From bdf56971d531c0f120a3251c89f1fe376833ba40 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Fri, 25 Oct 2019 08:31:31 +0200
Subject: [PATCH] [Rspamd, PHP-FPM] Mount Rspamd maps, set correct permissions
 (WIP: edit in UI) [PHP-FPM] Update image, fixes #3091 [Web] Netfilter: Do not
 auto restart netfilter-mailcow but add a small hint to restart
 netfilter-mailcow after adding a ban to perm bans [Web] Remove unused js
 script parameter

---
 data/Dockerfiles/phpfpm/Dockerfile           |  4 ++--
 data/Dockerfiles/rspamd/docker-entrypoint.sh | 22 ++++++++++++++++++--
 data/web/admin.php                           |  2 +-
 data/web/inc/functions.fail2ban.inc.php      |  2 +-
 data/web/oauth/authorize.php                 |  1 -
 docker-compose.yml                           |  5 +++--
 6 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
index 7293f6aa..d8274b8a 100644
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -4,8 +4,8 @@ LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 ENV APCU_PECL 5.1.17
 ENV IMAGICK_PECL 3.4.4
 #ENV MAILPARSE_PECL 3.0.2
-ENV MEMCACHED_PECL 3.1.3
-ENV REDIS_PECL 5.0.1
+ENV MEMCACHED_PECL 3.1.4
+ENV REDIS_PECL 5.0.2
 
 RUN apk add -U --no-cache autoconf \
   bash \
diff --git a/data/Dockerfiles/rspamd/docker-entrypoint.sh b/data/Dockerfiles/rspamd/docker-entrypoint.sh
index 87531189..ab5f0a10 100755
--- a/data/Dockerfiles/rspamd/docker-entrypoint.sh
+++ b/data/Dockerfiles/rspamd/docker-entrypoint.sh
@@ -9,8 +9,6 @@ touch /etc/rspamd/rspamd.conf.local \
 chmod 755 /var/lib/rspamd
 
 [[ ! -f /etc/rspamd/override.d/worker-controller-password.inc ]] && echo '# Autogenerated by mailcow' > /etc/rspamd/override.d/worker-controller-password.inc
-[[ ! -f /etc/rspamd/custom/sa-rules-heinlein ]] && echo '# Autogenerated by mailcow' > /etc/rspamd/custom/sa-rules-heinlein
-[[ ! -f /etc/rspamd/custom/dovecot_trusted.map ]] && echo '# Autogenerated by mailcow' > /etc/rspamd/custom/dovecot_trusted.map
 
 DOVECOT_V4=
 DOVECOT_V6=
@@ -34,6 +32,26 @@ chown -R _rspamd:_rspamd /var/lib/rspamd \
   /etc/rspamd/rspamd.conf.override \
   /etc/rspamd/plugins.d
 
+# Fix missing default global maps, if any
+# These exists in mailcow UI and should not be removed
+touch /etc/rspamd/custom/global_mime_from_blacklist.map \
+  /etc/rspamd/custom/global_rcpt_blacklist.map \
+  /etc/rspamd/custom/global_smtp_from_blacklist.map \
+  /etc/rspamd/custom/global_mime_from_whitelist.map \
+  /etc/rspamd/custom/global_rcpt_whitelist.map \
+  /etc/rspamd/custom/global_smtp_from_whitelist.map \
+  /etc/rspamd/custom/sa-rules \
+  /etc/rspamd/custom/dovecot_trusted.map \
+  /etc/rspamd/custom/ip_wl.map \
+  /etc/rspamd/custom/fishy_tlds.map \
+  /etc/rspamd/custom/bad_words.map \
+  /etc/rspamd/custom/bad_asn.map \
+  /etc/rspamd/custom/bad_words_de.map
+
+# www-data (82) group needs to write to these files
+chown -R _rspamd:82 /etc/rspamd/custom
+chmod -R g+w /etc/rspamd/custom
+
 # Run hooks
 for file in /hooks/*; do
   if [ -x "${file}" ]; then
diff --git a/data/web/admin.php b/data/web/admin.php
index a4a014b9..b0481e5a 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -660,7 +660,7 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
             ?>
             <a data-action="edit_selected" data-item="<?=$active_bans['network'];?>" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"unban"}' href="#">[<?=$lang['admin']['queue_unban'];?>]</a>
             <a data-action="edit_selected" data-item="<?=$active_bans['network'];?>" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"whitelist"}' href="#">[whitelist]</a>
-            <a data-action="edit_selected" data-item="<?=$active_bans['network'];?>" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"blacklist"}' href="#">[blacklist]</a>
+            <a data-action="edit_selected" data-item="<?=$active_bans['network'];?>" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"blacklist"}' href="#">[blacklist (<b>needs restart</b>)]</a>
             <?php
             else:
             ?>
diff --git a/data/web/inc/functions.fail2ban.inc.php b/data/web/inc/functions.fail2ban.inc.php
index d6440d1c..c8f46b07 100644
--- a/data/web/inc/functions.fail2ban.inc.php
+++ b/data/web/inc/functions.fail2ban.inc.php
@@ -131,7 +131,7 @@ function fail2ban($_action, $_data = null) {
               if (valid_network($network)) {
                 $redis->hSet('F2B_BLACKLIST', $network, 1);
                 $redis->hDel('F2B_WHITELIST', $network, 1);
-                $response = docker('post', 'netfilter-mailcow', 'restart');
+                //$response = docker('post', 'netfilter-mailcow', 'restart');
               }
               else  {
                 $_SESSION['return'][] = array(
diff --git a/data/web/oauth/authorize.php b/data/web/oauth/authorize.php
index 9997dcdc..9c0d9814 100644
--- a/data/web/oauth/authorize.php
+++ b/data/web/oauth/authorize.php
@@ -50,7 +50,6 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
     </div>
   </div>
 </div> <!-- /container -->
-<script src="../js/authorize.js"></script>
 <?php
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';
 exit();
diff --git a/docker-compose.yml b/docker-compose.yml
index 8118d2ed..27ea8a2a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -68,7 +68,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: mailcow/rspamd:1.48
+      image: mailcow/rspamd:1.49
       build: ./data/Dockerfiles/rspamd
       stop_grace_period: 30s
       depends_on:
@@ -96,7 +96,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.49
+      image: mailcow/phpfpm:1.50
       build: ./data/Dockerfiles/phpfpm
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
@@ -105,6 +105,7 @@ services:
         - ./data/hooks/dovecot:/hooks
         - ./data/web:/web:rw
         - ./data/conf/rspamd/dynmaps:/dynmaps:ro
+        - ./data/conf/rspamd/custom/:/rspamd_custom_maps:rw
         - rspamd-vol-1:/var/lib/rspamd
         - mysql-socket-vol-1:/var/run/mysqld/
         - ./data/conf/sogo/:/etc/sogo/