Commit Graph

876 Commits (6a8aa699d907f1faef9f7665d9f189b36bccb920)

Author SHA1 Message Date
andryyy 2e972fb03b
[Rspamd, Postfix] Move PTR check to Postfix 2019-11-14 10:17:14 +01:00
andryyy 99326f81de
[Rspamd, Postfix] Move PTR check to Postfix 2019-11-14 10:16:51 +01:00
andryyy c4656e00fd
[Postfix] Add hint for custom_transport.pcre 2019-11-12 20:50:21 +01:00
andryyy e1fdbba0f7
[Postfix] Add custom_transport.pcre 2019-11-12 20:44:43 +01:00
andryyy 4ccad6b0c3
[MySQL] key_buffer_size it is 2019-11-11 23:20:01 +01:00
Michael Kuron fbc7b7dce5 rspamd: Don't remove WHITELISTED_FWD_HOST if SOGO_CONTACT present (#3084) 2019-11-11 08:20:46 +01:00
andryyy 1d1a9a27c9
[MariaDB] Adjustments 2019-11-08 08:14:57 +01:00
andryyy 3235edea88
[MariaDB] Adjustments 2019-11-08 08:12:34 +01:00
andryyy 15f3a664cd
[MySQL] Disable query cache 2019-11-06 21:03:00 +01:00
andryyy 04ae2fadef
[MySQL] Reduce memory usage 2019-11-06 20:12:25 +01:00
andryyy bcc28784f7
[Rspamd] CL is not a fishy tld 2019-11-02 12:02:49 +01:00
andryyy 7f8b13434d
[Rspamd, Dovecot] Do not use Schaal rules - probably too much for Rspamd 2.x to handle, mem leak? 2019-10-31 20:43:07 +01:00
andryyy 50020bf1f0
[Rspamd] Remove neural, other gbc options 2019-10-31 19:55:42 +01:00
andryyy 6655ada308
[Rspamd] Remove unwanted options after talking to Vsevo 2019-10-31 19:03:20 +01:00
andryyy 573e62f181
[MySQL] Allow more connections 2019-10-31 06:38:12 +01:00
andryyy 59d966ab0f
[MySQL] Reduce max-connections, disallow performance_schema 2019-10-30 21:08:59 +01:00
andryyy df3d78f03b
[Rspamd] Reset logging 2019-10-30 20:18:21 +01:00
andryyy 27de9dbf92
[Rspamd] Slight changes to improve memory usage
[Web] Dirty hack to touch Rspamd maps a second time
2019-10-30 20:07:58 +01:00
andryyy c0f39e5cac Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2019-10-29 18:36:53 +01:00
andryyy a71f590b1e
[Rspamd] Remove score from neural 2019-10-29 18:36:49 +01:00
andryyy 8683e4bd9a
[Rspamd] Use last-modified headers to not read unmodified settings map every 30 seconds 2019-10-29 14:21:58 +01:00
Michael Kuron c63967f7be
Rspamd: increase redis timeout 2019-10-26 13:00:31 +02:00
andryyy be4099182b
[Rspamd] Do not log watchdog mails 2019-10-21 20:42:43 +02:00
André Peters de8cfbde03
Merge pull request #3072 from tinect/deliverCSSandJSfiles
deliver CSS and JS as external request
2019-10-21 11:18:49 +02:00
andryyy d5ee7de66a
[Rspamd] Disable info logging, re-enable silent logging, only apply MILTER_HEADERS symbol to watchdog Rspamd settings map 2019-10-20 21:48:30 +02:00
tinect cc1bf5d426 deliver CSS and JS as external request 2019-10-20 21:25:58 +02:00
Marcel Hofer f2b552c00d
Fix custom http redirects with TLS-SNI
Disable http listener for SNI ssl hosts in nginx. This allows the use of the following config again:
https://mailcow.github.io/mailcow-dockerized-docs/u_e-80_to_443/

