Merge remote-tracking branch 'upstream/master' into ratelimits

master
Florent Daigniere 3 years ago
commit 8414dd5cf0

@ -13,7 +13,7 @@ COPY webpack.config.js ./
COPY assets ./assets
RUN set -eu \
&& sed -i 's/#007bff/#55a5d9/' node_modules/admin-lte/build/scss/_bootstrap-variables.scss \
&& for l in ca da de:de_de en:en-gb es:es_es eu fr:fr_fr he hu is it:it_it ja nb_NO:no_nb nl:nl_nl pl pt:pt_pt ru sv:sv_se zh_CN:zh; do \
&& for l in ca da de:de_de en:en-gb es:es_es eu fr:fr_fr he hu is it:it_it ja nb_NO:no_nb nl:nl_nl pl pt:pt_pt ru sv:sv_se zh; do \
cp node_modules/datatables.net-plugins/i18n/${l#*:}.json assets/${l%:*}.json; \
done \
&& node_modules/.bin/webpack-cli --color

@ -66,5 +66,12 @@ $('document').ready(function() {
// init clipboard.js
new ClipboardJS('.btn-clip');
// disable login if not possible
var l = $('#login_needs_https');
if (l.length && window.location.protocol != 'https:') {
l.removeClass("d-none");
$('form :input').prop('disabled', true);
}
});

@ -30,6 +30,7 @@ def create_app_from_config(config):
app.device_cookie_key = hmac.new(bytearray(app.secret_key, 'utf-8'), bytearray('DEVICE_COOKIE_KEY', 'utf-8'), 'sha256').digest()
app.temp_token_key = hmac.new(bytearray(app.secret_key, 'utf-8'), bytearray('WEBMAIL_TEMP_TOKEN_KEY', 'utf-8'), 'sha256').digest()
app.srs_key = hmac.new(bytearray(app.secret_key, 'utf-8'), bytearray('SRS_KEY', 'utf-8'), 'sha256').digest()
# Initialize list of translations
config.translations = {

@ -52,6 +52,7 @@ DEFAULT_CONFIG = {
'DKIM_PATH': '/dkim/{domain}.{selector}.key',
'DEFAULT_QUOTA': 1000000000,
'MESSAGE_RATELIMIT': '200/day',
'RECIPIENT_DELIMITER': '',
# Web settings
'SITENAME': 'Mailu',
'WEBSITE': 'https://mailu.io',

@ -5,6 +5,7 @@ import re
import urllib
import ipaddress
import socket
import sqlalchemy.exc
import tenacity
SUPPORTED_AUTH_METHODS = ["none", "plain"]
@ -96,8 +97,13 @@ def handle_authentication(headers):
except:
app.logger.warn(f'Received undecodable user/password from nginx: {raw_user_email!r}/{raw_password!r}')
else:
try:
user = models.User.query.get(user_email)
is_valid_user = True
except sqlalchemy.exc.StatementError as exc:
exc = str(exc).split('\n', 1)[0]
app.logger.warn(f'Invalid user {user_email!r}: {exc}')
else:
ip = urllib.parse.unquote(headers["Client-Ip"])
if check_credentials(user, password, ip, protocol):
server, port = get_server(headers["Auth-Protocol"], True)

@ -1,3 +1,3 @@
__all__ = [
'auth', 'postfix', 'dovecot', 'fetch'
'auth', 'postfix', 'dovecot', 'fetch', 'rspamd'
]

@ -108,7 +108,7 @@ def postfix_recipient_map(recipient):
This is meant for bounces to go back to the original sender.
"""
srs = srslib.SRS(flask.current_app.config["SECRET_KEY"])
srs = srslib.SRS(flask.current_app.srs_key)
if srslib.SRS.is_srs_address(recipient):
try:
return flask.jsonify(srs.reverse(recipient))
@ -123,7 +123,7 @@ def postfix_sender_map(sender):
This is for bounces to come back the reverse path properly.
"""
srs = srslib.SRS(flask.current_app.config["SECRET_KEY"])
srs = srslib.SRS(flask.current_app.srs_key)
domain = flask.current_app.config["DOMAIN"]
try:
localpart, domain_name = models.Email.resolve_domain(sender)
@ -140,6 +140,7 @@ def postfix_sender_login(sender):
localpart, domain_name = models.Email.resolve_domain(sender)
if localpart is None:
return flask.jsonify(",".join(wildcard_senders)) if wildcard_senders else flask.abort(404)
localpart = localpart[:next((i for i, ch in enumerate(localpart) if ch in flask.current_app.config.get('RECIPIENT_DELIMITER')), None)]
destination = models.Email.resolve_destination(localpart, domain_name, True)
destination = [*destination, *wildcard_senders] if destination else [*wildcard_senders]
return flask.jsonify(",".join(destination)) if destination else flask.abort(404)

@ -0,0 +1,30 @@
from mailu import models
from mailu.internal import internal
import flask
def vault_error(*messages, status=404):
return flask.make_response(flask.jsonify({'errors':messages}), status)
# rspamd key format:
# {"selectors":[{"pubkey":"...","domain":"...","valid_start":TS,"valid_end":TS,"key":"...","selector":"...","bits":...,"alg":"..."}]}
# hashicorp vault answer format:
# {"request_id":"...","lease_id":"","renewable":false,"lease_duration":2764800,"data":{...see above...},"wrap_info":null,"warnings":null,"auth":null}
@internal.route("/rspamd/vault/v1/dkim/<domain_name>", methods=['GET'])
def rspamd_dkim_key(domain_name):
domain = models.Domain.query.get(domain_name) or flask.abort(vault_error('unknown domain'))
key = domain.dkim_key or flask.abort(vault_error('no dkim key', status=400))
return flask.jsonify({
'data': {
'selectors': [
{
'domain' : domain.name,
'key' : key.decode('utf8'),
'selector': flask.current_app.config.get('DKIM_SELECTOR', 'dkim'),
}
]
}
})

