d8e356f590
[SOGo] Revert to previous settings
2019-03-18 01:36:32 +01:00
a614d64615
[SOGo] Adjust sync parameters, revert if you run into problems!
2019-03-14 08:59:24 +01:00
d449984a66
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2019-03-12 23:39:57 +01:00
fc63661fbd
[Solr] Change default configset before bootstrapping
...
[Solr] Bootstrap cannot be omitted and must occur before mounting the data directory
2019-03-12 23:15:26 +01:00
70c424caa2
[Web] Fix rejected mails not being quarantized properly if they are tagged
2019-03-12 11:26:33 +01:00
1c3daedc39
[Rspamd] Remove headers var from dyn maps
2019-03-12 01:28:04 +01:00
40a826a347
Fix rejected mails not being quarantized properly if they are tagged
2019-03-11 15:31:21 +01:00
4bbb6d78e3
fix solr query ngram
2019-03-10 17:20:46 +01:00
ae19d81f2d
Merge branch 'master' into admin-login
2019-03-10 10:38:42 +01:00
216451ed43
Merge branch 'master' into admin-login
2019-03-10 09:51:12 +01:00
0a1e71f7ec
[Dovecot] Use dovecot-fts core
2019-03-10 09:40:31 +01:00
c7c115d63a
[Solr] Use fixed, recommended schema but add EdgeNGramFilterFactory
2019-03-10 09:40:04 +01:00
2443e956eb
[Rspamd] Remove buggy last-modified check
2019-03-08 12:43:05 +01:00
d124fa1d5b
[Rspamd] Check if filterconf table was changed and return Last-Modified accordingly
2019-03-07 11:44:38 +01:00
e04e15ed23
[Rspamd] Mime from and rcpt can now be checked by from_mime and rcpt_mime
2019-03-07 00:07:11 +01:00
c792bbcbab
[Rspamd] make upstream an object
2019-03-07 00:05:55 +01:00
bb065dbc22
[Rspamd] Add fuzzy worker with worker-fuzzy.inc
2019-03-06 15:14:25 +01:00
9abbe7eb1d
[Postfix] Mandatory protocol for authenticated clients over 587/tcp and 465/tcp is now TLSv1.0+ (reverts previous protocol change for authenticated users only)
...
[Postfix] Force route localhost$ over local:
2019-03-06 15:09:28 +01:00
6dc5318673
[Rspamd] Delete rspamd.conf.local
2019-03-06 15:08:18 +01:00
4d32eb49ee
[Dovecot] Revert to TLS1+
2019-03-04 17:57:44 +01:00
0375703198
[Postfix] Fix mandatory encryption protocols and always require at least TLS 1.2 for LMTP
2019-03-03 12:11:39 +01:00
eccf3ff4da
[Postfix] Mandatory encryption protocol is now min. TLS 1.2
2019-03-03 12:09:10 +01:00
69f54b99a1
[Dovecot] ssl_min_protocol is now TLS 1.2
2019-03-03 12:08:26 +01:00
a110378000
always check basic auth against user database for EAS and SOGo if ALLOW_ADMIN_EMAIL_LOGIN is enabled
2019-02-27 23:06:19 +01:00
38911034c3
Don't break DAV
2019-02-26 22:13:37 +01:00
ae512018a8
[Postfix] Remove sasl requiring policies from port 25
2019-02-26 21:37:08 +01:00
dd6d253ac0
add random masterpass for sogo admin login
...
add required headers for sogo proxy auth with password
add SOGoEncryptionKey
add SOGoTrustProxyAuthentication only conditionally if feature is enabled
2019-02-26 09:02:35 +01:00
b0584b7699
[Dovecot] Remove vacation-seconds from global-only
2019-02-25 10:22:00 +01:00
57312ad605
[Compose] Add ALLOW_ADMIN_EMAIL_LOGIN to sogo-mailcow to trigger bootstrap on change
...
[Compose] Static IPv4 for Dovecot
[SOGo] Remove SOGoIMAPServer from sogo.conf
[SOGo] Add SOGoIMAPServer to bootstrap process
[Nginx] Disallow editAccount for other accounts than 0 (own)
2019-02-25 00:00:32 +01:00
298a8d24e9
Merge pull request #2360 from mhofer117/allow-admin-email-login
...
Allow admins to login as email user (without any password)
2019-02-24 18:49:13 +01:00
108e808d06
[Rspamd] Reduce SOGO_CONTACT score to -99
2019-02-23 23:46:01 +01:00
9a9079baa5
Update sogo.auth_request.template.sh
2019-02-23 22:29:14 +01:00
0c8f217f49
Update sogo.auth_request.template.sh
...
