1512 Commits (19bd9362d3c0d2c113a894ea3d43a12f725fabbe)

Author SHA1 Message Date
Vincent Kling c6d0ef229f
Update messages.po 5 years ago
Alexander Graf f0f79b23a3 Allow cleanup of sessions by key&value in data
This can be used to delete all sessions belonging to a user/login.
For no it just iterates over all sessions.
This could be enhanced by using a prefix for and deleting by prefix.
5 years ago
Alexander Graf 83b1fbb9d6 Lazy loading of KVSessionExtension
- call cleanup_sessions on first kvstore access
  this allows to run cmdline actions without redis (and makes it faster)
- Allow development using DictStore by setting REDIS_ADDRESS to the empty string in env
- don't sign 64bit random session id as suggested by nextgens
5 years ago
Alexander Graf 8bc4445572 Sync update of localpart, domain_name and email 5 years ago
Alexander Graf 0c38128c4e Add pygments to requirements 5 years ago
Alexander Graf 9cb6962335 Moved MyYamlLexer into logger
now cmdline runs without pygments
5 years ago
Alexander Graf ce9a9ec572 always init Logger first 5 years ago
Alexander Graf c17bfae240 correct rfc3339 datetime serialization
now using correct timezone
5 years ago
Alexander Graf dc5464f254 Merge remote-tracking branch 'upstream/master' into import-export 5 years ago
Alexander Graf e90d5548a6 use RFC3339 for last_check
fixed to UTC for now
5 years ago
Florent Daigniere dd3d03f06d Merge remote-tracking branch 'upstream/master' into webmail-sso 5 years ago
bors[bot] 9c57f2ac39
Merge #1785
1785: Fix bug #1660 (don't replace nested headers) r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Don't replace nested headers (typically in forwarded/attached emails). This will ensure we don't break cryptographic signatures.

### Related issue(s)
- close #1660

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
5 years ago
bors[bot] 25e8910b89
Merge #1783
1783: Switch to server-side sessions r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

It simplifies session management.
- it ensures that sessions will eventually expire (*)
- it implements some mitigation against session-fixation attacks
- it switches from client-side to server-side sessions (in Redis)

It doesn't prevent us from (re)-implementing a "remember_me" type of feature if that's considered useful by some.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
5 years ago
bors[bot] 327884e07c
Merge #1610
1610: add option to enforce inbound starttls r=mergify[bot] a=lub

## What type of PR?

Feature

## What does this PR do?
It implements a check in the auth_http handler to check for Auth-SSL == on and otherwise returns a 530 starttls error.
If INBOUND_TLS_ENFORCE is not set the behaviour is still the same as before, so existing installations should be unaffected.

Although there is a small difference to e.g. smtpd_tls_security_level of Postfix.

Postfix already throws a 530 after mail from, but this solution only throws it after rcpt to. auth_http is only the request after rcpt to, so it's not possible to do it earlier.

### Related issue(s)
#1328 is kinda related, although this PR doesn't solve the issue that the headers will still display ESMTP instead of ESMTPS

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
5 years ago
bors[bot] 7469bb7087
Merge #1638
1638: Remove the username from the milter_headers r=mergify[bot] a=githtz

Rspamd adds the name of the authenticated user by default. Setting add_smtp_user to false prevents the login to be leaked.

## What type of PR?
Enhancement

## What does this PR do?
This PR prevents the user login to be leaked in sent emails (for example using an alias)

### Related issue(s)
Closes https://github.com/Mailu/Mailu/issues/1465

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: anrc <15327800+githtz@users.noreply.github.com>
5 years ago
lub f3f0a4d86d
Merge branch 'master' into enforce-tls-admin 5 years ago
Florent Daigniere 513d2a4c5e Fix bug #1660: nested headers shouldn't be touched 5 years ago
Florent Daigniere 64d757582d Disable anti-csrf on the login form
The rationale is that the attacker doesn't have the password...
and that doing it this way we avoid creating useless sessions
5 years ago
Florent Daigniere 481cb67392 cleanup old sessions on startup 5 years ago
Florent Daigniere b9becd8649 make sessions expire 5 years ago
Florent Daigniere a1d32568d6 Regenerate session-ids to prevent session fixation 5 years ago
Florent Daigniere d459c37432 make session IDs 128bits 5 years ago
Florent Daigniere 22af5b8432 Switch to server-side sessions in redis 5 years ago
Alexander Graf dd2e218375 Merge remote-tracking branch 'upstream/master' into import-export 5 years ago
Florent Daigniere 96ae54d04d CryptContext should be a singleton 5 years ago
Florent Daigniere 5f05fee8b3 Don't need regexps anymore 5 years ago
Florent Daigniere 1c5b58cba4 Remove scheme_dict 5 years ago
Florent Daigniere df230cb482 Refactor auth under nginx.check_credentials() 5 years ago
Florent Daigniere f9ed517b39 Be specific token length 5 years ago
Florent Daigniere d0b34f8e24 Move CREDENTIAL_ROUNDS to advanced settings 5 years ago
Florent Daigniere fda758e2b4 remove merge artifact 5 years ago
Florent Daigniere 57a6abaf50 Remove {scheme} from the DB if mailu has set it 5 years ago
Florent Daigniere 7137ba6ff1 Misc improvements to PASSWORD_SCHEME
- remove PASSWORD_SCHEME altogether
- introduce CREDENTIAL_ROUNDS
- migrate all old hashes to the current format
- auto-detect/enable all hash types that passlib supports
- upgrade passlib to 1.7.4 (see #1706: ldap_salted_sha512 support)
5 years ago
Florent Daigniere 00b001f76b Improve the token storage format
shortcomings of the previous format included:
- 1000x slower than it should be (no point in adding rounds since there
 is enough entropy: they are not bruteforceable)
- vulnerable to DoS as explained in
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha256_crypt.html#security-issues
5 years ago
Florent Daigniere eb7895bd1c Don't do more work than necessary (/webdav)
This is also fixing tokens on /webdav/
5 years ago
Florent Daigniere 58b2cdc428 Don't do more work than necessary 5 years ago
bors[bot] 464e46b02b
Merge #1765
1765: Set sensible cookie flags on the admin app r=mergify[bot] a=nextgens

## What type of PR?

Bugfix

## What does this PR do?

It sets the right flags on the session cookie issued by the admin app.
This should probably be backported as the lack of secure flag on TLS-enabled setup is a high risk vulnerability.

SameSite is hardening / helps against CSRF on modern browsers
HTTPOnly is hardening / helps reduce the impact of XSS

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
5 years ago
bors[bot] 47d6c697d0
Merge #1763
1763: show flash messages again r=mergify[bot] a=lub

## What type of PR?

bug-fix

## What does this PR do?
This basically restores the behaviour, that got removed in
ecdf0c25b3 during refactoring.

### Related issue(s)
- noticed it while reviewing #1756

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [-] In case of feature or enhancement: documentation updated accordingly
- [-] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
5 years ago
bors[bot] ce0c93a681
Merge #1618
1618: add OCSP stapling to nginx.conf r=mergify[bot] a=lub

It's not added in tls.conf, because apparently the mail ssl module
doesnt' support OCSP stapling.

https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
^ exists

https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_stapling
^ missing

When the configured certificate doesn't have OCSP information, it'll
just log a warning during startup.

## What type of PR?

enhancement

## What does this PR do?

It enables OCSP stapling for the http server. OCSP stapling reduces roundtrips for the client and reduces load on OCSP responders.

### Related issue(s)
- fixes  #1616

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
5 years ago
bors[bot] cca4b50915
Merge #1607
1607: _FILE variables for Docker swarm secrets r=mergify[bot] a=lub

## What type of PR?

enhancement

## What does this PR do?

This PR enables usage of DB_PW_FILE and SECRET_KEY_FILE instead of DB_PW and SECRET_KEY to load these values from files instead of supplying them directly. That way it's possible to use Docker secrets.

### Related issue(s)


## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
5 years ago
Florent Daigniere 0dcc059cd6 Add a new knob as discussed on matrix with lub 5 years ago
Jaume Barber 5bb67dfcbb Translated using Weblate (Basque)
Currently translated at 100.0% (151 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/eu/
5 years ago
Jaume Barber a49b9d7974 Translated using Weblate (Catalan)
Currently translated at 99.3% (150 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ca/
5 years ago
Jaume Barber cd9992f79c Translated using Weblate (Swedish)
Currently translated at 74.2% (121 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/sv/
5 years ago
Jaume Barber afae5d1c24 Translated using Weblate (Russian)
Currently translated at 88.3% (144 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ru/
5 years ago
Jaume Barber 7a01a63389 Translated using Weblate (Portuguese)
Currently translated at 88.3% (144 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/pt/
5 years ago
Jaume Barber 480ec29d3d Translated using Weblate (Italian)
Currently translated at 91.4% (149 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/it/
5 years ago
Jaume Barber 5e96a4bfcf Translated using Weblate (Spanish)
Currently translated at 91.4% (149 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/es/
5 years ago
Jaume Barber 6143d66eb8 Translated using Weblate (English)
Currently translated at 39.2% (64 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
5 years ago
Anonymous 6da5978870 Translated using Weblate (German)
Currently translated at 88.3% (144 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/de/
5 years ago
Anonymous 58c22fd2c6 Translated using Weblate (English)
Currently translated at 38.6% (63 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
5 years ago
Jaume Barber 0dc8817f32 Translated using Weblate (English)
Currently translated at 38.6% (63 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
5 years ago
Anonymous 3d17000ceb Translated using Weblate (English)
Currently translated at 29.4% (48 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
5 years ago
Jaume Barber a2933d00f3 Translated using Weblate (English)
Currently translated at 29.4% (48 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
5 years ago
Jaume Barber 7c0158c5f8 Translated using Weblate (English)
Currently translated at 17.7% (29 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
5 years ago
Anonymous 7de94275a0 Translated using Weblate (English)
Currently translated at 17.7% (29 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
5 years ago
Jaume Barber 43133d8515 Added translation using Weblate (Basque) 5 years ago
Jaume Barber 5e0aa65c8d Translated using Weblate (Italian)
Currently translated at 96.3% (157 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/it/
5 years ago
Jaume Barber 725cdc270c Translated using Weblate (Spanish)
Currently translated at 100.0% (163 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/es/
5 years ago
Weblate a571704a9d Merge branch 'origin/master' into Weblate. 5 years ago
Jaume Barber b9c2dc1a79 Translated using Weblate (Catalan)
Currently translated at 98.6% (149 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ca/
5 years ago
Anonymous 3a9a133226 Translated using Weblate (English)
Currently translated at 11.0% (18 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
5 years ago
Jaume Barber af251216b0 Translated using Weblate (English)
Currently translated at 11.0% (18 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
5 years ago
Alexander Graf b55b53b781 optimize generation of transport nexthop 5 years ago
Alexander Graf 0a9f732faa added docstring to Logger. use generators. 5 years ago
Dario Ernst b6716f0d74 Remove "CHUNKING" capability from nginx-smtp
With `CHUNKING`set as a capability, nginx advertises this capability to
clients at a stage where the SMTP dialog does not seem to be forwarded
to the proxy-target (postfix) yet. Nginx' SMTP parser itself does not
support the `BDAT` command issued as part of a chunke-d dialog. This makes
Nginx respond with a `250 2.0.0 OK` and close the connection, after the
mail-data got sent by the client — without forwarding this to the
proxy-target.

With this, users mail can be lost.

Furthermore, when a user uses a sieve filter to forward mail, dovecot
sometimes chunks the forwarded mail when sending it through `front`.
These forwards then fail.

Removing `CHUNKING` from the capabilities fixes this behavior.
5 years ago
Alexander Graf bde7a2b6c4 moved import logging to schema
- yaml-import is now logged via schema.Logger
- iremoved relative imports - not used in other mailu modules
- removed develepment comments
- added Mailconfig.check method to check for duplicate domain names
- converted .format() to .format_map() where possible
- switched to yaml multiline dump for dkim_key
- converted dkim_key import from regex to string functions
- automatically unhide/unexclude explicitly specified attributes on dump
- use field order when loading to stabilize import
- fail when using 'hash_password' without 'password'
- fixed logging of dkim_key
- fixed pruning and deleting of lists
- modified error messages
- added debug flag and two verbosity levels
5 years ago
Florent Daigniere aa8cb98906 Set sensible cookie options 5 years ago
Alexander Graf e4c83e162d fixed colorize auto detection 5 years ago
Alexander Graf e46d4737b0 merged changes from api without api 5 years ago
Alexander Graf 4b9886b139 Merge remote-tracking branch 'upstream/master' into import-export 5 years ago
Alexander Graf 10435114ec updated remarks and docs 5 years ago
Alexander Graf 1e2b5f26ab don't handle nested lists 5 years ago
Alexander Graf 70a1c79f81 handle prune and delete for lists and backrefs 5 years ago
Alexander Graf 8929912dea remove OrderedDict - not necessary in python>=3.7 5 years ago
Alexander Graf 3937986e76 Convert OrderedDict to dict for output 5 years ago
Alexander Graf 68caf50154 new import/export using marshmallow 5 years ago
lub 88f992de16 show flash messages again
This basically restores the behaviour, that got removed in
ecdf0c25b3 during refactoring.
5 years ago
Florent Daigniere 80f939cf1a Revert to the old behaviour when ADMIN=false 5 years ago
Florent Daigniere 2e749abe61 DNS records for client autoconfiguration (RFC6186) 5 years ago
Florent Daigniere b49554bec1 merge artifact 5 years ago
Florent Daigniere ef637f51b7 derive the SSO keys from a KDF 5 years ago
Florent Daigniere 906a051925 Make rainloop use internal auth 5 years ago
Alexander Graf 1c9abf6e48 updated requirements for import/export
api reqs (flask-restx, ...) are still missing
5 years ago
Alexander Graf 1da7e5b8d2 Merge remote-tracking branch 'upstream/master' into api 5 years ago
Alexander Graf 902b398127 next step for import/export yaml & json 5 years ago
Michael Wyraz ca6ea6465c make syslog optional 5 years ago
Michael Wyraz e979743226 Rsyslog logging for postfix, optional logging to file, no logging of test requests 5 years ago
Mordi Sacks f56af3053a
Removed email address 5 years ago
Alexander Graf 65b1ad46d9 order yaml data and allow callback on import
- in yaml the primary key is now always first
- calling a function on import allows import to be more verbose
- skip "fetches" when empty
5 years ago
Alexander Graf 8213d044b2 added docstrings, use f-strings, cleanup
- idna.encode does not encode upper-case letters,
  so .lower() has to be called on value not on result
- split email-address on '@' only once
- converted '*'.format(*) to f-strings
- added docstrings
- removed from_dict method
- code cleanup/style (list concat, exceptions, return&else, line-length)
- added TODO comments on possible future changes
5 years ago
Alexander Graf 31a903f959 revived & renamed config-fns. cosmetics.
- revived original config-update function for backwards compability
- renamed config-dump to config-export to be in line with config-import
- converted '*'.format(*) to f-strings
- converted string-concatenation to f-strings
5 years ago
Michael Wyraz 2b37be9889 Use alpine 3.13 to fix CVE-2020-25275 and CVE-2020-24386 5 years ago
Alexander Graf c24bff1c1b added config_import using marshmallow 5 years ago
Alexander Graf 7413f9b7b4 config_dump now using marshmallow 5 years ago
Alexander Graf dc42d375e2 added filtering of keys and default value 5 years ago
Alexander Graf 82cf0d843f fix sqlalchemy column definitions 5 years ago
Alexander Graf b3f8dacdad add docstrings and make linter happy 5 years ago
Alexander Graf 6629aa3ff8 first try at api using flask-restx & marshmallow 5 years ago
Alexander Graf 4c258f5a6b cosmetic changes & make linter happy
renamed single letter variables (m => match)
renamed classmethod arguments to cls (model)
removed shadowing of variables (hash, context)
shortened unneeded lambda functions (id)
converted type ... is to isinstance(...)
removed unneded imports (flask)
5 years ago
Alexander Graf 7229c89de1 ConfigManager should not replace app.config
Updated ConfigManager to only modify app.config and not replace it.
Swagger does not play well, when app.config is not a real dict and
it is not necessary to keep ConfigManager around after init.

