Michael Kuron
3cdbe7b73c
Reduce Rspamd DNSBL false positives ( #3311 )
...
* rspamd: ignore Spamhaus XBL for Received headers
* rspamd: ignore SORBS RBL for forwarding hosts
* rspamd: ignore RBLs for forwarding hosts
2020-02-04 12:35:52 +01:00
André Peters
60fb5498ff
Update mime_types.conf
2020-02-04 12:06:20 +01:00
André Peters
96a507c927
Update mime_types.conf
2020-02-04 12:05:24 +01:00
andryyy
d83013667b
[Rspamd] Do not normalise domains to eSLD for ARC
2020-01-19 13:17:23 +01:00
andryyy
081602def9
[Postfix] Client rcpt rate limit set to 50
2020-01-18 16:32:41 +01:00
andryyy
57af5103c7
[Rspamd] Ratelimit for bounces reduced, max_rcpt for ratelimit increased
2020-01-18 16:32:27 +01:00
Michael Kuron
4c2e13009b
rspamd: More comprehensive attachment handling ( #3273 )
...
- block all Office documents with macros
- don’t just block all doc files
- mark some more Windows executable extensions as bad
2020-01-17 22:19:12 +01:00
andryyy
4e46d44e79
[Rspamd] Allow empty envfrom for system mails, add only Dovecot to sign_networks and sign by header when sign_networks fires.
...
ARC remains active for forwards. Result: fully signed and trusted forwards and signed rejects in sieve.
2020-01-12 12:21:21 +01:00
andryyy
791e0831ad
[Rspamd] Fix DKIM, fixes #3262
2020-01-12 11:39:53 +01:00
andryyy
5f73629493
[Rspamd] Set rspamd as trusted host, rspamd is not spoofing
2020-01-10 20:39:52 +01:00
andryyy
03cbed5002
[Rspamd] allow_hdrfrom_mismatch true, auth_only false (sieve)
2020-01-10 20:39:11 +01:00
andryyy
203dd12497
[Rspamd] Fix groups
2020-01-06 18:47:51 +01:00
andryyy
6d5677eb32
[Rspamd] Decrease weight of missed charset
2020-01-05 11:34:03 +01:00
andryyy
b098696b89
[Rspamd] Fix groups.conf syntax
2020-01-05 11:24:13 +01:00
andryyy
ad1f243667
[Postfix] Set CA path for smtpd
...
[Rspamd] Split deprecated metrics.conf to actions.conf and groups.conf
2020-01-05 11:21:04 +01:00
andryyy
9157993953
[Dovecot] Enable editheaders plugin in sieve for all users
2019-12-31 14:24:33 +01:00
andryyy
58a00cf7ea
[Web, Rspamd] Add bad language map, add map to mailcow UI
2019-12-22 18:57:28 +01:00
andryyy
5a0df09361
[Rspamd] Rate .doc with +10, decrease default bayes ham score
2019-12-20 15:44:58 +01:00
andryyy
57003a8215
[Postfix] Update Postscreen whitelist
2019-12-15 22:04:45 +01:00
andryyy
8c3ab0371a
[ClamAV] Copy productive whitelist.ign to exposed configuration folder, remove direct mount of whitelist file
2019-12-14 15:12:37 +01:00
andryyy
25c2bcc8b3
[ClamAV] Force add default whitelist.ign2
2019-12-14 15:04:09 +01:00
andryyy
6564944f7a
[Postfix] Add bl.suomispam.net
2019-12-06 16:15:04 +01:00
andryyy
309f90a9b3
[Dovecot] Change LUA path
2019-12-06 10:20:47 +01:00
andryyy
7e2aa42578
[IMPORTANT] If you run Ubuntu 16.04, upgrade your kernel to linux-generic-hwe-16.04
...
