andryyy
99ab945ae2
[Web] Important: Do not allow API actions with r/o session key, THANKS TO Samuel Oosterholt
2021-05-20 15:51:52 +02:00
andryyy
8e38adf2f6
[Web] Fix transport check for IPv6 addresses, thanks to marekschneider
2021-05-20 11:35:01 +02:00
andryyy
423ccb9ba9
[Web] Fix XSS in app password names
2021-05-07 14:49:21 +02:00
andryyy
af57a5312b
[Web] Update composer libs, fixes PHPMailer security issue
2021-05-04 20:46:05 +02:00
andryyy
0e307e8ffe
[Web] Add TLS 1.3 to XMPP site, should fix #4064
2021-04-18 20:55:29 +02:00
andryyy
eb1d5dd134
[Web] Remove debugging points
2021-04-18 12:53:59 +02:00
Loïc Beurlet
995f135ff1
[Web] Fix password check typo from 19843cc
( #4056 )
2021-04-15 08:44:45 +02:00
andryyy
19843cc786
[Web] Fix mailbox editing when password is unchanged, fix adding new administrator ( fixes #4054 , fixes #4053 ); [Web] Update libs, add LDAP for future admin/domain admin authentication
2021-04-13 21:34:47 +02:00
andryyy
5ea649b292
[Web] Feature: Add password policy
2021-04-09 13:46:17 +02:00
andryyy
616226be8a
[Web] Fix quota calculation, fixes #4036
2021-04-08 11:17:27 +02:00
andryyy
c23f9437af
[Web] WIP: Add BSI CA
2021-04-07 21:29:28 +02:00
andryyy
dd198747b7
[Web] Use api/v1/get/mailbox/reduced for faster loading of mailbox table
2021-03-19 16:33:50 +01:00
andryyy
b82bf5073b
[Web] Feature: Expand alias over alias domains
2021-03-19 09:28:45 +01:00
andryyy
a3c6c51b35
[Web] Feature: Expand alias over alias domains
2021-03-19 09:11:55 +01:00
andryyy
851f575384
Merge branch 'master' of github.com:mailcow/mailcow-dockerized
2021-03-13 12:38:06 +01:00
andryyy
b3e3ab2e61
[Web] Allow to specify transport test rcpt
2021-03-13 12:37:24 +01:00
Shea Ramage
4feceb08da
Refactor support for pre-hashed passwords ( #4024 )
2021-03-10 21:06:32 +01:00
andryyy
0b19c77cdc
[Web] Fix textarea number width > 999
...
[Web] Do not create 2M session file when saving large Rspamd global filter maps (thanks @Drago)
[Web] Do not cache content of Rspamd global filter maps
2021-03-08 12:36:23 +01:00
andryyy
6b3ea28501
[Web] Minor fixes
2021-03-01 10:21:26 +01:00
andryyy
64264767d7
[Web] Fix quota-left calculations when editing a mailbox (respect max domain quota)
2021-02-23 08:42:04 +01:00
Frederick Nicklas Ambo Eggert Eggertsen
6840a1665d
[Web] Danish lang. 🇩🇰 ( #3971 )
...
Create Danish lang
2021-02-19 18:23:08 +01:00
andryyy
22402a274b
[Web] Require Docker functions for xmpp config reload
2021-02-16 21:41:55 +01:00
andryyy
11a858a7fd
[Web] Add Trustkey CA for WebAuthn
2021-02-16 21:33:46 +01:00
andryyy
666d344322
[Web] Remove XMPP site when disabling XMPP
2021-02-14 21:33:43 +01:00
andryyy
d67dc55293
[Nginx] Be more explicit with server names
2021-02-13 18:21:32 +01:00
andryyy
8c6b512f05
[mailcow] Move ejabberd site to last available site
2021-02-12 19:26:49 +01:00
andryyy
63160890e0
[Web] Fix XMPP site #2
2021-02-12 12:10:49 +01:00
andryyy
ee87e4ab77
[Web] Fix XMPP site
2021-02-12 11:50:46 +01:00
andryyy
5809e5b82e
[mailcow] Fix C22 -> C2S
2021-02-12 11:22:43 +01:00
andryyy
f2453e316f
[Ejabberd] More fixes for Ejabberd integration (WIP)
2021-02-12 10:04:19 +01:00
andryyy
04bd21663c
[Web] Minor fixes
2021-02-11 14:41:00 +01:00
andryyy
386d6109c8
Merge branch 'master' of github.com:mailcow/mailcow-dockerized
2021-02-11 09:36:18 +01:00
andryyy
06c89bac7d
[Web] Implement XMPP
...
