lub
/
mailu
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity
1,801 Commits
3 Branches
0 Tags
7.4 MiB
Commit Graph

487 Commits (f2a009795bb9e100e1fee990ea8089c40c1e3440)

Author SHA1 Message Date
Tim Möhlmann a358b5305f
Merge pull request from Mailu/upgrade-pyyaml 
Upgrade PyYAML
Tim Möhlmann 4f93e09028
Implement favicon package 
Credit to:
- https://stackoverflow.com/a/19590415/1816774
- https://realfavicongenerator.net/
Tim Möhlmann 284d54190a
Upgrade PyYAML to 4.2b4
hoellen dda64fe91e allow to disable aliases or users for domains and don't allow negativ values on domain creation/edit
hoellen 8fe1e788b3 add missing route fixes
Tim Möhlmann 3c7bf58211
Upgrade PyYAML 
CVE-2017-18342
Vulnerable versions: < 4.2b1
Patched version: 4.2b1
In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.
hoellen d5d4d6c337 harden email address validation and fix routes with user_email
Ionut Filip 01ec6e7bf3 Removed undefined function
mergify[bot] d483ef3c2a
Merge pull request from hoellen/admin-broken-links-1 
fix broken webmail and logo url in admin
Tim Möhlmann 74fe177297
Merge pull request from TheLegend875/feat-displayed-name 
Feature: send auto reply with displayed name
hoellen f617e82c06 fix broken webmail and logo url in admin
Tim Möhlmann 4068c5b751
Versioning for mysqlclient and psycopg2
Tim Möhlmann b2823c23b8
Merge remote-tracking branch 'upstream/master' into feat-psql-support
Tim Möhlmann 9eaeb80a27
Finalize merge with kaiyou/feat-multiple-db
TheLegend875 999d2a9557 changed default.sieve to send displayed name
TheLegend875 2954d84790 added necessary ui elements
TheLegend875 56f4d4c894 fixed auto-forward
TheLegend875 5bdbbf60d7 fixed display of username when not logged in
Dario Ernst c2d45a47fe Attempt stripping recipient delimiter from localpart 
Since postfix now asks us for the complete email over podop, which
includes the recipient-delimiter-and-what-follows not stripped, we need
to attempt to find both the verbatim localpart, as well as the localpart
stripped of the delimited part ….

Fixes
Tim Möhlmann 19df86f13f
Merge pull request from usrpro/fix-alias-bug 
Added regex validation for alias username
Tim Möhlmann 3a5b763018
Option to disable full text search (lucene) 
This is a workaround for the bug in issue
mergify-bot 983c388150 Merge branch 'master' into 'fix-localpart-chars'
mergify-bot 6cfb74e96c Merge branch 'master' into 'fix-localpart-chars'
Tim Möhlmann af086bbdbe
Include DKIM in VOLUME
hoellen c041a9d45c allow all characters for username in dovecot
Tim Möhlmann 24828615cf
Webmail on root, fixes
Ionut Filip 8fc2846924 Added regex validation for alias username
Tim Möhlmann 3c4ee1b31e
Merge pull request from kaiyou/master 
Fixes  regarding application context
ofthesun9 97b3a85090
Merge pull request from hoellen/fix-alias-match-behaviour 
fix alias match behaviour
mergify-bot 09a50b6cfc Merge branch 'master' into 'master'
kaiyou 4060ac2223 Remove some forgotten debugging
kaiyou 087841d5b7 Fix the way we handle the application context 
The init script was pushing an application context, which maked
flask.g global and persisted across requests. This was evaluated
to have a minimal security impact.

This explains/fixes : flask_wtf caches the csrf token in the
application context to have a single token per request, and only
sets the session attribute after the first generation.
kaiyou b5f51b0e2e Update python dependencies
kaiyou 8707b0fcd7 Use a dictionary of db connection string templates
kaiyou 19f18e2240 Lowercase relays as well as other tables
kaiyou 7e388e472a Handle relay name as an Idna domain
kaiyou 871aa14c9a Lowercase every domain name and email
kaiyou 3df9b3962d Add default columns to the configuration table
kaiyou b88f61f183 Name all constraints when creating them 
Prefious commit set the constraint names for existing databases.
New databases can now have named constraints from the ground up.
kaiyou b8282b1d46 Support named constraints for multiple backends 
Supporting multiple backends requires that specific sqlite
collations are not used, thus lowercase is applied to all non
case-sensitive columns. However, lowercasing the database requires
temporary disabling foreign key constraints, which is not possible
on SQLite and requires we specify the constraint names.

