From 3dc486993eb120d2b0cef4a79bee83db04d761fb Mon Sep 17 00:00:00 2001 From: andryyy Date: Sat, 31 Dec 2016 23:05:52 +0100 Subject: [PATCH 01/29] Show a spinner when SOGo restarts --- data/web/inc/footer.inc.php | 2 ++ data/web/inc/header.inc.php | 24 ++++++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/data/web/inc/footer.inc.php b/data/web/inc/footer.inc.php index e9a8a18d..052f03b2 100644 --- a/data/web/inc/footer.inc.php +++ b/data/web/inc/footer.inc.php @@ -85,6 +85,7 @@ $(document).ready(function() { // Trigger SOGo restart $('#triggerRestartSogo').click(function(){ $(this).prop("disabled",true); + $(this).html(' '); $('#statusTriggerRestartSogo').text('Stopping SOGo workers, this may take a while... '); $.ajax({ method: 'get', @@ -105,6 +106,7 @@ $(document).ready(function() { }, success: function(data) { $('#statusTriggerRestartSogo').append(data); + $('#triggerRestartSogo').html(' '); } }); } diff --git a/data/web/inc/header.inc.php b/data/web/inc/header.inc.php index 190e5418..2059f0e6 100644 --- a/data/web/inc/header.inc.php +++ b/data/web/inc/header.inc.php @@ -119,6 +119,30 @@ table[data-sortable].sortable-theme-bootstrap.sortable-theme-bootstrap-striped t background-color: #fafafa; border:1px solid white; } +.glyphicon-spin { + -webkit-animation: spin 1000ms infinite linear; + animation: spin 1000ms infinite linear; +} +@-webkit-keyframes spin { + 0% { + -webkit-transform: rotate(0deg); + transform: rotate(0deg); + } + 100% { + -webkit-transform: rotate(359deg); + transform: rotate(359deg); + } +} +@keyframes spin { + 0% { + -webkit-transform: rotate(0deg); + transform: rotate(0deg); + } + 100% { + -webkit-transform: rotate(359deg); + transform: rotate(359deg); + } +} Date: Sun, 1 Jan 2017 12:31:02 +0100 Subject: [PATCH 02/29] Allow complex passwords in user php --- data/web/user.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/web/user.php b/data/web/user.php index c0db9c8c..a0c04bc4 100644 --- a/data/web/user.php +++ b/data/web/user.php @@ -26,13 +26,13 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
- +
- +

From abeee45fb2f4624f8204d23c669df94711443d7b Mon Sep 17 00:00:00 2001 From: andryyy Date: Sun, 1 Jan 2017 12:33:05 +0100 Subject: [PATCH 03/29] Allow complex passwords --- data/web/user.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/web/user.php b/data/web/user.php index c0db9c8c..a0c04bc4 100644 --- a/data/web/user.php +++ b/data/web/user.php @@ -26,13 +26,13 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user
- +
- +

From b5e5f8f9348c76c213cfc0583183601a90a24ee4 Mon Sep 17 00:00:00 2001 From: andryyy Date: Sun, 1 Jan 2017 19:49:02 +0100 Subject: [PATCH 04/29] Add volume --- data/Dockerfiles/sogo/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/data/Dockerfiles/sogo/Dockerfile b/data/Dockerfiles/sogo/Dockerfile index 2d043fdd..932dc751 100644 --- a/data/Dockerfiles/sogo/Dockerfile +++ b/data/Dockerfiles/sogo/Dockerfile @@ -38,6 +38,8 @@ COPY supervisord.conf /etc/supervisor/supervisord.conf EXPOSE 20000 EXPOSE 9191 +VOLUME /usr/lib/GNUstep/SOGo/WebServerResources/ + CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* From bb3ef747219f78f4b10c8a7aa94e61109af1db61 Mon Sep 17 00:00:00 2001 From: andryyy Date: Sun, 1 Jan 2017 21:23:10 +0100 Subject: [PATCH 05/29] Change service names to skip alias --- docker-compose.yml | 77 ++++++++++++++++------------------------------ 1 file changed, 27 insertions(+), 50 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index b91c5516..2c74fc5c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,7 @@ version: '2' services: - pdns-mailcow: + pdns: image: andryyy/mailcow-dockerized:pdns volumes: - ./data/conf/pdns/:/etc/powerdns/ @@ -9,13 +9,11 @@ services: networks: mailcow-network: ipv4_address: 172.22.1.254 - aliases: - - pdns - mysql-mailcow: + mysql: image: mariadb:10.1 depends_on: - - pdns-mailcow + - pdns command: mysqld volumes: - mysql-vol-1:/var/lib/mysql/ @@ -31,13 +29,11 @@ services: restart: always networks: mailcow-network: - aliases: - - mysql - redis-mailcow: + redis: image: redis depends_on: - - pdns-mailcow + - pdns volumes: - redis-vol-1:/data/ restart: always @@ -46,13 +42,11 @@ services: dns_search: mailcow-network networks: mailcow-network: - aliases: - - redis - rspamd-mailcow: + rspamd: image: andryyy/mailcow-dockerized:rspamd depends_on: - - pdns-mailcow + - pdns volumes: - ./data/conf/rspamd/override.d/:/etc/rspamd/override.d:ro - ./data/conf/rspamd/local.d/:/etc/rspamd/local.d:ro @@ -64,13 +58,11 @@ services: dns_search: mailcow-network networks: mailcow-network: - aliases: - - rspamd - php-fpm-mailcow: + phpfpm: image: andryyy/mailcow-dockerized:phpfpm depends_on: - - pdns-mailcow + - pdns volumes: - ./data/web:/web:ro - ./data/conf/rspamd/dynmaps:/dynmaps:ro @@ -87,14 +79,12 @@ services: restart: always networks: mailcow-network: - aliases: - - phpfpm - sogo-mailcow: + sogo: image: andryyy/mailcow-dockerized:sogo depends_on: - - pdns-mailcow - - mysql-mailcow + - pdns + - mysql environment: - DBNAME=${DBNAME} - DBUSER=${DBUSER} @@ -105,17 +95,14 @@ services: dns_search: mailcow-network volumes: - ./data/conf/sogo/:/etc/sogo/ - - /usr/lib/GNUstep/SOGo/WebServerResources/ restart: always networks: mailcow-network: - aliases: - - sogo - rmilter-mailcow: + rmilter: image: andryyy/mailcow-dockerized:rmilter depends_on: - - pdns-mailcow + - pdns volumes: - ./data/conf/rmilter/:/etc/rmilter.conf.d/:ro restart: always @@ -124,19 +111,17 @@ services: dns_search: mailcow-network networks: mailcow-network: - aliases: - - rmilter - dovecot-mailcow: + dovecot: image: andryyy/mailcow-dockerized:dovecot depends_on: - - pdns-mailcow + - pdns volumes: - ./data/conf/dovecot:/etc/dovecot - ./data/assets/ssl:/etc/ssl/mail/:ro - vmail-vol-1:/var/vmail volumes_from: - - sogo-mailcow + - sogo environment: - DBNAME=${DBNAME} - DBUSER=${DBUSER} @@ -154,13 +139,11 @@ services: hostname: ${MAILCOW_HOSTNAME} networks: mailcow-network: - aliases: - - dovecot - postfix-mailcow: + postfix: image: andryyy/mailcow-dockerized:postfix depends_on: - - pdns-mailcow + - pdns volumes: - ./data/conf/postfix:/opt/postfix/conf - ./data/assets/ssl:/etc/ssl/mail/:ro @@ -179,31 +162,27 @@ services: dns_search: mailcow-network networks: mailcow-network: - aliases: - - postfix - memcached-mailcow: + memcached: image: memcached depends_on: - - pdns-mailcow + - pdns restart: always dns: - 172.22.1.254 dns_search: mailcow-network networks: mailcow-network: - aliases: - - memcached - nginx-mailcow: + nginx: depends_on: - - mysql-mailcow - - sogo-mailcow - - php-fpm-mailcow - - rspamd-mailcow + - mysql + - sogo + - phpfpm + - rspamd image: nginx:mainline volumes_from: - - sogo-mailcow + - sogo volumes: - ./data/web:/web:ro - ./data/conf/rspamd/dynmaps:/dynmaps:ro @@ -217,8 +196,6 @@ services: restart: always networks: mailcow-network: - aliases: - - nginx networks: mailcow-network: From c0b31ff2d4ef51a97e9c9d0c7d6419ad64a3064a Mon Sep 17 00:00:00 2001 From: andryyy Date: Sun, 1 Jan 2017 21:23:35 +0100 Subject: [PATCH 06/29] Change ports in docker-compose file if needed --- generate_config.sh | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/generate_config.sh b/generate_config.sh index cb1a516e..92deccb5 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -29,7 +29,6 @@ MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME} # ------------------------------ DBNAME=mailcow DBUSER=mailcow - # Please use long, random alphanumeric strings (A-Za-z0-9) DBPASS=$( Date: Sun, 1 Jan 2017 21:26:51 +0100 Subject: [PATCH 07/29] Change ports in docker-compose file if needed --- docker-compose.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 2c74fc5c..f54d9f4a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -127,11 +127,11 @@ services: - DBUSER=${DBUSER} - DBPASS=${DBPASS} ports: - - "${IMAP_PORT}:143" - - "${IMAPS_PORT}:993" - - "${POP_PORT}:110" - - "${POPS_PORT}:995" - - "${SIEVE_PORT}:4190" + - "143:143" + - "993:993" + - "110:110" + - "995:995" + - "4190:4190" dns: - 172.22.1.254 dns_search: mailcow-network @@ -152,9 +152,9 @@ services: - DBUSER=${DBUSER} - DBPASS=${DBPASS} ports: - - "${SMTP_PORT}:25" - - "${SMTPS_PORT}:465" - - "${SUBMISSION_PORT}:587" + - "25:25" + - "465:465" + - "587:587" restart: always hostname: ${MAILCOW_HOSTNAME} dns: From 2c822accb8f5d602529979fb1f710b56144ab74b Mon Sep 17 00:00:00 2001 From: andryyy Date: Tue, 3 Jan 2017 10:33:06 +0100 Subject: [PATCH 08/29] Do not change service names --- docker-compose.yml | 93 +++++++++++++++++++++++++++++----------------- generate_config.sh | 13 +++++++ 2 files changed, 71 insertions(+), 35 deletions(-) mode change 100755 => 100644 generate_config.sh diff --git a/docker-compose.yml b/docker-compose.yml index f54d9f4a..b91c5516 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,7 @@ version: '2' services: - pdns: + pdns-mailcow: image: andryyy/mailcow-dockerized:pdns volumes: - ./data/conf/pdns/:/etc/powerdns/ @@ -9,11 +9,13 @@ services: networks: mailcow-network: ipv4_address: 172.22.1.254 + aliases: + - pdns - mysql: + mysql-mailcow: image: mariadb:10.1 depends_on: - - pdns + - pdns-mailcow command: mysqld volumes: - mysql-vol-1:/var/lib/mysql/ @@ -29,11 +31,13 @@ services: restart: always networks: mailcow-network: + aliases: + - mysql - redis: + redis-mailcow: image: redis depends_on: - - pdns + - pdns-mailcow volumes: - redis-vol-1:/data/ restart: always @@ -42,11 +46,13 @@ services: dns_search: mailcow-network networks: mailcow-network: + aliases: + - redis - rspamd: + rspamd-mailcow: image: andryyy/mailcow-dockerized:rspamd depends_on: - - pdns + - pdns-mailcow volumes: - ./data/conf/rspamd/override.d/:/etc/rspamd/override.d:ro - ./data/conf/rspamd/local.d/:/etc/rspamd/local.d:ro @@ -58,11 +64,13 @@ services: dns_search: mailcow-network networks: mailcow-network: + aliases: + - rspamd - phpfpm: + php-fpm-mailcow: image: andryyy/mailcow-dockerized:phpfpm depends_on: - - pdns + - pdns-mailcow volumes: - ./data/web:/web:ro - ./data/conf/rspamd/dynmaps:/dynmaps:ro @@ -79,12 +87,14 @@ services: restart: always networks: mailcow-network: + aliases: + - phpfpm - sogo: + sogo-mailcow: image: andryyy/mailcow-dockerized:sogo depends_on: - - pdns - - mysql + - pdns-mailcow + - mysql-mailcow environment: - DBNAME=${DBNAME} - DBUSER=${DBUSER} @@ -95,14 +105,17 @@ services: dns_search: mailcow-network volumes: - ./data/conf/sogo/:/etc/sogo/ + - /usr/lib/GNUstep/SOGo/WebServerResources/ restart: always networks: mailcow-network: + aliases: + - sogo - rmilter: + rmilter-mailcow: image: andryyy/mailcow-dockerized:rmilter depends_on: - - pdns + - pdns-mailcow volumes: - ./data/conf/rmilter/:/etc/rmilter.conf.d/:ro restart: always @@ -111,27 +124,29 @@ services: dns_search: mailcow-network networks: mailcow-network: + aliases: + - rmilter - dovecot: + dovecot-mailcow: image: andryyy/mailcow-dockerized:dovecot depends_on: - - pdns + - pdns-mailcow volumes: - ./data/conf/dovecot:/etc/dovecot - ./data/assets/ssl:/etc/ssl/mail/:ro - vmail-vol-1:/var/vmail volumes_from: - - sogo + - sogo-mailcow environment: - DBNAME=${DBNAME} - DBUSER=${DBUSER} - DBPASS=${DBPASS} ports: - - "143:143" - - "993:993" - - "110:110" - - "995:995" - - "4190:4190" + - "${IMAP_PORT}:143" + - "${IMAPS_PORT}:993" + - "${POP_PORT}:110" + - "${POPS_PORT}:995" + - "${SIEVE_PORT}:4190" dns: - 172.22.1.254 dns_search: mailcow-network @@ -139,11 +154,13 @@ services: hostname: ${MAILCOW_HOSTNAME} networks: mailcow-network: + aliases: + - dovecot - postfix: + postfix-mailcow: image: andryyy/mailcow-dockerized:postfix depends_on: - - pdns + - pdns-mailcow volumes: - ./data/conf/postfix:/opt/postfix/conf - ./data/assets/ssl:/etc/ssl/mail/:ro @@ -152,9 +169,9 @@ services: - DBUSER=${DBUSER} - DBPASS=${DBPASS} ports: - - "25:25" - - "465:465" - - "587:587" + - "${SMTP_PORT}:25" + - "${SMTPS_PORT}:465" + - "${SUBMISSION_PORT}:587" restart: always hostname: ${MAILCOW_HOSTNAME} dns: @@ -162,27 +179,31 @@ services: dns_search: mailcow-network networks: mailcow-network: + aliases: + - postfix - memcached: + memcached-mailcow: image: memcached depends_on: - - pdns + - pdns-mailcow restart: always dns: - 172.22.1.254 dns_search: mailcow-network networks: mailcow-network: + aliases: + - memcached - nginx: + nginx-mailcow: depends_on: - - mysql - - sogo - - phpfpm - - rspamd + - mysql-mailcow + - sogo-mailcow + - php-fpm-mailcow + - rspamd-mailcow