However that documentation page should still be updated: https://github.com/mailcow/mailcow-dockerized-docs/pull/175/commits
2019-10-20 20:24:16 +02:00
Marcel Hofer 05e7c95829 [SSL] fix wildcard compare for non-bash shell 2019-10-20 17:02:54 +02:00
Marcel Hofer dcd50b2245 [SSL] restore old nginx templates. fix possible issues with custom nginx sites 2019-10-20 16:41:53 +02:00
Marcel Hofer 84c5f43438 [SSL] re-add nginx site.conf 2019-10-19 12:49:23 +02:00
Marcel Hofer 2e35da6816 [SSL] create individual domain certificates, add SNI configs for Postfix/Dovecot/Nginx 2019-10-19 12:48:56 +02:00
andryyy a606f60b54
[Nginx] Modify site to catch failed logins to /rspamd 2019-10-12 13:16:49 +02:00
andryyy ee57b5921f
[Rspamd] Various fixes for Rspamd 2.0, neural network activated, autolearning activated (auto-keeps a ratio) 2019-10-12 13:14:34 +02:00
andryyy 0cfa056faa
[Rspamd] Do not quaratine if symbol is GLOBAL_X_BL 2019-10-10 12:38:24 +02:00
andryyy 1580e4b2a5
[Nginx, SOGo] Adjustments for EAS 2019-10-06 10:12:46 +02:00
André Peters a008855991
Merge pull request #2999 from ntimo/task/api-docs
[Nginx] Fix nginx config for API docs
2019-10-04 08:51:26 +02:00
andryyy 8f7693ccdb
[Postfix] Update postscreen_access 2019-10-04 08:43:59 +02:00
André Peters 37f6ddac2e
Merge pull request #2950 from friedPotat0/postwhite
update postscreen whitelist by using postwhite
2019-10-04 08:41:29 +02:00
ntimo 6ab1304579
[Nginx] Make api docs browsable using /api and /api/ uri 2019-10-03 11:27:44 +02:00
ntimo 7c43e2e120
[Nginx] Fix nginx config for API docs 2019-10-03 11:19:17 +02:00
andryyy 0f5c930e48
Fix site 2019-10-03 11:15:53 +02:00
ntimo 5cf74f6b85
[NGINX] Make API docs accessible using /api/ 2019-10-02 22:13:47 +02:00
André Peters 9f66b83a34
Merge pull request #2965 from phenomax/postfix-no-renegotiation
[Postfix] Add NO_RENEGOTIATION to tls_ssl_options
2019-09-28 22:17:32 +02:00
andryyy 9b7668d912
[Nginx] Custom 502 2019-09-24 06:53:13 +02:00
andryyy a231ecaed5
[Rspamd] Fix ARC defaults, thanks to klausenbusk 2019-09-23 10:44:58 +02:00
andryyy 287c577fc4
[Rspamd] Set !ARC_ALLOW to SPF FAIL check 2019-09-23 10:44:26 +02:00
Max Uetrecht bbe396d3c2
[Postfix] Add NO_RENEGOTIATION to tls_ssl_options 2019-09-22 17:38:03 +02:00
andryyy b5d169cf90
[Postfix] Fix anonymize headers... 2019-09-19 06:48:21 +02:00
André Peters 1bbe1a2367
Merge pull request #2940 from ntimo/task/split-bad-words
[RSPAMD] Split bad words into multiple files per language
2019-09-18 18:35:11 +02:00
friedPotat0 ea8c002eff update postscreen whitelist 2019-09-18 15:30:43 +02:00
andryyy b3c2f683cb
[Postfix] Adjustments for RBL 2019-09-18 07:58:54 +02:00
friedPotat0 58cbf2c9c8 update postscreen whitelist by using postwhite 2019-09-17 21:27:17 +02:00
ntimo ba6c5b7197
[Rspamd] Updated bad_word maps 2019-09-17 20:39:08 +02:00
ntimo 3ca014ee79
[Rspamd] Added multimap config for bad_words_de.map 2019-09-16 18:18:56 +02:00
ntimo 005ed2cadc
[Rspamd] Split bad words into multiple files per language 2019-09-15 11:53:04 +02:00
André Peters 83cd62d46f
Merge pull request #2928 from MAGICCC/feature/remove-dnsbl-inps.de
[Postfix] Remove discontinued DNSBL dnsbl.inps.de
2019-09-10 18:07:03 +02:00
André Peters d1e56ab7bc
Update fishy_tlds.map 2019-09-10 16:48:40 +02:00
MAGIC b272ed04a0
[Postfix] Remove DNSBL dnsbl.inps.de due to legal reasons 2019-09-09 21:37:49 +02:00
André Peters 8f4d468209
Merge pull request #2916 from Thomas2500/patch-1
Disable SSL ticket support in dovecot
2019-09-09 07:47:37 +02:00
andryyy 87e99e53d9
[Postfix] Fix anonymize headers 2019-09-08 10:29:06 +02:00
Thomas Bella 3983b3d393
Disable SSL ticket support in dovecot
Because tickets are normally only generated on service start, we should disable it to provide better PFS.
2019-09-06 12:39:33 +02:00
andryyy 8608ded0ed
[Postfix] Replace Postcow header, remove authed user 2019-09-06 08:02:52 +02:00
André Peters f87beded34
Update fishy_tlds.map 2019-09-05 14:32:04 +02:00
andryyy 0d5df21ffc
[Postfix] Route watchdog@localhost to local7 discard 2019-09-04 23:07:35 +02:00
andryyy 8d0b2678fe
[Rspamd] Remove some TLDs from fishy map 2019-09-04 08:14:35 +02:00
andryyy 1495bda2e1
[Postfix] Add info about extra.cf 2019-09-02 18:39:08 +02:00
