a4e5400f67
[Nginx] Add proxy_send_timeout and proxy_read_timeout of 300 to /SOGo
2020-02-19 21:40:45 +01:00
b5c844d704
[Postfix] IMPORTANT: Disabling TLS 1.0 and 1.1 for submission and smtps
2020-02-12 10:36:54 +01:00
77d922c05a
[Dovecot] IMPORTANT: Disabling TLS 1.0 and 1.2 - welcome to 2020
2020-02-12 09:12:24 +01:00
9d04d0ee4a
[Rspamd] Add X-Last-TLS-Session-Version header
2020-02-09 19:08:28 +01:00
82c094c77c
[Postfix] Added custom_postscreen_whitelist.cidr for a custom Postscreen wl, fixes #3313
2020-02-06 08:28:05 +01:00
8a3fc802c5
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2020-02-06 07:04:31 +01:00
a71f8ed5af
[PHP-FPM] Do not use Redis for session handling
2020-02-05 11:04:34 +01:00
ad55dd8f05
[Rspamd] Use redis master for RL operations in pipe_rl
2020-02-05 11:02:31 +01:00
23cf8995df
[Dovecot] Set replicator options by default - unused, no support or docs as of today
2020-02-05 11:01:50 +01:00
3cdbe7b73c
Reduce Rspamd DNSBL false positives ( #3311 )
...
* rspamd: ignore Spamhaus XBL for Received headers
* rspamd: ignore SORBS RBL for forwarding hosts
* rspamd: ignore RBLs for forwarding hosts
2020-02-04 12:35:52 +01:00
60fb5498ff
Update mime_types.conf
2020-02-04 12:06:20 +01:00
96a507c927
Update mime_types.conf
2020-02-04 12:05:24 +01:00
d83013667b
[Rspamd] Do not normalise domains to eSLD for ARC
2020-01-19 13:17:23 +01:00
081602def9
[Postfix] Client rcpt rate limit set to 50
2020-01-18 16:32:41 +01:00
57af5103c7
[Rspamd] Ratelimit for bounces reduced, max_rcpt for ratelimit increased
2020-01-18 16:32:27 +01:00
4c2e13009b
rspamd: More comprehensive attachment handling ( #3273 )
...
- block all Office documents with macros
- don’t just block all doc files
- mark some more Windows executable extensions as bad
2020-01-17 22:19:12 +01:00
4e46d44e79
[Rspamd] Allow empty envfrom for system mails, add only Dovecot to sign_networks and sign by header when sign_networks fires.
...
ARC remains active for forwards. Result: fully signed and trusted forwards and signed rejects in sieve.
2020-01-12 12:21:21 +01:00
791e0831ad
[Rspamd] Fix DKIM, fixes #3262
2020-01-12 11:39:53 +01:00
5f73629493
[Rspamd] Set rspamd as trusted host, rspamd is not spoofing
2020-01-10 20:39:52 +01:00
03cbed5002
[Rspamd] allow_hdrfrom_mismatch true, auth_only false (sieve)
2020-01-10 20:39:11 +01:00
203dd12497
[Rspamd] Fix groups
2020-01-06 18:47:51 +01:00
6d5677eb32
[Rspamd] Decrease weight of missed charset
2020-01-05 11:34:03 +01:00
b098696b89
[Rspamd] Fix groups.conf syntax
2020-01-05 11:24:13 +01:00
ad1f243667
[Postfix] Set CA path for smtpd
...
[Rspamd] Split deprecated metrics.conf to actions.conf and groups.conf
2020-01-05 11:21:04 +01:00
9157993953
[Dovecot] Enable editheaders plugin in sieve for all users
2019-12-31 14:24:33 +01:00
58a00cf7ea
[Web, Rspamd] Add bad language map, add map to mailcow UI
2019-12-22 18:57:28 +01:00
5a0df09361
[Rspamd] Rate .doc with +10, decrease default bayes ham score
2019-12-20 15:44:58 +01:00
57003a8215
[Postfix] Update Postscreen whitelist
2019-12-15 22:04:45 +01:00
8c3ab0371a
[ClamAV] Copy productive whitelist.ign to exposed configuration folder, remove direct mount of whitelist file
2019-12-14 15:12:37 +01:00
25c2bcc8b3
[ClamAV] Force add default whitelist.ign2
2019-12-14 15:04:09 +01:00
6564944f7a
[Postfix] Add bl.suomispam.net
2019-12-06 16:15:04 +01:00
309f90a9b3
[Dovecot] Change LUA path
2019-12-06 10:20:47 +01:00
7e2aa42578
[IMPORTANT] If you run Ubuntu 16.04, upgrade your kernel to linux-generic-hwe-16.04
...
[ClamAV] Remove deprecated parameter
2019-12-05 14:29:04 +01:00
afb43c9c5b
[Dovecot] Fix app passwds: allow multiple pass hashes by using LUA construct
2019-12-03 18:50:45 +01:00
653c058e33
[Web] Feature: Allow app passwords for imap/smtp, allow to set acl permission for app passwords (domain admin [when logged in as user] and user)
2019-12-02 11:02:19 +01:00
0e6dfdd0fe
[Nginx] Catch case-insensitive /sogo$ request and redirect to /SOGo
2019-12-02 10:55:17 +01:00
7b4ed3bf64
[Rspamd] Lower map watch interval
2019-12-02 10:54:22 +01:00
9257fa90d4
[Nginx] Fix 301 to SOGo
2019-11-28 19:14:23 +01:00
ce15dda990
[Nginx] Redirect /S|sogo* to /SOGo
2019-11-28 15:08:11 +01:00
8badb146e9
[Unbound] Disable ipsecmod
2019-11-26 21:08:47 +01:00
d57e2b58c1
[Rspamd] Reduce ptr fail score
2019-11-24 16:09:59 +01:00
19d0eedeba
[Rspamd] Add FORGED_W_BAD_POLICY
2019-11-24 16:08:58 +01:00
eeda59e048
[Postfix] Add more service labels, thanks to @christianbur
2019-11-24 15:35:56 +01:00
5d7e365592
[Postfix] Remove test var
2019-11-24 15:23:16 +01:00
4a36eb014c
[Postfix] TLS protocols for submission and smtps can be overriden using extra.cf (submission_smtpd_tls_mandatory_protocols and smtps_smtpd_tls_mandatory_protocols), thanks to @christianbur
...
