Commit Graph

372 Commits

Author SHA1 Message Date
andre.peters
1f08e9a7b7 [Postfix] Fixes #967 (assign correct local network range for mynetworks) 2018-01-27 18:13:35 +01:00
Michael Kuron
c30448c4d8 Merge branch 'master' of https://github.com/andryyy/mailcow-dockerized into recipient_map
Conflicts:
	data/web/inc/init_db.inc.php
2018-01-27 17:22:08 +01:00
andre.peters
f0bc580ceb [PHP-FPM] Fix port... 2018-01-27 12:09:25 +01:00
andre.peters
c33ec7e989 [PHP-FPM] Fix duplicate listen 2018-01-27 10:33:50 +01:00
andre.peters
c7729f195b [Rspamd] Fixes #960 2018-01-26 18:56:19 +01:00
andre.peters
7149350973 [Rspamd] Allow internal IPv6 networks 2018-01-24 08:37:49 +01:00
andre.peters
c9b3044d5d [Postfix] Allow internal IPv6 networks 2018-01-24 08:37:27 +01:00
andre.peters
7efe67daaf [ClamAV] Mount ClamAV config files 2018-01-24 08:36:56 +01:00
andre.peters
696b52b5eb [Unbound] Allow internal networks in access-control 2018-01-24 08:36:37 +01:00
andre.peters
67ddc710a7 [Nginx] Set real IP from internal networks 2018-01-24 08:36:19 +01:00
andre.peters
40a9389295 [SOGo] Reduce workers to 7 by default 2018-01-24 08:30:25 +01:00
Michael Kuron
e86565e283 Expose Postfix's recipient_canonical_maps through web UI 2018-01-23 20:02:31 +01:00
andre.peters
a50f85026a [PHP-FPM] Mount php configs into container 2018-01-21 15:00:28 +01:00
andre.peters
83a21259f7 [Rspamd] Use names instead of IPs 2018-01-21 15:00:05 +01:00
andre.peters
83fb8c0fd8 [Nginx] Use names instead of IPs 2018-01-21 14:59:45 +01:00
André Peters
5648ec6d39
Merge pull request #915 from tiirex9/master
Adds 'do nothing' as default for sub-addressing
2018-01-18 10:27:14 +01:00
andre.peters
003e6ef5cd [Web] Important fixes for quarantaine; other minor changes 2018-01-17 15:22:11 +01:00
andre.peters
0019502069 [Rspamd] Increase spam scores for SPF failures 2018-01-16 21:02:45 +01:00
andre.peters
c6bcf322ff [Rspamd] Force-add metadata_exporter 2018-01-16 18:58:29 +01:00
Tii
d58b89528f rspamd multimap redis stuff doesn't work as expected... 2018-01-16 16:31:37 +01:00
Tii
2291bdbeed Added 'do nothing' option as default for sub-addressing 2018-01-16 13:13:04 +01:00
Tii
cd2c242540 Added 'do nothing' option as default for sub-addressing 2018-01-16 12:47:59 +01:00
andre.peters
5fd3d986c7 [Rspamd] Fix settings map regex 2018-01-16 12:42:09 +01:00
andre.peters
5d5d36fc60 [Dovecot] Revert to 2.2 to fix various errors 2018-01-14 10:44:06 +01:00
andre.peters
0d8c7e446a [Dovecot] Update config to fit Dovecot 2.3 2018-01-09 11:28:12 +01:00
andre.peters
868abc15bd [Rspamd] Fix worker-controller-password placeholder 2018-01-02 18:15:33 +01:00
Amir Zarrinkafsh
65386d4ccf Included folder mapping for iOS Mail Trash folder. 2017-12-30 13:58:17 +11:00
andre.peters
eb57fce38f [Dovecot] Possibly fixes #722 2017-12-25 10:25:50 +01:00
andre.peters
ae56c3b59e Fix quarantaine 2017-12-11 10:44:46 +01:00
andre.peters
d71b6f0ad1 Add placeholder for Rspamd controller password written via UI 2017-12-11 09:41:29 +01:00
andre.peters
873222d5f8 [Rspamd] Remove DKIM forced action, move ratelimit lua, add meta exporter 2017-12-09 09:08:23 +01:00
andre.peters
c8f41cdae2 [Postfix] Listener for quarantaine, remove excluded Docker gw from mynetworks 2017-12-09 09:07:06 +01:00
andre.peters
21a677e024 [MariaDB] Move config to my.cnf, removed from yml 2017-12-09 09:06:04 +01:00
André Peters
b1855587ec
Revert exclude, bad idea 2017-12-05 20:53:45 +01:00
André
3ec3a341e4 [Postfix] Remove gw from mynetworks in case of ipv6 failures 2017-11-21 09:33:43 +01:00
André Peters
4c98cbec27
Exclude 172.22.1.1 from mynetworks
In case of v6 nat failures.