andryyy 1bdf861177 [Postfix] Add comments to config files, cleanup a bit 2019-09-02 09:31:30 +02:00
andryyy 9c714b34a4
[Rspamd] Bad word update and score change 2019-08-30 19:30:38 +02:00
andryyy 569296dcdc
[Rspamd] More bad words - todo: split by language 2019-08-30 18:54:54 +02:00
andryyy 5a89dc114d
[Rspamd] Minor changes to fishy tlds and bad words 2019-08-29 18:57:37 +02:00
andryyy 6e82a35929
[Rspamd] Important fix for fishy maps 2019-08-28 15:04:53 +02:00
andryyy 1414e9df00
[Rspamd] Reduce fishy tld score
[Compose] Update Dovecot image
2019-08-28 14:37:04 +02:00
andryyy a5d569e0ca
[Rspamd] Reduce fishy tld score 2019-08-28 14:26:01 +02:00
andryyy 01fe856d05
[Rspamd] Fix a domain name 2019-08-28 13:05:42 +02:00
andryyy 23ae0c3cc1
[Rspamd] Filter 'em bad words from 'em bad tlds 2019-08-28 13:03:15 +02:00
andryyy abf33b75f4
[Postfix] Remove Zeyple config 2019-08-25 16:00:33 +02:00
andryyy e342016534
[Rspamd] Fix scores of UCE 2019-08-22 22:08:22 +02:00
andryyy 084eb008a1
[Rspamd] Add UCE to RBL 2019-08-22 16:34:03 +02:00
andryyy 9bbf9dc68e
[Rspamd] Fix and improve settings map 2019-08-21 21:07:51 +02:00
andryyy 3a26365b51
[Rspamd] Change SA ruleset name 2019-08-21 14:37:30 +02:00
andryyy a2386434fd
[Postfix] More RBLs, lower thresholds 2019-08-16 22:17:28 +02:00
andryyy 217da8c7fc
[Postfix] Reduce threshold to 4, format list 2019-08-16 07:55:17 +02:00
andryyy 1b3a5d54ca [Postfix] Reduce RBL threshold
We should move more RBL checks to Postfix
2019-08-16 07:46:19 +02:00
andryyy 9e0381185c [Postfix] Disable UTF8 SMTP as Dovecots LMTP does not support it, also disable Zeyple 2019-08-09 14:10:31 +02:00
andryyy 5fda67223d
[Dovecot] Fix pathes 2019-07-28 21:36:09 +02:00
André Peters e00a18ab95
Update anonymize_headers.pcre 2019-07-26 07:18:58 +02:00
andryyy 9de821c3b0
[Postfix] Don't remove authed header from Received
[Compose] New watchdog image
2019-07-26 06:53:29 +02:00
andryyy db0719f068
[Rspamd] Fix IP whitelist 2019-07-22 13:50:05 +02:00
andryyy 71df10892c
[Rspamd] Add custom IP whitelist template 2019-07-22 13:38:47 +02:00
André Peters 83136c7876
Merge pull request #2789 from patschi/patch-6
Remove DMARC descriptions from polices_group
2019-07-16 21:30:44 +02:00
Patrik Kernstock 197f27b705
Remove DMARC descriptions from polices_group
Remove descriptions as they are inherited from the default rspamd configuration anyway
2019-07-16 20:15:11 +02:00
Michael Kuron cecbbe9e82
Remove score from R_DKIM_PERMFAIL
This error happens when there is no public key in DNS for that selector.
2019-07-16 20:03:37 +02:00
andryyy 3c3bcf8c82
[Postfix] Set compatibility_level to 2 2019-07-13 14:44:17 +02:00
andryyy eb760543d9 Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2019-07-13 09:23:51 +02:00
andryyy 568e166478
[Unbound] Update base to Alpine 3.10 to use Unbound 1.9
[Unbound] Set unwanted-reply-threshold: 10000
2019-07-13 09:22:03 +02:00
andryyy 2898aa6918
[Postfix] Remove unused alias domain catch all map 2019-07-13 08:59:32 +02:00
André Peters 84f4f43b27
Update policies_group.conf 2019-07-12 23:15:27 +02:00
andryyy 2efd27e40e
[Olefy] A new container is born, thanks to @c-rosenberg
[ACME] Autoconfig is back (re-added to SAN list by default for all mail domains)
[Rspamd] Added comment to composite
2019-06-25 18:52:05 +02:00
andryyy f2d1a56104
[Rspamd] Increase OLEFY_MACRO score 2019-06-20 10:18:43 +02:00
andryyy 04940429ba
[Rspamd] Add oletools via olefy, big thanks to @c-rosenberg 2019-06-16 17:35:58 +02:00
andryyy 6f99f06c6d
[Rspamd] Add OLEFY_MACRO symbol 2019-06-16 17:35:24 +02:00
andryyy 9c347e36fc
[Rspamd] Less aggressive bayes 2019-06-16 17:34:58 +02:00
andryyy e43951331c
[Rspamd] Sign ARC inbonud, thanks to @Kraeutergarten 2019-06-11 11:41:59 +02:00
andryyy ffb008f72a Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2019-06-09 16:50:04 +02:00
andryyy de3a89ac7a
[Postfix] Remove duplicate proxy read maps, add resource maps 2019-06-09 16:49:02 +02:00
dofl fa4c4b138e
Update main.cf
Added the delay_warning_time (http://www.postfix.org/postconf.5.html#delay_warning_time) with 4 hours as setting. Postfix will inform the user that the e-mail has not been delivered, but that it will try for the next 5 days. 

