Dear mailcow users,
- Please see our support packages at servercow.de.
- Please also checkout our managed mailcow. A fully managed mailcow including support, updates, backups and more.
Liebe mailcow Benutzer,
Dear mailcow users,
Liebe mailcow Benutzer,
Sorry for the lack of december update news.
You can now set
WATCHDOG_EXTERNAL_CHECKS=y in mailcow.conf to enable an open relay check. The check is run about every minute.
In the future, you will be able to shut down Postfix whenever watchdog-mailcow detects an open relay.
Your source IP must match your mailcow IP, will only work with unmodified mailcows.
sogo-mailcow: build: context: ./data/Dockerfiles/sogo dockerfile: Dockerfile args: - SOGO_DEBIAN_REPOSITORY=https://user:email@example.com/SOGo/release/4/debian/
data/web/inc/presets/rspamd/. Headline can be a lang string. Please feel free to add more useful presets!
A BIG THANK YOU to all supporters! Thank you so much for keeping mailcow alive. 🙂
Another BIG THANK YOU goes out to all contributors!
[API] Added DKIM get route to api docs
[API] Added docs for new status api
[API] Added new status route to get some system infos
[API] Fixed api docs not being displayed correctly
[API] Make Solr API return data if Solr is enabled
[API] Update API docs with app password routes
[Rspamd] ARC remains active for forwards. Result: fully signed and trusted forwards and signed rejects in sieve.
[Rspamd] block all Office documents with macros
[CI] Added automated testing using drone (#3278)
[ClamAV] Whitelist JS in PDF – too many false-positives
[Web] Disable refresh button, while refreshing (#3199)
[Dovecot] Add map for app passwds
[Dovecot] Change LUA path
[Dovecot] Delete ham/spam hash if previously learned; Change LUA script pathes
[Dovecot] Drop logs
[Dovecot] Enable editheaders plugin in sieve for all users
[Dovecot] Fix app passwds: allow multiple pass hashes by using LUA construct
[Dovecot] Fix lua error when trying to escape empty domains
[Dovecot] Really strange race condition when reading an untouched LUA file on slower systems
[Dovecot] Remove CONTROL from shared namespace – thanks to @Keessaus
[Dovecot] Set BCC in quarantine notify
[Git] Ignore auto generated Dovecot LUA
[Git] Ignore whitelist.ign2
[IMPORTANT] If you run Ubuntu 16.04, upgrade your kernel to linux-generic-hwe-16.04
[Nginx] Catch case-insensitive /sogo$ request and redirect to /SOGo
[PHP-FPM] Remove useless flag for gd
[Postfix] Add bl.suomispam.net
[Postfix] Client rcpt rate limit set to 50
[Postfix] Set CA path for smtpd
[Postfix] Update Postscreen whitelist
[Rspamd] Add mailcow_networks map
[Rspamd] Allow empty envfrom for system mails, add only Dovecot to sign_networks and sign by header when sign_networks fires.
[Rspamd] allow_hdrfrom_mismatch true, auth_only false (sieve)
[Rspamd] Decrease weight of missed charset
[Rspamd] Do not normalise domains to eSLD for ARC
[Rspamd] Lower map watch interval
[Rspamd] Ratelimit for bounces reduced, max_rcpt for ratelimit increased
[Rspamd] SA trivial converter (wip)
[Rspamd] Set rspamd as trusted host, rspamd is not spoofing
[Rspamd] Split deprecated metrics.conf to actions.conf and groups.conf
[SOGo] Fix for whitespaces in mysql return; Order aliases
[SOGo] Make view more readable
[SOGo] Read build args
[SSL] fix bug with pruning old certificates (#3272)
[Update] Split metrics to actions and groups, warn if metrics is different from repo
[Web] Use main_name in the “Yubico OTP Authentifizierung” modal and in the mailbox edit modal.
