git subrepo commit (merge) mailcow/src/mailcow-dockerized
subrepo: subdir: "mailcow/src/mailcow-dockerized"
merged: "02ae5285"
upstream: origin: "https://github.com/mailcow/mailcow-dockerized.git"
branch: "master"
commit: "649a5c01"
git-subrepo: version: "0.4.3"
origin: "???"
commit: "???"
Change-Id: I870ad468fba026cc5abf3c5699ed1e12ff28b32b
diff --git a/mailcow/src/mailcow-dockerized/data/conf/dovecot/dovecot.conf b/mailcow/src/mailcow-dockerized/data/conf/dovecot/dovecot.conf
index cef7de8..b7aca75 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/dovecot/dovecot.conf
+++ b/mailcow/src/mailcow-dockerized/data/conf/dovecot/dovecot.conf
@@ -45,36 +45,25 @@
auth_master_user_separator = *
mail_shared_explicit_inbox = yes
mail_prefetch_count = 30
+passdb {
+ driver = lua
+ args = file=/etc/dovecot/lua/passwd-verify.lua blocking=yes
+ result_success = return-ok
+ result_failure = continue
+ result_internalfail = continue
+}
# try a master passwd
passdb {
driver = passwd-file
args = /etc/dovecot/dovecot-master.passwd
master = yes
- pass = yes
- result_failure = continue
- result_internalfail = continue
-}
-# try an app passwd
-passdb {
- driver = lua
- args = file=/etc/dovecot/lua/app-passdb.lua blocking=yes
- pass = yes
- result_failure = continue
- result_internalfail = continue
+ skip = authenticated
}
# check for regular password - if empty (e.g. force-passwd-reset), previous pass=yes passdbs also fail
# a return of the following passdb is mandatory
passdb {
- args = /etc/dovecot/sql/dovecot-dict-sql-passdb.conf
- driver = sql
- result_success = return-ok
- result_failure = continue
- result_internalfail = continue
-}
-passdb {
- driver = passwd-file
- args = /etc/dovecot/dovecot-master.passwd
- skip = authenticated
+ driver = lua
+ args = file=/etc/dovecot/lua/passwd-verify.lua blocking=yes
}
# Set doveadm_password=your-secret-password in data/conf/dovecot/extra.conf (create if missing)
service doveadm {
@@ -83,224 +72,7 @@
}
vsz_limit=2048 MB
}
-namespace inbox {
- inbox = yes
- location =
- separator = /
- mailbox "Trash" {
- auto = subscribe
- special_use = \Trash
- }
- mailbox "Deleted Messages" {
- special_use = \Trash
- }
- mailbox "Deleted Items" {
- special_use = \Trash
- }
- mailbox "Rubbish" {
- special_use = \Trash
- }
- mailbox "Gelöschte Objekte" {
- special_use = \Trash
- }
- mailbox "Gelöschte Elemente" {
- special_use = \Trash
- }
- mailbox "Papierkorb" {
- special_use = \Trash
- }
- mailbox "Itens Excluidos" {
- special_use = \Trash
- }
- mailbox "Itens Excluídos" {
- special_use = \Trash
- }
- mailbox "Lixeira" {
- special_use = \Trash
- }
- mailbox "Prullenbak" {
- special_use = \Trash
- }
- mailbox "Odstránené položky" {
- special_use = \Trash
- }
- mailbox "Koš" {
- special_use = \Trash
- }
- mailbox "Verwijderde items" {
- special_use = \Trash
- }
- mailbox "废件箱" {
- special_use = \Trash
- }
- mailbox "已删除消息" {
- special_use = \Trash
- }
- mailbox "已删除邮件" {
- special_use = \Trash
- }
- mailbox "Archive" {
- auto = subscribe
- special_use = \Archive
- }
- mailbox "Archiv" {
- special_use = \Archive
- }
- mailbox "Archives" {
- special_use = \Archive
- }
- mailbox "Arquivo" {
- special_use = \Archive
- }
- mailbox "Arquivos" {
- special_use = \Archive
- }
- mailbox "Archief" {
- special_use = \Archive
- }
- mailbox "Archív" {
- special_use = \Archive
- }
- mailbox "Archivovať" {
- special_use = \Archive
- }
- mailbox "归档" {
- special_use = \Archive
- }
- mailbox "Sent" {
- auto = subscribe
- special_use = \Sent
- }
- mailbox "Sent Messages" {
- special_use = \Sent
- }
- mailbox "Sent Items" {
- special_use = \Sent
- }
- mailbox "已发送" {
- special_use = \Sent
- }
- mailbox "已发送消息" {
- special_use = \Sent
- }
- mailbox "已发送邮件" {
- special_use = \Sent
- }
- mailbox "Gesendet" {
- special_use = \Sent
- }
- mailbox "Gesendete Objekte" {
- special_use = \Sent
- }
- mailbox "Gesendete Elemente" {
- special_use = \Sent
- }
- mailbox "Itens Enviados" {
- special_use = \Sent
- }
- mailbox "Enviados" {
- special_use = \Sent
- }
- mailbox "Verzonden items" {
- special_use = \Sent
- }
- mailbox "Verzonden" {
- special_use = \Sent
- }
- mailbox "Odoslaná pošta" {
- special_use = \Sent
- }
- mailbox "Odoslané" {
- special_use = \Sent
- }
- mailbox "Drafts" {
- auto = subscribe
- special_use = \Drafts
- }
- mailbox "Entwürfe" {
- special_use = \Drafts
- }
- mailbox "Rascunhos" {
- special_use = \Drafts
- }
- mailbox "Concepten" {
- special_use = \Drafts
- }
- mailbox "Koncepty" {
- special_use = \Drafts
- }
- mailbox "草稿" {
- special_use = \Drafts
- }
- mailbox "草稿箱" {
- special_use = \Drafts
- }
- mailbox "Junk" {
- auto = subscribe
- special_use = \Junk
- }
- mailbox "Junk-E-Mail" {
- special_use = \Junk
- }
- mailbox "Junk E-Mail" {
- special_use = \Junk
- }
- mailbox "Spam" {
- special_use = \Junk
- }
- mailbox "Lixo Eletrônico" {
- special_use = \Junk
- }
- mailbox "Nevyžiadaná pošta" {
- special_use = \Junk
- }
- mailbox "Infikované položky" {
- special_use = \Junk
- }
- mailbox "Ongewenste e-mail" {
- special_use = \Junk
- }
- mailbox "垃圾" {
- special_use = \Junk
- }
- mailbox "垃圾箱" {
- special_use = \Junk
- }
- mailbox "Koncepty" {
- special_use = \Drafts
- }
- mailbox "Nevyžádaná pošta" {
- special_use = \Junk
- }
- mailbox "Odstraněná pošta" {
- special_use = \Trash
- }
- mailbox "Odeslaná pošta" {
- special_use = \Sent
- }
- mailbox "Skräp" {
- special_use = \Trash
- }
- mailbox "Borttagna Meddelanden" {
- special_use = \Trash
- }
- mailbox "Arkiv" {
- special_use = \Archive
- }
- mailbox "Arkeverat" {
- special_use = \Archive
- }
- mailbox "Skickat" {
- special_use = \Sent
- }
- mailbox "Skickade Meddelanden" {
- special_use = \Sent
- }
- mailbox "Utkast" {
- special_use = \Drafts
- }
- prefix =
-}
+!include /etc/dovecot/dovecot.folders.conf
protocols = imap sieve lmtp pop3
service dict {
unix_listener dict {
@@ -331,6 +103,7 @@
mode = 0600
user = vmail
}
+ vsz_limit = 2G
}
service managesieve-login {
inet_listener sieve {
@@ -373,7 +146,7 @@
}
}
service imap {
- executable = imap imap-postlogin
+ executable = imap
user = vmail
vsz_limit = 1G
}
@@ -389,8 +162,6 @@
listen = *,[::]