There is also a setting called confirm_delay_cleared (http://www.postfix.org/postconf.5.html#confirm_delay_cleared), but according to the Postfix this can lead to a sudden burst of notifications at the end of a prolonged network outage.
2019-06-09 07:39:36 +02:00
dofl d5eeb3e8af
Update main.cf
I was looking into creating a backup mx server for a high availability mailcow setup. It seems that this is not easily done. While researching to find out how long an average SMTP server keeps trying to send to a server that is down I found that RFC 5321 advises at least 4 to 5 days. Mailcow has a custom setup of 1 day, which is very short. The user will be unaware for 5 days that his mail has not been delivered, which can be negative. But I still would like to follow the advice of the RFC.

RFC 5321, in section 4.5.4.1, has this to say:
Retries continue until the message is transmitted or the sender  up;  the give-up time generally needs to be at least 4-5 days.  It MAY be appropriate to set a shorter maximum number of retries for non-delivery notifications and equivalent error messages than for standard messages. 

Postfix default is also 5 days: http://www.postfix.org/postconf.5.html

https://tools.ietf.org/html/rfc5321#section-4.5.4
2019-06-08 15:10:46 +02:00
andryyy af46a93e76
[Postfix] Remove authed user from header 2019-06-01 22:14:48 +02:00
andryyy dcacf85a5d
[Dovecot] Rename sieve_after to global_sieve_after and create a global_sieve_before file 2019-06-01 13:53:24 +02:00
andryyy aaf0d521a2
[Postfix] Add UA header check, not enabled by default 2019-06-01 08:29:53 +02:00
andryyy 395f0f7a3d
[Rspamd] Remove authenticated user from auth results header
[Dovecot] Fix permissions of console
[Compose] New Dovecot image
2019-05-29 18:02:14 +02:00
andryyy 2757c6b5fe
[Postfix] Do not allow DSN for postscreen 2019-05-27 19:32:41 +02:00
andryyy ba14f0f113
[Rspamd] Fix spoofing detection 2019-05-20 15:14:42 +02:00
andryyy 1f365f5cff
[Dovecot] Remove shared namespace 2019-05-18 23:01:23 +02:00
andryyy 3ffa7e1f33
[Rspamd] Add SIEVE_HOST map and skip spoof check for these IPs 2019-05-18 22:44:06 +02:00
andryyy 45359bb6cf
[Rspamd] Do not apply SPOOFED_UNAUTH on ARC_ALLOW
[Dovecot] Set sieve_redirect_envelope_from to rcpt
2019-05-18 09:18:00 +02:00
andryyy 5c07cca529
[Rspamd] Change spoofed mail handling 2019-05-09 11:48:38 +02:00
andryyy 456e92c830
[Rspamd] Set to to_ip to_ip_from rate buckets to 100 / 1s 2019-05-09 11:32:16 +02:00
André Peters 61433a4488
Merge pull request #2541 from sriccio/master
Allow to easily add custom plugins to rspamd
2019-05-05 22:33:32 +02:00
andryyy 28c8c53a6e
[Rspamd] meta_exporter: return false if not matched
[Compose] Update Dovecot image
2019-05-01 22:50:38 +02:00
Howaner 17918b3e21 Added domain alias handling to quarantine mails and added recipients row to quarantine mail display
If a mail is sent to a domain alias domain and rejected, mailcow does not currently store the mail in quarantine.
This commit adds domain alias handling to the reject code and should fix this behavior.

