Commit Graph

182 Commits (d414ab82f8b3562d78ade8ed467bc4dcd5832163)

Author SHA1 Message Date
andryyy 9773d3549e
[Web] Fix password policy for mailbox user; minor Solr status fix 2021-06-17 07:07:48 +02:00
andryyy 05c85b4140
[Web] Fix alias verification 2021-06-09 11:03:48 +02:00
andryyy 47b57df3a2
[Web] Show users last PW change, allow to select n days for last logins 2021-06-09 07:19:57 +02:00
andryyy da20d5dc38
[Web] Replace country flags, improve flags for last logins, add info about last password change of a user 2021-06-08 13:16:10 +02:00
andryyy 08d666985f
[Web] Improve last logins, switch to country name (workaround, fix in progress) 2021-06-06 21:00:48 +02:00
andryyy a89fe53e4a
[Web] Show country of sasl ips 2021-06-06 11:57:15 +02:00
andryyy 7050d7c259
[Web] Fix BCC validation for aliases 2021-06-05 08:40:55 +02:00
andryyy 2d55b54904
[Web] Show users the last known connections for SASL authentication
[Web] Feature: Log SASL authentication
2021-06-04 14:29:39 +02:00
andryyy 735bcb2f55
[Web] Allow to select aliases for BCC 2021-06-03 08:00:59 +02:00
andryyy 5065667ae4
[Postfix] Allow to set and override a relayhost per mailbox
[Web] Replace recycle icon with trash (this one made me a bit sad)
[Web] Various small fixes
[Web] Allow or disallow a domain admin to change relayhost settings (default is off, as previous default)
2021-05-26 14:02:27 +02:00
andryyy e21e0b9dbf
[Web] Time limited aliases: show create date; create aliases with 1yr retention by default; create temp alias in alias domain; better random names; accept any validity time
[Web] Replace spam score slider by nouislider and rework table a bit
2021-05-21 12:48:24 +02:00
andryyy eb1d5dd134
[Web] Remove debugging points 2021-04-18 12:53:59 +02:00
andryyy 5ea649b292
[Web] Feature: Add password policy 2021-04-09 13:46:17 +02:00
Shea Ramage 4feceb08da
Refactor support for pre-hashed passwords (#4024) 2021-03-10 21:06:32 +01:00
andryyy 04bd21663c
[Web] Minor fixes 2021-02-11 14:41:00 +01:00
Felix Kaechele 31805f1656
[Web] Implement all supported dovecot password schemas (#3974)
When migrating from other Dovecot based installations it can be very
convenient to just copy over existing hashed passwords.
However, mailcow currently only supports a limited number of password
schemes.

This commit implements all password schemes that do not require
challenge/response or OTP mechanisms.

A convenient way to generate the regex with all supported schemas is
`docker-compose exec dovecot-mailcow doveadm pw -l | awk -F' ' '{printf
"/^{("; for(i=1;i<=NF-1;i++){printf "%s%s", sep, $i; sep="|"}; printf
")}/i\n"}'`

Note that this will also include unsupported challenge/response and OTP
schemas.

Furthermore this increases the vsz_limit for the dovecot auth service to
2G for the use of ARGON2I and ARGON2ID schemas.

Signed-off-by: Felix Kaechele <felix@kaechele.ca>
2021-02-11 09:31:53 +01:00
andryyy 02b10b0ed4
[Web] Add SSHA 2020-12-07 07:58:50 +01:00
Balázs Dura-Kovács dd1b25fa61
[Web] Optional HTML in system mails (#3879)
* HTML in system mails

* Update functions.inc.php

* Update functions.inc.php

Co-authored-by: André Peters <andre.peters@debinux.de>
2020-11-30 07:43:48 +01:00
andryyy ba20db2e08
[Web] Allow a user to choose notification categories (junk folder, rejected mail, both/all) + user ACL 2020-11-28 17:41:48 +01:00
andryyy 8d05d4a51d
[Web] Cleanup Rspamd, other fixes 2020-11-25 16:10:33 +01:00
andryyy 4a355f242f
[Web] Some fido2 fixes, table view for fido2 keys, fix renaming keys with the same subject 2020-11-17 13:38:28 +01:00
andryyy 9dec340434 Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2020-11-15 20:22:46 +01:00
Lukas Schreiner d96bf91a0d
Support of different default pass schemes + support of BLF-CRYPT (#3832)
* Introduce MAILCOW_PASS_SCHEME in order to support blowfish (cf. mailcow/mailcow-dockerized#1019)

* Furthermore added dovecot to support new environment varible for MAILCOW_PASS_SCHEME defaulted to SSHA256

* Revert changes regarding gitignore.

* Added fallback to SSHA256 if environment is not proper prepared.

* No fallback within management frontend, as it must match to other components.

* Unified and corrected alignment; implemented support of SSHA512

* Currently, password_hash of PHP is using by default bcrypt (BLF). As this might change later, we must ensure, that BLF is still used after PHP changes its default.

