diff --git a/.github/workflows/check_if_support_labeled.yml b/.github/workflows/check_if_support_labeled.yml new file mode 100644 index 00000000..87d93ecb --- /dev/null +++ b/.github/workflows/check_if_support_labeled.yml @@ -0,0 +1,37 @@ +name: Check if labeled support, if so send message and close issue +on: + issues: + types: + - labeled +jobs: + add-comment: + if: github.event.label.name == 'support' + runs-on: ubuntu-latest + permissions: + issues: write + steps: + - name: Add comment + run: gh issue comment "$NUMBER" --body "$BODY" + env: + GH_TOKEN: ${{ secrets.SUPPORTISSUES_ACTION_PAT }} + GH_REPO: ${{ github.repository }} + NUMBER: ${{ github.event.issue.number }} + BODY: | + **THIS IS A AUTOMATED MESSAGE!** + + It seems your issue is not a bug. + Therefore we highly advise you to get support! + + You can get support either by: + - ordering a paid [support contract at Servercow](https://www.servercow.de/mailcow?lang=en#support/) (Directly from the developers) or + - using the [community forum](https://community.mailcow.email) (**Based on volunteers! NO guaranteed answer**) or + - using the [Telegram support channel](https://t.me/mailcow) (**Based on volunteers! NO guaranteed answer**) + + This issue will be closed. If you think your reported issue is not a support case feel free to comment above and if so the issue will reopened. + + - name: Close issue + env: + GH_TOKEN: ${{ secrets.SUPPORTISSUES_ACTION_PAT }} + GH_REPO: ${{ github.repository }} + NUMBER: ${{ github.event.issue.number }} + run: gh issue close "$NUMBER" -r "not planned" \ No newline at end of file diff --git a/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf b/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf index f7fc20b7..51992895 100644 --- a/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf +++ b/data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf @@ -7,6 +7,7 @@ options { use_fqdn(no); owner("root"); group("adm"); perm(0640); stats(freq(0)); + keep_timestamp(no); bad_hostname("^gconfd$"); }; source s_dgram { diff --git a/data/Dockerfiles/dovecot/syslog-ng.conf b/data/Dockerfiles/dovecot/syslog-ng.conf index fcc13587..3e929e7b 100644 --- a/data/Dockerfiles/dovecot/syslog-ng.conf +++ b/data/Dockerfiles/dovecot/syslog-ng.conf @@ -7,6 +7,7 @@ options { use_fqdn(no); owner("root"); group("adm"); perm(0640); stats(freq(0)); + keep_timestamp(no); bad_hostname("^gconfd$"); }; source s_dgram { diff --git a/data/Dockerfiles/netfilter/main.py b/data/Dockerfiles/netfilter/main.py index f4acd461..62e0dda7 100644 --- a/data/Dockerfiles/netfilter/main.py +++ b/data/Dockerfiles/netfilter/main.py @@ -395,7 +395,7 @@ if __name__ == '__main__': signal.signal(signal.SIGTERM, sigterm_quit) # init Logger - logger = Logger(None) + logger = Logger() # init backend backend = sys.argv[1] @@ -437,7 +437,7 @@ if __name__ == '__main__': time.sleep(3) else: break - Logger.r = r + logger.set_redis(r) # rename fail2ban to netfilter if r.exists('F2B_LOG'): diff --git a/data/Dockerfiles/netfilter/modules/Logger.py b/data/Dockerfiles/netfilter/modules/Logger.py index 2a40de0c..25562965 100644 --- a/data/Dockerfiles/netfilter/modules/Logger.py +++ b/data/Dockerfiles/netfilter/modules/Logger.py @@ -2,7 +2,10 @@ import time import json class Logger: - def __init__(self, redis): + def __init__(self): + self.r = None + + def set_redis(self, redis): self.r = redis def log(self, priority, message): @@ -10,7 +13,7 @@ class Logger: tolog['time'] = int(round(time.time())) tolog['priority'] = priority tolog['message'] = message - if self.r: + if self.r is not None: self.r.lpush('NETFILTER_LOG', json.dumps(tolog, ensure_ascii=False)) print(message) diff --git a/data/Dockerfiles/netfilter/modules/NFTables.py b/data/Dockerfiles/netfilter/modules/NFTables.py index e8e02c47..4cb0110a 100644 --- a/data/Dockerfiles/netfilter/modules/NFTables.py +++ b/data/Dockerfiles/netfilter/modules/NFTables.py @@ -41,6 +41,7 @@ class NFTables: exit_code = 2 if chain_position > 0: + chain_position += 1 self.logger.logCrit(f'MAILCOW target is in position {chain_position} in the {filter_table} {chain} table, restarting container to fix it...') err = True exit_code = 2 @@ -309,8 +310,8 @@ class NFTables: rule_handle = rule["handle"] break - dest_net = ipaddress.ip_network(source_address) - target_net = ipaddress.ip_network(snat_target) + dest_net = ipaddress.ip_network(source_address, strict=False) + target_net = ipaddress.ip_network(snat_target, strict=False) if rule_found: saddr_ip = rule["expr"][0]["match"]["right"]["prefix"]["addr"] @@ -321,9 +322,9 @@ class NFTables: target_ip = rule["expr"][3]["snat"]["addr"] - saddr_net = ipaddress.ip_network(saddr_ip + '/' + str(saddr_len)) - daddr_net = ipaddress.ip_network(daddr_ip + '/' + str(daddr_len)) - current_target_net = ipaddress.ip_network(target_ip) + saddr_net = ipaddress.ip_network(saddr_ip + '/' + str(saddr_len), strict=False) + daddr_net = ipaddress.ip_network(daddr_ip + '/' + str(daddr_len), strict=False) + current_target_net = ipaddress.ip_network(target_ip, strict=False) match = all(( dest_net == saddr_net, @@ -417,7 +418,7 @@ class NFTables: json_command = self.get_base_dict() expr_opt = [] - ipaddr_net = ipaddress.ip_network(ipaddr) + ipaddr_net = ipaddress.ip_network(ipaddr, strict=False) right_dict = {'prefix': {'addr': str(ipaddr_net.network_address), 'len': int(ipaddr_net.prefixlen) } } left_dict = {'payload': {'protocol': _family, 'field': 'saddr'} } @@ -466,7 +467,7 @@ class NFTables: current_rule_net = ipaddress.ip_network(current_rule_ip) # ip to ban - candidate_net = ipaddress.ip_network(ipaddr) + candidate_net = ipaddress.ip_network(ipaddr, strict=False) if current_rule_net == candidate_net: rule_handle = _object["rule"]["handle"] diff --git a/data/Dockerfiles/sogo/Dockerfile b/data/Dockerfiles/sogo/Dockerfile index a4601c40..59fc6680 100644 --- a/data/Dockerfiles/sogo/Dockerfile +++ b/data/Dockerfiles/sogo/Dockerfile @@ -1,8 +1,8 @@ -FROM debian:bookworm-slim +FROM debian:bullseye-slim LABEL maintainer "The Infrastructure Company GmbH GmbH " ARG DEBIAN_FRONTEND=noninteractive -ARG DEBIAN_VERSION=bookworm +ARG DEBIAN_VERSION=bullseye ARG SOGO_DEBIAN_REPOSITORY=http://www.axis.cz/linux/debian # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced extractVersion=^(?.*)$ ARG GOSU_VERSION=1.17 diff --git a/data/Dockerfiles/unbound/Dockerfile b/data/Dockerfiles/unbound/Dockerfile index f56cbc6e..3090895b 100644 --- a/data/Dockerfiles/unbound/Dockerfile +++ b/data/Dockerfiles/unbound/Dockerfile @@ -5,7 +5,6 @@ LABEL maintainer "The Infrastructure Company GmbH GmbH " RUN apk add --update --no-cache \ curl \ bind-tools \ - netcat-openbsd \ unbound \ bash \ openssl \ @@ -20,10 +19,10 @@ EXPOSE 53/udp 53/tcp COPY docker-entrypoint.sh /docker-entrypoint.sh -# healthcheck (nslookup) +# healthcheck (dig, ping) COPY healthcheck.sh /healthcheck.sh RUN chmod +x /healthcheck.sh -HEALTHCHECK --interval=5s --timeout=30s CMD [ "/healthcheck.sh" ] +HEALTHCHECK --interval=30s --timeout=30s CMD [ "/healthcheck.sh" ] ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/data/Dockerfiles/unbound/healthcheck.sh b/data/Dockerfiles/unbound/healthcheck.sh index a96eaab4..8da79bd7 100644 --- a/data/Dockerfiles/unbound/healthcheck.sh +++ b/data/Dockerfiles/unbound/healthcheck.sh @@ -50,27 +50,6 @@ function check_dns() { } -# Simple Netcat Check to connect to common webports -function check_netcat() { - declare -a domains=("mailcow.email" "github.com" "hub.docker.com") - declare -a ports=("80" "443") - - for domain in "${domains[@]}" ; do - for port in "${ports[@]}" ; do - nc -z -w 2 $domain $port - if [ $? -ne 0 ]; then - log_to_file "Healthcheck: Could not reach $domain on Port $port... Gave up!" - log_to_file "Please check your internet connection or firewall rules to fix this error." - return 1 - fi - done - done - - log_to_file "Healthcheck: Netcat Checks WORKING properly!" - return 0 - -} - if [[ ${SKIP_UNBOUND_HEALTHCHECK} == "y" ]]; then log_to_file "Healthcheck: ALL CHECKS WERE SKIPPED! Unbound is healthy!" exit 0 @@ -89,11 +68,5 @@ if [ $? -ne 0 ]; then exit 1 fi -check_netcat - -if [ $? -ne 0 ]; then - exit 1 -fi - log_to_file "Healthcheck: ALL CHECKS WERE SUCCESSFUL! Unbound is healthy!" exit 0 \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 26a224b5..df545c15 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ version: '2.1' services: unbound-mailcow: - image: mailcow/unbound:1.20 + image: mailcow/unbound:1.21 environment: - TZ=${TZ} - SKIP_UNBOUND_HEALTHCHECK=${SKIP_UNBOUND_HEALTHCHECK:-n} @@ -175,7 +175,7 @@ services: - phpfpm sogo-mailcow: - image: mailcow/sogo:1.122 + image: mailcow/sogo:1.122.1 environment: - DBNAME=${DBNAME} - DBUSER=${DBUSER} @@ -222,7 +222,7 @@ services: - sogo dovecot-mailcow: - image: mailcow/dovecot:1.28.1 + image: mailcow/dovecot:1.28.2 depends_on: - mysql-mailcow - netfilter-mailcow @@ -441,7 +441,7 @@ services: - acme netfilter-mailcow: - image: mailcow/netfilter:1.56 + image: mailcow/netfilter:1.57 stop_grace_period: 30s restart: always privileged: true