Commit Graph

1019 Commits

Author SHA1 Message Date
andryyy
af46a93e76
[Postfix] Remove authed user from header 2019-06-01 22:14:48 +02:00
andryyy
dcacf85a5d
[Dovecot] Rename sieve_after to global_sieve_after and create a global_sieve_before file 2019-06-01 13:53:24 +02:00
andryyy
aaf0d521a2
[Postfix] Add UA header check, not enabled by default 2019-06-01 08:29:53 +02:00
andryyy
395f0f7a3d
[Rspamd] Remove authenticated user from auth results header
[Dovecot] Fix permissions of console
[Compose] New Dovecot image
2019-05-29 18:02:14 +02:00
andryyy
2757c6b5fe
[Postfix] Do not allow DSN for postscreen 2019-05-27 19:32:41 +02:00
andryyy
ba14f0f113
[Rspamd] Fix spoofing detection 2019-05-20 15:14:42 +02:00
andryyy
1f365f5cff
[Dovecot] Remove shared namespace 2019-05-18 23:01:23 +02:00
andryyy
3ffa7e1f33
[Rspamd] Add SIEVE_HOST map and skip spoof check for these IPs 2019-05-18 22:44:06 +02:00
andryyy
45359bb6cf
[Rspamd] Do not apply SPOOFED_UNAUTH on ARC_ALLOW
[Dovecot] Set sieve_redirect_envelope_from to rcpt
2019-05-18 09:18:00 +02:00
andryyy
5c07cca529
[Rspamd] Change spoofed mail handling 2019-05-09 11:48:38 +02:00
andryyy
456e92c830
[Rspamd] Set to to_ip to_ip_from rate buckets to 100 / 1s 2019-05-09 11:32:16 +02:00
André Peters
61433a4488
Merge pull request #2541 from sriccio/master
Allow to easily add custom plugins to rspamd
2019-05-05 22:33:32 +02:00
andryyy
28c8c53a6e
[Rspamd] meta_exporter: return false if not matched
[Compose] Update Dovecot image
2019-05-01 22:50:38 +02:00
Howaner
17918b3e21 Added domain alias handling to quarantine mails and added recipients row to quarantine mail display
If a mail is sent to a domain alias domain and rejected, mailcow does not currently store the mail in quarantine.
This commit adds domain alias handling to the reject code and should fix this behavior.

Also added displaying of recipient addresses into the quarantine mail dialog to be able to see what mail address was "leaked".
2019-05-01 00:56:12 +02:00
andryyy
91af3d5c5a
[Rspamd] Much higher scores for DMARC failures 2019-04-30 14:00:47 +02:00
andryyy
9b303dcc0e
[Dovecot] Set default_vsz_limit = 1024 M
[Web] Form cache for user passwd change modal disabled
2019-04-24 14:46:45 +02:00
sriccio
ef5cf81308 [rspamd] Allow to easily use custom rspamd lua plugins
Since rspamd 1.9.2 we'll be able to load custom modules from plugins.d
directory.

This allow to add and configure plugins easily from the
data/conf/rspamd/plugins.d

Also loading config for custom plugins need rspamd.conf.local or
optionally rspamd.conf.override.

I added support for this in the docker-compose.yml

Idea came while i was writing a custom plugin for Cyren antispam
gateway, which can be found here: https://github.com/sriccio/rspamd-plugins
2019-04-17 10:36:39 +02:00
andryyy
9f00d956f1 [Rspamd] Improve spoofing detection 2019-04-14 20:37:38 +02:00
andryyy
c8047b9555 [Web] Change session timeout handling
[Rspamd] Add missing spamassassin.conf
2019-04-14 13:01:47 +02:00
andryyy
fae34b8a89
I'm an idiot 2019-04-01 22:52:45 +02:00
andryyy
bb12ce9edc
[Nginx] Fix site when ALLOW_ADMIN_EMAIL_LOGIN=y and reverse proxy is used, fixes #2489 2019-04-01 22:46:13 +02:00
Marcel Hofer
7d2289c3a7 Merge branch 'master' into admin-login
# Conflicts:
#	data/web/js/site/mailbox.js
2019-03-23 21:17:02 +01:00
andryyy
4aae72779a
[Dovecot] Remove auth cache 2019-03-18 14:15:02 +01:00
André Peters
3d8a46357b
Merge branch 'master' into admin-login 2019-03-18 02:03:59 +01:00
andryyy
d8e356f590
[SOGo] Revert to previous settings 2019-03-18 01:36:32 +01:00
andryyy
a614d64615
[SOGo] Adjust sync parameters, revert if you run into problems! 2019-03-14 08:59:24 +01:00
andryyy
d449984a66 Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2019-03-12 23:39:57 +01:00
andryyy
fc63661fbd
[Solr] Change default configset before bootstrapping
[Solr] Bootstrap cannot be omitted and must occur before mounting the data directory
2019-03-12 23:15:26 +01:00
André Peters
70c424caa2
[Web] Fix rejected mails not being quarantized properly if they are tagged 2019-03-12 11:26:33 +01:00
andryyy
1c3daedc39
[Rspamd] Remove headers var from dyn maps 2019-03-12 01:28:04 +01:00
Aaron Larisch
40a826a347 Fix rejected mails not being quarantized properly if they are tagged 2019-03-11 15:31:21 +01:00
Robert Christian
4bbb6d78e3
fix solr query ngram 2019-03-10 17:20:46 +01:00
André Peters
ae19d81f2d
Merge branch 'master' into admin-login 2019-03-10 10:38:42 +01:00
André Peters
216451ed43
Merge branch 'master' into admin-login 2019-03-10 09:51:12 +01:00
andryyy
0a1e71f7ec
[Dovecot] Use dovecot-fts core 2019-03-10 09:40:31 +01:00
andryyy
c7c115d63a
[Solr] Use fixed, recommended schema but add EdgeNGramFilterFactory 2019-03-10 09:40:04 +01:00
andryyy
2443e956eb
[Rspamd] Remove buggy last-modified check 2019-03-08 12:43:05 +01:00
andryyy
d124fa1d5b
[Rspamd] Check if filterconf table was changed and return Last-Modified accordingly 2019-03-07 11:44:38 +01:00
andryyy
e04e15ed23
[Rspamd] Mime from and rcpt can now be checked by from_mime and rcpt_mime 2019-03-07 00:07:11 +01:00
andryyy
c792bbcbab
[Rspamd] make upstream an object 2019-03-07 00:05:55 +01:00
andryyy
bb065dbc22
[Rspamd] Add fuzzy worker with worker-fuzzy.inc 2019-03-06 15:14:25 +01:00
andryyy
9abbe7eb1d
[Postfix] Mandatory protocol for authenticated clients over 587/tcp and 465/tcp is now TLSv1.0+ (reverts previous protocol change for authenticated users only)
[Postfix] Force route localhost$ over local:
2019-03-06 15:09:28 +01:00
andryyy
6dc5318673
[Rspamd] Delete rspamd.conf.local 2019-03-06 15:08:18 +01:00
andryyy
4d32eb49ee
[Dovecot] Revert to TLS1+ 2019-03-04 17:57:44 +01:00
andryyy
0375703198
[Postfix] Fix mandatory encryption protocols and always require at least TLS 1.2 for LMTP 2019-03-03 12:11:39 +01:00
andryyy
eccf3ff4da
[Postfix] Mandatory encryption protocol is now min. TLS 1.2 2019-03-03 12:09:10 +01:00
andryyy
69f54b99a1
[Dovecot] ssl_min_protocol is now TLS 1.2 2019-03-03 12:08:26 +01:00
Marcel Hofer
a110378000 always check basic auth against user database for EAS and SOGo if ALLOW_ADMIN_EMAIL_LOGIN is enabled 2019-02-27 23:06:19 +01:00
andryyy
38911034c3
Don't break DAV 2019-02-26 22:13:37 +01:00
andryyy
ae512018a8
[Postfix] Remove sasl requiring policies from port 25 2019-02-26 21:37:08 +01:00
Marcel Hofer
dd6d253ac0 add random masterpass for sogo admin login
add required headers for sogo proxy auth with password
add SOGoEncryptionKey
add SOGoTrustProxyAuthentication only conditionally if feature is enabled
2019-02-26 09:02:35 +01:00
andryyy
b0584b7699
[Dovecot] Remove vacation-seconds from global-only 2019-02-25 10:22:00 +01:00
andryyy
57312ad605
[Compose] Add ALLOW_ADMIN_EMAIL_LOGIN to sogo-mailcow to trigger bootstrap on change
[Compose] Static IPv4 for Dovecot
[SOGo] Remove SOGoIMAPServer from sogo.conf
[SOGo] Add SOGoIMAPServer to bootstrap process
[Nginx] Disallow editAccount for other accounts than 0 (own)
2019-02-25 00:00:32 +01:00
André Peters
298a8d24e9
Merge pull request #2360 from mhofer117/allow-admin-email-login
Allow admins to login as email user (without any password)
2019-02-24 18:49:13 +01:00
andryyy
108e808d06
[Rspamd] Reduce SOGO_CONTACT score to -99 2019-02-23 23:46:01 +01:00
André Peters
9a9079baa5
Update sogo.auth_request.template.sh 2019-02-23 22:29:14 +01:00
André Peters
0c8f217f49
Update sogo.auth_request.template.sh
Don't want to split hairs! Just consistency. :)
2019-02-23 22:20:09 +01:00
Marcel Hofer
cac67db203 add config ALLOW_ADMIN_EMAIL_LOGIN and implement password-less SOGo login admins 2019-02-23 17:59:18 +01:00
andryyy
28a3f5ca8c
[Dovecot] Add flags and notify to sieve_extensions 2019-02-22 18:25:35 +01:00
andryyy
1092d98499
[Dovecot] Enable sieve vacation seconds not just for global scripts 2019-02-22 10:52:18 +01:00
andryyy
02b015a359
[Rspamd] Lower history nrows 2019-02-14 11:11:20 +01:00
eXtremeSHOK
260421448d
Update clamd.conf
AlertOLE2Macros, default should be set to NO

With this option enabled OLE2 files containing VBA macros, which were NOT detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".

