1246 Commits (cbb2112c84f5f71e89906a4efc0255a3891b2c6b)

Auteur SHA1 Bericht Datum
Alexander Graf 05c79b0e3c copy (and not parse) mta sts override config 4 jaren geleden
Alexander Graf b02ceab72f handle DEFER_ON_TLS_ERROR as bool
use /conf/mta-sts-daemon.yml when override is missing
4 jaren geleden
Alexander Graf 1e8b41f731 Merge remote-tracking branch 'upstream/master' into adminlte3_fixes 4 jaren geleden
Alexander Graf b883e3c4a6 duh. 4 jaren geleden
Alexander Graf bb40ccc4b0 normalize HOSTNAMES
should be moved to python lib and normalized in start.py
4 jaren geleden
Alexander Graf 45a2be3766 Updated Polish translation.
Used pl/LC_MESSAGES/messages.po from PR#1751 created by martys71
4 jaren geleden
bors[bot] d464187477
Merge #1964
1964: Alpine3.14.2 r=mergify[bot] a=nextgens

Upgrade to alpine 3.14.2, retry upgrading unbound & switch back to libressl

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
4 jaren geleden
Alexander Graf a319ecde29 also precompress static txt files 4 jaren geleden
Alexander Graf b445d9ddd1 set expire headers only for mailu content
also moved robots.txt from config to static folder.
4 jaren geleden
Alexander Graf 698ee4e521 added tiff and webp to list of cached content 4 jaren geleden
Alexander Graf 0094268410 allow to change logo. default color for flash msg
- two new environment variables allow to change logo background color
  and graphic
- flash messages are now green (not cyan)
4 jaren geleden
Alexander Graf d8b4a016af use blue color from https://mailu.io/ 4 jaren geleden
bors[bot] 6fe265b548
Merge #1968
1968: optimize handle_authentication r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

catch utf-8 decoding errors and log a warning in handle_authentication instead of writing a traceback into the log.

### Related issue(s)

closes #1361

## Prerequistes

Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
4 jaren geleden
bors[bot] d8dc765f04
Merge #1967
1967: fix 1789: ensure that nginx resolves ipv4 addresses r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

This fixes ipv6 enabled setup by disabling it. If you were using SUBNET6 in your configuration, odds are it's broken since gunicorn isn't bound on an on an ipv6 enabled socket.

Should we backport this?

### Related issue(s)
- close #1789
- close #1802


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
4 jaren geleden
Alexander Graf 90c96bdddc optimize handle_authentication
- catch decoding of nginx headers (utf-8 exception)
- re-ordered function
4 jaren geleden
Florent Daigniere 7aa403573d no with here 4 jaren geleden
Florent Daigniere 0ee52ba65b Doh 4 jaren geleden
Florent Daigniere 0f0459e9b2 suggestions from @ghostwheel42 4 jaren geleden
Florent Daigniere 9888efe55d Document as suggested on #mailu-dev 4 jaren geleden
Alexander Graf 7bede55fce more verbose cleaning message 4 jaren geleden
Florent Daigniere a9a1b3e55e Reduce the EDNS0 size to 1232
@see
https://github.com/dns-violations/dnsflagday/issues/125
4 jaren geleden
Florent Daigniere 72ba5ca3f9 fix 1789: ensure that nginx resolves ipv4 addresses 4 jaren geleden
Alexander Graf 7fd605cc21 fixed brand link target for normal users 4 jaren geleden
Diman0 b148e41d9b Fix nginx config 4 jaren geleden
Florent Daigniere d8c22db547 Merge remote-tracking branch 'upstream/master' into policyd-mta-sts 4 jaren geleden
Alexander Graf 8cdd7e911d duh. removed debug 4 jaren geleden
Alexander Graf 2ba0d552e0 Merge remote-tracking branch 'upstream/master' into passlib 4 jaren geleden
Alexander Graf 34df8b3168 AdminLTE3 optimizations & compression and caching
- fixed copy of qemu-arm-static for alpine
- added 'set -eu' safeguard
- silenced npm update notification
- added color to webpack call
- changed Admin-LTE default blue
  (core/admin/Dockerfile)

- AdminLTE 3 style tweaks
  (core/admin/assets/app.css)
  (core/admin/mailu/ui/templates/base.html)
  (core/admin/mailu/ui/templates/sidebar.html)

- localized datatables
  (core/admin/Dockerfile)
  (core/admin/assets/app.js)
  (core/admin/package.json)

- moved external javascript code to vendor.js
  (core/admin/assets/app.js)
  (core/admin/assets/vendor.js)
  (core/admin/webpack.config.js)

- added mailu logo
  (core/admin/assets/app.js)
  (core/admin/assets/app.css)
  (core/admin/assets/mailu.png)

- moved all inline javascript to app.js
  (core/admin/assets/app.js)
  (core/admin/mailu/ui/templates/domain/create.html)
  (core/admin/mailu/ui/templates/user/create.html)

- added iframe display of rspamd page
  (core/admin/assets/app.js)
  (core/admin/mailu/ui/views/base.py)
  (core/admin/mailu/ui/templates/sidebar.html)
  (core/admin/mailu/ui/templates/antispam.html)

- updated language-selector to display full language names and use post
  (core/admin/assets/app.js)
  (core/admin/mailu/__init__.py)
  (core/admin/mailu/utils.py)
  (core/admin/mailu/ui/views/languages.py)

- added fieldset to group and en/disable input fields
  (core/admin/assets/app.js)
  (core/admin/mailu/ui/templates/macros.html)
  (core/admin/mailu/ui/templates/user/settings.html)
  (core/admin/mailu/ui/templates/user/reply.html)

- added clipboard copy buttons
  (core/admin/assets/app.js)
  (core/admin/assets/vendor.js)
  (core/admin/mailu/ui/templates/macros.html)
  (core/admin/mailu/ui/templates/domain/details.html)

- cleaned external javascript imports
  (core/admin/assets/vendor.js)

- pre-split first hostname for further use
  (core/admin/mailu/__init__.py)
  (core/admin/mailu/models.py)
  (core/admin/mailu/ui/templates/client.html)
  (core/admin/mailu/ui/templates/domain/signup.html)

- cache dns_* properties of domain object (immutable during runtime)
  (core/admin/mailu/models.py)
  (core/admin/mailu/ui/templates/domain/details.html)

- fixed and splitted dns_dkim property of domain object (space missing)
- added autoconfig and tlsa properties to domain object
  (core/admin/mailu/models.py)

