Merge pull request #1 from mailcow/admin-login

rebase
2019-02-26 08:42:32 +01:00 · 2019-02-26 08:42:32 +01:00 · 937cdadd36
parent 4482aee747 57312ad605
commit 937cdadd36
6 changed files with 31 additions and 12 deletions
--- a/data/Dockerfiles/clamd/bootstrap.sh
+++ b/data/Dockerfiles/clamd/bootstrap.sh
@ -7,19 +7,29 @@ if [[ "${SKIP_CLAMD}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
 fi

 # Prepare whitelist
+
+mkdir -p /run/clamav /var/lib/clamav
+
 if [[ -s /etc/clamav/whitelist.ign2 ]]; then
+  echo "Copying non-empty whitelist.ign2 to /var/lib/clamav/whitelist.ign2"
  cp /etc/clamav/whitelist.ign2 /var/lib/clamav/whitelist.ign2
 fi
 if [[ ! -f /var/lib/clamav/whitelist.ign2 ]]; then
+  echo "Creating /var/lib/clamav/whitelist.ign2"
  echo "Example-Signature.Ignore-1" > /var/lib/clamav/whitelist.ign2
 fi
-chown clamav:clamav /var/lib/clamav/whitelist.ign2
-mkdir -p /run/clamav /var/lib/clamav
-chown clamav:clamav /run/clamav /var/lib/clamav
-chmod 750 /run/clamav
+
+chown clamav:clamav -R /var/lib/clamav /run/clamav
+
 chmod 755 /var/lib/clamav
+chmod 644 -R /var/lib/clamav/*
+chmod 750 /run/clamav
+
+echo "Stating whitelist.ign2"
+stat /var/lib/clamav/whitelist.ign2

 dos2unix /var/lib/clamav/whitelist.ign2
+
 sed -i '/^\s*$/d' /var/lib/clamav/whitelist.ign2

 BACKGROUND_TASKS=()
@ -38,7 +48,7 @@ while true; do
  sleep 2m
  SANE_MIRRORS="$(dig +ignore +short rsync.sanesecurity.net)"
  for sane_mirror in ${SANE_MIRRORS}; do
-    rsync -avp --chown=clamav:clamav --timeout=5 rsync://${sane_mirror}/sanesecurity/ \
+    rsync -avp --chown=clamav:clamav --chmod=Du=rwx,Dgo=rx,Fu=rw,Fog=r --timeout=5 rsync://${sane_mirror}/sanesecurity/ \
      --include 'blurl.ndb' \
      --include 'junk.ndb' \
      --include 'jurlbl.ndb' \
--- a/data/Dockerfiles/sogo/bootstrap-sogo.sh
+++ b/data/Dockerfiles/sogo/bootstrap-sogo.sh
@ -85,6 +85,9 @@ done

 mkdir -p /var/lib/sogo/GNUstep/Defaults/

+# Force-remove lines from sogo.conf
+sed -i '/SOGoIMAPServer/d' /etc/sogo/sogo.conf
+
 # Generate plist header with timezone data
 cat <<EOF > /var/lib/sogo/GNUstep/Defaults/sogod.plist
 <?xml version="1.0" encoding="UTF-8"?>
@ -93,6 +96,8 @@ cat <<EOF > /var/lib/sogo/GNUstep/Defaults/sogod.plist
 <dict>
    <key>OCSAclURL</key>
    <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_acl</string>
+    <key>SOGoIMAPServer</key>
+    <string>imap://${IPV4_NETWORK}.250:143/?tls=YES</string>
    <key>OCSCacheFolderURL</key>
    <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_cache_folder</string>
    <key>OCSEMailAlarmsFolderURL</key>
--- a/data/conf/nginx/templates/sogo.auth_request.template.sh
+++ b/data/conf/nginx/templates/sogo.auth_request.template.sh
@ -2,5 +2,7 @@ if printf "%s\n" "${ALLOW_ADMIN_EMAIL_LOGIN}" | grep -E '^([yY][eE][sS]|[yY])+$'
    echo 'auth_request /sogo-auth-verify;
 auth_request_set $user $upstream_http_x_username;
 proxy_set_header x-webobjects-remote-user $user;
-'
+if ($args ~* (.*)(account=(?!0))(.*)) {
+  return 401;
+}'
 fi
--- a/data/conf/rspamd/dynmaps/settings.php
+++ b/data/conf/rspamd/dynmaps/settings.php
@ -179,7 +179,7 @@ foreach (wl_by_sogo() as $user => $contacts) {
    }
 ?>
    apply "default" {
-      SOGO_CONTACT = -999.0;
+      SOGO_CONTACT = -99.0;
    }
    symbols [
      "SOGO_CONTACT"
--- a/data/conf/sogo/sogo.conf
+++ b/data/conf/sogo/sogo.conf
@ -26,7 +26,6 @@
    //  (domain3.tld, domain2.tld)
    // );

-    SOGoIMAPServer = "imap://dovecot:143/?tls=YES";
    SOGoSieveServer = "sieve://dovecot:4190/?tls=YES";
    SOGoSMTPServer = "postfix:588";
    WOPort = "0.0.0.0:20000";
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -55,7 +55,7 @@ services:
            - redis

    clamd-mailcow:
-      image: mailcow/clamd:1.21
+      image: mailcow/clamd:1.22
      build: ./data/Dockerfiles/clamd
      restart: always
      environment:
@ -140,7 +140,7 @@ services:
            - phpfpm

    sogo-mailcow:
-      image: mailcow/sogo:1.52
+      image: mailcow/sogo:1.53
      build: ./data/Dockerfiles/sogo
      environment:
        - DBNAME=${DBNAME}
@ -150,6 +150,8 @@ services:
        - LOG_LINES=${LOG_LINES:-9999}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
        - ACL_ANYONE=${ACL_ANYONE:-disallow}
+        - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
+        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
      volumes:
        - ./data/conf/sogo/:/etc/sogo/
        - ./data/web/inc/init_db.inc.php:/init_db.inc.php
@ -165,7 +167,7 @@ services:
            - sogo

    dovecot-mailcow:
-      image: mailcow/dovecot:1.63
+      image: mailcow/dovecot:1.64
      build: ./data/Dockerfiles/dovecot
      cap_add:
        - NET_BIND_SERVICE
@ -210,6 +212,7 @@ services:
      hostname: ${MAILCOW_HOSTNAME}
      networks:
        mailcow-network:
+          ipv4_address: ${IPV4_NETWORK:-172.22.1}.250
          aliases:
            - dovecot