ssl_cert = </etc/ssl/mail/cert.pem
ssl_key = </etc/ssl/mail/key.pem
-!include_try /etc/dovecot/sni.conf
-!include_try /etc/dovecot/sogo_trusted_ip.conf
userdb {
driver = passwd-file
args = /etc/dovecot/dovecot-master.userdb
@@ -417,8 +188,7 @@
acl_anyone = </etc/dovecot/acl_anyone
acl_shared_dict = file:/var/vmail/shared-mailboxes.db
acl = vfile
- last_login_dict = </etc/dovecot/last_login
- last_login_key = last-login/%s/%u
+ acl_user = %u
fts = solr
fts_autoindex = yes
fts_solr = url=http://solr:8983/solr/dovecot-fts/
@@ -439,6 +209,7 @@
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
# END
+ master_user = %u
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
@@ -459,7 +230,6 @@
sieve_after2 = /var/vmail/sieve/global_sieve_after.sieve
sieve_duplicate_default_period = 1m
sieve_duplicate_max_period = 7d
- sieve_vacation_dont_check_recipient = yes
# -- Global keys
mail_crypt_global_private_key = </mail_crypt/ecprivkey.pem
@@ -491,13 +261,6 @@
}
submission_host = postfix:588
mail_max_userip_connections = 500
-service imap-postlogin {
- executable = script-login /usr/local/bin/postlogin.sh
- unix_listener imap-postlogin {
- user = vmail
- mode = 0660
- }
-}
service stats {
unix_listener stats-writer {
mode = 0660
@@ -528,8 +291,12 @@
replication_max_conns = 10
doveadm_port = 12345
replication_dsync_parameters = -d -l 30 -U -n INBOX
+# <Includes>
+!include_try /etc/dovecot/sni.conf
+!include_try /etc/dovecot/sogo_trusted_ip.conf
!include_try /etc/dovecot/extra.conf
!include_try /etc/dovecot/sogo-sso.conf
!include_try /etc/dovecot/shared_namespace.conf
+# </Includes>
default_client_limit = 10400
default_vsz_limit = 1024 M
diff --git a/mailcow/src/mailcow-dockerized/data/conf/dovecot/dovecot.folders.conf b/mailcow/src/mailcow-dockerized/data/conf/dovecot/dovecot.folders.conf
new file mode 100644
index 0000000..99c9670
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/conf/dovecot/dovecot.folders.conf
@@ -0,0 +1,293 @@
+namespace inbox {
+ inbox = yes
+ location =
+ separator = /
+ mailbox "Trash" {
+ auto = subscribe
+ special_use = \Trash
+ }
+ mailbox "Deleted Messages" {
+ special_use = \Trash
+ }
+ mailbox "Deleted Items" {
+ special_use = \Trash
+ }
+ mailbox "Rubbish" {
+ special_use = \Trash
+ }
+ mailbox "Gelöschte Objekte" {
+ special_use = \Trash
+ }
+ mailbox "Gelöschte Elemente" {
+ special_use = \Trash
+ }
+ mailbox "Papierkorb" {
+ special_use = \Trash
+ }
+ mailbox "Itens Excluidos" {
+ special_use = \Trash
+ }
+ mailbox "Itens Excluídos" {
+ special_use = \Trash
+ }
+ mailbox "Lixeira" {
+ special_use = \Trash
+ }
+ mailbox "Prullenbak" {
+ special_use = \Trash
+ }
+ mailbox "Odstránené položky" {
+ special_use = \Trash
+ }
+ mailbox "Koš" {
+ special_use = \Trash
+ }
+ mailbox "Verwijderde items" {
+ special_use = \Trash
+ }
+ mailbox "Удаленные" {
+ special_use = \Trash
+ }
+ mailbox "Удаленные элементы" {
+ special_use = \Trash
+ }
+ mailbox "Корзина" {
+ special_use = \Trash
+ }
+ mailbox "Видалені" {
+ special_use = \Trash
+ }
+ mailbox "Видалені елементи" {
+ special_use = \Trash
+ }
+ mailbox "Кошик" {
+ special_use = \Trash
+ }
+ mailbox "废件箱" {
+ special_use = \Trash
+ }
+ mailbox "已删除消息" {
+ special_use = \Trash
+ }
+ mailbox "已删除邮件" {
+ special_use = \Trash
+ }
+ mailbox "Archive" {
+ auto = subscribe
+ special_use = \Archive
+ }
+ mailbox "Archiv" {
+ special_use = \Archive
+ }
+ mailbox "Archives" {
+ special_use = \Archive
+ }
+ mailbox "Arquivo" {
+ special_use = \Archive
+ }
+ mailbox "Arquivos" {
+ special_use = \Archive
+ }
+ mailbox "Archief" {
+ special_use = \Archive
+ }
+ mailbox "Archív" {
+ special_use = \Archive
+ }
+ mailbox "Archivovať" {
+ special_use = \Archive
+ }
+ mailbox "归档" {
+ special_use = \Archive
+ }
+ mailbox "Архив" {
+ special_use = \Archive
+ }
+ mailbox "Архів" {
+ special_use = \Archive
+ }
+ mailbox "Sent" {
+ auto = subscribe
+ special_use = \Sent
+ }
+ mailbox "Sent Messages" {
+ special_use = \Sent
+ }
+ mailbox "Sent Items" {
+ special_use = \Sent
+ }
+ mailbox "已发送" {
+ special_use = \Sent
+ }
+ mailbox "已发送消息" {
+ special_use = \Sent
+ }
+ mailbox "已发送邮件" {
+ special_use = \Sent
+ }
+ mailbox "Отправленные" {
+ special_use = \Sent
+ }
+ mailbox "Отправленные элементы" {
+ special_use = \Sent
+ }
+ mailbox "Надіслані" {
+ special_use = \Sent
+ }
+ mailbox "Надіслані елементи" {
+ special_use = \Sent
+ }
+ mailbox "Gesendet" {
+ special_use = \Sent
+ }
+ mailbox "Gesendete Objekte" {
+ special_use = \Sent
+ }
+ mailbox "Gesendete Elemente" {
+ special_use = \Sent
+ }
+ mailbox "Itens Enviados" {
+ special_use = \Sent
+ }
+ mailbox "Enviados" {
+ special_use = \Sent
+ }
+ mailbox "Verzonden items" {
+ special_use = \Sent
+ }
+ mailbox "Verzonden" {
+ special_use = \Sent
+ }
+ mailbox "Odoslaná pošta" {
+ special_use = \Sent
+ }
+ mailbox "Odoslané" {
+ special_use = \Sent
+ }
+ mailbox "Drafts" {
+ auto = subscribe
+ special_use = \Drafts
+ }
+ mailbox "Entwürfe" {
+ special_use = \Drafts
+ }
+ mailbox "Rascunhos" {
+ special_use = \Drafts
+ }
+ mailbox "Concepten" {
+ special_use = \Drafts
+ }
+ mailbox "Koncepty" {
+ special_use = \Drafts
+ }
+ mailbox "草稿" {
+ special_use = \Drafts
+ }
+ mailbox "草稿箱" {
+ special_use = \Drafts
+ }
+ mailbox "Черновики" {
+ special_use = \Drafts
+ }
+ mailbox "Чернетки" {
+ special_use = \Drafts
+ }
+ mailbox "Junk" {
+ auto = subscribe
+ special_use = \Junk
+ }
+ mailbox "Junk-E-Mail" {
+ special_use = \Junk
+ }
+ mailbox "Junk E-Mail" {
+ special_use = \Junk
+ }
+ mailbox "Spam" {
+ special_use = \Junk
+ }
+ mailbox "Lixo Eletrônico" {
+ special_use = \Junk
+ }
+ mailbox "Nevyžiadaná pošta" {
+ special_use = \Junk
+ }
+ mailbox "Infikované položky" {
+ special_use = \Junk
+ }
+ mailbox "Ongewenste e-mail" {
+ special_use = \Junk
+ }
+ mailbox "垃圾" {
+ special_use = \Junk
+ }
+ mailbox "垃圾箱" {
+ special_use = \Junk
+ }
+ mailbox "Нежелательная почта" {
+ special_use = \Junk
+ }
+ mailbox "Спам" {
+ special_use = \Junk
+ }
+ mailbox "Небажана пошта" {
+ special_use = \Junk
+ }
+ mailbox "Koncepty" {
+ special_use = \Drafts
+ }
+ mailbox "Nevyžádaná pošta" {
+ special_use = \Junk
+ }
+ mailbox "Odstraněná pošta" {
