3487 Commits (3aafecafe774f8315fcc447704356cbfa8fb9330)
 

Author SHA1 Message Date
Florent Daigniere f05cc99dc0 Add ECC certs for modern clients 3 years ago
Florent Daigniere cb68cb312b Reduce the size of the RSA key to 3072bits
This is already generous for certificates that have a 3month validity!

We rekey every single time.
3 years ago
Florent Daigniere 5e7d5adf17 AUTH shouldn't happen on port 25 3 years ago
Florent Daigniere 55cdb1a534 be explicit about what we support 3 years ago
Florent Daigniere ecadf46ac6 fix PFS 3 years ago
Florent Daigniere 7285c6bfd9 admin won't understand LOGIN 3 years ago
Florent Daigniere de3620da4a Don't send credentials in clear ever 3 years ago
Florent Daigniere 4535c42e70 This isn't required 3 years ago
Florent Daigniere 1101e401e8 Apply the restriction on the right port 3 years ago
Florent Daigniere 6d244222da better error message 3 years ago
bors[bot] 3a96bf2170
Merge #1917
1917: Update Alpine version from 3.10 to 3.14 build_arm.sh r=mergify[bot] a=Erriez

## What type of PR?

Update Alpine version from 3.10 to 3.14 in `build_arm.sh` script.

## What does this PR do?

### Related issue(s)
- Mention an issue like: #1200

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.

Co-authored-by: Erriez <Erriez@users.noreply.github.com>
3 years ago
Florent Daigniere d6ce5d0c06 Remove a warning: limits don't apply to trusted hosts 3 years ago
bors[bot] f38576b75a
Merge #1918
1918: Alpine has removed support for btree and hash from postfix r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

fix the following errors:
Aug 08 16:52:03 ocloud postfix/smtp[376]: error: unsupported dictionary type: hash
Aug 08 16:52:03 ocloud postfix/tlsmgr[377]: error: unsupported dictionary type: btree
Aug 08 16:52:03 ocloud postfix/tlsmgr[377]: warning: btree:/var/lib/postfix/smtp_scache is unavailable. unsupported dictionary type: btree

Without it Mailu is unusable with a relay.

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
Florent Daigniere 1029cad048 towncrier 3 years ago
Florent Daigniere bcdc137677 Alpine has removed support for btree and hash 3 years ago
Erriez 6b3c208fc9 Update Alpine version from 3.10 to 3.14 3 years ago
Florent Daigniere 1438253a06 Ratelimit outgoing emails per user 3 years ago
bors[bot] 6b0e8a0dfb
Merge #1912
1912: 1.8 release r=mergify[bot] a=Diman0

## What type of PR?

1.8 release.

## What does this PR do?
Final changes required for the 1.8 release.

### Related issue(s)
- #1829 can be closed after this PR is backported.

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Diman0 <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
3 years ago
Diman0 3157fc3623 Give docker containers in each test one more minute for starting. 3 years ago
Diman0 14a1871511 enhanced security changelog entry and added recommendation to recreate secret_key 3 years ago
Diman0 21e7a338e7 Fixed typing error. 3 years ago
Diman0 f0997ed0fd Improved changelog entry 3 years ago
Dimitri Huisman 6581f8f087
Resolve merge conflict 3 years ago
Diman0 4b89143362 Update documentation config and release notes page. 3 years ago
Diman0 a7d99bdedd Update CHANGELOG.md and process towncrier newsfragments. 3 years ago
bors[bot] 48f3b1fd49
Merge #1656
1656: Add ability to set no WEBROOT_REDIRECT to Nginx r=mergify[bot] a=DavidFair

## What type of PR?

Enhancement / Documentation

## What does this PR do?

From commit:

---

Adds a 'none' env option to WEBROOT_REDIRECT so that no `location /`
configuration is written to nginx.conf.

This is useful for setting up Mailu and Mailman where we override the
root to proxy to the mailing list server instead. Without this change
the nginx container will not start, or for 1.7 users can set their
WEBMAIL_PATH to / with no webmail to get the same results.

This fix means that future users don't have to choose between webmail
and a root override and makes the configuration intention clear.

---

I've also added bullet points to break up a long flowing sentence in `configuration.rst` - it should be a bit easier to read now

### Related issue(s)
No Related Issue - I just jumped to a PR

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly

@ Maintainers - Is this worthy of the changelog, it's useful to know about but I imagine the number of people it affects is equally minimal?
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: David Fairbrother <DavidFair@users.noreply.github.com>
3 years ago
bors[bot] aeb4bddb30
Merge #1910
1910: Smarter default settings for rate limiting r=mergify[bot] a=Diman0

## What type of PR?

enhancement

## What does this PR do?
As discussed during the last meeting (#1582) people have issues with a too low default value for rate limiting. By default rate limiting was also enabled for the internal subnet which caused normal users to block webmail for all users after a couple of failed login attempts on webmail.

As discussed in #1867 we will make the following changes for now.
The default value for AUTH_RATELIMIT_SUBNET is set to False again. 
The default value for AUTH_RATELIMIT is increased to a higher value to prevent issues.

