7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Docs

Browse Source
This commit is contained in:
andryyy
2017-03-02 11:23:23 +01:00
parent 5f7fb2e7c2
commit d891bc8894
155 changed files with 26539 additions and 2916 deletions
Download Patch File Download Diff File Expand all files Collapse all files

247
data/conf/dovecot/dovecot.conf Normal file
View File

@@ -0,0 +1,247 @@
auth_mechanisms = plain login
#mail_debug = yes
log_path = /var/log/mail.log
disable_plaintext_auth = yes
# Uncomment on NFS share
#mmap_disable = yes
#mail_fsync = always
#mail_nfs_index = yes
#mail_nfs_storage = yes
login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k"
mail_home = /var/vmail/%d/%n
mail_location = maildir:~/
mail_plugins = quota acl zlib antispam
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
ssl_protocols = !SSLv3 !SSLv2
ssl_prefer_server_ciphers = yes
ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
ssl_options = no_compression
# Automatically regenerates every week
ssl_dh_parameters_length = 2048
log_timestamp = "%Y-%m-%d %H:%M:%S "
recipient_delimiter = +
auth_master_user_separator = *
mail_prefetch_count = 30
passdb {
driver = passwd-file
args = /etc/dovecot/dovecot-master.passwd
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/sql/dovecot-mysql.conf
driver = sql
}
namespace inbox {
inbox = yes
location =
separator = /
mailbox "Trash" {
auto = subscribe
special_use = \Trash
}
mailbox "Deleted Messages" {
special_use = \Trash
}
mailbox "Deleted Items" {
special_use = \Trash
}
mailbox "Gelöschte Objekte" {
special_use = \Trash
}
mailbox "Papierkorb" {
special_use = \Trash
}
mailbox "Itens Excluidos" {
special_use = \Trash
}
mailbox "Itens Excluídos" {
special_use = \Trash
}
mailbox "Lixeira" {
special_use = \Trash
}
mailbox "Prullenbak" {
special_use = \Trash
}
mailbox "Verwijderde items" {
special_use = \Trash
}
mailbox "Archive" {
auto = subscribe
special_use = \Archive
}
mailbox "Archiv" {
special_use = \Archive
}
mailbox "Archives" {
special_use = \Archive
}
mailbox "Arquivo" {
special_use = \Archive
}
mailbox "Arquivos" {
special_use = \Archive
}
mailbox "Archief" {
special_use = \Archive
}
mailbox "Sent" {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox "Sent Items" {
special_use = \Sent
}
mailbox "Gesendet" {
special_use = \Sent
}
mailbox "Gesendete Objekte" {
special_use = \Sent
}
mailbox "Itens Enviados" {
special_use = \Sent
}
mailbox "Enviados" {
special_use = \Sent
}
mailbox "Verzonden items" {
special_use = \Sent
}
mailbox "Verzonden" {
special_use = \Sent
}
mailbox "Drafts" {
auto = subscribe
special_use = \Drafts
}
mailbox "Entwürfe" {
special_use = \Drafts
}
mailbox "Rascunhos" {
special_use = \Drafts
}
mailbox "Concepten" {
special_use = \Drafts
}
mailbox "Junk" {
auto = subscribe
special_use = \Junk
}
mailbox "Junk E-mail" {
special_use = \Junk
}
mailbox "Spam" {
special_use = \Junk
}
mailbox "Lixo Eletrônico" {
special_use = \Junk
}
mailbox "Ongewenste e-mail" {
special_use = \Junk
}
prefix =
}
namespace {
type = shared
separator = /
prefix = Shared/%%u/
location = maildir:%%h/:INDEXPVT=~/Shared/%%u
subscriptions = no
list = yes
}
protocols = imap sieve lmtp pop3
service dict {
unix_listener dict {
mode = 0660
user = vmail
group = vmail
}
}
service auth {
inet_listener auth-inet {
port = 10001
}
unix_listener auth-master {
mode = 0600
user = vmail
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = root
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
service_count = 1
process_min_avail = 2
vsz_limit = 128M
}
service imap {
executable = imap imap-postlogin
}
service managesieve {
process_limit = 256
}
service lmtp {
inet_listener lmtp-inet {
port = 24
}
user = vmail
}
listen = *,[::]
ssl_cert = </etc/ssl/mail/cert.pem
ssl_key = </etc/ssl/mail/key.pem
userdb {
args = /etc/dovecot/sql/dovecot-mysql.conf
driver = sql
}
protocol imap {
mail_plugins = quota imap_quota imap_acl acl zlib imap_zlib antispam
}
protocol lmtp {
mail_plugins = quota sieve acl zlib
auth_socket_path = /var/run/dovecot/auth-master
}
protocol sieve {
managesieve_logout_format = bytes=%i/%o
}
plugin {
acl_anyone = allow
acl_shared_dict = file:/var/vmail/shared-mailboxes.db
acl = vfile
quota = dict:Userquota::proxy::sqlquota
quota_rule2 = Trash:storage=+100%%
antispam_backend = mailtrain
antispam_spam = Junk
antispam_trash = Trash
antispam_mail_sendmail = /usr/local/bin/rspamd-pipe
antispam_mail_spam = learn_spam
antispam_mail_notspam = learn_ham
# Do not complain about empty parameter
antispam_mail_sendmail_args = --blind
sieve = /var/vmail/sieve/%u.sieve
sieve_after = /var/vmail/sieve/global.sieve
sieve_max_script_size = 1M
sieve_quota_max_scripts = 0
sieve_quota_max_storage = 0
}
dict {
sqlquota = mysql:/etc/dovecot/sql/dovecot-dict-sql.conf
}
remote 127.0.0.1 {
disable_plaintext_auth = no
}
submission_host = postfix:588
mail_max_userip_connections = 500
service imap-postlogin {
executable = script-login /usr/local/bin/postlogin.sh
unix_listener imap-postlogin {
}
}

24
data/conf/dovecot/sieve_after Normal file
View File

@@ -0,0 +1,24 @@
require "fileinto";
require "mailbox";
require "variables";
require "subaddress";
require "envelope";
if header :contains "X-Spam-Flag" "YES" {
fileinto "Junk";
}
if allof (
envelope :detail :matches "to" "*",
header :contains "X-Moo-Tag" "YES",
mailboxexists "INBOX/${s}"
) {
fileinto "INBOX/${s}";
}
elsif allof (
envelope :detail :matches "to" "*",
header :contains "X-Moo-Tag" "YES"
) {
set :lower "s" "${1}";
fileinto :create "INBOX/${s}";
}

15
data/conf/dovecot/sql/dovecot-dict-sql.conf Normal file
View File

@@ -0,0 +1,15 @@
connect = "host=mysql dbname=mailcow user=mailcow password=mysafepasswd"
map {
pattern = priv/quota/storage
table = quota2
username_field = username
value_field = bytes
}
map {
pattern = priv/quota/messages
table = quota2
username_field = username
value_field = messages
}

6
data/conf/dovecot/sql/dovecot-mysql.conf Normal file
View File

@@ -0,0 +1,6 @@
driver = mysql
connect = "host=mysql dbname=mailcow user=mailcow password=mysafepasswd"
default_pass_scheme = SSHA256
password_query = SELECT password FROM mailbox WHERE username = '%u' AND domain IN (SELECT domain FROM domain WHERE domain='%d' AND active='1')
user_query = SELECT CONCAT('maildir:/var/vmail/',maildir) AS mail, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'
iterate_query = SELECT username FROM mailbox WHERE active='1';

14
data/conf/mysql/my.cnf Normal file
View File

@@ -0,0 +1,14 @@
[mysqld]
character-set-client-handshake = FALSE
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
innodb_file_per_table = TRUE
innodb_file_format = barracuda
innodb_large_prefix = TRUE
#sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4

18
data/conf/nginx/dynmaps.conf Normal file
View File

@@ -0,0 +1,18 @@
server {
listen 8081;
index index.php index.html;
server_name _;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /dynmaps;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass phpfpm:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}

