a5f6f9676b
2140: Fix 2138: Pin DANE with the full cert r=mergify[bot] a=nextgens ## What type of PR? bug-fix ## What does this PR do? Pin the intermediates rather than the root for DANE. If you have setup TLSA records following previous suggestion from Mailu please update them. This hasn't been tested. The four options here are: - stop suggesting DANE records - send the root CA (4096 bits extra per handshake!) - pin the intermediates : the downside is that these are only valid for 3y, see https://letsencrypt.org/certificates/ and we should pin 4: R3,R4,E1,E2 - setup a 'full' DANE record in DNS (this is what this PR does) The high priority is warranted by the fact that some SMTP servers may not trust root CAs and may enforce DANE strictly (it may break things). ### Related issue(s) - close #2138 ## Prerequisites Before we can consider review and merge, please make sure the following list is done and checked. If an entry in not applicable, you can check it or remove it from the list. - [ ] In case of feature or enhancement: documentation updated accordingly - [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file. Co-authored-by: Florent Daigniere <nextgens@freenetproject.org> Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com> |
3 years ago | |
---|---|---|
.github | 3 years ago | |
core | 3 years ago | |
design | 5 years ago | |
docs | 3 years ago | |
optional | 3 years ago | |
setup | 3 years ago | |
tests | 3 years ago | |
towncrier | 3 years ago | |
webmails | 3 years ago | |
.gitignore | 5 years ago | |
.mergify.yml | 3 years ago | |
AUTHORS.md | 3 years ago | |
CHANGELOG.md | 3 years ago | |
CODE_OF_CONDUCT.md | 7 years ago | |
CONTRIBUTING.md | 5 years ago | |
ISSUE_TEMPLATE.md | 4 years ago | |
LICENSE.md | 8 years ago | |
PULL_REQUEST_TEMPLATE.md | 3 years ago | |
README.md | 3 years ago | |
RELEASE_TEMPLATE.md | 3 years ago | |
bors.toml | 3 years ago | |
pyproject.toml | 5 years ago |
README.md
Mailu is a simple yet full-featured mail server as a set of Docker images. It is free software (both as in free beer and as in free speech), open to suggestions and external contributions. The project aims at providing people with an easily setup, easily maintained and full-featured mail server while not shipping proprietary software nor unrelated features often found in popular groupware.
Most of the documentation is available on our Website, you can also try our demo server before setting up your own, and come talk to us on Matrix.
Features
Main features include:
- Standard email server, IMAP and IMAP+, SMTP and Submission
- Advanced email features, aliases, domain aliases, custom routing
- Web access, multiple Webmails and administration interface
- User features, aliases, auto-reply, auto-forward, fetched accounts
- Admin features, global admins, announcements, per-domain delegation, quotas
- Security, enforced TLS, DANE, MTA-STS, Letsencrypt!, outgoing DKIM, anti-virus scanner
- Antispam, auto-learn, greylisting, DMARC and SPF
- Freedom, all FOSS components, no tracker included
Contributing
Mailu is free software, open to suggestions and contributions. All components are free software and compatible with the MIT license. All specific configuration files, Dockerfiles and code are placed under the MIT license.