### Related issue(s)
- #1582
- closes #1867

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Diman0 <diman@huisman.xyz>
3 years ago
Diman0 4cfa2dbc2a Increase width of rate limiting text box. 3 years ago
Diman0 588904078e Set default of AUTH_RATELIMIT_SUBNET to False. Increase default AUTH_RATELIMIT value. 3 years ago
bors[bot] bfb2665d58
Merge #1908
1908: Optimize docs/Dockerfile r=mergify[bot] a=Erriez

- Convert .rst to .html in temporary `python:3.8-alpine3.14` build image
- Remove all unused packages
- Use `nginx:1.21-alpine` deployment image

## What type of PR?

Optimize/fix `docs/Dockerfile`

## What does this PR do?

### Related issue(s)
- Mention an issue like: #1851

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.

## Testing

The following tests has been executed locally:

```bash
export DOCKER_ORG=user
export DOCKER_PREFIX=
export MAILU_VERSION=master

cd tests
time docker-compose -f build.yml build --no-cache docs
	real	0m18.850s
	user	0m0.317s
	sys	0m0.124s

docker images
	REPOSITORY                   TAG               IMAGE ID       CREATED              SIZE
	user/docs                    master            3de6c8612cf3   19 seconds ago       38.1MB

docker run -it --rm --name mailu-docs -p 80:80 user/docs:master

Open web browser:
	Clear caches
	http://localhost:80/master
```

Co-authored-by: Erriez <Erriez@users.noreply.github.com>
3 years ago
Erriez 44e963ab1a
Merge branch 'master' into fix-docs-image 3 years ago
Erriez 98933f9478 Optimize docs/Dockerfile
- Convert .rst to .html in temporary python:3.8-alpine3.14 build image
- Remove all unused packages
- Use nginx:1.21-alpine deployment image
3 years ago
bors[bot] f9e49dc43a
Merge #1877
1877: Fix missing bullet points and styling in documentation r=nextgens a=Diman0

## What type of PR?
Bug-fix

## What does this PR do?
It brings back the bullet points and correct styling to the documentation.
Conf.py was missing an extension declaration.
The requirement docutils was missing. Currently Sphinx only supports docutils 0.16. 

To see the issue yourself compare
Ok: https://mailu.io/1.7/
Not Ok: https://mailu.io/1.8.

### Related issue(s)
- None

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Diman0 <diman@huisman.xyz>
3 years ago
Dimitri Huisman 609e0f9f7c
Env vars are not shared between jobs 3 years ago
bors[bot] a226392bf6
Merge #1851
1851: Upgrade alpine r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Upgrade all the images to alpine 3.14 and switch from libressl to openssl on the admin container to work around a bug in alpine

### Related issue(s)

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
Florent Daigniere 2b63280f59 doh 3 years ago
Florent Daigniere ccb3631622 still need pip3 3 years ago
Florent Daigniere defea3258d update arm builds too 3 years ago
Florent Daigniere d44608ed04 Merge remote-tracking branch 'upstream/master' into upgrade-alpine 3 years ago
Florent Daigniere f8362d04e4 Switch to openssl to workaround alpine #12763 3 years ago
Florent Daigniere 3471ebb214 Allow specific users to send email from any address 3 years ago
bors[bot] 6ea4e3217a
Merge #1901
1901: treat localpart case insensitive again r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

fixes error introduced by #1604 where the localpart of an email address was handled case sensitive.
this screwed things up at various other places.
 
### Related issue(s)

closes #1895
closes #1900

Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
3 years ago
Alexander Graf 6856c2c80f treat localpart case insensitive again
by lowercasing it where necessary
3 years ago
bors[bot] 656cf22126
Merge #1856
1856: update asset builder dependencies r=mergify[bot] a=ghostwheel42

## What type of PR?

update asset builder dependencies

## What does this PR do?

only include needed dependencies to build mailu assets with nodejs v8

### Related issue(s)

update dependencies as discussed in #1829


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
3 years ago
bors[bot] 9289fa6420
Merge #1896
1896: save dkim key after creation r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

saves generated dkim key after creation vi web ui.
after the model change the domain object needs to be added and flushed via sqlalchemy.

### Related issue(s)

closes #1892


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
3 years ago
bors[bot] 9a4c6385e5
Merge #1888
1888: Use threads in gunicorn rather than workers/processes r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

This ensures that we share the auth-cache... will enable memory savings
and may improve performances when a higher number of cores is available

"smarter default"

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
Alexander Graf 54b46a13c6 save dkim key after creation 3 years ago
bors[bot] bf65a1248f
Merge #1885
1885: fix 1884: always lookup a FQDN r=mergify[bot] a=nextgens

## What type of PR?

bugfix

## What does this PR do?

Fix bug #1884. Ensure that we avoid the musl resolver bug by always looking up a FQDN

### Related issue(s)
- closes #1884

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
Alexander Graf c2c3030a2f rephrased comments 3 years ago
bors[bot] bace7ba6e3
Merge #1890
1890: fix Email class in model.py r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

fixes class Email - keep email, localpart and domain in sync.

### Related issue(s)

closes #1878


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
3 years ago