7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'dev' into master

Browse Source
This commit is contained in:
André Peters
2018-02-28 15:38:56 +01:00
committed by GitHub
parent b6137cca2a 5106eea86f
commit b175125d02
93 changed files with 2693 additions and 2140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
data/Dockerfiles/clamd/bootstrap.sh
View File

@@ -7,6 +7,7 @@ if [[ "${SKIP_CLAMD}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
fi
# Create log pipes
mkdir /var/log/clamav
touch /var/log/clamav/clamd.log /var/log/clamav/freshclam.log
mkfifo -m 600 /tmp/logpipe_clamd
mkfifo -m 600 /tmp/logpipe_freshclam

2
data/Dockerfiles/dockerapi/Dockerfile
View File

@@ -2,7 +2,7 @@ FROM python:2-alpine
LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
RUN apk add -U --no-cache iptables ip6tables
RUN pip install docker flask flask-restful
RUN pip install docker==3.0.1 flask flask-restful
COPY server.py /
CMD ["python2", "-u", "/server.py"]

47
data/Dockerfiles/dockerapi/server.py
View File

@@ -22,7 +22,7 @@ class containers_get(Resource):
containers.update({container.attrs['Id']: container.attrs})
return containers
except Exception as e:
return jsonify(type='danger', msg=e)
return jsonify(type='danger', msg=str(e))
class container_get(Resource):
def get(self, container_id):
@@ -31,7 +31,7 @@ class container_get(Resource):
for container in docker_client.containers.list(all=True, filters={"id": container_id}):
return container.attrs
except Exception as e:
return jsonify(type='danger', msg=e)
return jsonify(type='danger', msg=str(e))
else:
return jsonify(type='danger', msg='no or invalid id defined')
@@ -44,7 +44,7 @@ class container_post(Resource):
container.stop()
return jsonify(type='success', msg='command completed successfully')
except Exception as e:
return jsonify(type='danger', msg=e)
return jsonify(type='danger', msg=str(e))
elif post_action == 'start':
try:
@@ -52,7 +52,7 @@ class container_post(Resource):
container.start()
return jsonify(type='success', msg='command completed successfully')
except Exception as e:
return jsonify(type='danger', msg=e)
return jsonify(type='danger', msg=str(e))
elif post_action == 'restart':
try:
@@ -60,36 +60,53 @@ class container_post(Resource):
container.restart()
return jsonify(type='success', msg='command completed successfully')
except Exception as e:
return jsonify(type='danger', msg=e)
return jsonify(type='danger', msg=str(e))
elif post_action == 'exec':
if not request.json or not 'cmd' in request.json:
return jsonify(type='danger', msg='cmd is missing')
if request.json['cmd'] == 'sieve_list' and request.json['username']:
if request.json['cmd'] == 'df' and request.json['dir']:
try:
for container in docker_client.containers.list(filters={"id": container_id}):
return container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm sieve list -u '" + request.json['username'].replace("'", "'\\''") + "'"], user='vmail')
# Should be changed to be able to validate a path
directory = re.sub('[^0-9a-zA-Z/]+', '', request.json['dir'])
df_return = container.exec_run(["/bin/bash", "-c", "/bin/df -H " + directory + " | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
if df_return.exit_code == 0:
return df_return.output.rstrip()
else:
return "0,0,0,0,0,0"
except Exception as e:
return jsonify(type='danger', msg=e)
return jsonify(type='danger', msg=str(e))
elif request.json['cmd'] == 'sieve_list' and request.json['username']:
try:
for container in docker_client.containers.list(filters={"id": container_id}):
sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm sieve list -u '" + request.json['username'].replace("'", "'\\''") + "'"], user='vmail')
return sieve_return.output
except Exception as e:
return jsonify(type='danger', msg=str(e))
elif request.json['cmd'] == 'sieve_print' and request.json['script_name'] and request.json['username']:
try:
for container in docker_client.containers.list(filters={"id": container_id}):
return container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm sieve get -u '" + request.json['username'].replace("'", "'\\''") + "' '" + request.json['script_name'].replace("'", "'\\''") + "'"], user='vmail')
except Exception as e:
return jsonify(type='danger', msg=e)
return jsonify(type='danger', msg=str(e))
elif request.json['cmd'] == 'worker_password' and request.json['raw']:
try:
for container in docker_client.containers.list(filters={"id": container_id}):
hash = container.exec_run(["/bin/bash", "-c", "/usr/bin/rspamadm pw -e -p '" + request.json['raw'].replace("'", "'\\''") + "' 2> /dev/null"], user='_rspamd')
f = open("/access.inc", "w")
f.write('enable_password = "' + re.sub('[^0-9a-zA-Z\$]+', '', hash.rstrip()) + '";\n')
f.close()
container.restart()
return jsonify(type='success', msg='command completed successfully')
if hash.exit_code == 0:
hash = str(hash.output)
f = open("/access.inc", "w")
f.write('enable_password = "' + re.sub('[^0-9a-zA-Z\$]+', '', hash.rstrip()) + '";\n')
f.close()
container.restart()
return jsonify(type='success', msg='command completed successfully')
else:
return jsonify(type='danger', msg='command did not complete, exit code was ' + int(hash.exit_code))
except Exception as e:
return jsonify(type='danger', msg=e)
return jsonify(type='danger', msg=str(e))
else:
return jsonify(type='danger', msg='Unknown command')

2
data/Dockerfiles/dovecot/docker-entrypoint.sh
View File

@@ -82,7 +82,7 @@ cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-passdb.conf
driver = mysql
connect = "host=mysql dbname=${DBNAME} user=${DBUSER} password=${DBPASS}"
default_pass_scheme = SSHA256
password_query = SELECT password FROM mailbox WHERE username = '%u' AND domain IN (SELECT domain FROM domain WHERE domain='%d' AND active='1')
password_query = SELECT password FROM mailbox WHERE username = '%u' AND domain IN (SELECT domain FROM domain WHERE domain='%d' AND active='1') AND JSON_EXTRACT(attributes, "$.force_pw_update") NOT LIKE '%1%'
user_query = SELECT CONCAT('maildir:/var/vmail/',maildir) AS mail, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'
iterate_query = SELECT username FROM mailbox WHERE active='1';
EOF