This causes most microsoft office document files which contains macros to be blocked. Majority of corporate documents mailed contain macros. When the option is set to NO, emails are still checked for known malicious macros.

Due to any message failing clamav being set to a 2000 score, this causes all legitimate emails with harmless macros to be blocked.

The default for debian/ubuntu is to set this to NO
cPanel, iredmail, etc all have this option set to NO
2019-02-13 09:50:29 +02:00
andryyy
5efdf71120
[Nginx] Add qhandler rewrite
[Web] Move theme header include, fixes #2267
2019-02-06 10:14:56 +01:00
andryyy
c57a544c52
[Postfix] Disable auth on port 25 2019-02-05 10:35:32 +01:00
andryyy
7a96516fad Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2019-02-05 00:05:00 +01:00
andryyy
6f478ed2a3
[Rspamd] Set history lines to 10000 2019-02-05 00:02:56 +01:00
andryyy
aa1e03476d
[Dovecot] Enable quota notifications 2019-02-04 23:59:31 +01:00
Tobias "Knight" S
c06e4c81cf
Enable TLSv1.3 finally
With Alpine 3.9 https://pkgs.alpinelinux.org/package/v3.9/main/x86/openssl we got OpenSSL 1.1.1a. 
With https://github.com/docker-library/official-images/pull/5377 it was merged into the Nginx upstream image and thus Nginx was built with it.
2019-02-01 01:04:13 +01:00
andryyy
6ad8798d5c [Nginx] Compress some files, don't compress proxy answers 2019-01-31 17:07:49 +01:00
andryyy
14901eed64
[Nginx] Remove broken locations 2019-01-31 15:58:35 +01:00
andryyy
60f9968134
[Nginx] Add compression, change expires 2019-01-31 15:45:57 +01:00
andryyy
b3f84d2c78
[Dovecot] Remove break-imap-search (it is a default setting) 2019-01-29 13:25:35 +01:00
andryyy
8da54e5194
[Rspamd] Split global wl from to mime-from and smtp-from 2019-01-29 12:11:10 +01:00
andryyy
07392b7437
[Watchdog] Use stackoverflow.com for DNS check
[Git] Ignore mail_plugins*
[Dovecot] Read mail_plugins from dynamically generated file
[Dovecot] Encrypt FTS
[Dovecot] Add break_imap_seach option to Solr
[Web] Add ability to send quarantine notification mails
[Web] Minor style fixes
[Web] Add new MAILBOX_DEFAULT_ATTRIBUTES (doc updates, anyone? :-( )
[Web] Use rcpt_smtp if rcpt_mime is not set
[Web] Other minor fixes
2019-01-29 00:20:39 +01:00
andryyy
d6efc2fcd3
[Rspamd] Fix metadata_exporter
[Web] Show subjet in quarantine
[Compose] Update Rspamd image
2019-01-17 22:00:18 +01:00
andryyy
2e8bd8b3c4
[Dovecot] Add czech folder names to namespace 2019-01-16 23:47:15 +01:00
andryyy
a2b52e0969
[Dovecot] Use Solr for LMTP 2019-01-16 22:19:40 +01:00
André Peters
f3dfe346bf [Dovecot] Allow setting ACL_ANYONE in mailcow.conf 2019-01-16 19:08:19 +01:00
Aiko Appeldorn
4c176d3833 [rspamd] increased values for SPF, DKIM reject 2019-01-15 18:54:05 +01:00
andryyy
17222eac94
[Rspamd] Set max_size for AV
[Rspamd] Set higher/lower scores for local fuzzy matches
2019-01-13 23:02:09 +01:00
Michael Kuron
2b0065d5ab
Do not apply SOGO_CONTACT for hard SPF failures
Fixes #1983 more completely
2019-01-13 10:28:21 +01:00
andryyy
fc1c2dc87b
[ClamAV] Do not log twice 2019-01-12 08:56:02 +01:00
André Peters
a520293461
[Dovecot] Add more special_use folder names 2019-01-09 18:10:36 +01:00
andryyy
94d7952802
[Rspamd] Scan the whole message to be able to trigger Sanesecurity rules
[Rspamd] Increase add_header and greylist score
2019-01-08 13:00:56 +01:00
andryyy
2baf407331
[Rspamd] preg_quote filter objects, only translate * to .* - fixes #2152 2019-01-08 12:58:27 +01:00
andryyy
e42afa39a8
[ClamAV] Update to 0.101.1 (based on Debian to fix some errors)
[ClamAV] Some config values are deprecated and were replaced
2019-01-08 12:54:33 +01:00
Markus Heberling
9750ec5bec
Merge branch 'master' into master 2019-01-01 14:20:22 +01:00
andryyy
b3896d464c [SOGo] Remove old js file 2018-12-23 17:12:14 +01:00
andryyy
e84dec3b56 [SOGo] Revert self-built SOGo 2018-12-21 19:54:32 +01:00
andryyy
ad90496169 [SOGo] Add logo to config dir
[Web] Add missing lang strings for transport maps
2018-12-20 19:02:47 +01:00
andryyy
bcd6e43665 [Postfix] Remove verbose flag from smtp service 2018-12-19 12:16:36 +01:00
andryyy
cd72a4e18b [Postfix] Split SASL passwd maps
[Postfix] create new smtp service to skip sender-dependent SASL map
[Postfix] Hard-bounce on SASL errors
2018-12-19 09:40:08 +01:00
andryyy
534e83a218 [Nginx] New WebServerResources path 2018-12-19 09:37:07 +01:00
andryyy
ed763cd668 [Rspamd] Use meta exporter to pipe meta data of ratelimited msg to Redis 2018-12-15 21:23:42 +01:00
andryyy
e7427eddf3 [Rspamd] Updated values of default ratelimit settings, add info_symbol 2018-12-15 21:22:59 +01:00
andryyy
497b6a39de [Postfix] Add missing regexp map, fixes #2083 2018-12-11 17:16:53 +01:00
Markus Heberling
4755bb323b Allow setting ACL_ANYONE in the configuration 2018-12-11 11:32:36 +01:00
andryyy
9b1f51ae3f [Git] Add allow_mailcow_local.regexp and dovecot-master.userdb 2018-12-10 23:26:28 +01:00
andryyy
9b720bb07a [Dovecot] Add master user to userdb (to be used in SOGo) 2018-12-10 23:25:37 +01:00
andryyy
fa3525e2dd [SOGo] Enable EMailAlarms 2018-12-10 23:24:49 +01:00
andryyy
3a39937baf [Rspamd] Do not apply SOGO_CONTACT for SPF fails and when sending from whitelisted host 2018-12-10 13:26:18 +01:00
andryyy
e43c696204 [Rspamd] Remove SOGO_CONTACT for header from 2018-12-10 13:25:38 +01:00
andryyy
c2d413bff4 [MySQL] Remove deprecated values for future use of MariaDB 10.3 2018-12-10 13:23:02 +01:00
andryyy
fe95852f45 [Dovecot] Increate proc limit and default client limit 2018-12-06 16:47:41 +01:00
andryyy
968f6f4157 [Rspamd] use boolean for one_shot, fixes #2066 2018-12-04 08:31:56 +01:00
andryyy
e02c51b1d1 [Rspamd] Fix examples for global white/blacklist 2018-11-29 21:51:09 +01:00
root
d445d7d2e7 [Web] Allow actions in quarantine modal, fixes #1991
[Web] Fixes for Source Sans Pro font
[Rspamd] Add global rcpt blacklist and whitelist
[Compose] New Rspamd image
2018-11-27 10:20:42 +01:00
andryyy
113c6fe018 Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2018-11-26 10:41:44 +01:00
andryyy
f76c3ee7f3 [Dovecot] Unsupported examples for IMAP auth via LDAP
[Rspamd] Globel whitelist/blacklist from via multimap
2018-11-26 09:06:51 +01:00
André Peters
a13c2c9359
Merge pull request #1949 from patschi/patch-1
[Postfix] Security: Prefer server-side ciphers
2018-11-22 12:59:06 +01:00
Max
822175f20a
Outlook-Folder-Alias 2018-11-14 22:18:02 +01:00
andryyy
224a5ebd9a [Dovecot] Enable mail_log (events: delete undelete expunge copy mailbox_delete mailbox_rename)
[Dovecot] Increase vsz_limit for some services to 1 G
[Dovecot] Enable auth_cache
2018-11-12 21:00:39 +01:00
andryyy
1d9f820b02 [SOGo] Include custom-sogo.js to dynamically add JS to SOGo, increase textarea font of CKeditor by default 2018-11-12 09:59:49 +01:00
andryyy
869e01a9a7 [Rspamd] Add fuzzy hash to msg 2018-11-12 09:57:25 +01:00
andryyy
4f7f493490 [Rspamd] Add SOGo contacts to whitelist 2018-11-12 09:56:54 +01:00
andryyy
e6625501e7 [Nginx] Remove Strict-Transport-Security for subdomains (prevented autoconfig from working without TLS) 2018-11-12 09:53:18 +01:00
andryyy
159c36b531 [Dovecot] Create crypted mail_attachment_fs to store attachments with a min size of 128k
[Dovecot] Shared location to "auto:" to auto-detect legacy mailbox formats across shared mailboxes
[Dovecot] Create config service for crypted mail_attachment_fs
2018-11-12 09:52:12 +01:00
Michael Kuron
4ee546c04a
Reduce rspamd DNS timeout
Fixes #1957
2018-10-29 19:55:24 +01:00
andryyy
f92b20c9ad [Rspamd] Change log level to silent (see docs) 2018-10-27 13:55:55 +02:00
andryyy
af5ce48e8d [ClamAV] Remove AllowSupplementaryGroups from freshclam.conf (deprecated) 2018-10-27 13:24:14 +02:00
andryyy
bf71f9b600 [Postfix] Add tls_preempt_cipherlist to SMTPS 2018-10-27 13:22:29 +02:00
andryyy
42fe16250b [Rspamd] Adjust default values for (perm) failures of DKIM and SPF 2018-10-26 20:04:41 +02:00
Patrik Kernstock
1dc9d3fa27
[Postfix] Security: Prefer server-side ciphers
Prefer server-side ciphers to prevent client-side cipher downgrade. Already enabled in Dovecot.