2017-11-19 18:44:18 +01:00
André
ade4b9e7ae [Postfix, Web] Feature: BCC maps 2017-11-19 15:13:43 +01:00
André
c2d9928f8f [Rspamd] Set task timeout to 12s 2017-11-10 19:58:56 +01:00
André
3873e38919 [SOGo] Use SOGoMaximumSyncResponseSize of 2048 2017-11-06 13:35:48 +01:00
André
586a0b0e05 [Dovecot] Add bindirs to cache compiled scripts, drop some privileges, run one login proc per user 2017-11-05 12:18:52 +01:00
André
b16684ce20 [Rspamd] Slightly reduce map watch interval 2017-11-03 20:26:36 +01:00
André
21e20f3786 [Dovecot] sieve_before/after maps in sql, changed dict names 2017-11-03 20:25:43 +01:00
André
f067a45bcb [SOGo] Should fix some Android sync issues 2017-11-02 09:51:58 +01:00
André
1e9bc49f2c [Rspamd] Echo dummy for fowardingshosts map; Use higher map reading interval;
[Dockerapi] Exit on sigterm;
[Watchdog] Wait for dockerapi-mailcow to be online
2017-10-27 11:22:39 +02:00
André
083174a9bd [Rspamd] Do not try to index nil value 2017-10-26 22:25:13 +02:00
André
4156b4cdf8 [Rspamd] Disable spoofed sender check 2017-10-26 10:29:13 +02:00
André
988978b351 [Rspamd] Remove log helper and disable fann redis 2017-10-25 20:55:11 +02:00
André
4fd5b9afba [SOGo] Fix for some Outlook 2016 EAS problems 2017-10-25 08:57:34 +02:00
André
f7cd7cc123 [Rspamd] Redis history is enabled by default 2017-10-21 10:09:53 +02:00
Michael Kuron
a4ccd780c6 rspamd: disable greylisting for forwarding hosts 2017-10-14 16:40:44 +02:00
André
a3e966696f [Nginx] Revert to site splitting 2017-10-12 08:37:48 +02:00
andryyy
c5054ae7ed [Watchdog] Ignore null name in jq
[Nginx] Merge sites
[Scripts] Nextcloud helper script (testing!)
