1
0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2024-12-23 02:04:46 +02:00
Commit Graph

1237 Commits

Author SHA1 Message Date
Peter
fd7269d455
[ClamAV] Move to official ClamAV Docker container (#4525)
Since ClamAV starts to offer Docker containers this PR introduces said containers so we don't need to build the container on our own anymore. This was an easy task until v0.104, but then ClamAV changed its buildprocess to use cmake and with v0.105 it also needs the Rust toolchain -> https://docs.clamav.net/manual/Installing/Installing-from-source-Unix.html#ubuntu--debian

Here are the main changes for the new container

Creates clamd-db-vol-1 volume
Still uses the same config files
Downloads ClamAV databases in said volume
Smaller container footprint 13MB vs 150MB

---

* [ClamAV] Move to official ClamAV Docker container

* [ClamAV] Remove vim + nano

* [ClamAV] Use normal version in docker-compose
2022-03-28 11:07:47 +02:00
Niklas Meyer
c520f21d28
🐄 Moorch Update 2022 - ClamAV, Dovecot & Olefy Update (#4497)
* [API] Fix minor issue in api docs

* [GH-Actions][stale] Add neverstale label to exempt list

* [Web] add github version tag

* [Web] add github version tag

* [Web] add github version tag

* [Web] add github version tag

* [Web] add github version tag

* [Web] add github version tag error handling

* [Web] add github version tag error handling

* Passwordless SOGo auth: support for calendar invitations and calendar/contacts subscriptions

Inviting someone to a calendar event triggers a request to /SOGo/so/otheruser@example.com/freebusy.ifb/ajaxRead. Subscribing to someone's calendar/contacts triggers a request to /SOGo/so/otheruser@example.com/foldersSearch. The email address in the URL is different from the logged-in user, which needs to be handled appropriately by sogo-auth.php.

* [Web] add github version tag - adjust css

* [Compose] Update SOGo Autoreply Schedule to 5m

Based on the advice of inverse (SOGo developer). Thanks to https://github.com/jmber

Closes: https://github.com/mailcow/mailcow-dockerized/issues/4436

* [Web] add github version tag - move twig globals

* [Web] add github version tag - missing </div>

* Passwordless SOGo auth: improvements for when accessing other users

* [WebAuthn] fido2 passwordless auth - fix (#4440)

* [WebAuthn] fido2 revert

* [WebAuthn] set UV flags to 'discouraged'

* [WebAuthn] revert - set UV flags to 'discouraged'

* Update clamav to 0.104.2

* Update clamav to 0.104.2

* Update dovecot to 2.3.18

Update gosu to 1.14
Use debian bullseye as base

* [Web] Updated lang.es.json [CI SKIP] (#4453)

Co-authored-by: Fijxu <fijxu@zzls.xyz>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

Co-authored-by: Fijxu <fijxu@zzls.xyz>

* Fix broken documentation links (#4458)

* Fix broken documentation links

* Fix a few more broken documentation links

* Fix broken documentation links in translation files

* Fall back to empty string if WATCHDOG_NOTIFY_EMAIL undefined (#4457)

By default, `.env` (`mailcow.conf`) does not define `WATCHDOG_NOTIFY_EMAIL`.

Using it in `docker-compose.yml` without having it defined leads to Compose v2 displaying this warning on startup:

> WARNING: The WATCHDOG_NOTIFY_EMAIL variable is not set. Defaulting to a blank string.

Related to https://github.com/mailcow/mailcow-dockerized/issues/4315

* [Web] Updated lang.sk.json [CI SKIP] (#4461)

Co-authored-by: Lukáš Matula <lukas@gbely.net>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

Co-authored-by: Lukáš Matula <lukas@gbely.net>

* oletools: disable template injection detection (#4464)

Seems to be causing a lot of false positives lately

* Fix minor typo in comment (#4466)

Correction of the comment, so that the explanation is correct and can be understood.

* Update issue templates to issue forms (#4465)

This PR updates the issue templates to GitHubs new issue forms

* [Web] Fix padding issue in UI admin panel (#4481)

* [Web] fix admin panel padding issue

* [Web] fix admin panel padding issue

* [Web] Updated lang.sk.json [CI SKIP] (#4489)

Co-authored-by: Lukáš Matula <lukas@gbely.net>
Co-authored-by: milkmaker <milkmaker@mailcow.de>

Co-authored-by: Lukáš Matula <lukas@gbely.net>

* increase opcache.interned_strings_buffer to 16 (#4487)

since version 23.0.2 Nextcloud recommends having a value greater than 8 for `opcache.interned_strings_buffer`. As this memory will be only used when needed this should have no impact on installations that are not using nextcloud.

related discussion: https://help.nextcloud.com/t/nextcloud-23-02-opcache-interned-strings-buffer/134007/19
related nextcloud issue: https://github.com/nextcloud/server/issues/31223

* nextcloud - add missing redirections (#4366)

adds missing location directives to the nginx configuration of nextcloud 22, to prevent warnings in nextcloud admin center of missing redirections

* Update imapsync to 2.178 (#4491)

* Update and fix oletools (#4479)

As noticed by @MAGICCC (#4464 (comment)), our olefy image does not work anymore if you rebuild it. This is because @HeinleinSupport recently updated their repository with the changes from @decalage2's repository, which renamed olvba3 to olevba. Since @HeinleinSupport does not recommend using its own patched branch and is very slow in pulling in changes from upstream (@decalage2), let's switch to the latter. This also allowed me to revert #4464.

Finally, a minor patch to rspamd is necessary. While the documentation says

In the extended mode the oletools module will not trigger on specific categories, but will always set a threat string with all found flags when at least a macro was found.