2018-10-25 23:37:25 +02:00
andryyy
5f02c6006c [Postfix] Do not remove user agent 2018-10-23 23:22:43 +02:00
André
93e0206db4 [Update] Remove mailcow_anonymize_headers.pcre checks
[Postfix] Rename mailcow_anonymize_headers.pcre > anonymize_headers.pcre to prevent collisions
2018-10-23 22:57:38 +02:00
André
66d8f33aac [Postfix] Move "should not"-sign headers out of Postcow check to always remove them, fixes #1911 2018-10-23 21:55:55 +02:00
André Peters
68f2a1c5fc
[Rspamd] Properly close additional Rspamd maps 2018-10-19 11:12:58 +02:00
André
73b48fc13e [Rspamd] Remove deprecated attachments_only in AV module
[Rspamd] Remove old symbol score
2018-10-16 22:59:25 +02:00
André
51dd88abeb [Unbound] Reduce negative max ttl to 60s and min-ttl for all other keys to 5 2018-10-16 20:14:14 +02:00
André
8958449e76 [Postfix] Remove headers only when mail_name matches 2018-10-16 20:11:21 +02:00
André
d99b8aaf69 [Postfix] Change mail_name to Postcow and only replace headers when mail_name matches 2018-10-16 10:26:41 +02:00
Tobias "Knight" S
41c8a8bb46
disabling more functions inside php-fpm 2018-10-15 22:52:30 +02:00
André Peters
83a5eda762
Merge pull request #1434 from apoc4lyps/master
hardening http headers
2018-10-15 22:48:50 +02:00
André
abd0a1b337 [PHP-FPM] Disable some functions by default 2018-10-15 20:52:39 +02:00
André
a844adde0f [Postfix] Add mailcow_anonymize_headers to default config 2018-10-15 20:52:06 +02:00
André
c80fe40669 [Unbound] Do not allow from all (dangerous for setups with incorrect netfilter setups) 2018-10-12 11:35:45 +02:00
André
1fce562434 [Dovecot] Set imap_max_line_length = 2 M 2018-10-12 10:56:40 +02:00
André
3db6af5c90 [Unbound] Trust all addresses - do not expose Unbound! 2018-10-12 10:56:17 +02:00
André
32f7ae1d2e [Rspamd] Prefix quarantine error_log messages with "QUARANTINE"
[Rspamd] Fix quarantine max size check (it was ignored)
2018-10-11 11:55:52 +02:00
André
c0b590fff6 [PHP-FPM] Move max_execution_time and max_input_time to general PHP config, removed as fixed php_admin_value 2018-10-11 11:54:38 +02:00
André
c08149adef [SOGo] EAS changes, larger timeout 2018-10-05 11:12:55 +02:00
André
f6b2a6aab2 [Postfix] Enable/create smtp_tls_policy_maps 2018-10-04 14:34:34 +02:00
André
2f18eb5ad0 [Nginx] Avoid php extensions, use rewrite 2018-10-04 14:34:00 +02:00
André
b2067cb521 [SOGo] SOGoMaximumSyncWindowSize = 99 2018-10-04 14:33:32 +02:00
André
b8ebdc3c58 [Postfix] Increase default message size limit to 100 MiB 2018-10-01 22:06:20 +02:00
André
a054182246 [Rspamd] Add desc to high spam networks 2018-09-30 18:56:35 +02:00
André
cdca603ff5 [Unbound] Fix logging, fixes #585
[Rspamd] Fix permissions of controller password file
[Unbound] Enable unbound-control
2018-09-30 14:43:18 +02:00
André
b008211f52 [Rspamd] Controller password placeholder 2018-09-30 09:55:50 +02:00
André
8439daea7e [Rspamd] Revert adding worker-controller-password... 2018-09-30 09:54:19 +02:00
André
4396be2938 [Rspamd] Place socket in _rspamd home and fix permissions
[Compose] Remove volume for Rspamd socket
[Web] Do not exit loop on fuzzy errors when learning a message as spam
2018-09-30 09:53:25 +02:00
André
73b10350d0 [Rspamd] Ignore sa-rules-heinlein file, remove from index 2018-09-29 22:03:48 +02:00
André
0fb43f4916 [Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
André
c7cef3241f [Rspamd] Controller worker count == 1, fixes #1716 2018-09-12 20:32:59 +02:00
André
1b5409f3fa [Rspamd] Check if ip is valid (KEEP_SPAM symbol), fixes #1759 2018-09-12 15:50:42 +02:00
André
1499094b61 [PHP-FPM] Increase PHP memory limit for "web" to 512M
[Helper] Nextcloud 14
[Rspamd] Fix KEEP_SPAM lua script: skip check if ip is false
2018-09-11 19:35:21 +02:00
André
ea4a26eabf [Nginx] Use SOGo web resources from local mount 2018-09-09 09:51:37 +02:00
André
afc18fd469 [Rspamd] Update bad asn, move KEEP_SPAM to a custom lua function 2018-09-09 09:47:47 +02:00
André
e5b830adea [Dovecot] Fix shared namespace 2018-08-31 23:33:55 +02:00
André
6cee038a63 [Dovecot] IMPORTANT: Disables 'any' and 'all authenticated' ACL settings! See wiki how to revert this, if you need it. 2018-08-17 21:44:17 +02:00
André
d5e81b987b [Dovecot] Set from address for sieve generated addresses, fixes #1662 2018-08-13 08:31:09 +02:00
André
02e567f76b [Dovecot] Set CONTROL path for shared namespace and remove index 2018-08-08 23:59:38 +02:00
apoc4lyps
cf56be1843
set Referrer-Policy to strict-origin 2018-08-06 09:24:34 +02:00
André
d83537cda0 [ClamAV] Add whitelist template for ClamAV 2018-08-05 22:38:06 +02:00
André
66d1bc12c0 [Nginx] Set client_max_body_size = 0 2018-08-05 22:37:07 +02:00
André
b007975a04 [Rspamd] Rename -disable_monitored > disable_monitoring 2018-08-03 11:56:39 +02:00
André
59c4cc054e [Rspamd] Deactivate neural but use a more aggressive learning method (no autolearn) 2018-07-29 23:03:49 +02:00
André
d8f86ae488 [Rspamd] Add local fuzzy worker 2018-07-29 00:34:36 +02:00
André
f1b096b36e [Dovecot] Increase process_limit to 500, thanks to @mritzmann 2018-07-25 21:04:24 +02:00
André
e2ed2eab53 [Rspamd] Remove per_user settings as they were pretty much useless, some minor changes to bayes" 2018-07-25 01:06:12 +02:00
André
7de2607594 [Dovecot] Enable vacation-seconds with a default min period of 5s and a default period of 60s 2018-07-23 19:59:23 +02:00
André
a83adc4d31 [Rspamd] Remove unused user_keywords and dynamic_rates from ratelimit module 2018-07-15 12:02:37 +02:00
André
882ee5fee6 [Rspamd] Re-use fixed new ratelimit 2018-07-15 12:01:28 +02:00
André
353af8e3a4 [Rspamd] Set start and end to rcpt matching regex 2018-07-12 23:18:49 +02:00
André
587f37a300 [Dovecot] Remove additional hash scheme and let Dovecot decide the hash by prefix 2018-07-12 00:46:31 +02:00
André
2aef18d130 [Dovecot] Remove user queries from passdb + add a second passdb for additional algorithms + create userdb without password queries 2018-07-12 00:23:12 +02:00