2
data/Dockerfiles/dovecot/rspamd-pipe-ham
View File

@@ -1,4 +1,4 @@
#!/bin/bash
/usr/bin/curl -s --data-binary @- http://rspamd:11334/learnham < /dev/stdin
/usr/bin/curl -s --data-binary @- --unix-socket /rspamd-sock/rspamd.sock http://rspamd/learnham < /dev/stdin
# Always return 0 to satisfy Dovecot...
exit 0

2
data/Dockerfiles/dovecot/rspamd-pipe-spam
View File

@@ -1,4 +1,4 @@
#!/bin/bash
/usr/bin/curl -s --data-binary @- http://rspamd:11334/learnspam < /dev/stdin
/usr/bin/curl -s --data-binary @- --unix-socket /rspamd-sock/rspamd.sock http://rspamd/learnspam < /dev/stdin
# Always return 0 to satisfy Dovecot...
exit 0

8
data/Dockerfiles/fail2ban/Dockerfile
View File

@@ -1,8 +0,0 @@
FROM python:2-alpine
LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
RUN apk add -U --no-cache iptables ip6tables
RUN pip install redis ipaddress
COPY logwatch.py /
CMD ["python2", "-u", "/logwatch.py"]

192
data/Dockerfiles/fail2ban/logwatch.py
View File

@@ -1,192 +0,0 @@
#!/usr/bin/env python2
import re
import os
import time
import atexit
import signal
import ipaddress
import subprocess
from threading import Thread
import redis
import time
import json
yes_regex = re.compile(r'([yY][eE][sS]|[yY])+$')
if re.search(yes_regex, os.getenv('SKIP_FAIL2BAN', 0)):
print 'SKIP_FAIL2BAN=y, Skipping Fail2ban container...'
time.sleep(31536000)
raise SystemExit
r = redis.StrictRedis(host=os.getenv('IPV4_NETWORK', '172.22.1') + '.249', decode_responses=True, port=6379, db=0)
pubsub = r.pubsub()
RULES = {}
RULES[1] = 'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed'
RULES[2] = '-login: Disconnected \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),'
RULES[3] = '-login: Aborted login \(no auth .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
RULES[4] = '-login: Aborted login \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
RULES[5] = 'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
RULES[6] = 'mailcow UI: Invalid password for .+ by ([0-9a-f\.:]+)'
r.setnx('F2B_BAN_TIME', '1800')
r.setnx('F2B_MAX_ATTEMPTS', '10')
r.setnx('F2B_RETRY_WINDOW', '600')
r.setnx('F2B_NETBAN_IPV6', '64')
r.setnx('F2B_NETBAN_IPV4', '24')
bans = {}
log = {}
quit_now = False
def ban(address):
BAN_TIME = int(r.get('F2B_BAN_TIME'))
MAX_ATTEMPTS = int(r.get('F2B_MAX_ATTEMPTS'))
RETRY_WINDOW = int(r.get('F2B_RETRY_WINDOW'))
WHITELIST = r.hgetall('F2B_WHITELIST')
NETBAN_IPV6 = '/' + str(r.get('F2B_NETBAN_IPV6'))
NETBAN_IPV4 = '/' + str(r.get('F2B_NETBAN_IPV4'))
ip = ipaddress.ip_address(address.decode('ascii'))
if type(ip) is ipaddress.IPv6Address and ip.ipv4_mapped:
ip = ip.ipv4_mapped
address = str(ip)
if ip.is_private or ip.is_loopback:
return
self_network = ipaddress.ip_network(address.decode('ascii'))
if WHITELIST:
for wl_key in WHITELIST:
wl_net = ipaddress.ip_network(wl_key.decode('ascii'), False)
if wl_net.overlaps(self_network):
log['time'] = int(round(time.time()))
log['priority'] = 'info'
log['message'] = 'Address %s is whitelisted by rule %s' % (self_network, wl_net)
r.lpush('F2B_LOG', json.dumps(log, ensure_ascii=False))
print 'Address %s is whitelisted by rule %s' % (self_network, wl_net)
return
net = ipaddress.ip_network((address + (NETBAN_IPV4 if type(ip) is ipaddress.IPv4Address else NETBAN_IPV6)).decode('ascii'), strict=False)
net = str(net)
if not net in bans or time.time() - bans[net]['last_attempt'] > RETRY_WINDOW:
bans[net] = { 'attempts': 0 }
active_window = RETRY_WINDOW
else:
active_window = time.time() - bans[net]['last_attempt']
bans[net]['attempts'] += 1
bans[net]['last_attempt'] = time.time()
active_window = time.time() - bans[net]['last_attempt']
if bans[net]['attempts'] >= MAX_ATTEMPTS:
log['time'] = int(round(time.time()))
log['priority'] = 'crit'
log['message'] = 'Banning %s' % net
r.lpush('F2B_LOG', json.dumps(log, ensure_ascii=False))
print 'Banning %s for %d minutes' % (net, BAN_TIME / 60)
if type(ip) is ipaddress.IPv4Address:
subprocess.call(['iptables', '-I', 'INPUT', '-s', net, '-j', 'REJECT'])