This migration specific to sqlite and postgresql drops every
constraint, whether it is named or not, and recreates all of them
with known names so we can later disable them.
kaiyou e022513a94 Fix support for postgres and mysql
kaiyou a881a1a839 Revert "Make current migrations work with postgresql" 
This reverts commit 9b9f3731f6.
kaiyou 76925e82f3 Revert "Implement CIText as NOCASE alternative in postgresql" 
This reverts commit 0f3c1b9d15.
kaiyou f52ae5535c Revert "Created function for returning email type" 
This reverts commit 436055f02c.
kaiyou f6520eace6 Merge branch 'feat-psql-support' of https://github.com/usrpro/Mailu into usrpro-feat-psql-support
hoellen 8fe9e695f3 prefer non-wildcard aliases over wildcard aliases
Tim Möhlmann c7dcfee882
Merge pull request from pgeorgi/extend-nginx 
nginx: Allow extending config with overrides
hoellen 79768c09f6 fix alias matching behaviour
Tim Möhlmann 6ca8ed437d
Merge pull request from Nebukadneza/add_front_certificate_reload 
Add certificate watcher for external certs to reload nginx
Dario Ernst 1aa97c9914 Add certificate watcher for external certs to reload nginx 
In case of TLS_FLAVOR=[mail,cert], the user supplies their own certificates.
However, since nginx is not aware of changes to these files, it cannot
reload itself e.g. when the certs get renewed.

To solve this, let’s add a small daemon in the place of
`letsencrypt.py`, which uses a flexible file-watching framework and
reloads nginx in the case the certificates change ….
Tim Möhlmann c00910ca4b
Merge remote-tracking branch 'upstream/master' into extend-nginx
Tim Möhlmann 97d338e68a
Rectify 'endif' placement
Tim Möhlmann 425cdd5e77
Fix syntax errors
Tim Möhlmann 20f1faf6d0
Send 404 when nothing server at '/' 
Prevents Nginx welcome screen
Tim Möhlmann 2de4995fec
Don't redirect when webmail is served on '/'
Tim Möhlmann f0906073e3
Merge remote-tracking branch 'upstream/master' into feat-subnet2
mergify[bot] a634c7b72d
Merge pull request from usrpro/fix-outlook2019-smtp 
Add login method to smtp_auth under ssl
Tim Möhlmann 8172f3eab8
Move the Mailu Docker network to a fixed subnet. 
This will make network configuration and host based authentication
more robust, across different deployment platforms.
The options `RELAYNETS` and`POD_ADDRESS_RANGE` are kept for compatibility.
However, their usage have become optional.
kaiyou b6aaf57be1 Merge branch 'refactor-config' of github.com:kaiyou/mailu into refactor-config
kaiyou d0f07984b0 Merge remote-tracking branch 'upstream/master' into refactor-config
Tim Möhlmann 9dd447e23b
Add login method to smtp_auth under ssl 
Fixes
Patrick Georgi eac4d553a9 nginx: Allow extending config with overrides 
To facilitate this, the default redirect at / can be disabled, even if
the default remains at redirecting to the webmailer.

The extensions are within the host scope and are read from
$ROOT/overrides/nginx/*.conf.
mergify[bot] 2d4bac03ad
Merge pull request from usrpro/clean-healthcheck-logs 
Admin: Prevent redirects during health checking
mergify[bot] a382f74680
Merge pull request from usrpro/fix-recaptcha 
Fix recaptcha
mergify[bot] 37027cfce7
Merge pull request from kaiyou/fix-sender-checks 
Improve sender checks
Tim Möhlmann d18cf7cb25
Prevent redirects during health checking
Tim Möhlmann c9df311a0d
Set forward_destination to an empty list 
The value of `None` resulted in an error, since a list was expected.
Tim Möhlmann eff6c34632
Catch asterisk before resolve_domain 
Asterisk results in IDNA error and a 500 return code.
Ionut Filip 7b8835070d Added tenacity retry fir migrations connection
David Rothera 88c174fb7a Query alternative table for domain matches 
At present postfix checks this view for matches in the domain table and is used to accept/deny messages sent into it however it never checks for matches in the alternative table.

