No OneTemporary
Actions

Size

14 KB

Referenced Files

None

订阅者

None

View Options

	diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
	index be3fff60..8ef09dba 100755
	--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
	+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
	@@ -1,52 +1,54 @@
	#!/bin/bash
	set -e

	# Hard-code env vars to imapsync due to cron not passing them to the perl script
	sed -i "/^\$DBUSER/c\\\$DBUSER='${DBUSER}';" /usr/local/bin/imapsync_cron.pl
	sed -i "/^\$DBPASS/c\\\$DBPASS='${DBPASS}';" /usr/local/bin/imapsync_cron.pl
	sed -i "/^\$DBNAME/c\\\$DBNAME='${DBNAME}';" /usr/local/bin/imapsync_cron.pl

	+[[ ! -d /etc/dovecot/sql/ ]] && mkdir -p /etc/dovecot/sql/
	+
	# Set Dovecot sql config parameters, escape " in db password
	DBPASS=$(echo ${DBPASS} \| sed 's/"/\\"/g')

	cat <<EOF > /etc/dovecot/sql/dovecot-dict-sql.conf
	connect = "host=mysql dbname=${DBNAME} user=${DBNAME} password=${DBPASS}"
	map {
	pattern = priv/quota/storage
	table = quota2
	username_field = username
	value_field = bytes
	}
	map {
	pattern = priv/quota/messages
	table = quota2
	username_field = username
	value_field = messages
	}
	EOF

	cat <<EOF > /etc/dovecot/sql/dovecot-mysql.conf
	driver = mysql
	connect = "host=mysql dbname=${DBNAME} user=${DBNAME} password=${DBPASS}"
	default_pass_scheme = SSHA256
	password_query = SELECT password FROM mailbox WHERE username = '%u' AND domain IN (SELECT domain FROM domain WHERE domain='%d' AND active='1')
	user_query = SELECT CONCAT('maildir:/var/vmail/',maildir) AS mail, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'
	iterate_query = SELECT username FROM mailbox WHERE active='1';
	EOF

	[[ ! -d /var/vmail/sieve ]] && mkdir -p /var/vmail/sieve
	[[ ! -d /etc/sogo ]] && mkdir -p /etc/sogo
	cat /etc/dovecot/sieve_after > /var/vmail/sieve/global.sieve
	sievec /var/vmail/sieve/global.sieve
	chown -R vmail:vmail /var/vmail/sieve

	# Do not do this every start-up, it may take a very long time. So we use a stat check here.
	if [[ $(stat -c %U /var/vmail/) != "vmail" ]] ; then chown -R vmail:vmail /var/vmail ; fi

	# Create random master for SOGo sieve features
	RAND_USER=$(cat /dev/urandom \| tr -dc 'a-z0-9' \| fold -w 16 \| head -n 1)
	RAND_PASS=$(cat /dev/urandom \| tr -dc 'a-z0-9' \| fold -w 24 \| head -n 1)
	echo ${RAND_USER}:$(doveadm pw -s SHA1 -p ${RAND_PASS}) > /etc/dovecot/dovecot-master.passwd
	echo ${RAND_USER}:${RAND_PASS} > /etc/sogo/sieve.creds