[Postfix] Show overriding warnings when starting Postfix, but hide them in syslog output
2019-11-24 14:18:27 +01:00
79bcbe5a51
[MySQL] Some tweaks to lower RAM consumption, thanks to @Thomas2500
2019-11-21 19:41:50 +01:00
e0535bedbb
[Rspamd] Set new last modified when changing Rspamd settings
2019-11-18 16:42:56 +01:00
7a87c492ed
[Rspamd] Fix bad ASN map format
2019-11-18 13:26:16 +01:00
d67e4e83c9
[Rspamd] Increase score for BAD_REP_POLICIES
2019-11-15 23:51:48 +01:00
e439d52ff2
[SOGo] Minor config changes
2019-11-15 17:39:32 +01:00
56ddc4bd26
[Rspamd] Add new default reject message
...
[Rspamd] Add Sorbs
2019-11-15 07:58:04 +01:00
64f8ed2fbc
[Rspamd] Increase invalid PTR score
2019-11-14 10:17:58 +01:00
2e972fb03b
[Rspamd, Postfix] Move PTR check to Postfix
2019-11-14 10:17:14 +01:00
99326f81de
[Rspamd, Postfix] Move PTR check to Postfix
2019-11-14 10:16:51 +01:00
c4656e00fd
[Postfix] Add hint for custom_transport.pcre
2019-11-12 20:50:21 +01:00
e1fdbba0f7
[Postfix] Add custom_transport.pcre
2019-11-12 20:44:43 +01:00
4ccad6b0c3
[MySQL] key_buffer_size it is
2019-11-11 23:20:01 +01:00
fbc7b7dce5
rspamd: Don't remove WHITELISTED_FWD_HOST if SOGO_CONTACT present ( #3084 )
2019-11-11 08:20:46 +01:00
1d1a9a27c9
[MariaDB] Adjustments
2019-11-08 08:14:57 +01:00
3235edea88
[MariaDB] Adjustments
2019-11-08 08:12:34 +01:00
15f3a664cd
[MySQL] Disable query cache
2019-11-06 21:03:00 +01:00
04ae2fadef
[MySQL] Reduce memory usage
2019-11-06 20:12:25 +01:00
bcc28784f7
[Rspamd] CL is not a fishy tld
2019-11-02 12:02:49 +01:00
7f8b13434d
[Rspamd, Dovecot] Do not use Schaal rules - probably too much for Rspamd 2.x to handle, mem leak?
2019-10-31 20:43:07 +01:00
50020bf1f0
[Rspamd] Remove neural, other gbc options
2019-10-31 19:55:42 +01:00
6655ada308
[Rspamd] Remove unwanted options after talking to Vsevo
2019-10-31 19:03:20 +01:00
573e62f181
[MySQL] Allow more connections
2019-10-31 06:38:12 +01:00
59d966ab0f
[MySQL] Reduce max-connections, disallow performance_schema
2019-10-30 21:08:59 +01:00
df3d78f03b
[Rspamd] Reset logging
2019-10-30 20:18:21 +01:00
27de9dbf92
[Rspamd] Slight changes to improve memory usage
...
[Web] Dirty hack to touch Rspamd maps a second time
2019-10-30 20:07:58 +01:00
c0f39e5cac
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2019-10-29 18:36:53 +01:00
a71f590b1e
[Rspamd] Remove score from neural
2019-10-29 18:36:49 +01:00
8683e4bd9a
[Rspamd] Use last-modified headers to not read unmodified settings map every 30 seconds
2019-10-29 14:21:58 +01:00
c63967f7be
Rspamd: increase redis timeout
2019-10-26 13:00:31 +02:00
be4099182b
[Rspamd] Do not log watchdog mails
2019-10-21 20:42:43 +02:00
de8cfbde03
Merge pull request #3072 from tinect/deliverCSSandJSfiles
...
deliver CSS and JS as external request
2019-10-21 11:18:49 +02:00
d5ee7de66a
[Rspamd] Disable info logging, re-enable silent logging, only apply MILTER_HEADERS symbol to watchdog Rspamd settings map
2019-10-20 21:48:30 +02:00
cc1bf5d426
deliver CSS and JS as external request
2019-10-20 21:25:58 +02:00
f2b552c00d
Fix custom http redirects with TLS-SNI
...
