diff --git a/.drone.yml b/.drone.yml index 264468ef..08fb14a0 100644 --- a/.drone.yml +++ b/.drone.yml @@ -15,12 +15,11 @@ steps: pull: default image: timovibritannia/ansible commands: - - wget $TEST_DOWNLOAD_URL --quiet - - unzip -qq mailcow-integration-tests.zip - - rm mailcow-integration-tests.zip + - git clone https://github.com/mailcow/mailcow-integration-tests.git --branch $(curl -sL https://api.github.com/repos/mailcow/mailcow-integration-tests/releases/latest | jq -r '.tag_name') --single-branch . + - wget -O group_vars/all/secrets.yml $SECRETS_DOWNLOAD_URL --quiet environment: - TEST_DOWNLOAD_URL: - from_secret: TEST_DOWNLOAD_URL + SECRETS_DOWNLOAD_URL: + from_secret: SECRETS_DOWNLOAD_URL when: branch: - master @@ -62,7 +61,7 @@ steps: commands: - chmod +x ci.sh - ./ci.sh - - sleep 60 + - sleep 120 - ansible-playbook mailcow-setup-server.yml --private-key /drone/src/id_ssh_rsa --diff environment: ANSIBLE_HOST_KEY_CHECKING: false @@ -115,6 +114,6 @@ steps: - success --- kind: signature -hmac: d45bd1594ef12eb12b0035eb787d3372a6693825d8dbeb75c339979302b3941c +hmac: d0ded978bd57646ae10307a3e7fd6584658e285929596ad1ee391cf7330d6338 ... diff --git a/data/conf/rspamd/local.d/composites.conf b/data/conf/rspamd/local.d/composites.conf index f4412086..a53b4871 100644 --- a/data/conf/rspamd/local.d/composites.conf +++ b/data/conf/rspamd/local.d/composites.conf @@ -34,3 +34,6 @@ FORGED_W_BAD_POLICY { expression = "( ~g+:policies | ~R_SPF_NA) & ( ~FROM_NEQ_ENVFROM & ~FORGED_SENDER )" score = 3.0; } +RBL_EXCLUDE_FWD_HOST { + expression = "-WHITELISTED_FWD_HOST & ^g:rbl" +} diff --git a/data/conf/rspamd/local.d/mime_types.conf b/data/conf/rspamd/local.d/mime_types.conf index a4cdce7e..37d78ff4 100644 --- a/data/conf/rspamd/local.d/mime_types.conf +++ b/data/conf/rspamd/local.d/mime_types.conf @@ -1,21 +1,21 @@ # Extensions that are treated as 'bad' # Number is score multiply factor bad_extensions = { - scr = 4, - lnk = 4, - exe = 1, + scr = 20, + lnk = 20, + exe = 20, msi = 1, msp = 1, msu = 1, jar = 2, - com = 4, + com = 20, bat = 4, cmd = 4, ps1 = 4, ace = 4, arj = 4, cab = 3, - vbs = 4, + vbs = 20, hta = 4, shs = 4, wsc = 4, @@ -30,7 +30,8 @@ bad_archive_extensions = { pdf = 1.0, jar = 3, js = 0.5, - vbs = 7, + vbs = 20, + exe = 20 }; # Used to detect another archive in archive diff --git a/data/conf/rspamd/local.d/rbl_group.conf b/data/conf/rspamd/local.d/rbl_group.conf index 2dc9486d..21682dcd 100644 --- a/data/conf/rspamd/local.d/rbl_group.conf +++ b/data/conf/rspamd/local.d/rbl_group.conf @@ -45,4 +45,8 @@ symbols = { score = 2.0; description = "List of networks hijacked from their original owners, some of which have already used for spamming."; } + "RECEIVED_SPAMHAUS_XBL" { + weight = 0.0; + description = "Received address is listed in ZEN XBL"; + } } diff --git a/data/web/inc/presets/rspamd/preset_2.yml b/data/web/inc/presets/rspamd/preset_2.yml index 716b049a..bc0b0f03 100644 --- a/data/web/inc/presets/rspamd/preset_2.yml +++ b/data/web/inc/presets/rspamd/preset_2.yml @@ -2,4 +2,9 @@ headline: lang.rsettings_preset_2 content: | priority = 10; rcpt = "/postmaster@.*/"; - want_spam = yes; + apply { + symbols_enabled = ["DKIM_SIGNED", "HISTORY_SAVE", "MILTER_HEADERS", "ARC_SIGNED"]; + actions { + greylist = null; + } + } diff --git a/generate_config.sh b/generate_config.sh index cc8e34c1..ed66ed3f 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -233,8 +233,12 @@ USE_WATCHDOG=n ALLOW_ADMIN_EMAIL_LOGIN=n -# Send notifications by mail (no DKIM signature, sent from watchdog@MAILCOW_HOSTNAME) -# Can by multiple rcpts, NO quotation marks +# Send notifications by mail (sent from watchdog@MAILCOW_HOSTNAME) +# CAUTION: +# 1. You should use external recipients +# 2. Mails are sent unsigned (no DKIM) +# 3. If you use DMARC, create a separate DMARC policy ("v=DMARC1; p=none;" in _dmarc.MAILCOW_HOSTNAME) +# Multiple rcpts allowed, NO quotation marks, NO spaces #WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com #WATCHDOG_NOTIFY_EMAIL=