Commit Graph

257 Commits (838ab6cb6d4d998be8001932ebee656cb956e0c4)

Author SHA1 Message Date
andryyy 719aa1a391 [Postfix] Fix protocols 2017-09-18 10:59:45 +02:00
andryyy 67056dc3d1 [Postfix] Less strict smtpd_tls_mandatory_protocols 2017-09-18 08:24:24 +02:00
Michael Kuron e4f13568d1 Rspamd user settings: fix matching From header 2017-09-16 18:46:28 +02:00
andryyy 089e8776f5 [Postfix] Stricter TLS settings for mandatory connections 2017-09-14 13:34:23 +02:00
andryyy f0df390d12 [Nginx] Stricter TLS settings 2017-09-14 13:34:07 +02:00
andryyy 00e465a9a1 [Dovecot] Allow INBOX to be shared, sigh... fixes #594 2017-09-14 13:32:11 +02:00
andryyy 92e6c9daae [Nginx] Fix SSL temp. 2017-09-11 17:37:25 +02:00
JOduMonT b2b9731020 a little bit of security
Hide the version of NGINX, block XSS and more...

inspired by : https://gist.github.com/plentz/6737338
2017-09-09 23:10:36 +07:00
André Peters 78c363b7a5 Merge pull request #565 from mkuron/softreject
Forwarding hosts: treat soft reject like greylist
2017-09-09 10:43:41 +02:00
Michael Kuron 3d9c161be1 Forwarding hosts: treat soft reject like greylist 2017-09-09 10:30:26 +02:00
andryyy cfd9316d74 Merge branch 'dev' of https://github.com/mailcow/mailcow-dockerized into dev 2017-08-30 21:43:45 +02:00
andryyy b1213c51d7 [Rspamd] Dynamic ratelimit fixed, removed async redis request; Ready to implement per-user ratelimits via UI (tbd) 2017-08-30 21:42:39 +02:00
André Peters 29acfe85db Merge pull request #536 from mkuron/patch-1
Rspamd user blacklist/whitelist improvements
2017-08-28 22:55:12 +02:00
Michael Kuron 8383ba5e9c Rspamd user settings: fix From header match
The request_header regex appears to not be expected to be encapsulated in slashes and does not seem to accept flags.
2017-08-28 20:27:53 +02:00
Michael Kuron fcd8cfa4f4 Rspamd user settings: don't print all email addresses of a domain
The ucl_rcpts function can already deal with domains, so lets use this capability.
2017-08-27 14:19:29 +02:00
Michael Kuron 93a092e627 Rspamd user settings: also match From header 2017-08-27 14:19:28 +02:00
Michael Kuron e178ca36de Rspamd user settings: make regexes case-insensitive
This is necessary because the user web UI normalizes to lowercase
2017-08-27 14:19:28 +02:00
andryyy e47feeffd6 [Rspamd] Add custom directory for own files 2017-08-18 22:17:01 +02:00
andryyy e5faee9037 [Nginx] Disable client_max_body_size 2017-08-09 10:17:32 +02:00
andryyy d85352fa9a [Dovecot] Use listescape 2017-07-31 12:41:18 +02:00
andryyy aabcf65c69 [Nginx] Set server_names_hash_bucket_size 64 2017-07-30 21:39:35 +02:00
andryyy 9be3aa3334 [Rspamd] Disable monitored 2017-07-27 09:03:44 +02:00
andryyy 83d485dd94 [Web, Postfix, Compose] Allow to add relayhosts per domain (+ plain and login authentication) 2017-07-22 20:39:54 +02:00
andryyy ed33cb5f57 [Rspamd] ARC: Disallow login/domain mismatch 2017-07-21 11:03:35 +02:00
andryyy 256c9d86dd [Rspamd] Initial custom ratelimit support 2017-07-13 12:55:14 +02:00
andryyy a31819fd6c [SOGo] Log to a pipe to not keep logs in a container 2017-07-11 17:08:06 +02:00
andryyy 08b99c8d74 [Dovecot] Add doveadm service 2017-07-10 21:30:45 +02:00
andryyy c5d90b821a [Dovecot] Add extra.conf include to override Dovecot configuration changes 2017-07-10 09:19:12 +02:00
andryyy 56a652fbf3 [Rspamd] Set error_reporting to 0 2017-07-02 11:25:14 +02:00
andryyy afc8c93c07 [Rspamd] Cleanup settings map 2017-07-01 23:14:27 +02:00