- suppressed extra vertical spacing in jinja2 templates
- improved accessibility for screen reader
  (core/admin/mailu/ui/templates/**.html)

- deleted unused/broken /user/forward route
  (core/admin/mailu/ui/templates/user/forward.html)
  (core/admin/mailu/ui/views/users.py)

- updated gunicorn to 20.1.0 to get rid of buffering error at startup
  (core/admin/requirements-prod.txt)

- switched webpack to production mode
  (core/admin/webpack.config.js)

- added css and javascript minimization
- added pre-compression of assets (gzip)
  (core/admin/webpack.config.js)
  (core/admin/package.json)

- removed obsolte dependencies
- switched from node-sass to dart-sass
  (core/admin/package.json)

- changed startup cleaning message from error to info
  (core/admin/mailu/utils.py)

- move client config to "my account" section when logged in
  (core/admin/mailu/ui/templates/sidebar.html)
4 jaren geleden
Alexander Graf f4e7ce0990 enabled caching, gzip and robots.txt 4 jaren geleden
Alexander Graf 103918ba57 pre-compress assets (*.ico for now) 4 jaren geleden
Alexander Graf 39d7a5c504 pngcrushed images 4 jaren geleden
Diman0 960033525d configure sso in nginx 4 jaren geleden
Diman0 8868aec0dc Merge master. Make sso login working for admin. 4 jaren geleden
Diman0 1cfc9ee1c4 Merge branch 'master' of github.com:Diman0/Mailu into fix-sso-1929 4 jaren geleden
Diman0 9fac3d7ad3 Initial implementation for standalone sso page 4 jaren geleden
bors[bot] 71cc8b0a81
Merge #1800
1800: AdminLTE 3 r=mergify[bot] a=DjVinnii

## What type of PR?

Enhancement

## What does this PR do?

This PR implements AdminLTE 3 for the admin interface. It also includes the implementation of DataTables and a language selector.

### Related issue(s)
- closes: #1567
- closes: #1764 

## Prerequistes

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Vincent Kling <vincentkling@msn.com>
Co-authored-by: DjVinnii <vincentkling@msn.com>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
Co-authored-by: Diman0 <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
4 jaren geleden
Tim Foerster 9ec9d4d4fb
postfix/tls_policy: Use lmdb map instead of hash
The alpine postfix package seems to have removed support for btree and hash map type. #1918 
The tls_policy.map stuff has been introduced in #1902 and it has been merged without fixing this before (https://github.com/Mailu/Mailu/pull/1902/#issuecomment-902108080)
4 jaren geleden
Florent Daigniere d7c2b510c7 Give alpine 3.14.2 a shot 4 jaren geleden
Florent Daigniere fe186afb6f Revert "Switch to openssl to workaround alpine #12763"
This reverts commit f8362d04e4.
4 jaren geleden
Florent Daigniere 4abf49edf4 indent 4 jaren geleden
Florent Daigniere c1d94bb725 Ensure that postfix will be able to use the TLSA records
see https://www.huque.com/dane/testsite/ for the testcases
4 jaren geleden
Florent Daigniere ef5f82362c Merge remote-tracking branch 'upstream/master' into policyd-mta-sts 4 jaren geleden
Florent Daigniere 489520f067 forgot about alpine/lmdb 4 jaren geleden
Florent Daigniere 9f66e2672b Use DEFER_ON_TLS_ERROR here too
We just don't know whether the lookup failed because we are under attack
or whether it's a glitch; the safe behaviour is to defer
4 jaren geleden
Florent Daigniere a1da4daa4c Implement the DANE-only lookup policyd
https://github.com/Snawoot/postfix-mta-sts-resolver/issues/67 for
context
4 jaren geleden
Dimitri Huisman 5f18860669 Remove workaround. Remove deprecated url-loader. 4 jaren geleden
Dimitri Huisman 60be06e298 Temporary workaround to get FontAwesome icons working. 4 jaren geleden
Dimitri Huisman 5da7a06675 Resolve webpack.config.js error 4 jaren geleden
Florent Daigniere 67db72d774 Behave like documented 4 jaren geleden
Florent Daigniere 05b57c972e remove the static policy as it will override MTA-STS and DANE 4 jaren geleden
Florent Daigniere a8142dabbe Introduce DEFER_ON_TLS_ERROR
This will default to True and defer emails that fail even "loose"
validation of DANE or MTA-STS

It should work most of the time but if it doesn't and you would rather
see your emails delivered, you can turn it off.
4 jaren geleden
Florent Daigniere 52d3a33875 Remove the domains that have a valid MTA-STS policy
gmail.com
comcast.net
mail.ru
googlemail.com
wp.pl
4 jaren geleden
Florent Daigniere 4f96e99144 MTA-STS (use rather than publish policies) 4 jaren geleden
Dimitri Huisman 00276d8b70
Merge branch 'master' into AdminLTE-3 4 jaren geleden
Florent Daigniere 394c2fe22c Document REAL_IP_HEADER and REAL_IP_FROM
Fix a security vulnerability whereby we were not clearing other headers
4 jaren geleden
Florent Daigniere 6bba0cecfc Strip the Forwarded header since nothing is compatible with it yet 4 jaren geleden
bors[bot] 6e32092abd
Merge #1873
1873: Completed Hebrew translation r=mergify[bot] a=yarons

The Hebrew translation is incomplete so I've completed it.

Co-authored-by: Yaron Shahrabani <sh.yaron@gmail.com>
4 jaren geleden
Dimitri Huisman 169a540692 Use punycode for HTTP header for radicale and create changelog 4 jaren geleden
Dimitri Huisman 4f5cb0974e Make sure HTTP header only contains ASCII 4 jaren geleden
bors[bot] ecaaf25dcb
Merge #1939
1939: Ensure that we don't do multiple DNS lookups in the sieve script r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

It ensures that DNS lookups don't introduce inconsistent state. We may want to go further and actually check the return codes of rspamc too.

I haven't tested it but it should work.