+ special_use = \Trash
+ }
+ mailbox "Odeslaná pošta" {
+ special_use = \Sent
+ }
+ mailbox "Skräp" {
+ special_use = \Trash
+ }
+ mailbox "Borttagna Meddelanden" {
+ special_use = \Trash
+ }
+ mailbox "Arkiv" {
+ special_use = \Archive
+ }
+ mailbox "Arkeverat" {
+ special_use = \Archive
+ }
+ mailbox "Skickat" {
+ special_use = \Sent
+ }
+ mailbox "Skickade Meddelanden" {
+ special_use = \Sent
+ }
+ mailbox "Utkast" {
+ special_use = \Drafts
+ }
+ mailbox "Skraldespand" {
+ special_use = \Trash
+ }
+ mailbox "Slettet mails" {
+ special_use = \Trash
+ }
+ mailbox "Arkiv" {
+ special_use = \Archive
+ }
+ mailbox "Arkiveret mails" {
+ special_use = \Archive
+ }
+ mailbox "Sendt" {
+ special_use = \Sent
+ }
+ mailbox "Sendte mails" {
+ special_use = \Sent
+ }
+ mailbox "Udkast" {
+ special_use = \Drafts
+ }
+ mailbox "Kladde" {
+ special_use = \Drafts
+ }
+ prefix =
+}
\ No newline at end of file
diff --git a/mailcow/src/mailcow-dockerized/data/conf/dovecot/global_sieve_before b/mailcow/src/mailcow-dockerized/data/conf/dovecot/global_sieve_before
index e6a523d..3e79ca1 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/dovecot/global_sieve_before
+++ b/mailcow/src/mailcow-dockerized/data/conf/dovecot/global_sieve_before
@@ -1,2 +1,13 @@
# global_sieve_before script
# global_sieve_before -> user sieve_before (mailcow UI) -> user sieve_after (mailcow UI) -> global_sieve_after
+
+require ["mailbox", "fileinto"];
+
+if header :contains ["Chat-Version"] [""] {
+ if mailboxexists "DeltaChat" {
+ fileinto "DeltaChat";
+ } else {
+ fileinto :create "DeltaChat";
+ }
+ stop;
+}
diff --git a/mailcow/src/mailcow-dockerized/data/conf/nginx/includes/site-defaults.conf b/mailcow/src/mailcow-dockerized/data/conf/nginx/includes/site-defaults.conf
index c4c06b2..b38f4b2 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/nginx/includes/site-defaults.conf
+++ b/mailcow/src/mailcow-dockerized/data/conf/nginx/includes/site-defaults.conf
@@ -3,6 +3,8 @@
charset utf-8;
override_charset on;
+ server_tokens off;
+
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
@@ -86,6 +88,11 @@
return 301 /SOGo/dav;
}
+ location ^~ /inc/lib/ {
+ deny all;
+ return 403;
+ }
+
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
@@ -140,7 +147,6 @@
try_files /autoconfig.php =404;
}
- # auth_request endpoint if ALLOW_ADMIN_EMAIL_LOGIN is set
location /sogo-auth-verify {
internal;
proxy_set_header X-Original-URI $request_uri;
@@ -152,7 +158,7 @@
}
location ^~ /Microsoft-Server-ActiveSync {
- include /etc/nginx/conf.d/sogo_proxy_auth.active;
+ include /etc/nginx/conf.d/includes/sogo_proxy_auth.conf;
include /etc/nginx/conf.d/sogo_eas.active;
proxy_connect_timeout 75;
proxy_send_timeout 3600;
@@ -166,7 +172,22 @@
}
location ^~ /SOGo {
- include /etc/nginx/conf.d/sogo_proxy_auth.active;
+ location ~* ^/SOGo/so/.*\.(xml|js|html|xhtml)$ {
+ include /etc/nginx/conf.d/includes/sogo_proxy_auth.conf;
+ include /etc/nginx/conf.d/sogo.active;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $http_host;
+ proxy_set_header x-webobjects-server-protocol HTTP/1.0;
+ proxy_set_header x-webobjects-remote-host $remote_addr;
+ proxy_set_header x-webobjects-server-name $server_name;
+ proxy_set_header x-webobjects-server-url $client_req_scheme://$http_host;
+ proxy_set_header x-webobjects-server-port $server_port;
+ proxy_hide_header Content-Type;
+ add_header Content-Type text/plain;
+ break;
+ }
+ include /etc/nginx/conf.d/includes/sogo_proxy_auth.conf;
include /etc/nginx/conf.d/sogo.active;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/mailcow/src/mailcow-dockerized/data/conf/nginx/templates/sogo.auth_request.template.sh b/mailcow/src/mailcow-dockerized/data/conf/nginx/includes/sogo_proxy_auth.conf
similarity index 66%
rename from mailcow/src/mailcow-dockerized/data/conf/nginx/templates/sogo.auth_request.template.sh
rename to mailcow/src/mailcow-dockerized/data/conf/nginx/includes/sogo_proxy_auth.conf
index f6d2d98..045b98a 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/nginx/templates/sogo.auth_request.template.sh
+++ b/mailcow/src/mailcow-dockerized/data/conf/nginx/includes/sogo_proxy_auth.conf
@@ -1,10 +1,8 @@
-if printf "%s\n" "${ALLOW_ADMIN_EMAIL_LOGIN}" | grep -E '^([yY][eE][sS]|[yY])+$' >/dev/null; then
- echo 'auth_request /sogo-auth-verify;
+auth_request /sogo-auth-verify;
auth_request_set $user $upstream_http_x_user;
auth_request_set $auth $upstream_http_x_auth;
auth_request_set $auth_type $upstream_http_x_auth_type;
proxy_set_header x-webobjects-remote-user "$user";
proxy_set_header Authorization "$auth";
proxy_set_header x-webobjects-auth-type "$auth_type";
-'
-fi
+
diff --git a/mailcow/src/mailcow-dockerized/data/conf/nginx/site.conf b/mailcow/src/mailcow-dockerized/data/conf/nginx/site.conf
index d6e6b13..1b46d2b 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/nginx/site.conf
+++ b/mailcow/src/mailcow-dockerized/data/conf/nginx/site.conf
@@ -1,4 +1,3 @@
-server_tokens off;
proxy_cache_path /tmp levels=1:2 keys_zone=sogo:10m inactive=24h max_size=1g;
server_names_hash_bucket_size 64;
diff --git a/mailcow/src/mailcow-dockerized/data/conf/nginx/templates/server_name.template b/mailcow/src/mailcow-dockerized/data/conf/nginx/templates/server_name.template
deleted file mode 100644
index 261a1ec..0000000
--- a/mailcow/src/mailcow-dockerized/data/conf/nginx/templates/server_name.template
+++ /dev/null
@@ -1 +0,0 @@
-server_name ${MAILCOW_HOSTNAME} autodiscover.* autoconfig.*;
diff --git a/mailcow/src/mailcow-dockerized/data/conf/nginx/templates/server_name.template.sh b/mailcow/src/mailcow-dockerized/data/conf/nginx/templates/server_name.template.sh
new file mode 100755
index 0000000..291b378
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/conf/nginx/templates/server_name.template.sh
@@ -0,0 +1 @@
+echo "server_name ${MAILCOW_HOSTNAME} autodiscover.* autoconfig.* $(echo ${ADDITIONAL_SERVER_NAMES} | tr ',' ' ');"
diff --git a/mailcow/src/mailcow-dockerized/data/conf/phpfpm/php-conf.d/other.ini b/mailcow/src/mailcow-dockerized/data/conf/phpfpm/php-conf.d/other.ini
