diff --git a/towncrier/newsfragments/2634.misc b/towncrier/newsfragments/2634.misc new file mode 100644 index 00000000..e018497a --- /dev/null +++ b/towncrier/newsfragments/2634.misc @@ -0,0 +1 @@ +Upgrade webmails: snappymail to 2.25.0, roundcube to 1.6.1 and carddav to 5.0.1 diff --git a/webmails/Dockerfile b/webmails/Dockerfile index 9dc3514a..b6408d86 100644 --- a/webmails/Dockerfile +++ b/webmails/Dockerfile @@ -26,8 +26,8 @@ RUN set -euxo pipefail \ ; mkdir -p /run/nginx /conf # roundcube -ENV ROUNDCUBE_URL https://github.com/roundcube/roundcubemail/releases/download/1.5.3/roundcubemail-1.5.3-complete.tar.gz -ENV CARDDAV_URL https://github.com/mstilkerich/rcmcarddav/releases/download/v4.4.3/carddav-v4.4.3.tar.gz +ENV ROUNDCUBE_URL https://github.com/roundcube/roundcubemail/releases/download/1.6.1/roundcubemail-1.6.1-complete.tar.gz +ENV CARDDAV_URL https://github.com/mstilkerich/rcmcarddav/releases/download/v5.0.1/carddav-v5.0.1.tar.gz RUN set -euxo pipefail \ ; cd /var/www \ @@ -52,7 +52,7 @@ COPY roundcube/config/config.inc.carddav.php /var/www/roundcube/plugins/carddav/ # snappymail -ENV SNAPPYMAIL_URL https://github.com/the-djmaze/snappymail/releases/download/v2.21.3/snappymail-2.21.3.tar.gz +ENV SNAPPYMAIL_URL https://github.com/the-djmaze/snappymail/releases/download/v2.25.0/snappymail-2.25.0.tar.gz RUN set -euxo pipefail \ ; mkdir /var/www/snappymail \ diff --git a/webmails/nginx-webmail.conf b/webmails/nginx-webmail.conf index 1794a635..fde7adfd 100644 --- a/webmails/nginx-webmail.conf +++ b/webmails/nginx-webmail.conf @@ -1,6 +1,7 @@ server { listen 80 default_server; listen [::]:80 default_server; + resolver {{ RESOLVER }} valid=30s; {% if WEBMAIL == 'roundcube' %} root /var/www/{{ WEBMAIL }}/public_html; @@ -26,6 +27,9 @@ server { add_header X-Permitted-Cross-Domain-Policies "none" always; add_header Referrer-Policy "no-referrer" always; + real_ip_header X-Real-IP; + set_real_ip_from {{ FRONT_ADDRESS or "front" }}; + location / { try_files $uri $uri/ /index.php$args; } diff --git a/webmails/roundcube/config/config.inc.php b/webmails/roundcube/config/config.inc.php index f271eebc..3ced13e7 100644 --- a/webmails/roundcube/config/config.inc.php +++ b/webmails/roundcube/config/config.inc.php @@ -14,6 +14,8 @@ $config['zipdownload_selection'] = true; $config['enable_spellcheck'] = true; $config['spellcheck_engine'] = 'pspell'; $config['session_lifetime'] = {{ SESSION_TIMEOUT_MINUTES | int }}; +$config['request_path'] = '{{ WEB_WEBMAIL or "none" }}'; +$config['trusted_host_patterns'] = [ {{ HOSTNAMES.split(",") | map("tojson") | join(',') }}]; // Mail servers $config['imap_host'] = '{{ FRONT_ADDRESS or "front" }}:10143'; @@ -21,28 +23,9 @@ $config['smtp_host'] = '{{ FRONT_ADDRESS or "front" }}:10025'; $config['smtp_user'] = '%u'; $config['smtp_pass'] = '%p'; -#old deprecated settings will be replaced from roundcube 1.6. -$config['smtp_server'] = '{{ FRONT_ADDRESS or "front" }}'; -$config['smtp_port'] = '10025'; -$config['default_host'] = '{{ FRONT_ADDRESS or "front" }}'; -$config['default_port'] = '10143'; - // Sieve script management $config['managesieve_host'] = '{{ FRONT_ADDRESS or "front" }}:14190'; -// We access the IMAP and SMTP servers locally with internal names, SSL -// will obviously fail but this sounds better than allowing insecure login -// from the outter world -$ssl_no_check = array( - 'ssl' => array( - 'verify_peer' => false, - 'verify_peer_name' => false, - ), -); -$config['imap_conn_options'] = $ssl_no_check; -$config['smtp_conn_options'] = $ssl_no_check; -$config['managesieve_conn_options'] = $ssl_no_check; - // roundcube customization $config['product_name'] = 'Mailu Webmail'; {%- if ADMIN and WEB_ADMIN %} diff --git a/webmails/start.py b/webmails/start.py index 84d05654..7a8d6bf2 100755 --- a/webmails/start.py +++ b/webmails/start.py @@ -20,6 +20,12 @@ context.update(env) context["MAX_FILESIZE"] = str(int(int(env.get("MESSAGE_SIZE_LIMIT", "50000000")) * 0.66 / 1048576)) +# Get the first DNS server +with open("/etc/resolv.conf") as handle: + content = handle.read().split() + resolver = content[content.index("nameserver") + 1] + context["RESOLVER"] = f"[{resolver}]" if ":" in resolver else resolver + db_flavor = env.get("ROUNDCUBE_DB_FLAVOR", "sqlite") if db_flavor == "sqlite": context["DB_DSNW"] = "sqlite:////data/roundcube.db"