This is not actually true -- it only sets it when suspicious or autoexec threats were detected. But it's a one-line patch to make rspamd behave as documented and we should submit that patch to @rspamd too. With this patch, I have confirmed that Mailcow will reject any incoming, non-whitelisted message containing attachments with macros.

* [Web] Fix excluded domain list in quaratine view

Previously excluded domains from quarantine were not shown.

* [Dovecot] Update syslogng Version to 3.28 (#4496)

Co-authored-by: Niklas Meyer <niklas.meyer@tinc.gmbh>

Co-authored-by: ntimo <git@nowitzki.me>
Co-authored-by: Peter <magic@kthx.at>
Co-authored-by: FreddleSpl0it <patschul@posteo.de>
Co-authored-by: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Co-authored-by: Michael Kuron <mkuron@users.noreply.github.com>
Co-authored-by: milkmaker <milkmaker@mailcow.de>
Co-authored-by: Fijxu <fijxu@zzls.xyz>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
Co-authored-by: Lukáš Matula <lukas@gbely.net>
Co-authored-by: Max <mail@heavygale.de>
Co-authored-by: Michael Cramer <michael@bigmichi1.de>
Co-authored-by: Robert Christian <soulsymphonies@users.noreply.github.com>
Co-authored-by: André <andre.peters@debinux.de>
Co-authored-by: Niklas Meyer <niklas.meyer@tinc.gmbh>
2022-03-02 16:32:17 +01:00
Michael Gerdemann
b1314bd9a3
[dovecot] Fix delayed quarantine notification (#4470)
Fixes: #4469
2022-03-02 11:17:08 +01:00
Niklas Meyer
fac8d9d28a
[Netfilter] Update to Alpine 3.15 + GeoIP Fix
Added xtables-addon to netfilter container to handle iptables rules with geoip
**Commited by: @marcvorwerk**
2022-01-21 09:22:25 +01:00
Niklas Meyer
9c7faa9fe8
[Netfilter] Update to Alpine 3.15 2022-01-20 10:11:39 +01:00
Niklas Meyer
8f89968421
[SOGo] Update SOGo to 5.5.0 + syslog Version Update (in Config)
This PR is updating SOGo to the new 5.5.0 Release (https://github.com/inverse-inc/sogo/releases/tag/SOGo-5.5.0) <-- Available in master.

It also includes the nsyslog Update to 3.28 (since the new SOGo builds are using a newer version), which fix a warning message inside the sogo container that the nsyslog version is outdated and can be upgraded to 3.28

This new release will have the Docker Image Tag: mailcow/sogo:1.106
2022-01-20 10:04:01 +01:00
Niklas Meyer
d4fe4a7f87
[Watchdog] Update to Alpine 3.15 2022-01-19 16:43:27 +01:00
Niklas Meyer
a195e6e121
[SOGo] Update syslog-ng-redis_slave Version to 3.28 2022-01-19 10:31:34 +01:00
Niklas Meyer
a5e84b483a
[SOGo] Update syslog-ng Version to 3.28 2022-01-19 10:30:57 +01:00
Niklas Meyer
9f8a16b8c1
[Olefy] Use local olefy.py (instead of Github)
This is temporarily until the issue fix is merged into master.
2022-01-18 20:55:44 +01:00
Niklas Meyer
cbb64e316e
[Olefy] Add local Olefy.py
Temporarily fix for https://github.com/HeinleinSupport/olefy/pull/14
2022-01-18 20:53:03 +01:00
Niklas Meyer
c08e520a75
[Olefy] Update to Alpine 3.15 2022-01-18 20:51:49 +01:00
Niklas Meyer
6fcb52bcc6
[Config (Clamd)] Update SSL Path to new style (dynamic)
Thanks to @mkuron this fix will change the ssl path to be dynamic (not hardcoded) to ensure that acme is still working with Alpine 3.15 or higher.

This PR is included in the Docker tag: mailcow/acme:1.81 (including the Alpine 3.15 update)
2022-01-18 16:48:50 +01:00
Niklas Meyer
1e6f927ac5
[Config (Clamd)] Update SSL Path to new style (dynamic) 2022-01-18 16:44:48 +01:00
Marc Vorwerk
f16d36eb74 Added xtables-addon to netfilter container to handle iptables rules with geoip 2022-01-18 16:27:40 +01:00
Niklas Meyer
f9e28b8d82
[Clamd] Rebuild on Bullseye Base 2022-01-18 15:14:45 +01:00
Niklas Meyer
e3417397af
[Clamd] Update to 0.103.5 2022-01-15 17:17:27 +01:00
Michael Kuron
526b3f885b
Merge pull request #4410 from AlexBeakes/master
Fix pip3 issue that broke netfilter Dockerfile build
2022-01-05 22:36:20 +01:00
Alex Beakes
a0b0d36e22
Fix pip3 uninstall error 2022-01-02 03:51:09 +03:00
Niklas Meyer
e8ca588884
[Solr] Remove breached class from log4j-core.jar (#4390) 2021-12-17 12:43:05 +01:00
Niklas Meyer
2f9d8213b6
[Alpine] Update to 3.15 (#4372) 2021-12-14 14:10:31 +01:00
DerLinkman
03542bfa71
[Dovecot] Update to 2.3.17.1 (#4365) 2021-12-08 20:17:30 +01:00
Peter
99ee38117c
Update SOGo to 5.3.0 (#4330)
* [SOGo] Rebase on Bullseye

* [SOGo] Update gosu to 1.14

* [SOGo] Update to 5.3.0
2021-11-22 13:55:16 +01:00
andryyy
85454d3406
[ClamAV] Change mirror for Dockerfile 2021-11-14 20:12:21 +01:00
andryyy
7d3dd56a8c [Dovecot] v2.3.17 2021-11-14 20:11:56 +01:00
Sven Gottwald
7e35c3d0dd
[ClamAV] Update to 0.103.4 (#4314)
* [ClamAV] Update to 0.103.4

ClamAV 0.103.4 is a critical patch release, see https://blog.clamav.net/2021/11/clamav-01034-and-01041-patch-releases.html for more information.

