From d9b7a8edb105a75dab35a605fe6c7c030424e0f8 Mon Sep 17 00:00:00 2001 From: Timo N Date: Tue, 28 Jan 2020 09:32:14 +0100 Subject: [PATCH 1/7] [CI] Changed tests download url (#3297) --- .drone.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/.drone.yml b/.drone.yml index 264468ef..a4409296 100644 --- a/.drone.yml +++ b/.drone.yml @@ -15,12 +15,11 @@ steps: pull: default image: timovibritannia/ansible commands: - - wget $TEST_DOWNLOAD_URL --quiet - - unzip -qq mailcow-integration-tests.zip - - rm mailcow-integration-tests.zip + - git clone https://github.com/mailcow/mailcow-integration-tests.git . + - wget -O group_vars/all/secrets.yml $SECRETS_DOWNLOAD_URL --quiet environment: - TEST_DOWNLOAD_URL: - from_secret: TEST_DOWNLOAD_URL + SECRETS_DOWNLOAD_URL: + from_secret: SECRETS_DOWNLOAD_URL when: branch: - master @@ -62,7 +61,7 @@ steps: commands: - chmod +x ci.sh - ./ci.sh - - sleep 60 + - sleep 120 - ansible-playbook mailcow-setup-server.yml --private-key /drone/src/id_ssh_rsa --diff environment: ANSIBLE_HOST_KEY_CHECKING: false @@ -115,6 +114,6 @@ steps: - success --- kind: signature -hmac: d45bd1594ef12eb12b0035eb787d3372a6693825d8dbeb75c339979302b3941c +hmac: 9c4ca886f432d00abeb42bf1c8f86af44fa2b92691f514274e6479b0dc8a0ee5 ... From 073b3a86f2833bf602c0590180489a9a88dcea0b Mon Sep 17 00:00:00 2001 From: ntimo Date: Wed, 29 Jan 2020 17:16:25 +0100 Subject: [PATCH 2/7] [CI] Download latest test release --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index a4409296..08fb14a0 100644 --- a/.drone.yml +++ b/.drone.yml @@ -15,7 +15,7 @@ steps: pull: default image: timovibritannia/ansible commands: - - git clone https://github.com/mailcow/mailcow-integration-tests.git . + - git clone https://github.com/mailcow/mailcow-integration-tests.git --branch $(curl -sL https://api.github.com/repos/mailcow/mailcow-integration-tests/releases/latest | jq -r '.tag_name') --single-branch . - wget -O group_vars/all/secrets.yml $SECRETS_DOWNLOAD_URL --quiet environment: SECRETS_DOWNLOAD_URL: @@ -114,6 +114,6 @@ steps: - success --- kind: signature -hmac: 9c4ca886f432d00abeb42bf1c8f86af44fa2b92691f514274e6479b0dc8a0ee5 +hmac: d0ded978bd57646ae10307a3e7fd6584658e285929596ad1ee391cf7330d6338 ... From 19a6b4530214744a099082eede0e2f5858094991 Mon Sep 17 00:00:00 2001 From: Dmitriy Alekseev Date: Thu, 30 Jan 2020 18:48:04 +0200 Subject: [PATCH 3/7] Change want_spam to list of symbols_enabled (#3304) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Change want_spam to list of symbols_enabled want_spam disable all mail processing by RspamD, so DKIM signing is not applied for any mail where rcpt is /postmaster@*/, including external one. * Update preset_2.yml Co-authored-by: André Peters --- data/web/inc/presets/rspamd/preset_2.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/data/web/inc/presets/rspamd/preset_2.yml b/data/web/inc/presets/rspamd/preset_2.yml index 716b049a..bc0b0f03 100644 --- a/data/web/inc/presets/rspamd/preset_2.yml +++ b/data/web/inc/presets/rspamd/preset_2.yml @@ -2,4 +2,9 @@ headline: lang.rsettings_preset_2 content: | priority = 10; rcpt = "/postmaster@.*/"; - want_spam = yes; + apply { + symbols_enabled = ["DKIM_SIGNED", "HISTORY_SAVE", "MILTER_HEADERS", "ARC_SIGNED"]; + actions { + greylist = null; + } + } From f5522a809cd03ceb0d6e05fac337a2c5a7380167 Mon Sep 17 00:00:00 2001 From: Dmitriy Alekseev Date: Thu, 30 Jan 2020 19:09:22 +0200 Subject: [PATCH 4/7] Add more info about watchdog notification (#3271) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add more info about watchdog notification * Update generate_config.sh * Update generate_config.sh Co-authored-by: André Peters --- generate_config.