Updated base image to https://github.com/mailserver2/debian-mail-over…

…lay/releases/tag/v1.0.14 * Updated base image to https://github.com/mailserver2/debian-mail-overlay/releases/tag/v1.0.14 * Update rsyslog.conf to ignore some rspamd warnings for tests (#61) * add smtp smuggling mitigation * update checkout action from v2 to v3 --------- Co-authored-by: diroots <[email protected]>
mailserver2 · Jan 19, 2024 · 26c8ab6 · 26c8ab6
1 parent e10532a
commit 26c8ab6
Show file tree

Hide file tree

Showing 12 changed files with 25 additions and 10 deletions.
diff --git a/.github/workflows/default.yml b/.github/workflows/default.yml
@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Checkout repository and submodules
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           submodules: recursive
 

diff --git a/.github/workflows/ecdsa.yml b/.github/workflows/ecdsa.yml
@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Checkout repository and submodules
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           submodules: recursive
 

diff --git a/.github/workflows/ldap.yml b/.github/workflows/ldap.yml
@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Checkout repository and submodules
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           submodules: recursive
 

diff --git a/.github/workflows/ldap2.yml b/.github/workflows/ldap2.yml
@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Checkout repository and submodules
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           submodules: recursive
 

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Checkout repository and submodules
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           submodules: recursive
 

diff --git a/.github/workflows/reverse.yml b/.github/workflows/reverse.yml
@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Checkout repository and submodules
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           submodules: recursive
 

diff --git a/.github/workflows/sieve.yml b/.github/workflows/sieve.yml
@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Checkout repository and submodules
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           submodules: recursive
 

diff --git a/.github/workflows/traefik_acmev1.yml b/.github/workflows/traefik_acmev1.yml
@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Checkout repository and submodules
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           submodules: recursive
 

diff --git a/.github/workflows/traefik_acmev2.yml b/.github/workflows/traefik_acmev2.yml
@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Checkout repository and submodules
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           submodules: recursive
 

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM mailserver2/debian-mail-overlay:1.0.12
+FROM mailserver2/debian-mail-overlay:1.0.14
 
 LABEL description="Simple and full-featured mail server using Docker"
 

diff --git a/rootfs/etc/postfix/main.cf b/rootfs/etc/postfix/main.cf
@@ -25,6 +25,18 @@ mynetworks    = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 {{ .RELAY_NETWORKS
 
 alias_maps = hash:/etc/aliases
 
+
+################################
+## SMTP smuggling mitigation  ##
+################################
+smtpd_forbid_bare_newline            = yes
+smtpd_forbid_bare_newline_exclusions = $mynetworks
+
+# https://www.postfix.org/smtp-smuggling.html#long
+# Optionally disconnect remote SMTP clients that send bare newlines,
+# but allow local clients with non-standard SMTP implementations
+# such as netcat, fax machines, or load balancer health checks.
+
 ###############
 ## SMTP/UTF8 ##
 ###############

diff --git a/rootfs/etc/rsyslog/rsyslog.conf b/rootfs/etc/rsyslog/rsyslog.conf
@@ -7,6 +7,9 @@ $IncludeConfig /etc/rsyslog.d/*.conf
 # https://github.com/vstakhov/rspamd/issues/1693
 :msg,contains,"map file is unavailable for reading" ~
 :msg,contains,"cannot load controller stats from /var/mail/rspamd/stats.ucl" ~
+:msg,contains,"rspamd_register_symbol_fromlua: duplicate symbol" ~
+:msg,contains,"trying to add virtual symbol MID" ~
+:msg,contains,"init of /usr/share/rspamd/lualib/lua_ffi/spf.lua failed" ~
 :msg,contains,"database is locked" ~
 :msg,contains,"http error occurred: IO read error: unexpected EOF" ~
 :msg,contains,"http error occurred: Not found" ~