1572 Commits (e42d029c2539a6717fde8324f38afafe67dce5cb)

Author SHA1 Message Date
Florent Daigniere ef9cc3c866 Show spoofing on /admin/user/list too 2 years ago
Florent Daigniere 38507b2e1b Close #2372: Implement a GUI for WILDCARD_SENDERS 2 years ago
Florent Daigniere 6a22c82c02 Fix run_dev 2 years ago
Florent Daigniere cf7404e26c Fix #2242: Make quotas adjustable in 50MiB increments 2 years ago
Florent Daigniere b20bf996ec Fix #2231: make public announcements work 2 years ago
Florent Daigniere e2d4e3eb2e Implement header authentication via external proxy 2 years ago
Florent Daigniere e5ab9821f9 Add snuffleupagus
This seems to work in my limited testing.
2 years ago
Florent Daigniere bdc085048d Restore the Dockerfile like it was 2 years ago
Florent Daigniere e3b875aa6b Well, -i stands for --insecure 2 years ago
Florent Daigniere 699be6f9fa Drop privs when running admin too 2 years ago
Florent Daigniere 42cd5bf2dc Move it to base since admin will also use it 2 years ago
Florent Daigniere e5a1a353db Upgrade to alpine 3.16.3
This has PHP fixes and a new rspamd
2 years ago
Florent Daigniere 86637f0259 Make setup use the base image 2 years ago
bors[bot] 68bb8da2b7
Merge #2538
2538: Fix the ARM build again r=mergify[bot] a=nextgens

I have double-checked from the builder and this works.

gcc -v from the alpine image tells me that we have  ``--enable-default-pie``

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago
Florent Daigniere 7745420fe0 Fix the ARM build again 2 years ago
bors[bot] b66f3fe9de
Merge #2537
2537: Fix the armv7 build (again)! r=mergify[bot] a=nextgens

Revert "simplify": ghostwheel42's approach was right
This reverts commit 04f6bd2633.

Without the build still errors-out because of ``set -euxo pipefail``
see https://github.com/Mailu/Mailu/actions/runs/3479399158/jobs/5817902589

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago
Florent Daigniere b9b0c77d2e Revert "simplify": ghostwheel42's approach was right
This reverts commit 04f6bd2633.
2 years ago
bors[bot] f43c8c652e
Merge #2483 #2535
2483: Introduce FETCHMAIL_ENABLED r=mergify[bot] a=DjVinnii

## What type of PR?

Enhancement

## What does this PR do?
Add `FETCHMAIL_ENABLED` to enable/disable the Fetchmail functionality in the Admin UI.

### Related issue(s)
- closes #2127

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


2535: fix the linux/arm/v7 build r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

The arm builder is running aarch64 ... and there is no package for arm/v7


Co-authored-by: Vincent Kling <v.kling@vinniict.nl>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago
Dimitri Huisman 8afb544a10
Default FETCHMAIL_ENABLED to False 2 years ago
Florent Daigniere 32f3241569 ensure we have -pie too 2 years ago
Florent Daigniere 7ab3d8f9fe There is no good reason not to export them is the base image too 2 years ago
Florent Daigniere aa44a42654 ensure we compile the wheels with bells and whistles too 2 years ago
Florent Daigniere 04f6bd2633 simplify 2 years ago
Florent Daigniere d43e7f72df ghostwheel42's suggestion 2 years ago
Florent Daigniere 1f895d5f82 ghostwheel42's suggestion 2 years ago
Florent Daigniere 031a157ad9 fix the linux/arm/v7 build 2 years ago
bors[bot] 04a196c417
Merge #2525 #2534
2525: Switch to GrapheneOS's hardened_malloc r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

Switch to GrapheneOS's hardened_malloc

This was suggested during the dev meeting of the 18/09/22.

It may break things and it may make things unbearably slow... but it should also make the exploitation of memory corruption bugs a lot harder.

