🐄 Moorch Update 2022 - ClamAV, Dovecot & Olefy Update (#4497)

* [API] Fix minor issue in api docs * [GH-Actions][stale] Add neverstale label to exempt list * [Web] add github version tag * [Web] add github version tag * [Web] add github version tag * [Web] add github version tag * [Web] add github version tag * [Web] add github version tag error handling * [Web] add github version tag error handling * Passwordless SOGo auth: support for calendar invitations and calendar/contacts subscriptions Inviting someone to a calendar event triggers a request to /SOGo/so/[email protected]/freebusy.ifb/ajaxRead. Subscribing to someone's calendar/contacts triggers a request to /SOGo/so/[email protected]/foldersSearch. The email address in the URL is different from the logged-in user, which needs to be handled appropriately by sogo-auth.php. * [Web] add github version tag - adjust css * [Compose] Update SOGo Autoreply Schedule to 5m Based on the advice of inverse (SOGo developer). Thanks to https://github.com/jmber Closes: #4436 * [Web] add github version tag - move twig globals * [Web] add github version tag - missing </div> * Passwordless SOGo auth: improvements for when accessing other users * [WebAuthn] fido2 passwordless auth - fix (#4440) * [WebAuthn] fido2 revert * [WebAuthn] set UV flags to 'discouraged' * [WebAuthn] revert - set UV flags to 'discouraged' * Update clamav to 0.104.2 * Update clamav to 0.104.2 * Update dovecot to 2.3.18 Update gosu to 1.14 Use debian bullseye as base * [Web] Updated lang.es.json [CI SKIP] (#4453) Co-authored-by: Fijxu <[email protected]> Co-authored-by: milkmaker <[email protected]> Co-authored-by: Fijxu <[email protected]> * Fix broken documentation links (#4458) * Fix broken documentation links * Fix a few more broken documentation links * Fix broken documentation links in translation files * Fall back to empty string if WATCHDOG_NOTIFY_EMAIL undefined (#4457) By default, `.env` (`mailcow.conf`) does not define `WATCHDOG_NOTIFY_EMAIL`. Using it in `docker-compose.yml` without having it defined leads to Compose v2 displaying this warning on startup: > WARNING: The WATCHDOG_NOTIFY_EMAIL variable is not set. Defaulting to a blank string. Related to #4315 * [Web] Updated lang.sk.json [CI SKIP] (#4461) Co-authored-by: Lukáš Matula <[email protected]> Co-authored-by: milkmaker <[email protected]> Co-authored-by: Lukáš Matula <[email protected]> * oletools: disable template injection detection (#4464) Seems to be causing a lot of false positives lately * Fix minor typo in comment (#4466) Correction of the comment, so that the explanation is correct and can be understood. * Update issue templates to issue forms (#4465) This PR updates the issue templates to GitHubs new issue forms * [Web] Fix padding issue in UI admin panel (#4481) * [Web] fix admin panel padding issue * [Web] fix admin panel padding issue * [Web] Updated lang.sk.json [CI SKIP] (#4489) Co-authored-by: Lukáš Matula <[email protected]> Co-authored-by: milkmaker <[email protected]> Co-authored-by: Lukáš Matula <[email protected]> * increase opcache.interned_strings_buffer to 16 (#4487) since version 23.0.2 Nextcloud recommends having a value greater than 8 for `opcache.interned_strings_buffer`. As this memory will be only used when needed this should have no impact on installations that are not using nextcloud. related discussion: https://help.nextcloud.com/t/nextcloud-23-02-opcache-interned-strings-buffer/134007/19 related nextcloud issue: nextcloud/server#31223 * nextcloud - add missing redirections (#4366) adds missing location directives to the nginx configuration of nextcloud 22, to prevent warnings in nextcloud admin center of missing redirections * Update imapsync to 2.178 (#4491) * Update and fix oletools (#4479) As noticed by @MAGICCC (#4464 (comment)), our olefy image does not work anymore if you rebuild it. This is because @HeinleinSupport recently updated their repository with the changes from @decalage2's repository, which renamed olvba3 to olevba. Since @HeinleinSupport does not recommend using its own patched branch and is very slow in pulling in changes from upstream (@decalage2), let's switch to the latter. This also allowed me to revert #4464. Finally, a minor patch to rspamd is necessary. While the documentation says In the extended mode the oletools module will not trigger on specific categories, but will always set a threat string with all found flags when at least a macro was found. This is not actually true -- it only sets it when suspicious or autoexec threats were detected. But it's a one-line patch to make rspamd behave as documented and we should submit that patch to @rspamd too. With this patch, I have confirmed that Mailcow will reject any incoming, non-whitelisted message containing attachments with macros. * [Web] Fix excluded domain list in quaratine view Previously excluded domains from quarantine were not shown. * [Dovecot] Update syslogng Version to 3.28 (#4496) Co-authored-by: Niklas Meyer <[email protected]> Co-authored-by: ntimo <[email protected]> Co-authored-by: Peter <[email protected]> Co-authored-by: FreddleSpl0it <[email protected]> Co-authored-by: FreddleSpl0it <[email protected]> Co-authored-by: Michael Kuron <[email protected]> Co-authored-by: milkmaker <[email protected]> Co-authored-by: Fijxu <[email protected]> Co-authored-by: Slavi Pantaleev <[email protected]> Co-authored-by: Lukáš Matula <[email protected]> Co-authored-by: Max <[email protected]> Co-authored-by: Michael Cramer <[email protected]> Co-authored-by: Robert Christian <[email protected]> Co-authored-by: André <[email protected]> Co-authored-by: Niklas Meyer <[email protected]>
mailcow · Mar 2, 2022 · c520f21 · c520f21
1 parent b1314bd
commit c520f21
Show file tree

