From 5619175108c89df9f488067f60fafe9a80ac9081 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Tue, 27 Jun 2023 10:36:53 +0200 Subject: [PATCH 1/8] Upate SOGo to 5.8.4 --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index a5a8f95b03..2dd1304cc5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -169,7 +169,7 @@ services: - phpfpm sogo-mailcow: - image: mailcow/sogo:1.117 + image: mailcow/sogo:1.118 environment: - DBNAME=${DBNAME} - DBUSER=${DBUSER} From 34d990a80038e88122f8ff6b9d4f235416d8cef1 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Fri, 28 Jul 2023 20:35:28 +0200 Subject: [PATCH 2/8] Removed obsolete whois package --- data/Dockerfiles/postfix/Dockerfile | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/data/Dockerfiles/postfix/Dockerfile b/data/Dockerfiles/postfix/Dockerfile index 4a894fd4f2..bda6e07f2d 100644 --- a/data/Dockerfiles/postfix/Dockerfile +++ b/data/Dockerfiles/postfix/Dockerfile @@ -17,10 +17,10 @@ RUN groupadd -g 102 postfix \ ca-certificates \ curl \ dirmngr \ - dnsutils \ + dnsutils \ gnupg \ libsasl2-modules \ - mariadb-client \ + mariadb-client \ perl \ postfix \ postfix-mysql \ @@ -32,8 +32,7 @@ RUN groupadd -g 102 postfix \ syslog-ng \ syslog-ng-core \ syslog-ng-mod-redis \ - tzdata \ - whois \ + tzdata \ && rm -rf /var/lib/apt/lists/* \ && touch /etc/default/locale \ && printf '#!/bin/bash\n/usr/sbin/postconf -c /opt/postfix/conf "$@"' > /usr/local/sbin/postconf \ From 952ddb18fd59707b3d68b7908cc599d17aadadc5 Mon Sep 17 00:00:00 2001 From: Christian Hailer Date: Sun, 30 Jul 2023 18:56:52 +0200 Subject: [PATCH 3/8] dns_blocklists.cf isn't appended to main.cf and therefore ineffective #5340 --- data/Dockerfiles/postfix/postfix.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh index 1b5b383c2a..9696fa9f22 100755 --- a/data/Dockerfiles/postfix/postfix.sh +++ b/data/Dockerfiles/postfix/postfix.sh @@ -539,6 +539,9 @@ echo -e "myhostname = ${MAILCOW_HOSTNAME}\n$(cat /opt/postfix/conf/extra.cf)" > cat /opt/postfix/conf/extra.cf >> /opt/postfix/conf/main.cf +# Append postscreen dnsbl sites to main.cf +cat /opt/postfix/conf/dns_blocklists.cf >> /opt/postfix/conf/main.cf + if [ ! -f /opt/postfix/conf/custom_transport.pcre ]; then echo "Creating dummy custom_transport.pcre" touch /opt/postfix/conf/custom_transport.pcre From 6cf2775e7e03a01436d4f6f07145d24d1b80fa48 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Mon, 31 Jul 2023 12:01:34 +0200 Subject: [PATCH 4/8] Fix Reponse Code for ASN Checks --- generate_config.sh | 4 ++-- update.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/generate_config.sh b/generate_config.sh index e62b6db578..d09dae9e65 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -60,8 +60,8 @@ fi detect_bad_asn() { echo -e "\e[33mDetecting if your IP is listed on Spamhaus Bad ASN List...