Trang chủ Khám phá Trợ giúp
Đăng nhập
mirrors
/
mailcow-dockerized
mirror of https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Các tập tin Các vấn đề 0 Wiki
Browse Source

Merge pull request #1 from mailcow/admin-login

rebase
Marcel 6 năm trước cách đây
mục cha
4482aee747 57312ad605
commit
937cdadd36
6 tập tin đã thay đổi với 31 bổ sung12 xóa
Split View Hiển thị tình trạng sai khác
  1. 15 5
      data/Dockerfiles/clamd/bootstrap.sh
  2. 5 0
      data/Dockerfiles/sogo/bootstrap-sogo.sh
  3. 3 1
      data/conf/nginx/templates/sogo.auth_request.template.sh
  4. 2 2
      data/conf/rspamd/dynmaps/settings.php
  5. 0 1
      data/conf/sogo/sogo.conf
  6. 6 3
      docker-compose.yml

+ 15 - 5
data/Dockerfiles/clamd/bootstrap.sh
Xem Tập Tin 

@@ -7,19 +7,29 @@ if [[ "${SKIP_CLAMD}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
 
 fi
 
 
 # Prepare whitelist
 
+
 
+mkdir -p /run/clamav /var/lib/clamav
 
+
 
 if [[ -s /etc/clamav/whitelist.ign2 ]]; then
 
+  echo "Copying non-empty whitelist.ign2 to /var/lib/clamav/whitelist.ign2"
 
   cp /etc/clamav/whitelist.ign2 /var/lib/clamav/whitelist.ign2
 
 fi
 
 if [[ ! -f /var/lib/clamav/whitelist.ign2 ]]; then
 
+  echo "Creating /var/lib/clamav/whitelist.ign2"
 
   echo "Example-Signature.Ignore-1" > /var/lib/clamav/whitelist.ign2
 
 fi
 
-chown clamav:clamav /var/lib/clamav/whitelist.ign2
 
-mkdir -p /run/clamav /var/lib/clamav
 
-chown clamav:clamav /run/clamav /var/lib/clamav
 
-chmod 750 /run/clamav
 
+
 
+chown clamav:clamav -R /var/lib/clamav /run/clamav
 
+
 
 chmod 755 /var/lib/clamav
 
+chmod 644 -R /var/lib/clamav/*
 
+chmod 750 /run/clamav
 
+
 
+echo "Stating whitelist.ign2"
 
+stat /var/lib/clamav/whitelist.ign2
 
 
 dos2unix /var/lib/clamav/whitelist.ign2
 
+
 
 sed -i '/^\s*$/d' /var/lib/clamav/whitelist.ign2
 
 
 BACKGROUND_TASKS=()
 
@@ -38,7 +48,7 @@ while true; do
 
   sleep 2m
 
   SANE_MIRRORS="$(dig +ignore +short rsync.sanesecurity.net)"
 
   for sane_mirror in ${SANE_MIRRORS}; do
 
-    rsync -avp --chown=clamav:clamav --timeout=5 rsync://${sane_mirror}/sanesecurity/ \
 
+    rsync -avp --chown=clamav:clamav --chmod=Du=rwx,Dgo=rx,Fu=rw,Fog=r --timeout=5 rsync://${sane_mirror}/sanesecurity/ \
 