Hide file tree

Showing 30 changed files with 1,517 additions and 621 deletions.
diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -1,60 +1,94 @@
----
 name: 🐞 Bug Report
-about: Report a reproducible bug for mailcow. (NOT to be used for support questions.)
-labels: bug
----
+description: Report a reproducible bug for mailcow. (NOT to be used for support questions.)
+labels: ["bug"]
+body:
+  - type: checkboxes
+    attributes:
+      label: Contribution guidelines
+      description: Please read the contribution guidelines before proceeding.
+      options:
+        - label: I've read the [contribution guidelines](https://github.com/mailcow/mailcow-dockerized/blob/master/CONTRIBUTING.md) and wholeheartedly agree
+          required: true
+  - type: checkboxes
+    attributes:
+      label: I've found a bug and checked that ...
+      description: Prior to placing the issue, please check following:** *(fill out each checkbox with an `X` once done)*
+      options:
+      - label: ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
+        required: true
+      - label: ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
+        required: true
+      - label: ... I have understood that answers are voluntary and community-driven, and not commercial support.
+        required: true
+      - label: ... I have verified that my issue has not been already answered in the past. I also checked previous [issues](https://github.com/mailcow/mailcow-dockerized/issues).
+        required: true
+  - type: textarea
+    attributes:
+      label: Description
+      description: Please provide a brief description of the bug in 1-2 sentences. If applicable, add screenshots to help explain your problem. Very useful for bugs in mailcow UI.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Logs
+      description: Please take a look at the [official documentation](https://mailcow.github.io/mailcow-dockerized-docs/debug-logs/) and post the last few lines of logs, when the error occurs. For example, docker container logs of affected containers. This will be automatically formatted into code, so no need for backticks.
+      render: bash
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Steps to reproduce
+      description: Please describe the steps to reproduce the bug. Screenshots can be added, if helpful.
+      placeholder: |-
+        1. ...
+        2. ...
+        3. ...
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: System information
+      description: In this stage we would kindly ask you to attach general system information about your setup.
+      value: |-
+             | Question | Answer |
+             | --- | --- |
+             | My operating system | I_DO_REPLY_HERE |
+             | Is Apparmor, SELinux or similar active? | I_DO_REPLY_HERE |
+             | Virtualization technlogy (KVM, VMware, Xen, etc - **LXC and OpenVZ are not supported** | I_DO_REPLY_HERE |
+             | Server/VM specifications (Memory, CPU Cores) | I_DO_REPLY_HERE |
+             | Docker Version (`docker version`) | I_DO_REPLY_HERE |
+             | Docker-Compose Version (`docker-compose version`) | I_DO_REPLY_HERE |
+             | Reverse proxy (custom solution) | I_DO_REPLY_HERE |
 
-<!--
-  Please DO NOT delete this template or use it for support questions.
-  You are welcome to visit us on our community channels listed at https://mailcow.github.io/mailcow-dockerized-docs/#community-support
-  For official support, please check https://mailcow.github.io/mailcow-dockerized-docs/#commercial-support
--->
+             Output of `git diff origin/master`, any other changes to the code? If so, **please post them**:
+             ```
+             YOUR OUTPUT GOES HERE
+             ```
 
-**Prior to placing the issue, please check following:** *(fill out each checkbox with an `X` once done)*
-- [ ] I understand that not following or deleting the below instructions will result in immediate closure and/or deletion of my issue.
-- [ ] I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
-- [ ] I have understood that answers are voluntary and community-driven, and not commercial support.
-- [ ] I have verified that my issue has not been already answered in the past. I also checked previous [issues](https://github.com/mailcow/mailcow-dockerized/issues).
+             All third-party firewalls and custom iptables rules are unsupported. **Please check the Docker docs about how to use Docker with your own ruleset**. Nevertheless, iptabels output can help us to help you:
+             iptables -L -vn:
+             ```
+             YOUR OUTPUT GOES HERE
+             ```
 
-## Summary
-<!--
-  This should be a clear and concise description of what the bug is. What EXACTLY does happen?
-  If applicable, add screenshots to help explain your problem. Very useful for bugs in mailcow UI.
-  Write your detailed description below.
+             ip6tables -L -vn:
+             ```
+             YOUR OUTPUT GOES HERE
+             ```
 
-  Also mention on which commit/date your mailcow instance was last updated.
--->
+             iptables -L -vn -t nat:
+             ```
+             YOUR OUTPUT GOES HERE
+             ```
 
-## Logs
-<!--
-  Please take a look at the [official documentation](https://mailcow.github.io/mailcow-dockerized-docs/debug-logs/) and post the last
-  few lines of logs, when the error occurs. For example, docker container logs of affected containers.
--->
+             ip6tables -L -vn -t nat:
+             ```
+             YOUR OUTPUT GOES HERE
+             ```
 
-## Reproduction
-<!--
-  It is really helpful to know how exactly you are able to reproduce the reported issue.
-  Have you tried to fix the issue? What did you try?
-  What are the exact steps to get the above described behavior?
-  Screenshots can be added, if helpful. Add the text below.
--->
-
-## System information
-<!--
-  In this stage we would kindly ask you to attach general system information about your setup.
-  Please carefully read the questions and instructions below.
--->
-
-| Question | Answer |
-| --- | --- |
-| My operating system | I_DO_REPLY_HERE |
-| Is Apparmor, SELinux or similar active? | I_DO_REPLY_HERE |
-| Virtualization technlogy (KVM, VMware, Xen, etc - **LXC and OpenVZ are not supported** | I_DO_REPLY_HERE |
-| Server/VM specifications (Memory, CPU Cores) | I_DO_REPLY_HERE |
-| Docker Version (`docker version`) | I_DO_REPLY_HERE |
-| Docker-Compose Version (`docker-compose version`) | I_DO_REPLY_HERE |
-| Reverse proxy (custom solution) | I_DO_REPLY_HERE |
-
-- Output of `git diff origin/master`, any other changes to the code? If so, **please post them**.
-- All third-party firewalls and custom iptables rules are unsupported. *Please check the Docker docs about how to use Docker with your own ruleset*. Nevertheless, iptabels output can help us to help you: `iptables -L -vn`, `ip6tables -L -vn`, `iptables -L -vn -t nat` and `ip6tables -L -vn -t nat`.
-- DNS problems? Please run `docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254` (set the IP accordingly, if you changed the internal mailcow network) and post the output.
+             DNS problems? Please run `docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254` (set the IP accordingly, if you changed the internal mailcow network) and post the output:
+             ```
+             YOUR OUTPUT GOES HERE
+             ```
+    validations:
+      required: true
diff --git a/.github/ISSUE_TEMPLATE/Feature_request.md b/.github/ISSUE_TEMPLATE/Feature_request.md
@@ -1,29 +1,20 @@
----
 name: 💡 Feature Request
-about: Suggest an idea for mailcow.
-labels: enhancement
----
-
-<!--
-  Please note that the mailcow team and its contributors do have finite
-  resources and that we can not work on all filed feature requests.
-
-  However making us aware about certain ideas can help us improving
-  mailcow together.
-  
-  We're also happy to help you getting a specific  feature implemented.
--->
-
-## Summary
-
-A clear and concise description of what the problem is.
-For example: I'm always frustrated when [...]
-
-## Motivation
-
-What are you about to solve or improve with this idea?
-What would be the benefit for most users?
-
-## Additional context
-
-Add any other context or screenshots about the feature request.
+description: Suggest an idea for mailcow.
+labels: ["enhancement"]
+body:
+  - type: textarea
+    attributes:
+      label: Summary
+      description: Please describe your idea in a reasonable amount of detail.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Motivation
+      description: Please describe how your idea would benefit you and other users.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Additional context
+      description: Add any other context or screenshots about the feature request.
diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile
@@ -2,18 +2,26 @@ FROM debian:bullseye-slim
 
 LABEL maintainer "André Peters <[email protected]>"
 
-ARG CLAMAV=0.103.5
+ARG CLAMAV=0.104.2
+ARG TINI_VERSION=v0.19.0
+
 RUN apt-get update && apt-get install -y --no-install-recommends \
   ca-certificates \
-  zlib1g-dev \
+  build-essential \
+  pkg-config \
+  python3 \
+  python3-pip \
+  valgrind \
+  check \
+  libbz2-dev \
   libcurl4-openssl-dev \
+  libjson-c-dev \
+  libmilter-dev \
   libncurses5-dev \
-  libzip-dev \
   libpcre2-dev \
-  libxml2-dev \
   libssl-dev \
-  build-essential \
-  libjson-c-dev \
+  libxml2-dev \
+  zlib1g-dev \
   curl \
   bash \
   wget \
@@ -22,39 +30,47 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
   rsync \
   dos2unix \
   netcat \
+  && python3 -m pip install cmake \
   && rm -rf /var/lib/apt/lists/* \
   && wget -O - https://www.clamav.net/downloads/production/clamav-${CLAMAV}.tar.gz | tar xfvz - \
   && cd clamav-${CLAMAV} \
-  && ./configure \
-  --prefix=/usr \
-  --libdir=/usr/lib \
-  --sysconfdir=/etc/clamav \
-  --mandir=/usr/share/man \
-  --infodir=/usr/share/info \
-  --disable-llvm \
-  --with-user=clamav \
-  --with-group=clamav \
-  --with-dbdir=/var/lib/clamav \
-  --enable-clamdtop \
-  --enable-bigstack \
-  --with-pcre \
-  && make -j4 \
-  && make install \
-  && make clean \
+  && cmake . \
+      -D CMAKE_INSTALL_PREFIX=/usr \
+      -D CMAKE_INSTALL_LIBDIR=/usr/lib \
+      -D APP_CONFIG_DIRECTORY=/etc/clamav \
+      -D CMAKE_INSTALL_MANDIR=/usr/share/man \
+      -D CMAKE_INSTALL_INFODIR=/usr/share/info \
+      -D CLAMAV_USER=clamav \
+      -D CLAMAV_GROUP=clamav \
+      -D DATABASE_DIRECTORY=/var/lib/clamav \
+      -D ENABLE_APP=ON \
+      -D ENABLE_JSON_SHARED=OFF \
+      -D CMAKE_BUILD_TYPE=MinSizeRel \
+  && cmake --build . -j4 \
+  && cmake --build . --target install \
   && cd .. && rm -rf clamav-${CLAMAV} \
   && apt-get -y --auto-remove purge build-essential \
-  && apt-get -y purge zlib1g-dev \
+  && apt-get -y purge pkg-config \
+  python3 \
+  python3-pip \
+  valgrind \
+  check \
+  libbz2-dev \
+  libcurl4-openssl-dev \
+  libjson-c-dev \
+  libmilter-dev \
   libncurses5-dev \
-  libzip-dev \
   libpcre2-dev \
-  libxml2-dev \
   libssl-dev \
-  libjson-c-dev \
+  libxml2-dev \
+  zlib1g-dev \
+
   && addgroup --system --gid 700 clamav \
   && adduser --system --no-create-home --home /var/lib/clamav --uid 700 --gid 700 --disabled-login clamav \
   && rm -rf /tmp/* /var/tmp/*
 
 COPY clamd.sh ./
-COPY tini /sbin/tini
+ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /sbin/tini
+RUN chmod +x /sbin/tini
 
 CMD ["/sbin/tini", "-g", "--", "/clamd.sh"]
diff --git a/data/Dockerfiles/clamd/tini b/data/Dockerfiles/clamd/tini
diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
@@ -1,10 +1,10 @@
-FROM debian:buster-slim
+FROM debian:bullseye-slim
 LABEL maintainer "Andre Peters <[email protected]>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG DOVECOT=2.3.17.1
+ARG DOVECOT=2.3.18
 ENV LC_ALL C
-ENV GOSU_VERSION 1.12
+ENV GOSU_VERSION 1.14
 
 # Add groups and users before installing Dovecot to not break compatibility
 RUN groupadd -g 5000 vmail \
@@ -89,7 +89,7 @@ RUN groupadd -g 5000 vmail \
   && chmod +x /usr/local/bin/gosu \
   && gosu nobody true \
   && apt-key adv --fetch-keys https://repo.dovecot.org/DOVECOT-REPO-GPG \
-  && echo "deb https://repo.dovecot.org/ce-${DOVECOT}/debian/buster buster main" > /etc/apt/sources.list.d/dovecot.list \
+  && echo "deb https://repo.dovecot.org/ce-${DOVECOT}/debian/bullseye bullseye main" > /etc/apt/sources.list.d/dovecot.list \
   && apt-get update \
   && apt-get -y --no-install-recommends install \
   dovecot-lua \