André
1b47ae55f1 [SOGo] Set SOGoPasswordChangeEnabled = YES - allow user to change password in SOGo 2018-07-11 22:11:09 +02:00
André
fa0b351da6 [Postfix] smtpd_tls_eecdh_grade = auto 2018-07-11 22:10:32 +02:00
André
37fbce855e [Rspamd] Remove autolearn from Rspamd 2018-07-03 23:24:11 +02:00
André
d6a74e82e3 [ACME] Fix for CNAME response on AAAA dig request 2018-06-28 20:41:44 +02:00
André
9dc250c9f2 [Rspamd] Important fix for settings map 2018-06-28 11:48:23 +02:00
André Peters
bca8920679
Revert "[Postfix] Default SMTP server security grade for EECDH key exchange" 2018-06-27 23:28:54 +02:00
elcore
c386dfc11d
[Postfix] Default SMTP server security grade for EECDH key exchange 2018-06-27 03:39:54 +02:00
André
5905a3919c [Dovecot] Minor changes to ciphers, still disallow insecure ciphers 2018-06-26 07:50:17 +02:00
André
a5d40a4ab6 [Postfix] Re-enable TLS 1, 1.1 and some ciphers - real-world tests have shown this setup uses TOO MANY plain text sessions due to compatibility issues 2018-06-25 22:31:23 +02:00
André
b8973648ff [Rspamd] Disable default authenticated user ratelimit 2018-06-24 11:40:31 +02:00
André
8bb24a9866 [Rspamd] Load additional settings defined in web ui 2018-06-23 23:48:06 +02:00
André
aa6a136c1f [Dockerapi, Dovecot] Fix missing active user filter 2018-06-20 07:25:10 +02:00
André
e79429beef [PHP-FPM, Nginx] Move some PHP parameters from Nginx to FPM configuration file 2018-06-10 14:31:24 +02:00
André
27d3388579 [Rspamd] Remove antivirus debugging 2018-06-10 14:30:30 +02:00
André
f15f30d53e [Dovecot] Re-enable lz4 until 2.3.2 to verify replication fix 2018-06-08 09:09:31 +02:00
André
0a44ea1a4c [Dovecot] Lz4 compression sometimes leads to strange EOF errors when replicating
[Web] Cleanup JSON API
2018-06-05 00:31:27 +02:00
André
777e469958 [ClamAV] Remove deprecated AllowSupplementaryGroups 2018-05-30 20:28:23 +02:00
André
1b35376252 [Rspamd] Remove score for CTYPE_MIXED_BOGUS and ARC_REJECT, increase DNS timeout 2018-05-30 18:40:43 +02:00
apoc4lyps
918343865e
hardening http headers 2018-05-28 12:28:23 +02:00
Michael Kuron
ea84004410
[rspamd] fix redis multimaps in version 1.7.5
The key's value was being used as symbol name instead of the symbol name defined in the config file
2018-05-25 18:58:37 +02:00
André
1f7a5d586c [Rspamd] Remove IP, fixes #1400 2018-05-19 00:14:30 +02:00
André
8ff4eb8076 [Rspamd] Slight changes to neural plugin 2018-05-18 21:39:25 +02:00
André
7a5d3af80b [Rspamd] Slight changes to neural 2018-05-17 11:15:46 +02:00
André
5e2d19ac62 [Rspamd] Add neural module and define its scores 2018-05-16 21:26:05 +02:00
André
d167ade957 [Rspamd] Remove explict redis servers from statistic, add a name 2018-05-16 21:25:55 +02:00
André
a8d9b4359e [Dovecot] Set vszlimits for some services to prevent oom situations, fixes #1203 2018-05-12 08:52:03 +02:00
André
7f72e44dac [Rspamd] Move symbols to corresponding groups 2018-05-11 10:40:26 +02:00
André
527e790620 [Web] Store session data in Redis 2018-05-08 12:55:19 +02:00
André
4c31adaa82 [Rspamd] Ratelimit: fix attempt to index a nil value when no authenticated user is found in a message 2018-05-01 22:44:03 +02:00
André
30cea1da9a [SOGo] Increase workers count to 20
[Postfix] Add extended TLS header
[Web] Increase timeout to 10 for docker API connections
[Postfix] Add perl package
2018-04-26 14:08:45 +02:00
André
ef6644df34 [PHP-FPM] Delete old pool files
[Nginx] Remove dev code
2018-04-26 13:57:23 +02:00
André
7181ee4658 [Rspamd] Apply ratelimit against authenticated user instead of envelope from
[PHP-FPM] Create PHP-FPM listeners 9001 (system) and 9002 (web), drop 9000
[Rspamd] Parse quarantine messages as utf8
[Rspamd] Use new schema for Rspamd bayes hashes and expire them in Redis
[SOGo] Change default logo
[SOGo] Use different keyserver by default in Dockerfile
[Rspamd] Add bad ASN list (disabled by default)
[Watchdog] Change the way we check PHP-FPM, change SOGo check
[Nginx] Change ports according to new PHP-FPM listeners
[Update] Fix PHP-FPM ports for existing non-mailcow Nginx sites
2018-04-26 13:56:07 +02:00
André
f53006f6ab [Dovecot] Dovecot 2.3.1, Pigeonhole 0.5.1
[ClamAV] 0.100.0, new log method without pipes
[Compose] New images for Dovecot and ClamAV, add persistent tty to clamd-mailcow
2018-04-26 12:36:13 +02:00
Michael Kuron
ea3502f2a1
rspamd: Fix NO_LOG_STAT for everycloud monitoring 2018-04-02 19:26:15 +02:00
André Peters
8a7664f7d5 [Nginx] Add larger map bucket size, fixes 1112 2018-03-01 07:28:06 +01:00
André Peters
b255ecd62b [Dovecot] Add, but disable auth_debug 2018-02-27 20:54:46 +01:00
André Peters
6b066c2891
Merge pull request #1090 from extremeshok/patch-5
Enable maildir compression
2018-02-26 18:54:04 +01:00
André Peters
410cbf55b6
Update dovecot.conf 2018-02-26 18:53:56 +01:00
André Peters
bbbe52f560 [SOGo] Add blue (default) and red theme 2018-02-22 09:20:46 +01:00
André Peters
f3896195d4
Update worker-controller-password.inc 2018-02-22 09:19:01 +01:00
André Peters
eb4dd632ae [Web] Fix autodiscover triggering fail2ban implementation, fixes #1069 2018-02-22 09:16:16 +01:00
André Peters
da48bd721f
Merge pull request #1056 from klausenbusk/nginx-deduplicate
[Nginx] Reduce config duplication
2018-02-19 13:12:46 +01:00
André Peters
ff3328ea8c [SOGo] Use indigo theme, copy logo and theme.js to image 2018-02-19 12:56:45 +01:00
Kristian Klausen
63002cbb74 [Nginx] Reduce config duplication
It does not make sense having a seperate server block for both http
and https.
According to the nginx doc [1], using the same server block for both
should work.

[1] http://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server
2018-02-15 21:23:07 +01:00
eXtremeSHOK
1e40472017
Enable maildir compression
Currently the plugin is loaded, but actual compression is not enabled.

