Commit Graph

752 Commits

Author SHA1 Message Date
andryyy
5a0df09361
[Rspamd] Rate .doc with +10, decrease default bayes ham score 2019-12-20 15:44:58 +01:00
andryyy
57003a8215 [Postfix] Update Postscreen whitelist 2019-12-15 22:04:45 +01:00
andryyy
8c3ab0371a
[ClamAV] Copy productive whitelist.ign to exposed configuration folder, remove direct mount of whitelist file 2019-12-14 15:12:37 +01:00
andryyy
25c2bcc8b3
[ClamAV] Force add default whitelist.ign2 2019-12-14 15:04:09 +01:00
andryyy
6564944f7a
[Postfix] Add bl.suomispam.net 2019-12-06 16:15:04 +01:00
andryyy
309f90a9b3
[Dovecot] Change LUA path 2019-12-06 10:20:47 +01:00
andryyy
7e2aa42578
[IMPORTANT] If you run Ubuntu 16.04, upgrade your kernel to linux-generic-hwe-16.04
[ClamAV] Remove deprecated parameter
2019-12-05 14:29:04 +01:00
andryyy
afb43c9c5b
[Dovecot] Fix app passwds: allow multiple pass hashes by using LUA construct 2019-12-03 18:50:45 +01:00
andryyy
653c058e33
[Web] Feature: Allow app passwords for imap/smtp, allow to set acl permission for app passwords (domain admin [when logged in as user] and user) 2019-12-02 11:02:19 +01:00
andryyy
0e6dfdd0fe
[Nginx] Catch case-insensitive /sogo$ request and redirect to /SOGo 2019-12-02 10:55:17 +01:00
andryyy
7b4ed3bf64
[Rspamd] Lower map watch interval 2019-12-02 10:54:22 +01:00
andryyy
9257fa90d4
[Nginx] Fix 301 to SOGo 2019-11-28 19:14:23 +01:00
andryyy
ce15dda990
[Nginx] Redirect /S|sogo* to /SOGo 2019-11-28 15:08:11 +01:00
andryyy
8badb146e9
[Unbound] Disable ipsecmod 2019-11-26 21:08:47 +01:00
andryyy
d57e2b58c1
[Rspamd] Reduce ptr fail score 2019-11-24 16:09:59 +01:00
andryyy
19d0eedeba
[Rspamd] Add FORGED_W_BAD_POLICY 2019-11-24 16:08:58 +01:00
andryyy
eeda59e048
[Postfix] Add more service labels, thanks to @christianbur 2019-11-24 15:35:56 +01:00
andryyy
5d7e365592
[Postfix] Remove test var 2019-11-24 15:23:16 +01:00
andryyy
4a36eb014c
[Postfix] TLS protocols for submission and smtps can be overriden using extra.cf (submission_smtpd_tls_mandatory_protocols and smtps_smtpd_tls_mandatory_protocols), thanks to @christianbur
[Postfix] Show overriding warnings when starting Postfix, but hide them in syslog output
2019-11-24 14:18:27 +01:00
andryyy
79bcbe5a51
[MySQL] Some tweaks to lower RAM consumption, thanks to @Thomas2500 2019-11-21 19:41:50 +01:00
andryyy
e0535bedbb
[Rspamd] Set new last modified when changing Rspamd settings 2019-11-18 16:42:56 +01:00
andryyy
7a87c492ed
[Rspamd] Fix bad ASN map format 2019-11-18 13:26:16 +01:00
andryyy
d67e4e83c9
[Rspamd] Increase score for BAD_REP_POLICIES 2019-11-15 23:51:48 +01:00
andryyy
e439d52ff2
[SOGo] Minor config changes 2019-11-15 17:39:32 +01:00
andryyy
56ddc4bd26
[Rspamd] Add new default reject message
[Rspamd] Add Sorbs
2019-11-15 07:58:04 +01:00
andryyy
64f8ed2fbc
[Rspamd] Increase invalid PTR score 2019-11-14 10:17:58 +01:00
andryyy
2e972fb03b
[Rspamd, Postfix] Move PTR check to Postfix 2019-11-14 10:17:14 +01:00
andryyy
99326f81de
[Rspamd, Postfix] Move PTR check to Postfix 2019-11-14 10:16:51 +01:00
andryyy
c4656e00fd
[Postfix] Add hint for custom_transport.pcre 2019-11-12 20:50:21 +01:00
andryyy
e1fdbba0f7
[Postfix] Add custom_transport.pcre 2019-11-12 20:44:43 +01:00
andryyy
4ccad6b0c3
[MySQL] key_buffer_size it is 2019-11-11 23:20:01 +01:00
Michael Kuron
fbc7b7dce5 rspamd: Don't remove WHITELISTED_FWD_HOST if SOGO_CONTACT present (#3084) 2019-11-11 08:20:46 +01:00
andryyy
1d1a9a27c9
[MariaDB] Adjustments 2019-11-08 08:14:57 +01:00
andryyy
3235edea88
[MariaDB] Adjustments 2019-11-08 08:12:34 +01:00
andryyy
15f3a664cd
[MySQL] Disable query cache 2019-11-06 21:03:00 +01:00
andryyy
04ae2fadef
[MySQL] Reduce memory usage 2019-11-06 20:12:25 +01:00
andryyy
bcc28784f7
[Rspamd] CL is not a fishy tld 2019-11-02 12:02:49 +01:00
andryyy
7f8b13434d
[Rspamd, Dovecot] Do not use Schaal rules - probably too much for Rspamd 2.x to handle, mem leak? 2019-10-31 20:43:07 +01:00
andryyy
50020bf1f0
[Rspamd] Remove neural, other gbc options 2019-10-31 19:55:42 +01:00
andryyy
6655ada308
[Rspamd] Remove unwanted options after talking to Vsevo 2019-10-31 19:03:20 +01:00
andryyy
573e62f181
[MySQL] Allow more connections 2019-10-31 06:38:12 +01:00
andryyy
59d966ab0f
[MySQL] Reduce max-connections, disallow performance_schema 2019-10-30 21:08:59 +01:00
andryyy
df3d78f03b
[Rspamd] Reset logging 2019-10-30 20:18:21 +01:00
andryyy
27de9dbf92
[Rspamd] Slight changes to improve memory usage
[Web] Dirty hack to touch Rspamd maps a second time
2019-10-30 20:07:58 +01:00
andryyy
c0f39e5cac Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2019-10-29 18:36:53 +01:00
andryyy
a71f590b1e
[Rspamd] Remove score from neural 2019-10-29 18:36:49 +01:00
andryyy
8683e4bd9a
[Rspamd] Use last-modified headers to not read unmodified settings map every 30 seconds 2019-10-29 14:21:58 +01:00
Michael Kuron
c63967f7be
Rspamd: increase redis timeout 2019-10-26 13:00:31 +02:00
andryyy
be4099182b
[Rspamd] Do not log watchdog mails 2019-10-21 20:42:43 +02:00
André Peters
de8cfbde03
Merge pull request #3072 from tinect/deliverCSSandJSfiles
deliver CSS and JS as external request
2019-10-21 11:18:49 +02:00
andryyy
d5ee7de66a
[Rspamd] Disable info logging, re-enable silent logging, only apply MILTER_HEADERS symbol to watchdog Rspamd settings map 2019-10-20 21:48:30 +02:00
tinect
cc1bf5d426 deliver CSS and JS as external request 2019-10-20 21:25:58 +02:00
Marcel Hofer
f2b552c00d
Fix custom http redirects with TLS-SNI
Disable http listener for SNI ssl hosts in nginx. This allows the use of the following config again:
https://mailcow.github.io/mailcow-dockerized-docs/u_e-80_to_443/

However that documentation page should still be updated: https://github.com/mailcow/mailcow-dockerized-docs/pull/175/commits
2019-10-20 20:24:16 +02:00
Marcel Hofer
05e7c95829 [SSL] fix wildcard compare for non-bash shell 2019-10-20 17:02:54 +02:00
Marcel Hofer
dcd50b2245 [SSL] restore old nginx templates. fix possible issues with custom nginx sites 2019-10-20 16:41:53 +02:00
Marcel Hofer
84c5f43438 [SSL] re-add nginx site.conf 2019-10-19 12:49:23 +02:00
Marcel Hofer
2e35da6816 [SSL] create individual domain certificates, add SNI configs for Postfix/Dovecot/Nginx 2019-10-19 12:48:56 +02:00
andryyy
a606f60b54
[Nginx] Modify site to catch failed logins to /rspamd 2019-10-12 13:16:49 +02:00
andryyy
ee57b5921f
[Rspamd] Various fixes for Rspamd 2.0, neural network activated, autolearning activated (auto-keeps a ratio) 2019-10-12 13:14:34 +02:00
andryyy
0cfa056faa
[Rspamd] Do not quaratine if symbol is GLOBAL_X_BL 2019-10-10 12:38:24 +02:00
andryyy
1580e4b2a5
[Nginx, SOGo] Adjustments for EAS 2019-10-06 10:12:46 +02:00
André Peters
a008855991
Merge pull request #2999 from ntimo/task/api-docs
[Nginx] Fix nginx config for API docs
2019-10-04 08:51:26 +02:00
andryyy
8f7693ccdb
[Postfix] Update postscreen_access 2019-10-04 08:43:59 +02:00
André Peters
37f6ddac2e
Merge pull request #2950 from friedPotat0/postwhite
update postscreen whitelist by using postwhite
2019-10-04 08:41:29 +02:00
ntimo
6ab1304579
[Nginx] Make api docs browsable using /api and /api/ uri 2019-10-03 11:27:44 +02:00
ntimo
7c43e2e120
[Nginx] Fix nginx config for API docs 2019-10-03 11:19:17 +02:00
andryyy
0f5c930e48
Fix site 2019-10-03 11:15:53 +02:00
ntimo
5cf74f6b85
[NGINX] Make API docs accessible using /api/ 2019-10-02 22:13:47 +02:00
André Peters
9f66b83a34
Merge pull request #2965 from phenomax/postfix-no-renegotiation
[Postfix] Add NO_RENEGOTIATION to tls_ssl_options
2019-09-28 22:17:32 +02:00
andryyy
9b7668d912
[Nginx] Custom 502 2019-09-24 06:53:13 +02:00
andryyy
a231ecaed5
[Rspamd] Fix ARC defaults, thanks to klausenbusk 2019-09-23 10:44:58 +02:00
andryyy
287c577fc4
[Rspamd] Set !ARC_ALLOW to SPF FAIL check 2019-09-23 10:44:26 +02:00
Max Uetrecht
bbe396d3c2
[Postfix] Add NO_RENEGOTIATION to tls_ssl_options 2019-09-22 17:38:03 +02:00
andryyy
b5d169cf90
[Postfix] Fix anonymize headers... 2019-09-19 06:48:21 +02:00
André Peters
1bbe1a2367
Merge pull request #2940 from ntimo/task/split-bad-words
[RSPAMD] Split bad words into multiple files per language
2019-09-18 18:35:11 +02:00
friedPotat0
ea8c002eff update postscreen whitelist 2019-09-18 15:30:43 +02:00
andryyy
b3c2f683cb
[Postfix] Adjustments for RBL 2019-09-18 07:58:54 +02:00
friedPotat0
58cbf2c9c8 update postscreen whitelist by using postwhite 2019-09-17 21:27:17 +02:00
ntimo
ba6c5b7197
[Rspamd] Updated bad_word maps 2019-09-17 20:39:08 +02:00
ntimo
3ca014ee79
[Rspamd] Added multimap config for bad_words_de.map 2019-09-16 18:18:56 +02:00
ntimo
005ed2cadc
[Rspamd] Split bad words into multiple files per language 2019-09-15 11:53:04 +02:00
André Peters
83cd62d46f
Merge pull request #2928 from MAGICCC/feature/remove-dnsbl-inps.de
[Postfix] Remove discontinued DNSBL dnsbl.inps.de
2019-09-10 18:07:03 +02:00
André Peters
d1e56ab7bc
Update fishy_tlds.map 2019-09-10 16:48:40 +02:00
MAGIC
b272ed04a0
[Postfix] Remove DNSBL dnsbl.inps.de due to legal reasons 2019-09-09 21:37:49 +02:00
André Peters
8f4d468209
Merge pull request #2916 from Thomas2500/patch-1
Disable SSL ticket support in dovecot
2019-09-09 07:47:37 +02:00
andryyy
87e99e53d9
[Postfix] Fix anonymize headers 2019-09-08 10:29:06 +02:00
Thomas Bella
3983b3d393
Disable SSL ticket support in dovecot
Because tickets are normally only generated on service start, we should disable it to provide better PFS.
2019-09-06 12:39:33 +02:00
andryyy
8608ded0ed
[Postfix] Replace Postcow header, remove authed user 2019-09-06 08:02:52 +02:00
André Peters
f87beded34
Update fishy_tlds.map 2019-09-05 14:32:04 +02:00
andryyy
0d5df21ffc
[Postfix] Route watchdog@localhost to local7 discard 2019-09-04 23:07:35 +02:00
andryyy
8d0b2678fe
[Rspamd] Remove some TLDs from fishy map 2019-09-04 08:14:35 +02:00
andryyy
1495bda2e1
[Postfix] Add info about extra.cf 2019-09-02 18:39:08 +02:00
andryyy
1bdf861177 [Postfix] Add comments to config files, cleanup a bit 2019-09-02 09:31:30 +02:00
andryyy
9c714b34a4
[Rspamd] Bad word update and score change 2019-08-30 19:30:38 +02:00
andryyy
569296dcdc
[Rspamd] More bad words - todo: split by language 2019-08-30 18:54:54 +02:00
andryyy
5a89dc114d
[Rspamd] Minor changes to fishy tlds and bad words 2019-08-29 18:57:37 +02:00
andryyy
6e82a35929
[Rspamd] Important fix for fishy maps 2019-08-28 15:04:53 +02:00
andryyy
1414e9df00
[Rspamd] Reduce fishy tld score
[Compose] Update Dovecot image
2019-08-28 14:37:04 +02:00
andryyy
a5d569e0ca
[Rspamd] Reduce fishy tld score 2019-08-28 14:26:01 +02:00
andryyy
01fe856d05
[Rspamd] Fix a domain name 2019-08-28 13:05:42 +02:00
andryyy
23ae0c3cc1
[Rspamd] Filter 'em bad words from 'em bad tlds 2019-08-28 13:03:15 +02:00
andryyy
abf33b75f4
[Postfix] Remove Zeyple config 2019-08-25 16:00:33 +02:00
andryyy
e342016534
[Rspamd] Fix scores of UCE 2019-08-22 22:08:22 +02:00
andryyy
084eb008a1
[Rspamd] Add UCE to RBL 2019-08-22 16:34:03 +02:00
andryyy
9bbf9dc68e
[Rspamd] Fix and improve settings map 2019-08-21 21:07:51 +02:00
andryyy
3a26365b51
[Rspamd] Change SA ruleset name 2019-08-21 14:37:30 +02:00
andryyy
a2386434fd
[Postfix] More RBLs, lower thresholds 2019-08-16 22:17:28 +02:00
andryyy
217da8c7fc
[Postfix] Reduce threshold to 4, format list 2019-08-16 07:55:17 +02:00
andryyy
1b3a5d54ca [Postfix] Reduce RBL threshold
We should move more RBL checks to Postfix
2019-08-16 07:46:19 +02:00
andryyy
9e0381185c [Postfix] Disable UTF8 SMTP as Dovecots LMTP does not support it, also disable Zeyple 2019-08-09 14:10:31 +02:00
andryyy
5fda67223d
[Dovecot] Fix pathes 2019-07-28 21:36:09 +02:00
André Peters
e00a18ab95
Update anonymize_headers.pcre 2019-07-26 07:18:58 +02:00
andryyy
9de821c3b0
[Postfix] Don't remove authed header from Received
[Compose] New watchdog image
2019-07-26 06:53:29 +02:00
andryyy
db0719f068
[Rspamd] Fix IP whitelist 2019-07-22 13:50:05 +02:00
andryyy
71df10892c
[Rspamd] Add custom IP whitelist template 2019-07-22 13:38:47 +02:00
André Peters
83136c7876
Merge pull request #2789 from patschi/patch-6
Remove DMARC descriptions from polices_group
2019-07-16 21:30:44 +02:00
Patrik Kernstock
197f27b705
Remove DMARC descriptions from polices_group
Remove descriptions as they are inherited from the default rspamd configuration anyway
2019-07-16 20:15:11 +02:00
Michael Kuron
cecbbe9e82
Remove score from R_DKIM_PERMFAIL
This error happens when there is no public key in DNS for that selector.
2019-07-16 20:03:37 +02:00
andryyy
3c3bcf8c82
[Postfix] Set compatibility_level to 2 2019-07-13 14:44:17 +02:00
andryyy
eb760543d9 Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2019-07-13 09:23:51 +02:00
andryyy
568e166478
[Unbound] Update base to Alpine 3.10 to use Unbound 1.9
[Unbound] Set unwanted-reply-threshold: 10000
2019-07-13 09:22:03 +02:00
andryyy
2898aa6918
[Postfix] Remove unused alias domain catch all map 2019-07-13 08:59:32 +02:00
André Peters
84f4f43b27
Update policies_group.conf 2019-07-12 23:15:27 +02:00
andryyy
2efd27e40e
[Olefy] A new container is born, thanks to @c-rosenberg
[ACME] Autoconfig is back (re-added to SAN list by default for all mail domains)
[Rspamd] Added comment to composite
2019-06-25 18:52:05 +02:00
andryyy
f2d1a56104
[Rspamd] Increase OLEFY_MACRO score 2019-06-20 10:18:43 +02:00
andryyy
04940429ba
[Rspamd] Add oletools via olefy, big thanks to @c-rosenberg 2019-06-16 17:35:58 +02:00
andryyy
6f99f06c6d
[Rspamd] Add OLEFY_MACRO symbol 2019-06-16 17:35:24 +02:00
andryyy
9c347e36fc
[Rspamd] Less aggressive bayes 2019-06-16 17:34:58 +02:00
andryyy
e43951331c
[Rspamd] Sign ARC inbonud, thanks to @Kraeutergarten 2019-06-11 11:41:59 +02:00
andryyy
ffb008f72a Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2019-06-09 16:50:04 +02:00
andryyy
de3a89ac7a
[Postfix] Remove duplicate proxy read maps, add resource maps 2019-06-09 16:49:02 +02:00
dofl
fa4c4b138e
Update main.cf
Added the delay_warning_time (http://www.postfix.org/postconf.5.html#delay_warning_time) with 4 hours as setting. Postfix will inform the user that the e-mail has not been delivered, but that it will try for the next 5 days. 

There is also a setting called confirm_delay_cleared (http://www.postfix.org/postconf.5.html#confirm_delay_cleared), but according to the Postfix this can lead to a sudden burst of notifications at the end of a prolonged network outage.
2019-06-09 07:39:36 +02:00
dofl
d5eeb3e8af
Update main.cf
I was looking into creating a backup mx server for a high availability mailcow setup. It seems that this is not easily done. While researching to find out how long an average SMTP server keeps trying to send to a server that is down I found that RFC 5321 advises at least 4 to 5 days. Mailcow has a custom setup of 1 day, which is very short. The user will be unaware for 5 days that his mail has not been delivered, which can be negative. But I still would like to follow the advice of the RFC.

RFC 5321, in section 4.5.4.1, has this to say:
Retries continue until the message is transmitted or the sender  up;  the give-up time generally needs to be at least 4-5 days.  It MAY be appropriate to set a shorter maximum number of retries for non-delivery notifications and equivalent error messages than for standard messages. 

Postfix default is also 5 days: http://www.postfix.org/postconf.5.html

https://tools.ietf.org/html/rfc5321#section-4.5.4
2019-06-08 15:10:46 +02:00
andryyy
af46a93e76
[Postfix] Remove authed user from header 2019-06-01 22:14:48 +02:00
andryyy
dcacf85a5d
[Dovecot] Rename sieve_after to global_sieve_after and create a global_sieve_before file 2019-06-01 13:53:24 +02:00
andryyy
aaf0d521a2
[Postfix] Add UA header check, not enabled by default 2019-06-01 08:29:53 +02:00
andryyy
395f0f7a3d
[Rspamd] Remove authenticated user from auth results header
[Dovecot] Fix permissions of console
[Compose] New Dovecot image
2019-05-29 18:02:14 +02:00
andryyy
2757c6b5fe
[Postfix] Do not allow DSN for postscreen 2019-05-27 19:32:41 +02:00
andryyy
ba14f0f113
[Rspamd] Fix spoofing detection 2019-05-20 15:14:42 +02:00
andryyy
1f365f5cff
[Dovecot] Remove shared namespace 2019-05-18 23:01:23 +02:00
andryyy
3ffa7e1f33
[Rspamd] Add SIEVE_HOST map and skip spoof check for these IPs 2019-05-18 22:44:06 +02:00
andryyy
45359bb6cf
[Rspamd] Do not apply SPOOFED_UNAUTH on ARC_ALLOW
[Dovecot] Set sieve_redirect_envelope_from to rcpt
2019-05-18 09:18:00 +02:00
andryyy
5c07cca529
[Rspamd] Change spoofed mail handling 2019-05-09 11:48:38 +02:00
andryyy
456e92c830
[Rspamd] Set to to_ip to_ip_from rate buckets to 100 / 1s 2019-05-09 11:32:16 +02:00
André Peters
61433a4488
Merge pull request #2541 from sriccio/master
Allow to easily add custom plugins to rspamd
2019-05-05 22:33:32 +02:00
andryyy
28c8c53a6e
[Rspamd] meta_exporter: return false if not matched
[Compose] Update Dovecot image
2019-05-01 22:50:38 +02:00
Howaner
17918b3e21 Added domain alias handling to quarantine mails and added recipients row to quarantine mail display
If a mail is sent to a domain alias domain and rejected, mailcow does not currently store the mail in quarantine.
This commit adds domain alias handling to the reject code and should fix this behavior.

Also added displaying of recipient addresses into the quarantine mail dialog to be able to see what mail address was "leaked".
2019-05-01 00:56:12 +02:00
andryyy
91af3d5c5a
[Rspamd] Much higher scores for DMARC failures 2019-04-30 14:00:47 +02:00
andryyy
9b303dcc0e
[Dovecot] Set default_vsz_limit = 1024 M
[Web] Form cache for user passwd change modal disabled
2019-04-24 14:46:45 +02:00
sriccio
ef5cf81308 [rspamd] Allow to easily use custom rspamd lua plugins
Since rspamd 1.9.2 we'll be able to load custom modules from plugins.d
directory.

This allow to add and configure plugins easily from the
data/conf/rspamd/plugins.d

Also loading config for custom plugins need rspamd.conf.local or
optionally rspamd.conf.override.

I added support for this in the docker-compose.yml

Idea came while i was writing a custom plugin for Cyren antispam
gateway, which can be found here: https://github.com/sriccio/rspamd-plugins
2019-04-17 10:36:39 +02:00