Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
7,410 Commits 2 Branches 0 Tags 47 MiB
3ebf2c2d2d
Commit Graph

1177 Commits

Author SHA1 Message Date
Niklas Meyer
2b009c71c1
Merge pull request #5316 from mailcow/feat/rspamd-securite-symbols 
[Rspamd] Native mailcow Support for Securite ClamAV Signatures
 2023-07-12 08:27:20 +02:00
Patrick Schult
a0723f60d2
Merge pull request #5221 from mailcow/fix/dot-stuffing-bcc 
[Rspamd] add dot-stuffing to bcc forwarding
 2023-07-10 10:07:31 +02:00
DerLinkman
6e9c024b3c Changed weight to score for CLAMD_SPAM 2023-06-27 10:28:52 +02:00
DerLinkman
8cd4ae1e34 Improved Scores 2023-06-23 16:19:37 +02:00
DerLinkman
689856b186 New Symbols defined for Security ClamAV DBs 2023-06-23 16:13:25 +02:00
DerLinkman
380cdab6fc Removed dnsbl from main.cf 2023-06-23 14:26:17 +02:00
Peter
7a582afbdc
Rspamd returns 401 on unsuccesful logins 2023-05-28 22:43:26 +02:00
Niklas Meyer
88b8d50cd5
Merge pull request #4028 from Daniel15/patch-2 
Enable maildir_very_dirty_syncs by default
 2023-05-24 11:00:38 +02:00
Peter
33c97fb318
change domain for docs 2023-05-10 20:32:38 +02:00
FreddleSpl0it
f295b8cd91
[Rspamd] add domain wide footer 2023-05-08 12:55:38 +02:00
FreddleSpl0it
97a492b891
[Rspamd] add dot-stuffing to bcc forwarding 2023-05-03 15:04:09 +02:00
Peter
f3322c0577
Add IP Connect Inc 2023-04-21 19:43:20 +02:00
Niklas Meyer
deb2b80352
Merge pull request #5108 from mailcow:dragoangel-patch-1 
[Rspamd] Fix cases of forwarding via freemail
 2023-03-09 14:33:48 +01:00
Dmitriy Alekseev
81fcbdd104
[SOGo] Disable password change option 
It doesn't work with ProxyAuth and in general not honor password policy set via mailcow UI. SOGo also do not provide own settings to provide any password policy. Due to this two issues I think that it's better have it disabled by default. People who need it can turn it back easily. We can update https://docs.mailcow.email/manual-guides/SOGo/u_e-sogo/#disable-password-changing to `enable-password-changin` and explanations of reasons why it is disabled.
 2023-03-04 18:06:26 +02:00
Dmitriy Alekseev
1a9294b58f
[Rspamd] Fix cases of forwarding via freemail 
Excluding FREEMAIL_ENVFROM from the FREEMAIL_POLICY_FAILURE expression will allow forwarding mail via freemail services when the initial sender did not have a DKIM signature.
 2023-03-04 17:57:52 +02:00
Reto Kupferschmid
46cc022590
fix URLHAUS_ABUSE_CH check 2023-02-28 14:30:38 +01:00
FreddleSpl0it
afddcf7f3b replace nullnull.org with fuzzy.mailcow.email 2023-01-24 09:49:49 +01:00
Niklas Meyer
0dbd6be010
Merge pull request #4899 from mhupfauer/patch-1 
Update bulk_header.map
 2022-12-23 16:10:04 +01:00
Der-Jan
f1e1232849 Add Message-ID to pushover 2022-12-21 10:39:14 +01:00
mhupfauer
118984dfff
Update bulk_header.map 
AWeber is a massive Mail as a Service provider which is used by many legitimate corporations and should not be handled negatively by default.
 2022-12-13 22:38:45 +01:00
bluewalk
360bb6f306 Split name and address for TO-variables 2022-11-20 10:42:44 +01:00
bluewalk
d8e314db1a Fixed issue with subdomain senders + added TO variable and allow new lines in text using \n 2022-11-19 15:32:48 +01:00
bluewalk
fd14c51f85 Removed regex as we have the address from the header 2022-11-18 17:29:31 +01:00
bluewalk
65c74c75c7 Added SENDER_ADDRESS and SENDER_NAME as variables for messages 2022-11-17 21:01:18 +01:00
bluewalk
e82f3b3975 Added SENDER_ADDRESS and SENDER_NAME as variables for messages 2022-11-17 21:01:18 +01:00
FreddleSpl0it
72e204f8fd fix sogo bugs after 2022-08 update 2022-09-08 10:32:07 +02:00
DerLinkman
9806e568c0 Readded Sieve Location for Dovecot 2022-09-02 10:24:49 +02:00
andryyy
ad8b7f0894 [Dovecot] Fixes broken sieve compiler in some rare cases when using replication 2022-08-18 15:08:00 +02:00
André
fdf52dcb17
[Rspamd] Prevent LUA crash 
Fixes LUA error when inserting unknown symbol from settings map
 2022-07-07 09:20:59 +02:00
FreddleSpl0it
549ff7d100
Add Domain and Mailbox tagging (#4569) 
* [Web] define tag tables

* [Web] add mailbox tag functions

* [Web] add domain/mailbox tagging

* [Web] add domain/mailbox tagging

* [Web] add domain/mailbox tagging

* [Web] add domain/mailbox tagging

* [Web] add domain/mailbox tagging

* [Web] add domain/mailbox tagging

* [Web] add domain/mailbox tagging

* [Web] add domain/mailbox tagging

* Include new tags lang in language.en.json

* [Web] add domain/mailbox tagging

* [Web] add domain/mailbox tagging

* [Web] add domain/mailbox tagging

* [Web] add domain/mailbox tagging

* [Web] add domain/mailbox tagging

Co-authored-by: Niklas Meyer <62480600+DerLinkman@users.noreply.github.com>
 2022-05-05 08:25:01 +02:00
andryyy
7e26a2ab98
[Rspamd] Remove neural config due to massive fp 2022-04-13 10:42:11 +02:00
andryyy
372e381a85
[Web] Fix wrong lang string for filter deletion confirmation 2022-04-08 09:39:32 +02:00
andryyy
a2ccf7ef03
[Nginx] Fix Nginx buffer sizes by moving parameters to correct location 2022-04-05 22:34:26 +02:00
Niklas Meyer
53a5254897
[SOGo] Update SOGo to 5.5.1 
**Includes Database Changes!**

