f tests/build.yml build admin webdav
If you have to push the images to Docker Hub for testing in Docker Swarm or a remote
host, you have to define ``DOCKER_ORG`` (usually your Docker user-name) and login to
the hub.
.. code-block:: bash
docker login
Username: Foo
Password: Bar
export DOCKER_ORG="Foo"
export VERSION="feat-extra-app"
docker-compose -f tests/build.yml build
docker-compose -f tests/build.yml push
Running containers
``````````````````
To run the newly created images: ``cd`` to your project directory. Edit ``.env`` to set
``VERSION`` to the same value as used during the build, which defaults to ``local``.
After that you can run:
.. code-block:: bash .. code-block:: bash

@ -1,3 +1,5 @@
.. _dns_setup:
Setting up your DNS Setting up your DNS
=================== ===================

@ -32,7 +32,7 @@ user. Make sure you complete the requirements for the flavor you chose.
You should also have at least a DNS hostname and a DNS name for receiving You should also have at least a DNS hostname and a DNS name for receiving
emails. Some instructions are provided on the matter in the article emails. Some instructions are provided on the matter in the article
[Setup your DNS](dns). :ref:`dns_setup`.
.. _`MFAshby's fork`: https://github.com/MFAshby/Mailu .. _`MFAshby's fork`: https://github.com/MFAshby/Mailu
@ -68,10 +68,9 @@ Make sure that you test properly before going live!
- Try to receive an email from an external service - Try to receive an email from an external service
- Check the logs (``docker-compose logs -f servicenamehere``) to look for - Check the logs (``docker-compose logs -f servicenamehere``) to look for
warnings or errors warnings or errors
- Use an open relay checker like `mailradar`_ - Use an open relay checker like `mxtoolbox`_
to ensure you're not contributing to the spam problem on the internet. to ensure you're not contributing to the spam problem on the internet.
All tests there should result in "Relay denied".
- If using DMARC, be sure to check the reports you get to verify that legitimate - If using DMARC, be sure to check the reports you get to verify that legitimate
email is getting through and forgeries are being properly blocked. email is getting through and forgeries are being properly blocked.
.. _mailradar: http://www.mailradar.com/openrelay/ .. _mxtoolbox: https://mxtoolbox.com/diagnostic.aspx

@ -3,54 +3,54 @@ version: '3'
services: services:
front: front:
image: $DOCKER_ORG/nginx:$VERSION image: ${DOCKER_ORG:-mailu}/nginx:${VERSION:-local}
build: ../core/nginx build: ../core/nginx
imap: imap:
image: $DOCKER_ORG/dovecot:$VERSION image: ${DOCKER_ORG:-mailu}/dovecot:${VERSION:-local}
build: ../core/dovecot build: ../core/dovecot
smtp: smtp:
image: $DOCKER_ORG/postfix:$VERSION image: ${DOCKER_ORG:-mailu}/postfix:${VERSION:-local}
build: ../core/postfix build: ../core/postfix
antispam: antispam:
image: $DOCKER_ORG/rspamd:$VERSION image: ${DOCKER_ORG:-mailu}/rspamd:${VERSION:-local}
build: ../services/rspamd build: ../services/rspamd
antivirus: antivirus:
image: $DOCKER_ORG/clamav:$VERSION image: ${DOCKER_ORG:-mailu}/clamav:${VERSION:-local}
build: ../optional/clamav build: ../optional/clamav
webdav: webdav:
image: $DOCKER_ORG/radicale:$VERSION image: ${DOCKER_ORG:-mailu}/radicale:${VERSION:-local}
build: ../optional/radicale build: ../optional/radicale
admin: admin:
image: $DOCKER_ORG/admin:$VERSION image: ${DOCKER_ORG:-mailu}/admin:${VERSION:-local}
build: ../core/admin build: ../core/admin
roundcube: roundcube:
image: $DOCKER_ORG/roundcube:$VERSION image: ${DOCKER_ORG:-mailu}/roundcube:${VERSION:-local}
build: ../webmails/roundcube build: ../webmails/roundcube
rainloop: rainloop:
image: $DOCKER_ORG/rainloop:$VERSION image: ${DOCKER_ORG:-mailu}/rainloop:${VERSION:-local}
build: ../webmails/rainloop build: ../webmails/rainloop
fetchmail: fetchmail:
image: $DOCKER_ORG/fetchmail:$VERSION image: ${DOCKER_ORG:-mailu}/fetchmail:${VERSION:-local}
build: ../services/fetchmail build: ../services/fetchmail
none: none:
image: $DOCKER_ORG/none:$VERSION image: ${DOCKER_ORG:-mailu}/none:${VERSION:-local}
build: ../core/none build: ../core/none
docs: docs:
image: $DOCKER_ORG/docs:$VERSION image: ${DOCKER_ORG:-mailu}/docs:${VERSION:-local}
build: ../docs build: ../docs
setup: setup:
image: $DOCKER_ORG/setup:$VERSION image: ${DOCKER_ORG:-mailu}/setup:${VERSION:-local}
build: ../setup build: ../setup

@ -120,6 +120,12 @@ WEBSITE=https://mailu.io
# Advanced settings # Advanced settings
################################### ###################################
# Log driver for front service. Possible values:
# json-file (default)
# journald (On systemd platforms, useful for Fail2Ban integration)
# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!)
