2633: Don't apply antispoof rules on locally generated emails r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Don't apply antispoof rules on locally generated emails; This was breaking the auto-responder and sieve rules.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2606: Modify the healtchecks to make them disapear from the logs. r=nextgens a=nextgens
## What type of PR?
enhancement
## What does this PR do?
Modify the healtchecks to make them disapear from the logs.
This is not perfect...
- dovecot now complains about waitpid/finding a new process
- postfix is still regularly pinging rspamd / his milter and that generates a few lines worth of logs each time.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2631: Restful api finishing touches r=mergify[bot] a=Diman0
## What type of PR?
enhancement
## What does this PR do?
Some finishing touches for the restful api.
- Make the API configurable via the setup utility.
- Configured exactly the same as the ADMIN and WEBMAIL.
- We have a single config (API) that configures whether it is exposed (via front). Just like ADMIN. The API is always reachable by directly connecting to the admin container.
- API_TOKEN does not enable/disable the API anymore. When it is not configured, an error is returned (via the internet browser) that the API_TOKEN must be configured in mailu.env.
- Fix some small bugs in the setup utility ( selecting none in the dropdown boxes, now correctly changes the config)
- Update Flask-RestX to 1.0.5. This resolves the deprecation warnings introduced by Flask-RestX.
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2628: Set default for FETCHMAIL_ENABLED r=mergify[bot] a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
Set the default for FETCHMAIL_ENABLED to true in the admin container.
This keeps existing functionality for people upgrading without re-creating the `mailu.env`.
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2604: Really fix creation of deep structures using import in update mode r=mergify[bot] a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
Fix creation of deep structures using import in update mode
### Related issue(s)
- closes#2493
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2627: Add SUBNET6 to places where SUBNET is used r=nextgens a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
Also add SUBNET6 where SUBNET is used.
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2625: Disable fetchmail r=mergify[bot] a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
Only show "fetched accounts" button in user list when fetchmail feature is enabled.
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2613: Enhance network segregation r=nextgens a=nextgens
## What type of PR?
enhancement
## What does this PR do?
- put radicale and webmail on their own network: this is done for security: that way they have no privileged access anywhere (no access to redis, no access to XCLIENT, ...)
- remove the EXPOSE statements from the dockerfiles. These ports are for internal comms and are not meant to be exposed in any way to the outside world.
### Related issue(s)
- #2611
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2624: Move runtime environment variables to the end r=nextgens a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
This moves the environment variables used at runtime from the system to the base image.
It's a workaround for a strange build issue observed when building with hardened malloc enabled.
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2464: Introduce RESTful API r=mergify[bot] a=Diman0
## What type of PR?
Feature
## What does this PR do?
Introduces a RESTful API for changing the complete Mailu config.
Anything that can be configured in the web administration interface, can also be configured via the Mailu RESTful API.
Via the swagger.json endpoint the complete OpenAPI specification can be retrieved.
Via the endpoint swaggerui, a web client is available which shows all the endpoints, data models and allows you to submit requests.
See docs/api.rst and docs/configuration.rst for details for enabling it.
### Related issue(s)
- closes#445
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2623: Fix ipv6 subnet for xclient_hosts r=mergify[bot] a=ghostwheel42
## What type of PR?
bug-fix
## What does this PR do?
this puts the ipv6 prefix into square brackets in the xclient_hosts configuration.
strictly speaking putting the square brackets also around the netmask is not correct, but it's okay for postfix
this will be cleaned when all configuration variables and normalizations are moved to the base container.
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2622: Fix smtplib.LMTP wrong argument name: ip -> host r=mergify[bot] a=zozzz
## What type of PR?
bug-fix
## What does this PR do?
Bug fix when sending welcome message.
### Related issue(s)
- Mention an issue like: -
- Auto close an issue like: closes -
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Vetési Zoltán <zozzz@trigon.hu>
2621: Upgrade to snuffleupagus 0.9.0 r=mergify[bot] a=nextgens
## What type of PR?
enhancement
## What does this PR do?
Upgrade to snuffleupagus 0.9.0. This has a better way to deal with unserialize() and a better compatibility with PHP8.2
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2617: doh r=nextgens a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
### Related issue(s)
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2615: Fix snappymail r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
This was broken in #2611. The other is non-consequential security-wise as nginx filters XHOST... but it's worth fixing regardless.
### Related issue(s)
- #2580
- #2611
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2612: Remove duplicated 'actionstart = ' in fail2ban conf. r=mergify[bot] a=lucassith
In fail2ban example configuration for ipset `option #2`, there is a duplicated string which makes the ipset and fail2ban fail to create the set.
Fail2ban will never ban any ip due to this error.
## What type of PR?
documentation
Co-authored-by: Łukasz Sitarski <Lucassith@gmail.com>
In fail2ban example configuration for ipset option, there was a duplicated string which makes the ipset and fail2ban fail to create the set.
Fail2ban will never ban any ip due to this error.
2611: Fix authenticated submission r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
Don't talk haproxy to postfix; it's more headaches than it is currently worth.
### Related issue(s)
- #2603
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2603: Enable HAPROXY protocol on SUBNET r=mergify[bot] a=nextgens
## What type of PR?
bug-fix
## What does this PR do?
- Enable HAPROXY in between front and imap: With this we avoid running into the limitations of ``mail_max_userip_connections`` and the logfiles reflect the real IP.
- Enable HAPROXY in between front and smtp: with this postfix and rspamd are aware of whether TLS was used or not on the last hop. In practice this won't work as nginx doesn't send PROTO yet.
- Discard redundant log messages from postfix
With all of this, not only are the logs easier to understand but ``doveadm who`` also works as one would expect.
### Related issue(s)
- closes#894
- #1328
- closes#1364
- #1705
## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>