3419 Commits (00b78b73507fe63cbde1b2964711cde08088399f)
 

Author SHA1 Message Date
Pierre Jaury e7399e6926 Add a development run.py script 8 years ago
Christoph Rissner b9de28e910 dovecot: use rspamd X-Spamd-Result percentage to evaluate spam
- configures dovecot to use the spamtest sieve plugins
- configures sieve to read the score from X-Spamd-Result: headers
- before.sieve applies the ${spam_threshold} to the spamtest percentage
- freeposte.db stores a percentage for ${spam_threshold}
- migrate freeposte.db spam_threshold from X/15 to percentages

the filter investigates the overall ratio of the `rspamd` header
`X-Spamd-Result` that looks something like this:

X-Spamd-Result: default: True [12.36 / 15.00]
 RBL_SPAMHAUS_XBL(4.00)[]
 BAYES_SPAM(3.06)[92.67%]
 RBL_SPAMHAUS_XBL_ANY(4.00)[]
 ONCE_RECEIVED_STRICT(4.00)[]
 HFILTER_HELO_BAREIP(3.00)[]
 RBL_SORBS_DUL(2.00)[]
 HFILTER_HOSTNAME_UNKNOWN(2.50)[]
 RBL_SPAMHAUS_PBL(2.00)[]
 RBL_SORBS_RECENT(1.50)[]
 MIME_UNKNOWN(0.10)[application/x-rar-compressed]
 RDNS_NONE(1.00)[]
 RBL_SORBS(0.00)[]
 R_SPF_NEUTRAL(0.00)[?all]
 ONCE_RECEIVED(0.10)[]
 RBL_SEM(1.00)[]
 MIME_HTML_ONLY(0.20)[]
 RBL_UCEPROTECT_LEVEL1(1.00)[]
 MIME_GOOD(-0.10)[multipart/mixed]

the sieve `spamtest :percent :value` in this case would be
   100*12.36/15 = 82.4%
8 years ago
kaiyou 79adbbb76c Merge pull request #69 from aminb/message_size_limit
Default message_size_limit to 50MB
8 years ago
Amin Bandali b5aec1f065 Default message_size_limit to 50MB
Add MESSAGE_SIZE_LIMIT variable in .env to allow setting the message
size limit for postfix.
8 years ago
Pierre Jaury 525089a531 Do not leak information about existing domains or users 8 years ago
Pierre Jaury dcda715382 Force temporary files to /tmp, related to #54 8 years ago
Pierre Jaury 2cb4a44b5a Display fetchmail errors to the user, fixes #23 8 years ago
Pierre Jaury 709869d4ba Escape fetchmail parameters properly 8 years ago
Pierre Jaury 55d5121816 Buld the proper http image 8 years ago
Pierre Jaury f07615c4a4 Do not expose the Web admin interface by default, fixes #40 8 years ago
Pierre Jaury ec5a75f603 Proxify to webmail only if enabled, related to #40 8 years ago
kaiyou 18253b1dd3 Merge pull request #61 from vhf/admin-creation
Allow admin creation after initial setup
8 years ago
kaiyou c1770a1dc1 Merge pull request #62 from vhf/typofix
Fix a typo in the admin UI
8 years ago
Victor Felder 3976a5b38e Allow admin creation after initial setup 8 years ago
Victor Felder 97d952d7f1 Fix a typo 8 years ago
Pierre Jaury 3f6175c34a Remove deprecated awl settings 8 years ago
Pierre Jaury 382030a7aa Revert to using 'latest' for testing 8 years ago
Pierre Jaury d60ef1991c Add a rainloop Webmail image, fixes #58 8 years ago
Pierre Jaury f5b9f569ca Add a link to the demo server documentation 8 years ago
kaiyou cbc6bb5dd6 Merge pull request #55 from kaiyou/feat-refactor-permissions
Refactor the access control code
8 years ago
Pierre Jaury 40b9883c8c Filter outgoing email headers, fixes #52 8 years ago
Pierre Jaury 92bbfde195 Add a PNG logo for rendering 8 years ago
Pierre Jaury 56e6c7565e Add a draft logo 8 years ago
Pierre Jaury e24da96e58 Add some documentation to access decorators 8 years ago
Pierre Jaury 09bec055fd Fix domain deletion permissions 8 years ago
Pierre Jaury c1f9b61dac Add a simple permission audit script 8 years ago
Pierre Jaury f8dcef22ef Fix the manager deletion behaviour 8 years ago
Pierre Jaury f541a951de Remove obsolete utils module 8 years ago
Pierre Jaury 713318f097 Clean imports and remove calls to the utils module 8 years ago
Pierre Jaury ee9a416696 Implement the decorator-based access control for all views 8 years ago
Pierre Jaury 4e4f2b8037 First shot at improving access control, related to #42
A couple of things are important to note for this commit:
- it only implements the new access control for alias and admin management
- the access control code is located in access.py

The idea behind simpler access control is auditability. There have been a
couple of bugs related to functions not checking permissions properly. If
checking permissions is as simple as decorating a function, exporting the
permission scheme for an audit should be simple.

Also, this still does not address the information leakage related to 404 errors
when an object does not exist, independently of permissions the user has over
the domain.
8 years ago
Pierre Jaury 3ea3bc1d8e Enforce permission checks for admin management 8 years ago
kaiyou ee6e9b2690 Add a reference to the Freenode IRC channel. 8 years ago
Pierre Jaury 6dc9131b97 Fix the wildcard migration script, fixes #53 8 years ago
Pierre Jaury 26f7f5a73b Change the env file name in the README file 8 years ago
Pierre Jaury bac20081ee Split the environment file into sections 8 years ago
Pierre Jaury d2d84acd5f Comment all 'build' directives 8 years ago
Pierre Jaury e3197f9156 Have the admin interface listen on localhost 8 years ago
Pierre Jaury 1b6c514dc5 Disable the frontend Web server by default 8 years ago
Pierre Jaury a8eafc508a Default listen on localhost only 8 years ago
Pierre Jaury 7ac44eabeb Add a VERSION variable to avoid modifying the docker-compose file 8 years ago
Pierre Jaury 14ec783ef7 Add a dynamic Webmail option with a 'none' container 8 years ago
Pierre Jaury cf84b82c57 Move the configuration file to .env to support global variables 8 years ago
Pierre Jaury 581a0882af Pull images from Docker Hub by default 8 years ago
Pierre Jaury 8fc95a96d2 Disable debug and set an explicit default secret key 8 years ago
Pierre Jaury ef5d3a77c6 Pull images from Docker Hub by default 8 years ago
Pierre Jaury 8601d5b8db Fix #49 when deleting a global admin 8 years ago
Pierre Jaury 1273571299 Add a changelog 8 years ago
Pierre Jaury 0d3c75aa89 Fix a migration issue with wildcard aliases 8 years ago
Pierre Jaury bfe9ededbc Fix spam filtering when the score is negative 8 years ago