diff --git a/.github/workflows/multiarch.yml b/.github/workflows/multiarch.yml index 5cee1638..d81a2a7d 100644 --- a/.github/workflows/multiarch.yml +++ b/.github/workflows/multiarch.yml @@ -4,7 +4,7 @@ on: branches: - testing - staging - - '1.9' + - '2.0' - master - test-* diff --git a/.mergify.yml b/.mergify.yml index ba47ecf7..e3cf51d1 100644 --- a/.mergify.yml +++ b/.mergify.yml @@ -11,9 +11,9 @@ pull_request_rules: message: | Thanks for submitting this pull request. Bors-ng will now build test images. When it succeeds, we will continue to review and test your PR. - + bors try - + Note: if this build fails, [read this](http://mailu.io/master/contributors/environment.html#when-bors-try-fails). - name: 2 approved reviews; trigger bors r+ @@ -35,18 +35,18 @@ pull_request_rules: comment: message: bors r+ - - name: Backport to 1.9 branch + - name: Backport to 2.0 branch conditions: - base=master - label=type/backport actions: backport: branches: - - '1.9' + - '2.0' - name: remove outdated reviews conditions: - - base~=^(master|1.9)$ + - base~=^(master|2.0)$ actions: dismiss_reviews: approved: True diff --git a/CHANGELOG.md b/CHANGELOG.md index e413e7d3..980288f3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,147 @@ Changelog ========= +For full details see the [releases page](https://mailu.io/2.0/releases.html) + +Upgrade should run fine as long as you generate a new docker-compose.yml file and mailu.env file via setup.mailu.io. +After that any old settings can be reapplied to mailu.env. +Before making any changes, carefully read the [configuration reference](https://mailu.io/2.0/configuration.html). New settings have been introduced and some settings have been removed. +Multiple changes have been made to the docker-compose.yml file and mailu.env file. + +If you use Fail2Ban, then the Fail2Ban intructions have been improved. It is mandatory to remove your Fail2Ban config and re-apply it using the instructions from the [documentation](https://mailu.io/2.0/faq.html#do-you-support-fail2ban). + +Please note that once you have upgraded to 2.0 you won't be able to roll-back to earlier versions + +After changing mailu.env, it is required to recreate all containers for the changes to be propagated. + +2.0.0 - 2023-04-03 + +- Features: Provide auto-configuration files (autodiscover, autoconfig & mobileconfig); Please update your DNS records ([#224](https://github.com/Mailu/Mailu/issues/224)) +- Features: Introduction of the Mailu RESTful API. The full Mailu config can be changed via the Mailu API. + See the section Mailu RESTful API & the section configuration reference in the documentation for more information. ([#445](https://github.com/Mailu/Mailu/issues/445)) +- Features: Allow other folders to be synced by fetchmail ([#711](https://github.com/Mailu/Mailu/issues/711)) +- Features: Update the webmail images. + Roundcube + - Switch to base image (alpine) + - Switch to php-fpm + SnappyMail + - Switch to base image + - Upgrade php7 to php8. ([#1521](https://github.com/Mailu/Mailu/issues/1521)) +- Features: Implement Header authentication via external proxy ([#1972](https://github.com/Mailu/Mailu/issues/1972)) +- Features: Add FETCHMAIL_ENABLED to toggle the fetchmail functionality in the admin interface ([#2127](https://github.com/Mailu/Mailu/issues/2127)) +- Features: Create a polite and turtle delivery queue to accommodate destinations that expect emails to be sent slowly ([#2213](https://github.com/Mailu/Mailu/issues/2213)) +- Features: Add support for custom NGINX config in /etc/nginx/conf.d. ([#2221](https://github.com/Mailu/Mailu/issues/2221)) +- Features: Added ability to mark spam mails as read or unread when moving to junk folder. ([#2278](https://github.com/Mailu/Mailu/issues/2278)) +- Features: Switch from RainLoop to SnappyMail. SnappyMail has better performance and is more secure. ([#2295](https://github.com/Mailu/Mailu/issues/2295)) +- Features: Configurable default spam threshold used for new users ([#2328](https://github.com/Mailu/Mailu/issues/2328)) +- Features: Create a GUI for WILDCARD_SENDERS ([#2372](https://github.com/Mailu/Mailu/issues/2372)) +- Features: Prevent signups with accounts for which an SQL-LIKE alias exists. ([#2429](https://github.com/Mailu/Mailu/issues/2429)) +- Features: Introduce TLS_PERMISSIVE, a new advanced setting to harden cipher configuration on port 25. Changing the default is strongly discouraged, please read the documentation before doing so. ([#2449](https://github.com/Mailu/Mailu/issues/2449)) +- Features: Upgrade the anti-spoofing rule. We shouldn't assume that Mailu is the only MTA allowed to send emails on behalf of the domains it hosts... but we should also ensure that both the envelope from and header from are checked. ([#2475](https://github.com/Mailu/Mailu/issues/2475)) +- Features: Implement the required glue to make "doveadm -A" work ([#2498](https://github.com/Mailu/Mailu/issues/2498)) +- Features: Implement a minimum length for passwords of 8 characters. Check passwords upon login against HaveIBeenPwned and warn users if their passwords are compromised. ([#2500](https://github.com/Mailu/Mailu/issues/2500)) +- Features: Implement OLETools and block bad macros in office documents ([#2510](https://github.com/Mailu/Mailu/issues/2510)) +- Features: Switch to GrapheneOS's hardened_malloc ([#2525](https://github.com/Mailu/Mailu/issues/2525)) +- Features: New override system for Rspamd. In the old system, all files were placed in the Rspamd overrides folder. + These overrides would override everything, including the Mailu Rspamd config. + + Now overrides are placed in /overrides. + If you use your own map files, change the location to /override/myMapFile.map in the corresponding conf file. + It works as following. + * If the override file overrides a Mailu defined config file, + it will be included in the Mailu config file with lowest priority. + It will merge with existing sections. + * If the override file does not override a Mailu defined config file, + then the file will be placed in the rspamd local.d folder. + It will merge with existing sections. + + For more information, see the description of the local.d folder on the rspamd website: + https://www.rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories ([#2555](https://github.com/Mailu/Mailu/issues/2555)) +- Features: Adds a button to the roundcube interface that gets you back to the admin interface ([#2591](https://github.com/Mailu/Mailu/issues/2591)) +- Features: Drop postfix rsyslog localhost messages with IPv6 address ([#2594](https://github.com/Mailu/Mailu/issues/2594)) +- Features: Isolate radicale and webmail on their own network. This ensures they don't have privileged access to any of the other containers. ([#2613](https://github.com/Mailu/Mailu/issues/2613)) +- Features: Improved IPv6 support ([#2630](https://github.com/Mailu/Mailu/issues/2630)) +- Features: Provide a changelog for minor releases. The github release will now: + * Provide the changelog message from the newsfragment of the PR that triggered the backport. + * Provide a github link to the PR/issue of the PR that was backported. + + Switch to building multi-arch images. The images build for pull requests, master and production + are now multi-arch images for the architectures: + * linux/amd64 + * linux/arm64/v8 + * linux/arm/v7 + + Enhance CI/CD workflow with retry functionality. All steps for building images are now automatically + retried. If a build temporarily fails due to a network error, the retried step will still succeed. ([#2653](https://github.com/Mailu/Mailu/issues/2653)) +- Features: Add Czech translation for web administration interface. ([#2676](https://github.com/Mailu/Mailu/issues/2676)) +- Features: Allow inbound to http and mail ports to accept the PROXY protocol ([#2717](https://github.com/Mailu/Mailu/issues/2717)) +- Bugfixes: Add an option so that emails fetched with fetchmail don't go through the filters (closes #1231) ([#1231](https://github.com/Mailu/Mailu/issues/1231)) +- Bugfixes: Allow '+' in the localpart of email addresses to forward to ([#1236](https://github.com/Mailu/Mailu/issues/1236)) +- Bugfixes: Do not update the updated_at field of the User model when quota_bytes_used is updated ([#1363](https://github.com/Mailu/Mailu/issues/1363)) +- Bugfixes: Remove postfix's master.pid on startup if there is no other instance running ([#1483](https://github.com/Mailu/Mailu/issues/1483)) +- Bugfixes: updated Dockerfile to alpine 3.14.3 to address several CVEs ([#2099](https://github.com/Mailu/Mailu/issues/2099)) +- Bugfixes: The gpg-agent package was missing due to updating to a new debian version. + This fix adds gpg-agent back to the roundcube image. + It is used for the enigmail roundcube plugin. ([#2117](https://github.com/Mailu/Mailu/issues/2117)) +- Bugfixes: Fix CI/CD workflow. Tags were not set to the correct commit hash. ([#2124](https://github.com/Mailu/Mailu/issues/2124)) +- Bugfixes: Fix a bug preventing mailu from being usable when no webmail is configured ([#2125](https://github.com/Mailu/Mailu/issues/2125)) +- Bugfixes: Enable unbound by default. Mailu now requires a DNSSEC validating DNS resolver and experience has shown that this may not be the default everywhere yet. ([#2135](https://github.com/Mailu/Mailu/issues/2135)) +- Bugfixes: Pin the root certificate differently for DANE. If you have setup a TLSA record following previous suggestion from Mailu please update it. ([#2138](https://github.com/Mailu/Mailu/issues/2138)) +- Bugfixes: Remove the misleading