Compare commits

..

54 Commits

Author SHA1 Message Date
Niklas Meyer 89fdd1986d
Jan(moo)uary Update 2022 - Revision A (2022-01a) (#4445)
* [API] Fix minor issue in api docs

* [GH-Actions][stale] Add neverstale label to exempt list

* [Web] add github version tag

* [Web] add github version tag error handling

* Passwordless SOGo auth: support for calendar invitations and calendar/contacts subscriptions

Inviting someone to a calendar event triggers a request to /SOGo/so/otheruser@example.com/freebusy.ifb/ajaxRead. Subscribing to someone's calendar/contacts triggers a request to /SOGo/so/otheruser@example.com/foldersSearch. The email address in the URL is different from the logged-in user, which needs to be handled appropriately by sogo-auth.php.

* [Web] add github version tag - adjust css

* [Compose] Update SOGo Autoreply Schedule to 5m

Based on the advice of inverse (SOGo developer). Thanks to https://github.com/jmber

Closes: https://github.com/mailcow/mailcow-dockerized/issues/4436

* [Web] add github version tag - move twig globals

* [Web] add github version tag - missing </div>

* Passwordless SOGo auth: improvements for when accessing other users

* [WebAuthn] fido2 passwordless auth - fix (#4440)

* [WebAuthn] fido2 revert

* [WebAuthn] set UV flags to 'discouraged'

* [WebAuthn] revert - set UV flags to 'discouraged'

Co-authored-by: ntimo <git@nowitzki.me>
Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: FreddleSpl0it <patschul@posteo.de>
Co-authored-by: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Co-authored-by: Michael Kuron <mkuron@users.noreply.github.com>
2022-02-01 15:26:48 +01:00
Peter 5a1ef72b82
[GH-Actions][stale] Add neverstale label to exempt list 2022-01-22 17:39:08 +01:00
Niklas Meyer c0f2922eb0
[Readme] Added Twitter links
Merge pull request #4432 from DerLinkman/staging
2022-01-21 20:59:56 +01:00
Niklas Meyer a624e32873
[Readme] Added Twitter links 2022-01-21 20:58:36 +01:00
Niklas Meyer 2f9da5ae93
🐄 Jan(moo)uary Update 2022 - The U2F --> WebAuthn (2FA) Update
Images which get a new tag (on docker hub):

unbound-mailcow (Tag 1.15)
acme-mailcow (Tag 1.81)
dockerapi-mailcow (Tag 1.41)
netfilter-mailcow (Tag 1.46)
watchdog-mailcow (Tag 1.96)
These docker tag changes include the Alpine Update to 3.15

clamd-mailcow (Tag 1.43)
sogo-mailcow (Tag 1.106)
olefy-mailcow (Tag 1.8.1)
dovecot-mailcow (Tag 1.159)
solr-mailcow (Tag 1.8.1)
Very important changes:

U2F API Removal --> Replaced with WebAuthn API (TFA) [More Details here] (Thanks to @FreddleSpl0it)
Important changes:

Dovecot Update to 2.3.17.1
SOGO Update to 5.5.0
ClamAV Update to 0.103.5 (DDOS Fix)
Solr Security Fix Fix (Removed breached log4j Class)
Alpine Linux Update to 3.15
Better Acme SSL Path recognition for Alpine Versions after 3.15 (Thanks to @mkuron) --> Fixing issue: Possible regression in acme-mailcow 1.80 #4392
Olefy Ping Fix (Will fix: Olefy 1.8 broken  #4401) (Thanks to @a16bitsysop for the Fix!)
Netfilter GeoIP Fix (Thanks to @marcvorwerk) --> Fixing issue: Netfilter Python error #2668
2022-01-21 14:54:31 +01:00
Kristian Feldsam f4c9a6941a [Web] Updated lang.cs.json
Signed-off-by: Kristian Feldsam <feldsam@gmail.com>
2022-01-21 14:18:20 +01:00
Niklas Meyer 355ea71877
Merge pull request #4428 from FreddleSpl0it/master
Migrating from U2F to WebAuthn for 2FA
2022-01-21 12:19:25 +01:00
Niklas Meyer fac8d9d28a
[Netfilter] Update to Alpine 3.15 + GeoIP Fix
Added xtables-addon to netfilter container to handle iptables rules with geoip
**Commited by: @marcvorwerk**
2022-01-21 09:22:25 +01:00
FreddleSpl0it af1b90fa18
[WebAuthn] rename env var 2022-01-20 14:37:20 +01:00
FreddleSpl0it aaf5da240a
[WebAuthn] rename env var 2022-01-20 11:19:00 +01:00
Niklas Meyer 513588621d
[Compose] Update Netfilter Image to 1.46 2022-01-20 10:12:28 +01:00
Niklas Meyer 9c7faa9fe8
[Netfilter] Update to Alpine 3.15 2022-01-20 10:11:39 +01:00
Niklas Meyer 8f89968421
[SOGo] Update SOGo to 5.5.0 + syslog Version Update (in Config)
This PR is updating SOGo to the new 5.5.0 Release (https://github.com/inverse-inc/sogo/releases/tag/SOGo-5.5.0) <-- Available in master.

It also includes the nsyslog Update to 3.28 (since the new SOGo builds are using a newer version), which fix a warning message inside the sogo container that the nsyslog version is outdated and can be upgraded to 3.28

This new release will have the Docker Image Tag: mailcow/sogo:1.106
2022-01-20 10:04:01 +01:00
Niklas Meyer e78298152e
[Watchdog] Update to Alpine 3.15
This PR includes the Alpine Update 3.15 for the watchdog-mailcow container.

Fully tested (works flawlessly due to the fact that only the os got updated, not the script).

This PR will have the docker tag: mailcow/watchdog:1.96
2022-01-19 20:09:59 +01:00
Niklas Meyer ccd3677d76
[Compose] Update Watchdog Tag (Alpine 3.15) 2022-01-19 16:48:57 +01:00
Niklas Meyer d4fe4a7f87
[Watchdog] Update to Alpine 3.15 2022-01-19 16:43:27 +01:00
Niklas Meyer 5bcb0f5d25
[SOGo] Update SOGo to 5.5.0
New Docker Tag: mailcow/sogo:1.106
2022-01-19 10:33:51 +01:00
Niklas Meyer a195e6e121
[SOGo] Update syslog-ng-redis_slave Version to 3.28 2022-01-19 10:31:34 +01:00
Niklas Meyer a5e84b483a
[SOGo] Update syslog-ng Version to 3.28 2022-01-19 10:30:57 +01:00
Niklas Meyer 998cc749bf
[Olefy] Update to Alpine 3.15 and include ping fix
This PR is updating the olefy-mailcow container to Alpine 3.15.

It is also including the ping fix from @a16bitsysop which is solving the issue: #4401

The PR includes a temporarily local copy of the olefy.py file which includes the named fix. When this fix is officially merged into the olefy project we will update the olefy container again.

The new docker image tag is: mailcow/olefy:1.8.1
2022-01-19 10:20:03 +01:00
Niklas Meyer f9def72115
[Compose] Update olefy to Alpine 3.15 2022-01-18 20:57:24 +01:00
Niklas Meyer 9f8a16b8c1
[Olefy] Use local olefy.py (instead of Github)
This is temporarily until the issue fix is merged into master.
2022-01-18 20:55:44 +01:00
Niklas Meyer cbb64e316e
[Olefy] Add local Olefy.py
Temporarily fix for https://github.com/HeinleinSupport/olefy/pull/14
2022-01-18 20:53:03 +01:00
Niklas Meyer c08e520a75
[Olefy] Update to Alpine 3.15 2022-01-18 20:51:49 +01:00
Niklas Meyer 6fcb52bcc6
[Config (Clamd)] Update SSL Path to new style (dynamic)
Thanks to @mkuron this fix will change the ssl path to be dynamic (not hardcoded) to ensure that acme is still working with Alpine 3.15 or higher.

This PR is included in the Docker tag: mailcow/acme:1.81 (including the Alpine 3.15 update)
2022-01-18 16:48:50 +01:00
Niklas Meyer 1e6f927ac5
[Config (Clamd)] Update SSL Path to new style (dynamic) 2022-01-18 16:44:48 +01:00
Marc Vorwerk f16d36eb74 Added xtables-addon to netfilter container to handle iptables rules with geoip 2022-01-18 16:27:40 +01:00
Niklas Meyer bffc5bfcc3
[Clamd] Rebase on Bullseye
Image Tag: mailcow/clamd:1.43
2022-01-18 15:23:06 +01:00
Niklas Meyer f9e28b8d82
[Clamd] Rebuild on Bullseye Base 2022-01-18 15:14:45 +01:00
Niklas Meyer 16fb542ccc
[Clamd] Update to 0.103.5 (DDOS Fix)
[Clamd] Update to 0.103.5 (DDOS Fix) (Docker Image Tag mailcow/clamd:1.43)
2022-01-18 15:01:36 +01:00
Niklas Meyer a5e38f33d9
[Compose] Update Clamd to 0.103.5 2022-01-15 17:18:32 +01:00
Niklas Meyer e3417397af
[Clamd] Update to 0.103.5 2022-01-15 17:17:27 +01:00
Niklas Meyer b0679b1c4f
[Compose] Docker Tag fix to include Alpine Update
Referencing: https://github.com/mailcow/mailcow-dockerized/pull/4372
2022-01-11 10:00:24 +01:00
Niklas Meyer 026be03a6a
[Compose] Updated Unbound Tag to 1.15 (Alpine Update) 2022-01-11 09:52:58 +01:00
milkmaker 6ef8b90c76
[Web] Updated lang.fr.json [CI SKIP] (#4417)
Co-authored-by: crep7424 <guillaume@crepieux.eu>

Co-authored-by: crep7424 <guillaume@crepieux.eu>
2022-01-09 16:23:17 +01:00
Michael Kuron 526b3f885b
Merge pull request #4410 from AlexBeakes/master
Fix pip3 issue that broke netfilter Dockerfile build
2022-01-05 22:36:20 +01:00
Alex Beakes a0b0d36e22
Fix pip3 uninstall error 2022-01-02 03:51:09 +03:00
Niklas Meyer 29bd368a98
[SOGo] Update to 5.4.0 (#4397) 2021-12-24 05:55:17 +01:00
Razvan 36e29710da
[Web] Updated lang.ro.json (#4396)
[Web] Updated lang.ro.json
2021-12-22 19:34:50 +01:00
Niklas Meyer e8ca588884
[Solr] Remove breached class from log4j-core.jar (#4390) 2021-12-17 12:43:05 +01:00
milkmaker 3a94926913
[Web] Updated lang.it.json [CI SKIP] (#4386)
Co-authored-by: Stefano <stefano.vassena@gmail.com>