index 379be75..02f59a9 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/phpfpm/php-conf.d/other.ini
+++ b/mailcow/src/mailcow-dockerized/data/conf/phpfpm/php-conf.d/other.ini
@@ -1,2 +1,3 @@
max_execution_time = 3600
max_input_time = 3600
+memory_limit = 512M
diff --git a/mailcow/src/mailcow-dockerized/data/conf/postfix/main.cf b/mailcow/src/mailcow-dockerized/data/conf/postfix/main.cf
index 3e4b2b1..b4f34b4 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/postfix/main.cf
+++ b/mailcow/src/mailcow-dockerized/data/conf/postfix/main.cf
@@ -7,7 +7,6 @@
smtpd_tls_key_file = /etc/ssl/mail/key.pem
tls_server_sni_maps = hash:/opt/postfix/conf/sni.map
smtpd_tls_received_header = yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
@@ -78,7 +77,7 @@
postscreen_non_smtp_command_enable = no
postscreen_pipelining_enable = no
proxy_read_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_passwd_maps_transport_maps.cf,
- proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_access_maps.cf,
+ proxy:mysql:/opt/postfix/conf/sql/mysql_mbr_access_maps.cf,
proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf,
$sender_dependent_default_transport_maps,
$smtp_tls_policy_maps,
@@ -116,7 +115,7 @@
smtpd_hard_error_limit = ${stress?1}${stress:5}
smtpd_helo_required = yes
smtpd_proxy_timeout = 600s
-smtpd_recipient_restrictions = check_sasl_access proxy:mysql:/opt/postfix/conf/sql/mysql_sasl_access_maps.cf,
+smtpd_recipient_restrictions = check_recipient_mx_access proxy:mysql:/opt/postfix/conf/sql/mysql_mbr_access_maps.cf,
permit_sasl_authenticated,
permit_mynetworks,
check_recipient_access proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf,
@@ -160,8 +159,9 @@
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail/
virtual_mailbox_domains = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_domains_maps.cf
-recipient_bcc_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_recipient_bcc_maps.cf
-sender_bcc_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sender_bcc_maps.cf
+# -- moved to rspamd on 2021-06-01
+#recipient_bcc_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_recipient_bcc_maps.cf
+#sender_bcc_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_sender_bcc_maps.cf
recipient_canonical_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_recipient_canonical_maps.cf
recipient_canonical_classes = envelope_recipient
virtual_mailbox_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf
@@ -191,11 +191,10 @@
postscreen_discard_ehlo_keywords = silent-discard, dsn
compatibility_level = 2
smtputf8_enable = no
-smtpd_last_auth = check_policy_service inet:127.0.0.1:10028
# Define protocols for SMTPS and submission service
submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,qmqpd_authorized_clients
# DO NOT EDIT ANYTHING BELOW #
# User overrides #
-
diff --git a/mailcow/src/mailcow-dockerized/data/conf/postfix/master.cf b/mailcow/src/mailcow-dockerized/data/conf/postfix/master.cf
index ffd1ac4..63ce875 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/postfix/master.cf
+++ b/mailcow/src/mailcow-dockerized/data/conf/postfix/master.cf
@@ -17,7 +17,6 @@
-o tls_preempt_cipherlist=yes
-o cleanup_service_name=smtp_sender_cleanup
-o syslog_name=postfix/smtps
- -o smtpd_end_of_data_restrictions=$smtpd_last_auth
10465 inet n - n - - smtpd
-o smtpd_upstream_proxy_protocol=haproxy
-o smtpd_tls_wrappermode=yes
@@ -26,7 +25,6 @@
-o tls_preempt_cipherlist=yes
-o cleanup_service_name=smtp_sender_cleanup
-o syslog_name=postfix/smtps-haproxy
- -o smtpd_end_of_data_restrictions=$smtpd_last_auth
# smtpd with starttls on 587/tcp
# TLS protocol can be modified by setting submission_smtpd_tls_mandatory_protocols in extra.cf
@@ -38,7 +36,6 @@
-o tls_preempt_cipherlist=yes
-o cleanup_service_name=smtp_sender_cleanup
-o syslog_name=postfix/submission
- -o smtpd_end_of_data_restrictions=$smtpd_last_auth
10587 inet n - n - - smtpd
-o smtpd_upstream_proxy_protocol=haproxy
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
@@ -48,7 +45,6 @@
-o tls_preempt_cipherlist=yes
-o cleanup_service_name=smtp_sender_cleanup
-o syslog_name=postfix/submission-haproxy
- -o smtpd_end_of_data_restrictions=$smtpd_last_auth
# used by SOGo
# smtpd_sender_restrictions should match main.cf, but with check_sasl_access prepended for login-as-mailbox-user function
@@ -58,7 +54,6 @@
-o smtpd_sender_restrictions=check_sasl_access,regexp:/opt/postfix/conf/allow_mailcow_local.regexp,reject_authenticated_sender_login_mismatch,permit_mynetworks,permit_sasl_authenticated,reject_unlisted_sender,reject_unknown_sender_domain
-o cleanup_service_name=smtp_sender_cleanup
-o syslog_name=postfix/sogo
- -o smtpd_end_of_data_restrictions=$smtpd_last_auth
# used to reinject quarantine mails
590 inet n - n - - smtpd
@@ -68,7 +63,15 @@
-o smtpd_milters=
-o non_smtpd_milters=
-o syslog_name=postfix/quarantine
- -o smtpd_end_of_data_restrictions=$smtpd_last_auth
+
+# used to send bcc mails
+591 inet n - n - - smtpd
+ -o smtpd_helo_restrictions=
+ -o smtpd_client_restrictions=permit_mynetworks,reject
+ -o smtpd_tls_auth_only=no
+ -o smtpd_milters=
+ -o non_smtpd_milters=
+ -o syslog_name=postfix/bcc
# enforced smtp connector
smtp_enforced_tls unix - - n - - smtp
@@ -115,7 +118,6 @@
# start whitelist_fwd
127.0.0.1:10027 inet n n n - 0 spawn user=nobody argv=/usr/local/bin/whitelist_forwardinghosts.sh
-127.0.0.1:10028 inet n n n - 0 spawn user=nobody argv=/usr/local/bin/smtpd_last_login.sh
# end whitelist_fwd
# start watchdog-specific
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/custom/bad_asn.map b/mailcow/src/mailcow-dockerized/data/conf/rspamd/custom/bad_asn.map
index fb42628..1858c55 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/rspamd/custom/bad_asn.map
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/custom/bad_asn.map
@@ -1,30 +1,30 @@
# High spam networks, disabled by default
# ASN SCORE DESC
# Remove comment to enable score
-#201942 5 #Soltia Consulting SL - ipinfo.io
-#16276 2 #OVH
-#12876 2 #ONLINE S.A.S
-#31034 5 #ARUBA-ASN, IT
-#12874 5 #FASTWEB, IT
-#30823 3 #PKV spam
-#42831 5 #UK Dedicated Servers Ltd
-#29119 5 #Aire Networks del Mediterraneo S.L.U.
-#13335 5 #Cloudflare
-#28753 5 #Leaseweb
-#61272 5 #Informacines sistemos ir technologijos
-#53755 5 #Input Output Flood LLC
-#29422 5 #FICIX Helsinki
-#62255 4 #Asmunda New Media Ltd
-#14061 4 #Digitalocean
-#55293 4 #A2 Hosting
-#63018 4 #US Dedicated
-#197518 2 #RACKMARKT
-#44493 2
-#46606 2
-#49505 2
-#21100 2
-#197695 2
-#198068 2
-#43146 2
-#49100 4
-#39364 4
+#12874 5 #Fastweb SpA, Italy
+#12876 2 #ONLINE S.A.S, France
+#13335 5 #Cloudflare Inc., United States
+#14061 4 #DigitalOcean LLC, United States
+#16276 2 #OVH SAS, France
+#21100 2 #ITL LLC, Ukraine
+#28753 5 #Leaseweb Deutschland GmbH, Germany
+#29119 5 #ServiHosting Networks S.L., Spain
+#29422 5 #Telia Inmics-Nebula Oy, Finland
+#30823 3 #combahton GmbH, Germany
+#31034 5 #Aruba S.p.A, Italy
+#39364 4 #Hormoz IT & Network Waves Connection Co. (PJS), Iran
+#42831 5 #UK Dedicated Servers Limited, United Kingdom
+#43146 2 #Domain names registrar REG.RU Ltd, Russia
+#44493 2 #Chelyabinsk-Signal LLC, Russia
+#46606 2 #Unified Layer, United States
+#49100 4 #Pishgaman Toseeh Ertebatat Company (Private Joint Stock), Iran
+#49505 2 #OOO Network of data-centers Selectel, Russia
+#53755 5 #Input Output Flood LLC, United States
+#55293 4 #A2 Hosting Inc., United States
+#61272 5 #Informacines sistemos ir technologijos - UAB, Lithuania
+#62255 4 #Asmunda New Media Ltd., Seychelles
+#63018 4 #Dedicated.com, United States
+#197518 2 #Rackmarkt SL, Spain
+#197695 2 #Domain names registrar REG.RU Ltd, Russia
+#198068 2 #P.A.G.M. OU, Estonia
+#201942 5 #Soltia Consulting SL, Spain
\ No newline at end of file
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/custom/bad_header.map b/mailcow/src/mailcow-dockerized/data/conf/rspamd/custom/bad_header.map
new file mode 100644
index 0000000..839c3c3
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/custom/bad_header.map
@@ -0,0 +1,2 @@
+/Thread-Topic:\s[a-zA-Z]{3}\s[a-zA-Z]{2}[\s\r\n]{0,1}[^a-zA-Z0-9][\r\n]/i
+/Thread-Topic:\s[a-zA-Z]{3}\s[a-zA-Z]{2}\s[a-zA-Z]{1}\s[a-zA-Z]{5}[\s\r\n]{0,1}[^a-zA-Z0-9][\r\n]/i
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/custom/bulk_header.map b/mailcow/src/mailcow-dockerized/data/conf/rspamd/custom/bulk_header.map
index 303954e..e9dc206 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/rspamd/custom/bulk_header.map
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/custom/bulk_header.map
@@ -1,5 +1,5 @@
/X-EMV-Platform; .*/i
-/.*nur-1-click*/i
+/.*nur-1-click.*/i
/.*episerver.*/i
/.*supergewinne.*/i
/List-Unsubscribe.*nbps\.eu/i
@@ -16,3 +16,4 @@
/.*dynamic-lht.*/i
/.*light-house-traffic.*/i
/.*newsletterplus.*/i
+/.*X-Chpo.*/i
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/dynmaps/bcc.php b/mailcow/src/mailcow-dockerized/data/conf/rspamd/dynmaps/bcc.php
new file mode 100644
index 0000000..3145fee
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/dynmaps/bcc.php
@@ -0,0 +1,88 @@
+<?php
+// File size is limited by Nginx site to 10M
+// To speed things up, we do not include prerequisites
+header('Content-Type: text/plain');
+require_once "vars.inc.php";
+// Do not show errors, we log to using error_log
+ini_set('error_reporting', 0);
+// Init database
+//$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
+$dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
+$opt = [
+ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+ PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+ PDO::ATTR_EMULATE_PREPARES => false,
+];
+try {
+ $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
+}
+catch (PDOException $e) {
+ error_log("BCC MAP SQL ERROR: " . $e . PHP_EOL);
+ http_response_code(501);
+ exit;
+}
+
+function parse_email($email) {
+ if(!filter_var($email, FILTER_VALIDATE_EMAIL)) return false;
+ $a = strrpos($email, '@');
+ return array('local' => substr($email, 0, $a), 'domain' => substr(substr($email, $a), 1));
+}
+if (!function_exists('getallheaders')) {
+ function getallheaders() {
+ if (!is_array($_SERVER)) {
+ return array();
+ }
+ $headers = array();
+ foreach ($_SERVER as $name => $value) {
+ if (substr($name, 0, 5) == 'HTTP_') {
+ $headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
+ }
+ }
+ return $headers;
+ }
+}
+
+// Read headers
+$headers = getallheaders();
+// Get rcpt
+$rcpt = $headers['Rcpt'];
+// Get from
+$from = $headers['From'];
+// Remove tags
+$rcpt = preg_replace('/^(.*?)\+.*(@.*)$/', '$1$2', $rcpt);
+$from = preg_replace('/^(.*?)\+.*(@.*)$/', '$1$2', $from);
+
+try {
+ if (!empty($rcpt)) {
+ $stmt = $pdo->prepare("SELECT `bcc_dest` FROM `bcc_maps` WHERE `type` = 'rcpt' AND `local_dest` = :local_dest AND `active` = '1'");
+ $stmt->execute(array(
+ ':local_dest' => $rcpt
+ ));
+ $bcc_dest = $stmt->fetch(PDO::FETCH_ASSOC)['bcc_dest'];
+ if (!empty($bcc_dest) && filter_var($bcc_dest, FILTER_VALIDATE_EMAIL)) {
+ error_log("BCC MAP: returning ". $bcc_dest . " for " . $rcpt . PHP_EOL);
+ http_response_code(201);
+ echo trim($bcc_dest);
+ exit;
+ }
+ }
+ if (!empty($from)) {
+ $stmt = $pdo->prepare("SELECT `bcc_dest` FROM `bcc_maps` WHERE `type` = 'sender' AND `local_dest` = :local_dest AND `active` = '1'");
+ $stmt->execute(array(
+ ':local_dest' => $from
+ ));
+ $bcc_dest = $stmt->fetch(PDO::FETCH_ASSOC)['bcc_dest'];
+ if (!empty($bcc_dest) && filter_var($bcc_dest, FILTER_VALIDATE_EMAIL)) {
+ error_log("BCC MAP: returning ". $bcc_dest . " for " . $from . PHP_EOL);
+ http_response_code(201);
+ echo trim($bcc_dest);
+ exit;
+ }
+ }
+}
+catch (PDOException $e) {
+ error_log("BCC MAP SQL ERROR: " . $e->getMessage() . PHP_EOL);
+ http_response_code(502);
+ exit;
+}
+
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/dynmaps/sasl_logs.php b/mailcow/src/mailcow-dockerized/data/conf/rspamd/dynmaps/sasl_logs.php
new file mode 100644
index 0000000..2d4cbe6
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/dynmaps/sasl_logs.php
@@ -0,0 +1,2 @@
+<?php
+// PoC
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/composites.conf b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/composites.conf
index 13c977c..337a2eb 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/composites.conf
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/composites.conf
@@ -11,6 +11,11 @@
expression = "-g+:policies & !DMARC_POLICY_ALLOW & !MAILLIST & ( FREEMAIL_ENVFROM | FREEMAIL_FROM ) & !WHITELISTED_FWD_HOST";
score = 16.0;
}
+# Applies to freemail with undisclosed recipients
+FREEMAIL_TO_UNDISC_RCPT {
+ expression = "FREEMAIL_FROM & ( MISSING_TO | R_UNDISC_RCPT | TO_EQ_FROM )";
+ score = 5.0;
+}
# Bad policy from non-whitelisted senders
# Remove SOGO_CONTACT symbol for fwd hosts and senders with broken policy
SOGO_CONTACT_EXCLUDE {
@@ -29,23 +34,37 @@