2017-10-11 22:56:22 +02:00
andryyy
57484e4a45 [Postfix] Log all watchdog activities to local7 facility 2017-10-11 11:21:41 +02:00
andryyy
874aac3c5e [Nginx, PHP-FPM] Do not expose PHP version, example for nextcloud site, include custom locations to site (add site.something.custom to data/conf/nginx) 2017-10-08 22:57:34 +02:00
andryyy
fc18d153cd [Compose, DockerAPI, Web, Watchdog] Watchdog may send notification mails (todo: docs), DockerAPI via Flesk for limited access 2017-10-05 23:38:33 +02:00
andryyy
073c6c6e73 [Postfix/Rspamd] Do not reject unauthenticated sender mismatches but rewrite their subject and assign symbol SPOOFED_SENDER with score 1.0 2017-10-04 23:16:39 +02:00
André Peters
d8636113dd Merge pull request #636 from mkuron/outlook
Preliminary support for Outlook 2016’s autodiscover.json
2017-10-03 21:23:59 +03:00
Michael Kuron
c731a18f66 Preliminary support for Outlook 2016’s autodiscover.json 2017-09-26 22:11:01 +02:00
andryyy
f257ed92f5 [Rspamd] Add missing ratelimit.conf 2017-09-21 22:21:11 +02:00
andryyy
edb2be979b [Postfix] Changes to ignore watchdog checks 2017-09-21 19:25:43 +02:00
andryyy
fd3b2e5f16 [Rspamd] Changes to ignore watchdog checks 2017-09-21 19:25:17 +02:00
andryyy
288a55b1f3 Merge branch 'dev' of https://github.com/mailcow/mailcow-dockerized into dev 2017-09-20 23:25:07 +02:00
andryyy
ea5aa261c9 [Unbound] Define mailcow ip6 as private 2017-09-20 23:23:11 +02:00
Michael Kuron
a411a357b9 rspamd: exclude Mail Flow monitoring from logs and stats 2017-09-20 15:21:02 +02:00
andryyy
a8fb1d3f4f Add experimental watchdog 2017-09-20 10:56:49 +02:00
andryyy
719aa1a391 [Postfix] Fix protocols 2017-09-18 10:59:45 +02:00
andryyy
67056dc3d1 [Postfix] Less strict smtpd_tls_mandatory_protocols 2017-09-18 08:24:24 +02:00
Michael Kuron
e4f13568d1 Rspamd user settings: fix matching From header 2017-09-16 18:46:28 +02:00
andryyy
089e8776f5 [Postfix] Stricter TLS settings for mandatory connections 2017-09-14 13:34:23 +02:00
andryyy
f0df390d12 [Nginx] Stricter TLS settings 2017-09-14 13:34:07 +02:00
andryyy
00e465a9a1 [Dovecot] Allow INBOX to be shared, sigh... fixes #594 2017-09-14 13:32:11 +02:00
andryyy
92e6c9daae [Nginx] Fix SSL temp. 2017-09-11 17:37:25 +02:00
JOduMonT
b2b9731020 a little bit of security
Hide the version of NGINX, block XSS and more...

inspired by : https://gist.github.com/plentz/6737338
2017-09-09 23:10:36 +07:00
André Peters
78c363b7a5 Merge pull request #565 from mkuron/softreject
Forwarding hosts: treat soft reject like greylist
2017-09-09 10:43:41 +02:00
Michael Kuron
3d9c161be1 Forwarding hosts: treat soft reject like greylist 2017-09-09 10:30:26 +02:00
andryyy
cfd9316d74 Merge branch 'dev' of https://github.com/mailcow/mailcow-dockerized into dev 2017-08-30 21:43:45 +02:00
andryyy
b1213c51d7 [Rspamd] Dynamic ratelimit fixed, removed async redis request; Ready to implement per-user ratelimits via UI (tbd) 2017-08-30 21:42:39 +02:00
André Peters
29acfe85db Merge pull request #536 from mkuron/patch-1
Rspamd user blacklist/whitelist improvements
2017-08-28 22:55:12 +02:00
Michael Kuron
8383ba5e9c Rspamd user settings: fix From header match
The request_header regex appears to not be expected to be encapsulated in slashes and does not seem to accept flags.
2017-08-28 20:27:53 +02:00
Michael Kuron
fcd8cfa4f4 Rspamd user settings: don't print all email addresses of a domain
The ucl_rcpts function can already deal with domains, so lets use this capability.