andryyy 6cd44b4136 Remove old code 2017-06-26 23:17:46 +02:00
andryyy cbb4f51a9d Fix Junk-E-Mail folder name 2017-06-25 11:32:21 +02:00
andryyy 3be99d7f89 Set IPv6 network as secure_ip range in Rspamd 2017-06-24 22:07:26 +02:00
andryyy 578011c78c Move milter config, increase timeout for DNS 2017-06-21 10:18:52 +02:00
andryyy 036c51f053 Prefere ipv4 to fix problems on v4-only envs 2017-06-19 10:39:14 +02:00
andryyy 2a845a0d21 Less verbose 2017-06-18 20:57:54 +02:00
andryyy 9117c499ef Do not break DNS replies.... 2017-06-18 20:57:26 +02:00
andryyy 6fa19a37d8 Unbound changes 2017-06-18 20:23:26 +02:00
andryyy ba3fc47d5f Fix autodiscover, thanks to K2rool! 2017-06-15 23:03:10 +02:00
James Smith bcdbbf0102 Make autodiscover case insensitive 2017-06-14 23:42:42 +01:00
andryyy 83cb686e33 Fix fix for Apple dav.... 2017-06-14 23:17:31 +02:00
andryyy 495bf05fb8 Fix for Apple autoconfiguration (dav) 2017-06-14 23:14:41 +02:00
andryyy e99fa9433e Fix dav url detection for apple 2017-06-14 23:10:50 +02:00
andryyy 44197c410e Do not add milter headers for authenticated users 2017-06-13 07:41:00 +02:00
André Peters 329ac40d95 Merge pull request #332 from mkuron/symlink
Replace symlink to PHP script
2017-06-08 20:57:51 +02:00
andryyy 663ea7815c Use new milter interface 2017-06-06 22:01:41 +02:00
andryyy a41cafac3e Switch to Rspamds milter interface 2017-06-06 22:00:34 +02:00
andryyy c9318ecf83 Switch to Rspamds milter interface 2017-06-06 21:59:44 +02:00
andryyy e15795e112 Enable http2 2017-06-06 21:59:27 +02:00
Michael Kuron 062abb0ca7 Replace symlink to PHP script 2017-06-04 13:31:35 +02:00
andryyy 55071805f3 Execute after rmilter_headers (prio 10) 2017-05-29 21:53:47 +02:00
andryyy d33399b3cb Fix mismatch in env and from mime header when signing mail 2017-05-29 21:49:01 +02:00
andryyy e159eb7522 Fix listener 2017-05-29 21:48:41 +02:00
Michael Kuron eb9217a8b8 SOGo UI: per-user authentication failure rate-limiting 2017-05-28 16:02:34 +02:00
André Peters fb6893f664 Add IPv6 2017-05-28 11:14:43 +02:00
andryyy 813207c694 Listen on internal IPv6 2017-05-25 10:59:57 +02:00
andryyy fd92283fb8 Add missing ; 2017-05-24 10:03:06 +02:00
andryyy 258a8ee6e9 Add IPv6 listener to Nginx, fixes IO error in Rspamd logs 2017-05-23 22:24:30 +02:00
andryyy 466b8137e5 Add log_helper to Rspamd, add IPv6 for http maps in Nginx, make Bind listen on v6 and add acl for internal network 2017-05-23 22:23:34 +02:00
andryyy 21714bd054 Remove obsolete map 2017-05-23 21:50:33 +02:00
andryyy f3a1d81347 Rate extensions 2017-05-23 21:50:05 +02:00
andryyy e99db685e5 Change map watch interval, remove Mraptor 2017-05-20 14:28:05 +02:00
andryyy 9965ff10a7 Fix mynetworks: Add mailcow ipv6 network 2017-05-17 22:38:59 +02:00
andryyy 63324b0de8 Fix mynetworks: Add mailcow ipv6 network 2017-05-17 22:38:11 +02:00
Michael Kuron 759f21ac6b Consistent symbol names for forwarding hosts
multimap.conf and force_actions weren't using the same name
2017-05-09 07:29:43 +02:00
andryyy d64ed65575 Add multimap and forced actions for forwarded_hosts, removed from settings 2017-05-08 23:09:21 +02:00
André Peters 5861bec0c3 Merge pull request #256 from mkuron/forwardinghosts
Optionally enable spam filter for forwarding hosts
2017-05-08 19:00:42 +02:00
andryyy cdf7c87e20 Deleted two http maps, replaced by redis multimaps, much better tag system 2017-05-08 15:39:33 +02:00