Co-authored-by: Stefano <stefano.vassena@gmail.com>
2021-12-15 18:48:09 +01:00
Niklas Meyer 758f2ef8d1
[Compose] Revert prior image tag version change
Removed the newer image tag in the docker-compose.yml (one version ahead)
2021-12-15 09:59:50 +01:00
Niklas Meyer 2f9d8213b6
[Alpine] Update to 3.15 (#4372) 2021-12-14 14:10:31 +01:00
Christian Burmeister f58cc2aa43
Update docker-compose.yml (#4381)
ofelia-mailcow does not have the correct time zone.
Test: ocker exec -it mailcowdockerized_ofelia-mailcow_1 date
2021-12-13 19:01:07 +01:00
andryyy 9c5fd91484 Merge branch 'hotfix' into staging 2021-12-12 10:50:50 +01:00
Peter 11af104ad9
[GH-Actions][stale] Exempt draft PRs 2021-12-11 18:25:40 +01:00
Niklas Meyer 8248b80d4b
Merge pull request #4361 from TomK32/patch-1
Add a note about creating a backup before starting over
2021-12-10 23:37:33 +01:00
milkmaker 42d7563626
[Web] Updated lang.it.json [CI SKIP] (#4367)
Co-authored-by: Stefano <stefano.vassena@gmail.com>

Co-authored-by: Stefano <stefano.vassena@gmail.com>
2021-12-09 21:11:59 +01:00
DerLinkman 03542bfa71
[Dovecot] Update to 2.3.17.1 (#4365) 2021-12-08 20:17:30 +01:00
DerLinkman 77ac84eaa4
[WEB] fixed wrong value entry in Pushover.twig (#4363) 2021-12-08 19:23:28 +01:00
roswitina 2892a1b264
Typo lang.de.json (#4359) 2021-12-08 19:10:54 +01:00
milkmaker 41819d354f
Translations update from Weblate (#4364)
* [Web] Updated lang.it.json [CI SKIP]

[Web] Updated lang.it.json [CI SKIP]

Co-authored-by: Stefano <stefano.vassena@gmail.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

* [Web] Updated lang.sk.json [CI SKIP]

Co-authored-by: Lukáš Matula <lukas@gbely.net>

Co-authored-by: Stefano <stefano.vassena@gmail.com>
Co-authored-by: Lukáš Matula <lukas@gbely.net>
2021-12-08 19:09:30 +01:00
andryyy e4d23b7887
[Web] Add default sieve accessq 2021-12-07 13:56:56 +01:00
Thomas R. Koll 43559af0cc
Add a not about creating a backup before starting over
I was stupid/tired enough to copy and run that `docker-compose down -v`. Hopefully this little change will prevent others from loosing their data as well.
Btw, I did get that page after my disk space was running out.
2021-12-05 18:59:39 +01:00
38 changed files with 533 additions and 150 deletions

View File

@ -25,10 +25,11 @@ jobs:
stale-pr-message: >
This pull request has been automatically marked as stale because it has not had
recent activity. It will be closed if no further activity occurs.
exempt-issue-labels: "pinned,security,enhancement,investigating"
exempt-pr-labels: "pinned,security,enhancement,investigating"
exempt-issue-labels: "pinned,security,enhancement,investigating,neverstale"
exempt-pr-labels: "pinned,security,enhancement,investigating,neverstale"
stale-issue-label: "stale"
stale-pr-label: "stale"
exempt-draft-pr: "true"
operations-per-run: "250"
ascending: "true"
#DRY-RUN

1
.gitignore vendored
View File

@ -56,6 +56,7 @@ data/web/templates/cache/*
data/web/.well-known/acme-challenge
data/web/css/build/0081-custom-mailcow.css
data/web/inc/vars.local.inc.php
data/web/inc/app_info.inc.php
data/web/nextcloud*/
data/web/rc*/
docker-compose.override.yml

View File

@ -1,5 +1,6 @@
# mailcow: dockerized - 🐮 + 🐋 = 💕
[![master build status](https://img.shields.io/drone/build/mailcow/mailcow-dockerized/master?label=master%20build&server=https%3A%2F%2Fdrone.mailcow.email)](https://drone.mailcow.email/mailcow/mailcow-dockerized) [![staging build status](https://img.shields.io/drone/build/mailcow/mailcow-dockerized/staging?label=staging%20build&server=https%3A%2F%2Fdrone.mailcow.email)](https://drone.mailcow.email/mailcow/mailcow-dockerized) [![Translation status](https://translate.mailcow.email/widgets/mailcow-dockerized/-/translation/svg-badge.svg)](https://translate.mailcow.email/engage/mailcow-dockerized/)
[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/mailcow_email.svg?style=social&label=Follow%20%40mailcow_email)](https://twitter.com/mailcow_email)
## Want to support mailcow?
@ -23,6 +24,8 @@ Please see [the official documentation](https://mailcow.github.io/mailcow-docker
[Telegram mailcow Off-Topic channel](https://t.me/mailcowOfftopic)
[Official Twitter Account](https://twitter.com/mailcow_email)
Telegram desktop clients are available for [multiple platforms](https://desktop.telegram.org). You can search the groups history for keywords.
## Misc

View File

@ -1,4 +1,4 @@
FROM alpine:3.14
FROM alpine:3.15
LABEL maintainer "Andre Peters <andre.peters@servercow.de>"

View File

@ -80,7 +80,7 @@ fi
printf "[SAN]\nsubjectAltName=" > /tmp/_SAN
printf "DNS:%s," "${CERT_DOMAINS[@]}" >> /tmp/_SAN
sed -i '$s/,$//' /tmp/_SAN
openssl req -new -sha256 -key ${KEY} -subj "/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf /tmp/_SAN) > ${CSR}
openssl req -new -sha256 -key ${KEY} -subj "/" -reqexts SAN -config <(cat "$(openssl version -d | sed 's/.*"\(.*\)"/\1/g')/openssl.cnf" /tmp/_SAN) > ${CSR}
# acme-tiny writes info to stderr and ceritifcate to stdout
# The redirects will do the following:

View File

@ -1,8 +1,8 @@
FROM debian:buster-slim
FROM debian:bullseye-slim
LABEL maintainer "André Peters <andre.peters@servercow.de>"
ARG CLAMAV=0.103.4
ARG CLAMAV=0.103.5
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
zlib1g-dev \
@ -23,7 +23,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
dos2unix \
netcat \
&& rm -rf /var/lib/apt/lists/* \
&& wget -O - https://fossies.org/linux/misc/clamav-${CLAMAV}.tar.gz | tar xfvz - \
&& wget -O - https://www.clamav.net/downloads/production/clamav-${CLAMAV}.tar.gz | tar xfvz - \
&& cd clamav-${CLAMAV} \
&& ./configure \
--prefix=/usr \

View File

@ -1,4 +1,4 @@
FROM alpine:3.14
FROM alpine:3.15
LABEL maintainer "Andre Peters <andre.peters@servercow.de>"

View File

@ -2,7 +2,7 @@ FROM debian:buster-slim
LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
ARG DEBIAN_FRONTEND=noninteractive
ARG DOVECOT=2.3.17
ARG DOVECOT=2.3.17.1
ENV LC_ALL C
ENV GOSU_VERSION 1.12

View File

@ -1,4 +1,4 @@
FROM alpine:3.14
FROM alpine:3.15
LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
ENV XTABLES_LIBDIR /usr/lib/xtables
@ -13,10 +13,11 @@ RUN apk add --virtual .build-deps \
&& apk add -U python3 \
iptables \
ip6tables \
xtables-addons \
tzdata \
py3-pip \
musl-dev \
&& pip3 install --upgrade pip \
&& pip3 install --ignore-installed --upgrade pip \
python-iptables \
redis \
ipaddress \

View File

@ -1,4 +1,4 @@
FROM alpine:3.14
FROM alpine:3.15
LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
WORKDIR /app
@ -12,7 +12,7 @@ RUN apk add --virtual .build-deps gcc musl-dev python3-dev libffi-dev openssl-de
&& apk del .build-deps
# && sed -i 's/decompress_stream(bytearray(compressed_code))/bytes2str(decompress_stream(bytearray(compressed_code)))/g' /usr/lib/python3.8/site-packages/oletools/olevba.py
ADD https://raw.githubusercontent.com/HeinleinSupport/olefy/master/olefy.py /app/
ADD olefy.py /app/
RUN chown -R nobody:nobody /app /tmp