Fixes
Ionut Filip 436055f02c Created function for returning email type
Tim Möhlmann 47a3fd47b5
Fix DB_FLAVOR condition testing for models.py
Tim Möhlmann 0f3c1b9d15
Implement CIText as NOCASE alternative in postgresql
Tim Möhlmann 9b9f3731f6
Make current migrations work with postgresql
Tim Möhlmann 8bdc0c71af
Allow for setting a different DB flavor
Ionut Filip fed7146873 Captcha check on signup form
Tim Möhlmann 4783e61693
Fix password context 
Fixes the following error:
```
admin_1      | [2018-11-09 09:44:10,533] ERROR in app: Exception on /internal/auth/email [GET]
admin_1      | Traceback (most recent call last):
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 2292, in wsgi_app
admin_1      |     response = self.full_dispatch_request()
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 1815, in full_dispatch_request
admin_1      |     rv = self.handle_user_exception(e)
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 1718, in handle_user_exception
admin_1      |     reraise(exc_type, exc_value, tb)
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
admin_1      |     raise value
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request
admin_1      |     rv = self.dispatch_request()
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request
admin_1      |     return self.view_functions[rule.endpoint](**req.view_args)
admin_1      |   File "/usr/lib/python3.6/site-packages/flask_limiter/extension.py", line 544, in __inner
admin_1      |     return obj(*a, **k)
admin_1      |   File "/app/mailu/internal/views/auth.py", line 18, in nginx_authentication
admin_1      |     headers = nginx.handle_authentication(flask.request.headers)
admin_1      |   File "/app/mailu/internal/nginx.py", line 48, in handle_authentication
admin_1      |     if user.check_password(password):
admin_1      |   File "/app/mailu/models.py", line 333, in check_password
admin_1      |     context = User.pw_context
admin_1      | AttributeError: type object 'User' has no attribute 'pw_context'
```
kaiyou 72e1b444ca Merge alembic migrations
kaiyou 5b769e23da Merge branch 'master' into refactor-config
kaiyou 02995f0a15 Add a mailu command line to flask
kaiyou f9e30bd87c Update the dockerfile and upgrade dependencies
kaiyou 4a7eb1eb6c Explicitely declare flask migrate
kaiyou 2a8808bdec Add the configuration table migration
kaiyou f57d4859f3 Provide an in-context wrapper for getting users
kaiyou f6013aa29f Fix an old migration that was reading configuration before migrating
kaiyou 206cce0b47 Finish the configuration bits
Ionut Filip 1bbf3f235d Using a new class when captcha is enabled
mergify[bot] 12689965bd
Merge pull request from usrpro/fix-admin-bug 
Fixed admin_1 errors in the logs
hoellen 680ad4b67a
Catching only ValueError 
Co-Authored-By: ionutfilip <ionut.philip@gmail.com>
mergify[bot] e08f3e81d0
Merge pull request from usrpro/feat-startup 
Standarize images
Ionut Filip 6dcc33e390 Fixed admin_1 errors in the logs 
Fixed errors when trying to log in with an account without domain.
This closes
Tim Möhlmann 42e2dbe35d
Standarize image by using shared / similair layers
Tim Möhlmann 5fa2aac569
Fix imap login when no webmail selected
Tim Möhlmann 903bb70c5b
Merge remote-tracking branch 'upstream/master' into standarize-images
Scott 56fb74c502 Fix typo (duplicate self). Fixes
Ionut Filip 8a44a44688
Merge branch 'master' into feat-startup
Ionut Filip 1187cac5e1 Finished up switching from .sh to .py
Tim Möhlmann ed81c076f2
Take out "models" path, as we are already in it
Tim Möhlmann aed80a74fa
Rectify decleration of domain_name
Tim Möhlmann 2d382f2d67
Merge branch 'master' into fix-sender-checks
Ionut Filip 0e5606d493 Changed start.sh to start.py
Ionut Filip eb7dfb5771 Cleaning up start.py
Thomas Sänger 603b6e7390
Merge pull request from usrpro/fix-nginx-healthcheck 
Fix nginx healthcheck
Tim Möhlmann 81b24f61e8
Merge branch 'master' into feat-healthchecks
Tim Möhlmann a2fea36c79
Increase HEALTHCHECK start time for services that need to wait for host resolving during startup. 
In Docker Swarm mode the services listed below can get stuck in their start script, while they
are waiting for other services become available. Now, with HEALTHCHECK enabled, docker does not resolve
names of services that not pass HEALTHCHECK yet. Meaning that if one of the depenend services is not yet
available, it will create a chain of failing services.

