Move the Mailu Docker network to a fixed subnet.

This will make network configuration and host based authentication more robust, across different deployment platforms. The options `RELAYNETS` and`POD_ADDRESS_RANGE` are kept for compatibility. However, their usage have become optional.
2018-12-03 03:16:53 +02:00
parent 3d98124bcd
commit 8172f3eab8
17 changed files with 68 additions and 57 deletions
--- a/core/admin/mailu/configuration.py
+++ b/core/admin/mailu/configuration.py
@@ -50,6 +50,7 @@ DEFAULT_CONFIG = {
    'HOST_WEBMAIL': 'webmail',
    'HOST_FRONT': 'front',
    'HOST_AUTHSMTP': os.environ.get('HOST_SMTP', 'smtp'),
+    'SUBNET': '192.168.203.0/24',
    'POD_ADDRESS_RANGE': None
 }

--- a/core/admin/mailu/internal/views/dovecot.py
+++ b/core/admin/mailu/internal/views/dovecot.py
@@ -10,12 +10,9 @@ import os
 def dovecot_passdb_dict(user_email):
    user = models.User.query.get(user_email) or flask.abort(404)
    allow_nets = []
-    allow_nets.append(
-        app.config.get("POD_ADDRESS_RANGE") or
-        socket.gethostbyname(app.config["HOST_FRONT"])
-    )
-    if os.environ["WEBMAIL"] != "none":
-        allow_nets.append(socket.gethostbyname(app.config["HOST_WEBMAIL"]))
+    allow_nets.append(app.config["SUBNET"])
+    if app.config["POD_ADDRESS_RANGE"]:
+        allow_nets.append(app.config["POD_ADDRESS_RANGE"])
    print(allow_nets)
    return flask.jsonify({
        "password": None,