[Rspamd] Apply ratelimit against authenticated user instead of envelope from

[PHP-FPM] Create PHP-FPM listeners 9001 (system) and 9002 (web), drop 9000
[Rspamd] Parse quarantine messages as utf8
[Rspamd] Use new schema for Rspamd bayes hashes and expire them in Redis
[SOGo] Change default logo
[SOGo] Use different keyserver by default in Dockerfile
[Rspamd] Add bad ASN list (disabled by default)
[Watchdog] Change the way we check PHP-FPM, change SOGo check
[Nginx] Change ports according to new PHP-FPM listeners
[Update] Fix PHP-FPM ports for existing non-mailcow Nginx sites
This commit is contained in:
André 2018-04-26 13:51:55 +02:00
parent f53006f6ab
commit 7181ee4658
15 changed files with 193 additions and 230 deletions

View File

@ -1,84 +1,78 @@
FROM php:7.1-fpm-alpine FROM php:7.2-fpm-alpine3.7
LABEL maintainer "Andre Peters <andre.peters@servercow.de>" LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
ENV REDIS_PECL 3.1.6 ENV APCU_PECL 5.1.10
ENV MEMCACHED_PECL 3.0.4
ENV APCU_PECL 5.1.9
ENV IMAGICK_PECL 3.4.3 ENV IMAGICK_PECL 3.4.3
ENV MAILPARSE_PECL 3.0.2 ENV MAILPARSE_PECL 3.0.2
ENV MEMCACHED_PECL 3.0.4
ENV REDIS_PECL 3.1.6
RUN apk add -U --no-cache libxml2-dev \ RUN apk add -U --no-cache autoconf \
icu-dev \ bash \
imap-dev \ c-client \
libmemcached-dev \ cyrus-sasl-dev \
cyrus-sasl-dev \
pcre-dev \
icu-libs \
redis \
mysql-client \
bash \
autoconf \
g++ \
make \
openssl \
openssl-dev \
samba-client \
libpng \
libpng-dev \
libjpeg-turbo-dev \
libwebp-dev \
zlib-dev \
libxpm-dev \
c-client \
imagemagick-dev \
imagemagick \
libtool \
freetype \ freetype \
libpng \
libjpeg-turbo \
freetype-dev \ freetype-dev \
libpng-dev \ g++ \
libjpeg-turbo-dev\
gettext-dev \ gettext-dev \
openldap-dev \ icu-dev \
icu-libs \
imagemagick \
imagemagick-dev \
imap-dev \
libjpeg-turbo \
libjpeg-turbo-dev \
libmemcached-dev \
libpng \
libpng-dev \
libressl \
libressl-dev \
librsvg \ librsvg \
libtool \
libwebp-dev \
libxml2-dev \
libxpm-dev \
make \
mysql-client \
openldap-dev \
pcre-dev \
redis \
samba-client \
zlib-dev \