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/generate_config.sh b/generate_config.sh index cc8e34c1..ed66ed3f 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -233,8 +233,12 @@ USE_WATCHDOG=n ALLOW_ADMIN_EMAIL_LOGIN=n -# Send notifications by mail (no DKIM signature, sent from watchdog@MAILCOW_HOSTNAME) -# Can by multiple rcpts, NO quotation marks +# Send notifications by mail (sent from watchdog@MAILCOW_HOSTNAME) +# CAUTION: +# 1. You should use external recipients +# 2. Mails are sent unsigned (no DKIM) +# 3. If you use DMARC, create a separate DMARC policy ("v=DMARC1; p=none;" in _dmarc.MAILCOW_HOSTNAME) +# Multiple rcpts allowed, NO quotation marks, NO spaces #WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com #WATCHDOG_NOTIFY_EMAIL= From 96a507c9270d95ec1916831dc20f92c3da7a03d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Tue, 4 Feb 2020 12:05:24 +0100 Subject: [PATCH 5/7] Update mime_types.conf --- data/conf/rspamd/local.d/mime_types.conf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/data/conf/rspamd/local.d/mime_types.conf b/data/conf/rspamd/local.d/mime_types.conf index a4cdce7e..2c63eebf 100644 --- a/data/conf/rspamd/local.d/mime_types.conf +++ b/data/conf/rspamd/local.d/mime_types.conf @@ -1,21 +1,21 @@ # Extensions that are treated as 'bad' # Number is score multiply factor bad_extensions = { - scr = 4, - lnk = 4, - exe = 1, + scr = 20, + lnk = 20, + exe = 20, msi = 1, msp = 1, msu = 1, jar = 2, - com = 4, + com = 20, bat = 4, cmd = 4, ps1 = 4, ace = 4, arj = 4, cab = 3, - vbs = 4, + vbs = 20, hta = 4, shs = 4, wsc = 4, From 60fb5498ffe22b97924cb836c0a857a7c3cc3ea5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Tue, 4 Feb 2020 12:06:20 +0100 Subject: [PATCH 6/7] Update mime_types.conf --- data/conf/rspamd/local.d/mime_types.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/data/conf/rspamd/local.d/mime_types.conf b/data/conf/rspamd/local.d/mime_types.conf index 2c63eebf..37d78ff4 100644 --- a/data/conf/rspamd/local.d/mime_types.conf +++ b/data/conf/rspamd/local.d/mime_types.conf @@ -30,7 +30,8 @@ bad_archive_extensions = { pdf = 1.0, jar = 3, js = 0.5, - vbs = 7, + vbs = 20, + exe = 20 }; # Used to detect another archive in archive From 3cdbe7b73cd6904cf39872eef1307066929b9b7c Mon Sep 17 00:00:00 2001 From: Michael Kuron Date: Tue, 4 Feb 2020 12:35:52 +0100 Subject: [PATCH 7/7] Reduce Rspamd DNSBL false positives (#3311) * rspamd: ignore Spamhaus XBL for Received headers * rspamd: ignore SORBS RBL for forwarding hosts * rspamd: ignore RBLs for forwarding hosts --- data/conf/rspamd/local.d/composites.conf | 3 +++ data/conf/rspamd/local.d/rbl_group.conf | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/data/conf/rspamd/local.d/composites.conf b/data/conf/rspamd/local.d/composites.conf index f4412086..a53b4871 100644 --- a/data/conf/rspamd/local.d/composites.conf +++ b/data/conf/rspamd/local.d/composites.conf @@ -34,3 +34,6 @@ FORGED_W_BAD_POLICY { expression = "( ~g+:policies | ~R_SPF_NA) & ( ~FROM_NEQ_ENVFROM & ~FORGED_SENDER )" score = 3.0; } +RBL_EXCLUDE_FWD_HOST { + expression = "-WHITELISTED_FWD_HOST & ^g:rbl" +} diff --git a/data/conf/rspamd/local.d/rbl_group.conf b/data/conf/rspamd/local.d/rbl_group.conf index 2dc9486d..21682dcd 100644 --- a/data/conf/rspamd/local.d/rbl_group.conf +++ b/data/conf/rspamd/local.d/rbl_group.conf @@ -45,4 +45,8 @@ symbols = { score = 2.0; description = "List of networks hijacked from their original owners, some of which have already used for spamming."; } + "RECEIVED_SPAMHAUS_XBL" { + weight = 0.0; + description = "Received address is listed in ZEN XBL"; + } }