text in mailu.env that zstd and lz4 are supported for dovecot mail compression. + Zstd and lz4 are not supported. The reason is that the alpine project does not compile this + into the dovecot package. + Users who want this funcionality, can kindly request the alpine project to compile dovecot + with lz4&zstd support. ([#2139](https://github.com/Mailu/Mailu/issues/2139)) +- Bugfixes: Update roundcube to 1.5.2 to fixe an XSS ([#2141](https://github.com/Mailu/Mailu/issues/2141)) +- Bugfixes: matching rainloop php to roundcube's: timezone is a parameter in mailu.env ([#2193](https://github.com/Mailu/Mailu/issues/2193)) +- Bugfixes: Added the /overrides directory in the roundcube config.inc.php file ([#2195](https://github.com/Mailu/Mailu/issues/2195)) +- Bugfixes: Configuring pwstore_scheme in carddav plugin with des_key because Mailu is incompatible with encrypted + https://github.com/mstilkerich/rcmcarddav/blob/master/doc/ADMIN-SETTINGS.md#password-storing-scheme ([#2196](https://github.com/Mailu/Mailu/issues/2196)) +- Bugfixes: Switch from DST_ROOT_X3 to ISRG_X1 as alpine is not shipping the former anymore ([#2199](https://github.com/Mailu/Mailu/issues/2199)) +- Bugfixes: Will update /etc/nginx/nginx.conf and /etc/nginx/http.d/rainloop.conf in webmail container to support MESSAGE_SIZE_LIMIT ([#2207](https://github.com/Mailu/Mailu/issues/2207)) +- Bugfixes: Add input validation for domain creation ([#2210](https://github.com/Mailu/Mailu/issues/2210)) +- Bugfixes: Make public announcement bypass the filters. They may still time-out before being sent if there is a large number of users. ([#2231](https://github.com/Mailu/Mailu/issues/2231)) +- Bugfixes: Work around a bug in coredns: set the DO flag on our DNSSEC queries. Add a new FAQ entry to explain our DNSSEC requirements and ensure that our error message points to it. ([#2239](https://github.com/Mailu/Mailu/issues/2239)) +- Bugfixes: Fetchmail: Missing support for '*_ADDRESS' env vars ([#2246](https://github.com/Mailu/Mailu/issues/2246)) +- Bugfixes: Fix broken setup. Not all dependencies were pinned resulting in a broken update being pulled. ([#2249](https://github.com/Mailu/Mailu/issues/2249)) +- Bugfixes: Fix a bug where rspamd may trigger HFILTER_HOSTNAME_UNKNOWN if part of the delivery chain was using ipv6 ([#2260](https://github.com/Mailu/Mailu/issues/2260)) +- Bugfixes: Update to Alpine Linux 3.14.4 which contains a security fix for openssl. ([#2281](https://github.com/Mailu/Mailu/issues/2281)) +- Bugfixes: Fixed AUTH_RATELIMIT_IP not working on imap/pop3/smtp. ([#2284](https://github.com/Mailu/Mailu/issues/2284)) +- Bugfixes: update alpine linux docker image to version 3.14.5 which includes a security fix for zlib’s CVE-2018-25032. ([#2302](https://github.com/Mailu/Mailu/issues/2302)) +- Bugfixes: postfix: wrap IPv6 CIDRs in square brackets for RELAYNETS ([#2325](https://github.com/Mailu/Mailu/issues/2325)) +- Bugfixes: Disable the built-in nginx resolver for traffic going through the mail plugin. This will silence errors about DNS resolution when the connecting host has no rDNS. ([#2346](https://github.com/Mailu/Mailu/issues/2346)) +- Bugfixes: Re-enable the built-in nginx resolver for traffic going through the mail plugin. + This is required for passing rDNS/ptr information to postfix. + Without this rspamd will flag all messages with DHFILTER_HOSTNAME_UNKNOWN due to the missing rDNS/ptr info. ([#2368](https://github.com/Mailu/Mailu/issues/2368)) +- Bugfixes: Roundcube overrides now also include .inc.php files. Only .inc.php should be used moving forward. ([#2388](https://github.com/Mailu/Mailu/issues/2388)) +- Bugfixes: Forwarding emails user setting did not support 1 letter domains. ([#2402](https://github.com/Mailu/Mailu/issues/2402)) +- Bugfixes: Update roundcube to 1.5.3 + Update rcmcarddav plugin to 4.4.2 ([#2415](https://github.com/Mailu/Mailu/issues/2415)) +- Bugfixes: Switch from mysqlclient to mysql-connector explicitely ([#2432](https://github.com/Mailu/Mailu/issues/2432)) +- Bugfixes: Enable rspamd's autolearn feature to ensure that its bayes classifier has enough HAM to make it usable. Previously the bayes module would never work unless some HAM had been learnt manually. ([#2447](https://github.com/Mailu/Mailu/issues/2447)) +- Bugfixes: Fix a bug preventing users without IMAP access to access the webmails ([#2451](https://github.com/Mailu/Mailu/issues/2451)) +- Bugfixes: Ensure that Mailu keeps working even if it can't obtain a certificate from letsencrypt for one of the HOSTNAMES ([#2467](https://github.com/Mailu/Mailu/issues/2467)) +- Bugfixes: Quote SMTP SIZE to avoid splitting keyword and parameter in EHLO response ([#2485](https://github.com/Mailu/Mailu/issues/2485)) +- Bugfixes: Upgrade to alpine 3.16.2 ([#2497](https://github.com/Mailu/Mailu/issues/2497)) +- Bugfixes: Fix: include start and end dates in the auto-reply period ([#2512](https://github.com/Mailu/Mailu/issues/2512)) +- Bugfixes: Fix creation of deep structures using import in update mode ([#2601](https://github.com/Mailu/Mailu/issues/2601)) +- Bugfixes: Speak HAPROXY protocol in between front and smtp and front and imap. This ensures the backend is aware of the real client IP and whether TLS was used. ([#2603](https://github.com/Mailu/Mailu/issues/2603)) +- Bugfixes: Fix a bug introduced in master whereby anything locally generated (sieve, autoresponder, ...) would be blocked by the anti-spoofing rules ([#2633](https://github.com/Mailu/Mailu/issues/2633)) +- Bugfixes: Fix sieve/out of office replies by adding SUBNET to rspamd's local_networks ([#2635](https://github.com/Mailu/Mailu/issues/2635)) +- Bugfixes: Uses the correct From address (instead of an SRS alias) in the sieve/vacation module ([#2640](https://github.com/Mailu/Mailu/issues/2640)) +- Bugfixes: Tell roundcube to use UTF8 instead of 'UTF7-IMAP' when creating sieve scripts. ([#2650](https://github.com/Mailu/Mailu/issues/2650)) +- Bugfixes: Tweak the snuffleupagus rules to make roundcube's caldav work ([#2693](https://github.com/Mailu/Mailu/issues/2693)) +- Bugfixes: Proxy authentication was using the real client ip instead of the proxy + IP for checking the PROXY_AUTH_WHITELIST. ([#2708](https://github.com/Mailu/Mailu/issues/2708)) +- Improved Documentation: remove the / in the location to avoid http 404 ([#2185](https://github.com/Mailu/Mailu/issues/2185)) +- Improved Documentation: ([#2214](https://github.com/Mailu/Mailu/issues/2214)) +- Deprecations and Removals: Remove POD_ADDRESS_RANGE in favor of SUBNET ([#1258](https://github.com/Mailu/Mailu/issues/1258)) +- Misc: ([#1341](https://github.com/Mailu/Mailu/issues/1341), [#2121](https://github.com/Mailu/Mailu/issues/2121), [#2211](https://github.com/Mailu/Mailu/issues/2211), [#2242](https://github.com/Mailu/Mailu/issues/2242), [#2338](https://github.com/Mailu/Mailu/issues/2338), [#2357](https://github.com/Mailu/Mailu/issues/2357), [#2383](https://github.com/Mailu/Mailu/issues/2383), [#2511](https://github.com/Mailu/Mailu/issues/2511), [#2526](https://github.com/Mailu/Mailu/issues/2526), [#2533](https://github.com/Mailu/Mailu/issues/2533), [#2539](https://github.com/Mailu/Mailu/issues/2539), [#2550](https://github.com/Mailu/Mailu/issues/2550), [#2566](https://github.com/Mailu/Mailu/issues/2566), [#2570](https://github.com/Mailu/Mailu/issues/2570), [#2577](https://github.com/Mailu/Mailu/issues/2577), [#2605](https://github.com/Mailu/Mailu/issues/2605), [#2606](https://github.com/Mailu/Mailu/issues/2606), [#2618](https://github.com/Mailu/Mailu/issues/2618), [#2634](https://github.com/Mailu/Mailu/issues/2634), [#2644](https://github.com/Mailu/Mailu/issues/2644), [#2660](https://github.com/Mailu/Mailu/issues/2660), [#2666](https://github.com/Mailu/Mailu/issues/2666), [#2692](https://github.com/Mailu/Mailu/issues/2692), [#2698](https://github.com/Mailu/Mailu/issues/2698), [#2704](https://github.com/Mailu/Mailu/issues/2704)) + + +Changelog +========= + For full details see the [releases page](https://mailu.io/1.9/releases.html) Upgrade should run fine as long as you generate a new compose or stack configuration and upgrade your mailu.env. Please note that once you have upgraded to 1.9 you won't be able to roll-back to earlier versions without resetting user passwords. @@ -57,7 +198,7 @@ Please note that the shipped image for PostgreSQL database is fully deprecated n - For X.Y and X.Y.Z write the version (X.Y.Z) into /version on the image and add a label with version=X.Y.Z - This means that the latest X.Y image shows the pinned version (X.Y.Z e.g. 1.8.1) it was based on. Via the tag X.Y.Z you can see the commit hash that triggered the built. - For master write the commit hash into /version on the image and add a label with version={commit hash} - - Automatic releases. For x.y triggered builts (e.g. merge on 1.9) do a new github release for the pinned x.y.z (e.g. 1.9.2). + - Automatic releases. For x.y triggered builts (e.g. merge on 1.9) do a new github release for the pinned x.y.z (e.g. 1.9.2). - Release shows a static message (see RELEASE_TEMPLATE.md) that explains how to reach the newsfragments folder and change the branch to the tag (x.y.z) mentioned in the release. Now you can get the changelog by reading all newsfragment files in this folder. ([#1182](https://github.com/Mailu/Mailu/issues/1182)) - Features: Add a credential cache to speedup authentication requests. ([#1194](https://github.com/Mailu/Mailu/issues/1194)) - Features: Introduces postfix logging via syslog with these features: @@ -118,7 +259,7 @@ Please note