From c7e17c7fd117409a90866329ea68c13a32be5ffb Mon Sep 17 00:00:00 2001 From: andryyy Date: Wed, 21 Oct 2020 19:00:53 +0200 Subject: [PATCH] [Rspamd] Global blacklists are not prefilters anymore to not prevent them from being learned --- data/Dockerfiles/olefy/Dockerfile | 7 ++++--- data/assets/nextcloud/nextcloud.conf | 5 +++-- data/conf/rspamd/local.d/multimap.conf | 6 ++---- docker-compose.yml | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/data/Dockerfiles/olefy/Dockerfile b/data/Dockerfiles/olefy/Dockerfile index 37c8519e..05ffcc25 100644 --- a/data/Dockerfiles/olefy/Dockerfile +++ b/data/Dockerfiles/olefy/Dockerfile @@ -7,9 +7,10 @@ WORKDIR /app RUN apk add --virtual .build-deps gcc python3-dev musl-dev libffi-dev openssl-dev \ && apk add --update --no-cache python3 openssl tzdata libmagic \ && pip3 install --upgrade pip \ - && pip3 install --upgrade oletools asyncio python-magic \ - && apk del .build-deps \ - && sed -i 's/decompress_stream(bytearray(compressed_code))/bytes2str(decompress_stream(bytearray(compressed_code)))/g' /usr/lib/python3.8/site-packages/oletools/olevba.py + && pip3 install --upgrade asyncio python-magic \ + && pip3 install --upgrade https://github.com/HeinleinSupport/oletools/archive/master.zip \ + && apk del .build-deps +# && sed -i 's/decompress_stream(bytearray(compressed_code))/bytes2str(decompress_stream(bytearray(compressed_code)))/g' /usr/lib/python3.8/site-packages/oletools/olevba.py ADD https://raw.githubusercontent.com/HeinleinSupport/olefy/master/olefy.py /app/ diff --git a/data/assets/nextcloud/nextcloud.conf b/data/assets/nextcloud/nextcloud.conf index 4f4928f5..e143a791 100644 --- a/data/assets/nextcloud/nextcloud.conf +++ b/data/assets/nextcloud/nextcloud.conf @@ -12,9 +12,10 @@ server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; - ssl_protocols TLSv1.2; - ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; + ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; + ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; + ssl_ecdh_curve X25519:X448:secp384r1:secp256k1; ssl_session_cache shared:SSL:50m; ssl_session_timeout 1d; ssl_session_tickets off; diff --git a/data/conf/rspamd/local.d/multimap.conf b/data/conf/rspamd/local.d/multimap.conf index 36ebfef7..0937507d 100644 --- a/data/conf/rspamd/local.d/multimap.conf +++ b/data/conf/rspamd/local.d/multimap.conf @@ -53,8 +53,7 @@ GLOBAL_SMTP_FROM_BL { type = "from"; map = "${LOCAL_CONFDIR}/custom/global_smtp_from_blacklist.map"; regexp = true; - prefilter = true; - action = "reject"; + score = 2050; } GLOBAL_MIME_FROM_WL { @@ -72,8 +71,7 @@ GLOBAL_MIME_FROM_BL { filter = "email:addr"; map = "${LOCAL_CONFDIR}/custom/global_mime_from_blacklist.map"; regexp = true; - prefilter = true; - action = "reject"; + score = 2050; } GLOBAL_RCPT_WL { diff --git a/docker-compose.yml b/docker-compose.yml index c47c437d..009554fa 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -498,7 +498,7 @@ services: - solr olefy-mailcow: - image: mailcow/olefy:1.4 + image: mailcow/olefy:1.5 restart: always environment: - TZ=${TZ}