Don't want to split hairs! Just consistency. :)
2019-02-23 22:20:09 +01:00
cac67db203
add config ALLOW_ADMIN_EMAIL_LOGIN and implement password-less SOGo login admins
2019-02-23 17:59:18 +01:00
28a3f5ca8c
[Dovecot] Add flags and notify to sieve_extensions
2019-02-22 18:25:35 +01:00
1092d98499
[Dovecot] Enable sieve vacation seconds not just for global scripts
2019-02-22 10:52:18 +01:00
02b015a359
[Rspamd] Lower history nrows
2019-02-14 11:11:20 +01:00
260421448d
Update clamd.conf
...
AlertOLE2Macros, default should be set to NO
With this option enabled OLE2 files containing VBA macros, which were NOT detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
This causes most microsoft office document files which contains macros to be blocked. Majority of corporate documents mailed contain macros. When the option is set to NO, emails are still checked for known malicious macros.
Due to any message failing clamav being set to a 2000 score, this causes all legitimate emails with harmless macros to be blocked.
The default for debian/ubuntu is to set this to NO
cPanel, iredmail, etc all have this option set to NO
2019-02-13 09:50:29 +02:00
5efdf71120
[Nginx] Add qhandler rewrite
...
[Web] Move theme header include, fixes #2267
2019-02-06 10:14:56 +01:00
c57a544c52
[Postfix] Disable auth on port 25
2019-02-05 10:35:32 +01:00
7a96516fad
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2019-02-05 00:05:00 +01:00
6f478ed2a3
[Rspamd] Set history lines to 10000
2019-02-05 00:02:56 +01:00
aa1e03476d
[Dovecot] Enable quota notifications
2019-02-04 23:59:31 +01:00
c06e4c81cf
Enable TLSv1.3 finally
...
With Alpine 3.9 https://pkgs.alpinelinux.org/package/v3.9/main/x86/openssl we got OpenSSL 1.1.1a.
With https://github.com/docker-library/official-images/pull/5377 it was merged into the Nginx upstream image and thus Nginx was built with it.
2019-02-01 01:04:13 +01:00
6ad8798d5c
[Nginx] Compress some files, don't compress proxy answers
2019-01-31 17:07:49 +01:00
14901eed64
[Nginx] Remove broken locations
2019-01-31 15:58:35 +01:00
60f9968134
[Nginx] Add compression, change expires
2019-01-31 15:45:57 +01:00
b3f84d2c78
[Dovecot] Remove break-imap-search (it is a default setting)
2019-01-29 13:25:35 +01:00
8da54e5194
[Rspamd] Split global wl from to mime-from and smtp-from
2019-01-29 12:11:10 +01:00
07392b7437
[Watchdog] Use stackoverflow.com for DNS check
...
[Git] Ignore mail_plugins*
[Dovecot] Read mail_plugins from dynamically generated file
[Dovecot] Encrypt FTS
[Dovecot] Add break_imap_seach option to Solr
[Web] Add ability to send quarantine notification mails
[Web] Minor style fixes
[Web] Add new MAILBOX_DEFAULT_ATTRIBUTES (doc updates, anyone? :-( )
[Web] Use rcpt_smtp if rcpt_mime is not set
[Web] Other minor fixes
2019-01-29 00:20:39 +01:00
d6efc2fcd3
[Rspamd] Fix metadata_exporter
...
[Web] Show subjet in quarantine
[Compose] Update Rspamd image
2019-01-17 22:00:18 +01:00
2e8bd8b3c4
[Dovecot] Add czech folder names to namespace
2019-01-16 23:47:15 +01:00
a2b52e0969
[Dovecot] Use Solr for LMTP
2019-01-16 22:19:40 +01:00
f3dfe346bf
[Dovecot] Allow setting ACL_ANYONE in mailcow.conf
2019-01-16 19:08:19 +01:00
4c176d3833
[rspamd] increased values for SPF, DKIM reject
2019-01-15 18:54:05 +01:00
17222eac94
[Rspamd] Set max_size for AV
...
[Rspamd] Set higher/lower scores for local fuzzy matches
2019-01-13 23:02:09 +01:00
2b0065d5ab
Do not apply SOGO_CONTACT for hard SPF failures
...