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


2534: Close #2533: document SQLALCHEMY_DATABASE_URI r=mergify[bot] a=nextgens

## What type of PR?

documentation

## What does this PR do?

document SQLALCHEMY_DATABASE_URI

### Related issue(s)
- closes #2533

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago
bors[bot] 40bdf7a6d9
Merge #2530
2530: disable SESSION_COOKIE_SECURE when TLS_FLAVOR=notls r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

People are unlikely to proxy everything

### Related issue(s)
- closes #2527

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago
Florent Daigniere b9e5560fb6 Better way to express the same thing
Thanks @ghostwheel42
2 years ago
Florent Daigniere 66de1dcec8 Change the logic
The idea here is that if you have set SESSION_COOKIE_SECURE we should
honor that... and if you haven't we should try to do the right thing.
2 years ago
Florent Daigniere 81628149a2 don't fake the library 2 years ago
Florent Daigniere 9b2f018be6 add --no-cache 2 years ago
Florent Daigniere 76f8517e00 This is still required (as TLS_FLAVOR isn't set) 2 years ago
Florent Daigniere b9564c0bc9 This shouldn't have been commited 2 years ago
Florent Daigniere 19af2944d7 Refactor as requested 2 years ago
Alexander Graf 6b470ac403
Allow proper JS debugging, speed-up assets dev-build, disable redirect-debug by default. 2 years ago
Florent Daigniere 7aad1158fb @ghostwheel42 will fix it in another PR 2 years ago
Florent Daigniere a566cb07d6 fix 2 years ago
Florent Daigniere 08b3a2814b Merge branch 'master' of https://github.com/Mailu/Mailu into notls 2 years ago
Florent Daigniere 6474108056 Use a join() instead 2 years ago
Florent Daigniere c0c91691fd Fix the issue on /admin/fetch/edit 2 years ago
Alexander Graf b0b64a8e63
Use FLASK_DEBUG, fix assets, show startup errors. 2 years ago
Florent Daigniere 505bb79a78 Don't set the secure Cookie flag if TLS_FLAVOR=notls 2 years ago
Florent Daigniere 08a9ab9a56 Improve fetchmail 2 years ago
Florent Daigniere 455180043d doh 2 years ago
bors[bot] 8a90f83bd0
Merge #2514
2514: Update deps r=mergify[bot] a=ghostwheel42

## What type of PR?

update python dependencies

## What does this PR do?

Update python deps in base image


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2 years ago
Florent Daigniere f11c451403 Restrict it to arch where there is a package 2 years ago
Florent Daigniere 97df65e9ef Switch to GrapheneOS's hardened_malloc
This was suggested during the dev meeting of the 18/09/22.

It may break things and it may make things unbearably slow
2 years ago
bors[bot] 745c211c4a
Merge #2523
2523: fix JS error r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

It fixes a bug whereby one may have to click twice on the submit button depending on timing.

e.trigger() will error out on most browsers.

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago
bors[bot] 0839490beb
Merge #2479
2479: Rework the anti-spoofing rule r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

We shouldn't assume that Mailu is the only MTA allowed to send emails on behalf of the domains it hosts.
We should also ensure that it's non-trivial for email-spoofing of hosted domains to happen

Previously we were preventing any spoofing of the envelope from; Now we are preventing spoofing of both the envelope from and the header from unless some form of authentication passes (is a RELAYHOST, SPF, DKIM, ARC)

