Commit Graph

776 Commits

Author SHA1 Message Date
Niklas Meyer
b6cb3b026c [ClamAV] Update to 0.105 2022-05-06 15:44:58 +02:00
Niklas Meyer
0539cc6d8c [SOGo] Update to 5.6.0 2022-05-05 08:28:57 +02:00
Niklas Meyer
936f07336c
[Netfilter] Exclude banning IPs when dovecot server not reacheble
The new docker tag for mailcow/netfilter is 1.47

Thanks to @dragoangel
2022-04-22 16:20:35 +02:00
DerLinkman
224a59ab4b [Compose] Update netfilter-mailcow to 1.47 2022-04-22 16:19:06 +02:00
Kristian Feldsam
4e6c398c8c
[Clamd] fix whitelist (#4541)
Signed-off-by: Kristian Feldsam <feldsam@gmail.com>
2022-04-08 21:39:35 +02:00
Kristian Feldsam
d4e829465b
[Dovecot] Disable imapsync job, when auth details are wrong. Fixes #4276 (#4540)
Signed-off-by: Kristian Feldsam <feldsam@gmail.com>
2022-04-08 21:36:21 +02:00
Niklas Meyer
53a5254897
[SOGo] Update SOGo to 5.5.1
**Includes Database Changes!**

As a preparation for 5.5.2 the database as well as some NGINX Settings have been changed.
2022-04-01 15:20:09 +02:00
Peter
fd7269d455
[ClamAV] Move to official ClamAV Docker container (#4525)
Since ClamAV starts to offer Docker containers this PR introduces said containers so we don't need to build the container on our own anymore. This was an easy task until v0.104, but then ClamAV changed its buildprocess to use cmake and with v0.105 it also needs the Rust toolchain -> https://docs.clamav.net/manual/Installing/Installing-from-source-Unix.html#ubuntu--debian

Here are the main changes for the new container

Creates clamd-db-vol-1 volume
Still uses the same config files
Downloads ClamAV databases in said volume
Smaller container footprint 13MB vs 150MB

---

* [ClamAV] Move to official ClamAV Docker container

* [ClamAV] Remove vim + nano

* [ClamAV] Use normal version in docker-compose
2022-03-28 11:07:47 +02:00
Niklas Meyer
b375e6a250
[Rspamd] Update Rspamd to 3.2.1 (#4526)
This PR Updates Rspamd to 3.2.1

(See Changelog here: https://rspamd.com/announce/2022/03/26/rspamd-3.2.html)

The new Tag is mailcow/rspamd:1.90
2022-03-28 11:05:44 +02:00
Niklas Meyer
3166bd5df5 [Compose] Update SOGo to 5.5.1 2022-03-22 19:47:53 +01:00
Peter
eddaf7a975
Revert "Before update on 2022-03-02_17_04_05"
This reverts commit 24275ffdbf.
2022-03-05 23:31:41 +01:00
andryyy
24275ffdbf Before update on 2022-03-02_17_04_05 2022-03-02 20:03:09 +01:00
Niklas Meyer
c520f21d28
🐄 Moorch Update 2022 - ClamAV, Dovecot & Olefy Update (#4497)
* [API] Fix minor issue in api docs

* [GH-Actions][stale] Add neverstale label to exempt list

* [Web] add github version tag

* [Web] add github version tag

* [Web] add github version tag

* [Web] add github version tag

* [Web] add github version tag

* [Web] add github version tag error handling

* [Web] add github version tag error handling

* Passwordless SOGo auth: support for calendar invitations and calendar/contacts subscriptions

Inviting someone to a calendar event triggers a request to /SOGo/so/otheruser@example.com/freebusy.ifb/ajaxRead. Subscribing to someone's calendar/contacts triggers a request to /SOGo/so/otheruser@example.com/foldersSearch. The email address in the URL is different from the logged-in user, which needs to be handled appropriately by sogo-auth.php.

