Florent Daigniere
facc4b6427
Allow specific users to send email from any address
3 years ago
Erriez
a5534a34dc
Update Alpine version from 3.10 to 3.14
3 years ago
Florent Daigniere
9e5cfaaec8
towncrier
3 years ago
Florent Daigniere
ee54a615c1
Alpine has removed support for btree and hash
3 years ago
Diman0
4e16c9000b
Give docker containers in each test one more minute for starting.
3 years ago
Diman0
146b081119
enhanced security changelog entry and added recommendation to recreate secret_key
3 years ago
Diman0
2132adcc38
Fixed typing error.
3 years ago
Diman0
e3fbf48c5a
Improved changelog entry
3 years ago
Dimitri Huisman
9b2afbfa89
Resolve merge conflict
3 years ago
Diman0
b7db90b7ff
Update documentation config and release notes page.
3 years ago
Diman0
529994c095
Update CHANGELOG.md and process towncrier newsfragments.
3 years ago
David Fairbrother
24747e33de
Add ability to set no WEBROOT_REDIRECT to Nginx
...
Adds a 'none' env option to WEBROOT_REDIRECT so that no `location /`
configuration is written to nginx.conf.
This is useful for setting up Mailu and Mailman where we override the
root to proxy to the mailing list server instead. Without this change
the nginx container will not start, or for 1.7 users can set their
WEBMAIL_PATH to / with no webmail to get the same results.
This fix means that future users don't have to choose between webmail
and a root override and makes the configuration intention clear.
3 years ago
Florent Daigniere
0b16291153
doh
3 years ago
Florent Daigniere
7b847852af
fix typo
3 years ago
Florent Daigniere
1db08018da
Ensure that we get certificate validation on top90
...
I have found a list of the top100 email destinations online and ran them
through a script to ensure that all of their MX servers had valid
configuration... this is the result
3 years ago
Florent Daigniere
e1a7657999
Now that postfix has CAs we can switch to secure
...
encrypt means "ensure we have some confidentiality" whereas secure means
"ensure we have confidentiality while talking to the right peer"
(protects against passive or/and active MITM attacks)
3 years ago
Florent Daigniere
6149c759f4
doc
3 years ago
Florent Daigniere
b066a5e2ac
add a default tls_policy_map
3 years ago
Florent Daigniere
1df79f8132
give PFS a chance
3 years ago
Erriez
10f2c17979
Restore Roundcube PHP files
3 years ago
Erriez
5a1d89aaac
Restore Rainloop Dockerfile HEALTHCHECK
3 years ago
Florent Daigniere
925105075c
this is required in fact
3 years ago
Diman0
5afbf37292
Resolve build issues
3 years ago
Dimitri Huisman
df64601b28
Merge branch 'master' into AdminLTE-3
3 years ago
Erriez
556a5897d1
Install php7-pdo and php7-pdo_sqlite for contacts
3 years ago
Erriez
d0a0ba6727
Optimize PHP pm setting to ondemand
...
The ondemand setting results in lower memory consumption in idle.
3 years ago
Erriez
0fd97124f7
Process review feedback
3 years ago
Florent Daigniere
772e5efb7d
Disable pipelining to prevent bypass
3 years ago
Erriez
d472900efa
Optimize Rainloop to NGINX
...
- Reduce build time.
- Reduce image size.
- Faster user response using CGI.
3 years ago
Florent Daigniere
c76a76c0b0
make it optional, add a knob
3 years ago
Florent Daigniere
5e1ba9d4ff
towncrier
3 years ago
Florent Daigniere
109a8aa000
Ensure that we always have CERT+INTERMEDIARY CA
...
Let's encrypt may change things up in the future...
3 years ago
Florent Daigniere
dccd8afd51
Thanks @Diman0!
...
ENEEDSLEEP
3 years ago
Florent Daigniere
974bcba5ab
Restore LOGIN as tests assume it's there
3 years ago
Florent Daigniere
2b05e72ce4
Revert "maybe fix the tests"
...
This reverts commit f971b47fb9
.
3 years ago
Florent Daigniere
f971b47fb9
maybe fix the tests
3 years ago
Florent Daigniere
4a871c0905
this causes trouble with the test
3 years ago
Florent Daigniere
12c842c4b9
In fact in fullchain we want all but the last
3 years ago
Florent Daigniere
24f9bf1064
format certs for nginx
3 years ago
Florent Daigniere
98b903fe13
don't send the rootcert
3 years ago
Florent Daigniere
92ec446c20
doh
3 years ago
Florent Daigniere
f05cc99dc0
Add ECC certs for modern clients
3 years ago
Florent Daigniere
cb68cb312b
Reduce the size of the RSA key to 3072bits
...
This is already generous for certificates that have a 3month validity!
We rekey every single time.
3 years ago
Florent Daigniere
5e7d5adf17
AUTH shouldn't happen on port 25
3 years ago
Florent Daigniere
55cdb1a534
be explicit about what we support
3 years ago
Florent Daigniere
ecadf46ac6
fix PFS
3 years ago
Florent Daigniere
7285c6bfd9
admin won't understand LOGIN
3 years ago
Florent Daigniere
de3620da4a
Don't send credentials in clear ever
3 years ago
Florent Daigniere
4535c42e70
This isn't required
3 years ago
Florent Daigniere
1101e401e8
Apply the restriction on the right port
3 years ago