View File

@ -0,0 +1,220 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Copyright (c) 2020, Dennis Kalbhen <d.kalbhen@heinlein-support.de>
# Copyright (c) 2020, Carsten Rosenberg <c.rosenberg@heinlein-support.de>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
###
#
# olefy is a little helper socket to use oletools with rspamd. (https://rspamd.com)
# Please find updates and issues here: https://github.com/HeinleinSupport/olefy
#
###
from subprocess import Popen, PIPE
import sys
import os
import logging
import asyncio
import time
import magic
import re
# merge variables from /etc/olefy.conf and the defaults
olefy_listen_addr_string = os.getenv('OLEFY_BINDADDRESS', '127.0.0.1,::1')
olefy_listen_port = int(os.getenv('OLEFY_BINDPORT', '10050'))
olefy_tmp_dir = os.getenv('OLEFY_TMPDIR', '/tmp')
olefy_python_path = os.getenv('OLEFY_PYTHON_PATH', '/usr/bin/python3')
olefy_olevba_path = os.getenv('OLEFY_OLEVBA_PATH', '/usr/local/bin/olevba3')
# 10:DEBUG, 20:INFO, 30:WARNING, 40:ERROR, 50:CRITICAL
olefy_loglvl = int(os.getenv('OLEFY_LOGLVL', 20))
olefy_min_length = int(os.getenv('OLEFY_MINLENGTH', 500))
olefy_del_tmp = int(os.getenv('OLEFY_DEL_TMP', 1))
olefy_del_tmp_failed = int(os.getenv('OLEFY_DEL_TMP_FAILED', 1))
# internal used variables
request_time = '0000000000.000000'
olefy_protocol = 'OLEFY'
olefy_ping = 'PING'
olefy_protocol_sep = '\n\n'
olefy_headers = {}
# init logging
logger = logging.getLogger('olefy')
logging.basicConfig(stream=sys.stdout, level=olefy_loglvl, format='olefy %(levelname)s %(funcName)s %(message)s')
logger.debug('olefy listen address string: {} (type {})'.format(olefy_listen_addr_string, type(olefy_listen_addr_string)))
if not olefy_listen_addr_string:
olefy_listen_addr = ""
else:
addr_re = re.compile('[\[" \]]')
olefy_listen_addr = addr_re.sub('', olefy_listen_addr_string.replace("'", "")).split(',')
# log runtime variables
logger.info('olefy listen address: {} (type: {})'.format(olefy_listen_addr, type(olefy_listen_addr)))
logger.info('olefy listen port: {}'.format(olefy_listen_port))
logger.info('olefy tmp dir: {}'.format(olefy_tmp_dir))
logger.info('olefy python path: {}'.format(olefy_python_path))
logger.info('olefy olvba path: {}'.format(olefy_olevba_path))
logger.info('olefy log level: {}'.format(olefy_loglvl))
logger.info('olefy min file length: {}'.format(olefy_min_length))
logger.info('olefy delete tmp file: {}'.format(olefy_del_tmp))
logger.info('olefy delete tmp file when failed: {}'.format(olefy_del_tmp_failed))
if not os.path.isfile(olefy_python_path):
logger.critical('python path not found: {}'.format(olefy_python_path))
exit(1)
if not os.path.isfile(olefy_olevba_path):
logger.critical('olevba path not found: {}'.format(olefy_olevba_path))
exit(1)
# olefy protocol function
def protocol_split( olefy_line ):
header_lines = olefy_line.split('\n')
for line in header_lines:
if line == 'OLEFY/1.0':
olefy_headers['olefy'] = line
elif line != '':
kv = line.split(': ')
if kv[0] != '' and kv[1] != '':
olefy_headers[kv[0]] = kv[1]
logger.debug('olefy_headers: {}'.format(olefy_headers))
# calling oletools
def oletools( stream, tmp_file_name, lid ):
if olefy_min_length > stream.__len__():
logger.error('{} {} bytes (Not Scanning! File smaller than {!r})'.format(lid, stream.__len__(), olefy_min_length))
out = b'[ { "error": "File too small" } ]'
else:
tmp_file = open(tmp_file_name, 'wb')
tmp_file.write(stream)
tmp_file.close()
file_magic = magic.Magic(mime=True, uncompress=True)
file_mime = file_magic.from_file(tmp_file_name)
logger.info('{} {} (libmagic output)'.format(lid, file_mime))
# do the olefy
cmd_tmp = Popen([olefy_python_path, olefy_olevba_path, '-a', '-j' , '-l', 'error', tmp_file_name], stdout=PIPE, stderr=PIPE)
out, err = cmd_tmp.communicate()
out = bytes(out.decode('utf-8', 'ignore').replace(' ', ' ').replace('\t', '').replace('\n', '').replace('XLMMacroDeobfuscator: pywin32 is not installed (only is required if you want to use MS Excel)', ''), encoding="utf-8")
failed = False
if out.__len__() < 30:
logger.error('{} olevba returned <30 chars - rc: {!r}, response: {!r}, error: {!r}'.format(lid,cmd_tmp.returncode,
out.decode('utf-8', 'ignore'), err.decode('utf-8', 'ignore')))
out = b'[ { "error": "Unhandled error - too short olevba response" } ]'
failed = True
elif err.__len__() > 10 and cmd_tmp.returncode == 9:
logger.error("{} olevba stderr >10 chars - rc: {!r}, response: {!r}".format(lid, cmd_tmp.returncode, err.decode("utf-8", "ignore")))
out = b'[ { "error": "Decrypt failed" } ]'
failed = True
elif err.__len__() > 10 and cmd_tmp.returncode > 9:
logger.error('{} olevba stderr >10 chars - rc: {!r}, response: {!r}'.format(lid, cmd_tmp.returncode, err.decode('utf-8', 'ignore')))
out = b'[ { "error": "Unhandled oletools error" } ]'
failed = True
elif cmd_tmp.returncode != 0:
logger.error('{} olevba exited with code {!r}; err: {!r}'.format(lid, cmd_tmp.returncode, err.decode('utf-8', 'ignore')))
failed = True
if failed and olefy_del_tmp_failed == 0:
logger.debug('{} {} FAILED: not deleting tmp file'.format(lid, tmp_file_name))
elif olefy_del_tmp == 1:
logger.debug('{} {} deleting tmp file'.format(lid, tmp_file_name))
os.remove(tmp_file_name)
logger.debug('{} response: {}'.format(lid, out.decode('utf-8', 'ignore')))
return out + b'\t\n\n\t'
# Asyncio data handling, default AIO-Functions
class AIO(asyncio.Protocol):
def __init__(self):
self.extra = bytearray()
def connection_made(self, transport):
global request_time
peer = transport.get_extra_info('peername')
logger.debug('{} new connection was made'.format(peer))
self.transport = transport
request_time = str(time.time())
def data_received(self, request, msgid=1):
peer = self.transport.get_extra_info('peername')
logger.debug('{} data received from new connection'.format(peer))
self.extra.extend(request)
def eof_received(self):
peer = self.transport.get_extra_info('peername')
olefy_protocol_err = False
proto_ck = self.extra[0:2000].decode('utf-8', 'ignore')
headers = proto_ck[0:proto_ck.find(olefy_protocol_sep)]
if olefy_protocol == headers[0:5]:
self.extra = bytearray(self.extra[len(headers)+2:len(self.extra)])
protocol_split(headers)
else:
olefy_protocol_err = True
if olefy_ping == headers[0:4]:
is_ping = True
else:
is_ping = False
rspamd_id = olefy_headers['Rspamd-ID'][:6] or ''
lid = 'Rspamd-ID' in olefy_headers and '<'+rspamd_id+'>'
tmp_file_name = olefy_tmp_dir+'/'+request_time+'.'+str(peer[1])+'.'+rspamd_id
logger.debug('{} {} choosen as tmp filename'.format(lid, tmp_file_name))
if not is_ping or olefy_loglvl == 10:
logger.info('{} {} bytes (stream size)'.format(lid, self.extra.__len__()))
if olefy_ping == headers[0:4]:
logger.debug('{} PING request'.format(peer))
out = b'PONG'
elif olefy_protocol_err == True or olefy_headers['olefy'] != 'OLEFY/1.0':
logger.error('{} Protocol ERROR: no OLEFY/1.0 found'.format(lid))
out = b'[ { "error": "Protocol error" } ]'
elif 'Method' in olefy_headers:
if olefy_headers['Method'] == 'oletools':
out = oletools(self.extra, tmp_file_name, lid)
else:
logger.error('Protocol ERROR: Method header not found')
out = b'[ { "error": "Protocol error: Method header not found" } ]'
self.transport.write(out)
if not is_ping or olefy_loglvl == 10:
logger.info('{} {} response send: {!r}'.format(lid, peer, out))
self.transport.close()
# start the listeners
loop = asyncio.get_event_loop()
# each client connection will create a new protocol instance
coro = loop.create_server(AIO, olefy_listen_addr, olefy_listen_port)
server = loop.run_until_complete(coro)
for sockets in server.sockets:
logger.info('serving on {}'.format(sockets.getsockname()))
# XXX serve requests until KeyboardInterrupt, not needed for production
try:
loop.run_forever()
except KeyboardInterrupt:
pass
# graceful shutdown/reload
server.close()
loop.run_until_complete(server.wait_closed())
loop.close()
logger.info('stopped serving')

View File

@ -1,4 +1,4 @@
@version: 3.19
@version: 3.28
@include "scl.conf"
options {
chain_hostnames(off);

View File

@ -1,4 +1,4 @@
@version: 3.19
@version: 3.28
@include "scl.conf"
options {
chain_hostnames(off);

View File

@ -16,10 +16,15 @@ RUN dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
tzdata \
curl \
bash \
zip \
&& apt-get autoclean \
&& rm -rf /var/lib/apt/lists/* \
&& chmod +x /solr.sh \
&& sync \
&& bash /solr.sh --bootstrap
RUN zip -q -d /opt/solr/server/lib/ext/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
RUN apt remove zip -y
CMD ["/solr.sh"]

View File

@ -1,4 +1,4 @@
FROM alpine:3.14
FROM alpine:3.15
LABEL maintainer "Andre Peters <andre.peters@servercow.de>"

View File

@ -1,4 +1,4 @@
FROM alpine:3.14
FROM alpine:3.15
LABEL maintainer "André Peters <andre.peters@servercow.de>"
# Installation

View File

@ -16,8 +16,9 @@
<pre>docker-compose logs --tail=200 php-fpm-mailcow nginx-mailcow</pre>
<p>Make sure your SQL credentials in mailcow.conf (a link to .env) do fit your initialized SQL volume. If you see an access denied, you might have the wrong mailcow.conf:</p>
<pre>source mailcow.conf ; docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}</pre>
<p>In case of a previous failed installation, remove all volumes and start over (<b>NEVER</b> do this with a production system, it will remove <b>ALL</b> data):</p>
<pre>docker-compose down -v ; docker-compose up -d</pre>
<p>In case of a previous failed installation, create a backup of your existing data, followed by removing all volumes and starting over (<b>NEVER</b> do this with a production system, it will remove <b>ALL</b> data):</p>
<pre>BACKUP_LOCATION=/tmp/ ./helper-scripts/backup_and_restore.sh backup all</pre>
<pre>docker-compose down --volumes ; docker-compose up -d</pre>
<p>Make sure your timezone is correct. Use "America/New_York" for example, do not use spaces. Check <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones">here</a> for a list.</p>
<br>Click to learn more about <a style="color:red;text-decoration:none;" href="https://mailcow.github.io/mailcow-dockerized-docs/#get-support" target="_blank">getting support.</a>
</body>

View File

@ -4805,7 +4805,7 @@ paths:
schema:
example:
attr:
rl_vlaue: "10"
rl_value: "10"
rl_frame: "h"
items:
- info@domain.tld
@ -4815,7 +4815,7 @@ paths:
rl_frame:
description: contains the frame for the ratelimit h,s,m
type: string
rl_vlaue:
rl_value:
description: contains the rate for the ratelimit 10,20,50,1
type: number
type: object
@ -4876,7 +4876,7 @@ paths:
schema:
example:
attr:
rl_vlaue: "10"
rl_value: "10"
rl_frame: "h"
items:
- domain.tld
@ -4886,7 +4886,7 @@ paths:
rl_frame:
description: contains the frame for the ratelimit h,s,m
type: string
rl_vlaue:
rl_value:
description: contains the rate for the ratelimit 10,20,50,1
type: number
type: object

View File

@ -202,6 +202,11 @@ legend {
margin-top: 27px;
margin-bottom: 20px;
color: #959595;
display: flex;
flex-direction: column;
}
.footer .version {
margin-left: auto;
}
.slave-info {
padding: 15px 0px 15px 15px;

View File

@ -23,7 +23,12 @@ if (is_array($alertbox_log_parser)) {
unset($_SESSION['return']);
}
// globals
$globalVariables = [
'mailcow_info' => array(
'version_tag' => $GLOBALS['MAILCOW_GIT_VERSION'],
'git_project_url' => $GLOBALS['MAILCOW_GIT_URL']
),
'js_path' => '/cache/'.basename($JSPath),
'pending_tfa_method' => @$_SESSION['pending_tfa_method'],
'pending_mailcow_cc_username' => @$_SESSION['pending_mailcow_cc_username'],

