70 Commits (main)

Author SHA1 Message Date
Dimitri Huisman 45177bd25a
bring back removed blank lines 2 years ago
Dimitri Huisman 7ce28bd6e9
Fix some small errors 2 years ago
Dimitri Huisman 8861ce6edb
Change rspamd override system to use include with lowest priority.
All override files are used as if they were placed in the rspamd
local.d folder.

From the newsfragment:
New override system for Rspamd. In the old system, all files were placed in the Rspamd overrides folder.
These overrides would override everything, including the Mailu Rspamd config.

Now overrides are placed in /overrides.
If you use your own map files, change the location to /override/myMapFile.map in the corresponding conf file.
It works as following.
* If the override file overrides a Mailu defined config file,
  it will be included in the Mailu config file with lowest priority.
  It will merge with existing sections.
* If the override file does not override a Mailu defined config file,
  then the file will be placed in the rspamd local.d folder.
  It will merge with existing sections.

For more information, see the description of the local.d folder on the rspamd website:
https://www.rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
2 years ago
Florent Daigniere ae7061c561 Doh 2 years ago
Florent Daigniere e326393f03 fix ooo 2 years ago
Florent Daigniere 36623188b5 Don't apply antispoof rules on locally generated emails 2 years ago
Alexander Graf 10562233ca
Add SUBNET6 to places where SUBNET is used 2 years ago
Florent Daigniere 9d555b0eec Don't expose any port (suggestion from ghost) 2 years ago
Florent Daigniere ef123f1b53 doh 2 years ago
Florent Daigniere 6241fbeb78 actually make it optional 2 years ago
Florent Daigniere cea533ae57 Merge remote-tracking branch 'upstream/master' into oletools 2 years ago
Florent Daigniere 77d770a2d2 doh 2 years ago
Florent Daigniere 4e3874b0c1 Enable dynamic resolution of hostnames 2 years ago
Florent Daigniere 4c3c628ca4 dedup 2 years ago
Florent Daigniere f1e5044dbe Add to the list, sort it 2 years ago
Florent Daigniere 02f2679dc4 name collision 2 years ago
Florent Daigniere b08d940d09 See https://github.com/decalage2/oletools/issues/659 2 years ago
Florent Daigniere a8061f3ed3 doh 2 years ago
Florent Daigniere 612db96209 Block executable file extensions (closes #2511) 2 years ago
Florent Daigniere 709023ab5a dimitri said "block it"
So let's block any macro with AUTOEXEC
2 years ago
Florent Daigniere 3bdc57adbc Forgot this 2 years ago
Florent Daigniere e43effab63 Glad there is a test 2 years ago
Florent Daigniere d793c5eed8 Dup symbol 2 years ago
Florent Daigniere 7e1ab7978e Block VBA Stomping too 2 years ago
Florent Daigniere 3e45a791cf Implement oletools to filter out bad macros 2 years ago
Florent Daigniere f994c8687e doh 2 years ago
Florent Daigniere e3b875aa6b Well, -i stands for --insecure 2 years ago
bors[bot] 0839490beb
Merge #2479
2479: Rework the anti-spoofing rule r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

We shouldn't assume that Mailu is the only MTA allowed to send emails on behalf of the domains it hosts.
We should also ensure that it's non-trivial for email-spoofing of hosted domains to happen

Previously we were preventing any spoofing of the envelope from; Now we are preventing spoofing of both the envelope from and the header from unless some form of authentication passes (is a RELAYHOST, SPF, DKIM, ARC)

### Related issue(s)
- close #2475

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago
Florent Daigniere ec4224123b Use the logger 2 years ago
Florent Daigniere 89f7d983b4 Don't start rspamd until admin is up and working 2 years ago
Florent Daigniere d8cf0c3848 Revert "Admin may not have started up when this loads"
This reverts commit 0f17299b4e.
2 years ago
Florent Daigniere 0f17299b4e Admin may not have started up when this loads 2 years ago
Florent Daigniere 95a3a3d342 doh 2 years ago
Florent Daigniere bd1b73032c Poke a hole for mailing lists 2 years ago
Florent Daigniere c4fcaed7d4 doh 2 years ago
Florent Daigniere 8929f54de5 clarify
Also cover the case where the DKIM sig is for another domain and there
is no explicit DMARC policy
2 years ago
Florent Daigniere 8da6117bb9 clarify 2 years ago
Florent Daigniere af87456faf this works for me 2 years ago
Florent Daigniere be4dd6d84a Spell it out 2 years ago
Florent Daigniere f7b3aad831 Ensure we REJECT when we don't have a DMARC policy
This restores the old behaviour
2 years ago
Florent Daigniere 8775a2bf04 untested code that may just work 2 years ago
Alexander Graf 146921f619
Move curl to base image 2 years ago
Alexander Graf 4c1071a497
Move all requirements*.txt to base image 2 years ago
Alexander Graf a29f066858
Move even more python deps to base image 2 years ago
Alexander Graf 9fe452e3d1
Use base image when building core images 2 years ago
Florent Daigniere 5d09390147 enable rspamd's autolearn feature 2 years ago
Vincent Kling bab3f0f5a4 Remove POD_ADDRESS_RANGE 2 years ago
Dimitri Huisman d19208d3d1 Merge branch 'master' of github.com:Mailu/Mailu into feature-switch-snappymail 2 years ago
henniaufmrenni 8eb8cb1f48 Update deprecated rspamd config option
This gets rid of the following error message:
lua; antivirus.lua:109: CLAM_VIRUS [clamav]: Using attachments_only is deprecated. Please use scan_mime_parts = true instead

As per the rspamd documentation https://rspamd.com/doc/modules/antivirus.html
attachments_only = true; # Before 1.8.1
scan_mime_parts = true; # After 1.8.1

The currently used version is rspamd 3.1.
3 years ago
Dimitri Huisman 9519d07ba2 Switch from RainLoop to SnappyMail 3 years ago