954 Commits (defd5333198ff5d52daef022852fdad3d1961451)

Author SHA1 Message Date
Dimitri Huisman 57865495d4 Forwarding emails option in user settings did not support 1 letter domains. 2 years ago
Dimitri Huisman f6de2b2938 Switch from docker build to buildx for CI/CD.
- The main workflow file has been optimised and simplified.
- Images are built in parallel when building locally resulting in faster build times.
- The github action workflow is about 50% faster.
- Arm images are built as well. These images are not tested due to restrictions of github actions (no arm runners). The tags of the images have -arm appended to it.
- Arm images can also be built locally.
- Reusable workflow is introduced for building, testing and deploying the images.
  This allows the workflow to be reused for other purposes in the future.
- Workflow can be manually triggered. This allows forked Mailu projects to also use the workflow for building images.
2 years ago
Alexander Graf c478e26d68
Encode domain part of email addresses before returning. 2 years ago
Alexander Graf 5179cf0618
Fix localpart splitting and make code more readable. 2 years ago
enginefeeder101 82860d0f80
Moved parsing environment variable to global application config dictionary
Per requested changes added the ``DEFAULT_SPAM_THRESHOLD`` to the main
application configuration dictionary in ``configuration.py`` and updated
``models.py`` accordingly.
No error handling is added, as that was not required.
3 years ago
enginefeeder101 6c83d25312
Configurable default spam threshold used for new users
This commit adds functionality to set a custom default spam threshold
for new users. The environment variable ``DEFAULT_SPAM_THRESHOLD`` can
be used for this purpose. When not set, it defaults back to 80%, as the
default value was before
If ``DEFAULT_SPAM_THRESHOLD`` is set to a value that Python cannot
parse as an integer, a ValueError is thrown. There is no error handling
for that case built-in.
3 years ago
Alexander Graf e75201bb34
Add default to column spam_mark_as_read 3 years ago
Florent Daigniere 04b7ddfffd Merge remote-tracking branch 'upstream/master' into Riscue-master 3 years ago
Florent Daigniere d2aa647a9f l10n 3 years ago
bors[bot] 6f89209f9f
Merge #2302
2302: Update alpine-linux to 3.14.5 - Zlib security FIX r=mergify[bot] a=willofr

## What type of PR?
Security fix

## What does this PR do?
Update alpine docker image to alpine-3.14.5

- closes #2291

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Will <will@packer-output-c8fcfb40-3d93-4475-8f87-e14a9dd683b6>
3 years ago
Will a54a784168 Update alpine-linux to 3.14.5 - Zlib security FIX 3 years ago
hitech95 fc8926493c admin: graceful fail on user fetch in basic auth
Signed-off-by: hitech95 <nicveronese@gmail.com>
3 years ago
bors[bot] c15e4e6015
Merge #2276
2276: Autoconfig of email clients r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

It provides auto-configuration templates for email clients and encourages them to use implicit TLS (see https://nostarttls.secvuln.info/)

There are numerous caveats:
- it will only work if suitable DNS records are created and certificates obtained (autoconfig, autodiscover, ...)
- the mobileconfig file isn't signed
- the credentials will be prompted... we could/should provision a token on each request instead
- it currently doesn't advertise caldav
- it's IMAP only

### Related issue(s)
- close #224 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
bors[bot] 8cc91bad75
Merge #2281 #2285 #2286 #2287
2281: Update alpine-linux to 3.14.4 - OpenSSL security FIX r=mergify[bot] a=willofr

## What type of PR?
Security fix

## What does this PR do?
Update Dockerfiles to use alpine-linux 3.14.4 which contains a security fix for openssl
https://alpinelinux.org/posts/Alpine-3.12.10-3.13.8-3.14.4-released.html

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


2285: Update names of language json files r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

language json files of datatables i18n have been renamed
this updates the mappings to the current names


2286: Fix typo in Traefik reverse proxy docs r=mergify[bot] a=ghostwheel42

Slight typo in the Traefik reverse proxy docs. Found through running into the issue on my own instance.