&& pear install channel://pear.php.net/Net_IDNA2-0.2.0 \ && pear install channel://pear.php.net/Net_IDNA2-0.2.0 \
channel://pear.php.net/Auth_SASL-1.1.0 \ channel://pear.php.net/Auth_SASL-1.1.0 \
Net_IMAP \ Net_IMAP \
Net_Sieve \ Net_Sieve \
NET_SMTP \ NET_SMTP \
Mail_mime \ Mail_mime \
&& pecl install redis-${REDIS_PECL} memcached-${MEMCACHED_PECL} APCu-${APCU_PECL} imagick-${IMAGICK_PECL} mailparse-${MAILPARSE_PECL} \ && pecl install redis-${REDIS_PECL} memcached-${MEMCACHED_PECL} APCu-${APCU_PECL} imagick-${IMAGICK_PECL} mailparse-${MAILPARSE_PECL} \
&& docker-php-ext-enable redis apcu memcached imagick mailparse \ && docker-php-ext-enable apcu imagick mailparse memcached redis \
&& pecl clear-cache \ && pecl clear-cache \
&& docker-php-ext-configure intl \ && docker-php-ext-configure intl \
&& docker-php-ext-configure gd \ && docker-php-ext-configure gd \
--with-gd \ --with-gd \
--enable-gd-native-ttf \ --enable-gd-native-ttf \
--with-freetype-dir=/usr/include/ \ --with-freetype-dir=/usr/include/ \
--with-png-dir=/usr/include/ \ --with-png-dir=/usr/include/ \
--with-jpeg-dir=/usr/include/ \ --with-jpeg-dir=/usr/include/ \
&& docker-php-ext-install -j 4 intl gettext ldap sockets soap pdo pdo_mysql xmlrpc gd zip pcntl opcache \ && docker-php-ext-install -j 4 gd gettext intl ldap opcache pcntl pdo pdo_mysql soap sockets xmlrpc zip \
&& docker-php-ext-configure imap --with-imap --with-imap-ssl \ && docker-php-ext-configure imap --with-imap --with-imap-ssl \
&& docker-php-ext-install -j 4 imap \ && docker-php-ext-install -j 4 imap \
&& apk del --purge autoconf \ && apk del --purge autoconf \
g++ \ cyrus-sasl-dev \
make \ freetype-dev \
libxml2-dev \ g++ \
icu-dev \ icu-dev \
imap-dev \ imagemagick-dev \
openssl-dev \ imap-dev \
cyrus-sasl-dev \ libjpeg-turbo-dev \
pcre-dev \ libpng-dev \
libpng-dev \ libressl-dev \
libpng-dev \ libwebp-dev \
libjpeg-turbo-dev \ libxml2-dev \
libwebp-dev \ make \
zlib-dev \ pcre-dev \
imagemagick-dev \ zlib-dev
freetype-dev \
libpng-dev \
libjpeg-turbo-dev
COPY ./docker-entrypoint.sh / COPY ./docker-entrypoint.sh /