that the shipped image for PostgreSQL database is fully deprecated n Fix bug #1838. ([#2069](https://github.com/Mailu/Mailu/issues/2069)) - Bugfixes: RELAYNETS should be a comma separated list of networks ([#360](https://github.com/Mailu/Mailu/issues/360)) - Bugfixes: Fix rate-limiting on /webdav/ ([#1194](https://github.com/Mailu/Mailu/issues/1194)) -- Bugfixes: Fixed fetchmail losing track of fetched emails upon container recreation. +- Bugfixes: Fixed fetchmail losing track of fetched emails upon container recreation. The relevant fetchmail files are now retained in the /data folder (in the fetchmail image). See the docker-compose.yml file for the relevant volume mapping. If you already had your own mapping, you must double check the volume mapping and take action. ([#1223](https://github.com/Mailu/Mailu/issues/1223)) @@ -135,7 +276,7 @@ Please note that the shipped image for PostgreSQL database is fully deprecated n - Bugfixes: Reverse proxy documentation has been updated to reflect new security hardening from PR#1959. If you do not set the configuration parameters in Mailu what reverse proxy header to trust, then Mailu will not have access to the real ip address of the connecting client. - This means that rate limiting will not properly work. You can also not use fail2ban. + This means that rate limiting will not properly work. You can also not use fail2ban. It is very important to configure this when using a reverse proxy. ([#1962](https://github.com/Mailu/Mailu/issues/1962)) - Bugfixes: Fixed roundcube sso login not working. ([#1990](https://github.com/Mailu/Mailu/issues/1990)) - Bugfixes: The DB_PORT and ROUNDCUBE_DB_PORT environment variables were not actually used. They are removed from the documentation. For using different ports you can already use the notation host:port . ([#2073](https://github.com/Mailu/Mailu/issues/2073)) @@ -148,7 +289,7 @@ Please note that the shipped image for PostgreSQL database is fully deprecated n - Bugfixes: Alias, relay and fetchmail lists in the admin interface were missing the edit button. ([#2093](https://github.com/Mailu/Mailu/issues/2093)) - Bugfixes: Fix bug introduced by enhanced session management ([#2098](https://github.com/Mailu/Mailu/issues/2102)) - Bugfixes: Fix build dependencies postfix-mta-sts-resolver. ([#2106](https://github.com/Mailu/Mailu/issues/2106)) -- Improved Documentation: Document hardware requirements when using clamav. +- Improved Documentation: Document hardware requirements when using clamav. Clamav requires **at least** 2GB of memory. This 2Gb does not entail any other software running on the box. So in total you require at least 3GB of memory and 1GB swap when antivirus is enabled. ([#470](https://github.com/Mailu/Mailu/issues/470)) diff --git a/core/admin/mailu/configuration.py b/core/admin/mailu/configuration.py index 3adf9a6c..357f728d 100644 --- a/core/admin/mailu/configuration.py +++ b/core/admin/mailu/configuration.py @@ -31,7 +31,7 @@ DEFAULT_CONFIG = { 'SQLALCHEMY_TRACK_MODIFICATIONS': False, # Statistics management 'INSTANCE_ID_PATH': '/data/instance', - 'STATS_ENDPOINT': '19.{}.stats.mailu.io', + 'STATS_ENDPOINT': '20.{}.stats.mailu.io', # Common configuration variables 'SECRET_KEY': 'changeMe', 'DOMAIN': 'mailu.io', diff --git a/docs/conf.py b/docs/conf.py index 22bc1282..10dc77e1 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -9,7 +9,7 @@ templates_path = ['_templates'] source_suffix = '.rst' master_doc = 'index' project = 'Mailu' -copyright = '2018, Mailu authors' +copyright = '2023, Mailu authors' author = 'Mailu authors' version = release = os.environ.get('VERSION', 'master') language = 'en' @@ -25,7 +25,7 @@ htmlhelp_basename = 'Mailudoc' # to template names. html_sidebars = { '**': [ - 'relations.html', + 'relations.html', 'searchbox.html', ] } @@ -36,10 +36,10 @@ html_context = { 'github_user': 'mailu', 'github_repo': 'mailu', 'github_version': version, - 'stable_version': '1.9', + 'stable_version': '2.0', 'versions': [ - ('1.8', '/1.8/'), ('1.9', '/1.9/'), + ('2.0', '/2.0/'), ('master', '/master/') ], 'conf_py_path': '/docs/' diff --git a/docs/releases.rst b/docs/releases.rst index 4a8e8731..2a978d82 100644 --- a/docs/releases.rst +++ b/docs/releases.rst @@ -1,6 +1,308 @@ Release notes ============= +Mailu 2.0 - 2023-04-03 +---------------------- + +Mailu 2.0 is finally available. It is vital to read the `Upgrading` section before upgrading to Mailu 2.0. + +Highlights +`````````` + +This is an overview of the major features introduced in Mailu 2.0. + +Multi-arch images (arm support) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The Mailu project now ships multi-arch images for the architectures: + +- linux/amd64 +- linux/arm64/v8 +- linux/arm/v7 + +It is now possible to run Mailu on most ARM hardware such as the Raspberry Pi. + +Auto-configuration for client +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +On the domain details page, there are also DNS records for enabling DNS auto-client configuration. +Email clients make use of these DNS records to automatically determine the configuration. +If a reverse proxy is used, then the settings might have to be updated. + +For Apple users, the client setup page now offers an autoconfiguration link to automatically configure +the Apple device for using the Mailu email server. + +RESTFul API +^^^^^^^^^^^ + +Mailu offers a RESTful API for changing the Mailu configuration. +Anything that can be configured via the Mailu web administration interface, +can also be configured via the Mailu RESTful API. + +This means the process of configuring a new domain or add new users can be fully automated now. + +This release still makes use of a single configured API token. In a future release the authentication +mechanism for using the Mailu RESTful API will be improved. + +For more information refer to the `Mailu RESTful API` page. + +Header authentication support (use external identity providers) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +It is now possible to use different authentication providers (such as keycloak) to handle the authentication of Mailu users. +Mailu offers the functionality to pass via headers the information for automatically loggin in users. +If a user does not exist yet, Mailu can create the user automatically. + +For more information see `Header authentication using an external proxy` in the configuration reference. + +Login page for specifically admin or webmail +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +With the introduction of `Header authentication support`, it is now possible to have a login page only for admin or webmail. +This functionality can be used by visiting either the URL for admin or webmail. E.g. + +- https://test.mailu.io/admin +- https://test.mailu.io/webmail + +This results in a login page with a single login button. To access the normal login page, visit the root url. + +- https://test.mailu.io + +Users who only use the /admin endpoint can now bookmark https://test.mailu.io/admin. When logging in, it is possible to use the `Enter` key again. + +Introduction of SnappyMail +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The Rainloop webmail client has been replaced with SnappyMail. +The Rainloop project had multiple long outstanding security bugs. For this reason the Mailu project looked for alternatives. +SnappyMail is a fork of Rainloop focussed on performance and security. It offers a similar experience as Rainloop. + +Do not mark spam as read +^^^^^^^^^^^^^^^^^^^^^^^^ + +In the user settings it is now possible to configure if a received spam email must be marked as read. +It is possible to see if you received spam now. + +Improve password complexity +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The minimum password length has been increased to 8. It is important to use complex passwords to prevent password guessing attacks. +We did not want to make changing your password too cumbersome. For this reason the HaveIBeenPwned check is introduced. +When a user changes his password, Mailu checks if this password exists in any of the breaches reported to HaveIBeenPwned. +The changed password is only accepted when the password does not exist in any breaches. +Mailu only checks the hash of the password. Only a part of the hash is submitted to the HaveIBeenPwned API. + +OLETools +^^^^^^^^ + +OLETools is introduced to block bad macros in Microsoft Office documents. OLETools is able to scan Microsoft Office documents and determine if +a macro is malicous. + +By default attachments with know bad file extensions (such as .exe) are blocked. See the FAQ for more information on updating the list of blocked file extensions. + +New override system for Rspamd +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The override system for Rspamd has been overhauled. While the config files were first completely overridden, they are now merged. +Now overrides are placed in the location (in the Rspamd/Antispam container) /overrides. + +If you use your own map files, change the location to /override/myMapFile.map in the corresponding conf file. +It works as following. + +* If the override file overrides a Mailu defined config file, + it will be included in the Mailu config file with lowest priority. + It will merge with existing sections. + +* If the override file does not override a Mailu defined config file, + then the file will be placed in the rspamd local.d folder. + It will merge with existing sections. + +For more information, see the description of the local.d folder on the