Commit Graph

915 Commits (0e45bb3ae5737cd079ef3d2d0e6cdfbe349dcf73)

Author SHA1 Message Date
bors[bot] 6e32092abd
Merge
1873: Completed Hebrew translation r=mergify[bot] a=yarons

The Hebrew translation is incomplete so I've completed it.

Co-authored-by: Yaron Shahrabani <sh.yaron@gmail.com>
Dimitri Huisman 169a540692 Use punycode for HTTP header for radicale and create changelog
Dimitri Huisman 4f5cb0974e Make sure HTTP header only contains ASCII
bors[bot] ecaaf25dcb
Merge
1939: Ensure that we don't do multiple DNS lookups in the sieve script r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

It ensures that DNS lookups don't introduce inconsistent state. We may want to go further and actually check the return codes of rspamc too.

I haven't tested it but it should work.

### Related issue(s)
- 



Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Florent Daigniere 368b40b4fd doh
Florent Daigniere 3e676e232a fix
Florent Daigniere ae8db08bdf Ensure that we don't do multiple DNS lookups in the sieve script
Florent Daigniere 65a27b1c7f add additional options to make DANE easier
Florent Daigniere fb8d52ceb2 Merge branch 'master' of https://github.com/Mailu/Mailu into tls_policy_map
Florent Daigniere b4102ba464 doh
Florent Daigniere 9ec7590171 Merge branch 'master' of https://github.com/Mailu/Mailu into wildcard_senders
Florent Daigniere 7252a73e11 WILDCARD_SENDERS can have spaces
bors[bot] b57df78dac
Merge
1916: Ratelimit outgoing emails per user r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

A conflict-free version of  implementing per-user sender limits

### Related issue(s)
- close  
- close 
- close  

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Dimitri Huisman e5972bd9ec Set default message rate limit to 200/day
Jack Murray dd127f8f06 Change letsencrypt timer from 1h --> 1 day
There's no need to be calling certbot so frequently
Florent Daigniere 6704cb869a Switch to 3072bits dhparam (instead of 4096bits)
We aim for 128bits of security here
Jack Murray e304c352a1 Change letsencrypt timer from 1h --> 1 day
There's no need to be calling certbot so frequently
Florent Daigniere facc4b6427 Allow specific users to send email from any address
Florent Daigniere ee54a615c1 Alpine has removed support for btree and hash
David Fairbrother 24747e33de Add ability to set no WEBROOT_REDIRECT to Nginx
Adds a 'none' env option to WEBROOT_REDIRECT so that no `location /`
configuration is written to nginx.conf.

This is useful for setting up Mailu and Mailman where we override the
root to proxy to the mailing list server instead. Without this change
the nginx container will not start, or for 1.7 users can set their
WEBMAIL_PATH to / with no webmail to get the same results.

This fix means that future users don't have to choose between webmail
and a root override and makes the configuration intention clear.
Florent Daigniere 0b16291153 doh
Florent Daigniere 1db08018da Ensure that we get certificate validation on top90
I have found a list of the top100 email destinations online and ran them
through a script to ensure that all of their MX servers had valid
configuration... this is the result
Florent Daigniere b066a5e2ac add a default tls_policy_map
Florent Daigniere 1df79f8132 give PFS a chance
Florent Daigniere 925105075c this is required in fact
Florent Daigniere 772e5efb7d Disable pipelining to prevent bypass
Florent Daigniere c76a76c0b0 make it optional, add a knob
Florent Daigniere 109a8aa000 Ensure that we always have CERT+INTERMEDIARY CA
Let's encrypt may change things up in the future...
Florent Daigniere dccd8afd51 Thanks @Diman0!
ENEEDSLEEP
Florent Daigniere 974bcba5ab Restore LOGIN as tests assume it's there
Florent Daigniere 2b05e72ce4 Revert "maybe fix the tests"
This reverts commit f971b47fb9.
Florent Daigniere f971b47fb9 maybe fix the tests
Florent Daigniere 4a871c0905 this causes trouble with the test
Florent Daigniere 12c842c4b9 In fact in fullchain we want all but the last
Florent Daigniere 24f9bf1064 format certs for nginx
Florent Daigniere 98b903fe13 don't send the rootcert
Florent Daigniere 92ec446c20 doh
Florent Daigniere f05cc99dc0 Add ECC certs for modern clients
Florent Daigniere cb68cb312b Reduce the size of the RSA key to 3072bits
This is already generous for certificates that have a 3month validity!

We rekey every single time.
Florent Daigniere 5e7d5adf17 AUTH shouldn't happen on port 25
Florent Daigniere 55cdb1a534 be explicit about what we support
Florent Daigniere ecadf46ac6 fix PFS
Florent Daigniere 7285c6bfd9 admin won't understand LOGIN
Florent Daigniere de3620da4a Don't send credentials in clear ever
Florent Daigniere 4535c42e70 This isn't required
Florent Daigniere 1101e401e8 Apply the restriction on the right port
Florent Daigniere 6d244222da better error message
Florent Daigniere d6ce5d0c06 Remove a warning: limits don't apply to trusted hosts
Florent Daigniere bcdc137677 Alpine has removed support for btree and hash
Florent Daigniere 1438253a06 Ratelimit outgoing emails per user