Commit Graph

506 Commits

Author SHA1 Message Date
andryyy
c57a544c52
[Postfix] Disable auth on port 25 2019-02-05 10:35:32 +01:00
andryyy
7a96516fad Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2019-02-05 00:05:00 +01:00
andryyy
6f478ed2a3
[Rspamd] Set history lines to 10000 2019-02-05 00:02:56 +01:00
andryyy
aa1e03476d
[Dovecot] Enable quota notifications 2019-02-04 23:59:31 +01:00
Tobias "Knight" S
c06e4c81cf
Enable TLSv1.3 finally
With Alpine 3.9 https://pkgs.alpinelinux.org/package/v3.9/main/x86/openssl we got OpenSSL 1.1.1a. 
With https://github.com/docker-library/official-images/pull/5377 it was merged into the Nginx upstream image and thus Nginx was built with it.
2019-02-01 01:04:13 +01:00
andryyy
6ad8798d5c [Nginx] Compress some files, don't compress proxy answers 2019-01-31 17:07:49 +01:00
andryyy
14901eed64
[Nginx] Remove broken locations 2019-01-31 15:58:35 +01:00
andryyy
60f9968134
[Nginx] Add compression, change expires 2019-01-31 15:45:57 +01:00
andryyy
b3f84d2c78
[Dovecot] Remove break-imap-search (it is a default setting) 2019-01-29 13:25:35 +01:00
andryyy
8da54e5194
[Rspamd] Split global wl from to mime-from and smtp-from 2019-01-29 12:11:10 +01:00
andryyy
07392b7437
[Watchdog] Use stackoverflow.com for DNS check
[Git] Ignore mail_plugins*
[Dovecot] Read mail_plugins from dynamically generated file
[Dovecot] Encrypt FTS
[Dovecot] Add break_imap_seach option to Solr
[Web] Add ability to send quarantine notification mails
[Web] Minor style fixes
[Web] Add new MAILBOX_DEFAULT_ATTRIBUTES (doc updates, anyone? :-( )
[Web] Use rcpt_smtp if rcpt_mime is not set
[Web] Other minor fixes
2019-01-29 00:20:39 +01:00
andryyy
d6efc2fcd3
[Rspamd] Fix metadata_exporter
[Web] Show subjet in quarantine
[Compose] Update Rspamd image
2019-01-17 22:00:18 +01:00
andryyy
2e8bd8b3c4
[Dovecot] Add czech folder names to namespace 2019-01-16 23:47:15 +01:00
andryyy
a2b52e0969
[Dovecot] Use Solr for LMTP 2019-01-16 22:19:40 +01:00
André Peters
f3dfe346bf [Dovecot] Allow setting ACL_ANYONE in mailcow.conf 2019-01-16 19:08:19 +01:00
Aiko Appeldorn
4c176d3833 [rspamd] increased values for SPF, DKIM reject 2019-01-15 18:54:05 +01:00
andryyy
17222eac94
[Rspamd] Set max_size for AV
[Rspamd] Set higher/lower scores for local fuzzy matches
2019-01-13 23:02:09 +01:00
Michael Kuron
2b0065d5ab
Do not apply SOGO_CONTACT for hard SPF failures
Fixes #1983 more completely
2019-01-13 10:28:21 +01:00
andryyy
fc1c2dc87b
[ClamAV] Do not log twice 2019-01-12 08:56:02 +01:00
André Peters
a520293461
[Dovecot] Add more special_use folder names 2019-01-09 18:10:36 +01:00
andryyy
94d7952802
[Rspamd] Scan the whole message to be able to trigger Sanesecurity rules
[Rspamd] Increase add_header and greylist score
2019-01-08 13:00:56 +01:00
andryyy
2baf407331
[Rspamd] preg_quote filter objects, only translate * to .* - fixes #2152 2019-01-08 12:58:27 +01:00
andryyy
e42afa39a8
[ClamAV] Update to 0.101.1 (based on Debian to fix some errors)
[ClamAV] Some config values are deprecated and were replaced
