Merge branch 'master' into fix-swarm-start

core/admin/Dockerfile

@@ -17,5 +17,6 @@ COPY start.sh /start.sh
 RUN pybabel compile -d mailu/translations
 
 EXPOSE 80/tcp
+VOLUME ["/data"]
 
 CMD ["/start.sh"]

core/admin/mailu/internal/__init__.py

@@ -1,3 +1,5 @@
+from flask_limiter import RateLimitExceeded
+
 from mailu import limiter
 
 import socket
@@ -6,6 +8,14 @@ import flask
 
 internal = flask.Blueprint('internal', __name__)
 
+@internal.app_errorhandler(RateLimitExceeded)
+def rate_limit_handler(e):
+    response = flask.Response()
+    response.headers['Auth-Status'] = 'Authentication rate limit from one source exceeded'
+    response.headers['Auth-Error-Code'] = '451 4.3.2'
+    if int(flask.request.headers['Auth-Login-Attempt']) < 10:
+        response.headers['Auth-Wait'] = '3'
+    return response
 
 @limiter.request_filter
 def whitelist_webmail():

core/admin/start.sh

@@ -2,4 +2,4 @@
 
 python manage.py advertise
 python manage.py db upgrade
-gunicorn -w 4 -b 0.0.0.0:80 -b [::]:80 --access-logfile - --error-logfile - --preload mailu:app
+gunicorn -w 4 -b :80 --access-logfile - --error-logfile - --preload mailu:app

core/dovecot/Dockerfile

@@ -3,12 +3,13 @@ FROM alpine:3.7
 RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
  && apk add --no-cache \
      dovecot dovecot-sqlite dovecot-pigeonhole-plugin dovecot-pigeonhole-plugin-extdata \
-     rspamd-client@testing python py-jinja2
+     dovecot-fts-lucene rspamd-client@testing python py-jinja2
 
 COPY conf /conf
 COPY sieve /var/lib/dovecot
 COPY start.py /start.py
 
 EXPOSE 110/tcp 143/tcp 993/tcp 4190/tcp 2525/tcp
+VOLUME ["/data", "/mail"]
 
 CMD /start.py

core/dovecot/conf/dovecot.conf

@@ -18,6 +18,20 @@ dict {
   sieve = sqlite:/etc/dovecot/pigeonhole-sieve.dict
 }
 
+###############
+# Full-text search
+###############
+mail_plugins =  $mail_plugins fts fts_lucene
+
+plugin {
+  fts = lucene
+
+  fts_autoindex = yes
+  fts_autoindex_exclude = \Junk
+
+  fts_lucene = whitespace_chars=@.
+}
+
 ###############
 # Mailboxes
 ###############
@@ -32,7 +46,7 @@ mail_access_groups = mail
 maildir_stat_dirs = yes
 mailbox_list_index = yes
 mail_vsize_bg_after_count = 100
-mail_plugins = $mail_plugins quota quota_clone
+mail_plugins = $mail_plugins quota quota_clone zlib
 
 namespace inbox {
   inbox = yes
@@ -58,6 +72,14 @@ plugin {
   quota = count:User quota
   quota_vsizes = yes
   quota_clone_dict = redis:host={{ REDIS_ADDRESS }}:port=6379:db=1
+
+  {% if COMPRESSION in [ 'gz', 'bz2' ] %}
+  zlib_save = {{ COMPRESSION }}
+  {% endif %}
+
+  {% if COMPRESSION_LEVEL %}
+  zlib_save_level = {{ COMPRESSION_LEVEL }}
+  {% endif %}
 }
 
 ###############

core/dovecot/sieve/report-ham.sieve

@@ -1,3 +1,11 @@
-require "vnd.dovecot.execute";
+require ["vnd.dovecot.execute", "copy", "imapsieve", "environment", "variables"];
+
+if environment :matches "imap.mailbox" "*" {
+  set "mailbox" "${1}";
+}
+
+if string "${mailbox}" "Trash" {
+  stop;
+}
 
 execute :pipe "mailtrain" "ham";

core/nginx/Dockerfile

@@ -6,5 +6,6 @@ COPY conf /conf
 COPY *.py /
 
 EXPOSE 80/tcp 443/tcp 110/tcp 143/tcp 465/tcp 587/tcp 993/tcp 995/tcp 25/tcp 10025/tcp 10143/tcp
+VOLUME ["/certs"]
 
 CMD /start.py

core/postfix/Dockerfile

@@ -6,5 +6,6 @@ COPY conf /conf
 COPY start.py /start.py
 
 EXPOSE 25/tcp 10025/tcp
+VOLUME ["/data"]
 
 CMD /start.py

core/postfix/conf/master.cf

@@ -8,6 +8,7 @@ smtp      inet  n       -       n       -       -       smtpd
 10025     inet  n       -       n       -       -       smtpd
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_recipient_restrictions=reject_unlisted_sender,reject_authenticated_sender_login_mismatch,permit
+  -o smtpd_reject_unlisted_recipient={% if REJECT_UNLISTED_RECIPIENT %}{{ REJECT_UNLISTED_RECIPIENT }}{% else %}no{% endif %}
   -o cleanup_service_name=outclean
 outclean  unix n       -       n       -       0       cleanup
   -o header_checks=pcre:/etc/postfix/outclean_header_filter.cf