\e[0m" - response=$(curl --connect-timeout 15 --retry 5 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email") - if [ "$response" -eq 403 ]; then + response=$(curl --connect-timeout 15 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email") + if [ "$response" -eq 503 ]; then if [ -z "$SPAMHAUS_DQS_KEY" ]; then echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m" echo -e "\e[33mmailcow did not detected a value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf!\e[0m" diff --git a/update.sh b/update.sh index 5b8aa9e87d..8c5a4fb5c0 100755 --- a/update.sh +++ b/update.sh @@ -257,8 +257,8 @@ fi detect_bad_asn() { echo -e "\e[33mDetecting if your IP is listed on Spamhaus Bad ASN List...\e[0m" - response=$(curl --connect-timeout 15 --retry 5 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email") - if [ "$response" -eq 403 ]; then + response=$(curl --connect-timeout 15 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email") + if [ "$response" -eq 503 ]; then if [ -z "$SPAMHAUS_DQS_KEY" ]; then echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m" echo -e "\e[33mmailcow did not detected a value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf!\e[0m" From 0f337971ff12b89805bb58b14b858c74e8fdb7dd Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Mon, 31 Jul 2023 12:03:07 +0200 Subject: [PATCH 5/8] Reimplemented option for custom dnsbls --- data/Dockerfiles/postfix/postfix.sh | 137 +++++----------------------- docker-compose.yml | 2 +- 2 files changed, 22 insertions(+), 117 deletions(-) diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh index 9696fa9f22..8450bbe61d 100755 --- a/data/Dockerfiles/postfix/postfix.sh +++ b/data/Dockerfiles/postfix/postfix.sh @@ -397,136 +397,40 @@ echo -e "\e[33mChecking if ASN for your IP is listed for Spamhaus Bad ASN List.. if [ -n "$SPAMHAUS_DQS_KEY" ]; then echo -e "\e[32mDetected SPAMHAUS_DQS_KEY variable from mailcow.conf...\e[0m" echo -e "\e[33mUsing DQS Blocklists from Spamhaus!\e[0m" - cat < /opt/postfix/conf/dns_blocklists.cf - # Autogenerated by mailcow - postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2 - hostkarma.junkemailfilter.com=127.0.0.1*-2 - list.dnswl.org=127.0.[0..255].0*-2 - list.dnswl.org=127.0.[0..255].1*-4 - list.dnswl.org=127.0.[0..255].2*-6 - list.dnswl.org=127.0.[0..255].3*-8 - ix.dnsbl.manitu.net*2 - bl.spamcop.net*2 - bl.suomispam.net*2 - hostkarma.junkemailfilter.com=127.0.0.2*3 - hostkarma.junkemailfilter.com=127.0.0.4*2 - hostkarma.junkemailfilter.com=127.0.1.2*1 - backscatter.spameatingmonkey.net*2 - bl.ipv6.spameatingmonkey.net*2 - bl.spameatingmonkey.net*2 - b.barracudacentral.org=127.0.0.2*7 - bl.mailspike.net=127.0.0.2*5 - bl.mailspike.net=127.0.0.[10;11;12]*4 - dnsbl.sorbs.net=127.0.0.10*8 - dnsbl.sorbs.net=127.0.0.5*6 - dnsbl.sorbs.net=127.0.0.7*3 - dnsbl.sorbs.net=127.0.0.8*2 - dnsbl.sorbs.net=127.0.0.6*2 - dnsbl.sorbs.net=127.0.0.9*2 - ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.[4..7]*6 - ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.