Commit Graph

943 Commits

Author SHA1 Message Date
DerLinkman
ba45f70a30 [NGINX] Added new Proxy Buffers to the /SOGo Section 2022-04-05 22:49:41 +02:00
andryyy
a2ccf7ef03
[Nginx] Fix Nginx buffer sizes by moving parameters to correct location 2022-04-05 22:34:26 +02:00
Niklas Meyer
53a5254897
[SOGo] Update SOGo to 5.5.1
**Includes Database Changes!**

As a preparation for 5.5.2 the database as well as some NGINX Settings have been changed.
2022-04-01 15:20:09 +02:00
Aiko Appeldorn
be9cbcf5ac
[Postfix] update postscreen access list (#4515) 2022-03-23 11:49:46 +01:00
Niklas Meyer
b04faddac4 Modified Buffer Size in site-defaults.conf 2022-03-23 11:14:07 +01:00
Peter
eddaf7a975
Revert "Before update on 2022-03-02_17_04_05"
This reverts commit 24275ffdbf.
2022-03-05 23:31:41 +01:00
andryyy
98bc947d00 [Web] Update composer libs
- Removing symfony/deprecation-contracts (v2.4.0)
  - Upgrading ddeboer/imap (1.12.1 => 1.13.1)
  - Upgrading directorytree/ldaprecord (v2.6.3 => v2.10.1)
  - Upgrading illuminate/contracts (v8.53.1 => v9.3.0)
  - Upgrading nesbot/carbon (2.51.1 => 2.57.0)
  - Upgrading phpmailer/phpmailer (v6.5.0 => v6.6.0)
  - Upgrading psr/container (1.1.1 => 2.0.2)
  - Upgrading psr/log (1.1.4 => 3.0.0)
  - Upgrading psr/simple-cache (1.0.1 => 2.0.0)
  - Upgrading robthree/twofactorauth (1.8.0 => 1.8.1)
  - Upgrading symfony/polyfill-ctype (v1.23.0 => v1.24.0)
  - Upgrading symfony/polyfill-mbstring (v1.23.1 => v1.24.0)
  - Upgrading symfony/polyfill-php80 (v1.23.1 => v1.24.0)
  - Upgrading symfony/translation (v5.3.4 => v6.0.5)
  - Upgrading symfony/translation-contracts (v2.4.0 => v3.0.0)
  - Upgrading symfony/var-dumper (v5.3.6 => v6.0.5)
  - Upgrading tightenco/collect (v8.34.0 => v8.83.2)
  - Upgrading twig/twig (v3.3.2 => v3.3.8)
2022-03-02 20:08:44 +01:00
andryyy
24275ffdbf Before update on 2022-03-02_17_04_05 2022-03-02 20:03:09 +01:00
Niklas Meyer
c520f21d28
🐄 Moorch Update 2022 - ClamAV, Dovecot & Olefy Update (#4497)
* [API] Fix minor issue in api docs

* [GH-Actions][stale] Add neverstale label to exempt list

* [Web] add github version tag

* [Web] add github version tag

* [Web] add github version tag

* [Web] add github version tag

* [Web] add github version tag

* [Web] add github version tag error handling

* [Web] add github version tag error handling

* Passwordless SOGo auth: support for calendar invitations and calendar/contacts subscriptions

Inviting someone to a calendar event triggers a request to /SOGo/so/otheruser@example.com/freebusy.ifb/ajaxRead. Subscribing to someone's calendar/contacts triggers a request to /SOGo/so/otheruser@example.com/foldersSearch. The email address in the URL is different from the logged-in user, which needs to be handled appropriately by sogo-auth.php.

