andryyy
06c8f140b5
[Nginx] Mark script not executable
2020-07-14 13:24:37 +02:00
andryyy
4cd51017a7
[Nginx] Mark script executable
2020-07-14 13:20:50 +02:00
andryyy
d931083e0e
[SOGo] Disable EAS when SKIP_SOGO=y
2020-07-14 13:16:26 +02:00
andryyy
ad8acefb96
[SOGo] Disable EAS when SKIP_SOGO=y
2020-07-14 13:13:32 +02:00
andryyy
e6cc1bf27c
[Dovecot] Include SOGos IP as trusted
2020-07-11 13:33:05 +02:00
andryyy
2344310f47
[SOGo] SOGo does no trust self signed or invalid certificates anymore, add temp workaround
2020-07-11 13:32:49 +02:00
andryyy
0cfdd763f8
[Feature] Add HAProxy listeners and an example override file
2020-07-04 19:30:40 +02:00
andryyy
8ce639aa25
[MySQL] Slightly more resources
2020-07-02 07:53:52 +02:00
andryyy
c673c2a6cc
[Rspamd] Add hint to composite, minor
2020-07-02 07:53:22 +02:00
andryyy
7304add084
[Watchdog] Update compose file, update image
...
[Rspamd] Temporarily disable over-signing, as Cyren does mark those mails as DKIM invalid (blame them, not us)
2020-06-23 21:22:22 +02:00
andryyy
414cbbef6b
[Rspamd] Change whitelisted senders map from prefilter to score -2050
2020-06-19 22:07:10 +02:00
Timo N
5fe9de0500
[API] Removed api_blueprint docs and use swagger ( #3595 )
...
* [NGINX] Removed api docs location
* [WEB] Removed api_blueprint api docs
* [WEB] Added openapi/swagger api viewer
* [WEB] Added openapi.yaml with api docs
* [WEB] Added request body for create app password endpoint
* [Web] Updated types in openapi.yaml
* [Web] Only define API docs auth header once
* [Web] Added 401 api response to docs
2020-06-07 20:46:17 +02:00
andryyy
75f4b77bc2
[Postfix] Remove smtpd_tls_CAfile, fixes #3589
2020-06-04 16:23:41 +02:00
andryyy
115c6540e2
[Rspamd] Consistent LOCAL_CONFDIR
2020-06-03 08:34:24 +02:00
andryyy
702f221a2d
[Rspamd] More bulk headers
2020-06-01 09:55:45 +02:00
andryyy
b208037b49
[Rspamd] Do not exclude fwd hosts from dmarc checks
2020-05-23 20:32:56 +02:00
andryyy
4881f617a5
[Rspamd] Changes to WHITELISTED_FWD_HOST composite handling
2020-05-23 12:20:57 +02:00
andryyy
615ef47f27
[Rspamd] More excludes for fwd hosts, minor fix to FORGED_W_BAD_POLICY
2020-05-23 11:16:33 +02:00
andryyy
6a95d217b4
[Postfix] Remove obsolete comment
2020-05-21 21:55:43 +02:00
Dmitriy Alekseev
d5ed0c0368
Update anonymize_headers.pcre ( #3563 )
...
Added anonymization for Sieve and changed regex for Rspamd to look same as new Sieve regex
2020-05-21 20:04:03 +02:00
Igor Scheller
16b2a2c055
[Postfix] Set smtp_address_preference to any ( #3561 )
...
Closes https://github.com/mailcow/mailcow-dockerized/issues/3560
2020-05-21 19:28:35 +02:00
andryyy
8260fb5baf
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2020-05-20 12:20:42 +02:00
andryyy
347e65736e
[Rspamd] IP WL is no more a prefilter to prevent unsigned mail
2020-05-20 12:15:33 +02:00
Dmitriy Alekseev
4b22bd1dea
Update anonymize_headers.pcre ( #3553 )
...
* Update anonymize_headers.pcre
Change Received by for Rspamd with Dmarc Reporting module enabled.
* Update anonymize_headers.pcre
Co-authored-by: André Peters <andre.peters@debinux.de>
2020-05-20 11:51:00 +02:00
Florian Lindner
4519f460b4
Remove obsolete setting smtpd_use_tls. ( #3548 )
...
See http://www.postfix.org/postconf.5.html#smtpd_use_tls . It is
controlled by smtpd_tls_security_level, which is set to may.
Co-authored-by: Florian Lindner <florian.lindner@ipvs.uni-stuttgart.de>
2020-05-18 14:22:21 +02:00
andryyy
ed49ea7b41
[PHP-FPM] Increase timeouts
2020-05-12 18:29:54 +02:00
andryyy
857fa0314b
[Rspamd] Further increase bounce rl
2020-05-08 14:01:16 +02:00
andryyy
b5c59046ed
[Rspamd] Score spoofed senders higher
2020-05-06 20:15:18 +02:00
andryyy
84d205d728
[Nginx] Drop X-Powered-By via fastcgi_hide_header
2020-05-06 20:14:34 +02:00
Aaron
1f00887f91
Fix inconsistent spacing in dovecot/dovecot.conf and postfix/main.cf ( #3511 )
...
* Fix inconsistent spacing in dovecot.conf
* Fix inconsistent spacing in main.cf
2020-04-30 18:22:21 +02:00
andryyy
bba9adaa6e
[Rspamd] Set bounce RL to 20 / 1h ; Fix BAZAR (test)
2020-04-29 21:08:33 +02:00
andryyy
e7a5c98704
[Rspamd] Disable upstream checks for SIEVE_HOST
2020-04-27 20:48:12 +02:00
andryyy
d392257289
[Web] Some changes
...
[SOGo] Allow to not spawn SOGo but an idling shell
[Rspamd] Remove X-CSA-Complaints from bulk headers...
2020-04-27 20:47:28 +02:00
Lukáš Matula
ca48bc9c34
[Web] Update slovak translation ( #3491 )
...
