Commit Graph

171 Commits (0cbd4ec273b9546f8a2fa247b698665a3f745109)

Author SHA1 Message Date
andryyy eb1d5dd134
[Web] Remove debugging points 2021-04-18 12:53:59 +02:00
andryyy 5ea649b292
[Web] Feature: Add password policy 2021-04-09 13:46:17 +02:00
Shea Ramage 4feceb08da
Refactor support for pre-hashed passwords (#4024) 2021-03-10 21:06:32 +01:00
andryyy 04bd21663c
[Web] Minor fixes 2021-02-11 14:41:00 +01:00
Felix Kaechele 31805f1656
[Web] Implement all supported dovecot password schemas (#3974)
When migrating from other Dovecot based installations it can be very
convenient to just copy over existing hashed passwords.
However, mailcow currently only supports a limited number of password
schemes.

This commit implements all password schemes that do not require
challenge/response or OTP mechanisms.

A convenient way to generate the regex with all supported schemas is
`docker-compose exec dovecot-mailcow doveadm pw -l | awk -F' ' '{printf
"/^{("; for(i=1;i<=NF-1;i++){printf "%s%s", sep, $i; sep="|"}; printf
")}/i\n"}'`

Note that this will also include unsupported challenge/response and OTP
schemas.

Furthermore this increases the vsz_limit for the dovecot auth service to
2G for the use of ARGON2I and ARGON2ID schemas.

Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2021-02-11 09:31:53 +01:00
andryyy 02b10b0ed4
[Web] Add SSHA 2020-12-07 07:58:50 +01:00
Balázs Dura-Kovács dd1b25fa61
[Web] Optional HTML in system mails (#3879)
* HTML in system mails

* Update functions.inc.php

* Update functions.inc.php

Co-authored-by: André Peters <andre.peters@debinux.de>
2020-11-30 07:43:48 +01:00
andryyy ba20db2e08
[Web] Allow a user to choose notification categories (junk folder, rejected mail, both/all) + user ACL 2020-11-28 17:41:48 +01:00
andryyy 8d05d4a51d
[Web] Cleanup Rspamd, other fixes 2020-11-25 16:10:33 +01:00
andryyy 4a355f242f
[Web] Some fido2 fixes, table view for fido2 keys, fix renaming keys with the same subject 2020-11-17 13:38:28 +01:00
andryyy 9dec340434 Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2020-11-15 20:22:46 +01:00
Lukas Schreiner d96bf91a0d
Support of different default pass schemes + support of BLF-CRYPT (#3832)
* Introduce MAILCOW_PASS_SCHEME in order to support blowfish (cf. mailcow/mailcow-dockerized#1019)

* Furthermore added dovecot to support new environment varible for MAILCOW_PASS_SCHEME defaulted to SSHA256

* Revert changes regarding gitignore.

* Added fallback to SSHA256 if environment is not proper prepared.

* No fallback within management frontend, as it must match to other components.

* Unified and corrected alignment; implemented support of SSHA512

* Currently, password_hash of PHP is using by default bcrypt (BLF). As this might change later, we must ensure, that BLF is still used after PHP changes its default.

* Switched to BLF-CRYPT by default (even on update)

* Switched to BLF-CRYPT by default (even on update)

* Adding information in config generation / update with link to supported hash algorithm

* Bump sogo version to 1.92

* Fallback to BLF-CRYPT in case password scheme is not proper defined for Mailcow administration.
2020-11-15 20:22:35 +01:00
andryyy c150ac7b37
[Web] Feature (beta): Add WebAuthn support for administrators and domain administrators 2020-11-15 19:32:37 +01:00
andryyy f3c72832f2
[Web] Add rspamd-stats route to API 2020-09-06 08:54:09 +02:00
Miro Rauhala 6bff958ab4
[Web] Clean PHP code by removing unused variables (#3646)
* [WEB] $lang is not used in this context