[ClamAV] Remove deprecated parameter
2019-12-05 14:29:04 +01:00
andryyy
afb43c9c5b
[Dovecot] Fix app passwds: allow multiple pass hashes by using LUA construct
2019-12-03 18:50:45 +01:00
andryyy
653c058e33
[Web] Feature: Allow app passwords for imap/smtp, allow to set acl permission for app passwords (domain admin [when logged in as user] and user)
2019-12-02 11:02:19 +01:00
andryyy
0e6dfdd0fe
[Nginx] Catch case-insensitive /sogo$ request and redirect to /SOGo
2019-12-02 10:55:17 +01:00
andryyy
7b4ed3bf64
[Rspamd] Lower map watch interval
2019-12-02 10:54:22 +01:00
andryyy
9257fa90d4
[Nginx] Fix 301 to SOGo
2019-11-28 19:14:23 +01:00
andryyy
ce15dda990
[Nginx] Redirect /S|sogo* to /SOGo
2019-11-28 15:08:11 +01:00
andryyy
8badb146e9
[Unbound] Disable ipsecmod
2019-11-26 21:08:47 +01:00
andryyy
d57e2b58c1
[Rspamd] Reduce ptr fail score
2019-11-24 16:09:59 +01:00
andryyy
19d0eedeba
[Rspamd] Add FORGED_W_BAD_POLICY
2019-11-24 16:08:58 +01:00
andryyy
eeda59e048
[Postfix] Add more service labels, thanks to @christianbur
2019-11-24 15:35:56 +01:00
andryyy
5d7e365592
[Postfix] Remove test var
2019-11-24 15:23:16 +01:00
andryyy
4a36eb014c
[Postfix] TLS protocols for submission and smtps can be overriden using extra.cf (submission_smtpd_tls_mandatory_protocols and smtps_smtpd_tls_mandatory_protocols), thanks to @christianbur
...
[Postfix] Show overriding warnings when starting Postfix, but hide them in syslog output
2019-11-24 14:18:27 +01:00
andryyy
79bcbe5a51
[MySQL] Some tweaks to lower RAM consumption, thanks to @Thomas2500
2019-11-21 19:41:50 +01:00
andryyy
e0535bedbb
[Rspamd] Set new last modified when changing Rspamd settings
2019-11-18 16:42:56 +01:00
andryyy
7a87c492ed
[Rspamd] Fix bad ASN map format
2019-11-18 13:26:16 +01:00
andryyy
d67e4e83c9
[Rspamd] Increase score for BAD_REP_POLICIES
2019-11-15 23:51:48 +01:00
andryyy
e439d52ff2
[SOGo] Minor config changes
2019-11-15 17:39:32 +01:00
andryyy
56ddc4bd26
[Rspamd] Add new default reject message
...
[Rspamd] Add Sorbs
2019-11-15 07:58:04 +01:00
andryyy
64f8ed2fbc
[Rspamd] Increase invalid PTR score
2019-11-14 10:17:58 +01:00
andryyy
2e972fb03b
[Rspamd, Postfix] Move PTR check to Postfix
2019-11-14 10:17:14 +01:00
andryyy
99326f81de
[Rspamd, Postfix] Move PTR check to Postfix
2019-11-14 10:16:51 +01:00
andryyy
c4656e00fd
[Postfix] Add hint for custom_transport.pcre
2019-11-12 20:50:21 +01:00
andryyy
e1fdbba0f7
[Postfix] Add custom_transport.pcre
2019-11-12 20:44:43 +01:00
andryyy
4ccad6b0c3
[MySQL] key_buffer_size it is
2019-11-11 23:20:01 +01:00
Michael Kuron
fbc7b7dce5
rspamd: Don't remove WHITELISTED_FWD_HOST if SOGO_CONTACT present ( #3084 )
2019-11-11 08:20:46 +01:00
andryyy
1d1a9a27c9
[MariaDB] Adjustments
2019-11-08 08:14:57 +01:00
andryyy
3235edea88
[MariaDB] Adjustments
2019-11-08 08:12:34 +01:00
andryyy
15f3a664cd
[MySQL] Disable query cache
2019-11-06 21:03:00 +01:00
andryyy
04ae2fadef
[MySQL] Reduce memory usage
2019-11-06 20:12:25 +01:00
andryyy
bcc28784f7
[Rspamd] CL is not a fishy tld
2019-11-02 12:02:49 +01:00
andryyy
7f8b13434d
[Rspamd, Dovecot] Do not use Schaal rules - probably too much for Rspamd 2.x to handle, mem leak?
