2841 Commits (6c510e2e86bbb1ff782c0355d9671058f74805e3)
 

Author SHA1 Message Date
Alexander Graf 6c510e2e86 enabled caching via .htaccess 3 years ago
Alexander Graf b445d9ddd1 set expire headers only for mailu content
also moved robots.txt from config to static folder.
3 years ago
Alexander Graf 698ee4e521 added tiff and webp to list of cached content 3 years ago
Alexander Graf 0094268410 allow to change logo. default color for flash msg
- two new environment variables allow to change logo background color
  and graphic
- flash messages are now green (not cyan)
3 years ago
Alexander Graf d8b4a016af use blue color from https://mailu.io/ 3 years ago
Alexander Graf 7bede55fce more verbose cleaning message 3 years ago
Alexander Graf 4c4031ab74 added feature file 3 years ago
Alexander Graf 7fd605cc21 fixed brand link target for normal users 3 years ago
Alexander Graf 8cdd7e911d duh. removed debug 3 years ago
Alexander Graf 34df8b3168 AdminLTE3 optimizations & compression and caching
- fixed copy of qemu-arm-static for alpine
- added 'set -eu' safeguard
- silenced npm update notification
- added color to webpack call
- changed Admin-LTE default blue
  (core/admin/Dockerfile)

- AdminLTE 3 style tweaks
  (core/admin/assets/app.css)
  (core/admin/mailu/ui/templates/base.html)
  (core/admin/mailu/ui/templates/sidebar.html)

- localized datatables
  (core/admin/Dockerfile)
  (core/admin/assets/app.js)
  (core/admin/package.json)

- moved external javascript code to vendor.js
  (core/admin/assets/app.js)
  (core/admin/assets/vendor.js)
  (core/admin/webpack.config.js)

- added mailu logo
  (core/admin/assets/app.js)
  (core/admin/assets/app.css)
  (core/admin/assets/mailu.png)

- moved all inline javascript to app.js
  (core/admin/assets/app.js)
  (core/admin/mailu/ui/templates/domain/create.html)
  (core/admin/mailu/ui/templates/user/create.html)

- added iframe display of rspamd page
  (core/admin/assets/app.js)
  (core/admin/mailu/ui/views/base.py)
  (core/admin/mailu/ui/templates/sidebar.html)
  (core/admin/mailu/ui/templates/antispam.html)

- updated language-selector to display full language names and use post
  (core/admin/assets/app.js)
  (core/admin/mailu/__init__.py)
  (core/admin/mailu/utils.py)
  (core/admin/mailu/ui/views/languages.py)

- added fieldset to group and en/disable input fields
  (core/admin/assets/app.js)
  (core/admin/mailu/ui/templates/macros.html)
  (core/admin/mailu/ui/templates/user/settings.html)
  (core/admin/mailu/ui/templates/user/reply.html)

- added clipboard copy buttons
  (core/admin/assets/app.js)
  (core/admin/assets/vendor.js)
  (core/admin/mailu/ui/templates/macros.html)
  (core/admin/mailu/ui/templates/domain/details.html)

- cleaned external javascript imports
  (core/admin/assets/vendor.js)

- pre-split first hostname for further use
  (core/admin/mailu/__init__.py)
  (core/admin/mailu/models.py)
  (core/admin/mailu/ui/templates/client.html)
  (core/admin/mailu/ui/templates/domain/signup.html)

- cache dns_* properties of domain object (immutable during runtime)
  (core/admin/mailu/models.py)
  (core/admin/mailu/ui/templates/domain/details.html)

- fixed and splitted dns_dkim property of domain object (space missing)
- added autoconfig and tlsa properties to domain object
  (core/admin/mailu/models.py)

- suppressed extra vertical spacing in jinja2 templates
- improved accessibility for screen reader
  (core/admin/mailu/ui/templates/**.html)

- deleted unused/broken /user/forward route
  (core/admin/mailu/ui/templates/user/forward.html)
  (core/admin/mailu/ui/views/users.py)

- updated gunicorn to 20.1.0 to get rid of buffering error at startup
  (core/admin/requirements-prod.txt)

- switched webpack to production mode
  (core/admin/webpack.config.js)

- added css and javascript minimization
- added pre-compression of assets (gzip)
  (core/admin/webpack.config.js)
  (core/admin/package.json)

- removed obsolte dependencies
- switched from node-sass to dart-sass
  (core/admin/package.json)

- changed startup cleaning message from error to info
  (core/admin/mailu/utils.py)

- move client config to "my account" section when logged in
  (core/admin/mailu/ui/templates/sidebar.html)
3 years ago
Alexander Graf f4e7ce0990 enabled caching, gzip and robots.txt 3 years ago
Alexander Graf 103918ba57 pre-compress assets (*.ico for now) 3 years ago
Alexander Graf 39d7a5c504 pngcrushed images 3 years ago
bors[bot] 71cc8b0a81
Merge #1800
1800: AdminLTE 3 r=mergify[bot] a=DjVinnii

## What type of PR?

Enhancement

## What does this PR do?

This PR implements AdminLTE 3 for the admin interface. It also includes the implementation of DataTables and a language selector.

