2369 Commits (a1fd44fced2c65a1c379b445fb65f2a5a24efd24)
 

Author SHA1 Message Date
Alexander Graf a1fd44fced added lmtp: prefix and documentation 3 years ago
Alexander Graf b55b53b781 optimize generation of transport nexthop 4 years ago
bors[bot] ee1301f4f8
Merge #1767
1767: Remove "CHUNKING" capability from nginx-smtp r=mergify[bot] a=Nebukadneza

## What type of PR?
bug-fix

## What does this PR do?
With `CHUNKING`set as a capability, nginx advertises this capability to
clients at a stage where the SMTP dialog does not seem to be forwarded
to the proxy-target (postfix) yet. Nginx' SMTP parser itself does not
support the `BDAT` command issued as part of a chunke-d dialog. This makes
Nginx respond with a `250 2.0.0 OK` and close the connection, after the
mail-data got sent by the client — without forwarding this to the
proxy-target.

With this, users mail can be lost.

Furthermore, when a user uses a sieve filter to forward mail, dovecot
sometimes chunks the forwarded mail when sending it through `front`.
These forwards then fail.

Removing `CHUNKING` from the capabilities fixes this behavior.

### Related issue(s)
closes #1766 

Co-authored-by: Dario Ernst <dario@kanojo.de>
4 years ago
Dario Ernst b6716f0d74 Remove "CHUNKING" capability from nginx-smtp
With `CHUNKING`set as a capability, nginx advertises this capability to
clients at a stage where the SMTP dialog does not seem to be forwarded
to the proxy-target (postfix) yet. Nginx' SMTP parser itself does not
support the `BDAT` command issued as part of a chunke-d dialog. This makes
Nginx respond with a `250 2.0.0 OK` and close the connection, after the
mail-data got sent by the client — without forwarding this to the
proxy-target.

With this, users mail can be lost.

Furthermore, when a user uses a sieve filter to forward mail, dovecot
sometimes chunks the forwarded mail when sending it through `front`.
These forwards then fail.

Removing `CHUNKING` from the capabilities fixes this behavior.
4 years ago
bors[bot] 581a7fceaf
Merge #1737
1737: Removed email address r=ofthesun9 a=MordiSacks

## What type of PR?
Email address removed for privacy concern.

Co-authored-by: Mordi Sacks <MordiSacks@users.noreply.github.com>
4 years ago
bors[bot] 21d1f32885
Merge #1748
1748: For travis Ci: Need to docker login before pulling images r=mergify[bot] a=ofthesun9

To avoid triggering the Download rate limit from Docker Hub

## What type of PR?
enhancement

## What does this PR do?
This PR add a docker login cmd before launching the build script

Co-authored-by: ofthesun9 <olivier@ofthesun.net>
4 years ago
ofthesun9 788d069b53
Modify docker login cmd to use --password-stdin and avoid warning 4 years ago
ofthesun9 612632e4fc
Need to docker login before pulling images
To avoid triggering the Download rate limite
4 years ago
bors[bot] 227118e20f
Merge #1743
1743: Doc fixes r=ofthesun9 a=rbarazzutti

## Documentations fixes

- 82b5920 typos
- 444529b PostgreSQL deprecation (reword)

Co-authored-by: Raphaël P. Barazzutti <raphael@barazzutti.net>
4 years ago
Raphaël P. Barazzutti 9e8183ee71
rewording about the usage of PostgreSQL
Co-authored-by: lub <github@lubiland.de>
4 years ago
Raphaël P. Barazzutti 444529b7df rewording in doc 4 years ago
Raphaël P. Barazzutti 82b5920b16 typos 4 years ago
Mordi Sacks f56af3053a
Removed email address 4 years ago
bors[bot] 6518ef19af
Merge #1730
1730: Use alpine 3.13 to fix CVE-2020-25275 and CVE-2020-24386 r=mergify[bot] a=micw

## What type of PR?

bug-fix

## What does this PR do?

Upgrade dovecot alpine to 3.13 to fix CVEs in dovecot

### Related issue(s)

- #1720

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
4 years ago
Michael Wyraz 2b37be9889 Use alpine 3.13 to fix CVE-2020-25275 and CVE-2020-24386 4 years ago
bors[bot] b2eded5879
Merge #1693
1693: Bump cryptography from 2.6.1 to 3.2 in /core/admin r=mergify[bot] a=dependabot[bot]