2017-08-27 14:19:29 +02:00
Michael Kuron
93a092e627 Rspamd user settings: also match From header 2017-08-27 14:19:28 +02:00
Michael Kuron
e178ca36de Rspamd user settings: make regexes case-insensitive
This is necessary because the user web UI normalizes to lowercase
2017-08-27 14:19:28 +02:00
andryyy
e47feeffd6 [Rspamd] Add custom directory for own files 2017-08-18 22:17:01 +02:00
andryyy
e5faee9037 [Nginx] Disable client_max_body_size 2017-08-09 10:17:32 +02:00
andryyy
d85352fa9a [Dovecot] Use listescape 2017-07-31 12:41:18 +02:00
andryyy
aabcf65c69 [Nginx] Set server_names_hash_bucket_size 64 2017-07-30 21:39:35 +02:00
andryyy
9be3aa3334 [Rspamd] Disable monitored 2017-07-27 09:03:44 +02:00
andryyy
83d485dd94 [Web, Postfix, Compose] Allow to add relayhosts per domain (+ plain and login authentication) 2017-07-22 20:39:54 +02:00
andryyy
ed33cb5f57 [Rspamd] ARC: Disallow login/domain mismatch 2017-07-21 11:03:35 +02:00
andryyy
256c9d86dd [Rspamd] Initial custom ratelimit support 2017-07-13 12:55:14 +02:00
andryyy
a31819fd6c [SOGo] Log to a pipe to not keep logs in a container 2017-07-11 17:08:06 +02:00
andryyy
08b99c8d74 [Dovecot] Add doveadm service 2017-07-10 21:30:45 +02:00
andryyy
c5d90b821a [Dovecot] Add extra.conf include to override Dovecot configuration changes 2017-07-10 09:19:12 +02:00
andryyy
56a652fbf3 [Rspamd] Set error_reporting to 0 2017-07-02 11:25:14 +02:00
andryyy
afc8c93c07 [Rspamd] Cleanup settings map 2017-07-01 23:14:27 +02:00
andryyy
6cd44b4136 Remove old code 2017-06-26 23:17:46 +02:00
andryyy
cbb4f51a9d Fix Junk-E-Mail folder name 2017-06-25 11:32:21 +02:00
andryyy
3be99d7f89 Set IPv6 network as secure_ip range in Rspamd 2017-06-24 22:07:26 +02:00
andryyy
578011c78c Move milter config, increase timeout for DNS 2017-06-21 10:18:52 +02:00
andryyy
036c51f053 Prefere ipv4 to fix problems on v4-only envs 2017-06-19 10:39:14 +02:00
andryyy
2a845a0d21 Less verbose 2017-06-18 20:57:54 +02:00
andryyy
9117c499ef Do not break DNS replies.... 2017-06-18 20:57:26 +02:00
andryyy
6fa19a37d8 Unbound changes 2017-06-18 20:23:26 +02:00
andryyy
ba3fc47d5f Fix autodiscover, thanks to K2rool! 2017-06-15 23:03:10 +02:00
James Smith
bcdbbf0102 Make autodiscover case insensitive 2017-06-14 23:42:42 +01:00
andryyy
83cb686e33 Fix fix for Apple dav.... 2017-06-14 23:17:31 +02:00
andryyy
495bf05fb8 Fix for Apple autoconfiguration (dav) 2017-06-14 23:14:41 +02:00
andryyy
e99fa9433e Fix dav url detection for apple 2017-06-14 23:10:50 +02:00
andryyy
44197c410e Do not add milter headers for authenticated users 2017-06-13 07:41:00 +02:00
André Peters
329ac40d95 Merge pull request #332 from mkuron/symlink
Replace symlink to PHP script
2017-06-08 20:57:51 +02:00
andryyy
663ea7815c Use new milter interface 2017-06-06 22:01:41 +02:00
andryyy
a41cafac3e Switch to Rspamds milter interface 2017-06-06 22:00:34 +02:00
andryyy
c9318ecf83 Switch to Rspamds milter interface 2017-06-06 21:59:44 +02:00
andryyy
e15795e112 Enable http2 2017-06-06 21:59:27 +02:00
Michael Kuron
062abb0ca7 Replace symlink to PHP script 2017-06-04 13:31:35 +02:00
andryyy
55071805f3 Execute after rmilter_headers (prio 10) 2017-05-29 21:53:47 +02:00
andryyy
d33399b3cb Fix mismatch in env and from mime header when signing mail 2017-05-29 21:49:01 +02:00
andryyy
e159eb7522 Fix listener 2017-05-29 21:48:41 +02:00
