Commit Graph

445 Commits (aab692301e943d1ecc3587dfe99d3d9a66f47bf2)

Author SHA1 Message Date
André 93e0206db4 [Update] Remove mailcow_anonymize_headers.pcre checks
[Postfix] Rename mailcow_anonymize_headers.pcre > anonymize_headers.pcre to prevent collisions
2018-10-23 22:57:38 +02:00
André 66d8f33aac [Postfix] Move "should not"-sign headers out of Postcow check to always remove them, fixes #1911 2018-10-23 21:55:55 +02:00
André Peters 68f2a1c5fc
[Rspamd] Properly close additional Rspamd maps 2018-10-19 11:12:58 +02:00
André 73b48fc13e [Rspamd] Remove deprecated attachments_only in AV module
[Rspamd] Remove old symbol score
2018-10-16 22:59:25 +02:00
André 51dd88abeb [Unbound] Reduce negative max ttl to 60s and min-ttl for all other keys to 5 2018-10-16 20:14:14 +02:00
André 8958449e76 [Postfix] Remove headers only when mail_name matches 2018-10-16 20:11:21 +02:00
André d99b8aaf69 [Postfix] Change mail_name to Postcow and only replace headers when mail_name matches 2018-10-16 10:26:41 +02:00
Tobias "Knight" S 41c8a8bb46
disabling more functions inside php-fpm 2018-10-15 22:52:30 +02:00
André Peters 83a5eda762
Merge pull request #1434 from apoc4lyps/master
hardening http headers
2018-10-15 22:48:50 +02:00
André abd0a1b337 [PHP-FPM] Disable some functions by default 2018-10-15 20:52:39 +02:00
André a844adde0f [Postfix] Add mailcow_anonymize_headers to default config 2018-10-15 20:52:06 +02:00
André c80fe40669 [Unbound] Do not allow from all (dangerous for setups with incorrect netfilter setups) 2018-10-12 11:35:45 +02:00
André 1fce562434 [Dovecot] Set imap_max_line_length = 2 M 2018-10-12 10:56:40 +02:00
André 3db6af5c90 [Unbound] Trust all addresses - do not expose Unbound! 2018-10-12 10:56:17 +02:00
André 32f7ae1d2e [Rspamd] Prefix quarantine error_log messages with "QUARANTINE"
[Rspamd] Fix quarantine max size check (it was ignored)
2018-10-11 11:55:52 +02:00
André c0b590fff6 [PHP-FPM] Move max_execution_time and max_input_time to general PHP config, removed as fixed php_admin_value 2018-10-11 11:54:38 +02:00
André c08149adef [SOGo] EAS changes, larger timeout 2018-10-05 11:12:55 +02:00
André f6b2a6aab2 [Postfix] Enable/create smtp_tls_policy_maps 2018-10-04 14:34:34 +02:00
André 2f18eb5ad0 [Nginx] Avoid php extensions, use rewrite 2018-10-04 14:34:00 +02:00
André b2067cb521 [SOGo] SOGoMaximumSyncWindowSize = 99 2018-10-04 14:33:32 +02:00
André b8ebdc3c58 [Postfix] Increase default message size limit to 100 MiB 2018-10-01 22:06:20 +02:00
André a054182246 [Rspamd] Add desc to high spam networks 2018-09-30 18:56:35 +02:00
André cdca603ff5 [Unbound] Fix logging, fixes #585
[Rspamd] Fix permissions of controller password file
[Unbound] Enable unbound-control
2018-09-30 14:43:18 +02:00
André b008211f52 [Rspamd] Controller password placeholder 2018-09-30 09:55:50 +02:00
André 8439daea7e [Rspamd] Revert adding worker-controller-password... 2018-09-30 09:54:19 +02:00
André 4396be2938 [Rspamd] Place socket in _rspamd home and fix permissions
[Compose] Remove volume for Rspamd socket
[Web] Do not exit loop on fuzzy errors when learning a message as spam
2018-09-30 09:53:25 +02:00
André 73b10350d0 [Rspamd] Ignore sa-rules-heinlein file, remove from index 2018-09-29 22:03:48 +02:00
André 0fb43f4916 [Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
André c7cef3241f [Rspamd] Controller worker count == 1, fixes #1716 2018-09-12 20:32:59 +02:00
André 1b5409f3fa [Rspamd] Check if ip is valid (KEEP_SPAM symbol), fixes #1759 2018-09-12 15:50:42 +02:00
André 1499094b61 [PHP-FPM] Increase PHP memory limit for "web" to 512M
[Helper] Nextcloud 14
[Rspamd] Fix KEEP_SPAM lua script: skip check if ip is false
2018-09-11 19:35:21 +02:00
André ea4a26eabf [Nginx] Use SOGo web resources from local mount 2018-09-09 09:51:37 +02:00
André afc18fd469 [Rspamd] Update bad asn, move KEEP_SPAM to a custom lua function 2018-09-09 09:47:47 +02:00
André e5b830adea [Dovecot] Fix shared namespace 2018-08-31 23:33:55 +02:00
André 6cee038a63 [Dovecot] IMPORTANT: Disables 'any' and 'all authenticated' ACL settings! See wiki how to revert this, if you need it. 2018-08-17 21:44:17 +02:00
André d5e81b987b [Dovecot] Set from address for sieve generated addresses, fixes #1662 2018-08-13 08:31:09 +02:00
André 02e567f76b [Dovecot] Set CONTROL path for shared namespace and remove index 2018-08-08 23:59:38 +02:00
apoc4lyps cf56be1843
set Referrer-Policy to strict-origin 2018-08-06 09:24:34 +02:00
André d83537cda0 [ClamAV] Add whitelist template for ClamAV 2018-08-05 22:38:06 +02:00
André 66d1bc12c0 [Nginx] Set client_max_body_size = 0 2018-08-05 22:37:07 +02:00
André b007975a04 [Rspamd] Rename -disable_monitored > disable_monitoring 2018-08-03 11:56:39 +02:00
André 59c4cc054e [Rspamd] Deactivate neural but use a more aggressive learning method (no autolearn) 2018-07-29 23:03:49 +02:00
André d8f86ae488 [Rspamd] Add local fuzzy worker 2018-07-29 00:34:36 +02:00
André f1b096b36e [Dovecot] Increase process_limit to 500, thanks to @mritzmann 2018-07-25 21:04:24 +02:00
André e2ed2eab53 [Rspamd] Remove per_user settings as they were pretty much useless, some minor changes to bayes" 2018-07-25 01:06:12 +02:00
André 7de2607594 [Dovecot] Enable vacation-seconds with a default min period of 5s and a default period of 60s 2018-07-23 19:59:23 +02:00
André a83adc4d31 [Rspamd] Remove unused user_keywords and dynamic_rates from ratelimit module 2018-07-15 12:02:37 +02:00
André 882ee5fee6 [Rspamd] Re-use fixed new ratelimit 2018-07-15 12:01:28 +02:00
André 353af8e3a4 [Rspamd] Set start and end to rcpt matching regex 2018-07-12 23:18:49 +02:00
André 587f37a300 [Dovecot] Remove additional hash scheme and let Dovecot decide the hash by prefix 2018-07-12 00:46:31 +02:00
André 2aef18d130 [Dovecot] Remove user queries from passdb + add a second passdb for additional algorithms + create userdb without password queries 2018-07-12 00:23:12 +02:00
André 1b47ae55f1 [SOGo] Set SOGoPasswordChangeEnabled = YES - allow user to change password in SOGo 2018-07-11 22:11:09 +02:00
André fa0b351da6 [Postfix] smtpd_tls_eecdh_grade = auto 2018-07-11 22:10:32 +02:00
André 37fbce855e [Rspamd] Remove autolearn from Rspamd 2018-07-03 23:24:11 +02:00
André d6a74e82e3 [ACME] Fix for CNAME response on AAAA dig request 2018-06-28 20:41:44 +02:00
André 9dc250c9f2 [Rspamd] Important fix for settings map 2018-06-28 11:48:23 +02:00
André Peters bca8920679
Revert "[Postfix] Default SMTP server security grade for EECDH key exchange" 2018-06-27 23:28:54 +02:00
elcore c386dfc11d
[Postfix] Default SMTP server security grade for EECDH key exchange 2018-06-27 03:39:54 +02:00
André 5905a3919c [Dovecot] Minor changes to ciphers, still disallow insecure ciphers 2018-06-26 07:50:17 +02:00
André a5d40a4ab6 [Postfix] Re-enable TLS 1, 1.1 and some ciphers - real-world tests have shown this setup uses TOO MANY plain text sessions due to compatibility issues 2018-06-25 22:31:23 +02:00
André b8973648ff [Rspamd] Disable default authenticated user ratelimit 2018-06-24 11:40:31 +02:00
André 8bb24a9866 [Rspamd] Load additional settings defined in web ui 2018-06-23 23:48:06 +02:00
André aa6a136c1f [Dockerapi, Dovecot] Fix missing active user filter 2018-06-20 07:25:10 +02:00
André e79429beef [PHP-FPM, Nginx] Move some PHP parameters from Nginx to FPM configuration file 2018-06-10 14:31:24 +02:00
André 27d3388579 [Rspamd] Remove antivirus debugging 2018-06-10 14:30:30 +02:00
André f15f30d53e [Dovecot] Re-enable lz4 until 2.3.2 to verify replication fix 2018-06-08 09:09:31 +02:00
André 0a44ea1a4c [Dovecot] Lz4 compression sometimes leads to strange EOF errors when replicating
[Web] Cleanup JSON API
2018-06-05 00:31:27 +02:00
André 777e469958 [ClamAV] Remove deprecated AllowSupplementaryGroups 2018-05-30 20:28:23 +02:00
André 1b35376252 [Rspamd] Remove score for CTYPE_MIXED_BOGUS and ARC_REJECT, increase DNS timeout 2018-05-30 18:40:43 +02:00
apoc4lyps 918343865e
hardening http headers 2018-05-28 12:28:23 +02:00
Michael Kuron ea84004410
[rspamd] fix redis multimaps in version 1.7.5
The key's value was being used as symbol name instead of the symbol name defined in the config file
2018-05-25 18:58:37 +02:00
André 1f7a5d586c [Rspamd] Remove IP, fixes #1400 2018-05-19 00:14:30 +02:00
André 8ff4eb8076 [Rspamd] Slight changes to neural plugin 2018-05-18 21:39:25 +02:00
André 7a5d3af80b [Rspamd] Slight changes to neural 2018-05-17 11:15:46 +02:00
André 5e2d19ac62 [Rspamd] Add neural module and define its scores 2018-05-16 21:26:05 +02:00
André d167ade957 [Rspamd] Remove explict redis servers from statistic, add a name 2018-05-16 21:25:55 +02:00
André a8d9b4359e [Dovecot] Set vszlimits for some services to prevent oom situations, fixes #1203 2018-05-12 08:52:03 +02:00
André 7f72e44dac [Rspamd] Move symbols to corresponding groups 2018-05-11 10:40:26 +02:00
André 527e790620 [Web] Store session data in Redis 2018-05-08 12:55:19 +02:00
André 4c31adaa82 [Rspamd] Ratelimit: fix attempt to index a nil value when no authenticated user is found in a message 2018-05-01 22:44:03 +02:00
André 30cea1da9a [SOGo] Increase workers count to 20
[Postfix] Add extended TLS header
[Web] Increase timeout to 10 for docker API connections
[Postfix] Add perl package
2018-04-26 14:08:45 +02:00
André ef6644df34 [PHP-FPM] Delete old pool files
[Nginx] Remove dev code
2018-04-26 13:57:23 +02:00
André 7181ee4658 [Rspamd] Apply ratelimit against authenticated user instead of envelope from
[PHP-FPM] Create PHP-FPM listeners 9001 (system) and 9002 (web), drop 9000
[Rspamd] Parse quarantine messages as utf8
[Rspamd] Use new schema for Rspamd bayes hashes and expire them in Redis
[SOGo] Change default logo
[SOGo] Use different keyserver by default in Dockerfile
[Rspamd] Add bad ASN list (disabled by default)
[Watchdog] Change the way we check PHP-FPM, change SOGo check
[Nginx] Change ports according to new PHP-FPM listeners
[Update] Fix PHP-FPM ports for existing non-mailcow Nginx sites
2018-04-26 13:56:07 +02:00
André f53006f6ab [Dovecot] Dovecot 2.3.1, Pigeonhole 0.5.1
[ClamAV] 0.100.0, new log method without pipes
[Compose] New images for Dovecot and ClamAV, add persistent tty to clamd-mailcow
2018-04-26 12:36:13 +02:00
Michael Kuron ea3502f2a1
rspamd: Fix NO_LOG_STAT for everycloud monitoring 2018-04-02 19:26:15 +02:00
André Peters 8a7664f7d5 [Nginx] Add larger map bucket size, fixes 1112 2018-03-01 07:28:06 +01:00
André Peters b255ecd62b [Dovecot] Add, but disable auth_debug 2018-02-27 20:54:46 +01:00
André Peters 6b066c2891
Merge pull request #1090 from extremeshok/patch-5
Enable maildir compression
2018-02-26 18:54:04 +01:00
André Peters 410cbf55b6
Update dovecot.conf 2018-02-26 18:53:56 +01:00
André Peters bbbe52f560 [SOGo] Add blue (default) and red theme 2018-02-22 09:20:46 +01:00
André Peters f3896195d4
Update worker-controller-password.inc 2018-02-22 09:19:01 +01:00
André Peters eb4dd632ae [Web] Fix autodiscover triggering fail2ban implementation, fixes #1069 2018-02-22 09:16:16 +01:00
André Peters da48bd721f
Merge pull request #1056 from klausenbusk/nginx-deduplicate
[Nginx] Reduce config duplication
2018-02-19 13:12:46 +01:00
André Peters ff3328ea8c [SOGo] Use indigo theme, copy logo and theme.js to image 2018-02-19 12:56:45 +01:00
Kristian Klausen 63002cbb74 [Nginx] Reduce config duplication
It does not make sense having a seperate server block for both http
and https.
According to the nginx doc [1], using the same server block for both
should work.

[1] http://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server
2018-02-15 21:23:07 +01:00
eXtremeSHOK 1e40472017
Enable maildir compression
Currently the plugin is loaded, but actual compression is not enabled.

https://wiki.dovecot.org/Plugins/Zlib
2018-02-14 14:38:06 +02:00
André Peters 0bfd0838c2 [SOGo] Increase workers again 2018-02-14 11:26:55 +01:00
André Peters e186e350ef [Nginx] Fixes #1033 2018-02-14 09:09:17 +01:00
André Peters 993c998716
Merge pull request #995 from Alireza2n/master
SOGO & Rspamd interface: adding "expire" header to static files, allowing browser to be able to cache them
2018-02-14 07:50:22 +01:00
André Peters 943598f705 [Nginx] Fix EAS... 2018-02-13 09:12:54 +01:00