Disable http listener for SNI ssl hosts in nginx. This allows the use of the following config again:
https://mailcow.github.io/mailcow-dockerized-docs/u_e-80_to_443/
However that documentation page should still be updated: https://github.com/mailcow/mailcow-dockerized-docs/pull/175/commits
2019-10-20 20:24:16 +02:00
05e7c95829
[SSL] fix wildcard compare for non-bash shell
2019-10-20 17:02:54 +02:00
dcd50b2245
[SSL] restore old nginx templates. fix possible issues with custom nginx sites
2019-10-20 16:41:53 +02:00
84c5f43438
[SSL] re-add nginx site.conf
2019-10-19 12:49:23 +02:00
2e35da6816
[SSL] create individual domain certificates, add SNI configs for Postfix/Dovecot/Nginx
2019-10-19 12:48:56 +02:00
a606f60b54
[Nginx] Modify site to catch failed logins to /rspamd
2019-10-12 13:16:49 +02:00
ee57b5921f
[Rspamd] Various fixes for Rspamd 2.0, neural network activated, autolearning activated (auto-keeps a ratio)
2019-10-12 13:14:34 +02:00
0cfa056faa
[Rspamd] Do not quaratine if symbol is GLOBAL_X_BL
2019-10-10 12:38:24 +02:00
1580e4b2a5
[Nginx, SOGo] Adjustments for EAS
2019-10-06 10:12:46 +02:00
a008855991
Merge pull request #2999 from ntimo/task/api-docs
...
[Nginx] Fix nginx config for API docs
2019-10-04 08:51:26 +02:00
8f7693ccdb
[Postfix] Update postscreen_access
2019-10-04 08:43:59 +02:00
37f6ddac2e
Merge pull request #2950 from friedPotat0/postwhite
...
update postscreen whitelist by using postwhite
2019-10-04 08:41:29 +02:00
6ab1304579
[Nginx] Make api docs browsable using /api and /api/ uri
2019-10-03 11:27:44 +02:00
7c43e2e120
[Nginx] Fix nginx config for API docs
2019-10-03 11:19:17 +02:00
0f5c930e48
Fix site
2019-10-03 11:15:53 +02:00
5cf74f6b85
[NGINX] Make API docs accessible using /api/
2019-10-02 22:13:47 +02:00
9f66b83a34
Merge pull request #2965 from phenomax/postfix-no-renegotiation
...
[Postfix] Add NO_RENEGOTIATION to tls_ssl_options
2019-09-28 22:17:32 +02:00
9b7668d912
[Nginx] Custom 502
2019-09-24 06:53:13 +02:00
a231ecaed5
[Rspamd] Fix ARC defaults, thanks to klausenbusk
2019-09-23 10:44:58 +02:00
287c577fc4
[Rspamd] Set !ARC_ALLOW to SPF FAIL check
2019-09-23 10:44:26 +02:00
bbe396d3c2
[Postfix] Add NO_RENEGOTIATION to tls_ssl_options
2019-09-22 17:38:03 +02:00
b5d169cf90
[Postfix] Fix anonymize headers...
2019-09-19 06:48:21 +02:00
1bbe1a2367
Merge pull request #2940 from ntimo/task/split-bad-words
...
[RSPAMD] Split bad words into multiple files per language
2019-09-18 18:35:11 +02:00
ea8c002eff
update postscreen whitelist
2019-09-18 15:30:43 +02:00
b3c2f683cb
[Postfix] Adjustments for RBL
2019-09-18 07:58:54 +02:00
58cbf2c9c8
update postscreen whitelist by using postwhite
2019-09-17 21:27:17 +02:00
ba6c5b7197
[Rspamd] Updated bad_word maps
2019-09-17 20:39:08 +02:00
3ca014ee79
[Rspamd] Added multimap config for bad_words_de.map
2019-09-16 18:18:56 +02:00
005ed2cadc
[Rspamd] Split bad words into multiple files per language
2019-09-15 11:53:04 +02:00
83cd62d46f
Merge pull request #2928 from MAGICCC/feature/remove-dnsbl-inps.de
...
[Postfix] Remove discontinued DNSBL dnsbl.inps.de
2019-09-10 18:07:03 +02:00
d1e56ab7bc
Update fishy_tlds.map
2019-09-10 16:48:40 +02:00
b272ed04a0
[Postfix] Remove DNSBL dnsbl.inps.de due to legal reasons
2019-09-09 21:37:49 +02:00
8f4d468209
Merge pull request #2916 from Thomas2500/patch-1
...
Disable SSL ticket support in dovecot
2019-09-09 07:47:37 +02:00
87e99e53d9
[Postfix] Fix anonymize headers
2019-09-08 10:29:06 +02:00
3983b3d393
Disable SSL ticket support in dovecot
...
Because tickets are normally only generated on service start, we should disable it to provide better PFS.
2019-09-06 12:39:33 +02:00
8608ded0ed
[Postfix] Replace Postcow header, remove authed user
2019-09-06 08:02:52 +02:00
f87beded34
Update fishy_tlds.map
2019-09-05 14:32:04 +02:00
0d5df21ffc
[Postfix] Route watchdog@localhost to local7 discard
2019-09-04 23:07:35 +02:00
8d0b2678fe
[Rspamd] Remove some TLDs from fishy map
2019-09-04 08:14:35 +02:00
1495bda2e1
[Postfix] Add info about extra.cf
2019-09-02 18:39:08 +02:00
1bdf861177
[Postfix] Add comments to config files, cleanup a bit
2019-09-02 09:31:30 +02:00
9c714b34a4
[Rspamd] Bad word update and score change
2019-08-30 19:30:38 +02:00
569296dcdc
[Rspamd] More bad words - todo: split by language
2019-08-30 18:54:54 +02:00
5a89dc114d
[Rspamd] Minor changes to fishy tlds and bad words
2019-08-29 18:57:37 +02:00
6e82a35929
[Rspamd] Important fix for fishy maps
2019-08-28 15:04:53 +02:00
1414e9df00
[Rspamd] Reduce fishy tld score
...
