Commit Graph

141 Commits (6bed48e2ac696a50968b1b91793946907615f3a0)

Author SHA1 Message Date
bors[bot] 3327500f96
Merge
2221: Add support for custom NGINX config r=mergify[bot] a=easybe

## What type of PR?

enhancement

## What does this PR do?

Add support for custom NGINX config. Including *.conf files in /etc/nginx/conf.d same as the default NGINX configuration gives the user more flexibility.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Ezra Buehler <ezra@easyb.ch>
bors[bot] 1069c02bc8
Merge
2357: Switch to ffdhe3072 to enable RFC 7919 r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

The idea being:
- it's a "nothing up my sleeves" group
- it may help shave off some bytes of the SSL handshake; That being said, I doubt that clients that are modern enough to support this RFC won't offer an EC kex

https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe3072.pem

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Dimitri Huisman 4b491d9de5 Re-enable the built-in nginx resolver for traffic going through the mail plugin.
This is required for passing rDNS/ptr information to postfix.
The mail proxy uses the resolver info for passing XCLIENT info.
See http://nginx.org/en/docs/mail/ngx_mail_proxy_module.html#xclient
Without this info rspamd will flag all messages with DHFILTER_HOSTNAME_UNKNOWN due to the missing rDNS/ptr info.
Florent Daigniere 74c5e92628 Switch to ffdhe3072 to enable RFC 7919
The idea being:
- it's a "nothing up my sleeves" group
- it may help shave off some bytes of the SSL handshake; That being
said, I doubt that clients that are modern enough to support this RFC
won't offer an EC kex

https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe3072.pem
bors[bot] e92c67b118
Merge
2338: Update X-XSS-Protection to current recommendation r=mergify[bot] a=AvverbioPronome

See:

- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection and
- https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-xss-protection

## What type of PR?

Slight enhancement

## What does this PR do?

This PR turns off the XSS auditor in the few browsers that still have one.

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ?] In case of feature or enhancement: documentation updated accordingly
- [x ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Giuseppe C <1191978+AvverbioPronome@users.noreply.github.com>
Co-authored-by: Your Name <you@example.com>
Florent Daigniere cb656fc9fd Silence some errors in nginx
"could not be resolved (3: Host not found) while in resolving client
address, client:"
Your Name f7a3ecee2c remove X-XSS-Protection header from nginx.conf
Giuseppe C 389438d18b
Update X-XSS-Protection to current recommendation
See:

- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection and
- https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-xss-protection
bors[bot] c15e4e6015
Merge
2276: Autoconfig of email clients r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

It provides auto-configuration templates for email clients and encourages them to use implicit TLS (see https://nostarttls.secvuln.info/)

There are numerous caveats:
- it will only work if suitable DNS records are created and certificates obtained (autoconfig, autodiscover, ...)
- the mobileconfig file isn't signed
- the credentials will be prompted... we could/should provision a token on each request instead
- it currently doesn't advertise caldav
- it's IMAP only

### Related issue(s)
- close  

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Florent Daigniere 9b952da6c2 Allow nginx to lookup IPv6 addresses
It creates issues with RSPAMD/HFILTER_HOSTNAME_UNKNOWN on v6 enabled
setups see
https://github.com/Mailu/Mailu/issues/2260#issuecomment-1066797661
Florent Daigniere 184c9bc566 Add json redirect
Florent Daigniere 6fc1273b58 Add a link to autoconfigure apple devices
Florent Daigniere cdc92aa65b Mobileconfig apple style
Florent Daigniere ccd2cad4f1 Autodiscovery microsoft style
Florent Daigniere 523cee1680 Autoconfig mozilla-style
Florent Daigniere 0816cb9497 simplify as per ghostwheel42's suggestion
Florent Daigniere e4a32b55f5 Send ISRG_X1 on port 25, make DANE pin that
Ezra Buehler 5d6b295013 Add support for custom NGINX config
Including *.conf files in /etc/nginx/conf.d same as the default NGINX
configuration gives the user more flexibility.
Florent Daigniere f6ebf9fda2
Update tls.conf
Florent Daigniere 68ff6c8337
Use ISRG_ROOT_X1 as DST_ROOT is not available
Sebastian Klemke a6b4b9ae52 Removed ssl_trusted_certificate configuration setting from nginx.
Resolves an nginx startup issue when letsencrypt or
mail-letsencrypt is enabled.

Fixes 
Florent Daigniere 6425f440d3 fix 2147
bors[bot] e7f77875e2
Merge
2084: Fix  (login to webmail did not work when WEB_WEBMAIL=/ was set) r=mergify[bot] a=Diman0

## What type of PR?

bug-fix

## What does this PR do?
It fixes . Login from SSO page to webmail did not work if WEB_WEBMAIL=/ was set in mailu.env.

I tested that it works with
- WEB_WEBMAIL=/webmail
- WEB_WEBMAIL=/

### Related issue(s)
- closes  

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] n/a In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
Florent Daigniere d7a8235b89
Simplify
Dimitri Huisman 5bedcc1cb1 Fix
Dimitri Huisman f26fa8da84 Fix Webmail token check. Fix Auth-Port for Webmail.
Florent Daigniere 53a0363b9e Deal with the noisy keepalive messages
We don't particularly care about HTTP... and that's what's noisy.
Florent Daigniere 80a85c27a9 Silent healthchecks in logs
Alexander Graf 3141ffe791 removed some whitespace
Dimitri Huisman 6b16756d92 Fix acessing antispam via sidebar.
Dimitri Huisman 3449b67c86 Process code review remarks PR2023
Dimitri Huisman 503044ef6e Reintroduce ProxyFix. Use two buttons for logging in.
Dimitri Huisman fb0f005343 Get rid of complicated prefix logic. Further simplify /static handling and nginx config.
Dimitri Huisman da788ddee3 Merge branch 'fix-sso-1929' of github.com:Diman0/Mailu into fix-sso-1929
Dimitri Huisman bdcc183165 Redirect to configured ENV VAR for Admin/Webmail, further simplify nginx config.
Dimitri Huisman f1a60aa6ea Remove unneeded auth_request_set
Florent Daigniere d3f07a0882 Simplify the handling of /static
Dimitri Huisman 48764f0400 Ensure all requests from the page sso go through the page sso.
Dimitri Huisman 5232bd38fd Simplify webmail logout.
Dimitri Huisman 5d81846c5d Introduce the shared stub /static for providing all static files
Dimitri Huisman eb74a72a52 Moved locations to correct area in nginx.conf.
Dimitri Huisman aa7380ffba Doh!
Dimitri Huisman 44d2448412 Updated SSO logic for webmails. Fixed small bug rate limiting.
Dimitri Huisman ed7adf52a6 Merge branch 'master' of github.com:Diman0/Mailu into fix-sso-1929
Dimitri Huisman 913a6304a7 Finishing touches. Introduce /static stub for handling all static files.
Diman0 41f5b43b38 Set nginx logging to level info again.
Diman0 f4cde61148 Make header translatable. More finishing touches.
Diman0 9894b49cbd Merge/Update with changes from master
Florent Daigniere 89ea51d570 Implement rate-limits
Diman0 bf0aad9820 Merge branch 'master' of github.com:Mailu/Mailu into fix-sso-1929