subprocess.call(['iptables', '-I', 'FORWARD', '-s', net, '-j', 'REJECT'])
else:
subprocess.call(['ip6tables', '-I', 'INPUT', '-s', net, '-j', 'REJECT'])
subprocess.call(['ip6tables', '-I', 'FORWARD', '-s', net, '-j', 'REJECT'])
r.hset('F2B_ACTIVE_BANS', '%s' % net, log['time'] + BAN_TIME)
else:
log['time'] = int(round(time.time()))
log['priority'] = 'warn'
log['message'] = '%d more attempts in the next %d seconds until %s is banned' % (MAX_ATTEMPTS - bans[net]['attempts'], RETRY_WINDOW, net)
r.lpush('F2B_LOG', json.dumps(log, ensure_ascii=False))
print '%d more attempts in the next %d seconds until %s is banned' % (MAX_ATTEMPTS - bans[net]['attempts'], RETRY_WINDOW, net)
def unban(net):
log['time'] = int(round(time.time()))
log['priority'] = 'info'
r.lpush('F2B_LOG', json.dumps(log, ensure_ascii=False))
if not net in bans:
log['message'] = '%s is not banned, skipping unban and deleting from queue (if any)' % net
r.lpush('F2B_LOG', json.dumps(log, ensure_ascii=False))
print '%s is not banned, skipping unban and deleting from queue (if any)' % net
r.hdel('F2B_QUEUE_UNBAN', '%s' % net)
return
log['message'] = 'Unbanning %s' % net
r.lpush('F2B_LOG', json.dumps(log, ensure_ascii=False))
print 'Unbanning %s' % net
if type(ipaddress.ip_network(net.decode('ascii'))) is ipaddress.IPv4Network:
subprocess.call(['iptables', '-D', 'INPUT', '-s', net, '-j', 'REJECT'])
subprocess.call(['iptables', '-D', 'FORWARD', '-s', net, '-j', 'REJECT'])
else:
subprocess.call(['ip6tables', '-D', 'INPUT', '-s', net, '-j', 'REJECT'])
subprocess.call(['ip6tables', '-D', 'FORWARD', '-s', net, '-j', 'REJECT'])
r.hdel('F2B_ACTIVE_BANS', '%s' % net)
r.hdel('F2B_QUEUE_UNBAN', '%s' % net)
del bans[net]
def quit(signum, frame):
global quit_now
quit_now = True
def clear():
log['time'] = int(round(time.time()))
log['priority'] = 'info'
log['message'] = 'Clearing all bans'
r.lpush('F2B_LOG', json.dumps(log, ensure_ascii=False))
print 'Clearing all bans'
for net in bans.copy():
unban(net)
pubsub.unsubscribe()
def watch():
log['time'] = int(round(time.time()))
log['priority'] = 'info'
log['message'] = 'Watching Redis channel F2B_CHANNEL'
r.lpush('F2B_LOG', json.dumps(log, ensure_ascii=False))
pubsub.subscribe('F2B_CHANNEL')
print 'Subscribing to Redis channel F2B_CHANNEL'
while True:
for item in pubsub.listen():
for rule_id, rule_regex in RULES.iteritems():
if item['data'] and item['type'] == 'message':
result = re.search(rule_regex, item['data'])
if result:
addr = result.group(1)
ip = ipaddress.ip_address(addr.decode('ascii'))
if ip.is_private or ip.is_loopback:
continue
print '%s matched rule id %d' % (addr, rule_id)
log['time'] = int(round(time.time()))
log['priority'] = 'warn'
log['message'] = '%s matched rule id %d' % (addr, rule_id)
r.lpush('F2B_LOG', json.dumps(log, ensure_ascii=False))
ban(addr)
def autopurge():
while not quit_now:
BAN_TIME = int(r.get('F2B_BAN_TIME'))
MAX_ATTEMPTS = int(r.get('F2B_MAX_ATTEMPTS'))
QUEUE_UNBAN = r.hgetall('F2B_QUEUE_UNBAN')
if QUEUE_UNBAN:
for net in QUEUE_UNBAN:
unban(str(net))
for net in bans.copy():
if bans[net]['attempts'] >= MAX_ATTEMPTS:
if time.time() - bans[net]['last_attempt'] > BAN_TIME:
unban(net)
time.sleep(10)
if __name__ == '__main__':
watch_thread = Thread(target=watch)
watch_thread.daemon = True
watch_thread.start()
autopurge_thread = Thread(target=autopurge)
autopurge_thread.daemon = True
autopurge_thread.start()
signal.signal(signal.SIGTERM, quit)
atexit.register(clear)
while not quit_now:
time.sleep(0.5)

0
data/Dockerfiles/memcached/.empty
View File

0
data/Dockerfiles/mysql/.empty
View File

9
data/Dockerfiles/netfilter/Dockerfile Normal file
View File

@@ -0,0 +1,9 @@
FROM alpine:3.7
LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
RUN apk add -U python2 python-dev py-pip gcc musl-dev iptables ip6tables \
&& pip2 install --upgrade python-iptables redis ipaddress \
&& apk del python-dev py2-pip gcc
COPY server.py /
CMD ["python2", "-u", "/server.py"]

275
data/Dockerfiles/netfilter/server.py Normal file
View File

@@ -0,0 +1,275 @@
#!/usr/bin/env python2
import re
import os
import time
import atexit
import signal
import ipaddress
import subprocess
from threading import Thread
import redis
import time
import json
import iptc
r = redis.StrictRedis(host=os.getenv('IPV4_NETWORK', '172.22.1') + '.249', decode_responses=True, port=6379, db=0)
pubsub = r.pubsub()
RULES = {}
RULES[1] = 'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed'
RULES[2] = '-login: Disconnected \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),'
RULES[3] = '-login: Aborted login \(no auth .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
RULES[4] = '-login: Aborted login \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
RULES[5] = 'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
RULES[6] = 'mailcow UI: Invalid password for .+ by ([0-9a-f\.:]+)'
if not r.get('F2B_OPTIONS'):
f2boptions = {}
f2boptions['ban_time'] = int
f2boptions['max_attempts'] = int
f2boptions['retry_window'] = int
f2boptions['netban_ipv4'] = int
f2boptions['netban_ipv6'] = int
f2boptions['ban_time'] = r.get('F2B_BAN_TIME') or 1800
f2boptions['max_attempts'] = r.get('F2B_MAX_ATTEMPTS') or 10
f2boptions['retry_window'] = r.get('F2B_RETRY_WINDOW') or 600
f2boptions['netban_ipv4'] = r.get('F2B_NETBAN_IPV4') or 24
f2boptions['netban_ipv6'] = r.get('F2B_NETBAN_IPV6') or 64
r.set('F2B_OPTIONS', json.dumps(f2boptions, ensure_ascii=False))
else:
try:
f2boptions = {}
f2boptions = json.loads(r.get('F2B_OPTIONS'))
except ValueError, e:
print 'Error loading F2B options: F2B_OPTIONS is not json'
raise SystemExit(1)
if r.exists('F2B_LOG'):
r.rename('F2B_LOG', 'NETFILTER_LOG')
bans = {}
log = {}
quit_now = False
def ban(address):
BAN_TIME = int(f2boptions['ban_time'])
MAX_ATTEMPTS = int(f2boptions['max_attempts'])
RETRY_WINDOW = int(f2boptions['retry_window'])
NETBAN_IPV4 = '/' + str(f2boptions['netban_ipv4'])
NETBAN_IPV6 = '/' + str(f2boptions['netban_ipv6'])
WHITELIST = r.hgetall('F2B_WHITELIST')
ip = ipaddress.ip_address(address.decode('ascii'))
if type(ip) is ipaddress.IPv6Address and ip.ipv4_mapped:
ip = ip.ipv4_mapped
address = str(ip)
if ip.is_private or ip.is_loopback:
return
self_network = ipaddress.ip_network(address.decode('ascii'))
if WHITELIST:
for wl_key in WHITELIST:
wl_net = ipaddress.ip_network(wl_key.decode('ascii'), False)
if wl_net.overlaps(self_network):
log['time'] = int(round(time.time()))
log['priority'] = 'info'
log['message'] = 'Address %s is whitelisted by rule %s' % (self_network, wl_net)
r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
print 'Address %s is whitelisted by rule %s' % (self_network, wl_net)
return
net = ipaddress.ip_network((address + (NETBAN_IPV4 if type(ip) is ipaddress.IPv4Address else NETBAN_IPV6)).decode('ascii'), strict=False)
net = str(net)
if not net in bans or time.time() - bans[net]['last_attempt'] > RETRY_WINDOW:
bans[net] = { 'attempts': 0 }
active_window = RETRY_WINDOW
else:
active_window = time.time() - bans[net]['last_attempt']
bans[net]['attempts'] += 1
bans[net]['last_attempt'] = time.time()
active_window = time.time() - bans[net]['last_attempt']
if bans[net]['attempts'] >= MAX_ATTEMPTS:
log['time'] = int(round(time.time()))
log['priority'] = 'crit'
log['message'] = 'Banning %s' % net
r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
print 'Banning %s for %d minutes' % (net, BAN_TIME / 60)
if type(ip) is ipaddress.IPv4Address:
for c in ['INPUT', 'FORWARD']:
chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), c)
rule = iptc.Rule()
rule.src = net
target = iptc.Target(rule, "REJECT")
rule.target = target
if rule not in chain.rules:
chain.insert_rule(rule)
else:
for c in ['INPUT', 'FORWARD']:
chain = iptc.Chain(iptc.Table6(iptc.Table6.FILTER), c)
rule = iptc.Rule6()
rule.src = net
target = iptc.Target(rule, "REJECT")
rule.target = target
if rule not in chain.rules:
chain.insert_rule(rule)
r.hset('F2B_ACTIVE_BANS', '%s' % net, log['time'] + BAN_TIME)
else:
log['time'] = int(round(time.time()))
log['priority'] = 'warn'
log['message'] = '%d more attempts in the next %d seconds until %s is banned' % (MAX_ATTEMPTS - bans[net]['attempts'], RETRY_WINDOW, net)
r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
print '%d more attempts in the next %d seconds until %s is banned' % (MAX_ATTEMPTS - bans[net]['attempts'], RETRY_WINDOW, net)
def unban(net):
log['time'] = int(round(time.time()))
log['priority'] = 'info'
r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
#if not net in bans:
# log['message'] = '%s is not banned, skipping unban and deleting from queue (if any)' % net
# r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
# print '%s is not banned, skipping unban and deleting from queue (if any)' % net
# r.hdel('F2B_QUEUE_UNBAN', '%s' % net)
# return
log['message'] = 'Unbanning %s' % net
r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
print 'Unbanning %s' % net
if type(ipaddress.ip_network(net.decode('ascii'))) is ipaddress.IPv4Network:
for c in ['INPUT', 'FORWARD']:
chain = iptc.Chain(iptc.Table(iptc.Table.FILTER), c)
rule = iptc.Rule()
rule.src = net
target = iptc.Target(rule, "REJECT")
rule.target = target
if rule in chain.rules:
chain.delete_rule(rule)
else:
for c in ['INPUT', 'FORWARD']:
chain = iptc.Chain(iptc.Table6(iptc.Table6.FILTER), c)
rule = iptc.Rule6()
rule.src = net
target = iptc.Target(rule, "REJECT")
rule.target = target
if rule in chain.rules:
chain.delete_rule(rule)
r.hdel('F2B_ACTIVE_BANS', '%s' % net)
r.hdel('F2B_QUEUE_UNBAN', '%s' % net)
if net in bans:
del bans[net]
def quit(signum, frame):
global quit_now
quit_now = True
def clear():
log['time'] = int(round(time.time()))
log['priority'] = 'info'
log['message'] = 'Clearing all bans'
r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
print 'Clearing all bans'
for net in bans.copy():
unban(net)
pubsub.unsubscribe()
def watch():
log['time'] = int(round(time.time()))
log['priority'] = 'info'
log['message'] = 'Watching Redis channel F2B_CHANNEL'
r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
pubsub.subscribe('F2B_CHANNEL')
print 'Subscribing to Redis channel F2B_CHANNEL'
while True:
for item in pubsub.listen():
for rule_id, rule_regex in RULES.iteritems():
if item['data'] and item['type'] == 'message':
result = re.search(rule_regex, item['data'])
if result:
addr = result.group(1)
ip = ipaddress.ip_address(addr.decode('ascii'))
if ip.is_private or ip.is_loopback:
continue
print '%s matched rule id %d' % (addr, rule_id)
log['time'] = int(round(time.time()))
log['priority'] = 'warn'
log['message'] = '%s matched rule id %d' % (addr, rule_id)
r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
ban(addr)
def snat(snat_target):
def get_snat_rule():
rule = iptc.Rule()
rule.position = 1
rule.src = os.getenv('IPV4_NETWORK', '172.22.1') + '.0/24'
rule.dst = '!' + rule.src
target = rule.create_target("SNAT")
target.to_source = snat_target
return rule
while True:
table = iptc.Table('nat')
table.autocommit = False
chain = iptc.Chain(table, 'POSTROUTING')
if get_snat_rule() not in chain.rules:
log['time'] = int(round(time.time()))
log['priority'] = 'info'
log['message'] = 'Added POSTROUTING rule for source network ' + get_snat_rule().src + ' to SNAT target ' + snat_target
r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
print log['message']
chain.insert_rule(get_snat_rule())
table.commit()
table.refresh()
time.sleep(10)
def autopurge():
while not quit_now:
BAN_TIME = f2boptions['ban_time']
MAX_ATTEMPTS = f2boptions['max_attempts']
QUEUE_UNBAN = r.hgetall('F2B_QUEUE_UNBAN')
if QUEUE_UNBAN:
for net in QUEUE_UNBAN:
unban(str(net))
for net in bans.copy():
if bans[net]['attempts'] >= MAX_ATTEMPTS:
if time.time() - bans[net]['last_attempt'] > BAN_TIME:
unban(net)
time.sleep(10)
def cleanPrevious():
print "Cleaning previously cached bans"
F2B_ACTIVE_BANS = r.hgetall('F2B_ACTIVE_BANS')
if F2B_ACTIVE_BANS:
for net in F2B_ACTIVE_BANS:
unban(str(net))
if __name__ == '__main__':
cleanPrevious()
watch_thread = Thread(target=watch)
watch_thread.daemon = True
watch_thread.start()
if os.getenv('SNAT_TO_SOURCE') and os.getenv('SNAT_TO_SOURCE') is not 'n':
try:
snat_ip = os.getenv('SNAT_TO_SOURCE').decode('ascii')
snat_ipo = ipaddress.ip_address(snat_ip)
if type(snat_ipo) is ipaddress.IPv4Address:
snat_thread = Thread(target=snat,args=(snat_ip,))
snat_thread.daemon = True
snat_thread.start()
except ValueError:
print os.getenv('SNAT_TO_SOURCE') + ' is not a valid IPv4 address'
autopurge_thread = Thread(target=autopurge)
autopurge_thread.daemon = True
autopurge_thread.start()
signal.signal(signal.SIGTERM, quit)
atexit.register(clear)
while not quit_now:
time.sleep(0.5)

0
data/Dockerfiles/nginx/.empty
View File

31
data/Dockerfiles/phpfpm/Dockerfile
View File

@@ -33,6 +33,12 @@ RUN apk add -U --no-cache libxml2-dev \
imagemagick-dev \
imagemagick \
libtool \
freetype \
libpng \
libjpeg-turbo \
freetype-dev \
libpng-dev \
libjpeg-turbo-dev\
gettext-dev \
openldap-dev \
librsvg \
@@ -46,10 +52,33 @@ RUN apk add -U --no-cache libxml2-dev \
&& docker-php-ext-enable redis apcu memcached imagick mailparse \
&& pecl clear-cache \
&& docker-php-ext-configure intl \
&& docker-php-ext-configure gd \
--with-gd \
--enable-gd-native-ttf \
--with-freetype-dir=/usr/include/ \
--with-png-dir=/usr/include/ \
--with-jpeg-dir=/usr/include/ \
&& docker-php-ext-install -j 4 intl gettext ldap sockets soap pdo pdo_mysql xmlrpc gd zip pcntl opcache \
&& docker-php-ext-configure imap --with-imap --with-imap-ssl \
&& docker-php-ext-install -j 4 imap \
&& apk del --purge autoconf g++ make libxml2-dev icu-dev imap-dev openssl-dev cyrus-sasl-dev pcre-dev libpng-dev libpng-dev libjpeg-turbo-dev libwebp-dev zlib-dev imagemagick-dev
&& apk del --purge autoconf \
g++ \
make \
libxml2-dev \
icu-dev \
imap-dev \
openssl-dev \
cyrus-sasl-dev \
pcre-dev \
libpng-dev \
libpng-dev \
libjpeg-turbo-dev \
libwebp-dev \
zlib-dev \
imagemagick-dev \
freetype-dev \
libpng-dev \
libjpeg-turbo-dev
COPY ./docker-entrypoint.sh /

