2407: Fix small typo in config-import example template r=mergify[bot] a=Diman0
## What type of PR?
documentation fix
## What does this PR do?
Fixes a small typo in the full yaml template example for the config-import. The entry ``alias:`` was incorrectly displayed as ``aliases:``.
### Related issue(s)
- closes#2387
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ n/a ] In case of feature or enhancement: documentation updated accordingly
- [ n/a ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2404: Forwarding emails option in user settings did not support 1 letter do… r=mergify[bot] a=Diman0
…mains.
## What type of PR?
Bug-fix
## What does this PR do?
Forwarding emails option in user setting did not support 1 letter domains. The regex for checking the validity of multiple email addresses string has been modified to allow 1 letter domains and to allow 1 letter local part.
### Related issue(s)
- closes#2402
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [n/a] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2397: Fix resolving alias addresses for postfix when target is a punycode domain r=mergify[bot] a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
- fix splitting of localpart in resolve_destination
- idna-enode domain-part of email addresses before returning to postfix
### Related issue(s)
- closes#2393
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
- The main workflow file has been optimised and simplified.
- Images are built in parallel when building locally resulting in faster build times.
- The github action workflow is about 50% faster.
- Arm images are built as well. These images are not tested due to restrictions of github actions (no arm runners). The tags of the images have -arm appended to it.
- Arm images can also be built locally.
- Reusable workflow is introduced for building, testing and deploying the images.
This allows the workflow to be reused for other purposes in the future.
- Workflow can be manually triggered. This allows forked Mailu projects to also use the workflow for building images.
2391: Documentation fixes r=mergify[bot] a=adamward-git
## What type of PR?
(documentation)
## What does this PR do?
Spelling corrections, gammar fixes.
### Related issue(s)
N/A
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
N/A
Co-authored-by: Adam Ward <awjob@internode.on.net>
Co-authored-by: adamward-git <82577349+adamward-git@users.noreply.github.com>
2295: Switch from Rainloop to SnappyMail r=mergify[bot] a=Diman0
## What type of PR?
Feature
## What does this PR do?
As discussed in the project meeting (#1582), we decided we want to switch from Rainloop to an alternative. Rainloop has multiple open security issues which were not patched for a long time.
We decided to switch to SnappyMail because it is more secure and based on RainLoop. This means that users using RainLoop will still have a webmail that looks familiar for them.
This PR replaces RainLoop with SnappyMail.
### Related issue(s)
- #2215
- #1582
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2395: fix FAQ typo r=mergify[bot] a=rayrrr
## What type of PR?
documentation
## What does this PR do?
Fix a typo: stripped as in whitespace, not striped as in tiger :)
Co-authored-by: Ray <7869818+rayrrr@users.noreply.github.com>
2360: roundcube: disable apache2 access log r=mergify[bot] a=pommi
## What type of PR?
bug-fix
## What does this PR do?
It disables the access log of apache2 in the roundcube webmail container. Requests are already logged by the front container. The requests logged in the roundcube container contained contained the wrong client IP: the IP address of the front container.
----
Original PR:
~~Roundcube webmail is accessed through the nginx reverse proxy in the front container. Each access logline logged by apache2 in the roundcube container did not contain the actual client IP address, but the IP address of the front container, for example:~~
```
192.168.203.3 - - [28/May/2022:12:33:52 +0000] "POST /?_task=mail&_action=refresh HTTP/1.1" 200 677 "https://[REDACTED]/roundcube/?_task=mail&_mbox=INBOX" "Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0"
^
IP address of the front container
```
~~By enabling the apache2 remoteip module and configuring it to get the actual client IP address from the X-Forwarded-For header, it logs the correct client IP address to the access log.~~
### Related issue(s)
- None
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
**No changelog or documentation necessary for this minor change.**
Co-authored-by: Pim van den Berg <pim@nethuis.nl>
2364: Update Dockerfile r=mergify[bot] a=twekkel
apt is intended for interactive usage, for scripts use apt-get (https://manpages.debian.org/bullseye/apt/apt.8.en.html) to avoid warnings.
## What type of PR?
minor enhancement
## What does this PR do?
replace apt with apt-get to avoid below warning
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
## Prerequisites
-
Co-authored-by: Eddy Vervest <57325478+twekkel@users.noreply.github.com>
Remove unneeded IF statement in /admin block in nginx.conf of front.
Fix contributions made to Dockerfile, add missing trailing \ and add back curl
Change healthcheck to monitoring page of fpm. Now we check nginx and fpm.
2384: Re-enable the built-in nginx resolver for traffic going through the mail plugin r=mergify[bot] a=Diman0
## What type of PR?
Bug-fix
## What does this PR do?
Re-enable the built-in nginx resolver for traffic going through the mail plugin
This is required for passing rDNS/ptr information to postfix.
The mail proxy uses the resolver info for passing XCLIENT info.
See http://nginx.org/en/docs/mail/ngx_mail_proxy_module.html#xclient
Without this info rspamd will flag all messages with DHFILTER_HOSTNAME_UNKNOWN due to the missing rDNS/ptr info.
Yes this re-introduces these `cannot resolve` error messages. If we really want to get rid of these, then we can consider logging to a rsyslog daemon where we filter out these messages.
### Related issue(s)
- Auto close an issue like: closes#2368
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [n/a] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
This is required for passing rDNS/ptr information to postfix.