	exec "$@"
	diff --git a/data/conf/dovecot/sql/dovecot-dict-sql.conf b/data/conf/dovecot/sql/dovecot-dict-sql.conf
	deleted file mode 100644
	index 0271326e..00000000
	--- a/data/conf/dovecot/sql/dovecot-dict-sql.conf
	+++ /dev/null
	@@ -1,15 +0,0 @@
	-connect = "host=mysql dbname=mailcow user=mailcow password=mysafepasswd"
	-
	-map {
	- pattern = priv/quota/storage
	- table = quota2
	- username_field = username
	- value_field = bytes
	-}
	-map {
	- pattern = priv/quota/messages
	- table = quota2
	- username_field = username
	- value_field = messages
	-}
	-
	diff --git a/data/conf/dovecot/sql/dovecot-mysql.conf b/data/conf/dovecot/sql/dovecot-mysql.conf
	deleted file mode 100644
	index edf5ca6c..00000000
	--- a/data/conf/dovecot/sql/dovecot-mysql.conf
	+++ /dev/null
	@@ -1,6 +0,0 @@
	-driver = mysql
	-connect = "host=mysql dbname=mailcow user=mailcow password=mysafepasswd"
	-default_pass_scheme = SSHA256
	-password_query = SELECT password FROM mailbox WHERE username = '%u' AND domain IN (SELECT domain FROM domain WHERE domain='%d' AND active='1')
	-user_query = SELECT CONCAT('maildir:/var/vmail/',maildir) AS mail, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'
	-iterate_query = SELECT username FROM mailbox WHERE active='1';
	diff --git a/data/conf/postfix/sql/mysql_relay_recipient_maps.cf b/data/conf/postfix/sql/mysql_relay_recipient_maps.cf
	deleted file mode 100644
	index 9eb7b159..00000000
	--- a/data/conf/postfix/sql/mysql_relay_recipient_maps.cf
	+++ /dev/null
	@@ -1,5 +0,0 @@
	-user = mailcow
	-password = mysafepasswd
	-hosts = mysql
	-dbname = mailcow
	-query = SELECT DISTINCT CASE WHEN '%d' IN (SELECT domain FROM domain WHERE relay_all_recipients=1 AND domain='%d' AND backupmx=1) THEN '%s' ELSE (SELECT goto FROM alias WHERE address='%s' AND active='1') END AS result;
	diff --git a/data/conf/postfix/sql/mysql_tls_enforce_in_policy.cf b/data/conf/postfix/sql/mysql_tls_enforce_in_policy.cf
	deleted file mode 100644
	index de40b580..00000000
	--- a/data/conf/postfix/sql/mysql_tls_enforce_in_policy.cf
	+++ /dev/null
	@@ -1,5 +0,0 @@
	-user = mailcow
	-password = mysafepasswd
	-hosts = mysql
	-dbname = mailcow
	-query = SELECT IF( EXISTS( SELECT 'TLS_ACTIVE' FROM alias LEFT OUTER JOIN mailbox ON mailbox.username = alias.address WHERE (address='%s' OR address IN (SELECT CONCAT('%u', '@', target_domain) FROM alias_domain WHERE alias_domain='%d')) AND mailbox.tls_enforce_in = '1' AND mailbox.active = '1'), 'reject_plaintext_session', 'DUNNO') AS 'tls_enforce_in';
	diff --git a/data/conf/postfix/sql/mysql_tls_enforce_out_policy.cf b/data/conf/postfix/sql/mysql_tls_enforce_out_policy.cf
	deleted file mode 100644
	index 34d61331..00000000
	--- a/data/conf/postfix/sql/mysql_tls_enforce_out_policy.cf
	+++ /dev/null
	@@ -1,5 +0,0 @@
	-user = mailcow
	-password = mysafepasswd
	-hosts = mysql
	-dbname = mailcow
	-query = SELECT IF( EXISTS( SELECT 'TLS_ACTIVE' FROM alias LEFT OUTER JOIN mailbox ON mailbox.username = alias.address WHERE (address='%s' OR address IN (SELECT CONCAT('%u', '@', target_domain) FROM alias_domain WHERE alias_domain='%d')) AND mailbox.tls_enforce_out = '1' AND mailbox.active = '1'), 'smtp_enforced_tls:', 'DUNNO') AS 'tls_enforce_out';
	diff --git a/data/conf/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf b/data/conf/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
	deleted file mode 100644
	index 484a0eac..00000000
	--- a/data/conf/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
	+++ /dev/null
	@@ -1,6 +0,0 @@
	-user = mailcow
	-password = mysafepasswd
	-hosts = mysql
	-dbname = mailcow
	-query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
	-
	diff --git a/data/conf/postfix/sql/mysql_virtual_alias_domain_maps.cf b/data/conf/postfix/sql/mysql_virtual_alias_domain_maps.cf
	deleted file mode 100644
	index 0ead5905..00000000