rspamd website: +https://www.rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories + + +Adds a button to the roundcube interface that gets you back to the admin interface +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Small feature, but so handy. The menu in Roundcube now shows a button to go the the web administration interface. +As a user you can now go back to your profile page where you can change your password or spam settings. And then go back to Roundcube again. + +PROXY PROTOCOL Support +^^^^^^^^^^^^^^^^^^^^^^ + +Reverse proxies can connect to Mailu with the proxy protocol for HTTP and Mail. Below is a small example for Traefik connecting via proxy protocol to Mailu + +.. code-block:: bash + + # Static configuration + providers: + file: + directory: "/opt/traefik/conf" + + entryPoints: + mailu-web: + # Listen on port 8081 for incoming requests + address: :443 + mailu-smtp: + address: :25 + mailu-imaps: + address: :993 + mailu-smtps: + address: :465 + mailu-starttls: + address: :587 + + # From dynamic configuration /opt/traefik/conf + tls: + certificates: + - certFile: /etc/letsencrypt/live/mydomain.com/fullchain.pem + keyFile: /etc/letsencrypt/live/mydomain.com/privkey.pem + + tcp: + routers: + mailu-web: + entryPoints: + - mailu-web + rule: "HostSNI(`*`)" + service: "mailu-web" + mailu-smtp: + entryPoints: + - mailu-smtp + rule: "HostSNI(`*`)" + service: "mailu-smtp" + mailu-imaps: + entryPoints: + - mailu-imaps + rule: "HostSNI(`*`)" + service: "mailu-imaps" + mailu-smtps: + entryPoints: + - mailu-smtps + rule: "HostSNI(`*`)" + service: "mailu-smtps" + mailu-starttls: + entryPoints: + - mailu-starttls + rule: "HostSNI(`*`)" + service: "mailu-starttls" + services: + mailu-web: + loadBalancer: + proxyProtocol: + version: 2 + servers: + - address: "MailuServer:443" + mailu-smtp: + loadBalancer: + proxyProtocol: + version: 2 + servers: + - address: "MailuServer:25" + mailu-smtps: + loadBalancer: + proxyProtocol: + version: 2 + servers: + - address: "MailuServer:465" + mailu-starttls: + loadBalancer: + proxyProtocol: + version: 2 + servers: + - address: "MailuServer:587" + mailu-imaps: + loadBalancer: + proxyProtocol: + version: 2 + servers: + - address: "MailuServer:993" + + + +New Functionality & Improvements +```````````````````````````````` + +For a list of all the changes (including bug fixes) refer to `CHANGELOG.md` in the root folder of the Mailu github project. + +A short summary of the new features: + +- Features: Provide auto-configuration files (autodiscover, autoconfig & mobileconfig); Please update your DNS records +- Features: Introduction of the Mailu RESTful API. The full Mailu config can be changed via the Mailu API. + See the section Mailu RESTful API & the section configuration reference in the documentation for more information. +- Features: Allow other folders to be synced by fetchmail +- Features: Update the webmail images. + Roundcube + + - Switch to base image (alpine) + - Switch to php-fpm + + SnappyMail + + - Switch to base image + - Upgrade php7 to php8. + +- Features: Implement Header authentication via external proxy +- Features: Add FETCHMAIL_ENABLED to toggle the fetchmail functionality in the admin interface +- Features: Create a polite and turtle delivery queue to accommodate destinations that expect emails to be sent slowly +- Features: Add support for custom NGINX config in /etc/nginx/conf.d. +- Features: Added ability to mark spam mails as read or unread when moving to junk folder. +- Features: Switch from RainLoop to SnappyMail. SnappyMail has better performance and is more secure. +- Features: Configurable default spam threshold used for new users +- Features: Create a GUI for WILDCARD_SENDERS +- Features: Prevent signups with accounts for which an SQL-LIKE alias exists. +- Features: Introduce TLS_PERMISSIVE, a new advanced setting to harden cipher configuration on port 25. Changing the default is strongly discouraged, please read the documentation before doing so. +- Features: Upgrade the anti-spoofing rule. We shouldn't assume that Mailu is the only MTA allowed to send emails on behalf of the domains it hosts... but we should also ensure that both the envelope from and header from are checked. +- Features: Implement the required glue to make "doveadm -A" work +- Features: Implement a minimum length for passwords of 8 characters. Check passwords upon login against HaveIBeenPwned and warn users if their passwords are compromised. +- Features: Implement OLETools and block bad macros in office documents +- Features: Switch to GrapheneOS's hardened_malloc +- Features: New override system for Rspamd. In the old system, all files were placed in the Rspamd overrides folder. + These overrides would override everything, including the Mailu Rspamd config. + + Now overrides are placed in /overrides. + If you use your own map files, change the location to /override/myMapFile.map in the corresponding conf file. + It works as following. + + * If the override file overrides a Mailu defined config file, + it will be included in the Mailu config file with lowest priority. + It will merge with existing sections. + * If the override file does not override a Mailu defined config file, + then the file will be placed in the rspamd local.d folder. + It will merge with existing sections. + + For more information, see the description of the local.d folder on the rspamd website: + https://www.rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +- Features: Adds a button to the roundcube interface that gets you back to the admin interface +- Features: Drop postfix rsyslog localhost messages with IPv6 address +- Features: Isolate radicale and webmail on their own network. This ensures they don't have privileged access to any of the other containers. +- Features: Improved IPv6 support +- Features: Provide a changelog for minor releases. The github release will now: + + * Provide the changelog message from the newsfragment of the PR that triggered the backport. + * Provide a github link to the PR/issue of the PR that was backported. + + Switch to building multi-arch images. The images build for pull requests, master and production + are now multi-arch images for the architectures: + + * linux/amd64 + * linux/arm64/v8 + * linux/arm/v7 + + Enhance CI/CD workflow with retry functionality. All steps for building images are now automatically + retried. If a build temporarily fails due to a network error, the retried step will still succeed. +- Features: Add Czech translation for web administration interface. +- Features: Allow inbound to http and mail ports to accept the PROXY protocol + +Upgrading +````````` + +Upgrade should run fine as long as you generate a new compose & mailu.env and then reapply custom config settings to mailu.env. + +If you use Fail2Ban, then the Fail2Ban intructions have been improved. It is mandatory to remove your Fail2Ban config and re-apply it using the instructions from :ref:`updated Fail2Ban documentation `. + +To use the new autoconfig endpoint and Mailu RESTFul API, you may need to update your reverse proxy config. + + Mailu 1.9 - 2021-12-29 ---------------------- @@ -28,10 +330,10 @@ A fair amount of work went in this release; In no particular order: Updated Admin interface ^^^^^^^^^^^^^^^^^^^^^^^ -The Web Administration interface makes use of AdminLTE. The AdminLTE2 technology has been upgraded to AdminLTE3. This cost a lot of effort due to the changes between AdminLTE2 and AdminLTE3. +The Web Administration interface makes use of AdminLTE. The AdminLTE2 technology has been upgraded to AdminLTE3. This cost a lot of effort due to the changes between AdminLTE2 and AdminLTE3. As a result the webpage looks more modern. All tables now have a filter and columns that can be sorted. If you have many users or domains, this will be a very welcome new feature! -A language selector has been added. On the login page and in the Web Admin Interface, the language selector can be accessed in the top right. +A language selector has been added. On the login page and in the Web Admin Interface, the language selector can be accessed in the top right. Import/Export command on steroids @@ -41,7 +343,7 @@ The Mailu command line has been enhanced with the new config-export and config-i **Everything** that can be configured in the Mailu Web Administration Interface can now be exported and imported via yaml files. So via YAML files, you can now bulk configure a complete new installation, without the need to access the Mailu Web Administration Interface. -It is also possible to create new users or import new users (with password hashes) using the config-import. +It is also possible to create new users or import new users (with password hashes) using the config-import. With this new command it is very easy to switch to a different database management system for the Mailu database. Simply dump your configuration to yaml file. After setting up your new Mailu system with the different DBMS, you can import the yaml file with all Mailu configuration. @@ -76,13 +378,13 @@ The images now also contain the release it was built for. On the github project we will automatically create releases for each X.Y.Z release. Via this release you can check what commit hash the tag is assigned to. -With this improvement in our CI/CD workflow, it is possible to be notified when an update is released via github releases. It is also possible to use pinned versions to update in a controlled manner. +With this improvement in our CI/CD workflow, it is possible to be notified