The mail proxy uses the resolver info for passing XCLIENT info.
See http://nginx.org/en/docs/mail/ngx_mail_proxy_module.html#xclient
Without this info rspamd will flag all messages with DHFILTER_HOSTNAME_UNKNOWN due to the missing rDNS/ptr info.
As per discussion in #2360: The front container (nginx reverse proxy) is
already logging all requests, disable the access logs for apache2 in the
roundcube container completely.
2370: Fix docs build error r=mergify[bot] a=Diman0
Set language to English for sphinx in conf.py
The docs have always been generated with the option to treat warnings as errors.
Recently (due to an update?) sphinx-build reports using language=None as a warning. It is expected that a specific
language is set. This causes the build to fail. ALL open PR's are affected by this.
```
Warning, treated as error:
Invalid configuration value found: 'language = None'. Update your configuration to a valid langauge code. Falling back to 'en' (English).
```
## What type of PR?
bug-fix
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
The docs have always been generated with the option to treat
warnings as errors. Recently sphinx-build reports using
language=None as a warning. It is expected that a specific
language is set.
2325: postfix: wrap IPv6 CIDRs in square brackets for RELAYNETS r=mergify[bot] a=pommi
## What type of PR?
bug-fix
## What does this PR do?
This PR wraps IPv6 CIDRs in the `RELAYNETS` environment variable in square brackets for the postfix configuration.
The `RELAYNETS` environment variable is used for configuring both postfix `mynetworks` and rspamd `local_networks`. Postfix requires IPv6 addresses to be wrapped in square brackets (eg. `[2001:db8::]/64`).
When an IPv6 address is not wrapped in square brackets in the postfix configuration for `mynetworks` it results in this error while processing an incoming email from an IPv6 sender:
```
postfix/smtpd[340]: warning: 2001:db8::/64 is unavailable. unsupported dictionary type: 2001
postfix/smtpd[340]: warning: smtpd_client_event_limit_exceptions: 2001:db8::/64: table lookup problem
```
The sender sees an error and the incoming email is refused:
```
451 4.3.0 <unknown[2001:xxx:xxx:xxx:xxx:xxx:xxx:xxx]>: Temporary lookup failure
```
I tried to work around this issue by wrapping the IPv6 CIDR in square brackets in the `RELAYNETS` environment variable, but it segfaults rspamd, because it can't deal with this non-standard IPv6 notation used by postfix:
```
kernel: [4305632.603704] rspamd[1954299]: segfault at 0 ip 00007fb848983871 sp 00007ffe02cc6d1
8 error 4 in ld-musl-x86_64.so.1[7fb848948000+48000]
```
### Related issue(s)
- #2293
- #2272
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
**No changelog or documentation necessary for this minor change.**
Co-authored-by: Pim van den Berg <pim@nethuis.nl>
Roundcube webmail is accessed through the nginx reverse proxy in the
front container. Each access logline logged by apache2 in the roundcube
container did not contain the actual client IP address, but the IP
address of the front container, for example:
> 192.168.203.3 - - [28/May/2022:12:33:52 +0000] "POST /?_task=mail&_action=refresh HTTP/1.1" 200 677 "https://[REDACTED]/roundcube/?_task=mail&_mbox=INBOX" "Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0"
^
IP address of the front container
By enabling the apache2 remoteip module and configuring it to get the
actual client IP address from the X-Forwarded-For header, it logs the
correct client IP address to the access log.
The RELAYNETS environment variable is used for configuring both postfix
`mynetworks` and rspamd `local_networks`. Postfix requires IPv6
addresses to be wrapped in square brackets (eg. [2001:db8::]/64).
2278: Feature: Ability to change marking spam emails as "Read" r=mergify[bot] a=Riscue
## What type of PR?
Feature
## What does this PR do?
Changes the default behavior of marking all incoming spam as read, giving the user a chance to decide. Parameter set to True default. Nothing will be changed unless user uncheck it.
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: İbrahim Akyel <ibrahim@ibrahimakyel.com>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2310: Update deprecated rspamd config option r=mergify[bot] a=henniaufmrenni
## What type of PR?
Configuration update
## What does this PR do?
This is just a small config update to get rid of the following warning message:
`lua; antivirus.lua:109: CLAM_VIRUS [clamav]: Using attachments_only is deprecated. Please use scan_mime_parts = true instead`
As per the rspamd documentation https://rspamd.com/doc/modules/antivirus.html
> attachments_only = true; # Before 1.8.1
> scan_mime_parts = true; # After 1.8.1
The currently used version of rspamd is 3.1.
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: henniaufmrenni <henniaufmrenni@keinvergessen.org>
2338: Update X-XSS-Protection to current recommendation r=mergify[bot] a=AvverbioPronome
See:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection and
- https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-xss-protection
## What type of PR?
Slight enhancement
## What does this PR do?
This PR turns off the XSS auditor in the few browsers that still have one.
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ?] In case of feature or enhancement: documentation updated accordingly
- [x ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Giuseppe C <1191978+AvverbioPronome@users.noreply.github.com>
Co-authored-by: Your Name <you@example.com>
2348: Silence some errors in nginx r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
It silences some errors in nginx by disabling the built-in resolver stub.
"could not be resolved (3: Host not found) while in resolving client address, client:"
I've talked about it on #mailu-dev ; There is a possibility that this has an impact on performance.
### Related issue(s)
- closes#2346
- #2290
- #1789
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>