2019-10-31 20:43:07 +01:00
andryyy
50020bf1f0
[Rspamd] Remove neural, other gbc options
2019-10-31 19:55:42 +01:00
andryyy
6655ada308
[Rspamd] Remove unwanted options after talking to Vsevo
2019-10-31 19:03:20 +01:00
andryyy
573e62f181
[MySQL] Allow more connections
2019-10-31 06:38:12 +01:00
andryyy
59d966ab0f
[MySQL] Reduce max-connections, disallow performance_schema
2019-10-30 21:08:59 +01:00
andryyy
df3d78f03b
[Rspamd] Reset logging
2019-10-30 20:18:21 +01:00
andryyy
27de9dbf92
[Rspamd] Slight changes to improve memory usage
...
[Web] Dirty hack to touch Rspamd maps a second time
2019-10-30 20:07:58 +01:00
andryyy
c0f39e5cac
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2019-10-29 18:36:53 +01:00
andryyy
a71f590b1e
[Rspamd] Remove score from neural
2019-10-29 18:36:49 +01:00
andryyy
8683e4bd9a
[Rspamd] Use last-modified headers to not read unmodified settings map every 30 seconds
2019-10-29 14:21:58 +01:00
Michael Kuron
c63967f7be
Rspamd: increase redis timeout
2019-10-26 13:00:31 +02:00
andryyy
be4099182b
[Rspamd] Do not log watchdog mails
2019-10-21 20:42:43 +02:00
André Peters
de8cfbde03
Merge pull request #3072 from tinect/deliverCSSandJSfiles
...
deliver CSS and JS as external request
2019-10-21 11:18:49 +02:00
andryyy
d5ee7de66a
[Rspamd] Disable info logging, re-enable silent logging, only apply MILTER_HEADERS symbol to watchdog Rspamd settings map
2019-10-20 21:48:30 +02:00
tinect
cc1bf5d426
deliver CSS and JS as external request
2019-10-20 21:25:58 +02:00
Marcel Hofer
f2b552c00d
Fix custom http redirects with TLS-SNI
...
Disable http listener for SNI ssl hosts in nginx. This allows the use of the following config again:
https://mailcow.github.io/mailcow-dockerized-docs/u_e-80_to_443/
However that documentation page should still be updated: https://github.com/mailcow/mailcow-dockerized-docs/pull/175/commits
2019-10-20 20:24:16 +02:00
Marcel Hofer
05e7c95829
[SSL] fix wildcard compare for non-bash shell
2019-10-20 17:02:54 +02:00
Marcel Hofer
dcd50b2245
[SSL] restore old nginx templates. fix possible issues with custom nginx sites
2019-10-20 16:41:53 +02:00
Marcel Hofer
84c5f43438
[SSL] re-add nginx site.conf
2019-10-19 12:49:23 +02:00
Marcel Hofer
2e35da6816
[SSL] create individual domain certificates, add SNI configs for Postfix/Dovecot/Nginx
2019-10-19 12:48:56 +02:00
andryyy
a606f60b54
[Nginx] Modify site to catch failed logins to /rspamd
2019-10-12 13:16:49 +02:00
andryyy
ee57b5921f
[Rspamd] Various fixes for Rspamd 2.0, neural network activated, autolearning activated (auto-keeps a ratio)
2019-10-12 13:14:34 +02:00
andryyy
0cfa056faa
[Rspamd] Do not quaratine if symbol is GLOBAL_X_BL
2019-10-10 12:38:24 +02:00
andryyy
1580e4b2a5
[Nginx, SOGo] Adjustments for EAS
2019-10-06 10:12:46 +02:00
André Peters
a008855991
Merge pull request #2999 from ntimo/task/api-docs
...