Bumps [cryptography](https://github.com/pyca/cryptography) from 2.6.1 to 3.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst">cryptography's changelog</a>.</em></p>
<blockquote>
<p>3.2 - 2020-10-25</p>
<pre><code>
* **SECURITY ISSUE:** Attempted to make RSA PKCS#1v1.5 decryption more constant
  time, to protect against Bleichenbacher vulnerabilities. Due to limitations
  imposed by our API, we cannot completely mitigate this vulnerability and a
  future release will contain a new API which is designed to be resilient to
  these for contexts where it is required. Credit to **Hubert Kario** for
  reporting the issue. *CVE-2020-25659*
* Support for OpenSSL 1.0.2 has been removed. Users on older version of OpenSSL
  will need to upgrade.
* Added basic support for PKCS7 signing (including SMIME) via
  :class:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder`.
<p>.. _v3-1-1:</p>
<p>3.1.1 - 2020-09-22
</code></pre></p>
<ul>
<li>Updated Windows, macOS, and <code>manylinux</code> wheels to be compiled with
OpenSSL 1.1.1h.</li>
</ul>
<p>.. _v3-1:</p>
<p>3.1 - 2020-08-26</p>
<pre><code>
* **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based
  :term:`U-label` parsing in various X.509 classes. This support was originally
  deprecated in version 2.1 and moved to an extra in 2.5.
* Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by
  the OpenSSL project. The next version of ``cryptography`` will drop support
  for it.
* Deprecated support for Python 3.5. This version sees very little use and will
  be removed in the next release.
* ``backend`` arguments to functions are no longer required and the
  default backend will automatically be selected if no ``backend`` is provided.
* Added initial support for parsing certificates from PKCS7 files with
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
  and
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
  .
* Calling ``update`` or ``update_into`` on
  :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data``
  longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This
  also resolves the same issue in :doc:`/fernet`.
<p>.. _v3-0:</p>
<p>3.0 - 2020-07-20
&lt;/tr&gt;&lt;/table&gt;
</code></pre></p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="c9e65222c9"><code>c9e6522</code></a> 3.2 release (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5508">#5508</a>)</li>
<li><a href="58494b41d6"><code>58494b4</code></a> Attempt to mitigate Bleichenbacher attacks on RSA decryption (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5507">#5507</a>)</li>
<li><a href="cf9bd6a36b"><code>cf9bd6a</code></a> move blinding to <strong>init</strong> on both RSA public and private (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5506">#5506</a>)</li>
<li><a href="bf4b962f4b"><code>bf4b962</code></a> be more verbose in the 102 deprecation notice (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5505">#5505</a>)</li>
<li><a href="ada53e7ca0"><code>ada53e7</code></a> make the regexes for branches more strict (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5504">#5504</a>)</li>
<li><a href="8be1d4b111"><code>8be1d4b</code></a> Stop using <a href="https://github.com/master">@master</a> for GH actions (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5503">#5503</a>)</li>
<li><a href="08a97cca71"><code>08a97cc</code></a> Bump actions/upload-artifact from v1 to v2.2.0 (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5502">#5502</a>)</li>
<li><a href="52a0e44e97"><code>52a0e44</code></a> Add a dependabot configuration to bump our github actions (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5501">#5501</a>)</li>
<li><a href="611c4a340f"><code>611c4a3</code></a> PKCS7SignatureBuilder now supports new option NoCerts when signing (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5500">#5500</a>)</li>
<li><a href="836a92a28f"><code>836a92a</code></a> chunking didn't actually work (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5499">#5499</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/pyca/cryptography/compare/2.6.1...3.2">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=pip&previous-version=2.6.1&new-version=3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/configuring-github-dependabot-security-updates)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Mailu/Mailu/network/alerts).

</details>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4 years ago
bors[bot] 8a425c92e0
Merge #1696
1696: disable php version expose r=Diman0 a=ronivay

## What type of PR?

enhancement

## What does this PR do?

Disable exposing PHP-version from webmails in x-powered-by header for security reasons.

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [N/A] In case of feature or enhancement: documentation updated accordingly
- [x ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: ronivay <roni@vayrynen.info>
4 years ago
ronivay 96bf16605c fix changelog entry from feature to misc 4 years ago
ronivay 1ef62f5a2f changelog entry for #1696 4 years ago
ronivay eb0dc7f90a disable php version expose 4 years ago
dependabot[bot] 54ccfdf975
Bump cryptography from 2.6.1 to 3.2 in /core/admin
Bumps [cryptography](https://github.com/pyca/cryptography) from 2.6.1 to 3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/2.6.1...3.2)

Signed-off-by: dependabot[bot] <support@github.com>
4 years ago
bors[bot] 900d4f16ae
Merge #1684
1684: add warning about removing front r=mergify[bot] a=lub

## What type of PR?

documentation

## What does this PR do?

### Related issue(s)
- caused confusion e.g. in #1678

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [ ] ~~Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.~~


Co-authored-by: lub <git@lubiland.de>
4 years ago
bors[bot] dad1964c11
Merge #1680
1680: remove service status "feature" r=ofthesun9 a=ebdavison

Per the issue tracker, this was removed in issue Mailu#463 (Remove the Service Status page)

## What type of PR?

documentation

## What does this PR do?

remove feature for services status which no longer exists; this confused me as I was trying to find it and was not able to.

## Related issue(s)

Remove the Service Status page Mailu#463

## Prerequistes

Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

N/A

Co-authored-by: ebdavison <549431+ebdavison@users.noreply.github.com>
4 years ago
bors[bot] d9cd5168ab
Merge #1687
1687: Fix letsencrypt access to certbot for the mail-letsencrypt flavour r=ofthesun9 a=ofthesun9

## What type of PR?

bug-fix

## What does this PR do?
This PR changes nginx.conf file to ensure that the flavor mail-letsencrypt is also having the redirection for .well-known/acme-challenge

### Related issue(s)
closes #1686

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: ofthesun9 <olivier@ofthesun.net>
4 years ago
ebdavison ad97266f77
removing unneeded image
Removing this image as request in PR #1680
4 years ago
ofthesun9 d32e73c5bc Fix letsencrypt access to certbot for the mail-letsencrypt flavour 4 years ago
bors[bot] 3ca81913fc
Merge #1654
1654: Ensure that the rendered file ends with newline in order to make `pos… r=mergify[bot] a=tremlin

## What type of PR?

Bugfix

## What does this PR do?

This fixes #1580 

### Related issue(s)
- closes #1580

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.


Co-authored-by: Thomas Rehn <thomas.rehn@initos.com>
4 years ago
lub 900b28178a add warning about removing front 4 years ago
bors[bot] d2ff6769cc
Merge #1669 #1672
1669: Fix extract_host_port port separation r=mergify[bot] a=cbachert

Regex quantifier should be lazy to make port separation work.

## What type of PR?
bug-fix

## What does this PR do?
The "extract_host_port" function in admin/mailu/internal/nginx.py and optional/fetchmail/fetchmail.py is not actually separating host and port due to the `(.*)` part of the regex being too generous. Lazy quantifier `(.*?)` allows the other capturing groups to match.

### Related issue(s)
- No issue raised for this

## Prerequistes
- [x] Documentation updated accordingly: N/A, bug-fix
- [x] Add [changelog] entry file: Added towncrier newsfragment with second commit

1672: mark radio buttons in setup utility as required r=mergify[bot] a=lub

## What type of PR?
bug-fix

## What does this PR do?
mark radio buttons in setup utility as required

Otherwise it's possible to submit the form without selecting e.g. any
flavor, which would need additional handling on the server side.

### Related issue(s)

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: cbachert <cbachert@users.noreply.github.com>
Co-authored-by: lub <git@lubiland.de>
4 years ago
bors[bot] 77c7fe2aa0
Merge #1671
1671: manually merge wrongly named news fragments r=mergify[bot] a=lub

see https://github.com/twisted/towncrier#news-fragments for a list of
default news fragment types

## What type of PR?

documentation

## What does this PR do?
adds the missing news fragemnts to the 1.8 changelog

### Related issue(s)
- #1653

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
4 years ago
ebdavison 2cf9fdb220
remove service status "feature"
Per the issue tracker, this was removed in issue #463 (Remove the Service Status page)
4 years ago
lub 708e31660f mark radio buttons in setup utility as required
Otherwise it's possible to submit the form without selecting e.g. any
flavor, which would need additional handling on the server side.
4 years ago
lub b159275057 manually merge wrongly named news fragments
see https://github.com/twisted/towncrier#news-fragments for a list of
default news fragment types
4 years ago
cbachert 862086ea37 Fix extract_host_port port separation
Add towncrier newsfragment
4 years ago
cbachert 72a9ec5b7c Fix extract_host_port port separation
Regex quantifier should be lazy to make port separation work.
4 years ago
Dario Ernst 966383c762
Merge pull request #1653 from Diman0/1.8
Preparations for 1.8 release.
4 years ago
Dimitri Huisman 26839c9066 Fixed small typo, added clarification for full text search and added japanese local as a new feature. 4 years ago
Dario Ernst c0cc6bbaec Add DNS SPF upgrade notice; Extend Changelog items 4 years ago
Dario Ernst 2e55329b8b Improve changelog and release texts for 1.8 4 years ago
Dario Ernst 7483ea1d49 Make setup show external DB parameters automaticaly when selecting postgres
Before, the "external postgres" options were not shown, even though
"extrnal" was pre-selected. This fixes the mechanics surrounding the
picker.
4 years ago
Dimitri Huisman 7b27d0dd4e When selecting a non-stable version, add a message this is version is "only for testing".
The stable version is set via the new environment variable stable_version. E.g.
stable_version=1.7
4 years ago
Thomas Rehn 05ab244638 Ensure that the rendered file ends with newline in order to make `postconf` work correctly 4 years ago
Dimitri Huisman 17cea83301 Completely remove step 5 where you can set the replica count for docker-stack.
Add additional warning to ´experimental' notice in setup for stack.
Add a notice the shipped PostgreSQL is deprecated.
Make the external PostgreSQL database the default option.
Make 1.7 the default version (stable_version': '1.7', in docs\conf.py)
Update mergify.yml with 1.8 version
4 years ago
Dimitri Huisman 78890a97ff Preparations for 1.8 release. 4 years ago
bors[bot] 90984c4d2b
Merge #1645
1645: Update stale.yml r=mergify[bot] a=Diman0

as discussed in chat https://matrix.to/#/!RJFCFtixHgPhzacdhW:tedomum.net/$160120578037UHNkM:huisman.xyz?via=ghostdub.de&via=matrix.org&via=tedomum.net
stalebot should only touch
- user support (issue with no label or issue with label type/question).
- issues we explicitly mark with a response_needed label (whatever the name will be of this label).
To give more time to respond when we mark issue with more info needed, we increase the daysUntilClose to 14


Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
4 years ago
Dimitri Huisman b51d9eb58f
Update stale.yml
as discussed in chat https://matrix.to/#/!RJFCFtixHgPhzacdhW:tedomum.net/$160120578037UHNkM:huisman.xyz?via=ghostdub.de&via=matrix.org&via=tedomum.net
stalebot should only touch
- user support (issue with no label or issue with label type/question).
- issues we explicitly mark with a response_needed label (whatever the name will be of this label).
To give more time to respond when we mark issue with more info needed, we increase the daysUntilClose to 14
4 years ago
bors[bot] 62c54ea57f
Merge #1592
1592: Add documentation for the web administration gui. r=mergify[bot] a=Diman0

## What type of PR?

Documentation

## What does this PR do?

This PR adds the section Web Administration Interface to the documentation site which completely documents all available settings in the web administration interface.

### Related issue(s)
- Closes issue #1590 (please close this issue for me)

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ Done ] In case of feature or enhancement: documentation updated accordingly
- [ Done ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
4 years ago
bors[bot] 5a108fe848
Merge #1643
1643: Exempt status/work in progress label from stalebot r=mergify[bot] a=Nebukadneza

## What type of PR?
enhancement

## What does this PR do?
Exempt status/wip label from stalebot

Co-authored-by: Dario Ernst <dario@kanojo.de>
4 years ago
Dimitri Huisman 86d6caa789
Update docs/webadministration.rst
additional clarification. We only support secure connections.

Co-authored-by: lub <github@lubiland.de>
4 years ago
Dimitri Huisman a50e6d55c5
Update docs/webadministration.rst
grammar

Co-authored-by: lub <github@lubiland.de>
4 years ago