[Rspamd, PHP-FPM] Mount Rspamd maps, set correct permissions (WIP: edit in UI)

[PHP-FPM] Update image, fixes #3091 [Web] Netfilter: Do not auto restart netfilter-mailcow but add a small hint to restart netfilter-mailcow after adding a ban to perm bans [Web] Remove unused js script parameter
2019-10-25 08:31:31 +02:00 · 2019-10-25 08:31:31 +02:00 · bdf56971d5
parent ccd9d934d6
commit bdf56971d5
6 changed files with 27 additions and 9 deletions
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@ -4,8 +4,8 @@ LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 ENV APCU_PECL 5.1.17
 ENV IMAGICK_PECL 3.4.4
 #ENV MAILPARSE_PECL 3.0.2
-ENV MEMCACHED_PECL 3.1.3
-ENV REDIS_PECL 5.0.1
+ENV MEMCACHED_PECL 3.1.4
+ENV REDIS_PECL 5.0.2

 RUN apk add -U --no-cache autoconf \
  bash \
--- a/data/Dockerfiles/rspamd/docker-entrypoint.sh
+++ b/data/Dockerfiles/rspamd/docker-entrypoint.sh
@ -9,8 +9,6 @@ touch /etc/rspamd/rspamd.conf.local \
 chmod 755 /var/lib/rspamd

 [[ ! -f /etc/rspamd/override.d/worker-controller-password.inc ]] && echo '# Autogenerated by mailcow' > /etc/rspamd/override.d/worker-controller-password.inc
-[[ ! -f /etc/rspamd/custom/sa-rules-heinlein ]] && echo '# Autogenerated by mailcow' > /etc/rspamd/custom/sa-rules-heinlein
-[[ ! -f /etc/rspamd/custom/dovecot_trusted.map ]] && echo '# Autogenerated by mailcow' > /etc/rspamd/custom/dovecot_trusted.map

 DOVECOT_V4=
 DOVECOT_V6=
@ -34,6 +32,26 @@ chown -R _rspamd:_rspamd /var/lib/rspamd \
  /etc/rspamd/rspamd.conf.override \
  /etc/rspamd/plugins.d

+# Fix missing default global maps, if any
+# These exists in mailcow UI and should not be removed
+touch /etc/rspamd/custom/global_mime_from_blacklist.map \
+  /etc/rspamd/custom/global_rcpt_blacklist.map \
+  /etc/rspamd/custom/global_smtp_from_blacklist.map \
+  /etc/rspamd/custom/global_mime_from_whitelist.map \
+  /etc/rspamd/custom/global_rcpt_whitelist.map \
+  /etc/rspamd/custom/global_smtp_from_whitelist.map \
+  /etc/rspamd/custom/sa-rules \
+  /etc/rspamd/custom/dovecot_trusted.map \
+  /etc/rspamd/custom/ip_wl.map \
+  /etc/rspamd/custom/fishy_tlds.map \
+  /etc/rspamd/custom/bad_words.map \
+  /etc/rspamd/custom/bad_asn.map \
+  /etc/rspamd/custom/bad_words_de.map
+
+# www-data (82) group needs to write to these files
+chown -R _rspamd:82 /etc/rspamd/custom
+chmod -R g+w /etc/rspamd/custom
+
 # Run hooks
 for file in /hooks/*; do
  if [ -x "${file}" ]; then
--- a/data/web/admin.php
+++ b/data/web/admin.php
@ -660,7 +660,7 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
            ?>
            <a data-action="edit_selected" data-item="<?=$active_bans['network'];?>" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"unban"}' href="#">[<?=$lang['admin']['queue_unban'];?>]</a>
            <a data-action="edit_selected" data-item="<?=$active_bans['network'];?>" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"whitelist"}' href="#">[whitelist]</a>
-            <a data-action="edit_selected" data-item="<?=$active_bans['network'];?>" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"blacklist"}' href="#">[blacklist]</a>
+            <a data-action="edit_selected" data-item="<?=$active_bans['network'];?>" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"blacklist"}' href="#">[blacklist (<b>needs restart</b>)]</a>
            <?php
            else:
            ?>
--- a/data/web/inc/functions.fail2ban.inc.php
+++ b/data/web/inc/functions.fail2ban.inc.php
@ -131,7 +131,7 @@ function fail2ban($_action, $_data = null) {
              if (valid_network($network)) {
                $redis->hSet('F2B_BLACKLIST', $network, 1);
                $redis->hDel('F2B_WHITELIST', $network, 1);
-                $response = docker('post', 'netfilter-mailcow', 'restart');
+                //$response = docker('post', 'netfilter-mailcow', 'restart');
              }
              else  {
                $_SESSION['return'][] = array(
--- a/data/web/oauth/authorize.php
+++ b/data/web/oauth/authorize.php
@ -50,7 +50,6 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
    </div>
  </div>
 </div> <!-- /container -->
-<script src="../js/authorize.js"></script>
 <?php
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';
 exit();
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -68,7 +68,7 @@ services:
            - clamd

    rspamd-mailcow:
-      image: mailcow/rspamd:1.48
+      image: mailcow/rspamd:1.49
      build: ./data/Dockerfiles/rspamd
      stop_grace_period: 30s
      depends_on:
@ -96,7 +96,7 @@ services:
            - rspamd

    php-fpm-mailcow:
-      image: mailcow/phpfpm:1.49
+      image: mailcow/phpfpm:1.50
      build: ./data/Dockerfiles/phpfpm
      command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
      depends_on:
@ -105,6 +105,7 @@ services:
        - ./data/hooks/dovecot:/hooks
        - ./data/web:/web:rw
        - ./data/conf/rspamd/dynmaps:/dynmaps:ro
+        - ./data/conf/rspamd/custom/:/rspamd_custom_maps:rw
        - rspamd-vol-1:/var/lib/rspamd
        - mysql-socket-vol-1:/var/run/mysqld/
        - ./data/conf/sogo/:/etc/sogo/