### Related issue(s)
- #1938



Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
4 jaren geleden
Florent Daigniere 368b40b4fd doh 4 jaren geleden
Florent Daigniere 3e676e232a fix #1270 4 jaren geleden
Florent Daigniere ae8db08bdf Ensure that we don't do multiple DNS lookups in the sieve script 4 jaren geleden
Florent Daigniere 65a27b1c7f add additional options to make DANE easier 4 jaren geleden
Florent Daigniere fb8d52ceb2 Merge branch 'master' of https://github.com/Mailu/Mailu into tls_policy_map 4 jaren geleden
Florent Daigniere b4102ba464 doh 4 jaren geleden
Florent Daigniere 9ec7590171 Merge branch 'master' of https://github.com/Mailu/Mailu into wildcard_senders 4 jaren geleden
Florent Daigniere 7252a73e11 WILDCARD_SENDERS can have spaces 4 jaren geleden
bors[bot] b57df78dac
Merge #1916
1916: Ratelimit outgoing emails per user r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

A conflict-free version of #1360 implementing per-user sender limits

### Related issue(s)
- close #1360 
- close #1031
- close #1774 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
4 jaren geleden
Dimitri Huisman e5972bd9ec Set default message rate limit to 200/day 4 jaren geleden
Jack Murray dd127f8f06 Change letsencrypt timer from 1h --> 1 day
There's no need to be calling certbot so frequently
4 jaren geleden
Florent Daigniere 6704cb869a Switch to 3072bits dhparam (instead of 4096bits)
We aim for 128bits of security here
4 jaren geleden
Jack Murray e304c352a1 Change letsencrypt timer from 1h --> 1 day
There's no need to be calling certbot so frequently
4 jaren geleden
Florent Daigniere facc4b6427 Allow specific users to send email from any address 4 jaren geleden
Florent Daigniere ee54a615c1 Alpine has removed support for btree and hash 4 jaren geleden
David Fairbrother 24747e33de Add ability to set no WEBROOT_REDIRECT to Nginx
Adds a 'none' env option to WEBROOT_REDIRECT so that no `location /`
configuration is written to nginx.conf.

This is useful for setting up Mailu and Mailman where we override the
root to proxy to the mailing list server instead. Without this change
the nginx container will not start, or for 1.7 users can set their
WEBMAIL_PATH to / with no webmail to get the same results.

This fix means that future users don't have to choose between webmail
and a root override and makes the configuration intention clear.
4 jaren geleden
Florent Daigniere 0b16291153 doh 4 jaren geleden
Florent Daigniere 1db08018da Ensure that we get certificate validation on top90
I have found a list of the top100 email destinations online and ran them
through a script to ensure that all of their MX servers had valid
configuration... this is the result
4 jaren geleden
Florent Daigniere b066a5e2ac add a default tls_policy_map 4 jaren geleden
Florent Daigniere 1df79f8132 give PFS a chance 4 jaren geleden
Florent Daigniere 925105075c this is required in fact 4 jaren geleden
Diman0 5afbf37292 Resolve build issues 4 jaren geleden
Dimitri Huisman df64601b28
Merge branch 'master' into AdminLTE-3 4 jaren geleden
Florent Daigniere 772e5efb7d Disable pipelining to prevent bypass 4 jaren geleden
Florent Daigniere c76a76c0b0 make it optional, add a knob 4 jaren geleden
Florent Daigniere 109a8aa000 Ensure that we always have CERT+INTERMEDIARY CA
Let's encrypt may change things up in the future...
4 jaren geleden
Florent Daigniere dccd8afd51 Thanks @Diman0!
ENEEDSLEEP
4 jaren geleden
Florent Daigniere 974bcba5ab Restore LOGIN as tests assume it's there 4 jaren geleden
Florent Daigniere 2b05e72ce4 Revert "maybe fix the tests"
This reverts commit f971b47fb9.
4 jaren geleden
Florent Daigniere f971b47fb9 maybe fix the tests 4 jaren geleden
Florent Daigniere 4a871c0905 this causes trouble with the test 4 jaren geleden
Florent Daigniere 12c842c4b9 In fact in fullchain we want all but the last 4 jaren geleden
Florent Daigniere 24f9bf1064 format certs for nginx 4 jaren geleden
Florent Daigniere 98b903fe13 don't send the rootcert 4 jaren geleden
Florent Daigniere 92ec446c20 doh 4 jaren geleden
Florent Daigniere f05cc99dc0 Add ECC certs for modern clients 4 jaren geleden
Florent Daigniere cb68cb312b Reduce the size of the RSA key to 3072bits
This is already generous for certificates that have a 3month validity!

We rekey every single time.
4 jaren geleden
Florent Daigniere 5e7d5adf17 AUTH shouldn't happen on port 25 4 jaren geleden
Florent Daigniere 55cdb1a534 be explicit about what we support 4 jaren geleden
Florent Daigniere ecadf46ac6 fix PFS 4 jaren geleden
Florent Daigniere 7285c6bfd9 admin won't understand LOGIN 4 jaren geleden
Florent Daigniere de3620da4a Don't send credentials in clear ever 4 jaren geleden
Florent Daigniere 4535c42e70 This isn't required 4 jaren geleden
Florent Daigniere 1101e401e8 Apply the restriction on the right port 4 jaren geleden
Florent Daigniere 6d244222da better error message 4 jaren geleden
Florent Daigniere d6ce5d0c06 Remove a warning: limits don't apply to trusted hosts 4 jaren geleden
Florent Daigniere bcdc137677 Alpine has removed support for btree and hash 4 jaren geleden
Florent Daigniere 1438253a06 Ratelimit outgoing emails per user 4 jaren geleden
bors[bot] 48f3b1fd49
Merge #1656
1656: Add ability to set no WEBROOT_REDIRECT to Nginx r=mergify[bot] a=DavidFair

## What type of PR?

Enhancement / Documentation

## What does this PR do?

From commit:

---

Adds a 'none' env option to WEBROOT_REDIRECT so that no `location /`
configuration is written to nginx.conf.

This is useful for setting up Mailu and Mailman where we override the
root to proxy to the mailing list server instead. Without this change
the nginx container will not start, or for 1.7 users can set their
WEBMAIL_PATH to / with no webmail to get the same results.

This fix means that future users don't have to choose between webmail
and a root override and makes the configuration intention clear.

---

I've also added bullet points to break up a long flowing sentence in `configuration.rst` - it should be a bit easier to read now

### Related issue(s)
No Related Issue - I just jumped to a PR

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly

@ Maintainers - Is this worthy of the changelog, it's useful to know about but I imagine the number of people it affects is equally minimal?
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: David Fairbrother <DavidFair@users.noreply.github.com>
4 jaren geleden
Diman0 588904078e Set default of AUTH_RATELIMIT_SUBNET to False. Increase default AUTH_RATELIMIT value. 4 jaren geleden
Florent Daigniere defea3258d update arm builds too 4 jaren geleden
Florent Daigniere d44608ed04 Merge remote-tracking branch 'upstream/master' into upgrade-alpine 4 jaren geleden
Florent Daigniere f8362d04e4 Switch to openssl to workaround alpine #12763 4 jaren geleden
bors[bot] 6ea4e3217a
Merge #1901
1901: treat localpart case insensitive again r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

fixes error introduced by #1604 where the localpart of an email address was handled case sensitive.
this screwed things up at various other places.
 
