mirror of
https://github.com/optim-enterprises-bv/Mailu.git
synced 2025-12-28 10:44:50 +00:00
fc1a663da2
1754: centralize Webmail authentication behind the admin panel (SSO) r=mergify[bot] a=nextgens ## What type of PR? Enhancement: it centralizes the authentication of webmails to the admin interface. ## What does this PR do? It implements the glue required for webmails to do SSO using the admin interface. One of the main advantages of centralizing things this way is that it reduces significantly the attack surface available to an unauthenticated attacker (no webmail access until there is a valid Flask session). Others include the ability to implement 2FA down the line and rate-limit things as required. ### Related issue(s) - #783 ## Prerequistes Before we can consider review and merge, please make sure the following list is done and checked. If an entry in not applicable, you can check it or remove it from the list. - [x] In case of feature or enhancement: documentation updated accordingly - [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file. Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
143 lines
3.7 KiB
Bash
143 lines
3.7 KiB
Bash
# Mailu main configuration file
|
|
#
|
|
# Generated for compose flavor
|
|
#
|
|
# This file is autogenerated by the configuration management wizard.
|
|
# For a detailed list of configuration variables, see the documentation at
|
|
# https://mailu.io
|
|
|
|
###################################
|
|
# Common configuration variables
|
|
###################################
|
|
|
|
# Set this to the path where Mailu data and configuration is stored
|
|
# This variable is now set directly in `docker-compose.yml by the setup utility
|
|
# ROOT=/mailu
|
|
|
|
# Mailu version to run (1.0, 1.1, etc. or master)
|
|
#VERSION=master
|
|
|
|
# Set to a randomly generated 16 bytes string
|
|
SECRET_KEY=V5J4SHRYVW9PZIQU
|
|
|
|
# Address where listening ports should bind
|
|
# This variables are now set directly in `docker-compose.yml by the setup utility
|
|
# PUBLIC_IPV4= 127.0.0.1 (default: 127.0.0.1)
|
|
# PUBLIC_IPV6= (default: ::1)
|
|
|
|
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
|
|
SUBNET=192.168.203.0/24
|
|
|
|
# Main mail domain
|
|
DOMAIN=mailu.io
|
|
|
|
# Hostnames for this server, separated with comas
|
|
HOSTNAMES=localhost
|
|
|
|
# Postmaster local part (will append the main mail domain)
|
|
POSTMASTER=admin
|
|
|
|
# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
|
|
TLS_FLAVOR=cert
|
|
|
|
# Authentication rate limit (per source IP address)
|
|
AUTH_RATELIMIT=10/minute;1000/hour
|
|
|
|
# Opt-out of statistics, replace with "True" to opt out
|
|
DISABLE_STATISTICS=False
|
|
|
|
###################################
|
|
# Optional features
|
|
###################################
|
|
|
|
# Expose the admin interface (value: true, false)
|
|
ADMIN=false
|
|
|
|
# Choose which webmail to run if any (values: roundcube, rainloop, none)
|
|
WEBMAIL=rainloop
|
|
|
|
# Dav server implementation (value: radicale, none)
|
|
WEBDAV=none
|
|
|
|
# Antivirus solution (value: clamav, none)
|
|
#ANTIVIRUS=none
|
|
|
|
#Antispam solution
|
|
ANTISPAM=none
|
|
|
|
###################################
|
|
# Mail settings
|
|
###################################
|
|
|
|
# Message size limit in bytes
|
|
# Default: accept messages up to 50MB
|
|
MESSAGE_SIZE_LIMIT=50000000
|
|
|
|
# Networks granted relay permissions
|
|
# Use this with care, all hosts in this networks will be able to send mail without authentication!
|
|
RELAYNETS=
|
|
|
|
# Will relay all outgoing mails if configured
|
|
RELAYHOST=
|
|
|
|
# Fetchmail delay
|
|
FETCHMAIL_DELAY=600
|
|
|
|
# Recipient delimiter, character used to delimiter localpart from custom address part
|
|
RECIPIENT_DELIMITER=+
|
|
|
|
# DMARC rua and ruf email
|
|
DMARC_RUA=admin
|
|
DMARC_RUF=admin
|
|
|
|
|
|
# Maildir Compression
|
|
# choose compression-method, default: none (value: gz, bz2, lz4, zstd)
|
|
COMPRESSION=
|
|
# change compression-level, default: 6 (value: 1-9)
|
|
COMPRESSION_LEVEL=
|
|
|
|
###################################
|
|
# Web settings
|
|
###################################
|
|
|
|
# Path to the admin interface if enabled
|
|
WEB_ADMIN=/admin
|
|
|
|
# Path to the webmail if enabled
|
|
WEB_WEBMAIL=/webmail
|
|
|
|
# Website name
|
|
SITENAME=Mailu
|
|
|
|
# Linked Website URL
|
|
WEBSITE=https://mailu.io
|
|
|
|
|
|
|
|
###################################
|
|
# Advanced settings
|
|
###################################
|
|
|
|
# Log driver for front service. Possible values:
|
|
# json-file (default)
|
|
# journald (On systemd platforms, useful for Fail2Ban integration)
|
|
# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!)
|
|
# LOG_DRIVER=json-file
|
|
|
|
# Docker-compose project name, this will prepended to containers names.
|
|
COMPOSE_PROJECT_NAME=mailu
|
|
|
|
# Default password scheme used for newly created accounts and changed passwords
|
|
# (value: PBKDF2, BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT)
|
|
PASSWORD_SCHEME=PBKDF2
|
|
|
|
# Header to take the real ip from
|
|
REAL_IP_HEADER=
|
|
|
|
# IPs for nginx set_real_ip_from (CIDR list separated by commas)
|
|
REAL_IP_FROM=
|
|
|
|
# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
|
|
REJECT_UNLISTED_RECIPIENT=
|