Commit Graph

187 Commits (c83457a2fa2f45aa86df04a2406e23843f14376f)

Author SHA1 Message Date
Florent Daigniere 55cdb1a534 be explicit about what we support
Florent Daigniere ecadf46ac6 fix PFS
Florent Daigniere de3620da4a Don't send credentials in clear ever
Florent Daigniere 4535c42e70 This isn't required
Florent Daigniere 1101e401e8 Apply the restriction on the right port
Florent Daigniere d6ce5d0c06 Remove a warning: limits don't apply to trusted hosts
Florent Daigniere bcdc137677 Alpine has removed support for btree and hash
Florent Daigniere 1438253a06 Ratelimit outgoing emails per user
Florent Daigniere d44608ed04 Merge remote-tracking branch 'upstream/master' into upgrade-alpine
bors[bot] bf65a1248f
Merge
1885: fix 1884: always lookup a FQDN r=mergify[bot] a=nextgens

## What type of PR?

bugfix

## What does this PR do?

Fix bug . Ensure that we avoid the musl resolver bug by always looking up a FQDN

### Related issue(s)
- closes 

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Florent Daigniere fa915d7862 Fix 1294 ensure podop's socket is owned by postfix
Florent Daigniere 9d2629a04e fix 1884: always lookup a FQDN
Florent Daigniere 1d65529c94 The lookup could fail; ensure we set something
Florent Daigniere 8bc1d6c08b Replace PUBLIC_HOSTNAME/IP in Received headers
This will ensure that we don't get spam points for not respecting the
RFC
Florent Daigniere 72735ab320 remove cyrus-sasl-plain
Florent Daigniere 420afa53f8 Upgrade to alpine 3.14
Florent Daigniere 513d2a4c5e Fix bug : nested headers shouldn't be touched
Michael Wyraz ca6ea6465c make syslog optional
Michael Wyraz e979743226 Rsyslog logging for postfix, optional logging to file, no logging of test requests
Thomas Rehn 05ab244638 Ensure that the rendered file ends with newline in order to make `postconf` work correctly
Dimitri Huisman d9e7b8249b Add support for AUTH LOGIN authentication mechanism for relaying email via smart hosts.
ofthesun9 539114a3d6
Merge branch 'master' into test-alpine-3.12
bors[bot] 64f21d5b84
Merge
1478: Allow to enforce TLS for outbound r=mergify[bot] a=micw

 using OUTBOUND_TLS_LEVEL=encrypt (default is 'may')

## What type of PR?

enhancement

## What does this PR do?

Add an option to postfix to enforce outbound traffic to be TLS encrypted.

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1501: In setup/flavor, change DMARC RUA and RUF email default settings r=mergify[bot] a=ofthesun9

## What type of PR?
bug-fix

## What does this PR do?
This PR changes the default value used to set DMARC_RUA and DMARC_RUF:
DMARC_RUA and DMARC_RUF defaults will reuse the value defined for POSTMASTER,
instead of 'admin' as previously.
Please note that the setup tool doesn't allow (yet?) to define dmarc_rua nor dmarc_ruf, so the default value is indeed used for the time being.

### Related issue(s)
closes  

## Prerequistes
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1532: Replace SMPT with SMTP r=mergify[bot] a=dhoppe



1543: Disable Health checks on swarm mode r=mergify[bot] a=ofthesun9

ref: https://github.com/moby/moby/issues/35451

## What type of PR?
bug-fix

## What does this PR do?
Modify the docker-compose.yml template used by setup (swarm flavor) to disable Health checks on swarm mode for each service

### Related issue(s)
closes 

## Prerequistes
- [x]  add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
Co-authored-by: ofthesun9 <olivier@ofthesun.net>
Co-authored-by: Dennis Hoppe <github@debian-solutions.de>
ofthesun9 cff2e76269 Switching to alpine:3.12
ofthesun9 381bf747cc Check permissions using postfix set-permissions
ofthesun9 3a9c9d0436 Fixed typo
ofthesun9 67caf0c8cf Check /queue permissions before postfix start
postfix and posdrop id might have changed after base image change
Michael Wyraz e4454d776a Allow to enforce TLS for outbound using OUTBOUND_TLS_LEVEL=encrypt (default is 'may')
SunMar ac6b8d62dd Remove `reject_unverified_recipient` from `smtpd_client_restrictions`
Fix for , though I'm not sure if this is the right way to fix the issue. It was added in 175349a224.
Dario Ernst dbcab06587 Ignore newlines and comment-lines in postfix overrides
To make postfix override files understandable and readable, users may
want to insert empty newlines and #-commented lines in their postfix
override files too. This will now ignore such bogus-lines and not send
them to `postconf`, which produced ugly errors in the past.