when an update is released via github releases. It is also possible to use pinned versions to update in a controlled manner. New Functionality & Improvements ```````````````````````````````` -For a list of all the changes (including bug fixes) refer to `CHANGELOG.md` in the root folder of the Mailu github project. +For a list of all the changes (including bug fixes) refer to `CHANGELOG.md` in the root folder of the Mailu github project. A short summary of the new features: @@ -112,7 +414,7 @@ A short summary of the new features: - Introduce MTA-STS and DANE validation. - Added Hebrew translation. - Log authentication attempts on the admin portal. Fail2ban can now be used to monitor login attempts on Admin/Webmail. -- Remove Mailu PostgreSQL. +- Remove Mailu PostgreSQL. - Admin/Webmail sessions expire now. This can be tweakers via mailu.env. @@ -127,7 +429,7 @@ For more information see the :ref:`configuration reference ` for more information. -Please note that the shipped image for the PostgreSQL database is fully deprecated now. +Please note that the shipped image for the PostgreSQL database is fully deprecated now. To migrate to the official PostgreSQL image, you can follow our :ref:`migration guide `. @@ -136,7 +438,7 @@ Mailu 1.8 - 2021-08-7 The full 1.8 release is finally ready. There have been some changes in the contributors team. Many people from the contributors team have stepped back due to changed priorities in their life. We are very grateful for all their contributions and hope we will see them back again in the future. -This is the main reason why it took so long for 1.8 to be fully released. +This is the main reason why it took so long for 1.8 to be fully released. Fortunately more people have decided to join the project. Some very nice contributions have been made which will become part of the next 1.9 release. We hope that future Mailu releases will be released more quickly now we have more active contributors again. @@ -184,8 +486,8 @@ Override files are now mounted read-only into the containers. The Dovecot and Po Recreate SECRET_KEY after upgrading ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Improvements have been made to protect again session-fixation attacks. -To be fully protected, it is required to change your SECRET_KEY in Mailu.env after upgrading. +Improvements have been made to protect again session-fixation attacks. +To be fully protected, it is required to change your SECRET_KEY in Mailu.env after upgrading. A new SECRET_KEY is generated when you recreate your docker-compose.yml & mailu.env file via setup.mailu.io. The SECRET_KEY is an uppercase alphanumeric string of length 16. You can manually create such a string via diff --git a/docs/setup.rst b/docs/setup.rst index d98e47e7..1cfda3ae 100644 --- a/docs/setup.rst +++ b/docs/setup.rst @@ -32,7 +32,7 @@ Pick a Mailu version Mailu is shipped in multiple versions. -- ``1.9`` features the most recent stable version for Mailu. This is the +- ``2.0`` features the most recent stable version for Mailu. This is the recommended build for new setups, old setups should migrate when possible. - ``1.0``, ``1.1``, and other version branches feature old versions of Mailu diff --git a/towncrier/2591.feature b/towncrier/2591.feature deleted file mode 100644 index f4868127..00000000 --- a/towncrier/2591.feature +++ /dev/null @@ -1 +0,0 @@ -Adds a button to the roundcube interface that gets you back to the admin interface diff --git a/towncrier/2630.feature b/towncrier/2630.feature deleted file mode 100644 index 29865199..00000000 --- a/towncrier/2630.feature +++ /dev/null @@ -1 +0,0 @@ -Improved IPv6 support diff --git a/towncrier/newsfragments/1231.bugfix b/towncrier/newsfragments/1231.bugfix deleted file mode 100644 index 333ae35f..00000000 --- a/towncrier/newsfragments/1231.bugfix +++ /dev/null @@ -1 +0,0 @@ -Add an option so that emails fetched with fetchmail don't go through the filters (closes #1231) diff --git a/towncrier/newsfragments/1236.bugfix b/towncrier/newsfragments/1236.bugfix deleted file mode 100644 index 307082a3..00000000 --- a/towncrier/newsfragments/1236.bugfix +++ /dev/null @@ -1 +0,0 @@ -Allow '+' in the localpart of email addresses to forward to diff --git a/towncrier/newsfragments/1258.removal b/towncrier/newsfragments/1258.removal deleted file mode 100644 index fe032874..00000000 --- a/towncrier/newsfragments/1258.removal +++ /dev/null @@ -1 +0,0 @@ -Remove POD_ADDRESS_RANGE in favor of SUBNET \ No newline at end of file diff --git a/towncrier/newsfragments/1341.misc b/towncrier/newsfragments/1341.misc deleted file mode 100644 index 53f8df91..00000000 --- a/towncrier/newsfragments/1341.misc +++ /dev/null @@ -1,4 +0,0 @@ -Remove HOST_* variables, use *_ADDRESS everywhere instead. Please note that those should only contain a FQDN (no port number). -Derive a different key for admin/SECRET_KEY; this will invalidate existing sessions -Ensure that rspamd starts after clamav -Only display a single HOSTNAME on the client configuration page diff --git a/towncrier/newsfragments/1363.bugfix b/towncrier/newsfragments/1363.bugfix deleted file mode 100644 index edb198d7..00000000 --- a/towncrier/newsfragments/1363.bugfix +++ /dev/null @@ -1 +0,0 @@ -Do not update the updated_at field of the User model when quota_bytes_used is updated \ No newline at end of file diff --git a/towncrier/newsfragments/1483.bugfix b/towncrier/newsfragments/1483.bugfix deleted file mode 100644 index 16e28f39..00000000 --- a/towncrier/newsfragments/1483.bugfix +++ /dev/null @@ -1 +0,0 @@ -Remove postfix's master.pid on startup if there is no other instance running diff --git a/towncrier/newsfragments/1521.feature b/towncrier/newsfragments/1521.feature deleted file mode 100644 index 73ccf7b8..00000000 --- a/towncrier/newsfragments/1521.feature +++ /dev/null @@ -1,7 +0,0 @@ -Update the webmail images. -Roundcube - - Switch to base image (alpine) - - Switch to php-fpm -SnappyMail - - Switch to base image - - Upgrade php7 to php8. \ No newline at end of file diff --git a/towncrier/newsfragments/1972.feature b/towncrier/newsfragments/1972.feature deleted file mode 100644 index 4efe45c9..00000000 --- a/towncrier/newsfragments/1972.feature +++ /dev/null @@ -1 +0,0 @@ -Implement Header authentication via external proxy diff --git a/towncrier/newsfragments/2099.bugfix b/towncrier/newsfragments/2099.bugfix deleted file mode 100644 index 5c371f0b..00000000 --- a/towncrier/newsfragments/2099.bugfix +++ /dev/null @@ -1 +0,0 @@ -updated Dockerfile to alpine 3.14.3 to address several CVEs diff --git a/towncrier/newsfragments/2117.bugfix b/towncrier/newsfragments/2117.bugfix deleted file mode 100644 index 2fdc332f..00000000 --- a/towncrier/newsfragments/2117.bugfix +++ /dev/null @@ -1,3 +0,0 @@ -The gpg-agent package was missing due to updating to a new debian version. -This fix adds gpg-agent back to the roundcube image. -It is used for the enigmail roundcube plugin. diff --git a/towncrier/newsfragments/2121.misc b/towncrier/newsfragments/2121.misc deleted file mode 100644 index 86fff94d..00000000 --- a/towncrier/newsfragments/2121.misc +++ /dev/null @@ -1 +0,0 @@ -We forgot to include all changes in the CHANGELOG.md file for Mailu 1.9.0. The CHANGELOG.md and towncrier/newsfragments folder has now been updated correctly. diff --git a/towncrier/newsfragments/2124.bugfix b/towncrier/newsfragments/2124.bugfix deleted file mode 100644 index af6fdb77..00000000 --- a/towncrier/newsfragments/2124.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fix CI/CD workflow. Tags were not set to the correct commit hash. \ No newline at end of file diff --git a/towncrier/newsfragments/2125.bugfix b/towncrier/newsfragments/2125.bugfix deleted file mode 100644 index e49b77c4..00000000 --- a/towncrier/newsfragments/2125.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fix a bug preventing mailu from being usable when no webmail is configured diff --git a/towncrier/newsfragments/2127.feature b/towncrier/newsfragments/2127.feature deleted file mode 100644 index dd4951dd..00000000 --- a/towncrier/newsfragments/2127.feature +++ /dev/null @@ -1 +0,0 @@ -Add FETCHMAIL_ENABLED to toggle the fetchmail functionality in the admin interface \ No newline at end of file diff --git a/towncrier/newsfragments/2135.bugfix b/towncrier/newsfragments/2135.bugfix deleted file mode 100644 index 3062c09f..00000000 --- a/towncrier/newsfragments/2135.bugfix +++ /dev/null @@ -1 +0,0 @@ -Enable unbound by default. Mailu now requires a DNSSEC validating DNS resolver and experience has shown that this may not be the default everywhere yet. diff --git a/towncrier/newsfragments/2138.bugfix b/towncrier/newsfragments/2138.bugfix deleted file mode 100644 index 2200dc7a..00000000 --- a/towncrier/newsfragments/2138.bugfix +++ /dev/null @@ -1 +0,0 @@ -Pin the root certificate differently for DANE. If you have setup a TLSA record following previous suggestion from Mailu please update it. diff --git a/towncrier/newsfragments/2139.bugfix b/towncrier/newsfragments/2139.bugfix deleted file mode 100644 index 24aba349..00000000 --- a/towncrier/newsfragments/2139.bugfix +++ /dev/null @@ -1,5 +0,0 @@ -Remove the misleading text in mailu.env that zstd and lz4 are supported for dovecot mail compression. -Zstd and lz4 are not supported. The reason is that the alpine project does not compile this -into the dovecot package. -Users who want this funcionality, can kindly request the alpine project to compile dovecot -with lz4&zstd support. diff --git a/towncrier/newsfragments/2141.bugfix