* Update docker-compose.yml

Update mailcow/clamd:1.42
2021-11-11 13:43:41 +01:00
andryyy
0e6672d9bf
[Dovecot] LUA fix 2021-10-30 14:40:26 +02:00
andryyy
f0aae22f77
[Dovecot, Web] Fix remaining issues of app password enhancements from #4296 2021-10-30 14:34:33 +02:00
andryyy
644b1f85d1
[Dovecot, Web] Allow SOGo access with app password when imap is disabled; Add sieve to mailbox protocol access restrictions 2021-10-30 08:03:41 +02:00
andryyy
09d763548c Merge branch 'app-passwd-daveas' into staging 2021-10-29 06:50:23 +02:00
Peter
6bf70cf846
[Watchdog] Add Watchdog verbose logging (#4299)
* [Watchdog] Add verbose logging

* [Watchdog] More verbose debugging

* [Watchdog] Enable MX check for recipients

Co-authored-by: andryyy <andre.peters@debinux.de>
2021-10-29 06:48:49 +02:00
andryyy
15ce95e78d
[Web, Dovecot] Add sieve and pop3 to protocol access for app passwords 2021-10-29 06:15:10 +02:00
andryyy
e13bc242a4
[Web, Dovecot] Allow to define scope of services for app passwords 2021-10-28 21:57:19 +02:00
andryyy
56e8e88276 [Dovecot] Do not disallow app passwords when force_password_reset is active 2021-10-23 07:22:56 +02:00
Max
4a91fdf134 [Cleanup] Clean up the xmpp remainder (#4286)
* [Web] Update russian translation (lang.ru.json)

* XMPP cleanup

Co-authored-by: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com>
2021-10-18 21:44:01 +02:00
Dmitriy Alekseev
819f2876e6
[Netfilter] Add non-SMTP command rule (#4289) 2021-10-08 12:38:29 +03:00
Kristian Feldsam
0b64967ec5
[web] implemented twig templating system (#4264)
Signed-off-by: Kristian Feldsam <feldsam@gmail.com>
2021-09-22 20:47:10 +02:00
Sven Gottwald
bc7714b8f3
[ClamAV] Update to latest LTS release (#4262)
- ClamAV 0.103 is the first Long Term Support (LTS) feature release.
- LTS feature releases will be supported for at least three years from the initial publication date of that LTS feature version. In other words, support for the LTS release "X.Y" starts when version "X.Y.0" is published and ends three years after.
- Each LTS feature release will be supported with critical patch versions and access to download signatures for the duration of the three-year support period.
- A new LTS feature release will be identified approximately every two years.
- Users must stay up-to-date with the latest patch versions for continued support. As of Aug. 28, that means version 0.103.3.
- Source: https://blog.clamav.net/2021/09/changes-to-clamav-end-of-life-policy.html
2021-09-04 12:24:39 +02:00
andryyy
107c8ed229
[Watchdog] Workarond for issue with content buffering in Alpine and Nagios plugins 2021-09-01 18:57:56 +02:00
andryyy
f12756511d
[Dovecot] Update to 2.3.16 2021-09-01 17:00:51 +02:00
Kristian Feldsam
54c4d7e49c
[Dovecot: Imapsync] Parse, save and show last run status (#4253)
* [imapsync] - check for errors in returned_text