View File

@ -28,7 +28,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
RUN mkdir /usr/share/doc/sogo \ RUN mkdir /usr/share/doc/sogo \
&& touch /usr/share/doc/sogo/empty.sh \ && touch /usr/share/doc/sogo/empty.sh \
&& apt-key adv --keyserver keys.gnupg.net --recv-key 0x810273C4 \ && apt-key adv --keyserver keyserver.ubuntu.com --recv-key 0x810273C4 \
&& echo "deb http://packages.inverse.ca/SOGo/nightly/4/debian/ stretch stretch" > /etc/apt/sources.list.d/sogo.list \ && echo "deb http://packages.inverse.ca/SOGo/nightly/4/debian/ stretch stretch" > /etc/apt/sources.list.d/sogo.list \
&& apt-get update && apt-get install -y --force-yes \ && apt-get update && apt-get install -y --force-yes \
sogo \ sogo \

View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Generator: Adobe Illustrator 17.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) --> <!-- Generator: Adobe Illustrator 16.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg <svg
xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dc="http://purl.org/dc/elements/1.1/"
@ -13,17 +13,17 @@
id="Layer_1" id="Layer_1"
x="0px" x="0px"
y="0px" y="0px"
width="392.82242" width="640px"
height="201.049" height="350px"
viewBox="0 0 392.82241 201.049" viewBox="78.712 58.488 640 350"
enable-background="new 0 0 1600 1200" style="enable-background:new 78.712 58.488 640 350;"
xml:space="preserve" xml:space="preserve"
inkscape:version="0.91 r13725" inkscape:version="0.91 r13725"
sodipodi:docname="sogo-full.svg"><metadata sodipodi:docname="sogo-full.svg"><metadata
id="metadata144"><rdf:RDF><cc:Work id="metadata9"><rdf:RDF><cc:Work
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title></dc:title></cc:Work></rdf:RDF></metadata><defs rdf:resource="http://purl.org/dc/dcmitype/StillImage" /></cc:Work></rdf:RDF></metadata><defs
id="defs142" /><sodipodi:namedview id="defs7" /><sodipodi:namedview
pagecolor="#ffffff" pagecolor="#ffffff"
bordercolor="#666666" bordercolor="#666666"
borderopacity="1" borderopacity="1"
@ -32,129 +32,17 @@
guidetolerance="10" guidetolerance="10"
inkscape:pageopacity="0" inkscape:pageopacity="0"
inkscape:pageshadow="2" inkscape:pageshadow="2"
inkscape:window-width="1097" inkscape:window-width="1721"
inkscape:window-height="1138" inkscape:window-height="1177"
id="namedview140" id="namedview5"
showgrid="false" showgrid="false"
inkscape:zoom="1.1125147" inkscape:zoom="0.59375"
inkscape:cx="206.04418" inkscape:cx="320"
inkscape:cy="194.82483" inkscape:cy="175"
inkscape:window-x="814" inkscape:window-x="-8"
inkscape:window-y="0" inkscape:window-y="-8"
inkscape:window-maximized="0" inkscape:window-maximized="1"
inkscape:current-layer="Layer_1" inkscape:current-layer="Layer_1" /><path
fit-margin-top="0" style="fill:#1976d2;fill-opacity:0.71428573"
fit-margin-left="0" d="M648.541,145.679c-9.947,0-17.009-7.278-17.009-17.048c0-9.777,7.062-17.057,17.009-17.057 c10.024,0,17.086,7.279,17.086,17.057C665.627,138.401,658.565,145.679,648.541,145.679z M648.511,94.893 c-19.693,0-33.679,14.4-33.679,33.738c0,19.33,13.985,33.729,33.679,33.729c19.822,0,33.808-14.4,33.808-33.729 C682.318,109.293,668.333,94.893,648.511,94.893z M648.482,179.843c-29.889,0-51.123-21.868-51.123-51.212 c0-29.353,21.234-51.209,51.123-51.209c30.082,0,51.307,21.856,51.307,51.209C699.789,157.975,678.564,179.843,648.482,179.843z