* Switched to BLF-CRYPT by default (even on update)

* Switched to BLF-CRYPT by default (even on update)

* Adding information in config generation / update with link to supported hash algorithm

* Bump sogo version to 1.92

* Fallback to BLF-CRYPT in case password scheme is not proper defined for Mailcow administration.
2020-11-15 20:22:35 +01:00
andryyy c150ac7b37
[Web] Feature (beta): Add WebAuthn support for administrators and domain administrators 2020-11-15 19:32:37 +01:00
andryyy f3c72832f2
[Web] Add rspamd-stats route to API 2020-09-06 08:54:09 +02:00
Miro Rauhala 6bff958ab4
[Web] Clean PHP code by removing unused variables (#3646)
* [WEB] $lang is not used in this context

* [Web] $stmt variable is not used
2020-07-11 13:20:38 +02:00
andryyy 48b74d77a0
[Web] Fix PHPMailer, minor style change for quarantine rcpts 2020-06-07 10:45:40 +02:00
andryyy a6af7cbc2e
[Web] Expand IPv6 addresses for better comparison 2020-05-26 20:04:22 +02:00
andryyy ccc56c54a9
[Web] Merge same notification types 2020-05-20 20:37:52 +02:00
andryyy e824239dee
[Web] Disallow web UI login, when domain is disabled 2020-05-17 09:41:38 +02:00
andryyy aef15f004a
[Web] Allow CIDR as allowed API networks; other minor fixes 2020-05-04 07:51:50 +02:00
andryyy a6247fc13f
[Web] Do not try to update sogo static view with skip_sogo y 2020-04-29 21:09:13 +02:00
andryyy 47a15c21aa
[Rspamd] Pushover, check sender by regex 2020-04-16 21:58:30 +02:00
andryyy 8f4540d5d9 [Web] r/o API keys, Pushover integration (can be limited by ACL), other minor changes 2020-04-10 21:00:23 +02:00
andryyy 3e2cbac778
[Rspamd] 2.5 RC3 2020-03-31 10:03:40 +02:00
andryyy b1242259e7
[Web] Fix cow level, sorry :( 2020-03-04 12:54:38 +01:00
andryyy 0ac4281f0e
[Web] Allow to skip IP check for API 2020-02-16 20:08:36 +01:00
andryyy 653c058e33
[Web] Feature: Allow app passwords for imap/smtp, allow to set acl permission for app passwords (domain admin [when logged in as user] and user) 2019-12-02 11:02:19 +01:00
andryyy affbba50ca
[Web] Fix active U2F key in UI 2019-10-25 19:13:24 +02:00
tinect 74244c7d0a cleanup cached js and css 2019-10-20 19:39:46 +02:00
andryyy 80a9c39956
[Web] Validate plain md5 hashes, closes #3017 2019-10-08 17:36:28 +02:00
André Peters fe38275cb5
Revert "Make is_valid_domain_name more strict" 2019-09-21 14:16:50 +02:00
André Peters 0dbc03a416
Merge pull request #2941 from patschi/domain-name-fix
Make is_valid_domain_name more strict
2019-09-19 15:03:51 +02:00
andryyy 0487f5ea1d
[Web] Add JVM memory indiator and add minor fixes 2019-09-17 20:11:53 +02:00
Patrik Kernstock 6b2f5a30d2
Slightly modified is_valid_domain_name for #1118 2019-09-15 20:40:07 +01:00
andryyy 893ce5a789
[Web] Allow to add external sender addresses, can be disabled by domain admin ACL and is disabled by default 2019-09-02 11:11:41 +02:00
andryyy 294e0bc07f
[Web] Cache validation result in Redis 2019-08-11 22:19:26 +02:00
andryyy 9a500a7068
[Web] Verify OPTIONAL license plus minor fixes 2019-08-09 14:16:52 +02:00
andryyy 5087d5ce96
[Web] Allow aliases as send-as 2019-05-26 08:29:10 +02:00
Evangelos Foutras e1a3313660 [Web] Fix showing domain with disabled sender check
If a mailbox is allowed to send as any address under its domain (+ alias
domains) and the domain itself has no aliases configured, no information
about this fact is shown to the user. That is to say, the "Do not check
sender access for the following domain(s) and its alias domains" field
under mailbox details is empty.

The above is happening because the second GROUP_CONCAT() returns NULL
making the enclosing CONCAT() return NULL as well. Fix this by using
CONCAT_WS() which correctly handles the case of zero domain aliases.

Furthermore, move the IFNULL() to the first GROUP_CONCAT() because
CONCAT_WS() returns an empty string when both GROUP_CONCAT()'s are
NULL. We can be certain that when the first GROUP_CONCAT() is NULL
the second one will be as well, so it's safe to use IFNULL() there.
2019-05-20 18:08:45 +03:00