54
data/Dockerfiles/phpfpm/docker-entrypoint.sh
View File

@@ -15,7 +15,6 @@ until [ $(redis-cli -h redis-mailcow PING) == "PONG" ]; do
done
# Migrate domain map
declare -a DOMAIN_ARR
redis-cli -h redis-mailcow DEL DOMAIN_MAP
while read line
@@ -34,57 +33,4 @@ for domain in "${DOMAIN_ARR[@]}"; do
done
fi
# Migrate tag settings map
declare -a SUBJ_TAG_ARR
redis-cli -h redis-mailcow DEL SUBJ_TAG_ARR
while read line
do
SUBJ_TAG_ARR+=("$line")
done < <(mysql -h mysql-mailcow -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT username FROM mailbox WHERE wants_tagged_subject='1'" -Bs)
if [[ ! -z ${SUBJ_TAG_ARR} ]]; then
for user in "${SUBJ_TAG_ARR[@]}"; do
redis-cli -h redis-mailcow HSET RCPT_WANTS_SUBJECT_TAG ${user} 1
mysql -h mysql-mailcow -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "UPDATE mailbox SET wants_tagged_subject='2' WHERE username = '${user}'"
done
fi
# Migrate DKIM keys
for file in $(ls /data/dkim/keys/); do
domain=${file%.dkim}
if [[ -f /data/dkim/txt/${file} ]]; then
redis-cli -h redis-mailcow HSET DKIM_PUB_KEYS "${domain}" "$(cat /data/dkim/txt/${file})"
redis-cli -h redis-mailcow HSET DKIM_PRIV_KEYS "dkim.${domain}" "$(cat /data/dkim/keys/${file})"
redis-cli -h redis-mailcow HSET DKIM_SELECTORS "${domain}" "dkim"
fi
rm /data/dkim/{keys,txt}/${file}
done
# Fix DKIM keys
# Fetch domains
declare -a DOMAIN_ARRAY
while read line
do
DOMAIN_ARRAY+=("$line")
done < <(mysql -h mysql-mailcow -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT domain FROM domain" -Bs)
while read line
do
DOMAIN_ARRAY+=("$line")
done < <(mysql -h mysql-mailcow -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT alias_domain FROM alias_domain" -Bs)
# Loop through array and fix keys
if [[ ! -z ${DOMAIN_ARRAY} ]]; then
for domain in "${DOMAIN_ARRAY[@]}"; do
WRONG_KEY=$(redis-cli -h redis-mailcow HGET DKIM_PRIV_KEYS ${domain} | tr -d \")
if [[ ! -z ${WRONG_KEY} ]]; then
echo "Migrating defect key for domain ${domain}"
redis-cli -h redis-mailcow HSET DKIM_PRIV_KEYS "dkim.${domain}" ${WRONG_KEY}
redis-cli -h redis-mailcow HDEL DKIM_PRIV_KEYS "${domain}"
fi
done
fi
exec "$@"

14
data/Dockerfiles/postfix/postfix.sh
View File

@@ -39,7 +39,7 @@ query = SELECT IF(EXISTS(
SELECT CONCAT('%u', '@', target_domain) FROM alias_domain
WHERE alias_domain='%d'
)
) AND mailbox.tls_enforce_in = '1' AND mailbox.active = '1'
) AND json_extract(attributes, '$.tls_enforce_in') LIKE '%%1%%' AND mailbox.active = '1'
), 'reject_plaintext_session', NULL) AS 'tls_enforce_in';
EOF
@@ -58,7 +58,7 @@ query = SELECT GROUP_CONCAT(transport SEPARATOR '') AS transport_maps
WHERE alias_domain = '%d'
)
)
AND mailbox.tls_enforce_out = '1'
AND json_extract(attributes, '$.tls_enforce_out') LIKE '%%1%%'
AND mailbox.active = '1'
), 'smtp_enforced_tls:', 'smtp:') AS 'transport'
UNION ALL
@@ -145,6 +145,16 @@ query = SELECT bcc_dest FROM bcc_maps
AND active='1';
EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_recipient_canonical_maps.cf
user = ${DBUSER}
password = ${DBPASS}
hosts = mysql
dbname = ${DBNAME}
query = SELECT new_dest FROM recipient_maps
WHERE old_dest='%s'
AND active='1';
EOF
cat <<EOF > /opt/postfix/conf/sql/mysql_virtual_domains_maps.cf
user = ${DBUSER}
password = ${DBPASS}

0
data/Dockerfiles/redis/.empty
View File

1
data/Dockerfiles/rspamd/docker-entrypoint.sh
View File

@@ -1,5 +1,6 @@
#!/bin/bash
chown -R _rspamd:_rspamd /var/lib/rspamd
[[ ! -f /etc/rspamd/override.d/worker-controller-password.inc ]] && echo '# Placeholder' > /etc/rspamd/override.d/worker-controller-password.inc
exec /sbin/tini -- "$@"

3
data/Dockerfiles/sogo/Dockerfile
View File

@@ -42,6 +42,9 @@ RUN mkdir /usr/share/doc/sogo \
COPY ./bootstrap-sogo.sh /
COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
COPY supervisord.conf /etc/supervisor/supervisord.conf
COPY theme-blue.js /usr/lib/GNUstep/SOGo/WebServerResources/js/theme-blue.js
COPY theme-green.js /usr/lib/GNUstep/SOGo/WebServerResources/js/theme-green.js
COPY sogo-full.svg /usr/lib/GNUstep/SOGo/WebServerResources/img/sogo-full.svg
CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf

3
data/Dockerfiles/sogo/bootstrap-sogo.sh
View File

@@ -19,14 +19,13 @@ mysql --host mysql -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP VIEW IF EXISTS so
mysql --host mysql -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
CREATE VIEW sogo_view (c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, home, kind, multiple_bookings) AS
SELECT mailbox.username, mailbox.domain, mailbox.username, mailbox.password, mailbox.name, mailbox.username, IFNULL(GROUP_CONCAT(ga.aliases SEPARATOR ' '), ''), IFNULL(gda.ad_alias, ''), CONCAT('/var/vmail/', maildir), mailbox.kind, mailbox.multiple_bookings FROM mailbox
SELECT mailbox.username, mailbox.domain, mailbox.username, if(json_extract(attributes, '$.force_pw_update') LIKE '%0%', password, 'invalid'), mailbox.name, mailbox.username, IFNULL(GROUP_CONCAT(ga.aliases SEPARATOR ' '), ''), IFNULL(gda.ad_alias, ''), CONCAT('/var/vmail/', maildir), mailbox.kind, mailbox.multiple_bookings FROM mailbox
LEFT OUTER JOIN grouped_mail_aliases ga ON ga.username REGEXP CONCAT('(^|,)', mailbox.username, '($|,)')
LEFT OUTER JOIN grouped_domain_alias_address gda ON gda.username = mailbox.username
WHERE mailbox.active = '1'
GROUP BY mailbox.username;
EOF
mkdir -p /var/lib/sogo/GNUstep/Defaults/
# Generate plist header with timezone data

