7e2db9c9c3
1753: Better password storage r=nextgens a=nextgens ## What type of PR? Enhancement: optimization of the logic to speedup authentication requests, support the import of most hashes passlib supports. ## What does this PR do? - it changes the default password cold-storage format to sha256+bcrypt - it enhances the logic to ensure that no CPU cycles are wasted when valid credentials are found - it fixes token authentication on /webdav/ - it lowers the number of rounds used for token storage (on the basis that they are high-entropy: not bruteforceable and speed matters) - it introduces a new setting to set the number of rounds used by the password hashing function (CREDENTIAL_ROUNDS). The setting can be adjusted as required and existing hashes will be migrated to the new cost-factor. - it updates the version of passlib in use and enables all supported hash types (that will be converted to the current settings on first use) - it removes the PASSWORD_SCHEME setting ### Related issue(s) - close #1194 - close #1662 - close #1706 ## Prerequistes Before we can consider review and merge, please make sure the following list is done and checked. If an entry in not applicable, you can check it or remove it from the list. - [x] In case of feature or enhancement: documentation updated accordingly - [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file. Co-authored-by: Florent Daigniere <nextgens@freenetproject.org> |
4 years ago | |
|---|---|---|
| .github | 4 years ago | |
| core | 4 years ago | |
| docs | 4 years ago | |
| optional | 4 years ago | |
| setup | 4 years ago | |
| tests | 4 years ago | |
| towncrier | 4 years ago | |
| webmails | 4 years ago | |
| .gitignore | 5 years ago | |
| .mergify.yml | 4 years ago | |
| .travis.yml | 4 years ago | |
| AUTHORS.md | 4 years ago | |
| CHANGELOG.md | 4 years ago | |
| CODE_OF_CONDUCT.md | 7 years ago | |
| CONTRIBUTING.md | 5 years ago | |
| ISSUE_TEMPLATE.md | 4 years ago | |
| LICENSE.md | 8 years ago | |
| PULL_REQUEST_TEMPLATE.md | 6 years ago | |
| README.md | 6 years ago | |
| bors.toml | 6 years ago | |
| pyproject.toml | 5 years ago | |
README.md
Mailu is a simple yet full-featured mail server as a set of Docker images. It is free software (both as in free beer and as in free speech), open to suggestions and external contributions. The project aims at providing people with an easily setup, easily maintained and full-featured mail server while not shipping proprietary software nor unrelated features often found in popular groupware.
Most of the documentation is available on our Website, you can also try our demo server before setting up your own, and come talk to us on Matrix.
Features
Main features include:
- Standard email server, IMAP and IMAP+, SMTP and Submission
- Advanced email features, aliases, domain aliases, custom routing
- Web access, multiple Webmails and administration interface
- User features, aliases, auto-reply, auto-forward, fetched accounts
- Admin features, global admins, announcements, per-domain delegation, quotas
- Security, enforced TLS, Letsencrypt!, outgoing DKIM, anti-virus scanner
- Antispam, auto-learn, greylisting, DMARC and SPF
- Freedom, all FOSS components, no tracker included
Contributing
Mailu is free software, open to suggestions and contributions. All components are free software and compatible with the MIT license. All specific configuration files, Dockerfiles and code are placed under the MIT license.