* [Web] add github version tag - adjust css

* [Compose] Update SOGo Autoreply Schedule to 5m

Based on the advice of inverse (SOGo developer). Thanks to https://github.com/jmber

Closes: https://github.com/mailcow/mailcow-dockerized/issues/4436

* [Web] add github version tag - move twig globals

* [Web] add github version tag - missing </div>

* Passwordless SOGo auth: improvements for when accessing other users

* [WebAuthn] fido2 passwordless auth - fix (#4440)

* [WebAuthn] fido2 revert

* [WebAuthn] set UV flags to 'discouraged'

* [WebAuthn] revert - set UV flags to 'discouraged'

* Update clamav to 0.104.2

* Update clamav to 0.104.2

* Update dovecot to 2.3.18

Update gosu to 1.14
Use debian bullseye as base

* [Web] Updated lang.es.json [CI SKIP] (#4453)

Co-authored-by: Fijxu <fijxu@zzls.xyz>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

Co-authored-by: Fijxu <fijxu@zzls.xyz>

* Fix broken documentation links (#4458)

* Fix broken documentation links

* Fix a few more broken documentation links

* Fix broken documentation links in translation files

* Fall back to empty string if WATCHDOG_NOTIFY_EMAIL undefined (#4457)

By default, `.env` (`mailcow.conf`) does not define `WATCHDOG_NOTIFY_EMAIL`.

Using it in `docker-compose.yml` without having it defined leads to Compose v2 displaying this warning on startup:

> WARNING: The WATCHDOG_NOTIFY_EMAIL variable is not set. Defaulting to a blank string.

Related to https://github.com/mailcow/mailcow-dockerized/issues/4315

* [Web] Updated lang.sk.json [CI SKIP] (#4461)

Co-authored-by: Lukáš Matula <lukas@gbely.net>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

Co-authored-by: Lukáš Matula <lukas@gbely.net>

* oletools: disable template injection detection (#4464)

Seems to be causing a lot of false positives lately

* Fix minor typo in comment (#4466)

Correction of the comment, so that the explanation is correct and can be understood.

* Update issue templates to issue forms (#4465)

This PR updates the issue templates to GitHubs new issue forms

* [Web] Fix padding issue in UI admin panel (#4481)

* [Web] fix admin panel padding issue

* [Web] fix admin panel padding issue

* [Web] Updated lang.sk.json [CI SKIP] (#4489)

Co-authored-by: Lukáš Matula <lukas@gbely.net>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

Co-authored-by: Lukáš Matula <lukas@gbely.net>

* increase opcache.interned_strings_buffer to 16 (#4487)

since version 23.0.2 Nextcloud recommends having a value greater than 8 for `opcache.interned_strings_buffer`. As this memory will be only used when needed this should have no impact on installations that are not using nextcloud.

related discussion: https://help.nextcloud.com/t/nextcloud-23-02-opcache-interned-strings-buffer/134007/19
related nextcloud issue: https://github.com/nextcloud/server/issues/31223

* nextcloud - add missing redirections (#4366)

adds missing location directives to the nginx configuration of nextcloud 22, to prevent warnings in nextcloud admin center of missing redirections

* Update imapsync to 2.178 (#4491)

* Update and fix oletools (#4479)

As noticed by @MAGICCC (#4464 (comment)), our olefy image does not work anymore if you rebuild it. This is because @HeinleinSupport recently updated their repository with the changes from @decalage2's repository, which renamed olvba3 to olevba. Since @HeinleinSupport does not recommend using its own patched branch and is very slow in pulling in changes from upstream (@decalage2), let's switch to the latter. This also allowed me to revert #4464.

Finally, a minor patch to rspamd is necessary. While the documentation says

In the extended mode the oletools module will not trigger on specific categories, but will always set a threat string with all found flags when at least a macro was found.

This is not actually true -- it only sets it when suspicious or autoexec threats were detected. But it's a one-line patch to make rspamd behave as documented and we should submit that patch to @rspamd too. With this patch, I have confirmed that Mailcow will reject any incoming, non-whitelisted message containing attachments with macros.

* [Web] Fix excluded domain list in quaratine view

Previously excluded domains from quarantine were not shown.

