530 Commits (eaeb151ff7e78626b8d2aa183b1782fea7805b1e)

Author SHA1 Message Date
hoellen 79c4edcaf1
Merge pull request #838 from hoellen/schema-maxUserQuota-1
Change quota columns type to BigInteger
6 years ago
hoellen 54169db7e3
Merge branch 'master' into fix-forward-validation 6 years ago
hoellen 9721df0bc5 fix default value for created_at and updated_at
Use date instead of datetime for created_at and updated_at.
6 years ago
hoellen cfa7ca3838 Merge branch 'master' into schema-maxUserQuota-1 6 years ago
hoellen f1e1c96c3b create migration file for changing quota to big integer 6 years ago
Ionut Filip 2d34f0ee52 Fixed auto-forward email validation 6 years ago
hoellen c8758a6526 allow ipv6 addresses for tokens 6 years ago
hoellen 2af540a1c9 change quota columns to bigint 6 years ago
Dario Ernst 66df7a31b0 Unify and coerce booleans from env used in admin
At some places, the string that DOMAIN_REGISTRATION is got used like a boolean
(an easy misassumption to make while in python and dealing with the config
dict), making `DOMAIN_REGISTRATION=False` act as a truthy value. To stop such
future problems from happening, coerce environment config strings to real
bools.

closes #830
6 years ago
mergify[bot] 9175b15d49
Merge pull request #826 from Nebukadneza/reverse_user_alias_pref
Reverse the resolution order of user and alias
6 years ago
mergify[bot] 278bcfb13a
Merge pull request #814 from Nebukadneza/fix_delimiter_alias
Deliver mails to alias-stripped-of-delimeter, even if catchall exists
6 years ago
Dario Ernst 276dc3ffda Reverse the resolution order of user and alias
Since it’s common for wildcard~ish systems to prefer concrete objects over
wildcards, and aliases can be broad-wildcards (think catchall, %@xxx.tld), it
may be more intuitive for users that user-names rank higher than aliases. This
makes it impossible for user-names to be unreachable, since they can be
completely overridden by a catchall otherwise.

This changes default behavior, and is not configurable.

closes #815
6 years ago
Tim Möhlmann 8541ae2c46
Fix migration order after merge 6 years ago
mergify[bot] 99cd1d714b
Merge pull request #799 from hoellen/fix-domain-negative-values-1
don't allow negative values on domain creation/edit
6 years ago
Tim Möhlmann 2567646f47
Merge branch 'master' into fix-domain-negative-values-1 6 years ago
Ionut Filip 50343f354e Merge remote-tracking branch 'upstream/master' into feat-psql-support 6 years ago
Dario Ernst b8d1beed29 Simplify alias-wildcard detection to not consider actual % anymore 6 years ago
Dario Ernst 10d2601963 Unsimplify alias precedence handling
As discussed with hoellen on matrix, since postfix indeed supports including
the recipient delimiter character in a verbatim alias, we should support so too
— and handle its precedence correctly. The clearer and simpler formulation of
the precedence-clauses are credit to @hoellen. Thanks!
6 years ago
mergify[bot] b4822ad43e
Merge pull request #821 from HorayNarea/fix-remove-fts
remove (broken) FTS
6 years ago
mergify[bot] 161394a774
Merge pull request #817 from hoellen/fix-fetch-passwordfield-1
fix edit of fetched acc without changing password
6 years ago
Thomas Sänger 492f3867d8
remove (broken) FTS 6 years ago
Dario Ernst ac64a75743 Simplify alias precedence handling; Remove bogus changelog 6 years ago
mergify[bot] 520ebbb97d
Merge pull request #819 from hoellen/move-spam-1
Mark messages as seen when reporting them as spam
6 years ago
hoellen 7247b4b10c
Merge branch 'master' into fix-password-on-user-edit 6 years ago
hoellen b65d70cf1e mark spam as seen 6 years ago
hoellen a59d5dad23 fix edit of fetched acc without changing password 6 years ago
hoellen f08491dc46 fix forced password on user edit 6 years ago
Ionut Filip 2b0a2d561b Fix connection to mysql db 6 years ago
Dario Ernst 291f8a457b Deliver mails to alias-stripped-of-delimeter, even if catchall exists
This fixes delivery to an alias minus recipient delimiter in cases where a
wildcard alias would also match. For example,
* foo@xxx.tld
* %@xxx.tld
Sending to foo+spam@xxx.tld would get eaten by the catchall before this fix.
Now, the order of alias resolution is made clearer.