[10;11]*8 - ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.3*4 - ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.2*3 - ${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net=127.0.0.3*4 - ${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net=127.0.0.2*3 + cat < /tmp/spamhaus.cf +# Autogenerated by mailcow, using Spamhaus DQS lists + ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.[4..7]*6 + ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.[10;11]*8 + ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.3*4 + ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.2*3 + ${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net=127.0.0.3*4 + ${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net=127.0.0.2*3 EOF else - response=$(curl --connect-timeout 15 --retry 5 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email") - if [ "$response" -eq 403 ]; then + response=$(curl --connect-timeout 15 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email") + if [ "$response" -eq 503 ]; then echo -e "\e[31mThe AS of your IP is listed as a banned AS from Spamhaus!\e[0m" echo -e "\e[33mNo SPAMHAUS_DQS_KEY found... Skipping Spamhaus blocklists entirely!\e[0m" - cat < /opt/postfix/conf/dns_blocklists.cf - # Autogenerated by mailcow - postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2 - hostkarma.junkemailfilter.com=127.0.0.1*-2 - list.dnswl.org=127.0.[0..255].0*-2 - list.dnswl.org=127.0.[0..255].1*-4 - list.dnswl.org=127.0.[0..255].2*-6 - list.dnswl.org=127.0.[0..255].3*-8 - ix.dnsbl.manitu.net*2 - bl.spamcop.net*2 - bl.suomispam.net*2 - hostkarma.junkemailfilter.com=127.0.0.2*3 - hostkarma.junkemailfilter.com=127.0.0.4*2 - hostkarma.junkemailfilter.com=127.0.1.2*1 - backscatter.spameatingmonkey.net*2 - bl.ipv6.spameatingmonkey.net*2 - bl.spameatingmonkey.net*2 - b.barracudacentral.org=127.0.0.2*7 - bl.mailspike.net=127.0.0.2*5 - bl.mailspike.net=127.0.0.[10;11;12]*4 - dnsbl.sorbs.net=127.0.0.10*8 - dnsbl.sorbs.net=127.0.0.5*6 - dnsbl.sorbs.net=127.0.0.7*3 - dnsbl.sorbs.net=127.0.0.8*2 - dnsbl.sorbs.net=127.0.0.6*2 - dnsbl.sorbs.net=127.0.0.9*2 + cat < /tmp/spamhaus.cf +# Autogenerated by mailcow, using no Spamhaus DNSBL EOF elif [ "$response" -eq 200 ]; then echo -e "\e[32mThe AS of your IP is NOT listed as a banned AS from Spamhaus!\e[0m" echo -e "\e[33mUsing the open Spamhaus blocklists.\e[0m" - cat < /opt/postfix/conf/dns_blocklists.cf - # Autogenerated by mailcow - postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2 - hostkarma.junkemailfilter.com=127.0.0.1*-2 - list.dnswl.org=127.0.[0..255].0*-2 - list.dnswl.org=127.0.[0..255].1*-4 - list.dnswl.org=127.0.[0..255].2*-6 - list.dnswl.org=127.0.[0..255].3*-8 - ix.dnsbl.manitu.net*2 - bl.spamcop.net*2 - bl.suomispam.net*2 - hostkarma.junkemailfilter.com=127.0.0.2*3 - hostkarma.junkemailfilter.com=127.0.0.4*2 - hostkarma.junkemailfilter.com=127.0.1.2*1 - backscatter.spameatingmonkey.net*2 - bl.ipv6.spameatingmonkey.net*2 - bl.spameatingmonkey.net*2 - b.barracudacentral.org=127.0.0.2*7 - bl.mailspike.net=127.0.0.2*5 - bl.mailspike.net=127.0.0.