Commit Graph

601 Commits (1ce889b91b83f444bbdcf755afd6a17b62295218)

Author SHA1 Message Date
İbrahim Akyel f65e2fc469 Feature: Marking "Read" spam mails
Florent Daigniere 66b660d331 clarify
Florent Daigniere a62ebceb3d document
Florent Daigniere d3e7ea5389 spell it out
bors[bot] 921cab60de
Merge
2185: Update reverse.rst r=mergify[bot] a=audioscavenger

updated the external proxy location pattern and added a note: do not add a ``/`` at the end

## What type of PR?

documentation

## What does this PR do?

### Related issue(s)
- did not bother to create an issue

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] i would like to add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file but i don't know how


Co-authored-by: Eric <dev@derewonko.com>
bors[bot] bcecbda9de
Merge
2195: roundcube: Add /overrides directory in include r=mergify[bot] a=mnival

Added the /overrides directory in the roundcube config.inc.php file

## What type of PR?

bug-fix

## What does this PR do?

### Related issue(s)
none

Co-authored-by: mnival <1595998+mnival@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Dimitri Huisman 731a3741ca Update overrides faq for include roundcube
bors[bot] c83457a2fa
Merge
2216: Add iptables+ipset as additional FAQ entry for fail2ban r=mergify[bot] a=tkaefer

## What type of PR?

(Feature, enhancement, bug-fix, documentation)

## What does this PR do?

### Related issue(s)
 closes  

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Tobias Käfer <tobias@tkaefer.de>
Tobias Käfer 314145868c Include review suggestions
Tobias Käfer e274ee762f Update fail2ban faq doc
Kevin Falcoz 98d2d6f212
URL correction for client email configuration in FAQ
Kevin Falcoz e84e311526
Change URL dashboard in DKIM/SPF & DMARC Entries
Eric c62947aec1
Update reverse.rst
updated the external proxy location pattern and added a note: do not add a / at the end
Erik Kralj 384d964f58
fix typo
Florent Daigniere f8bc7c56a1 typo
Florent Daigniere 0298d51003 my edits
Dimitri Huisman cfd6e91c29 Forgot to mention that Mailu PostgreSQL is deprecated.
Dimitri Huisman b4d3d4b3c9 Preparations for 1.9 release.
bors[bot] 14177c3f98
Merge
2097: The DB_PORT and ROUNDCUBE_DB_PORT env vars were not used r=mergify[bot] a=Diman0

## What type of PR?

Bug fix

## What does this PR do?
The DB_PORT and ROUNDCUBE_DB_PORT env vars were not used and are not required. 
This PR removes these not used environment variables from the documentation.
The documentation and setup utility are enhanced with instructions how to specify a different port for the database url.

### Related issue(s)
- See 


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Dimitri Huisman c957911220 Remove weblate option from documentation since it is not available anymore.
Erriez 10756cef7b Fix typo configuration.rst
Erriez 4c52cf1d6a Rewording INITIAL_ADMIN_MODE documentation
Erriez 83d9a81f0f Fix documentation INITIAL_ADMIN_* variables
Dimitri Huisman f9efbeb7c6 Remove not-used DB_PORT/ROUNDCUBE_DB_PORT environment variables. Document how to specify port for DB URL
Florent Daigniere 5fe5c80064 Merge remote-tracking branch 'upstream/master' into sessions-tweaks
Florent Daigniere 02c93c44f2 Tweak sessions
simplify:
- make all sessions permanent by default
- update the TTL of sessions on access (save always)
- fix session-expiry, modulo 8byte precision
bors[bot] c5966b29db
Merge
2035: updated roundcube to 1.5.1 and carddav to 4.3.0 r=mergify[bot] a=ghostwheel42

## What type of PR?

enhancement

## What does this PR do?

updated roundcube to 1.5 and carddav to 4.2.2
also runs cleanup cronjob _once_ at startup

### Related issue(s)

- closes  
- runs cleanup job mentioned in  at startup

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Alexander Graf 698f91de95
Merge remote-tracking branch 'upstream/master' into update_roundcube
bors[bot] ba54b77eaf
Merge
2069: Remove Mailu PostgreSQL r=mergify[bot] a=Diman0

## What type of PR?

enhancement

## What does this PR do?
- Removes Mailu PostgreSQ
- Makes roundcube database configurable via setup
- Fixes bug  

As already announced in the release of Mailu 1.8, we will remove Mailu PostgreSQL in 1.9. In PR  we created the necessary documentation to assist migrating to the official PostgreSQL image. This PR completely removes Mailu PostgreSQL. As a bonus I fixed bug . People who were using PostgreSQL with Roundcube are in the situation that Roundcube must keep using SQLite. Roundcube has no migration or export/import functionality to move to a different database flavour (what we do have :). Therefore I have made the roundcube database selection configurable in setup. 