Update lang.sk.json + sorting in dovecot
2020-04-18 22:26:09 +02:00
andryyy
35d3586950
[Rspamd] Pushover: Fixes
2020-04-16 22:29:01 +02:00
andryyy
47a15c21aa
[Rspamd] Pushover, check sender by regex
2020-04-16 21:58:30 +02:00
andryyy
6efe0d5aab
[Rspamd] Moore Pushover fixes
2020-04-16 15:42:10 +02:00
andryyy
fec0f688b1
[Rspamd] More Pushover fixes
2020-04-16 13:38:19 +02:00
andryyy
1be3ca3fb9
[Rspamd] Pushover fixes
2020-04-16 12:23:27 +02:00
andryyy
c67bb75071
[Rspamd] More pushover options
2020-04-16 11:32:53 +02:00
andryyy
5d37f2af4f
[Rspamd] Fix maps #2
2020-04-14 21:14:21 +02:00
andryyy
960fe1fdba
[Rspamd] Fix maps
2020-04-14 21:13:53 +02:00
andryyy
d883bb246b
[Rspamd] Increase bulk header score
2020-04-14 10:34:09 +02:00
andryyy
b25a842e5d
[Rspamd] Block more promio spam crap
2020-04-14 10:31:53 +02:00
andryyy
59a2ea0959
[Web, Dovecot] Show last IMAP and POP3 logins, toggle via vars.inc.php SHOW_LAST_LOGIN
2020-04-13 20:34:39 +02:00
andryyy
ce6d6a01f3
[Rspamd] Remove policy checks from SPOOFED_UNAUTH, since SPF can be valid in envelope from, while forging the header from field
2020-04-12 21:13:31 +02:00
andryyy
dc3eb44544
[Rspamd] Add more bulk headers
2020-04-12 13:07:51 +02:00
andryyy
f38be3a8b0
[Rspamd] Slightly reduce BAD REP POL score
2020-04-11 08:27:11 +02:00
andryyy
cb599db61e
[Rspamd] Fix quarantine and pushover notifications
2020-04-11 08:02:15 +02:00
andryyy
ccdb7fcd26
[Rspamd] Add metadata exporter for unauthed mail
2020-04-10 20:55:49 +02:00
andryyy
eeea1b393c
[Rspamd] Remove upstream spam check results from mail by fwd hosts
2020-04-10 20:54:26 +02:00
andryyy
65aa7b0a92
[Rspamd] Use empty-env-from@localhost as placeholder for empty env from senders in quarantine
2020-04-08 21:55:17 +02:00
andryyy
ef0b40085b
[Postfix] Allow to relay only non-local mailboxes
2020-04-03 20:39:53 +02:00
Michael Kuron
ca4c7c51dc
[rspamd] Restore add header forced action ( #3440 )
...
Revert 0474de88b1
. Fixed since c3a4c6d311
.
2020-03-31 19:21:03 +02:00
andryyy
e491b835e5
[Rspamd] And even more spam headers
2020-03-21 20:39:07 +01:00
andryyy
6a523fc497
[Rspamd] Moooore spam crap
2020-03-21 20:34:55 +01:00
andryyy
d460061e7a
[Rspamd] More spam headers
2020-03-21 20:19:58 +01:00
andryyy
b0ff2ddb50
[Rspamd] Add more bulk headers (feel free to contribute)
2020-03-21 20:13:44 +01:00
andryyy
0474de88b1
[Rspamd] Forced action add header seems to be broken atm, switching to rewrite subject until fixed
2020-03-10 07:20:18 +01:00
andryyy
1d0e8a9497
[Postfix] Remove default rcpt count limit
2020-03-09 13:26:52 +01:00
andryyy
537b7dad14
[Rspamd] Add fuzzy hashes to headers, if matched
2020-03-08 12:24:42 +01:00
andryyy
fc460fd806
[Rspamd] Reduce CSA crap to 2.0
2020-03-06 18:16:54 +01:00
andryyy
f532422726
[Rspamd, Web] Escape monitoring hosts, add regex maps to vars file
2020-03-06 08:38:01 +01:00
andryyy
bbd53d7f4f
[Rspamd] Add X-CSA to bulk headers
2020-03-06 08:33:00 +01:00
andryyy
d248bb660c
[Rspamd] Reduce Sorbs recent score
...
[Rspamd] Add annoying CSA to bulk symbols and score then with 3.2
[Rspamd] Update to 2.4
2020-03-06 07:14:06 +01:00
André Peters
c7d278384a
[Web] Add slovak language ( #3387 )
2020-03-05 07:22:44 +01:00
andryyy
c9f455a2b1
[Rspamd] Move monitoring hosts to monitoring_nolog.map file
2020-03-04 11:53:07 +01:00
Ry3nlNaToR
93965fdc30
Added mailflowmonitoring.com to no log Rspamd ( #3384 )
2020-03-04 06:08:54 +01:00
andryyy
580b700eec
[Rspamd] Quarantine: Set sender to null@localhost when sender is missing
2020-03-03 19:10:28 +01:00
andryyy
c1907063e1
[Dovecot] Remove auto subs
2020-02-27 10:44:57 +01:00
Victor Nyberg
998c9515a2
Swedish language translation for Mailcow ( #3366 )
2020-02-27 06:50:03 +01:00
andryyy
49d4f6f897
[Rspamd] Set fixed name for fuzzy store
2020-02-26 14:30:44 +01:00
andryyy
e1f165b9dc
[Rspamd] Add mailcow fuzzy hash store
2020-02-26 14:24:19 +01:00
andryyy
c785c8f700
[Dovecot] Show last mail (pop3, imap) login in web interface
2020-02-25 19:38:20 +01:00
andryyy
c9a4715dfc
[Rspamd] Disable 304 until SOGO_CONTACT triggers an update, needs rework
2020-02-25 11:14:59 +01:00
andryyy
09d15ee380
[ClamAV] Add specific db mirrors
2020-02-21 11:21:42 +01:00
andryyy
b9d7519ec2
[Postfix] Set empty HELO restrictions for quarantine smtpd
2020-02-21 08:53:23 +01:00
andryyy
a4e5400f67
[Nginx] Add proxy_send_timeout and proxy_read_timeout of 300 to /SOGo
2020-02-19 21:40:45 +01:00
andryyy
b5c844d704
[Postfix] IMPORTANT: Disabling TLS 1.0 and 1.1 for submission and smtps
2020-02-12 10:36:54 +01:00
andryyy
77d922c05a
[Dovecot] IMPORTANT: Disabling TLS 1.0 and 1.2 - welcome to 2020
2020-02-12 09:12:24 +01:00
andryyy
9d04d0ee4a
[Rspamd] Add X-Last-TLS-Session-Version header
2020-02-09 19:08:28 +01:00
andryyy
82c094c77c
[Postfix] Added custom_postscreen_whitelist.cidr for a custom Postscreen wl, fixes #3313
2020-02-06 08:28:05 +01:00
andryyy
8a3fc802c5
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2020-02-06 07:04:31 +01:00
andryyy
a71f8ed5af
[PHP-FPM] Do not use Redis for session handling
2020-02-05 11:04:34 +01:00
andryyy
ad55dd8f05
[Rspamd] Use redis master for RL operations in pipe_rl
2020-02-05 11:02:31 +01:00
andryyy
23cf8995df
[Dovecot] Set replicator options by default - unused, no support or docs as of today
2020-02-05 11:01:50 +01:00
Michael Kuron
3cdbe7b73c
Reduce Rspamd DNSBL false positives ( #3311 )
...