Michael Kuron
eb9217a8b8 SOGo UI: per-user authentication failure rate-limiting 2017-05-28 16:02:34 +02:00
André Peters
fb6893f664 Add IPv6 2017-05-28 11:14:43 +02:00
andryyy
813207c694 Listen on internal IPv6 2017-05-25 10:59:57 +02:00
andryyy
fd92283fb8 Add missing ; 2017-05-24 10:03:06 +02:00
andryyy
258a8ee6e9 Add IPv6 listener to Nginx, fixes IO error in Rspamd logs 2017-05-23 22:24:30 +02:00
andryyy
466b8137e5 Add log_helper to Rspamd, add IPv6 for http maps in Nginx, make Bind listen on v6 and add acl for internal network 2017-05-23 22:23:34 +02:00
andryyy
21714bd054 Remove obsolete map 2017-05-23 21:50:33 +02:00
andryyy
f3a1d81347 Rate extensions 2017-05-23 21:50:05 +02:00
andryyy
e99db685e5 Change map watch interval, remove Mraptor 2017-05-20 14:28:05 +02:00
andryyy
9965ff10a7 Fix mynetworks: Add mailcow ipv6 network 2017-05-17 22:38:59 +02:00
andryyy
63324b0de8 Fix mynetworks: Add mailcow ipv6 network 2017-05-17 22:38:11 +02:00
Michael Kuron
759f21ac6b Consistent symbol names for forwarding hosts
multimap.conf and force_actions weren't using the same name
2017-05-09 07:29:43 +02:00
andryyy
d64ed65575 Add multimap and forced actions for forwarded_hosts, removed from settings 2017-05-08 23:09:21 +02:00
André Peters
5861bec0c3 Merge pull request #256 from mkuron/forwardinghosts
Optionally enable spam filter for forwarding hosts
2017-05-08 19:00:42 +02:00
andryyy
cdf7c87e20 Deleted two http maps, replaced by redis multimaps, much better tag system 2017-05-08 15:39:33 +02:00
Michael Kuron
7efc720d47 Merge remote-tracking branch 'origin/dev' into forwardinghosts 2017-05-08 07:39:30 +02:00
andryyy
aa98d86feb Sieve rule for tags changed 2017-05-08 00:27:16 +02:00
Michael Kuron
ae6d7d63fc Optionally enable spam filter for forwarding hosts 2017-05-07 08:50:28 +02:00
andryyy
fa3a47fde5 Log to syslog 2017-05-06 23:42:07 +02:00
andryyy
ecda4fb1d1 Change whitelist for forwarding hosts 2017-05-06 23:41:58 +02:00
andryyy
b3a161f930 Keep format 2017-05-06 08:09:40 +02:00
andryyy
1501df6e42 Use Redis for DKIM keys, define any selector, auto-merge old keys to Redis and fallback to files 2017-05-05 10:35:27 +02:00
andryyy
e3f9839410 Do not use sld for DKIM signing 2017-05-04 19:12:21 +02:00
andryyy
edc41b48d1 Add map for scheme... 2017-05-03 22:26:10 +02:00
andryyy
2f0129539b Hopefully fix all Nginx reverse proxy issues, see documentation updates! 2017-05-03 18:05:13 +02:00
andryyy
8f213e8df9 Changes to api path 2017-04-29 16:36:41 +02:00
andryyy
a03b36e0c3 Add object to Nginx api configuration 2017-04-26 23:37:55 +02:00
andryyy
fd84b2ffa9 Change DKIM to new method, add clamav forced action when virus is found" 2017-04-25 20:32:36 +02:00
andryyy
e4310cafb3 Revert RP changes 2017-04-25 10:49:38 +02:00
Michael Kuron
f3fad4e7a2 Remove rspamd size limit
This ensures that the spam and antivirus filters cannot be evaded by making the message large enough.
Rspamd does not need a size limit on its own (e.g. for DoS protection) as Postfix already has a size limit (message_size_limit).
2017-04-24 19:49:41 +02:00
André Peters
0f3202109d Merge pull request #212 from mkuron/reverseproxy
Fix CalDAV/CardDAV URLs displayed in SOGo web interface when used behind reverse proxy
2017-04-24 10:09:32 +02:00
andryyy
755da65426 Change path 2017-04-23 19:38:27 +02:00