M648.442,58.488c-40.929,0-69.995,29.946-69.995,70.143c0,40.189,29.066,70.125,69.995,70.125c41.194,0,70.27-29.937,70.27-70.125 C718.712,88.434,689.637,58.488,648.442,58.488z M158.166,183.902l-21.018-5.008c-19.131-4.396-28.849-9.413-28.849-23.21 c0-15.684,15.99-21.965,30.419-21.965c14.667,0,25.382,7.329,31.693,18.737c0.02,0.048,0.051,0.097,0.09,0.157 c0.127,0.247,0.276,0.484,0.403,0.731l0.03-0.02c1.985,3.002,5.323,5.008,8.919,5.008c6.122,0,10.558-4.425,10.558-10.547 c0-2.341-0.504-4.82-1.601-6.688c-10.764-18.302-28.513-26.192-48.838-26.192c-27.594,0-54.262,13.797-54.262,44.218 c0,27.921,27.605,36.079,37.64,38.578l20.069,4.71c15.368,3.763,27.912,8.791,27.912,23.517c0,16.938-17.561,23.943-34.499,23.943 c-17.245,0-30.015-9.37-38.814-22.37h-0.01c-1.956-3-4.988-4.328-8.702-4.328c-5.984,0-10.805,5.185-10.587,11.162 c0.098,2.438,0.909,4.637,2.153,6.405c13.787,20.633,33.728,28.41,55.96,28.41c28.543,0,57.085-13.143,57.085-45.132 C193.918,203.325,178.551,188.613,158.166,183.902z M298.479,250.312c-33.866,0-55.199-25.403-55.199-58.331 c0-32.939,21.333-58.343,55.199-58.343c34.192,0,55.516,25.403,55.516,58.343C353.996,224.91,332.672,250.312,298.479,250.312z M298.479,114.823c-45.471,0-77.777,32.93-77.777,77.158c0,44.217,32.306,77.146,77.777,77.146 c45.786,0,78.093-32.929,78.093-77.146C376.572,147.753,344.266,114.823,298.479,114.823z M518.715,234.312 c-0.771,0.74-1.549,1.472-2.399,2.175c-1.106,1.014-2.391,2.112-3.854,3.208c-8.829,6.391-19.979,10.094-33.017,10.094 c-33.876,0-55.198-25.402-55.198-58.332c0-32.939,21.322-58.342,55.198-58.342c34.183,0,55.506,25.403,55.506,58.342 C534.951,208.653,529.135,223.774,518.715,234.312z M468.097,317.938c2.528,0,5.146-0.168,7.863-0.504 c5.018-0.631,9.588-0.909,13.729-0.909c19.24,0.109,29.036,5.7,34.943,12.158c5.895,6.499,8.168,15.311,8.158,22.796 c0.01,3.586-0.555,6.795-1.177,8.721c-2.944,8.93-8.888,15.002-17.996,19.576c-9.035,4.484-21.095,6.777-33.707,6.757 c-4.514,0-9.105-0.288-13.639-0.831c-8.573-0.987-19.911-4.671-28.13-11.093c-4.138-3.199-6.458-6.991-8.858-11.485 c-2.379-4.514-2.783-9.748-2.783-16.442v-0.742c0-12.346,4.84-20.544,11.051-26.5c3.07-2.904,5.69-5.064,7.99-6.438 c0.366-0.218,0.438-0.416,0.755-0.593C452.39,316.014,459.684,317.968,468.097,317.938z M479.445,114.301 c-45.471,0-77.786,32.929-77.786,77.157c0,29.887,14.765,54.598,38.378,67.489c-0.314,0.314-0.621,0.641-0.916,0.966 c-6.104,6.687-9.226,15.25-9.236,23.913c-0.008,3.821,0.624,7.741,1.977,11.494c-3.062,1.956-6.717,4.634-10.46,8.147 c-9.026,8.408-18.734,22.541-19.021,42.097c-0.01,0.454-0.01,0.829-0.01,1.118c-0.01,10.071,2.379,19.157,6.459,26.774 c6.133,11.466,15.683,19.445,25.539,24.77c9.917,5.334,20.257,8.166,29.273,9.274c5.373,0.643,10.826,0.988,16.268,0.988 c15.151-0.02,30.261-2.578,43.409-9.019c13.085-6.34,24.333-17.253,29.192-32.562c1.443-4.553,2.212-9.719,2.231-15.428 c-0.02-11.595-3.349-25.759-13.767-37.452c-10.421-11.734-27.654-19.566-51.288-19.459c-5.138,0-10.606,0.356-16.426,1.078 c-1.877,0.227-3.596,0.334-5.166,0.334c-7.239-0.048-10.872-2.053-13.036-4.098c-2.133-2.084-3.2-4.839-3.229-8.058 c-0.01-3.28,1.284-6.727,3.467-9.078c2.231-2.332,5.008-3.91,9.846-3.97c0.436,0,0.9,0.01,1.374,0.05 c3.101,0.216,6.112,0.325,9.037,0.325c24.188,0.047,42.38-7.448,54.756-17.759c12.415-10.312,18.971-22.854,22.071-32.76l-0.04-0.01 c3.37-8.899,5.197-18.715,5.197-29.166C557.539,147.229,525.234,114.301,479.445,114.301z"
