encrypt means "ensure we have some confidentiality" whereas secure means
"ensure we have confidentiality while talking to the right peer"
(protects against passive or/and active MITM attacks)
1917: Update Alpine version from 3.10 to 3.14 build_arm.sh r=mergify[bot] a=Erriez
## What type of PR?
Update Alpine version from 3.10 to 3.14 in `build_arm.sh` script.
## What does this PR do?
### Related issue(s)
- Mention an issue like: #1200
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Erriez <Erriez@users.noreply.github.com>
1918: Alpine has removed support for btree and hash from postfix r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
fix the following errors:
Aug 08 16:52:03 ocloud postfix/smtp[376]: error: unsupported dictionary type: hash
Aug 08 16:52:03 ocloud postfix/tlsmgr[377]: error: unsupported dictionary type: btree
Aug 08 16:52:03 ocloud postfix/tlsmgr[377]: warning: btree:/var/lib/postfix/smtp_scache is unavailable. unsupported dictionary type: btree
Without it Mailu is unusable with a relay.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
1912: 1.8 release r=mergify[bot] a=Diman0
## What type of PR?
1.8 release.
## What does this PR do?
Final changes required for the 1.8 release.
### Related issue(s)
- #1829 can be closed after this PR is backported.
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Diman0 <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
1656: Add ability to set no WEBROOT_REDIRECT to Nginx r=mergify[bot] a=DavidFair
## What type of PR?
Enhancement / Documentation
## What does this PR do?
From commit:
---
Adds a 'none' env option to WEBROOT_REDIRECT so that no `location /`
configuration is written to nginx.conf.
This is useful for setting up Mailu and Mailman where we override the
root to proxy to the mailing list server instead. Without this change
the nginx container will not start, or for 1.7 users can set their
WEBMAIL_PATH to / with no webmail to get the same results.
This fix means that future users don't have to choose between webmail
and a root override and makes the configuration intention clear.
---
I've also added bullet points to break up a long flowing sentence in `configuration.rst` - it should be a bit easier to read now
### Related issue(s)
No Related Issue - I just jumped to a PR
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
@ Maintainers - Is this worthy of the changelog, it's useful to know about but I imagine the number of people it affects is equally minimal?
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.
Co-authored-by: David Fairbrother <DavidFair@users.noreply.github.com>
1910: Smarter default settings for rate limiting r=mergify[bot] a=Diman0
## What type of PR?
enhancement
## What does this PR do?
As discussed during the last meeting (#1582) people have issues with a too low default value for rate limiting. By default rate limiting was also enabled for the internal subnet which caused normal users to block webmail for all users after a couple of failed login attempts on webmail.
As discussed in #1867 we will make the following changes for now.
The default value for AUTH_RATELIMIT_SUBNET is set to False again.
The default value for AUTH_RATELIMIT is increased to a higher value to prevent issues.
### Related issue(s)
- #1582
- closes#1867
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Diman0 <diman@huisman.xyz>
1908: Optimize docs/Dockerfile r=mergify[bot] a=Erriez
- Convert .rst to .html in temporary `python:3.8-alpine3.14` build image
- Remove all unused packages
- Use `nginx:1.21-alpine` deployment image
## What type of PR?
Optimize/fix `docs/Dockerfile`
## What does this PR do?
### Related issue(s)
- Mention an issue like: #1851
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
## Testing
The following tests has been executed locally:
```bash
export DOCKER_ORG=user
export DOCKER_PREFIX=
export MAILU_VERSION=master
cd tests
time docker-compose -f build.yml build --no-cache docs
real 0m18.850s
user 0m0.317s
sys 0m0.124s
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
user/docs master 3de6c8612cf3 19 seconds ago 38.1MB
docker run -it --rm --name mailu-docs -p 80:80 user/docs:master
Open web browser:
Clear caches
http://localhost:80/master
```
Co-authored-by: Erriez <Erriez@users.noreply.github.com>
1877: Fix missing bullet points and styling in documentation r=nextgens a=Diman0
## What type of PR?
Bug-fix
## What does this PR do?
It brings back the bullet points and correct styling to the documentation.
Conf.py was missing an extension declaration.
The requirement docutils was missing. Currently Sphinx only supports docutils 0.16.
To see the issue yourself compare
Ok: https://mailu.io/1.7/
Not Ok: https://mailu.io/1.8.
### Related issue(s)
- None
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Diman0 <diman@huisman.xyz>
1851: Upgrade alpine r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Upgrade all the images to alpine 3.14 and switch from libressl to openssl on the admin container to work around a bug in alpine
### Related issue(s)
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
1901: treat localpart case insensitive again r=mergify[bot] a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
fixes error introduced by #1604 where the localpart of an email address was handled case sensitive.
this screwed things up at various other places.
### Related issue(s)
closes#1895closes#1900
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
1856: update asset builder dependencies r=mergify[bot] a=ghostwheel42
## What type of PR?
update asset builder dependencies
## What does this PR do?
only include needed dependencies to build mailu assets with nodejs v8
### Related issue(s)
update dependencies as discussed in #1829
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
1896: save dkim key after creation r=mergify[bot] a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
saves generated dkim key after creation vi web ui.
after the model change the domain object needs to be added and flushed via sqlalchemy.
### Related issue(s)
closes#1892
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
1888: Use threads in gunicorn rather than workers/processes r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
This ensures that we share the auth-cache... will enable memory savings
and may improve performances when a higher number of cores is available
"smarter default"
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
1885: fix 1884: always lookup a FQDN r=mergify[bot] a=nextgens
## What type of PR?
bugfix
## What does this PR do?
Fix bug #1884. Ensure that we avoid the musl resolver bug by always looking up a FQDN
### Related issue(s)
- closes#1884
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
1890: fix Email class in model.py r=mergify[bot] a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
fixes class Email - keep email, localpart and domain in sync.
### Related issue(s)
closes#1878
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
1887: Docs: Limit fail2ban matches to front container r=mergify[bot] a=networkException
## What type of PR?
documentation
## What does this PR do?
Previously fail2ban matched against all journal entries. This pull request adds a tag to the logdriver and fail2ban filter documentation that limits the matches to entries from the front container
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: networkException <git@nwex.de>
1886: Fix 1294: ensure podop's socket is owned by postfix r=mergify[bot] a=nextgens
## What type of PR?
bugfix
## What does this PR do?
Ensure that the podop socket is always owned by the postfix user (wasn't the case when build using non-standard base images... typically for arm64)
### Related issue(s)
- closes#1294
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
This ensures that we share the auth-cache... will enable memory savings
and may improve performances when a higher number of cores is available
"smarter default"
Previously fail2ban matched against all journal entries. This patch
adds a tag to the logdriver and fail2ban filter documentation that
limits the matches to entries from the front container
1880: Update jquery dependency of setup and set pinned versions r=mergify[bot] a=Diman0
## What type of PR?
enhancement
## What does this PR do?
Update used jquery javascript files.
Also sets pinned (fixed) versions in requirements.txt. I set the same versions as used in requirements-prod.txt for the admin image.
### Related issue(s)
- Update dependencies as discussed in #1829
- closes#1868
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>