* [Dovecot] Update syslogng Version to 3.28 (#4496)

Co-authored-by: Niklas Meyer <niklas.meyer@tinc.gmbh>

Co-authored-by: ntimo <git@nowitzki.me>
Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: FreddleSpl0it <patschul@posteo.de>
Co-authored-by: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Co-authored-by: Michael Kuron <mkuron@users.noreply.github.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: Fijxu <fijxu@zzls.xyz>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
Co-authored-by: Lukáš Matula <lukas@gbely.net>
Co-authored-by: Max <mail@heavygale.de>
Co-authored-by: Michael Cramer <michael@bigmichi1.de>
Co-authored-by: Robert Christian <soulsymphonies@users.noreply.github.com>
Co-authored-by: André <andre.peters@debinux.de>
Co-authored-by: Niklas Meyer <niklas.meyer@tinc.gmbh>
2022-03-02 16:32:17 +01:00
andryyy
a5660cdf31 [SOGo] Faster GC: fix for too many SQL connections 2021-12-12 10:42:53 +01:00
andryyy
25cecf5f9d [MariaDB] Further increase connections 2021-11-18 10:55:54 +01:00
Dmitriy Alekseev
95e57e3968
[Rspamd] Return CAB to archive_extensions 2021-11-18 11:47:56 +02:00
Dmitriy Alekseev
54448bfd38
[Rspamd] Adjust CAB score detection
Adjust CAB score detection, as CAB content can't be extracted by Rspamd
2021-11-18 10:14:24 +02:00
andryyy
15c0b3f7b7 [MariaDB] Decrease connection timeout to SOGo worker lifetime + 10s 2021-10-28 21:58:17 +02:00
Dmitriy Alekseev
a26bbff63f
[Rspamd] Enhance SOGo contacts dynmap (#4245)
* [Rspamd] Fix SOGo Contacts Dynmap

1. Lowercase all emails to align with Rspamd
2. Remove dots from gmail.com and change googlemail.com to gmail.com to align with Rspamd per https://github.com/rspamd/rspamd/blob/master/lualib/lua_util.lua#L271-L274