[Compose] Update Dovecot image
2019-08-28 14:37:04 +02:00
a5d569e0ca
[Rspamd] Reduce fishy tld score
2019-08-28 14:26:01 +02:00
01fe856d05
[Rspamd] Fix a domain name
2019-08-28 13:05:42 +02:00
23ae0c3cc1
[Rspamd] Filter 'em bad words from 'em bad tlds
2019-08-28 13:03:15 +02:00
abf33b75f4
[Postfix] Remove Zeyple config
2019-08-25 16:00:33 +02:00
e342016534
[Rspamd] Fix scores of UCE
2019-08-22 22:08:22 +02:00
084eb008a1
[Rspamd] Add UCE to RBL
2019-08-22 16:34:03 +02:00
9bbf9dc68e
[Rspamd] Fix and improve settings map
2019-08-21 21:07:51 +02:00
3a26365b51
[Rspamd] Change SA ruleset name
2019-08-21 14:37:30 +02:00
a2386434fd
[Postfix] More RBLs, lower thresholds
2019-08-16 22:17:28 +02:00
217da8c7fc
[Postfix] Reduce threshold to 4, format list
2019-08-16 07:55:17 +02:00
1b3a5d54ca
[Postfix] Reduce RBL threshold
...
We should move more RBL checks to Postfix
2019-08-16 07:46:19 +02:00
9e0381185c
[Postfix] Disable UTF8 SMTP as Dovecots LMTP does not support it, also disable Zeyple
2019-08-09 14:10:31 +02:00
5fda67223d
[Dovecot] Fix pathes
2019-07-28 21:36:09 +02:00
e00a18ab95
Update anonymize_headers.pcre
2019-07-26 07:18:58 +02:00
9de821c3b0
[Postfix] Don't remove authed header from Received
...
[Compose] New watchdog image
2019-07-26 06:53:29 +02:00
db0719f068
[Rspamd] Fix IP whitelist
2019-07-22 13:50:05 +02:00
71df10892c
[Rspamd] Add custom IP whitelist template
2019-07-22 13:38:47 +02:00
83136c7876
Merge pull request #2789 from patschi/patch-6
...
Remove DMARC descriptions from polices_group
2019-07-16 21:30:44 +02:00
197f27b705
Remove DMARC descriptions from polices_group
...
Remove descriptions as they are inherited from the default rspamd configuration anyway
2019-07-16 20:15:11 +02:00
cecbbe9e82
Remove score from R_DKIM_PERMFAIL
...
This error happens when there is no public key in DNS for that selector.
2019-07-16 20:03:37 +02:00
3c3bcf8c82
[Postfix] Set compatibility_level to 2
2019-07-13 14:44:17 +02:00
eb760543d9
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2019-07-13 09:23:51 +02:00
568e166478
[Unbound] Update base to Alpine 3.10 to use Unbound 1.9
...
[Unbound] Set unwanted-reply-threshold: 10000
2019-07-13 09:22:03 +02:00
2898aa6918
[Postfix] Remove unused alias domain catch all map
2019-07-13 08:59:32 +02:00
84f4f43b27
Update policies_group.conf
2019-07-12 23:15:27 +02:00
2efd27e40e
[Olefy] A new container is born, thanks to @c-rosenberg
...
[ACME] Autoconfig is back (re-added to SAN list by default for all mail domains)
[Rspamd] Added comment to composite
2019-06-25 18:52:05 +02:00
f2d1a56104
[Rspamd] Increase OLEFY_MACRO score
2019-06-20 10:18:43 +02:00
04940429ba
[Rspamd] Add oletools via olefy, big thanks to @c-rosenberg
2019-06-16 17:35:58 +02:00
6f99f06c6d
[Rspamd] Add OLEFY_MACRO symbol
2019-06-16 17:35:24 +02:00
9c347e36fc
[Rspamd] Less aggressive bayes
2019-06-16 17:34:58 +02:00
e43951331c
[Rspamd] Sign ARC inbonud, thanks to @Kraeutergarten
2019-06-11 11:41:59 +02:00
ffb008f72a
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2019-06-09 16:50:04 +02:00
de3a89ac7a
[Postfix] Remove duplicate proxy read maps, add resource maps
2019-06-09 16:49:02 +02:00
fa4c4b138e
Update main.cf
...
Added the delay_warning_time (http://www.postfix.org/postconf.5.html#delay_warning_time ) with 4 hours as setting. Postfix will inform the user that the e-mail has not been delivered, but that it will try for the next 5 days.
There is also a setting called confirm_delay_cleared (http://www.postfix.org/postconf.5.html#confirm_delay_cleared ), but according to the Postfix this can lead to a sudden burst of notifications at the end of a prolonged network outage.
2019-06-09 07:39:36 +02:00
d5eeb3e8af
Update main.cf
...
I was looking into creating a backup mx server for a high availability mailcow setup. It seems that this is not easily done. While researching to find out how long an average SMTP server keeps trying to send to a server that is down I found that RFC 5321 advises at least 4 to 5 days. Mailcow has a custom setup of 1 day, which is very short. The user will be unaware for 5 days that his mail has not been delivered, which can be negative. But I still would like to follow the advice of the RFC.
RFC 5321, in section 4.5.4.1, has this to say:
Retries continue until the message is transmitted or the sender up; the give-up time generally needs to be at least 4-5 days. It MAY be appropriate to set a shorter maximum number of retries for non-delivery notifications and equivalent error messages than for standard messages.