* rspamd: ignore Spamhaus XBL for Received headers
* rspamd: ignore SORBS RBL for forwarding hosts
* rspamd: ignore RBLs for forwarding hosts
2020-02-04 12:35:52 +01:00
André Peters
60fb5498ff
Update mime_types.conf
2020-02-04 12:06:20 +01:00
André Peters
96a507c927
Update mime_types.conf
2020-02-04 12:05:24 +01:00
andryyy
d83013667b
[Rspamd] Do not normalise domains to eSLD for ARC
2020-01-19 13:17:23 +01:00
andryyy
081602def9
[Postfix] Client rcpt rate limit set to 50
2020-01-18 16:32:41 +01:00
andryyy
57af5103c7
[Rspamd] Ratelimit for bounces reduced, max_rcpt for ratelimit increased
2020-01-18 16:32:27 +01:00
Michael Kuron
4c2e13009b
rspamd: More comprehensive attachment handling ( #3273 )
...
- block all Office documents with macros
- don’t just block all doc files
- mark some more Windows executable extensions as bad
2020-01-17 22:19:12 +01:00
andryyy
4e46d44e79
[Rspamd] Allow empty envfrom for system mails, add only Dovecot to sign_networks and sign by header when sign_networks fires.
...
ARC remains active for forwards. Result: fully signed and trusted forwards and signed rejects in sieve.
2020-01-12 12:21:21 +01:00
andryyy
791e0831ad
[Rspamd] Fix DKIM, fixes #3262
2020-01-12 11:39:53 +01:00
andryyy
5f73629493
[Rspamd] Set rspamd as trusted host, rspamd is not spoofing
2020-01-10 20:39:52 +01:00
andryyy
03cbed5002
[Rspamd] allow_hdrfrom_mismatch true, auth_only false (sieve)
2020-01-10 20:39:11 +01:00
andryyy
203dd12497
[Rspamd] Fix groups
2020-01-06 18:47:51 +01:00
andryyy
6d5677eb32
[Rspamd] Decrease weight of missed charset
2020-01-05 11:34:03 +01:00
andryyy
b098696b89
[Rspamd] Fix groups.conf syntax
2020-01-05 11:24:13 +01:00
andryyy
ad1f243667
[Postfix] Set CA path for smtpd
...
[Rspamd] Split deprecated metrics.conf to actions.conf and groups.conf
2020-01-05 11:21:04 +01:00
andryyy
9157993953
[Dovecot] Enable editheaders plugin in sieve for all users
2019-12-31 14:24:33 +01:00
andryyy
58a00cf7ea
[Web, Rspamd] Add bad language map, add map to mailcow UI
2019-12-22 18:57:28 +01:00
andryyy
5a0df09361
[Rspamd] Rate .doc with +10, decrease default bayes ham score
2019-12-20 15:44:58 +01:00
andryyy
57003a8215
[Postfix] Update Postscreen whitelist
2019-12-15 22:04:45 +01:00
andryyy
8c3ab0371a
[ClamAV] Copy productive whitelist.ign to exposed configuration folder, remove direct mount of whitelist file
2019-12-14 15:12:37 +01:00
andryyy
25c2bcc8b3
[ClamAV] Force add default whitelist.ign2
2019-12-14 15:04:09 +01:00
andryyy
6564944f7a
[Postfix] Add bl.suomispam.net
2019-12-06 16:15:04 +01:00
andryyy
309f90a9b3
[Dovecot] Change LUA path
2019-12-06 10:20:47 +01:00
andryyy
7e2aa42578
[IMPORTANT] If you run Ubuntu 16.04, upgrade your kernel to linux-generic-hwe-16.04
...
