Commit Graph

809 Commits (6d1c0041f4292da1e5854c19fc10ed8711162c03)

Author SHA1 Message Date
andryyy dc3eb44544
[Rspamd] Add more bulk headers 2020-04-12 13:07:51 +02:00
andryyy f38be3a8b0
[Rspamd] Slightly reduce BAD REP POL score 2020-04-11 08:27:11 +02:00
andryyy cb599db61e
[Rspamd] Fix quarantine and pushover notifications 2020-04-11 08:02:15 +02:00
andryyy ccdb7fcd26
[Rspamd] Add metadata exporter for unauthed mail 2020-04-10 20:55:49 +02:00
andryyy eeea1b393c
[Rspamd] Remove upstream spam check results from mail by fwd hosts 2020-04-10 20:54:26 +02:00
andryyy 65aa7b0a92
[Rspamd] Use empty-env-from@localhost as placeholder for empty env from senders in quarantine 2020-04-08 21:55:17 +02:00
andryyy ef0b40085b
[Postfix] Allow to relay only non-local mailboxes 2020-04-03 20:39:53 +02:00
Michael Kuron ca4c7c51dc
[rspamd] Restore add header forced action (#3440)
Revert 0474de88b1. Fixed since c3a4c6d311.
2020-03-31 19:21:03 +02:00
andryyy e491b835e5
[Rspamd] And even more spam headers 2020-03-21 20:39:07 +01:00
andryyy 6a523fc497
[Rspamd] Moooore spam crap 2020-03-21 20:34:55 +01:00
andryyy d460061e7a
[Rspamd] More spam headers 2020-03-21 20:19:58 +01:00
andryyy b0ff2ddb50
[Rspamd] Add more bulk headers (feel free to contribute) 2020-03-21 20:13:44 +01:00
andryyy 0474de88b1
[Rspamd] Forced action add header seems to be broken atm, switching to rewrite subject until fixed 2020-03-10 07:20:18 +01:00
andryyy 1d0e8a9497
[Postfix] Remove default rcpt count limit 2020-03-09 13:26:52 +01:00
andryyy 537b7dad14
[Rspamd] Add fuzzy hashes to headers, if matched 2020-03-08 12:24:42 +01:00
andryyy fc460fd806
[Rspamd] Reduce CSA crap to 2.0 2020-03-06 18:16:54 +01:00
andryyy f532422726
[Rspamd, Web] Escape monitoring hosts, add regex maps to vars file 2020-03-06 08:38:01 +01:00
andryyy bbd53d7f4f
[Rspamd] Add X-CSA to bulk headers 2020-03-06 08:33:00 +01:00
andryyy d248bb660c
[Rspamd] Reduce Sorbs recent score
[Rspamd] Add annoying CSA to bulk symbols and score then with 3.2
[Rspamd] Update to 2.4
2020-03-06 07:14:06 +01:00
André Peters c7d278384a
[Web] Add slovak language (#3387) 2020-03-05 07:22:44 +01:00
andryyy c9f455a2b1
[Rspamd] Move monitoring hosts to monitoring_nolog.map file 2020-03-04 11:53:07 +01:00
Ry3nlNaToR 93965fdc30
Added mailflowmonitoring.com to no log Rspamd (#3384) 2020-03-04 06:08:54 +01:00
andryyy 580b700eec
[Rspamd] Quarantine: Set sender to null@localhost when sender is missing 2020-03-03 19:10:28 +01:00
andryyy c1907063e1
[Dovecot] Remove auto subs 2020-02-27 10:44:57 +01:00
Victor Nyberg 998c9515a2
Swedish language translation for Mailcow (#3366) 2020-02-27 06:50:03 +01:00
andryyy 49d4f6f897
[Rspamd] Set fixed name for fuzzy store 2020-02-26 14:30:44 +01:00
andryyy e1f165b9dc
[Rspamd] Add mailcow fuzzy hash store 2020-02-26 14:24:19 +01:00
andryyy c785c8f700
[Dovecot] Show last mail (pop3, imap) login in web interface 2020-02-25 19:38:20 +01:00
andryyy c9a4715dfc
[Rspamd] Disable 304 until SOGO_CONTACT triggers an update, needs rework 2020-02-25 11:14:59 +01:00
andryyy 09d15ee380 [ClamAV] Add specific db mirrors 2020-02-21 11:21:42 +01:00
andryyy b9d7519ec2
[Postfix] Set empty HELO restrictions for quarantine smtpd 2020-02-21 08:53:23 +01:00
andryyy a4e5400f67
[Nginx] Add proxy_send_timeout and proxy_read_timeout of 300 to /SOGo 2020-02-19 21:40:45 +01:00
andryyy b5c844d704
[Postfix] IMPORTANT: Disabling TLS 1.0 and 1.1 for submission and smtps 2020-02-12 10:36:54 +01:00
andryyy 77d922c05a
[Dovecot] IMPORTANT: Disabling TLS 1.0 and 1.2 - welcome to 2020 2020-02-12 09:12:24 +01:00
andryyy 9d04d0ee4a
[Rspamd] Add X-Last-TLS-Session-Version header 2020-02-09 19:08:28 +01:00
andryyy 82c094c77c
[Postfix] Added custom_postscreen_whitelist.cidr for a custom Postscreen wl, fixes #3313 2020-02-06 08:28:05 +01:00
andryyy 8a3fc802c5 Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2020-02-06 07:04:31 +01:00
andryyy a71f8ed5af
[PHP-FPM] Do not use Redis for session handling 2020-02-05 11:04:34 +01:00
andryyy ad55dd8f05
[Rspamd] Use redis master for RL operations in pipe_rl 2020-02-05 11:02:31 +01:00
andryyy 23cf8995df
[Dovecot] Set replicator options by default - unused, no support or docs as of today 2020-02-05 11:01:50 +01:00
Michael Kuron 3cdbe7b73c
Reduce Rspamd DNSBL false positives (#3311)
* rspamd: ignore Spamhaus XBL for Received headers

* rspamd: ignore SORBS RBL for forwarding hosts

* rspamd: ignore RBLs for forwarding hosts
2020-02-04 12:35:52 +01:00
André Peters 60fb5498ff
Update mime_types.conf 2020-02-04 12:06:20 +01:00
André Peters 96a507c927
Update mime_types.conf 2020-02-04 12:05:24 +01:00
andryyy d83013667b
[Rspamd] Do not normalise domains to eSLD for ARC 2020-01-19 13:17:23 +01:00
andryyy 081602def9
[Postfix] Client rcpt rate limit set to 50 2020-01-18 16:32:41 +01:00
andryyy 57af5103c7
[Rspamd] Ratelimit for bounces reduced, max_rcpt for ratelimit increased 2020-01-18 16:32:27 +01:00
Michael Kuron 4c2e13009b rspamd: More comprehensive attachment handling (#3273)
- block all Office documents with macros
- don’t just block all doc files
- mark some more Windows executable extensions as bad
2020-01-17 22:19:12 +01:00
andryyy 4e46d44e79
[Rspamd] Allow empty envfrom for system mails, add only Dovecot to sign_networks and sign by header when sign_networks fires.
ARC remains active for forwards. Result: fully signed and trusted forwards and signed rejects in sieve.
2020-01-12 12:21:21 +01:00
andryyy 791e0831ad
[Rspamd] Fix DKIM, fixes #3262 2020-01-12 11:39:53 +01:00
andryyy 5f73629493
[Rspamd] Set rspamd as trusted host, rspamd is not spoofing 2020-01-10 20:39:52 +01:00
andryyy 03cbed5002
[Rspamd] allow_hdrfrom_mismatch true, auth_only false (sieve) 2020-01-10 20:39:11 +01:00
andryyy 203dd12497
[Rspamd] Fix groups 2020-01-06 18:47:51 +01:00
andryyy 6d5677eb32
[Rspamd] Decrease weight of missed charset 2020-01-05 11:34:03 +01:00
andryyy b098696b89
[Rspamd] Fix groups.conf syntax 2020-01-05 11:24:13 +01:00
andryyy ad1f243667
[Postfix] Set CA path for smtpd
[Rspamd] Split deprecated metrics.conf to actions.conf and groups.conf
2020-01-05 11:21:04 +01:00
andryyy 9157993953
[Dovecot] Enable editheaders plugin in sieve for all users 2019-12-31 14:24:33 +01:00
andryyy 58a00cf7ea
[Web, Rspamd] Add bad language map, add map to mailcow UI 2019-12-22 18:57:28 +01:00
andryyy 5a0df09361
[Rspamd] Rate .doc with +10, decrease default bayes ham score 2019-12-20 15:44:58 +01:00
andryyy 57003a8215 [Postfix] Update Postscreen whitelist 2019-12-15 22:04:45 +01:00