closes 
kaiyou bd69b7a491 Add support for SRS, related to
Michael Wyraz fb9ddbca7a Install p3-yarn as dependency for podop
Michael Wyraz 09ee3ce95c Install py3-multidict from repository before installing socrate to avoid the need of gcc during build
bors[bot] 0417c791ff
Merge
985: Permit raspberry pi (and other architectures) builds r=mergify[bot] a=abondis

## What type of PR?

Enhancement

## What does this PR do?

Add an option to select base images and permit building for different CPU architectures.

### Related issue(s)
N/A

## Prerequistes

- [X] documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Aurélien Bondis <aurelien.bondis@gmail.com>
Co-authored-by: Aurelien <aurelien.bondis@gmail.com>
bors[bot] dcda412b99
Merge
1211: Split HOST_ANTISPAM in HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI r=mergify[bot] a=micw

## What type of PR?

bug-fix

## What does this PR do?

Fixes  by separating HOST_ANTISPAM into HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI

### Related issue(s)
- closes 
- closes 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
Michael Wyraz a907fe4cac Split HOST_ANTISPAM in HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI
Michael Wyraz 8ece8409f1 Remove unused volume /data from postfix. Add volume /queue to postfix
Michael Wyraz de2f166bd1 Resolve HOST_* to *_ADDRESS only if *_ADDRESS is not already set
Ionut Filip 075417bf90 Merged master and fixed conflicts
Aurélien Bondis 124b1d4c71 rebase and update for 3.10, avoid adding qemu file to x86 images
hoellen 9de5dc2592 Use python package socrate instead of Mailustart
Dario Ernst 1dbda71401 Adapt shared layer conf to now really-missing mailustart in admin (after merging webpack)
Dario Ernst a8c3530bfa Remove accidentally reintroduced rsyslogd config
Dario Ernst 0f146cd811 Require python3.7-compatible podop
Which is still unreleased, but serves as a placeholder here.
Dario Ernst 0306be1eed Re-add missing MailuStar in admin
It turns out we were all blind and admin *does* use MailuStart
Dario Ernst ce0c24e076 Merge branch 'master' into HorayNarea-feat-upgrade-alpine
Dario Ernst 53f754f5ac Remove MailuStart from admin and correct layer-sharing comments
Dario Ernst 93b54dcffe Install podop from pypi
Dario Ernst bb2edb6eb6 Revert "Move alpine version definition out to variable"
This reverts commit c787e4bdbd.
Dario Ernst c787e4bdbd Move alpine version definition out to variable
Daniel Huber ae290482c0
Format relay credentials file with jinja
Daniel Huber 515e95076a
Merge branch 'master' into feat-relay-auth
Dario Ernst ea851e77d4 Remove reference to rsyslogd
Dario Ernst 3bfdff155c Use official Mailu/Podop
Dario Ernst a253ca47fe Use official Mailu/MailuStart
Dario Ernst d155b2c533 Start postfix directly with stdout logging
Dario Ernst 9c1675e9d8 Use TEMPORARY workaround-branch for podop python 3.7 compatability
Dario Ernst f85b32914c Add newly missing plain SASL support in postfix
Dario Ernst d1f80cca99 Update Dockerfiles to most recent alpine 3.10
Dario Ernst 96fbaecc2f Correct executables moved by alpine
Thomas Sänger ef3c6c407a upgrade alpine base-image
Daniel Huber 7dcb2eb006
Add authentication for email relays
Florian Peschka b9fd29a52f
Add extra newline to main.cf
This should prevent jinja from stripping the newline, which causes overrides to be appended after the comment section

see 
Ionut Filip 4c25c83419 HOST_* and *_ADDRESS variables cleanup
Ionut Filip f9e3cd3c5d Use corret host_* variables
Abel Alfonso Fírvida Donéstevez 39444c794e Install bash in alpine based images.
This fix https://github.com/Mailu/Mailu/issues/918