### Related issue(s)
- closes 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [n/a] In case of feature or enhancement: documentation updated accordingly - will happen in Mailu 1.9 release notes.
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Alexander Graf 1a41657f90
add documentation, allow overrides, clean plugins
bors[bot] 7c03878347
Merge
1441: Rsyslog logging for postfix r=mergify[bot] a=micw


## What type of PR?

enhancement

## What does this PR do?
Changes postfix logging from stdout to rsyslog:
* stdout logging still enabled
* internal test request log messages are filtered out by rsyslog
* optional logging to file via POSTFIX_LOG_FILE env variable

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


2090: fix 2086 r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Fix a bug I've introduced in ae8db08bd

### Related issue(s)
- close 

Co-authored-by: Michael Wyraz <michael@wyraz.de>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Dimitri Huisman 2efad07c0b Merge branch 'master' of github.com:Diman0/Mailu into remove-mailu-postgresql
bors[bot] 08be233607
Merge
2058: Implement versioning for CI/CD workflow. r=mergify[bot] a=Diman0

## What type of PR?

Feature!

## What does this PR do?
This PR introduces 3 things
- Add versioning (tagging) for branch x.y (1.8). E.g. 1.8.0, 1.8.1 etc.
  - docker repo will contain x.y (latest) and x.y.z (pinned version) images.
  - The X.Y.Z tag is incremented automatically. E.g. if 1.8.0 already exists, then the next merge on 1.8 will result in the new tag 1.8.1 being used.
- Make the version available in the image.
  -  For X.Y and X.Y.Z write the version (X.Y.Z) into /version on the image and add a label with version=X.Y.Z
	  -  This means that the latest X.Y image shows the pinned version (X.Y.Z e.g. 1.8.1) it was based on. Via the tag X.Y.Z you can see the commit hash that triggered the built.
  -  For master write the commit hash into /version on the image and add a label with version={commit hash}
-  Automatic releases. For x.y triggered builts (e.g. merge on 1.9) do a new github release for the pinned x.y.z (e.g. 1.9.2). 
  -  Release shows a static message (see RELEASE_TEMPLATE.md) that explains how to reach the newsfragments folder and change the branch to the tag (x.y.z) mentioned in the release. Now you can get the changelog by reading all newsfragment files in this folder.

This PR does not change anything to our workflow (what we (human persons) do). Our processes are still exactly the same. The above introduced logic is automatic. When we backport to X.Y all the magic for creating the pinned version X.Y.Z is handled by the CI/CD workflow.

### Related issue(s)
- closes 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.

## Testing
Suggested testing steps. This should cover all situations including BORS. It does require that you use your own docker repo or temporarily create a new one.
Suggested testing steps.
1. Create new github repo.
2. Add the required docker secrets to the project (see beginning of CI.yml for the secret names), DOCKER_UN, DOCKER_PW, DOCKER_ORG, DOCKER_ORG_TESTS.
3. Clone the project.
4. Copy the contents of the PR to the cloned project.
5. Push to your new github repo.
6. Now master images are built. Check that images with tag master are pushed to your docker repo
7. Check with docker inspect nginx:master that it has the label version={commit hash}.
8. Run an image, run `docker-compose exec <name> cat /version`. Note that /version also contains the pinned version. For master the pinned version is the commit hash.
9. Create branch 1.8. 
10. Push branch 1.8 to repo.
11. Note that tags 1.8 and 1.8.0 are built and pushed to docker repo
12. Inspect label and /version. Note that 1.8 and 1.8.0 both show version 1.8.0.
13. Push another commit to branch 1.8.
14. Note that tags 1.8 and 1.8.1 are built and pushed to docker repo
15. Inspect label and /version. Note that 1.8 and 1.8.1 both show version 1.8.1.
16. Let's check BORS stuff.
17. Create branch testing.
18. Push the commit with the exact commit text (IMPORTANT!!): `Try #1234:`'.
19. Note that images are built and pushed for tag `pr-1234`.
20. Inspect label and /version. Note that the version is `pr-1234`.
20. Create branch staging.
21. Push the commit with commit text: `Merge #1234`.
22. Note that this image is not pushed to docker (as expected).

