paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:mailcow/mailcow-dockerized

master
andryyy 2021-03-13 12:38:06 +01:00
parent 7417640da0 3255c08813
commit 851f575384
6 changed files with 36 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
data/Dockerfiles/watchdog/watchdog.sh
View File

@ -109,7 +109,7 @@ function mail_error() {
SUBJECT="${BODY}" SUBJECT="${BODY}"
BODY="Please see netfilter-mailcow for more details and triggered rules." BODY="Please see netfilter-mailcow for more details and triggered rules."
else else
SUBJECT="Watchdog ALERT: ${1}" SUBJECT="${WATCHDOG_SUBJECT}: ${1}"
fi fi
IFS=',' read -r -a MAIL_RCPTS <<< "${WATCHDOG_NOTIFY_EMAIL}" IFS=',' read -r -a MAIL_RCPTS <<< "${WATCHDOG_NOTIFY_EMAIL}"
for rcpt in "${MAIL_RCPTS[@]}"; do for rcpt in "${MAIL_RCPTS[@]}"; do

40
data/web/inc/functions.inc.php
View File

@ -88,23 +88,29 @@ function hash_password($password) {
// in case default pass scheme is not defined, falling back to BLF-CRYPT. // in case default pass scheme is not defined, falling back to BLF-CRYPT.
global $default_pass_scheme; global $default_pass_scheme;
$pw_hash = NULL; $pw_hash = NULL;
switch (strtoupper($default_pass_scheme)) { // support pre-hashed passwords
case "SSHA": if (preg_match('/^{(ARGON2I|ARGON2ID|BLF-CRYPT|CLEAR|CLEARTEXT|CRYPT|DES-CRYPT|LDAP-MD5|MD5|MD5-CRYPT|PBKDF2|PLAIN|PLAIN-MD4|PLAIN-MD5|PLAIN-TRUNC|PLAIN-TRUNC|SHA|SHA1|SHA256|SHA256-CRYPT|SHA512|SHA512-CRYPT|SMD5|SSHA|SSHA256|SSHA512)}/i', $password)) {
$salt_str = bin2hex(openssl_random_pseudo_bytes(8)); $pw_hash = $password;
$pw_hash = "{SSHA}".base64_encode(hash('sha1', $password . $salt_str, true) . $salt_str); }
break; else {
case "SSHA256": switch (strtoupper($default_pass_scheme)) {
$salt_str = bin2hex(openssl_random_pseudo_bytes(8)); case "SSHA":
$pw_hash = "{SSHA256}".base64_encode(hash('sha256', $password . $salt_str, true) . $salt_str); $salt_str = bin2hex(openssl_random_pseudo_bytes(8));
break; $pw_hash = "{SSHA}".base64_encode(hash('sha1', $password . $salt_str, true) . $salt_str);
case "SSHA512": break;
$salt_str = bin2hex(openssl_random_pseudo_bytes(8)); case "SSHA256":
$pw_hash = "{SSHA512}".base64_encode(hash('sha512', $password . $salt_str, true) . $salt_str); $salt_str = bin2hex(openssl_random_pseudo_bytes(8));
break; $pw_hash = "{SSHA256}".base64_encode(hash('sha256', $password . $salt_str, true) . $salt_str);
case "BLF-CRYPT": break;
default: case "SSHA512":
$pw_hash = "{BLF-CRYPT}" . password_hash($password, PASSWORD_BCRYPT); $salt_str = bin2hex(openssl_random_pseudo_bytes(8));
break; $pw_hash = "{SSHA512}".base64_encode(hash('sha512', $password . $salt_str, true) . $salt_str);
break;
case "BLF-CRYPT":
default:
$pw_hash = "{BLF-CRYPT}" . password_hash($password, PASSWORD_BCRYPT);
break;
}
} }
return $pw_hash; return $pw_hash;
} }

8
data/web/inc/functions.mailbox.inc.php
View File

@ -1062,13 +1062,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
); );
return false; return false;
} }
// support pre hashed passwords $password_hashed = hash_password($password);
if (preg_match('/^{(ARGON2I|ARGON2ID|BLF-CRYPT|CLEAR|CLEARTEXT|CRYPT|DES-CRYPT|LDAP-MD5|MD5|MD5-CRYPT|PBKDF2|PLAIN|PLAIN-MD4|PLAIN-MD5|PLAIN-TRUNC|PLAIN-TRUNC|SHA|SHA1|SHA256|SHA256-CRYPT|SHA512|SHA512-CRYPT|SMD5|SSHA|SSHA256|SSHA512)}/i', $password)) {
$password_hashed = $password;
}
else {
$password_hashed = hash_password($password);
}
} }
else { else {
$_SESSION['return'][] = array( $_SESSION['return'][] = array(

