1961: Implement MTA-STS and DANE validation r=mergify[bot] a=nextgens
## What type of PR?
Feature
## What does this PR do?
Implement MTA-STS: the tls_policy_map will now be auto-configured based on the policies published by the various domains. A FAQ entry has been added to document how to publish a policy using Mailu.
As configured by default there is no persistence. If we want persistence we can have either sqlite3 (with a db in the mailqueue) or redis...
This also introduces a DEFER_ON_TLS_ERROR (default: True) setting that will harden policy enforcement and defer emails that shouldn't be delivered. Turn it off if you never want to set an override.
### Related issue(s)
- closes#1798
- closes#707
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
- fixed copy of qemu-arm-static for alpine
- added 'set -eu' safeguard
- silenced npm update notification
- added color to webpack call
- changed Admin-LTE default blue
(core/admin/Dockerfile)
- AdminLTE 3 style tweaks
(core/admin/assets/app.css)
(core/admin/mailu/ui/templates/base.html)
(core/admin/mailu/ui/templates/sidebar.html)
- localized datatables
(core/admin/Dockerfile)
(core/admin/assets/app.js)
(core/admin/package.json)
- moved external javascript code to vendor.js
(core/admin/assets/app.js)
(core/admin/assets/vendor.js)
(core/admin/webpack.config.js)
- added mailu logo
(core/admin/assets/app.js)
(core/admin/assets/app.css)
(core/admin/assets/mailu.png)
- moved all inline javascript to app.js
(core/admin/assets/app.js)
(core/admin/mailu/ui/templates/domain/create.html)
(core/admin/mailu/ui/templates/user/create.html)
- added iframe display of rspamd page
(core/admin/assets/app.js)
(core/admin/mailu/ui/views/base.py)
(core/admin/mailu/ui/templates/sidebar.html)
(core/admin/mailu/ui/templates/antispam.html)
- updated language-selector to display full language names and use post
(core/admin/assets/app.js)
(core/admin/mailu/__init__.py)
(core/admin/mailu/utils.py)
(core/admin/mailu/ui/views/languages.py)
- added fieldset to group and en/disable input fields
(core/admin/assets/app.js)
(core/admin/mailu/ui/templates/macros.html)
(core/admin/mailu/ui/templates/user/settings.html)
(core/admin/mailu/ui/templates/user/reply.html)
- added clipboard copy buttons
(core/admin/assets/app.js)
(core/admin/assets/vendor.js)
(core/admin/mailu/ui/templates/macros.html)
(core/admin/mailu/ui/templates/domain/details.html)
- cleaned external javascript imports
(core/admin/assets/vendor.js)
- pre-split first hostname for further use
(core/admin/mailu/__init__.py)
(core/admin/mailu/models.py)
(core/admin/mailu/ui/templates/client.html)
(core/admin/mailu/ui/templates/domain/signup.html)
- cache dns_* properties of domain object (immutable during runtime)
(core/admin/mailu/models.py)
(core/admin/mailu/ui/templates/domain/details.html)
- fixed and splitted dns_dkim property of domain object (space missing)
- added autoconfig and tlsa properties to domain object
(core/admin/mailu/models.py)
- suppressed extra vertical spacing in jinja2 templates
- improved accessibility for screen reader
(core/admin/mailu/ui/templates/**.html)
- deleted unused/broken /user/forward route
(core/admin/mailu/ui/templates/user/forward.html)
(core/admin/mailu/ui/views/users.py)
- updated gunicorn to 20.1.0 to get rid of buffering error at startup
(core/admin/requirements-prod.txt)
- switched webpack to production mode
(core/admin/webpack.config.js)
- added css and javascript minimization
- added pre-compression of assets (gzip)
(core/admin/webpack.config.js)
(core/admin/package.json)
- removed obsolte dependencies
- switched from node-sass to dart-sass
(core/admin/package.json)
- changed startup cleaning message from error to info
(core/admin/mailu/utils.py)
- move client config to "my account" section when logged in
(core/admin/mailu/ui/templates/sidebar.html)
1800: AdminLTE 3 r=mergify[bot] a=DjVinnii
## What type of PR?
Enhancement
## What does this PR do?
This PR implements AdminLTE 3 for the admin interface. It also includes the implementation of DataTables and a language selector.
### Related issue(s)
- closes: #1567
- closes: #1764
## Prerequistes
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.
Co-authored-by: Vincent Kling <vincentkling@msn.com>
Co-authored-by: DjVinnii <vincentkling@msn.com>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Co-authored-by: Diman0 <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
1965: postfix/tls_policy: Use lmdb map instead of hash r=mergify[bot] a=tonobo
## What type of PR?
bug-fix
## What does this PR do?
### Related issue(s)
#1918https://github.com/Mailu/Mailu/pull/1902/#issuecomment-902108080
Co-authored-by: Tim Foerster <timhormersdorf@googlemail.com>
This will default to True and defer emails that fail even "loose"
validation of DANE or MTA-STS
It should work most of the time but if it doesn't and you would rather
see your emails delivered, you can turn it off.
1959: Ensure that we don't trust client headers r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Document how REAL_IP_FROM and REAL_IP_HEADER should be used. Ensure that we strip True-Client-IP and X-Forwarded-For if neither are set.
We should also update the documentation on reverse-proxies... but that's #1958
### Related issue(s)
- #1958
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
1958: Update the documentation on reverse proxies r=mergify[bot] a=nextgens
## What type of PR?
documentation
## What does this PR do?
Update the documentation on reverse proxies; this is mostly cosmetic (fix the links, use example.com where appropriate, ...).
It also removes the last option (run Mailu without its frontend) as that won't work with SSO and is a terrible idea anyway.
I wonder if we should just get rid of that section
### Related issue(s)
- #1528
- #1422
- #1038
- #1879
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>