	--- a/data/conf/postfix/sql/mysql_virtual_alias_domain_maps.cf
	+++ /dev/null
	@@ -1,5 +0,0 @@
	-user = mailcow
	-password = mysafepasswd
	-hosts = mysql
	-dbname = mailcow
	-query = SELECT username FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'
	diff --git a/data/conf/postfix/sql/mysql_virtual_alias_maps.cf b/data/conf/postfix/sql/mysql_virtual_alias_maps.cf
	deleted file mode 100644
	index a72c8bd8..00000000
	--- a/data/conf/postfix/sql/mysql_virtual_alias_maps.cf
	+++ /dev/null
	@@ -1,5 +0,0 @@
	-user = mailcow
	-password = mysafepasswd
	-hosts = mysql
	-dbname = mailcow
	-query = SELECT goto FROM alias WHERE address='%s' AND active='1';
	diff --git a/data/conf/postfix/sql/mysql_virtual_domains_maps.cf b/data/conf/postfix/sql/mysql_virtual_domains_maps.cf
	deleted file mode 100644
	index 22e00938..00000000
	--- a/data/conf/postfix/sql/mysql_virtual_domains_maps.cf
	+++ /dev/null
	@@ -1,5 +0,0 @@
	-user = mailcow
	-password = mysafepasswd
	-hosts = mysql
	-dbname = mailcow
	-query = SELECT alias_domain from alias_domain WHERE alias_domain='%s' AND active='1' UNION SELECT domain FROM domain WHERE domain='%s' AND active = '1' AND backupmx = '0'
	diff --git a/data/conf/postfix/sql/mysql_virtual_mailbox_maps.cf b/data/conf/postfix/sql/mysql_virtual_mailbox_maps.cf
	deleted file mode 100644
	index bf07cdb2..00000000
	--- a/data/conf/postfix/sql/mysql_virtual_mailbox_maps.cf
	+++ /dev/null
	@@ -1,5 +0,0 @@
	-user = mailcow
	-password = mysafepasswd
	-hosts = mysql
	-dbname = mailcow
	-query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
	diff --git a/data/conf/postfix/sql/mysql_virtual_relay_domain_maps.cf b/data/conf/postfix/sql/mysql_virtual_relay_domain_maps.cf
	deleted file mode 100644
	index 6994d02d..00000000
	--- a/data/conf/postfix/sql/mysql_virtual_relay_domain_maps.cf
	+++ /dev/null
	@@ -1,5 +0,0 @@
	-user = mailcow
	-password = mysafepasswd
	-hosts = mysql
	-dbname = mailcow
	-query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '1' AND active = '1'
	diff --git a/data/conf/postfix/sql/mysql_virtual_sender_acl.cf b/data/conf/postfix/sql/mysql_virtual_sender_acl.cf
	deleted file mode 100644
	index daf13118..00000000
	--- a/data/conf/postfix/sql/mysql_virtual_sender_acl.cf
	+++ /dev/null
	@@ -1,5 +0,0 @@
	-user = mailcow
	-password = mysafepasswd
	-hosts = mysql
	-dbname = mailcow
	-query = SELECT goto FROM alias WHERE address='%s' AND active='1' AND domain IN(SELECT domain FROM domain WHERE domain='%d' AND active='1') UNION SELECT logged_in_as FROM sender_acl WHERE send_as='@%d' OR send_as='%s' OR send_as IN ( SELECT CONCAT ('@',target_domain) FROM alias_domain WHERE alias_domain = '%d') OR send_as IN ( SELECT CONCAT ('%u','@',target_domain) FROM alias_domain WHERE alias_domain = '%d' ) AND logged_in_as NOT IN (SELECT goto FROM alias WHERE address='%s') UNION SELECT username FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' AND mailbox.username = CONCAT('%u','@',alias_domain.target_domain) AND mailbox.active ='1' AND alias_domain.active='1'
	diff --git a/data/conf/postfix/sql/mysql_virtual_spamalias_maps.cf b/data/conf/postfix/sql/mysql_virtual_spamalias_maps.cf
	deleted file mode 100644
	index ac8d78ac..00000000
	--- a/data/conf/postfix/sql/mysql_virtual_spamalias_maps.cf
	+++ /dev/null
	@@ -1,5 +0,0 @@
	-user = mailcow
	-password = mysafepasswd
	-hosts = mysql
	-dbname = mailcow
	-query = SELECT goto FROM spamalias WHERE address='%s' AND validity >= UNIX_TIMESTAMP()
	diff --git a/data/conf/rspamd/lua/rspamd.local.lua b/data/conf/rspamd/lua/rspamd.local.lua
	index 133961c0..4b037f06 100644
	--- a/data/conf/rspamd/lua/rspamd.local.lua
	+++ b/data/conf/rspamd/lua/rspamd.local.lua
	@@ -1,95 +1,101 @@
	rspamd_config.MAILCOW_AUTH = {
	callback = function(task)
	local uname = task:get_user()
	if uname then
	return 1
	end
	end
	}