fit-margin-right="0" id="path3" /></svg>
fit-margin-bottom="0"
borderlayer="true" /><g
id="g3"
transform="translate(-630.29057,-557.81)"
style="opacity:0.108"><g
id="g5"
style=""><g
id="g7"
style=""><g
id="email"
style=""><path
d="m 890.306,557.81 29.26,11.373 0,172.027 c 0,9.753 -7.895,17.649 -17.638,17.649 l -235.998,0 c -9.743,0 -17.638,-7.896 -17.638,-17.649 l 0,-172.026 29.259,-8.937"
id="path10"
inkscape:connector-curvature="0"
style="fill:#4d4d4d" /><path
d="M 758.871,656.221 649.49,747.45 c 2.507,6.648 8.901,11.409 16.44,11.409 l 235.998,0 c 7.536,0 13.933,-4.761 16.444,-11.409 l -107.402,-91.229 -52.099,0 z"
id="path12"
inkscape:connector-curvature="0"
style="fill:#999999;fill-opacity:0.89499996" /><g
id="g14"
style=""><path
d="m 810.391,656.686 107.981,90.764 c -0.331,0.881 -0.744,1.726 -1.205,2.536 l 0.028,0.035 c 1.501,-2.596 2.371,-5.594 2.371,-8.81 l 0,-172.004 -109.175,87.479 z"
id="path16"
inkscape:connector-curvature="0"
style="fill:#b3b3b3;fill-opacity:1" /><path
d="m 649.49,747.45 108.864,-90.764 -110.061,-87.479 0,172.003 c 0,3.216 0.876,6.214 2.367,8.81 l 0.039,-0.035 c -0.466,-0.809 -0.877,-1.654 -1.209,-2.535 z"
id="path18"
inkscape:connector-curvature="0"
style="fill:#b3b3b3;fill-opacity:1" /></g></g><path
d="m 961.81,681.214 c 0,0 -15.232,16.783 -42.244,14.73 l 0,28.14 c 13.328,-5.185 47.061,-20.036 56.854,-40.809 l -14.61,-2.061 z"
id="path20"
inkscape:connector-curvature="0"
style="fill:#666666" /><path
d="m 984.594,658.413 c 3.59,-9.156 7.701,-11 9.346,-11.346 -49.276,4.542 -32.99,38.693 -32.99,38.693 0,0 6.229,14.728 26.532,13.892 27.063,0.461 35.631,-50.166 35.631,-50.166 -6.654,11.655 -26.404,9.876 -38.519,8.927 z"
id="path22"
inkscape:connector-curvature="0"
style="fill:#666666" /><path
d="m 663.708,566.47 c -57.88068,154.362 -28.94034,77.181 0,0 z"
id="path26"
inkscape:connector-curvature="0"
style="opacity:0.1;fill:#3d5263"
sodipodi:nodetypes="cc" /><g
id="g28"
style=""><g
id="g30"
style=""><g
id="g34"
style=""><g
id="g36"
style=""><g
id="g40"
style="" /></g><g
id="g52"
style=""><g
id="g54"
style="" /></g><g
id="g58"
style=""><g
id="g60"
style=""><g
id="g62"
style="" /></g><g
id="g66"
style=""><g
id="g68"
style="" /></g></g><g
id="g72"
style=""><path
d="m 867.815,563.83 c -193.95201,156.122 -96.97601,78.061 0,0 z"
id="path74"
inkscape:connector-curvature="0"
style="fill:#87654a"
sodipodi:nodetypes="cc" /></g><g
id="g76"
style=""><g
id="g78"
style=""><g
id="g80"
style=""><g
id="g82"
style="" /></g></g><g
id="g86"
style=""><g
id="g88"
style=""><g
id="g90"
style="" /></g></g><g
id="g94"
style=""><g
id="g96"
style="" /></g><g
id="g100"
style=""><g
id="g102"
style="" /></g></g></g><path
d="m 786.264,672.409 c -139.58468,83.736 -69.79234,41.868 0,0 z"
id="path110"
inkscape:connector-curvature="0"
style="fill:#f1f2f2"
sodipodi:nodetypes="cc" /></g><g
id="g112"
style="" /></g><path
d="m 919.566,695.944 c 0,0 7.562,0.712 13.317,-0.502 l 13.013,16.12 c 0,0 -17.639,9.525 -26.33,12.523 l 0,-28.141 z"
id="path116"
inkscape:connector-curvature="0"
style="opacity:0.1;fill:#3d5263" /></g><path
d="m 648.292,659.614 0,81.645 c 0,9.72 7.88,17.6 17.6,17.6 l 236.073,0 c 9.72,0 17.6,-7.88 17.6,-17.6 l 0,-24.902 c 10e-4,0 -175.814,35.524 -271.273,-56.743 z"
id="path124"
inkscape:connector-curvature="0"
style="opacity:0.1;fill:#666666" /></g><g
id="g126"
style="" /></g></svg>