Also added "API" flag to config (default: disabled).
5 years ago
Alexander Graf 3b35180b41 cosmetic changes 5 years ago
Alexander Graf 815f47667b update dkim-key on commit only 5 years ago
Alexander Graf 0a594aaa2c cosmetic changes 5 years ago
Alexander Graf 3064a1dcff removed call to (undefined) cli 5 years ago
Alexander Graf 0051b93077 removed unused variable 5 years ago
Alexander Graf 2cd3acdc1a Merge remote-tracking branch 'upstream/master' into import-export 5 years ago
Alexander Graf 63176f4878 Merge remote-tracking branch 'upstream/master' into import-export 5 years ago
lub 98a6ffb497 add compression via xz and lz4 5 years ago
dependabot[bot] 54ccfdf975
Bump cryptography from 2.6.1 to 3.2 in /core/admin
Bumps [cryptography](https://github.com/pyca/cryptography) from 2.6.1 to 3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/2.6.1...3.2)

Signed-off-by: dependabot[bot] <support@github.com>
5 years ago
ofthesun9 d32e73c5bc Fix letsencrypt access to certbot for the mail-letsencrypt flavour 5 years ago
bors[bot] 3ca81913fc
Merge #1654
1654: Ensure that the rendered file ends with newline in order to make `pos… r=mergify[bot] a=tremlin

## What type of PR?

Bugfix

## What does this PR do?

This fixes #1580 

### Related issue(s)
- closes #1580

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.


Co-authored-by: Thomas Rehn <thomas.rehn@initos.com>
5 years ago
cbachert 32f6a23a95 Remove rspamd unused env var from start script
Environment variable FRONT_ADDRESS is unused in rspamd
FRONT_ADDRESS references were removed with commit 8172f3e in PR #727
5 years ago
Alexander Graf adc9c70c3e added dump option to dump dns data of domains 5 years ago
Alexander Graf 2a5c46c890 Allow to dump only selected sections 5 years ago
Alexander Graf 500967b2f5 ignore dkim_publickey when updating config 5 years ago
Alexander Graf c46f9328f7 also dump dkim_publickey. allow key generation. 5 years ago
Alexander Graf acc728109b validate dkim keys and allow removal 5 years ago
cbachert 72a9ec5b7c Fix extract_host_port port separation
Regex quantifier should be lazy to make port separation work.
5 years ago
Alexander Graf dfc34b2165 Merge remote-tracking branch 'upstream/master' into import-export 5 years ago
David Fairbrother e7caff9811 Add ability to set no WEBROOT_REDIRECT to Nginx
Adds a 'none' env option to WEBROOT_REDIRECT so that no `location /`
configuration is written to nginx.conf.

This is useful for setting up Mailu and Mailman where we override the
root to proxy to the mailing list server instead. Without this change
the nginx container will not start, or for 1.7 users can set their
WEBMAIL_PATH to / with no webmail to get the same results.

This fix means that future users don't have to choose between webmail
and a root override and makes the configuration intention clear.
5 years ago
Thomas Rehn 05ab244638 Ensure that the rendered file ends with newline in order to make `postconf` work correctly 5 years ago
Dimitri Huisman 78890a97ff Preparations for 1.8 release. 5 years ago
Alexander Graf 45bf6d1b4a Merge remote-tracking branch 'upstream/master' into import-export 5 years ago
bors[bot] 5c36dc4f54
Merge #1611
1611: Adds own server on port 80 for letsencrypt and redirect r=mergify[bot] a=elektro-wolle

## What type of PR?

Bugfix

## What does this PR do?

Handle letsencrypt route to `.well-known` by own server configuration within nginx.

### Related issue(s)
closes #1564

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Wolfgang Jung <w.jung@polyas.de>
5 years ago
anrc 59bc4f7aea
Remove the username from the milter_headers
Rspamd adds the name of the authenticated user by default. Setting add_smtp_user to false prevents the login to be leaked.
5 years ago
bors[bot] 92bf736da4
Merge #1635
1635: Add support for AUTH LOGIN authentication mechanism for relaying emai… r=mergify[bot] a=Diman0

…l via smart hosts.

## What type of PR?

Feature

## What does this PR do?

This PR adds support to postfix for AUTH LOGIN authentication mechanism. This enables using smart hosts which only offer AUTH LOGIN. 

### Related issue(s)
- Auto close an issue like: closes #1633

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [n/a] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
5 years ago
Dimitri Huisman d9e7b8249b Add support for AUTH LOGIN authentication mechanism for relaying email via smart hosts. 5 years ago
lub 66db1f8fd0 add OCSP stapling to nginx.conf
It's not added in tls.conf, because apparently the mail ssl module
doesnt' support OCSP stapling.

https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
^ exists

https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_stapling
^ missing

When the configured certificate doesn't have OCSP information, it'll
just log a warning during startup.
5 years ago
lub 0cb0a26d95 relax TLS settings on port 25
Because basically every MTA out there uses opportunistic TLS _in
the best case_, it's actually counter productive to use such strict
settings.

The alternative to a handshake error is often an unencrypted submission,
which is basically the opposite of what strict ssl_protocols and
ssl_ciphers tries to achieve.

Even big and established providers like Amazon SES are incompatible with the current
settings.

This reverts commit 2ddf46ad2b.
5 years ago
Wolfgang Jung 1f4e9165fa Disables unencrypted http on TLS_ERROR 5 years ago
Alexander Graf 8e14aa80ee documented options and added help text 5 years ago
Alexander Graf 9d2327b0f1 add space for more human readable indentation
add a newline before main sections
add some spaces to indent
5 years ago
Wolfgang Jung f999e3de08 Adds own server on port 80 for letsencrypt and redirect 5 years ago
lub 05e2af1802
fix small typo in Auth-SSL 5 years ago
lub f0f873ffe7 add option to enforce inbound starttls 5 years ago
lub 02cfe326d3 support using files for SECRET_KEY and DB_PW
this enables usage of e.g. docker swarm secrets instead of exposing the
passwords directly via environment variables

just use DB_PW_FILE and SECRET_KEY_FILE instead of DB_PW and SECRET_KEY
5 years ago
Alexander Graf 69ccf791d2 fixed data import via from_dict
- stabilized CommaSeparatedList by sorting values
- CommaSeparatedList can now handle list and set input

- from_dict now handles mapped keys
- from_dict now handles null values

- class Domain: handle dkim-key None correctly
- class User: delete obsolete keys after converting
- class Alias: now uses Email._dict_input
5 years ago
Alexander Graf 190e7a709b renamed config-dump option --verbose to --full 5 years ago
Alexander Graf 5c0efe82cf implemented config_update and config_dump
enhanced data model with to_dict and from_dict methods
added config_dump function to manage command
config_update now uses new data model methods
5 years ago
Alexander Graf c26ddd3c68 fixed user's destination property
self.forward_destination is a list (and not string)
5 years ago
Alexander Graf 5dfccdafe9 fixed some minor typos, removed unused variable 5 years ago
ofthesun9 539114a3d6
Merge branch 'master' into test-alpine-3.12 5 years ago
bors[bot] 47be453aac
Merge #1557
1557: Explicitly define ProxyFix options r=mergify[bot] a=brian-maloney

## What type of PR?
bug-fix

## What does this PR do?
This PR explicitly defines the options for the ProxyFix module, which fixes a regression in admin behind a reverse proxy.

### Related issue(s)
- #1309

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.

This is a bugfix, so not doc changes, and it's an extremely minor change.


Co-authored-by: Brian Maloney <3286425+brian-maloney@users.noreply.github.com>
5 years ago
bors[bot] 535b95bca7
Merge #1538
1538: Introduce environment variable to control dovecot full-text-search r=mergify[bot] a=tremlin

## What type of PR?

Enhancement

## What does this PR do?

In #1320 a full-text-search feature was enabled in Dovecot by default. Since this can have a big impact on performance, I think it's preferable to offer an option to disable the feature if it is not needed. This PR doesn't change the default behavior (FTS on).

### Related issue(s)
- #1320

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordinagly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Thomas Rehn <thomas.rehn@initos.com>
5 years ago
bors[bot] 64f21d5b84
Merge #1478 #1501 #1532 #1543
1478: Allow to enforce TLS for outbound r=mergify[bot] a=micw

 using OUTBOUND_TLS_LEVEL=encrypt (default is 'may')

## What type of PR?

enhancement

## What does this PR do?

Add an option to postfix to enforce outbound traffic to be TLS encrypted.

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1501: In setup/flavor, change DMARC RUA and RUF email default settings r=mergify[bot] a=ofthesun9

## What type of PR?
bug-fix

## What does this PR do?
This PR changes the default value used to set DMARC_RUA and DMARC_RUF:
DMARC_RUA and DMARC_RUF defaults will reuse the value defined for POSTMASTER,
instead of 'admin' as previously.
Please note that the setup tool doesn't allow (yet?) to define dmarc_rua nor dmarc_ruf, so the default value is indeed used for the time being.

### Related issue(s)
closes #1463 

## Prerequistes
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1532: Replace SMPT with SMTP r=mergify[bot] a=dhoppe



1543: Disable Health checks on swarm mode r=mergify[bot] a=ofthesun9

ref: https://github.com/moby/moby/issues/35451

## What type of PR?
bug-fix

## What does this PR do?
Modify the docker-compose.yml template used by setup (swarm flavor) to disable Health checks on swarm mode for each service

### Related issue(s)
closes #1289

## Prerequistes
- [x]  add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
Co-authored-by: ofthesun9 <olivier@ofthesun.net>
Co-authored-by: Dennis Hoppe <github@debian-solutions.de>
5 years ago
Brian Maloney 6bd14506c0
Explicitly define ProxyFix options
Even though these seem to be the defaults, since 1.7 x_proto was not being honored (see #1309), this fixes this issue for me.
5 years ago
Dennis Hoppe f3ac4e9397
Remove unused variables 5 years ago
ofthesun9 1d35b1283d Adjust python required packages for alpine:3.12 5 years ago
ofthesun9 cff2e76269 Switching to alpine:3.12 5 years ago
Thomas Rehn fc47b736ea introduce environment variable to control dovecot full-text-search 5 years ago
ofthesun9 381bf747cc Check permissions using postfix set-permissions 6 years ago
ofthesun9 3a9c9d0436 Fixed typo 6 years ago
ofthesun9 67caf0c8cf Check /queue permissions before postfix start
postfix and posdrop id might have changed after base image change
6 years ago
Michael Wyraz e4454d776a Allow to enforce TLS for outbound using OUTBOUND_TLS_LEVEL=encrypt (default is 'may') 6 years ago
bors[bot] 5648669c61
Merge #1293
1293: Remove `reject_unverified_recipient` from `smtpd_client_restrictions` r=mergify[bot] a=SunMar


## What type of PR?

Bug-fix

## What does this PR do?

It removes recipient verification, as it broke my catch-all address.

Fix for #1292, though I'm not sure if this is the right way to fix the issue. It was added in 175349a224.

### Related issue(s)
Fix for #1292 and a revert of 175349a224.


Co-authored-by: SunMar <SunMar@users.noreply.github.com>
6 years ago
bors[bot] 15a0d7303c
Merge #1399 #1417
1399: Remove SPF type SPF record #1394 r=mergify[bot] a=bladeswords

As mentioned in #1394 - In accordance with RFC 7208, offer only TXT RRs for SPF.
Agree with @Nebukadneza - but not sure how to go about telling people to remove the old record...

## What type of PR?

Documentation

## What does this PR do?
Removes the recommendation to add a SPF RR for SPF records, as this is no longer RFC complaint and often causes issues to maintain two records.

### Related issue(s)
- closes #1394

## Prerequistes
None


1417: docker-compose exec needs a -T flag if no TTY is allocated r=mergify[bot] a=ofthesun9

This flag is missing in 00_create_users.sh and is failing the tests on travis arm architecture

## What type of PR?
This PR is an enhancement/bugfix needed to allow usage of travis to test and deploy on arm platform
Before the PR, tests are failing with the msg: "the input device is not a TTY"

## What does this PR do?
This PR add -T flag for the docker-compose exec occurences found in 00_create_users.sh


Co-authored-by: bladeswords <bladeswords@users.noreply.github.com>
Co-authored-by: Dario Ernst <dario@kanojo.de>
Co-authored-by: ofthesun9 <olivier@ofthesun.net>
6 years ago
Weblate 066f2bac07 Merge branch 'origin/master' into Weblate. 6 years ago
Jaume Barber 6c25d20c83 Translated using Weblate (Catalan)
Currently translated at 100.0% (151 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ca/
6 years ago
ofthesun9 885a0b5167 Relearn messages for fuzzy storage
This PR add a rspamc fuzzy_del to ham & spam scripts, in order to cover
move from Junk list to Ham list and vice versa
6 years ago
bors[bot] 60b9a3e2f0
Merge #1389
1389: Prefer specific alias over wildcard, regardless of case r=mergify[bot] a=Nebukadneza

## What type of PR?
bug-fix

## What does this PR do?
Since direct addresses (not aliases) are case-insensitive since a while,
it makes sense for aliases to behave the same. Up until now, a wildcard
alias could trump a alias not-matching-the-case of the incoming address.
This clarifies this behavior.

## Notes
I realize that the if-hell down there isn’t nice. What it is, however, is quite clear and easy to read. I’m hoping that if anyone ever gets confused in the future, this will make the current behavior transparent. For me, that was more important than a minimal amount of statements/branches …

### Related issue(s)
closes #1387

## Prerequistes
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dario Ernst <github@kanojo.de>
6 years ago
bors[bot] 8844dc67fa
Merge #1392
1392: Use environment variables for cert paths/names in nginx certwatcher r=mergify[bot] a=Nebukadneza

## What type of PR?
bug-fix

## What does this PR do?
Previously, nginx certwatcher would only react to the hardcoded paths. It should have
honored the enviroment variables that are used by config.py too for this.
 
### Related issue(s)
closes #903

## Prerequistes
- [x] no feature or enhancement
- [x] minor/internal change


Co-authored-by: Dario Ernst <github@kanojo.de>
6 years ago
SunMar ac6b8d62dd Remove `reject_unverified_recipient` from `smtpd_client_restrictions`
Fix for #1292, though I'm not sure if this is the right way to fix the issue. It was added in 175349a224.
6 years ago
bors[bot] 5004e62607
Merge #1398
1398: Update crypto to be modern and inline with tls.conf r=mergify[bot] a=bladeswords

Updated to match tls.conf and be aligned to more modern cryptographic standards and only use currently secure protocols and ciphers.