image: nginx:mainline volumes_from: - - sogo + - sogo-mailcow volumes: - ./data/web:/web:ro - ./data/conf/rspamd/dynmaps:/dynmaps:ro @@ -196,6 +217,8 @@ services: restart: always networks: mailcow-network: + aliases: + - nginx networks: mailcow-network: diff --git a/generate_config.sh b/generate_config.sh old mode 100755 new mode 100644 index 92deccb5..cb1a516e --- a/generate_config.sh +++ b/generate_config.sh @@ -29,6 +29,7 @@ MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME} # ------------------------------ DBNAME=mailcow DBUSER=mailcow + # Please use long, random alphanumeric strings (A-Za-z0-9) DBPASS=$( Date: Tue, 3 Jan 2017 10:35:41 +0100 Subject: [PATCH 09/29] Revert vol change --- data/Dockerfiles/sogo/Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/data/Dockerfiles/sogo/Dockerfile b/data/Dockerfiles/sogo/Dockerfile index 932dc751..2d043fdd 100644 --- a/data/Dockerfiles/sogo/Dockerfile +++ b/data/Dockerfiles/sogo/Dockerfile @@ -38,8 +38,6 @@ COPY supervisord.conf /etc/supervisor/supervisord.conf EXPOSE 20000 EXPOSE 9191 -VOLUME /usr/lib/GNUstep/SOGo/WebServerResources/ - CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* From 2aace3d5cc2a15380c9d182e76fb2195963c9087 Mon Sep 17 00:00:00 2001 From: andryyy Date: Tue, 3 Jan 2017 10:36:12 +0100 Subject: [PATCH 10/29] Fix permission --- generate_config.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 generate_config.sh diff --git a/generate_config.sh b/generate_config.sh old mode 100644 new mode 100755 From 8e07d29f0a43e3c44b7341aa4906f9dd81350c4c Mon Sep 17 00:00:00 2001 From: andryyy Date: Tue, 3 Jan 2017 10:39:32 +0100 Subject: [PATCH 11/29] Some slight changes in permission checks for future updates --- data/web/inc/functions.inc.php | 35 +++++++++++++++++++++++++++++++--- 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index ce1b374e..cfa3fdb4 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -8,11 +8,12 @@ function hasDomainAccess($username, $role, $domain) { if (!filter_var($username, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) { return false; } - if (!is_valid_domain_name($domain)) { return false; } - + if ($role != 'admin' && $role != 'domainadmin' && $role != 'user') { + return false; + } try { $stmt = $pdo->prepare("SELECT `domain` FROM `domain_admins` WHERE ( @@ -2192,6 +2193,9 @@ function delete_domain_admin($postarray) { function get_spam_score($username) { global $pdo; $default = "5, 15"; + if ($_SESSION['mailcow_cc_role'] != "user") { + return false; + } if (!filter_var($username, FILTER_VALIDATE_EMAIL)) { return $default; } @@ -2235,6 +2239,13 @@ function get_spam_score($username) { function set_spam_score($postarray) { global $lang; global $pdo; + if ($_SESSION['mailcow_cc_role'] != "user") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } $username = $_SESSION['mailcow_cc_username']; $lowspamlevel = explode(',', $postarray['score'])[0]; $highspamlevel = explode(',', $postarray['score'])[1]; @@ -2288,7 +2299,15 @@ function set_spam_score($postarray) { function set_policy_list($postarray) { global $lang; global $pdo; - + if ($_SESSION['mailcow_cc_role'] != "admin" && + $_SESSION['mailcow_cc_role'] != "domainadmin" && + $_SESSION['mailcow_cc_role'] != "user") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } (isset($postarray['domain'])) ? $object = $postarray['domain'] : $object = $_SESSION['mailcow_cc_username']; ($postarray['object_list'] == "bl") ? $object_list = "blacklist_from" : $object_list = "whitelist_from"; $object_from = preg_replace('/\.+/', '.', rtrim(preg_replace("/\.\*/", "*", trim(strtolower($postarray['object_from']))), '.')); @@ -2389,6 +2408,13 @@ function set_policy_list($postarray) { function set_tls_policy($postarray) { global $lang; global $pdo; + if ($_SESSION['mailcow_cc_role'] != "user") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } isset($postarray['tls_in']) ? $tls_in = '1' : $tls_in = '0'; isset($postarray['tls_out']) ? $tls_out = '1' : $tls_out = '0'; $username = $_SESSION['mailcow_cc_username']; @@ -2422,6 +2448,9 @@ function set_tls_policy($postarray) { function get_tls_policy($username) { global $lang; global $pdo; + if ($_SESSION['mailcow_cc_role'] != "user") { + return false; + } if (!filter_var($username, FILTER_VALIDATE_EMAIL)) { $_SESSION['return'] = array( 'type' => 'danger', From 887f7db7a8f059924a2d0c6769773e1516ae1e40 Mon Sep 17 00:00:00 2001 From: andryyy Date: Tue, 3 Jan 2017 11:46:11 +0100 Subject: [PATCH 12/29] Add language strings --- data/web/inc/footer.inc.php | 6 +++--- data/web/inc/header.inc.php | 2 +- data/web/lang/lang.de.php | 5 ++++- data/web/lang/lang.en.php | 6 ++++-- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/data/web/inc/footer.inc.php b/data/web/inc/footer.inc.php index 052f03b2..b2976bec 100644 --- a/data/web/inc/footer.inc.php +++ b/data/web/inc/footer.inc.php @@ -6,12 +6,12 @@ if ($_SESSION['mailcow_cc_role'] == "admin"):
-

Restart SOGo

+

-

Some tasks, e.g. adding a domain, require you to restart SOGo to catch changes made in the mailcow UI.

+

- +

diff --git a/data/web/inc/header.inc.php b/data/web/inc/header.inc.php index 2059f0e6..d72ec73f 100644 --- a/data/web/inc/header.inc.php +++ b/data/web/inc/header.inc.php @@ -226,7 +226,7 @@ endif; -
  • Restart SOGo
    • +
    • diff --git a/data/web/lang/lang.de.php b/data/web/lang/lang.de.php index dc96774e..358f87e1 100644 --- a/data/web/lang/lang.de.php +++ b/data/web/lang/lang.de.php @@ -5,7 +5,10 @@ // */ $lang['footer']['loading'] = 'Einen Moment bitte...'; -$lang['getmail']['no_status'] = 'Keinen letzten Vorgang festgestellt.'; +$lang['header']['restart_sogo'] = 'SOGo neustarten'; +$lang['footer']['restart_sogo'] = 'SOGo neustarten'; +$lang['footer']['restart_now'] = 'Restart now'; +$lang['footer']['restart_sogo_info'] = 'Einige Änderungen an Domains benötigen einen Neustart SOGos. Hier können Sie SOGo neustarten.

    Wichtig: Ein korrekter Neustart SOGos kann eine Weile in Anspruch nehmen, bitte warten Sie, bis der Prozess vollständig beendet wurde.'; $lang['dkim']['confirm'] = 'Sind Sie sicher?'; $lang['danger']['dkim_not_found'] = 'DKIM-Record nicht gefunden'; $lang['danger']['dkim_remove_failed'] = 'Kann DKIM-Record nicht entfernen'; diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php index 4f227ede..90b8a6c2 100644 --- a/data/web/lang/lang.en.php +++ b/data/web/lang/lang.en.php @@ -5,8 +5,10 @@ // */ $lang['footer']['loading'] = "Please wait..."; -$lang['getmail']['no_status'] = "No previous status found."; -$lang['dkim']['confirm'] = "Are you sure?"; +$lang['header']['restart_sogo'] = 'Restart SOGo'; +$lang['footer']['restart_sogo'] = 'Restart SOGo'; +$lang['footer']['restart_now'] = 'Jetzt neustarten'; +$lang['footer']['restart_sogo_info'] = 'Some tasks, e.g. adding a domain, require you to restart SOGo to catch changes made in the mailcow UI.

    Important: A graceful restart may take a while to finish, please wait for it to finish.';$lang['dkim']['confirm'] = "Are you sure?"; $lang['danger']['dkim_not_found'] = "DKIM record not found"; $lang['danger']['dkim_remove_failed'] = "Cannot remove selected DKIM record"; $lang['danger']['dkim_add_failed'] = "Cannot add given DKIM record"; From ebfc45df9ff7954f58657e6542bf89be6aa156d9 Mon Sep 17 00:00:00 2001 From: andryyy Date: Tue, 3 Jan 2017 11:47:09 +0100 Subject: [PATCH 13/29] Set huge timeout in PHP for SOGo childs to stop --- data/conf/nginx/site.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf index 43570d0c..ffc3f607 100644 --- a/data/conf/nginx/site.conf +++ b/data/conf/nginx/site.conf @@ -27,6 +27,10 @@ server { include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param PHP_VALUE "max_execution_time = 1200 + max_input_time = 1200 + memory_limit = 64M"; + fastcgi_read_timeout 1200; } rewrite ^(/save.+)$ /rspamd$1 last; From caa6890cae014f7e13c9f317a7efb392360bed08 Mon Sep 17 00:00:00 2001 From: andryyy Date: Tue, 3 Jan 2017 11:50:08 +0100 Subject: [PATCH 14/29] Add lang strings --- data/web/lang/lang.de.php | 2 +- data/web/lang/lang.en.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/data/web/lang/lang.de.php b/data/web/lang/lang.de.php index 358f87e1..09b79c9b 100644 --- a/data/web/lang/lang.de.php +++ b/data/web/lang/lang.de.php @@ -7,7 +7,7 @@ $lang['footer']['loading'] = 'Einen Moment bitte...'; $lang['header']['restart_sogo'] = 'SOGo neustarten'; $lang['footer']['restart_sogo'] = 'SOGo neustarten'; -$lang['footer']['restart_now'] = 'Restart now'; +$lang['footer']['restart_now'] = 'Jetzt neustarten'; $lang['footer']['restart_sogo_info'] = 'Einige Änderungen an Domains benötigen einen Neustart SOGos. Hier können Sie SOGo neustarten.

    Wichtig: Ein korrekter Neustart SOGos kann eine Weile in Anspruch nehmen, bitte warten Sie, bis der Prozess vollständig beendet wurde.'; $lang['dkim']['confirm'] = 'Sind Sie sicher?'; $lang['danger']['dkim_not_found'] = 'DKIM-Record nicht gefunden'; diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php index 90b8a6c2..0a603393 100644 --- a/data/web/lang/lang.en.php +++ b/data/web/lang/lang.en.php @@ -7,7 +7,7 @@ $lang['footer']['loading'] = "Please wait..."; $lang['header']['restart_sogo'] = 'Restart SOGo'; $lang['footer']['restart_sogo'] = 'Restart SOGo'; -$lang['footer']['restart_now'] = 'Jetzt neustarten'; +$lang['footer']['restart_now'] = 'Restart now'; $lang['footer']['restart_sogo_info'] = 'Some tasks, e.g. adding a domain, require you to restart SOGo to catch changes made in the mailcow UI.

    Important: A graceful restart may take a while to finish, please wait for it to finish.';$lang['dkim']['confirm'] = "Are you sure?"; $lang['danger']['dkim_not_found'] = "DKIM record not found"; $lang['danger']['dkim_remove_failed'] = "Cannot remove selected DKIM record"; From 7384f83932e763571aa08d76a6dcd9b1b20f8694 Mon Sep 17 00:00:00 2001 From: andryyy Date: Thu, 5 Jan 2017 20:33:37 +0100 Subject: [PATCH 15/29] Add rspamd volume --- docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index b91c5516..3888762c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -58,6 +58,7 @@ services: - ./data/conf/rspamd/local.d/:/etc/rspamd/local.d:ro - ./data/conf/rspamd/lua/:/etc/rspamd/lua/:ro - dkim-vol-1:/data/dkim + - rspamd-vol-1:/var/lib/rspamd restart: always dns: - 172.22.1.254 @@ -234,3 +235,4 @@ volumes: mysql-vol-1: dkim-vol-1: redis-vol-1: + rspamd-vol-1: From 75139e51cc0fc19de8ff17bcdc6227742479bed8 Mon Sep 17 00:00:00 2001 From: andryyy Date: Thu, 5 Jan 2017 20:35:46 +0100 Subject: [PATCH 16/29] Use a single view for all domains - easier but will cause more load with large setups, use procs here instead --- data/Dockerfiles/sogo/reconf-domains.sh | 61 +++++++++++++------------ 1 file changed, 31 insertions(+), 30 deletions(-) diff --git a/data/Dockerfiles/sogo/reconf-domains.sh b/data/Dockerfiles/sogo/reconf-domains.sh index 78482859..8cc24052 100755 --- a/data/Dockerfiles/sogo/reconf-domains.sh +++ b/data/Dockerfiles/sogo/reconf-domains.sh @@ -1,17 +1,27 @@ #!/bin/bash -# Go in a 5 minute loop -while true; do +# Recreate view - # Wait for MySQL to warm-up - while ! mysqladmin ping --host mysql --silent; do - sleep 1 - done +mysql --host mysql -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP VIEW IF EXISTS sogo_view" - mkdir -p /var/lib/sogo/GNUstep/Defaults/ +mysql --host mysql -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF +CREATE VIEW sogo_view (c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, senderacl, home) AS +SELECT mailbox.username, mailbox.domain, mailbox.username, mailbox.password, mailbox.name, mailbox.username, IFNULL(ga.aliases, ''), IFNULL(gda.ad_alias, ''), IFNULL(gs.send_as, ''), CONCAT('/var/vmail/', maildir) FROM mailbox +LEFT OUTER JOIN grouped_mail_aliases ga ON ga.username = mailbox.username +LEFT OUTER JOIN grouped_sender_acl gs ON gs.username = mailbox.username +LEFT OUTER JOIN grouped_domain_alias_address gda ON gda.username = mailbox.username +WHERE mailbox.active = '1'; +EOF - # Generate plist header with timezone data - cat < /var/lib/sogo/GNUstep/Defaults/sogod.plist +# Wait for MySQL to warm-up +while ! mysqladmin ping --host mysql --silent; do + sleep 1 +done + +mkdir -p /var/lib/sogo/GNUstep/Defaults/ + +# Generate plist header with timezone data +cat < /var/lib/sogo/GNUstep/Defaults/sogod.plist @@ -22,6 +32,8 @@ while true; do mysql://${DBUSER}:${DBPASS}@mysql:3306/${DBNAME}/sogo_cache_folder OCSEMailAlarmsFolderURL mysql://${DBUSER}:${DBPASS}@mysql:3306/${DBNAME}/sogo_alarms_folder + DomainFieldName + domain OCSFolderInfoURL mysql://${DBUSER}:${DBPASS}@mysql:3306/${DBNAME}/sogo_folder_info OCSSessionsFolderURL @@ -36,14 +48,14 @@ while true; do EOF - # Generate multi-domain setup - while read line +# Generate multi-domain setup +while read line do DOMAIN_SANE=$(echo ${line} | tr '-' 'b' | tr '.' 'p' | tr -cd '[[:alnum:]]') echo " ${line} SOGoMailDomain - $(echo ${line} | tr '-' 'b' | tr '.' 'p') + ${DOMAIN_SANE} SOGoUserSources @@ -72,30 +84,19 @@ EOF userPasswordAlgorithm ssha256 viewURL - mysql://${DBUSER}:${DBPASS}@mysql:3306/${DBNAME}/sogo_view_${DOMAIN_SANE} + mysql://${DBUSER}:${DBPASS}@mysql:3306/${DBNAME}/sogo_view " >> /var/lib/sogo/GNUstep/Defaults/sogod.plist - mysql --host mysql -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP VIEW IF EXISTS sogo_view_${DOMAIN_SANE}" - mysql --host mysql -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF -CREATE VIEW sogo_view_${DOMAIN_SANE} (c_uid, c_name, c_password, c_cn, mail, aliases, ad_aliases, senderacl, home) AS -SELECT mailbox.username, mailbox.username, mailbox.password, mailbox.name, mailbox.username, IFNULL(ga.aliases, ''), IFNULL(gda.ad_alias, ''), IFNULL(gs.send_as, ''), CONCAT('/var/vmail/', maildir) FROM mailbox -LEFT OUTER JOIN grouped_mail_aliases ga ON ga.username = mailbox.username -LEFT OUTER JOIN grouped_sender_acl gs ON gs.username = mailbox.username -LEFT OUTER JOIN grouped_domain_alias_address gda ON gda.username = mailbox.username -WHERE mailbox.active = '1' AND domain = '${line}'; -EOF done < <(mysql --host mysql -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT domain FROM domain;" -B -N) - # Generate footer - echo ' +# Generate footer +echo ' ' >> /var/lib/sogo/GNUstep/Defaults/sogod.plist - # Fix permissions - chown sogo:sogo -R /var/lib/sogo/ - chmod 600 /var/lib/sogo/GNUstep/Defaults/sogod.plist +# Fix permissions +chown sogo:sogo -R /var/lib/sogo/ +chmod 600 /var/lib/sogo/GNUstep/Defaults/sogod.plist - sleep 300 - -done +sleep infinite From 77c81f95daa777be211ab469afc75bd52cd1bcae Mon Sep 17 00:00:00 2001 From: andryyy Date: Thu, 5 Jan 2017 21:12:59 +0100 Subject: [PATCH 17/29] Move line --- data/web/lang/lang.en.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php index 0a603393..ce9906d5 100644 --- a/data/web/lang/lang.en.php +++ b/data/web/lang/lang.en.php @@ -8,7 +8,8 @@ $lang['footer']['loading'] = "Please wait..."; $lang['header']['restart_sogo'] = 'Restart SOGo'; $lang['footer']['restart_sogo'] = 'Restart SOGo'; $lang['footer']['restart_now'] = 'Restart now'; -$lang['footer']['restart_sogo_info'] = 'Some tasks, e.g. adding a domain, require you to restart SOGo to catch changes made in the mailcow UI.

    Important: A graceful restart may take a while to finish, please wait for it to finish.';$lang['dkim']['confirm'] = "Are you sure?"; +$lang['footer']['restart_sogo_info'] = 'Some tasks, e.g. adding a domain, require you to restart SOGo to catch changes made in the mailcow UI.

    Important: A graceful restart may take a while to complete, please wait for it to finish.'; +$lang['dkim']['confirm'] = "Are you sure?"; $lang['danger']['dkim_not_found'] = "DKIM record not found"; $lang['danger']['dkim_remove_failed'] = "Cannot remove selected DKIM record"; $lang['danger']['dkim_add_failed'] = "Cannot add given DKIM record"; From 603902014a355edf30d24d55c0a5dde8f505030b Mon Sep 17 00:00:00 2001 From: andryyy Date: Mon, 9 Jan 2017 11:04:35 +0100 Subject: [PATCH 18/29] Add command for phpfpm service to set a timezone, remove env var --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 3888762c..a31b4244 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -70,6 +70,7 @@ services: php-fpm-mailcow: image: andryyy/mailcow-dockerized:phpfpm + command: "php-fpm -d date.timezone=${TZ}" depends_on: - pdns-mailcow volumes: @@ -84,7 +85,6 @@ services: - DBUSER=${DBUSER} - DBPASS=${DBPASS} - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME} - - TZ=${TZ} restart: always networks: mailcow-network: From 49a98a30b510a021218bfef8d0799793e7e51fb4 Mon Sep 17 00:00:00 2001 From: andryyy Date: Mon, 9 Jan 2017 11:05:33 +0100 Subject: [PATCH 19/29] Add ability to set tag handling, add domain map --- data/conf/rspamd/dynmaps/authoritative.php | 22 ++++++++++ data/conf/rspamd/dynmaps/tags.php | 17 ++++++++ data/conf/rspamd/lua/rspamd.local.lua | 49 ++++++++++++++++++++++ 3 files changed, 88 insertions(+) create mode 100644 data/conf/rspamd/dynmaps/authoritative.php create mode 100644 data/conf/rspamd/dynmaps/tags.php diff --git a/data/conf/rspamd/dynmaps/authoritative.php b/data/conf/rspamd/dynmaps/authoritative.php new file mode 100644 index 00000000..b2c101f7 --- /dev/null +++ b/data/conf/rspamd/dynmaps/authoritative.php @@ -0,0 +1,22 @@ + PDO::ERRMODE_EXCEPTION, + PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, + PDO::ATTR_EMULATE_PREPARES => false, +]; +$pdo = new PDO($dsn, $database_user, $database_pass, $opt); +$stmt = $pdo->query("SELECT `domain` FROM `domain`"); +$rows = $stmt->fetchAll(PDO::FETCH_ASSOC); +while ($row = array_shift($rows)) { + echo strtolower(trim($row['domain'])) . PHP_EOL; +} +$stmt = $pdo->query("SELECT `alias_domain` FROM `alias_domain`"); +$rows = $stmt->fetchAll(PDO::FETCH_ASSOC); +while ($row = array_shift($rows)) { + echo strtolower(trim($row['alias_domain'])) . PHP_EOL; +} +?> \ No newline at end of file diff --git a/data/conf/rspamd/dynmaps/tags.php b/data/conf/rspamd/dynmaps/tags.php new file mode 100644 index 00000000..cc6435fe --- /dev/null +++ b/data/conf/rspamd/dynmaps/tags.php @@ -0,0 +1,17 @@ + PDO::ERRMODE_EXCEPTION, + PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, + PDO::ATTR_EMULATE_PREPARES => false, +]; +$pdo = new PDO($dsn, $database_user, $database_pass, $opt); +$stmt = $pdo->query("SELECT `username` FROM `mailbox` WHERE `wants_tagged_subject` = '1'"); +$rows = $stmt->fetchAll(PDO::FETCH_ASSOC); +while ($row = array_shift($rows)) { + echo strtolower(trim($row['username'])) . PHP_EOL; +} +?> \ No newline at end of file diff --git a/data/conf/rspamd/lua/rspamd.local.lua b/data/conf/rspamd/lua/rspamd.local.lua index 292b7d08..4b02bf57 100644 --- a/data/conf/rspamd/lua/rspamd.local.lua +++ b/data/conf/rspamd/lua/rspamd.local.lua @@ -10,3 +10,52 @@ rspamd_config.MAILCOW_AUTH = { rspamd_config.MAILCOW_MOO = function (task) return true end + +local modify_subject_map = rspamd_config:add_map({ + url = 'http://nginx:8081/tags.php', + type = 'map', + description = 'Map of users to use subject tags for' +}) + +local auth_domain_map = rspamd_config:add_map({ + url = 'http://nginx:8081/authoritative.php', + type = 'map', + description = 'Map of domains we are authoritative for' +}) + +rspamd_config.ADD_DELIMITER_TAG = { + callback = function(task) + local util = require("rspamd_util") + local rspamd_logger = require "rspamd_logger" + local user_tagged = task:get_recipients(1)[1]['user'] + local domain = task:get_recipients(1)[1]['domain'] + local user, tag = user_tagged:match("([^+]+)+(.*)") + local authdomain = auth_domain_map:get_key(domain) + + if tag and authdomain then + rspamd_logger.infox("Domain %s is part of mailcow, start reading tag settings", domain) + local user_untagged = user .. '@' .. domain + rspamd_logger.infox("Querying tag settings for user %1", user_untagged) + if modify_subject_map:get_key(user_untagged) then + rspamd_logger.infox("User wants subject modified for tagged mail") + local sbj = task:get_header('Subject') + if tag then + rspamd_logger.infox("Found tag %1, will modify subject header", tag) + new_sbj = '=?UTF-8?B?' .. tostring(util.encode_base64('[' .. tag .. '] ' .. sbj)) .. '?=' + task:set_rmilter_reply({ + remove_headers = {['Subject'] = 1}, + add_headers = {['Subject'] = new_sbj} + }) + end + else + rspamd_logger.infox("Add X-Move-Tag header") + task:set_rmilter_reply({ + add_headers = {['X-Moo-Tag'] = 'YES'} + }) + end + else + rspamd_logger.infox("Skip delimiter handling for untagged message or authenticated user") + end + return false + end +} From d2945b0edfc1543d862c15e410b85040f8b50b7a Mon Sep 17 00:00:00 2001 From: andryyy Date: Mon, 9 Jan 2017 11:08:45 +0100 Subject: [PATCH 20/29] Add ability to set tag handling, show more user information --- data/web/inc/footer.inc.php | 6 +- data/web/inc/functions.inc.php | 112 +++++++++++++++++++++++++++++++ data/web/inc/init.sql | 3 + data/web/inc/triggers.inc.php | 3 + data/web/inc/vars.inc.php | 1 - data/web/lang/lang.de.php | 10 +++ data/web/lang/lang.en.php | 12 ++++ data/web/user.php | 119 ++++++++++++++++++++++----------- 8 files changed, 224 insertions(+), 42 deletions(-) diff --git a/data/web/inc/footer.inc.php b/data/web/inc/footer.inc.php index b2976bec..d2adca8e 100644 --- a/data/web/inc/footer.inc.php +++ b/data/web/inc/footer.inc.php @@ -1,5 +1,5 @@ - - +
    From be7693a8e1fc8bcbeb2afe5a153942d98650d667 Mon Sep 17 00:00:00 2001 From: andryyy Date: Mon, 9 Jan 2017 11:39:27 +0100 Subject: [PATCH 21/29] Sieve tag handling changes --- data/conf/dovecot/sieve_after | 2 +- data/conf/rspamd/lua/rspamd.local.lua | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/data/conf/dovecot/sieve_after b/data/conf/dovecot/sieve_after index ae6aa5fe..d668a94c 100644 --- a/data/conf/dovecot/sieve_after +++ b/data/conf/dovecot/sieve_after @@ -7,6 +7,6 @@ require "envelope"; if header :contains "X-Spam-Flag" "YES" { fileinto "Junk"; } -if envelope :detail :matches "to" "*" { +if allof (envelope :detail :matches "to" "*", header :contains "X-Moo-Tag" "YES") { fileinto :create "INBOX/${1}"; } diff --git a/data/conf/rspamd/lua/rspamd.local.lua b/data/conf/rspamd/lua/rspamd.local.lua index 4b02bf57..7e254d3b 100644 --- a/data/conf/rspamd/lua/rspamd.local.lua +++ b/data/conf/rspamd/lua/rspamd.local.lua @@ -48,7 +48,7 @@ rspamd_config.ADD_DELIMITER_TAG = { }) end else - rspamd_logger.infox("Add X-Move-Tag header") + rspamd_logger.infox("Add X-Moo-Tag header") task:set_rmilter_reply({ add_headers = {['X-Moo-Tag'] = 'YES'} }) From 621235d8da11aaf784a1321d849a940e380e8219 Mon Sep 17 00:00:00 2001 From: andryyy Date: Mon, 9 Jan 2017 12:37:39 +0100 Subject: [PATCH 22/29] Lowercase tag name "eXaMpLe" to "example" if folder "eXaMpLe" does not exist, else move to folder "eXaMpLe" --- data/conf/dovecot/sieve_after | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/data/conf/dovecot/sieve_after b/data/conf/dovecot/sieve_after index d668a94c..0b43dbcf 100644 --- a/data/conf/dovecot/sieve_after +++ b/data/conf/dovecot/sieve_after @@ -7,6 +7,18 @@ require "envelope"; if header :contains "X-Spam-Flag" "YES" { fileinto "Junk"; } -if allof (envelope :detail :matches "to" "*", header :contains "X-Moo-Tag" "YES") { - fileinto :create "INBOX/${1}"; + +if allof ( + envelope :detail :matches "to" "*", + header :contains "X-Moo-Tag" "YES", + mailboxexists "INBOX/${s}" + ) { + fileinto "INBOX/${s}"; +} +elsif allof ( + envelope :detail :matches "to" "*", + header :contains "X-Moo-Tag" "YES" + ) { + set :lower "s" "${1}"; + fileinto :create "INBOX/${s}"; } From 86a8dc195e06d0faab9ac354a2a4ac9a5d96056b Mon Sep 17 00:00:00 2001 From: andryyy Date: Mon, 9 Jan 2017 20:22:44 +0100 Subject: [PATCH 23/29] Change ciphers --- data/conf/dovecot/dovecot.conf | 4 +++- data/conf/nginx/site.conf | 4 ++-- data/conf/postfix/main.cf | 10 +++++++--- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf index e6dc6f70..9b299847 100644 --- a/data/conf/dovecot/dovecot.conf +++ b/data/conf/dovecot/dovecot.conf @@ -13,7 +13,9 @@ mail_location = maildir:~/ mail_plugins = quota acl zlib antispam auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ ssl_protocols = !SSLv3 !SSLv2 -ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA +ssl_prefer_server_ciphers = yes +ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA +ssl_options = no_compression # Automatically regenerates every week ssl_dh_parameters_length = 2048 log_timestamp = "%Y-%m-%d %H:%M:%S " diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf index ffc3f607..d754eae1 100644 --- a/data/conf/nginx/site.conf +++ b/data/conf/nginx/site.conf @@ -5,9 +5,9 @@ server { ssl_certificate_key /etc/ssl/mail/key.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; - ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; + ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA'; + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; ssl_ecdh_curve secp384r1; - add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; index index.php index.html; server_name _ autodiscover.* autoconfig.*; error_log /var/log/nginx/error.log; diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf index 6912d6b4..4f365677 100644 --- a/data/conf/postfix/main.cf +++ b/data/conf/postfix/main.cf @@ -69,12 +69,16 @@ smtpd_tls_dh1024_param_file = /etc/ssl/mail/dhparams.pem smtpd_tls_eecdh_grade = strong smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL smtpd_tls_loglevel = 1 -smtpd_tls_mandatory_ciphers = high -smtpd_tls_mandatory_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL +smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 +smtp_tls_protocols = !SSLv2, !SSLv3 +lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3 +lmtp_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2, !SSLv3 +smtpd_tls_mandatory_ciphers = high smtpd_tls_security_level = may -tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA +tls_ssl_options = NO_COMPRESSION +tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA virtual_alias_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_spamalias_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_domain_catchall_maps.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /var/vmail/ From c01a8571472bb102e8cb7be8cd97ebc24b458ed9 Mon Sep 17 00:00:00 2001 From: andryyy Date: Sun, 15 Jan 2017 17:43:12 +0100 Subject: [PATCH 24/29] Ignore nginx active listener --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 5c459500..23f9e430 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ data/conf/sogo/sieve.creds data/conf/dovecot/dovecot-master.passwd mailcow.conf mailcow.conf_backup +data/conf/nginx/listen.active From 5fa794174c2733b1b15d138a753ae2a916b6630d Mon Sep 17 00:00:00 2001 From: andryyy Date: Sun, 15 Jan 2017 17:43:34 +0100 Subject: [PATCH 25/29] Fix EAS in SOGo --- data/conf/nginx/site.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf index d754eae1..0ea01dfe 100644 --- a/data/conf/nginx/site.conf +++ b/data/conf/nginx/site.conf @@ -57,7 +57,7 @@ server { } location ^~ /Microsoft-Server-ActiveSync { - proxy_pass http://sogo/SOGo/Microsoft-Server-ActiveSync; + proxy_pass http://sogo:20000/SOGo/Microsoft-Server-ActiveSync; proxy_connect_timeout 1000; proxy_next_upstream timeout error; proxy_send_timeout 1000; From e683faac1b367d18b294cbe156c5bc6b75f6ff38 Mon Sep 17 00:00:00 2001 From: andryyy Date: Sun, 22 Jan 2017 16:42:14 +0100 Subject: [PATCH 26/29] Add libsasl2-modules --- data/Dockerfiles/postfix/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/data/Dockerfiles/postfix/Dockerfile b/data/Dockerfiles/postfix/Dockerfile index bc6015d7..a3781bd4 100644 --- a/data/Dockerfiles/postfix/Dockerfile +++ b/data/Dockerfiles/postfix/Dockerfile @@ -13,6 +13,7 @@ RUN apt-get update RUN apt-get install -y --no-install-recommends supervisor \ postfix \ sasl2-bin \ + libsasl2-modules \ postfix \ postfix-mysql \ postfix-pcre \ From 7959abfcdce3b28d386ce7b44d847ef023bd68fc Mon Sep 17 00:00:00 2001 From: andryyy Date: Mon, 23 Jan 2017 08:24:22 +0100 Subject: [PATCH 27/29] Add mydestination to prevent hostname == domain situations --- data/conf/postfix/main.cf | 1 + 1 file changed, 1 insertion(+) diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf index 4f365677..d064e2d0 100644 --- a/data/conf/postfix/main.cf +++ b/data/conf/postfix/main.cf @@ -90,3 +90,4 @@ virtual_uid_maps = static:5000 smtpd_milters = inet:rmilter:9900 non_smtpd_milters = inet:rmilter:9900 milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} +mydestination = localhost.localdomain, localhost From a62fdd4ee50a56eab2b3ba4c7f660390c938977b Mon Sep 17 00:00:00 2001 From: Tudor Georgescu Date: Mon, 23 Jan 2017 15:27:42 +0000 Subject: [PATCH 28/29] Don't ask for mailcow hostname and time zone if already exported within the shell --- generate_config.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/generate_config.sh b/generate_config.sh index cb1a516e..5ae9495d 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -12,8 +12,13 @@ if [[ -f mailcow.conf ]]; then esac fi -read -p "Hostname (FQDN): " -ei "mx.example.org" MAILCOW_HOSTNAME -read -p "Timezone: " -ei "Europe/Berlin" TZ +if [ -z "$MAILCOW_HOSTNAME" ]; then + read -p "Hostname (FQDN): " -ei "mx.example.org" MAILCOW_HOSTNAME +fi + +if [ -z "$TZ" ]; then + read -p "Timezone: " -ei "Europe/Berlin" TZ +fi cat << EOF > mailcow.conf # ------------------------------ From 89565d8ac1194c6abbe67ff09f47c4dca0130f0a Mon Sep 17 00:00:00 2001 From: Lars Gleim Date: Mon, 23 Jan 2017 21:21:36 +0100 Subject: [PATCH 29/29] Update main.cf --- data/conf/postfix/main.cf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf index d064e2d0..1a96eff2 100644 --- a/data/conf/postfix/main.cf +++ b/data/conf/postfix/main.cf @@ -56,7 +56,7 @@ smtpd_error_sleep_time = 10s smtpd_hard_error_limit = ${stress?1}${stress:5} smtpd_helo_required = yes smtpd_proxy_timeout = 600s -smtpd_recipient_restrictions = check_recipient_access proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf, permit_sasl_authenticated, permit_mynetworks, reject_invalid_helo_hostname, reject_unknown_reverse_client_hostname, reject_unauth_destination +smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_recipient_access proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf, reject_invalid_helo_hostname, reject_unknown_reverse_client_hostname, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = inet:dovecot:10001