1
data/conf/nginx/listen.template Normal file
View File

@@ -0,0 +1 @@
listen ${HTTPS_PORT};

136
data/conf/nginx/site.conf Normal file
View File

@@ -0,0 +1,136 @@
proxy_cache_path /tmp levels=1:2 keys_zone=sogo:10m inactive=24h max_size=1g;
server {
include /etc/nginx/conf.d/listen.active;
include /etc/nginx/mime.types;
charset utf-8;
override_charset on;
ssl on;
ssl_certificate /etc/ssl/mail/cert.pem;
ssl_certificate_key /etc/ssl/mail/key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA';
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
ssl_ecdh_curve secp384r1;
index index.php index.html;
server_name _ autodiscover.* autoconfig.*;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /web;
location = /principals/ {
rewrite ^ https://$host/SOGo/dav;
allow all;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass phpfpm:9000;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PHP_VALUE "max_execution_time = 1200
max_input_time = 1200
memory_limit = 64M";
fastcgi_read_timeout 1200;
}
rewrite ^(/save.+)$ /rspamd$1 last;
location /rspamd/ {
proxy_pass http://172.22.1.253:11334/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
}
location ^~ /inc/init.sql {
deny all;
}
if ($host ~* autodiscover\.(.*)) {
rewrite ^(.*) /autodiscover.php last;
}
if ($host ~* autoconfig\.(.*)) {
rewrite ^(.*) /autoconfig.php last;
}
location ^~ /Microsoft-Server-ActiveSync {
proxy_pass http://172.22.1.252:20000/SOGo/Microsoft-Server-ActiveSync;
proxy_connect_timeout 1000;
proxy_next_upstream timeout error;
proxy_send_timeout 1000;
proxy_read_timeout 1000;
proxy_buffer_size 8k;
proxy_buffers 4 32k;
proxy_temp_file_write_size 64k;
proxy_busy_buffers_size 64k;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
proxy_set_header x-webobjects-remote-host $remote_addr;
proxy_set_header x-webobjects-server-name $server_name;
proxy_set_header x-webobjects-server-url $scheme://$host:$server_port;
proxy_set_header x-webobjects-server-port $server_port;
client_body_buffer_size 128k;
client_max_body_size 100m;
}
location ^~ /SOGo {
proxy_pass http://172.22.1.252:20000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
proxy_set_header x-webobjects-remote-host $remote_addr;
proxy_set_header x-webobjects-server-name $server_name;
proxy_set_header x-webobjects-server-url $scheme://$host:$server_port;
proxy_set_header x-webobjects-server-port $server_port;
#proxy_connect_timeout 90;
#proxy_send_timeout 90;
#proxy_read_timeout 90;
#proxy_buffer_size 4k;
#proxy_buffers 4 32k;
#proxy_busy_buffers_size 64k;
#proxy_temp_file_write_size 64k;
client_body_buffer_size 128k;
client_max_body_size 100m;
break;
}
location /SOGo.woa/WebServerResources/ {
proxy_pass http://172.22.1.252:9192/WebServerResources/;
proxy_set_header Host $host;
proxy_cache sogo;
proxy_cache_valid 200 1d;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
#alias /usr/lib/GNUstep/SOGo/WebServerResources/;
allow all;
}
location /SOGo/WebServerResources/ {
proxy_pass http://172.22.1.252:9192/WebServerResources/;
proxy_set_header Host $host;
proxy_cache sogo;
proxy_cache_valid 200 1d;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
#alias /usr/lib/GNUstep/SOGo/WebServerResources/;
allow all;
}
location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$ {
proxy_pass http://172.22.1.252:9192/$1.SOGo/Resources/$2;
proxy_set_header Host $host;
proxy_cache sogo;
proxy_cache_valid 200 1d;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
#alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
}
}

1
data/conf/pdns/pdns_custom.lua Normal file
View File

@@ -0,0 +1 @@
addNTA("mailcow-network", "nta for local")

41
data/conf/pdns/recursor.conf Normal file
View File

@@ -0,0 +1,41 @@
allow-from=127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8
config-dir=/etc/powerdns
daemon=no
disable-syslog=yes
dnssec=process
dnssec-log-bogus=yes
dont-query=10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10, 0.0.0.0/8, 192.0.0.0/24, 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, 240.0.0.0/4, ::/96, ::ffff:0:0/96, 100::/64, 2001:db8::/32
export-etc-hosts=off
# forward-zones=
forward-zones-recurse=mailcow-network.=127.0.0.11
local-address=0.0.0.0
local-port=53
loglevel=6
# lowercase-outgoing=no
lua-config-file=/etc/powerdns/pdns_custom.lua
# max-cache-entries=1000000
# max-cache-ttl=86400
# max-mthreads=2048
# max-negative-ttl=3600
# max-packetcache-entries=500000
# max-qperq=50
# max-tcp-clients=128
# max-tcp-per-client=0
# max-total-msec=7000
# minimum-ttl-override=0
# network-timeout=1500
# packetcache-servfail-ttl=60
# packetcache-ttl=3600
quiet=yes
# security-poll-suffix=secpoll.powerdns.com.
# serve-rfc1918=yes
# server-down-max-fails=64
# server-down-throttle-time=60
setgid=pdns
setuid=pdns
# spoof-nearmiss-max=20
# stack-size=200000
# threads=2
# trace=off
version-string=PowerDNS Recursor
webserver=no

93
data/conf/postfix/main.cf Normal file
View File

@@ -0,0 +1,93 @@
biff = no
append_dot_mydomain = no
smtpd_tls_cert_file = /etc/ssl/mail/cert.pem
smtpd_tls_key_file = /etc/ssl/mail/key.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
disable_vrfy_command = yes
maximal_backoff_time = 1800s
maximal_queue_lifetime = 1d
message_size_limit = 26214400
milter_default_action = accept
milter_protocol = 6
minimal_backoff_time = 300s
plaintext_reject_code = 550
postscreen_access_list = permit_mynetworks, cidr:/opt/postfix/conf/postscreen_access.cidr
postscreen_bare_newline_enable = no
postscreen_blacklist_action = drop
postscreen_cache_cleanup_interval = 24h
postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = b.barracudacentral.org=127.0.0.2*7 dnsbl.inps.de=127.0.0.2*7 bl.mailspike.net=127.0.0.2*5 bl.mailspike.net=127.0.0.[10;11;12]*4 dnsbl.sorbs.net=127.0.0.10*8 dnsbl.sorbs.net=127.0.0.5*6 dnsbl.sorbs.net=127.0.0.7*3 dnsbl.sorbs.net=127.0.0.8*2 dnsbl.sorbs.net=127.0.0.6*2 dnsbl.sorbs.net=127.0.0.9*2 zen.spamhaus.org=127.0.0.[10;11]*8 zen.spamhaus.org=127.0.0.[4..7]*6 zen.spamhaus.org=127.0.0.3*4 zen.spamhaus.org=127.0.0.2*3 hostkarma.junkemailfilter.com=127.0.0.2*3 hostkarma.junkemailfilter.com=127.0.0.4*1 hostkarma.junkemailfilter.com=127.0.1.2*1 wl.mailspike.net=127.0.0.[18;19;20]*-2 hostkarma.junkemailfilter.com=127.0.0.1*-2
postscreen_dnsbl_threshold = 8
postscreen_dnsbl_ttl = 5m
postscreen_greet_action = enforce
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 2d
postscreen_greet_wait = 3s
postscreen_non_smtp_command_enable = no
postscreen_pipelining_enable = no
proxy_read_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_out_policy.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf, $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
queue_run_delay = 300s
relay_domains = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf
relay_recipient_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf
sender_dependent_default_transport_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_out_policy.cf
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_cert_file = /etc/ssl/mail/cert.pem
smtp_tls_key_file = /etc/ssl/mail/key.pem
smtp_tls_loglevel = 1
smtp_dns_support_level = dnssec
smtp_tls_security_level = dane
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 10s
smtpd_hard_error_limit = ${stress?1}${stress:5}
smtpd_helo_required = yes
smtpd_proxy_timeout = 600s
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_recipient_access proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf, reject_invalid_helo_hostname, reject_unknown_reverse_client_hostname, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = inet:dovecot:10001
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf
smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unlisted_sender, reject_unknown_sender_domain
smtpd_soft_error_limit = 3
smtpd_tls_auth_only = yes
smtpd_tls_dh1024_param_file = /etc/ssl/mail/dhparams.pem
smtpd_tls_eecdh_grade = strong
smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL
smtpd_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
lmtp_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers = high
smtpd_tls_security_level = may
tls_ssl_options = NO_COMPRESSION
tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
virtual_alias_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_spamalias_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail/
virtual_mailbox_domains = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_domain_mailbox_maps.cf
virtual_minimum_uid = 104
virtual_transport = lmtp:inet:dovecot:24
virtual_uid_maps = static:5000
smtpd_milters = inet:rmilter:9900
non_smtpd_milters = inet:rmilter:9900
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
mydestination = localhost.localdomain, localhost

