Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized

.drone.yml

@@ -15,12 +15,11 @@ steps:
   pull: default
   image: timovibritannia/ansible
   commands:
-  - wget $TEST_DOWNLOAD_URL --quiet
-  - unzip -qq mailcow-integration-tests.zip
-  - rm mailcow-integration-tests.zip
+  - git clone https://github.com/mailcow/mailcow-integration-tests.git --branch $(curl -sL https://api.github.com/repos/mailcow/mailcow-integration-tests/releases/latest | jq -r '.tag_name') --single-branch .
+  - wget -O group_vars/all/secrets.yml $SECRETS_DOWNLOAD_URL --quiet
   environment:
-    TEST_DOWNLOAD_URL:
-      from_secret: TEST_DOWNLOAD_URL
+    SECRETS_DOWNLOAD_URL:
+      from_secret: SECRETS_DOWNLOAD_URL
   when:
     branch:
     - master
@@ -62,7 +61,7 @@ steps:
   commands:
   - chmod +x ci.sh
   - ./ci.sh
-  - sleep 60
+  - sleep 120
   - ansible-playbook mailcow-setup-server.yml --private-key /drone/src/id_ssh_rsa --diff
   environment:
     ANSIBLE_HOST_KEY_CHECKING: false
@@ -115,6 +114,6 @@ steps:
     - success
 ---
 kind: signature
-hmac: d45bd1594ef12eb12b0035eb787d3372a6693825d8dbeb75c339979302b3941c
+hmac: d0ded978bd57646ae10307a3e7fd6584658e285929596ad1ee391cf7330d6338
 
 ...

data/conf/rspamd/local.d/composites.conf

@@ -34,3 +34,6 @@ FORGED_W_BAD_POLICY {
   expression = "( ~g+:policies | ~R_SPF_NA) & ( ~FROM_NEQ_ENVFROM & ~FORGED_SENDER )"
   score = 3.0;
 }
+RBL_EXCLUDE_FWD_HOST {
+  expression = "-WHITELISTED_FWD_HOST & ^g:rbl"
+}

data/conf/rspamd/local.d/mime_types.conf

@@ -1,21 +1,21 @@
 # Extensions that are treated as 'bad'
 # Number is score multiply factor
 bad_extensions = {
-  scr = 4,
-  lnk = 4,
-  exe = 1,
+  scr = 20,
+  lnk = 20,
+  exe = 20,
   msi = 1,
   msp = 1,
   msu = 1,
   jar = 2,
-  com = 4,
+  com = 20,
   bat = 4,
   cmd = 4,
   ps1 = 4,
   ace = 4,
   arj = 4,
   cab = 3,
-  vbs = 4,
+  vbs = 20,
   hta = 4,
   shs = 4,
   wsc = 4,
@@ -30,7 +30,8 @@ bad_archive_extensions = {
   pdf = 1.0,
   jar = 3,
   js = 0.5,
-  vbs = 7,
+  vbs = 20,
+  exe = 20
 };
 
 # Used to detect another archive in archive

data/conf/rspamd/local.d/rbl_group.conf

@@ -45,4 +45,8 @@ symbols = {
     score = 2.0;  
     description = "List of networks hijacked from their original owners, some of which have already used for spamming.";  
   }
+  "RECEIVED_SPAMHAUS_XBL" {
+    weight = 0.0;
+    description = "Received address is listed in ZEN XBL";
+  }
 }

data/web/inc/presets/rspamd/preset_2.yml

@@ -2,4 +2,9 @@ headline: lang.rsettings_preset_2
 content: |
   priority = 10;
   rcpt = "/postmaster@.*/";
-  want_spam = yes;
+  apply {
+    symbols_enabled = ["DKIM_SIGNED", "HISTORY_SAVE", "MILTER_HEADERS", "ARC_SIGNED"];
+  actions {
+      greylist = null;
+    }
+  }

generate_config.sh

@@ -233,8 +233,12 @@ USE_WATCHDOG=n
 
 ALLOW_ADMIN_EMAIL_LOGIN=n
 
-# Send notifications by mail (no DKIM signature, sent from watchdog@MAILCOW_HOSTNAME)
-# Can by multiple rcpts, NO quotation marks
+# Send notifications by mail (sent from watchdog@MAILCOW_HOSTNAME)
+# CAUTION:
+# 1. You should use external recipients
+# 2. Mails are sent unsigned (no DKIM)
+# 3. If you use DMARC, create a separate DMARC policy ("v=DMARC1; p=none;" in _dmarc.MAILCOW_HOSTNAME)
+# Multiple rcpts allowed, NO quotation marks, NO spaces
 
 #WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com
 #WATCHDOG_NOTIFY_EMAIL=