* [Web] add github version tag - adjust css

* [Compose] Update SOGo Autoreply Schedule to 5m

Based on the advice of inverse (SOGo developer). Thanks to https://github.com/jmber

Closes: https://github.com/mailcow/mailcow-dockerized/issues/4436

* [Web] add github version tag - move twig globals

* [Web] add github version tag - missing </div>

* Passwordless SOGo auth: improvements for when accessing other users

* [WebAuthn] fido2 passwordless auth - fix (#4440)

* [WebAuthn] fido2 revert

* [WebAuthn] set UV flags to 'discouraged'

* [WebAuthn] revert - set UV flags to 'discouraged'

* Update clamav to 0.104.2

* Update clamav to 0.104.2

* Update dovecot to 2.3.18

Update gosu to 1.14
Use debian bullseye as base

* [Web] Updated lang.es.json [CI SKIP] (#4453)

Co-authored-by: Fijxu <fijxu@zzls.xyz>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

Co-authored-by: Fijxu <fijxu@zzls.xyz>

* Fix broken documentation links (#4458)

* Fix broken documentation links

* Fix a few more broken documentation links

* Fix broken documentation links in translation files

* Fall back to empty string if WATCHDOG_NOTIFY_EMAIL undefined (#4457)

By default, `.env` (`mailcow.conf`) does not define `WATCHDOG_NOTIFY_EMAIL`.

Using it in `docker-compose.yml` without having it defined leads to Compose v2 displaying this warning on startup:

> WARNING: The WATCHDOG_NOTIFY_EMAIL variable is not set. Defaulting to a blank string.

Related to https://github.com/mailcow/mailcow-dockerized/issues/4315

* [Web] Updated lang.sk.json [CI SKIP] (#4461)

Co-authored-by: Lukáš Matula <lukas@gbely.net>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

Co-authored-by: Lukáš Matula <lukas@gbely.net>

* oletools: disable template injection detection (#4464)

Seems to be causing a lot of false positives lately

* Fix minor typo in comment (#4466)

Correction of the comment, so that the explanation is correct and can be understood.

* Update issue templates to issue forms (#4465)

This PR updates the issue templates to GitHubs new issue forms

* [Web] Fix padding issue in UI admin panel (#4481)

* [Web] fix admin panel padding issue

* [Web] fix admin panel padding issue

* [Web] Updated lang.sk.json [CI SKIP] (#4489)

Co-authored-by: Lukáš Matula <lukas@gbely.net>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

Co-authored-by: Lukáš Matula <lukas@gbely.net>

* increase opcache.interned_strings_buffer to 16 (#4487)

since version 23.0.2 Nextcloud recommends having a value greater than 8 for `opcache.interned_strings_buffer`. As this memory will be only used when needed this should have no impact on installations that are not using nextcloud.

related discussion: https://help.nextcloud.com/t/nextcloud-23-02-opcache-interned-strings-buffer/134007/19
related nextcloud issue: https://github.com/nextcloud/server/issues/31223

* nextcloud - add missing redirections (#4366)

adds missing location directives to the nginx configuration of nextcloud 22, to prevent warnings in nextcloud admin center of missing redirections

* Update imapsync to 2.178 (#4491)

* Update and fix oletools (#4479)

As noticed by @MAGICCC (#4464 (comment)), our olefy image does not work anymore if you rebuild it. This is because @HeinleinSupport recently updated their repository with the changes from @decalage2's repository, which renamed olvba3 to olevba. Since @HeinleinSupport does not recommend using its own patched branch and is very slow in pulling in changes from upstream (@decalage2), let's switch to the latter. This also allowed me to revert #4464.

Finally, a minor patch to rspamd is necessary. While the documentation says

In the extended mode the oletools module will not trigger on specific categories, but will always set a threat string with all found flags when at least a macro was found.

This is not actually true -- it only sets it when suspicious or autoexec threats were detected. But it's a one-line patch to make rspamd behave as documented and we should submit that patch to @rspamd too. With this patch, I have confirmed that Mailcow will reject any incoming, non-whitelisted message containing attachments with macros.

* [Web] Fix excluded domain list in quaratine view

Previously excluded domains from quarantine were not shown.

* [Dovecot] Update syslogng Version to 3.28 (#4496)

Co-authored-by: Niklas Meyer <niklas.meyer@tinc.gmbh>

Co-authored-by: ntimo <git@nowitzki.me>
Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: FreddleSpl0it <patschul@posteo.de>
Co-authored-by: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Co-authored-by: Michael Kuron <mkuron@users.noreply.github.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: Fijxu <fijxu@zzls.xyz>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
Co-authored-by: Lukáš Matula <lukas@gbely.net>
Co-authored-by: Max <mail@heavygale.de>
Co-authored-by: Michael Cramer <michael@bigmichi1.de>
Co-authored-by: Robert Christian <soulsymphonies@users.noreply.github.com>
Co-authored-by: André <andre.peters@debinux.de>
Co-authored-by: Niklas Meyer <niklas.meyer@tinc.gmbh>
2022-03-02 16:32:17 +01:00
Niklas Meyer
89fdd1986d
Jan(moo)uary Update 2022 - Revision A (2022-01a) (#4445)
* [API] Fix minor issue in api docs

