34 Commits (4dbefe8e3a84e8f71a4a0e3615a5388ebebb08c4)

Author SHA1 Message Date
bors[bot] 25e8910b89
Merge #1783
1783: Switch to server-side sessions r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

It simplifies session management.
- it ensures that sessions will eventually expire (*)
- it implements some mitigation against session-fixation attacks
- it switches from client-side to server-side sessions (in Redis)

It doesn't prevent us from (re)-implementing a "remember_me" type of feature if that's considered useful by some.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
4 years ago
lub f3f0a4d86d
Merge branch 'master' into enforce-tls-admin 4 years ago
Florent Daigniere b9becd8649 make sessions expire 4 years ago
Florent Daigniere 20d2b621aa Improve the description of CREDENTIAL_ROUNDS 4 years ago
Florent Daigniere 7137ba6ff1 Misc improvements to PASSWORD_SCHEME
- remove PASSWORD_SCHEME altogether
- introduce CREDENTIAL_ROUNDS
- migrate all old hashes to the current format
- auto-detect/enable all hash types that passlib supports
- upgrade passlib to 1.7.4 (see #1706: ldap_salted_sha512 support)
4 years ago
Florent Daigniere 0dcc059cd6 Add a new knob as discussed on matrix with lub 4 years ago
lub f0f873ffe7 add option to enforce inbound starttls 4 years ago
Dimitri Huisman b3e9e1bd1a Add documentation for the web administration gui. 4 years ago
bors[bot] 535b95bca7
Merge #1538
1538: Introduce environment variable to control dovecot full-text-search r=mergify[bot] a=tremlin

## What type of PR?

Enhancement

## What does this PR do?

In #1320 a full-text-search feature was enabled in Dovecot by default. Since this can have a big impact on performance, I think it's preferable to offer an option to disable the feature if it is not needed. This PR doesn't change the default behavior (FTS on).

### Related issue(s)
- #1320

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordinagly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Thomas Rehn <thomas.rehn@initos.com>
4 years ago
Thomas Rehn ebf1f4f1b6 add bits of documentation for new environment variable 4 years ago
Michael Wyraz 6234da3786 Add doc and changelog for OUTBOUND_TLS_LEVEL 5 years ago
bors[bot] d883ba1bed
Merge #1385
1385: [docs] fix variable name for RECIPIENT_DELIMETER r=Nebukadneza a=eleith

## What type of PR?

documentation

## What does this PR do?

the variable name as referenced by postfix and dovecot and mailu.env are all `RECIPIENT_DELIMETER`

example, see: 

dcda412b99/core/postfix/conf/main.cf (L40)



Co-authored-by: eleith <eleith@users.noreply.github.com>
5 years ago
eleith 97eda85db8 fix variable name for RECIPIENT_DELIMETER
the variable name as referenced by postfix (dcda412b99/core/postfix/conf/main.cf (L40)) and others is `RECIPIENT_DELIMETER`.
5 years ago
kaiyou 8e88f1b8c3 Refactor the rate limiting code
Rate limiting was already redesigned to use Python limits. This
introduced some unexpected behavior, including the fact that only
one criteria is supported per limiter. Docs and setup utility are
updated with this in mind.

Also, the code was made more generic, so limiters can be delivered
for something else than authentication. Authentication-specific
code was moved directly to the authentication routine.
5 years ago
Michael Wyraz 70f797dbd9 Don't raise rate limit exception on hit(), only on check() 5 years ago
Michael Wyraz e857b9d659 Document default antivirus behaviour, add an option to reject viruses 5 years ago
Tim Möhlmann 4911fba4af
Docs: Fix various build warnings:
- /docs/configuration.rst:157: WARNING: Inline emphasis start-string without end-string.
- /docs/configuration.rst:159: WARNING: Inline emphasis start-string without end-string.
- /docs/configuration.rst:159: WARNING: Inline emphasis start-string without end-string.
- /docs/configuration.rst:159: WARNING: Inline emphasis start-string without end-string.
- /docs/rpi_build.rst: WARNING: document isn't included in any toctree
5 years ago
Michael Wyraz a907fe4cac Split HOST_ANTISPAM in HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI 5 years ago
Michael Wyraz de2f166bd1 Resolve HOST_* to *_ADDRESS only if *_ADDRESS is not already set 5 years ago
Igor Rzegocki 6f973a2e4b
Fixed hardcoded antispam and antivirus host addresses
Fixes #978
5 years ago
bors[bot] 2785bca1f4
Merge #883
883: Admin create user enhancement r=mergify[bot] a=cr1st1p

## What type of PR?
Enhancement

## What does this PR do?
It allows the admin docker image to also create the admin user.
The idea is that in my kubernetes setup, I do not want to manually do anything, as such, I need a way for the admin user to also be created automatically without me getting inside the pod.
So I had to change the manage.py function that creates the user to allow different 'modes' (me, I'll be using 'ifmissing') and also start.py to call that functionality if appropriate environment variables are present.

So now, in my Deployment, I add 3 more environment variables and I get the admin user created, IF not already present.

### Related issue(s)
none?

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.


Co-authored-by: cristi <cristi.posoiu@gmail.com>
Co-authored-by: cr1st1p <cristi.posoiu@gmail.com>
Co-authored-by: Tim Möhlmann <muhlemmer@gmail.com>
5 years ago
cristi 078082fac9 Hopefully improved documentation around initial admin account creation. 6 years ago
Daniel Huber 7dcb2eb006
Add authentication for email relays 6 years ago
Tim Möhlmann d9f8510bb6
Fix notls typo 6 years ago
Tim Möhlmann 38e754be6d
Make docs refer to the setup utility 6 years ago
Tim Möhlmann 71cda7983e
Merge branch 'master' into feat-logging 6 years ago
Tim Möhlmann 7d01bb2a4d
LOG_LEVEL docs and changelog entry 6 years ago
Tim Möhlmann 4b0601cb64
Add WEBROOT_REDIRECT documentation
Closes #802
6 years ago
Tim Möhlmann 8172f3eab8
Move the Mailu Docker network to a fixed subnet.
This will make network configuration and host based authentication
more robust, across different deployment platforms.
The options `RELAYNETS` and`POD_ADDRESS_RANGE` are kept for compatibility.
However, their usage have become optional.
6 years ago
Tim Möhlmann 77e3fc0ebc
Some documentation flow refactoring and updates:
- Improve advice on IP binding; Follow up on issue #641
 - mailradar is dead. Found mxtoolbox instead
 - Fix some internal linking
6 years ago
Mildred Ki'Lya ae8c9f5a6b Add various environment variables to allow running outside of docker-compose 7 years ago
Rafael Cossovan 23f392efb2 Update configuration.rst
Fix env variable.
7 years ago
Mildred Ki'Lya f538e33dcf Parametrize hosts
Allows to use mailu without docker-compose when hostnames are not set up
by docker itself but provided via a separate resolver.

Use case: use mailu using nomad scheduler and consul resolver instead of
docker-compose. Other servers are provided by the DNS resolver that
resolves names like admin.service.consul or webmail.service.consul.
These names needs to be configurable.
7 years ago
kaiyou fcf9515bff Fix the rst syntax for most documentation 7 years ago