View File

@ -10,11 +10,17 @@ $DEV_MODE = (getenv('DEV_MODE') == 'y');
}*/
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.inc.php';
$default_autodiscover_config = $autodiscover_config;
if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/inc/vars.local.inc.php')) {
include_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.local.inc.php';
}
// auto-generated by generate-config.sh and update.sh
if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/inc/app_info.inc.php')) {
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/app_info.inc.php';
}
unset($https_port);
$autodiscover_config = array_merge($default_autodiscover_config, $autodiscover_config);
@ -63,7 +69,7 @@ $tfa = new RobThree\Auth\TwoFactorAuth($OTP_LABEL, 6, 30, 'sha1', $qrprovider);
$formats = $GLOBALS['FIDO2_FORMATS'];
$WebAuthn = new lbuchs\WebAuthn\WebAuthn('WebAuthn Library', $_SERVER['HTTP_HOST'], $formats);
// only include root ca's when needed
if (getenv('WEBAUTHN_RESPECT_ROOTCA') == 'y') $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates');
if (getenv('WEBAUTHN_ONLY_TRUSTED_VENDORS') == 'y') $WebAuthn->addRootCertificates($_SERVER['DOCUMENT_ROOT'] . '/inc/lib/WebAuthn/rootCertificates');
// Redis
$redis = new Redis();

View File

@ -175,6 +175,9 @@ $MAILBOX_DEFAULT_ATTRIBUTES['pop3_access'] = true;
// Mailbox has SMTP access by default
$MAILBOX_DEFAULT_ATTRIBUTES['smtp_access'] = true;
// Mailbox has sieve access by default
$MAILBOX_DEFAULT_ATTRIBUTES['sieve_access'] = true;
// Mailbox receives notifications about...
// "add_header" - mail that was put into the Junk folder
// "reject" - mail that was rejected

View File

@ -409,16 +409,14 @@ if (isset($_GET['query'])) {
break;
case "fido2-get-args":
header('Content-Type: application/json');
// fetch allowed credentialIds
$cids = fido2(array("action" => "get_all_cids"));
if (count($cids) == 0) {
print(json_encode(array(
'type' => 'error',
'msg' => 'Cannot find matching credentialIds'
)));
}
// Login without username, no ids!
// $ids = fido2(array("action" => "get_all_cids"));
// if (count($ids) == 0) {
// return;
// }
$ids = NULL;
$getArgs = $WebAuthn->getGetArgs($cids, 30, true, true, true, true, $GLOBALS['FIDO2_UV_FLAG_LOGIN']);
$getArgs = $WebAuthn->getGetArgs($ids, 30, true, true, true, true, $GLOBALS['FIDO2_UV_FLAG_LOGIN']);
print(json_encode($getArgs));
$_SESSION['challenge'] = $WebAuthn->getChallenge();
return;

View File

@ -467,7 +467,7 @@
"chart_this_server": "Graf (tento server)",
"containers_info": "Informace o kontejnerech",
"disk_usage": "Využití disku",
"docs": "Dokumentace",
"docs": "Dokumentů",
"external_logs": "Externí logy",
"history_all_servers": "Záznam (všechny servery)",
"in_memory_logs": "Logy v paměti",

View File

@ -86,7 +86,7 @@
"public_comment": "Öffentlicher Kommentar",
"quota_mb": "Speicherplatz (MiB)",
"relay_all": "Alle Empfänger-Adressen relayen",
"relay_all_info": "↪ Wenn <b>nicht</b> alle Empfänger-Adressen relayt werden sollen, müssen \"blinde\" Mailboxen für jede Adresse, die relayt werden soll, erstellen werden.",
"relay_all_info": "↪ Wenn <b>nicht</b> alle Empfänger-Adressen relayt werden sollen, müssen \"blinde\" Mailboxen für jede Adresse, die relayt werden soll, erstellt werden.",
"relay_domain": "Diese Domain relayen",
"relay_transport_info": "<div class=\"label label-info\">Info</div> Transport-Maps können erstellt werden, um individuelle Ziele für eine Relay-Domain zu definieren.",
"relay_unknown_only": "Nur nicht-lokale Mailboxen relayen. Existente Mailboxen werden weiterhin lokal zugestellt.",

View File

@ -259,7 +259,7 @@
"recipients": "Destinataires",
"refresh": "Rafraîchir",
"regen_api_key": "Regénérer la clé API",
"regex_maps": "Cartes Regex (Regex = expression régulière)",
"regex_maps": "Cartes Regex (expression régulière)",
"relay_from": "\"De:\" adresse",
"relay_run": "Lancer le test",
"relayhosts": "Transports de lexpéditeur",
@ -699,7 +699,7 @@
"private_comment": "Commentaire privé",
"public_comment": "Commentaire public",
"q_add_header": "Courriers indésirables",
"q_all": "Toutes les catégories",
"q_all": " quand déplacé dans le dossier spam ou rejeté",
"q_reject": "Rejecté",
"quarantine_notification": "Avis de quarantaine",
"quarantine_category": "Catégorie de la notification de quarantaine",
@ -729,7 +729,7 @@
"sogo_visible": "Alias visible dans SOGo",
"sogo_visible_n": "Masquer alias dans SOGo",
"sogo_visible_y": "Afficher alias dans SOGo",
"spam_aliases": "Alias temp.",
"spam_aliases": "Alias temporaire",
"stats": "Statistiques",
"status": "Statut",
"sync_jobs": "Tâches de synchronisation",
@ -1070,7 +1070,7 @@
"warning": {
"cannot_delete_self": "Impossible de supprimer lutilisateur connecté",
"domain_added_sogo_failed": "Ajout dun domaine mais échec du redémarrage de Sogo, veuillez vérifier les journaux de votre serveur.",
"dovecot_restart_failed": "Dovecot na pas pu redémarrer, veuillez vérifier les journaux de votre serveur.",
"dovecot_restart_failed": "Dovecot na pas pu redémarrer, veuillez vérifier les journaux",
"fuzzy_learn_error": "Erreur dapprentissage du hachage flou: %s",
"hash_not_found": "Hachage non trouvé ou déjà supprimé",
"ip_invalid": "IP non valide ignorée: %s",

View File

@ -18,8 +18,8 @@
"quarantine_attachments": "Allegati in quarantena",
"quarantine_category": "Modifica la categoria delle notifiche di quarantena",
"quarantine_notification": "Modifica notifiche quarantena",
"ratelimit": "Rate limit",
"recipient_maps": "Recipient maps",
"ratelimit": "Limite di invio",
"recipient_maps": "Mappe dei destinatari",
"smtp_ip_access": "Modifica gli host consentiti per SMTP",
"sogo_access": "Consenti la gestione dell'accesso SOGo",
"sogo_profile_reset": "Ripristina profilo SOGo",
@ -27,7 +27,7 @@
"spam_policy": "Blacklist/Whitelist",
"spam_score": "Punteggio SPAM",
"syncjobs": "Processi di sync",
"tls_policy": "TLS policy",
"tls_policy": "Politica TLS",
"unlimited_quota": "Spazio illimitato per le caselle di posta"
},
"add": {
@ -102,10 +102,11 @@
"target_domain": "Dominio di destinazione",
"timeout1": "Timeout per la connessione all'host remoto",
"timeout2": "Timeout per la connessione all'host locale",
"username": "Username",
"username": "Nome utente",
"validate": "Convalida",
"validation_success": "Convalidato con successo",
"bcc_dest_format": "Il destinatario in copia nascosta, dev'essere un solo indirizzo email.<br>Se devi spedire una copia del messaggio a più destinatari, crea un alias ed utilizzalo per questa opzione."
"bcc_dest_format": "Il destinatario in copia nascosta deve essere un singolo indirizzo email.<br>Se si vuole spedire una copia del messaggio a più destinatari, bisogna creare un alias ed utilizzarlo per questa opzione.",
"app_passwd_protocols": "Protocolli consentiti per la password dell'app"
},
"admin": {
"access": "Accedi",
@ -133,18 +134,18 @@
"advanced_settings": "Impostazioni avanzate",
"api_allow_from": "Allow API access from these IPs/CIDR network notations",
"api_info": "The API is a work in progress. The documentation can be found at <a href=\"/api\">/api</a>",
"api_key": "API key",
"api_skip_ip_check": "Skip IP check for API",
"api_key": "Chiave API",
"api_skip_ip_check": "Salta il controllo dell'IP per l'API",
"app_links": "App links",
"app_name": "App name",
"apps_name": "\"mailcow Apps\" name",
"arrival_time": "Arrival time (server time)",
"app_name": "Nome dell'app",
"apps_name": "Nome \"mailcow Apps\"",
"arrival_time": "Ora di arrivo (ora del server)",
"authed_user": "Auth. user",
"ays": "Sei sicuro di voler procedere?",
"ban_list_info": "See a list of banned IPs below: <b>network (remaining ban time) - [actions]</b>.<br />IPs queued to be unbanned will be removed from the active ban list within a few seconds.<br />Red labels indicate active permanent bans by blacklisting.",
"change_logo": "Cambia logo",
"configuration": "Configurazione",
"convert_html_to_text": "Convert HTML to plain text",
"convert_html_to_text": "Converti HTML in testo semplice",
"credentials_transport_warning": "<b>Warning</b>: Adding a new transport map entry will update the credentials for all entries with a matching next hop column.",
"customer_id": "ID cliente",
"customize": "Personalizzare",
@ -190,7 +191,7 @@
"forwarding_hosts_add_hint": "È possibile specificare indirizzi IPv4 / IPv6, reti nella notazione CIDR, nomi host (che verranno risolti in indirizzi IP) o nomi di dominio (che verranno risolti agli indirizzi IP richiamando i record SPF o, in assenza, i record MX) .",
"forwarding_hosts_hint": "I messaggi in entrata sono accettati in maniera incondizionata da tutti gli host qui elencati. Questi host sono quindi non controllati tramite DNSBL o sottoposti a greylisting. Lo spam ricevuto da questi host non viene mai rifiutato, ma potrebbe essere archiviato nella cartella Posta indesiderata. L'utilizzo più comune è quello di specificare i server di posta elettronica su cui è stata impostata una regola che inoltra le email in arrivo al server mailcow.",
"from": "Da",
"generate": "generate",
"generate": "generare",
"guid": "GUID - ID istanza univoco",
"guid_and_license": "GUID & Licenza",
"hash_remove_info": "Removing a ratelimit hash (if still existing) will reset its counter completely.<br>\r\n Each hash is indicated by an individual color.",
@ -205,7 +206,7 @@
"include_exclude_info": "Di default - se nessuna voce viene selezionata - <b>tutte le caselle di posta</b> risultano attivate",
"includes": "Includi questi destinatari",
"is_mx_based": "Basato sul record MX",
"last_applied": "Last applied",
"last_applied": "Ultima applicazione",
"license_info": "Non è necessario essere in possesso di una licenza ma aiuta gli sviluppatori a far crescere il prodotto.<br><a href=\"https://www.servercow.de/mailcow?lang=en#sal\" target=\"_blank\" alt=\"SAL order\">Registra qui il tuo GUID </a> oppure <a href=\"https://www.servercow.de/mailcow?lang=en#support\" target=\"_blank\" alt=\"Support order\">acquista il supporto per la tua installazione di mailcow.</a>",
"link": "Link",
"loading": "Caricamento in corso...",
@ -230,7 +231,7 @@
"optional": "facoltativo",
"password": "Password",
"password_length": "Lunghezza password",
"password_policy": "Password policy",
"password_policy": "Criteri della password",
"password_policy_chars": "Deve contenere almeno un carattere alfabetico",
"password_policy_length": "La lunghezza minima della password è %d caratteri",
"password_policy_lowerupper": "Deve contenere caratteri minuscoli e maiuscoli",
@ -282,7 +283,7 @@
"remove": "Rimuovi",
"remove_row": "Elimina riga",
"reset_default": "Riporta alle condizioni di default",
"reset_limit": "Remove hash",
"reset_limit": "Rimuovi hash",
"routing": "Routing",
"rsetting_add_rule": "Aggiungi regola",
"rsetting_content": "Contenuto della regola",
@ -334,10 +335,15 @@
"unban_pending": "unban pending",
"unchanged_if_empty": "Se immutato lasciare vuoto",
"upload": "Upload",
"username": "Username",
"username": "Nome utente",
"validate_license_now": "Validate GUID against license server",
"verify": "Verifica",
"yes": "&#10003;"
"yes": "&#10003;",
"api_read_only": "Accesso in sola lettura",
"api_read_write": "Accesso in lettura-scrittura",
"oauth2_apps": "App OAuth2",
"oauth2_add_client": "Aggiungere il client OAuth2",
"rsettings_preset_4": "Disattivare Rspamd per un dominio"
},
"danger": {
"access_denied": "Accesso negato o form di login non corretto",
@ -456,7 +462,7 @@
"username_invalid": "Username %s non può essere utilizzato",
"validity_missing": "Assegnare un periodo di validità",
"value_missing": "Si prega di fornire tutti i valori",
"yotp_verification_failed": "Verifica Yubico OTP fallita: %s"
"yotp_verification_failed": "Verifica OTP Yubico fallita: %s"
},
"debug": {
"chart_this_server": "Grafico (questo server)",
@ -601,7 +607,13 @@
"title": "Modifica oggetto",
"unchanged_if_empty": "Se immutato lasciare vuoto",
"username": "Username",
"validate_save": "Convalida e salva"
"validate_save": "Convalida e salva",
"pushover": "Pushover",
"sogo_access_info": "Il single-sign-on dall'interno dell'interfaccia di posta rimane funzionante. Questa impostazione non influisce sull'accesso a tutti gli altri servizi né cancella o modifica il profilo SOGo esistente dell'utente.",
"none_inherit": "Nessuno / Eredita",
"sogo_access": "Concedere l'accesso diretto a SOGo",
"acl": "ACL (autorizzazione)",
"app_passwd_protocols": "Protocolli consentiti per la password dell'app"
},
"fido2": {
"confirm": "Confirm",
@ -615,7 +627,8 @@
"rename": "Rename",
"set_fido2": "Register FIDO2 device",
"set_fn": "Set friendly name",
"start_fido2_validation": "Start FIDO2 validation"
"start_fido2_validation": "Start FIDO2 validation",
"set_fido2_touchid": "Registrare il Touch ID su Apple M1"
},
"footer": {
"cancel": "Annulla",
@ -629,7 +642,8 @@
"restart_container_info": "<b>Importante:</b> Il completamento di un normale riavvio potrebbe richiedere diversi minuti, ti consigliamo di attendere.",
"restart_now": "Riavvia adesso",
"restarting_container": "Riavvia il container, potrebbe richiedere diversi minuti",
"hibp_check": "Verifica con haveibeenpwned.com"
"hibp_check": "Verifica con haveibeenpwned.com",
"nothing_selected": "Niente di selezionato"
},
"header": {
"administration": "Amministrazione",
@ -694,7 +708,7 @@
"bcc_to_rcpt": "Switch to recipient map type",
"bcc_to_sender": "Switch to sender map type",
"bcc_type": "BCC type",
"booking_null": "Always show as free",
"booking_null": "Mostra sempre come libero",
"booking_0_short": "Always free",
"booking_custom": "Hard-limit to a custom amount of bookings",
"booking_custom_short": "Hard limit",
@ -802,7 +816,17 @@
"goto_spam": "Apprendi come <b>spam</b>",
"open_logs": "Apri i log",
"syncjob_check_log": "Controlla il log",
"syncjob_last_run_result": "Risultato dell'ultima esecuzione"
"syncjob_last_run_result": "Risultato dell'ultima esecuzione",
"syncjob_EXIT_TLS_FAILURE": "Problema con la connessione criptata",
"syncjob_EXIT_AUTHENTICATION_FAILURE": "Problema di autenticazione",
"syncjob_EXIT_OVERQUOTA": "La casella di posta del destinatario ha superato la quota",
"syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Impossibile connettersi al server remoto",
"syncjob_EXIT_CONNECTION_FAILURE": "Problema di connessione",
"catch_all": "Catch-All",
"sender": "Mittente",
"all_domains": "Tutti i domini",
"recipient": "Destinatario",
"syncjob_EX_OK": "Successo"
},
"oauth2": {
"access_denied": "Effettua il login alla casella di posta per garantire l'accesso tramite OAuth2.",
@ -1123,7 +1147,18 @@
"change_password_hint_app_passwords": "Il tuo account ha {{number_of_app_passwords}} password delle app che non verranno modificate. Per gestirle, vai alla scheda App passwords.",
"syncjob_check_log": "Controlla i log",
"syncjob_last_run_result": "Risultato dell'ultima esecuzione",
"open_logs": "Apri i log"
"open_logs": "Apri i log",
"apple_connection_profile_with_app_password": "Una nuova password dell'app è stata generata ed aggiunta al profilo così che non sia più necessario inserire alcuna password quando si imposta il dispositivo. Si prega di non condividere il file in quanto concede l'accesso completo alla tua casella di posta elettronica.",
"allowed_protocols": "Protocolli consentiti",
"syncjob_EX_OK": "Successo",
"syncjob_EXIT_CONNECTION_FAILURE": "Problema di connessione",
"syncjob_EXIT_TLS_FAILURE": "Problema con la connessione criptata",
"syncjob_EXIT_AUTHENTICATION_FAILURE": "Problema di autenticazione",
"syncjob_EXIT_OVERQUOTA": "La casella di posta del destinatario ha superato la quota",
"syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Impossibile connettersi al server remoto",
"syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nome utente o password errati",
"with_app_password": "con password dell'app",
"direct_protocol_access": "Questo utente della mailbox ha <b>accesso diretto ed esterno</b> ai seguenti protocolli e applicazioni. Questa impostazione è controllata dal tuo amministratore. Le password delle applicazioni possono essere create per garantire l'accesso ai singoli protocolli e applicazioni.<br>Il pulsante \"Accedi alla webmail\" fornisce un singolo accesso a SOGo ed è sempre disponibile."
},
"warning": {
"cannot_delete_self": "Cannot delete logged in user",
@ -1141,6 +1176,8 @@
"ratelimit": {
"minute": "messaggi / minuto",
"disabled": "Disabilitato",
"second": "messaggi / secondo"
"second": "messaggi / secondo",
"hour": "messaggi / ora",
"day": "messaggi / giorno"
}
}

View File

@ -42,8 +42,10 @@
"alias_domain_info": "<small>Doar nume de domenii valide (separate prin virgulă).</small>",
"app_name": "Nume aplicație",
"app_password": "Adaugă parolă aplicație",
"app_passwd_protocols": "Protocoale permise pentru parola aplicației",
"automap": "Încearcă maparea automată a folderelor (\"Obiecte trimise\", \"Trimise\" => \"Trimise\" etc.)",
"backup_mx_options": "Opțiuni backup MX",
"bcc_dest_format": "Destinația BCC trebuie să fie o singură adresă de email validă.",
"comment_info": "Un comentariu privat nu este vizibil pentru utilizator, în timp ce un comentariu public este afișat ca un tooltip când se trece peste el într-o privire de ansamblu asupra utilizatorilor",
"custom_params": "Parametri personalizați",
"custom_params_hint": "Corect: --param=xy, greşit: --param xy",
@ -133,6 +135,8 @@
"api_allow_from": "Permite accesul API de la aceste adrese IP/CIDR",
"api_info": "API-ul este în dezvoltare. Documentația se găsește la adresa: <a href=\"/api\">/api</a>",
"api_key": "Cheie API",
"api_read_only": "Acces doar pentru citire",
"api_read_write": "Acces pentru citire și scriere",
"api_skip_ip_check": "Săriți verificarea IP pentru API",
"app_links": "Linkuri aplicație",
"app_name": "Nume aplicație",
@ -220,6 +224,8 @@
"no_active_bans": "Nu există interdicții active",
"no_new_rows": "Nu există alte rânduri disponibile",
"no_record": "Nici o înregistrare",
"oauth2_apps": "Aplicații OAuth2",
"oauth2_add_client": "Adaugă client OAuth2",
"oauth2_client_id": "ID client",
"oauth2_client_secret": "Secret client",
"oauth2_info": "Implementarea OAuth2 suportă tipul de acces \"Cod de autorizare\" și emite jetoane de actualizare.<br>\r\nServerul emite automat noi jetoane de actualizare, după ce a fost folosit un jeton de actualizare.<br><br>\r\n→ Scopul implicit este <i>profil</i>. Doar utilizatorii căsuței poștale pot fi autentificați cu OAuth2. Dacă parametrul scop este omis, acesta revine la <i>profil</i>.<br>\r\n→ Parametrul <i>stare</i> trebuie să fie trimis de client ca parte a cererii de autorizare.<br><br>\r\nCăile pentru cereri către API-ul OAuth2:<br>\r\n<ul>\r\n <li>Calea de autorizare: <code>/oauth/autorize</code ></li>\r\n <li>Calea jetonului: <code>/oauth/token</code></li>\r\n <li>Calea pentru resursă: <code>/oauth/profile</code></li>\r\n</ul>\r\nRegenerarea secretului clientului nu va expira codurile de autorizare existente, dar vor eșua să-și reînnoiască jetonul.<br><br>\r\nRevocarea jetoanelor clientului va cauza încheierea imediată a tuturor sesiunilor active. Toți clienții trebuie să se autentifice din nou.",
@ -497,6 +503,7 @@
"optional": "Această înregistrare este opțională."
},
"edit": {
"acl": "ACL (Permisiune)",
"active": "Activ",
"admin": "Editează administrator",
"advanced_settings": "Setări avansate",
@ -506,9 +513,10 @@
"allowed_protocols": "Protocoale permise",
"app_name": "Nume aplicație",
"app_passwd": "Parolă apicație",
"app_passwd_protocols": "Protocoale permise pentru parola aplicației",
"automap": "Încearcă maparea automată a folderelor (\"Obiecte trimise\", \"Trimise\" => \"Trimise\" etc.)",
"backup_mx_options": "Opțiuni backup MX",
"bcc_dest_format": "Destinația BCC trebuie să fie o singură adresă de email validă.",
"bcc_dest_format": "Destinația BCC trebuie să fie o singură adresă de email validă.<br>Dacă trebuie să trimiteți o copie la mai multe adrese, creați un alias și utilizați-l aici.",
"client_id": "ID Client",
"client_secret": "Secret client",
"comment_info": "Un comentariu privat nu este vizibil pentru utilizator, în timp ce un comentariu public este afișat ca un tooltip când se trece peste el într-o privire de ansamblu asupra utilizatorilor",
@ -550,12 +558,14 @@
"mbox_rl_info": "Această limitare de rată se aplică pe numele de conectare SASL, se potrivește cu orice adresă „de la” folosită de către utilizatorul autentificat. O limitare a ratei căsuței poștale înlocuiește limitarea ratei la nivel de domeniu.",
"mins_interval": "Interval (min)",
"multiple_bookings": "Rezervări multiple",
"none_inherit": "Nici una / Moștenește",
"nexthop": "Următorul hop",
"password": "Parolă",
"password_repeat": "Confirmă parolă (repetă)",
"previous": "Pagina precedentă",
"private_comment": "Comentariu privat",
"public_comment": "Comentariu public",
"pushover": "Pushover",
"pushover_evaluate_x_prio": "Escalează e-mailurile cu prioritate înaltă [<code>X-Priority: 1</code>]",
"pushover_info": "Setările de notificare push se vor aplica tuturor e-mailurilor curate (non-spam) livrate la <b>% s </b> inclusiv aliasuri (partajate, care nu sunt partajate, etichetate).",
"pushover_only_x_prio": "Luați în considerare doar e-mailurile cu prioritate înaltă [<code>X-Priority: 1</code>]",
@ -586,6 +596,8 @@
"sieve_desc": "Descriere scurtă",
"sieve_type": "Tip filtru",
"skipcrossduplicates": "Sari peste mesajele duplicate din toate folderele (primul venit, primul servit)",
"sogo_access": "Acordați acces direct de conectare la SOGo",
"sogo_access_info": "Conectarea unică din interfața de administrare a e-mailului continuă să funcționeze. Această setare nu afectează accesul la toate celelalte servicii și nici nu șterge sau modifică profilul SOGo existent al unui utilizator.",
"sogo_visible": "Aliasul este vizibil în SOGo",
"sogo_visible_info": "Această opțiune afectează doar obiecte, care pot fi afișate în SOGo (adrese alias partajate sau ne-partajate cu cel puțin o căsuță poștală locală). Dacă este ascuns, un alias nu va apărea ca expeditor selectabil în SOGo.",
"spam_alias": "Crează sau modifică adrese alias limitate în funcție de timp",
@ -603,6 +615,21 @@
"username": "Nume de utilizator",
"validate_save": "Validează și salvează"
},
"fido2": {
"set_fn": "Setați un nume prietenos",
"fn": "Nume prietenos",
"rename": "redenumiți",
"confirm": "Confirmați",
"register_status": "Starea înregistrării",
"known_ids": "ID-uri cunoscute",
"none": "Dezactivat",
"set_fido2": "Înregistrați dispozitivul FIDO2",
"set_fido2_touchid": "Înregistrați Touch ID pe Apple M1",
"start_fido2_validation": "Începeți validarea FIDO2",
"fido2_auth": "Conectați-vă cu FIDO2",
"fido2_success": "Dispozitivul a fost înregistrat cu succes",
"fido2_validation_failed": "Validarea a eșuat"
},
"footer": {
"cancel": "Anulează",
"confirm_delete": "Confirmă ștergerea",
@ -664,6 +691,7 @@
"alias_domain_alias_hint": "Aliasurile <b>nu</b> sunt aplicate automat pe domeniile alias. O adresă alias <code>aliasul-meu@domeniu</code> <b>nu</b> acoperă adresa <code>aliasul-meu@domeniu-alias</code> (unde \"domeniu-alias\" este un domeniu alias imaginar pentru \"domeniu\").<br>Vă rugăm să utilizați un filtru sită pentru a redirecționa poșta către o căsuță poștală externă (consultați zona \"Filtre\" sau utilizați SOGo -> Redirecționare).",
"alias_domain_backupmx": "Alias domeniu inactiv pentru domeniu releu",
"aliases": "Aliasuri",
"all_domains": "Toate Domeniile",
"allow_from_smtp": "Permiteți acestor adrese IP să utilizeze numai <b>SMTP</b>",
"allow_from_smtp_info": "Lăsați gol pentru a permite tuturor expeditorilor.<br>Adrese și rețele IPv4/IPv6.",
"allowed_protocols": "Protocoale permise",
@ -687,6 +715,7 @@
"booking_custom_short": "Limită maximă",
"booking_ltnull": "Nelimitat, dar arată ca ocupat atunci când este rezervat",
"booking_lt0_short": "Limită redusă",
"catch_all": "Prinde-Tot",
"daily": "Zilnic",
"deactivate": "Deactivează",
"description": "Descriere",
@ -704,6 +733,8 @@
"filter_table": "Tabel filtre",
"filters": "Filtre",
"fname": "Nume complet",
"goto_ham": "Învață ca <b>ham</b>",
"goto_spam": "Învață ca <b>spam</b>",
"hourly": "Din oră în oră",
"in_use": "În uz (%)",
"inactive": "Inactiv",
@ -736,6 +767,7 @@
"quarantine_notification": "Notificări de carantină",
"quarantine_category": "Categoria notificărilor despre carantină",
"quick_actions": "Acţiuni",
"recipient": "Destinatar",
"recipient_map": "Hartă destinatar",
"recipient_map_info": "Hărțile destinatarilor sunt folosite pentru a înlocui adresa de destinație a unui mesaj înainte de a fi livrat.",
"recipient_map_new": "Destinatar nou",
@ -746,6 +778,7 @@
"remove": "Elimină",
"resources": "Resurse",
"running": "Rulare",
"sender": "Expeditor",
"set_postfilter": "Marchează ca postfiltru",
"set_prefilter": "Marchează ca prefiltru",
"sieve_info": "Poți stoca mai multe filtre pentru fiecare utilizator, dar numai un singur prefiltru și un singur postfiltru pot fi active în același timp.<br>\nFiecare filtru va fi procesat în ordinea descrisă. Nici un script eșuat, nici un \"keep;\" emis nu va opri procesarea altor scripturi.Modificările aduse scripturilor sită globale vor declanșa o repornire a Dovecot.<br>\nPrefilter → User scripts → Postfilter → <a href=\"https://github.com/mailcow/mailcow-dockerized/blob/master/data/conf/dovecot/sieve_after\" target=\"_blank\">global sieve postfilter</a>",
@ -765,6 +798,15 @@
"stats": "Statistici",
"status": "Stare",
"sync_jobs": "Lucrări de sincronizare",
"syncjob_check_log": "Verificați jurnalul",
"syncjob_last_run_result": "Rezultatul ultimei rulări",
"syncjob_EX_OK": "Succes",
"syncjob_EXIT_CONNECTION_FAILURE": "Problemă de conectare",
"syncjob_EXIT_TLS_FAILURE": "Problemă cu conexiunea criptată",
"syncjob_EXIT_AUTHENTICATION_FAILURE": "Problemă de autentificare",
"syncjob_EXIT_OVERQUOTA": "Cutia poștală țintă depășește cota maximă",
"syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Nu se poate conecta la server",
"syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nume de utilizator sau parolă greșite",
"table_size": "Mărime tabel",
"table_size_show_n": "Arată %s articole",
"target_address": "Adresă goto",
@ -848,6 +890,13 @@
"text_plain_content": "Conținut (text/simplu)",
"toggle_all": "Comută toate"
},
"ratelimit": {
"disabled": "Dezactivat",
"second": "mesaje / sec",
"minute": "mesaje / min",
"hour": "mesaje / ora",
"day": "mesaje / zi"
},
"start": {
"help": "Afișează/Ascunde panoul de ajutor",
"imap_smtp_server_auth_info": "Utilizează adresa completă de email și mecanismul de autentificare SIMPLU.<br>\nDatele tale de conectare vor fi criptate prin criptarea obligatorie de la server.",
@ -957,20 +1006,6 @@
"waiting_usb_register": "<i>În așteptarea dispozitivului USB...</i><br><br>Introdu parola ta mai sus și confirmă înregistrarea ta WebAuthn atingând butonul de pe dispozitivul tău USB WebAuthn.",
"yubi_otp": "Autentificare Yubico OTP"
},
"fido2": {
"set_fn": "Setați un nume prietenos",
"fn": "Nume prietenos",
"rename": "redenumiți",
"confirm": "Confirmați",
"register_status": "Starea înregistrării",
"known_ids": "ID-uri cunoscute",
"none": "Dezactivat",
"set_fido2": "Înregistrați dispozitivul FIDO2",
"start_fido2_validation": "Începeți validarea FIDO2",
"fido2_auth": "Conectați-vă cu FIDO2",
"fido2_success": "Dispozitivul a fost înregistrat cu succes",
"fido2_validation_failed": "Validarea a esuat"
},
"user": {
"action": "Acțiune",
"active": "Activ",
@ -987,12 +1022,15 @@
"aliases_also_send_as": "De asemenea, este permis să trimită ca utilizator",
"aliases_send_as_all": "Nu se verifică accesul expeditorului pentru următorul(arele) domeniu(i) și domeniile sale alias",
"app_hint": "Parolele aplicației sunt parole alternative pentru autentificarea IMAP, SMTP, CalDAV, CardDAV și EAS. Numele de utilizator rămâne neschimbat.<br>SOGo nu este disponibil prin parolele aplicației.",
"allowed_protocols": "Protocoale permise",
"app_name": "Nume aplicație",
"app_passwds": "Parole aplicație",
"apple_connection_profile": "Profil de conexiune Apple",
"apple_connection_profile_complete": "Acest profil de conexiune include parametrii IMAP și SMTP, precum și calDAV (calendar) și carduri CardDAV (contacte) pentru dispozitivele Apple.",
"apple_connection_profile_mailonly": "Acest profil de conexiune include parametrii de configurare IMAP și SMTP pentru dispozitivele Apple.",
"apple_connection_profile_with_app_password": "O nouă parolă pentru aplicație este generată și adăugată la profil, astfel încât să nu fie necesară introducerea unei parole la configurarea dispozitivului. Vă rugăm să nu partajați fișierul, deoarece oferă acces deplin la căsuța dvs. poștală.",
"change_password": "Schimbă parola",
"change_password_hint_app_passwords": "Contul dvs. are {{number_of_app_passwords}} parole de aplicație care nu vor fi modificate. Pentru a le gestiona, accesați secțiunea Parole aplicație.",
"clear_recent_successful_connections": "Ștergeți conexiunile reușite văzute",
"client_configuration": "Afișează ghidurile de configurare pentru clienții de email și smartphone-uri",
"create_app_passwd": "Crează parola aplicației",
@ -1003,6 +1041,7 @@
"delete_ays": "Vă rugăm să confirmați stergerea.",
"direct_aliases": "Adrese alias directe",
"direct_aliases_desc": "Adresele alias directe sunt afectate de setările filtrului de spam și ale politicii TLS.",
"direct_protocol_access": "Acest utilizator are <b>acces direct, extern</b> la următoarele protocoale și aplicații. Această setare este controlată de administratorul dvs. Parolele pentru aplicații pot fi create pentru a acorda acces la protocoale și aplicații individuale.<br>Butonul \"Conectați-vă la webmail\" oferă conectare unică la SOGo și este întotdeauna disponibil.",
"eas_reset": "Resetează memoria cache a dispozitivului ActiveSync",
"eas_reset_help": "În multe cazuri, resetarea cache-ului dispozitivului va ajuta la recuperarea unui profil ActiveSync defect.<br><b>Atenţie:</b> Toate elementele vor fi descărcate din nou!",
"eas_reset_now": "Resetează acum",
@ -1096,6 +1135,15 @@
"spamfilter_yellow": "Galben: acest mesaj poate fi spam, va fi etichetat ca spam și va fi mutat în dosarul de junk",
"status": "Stare",
"sync_jobs": "Lucrări de sincronizare",
"syncjob_check_log": "Verificați jurnalul",
"syncjob_last_run_result": "Rezultatul ultimei rulări",
"syncjob_EX_OK": "Succes",
"syncjob_EXIT_CONNECTION_FAILURE": "Problemă de conectare",
"syncjob_EXIT_TLS_FAILURE": "Problemă cu conexiunea criptată",
"syncjob_EXIT_AUTHENTICATION_FAILURE": "Problemă de autentificare",
"syncjob_EXIT_OVERQUOTA": "Cutia poștală țintă depășește cota maximă",
"syncjob_EXIT_CONNECTION_FAILURE_HOST1": "Nu se poate conecta la server",
"syncjob_EXIT_AUTHENTICATION_FAILURE_USER1": "Nume de utilizator sau parolă greșite",
"tag_handling": "Setează manevrarea pentru mailurile etichetate",
"tag_help_example": "Exemplu pentru o adresă de email etichetată: me<b>+Facebook</b>@example.org",
"tag_help_explain": "În subfolder: un nou subfolder numit după etichetă va fi creat sub INBOX (\"INBOX/Facebook\").<br>\nÎn subiect: numele etichetelor va fi prefixat la subiectul mailurilor, de exemplu: \"[Facebook] My News\".",
@ -1115,6 +1163,7 @@
"week": "săptămână",
"weekly": "Săptămânal",
"weeks": "săptămâni",
"with_app_password": "cu parola aplicație",
"year": "an",
"years": "ani"
},