45
data/conf/postfix/master.cf Normal file
View File

@@ -0,0 +1,45 @@
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
-o smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_helo_hostname
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
submission inet n - n - - smtpd
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_enforce_tls=yes
-o smtpd_tls_security_level=encrypt
-o tls_preempt_cipherlist=yes
588 inet n - n - - smtpd
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_tls_auth_only=no
smtp_enforced_tls unix - - n - - smtp
-o smtp_tls_security_level=encrypt
-o syslog_name=enforced-tls-smtp
-o smtp_delivery_status_filter=pcre:/opt/postfix/conf/smtp_dsn_filter
tlsproxy unix - - n - 0 tlsproxy
dnsblog unix - - n - 0 dnsblog
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe flags=DRhu
user=vmail argv=/usr/bin/maildrop -d ${recipient}

654
data/conf/postfix/postscreen_access.cidr Normal file
View File

@@ -0,0 +1,654 @@
# Generated by Postwhite v1.30 on Thu Dec 8 21:11:27 CET 2016
# https://github.com/stevejenkins/postwhite/
# 651 total rules
2a00:1450:4000::/36 permit
2a01:111:f400::/48 permit
2a04:35c0::/29 permit
2c0f:fb50:4000::/36 permit
5.135.24.0/24 permit
8.20.114.31 permit
8.25.194.0/23 permit
8.25.196.0/23 permit
12.130.86.238 permit
13.111.0.0/19 permit
17.36.0.0/16 permit
17.41.0.0/16 permit
17.110.0.0/15 permit
17.120.0.0/16 permit
17.133.0.0/16 permit
17.139.0.0/16 permit
17.142.0.0/15 permit
17.151.1.0/24 permit
17.158.0.0/15 permit
17.162.0.0/15 permit
17.164.0.0/16 permit
17.171.37.0/24 permit
17.172.0.0/16 permit
23.21.83.90 permit
23.23.237.213 permit
23.96.52.53 permit
23.100.122.175 permit
23.103.128.0/19 permit
23.103.131.7 permit
23.103.191.0/24 permit
23.103.198.0/23 permit
23.103.200.0/21 permit
23.103.208.0/21 permit
23.103.224.0/19 permit
23.253.182.0/24 permit
23.253.182.103 permit
23.253.183.0/24 permit
23.253.183.145 permit
23.253.183.146 permit
23.253.183.147 permit
23.253.183.148 permit
23.253.183.150 permit
27.126.146.0/24 permit
37.59.69.128/25 permit
37.59.249.0/24 permit
37.188.97.188/32 permit
40.92.0.0/14 permit
40.96.32.50 permit
40.97.113.34 permit
40.97.113.210 permit
40.97.153.146 permit
40.97.155.26 permit
40.97.156.114 permit
40.97.160.2 permit
40.97.164.146 permit
40.97.166.138 permit
40.97.170.154 permit
40.107.0.0/17 permit
40.107.128.0/18 permit
41.74.192.0/22 permit
41.74.196.0/22 permit
41.74.200.0/22 permit
41.74.201.0/24 permit
41.74.204.0/22 permit
41.74.205.0/24 permit
46.19.168.0/23 permit
50.18.45.249 permit
50.18.121.236 permit
50.18.121.248 permit
50.18.123.221 permit
50.18.124.70 permit
50.18.125.97 permit
50.18.125.237 permit
50.18.126.162 permit
50.22.164.201 permit
50.23.218.192/27 permit
50.31.32.0/19 permit
50.31.36.197 permit
50.31.36.199 permit
50.31.36.205 permit
50.31.36.208 permit
50.31.36.213 permit
50.31.60.1 permit
50.31.156.96/27 permit
50.207.218.237 permit
51.4.71.62 permit
52.0.20.102 permit
52.95.48.152/29 permit
52.95.49.88/29 permit
52.205.61.79 permit
54.172.97.247 permit
54.173.229.38 permit
54.214.39.184 permit
54.240.0.0/18 permit
54.241.16.209 permit
54.243.205.80 permit
54.244.242.0/24 permit
62.17.146.128/26 permit
63.80.14.0/23 permit
63.111.28.137 permit
63.128.21.0/24 permit
64.4.22.64/26 permit
64.18.0.0/20 permit
64.20.241.45 permit
64.34.47.128/27 permit
64.34.57.192/26 permit
64.79.155.0/24 permit
64.79.155.192 permit
64.127.115.252 permit
64.132.88.0/23 permit
64.132.92.0/24 permit
64.135.77.0/24 permit
64.135.83.0/24 permit
64.233.160.0/19 permit
65.39.215.0/24 permit
65.54.51.64/26 permit
65.54.61.64/26 permit
65.54.121.120/29 permit
65.54.121.124/31 permit
65.54.190.0/24 permit
65.54.241.0/24 permit
65.55.33.64/28 permit
65.55.34.0/24 permit
65.55.42.224/28 permit
65.55.52.224/27 permit
65.55.77.28 permit
65.55.78.128/25 permit
65.55.81.48/28 permit
65.55.81.54/31 permit
65.55.85.12 permit
65.55.88.0/24 permit
65.55.90.0/24 permit
65.55.94.0/25 permit
65.55.111.0/24 permit
65.55.113.64/26 permit
65.55.116.0/25 permit
65.55.126.0/25 permit
65.55.169.0/24 permit
65.55.174.0/25 permit
65.55.178.128/27 permit
65.55.234.192/26 permit
65.110.161.77 permit
65.212.180.36 permit
65.242.92.0/24 permit
65.242.92.15 permit
66.77.16.201/32 permit
66.102.0.0/20 permit
66.135.215.0/24 permit
66.135.222.1 permit
66.211.168.230/31 permit
66.211.184.0/23 permit
66.220.144.128/25 permit
66.220.155.0/24 permit
66.220.155.128/25 permit
66.220.157.0/25 permit
66.231.80.0/20 permit
66.249.80.0/20 permit
67.23.31.6 permit
67.72.99.26 permit
67.221.168.65 permit
67.228.2.24/30 permit
67.228.21.184/29 permit
67.228.37.4/30 permit
67.228.50.32/27 permit
67.228.50.54/31 permit
67.231.145.42 permit
67.231.153.30 permit
68.232.192.0/20 permit
69.63.178.128/25 permit
69.63.179.25 permit
69.63.184.0/25 permit
69.65.42.195 permit
69.65.49.192/29 permit
69.162.98.0/24 permit
69.171.232.0/24 permit
69.171.232.128/25 permit
69.171.244.0/24 permit
70.37.151.128/25 permit
70.42.149.35 permit
72.3.185.0/24 permit
72.3.237.64/28 permit
72.5.230.111/32 permit
72.14.192.0/18 permit
72.21.192.0/19 permit
72.21.212.0/25 permit
72.21.217.142/32 permit
72.32.154.0/24 permit
72.32.217.0/24 permit
72.32.243.0/24 permit
72.249.147.250/32 permit
74.63.63.115 permit
74.63.63.121 permit
74.63.194.126 permit
74.63.234.75 permit
74.63.236.0/24 permit
74.86.113.28/30 permit
74.86.129.240/30 permit
74.86.131.208/30 permit
74.86.132.208/30 permit
74.86.160.160/30 permit
74.86.164.188/30 permit
74.86.171.192/30 permit
74.86.195.28/30 permit
74.86.207.36/30 permit
74.86.226.216/30 permit
74.86.236.240/30 permit
74.86.241.250/31 permit
74.112.64.26 permit
74.112.67.243 permit
74.112.170.21/32 permit
74.125.0.0/16 permit
74.201.84.0/24 permit
74.201.152.59/32 permit
74.201.154.0/24 permit
74.201.155.25/32 permit
74.201.155.26/32 permit
74.201.155.27/32 permit
74.201.155.28/32 permit
74.201.155.79/32 permit
74.202.227.52/32 permit
74.208.4.192/26 permit
74.208.5.64/26 permit
74.208.122.0/26 permit
74.209.250.0/24 permit
74.209.250.84 permit
75.126.200.128/27 permit
75.126.253.0/24 permit
75.126.253.48 permit
80.231.25.0/24 permit
80.231.219.0/24 permit
81.223.46.0/27 permit
82.165.159.0/24 permit
85.222.130.192/26 permit
85.222.138.192/26 permit
86.61.88.25 permit
87.238.80.0/21 permit
87.253.232.0/21 permit
91.194.248.0/23 permit
91.198.22.0/24 permit
91.211.240.0/24 permit
91.211.242.0/24 permit
91.211.243.0/24 permit
91.220.42.0/24 permit
94.236.119.0/26 permit
94.245.112.0/27 permit
94.245.112.10/31 permit
94.245.120.64/26 permit
96.43.144.0/20 permit
96.43.144.64/28 permit
96.43.144.64/31 permit
96.43.147.64/28 permit
96.43.148.64/28 permit
96.43.148.64/31 permit
96.43.151.64/28 permit
96.43.152.64/27 permit
96.43.153.64/27 permit
96.46.150.192/27 permit
101.53.164.192/26 permit
103.11.200.0/22 permit
103.13.69.0/24 permit
103.28.42.0/24 permit
103.237.104.0/22 permit
104.40.211.35 permit
104.43.195.251 permit
104.47.0.0/17 permit
104.130.96.0/28 permit
104.130.122.0/23 permit
104.245.209.192/26 permit
106.50.16.0/28 permit
107.0.11.224/27 permit
108.174.0.0/24 permit
108.174.0.215 permit
108.174.3.0/24 permit
108.174.6.0/24 permit
108.175.18.45 permit
108.175.30.45 permit
108.177.8.0/21 permit
108.177.96.0/19 permit
111.221.23.128/25 permit
111.221.26.0/27 permit
111.221.66.0/25 permit
111.221.69.128/25 permit
111.221.112.0/21 permit
124.47.150.0/24 permit
124.47.189.0/24 permit
129.41.77.70 permit
129.41.169.249 permit
131.107.0.0/16 permit
131.107.1.18 permit
131.107.1.19 permit
131.107.1.20 permit
131.107.1.37 permit
131.107.1.44 permit
131.107.1.48 permit
131.107.1.56 permit
131.253.30.0/24 permit
131.253.121.20 permit
134.170.113.0/26 permit
134.170.140.0/24 permit
134.170.141.64/26 permit
134.170.143.0/24 permit
134.170.174.0/24 permit
136.146.128.64/27 permit
136.146.208.16/28 permit
136.146.210.16/28 permit
136.147.46.192/26 permit
136.147.62.192/26 permit