[ClamAV] Remove deprecated parameter
2019-12-05 14:29:04 +01:00
andryyy
afb43c9c5b
[Dovecot] Fix app passwds: allow multiple pass hashes by using LUA construct
2019-12-03 18:50:45 +01:00
andryyy
653c058e33
[Web] Feature: Allow app passwords for imap/smtp, allow to set acl permission for app passwords (domain admin [when logged in as user] and user)
2019-12-02 11:02:19 +01:00
andryyy
0e6dfdd0fe
[Nginx] Catch case-insensitive /sogo$ request and redirect to /SOGo
2019-12-02 10:55:17 +01:00
andryyy
7b4ed3bf64
[Rspamd] Lower map watch interval
2019-12-02 10:54:22 +01:00
andryyy
9257fa90d4
[Nginx] Fix 301 to SOGo
2019-11-28 19:14:23 +01:00
andryyy
ce15dda990
[Nginx] Redirect /S|sogo* to /SOGo
2019-11-28 15:08:11 +01:00
andryyy
8badb146e9
[Unbound] Disable ipsecmod
2019-11-26 21:08:47 +01:00
andryyy
d57e2b58c1
[Rspamd] Reduce ptr fail score
2019-11-24 16:09:59 +01:00
andryyy
19d0eedeba
[Rspamd] Add FORGED_W_BAD_POLICY
2019-11-24 16:08:58 +01:00
andryyy
eeda59e048
[Postfix] Add more service labels, thanks to @christianbur
2019-11-24 15:35:56 +01:00
andryyy
5d7e365592
[Postfix] Remove test var
2019-11-24 15:23:16 +01:00
andryyy
4a36eb014c
[Postfix] TLS protocols for submission and smtps can be overriden using extra.cf (submission_smtpd_tls_mandatory_protocols and smtps_smtpd_tls_mandatory_protocols), thanks to @christianbur
...
[Postfix] Show overriding warnings when starting Postfix, but hide them in syslog output
2019-11-24 14:18:27 +01:00
andryyy
79bcbe5a51
[MySQL] Some tweaks to lower RAM consumption, thanks to @Thomas2500
2019-11-21 19:41:50 +01:00
andryyy
e0535bedbb
[Rspamd] Set new last modified when changing Rspamd settings
2019-11-18 16:42:56 +01:00
andryyy
7a87c492ed
[Rspamd] Fix bad ASN map format
2019-11-18 13:26:16 +01:00
andryyy
d67e4e83c9
[Rspamd] Increase score for BAD_REP_POLICIES
2019-11-15 23:51:48 +01:00
andryyy
e439d52ff2
[SOGo] Minor config changes
2019-11-15 17:39:32 +01:00
andryyy
56ddc4bd26
[Rspamd] Add new default reject message
...
[Rspamd] Add Sorbs
2019-11-15 07:58:04 +01:00
andryyy
64f8ed2fbc
[Rspamd] Increase invalid PTR score
2019-11-14 10:17:58 +01:00
andryyy
2e972fb03b
[Rspamd, Postfix] Move PTR check to Postfix
2019-11-14 10:17:14 +01:00
andryyy
99326f81de
[Rspamd, Postfix] Move PTR check to Postfix
2019-11-14 10:16:51 +01:00
andryyy
c4656e00fd
[Postfix] Add hint for custom_transport.pcre
2019-11-12 20:50:21 +01:00
andryyy
e1fdbba0f7
[Postfix] Add custom_transport.pcre
2019-11-12 20:44:43 +01:00
andryyy
4ccad6b0c3
[MySQL] key_buffer_size it is
2019-11-11 23:20:01 +01:00
Michael Kuron
fbc7b7dce5
rspamd: Don't remove WHITELISTED_FWD_HOST if SOGO_CONTACT present ( #3084 )
2019-11-11 08:20:46 +01:00
andryyy
1d1a9a27c9
[MariaDB] Adjustments
2019-11-08 08:14:57 +01:00
andryyy
3235edea88
[MariaDB] Adjustments
2019-11-08 08:12:34 +01:00
andryyy
15f3a664cd
[MySQL] Disable query cache
2019-11-06 21:03:00 +01:00
andryyy
04ae2fadef
[MySQL] Reduce memory usage
2019-11-06 20:12:25 +01:00
andryyy
bcc28784f7
[Rspamd] CL is not a fishy tld
2019-11-02 12:02:49 +01:00
andryyy
7f8b13434d
[Rspamd, Dovecot] Do not use Schaal rules - probably too much for Rspamd 2.x to handle, mem leak?
2019-10-31 20:43:07 +01:00
andryyy
50020bf1f0
[Rspamd] Remove neural, other gbc options
2019-10-31 19:55:42 +01:00
andryyy
6655ada308
[Rspamd] Remove unwanted options after talking to Vsevo
2019-10-31 19:03:20 +01:00
andryyy
573e62f181
[MySQL] Allow more connections
2019-10-31 06:38:12 +01:00
andryyy
59d966ab0f
[MySQL] Reduce max-connections, disallow performance_schema
2019-10-30 21:08:59 +01:00
andryyy
df3d78f03b
[Rspamd] Reset logging
2019-10-30 20:18:21 +01:00
andryyy
27de9dbf92
[Rspamd] Slight changes to improve memory usage
...
[Web] Dirty hack to touch Rspamd maps a second time
2019-10-30 20:07:58 +01:00
andryyy
c0f39e5cac
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2019-10-29 18:36:53 +01:00
andryyy
a71f590b1e
[Rspamd] Remove score from neural
2019-10-29 18:36:49 +01:00
andryyy
8683e4bd9a
[Rspamd] Use last-modified headers to not read unmodified settings map every 30 seconds
2019-10-29 14:21:58 +01:00
Michael Kuron
c63967f7be
Rspamd: increase redis timeout
2019-10-26 13:00:31 +02:00
andryyy
be4099182b
[Rspamd] Do not log watchdog mails
2019-10-21 20:42:43 +02:00
André Peters
de8cfbde03
Merge pull request #3072 from tinect/deliverCSSandJSfiles
...
deliver CSS and JS as external request
2019-10-21 11:18:49 +02:00
andryyy
d5ee7de66a
[Rspamd] Disable info logging, re-enable silent logging, only apply MILTER_HEADERS symbol to watchdog Rspamd settings map
2019-10-20 21:48:30 +02:00
tinect
cc1bf5d426
deliver CSS and JS as external request
2019-10-20 21:25:58 +02:00
Marcel Hofer
f2b552c00d
Fix custom http redirects with TLS-SNI
...