View File

@ -80,7 +80,7 @@
"password": "Heslo",
"password_repeat": "Potvrdzovacie heslo (zopakovať)",
"port": "Port",
"post_domain_add": "SOGo kontajner, \"sogo-mailcow\", musí byť reštartovaný po pridaní novej domény!<br>",
"post_domain_add": "SOGo kontajner, \"sogo-mailcow\", musí byť reštartovaný po pridaní novej domény!<br><br>Okrem toho by sa mala skontrolovať konfigurácia DNS domény. Ak je konfigurácia v poriadku, reštartujte \"acme-mailcow\", aby sa automaticky vygenerovali certifikáty pre vašu novú doménu (autoconfig.&lt;domain&gt;, autodiscover.&lt;domain&gt;).<br>Tento krok je voliteľný a bude sa opakovať každých 24 hodín.",
"private_comment": "Súkromný komentár",
"public_comment": "Verejný komentár",
"quota_mb": "Kvóta (MiB)",
@ -323,7 +323,7 @@
"to_top": "Naspať navrch",
"transport_dest_format": "Regulárny výraz alebo syntax: example.org, .example.org, *, box@example.org (viacero hodnôt môžu byť oddelené čiarkou)",
"transport_maps": "Transportné Mapy",
"transport_test_rcpt_info": "&#8226; Na otestovanie odchádzajúcej pošty je možné použiť null@hosted.mailcow.de ako adresáta",
"transport_test_rcpt_info": "&#8226; Na otestovanie odchádzajúcej pošty je možné použiť null@hosted.mailcow.de ako adresáta.",
"transports_hint": "&#8226; Záznam v transportnej mape <b>prevažuje</b> nad transportnou mapou pre odosielanie</b>.<br>\r\n&#8226; Prenos na základe MX je preferovaná voľba.<br>\r\n&#8226; Nastavenie TLS pre používateľa je ignorované a môže byť vynútené TLS mapovaním.<br>\r\n&#8226; Transportná služba je definovaná vždy \"smtp:\" a použije TLS ak to bude umožnené. Wrapped TLS (SMTPS) nie je podporované.<br>\r\n&#8226; Adresy ktoré sa rovnajú hodnote \"/localhost$/\" budú vždy transportované cez \"local:\" a nebudú použité pre cieľový záznam \"*\".<br>\r\n&#8226; Po zadaní prihlasovacích údajov pre ďalší skok \"[host]:25\", Postfix <b>vždy</b> hľadá \"host\" a následne \"[host]:25\". Táto vlastnosť znemožňuje používať \"host\" a \"[host]:25\" naraz.",
"ui_footer": "Pätička (HTML povolené)",
"ui_header_announcement": "Oznámenie",
@ -394,9 +394,9 @@
"invalid_recipient_map_old": "Neplatná pôvodná mapa príjemcu: %s",
"ip_list_empty": "Zoznam povolených IP nemôže byť prázdny",
"is_alias": "%s je už používané ako alias adresa",
"is_alias_or_mailbox": "%s je už používaná ako adresa aliasu, mailovej schránky alebo aliasu odvodeného z aliasu domény",
"is_alias_or_mailbox": "%s je už používaná ako adresa aliasu, mailovej schránky alebo aliasu odvodeného z aliasu domény.",
"is_spam_alias": "%s je už používaná ako adresa dočasného aliasu (spam alias adresa)",
"last_key": "Posledný kľúč nemôže byť vymazaný, deaktivujte najprv TFA",
"last_key": "Posledný kľúč nemôže byť vymazaný, deaktivujte najprv TFA.",
"login_failed": "Prihlásenie zlyhalo",
"mailbox_defquota_exceeds_mailbox_maxquota": "Predvolená kvóta presahuje max. kvótu mailovej schránky",
"mailbox_invalid": "Meno mailovej schránky je neplatné",
@ -638,7 +638,7 @@
"restart_container": "Reštartovať kontajner",
"restart_container_info": "<b>Dôležité:</b> Reštartovanie môže trvať dlhšie, čakajte prosím ...",
"restart_now": "Reštartuj teraz",
"restarting_container": "Prebieha reštartovanie kontajnera, čakajte prosím ..."
"restarting_container": "Prebieha reštartovanie kontajnera, čakajte prosím"
},
"header": {
"administration": "Konfigurácia & Detaily",
@ -741,7 +741,7 @@
"last_run_reset": "Znovu naplánovať",
"mailbox": "Mailová schránka",
"mailbox_defaults": "Predvolené nastavenia",
"mailbox_defaults_info": "Definuje predvolené nastavenia pre nové schránky",
"mailbox_defaults_info": "Definuje predvolené nastavenia pre nové schránky.",
"mailbox_defquota": "Predvolená veľkosť schránky",
"mailbox_quota": "Max. veľkosť schránky",
"mailboxes": "Mailové schránky",
@ -815,7 +815,7 @@
"tls_map_policy": "Podmienky",
"tls_policy_maps": "Mapy TLS pravidiel",
"tls_policy_maps_enforced_tls": "Tieto politiky prepisujú používateľské nastavenia pre mailové schránky ktoré majú vynútene odchodzie TLS pripojenie. Ak nižšie nie sú uvedené žiadne pravidlá, budú použité ako východzie pravidlá <code>smtp_tls_mandatory_protocols</code> a <code>smtp_tls_mandatory_ciphers</code>.",
"tls_policy_maps_info": "Táto mapa prevažuje nad TLS pravidlami nezávisle od TLS pravidiel jednotlivých používateľov.<br>\r\n Viac informácií navštívte <a href=\"http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps\" target=\"_blank\"> info k \"smtp_tls_policy_maps\" </a>",
"tls_policy_maps_info": "Táto mapa prevažuje nad TLS pravidlami nezávisle od TLS pravidiel jednotlivých používateľov.<br>\nPre viac informácií navštívte <a href=\"http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps\" target=\"_blank\"> postfix \"smtp_tls_policy_maps\"</a>.",
"tls_policy_maps_long": "Prepisovanie TLS pravidiel pre odosielanie",
"toggle_all": "Označiť všetky",
"username": "Používateľské meno",
@ -1069,8 +1069,8 @@
"never": "Nikdy",
"new_password": "Nové heslo",
"new_password_repeat": "Potvrdiť heslo (opakovať)",
"no_active_filter": "Nie je dostupný žiadny aktívny filter.",
"no_last_login": "Žiadne informácie o UI prihlásení.",
"no_active_filter": "Nie je dostupný žiadny aktívny filter",
"no_last_login": "Žiadny záznam o prihlásení cez web",
"no_record": "Žiaden záznam",
"open_logs": "Otvoriť záznam",
"open_webmail_sso": "Prihláste sa do webmailu",

View File

@ -75,7 +75,12 @@ elseif (isset($_SERVER['HTTP_X_ORIGINAL_URI']) && strcasecmp(substr($_SERVER['HT
session_start();
// extract email address from "/SOGo/so/user@domain/xy"
$url_parts = explode("/", $_SERVER['HTTP_X_ORIGINAL_URI']);
$email = $url_parts[3];
$email_list = array(
$url_parts[3], // Requested mailbox
($_SESSION['mailcow_cc_username'] ?? ''), // Current user
($_SESSION["dual-login"]["username"] ?? ''), // Dual login user
);
foreach($email_list as $email) {
// check if this email is in session allowed list
if (
!empty($email) &&
@ -91,6 +96,7 @@ elseif (isset($_SERVER['HTTP_X_ORIGINAL_URI']) && strcasecmp(substr($_SERVER['HT
exit;
}
}
}
// if username is empty, SOGo will use the normal login methods / login form
header("X-User: ");