136.147.128.0/20 permit
136.147.176.0/20 permit
146.88.28.0/24 permit
146.101.78.0/24 permit
147.243.1.47 permit
147.243.1.48 permit
147.243.1.153 permit
147.243.128.24 permit
147.243.128.26 permit
151.101.37.140 permit
157.55.0.192/26 permit
157.55.1.128/26 permit
157.55.2.0/25 permit
157.55.9.128/25 permit
157.55.11.0/25 permit
157.55.49.0/25 permit
157.55.61.0/24 permit
157.55.157.128/25 permit
157.55.158.0/23 permit
157.55.225.0/25 permit
157.55.234.0/24 permit
157.56.24.0/25 permit
157.56.110.0/23 permit
157.56.112.0/24 permit
157.56.120.128/26 permit
157.56.172.28 permit
157.56.232.0/21 permit
157.56.240.0/20 permit
157.56.248.0/21 permit
157.151.208.65 permit
162.88.4.0/24 permit
162.88.36.0/24 permit
162.248.185.121 permit
163.47.180.0/22 permit
165.254.167.152/30 permit
165.254.167.156/31 permit
165.254.167.162/31 permit
165.254.168.66/31 permit
165.254.168.68/31 permit
165.254.168.70/31 permit
165.254.168.72/31 permit
166.78.68.0/22 permit
166.78.68.221 permit
166.78.69.146 permit
166.78.69.169 permit
166.78.69.170 permit
166.78.71.131 permit
167.89.0.0/17 permit
167.89.16.30 permit
167.89.16.183 permit
167.89.16.245 permit
167.89.25.84 permit
167.89.32.5 permit
167.89.32.50 permit
167.89.46.159 permit
167.89.46.185 permit
167.89.60.95 permit
167.89.62.118 permit
167.89.64.9 permit
167.89.65.0 permit
167.89.65.53 permit
167.89.65.100 permit
167.89.74.233 permit
167.89.75.33 permit
167.89.75.126 permit
167.89.75.136 permit
167.89.75.164 permit
167.89.101.2 permit
167.89.101.192/28 permit
167.220.67.238 permit
172.217.0.0/19 permit
173.0.84.224/28 permit
173.0.94.244/30 permit
173.193.132.0/23 permit
173.193.132.134/31 permit
173.193.210.32/27 permit
173.194.0.0/16 permit
173.203.79.182 permit
173.203.81.39 permit
173.224.160.128/25 permit
173.224.161.128/25 permit
173.228.155.0/24 permit
174.36.80.208/28 permit
174.36.84.8/29 permit
174.36.84.16/29 permit
174.36.84.32/29 permit
174.36.84.144/29 permit
174.36.84.240/29 permit
174.36.85.248/30 permit
174.36.92.96/27 permit
174.36.114.128/30 permit
174.36.114.140/30 permit
174.36.114.148/30 permit
174.36.114.152/29 permit
174.37.67.28/30 permit
174.37.226.64/27 permit
174.129.194.241 permit
174.129.203.189 permit
174.137.46.0/24 permit
176.32.105.0/24 permit
176.32.127.0/24 permit
178.32.48.128 permit
178.33.111.144 permit
178.33.137.208/28 permit
178.33.221.0/24 permit
178.236.10.128/26 permit
178.249.98.16/29 permit
178.249.202.16/29 permit
180.189.28.0/24 permit
182.50.76.0/22 permit
182.50.78.64/28 permit
184.173.105.0/24 permit
184.173.153.0/24 permit
185.4.120.0/24 permit
185.4.122.0/24 permit
185.12.80.0/22 permit
185.28.196.0/22 permit
185.90.20.0/22 permit
188.172.128.0/20 permit
191.239.213.197 permit
192.28.128.0/18 permit
192.30.252.0/22 permit
192.64.236.0/24 permit
192.64.237.0/24 permit
192.64.238.0/24 permit
192.161.144.0/20 permit
192.230.81.86 permit
192.237.158.0/23 permit
192.237.159.42 permit
192.237.159.43 permit
192.254.112.0/20 permit
192.254.112.60 permit
192.254.112.98/31 permit
192.254.113.10 permit
192.254.113.101 permit
192.254.114.176 permit
192.254.115.72 permit
192.254.118.63 permit
193.28.178.0/25 permit
194.64.234.128/27 permit
194.64.234.129 permit
194.154.193.192/27 permit
195.54.172.0/23 permit
195.130.217.0/24 permit
198.2.128.0/18 permit
198.2.128.0/24 permit
198.2.132.0/22 permit
198.2.136.0/23 permit
198.2.177.0/24 permit
198.2.178.0/24 permit
198.2.179.0/24 permit
198.2.180.0/24 permit
198.2.186.0/23 permit
198.21.0.0/21 permit
198.21.3.166 permit
198.21.4.224 permit
198.37.144.0/20 permit
198.37.145.250 permit
198.37.149.128 permit
198.37.151.26 permit
198.61.254.0/23 permit
198.61.254.231 permit
198.178.234.57 permit
198.245.80.0/20 permit
199.15.176.173 permit
199.15.212.0/22 permit
199.15.214.169/32 permit
199.16.156.0/22 permit
199.19.0.0/21 permit
199.59.148.0/22 permit
199.83.132.86 permit
199.101.161.130 permit
199.101.162.0/25 permit
199.122.120.0/21 permit
199.127.232.0/22 permit
199.187.117.209 permit
199.187.117.233 permit
199.187.117.234/31 permit
199.187.117.236/31 permit
199.187.118.201 permit
199.187.118.202/31 permit
199.187.118.204 permit
199.187.118.209 permit
199.201.64.23 permit
199.201.65.23 permit
199.255.192.0/22 permit
202.129.242.0/23 permit
202.177.148.100 permit
202.177.148.110 permit
203.32.4.25 permit
203.55.21.0/24 permit
203.62.195.0/24 permit
203.81.17.0/24 permit
203.122.32.250 permit
203.145.57.160/27 permit
204.13.11.48/29 permit
204.13.11.48/30 permit
204.13.248.0/22 permit
204.14.232.0/21 permit
204.14.232.64/28 permit
204.14.234.64/28 permit
204.14.238.0/27 permit
204.29.186.0/23 permit
204.75.142.0/24 permit
204.92.114.187 permit
204.92.114.203 permit
204.92.114.204/31 permit
204.153.121.0/24 permit
205.139.110.0/23 permit
205.201.128.0/20 permit
205.201.131.128/25 permit
205.201.132.14 permit
205.201.134.128/25 permit
205.201.136.0/23 permit
205.201.137.229 permit
205.201.139.0/24 permit
205.201.140.14 permit
205.207.104.0/22 permit
205.217.25.132 permit
205.217.25.135 permit
205.251.233.32/32 permit
205.251.233.36/32 permit
206.25.247.143 permit
206.25.247.155 permit
206.165.246.80/29 permit
206.191.224.0/19 permit
206.246.157.1 permit
207.46.4.128/25 permit
207.46.22.35 permit
207.46.22.98 permit
207.46.22.101 permit
207.46.50.72 permit
207.46.50.82 permit
207.46.50.192/26 permit
207.46.50.224 permit
207.46.51.64/26 permit
207.46.52.71 permit
207.46.52.79 permit
207.46.58.128/25 permit
207.46.100.0/24 permit
207.46.101.128/26 permit
207.46.116.128/29 permit
207.46.117.0/24 permit
207.46.132.128/27 permit
207.46.163.0/24 permit
207.46.198.0/25 permit
207.46.200.0/27 permit
207.67.38.0/24 permit
207.67.98.192/27 permit
207.68.176.0/26 permit
207.68.176.96/27 permit
207.82.80.0/24 permit
207.126.144.0/20 permit
207.171.160.0/19 permit
207.211.30.0/24 permit
207.211.31.0/25 permit
207.211.41.113 permit
207.218.90.0/24 permit
207.250.68.0/24 permit
208.40.232.70 permit
208.43.21.28/30 permit
208.43.21.64/29 permit
208.43.21.72/30 permit
208.43.239.136/30 permit
208.64.132.0/22 permit
208.66.139.0/25 permit
208.74.204.0/22 permit
208.74.204.9 permit
208.75.120.0/22 permit
208.75.122.246 permit
208.76.56.0/21 permit
208.78.68.0/22 permit
208.82.236.96/28 permit
208.82.237.96/28 permit
208.82.238.96/28 permit
208.85.50.137 permit
208.89.13.233 permit
208.89.13.234/31 permit
208.89.13.236/31 permit
208.89.14.201 permit
208.89.14.202/31 permit
208.89.14.204 permit
208.89.14.209 permit
208.117.48.0/20 permit
208.185.229.45 permit
208.201.241.163 permit
209.43.22.0/28 permit
209.46.117.168 permit
209.46.117.179 permit
209.61.151.0/24 permit
209.67.98.46 permit
209.67.98.59 permit
209.85.128.0/17 permit
212.4.136.0/26 permit
212.123.28.40/32 permit
212.227.15.0/24 permit
212.227.17.0/27 permit
212.227.126.128/25 permit
213.165.64.0/23 permit
213.167.75.0/24 permit
213.167.81.0/24 permit
213.199.128.139 permit
213.199.128.145 permit
213.199.138.181 permit
213.199.138.191 permit
213.199.154.0/24 permit
213.199.161.128/27 permit
213.199.177.0/26 permit
213.199.180.0/24 permit
216.17.150.242 permit
216.17.150.251 permit
216.32.180.0/23 permit
216.46.168.197 permit
216.46.168.222 permit
216.58.192.0/19 permit
216.99.5.67 permit
216.99.5.68 permit
216.113.160.0/24 permit
216.113.172.0/25 permit
216.113.175.0/24 permit
216.136.162.65 permit
216.136.162.120/29 permit
216.136.168.80/28 permit
216.146.32.0/20 permit
216.198.0.0/18 permit
216.203.30.55 permit
216.203.33.178/31 permit
216.205.24.0/24 permit
216.229.156.0/25 permit
216.239.32.0/19 permit
217.72.207.0/27 permit
217.77.141.52 permit
217.77.141.59 permit
217.175.193.0/24 permit
217.175.194.0/23 permit
217.175.196.0/24 permit
2001:4860:4000::/36 permit
2404:6800:4000::/36 permit
2607:f8b0:4000::/36 permit
2620:109:c003:104::/64 permit
2620:109:c006:104::/64 permit
2620:109:c00d:104::/64 permit
2620:119:50c0:207::/64 permit
2800:3f0:4000::/36 permit