andryyy 8c3ab0371a
[ClamAV] Copy productive whitelist.ign to exposed configuration folder, remove direct mount of whitelist file 2019-12-14 15:12:37 +01:00
andryyy 25c2bcc8b3
[ClamAV] Force add default whitelist.ign2 2019-12-14 15:04:09 +01:00
andryyy 6564944f7a
[Postfix] Add bl.suomispam.net 2019-12-06 16:15:04 +01:00
andryyy 309f90a9b3
[Dovecot] Change LUA path 2019-12-06 10:20:47 +01:00
andryyy 7e2aa42578
[IMPORTANT] If you run Ubuntu 16.04, upgrade your kernel to linux-generic-hwe-16.04
[ClamAV] Remove deprecated parameter
2019-12-05 14:29:04 +01:00
andryyy afb43c9c5b
[Dovecot] Fix app passwds: allow multiple pass hashes by using LUA construct 2019-12-03 18:50:45 +01:00
andryyy 653c058e33
[Web] Feature: Allow app passwords for imap/smtp, allow to set acl permission for app passwords (domain admin [when logged in as user] and user) 2019-12-02 11:02:19 +01:00
andryyy 0e6dfdd0fe
[Nginx] Catch case-insensitive /sogo$ request and redirect to /SOGo 2019-12-02 10:55:17 +01:00
andryyy 7b4ed3bf64
[Rspamd] Lower map watch interval 2019-12-02 10:54:22 +01:00
andryyy 9257fa90d4
[Nginx] Fix 301 to SOGo 2019-11-28 19:14:23 +01:00
andryyy ce15dda990
[Nginx] Redirect /S|sogo* to /SOGo 2019-11-28 15:08:11 +01:00
andryyy 8badb146e9
[Unbound] Disable ipsecmod 2019-11-26 21:08:47 +01:00
andryyy d57e2b58c1
[Rspamd] Reduce ptr fail score 2019-11-24 16:09:59 +01:00
andryyy 19d0eedeba
[Rspamd] Add FORGED_W_BAD_POLICY 2019-11-24 16:08:58 +01:00
andryyy eeda59e048
[Postfix] Add more service labels, thanks to @christianbur 2019-11-24 15:35:56 +01:00
andryyy 5d7e365592
[Postfix] Remove test var 2019-11-24 15:23:16 +01:00
andryyy 4a36eb014c
[Postfix] TLS protocols for submission and smtps can be overriden using extra.cf (submission_smtpd_tls_mandatory_protocols and smtps_smtpd_tls_mandatory_protocols), thanks to @christianbur
[Postfix] Show overriding warnings when starting Postfix, but hide them in syslog output
2019-11-24 14:18:27 +01:00
andryyy 79bcbe5a51
[MySQL] Some tweaks to lower RAM consumption, thanks to @Thomas2500 2019-11-21 19:41:50 +01:00
andryyy e0535bedbb
[Rspamd] Set new last modified when changing Rspamd settings 2019-11-18 16:42:56 +01:00
andryyy 7a87c492ed
[Rspamd] Fix bad ASN map format 2019-11-18 13:26:16 +01:00
andryyy d67e4e83c9
[Rspamd] Increase score for BAD_REP_POLICIES 2019-11-15 23:51:48 +01:00
andryyy e439d52ff2
[SOGo] Minor config changes 2019-11-15 17:39:32 +01:00
andryyy 56ddc4bd26
[Rspamd] Add new default reject message
[Rspamd] Add Sorbs
2019-11-15 07:58:04 +01:00
andryyy 64f8ed2fbc
[Rspamd] Increase invalid PTR score 2019-11-14 10:17:58 +01:00
andryyy 2e972fb03b
[Rspamd, Postfix] Move PTR check to Postfix 2019-11-14 10:17:14 +01:00
andryyy 99326f81de
[Rspamd, Postfix] Move PTR check to Postfix 2019-11-14 10:16:51 +01:00
andryyy c4656e00fd
[Postfix] Add hint for custom_transport.pcre 2019-11-12 20:50:21 +01:00
andryyy e1fdbba0f7
[Postfix] Add custom_transport.pcre 2019-11-12 20:44:43 +01:00
andryyy 4ccad6b0c3
[MySQL] key_buffer_size it is 2019-11-11 23:20:01 +01:00
Michael Kuron fbc7b7dce5 rspamd: Don't remove WHITELISTED_FWD_HOST if SOGO_CONTACT present (#3084) 2019-11-11 08:20:46 +01:00
andryyy 1d1a9a27c9