Before

Width:  |  Height:  |  Size: 6.5 KiB

After

Width:  |  Height:  |  Size: 5.5 KiB

View File

@ -16,16 +16,16 @@
* Define the Alternative theme * Define the Alternative theme
*/ */
$mdThemingProvider.theme('mailcow') $mdThemingProvider.theme('mailcow')
.primaryPalette('indigo', { .primaryPalette('blue', {
'default': '700', // top toolbar 'default': '700', // top toolbar
'hue-1': '400', 'hue-1': '500',
'hue-2': '600', // sidebar toolbar 'hue-2': '700', // sidebar toolbar
'hue-3': 'A700' 'hue-3': 'A700'
}) })
.accentPalette('indigo', { .accentPalette('blue', {
'default': '500', // fab buttons 'default': '700', // fab buttons
'hue-1': '50', // center list toolbar 'hue-1': '50', // center list toolbar
'hue-2': '400', 'hue-2': '600',
'hue-3': 'A700' 'hue-3': 'A700'
}) })
.backgroundPalette('grey', { .backgroundPalette('grey', {
@ -35,16 +35,16 @@
'hue-3': '300' 'hue-3': '300'
}); });
$mdThemingProvider.theme('default') $mdThemingProvider.theme('default')
.primaryPalette('indigo', { .primaryPalette('blue', {
'default': '700', // top toolbar 'default': '700', // top toolbar
'hue-1': '400', 'hue-1': '500',
'hue-2': '600', // sidebar toolbar 'hue-2': '700', // sidebar toolbar
'hue-3': 'A700' 'hue-3': 'A700'
}) })
.accentPalette('indigo', { .accentPalette('blue', {
'default': '500', // fab buttons 'default': '700', // fab buttons
'hue-1': '50', // center list toolbar 'hue-1': '50', // center list toolbar
'hue-2': '400', 'hue-2': '600',
'hue-3': 'A700' 'hue-3': 'A700'
}) })
.backgroundPalette('grey', { .backgroundPalette('grey', {

View File

@ -128,7 +128,7 @@ sogo_checks() {
host_ip=$(get_container_ip sogo-mailcow) host_ip=$(get_container_ip sogo-mailcow)
err_c_cur=${err_count} err_c_cur=${err_count}
/usr/lib/nagios/plugins/check_http -4 -H ${host_ip} -u /WebServerResources/css/theme-default.css -p 9192 -R md-default-theme 1>&2; err_count=$(( ${err_count} + $? )) /usr/lib/nagios/plugins/check_http -4 -H ${host_ip} -u /WebServerResources/css/theme-default.css -p 9192 -R md-default-theme 1>&2; err_count=$(( ${err_count} + $? ))
/usr/lib/nagios/plugins/check_http -4 -H ${host_ip} -u /SOGo.index/ -p 20000 -R "SOGo\sGroupware" 1>&2; err_count=$(( ${err_count} + $? )) /usr/lib/nagios/plugins/check_http -4 -H ${host_ip} -u /SOGo.index/ -p 20000 -R "SOGo\.MainUI" 1>&2; err_count=$(( ${err_count} + $? ))
[ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1 [ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
[ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} )) [ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))
progress "SOGo" ${THRESHOLD} $(( ${THRESHOLD} - ${err_count} )) ${diff_c} progress "SOGo" ${THRESHOLD} $(( ${THRESHOLD} - ${err_count} )) ${diff_c}
@ -190,8 +190,8 @@ phpfpm_checks() {
while [ ${err_count} -lt ${THRESHOLD} ]; do while [ ${err_count} -lt ${THRESHOLD} ]; do
host_ip=$(get_container_ip php-fpm-mailcow) host_ip=$(get_container_ip php-fpm-mailcow)
err_c_cur=${err_count} err_c_cur=${err_count}
cgi-fcgi -bind -connect ${host_ip}:9000 | grep "Content-type" 1>&2; err_count=$(( ${err_count} + ($? * 2))) nc -z ${host_ip} 9001 ; err_count=$(( ${err_count} + ($? * 2)))
cgi-fcgi -bind -connect ${host_ip}:9001 | grep "Content-type" 1>&2; err_count=$(( ${err_count} + ($? * 2))) nc -z ${host_ip} 9002 ; err_count=$(( ${err_count} + ($? * 2)))
/usr/lib/nagios/plugins/check_ping -4 -H ${host_ip} -w 2000,10% -c 4000,100% -p2 1>&2; err_count=$(( ${err_count} + $? )) /usr/lib/nagios/plugins/check_ping -4 -H ${host_ip} -w 2000,10% -c 4000,100% -p2 1>&2; err_count=$(( ${err_count} + $? ))
[ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1 [ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
[ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} )) [ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))

View File

@ -82,10 +82,13 @@ server {
#Avoid sending the security headers twice #Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true; fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true; fastcgi_param front_controller_active true;
fastcgi_pass phpfpm:9000; fastcgi_pass phpfpm:9002;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
client_max_body_size 10G; client_max_body_size 0;
fastcgi_param PHP_VALUE "max_execution_time = 1200
max_input_time = 1200";
fastcgi_read_timeout 1200;
} }
location ~ ^/(?:updater|ocs-provider)(?:$|/) { location ~ ^/(?:updater|ocs-provider)(?:$|/) {

