From da168322d62f29d7736905d834db85cbcd9ce77b Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Fri, 2 Aug 2024 21:24:41 +0200 Subject: [PATCH 1/5] Update deps --- setup/flavors/compose/docker-compose.yml | 2 +- towncrier/newsfragments/3347.bugfix | 2 ++ webmails/Dockerfile | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 towncrier/newsfragments/3347.bugfix diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml index 3eeba1d4..428d6995 100644 --- a/setup/flavors/compose/docker-compose.yml +++ b/setup/flavors/compose/docker-compose.yml @@ -217,7 +217,7 @@ services: # Optional services {% if antivirus_enabled %} antivirus: - image: clamav/clamav-debian:1.2.0-6 + image: clamav/clamav-debian:1.2.3-45 restart: always logging: driver: journald diff --git a/towncrier/newsfragments/3347.bugfix b/towncrier/newsfragments/3347.bugfix new file mode 100644 index 00000000..a5723885 --- /dev/null +++ b/towncrier/newsfragments/3347.bugfix @@ -0,0 +1,2 @@ +Update to a newer clamav 1.2.3-45 +Update to snappymail 2.36.4 diff --git a/webmails/Dockerfile b/webmails/Dockerfile index 950c3f3c..4e33a4da 100644 --- a/webmails/Dockerfile +++ b/webmails/Dockerfile @@ -54,7 +54,7 @@ COPY roundcube/config/config.inc.carddav.php /var/www/roundcube/plugins/carddav/ # snappymail -ENV SNAPPYMAIL_URL https://github.com/the-djmaze/snappymail/releases/download/v2.36.1/snappymail-2.36.1.tar.gz +ENV SNAPPYMAIL_URL https://github.com/the-djmaze/snappymail/releases/download/v2.36.4/snappymail-2.36.4.tar.gz RUN set -euxo pipefail \ ; mkdir /var/www/snappymail \ From cfec4c58cc20faf18540c574b00bc76568d62f86 Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Sun, 4 Aug 2024 10:54:49 +0200 Subject: [PATCH 2/5] Add a new CNAME for old MUAs --- core/admin/mailu/models.py | 2 +- towncrier/newsfragments/3347.bugfix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py index f73bf0b7..57c82c6b 100644 --- a/core/admin/mailu/models.py +++ b/core/admin/mailu/models.py @@ -276,7 +276,7 @@ class Domain(Base): f'_{proto}._tcp.{self.name}. 600 IN SRV {prio} 1 {port} {hostname}.' if port in ports else f'_{proto}._tcp.{self.name}. 600 IN SRV 0 0 0 .' for proto, port, prio in protocols - ]+[f'autoconfig.{self.name}. 600 IN CNAME {hostname}.'] + ]+[f'autoconfig.{self.name}. 600 IN CNAME {hostname}.', f'autodiscover.{self.name}. 600 IN CNAME {hostname}.'] @cached_property def dns_tlsa(self): diff --git a/towncrier/newsfragments/3347.bugfix b/towncrier/newsfragments/3347.bugfix index a5723885..cefcfd3e 100644 --- a/towncrier/newsfragments/3347.bugfix +++ b/towncrier/newsfragments/3347.bugfix @@ -1,2 +1,3 @@ Update to a newer clamav 1.2.3-45 Update to snappymail 2.36.4 +Add a new DNS entry for autodiscover (old MUA autoconfiguration) From 407024d59a08c1b335970ca7f33ed2831ebce6ff Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Sun, 4 Aug 2024 17:57:33 +0200 Subject: [PATCH 3/5] Roundcube 1.6.8 --- towncrier/newsfragments/3347.bugfix | 1 + webmails/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/towncrier/newsfragments/3347.bugfix b/towncrier/newsfragments/3347.bugfix index cefcfd3e..c06c7515 100644 --- a/towncrier/newsfragments/3347.bugfix +++ b/towncrier/newsfragments/3347.bugfix @@ -1,3 +1,4 @@ Update to a newer clamav 1.2.3-45 Update to snappymail 2.36.4 +Update to roundcube 1.6.8 (CVE-2024-42009, CVE-2024-42008, CVE-2024-42010) Add a new DNS entry for autodiscover (old MUA autoconfiguration) diff --git a/webmails/Dockerfile b/webmails/Dockerfile index 4e33a4da..4e6e6896 100644 --- a/webmails/Dockerfile +++ b/webmails/Dockerfile @@ -28,7 +28,7 @@ RUN set -euxo pipefail \ ; mkdir -p /run/nginx /conf # roundcube -ENV ROUNDCUBE_URL https://github.com/roundcube/roundcubemail/releases/download/1.6.7/roundcubemail-1.6.7-complete.tar.gz +ENV ROUNDCUBE_URL https://github.com/roundcube/roundcubemail/releases/download/1.6.8/roundcubemail-1.6.8-complete.tar.gz ENV CARDDAV_URL https://github.com/mstilkerich/rcmcarddav/releases/download/v5.1.0/carddav-v5.1.0.tar.gz RUN set -euxo pipefail \ From 0b8e565272159629e0b43571b4add65a32fc1af7 Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Mon, 5 Aug 2024 14:13:55 +0200 Subject: [PATCH 4/5] Clarify the doc as per https://github.com/Mailu/Mailu/issues/3359#issuecomment-2268909660 --- docs/antispam.rst | 6 +++--- towncrier/newsfragments/3347.bugfix | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/antispam.rst b/docs/antispam.rst index 5042ff0c..91ecab58 100644 --- a/docs/antispam.rst +++ b/docs/antispam.rst @@ -113,7 +113,7 @@ The following steps have to be taken to configure an additional symbol (rule) th * soft reject: temporarily delay message (this is used, for instance, to greylist or rate-limit messages) To move an email message to the Junk (Spam) folder, a score of 15 can be used in combination with the action "add header". - The above example configuration will reject all emails send from domains that are listed in '/etc/rspamd/override.d/blacklist.inc'. + The above example configuration will reject all emails send from domains that are listed in '/overrides/blacklist.inc'. 2. In the Rspamd overrides folder create a map that contains the domains to be blocked. You can use # to add comments. @@ -137,12 +137,12 @@ The following steps have to be taken to configure an additional symbol (rule) th The symbol is only displayed if the symbol has no pre-filter (action= line) configured. Changes made in this screen are not saved to the configuration file. -5. Check if the map is available. In rspamd webgui to to configuration. A map is available with the path: +5. Check if the map is available. In rspamd webgui to to configuration, a map is available with the path: /etc/rspamd/override.d/blacklist.inc Senders domain part is on the local blacklist .. image:: assets/screenshots/RspamdMapBlacklist.png - When clicking on this map, you can live-edit the map via the GUI. Changes are effective immediately. Only changes made to maps in the overrides folder are persistent. Changes made to other maps will be reverted when the Rspamd container is recreated. It is also possible to make direct changes to the map on filesystem. These changes are also effective immediately. + When clicking on this map, you can live-edit the map via the GUI. Please note that only changes made to maps in the ``/overrides`` folder are persistent as changes made interractively though the GUI will be reverted when the Rspamd container is recreated. All changes (whether through the GUI or on the filesystem) are effective immediately. For more information on using the multimap filter see the official `multimap documentation`_ of Rspamd. diff --git a/towncrier/newsfragments/3347.bugfix b/towncrier/newsfragments/3347.bugfix index c06c7515..6668768f 100644 --- a/towncrier/newsfragments/3347.bugfix +++ b/towncrier/newsfragments/3347.bugfix @@ -2,3 +2,4 @@ Update to a newer clamav 1.2.3-45 Update to snappymail 2.36.4 Update to roundcube 1.6.8 (CVE-2024-42009, CVE-2024-42008, CVE-2024-42010) Add a new DNS entry for autodiscover (old MUA autoconfiguration) +Clarify the language in the documentation related to rspamd overrides From b359301cc2db40f98ecf4cb0acc821cdf9a003b7 Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Mon, 5 Aug 2024 14:49:38 +0200 Subject: [PATCH 5/5] more doc updates --- docs/antispam.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/antispam.rst b/docs/antispam.rst index 91ecab58..51dffe22 100644 --- a/docs/antispam.rst +++ b/docs/antispam.rst @@ -137,8 +137,8 @@ The following steps have to be taken to configure an additional symbol (rule) th The symbol is only displayed if the symbol has no pre-filter (action= line) configured. Changes made in this screen are not saved to the configuration file. -5. Check if the map is available. In rspamd webgui to to configuration, a map is available with the path: - /etc/rspamd/override.d/blacklist.inc Senders domain part is on the local blacklist +5. Check if the map is available. In rspamd webgui go to configuration, a map is available with the path: + /overrides/blacklist.inc Senders domain part is on the local blacklist .. image:: assets/screenshots/RspamdMapBlacklist.png