[Nginx] Fix nginx config for API docs
2019-10-04 08:51:26 +02:00
andryyy
8f7693ccdb
[Postfix] Update postscreen_access
2019-10-04 08:43:59 +02:00
André Peters
37f6ddac2e
Merge pull request #2950 from friedPotat0/postwhite
...
update postscreen whitelist by using postwhite
2019-10-04 08:41:29 +02:00
ntimo
6ab1304579
[Nginx] Make api docs browsable using /api and /api/ uri
2019-10-03 11:27:44 +02:00
ntimo
7c43e2e120
[Nginx] Fix nginx config for API docs
2019-10-03 11:19:17 +02:00
andryyy
0f5c930e48
Fix site
2019-10-03 11:15:53 +02:00
ntimo
5cf74f6b85
[NGINX] Make API docs accessible using /api/
2019-10-02 22:13:47 +02:00
André Peters
9f66b83a34
Merge pull request #2965 from phenomax/postfix-no-renegotiation
...
[Postfix] Add NO_RENEGOTIATION to tls_ssl_options
2019-09-28 22:17:32 +02:00
andryyy
9b7668d912
[Nginx] Custom 502
2019-09-24 06:53:13 +02:00
andryyy
a231ecaed5
[Rspamd] Fix ARC defaults, thanks to klausenbusk
2019-09-23 10:44:58 +02:00
andryyy
287c577fc4
[Rspamd] Set !ARC_ALLOW to SPF FAIL check
2019-09-23 10:44:26 +02:00
Max Uetrecht
bbe396d3c2
[Postfix] Add NO_RENEGOTIATION to tls_ssl_options
2019-09-22 17:38:03 +02:00
andryyy
b5d169cf90
[Postfix] Fix anonymize headers...
2019-09-19 06:48:21 +02:00
André Peters
1bbe1a2367
Merge pull request #2940 from ntimo/task/split-bad-words
...
[RSPAMD] Split bad words into multiple files per language
2019-09-18 18:35:11 +02:00
friedPotat0
ea8c002eff
update postscreen whitelist
2019-09-18 15:30:43 +02:00
andryyy
b3c2f683cb
[Postfix] Adjustments for RBL
2019-09-18 07:58:54 +02:00
friedPotat0
58cbf2c9c8
update postscreen whitelist by using postwhite
2019-09-17 21:27:17 +02:00
ntimo
ba6c5b7197
[Rspamd] Updated bad_word maps
2019-09-17 20:39:08 +02:00
ntimo
3ca014ee79
[Rspamd] Added multimap config for bad_words_de.map
2019-09-16 18:18:56 +02:00
ntimo
005ed2cadc
[Rspamd] Split bad words into multiple files per language
2019-09-15 11:53:04 +02:00
André Peters
83cd62d46f
Merge pull request #2928 from MAGICCC/feature/remove-dnsbl-inps.de
...
[Postfix] Remove discontinued DNSBL dnsbl.inps.de
2019-09-10 18:07:03 +02:00
André Peters
d1e56ab7bc
Update fishy_tlds.map
2019-09-10 16:48:40 +02:00
MAGIC
b272ed04a0
[Postfix] Remove DNSBL dnsbl.inps.de due to legal reasons
2019-09-09 21:37:49 +02:00
André Peters
8f4d468209
Merge pull request #2916 from Thomas2500/patch-1
...
Disable SSL ticket support in dovecot
2019-09-09 07:47:37 +02:00
andryyy
87e99e53d9
[Postfix] Fix anonymize headers
2019-09-08 10:29:06 +02:00
Thomas Bella
3983b3d393
Disable SSL ticket support in dovecot
...
Because tickets are normally only generated on service start, we should disable it to provide better PFS.
2019-09-06 12:39:33 +02:00
andryyy
8608ded0ed
[Postfix] Replace Postcow header, remove authed user
2019-09-06 08:02:52 +02:00
André Peters
f87beded34
Update fishy_tlds.map
2019-09-05 14:32:04 +02:00
andryyy
0d5df21ffc
[Postfix] Route watchdog@localhost to local7 discard
2019-09-04 23:07:35 +02:00
andryyy
8d0b2678fe
[Rspamd] Remove some TLDs from fishy map
2019-09-04 08:14:35 +02:00
andryyy
1495bda2e1
[Postfix] Add info about extra.cf
2019-09-02 18:39:08 +02:00
andryyy
1bdf861177
[Postfix] Add comments to config files, cleanup a bit
2019-09-02 09:31:30 +02:00
andryyy
9c714b34a4
[Rspamd] Bad word update and score change
2019-08-30 19:30:38 +02:00
andryyy
569296dcdc
[Rspamd] More bad words - todo: split by language
2019-08-30 18:54:54 +02:00
andryyy
5a89dc114d
[Rspamd] Minor changes to fishy tlds and bad words
2019-08-29 18:57:37 +02:00
andryyy
6e82a35929
[Rspamd] Important fix for fishy maps
2019-08-28 15:04:53 +02:00
andryyy
1414e9df00
[Rspamd] Reduce fishy tld score
...
[Compose] Update Dovecot image
2019-08-28 14:37:04 +02:00
andryyy
a5d569e0ca
[Rspamd] Reduce fishy tld score
2019-08-28 14:26:01 +02:00
andryyy
01fe856d05
[Rspamd] Fix a domain name
2019-08-28 13:05:42 +02:00
andryyy
23ae0c3cc1
[Rspamd] Filter 'em bad words from 'em bad tlds
2019-08-28 13:03:15 +02:00
andryyy
abf33b75f4
[Postfix] Remove Zeyple config
2019-08-25 16:00:33 +02:00
andryyy
e342016534
[Rspamd] Fix scores of UCE
2019-08-22 22:08:22 +02:00
andryyy
084eb008a1
[Rspamd] Add UCE to RBL
2019-08-22 16:34:03 +02:00
andryyy
9bbf9dc68e
[Rspamd] Fix and improve settings map
2019-08-21 21:07:51 +02:00
andryyy
3a26365b51
[Rspamd] Change SA ruleset name
2019-08-21 14:37:30 +02:00
andryyy
a2386434fd
[Postfix] More RBLs, lower thresholds
2019-08-16 22:17:28 +02:00
andryyy
217da8c7fc
[Postfix] Reduce threshold to 4, format list
2019-08-16 07:55:17 +02:00
andryyy
1b3a5d54ca
[Postfix] Reduce RBL threshold
...
We should move more RBL checks to Postfix
2019-08-16 07:46:19 +02:00
andryyy
9e0381185c
[Postfix] Disable UTF8 SMTP as Dovecots LMTP does not support it, also disable Zeyple
2019-08-09 14:10:31 +02:00
andryyy
5fda67223d
[Dovecot] Fix pathes
2019-07-28 21:36:09 +02:00
André Peters
e00a18ab95
Update anonymize_headers.pcre
2019-07-26 07:18:58 +02:00
andryyy
9de821c3b0
[Postfix] Don't remove authed header from Received
...
[Compose] New watchdog image
2019-07-26 06:53:29 +02:00
andryyy
db0719f068
[Rspamd] Fix IP whitelist
2019-07-22 13:50:05 +02:00
andryyy
71df10892c
[Rspamd] Add custom IP whitelist template
2019-07-22 13:38:47 +02:00
André Peters
83136c7876
Merge pull request #2789 from patschi/patch-6
...
