Commit Graph

2797 Commits (a01960787362ed3fc5e7774c3bc573b3c52a86d9)
 

Author SHA1 Message Date
Florent Daigniere ee54a615c1 Alpine has removed support for btree and hash
Diman0 4e16c9000b Give docker containers in each test one more minute for starting.
Diman0 146b081119 enhanced security changelog entry and added recommendation to recreate secret_key
Diman0 2132adcc38 Fixed typing error.
Diman0 e3fbf48c5a Improved changelog entry
Dimitri Huisman 9b2afbfa89 Resolve merge conflict
Diman0 b7db90b7ff Update documentation config and release notes page.
Diman0 529994c095 Update CHANGELOG.md and process towncrier newsfragments.
David Fairbrother 24747e33de Add ability to set no WEBROOT_REDIRECT to Nginx
Adds a 'none' env option to WEBROOT_REDIRECT so that no `location /`
configuration is written to nginx.conf.

This is useful for setting up Mailu and Mailman where we override the
root to proxy to the mailing list server instead. Without this change
the nginx container will not start, or for 1.7 users can set their
WEBMAIL_PATH to / with no webmail to get the same results.

This fix means that future users don't have to choose between webmail
and a root override and makes the configuration intention clear.
Florent Daigniere 0b16291153 doh
Florent Daigniere 7b847852af fix typo
Florent Daigniere 1db08018da Ensure that we get certificate validation on top90
I have found a list of the top100 email destinations online and ran them
through a script to ensure that all of their MX servers had valid
configuration... this is the result
Florent Daigniere e1a7657999 Now that postfix has CAs we can switch to secure
encrypt means "ensure we have some confidentiality" whereas secure means
"ensure we have confidentiality while talking to the right peer"
(protects against passive or/and active MITM attacks)
Florent Daigniere 6149c759f4 doc
Florent Daigniere b066a5e2ac add a default tls_policy_map
Florent Daigniere 1df79f8132 give PFS a chance
Erriez 10f2c17979 Restore Roundcube PHP files
Erriez 5a1d89aaac Restore Rainloop Dockerfile HEALTHCHECK
Florent Daigniere 925105075c this is required in fact
Erriez 556a5897d1 Install php7-pdo and php7-pdo_sqlite for contacts
Erriez d0a0ba6727 Optimize PHP pm setting to ondemand
The ondemand setting results in lower memory consumption in idle.
Erriez 0fd97124f7 Process review feedback
Florent Daigniere 772e5efb7d Disable pipelining to prevent bypass
Erriez d472900efa Optimize Rainloop to NGINX
- Reduce build time.
- Reduce image size.
- Faster user response using CGI.
Florent Daigniere c76a76c0b0 make it optional, add a knob
Florent Daigniere 5e1ba9d4ff towncrier
Florent Daigniere 109a8aa000 Ensure that we always have CERT+INTERMEDIARY CA
Let's encrypt may change things up in the future...
Florent Daigniere dccd8afd51 Thanks @Diman0!
ENEEDSLEEP
Florent Daigniere 974bcba5ab Restore LOGIN as tests assume it's there
Florent Daigniere 2b05e72ce4 Revert "maybe fix the tests"
This reverts commit f971b47fb9.
Florent Daigniere f971b47fb9 maybe fix the tests
Florent Daigniere 4a871c0905 this causes trouble with the test
Florent Daigniere 12c842c4b9 In fact in fullchain we want all but the last
Florent Daigniere 24f9bf1064 format certs for nginx
Florent Daigniere 98b903fe13 don't send the rootcert
Florent Daigniere 92ec446c20 doh
Florent Daigniere f05cc99dc0 Add ECC certs for modern clients
Florent Daigniere cb68cb312b Reduce the size of the RSA key to 3072bits
This is already generous for certificates that have a 3month validity!

We rekey every single time.
Florent Daigniere 5e7d5adf17 AUTH shouldn't happen on port 25
Florent Daigniere 55cdb1a534 be explicit about what we support
Florent Daigniere ecadf46ac6 fix PFS
Florent Daigniere 7285c6bfd9 admin won't understand LOGIN
Florent Daigniere de3620da4a Don't send credentials in clear ever
Florent Daigniere 4535c42e70 This isn't required
Florent Daigniere 1101e401e8 Apply the restriction on the right port
Florent Daigniere 6d244222da better error message
bors[bot] 3a96bf2170
Merge
1917: Update Alpine version from 3.10 to 3.14 build_arm.sh r=mergify[bot] a=Erriez

## What type of PR?

Update Alpine version from 3.10 to 3.14 in `build_arm.sh` script.

## What does this PR do?

### Related issue(s)
- Mention an issue like: 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.

Co-authored-by: Erriez <Erriez@users.noreply.github.com>
Florent Daigniere d6ce5d0c06 Remove a warning: limits don't apply to trusted hosts
bors[bot] f38576b75a
Merge
1918: Alpine has removed support for btree and hash from postfix r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

fix the following errors:
Aug 08 16:52:03 ocloud postfix/smtp[376]: error: unsupported dictionary type: hash
Aug 08 16:52:03 ocloud postfix/tlsmgr[377]: error: unsupported dictionary type: btree
Aug 08 16:52:03 ocloud postfix/tlsmgr[377]: warning: btree:/var/lib/postfix/smtp_scache is unavailable. unsupported dictionary type: btree

Without it Mailu is unusable with a relay.

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Florent Daigniere 1029cad048 towncrier