### Related issue(s)

closes #1895
closes #1900

Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
4 jaren geleden
Alexander Graf 6856c2c80f treat localpart case insensitive again
by lowercasing it where necessary
4 jaren geleden
bors[bot] 656cf22126
Merge #1856
1856: update asset builder dependencies r=mergify[bot] a=ghostwheel42

## What type of PR?

update asset builder dependencies

## What does this PR do?

only include needed dependencies to build mailu assets with nodejs v8

### Related issue(s)

update dependencies as discussed in #1829


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
4 jaren geleden
bors[bot] 9289fa6420
Merge #1896
1896: save dkim key after creation r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

saves generated dkim key after creation vi web ui.
after the model change the domain object needs to be added and flushed via sqlalchemy.

### Related issue(s)

closes #1892


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
4 jaren geleden
bors[bot] 9a4c6385e5
Merge #1888
1888: Use threads in gunicorn rather than workers/processes r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

This ensures that we share the auth-cache... will enable memory savings
and may improve performances when a higher number of cores is available

"smarter default"

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
4 jaren geleden
Alexander Graf 54b46a13c6 save dkim key after creation 4 jaren geleden
bors[bot] bf65a1248f
Merge #1885
1885: fix 1884: always lookup a FQDN r=mergify[bot] a=nextgens

## What type of PR?

bugfix

## What does this PR do?

Fix bug #1884. Ensure that we avoid the musl resolver bug by always looking up a FQDN

### Related issue(s)
- closes #1884

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
4 jaren geleden
Alexander Graf c2c3030a2f rephrased comments 4 jaren geleden
bors[bot] bace7ba6e3
Merge #1890
1890: fix Email class in model.py r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

fixes class Email - keep email, localpart and domain in sync.

### Related issue(s)

closes #1878


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
4 jaren geleden
Alexander Graf ad1b036f20 fix Email class 4 jaren geleden
Florent Daigniere 8d9f3214cc Use threads in gunicorn rather than processes
This ensures that we share the auth-cache... will enable memory savings
and may improve performances when a higher number of cores is available

"smarter default"
4 jaren geleden
Florent Daigniere fa915d7862 Fix 1294 ensure podop's socket is owned by postfix 4 jaren geleden
Florent Daigniere 9d2629a04e fix 1884: always lookup a FQDN 4 jaren geleden
Yaron Shahrabani e0bf75ae17
Completed Hebrew translation 4 jaren geleden
Florent Daigniere 1d65529c94 The lookup could fail; ensure we set something 4 jaren geleden
Florent Daigniere 8bc1d6c08b Replace PUBLIC_HOSTNAME/IP in Received headers
This will ensure that we don't get spam points for not respecting the
RFC
4 jaren geleden
bors[bot] c5ff72d657
Merge #1857
1857: disable startdate when autoreply is disabled r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

disable the reply startdate field when autoreply is disabled


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
4 jaren geleden
Florent Daigniere a0dcd46483 fix #1861: Handle colons in passwords 4 jaren geleden
Alexander Graf 180026bd77 also disable startdate 4 jaren geleden
Alexander Graf 56cfcf8b64 converted tabs to spaces 4 jaren geleden
Alexander Graf 6377ccb2cb re-add jquery and select2 used in app.js 4 jaren geleden
Alexander Graf 3c8a8aa8f0 use less v3 to make less-loader happy 4 jaren geleden
Alexander Graf 1bb059f4c1 switched to newest possible versions for nodejs v8 4 jaren geleden
Alexander Graf 858312a5cb remove explicit jQuery dependency 4 jaren geleden
Alexander Graf 3f91dcb7af compile scheme list using a generator 4 jaren geleden
Alexander Graf 3bb0d68ead add cargo to build cryptography 4 jaren geleden
Alexander Graf 9790dcdabe updated dependencies 4 jaren geleden
Florent Daigniere 72735ab320 remove cyrus-sasl-plain 4 jaren geleden
Florent Daigniere 420afa53f8 Upgrade to alpine 3.14 4 jaren geleden
bors[bot] 4a5f6b1f92
Merge #1791
1791: Enhanced session handling r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

- replaces flask_kvsession and simplekv with a mailu-specific session store
- call cleanup_sessions before first request and not on startup.
  this allows to run cmdline actions without redis (and makes it faster)
- allow running without redis for debugging purposes by setting MEMORY_SESSIONS to True
- don't sign session id, as it has plenty of entropy (as suggested by nextgens)
- adds method to prune a user's sessions

### Related issue(s)
- enhances and close #1787


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
4 jaren geleden
Alexander Graf 8b71a92219 use fixed msg for key derivation 4 jaren geleden
Alexander Graf 92896ae646 fix bugs in model and schema introduced by #1604 4 jaren geleden
Alexander Graf 6740c77e43 small bugfix for exception 4 jaren geleden
Alexander Graf fab3168c23 Merge remote-tracking branch 'upstream/master' into kvsession 4 jaren geleden
Alexander Graf fbd945390d cleaned imports and fixed datetime and passlib use 4 jaren geleden
Dimitri Huisman 6dc1a19390
Merge branch 'master' into import-export 4 jaren geleden
bors[bot] fc1a663da2
Merge #1754
1754: centralize Webmail authentication behind the admin panel (SSO) r=mergify[bot] a=nextgens

## What type of PR?

Enhancement: it centralizes the authentication of webmails to the admin interface.

## What does this PR do?

It implements the glue required for webmails to do SSO using the admin interface.
One of the main advantages of centralizing things this way is that it reduces significantly the attack surface available to an unauthenticated attacker (no webmail access until there is a valid Flask session).

Others include the ability to implement 2FA down the line and rate-limit things as required.

### Related issue(s)
- #783

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
4 jaren geleden
bors[bot] 4ff90683ca
Merge #1758 #1776
1758: Implement a simpler credential cache (alternative to #1755) r=mergify[bot] a=nextgens

## What type of PR?

Feature: it implements a credential cache to speedup authentication requests.