but you could also check the GH repo and docker repo I used:
https://github.com/Diman0/Mailu_Fork
https://hub.docker.com/r/diman/rainloop/tags

Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Dimitri Huisman 53975684b8 Using Syslog is the new standard. It is not optional anymore.
Dimitri Huisman 1eeffe29c0 Remove Mailu PostgreSQL. Make roundcube database configurable via setup. Fix .
Dimitri Huisman d5896fb2c6 Add log rotation (if logging to file). Make rsyslog the default.
bors[bot] 20f00a3699
Merge
2064: Documentation for switching database-backend and for migrating from Mailu PostgreSQL r=mergify[bot] a=Diman0

## What type of PR?

Documentation

## What does this PR do?

Added documentation for how to switch the database back-end used by Mailu.
Added documentation for migrating from the deprecated Mailu PostgreSQL image to a different PostgreSQL database.

### Related issue(s)
- closes  
- closes  
- closes  

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Dimitri Huisman 8fe2d227f0 Now the paragraph is really removed.
Dimitri Huisman 33e8de5911 Process code review comments in PR#2064.
bors[bot] d43b28c876
Merge
1982: Change memory requirements r=mergify[bot] a=teadur

Running with ClamAV requires atleast 3GB of memory otherwise ClamAV updates fail and fill the disk https://github.com/Mailu/Mailu/issues/470

## What type of PR?

documentation

## What does this PR do?

### Related issue(s)
- Information from  

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.



Co-authored-by: Georg <teadur@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Dimitri Huisman 567b5ef172
Merge branch 'master' into postfix-logging
Dimitri Huisman 0de2ec77c6 Process code review remarks
Dimitri Huisman 3afaeecfbb Further clarify memory requirements and create newsfragment.
Dimitri Huisman 5c52f08f41 Added documentation for how to switch the database back-end used by Mailu.
Added documentation for migrating from the deprecated Mailu PostgreSQL image to a different PostgreSQL database.
Dimitri Huisman f7677543c6 Process code review remarks
- Moved run to bottom of Dockerfile to allow using unmodified / cached states.
- Simplified bash code in deploy.sh.
- Improved the large bash one-liner in CI.yml. It could not handle >9 for 1.x.
Dimitri Huisman 56dd70cf4a Implement versioning for CI/CD workflow (see ).
Dimitri Huisman c3dd7330cb Update reverse proxy documentation (see ).
bors[bot] 78dd13a217
Merge
2042: Add MESSAGE_RATELIMIT_EXEMPTION r=mergify[bot] a=nextgens

## What type of PR?

Enhancement

## What does this PR do?

Add a new knob called ```MESSAGE_RATELIMIT_EXEMPTION```.

### Related issue(s)
- 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Florent Daigniere 5714b4f4b0 introduce MESSAGE_RATELIMIT_EXEMPTION
DjVinnii 30d7e72765 Move TZ to Advanced settings
DjVinnii 548077c465 Update docs
DjVinnii c43f7aef5a Update docs
DjVinnii 5b99b6427c Update docs
Florent Daigniere c8316cead1 Improve wording
Florent Daigniere 70b374c46f Document that RELAYNETS is comma separated
Dimitri Huisman 3449b67c86 Process code review remarks PR2023
Dimitri Huisman a01df56a9b Forgot to include the new endpoint /static
Dimitri Huisman 8eabece225 Update reverse proxy doc with new /sso endpoint.
Florent Daigniere 99c81c20a7 Introduce AUTH_RATELIMIT_EXEMPTION
This disables rate limiting on specific CIDRs
Florent Daigniere 8414dd5cf0 Merge remote-tracking branch 'upstream/master' into ratelimits
Florent Daigniere 4fff45bb30 Fix typo
bors[bot] 9f2aa0aadc
Merge
1986: Document how to setup client autoconfig r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Document how to setup autoconfig. This works with most open-source MUAs (thunderbird, evolution, ...)

We could go further than that by providing dynamic configuration (issue an auth token for each MUA request)... but it won't work unless a new DNS entry (and matching certificate) is created.

### Related issue(s)
- 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


2014: Update Chinese translation r=mergify[bot] a=qy117121

## What type of PR?

translation

## What does this PR do?

Update Chinese translation. Use `zh` instead of `zh_CN`.

