Because basically every MTA out there uses opportunistic TLS _in
the best case_, it's actually counter productive to use such strict
settings.
The alternative to a handshake error is often an unencrypted submission,
which is basically the opposite of what strict ssl_protocols and
ssl_ciphers tries to achieve.
Even big and established providers like Amazon SES are incompatible with the current
settings.
This reverts commit 2ddf46ad2b.
1601: Fixing documentation minor typo r=mergify[bot] a=akevinieron
## What type of PR?
Documentation
## What does this PR do?
Fixing minor typo on certificate section
## Related issue(s)
N/A
Co-authored-by: Kevin Jimenez <kevinjimenezlorenzo@gmail.com>
1603: fixed workflow example in documentation r=mergify[bot] a=ghostwheel42
## What type of PR?
documentation
## What does this PR do?
fix error in workflow example. use "git remote add" to add upstream as remote.
### Related issue(s)
-/-
Co-authored-by: Alexander Graf <agraf@kevag-telekom.de>
1599: Fix hardcoded reference to admin container. r=mergify[bot] a=Nebukadneza
Superseding #1330
## What type of PR?
big-fix
## What does this PR do?
Fixes a hardcoded reference to ``admin`` container which may or may not be called ``admin`` in reality, since the user may eventually to name the container otherwise.
### Related issue(s)
- closes#1323
- subsumes #1324
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- Minor bug-fix, no additional documentation needed.
Co-authored-by: Richard Gomes <rgomes.info@gmail.com>
1600: Force setup-file download scheme to HTTPS r=mergify[bot] a=Nebukadneza
## What type of PR?
bug-fix
## What does this PR do?
Up until now HTTPS was only offered by redirect, making MitM possible
before server redirect hit the client.
Add scheme-force to HTTPS to the url-generation.
### Related issue(s)
- fixes#963
## Prerequistes
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.
Co-authored-by: Dario Ernst <dario.ernst@rommelag.com>
1553: Added FAQ about SMTP Banner r=mergify[bot] a=arother
## What type of PR?
documentation
## What does this PR do?
Adding FAQ about SMTP Banner
### Related issue(s)
- closes#1368
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
Co-authored-by: Andreas Rother <andreas@rother.org>
Co-authored-by: Dario Ernst <github@kanojo.de>
Up until now HTTPS was only offered by redirect, making MitM possible
before server redirect hit the client.
Add scheme-force to HTTPS to the url-generation.
fixes#963
Changing Hostname in the .env and in the banner might lead to various breakages of the setup — so don’t advise it to users in the FAQ.
Co-authored-by: Thomas Sänger <thomas@gecko.space>
1596: Fix ANTIVIRUS line in mailu.env file r=mergify[bot] a=Diman0
The ANTIVIRUS line is commented in mailu.env file. Each mailu.env file generated by setup.mailu.io will have the antivirus line commented. Removed the # so that antivirus works again for new deployments.
## What type of PR?
bug fix
## What does this PR do?
### Related issue(s)
- #1595
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [N/A ] In case of feature or enhancement: documentation updated accordingly
- [ N/A minor change] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
The ANTIVIRUS line is commented in mailu.env file. Each mailu.env file generated by setup.mailu.io will have the antivirus line commented. Removed the # so that antivirus works again for new deployments.
1586: Add documentation in regard to the spam filter in Mailu. Added all su… r=mergify[bot] a=Diman0
…ggestions from Liquidat and Nebukadneza..
I have added the suggestions mentioned in pull request #1575
## What type of PR?
Adds FAQ section 'Spam filtering' that describes how spam filtering works. It also describes how you can create your own local black list. This enables the user to set up a map that can be live-updated via Rspamd webgui for blocking emails from listed sender domains.
## What does this PR do?
### Related issue(s)
#1167#1566
Closes issue #1167
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
[ N/A] In case of feature or enhancement: documentation updated accordingly
[ Done] Unless it's docs or a minor change: add changelog entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
1587: Pin test/build pip-dependencies to their last known versions r=mergify[bot] a=Nebukadneza
## What type of PR?
bug-fix
## What does this PR do?
Fix current travis docker API-version mismatches … in a crude, but safe
way.
### Related issue(s)
None
## Prerequistes
- [x] no docs
- [x] minor change
Co-authored-by: Dario Ernst <dario@kanojo.de>
1541: alpine 3.12 as base image r=mergify[bot] a=ofthesun9
## What type of PR?
Keep in sync with alpine devel
alpine 3.12 was [released](https://alpinelinux.org/posts/Alpine-3.12.0-released.html) on 29 May 2020.
Update for the main services:
nginx 1.18 (vs 1.16)
dovecot 2.3.10 (unchanged)
postfix 3.5.2 (vs 3.4.7)
rspamd 2.5 (vs 1.9.4)
clamav 0.102/3 (vs 0.101.5)
fetchmail 6.4.5
## What does this PR do?
Mostly Dockerfile modification
Co-authored-by: ofthesun9 <olivier@ofthesun.net>
1570: Update webmail.yaml r=mergify[bot] a=DerH4NNES
Duplicated "ports:"
## What type of PR?
bug-fix
## What does this PR do?
fixes service specs
### Related issue(s)
/
Co-authored-by: Sascha Hannes <saschahannes@web.de>
1511: Setup, compose: add note about reverse DNS r=mergify[bot] a=liquidat
## What type of PR?
documentation
## What does this PR do?
If the [mailu setup utility](https://setup.mailu.io/master/) is used with the Compose flavor, in step 4 a list of public host names needs to be provided:
![Screenshot from 2020-05-17 01-54-06](https://user-images.githubusercontent.com/1998084/82132563-5227d780-97e1-11ea-85ed-fa5d5108e24e.png)
The [first entry in this list is configured as hostname by postfix](ddac2672fc/core/postfix/conf/main.cf (L10)). That is crucial: if the reverse DNS entry for that host is not the same as this first entry in this list, it will be a mismatch between rDNS and HELO, which will lead to bad scoring in many spam filters.