Disable http listener for SNI ssl hosts in nginx. This allows the use of the following config again:
https://mailcow.github.io/mailcow-dockerized-docs/u_e-80_to_443/
However that documentation page should still be updated: https://github.com/mailcow/mailcow-dockerized-docs/pull/175/commits
2019-10-20 20:24:16 +02:00
Marcel Hofer
05e7c95829
[SSL] fix wildcard compare for non-bash shell
2019-10-20 17:02:54 +02:00
Marcel Hofer
dcd50b2245
[SSL] restore old nginx templates. fix possible issues with custom nginx sites
2019-10-20 16:41:53 +02:00
Marcel Hofer
84c5f43438
[SSL] re-add nginx site.conf
2019-10-19 12:49:23 +02:00
Marcel Hofer
2e35da6816
[SSL] create individual domain certificates, add SNI configs for Postfix/Dovecot/Nginx
2019-10-19 12:48:56 +02:00
andryyy
a606f60b54
[Nginx] Modify site to catch failed logins to /rspamd
2019-10-12 13:16:49 +02:00
andryyy
ee57b5921f
[Rspamd] Various fixes for Rspamd 2.0, neural network activated, autolearning activated (auto-keeps a ratio)
2019-10-12 13:14:34 +02:00
andryyy
0cfa056faa
[Rspamd] Do not quaratine if symbol is GLOBAL_X_BL
2019-10-10 12:38:24 +02:00
andryyy
1580e4b2a5
[Nginx, SOGo] Adjustments for EAS
2019-10-06 10:12:46 +02:00
André Peters
a008855991
Merge pull request #2999 from ntimo/task/api-docs
...
[Nginx] Fix nginx config for API docs
2019-10-04 08:51:26 +02:00
andryyy
8f7693ccdb
[Postfix] Update postscreen_access
2019-10-04 08:43:59 +02:00
André Peters
37f6ddac2e
Merge pull request #2950 from friedPotat0/postwhite
...
update postscreen whitelist by using postwhite
2019-10-04 08:41:29 +02:00
ntimo
6ab1304579
[Nginx] Make api docs browsable using /api and /api/ uri
2019-10-03 11:27:44 +02:00
ntimo
7c43e2e120
[Nginx] Fix nginx config for API docs
2019-10-03 11:19:17 +02:00
andryyy
0f5c930e48
Fix site
2019-10-03 11:15:53 +02:00
ntimo
5cf74f6b85
[NGINX] Make API docs accessible using /api/
2019-10-02 22:13:47 +02:00
André Peters
9f66b83a34
Merge pull request #2965 from phenomax/postfix-no-renegotiation
...
[Postfix] Add NO_RENEGOTIATION to tls_ssl_options
2019-09-28 22:17:32 +02:00
andryyy
9b7668d912
[Nginx] Custom 502
2019-09-24 06:53:13 +02:00
andryyy
a231ecaed5
[Rspamd] Fix ARC defaults, thanks to klausenbusk
2019-09-23 10:44:58 +02:00
andryyy
287c577fc4
[Rspamd] Set !ARC_ALLOW to SPF FAIL check
2019-09-23 10:44:26 +02:00
Max Uetrecht
bbe396d3c2
[Postfix] Add NO_RENEGOTIATION to tls_ssl_options
2019-09-22 17:38:03 +02:00
andryyy
b5d169cf90
[Postfix] Fix anonymize headers...
2019-09-19 06:48:21 +02:00
André Peters
1bbe1a2367
Merge pull request #2940 from ntimo/task/split-bad-words
...
[RSPAMD] Split bad words into multiple files per language
2019-09-18 18:35:11 +02:00
friedPotat0
ea8c002eff
update postscreen whitelist
2019-09-18 15:30:43 +02:00
andryyy
b3c2f683cb
[Postfix] Adjustments for RBL
2019-09-18 07:58:54 +02:00
friedPotat0
58cbf2c9c8
update postscreen whitelist by using postwhite
2019-09-17 21:27:17 +02:00
ntimo
ba6c5b7197
[Rspamd] Updated bad_word maps
2019-09-17 20:39:08 +02:00
ntimo
3ca014ee79
[Rspamd] Added multimap config for bad_words_de.map
2019-09-16 18:18:56 +02:00
ntimo
005ed2cadc
[Rspamd] Split bad words into multiple files per language
2019-09-15 11:53:04 +02:00
André Peters
83cd62d46f
Merge pull request #2928 from MAGICCC/feature/remove-dnsbl-inps.de
...
[Postfix] Remove discontinued DNSBL dnsbl.inps.de
2019-09-10 18:07:03 +02:00
André Peters
d1e56ab7bc
Update fishy_tlds.map
2019-09-10 16:48:40 +02:00
MAGIC
b272ed04a0
[Postfix] Remove DNSBL dnsbl.inps.de due to legal reasons
2019-09-09 21:37:49 +02:00
André Peters
8f4d468209
Merge pull request #2916 from Thomas2500/patch-1
...
Disable SSL ticket support in dovecot
2019-09-09 07:47:37 +02:00
andryyy
87e99e53d9
[Postfix] Fix anonymize headers
2019-09-08 10:29:06 +02:00
Thomas Bella
3983b3d393
Disable SSL ticket support in dovecot
...
Because tickets are normally only generated on service start, we should disable it to provide better PFS.
2019-09-06 12:39:33 +02:00
andryyy
8608ded0ed
[Postfix] Replace Postcow header, remove authed user
2019-09-06 08:02:52 +02:00
André Peters
f87beded34
Update fishy_tlds.map
2019-09-05 14:32:04 +02:00
andryyy
0d5df21ffc
[Postfix] Route watchdog@localhost to local7 discard
2019-09-04 23:07:35 +02:00
andryyy
8d0b2678fe
[Rspamd] Remove some TLDs from fishy map
2019-09-04 08:14:35 +02:00
andryyy
1495bda2e1
[Postfix] Add info about extra.cf
2019-09-02 18:39:08 +02:00
andryyy
1bdf861177
[Postfix] Add comments to config files, cleanup a bit
2019-09-02 09:31:30 +02:00
andryyy
9c714b34a4
[Rspamd] Bad word update and score change
2019-08-30 19:30:38 +02:00
andryyy
569296dcdc
[Rspamd] More bad words - todo: split by language
2019-08-30 18:54:54 +02:00
andryyy
5a89dc114d
[Rspamd] Minor changes to fishy tlds and bad words
2019-08-29 18:57:37 +02:00
andryyy
6e82a35929
[Rspamd] Important fix for fishy maps
2019-08-28 15:04:53 +02:00
andryyy
1414e9df00
[Rspamd] Reduce fishy tld score
...
[Compose] Update Dovecot image
2019-08-28 14:37:04 +02:00
andryyy
a5d569e0ca
[Rspamd] Reduce fishy tld score
2019-08-28 14:26:01 +02:00
andryyy
01fe856d05
[Rspamd] Fix a domain name
2019-08-28 13:05:42 +02:00
andryyy
23ae0c3cc1
[Rspamd] Filter 'em bad words from 'em bad tlds
2019-08-28 13:03:15 +02:00
andryyy
abf33b75f4
[Postfix] Remove Zeyple config
2019-08-25 16:00:33 +02:00
andryyy
e342016534
[Rspamd] Fix scores of UCE
2019-08-22 22:08:22 +02:00
andryyy
084eb008a1
[Rspamd] Add UCE to RBL
2019-08-22 16:34:03 +02:00
andryyy
9bbf9dc68e
[Rspamd] Fix and improve settings map
2019-08-21 21:07:51 +02:00
andryyy
3a26365b51
[Rspamd] Change SA ruleset name
2019-08-21 14:37:30 +02:00
andryyy
a2386434fd
[Postfix] More RBLs, lower thresholds
2019-08-16 22:17:28 +02:00
andryyy
217da8c7fc
[Postfix] Reduce threshold to 4, format list
2019-08-16 07:55:17 +02:00
andryyy
1b3a5d54ca
[Postfix] Reduce RBL threshold
...
We should move more RBL checks to Postfix
2019-08-16 07:46:19 +02:00
andryyy
9e0381185c
[Postfix] Disable UTF8 SMTP as Dovecots LMTP does not support it, also disable Zeyple
2019-08-09 14:10:31 +02:00
andryyy
5fda67223d
[Dovecot] Fix pathes
2019-07-28 21:36:09 +02:00
André Peters
e00a18ab95
Update anonymize_headers.pcre
2019-07-26 07:18:58 +02:00
andryyy
9de821c3b0
[Postfix] Don't remove authed header from Received
...
[Compose] New watchdog image
2019-07-26 06:53:29 +02:00
andryyy
db0719f068
[Rspamd] Fix IP whitelist
2019-07-22 13:50:05 +02:00
andryyy
71df10892c
[Rspamd] Add custom IP whitelist template
2019-07-22 13:38:47 +02:00
André Peters
83136c7876
Merge pull request #2789 from patschi/patch-6
...
Remove DMARC descriptions from polices_group
2019-07-16 21:30:44 +02:00
Patrik Kernstock
197f27b705
Remove DMARC descriptions from polices_group
...
Remove descriptions as they are inherited from the default rspamd configuration anyway
2019-07-16 20:15:11 +02:00
Michael Kuron
cecbbe9e82
Remove score from R_DKIM_PERMFAIL
...
This error happens when there is no public key in DNS for that selector.
2019-07-16 20:03:37 +02:00
andryyy
3c3bcf8c82
[Postfix] Set compatibility_level to 2
2019-07-13 14:44:17 +02:00
andryyy
eb760543d9
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2019-07-13 09:23:51 +02:00
andryyy
568e166478
[Unbound] Update base to Alpine 3.10 to use Unbound 1.9
...
[Unbound] Set unwanted-reply-threshold: 10000
2019-07-13 09:22:03 +02:00
andryyy
2898aa6918
[Postfix] Remove unused alias domain catch all map
2019-07-13 08:59:32 +02:00
André Peters
84f4f43b27
Update policies_group.conf
2019-07-12 23:15:27 +02:00
andryyy
2efd27e40e
[Olefy] A new container is born, thanks to @c-rosenberg
...
[ACME] Autoconfig is back (re-added to SAN list by default for all mail domains)
[Rspamd] Added comment to composite
2019-06-25 18:52:05 +02:00
andryyy
f2d1a56104
[Rspamd] Increase OLEFY_MACRO score
2019-06-20 10:18:43 +02:00
andryyy
04940429ba
[Rspamd] Add oletools via olefy, big thanks to @c-rosenberg
2019-06-16 17:35:58 +02:00
andryyy
6f99f06c6d
[Rspamd] Add OLEFY_MACRO symbol
2019-06-16 17:35:24 +02:00
andryyy
9c347e36fc
[Rspamd] Less aggressive bayes
2019-06-16 17:34:58 +02:00
andryyy
e43951331c
[Rspamd] Sign ARC inbonud, thanks to @Kraeutergarten
2019-06-11 11:41:59 +02:00
andryyy
ffb008f72a
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2019-06-09 16:50:04 +02:00
andryyy
de3a89ac7a
[Postfix] Remove duplicate proxy read maps, add resource maps
2019-06-09 16:49:02 +02:00
dofl
fa4c4b138e
Update main.cf
...
Added the delay_warning_time (http://www.postfix.org/postconf.5.html#delay_warning_time ) with 4 hours as setting. Postfix will inform the user that the e-mail has not been delivered, but that it will try for the next 5 days.
There is also a setting called confirm_delay_cleared (http://www.postfix.org/postconf.5.html#confirm_delay_cleared ), but according to the Postfix this can lead to a sudden burst of notifications at the end of a prolonged network outage.
2019-06-09 07:39:36 +02:00
dofl
d5eeb3e8af
Update main.cf
...