* [GH-Actions][stale] Add neverstale label to exempt list

* [Web] add github version tag

* [Web] add github version tag error handling

* Passwordless SOGo auth: support for calendar invitations and calendar/contacts subscriptions

Inviting someone to a calendar event triggers a request to /SOGo/so/otheruser@example.com/freebusy.ifb/ajaxRead. Subscribing to someone's calendar/contacts triggers a request to /SOGo/so/otheruser@example.com/foldersSearch. The email address in the URL is different from the logged-in user, which needs to be handled appropriately by sogo-auth.php.

* [Web] add github version tag - adjust css

* [Compose] Update SOGo Autoreply Schedule to 5m

Based on the advice of inverse (SOGo developer). Thanks to https://github.com/jmber

Closes: https://github.com/mailcow/mailcow-dockerized/issues/4436

* [Web] add github version tag - move twig globals

* [Web] add github version tag - missing </div>

* Passwordless SOGo auth: improvements for when accessing other users

* [WebAuthn] fido2 passwordless auth - fix (#4440)

* [WebAuthn] fido2 revert

* [WebAuthn] set UV flags to 'discouraged'

* [WebAuthn] revert - set UV flags to 'discouraged'

Co-authored-by: ntimo <git@nowitzki.me>
Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: FreddleSpl0it <patschul@posteo.de>
Co-authored-by: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Co-authored-by: Michael Kuron <mkuron@users.noreply.github.com>
2022-02-01 15:26:48 +01:00
Niklas Meyer
355ea71877
Merge pull request #4428 from FreddleSpl0it/master
Migrating from U2F to WebAuthn for 2FA
2022-01-21 12:19:25 +01:00
Niklas Meyer
fac8d9d28a
[Netfilter] Update to Alpine 3.15 + GeoIP Fix
Added xtables-addon to netfilter container to handle iptables rules with geoip
**Commited by: @marcvorwerk**
2022-01-21 09:22:25 +01:00
FreddleSpl0it
aaf5da240a
[WebAuthn] rename env var 2022-01-20 11:19:00 +01:00
Niklas Meyer
513588621d
[Compose] Update Netfilter Image to 1.46 2022-01-20 10:12:28 +01:00
Niklas Meyer
8f89968421
[SOGo] Update SOGo to 5.5.0 + syslog Version Update (in Config)
This PR is updating SOGo to the new 5.5.0 Release (https://github.com/inverse-inc/sogo/releases/tag/SOGo-5.5.0) <-- Available in master.

It also includes the nsyslog Update to 3.28 (since the new SOGo builds are using a newer version), which fix a warning message inside the sogo container that the nsyslog version is outdated and can be upgraded to 3.28