6
data/conf/postfix/smtp_dsn_filter Normal file
View File

@@ -0,0 +1,6 @@
/^4(\.\d+\.\d+ TLS is required, but host \S+ refused to start TLS: .+)/
5$1
/^4(\.\d+\.\d+ TLS is required, but was not offered by host .+)/
5$1
/^4.7.5(.*)/
5.7.5$1

5
data/conf/postfix/sql/mysql_relay_recipient_maps.cf Normal file
View File

@@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT DISTINCT CASE WHEN '%d' IN (SELECT domain FROM domain WHERE relay_all_recipients=1 AND domain='%d' AND backupmx=1) THEN '%s' ELSE (SELECT goto FROM alias WHERE address='%s' AND active='1') END AS result;

5
data/conf/postfix/sql/mysql_tls_enforce_in_policy.cf Normal file
View File

@@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT IF( EXISTS( SELECT 'TLS_ACTIVE' FROM alias LEFT OUTER JOIN mailbox ON mailbox.username = alias.address WHERE (address='%s' OR address IN (SELECT CONCAT('%u', '@', target_domain) FROM alias_domain WHERE alias_domain='%d')) AND mailbox.tls_enforce_in = '1' AND mailbox.active = '1'), 'reject_plaintext_session', 'DUNNO') AS 'tls_enforce_in';

5
data/conf/postfix/sql/mysql_tls_enforce_out_policy.cf Normal file
View File

@@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT IF( EXISTS( SELECT 'TLS_ACTIVE' FROM alias LEFT OUTER JOIN mailbox ON mailbox.username = alias.address WHERE (address='%s' OR address IN (SELECT CONCAT('%u', '@', target_domain) FROM alias_domain WHERE alias_domain='%d')) AND mailbox.tls_enforce_out = '1' AND mailbox.active = '1'), 'smtp_enforced_tls:', 'DUNNO') AS 'tls_enforce_out';

6
data/conf/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf Normal file
View File

@@ -0,0 +1,6 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

5
data/conf/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf Normal file
View File