This commit clarifies that point.
It also fixes a missing parenthesis.
### Related issue(s)
- (none)
## Prerequistes
- (none applicable)
Co-authored-by: liquidat <liquidat@bayz.de>
1526: Use Radicale 3.x for webdav service r=mergify[bot] a=ofthesun9
- remove -f flag in Dockerfile CMD
- remove deprecated daemon and dns_lookup settings from radicale.conf
- move realm setting from [server] to [auth] in radicale.conf
- add newsfragment
## What type of PR?
Miscellaneous
## What does this PR do?
Modifications in Dockerfile and radicale.conf to get Radicale 3.0 service building properly.
Functional tests would be needed before merge.
### Related issue(s)
- closes#1512
## Prerequistes
- [X] In case of feature or enhancement: documentation updated accordingly
Co-authored-by: ofthesun9 <olivier@ofthesun.net>
1557: Explicitly define ProxyFix options r=mergify[bot] a=brian-maloney
## What type of PR?
bug-fix
## What does this PR do?
This PR explicitly defines the options for the ProxyFix module, which fixes a regression in admin behind a reverse proxy.
### Related issue(s)
- #1309
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.
This is a bugfix, so not doc changes, and it's an extremely minor change.
Co-authored-by: Brian Maloney <3286425+brian-maloney@users.noreply.github.com>
1538: Introduce environment variable to control dovecot full-text-search r=mergify[bot] a=tremlin
## What type of PR?
Enhancement
## What does this PR do?
In #1320 a full-text-search feature was enabled in Dovecot by default. Since this can have a big impact on performance, I think it's preferable to offer an option to disable the feature if it is not needed. This PR doesn't change the default behavior (FTS on).
### Related issue(s)
- #1320
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordinagly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.
Co-authored-by: Thomas Rehn <thomas.rehn@initos.com>
1499: Harmonization of the various docker-compose.yml templates r=mergify[bot] a=ofthesun9
## What type of PR?
Mainly documentation and update of the docker-compose.yml templates
## What does this PR do?
- Update of setup/flavors/stack/docker-compose.yml and docs/compose/docker-compose.yml to keep parity with setup/flavors/compose/docker-compose.yml (last changes with pr1444)
- Also refresh of the mkdir command found in setup/flavors/stack/setup.html to cope with the creation of mailqueue; overrides/nginx, overrides/dovecot folders.
### Related issue(s)
None
## Prerequistes
- [x] In case of feature or enhancement: documentation updated accordingly
Co-authored-by: ofthesun9 <olivier@ofthesun.net>
1478: Allow to enforce TLS for outbound r=mergify[bot] a=micw
using OUTBOUND_TLS_LEVEL=encrypt (default is 'may')
## What type of PR?
enhancement
## What does this PR do?
Add an option to postfix to enforce outbound traffic to be TLS encrypted.
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.
1501: In setup/flavor, change DMARC RUA and RUF email default settings r=mergify[bot] a=ofthesun9
## What type of PR?
bug-fix
## What does this PR do?
This PR changes the default value used to set DMARC_RUA and DMARC_RUF:
DMARC_RUA and DMARC_RUF defaults will reuse the value defined for POSTMASTER,
instead of 'admin' as previously.
Please note that the setup tool doesn't allow (yet?) to define dmarc_rua nor dmarc_ruf, so the default value is indeed used for the time being.
### Related issue(s)
closes#1463
## Prerequistes
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.
1532: Replace SMPT with SMTP r=mergify[bot] a=dhoppe
1543: Disable Health checks on swarm mode r=mergify[bot] a=ofthesun9
ref: https://github.com/moby/moby/issues/35451
## What type of PR?
bug-fix
## What does this PR do?
Modify the docker-compose.yml template used by setup (swarm flavor) to disable Health checks on swarm mode for each service
### Related issue(s)
closes#1289
## Prerequistes
- [x] add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.
Co-authored-by: Michael Wyraz <michael@wyraz.de>
Co-authored-by: ofthesun9 <olivier@ofthesun.net>
Co-authored-by: Dennis Hoppe <github@debian-solutions.de>
1542: Remove unused variables r=mergify[bot] a=dhoppe
## What type of PR?
Cleanup.
## What does this PR do?
This pull request will remove unused variables. I do not think @matst14 will update his pull request because his account seems to be quite inactive.
### Related issue(s)
- Mention an issue like: #1112#1437
- Auto close an issue like: closes#1112#1437
## Prerequistes
None.
Co-authored-by: Dennis Hoppe <github@debian-solutions.de>
1548: Update Roundcube to 1.4.6 r=mergify[bot] a=HorayNarea
## What type of PR?
enhancement
## What does this PR do?
Update Roundcube to 1.4.6
Co-authored-by: Thomas Sänger <thomas@gecko.space>