1935: Fix bug #1934: logs flooded with "unbound udp connect failed: Address not available for" r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Revert back to alpine 1.12 for the resolver/unbound container. The official fix is at:
08968baec1
but alpine doesn't ship it yet:
https://pkgs.alpinelinux.org/packages?name=unbound&branch=v3.14
### Related issue(s)
- closes#1934
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
1916: Ratelimit outgoing emails per user r=mergify[bot] a=nextgens
## What type of PR?
Feature
## What does this PR do?
A conflict-free version of #1360 implementing per-user sender limits
### Related issue(s)
- close#1360
- close#1031
- close#1774
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
1922: Harden postfix's configuration r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
It hardens the default configuration:
- disable AUTH commands on port 25 (nginx was not advertising the capability: normal clients wouldn't attempt it)
- fix Forward Secrecy by ensuring that we don't use session tickets and don't cache on forensically carveable mediums
- prevent clear-text credentials from being sent while authenticating to remote relays (this may break things if the relay doesn't support challenge-based authentication NOR STARTTLS - unlikely).
- switch to default RSA keysizes (2048 bits and they get rekeyed every 3 months -modern clients will do ECC)
- enable ECC certificates (much smaller than RSA keys, faster for better security margin)
- configure nginx so that it doesn't send the legacy/root CA (clients that require it are unlikely to do TLS1.2 any ways)
I don't think that any of those changes is impactful enough to warrant being documented.
### Related issue(s)
- close#1804
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Jack Murray <github@c0rporation.com>
1928: Change letsencrypt timer from 1h --> 1 day r=mergify[bot] a=jackmurray
There's no need to be calling certbot so frequently. Letsencrypt certificates last for 90 days so polling every hour is just wasteful. Once per day should be more than sufficient to catch any certificates before they even get close to expiring.
## What type of PR?
Enhancement
## What does this PR do?
Reduces unnecessary load on the Letsencrypt ACME servers.
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Jack Murray <github@c0rporation.com>
1917: Update Alpine version from 3.10 to 3.14 build_arm.sh r=mergify[bot] a=Erriez
## What type of PR?
Update Alpine version from 3.10 to 3.14 in `build_arm.sh` script.
## What does this PR do?
### Related issue(s)
- Mention an issue like: #1200
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Erriez <Erriez@users.noreply.github.com>
1918: Alpine has removed support for btree and hash from postfix r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
fix the following errors:
Aug 08 16:52:03 ocloud postfix/smtp[376]: error: unsupported dictionary type: hash
Aug 08 16:52:03 ocloud postfix/tlsmgr[377]: error: unsupported dictionary type: btree
Aug 08 16:52:03 ocloud postfix/tlsmgr[377]: warning: btree:/var/lib/postfix/smtp_scache is unavailable. unsupported dictionary type: btree
Without it Mailu is unusable with a relay.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
1912: 1.8 release r=mergify[bot] a=Diman0
## What type of PR?
1.8 release.
## What does this PR do?
Final changes required for the 1.8 release.
### Related issue(s)
- #1829 can be closed after this PR is backported.
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Diman0 <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>