closes #813
6 years ago
hoellen 732b5fe161 change password field type in fetch creation/edit and add validators. 6 years ago
mergify[bot] 4204facd85
Merge pull request #810 from usrpro/feat-logging
Implement some degree of logging
6 years ago
Tim Möhlmann 049ca9941f
Cleanup syntax and fix typo 6 years ago
Tim Möhlmann 0ac3cf9617
Don't recursivly chown on mailboxes.
This fixes #776.
Recursion is not needed, as the permissions will only need to be set on the first invocation.
6 years ago
Tim Möhlmann 71cda7983e
Merge branch 'master' into feat-logging 6 years ago
Tim Möhlmann 7d01bb2a4d
LOG_LEVEL docs and changelog entry 6 years ago
Tim Möhlmann b04a9d1c28
Implement debug logging for template rendering 6 years ago
Tim Möhlmann b9313488dd
Add logging for tenacity.retry
In the process we found that the previous way of tenacity syntax caused it not to honor any args.
In this commit we've refactored to use the @decorator syntax, in which tenacity seems to behave better.
6 years ago
mergify[bot] 3b5f3af207
Merge pull request #778 from Nebukadneza/fix_recipient_delimiter
Attempt stripping recipient delimiter from localpart
6 years ago
Ionut Filip 9077bf7313 Merge remote-tracking branch 'upstream/master' into feat-psql-support 6 years ago
Tim Möhlmann 5636e7f5a7
Remove to avoid matching webroot 6 years ago
Ionut Filip 953aa04354 Added postgresql-libs to admin 6 years ago
Tim Möhlmann 561e2fda67
Merge remote-tracking branch 'upstream/master' into fix-favicon 6 years ago
hoellen 501ecf13c1 add migration script 6 years ago
Tim Möhlmann a358b5305f
Merge pull request #797 from Mailu/upgrade-pyyaml
Upgrade PyYAML
6 years ago
Tim Möhlmann 4f93e09028
Implement favicon package
Credit to:
- https://stackoverflow.com/a/19590415/1816774
- https://realfavicongenerator.net/
6 years ago
Tim Möhlmann 284d54190a
Upgrade PyYAML to 4.2b4 6 years ago
hoellen dda64fe91e allow to disable aliases or users for domains and don't allow negativ values on domain creation/edit 6 years ago
hoellen 8fe1e788b3 add missing route fixes 6 years ago
Tim Möhlmann 3c7bf58211
Upgrade PyYAML
CVE-2017-18342
Vulnerable versions: < 4.2b1
Patched version: 4.2b1
In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.
6 years ago
hoellen d5d4d6c337 harden email address validation and fix routes with user_email 6 years ago
Ionut Filip 01ec6e7bf3 Removed undefined function 6 years ago
mergify[bot] d483ef3c2a
Merge pull request #792 from hoellen/admin-broken-links-1
fix broken webmail and logo url in admin
6 years ago
Tim Möhlmann 74fe177297
Merge pull request #785 from TheLegend875/feat-displayed-name
Feature: send auto reply with displayed name
6 years ago
hoellen f617e82c06 fix broken webmail and logo url in admin 6 years ago
Tim Möhlmann 4068c5b751
Versioning for mysqlclient and psycopg2 6 years ago
Tim Möhlmann b2823c23b8
Merge remote-tracking branch 'upstream/master' into feat-psql-support 6 years ago
Tim Möhlmann 9eaeb80a27
Finalize merge with kaiyou/feat-multiple-db 6 years ago
TheLegend875 999d2a9557 changed default.sieve to send displayed name 6 years ago
TheLegend875 2954d84790 added necessary ui elements 6 years ago
TheLegend875 56f4d4c894 fixed auto-forward 6 years ago
TheLegend875 5bdbbf60d7 fixed display of username when not logged in 6 years ago
Dario Ernst c2d45a47fe Attempt stripping recipient delimiter from localpart
Since postfix now asks us for the complete email over podop, which
includes the recipient-delimiter-and-what-follows not stripped, we need
to attempt to find both the verbatim localpart, as well as the localpart
stripped of the delimited part ….