Fixes #1983 more completely
2019-01-13 10:28:21 +01:00
fc1c2dc87b
[ClamAV] Do not log twice
2019-01-12 08:56:02 +01:00
a520293461
[Dovecot] Add more special_use folder names
2019-01-09 18:10:36 +01:00
94d7952802
[Rspamd] Scan the whole message to be able to trigger Sanesecurity rules
...
[Rspamd] Increase add_header and greylist score
2019-01-08 13:00:56 +01:00
2baf407331
[Rspamd] preg_quote filter objects, only translate * to .* - fixes #2152
2019-01-08 12:58:27 +01:00
e42afa39a8
[ClamAV] Update to 0.101.1 (based on Debian to fix some errors)
...
[ClamAV] Some config values are deprecated and were replaced
2019-01-08 12:54:33 +01:00
9750ec5bec
Merge branch 'master' into master
2019-01-01 14:20:22 +01:00
b3896d464c
[SOGo] Remove old js file
2018-12-23 17:12:14 +01:00
e84dec3b56
[SOGo] Revert self-built SOGo
2018-12-21 19:54:32 +01:00
ad90496169
[SOGo] Add logo to config dir
...
[Web] Add missing lang strings for transport maps
2018-12-20 19:02:47 +01:00
bcd6e43665
[Postfix] Remove verbose flag from smtp service
2018-12-19 12:16:36 +01:00
cd72a4e18b
[Postfix] Split SASL passwd maps
...
[Postfix] create new smtp service to skip sender-dependent SASL map
[Postfix] Hard-bounce on SASL errors
2018-12-19 09:40:08 +01:00
534e83a218
[Nginx] New WebServerResources path
2018-12-19 09:37:07 +01:00
ed763cd668
[Rspamd] Use meta exporter to pipe meta data of ratelimited msg to Redis
2018-12-15 21:23:42 +01:00
e7427eddf3
[Rspamd] Updated values of default ratelimit settings, add info_symbol
2018-12-15 21:22:59 +01:00
497b6a39de
[Postfix] Add missing regexp map, fixes #2083
2018-12-11 17:16:53 +01:00
4755bb323b
Allow setting ACL_ANYONE in the configuration
2018-12-11 11:32:36 +01:00
9b1f51ae3f
[Git] Add allow_mailcow_local.regexp and dovecot-master.userdb
2018-12-10 23:26:28 +01:00
9b720bb07a
[Dovecot] Add master user to userdb (to be used in SOGo)
2018-12-10 23:25:37 +01:00
fa3525e2dd
[SOGo] Enable EMailAlarms
2018-12-10 23:24:49 +01:00
3a39937baf
[Rspamd] Do not apply SOGO_CONTACT for SPF fails and when sending from whitelisted host
2018-12-10 13:26:18 +01:00
e43c696204
[Rspamd] Remove SOGO_CONTACT for header from
2018-12-10 13:25:38 +01:00
c2d413bff4
[MySQL] Remove deprecated values for future use of MariaDB 10.3
2018-12-10 13:23:02 +01:00
fe95852f45
[Dovecot] Increate proc limit and default client limit
2018-12-06 16:47:41 +01:00
968f6f4157
[Rspamd] use boolean for one_shot, fixes #2066
2018-12-04 08:31:56 +01:00
e02c51b1d1
[Rspamd] Fix examples for global white/blacklist
2018-11-29 21:51:09 +01:00
d445d7d2e7
[Web] Allow actions in quarantine modal, fixes #1991
...
[Web] Fixes for Source Sans Pro font
[Rspamd] Add global rcpt blacklist and whitelist
[Compose] New Rspamd image
2018-11-27 10:20:42 +01:00
113c6fe018
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2018-11-26 10:41:44 +01:00
f76c3ee7f3
[Dovecot] Unsupported examples for IMAP auth via LDAP
...
[Rspamd] Globel whitelist/blacklist from via multimap
2018-11-26 09:06:51 +01:00
a13c2c9359
Merge pull request #1949 from patschi/patch-1
...
[Postfix] Security: Prefer server-side ciphers
2018-11-22 12:59:06 +01:00
822175f20a
Outlook-Folder-Alias
2018-11-14 22:18:02 +01:00
224a5ebd9a
[Dovecot] Enable mail_log (events: delete undelete expunge copy mailbox_delete mailbox_rename)
...