[MariaDB] Adjustments 2019-11-08 08:14:57 +01:00
andryyy 3235edea88
[MariaDB] Adjustments 2019-11-08 08:12:34 +01:00
andryyy 15f3a664cd
[MySQL] Disable query cache 2019-11-06 21:03:00 +01:00
andryyy 04ae2fadef
[MySQL] Reduce memory usage 2019-11-06 20:12:25 +01:00
andryyy bcc28784f7
[Rspamd] CL is not a fishy tld 2019-11-02 12:02:49 +01:00
andryyy 7f8b13434d
[Rspamd, Dovecot] Do not use Schaal rules - probably too much for Rspamd 2.x to handle, mem leak? 2019-10-31 20:43:07 +01:00
andryyy 50020bf1f0
[Rspamd] Remove neural, other gbc options 2019-10-31 19:55:42 +01:00
andryyy 6655ada308
[Rspamd] Remove unwanted options after talking to Vsevo 2019-10-31 19:03:20 +01:00
andryyy 573e62f181
[MySQL] Allow more connections 2019-10-31 06:38:12 +01:00
andryyy 59d966ab0f
[MySQL] Reduce max-connections, disallow performance_schema 2019-10-30 21:08:59 +01:00
andryyy df3d78f03b
[Rspamd] Reset logging 2019-10-30 20:18:21 +01:00
andryyy 27de9dbf92
[Rspamd] Slight changes to improve memory usage
[Web] Dirty hack to touch Rspamd maps a second time
2019-10-30 20:07:58 +01:00
andryyy c0f39e5cac Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2019-10-29 18:36:53 +01:00
andryyy a71f590b1e
[Rspamd] Remove score from neural 2019-10-29 18:36:49 +01:00
andryyy 8683e4bd9a
[Rspamd] Use last-modified headers to not read unmodified settings map every 30 seconds 2019-10-29 14:21:58 +01:00
Michael Kuron c63967f7be
Rspamd: increase redis timeout 2019-10-26 13:00:31 +02:00
andryyy be4099182b
[Rspamd] Do not log watchdog mails 2019-10-21 20:42:43 +02:00
André Peters de8cfbde03
Merge pull request #3072 from tinect/deliverCSSandJSfiles
deliver CSS and JS as external request
2019-10-21 11:18:49 +02:00
andryyy d5ee7de66a
[Rspamd] Disable info logging, re-enable silent logging, only apply MILTER_HEADERS symbol to watchdog Rspamd settings map 2019-10-20 21:48:30 +02:00
tinect cc1bf5d426 deliver CSS and JS as external request 2019-10-20 21:25:58 +02:00
Marcel Hofer f2b552c00d
Fix custom http redirects with TLS-SNI
Disable http listener for SNI ssl hosts in nginx. This allows the use of the following config again:
https://mailcow.github.io/mailcow-dockerized-docs/u_e-80_to_443/

However that documentation page should still be updated: https://github.com/mailcow/mailcow-dockerized-docs/pull/175/commits
2019-10-20 20:24:16 +02:00
Marcel Hofer 05e7c95829 [SSL] fix wildcard compare for non-bash shell 2019-10-20 17:02:54 +02:00
Marcel Hofer dcd50b2245 [SSL] restore old nginx templates. fix possible issues with custom nginx sites 2019-10-20 16:41:53 +02:00
Marcel Hofer 84c5f43438 [SSL] re-add nginx site.conf 2019-10-19 12:49:23 +02:00
Marcel Hofer 2e35da6816 [SSL] create individual domain certificates, add SNI configs for Postfix/Dovecot/Nginx 2019-10-19 12:48:56 +02:00
andryyy a606f60b54
[Nginx] Modify site to catch failed logins to /rspamd 2019-10-12 13:16:49 +02:00
andryyy ee57b5921f
[Rspamd] Various fixes for Rspamd 2.0, neural network activated, autolearning activated (auto-keeps a ratio) 2019-10-12 13:14:34 +02:00
andryyy 0cfa056faa
[Rspamd] Do not quaratine if symbol is GLOBAL_X_BL 2019-10-10 12:38:24 +02:00
andryyy 1580e4b2a5
[Nginx, SOGo] Adjustments for EAS 2019-10-06 10:12:46 +02:00
André Peters a008855991
