make it configurable

main
Florent Daigniere 2 years ago
parent b70be29403
commit 44c064ff38

@ -100,6 +100,12 @@ by setting ``INBOUND_TLS_ENFORCE`` to ``True``. Please note that this is forbidd
internet facing hosts according to e.g. `RFC 3207`_ , because this prevents MTAs without STARTTLS internet facing hosts according to e.g. `RFC 3207`_ , because this prevents MTAs without STARTTLS
support or e.g. mismatching TLS versions to deliver emails to Mailu. support or e.g. mismatching TLS versions to deliver emails to Mailu.
The ``SCAN_MACROS`` (default: True) setting controls whether Mailu will endavour
to reject emails containing documents with malicious macros. Under the hood, it uses
`mraptor from oletools`_ to determine whether a macro is malicious or not.
.. _`mraptor from oletools`: https://github.com/decalage2/oletools/wiki/mraptor
.. _`RFC 3207`: https://tools.ietf.org/html/rfc3207 .. _`RFC 3207`: https://tools.ietf.org/html/rfc3207
.. _fetchmail: .. _fetchmail:

@ -103,6 +103,7 @@ services:
- {{ dns }} - {{ dns }}
{% endif %} {% endif %}
{% if oletools_enabled %}
oletools: oletools:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-{{ version }}} image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-{{ version }}}
hostname: oletools hostname: oletools
@ -115,21 +116,26 @@ services:
dns: dns:
- {{ dns }} - {{ dns }}
{% endif %} {% endif %}
{% endif %}
antispam: antispam:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-{{ version }}} image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-{{ version }}}
hostname: antispam hostname: antispam
restart: always restart: always
env_file: {{ env }} env_file: {{ env }}
{% if oletools_enabled %}
networks: networks:
- default - default
- noinet - noinet
{% endif %}
volumes: volumes:
- "{{ root }}/filter:/var/lib/rspamd" - "{{ root }}/filter:/var/lib/rspamd"
- "{{ root }}/overrides/rspamd:/etc/rspamd/override.d:ro" - "{{ root }}/overrides/rspamd:/etc/rspamd/override.d:ro"
depends_on: depends_on:
- front - front
{% if oletools_enabled %}
- oletools - oletools
{% endif %}
- redis - redis
{% if resolver_enabled %} {% if resolver_enabled %}
- resolver - resolver
@ -217,6 +223,8 @@ networks:
{% if ipv6_enabled %} {% if ipv6_enabled %}
- subnet: {{ subnet6 }} - subnet: {{ subnet6 }}
{% endif %} {% endif %}
{% if oletools_enabled %}
noinet: noinet:
driver: bridge driver: bridge
internal: true internal: true
{% endif %}

@ -58,6 +58,9 @@ WEBDAV={{ webdav_enabled or 'none' }}
# Antivirus solution (value: clamav, none) # Antivirus solution (value: clamav, none)
ANTIVIRUS={{ antivirus_enabled or 'none' }} ANTIVIRUS={{ antivirus_enabled or 'none' }}
# Scan Macros solution (value: true, false)
SCAN_MACROS={{ oletools_enabled or 'false' }}
################################### ###################################
# Mail settings # Mail settings
################################### ###################################

@ -55,6 +55,15 @@ the security implications caused by such an increase of attack surface.<p>
<i>Fetchmail allows users to retrieve mail from an external mail-server via IMAP/POP3 and puts it in their inbox.</i> <i>Fetchmail allows users to retrieve mail from an external mail-server via IMAP/POP3 and puts it in their inbox.</i>
</div> </div>
<div class="form-check form-check-inline">
<label class="form-check-label">
<input class="form-check-input" type="checkbox" name="oletools_enabled" value="true" checked>
Enable oletools
</label>
<i>Oletools scans documents in email attachements for malicious macros. It has a much lower memory footprint than a full-fledged anti-virus.</i>
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
<script type="text/javascript" src="{{ url_for('static', filename='render.js') }}"></script> <script type="text/javascript" src="{{ url_for('static', filename='render.js') }}"></script>

Loading…
Cancel
Save