2019-01-08 12:54:33 +01:00
Markus Heberling
9750ec5bec
Merge branch 'master' into master 2019-01-01 14:20:22 +01:00
andryyy
b3896d464c [SOGo] Remove old js file 2018-12-23 17:12:14 +01:00
andryyy
e84dec3b56 [SOGo] Revert self-built SOGo 2018-12-21 19:54:32 +01:00
andryyy
ad90496169 [SOGo] Add logo to config dir
[Web] Add missing lang strings for transport maps
2018-12-20 19:02:47 +01:00
andryyy
bcd6e43665 [Postfix] Remove verbose flag from smtp service 2018-12-19 12:16:36 +01:00
andryyy
cd72a4e18b [Postfix] Split SASL passwd maps
[Postfix] create new smtp service to skip sender-dependent SASL map
[Postfix] Hard-bounce on SASL errors
2018-12-19 09:40:08 +01:00
andryyy
534e83a218 [Nginx] New WebServerResources path 2018-12-19 09:37:07 +01:00
andryyy
ed763cd668 [Rspamd] Use meta exporter to pipe meta data of ratelimited msg to Redis 2018-12-15 21:23:42 +01:00
andryyy
e7427eddf3 [Rspamd] Updated values of default ratelimit settings, add info_symbol 2018-12-15 21:22:59 +01:00
andryyy
497b6a39de [Postfix] Add missing regexp map, fixes #2083 2018-12-11 17:16:53 +01:00
Markus Heberling
4755bb323b Allow setting ACL_ANYONE in the configuration 2018-12-11 11:32:36 +01:00
andryyy
9b1f51ae3f [Git] Add allow_mailcow_local.regexp and dovecot-master.userdb 2018-12-10 23:26:28 +01:00
andryyy
9b720bb07a [Dovecot] Add master user to userdb (to be used in SOGo) 2018-12-10 23:25:37 +01:00
andryyy
fa3525e2dd [SOGo] Enable EMailAlarms 2018-12-10 23:24:49 +01:00
andryyy
3a39937baf [Rspamd] Do not apply SOGO_CONTACT for SPF fails and when sending from whitelisted host 2018-12-10 13:26:18 +01:00
andryyy
e43c696204 [Rspamd] Remove SOGO_CONTACT for header from 2018-12-10 13:25:38 +01:00
andryyy
c2d413bff4 [MySQL] Remove deprecated values for future use of MariaDB 10.3 2018-12-10 13:23:02 +01:00
andryyy
fe95852f45 [Dovecot] Increate proc limit and default client limit 2018-12-06 16:47:41 +01:00
andryyy
968f6f4157 [Rspamd] use boolean for one_shot, fixes #2066 2018-12-04 08:31:56 +01:00
andryyy
e02c51b1d1 [Rspamd] Fix examples for global white/blacklist 2018-11-29 21:51:09 +01:00
root
d445d7d2e7 [Web] Allow actions in quarantine modal, fixes #1991
[Web] Fixes for Source Sans Pro font
[Rspamd] Add global rcpt blacklist and whitelist
[Compose] New Rspamd image
2018-11-27 10:20:42 +01:00
andryyy
113c6fe018 Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2018-11-26 10:41:44 +01:00
andryyy
f76c3ee7f3 [Dovecot] Unsupported examples for IMAP auth via LDAP
[Rspamd] Globel whitelist/blacklist from via multimap
2018-11-26 09:06:51 +01:00
André Peters
a13c2c9359
Merge pull request #1949 from patschi/patch-1
[Postfix] Security: Prefer server-side ciphers
2018-11-22 12:59:06 +01:00
Max
822175f20a
Outlook-Folder-Alias 2018-11-14 22:18:02 +01:00
andryyy
224a5ebd9a [Dovecot] Enable mail_log (events: delete undelete expunge copy mailbox_delete mailbox_rename)
[Dovecot] Increase vsz_limit for some services to 1 G
[Dovecot] Enable auth_cache