### Related issue(s)
- closes: #1567
- closes: #1764 

## Prerequistes

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Vincent Kling <vincentkling@msn.com>
Co-authored-by: DjVinnii <vincentkling@msn.com>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Co-authored-by: Diman0 <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3 years ago
bors[bot] f815075929
Merge #1965
1965: postfix/tls_policy: Use lmdb map instead of hash r=mergify[bot] a=tonobo

## What type of PR?

bug-fix

## What does this PR do?

### Related issue(s)

#1918

https://github.com/Mailu/Mailu/pull/1902/#issuecomment-902108080



Co-authored-by: Tim Foerster <timhormersdorf@googlemail.com>
3 years ago
Tim Foerster 9ec9d4d4fb
postfix/tls_policy: Use lmdb map instead of hash
The alpine postfix package seems to have removed support for btree and hash map type. #1918 
The tls_policy.map stuff has been introduced in #1902 and it has been merged without fixing this before (https://github.com/Mailu/Mailu/pull/1902/#issuecomment-902108080)
3 years ago
Dimitri Huisman 5f18860669 Remove workaround. Remove deprecated url-loader. 3 years ago
Dimitri Huisman 60be06e298 Temporary workaround to get FontAwesome icons working. 3 years ago
Dimitri Huisman 5da7a06675 Resolve webpack.config.js error 3 years ago
bors[bot] 7e86f5cb57
Merge #1959
1959: Ensure that we don't trust client headers r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Document how REAL_IP_FROM and REAL_IP_HEADER should be used. Ensure that we strip True-Client-IP and X-Forwarded-For if neither are set.

We should also update the documentation on reverse-proxies... but that's #1958

### Related issue(s)
- #1958

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
Dimitri Huisman 00276d8b70
Merge branch 'master' into AdminLTE-3 3 years ago
bors[bot] 1d9850490c
Merge #1958
1958: Update the documentation on reverse proxies r=mergify[bot] a=nextgens

## What type of PR?

documentation

## What does this PR do?

Update the documentation on reverse proxies; this is mostly cosmetic (fix the links, use example.com where appropriate, ...).

It also removes the last option (run Mailu without its frontend) as that won't work with SSO and is a terrible idea anyway.

I wonder if we should just get rid of that section

### Related issue(s)
- #1528
- #1422
- #1038
- #1879

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
Florent Daigniere 8106892ee8 towncrier 3 years ago
Florent Daigniere 394c2fe22c Document REAL_IP_HEADER and REAL_IP_FROM
Fix a security vulnerability whereby we were not clearing other headers
3 years ago
Florent Daigniere 6bba0cecfc Strip the Forwarded header since nothing is compatible with it yet 3 years ago
Florent Daigniere 0e45bb3ae5 use example.com 3 years ago
Florent Daigniere d65993886a Fix the links 3 years ago
Florent Daigniere 9e306bf255 use example.com 3 years ago
Florent Daigniere 5ed77750f2 clarify 3 years ago
Florent Daigniere 13e0b56a0d This breaks SSO 3 years ago
bors[bot] 6e32092abd
Merge #1873
1873: Completed Hebrew translation r=mergify[bot] a=yarons

The Hebrew translation is incomplete so I've completed it.

Co-authored-by: Yaron Shahrabani <sh.yaron@gmail.com>
3 years ago
bors[bot] 4c52eb3e0e
Merge #1957
1957: BugFix 1952 - use punycode encoding in HTTP headers for webmail/radicale r=mergify[bot] a=Diman0

## What type of PR?

Bug fix

## What does this PR do?

Fixes a bug introduced by the SSO implementation and an already existing bug for radicale.
In auth.py we did not use punycode (ACE) encoding for the domain part of an email. 
Since we pass the user name in the HTTP header to webmail/radicale, we would sometime pass non-ascii. E.g. user@exämple.io.
This is illegal. HTTP headers may only contain ASCII. The domain part of the user name therefore now uses punycode encoding.

I tested that I can log in with the form user@exämple.io and user@xn--exmple-cua.io for
- admin
- roundcube (also tested sending emails of course)
- rainloop (also tested sending emails of course)
- radicale (webdav)
- thunderbird - sending/receiving emails and accessing/modifying the webdav calendar added in radicale.
  - for the calendar you can use the normal and punnycode notation
  - for email you can only use punnycode. This is a limitation of thunderbird. It does not accept email addresses with non-ascii in the domain part of an email address.

