39 Commits (7e60ba4e9818d0f81815489328b56b6a64ce99b1)

Author SHA1 Message Date
Florent Daigniere ef123f1b53 doh 2 years ago
Florent Daigniere 6241fbeb78 actually make it optional 2 years ago
Florent Daigniere cea533ae57 Merge remote-tracking branch 'upstream/master' into oletools 2 years ago
Florent Daigniere 77d770a2d2 doh 2 years ago
Florent Daigniere 4e3874b0c1 Enable dynamic resolution of hostnames 2 years ago
Florent Daigniere 4c3c628ca4 dedup 2 years ago
Florent Daigniere f1e5044dbe Add to the list, sort it 2 years ago
Florent Daigniere 02f2679dc4 name collision 2 years ago
Florent Daigniere b08d940d09 See https://github.com/decalage2/oletools/issues/659 2 years ago
Florent Daigniere a8061f3ed3 doh 2 years ago
Florent Daigniere 612db96209 Block executable file extensions (closes #2511) 2 years ago
Florent Daigniere 709023ab5a dimitri said "block it"
So let's block any macro with AUTOEXEC
2 years ago
Florent Daigniere 3bdc57adbc Forgot this 2 years ago
Florent Daigniere e43effab63 Glad there is a test 2 years ago
Florent Daigniere d793c5eed8 Dup symbol 2 years ago
Florent Daigniere 7e1ab7978e Block VBA Stomping too 2 years ago
Florent Daigniere 3e45a791cf Implement oletools to filter out bad macros 2 years ago
bors[bot] 0839490beb
Merge #2479
2479: Rework the anti-spoofing rule r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

We shouldn't assume that Mailu is the only MTA allowed to send emails on behalf of the domains it hosts.
We should also ensure that it's non-trivial for email-spoofing of hosted domains to happen

Previously we were preventing any spoofing of the envelope from; Now we are preventing spoofing of both the envelope from and the header from unless some form of authentication passes (is a RELAYHOST, SPF, DKIM, ARC)

### Related issue(s)
- close #2475

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago
Florent Daigniere d8cf0c3848 Revert "Admin may not have started up when this loads"
This reverts commit 0f17299b4e.
2 years ago
Florent Daigniere 0f17299b4e Admin may not have started up when this loads 2 years ago
Florent Daigniere 95a3a3d342 doh 2 years ago
Florent Daigniere bd1b73032c Poke a hole for mailing lists 2 years ago
Florent Daigniere c4fcaed7d4 doh 2 years ago
Florent Daigniere 8929f54de5 clarify
Also cover the case where the DKIM sig is for another domain and there
is no explicit DMARC policy
2 years ago
Florent Daigniere 8da6117bb9 clarify 2 years ago
Florent Daigniere af87456faf this works for me 2 years ago
Florent Daigniere be4dd6d84a Spell it out 2 years ago
Florent Daigniere f7b3aad831 Ensure we REJECT when we don't have a DMARC policy
This restores the old behaviour
2 years ago
Florent Daigniere 8775a2bf04 untested code that may just work 2 years ago
Florent Daigniere 5d09390147 enable rspamd's autolearn feature 2 years ago
Vincent Kling bab3f0f5a4 Remove POD_ADDRESS_RANGE 2 years ago
henniaufmrenni 8eb8cb1f48 Update deprecated rspamd config option
This gets rid of the following error message:
lua; antivirus.lua:109: CLAM_VIRUS [clamav]: Using attachments_only is deprecated. Please use scan_mime_parts = true instead

As per the rspamd documentation https://rspamd.com/doc/modules/antivirus.html
attachments_only = true; # Before 1.8.1
scan_mime_parts = true; # After 1.8.1

The currently used version is rspamd 3.1.
3 years ago
Florent Daigniere 89a7a8ac13 Fix score of RCVD_NO_TLS_LAST 3 years ago
Florent Daigniere 74b31dc407 Ensure that RCVD_NO_TLS_LAST doesn't add spam points 3 years ago
Florent Daigniere 2170e07731 Tell rspamd about RELAYNETS 3 years ago
Alexander Graf 893705169e PoC rspamd use dkimkeys from admin using vault api 3 years ago
anrc 59bc4f7aea
Remove the username from the milter_headers
Rspamd adds the name of the authenticated user by default. Setting add_smtp_user to false prevents the login to be leaked.
4 years ago
Michael Wyraz e857b9d659 Document default antivirus behaviour, add an option to reject viruses 5 years ago
Tim Möhlmann 4e4b071fb0
Move services into core and optional 5 years ago