@ -57,6 +57,8 @@ class IdnaEmail(db.TypeDecorator):
def process_bind_param(self, value, dialect):
""" encode unicode domain part of email address to punycode """
if not '@' in value:
raise ValueError('invalid email address (no "@")')
localpart, domain_name = value.lower().rsplit('@', 1)
if '@' in localpart:
raise ValueError('email local part must not contain "@"')
@ -241,6 +243,13 @@ class Domain(Base):
ruf = f' ruf=mailto:{ruf}@{domain};' if ruf else ''
return f'_dmarc.{self.name}. 600 IN TXT "v=DMARC1; p=reject;{rua}{ruf} adkim=s; aspf=s"'
@cached_property
def dns_dmarc_report(self):
""" return DMARC report record for mailu server """
if self.dkim_key:
domain = app.config['DOMAIN']
return f'{self.name}._report._dmarc.{domain}. 600 IN TXT "v=DMARC1"'
@cached_property
def dns_autoconfig(self):
""" return list of auto configuration records (RFC6186) """
@ -560,6 +569,8 @@ class User(Base, Email):
""" verifies password against stored hash
and updates hash if outdated
"""
if password == '':
return False
cache_result = self._credential_cache.get(self.get_id())
current_salt = self.password.split('$')[3] if len(self.password.split('$')) == 5 else None
if cache_result and current_salt:

@ -3,9 +3,11 @@ msgstr ""
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: POEditor.com\n"
"X-Generator: Poedit 1.5.7\n"
"Project-Id-Version: Mailu\n"
"Language: zh-CN\n"
"Language: zh\n"
"Last-Translator: Chris Chuan <Chris.chuan@gmail.com>\n"
"Language-Team: \n"
#: mailu/ui/forms.py:32
msgid "Invalid email address."
@ -28,7 +30,7 @@ msgstr "密码"
#: mailu/ui/forms.py:42 mailu/ui/templates/login.html:4
#: mailu/ui/templates/sidebar.html:111
msgid "Sign in"
msgstr "注册"
msgstr "登录"
#: mailu/ui/forms.py:46 mailu/ui/forms.py:56
#: mailu/ui/templates/domain/details.html:27
@ -44,6 +46,14 @@ msgstr "最大用户数"
msgid "Maximum alias count"
msgstr "最大别名数"
#: mailu/ui/forms.py:49
msgid "Maximum user quota"
msgstr "最大用户配额"
#: mailu/ui/forms.py:50
msgid "Enable sign-up"
msgstr "启用注册"
#: mailu/ui/forms.py:51 mailu/ui/forms.py:72 mailu/ui/forms.py:83
#: mailu/ui/forms.py:128 mailu/ui/forms.py:140
#: mailu/ui/templates/alias/list.html:21 mailu/ui/templates/domain/list.html:21
@ -57,10 +67,30 @@ msgstr "说明"
msgid "Create"
msgstr "创建"
#: mailu/ui/forms.py:57
msgid "Initial admin"
msgstr "初始管理员"
#: mailu/ui/forms.py:58
msgid "Admin password"
msgstr "管理员密码"
#: mailu/ui/forms.py:59 mailu/ui/forms.py:79 mailu/ui/forms.py:91
msgid "Confirm password"
msgstr "确认密码"
#: mailu/ui/forms.py:65
msgid "Alternative name"
msgstr "备用名称"
#: mailu/ui/forms.py:70
msgid "Relayed domain name"
msgstr "中继域域名"
#: mailu/ui/forms.py:71 mailu/ui/templates/relay/list.html:18
msgid "Remote host"
msgstr "远程主机"
#: mailu/ui/forms.py:80 mailu/ui/templates/user/list.html:22
#: mailu/ui/templates/user/signup_domain.html:16
msgid "Quota"
@ -74,10 +104,24 @@ msgstr "允许IMAP访问"
msgid "Allow POP3 access"
msgstr "允许 POP3 访问"
#: mailu/ui/forms.py:84
msgid "Enabled"
msgstr "启用"
#: mailu/ui/forms.py:85
msgid "Save"
msgstr "保存"
#: mailu/ui/forms.py:89
msgid "Email address"
msgstr "邮件地址"
#: mailu/ui/forms.py:93 mailu/ui/templates/sidebar.html:117
#: mailu/ui/templates/user/signup.html:4
#: mailu/ui/templates/user/signup_domain.html:4
msgid "Sign up"
msgstr "注册"
#: mailu/ui/forms.py:97
msgid "Displayed name"
msgstr "显示名称"
@ -86,10 +130,23 @@ msgstr "显示名称"
msgid "Enable spam filter"
msgstr "启用垃圾邮件过滤"
#: mailu/ui/forms.py:80
msgid "Spam filter threshold"
#: mailu/ui/forms.py:99
msgid "Spam filter tolerance"
msgstr "垃圾邮件过滤器阈值"
#: mailu/ui/forms.py:100
msgid "Enable forwarding"
msgstr "启用转发"
#: mailu/ui/forms.py:101
msgid "Keep a copy of the emails"
msgstr "保留电子邮件副本"
#: mailu/ui/forms.py:103 mailu/ui/forms.py:139
#: mailu/ui/templates/alias/list.html:20
msgid "Destination"
msgstr "目的地址"
#: mailu/ui/forms.py:105
msgid "Save settings"
msgstr "保存设置"
@ -102,19 +159,6 @@ msgstr "检查密码"
msgid "Update password"
msgstr "更新密码"
#: mailu/ui/forms.py:100
msgid "Enable forwarding"
msgstr "启用转发"
#: mailu/ui/forms.py:103 mailu/ui/forms.py:139
#: mailu/ui/templates/alias/list.html:20
msgid "Destination"
msgstr "目的地址"
#: mailu/ui/forms.py:120
msgid "Update"
msgstr "更新"
#: mailu/ui/forms.py:115
msgid "Enable automatic reply"
msgstr "启用自动回复"
@ -127,6 +171,22 @@ msgstr "回复主题"
msgid "Reply body"
msgstr "回复正文"
#: mailu/ui/forms.py:119
msgid "End of vacation"
msgstr "假期结束"
#: mailu/ui/forms.py:120
msgid "Update"
msgstr "更新"
#: mailu/ui/forms.py:125
msgid "Your token (write it down, as it will never be displayed again)"
msgstr "您的令牌(请记录,它只显示这一次)"
#: mailu/ui/forms.py:130 mailu/ui/templates/token/list.html:20
msgid "Authorized IP"
msgstr "授权 IP"
#: mailu/ui/forms.py:136
msgid "Alias"
msgstr "别名"
@ -169,11 +229,44 @@ msgstr "启用TLS"
msgid "Username"
msgstr "用户名"
#: mailu/ui/forms.py:163
msgid "Keep emails on the server"
msgstr "在服务器上保留电子邮件"
#: mailu/ui/forms.py:168
msgid "Announcement subject"
msgstr "公告主题"
#: mailu/ui/forms.py:170
msgid "Announcement body"
msgstr "公告正文"
#: mailu/ui/forms.py:172
msgid "Send"
msgstr "发送"
#: mailu/ui/templates/announcement.html:4
msgid "Public announcement"
msgstr "公开公告"
#: mailu/ui/templates/client.html:4 mailu/ui/templates/sidebar.html:82
msgid "Client setup"
msgstr "客户端设置"
#: mailu/ui/templates/client.html:16 mailu/ui/templates/client.html:43
msgid "Mail protocol"
msgstr "邮件协议"
#: mailu/ui/templates/client.html:24 mailu/ui/templates/client.html:51
msgid "Server name"
msgstr "服务器名称"
#: mailu/ui/templates/confirm.html:4
msgid "Confirm action"
msgstr "确认操作"
#: mailu/ui/templates/confirm.html:13
#, python-format
msgid "You are about to %(action)s. Please confirm your action."
msgstr "即将%(action)s请确认您的操作。"
@ -185,54 +278,18 @@ msgstr "Docker错误"
msgid "An error occurred while talking to the Docker server."
msgstr "Docker服务器通信出错"
#: mailu/admin/templates/login.html:6
msgid "Your account"
msgstr "你的帐户"
#: mailu/ui/templates/login.html:8
msgid "to access the administration tools"
msgstr "访问管理员工具"
#: mailu/ui/templates/services.html:4 mailu/ui/templates/sidebar.html:39
msgid "Services status"
msgstr "服务状态"
#: mailu/ui/templates/services.html:10
msgid "Service"
msgstr "服务"
#: mailu/ui/templates/fetch/list.html:23 mailu/ui/templates/services.html:11
msgid "Status"
msgstr "状态"
#: mailu/ui/templates/services.html:12
msgid "PID"
msgstr "进程ID"
#: mailu/ui/templates/services.html:13
msgid "Image"
msgstr "镜像"
#: mailu/ui/templates/services.html:14
msgid "Started"
msgstr "已开始"
#: mailu/ui/templates/services.html:15
msgid "Last update"
msgstr "最后更新"
msgstr "访问管理工具"
#: mailu/ui/templates/sidebar.html:8
msgid "My account"
msgstr "我的户"
msgstr "我的账户"
#: mailu/ui/templates/sidebar.html:11 mailu/ui/templates/user/list.html:34
msgid "Settings"
msgstr "设置"
#: mailu/ui/templates/user/settings.html:22
msgid "Auto-forward"
msgstr "自动转发"
#: mailu/ui/templates/sidebar.html:21 mailu/ui/templates/user/list.html:35
msgid "Auto-reply"
msgstr "自动回复"
@ -240,39 +297,71 @@ msgstr "自动回复"
#: mailu/ui/templates/fetch/list.html:4 mailu/ui/templates/sidebar.html:26
#: mailu/ui/templates/user/list.html:36
msgid "Fetched accounts"
msgstr "代收户"
msgstr "代收户"
#: mailu/ui/templates/sidebar.html:105
msgid "Sign out"
msgstr "登出"
#: mailu/ui/templates/sidebar.html:31 mailu/ui/templates/token/list.html:4
msgid "Authentication tokens"
msgstr "认证令牌"
#: mailu/ui/templates/sidebar.html:35
msgid "Administration"
msgstr "管理"
#: mailu/ui/templates/sidebar.html:44
msgid "Announcement"
msgstr "公告"
#: mailu/ui/templates/sidebar.html:49
msgid "Administrators"
msgstr "管理员"
#: mailu/ui/templates/sidebar.html:54
msgid "Relayed domains"
msgstr "中继域"
#: mailu/ui/templates/sidebar.html:59 mailu/ui/templates/user/settings.html:15
msgid "Antispam"
msgstr "发垃圾邮件"
#: mailu/ui/templates/sidebar.html:66
msgid "Mail domains"
msgstr "邮件域"
#: mailu/ui/templates/sidebar.html:72
msgid "Go to"
msgstr "转到"
#: mailu/ui/templates/sidebar.html:76
msgid "Webmail"
msgstr "网页邮箱"
#: mailu/ui/templates/sidebar.html:87
msgid "Website"
msgstr "网站"
#: mailu/ui/templates/sidebar.html:92
msgid "Help"
msgstr "帮助"
#: mailu/ui/templates/domain/signup.html:4 mailu/ui/templates/sidebar.html:98
msgid "Register a domain"
msgstr "注册域名"
#: mailu/ui/templates/sidebar.html:105
msgid "Sign out"
msgstr "登出"
#: mailu/ui/templates/working.html:4
msgid "We are still working on this feature!"
msgstr "该功能开发中……"
#: mailu/ui/templates/admin/create.html:4
msgid "Add a global administrator"
msgstr "添加超级管理员"
msgstr "添加全局管理员"
#: mailu/ui/templates/admin/list.html:4
msgid "Global administrators"
msgstr "超级管理员"
msgstr "全局管理员"
#: mailu/ui/templates/admin/list.html:9
msgid "Add administrator"
@ -323,7 +412,7 @@ msgstr "添加别名"
#: mailu/ui/templates/relay/list.html:20 mailu/ui/templates/token/list.html:21
#: mailu/ui/templates/user/list.html:24
msgid "Created"
msgstr "创建"
msgstr "创建"
#: mailu/ui/templates/alias/list.html:23 mailu/ui/templates/domain/list.html:23
#: mailu/ui/templates/fetch/list.html:25 mailu/ui/templates/relay/list.html:21
@ -337,6 +426,22 @@ msgstr "上次编辑"
msgid "Edit"
msgstr "编辑"
#: mailu/ui/templates/alternative/create.html:4
msgid "Create alternative domain"
msgstr "创建替代域"
#: mailu/ui/templates/alternative/list.html:4
msgid "Alternative domain list"
msgstr "替代域名列表"
#: mailu/ui/templates/alternative/list.html:12
msgid "Add alternative"
msgstr "添加替代"
#: mailu/ui/templates/alternative/list.html:19
msgid "Name"
msgstr "名称"
#: mailu/ui/templates/domain/create.html:4
#: mailu/ui/templates/domain/list.html:9
msgid "New domain"
@ -344,11 +449,15 @@ msgstr "新域"
#: mailu/ui/templates/domain/details.html:4
msgid "Domain details"
msgstr "域详"
msgstr "域详细信息"
#: mailu/ui/templates/domain/details.html:15
msgid "Regenerate keys"
msgstr "重新生成密钥"
msgstr "重新生成秘钥"
#: mailu/ui/templates/domain/details.html:17
msgid "Generate keys"
msgstr "生成秘钥"
#: mailu/ui/templates/domain/details.html:31
msgid "DNS MX entry"
@ -392,7 +501,7 @@ msgstr "别名数量"
#: mailu/ui/templates/domain/list.html:28
msgid "Details"
msgstr "详"
msgstr "详细信息"
#: mailu/ui/templates/domain/list.html:35
msgid "Users"
@ -406,26 +515,60 @@ msgstr "别名"
msgid "Managers"
msgstr "管理员"
#: mailu/ui/templates/domain/list.html:39
msgid "Alternatives"
msgstr "备选方案"
#: mailu/ui/templates/domain/signup.html:13
msgid ""
"In order to register a new domain, you must first setup the\n"
" domain zone so that the domain <code>MX</code> points to this server"
msgstr "在注册一个新的域名前,您必须先为该域名设置 <code>MX</code> 记录,并使其指向本服务器"
#: mailu/ui/templates/domain/signup.html:18
msgid ""
"If you do not know how to setup an <code>MX</code> record for your DNS "
"zone,\n"
" please contact your DNS provider or administrator. Also, please wait "
"a\n"
" couple minutes after the <code>MX</code> is set so the local server "
"cache\n"
" expires."
msgstr "如果您不知道如何为域名设置 <code>MX</code> 记录请联系你的DNS提供商或者系统管理员。在设置完成 <code>MX</code> 记录后,请等待本地域名服务器的缓存过期。"
#: mailu/ui/templates/fetch/create.html:4
msgid "Add a fetched account"
msgstr "添加一个代收帐户"
msgstr "添加一个代收户"
#: mailu/ui/templates/fetch/edit.html:4
msgid "Update a fetched account"
msgstr "更新代收帐户"
msgstr "更新代收户"
#: mailu/ui/templates/fetch/list.html:12
msgid "Add an account"
msgstr "添加一个帐户"
msgstr "添加一个户"
#: mailu/ui/templates/fetch/list.html:19
msgid "Endpoint"
msgstr "端点"
#: mailu/ui/templates/fetch/list.html:21
msgid "Keep emails"
msgstr "保留电子邮件"
#: mailu/ui/templates/fetch/list.html:22
msgid "Last check"
msgstr "上次检查"
#: mailu/ui/templates/fetch/list.html:35
msgid "yes"
msgstr "是"
#: mailu/ui/templates/fetch/list.html:35
msgid "no"
msgstr "否"
#: mailu/ui/templates/manager/create.html:4
msgid "Add a manager"
msgstr "添加一个管理员"
@ -438,41 +581,49 @@ msgstr "管理员列表"
msgid "Add manager"
msgstr "添加管理员"
#: mailu/ui/forms.py:168
msgid "Announcement subject"
msgstr "公告主题"
#: mailu/ui/templates/relay/create.html:4
msgid "New relay domain"
msgstr "新的中继域"
#: mailu/ui/forms.py:170
msgid "Announcement body"
msgstr "公告正文"
#: mailu/ui/templates/relay/edit.html:4
msgid "Edit relayd domain"
msgstr "编辑中继域"
#: mailu/ui/forms.py:172
msgid "Send"
msgstr "发送"
#: mailu/ui/templates/relay/list.html:4
msgid "Relayed domain list"
msgstr "中继域列表"
#: mailu/ui/templates/announcement.html:4
msgid "Public announcement"
msgstr "公告"
#: mailu/ui/templates/relay/list.html:9
msgid "New relayed domain"
msgstr "新的中继域"
#: mailu/ui/templates/announcement.html:8
msgid "from"
msgstr "来自"
#: mailu/ui/templates/token/create.html:4
msgid "Create an authentication token"
msgstr "创建一个认证令牌"
#: mailu/ui/templates/sidebar.html:44
msgid "Announcement"
msgstr "公告"
#: mailu/ui/templates/token/list.html:12
msgid "New token"
msgstr "新令牌"
#: mailu/ui/templates/user/create.html:4
msgid "New user"
msgstr "新用户"
#: mailu/ui/templates/user/create.html:15
msgid "General"
msgstr "通用"
#: mailu/ui/templates/user/create.html:22
msgid "Features and quotas"
msgstr "功能和配额"
#: mailu/ui/templates/user/edit.html:4
msgid "Edit user"
msgstr "编辑用户"
#: mailu/ui/templates/user/forward.html:4
msgid "Forward emails"
msgstr "转发电子邮件"
msgstr "转发邮件"
#: mailu/ui/templates/user/list.html:4
msgid "User list"
@ -492,201 +643,15 @@ msgstr "功能"
#: mailu/ui/templates/user/password.html:4
msgid "Password update"
msgstr "密码更新"
msgstr "更新密码"
#: mailu/ui/templates/user/reply.html:4
msgid "Automatic reply"
msgstr "自动回复"
#: mailu/ui/forms.py:49
msgid "Maximum user quota"
msgstr "最大用户容量"
#: mailu/ui/forms.py:101
msgid "Keep a copy of the emails"
msgstr "保留电子邮件副本"
#: mailu/ui/forms.py:163
msgid "Keep emails on the server"
msgstr "保留电子邮件在服务器上"
#: mailu/ui/templates/fetch/list.html:21
msgid "Keep emails"
msgstr "保存电子邮件"
#: mailu/ui/templates/fetch/list.html:35
msgid "yes"
msgstr "是"
#: mailu/ui/templates/fetch/list.html:35
msgid "no"
msgstr "否"
#: mailu/ui/forms.py:65
msgid "Alternative name"
msgstr "替代名称"
#: mailu/ui/forms.py:70
msgid "Relayed domain name"
msgstr "中继域域名"
#: mailu/ui/forms.py:71 mailu/ui/templates/relay/list.html:18
msgid "Remote host"
msgstr "远程主机"
#: mailu/ui/templates/sidebar.html:54
msgid "Relayed domains"
msgstr "中继域"
#: mailu/ui/templates/alternative/create.html:4
msgid "Create alternative domain"
msgstr "创建替代域"
#: mailu/ui/templates/alternative/list.html:4
msgid "Alternative domain list"
msgstr "替代域名列表"
#: mailu/ui/templates/alternative/list.html:12
msgid "Add alternative"
msgstr "添加替代"
#: mailu/ui/templates/alternative/list.html:19
msgid "Name"
msgstr "名称"
#: mailu/ui/templates/domain/list.html:39
msgid "Alternatives"
msgstr "备择方案"
#: mailu/ui/templates/relay/create.html:4
msgid "New relay domain"
msgstr "新的中继域"
#: mailu/ui/templates/relay/edit.html:4
msgid "Edit relayd domain"
msgstr "编辑中继域"
#: mailu/ui/templates/relay/list.html:4
msgid "Relayed domain list"
msgstr "中继域列表"
#: mailu/ui/templates/relay/list.html:9
msgid "New relayed domain"
msgstr "新的中继域"
#: mailu/ui/forms.py:125
msgid "Your token (write it down, as it will never be displayed again)"
msgstr "您的令牌(请记录,它只显示这一次)"
#: mailu/ui/forms.py:130 mailu/ui/templates/token/list.html:20
msgid "Authorized IP"
msgstr "授权IP"
#: mailu/ui/templates/sidebar.html:31 mailu/ui/templates/token/list.html:4
msgid "Authentication tokens"
msgstr "认证令牌"
#: mailu/ui/templates/sidebar.html:72
msgid "Go to"
msgstr "转到"
#: mailu/ui/templates/sidebar.html:76
msgid "Webmail"
msgstr "网页邮箱"
#: mailu/ui/templates/sidebar.html:87
msgid "Website"
msgstr "网站"
#: mailu/ui/templates/token/create.html:4
msgid "Create an authentication token"
msgstr "创建一个认证令牌"
#: mailu/ui/templates/token/list.html:12
msgid "New token"
msgstr "新的令牌"
#: mailu/ui/templates/user/create.html:15
msgid "General"
msgstr "通用"
#: mailu/ui/templates/user/create.html:22
msgid "Features and quotas"
msgstr "功能和配额"
#: mailu/ui/templates/user/settings.html:14
msgid "General settings"
msgstr "常规设置"
#: mailu/ui/templates/sidebar.html:59 mailu/ui/templates/user/settings.html:15
msgid "Antispam"
msgstr "反垃圾邮件"
#: mailu/ui/forms.py:99
msgid "Spam filter tolerance"
msgstr "垃圾邮件过滤器容忍度"
#: mailu/ui/forms.py:50
msgid "Enable sign-up"
msgstr "启用用户注册"
#: mailu/ui/forms.py:57
msgid "Initial admin"
msgstr "初始管理员"
#: mailu/ui/forms.py:58
msgid "Admin password"
msgstr "管理员密码"
#: mailu/ui/forms.py:84
msgid "Enabled"
msgstr "启用"
#: mailu/ui/forms.py:89
msgid "Email address"
msgstr "邮件地址"
#: mailu/ui/forms.py:93 mailu/ui/templates/sidebar.html:117
#: mailu/ui/templates/user/signup.html:4
#: mailu/ui/templates/user/signup_domain.html:4
msgid "Sign up"
msgstr "注册"
#: mailu/ui/forms.py:119
msgid "End of vacation"
msgstr "假期结束"
#: mailu/ui/templates/client.html:4 mailu/ui/templates/sidebar.html:82
msgid "Client setup"
msgstr "客户端设置"
#: mailu/ui/templates/client.html:16 mailu/ui/templates/client.html:43
msgid "Mail protocol"
msgstr "邮件协议"
#: mailu/ui/templates/client.html:24 mailu/ui/templates/client.html:51
msgid "Server name"
msgstr "服务器名"
#: mailu/ui/templates/domain/signup.html:4 mailu/ui/templates/sidebar.html:98
msgid "Register a domain"
msgstr "注册域名"
#: mailu/ui/templates/domain/details.html:17
msgid "Generate keys"
msgstr "生成密钥"
#: mailu/ui/templates/domain/signup.html:13
msgid "In order to register a new domain, you must first setup the\n"
" domain zone so that the domain <code>MX</code> points to this server"
msgstr "在注册一个新的域名前,您必须先为该域名设置 <code>MX</code> 记录,并使其指向本服务器"
#: mailu/ui/templates/domain/signup.html:18
msgid "If you do not know how to setup an <code>MX</code> record for your DNS zone,\n"
" please contact your DNS provider or administrator. Also, please wait a\n"
" couple minutes after the <code>MX</code> is set so the local server cache\n"
" expires."
msgstr "如果您不知道如何为域名设置 <code>MX</code> 记录请联系你的DNS提供商或者系统管理员。在设置完成 <code>MX</code> 记录后,请等待本地域名服务器的缓存过期。"
#: mailu/ui/templates/user/settings.html:22
msgid "Auto-forward"
msgstr "自动转发"
#: mailu/ui/templates/user/signup_domain.html:8
msgid "pick a domain for the new account"
@ -700,3 +665,14 @@ msgstr "域名"
msgid "Available slots"
msgstr "可用"
#~ msgid "Your account"
#~ msgstr ""
#~ msgid "Spam filter threshold"
#~ msgstr ""
#~ msgid "from"
#~ msgstr ""
#~ msgid "General settings"
#~ msgstr ""