	rspamd_config.MAILCOW_MOO = function (task)
	return true
	end

	modify_subject_map = rspamd_config:add_map({
	url = 'http://172.22.1.251:8081/tags.php',
	type = 'map',
	description = 'Map of users to use subject tags for'
	})

	auth_domain_map = rspamd_config:add_map({
	url = 'http://172.22.1.251:8081/authoritative.php',
	type = 'map',
	description = 'Map of domains we are authoritative for'
	})

	-rspamd_config.ADD_DELIMITER_TAG = {
	- callback = function(task)
	- local tag = nil
	- local util = require("rspamd_util")
	- local rspamd_logger = require "rspamd_logger"
	- local user_tagged = task:get_recipients(2)[1]['user']
	- local domain = task:get_recipients(1)[1]['domain']
	- local user, tag = user_tagged:match("([^+]+)+(.*)")
	- local authdomain = auth_domain_map:get_key(domain)
	+rspamd_config:register_post_filter(function(task)
	+ local tag = nil
	+ local util = require("rspamd_util")
	+ local rspamd_logger = require "rspamd_logger"
	+ local user_tagged = task:get_recipients(2)[1]['user']
	+ local domain = task:get_recipients(1)[1]['domain']
	+ local user, tag = user_tagged:match("([^+]+)+(.*)")
	+ local authdomain = auth_domain_map:get_key(domain)
	+ local action = task:get_metric_action('default')
	+ local action = task:get_metric_action('default')
	+ rspamd_logger.infox("metric action now: %s", action)

	- if tag and authdomain then
	- rspamd_logger.infox("domain: %1, tag: %2", domain, tag)
	- local user_untagged = user .. '@' .. domain
	- rspamd_logger.infox("querying tag settings for user %1", user_untagged)
	- if modify_subject_map:get_key(user_untagged) then
	- rspamd_logger.infox("found user in map for subject rewrite")
	- local sbj = task:get_header('Subject')
	- new_sbj = '=?UTF-8?B?' .. tostring(util.encode_base64('[' .. tag .. '] ' .. sbj)) .. '?='
	- task:set_rmilter_reply({
	- remove_headers = {['Subject'] = 1},
	- add_headers = {['Subject'] = new_sbj}
	- })
	- else
	- rspamd_logger.infox("add X-Moo-Tag header")
	- task:set_rmilter_reply({
	- add_headers = {['X-Moo-Tag'] = 'YES'}
	- })
	- end
	+ if action ~= 'no action' and action ~= 'greylist' then
	+ return false
	+ end
	+
	+ if tag and authdomain then
	+ rspamd_logger.infox("domain: %1, tag: %2", domain, tag)
	+ local user_untagged = user .. '@' .. domain
	+ rspamd_logger.infox("querying tag settings for user %1", user_untagged)
	+ if modify_subject_map:get_key(user_untagged) then
	+ rspamd_logger.infox("found user in map for subject rewrite")
	+ local sbj = task:get_header('Subject')
	+ new_sbj = '=?UTF-8?B?' .. tostring(util.encode_base64('[' .. tag .. '] ' .. sbj)) .. '?='
	+ task:set_rmilter_reply({
	+ remove_headers = {['Subject'] = 1},
	+ add_headers = {['Subject'] = new_sbj}
	+ })
	else
	- rspamd_logger.infox("skip delimiter handling for untagged message or authenticated user")
	+ rspamd_logger.infox("add X-Moo-Tag header")
	+ task:set_rmilter_reply({
	+ add_headers = {['X-Moo-Tag'] = 'YES'}
	+ })
	end
	- return false
	+ else
	+ rspamd_logger.infox("skip delimiter handling for untagged message or authenticated user")
	end
	-}
	+ return false
	+end)
	+

	rspamd_config.MRAPTOR = {
	callback = function(task)
	local parts = task:get_parts()
	local rspamd_logger = require "rspamd_logger"
	local rspamd_regexp = require "rspamd_regexp"

	if parts then
	for _,p in ipairs(parts) do
	local mtype,subtype = p:get_type()
	local re = rspamd_regexp.create_cached('/(office\|word\|excel)/i')
	if re:match(subtype) then
	local content = tostring(p:get_content())
	local filename = p:get_filename()

	local file = os.tmpname()
	f = io.open(file, "a+")
	f:write(content)
	f:close()

	local scan = assert(io.popen('PATH=/usr/bin:/usr/local/bin mraptor ' .. file .. '> /dev/null 2>&1; echo $?', 'r'))
	local result = scan:read('*all')
	local exit_code = string.match(result, "%d+")
	rspamd_logger.infox(exit_code)
	scan:close()

	if exit_code == "20" then
	rspamd_logger.infox("Reject dangerous macro in office file " .. filename)
	task:set_pre_result(rspamd_actions['reject'], 'Dangerous macro in office file ' .. filename)
	end

	end
	end
	end
	end
	}

File Metadata

Mime Type: text/x-diff
Expires: 9月 12 Fri, 3:00 AM (23 h, 8 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 5729
默认替代文本: (14 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions