53 Commits (a8061f3ed361670e7e267f416ace05b354718193)

Author SHA1 Message Date
Florent Daigniere a8061f3ed3 doh 2 years ago
Florent Daigniere 612db96209 Block executable file extensions (closes #2511) 2 years ago
Florent Daigniere 709023ab5a dimitri said "block it"
So let's block any macro with AUTOEXEC
2 years ago
Florent Daigniere 3bdc57adbc Forgot this 2 years ago
Florent Daigniere e43effab63 Glad there is a test 2 years ago
Florent Daigniere d793c5eed8 Dup symbol 2 years ago
Florent Daigniere 7e1ab7978e Block VBA Stomping too 2 years ago
Florent Daigniere 3e45a791cf Implement oletools to filter out bad macros 2 years ago
Florent Daigniere f994c8687e doh 2 years ago
Florent Daigniere e3b875aa6b Well, -i stands for --insecure 2 years ago
bors[bot] 0839490beb
Merge #2479
2479: Rework the anti-spoofing rule r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

We shouldn't assume that Mailu is the only MTA allowed to send emails on behalf of the domains it hosts.
We should also ensure that it's non-trivial for email-spoofing of hosted domains to happen

Previously we were preventing any spoofing of the envelope from; Now we are preventing spoofing of both the envelope from and the header from unless some form of authentication passes (is a RELAYHOST, SPF, DKIM, ARC)

### Related issue(s)
- close #2475

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago
Florent Daigniere ec4224123b Use the logger 2 years ago
Florent Daigniere 89f7d983b4 Don't start rspamd until admin is up and working 2 years ago
Florent Daigniere d8cf0c3848 Revert "Admin may not have started up when this loads"
This reverts commit 0f17299b4e.
2 years ago
Florent Daigniere 0f17299b4e Admin may not have started up when this loads 2 years ago
Florent Daigniere 95a3a3d342 doh 2 years ago
Florent Daigniere bd1b73032c Poke a hole for mailing lists 2 years ago
Florent Daigniere c4fcaed7d4 doh 2 years ago
Florent Daigniere 8929f54de5 clarify
Also cover the case where the DKIM sig is for another domain and there
is no explicit DMARC policy
2 years ago
Florent Daigniere 8da6117bb9 clarify 2 years ago
Florent Daigniere af87456faf this works for me 2 years ago
Florent Daigniere be4dd6d84a Spell it out 2 years ago
Florent Daigniere f7b3aad831 Ensure we REJECT when we don't have a DMARC policy
This restores the old behaviour
2 years ago
Florent Daigniere 8775a2bf04 untested code that may just work 2 years ago
Alexander Graf 146921f619
Move curl to base image 2 years ago
Alexander Graf 4c1071a497
Move all requirements*.txt to base image 2 years ago
Alexander Graf a29f066858
Move even more python deps to base image 2 years ago
Alexander Graf 9fe452e3d1
Use base image when building core images 2 years ago
Florent Daigniere 5d09390147 enable rspamd's autolearn feature 2 years ago
Vincent Kling bab3f0f5a4 Remove POD_ADDRESS_RANGE 2 years ago
Dimitri Huisman d19208d3d1 Merge branch 'master' of github.com:Mailu/Mailu into feature-switch-snappymail 3 years ago
henniaufmrenni 8eb8cb1f48 Update deprecated rspamd config option
This gets rid of the following error message:
lua; antivirus.lua:109: CLAM_VIRUS [clamav]: Using attachments_only is deprecated. Please use scan_mime_parts = true instead

As per the rspamd documentation https://rspamd.com/doc/modules/antivirus.html
attachments_only = true; # Before 1.8.1
scan_mime_parts = true; # After 1.8.1

The currently used version is rspamd 3.1.
3 years ago
Dimitri Huisman 9519d07ba2 Switch from RainLoop to SnappyMail 3 years ago
bors[bot] 08be233607
Merge #2058
2058: Implement versioning for CI/CD workflow. r=mergify[bot] a=Diman0

## What type of PR?

Feature!

## What does this PR do?
This PR introduces 3 things
- Add versioning (tagging) for branch x.y (1.8). E.g. 1.8.0, 1.8.1 etc.
  - docker repo will contain x.y (latest) and x.y.z (pinned version) images.
  - The X.Y.Z tag is incremented automatically. E.g. if 1.8.0 already exists, then the next merge on 1.8 will result in the new tag 1.8.1 being used.
- Make the version available in the image.
  -  For X.Y and X.Y.Z write the version (X.Y.Z) into /version on the image and add a label with version=X.Y.Z
	  -  This means that the latest X.Y image shows the pinned version (X.Y.Z e.g. 1.8.1) it was based on. Via the tag X.Y.Z you can see the commit hash that triggered the built.
  -  For master write the commit hash into /version on the image and add a label with version={commit hash}
-  Automatic releases. For x.y triggered builts (e.g. merge on 1.9) do a new github release for the pinned x.y.z (e.g. 1.9.2). 
  -  Release shows a static message (see RELEASE_TEMPLATE.md) that explains how to reach the newsfragments folder and change the branch to the tag (x.y.z) mentioned in the release. Now you can get the changelog by reading all newsfragment files in this folder.

This PR does not change anything to our workflow (what we (human persons) do). Our processes are still exactly the same. The above introduced logic is automatic. When we backport to X.Y all the magic for creating the pinned version X.Y.Z is handled by the CI/CD workflow.

### Related issue(s)
- closes #1182

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.

## Testing
Suggested testing steps. This should cover all situations including BORS. It does require that you use your own docker repo or temporarily create a new one.
Suggested testing steps.
1. Create new github repo.
2. Add the required docker secrets to the project (see beginning of CI.yml for the secret names), DOCKER_UN, DOCKER_PW, DOCKER_ORG, DOCKER_ORG_TESTS.
3. Clone the project.
4. Copy the contents of the PR to the cloned project.
5. Push to your new github repo.
6. Now master images are built. Check that images with tag master are pushed to your docker repo
7. Check with docker inspect nginx:master that it has the label version={commit hash}.
8. Run an image, run `docker-compose exec <name> cat /version`. Note that /version also contains the pinned version. For master the pinned version is the commit hash.
9. Create branch 1.8. 
10. Push branch 1.8 to repo.
11. Note that tags 1.8 and 1.8.0 are built and pushed to docker repo
12. Inspect label and /version. Note that 1.8 and 1.8.0 both show version 1.8.0.
13. Push another commit to branch 1.8.
14. Note that tags 1.8 and 1.8.1 are built and pushed to docker repo
15. Inspect label and /version. Note that 1.8 and 1.8.1 both show version 1.8.1.
16. Let's check BORS stuff.
17. Create branch testing.
18. Push the commit with the exact commit text (IMPORTANT!!): `Try #1234:`'.
19. Note that images are built and pushed for tag `pr-1234`.
20. Inspect label and /version. Note that the version is `pr-1234`.
20. Create branch staging.
21. Push the commit with commit text: `Merge #1234`.
22. Note that this image is not pushed to docker (as expected).

but you could also check the GH repo and docker repo I used:
https://github.com/Diman0/Mailu_Fork
https://hub.docker.com/r/diman/rainloop/tags

Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3 years ago
Florent Daigniere 89a7a8ac13 Fix score of RCVD_NO_TLS_LAST 3 years ago
Florent Daigniere 1925b2e0fb Upgrade rspamd 3 years ago
Dimitri Huisman f7677543c6 Process code review remarks
- Moved run to bottom of Dockerfile to allow using unmodified / cached states.
- Simplified bash code in deploy.sh.
- Improved the large bash one-liner in CI.yml. It could not handle >9 for 1.x.
3 years ago
Dimitri Huisman 56dd70cf4a Implement versioning for CI/CD workflow (see #1182). 3 years ago
bors[bot] f0188d9623
Merge #2034
2034: Add timezone to containers r=mergify[bot] a=DjVinnii

## What type of PR?

Enhancement

## What does this PR do?
This PR adds the tzdata package so that the environment variable `TZ` can be used to set the timezone of containers.

### Related issue(s)
- closes #1154 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: DjVinnii <vincentkling@msn.com>
3 years ago
DjVinnii 225160610b Set default TZ in Dockerfiles 3 years ago
DjVinnii 1d6809193b Add tzdata to core 3 years ago
Florent Daigniere 74b31dc407 Ensure that RCVD_NO_TLS_LAST doesn't add spam points 3 years ago
Florent Daigniere 2170e07731 Tell rspamd about RELAYNETS 3 years ago
Alexander Graf 893705169e PoC rspamd use dkimkeys from admin using vault api 3 years ago
Florent Daigniere d7c2b510c7 Give alpine 3.14.2 a shot 3 years ago
Florent Daigniere 420afa53f8 Upgrade to alpine 3.14 4 years ago
bors[bot] a1345114bc
Merge #1649 #1673
1649: Update docs/reverse.rst with Traefik v2+ info r=mergify[bot] a=patryk-tech

## What type of PR?

Documentation

## What does this PR do?

Adds information about using Traefik v2+ as a reverse proxy.

### Related issue(s)
Closes #1503 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1673: Remove rspamd unused env var from start script r=mergify[bot] a=cbachert

## What type of PR?
Cleanup

## What does this PR do?
Remove unused environment variable FRONT_ADDRESS in rspamd. FRONT_ADDRESS references were removed with commit 8172f3e in PR #727 like mentioned in chat https://matrix.to/#/!MINuyJjJSrfowljYCK:tedomum.net/$160401946364NGNmI:imninja.net?via=huisman.xyz&via=matrix.org&via=imninja.net
```
Mailu$ grep -r "FRONT_ADDRESS" core/rspamd/
core/rspamd/start.py:os.environ["FRONT_ADDRESS"] = system.get_host_address_from_environment("FRONT", "front")
```

### Related issue(s)
N/A

## Prerequistes
- [x] Documentation updated accordingly: No documentation to update
- [x] Add to changelog: Minor change

Co-authored-by: Patryk Tech <git@patryk.tech>
Co-authored-by: cbachert <cbachert@users.noreply.github.com>
4 years ago
cbachert 32f6a23a95 Remove rspamd unused env var from start script
Environment variable FRONT_ADDRESS is unused in rspamd
FRONT_ADDRESS references were removed with commit 8172f3e in PR #727
4 years ago
anrc 59bc4f7aea
Remove the username from the milter_headers
Rspamd adds the name of the authenticated user by default. Setting add_smtp_user to false prevents the login to be leaked.
4 years ago
ofthesun9 cff2e76269 Switching to alpine:3.12 5 years ago