I was looking into creating a backup mx server for a high availability mailcow setup. It seems that this is not easily done. While researching to find out how long an average SMTP server keeps trying to send to a server that is down I found that RFC 5321 advises at least 4 to 5 days. Mailcow has a custom setup of 1 day, which is very short. The user will be unaware for 5 days that his mail has not been delivered, which can be negative. But I still would like to follow the advice of the RFC.
RFC 5321, in section 4.5.4.1, has this to say:
Retries continue until the message is transmitted or the sender up; the give-up time generally needs to be at least 4-5 days. It MAY be appropriate to set a shorter maximum number of retries for non-delivery notifications and equivalent error messages than for standard messages.
Postfix default is also 5 days: http://www.postfix.org/postconf.5.html
https://tools.ietf.org/html/rfc5321#section-4.5.4
2019-06-08 15:10:46 +02:00
andryyy
af46a93e76
[Postfix] Remove authed user from header
2019-06-01 22:14:48 +02:00
andryyy
dcacf85a5d
[Dovecot] Rename sieve_after to global_sieve_after and create a global_sieve_before file
2019-06-01 13:53:24 +02:00
andryyy
aaf0d521a2
[Postfix] Add UA header check, not enabled by default
2019-06-01 08:29:53 +02:00
andryyy
395f0f7a3d
[Rspamd] Remove authenticated user from auth results header
...
[Dovecot] Fix permissions of console
[Compose] New Dovecot image
2019-05-29 18:02:14 +02:00
andryyy
2757c6b5fe
[Postfix] Do not allow DSN for postscreen
2019-05-27 19:32:41 +02:00
andryyy
ba14f0f113
[Rspamd] Fix spoofing detection
2019-05-20 15:14:42 +02:00
andryyy
1f365f5cff
[Dovecot] Remove shared namespace
2019-05-18 23:01:23 +02:00
andryyy
3ffa7e1f33
[Rspamd] Add SIEVE_HOST map and skip spoof check for these IPs
2019-05-18 22:44:06 +02:00
andryyy
45359bb6cf
[Rspamd] Do not apply SPOOFED_UNAUTH on ARC_ALLOW
...
[Dovecot] Set sieve_redirect_envelope_from to rcpt
2019-05-18 09:18:00 +02:00
andryyy
5c07cca529
[Rspamd] Change spoofed mail handling
2019-05-09 11:48:38 +02:00
andryyy
456e92c830
[Rspamd] Set to to_ip to_ip_from rate buckets to 100 / 1s
2019-05-09 11:32:16 +02:00
André Peters
61433a4488
Merge pull request #2541 from sriccio/master
...
Allow to easily add custom plugins to rspamd
2019-05-05 22:33:32 +02:00
andryyy
28c8c53a6e
[Rspamd] meta_exporter: return false if not matched
...
[Compose] Update Dovecot image
2019-05-01 22:50:38 +02:00
Howaner
17918b3e21
Added domain alias handling to quarantine mails and added recipients row to quarantine mail display
...
If a mail is sent to a domain alias domain and rejected, mailcow does not currently store the mail in quarantine.
This commit adds domain alias handling to the reject code and should fix this behavior.
Also added displaying of recipient addresses into the quarantine mail dialog to be able to see what mail address was "leaked".
2019-05-01 00:56:12 +02:00
andryyy
91af3d5c5a
[Rspamd] Much higher scores for DMARC failures
2019-04-30 14:00:47 +02:00
andryyy
9b303dcc0e
[Dovecot] Set default_vsz_limit = 1024 M
...
[Web] Form cache for user passwd change modal disabled
2019-04-24 14:46:45 +02:00
sriccio
ef5cf81308
[rspamd] Allow to easily use custom rspamd lua plugins
...
Since rspamd 1.9.2 we'll be able to load custom modules from plugins.d
directory.
This allow to add and configure plugins easily from the
data/conf/rspamd/plugins.d
Also loading config for custom plugins need rspamd.conf.local or
optionally rspamd.conf.override.
I added support for this in the docker-compose.yml
Idea came while i was writing a custom plugin for Cyren antispam
gateway, which can be found here: https://github.com/sriccio/rspamd-plugins
2019-04-17 10:36:39 +02:00
andryyy
9f00d956f1
[Rspamd] Improve spoofing detection
2019-04-14 20:37:38 +02:00
andryyy
c8047b9555
[Web] Change session timeout handling
...
[Rspamd] Add missing spamassassin.conf
2019-04-14 13:01:47 +02:00
andryyy
fae34b8a89
I'm an idiot
2019-04-01 22:52:45 +02:00
andryyy
bb12ce9edc
[Nginx] Fix site when ALLOW_ADMIN_EMAIL_LOGIN=y and reverse proxy is used, fixes #2489
2019-04-01 22:46:13 +02:00
Marcel Hofer
7d2289c3a7
Merge branch 'master' into admin-login
...
# Conflicts:
# data/web/js/site/mailbox.js
2019-03-23 21:17:02 +01:00
andryyy
4aae72779a
[Dovecot] Remove auth cache
2019-03-18 14:15:02 +01:00
André Peters
3d8a46357b
Merge branch 'master' into admin-login
2019-03-18 02:03:59 +01:00
andryyy
d8e356f590
[SOGo] Revert to previous settings
2019-03-18 01:36:32 +01:00
andryyy
a614d64615
[SOGo] Adjust sync parameters, revert if you run into problems!
2019-03-14 08:59:24 +01:00
andryyy
d449984a66
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized
2019-03-12 23:39:57 +01:00
andryyy
fc63661fbd
[Solr] Change default configset before bootstrapping
...