@@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'

5
data/conf/postfix/sql/mysql_virtual_alias_domain_maps.cf Normal file
View File

@@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

5
data/conf/postfix/sql/mysql_virtual_alias_maps.cf Normal file
View File

@@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT goto FROM alias WHERE address='%s' AND active='1';

5
data/conf/postfix/sql/mysql_virtual_domains_maps.cf Normal file
View File

@@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT alias_domain from alias_domain WHERE alias_domain='%s' AND active='1' UNION SELECT domain FROM domain WHERE domain='%s' AND active = '1' AND backupmx = '0'

5
data/conf/postfix/sql/mysql_virtual_mailbox_maps.cf Normal file
View File

@@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'

5
data/conf/postfix/sql/mysql_virtual_relay_domain_maps.cf Normal file
View File

@@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '1' AND active = '1'

5
data/conf/postfix/sql/mysql_virtual_sender_acl.cf Normal file
View File

@@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT goto FROM alias WHERE address='%s' AND active='1' AND domain IN(SELECT domain FROM domain WHERE domain='%d' AND active='1') UNION SELECT logged_in_as FROM sender_acl WHERE send_as='@%d' OR send_as='%s' OR send_as IN ( SELECT CONCAT ('@',target_domain) FROM alias_domain WHERE alias_domain = '%d') OR send_as IN ( SELECT CONCAT ('%u','@',target_domain) FROM alias_domain WHERE alias_domain = '%d' ) AND logged_in_as NOT IN (SELECT goto FROM alias WHERE address='%s') UNION SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' AND alias.address = CONCAT('%u','@',alias_domain.target_domain) AND alias.active ='1' AND alias_domain.active='1'

5
data/conf/postfix/sql/mysql_virtual_spamalias_maps.cf Normal file
View File

@@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT goto FROM spamalias WHERE address='%s' AND validity >= UNIX_TIMESTAMP()

42
data/conf/rmilter/rmilter.conf Normal file
View File

@@ -0,0 +1,42 @@
bind_socket = inet:9900;
spamd {
servers = r:rspamd:11333;
connect_timeout = 1s;
results_timeout = 20s;
error_time = 10;
dead_time = 300;
maxerrors = 10;
reject_message = "Spam or virus message rejected due to high detection score";
whitelist = 127.0.0.1/32, [::1]/128;
spamd_soft_fail = yes;
rspamd_metric = "default";
extended_spam_headers = yes;
spam_header = "X-Spam-Flag";
spam_header_value = "YES";
};
redis {
servers_grey = redis:6379;
servers_limits = redis:6379;
servers_id = redis:6379;
id_prefix = "message_id.";
grey_prefix = "grey.";
white_prefix = "white.";
connect_timeout = 1s;
error_time = 10;
dead_time = 300;
maxerrors = 10;
};
tempdir = /tmp;
tempfiles_mode = 00600;
max_size = 20M;
strict_auth = yes;
use_dcc = no;
limits {
enable = false;
};
greylisting {
enable = false;
}
dkim {
enable = false;
};

22
data/conf/rspamd/dynmaps/authoritative.php Normal file
View File

@@ -0,0 +1,22 @@
<?php
ini_set('error_reporting', 0);
header('Content-Type: text/plain');
require_once "vars.inc.php";
$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
$opt = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$pdo = new PDO($dsn, $database_user, $database_pass, $opt);
$stmt = $pdo->query("SELECT `domain` FROM `domain`");
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while ($row = array_shift($rows)) {
echo strtolower(trim($row['domain'])) . PHP_EOL;
}
$stmt = $pdo->query("SELECT `alias_domain` FROM `alias_domain`");
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while ($row = array_shift($rows)) {
echo strtolower(trim($row['alias_domain'])) . PHP_EOL;
}
?>