View File

@ -16,10 +16,13 @@
fastcgi_param HTTPS on; fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true; fastcgi_param front_controller_active true;
fastcgi_pass phpfpm:9000; fastcgi_pass phpfpm:9002;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
fastcgi_request_buffering off; fastcgi_request_buffering off;
client_max_body_size 10G; client_max_body_size 0;
fastcgi_param PHP_VALUE "max_execution_time = 1200
max_input_time = 1200";
fastcgi_read_timeout 1200;
} }
location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) { location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404; try_files $uri/ =404;

View File

@ -10,7 +10,7 @@ server {
client_max_body_size 10M; client_max_body_size 10M;
try_files $uri =404; try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass phpfpm:9000; fastcgi_pass phpfpm:9001;
fastcgi_index pipe.php; fastcgi_index pipe.php;
include fastcgi_params; include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

View File

@ -35,7 +35,6 @@ server {
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; add_header X-Robots-Tag none;
add_header X-Download-Options noopen; add_header X-Download-Options noopen;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
index index.php index.html; index index.php index.html;
@ -76,7 +75,7 @@ server {
location ~ \.php$ { location ~ \.php$ {
try_files $uri =404; try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass phpfpm:9000; fastcgi_pass phpfpm:9002;
fastcgi_index index.php; fastcgi_index index.php;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
@ -96,9 +95,22 @@ server {
expires $expires; expires $expires;
} }
location /lists/ {
proxy_pass http://mm-web:8000/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
expires $expires;
}
location /mm_static {
alias /opt/mm_web-data/static;
}
location ~* ^/Autodiscover/Autodiscover.xml { location ~* ^/Autodiscover/Autodiscover.xml {
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass phpfpm:9000; fastcgi_pass phpfpm:9002;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files /autodiscover.php =404; try_files /autodiscover.php =404;
@ -106,7 +118,7 @@ server {
location ~* ^/Autodiscover/Autodiscover.json { location ~* ^/Autodiscover/Autodiscover.json {
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass phpfpm:9000; fastcgi_pass phpfpm:9002;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files /autodiscover-json.php =404; try_files /autodiscover-json.php =404;
@ -114,7 +126,7 @@ server {
location ~ /(?:m|M)ail/(?:c|C)onfig-v1.1.xml { location ~ /(?:m|M)ail/(?:c|C)onfig-v1.1.xml {
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass phpfpm:9000; fastcgi_pass phpfpm:9002;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files /autoconfig.php =404; try_files /autoconfig.php =404;

View File

@ -0,0 +1,25 @@
[system-worker]
user = www-data
group = www-data
pm = dynamic
pm.max_children = 15
pm.start_servers = 2
pm.min_spare_servers = 2
pm.max_spare_servers = 4
listen = [::]:9001
access.log = /proc/self/fd/2
clear_env = no
catch_workers_output = yes
[web-worker]
user = www-data
group = www-data
pm = dynamic
pm.max_children = 50
pm.start_servers = 2
pm.min_spare_servers = 2
pm.max_spare_servers = 4
listen = [::]:9002
access.log = /proc/self/fd/2
clear_env = no
catch_workers_output = yes

View File

@ -0,0 +1,27 @@
# High spam networks, disabled by default
#201942:5 #Soltia Consulting SL - ipinfo.io
#16276:5 #OVH
#12876:5 #ONLINE S.A.S
#31034:5
#12874:5
#30823:5
#197071:5
#42831:5 #UK Dedicated Servers Ltd
#29119:5 #Aire Networks del Mediterraneo S.L.U.
#13335:5 #Cloudflare
#28753:5 #Leaseweb
#61272:5 #Informacines sistemos ir technologijos
#53755:5 #Input Output Flood LLC
#29422:5 #FICIX Helsinki
#62255:4 #Asmunda New Media Ltd
#14061:4 #Digitalocean
#55293:4 #A2 Hosting
#63018:4 #US Dedicated
#197518:2
#44493:2
#46606:2
#49505:2
#21100:2
#197695:2
#198068:2
#43146:2