* Update settings.php

Fix case when gmail.com or google.com is stored in contact book not in lowercase

* Update settings.php

Add removing of Tags in emails as Rspamd not count them as part of From
2021-10-23 15:58:06 +00:00
andryyy
408fee4411
[Rspamd] More bulk headers 2021-10-15 19:50:19 +02:00
Dmitriy Alekseev
2c5628c0e5
[Postfix] Tempfail if Rspamd not available
To protect from spam when rspamd hang or not yet ready to serve requests postfix should reject incoming mail with temp error
2021-09-16 22:31:46 +03:00
andryyy
5e5ab6cf40
[Rspamd] Add soft reject to dropped messages for Pushover 2021-09-07 19:39:03 +02:00
andryyy
80fc18c5b4
[Rspamd] Always include watchdog in no_stat and no_log flag symbol 2021-09-07 17:56:20 +02:00
andryyy
c4f70f39b5
[Rspamd] Wrong operator: AND should be OR 2021-09-02 14:14:39 +02:00
andryyy
43121b9287
[Rspamd] Properly cache Rspamd settings map, save a lot of resources 2021-09-02 14:09:50 +02:00
andryyy
bb2351ccf8
[Rspamd] Re-add bad subject maps (_not_ related to previous mem leaks) 2021-09-02 14:09:25 +02:00
andryyy
e616755072
[Web] Fix app password editing, fixes #4239 2021-09-01 18:11:00 +02:00
andryyy
2b89ab919b [Rspamd] Remove IVM-SG script 2021-09-01 17:00:03 +02:00
andryyy
8ee997b1a3
[Rspamd] Base on bullseye; remove nullnull map to _perhaps_ prevent a memleak 2021-09-01 15:21:43 +02:00
andryyy
649a5c0159
[Rspamd] More generous timeout but no retransmit allowed for oletools: prevent further timeouts 2021-08-16 10:17:52 +02:00
andryyy
98a778a059 [Rspamd] Increase task timeout to prevent expensive tasks to cause a timeout; Set max size for macro scans to 3 MiB 2021-08-16 10:01:41 +02:00
andryyy
bc8e87fba6
[Rspamd] Olefy: reduce max scan size to 5 MiB 2021-08-16 06:49:18 +02:00
andryyy
d383c0ab9b
[Dovecot] Revert autocrypt sieve before, fixes DeltaChat and closes #4230 2021-08-13 06:18:43 +02:00
andryyy
eec75690e0
[Nginx] Deny inc/lib location 2021-08-08 16:06:26 +02:00
andryyy
96a460c2fa
[Dovecot] Change sieve scripts for DeltaChat 2021-07-28 21:44:06 +02:00
andryyy
3dd7d7226d
[Dovecot] Re-add sieve_vacation_dont_check_recipient = no (default) to check for vacation rcpts 2021-07-21 10:10:39 +02:00
Sven Michels
376ef76022
[Rspamd] Add soft reject on task timeout (#4189)
As we have seen issues in DNS processing actually stops rspamd from
processing a message, which leads to missing tag insertion for example,
we turn on soft reject on task timeout. Behavior is the same as with
greylisting for example, so the mail will be delayed/soft rejected, but
as DNS issues usually are most likely temporarily, it should get delivered
on the second try.
2021-07-19 12:09:32 +02:00
andryyy
b5bf97eec9
[Rspamd] Revert custom DNS timeouts 2021-07-11 17:31:40 +02:00
andryyy
b3959e8071
[Rspamd] DeltaChat improvements 2021-07-09 09:19:06 +02:00
andryyy
5a6d970794
[Rspamd] Better support for DeltaChat 2021-07-09 07:42:37 +02:00
andryyy
8b08d09ca2
[Web] Remove XMPP options
[Web] Add Rspamd preset #4
[Web] Do not show failed SASL logins (and also remove them from db)
2021-06-30 10:13:29 +02:00
andryyy
b2272b8e35
[Dovecot] Re-add listescape... 2021-06-23 14:17:39 +02:00
andryyy
9544ffe174
[Dovecot] Remove listescape 2021-06-23 14:13:34 +02:00
andryyy
3045bcf49d
[Nginx] Allow SOGo SSO 2021-06-23 14:12:14 +02:00
andryyy
06beda7c7c
[Rspamd] Increase DNS timeout and retransmits 2021-06-21 22:03:26 +02:00
andryyy
f7fd0d8c7c
[Dovecot] Move includes 2021-06-21 22:03:11 +02:00
andryyy
7b0b59a082
[Rspamd] Use Postfix IP 2021-06-21 22:02:36 +02:00
andryyy
5b68c186ca
[Rspamd] Bad header rule for hotmail/outlook.com spam that no one seems to care about at MS :/ 2021-06-17 06:34:47 +02:00
andryyy
3ec1b856c7
[Rspamd] Fix bad header rule 2021-06-16 12:23:11 +02:00
Dmitriy Alekseev
583663f6d1
[Rspamd] Fix FREEMAIL_POLICY_FAILURE with SPF_SOFTFAIL (#4142)
Add really low negative score to SOFTFAIL policy symbols to get FREEMAIL_POLICY_FAILURE triggered correctly
2021-06-11 16:10:28 +03:00
andryyy
3ffd39dae5
[Dovecot] Move mailboxes to separate config file; remove postlogin script (replaced by config variables) 2021-06-08 13:14:47 +02:00
andryyy
68f9ca8cb0
[Postfix] Remove broken SASL access map, moved to Dovecot LUA authentication 2021-06-08 13:13:49 +02:00
waja
28ab9986a7
Remove left smtpd_last_auth statement (#4127) 2021-06-06 11:52:31 +00:00
andryyy
d7ecf899c8
[Rspamd] Reduce 00 bad subjects score 2021-06-05 17:45:27 +02:00