b/towncrier/newsfragments/2141.bugfix deleted file mode 100644 index 2ead7ce3..00000000 --- a/towncrier/newsfragments/2141.bugfix +++ /dev/null @@ -1 +0,0 @@ -Update roundcube to 1.5.2 to fixe an XSS diff --git a/towncrier/newsfragments/2185.doc b/towncrier/newsfragments/2185.doc deleted file mode 100644 index 4b32656b..00000000 --- a/towncrier/newsfragments/2185.doc +++ /dev/null @@ -1 +0,0 @@ -remove the / in the location to avoid http 404 diff --git a/towncrier/newsfragments/2193.bugfix b/towncrier/newsfragments/2193.bugfix deleted file mode 100644 index 11eae963..00000000 --- a/towncrier/newsfragments/2193.bugfix +++ /dev/null @@ -1 +0,0 @@ -matching rainloop php to roundcube's: timezone is a parameter in mailu.env diff --git a/towncrier/newsfragments/2195.bugfix b/towncrier/newsfragments/2195.bugfix deleted file mode 100644 index 5f0616a2..00000000 --- a/towncrier/newsfragments/2195.bugfix +++ /dev/null @@ -1 +0,0 @@ -Added the /overrides directory in the roundcube config.inc.php file diff --git a/towncrier/newsfragments/2196.bugfix b/towncrier/newsfragments/2196.bugfix deleted file mode 100644 index 9f51f577..00000000 --- a/towncrier/newsfragments/2196.bugfix +++ /dev/null @@ -1,2 +0,0 @@ -Configuring pwstore_scheme in carddav plugin with des_key because Mailu is incompatible with encrypted -https://github.com/mstilkerich/rcmcarddav/blob/master/doc/ADMIN-SETTINGS.md#password-storing-scheme diff --git a/towncrier/newsfragments/2199.bugfix b/towncrier/newsfragments/2199.bugfix deleted file mode 100644 index e7ee3fb5..00000000 --- a/towncrier/newsfragments/2199.bugfix +++ /dev/null @@ -1 +0,0 @@ -Switch from DST_ROOT_X3 to ISRG_X1 as alpine is not shipping the former anymore diff --git a/towncrier/newsfragments/2207.bugfix b/towncrier/newsfragments/2207.bugfix deleted file mode 100644 index f448f174..00000000 --- a/towncrier/newsfragments/2207.bugfix +++ /dev/null @@ -1 +0,0 @@ -Will update /etc/nginx/nginx.conf and /etc/nginx/http.d/rainloop.conf in webmail container to support MESSAGE_SIZE_LIMIT \ No newline at end of file diff --git a/towncrier/newsfragments/2210.bugfix b/towncrier/newsfragments/2210.bugfix deleted file mode 100644 index 32c19003..00000000 --- a/towncrier/newsfragments/2210.bugfix +++ /dev/null @@ -1 +0,0 @@ -Add input validation for domain creation diff --git a/towncrier/newsfragments/2211.misc b/towncrier/newsfragments/2211.misc deleted file mode 100644 index 61eb145e..00000000 --- a/towncrier/newsfragments/2211.misc +++ /dev/null @@ -1 +0,0 @@ -Set imap_idle_notify_interval to 29 mins (see rfc2177) to ensure we use IMAP IDLE effectively diff --git a/towncrier/newsfragments/2213.feature b/towncrier/newsfragments/2213.feature deleted file mode 100644 index bc859cb1..00000000 --- a/towncrier/newsfragments/2213.feature +++ /dev/null @@ -1 +0,0 @@ -Create a polite and turtle delivery queue to accommodate destinations that expect emails to be sent slowly diff --git a/towncrier/newsfragments/2214.doc b/towncrier/newsfragments/2214.doc deleted file mode 100644 index e69de29b..00000000 diff --git a/towncrier/newsfragments/2221.feature b/towncrier/newsfragments/2221.feature deleted file mode 100644 index 60795d36..00000000 --- a/towncrier/newsfragments/2221.feature +++ /dev/null @@ -1 +0,0 @@ -Add support for custom NGINX config in /etc/nginx/conf.d. diff --git a/towncrier/newsfragments/2231.bugfix b/towncrier/newsfragments/2231.bugfix deleted file mode 100644 index e710ea6d..00000000 --- a/towncrier/newsfragments/2231.bugfix +++ /dev/null @@ -1 +0,0 @@ -Make public announcement bypass the filters. They may still time-out before being sent if there is a large number of users. diff --git a/towncrier/newsfragments/2239.bugfix b/towncrier/newsfragments/2239.bugfix deleted file mode 100644 index aba78f9a..00000000 --- a/towncrier/newsfragments/2239.bugfix +++ /dev/null @@ -1 +0,0 @@ -Work around a bug in coredns: set the DO flag on our DNSSEC queries. Add a new FAQ entry to explain our DNSSEC requirements and ensure that our error message points to it. diff --git a/towncrier/newsfragments/224.feature b/towncrier/newsfragments/224.feature deleted file mode 100644 index 4200a5da..00000000 --- a/towncrier/newsfragments/224.feature +++ /dev/null @@ -1 +0,0 @@ -Provide auto-configuration files (autodiscover, autoconfig & mobileconfig); Please update your DNS records diff --git a/towncrier/newsfragments/2242.misc b/towncrier/newsfragments/2242.misc deleted file mode 100644 index cc03e55e..00000000 --- a/towncrier/newsfragments/2242.misc +++ /dev/null @@ -1 +0,0 @@ -Make quotas adjustable in 50MiB increments diff --git a/towncrier/newsfragments/2246.bugfix b/towncrier/newsfragments/2246.bugfix deleted file mode 100644 index 92e90ac6..00000000 --- a/towncrier/newsfragments/2246.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fetchmail: Missing support for '*_ADDRESS' env vars diff --git a/towncrier/newsfragments/2249.bugfix b/towncrier/newsfragments/2249.bugfix deleted file mode 100644 index 21cf866e..00000000 --- a/towncrier/newsfragments/2249.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fix broken setup. Not all dependencies were pinned resulting in a broken update being pulled. diff --git a/towncrier/newsfragments/2260.bugfix b/towncrier/newsfragments/2260.bugfix deleted file mode 100644 index a98d2212..00000000 --- a/towncrier/newsfragments/2260.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fix a bug where rspamd may trigger HFILTER_HOSTNAME_UNKNOWN if part of the delivery chain was using ipv6 diff --git a/towncrier/newsfragments/2278.feature b/towncrier/newsfragments/2278.feature deleted file mode 100644 index 1b0a2457..00000000 --- a/towncrier/newsfragments/2278.feature +++ /dev/null @@ -1 +0,0 @@ -Added ability to mark spam mails as read or unread when moving to junk folder. diff --git a/towncrier/newsfragments/2281.bugfix b/towncrier/newsfragments/2281.bugfix deleted file mode 100644 index 5163805b..00000000 --- a/towncrier/newsfragments/2281.bugfix +++ /dev/null @@ -1 +0,0 @@ -Update to Alpine Linux 3.14.4 which contains a security fix for openssl. diff --git a/towncrier/newsfragments/2284.bugfix b/towncrier/newsfragments/2284.bugfix deleted file mode 100644 index d264db89..00000000 --- a/towncrier/newsfragments/2284.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fixed AUTH_RATELIMIT_IP not working on imap/pop3/smtp. \ No newline at end of file diff --git a/towncrier/newsfragments/2295.feature b/towncrier/newsfragments/2295.feature deleted file mode 100644 index e353b692..00000000 --- a/towncrier/newsfragments/2295.feature +++ /dev/null @@ -1 +0,0 @@ -Switch from RainLoop to SnappyMail. SnappyMail has better performance and is more secure. diff --git a/towncrier/newsfragments/2302.bugfix b/towncrier/newsfragments/2302.bugfix deleted file mode 100644 index bcfedc4b..00000000 --- a/towncrier/newsfragments/2302.bugfix +++ /dev/null @@ -1 +0,0 @@ -update alpine linux docker image to version 3.14.5 which includes a security fix for zlib’s CVE-2018-25032. diff --git a/towncrier/newsfragments/2325.bugfix b/towncrier/newsfragments/2325.bugfix deleted file mode 100644 index ff42224e..00000000 --- a/towncrier/newsfragments/2325.bugfix +++ /dev/null @@ -1 +0,0 @@ -postfix: wrap IPv6 CIDRs in square brackets for RELAYNETS diff --git a/towncrier/newsfragments/2328.feature b/towncrier/newsfragments/2328.feature deleted file mode 100644 index f0d6eea7..00000000 --- a/towncrier/newsfragments/2328.feature +++ /dev/null @@ -1 +0,0 @@ -Configurable default spam threshold used for new users diff --git a/towncrier/newsfragments/2338.misc b/towncrier/newsfragments/2338.misc deleted file mode 100644 index 70d895e0..00000000 --- a/towncrier/newsfragments/2338.misc +++ /dev/null @@ -1 +0,0 @@ -Don't send the `X-XSS-Protection` http header anymore. \ No newline at end of file diff --git a/towncrier/newsfragments/2346.bugfix b/towncrier/newsfragments/2346.bugfix deleted file mode 100644 index 9feac519..00000000 --- a/towncrier/newsfragments/2346.bugfix +++ /dev/null @@ -1 +0,0 @@ -Disable the built-in nginx resolver for traffic going through the mail plugin. This will silence errors about DNS resolution when the connecting host has no rDNS. diff --git a/towncrier/newsfragments/2357.misc b/towncrier/newsfragments/2357.misc deleted file mode 100644 index 2b64501d..00000000 --- a/towncrier/newsfragments/2357.misc +++ /dev/null @@ -1 +0,0 @@ -Switch to ffdhe3072, the "nothing up my sleeves" group defined in RFC 7919. diff --git a/towncrier/newsfragments/2368.bugfix b/towncrier/newsfragments/2368.bugfix deleted file mode 100644 index 54c29c48..00000000 --- a/towncrier/newsfragments/2368.bugfix +++ /dev/null @@ -1,3 +0,0 @@ -Re-enable the built-in nginx resolver for traffic going through the mail plugin. -This is required for passing rDNS/ptr information to postfix. -Without this rspamd will flag all messages with DHFILTER_HOSTNAME_UNKNOWN due to the missing rDNS/ptr info. \ No newline at end of file diff --git a/towncrier/newsfragments/2372.feature b/towncrier/newsfragments/2372.feature deleted file mode 100644 index ec2c5bef..00000000 --- a/towncrier/newsfragments/2372.feature +++ /dev/null @@ -1 +0,0 @@ -Create a GUI for WILDCARD_SENDERS diff --git a/towncrier/newsfragments/2383.misc b/towncrier/newsfragments/2383.misc deleted file mode 100644 index edcc9a9a..00000000 --- a/towncrier/newsfragments/2383.misc +++ /dev/null @@ -1,9 +0,0 @@ -Switch from docker build to buildx for CI/CD. -- The main workflow file has been optimised and simplified. -- Images are built in parallel