## What does this PR do?

Credentials are stored in cold-storage using a slow, salted/iterated hash function to prevent offline bruteforce attacks. This creates a performance bottleneck for no valid reason (see the
rationale/long version on https://github.com/Mailu/Mailu/issues/1194#issuecomment-762115549).

The new credential cache makes things fast again.

This is the simpler version of #1755 (with no new dependencies)

### Related issue(s)
- close #1411
- close #1194 
- close #1755

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1776: optimize generation of transport nexthop r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix and enhancement.

## What does this PR do?

Possibly there should be more input validation when editing a relay, but for now this tries to make the best out of the existing "smtp" attribute while maintaining backwards compatibility. When relay is empty, the transport's nexthop is the MX of the relayed domain to fix #1588 

```
RELAY			NEXTHOP						TRANSPORT
empty			use MX of relay domain				smtp:domain
:port			use MX of relay domain and use port	smtp:domain:port
target			resolve A/AAAA of target			smtp:[target]
target:port		resolve A/AAAA of target and use port	smtp:[target]:port
mx:target		resolve MX of target				smtp:target
mx:target:port	resolve MX of target and use port	smtp:target:port
lmtp:target		resolve A/AAAA of target			lmtp:target
lmtp:target:port	resolve A/AAAA of target and use port	lmtp:target:port

target can also be an IPv4 or IPv6 address (an IPv6 address must be enclosed in []: [2001:DB8::]).
```

When there is proper input validation and existing database entries are migrated this function can be made much shorter again.

### Related issue(s)
- closes #1588 
- closes #1815 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
4 jaren geleden
bors[bot] d9da8e4bb2
Merge #1746
1746: DNS records for client autoconfiguration (RFC6186) r=Diman0 a=nextgens

## What type of PR?

Feature

## What does this PR do?

Add instructions on how to configure rfc6186 DNS records for client autoconfiguration

### Related issue(s)
- #224
- #498

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
4 jaren geleden
bors[bot] 5d1264e381
Merge #1694
1694: update compression algorithms for current dovecot r=nextgens a=lub

## What type of PR?

enhancement

## What does this PR do?

This adds additional compression algorithms in accordance with
https://doc.dovecot.org/configuration_manual/zlib_plugin/

### Related issue(s)

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
4 jaren geleden
bors[bot] a1345114bc
Merge #1649 #1673
1649: Update docs/reverse.rst with Traefik v2+ info r=mergify[bot] a=patryk-tech

## What type of PR?

Documentation

## What does this PR do?

Adds information about using Traefik v2+ as a reverse proxy.

### Related issue(s)
Closes #1503 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


1673: Remove rspamd unused env var from start script r=mergify[bot] a=cbachert

## What type of PR?
Cleanup

## What does this PR do?
Remove unused environment variable FRONT_ADDRESS in rspamd. FRONT_ADDRESS references were removed with commit 8172f3e in PR #727 like mentioned in chat https://matrix.to/#/!MINuyJjJSrfowljYCK:tedomum.net/$160401946364NGNmI:imninja.net?via=huisman.xyz&via=matrix.org&via=imninja.net
```
Mailu$ grep -r "FRONT_ADDRESS" core/rspamd/
core/rspamd/start.py:os.environ["FRONT_ADDRESS"] = system.get_host_address_from_environment("FRONT", "front")
```

### Related issue(s)
N/A

## Prerequistes
- [x] Documentation updated accordingly: No documentation to update
- [x] Add to changelog: Minor change

Co-authored-by: Patryk Tech <git@patryk.tech>
Co-authored-by: cbachert <cbachert@users.noreply.github.com>
4 jaren geleden
Alexander Graf 3f23e199f6 modified generation of session key and added refresh
- the session key is now generated using
  - a hash of the uid seeded by the apps secret_key (size: SESSION_KEY_BITS)
  - a random token (size: 128 bits)
  - the session's creation time (size: 32 bits)

- redis server side sessions are now refreshed after 1/2 the session lifetime
  even if not modified
- the cookie is also updated if necessary
4 jaren geleden
Alexander Graf 9ef8aaf698 removed double confiog and fixed shaker 4 jaren geleden
Alexander Graf a1fd44fced added lmtp: prefix and documentation 4 jaren geleden
lub 40ad3ca032 only load zlib when compression is used 4 jaren geleden
lub 2316ef1162 update compression algorithms for dovecot 3.3.14
xz is deprecated; lz4 and zstd were not present in our configs before
4 jaren geleden
Florent Daigniere 875308d405 Revert "In fact it could be global"
This reverts commit f52984e4c3.
4 jaren geleden
Florent Daigniere f52984e4c3 In fact it could be global 4 jaren geleden
Florent Daigniere ae9206e968 Implement a simple credential cache 4 jaren geleden
DjVinnii 419fed5e6e Add language selector 4 jaren geleden
Alexander Graf 731ce8ede9 fix permanent sessions. hash uid using SECRET_KEY
clean session in redis only once when starting
4 jaren geleden
Alexander Graf 4b8bbf760b default to 128 bits 4 jaren geleden
Alexander Graf 4b71bd56c4 replace flask_kvsession with mailu's own storage 4 jaren geleden
DjVinnii 7dafa22762 Add /language/<language> route for changing the locale using a session variable 4 jaren geleden
DjVinnii f30cca1263 Do imports based on AdminLTE plugins 4 jaren geleden
DjVinnii a4bb42faeb Remove extra space between 'AdminLTE' and 'on' in footer 4 jaren geleden
DjVinnii b2498e8c8f Refactor box macro to card 4 jaren geleden
DjVinnii 5ddea07c9a Fix form input append class 4 jaren geleden
DjVinnii 1db0a870f3 Fix log in icon in sidebar 4 jaren geleden
DjVinnii 51346c4860 Fix pre- and append styling 4 jaren geleden
DjVinnii e963e7495d Create datatable based on dataTable class instead of table class 4 jaren geleden
DjVinnii 0984173504 Change label to badge 4 jaren geleden
DjVinnii 8246497d16 Add card header to tables 4 jaren geleden
DjVinnii 49d68fa6d1 Fix horizontal scrollbar in sidebar 4 jaren geleden
DjVinnii 7d3c9d412d Change tables to datatables 4 jaren geleden
DjVinnii cdfa94c243 Make main action float right 4 jaren geleden
DjVinnii 0c5fda3fca Change macros.box to macros.card 4 jaren geleden
DjVinnii deca6e0c4a update user/settings 4 jaren geleden
DjVinnii 6b3170cb4c Update side menu 4 jaren geleden
DjVinnii c97728289b Update node version for building the image (AdminLTE requires node 10 or higher) 4 jaren geleden
DjVinnii e46d9e1fc9 Update admin-lte version in package.json 4 jaren geleden
Vincent Kling c6d0ef229f
Update messages.po 4 jaren geleden
Alexander Graf f0f79b23a3 Allow cleanup of sessions by key&value in data
This can be used to delete all sessions belonging to a user/login.
For no it just iterates over all sessions.
This could be enhanced by using a prefix for and deleting by prefix.
4 jaren geleden
Alexander Graf 83b1fbb9d6 Lazy loading of KVSessionExtension
- call cleanup_sessions on first kvstore access
  this allows to run cmdline actions without redis (and makes it faster)
- Allow development using DictStore by setting REDIS_ADDRESS to the empty string in env
- don't sign 64bit random session id as suggested by nextgens
4 jaren geleden
Alexander Graf 8bc4445572 Sync update of localpart, domain_name and email 4 jaren geleden
Alexander Graf 0c38128c4e Add pygments to requirements 4 jaren geleden
Alexander Graf 9cb6962335 Moved MyYamlLexer into logger
now cmdline runs without pygments
4 jaren geleden
Alexander Graf ce9a9ec572 always init Logger first 4 jaren geleden
Alexander Graf c17bfae240 correct rfc3339 datetime serialization
now using correct timezone
4 jaren geleden
Alexander Graf dc5464f254 Merge remote-tracking branch 'upstream/master' into import-export 4 jaren geleden
Alexander Graf e90d5548a6 use RFC3339 for last_check
fixed to UTC for now
4 jaren geleden
Florent Daigniere dd3d03f06d Merge remote-tracking branch 'upstream/master' into webmail-sso 4 jaren geleden
bors[bot] 9c57f2ac39
Merge #1785
1785: Fix bug #1660 (don't replace nested headers) r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Don't replace nested headers (typically in forwarded/attached emails). This will ensure we don't break cryptographic signatures.