Merge pull request #2999 from ntimo/task/api-docs
[Nginx] Fix nginx config for API docs
2019-10-04 08:51:26 +02:00
andryyy 8f7693ccdb
[Postfix] Update postscreen_access 2019-10-04 08:43:59 +02:00
André Peters 37f6ddac2e
Merge pull request #2950 from friedPotat0/postwhite
update postscreen whitelist by using postwhite
2019-10-04 08:41:29 +02:00
ntimo 6ab1304579
[Nginx] Make api docs browsable using /api and /api/ uri 2019-10-03 11:27:44 +02:00
ntimo 7c43e2e120
[Nginx] Fix nginx config for API docs 2019-10-03 11:19:17 +02:00
andryyy 0f5c930e48
Fix site 2019-10-03 11:15:53 +02:00
ntimo 5cf74f6b85
[NGINX] Make API docs accessible using /api/ 2019-10-02 22:13:47 +02:00
André Peters 9f66b83a34
Merge pull request #2965 from phenomax/postfix-no-renegotiation
[Postfix] Add NO_RENEGOTIATION to tls_ssl_options
2019-09-28 22:17:32 +02:00
andryyy 9b7668d912
[Nginx] Custom 502 2019-09-24 06:53:13 +02:00
andryyy a231ecaed5
[Rspamd] Fix ARC defaults, thanks to klausenbusk 2019-09-23 10:44:58 +02:00
andryyy 287c577fc4
[Rspamd] Set !ARC_ALLOW to SPF FAIL check 2019-09-23 10:44:26 +02:00
Max Uetrecht bbe396d3c2
[Postfix] Add NO_RENEGOTIATION to tls_ssl_options 2019-09-22 17:38:03 +02:00
andryyy b5d169cf90
[Postfix] Fix anonymize headers... 2019-09-19 06:48:21 +02:00
André Peters 1bbe1a2367
Merge pull request #2940 from ntimo/task/split-bad-words
[RSPAMD] Split bad words into multiple files per language
2019-09-18 18:35:11 +02:00
friedPotat0 ea8c002eff update postscreen whitelist 2019-09-18 15:30:43 +02:00
andryyy b3c2f683cb
[Postfix] Adjustments for RBL 2019-09-18 07:58:54 +02:00
friedPotat0 58cbf2c9c8 update postscreen whitelist by using postwhite 2019-09-17 21:27:17 +02:00
ntimo ba6c5b7197
[Rspamd] Updated bad_word maps 2019-09-17 20:39:08 +02:00
ntimo 3ca014ee79
[Rspamd] Added multimap config for bad_words_de.map 2019-09-16 18:18:56 +02:00
ntimo 005ed2cadc
[Rspamd] Split bad words into multiple files per language 2019-09-15 11:53:04 +02:00
André Peters 83cd62d46f
Merge pull request #2928 from MAGICCC/feature/remove-dnsbl-inps.de
[Postfix] Remove discontinued DNSBL dnsbl.inps.de
2019-09-10 18:07:03 +02:00
André Peters d1e56ab7bc
Update fishy_tlds.map 2019-09-10 16:48:40 +02:00
MAGIC b272ed04a0
[Postfix] Remove DNSBL dnsbl.inps.de due to legal reasons 2019-09-09 21:37:49 +02:00
André Peters 8f4d468209
Merge pull request #2916 from Thomas2500/patch-1
Disable SSL ticket support in dovecot
2019-09-09 07:47:37 +02:00
andryyy 87e99e53d9
[Postfix] Fix anonymize headers 2019-09-08 10:29:06 +02:00
Thomas Bella 3983b3d393
Disable SSL ticket support in dovecot
Because tickets are normally only generated on service start, we should disable it to provide better PFS.
2019-09-06 12:39:33 +02:00
andryyy 8608ded0ed
[Postfix] Replace Postcow header, remove authed user 2019-09-06 08:02:52 +02:00
André Peters f87beded34
Update fishy_tlds.map 2019-09-05 14:32:04 +02:00
andryyy 0d5df21ffc
[Postfix] Route watchdog@localhost to local7 discard 2019-09-04 23:07:35 +02:00
andryyy 8d0b2678fe
[Rspamd] Remove some TLDs from fishy map 2019-09-04 08:14:35 +02:00
andryyy 1495bda2e1
[Postfix] Add info about extra.cf 2019-09-02 18:39:08 +02:00
andryyy 1bdf861177 [Postfix] Add comments to config files, cleanup a bit 2019-09-02 09:31:30 +02:00