Signed-off-by: Kristian Feldsam <feldsam@gmail.com>

* [imapsync] parse and save exit status

Signed-off-by: Kristian Feldsam <feldsam@gmail.com>

* [dovecot] updated image version

Signed-off-by: Kristian Feldsam <feldsam@gmail.com>
2021-09-01 16:29:11 +02:00
andryyy
8ee997b1a3
[Rspamd] Base on bullseye; remove nullnull map to _perhaps_ prevent a memleak 2021-09-01 15:21:43 +02:00
andryyy
19dda55d96
[Alpine] Upgrade to 3.14 2021-08-30 21:01:09 +02:00
andryyy
82f4f1fd15
[Postfix] Lookup credentials for user-specific sender transports 2021-08-17 16:51:06 +02:00
Peter
eca42f5d23
[Dovecot] Update imapsync to 2.148 (#4206) 2021-08-09 18:38:16 +02:00
andryyy
6db004bc79
[PHP-FPM] Upgrade to PHP 8 2021-08-08 16:05:59 +02:00
Kristian Feldsam
6ec2a0a97d
[SOGo] Added hooks support for SOGo image (#4181)
Signed-off-by: Kristian Feldsam <feldsam@gmail.com>
2021-07-28 21:41:44 +02:00
andryyy
78084c5e7b
[Web] Log only latest datetime of a unique datetime, service and ip combination 2021-07-01 06:44:37 +02:00
andryyy
13223245f2
[Dovecot] Remove logging of invalid sasl sessions 2021-06-30 10:11:37 +02:00
andryyy
962e9a8be8
[Dovecot] Revert to 2.3.14.1 2021-06-23 14:22:57 +02:00
andryyy
b2272b8e35
[Dovecot] Re-add listescape... 2021-06-23 14:17:39 +02:00
andryyy
1cedef173f
[SOGo] Add trusted proxy by default 2021-06-23 14:11:41 +02:00
andryyy
1d59fa3d53
[Dovecot] Remove listescape; enable SSO by default 2021-06-23 14:11:23 +02:00
andryyy
0ba0878e28
[Dovecot] v2.3.15 2021-06-21 22:02:24 +02:00
andryyy
d414ab82f8
[Watchdog] Remove IPv6 NAT check (wip) 2021-06-21 22:02:06 +02:00
andryyy
38aee89a67
[Doveceot] Fix forced PW update 2021-06-09 07:25:38 +02:00
andryyy
a6edb75e88
[Doveceot] Fix forced PW update 2021-06-09 07:22:48 +02:00
andryyy
f7bbbde8c9
[Dovecot] Check protocol access in LUA API, remove postlogin script 2021-06-08 13:15:14 +02:00
andryyy
68f9ca8cb0
[Postfix] Remove broken SASL access map, moved to Dovecot LUA authentication 2021-06-08 13:13:49 +02:00
andryyy
51e3521aac
[Postfix] Remove smtpd_last_auth service; replaced by SASL logging in Dovecot LUA auth process 2021-06-04 14:29:28 +02:00
andryyy
6d22ae8d02
[Dovecot] Feature: Move authentication to LUA and prepare for http based authentication, log last SASL logins to SQL 2021-06-04 14:27:33 +02:00
andryyy
8a83587800
[Postfix] Finally here: MX based transport map routing; Sorry it took years, Patrik
[Web] Small fixes
2021-05-28 10:40:41 +02:00
andryyy
5065667ae4
[Postfix] Allow to set and override a relayhost per mailbox
[Web] Replace recycle icon with trash (this one made me a bit sad)
[Web] Various small fixes
[Web] Allow or disallow a domain admin to change relayhost settings (default is off, as previous default)
2021-05-26 14:02:27 +02:00
andryyy
b8f7b00fff
[Rspamd] Add new bad header map 2021-05-24 11:09:46 +02:00
andryyy
676ce199f3
[Dovecot] Minor: Fix EHLO name 2021-05-24 11:09:33 +02:00
andryyy
beda649ecf
[Dovecot] Quota notifications: Allow to send to external address (BCC via mailcow UI) 2021-05-23 09:49:36 +02:00
andryyy
08e9ab18a8
[Netfilter] Implement protocol error regex, fulfills #4093 2021-05-10 08:44:34 +02:00
Victor Nyberg
b191190f6f
[Ejabberd] Stop plain text password/user from being logged to file in auth.log. (#4087) (#4089) 2021-05-06 13:56:05 +02:00
andryyy
0cbd4ec273
[Config, Update] Add ACME_CONTACT 2021-04-29 23:32:42 +02:00
andryyy
edf1a4fb1f
[Netfilter] Exit on log line error in pubsub 2021-04-25 09:23:02 +02:00
monsterry
dfe43f56bf
[netfilter] Use exit code 2 if an error occurs (#4040) 2021-04-25 09:13:26 +02:00
Sven Gottwald
2617f639b2
[ClamAV] Update to 0.103.2 (#4068)
Security patch, see https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
2021-04-20 10:39:26 +02:00
andryyy
971434ddd3