As a preparation for 5.5.2 the database as well as some NGINX Settings have been changed.
 2022-04-01 15:20:09 +02:00
Aiko Appeldorn
be9cbcf5ac
[Postfix] update postscreen access list (#4515) 2022-03-23 11:49:46 +01:00
Niklas Meyer
b04faddac4 Modified Buffer Size in site-defaults.conf 2022-03-23 11:14:07 +01:00
Peter
eddaf7a975
Revert "Before update on 2022-03-02_17_04_05" 
This reverts commit 24275ffdbf.
 2022-03-05 23:31:41 +01:00
andryyy
98bc947d00 [Web] Update composer libs 
- Removing symfony/deprecation-contracts (v2.4.0)
  - Upgrading ddeboer/imap (1.12.1 => 1.13.1)
  - Upgrading directorytree/ldaprecord (v2.6.3 => v2.10.1)
  - Upgrading illuminate/contracts (v8.53.1 => v9.3.0)
  - Upgrading nesbot/carbon (2.51.1 => 2.57.0)
  - Upgrading phpmailer/phpmailer (v6.5.0 => v6.6.0)
  - Upgrading psr/container (1.1.1 => 2.0.2)
  - Upgrading psr/log (1.1.4 => 3.0.0)
  - Upgrading psr/simple-cache (1.0.1 => 2.0.0)
  - Upgrading robthree/twofactorauth (1.8.0 => 1.8.1)
  - Upgrading symfony/polyfill-ctype (v1.23.0 => v1.24.0)
  - Upgrading symfony/polyfill-mbstring (v1.23.1 => v1.24.0)
  - Upgrading symfony/polyfill-php80 (v1.23.1 => v1.24.0)
  - Upgrading symfony/translation (v5.3.4 => v6.0.5)
  - Upgrading symfony/translation-contracts (v2.4.0 => v3.0.0)
  - Upgrading symfony/var-dumper (v5.3.6 => v6.0.5)
  - Upgrading tightenco/collect (v8.34.0 => v8.83.2)
  - Upgrading twig/twig (v3.3.2 => v3.3.8)
 2022-03-02 20:08:44 +01:00
andryyy
24275ffdbf Before update on 2022-03-02_17_04_05 2022-03-02 20:03:09 +01:00
Niklas Meyer
c520f21d28
🐄 Moorch Update 2022 - ClamAV, Dovecot & Olefy Update (#4497) 
* [API] Fix minor issue in api docs

* [GH-Actions][stale] Add neverstale label to exempt list

* [Web] add github version tag

* [Web] add github version tag

* [Web] add github version tag

* [Web] add github version tag

* [Web] add github version tag

* [Web] add github version tag error handling

* [Web] add github version tag error handling

* Passwordless SOGo auth: support for calendar invitations and calendar/contacts subscriptions

Inviting someone to a calendar event triggers a request to /SOGo/so/otheruser@example.com/freebusy.ifb/ajaxRead. Subscribing to someone's calendar/contacts triggers a request to /SOGo/so/otheruser@example.com/foldersSearch. The email address in the URL is different from the logged-in user, which needs to be handled appropriately by sogo-auth.php.

* [Web] add github version tag - adjust css

* [Compose] Update SOGo Autoreply Schedule to 5m

Based on the advice of inverse (SOGo developer). Thanks to https://github.com/jmber

Closes: https://github.com/mailcow/mailcow-dockerized/issues/4436

* [Web] add github version tag - move twig globals

* [Web] add github version tag - missing </div>

* Passwordless SOGo auth: improvements for when accessing other users

* [WebAuthn] fido2 passwordless auth - fix (#4440)

* [WebAuthn] fido2 revert

* [WebAuthn] set UV flags to 'discouraged'

* [WebAuthn] revert - set UV flags to 'discouraged'

* Update clamav to 0.104.2

* Update clamav to 0.104.2

* Update dovecot to 2.3.18

Update gosu to 1.14
Use debian bullseye as base

* [Web] Updated lang.es.json [CI SKIP] (#4453)

Co-authored-by: Fijxu <fijxu@zzls.xyz>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

Co-authored-by: Fijxu <fijxu@zzls.xyz>

* Fix broken documentation links (#4458)

* Fix broken documentation links

* Fix a few more broken documentation links

* Fix broken documentation links in translation files

* Fall back to empty string if WATCHDOG_NOTIFY_EMAIL undefined (#4457)

By default, `.env` (`mailcow.conf`) does not define `WATCHDOG_NOTIFY_EMAIL`.

Using it in `docker-compose.yml` without having it defined leads to Compose v2 displaying this warning on startup:

> WARNING: The WATCHDOG_NOTIFY_EMAIL variable is not set. Defaulting to a blank string.

Related to https://github.com/mailcow/mailcow-dockerized/issues/4315

* [Web] Updated lang.sk.json [CI SKIP] (#4461)

Co-authored-by: Lukáš Matula <lukas@gbely.net>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

Co-authored-by: Lukáš Matula <lukas@gbely.net>

* oletools: disable template injection detection (#4464)

Seems to be causing a lot of false positives lately

* Fix minor typo in comment (#4466)

Correction of the comment, so that the explanation is correct and can be understood.

* Update issue templates to issue forms (#4465)

This PR updates the issue templates to GitHubs new issue forms

* [Web] Fix padding issue in UI admin panel (#4481)

* [Web] fix admin panel padding issue

* [Web] fix admin panel padding issue

* [Web] Updated lang.sk.json [CI SKIP] (#4489)

Co-authored-by: Lukáš Matula <lukas@gbely.net>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

Co-authored-by: Lukáš Matula <lukas@gbely.net>

* increase opcache.interned_strings_buffer to 16 (#4487)

since version 23.0.2 Nextcloud recommends having a value greater than 8 for `opcache.interned_strings_buffer`. As this memory will be only used when needed this should have no impact on installations that are not using nextcloud.

related discussion: https://help.nextcloud.com/t/nextcloud-23-02-opcache-interned-strings-buffer/134007/19
related nextcloud issue: https://github.com/nextcloud/server/issues/31223

* nextcloud - add missing redirections (#4366)

adds missing location directives to the nginx configuration of nextcloud 22, to prevent warnings in nextcloud admin center of missing redirections

* Update imapsync to 2.178 (#4491)

* Update and fix oletools (#4479)

As noticed by @MAGICCC (#4464 (comment)), our olefy image does not work anymore if you rebuild it. This is because @HeinleinSupport recently updated their repository with the changes from @decalage2's repository, which renamed olvba3 to olevba. Since @HeinleinSupport does not recommend using its own patched branch and is very slow in pulling in changes from upstream (@decalage2), let's switch to the latter. This also allowed me to revert #4464.