224
data/conf/rspamd/dynmaps/settings.php Normal file
View File

@@ -0,0 +1,224 @@
<?php
/*
The match section performs AND operation on different matches: for example, if you have from and rcpt in the same rule,
then the rule matches only when from AND rcpt match. For similar matches, the OR rule applies: if you have multiple rcpt matches,
then any of these will trigger the rule. If a rule is triggered then no more rules are matched.
*/
ini_set('error_reporting', '0');
header('Content-Type: text/plain');
require_once "vars.inc.php";
$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
$opt = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$pdo = new PDO($dsn, $database_user, $database_pass, $opt);
?>
settings {
<?php
$stmt = $pdo->query("SELECT DISTINCT `object` FROM `filterconf` WHERE `option` = 'highspamlevel' OR `option` = 'lowspamlevel'");
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while ($row = array_shift($rows)) {
$username_sane = preg_replace("/[^a-zA-Z0-9]+/", "", $row['object']);
?>
score_<?=$username_sane;?> {
priority = low;
<?php
$stmt = $pdo->prepare("SELECT `option`, `value` FROM `filterconf`
WHERE (`option` = 'highspamlevel' OR `option` = 'lowspamlevel')
AND `object`= :object");
$stmt->execute(array(':object' => $row['object']));
$spamscore = $stmt->fetchAll(PDO::FETCH_COLUMN|PDO::FETCH_GROUP);
$stmt = $pdo->prepare("SELECT GROUP_CONCAT(REPLACE(`value`, '*', '.*') SEPARATOR '|') AS `value` FROM `filterconf`
WHERE (`object`= :object OR `object`= :object_domain)
AND (`option` = 'blacklist_from' OR `option` = 'whitelist_from')");
$stmt->execute(array(':object' => $row['object'], ':object_domain' => substr(strrchr($row['object'], "@"), 1)));
$grouped_lists = $stmt->fetchAll(PDO::FETCH_COLUMN);
$value_sane = preg_replace("/\.\./", ".", (preg_replace("/\*/", ".*", $grouped_lists[0])));
?>
from = "/^((?!<?=$value_sane;?>).)*$/";
rcpt = "<?=$row['object'];?>";
<?php
$stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `goto` = :object_goto AND `address` NOT LIKE '@%' AND `address` != :object_address");
$stmt->execute(array(':object_goto' => $row['object'], ':object_address' => $row['object']));
$rows_aliases_1 = $stmt->fetchAll(PDO::FETCH_ASSOC);
while ($row_aliases_1 = array_shift($rows_aliases_1)) {
?>
rcpt = "<?=$row_aliases_1['address'];?>";
<?php
}
$stmt = $pdo->prepare("SELECT CONCAT(`local_part`, '@', `alias_domain`.`alias_domain`) AS `aliases` FROM `mailbox`
LEFT OUTER JOIN `alias_domain` on `mailbox`.`domain` = `alias_domain`.`target_domain`
WHERE `mailbox`.`username` = :object");
$stmt->execute(array(':object' => $row['object']));
$rows_aliases_2 = $stmt->fetchAll(PDO::FETCH_ASSOC);
array_filter($rows_aliases_2);
while ($row_aliases_2 = array_shift($rows_aliases_2)) {
if (!empty($row_aliases_2['aliases'])) {
?>
rcpt = "<?=$row_aliases_2['aliases'];?>";
<?php
}
}
?>
apply "default" {
actions {
reject = <?=$spamscore['highspamlevel'][0];?>;
greylist = <?=$spamscore['lowspamlevel'][0] - 1;?>;
"add header" = <?=$spamscore['lowspamlevel'][0];?>;
}
}
}
<?php
}
/*
// Start whitelist
*/
$stmt = $pdo->query("SELECT DISTINCT `object` FROM `filterconf` WHERE `option` = 'whitelist_from'");
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while ($row = array_shift($rows)) {
$username_sane = preg_replace("/[^a-zA-Z0-9]+/", "", $row['object']);
?>
whitelist_<?=$username_sane;?> {
<?php
$stmt = $pdo->prepare("SELECT GROUP_CONCAT(REPLACE(`value`, '*', '.*') SEPARATOR '|') AS `value` FROM `filterconf`
WHERE `object`= :object
AND `option` = 'whitelist_from'");
$stmt->execute(array(':object' => $row['object']));
$grouped_lists = $stmt->fetchAll(PDO::FETCH_COLUMN);
$value_sane = preg_replace("/\.\./", ".", (preg_replace("/\*/", ".*", $grouped_lists[0])));
?>
from = "/(<?=$value_sane;?>)/";
<?php
if (!filter_var(trim($row['object']), FILTER_VALIDATE_EMAIL)) {
?>
priority = medium;
rcpt = "/.*@<?=$row['object'];?>/";
<?php
$stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain`
WHERE `target_domain` = :object");
$stmt->execute(array(':object' => $row['object']));
$rows_domain_aliases = $stmt->fetchAll(PDO::FETCH_ASSOC);
array_filter($rows_domain_aliases);
while ($row_domain_aliases = array_shift($rows_domain_aliases)) {
?>
rcpt = "/.*@<?=$row_domain_aliases['alias_domain'];?>/";
<?php
}
}
else {
?>
priority = high;
rcpt = "<?=$row['object'];?>";
<?php
}
$stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `goto` = :object_goto AND `address` NOT LIKE '@%' AND `address` != :object_address");
$stmt->execute(array(':object_goto' => $row['object'], ':object_address' => $row['object']));
$rows_aliases_wl_1 = $stmt->fetchAll(PDO::FETCH_ASSOC);
array_filter($rows_aliases_wl_1);
while ($row_aliases_wl_1 = array_shift($rows_aliases_wl_1)) {
?>
rcpt = "<?=$row_aliases_wl_1['address'];?>";
<?php
}
$stmt = $pdo->prepare("SELECT CONCAT(`local_part`, '@', `alias_domain`.`alias_domain`) AS `aliases` FROM `mailbox`
LEFT OUTER JOIN `alias_domain` on `mailbox`.`domain` = `alias_domain`.`target_domain`
WHERE `mailbox`.`username` = :object");
$stmt->execute(array(':object' => $row['object']));
$rows_aliases_wl_2 = $stmt->fetchAll(PDO::FETCH_ASSOC);
array_filter($rows_aliases_wl_2);
while ($row_aliases_wl_2 = array_shift($rows_aliases_wl_2)) {
if (!empty($row_aliases_wl_2['aliases'])) {
?>
rcpt = "<?=$row_aliases_wl_2['aliases'];?>";
<?php
}
}
?>
apply "default" {
MAILCOW_MOO = -999.0;
}
}
<?php
}
/*
// Start blacklist
*/
$stmt = $pdo->query("SELECT DISTINCT `object` FROM `filterconf` WHERE `option` = 'blacklist_from'");
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while ($row = array_shift($rows)) {
$username_sane = preg_replace("/[^a-zA-Z0-9]+/", "", $row['object']);
?>
blacklist_<?=$username_sane;?> {
<?php
$stmt = $pdo->prepare("SELECT GROUP_CONCAT(REPLACE(`value`, '*', '.*') SEPARATOR '|') AS `value` FROM `filterconf`
WHERE `object`= :object
AND `option` = 'blacklist_from'");
$stmt->execute(array(':object' => $row['object']));
$grouped_lists = $stmt->fetchAll(PDO::FETCH_COLUMN);
$value_sane = preg_replace("/\.\./", ".", (preg_replace("/\*/", ".*", $grouped_lists[0])));
?>
from = "/(<?=$value_sane;?>)/";
<?php
if (!filter_var(trim($row['object']), FILTER_VALIDATE_EMAIL)) {
?>
priority = medium;
rcpt = "/.*@<?=$row['object'];?>/";
<?php
$stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain`
WHERE `target_domain` = :object");
$stmt->execute(array(':object' => $row['object']));
$rows_domain_aliases = $stmt->fetchAll(PDO::FETCH_ASSOC);
array_filter($rows_domain_aliases);
while ($row_domain_aliases = array_shift($rows_domain_aliases)) {
?>
rcpt = "/.*@<?=$row_domain_aliases['alias_domain'];?>/";
<?php
}
}
else {
?>
priority = high;
rcpt = "<?=$row['object'];?>";
<?php
}
$stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `goto` = :object_goto AND `address` NOT LIKE '@%' AND `address` != :object_address");
$stmt->execute(array(':object_goto' => $row['object'], ':object_address' => $row['object']));
$rows_aliases_bl_1 = $stmt->fetchAll(PDO::FETCH_ASSOC);
array_filter($rows_aliases_bl_1);
while ($row_aliases_bl_1 = array_shift($rows_aliases_bl_1)) {
?>
rcpt = "<?=$row_aliases_bl_1['address'];?>";
<?php
}
$stmt = $pdo->prepare("SELECT CONCAT(`local_part`, '@', `alias_domain`.`alias_domain`) AS `aliases` FROM `mailbox`
LEFT OUTER JOIN `alias_domain` on `mailbox`.`domain` = `alias_domain`.`target_domain`
WHERE `mailbox`.`username` = :object");
$stmt->execute(array(':object' => $row['object']));
$rows_aliases_bl_2 = $stmt->fetchAll(PDO::FETCH_ASSOC);
array_filter($rows_aliases_bl_2);
while ($row_aliases_bl_2 = array_shift($rows_aliases_bl_2)) {
if (!empty($row_aliases_bl_2['aliases'])) {
?>
rcpt = "<?=$row_aliases_bl_2['aliases'];?>";
<?php
}
}
?>
apply "default" {
MAILCOW_MOO = 999.0;
}
}
<?php
}
?>
}

22
data/conf/rspamd/dynmaps/tags.php Normal file
View File

@@ -0,0 +1,22 @@
<?php
ini_set('error_reporting', 0);
header('Content-Type: text/plain');
require_once "vars.inc.php";
$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
$opt = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$pdo = new PDO($dsn, $database_user, $database_pass, $opt);
$stmt = $pdo->query("SELECT `username` FROM `mailbox` WHERE `wants_tagged_subject` = '1'");
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while ($row = array_shift($rows)) {
echo strtolower(trim($row['username'])) . PHP_EOL;
}
$stmt = $pdo->query("SELECT CONCAT(mailbox.local_part, '@', alias_domain.alias_domain) as `tag_ad` FROM `mailbox` INNER JOIN `alias_domain` ON mailbox.domain = alias_domain.target_domain WHERE mailbox.wants_tagged_subject='1';");
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while ($row = array_shift($rows)) {
echo strtolower(trim($row['tag_ad'])) . PHP_EOL;
}
?>

1
data/conf/rspamd/dynmaps/vars.inc.php Symbolic link
View File

@@ -0,0 +1 @@
../../../web/inc/vars.inc.php

34
data/conf/rspamd/local.d/dkim.conf Normal file
View File

@@ -0,0 +1,34 @@
sign_condition =<<EOD
return function(task)
local smtp_from = task:get_from('smtp')
local mime_from = task:get_from('mime')
local rspamd_logger = require "rspamd_logger"
if smtp_from[1]['domain'] ~= nil and smtp_from[1]['domain'] ~= '' then
domain = smtp_from[1]['domain']
rspamd_logger.infox(task, "set domain found in smtp from field to %s", domain)
if not task:get_user() then
rspamd_logger.infox(task, "found domain in smtp header field, but user is not authenticated - skipped")
return false
end
elseif mime_from[1]['domain'] ~= nil and mime_from[1]['domain'] ~= '' then
domain = mime_from[1]['domain']
rspamd_logger.infox(task, "set domain found in mime from field to %s", domain)
else
rspamd_logger.infox(task, "cannot determine domain for dkim signing")
return false
end
local keyfile = io.open("/data/dkim/keys/" .. domain .. ".dkim")
if keyfile then
rspamd_logger.infox(task, "found dkim key file for domain %s", domain)
keyfile:close()
return {
key = "/data/dkim/keys/" .. domain .. ".dkim",
domain = domain,
selector = "dkim"
}
else
rspamd_logger.infox(task, "no key file for domain %s - skipped", domain)
end
return false
end
EOD;