@ -46,7 +46,10 @@
</tr>
<tr>
<th>{% trans %}DNS DMARC entry{% endtrans %}</th>
<td>{{ macros.clip("dns_dmark") }}<pre id="dns_dmark" class="pre-config border bg-light">{{ domain.dns_dmarc }}</pre></td>
<td>
{{ macros.clip("dns_dmarc") }}<pre id="dns_dmarc" class="pre-config border bg-light">{{ domain.dns_dmarc }}</pre>
{{ macros.clip("dns_dmarc_report") }}<pre id="dns_dmarc_report" class="pre-config border bg-light">{{ domain.dns_dmarc_report }}</pre>
</td>
</tr>
{%- endif %}
{%- set tlsa_record=domain.dns_tlsa %}
@ -58,8 +61,7 @@
{%- endif %}
<tr>
<th>{% trans %}DNS client auto-configuration (RFC6186) entries{% endtrans %}</th>
<td>
{{ macros.clip("dns_autoconfig") }}<pre id="dns_autoconfig" class="pre-config border bg-light">
<td>{{ macros.clip("dns_autoconfig") }}<pre id="dns_autoconfig" class="pre-config border bg-light">
{%- for line in domain.dns_autoconfig %}
{{ line }}
{%- endfor -%}

@ -7,3 +7,12 @@
{%- block subtitle %}
{% trans %}to access the administration tools{% endtrans %}
{%- endblock %}
{%- block content %}
{% if config["SESSION_COOKIE_SECURE"] %}
<div id="login_needs_https" class="alert alert-danger d-none" role="alert">
{% trans %}The login form has been disabled as <b>SESSION_COOKIE_SECURE</b> is on but you are accessing Mailu over HTTP.{% endtrans %}
</div>
{% endif %}
{{ super() }}
{%- endblock %}