[mailcow] Use ofelia instead of cron daemons (wip: remove init systems) 2021-04-16 20:38:09 +02:00
andryyy
efd30df735 [PHP-FPM] Add default password policy 2021-04-09 13:49:31 +02:00
andryyy
f60143e983
[Postfix, Dovecot, SOGo] Sanitize F2B logs 2021-04-07 21:27:05 +02:00
andryyy
dbede2252c
[Ejabberd, Postfix, Dovecot] Do not run DNS check against unbound 2021-04-01 15:24:55 +02:00
andryyy
a02425dbf5
[Dovecot] Remove Schaal, remove non-numeric TXT output from dig request 2021-03-26 11:24:39 +01:00
andryyy
8eb757bea3
[Netfilter] Further improvements to catch invalid input 2021-03-23 20:53:04 +01:00
andryyy
8bf9ee8308
[Netfilter] Restart on invalid data via pubsub 2021-03-22 21:19:24 +01:00
andryyy
cda16ac53f
[ClamAV] Update to 0.103.1 2021-03-17 14:19:21 +01:00
andryyy
851f575384 Merge branch 'master' of github.com:mailcow/mailcow-dockerized 2021-03-13 12:38:06 +01:00
andryyy
c79aae2b1e
[Watchdog] Longer sleep for open relay check 2021-03-13 12:37:06 +01:00
Valentin Brandner
3255c08813
[Update, Config] Add subject for watchdog emails (#4027)
Co-authored-by: Valentin <vbrandner.itsb-b2018@fh-salzburg.ac.at>
2021-03-13 12:36:29 +01:00
andryyy
84ba784550
[Dovecot] Set --addheader by default, fixes #4025 2021-03-11 19:21:50 +01:00
andryyy
c39792c1a5
[Dovecot] Update image to 2.3.14 2021-03-04 16:13:27 +01:00
andryyy
0bd03c04bd
[ACME] Skip inactive domains 2021-03-03 07:59:11 +01:00
andryyy
e9b554b09c [Web] Add nevondo.com ip check source, thank you! 2021-03-01 20:00:01 +01:00
andryyy
d3c0e2fc11
Temp remove ip6.korves.net 2021-03-01 10:21:53 +01:00
andryyy
5eb2df542b
[Watchdog] Revert to Alpine 3.11, needs fixes 2021-02-18 11:52:54 +01:00
andryyy
e0bb079cb7
[Watchdog] Temp. disable query check 2021-02-18 09:26:32 +01:00
andryyy
27b18373cc
[Alpine] Update Alpine base images to v3.13 2021-02-18 08:48:12 +01:00
Timo
0a3ea8ee3f
[olefy] Update container to alpine 3:13 to fix build (#3988) 2021-02-18 08:25:30 +01:00
andryyy
9c8c83fd24
[Web] Fix permission of ejabberd directory 2021-02-16 14:09:08 +01:00
andryyy
8c6b512f05
[mailcow] Move ejabberd site to last available site 2021-02-12 19:26:49 +01:00
andryyy
f2453e316f
[Ejabberd] More fixes for Ejabberd integration (WIP) 2021-02-12 10:04:19 +01:00
andryyy
38c5470d54
[Ejabberd] Various fixes, sorry (still WIP) 2021-02-11 21:09:46 +01:00
andryyy
462aa0a764
[Ejabberd] Fix bootstrapping, ejabberd could not be enabled 2021-02-11 20:46:13 +01:00
andryyy
9c1bd5c18b
[Ejabberd] Add new Dockerfile 2021-02-11 15:24:49 +01:00
andryyy
fa9c584912
[PHP-FPM] Add sleep to loop 2021-02-11 09:33:02 +01:00
andryyy
410cb558ee
[Dovecot] Check if quarantine_notify.py holds a lock
[SOGo] Change default theme
2021-01-28 15:48:59 +01:00
ValdikSS
9c559680a6
Add postscreen whitelist syntax and examples (#3931) 2021-01-11 19:23:32 +01:00
andryyy
ea98ac6442
[Postfix] Do not create a TLS SNI map when SKIP_LETS_ENCRYPT=y 2021-01-08 12:39:40 +01:00
andryyy
5ea0caa261
[Dovecot] Update Dovecot to 2.3.13 2021-01-04 16:36:33 +01:00
andryyy
c8a72bf642
[Watchdog] Return score with Rspamd check 2020-12-26 10:20:46 +01:00
andryyy
16f87f07fa
[Dovecot] Replace hostname for quarantine notifications with mailcow hostname (broke after Docker 20.10 fix) 2020-12-11 10:05:05 +01:00
andryyy
835c4eebb8
[Postfix] Fix HELO name 2020-12-09 14:41:19 +01:00
andryyy
ba20db2e08
[Web] Allow a user to choose notification categories (junk folder, rejected mail, both/all) + user ACL 2020-11-28 17:41:48 +01:00
andryyy
bfd451fe30
[ClamAV] Add default wl PUA.Pdf.Trojan.OpenActionObjectwithJavascript-1 2020-11-19 15:28:52 +01:00
Lukas Schreiner
d96bf91a0d
Support of different default pass schemes + support of BLF-CRYPT (#3832)
* Introduce MAILCOW_PASS_SCHEME in order to support blowfish (cf. mailcow/mailcow-dockerized#1019)