1
docker-compose.yml
View File

@ -437,6 +437,7 @@ services:
- USE_WATCHDOG=${USE_WATCHDOG:-n} - USE_WATCHDOG=${USE_WATCHDOG:-n}
- WATCHDOG_NOTIFY_EMAIL=${WATCHDOG_NOTIFY_EMAIL} - WATCHDOG_NOTIFY_EMAIL=${WATCHDOG_NOTIFY_EMAIL}
- WATCHDOG_NOTIFY_BAN=${WATCHDOG_NOTIFY_BAN:-y} - WATCHDOG_NOTIFY_BAN=${WATCHDOG_NOTIFY_BAN:-y}
- WATCHDOG_SUBJECT=${WATCHDOG_SUBJECT:-Watchdog ALERT}
- WATCHDOG_EXTERNAL_CHECKS=${WATCHDOG_EXTERNAL_CHECKS:-n} - WATCHDOG_EXTERNAL_CHECKS=${WATCHDOG_EXTERNAL_CHECKS:-n}
- WATCHDOG_MYSQL_REPLICATION_CHECKS=${WATCHDOG_MYSQL_REPLICATION_CHECKS:-n} - WATCHDOG_MYSQL_REPLICATION_CHECKS=${WATCHDOG_MYSQL_REPLICATION_CHECKS:-n}
- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME} - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}

3
generate_config.sh
View File

@ -279,6 +279,9 @@ USE_WATCHDOG=y
# Notify about banned IP (includes whois lookup) # Notify about banned IP (includes whois lookup)
WATCHDOG_NOTIFY_BAN=n WATCHDOG_NOTIFY_BAN=n
# Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.
#WATCHDOG_SUBJECT=
# Checks if mailcow is an open relay. Requires a SAL. More checks will follow. # Checks if mailcow is an open relay. Requires a SAL. More checks will follow.
# https://www.servercow.de/mailcow?lang=en # https://www.servercow.de/mailcow?lang=en
# https://www.servercow.de/mailcow?lang=de # https://www.servercow.de/mailcow?lang=de

7
update.sh
View File

@ -191,6 +191,7 @@ CONFIG_ARRAY=(
"WATCHDOG_NOTIFY_EMAIL" "WATCHDOG_NOTIFY_EMAIL"
"WATCHDOG_NOTIFY_BAN" "WATCHDOG_NOTIFY_BAN"
"WATCHDOG_EXTERNAL_CHECKS" "WATCHDOG_EXTERNAL_CHECKS"
"WATCHDOG_SUBJECT"
"SKIP_CLAMD" "SKIP_CLAMD"
"SKIP_IP_CHECK" "SKIP_IP_CHECK"
"ADDITIONAL_SAN" "ADDITIONAL_SAN"
@ -361,6 +362,12 @@ for option in ${CONFIG_ARRAY[@]}; do
echo '# Notify about banned IP. Includes whois lookup.' >> mailcow.conf echo '# Notify about banned IP. Includes whois lookup.' >> mailcow.conf
echo "WATCHDOG_NOTIFY_BAN=y" >> mailcow.conf echo "WATCHDOG_NOTIFY_BAN=y" >> mailcow.conf
fi fi
elif [[ ${option} == "WATCHDOG_SUBJECT" ]]; then
if ! grep -q ${option} mailcow.conf; then
echo "Adding new option \"${option}\" to mailcow.conf"
echo '# Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.' >> mailcow.conf
echo "#WATCHDOG_SUBJECT=" >> mailcow.conf
fi
elif [[ ${option} == "WATCHDOG_EXTERNAL_CHECKS" ]]; then elif [[ ${option} == "WATCHDOG_EXTERNAL_CHECKS" ]]; then
if ! grep -q ${option} mailcow.conf; then if ! grep -q ${option} mailcow.conf; then
echo "Adding new option \"${option}\" to mailcow.conf" echo "Adding new option \"${option}\" to mailcow.conf"