Postfix default is also 5 days: http://www.postfix.org/postconf.5.html
https://tools.ietf.org/html/rfc5321#section-4.5.4
2019-06-08 15:10:46 +02:00
af46a93e76
[Postfix] Remove authed user from header
2019-06-01 22:14:48 +02:00
dcacf85a5d
[Dovecot] Rename sieve_after to global_sieve_after and create a global_sieve_before file
2019-06-01 13:53:24 +02:00
aaf0d521a2
[Postfix] Add UA header check, not enabled by default
2019-06-01 08:29:53 +02:00
395f0f7a3d
[Rspamd] Remove authenticated user from auth results header
...
[Dovecot] Fix permissions of console
[Compose] New Dovecot image
2019-05-29 18:02:14 +02:00
2757c6b5fe
[Postfix] Do not allow DSN for postscreen
2019-05-27 19:32:41 +02:00
ba14f0f113
[Rspamd] Fix spoofing detection
2019-05-20 15:14:42 +02:00
1f365f5cff
[Dovecot] Remove shared namespace
2019-05-18 23:01:23 +02:00
3ffa7e1f33
[Rspamd] Add SIEVE_HOST map and skip spoof check for these IPs
2019-05-18 22:44:06 +02:00
45359bb6cf
[Rspamd] Do not apply SPOOFED_UNAUTH on ARC_ALLOW
...
[Dovecot] Set sieve_redirect_envelope_from to rcpt
2019-05-18 09:18:00 +02:00
5c07cca529
[Rspamd] Change spoofed mail handling
2019-05-09 11:48:38 +02:00
456e92c830
[Rspamd] Set to to_ip to_ip_from rate buckets to 100 / 1s
2019-05-09 11:32:16 +02:00
61433a4488
Merge pull request #2541 from sriccio/master
...
Allow to easily add custom plugins to rspamd
2019-05-05 22:33:32 +02:00
28c8c53a6e
[Rspamd] meta_exporter: return false if not matched
...
[Compose] Update Dovecot image
2019-05-01 22:50:38 +02:00
17918b3e21
Added domain alias handling to quarantine mails and added recipients row to quarantine mail display
...
If a mail is sent to a domain alias domain and rejected, mailcow does not currently store the mail in quarantine.
This commit adds domain alias handling to the reject code and should fix this behavior.
Also added displaying of recipient addresses into the quarantine mail dialog to be able to see what mail address was "leaked".
2019-05-01 00:56:12 +02:00
91af3d5c5a
[Rspamd] Much higher scores for DMARC failures
2019-04-30 14:00:47 +02:00
9b303dcc0e
[Dovecot] Set default_vsz_limit = 1024 M
...
[Web] Form cache for user passwd change modal disabled
2019-04-24 14:46:45 +02:00
ef5cf81308
[rspamd] Allow to easily use custom rspamd lua plugins
...
Since rspamd 1.9.2 we'll be able to load custom modules from plugins.d
directory.
This allow to add and configure plugins easily from the
data/conf/rspamd/plugins.d
Also loading config for custom plugins need rspamd.conf.local or
optionally rspamd.conf.override.
I added support for this in the docker-compose.yml
Idea came while i was writing a custom plugin for Cyren antispam
gateway, which can be found here: https://github.com/sriccio/rspamd-plugins
2019-04-17 10:36:39 +02:00
9f00d956f1
[Rspamd] Improve spoofing detection
2019-04-14 20:37:38 +02:00
c8047b9555
[Web] Change session timeout handling
...
[Rspamd] Add missing spamassassin.conf
2019-04-14 13:01:47 +02:00
fae34b8a89
I'm an idiot
2019-04-01 22:52:45 +02:00
bb12ce9edc
[Nginx] Fix site when ALLOW_ADMIN_EMAIL_LOGIN=y and reverse proxy is used, fixes #2489
2019-04-01 22:46:13 +02:00
7d2289c3a7
Merge branch 'master' into admin-login
...
# Conflicts:
# data/web/js/site/mailbox.js
2019-03-23 21:17:02 +01:00
4aae72779a
[Dovecot] Remove auth cache
2019-03-18 14:15:02 +01:00
3d8a46357b
Merge branch 'master' into admin-login
2019-03-18 02:03:59 +01:00
d8e356f590
[SOGo] Revert to previous settings
2019-03-18 01:36:32 +01:00
a614d64615
[SOGo] Adjust sync parameters, revert if you run into problems!
2019-03-14 08:59:24 +01:00
d449984a66
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2019-03-12 23:39:57 +01:00
fc63661fbd
[Solr] Change default configset before bootstrapping
...
[Solr] Bootstrap cannot be omitted and must occur before mounting the data directory
2019-03-12 23:15:26 +01:00
70c424caa2
[Web] Fix rejected mails not being quarantized properly if they are tagged
2019-03-12 11:26:33 +01:00
1c3daedc39
[Rspamd] Remove headers var from dyn maps
2019-03-12 01:28:04 +01:00
40a826a347
Fix rejected mails not being quarantized properly if they are tagged
2019-03-11 15:31:21 +01:00
4bbb6d78e3
fix solr query ngram
2019-03-10 17:20:46 +01:00
ae19d81f2d
Merge branch 'master' into admin-login
2019-03-10 10:38:42 +01:00
216451ed43
Merge branch 'master' into admin-login
2019-03-10 09:51:12 +01:00
0a1e71f7ec
[Dovecot] Use dovecot-fts core
2019-03-10 09:40:31 +01:00
c7c115d63a
[Solr] Use fixed, recommended schema but add EdgeNGramFilterFactory
2019-03-10 09:40:04 +01:00
2443e956eb
[Rspamd] Remove buggy last-modified check
2019-03-08 12:43:05 +01:00
d124fa1d5b
[Rspamd] Check if filterconf table was changed and return Last-Modified accordingly
2019-03-07 11:44:38 +01:00
e04e15ed23
[Rspamd] Mime from and rcpt can now be checked by from_mime and rcpt_mime
2019-03-07 00:07:11 +01:00
c792bbcbab
[Rspamd] make upstream an object
2019-03-07 00:05:55 +01:00
bb065dbc22
[Rspamd] Add fuzzy worker with worker-fuzzy.inc
2019-03-06 15:14:25 +01:00
9abbe7eb1d
[Postfix] Mandatory protocol for authenticated clients over 587/tcp and 465/tcp is now TLSv1.0+ (reverts previous protocol change for authenticated users only)
...