Fixes #755
6 years ago
Tim Möhlmann 19df86f13f
Merge pull request #764 from usrpro/fix-alias-bug
Added regex validation for alias username
6 years ago
Tim Möhlmann 3a5b763018
Option to disable full text search (lucene)
This is a workaround for the bug in issue #751
6 years ago
mergify-bot 983c388150 Merge branch 'master' into 'fix-localpart-chars' 6 years ago
mergify-bot 6cfb74e96c Merge branch 'master' into 'fix-localpart-chars' 6 years ago
Tim Möhlmann af086bbdbe
Include DKIM in VOLUME 6 years ago
hoellen c041a9d45c allow all characters for username in dovecot 6 years ago
Tim Möhlmann 24828615cf
Webmail on root, fixes #757 6 years ago
Ionut Filip 8fc2846924 Added regex validation for alias username 6 years ago
Tim Möhlmann 3c4ee1b31e
Merge pull request #743 from kaiyou/master
Fixes #738 regarding application context
6 years ago
ofthesun9 97b3a85090
Merge pull request #737 from hoellen/fix-alias-match-behaviour
fix alias match behaviour
6 years ago
mergify-bot 09a50b6cfc Merge branch 'master' into 'master' 6 years ago
kaiyou 4060ac2223 Remove some forgotten debugging 6 years ago
kaiyou 087841d5b7 Fix the way we handle the application context
The init script was pushing an application context, which maked
flask.g global and persisted across requests. This was evaluated
to have a minimal security impact.

This explains/fixes #738: flask_wtf caches the csrf token in the
application context to have a single token per request, and only
sets the session attribute after the first generation.
6 years ago
kaiyou b5f51b0e2e Update python dependencies 6 years ago
kaiyou 8707b0fcd7 Use a dictionary of db connection string templates 6 years ago
kaiyou 19f18e2240 Lowercase relays as well as other tables 6 years ago
kaiyou 7e388e472a Handle relay name as an Idna domain 6 years ago
kaiyou 871aa14c9a Lowercase every domain name and email 6 years ago
kaiyou 3df9b3962d Add default columns to the configuration table 6 years ago
kaiyou b88f61f183 Name all constraints when creating them
Prefious commit set the constraint names for existing databases.
New databases can now have named constraints from the ground up.
6 years ago
kaiyou b8282b1d46 Support named constraints for multiple backends
Supporting multiple backends requires that specific sqlite
collations are not used, thus lowercase is applied to all non
case-sensitive columns. However, lowercasing the database requires
temporary disabling foreign key constraints, which is not possible
on SQLite and requires we specify the constraint names.

This migration specific to sqlite and postgresql drops every
constraint, whether it is named or not, and recreates all of them
with known names so we can later disable them.
6 years ago
kaiyou e022513a94 Fix support for postgres and mysql 6 years ago
kaiyou a881a1a839 Revert "Make current migrations work with postgresql"
This reverts commit 9b9f3731f6.
6 years ago
kaiyou 76925e82f3 Revert "Implement CIText as NOCASE alternative in postgresql"
This reverts commit 0f3c1b9d15.
6 years ago
kaiyou f52ae5535c Revert "Created function for returning email type"
This reverts commit 436055f02c.
6 years ago
kaiyou f6520eace6 Merge branch 'feat-psql-support' of https://github.com/usrpro/Mailu into usrpro-feat-psql-support 6 years ago
hoellen 8fe9e695f3 prefer non-wildcard aliases over wildcard aliases 6 years ago
Tim Möhlmann c7dcfee882
Merge pull request #713 from pgeorgi/extend-nginx
nginx: Allow extending config with overrides
6 years ago
hoellen 79768c09f6 fix alias matching behaviour 6 years ago
Tim Möhlmann 6ca8ed437d
Merge pull request #732 from Nebukadneza/add_front_certificate_reload
Add certificate watcher for external certs to reload nginx
6 years ago
Dario Ernst 1aa97c9914 Add certificate watcher for external certs to reload nginx
In case of TLS_FLAVOR=[mail,cert], the user supplies their own certificates.
However, since nginx is not aware of changes to these files, it cannot
reload itself e.g. when the certs get renewed.