### Related issue(s)
- close #2475

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago
Florent Daigniere c91c9df134 fix error 2 years ago
Alexander Graf e0d2432c6b
Rename data-ordered to data-sort 2 years ago
Alexander Graf 2a4402cdc2
Fix datatable for list fo sign-up domains 2 years ago
Alexander Graf af6cf5fd1d
Fix language selector without session 2 years ago
Alexander Graf 2778641e78
Fix screen reader title of language selector 2 years ago
Alexander Graf 4776094ea7
Configure datatables on missing tables, add sign in button to sso page. 2 years ago
Alexander Graf 6218b36372
configure datatables via html5 data attributes 2 years ago
Alexander Graf 1ae9156756
Add bcyrpt as direct dependency for better crypto. Also some updates 2 years ago
Alexander Graf a74396a9ef
Fix wtforms usage 2 years ago
Alexander Graf 047413185e
Mask Flask-SQLAlchemy >= 3.0.0 for now as it breaks mailu 2 years ago
Alexander Graf 7e36694b64
Update python deps 2 years ago
Alexander Graf 4b179d9008
Merge branch 'master' into hibp 2 years ago
Alexander Graf 36019a8ce9
Don't show Dockerfile before building 2 years ago
Alexander Graf 91e12d510d
Use default password used everywhere else 2 years ago
Alexander Graf defd533319
Don't duplicate hidden fields 2 years ago
Alexander Graf db87a0f3a1
Move temporary db into container and show docker run command 2 years ago
Alexander Graf f7caaddbec
Speed up asset building when developing 2 years ago
Alexander Graf 71263f1a8c
Add more env variables and restyle code 2 years ago
Alexander Graf fd8570ec34
Remove unused QUOTA_STORAGE_URL 2 years ago
Alexander Graf bbeb211d72
Listen to localhost by default 2 years ago
Alexander Graf 1d90dc3ea3
Allow running without redis 2 years ago
Alexander Graf c507b765be
Improve dev runner 2 years ago
Alexander Graf 8732b70b30
Add shell script to run admin dev environment 2 years ago
Alexander Graf ea636a1835
Fix hibp test 2 years ago
Alexander Graf 311f41c331
Add missing hidden fields 2 years ago
Alexander Graf 27a5f9db65
Reformatting 2 years ago
Vincent Kling 83fdc07a6f Default FETCHMAIL_ENABLED to True 2 years ago
Florent Daigniere 54e9858633 this 2 years ago
Florent Daigniere 14f802fb4a untested but that should work 2 years ago
bors[bot] e0ff135a00
Merge #2498
2498: Implement ITERATE in podop r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

This makes ``doveadm -A`` work.

The easiest way to try it out is:
```
doveadm dict iter proxy:/tmp/podop.socket:auth shared/userdb

or 

doveadm user '*'
```

The protocol is described at https://doc.dovecot.org/developer_manual/design/dict_protocol/
The current version of dovecot is not using flags... so there's little gain in implementing them.

### Related issue(s)
- close #2499

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2 years ago
Alexander Graf c57706ad27
Duh 2 years ago
Alexander Graf 46773f639b
Return 404 is user-id cannot be parsed 2 years ago
Alexander Graf 595b32cf97
Fix quota return value 2 years ago
Alexander Graf bec0b1c3b2
Fix variable name 2 years ago
Florent Daigniere 001acd60ac doh2 2 years ago
Alexander Graf dec5309ef9
Fix typo 2 years ago
Florent Daigniere 6b7026ef69 Here too 2 years ago
Florent Daigniere 24b2c7c04a doh 2 years ago
Florent Daigniere 66250e396c refactor 2 years ago
wkr d920b3d037 fix(auto-reply): include start and end dates in the auto-reply period; issue #2512 2 years ago
Florent Daigniere ff9f152a52 This may be helpful too 2 years ago
Florent Daigniere 5137b235e9 whitelist what we know works
If other people use other arch and want their builds to go faster we can
whitelist them too after they have confirmed it works.
2 years ago
Alexander Graf a2d43be6de
Fix building wheels when deps need to compile 2 years ago
bors[bot] 659cf8894c
Merge #2502
2502: Resolve using socrate function r=mergify[bot] a=ghostwheel42

## What type of PR?

enhancement

## What does this PR do?

nginx.py had a copy of the socrate function resolve_hostname.
This removes the duplicated code and uses the socrate function.
The socrate functions does the same but prefers ipv4 addresses when resolving.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2 years ago
Alexander Graf 91f86a4c2a
Resolve using socrate function 2 years ago
Alexander Graf bba98b320e
Fix armv7 build by manually downloading crates.io index 2 years ago
Florent Daigniere 9cb8df57c6 enforce at least 8 chars 2 years ago
Florent Daigniere afbaabd8cd v1 2 years ago
Florent Daigniere 6def1b555b doh 2 years ago
Florent Daigniere c1f571a4c3 Speed things up.
If we want to go further than this we should change podop's incr(), pass
the flags and make admin process the results.
2 years ago