[Postfix] Force route localhost$ over local:
2019-03-06 15:09:28 +01:00
6dc5318673
[Rspamd] Delete rspamd.conf.local
2019-03-06 15:08:18 +01:00
4d32eb49ee
[Dovecot] Revert to TLS1+
2019-03-04 17:57:44 +01:00
0375703198
[Postfix] Fix mandatory encryption protocols and always require at least TLS 1.2 for LMTP
2019-03-03 12:11:39 +01:00
eccf3ff4da
[Postfix] Mandatory encryption protocol is now min. TLS 1.2
2019-03-03 12:09:10 +01:00
69f54b99a1
[Dovecot] ssl_min_protocol is now TLS 1.2
2019-03-03 12:08:26 +01:00
a110378000
always check basic auth against user database for EAS and SOGo if ALLOW_ADMIN_EMAIL_LOGIN is enabled
2019-02-27 23:06:19 +01:00
38911034c3
Don't break DAV
2019-02-26 22:13:37 +01:00
ae512018a8
[Postfix] Remove sasl requiring policies from port 25
2019-02-26 21:37:08 +01:00
dd6d253ac0
add random masterpass for sogo admin login
...
add required headers for sogo proxy auth with password
add SOGoEncryptionKey
add SOGoTrustProxyAuthentication only conditionally if feature is enabled
2019-02-26 09:02:35 +01:00
b0584b7699
[Dovecot] Remove vacation-seconds from global-only
2019-02-25 10:22:00 +01:00
57312ad605
[Compose] Add ALLOW_ADMIN_EMAIL_LOGIN to sogo-mailcow to trigger bootstrap on change
...
[Compose] Static IPv4 for Dovecot
[SOGo] Remove SOGoIMAPServer from sogo.conf
[SOGo] Add SOGoIMAPServer to bootstrap process
[Nginx] Disallow editAccount for other accounts than 0 (own)
2019-02-25 00:00:32 +01:00
298a8d24e9
Merge pull request #2360 from mhofer117/allow-admin-email-login
...
Allow admins to login as email user (without any password)
2019-02-24 18:49:13 +01:00
108e808d06
[Rspamd] Reduce SOGO_CONTACT score to -99
2019-02-23 23:46:01 +01:00
9a9079baa5
Update sogo.auth_request.template.sh
2019-02-23 22:29:14 +01:00
0c8f217f49
Update sogo.auth_request.template.sh
...
Don't want to split hairs! Just consistency. :)
2019-02-23 22:20:09 +01:00
cac67db203
add config ALLOW_ADMIN_EMAIL_LOGIN and implement password-less SOGo login admins
2019-02-23 17:59:18 +01:00
28a3f5ca8c
[Dovecot] Add flags and notify to sieve_extensions
2019-02-22 18:25:35 +01:00
1092d98499
[Dovecot] Enable sieve vacation seconds not just for global scripts
2019-02-22 10:52:18 +01:00
02b015a359
[Rspamd] Lower history nrows
2019-02-14 11:11:20 +01:00
260421448d
Update clamd.conf
...
AlertOLE2Macros, default should be set to NO
With this option enabled OLE2 files containing VBA macros, which were NOT detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
This causes most microsoft office document files which contains macros to be blocked. Majority of corporate documents mailed contain macros. When the option is set to NO, emails are still checked for known malicious macros.
Due to any message failing clamav being set to a 2000 score, this causes all legitimate emails with harmless macros to be blocked.
The default for debian/ubuntu is to set this to NO
cPanel, iredmail, etc all have this option set to NO
2019-02-13 09:50:29 +02:00
5efdf71120
[Nginx] Add qhandler rewrite
...
[Web] Move theme header include, fixes #2267
2019-02-06 10:14:56 +01:00
c57a544c52
[Postfix] Disable auth on port 25
2019-02-05 10:35:32 +01:00
7a96516fad
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2019-02-05 00:05:00 +01:00
6f478ed2a3
[Rspamd] Set history lines to 10000
2019-02-05 00:02:56 +01:00
aa1e03476d
[Dovecot] Enable quota notifications
2019-02-04 23:59:31 +01:00
c06e4c81cf
Enable TLSv1.3 finally
...
With Alpine 3.9 https://pkgs.alpinelinux.org/package/v3.9/main/x86/openssl we got OpenSSL 1.1.1a.
With https://github.com/docker-library/official-images/pull/5377 it was merged into the Nginx upstream image and thus Nginx was built with it.
