[Rspamd, PHP-FPM] Mount Rspamd maps, set correct permissions (WIP: edit in UI)

[PHP-FPM] Update image, fixes #3091
[Web] Netfilter: Do not auto restart netfilter-mailcow but add a small hint to restart netfilter-mailcow after adding a ban to perm bans
[Web] Remove unused js script parameter

data/Dockerfiles/phpfpm/Dockerfile

@@ -4,8 +4,8 @@ LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 ENV APCU_PECL 5.1.17
 ENV IMAGICK_PECL 3.4.4
 #ENV MAILPARSE_PECL 3.0.2
-ENV MEMCACHED_PECL 3.1.3
-ENV REDIS_PECL 5.0.1
+ENV MEMCACHED_PECL 3.1.4
+ENV REDIS_PECL 5.0.2
 
 RUN apk add -U --no-cache autoconf \
   bash \

data/Dockerfiles/rspamd/docker-entrypoint.sh

@@ -9,8 +9,6 @@ touch /etc/rspamd/rspamd.conf.local \
 chmod 755 /var/lib/rspamd
 
 [[ ! -f /etc/rspamd/override.d/worker-controller-password.inc ]] && echo '# Autogenerated by mailcow' > /etc/rspamd/override.d/worker-controller-password.inc
-[[ ! -f /etc/rspamd/custom/sa-rules-heinlein ]] && echo '# Autogenerated by mailcow' > /etc/rspamd/custom/sa-rules-heinlein
-[[ ! -f /etc/rspamd/custom/dovecot_trusted.map ]] && echo '# Autogenerated by mailcow' > /etc/rspamd/custom/dovecot_trusted.map
 
 DOVECOT_V4=
 DOVECOT_V6=
@@ -34,6 +32,26 @@ chown -R _rspamd:_rspamd /var/lib/rspamd \
   /etc/rspamd/rspamd.conf.override \
   /etc/rspamd/plugins.d
 
+# Fix missing default global maps, if any
+# These exists in mailcow UI and should not be removed
+touch /etc/rspamd/custom/global_mime_from_blacklist.map \
+  /etc/rspamd/custom/global_rcpt_blacklist.map \
+  /etc/rspamd/custom/global_smtp_from_blacklist.map \
+  /etc/rspamd/custom/global_mime_from_whitelist.map \
+  /etc/rspamd/custom/global_rcpt_whitelist.map \
+  /etc/rspamd/custom/global_smtp_from_whitelist.map \
+  /etc/rspamd/custom/sa-rules \
+  /etc/rspamd/custom/dovecot_trusted.map \
+  /etc/rspamd/custom/ip_wl.map \
+  /etc/rspamd/custom/fishy_tlds.map \
+  /etc/rspamd/custom/bad_words.map \
+  /etc/rspamd/custom/bad_asn.map \
+  /etc/rspamd/custom/bad_words_de.map
+
+# www-data (82) group needs to write to these files
+chown -R _rspamd:82 /etc/rspamd/custom
+chmod -R g+w /etc/rspamd/custom
+
 # Run hooks
 for file in /hooks/*; do
   if [ -x "${file}" ]; then

data/web/admin.php

@@ -660,7 +660,7 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
             ?>
             <a data-action="edit_selected" data-item="<?=$active_bans['network'];?>" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"unban"}' href="#">[<?=$lang['admin']['queue_unban'];?>]</a>
             <a data-action="edit_selected" data-item="<?=$active_bans['network'];?>" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"whitelist"}' href="#">[whitelist]</a>
-            <a data-action="edit_selected" data-item="<?=$active_bans['network'];?>" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"blacklist"}' href="#">[blacklist]</a>
+            <a data-action="edit_selected" data-item="<?=$active_bans['network'];?>" data-id="f2b-quick" data-api-url='edit/fail2ban' data-api-attr='{"action":"blacklist"}' href="#">[blacklist (<b>needs restart</b>)]</a>
             <?php
             else:
             ?>

data/web/inc/functions.fail2ban.inc.php

@@ -131,7 +131,7 @@ function fail2ban($_action, $_data = null) {
               if (valid_network($network)) {
                 $redis->hSet('F2B_BLACKLIST', $network, 1);
                 $redis->hDel('F2B_WHITELIST', $network, 1);
-                $response = docker('post', 'netfilter-mailcow', 'restart');
+                //$response = docker('post', 'netfilter-mailcow', 'restart');
               }
               else  {
                 $_SESSION['return'][] = array(

data/web/oauth/authorize.php

@@ -50,7 +50,6 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
     </div>
   </div>
 </div> <!-- /container -->
-<script src="../js/authorize.js"></script>
 <?php
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';
 exit();

docker-compose.yml

@@ -68,7 +68,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: mailcow/rspamd:1.48
+      image: mailcow/rspamd:1.49
       build: ./data/Dockerfiles/rspamd
       stop_grace_period: 30s
       depends_on:
@@ -96,7 +96,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.49
+      image: mailcow/phpfpm:1.50
       build: ./data/Dockerfiles/phpfpm
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
@@ -105,6 +105,7 @@ services:
         - ./data/hooks/dovecot:/hooks
         - ./data/web:/web:rw
         - ./data/conf/rspamd/dynmaps:/dynmaps:ro
+        - ./data/conf/rspamd/custom/:/rspamd_custom_maps:rw
         - rspamd-vol-1:/var/lib/rspamd
         - mysql-socket-vol-1:/var/run/mysqld/
         - ./data/conf/sogo/:/etc/sogo/