LOG_DRIVER=json-file
# Docker-compose project name, this will prepended to containers names. # Docker-compose project name, this will prepended to containers names.
#COMPOSE_PROJECT_NAME=mailu #COMPOSE_PROJECT_NAME=mailu

@ -6,6 +6,8 @@ services:
image: $DOCKER_ORG/nginx:$VERSION image: $DOCKER_ORG/nginx:$VERSION
restart: 'no' restart: 'no'
env_file: $PWD/.env env_file: $PWD/.env
logging:
driver: $LOG_DRIVER
ports: ports:
- "$BIND_ADDRESS4:80:80" - "$BIND_ADDRESS4:80:80"
- "$BIND_ADDRESS4:443:443" - "$BIND_ADDRESS4:443:443"

@ -1,20 +1,21 @@
FROM php:7.2-apache FROM php:7.2-apache
RUN apt-get update && apt-get install -y \
unzip python3 python3-jinja2
ENV RAINLOOP_URL https://github.com/RainLoop/rainloop-webmail/releases/download/v1.12.1/rainloop-community-1.12.1.zip ENV RAINLOOP_URL https://github.com/RainLoop/rainloop-webmail/releases/download/v1.12.1/rainloop-community-1.12.1.zip
RUN rm -rf /var/www/html/ \ RUN apt-get update && apt-get install -y \
unzip python3 python3-jinja2 \
&& rm -rf /var/www/html/ \
&& mkdir /var/www/html \ && mkdir /var/www/html \
&& cd /var/www/html \ && cd /var/www/html \
&& curl -L -O ${RAINLOOP_URL} \ && curl -L -O ${RAINLOOP_URL} \
&& unzip *.zip \ && unzip -q *.zip \
&& rm -f *.zip \ && rm -f *.zip \
&& rm -rf data/ \ && rm -rf data/ \
&& find . -type d -exec chmod 755 {} \; \ && find . -type d -exec chmod 755 {} \; \
&& find . -type f -exec chmod 644 {} \; \ && find . -type f -exec chmod 644 {} \; \
&& chown -R www-data: * && chown -R www-data: * \
&& apt-get purge -y unzip \
&& rm -rf /var/lib/apt/lists
COPY include.php /var/www/html/include.php COPY include.php /var/www/html/include.php
COPY php.ini /usr/local/etc/php/conf.d/rainloop.ini COPY php.ini /usr/local/etc/php/conf.d/rainloop.ini

@ -1,14 +1,12 @@
FROM php:7.2-apache FROM php:7.2-apache
RUN apt-get update && apt-get install -y \
zlib1g-dev \
&& docker-php-ext-install zip
ENV ROUNDCUBE_URL https://github.com/roundcube/roundcubemail/releases/download/1.3.7/roundcubemail-1.3.7-complete.tar.gz ENV ROUNDCUBE_URL https://github.com/roundcube/roundcubemail/releases/download/1.3.7/roundcubemail-1.3.7-complete.tar.gz
RUN echo date.timezone=UTC > /usr/local/etc/php/conf.d/timezone.ini RUN apt-get update && apt-get install -y \
zlib1g-dev \
RUN rm -rf /var/www/html/ \ && docker-php-ext-install zip \
&& echo date.timezone=UTC > /usr/local/etc/php/conf.d/timezone.ini \
&& rm -rf /var/www/html/ \
&& cd /var/www \ && cd /var/www \
&& curl -L -O ${ROUNDCUBE_URL} \ && curl -L -O ${ROUNDCUBE_URL} \
&& tar -xf *.tar.gz \ && tar -xf *.tar.gz \
@ -17,7 +15,8 @@ RUN rm -rf /var/www/html/ \
&& cd html \ && cd html \
&& rm -rf CHANGELOG INSTALL LICENSE README.md UPGRADING composer.json-dist installer \ && rm -rf CHANGELOG INSTALL LICENSE README.md UPGRADING composer.json-dist installer \
&& sed -i 's,mod_php5.c,mod_php7.c,g' .htaccess \ && sed -i 's,mod_php5.c,mod_php7.c,g' .htaccess \
&& chown -R www-data: logs temp && chown -R www-data: logs temp \
&& rm -rf /var/lib/apt/lists
COPY php.ini /usr/local/etc/php/conf.d/roundcube.ini COPY php.ini /usr/local/etc/php/conf.d/roundcube.ini

Loading…
Cancel
Save