Bash shell is used by default in Kubernetes' dashboard console, which is very
useful for admins.
Ionut Filip 004a431e97
Change to mailustart functions
Ionut Filip 9684ebf33f Use mailustart package from git
Tim Möhlmann 7a9685bcb9
Resolve admin during start to work around Docker DNS flaky-ness
Tim Möhlmann 049ca9941f
Cleanup syntax and fix typo
Tim Möhlmann 7d01bb2a4d
LOG_LEVEL docs and changelog entry
Tim Möhlmann b04a9d1c28
Implement debug logging for template rendering
Tim Möhlmann b9313488dd
Add logging for tenacity.retry
In the process we found that the previous way of tenacity syntax caused it not to honor any args.
In this commit we've refactored to use the @decorator syntax, in which tenacity seems to behave better.
Tim Möhlmann 8172f3eab8
Move the Mailu Docker network to a fixed subnet.
This will make network configuration and host based authentication
more robust, across different deployment platforms.
The options `RELAYNETS` and`POD_ADDRESS_RANGE` are kept for compatibility.
However, their usage have become optional.
mergify[bot] 37027cfce7
Merge pull request from kaiyou/fix-sender-checks
Improve sender checks
Tim Möhlmann 42e2dbe35d
Standarize image by using shared / similair layers
Ionut Filip 8a44a44688
Merge branch 'master' into feat-startup
Ionut Filip 1187cac5e1 Finished up switching from .sh to .py
Tim Möhlmann 2d382f2d67
Merge branch 'master' into fix-sender-checks
Ionut Filip eb7dfb5771 Cleaning up start.py
Thomas Sänger 603b6e7390
Merge pull request from usrpro/fix-nginx-healthcheck
Fix nginx healthcheck
Tim Möhlmann 81b24f61e8
Merge branch 'master' into feat-healthchecks
Tim Möhlmann a2fea36c79
Increase HEALTHCHECK start time for services that need to wait for host resolving during startup.
In Docker Swarm mode the services listed below can get stuck in their start script, while they
are waiting for other services become available. Now, with HEALTHCHECK enabled, docker does not resolve
names of services that not pass HEALTHCHECK yet. Meaning that if one of the depenend services is not yet
available, it will create a chain of failing services.

The services below retry to resolve 100 time, with an average of 3.5 seconds. Hence, the --start-time
flag is now set at 350 seconds.
- dovecot (imap)
- postfix (smtp)
- rspamd (antispam)
kaiyou 1fcaef7c7e
Merge branch 'master' into fix-sender-checks
mergify[bot] 118ea0f3fb
Merge pull request from ofthesun9/feature-swarm
Enabling swarm deployment on master branch
Thomas Sänger a412951a30
simpler healthcheck for postfix
Thomas Sänger 1fc40bf932
add healthcheck for postfix
kaiyou f647d1a0bc Merge branch 'master' into fix-sender-checks
kaiyou 5035975c41 Remove Postfix debugging
kaiyou 10ec2f999a Another (embarrassing) fix for a merge typo
kaiyou 2e1aa079c1 Fix one (hopefully) last merge typo
kaiyou 4b9dbf00a8 Fix yet another merge-time typo
kaiyou e8e133b53d Fix a merge typo in postfix build
kaiyou 00b5ae11db
Merge branch 'master' into feat-abstract-db
ofthesun9 13146be57e Merge branch 'master' into feature-swarm
kaiyou 8b189ed145 Separate senderaccess and senderlogin maps
ofthesun9 74796201ec Merge branch 'master' into feature-swarm
kaiyou fc99eb7b34 Re-enable sender access check to prevent source spoofing
kaiyou f3f0b98755 Fix relay restrictions so email gets delivered correctly
Tim Möhlmann 0817629869
Increase attempts as it failed on fresh Swarm host