Michael Kuron 7efc720d47 Merge remote-tracking branch 'origin/dev' into forwardinghosts 2017-05-08 07:39:30 +02:00
andryyy aa98d86feb Sieve rule for tags changed 2017-05-08 00:27:16 +02:00
Michael Kuron ae6d7d63fc Optionally enable spam filter for forwarding hosts 2017-05-07 08:50:28 +02:00
andryyy fa3a47fde5 Log to syslog 2017-05-06 23:42:07 +02:00
andryyy ecda4fb1d1 Change whitelist for forwarding hosts 2017-05-06 23:41:58 +02:00
andryyy b3a161f930 Keep format 2017-05-06 08:09:40 +02:00
andryyy 1501df6e42 Use Redis for DKIM keys, define any selector, auto-merge old keys to Redis and fallback to files 2017-05-05 10:35:27 +02:00
andryyy e3f9839410 Do not use sld for DKIM signing 2017-05-04 19:12:21 +02:00
andryyy edc41b48d1 Add map for scheme... 2017-05-03 22:26:10 +02:00
andryyy 2f0129539b Hopefully fix all Nginx reverse proxy issues, see documentation updates! 2017-05-03 18:05:13 +02:00
andryyy 8f213e8df9 Changes to api path 2017-04-29 16:36:41 +02:00
andryyy a03b36e0c3 Add object to Nginx api configuration 2017-04-26 23:37:55 +02:00
andryyy fd84b2ffa9 Change DKIM to new method, add clamav forced action when virus is found" 2017-04-25 20:32:36 +02:00
andryyy e4310cafb3 Revert RP changes 2017-04-25 10:49:38 +02:00
Michael Kuron f3fad4e7a2 Remove rspamd size limit
This ensures that the spam and antivirus filters cannot be evaded by making the message large enough.
Rspamd does not need a size limit on its own (e.g. for DoS protection) as Postfix already has a size limit (message_size_limit).
2017-04-24 19:49:41 +02:00
André Peters 0f3202109d Merge pull request #212 from mkuron/reverseproxy
Fix CalDAV/CardDAV URLs displayed in SOGo web interface when used behind reverse proxy
2017-04-24 10:09:32 +02:00
andryyy 755da65426 Change path 2017-04-23 19:38:27 +02:00
andryyy 55f6384f2a Change to hostname, connection is not important for container start 2017-04-23 17:43:29 +02:00
Michael Kuron affa52edcf Forwarding hosts: don’t add configuration if none are defined 2017-04-22 18:34:49 +02:00
Michael Kuron 08612f0aef Merge remote-tracking branch 'origin/dev' into forwardinghosts 2017-04-22 18:13:58 +02:00
Michael Kuron 894d6234e9 Improvements to forwarding hosts in Postfix
- No more premature EOF and no more leaking of bash processes
- Log result
- Correctly treat non-CIDR entries
- Adapt to schema change from df71e97
- Correctly report SQL failure
2017-04-22 14:28:51 +02:00
andryyy 8adcc4fcd3 Force add mailcow_black/white 2017-04-21 10:19:45 +02:00
andryyy be28877f68 Remove permanent moo symbol 2017-04-21 10:19:24 +02:00
andryyy 95cbfe3661 Move mail to spam when DKIM fails, ignore when white/blacklist and honor other actions 2017-04-21 10:19:07 +02:00
andryyy babad4f137 Anti-Virus local configuration for Rspamd, container not enabled by default 2017-04-20 21:14:20 +02:00
Michael Kuron d350c009b9 Fix login redirect behind reverse proxy 2017-04-20 19:53:56 +02:00
Michael Kuron 06e64c585c Fix CalDAV/CardDAV URLs displayed in SOGo web interface when used behind a reverse proxy 2017-04-18 20:24:43 +02:00
Michael Kuron a75d916b74 Forwarding hosts in postscreen 2017-04-17 15:51:50 +02:00
Michael Kuron 8822eb57c8 Forwarding hosts in rspamd 2017-04-17 15:51:50 +02:00
andryyy d0d87ead49 Zeyple is not enabled by default 2017-04-10 13:16:40 +02:00
andryyy 06100c30ca mail_crypt is not enabled by default 2017-04-10 13:15:48 +02:00
andryyy c460636a70 mail_crypt is not enabled by default 2017-04-10 13:09:33 +02:00