View File

@ -27,6 +27,14 @@ KEEP_SPAM {
action = "accept"; action = "accept";
} }
LOCAL_BL_ASN {
require_symbols = "!MAILCOW_WHITE";
type = "asn";
map = "$LOCAL_CONFDIR/custom/bad_asn.map";
score = 5;
description = "Sender's ASN is on the local blacklist";
}
#SPOOFED_SENDER { #SPOOFED_SENDER {
# type = "rcpt"; # type = "rcpt";
# filter = "email:domain:tld"; # filter = "email:domain:tld";

View File

@ -8,6 +8,8 @@ classifier "bayes" {
min_tokens = 11; min_tokens = 11;
min_learns = 20; min_learns = 20;
autolearn = [-20, 50]; autolearn = [-20, 50];
new_schema = true;
expiry = 50d;
per_user = <<EOD per_user = <<EOD
return function(task) return function(task)
local rcpt = task:get_recipients(1) local rcpt = task:get_recipients(1)

View File

@ -59,16 +59,16 @@ rspamd_config:register_symbol({
local redis_params = rspamd_parse_redis_server('dyn_rl') local redis_params = rspamd_parse_redis_server('dyn_rl')
local rspamd_logger = require "rspamd_logger" local rspamd_logger = require "rspamd_logger"
local envfrom = task:get_from(1) local envfrom = task:get_from(1)
if not envfrom then local uname = task:get_user():lower()
if not envfrom or not uname then
return false return false
end end
local env_from_domain = envfrom[1].domain:lower() -- get smtp from domain in lower case local env_from_domain = envfrom[1].domain:lower() -- get smtp from domain in lower case
local env_from_addr = envfrom[1].addr:lower() -- get smtp from addr in lower case
local function redis_cb_user(err, data) local function redis_cb_user(err, data)
if err or type(data) ~= 'string' then if err or type(data) ~= 'string' then
rspamd_logger.infox(rspamd_config, "dynamic ratelimit request for user %s returned invalid or empty data (\"%s\") or error (\"%s\") - trying dynamic ratelimit for domain...", env_from_addr, data, err) rspamd_logger.infox(rspamd_config, "dynamic ratelimit request for user %s returned invalid or empty data (\"%s\") or error (\"%s\") - trying dynamic ratelimit for domain...", uname, data, err)
local function redis_key_cb_domain(err, data) local function redis_key_cb_domain(err, data)
if err or type(data) ~= 'string' then if err or type(data) ~= 'string' then
@ -91,7 +91,7 @@ rspamd_config:register_symbol({
rspamd_logger.infox(rspamd_config, "cannot make request to load ratelimit for domain") rspamd_logger.infox(rspamd_config, "cannot make request to load ratelimit for domain")
end end
else else
rspamd_logger.infox(rspamd_config, "found dynamic ratelimit in redis for user %s with value %s", env_from_addr, data) rspamd_logger.infox(rspamd_config, "found dynamic ratelimit in redis for user %s with value %s", uname, data)
task:insert_result('DYN_RL', 0.0, data) task:insert_result('DYN_RL', 0.0, data)
end end
@ -99,11 +99,11 @@ rspamd_config:register_symbol({
local redis_ret_user = rspamd_redis_make_request(task, local redis_ret_user = rspamd_redis_make_request(task,
redis_params, -- connect params redis_params, -- connect params
env_from_addr, -- hash key uname, -- hash key
false, -- is write false, -- is write
redis_cb_user, --callback redis_cb_user, --callback
'HGET', -- command 'HGET', -- command
{'RL_VALUE', env_from_addr} -- arguments {'RL_VALUE', uname} -- arguments
) )
if not redis_ret_user then if not redis_ret_user then
rspamd_logger.infox(rspamd_config, "cannot make request to load ratelimit for user") rspamd_logger.infox(rspamd_config, "cannot make request to load ratelimit for user")

View File

@ -44,7 +44,8 @@ if (!function_exists('getallheaders')) {
} }
} }
$raw_data = file_get_contents('php://input'); $raw_data_content = file_get_contents('php://input');
$raw_data = mb_convert_encoding($raw_data_content, 'HTML-ENTITIES', "UTF-8");
$headers = getallheaders(); $headers = getallheaders();
$qid = $headers['X-Rspamd-Qid']; $qid = $headers['X-Rspamd-Qid'];