when building locally resulting in faster build times. -- The github action workflow is about 50% faster. -- Arm images are built as well. These images are not tested due to restrictions of github actions (no arm runners). The tags of the images have -arm appended to it. -- Arm images can also be built locally. -- Reusable workflow is introduced for building, testing and deploying the images. - This allows the workflow to be reused for other purposes in the future. -- Workflow can be manually triggered. This allows forked Mailu projects to also use the workflow for building images. diff --git a/towncrier/newsfragments/2388.bugfix b/towncrier/newsfragments/2388.bugfix deleted file mode 100644 index aa815072..00000000 --- a/towncrier/newsfragments/2388.bugfix +++ /dev/null @@ -1 +0,0 @@ -Roundcube overrides now also include .inc.php files. Only .inc.php should be used moving forward. diff --git a/towncrier/newsfragments/2402.bugfix b/towncrier/newsfragments/2402.bugfix deleted file mode 100644 index 04bd48ee..00000000 --- a/towncrier/newsfragments/2402.bugfix +++ /dev/null @@ -1 +0,0 @@ -Forwarding emails user setting did not support 1 letter domains. diff --git a/towncrier/newsfragments/2415.bugfix b/towncrier/newsfragments/2415.bugfix deleted file mode 100644 index f0238252..00000000 --- a/towncrier/newsfragments/2415.bugfix +++ /dev/null @@ -1,2 +0,0 @@ -Update roundcube to 1.5.3 -Update rcmcarddav plugin to 4.4.2 diff --git a/towncrier/newsfragments/2429.feature b/towncrier/newsfragments/2429.feature deleted file mode 100644 index b4a6270a..00000000 --- a/towncrier/newsfragments/2429.feature +++ /dev/null @@ -1 +0,0 @@ -Prevent signups with accounts for which an SQL-LIKE alias exists. diff --git a/towncrier/newsfragments/2432.bugfix b/towncrier/newsfragments/2432.bugfix deleted file mode 100644 index 66144b14..00000000 --- a/towncrier/newsfragments/2432.bugfix +++ /dev/null @@ -1 +0,0 @@ -Switch from mysqlclient to mysql-connector explicitely diff --git a/towncrier/newsfragments/2447.bugfix b/towncrier/newsfragments/2447.bugfix deleted file mode 100644 index 331afba0..00000000 --- a/towncrier/newsfragments/2447.bugfix +++ /dev/null @@ -1 +0,0 @@ -Enable rspamd's autolearn feature to ensure that its bayes classifier has enough HAM to make it usable. Previously the bayes module would never work unless some HAM had been learnt manually. diff --git a/towncrier/newsfragments/2449.feature b/towncrier/newsfragments/2449.feature deleted file mode 100644 index 06b9d867..00000000 --- a/towncrier/newsfragments/2449.feature +++ /dev/null @@ -1 +0,0 @@ -Introduce TLS_PERMISSIVE, a new advanced setting to harden cipher configuration on port 25. Changing the default is strongly discouraged, please read the documentation before doing so. diff --git a/towncrier/newsfragments/2451.bugfix b/towncrier/newsfragments/2451.bugfix deleted file mode 100644 index d7e821ea..00000000 --- a/towncrier/newsfragments/2451.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fix a bug preventing users without IMAP access to access the webmails diff --git a/towncrier/newsfragments/2467.bugfix b/towncrier/newsfragments/2467.bugfix deleted file mode 100644 index 66738a89..00000000 --- a/towncrier/newsfragments/2467.bugfix +++ /dev/null @@ -1 +0,0 @@ -Ensure that Mailu keeps working even if it can't obtain a certificate from letsencrypt for one of the HOSTNAMES diff --git a/towncrier/newsfragments/2475.feature b/towncrier/newsfragments/2475.feature deleted file mode 100644 index d5340380..00000000 --- a/towncrier/newsfragments/2475.feature +++ /dev/null @@ -1 +0,0 @@ -Upgrade the anti-spoofing rule. We shouldn't assume that Mailu is the only MTA allowed to send emails on behalf of the domains it hosts... but we should also ensure that both the envelope from and header from are checked. diff --git a/towncrier/newsfragments/2485.bugfix b/towncrier/newsfragments/2485.bugfix deleted file mode 100644 index 2e12fe89..00000000 --- a/towncrier/newsfragments/2485.bugfix +++ /dev/null @@ -1 +0,0 @@ -Quote SMTP SIZE to avoid splitting keyword and parameter in EHLO response diff --git a/towncrier/newsfragments/2497.bugfix b/towncrier/newsfragments/2497.bugfix deleted file mode 100644 index 67752060..00000000 --- a/towncrier/newsfragments/2497.bugfix +++ /dev/null @@ -1 +0,0 @@ -Upgrade to alpine 3.16.2 diff --git a/towncrier/newsfragments/2498.feature b/towncrier/newsfragments/2498.feature deleted file mode 100644 index 961b6a84..00000000 --- a/towncrier/newsfragments/2498.feature +++ /dev/null @@ -1 +0,0 @@ -Implement the required glue to make "doveadm -A" work diff --git a/towncrier/newsfragments/2500.feature b/towncrier/newsfragments/2500.feature deleted file mode 100644 index 3c37934e..00000000 --- a/towncrier/newsfragments/2500.feature +++ /dev/null @@ -1 +0,0 @@ -Implement a minimum length for passwords of 8 characters. Check passwords upon login against HaveIBeenPwned and warn users if their passwords are compromised. diff --git a/towncrier/newsfragments/2510.feature b/towncrier/newsfragments/2510.feature deleted file mode 100644 index a6ad675b..00000000 --- a/towncrier/newsfragments/2510.feature +++ /dev/null @@ -1 +0,0 @@ -Implement OLETools and block bad macros in office documents diff --git a/towncrier/newsfragments/2511.misc b/towncrier/newsfragments/2511.misc deleted file mode 100644 index b584e3c4..00000000 --- a/towncrier/newsfragments/2511.misc +++ /dev/null @@ -1 +0,0 @@ -Block executable file formats by default. Ask your users to zip them up if required. diff --git a/towncrier/newsfragments/2512.bugfix b/towncrier/newsfragments/2512.bugfix deleted file mode 100644 index b1b6aa99..00000000 --- a/towncrier/newsfragments/2512.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fix: include start and end dates in the auto-reply period \ No newline at end of file diff --git a/towncrier/newsfragments/2525.feature b/towncrier/newsfragments/2525.feature deleted file mode 100644 index 634733c7..00000000 --- a/towncrier/newsfragments/2525.feature +++ /dev/null @@ -1 +0,0 @@ -Switch to GrapheneOS's hardened_malloc diff --git a/towncrier/newsfragments/2526.misc b/towncrier/newsfragments/2526.misc deleted file mode 100644 index 9425e88a..00000000 --- a/towncrier/newsfragments/2526.misc +++ /dev/null @@ -1 +0,0 @@ -Upgrade Snappymail to 2.21 and merge the webmail containers diff --git a/towncrier/newsfragments/2533.misc b/towncrier/newsfragments/2533.misc deleted file mode 100644 index af1b88a2..00000000 --- a/towncrier/newsfragments/2533.misc +++ /dev/null @@ -1,17 +0,0 @@ -Introduce SQLAlchemy database uris for configuring the admin and roundcube database. -Remove the database configuration option from the setup utility. Using a different -database system than SQLite is not necessary for Mailu. The Mailu database generally -contains static data. - -The usage of the *DB_* environment variables is deprecated now. -They can still be used in the release after Mailu 1.9, but will be removed -after that version. This means it will be removed from master after the upcoming -Mailu release. - -To start using the new environment variables, all *DB_* environment variables must be changed to: -SQLALCHEMY_DATABASE_URI= -SQLALCHEMY_DATABASE_URI_ROUNDCUBE= - -If no URI is specified, SQLite is used with these settings: -SQLALCHEMY_DATABASE_URI=sqlite:////data/main.db -SQLALCHEMY_DATABASE_URI_ROUNDCUBE=sqlite:////data/roundcube.db diff --git a/towncrier/newsfragments/2539.misc b/towncrier/newsfragments/2539.misc deleted file mode 100644 index 10e3954e..00000000 --- a/towncrier/newsfragments/2539.misc +++ /dev/null @@ -1 +0,0 @@ -Upgrade to Alpine 3.16.3; Make setup, admin and rspamd run without root privs. Please ensure that your folder overrides/rspamd is owned by 1000:1000 diff --git a/towncrier/newsfragments/2550.misc b/towncrier/newsfragments/2550.misc deleted file mode 100644 index fcd5dacf..00000000 --- a/towncrier/newsfragments/2550.misc +++ /dev/null @@ -1 +0,0 @@ -Add Snuffleupagus to protect webmails (a Suhosin replacement) diff --git a/towncrier/newsfragments/2555.feature b/towncrier/newsfragments/2555.feature deleted file mode 100644 index 003d39da..00000000 --- a/towncrier/newsfragments/2555.feature +++ /dev/null @@ -1,15 +0,0 @@ -New override system for Rspamd. In the old system, all files were placed in the Rspamd overrides folder. -These overrides would override everything, including the Mailu Rspamd config. - -Now overrides are placed in /overrides. -If you use your own map files, change the location to /override/myMapFile.map in the corresponding conf file. -It works as following. -* If the override file overrides a Mailu defined config file, - it will be included in the Mailu config file with lowest priority. - It will merge with existing sections. -* If the override file does not override a Mailu defined config file, - then the file will be placed in the rspamd local.d folder. - It will merge with existing sections. - -For more information, see the description of the local.d folder on the rspamd website: -https://www.rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories diff --git a/towncrier/newsfragments/2566.misc b/towncrier/newsfragments/2566.misc deleted file mode 100644 index 8a682118..00000000 --- a/towncrier/newsfragments/2566.misc +++ /dev/null @@ -1,2 +0,0 @@ -Remove the ability to delete users via the webui; Disable them instead. -For more information on deleting users see the entry "How to delete users" in the FAQ. diff --git a/towncrier/newsfragments/2570.misc b/towncrier/newsfragments/2570.misc deleted file mode 100644 index ec31181e..00000000 --- a/towncrier/newsfragments/2570.misc +++ /dev/null @@ -1 +0,0 @@ -Upgrade to Alpine 3.17.0 diff --git a/towncrier/newsfragments/2577.misc b/towncrier/newsfragments/2577.misc deleted file mode 100644 index a9c467cf..00000000 --- a/towncrier/newsfragments/2577.misc +++ /dev/null @@ -1 +0,0 @@ -Autofocus the login form on /sso/login diff --git a/towncrier/newsfragments/2594.feature b/towncrier/newsfragments/2594.feature deleted file mode 100644 index 57a53b3d..00000000 --- a/towncrier/newsfragments/2594.feature +++ /dev/null @@ -1 +0,0 @@ -Drop postfix rsyslog localhost messages with IPv6 address \ No newline at end of file diff --git a/towncrier/newsfragments/2601.bugfix b/towncrier/newsfragments/2601.bugfix deleted file mode 100644 index cae03015..00000000 --- a/towncrier/newsfragments/2601.