[Dovecot] Increase vsz_limit for some services to 1 G
[Dovecot] Enable auth_cache
2018-11-12 21:00:39 +01:00
1d9f820b02
[SOGo] Include custom-sogo.js to dynamically add JS to SOGo, increase textarea font of CKeditor by default
2018-11-12 09:59:49 +01:00
869e01a9a7
[Rspamd] Add fuzzy hash to msg
2018-11-12 09:57:25 +01:00
4f7f493490
[Rspamd] Add SOGo contacts to whitelist
2018-11-12 09:56:54 +01:00
e6625501e7
[Nginx] Remove Strict-Transport-Security for subdomains (prevented autoconfig from working without TLS)
2018-11-12 09:53:18 +01:00
159c36b531
[Dovecot] Create crypted mail_attachment_fs to store attachments with a min size of 128k
...
[Dovecot] Shared location to "auto:" to auto-detect legacy mailbox formats across shared mailboxes
[Dovecot] Create config service for crypted mail_attachment_fs
2018-11-12 09:52:12 +01:00
4ee546c04a
Reduce rspamd DNS timeout
...
Fixes #1957
2018-10-29 19:55:24 +01:00
f92b20c9ad
[Rspamd] Change log level to silent (see docs)
2018-10-27 13:55:55 +02:00
af5ce48e8d
[ClamAV] Remove AllowSupplementaryGroups from freshclam.conf (deprecated)
2018-10-27 13:24:14 +02:00
bf71f9b600
[Postfix] Add tls_preempt_cipherlist to SMTPS
2018-10-27 13:22:29 +02:00
42fe16250b
[Rspamd] Adjust default values for (perm) failures of DKIM and SPF
2018-10-26 20:04:41 +02:00
1dc9d3fa27
[Postfix] Security: Prefer server-side ciphers
...
Prefer server-side ciphers to prevent client-side cipher downgrade. Already enabled in Dovecot.
2018-10-25 23:37:25 +02:00
5f02c6006c
[Postfix] Do not remove user agent
2018-10-23 23:22:43 +02:00
93e0206db4
[Update] Remove mailcow_anonymize_headers.pcre checks
...
[Postfix] Rename mailcow_anonymize_headers.pcre > anonymize_headers.pcre to prevent collisions
2018-10-23 22:57:38 +02:00
66d8f33aac
[Postfix] Move "should not"-sign headers out of Postcow check to always remove them, fixes #1911
2018-10-23 21:55:55 +02:00
68f2a1c5fc
[Rspamd] Properly close additional Rspamd maps
2018-10-19 11:12:58 +02:00
73b48fc13e
[Rspamd] Remove deprecated attachments_only in AV module
...
[Rspamd] Remove old symbol score
2018-10-16 22:59:25 +02:00
51dd88abeb
[Unbound] Reduce negative max ttl to 60s and min-ttl for all other keys to 5
2018-10-16 20:14:14 +02:00
8958449e76
[Postfix] Remove headers only when mail_name matches
2018-10-16 20:11:21 +02:00
d99b8aaf69
[Postfix] Change mail_name to Postcow and only replace headers when mail_name matches
2018-10-16 10:26:41 +02:00
41c8a8bb46
disabling more functions inside php-fpm
2018-10-15 22:52:30 +02:00
83a5eda762
Merge pull request #1434 from apoc4lyps/master
...
hardening http headers
2018-10-15 22:48:50 +02:00
abd0a1b337
[PHP-FPM] Disable some functions by default
2018-10-15 20:52:39 +02:00
a844adde0f
[Postfix] Add mailcow_anonymize_headers to default config
2018-10-15 20:52:06 +02:00
c80fe40669
[Unbound] Do not allow from all (dangerous for setups with incorrect netfilter setups)
2018-10-12 11:35:45 +02:00
1fce562434
[Dovecot] Set imap_max_line_length = 2 M
2018-10-12 10:56:40 +02:00
3db6af5c90
[Unbound] Trust all addresses - do not expose Unbound!
2018-10-12 10:56:17 +02:00
32f7ae1d2e
[Rspamd] Prefix quarantine error_log messages with "QUARANTINE"
...
[Rspamd] Fix quarantine max size check (it was ignored)
2018-10-11 11:55:52 +02:00
c0b590fff6
[PHP-FPM] Move max_execution_time and max_input_time to general PHP config, removed as fixed php_admin_value
2018-10-11 11:54:38 +02:00
c08149adef
[SOGo] EAS changes, larger timeout
2018-10-05 11:12:55 +02:00
f6b2a6aab2
[Postfix] Enable/create smtp_tls_policy_maps
2018-10-04 14:34:34 +02:00
2f18eb5ad0
[Nginx] Avoid php extensions, use rewrite
2018-10-04 14:34:00 +02:00
b2067cb521
[SOGo] SOGoMaximumSyncWindowSize = 99
2018-10-04 14:33:32 +02:00
b8ebdc3c58
[Postfix] Increase default message size limit to 100 MiB
2018-10-01 22:06:20 +02:00
a054182246
[Rspamd] Add desc to high spam networks
2018-09-30 18:56:35 +02:00
cdca603ff5
[Unbound] Fix logging, fixes #585
...
