Replace SnappyMail link with a custom Django webmail app that provides:
- Full IMAP/SMTP integration (Dovecot + Postfix) with master user SSO
- 3-column responsive UI matching CyberPanel design system
- Compose with rich text editor, attachments, reply/forward
- Contact management with auto-collect from sent messages
- Sieve mail filter rules with ManageSieve protocol support
- Standalone login page for direct webmail access
- Account switcher for admins managing multiple email accounts
- HTML email sanitization (whitelist-based, external image proxy)
- Draft auto-save and per-user settings
- Add bypass check for 'content' field INSIDE isAPIEndpoint block
- Prevents blocking of legitimate JavaScript/PHP code in replace-file API
- Bypass list includes: content, fileContent, configData, rewriteRules, modSecRules
- Security check still applies to other fields in API requests
- Fixes: Replace-file API being blocked by security middleware
- Introduced a new model `UserNotificationPreferences` to store user-specific notification dismissal settings.
- Added context processor to include notification preferences in templates.
- Implemented API endpoints to dismiss backup and AI scanner notifications permanently.
- Updated front-end logic to handle notification dismissal via server-side checks and API calls.
- Enhanced documentation to include a new Custom CSS Guide for theme customization.
- Updated settings.py to include PhpMyAdminAccessMiddleware for enhanced access control.
- Modified phpmyadminsignin.php to check user session and redirect to the login page if not authenticated.
- Updated .gitignore to include additional sensitive files and directories.
- Added python-dotenv to requirements for loading environment variables.
- Modified settings.py to load environment variables for sensitive configurations, including SECRET_KEY, DEBUG, and database credentials.
- Implemented secure .env file generation during installation to avoid hardcoding sensitive information.
- Introduced fallback method for settings update if environment generation fails.
- Introduced a new `cosmetic_context` processor to provide custom CSS data to templates.
- Updated `settings.py` to include the new context processor.
- Modified multiple HTML templates to utilize the `cosmetic` variable for dynamic CSS styling.
- Enhanced user interface elements with improved styling and accessibility features, including ARIA labels for form controls.
- Remove CSF menu item from sidebar navigation
- Disable CSF-related URL endpoints in firewall module
- Update upgrade process to automatically remove CSF and restore firewalld
- Archive CSF template and configuration files
- Clean up CSF references in settings and upgrade scripts
CSF (ConfigServer Security & Firewall) is shutting down on August 31, 2025.
This commit removes CSF integration and ensures firewalld is restored as the
default firewall solution during upgrades.
Fixes#1473