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fix creation of deep structures using import in update mode diff --git a/towncrier/newsfragments/2603.bugfix b/towncrier/newsfragments/2603.bugfix deleted file mode 100644 index 7fdb9ef2..00000000 --- a/towncrier/newsfragments/2603.bugfix +++ /dev/null @@ -1 +0,0 @@ -Speak HAPROXY protocol in between front and smtp and front and imap. This ensures the backend is aware of the real client IP and whether TLS was used. diff --git a/towncrier/newsfragments/2605.misc b/towncrier/newsfragments/2605.misc deleted file mode 100644 index aec69c5c..00000000 --- a/towncrier/newsfragments/2605.misc +++ /dev/null @@ -1 +0,0 @@ -Reduce the SSL session caches from 50m each to 3m each. This should be good for 12k sessions (within 1day) for each cache and will help reduce memory usage. diff --git a/towncrier/newsfragments/2606.misc b/towncrier/newsfragments/2606.misc deleted file mode 100644 index a4333c8e..00000000 --- a/towncrier/newsfragments/2606.misc +++ /dev/null @@ -1 +0,0 @@ -Modify the healtchecks to make them disapear from the logs. diff --git a/towncrier/newsfragments/2608.fix b/towncrier/newsfragments/2608.fix deleted file mode 100644 index 850e647c..00000000 --- a/towncrier/newsfragments/2608.fix +++ /dev/null @@ -1 +0,0 @@ -Don't talk haproxy to postfix yet. diff --git a/towncrier/newsfragments/2613.feature b/towncrier/newsfragments/2613.feature deleted file mode 100644 index 453f59a3..00000000 --- a/towncrier/newsfragments/2613.feature +++ /dev/null @@ -1 +0,0 @@ -Isolate radicale and webmail on their own network. This ensures they don't have privileged access to any of the other containers. diff --git a/towncrier/newsfragments/2618.misc b/towncrier/newsfragments/2618.misc deleted file mode 100644 index bb1d340a..00000000 --- a/towncrier/newsfragments/2618.misc +++ /dev/null @@ -1 +0,0 @@ -Upgrade to snuffleupagus 0.9.0 diff --git a/towncrier/newsfragments/2633.bugfix b/towncrier/newsfragments/2633.bugfix deleted file mode 100644 index 6831764e..00000000 --- a/towncrier/newsfragments/2633.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fix a bug introduced in master whereby anything locally generated (sieve, autoresponder, ...) would be blocked by the anti-spoofing rules diff --git a/towncrier/newsfragments/2634.misc b/towncrier/newsfragments/2634.misc deleted file mode 100644 index e018497a..00000000 --- a/towncrier/newsfragments/2634.misc +++ /dev/null @@ -1 +0,0 @@ -Upgrade webmails: snappymail to 2.25.0, roundcube to 1.6.1 and carddav to 5.0.1 diff --git a/towncrier/newsfragments/2635.bugfix b/towncrier/newsfragments/2635.bugfix deleted file mode 100644 index 7c7a3f15..00000000 --- a/towncrier/newsfragments/2635.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fix sieve/out of office replies by adding SUBNET to rspamd's local_networks diff --git a/towncrier/newsfragments/2636.enhancement b/towncrier/newsfragments/2636.enhancement deleted file mode 100644 index 169c213e..00000000 --- a/towncrier/newsfragments/2636.enhancement +++ /dev/null @@ -1 +0,0 @@ -Upgrade to alpine 3.17.1 diff --git a/towncrier/newsfragments/2640.bugfix b/towncrier/newsfragments/2640.bugfix deleted file mode 100644 index a8da8a2c..00000000 --- a/towncrier/newsfragments/2640.bugfix +++ /dev/null @@ -1 +0,0 @@ -Uses the correct From address (instead of an SRS alias) in the sieve/vacation module diff --git a/towncrier/newsfragments/2644.misc b/towncrier/newsfragments/2644.misc deleted file mode 100644 index 8a20b39b..00000000 --- a/towncrier/newsfragments/2644.misc +++ /dev/null @@ -1 +0,0 @@ -Implement de-dupplication on rate limits. Now only attempts for distinct usernames will count as a hit. diff --git a/towncrier/newsfragments/2650.bugfix b/towncrier/newsfragments/2650.bugfix deleted file mode 100644 index 0e2ea011..00000000 --- a/towncrier/newsfragments/2650.bugfix +++ /dev/null @@ -1 +0,0 @@ -Tell roundcube to use UTF8 instead of 'UTF7-IMAP' when creating sieve scripts. diff --git a/towncrier/newsfragments/2653.feature b/towncrier/newsfragments/2653.feature deleted file mode 100644 index 429480aa..00000000 --- a/towncrier/newsfragments/2653.feature +++ /dev/null @@ -1,12 +0,0 @@ -Provide a changelog for minor releases. The github release will now: -* Provide the changelog message from the newsfragment of the PR that triggered the backport. -* Provide a github link to the PR/issue of the PR that was backported. - -Switch to building multi-arch images. The images build for pull requests, master and production -are now multi-arch images for the architectures: -* linux/amd64 -* linux/arm64/v8 -* linux/arm/v7 - -Enhance CI/CD workflow with retry functionality. All steps for building images are now automatically -retried. If a build temporarily fails due to a network error, the retried step will still succeed. \ No newline at end of file diff --git a/towncrier/newsfragments/2660.misc b/towncrier/newsfragments/2660.misc deleted file mode 100644 index 80905f3d..00000000 --- a/towncrier/newsfragments/2660.misc +++ /dev/null @@ -1 +0,0 @@ -Change the instructions on how to setup fail2ban diff --git a/towncrier/newsfragments/2666.misc b/towncrier/newsfragments/2666.misc deleted file mode 100644 index 6cd065a6..00000000 --- a/towncrier/newsfragments/2666.misc +++ /dev/null @@ -1 +0,0 @@ -Upgrade to alpine 3.17.2 diff --git a/towncrier/newsfragments/2676.feature b/towncrier/newsfragments/2676.feature deleted file mode 100644 index f2999c97..00000000 --- a/towncrier/newsfragments/2676.feature +++ /dev/null @@ -1 +0,0 @@ -Add Czech translation for web administration interface. diff --git a/towncrier/newsfragments/2692.misc b/towncrier/newsfragments/2692.misc deleted file mode 100644 index 9342c06b..00000000 --- a/towncrier/newsfragments/2692.misc +++ /dev/null @@ -1,7 +0,0 @@ -Make the login page "guess" where the user wants to land. -This means that requests for /admin result in a login page that always redirects to admin. -Requests for /webmail results in a login page that redirects the user being logged in to webmail. -You can still access / (https://mydomain/) or /sso/login, to access the login page with both login buttons. - -Introduce AUTH_PROXY_LOGOUT_URL to redirect users to a specific URL after they have been logged-out -Retire /sso/proxy and merge it in /sso/login diff --git a/towncrier/newsfragments/2693.bugfix b/towncrier/newsfragments/2693.bugfix deleted file mode 100644 index f299a25e..00000000 --- a/towncrier/newsfragments/2693.bugfix +++ /dev/null @@ -1 +0,0 @@ -Tweak the snuffleupagus rules to make roundcube's caldav work diff --git a/towncrier/newsfragments/2698.misc b/towncrier/newsfragments/2698.misc deleted file mode 100644 index 28311ff6..00000000 --- a/towncrier/newsfragments/2698.misc +++ /dev/null @@ -1 +0,0 @@ -Upgrade snappymail to 2.26.4 diff --git a/towncrier/newsfragments/2704.misc b/towncrier/newsfragments/2704.misc deleted file mode 100644 index 14983077..00000000 --- a/towncrier/newsfragments/2704.misc +++ /dev/null @@ -1,10 +0,0 @@ -Switch the container registry used for deploying images from docker.io -to ghcr.io (github). - -To start using ghcr.io, regenerate your docker-compose.yml file via setup.mailu.io. - -For Mailu 1.9 users: -1. docker-compose down. -2. create the file .env in the same folder as docker-compose.yml with the following contents: -DOCKER_ORG=ghcr.io/mailu -3. docker-compose up -d diff --git a/towncrier/newsfragments/2708.bugfix b/towncrier/newsfragments/2708.bugfix deleted file mode 100644 index 8b25338d..00000000 --- a/towncrier/newsfragments/2708.bugfix +++ /dev/null @@ -1,3 +0,0 @@ -Proxy authentication was using the real client ip instead of the proxy -IP for checking the PROXY_AUTH_WHITELIST. - diff --git a/towncrier/newsfragments/2717.feature b/towncrier/newsfragments/2717.feature deleted file mode 100644 index 82086fc1..00000000 --- a/towncrier/newsfragments/2717.feature +++ /dev/null @@ -1 +0,0 @@ -Allow inbound to http and mail ports to accept the PROXY protocol diff --git a/towncrier/newsfragments/445.feature b/towncrier/newsfragments/445.feature deleted file mode 100644 index 7cb94079..00000000 --- a/towncrier/newsfragments/445.feature +++ /dev/null @@ -1,2 +0,0 @@ -Introduction of the Mailu RESTful API. The full Mailu config can be changed via the Mailu API. -See the section Mailu RESTful API & the section configuration reference in the documentation for more information. \ No newline at end of file diff --git a/towncrier/newsfragments/711.feature b/towncrier/newsfragments/711.feature deleted file mode 100644 index aa605aa2..00000000 --- a/towncrier/newsfragments/711.feature +++ /dev/null @@ -1 +0,0 @@ -Allow other folders to be synced by fetchmail