diff --git a/docs/bl_wl.md b/docs/bl_wl.md index 31561e858..08b925537 100644 --- a/docs/bl_wl.md +++ b/docs/bl_wl.md @@ -1,3 +1,5 @@ -Edit a domain as (domain) administrator to add an item to the filter table. +To add or edit an entry to your **domain wide** filter table, login to your *mailcow UI* as (domain) administrator. + +![Black- and Whitelist configuration](images/bl_wl.png) Beware that a mailbox user can login to mailcow and override a domain policy filter item. diff --git a/docs/images/bl_wl.png b/docs/images/bl_wl.png new file mode 100644 index 000000000..3619868f5 Binary files /dev/null and b/docs/images/bl_wl.png differ diff --git a/docs/ssl.md b/docs/ssl.md index aa672f37c..9ebccb7a9 100644 --- a/docs/ssl.md +++ b/docs/ssl.md @@ -1,6 +1,6 @@ mailcow dockerized comes with a snakeoil CA "mailcow" and a server certificate in `data/assets/ssl`. Please use your own trusted certificates. -mailcow uses 3 domain names that should be covered by your new certificate: +mailcow uses **at least** 3 domain names that should be covered by your new certificate: - ${MAILCOW_HOSTNAME} - autodiscover.**example.org** @@ -35,7 +35,7 @@ certbot certonly \ ``` **Remember to replace the example.org domain with your own domain, this command will not work if you dont.** - + 4\. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder: ``` bash mv data/assets/ssl/cert.{pem,pem.backup} diff --git a/docs/tfa.md b/docs/tfa.md index 60ad71df0..674a88ea6 100644 --- a/docs/tfa.md +++ b/docs/tfa.md @@ -1,14 +1,10 @@ -So far three methods for TFA are implemented. +So far three methods for *Two Factor Authentication* are implemented: U2F, Yubi OTP, and TOTP -FOr U2F to work, you need an encrypted connection to the server (HTTPS) as well as a FIDO security key. - -Both U2F and Yubi OTP work well with the fantastic [Yubikey](https://www.yubico.com). - -While Yubi OTP needs an active internet connection and an API ID + key, U2F will work with any FIDO U2F USB key out of the box, but can only be used when mailcow is accessed over HTTPS. - -U2F and Yubi OTP support multiple keys per user. - -As the third TFA method mailcow uses TOTP: time-based one-time passwords. Those psaswords can be generated with apps like "Google Authenticator" after initially scanning a QR code or entering the given secret manually. +- For U2F to work, you need an encrypted connection to the server (HTTPS) as well as a FIDO security key. +- Both U2F and Yubi OTP work well with the fantastic [Yubikey](https://www.yubico.com). +- While Yubi OTP needs an active internet connection and an API ID + key, U2F will work with any FIDO U2F USB key out of the box, but can only be used when mailcow is accessed over HTTPS. +- U2F and Yubi OTP support multiple keys per user. +- As the third TFA method mailcow uses TOTP: time-based one-time passwords. Those psaswords can be generated with apps like "Google Authenticator" after initially scanning a QR code or entering the given secret manually. As administrator you are able to temporary disable a domain administrators TFA login until they successfully logged in.