From 771f812371d82dc95888b8f1fbf944b7e5a8c7b4 Mon Sep 17 00:00:00 2001 From: Tagada <36127788+Tagadda@users.noreply.github.com> Date: Wed, 21 Jun 2023 08:50:12 +0200 Subject: [PATCH] Update application.ini --- conf/application.ini | 203 ++++++++++++++++++++++++++----------------- 1 file changed, 124 insertions(+), 79 deletions(-) diff --git a/conf/application.ini b/conf/application.ini index eeab652..082485e 100644 --- a/conf/application.ini +++ b/conf/application.ini @@ -8,9 +8,10 @@ title = "SnappyMail Webmail" ; Text displayed on startup loading_description = "SnappyMail" favicon_url = "" +app_path = "" ; Theme used by default -theme = "Clear" +theme = "Default" ; Allow theme selection on settings screen allow_themes = On @@ -27,57 +28,95 @@ allow_languages_on_settings = On allow_additional_accounts = On allow_additional_identities = On -; Number of messages displayed on page by default +; Number of messages displayed on page by default messages_per_page = 20 +; Mark message read after N seconds +message_read_delay = 5 + ; File size limit (MB) for file upload on compose screen ; 0 for unlimited. attachment_size_limit = 25 +; brotli or gzip compress the output. +; Warning: only enable when server does not do this, else double compression errors occur +compress_output = Off + [interface] show_attachment_thumbnail = On -new_move_to_folder_button = on [contacts] ; Enable contacts enable = On -allow_sharing = On allow_sync = On sync_interval = 20 type = "mysql" pdo_dsn = "mysql:host=127.0.0.1;port=3306;dbname=__DB_NAME__" pdo_user = "__DB_USER__" pdo_password = "__DB_PWD__" -suggestions_limit = 30 + +; PEM format certificate +mysql_ssl_ca = "" +mysql_ssl_verify = On + +; HIGH +mysql_ssl_ciphers = "" +suggestions_limit = 20 [security] -; Enable CSRF protection (http://en.wikipedia.org/wiki/Cross-site_request_forgery) -csrf_protection = On custom_server_signature = "SnappyMail" -x_frame_options_header = "DENY" x_xss_protection_header = "1; mode=block" openpgp = Off -; Login and password for web admin panel -admin_login = "admin" -admin_password = "12345" -admin_totp = "" - ; Access settings allow_admin_panel = On -hide_x_mailer_header = On + +; Login and password for web admin panel +admin_login = "admin" +admin_password = "" +admin_totp = "" admin_panel_host = "" admin_panel_key = "admin" +force_https = Off +hide_x_mailer_header = On + +; https://en.m.wikipedia.org/wiki/Load_(computing) +max_sys_getloadavg = 0 + +; For example to allow all images use "img-src https:". More info at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#directives content_security_policy = "" + +; Report CSP errors to PHP and/or SnappyMail Log csp_report = Off + +; A valid cipher method from https://php.net/openssl_get_cipher_methods encrypt_cipher = "aes-256-cbc-hmac-sha1" +; Strict, Lax or None +cookie_samesite = "Strict" + +; Additional allowed Sec-Fetch combinations separated by ";". +; For example: +; * Allow iframe on same domain in any mode: dest=iframe,site=same-origin +; * Allow navigate to iframe on same domain: mode=navigate,dest=iframe,site=same-origin +; * Allow navigate to iframe on (sub)domain: mode=navigate,dest=iframe,site=same-site +; * Allow navigate to iframe from any domain: mode=navigate,dest=iframe,site=cross-site +; +; Default is "site=same-origin;site=none" +secfetch_allow = "" + +[admin_panel] +allow_update = Off + [ssl] ; Require verification of SSL certificate used. -verify_certificate = Off +verify_certificate = On ; Allow self-signed certificates. Requires verify_certificate. -allow_self_signed = On +allow_self_signed = Off + +; https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html +security_level = 1 ; Location of Certificate Authority file on local filesystem (/etc/ssl/certs/ca-certificates.crt) cafile = "" @@ -85,23 +124,40 @@ cafile = "" ; capath must be a correctly hashed certificate directory. (/etc/ssl/certs/) capath = "" +; Location of client certificate file (pem format with private key) on local filesystem +local_cert = "" + +; This can help mitigate the CRIME attack vector. +disable_compression = On + [capa] contacts = On quota = On help = On search = On search_adv = On +; Allow clear folder and delete messages without moving to trash dangerous_actions = On + +; Allow download attachments as Zip (and optionally others) attachments_actions = On [login] +; If someone logs in without "@domain.tld", this value will be used +; When this value is HTTP_HOST, the $_SERVER["HTTP_HOST"] value is used. +; When this value is SERVER_NAME, the $_SERVER["SERVER_NAME"] value is used. +; When this value is gethostname, the gethostname() value is used. +; default_domain = "__DOMAIN__" ; Allow language selection on webmail login screen allow_languages_on_login = On + +; Detect language from browser header `Accept-Language` determine_user_language = On + +; Like default_domain but then HTTP_HOST/SERVER_NAME without www. determine_user_domain = Off -hide_submit_button = On login_lowercase = On ; This option allows webmail to remember the logged in user @@ -117,11 +173,11 @@ sign_me_auto = "DefaultOff" ; Enable plugin support enable = On -; List of enabled plugins +; Comma-separated list of enabled plugins enabled_list = "ldap-identities" [defaults] -; Editor