[Web] Various small fixes and enhancements
2021-02-11 09:34:21 +01:00
Felix Kaechele
31805f1656
[Web] Implement all supported dovecot password schemas ( #3974 )
...
When migrating from other Dovecot based installations it can be very
convenient to just copy over existing hashed passwords.
However, mailcow currently only supports a limited number of password
schemes.
This commit implements all password schemes that do not require
challenge/response or OTP mechanisms.
A convenient way to generate the regex with all supported schemas is
`docker-compose exec dovecot-mailcow doveadm pw -l | awk -F' ' '{printf
"/^{("; for(i=1;i<=NF-1;i++){printf "%s%s", sep, $i; sep="|"}; printf
")}/i\n"}'`
Note that this will also include unsupported challenge/response and OTP
schemas.
Furthermore this increases the vsz_limit for the dovecot auth service to
2G for the use of ARGON2I and ARGON2ID schemas.
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2021-02-11 09:31:53 +01:00
andryyy
6f14955b69
[Web] Fix U2F file
2021-01-04 16:48:07 +01:00
andryyy
ee6989bd1d
[Web] Update libs
2021-01-04 11:11:04 +01:00
andryyy
e676617f00
[Web] Fix duplicate file extension on shortened filenames
2020-12-29 15:20:46 +01:00
andryyy
75da1c6f20
[Web] Fix attachment download, thanks to Drago
2020-12-09 13:21:29 +01:00
andryyy
a76d5628bc
[Web] Accept prehashes password on both edit and add mailbox
2020-12-07 08:13:26 +01:00
andryyy
3b1a87f9a7
[Web] Accept raw SSHA hashes as passwords
2020-12-07 08:07:41 +01:00
andryyy
02b10b0ed4
[Web] Add SSHA
2020-12-07 07:58:50 +01:00
MangoCubes
ed0cd876f4
[Web] Korean translation ( #3885 )
...
* Template
* ACL translation almost done
* Update lang.ko.json
* Update lang.ko.json
* Update lang.ko.json
* Update lang.ko.json
* Update lang.ko.json
* Update lang.ko.json
* Update lang.ko.json
* Update lang.ko.json
* Update lang.ko.json
* Update lang.ko.json
* Update lang.ko.json
* Update lang.ko.json
* Update lang.ko.json
* Update lang.ko.json
* Update lang.ko.json
* Update lang.ko.json
* Update lang.ko.json
* Update lang.ko.json
* Update lang.ko.json
* Update lang.ko.json
* Update vars.inc.php
2020-12-03 22:35:28 +01:00
andryyy
fa979456a7
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2020-12-03 16:43:15 +01:00
andryyy
da3fc31500
[Web] Fix Rspamd symbols in quarantine overview
2020-12-03 16:43:09 +01:00
Joerg Lehmann
bcffebaabe
support pre-hashed passwords ( #3884 )
2020-12-02 20:32:39 +01:00
Balázs Dura-Kovács
dd1b25fa61
[Web] Optional HTML in system mails ( #3879 )
...
* HTML in system mails
* Update functions.inc.php
* Update functions.inc.php
Co-authored-by: André Peters <andre.peters@debinux.de>
2020-11-30 07:43:48 +01:00
andryyy
ba20db2e08
[Web] Allow a user to choose notification categories (junk folder, rejected mail, both/all) + user ACL
2020-11-28 17:41:48 +01:00
andryyy
752efa2188
[Web] Fix container ctrl session
2020-11-27 21:20:46 +01:00
andryyy
8d05d4a51d
[Web] Cleanup Rspamd, other fixes
2020-11-25 16:10:33 +01:00
andryyy
4a355f242f
[Web] Some fido2 fixes, table view for fido2 keys, fix renaming keys with the same subject
2020-11-17 13:38:28 +01:00
andryyy
2aee906704
[Web] FIDO2: Add Face ID via Apple
2020-11-16 20:32:34 +01:00
andryyy
46643af00c
[Web] FIDO2: Add Face ID via Apple
2020-11-16 20:32:13 +01:00
andryyy
ff071e5120
[Web] Different UV flag for auth and register, remove unique key from fido2, delete tfa/fido2 when removing user object
2020-11-16 15:01:02 +01:00
andryyy
21a75c1fd1
[Web] FIDO2: Print thrown error in verification failure, if any
2020-11-16 08:55:48 +01:00
andryyy
9dec340434
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2020-11-15 20:22:46 +01:00
Lukas Schreiner
d96bf91a0d
Support of different default pass schemes + support of BLF-CRYPT ( #3832 )
...
