You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
Go to file
bors[bot] a5f6f9676b
Merge #2140
2140: Fix 2138: Pin DANE with the full cert r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Pin the intermediates rather than the root for DANE. If you have setup TLSA records following previous suggestion from Mailu please update them.

This hasn't been tested.

The four options here are:
- stop suggesting DANE records
- send the root CA (4096 bits extra per handshake!)
- pin the intermediates : the downside is that these are only valid for 3y, see https://letsencrypt.org/certificates/ and we should pin 4: R3,R4,E1,E2
- setup a 'full' DANE record in DNS (this is what this PR does)

The high priority is warranted by the fact that some SMTP servers may not trust root CAs and may enforce DANE strictly (it may break things).

### Related issue(s)
- close #2138

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
3 years ago
.github Preparations for 1.9 release. 3 years ago
core reduce TTL to 1d 3 years ago
design RFC: Mailu directory structure 5 years ago
docs typo 3 years ago
optional update Dockerfile to alpine 3.14.3 3 years ago
setup Merge #2099 3 years ago
tests Merge branch 'master' of github.com:Diman0/Mailu into remove-mailu-postgresql 3 years ago
towncrier Fix 2138: Pin DANE with the full cert 3 years ago
webmails Fixes #2131 3 years ago
.gitignore use different alpine image for arm, add config for php images+arm 5 years ago
.mergify.yml Preparations for 1.9 release. 3 years ago
AUTHORS.md Update AUTHORS.md 3 years ago
CHANGELOG.md Update CHANGELOG.md with items that were not added by mistake. 3 years ago
CODE_OF_CONDUCT.md Add a code of conduct, fixes #319 7 years ago
CONTRIBUTING.md Update "the development guidelines" hyperlink 5 years ago
ISSUE_TEMPLATE.md Remove <> tags as they break markdown rendering 4 years ago
LICENSE.md Rename the freeposte/mailu directory and database 8 years ago
PULL_REQUEST_TEMPLATE.md fix spelling 3 years ago
README.md Cosmetic change 3 years ago
RELEASE_TEMPLATE.md changed semver example to 1.9.x 3 years ago
bors.toml Switch to github actions for CI/CD 3 years ago
pyproject.toml Fix the package setting 5 years ago

README.md

Mailu

Mailu is a simple yet full-featured mail server as a set of Docker images. It is free software (both as in free beer and as in free speech), open to suggestions and external contributions. The project aims at providing people with an easily setup, easily maintained and full-featured mail server while not shipping proprietary software nor unrelated features often found in popular groupware.

Most of the documentation is available on our Website, you can also try our demo server before setting up your own, and come talk to us on Matrix.

Features

Main features include:

  • Standard email server, IMAP and IMAP+, SMTP and Submission
  • Advanced email features, aliases, domain aliases, custom routing
  • Web access, multiple Webmails and administration interface
  • User features, aliases, auto-reply, auto-forward, fetched accounts
  • Admin features, global admins, announcements, per-domain delegation, quotas
  • Security, enforced TLS, DANE, MTA-STS, Letsencrypt!, outgoing DKIM, anti-virus scanner
  • Antispam, auto-learn, greylisting, DMARC and SPF
  • Freedom, all FOSS components, no tracker included

Domains

Contributing

Mailu is free software, open to suggestions and contributions. All components are free software and compatible with the MIT license. All specific configuration files, Dockerfiles and code are placed under the MIT license.