Also added displaying of recipient addresses into the quarantine mail dialog to be able to see what mail address was "leaked".
2019-05-01 00:56:12 +02:00
andryyy 91af3d5c5a
[Rspamd] Much higher scores for DMARC failures 2019-04-30 14:00:47 +02:00
andryyy 9b303dcc0e
[Dovecot] Set default_vsz_limit = 1024 M
[Web] Form cache for user passwd change modal disabled
2019-04-24 14:46:45 +02:00
sriccio ef5cf81308 [rspamd] Allow to easily use custom rspamd lua plugins
Since rspamd 1.9.2 we'll be able to load custom modules from plugins.d
directory.

This allow to add and configure plugins easily from the
data/conf/rspamd/plugins.d

Also loading config for custom plugins need rspamd.conf.local or
optionally rspamd.conf.override.

I added support for this in the docker-compose.yml

Idea came while i was writing a custom plugin for Cyren antispam
gateway, which can be found here: https://github.com/sriccio/rspamd-plugins
2019-04-17 10:36:39 +02:00
andryyy 9f00d956f1 [Rspamd] Improve spoofing detection 2019-04-14 20:37:38 +02:00
andryyy c8047b9555 [Web] Change session timeout handling
[Rspamd] Add missing spamassassin.conf
2019-04-14 13:01:47 +02:00
andryyy fae34b8a89
I'm an idiot 2019-04-01 22:52:45 +02:00
andryyy bb12ce9edc
[Nginx] Fix site when ALLOW_ADMIN_EMAIL_LOGIN=y and reverse proxy is used, fixes #2489 2019-04-01 22:46:13 +02:00
Marcel Hofer 7d2289c3a7 Merge branch 'master' into admin-login
# Conflicts:
#	data/web/js/site/mailbox.js
2019-03-23 21:17:02 +01:00
andryyy 4aae72779a
[Dovecot] Remove auth cache 2019-03-18 14:15:02 +01:00
André Peters 3d8a46357b
Merge branch 'master' into admin-login 2019-03-18 02:03:59 +01:00
andryyy d8e356f590
[SOGo] Revert to previous settings 2019-03-18 01:36:32 +01:00
andryyy a614d64615
[SOGo] Adjust sync parameters, revert if you run into problems! 2019-03-14 08:59:24 +01:00
andryyy d449984a66 Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2019-03-12 23:39:57 +01:00
andryyy fc63661fbd
[Solr] Change default configset before bootstrapping
[Solr] Bootstrap cannot be omitted and must occur before mounting the data directory
2019-03-12 23:15:26 +01:00
André Peters 70c424caa2
[Web] Fix rejected mails not being quarantized properly if they are tagged 2019-03-12 11:26:33 +01:00
andryyy 1c3daedc39
[Rspamd] Remove headers var from dyn maps 2019-03-12 01:28:04 +01:00
Aaron Larisch 40a826a347 Fix rejected mails not being quarantized properly if they are tagged 2019-03-11 15:31:21 +01:00
Robert Christian 4bbb6d78e3
fix solr query ngram 2019-03-10 17:20:46 +01:00
André Peters ae19d81f2d
Merge branch 'master' into admin-login 2019-03-10 10:38:42 +01:00
André Peters 216451ed43
Merge branch 'master' into admin-login 2019-03-10 09:51:12 +01:00
andryyy 0a1e71f7ec
[Dovecot] Use dovecot-fts core 2019-03-10 09:40:31 +01:00
andryyy c7c115d63a
[Solr] Use fixed, recommended schema but add EdgeNGramFilterFactory 2019-03-10 09:40:04 +01:00
andryyy 2443e956eb
[Rspamd] Remove buggy last-modified check 2019-03-08 12:43:05 +01:00
andryyy d124fa1d5b
[Rspamd] Check if filterconf table was changed and return Last-Modified accordingly 2019-03-07 11:44:38 +01:00
andryyy e04e15ed23
[Rspamd] Mime from and rcpt can now be checked by from_mime and rcpt_mime 2019-03-07 00:07:11 +01:00
andryyy c792bbcbab
[Rspamd] make upstream an object 2019-03-07 00:05:55 +01:00
andryyy bb065dbc22
[Rspamd] Add fuzzy worker with worker-fuzzy.inc 2019-03-06 15:14:25 +01:00
andryyy 9abbe7eb1d
[Postfix] Mandatory protocol for authenticated clients over 587/tcp and 465/tcp is now TLSv1.0+ (reverts previous protocol change for authenticated users only)
[Postfix] Force route localhost$ over local:
2019-03-06 15:09:28 +01:00
andryyy 6dc5318673
[Rspamd] Delete rspamd.conf.local 2019-03-06 15:08:18 +01:00
andryyy 4d32eb49ee
[Dovecot] Revert to TLS1+ 2019-03-04 17:57:44 +01:00
andryyy 0375703198
[Postfix] Fix mandatory encryption protocols and always require at least TLS 1.2 for LMTP 2019-03-03 12:11:39 +01:00
andryyy eccf3ff4da
[Postfix] Mandatory encryption protocol is now min. TLS 1.2 2019-03-03 12:09:10 +01:00
andryyy 69f54b99a1
[Dovecot] ssl_min_protocol is now TLS 1.2 2019-03-03 12:08:26 +01:00
Marcel Hofer a110378000 always check basic auth against user database for EAS and SOGo if ALLOW_ADMIN_EMAIL_LOGIN is enabled 2019-02-27 23:06:19 +01:00
andryyy 38911034c3
Don't break DAV 2019-02-26 22:13:37 +01:00
andryyy ae512018a8
[Postfix] Remove sasl requiring policies from port 25 2019-02-26 21:37:08 +01:00
Marcel Hofer dd6d253ac0 add random masterpass for sogo admin login
add required headers for sogo proxy auth with password
add SOGoEncryptionKey
add SOGoTrustProxyAuthentication only conditionally if feature is enabled
2019-02-26 09:02:35 +01:00
andryyy b0584b7699
[Dovecot] Remove vacation-seconds from global-only 2019-02-25 10:22:00 +01:00
andryyy 57312ad605
[Compose] Add ALLOW_ADMIN_EMAIL_LOGIN to sogo-mailcow to trigger bootstrap on change
[Compose] Static IPv4 for Dovecot
[SOGo] Remove SOGoIMAPServer from sogo.conf
[SOGo] Add SOGoIMAPServer to bootstrap process
[Nginx] Disallow editAccount for other accounts than 0 (own)
2019-02-25 00:00:32 +01:00
André Peters 298a8d24e9
Merge pull request #2360 from mhofer117/allow-admin-email-login
Allow admins to login as email user (without any password)
2019-02-24 18:49:13 +01:00
andryyy 108e808d06
[Rspamd] Reduce SOGO_CONTACT score to -99 2019-02-23 23:46:01 +01:00
André Peters 9a9079baa5
Update sogo.auth_request.template.sh 2019-02-23 22:29:14 +01:00
André Peters 0c8f217f49
Update sogo.auth_request.template.sh
Don't want to split hairs! Just consistency. :)
2019-02-23 22:20:09 +01:00
Marcel Hofer cac67db203 add config ALLOW_ADMIN_EMAIL_LOGIN and implement password-less SOGo login admins 2019-02-23 17:59:18 +01:00
andryyy 28a3f5ca8c
[Dovecot] Add flags and notify to sieve_extensions 2019-02-22 18:25:35 +01:00
andryyy 1092d98499
[Dovecot] Enable sieve vacation seconds not just for global scripts 2019-02-22 10:52:18 +01:00
andryyy 02b015a359
[Rspamd] Lower history nrows 2019-02-14 11:11:20 +01:00
eXtremeSHOK 260421448d
Update clamd.conf
AlertOLE2Macros, default should be set to NO

