diff --git a/data/Dockerfiles/postfix/Dockerfile b/data/Dockerfiles/postfix/Dockerfile index 07ab8949..4a894fd4 100644 --- a/data/Dockerfiles/postfix/Dockerfile +++ b/data/Dockerfiles/postfix/Dockerfile @@ -33,6 +33,7 @@ RUN groupadd -g 102 postfix \ syslog-ng-core \ syslog-ng-mod-redis \ tzdata \ + whois \ && rm -rf /var/lib/apt/lists/* \ && touch /etc/default/locale \ && printf '#!/bin/bash\n/usr/sbin/postconf -c /opt/postfix/conf "$@"' > /usr/local/sbin/postconf \ diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh index 56f37a03..b1c575c3 100755 --- a/data/Dockerfiles/postfix/postfix.sh +++ b/data/Dockerfiles/postfix/postfix.sh @@ -394,6 +394,8 @@ query = SELECT goto FROM spamalias EOF if [ -n "$SPAMHAUS_DQS_KEY" ]; then + echo "Detected SPAMHAUS_DQS_KEY variable from mailcow.conf..." + echo "Using DQS Blocklists from Spamhaus!" cat < /opt/postfix/conf/dns_blocklists.cf # Autogenerated by mailcow postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2 @@ -426,6 +428,39 @@ if [ -n "$SPAMHAUS_DQS_KEY" ]; then EOF else + if curl -s http://fuzzy.mailcow.email/asn_list.txt | grep $(whois -h whois.radb.net $(curl -s http://ipv4.mailcow.email) | grep -i origin | tr -s " " | cut -d " " -f2 | head -1) > /dev/null; then + echo "The AS of your IP is listed as a banned AS from Spamhaus!" + echo "No SPAMHAUS_DQS_KEY found... Skipping Spamhaus blocklists entirely!" + cat < /opt/postfix/conf/dns_blocklists.cf + # Autogenerated by mailcow + postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2 + hostkarma.junkemailfilter.com=127.0.0.1*-2 + list.dnswl.org=127.0.[0..255].0*-2 + list.dnswl.org=127.0.[0..255].1*-4 + list.dnswl.org=127.0.[0..255].2*-6 + list.dnswl.org=127.0.[0..255].3*-8 + ix.dnsbl.manitu.net*2 + bl.spamcop.net*2 + bl.suomispam.net*2 + hostkarma.junkemailfilter.com=127.0.0.2*3 + hostkarma.junkemailfilter.com=127.0.0.4*2 + hostkarma.junkemailfilter.com=127.0.1.2*1 + backscatter.spameatingmonkey.net*2 + bl.ipv6.spameatingmonkey.net*2 + bl.spameatingmonkey.net*2 + b.barracudacentral.org=127.0.0.2*7 + bl.mailspike.net=127.0.0.2*5 + bl.mailspike.net=127.0.0.[10;11;12]*4 + dnsbl.sorbs.net=127.0.0.10*8 + dnsbl.sorbs.net=127.0.0.5*6 + dnsbl.sorbs.net=127.0.0.7*3 + dnsbl.sorbs.net=127.0.0.8*2 + dnsbl.sorbs.net=127.0.0.6*2 + dnsbl.sorbs.net=127.0.0.9*2 +EOF + else + echo "The AS of your IP is NOT listed as a banned AS from Spamhaus!" + echo "Using the open Spamhaus blocklists." cat < /opt/postfix/conf/dns_blocklists.cf # Autogenerated by mailcow postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2 @@ -457,6 +492,7 @@ else zen.spamhaus.org=127.0.0.3*4 zen.spamhaus.org=127.0.0.2*3 EOF + fi fi sed -i '/User overrides/q' /opt/postfix/conf/main.cf diff --git a/docker-compose.yml b/docker-compose.yml index a5a8f95b..4ed11533 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -296,7 +296,7 @@ services: - dovecot postfix-mailcow: - image: mailcow/postfix:1.68 + image: mailcow/postfix:1.69 depends_on: - mysql-mailcow volumes: @@ -316,6 +316,7 @@ services: - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-} - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-} - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME} + - SPAMHAUS_DQS_KEY=${SPAMHAUS_DQS_KEY:-} cap_add: - NET_BIND_SERVICE ports: diff --git a/update.sh b/update.sh index be96f4f8..23c25bec 100755 --- a/update.sh +++ b/update.sh @@ -256,18 +256,20 @@ fi } detect_bad_asn() { - if curl -s http://fuzzy.mailcow.email/asn_list.txt | grep $(whois -h whois.radb.net $(curl -s http://ipv4.mailcow.email) | grep -i origin | tr -s " " | cut -d " " -f2 | head -1); then + if curl -s http://fuzzy.mailcow.email/asn_list.txt | grep $(whois -h whois.radb.net $(curl -s http://ipv4.mailcow.email) | grep -i origin | tr -s " " | cut -d " " -f2 | head -1) > /dev/null ; then if [ -z "$SPAMHAUS_DQS_KEY" ]; then - echo -e "\e[31mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS blocklists for Postfix." - echo -e "\e[31mmailcow did not detected a value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf!" + echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m" + echo -e "\e[33mmailcow did not detected a value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf!\e[0m" + sleep 2 + echo "" + echo -e "\e[33mTo use the Spamhaus DNS Blocklists again, you will need to create a FREE account for their Data Query Service (DQS) at: https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account\e[0m" + echo -e "\e[33mOnce done, enter your DQS API key in mailcow.conf and mailcow will do the rest for you!\e[0m" echo "" - echo -e "\e[31mTo use the Spamhaus DNS Blocklists again, you will need to create a FREE account for their Data Query Service (DQS) at: https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account" - echo -e "\e[31mOnce done, enter your DQS API key in mailcow.conf and mailcow will do the rest for you!" sleep 2 else - echo -e "\e[31mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS blocklists for Postfix." - echo -e "\e[33mmailcow detected a Value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf. Postfix will use DQS with the given API key..." + echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m" + echo -e "\e[32mmailcow detected a Value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf. Postfix will use DQS with the given API key...\e[0m" fi fi }