[Watchdog] Add external check for open relay, requires SAL
[Watchdog] Fix ipv6 config check
[Watchdog] Retry to get current ACME log status, if empty (may fix watchdog mails on very busy servers – eg while running a backup)
[Watchdog] Revert acme-mailcow threshold to 1
[Watchdog] smtp-cli 3.10 (yay) and a new check for IPv6 configuration problems
[Web] Add “add” button to header of table
[Web] Add missing lang strings for edit
[Web] Add more password generator links
[Web] Add more map types soon; Do not expose private key via API if hidden in vars (fixes #3231)
[Web] Add more sieve presets
[Web] Add new preset for Rspamd settings map: Only allow specific senders to send to a mailbox
[Web] Allow to set BCC for quarantine
[Web] Allow to use data/web/css/build/0081-custom-mailcow.css for ignored overrides
[Web] Better mobileconfig handling
[Web] Complain about non-email email fields
[Web] Deleted hashes previously learned
[Web] Do not show Solr and Clam status when disabled, thanks to Tina
[Web] Feature: Allow app passwords for imap/smtp, allow to set acl permission for app passwords (domain admin [when logged in as user] and user)
[Web] Finally fix solr and clam status…
[Web] Fix global maps
[Web] Fix lang.en.json
[Web] Fix policy map selection for dane
[Web] Fix quarantine for sneaky dots, also fixes #3263
[Web] Fix Solr status and sort containers
[Web] Fix some major errors in app passwds but disable app passwds due to a show stopper… todo: fix asap
[Web] Fix some transport verifications
[Web] Fix transport validation for hostnames
[Web] Generate longer passwords for app passwords
[Web] Generate longer passwords for app passwords (edit was missing)
[Web] Get all app passwd ids for a single user by using get/app-passwd/all/user@domain
[Web] Hide app passwords from logs
[Web] hide echoed var
[Web] Make mobile usage less annoying; anchors for maps; sidebar for maps
[Web] Minor style fix and re-enable app passwds
[Web] Remove “add domain” from table when not admin, fixes #3267
[Web] Remove tracking for custom-mailcow css
[Web] Revert dropup to dropdown
[Web] Revert some style changes, mobile view should be fixes/better with bootstrap 4
[Web, Rspamd] Add bad language map, add map to mailcow UI
[Web] Show hint when SOGo admin login is enabed, fix sieve preset in API
[Web] Small adjustments to presets
[Web] Update languages
[Web] Various fixes for app passwd functions
Thanks a lot to Benjamin from nichteinschalten.de for creating this awesome blog post about mailcow.
You may encounter errors with Dovecot or ClamAV (and probably other containers besides mailcow), if you run Ubuntu 16.04 with its default kernel 4.4 and Docker from the official Docker repository.
Please install the HWE kernel from the Ubuntu repository and reboot:
apt-get update apt-get install --install-recommends -y linux-generic-hwe-16.04 reboot
The year is slowly coming to its end. We hope you will enjoy the last few weeks of the year.
Instead of writing down all commits you can already find on GitHub, we will only mention important changes or fixes dating back from the previous post until today. This mooonths updates includes:
Instead of writing down all commits you can already find on GitHub, we will only mention important changes or fixes dating back from the previous post until today.
We just included MariaDB 10.3. If you run ./update.sh, you will encounter some errors in mysql-mailcow, that will be fixed by the upgrade process triggered by php-fpm-mailcow.
A SQL backup is recommended.
EN: If you have a mailcow support subscription, feel free to use the ticket system for assistance or help after a failed update.
DE: Falls ein mailcow Supportpaket gebucht wurde, helfen wir gerne beim Update der mailcow Installation oder bei etwaigen Problemen.
Sorry for the delay, mailcow was still worked on. Time is running too fast. 🙁
Instead of writing down all commits you can already find on GitHub, I will only mention important changes or fixes dating back from the previous post until today.
Edit: Forgot to say thanks to @irgendwr for fixing XSS!
We also migrate existing installations.
Please see https://www.servercow.de/mailcow#managed for further information.
This is a short heads-up for users running their mailcow instance on Ubuntu 18.04: Do NOT upgrade to kernel 4.15.0-
Based on various user reports and more extensive testing this specific kernel release triggers a kernel panic and crashes your server. So far we have been able to figure out, this is related when setting a nameserver in the docker-compose.yml file explicitly (which isn’t new in our code). For some strange reason this commit/hotfix fixes the crashes so far.
You can track the progress for this issue here. However please keep in mind that this is a small warning for our Ubuntu users, as there’s currently no final fix available yet. We’ve also filed a Ubuntu bug report already.
Update on 5th September: The issue was confirmed as a valid kernel bug and is already fixed by the Ubuntu team, see the Launchpad issue here. However, there’s no ETA when the new kernel update will be released.
Update on 11th September: The new fixed kernel image 4.15.0-62.69 was released on 9th September.
So what happened the last few days and weeks? You guessed it! Some important security updates!
To sum it up:
– Critical: There was a dovecot security issue fixed which can lead to private information leakage and remote code execution. Read more here.
– ClamAV got updated to v0.101.4 to address zipbomb vulnerability. Read more here.
– A few XSS vulnerabilities in the mailcow UI were fixed.
– Beside the security fixes there were also more mailserver blacklists and spam rules added to improve spam detection.
An update of your mailcow instances is strongly recommended and should be done as soon as possible. Update is possible as usual by executing the update script.
(Telegram users might be wondering: Yes, this is indeed a cross-post from my Telegram News post a few days arlier.)