From 310c01aac24d70f4d925b366429b409cd73e1900 Mon Sep 17 00:00:00 2001 From: Felix Kaechele Date: Fri, 3 Mar 2023 22:57:10 -0500 Subject: [PATCH 1/5] Fix SELinux labelling of init_db.inc.php for SOGo init_db.inc.php is currently labelled as exclusive for SOGo while in truth it is shared among containers. This breaks the admin interface but also any of the DAV features of SOGo. Signed-off-by: Felix Kaechele --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 40d22ce0..ad3053ae 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -191,7 +191,7 @@ services: volumes: - ./data/hooks/sogo:/hooks:Z - ./data/conf/sogo/:/etc/sogo/:z - - ./data/web/inc/init_db.inc.php:/init_db.inc.php:Z + - ./data/web/inc/init_db.inc.php:/init_db.inc.php:z - ./data/conf/sogo/custom-favicon.ico:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo.ico:z - ./data/conf/sogo/custom-theme.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js:z - ./data/conf/sogo/custom-sogo.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/custom-sogo.js:z From 1a9294b58f0c1756c4e61451e4a7103e34640998 Mon Sep 17 00:00:00 2001 From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com> Date: Sat, 4 Mar 2023 17:57:52 +0200 Subject: [PATCH 2/5] [Rspamd] Fix cases of forwarding via freemail Excluding FREEMAIL_ENVFROM from the FREEMAIL_POLICY_FAILURE expression will allow forwarding mail via freemail services when the initial sender did not have a DKIM signature. --- data/conf/rspamd/local.d/composites.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/conf/rspamd/local.d/composites.conf b/data/conf/rspamd/local.d/composites.conf index 337a2eb1..02ff955b 100644 --- a/data/conf/rspamd/local.d/composites.conf +++ b/data/conf/rspamd/local.d/composites.conf @@ -8,7 +8,7 @@ VIRUS_FOUND { } # Bad policy from free mail providers FREEMAIL_POLICY_FAILURE { - expression = "-g+:policies & !DMARC_POLICY_ALLOW & !MAILLIST & ( FREEMAIL_ENVFROM | FREEMAIL_FROM ) & !WHITELISTED_FWD_HOST"; + expression = "FREEMAIL_FROM & !DMARC_POLICY_ALLOW & !MAILLIST& !WHITELISTED_FWD_HOST & -g+:policies"; score = 16.0; } # Applies to freemail with undisclosed recipients From 81fcbdd1047c12811b3235f714dbc9dab97eaa9c Mon Sep 17 00:00:00 2001 From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com> Date: Sat, 4 Mar 2023 18:06:26 +0200 Subject: [PATCH 3/5] [SOGo] Disable password change option It doesn't work with ProxyAuth and in general not honor password policy set via mailcow UI. SOGo also do not provide own settings to provide any password policy. Due to this two issues I think that it's better have it disabled by default. People who need it can turn it back easily. We can update https://docs.mailcow.email/manual-guides/SOGo/u_e-sogo/#disable-password-changing to `enable-password-changin` and explanations of reasons why it is disabled. --- data/conf/sogo/sogo.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/conf/sogo/sogo.conf b/data/conf/sogo/sogo.conf index 97a34e9e..2c042c30 100644 --- a/data/conf/sogo/sogo.conf +++ b/data/conf/sogo/sogo.conf @@ -62,7 +62,7 @@ SOGoFirstDayOfWeek = "1"; SOGoSieveFolderEncoding = "UTF-8"; - SOGoPasswordChangeEnabled = YES; + SOGoPasswordChangeEnabled = NO; SOGoSentFolderName = "Sent"; SOGoMailShowSubscribedFoldersOnly = NO; NGImap4ConnectionStringSeparator = "/"; From cbe1c97a82ccf64d29ebed8c344a4acdaa782882 Mon Sep 17 00:00:00 2001 From: milkmaker Date: Tue, 7 Mar 2023 05:39:22 +0100 Subject: [PATCH 4/5] Translations update from Weblate (#5114) * [Web] Updated lang.da-dk.json [Web] Updated lang.da-dk.json [Web] Updated lang.da-dk.json Co-authored-by: Tacaly Co-authored-by: milkmaker * [Web] Updated lang.fr-fr.json Co-authored-by: Matthieu Leboeuf Co-authored-by: milkmaker --------- Co-authored-by: Tacaly Co-authored-by: Matthieu Leboeuf --- data/web/lang/lang.da-dk.json | 10 +++++++--- data/web/lang/lang.fr-fr.json | 11 +++++++++-- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/data/web/lang/lang.da-dk.json b/data/web/lang/lang.da-dk.json index 6ff8e9b7..61a553e6 100644 --- a/data/web/lang/lang.da-dk.json +++ b/data/web/lang/lang.da-dk.json @@ -83,7 +83,7 @@ "private_comment": "Privat kommentar", "public_comment": "Offentlig kommentar", "quota_mb": "Kvota (Mb)", - "relay_all": "Send alle modtagere videre", + "relay_all": "Besvar alle modtager", "relay_all_info": "↪ Hvis du vælger ikke at videresende alle modtagere, skal du tilføje et (\"blind\") postkasse til hver enkelt modtager, der skal videresendes.", "relay_domain": "Send dette domæne videre", "relay_transport_info": "
Info
Du kan definere transportkort til en tilpasset destination for dette domæne. Hvis ikke indstillet, foretages der et MX-opslag.", @@ -104,7 +104,10 @@ "timeout2": "Timeout for forbindelse til lokal vært", "username": "Brugernavn", "validate": "Bekræft", - "validation_success": "Valideret med succes" + "validation_success": "Valideret med succes", + "bcc_dest_format": "BCC-destination skal være en enkelt gyldig e-mail-adresse.
