Move the Mailu Docker network to a fixed subnet.

This will make network configuration and host based authentication
more robust, across different deployment platforms.
The options `RELAYNETS` and`POD_ADDRESS_RANGE` are kept for compatibility.
However, their usage have become optional.

core/admin/mailu/configuration.py

@@ -50,6 +50,7 @@ DEFAULT_CONFIG = {
     'HOST_WEBMAIL': 'webmail',
     'HOST_FRONT': 'front',
     'HOST_AUTHSMTP': os.environ.get('HOST_SMTP', 'smtp'),
+    'SUBNET': '192.168.203.0/24',
     'POD_ADDRESS_RANGE': None
 }
 

core/admin/mailu/internal/views/dovecot.py

@@ -10,12 +10,9 @@ import os
 def dovecot_passdb_dict(user_email):
     user = models.User.query.get(user_email) or flask.abort(404)
     allow_nets = []
-    allow_nets.append(
-        app.config.get("POD_ADDRESS_RANGE") or
-        socket.gethostbyname(app.config["HOST_FRONT"])
-    )
-    if os.environ["WEBMAIL"] != "none":
-        allow_nets.append(socket.gethostbyname(app.config["HOST_WEBMAIL"]))
+    allow_nets.append(app.config["SUBNET"])
+    if app.config["POD_ADDRESS_RANGE"]:
+        allow_nets.append(app.config["POD_ADDRESS_RANGE"])
     print(allow_nets)
     return flask.jsonify({
         "password": None,

core/postfix/conf/main.cf

@@ -14,7 +14,7 @@ queue_directory = /queue
 message_size_limit = {{ MESSAGE_SIZE_LIMIT }}
 
 # Relayed networks
-mynetworks = 127.0.0.1/32 [::1]/128 {{ RELAYNETS }}
+mynetworks = 127.0.0.1/32 [::1]/128 {{ SUBNET }} {{ RELAYNETS }}
 
 # Empty alias list to override the configuration variable and disable NIS
 alias_maps =
@@ -32,7 +32,8 @@ relayhost = {{ RELAYHOST }}
 recipient_delimiter = {{ RECIPIENT_DELIMITER }}
 
 # Only the front server is allowed to perform xclient
-smtpd_authorized_xclient_hosts={{ FRONT_ADDRESS }} {{ POD_ADDRESS_RANGE }}
+# In kubernetes and Docker swarm, such address cannot be determined using the hostname. Allow for the whole Mailu subnet instead.
+smtpd_authorized_xclient_hosts={{ POD_ADDRESS_RANGE or SUBNET }}
 
 ###############
 # TLS