[Rspamd] Global blacklists are not prefilters anymore to not prevent them from being learned
parent
4ddeb317fa
commit
c7e17c7fd1
|
@ -7,9 +7,10 @@ WORKDIR /app
|
||||||
RUN apk add --virtual .build-deps gcc python3-dev musl-dev libffi-dev openssl-dev \
|
RUN apk add --virtual .build-deps gcc python3-dev musl-dev libffi-dev openssl-dev \
|
||||||
&& apk add --update --no-cache python3 openssl tzdata libmagic \
|
&& apk add --update --no-cache python3 openssl tzdata libmagic \
|
||||||
&& pip3 install --upgrade pip \
|
&& pip3 install --upgrade pip \
|
||||||
&& pip3 install --upgrade oletools asyncio python-magic \
|
&& pip3 install --upgrade asyncio python-magic \
|
||||||
&& apk del .build-deps \
|
&& pip3 install --upgrade https://github.com/HeinleinSupport/oletools/archive/master.zip \
|
||||||
&& sed -i 's/decompress_stream(bytearray(compressed_code))/bytes2str(decompress_stream(bytearray(compressed_code)))/g' /usr/lib/python3.8/site-packages/oletools/olevba.py
|
&& apk del .build-deps
|
||||||
|
# && sed -i 's/decompress_stream(bytearray(compressed_code))/bytes2str(decompress_stream(bytearray(compressed_code)))/g' /usr/lib/python3.8/site-packages/oletools/olevba.py
|
||||||
|
|
||||||
ADD https://raw.githubusercontent.com/HeinleinSupport/olefy/master/olefy.py /app/
|
ADD https://raw.githubusercontent.com/HeinleinSupport/olefy/master/olefy.py /app/
|
||||||
|
|
||||||
|
|
|
@ -12,9 +12,10 @@ server {
|
||||||
|
|
||||||
ssl_certificate /etc/ssl/mail/cert.pem;
|
ssl_certificate /etc/ssl/mail/cert.pem;
|
||||||
ssl_certificate_key /etc/ssl/mail/key.pem;
|
ssl_certificate_key /etc/ssl/mail/key.pem;
|
||||||
ssl_protocols TLSv1.2;
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
|
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
|
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
|
||||||
|
ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
|
||||||
ssl_session_cache shared:SSL:50m;
|
ssl_session_cache shared:SSL:50m;
|
||||||
ssl_session_timeout 1d;
|
ssl_session_timeout 1d;
|
||||||
ssl_session_tickets off;
|
ssl_session_tickets off;
|
||||||
|
|
|
@ -53,8 +53,7 @@ GLOBAL_SMTP_FROM_BL {
|
||||||
type = "from";
|
type = "from";
|
||||||
map = "${LOCAL_CONFDIR}/custom/global_smtp_from_blacklist.map";
|
map = "${LOCAL_CONFDIR}/custom/global_smtp_from_blacklist.map";
|
||||||
regexp = true;
|
regexp = true;
|
||||||
prefilter = true;
|
score = 2050;
|
||||||
action = "reject";
|
|
||||||
}
|
}
|
||||||
|
|
||||||
GLOBAL_MIME_FROM_WL {
|
GLOBAL_MIME_FROM_WL {
|
||||||
|
@ -72,8 +71,7 @@ GLOBAL_MIME_FROM_BL {
|
||||||
filter = "email:addr";
|
filter = "email:addr";
|
||||||
map = "${LOCAL_CONFDIR}/custom/global_mime_from_blacklist.map";
|
map = "${LOCAL_CONFDIR}/custom/global_mime_from_blacklist.map";
|
||||||
regexp = true;
|
regexp = true;
|
||||||
prefilter = true;
|
score = 2050;
|
||||||
action = "reject";
|
|
||||||
}
|
}
|
||||||
|
|
||||||
GLOBAL_RCPT_WL {
|
GLOBAL_RCPT_WL {
|
||||||
|
|
|
@ -498,7 +498,7 @@ services:
|
||||||
- solr
|
- solr
|
||||||
|
|
||||||
olefy-mailcow:
|
olefy-mailcow:
|
||||||
image: mailcow/olefy:1.4
|
image: mailcow/olefy:1.5
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
- TZ=${TZ}
|
- TZ=${TZ}
|
||||||
|
|
Loading…
Reference in New Issue