[10;11;12]*4 - dnsbl.sorbs.net=127.0.0.10*8 - dnsbl.sorbs.net=127.0.0.5*6 - dnsbl.sorbs.net=127.0.0.7*3 - dnsbl.sorbs.net=127.0.0.8*2 - dnsbl.sorbs.net=127.0.0.6*2 - dnsbl.sorbs.net=127.0.0.9*2 - zen.spamhaus.org=127.0.0.[10;11]*8 - zen.spamhaus.org=127.0.0.[4..7]*6 - zen.spamhaus.org=127.0.0.3*4 - zen.spamhaus.org=127.0.0.2*3 + cat < /tmp/spamhaus.cf +# Autogenerated by mailcow, using public spamhaus lists + zen.spamhaus.org=127.0.0.[10;11]*8 + zen.spamhaus.org=127.0.0.[4..7]*6 + zen.spamhaus.org=127.0.0.3*4 + zen.spamhaus.org=127.0.0.2*3 EOF else echo -e "\e[31mWe couldn't determine your AS... (maybe DNS/Network issue?) Response Code: $response\e[0m" echo -e "\e[33mDeactivating Spamhaus DNS Blocklists to be on the safe site!\e[0m" - cat < /opt/postfix/conf/dns_blocklists.cf - # Autogenerated by mailcow - postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2 - hostkarma.junkemailfilter.com=127.0.0.1*-2 - list.dnswl.org=127.0.[0..255].0*-2 - list.dnswl.org=127.0.[0..255].1*-4 - list.dnswl.org=127.0.[0..255].2*-6 - list.dnswl.org=127.0.[0..255].3*-8 - ix.dnsbl.manitu.net*2 - bl.spamcop.net*2 - bl.suomispam.net*2 - hostkarma.junkemailfilter.com=127.0.0.2*3 - hostkarma.junkemailfilter.com=127.0.0.4*2 - hostkarma.junkemailfilter.com=127.0.1.2*1 - backscatter.spameatingmonkey.net*2 - bl.ipv6.spameatingmonkey.net*2 - bl.spameatingmonkey.net*2 - b.barracudacentral.org=127.0.0.2*7 - bl.mailspike.net=127.0.0.2*5 - bl.mailspike.net=127.0.0.[10;11;12]*4 - dnsbl.sorbs.net=127.0.0.10*8 - dnsbl.sorbs.net=127.0.0.5*6 - dnsbl.sorbs.net=127.0.0.7*3 - dnsbl.sorbs.net=127.0.0.8*2 - dnsbl.sorbs.net=127.0.0.6*2 - dnsbl.sorbs.net=127.0.0.9*2 + cat < /tmp/spamhaus.cf +# Autogenerated by mailcow, using no Spamhaus DNSBL EOF fi fi @@ -541,6 +445,7 @@ cat /opt/postfix/conf/extra.cf >> /opt/postfix/conf/main.cf # Append postscreen dnsbl sites to main.cf cat /opt/postfix/conf/dns_blocklists.cf >> /opt/postfix/conf/main.cf +cat /tmp/spamhaus.cf >> /opt/postfix/conf/main.cf if [ ! -f /opt/postfix/conf/custom_transport.pcre ]; then echo "Creating dummy custom_transport.pcre" diff --git a/docker-compose.yml b/docker-compose.yml index 865dacb2f5..bd7c4acbb5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -297,7 +297,7 @@ services: - dovecot postfix-mailcow: - image: mailcow/postfix:1.69 + image: mailcow/postfix:1.70 depends_on: - mysql-mailcow volumes: From 6d17b9f504c1356b31ddb997dfa751032e257410 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Mon, 31 Jul 2023 12:03:31 +0200 Subject: [PATCH 6/8] Added dns_blocklists.cf for customizations --- data/conf/postfix/dns_blocklists.cf | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 data/conf/postfix/dns_blocklists.cf diff --git a/data/conf/postfix/dns_blocklists.cf b/data/conf/postfix/dns_blocklists.cf new file mode 100644 index 0000000000..9fc9e70f87 --- /dev/null +++ b/data/conf/postfix/dns_blocklists.cf @@ -0,0 +1,25 @@ +# Content loaded from dns_blocklists.cf, edit only if really necessary! +postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2 + hostkarma.junkemailfilter.com=127.0.0.1*-2 + list.dnswl.org=127.0.