Hvis du har brug for at sende en kopi til flere adresser, kan du oprette et alias og bruge det her.", + "app_passwd_protocols": "Tilladte protokoller for app adgangskode", + "tags": "Tag's" }, "admin": { "access": "Adgang", @@ -313,7 +316,8 @@ "verify": "Verificere", "yes": "✓", "ip_check_opt_in": "Opt-In for brug af tredjepartstjeneste ipv4.mailcow.email og ipv6.mailcow.email til at finde eksterne IP-adresser.", - "queue_unban": "unban" + "queue_unban": "unban", + "admins": "Administratorer" }, "danger": { "access_denied": "Adgang nægtet eller ugyldig formular data", diff --git a/data/web/lang/lang.fr-fr.json b/data/web/lang/lang.fr-fr.json index 4db773e0..ef19d186 100644 --- a/data/web/lang/lang.fr-fr.json +++ b/data/web/lang/lang.fr-fr.json @@ -321,7 +321,9 @@ "admins": "Administrateurs", "api_read_only": "Accès lecture-seule", "password_policy_lowerupper": "Doit contenir des caractères minuscules et majuscules", - "password_policy_numbers": "Doit contenir au moins un chiffre" + "password_policy_numbers": "Doit contenir au moins un chiffre", + "ip_check": "Vérification IP", + "ip_check_disabled": "La vérification IP est désactivée. Vous pouvez l'activer sous
Système > Configuration > Options > Personnaliser" }, "danger": { "access_denied": "Accès refusé ou données de formulaire non valides", @@ -440,7 +442,12 @@ "username_invalid": "Le nom d'utilisateur %s ne peut pas être utilisé", "validity_missing": "Veuillez attribuer une période de validité", "value_missing": "Veuillez fournir toutes les valeurs", - "yotp_verification_failed": "La vérification Yubico OTP a échoué : %s" + "yotp_verification_failed": "La vérification Yubico OTP a échoué : %s", + "webauthn_authenticator_failed": "L'authentificateur selectionné est introuvable", + "demo_mode_enabled": "Le mode de démonstration est activé", + "template_exists": "La template %s existe déja", + "template_id_invalid": "Le numéro de template %s est invalide", + "template_name_invalid": "Le nom de la template est invalide" }, "debug": { "chart_this_server": "Graphique (ce serveur)", From f36bc16ca7bccbff3c1e649ce84eaaa61c0d5a95 Mon Sep 17 00:00:00 2001 From: BD <51322242+bdwebnet@users.noreply.github.com> Date: Wed, 8 Mar 2023 10:35:23 +0100 Subject: [PATCH 5/5] Fix Bug with button to load more logs --- data/web/js/site/debug.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js index e0b9a5ab..55b6660b 100644 --- a/data/web/js/site/debug.js +++ b/data/web/js/site/debug.js @@ -1181,7 +1181,7 @@ jQuery(function($){ if (table = $('#' + log_table).DataTable()) { var heading = $('#' + log_table).closest('.card').find('.card-header'); - var load_rows = (table.page.len() + 1) + '-' + (table.page.len() + new_nrows) + var load_rows = (table.data().length + 1) + '-' + (table.data().length + new_nrows) $.get('/api/v1/get/logs/' + log_url + '/' + load_rows).then(function(data){ if (data.length === undefined) { mailcow_alert_box(lang.no_new_rows, "info"); return; }