The services below retry to resolve 100 time, with an average of 3.5 seconds. Hence, the --start-time
flag is now set at 350 seconds.
- dovecot (imap)
- postfix (smtp)
- rspamd (antispam)
Tim Möhlmann c3e89967fb
Fix front health checking 
- Specified seperated /health path in order to allow for healthcheck even if webmail and admin are not seletectd. This also allows healthchecking fom external services like DNS load balancers;
- Make curl not to fail on TLS because localhost is not included in the certificates.
mergify[bot] 90b8c3cc1f
Merge pull request from kaiyou/feat-reply-startdate 
Implement a start date filter for autoreply, fixes
mergify[bot] bce1487338
Merge pull request from hacor/master 
Kubernetes fixed for production
kaiyou 1fcaef7c7e
Merge branch 'master' into fix-sender-checks
Paul Williams 78bd5aea1c enable http2, because it's that easy
hoellen 72d4fa2bc9
remove empty line from merge conflict
hoellen 857ad50509
Merge branch 'master' into feat-reply-startdate
mergify[bot] 4a5c0a6d21
Merge pull request from kaiyou/fix-password-performance 
Improve password checking performance
mergify[bot] 80658c30da
Merge pull request from hoellen/fix-webmail-root 
Fix nginx conf if webmail is on root path
Hans Cornelis f10416e85a Merged with new PRs
mergify[bot] 118ea0f3fb
Merge pull request from ofthesun9/feature-swarm 
Enabling swarm deployment on master branch
mergify[bot] 727970514d
Merge pull request from ofthesun9/feat-fuzzyhashes 
Trying to enable fuzzy hashes for rspamd
kaiyou 82069ea3f0 Clean most of the refactored code
kaiyou f40fcd7ac0 Use click for the manager command
kaiyou fc24426291 First batch of refactoring, using the app factory pattern
hoellen d4f32c3e7d remove rewrite if webmail is on root
kaiyou 01fa179767 Update the user password in database when needed
kaiyou 988e09e65e Add a profiler in debug mode for improving performance
kaiyou dba8f1810d Do not check the password another time in Dovecot
kaiyou d5162328ec Allow dovecot to write the source configuration directory for compiling sieve scripts
kaiyou ce0bf3366d Learn fuzzy hashes automatically
kaiyou 0a5dbf6230 Re-enable local dovecot sieve scripts
Hans Cornelis ef55ca525c Deleted conflicting merge files 
Signed-off-by: Hans Cornelis <hacornelis@gmail.com>
Hans Cornelis e67a0d464b Deleted old folder
Hans Cornelis 3098343360 Merged conflicts
hacor 4ea12deae7 Added kubernetes to Mailu
kaiyou ed3388ed6e Merge branch 'master' into feat-reply-startdate
kaiyou 7c82be904f Merge branch 'master' of github.com:mailu/mailu
Thomas Sänger a412951a30
simpler healthcheck for postfix
Thomas Sänger 0bc901a722
add healthcheck for dovecot
Thomas Sänger 1fc40bf932
add healthcheck for postfix
Thomas Sänger 39272ab05c
add healthcheck for http services
kaiyou e784556330 Fix an edge case with old values containing None for coma separated lists
kaiyou f647d1a0bc Merge branch 'master' into fix-sender-checks
kaiyou 5ada669f43 Rebase reply startdate on master
mergify[bot] bee81d1a54
Merge pull request from HorayNarea/bcrypt 
support bcrypt and use it as default
mergify[bot] 9fd7851cb6
Merge pull request from HorayNarea/apk-no-cache 
remove apk-warning about cache
kaiyou 15eb2806bf Merge branch 'master' into feat-reply-startdate
kaiyou 5035975c41 Remove Postfix debugging
kaiyou c6846fd8db Merge branch 'master' into feat-reply-startdate
mergify[bot] a91a54b5f1
Merge pull request from usrpro/fix-certbot 
Front: move to Alpine:3.8 and fixing
Tim Möhlmann de43060ef8
Move to Alpine:3.8 and fixing
Thomas Sänger bdfcc5b530
pin alpine-version for 'none'-image
Thomas Sänger 6aafef88bd
remove apk-warning about cache
Thomas Sänger c8b39c5d4a
support bcrypt and use it as default