Configures opendmarc to send failure reports for domains that request them, including when p=none.
The emails are sent as the package default of package name and user@hostname: OpenDMARC Filter <opendmarc@box.example.com>
Note I have been running this for several months with a configuration I did not include in the PR to have reports BCC'd to me (FailureReportsBcc postmaster@example.com). Very low load for my personal server of rarely more than a dozen emails sent out per day.
I am not familiar with editing scripts, so apologies in advance and please feel free to correct me.
roundcube Bug Fixes:
Fix for Cross-Site Scripting (XSS) via HTML messages with malicious CSS content
General Improvements from roundcube's Issue Tracker
This reverts commit b1d703a5e7 and adds python3-setuptools per the first version of #1899 which fixes an installation error for the b2sdk Python package.
This adds a new section to the admin panel called "Activity", that
supplies charts, graphs and details about messages entering and leaving
the host.
A new daemon captures details of system mail activity by monitoring
the /var/log/mail.log file, summarizing it into a sqllite database
that's kept in user-data.
* Installing b2sdk for b2 support
* Added Duplicity PPA so the most recent version is used
* Implemented list_target_files for b2
* Implemented b2 in frontend
* removed python2 boto package
* add user interface for managing 2fa
* update user schema with 2fa columns
* implement two factor check during login
* Use pyotp for validating TOTP codes
* also implements resynchronisation support via `pyotp`'s `valid_window option
* Update API route naming, update setup page
* Rename /two-factor-auth/ => /2fa/
* Nest totp routes under /2fa/totp/
* Update ids and methods in panel to allow for different setup types
* Autofocus otp input when logging in, update layout
* Extract TOTPStrategy class to totp.py
* this decouples `TOTP` validation and storage logic from `auth` and moves it to `totp`
* reduce `pyotp.validate#valid_window` from `2` to `1`
* Update OpenApi docs, rename /2fa/ => /mfa/
* Decouple totp from users table by moving to totp_credentials table
* this allows implementation of other mfa schemes in the future (webauthn)
* also makes key management easier and enforces one totp credentials per user on db-level
* Add sqlite migration
* Rename internal validate_two_factor_secret => validate_two_factor_secret
* conn.close() if mru_token update can't .commit()
* Address review feedback, thanks @hija
* Use hmac.compare_digest() to compare mru_token
* Safeguard against empty mru_token column
* hmac.compare_digest() expects arguments of type string, make sure we don't pass None
* Currently, this cannot happen but we might not want to store `mru_token` during setup
* Do not log failed login attempts for MissingToken errors
* Due to the way that the /login UI works, this persists at least one failed login each time a user logs into the admin panel. This in turn triggers fail2ban at some point.
* Add TOTP secret to user_key hash
thanks @downtownallday
* this invalidates all user_keys after TOTP status is changed for user
* after changing TOTP state, a login is required
* due to the forced login, we can't and don't need to store the code used for setup in `mru_code`
* Typo
* Reorganize the MFA backend methods
* Reorganize MFA front-end and add label column
* Fix handling of bad input when enabling mfa
* Update openAPI docs
* Remove unique key constraint on foreign key user_id in mfa table
* Don't expose mru_token and secret for enabled mfas over HTTP
* Only update mru_token for matched mfa row
* Exclude mru_token in user key hash
* Rename tools/mail.py to management/cli.py
* Add MFA list/disable to the management CLI so admins can restore access if MFA device is lost
Co-authored-by: Joshua Tauberer <jt@occams.info>