Finally, a minor patch to rspamd is necessary. While the documentation says

In the extended mode the oletools module will not trigger on specific categories, but will always set a threat string with all found flags when at least a macro was found.

This is not actually true -- it only sets it when suspicious or autoexec threats were detected. But it's a one-line patch to make rspamd behave as documented and we should submit that patch to @rspamd too. With this patch, I have confirmed that Mailcow will reject any incoming, non-whitelisted message containing attachments with macros.

* [Web] Fix excluded domain list in quaratine view

Previously excluded domains from quarantine were not shown.

* [Dovecot] Update syslogng Version to 3.28 (#4496)

Co-authored-by: Niklas Meyer <niklas.meyer@tinc.gmbh>

Co-authored-by: ntimo <git@nowitzki.me>
Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: FreddleSpl0it <patschul@posteo.de>
Co-authored-by: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Co-authored-by: Michael Kuron <mkuron@users.noreply.github.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: Fijxu <fijxu@zzls.xyz>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
Co-authored-by: Lukáš Matula <lukas@gbely.net>
Co-authored-by: Max <mail@heavygale.de>
Co-authored-by: Michael Cramer <michael@bigmichi1.de>
Co-authored-by: Robert Christian <soulsymphonies@users.noreply.github.com>
Co-authored-by: André <andre.peters@debinux.de>
Co-authored-by: Niklas Meyer <niklas.meyer@tinc.gmbh>
 2022-03-02 16:32:17 +01:00
andryyy
a5660cdf31 [SOGo] Faster GC: fix for too many SQL connections 2021-12-12 10:42:53 +01:00
andryyy
25cecf5f9d [MariaDB] Further increase connections 2021-11-18 10:55:54 +01:00
Dmitriy Alekseev
95e57e3968
[Rspamd] Return CAB to archive_extensions 2021-11-18 11:47:56 +02:00
Dmitriy Alekseev
54448bfd38
[Rspamd] Adjust CAB score detection 
Adjust CAB score detection, as CAB content can't be extracted by Rspamd
 2021-11-18 10:14:24 +02:00
andryyy
15c0b3f7b7 [MariaDB] Decrease connection timeout to SOGo worker lifetime + 10s 2021-10-28 21:58:17 +02:00
Dmitriy Alekseev
a26bbff63f
[Rspamd] Enhance SOGo contacts dynmap (#4245) 
* [Rspamd] Fix SOGo Contacts Dynmap

1. Lowercase all emails to align with Rspamd
2. Remove dots from gmail.com and change googlemail.com to gmail.com to align with Rspamd per https://github.com/rspamd/rspamd/blob/master/lualib/lua_util.lua#L271-L274