This new release will have the Docker Image Tag: mailcow/sogo:1.106
2022-01-20 10:04:01 +01:00
FreddleSpl0it
7df2bb28f8
[WebAuthn] disable rootCA default 2022-01-19 21:35:21 +01:00
FreddleSpl0it
0f464658cc
[WebAuthn] disable webauthn rootca by mailcow.conf 2022-01-19 19:10:43 +01:00
Niklas Meyer
ccd3677d76
[Compose] Update Watchdog Tag (Alpine 3.15) 2022-01-19 16:48:57 +01:00
Niklas Meyer
5bcb0f5d25
[SOGo] Update SOGo to 5.5.0
New Docker Tag: mailcow/sogo:1.106
2022-01-19 10:33:51 +01:00
Niklas Meyer
f9def72115
[Compose] Update olefy to Alpine 3.15 2022-01-18 20:57:24 +01:00
Niklas Meyer
a5e38f33d9
[Compose] Update Clamd to 0.103.5 2022-01-15 17:18:32 +01:00
Niklas Meyer
b0679b1c4f
[Compose] Docker Tag fix to include Alpine Update
Referencing: https://github.com/mailcow/mailcow-dockerized/pull/4372
2022-01-11 10:00:24 +01:00
Niklas Meyer
026be03a6a
[Compose] Updated Unbound Tag to 1.15 (Alpine Update) 2022-01-11 09:52:58 +01:00
Niklas Meyer
29bd368a98
[SOGo] Update to 5.4.0 (#4397) 2021-12-24 05:55:17 +01:00
Niklas Meyer
e8ca588884
[Solr] Remove breached class from log4j-core.jar (#4390) 2021-12-17 12:43:05 +01:00
Niklas Meyer
758f2ef8d1
[Compose] Revert prior image tag version change
Removed the newer image tag in the docker-compose.yml (one version ahead)
2021-12-15 09:59:50 +01:00
Niklas Meyer
2f9d8213b6
[Alpine] Update to 3.15 (#4372) 2021-12-14 14:10:31 +01:00
Christian Burmeister
f58cc2aa43
Update docker-compose.yml (#4381)
ofelia-mailcow does not have the correct time zone.
Test: ocker exec -it mailcowdockerized_ofelia-mailcow_1 date
2021-12-13 19:01:07 +01:00
andryyy
9c5fd91484 Merge branch 'hotfix' into staging 2021-12-12 10:50:50 +01:00
andryyy
e1db347d03
[Compose] Update Solr image 2021-12-12 10:49:50 +01:00
DerLinkman
03542bfa71
[Dovecot] Update to 2.3.17.1 (#4365) 2021-12-08 20:17:30 +01:00
andryyy
0945b91bf6
[SOGo] Update image 2021-11-30 11:15:56 +01:00
Peter
99ee38117c
Update SOGo to 5.3.0 (#4330)
* [SOGo] Rebase on Bullseye

* [SOGo] Update gosu to 1.14

* [SOGo] Update to 5.3.0
2021-11-22 13:55:16 +01:00
Sven Gottwald
7e35c3d0dd
[ClamAV] Update to 0.103.4 (#4314)
* [ClamAV] Update to 0.103.4

ClamAV 0.103.4 is a critical patch release, see https://blog.clamav.net/2021/11/clamav-01034-and-01041-patch-releases.html for more information.

* Update docker-compose.yml

Update mailcow/clamd:1.42
2021-11-11 13:43:41 +01:00
andryyy
09d763548c Merge branch 'app-passwd-daveas' into staging 2021-10-29 06:50:23 +02:00
Peter
6bf70cf846
[Watchdog] Add Watchdog verbose logging (#4299)
* [Watchdog] Add verbose logging

* [Watchdog] More verbose debugging

* [Watchdog] Enable MX check for recipients

Co-authored-by: andryyy <andre.peters@debinux.de>
2021-10-29 06:48:49 +02:00
andryyy
e13bc242a4
[Web, Dovecot] Allow to define scope of services for app passwords 2021-10-28 21:57:19 +02:00
andryyy
c0011013b8
[Compose] Update SOGo image 2021-10-27 12:49:52 +02:00
andryyy
56e8e88276 [Dovecot] Do not disallow app passwords when force_password_reset is active 2021-10-23 07:22:56 +02:00
andryyy
3c962b0004
[DockerAPI] Update docker-py 2021-10-21 19:40:14 +02:00
andryyy
3c9b84ff6f [Compose] Update PHP and netfilter images 2021-10-15 13:06:48 +02:00
Kristian Feldsam
0b64967ec5
[web] implemented twig templating system (#4264)
Signed-off-by: Kristian Feldsam <feldsam@gmail.com>
2021-09-22 20:47:10 +02:00
andryyy
7641dbf3a5
[Compose] Update ClamAV image 2021-09-06 11:46:45 +02:00
andryyy
db4003007d
[Compose, Rspamd] Update Rspamd image to non-memleaking version 2021-09-02 19:28:56 +02:00
andryyy
107c8ed229
[Watchdog] Workarond for issue with content buffering in Alpine and Nagios plugins 2021-09-01 18:57:56 +02:00
Kristian Feldsam
54c4d7e49c
[Dovecot: Imapsync] Parse, save and show last run status (#4253)
* [imapsync] - check for errors in returned_text

Signed-off-by: Kristian Feldsam <feldsam@gmail.com>

* [imapsync] parse and save exit status

Signed-off-by: Kristian Feldsam <feldsam@gmail.com>

* [dovecot] updated image version

Signed-off-by: Kristian Feldsam <feldsam@gmail.com>
2021-09-01 16:29:11 +02:00