### Related issue(s)
- close #1660

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
4 jaren geleden
bors[bot] 25e8910b89
Merge #1783
1783: Switch to server-side sessions r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

It simplifies session management.
- it ensures that sessions will eventually expire (*)
- it implements some mitigation against session-fixation attacks
- it switches from client-side to server-side sessions (in Redis)

It doesn't prevent us from (re)-implementing a "remember_me" type of feature if that's considered useful by some.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
4 jaren geleden
bors[bot] 327884e07c
Merge #1610
1610: add option to enforce inbound starttls r=mergify[bot] a=lub

## What type of PR?

Feature

## What does this PR do?
It implements a check in the auth_http handler to check for Auth-SSL == on and otherwise returns a 530 starttls error.
If INBOUND_TLS_ENFORCE is not set the behaviour is still the same as before, so existing installations should be unaffected.

Although there is a small difference to e.g. smtpd_tls_security_level of Postfix.

Postfix already throws a 530 after mail from, but this solution only throws it after rcpt to. auth_http is only the request after rcpt to, so it's not possible to do it earlier.

### Related issue(s)
#1328 is kinda related, although this PR doesn't solve the issue that the headers will still display ESMTP instead of ESMTPS

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
4 jaren geleden
bors[bot] 7469bb7087
Merge #1638
1638: Remove the username from the milter_headers r=mergify[bot] a=githtz

Rspamd adds the name of the authenticated user by default. Setting add_smtp_user to false prevents the login to be leaked.

## What type of PR?
Enhancement

## What does this PR do?
This PR prevents the user login to be leaked in sent emails (for example using an alias)

### Related issue(s)
Closes https://github.com/Mailu/Mailu/issues/1465

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: anrc <15327800+githtz@users.noreply.github.com>
4 jaren geleden
lub f3f0a4d86d
Merge branch 'master' into enforce-tls-admin 4 jaren geleden
Florent Daigniere 513d2a4c5e Fix bug #1660: nested headers shouldn't be touched 4 jaren geleden
Florent Daigniere 64d757582d Disable anti-csrf on the login form
The rationale is that the attacker doesn't have the password...
and that doing it this way we avoid creating useless sessions
4 jaren geleden
Florent Daigniere 481cb67392 cleanup old sessions on startup 4 jaren geleden
Florent Daigniere b9becd8649 make sessions expire 4 jaren geleden
Florent Daigniere a1d32568d6 Regenerate session-ids to prevent session fixation 4 jaren geleden
Florent Daigniere d459c37432 make session IDs 128bits 4 jaren geleden
Florent Daigniere 22af5b8432 Switch to server-side sessions in redis 4 jaren geleden
Alexander Graf dd2e218375 Merge remote-tracking branch 'upstream/master' into import-export 4 jaren geleden
Florent Daigniere 96ae54d04d CryptContext should be a singleton 4 jaren geleden
Florent Daigniere 5f05fee8b3 Don't need regexps anymore 4 jaren geleden
Florent Daigniere 1c5b58cba4 Remove scheme_dict 4 jaren geleden
Florent Daigniere df230cb482 Refactor auth under nginx.check_credentials() 4 jaren geleden
Florent Daigniere f9ed517b39 Be specific token length 4 jaren geleden
Florent Daigniere d0b34f8e24 Move CREDENTIAL_ROUNDS to advanced settings 4 jaren geleden
Florent Daigniere fda758e2b4 remove merge artifact 4 jaren geleden
Florent Daigniere 57a6abaf50 Remove {scheme} from the DB if mailu has set it 4 jaren geleden
Florent Daigniere 7137ba6ff1 Misc improvements to PASSWORD_SCHEME
- remove PASSWORD_SCHEME altogether
- introduce CREDENTIAL_ROUNDS
- migrate all old hashes to the current format
- auto-detect/enable all hash types that passlib supports
- upgrade passlib to 1.7.4 (see #1706: ldap_salted_sha512 support)
4 jaren geleden
Florent Daigniere 00b001f76b Improve the token storage format
shortcomings of the previous format included:
- 1000x slower than it should be (no point in adding rounds since there
 is enough entropy: they are not bruteforceable)
- vulnerable to DoS as explained in
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha256_crypt.html#security-issues
4 jaren geleden
Florent Daigniere eb7895bd1c Don't do more work than necessary (/webdav)
This is also fixing tokens on /webdav/
4 jaren geleden
Florent Daigniere 58b2cdc428 Don't do more work than necessary 4 jaren geleden
bors[bot] 464e46b02b
Merge #1765
1765: Set sensible cookie flags on the admin app r=mergify[bot] a=nextgens

## What type of PR?

Bugfix

## What does this PR do?

It sets the right flags on the session cookie issued by the admin app.
This should probably be backported as the lack of secure flag on TLS-enabled setup is a high risk vulnerability.