With this option enabled OLE2 files containing VBA macros, which were NOT detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".

This causes most microsoft office document files which contains macros to be blocked. Majority of corporate documents mailed contain macros. When the option is set to NO, emails are still checked for known malicious macros.

Due to any message failing clamav being set to a 2000 score, this causes all legitimate emails with harmless macros to be blocked.

The default for debian/ubuntu is to set this to NO
cPanel, iredmail, etc all have this option set to NO
2019-02-13 09:50:29 +02:00
andryyy 5efdf71120
[Nginx] Add qhandler rewrite
[Web] Move theme header include, fixes #2267
2019-02-06 10:14:56 +01:00
andryyy c57a544c52
[Postfix] Disable auth on port 25 2019-02-05 10:35:32 +01:00
andryyy 7a96516fad Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2019-02-05 00:05:00 +01:00
andryyy 6f478ed2a3
[Rspamd] Set history lines to 10000 2019-02-05 00:02:56 +01:00
andryyy aa1e03476d
[Dovecot] Enable quota notifications 2019-02-04 23:59:31 +01:00
Tobias "Knight" S c06e4c81cf
Enable TLSv1.3 finally
With Alpine 3.9 https://pkgs.alpinelinux.org/package/v3.9/main/x86/openssl we got OpenSSL 1.1.1a. 
With https://github.com/docker-library/official-images/pull/5377 it was merged into the Nginx upstream image and thus Nginx was built with it.
2019-02-01 01:04:13 +01:00
andryyy 6ad8798d5c [Nginx] Compress some files, don't compress proxy answers 2019-01-31 17:07:49 +01:00
andryyy 14901eed64
[Nginx] Remove broken locations 2019-01-31 15:58:35 +01:00
andryyy 60f9968134
[Nginx] Add compression, change expires 2019-01-31 15:45:57 +01:00
andryyy b3f84d2c78
[Dovecot] Remove break-imap-search (it is a default setting) 2019-01-29 13:25:35 +01:00
andryyy 8da54e5194
[Rspamd] Split global wl from to mime-from and smtp-from 2019-01-29 12:11:10 +01:00
andryyy 07392b7437
[Watchdog] Use stackoverflow.com for DNS check
[Git] Ignore mail_plugins*
[Dovecot] Read mail_plugins from dynamically generated file
[Dovecot] Encrypt FTS
[Dovecot] Add break_imap_seach option to Solr
[Web] Add ability to send quarantine notification mails
[Web] Minor style fixes
[Web] Add new MAILBOX_DEFAULT_ATTRIBUTES (doc updates, anyone? :-( )
[Web] Use rcpt_smtp if rcpt_mime is not set
[Web] Other minor fixes
2019-01-29 00:20:39 +01:00
andryyy d6efc2fcd3
[Rspamd] Fix metadata_exporter
[Web] Show subjet in quarantine
[Compose] Update Rspamd image
2019-01-17 22:00:18 +01:00
andryyy 2e8bd8b3c4
[Dovecot] Add czech folder names to namespace 2019-01-16 23:47:15 +01:00
andryyy a2b52e0969
[Dovecot] Use Solr for LMTP 2019-01-16 22:19:40 +01:00
André Peters f3dfe346bf [Dovecot] Allow setting ACL_ANYONE in mailcow.conf 2019-01-16 19:08:19 +01:00
Aiko Appeldorn 4c176d3833 [rspamd] increased values for SPF, DKIM reject 2019-01-15 18:54:05 +01:00
andryyy 17222eac94
[Rspamd] Set max_size for AV
[Rspamd] Set higher/lower scores for local fuzzy matches
2019-01-13 23:02:09 +01:00
Michael Kuron 2b0065d5ab
Do not apply SOGO_CONTACT for hard SPF failures
Fixes #1983 more completely
2019-01-13 10:28:21 +01:00
andryyy fc1c2dc87b
[ClamAV] Do not log twice 2019-01-12 08:56:02 +01:00
André Peters a520293461
[Dovecot] Add more special_use folder names 2019-01-09 18:10:36 +01:00
andryyy 94d7952802
[Rspamd] Scan the whole message to be able to trigger Sanesecurity rules
[Rspamd] Increase add_header and greylist score
2019-01-08 13:00:56 +01:00
andryyy 2baf407331
[Rspamd] preg_quote filter objects, only translate * to .* - fixes #2152 2019-01-08 12:58:27 +01:00
andryyy e42afa39a8
[ClamAV] Update to 0.101.1 (based on Debian to fix some errors)
[ClamAV] Some config values are deprecated and were replaced
2019-01-08 12:54:33 +01:00
Markus Heberling 9750ec5bec
Merge branch 'master' into master 2019-01-01 14:20:22 +01:00
andryyy b3896d464c [SOGo] Remove old js file 2018-12-23 17:12:14 +01:00
andryyy e84dec3b56 [SOGo] Revert self-built SOGo 2018-12-21 19:54:32 +01:00
andryyy ad90496169 [SOGo] Add logo to config dir
[Web] Add missing lang strings for transport maps
2018-12-20 19:02:47 +01:00
andryyy bcd6e43665 [Postfix] Remove verbose flag from smtp service 2018-12-19 12:16:36 +01:00
andryyy cd72a4e18b [Postfix] Split SASL passwd maps
[Postfix] create new smtp service to skip sender-dependent SASL map
[Postfix] Hard-bounce on SASL errors
2018-12-19 09:40:08 +01:00
andryyy 534e83a218 [Nginx] New WebServerResources path 2018-12-19 09:37:07 +01:00
andryyy ed763cd668 [Rspamd] Use meta exporter to pipe meta data of ratelimited msg to Redis 2018-12-15 21:23:42 +01:00
andryyy e7427eddf3 [Rspamd] Updated values of default ratelimit settings, add info_symbol 2018-12-15 21:22:59 +01:00
andryyy 497b6a39de [Postfix] Add missing regexp map, fixes #2083 2018-12-11 17:16:53 +01:00
Markus Heberling 4755bb323b Allow setting ACL_ANYONE in the configuration 2018-12-11 11:32:36 +01:00
andryyy 9b1f51ae3f [Git] Add allow_mailcow_local.regexp and dovecot-master.userdb 2018-12-10 23:26:28 +01:00
andryyy 9b720bb07a [Dovecot] Add master user to userdb (to be used in SOGo) 2018-12-10 23:25:37 +01:00
andryyy fa3525e2dd [SOGo] Enable EMailAlarms 2018-12-10 23:24:49 +01:00
andryyy 3a39937baf [Rspamd] Do not apply SOGO_CONTACT for SPF fails and when sending from whitelisted host 2018-12-10 13:26:18 +01:00