[0..255].0*-2 + list.dnswl.org=127.0.[0..255].1*-4 + list.dnswl.org=127.0.[0..255].2*-6 + list.dnswl.org=127.0.[0..255].3*-8 + ix.dnsbl.manitu.net*2 + bl.spamcop.net*2 + bl.suomispam.net*2 + hostkarma.junkemailfilter.com=127.0.0.2*3 + hostkarma.junkemailfilter.com=127.0.0.4*2 + hostkarma.junkemailfilter.com=127.0.1.2*1 + backscatter.spameatingmonkey.net*2 + bl.ipv6.spameatingmonkey.net*2 + bl.spameatingmonkey.net*2 + b.barracudacentral.org=127.0.0.2*7 + bl.mailspike.net=127.0.0.2*5 + bl.mailspike.net=127.0.0.[10;11;12]*4 + dnsbl.sorbs.net=127.0.0.10*8 + dnsbl.sorbs.net=127.0.0.5*6 + dnsbl.sorbs.net=127.0.0.7*3 + dnsbl.sorbs.net=127.0.0.8*2 + dnsbl.sorbs.net=127.0.0.6*2 + dnsbl.sorbs.net=127.0.0.9*2 From 31cb0f7db133bfbf3ebe7761032644ada6ec6683 Mon Sep 17 00:00:00 2001 From: milkmaker Date: Mon, 31 Jul 2023 10:06:07 +0000 Subject: [PATCH 7/8] update postscreen_access.cidr --- data/conf/postfix/postscreen_access.cidr | 359 ++++++++++++++++------- 1 file changed, 252 insertions(+), 107 deletions(-) diff --git a/data/conf/postfix/postscreen_access.cidr b/data/conf/postfix/postscreen_access.cidr index 5509433baf..153cd68940 100644 --- a/data/conf/postfix/postscreen_access.cidr +++ b/data/conf/postfix/postscreen_access.cidr @@ -1,15 +1,20 @@ -# Whitelist generated by Postwhite v3.4 on Mon 21 Mar 2022 06:50:26 PM CET +# Whitelist generated by Postwhite v3.4 on Mon Jul 31 10:06:06 UTC 2023 # https://github.com/stevejenkins/postwhite/ -# 1898 total rules +# 2043 total rules 2a00:1450:4000::/36 permit 2a01:111:f400::/48 permit -2a01:111:f403::/48 permit -2a01:4180:4050:0400::/64 permit -2a01:4180:4050:0800::/64 permit -2a01:4180:4051:0400::/64 permit -2a01:4180:4051:0800::/64 permit +2a01:111:f403:8000::/50 permit +2a01:111:f403::/49 permit +2a01:111:f403:c000::/51 permit +2a01:111:f403:f000::/52 permit 2a02:a60:0:5::/64 permit 2c0f:fb50:4000::/36 permit +2.207.151.53 permit +3.14.230.16 permit +3.70.123.177 permit +3.93.157.0/24 permit +3.129.120.190 permit +3.210.190.0/24 permit 8.20.114.31 permit 8.25.194.0/23 permit 8.25.196.0/23 permit @@ -19,41 +24,53 @@ 13.70.32.43 permit 13.72.50.45 permit 13.74.143.28 permit -13.77.161.179 permit 13.78.233.182 permit 13.92.31.129 permit 13.110.208.0/21 permit +13.110.209.0/24 permit 13.110.216.0/22 permit 13.110.224.0/20 permit 13.111.0.0/16 permit -17.41.0.0/16 permit +15.200.21.50 permit +15.200.44.248 permit +15.200.201.185 permit 17.57.155.0/24 permit 17.57.156.0/24 permit 17.58.0.0/16 permit -17.110.0.0/15 permit -17.142.0.0/15 permit -17.162.0.0/15 permit -17.164.0.0/16 permit -17.171.37.0/24 permit -17.172.0.0/16 permit -17.179.168.0/23 permit +18.156.89.250 permit +18.157.243.190 permit 18.194.95.56 permit 