}
# Applies to a content filter map
BAD_WORD_BAD_TLD {
- expression = "FISHY_TLD & ( BAD_WORDS | BAD_WORDS_DE )"
+ expression = "FISHY_TLD & ( BAD_WORDS | BAD_WORDS_DE )";
score = 10.0;
}
# Forged with bad policies and not fwd host, keep bad policy symbols
FORGED_W_BAD_POLICY {
- expression = "( -g+:policies | -R_SPF_NA) & ( ~FROM_NEQ_ENVFROM | ~FORGED_SENDER ) & !WHITELISTED_FWD_HOST & !DMARC_POLICY_ALLOW"
+ expression = "( -g+:policies | -R_SPF_NA) & ( ~FROM_NEQ_ENVFROM | ~FORGED_SENDER ) & !WHITELISTED_FWD_HOST & !DMARC_POLICY_ALLOW";
score = 3.0;
}
# Keep negative (good) scores for rbl, policies and hfilter, disable neural group
WL_FWD_HOST {
- expression = "-WHITELISTED_FWD_HOST & (^g+:rbl | ^g+:policies | ^g+:hfilter | ^g:neural)"
+ expression = "-WHITELISTED_FWD_HOST & (^g+:rbl | ^g+:policies | ^g+:hfilter | ^g:neural)";
}
# Exclude X-Spam like flags from scoring from fwd and sieve hosts
UPSTREAM_CHECKS_EXCLUDE_FWD_HOST {
- expression = "(-SIEVE_HOST | -WHITELISTED_FWD_HOST) & (^UNITEDINTERNET_SPAM | ^SPAM_FLAG | ^KLMS_SPAM | ^AOL_SPAM | ^MICROSOFT_SPAM)"
+ expression = "(-SIEVE_HOST | -WHITELISTED_FWD_HOST) & (^UNITEDINTERNET_SPAM | ^SPAM_FLAG | ^KLMS_SPAM | ^AOL_SPAM | ^MICROSOFT_SPAM)";
}
# Remove fuzzy group from bounces
BOUNCE_FUZZY {
expression = "-BOUNCE & ^g+:fuzzy";
}
+# Remove bayes ham if fuzzy denied
+FUZZY_HAM_MISMATCH {
+ expression = "( -FUZZY_DENIED | -MAILCOW_FUZZY_DENIED | -LOCAL_FUZZY_DENIED ) & ( ^BAYES_HAM | ^NEURAL_HAM_LONG | ^NEURAL_HAM_SHORT )";
+}
+# Remove bayes spam if local fuzzy white
+FUZZY_SPAM_MISMATCH {
+ expression = "( -LOCAL_FUZZY_WHITE ) & ( ^BAYES_SPAM | ^NEURAL_SPAM_LONG | ^NEURAL_SPAM_SHORT )";
+}
+WL_FWD_HOST {
+ expression = "-WHITELISTED_FWD_HOST & (^g+:rbl | ^g+:policies | ^g+:hfilter | ^g:neural)";
+}
+ENCRYPTED_CHAT {
+ expression = "CHAT_VERSION_HEADER & ENCRYPTED_PGP";
+}
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/dkim_signing.conf b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/dkim_signing.conf
index 13eb094..4fac27f 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/dkim_signing.conf
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/dkim_signing.conf
@@ -32,4 +32,4 @@
# forwards are arc signed, rejects are dkim signed
sign_networks = "/etc/rspamd/custom/dovecot_trusted.map";
use_domain_sign_networks = "header";
-sign_headers = "from:sender:reply-to:subject:date:message-id:to:cc:mime-version:content-type:content-transfer-encoding:resent-to:resent-cc:resent-from:resent-sender:resent-message-id:in-reply-to:references:list-id:list-help:list-owner:list-unsubscribe:list-subscribe:list-post:openpgp:autocrypt";
+sign_headers = "from:sender:reply-to:subject:date:message-id:to:cc:mime-version:content-type:content-transfer-encoding:content-language:resent-to:resent-cc:resent-from:resent-sender:resent-message-id:in-reply-to:references:list-id:list-help:list-owner:list-unsubscribe:list-subscribe:list-post:list-unsubscribe-post:disposition-notification-to:disposition-notification-options:original-recipient:openpgp:autocrypt";
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/external_services.conf b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/external_services.conf
index f05314b..2b091ff 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/external_services.conf
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/external_services.conf
@@ -6,4 +6,7 @@
# mime-part regex matching in content-type or filename
# block all macros
extended = true;
+ max_size = 3145728;
+ timeout = 20.0;
+ retransmits = 1;
}
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/groups.conf b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/groups.conf
index ef599ef..9ca3409 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/groups.conf
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/groups.conf
@@ -9,9 +9,15 @@
"BAD_REP_POLICIES" {
score = 2.0;
}
+ "BAD_HEADER" {
+ score = 10.0;
+ }
"BULK_HEADER" {
score = 4.0;
}
+ "ENCRYPTED_CHAT" {
+ score = -20.0;
+ }
}
group "MX" {
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/metadata_exporter.conf b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/metadata_exporter.conf
index f29f480..b6aa150 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/metadata_exporter.conf
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/metadata_exporter.conf
@@ -51,6 +51,7 @@
and not task:has_symbol('GLOBAL_MIME_FROM_BL')
and not task:has_symbol('LOCAL_BL_ASN')
and not task:has_symbol('GLOBAL_RCPT_BL')
+ and not task:has_symbol('BAD_SUBJECT_00')
and not task:has_symbol('MAILCOW_BLACK') then
local action = task:get_metric_action('default')
if action == 'reject' or action == 'add header' or action == 'rewrite subject' then
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/multimap.conf b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/multimap.conf
index 0f05bb5..17ada99 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/multimap.conf
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/multimap.conf
@@ -19,6 +19,22 @@
symbols_set = ["BULK_HEADER"];
}
+CHAT_VERSION_HEADER {
+ type = "header";
+ header = "Chat-Version";
+ map = "${LOCAL_CONFDIR}/custom/chat_versions.map";
+ regexp = true;
+ symbols_set = ["CHAT_VERSION_HEADER"];
+}
+
+BAD_HEADER {
+ type = "content";
+ map = "${LOCAL_CONFDIR}/custom/bad_header.map";
+ filter = "headers"
+ regexp = true;
+ symbols_set = ["BAD_HEADER"];
+}
+
LOCAL_BL_ASN {
require_symbols = "!MAILCOW_WHITE";
type = "asn";
@@ -80,7 +96,6 @@
type = "ip";
map = "${LOCAL_CONFDIR}/custom/dovecot_trusted.map";
symbols_set = ["SIEVE_HOST"];
- score = -15;
}
RSPAMD_HOST {
@@ -136,7 +151,7 @@
score = 5.0;
}
-BAZAR_ABUSE_CH {
+BAZAAR_ABUSE_CH {
type = "selector";
selector = "attachments(hex,md5)";
map = "https://bazaar.abuse.ch/export/txt/md5/recent/";
@@ -155,3 +170,12 @@
map = "redis://SMTP_LIMITED_ACCESS";
symbols_set = ["SMTP_LIMITED_ACCESS"];
}
+
+BAD_SUBJECT_00 {
+ type = "header";
+ header = "subject";
+ regexp = true;
+ map = "http://nullnull.org/bad-subject-regex.txt";
+ score = 6.0;
+ symbols_set = ["BAD_SUBJECT_00"];
+}
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/options.inc b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/options.inc
index 4fbdfba..fcf499d 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/options.inc
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/options.inc
@@ -2,8 +2,7 @@
enable_dnssec = true;
}
map_watch_interval = 30s;
-dns {
- timeout = 4s;
- retransmits = 2;
-}
disable_monitoring = true;
+# In case a task times out (like DNS lookup), soft reject the message
+# instead of silently accepting the message without further processing.