## What type of PR?

bugfix

## What does this PR do?
Update to use more modern cryptographic techniques
### Related issue(s)
- Addresses comment raised in 4f973f6

## Prerequistes
None


Co-authored-by: bladeswords <bladeswords@users.noreply.github.com>
6 years ago
bors[bot] 67b48f55fd
Merge #1393
1393: Ignore newlines and comment-lines in postfix overrides r=mergify[bot] a=Nebukadneza

## What type of PR?
enhancement

## What does this PR do?
To make postfix override files understandable and readable, users may
want to insert empty newlines and #-commented lines in their postfix
override files too. This will now ignore such bogus-lines and not send
them to `postconf`, which produced ugly errors in the past.

### Related issue(s)
closes #1098

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dario Ernst <github@kanojo.de>
6 years ago
bors[bot] 575f6b1691
Merge #1296 #1322 #1337 #1358
1296: fetchmail: print unhandled exceptions, but don't crash r=Nebukadneza a=Al2Klimov

fixes #1295

1322: Bump validators from 0.12.5 to 0.12.6 in /core/admin r=Nebukadneza a=dependabot[bot]

Bumps [validators](https://github.com/kvesteri/validators) from 0.12.5 to 0.12.6.
<details>
<summary>Changelog</summary>

*Sourced from [validators's changelog](https://github.com/kvesteri/validators/blob/master/CHANGES.rst).*

> 0.12.6 (2019-05-08)
> ^^^^^^^^^^^^^^^^^^^
> 
> - Fixed domain validator for single character domains ([#118](https://github-redirect.dependabot.com/kvesteri/validators/issues/118), pull request courtesy kingbuzzman)
</details>
<details>
<summary>Commits</summary>

- See full diff in [compare view](https://github.com/kvesteri/validators/commits)
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=validators&package-manager=pip&previous-version=0.12.5&new-version=0.12.6)](https://help.github.com/articles/configuring-automated-security-fixes)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Mailu/Mailu/network/alerts).

</details>

1337: Add IPv6 to allow_nets r=Nebukadneza a=PhilRW

Roundcube was not connecting to sieve with IPv6 enabled.

Fixes #1336

1358: Add port to relay if it contains a colon r=Nebukadneza a=PhilRW

## What type of PR?

enhancement

## What does this PR do?

Allows relaying domains to non-standard SMTP ports by appending `:port` to the destination host/IP. E.g., `mx1.internal:2525`

### Related issue(s)

Closes #1357 


## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Alexander A. Klimov <grandmaster@al2klimov.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Philip Rosenberg-Watt <p.rosenberg-watt@cablelabs.com>
6 years ago
Weblate e9ddb2ddcc Merge branch 'origin/master' into Weblate. 6 years ago
Jaume Barber a2fa52170c Translated using Weblate (Catalan)
Currently translated at 98.6% (149 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ca/
6 years ago
Jaume Barber aafcbadb23 Translated using Weblate (Italian)
Currently translated at 98.7% (161 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/it/
6 years ago
Jaume Barber ecb8e07da2 Translated using Weblate (Spanish)
Currently translated at 98.7% (161 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/es/
6 years ago
Jae Beojkkoch ca82380bcf Translated using Weblate (English)
Currently translated at 7.9% (13 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
6 years ago
bors[bot] ecae6872f3
Merge #1395 #1396
1395: Remove duplicate ports line r=mergify[bot] a=Nebukadneza


## What type of PR?
enhancement

## What does this PR do?

### Related issue(s)
closes #1079

## Prerequistes
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1396: Use pyyaml safe_load instead of load r=mergify[bot] a=Nebukadneza




## What type of PR?
enhancement

## What does this PR do?
Since load in unsafe (ref: https://msg.pyyaml.org/load),
switch the only occurrance of `yaml.load` that i could
find to safe_load.

### Related issue(s)
closes #1085

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dario Ernst <github@kanojo.de>
6 years ago
bors[bot] a28e30b93b
Merge #1320
1320: Add xapian full-text-search plugin to dovecot r=mergify[bot] a=Nebukadneza

## What type of PR?
Enhancement

## What does this PR do?
Currently we are not able to offer our users a FTS experience after the
demise of lucene due to unfixed coredumps with musl/alpine.
We now add lucene, the only remaining maintained small/lean FTS plugin
for dovecot. It is quite simple to add to our stack: A two-stage docker
build is used to compile the fts plugin in the first stage, and copy
over only the resulting plugin-artifact to the second stage, which is
our usual dovecot container. Configuration is also minimal.

There was a upstream issue where bodies were not able to be searched for subwords, but fortunately it was fixed quite quickly. We currently need to wait for a new release to use a stable tag in our `Dockerfile`.

### Related issue(s)
- https://github.com/Mailu/Mailu/pull/1176
- https://github.com/Mailu/Mailu/pull/1297
- https://github.com/Mailu/Mailu/issues/751
- **Upstream-issues which is the cause for the `TODO` in the `Dockerfile`**: https://github.com/grosjo/fts-xapian/issues/32

## Prerequistes
- [ ] Wait for upstream to prepare new release after https://github.com/grosjo/fts-xapian/issues/32 — so that we can use a stable tag in our `Dockerfile`
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dario Ernst <dario@kanojo.de>
Co-authored-by: Dario Ernst <dario.ernst@rommelag.com>
6 years ago
bladeswords 8010595dd2
Remove SPF type SPF record #1394
As mentioned in #1394 - In accordance with RFC 7208, offer only TXT RRs for SPF.
Agree with @Nebukadneza - but not sure how to go about telling people to remove the old record...
6 years ago
bladeswords 2ddf46ad2b
Update crypto to be modern and inline with tls.conf
Updated to match tls.conf and be aligned to more modern cryptographic standards and only use currently secure protocols and ciphers.
6 years ago
Dario Ernst 23f21f8b9c Use pyyaml safe_load instead of load
Since load in unsafe (ref: https://msg.pyyaml.org/load),
switch the only occurrance of `yaml.load` that i could
find to safe_load.

closes #1085
6 years ago
Dario Ernst dbcab06587 Ignore newlines and comment-lines in postfix overrides
To make postfix override files understandable and readable, users may
want to insert empty newlines and #-commented lines in their postfix
override files too. This will now ignore such bogus-lines and not send
them to `postconf`, which produced ugly errors in the past.

closes #1098
6 years ago
Dario Ernst 09024c8008 Use environment variables for cert paths/names in nginx certwatcher
Previously, nginx certwatcher would only react to the hardcoded paths. It should have
honored the enviroment variables that are used by config.py too for this.

closes #903
6 years ago
bors[bot] b8b1699f9e
Merge #1359
1359: Refactor the rate limiting code r=mergify[bot] a=kaiyou

## What type of PR?

Enhancement

## What does this PR do?

Rate limiting was already redesigned to use Python limits. This
introduced some unexpected behavior, including the fact that only
one criteria is supported per limiter. Docs and setup utility are
updated with this in mind.

Also, the code was made more generic, so limiters can be delivered
for something else than authentication. Authentication-specific
code was moved directly to the authentication routine.

### Related issue(s)

No specific issue.

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: kaiyou <pierre@jaury.eu>
6 years ago
Dario Ernst 8626326559 Fix dovecot dockerfile (accidentally broken in previous commit) 6 years ago
dependabot[bot] 94cfc31e04
Bump validators from 0.12.5 to 0.12.6 in /core/admin
Bumps [validators](https://github.com/kvesteri/validators) from 0.12.5 to 0.12.6.
- [Release notes](https://github.com/kvesteri/validators/releases)
- [Changelog](https://github.com/kvesteri/validators/blob/master/CHANGES.rst)
- [Commits](https://github.com/kvesteri/validators/commits)

Signed-off-by: dependabot[bot] <support@github.com>
6 years ago
bors[bot] a3c6002a0a
Merge #1321
1321: Upgrading nginx TLS configuration r=mergify[bot] a=radtkedev

## What type of PR?

Enhancement

## What does this PR do?

Upgrades the TLS protocols and ciphers to the recommended "Intermediate Configuration" and sets the "Old Configuration" for port 25 (SMTP) based on the [Mozilla SSL Configuration Generator](https://ssl-config.mozilla.org/) and adjusted for the nginx mail proxy.

Co-authored-by: Tom Radtke <tom@radtke.dev>
6 years ago
Dario Ernst dfe092eb46 Use names for docker build stages in dovecot Dockerfile 6 years ago
bors[bot] 1ca4d6769c
Merge #1349
1349: Add support for SRS, related to #328 r=mergify[bot] a=kaiyou

## What type of PR?

Feature

## What does this PR do?

It implements SRS using a Python SRS library.

### Related issue(s)
- closes #328 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: kaiyou <pierre@jaury.eu>
6 years ago
Dario Ernst da2dda49d4 Prefer specific alias over wildcard, regardless of case
Since direct addresses (not aliases) are case-insensitive since a while,
it makes sense for aliases to behave the same. Up until now, a wildcard
alias could trump a alias not-matching-the-case of the incoming address.
This clarifies this behavior.

closes #1387
6 years ago
NeroPcStation 365f21007d Translated using Weblate (Polish)
Currently translated at 90.2% (147 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/pl/
6 years ago
kaiyou 8e88f1b8c3 Refactor the rate limiting code
Rate limiting was already redesigned to use Python limits. This
introduced some unexpected behavior, including the fact that only
one criteria is supported per limiter. Docs and setup utility are
updated with this in mind.

Also, the code was made more generic, so limiters can be delivered
for something else than authentication. Authentication-specific
code was moved directly to the authentication routine.
6 years ago
Philip Rosenberg-Watt ff1dfec39a Add port to relay if it contains a colon
This closes #1357
6 years ago
Philip Rosenberg-Watt 27e37577c6 Add IPv6 to allow_nets
Roundcube was not connecting to sieve with IPv6 enabled.

Fixes #1336
6 years ago
Weblate b248f6a800 Merge branch 'origin/master' into Weblate 6 years ago
Andrási István 395a0d14dc Translated using Weblate (Hungarian)
Currently translated at 100.0% (163 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/hu/
6 years ago
bors[bot] 96f832835a
Merge #1278
1278: Limiter implementation r=kaiyou a=micw

## What type of PR?

(Feature, enhancement, bug-fix, documentation)

## What does this PR do?

Adds a custom limter based on the "limits" lirary that counts up on failed auths only

### Related issue(s)
- closes #1195
- closes #634

## Prerequistes

- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
Co-authored-by: micw <michael@wyraz.de>
6 years ago
Dario Ernst 99ecaee7b9 Use a released git-tag for fts-xapian 6 years ago
Tom Radtke 4f973f63e6
Upgrading nginx TLS configuration 6 years ago
bors[bot] 761fade9a9
Merge #1316
1316: Fix the encoding of incoming user email and password r=mergify[bot] a=kaiyou

## What type of PR?

Bug fix

## What does this PR do?

As described in the changes, RFC2616 states that header should be considered ISO8859-1 in HTTP, which obviously nginx does not really care about when forwarding the password from SMTP authentication to the backend. Hence, we need to encode-then-decode passwords to get the proper value in case a special char is in there.

### Related issue(s)
- This fixes #1139 
- This is also related to #1281 
- This is also related to #1139

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: kaiyou <pierre@jaury.eu>
6 years ago
Dario Ernst e499d5a804 Add xapian full-text-search plugin to dovecot
Currently we are not able to offer our users a FTS experience after the
demise of lucene due to unfixed coredumps with musl/alpine.
We now add lucene, the only remaining maintained small/lean FTS plugin
for dovecot. It is quite simple to add to our stack: A two-stage docker
build is used to compile the fts plugin in the first stage, and copy
over only the resulting plugin-artifact to the second stage, which is
our usual dovecot container. Configuration is also minimal.
6 years ago
Tom Radtke 9d213b213a
Upgrading to a 2048-bit DKIM key 6 years ago
Torben Jensen 6f910c5738 Translated using Weblate (Danish)
Currently translated at 80.8% (122 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/da/
6 years ago
kaiyou bd69b7a491 Add support for SRS, related to #328 6 years ago
kaiyou 9b7a027d6f Fix the encoding of incoming user email and password 6 years ago
Weblate 869f230e0d Merge branch 'origin/master' into Weblate 6 years ago
Torben Jensen 619a87a821 Added translation using Weblate (Danish) 6 years ago
bors[bot] 812439332a
Merge #1299
1299: Don't remove the address extension in postfix r=mergify[bot] a=RobertMe

## What type of PR?
Bugfix

## What does this PR do?
Currently when the mail address is looked up by Postfix (using the admin
part) the address extension is removed. This is due to the address
extension being removed to look up the user, and afterwards returning
the users mail address. But by not returning the mail address including
the address extension it also isn't part anymore in the LMTP
communication to Dovecot. So Dovecot doesn't know about the extension,
and in turn the address extension can't be used in Sieve mail filtering.

This change fixes that by returning the original address by just
concatinating the "localpart" and domain again when the user is found.

### Related issue(s)
Fixes #982

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Robert Meijers <robert.meijers@gmail.com>
6 years ago
Weblate 97b9098eb9 Merge branch 'origin/master' into Weblate 6 years ago
Angedestenebres c09f046ba7 Translated using Weblate (French)
Currently translated at 100.0% (163 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/fr/
6 years ago
micw 7688caa784
Add missing self. 6 years ago
Michael Wyraz ace475d23c Certwatcher: Use polling observer to workaround some symlink limitations 6 years ago
Robert Meijers 989e4d5db5 Don't remove the address extension in postfix
Currently when the mail address is looked up by Postfix (using the admin
part) the address extension is removed. This is due to the address
extension being removed to look up the user, and afterwards returning
the users mail address. But by not returning the mail address including
the address extension it also isn't part anymore in the LMTP
communication to Dovecot. So Dovecot doesn't know about the extension,
and in turn the address extension can't be used in Sieve mail filtering.

This change fixes that by returning the original address by just
concatinating the "localpart" and domain again when the user is found.

Fixes #982
6 years ago
Weblate 2b503332a0 Merge branch 'origin/master' into Weblate 6 years ago
Marc Riera ba7364d5e9 Added translation using Weblate (Catalan) 6 years ago
Michael Wyraz 70f797dbd9 Don't raise rate limit exception on hit(), only on check() 6 years ago
Michael Wyraz a7f787f914 Make rate limit for subnet (webmail) configurable 6 years ago
Michael Wyraz bee80b5c64 Remove rate limit reset 6 years ago
Michael Wyraz 889386b4a6 Limiter implementation 6 years ago
Michael Wyraz fb9ddbca7a Install p3-yarn as dependency for podop 6 years ago
Michael Wyraz 09ee3ce95c Install py3-multidict from repository before installing socrate to avoid the need of gcc during build 6 years ago
Mordi Sacks ebc39b5308 Translated using Weblate (Hebrew)
Currently translated at 6.0% (9 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/he/
6 years ago
Weblate 2d6aa77925 Merge branch 'origin/master' into Weblate 6 years ago
Mordi Sacks 5b23e30b39 Added translation using Weblate (Hebrew) 6 years ago
Michael Wyraz e857b9d659 Document default antivirus behaviour, add an option to reject viruses 6 years ago
Tim Möhlmann 4e4b071fb0
Move services into core and optional 6 years ago
Weblate e736abbe6f Merge branch 'origin/master' into Weblate 6 years ago
Simen Kildahl Eriksen 87c6984b99 Translated using Weblate (Norwegian Bokmål)
Currently translated at 100.0% (151 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/nb_NO/
6 years ago
bors[bot] 0417c791ff
Merge #985
985: Permit raspberry pi (and other architectures) builds r=mergify[bot] a=abondis

## What type of PR?

Enhancement

## What does this PR do?

Add an option to select base images and permit building for different CPU architectures.

### Related issue(s)
N/A

## Prerequistes

- [X] documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Aurélien Bondis <aurelien.bondis@gmail.com>
Co-authored-by: Aurelien <aurelien.bondis@gmail.com>
6 years ago
Weblate 60e5f551f9 Merge branch 'origin/master' into Weblate 6 years ago
Simen Kildahl Eriksen 4c3af0b905 Added translation using Weblate (Norwegian Bokmål) 6 years ago
Tim Möhlmann 279acca6b2
Dovecot: Delete obsolete data volume 6 years ago
bors[bot] 9bae9b3078
Merge #1213
1213: Bump werkzeug from 0.15.2 to 0.15.3 in /core/admin r=mergify[bot] a=dependabot[bot]

Bumps [werkzeug](https://github.com/pallets/werkzeug) from 0.15.2 to 0.15.3.
<details>
<summary>Release notes</summary>

*Sourced from [werkzeug's releases](https://github.com/pallets/werkzeug/releases).*

> ## 0.15.3
> * Blog: https://palletsprojects.com/blog/werkzeug-0-15-3-released/
> * Changes: https://werkzeug.palletsprojects.com/en/0.15.x/changes/#version-0-15-3
> 
</details>
<details>
<summary>Changelog</summary>

*Sourced from [werkzeug's changelog](https://github.com/pallets/werkzeug/blob/master/CHANGES.rst).*

> Version 0.15.3
> --------------
> 
> Released 2019-05-14
> 
> -   Properly handle multi-line header folding in development server in
>     Python 2.7. (:issue:`1080`)
> -   Restore the ``response`` argument to :exc:`~exceptions.Unauthorized`.
>     (:pr:`1527`)
> -   :exc:`~exceptions.Unauthorized` doesn't add the ``WWW-Authenticate``
>     header if ``www_authenticate`` is not given. (:issue:`1516`)
> -   The default URL converter correctly encodes bytes to string rather
>     than representing them with ``b''``. (:issue:`1502`)
> -   Fix the filename format string in
>     :class:`~middleware.profiler.ProfilerMiddleware` to correctly handle
>     float values. (:issue:`1511`)
> -   Update :class:`~middleware.lint.LintMiddleware` to work on Python 3.
>     (:issue:`1510`)
> -   The debugger detects cycles in chained exceptions and does not time
>     out in that case. (:issue:`1536`)
> -   When running the development server in Docker, the debugger security
>     pin is now unique per container.
</details>
<details>
<summary>Commits</summary>

- [`9b1123a`](9b1123a779) release version 0.15.3
- [`00bc43b`](00bc43b167) unique debugger pin in Docker containers
- [`2cbdf2b`](2cbdf2b022) Merge pull request [#1542](https://github-redirect.dependabot.com/pallets/werkzeug/issues/1542) from asottile/exceptions_arent_always_hashable
- [`0e669f6`](0e669f6be5) Fix unhashable exception types
- [`bdc17e4`](bdc17e4cd1) Merge pull request [#1540](https://github-redirect.dependabot.com/pallets/werkzeug/issues/1540) from pallets/break-tb-cycle
- [`44e38c2`](44e38c2985) break cycle in chained exceptions
- [`777500b`](777500b646) Merge pull request [#1518](https://github-redirect.dependabot.com/pallets/werkzeug/issues/1518) from NiklasMM/fix/1510_lint-middleware-python3-compa...
- [`e00c7c2`](e00c7c2ced) Make LintMiddleware Python 3 compatible and add tests
- [`d590cc7`](d590cc7cf2) Merge pull request [#1539](https://github-redirect.dependabot.com/pallets/werkzeug/issues/1539) from pallets/profiler-format
- [`0388fc9`](0388fc95e6) update filename_format for ProfilerMiddleware.
- Additional commits viewable in [compare view](https://github.com/pallets/werkzeug/compare/0.15.2...0.15.3)
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=werkzeug&package-manager=pip&previous-version=0.15.2&new-version=0.15.3)](https://help.github.com/articles/configuring-automated-security-fixes)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Mailu/Mailu/network/alerts).

</details>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
6 years ago
bors[bot] dcda412b99
Merge #1211
1211: Split HOST_ANTISPAM in HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI r=mergify[bot] a=micw

## What type of PR?

bug-fix

## What does this PR do?

Fixes #1190 by separating HOST_ANTISPAM into HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI

### Related issue(s)
- closes #1190
- closes #1150

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
6 years ago
bors[bot] 35160b770d
Merge #1198 #1204 #1207 #1208
1198: Enable access log of admin service only for log levels of INFO and finer r=muhlemmer a=micw

## What type of PR?

bug fix

## What does this PR do?

### Related issue(s)
- closes #1197

## Prerequistes

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1204: Add initial admin account to kubernetes example r=muhlemmer a=micw

## What type of PR?

documentation

## What does this PR do?

Add INITIAL_ADMIN_* example to kubernetes configmap.yaml

### Related issue(s)

- closes #1201

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- docs example only

1207: Add Japanese translation r=muhlemmer a=IchikawaYukko

## What type of PR?

Translation

## What does this PR do?

Provide completed Japanese translation.

### Related issue(s)

None

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [*] In case of feature or enhancement: documentation updated accordingly
- [*] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1208: Persist mailqueue r=muhlemmer a=micw

## What type of PR?

bug-fix

## What does this PR do?

Makes postfix mailqueue presistent (for docker, swarm and kubernetes)

### Related issue(s)
- closes #1161

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
Co-authored-by: Michael Wyraz <michael.wyraz@evermind.de>
Co-authored-by: U-COREI3-3120M\市川ゆり子 <ichikawayuriko@yahoo.co.jp>
Co-authored-by: micw <michael@wyraz.de>
6 years ago
bors[bot] b668eccc17
Merge #1181
1181: Update to address issue #1178 (HTTP headers) r=muhlemmer a=bladeswords

This change should remove the duplicate `x-xss-protection` header and also the `x-powered-by` header.  Hopefully a pull request to main is appropriate, but may be worth back porting to 1.7.

Tested config by modifying live 1.7 nginx config and reloading.  Has had the desired outcome of removing the headers.

```/etc/nginx # nginx -t -c /etc/nginx/nginx.conf 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
/etc/nginx # nginx -s reload
```

These steps were based on:
- https://serverfault.com/questions/928912/how-do-i-remove-a-server-added-header-from-proxied-location
- https://serverfault.com/questions/929571/overwrite-http-headers-comming-back-from-a-web-application-server-proxied-in-ngi
- http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header

## What type of PR?

Enhancement

## What does this PR do?
Removes duplicate and unneeded headers.  See issue #1178 

### Related issue(s)
- issue: #1178 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ X ] In case of feature or enhancement: documentation updated accordingly
- [ X ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: bladeswords <bladeswords@users.noreply.github.com>
6 years ago
Michael Wyraz a907fe4cac Split HOST_ANTISPAM in HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI 6 years ago
bors[bot] 9c956a04ca
Merge #1183
1183: Fix rspamd-learn when moving mail from/to junk folder r=mergify[bot] a=Nebukadneza

Before, the ham/spam scripts got the rspamd-ip/port from the environment.
However, when checking the environment of these processes now, it seems
cleared. Maybe the new dovecot version now clears environment? — I couldn’t
find a hint.

In any case, using the common mechanism of injecting the ip/port from where
it’s definately known by the already-used jinja2-mechanism seems reasonably
safe.

## What type of PR?
bug-fix

## What does this PR do?
Instead of relying on dovecot passing our environment cleanly to sieve-called scripts, this explicitly injects the antispam ip/port into the spam/ham scripts used when moving files from/to the spam-folder. This required some management of the files, such as setting proper permissions after the jinja-run.

### Related issue(s)
fixes #1177 

## Prerequistes
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dario Ernst <dario@kanojo.de>
Co-authored-by: Dario Ernst <dario.ernst@rommelag.com>
6 years ago
dependabot[bot] ed204766b2
Bump werkzeug from 0.15.2 to 0.15.3 in /core/admin
Bumps [werkzeug](https://github.com/pallets/werkzeug) from 0.15.2 to 0.15.3.
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/master/CHANGES.rst)
- [Commits](https://github.com/pallets/werkzeug/compare/0.15.2...0.15.3)

Signed-off-by: dependabot[bot] <support@github.com>
6 years ago
U-COREI3-3120M\市川ゆり子 26955df7ae remove POT-Creation-Date, PO-Revision-Date 6 years ago
Michael Wyraz 8ece8409f1 Remove unused volume /data from postfix. Add volume /queue to postfix 6 years ago
U-COREI3-3120M\市川ゆり子 efd628c338 add Japanese translation 6 years ago
Michael Wyraz c20976f071 Allow smtp auth login for TLS port (similar to SSL port) 6 years ago
Dario Ernst de29012d0b Remove unused stat import 6 years ago
bors[bot] 950a88bf0e
Merge #1196
1196: Change default password scheme to PBKDF2 (#1194) r=mergify[bot] a=hoellen

## What type of PR?
enhancement

## What does this PR do?
This PR change the default password scheme to PBKDF2. It is already changed in some places (e.g. [docs/compose/.env](https://github.com/Mailu/Mailu/blob/master/docs/compose/.env#L142)).

### Related issue(s)
closes #1194 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: hoellen <dev@hoellen.eu>
6 years ago
Michael Wyraz d689a8eeb3 Enable access log of admin service only for log levels of INFO and finer 6 years ago
bors[bot] 45126624c2
Merge #1180
1180: Add a title to Mailu-Admin pages r=mergify[bot] a=Niduroki

## What type of PR?

Enhancement

## What does this PR do?

This simply adds a title to be displayed in the browser tab for Mailu-Admin pages.

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.

Considering this is only a one-line change I don't think these apply.

-----

I made the title `Mailu-Admin - SITENAME` – if this seems unfitting feel free to change it to something different.

Co-authored-by: Niduroki <chris@niduroki.net>
6 years ago
hoellen d3dd4802f4 Change default password scheme to PBKDF2 (#1194) 6 years ago
bors[bot] 20e00ac0c4
Merge #1158
1158: Use nginx for kubernetes ingress r=kaiyou a=micw

## What type of PR?

enhancement

## What does this PR do?

Currently, kubernetes uses a complex ingress setting which is not portable across different ingress controllers. This PR simplifies the ingress and delegates everythins special to Mailu to the front container,

### Related issue(s)
- closes #1121
- closes #1117
- closes #1021
- closes #1045

## Prerequistes

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog]

Co-authored-by: Michael Wyraz <michael@wyraz.de>
6 years ago
Dario Ernst dc8a798ca1 Use correct octal notation for python3 6 years ago
Dario Ernst 18bc2fe78b Use more readable forms of makedirs and chmod 6 years ago
Dario Ernst 88bfb0d17f Fix rspamd-learn when moving mail from/to junk folder
Before, the ham/spam scripts got the rspamd-ip/port from the environment.
However, when checking the environment of these processes now, it seems
cleared. Maybe the new dovecot version now clears environment? — I couldn’t
find a hint.

In any case, using the common mechanism of injecting the ip/port from where
it’s definately known by the already-used jinja2-mechanism seems reasonably
safe.
6 years ago
bladeswords b13d143b34
Update to address issue #1178 (HTTP headers)
This change should remove the duplicate `x-xss-protection` header and also the `x-powered-by` header.  Hopefully a pull request to main is appropriate, but may be worth back porting to 1.7.

Tested config by modifying live 1.7 nginx config and reloading.  Has had the desired outcome of removing the headers.

```/etc/nginx # nginx -t -c /etc/nginx/nginx.conf 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
/etc/nginx # nginx -s reload
```

These steps were based on:
- https://serverfault.com/questions/928912/how-do-i-remove-a-server-added-header-from-proxied-location
- https://serverfault.com/questions/929571/overwrite-http-headers-comming-back-from-a-web-application-server-proxied-in-ngi
- http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header
6 years ago
Niduroki b58f06c03e Add a title to Mailu-Admin pages 6 years ago
bors[bot] e46153c0b1
Merge #1114
1114: Resolve HOST to ADDRESS only if ADDRESS is not already set r=mergify[bot] a=micw

## What type of PR?

bug-fix

## What does this PR do?

~Makes the rsolving from hosts to ips at startup configurable~

I rewrote the pull request after #940 was merged. Now it resolves HOSTs to ADDRESSes only of ADDRESSes are not already set. So on kubernetes we can jsut set the address and have working service discovery.

### Related issue(s)
- closes #1113

## Prerequistes

~Minor change, backward compatible~
Changelog will be added

Co-authored-by: Michael Wyraz <michael@wyraz.de>
6 years ago
Thomas Sänger 5fa87fbdf7
front: advertise real capabilites of mail-backends 6 years ago
Michael Wyraz 92645bcd4a Use nginx for kubernetes ingress 6 years ago
Michael Wyraz de2f166bd1 Resolve HOST_* to *_ADDRESS only if *_ADDRESS is not already set 6 years ago
Aurélien Bondis 34079244a6 fix ARG positions 6 years ago
Aurélien Bondis e1a4bf32a6 only insert qemu binary if building for arm 6 years ago
bors[bot] 1a597fbe6a
Merge #1130 #1132
1130: Remove unnecessary host variable assignments r=mergify[bot] a=kaiyou

## What type of PR?

Bug fix

## What does this PR do?

### Related issue(s)
- Closes #1126

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1132: Release Mailu 1.7 r=mergify[bot] a=kaiyou

## What type of PR?

Release

## What does this PR do?

It provides the changelog and migration notes for release 1.7.

### Related issue(s)

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: kaiyou <pierre@jaury.eu>
6 years ago
kaiyou d50504fa2b Only set the redis address once, fixes #1125 6 years ago
kaiyou 4afbc09d6e Remove unnecessary host variable assignments 6 years ago
Tim Möhlmann 05ea4474e7
make `ANTIVIRUS_ADDRESS` consistent with #940 6 years ago
Igor Rzegocki 6f973a2e4b
Fixed hardcoded antispam and antivirus host addresses
Fixes #978
6 years ago
bors[bot] 3e626b8500
Merge #940
940: Fix host variables r=mergify[bot] a=ionutfilip

## What type of PR?
bug-fix

## What does this PR do?

### Related issue(s)
- Fix #884

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.


Co-authored-by: Ionut Filip <ionut.philip@gmail.com>
Co-authored-by: Tim Möhlmann <muhlemmer@gmail.com>
6 years ago
bors[bot] 2785bca1f4
Merge #883
883: Admin create user enhancement r=mergify[bot] a=cr1st1p

## What type of PR?
Enhancement

## What does this PR do?
It allows the admin docker image to also create the admin user.
The idea is that in my kubernetes setup, I do not want to manually do anything, as such, I need a way for the admin user to also be created automatically without me getting inside the pod.
So I had to change the manage.py function that creates the user to allow different 'modes' (me, I'll be using 'ifmissing') and also start.py to call that functionality if appropriate environment variables are present.

So now, in my Deployment, I add 3 more environment variables and I get the admin user created, IF not already present.

### Related issue(s)
none?

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.