2019-02-01 01:04:13 +01:00
6ad8798d5c
[Nginx] Compress some files, don't compress proxy answers
2019-01-31 17:07:49 +01:00
14901eed64
[Nginx] Remove broken locations
2019-01-31 15:58:35 +01:00
60f9968134
[Nginx] Add compression, change expires
2019-01-31 15:45:57 +01:00
b3f84d2c78
[Dovecot] Remove break-imap-search (it is a default setting)
2019-01-29 13:25:35 +01:00
8da54e5194
[Rspamd] Split global wl from to mime-from and smtp-from
2019-01-29 12:11:10 +01:00
07392b7437
[Watchdog] Use stackoverflow.com for DNS check
...
[Git] Ignore mail_plugins*
[Dovecot] Read mail_plugins from dynamically generated file
[Dovecot] Encrypt FTS
[Dovecot] Add break_imap_seach option to Solr
[Web] Add ability to send quarantine notification mails
[Web] Minor style fixes
[Web] Add new MAILBOX_DEFAULT_ATTRIBUTES (doc updates, anyone? :-( )
[Web] Use rcpt_smtp if rcpt_mime is not set
[Web] Other minor fixes
2019-01-29 00:20:39 +01:00
d6efc2fcd3
[Rspamd] Fix metadata_exporter
...
[Web] Show subjet in quarantine
[Compose] Update Rspamd image
2019-01-17 22:00:18 +01:00
2e8bd8b3c4
[Dovecot] Add czech folder names to namespace
2019-01-16 23:47:15 +01:00
a2b52e0969
[Dovecot] Use Solr for LMTP
2019-01-16 22:19:40 +01:00
f3dfe346bf
[Dovecot] Allow setting ACL_ANYONE in mailcow.conf
2019-01-16 19:08:19 +01:00
4c176d3833
[rspamd] increased values for SPF, DKIM reject
2019-01-15 18:54:05 +01:00
17222eac94
[Rspamd] Set max_size for AV
...
[Rspamd] Set higher/lower scores for local fuzzy matches
2019-01-13 23:02:09 +01:00
2b0065d5ab
Do not apply SOGO_CONTACT for hard SPF failures
...
Fixes #1983 more completely
2019-01-13 10:28:21 +01:00
fc1c2dc87b
[ClamAV] Do not log twice
2019-01-12 08:56:02 +01:00
a520293461
[Dovecot] Add more special_use folder names
2019-01-09 18:10:36 +01:00
94d7952802
[Rspamd] Scan the whole message to be able to trigger Sanesecurity rules
...
[Rspamd] Increase add_header and greylist score
2019-01-08 13:00:56 +01:00
2baf407331
[Rspamd] preg_quote filter objects, only translate * to .* - fixes #2152
2019-01-08 12:58:27 +01:00
e42afa39a8
[ClamAV] Update to 0.101.1 (based on Debian to fix some errors)
...
[ClamAV] Some config values are deprecated and were replaced
2019-01-08 12:54:33 +01:00
9750ec5bec
Merge branch 'master' into master
2019-01-01 14:20:22 +01:00
b3896d464c
[SOGo] Remove old js file
2018-12-23 17:12:14 +01:00
e84dec3b56
[SOGo] Revert self-built SOGo
2018-12-21 19:54:32 +01:00
ad90496169
[SOGo] Add logo to config dir
...
[Web] Add missing lang strings for transport maps
2018-12-20 19:02:47 +01:00
bcd6e43665
[Postfix] Remove verbose flag from smtp service
2018-12-19 12:16:36 +01:00
cd72a4e18b
[Postfix] Split SASL passwd maps
...
[Postfix] create new smtp service to skip sender-dependent SASL map
[Postfix] Hard-bounce on SASL errors
2018-12-19 09:40:08 +01:00
534e83a218
[Nginx] New WebServerResources path
2018-12-19 09:37:07 +01:00
ed763cd668
[Rspamd] Use meta exporter to pipe meta data of ratelimited msg to Redis
2018-12-15 21:23:42 +01:00
e7427eddf3
[Rspamd] Updated values of default ratelimit settings, add info_symbol
2018-12-15 21:22:59 +01:00
497b6a39de
[Postfix] Add missing regexp map, fixes #2083
2018-12-11 17:16:53 +01:00
4755bb323b
Allow setting ACL_ANYONE in the configuration
2018-12-11 11:32:36 +01:00
9b1f51ae3f
[Git] Add allow_mailcow_local.regexp and dovecot-master.userdb
2018-12-10 23:26:28 +01:00
9b720bb07a
[Dovecot] Add master user to userdb (to be used in SOGo)
2018-12-10 23:25:37 +01:00
fa3525e2dd
[SOGo] Enable EMailAlarms
2018-12-10 23:24:49 +01:00
3a39937baf
[Rspamd] Do not apply SOGO_CONTACT for SPF fails and when sending from whitelisted host
2018-12-10 13:26:18 +01:00
e43c696204
[Rspamd] Remove SOGO_CONTACT for header from
2018-12-10 13:25:38 +01:00
c2d413bff4
[MySQL] Remove deprecated values for future use of MariaDB 10.3
2018-12-10 13:23:02 +01:00
fe95852f45
[Dovecot] Increate proc limit and default client limit
2018-12-06 16:47:41 +01:00
968f6f4157
[Rspamd] use boolean for one_shot, fixes #2066
2018-12-04 08:31:56 +01:00
e02c51b1d1
[Rspamd] Fix examples for global white/blacklist
2018-11-29 21:51:09 +01:00
d445d7d2e7
[Web] Allow actions in quarantine modal, fixes #1991
...
[Web] Fixes for Source Sans Pro font
[Rspamd] Add global rcpt blacklist and whitelist
[Compose] New Rspamd image
2018-11-27 10:20:42 +01:00
113c6fe018
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2018-11-26 10:41:44 +01:00
f76c3ee7f3
[Dovecot] Unsupported examples for IMAP auth via LDAP
...