* Introduce MAILCOW_PASS_SCHEME in order to support blowfish (cf. mailcow/mailcow-dockerized#1019 )
* Furthermore added dovecot to support new environment varible for MAILCOW_PASS_SCHEME defaulted to SSHA256
* Revert changes regarding gitignore.
* Added fallback to SSHA256 if environment is not proper prepared.
* No fallback within management frontend, as it must match to other components.
* Unified and corrected alignment; implemented support of SSHA512
* Currently, password_hash of PHP is using by default bcrypt (BLF). As this might change later, we must ensure, that BLF is still used after PHP changes its default.
* Switched to BLF-CRYPT by default (even on update)
* Switched to BLF-CRYPT by default (even on update)
* Adding information in config generation / update with link to supported hash algorithm
* Bump sogo version to 1.92
* Fallback to BLF-CRYPT in case password scheme is not proper defined for Mailcow administration.
2020-11-15 20:22:35 +01:00
andryyy
c150ac7b37
[Web] Feature (beta): Add WebAuthn support for administrators and domain administrators
2020-11-15 19:32:37 +01:00
andryyy
477e1ff464
[Web] Fix initial static view update
2020-11-13 15:20:30 +01:00
andryyy
f18b677c8c
[Web] Fix invalid encodings with json_encode, fixes #3847
2020-11-09 14:43:15 +01:00
andryyy
6d56ef6435
[Web] Fix invalid encodings with json_encode, fixes #3847
2020-11-09 14:42:26 +01:00
andryyy
b7956d8a7a
[Web] Fix order of fuzzy del and fuzzy add when learning from quarantine, fixes #3844
2020-11-07 21:46:39 +01:00
Balázs Dura-Kovács
a73944076c
[Web] Hungarian translation ( #3842 )
2020-11-06 14:47:11 +01:00
andryyy
b9a8b8a3e7
[Web] More custom_params
2020-11-06 14:26:48 +01:00
andryyy
46491e4e30
[Web] Add type/action to quarantine table
2020-11-03 11:13:16 +01:00
andryyy
6c697f3f3f
[Web, Quarantine] Allow to set the max score of a message up to which a quarantine notification will be sent
2020-10-27 21:34:02 +01:00
andryyy
7bcb9414ab
[Rspamd] Handle Postmaster in and outbound as trusted
2020-10-25 10:34:13 +01:00
andryyy
0165c9d26b
[Web] Show fuzzy hash of rejected mail, if any
2020-10-24 16:27:31 +02:00
andryyy
7ca7b3b598
[Web] Drop obsolete sieve filter preset
2020-10-11 10:35:14 +02:00
andryyy
ce77d87c8d
[Dovecot] New global post-filter: drop duplicates as received within 60 minutes
2020-10-11 10:34:15 +02:00
andryyy
ffbc5ec961
[Web] Do not expand IPv6 as found by SPF lookup
2020-10-10 10:57:06 +02:00
andryyy
02677a9788
[Web] Higher timeout for long delays in transport checks
2020-10-08 16:51:04 +02:00
Bao H.H
b5ee399fa2
Add simplified Chinese language translations ( #3784 )
2020-10-01 20:50:49 +02:00
andryyy
27a4cead66
[Web] DB update
2020-09-26 22:12:29 +02:00
andryyy
29104ddf4c
[Web] Compatibility: Re-add _int vars
2020-09-26 22:04:55 +02:00
andryyy
d5c22de9b3
[Web] Compatibility: Re-add _int vars
2020-09-26 22:02:34 +02:00
andryyy
23f118a152
[Web] Allow to overwrite DKIM keys while importing a new key
2020-09-26 22:01:15 +02:00
andryyy
dc1732cc51
[Web] Replace JSON_EXTRACT by JSON_VALUE in init script
2020-09-20 22:33:09 +02:00
andryyy
3a9efc86cf
[SOGo, Dovecot] Remove unnecessary likes from sql queries
...