https://wiki.dovecot.org/Plugins/Zlib
2018-02-14 14:38:06 +02:00
André Peters
0bfd0838c2 [SOGo] Increase workers again 2018-02-14 11:26:55 +01:00
André Peters
e186e350ef [Nginx] Fixes #1033 2018-02-14 09:09:17 +01:00
André Peters
993c998716
Merge pull request #995 from Alireza2n/master
SOGO & Rspamd interface: adding "expire" header to static files, allowing browser to be able to cache them
2018-02-14 07:50:22 +01:00
André Peters
943598f705 [Nginx] Fix EAS... 2018-02-13 09:12:54 +01:00
André Peters
fb92619aac [Nginx] Fix EAS... 2018-02-13 09:12:21 +01:00
André Peters
458dfc8418 [Nginx] Remove unused file 2018-02-13 09:11:13 +01:00
André Peters
406e7ebd07 [Nginx] Fix EAS 2018-02-13 09:10:41 +01:00
André Peters
21e8edae43 [Nginx] Fix EAS 2018-02-13 09:09:41 +01:00
André Peters
63f7e5930d [Nginx] Fix EAS 2018-02-13 09:07:44 +01:00
André Peters
e85cd38945 [SOGo] SOGo refuses to bind to IPv6, so force IPv4 in proxy_pass, fixes #1006 2018-02-12 21:34:59 +01:00
André Peters
74c804b9a3 [SOGo] SOGo refuses to bind to IPv6, so force IPv4 in proxy_pass, fixes #1006 2018-02-12 21:32:49 +01:00
André Peters
5030ce7547 [Web] More and more fixes for #1017 2018-02-11 15:59:35 +01:00
André Peters
07a05b9363 [Rspamd] Enable more modules 2018-02-09 10:32:42 +01:00
André Peters
e5031accbb [Nginx] Remove auto-redirect to not break rp 2018-02-09 09:59:35 +01:00
André Peters
3a1e7b4ee1 [Nginx] Pass args when redirecting to https 2018-02-09 09:11:59 +01:00
André Peters
557fa4385c [Rspamd] Also listen on socket for internal communication 2018-02-08 22:55:34 +01:00
André Peters
a50036477e [Web] Mind was set to french, reverting to english 2018-02-08 20:13:36 +01:00
andre.peters
e8fe5282b2 [Dovecot] Inconsistent view fix 2018-02-05 21:55:37 +01:00
andre.peters
dda2768f10 [Dovecot] Enable IMAP metadata 2018-02-05 21:42:23 +01:00
Alireza
781a5eb69a Added expires directive and map to nginx, allowing browser to cache SOGO JS,CSS,WOFF files. 2018-02-02 18:38:18 +03:30
Alireza
1b898b1c7b Added expires directive and map to nginx, allowing browser to cache rspamd JS,CSS and image files. 2018-02-02 17:46:49 +03:30
Alireza
64fbc73582 Added expires directive and map to nginx, allowing browser to cache rspamd JS,CSS and image files. 2018-02-02 17:42:19 +03:30
andre.peters
d6cbe5b10a [Unbound] Fix IPv6 subnet 2018-02-01 13:37:50 +01:00
andre.peters
36cb6d288d [Rspamd] Fix IPv6 subnet 2018-02-01 13:36:24 +01:00
andre.peters
70ac65d794 [Nginx] Fix IPv6 subnet, only rewrite to HTTPS when request is not internal 2018-02-01 13:36:01 +01:00
andre.peters
03ad0f22c4 [PHP-FPM] Add bind for upload.ini 2018-01-30 09:00:34 +01:00
André Peters
4405cb3e74
Merge pull request #953 from mkuron/recipient_map
Expose Postfix's recipient_canonical_maps through web UI
2018-01-28 11:09:22 +01:00
andre.peters
1f08e9a7b7 [Postfix] Fixes #967 (assign correct local network range for mynetworks) 2018-01-27 18:13:35 +01:00
Michael Kuron
c30448c4d8 Merge branch 'master' of https://github.com/andryyy/mailcow-dockerized into recipient_map
Conflicts:
	data/web/inc/init_db.inc.php
2018-01-27 17:22:08 +01:00
andre.peters
f0bc580ceb [PHP-FPM] Fix port... 2018-01-27 12:09:25 +01:00
andre.peters
c33ec7e989 [PHP-FPM] Fix duplicate listen 2018-01-27 10:33:50 +01:00
andre.peters
c7729f195b [Rspamd] Fixes #960 2018-01-26 18:56:19 +01:00
andre.peters
7149350973 [Rspamd] Allow internal IPv6 networks 2018-01-24 08:37:49 +01:00
andre.peters
c9b3044d5d [Postfix] Allow internal IPv6 networks 2018-01-24 08:37:27 +01:00
andre.peters
7efe67daaf [ClamAV] Mount ClamAV config files 2018-01-24 08:36:56 +01:00
andre.peters
696b52b5eb [Unbound] Allow internal networks in access-control 2018-01-24 08:36:37 +01:00
andre.peters
67ddc710a7 [Nginx] Set real IP from internal networks 2018-01-24 08:36:19 +01:00
andre.peters
40a9389295 [SOGo] Reduce workers to 7 by default 2018-01-24 08:30:25 +01:00
Michael Kuron
e86565e283 Expose Postfix's recipient_canonical_maps through web UI 2018-01-23 20:02:31 +01:00
andre.peters
a50f85026a [PHP-FPM] Mount php configs into container 2018-01-21 15:00:28 +01:00
andre.peters
83a21259f7 [Rspamd] Use names instead of IPs 2018-01-21 15:00:05 +01:00
andre.peters
83fb8c0fd8 [Nginx] Use names instead of IPs 2018-01-21 14:59:45 +01:00
André Peters
5648ec6d39
Merge pull request #915 from tiirex9/master
Adds 'do nothing' as default for sub-addressing
2018-01-18 10:27:14 +01:00
andre.peters
003e6ef5cd [Web] Important fixes for quarantaine; other minor changes 2018-01-17 15:22:11 +01:00
andre.peters
0019502069 [Rspamd] Increase spam scores for SPF failures 2018-01-16 21:02:45 +01:00
andre.peters
c6bcf322ff [Rspamd] Force-add metadata_exporter 2018-01-16 18:58:29 +01:00
Tii
d58b89528f rspamd multimap redis stuff doesn't work as expected... 2018-01-16 16:31:37 +01:00
Tii
2291bdbeed Added 'do nothing' option as default for sub-addressing 2018-01-16 13:13:04 +01:00
Tii
cd2c242540 Added 'do nothing' option as default for sub-addressing 2018-01-16 12:47:59 +01:00
andre.peters
5fd3d986c7 [Rspamd] Fix settings map regex 2018-01-16 12:42:09 +01:00
andre.peters
5d5d36fc60 [Dovecot] Revert to 2.2 to fix various errors 2018-01-14 10:44:06 +01:00
andre.peters
0d8c7e446a [Dovecot] Update config to fit Dovecot 2.3 2018-01-09 11:28:12 +01:00
andre.peters
868abc15bd [Rspamd] Fix worker-controller-password placeholder 2018-01-02 18:15:33 +01:00
Amir Zarrinkafsh
65386d4ccf Included folder mapping for iOS Mail Trash folder. 2017-12-30 13:58:17 +11:00
andre.peters
eb57fce38f [Dovecot] Possibly fixes #722 2017-12-25 10:25:50 +01:00
andre.peters
ae56c3b59e Fix quarantaine 2017-12-11 10:44:46 +01:00
andre.peters
d71b6f0ad1 Add placeholder for Rspamd controller password written via UI 2017-12-11 09:41:29 +01:00
andre.peters
873222d5f8 [Rspamd] Remove DKIM forced action, move ratelimit lua, add meta exporter 2017-12-09 09:08:23 +01:00
andre.peters
c8f41cdae2 [Postfix] Listener for quarantaine, remove excluded Docker gw from mynetworks 2017-12-09 09:07:06 +01:00
andre.peters
21a677e024 [MariaDB] Move config to my.cnf, removed from yml 2017-12-09 09:06:04 +01:00
André Peters
b1855587ec
Revert exclude, bad idea 2017-12-05 20:53:45 +01:00
André
3ec3a341e4 [Postfix] Remove gw from mynetworks in case of ipv6 failures 2017-11-21 09:33:43 +01:00
André Peters
4c98cbec27
Exclude 172.22.1.1 from mynetworks
In case of v6 nat failures.
2017-11-19 18:44:18 +01:00
André
ade4b9e7ae [Postfix, Web] Feature: BCC maps 2017-11-19 15:13:43 +01:00
André
c2d9928f8f [Rspamd] Set task timeout to 12s 2017-11-10 19:58:56 +01:00
André
3873e38919 [SOGo] Use SOGoMaximumSyncResponseSize of 2048 2017-11-06 13:35:48 +01:00
André
586a0b0e05 [Dovecot] Add bindirs to cache compiled scripts, drop some privileges, run one login proc per user 2017-11-05 12:18:52 +01:00
André
b16684ce20 [Rspamd] Slightly reduce map watch interval 2017-11-03 20:26:36 +01:00
André
21e20f3786 [Dovecot] sieve_before/after maps in sql, changed dict names 2017-11-03 20:25:43 +01:00
André
f067a45bcb [SOGo] Should fix some Android sync issues 2017-11-02 09:51:58 +01:00
André
1e9bc49f2c [Rspamd] Echo dummy for fowardingshosts map; Use higher map reading interval;
[Dockerapi] Exit on sigterm;
[Watchdog] Wait for dockerapi-mailcow to be online
2017-10-27 11:22:39 +02:00
André
083174a9bd [Rspamd] Do not try to index nil value 2017-10-26 22:25:13 +02:00
André
4156b4cdf8 [Rspamd] Disable spoofed sender check 2017-10-26 10:29:13 +02:00
André
988978b351 [Rspamd] Remove log helper and disable fann redis 2017-10-25 20:55:11 +02:00
André
4fd5b9afba [SOGo] Fix for some Outlook 2016 EAS problems 2017-10-25 08:57:34 +02:00
André
f7cd7cc123 [Rspamd] Redis history is enabled by default 2017-10-21 10:09:53 +02:00
Michael Kuron
a4ccd780c6 rspamd: disable greylisting for forwarding hosts 2017-10-14 16:40:44 +02:00
André
a3e966696f [Nginx] Revert to site splitting 2017-10-12 08:37:48 +02:00
andryyy
c5054ae7ed [Watchdog] Ignore null name in jq
[Nginx] Merge sites
[Scripts] Nextcloud helper script (testing!)