* Update settings.php

Fix case when gmail.com or google.com is stored in contact book not in lowercase

* Update settings.php

Add removing of Tags in emails as Rspamd not count them as part of From
 2021-10-23 15:58:06 +00:00
andryyy
408fee4411
[Rspamd] More bulk headers 2021-10-15 19:50:19 +02:00
Dmitriy Alekseev
2c5628c0e5
[Postfix] Tempfail if Rspamd not available 
To protect from spam when rspamd hang or not yet ready to serve requests postfix should reject incoming mail with temp error
 2021-09-16 22:31:46 +03:00
andryyy
5e5ab6cf40
[Rspamd] Add soft reject to dropped messages for Pushover 2021-09-07 19:39:03 +02:00
andryyy
80fc18c5b4
[Rspamd] Always include watchdog in no_stat and no_log flag symbol 2021-09-07 17:56:20 +02:00
andryyy
c4f70f39b5
[Rspamd] Wrong operator: AND should be OR 2021-09-02 14:14:39 +02:00
andryyy
43121b9287
[Rspamd] Properly cache Rspamd settings map, save a lot of resources 2021-09-02 14:09:50 +02:00
andryyy
bb2351ccf8
[Rspamd] Re-add bad subject maps (_not_ related to previous mem leaks) 2021-09-02 14:09:25 +02:00
andryyy
e616755072
[Web] Fix app password editing, fixes #4239 2021-09-01 18:11:00 +02:00
andryyy
2b89ab919b [Rspamd] Remove IVM-SG script 2021-09-01 17:00:03 +02:00
andryyy
8ee997b1a3
[Rspamd] Base on bullseye; remove nullnull map to _perhaps_ prevent a memleak 2021-09-01 15:21:43 +02:00
Daniel Lo Nigro
1606658cb1
Add missing spaces 2021-08-28 20:02:39 -07:00
andryyy
649a5c0159
[Rspamd] More generous timeout but no retransmit allowed for oletools: prevent further timeouts 2021-08-16 10:17:52 +02:00
andryyy
98a778a059 [Rspamd] Increase task timeout to prevent expensive tasks to cause a timeout; Set max size for macro scans to 3 MiB 2021-08-16 10:01:41 +02:00
andryyy
bc8e87fba6
[Rspamd] Olefy: reduce max scan size to 5 MiB 2021-08-16 06:49:18 +02:00
andryyy
d383c0ab9b
[Dovecot] Revert autocrypt sieve before, fixes DeltaChat and closes #4230 2021-08-13 06:18:43 +02:00
andryyy
eec75690e0
[Nginx] Deny inc/lib location 2021-08-08 16:06:26 +02:00
andryyy
96a460c2fa
[Dovecot] Change sieve scripts for DeltaChat 2021-07-28 21:44:06 +02:00
andryyy
3dd7d7226d
[Dovecot] Re-add sieve_vacation_dont_check_recipient = no (default) to check for vacation rcpts 2021-07-21 10:10:39 +02:00
Sven Michels
376ef76022
[Rspamd] Add soft reject on task timeout (#4189) 
As we have seen issues in DNS processing actually stops rspamd from
processing a message, which leads to missing tag insertion for example,
we turn on soft reject on task timeout. Behavior is the same as with
greylisting for example, so the mail will be delayed/soft rejected, but
as DNS issues usually are most likely temporarily, it should get delivered
on the second try.
 2021-07-19 12:09:32 +02:00
andryyy
b5bf97eec9
[Rspamd] Revert custom DNS timeouts 2021-07-11 17:31:40 +02:00
andryyy
b3959e8071
[Rspamd] DeltaChat improvements 2021-07-09 09:19:06 +02:00
andryyy
5a6d970794
[Rspamd] Better support for DeltaChat 2021-07-09 07:42:37 +02:00
andryyy
8b08d09ca2
[Web] Remove XMPP options 
[Web] Add Rspamd preset #4
[Web] Do not show failed SASL logins (and also remove them from db)
 2021-06-30 10:13:29 +02:00
andryyy
b2272b8e35
[Dovecot] Re-add listescape... 2021-06-23 14:17:39 +02:00
andryyy
9544ffe174
[Dovecot] Remove listescape 2021-06-23 14:13:34 +02:00
andryyy
3045bcf49d
[Nginx] Allow SOGo SSO 2021-06-23 14:12:14 +02:00
andryyy
06beda7c7c
[Rspamd] Increase DNS timeout and retransmits 2021-06-21 22:03:26 +02:00
andryyy
f7fd0d8c7c
[Dovecot] Move includes 2021-06-21 22:03:11 +02:00
andryyy
7b0b59a082
[Rspamd] Use Postfix IP 2021-06-21 22:02:36 +02:00
andryyy
5b68c186ca
[Rspamd] Bad header rule for hotmail/outlook.com spam that no one seems to care about at MS :/ 2021-06-17 06:34:47 +02:00
andryyy
3ec1b856c7
[Rspamd] Fix bad header rule 2021-06-16 12:23:11 +02:00
Dmitriy Alekseev
583663f6d1
[Rspamd] Fix FREEMAIL_POLICY_FAILURE with SPF_SOFTFAIL (#4142) 
Add really low negative score to SOFTFAIL policy symbols to get FREEMAIL_POLICY_FAILURE triggered correctly
 2021-06-11 16:10:28 +03:00
andryyy
3ffd39dae5
[Dovecot] Move mailboxes to separate config file; remove postlogin script (replaced by config variables) 2021-06-08 13:14:47 +02:00
andryyy
68f9ca8cb0
[Postfix] Remove broken SASL access map, moved to Dovecot LUA authentication 2021-06-08 13:13:49 +02:00
waja
28ab9986a7
Remove left smtpd_last_auth statement (#4127) 2021-06-06 11:52:31 +00:00
andryyy
d7ecf899c8
[Rspamd] Reduce 00 bad subjects score 2021-06-05 17:45:27 +02:00
Dmitriy Alekseev
05f6e28191
[Postfix] Remove smtpd_last_auth from master.cf (#4124) 2021-06-05 16:13:50 +02:00
andryyy
7050d7c259
[Web] Fix BCC validation for aliases 2021-06-05 08:40:55 +02:00
andryyy
51b32bc4c0
[Dovecot] Remove last_login, fixes #4121 2021-06-04 20:48:36 +02:00
andryyy
51e3521aac
[Postfix] Remove smtpd_last_auth service; replaced by SASL logging in Dovecot LUA auth process 2021-06-04 14:29:28 +02:00
andryyy
6d22ae8d02
[Dovecot] Feature: Move authentication to LUA and prepare for http based authentication, log last SASL logins to SQL 2021-06-04 14:27:33 +02:00
andryyy
b6b64f9470
[Rspamd] rename symbol from bad_regex to bad_subject 2021-06-03 08:18:10 +02:00
andryyy
c8955284a2
[Rspamd] Create BCC plugin 2021-06-03 08:02:03 +02:00
andryyy
1bad74101f
[Postfix] Add listener for BCC sender used by meta_exporter in Rspamd 2021-05-30 16:08:19 +02:00
andryyy
8a83587800
[Postfix] Finally here: MX based transport map routing; Sorry it took years, Patrik 
[Web] Small fixes
 2021-05-28 10:40:41 +02:00
andryyy
fe483d882d
[Rspamd] Replace 00 bad domains by bad regex map (wip) 2021-05-27 13:17:35 +02:00
andryyy
4ede07854d
[Rspamd] Replace 00 bad domains by bad regex map (wip) 2021-05-27 12:34:33 +02:00
andryyy
4b28dbbabc
[Rspamd] Replace 00 bad domains by bad regex map (wip) 2021-05-27 12:33:47 +02:00
andryyy
56a085b632
[Rspamd] Add 00 abuse domains (wip!) 2021-05-24 11:12:56 +02:00
andryyy
2e87f6ac2d
[Rspamd] Fix bad header rule 2021-05-23 23:29:32 +02:00
andryyy
f81483d312
[Rspamd] Create bad header map 2021-05-23 23:13:34 +02:00
andryyy
cf9d3e00c8
[Rspamd] Create bad header map 2021-05-23 23:12:07 +02:00
andryyy
1cd0a96ad0
[Nginx, SOGo] Set mime type text/plain instead of returning 403 when opening risky attachments 2021-05-17 21:21:35 +02:00
andryyy
6a8aa699d9
[SOGo, Nginx] Deny access to some extensions from SOGo web ui to mitigate security concerns 2021-05-12 10:44:42 +02:00
Dmitriy Alekseev
bb1b76454d
[Rspamd] Remove score from SIEVE_HOST (#4080) 
Commit e7a5c98704 remove upstream spam flag score
 2021-05-04 18:51:07 +02:00
Daniel Lo Nigro
54ba66733e Enable maildir_very_dirty_syncs rather than just adding comment 2021-05-02 16:39:26 -07:00
Maximilian
5df8a24c84
server_tokens off in default settings (#4073) 
Co-authored-by: Maximilian Leith <accounts.maximilan@leith.de>
 2021-04-26 13:20:23 +02:00
Dmitriy Alekseev
bbb75b0d32
[Rspamd] Fix for Respect Redis REPLICA in reputation plugin (#4046) 2021-04-18 22:41:08 +03:00
André Peters
ee6ca4eaaa
Revert "[Rspamd] Respect Redis REPLICA in reputation plugin (#4046)" (#4065) 
This reverts commit 7fdc4c2cc3.
 2021-04-18 21:02:29 +02:00
Valentin Brandner
1bb68c2f5f
[Rspamd] Fix little typo in regex (#4050) 
There was a dot missing, right? Correct me if I'm wrong...
 2021-04-09 23:37:33 +02:00
andryyy
604f29e870
[Postfix] Set mynetworks_style = subnet to include all local subnets, will be overridden by mynetworks in extra.cf 2021-04-07 21:28:53 +02:00
Dmitriy Alekseev
694e3d652f
[Rspamd] Sign Disposition-Notification Headers (#4020) 
* [Rspamd] Sign Disposition-Notification Headers