18.198.96.88 permit -20.47.149.138 permit -20.48.0.0/12 permit +18.208.124.128/25 permit +18.216.232.154 permit +18.234.1.244 permit +18.236.40.242 permit +20.51.6.32/30 permit 20.52.52.2 permit 20.52.128.133 permit +20.59.80.4/30 permit 20.63.210.192/28 permit -20.64.0.0/10 permit +20.69.8.108/30 permit +20.70.246.20 permit +20.76.201.171 permit +20.83.222.104/30 permit +20.88.157.184/30 permit 20.94.180.64/28 permit +20.97.34.220/30 permit +20.98.148.156/30 permit +20.98.194.68/30 permit +20.105.209.76/30 permit +20.107.239.64/30 permit +20.112.250.133 permit +20.118.139.208/30 permit 20.185.213.160/27 permit 20.185.213.224/27 permit 20.185.214.0/27 permit 20.185.214.2 permit 20.185.214.32/27 permit 20.185.214.64/27 permit -20.192.0.0/10 permit -23.100.85.1 permit +20.231.239.246 permit +20.236.44.162 permit 23.103.224.0/19 permit 23.249.208.0/20 permit 23.251.224.0/19 permit @@ -78,46 +95,38 @@ 27.123.206.56/29 permit 27.123.206.76/30 permit 27.123.206.80/28 permit -34.194.25.167 permit -34.194.144.120 permit +31.25.48.222 permit +34.195.217.107 permit +34.202.239.6 permit 34.212.163.75 permit +34.215.104.144 permit 34.225.212.172 permit 34.247.168.44 permit +35.161.32.253 permit +35.167.93.243 permit 35.176.132.251 permit 35.190.247.0/24 permit 35.191.0.0/16 permit -37.188.97.188 permit 37.218.248.47 permit 37.218.249.47 permit 37.218.251.62 permit 39.156.163.64/29 permit 40.71.187.0/24 permit -40.76.4.15 permit -40.77.102.222 permit 40.92.0.0/15 permit -40.97.116.82 permit -40.97.128.194 permit -40.97.148.226 permit -40.97.153.146 permit -40.97.156.114 permit -40.97.160.2 permit -40.97.161.50 permit -40.97.164.146 permit 40.107.0.0/16 permit 40.112.65.63 permit -40.112.72.205 permit -40.113.200.201 permit 40.117.80.0/24 permit -40.121.71.46 permit 41.74.192.0/22 permit 41.74.196.0/22 permit 41.74.200.0/23 permit 41.74.204.0/23 permit 41.74.206.0/24 permit -42.159.163.81 permit -42.159.163.82 permit -42.159.163.83 permit 43.228.184.0/22 permit +44.206.138.57 permit +44.209.42.157 permit +44.236.56.93 permit +44.238.220.251 permit +46.19.168.0/23 permit 46.226.48.0/21 permit 46.228.36.37 permit 46.228.36.38/31 permit @@ -167,6 +176,8 @@ 46.243.88.175 permit 46.243.88.176 permit 46.243.88.177 permit +46.243.95.179 permit +46.243.95.180 permit 50.18.45.249 permit 50.18.121.236 permit 50.18.121.248 permit @@ -178,11 +189,6 @@ 50.31.32.0/19 permit 50.31.156.96/27 permit 50.31.205.0/24 permit -51.4.71.62 permit -51.4.72.0/24 permit -51.4.80.0/27 permit -51.5.72.0/24 permit -51.5.80.0/27 permit 51.137.58.21 permit 51.140.75.55 permit 51.144.100.179 permit @@ -191,17 +197,28 @@ 52.5.230.59 permit 52.27.5.72 permit 52.27.28.47 permit -52.33.191.91 permit +52.28.63.81 permit 52.36.138.31 permit 52.37.142.146 permit -52.38.191.253 permit -52.41.64.145 permit +52.58.216.183 permit +52.59.143.3 permit 52.60.41.5 permit 52.60.115.116 permit +52.61.91.9 permit +52.71.0.205 permit 52.82.172.0/22 permit 