2017-10-11 22:56:22 +02:00
andryyy
57484e4a45 [Postfix] Log all watchdog activities to local7 facility 2017-10-11 11:21:41 +02:00
andryyy
874aac3c5e [Nginx, PHP-FPM] Do not expose PHP version, example for nextcloud site, include custom locations to site (add site.something.custom to data/conf/nginx) 2017-10-08 22:57:34 +02:00
andryyy
fc18d153cd [Compose, DockerAPI, Web, Watchdog] Watchdog may send notification mails (todo: docs), DockerAPI via Flesk for limited access 2017-10-05 23:38:33 +02:00
andryyy
073c6c6e73 [Postfix/Rspamd] Do not reject unauthenticated sender mismatches but rewrite their subject and assign symbol SPOOFED_SENDER with score 1.0 2017-10-04 23:16:39 +02:00
André Peters
d8636113dd Merge pull request #636 from mkuron/outlook
Preliminary support for Outlook 2016’s autodiscover.json
2017-10-03 21:23:59 +03:00
Michael Kuron
c731a18f66 Preliminary support for Outlook 2016’s autodiscover.json 2017-09-26 22:11:01 +02:00
andryyy
f257ed92f5 [Rspamd] Add missing ratelimit.conf 2017-09-21 22:21:11 +02:00
andryyy
edb2be979b [Postfix] Changes to ignore watchdog checks 2017-09-21 19:25:43 +02:00
andryyy
fd3b2e5f16 [Rspamd] Changes to ignore watchdog checks 2017-09-21 19:25:17 +02:00
andryyy
288a55b1f3 Merge branch 'dev' of https://github.com/mailcow/mailcow-dockerized into dev 2017-09-20 23:25:07 +02:00
andryyy
ea5aa261c9 [Unbound] Define mailcow ip6 as private 2017-09-20 23:23:11 +02:00
Michael Kuron
a411a357b9 rspamd: exclude Mail Flow monitoring from logs and stats 2017-09-20 15:21:02 +02:00
andryyy
a8fb1d3f4f Add experimental watchdog 2017-09-20 10:56:49 +02:00
andryyy
719aa1a391 [Postfix] Fix protocols 2017-09-18 10:59:45 +02:00
andryyy
67056dc3d1 [Postfix] Less strict smtpd_tls_mandatory_protocols 2017-09-18 08:24:24 +02:00
Michael Kuron
e4f13568d1 Rspamd user settings: fix matching From header 2017-09-16 18:46:28 +02:00
andryyy
089e8776f5 [Postfix] Stricter TLS settings for mandatory connections 2017-09-14 13:34:23 +02:00
andryyy
f0df390d12 [Nginx] Stricter TLS settings 2017-09-14 13:34:07 +02:00
andryyy
00e465a9a1 [Dovecot] Allow INBOX to be shared, sigh... fixes #594 2017-09-14 13:32:11 +02:00
andryyy
92e6c9daae [Nginx] Fix SSL temp. 2017-09-11 17:37:25 +02:00
JOduMonT
b2b9731020 a little bit of security
Hide the version of NGINX, block XSS and more...

inspired by : https://gist.github.com/plentz/6737338
2017-09-09 23:10:36 +07:00
André Peters
78c363b7a5 Merge pull request #565 from mkuron/softreject
Forwarding hosts: treat soft reject like greylist
2017-09-09 10:43:41 +02:00
Michael Kuron
3d9c161be1 Forwarding hosts: treat soft reject like greylist 2017-09-09 10:30:26 +02:00
andryyy
cfd9316d74 Merge branch 'dev' of https://github.com/mailcow/mailcow-dockerized into dev 2017-08-30 21:43:45 +02:00
andryyy
b1213c51d7 [Rspamd] Dynamic ratelimit fixed, removed async redis request; Ready to implement per-user ratelimits via UI (tbd) 2017-08-30 21:42:39 +02:00
André Peters
29acfe85db Merge pull request #536 from mkuron/patch-1
Rspamd user blacklist/whitelist improvements
2017-08-28 22:55:12 +02:00
Michael Kuron
8383ba5e9c Rspamd user settings: fix From header match
The request_header regex appears to not be expected to be encapsulated in slashes and does not seem to accept flags.
2017-08-28 20:27:53 +02:00
Michael Kuron
fcd8cfa4f4 Rspamd user settings: don't print all email addresses of a domain
The ucl_rcpts function can already deal with domains, so lets use this capability.
2017-08-27 14:19:29 +02:00
Michael Kuron
93a092e627 Rspamd user settings: also match From header 2017-08-27 14:19:28 +02:00
Michael Kuron
e178ca36de Rspamd user settings: make regexes case-insensitive
This is necessary because the user web UI normalizes to lowercase
2017-08-27 14:19:28 +02:00
andryyy
e47feeffd6 [Rspamd] Add custom directory for own files 2017-08-18 22:17:01 +02:00
andryyy
e5faee9037 [Nginx] Disable client_max_body_size 2017-08-09 10:17:32 +02:00
andryyy
d85352fa9a [Dovecot] Use listescape 2017-07-31 12:41:18 +02:00
andryyy
aabcf65c69 [Nginx] Set server_names_hash_bucket_size 64 2017-07-30 21:39:35 +02:00
andryyy
9be3aa3334 [Rspamd] Disable monitored 2017-07-27 09:03:44 +02:00
andryyy
83d485dd94 [Web, Postfix, Compose] Allow to add relayhosts per domain (+ plain and login authentication) 2017-07-22 20:39:54 +02:00
andryyy
ed33cb5f57 [Rspamd] ARC: Disallow login/domain mismatch 2017-07-21 11:03:35 +02:00
andryyy
256c9d86dd [Rspamd] Initial custom ratelimit support 2017-07-13 12:55:14 +02:00
andryyy
a31819fd6c [SOGo] Log to a pipe to not keep logs in a container 2017-07-11 17:08:06 +02:00
andryyy
08b99c8d74 [Dovecot] Add doveadm service 2017-07-10 21:30:45 +02:00
andryyy
c5d90b821a [Dovecot] Add extra.conf include to override Dovecot configuration changes 2017-07-10 09:19:12 +02:00
andryyy
56a652fbf3 [Rspamd] Set error_reporting to 0 2017-07-02 11:25:14 +02:00
andryyy
afc8c93c07 [Rspamd] Cleanup settings map 2017-07-01 23:14:27 +02:00
andryyy
6cd44b4136 Remove old code 2017-06-26 23:17:46 +02:00
andryyy
cbb4f51a9d Fix Junk-E-Mail folder name 2017-06-25 11:32:21 +02:00
andryyy
3be99d7f89 Set IPv6 network as secure_ip range in Rspamd 2017-06-24 22:07:26 +02:00
andryyy
578011c78c Move milter config, increase timeout for DNS 2017-06-21 10:18:52 +02:00
andryyy
036c51f053 Prefere ipv4 to fix problems on v4-only envs 2017-06-19 10:39:14 +02:00
andryyy
2a845a0d21 Less verbose 2017-06-18 20:57:54 +02:00
andryyy
9117c499ef Do not break DNS replies.... 2017-06-18 20:57:26 +02:00
andryyy
6fa19a37d8 Unbound changes 2017-06-18 20:23:26 +02:00
andryyy
ba3fc47d5f Fix autodiscover, thanks to K2rool! 2017-06-15 23:03:10 +02:00
James Smith
bcdbbf0102 Make autodiscover case insensitive 2017-06-14 23:42:42 +01:00
andryyy
83cb686e33 Fix fix for Apple dav.... 2017-06-14 23:17:31 +02:00
andryyy
495bf05fb8 Fix for Apple autoconfiguration (dav) 2017-06-14 23:14:41 +02:00
andryyy
e99fa9433e Fix dav url detection for apple 2017-06-14 23:10:50 +02:00
andryyy
44197c410e Do not add milter headers for authenticated users 2017-06-13 07:41:00 +02:00
André Peters
329ac40d95 Merge pull request #332 from mkuron/symlink
Replace symlink to PHP script
2017-06-08 20:57:51 +02:00
andryyy
663ea7815c Use new milter interface 2017-06-06 22:01:41 +02:00
andryyy
a41cafac3e Switch to Rspamds milter interface 2017-06-06 22:00:34 +02:00
andryyy
c9318ecf83 Switch to Rspamds milter interface 2017-06-06 21:59:44 +02:00
andryyy
e15795e112 Enable http2 2017-06-06 21:59:27 +02:00
Michael Kuron
062abb0ca7 Replace symlink to PHP script 2017-06-04 13:31:35 +02:00
andryyy
55071805f3 Execute after rmilter_headers (prio 10) 2017-05-29 21:53:47 +02:00
andryyy
d33399b3cb Fix mismatch in env and from mime header when signing mail 2017-05-29 21:49:01 +02:00
andryyy
e159eb7522 Fix listener 2017-05-29 21:48:41 +02:00
Michael Kuron
eb9217a8b8 SOGo UI: per-user authentication failure rate-limiting 2017-05-28 16:02:34 +02:00