Add more Headers to DKIM signing

* Update dkim_signing.conf
 2021-04-03 12:43:20 +02:00
Der-Jan
7fdc4c2cc3
[Rspamd] Respect Redis REPLICA in reputation plugin (#4046) 2021-04-02 21:34:52 +02:00
Daniel Lo Nigro
f6847e6f8c
Add comment about maildir_very_dirty_syncs to dovecot.conf 2021-03-13 10:46:32 -08:00
andryyy
749dc0e5c9 Merge branch 'master' of github.com:mailcow/mailcow-dockerized 2021-03-04 16:13:55 +01:00
Timo Eissler
b6d1f78428
[PHP-FPM] Increase PHP memory limit for "cli" to 512M (#4010) 2021-03-03 10:28:15 +01:00
andryyy
4975e4cabd
[SOGo] Fix comments in custom theme 2021-03-03 10:23:51 +01:00
andryyy
e956b32a12
[SOGo] Remove custom theme, disable debug mode, keep example custom-themes 2021-03-02 11:24:00 +01:00
Frederick Nicklas Ambo Eggert Eggertsen
6840a1665d
[Web] Danish lang. 🇩🇰 (#3971) 
Create Danish lang
 2021-02-19 18:23:08 +01:00
andryyy
c2c183df2c
[Ejabberd] Add missing ip in yml 2021-02-17 16:44:11 +01:00
andryyy
9ee0bd8bdf
[Ejabberd] Do not store group chats in archive 2021-02-16 21:33:30 +01:00
andryyy
b11764dff0
[Config] Add ADDITIONAL_SERVER_NAMES as optional config to define additional server_name parameters for mailcow UI 2021-02-16 16:38:28 +01:00
andryyy
c4155d4ab6 [Ejabberd] Do not store messages by default; Delete uploads after 30 days; Use JID in upload file path; Use more secure file permissions; Set max offline messages to 1000; 2021-02-16 16:37:18 +01:00
ValdikSS
b52fa1146a
Unset Postfix smtpd_tls_session_cache_database, reduce disk writes (#3981) 
Postfix may update smtpd_tls_session_cache_database quite frequently even on not busy server, which leads to unnecessary (excessive) disk writes, which is an issue for SSD.
Postfix documentation suggests not to use this parameter anymore since there's another, better TLS session resumption method available.

>As of Postfix 2.11 the preferred mechanism for session resumption is RFC 5077 TLS session tickets, which don't require server-side storage. Consequently, for Postfix ≥ 2.11 this parameter should generally be left empty.

http://www.postfix.org/postconf.5.html#smtpd_tls_session_cache_database
 2021-02-16 11:01:27 +01:00
andryyy
666d344322
[Web] Remove XMPP site when disabling XMPP 2021-02-14 21:33:43 +01:00
andryyy
9febe4e86b [Ejabberd] Require s2s TLS, enforce protocols and ciphers, move admin UI (WIP) 2021-02-14 10:47:53 +01:00
andryyy
38e5dc37d2
[Rspamd] Edit RBL 2021-02-14 10:47:05 +01:00
andryyy
8c6b512f05
[mailcow] Move ejabberd site to last available site 2021-02-12 19:26:49 +01:00
andryyy
38c5470d54
[Ejabberd] Various fixes, sorry (still WIP) 2021-02-11 21:09:46 +01:00
andryyy
462aa0a764
[Ejabberd] Fix bootstrapping, ejabberd could not be enabled 2021-02-11 20:46:13 +01:00
andryyy
f69f6b84f3
[Git] Sort gitignore 2021-02-11 15:24:34 +01:00
andryyy
386d6109c8 Merge branch 'master' of github.com:mailcow/mailcow-dockerized 2021-02-11 09:36:18 +01:00
andryyy
29bcd94b7c
[Rspamd] Increase spam symbol weight 2021-02-11 09:32:47 +01:00
Felix Kaechele
31805f1656
[Web] Implement all supported dovecot password schemas (#3974) 
When migrating from other Dovecot based installations it can be very
convenient to just copy over existing hashed passwords.
However, mailcow currently only supports a limited number of password
schemes.

This commit implements all password schemes that do not require
challenge/response or OTP mechanisms.

A convenient way to generate the regex with all supported schemas is
`docker-compose exec dovecot-mailcow doveadm pw -l | awk -F' ' '{printf
"/^{("; for(i=1;i<=NF-1;i++){printf "%s%s", sep, $i; sep="|"}; printf
")}/i\n"}'`

Note that this will also include unsupported challenge/response and OTP
schemas.

Furthermore this increases the vsz_limit for the dovecot auth service to
2G for the use of ARGON2I and ARGON2ID schemas.

Signed-off-by: Felix Kaechele <felix@kaechele.ca>
 2021-02-11 09:31:53 +01:00
Dmitriy Alekseev
32b6495ea3
[Dovecot] Add Russian and Ukrainian folders (#3967) 
Update dovecot.conf
 2021-02-08 16:09:23 +02:00
Dmitriy Alekseev
a2783d44ad
[SOGo] Add custom favicon (#3957) 
* [SOGo] Add custom favicon

* Update docker-compose.yml
 2021-01-31 09:58:08 +01:00
Dmitriy Alekseev
0a102444fc
[Rspamd] Add FUZZY_SPAM_MISMATCH (#3958) 
Remove score from FUZZY_HAM_MISMATCH
 2021-01-31 09:56:47 +01:00
andryyy
0d1ea05ae2
[Git] Ignore custom SOGo logo 
[SOGo] Slightly more contrast
 2021-01-29 07:37:37 +01:00
andryyy
01b2179d56
[SOGo] Lighter logo 2021-01-28 19:42:52 +01:00
andryyy
410cb558ee
[Dovecot] Check if quarantine_notify.py holds a lock 
[SOGo] Change default theme
 2021-01-28 15:48:59 +01:00
andryyy
049b5ceb31
[Rspamd] Add bulk header 2021-01-26 07:48:39 +01:00
andryyy
e6898beb59
[Rspamd] Remove ham symbols if a fuzzy denied hash matched 2021-01-19 12:59:46 +01:00
Peter
5dcbce662b
[Rspamd] Sort & add infos for bad ASN map (#3934) 2021-01-18 07:06:06 +01:00
Dmitriy Alekseev
d9d129047c
[Rspamd] Score for freemail from to undisclosed recipients 2021-01-17 19:09:02 +02:00
andryyy
3dece1a05c
[Dovecot] Add sieve rule to move DeltaChat (https://delta.chat) messages to folder DeltaChat 
[Web] Add information about extended DNS config
 2021-01-14 09:38:56 +01:00
andryyy
00723631dd
[Postfix] Add parent_domain_matches_subdomains 2021-01-13 21:17:10 +01:00
Dmitriy Alekseev
a832becbd5
[Rspamd] Not trigger FREEMAIL_POLICY for mailig lists (#3918) 2021-01-02 09:49:55 +01:00
andryyy
c28bea6a53 Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2020-12-29 15:20:55 +01:00
Dmitriy Alekseev
fec6876490
[Rspamd] Block spoofing for free mail domains (#3907) 2020-12-28 22:04:01 +01:00
andryyy
9407b55661
[PHP-FPM] Fix fastcgi timeouts 2020-12-26 10:19:52 +01:00
andryyy
2086927bb8
[Compose] Update Dovecot and Rspamd images 2020-12-11 10:04:37 +01:00
andryyy
3535ed6efe
[Rspamd] Set bounce_to ratelimit to 7 / 1m to hopefully reduce backscatter spam 2020-12-07 11:09:06 +01:00
andryyy
96324aa4b5
[Rspamd] Set bounce_to ratelimit to 10 / 1m to hopefully reduce backscatter spam 2020-12-07 11:08:49 +01:00
andryyy
9670d0c4f1
[Rspamd] More explicit Sendgrid ID checking 2020-11-30 07:45:30 +01:00
andryyy
0485e1feb2
[Dovecot] Add sieve_vacation_dont_check_recipient = yes 2020-11-27 09:17:29 +01:00
andryyy
8e15c56330
[SOGo] Increase timeout for SOGo to prevent failure on uploads 2020-11-25 16:11:02 +01:00
andryyy
0a593bfe7b
[Dovecot, Helper] Add HAProxy listener for 4190/tcp sieve 2020-11-19 16:02:05 +01:00
andryyy
586992618c [Rspamd] Revert previous commit; Do not punish DMARC alignment when p=none 2020-11-19 09:44:10 +01:00
andryyy
399951509e
[Rspamd] Exclude DMARC_POLICY_SOFTFAIL from SPOOFED_UNAUTH 2020-11-19 09:37:02 +01:00
andryyy
c1376b4f4c
[Rspamd] Increase bounce_to limit 2020-11-16 11:56:12 +01:00
andryyy
5d9c40b8b4
[Rspamd, Web] Add rewrite subject to known soft quarantine actions 2020-11-13 21:26:42 +01:00
andryyy
0201becf77
[Rspamd] Fix some composites 2020-11-11 14:34:24 +01:00
andryyy
9eb65b03a1
[Rspamd] Remove rule that breaks DMARC valid mails from having their scored lowered 2020-11-09 14:04:56 +01:00
andryyy
6d46ee795b
[Rspamd] Log mail that was put into junk folder and keep a copy in quarantine 2020-11-06 12:26:01 +01:00
andryyy
347217c2d3
[Dovecot] Lower deduplicate interval to not discard duplicates of mail from quarantine that were previously saved in the junk folder 2020-11-06 12:25:09 +01:00
andryyy
2732e0158c
[Rspamd] Add newsletterplus to unwanted bulk (no consent, corona spam) 2020-11-04 09:29:27 +01:00
andryyy
7dc21e036d
[Rspamd] Fixes #3837 by setting correct data type for mails without fuzzy hashes, also implements actions 2020-11-03 10:27:46 +01:00
andryyy
d94b5e43ea
[Rspamd] Add symbol HAM_TRAP or SPAM_TRAP for trap aliases 2020-10-29 20:29:14 +01:00
andryyy
9034e0f3a8
[Rspamd] Fix tag handling for mailboxes 2020-10-28 11:06:33 +01:00
andryyy
61bb3219df
[Rspamd] Fix tag handling for aliases 2020-10-27 07:20:54 +01:00
andryyy
7bcb9414ab
[Rspamd] Handle Postmaster in and outbound as trusted 2020-10-25 10:34:13 +01:00
andryyy
0165c9d26b
[Web] Show fuzzy hash of rejected mail, if any 2020-10-24 16:27:31 +02:00
andryyy
85b8b74a4c
[Rspamd] Do not quarantine blacklisted entities 2020-10-23 20:23:26 +02:00
andryyy
c7e17c7fd1
[Rspamd] Global blacklists are not prefilters anymore to not prevent them from being learned 2020-10-21 19:00:53 +02:00
andryyy
4155d21392
[Rspamd] Remove positive fuzzy scores from bounces 2020-10-20 16:15:02 +02:00
Dmitriy Alekseev
fa153fad38
[Rspamd] Rebalance group policies (#3817) 
* [Rspamd] Rebalance group policies