Remove DMARC descriptions from polices_group
2019-07-16 21:30:44 +02:00
Patrik Kernstock
197f27b705
Remove DMARC descriptions from polices_group
...
Remove descriptions as they are inherited from the default rspamd configuration anyway
2019-07-16 20:15:11 +02:00
Michael Kuron
cecbbe9e82
Remove score from R_DKIM_PERMFAIL
...
This error happens when there is no public key in DNS for that selector.
2019-07-16 20:03:37 +02:00
andryyy
3c3bcf8c82
[Postfix] Set compatibility_level to 2
2019-07-13 14:44:17 +02:00
andryyy
eb760543d9
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2019-07-13 09:23:51 +02:00
andryyy
568e166478
[Unbound] Update base to Alpine 3.10 to use Unbound 1.9
...
[Unbound] Set unwanted-reply-threshold: 10000
2019-07-13 09:22:03 +02:00
andryyy
2898aa6918
[Postfix] Remove unused alias domain catch all map
2019-07-13 08:59:32 +02:00
André Peters
84f4f43b27
Update policies_group.conf
2019-07-12 23:15:27 +02:00
andryyy
2efd27e40e
[Olefy] A new container is born, thanks to @c-rosenberg
...
[ACME] Autoconfig is back (re-added to SAN list by default for all mail domains)
[Rspamd] Added comment to composite
2019-06-25 18:52:05 +02:00
andryyy
f2d1a56104
[Rspamd] Increase OLEFY_MACRO score
2019-06-20 10:18:43 +02:00
andryyy
04940429ba
[Rspamd] Add oletools via olefy, big thanks to @c-rosenberg
2019-06-16 17:35:58 +02:00
andryyy
6f99f06c6d
[Rspamd] Add OLEFY_MACRO symbol
2019-06-16 17:35:24 +02:00
andryyy
9c347e36fc
[Rspamd] Less aggressive bayes
2019-06-16 17:34:58 +02:00
andryyy
e43951331c
[Rspamd] Sign ARC inbonud, thanks to @Kraeutergarten
2019-06-11 11:41:59 +02:00
andryyy
ffb008f72a
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2019-06-09 16:50:04 +02:00
andryyy
de3a89ac7a
[Postfix] Remove duplicate proxy read maps, add resource maps
2019-06-09 16:49:02 +02:00
dofl
fa4c4b138e
Update main.cf
...
Added the delay_warning_time (http://www.postfix.org/postconf.5.html#delay_warning_time ) with 4 hours as setting. Postfix will inform the user that the e-mail has not been delivered, but that it will try for the next 5 days.
There is also a setting called confirm_delay_cleared (http://www.postfix.org/postconf.5.html#confirm_delay_cleared ), but according to the Postfix this can lead to a sudden burst of notifications at the end of a prolonged network outage.
2019-06-09 07:39:36 +02:00
dofl
d5eeb3e8af
Update main.cf
...
I was looking into creating a backup mx server for a high availability mailcow setup. It seems that this is not easily done. While researching to find out how long an average SMTP server keeps trying to send to a server that is down I found that RFC 5321 advises at least 4 to 5 days. Mailcow has a custom setup of 1 day, which is very short. The user will be unaware for 5 days that his mail has not been delivered, which can be negative. But I still would like to follow the advice of the RFC.
RFC 5321, in section 4.5.4.1, has this to say:
Retries continue until the message is transmitted or the sender up; the give-up time generally needs to be at least 4-5 days. It MAY be appropriate to set a shorter maximum number of retries for non-delivery notifications and equivalent error messages than for standard messages.
Postfix default is also 5 days: http://www.postfix.org/postconf.5.html
https://tools.ietf.org/html/rfc5321#section-4.5.4
2019-06-08 15:10:46 +02:00