[Solr] Bootstrap cannot be omitted and must occur before mounting the data directory
2019-03-12 23:15:26 +01:00
André Peters
70c424caa2
[Web] Fix rejected mails not being quarantized properly if they are tagged
2019-03-12 11:26:33 +01:00
andryyy
1c3daedc39
[Rspamd] Remove headers var from dyn maps
2019-03-12 01:28:04 +01:00
Aaron Larisch
40a826a347
Fix rejected mails not being quarantized properly if they are tagged
2019-03-11 15:31:21 +01:00
Robert Christian
4bbb6d78e3
fix solr query ngram
2019-03-10 17:20:46 +01:00
André Peters
ae19d81f2d
Merge branch 'master' into admin-login
2019-03-10 10:38:42 +01:00
André Peters
216451ed43
Merge branch 'master' into admin-login
2019-03-10 09:51:12 +01:00
andryyy
0a1e71f7ec
[Dovecot] Use dovecot-fts core
2019-03-10 09:40:31 +01:00
andryyy
c7c115d63a
[Solr] Use fixed, recommended schema but add EdgeNGramFilterFactory
2019-03-10 09:40:04 +01:00
andryyy
2443e956eb
[Rspamd] Remove buggy last-modified check
2019-03-08 12:43:05 +01:00
andryyy
d124fa1d5b
[Rspamd] Check if filterconf table was changed and return Last-Modified accordingly
2019-03-07 11:44:38 +01:00
andryyy
e04e15ed23
[Rspamd] Mime from and rcpt can now be checked by from_mime and rcpt_mime
2019-03-07 00:07:11 +01:00
andryyy
c792bbcbab
[Rspamd] make upstream an object
2019-03-07 00:05:55 +01:00
andryyy
bb065dbc22
[Rspamd] Add fuzzy worker with worker-fuzzy.inc
2019-03-06 15:14:25 +01:00
andryyy
9abbe7eb1d
[Postfix] Mandatory protocol for authenticated clients over 587/tcp and 465/tcp is now TLSv1.0+ (reverts previous protocol change for authenticated users only)
...
[Postfix] Force route localhost$ over local:
2019-03-06 15:09:28 +01:00
andryyy
6dc5318673
[Rspamd] Delete rspamd.conf.local
2019-03-06 15:08:18 +01:00
andryyy
4d32eb49ee
[Dovecot] Revert to TLS1+
2019-03-04 17:57:44 +01:00
andryyy
0375703198
[Postfix] Fix mandatory encryption protocols and always require at least TLS 1.2 for LMTP
2019-03-03 12:11:39 +01:00
andryyy
eccf3ff4da
[Postfix] Mandatory encryption protocol is now min. TLS 1.2
2019-03-03 12:09:10 +01:00
andryyy
69f54b99a1
[Dovecot] ssl_min_protocol is now TLS 1.2
2019-03-03 12:08:26 +01:00
Marcel Hofer
a110378000
always check basic auth against user database for EAS and SOGo if ALLOW_ADMIN_EMAIL_LOGIN is enabled
2019-02-27 23:06:19 +01:00
andryyy
38911034c3
Don't break DAV
2019-02-26 22:13:37 +01:00
andryyy
ae512018a8
[Postfix] Remove sasl requiring policies from port 25
2019-02-26 21:37:08 +01:00
Marcel Hofer
dd6d253ac0
add random masterpass for sogo admin login
...
add required headers for sogo proxy auth with password
add SOGoEncryptionKey
add SOGoTrustProxyAuthentication only conditionally if feature is enabled
2019-02-26 09:02:35 +01:00
andryyy
b0584b7699
[Dovecot] Remove vacation-seconds from global-only
2019-02-25 10:22:00 +01:00
andryyy
57312ad605
[Compose] Add ALLOW_ADMIN_EMAIL_LOGIN to sogo-mailcow to trigger bootstrap on change
...
[Compose] Static IPv4 for Dovecot
[SOGo] Remove SOGoIMAPServer from sogo.conf
[SOGo] Add SOGoIMAPServer to bootstrap process
[Nginx] Disallow editAccount for other accounts than 0 (own)
2019-02-25 00:00:32 +01:00
André Peters
298a8d24e9
Merge pull request #2360 from mhofer117/allow-admin-email-login
...
Allow admins to login as email user (without any password)
2019-02-24 18:49:13 +01:00
andryyy
108e808d06
[Rspamd] Reduce SOGO_CONTACT score to -99
2019-02-23 23:46:01 +01:00
André Peters
9a9079baa5
Update sogo.auth_request.template.sh
2019-02-23 22:29:14 +01:00
André Peters
0c8f217f49
Update sogo.auth_request.template.sh
...
Don't want to split hairs! Just consistency. :)
2019-02-23 22:20:09 +01:00
Marcel Hofer
cac67db203
add config ALLOW_ADMIN_EMAIL_LOGIN and implement password-less SOGo login admins
2019-02-23 17:59:18 +01:00
andryyy
28a3f5ca8c
[Dovecot] Add flags and notify to sieve_extensions
2019-02-22 18:25:35 +01:00
andryyy
1092d98499
[Dovecot] Enable sieve vacation seconds not just for global scripts
2019-02-22 10:52:18 +01:00
andryyy
02b015a359
[Rspamd] Lower history nrows
2019-02-14 11:11:20 +01:00
eXtremeSHOK
260421448d
Update clamd.conf
...
AlertOLE2Macros, default should be set to NO
With this option enabled OLE2 files containing VBA macros, which were NOT detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
This causes most microsoft office document files which contains macros to be blocked. Majority of corporate documents mailed contain macros. When the option is set to NO, emails are still checked for known malicious macros.
Due to any message failing clamav being set to a 2000 score, this causes all legitimate emails with harmless macros to be blocked.
The default for debian/ubuntu is to set this to NO
cPanel, iredmail, etc all have this option set to NO
2019-02-13 09:50:29 +02:00
andryyy
5efdf71120
[Nginx] Add qhandler rewrite
...
[Web] Move theme header include, fixes #2267
2019-02-06 10:14:56 +01:00
andryyy
c57a544c52
[Postfix] Disable auth on port 25
2019-02-05 10:35:32 +01:00