@ -1,17 +1,8 @@
# This configuration was copied from Mailinabox. The original version is available at:
# https://raw.githubusercontent.com/mail-in-a-box/mailinabox/master/conf/postfix_outgoing_mail_header_filters
# Remove the first line of the Received: header. Note that we cannot fully remove the Received: header
# because OpenDKIM requires that a header be present when signing outbound mail. The first line is
# where the user's home IP address would be.
/^\s*Received:[^\n]*(.*)/ REPLACE Received: from authenticated-user ({{OUTCLEAN}} [{{OUTCLEAN_ADDRESS}}])$1
# Remove other typically private information.
/^\s*User-Agent:/ IGNORE
/^\s*X-Enigmail:/ IGNORE
/^\s*X-Mailer:/ IGNORE
/^\s*X-Originating-IP:/ IGNORE
/^\s*X-Pgp-Agent:/ IGNORE
# Remove typically private information.
/^\s*(Received|User-Agent|X-(Enigmail|Mailer|Originating-IP|Pgp-Agent)):/ IGNORE
# The Mime-Version header can leak the user agent too, e.g. in Mime-Version: 1.0 (Mac OS X Mail 8.1 \(2010.6\)).
/^\s*(Mime-Version:\s*[0-9\.]+)\s.+/ REPLACE $1