2018-11-12 21:00:39 +01:00
andryyy
1d9f820b02 [SOGo] Include custom-sogo.js to dynamically add JS to SOGo, increase textarea font of CKeditor by default 2018-11-12 09:59:49 +01:00
andryyy
869e01a9a7 [Rspamd] Add fuzzy hash to msg 2018-11-12 09:57:25 +01:00
andryyy
4f7f493490 [Rspamd] Add SOGo contacts to whitelist 2018-11-12 09:56:54 +01:00
andryyy
e6625501e7 [Nginx] Remove Strict-Transport-Security for subdomains (prevented autoconfig from working without TLS) 2018-11-12 09:53:18 +01:00
andryyy
159c36b531 [Dovecot] Create crypted mail_attachment_fs to store attachments with a min size of 128k
[Dovecot] Shared location to "auto:" to auto-detect legacy mailbox formats across shared mailboxes
[Dovecot] Create config service for crypted mail_attachment_fs
2018-11-12 09:52:12 +01:00
Michael Kuron
4ee546c04a
Reduce rspamd DNS timeout
Fixes #1957
2018-10-29 19:55:24 +01:00
andryyy
f92b20c9ad [Rspamd] Change log level to silent (see docs) 2018-10-27 13:55:55 +02:00
andryyy
af5ce48e8d [ClamAV] Remove AllowSupplementaryGroups from freshclam.conf (deprecated) 2018-10-27 13:24:14 +02:00
andryyy
bf71f9b600 [Postfix] Add tls_preempt_cipherlist to SMTPS 2018-10-27 13:22:29 +02:00
andryyy
42fe16250b [Rspamd] Adjust default values for (perm) failures of DKIM and SPF 2018-10-26 20:04:41 +02:00
Patrik Kernstock
1dc9d3fa27
[Postfix] Security: Prefer server-side ciphers
Prefer server-side ciphers to prevent client-side cipher downgrade. Already enabled in Dovecot.
2018-10-25 23:37:25 +02:00
andryyy
5f02c6006c [Postfix] Do not remove user agent 2018-10-23 23:22:43 +02:00
André
93e0206db4 [Update] Remove mailcow_anonymize_headers.pcre checks
[Postfix] Rename mailcow_anonymize_headers.pcre > anonymize_headers.pcre to prevent collisions
2018-10-23 22:57:38 +02:00
André
66d8f33aac [Postfix] Move "should not"-sign headers out of Postcow check to always remove them, fixes #1911 2018-10-23 21:55:55 +02:00
André Peters
68f2a1c5fc
[Rspamd] Properly close additional Rspamd maps 2018-10-19 11:12:58 +02:00
André
73b48fc13e [Rspamd] Remove deprecated attachments_only in AV module
[Rspamd] Remove old symbol score
2018-10-16 22:59:25 +02:00
André
51dd88abeb [Unbound] Reduce negative max ttl to 60s and min-ttl for all other keys to 5 2018-10-16 20:14:14 +02:00
André
8958449e76 [Postfix] Remove headers only when mail_name matches 2018-10-16 20:11:21 +02:00
André
d99b8aaf69 [Postfix] Change mail_name to Postcow and only replace headers when mail_name matches 2018-10-16 10:26:41 +02:00
Tobias "Knight" S
41c8a8bb46
disabling more functions inside php-fpm 2018-10-15 22:52:30 +02:00
André Peters
83a5eda762
Merge pull request #1434 from apoc4lyps/master
hardening http headers
2018-10-15 22:48:50 +02:00
André
abd0a1b337 [PHP-FPM] Disable some functions by default 2018-10-15 20:52:39 +02:00
André
a844adde0f [Postfix] Add mailcow_anonymize_headers to default config 2018-10-15 20:52:06 +02:00
André
c80fe40669 [Unbound] Do not allow from all (dangerous for setups with incorrect netfilter setups) 2018-10-12 11:35:45 +02:00
André
1fce562434 [Dovecot] Set imap_max_line_length = 2 M 2018-10-12 10:56:40 +02:00
André
3db6af5c90 [Unbound] Trust all addresses - do not expose Unbound! 2018-10-12 10:56:17 +02:00
André
32f7ae1d2e [Rspamd] Prefix quarantine error_log messages with "QUARANTINE"
[Rspamd] Fix quarantine max size check (it was ignored)
2018-10-11 11:55:52 +02:00
André
c0b590fff6 [PHP-FPM] Move max_execution_time and max_input_time to general PHP config, removed as fixed php_admin_value 2018-10-11 11:54:38 +02:00
André
c08149adef [SOGo] EAS changes, larger timeout 2018-10-05 11:12:55 +02:00
André
f6b2a6aab2 [Postfix] Enable/create smtp_tls_policy_maps 2018-10-04 14:34:34 +02:00
André
2f18eb5ad0 [Nginx] Avoid php extensions, use rewrite 2018-10-04 14:34:00 +02:00
André
b2067cb521 [SOGo] SOGoMaximumSyncWindowSize = 99 2018-10-04 14:33:32 +02:00
André
b8ebdc3c58 [Postfix] Increase default message size limit to 100 MiB 2018-10-01 22:06:20 +02:00
André
a054182246 [Rspamd] Add desc to high spam networks 2018-09-30 18:56:35 +02:00
André
cdca603ff5 [Unbound] Fix logging, fixes #585
[Rspamd] Fix permissions of controller password file
[Unbound] Enable unbound-control
2018-09-30 14:43:18 +02:00
André
b008211f52 [Rspamd] Controller password placeholder 2018-09-30 09:55:50 +02:00
André
8439daea7e [Rspamd] Revert adding worker-controller-password... 2018-09-30 09:54:19 +02:00
André
4396be2938 [Rspamd] Place socket in _rspamd home and fix permissions
[Compose] Remove volume for Rspamd socket
[Web] Do not exit loop on fuzzy errors when learning a message as spam
2018-09-30 09:53:25 +02:00
André
73b10350d0 [Rspamd] Ignore sa-rules-heinlein file, remove from index 2018-09-29 22:03:48 +02:00
André
0fb43f4916 [Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
André
c7cef3241f [Rspamd] Controller worker count == 1, fixes #1716 2018-09-12 20:32:59 +02:00
André
1b5409f3fa [Rspamd] Check if ip is valid (KEEP_SPAM symbol), fixes #1759 2018-09-12 15:50:42 +02:00
André
1499094b61 [PHP-FPM] Increase PHP memory limit for "web" to 512M
[Helper] Nextcloud 14
[Rspamd] Fix KEEP_SPAM lua script: skip check if ip is false
2018-09-11 19:35:21 +02:00
André
ea4a26eabf [Nginx] Use SOGo web resources from local mount 2018-09-09 09:51:37 +02:00
André
afc18fd469 [Rspamd] Update bad asn, move KEEP_SPAM to a custom lua function 2018-09-09 09:47:47 +02:00
André
e5b830adea [Dovecot] Fix shared namespace 2018-08-31 23:33:55 +02:00
André
6cee038a63 [Dovecot] IMPORTANT: Disables 'any' and 'all authenticated' ACL settings! See wiki how to revert this, if you need it. 2018-08-17 21:44:17 +02:00
André
d5e81b987b [Dovecot] Set from address for sieve generated addresses, fixes #1662 2018-08-13 08:31:09 +02:00
André
02e567f76b [Dovecot] Set CONTROL path for shared namespace and remove index 2018-08-08 23:59:38 +02:00
apoc4lyps
cf56be1843
set Referrer-Policy to strict-origin 2018-08-06 09:24:34 +02:00
André
d83537cda0 [ClamAV] Add whitelist template for ClamAV 2018-08-05 22:38:06 +02:00