SameSite is hardening / helps against CSRF on modern browsers
HTTPOnly is hardening / helps reduce the impact of XSS

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
4 jaren geleden
bors[bot] 47d6c697d0
Merge #1763
1763: show flash messages again r=mergify[bot] a=lub

## What type of PR?

bug-fix

## What does this PR do?
This basically restores the behaviour, that got removed in
ecdf0c25b3 during refactoring.

### Related issue(s)
- noticed it while reviewing #1756

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [-] In case of feature or enhancement: documentation updated accordingly
- [-] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
4 jaren geleden
bors[bot] ce0c93a681
Merge #1618
1618: add OCSP stapling to nginx.conf r=mergify[bot] a=lub

It's not added in tls.conf, because apparently the mail ssl module
doesnt' support OCSP stapling.

https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
^ exists

https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_stapling
^ missing

When the configured certificate doesn't have OCSP information, it'll
just log a warning during startup.

## What type of PR?

enhancement

## What does this PR do?

It enables OCSP stapling for the http server. OCSP stapling reduces roundtrips for the client and reduces load on OCSP responders.

### Related issue(s)
- fixes  #1616

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
4 jaren geleden
bors[bot] cca4b50915
Merge #1607
1607: _FILE variables for Docker swarm secrets r=mergify[bot] a=lub

## What type of PR?

enhancement

## What does this PR do?

This PR enables usage of DB_PW_FILE and SECRET_KEY_FILE instead of DB_PW and SECRET_KEY to load these values from files instead of supplying them directly. That way it's possible to use Docker secrets.

### Related issue(s)


## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
4 jaren geleden
Florent Daigniere 0dcc059cd6 Add a new knob as discussed on matrix with lub 4 jaren geleden
Jaume Barber 5bb67dfcbb Translated using Weblate (Basque)
Currently translated at 100.0% (151 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/eu/
4 jaren geleden
Jaume Barber a49b9d7974 Translated using Weblate (Catalan)
Currently translated at 99.3% (150 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ca/
4 jaren geleden
Jaume Barber cd9992f79c Translated using Weblate (Swedish)
Currently translated at 74.2% (121 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/sv/
4 jaren geleden
Jaume Barber afae5d1c24 Translated using Weblate (Russian)
Currently translated at 88.3% (144 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ru/
4 jaren geleden
Jaume Barber 7a01a63389 Translated using Weblate (Portuguese)
Currently translated at 88.3% (144 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/pt/
4 jaren geleden
Jaume Barber 480ec29d3d Translated using Weblate (Italian)
Currently translated at 91.4% (149 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/it/
4 jaren geleden
Jaume Barber 5e96a4bfcf Translated using Weblate (Spanish)
Currently translated at 91.4% (149 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/es/
4 jaren geleden
Jaume Barber 6143d66eb8 Translated using Weblate (English)
Currently translated at 39.2% (64 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
4 jaren geleden
Anonymous 6da5978870 Translated using Weblate (German)
Currently translated at 88.3% (144 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/de/
4 jaren geleden
Anonymous 58c22fd2c6 Translated using Weblate (English)
Currently translated at 38.6% (63 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
4 jaren geleden
Jaume Barber 0dc8817f32 Translated using Weblate (English)
Currently translated at 38.6% (63 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
4 jaren geleden
Anonymous 3d17000ceb Translated using Weblate (English)
Currently translated at 29.4% (48 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
4 jaren geleden
Jaume Barber a2933d00f3 Translated using Weblate (English)
Currently translated at 29.4% (48 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
4 jaren geleden
Jaume Barber 7c0158c5f8 Translated using Weblate (English)
Currently translated at 17.7% (29 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
4 jaren geleden
Anonymous 7de94275a0 Translated using Weblate (English)
Currently translated at 17.7% (29 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
4 jaren geleden
Jaume Barber 43133d8515 Added translation using Weblate (Basque) 4 jaren geleden
Jaume Barber 5e0aa65c8d Translated using Weblate (Italian)
Currently translated at 96.3% (157 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/it/
4 jaren geleden
Jaume Barber 725cdc270c Translated using Weblate (Spanish)
Currently translated at 100.0% (163 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/es/
4 jaren geleden
Weblate a571704a9d Merge branch 'origin/master' into Weblate. 4 jaren geleden
Jaume Barber b9c2dc1a79 Translated using Weblate (Catalan)
Currently translated at 98.6% (149 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ca/
4 jaren geleden
Anonymous 3a9a133226 Translated using Weblate (English)
Currently translated at 11.0% (18 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
4 jaren geleden
Jaume Barber af251216b0 Translated using Weblate (English)
Currently translated at 11.0% (18 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
4 jaren geleden
Alexander Graf b55b53b781 optimize generation of transport nexthop 4 jaren geleden
Alexander Graf 0a9f732faa added docstring to Logger. use generators. 4 jaren geleden
Dario Ernst b6716f0d74 Remove "CHUNKING" capability from nginx-smtp
With `CHUNKING`set as a capability, nginx advertises this capability to
clients at a stage where the SMTP dialog does not seem to be forwarded
to the proxy-target (postfix) yet. Nginx' SMTP parser itself does not
support the `BDAT` command issued as part of a chunke-d dialog. This makes
Nginx respond with a `250 2.0.0 OK` and close the connection, after the
mail-data got sent by the client — without forwarding this to the
proxy-target.

With this, users mail can be lost.

Furthermore, when a user uses a sieve filter to forward mail, dovecot
sometimes chunks the forwarded mail when sending it through `front`.
These forwards then fail.