mode used by default (Plain, Html, HtmlForced or PlainForced) +; Editor mode used by default (Plain, Html) view_editor_type = "Html" ; layout: 0 - no preview, 1 - side preview, 2 - bottom preview @@ -139,22 +195,24 @@ mail_reply_same_folder = Off ; Enable logging enable = Off +; Path where log files will be stored +path = "" + +; Log messages of set RFC 5424 section 6.2.1 Severity level and higher (0 = highest, 7 = lowest). +; 0 = Emergency +; 1 = Alert +; 2 = Critical +; 3 = Error +; 4 = Warning +; 5 = Notice +; 6 = Informational +; 7 = Debug level = 4 -; Logs entire request only if error occured (php requred) -write_on_error_only = Off - -; Logs entire request only if php error occured -write_on_php_error_only = Off - -; Logs entire request only if request timeout (in seconds) occured. -write_on_timeout_only = 0 - ; Required for development purposes only. ; Disabling this option is not recommended. hide_passwords = On -time_offset = __TIMEZONE__ -session_filter = "" +time_zone = "__TIMEZONE__" ; Log filename. ; For security reasons, some characters are removed from filename. @@ -182,16 +240,23 @@ session_filter = "" ; filename = "log-{date:Y-m-d}.txt" ; filename = "{date:Y-m-d}/{user:domain}/{user:email}_{user:uid}.log" ; filename = "{user:email}-{date:Y-m-d}.txt" +; filename = "syslog" +; filename = "stderr" filename = "log-{date:Y-m-d}.txt" ; Enable auth logging in a separate file (for fail2ban) auth_logging = On -auth_logging_filename = "fail2ban/auth-fail.log" -auth_logging_format = "[{date:Y-m-d H:i:s T}] Auth failed: ip={request:ip} user={imap:login} host={imap:host} port={imap:port}" +auth_logging_filename = "fail2ban/auth-{date:Y-m-d}.txt" +auth_logging_format = "[{date:Y-m-d H:i:s}] Auth failed: ip={request:ip} user={imap:login} host={imap:host} port={imap:port}" + +; Enable auth logging to syslog for fail2ban +auth_syslog = Off [debug] ; Special option required for development purposes enable = Off +javascript = Off +css = Off [cache] ; The section controls caching of the entire application. @@ -199,10 +264,13 @@ enable = Off ; Enables caching in the system enable = On +; Path where cache files will be stored +path = "" + ; Additional caching key. If changed, cache is purged index = "v1" -; Can be: files, APC, memcache +; Can be: files, APCU, memcache, redis (beta) fast_cache_driver = "files" ; Additional caching key. If changed, fast cache is purged @@ -216,58 +284,39 @@ http_expires = 3600 ; Caching message UIDs when searching and sorting (threading) server_uids = On +system_data = On + +[imap] +use_force_selection = Off +use_expunge_all_on_delete = Off +message_list_fast_simple_search = On +message_list_permanent_filter = "" +message_all_headers = Off +show_login_alert = On +fetch_new_messages = On [labs] -allow_prefetch = Off -cache_system_data = On +; Display message RFC 2822 date and time header, instead of the arrival internal date. date_from_headers = On -autocreate_system_folders = Off allow_message_append = Off -login_fault_delay = 1 + +; When login fails, wait N seconds before responding +login_fault_delay = 5 log_ajax_response_write_limit = 300 -allow_html_editor_source_button = Off -allow_ctrl_enter_on_compose = On -try_to_detect_hidden_images = Off -use_app_debug_js = Off -use_mobile_version_for_tablets = Off -use_app_debug_css = Off -use_imap_sort = On -use_imap_force_selection = Off -use_imap_thread = On -use_imap_move = Off -use_imap_expunge_all_on_delete = Off -imap_forwarded_flag = "$Forwarded" -imap_read_receipt_flag = "$ReadReceipt" -imap_body_text_limit = 555000 -imap_message_list_fast_simple_search = On -imap_message_list_count_limit_trigger = 0 -imap_message_list_date_filter = 0 -imap_message_list_permanent_filter = "" -imap_message_all_headers = Off -imap_large_thread_limit = 50 -imap_folder_list_limit = 200 -imap_show_login_alert = On -imap_use_list_status = On -imap_timeout = 300 smtp_show_server_errors = Off -smtp_timeout = 60 sieve_auth_plain_initial = On -sieve_allow_fileinfo_inbox = Off -sieve__timeout = 10 -sasl_allow_plain = On -sasl_allow_scram_sha = Off -sasl_allow_cram_md5 = Off +sieve_allow_fileinto_inbox = Off + +; PHP mail() remove To and Subject headers mail_func_clear_headers = On + +; PHP mail() set -f emailaddress mail_func_additional_parameters = Off -favicon_status = On folders_spec_limit = 50 curl_proxy = "" curl_proxy_auth = "" -in_iframe = Off -force_https = Off -custom_login_link = "" -custom_logout_link = "" -allow_external_login = Off +custom_login_link='__PATH__/sso.php' +custom_logout_link='https://__MAIN_DOMAIN__/yunohost/sso/?action=logout' http_client_ip_check_proxy = Off fast_cache_memcache_host = "127.0.0.1" fast_cache_memcache_port = 11211 @@ -277,15 +326,11 @@ use_local_proxy_for_external_images = On image_exif_auto_rotate = Off cookie_default_path = "" cookie_default_secure = Off -check _new_messages = On replace_env_in_configuration = "" boundary_prefix = "" -kolab_enabled = Off dev_email = "" dev_password = "" -custom_login_link='__PATH__/sso.php' -custom_logout_link='https://__MAIN_DOMAIN__/yunohost/sso/?action=logout' [version] -current = "2.15.0" -saved = "Thu, 21 Apr 2022 15:18:08 +0000" +current = "2.28.1" +saved = "Wed, 21 Jun 2023 06:38:05 +0000" \ No newline at end of file