* [Rspamd] Rebalance group policies
 2020-10-20 11:55:55 +02:00
andryyy
ee9288581a
[Rspamd] Do not post whole body to alias expander... 2020-10-18 19:27:25 +02:00
andryyy
be0ec8efc0
[Rspamd] Composite fixes and adjustments for better filtering 2020-10-18 10:11:27 +02:00
andryyy
f95bd3e7b6
[Rspamd] Simplify forward host rule and add policy group to exceptions for fwd host 2020-10-18 09:12:02 +02:00
andryyy
5cd6bed701
[Rspamd] Fix typo in alias resolvers 2020-10-17 20:09:32 +02:00
andryyy
ddadc1ced2
[Rspamd] Remove unnecessary set_metric_action in tag script 2020-10-17 10:15:14 +02:00
Dmitriy Alekseev
9ba1d4626d
[Postfix] Anonymize sender IP for mail sent locally (#3811) 
This commit resolve #3723
 2020-10-17 09:06:38 +02:00
andryyy
f8291d1967
[Rspamd] Adjust alias resolver prefilter prio 2020-10-16 18:39:22 +02:00
andryyy
0c30d32fdb
[Rspamd] Resolve direct aliases (also fixes tagging options) 2020-10-16 18:27:19 +02:00
andryyy
5a627dc34a
[Rspamd] Add invaluement sendgrid-id-dnsbl 2020-10-13 11:15:12 +02:00
andryyy
7da3b91bd7
[Rspamd] Disable IPv6 for interserver ip bl, enable full host lookup for uribl 2020-10-12 09:23:41 +02:00
andryyy
39a33c4b6d
[Dovecot] Conf: drop duplicates as received within 60 minutes 2020-10-11 10:35:29 +02:00
andryyy
ce77d87c8d
[Dovecot] New global post-filter: drop duplicates as received within 60 minutes 2020-10-11 10:34:15 +02:00
andryyy
efd69f1c1c
[Rspamd] Add Interserver rules, THANK YOU! 2020-10-11 10:30:46 +02:00
andryyy
72542f1d50
[Rspamd] Delete deprecated reputation files 2020-10-09 08:57:51 +02:00
andryyy
1b2731d6e6
[Rspamd] Add reputation plugin, remove deprecated plugins 2020-10-08 17:03:39 +02:00
andryyy
d6688d918b Revert "[Rspamd] Use reputation plugin instead of ip_ and url_reputation" 
This reverts commit 73e87068d8.
 2020-10-08 16:52:20 +02:00
andryyy
73e87068d8
[Rspamd] Use reputation plugin instead of ip_ and url_reputation 2020-10-08 16:51:46 +02:00
Bao H.H
b5ee399fa2
Add simplified Chinese language translations (#3784) 2020-10-01 20:50:49 +02:00
mcmufffin
93ac0d3864
Update site-defaults.conf (#3780) 2020-09-27 12:38:40 +02:00
André Peters
ba0b6963c7
Revert "Update site-defaults.conf (#3778)" (#3779) 
This reverts commit b8ec9ad536.
 2020-09-26 22:53:53 +02:00
andryyy
1256059a4f Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2020-09-26 22:17:51 +02:00
mcmufffin
b8ec9ad536
Update site-defaults.conf (#3778) 2020-09-26 22:15:43 +02:00
andryyy
520056a489
[Rspamd] Quarantine, Pushover: Respect active = 2 while processing 2020-09-26 21:58:49 +02:00
andryyy
1e244e9c0c
[Rspamd] Quarantine, Pushover: Respect active = 2 while processing 2020-09-26 21:58:28 +02:00
andryyy
642ef1a515
[Rspamd] Pushover, quarantine: also process 2020-09-26 21:55:04 +02:00
andryyy
c3c98348e2
[SOGo] Re-enable TLS for internal IMAP connections, enable TLS for internal SMTP connections 
[Web] Minor fix in quarantine view
 2020-09-24 21:51:32 +02:00
andryyy
e2d98323ef Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2020-09-24 20:31:07 +02:00
andryyy
e5f0e1da44
[Rspamd] Fix prio for includes in overrides 2020-09-24 20:30:58 +02:00
Jellyfrog
c31d0cee86
[Nginx] Refresh cipher suites (#3669) 
Also turn ssl_prefer_server_ciphers off.
"The cipher suites are all strong and so we allow the client to choose, as they will know best if they have support for hardware-accelerated AES" - https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
 2020-09-24 07:30:09 +02:00
andryyy
c355bc2b69
[Rspamd] Prepare SMTP ip restriction, WIP 2020-09-23 11:21:28 +02:00
andryyy
f2c1530143
[ClamAV] Set to ConcurrentDatabaseReload and (todo:) add note to docs 2020-09-17 21:48:00 +02:00
andryyy
881f558e48
[Postfix] Add sasl check to deny specific users from using smtp relay 2020-09-17 19:44:52 +02:00
andryyy
22d4c04416
[Dovecot] Postlogin socket owned by vmail 2020-09-17 19:43:57 +02:00
andryyy
2c9140f9f0 Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2020-09-15 12:01:15 +02:00
andryyy
1f36ae28d4
[Postfix, Web] Feature: Show last SMTP login 2020-09-15 11:02:53 +02:00
andryyy
28041b1d97
[Rspamd] Encrypt fuzzy communication, switch to Rspamd 2.6 2020-09-15 11:01:20 +02:00
Noa J
c1034b890d
[Rspamd] Add open-relay-check@mailcow.email to monitoring_nolog.map (#3757) 2020-09-13 13:07:21 +02:00
andryyy
943730de47
[Rspamd] Add filter to global mime black- and whitelists to only match addr 2020-09-12 20:11:18 +02:00
Dmitriy Alekseev
7feb589b90
[Rspamd] Add iso/img to bad extensions (#3753) 2020-09-12 12:21:12 +02:00
Dmitriy Alekseev
eb12c2f8cd
[Rspamd] Disable extension cloaking (#3754) 2020-09-12 12:20:55 +02:00
andryyy
c201a712cb
[Rspamd] Macro check was fixed, remove doc and xls ban for now... 2020-09-09 16:02:14 +02:00
andryyy
013b3f88da
[Rspamd] Meta exporter and settings map: read vars.local.inc.php 2020-09-06 08:54:36 +02:00
andryyy
92074b0edb
[Rspamd] doc and xls are blocked 2020-09-03 15:33:39 +02:00
Dmitriy Alekseev
070cdb7787
Update arc.conf (#3686) 2020-07-31 19:47:03 +02:00
Dmitriy Alekseev
5b52e15fec
Update dkim_signing.conf (#3685) 2020-07-31 19:46:39 +02:00
Marcel Caspar
3dc2b1a721
[Rspamd] Add urlhaus map to rspamd (#3683) 
add the list with online malware urls from URLhaus into rspamd to check against
 2020-07-30 15:24:29 +02:00
andryyy
7d7f85c998 Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2020-07-29 13:57:38 +02:00
andryyy
a349629a5a
[Rspamd] Remove spoofed unauth symbol from mails from whitelisted fwd hosts 2020-07-29 13:57:33 +02:00
Dmitriy Alekseev
72387a4a48
Disable SMTPUTF8 in Postfix due Dovecot-LMTP isn't support it (#3680) 
SMTPUTF8 to work correctly must be done end-to-end. Leaving it enabled now when LMTP cant receive such email gives more issues then profit.
 2020-07-29 13:42:39 +02:00
andryyy
41152193c0
[Dovecot] Increase sieve actions and redirects to 100/101 2020-07-15 15:28:14 +02:00
andryyy
06c8f140b5
[Nginx] Mark script not executable 2020-07-14 13:24:37 +02:00
andryyy
4cd51017a7
[Nginx] Mark script executable 2020-07-14 13:20:50 +02:00
andryyy
d931083e0e
[SOGo] Disable EAS when SKIP_SOGO=y 2020-07-14 13:16:26 +02:00
andryyy
ad8acefb96
[SOGo] Disable EAS when SKIP_SOGO=y 2020-07-14 13:13:32 +02:00
andryyy
e6cc1bf27c
[Dovecot] Include SOGos IP as trusted 2020-07-11 13:33:05 +02:00
andryyy
2344310f47
[SOGo] SOGo does no trust self signed or invalid certificates anymore, add temp workaround 2020-07-11 13:32:49 +02:00
andryyy
0cfdd763f8
[Feature] Add HAProxy listeners and an example override file 2020-07-04 19:30:40 +02:00
andryyy
8ce639aa25
[MySQL] Slightly more resources 2020-07-02 07:53:52 +02:00
andryyy
c673c2a6cc
[Rspamd] Add hint to composite, minor 2020-07-02 07:53:22 +02:00
andryyy
7304add084
[Watchdog] Update compose file, update image 
[Rspamd] Temporarily disable over-signing, as Cyren does mark those mails as DKIM invalid (blame them, not us)
 2020-06-23 21:22:22 +02:00
andryyy
414cbbef6b
[Rspamd] Change whitelisted senders map from prefilter to score -2050 2020-06-19 22:07:10 +02:00
Timo N
5fe9de0500
[API] Removed api_blueprint docs and use swagger (#3595) 
* [NGINX] Removed api docs location