Removing `CHUNKING` from the capabilities fixes this behavior.
4 jaren geleden
Alexander Graf bde7a2b6c4 moved import logging to schema
- yaml-import is now logged via schema.Logger
- iremoved relative imports - not used in other mailu modules
- removed develepment comments
- added Mailconfig.check method to check for duplicate domain names
- converted .format() to .format_map() where possible
- switched to yaml multiline dump for dkim_key
- converted dkim_key import from regex to string functions
- automatically unhide/unexclude explicitly specified attributes on dump
- use field order when loading to stabilize import
- fail when using 'hash_password' without 'password'
- fixed logging of dkim_key
- fixed pruning and deleting of lists
- modified error messages
- added debug flag and two verbosity levels
4 jaren geleden
Florent Daigniere aa8cb98906 Set sensible cookie options 4 jaren geleden
Alexander Graf e4c83e162d fixed colorize auto detection 4 jaren geleden
Alexander Graf e46d4737b0 merged changes from api without api 4 jaren geleden
Alexander Graf 4b9886b139 Merge remote-tracking branch 'upstream/master' into import-export 4 jaren geleden
Alexander Graf 10435114ec updated remarks and docs 4 jaren geleden
Alexander Graf 1e2b5f26ab don't handle nested lists 4 jaren geleden
Alexander Graf 70a1c79f81 handle prune and delete for lists and backrefs 4 jaren geleden
Alexander Graf 8929912dea remove OrderedDict - not necessary in python>=3.7 4 jaren geleden
Alexander Graf 3937986e76 Convert OrderedDict to dict for output 4 jaren geleden
Alexander Graf 68caf50154 new import/export using marshmallow 4 jaren geleden
lub 88f992de16 show flash messages again
This basically restores the behaviour, that got removed in
ecdf0c25b3 during refactoring.
4 jaren geleden
Florent Daigniere 80f939cf1a Revert to the old behaviour when ADMIN=false 4 jaren geleden
Florent Daigniere 2e749abe61 DNS records for client autoconfiguration (RFC6186) 4 jaren geleden
Florent Daigniere b49554bec1 merge artifact 4 jaren geleden
Florent Daigniere ef637f51b7 derive the SSO keys from a KDF 4 jaren geleden
Florent Daigniere 906a051925 Make rainloop use internal auth 4 jaren geleden
Alexander Graf 1c9abf6e48 updated requirements for import/export
api reqs (flask-restx, ...) are still missing
5 jaren geleden
Alexander Graf 1da7e5b8d2 Merge remote-tracking branch 'upstream/master' into api 5 jaren geleden
Alexander Graf 902b398127 next step for import/export yaml & json 5 jaren geleden
Michael Wyraz ca6ea6465c make syslog optional 5 jaren geleden
Michael Wyraz e979743226 Rsyslog logging for postfix, optional logging to file, no logging of test requests 5 jaren geleden
Mordi Sacks f56af3053a
Removed email address 5 jaren geleden
Alexander Graf 65b1ad46d9 order yaml data and allow callback on import
- in yaml the primary key is now always first
- calling a function on import allows import to be more verbose
- skip "fetches" when empty
5 jaren geleden
Alexander Graf 8213d044b2 added docstrings, use f-strings, cleanup
- idna.encode does not encode upper-case letters,
  so .lower() has to be called on value not on result
- split email-address on '@' only once
- converted '*'.format(*) to f-strings
- added docstrings
- removed from_dict method
- code cleanup/style (list concat, exceptions, return&else, line-length)
- added TODO comments on possible future changes
5 jaren geleden
Alexander Graf 31a903f959 revived & renamed config-fns. cosmetics.
- revived original config-update function for backwards compability
- renamed config-dump to config-export to be in line with config-import
- converted '*'.format(*) to f-strings
- converted string-concatenation to f-strings
5 jaren geleden
Michael Wyraz 2b37be9889 Use alpine 3.13 to fix CVE-2020-25275 and CVE-2020-24386 5 jaren geleden
Alexander Graf c24bff1c1b added config_import using marshmallow 5 jaren geleden
Alexander Graf 7413f9b7b4 config_dump now using marshmallow 5 jaren geleden
Alexander Graf dc42d375e2 added filtering of keys and default value 5 jaren geleden
Alexander Graf 82cf0d843f fix sqlalchemy column definitions 5 jaren geleden
Alexander Graf b3f8dacdad add docstrings and make linter happy 5 jaren geleden
Alexander Graf 6629aa3ff8 first try at api using flask-restx & marshmallow 5 jaren geleden
Alexander Graf 4c258f5a6b cosmetic changes & make linter happy
renamed single letter variables (m => match)
renamed classmethod arguments to cls (model)
removed shadowing of variables (hash, context)
shortened unneeded lambda functions (id)
converted type ... is to isinstance(...)
removed unneded imports (flask)
5 jaren geleden
Alexander Graf 7229c89de1 ConfigManager should not replace app.config
Updated ConfigManager to only modify app.config and not replace it.
Swagger does not play well, when app.config is not a real dict and
it is not necessary to keep ConfigManager around after init.

Also added "API" flag to config (default: disabled).
5 jaren geleden
Alexander Graf 3b35180b41 cosmetic changes 5 jaren geleden
Alexander Graf 815f47667b update dkim-key on commit only 5 jaren geleden
Alexander Graf 0a594aaa2c cosmetic changes 5 jaren geleden
Alexander Graf 3064a1dcff removed call to (undefined) cli 5 jaren geleden
Alexander Graf 0051b93077 removed unused variable 5 jaren geleden
Alexander Graf 2cd3acdc1a Merge remote-tracking branch 'upstream/master' into import-export 5 jaren geleden
Alexander Graf 63176f4878 Merge remote-tracking branch 'upstream/master' into import-export 5 jaren geleden
lub 98a6ffb497 add compression via xz and lz4 5 jaren geleden
dependabot[bot] 54ccfdf975
Bump cryptography from 2.6.1 to 3.2 in /core/admin
Bumps [cryptography](https://github.com/pyca/cryptography) from 2.6.1 to 3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/2.6.1...3.2)

Signed-off-by: dependabot[bot] <support@github.com>
5 jaren geleden
ofthesun9 d32e73c5bc Fix letsencrypt access to certbot for the mail-letsencrypt flavour 5 jaren geleden
bors[bot] 3ca81913fc
Merge #1654
1654: Ensure that the rendered file ends with newline in order to make `pos… r=mergify[bot] a=tremlin

## What type of PR?

Bugfix

## What does this PR do?

This fixes #1580 

### Related issue(s)
- closes #1580

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.


Co-authored-by: Thomas Rehn <thomas.rehn@initos.com>
5 jaren geleden
cbachert 32f6a23a95 Remove rspamd unused env var from start script
Environment variable FRONT_ADDRESS is unused in rspamd
FRONT_ADDRESS references were removed with commit 8172f3e in PR #727
5 jaren geleden
Alexander Graf adc9c70c3e added dump option to dump dns data of domains 5 jaren geleden
Alexander Graf 2a5c46c890 Allow to dump only selected sections 5 jaren geleden
Alexander Graf 500967b2f5 ignore dkim_publickey when updating config 5 jaren geleden