* [Web] $stmt variable is not used
2020-07-11 13:20:38 +02:00
andryyy 48b74d77a0
[Web] Fix PHPMailer, minor style change for quarantine rcpts 2020-06-07 10:45:40 +02:00
andryyy a6af7cbc2e
[Web] Expand IPv6 addresses for better comparison 2020-05-26 20:04:22 +02:00
andryyy ccc56c54a9
[Web] Merge same notification types 2020-05-20 20:37:52 +02:00
andryyy e824239dee
[Web] Disallow web UI login, when domain is disabled 2020-05-17 09:41:38 +02:00
andryyy aef15f004a
[Web] Allow CIDR as allowed API networks; other minor fixes 2020-05-04 07:51:50 +02:00
andryyy a6247fc13f
[Web] Do not try to update sogo static view with skip_sogo y 2020-04-29 21:09:13 +02:00
andryyy 47a15c21aa
[Rspamd] Pushover, check sender by regex 2020-04-16 21:58:30 +02:00
andryyy 8f4540d5d9 [Web] r/o API keys, Pushover integration (can be limited by ACL), other minor changes 2020-04-10 21:00:23 +02:00
andryyy 3e2cbac778
[Rspamd] 2.5 RC3 2020-03-31 10:03:40 +02:00
andryyy b1242259e7
[Web] Fix cow level, sorry :( 2020-03-04 12:54:38 +01:00
andryyy 0ac4281f0e
[Web] Allow to skip IP check for API 2020-02-16 20:08:36 +01:00
andryyy 653c058e33
[Web] Feature: Allow app passwords for imap/smtp, allow to set acl permission for app passwords (domain admin [when logged in as user] and user) 2019-12-02 11:02:19 +01:00
andryyy affbba50ca
[Web] Fix active U2F key in UI 2019-10-25 19:13:24 +02:00
tinect 74244c7d0a cleanup cached js and css 2019-10-20 19:39:46 +02:00
andryyy 80a9c39956
[Web] Validate plain md5 hashes, closes #3017 2019-10-08 17:36:28 +02:00
André Peters fe38275cb5
Revert "Make is_valid_domain_name more strict" 2019-09-21 14:16:50 +02:00
André Peters 0dbc03a416
Merge pull request #2941 from patschi/domain-name-fix
Make is_valid_domain_name more strict
2019-09-19 15:03:51 +02:00
andryyy 0487f5ea1d
[Web] Add JVM memory indiator and add minor fixes 2019-09-17 20:11:53 +02:00
Patrik Kernstock 6b2f5a30d2
Slightly modified is_valid_domain_name for #1118 2019-09-15 20:40:07 +01:00
andryyy 893ce5a789
[Web] Allow to add external sender addresses, can be disabled by domain admin ACL and is disabled by default 2019-09-02 11:11:41 +02:00
andryyy 294e0bc07f
[Web] Cache validation result in Redis 2019-08-11 22:19:26 +02:00
andryyy 9a500a7068
[Web] Verify OPTIONAL license plus minor fixes 2019-08-09 14:16:52 +02:00
andryyy 5087d5ce96
[Web] Allow aliases as send-as 2019-05-26 08:29:10 +02:00
Evangelos Foutras e1a3313660 [Web] Fix showing domain with disabled sender check
If a mailbox is allowed to send as any address under its domain (+ alias
domains) and the domain itself has no aliases configured, no information
about this fact is shown to the user. That is to say, the "Do not check
sender access for the following domain(s) and its alias domains" field
under mailbox details is empty.

The above is happening because the second GROUP_CONCAT() returns NULL
making the enclosing CONCAT() return NULL as well. Fix this by using
CONCAT_WS() which correctly handles the case of zero domain aliases.

Furthermore, move the IFNULL() to the first GROUP_CONCAT() because
CONCAT_WS() returns an empty string when both GROUP_CONCAT()'s are
NULL. We can be certain that when the first GROUP_CONCAT() is NULL
the second one will be as well, so it's safe to use IFNULL() there.
2019-05-20 18:08:45 +03:00
andryyy 49492dff61
[Web, Dovecot] Allow empty/unlimited quota 2019-03-28 22:05:12 +01:00
andryyy c7c115d63a
[Solr] Use fixed, recommended schema but add EdgeNGramFilterFactory 2019-03-10 09:40:04 +01:00
andryyy d60c6a4e56
[Web] Fix shared alias displain in user view, fixes #2274 2019-02-07 22:37:11 +01:00
andryyy 4a1362fc4d
[Web] Minor alias overview fix 2019-02-06 09:23:44 +01:00
andryyy 1e764009bf
[Web] Use INTL_IDNA_VARIANT_UTS46 in idn_to_ascii (thanks to @Knight1 !)
[Web] Some PHP fixes (warnings, notices)
[Web] Add quota notification tools
2019-02-05 00:10:21 +01:00
andryyy 07392b7437
[Watchdog] Use stackoverflow.com for DNS check
[Git] Ignore mail_plugins*
[Dovecot] Read mail_plugins from dynamically generated file
[Dovecot] Encrypt FTS
[Dovecot] Add break_imap_seach option to Solr
[Web] Add ability to send quarantine notification mails
[Web] Minor style fixes
[Web] Add new MAILBOX_DEFAULT_ATTRIBUTES (doc updates, anyone? :-( )
[Web] Use rcpt_smtp if rcpt_mime is not set
[Web] Other minor fixes
2019-01-29 00:20:39 +01:00
andryyy f924f9b5cd
[Web] Minor fix in return 2019-01-16 19:11:23 +01:00
André Peters f3dfe346bf [Dovecot] Allow setting ACL_ANYONE in mailcow.conf 2019-01-16 19:08:19 +01:00
andryyy ca9c610460
[Web] Apple mobileconfig enhancements by @feldsam 2019-01-02 21:28:22 +01:00
andryyy 5b5976ba23 [Web] Show ratelimited messages, allow to delete Redis hash to reset status of a bucket 2018-12-15 21:24:39 +01:00
andryyy f9bfac4d27 [Web] Fix _sogo_static_view creation when parent tables changed order of cols 2018-11-12 10:01:33 +01:00