[Rspamd] Globel whitelist/blacklist from via multimap
2018-11-26 09:06:51 +01:00
a13c2c9359
Merge pull request #1949 from patschi/patch-1
...
[Postfix] Security: Prefer server-side ciphers
2018-11-22 12:59:06 +01:00
822175f20a
Outlook-Folder-Alias
2018-11-14 22:18:02 +01:00
224a5ebd9a
[Dovecot] Enable mail_log (events: delete undelete expunge copy mailbox_delete mailbox_rename)
...
[Dovecot] Increase vsz_limit for some services to 1 G
[Dovecot] Enable auth_cache
2018-11-12 21:00:39 +01:00
1d9f820b02
[SOGo] Include custom-sogo.js to dynamically add JS to SOGo, increase textarea font of CKeditor by default
2018-11-12 09:59:49 +01:00
869e01a9a7
[Rspamd] Add fuzzy hash to msg
2018-11-12 09:57:25 +01:00
4f7f493490
[Rspamd] Add SOGo contacts to whitelist
2018-11-12 09:56:54 +01:00
e6625501e7
[Nginx] Remove Strict-Transport-Security for subdomains (prevented autoconfig from working without TLS)
2018-11-12 09:53:18 +01:00
159c36b531
[Dovecot] Create crypted mail_attachment_fs to store attachments with a min size of 128k
...
[Dovecot] Shared location to "auto:" to auto-detect legacy mailbox formats across shared mailboxes
[Dovecot] Create config service for crypted mail_attachment_fs
2018-11-12 09:52:12 +01:00
4ee546c04a
Reduce rspamd DNS timeout
...
Fixes #1957
2018-10-29 19:55:24 +01:00
f92b20c9ad
[Rspamd] Change log level to silent (see docs)
2018-10-27 13:55:55 +02:00
af5ce48e8d
[ClamAV] Remove AllowSupplementaryGroups from freshclam.conf (deprecated)
2018-10-27 13:24:14 +02:00
bf71f9b600
[Postfix] Add tls_preempt_cipherlist to SMTPS
2018-10-27 13:22:29 +02:00
42fe16250b
[Rspamd] Adjust default values for (perm) failures of DKIM and SPF
2018-10-26 20:04:41 +02:00
1dc9d3fa27
[Postfix] Security: Prefer server-side ciphers
...
Prefer server-side ciphers to prevent client-side cipher downgrade. Already enabled in Dovecot.
2018-10-25 23:37:25 +02:00
5f02c6006c
[Postfix] Do not remove user agent
2018-10-23 23:22:43 +02:00
93e0206db4
[Update] Remove mailcow_anonymize_headers.pcre checks
...
[Postfix] Rename mailcow_anonymize_headers.pcre > anonymize_headers.pcre to prevent collisions
2018-10-23 22:57:38 +02:00
66d8f33aac
[Postfix] Move "should not"-sign headers out of Postcow check to always remove them, fixes #1911
2018-10-23 21:55:55 +02:00
68f2a1c5fc
[Rspamd] Properly close additional Rspamd maps
2018-10-19 11:12:58 +02:00
73b48fc13e
[Rspamd] Remove deprecated attachments_only in AV module
...
[Rspamd] Remove old symbol score
2018-10-16 22:59:25 +02:00
51dd88abeb
[Unbound] Reduce negative max ttl to 60s and min-ttl for all other keys to 5
2018-10-16 20:14:14 +02:00
8958449e76
[Postfix] Remove headers only when mail_name matches
2018-10-16 20:11:21 +02:00
d99b8aaf69
[Postfix] Change mail_name to Postcow and only replace headers when mail_name matches
2018-10-16 10:26:41 +02:00
41c8a8bb46
disabling more functions inside php-fpm
2018-10-15 22:52:30 +02:00
83a5eda762
Merge pull request #1434 from apoc4lyps/master
...
hardening http headers
2018-10-15 22:48:50 +02:00
abd0a1b337
[PHP-FPM] Disable some functions by default
2018-10-15 20:52:39 +02:00
a844adde0f
[Postfix] Add mailcow_anonymize_headers to default config
2018-10-15 20:52:06 +02:00
c80fe40669
[Unbound] Do not allow from all (dangerous for setups with incorrect netfilter setups)
2018-10-12 11:35:45 +02:00
1fce562434
[Dovecot] Set imap_max_line_length = 2 M
2018-10-12 10:56:40 +02:00
3db6af5c90
[Unbound] Trust all addresses - do not expose Unbound!
2018-10-12 10:56:17 +02:00
32f7ae1d2e
[Rspamd] Prefix quarantine error_log messages with "QUARANTINE"
...
[Rspamd] Fix quarantine max size check (it was ignored)
2018-10-11 11:55:52 +02:00
c0b590fff6
[PHP-FPM] Move max_execution_time and max_input_time to general PHP config, removed as fixed php_admin_value
2018-10-11 11:54:38 +02:00
c08149adef
[SOGo] EAS changes, larger timeout
2018-10-05 11:12:55 +02:00
andryyy
Michael Kuron
tinect
Marcel Hofer
Marcel Hofer
ntimo
Max Uetrecht
friedPotat0
MAGIC
Thomas Bella
Patrik Kernstock
dofl
dofl
Howaner
sriccio
Aaron Larisch
Robert Christian
Marcel Hofer
eXtremeSHOK
Tobias "Knight" S
Aiko Appeldorn
Markus Heberling
Markus Heberling
root
Max
Patrik Kernstock
André