@ -46,15 +46,6 @@ os.environ["FRONT_ADDRESS"] = system.get_host_address_from_environment("FRONT",
os.environ["ADMIN_ADDRESS"] = system.get_host_address_from_environment("ADMIN", "admin")
os.environ["ANTISPAM_MILTER_ADDRESS"] = system.get_host_address_from_environment("ANTISPAM_MILTER", "antispam:11332")
os.environ["LMTP_ADDRESS"] = system.get_host_address_from_environment("LMTP", "imap:2525")
os.environ["OUTCLEAN"] = os.environ["HOSTNAMES"].split(",")[0]
try:
_to_lookup = os.environ["OUTCLEAN"]
# Ensure we lookup a FQDN: @see #1884
if not _to_lookup.endswith('.'):
_to_lookup += '.'
os.environ["OUTCLEAN_ADDRESS"] = system.resolve_hostname(_to_lookup)
except:
os.environ["OUTCLEAN_ADDRESS"] = "10.10.10.10"
for postfix_file in glob.glob("/conf/*.cf"):
conf.jinja(postfix_file, os.environ, os.path.join("/etc/postfix", os.path.basename(postfix_file)))

@ -1,4 +1,6 @@
try_fallback = true;
path = "/dkim/$domain.$selector.key";
selector = "dkim"
try_fallback = false;
use_esld = false;
allow_username_mismatch = true;
use_vault = true;
vault_url = "http://{{ ADMIN_ADDRESS }}/internal/rspamd/vault";
vault_token = "mailu";

@ -1,4 +1,6 @@
try_fallback = true;
path = "/dkim/$domain.$selector.key";
try_fallback = false;
use_esld = false;
allow_username_mismatch = true;
use_vault = true;
vault_url = "http://{{ ADMIN_ADDRESS }}/internal/rspamd/vault";
vault_token = "mailu";

@ -11,6 +11,7 @@ log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "WARNING"))
# Actual startup script
os.environ["REDIS_ADDRESS"] = system.get_host_address_from_environment("REDIS", "redis")
os.environ["ADMIN_ADDRESS"] = system.get_host_address_from_environment("ADMIN", "admin")
if os.environ.get("ANTIVIRUS") == 'clamav':
os.environ["ANTIVIRUS_ADDRESS"] = system.get_host_address_from_environment("ANTIVIRUS", "antivirus:3310")

@ -100,9 +100,10 @@ go and fetch new email if available. Do not use too short delays if you do not
want to be blacklisted by external services, but not too long delays if you
want to receive your email in time.
The ``RECIPIENT_DELIMITER`` is a character used to delimit localpart from a
custom address part. For instance, if set to ``+``, users can use addresses
like ``localpart+custom@domain.tld`` to deliver mail to ``localpart@domain.tld``.
The ``RECIPIENT_DELIMITER`` is a list of characters used to delimit localpart
from a custom address part. For instance, if set to ``+-``, users can use
addresses like ``localpart+custom@example.com`` or ``localpart-custom@example.com``
to deliver mail to ``localpart@example.com``.
This is useful to provide external parties with different email addresses and
later classify incoming mail based on the custom part.

@ -394,6 +394,58 @@ Mailu can serve an `MTA-STS policy`_; To configure it you will need to:
.. _`1798`: https://github.com/Mailu/Mailu/issues/1798
.. _`MTA-STS policy`: https://datatracker.ietf.org/doc/html/rfc8461
How do I setup client autoconfiguration?
````````````````````````````````````````
Mailu can serve an `XML file for autoconfiguration`_; To configure it you will need to:
1. add ``autoconfig.example.com`` to the ``HOSTNAMES`` configuration variable (and ensure that a valid SSL certificate is available for it; this may mean restarting your smtp container)
2. configure an override with the policy itself; for example, your ``overrides/nginx/autoconfiguration.conf`` could read:
.. code-block:: bash
location ^~ /mail/config-v1.1.xml {
return 200 "<?xml version=\"1.0\"?>
<clientConfig version=\"1.1\">
<emailProvider id=\"%EMAILDOMAIN%\">
<domain>%EMAILDOMAIN%</domain>
<displayName>Email</displayName>
<displayShortName>Email</displayShortName>
<incomingServer type=\"imap\">
<hostname>mailu.example.com</hostname>
<port>993</port>
<socketType>SSL</socketType>
<username>%EMAILADDRESS%</username>
<authentication>password-cleartext</authentication>
</incomingServer>
<outgoingServer type=\"smtp\">
<hostname>mailu.example.com</hostname>
<port>465</port>
<socketType>SSL</socketType>
<username>%EMAILADDRESS%</username>
<authentication>password-cleartext</authentication>
<addThisServer>true</addThisServer>
<useGlobalPreferredServer>true</useGlobalPreferredServer>
</outgoingServer>
<documentation url=\"https://mailu.example.com/admin/ui/client\">
<descr lang=\"en\">Configure your email client</descr>
</documentation>
</emailProvider>
</clientConfig>\r\n";
}
3. setup the appropriate DNS/CNAME record (``autoconfig.example.com`` -> ``mailu.example.com``).
*issue reference:* `224`_.
.. _`224`: https://github.com/Mailu/Mailu/issues/224
.. _`XML file for autoconfiguration`: https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat
Technical issues
----------------

@ -1,19 +1,20 @@
server:
verbosity: 1
interface: 0.0.0.0
interface: ::0
{{ 'interface: ::0' if SUBNET6 }}
logfile: ""
do-ip4: yes
do-ip6: yes
do-ip6: {{ 'yes' if SUBNET6 else 'no' }}
do-udp: yes
do-tcp: yes
do-daemonize: no
access-control: {{ SUBNET }} allow
{{ 'access-control: {{ SUBNET6 }} allow' if SUBNET6 }}
directory: "/etc/unbound"
username: unbound
auto-trust-anchor-file: trusted-key.key
root-hints: "/etc/unbound/root.hints"
hide-identity: yes
hide-version: yes
max-udp-size: 4096
msg-buffer-size: 65552
cache-min-ttl: 300

@ -0,0 +1,3 @@
Make unbound work with ipv6
Add a cache-min-ttl of 5minutes
Enable qname minimisation (privacy)

@ -0,0 +1 @@
Disable the login page if SESSION_COOKIE_SECURE is incompatible with how Mailu is accessed as this seems to be a common misconfiguration.

@ -0,0 +1 @@
Derive a new subkey (from SECRET_KEY) for SRS

@ -0,0 +1 @@
allow sending emails as user+detail@domain.tld

@ -0,0 +1 @@
rspamd: get dkim keys via REST API instead of filesystem

@ -0,0 +1 @@
Document how to setup client autoconfig using an override

@ -0,0 +1 @@
Remove the Received header with PRIMARY_HOSTNAME [PUBLIC_IP]

@ -11,7 +11,8 @@ FROM build_${QEMU}
RUN apt-get update && apt-get install -y \
python3 curl python3-pip git python3-multidict \
&& rm -rf /var/lib/apt/lists \
&& echo "ServerSignature Off" >> /etc/apache2/apache2.conf
&& echo "ServerSignature Off\nServerName roundcube" >> /etc/apache2/apache2.conf \
&& sed -i 's,CustomLog.*combined$,\0 "'"expr=!(%{HTTP_USER_AGENT}=='health'\&\&(-R '127.0.0.1/8' || -R '::1'))"'",' /etc/apache2/sites-available/000-default.conf
# Shared layer between nginx, dovecot, postfix, postgresql, rspamd, unbound, rainloop, roundcube
RUN pip3 install socrate
@ -33,13 +34,17 @@ RUN apt-get update && apt-get install -y \
&& mv roundcubemail-* html \
&& mv carddav html/plugins/ \
&& cd html \
&& rm -rf CHANGELOG INSTALL LICENSE README.md UPGRADING composer.json-dist installer \
&& rm -rf CHANGELOG INSTALL LICENSE README.md UPGRADING composer.json-dist installer composer.* \
&& sed -i 's,mod_php5.c,mod_php7.c,g' .htaccess \
&& sed -i 's,^php_value.*post_max_size,#&,g' .htaccess \
&& sed -i 's,^php_value.*upload_max_filesize,#&,g' .htaccess \
&& chown -R www-data: logs temp \
&& ln -sf index.php /var/www/html/sso.php \
&& ln -sf /dev/stderr /var/www/html/logs/errors.log \
&& chown -R root:root . \
&& chown www-data:www-data logs temp \
&& chmod -R a+rX . \
&& rm -rf /var/lib/apt/lists \
&& a2enmod deflate expires headers
&& a2enmod rewrite deflate expires headers
COPY php.ini /php.ini
COPY config.inc.php /var/www/html/config/
@ -51,4 +56,4 @@ VOLUME ["/data"]
CMD /start.py
HEALTHCHECK CMD curl -f -L http://localhost/ || exit 1
HEALTHCHECK CMD curl -f -L -H 'User-Agent: health' http://localhost/ || exit 1

@ -52,6 +52,12 @@ class mailu extends rcube_plugin
}
function login_failed($args)
{
$ua = $_SERVER['HTTP_USER_AGENT'];
$ra = $_SERVER['REMOTE_ADDR'];
if ($ua == 'health' and ($ra == '127.0.0.1' or $ra == '::1')) {
echo "OK";
exit;
}
header('Location: sso.php');
exit();
}

@ -34,11 +34,7 @@ else:
conf.jinja("/php.ini", os.environ, "/usr/local/etc/php/conf.d/roundcube.ini")
# Create dirs, setup permissions
os.system("mkdir -p /data/gpg /var/www/html/logs")
os.system("touch /var/www/html/logs/errors.log")
os.system("chown -R www-data:www-data /var/www/html/logs")
os.system("chmod -R a+rX /var/www/html/")
os.system("ln -sf /var/www/html/index.php /var/www/html/sso.php")
os.system("mkdir -p /data/gpg")
try:
print("Initializing database")
@ -61,8 +57,5 @@ except subprocess.CalledProcessError as e:
# Setup database permissions
os.system("chown -R www-data:www-data /data")
# Tail roundcube logs
subprocess.Popen(["tail", "-f", "-n", "0", "/var/www/html/logs/errors.log"])
# Run apache
os.execv("/usr/local/bin/apache2-foreground", ["apache2-foreground"])

Loading…
Cancel
Save