* [WEB] Removed api_blueprint api docs

* [WEB] Added openapi/swagger api viewer

* [WEB] Added openapi.yaml with api docs

* [WEB] Added request body for create app password endpoint

* [Web] Updated types in openapi.yaml

* [Web] Only define API docs auth header once

* [Web] Added 401 api response to docs
 2020-06-07 20:46:17 +02:00
andryyy
75f4b77bc2
[Postfix] Remove smtpd_tls_CAfile, fixes #3589 2020-06-04 16:23:41 +02:00
andryyy
115c6540e2 [Rspamd] Consistent LOCAL_CONFDIR 2020-06-03 08:34:24 +02:00
andryyy
702f221a2d
[Rspamd] More bulk headers 2020-06-01 09:55:45 +02:00
andryyy
b208037b49
[Rspamd] Do not exclude fwd hosts from dmarc checks 2020-05-23 20:32:56 +02:00
andryyy
4881f617a5
[Rspamd] Changes to WHITELISTED_FWD_HOST composite handling 2020-05-23 12:20:57 +02:00
andryyy
615ef47f27
[Rspamd] More excludes for fwd hosts, minor fix to FORGED_W_BAD_POLICY 2020-05-23 11:16:33 +02:00
andryyy
6a95d217b4
[Postfix] Remove obsolete comment 2020-05-21 21:55:43 +02:00
Dmitriy Alekseev
d5ed0c0368
Update anonymize_headers.pcre (#3563) 
Added anonymization for Sieve and changed regex for Rspamd to look same as new Sieve regex
 2020-05-21 20:04:03 +02:00
Igor Scheller
16b2a2c055
[Postfix] Set smtp_address_preference to any (#3561) 
Closes https://github.com/mailcow/mailcow-dockerized/issues/3560
 2020-05-21 19:28:35 +02:00
andryyy
8260fb5baf Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2020-05-20 12:20:42 +02:00
andryyy
347e65736e
[Rspamd] IP WL is no more a prefilter to prevent unsigned mail 2020-05-20 12:15:33 +02:00
Dmitriy Alekseev
4b22bd1dea
Update anonymize_headers.pcre (#3553) 
* Update anonymize_headers.pcre

Change Received by for Rspamd with Dmarc Reporting module enabled.

* Update anonymize_headers.pcre

Co-authored-by: André Peters <andre.peters@debinux.de>
 2020-05-20 11:51:00 +02:00
Florian Lindner
4519f460b4
Remove obsolete setting smtpd_use_tls. (#3548) 
See http://www.postfix.org/postconf.5.html#smtpd_use_tls. It is
controlled by smtpd_tls_security_level, which is set to may.

Co-authored-by: Florian Lindner <florian.lindner@ipvs.uni-stuttgart.de>
 2020-05-18 14:22:21 +02:00
andryyy
ed49ea7b41
[PHP-FPM] Increase timeouts 2020-05-12 18:29:54 +02:00
andryyy
857fa0314b
[Rspamd] Further increase bounce rl 2020-05-08 14:01:16 +02:00
andryyy
b5c59046ed
[Rspamd] Score spoofed senders higher 2020-05-06 20:15:18 +02:00