andryyy e43c696204 [Rspamd] Remove SOGO_CONTACT for header from 2018-12-10 13:25:38 +01:00
andryyy c2d413bff4 [MySQL] Remove deprecated values for future use of MariaDB 10.3 2018-12-10 13:23:02 +01:00
andryyy fe95852f45 [Dovecot] Increate proc limit and default client limit 2018-12-06 16:47:41 +01:00
andryyy 968f6f4157 [Rspamd] use boolean for one_shot, fixes #2066 2018-12-04 08:31:56 +01:00
andryyy e02c51b1d1 [Rspamd] Fix examples for global white/blacklist 2018-11-29 21:51:09 +01:00
root d445d7d2e7 [Web] Allow actions in quarantine modal, fixes #1991
[Web] Fixes for Source Sans Pro font
[Rspamd] Add global rcpt blacklist and whitelist
[Compose] New Rspamd image
2018-11-27 10:20:42 +01:00
andryyy 113c6fe018 Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2018-11-26 10:41:44 +01:00
andryyy f76c3ee7f3 [Dovecot] Unsupported examples for IMAP auth via LDAP
[Rspamd] Globel whitelist/blacklist from via multimap
2018-11-26 09:06:51 +01:00
André Peters a13c2c9359
Merge pull request #1949 from patschi/patch-1
[Postfix] Security: Prefer server-side ciphers
2018-11-22 12:59:06 +01:00
Max 822175f20a
Outlook-Folder-Alias 2018-11-14 22:18:02 +01:00
andryyy 224a5ebd9a [Dovecot] Enable mail_log (events: delete undelete expunge copy mailbox_delete mailbox_rename)
[Dovecot] Increase vsz_limit for some services to 1 G
[Dovecot] Enable auth_cache
2018-11-12 21:00:39 +01:00
andryyy 1d9f820b02 [SOGo] Include custom-sogo.js to dynamically add JS to SOGo, increase textarea font of CKeditor by default 2018-11-12 09:59:49 +01:00
andryyy 869e01a9a7 [Rspamd] Add fuzzy hash to msg 2018-11-12 09:57:25 +01:00
andryyy 4f7f493490 [Rspamd] Add SOGo contacts to whitelist 2018-11-12 09:56:54 +01:00
andryyy e6625501e7 [Nginx] Remove Strict-Transport-Security for subdomains (prevented autoconfig from working without TLS) 2018-11-12 09:53:18 +01:00
andryyy 159c36b531 [Dovecot] Create crypted mail_attachment_fs to store attachments with a min size of 128k
[Dovecot] Shared location to "auto:" to auto-detect legacy mailbox formats across shared mailboxes
[Dovecot] Create config service for crypted mail_attachment_fs
2018-11-12 09:52:12 +01:00
Michael Kuron 4ee546c04a
Reduce rspamd DNS timeout
Fixes #1957
2018-10-29 19:55:24 +01:00
andryyy f92b20c9ad [Rspamd] Change log level to silent (see docs) 2018-10-27 13:55:55 +02:00
andryyy af5ce48e8d [ClamAV] Remove AllowSupplementaryGroups from freshclam.conf (deprecated) 2018-10-27 13:24:14 +02:00
andryyy bf71f9b600 [Postfix] Add tls_preempt_cipherlist to SMTPS 2018-10-27 13:22:29 +02:00
andryyy 42fe16250b [Rspamd] Adjust default values for (perm) failures of DKIM and SPF 2018-10-26 20:04:41 +02:00
Patrik Kernstock 1dc9d3fa27
[Postfix] Security: Prefer server-side ciphers
Prefer server-side ciphers to prevent client-side cipher downgrade. Already enabled in Dovecot.
2018-10-25 23:37:25 +02:00
andryyy 5f02c6006c [Postfix] Do not remove user agent 2018-10-23 23:22:43 +02:00
André 93e0206db4 [Update] Remove mailcow_anonymize_headers.pcre checks
[Postfix] Rename mailcow_anonymize_headers.pcre > anonymize_headers.pcre to prevent collisions
2018-10-23 22:57:38 +02:00
André 66d8f33aac [Postfix] Move "should not"-sign headers out of Postcow check to always remove them, fixes #1911 2018-10-23 21:55:55 +02:00
André Peters 68f2a1c5fc
[Rspamd] Properly close additional Rspamd maps 2018-10-19 11:12:58 +02:00
André 73b48fc13e [Rspamd] Remove deprecated attachments_only in AV module
[Rspamd] Remove old symbol score
2018-10-16 22:59:25 +02:00
André 51dd88abeb [Unbound] Reduce negative max ttl to 60s and min-ttl for all other keys to 5 2018-10-16 20:14:14 +02:00
André 8958449e76 [Postfix] Remove headers only when mail_name matches 2018-10-16 20:11:21 +02:00
André d99b8aaf69 [Postfix] Change mail_name to Postcow and only replace headers when mail_name matches 2018-10-16 10:26:41 +02:00
Tobias "Knight" S 41c8a8bb46
disabling more functions inside php-fpm 2018-10-15 22:52:30 +02:00
André Peters 83a5eda762
Merge pull request #1434 from apoc4lyps/master
hardening http headers
2018-10-15 22:48:50 +02:00
André abd0a1b337 [PHP-FPM] Disable some functions by default 2018-10-15 20:52:39 +02:00
André a844adde0f [Postfix] Add mailcow_anonymize_headers to default config 2018-10-15 20:52:06 +02:00
André c80fe40669 [Unbound] Do not allow from all (dangerous for setups with incorrect netfilter setups) 2018-10-12 11:35:45 +02:00
André 1fce562434 [Dovecot] Set imap_max_line_length = 2 M 2018-10-12 10:56:40 +02:00
André 3db6af5c90 [Unbound] Trust all addresses - do not expose Unbound! 2018-10-12 10:56:17 +02:00
André 32f7ae1d2e [Rspamd] Prefix quarantine error_log messages with "QUARANTINE"
[Rspamd] Fix quarantine max size check (it was ignored)
2018-10-11 11:55:52 +02:00
André c0b590fff6 [PHP-FPM] Move max_execution_time and max_input_time to general PHP config, removed as fixed php_admin_value 2018-10-11 11:54:38 +02:00
André c08149adef [SOGo] EAS changes, larger timeout 2018-10-05 11:12:55 +02:00
André f6b2a6aab2 [Postfix] Enable/create smtp_tls_policy_maps 2018-10-04 14:34:34 +02:00
André 2f18eb5ad0 [Nginx] Avoid php extensions, use rewrite 2018-10-04 14:34:00 +02:00
André b2067cb521 [SOGo] SOGoMaximumSyncWindowSize = 99 2018-10-04 14:33:32 +02:00
André b8ebdc3c58 [Postfix] Increase default message size limit to 100 MiB 2018-10-01 22:06:20 +02:00
André a054182246 [Rspamd] Add desc to high spam networks 2018-09-30 18:56:35 +02:00