48
data/Dockerfiles/sogo/sogo-full.svg Normal file
View File

@@ -0,0 +1,48 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Generator: Adobe Illustrator 16.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
version="1.1"
id="Layer_1"
x="0px"
y="0px"
width="640px"
height="350px"
viewBox="78.712 58.488 640 350"
style="enable-background:new 78.712 58.488 640 350;"
xml:space="preserve"
inkscape:version="0.91 r13725"
sodipodi:docname="sogo-full.svg"><metadata
id="metadata4143"><rdf:RDF><cc:Work
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /></cc:Work></rdf:RDF></metadata><defs
id="defs4141" /><sodipodi:namedview
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1"
objecttolerance="10"
gridtolerance="10"
guidetolerance="10"
inkscape:pageopacity="0"
inkscape:pageshadow="2"
inkscape:window-width="1721"
inkscape:window-height="1177"
id="namedview4139"
showgrid="false"
inkscape:zoom="1.8359375"
inkscape:cx="320"
inkscape:cy="175"
inkscape:window-x="-8"
inkscape:window-y="-8"
inkscape:window-maximized="1"
inkscape:current-layer="Layer_1" /><path
style="fill:#f1f1f1;fill-opacity:0.96078432"
d="M648.541,145.679c-9.947,0-17.009-7.278-17.009-17.048c0-9.777,7.062-17.057,17.009-17.057 c10.024,0,17.086,7.279,17.086,17.057C665.627,138.401,658.565,145.679,648.541,145.679z M648.511,94.893 c-19.693,0-33.679,14.4-33.679,33.738c0,19.33,13.985,33.729,33.679,33.729c19.822,0,33.808-14.4,33.808-33.729 C682.318,109.293,668.333,94.893,648.511,94.893z M648.482,179.843c-29.889,0-51.123-21.868-51.123-51.212 c0-29.353,21.234-51.209,51.123-51.209c30.082,0,51.307,21.856,51.307,51.209C699.789,157.975,678.564,179.843,648.482,179.843z M648.442,58.488c-40.929,0-69.995,29.946-69.995,70.143c0,40.189,29.066,70.125,69.995,70.125c41.194,0,70.27-29.937,70.27-70.125 C718.712,88.434,689.637,58.488,648.442,58.488z M158.166,183.902l-21.018-5.008c-19.131-4.396-28.849-9.413-28.849-23.21 c0-15.684,15.99-21.965,30.419-21.965c14.667,0,25.382,7.329,31.693,18.737c0.02,0.048,0.051,0.097,0.09,0.157 c0.127,0.247,0.276,0.484,0.403,0.731l0.03-0.02c1.985,3.002,5.323,5.008,8.919,5.008c6.122,0,10.558-4.425,10.558-10.547 c0-2.341-0.504-4.82-1.601-6.688c-10.764-18.302-28.513-26.192-48.838-26.192c-27.594,0-54.262,13.797-54.262,44.218 c0,27.921,27.605,36.079,37.64,38.578l20.069,4.71c15.368,3.763,27.912,8.791,27.912,23.517c0,16.938-17.561,23.943-34.499,23.943 c-17.245,0-30.015-9.37-38.814-22.37h-0.01c-1.956-3-4.988-4.328-8.702-4.328c-5.984,0-10.805,5.185-10.587,11.162 c0.098,2.438,0.909,4.637,2.153,6.405c13.787,20.633,33.728,28.41,55.96,28.41c28.543,0,57.085-13.143,57.085-45.132 C193.918,203.325,178.551,188.613,158.166,183.902z M298.479,250.312c-33.866,0-55.199-25.403-55.199-58.331 c0-32.939,21.333-58.343,55.199-58.343c34.192,0,55.516,25.403,55.516,58.343C353.996,224.91,332.672,250.312,298.479,250.312z M298.479,114.823c-45.471,0-77.777,32.93-77.777,77.158c0,44.217,32.306,77.146,77.777,77.146 c45.786,0,78.093-32.929,78.093-77.146C376.572,147.753,344.266,114.823,298.479,114.823z M518.715,234.312 c-0.771,0.74-1.549,1.472-2.399,2.175c-1.106,1.014-2.391,2.112-3.854,3.208c-8.829,6.391-19.979,10.094-33.017,10.094 c-33.876,0-55.198-25.402-55.198-58.332c0-32.939,21.322-58.342,55.198-58.342c34.183,0,55.506,25.403,55.506,58.342 C534.951,208.653,529.135,223.774,518.715,234.312z M468.097,317.938c2.528,0,5.146-0.168,7.863-0.504 c5.018-0.631,9.588-0.909,13.729-0.909c19.24,0.109,29.036,5.7,34.943,12.158c5.895,6.499,8.168,15.311,8.158,22.796 c0.01,3.586-0.555,6.795-1.177,8.721c-2.944,8.93-8.888,15.002-17.996,19.576c-9.035,4.484-21.095,6.777-33.707,6.757 c-4.514,0-9.105-0.288-13.639-0.831c-8.573-0.987-19.911-4.671-28.13-11.093c-4.138-3.199-6.458-6.991-8.858-11.485 c-2.379-4.514-2.783-9.748-2.783-16.442v-0.742c0-12.346,4.84-20.544,11.051-26.5c3.07-2.904,5.69-5.064,7.99-6.438 c0.366-0.218,0.438-0.416,0.755-0.593C452.39,316.014,459.684,317.968,468.097,317.938z M479.445,114.301 c-45.471,0-77.786,32.929-77.786,77.157c0,29.887,14.765,54.598,38.378,67.489c-0.314,0.314-0.621,0.641-0.916,0.966 c-6.104,6.687-9.226,15.25-9.236,23.913c-0.008,3.821,0.624,7.741,1.977,11.494c-3.062,1.956-6.717,4.634-10.46,8.147 c-9.026,8.408-18.734,22.541-19.021,42.097c-0.01,0.454-0.01,0.829-0.01,1.118c-0.01,10.071,2.379,19.157,6.459,26.774 c6.133,11.466,15.683,19.445,25.539,24.77c9.917,5.334,20.257,8.166,29.273,9.274c5.373,0.643,10.826,0.988,16.268,0.988 c15.151-0.02,30.261-2.578,43.409-9.019c13.085-6.34,24.333-17.253,29.192-32.562c1.443-4.553,2.212-9.719,2.231-15.428 c-0.02-11.595-3.349-25.759-13.767-37.452c-10.421-11.734-27.654-19.566-51.288-19.459c-5.138,0-10.606,0.356-16.426,1.078 c-1.877,0.227-3.596,0.334-5.166,0.334c-7.239-0.048-10.872-2.053-13.036-4.098c-2.133-2.084-3.2-4.839-3.229-8.058 c-0.01-3.28,1.284-6.727,3.467-9.078c2.231-2.332,5.008-3.91,9.846-3.97c0.436,0,0.9,0.01,1.374,0.05 c3.101,0.216,6.112,0.325,9.037,0.325c24.188,0.047,42.38-7.448,54.756-17.759c12.415-10.312,18.971-22.854,22.071-32.76l-0.04-0.01 c3.37-8.899,5.197-18.715,5.197-29.166C557.539,147.229,525.234,114.301,479.445,114.301z"
id="path4137" /></svg>
Side by Side

After

Width:  |  Height:  |  Size: 5.5 KiB

60
data/Dockerfiles/sogo/theme-blue.js Normal file
View File

@@ -0,0 +1,60 @@
/* -*- Mode: javascript; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
(function() {
'use strict';
angular.module('SOGo.Common')
.config(configure)
/**
* @ngInject
*/
configure.$inject = ['$mdThemingProvider'];
function configure($mdThemingProvider) {
/**
* Define the Alternative theme
*/
$mdThemingProvider.theme('mailcow')
.primaryPalette('indigo', {
'default': '700', // top toolbar
'hue-1': '400',
'hue-2': '600', // sidebar toolbar
'hue-3': 'A700'
})
.accentPalette('indigo', {
'default': '500', // fab buttons
'hue-1': '50', // center list toolbar
'hue-2': '400',
'hue-3': 'A700'
})
.backgroundPalette('grey', {
'default': '50', // center list background
'hue-1': '100',
'hue-2': '200',
'hue-3': '300'
});
$mdThemingProvider.theme('default')
.primaryPalette('indigo', {
'default': '700', // top toolbar
'hue-1': '400',
'hue-2': '600', // sidebar toolbar
'hue-3': 'A700'
})
.accentPalette('indigo', {
'default': '500', // fab buttons
'hue-1': '50', // center list toolbar
'hue-2': '400',
'hue-3': 'A700'
})
.backgroundPalette('grey', {
'default': '50', // center list background
'hue-1': '100',
'hue-2': '200',
'hue-3': '300'
});
$mdThemingProvider.setDefaultTheme('mailcow');
$mdThemingProvider.generateThemesOnDemand(false);
}
})();

61
data/Dockerfiles/sogo/theme-green.js Normal file
View File

@@ -0,0 +1,61 @@
/* -*- Mode: javascript; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
(function() {
'use strict';
angular.module('SOGo.Common')
.config(configure)
/**
* @ngInject
*/
configure.$inject = ['$mdThemingProvider'];
function configure($mdThemingProvider) {
/**
* Define the Alternative theme
*/
$mdThemingProvider.theme('mailcow')
.primaryPalette('green', {
'default': '600', // top toolbar
'hue-1': '200',
'hue-2': '600', // sidebar toolbar
'hue-3': 'A700'
})
.accentPalette('green', {
'default': '600', // fab buttons
'hue-1': '50', // center list toolbar
'hue-2': '400',
'hue-3': 'A700'
})
.backgroundPalette('grey', {
'default': '50', // center list background
'hue-1': '50',
'hue-2': '100',
'hue-3': '100'
});
$mdThemingProvider.theme('default')
.primaryPalette('green', {
'default': '600', // top toolbar
'hue-1': '200',
'hue-2': '600', // sidebar toolbar
'hue-3': 'A700'
})
.accentPalette('green', {
'default': '600', // fab buttons
'hue-1': '50', // center list toolbar
'hue-2': '400',
'hue-3': 'A700'
})
.backgroundPalette('grey', {
'default': '50', // center list background
'hue-1': '50',
'hue-2': '100',
'hue-3': '100'
});
$mdThemingProvider.setDefaultTheme('mailcow');
$mdThemingProvider.generateThemesOnDemand(false);
}
})();

2
data/Dockerfiles/watchdog/watchdog.sh
View File

@@ -211,7 +211,7 @@ rspamd_checks() {
while [ ${err_count} -lt ${THRESHOLD} ]; do
host_ip=$(get_container_ip rspamd-mailcow)
err_c_cur=${err_count}
SCORE=$(curl --silent ${host_ip}:11333/scan -d '
SCORE=$(/usr/bin/curl -s --data-binary @- --unix-socket /rspamd-sock/rspamd.sock http://rspamd/scan -d '
To: null@localhost
From: watchdog@localhost