diff --git a/core/admin/mailu/internal/nginx.py b/core/admin/mailu/internal/nginx.py index d6a332fc..04d6d94e 100644 --- a/core/admin/mailu/internal/nginx.py +++ b/core/admin/mailu/internal/nginx.py @@ -94,6 +94,7 @@ def handle_authentication(headers): try: user_email = raw_user_email.encode("iso8859-1").decode("utf8") password = raw_password.encode("iso8859-1").decode("utf8") + ip = urllib.parse.unquote(headers["Client-Ip"]) except: app.logger.warn(f'Received undecodable user/password from nginx: {raw_user_email!r}/{raw_password!r}') else: diff --git a/setup/flavors/compose/mailu.env b/setup/flavors/compose/mailu.env index 0ba39019..3e53e7d2 100644 --- a/setup/flavors/compose/mailu.env +++ b/setup/flavors/compose/mailu.env @@ -29,9 +29,14 @@ POSTMASTER={{ postmaster }} # Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt) TLS_FLAVOR={{ tls_flavor }} -# Authentication rate limit (per /24 on ipv4 and /56 on ipv6) -{% if auth_ratelimit_pm > '0' %} -AUTH_RATELIMIT={{ auth_ratelimit_pm }}/minute +# Authentication rate limit per IP (per /24 on ipv4 and /56 on ipv6) +{% if auth_ratelimit_ip > '0' %} +AUTH_RATELIMIT_IP={{ auth_ratelimit_ip }}/hour +{% endif %} + +# Authentication rate limit per user (regardless of the source-IP) +{% if auth_ratelimit_user > '0' %} +AUTH_RATELIMIT_USER={{ auth_ratelimit_user }}/day {% endif %} # Opt-out of statistics, replace with "True" to opt out @@ -150,9 +155,8 @@ DOMAIN_REGISTRATION=true # Docker-compose project name, this will prepended to containers names. COMPOSE_PROJECT_NAME={{ compose_project_name or 'mailu' }} -# Default password scheme used for newly created accounts and changed passwords -# (value: PBKDF2, BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT) -PASSWORD_SCHEME={{ password_scheme or 'PBKDF2' }} +# Number of rounds used by the password hashing scheme +CREDENTIAL_ROUNDS=12 # Header to take the real ip from REAL_IP_HEADER={{ real_ip_header }} diff --git a/setup/templates/steps/config.html b/setup/templates/steps/config.html index f532f757..74a45800 100644 --- a/setup/templates/steps/config.html +++ b/setup/templates/steps/config.html @@ -48,10 +48,18 @@ Or in plain english: if receivers start to classify your mail as spam, this post
- + -

/ minute +

/ hour +

+
+ +
+ + +

/ day