2468: Ensure that Mailu keeps working even if it can't obtain a certificate from LE r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Ensure that Mailu keeps working even if it can't obtain a certificate from letsencrypt for one of the HOSTNAMES
Without this TLS configuration would fail and Mailu would operate without TLS completely.
I haven't tested it but thought this used to work previously... maybe certbot has changed something
### Related issue(s)
- closes#2467
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2455: Fix/missing tanslations r=mergify[bot] a=DjVinnii
## What type of PR?
Fix/Enhancement
## What does this PR do?
Add missing Dutch translation, as well as the German translation for `Start of vacation`
### Related issue(s)
- closes#2217
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Vincent Kling <v.kling@vinniict.nl>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2448: Give a chance to rspamd's bayes classifier r=mergify[bot] a=nextgens
## What type of PR?
bug-fix + documentation
## What does this PR do?
As pointed out in #2442, the bayesian filter of rspamd doesn't get any chance to run as ``min_learns`` is set to 200 and we never teach it any HAM.
This PR enables rspamd's autolearn feature, that will "reinforce" good/bad by learning from the scoring of other modules. It ensures both that we will eventually reach the 200 mark but also that the data stays fresh.
I've also taken this opportunity to update the documentation & FAQ accordingly, to ensure that users teach their HAM & SPAM to both the fuzzy and bayes classifiers.
Thank you to [woj-tek](https://github.com/woj-tek) for doing the ground work on this.
### Related issue(s)
- closes#2442
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2450: Introduce TLS_PERMISSIVE for port 25 r=mergify[bot] a=nextgens
## What type of PR?
Feature
## What does this PR do?
This new advanced setting to harden cipher configuration on port 25. Changing the default is strongly discouraged, please read the documentation before doing so.
This specific feature has been requested numerous times... and while it's a terrible idea, I'm getting tired of explaining why every time. Those that would rather go through the fun of tracing missing emails tomorrow than picking a fight with their auditor today can enable it.
### Related issue(s)
- close#2449
- close#1945
- #1617
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
This new advanced setting to harden cipher configuration on port 25. Changing the default is strongly discouraged, please read the documentation before doing so.
2444: Remove POD_ADDRESS_RANGE r=mergify[bot] a=DjVinnii
## What type of PR?
Removal
## What does this PR do?
As discussed in #1209 `POD_ADDRESS_RANGE` should be removed in favor of `SUBNET`. This PR removes the few references that are still left.
### Related issue(s)
- closes#1258
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Vincent Kling <v.kling@vinniict.nl>
2443: Use RUNNER_TEMP for storing cache files. r=mergify[bot] a=Diman0
## What type of PR?
enhancement
## What does this PR do?
Use RUNNER_TEMP for storing cache files in workflow. This should prevent issues on the self-hosted arm runner. Each runner will store cache files in a runner unique temp folder. This temp folders is cleared at the beginning and the end of the job.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2441: Switch to ARM64 self-hosted for ARM build r=mergify[bot] a=Diman0
## What type of PR?
enhancement
## What does this PR do?
Switch to ARM64 self-hosted runner for building ARM/v7 and ARM64 images. Depending on the performance we could introduce tests as well in a new PR.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2440: The ARM wheels don't work r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Remove piwheels to ensure we always rebuild on ARM
### Related issue(s)
- closes#2439
- #1200
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2437: Fix mysql r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
In #2422 we have switched from mysqlclient to mysql-connector ... and apparently SQLalchemy needs to be told explicitly.
This hasn't been tested.
### Related issue(s)
- close#2435
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2430: Prevent signups for accounts where an alias exists r=mergify[bot] a=nextgens
## What type of PR?
Feature
## What does this PR do?
This prevent signups for accounts where an SQL like alias exists; we already do it for non-SQL like aliases
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2426: Update docs to mention .inc.php for roundcube r=nextgens a=DannyDaemonic
My recent patch updated the roundcube overrides to use .inc.php vs .inc (as is done in roundcube and as suggested by roundcube plugin docs). I updated the overrides section in the docs but a page that links to the overrides section still had the old ".inc" file name. This fixes that oversight. Sorry about that.
## What type of PR?
documentation
## What does this PR do?
Updates configuration.rst to also reflect the new extension.
## Prerequisites
This patch neither adds features nor requires a towncrier.
Co-authored-by: Danny Daemonic <DannyDaemonic@gmail.com>
2427: Switch ci/cd workflow to use local build cache for buildx r=mergify[bot] a=Diman0
## What type of PR?
enhancement
## What does this PR do?
Switch to local build cache, cached via actions/cache@v3
The previous method of using gha cache via buildx proved to be unreliable. Using a local cache via actions/cache@v3 is much more reliable. The build job will re-use cache from previous workflow runs.
The total workflow time is still similar ~12 minutes.
If the cache action does intermittently seem to have issues with slow download, we can configure a lower timeout. It is now set on the default 60 minutes.
Some important tidbits:
Cache fragment in build step:
```
- name: Configure actions/cache@v3 action for storing build cache in the /tmp/cache folder
uses: actions/cache@v3
with:
path: /tmp/cache/${{ matrix.target }}
key: ${{ github.ref }}-${{ inputs.mailu_version }}-${{ matrix.target }}-${{ github.run_id }}
restore-keys: |
${{ github.ref }}-${{ inputs.mailu_version }}-${{ matrix.target }}
```
- actions/cache will never update a cache. So on cache-hit (key is found), the cache will not be updated.
- To workaround this, it is possible to use a key that will not have a cache hit. And use restore-keys to lookup and load an existing cache. `${{ github.ref }}-${{ inputs.mailu_version }}-${{ matrix.target }}` matches with `${{ github.ref }}-${{ inputs.mailu_version }}-${{ matrix.target }}-${{ github.run_id }}`.
- So this will result the cache being loaded from a previous workflow. For more info see https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#example-using-multiple-restore-keys
- Two jobs cannot write to the same cache simultaneously. If two jobs (in the same workflow or between workflows) access the same cache (key), then only one of the two workflows can update the cache. For this reason the cache key used in the build step must be unique.
- ${{ inputs.mailu_version }} is used to make sure x64 and arm do not access each others build cache.
Unfortunately it is not possible to use a for loop to loop through steps. For this reason it is not possible possible to shorten the amount of action/Cache@v3 steps. The only possibility is to create our own [composite action](https://docs.github.com/en/actions/creating-actions/creating-a-composite-action). But this makes it maybe to complex. Then the action.yml of the composite action must be maintained as well.
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [n/a] In case of feature or enhancement: documentation updated accordingly
- [n/a] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
The previous method of using gha cache via buildx proved to be
unreliable. Using local cache via actions/cache@v3 is much more
reliable.
The build job will re-use cache from previous workflow runs.
The total workflow time is still similar ~12 minutes.
A recent patch updated the roundcube overrides to use .inc.php vs .inc,
as it's done in roundcube (and as suggested by roundcube plugin docs).
It corrected the overrides and fixed it's section in the faq, but missed
a section in the configuration docs that to the overrides. This fixes
that oversight.