View File

@ -38,6 +38,7 @@
<div class="row">
<div class="col-md-12">
<div class="tab-content" style="padding-top:20px">
{% include 'admin/tab-config-admins.twig' %}
{% include 'admin/tab-ldap.twig' %}
{% include 'admin/tab-config-oauth2.twig' %}
@ -54,6 +55,7 @@
{% include 'admin/tab-sys-mails.twig' %}
{% include 'admin/tab-mailq.twig' %}
{% include 'admin/tab-globalfilter-regex.twig' %}
</div>
</div> <!-- /col-md-12 -->
</div> <!-- /row -->

View File

@ -1,4 +1,3 @@
<div class="tab-content" style="padding-top:20px">
<div role="tabpanel" class="tab-pane active" id="tab-config-admins">
<div class="panel panel-danger">
<div class="panel-heading xs-show">{{ lang.admin.admin_details }}</div>
@ -63,6 +62,7 @@
{% include 'fido2.twig' %}
</table>
</div>
</div>
<br>
</div>
</div>
@ -221,8 +221,6 @@
</div>
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading xs-show">{{ lang.admin.domain_admins }}</div>
<div class="panel-body">
@ -248,3 +246,4 @@
</div>
</div>
</div>

View File

@ -423,6 +423,14 @@ function recursiveBase64StrToArrayBuffer(obj) {
{% if ui_texts.ui_footer %}
<hr><span class="rot-enc">{{ ui_texts.ui_footer|rot13|raw }}</span>
{% endif %}
{% if mailcow_cc_username and mailcow_info.version_tag|default %}
<span class="version">
🐮 + 🐋 = 💕
<a href="{{ mailcow_info.git_project_url }}/releases/tag/{{ mailcow_info.version_tag }}" target="_blank">
Version: {{ mailcow_info.version_tag }}
</a>
</span>
{% endif %}
</div>
</body>
</html>

View File

@ -39,7 +39,7 @@
<div class="col-sm-12">
<div class="form-group">
<label for="text">{{ lang.user.pushover_sender_array|raw }}</label>
<input type="text" class="form-control" name="senders" value="{{ pushover_data.token }}" placeholder="sender1@example.com, sender2@example.com">
<input type="text" class="form-control" name="senders" value="{{ pushover_data.senders }}" placeholder="sender1@example.com, sender2@example.com">
</div>
</div>
<div class="col-sm-12">

View File

@ -2,7 +2,7 @@ version: '2.1'
services:
unbound-mailcow:
image: mailcow/unbound:1.14
image: mailcow/unbound:1.15
environment:
- TZ=${TZ}
volumes:
@ -58,7 +58,7 @@ services:
- redis
clamd-mailcow:
image: mailcow/clamd:1.42
image: mailcow/clamd:1.43
restart: always
dns:
- ${IPV4_NETWORK:-172.22.1}.254
@ -157,7 +157,7 @@ services:
- ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
- MASTER=${MASTER:-y}
- DEV_MODE=${DEV_MODE:-n}
- WEBAUTHN_RESPECT_ROOTCA=${WEBAUTHN_RESPECT_ROOTCA:-n}
- WEBAUTHN_ONLY_TRUSTED_VENDORS=${WEBAUTHN_ONLY_TRUSTED_VENDORS:-n}
restart: always
networks:
mailcow-network:
@ -165,7 +165,7 @@ services:
- phpfpm
sogo-mailcow:
image: mailcow/sogo:1.104
image: mailcow/sogo:1.106
environment:
- DBNAME=${DBNAME}
- DBUSER=${DBUSER}
@ -200,7 +200,7 @@ services:
ofelia.job-exec.sogo_sessions.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool expire-sessions $${SOGO_EXPIRE_SESSION} || exit 0\""
ofelia.job-exec.sogo_ealarms.schedule: "@every 1m"
ofelia.job-exec.sogo_ealarms.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-ealarms-notify -p /etc/sogo/sieve.creds || exit 0\""
ofelia.job-exec.sogo_eautoreply.schedule: "@every 24h"
ofelia.job-exec.sogo_eautoreply.schedule: "@every 5m"
ofelia.job-exec.sogo_eautoreply.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.creds || exit 0\""
ofelia.job-exec.sogo_backup.schedule: "@every 24h"
ofelia.job-exec.sogo_backup.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool backup /sogo_backup ALL || exit 0\""
@ -212,7 +212,7 @@ services:
- sogo
dovecot-mailcow:
image: mailcow/dovecot:1.158
image: mailcow/dovecot:1.159
depends_on:
- mysql-mailcow
dns:
@ -385,7 +385,7 @@ services:
acme-mailcow:
depends_on:
- nginx-mailcow
image: mailcow/acme:1.80
image: mailcow/acme:1.81
dns:
- ${IPV4_NETWORK:-172.22.1}.254
environment:
@ -421,7 +421,7 @@ services:
- acme
netfilter-mailcow:
image: mailcow/netfilter:1.45
image: mailcow/netfilter:1.46
stop_grace_period: 30s
depends_on:
- dovecot-mailcow
@ -444,7 +444,7 @@ services:
- /lib/modules:/lib/modules:ro
watchdog-mailcow:
image: mailcow/watchdog:1.95
image: mailcow/watchdog:1.96
dns:
- ${IPV4_NETWORK:-172.22.1}.254
tmpfs:
@ -506,7 +506,7 @@ services:
- watchdog
dockerapi-mailcow:
image: mailcow/dockerapi:1.40
image: mailcow/dockerapi:1.41
security_opt:
- label=disable
restart: always
@ -524,7 +524,7 @@ services:
- dockerapi
solr-mailcow:
image: mailcow/solr:1.8
image: mailcow/solr:1.8.1
restart: always
volumes:
- solr-vol-1:/opt/solr/server/solr/dovecot-fts/data:Z
@ -540,7 +540,7 @@ services:
- solr
olefy-mailcow:
image: mailcow/olefy:1.8
image: mailcow/olefy:1.8.1
restart: always
environment:
- TZ=${TZ}
@ -561,6 +561,7 @@ services:
image: mcuadros/ofelia:latest
restart: always
command: daemon --docker
environment:
- TZ=${TZ}
depends_on:
- sogo-mailcow

View File

@ -344,10 +344,10 @@ DOVECOT_MASTER_PASS=
# https://mailcow.github.io/mailcow-dockerized-docs/debug-reset_tls/
ACME_CONTACT=
# Enable webauthn device manufacturer verification
# After setting WEBAUTHN_RESPECT_ROOTCA=y only devices from trusted manufacturers are allowed
# WebAuthn device manufacturer verification
# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed
# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates
WEBAUTHN_RESPECT_ROOTCA=n
WEBAUTHN_ONLY_TRUSTED_VENDORS=n
EOF
@ -361,3 +361,19 @@ echo "Generating snake-oil certificate..."
openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}" -sha256 -nodes
echo "Copying snake-oil certificate..."
cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/
# Set app_info.inc.php
mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
if [ $? -eq 0 ]; then
mailcow_git_url=$(git config --get remote.origin.url)
echo '<?php' > data/web/inc/app_info.inc.php
echo ' $MAILCOW_GIT_VERSION="'$mailcow_git_version'";' >> data/web/inc/app_info.inc.php
echo ' $MAILCOW_GIT_URL="'$mailcow_git_url'";' >> data/web/inc/app_info.inc.php
echo '?>' >> data/web/inc/app_info.inc.php
else
echo '<?php' > data/web/inc/app_info.inc.php
echo ' $MAILCOW_GIT_VERSION="";' >> data/web/inc/app_info.inc.php
echo ' $MAILCOW_GIT_URL="";' >> data/web/inc/app_info.inc.php
echo '?>' >> data/web/inc/app_info.inc.php
echo -e "\e[33mCannot determine current git repository version...\e[0m"
fi

View File

@ -307,7 +307,7 @@ CONFIG_ARRAY=(
"ADDITIONAL_SERVER_NAMES"
"ACME_CONTACT"
"WATCHDOG_VERBOSE"
"WEBAUTHN_RESPECT_ROOTCA"
"WEBAUTHN_ONLY_TRUSTED_VENDORS"
)
sed -i --follow-symlinks '$a\' mailcow.conf
@ -515,12 +515,12 @@ for option in ${CONFIG_ARRAY[@]}; do
echo '# https://mailcow.github.io/mailcow-dockerized-docs/debug-reset-tls/' >> mailcow.conf
echo 'ACME_CONTACT=' >> mailcow.conf
fi
elif [[ ${option} == "WEBAUTHN_RESPECT_ROOTCA" ]]; then
elif [[ ${option} == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
if ! grep -q ${option} mailcow.conf; then
echo "# Enable webauthn device manufacturer verification" >> mailcow.conf
echo '# After setting WEBAUTHN_RESPECT_ROOTCA=y only devices from trusted manufacturers are allowed' >> mailcow.conf
echo "# WebAuthn device manufacturer verification" >> mailcow.conf
echo '# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed' >> mailcow.conf
echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf
echo 'WEBAUTHN_RESPECT_ROOTCA=n' >> mailcow.conf
echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf
fi
elif [[ ${option} == "WATCHDOG_VERBOSE" ]]; then
if ! grep -q ${option} mailcow.conf; then
@ -719,6 +719,22 @@ if [ -f "data/conf/rspamd/local.d/metrics.conf" ]; then
mv data/conf/rspamd/local.d/metrics.conf data/conf/rspamd/local.d/metrics.conf_deprecated
fi
# Set app_info.inc.php
mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
if [ $? -eq 0 ]; then
mailcow_git_url=$(git config --get remote.origin.url)
echo '<?php' > data/web/inc/app_info.inc.php
echo ' $MAILCOW_GIT_VERSION="'$mailcow_git_version'";' >> data/web/inc/app_info.inc.php
echo ' $MAILCOW_GIT_URL="'$mailcow_git_url'";' >> data/web/inc/app_info.inc.php
echo '?>' >> data/web/inc/app_info.inc.php
else
echo '<?php' > data/web/inc/app_info.inc.php
echo ' $MAILCOW_GIT_VERSION="";' >> data/web/inc/app_info.inc.php
echo ' $MAILCOW_GIT_URL="";' >> data/web/inc/app_info.inc.php
echo '?>' >> data/web/inc/app_info.inc.php
echo -e "\e[33mCannot determine current git repository version...\e[0m"
fi
if [[ ${SKIP_START} == "y" ]]; then
echo -e "\e[33mNot starting mailcow, please run \"docker-compose up -d --remove-orphans\" to start mailcow.\e[0m"
else