André Peters
fb6893f664 Add IPv6 2017-05-28 11:14:43 +02:00
andryyy
813207c694 Listen on internal IPv6 2017-05-25 10:59:57 +02:00
andryyy
fd92283fb8 Add missing ; 2017-05-24 10:03:06 +02:00
andryyy
258a8ee6e9 Add IPv6 listener to Nginx, fixes IO error in Rspamd logs 2017-05-23 22:24:30 +02:00
andryyy
466b8137e5 Add log_helper to Rspamd, add IPv6 for http maps in Nginx, make Bind listen on v6 and add acl for internal network 2017-05-23 22:23:34 +02:00
andryyy
21714bd054 Remove obsolete map 2017-05-23 21:50:33 +02:00
andryyy
f3a1d81347 Rate extensions 2017-05-23 21:50:05 +02:00
andryyy
e99db685e5 Change map watch interval, remove Mraptor 2017-05-20 14:28:05 +02:00
andryyy
9965ff10a7 Fix mynetworks: Add mailcow ipv6 network 2017-05-17 22:38:59 +02:00
andryyy
63324b0de8 Fix mynetworks: Add mailcow ipv6 network 2017-05-17 22:38:11 +02:00
Michael Kuron
759f21ac6b Consistent symbol names for forwarding hosts
multimap.conf and force_actions weren't using the same name
2017-05-09 07:29:43 +02:00
andryyy
d64ed65575 Add multimap and forced actions for forwarded_hosts, removed from settings 2017-05-08 23:09:21 +02:00
André Peters
5861bec0c3 Merge pull request #256 from mkuron/forwardinghosts
Optionally enable spam filter for forwarding hosts
2017-05-08 19:00:42 +02:00
andryyy
cdf7c87e20 Deleted two http maps, replaced by redis multimaps, much better tag system 2017-05-08 15:39:33 +02:00
Michael Kuron
7efc720d47 Merge remote-tracking branch 'origin/dev' into forwardinghosts 2017-05-08 07:39:30 +02:00
andryyy
aa98d86feb Sieve rule for tags changed 2017-05-08 00:27:16 +02:00
Michael Kuron
ae6d7d63fc Optionally enable spam filter for forwarding hosts 2017-05-07 08:50:28 +02:00
andryyy
fa3a47fde5 Log to syslog 2017-05-06 23:42:07 +02:00
andryyy
ecda4fb1d1 Change whitelist for forwarding hosts 2017-05-06 23:41:58 +02:00
andryyy
b3a161f930 Keep format 2017-05-06 08:09:40 +02:00
andryyy
1501df6e42 Use Redis for DKIM keys, define any selector, auto-merge old keys to Redis and fallback to files 2017-05-05 10:35:27 +02:00
andryyy
e3f9839410 Do not use sld for DKIM signing 2017-05-04 19:12:21 +02:00
andryyy
edc41b48d1 Add map for scheme... 2017-05-03 22:26:10 +02:00
andryyy
2f0129539b Hopefully fix all Nginx reverse proxy issues, see documentation updates! 2017-05-03 18:05:13 +02:00
andryyy
8f213e8df9 Changes to api path 2017-04-29 16:36:41 +02:00
andryyy
a03b36e0c3 Add object to Nginx api configuration 2017-04-26 23:37:55 +02:00
andryyy
fd84b2ffa9 Change DKIM to new method, add clamav forced action when virus is found" 2017-04-25 20:32:36 +02:00
andryyy
e4310cafb3 Revert RP changes 2017-04-25 10:49:38 +02:00
Michael Kuron
f3fad4e7a2 Remove rspamd size limit
This ensures that the spam and antivirus filters cannot be evaded by making the message large enough.
Rspamd does not need a size limit on its own (e.g. for DoS protection) as Postfix already has a size limit (message_size_limit).
2017-04-24 19:49:41 +02:00
André Peters
0f3202109d Merge pull request #212 from mkuron/reverseproxy
Fix CalDAV/CardDAV URLs displayed in SOGo web interface when used behind reverse proxy
2017-04-24 10:09:32 +02:00
andryyy
755da65426 Change path 2017-04-23 19:38:27 +02:00
andryyy
55f6384f2a Change to hostname, connection is not important for container start 2017-04-23 17:43:29 +02:00
Michael Kuron
affa52edcf Forwarding hosts: don’t add configuration if none are defined 2017-04-22 18:34:49 +02:00
Michael Kuron
08612f0aef Merge remote-tracking branch 'origin/dev' into forwardinghosts 2017-04-22 18:13:58 +02:00
Michael Kuron
894d6234e9 Improvements to forwarding hosts in Postfix
- No more premature EOF and no more leaking of bash processes
- Log result
- Correctly treat non-CIDR entries
- Adapt to schema change from df71e97
- Correctly report SQL failure
2017-04-22 14:28:51 +02:00
andryyy
8adcc4fcd3 Force add mailcow_black/white 2017-04-21 10:19:45 +02:00
andryyy
be28877f68 Remove permanent moo symbol 2017-04-21 10:19:24 +02:00
andryyy
95cbfe3661 Move mail to spam when DKIM fails, ignore when white/blacklist and honor other actions 2017-04-21 10:19:07 +02:00
andryyy
babad4f137 Anti-Virus local configuration for Rspamd, container not enabled by default 2017-04-20 21:14:20 +02:00
Michael Kuron
d350c009b9 Fix login redirect behind reverse proxy 2017-04-20 19:53:56 +02:00
Michael Kuron
06e64c585c Fix CalDAV/CardDAV URLs displayed in SOGo web interface when used behind a reverse proxy 2017-04-18 20:24:43 +02:00
Michael Kuron
a75d916b74 Forwarding hosts in postscreen 2017-04-17 15:51:50 +02:00
Michael Kuron
8822eb57c8 Forwarding hosts in rspamd 2017-04-17 15:51:50 +02:00
andryyy
d0d87ead49 Zeyple is not enabled by default 2017-04-10 13:16:40 +02:00
andryyy
06100c30ca mail_crypt is not enabled by default 2017-04-10 13:15:48 +02:00
andryyy
c460636a70 mail_crypt is not enabled by default 2017-04-10 13:09:33 +02:00
andryyy
7f8d6556b8 imapsync: added option to delete from source after transfer 2017-04-10 13:07:45 +02:00
andryyy
b0d8b1344a Remove obsolete parameters, use imapsieve instead of deprecated antispam module, use mail_crypt per default 2017-04-05 22:22:43 +02:00
andryyy
96c1a7c225 Open 10026 for Zeyple 2017-04-05 22:21:20 +02:00
andryyy
34bc242554 Add Zeyple filter 2017-04-05 22:19:01 +02:00
andryyy
8b7e3c718d API format changes 2017-03-28 11:51:31 +02:00
andryyy
60fa9ab9dd Fall back to dkim.conf 2017-03-26 11:08:07 +02:00
andryyy
16d90b86d5 Use Redis history in Rspamd 2017-03-21 23:50:00 +01:00
andryyy
f384759282 Add all defaults to ratelimit module config in Rspamd 2017-03-21 11:20:04 +01:00
André Peters
4f72ed4509 Merge branch 'dev' into footable 2017-03-21 10:06:46 +01:00
André P
8d1784a1c4 Reset ratelimit 2017-03-21 10:05:26 +01:00
André P
d8cf921e35 Add ignore 2017-03-21 10:04:26 +01:00
root
892f2197cb Add footable 2017-03-21 10:02:23 +01:00
root
51230f780f Local 2017-03-21 08:11:06 +01:00
andryyy
7e6fc8568f Move DKIM signing to new dkim_signing.conf 2017-03-19 21:55:03 +01:00
andryyy
2fcbce4f2e Fix: return true 2017-03-17 19:23:25 +01:00
andryyy
509a804acd Deprecated lua function replaced, better tag handling when spam 2017-03-16 13:42:56 +01:00
andryyy
9f4a5b1834 Fix symbol check 2017-03-12 17:25:30 +01:00
andryyy
09850a76e5 Use Rspamds new tag symbol 2017-03-12 14:38:20 +01:00
andryyy
7a2427bf9b Add Junk-E-Mail as special use junk 2017-03-10 15:34:23 +01:00
andryyy
4c8288f85e Use tag settings for alias addresses 2017-03-09 17:06:58 +01:00
andryyy
276e370989 Rspamd tag check for non-spam only (post-filter), remove sql files from repository" 2017-03-08 17:58:00 +01:00
andryyy
2d086424fa Fix settings for aliases, alias domains 2017-03-04 14:05:06 +01:00
andryyy
285e295d91 Fix for settings 2017-03-04 00:27:57 +01:00
andryyy
8c2416b711 Never return empty map 2017-03-04 00:23:38 +01:00
andryyy
211e4158a2 Always return settings 2017-03-04 00:19:10 +01:00
andryyy