André cdca603ff5 [Unbound] Fix logging, fixes #585
[Rspamd] Fix permissions of controller password file
[Unbound] Enable unbound-control
2018-09-30 14:43:18 +02:00
André b008211f52 [Rspamd] Controller password placeholder 2018-09-30 09:55:50 +02:00
André 8439daea7e [Rspamd] Revert adding worker-controller-password... 2018-09-30 09:54:19 +02:00
André 4396be2938 [Rspamd] Place socket in _rspamd home and fix permissions
[Compose] Remove volume for Rspamd socket
[Web] Do not exit loop on fuzzy errors when learning a message as spam
2018-09-30 09:53:25 +02:00
André 73b10350d0 [Rspamd] Ignore sa-rules-heinlein file, remove from index 2018-09-29 22:03:48 +02:00
André 0fb43f4916 [Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
André c7cef3241f [Rspamd] Controller worker count == 1, fixes #1716 2018-09-12 20:32:59 +02:00
André 1b5409f3fa [Rspamd] Check if ip is valid (KEEP_SPAM symbol), fixes #1759 2018-09-12 15:50:42 +02:00
André 1499094b61 [PHP-FPM] Increase PHP memory limit for "web" to 512M
[Helper] Nextcloud 14
[Rspamd] Fix KEEP_SPAM lua script: skip check if ip is false
2018-09-11 19:35:21 +02:00
André ea4a26eabf [Nginx] Use SOGo web resources from local mount 2018-09-09 09:51:37 +02:00
André afc18fd469 [Rspamd] Update bad asn, move KEEP_SPAM to a custom lua function 2018-09-09 09:47:47 +02:00
André e5b830adea [Dovecot] Fix shared namespace 2018-08-31 23:33:55 +02:00
André 6cee038a63 [Dovecot] IMPORTANT: Disables 'any' and 'all authenticated' ACL settings! See wiki how to revert this, if you need it. 2018-08-17 21:44:17 +02:00
André d5e81b987b [Dovecot] Set from address for sieve generated addresses, fixes #1662 2018-08-13 08:31:09 +02:00
André 02e567f76b [Dovecot] Set CONTROL path for shared namespace and remove index 2018-08-08 23:59:38 +02:00
apoc4lyps cf56be1843
set Referrer-Policy to strict-origin 2018-08-06 09:24:34 +02:00
André d83537cda0 [ClamAV] Add whitelist template for ClamAV 2018-08-05 22:38:06 +02:00
André 66d1bc12c0 [Nginx] Set client_max_body_size = 0 2018-08-05 22:37:07 +02:00
André b007975a04 [Rspamd] Rename -disable_monitored > disable_monitoring 2018-08-03 11:56:39 +02:00
André 59c4cc054e [Rspamd] Deactivate neural but use a more aggressive learning method (no autolearn) 2018-07-29 23:03:49 +02:00
André d8f86ae488 [Rspamd] Add local fuzzy worker 2018-07-29 00:34:36 +02:00
André f1b096b36e [Dovecot] Increase process_limit to 500, thanks to @mritzmann 2018-07-25 21:04:24 +02:00
André e2ed2eab53 [Rspamd] Remove per_user settings as they were pretty much useless, some minor changes to bayes" 2018-07-25 01:06:12 +02:00
André 7de2607594 [Dovecot] Enable vacation-seconds with a default min period of 5s and a default period of 60s 2018-07-23 19:59:23 +02:00
André a83adc4d31 [Rspamd] Remove unused user_keywords and dynamic_rates from ratelimit module 2018-07-15 12:02:37 +02:00
André 882ee5fee6 [Rspamd] Re-use fixed new ratelimit 2018-07-15 12:01:28 +02:00
André 353af8e3a4 [Rspamd] Set start and end to rcpt matching regex 2018-07-12 23:18:49 +02:00
André 587f37a300 [Dovecot] Remove additional hash scheme and let Dovecot decide the hash by prefix 2018-07-12 00:46:31 +02:00
André 2aef18d130 [Dovecot] Remove user queries from passdb + add a second passdb for additional algorithms + create userdb without password queries 2018-07-12 00:23:12 +02:00
André 1b47ae55f1 [SOGo] Set SOGoPasswordChangeEnabled = YES - allow user to change password in SOGo 2018-07-11 22:11:09 +02:00
André fa0b351da6 [Postfix] smtpd_tls_eecdh_grade = auto 2018-07-11 22:10:32 +02:00
André 37fbce855e [Rspamd] Remove autolearn from Rspamd 2018-07-03 23:24:11 +02:00
André d6a74e82e3 [ACME] Fix for CNAME response on AAAA dig request 2018-06-28 20:41:44 +02:00
André 9dc250c9f2 [Rspamd] Important fix for settings map 2018-06-28 11:48:23 +02:00
André Peters bca8920679
Revert "[Postfix] Default SMTP server security grade for EECDH key exchange" 2018-06-27 23:28:54 +02:00
elcore c386dfc11d
[Postfix] Default SMTP server security grade for EECDH key exchange 2018-06-27 03:39:54 +02:00
André 5905a3919c [Dovecot] Minor changes to ciphers, still disallow insecure ciphers 2018-06-26 07:50:17 +02:00
André a5d40a4ab6 [Postfix] Re-enable TLS 1, 1.1 and some ciphers - real-world tests have shown this setup uses TOO MANY plain text sessions due to compatibility issues 2018-06-25 22:31:23 +02:00
André b8973648ff [Rspamd] Disable default authenticated user ratelimit 2018-06-24 11:40:31 +02:00
André 8bb24a9866 [Rspamd] Load additional settings defined in web ui 2018-06-23 23:48:06 +02:00
André aa6a136c1f [Dockerapi, Dovecot] Fix missing active user filter 2018-06-20 07:25:10 +02:00
André e79429beef [PHP-FPM, Nginx] Move some PHP parameters from Nginx to FPM configuration file 2018-06-10 14:31:24 +02:00
André 27d3388579 [Rspamd] Remove antivirus debugging 2018-06-10 14:30:30 +02:00
André f15f30d53e [Dovecot] Re-enable lz4 until 2.3.2 to verify replication fix 2018-06-08 09:09:31 +02:00
André 0a44ea1a4c [Dovecot] Lz4 compression sometimes leads to strange EOF errors when replicating
[Web] Cleanup JSON API
2018-06-05 00:31:27 +02:00
André 777e469958 [ClamAV] Remove deprecated AllowSupplementaryGroups 2018-05-30 20:28:23 +02:00
André 1b35376252 [Rspamd] Remove score for CTYPE_MIXED_BOGUS and ARC_REJECT, increase DNS timeout 2018-05-30 18:40:43 +02:00