diff --git a/docs/configuration.rst b/docs/configuration.rst index 0d9f9b3a..7a7f1780 100644 --- a/docs/configuration.rst +++ b/docs/configuration.rst @@ -40,6 +40,8 @@ address. The ``WILDCARD_SENDERS`` setting is a comma delimited list of user email addresses that are allowed to send emails from any existing address (spoofing the sender). +.. _AUTH Ratelimit: + The ``AUTH_RATELIMIT_IP`` (default: 5/hour) holds a security setting for fighting attackers that attempt a password spraying attack. The value defines the limit of authentication attempts that will be processed on **distinct** non-existing diff --git a/docs/faq.rst b/docs/faq.rst index e2cc7c5b..5835fb3e 100644 --- a/docs/faq.rst +++ b/docs/faq.rst @@ -438,6 +438,31 @@ Proceed as following for deleting an user: .. _`github project`: https://github.com/Mailu/Mailu/ + +How to unblock an IP from rate limiter manually? +```````````````````````````````````````````````` + +To manually unblock an IP from the rate limiter do the following on your CLI: + +.. code-block:: bash + + # list the limited networks (this is not the IP, but only the network part according to AUTH_RATELIMIT_IP_V4_MASK + $ docker compose exec redis redis-cli -n 2 --scan --pattern 'LIMITER/auth-ip/*' + + # remove from rate limiter + $ IP=8.8.8.8; docker compose exec redis redis-cli -n 2 --scan --pattern "LIMITER/auth-ip/${IP}/*" \ + | xargs -r docker compose exec -T redis redis-cli -n 2 DEL + +Consider using :ref:`AUTH tokens` for your users. Token-based authentication is exempted from rate limits! + +Also have a look at the configuration parameters +``AUTH_RATELIMIT_EXEMPTION`` and ``AUTH_REQUIRE_TOKENS``. More on +:ref:`Rate limiting` and :ref:`advanced settings`. + +*Issue reference:* `2856`_. + +.. _`2856`: https://github.com/Mailu/Mailu/issues/2856 + Changes in .env don't propagate ``````````````````````````````` diff --git a/docs/webadministration.rst b/docs/webadministration.rst index 3a3af6a6..3f57ecb1 100644 --- a/docs/webadministration.rst +++ b/docs/webadministration.rst @@ -167,6 +167,8 @@ Click the submit button to apply settings. With the default polling interval, fe Make sure ``FETCHMAIL_ENABLED`` is set to ``true`` in ``mailu.env`` to enable fetching and showing fetchmail in the admin interface. +.. _AUTH tokens: + Authentication tokens ---------------------