### Related issue(s)

none

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: qy117121 <mixuan121@gmail.com>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Florent Daigniere e127e6b32f clarify the documentation
Florent Daigniere 64bc7972cc Make AUTH_RATELIMIT_IP 60/hour as discussed
Florent Daigniere 89ea51d570 Implement rate-limits
Florent Daigniere 1157868370 Document how to setup autoconfig
Georg 5301f0c200
Change memory requirements
Running with ClamAV requires atleast 3GB of memory otherwise ClamAV updates fail and fill the disk https://github.com/Mailu/Mailu/issues/470
Alexander Graf 1e8b41f731 Merge remote-tracking branch 'upstream/master' into adminlte3_fixes
Dimitri Huisman 5a1e6dfb61 Added documentation for new LOGO_BACKGROUND and LOGO_URL env variables.
Florent Daigniere 9888efe55d Document as suggested on #mailu-dev
Florent Daigniere ef5f82362c Merge remote-tracking branch 'upstream/master' into policyd-mta-sts
Florent Daigniere d607ba0ef2 Clarify that a restart may be required
Florent Daigniere fb34f53493 Do operations in the right (safe) order
Florent Daigniere fccb0cc57f Add a longer max_age (15days)
Florent Daigniere 67db72d774 Behave like documented
Florent Daigniere a8142dabbe Introduce DEFER_ON_TLS_ERROR
This will default to True and defer emails that fail even "loose"
validation of DANE or MTA-STS

It should work most of the time but if it doesn't and you would rather
see your emails delivered, you can turn it off.
bors[bot] 7e86f5cb57
Merge
1959: Ensure that we don't trust client headers r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Document how REAL_IP_FROM and REAL_IP_HEADER should be used. Ensure that we strip True-Client-IP and X-Forwarded-For if neither are set.

We should also update the documentation on reverse-proxies... but that's 

### Related issue(s)
- 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Florent Daigniere 5efe35329b doh
Florent Daigniere 5634354911 document how to publish an MTA-STS policy
Florent Daigniere 394c2fe22c Document REAL_IP_HEADER and REAL_IP_FROM
Fix a security vulnerability whereby we were not clearing other headers
Florent Daigniere 0e45bb3ae5 use example.com
Florent Daigniere d65993886a Fix the links
Florent Daigniere 9e306bf255 use example.com
Florent Daigniere 5ed77750f2 clarify
Florent Daigniere 13e0b56a0d This breaks SSO
Florent Daigniere e742c5432b simplify
Florent Daigniere 0a6f3448ec k8s is helm-chart only
Florent Daigniere fb8d52ceb2 Merge branch 'master' of https://github.com/Mailu/Mailu into tls_policy_map
Florent Daigniere fc5758e352 Clarify that it will only work for existing addresses
Florent Daigniere 9ec7590171 Merge branch 'master' of https://github.com/Mailu/Mailu into wildcard_senders
bors[bot] b57df78dac
Merge
1916: Ratelimit outgoing emails per user r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

A conflict-free version of  implementing per-user sender limits

### Related issue(s)
- close  
- close 
- close  

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Dimitri Huisman 4c056db4aa Added documentation for all user statuses.
Dimitri Huisman b7403c850a Document the new setting in webadministration.rst.
Florent Daigniere facc4b6427 Allow specific users to send email from any address
Diman0 146b081119 enhanced security changelog entry and added recommendation to recreate secret_key
Diman0 2132adcc38 Fixed typing error.
Diman0 b7db90b7ff Update documentation config and release notes page.
David Fairbrother 24747e33de Add ability to set no WEBROOT_REDIRECT to Nginx
Adds a 'none' env option to WEBROOT_REDIRECT so that no `location /`
configuration is written to nginx.conf.

This is useful for setting up Mailu and Mailman where we override the
root to proxy to the mailing list server instead. Without this change
the nginx container will not start, or for 1.7 users can set their
WEBMAIL_PATH to / with no webmail to get the same results.

This fix means that future users don't have to choose between webmail
and a root override and makes the configuration intention clear.
Florent Daigniere 7b847852af fix typo
Florent Daigniere e1a7657999 Now that postfix has CAs we can switch to secure
encrypt means "ensure we have some confidentiality" whereas secure means
"ensure we have confidentiality while talking to the right peer"
(protects against passive or/and active MITM attacks)