cad084598d Remove old files, fix tagging 2017-03-03 19:01:33 +01:00
andryyy
579b5483ab Do not return empty map 2017-03-03 17:31:50 +01:00
andryyy
92b5a8e6dd Change map variable 2017-03-03 15:39:12 +01:00
andryyy
279210a524 Tab size 2017-03-03 04:48:28 +01:00
andryyy
c21623b482 Important fix for Rspamd score settings, LUA tag handling changes 2017-03-03 04:44:51 +01:00
andryyy
8175a0387f Change wording 2017-03-02 09:12:43 +01:00
andryyy
41d771e780 Aliases do not match alias domains 2017-03-01 17:59:46 +01:00
andryyy
50eb49ab71 Better autodiscover/autoconfig config in Nginx, add new ignores 2017-02-28 14:27:19 +01:00
andryyy
6d7c3423ba Change Nginx templates 2017-02-28 10:12:18 +01:00
andryyy
2fea636a01 Add Nginx HTTP listener 2017-02-28 10:02:02 +01:00
andryyy
4db74f6734 Fix bind9 config 2017-02-23 16:23:16 +01:00
andryyy
1c12799091 Add bind9 and replace pdns 2017-02-23 16:06:28 +01:00
andryyy
26906caa07 Pass IP even if behind (second) reverse proxy, add new SOGo resource path 2017-02-23 16:05:42 +01:00
andryyy
f13df1ec46 Add mraptor to rspamd 2017-02-18 20:29:15 +01:00
andryyy
f6241619df Reset first 2017-02-16 20:20:27 +01:00
carazzim0
d295435cad use ip address instead of alias name 2017-02-16 19:55:07 +01:00
andryyy
4e311d7738 Read mime to field when env has no tag 2017-02-14 21:55:58 +01:00
andryyy
15bffcd447 Display keys inline, also read domain aliases for tagging option 2017-02-14 21:54:09 +01:00
André Peters
a6c6e34fe9 Update mysql_virtual_sender_acl.cf 2017-02-12 19:28:52 +01:00
andryyy
c73cc42a95 Handle alias domains the same way as their parents in sender_acl, thanks to @tehXor 2017-02-11 20:54:14 +01:00
andryyy
8883960d5a Add mime types and full path to fcgi params 2017-02-08 19:11:25 +01:00
andryyy
7c3a8a5819 Use IPs to not emerg Nginx when host does not exist 2017-02-02 10:09:44 +01:00
andryyy
5e39bcf5e4 Fix settings 2017-01-29 13:56:24 +01:00
andryyy
6e196eeb6e Remove kind where field 2017-01-29 12:33:36 +01:00
andryyy
13a8e6bf28 Exclude resources 2017-01-28 09:53:12 +01:00
andryyy
0630c882ee When TLS is enforced for incoming mails, allow mynetworks and sasl authenticated users 2017-01-25 19:04:31 +01:00
andryyy
a294cd04e5 Add charset 2017-01-25 19:04:01 +01:00
andryyy
54de192334 Add mydestination to prevent hostname == domain situations 2017-01-23 08:23:59 +01:00
andryyy
3ece7cc7fd Get SOGo web resources from SOGo httpd, enable caching 2017-01-21 11:46:56 +01:00
andryyy
30c4396c31 Change var names 2017-01-18 21:33:11 +01:00
andryyy
683e24c7f6 Still needs rework... but is ok right now 2017-01-18 21:26:49 +01:00
andryyy
308c2f7e03 Fix EAS for SOGo 2017-01-15 17:37:25 +01:00
andryyy
89b5d9bde6 Easier container names, allow to set HTTPS port, Typo fix 2017-01-12 21:40:42 +01:00
andryyy
33a0357634 Log to mail.log, add postlogin script to give master user full permissions 2017-01-12 20:15:05 +01:00
andryyy
86a8dc195e Change ciphers 2017-01-09 20:22:44 +01:00
andryyy
621235d8da Lowercase tag name "eXaMpLe" to "example" if folder "eXaMpLe" does not exist, else move to folder "eXaMpLe" 2017-01-09 12:37:39 +01:00
andryyy
be7693a8e1 Sieve tag handling changes 2017-01-09 11:39:27 +01:00
andryyy
49a98a30b5 Add ability to set tag handling, add domain map 2017-01-09 11:05:33 +01:00
andryyy
ebfc45df9f Set huge timeout in PHP for SOGo childs to stop 2017-01-03 11:47:09 +01:00
andryyy
4adcb287bb Fix rspamd dynamic map 2016-12-29 21:12:19 +01:00
andryyy
d486a9bb70 Fix Dav discovery on iOS, thanks Brad! 2016-12-27 20:28:30 +01:00
andryyy
b514ffb368 Remove creds file 2016-12-23 11:04:48 +01:00
andryyy
5d0081a0ec Base all on xenial to save some space loading chunks, clean-up images 2016-12-23 10:27:48 +01:00
andryyy
b0db732e87 Needs lowercase master user with SHA1 2016-12-23 07:07:50 +01:00
andryyy
184a35da24 Format 2016-12-22 12:20:26 +01:00
andryyy
b6c95e2bd6 Add local networks 2016-12-22 12:20:17 +01:00
andryyy
2783510bef DKIM sign auto-responder messages by using mime from field 2016-12-21 20:55:38 +01:00
andryyy
49e09d3ca0 Add autodiscover and autoconfig 2016-12-21 12:16:05 +01:00
andryyy
036d547415 Fix forwarding in sieve 2016-12-21 09:50:54 +01:00
andryyy
ed9d64bab4 Add random created master at each startup to handle SOGo features 2016-12-21 08:25:11 +01:00
andryyy
85b243a15b SOGo multi-domain setup 2016-12-20 15:24:33 +01:00
andryyy
7a2abe6ada Add default sieve_after handler 2016-12-19 15:20:30 +01:00
andryyy
98e803e6ef Back to utf8mb4... 2016-12-19 12:24:31 +01:00
andryyy
31911c7ed8 Remove unused table, rename table 2016-12-18 22:25:02 +01:00
andryyy
7b18f7881a Remove unused table, rename table 2016-12-18 22:24:48 +01:00
andryyy
a47625a34a Remove unused table, rename table 2016-12-18 22:24:22 +01:00
andryyy
608820a728 Use UTF8, MySQL 5.7 is the only docker image to use innodb default row format, but is broken and segfaults on many machines 2016-12-18 15:50:57 +01:00
andryyy
861fc190ca Use UTF8, MySQL 5.7 is the only docker image to use innodb default row format, but is broken and segfaults on many machines 2016-12-18 15:50:13 +01:00
andryyy
fa2da040ea Remove debugging 2016-12-18 13:43:11 +01:00
andryyy
380fe11f7f Waiting for bug fix from SOGo for alarms folder 2016-12-18 12:50:45 +01:00
andryyy
73ae15790a Set sql mode and timezone 2016-12-18 12:41:45 +01:00
andryyy
04830141e4 Be more quiet 2016-12-18 12:41:29 +01:00
andryyy
defe57d24d Changes 2016-12-18 00:24:05 +01:00
andryyy
220ea526f7 Thanks to https://gist.github.com/croessner/64ae8150b3fa3636ec002b812c4ab2ff 2016-12-16 12:23:04 +01:00
andryyy
8559de7ae6 Fix rspamd settings and dynamic configuration 2016-12-16 08:15:20 +01:00
andryyy
5afda018ce Log some infos, sign using dkim separator 2016-12-15 10:04:56 +01:00
andryyy
1aa5280fc2 Use memcached and changed title 2016-12-15 10:04:32 +01:00
andryyy
774320d5e8 Use env vars for PHP app 2016-12-14 21:10:11 +01:00
andryyy
9e8a003508 Remove old file 2016-12-14 15:56:30 +01:00
andryyy
5d410c1a39 Change SOGo Dockerfile 2016-12-14 09:25:54 +01:00
andryyy
61da76db4e Enable DNSSEC for resolver in rspamd 2016-12-13 13:55:57 +01:00
andryyy
b93c4e4102 Fix dovecot antispam plugin parameters 2016-12-13 13:38:31 +01:00
andryyy
855efcf542 Random 2016-12-13 12:32:16 +01:00
andryyy
7e25826d4e Antispam plugin for Dovecot + rspamd pipe script 2016-12-13 12:26:10 +01:00
andryyy
5e883b6f51 Some last changes 2016-12-12 21:53:58 +01:00
andryyy
bbd17a7e91 Remove vars from main.cf 2016-12-12 09:25:37 +01:00
andryyy
47a5166383 Add pdns resolver, changed some other files 2016-12-11 18:58:29 +01:00
andryyy
e3f0058f4f Changes... 2016-12-11 14:13:17 +01:00
andryyy
42a64b45d7 Fixes, working rspamd settings, generate DKIM keys in PHP 2016-12-10 21:49:41 +01:00
andryyy
7d6c5ff071 First commit for rspamd settings 2016-12-10 00:39:27 +01:00
andryyy
e9b97e98ec Some changes 2016-12-09 21:10:11 +01:00
andryyy
5f04dc0b04 mailcow dockerized 2016-12-09 20:39:02 +01:00