Commit Graph

485 Commits (fc633826da209ebcf751209135e0b36de9b141da)

Author SHA1 Message Date
bors[bot] 9f2aa0aadc
Merge
1986: Document how to setup client autoconfig r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Document how to setup autoconfig. This works with most open-source MUAs (thunderbird, evolution, ...)

We could go further than that by providing dynamic configuration (issue an auth token for each MUA request)... but it won't work unless a new DNS entry (and matching certificate) is created.

### Related issue(s)
- 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


2014: Update Chinese translation r=mergify[bot] a=qy117121

## What type of PR?

translation

## What does this PR do?

Update Chinese translation. Use `zh` instead of `zh_CN`.

### Related issue(s)

none

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: qy117121 <mixuan121@gmail.com>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Florent Daigniere e127e6b32f clarify the documentation
Florent Daigniere 1157868370 Document how to setup autoconfig
Alexander Graf 1e8b41f731 Merge remote-tracking branch 'upstream/master' into adminlte3_fixes
Dimitri Huisman 5a1e6dfb61 Added documentation for new LOGO_BACKGROUND and LOGO_URL env variables.
Florent Daigniere 9888efe55d Document as suggested on #mailu-dev
Florent Daigniere ef5f82362c Merge remote-tracking branch 'upstream/master' into policyd-mta-sts
Florent Daigniere d607ba0ef2 Clarify that a restart may be required
Florent Daigniere fb34f53493 Do operations in the right (safe) order
Florent Daigniere fccb0cc57f Add a longer max_age (15days)
Florent Daigniere 67db72d774 Behave like documented
Florent Daigniere a8142dabbe Introduce DEFER_ON_TLS_ERROR
This will default to True and defer emails that fail even "loose"
validation of DANE or MTA-STS

It should work most of the time but if it doesn't and you would rather
see your emails delivered, you can turn it off.
bors[bot] 7e86f5cb57
Merge
1959: Ensure that we don't trust client headers r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Document how REAL_IP_FROM and REAL_IP_HEADER should be used. Ensure that we strip True-Client-IP and X-Forwarded-For if neither are set.

We should also update the documentation on reverse-proxies... but that's 

### Related issue(s)
- 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Florent Daigniere 5efe35329b doh
Florent Daigniere 5634354911 document how to publish an MTA-STS policy
Florent Daigniere 394c2fe22c Document REAL_IP_HEADER and REAL_IP_FROM
Fix a security vulnerability whereby we were not clearing other headers
Florent Daigniere 0e45bb3ae5 use example.com
Florent Daigniere d65993886a Fix the links
Florent Daigniere 9e306bf255 use example.com
Florent Daigniere 5ed77750f2 clarify
Florent Daigniere 13e0b56a0d This breaks SSO
Florent Daigniere e742c5432b simplify
Florent Daigniere 0a6f3448ec k8s is helm-chart only
Florent Daigniere fb8d52ceb2 Merge branch 'master' of https://github.com/Mailu/Mailu into tls_policy_map
Florent Daigniere fc5758e352 Clarify that it will only work for existing addresses
Florent Daigniere 9ec7590171 Merge branch 'master' of https://github.com/Mailu/Mailu into wildcard_senders
bors[bot] b57df78dac
Merge
1916: Ratelimit outgoing emails per user r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

A conflict-free version of  implementing per-user sender limits

### Related issue(s)
- close  
- close 
- close  

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Dimitri Huisman 4c056db4aa Added documentation for all user statuses.
Dimitri Huisman b7403c850a Document the new setting in webadministration.rst.
Florent Daigniere facc4b6427 Allow specific users to send email from any address
Diman0 146b081119 enhanced security changelog entry and added recommendation to recreate secret_key
Diman0 2132adcc38 Fixed typing error.
Diman0 b7db90b7ff Update documentation config and release notes page.
David Fairbrother 24747e33de Add ability to set no WEBROOT_REDIRECT to Nginx
Adds a 'none' env option to WEBROOT_REDIRECT so that no `location /`
configuration is written to nginx.conf.

This is useful for setting up Mailu and Mailman where we override the
root to proxy to the mailing list server instead. Without this change
the nginx container will not start, or for 1.7 users can set their
WEBMAIL_PATH to / with no webmail to get the same results.

This fix means that future users don't have to choose between webmail
and a root override and makes the configuration intention clear.
Florent Daigniere 7b847852af fix typo
Florent Daigniere e1a7657999 Now that postfix has CAs we can switch to secure
encrypt means "ensure we have some confidentiality" whereas secure means
"ensure we have confidentiality while talking to the right peer"
(protects against passive or/and active MITM attacks)
Florent Daigniere c76a76c0b0 make it optional, add a knob
Diman0 14a1871511 enhanced security changelog entry and added recommendation to recreate secret_key
Diman0 21e7a338e7 Fixed typing error.
Diman0 4b89143362 Update documentation config and release notes page.
bors[bot] 48f3b1fd49
Merge
1656: Add ability to set no WEBROOT_REDIRECT to Nginx r=mergify[bot] a=DavidFair

## What type of PR?

Enhancement / Documentation

## What does this PR do?

From commit:

---

Adds a 'none' env option to WEBROOT_REDIRECT so that no `location /`
configuration is written to nginx.conf.

This is useful for setting up Mailu and Mailman where we override the
root to proxy to the mailing list server instead. Without this change
the nginx container will not start, or for 1.7 users can set their
WEBMAIL_PATH to / with no webmail to get the same results.

This fix means that future users don't have to choose between webmail
and a root override and makes the configuration intention clear.

---

I've also added bullet points to break up a long flowing sentence in `configuration.rst` - it should be a bit easier to read now

### Related issue(s)
No Related Issue - I just jumped to a PR

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly

@ Maintainers - Is this worthy of the changelog, it's useful to know about but I imagine the number of people it affects is equally minimal?
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: David Fairbrother <DavidFair@users.noreply.github.com>
Diman0 588904078e Set default of AUTH_RATELIMIT_SUBNET to False. Increase default AUTH_RATELIMIT value.
Erriez 44e963ab1a
Merge branch 'master' into fix-docs-image
Erriez 98933f9478 Optimize docs/Dockerfile
- Convert .rst to .html in temporary python:3.8-alpine3.14 build image
- Remove all unused packages
- Use nginx:1.21-alpine deployment image
bors[bot] f9e49dc43a
Merge
1877: Fix missing bullet points and styling in documentation r=nextgens a=Diman0

## What type of PR?
Bug-fix

## What does this PR do?
It brings back the bullet points and correct styling to the documentation.
Conf.py was missing an extension declaration.
The requirement docutils was missing. Currently Sphinx only supports docutils 0.16. 

To see the issue yourself compare
Ok: https://mailu.io/1.7/
Not Ok: https://mailu.io/1.8.

### Related issue(s)
- None

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Diman0 <diman@huisman.xyz>
Florent Daigniere 2b63280f59 doh
Florent Daigniere ccb3631622 still need pip3
Florent Daigniere d44608ed04 Merge remote-tracking branch 'upstream/master' into upgrade-alpine
networkException 8235085848
Docs: Limit fail2ban matches to front container
Previously fail2ban matched against all journal entries. This patch
adds a tag to the logdriver and fail2ban filter documentation that
limits the matches to entries from the front container
Diman0 64bf75efb1 Added missing extension in conf.py. Added missing library in requirements.txt. Sphinx is only compatible with docutils<0.17