### Related issue(s)
- closes  #1952 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [n/a] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3 years ago
Dimitri Huisman 169a540692 Use punycode for HTTP header for radicale and create changelog 3 years ago
Dimitri Huisman 4f5cb0974e Make sure HTTP header only contains ASCII 3 years ago
bors[bot] ecb39fed04
Merge #1947
1947: k8s is helm-charts only r=mergify[bot] a=nextgens

## What type of PR?

documentation

## What does this PR do?

Remove the k8s documentation templates and document that helm charts is the supported way to do it.

### Related issue(s)

- #1451
- closes #1329
- closes #1191 
- closes #1823
- closes #1433
- closes #1285
and
- closes #1420
- closes #1826
- closes #1919


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
Florent Daigniere e742c5432b simplify 3 years ago
Florent Daigniere 0a6f3448ec k8s is helm-chart only 3 years ago
bors[bot] ecaaf25dcb
Merge #1939
1939: Ensure that we don't do multiple DNS lookups in the sieve script r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

It ensures that DNS lookups don't introduce inconsistent state. We may want to go further and actually check the return codes of rspamc too.

I haven't tested it but it should work.

### Related issue(s)
- #1938



Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
Florent Daigniere 368b40b4fd doh 3 years ago
bors[bot] db0370858e
Merge #1941
1941: Fix a bug whereby adding new HOSTNAMEs won't necessarily lead to certificates being renewed. r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Fix a bug whereby adding new HOSTNAMEs won't necessarily lead to certificates being renewed.

certbot's defaut behaviour has changed when --renew-with-new-domains was introduced

### Related issue(s)
- close #1270

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
Florent Daigniere 3e676e232a fix #1270 3 years ago
bors[bot] 7efce99769
Merge #1902
1902: Make smtp_tls_policy_maps easily configurable r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

- Make smtp_tls_policy_maps easily configurable. This is useful to force TLS verification of specific destinations (or relays).
We should probably discuss what's on the list by default. I have found a top100 list online, ran it through a script to check all the records and found 90 destinations we could use.
- disable TLS session tickets (this reduces the PFS window from 1day to 1h)
- enable system CAs by default (to allow for OUTBOUND_TLS_LEVEL above encrypt without additional overrides)

### Related issue(s)
- closes #1558 
- #707

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
Florent Daigniere ae8db08bdf Ensure that we don't do multiple DNS lookups in the sieve script 3 years ago
bors[bot] 53fe567d06
Merge #1925
1925: Optimize Rainloop: Change to NGINX r=mergify[bot] a=Erriez

## What type of PR?

- Reduce build time.
- Reduce image size.
- Faster user response using CGI.

## What does this PR do?

### Related issue(s)
- Mention an issue like: #1830, #1200 and #1924
- Auto close an issue like: closes #1924

## Prerequistes

Documentation updates TBD (requires some guidance):
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.

## Technical details

- Image from `php:7.4-apache` to `nginx:1.21-alpine` followed by PHP7 installation.
- Move `.ini` files to directory `defaults/`.
- Move files `sso.php and include.php` to directory `login/`.
- NGINX configuration:
  - `access_log off;` as this is handled by front.
  - `error_log /dev/stderr err; configured to reduce output. The logging in `start.py` is useless.
  - PHP configuration optimized for CGI usage and requires a config file `config/php-rainloop.conf` -> `/etc/php7/php-fpm.d/rainloop.conf`.
  - `.ini` files are parsed / substituted by `socrate` Python module.

Further optimization is possible by completely removing Python. This is only used to parse the `.ini` files and can be done via Bash scripts. This saves more build time and image size can be reduced to 112MB.

## Reviewing

This PR requires multiple reviewers and extensive testing before merging into master. Data/settings are compatible with previous images.

Co-authored-by: Erriez <Erriez@users.noreply.github.com>
3 years ago
Florent Daigniere 65a27b1c7f add additional options to make DANE easier 3 years ago
Florent Daigniere fb8d52ceb2 Merge branch 'master' of https://github.com/Mailu/Mailu into tls_policy_map 3 years ago
bors[bot] a461f5fa7c
Merge #1904
1904: Allow specific users to send email from any address r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

Allow specific users to send email from any address using the WILDCARD_SENDERS configuration variable.

### Related issue(s)
- closes #1096

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: David Fairbrother <DavidFair@users.noreply.github.com>
Co-authored-by: Diman0 <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Co-authored-by: Erriez <Erriez@users.noreply.github.com>
3 years ago
bors[bot] 5062ee58dc
Merge #1935
1935: Fix bug #1934: logs flooded with "unbound udp connect failed: Address not available for" r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Revert back to alpine 1.12 for the resolver/unbound container. The official fix is at:
08968baec1
but alpine doesn't ship it yet:
https://pkgs.alpinelinux.org/packages?name=unbound&branch=v3.14

### Related issue(s)
- closes #1934 


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
Florent Daigniere e1ddbb6eec Rollback to alpine 1.12
it ships unbound 1.10 that doesn't have the bug I think
08968baec1
3 years ago
Florent Daigniere b4102ba464 doh 3 years ago