To solve this, let’s add a small daemon in the place of
`letsencrypt.py`, which uses a flexible file-watching framework and
reloads nginx in the case the certificates change ….
6 years ago
Tim Möhlmann c00910ca4b
Merge remote-tracking branch 'upstream/master' into extend-nginx 6 years ago
Tim Möhlmann 97d338e68a
Rectify 'endif' placement 6 years ago
Tim Möhlmann 425cdd5e77
Fix syntax errors 6 years ago
Tim Möhlmann 20f1faf6d0
Send 404 when nothing server at '/'
Prevents Nginx welcome screen
6 years ago
Tim Möhlmann 2de4995fec
Don't redirect when webmail is served on '/' 6 years ago
Tim Möhlmann f0906073e3
Merge remote-tracking branch 'upstream/master' into feat-subnet2 6 years ago
mergify[bot] a634c7b72d
Merge pull request #725 from usrpro/fix-outlook2019-smtp
Add login method to smtp_auth under ssl
6 years ago
Tim Möhlmann 8172f3eab8
Move the Mailu Docker network to a fixed subnet.
This will make network configuration and host based authentication
more robust, across different deployment platforms.
The options `RELAYNETS` and`POD_ADDRESS_RANGE` are kept for compatibility.
However, their usage have become optional.
6 years ago
kaiyou b6aaf57be1 Merge branch 'refactor-config' of github.com:kaiyou/mailu into refactor-config 6 years ago
kaiyou d0f07984b0 Merge remote-tracking branch 'upstream/master' into refactor-config 6 years ago
Tim Möhlmann 9dd447e23b
Add login method to smtp_auth under ssl
Fixes #704
6 years ago
Patrick Georgi eac4d553a9 nginx: Allow extending config with overrides
To facilitate this, the default redirect at / can be disabled, even if
the default remains at redirecting to the webmailer.

The extensions are within the host scope and are read from
$ROOT/overrides/nginx/*.conf.
6 years ago
mergify[bot] 2d4bac03ad
Merge pull request #723 from usrpro/clean-healthcheck-logs
Admin: Prevent redirects during health checking
6 years ago
mergify[bot] a382f74680
Merge pull request #705 from usrpro/fix-recaptcha
Fix recaptcha
6 years ago
mergify[bot] 37027cfce7
Merge pull request #633 from kaiyou/fix-sender-checks
Improve sender checks
6 years ago
Tim Möhlmann d18cf7cb25
Prevent redirects during health checking 6 years ago
Tim Möhlmann c9df311a0d
Set forward_destination to an empty list
The value of `None` resulted in an error, since a list was expected.
6 years ago
Tim Möhlmann eff6c34632
Catch asterisk before resolve_domain
Asterisk results in IDNA error and a 500 return code.
6 years ago
Ionut Filip 7b8835070d Added tenacity retry fir migrations connection 6 years ago
David Rothera 88c174fb7a Query alternative table for domain matches
At present postfix checks this view for matches in the domain table and is used to accept/deny messages sent into it however it never checks for matches in the alternative table.