Co-authored-by: cristi <cristi.posoiu@gmail.com>
Co-authored-by: cr1st1p <cristi.posoiu@gmail.com>
Co-authored-by: Tim Möhlmann <muhlemmer@gmail.com>
6 years ago
Tim Möhlmann ed0fb77a01
Catch empty WEBMAIL and WEBDAV address 6 years ago
Tim Möhlmann 348ea1a572
Remove obsolete log call 6 years ago
Ionut Filip 075417bf90 Merged master and fixed conflicts 6 years ago
Aurélien Bondis 124b1d4c71 rebase and update for 3.10, avoid adding qemu file to x86 images 6 years ago
Tim Möhlmann 7d964874e8
Cleanup spaces around '=' 6 years ago
Tim Möhlmann 52971ed42e
Use os.environment.get() 6 years ago
Mildred Ki'Lya 95dce5575b Parameterize redis address 6 years ago
bors[bot] 47a40d17b7 Merge #1088
1088: Support domain literals (fix #1087) r=mergify[bot] a=hoellen

## What type of PR?
bug-fix

## What does this PR do?
This PR adds error handling for idna enocding. With telnet you now get a "Bad sender address syntax"  message.

```
> telnet mail.example.com 25

Connected to example.com.
Escape character is '^]'.
220 mail.example.com ESMTP ready
EHLO dummy.example.com
250-mail.example.com
250 STARTTLS
MAIL FROM: does-not-exist@[116.203.165.200]
250 2.0.0 OK
RCPT TO: some-user@example.com
501 5.1.7 Bad sender address syntax
Connection closed by foreign host.
```


### Related issue(s)
fix #1087

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: hoellen <dev@hoellen.eu>
6 years ago
hoellen b720bedf72 Support domain literals for receiving emails 6 years ago
hoellen bed2c6ea09 Revert "Error handling for idna encoding"
This reverts commit 10034526a1.
6 years ago
hoellen 10034526a1 Error handling for idna encoding 6 years ago
hoellen 9de5dc2592 Use python package socrate instead of Mailustart 6 years ago
bors[bot] 2788909a13 Merge #1052
1052: Upgrade alpine to 3.10 r=mergify[bot] a=Nebukadneza

## What type of PR?
enhancement / bug-fix

## What does this PR do?
Upgrade the alpine base image to 3.10 and clean up ensuing problems. Also directly uses postfix foreground-running with stdout logging.

### Related issue(s)
closes #1049
closes #1051

Note: This is a duplicate effort of #1050 #1039 …

## Prerequistes
- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.

With these images, I have tested manually:
- Email receive to user
  - on main domain
  - on additional domain
  - via an alias on main-domain
  - via an alias on additional domain
  - via catchall
- Email reject
  - of eicar testfiles
- Email sending
- Fetchmail from legacy POP
- Front LE certificates
- Simple overriding for postfix (only postfix.cf), nginx, dovecot, rspamd
- Creating a CalDAV calendar and CardDAV entry using davx5

I have not (yet) tested:
- certdumper
- databases other than sqlite

Todo:
- [x] Get rid of podop at `git+https://github.com/Nebukadneza/Podop.git@fix_py37` once https://github.com/Mailu/Podop/pull/6 is merged
- [x] Bend Mailustart back to original repository
- [x] Test more (? also help wanted ?)

Co-authored-by: Thomas Sänger <thomas@gecko.space>
Co-authored-by: Dario Ernst <dario@kanojo.de>
Co-authored-by: Reto Glauser <git@blinkeye.ch>
6 years ago
kaiyou 23871d9180 Translated using Weblate (Russian)
Currently translated at 100.0% (163 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ru/
6 years ago
kaiyou 0281b5a595 Translated using Weblate (Italian)
Currently translated at 71.8% (117 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/it/
6 years ago
kaiyou 45789d3f22 Translated using Weblate (Hungarian)
Currently translated at 100.0% (163 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/hu/
6 years ago
Bambie07 e70d1e1455
fix dns dkim entry 6 years ago
Dario Ernst 1dbda71401 Adapt shared layer conf to now really-missing mailustart in admin (after merging webpack) 6 years ago
Dario Ernst a8c3530bfa Remove accidentally reintroduced rsyslogd config 6 years ago
Dario Ernst 8c2e22f666 Merge branch 'master' into HorayNarea-feat-upgrade-alpine 6 years ago
bors[bot] f77e1bdd0e Merge #1048
1048: Refactor admin using webpack r=mergify[bot] a=kaiyou

## What type of PR?

Refactoring

## What does this PR do?

This PR brings some refactoring to the admin container :
- remove the dependency to mailustart and replace it with socrate
- remove static assets from the repo and use Webpack for building them


Co-authored-by: hoellen <dev@hoellen.eu>
Co-authored-by: kaiyou <pierre@jaury.eu>
6 years ago
Dario Ernst 0f146cd811 Require python3.7-compatible podop
Which is still unreleased, but serves as a placeholder here.
6 years ago
Dario Ernst 0306be1eed Re-add missing MailuStar in admin
It turns out we were all blind and admin *does* use MailuStart
6 years ago
Dario Ernst ce0c24e076 Merge branch 'master' into HorayNarea-feat-upgrade-alpine 6 years ago
Dario Ernst 53f754f5ac Remove MailuStart from admin and correct layer-sharing comments 6 years ago
Dario Ernst 93b54dcffe Install podop from pypi 6 years ago
Thomas Sänger 2c7d1d2f71
use HTTP/1.1 for proxyied connections 6 years ago
hoellen 31464c5c44 Change image back to alpine 6 years ago
hoellen b351841418 Expose jQuery for use outside Webpack build 6 years ago
hoellen 90f678de52 add app.css and fix align of menu button 6 years ago
hoellen 616d40d225 Update password in commandline 6 years ago
Dario Ernst bb2edb6eb6 Revert "Move alpine version definition out to variable"
This reverts commit c787e4bdbd.
6 years ago
hoellen 81a8acf9ec fix resolve issue 6 years ago
Dario Ernst c787e4bdbd Move alpine version definition out to variable 6 years ago
Daniel Huber ae290482c0
Format relay credentials file with jinja 6 years ago
Daniel Huber 515e95076a
Merge branch 'master' into feat-relay-auth 6 years ago
Dario Ernst ea851e77d4 Remove reference to rsyslogd 6 years ago
Dario Ernst 3bfdff155c Use official Mailu/Podop 6 years ago
Dario Ernst a253ca47fe Use official Mailu/MailuStart 6 years ago
Dario Ernst d155b2c533 Start postfix directly with stdout logging 6 years ago
Dario Ernst 9c1675e9d8 Use TEMPORARY workaround-branch for podop python 3.7 compatability 6 years ago
Dario Ernst f85b32914c Add newly missing plain SASL support in postfix 6 years ago
Dario Ernst d1f80cca99 Update Dockerfiles to most recent alpine 3.10 6 years ago
Dario Ernst 96fbaecc2f Correct executables moved by alpine 6 years ago
Thomas Sänger ef3c6c407a upgrade alpine base-image 6 years ago
kaiyou baa5a8a4e0 Fix hostname resolution 6 years ago
kaiyou c20a502695 Do not forcefully resolve optional hostnames 6 years ago
kaiyou a3abf8c353 Add the assets source 6 years ago
kaiyou 4b620ba5d1 Merge branch 'hoellen-fix-sidebar-toggle' into refactor-admin-webpack 6 years ago
kaiyou c147a371d7 Merge branch 'fix-sidebar-toggle' of https://github.com/hoellen/Mailu into hoellen-fix-sidebar-toggle 6 years ago
kaiyou 2d3560b396 Fix select2 using webpack-built assets 6 years ago
kaiyou c2a04ab1d4 Update the build configuration to use webpack and compiled assets 6 years ago
kaiyou ecdf0c25b3 Use webpack for building static assets 6 years ago
kaiyou d7747639e9 Remove the dependency to mailustart, introducing socrate 6 years ago
cristi f2a009795b Merge branch 'master' into admin_create_user_enhancement 7 years ago
bors[bot] f1f5aef7d3 Merge #931
931: Resolve webmail in admin r=mergify[bot] a=ionutfilip

## What type of PR?
bug-fix

## What does this PR do?
Implement mailustart to resolve webmail in admin

### Related issue(s)
Fix #716 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.


Co-authored-by: Ionut Filip <ionut.philip@gmail.com>
7 years ago
bors[bot] 2c90ac3334 Merge #962
962: Open some admin sidebar links in a new browser tab r=kaiyou a=mariooos

## What type of PR?

Enhancement

## What does this PR do?

Add target=_blank attribute to html <a href ...> tag in following admin sidebar links:
- Antispam
- Webmail
- Website
- Help


Co-authored-by: mariooos <48351788+mariooos@users.noreply.github.com>
7 years ago
bors[bot] 7021278bfb Merge #993
993: Make aliases case-insensitive (too) r=mergify[bot] a=Nebukadneza

Even though RFC5321 2.4 explains that local-parts are to be case-sensitive,
this does not seem to be how EMail is used today. Thus, instead of reverting
user-emails back to being case sensitive, let’s make aliases case-insensitive
too. Not only more consistent, this also allows users to enjoy receiving EMails
from large airlines or car-rental agencies onto their already existing aliases.

For the rare case of case sensitive aliases existing, let’s query for the
forced-lowercase alias only in the event that the preserved-case one isn’t
found …

closes #867

## What type of PR?
bug-fix

## What does this PR do?
Make aliases optionally case-insensitive: After attempting to resolve an alias in its preserved case, also attempt to match it case-insensitively.

This followed after some more thought from  #868 …

### Related issue(s)
closes #867

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dario Ernst <dario@kanojo.de>
7 years ago
bors[bot] df14935819 Merge #945
945: Add extra newline to main.cf r=mergify[bot] a=flopes89

This should prevent jinja from stripping the newline, which causes overrides to be appended after the comment section


## What type of PR?

Bugfix

## What does this PR do?

Adds a new empty newline a the end of `conf/main.cf` so prevent jinja from stripping it, by which overrides done with `postconf -e` are not appended correctly.

### Related issue(s)

see #941

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

Co-authored-by: Florian Peschka <flopes89@users.noreply.github.com>
7 years ago
bors[bot] d76ba5ee39 Merge #1005
1005: distinguish disabled users in user list view by row color r=kaiyou a=zhuangyy

## What type of PR?

enhancement

## What does this PR do?

distinguish disabled users in user list view by row color

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Zhuang Yuyao <jssyan@qq.com>
7 years ago
kaiyou 645c423d09 Update messages.po (POEditor.com) 7 years ago
kaiyou 08bdc715bb Update messages.po (POEditor.com) 7 years ago
kaiyou a150315c1d Added translation using Weblate (Japanese) 7 years ago
Weblate abece125f4 Merge branch 'origin/master' into Weblate 7 years ago
kaiyou d99ad5fe3e Added translation using Weblate (Hungarian) 7 years ago
kaiyou b91c7f64ee Update messages.po (POEditor.com) 7 years ago
kaiyou d929413784 Update messages.po (POEditor.com) 7 years ago
kaiyou 91c8ca1279 Update messages.po (POEditor.com) 7 years ago
kaiyou c0263a2ae9 Update messages.po (POEditor.com) 7 years ago
kaiyou 80c57b597b Update messages.po (POEditor.com) 7 years ago
kaiyou 0566b00664 Update messages.po (POEditor.com) 7 years ago
kaiyou c939b30e6b Update messages.po (POEditor.com) 7 years ago
kaiyou 308521ff9a Update messages.po (POEditor.com) 7 years ago
kaiyou 0ca18035e1 Update messages.po (POEditor.com) 7 years ago
kaiyou 8bcb4deb7e Update messages.po (POEditor.com) 7 years ago
kaiyou 65a61ad5c8 Added translation using Weblate (Icelandic) 7 years ago
kaiyou 57385df15c Deleted translation using Weblate (Icelandic) 7 years ago
kaiyou cfc224352a Added translation using Weblate (Icelandic) 7 years ago
Zhuang Yuyao 67d5c8fcb3 distinguish disabled user in user list view by row color 7 years ago
Dario Ernst e22324adcd Make aliases case-insensitive (too)
Even though RFC5321 2.4 explains that local-parts are to be case-sensitive,
this does not seem to be how EMail is used today. Thus, instead of reverting
user-emails back to being case sensitive, let’s make aliases case-insensitive
too. Not only more consistent, this also allows users to enjoy receiving EMails
from large airlines or car-rental agencies onto their already existing aliases.

For the rare case of case sensitive aliases existing, let’s query for the
forced-lowercase alias only in the event that the preserved-case one isn’t
found …

closes #867
7 years ago
hoellen 167e5a87e1 add sidebar toggle button 7 years ago
hoellen 92ef73fa74 update AdminLTE to version 2.4 7 years ago
mariooos 253ae9fad8 Open some admin sidebar links (Antispam, Webmail, Website, Help) in a new browser tab 7 years ago
Ionut Filip ac0fc41421
Merge branch 'master' into replace-gethostbyname 7 years ago
Ionut Filip dd7710951e
Replaced double quotes with single ones 7 years ago
Daniel Huber 7dcb2eb006
Add authentication for email relays 7 years ago
Ionut Filip 8d34756023 Increase dovecot mail max userip 7 years ago
Florian Peschka b9fd29a52f
Add extra newline to main.cf
This should prevent jinja from stripping the newline, which causes overrides to be appended after the comment section

see #941
7 years ago
Ionut Filip 0ce0b5ec02 Fix addresses in front 7 years ago
Ionut Filip 4c25c83419 HOST_* and *_ADDRESS variables cleanup 7 years ago
Ionut Filip f9e3cd3c5d Use corret host_* variables 7 years ago
Ionut Filip 71d63c6e45 Fix redis resolve in imap 7 years ago
Ionut Filip ef49357eb3 Update redis urls 7 years ago
Ionut Filip 43abbf4d63 Resolve redis and add logging 7 years ago
bors[bot] 211136f9b1 Merge #934
934: Pass optional arguments to domain model r=mergify[bot] a=ionutfilip

## What type of PR?
bug-fix

## What does this PR do?
Passing optional args to domain model when using cli.

### Related issue(s)
Fixes #933

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.


Co-authored-by: Ionut Filip <ionut.philip@gmail.com>
7 years ago
bors[bot] d129733fac Merge #919
919: Install bash in alpine based images. r=mergify[bot] a=firvida

This fixes #918

Bash shell is used by default in Kubernetes' dashboard console, which is very
useful for admins.

## What type of PR?

bug-fix

## What does this PR do?

### Related issue(s)
- closes #918 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.


Co-authored-by: Abel Alfonso Fírvida Donéstevez <abel@merchise.org>
7 years ago
hoellen 62511b723b
Merge branch 'master' into fix-doc-commands-1 7 years ago
Ionut Filip 4d2844c1f5 Fixed arguments passed to domain 7 years ago
Roman Hoellen 1dfef1609a add domain cli to docs 7 years ago
Ionut Filip cebc64a280 Resolve HOST_WEBMAIL in admin 7 years ago
Roman Hoellen bc617cf8ec replace _ with - in cli options 7 years ago
Tim Möhlmann 111dae351a
Fix typo in migration file
Fixes #905
7 years ago
Abel Alfonso Fírvida Donéstevez 39444c794e Install bash in alpine based images.
This fix https://github.com/Mailu/Mailu/issues/918

Bash shell is used by default in Kubernetes' dashboard console, which is very
useful for admins.
7 years ago
bors[bot] 86b4242f82 Merge #886
886: Ipv6 support r=mergify[bot] a=muhlemmer

## What type of PR?

(Feature, enhancement, bug-fix, documentation) -> A bit of everything

## What does this PR do?

Document how to use ipv6nat. This, however triggers some kind of flaky behavior with the Docker DNS resolver, resulting in lookup failures between containers.  So all resolving needs to be done during container startup/configuration.

In order not to pollute every single start.py file, we've created a small library called [Mailu/MailuStart](https://github.com/Mailu/MailuStart). As an addition, this library also defines the template generation function, including its logging facility.

Note: `docker-compose.yml` downgrade is necessary, as IPv6 settings are not supported by the Docker Compose file format 3 😞  

### Related issue(s)
Supersedes  PR #844
- Fixes #827 
- Hopefully helps with #829 and #834

## No backport yet

This PR directly imports MailuStart from git. This makes it a bit more simple to implement on the short term an do some testing and probably some future improvements. When everything is proved stable, we will create a proper PyPi package with versioning and consider back porting.

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.


Co-authored-by: Ionut Filip <ionut.philip@gmail.com>
Co-authored-by: Tim Möhlmann <muhlemmer@gmail.com>
7 years ago
Tim Möhlmann 06457e9617
Merge branch 'master' into fix_fetches_create 7 years ago
cr1st1p 9b65a6c862
Merge branch 'master' into admin_create_user_enhancement 7 years ago
Ionut Filip f8dffe5a19
Resolve hosts in admin 7 years ago
Ionut Filip 004a431e97
Change to mailustart functions 7 years ago
Dario Ernst 34b31727c4 Fix password validator for creating fetched accounts 7 years ago
cristi a071181c61 Allow to automatically create admin account during startup. 7 years ago
hoellen fba246e9a1 add wildcard option to cli (alias) 7 years ago
Ionut Filip 9684ebf33f Use mailustart package from git 7 years ago
hoellen 808092c65e
Merge pull request #834 from hoellen/token-ipv6
allow ipv6 addresses for tokens
7 years ago
Tim Möhlmann e341e0141f
Merge remote-tracking branch 'upstream/master' into token-ipv6 7 years ago
Manuel Vázquez Acosta dfe5ddb18e
Check if sender address is not null before trying to check the domain. 7 years ago
Tim Möhlmann fd236e4ea5
Fix syntax error 7 years ago
Tim Möhlmann 7a9685bcb9
Resolve admin during start to work around Docker DNS flaky-ness 7 years ago
nathan-sain 23bad0e042
Set value for SQLALCHEMY_DATABASE_URI in admin DEFAULT_CONFIG to SQLite URI 7 years ago
nathan-sain db8977e17a
Update SQLite DB file in DEFAULT_CONFIG and DB_TEMPLATES 7 years ago
hoellen 6dea8b422a
Merge pull request #839 from hoellen/fix-create-onupdate-default
fix default value for created_at and updated_at
7 years ago
hoellen 79c4edcaf1
Merge pull request #838 from hoellen/schema-maxUserQuota-1
Change quota columns type to BigInteger
7 years ago
hoellen 54169db7e3
Merge branch 'master' into fix-forward-validation 7 years ago
hoellen 9721df0bc5 fix default value for created_at and updated_at
Use date instead of datetime for created_at and updated_at.
7 years ago
hoellen cfa7ca3838 Merge branch 'master' into schema-maxUserQuota-1 7 years ago
hoellen f1e1c96c3b create migration file for changing quota to big integer 7 years ago
Ionut Filip 2d34f0ee52 Fixed auto-forward email validation 7 years ago
hoellen c8758a6526 allow ipv6 addresses for tokens 7 years ago
hoellen 2af540a1c9 change quota columns to bigint 7 years ago
Dario Ernst 66df7a31b0 Unify and coerce booleans from env used in admin
At some places, the string that DOMAIN_REGISTRATION is got used like a boolean
(an easy misassumption to make while in python and dealing with the config
dict), making `DOMAIN_REGISTRATION=False` act as a truthy value. To stop such
future problems from happening, coerce environment config strings to real
bools.

closes #830
7 years ago
mergify[bot] 9175b15d49
Merge pull request #826 from Nebukadneza/reverse_user_alias_pref
Reverse the resolution order of user and alias
7 years ago
mergify[bot] 278bcfb13a
Merge pull request #814 from Nebukadneza/fix_delimiter_alias
Deliver mails to alias-stripped-of-delimeter, even if catchall exists
7 years ago
Dario Ernst 276dc3ffda Reverse the resolution order of user and alias
Since it’s common for wildcard~ish systems to prefer concrete objects over
wildcards, and aliases can be broad-wildcards (think catchall, %@xxx.tld), it
may be more intuitive for users that user-names rank higher than aliases. This
makes it impossible for user-names to be unreachable, since they can be
completely overridden by a catchall otherwise.

This changes default behavior, and is not configurable.

closes #815
7 years ago
Tim Möhlmann 8541ae2c46
Fix migration order after merge 7 years ago
mergify[bot] 99cd1d714b
Merge pull request #799 from hoellen/fix-domain-negative-values-1
don't allow negative values on domain creation/edit
7 years ago
Tim Möhlmann 2567646f47
Merge branch 'master' into fix-domain-negative-values-1 7 years ago
Ionut Filip 50343f354e Merge remote-tracking branch 'upstream/master' into feat-psql-support 7 years ago
Dario Ernst b8d1beed29 Simplify alias-wildcard detection to not consider actual % anymore 7 years ago
Dario Ernst 10d2601963 Unsimplify alias precedence handling
As discussed with hoellen on matrix, since postfix indeed supports including
the recipient delimiter character in a verbatim alias, we should support so too
— and handle its precedence correctly. The clearer and simpler formulation of
the precedence-clauses are credit to @hoellen. Thanks!
7 years ago
mergify[bot] b4822ad43e
Merge pull request #821 from HorayNarea/fix-remove-fts
remove (broken) FTS
7 years ago
mergify[bot] 161394a774
Merge pull request #817 from hoellen/fix-fetch-passwordfield-1
fix edit of fetched acc without changing password
7 years ago
Thomas Sänger 492f3867d8
remove (broken) FTS 7 years ago
Dario Ernst ac64a75743 Simplify alias precedence handling; Remove bogus changelog 7 years ago
mergify[bot] 520ebbb97d
Merge pull request #819 from hoellen/move-spam-1
Mark messages as seen when reporting them as spam
7 years ago
hoellen 7247b4b10c
Merge branch 'master' into fix-password-on-user-edit 7 years ago
hoellen b65d70cf1e mark spam as seen 7 years ago
hoellen a59d5dad23 fix edit of fetched acc without changing password 7 years ago
hoellen f08491dc46 fix forced password on user edit 7 years ago
Ionut Filip 2b0a2d561b Fix connection to mysql db 7 years ago
Dario Ernst 291f8a457b Deliver mails to alias-stripped-of-delimeter, even if catchall exists
This fixes delivery to an alias minus recipient delimiter in cases where a
wildcard alias would also match. For example,
* foo@xxx.tld
* %@xxx.tld
Sending to foo+spam@xxx.tld would get eaten by the catchall before this fix.
Now, the order of alias resolution is made clearer.

closes #813
7 years ago
hoellen 732b5fe161 change password field type in fetch creation/edit and add validators. 7 years ago
mergify[bot] 4204facd85
Merge pull request #810 from usrpro/feat-logging
Implement some degree of logging
7 years ago
Tim Möhlmann 049ca9941f
Cleanup syntax and fix typo 7 years ago
Tim Möhlmann 0ac3cf9617
Don't recursivly chown on mailboxes.
This fixes #776.
Recursion is not needed, as the permissions will only need to be set on the first invocation.
7 years ago
Tim Möhlmann 71cda7983e
Merge branch 'master' into feat-logging 7 years ago
Tim Möhlmann 7d01bb2a4d
LOG_LEVEL docs and changelog entry 7 years ago
Tim Möhlmann b04a9d1c28
Implement debug logging for template rendering 7 years ago
Tim Möhlmann b9313488dd
Add logging for tenacity.retry
In the process we found that the previous way of tenacity syntax caused it not to honor any args.
In this commit we've refactored to use the @decorator syntax, in which tenacity seems to behave better.
7 years ago
mergify[bot] 3b5f3af207
Merge pull request #778 from Nebukadneza/fix_recipient_delimiter
Attempt stripping recipient delimiter from localpart
7 years ago
Ionut Filip 9077bf7313 Merge remote-tracking branch 'upstream/master' into feat-psql-support 7 years ago
Tim Möhlmann 5636e7f5a7
Remove to avoid matching webroot 7 years ago
Ionut Filip 953aa04354 Added postgresql-libs to admin 7 years ago
Tim Möhlmann 561e2fda67
Merge remote-tracking branch 'upstream/master' into fix-favicon 7 years ago
hoellen 501ecf13c1 add migration script 7 years ago
Tim Möhlmann a358b5305f
Merge pull request #797 from Mailu/upgrade-pyyaml
Upgrade PyYAML
7 years ago
Tim Möhlmann 4f93e09028
Implement favicon package
Credit to:
- https://stackoverflow.com/a/19590415/1816774
- https://realfavicongenerator.net/
7 years ago
Tim Möhlmann 284d54190a
Upgrade PyYAML to 4.2b4 7 years ago
hoellen dda64fe91e allow to disable aliases or users for domains and don't allow negativ values on domain creation/edit 7 years ago
hoellen 8fe1e788b3 add missing route fixes 7 years ago
Tim Möhlmann 3c7bf58211
Upgrade PyYAML
CVE-2017-18342
Vulnerable versions: < 4.2b1
Patched version: 4.2b1
In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.
7 years ago
hoellen d5d4d6c337 harden email address validation and fix routes with user_email 7 years ago
Ionut Filip 01ec6e7bf3 Removed undefined function 7 years ago
mergify[bot] d483ef3c2a
Merge pull request #792 from hoellen/admin-broken-links-1
fix broken webmail and logo url in admin
7 years ago
Tim Möhlmann 74fe177297
Merge pull request #785 from TheLegend875/feat-displayed-name
Feature: send auto reply with displayed name
7 years ago
hoellen f617e82c06 fix broken webmail and logo url in admin 7 years ago
Tim Möhlmann 4068c5b751
Versioning for mysqlclient and psycopg2 7 years ago
Tim Möhlmann b2823c23b8
Merge remote-tracking branch 'upstream/master' into feat-psql-support 7 years ago
Tim Möhlmann 9eaeb80a27
Finalize merge with kaiyou/feat-multiple-db 7 years ago
TheLegend875 999d2a9557 changed default.sieve to send displayed name 7 years ago
TheLegend875 2954d84790 added necessary ui elements 7 years ago
TheLegend875 56f4d4c894 fixed auto-forward 7 years ago
TheLegend875 5bdbbf60d7 fixed display of username when not logged in 7 years ago
Dario Ernst c2d45a47fe Attempt stripping recipient delimiter from localpart
Since postfix now asks us for the complete email over podop, which
includes the recipient-delimiter-and-what-follows not stripped, we need
to attempt to find both the verbatim localpart, as well as the localpart
stripped of the delimited part ….

Fixes #755
7 years ago
Tim Möhlmann 19df86f13f
Merge pull request #764 from usrpro/fix-alias-bug
Added regex validation for alias username
7 years ago
Tim Möhlmann 3a5b763018
Option to disable full text search (lucene)
This is a workaround for the bug in issue #751
7 years ago
mergify-bot 983c388150 Merge branch 'master' into 'fix-localpart-chars' 7 years ago
mergify-bot 6cfb74e96c Merge branch 'master' into 'fix-localpart-chars' 7 years ago
Tim Möhlmann af086bbdbe
Include DKIM in VOLUME 7 years ago
hoellen c041a9d45c allow all characters for username in dovecot 7 years ago
Tim Möhlmann 24828615cf
Webmail on root, fixes #757 7 years ago
Ionut Filip 8fc2846924 Added regex validation for alias username 7 years ago
Tim Möhlmann 3c4ee1b31e
Merge pull request #743 from kaiyou/master
Fixes #738 regarding application context
7 years ago
ofthesun9 97b3a85090
Merge pull request #737 from hoellen/fix-alias-match-behaviour
fix alias match behaviour
7 years ago
mergify-bot 09a50b6cfc Merge branch 'master' into 'master' 7 years ago
kaiyou 4060ac2223 Remove some forgotten debugging 7 years ago
kaiyou 087841d5b7 Fix the way we handle the application context
The init script was pushing an application context, which maked
flask.g global and persisted across requests. This was evaluated
to have a minimal security impact.

This explains/fixes #738: flask_wtf caches the csrf token in the
application context to have a single token per request, and only
sets the session attribute after the first generation.
7 years ago
kaiyou b5f51b0e2e Update python dependencies 7 years ago
kaiyou 8707b0fcd7 Use a dictionary of db connection string templates 7 years ago
kaiyou 19f18e2240 Lowercase relays as well as other tables 7 years ago
kaiyou 7e388e472a Handle relay name as an Idna domain 7 years ago
kaiyou 871aa14c9a Lowercase every domain name and email 7 years ago
kaiyou 3df9b3962d Add default columns to the configuration table 7 years ago
kaiyou b88f61f183 Name all constraints when creating them
Prefious commit set the constraint names for existing databases.
New databases can now have named constraints from the ground up.
7 years ago
kaiyou b8282b1d46 Support named constraints for multiple backends
Supporting multiple backends requires that specific sqlite
collations are not used, thus lowercase is applied to all non
case-sensitive columns. However, lowercasing the database requires
temporary disabling foreign key constraints, which is not possible
on SQLite and requires we specify the constraint names.

This migration specific to sqlite and postgresql drops every
constraint, whether it is named or not, and recreates all of them
with known names so we can later disable them.
7 years ago
kaiyou e022513a94 Fix support for postgres and mysql 7 years ago
kaiyou a881a1a839 Revert "Make current migrations work with postgresql"
This reverts commit 9b9f3731f6.
7 years ago
kaiyou 76925e82f3 Revert "Implement CIText as NOCASE alternative in postgresql"
This reverts commit 0f3c1b9d15.
7 years ago
kaiyou f52ae5535c Revert "Created function for returning email type"
This reverts commit 436055f02c.
7 years ago
kaiyou f6520eace6 Merge branch 'feat-psql-support' of https://github.com/usrpro/Mailu into usrpro-feat-psql-support 7 years ago
hoellen 8fe9e695f3 prefer non-wildcard aliases over wildcard aliases 7 years ago
Tim Möhlmann c7dcfee882
Merge pull request #713 from pgeorgi/extend-nginx
nginx: Allow extending config with overrides
7 years ago
hoellen 79768c09f6 fix alias matching behaviour 7 years ago
Tim Möhlmann 6ca8ed437d
Merge pull request #732 from Nebukadneza/add_front_certificate_reload
Add certificate watcher for external certs to reload nginx
7 years ago
Dario Ernst 1aa97c9914 Add certificate watcher for external certs to reload nginx
In case of TLS_FLAVOR=[mail,cert], the user supplies their own certificates.
However, since nginx is not aware of changes to these files, it cannot
reload itself e.g. when the certs get renewed.

To solve this, let’s add a small daemon in the place of
`letsencrypt.py`, which uses a flexible file-watching framework and
reloads nginx in the case the certificates change ….
7 years ago
Tim Möhlmann c00910ca4b
Merge remote-tracking branch 'upstream/master' into extend-nginx 7 years ago
Tim Möhlmann 97d338e68a
Rectify 'endif' placement 7 years ago
Tim Möhlmann 425cdd5e77
Fix syntax errors 7 years ago
Tim Möhlmann 20f1faf6d0
Send 404 when nothing server at '/'
Prevents Nginx welcome screen
7 years ago
Tim Möhlmann 2de4995fec
Don't redirect when webmail is served on '/' 7 years ago
Tim Möhlmann f0906073e3
Merge remote-tracking branch 'upstream/master' into feat-subnet2 7 years ago
mergify[bot] a634c7b72d
Merge pull request #725 from usrpro/fix-outlook2019-smtp
Add login method to smtp_auth under ssl
7 years ago
Tim Möhlmann 8172f3eab8
Move the Mailu Docker network to a fixed subnet.
This will make network configuration and host based authentication
more robust, across different deployment platforms.
The options `RELAYNETS` and`POD_ADDRESS_RANGE` are kept for compatibility.
However, their usage have become optional.
7 years ago
kaiyou b6aaf57be1 Merge branch 'refactor-config' of github.com:kaiyou/mailu into refactor-config 7 years ago
kaiyou d0f07984b0 Merge remote-tracking branch 'upstream/master' into refactor-config 7 years ago
Tim Möhlmann 9dd447e23b
Add login method to smtp_auth under ssl
Fixes #704
7 years ago
Patrick Georgi eac4d553a9 nginx: Allow extending config with overrides
To facilitate this, the default redirect at / can be disabled, even if
the default remains at redirecting to the webmailer.

The extensions are within the host scope and are read from
$ROOT/overrides/nginx/*.conf.
7 years ago
mergify[bot] 2d4bac03ad
Merge pull request #723 from usrpro/clean-healthcheck-logs
Admin: Prevent redirects during health checking
7 years ago
mergify[bot] a382f74680
Merge pull request #705 from usrpro/fix-recaptcha
Fix recaptcha
7 years ago
mergify[bot] 37027cfce7
Merge pull request #633 from kaiyou/fix-sender-checks
Improve sender checks
7 years ago
Tim Möhlmann d18cf7cb25
Prevent redirects during health checking 7 years ago
Tim Möhlmann c9df311a0d
Set forward_destination to an empty list
The value of `None` resulted in an error, since a list was expected.
7 years ago
Tim Möhlmann eff6c34632
Catch asterisk before resolve_domain
Asterisk results in IDNA error and a 500 return code.
7 years ago
Ionut Filip 7b8835070d Added tenacity retry fir migrations connection 7 years ago
David Rothera 88c174fb7a Query alternative table for domain matches
At present postfix checks this view for matches in the domain table and is used to accept/deny messages sent into it however it never checks for matches in the alternative table.

Fixes #718
7 years ago
Ionut Filip 436055f02c Created function for returning email type 7 years ago
Tim Möhlmann 47a3fd47b5
Fix DB_FLAVOR condition testing for models.py 7 years ago
Tim Möhlmann 0f3c1b9d15
Implement CIText as NOCASE alternative in postgresql 7 years ago
Tim Möhlmann 9b9f3731f6
Make current migrations work with postgresql 7 years ago
Tim Möhlmann 8bdc0c71af
Allow for setting a different DB flavor 7 years ago
Ionut Filip fed7146873 Captcha check on signup form 7 years ago
Tim Möhlmann 4783e61693
Fix password context
Fixes the following error:
```
admin_1      | [2018-11-09 09:44:10,533] ERROR in app: Exception on /internal/auth/email [GET]
admin_1      | Traceback (most recent call last):
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 2292, in wsgi_app
admin_1      |     response = self.full_dispatch_request()
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 1815, in full_dispatch_request
admin_1      |     rv = self.handle_user_exception(e)
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 1718, in handle_user_exception
admin_1      |     reraise(exc_type, exc_value, tb)
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
admin_1      |     raise value
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request
admin_1      |     rv = self.dispatch_request()
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request
admin_1      |     return self.view_functions[rule.endpoint](**req.view_args)
admin_1      |   File "/usr/lib/python3.6/site-packages/flask_limiter/extension.py", line 544, in __inner
admin_1      |     return obj(*a, **k)
admin_1      |   File "/app/mailu/internal/views/auth.py", line 18, in nginx_authentication
admin_1      |     headers = nginx.handle_authentication(flask.request.headers)
admin_1      |   File "/app/mailu/internal/nginx.py", line 48, in handle_authentication
admin_1      |     if user.check_password(password):
admin_1      |   File "/app/mailu/models.py", line 333, in check_password
admin_1      |     context = User.pw_context
admin_1      | AttributeError: type object 'User' has no attribute 'pw_context'
```
7 years ago
kaiyou 72e1b444ca Merge alembic migrations 7 years ago
kaiyou 5b769e23da Merge branch 'master' into refactor-config 7 years ago
kaiyou 02995f0a15 Add a mailu command line to flask 7 years ago
kaiyou f9e30bd87c Update the dockerfile and upgrade dependencies 7 years ago
kaiyou 4a7eb1eb6c Explicitely declare flask migrate 7 years ago
kaiyou 2a8808bdec Add the configuration table migration 7 years ago
kaiyou f57d4859f3 Provide an in-context wrapper for getting users 7 years ago
kaiyou f6013aa29f Fix an old migration that was reading configuration before migrating 7 years ago
kaiyou 206cce0b47 Finish the configuration bits 7 years ago
Ionut Filip 1bbf3f235d Using a new class when captcha is enabled 7 years ago
mergify[bot] 12689965bd
Merge pull request #699 from usrpro/fix-admin-bug
Fixed admin_1 errors in the logs
7 years ago
hoellen 680ad4b67a
Catching only ValueError
Co-Authored-By: ionutfilip <ionut.philip@gmail.com>
7 years ago
mergify[bot] e08f3e81d0
Merge pull request #680 from usrpro/feat-startup
Standarize images
7 years ago
Ionut Filip 6dcc33e390 Fixed admin_1 errors in the logs
Fixed errors when trying to log in with an account without domain.
This closes #585
7 years ago
Tim Möhlmann 42e2dbe35d
Standarize image by using shared / similair layers 7 years ago
Tim Möhlmann 5fa2aac569
Fix imap login when no webmail selected 7 years ago
Tim Möhlmann 903bb70c5b
Merge remote-tracking branch 'upstream/master' into standarize-images 7 years ago
Scott 56fb74c502 Fix typo (duplicate self). Fixes #683 7 years ago
Ionut Filip 8a44a44688
Merge branch 'master' into feat-startup 7 years ago
Ionut Filip 1187cac5e1 Finished up switching from .sh to .py 7 years ago
Tim Möhlmann ed81c076f2
Take out "models" path, as we are already in it 7 years ago
Tim Möhlmann aed80a74fa
Rectify decleration of domain_name 7 years ago
Tim Möhlmann 2d382f2d67
Merge branch 'master' into fix-sender-checks 7 years ago
Ionut Filip 0e5606d493 Changed start.sh to start.py 7 years ago
Ionut Filip eb7dfb5771 Cleaning up start.py 7 years ago
Thomas Sänger 603b6e7390
Merge pull request #2 from usrpro/fix-nginx-healthcheck
Fix nginx healthcheck
7 years ago
Tim Möhlmann 81b24f61e8
Merge branch 'master' into feat-healthchecks 7 years ago
Tim Möhlmann a2fea36c79
Increase HEALTHCHECK start time for services that need to wait for host resolving during startup.
In Docker Swarm mode the services listed below can get stuck in their start script, while they
are waiting for other services become available. Now, with HEALTHCHECK enabled, docker does not resolve
names of services that not pass HEALTHCHECK yet. Meaning that if one of the depenend services is not yet
available, it will create a chain of failing services.

The services below retry to resolve 100 time, with an average of 3.5 seconds. Hence, the --start-time
flag is now set at 350 seconds.
- dovecot (imap)
- postfix (smtp)
- rspamd (antispam)
7 years ago
Tim Möhlmann c3e89967fb
Fix front health checking
- Specified seperated /health path in order to allow for healthcheck even if webmail and admin are not seletectd. This also allows healthchecking fom external services like DNS load balancers;
- Make curl not to fail on TLS because localhost is not included in the certificates.
7 years ago
mergify[bot] 90b8c3cc1f
Merge pull request #665 from kaiyou/feat-reply-startdate
Implement a start date filter for autoreply, fixes #362
7 years ago
mergify[bot] bce1487338
Merge pull request #576 from hacor/master
Kubernetes fixed for production
7 years ago
kaiyou 1fcaef7c7e
Merge branch 'master' into fix-sender-checks 7 years ago
Paul Williams 78bd5aea1c enable http2, because it's that easy 7 years ago
hoellen 72d4fa2bc9
remove empty line from merge conflict 7 years ago
hoellen 857ad50509
Merge branch 'master' into feat-reply-startdate 7 years ago
mergify[bot] 4a5c0a6d21
Merge pull request #667 from kaiyou/fix-password-performance
Improve password checking performance
7 years ago
mergify[bot] 80658c30da
Merge pull request #669 from hoellen/fix-webmail-root
Fix nginx conf if webmail is on root path
7 years ago
Hans Cornelis f10416e85a Merged with new PRs 7 years ago
mergify[bot] 118ea0f3fb
Merge pull request #604 from ofthesun9/feature-swarm
Enabling swarm deployment on master branch
7 years ago
mergify[bot] 727970514d
Merge pull request #527 from ofthesun9/feat-fuzzyhashes
Trying to enable fuzzy hashes for rspamd
7 years ago
kaiyou 82069ea3f0 Clean most of the refactored code 7 years ago
kaiyou f40fcd7ac0 Use click for the manager command 7 years ago
kaiyou fc24426291 First batch of refactoring, using the app factory pattern 7 years ago
hoellen d4f32c3e7d remove rewrite if webmail is on root 7 years ago
kaiyou 01fa179767 Update the user password in database when needed 7 years ago
kaiyou 988e09e65e Add a profiler in debug mode for improving performance 7 years ago
kaiyou dba8f1810d Do not check the password another time in Dovecot 7 years ago
kaiyou d5162328ec Allow dovecot to write the source configuration directory for compiling sieve scripts 7 years ago
kaiyou ce0bf3366d Learn fuzzy hashes automatically 7 years ago
kaiyou 0a5dbf6230 Re-enable local dovecot sieve scripts 7 years ago
Hans Cornelis ef55ca525c Deleted conflicting merge files
Signed-off-by: Hans Cornelis <hacornelis@gmail.com>
7 years ago
Hans Cornelis e67a0d464b Deleted old folder 7 years ago
Hans Cornelis 3098343360 Merged conflicts 7 years ago
hacor 4ea12deae7 Added kubernetes to Mailu 7 years ago
kaiyou ed3388ed6e Merge branch 'master' into feat-reply-startdate 7 years ago
kaiyou 7c82be904f Merge branch 'master' of github.com:mailu/mailu 7 years ago
Thomas Sänger a412951a30
simpler healthcheck for postfix 7 years ago
Thomas Sänger 0bc901a722
add healthcheck for dovecot 7 years ago
Thomas Sänger 1fc40bf932
add healthcheck for postfix 7 years ago
Thomas Sänger 39272ab05c
add healthcheck for http services 7 years ago
kaiyou e784556330 Fix an edge case with old values containing None for coma separated lists 7 years ago
kaiyou f647d1a0bc Merge branch 'master' into fix-sender-checks 7 years ago
kaiyou 5ada669f43 Rebase reply startdate on master 7 years ago
mergify[bot] bee81d1a54
Merge pull request #647 from HorayNarea/bcrypt
support bcrypt and use it as default
7 years ago
mergify[bot] 9fd7851cb6
Merge pull request #648 from HorayNarea/apk-no-cache
remove apk-warning about cache
7 years ago
kaiyou 15eb2806bf Merge branch 'master' into feat-reply-startdate 7 years ago
kaiyou 5035975c41 Remove Postfix debugging 7 years ago
kaiyou c6846fd8db Merge branch 'master' into feat-reply-startdate 7 years ago
mergify[bot] a91a54b5f1
Merge pull request #651 from usrpro/fix-certbot
Front: move to Alpine:3.8 and fixing #522
7 years ago
Tim Möhlmann de43060ef8
Move to Alpine:3.8 and fixing #522 7 years ago
Thomas Sänger bdfcc5b530
pin alpine-version for 'none'-image 7 years ago
Thomas Sänger 6aafef88bd
remove apk-warning about cache 7 years ago
Thomas Sänger c8b39c5d4a
support bcrypt and use it as default 7 years ago
kaiyou 10ec2f999a Another (embarrassing) fix for a merge typo 7 years ago
kaiyou 2e1aa079c1 Fix one (hopefully) last merge typo 7 years ago
kaiyou 4b9dbf00a8 Fix yet another merge-time typo 7 years ago
kaiyou e8e133b53d Fix a merge typo in postfix build 7 years ago
kaiyou 00b5ae11db
Merge branch 'master' into feat-abstract-db 7 years ago
ofthesun9 13146be57e Merge branch 'master' into feature-swarm 7 years ago
kaiyou 508e519a34 Refactor the postfix views and implement sender checks 7 years ago
kaiyou 8b189ed145 Separate senderaccess and senderlogin maps 7 years ago
ofthesun9 74796201ec Merge branch 'master' into feature-swarm 7 years ago
kaiyou fc99eb7b34 Re-enable sender access check to prevent source spoofing 7 years ago
kaiyou f3f0b98755 Fix relay restrictions so email gets delivered correctly 7 years ago
Tim Möhlmann 0817629869
Increase attempts as it failed on fresh Swarm host 7 years ago
Tim Möhlmann 716ed16f34
Fix typo 7 years ago
Tim Möhlmann 16469d7282
Upgrade to newer pip version 7 years ago
Tim Möhlmann 1bae5968ad
Import tenacy and fix syntax errors 7 years ago
Tim Möhlmann c457ccfa60
Use tenacity for resolver retries 7 years ago
Tim Möhlmann d6c386651d
Merge branch 'master' into fix-swarm-start 7 years ago
ofthesun9 09d77bc2de Handle the case where the variable REJECT_UNLISTED_RECIPIENT is not set 7 years ago
ofthesun9 cc17962c86 fixes #583 7 years ago
kaiyou 4d70a8737e Expose the data volume for admin container 7 years ago
kaiyou 2cba045013 Explicitely declare required volumes, fixes #568 7 years ago
kaiyou fcad52b145 Implement a start date filter for autoreply, fixes #362 7 years ago
kaiyou 82bb8c2fd9 Merge remote-tracking branch 'github/master' into feat-abstract-db 7 years ago
kaiyou f5668dea51 Handle relays as virtual transports through podop 7 years ago
kaiyou 9890e1fb2a Fix the dovecot configuration path 7 years ago
kaiyou 42c6bdb4df Split the internal blueprint into multiple view files 7 years ago
kaiyou dc4b0d21ea Clean the dovecot configuration dir 7 years ago
kaiyou f9c6c98180 Remove fetchmail dependency to the databse 7 years ago
kaiyou 43b6547e1c Lower the loglevel of podop 7 years ago
kaiyou 542793260b Handle wildcard aliases using podop 7 years ago
kaiyou 0d52364eac Fix alias resolution through podop 7 years ago
kaiyou 6d088504bd Adjust podop debug level based on environment 7 years ago
kaiyou 6ba55ee377 Implement the sieve script name resolution pattern 7 years ago
kaiyou 3c725bf634 Only support generating the default sieve script 7 years ago
kaiyou ca6c0bc8fd Fix the user sieve script generation 7 years ago
kaiyou 4d25083847 Move sieve script generation to the admin container 7 years ago
kaiyou cfeaa189f9 Use proper 404 return codes for missing objects 7 years ago
kaiyou d8365bfbcf Use simpler routes for Dovecot 7 years ago
kaiyou 697caaab81 Update podop access and mail restrictions 7 years ago
kaiyou 7143fb8c47 Implement some basic views for podop 7 years ago
kaiyou 39cd0d5034 Upgrade to alpine 3.8 for smtp and imap 7 years ago
kaiyou 68aa797720 Merge branch 'master' into feat-abstract-db 7 years ago
ofthesun9 f5f09fad6e Reverting the patch for dovecot.conf, as it is not needed 7 years ago
Thomas Sänger 0b885548ab
bind to any protocol 7 years ago
kaiyou 73ca5fb3d3 Provide a more generic skeletton for postfix virtual lookups 7 years ago
ofthesun9 23e288aadc Enabling swarm deployment on master branch:
-Extends the usage of POD_ADDRESS_RANGE
-Provides documentation
7 years ago
kaiyou 5dc9ee9516
Merge pull request #510 from hoellen/spam-trash-fix
Dont flag spam as ham if moved to trash
7 years ago
kaiyou d917f60352
Merge pull request #553 from HorayNarea/compress
add optional Maildir-Compression
7 years ago
kaiyou 64269e08c0
Merge pull request #552 from HorayNarea/master
add full-text search support
7 years ago
kaiyou 313b79538e
Merge pull request #513 from mprihoda/feature/better-ratelimit-error
Return correct status codes from auth rate limiter failure.
7 years ago
Tim Möhlmann cc8e15748b Retry 10 times when resolving fails in start.py scripts 7 years ago
Thomas Sänger 0bdb2a16bc
add optional Maildir-Compression 7 years ago
Thomas Sänger fb62e6b5a2
add full-text search support 7 years ago
kaiyou f506966abc Pin Alpine 3.7 to preserve the Postfix version 7 years ago
Tim Möhlmann 9350bb9b9a Use fixed alpine:3.7 tag to prevent postix upgrade 7 years ago
Pierre Jaury 3dca1a834c Pin alpine 3.7 until we fix the certbot issue, see #522 7 years ago
Pierre Jaury 18fe8cd9f2 Pin alpine:3.7 for Dovecot since extdata was removed from repos, fixes #528 7 years ago
Pierre Jaury 5ad02ae2e5 Use a more uniform 'Save' for most form submits, fixes #523 7 years ago
Pierre Jaury c04e58498d Remove unused postfix sqlite files 7 years ago
Pierre Jaury bb73933e1e Switch postfix to Podop 7 years ago
Pierre Jaury 82e738cc53 Remove the old code of postproxy 7 years ago
Pierre Jaury b5d6b93869 Switch to using Podop in Dovecot 7 years ago
Pierre Jaury 809fe78f82 Add dovecot views to the internal API 7 years ago
Pierre Jaury 28001213d4 Remove the redis-based quota code 7 years ago
Pierre Jaury 76617a3c97 Store the quota status in database 7 years ago
Pierre Jaury 2b2ab864d1 Add support for querying the table in Dovecot proxy 7 years ago
Pierre Jaury 70175f8c28 Add postproxy support for Dovecot dict protocol 7 years ago
Pierre Jaury 262e82a367 Add a postfix socketmap to http proxy 7 years ago
Michal Prihoda f5e7751835 Return correct status codes from auth rate limiter failure. 7 years ago
hoellen ca26264d01 Dont flag spam as ham if moved to trash (fix #474) 7 years ago
kaiyou 75a1bf967c
Merge pull request #502 from hoellen/webmail-messagesize
Use message_size_limit variable from env for webmail client_max_body_size
7 years ago
hoellen c51e1b9eef webmail client_max_body_size with message_size_limit and 8M tolerance 7 years ago
kaiyou 74b72375cb
Merge pull request #493 from MFAshby/user_validation
Made User and UserSignup validation consistent for the local part of
7 years ago
kaiyou 53bf6085dc
Merge pull request #501 from hoellen/webmail-root
Add posibilty to run webmail on root '/'
7 years ago
hoellen 9091e54fda Hide administration header in sidebar for normal users. 7 years ago
hoellen 81a6a7cbf6 Use message_size variable from env for webmail 7 years ago
hoellen a1fb8442e3 Add posibilty to run webmail on root '/' 7 years ago
mfashby 0284b6a8e9 Made User and UserSignup validation consistent for the local part of the email address 7 years ago
Pierre Jaury 14687d09ba Fix announcements for idna domains 8 years ago
Pierre Jaury e543477c2e Revert "Only enable milter for incoming emails"
This reverts commit cfd233039e.
8 years ago
Pierre Jaury cfd233039e Only enable milter for incoming emails 8 years ago
Pierre Jaury 6828231c28 Fix the path of the nginx pid in startup scripts, fixes #483 8 years ago
Pierre Jaury 1b0b3a2b1e Only check login mismatch for authenticated users, fixes #309 8 years ago
Pierre Jaury 1371ba5f5e Add the keep field to fetch forms, fixes #479 8 years ago
Pierre Jaury ea658a174d Fix a typo in the base html template 8 years ago
Pierre Jaury b6c76a5e39 Do not remove openssl when purging build deps, fixes #481 8 years ago
kaiyou a47ba3474c
Merge pull request #448 from romracer/pod-address
Use POD_ADDRESS_RANGE for Dovecot if it exists
8 years ago
kaiyou 3beceb90ec
Merge pull request #429 from mildred/parametrize-hosts
Add various environment variables to allow running outside of docker-compose
8 years ago
kaiyou a9e41960a1
Merge pull request #468 from dtwardow/flex_tls_filenames
TLS using configurable filenames
8 years ago
kaiyou 91e51a24c8
Merge pull request #465 from sanduhrs/feature/463
Remove services status page
8 years ago
Thomas Sänger 7d661ab80d
don't require BootstrapCDN for FontAwesome (GDPR-compliance) 8 years ago
Mildred Ki'Lya 6bb4c6e2f0 Parametrize front address from dovecot 8 years ago
Mildred Ki'Lya ae8c9f5a6b Add various environment variables to allow running outside of docker-compose 8 years ago
Dennis Twardowsky 50f9f379e9 Flexible filenames for TLS via envvars (flavours 'cert' and 'mail' only) 8 years ago
Stefan Auditor 6177571e4d Remove services status localization 8 years ago
Stefan Auditor b541d4c257 Remove services status sidebar link 8 years ago
Stefan Auditor e89b32a3f4 Remove services route 8 years ago
Stefan Auditor ec8e82aaca Remove services status template 8 years ago
kaiyou f55e5e26cd Update messages.po (POEditor.com) 8 years ago
kaiyou 2b96abbef4 Update messages.po (POEditor.com) 8 years ago
kaiyou af38d5ab0c Update messages.po (POEditor.com) 8 years ago
kaiyou fc89b30e8a Update messages.po (POEditor.com) 8 years ago
kaiyou 791fab688a Update messages.po (POEditor.com) 8 years ago
kaiyou c9b0832899 Update messages.po (POEditor.com) 8 years ago
kaiyou fa1b0ac32c Update messages.po (POEditor.com) 8 years ago
kaiyou 75f0791965 Update messages.po (POEditor.com) 8 years ago
kaiyou c91c5c7493 Update messages.po (POEditor.com) 8 years ago
kaiyou 299a654e97 Update messages.po (POEditor.com) 8 years ago
kaiyou 494e52d8f0 Update messages.po (POEditor.com) 8 years ago
kaiyou 3b7014d563 Add dummy spanish and russion languages 8 years ago
kaiyou be0a0b4ac8 Update translation strings 8 years ago
kaiyou 8bad30cd59 Move the domain MX status to the detail page 8 years ago
kaiyou 7f0447514c Finish storing the user quota to redis 8 years ago
kaiyou 80893be68b Add a missing import to dnspython 8 years ago
kaiyou 091369915b Display the user quota in the admin interface 8 years ago
kaiyou e13593f29a Switch to database 2 for rate limiting 8 years ago
kaiyou d1dbba2d3a Add expose instructions in Dockerfiles, fixes #392 8 years ago
kaiyou 62d1a0c104 Add a status field to the domain list 8 years ago
kaiyou bb0d7bf6dc Enforce the nocase collation on the email table 8 years ago
kaiyou 186c30d2ac Have the admin listen on ipv6 8 years ago
kaiyou 35276c3101
Merge pull request #458 from Farthen/master
Dovecot: Add SQL iterate_query to config file.
8 years ago
kaiyou dfaedb76f1
Merge pull request #447 from sanduhrs/feature/446
Add a sqlalchemy custom type for unicode to idna conversion of domain names
8 years ago
farthen f75280e4a3 Dovecot: Add SQL iterate_query to config file.
This allows to use doveadm -A to execute maintenance tasks for all users on the server
8 years ago
kaiyou 9968d708f1 Update the prod requirements 8 years ago
kaiyou 381e76511d Add self-service domain registration 8 years ago
Stefan Auditor c688970b32 Respect user enabled flag in admin authentication 8 years ago
Stefan Auditor d3064579f4 Respect user enabled flag in basic authentication 8 years ago
Stefan Auditor 92f4858323 Respect user.enabled status in internal authentication 8 years ago
Stefan Auditor d2c6cecca6 Remove is_enabled method and use the enabled attribute instead 8 years ago
Stefan Auditor 5bfdd75738 Respect user enabled flag on user.login 8 years ago
Stefan Auditor 78f4fa7db9 Add field to ui for user enabled flag 8 years ago
Stefan Auditor 20d6fbae48 Add enabled flag to user model 8 years ago
Scott 2c2a1ed042 Remove stale link to old auto-forward settings. Fixes #450
Also update a reference to 'smtp' to use HOST_AUTHSMTP
8 years ago
kaiyou a51416a4af
Merge pull request #452 from sanduhrs/feature/449
Add enabled flag to user model
8 years ago
Stefan Auditor e843f7ef1f Respect user enabled flag in admin authentication 8 years ago
Stefan Auditor c8540ddba7 Respect user enabled flag in basic authentication 8 years ago
Stefan Auditor 6fc22e5432 Respect user.enabled status in internal authentication 8 years ago
Stefan Auditor 733b89bff5 Remove is_enabled method and use the enabled attribute instead 8 years ago
Stefan Auditor 3b66fcada7 Respect user enabled flag on user.login 8 years ago
Stefan Auditor 7139a27bf1 Add field to ui for user enabled flag 8 years ago
Stefan Auditor f585197e52 Add enabled flag to user model 8 years ago
Scott e5c25c395f Remove stale link to old auto-forward settings. Fixes #450
Also update a reference to 'smtp' to use HOST_AUTHSMTP
8 years ago
Stefan Auditor 7f5bd98a2e Add parameters to database field 8 years ago
Stefan Auditor 93d5254b3f Add another type decorator for idna email support 8 years ago
Scott 6018995534 Use POD_ADDRESS_RANGE for Dovecot if it exists
This is required to override allow_nets in a Kubernetes environment where pods are not recreated with the same IP address.
8 years ago
Stefan Auditor 792c720c13 Save user email domain_name as idna representation 8 years ago
Stefan Auditor c40e255f3b Reset relay columns to string 8 years ago
Stefan Auditor d9ea64fac7 Import idna library and move code a bit upwards 8 years ago
Stefan Auditor 5a7272ff12 Replace other occurences of domain names with idna 8 years ago
Stefan Auditor 1b666cd25b Add a sqlalchemy custom type for unicode to idna conersion of domain names 8 years ago
kaiyou db0cd8efb4 Fix the client setup page when not logged in 8 years ago
kaiyou e92113bd57
Merge pull request #433 from mildred/delivered-to-hdr
Add original Delivered-To header to received messages
8 years ago
kaiyou b4134b7774 Add a client setup page, fixes #342 8 years ago
kaiyou fa0bda7b69 Merge the auto-forward and antispam settings 8 years ago
kaiyou 3ef4e1f6b7 Add support for recaptcha upon signup 8 years ago
kaiyou e02e47c48e
Merge pull request #416 from calebj/patch-1
Add support for sending from alternative domains
8 years ago
Scott b9e67635f4 Use HOST_ADMIN in "Forwarding authentication server". Fixes #436. 8 years ago
Mildred Ki'Lya 649a4fc9cf Add Delivered-To header to received messages
Postfix, after expanding the alias, is not transmitting the original
envelope recipient email address to dovecot and cannot record it in a
Received: header.

The LMTP DSN extension allows postfix to specify an ORCPT= parameter to
the "RCPT TO:" line (in postfix src/smtp/smtp_proto.c). However, dovecot
does not support the DNS extension on the LMTP endpoint. It has
preliminary support of the ORCPT parameter in latest versions but is is
disabled and not working.

The solution taken was to add a sieve script to parse the Received:
header written by postfix and parse the original RCPT TO address from
it. Then add the header through the "editheader" sieve extension. Later
sieve scripts can take this header to perform further filtering.
8 years ago
Caleb Johnson b58dcfb511
Add support for sending from alternative domains
See Mailu/Mailu#415
8 years ago
AdrienM 29a1548532 Add explicit ssl_protocols in conf 8 years ago
kaiyou dfb5463c94 Relax the frame filtering to allow roundcube to display previews 8 years ago
kaiyou 04278b6cbf Pass the full host to the backend, fixes #372 8 years ago
kaiyou 6c56c8e298 Specify the client max body size in the front, related to #371 8 years ago
Mildred Ki'Lya f538e33dcf Parametrize hosts
Allows to use mailu without docker-compose when hostnames are not set up
by docker itself but provided via a separate resolver.

Use case: use mailu using nomad scheduler and consul resolver instead of
docker-compose. Other servers are provided by the DNS resolver that
resolves names like admin.service.consul or webmail.service.consul.
These names needs to be configurable.
8 years ago
kaiyou d8ebfbe020 Display infinite user quotas correctly, fixes #368 8 years ago
SunMar 6ec0fe7036 Adding options for mail-letsencrypt 8 years ago
kaiyou d98f16333a Display an infinite quota when necessary for users, fixes #345 8 years ago
kaiyou 8d224824ea Display a conditional button for generation dkim keys, fixes #346 8 years ago
kaiyou d0b8de72e4 Do not deny HTTP access upon TLS error when the flavor is mail 8 years ago
kaiyou bfc898c2d8 Move dhparam to /conf 8 years ago
Greg Fitzgerald f1ad2cf4d0 Use a predefined dhparam.pem, This fixes issue #322 8 years ago
kaiyou 7a9d2c9725
Merge pull request #353 from ripkens/patch-1
Added adress verification before accepting mails for delivery
8 years ago
kaiyou acb5d7da38 Use relative redirect for / to the webmail 8 years ago
kaiyou 2dfc91ac4d Use a map for passing x-forwarded-proto along 8 years ago
Marcus Ripkens 7375134474
Update main.cf 8 years ago