1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Commit Graph

47 Commits

Author SHA1 Message Date
Florent Daigniere
bee8ce9357 Fix2805 2023-05-06 09:06:12 +02:00
Dimitri Huisman
45177bd25a
bring back removed blank lines 2023-03-09 08:30:58 +00:00
Dimitri Huisman
7ce28bd6e9
Fix some small errors 2023-03-09 08:28:18 +00:00
Dimitri Huisman
8861ce6edb
Change rspamd override system to use include with lowest priority.
All override files are used as if they were placed in the rspamd
local.d folder.

From the newsfragment:
New override system for Rspamd. In the old system, all files were placed in the Rspamd overrides folder.
These overrides would override everything, including the Mailu Rspamd config.

Now overrides are placed in /overrides.
If you use your own map files, change the location to /override/myMapFile.map in the corresponding conf file.
It works as following.
* If the override file overrides a Mailu defined config file,
  it will be included in the Mailu config file with lowest priority.
  It will merge with existing sections.
* If the override file does not override a Mailu defined config file,
  then the file will be placed in the rspamd local.d folder.
  It will merge with existing sections.

For more information, see the description of the local.d folder on the rspamd website:
https://www.rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
2023-03-09 08:21:45 +00:00
Florent Daigniere
ae7061c561 Doh 2023-01-30 10:29:37 +01:00
Florent Daigniere
e326393f03 fix ooo 2023-01-29 15:47:19 +01:00
Florent Daigniere
36623188b5 Don't apply antispoof rules on locally generated emails 2023-01-28 14:12:14 +01:00
Alexander Graf
10562233ca
Add SUBNET6 to places where SUBNET is used 2023-01-24 12:15:36 +01:00
Florent Daigniere
ef123f1b53 doh 2022-12-19 12:41:21 +01:00
Florent Daigniere
6241fbeb78 actually make it optional 2022-12-19 12:12:50 +01:00
Florent Daigniere
cea533ae57 Merge remote-tracking branch 'upstream/master' into oletools 2022-12-19 12:05:27 +01:00
Florent Daigniere
77d770a2d2 doh 2022-12-19 11:24:22 +01:00
Florent Daigniere
4e3874b0c1 Enable dynamic resolution of hostnames 2022-12-08 13:00:50 +01:00
Florent Daigniere
4c3c628ca4 dedup 2022-11-24 14:59:11 +01:00
Florent Daigniere
f1e5044dbe Add to the list, sort it 2022-11-24 14:39:12 +01:00
Florent Daigniere
02f2679dc4 name collision 2022-11-24 13:51:54 +01:00
Florent Daigniere
b08d940d09 See https://github.com/decalage2/oletools/issues/659 2022-11-24 13:06:59 +01:00
Florent Daigniere
a8061f3ed3 doh 2022-11-24 12:25:41 +01:00
Florent Daigniere
612db96209 Block executable file extensions (closes #2511) 2022-11-24 12:09:15 +01:00
Florent Daigniere
709023ab5a dimitri said "block it"
So let's block any macro with AUTOEXEC
2022-11-24 12:04:03 +01:00
Florent Daigniere
3bdc57adbc Forgot this 2022-11-24 11:40:10 +01:00
Florent Daigniere
e43effab63 Glad there is a test 2022-11-24 11:08:13 +01:00
Florent Daigniere
d793c5eed8 Dup symbol 2022-11-24 11:01:12 +01:00
Florent Daigniere
7e1ab7978e Block VBA Stomping too 2022-11-23 18:56:16 +01:00
Florent Daigniere
3e45a791cf Implement oletools to filter out bad macros 2022-11-23 15:42:46 +01:00
bors[bot]
0839490beb
Merge #2479
2479: Rework the anti-spoofing rule r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

We shouldn't assume that Mailu is the only MTA allowed to send emails on behalf of the domains it hosts.
We should also ensure that it's non-trivial for email-spoofing of hosted domains to happen

Previously we were preventing any spoofing of the envelope from; Now we are preventing spoofing of both the envelope from and the header from unless some form of authentication passes (is a RELAYHOST, SPF, DKIM, ARC)

### Related issue(s)
- close #2475

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-11-09 15:16:36 +00:00
Florent Daigniere
d8cf0c3848 Revert "Admin may not have started up when this loads"
This reverts commit 0f17299b4e.
2022-10-27 10:21:19 +02:00
Florent Daigniere
0f17299b4e Admin may not have started up when this loads 2022-10-25 14:43:47 +02:00
Florent Daigniere
95a3a3d342 doh 2022-10-25 12:05:25 +02:00
Florent Daigniere
bd1b73032c Poke a hole for mailing lists 2022-10-24 09:48:51 +02:00
Florent Daigniere
c4fcaed7d4 doh 2022-10-20 16:01:18 +02:00
Florent Daigniere
8929f54de5 clarify
Also cover the case where the DKIM sig is for another domain and there
is no explicit DMARC policy
2022-10-20 11:32:58 +02:00
Florent Daigniere
8da6117bb9 clarify 2022-10-20 10:35:43 +02:00
Florent Daigniere
af87456faf this works for me 2022-10-20 10:24:10 +02:00
Florent Daigniere
be4dd6d84a Spell it out 2022-10-19 18:22:33 +02:00
Florent Daigniere
f7b3aad831 Ensure we REJECT when we don't have a DMARC policy
This restores the old behaviour
2022-10-19 17:53:32 +02:00
Florent Daigniere
8775a2bf04 untested code that may just work 2022-10-19 15:28:20 +02:00
Florent Daigniere
5d09390147 enable rspamd's autolearn feature 2022-09-08 17:32:50 +02:00
Vincent Kling
bab3f0f5a4 Remove POD_ADDRESS_RANGE 2022-09-01 15:08:26 +02:00
henniaufmrenni
8eb8cb1f48 Update deprecated rspamd config option
This gets rid of the following error message:
lua; antivirus.lua:109: CLAM_VIRUS [clamav]: Using attachments_only is deprecated. Please use scan_mime_parts = true instead

As per the rspamd documentation https://rspamd.com/doc/modules/antivirus.html
attachments_only = true; # Before 1.8.1
scan_mime_parts = true; # After 1.8.1

The currently used version is rspamd 3.1.
2022-04-04 14:39:50 +02:00
Florent Daigniere
89a7a8ac13 Fix score of RCVD_NO_TLS_LAST 2021-11-25 15:29:31 +01:00
Florent Daigniere
74b31dc407 Ensure that RCVD_NO_TLS_LAST doesn't add spam points 2021-11-01 17:52:12 +01:00
Florent Daigniere
2170e07731 Tell rspamd about RELAYNETS 2021-10-31 19:57:51 +01:00
Alexander Graf
893705169e PoC rspamd use dkimkeys from admin using vault api 2021-10-14 23:01:53 +02:00
anrc
59bc4f7aea
Remove the username from the milter_headers
Rspamd adds the name of the authenticated user by default. Setting add_smtp_user to false prevents the login to be leaked.
2020-09-24 13:16:25 +02:00
Michael Wyraz
e857b9d659 Document default antivirus behaviour, add an option to reject viruses 2019-11-19 11:31:09 +01:00
Tim Möhlmann
4e4b071fb0
Move services into core and optional 2019-10-23 18:27:25 +03:00