[Rspamd] Fix permissions of controller password file
[Unbound] Enable unbound-control
2018-09-30 14:43:18 +02:00
b008211f52
[Rspamd] Controller password placeholder
2018-09-30 09:55:50 +02:00
8439daea7e
[Rspamd] Revert adding worker-controller-password...
2018-09-30 09:54:19 +02:00
4396be2938
[Rspamd] Place socket in _rspamd home and fix permissions
...
[Compose] Remove volume for Rspamd socket
[Web] Do not exit loop on fuzzy errors when learning a message as spam
2018-09-30 09:53:25 +02:00
73b10350d0
[Rspamd] Ignore sa-rules-heinlein file, remove from index
2018-09-29 22:03:48 +02:00
0fb43f4916
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
...
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
c7cef3241f
[Rspamd] Controller worker count == 1, fixes #1716
2018-09-12 20:32:59 +02:00
1b5409f3fa
[Rspamd] Check if ip is valid (KEEP_SPAM symbol), fixes #1759
2018-09-12 15:50:42 +02:00
1499094b61
[PHP-FPM] Increase PHP memory limit for "web" to 512M
...
[Helper] Nextcloud 14
[Rspamd] Fix KEEP_SPAM lua script: skip check if ip is false
2018-09-11 19:35:21 +02:00
ea4a26eabf
[Nginx] Use SOGo web resources from local mount
2018-09-09 09:51:37 +02:00
afc18fd469
[Rspamd] Update bad asn, move KEEP_SPAM to a custom lua function
2018-09-09 09:47:47 +02:00
e5b830adea
[Dovecot] Fix shared namespace
2018-08-31 23:33:55 +02:00
6cee038a63
[Dovecot] IMPORTANT: Disables 'any' and 'all authenticated' ACL settings! See wiki how to revert this, if you need it.
2018-08-17 21:44:17 +02:00
d5e81b987b
[Dovecot] Set from address for sieve generated addresses, fixes #1662
2018-08-13 08:31:09 +02:00
02e567f76b
[Dovecot] Set CONTROL path for shared namespace and remove index
2018-08-08 23:59:38 +02:00
cf56be1843
set Referrer-Policy to strict-origin
2018-08-06 09:24:34 +02:00
d83537cda0
[ClamAV] Add whitelist template for ClamAV
2018-08-05 22:38:06 +02:00
66d1bc12c0
[Nginx] Set client_max_body_size = 0
2018-08-05 22:37:07 +02:00
b007975a04
[Rspamd] Rename -disable_monitored > disable_monitoring
2018-08-03 11:56:39 +02:00
59c4cc054e
[Rspamd] Deactivate neural but use a more aggressive learning method (no autolearn)
2018-07-29 23:03:49 +02:00
d8f86ae488
[Rspamd] Add local fuzzy worker
2018-07-29 00:34:36 +02:00
f1b096b36e
[Dovecot] Increase process_limit to 500, thanks to @mritzmann
2018-07-25 21:04:24 +02:00
e2ed2eab53
[Rspamd] Remove per_user settings as they were pretty much useless, some minor changes to bayes"
2018-07-25 01:06:12 +02:00
7de2607594
[Dovecot] Enable vacation-seconds with a default min period of 5s and a default period of 60s
2018-07-23 19:59:23 +02:00
a83adc4d31
[Rspamd] Remove unused user_keywords and dynamic_rates from ratelimit module
2018-07-15 12:02:37 +02:00
882ee5fee6
[Rspamd] Re-use fixed new ratelimit
2018-07-15 12:01:28 +02:00
353af8e3a4
[Rspamd] Set start and end to rcpt matching regex
2018-07-12 23:18:49 +02:00
587f37a300
[Dovecot] Remove additional hash scheme and let Dovecot decide the hash by prefix
2018-07-12 00:46:31 +02:00
andryyy
Aaron Larisch
Robert Christian
Marcel Hofer
eXtremeSHOK
Tobias "Knight" S
Aiko Appeldorn
Michael Kuron
Markus Heberling
Markus Heberling
root
Max
Patrik Kernstock
André
apoc4lyps