## What type of PR?

documentation

## What does this PR do?

Adds  #2282 to master


2287: Fix typo in docs: cert not certs r=mergify[bot] a=ghostwheel42

## What type of PR?

documentation

## What does this PR do?

just a typo

Co-authored-by: Will <will@packer-output-c8fcfb40-3d93-4475-8f87-e14a9dd683b6>
Co-authored-by: willofr <willofr@users.noreply.github.com>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Co-authored-by: DAHPr0gram3r <cbillwork02@gmail.com>
3 years ago
Alexander Graf d70596d431
Update names of language json files 3 years ago
Alexander Graf 64ad6931e9
Move 'is_valid_user = user is not None' into else 3 years ago
Alexander Graf 630a4e9b5e
Update auth.py
Add spaces
3 years ago
Maximilian Fischer 8775dc5b15 Fixing AUTH_RATELIMIT_IP not working on imap/pop3/smtp
#2283
3 years ago
Will d02296c3bc Update alpine-linux to 3.14.4 - OpenSSL security FIX 3 years ago
Florent Daigniere ce9dc3a335 ghostwheel42's suggestion 3 years ago
Florent Daigniere 83140322e0 ghostwheel42's suggestion 3 years ago
Florent Daigniere 3aa735cc2d ghostwheel42's suggestion 3 years ago
Florent Daigniere 9bc963f19b don't think the escaping is required but it was there 3 years ago
Florent Daigniere 3e6f3a95a4 Reflect the data from the POST 3 years ago
Florent Daigniere 14931c4acd doh 3 years ago
Florent Daigniere c6c444cfa7 simplify 3 years ago
Florent Daigniere 373e6d2161 doh 3 years ago
Florent Daigniere 184c9bc566 Add json redirect 3 years ago
Florent Daigniere 9a2d8d63a3 Search and replace wasn't a good idea 3 years ago
Florent Daigniere c50750054b Allow POST 3 years ago
Florent Daigniere 71897f4ff0 Doh 3 years ago
Florent Daigniere 6fc1273b58 Add a link to autoconfigure apple devices 3 years ago
Florent Daigniere 0bccb5045c STARTTLS is a bad idea 3 years ago
Florent Daigniere 81b592f3cb try to get LE certs for the new names 3 years ago
Florent Daigniere a3f9e2beee Use priorities instead 3 years ago
Florent Daigniere 2b62a6327a Do explicit TLS where possible 3 years ago
Florent Daigniere c817eaf608 Add the SRV record for autodiscover 3 years ago
Florent Daigniere cdc92aa65b Mobileconfig apple style 3 years ago
Florent Daigniere ccd2cad4f1 Autodiscovery microsoft style 3 years ago
Florent Daigniere 523cee1680 Autoconfig mozilla-style 3 years ago
bors[bot] 0b25854de0
Merge #2210
2210: Add input validation for domain creation r=mergify[bot] a=0pc0deFR

## What type of PR?

bug-fix

## What does this PR do?

This patch add the input validation for domain creation.

### Related issue(s)
- Mention an issue like: #1817
- Auto close an issue like: closes #1817


Co-authored-by: Kevin Falcoz <0pc0defr@gmail.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3 years ago
İbrahim Akyel f65e2fc469 Feature: Marking "Read" spam mails 3 years ago
Florent Daigniere a7f9a35fa1
Merge branch 'master' into fix2274 3 years ago
Florent Daigniere a4ed464170 doh 3 years ago
Florent Daigniere 0bfbb3bcd4
doh 3 years ago
Florent Daigniere cd3eee4c51 ghostwheel42's suggestion 3 years ago
Florent Daigniere d723326b8e style 3 years ago
Florent Daigniere f01d8cd9b9 improve 3 years ago
Florent Daigniere 7b9c4e01f7 improve 3 years ago
Florent Daigniere 91de20c49c Fix exception in logs
This was occuring when you had square brackets in the domain part
3 years ago
Florent Daigniere 8cf76afbab Catch the ValueError instead 3 years ago
Florent Daigniere 08aa32a5df Revert "Don't bother running the query without an address"
This reverts commit dc81979550.
3 years ago
Florent Daigniere 7ce7f2096b belt, braces and suspenders 3 years ago
Florent Daigniere dc81979550 Don't bother running the query without an address
This should solve the following in admin logs:
"WARNING in nginx: Invalid user 'xxxx': (builtins.ValueError)
invalid email address (no "@")"
3 years ago
bors[bot] 2e9b14d536
Merge #2254
2254: Send ISRG_X1 on port 25, make DANE pin that r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Ensure we send ISRG_X1 in the handshake on port 25 (non-interactive, size doesn't really matter).

Update the DANE pin to reflect the change.

I am not sure whether we will need to add --preferred-chain= in the future; This may be the case when letsencrypt decides to use X2/the ECDSA chain

This needs to be tested on a letsencrypt account that isn't mine (I'm opted in for the alternate cert chains)