19
data/conf/rspamd/local.d/metrics.conf Normal file
View File

@@ -0,0 +1,19 @@
actions {
reject = 15;
add_header = 5;
greylist = 4;
}
symbol "MAILCOW_AUTH" {
description = "mailcow authenticated";
score = -20.0;
}
group "bayes" {
symbol "BAYES_SPAM" {
weight = 7.5;
description = "Message probably spam, probability: ";
}
symbol "BAYES_HAM" {
weight = -2.5;
description = "Message probably ham, probability: ";
}
}

3
data/conf/rspamd/local.d/options.inc Normal file
View File

@@ -0,0 +1,3 @@
dns {
enable_dnssec = true;
}

1
data/conf/rspamd/local.d/redis.conf Normal file
View File

@@ -0,0 +1 @@
servers = "redis:6379";

1
data/conf/rspamd/local.d/rspamd.conf.local Normal file
View File

@@ -0,0 +1 @@
# rspamd.conf.local

59
data/conf/rspamd/local.d/statistic.conf Normal file
View File

@@ -0,0 +1,59 @@
classifier "bayes" {
tokenizer {
name = "osb";
}
backend = "redis";
servers = "redis:6379";
min_tokens = 11;
min_learns = 20;
autolearn = true;
per_user = <<EOD
return function(task)
local rcpt = task:get_recipients(1)
if rcpt then
one_rcpt = rcpt[1]
if one_rcpt['domain'] then
return one_rcpt['domain']
end
end
return nil
end
EOD
statfile {
symbol = "BAYES_HAM";
spam = false;
}
statfile {
symbol = "BAYES_SPAM";
spam = true;
}
learn_condition =<<EOD
return function(task, is_spam, is_unlearn)
local prob = task:get_mempool():get_variable('bayes_prob', 'double')
if prob then
local in_class = false
local cl
if is_spam then
cl = 'spam'
in_class = prob >= 0.95
else
cl = 'ham'
in_class = prob <= 0.05
end
if in_class then
return false,string.format('already in class %s; probability %.2f%%',
cl, math.abs((prob - 0.5) * 200.0))
end
end
return true
end
EOD
}

75
data/conf/rspamd/lua/rspamd.local.lua Normal file
View File

@@ -0,0 +1,75 @@
rspamd_config.MAILCOW_AUTH = {
callback = function(task)
local uname = task:get_user()
if uname then
return 1
end
end
}
rspamd_config.MAILCOW_MOO = function (task)
return true
end
local modify_subject_map = rspamd_config:add_map({
url = 'http://nginx:8081/tags.php',
type = 'map',
description = 'Map of users to use subject tags for'
})
local auth_domain_map = rspamd_config:add_map({
url = 'http://nginx:8081/authoritative.php',
type = 'map',
description = 'Map of domains we are authoritative for'
})
rspamd_config.ADD_DELIMITER_TAG = {
callback = function(task)
local util = require("rspamd_util")
local rspamd_logger = require "rspamd_logger"
local user_env_tagged = task:get_recipients(1)[1]['user']
local user_to_tagged = task:get_recipients(2)[1]['user']
local domain = task:get_recipients(1)[1]['domain']
local user_env, tag_env = user_env_tagged:match("([^+]+)+(.*)")
local user_to, tag_to = user_to_tagged:match("([^+]+)+(.*)")
local authdomain = auth_domain_map:get_key(domain)
if tag_env then
tag = tag_env
user = user_env
elseif tag_to then
tag = tag_to
user = user_env
end
if tag and authdomain then
rspamd_logger.infox("Domain %s is part of mailcow, start reading tag settings", domain)
local user_untagged = user .. '@' .. domain
rspamd_logger.infox("Querying tag settings for user %1", user_untagged)
if modify_subject_map:get_key(user_untagged) then
rspamd_logger.infox("User wants subject modified for tagged mail")
local sbj = task:get_header('Subject')
if tag then
rspamd_logger.infox("Found tag %1, will modify subject header", tag)
new_sbj = '=?UTF-8?B?' .. tostring(util.encode_base64('[' .. tag .. '] ' .. sbj)) .. '?='
task:set_rmilter_reply({
remove_headers = {['Subject'] = 1},
add_headers = {['Subject'] = new_sbj}
})
end
else
rspamd_logger.infox("Add X-Moo-Tag header")
task:set_rmilter_reply({
add_headers = {['X-Moo-Tag'] = 'YES'}
})
end
else
rspamd_logger.infox("Skip delimiter handling for untagged message or authenticated user")
end
return false
end
}

3
data/conf/rspamd/override.d/logging.inc Normal file
View File

@@ -0,0 +1,3 @@
type = "console";
systemd = false;
.include "$CONFDIR/logging.inc"

7
data/conf/rspamd/override.d/worker-controller.inc Normal file
View File

@@ -0,0 +1,7 @@
bind_socket = "*:11334";
enable_password = "$2$pppq86q9uns51zd5ekfxecj7bxwaefo3$p7f9xdhamydjhtypcr639it3kqeiknx3dk9on7skjypyi8uwwcmy";
secure_ip = "192.168.0.0/16";
secure_ip = "172.16.0.0/12";
secure_ip = "10.0.0.0/8";
secure_ip = "127.0.0.1";
secure_ip = "::1";

1
data/conf/rspamd/override.d/worker-normal.inc Normal file
View File

@@ -0,0 +1 @@
bind_socket = "*:11333";

76
data/conf/sogo/sogo.conf Normal file
View File

@@ -0,0 +1,76 @@
{
SOGoCalendarDefaultRoles = (
PublicViewer,
ConfidentialDAndTViewer,
PrivateDAndTViewer
);
WOWorkersCount = "20";
SOGoACLsSendEMailNotifications = YES;
SOGoAppointmentSendEMailNotifications = YES;
SOGoDraftsFolderName = "Drafts";
SOGoJunkFolderName= "Junk";
SOGoMailDomain = "sogo.local";
SOGoEnableEMailAlarms = NO;
SOGoFoldersSendEMailNotifications = YES;
SOGoForwardEnabled = YES;
// Multi-domain setup
// Domains are isolated, you can define visibility options here.
// Example:
// SOGoDomainsVisibility = (
// (domain1.tld, domain5.tld),
// (domain3.tld, domain2.tld)
// );
SOGoIMAPServer = "imap://dovecot:143/?tls=YES";
SOGoSieveServer = "sieve://dovecot:4190/?tls=YES";
SOGoSMTPServer = "postfix:588";
WOPort = "0.0.0.0:20000";
SOGoMemcachedHost = "memcached";
SOGoLanguage = English;
SOGoMailAuxiliaryUserAccountsEnabled = YES;
SOGoMailCustomFromEnabled = YES;
SOGoMailingMechanism = smtp;
SOGoSMTPAuthenticationType = plain;
SxVMemLimit = 512;
SOGoMaximumPingInterval = 354;
SOGoInternalSyncInterval = 30;
SOGoMaximumSyncInterval = 354;
SOGoMaximumSyncWindowSize = 0;
SOGoMaximumSyncResponseSize = 1024;
WOWatchDogRequestTimeout = 10;
WOListenQueueSize = 300;
WONoDetach = YES;
SOGoIMAPAclConformsToIMAPExt = Yes;
SOGoPageTitle = "SOGo Groupware";
SOGoFirstDayOfWeek = "1";
SOGoSieveFolderEncoding = "UTF-8";
SOGoPasswordChangeEnabled = NO;
SOGoSentFolderName = "Sent";
SOGoMailShowSubscribedFoldersOnly = NO;
NGImap4ConnectionStringSeparator = "/";
SOGoSieveScriptsEnabled = YES;
SOGoTrashFolderName = "Trash";
SOGoVacationEnabled = YES;
MySQL4Encoding = "utf8mb4";
//SOGoDebugRequests = YES;
//SoDebugBaseURL = YES;
//ImapDebugEnabled = YES;
//SOGoEASDebugEnabled = YES;
//LDAPDebugEnabled = YES;
//PGDebugEnabled = YES;
//MySQL4DebugEnabled = YES;
//SOGoUIxDebugEnabled = YES;
//WODontZipResponse = YES;
}