[Web] Filter transport destinations to prevent empty destinations
2020-09-20 22:21:00 +02:00
andryyy
d9b91fc04f
[Web] Important: Removed unnecessary *_int attributes from GET elements, _only_ returning int values now (same for all attributes which were provided as html char and int)
...
[Web] Feature: Allow to toggle protocols (imap, pop3, smtp) per user (defaults can be configured using vars.local.inc.php, see vars.inc.php)
Signed-off-by: andryyy <andre.peters@debinux.de>
2020-09-17 19:49:15 +02:00
andryyy
1f36ae28d4
[Postfix, Web] Feature: Show last SMTP login
2020-09-15 11:02:53 +02:00
andryyy
8a296e90c3
[Web] Return json array when mailq empty, fixes #3738
2020-09-06 11:59:36 +02:00
andryyy
f3c72832f2
[Web] Add rspamd-stats route to API
2020-09-06 08:54:09 +02:00
andryyy
bf62f31b9e
[Web] Fail2ban: Only write regex filters if not empty
2020-08-27 21:13:20 +02:00
andryyy
877b9b7054
[Web] Sync jobs: Use STARTTLS instead of TLS; Feature: Allow to edit fail2ban-like regex filters in UI
2020-08-27 20:43:33 +02:00
andryyy
9274b7b8e1
[Web] Allow to set force_pw_update, tls_enforce_in, tls_enforce_out, sogo_access and quarantine_notification when adding a domain (via API)
2020-08-22 22:59:13 +02:00
andryyy
155dfc66ee
[Web] Create ACL to toggle permission of a domain administrator to change a domain desc
2020-08-19 15:31:54 +02:00
andryyy
f8af5cae88
[Web] Fix da_acl when adding DA without domain
2020-08-19 09:05:04 +02:00
andryyy
d3d929222f
[Web] Rot announcements
2020-08-16 11:54:06 +02:00
André Peters
107e619893
Update dns_diagnostics.php
2020-08-13 14:09:13 +02:00
andryyy
1c8cca8187
[Web] MAILCOW_HOSTNAME should not be a CNAME
2020-08-13 10:45:44 +02:00
andryyy
4a8edd5b88
[Web] Fix download link for dns zone file
2020-08-07 22:13:03 +02:00
andryyy
11d003c985
[Web] Change c_o to varchar 500
2020-07-14 16:11:36 +02:00
Michael Kuron
bae250cc81
DNS: add link for downloading zonefile ( #3633 )
...
* DNS: add link for downloading zonefile
* DNS zonefile: add placeholders for optional entries
2020-07-12 09:39:39 +02:00
andryyy
e1aadb0268
[Web] More secure compose project name check
2020-07-11 13:32:40 +02:00
Miro Rauhala
6bff958ab4
[Web] Clean PHP code by removing unused variables ( #3646 )
...
* [WEB] $lang is not used in this context
* [Web] $stmt variable is not used
2020-07-11 13:20:38 +02:00
Ashus
00f5f744d0
[Web] Allow underscore and hyphen in DKIM selector ( #3643 )
...
This change allows to have cleaner DNS zones as mail security related entries usually begin with _.
Co-authored-by: Václav Silber <vaclav.silber@poski.com>
2020-07-09 15:40:44 +02:00
andryyy
2d049f37da
[Web] Allow mins_interval of max 1 month for sync jobs, fixes #3642
2020-07-08 19:36:05 +02:00
andryyy
6c92688ff6
[Quarantine] Allow to redirect all quarantine messages to a specific address
...
[Web] Minor changes to quarantine UI
2020-07-04 19:31:44 +02:00
andryyy
1d8f08ef15
[Web] Add sieve template, thanks to @Programmierus
2020-06-19 22:06:20 +02:00
andryyy
2aa11ba37d
[Web] Add PHPMailer to quarantine file
2020-06-16 14:17:09 +02:00