* Furthermore added dovecot to support new environment varible for MAILCOW_PASS_SCHEME defaulted to SSHA256

* Revert changes regarding gitignore.

* Added fallback to SSHA256 if environment is not proper prepared.

* No fallback within management frontend, as it must match to other components.

* Unified and corrected alignment; implemented support of SSHA512

* Currently, password_hash of PHP is using by default bcrypt (BLF). As this might change later, we must ensure, that BLF is still used after PHP changes its default.

* Switched to BLF-CRYPT by default (even on update)

* Switched to BLF-CRYPT by default (even on update)

* Adding information in config generation / update with link to supported hash algorithm

* Bump sogo version to 1.92

* Fallback to BLF-CRYPT in case password scheme is not proper defined for Mailcow administration.
2020-11-15 20:22:35 +01:00
andryyy
477e1ff464
[Web] Fix initial static view update 2020-11-13 15:20:30 +01:00
andryyy
9245bd8636
[Postfix] Sanitize string in smtpd last login script with printf 2020-11-06 12:23:23 +01:00
andryyy
4e337b308f
[Dovecot] Select action in quarantine script, use nobody to run imapsync cron 2020-11-06 12:23:02 +01:00
andryyy
6c697f3f3f
[Web, Quarantine] Allow to set the max score of a message up to which a quarantine notification will be sent 2020-10-27 21:34:02 +01:00
andryyy
d85241f518
[Rspamd] Temp. pre-add proposed upstream change in metadata exporter 2020-10-23 21:49:06 +02:00
andryyy
efc6f214d1 [Dovecot] Revert notification excludes (there are no blacklisted elements in quarantine anymore) 2020-10-23 20:24:25 +02:00
andryyy
c7e17c7fd1
[Rspamd] Global blacklists are not prefilters anymore to not prevent them from being learned 2020-10-21 19:00:53 +02:00
andryyy
5f8e13f596 [Dovecot] Allow to define static master user (not recommended) 2020-10-20 15:43:05 +02:00
andryyy
769c500cd0
[Watchdog] Watch milter status with a dirty workaround, waiting for proxy ping pong event to implement a better check 2020-10-09 11:21:17 +02:00
andryyy
dd62030ce2
[Rspamd] 2.6 stable, switch repo 2020-10-03 11:12:12 +02:00
andryyy
da200db2d3
[ACME] Add more checks, avoid cert/key mismatch on some installations, fix some output 2020-09-28 19:58:30 +02:00
andryyy
836ea1508e
[Postfix] Fix smtp last login on replicated setups 2020-09-28 16:23:49 +02:00
andryyy
172562fc29
[Watchdog] Increase threshold for cert check 2020-09-27 11:34:00 +02:00
andryyy
bcad1af121
[Watchdog] Add certificate check for primary certificate; Add mail delay 2020-09-27 10:34:59 +02:00
andryyy
c8ce288178
[ACME] Do check for restart of Postfix and Dovecot service more thoroughly 2020-09-26 23:33:28 +02:00
andryyy
a79d536867
[Rspamd] 2.6-0~git32~1c3e0910b~buster 2020-09-25 23:00:01 +02:00
andryyy
c3c98348e2
[SOGo] Re-enable TLS for internal IMAP connections, enable TLS for internal SMTP connections
[Web] Minor fix in quarantine view
2020-09-24 21:51:32 +02:00
andryyy
2df661a91e
[Dovecot] Move mail index to new volume 2020-09-23 11:20:00 +02:00
andryyy
386133b855 [Dovecot] Remove like from query
Signed-off-by: andryyy <andre.peters@debinux.de>
2020-09-20 22:30:03 +02:00
andryyy
3a9efc86cf
[SOGo, Dovecot] Remove unnecessary likes from sql queries
[Web] Filter transport destinations to prevent empty destinations
2020-09-20 22:21:00 +02:00
andryyy
4627331339
[Dovecot] Fix sieve with new protocol toggling implementation, fixes #3769 2020-09-19 19:15:06 +02:00
andryyy
85b027aa9d
[Postfix] Merge syslog filters
[Postfix] Create sasl_access map; Use JSON_VALUE and remove unnecessary like command
2020-09-17 19:48:04 +02:00
andryyy
09ec4fcd81
[Dovecot] For future use: pass used protocol; Check if user has protocol access while authenticating 2020-09-17 19:46:28 +02:00
andryyy
fd2d7d12a0
[Rspamd] Latest 2.5 2020-09-15 11:57:39 +02:00
andryyy
567064ed50
[ClamAV] Update to 0.103.0 2020-09-15 11:07:35 +02:00
andryyy
1f36ae28d4
[Postfix, Web] Feature: Show last SMTP login 2020-09-15 11:02:53 +02:00
andryyy
28041b1d97
[Rspamd] Encrypt fuzzy communication, switch to Rspamd 2.6 2020-09-15 11:01:20 +02:00
andryyy
6cb5d832d6
[Rspamd] Minor: Fix text 2020-09-09 10:49:08 +02:00
andryyy
ed9daeb849
[Oletools] Fix olevba.py manually until merged 2020-09-09 10:48:43 +02:00
andryyy
0884f42379
[Netfilter] Skip invalid regex 2020-08-27 21:13:30 +02:00
andryyy
d4dd1024c9
[Netfilter] Replace query by resolve (deprecated) 2020-08-27 20:50:22 +02:00
andryyy
d47652d7e4
[Netfilter] Reload regex filters from Redis 2020-08-27 20:42:20 +02:00
andryyy
97ee4b70ca
[Various] Always use lowercase for COMPOSE_PROJECT_NAME 2020-08-27 20:41:45 +02:00
andryyy
ef2c96b010
[SOGo] Update to 5.0.0.20200816-1 2020-08-16 11:58:57 +02:00
andryyy