### Related issue(s)
- closes #2138

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

There's already a towncrier news for it

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
Dimitri Huisman c40a0f4b80 Change link in warning to master. Master is always available. 1.9 will be unavaiable in the future. 3 years ago
Florent Daigniere e4a32b55f5 Send ISRG_X1 on port 25, make DANE pin that 3 years ago
Florent Daigniere d3e7ea5389 spell it out 3 years ago
Florent Daigniere a8dc20962a workaround a bug in coredns 3 years ago
Dimitri Huisman 55a601de5a Add missing import for validators, improve behaviour when an error occurs. 3 years ago
Dimitri Huisman 7d801c560c Improve if statement 3 years ago
Florent Daigniere 9466ad4131 fix #2220 3 years ago
Kevin Falcoz 278d74ce6f
Add title attribute on user-panel div 3 years ago
Kevin Falcoz 3fe1dbe881
Add input validation for domain creation 3 years ago
Kevin Falcoz c69f886a73 Update code with ghostwheel42 comments 3 years ago
Kevin Falcoz 3e394faf92
Patch function "Display Name" into admin page 3 years ago
Florent Daigniere b9e614145f there too 3 years ago
Florent Daigniere b7fb8c661a switch to new API 3 years ago
Billy Chan 90394d7d8c 🎨 use resolver.resolve 3 years ago
shing6326 32446f03e7
Update start.py
fix missing leading . for the resolver test
3 years ago
bors[bot] 1e53530164
Merge #2144
2144: Enable unbound by default, warn if the DNS resolver doesn't work r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Enable unbound by default, warn if the DNS resolver doesn't work

### Related issue(s)
- close #2135

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
3 years ago
Florent Daigniere a9da0c084a
syntax error 3 years ago
Florent Daigniere a2f6243382
remove the error variable 3 years ago
Florent Daigniere b12616b93f
Make the recommendation clearer 3 years ago
Alexander Graf f809be39bf
supply missing fields argument 3 years ago
Florent Daigniere 7bd1fd3489 fix 2145 3 years ago
Florent Daigniere 379fe18f7a test dns resolvers at startup 3 years ago
Florent Daigniere 98973223fd
reduce TTL to 1d 3 years ago
Florent Daigniere 792893caae change TTL to 1y 3 years ago
Florent Daigniere 671f3e382a Fix 2138: Pin DANE with the full cert 3 years ago
Florent Daigniere 7f89a29790 Fix 2125
Make the caller responsible to know whether the rate-limit code should
be called or not
3 years ago
bors[bot] 65d905fe62
Merge #2099
2099: update Dockerfile to alpine 3.14.3 r=mergify[bot] a=willofr

## What type of PR?
Security fix

## What does this PR do?
Updated the Dockerfile to use the latest alpine version 3.14.3 where several CVEs have been fixed: https://alpinelinux.org/posts/Alpine-3.14.3-released.html
New images successfully built on my test env.

### Related issue(s)
None

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Will <will@packer-output-c8fcfb40-3d93-4475-8f87-e14a9dd683b6>
Co-authored-by: willofr <willofr@users.noreply.github.com>
3 years ago
bors[bot] 3eca813182
Merge #2116
2116: fix 2114: redirect old path r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Old paths may still be cached in browsers, it's easy enough to redirect them

### Related issue(s)
- close #2114


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
Florent Daigniere c4675e6e75 fix 2114: redirect old path 3 years ago
Dimitri Huisman b4d3d4b3c9 Preparations for 1.9 release. 3 years ago
Dimitri Huisman 51d94b8d14 Fix issue 2102 3 years ago
Will b2abbc8856 update Dockerfile to alpine 3.14.3 3 years ago
Florent Daigniere bee6e980e3 doh 3 years ago
Florent Daigniere 58d0faff7f ensure we clear the token on delete() 3 years ago
Florent Daigniere 2b29cfb3f0 fix cleanup_sessions() 3 years ago
Florent Daigniere f0247a2faf Use self where appropriate 3 years ago
Florent Daigniere c161a2c987 syntax 3 years ago
bors[bot] 18865bf03b
Merge #2094
2094: Sessions tweaks r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

- Make all sessions permanent, introduce SESSION_TIMEOUT and PERMANENT_SESSION_LIFETIME.
- Prevent the creation of a session before there is a login attempt
- Ensure that webmail tokens are in sync with sessions

### Related issue(s)
- close #2080 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3 years ago
Dimitri Huisman d40be05117 Fix missing edit buttons in alias, relay and fetchmail lists in admin. 3 years ago
Florent Daigniere a28c7f903e do it once 3 years ago
Dimitri Huisman f88daa1e77 Add missing cast to int 3 years ago
Florent Daigniere 5f313310d4 regenerate() shouldn't extend lifetime 3 years ago
Florent Daigniere fe18cf9743 Fix 2080
Ensure that webmail tokens are in sync with sessions
3 years ago
Florent Daigniere 02c93c44f2 Tweak sessions
simplify:
- make all sessions permanent by default
- update the TTL of sessions on access (save always)
- fix session-expiry, modulo 8byte precision
3 years ago
Florent Daigniere ea96a68eb4 don't create a session if we don't have to 3 years ago