       --include 'blurl.ndb' \
 
       --include 'junk.ndb' \
 
       --include 'jurlbl.ndb' \

+ 5 - 0
data/Dockerfiles/sogo/bootstrap-sogo.sh
Xem Tập Tin 

@@ -85,6 +85,9 @@ done
 
 
 mkdir -p /var/lib/sogo/GNUstep/Defaults/
 
 
+# Force-remove lines from sogo.conf
 
+sed -i '/SOGoIMAPServer/d' /etc/sogo/sogo.conf
 
+
 
 # Generate plist header with timezone data
 
 cat <<EOF > /var/lib/sogo/GNUstep/Defaults/sogod.plist
 
 <?xml version="1.0" encoding="UTF-8"?>
 
@@ -93,6 +96,8 @@ cat <<EOF > /var/lib/sogo/GNUstep/Defaults/sogod.plist
 
 <dict>
 
     <key>OCSAclURL</key>
 
     <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_acl</string>
 
+    <key>SOGoIMAPServer</key>
 
+    <string>imap://${IPV4_NETWORK}.250:143/?tls=YES</string>
 
     <key>OCSCacheFolderURL</key>
 
     <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_cache_folder</string>
 
     <key>OCSEMailAlarmsFolderURL</key>

+ 3 - 1
data/conf/nginx/templates/sogo.auth_request.template.sh
Xem Tập Tin 

@@ -2,5 +2,7 @@ if printf "%s\n" "${ALLOW_ADMIN_EMAIL_LOGIN}" | grep -E '^([yY][eE][sS]|[yY])+$'
 
     echo 'auth_request /sogo-auth-verify;
 
 auth_request_set $user $upstream_http_x_username;
 
 proxy_set_header x-webobjects-remote-user $user;
 
-'
 
+if ($args ~* (.*)(account=(?!0))(.*)) {
 
+  return 401;
 
+}'
 
 fi

+ 2 - 2
data/conf/rspamd/dynmaps/settings.php
Xem Tập Tin 

@@ -179,7 +179,7 @@ foreach (wl_by_sogo() as $user => $contacts) {
 
     }

 ?>

     apply "default" {

-      SOGO_CONTACT = -999.0;

+      SOGO_CONTACT = -99.0;

     }

     symbols [

       "SOGO_CONTACT"

@@ -425,4 +425,4 @@ while ($row = array_shift($rows)) {
 
 <?php

 }

 ?>

-}
 
+}

+ 0 - 1
data/conf/sogo/sogo.conf
Xem Tập Tin 

@@ -26,7 +26,6 @@
 
     //  (domain3.tld, domain2.tld)
 
     // );
 
 
-    SOGoIMAPServer = "imap://dovecot:143/?tls=YES";
 
     SOGoSieveServer = "sieve://dovecot:4190/?tls=YES";
 
     SOGoSMTPServer = "postfix:588";
 
     WOPort = "0.0.0.0:20000";

+ 6 - 3
docker-compose.yml
Xem Tập Tin 

@@ -55,7 +55,7 @@ services:
 
             - redis
 
 
     clamd-mailcow:
 
-      image: mailcow/clamd:1.21
 
+      image: mailcow/clamd:1.22
 
       build: ./data/Dockerfiles/clamd
 
       restart: always
 
       environment:
 
@@ -140,7 +140,7 @@ services:
 
             - phpfpm
 
 
     sogo-mailcow:
 
-      image: mailcow/sogo:1.52
 
+      image: mailcow/sogo:1.53
 
       build: ./data/Dockerfiles/sogo
 
       environment:
 
         - DBNAME=${DBNAME}
 
@@ -150,6 +150,8 @@ services:
 
         - LOG_LINES=${LOG_LINES:-9999}
 
         - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
 
         - ACL_ANYONE=${ACL_ANYONE:-disallow}
 
+        - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
 
+        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
 
       volumes:
 
         - ./data/conf/sogo/:/etc/sogo/
 
         - ./data/web/inc/init_db.inc.php:/init_db.inc.php
 
@@ -165,7 +167,7 @@ services:
 
             - sogo
 
 
     dovecot-mailcow:
 
-      image: mailcow/dovecot:1.63
 
+      image: mailcow/dovecot:1.64
 
       build: ./data/Dockerfiles/dovecot
 
       cap_add:
 
         - NET_BIND_SERVICE
 
@@ -210,6 +212,7 @@ services:
 
       hostname: ${MAILCOW_HOSTNAME}
 
       networks:
 
         mailcow-network:
 
+          ipv4_address: ${IPV4_NETWORK:-172.22.1}.250
 
           aliases:
 
             - dovecot