52.94.124.0/28 permit 52.95.48.152/29 permit 52.95.49.88/29 permit +52.96.91.34 permit +52.96.111.82 permit +52.96.172.98 permit +52.96.214.50 permit +52.96.222.194 permit +52.96.222.226 permit +52.96.223.2 permit +52.96.228.130 permit +52.96.229.242 permit 52.100.0.0/14 permit 52.119.213.144/28 permit 52.160.39.140 permit @@ -214,23 +231,29 @@ 52.222.73.83 permit 52.222.73.120 permit 52.222.75.85 permit +52.222.89.228 permit 52.234.172.96/28 permit 52.236.28.240/28 permit -52.237.141.173 permit 52.244.206.214 permit 52.247.53.144 permit 52.250.107.196 permit 52.250.126.174 permit -52.251.55.143 permit 54.90.148.255 permit -54.156.255.69 permit 54.172.97.247 permit +54.174.52.0/24 permit +54.174.53.128/30 permit +54.174.57.0/24 permit +54.174.59.0/24 permit +54.174.60.0/23 permit +54.174.63.0/24 permit 54.186.193.102 permit -54.191.223.5 permit +54.191.223.56 permit 54.194.61.95 permit 54.195.113.45 permit +54.213.20.246 permit 54.214.39.184 permit 54.216.77.168 permit +54.221.227.204 permit 54.240.0.0/18 permit 54.240.64.0/19 permit 54.240.96.0/19 permit @@ -238,7 +261,9 @@ 54.244.54.130 permit 54.244.242.0/24 permit 54.246.232.180 permit +54.255.61.23 permit 62.13.128.0/24 permit +62.13.128.150 permit 62.13.129.128/25 permit 62.13.136.0/22 permit 62.13.140.0/22 permit @@ -249,22 +274,29 @@ 62.17.146.128/26 permit 62.140.7.0/24 permit 62.140.10.21 permit +62.179.121.0/24 permit +62.201.172.0/27 permit +62.201.172.32/27 permit +62.253.227.114 permit 63.32.13.159 permit 63.80.14.0/23 permit +63.111.28.137 permit 63.128.21.0/24 permit 63.143.57.128/25 permit 63.143.59.128/25 permit 64.18.0.0/20 permit 64.20.241.45 permit -64.34.47.128/27 permit -64.34.57.192/26 permit +64.69.212.0/24 permit 64.71.149.160/28 permit 64.79.155.0/24 permit +64.79.155.192 permit +64.79.155.193 permit +64.79.155.205 permit +64.79.155.206 permit 64.89.44.85 permit 64.89.45.80 permit 64.89.45.194 permit 64.89.45.196 permit -64.95.144.196 permit 64.127.115.252 permit 64.132.88.0/23 permit 64.132.92.0/24 permit @@ -290,6 +322,7 @@ 64.207.219.71 permit 64.207.219.72 permit 64.207.219.73 permit +64.207.219.75 permit 64.207.219.77 permit 64.207.219.78 permit 64.207.219.79 permit @@ -300,9 +333,6 @@ 64.207.219.142 permit 64.207.219.143 permit 64.233.160.0/19 permit -65.38.115.76 permit -65.38.115.84 permit -65.39.215.0/24 permit 65.52.80.137 permit 65.54.51.64/26 permit 65.54.61.64/26 permit @@ -342,6 +372,10 @@ 66.111.4.225 permit 66.111.4.229 permit 66.111.4.230 permit +66.119.150.192/26 permit +66.135.202.0/27 permit +66.135.215.0/24 permit +66.135.222.1 permit 66.162.193.226/31 permit 66.163.184.0/21 permit 66.163.184.0/24 permit @@ -373,7 +407,8 @@ 66.196.81.234 permit 66.211.168.230/31 permit 66.211.170.86/31 permit -66.211.170.88/30 permit +66.211.170.88/29 permit +66.211.184.0/23 permit 66.218.74.64/30 permit 66.218.74.68/31 permit 66.218.75.112/30 permit @@ -445,6 +480,8 @@ 68.142.230.72/30 permit 68.142.230.76/31 