+soft_reject_on_timeout = true;
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/policies_group.conf b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/policies_group.conf
index 8799db1..954deac 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/policies_group.conf
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/policies_group.conf
@@ -1,6 +1,6 @@
symbols = {
"ARC_REJECT" {
- score = 0.01;
+ score = 0.1;
}
"R_SPF_FAIL" {
score = 8.0;
@@ -8,6 +8,9 @@
"R_SPF_PERMFAIL" {
score = 8.0;
}
+ "R_SPF_SOFTFAIL" {
+ score = 0.1;
+ }
"R_DKIM_REJECT" {
score = 8.0;
}
@@ -18,6 +21,6 @@
weight = 8.0;
}
"DMARC_POLICY_SOFTFAIL" {
- weight = 0.0;
+ weight = 0.1;
}
}
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/rbl.conf b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/rbl.conf
index c44b9ef..f132b4d 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/rbl.conf
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/rbl.conf
@@ -1,12 +1,4 @@
rbls {
- uceprotect1 {
- symbol = "RBL_UCEPROTECT_LEVEL1";
- rbl = "dnsbl-1.uceprotect.net";
- }
- uceprotect2 {
- symbol = "RBL_UCEPROTECT_LEVEL2";
- rbl = "dnsbl-2.uceprotect.net";
- }
sorbs {
symbol = "RBL_SORBS";
rbl = "dnsbl.sorbs.net";
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/reputation.conf b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/reputation.conf
index 0e3d03e..c9600b7 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/reputation.conf
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/reputation.conf
@@ -3,7 +3,6 @@
selector "ip" {
}
backend "redis" {
- servers = "redis";
}
symbol = "IP_REPUTATION";
}
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/statistics_group.conf b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/statistics_group.conf
index 7ed35b1..cf40583 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/statistics_group.conf
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/local.d/statistics_group.conf
@@ -1,6 +1,6 @@
symbols = {
"BAYES_SPAM" {
- weight = 2.5;
+ weight = 4.5;
description = "Message probably spam, probability: ";
}
"BAYES_HAM" {
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/lua/rspamd.local.lua b/mailcow/src/mailcow-dockerized/data/conf/rspamd/lua/rspamd.local.lua
index 3f4c326..b007f09 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/rspamd/lua/rspamd.local.lua
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/lua/rspamd.local.lua
@@ -321,6 +321,116 @@
})
rspamd_config:register_symbol({
+ name = 'BCC',
+ type = 'postfilter',
+ callback = function(task)
+ local util = require("rspamd_util")
+ local rspamd_http = require "rspamd_http"
+ local rspamd_logger = require "rspamd_logger"
+
+ local from_table = {}
+ local rcpt_table = {}
+
+ if task:has_symbol('ENCRYPTED_CHAT') then
+ return -- stop
+ end
+
+ local send_mail = function(task, bcc_dest)
+ local lua_smtp = require "lua_smtp"
+ local function sendmail_cb(ret, err)
+ if not ret then
+ rspamd_logger.errx(task, 'BCC SMTP ERROR: %s', err)
+ else
+ rspamd_logger.infox(rspamd_config, "BCC SMTP SUCCESS TO %s", bcc_dest)
+ end
+ end
+ if not bcc_dest then
+ return -- stop
+ end
+ lua_smtp.sendmail({
+ task = task,
+ host = os.getenv("IPV4_NETWORK") .. '.253',
+ port = 591,
+ from = task:get_from(stp)[1].addr,
+ recipients = bcc_dest,
+ helo = 'bcc',
+ timeout = 10,
+ }, task:get_content(), sendmail_cb)
+ end
+
+ -- determine from
+ local from = task:get_from('smtp')
+ if from then
+ for _, a in ipairs(from) do
+ table.insert(from_table, a['addr']) -- add this rcpt to table
+ table.insert(from_table, '@' .. a['domain']) -- add this rcpts domain to table
+ end
+ else
+ return -- stop
+ end
+
+ -- determine rcpts
+ local rcpts = task:get_recipients('smtp')
+ if rcpts then
+ for _, a in ipairs(rcpts) do
+ table.insert(rcpt_table, a['addr']) -- add this rcpt to table
+ table.insert(rcpt_table, '@' .. a['domain']) -- add this rcpts domain to table
+ end
+ else
+ return -- stop
+ end
+
+ local action = task:get_metric_action('default')
+ rspamd_logger.infox("metric action now: %s", action)
+
+ local function rcpt_callback(err_message, code, body, headers)
+ if err_message == nil and code == 201 and body ~= nil then
+ if action == 'no action' or action == 'add header' or action == 'rewrite subject' then
+ send_mail(task, body)
+ end
+ end
+ end
+
+ local function from_callback(err_message, code, body, headers)
+ if err_message == nil and code == 201 and body ~= nil then
+ if action == 'no action' or action == 'add header' or action == 'rewrite subject' then
+ send_mail(task, body)
+ end
+ end
+ end
+
+ if rcpt_table then
+ for _,e in ipairs(rcpt_table) do
+ rspamd_logger.infox(rspamd_config, "checking bcc for rcpt address %s", e)
+ rspamd_http.request({
+ task=task,
+ url='http://nginx:8081/bcc.php',
+ body='',
+ callback=rcpt_callback,
+ headers={Rcpt=e}
+ })
+ end
+ end
+
+ if from_table then
+ for _,e in ipairs(from_table) do
+ rspamd_logger.infox(rspamd_config, "checking bcc for from address %s", e)
+ rspamd_http.request({
+ task=task,
+ url='http://nginx:8081/bcc.php',
+ body='',
+ callback=from_callback,
+ headers={From=e}
+ })
+ end
+ end
+
+ return true
+ end,
+ priority = 20
+})
+
+rspamd_config:register_symbol({
name = 'DYN_RL_CHECK',
type = 'prefilter',
callback = function(task)
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/worker-normal.inc b/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/worker-normal.inc
index c0f1fb1..d206757 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/worker-normal.inc
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/worker-normal.inc
@@ -1,4 +1,4 @@
bind_socket = "*:11333";
-task_timeout = 12s;
+task_timeout = 25s;
count = 1;
.include(try=true; priority=30) "$CONFDIR/override.d/worker-normal.custom.inc"
diff --git a/mailcow/src/mailcow-dockerized/data/conf/sogo/custom-favicon.ico b/mailcow/src/mailcow-dockerized/data/conf/sogo/custom-favicon.ico
new file mode 100644
index 0000000..4d5cb32
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/conf/sogo/custom-favicon.ico
Binary files differ
diff --git a/mailcow/src/mailcow-dockerized/data/conf/sogo/custom-theme.js b/mailcow/src/mailcow-dockerized/data/conf/sogo/custom-theme.js
new file mode 100644
index 0000000..0df5067
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/conf/sogo/custom-theme.js
@@ -0,0 +1,36 @@
+/* EXAMPLE - EXAMPLE - EXAMPLE - EXAMPLE - EXAMPLE - EXAMPLE - EXAMPLE
+(function() {
+ 'use strict';
+ angular.module('SOGo.Common')
+ .config(configure)
+
+ configure.$inject = ['$mdThemingProvider'];
+ function configure($mdThemingProvider) {
+ var greyMap = $mdThemingProvider.extendPalette('grey', {
+ '200': 'F5F5F5',
+ '300': 'E5E5E5',
+ '1000': '4C566A'
+ });
+ var greenCow = $mdThemingProvider.extendPalette('green', {
+ '600': 'E5E5E5'
+ });
+ $mdThemingProvider.definePalette('frost-grey', greyMap);
+ $mdThemingProvider.definePalette('green-cow', greenCow);
+ $mdThemingProvider.theme('default')
+ .primaryPalette('green-cow', {
+ 'default': '400',
+ 'hue-1': '400',
+ 'hue-2': '600',
+ 'hue-3': 'A700'
+ })
+ .accentPalette('green', {
+ 'default': '600',
+ 'hue-1': '300',
+ 'hue-2': '300',
+ 'hue-3': 'A700'
+ })
+ .backgroundPalette('frost-grey');
+ $mdThemingProvider.generateThemesOnDemand(false);
+ }
+})();
+ */
\ No newline at end of file
diff --git a/mailcow/src/mailcow-dockerized/data/conf/sogo/sogo-full.svg b/mailcow/src/mailcow-dockerized/data/conf/sogo/sogo-full.svg
deleted file mode 100644
index 98ff2fc..0000000
--- a/mailcow/src/mailcow-dockerized/data/conf/sogo/sogo-full.svg
+++ /dev/null
@@ -1,44 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Generator: Adobe Illustrator 16.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [
- <!ENTITY st0 "fill:#50BD37;">
-]>
-<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
- width="640px" height="350px" viewBox="78.712 58.488 640 350" style="enable-background:new 78.712 58.488 640 350;"
- xml:space="preserve">
-<path style="&st0;" d="M648.541,145.679c-9.947,0-17.009-7.278-17.009-17.048c0-9.777,7.062-17.057,17.009-17.057
- c10.024,0,17.086,7.279,17.086,17.057C665.627,138.401,658.565,145.679,648.541,145.679z M648.511,94.893
- c-19.693,0-33.679,14.4-33.679,33.738c0,19.33,13.985,33.729,33.679,33.729c19.822,0,33.808-14.4,33.808-33.729
- C682.318,109.293,668.333,94.893,648.511,94.893z M648.482,179.843c-29.889,0-51.123-21.868-51.123-51.212
- c0-29.353,21.234-51.209,51.123-51.209c30.082,0,51.307,21.856,51.307,51.209C699.789,157.975,678.564,179.843,648.482,179.843z
- M648.442,58.488c-40.929,0-69.995,29.946-69.995,70.143c0,40.189,29.066,70.125,69.995,70.125c41.194,0,70.27-29.937,70.27-70.125
- C718.712,88.434,689.637,58.488,648.442,58.488z M158.166,183.902l-21.018-5.008c-19.131-4.396-28.849-9.413-28.849-23.21
- c0-15.684,15.99-21.965,30.419-21.965c14.667,0,25.382,7.329,31.693,18.737c0.02,0.048,0.051,0.097,0.09,0.157
- c0.127,0.247,0.276,0.484,0.403,0.731l0.03-0.02c1.985,3.002,5.323,5.008,8.919,5.008c6.122,0,10.558-4.425,10.558-10.547
- c0-2.341-0.504-4.82-1.601-6.688c-10.764-18.302-28.513-26.192-48.838-26.192c-27.594,0-54.262,13.797-54.262,44.218
- c0,27.921,27.605,36.079,37.64,38.578l20.069,4.71c15.368,3.763,27.912,8.791,27.912,23.517c0,16.938-17.561,23.943-34.499,23.943
- c-17.245,0-30.015-9.37-38.814-22.37h-0.01c-1.956-3-4.988-4.328-8.702-4.328c-5.984,0-10.805,5.185-10.587,11.162
- c0.098,2.438,0.909,4.637,2.153,6.405c13.787,20.633,33.728,28.41,55.96,28.41c28.543,0,57.085-13.143,57.085-45.132
- C193.918,203.325,178.551,188.613,158.166,183.902z M298.479,250.312c-33.866,0-55.199-25.403-55.199-58.331
- c0-32.939,21.333-58.343,55.199-58.343c34.192,0,55.516,25.403,55.516,58.343C353.996,224.91,332.672,250.312,298.479,250.312z
- M298.479,114.823c-45.471,0-77.777,32.93-77.777,77.158c0,44.217,32.306,77.146,77.777,77.146
- c45.786,0,78.093-32.929,78.093-77.146C376.572,147.753,344.266,114.823,298.479,114.823z M518.715,234.312
- c-0.771,0.74-1.549,1.472-2.399,2.175c-1.106,1.014-2.391,2.112-3.854,3.208c-8.829,6.391-19.979,10.094-33.017,10.094
- c-33.876,0-55.198-25.402-55.198-58.332c0-32.939,21.322-58.342,55.198-58.342c34.183,0,55.506,25.403,55.506,58.342
- C534.951,208.653,529.135,223.774,518.715,234.312z M468.097,317.938c2.528,0,5.146-0.168,7.863-0.504
- c5.018-0.631,9.588-0.909,13.729-0.909c19.24,0.109,29.036,5.7,34.943,12.158c5.895,6.499,8.168,15.311,8.158,22.796
- c0.01,3.586-0.555,6.795-1.177,8.721c-2.944,8.93-8.888,15.002-17.996,19.576c-9.035,4.484-21.095,6.777-33.707,6.757
- c-4.514,0-9.105-0.288-13.639-0.831c-8.573-0.987-19.911-4.671-28.13-11.093c-4.138-3.199-6.458-6.991-8.858-11.485
- c-2.379-4.514-2.783-9.748-2.783-16.442v-0.742c0-12.346,4.84-20.544,11.051-26.5c3.07-2.904,5.69-5.064,7.99-6.438
- c0.366-0.218,0.438-0.416,0.755-0.593C452.39,316.014,459.684,317.968,468.097,317.938z M479.445,114.301
- c-45.471,0-77.786,32.929-77.786,77.157c0,29.887,14.765,54.598,38.378,67.489c-0.314,0.314-0.621,0.641-0.916,0.966
- c-6.104,6.687-9.226,15.25-9.236,23.913c-0.008,3.821,0.624,7.741,1.977,11.494c-3.062,1.956-6.717,4.634-10.46,8.147
- c-9.026,8.408-18.734,22.541-19.021,42.097c-0.01,0.454-0.01,0.829-0.01,1.118c-0.01,10.071,2.379,19.157,6.459,26.774
- c6.133,11.466,15.683,19.445,25.539,24.77c9.917,5.334,20.257,8.166,29.273,9.274c5.373,0.643,10.826,0.988,16.268,0.988
- c15.151-0.02,30.261-2.578,43.409-9.019c13.085-6.34,24.333-17.253,29.192-32.562c1.443-4.553,2.212-9.719,2.231-15.428
- c-0.02-11.595-3.349-25.759-13.767-37.452c-10.421-11.734-27.654-19.566-51.288-19.459c-5.138,0-10.606,0.356-16.426,1.078
- c-1.877,0.227-3.596,0.334-5.166,0.334c-7.239-0.048-10.872-2.053-13.036-4.098c-2.133-2.084-3.2-4.839-3.229-8.058
- c-0.01-3.28,1.284-6.727,3.467-9.078c2.231-2.332,5.008-3.91,9.846-3.97c0.436,0,0.9,0.01,1.374,0.05
- c3.101,0.216,6.112,0.325,9.037,0.325c24.188,0.047,42.38-7.448,54.756-17.759c12.415-10.312,18.971-22.854,22.071-32.76l-0.04-0.01
- c3.37-8.899,5.197-18.715,5.197-29.166C557.539,147.229,525.234,114.301,479.445,114.301z"/>
-</svg>
diff --git a/mailcow/src/mailcow-dockerized/data/conf/sogo/sogo.conf b/mailcow/src/mailcow-dockerized/data/conf/sogo/sogo.conf
index 78791d5..2513f49 100644
--- a/mailcow/src/mailcow-dockerized/data/conf/sogo/sogo.conf
+++ b/mailcow/src/mailcow-dockerized/data/conf/sogo/sogo.conf
@@ -14,7 +14,12 @@
SOGoEnableEMailAlarms = YES;
SOGoFoldersSendEMailNotifications = YES;
SOGoForwardEnabled = YES;
- SOGoUIAdditionalJSFiles = (js/custom-sogo.js);
+
+ SOGoUIAdditionalJSFiles = (
+ js/theme.js,
+ js/custom-sogo.js
+ );
+
SOGoEnablePublicAccess = YES;
// Multi-domain setup