Fixes #718
6 years ago
Ionut Filip 436055f02c Created function for returning email type 6 years ago
Tim Möhlmann 47a3fd47b5
Fix DB_FLAVOR condition testing for models.py 6 years ago
Tim Möhlmann 0f3c1b9d15
Implement CIText as NOCASE alternative in postgresql 6 years ago
Tim Möhlmann 9b9f3731f6
Make current migrations work with postgresql 6 years ago
Tim Möhlmann 8bdc0c71af
Allow for setting a different DB flavor 6 years ago
Ionut Filip fed7146873 Captcha check on signup form 6 years ago
Tim Möhlmann 4783e61693
Fix password context
Fixes the following error:
```
admin_1      | [2018-11-09 09:44:10,533] ERROR in app: Exception on /internal/auth/email [GET]
admin_1      | Traceback (most recent call last):
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 2292, in wsgi_app
admin_1      |     response = self.full_dispatch_request()
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 1815, in full_dispatch_request
admin_1      |     rv = self.handle_user_exception(e)
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 1718, in handle_user_exception
admin_1      |     reraise(exc_type, exc_value, tb)
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
admin_1      |     raise value
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request
admin_1      |     rv = self.dispatch_request()
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request
admin_1      |     return self.view_functions[rule.endpoint](**req.view_args)
admin_1      |   File "/usr/lib/python3.6/site-packages/flask_limiter/extension.py", line 544, in __inner
admin_1      |     return obj(*a, **k)
admin_1      |   File "/app/mailu/internal/views/auth.py", line 18, in nginx_authentication
admin_1      |     headers = nginx.handle_authentication(flask.request.headers)
admin_1      |   File "/app/mailu/internal/nginx.py", line 48, in handle_authentication
admin_1      |     if user.check_password(password):
admin_1      |   File "/app/mailu/models.py", line 333, in check_password
admin_1      |     context = User.pw_context
admin_1      | AttributeError: type object 'User' has no attribute 'pw_context'
```
6 years ago
kaiyou 72e1b444ca Merge alembic migrations 6 years ago
kaiyou 5b769e23da Merge branch 'master' into refactor-config 6 years ago
kaiyou 02995f0a15 Add a mailu command line to flask 6 years ago
kaiyou f9e30bd87c Update the dockerfile and upgrade dependencies 6 years ago
kaiyou 4a7eb1eb6c Explicitely declare flask migrate 6 years ago
kaiyou 2a8808bdec Add the configuration table migration 6 years ago
kaiyou f57d4859f3 Provide an in-context wrapper for getting users 6 years ago
kaiyou f6013aa29f Fix an old migration that was reading configuration before migrating 6 years ago
kaiyou 206cce0b47 Finish the configuration bits 6 years ago
Ionut Filip 1bbf3f235d Using a new class when captcha is enabled 6 years ago
mergify[bot] 12689965bd
Merge pull request #699 from usrpro/fix-admin-bug
Fixed admin_1 errors in the logs
6 years ago
hoellen 680ad4b67a
Catching only ValueError
Co-Authored-By: ionutfilip <ionut.philip@gmail.com>
6 years ago
mergify[bot] e08f3e81d0
Merge pull request #680 from usrpro/feat-startup
Standarize images
6 years ago
Ionut Filip 6dcc33e390 Fixed admin_1 errors in the logs
Fixed errors when trying to log in with an account without domain.
This closes #585
6 years ago
Tim Möhlmann 42e2dbe35d
Standarize image by using shared / similair layers 6 years ago
Tim Möhlmann 5fa2aac569
Fix imap login when no webmail selected 6 years ago
Tim Möhlmann 903bb70c5b
Merge remote-tracking branch 'upstream/master' into standarize-images 6 years ago
Scott 56fb74c502 Fix typo (duplicate self). Fixes #683 6 years ago
Ionut Filip 8a44a44688
Merge branch 'master' into feat-startup 6 years ago
Ionut Filip 1187cac5e1 Finished up switching from .sh to .py 6 years ago
Tim Möhlmann ed81c076f2
Take out "models" path, as we are already in it 6 years ago
Tim Möhlmann aed80a74fa
Rectify decleration of domain_name 6 years ago
Tim Möhlmann 2d382f2d67
Merge branch 'master' into fix-sender-checks 6 years ago
Ionut Filip 0e5606d493 Changed start.sh to start.py 6 years ago
Ionut Filip eb7dfb5771 Cleaning up start.py 6 years ago
Thomas Sänger 603b6e7390
Merge pull request #2 from usrpro/fix-nginx-healthcheck
Fix nginx healthcheck
6 years ago
Tim Möhlmann 81b24f61e8
Merge branch 'master' into feat-healthchecks 6 years ago
Tim Möhlmann a2fea36c79
Increase HEALTHCHECK start time for services that need to wait for host resolving during startup.
In Docker Swarm mode the services listed below can get stuck in their start script, while they
are waiting for other services become available. Now, with HEALTHCHECK enabled, docker does not resolve
names of services that not pass HEALTHCHECK yet. Meaning that if one of the depenend services is not yet
available, it will create a chain of failing services.

The services below retry to resolve 100 time, with an average of 3.5 seconds. Hence, the --start-time
flag is now set at 350 seconds.
- dovecot (imap)
- postfix (smtp)
- rspamd (antispam)
6 years ago
Tim Möhlmann c3e89967fb
Fix front health checking
- Specified seperated /health path in order to allow for healthcheck even if webmail and admin are not seletectd. This also allows healthchecking fom external services like DNS load balancers;
- Make curl not to fail on TLS because localhost is not included in the certificates.
6 years ago
mergify[bot] 90b8c3cc1f
Merge pull request #665 from kaiyou/feat-reply-startdate
Implement a start date filter for autoreply, fixes #362
6 years ago