c85ce6f2c2
[Dovecot] Update to 2.3.11.3 2020-08-13 10:45:13 +02:00
andryyy
c9fb2517a2
[PHP-FPM] Fix lookup of Postfix container when SQL applied an update 2020-08-07 22:25:17 +02:00
andryyy
954736cfea
[PHP-FPM] Fix missing aspell lib, update Redis lib, fixes #3675 2020-07-25 08:54:43 +02:00
andryyy
e34060e943
[PHP-FPM] Add pspell; [SOGo] Update image 2020-07-23 11:21:37 +02:00
monsterry
3ac74258db
[Config] Allow CIDR notation for API_ALLOW_FROM (#3655) 2020-07-15 07:28:02 +02:00
andryyy
816c779ac2
[Netfilter] Fix Netfilter image 2020-07-12 05:20:57 +02:00
andryyy
4cefc6039f
[Watchdog] Filter containers by compose project name 2020-07-11 13:32:10 +02:00
andryyy
bffa3d962a
[Postfix] Test DNS against mailcow.email 2020-07-11 13:31:48 +02:00
andryyy
ed3c58134b
[PHP-FPM] Filter containers by compose project name 2020-07-11 13:31:16 +02:00
andryyy
27b192d5c3
[ACME] Filter containers by compose project name 2020-07-11 13:30:57 +02:00
andryyy
f2a68b2ff1
[SOGo] SOGo does no trust self signed or invalid certificates anymore, add temp workaround 2020-07-11 13:23:22 +02:00
andryyy
09ad2b1314
[Dovecot] Filter by compose project name, create trusted map for SOGo IP, run DNS check before starting service 2020-07-11 13:22:48 +02:00
andryyy
6c92688ff6
[Quarantine] Allow to redirect all quarantine messages to a specific address
[Web] Minor changes to quarantine UI
2020-07-04 19:31:44 +02:00
andryyy
e40a0eae01
[ACME] Fix directory URL 2020-07-03 10:20:36 +02:00
andryyy
4ce39c0f3f
[ACME] Add DIRECTORY_URL for custom directory URLs 2020-07-03 09:00:10 +02:00
andryyy
be538dd94e
[Watchdog] Minor change to Dovecot health check 2020-06-23 10:44:52 +02:00
andryyy
f7c807b290
[PHP-FPM] Add bcmath and GMP 2020-06-14 20:13:09 +02:00
andryyy
2971a2acf7
[Watchdog] Fix a Dovecot error message 2020-06-10 20:41:15 +02:00
andryyy
706a854e6f
[Dovecot] Specify Dovecot version in case of errors with new versions 2020-06-07 22:50:24 +02:00
andryyy
4ba7194eb1
[Clamd] Pass version as ARG 2020-06-07 22:50:20 +02:00
andryyy
ddf1c81bc5
[Dovecot] Specify Dovecot version in case of errors with new versions 2020-06-07 22:47:46 +02:00
andryyy
83e783a9d7
[Dovecot] Specify Dovecot version in case of errors with new versions 2020-06-07 22:43:35 +02:00
andryyy
ab5d78f675
[Postfix] Fix "disallow login": A catch-all will not catch mail for mailboxes with disallowed login 2020-06-06 01:12:31 +02:00
Jan Malte Gerth
15254fc48f
[Dovecot] Quarantine: add increment of count to prevent infinity loop (#3591)
fix #3590
might even prevent memory error in #2545
2020-06-04 11:37:43 +02:00
andryyy
063337b58d
[Watchdog] Watch mail queue (added inexpensive check via "find" instead of adding an API endpoint to dockerapi-mailcow) 2020-05-31 11:39:20 +02:00
andryyy
6ea8560de6
[PHP-FPM] Minor changes to prepare routine 2020-05-27 14:34:34 +02:00
andryyy
bdbb0c34be
[Dovecot] Fix invalid rcpt when no bcc is set, fixes #3576 2020-05-26 20:03:40 +02:00
andryyy
8a441dd77a
[Watchdog] Send mails with priority 1 2020-05-23 11:16:13 +02:00
andryyy
718706dd27
[ClamAV] Update to 0.102.3 2020-05-21 21:24:48 +02:00
andryyy
14bca3a1f9
[DockerAPI] Show queue item content via postcat 2020-05-19 20:15:01 +02:00
andryyy
c6cfd1c771
[PHP-FPM] Fix gd 2020-05-12 18:30:09 +02:00
Christian Burmeister
b5502fb52a
netfilter - Python 3.8 - SyntaxWarning for 'is not' (#3537) 2020-05-12 18:26:03 +02:00
andryyy
767ae65946
[Web] Allow ratelimit time frame "day"; Allow to create announcements 2020-05-11 11:52:02 +02:00
andryyy
02a74914b4
Update to Alpine 3.11 2020-05-11 11:50:45 +02:00
andryyy
1a3a42a672
[PHP-FPM] Update to PHP 7.4 2020-05-08 14:00:59 +02:00
andryyy
9078031255
[Dovecot] WIP: Read env vars for cronjobs from prepared file 2020-05-04 07:49:30 +02:00
andryyy
2007b0ffc9
[SOGo] Fix skipped SOGo 2020-04-29 21:08:52 +02:00
andryyy
3459c13022
[Postfix] Implement disallowed logins 2020-04-29 11:00:00 +02:00
andryyy
85a69a580e
[Dovecot] Implement disallowed logins 2020-04-29 10:58:47 +02:00
andryyy
d392257289 [Web] Some changes
[SOGo] Allow to not spawn SOGo but an idling shell
[Rspamd] Remove X-CSA-Complaints from bulk headers...
2020-04-27 20:47:28 +02:00
Richard Lea
c6e6d3e8ee
[Dovecot] fix error redirection at doveconf (#3500) 2020-04-23 09:35:22 +02:00
andryyy
731f5cb354
[Netfilter] Log matching string instead of regex 2020-04-20 20:27:27 +02:00
Michael
37b0bfdac6
Don't delete folder which are not created... (#3484)
... in the script. And changed the order to be consistent.
2020-04-18 22:26:52 +02:00
andryyy
56e4963423
[Dovecot] Set repl health on start 2020-04-14 17:32:15 +02:00
Kristian Feldsam
fe19bb7d94
Quarantine notifications - exclude blacklisted sender (#3446)
Final version, fixed syntax

Signed-off-by: Kristián Feldsam <feldsam@gmail.com>
2020-04-14 13:41:47 +02:00
andryyy
5944595be3
[Watchdog] Watch replication, if any (unsupported) 2020-04-14 12:48:57 +02:00
andryyy
6f9c658aa8
[Postfix] Do not log tls sni maps errors from connections initiated by mailcow checks 2020-04-13 20:33:44 +02:00
andryyy
655c9b4eba
[Rspamd] Minor fixes 2020-04-12 13:09:09 +02:00
andryyy
4efc35abde
[PHP-FPM] Add API_KEY_READ_ONLY generation 2020-04-11 20:57:11 +02:00
andryyy
2d545b0f75
[PHP-FPM] Update libs 2020-04-11 09:01:35 +02:00
andryyy
730fa16a69
[PHP-FPM, Config] API key generated via mailcow.conf as rw access 2020-04-10 21:21:11 +02:00
andryyy
20c29f8204
[Watchdog] Add WATCHDOG_MYSQL_REPLICATION_CHECKS, minor fix 2020-04-06 11:23:20 +02:00
andryyy
ef0b40085b
[Postfix] Allow to relay only non-local mailboxes 2020-04-03 20:39:53 +02:00
andryyy
e03f9727f0
[Rspamd] v2.5 2020-04-01 21:16:55 +02:00
andryyy
c3a4c6d311
[Rspamd] Rolling release 2020-03-28 19:51:16 +01:00
andryyy
858f0d686d
[Dovecot] Syslog-ng match fixes 2020-03-28 19:50:54 +01:00
andryyy
6364f70a9e
[Dovecot] Fix var 2020-03-25 21:24:41 +01:00
andryyy
1fc18284ab
[Dovecot] Revert fd49958a00 2020-03-25 21:14:43 +01:00
Kristian Feldsam
fd49958a00
Quarantine notifications - don't send if sender is blacklisted (#3428)
Signed-off-by: Kristián Feldsam <feldsam@gmail.com>
2020-03-24 15:51:03 +01:00
andryyy
632d1cabb3
[Dovecot] Fix imapsync_cron 2020-03-20 18:11:24 +01:00
andryyy
32ef5508a0
[Netfilter] Log matched regex 2020-03-19 12:23:31 +01:00
andryyy
7db5bc01a4
[PHP-FPM] Fix permissions for global maps 2020-03-19 12:18:36 +01:00
andryyy
03f173905e [Compose] Update SOGo and ACME
[ACME] SKIP IP check for SNAT'ed setups to workaround race conditions
2020-03-15 21:37:10 +01:00
andryyy
7386b511ed
[Postfix] Remove duplicate COPY from Dockerfile, fixes #3397 2020-03-09 13:21:02 +01:00
andryyy
e28a176639
[ACME, Watchdog] Improve waiting for Redis 2020-03-08 20:23:32 +01:00
andryyy
c9aebd73cc
[Dovecot] Wait for versions table instead of failing and restarting 2020-03-08 16:51:30 +01:00
andryyy
e290d6d869
[Rspamd] Fix neural.lua 2020-03-08 12:25:03 +01:00
andryyy
d248bb660c
[Rspamd] Reduce Sorbs recent score
[Rspamd] Add annoying CSA to bulk symbols and score then with 3.2
[Rspamd] Update to 2.4
2020-03-06 07:14:06 +01:00
andryyy
1f5fcad499 Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2020-03-03 15:03:45 +01:00
andryyy
e19e6b9e92
[ACME] Force renewal with force_renew file, docs will follow 2020-03-03 14:59:24 +01:00
Peter
f7053e28dd
Delete watchdog.sh~ (#3378)
temp file to be removed
2020-03-02 21:27:56 +01:00
andryyy
ae79a663ab
[Watchdog] Send 10 last applied ratelimits in mail report 2020-03-02 19:56:49 +01:00
andryyy
9a25ebc54e
Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized 2020-03-01 11:49:58 +01:00
andryyy
7b9f5ac1c4
[ACME] Restart Postfix, reload seems not work all the time 2020-02-29 14:26:38 +01:00
andryyy
c785c8f700
[Dovecot] Show last mail (pop3, imap) login in web interface 2020-02-25 19:38:20 +01:00
andryyy
3784cdd42c
[SOGo] Cronjob for backup, chown sogo_backup 2020-02-22 09:38:38 +01:00
andryyy
55151b1313
[Watchdog] Define thresholds in docker-compose(.override) file 2020-02-21 08:48:40 +01:00
andryyy
3d2962a12d
[Dovecot] LUA: Passdb: Reconnect to SQL if connection was lost 2020-02-20 17:48:57 +01:00
andryyy
c54cfbf332
[Postfix] Add hooks 2020-02-19 21:41:06 +01:00
andryyy
5b73de43e4 [PHP-FPM] Update libs, add gnupg 2020-02-16 14:20:36 +01:00
andryyy
701198b8f4
[Dovecot] Fix check to determine running imapsync procs, todo: more jobs at the same time 2020-02-12 08:32:58 +01:00
andryyy
06df5f3017
[Postfix] Added custom_postscreen_whitelist.cidr for a custom Postscreen wl, fixes #3313 2020-02-06 08:28:48 +01:00
andryyy
1ad469a24a
[Watchdog] Use Redis master for write operations 2020-02-05 11:01:09 +01:00
andryyy
9dec216261
[SOGo] Delete test file 2020-02-05 11:00:33 +01:00
andryyy
6898e6c8f9
[SOGo] Check if master, only run DB prep if master, use correct syslog-ng config if not master 2020-02-05 10:59:32 +01:00
andryyy
b889c70db8
[Rspamd] Set Redis slaveof if not master, adjust redis configs automatically 2020-02-05 10:58:52 +01:00
andryyy
15fb2e22ea
[Postfix] Use Redis master if set 2020-02-05 10:58:04 +01:00
andryyy
f6b3a6e874
[PHP-FPM] Check if master, write to Redis master only 2020-02-05 10:57:37 +01:00
andryyy
423104db61
[Netfilter] Use Redis master if set 2020-02-05 10:57:14 +01:00
andryyy
c8b9f2b36c
[Dovecot] Add auth_passdb_lookup to LUA, add default plugins for replicator, check if master, add node to GUID creation, use correct syslog-ng config if Redis write-master is not redis-mailcow, trim logs on Redis master 2020-02-05 10:56:44 +01:00
andryyy
1fb81f0511
[ACME] Use redis master for write operations 2020-02-05 10:53:23 +01:00
andryyy
de5fb9a03c
[SOGo] Some script changes 2020-01-29 10:33:42 +01:00
andryyy
cf4baa00a6
[Dovecot] Fix quarantine bcc, use socket for LUA API 2020-01-29 10:30:06 +01:00
andryyy
f1aa306ff2
[Watchdog] Add external check for open relay, requires SAL 2020-01-25 18:26:56 +01:00
andryyy
76d75edb64
[SOGo] Fix for whitespaces in mysql return; Order aliases 2020-01-22 10:15:40 +01:00
Marcel Hofer
b8a12ad192 [SSL] fix bug with pruning old certificates (#3272) 2020-01-17 22:36:04 +01:00
andryyy
37934fae03
[Rspamd] Add mailcow_networks map 2020-01-12 12:23:11 +01:00
andryyy
2f818b7f84
[Dovecot] Set bcc in quarantine notify 2020-01-10 20:43:20 +01:00
andryyy
03cbed5002
[Rspamd] allow_hdrfrom_mismatch true, auth_only false (sieve) 2020-01-10 20:39:11 +01:00
Yohann Prigent
2f1520b991 fix new imapsync dependency (#3256)
thanks
2020-01-06 23:13:37 +01:00
Peter
ef64b638eb Update imapsync to 1.977 (#3248) 2020-01-06 18:43:21 +01:00
andryyy
dd91be5a39
[Watchdog] Wait 3 seconds before looping again 2020-01-01 20:11:28 +01:00
andryyy
9e11ab1fd4
[Watchdog] Retry to get current ACME log status, if empty (may fix watchdog mails on very busy servers - eg while running a backup) 2019-12-28 11:37:04 +01:00
andryyy
196c327215
[PHP-FPM] Remove useless flag for gd 2019-12-28 11:35:59 +01:00
andryyy
390cbc070b
[Dovecot] Remove CONTROL from shared namespace - thanks to @Keessaus 2019-12-25 10:34:08 +01:00
andryyy
b63cad1dd5
[Compose] Update Rspamd image 2019-12-23 10:21:44 +01:00
andryyy
86d55c41db
[Rspamd] Touch bad lang map
[Rspamd] SA trivial converter (wip)
2019-12-23 10:20:41 +01:00