permit 68.142.230.78 permit +68.232.140.138 permit +68.232.157.143 permit 68.232.192.0/20 permit 69.63.178.128/25 permit 69.63.181.0/24 permit @@ -452,6 +489,10 @@ 69.65.42.195 permit 69.65.49.192/29 permit 69.72.32.0/20 permit +69.72.40.93 permit +69.72.40.94/31 permit +69.72.40.96/30 permit +69.72.47.205 permit 69.147.84.227 permit 69.162.98.0/24 permit 69.169.224.0/20 permit @@ -460,7 +501,7 @@ 70.37.151.128/25 permit 70.42.149.0/24 permit 70.42.149.35 permit -72.3.185.0/24 permit +72.3.237.64/28 permit 72.14.192.0/18 permit 72.21.192.0/19 permit 72.21.217.142 permit @@ -522,15 +563,11 @@ 72.30.239.228/31 permit 72.30.239.244/30 permit 72.30.239.248/31 permit -72.32.154.0/24 permit -72.32.217.0/24 permit -72.32.243.0/24 permit 72.34.168.76 permit 72.34.168.80 permit 72.34.168.85 permit 72.34.168.86 permit 72.52.72.32/28 permit -72.52.72.36 permit 74.6.128.0/21 permit 74.6.128.0/24 permit 74.6.129.0/24 permit @@ -558,8 +595,11 @@ 74.112.67.243 permit 74.125.0.0/16 permit 74.202.227.40 permit +74.208.4.192/26 permit +74.208.5.64/26 permit +74.208.122.0/26 permit 74.209.250.0/24 permit -74.209.250.12 permit +76.223.128.0/19 permit 76.223.176.0/20 permit 77.238.176.0/22 permit 77.238.176.0/24 permit @@ -583,7 +623,13 @@ 77.238.189.146/31 permit 77.238.189.148/30 permit 81.223.46.0/27 permit -84.16.77.1 permit +82.165.159.0/24 permit +82.165.159.0/26 permit +82.165.229.31 permit +82.165.229.130 permit +82.165.230.21 permit +82.165.230.22 permit +84.116.36.0/24 permit 85.158.136.0/21 permit 86.61.88.25 permit 87.198.219.130 permit @@ -624,11 +670,11 @@ 87.248.117.201 permit 87.248.117.202 permit 87.248.117.205 permit -87.252.219.254 permit 87.253.232.0/21 permit 89.22.108.0/24 permit +91.194.248.0/23 permit +91.211.240.0/22 permit 91.220.42.0/24 permit -94.236.119.0/26 permit 94.245.112.0/27 permit 94.245.112.10/31 permit 95.131.104.0/21 permit @@ -638,6 +684,7 @@ 96.43.148.64/28 permit 96.43.148.64/31 permit 96.43.151.64/28 permit +98.97.248.0/21 permit 98.136.44.181 permit 98.136.44.182/31 permit 98.136.44.184 permit @@ -1142,23 +1189,21 @@ 98.139.245.212/31 permit 99.78.197.208/28 permit 103.2.140.0/22 permit -103.9.8.121 permit -103.9.8.122 permit -103.9.8.123 permit 103.9.96.0/22 permit 103.13.69.0/24 permit +103.28.42.0/24 permit 103.47.204.0/22 permit 103.96.21.0/24 permit +103.96.22.0/24 permit 103.96.23.0/24 permit 103.151.192.0/23 permit -103.237.104.0/22 permit +103.168.172.128/27 permit 104.43.243.237 permit +104.44.112.128/25 permit 104.47.0.0/17 permit 104.130.96.0/28 permit 104.130.122.0/23 permit 104.214.25.77 permit -104.215.148.63 permit -104.215.186.3 permit 104.245.209.192/26 permit 106.10.144.64/27 permit 106.10.144.100/31 permit @@ -1320,6 +1365,8 @@ 117.120.16.0/21 permit 119.42.242.52/31 permit 119.42.242.156 permit +121.244.91.48 permit +122.15.156.182 permit 123.126.78.64/29 permit 124.47.150.0/24 permit 124.47.189.0/24 permit @@ -1335,20 +1382,35 @@ 128.127.70.0/26 permit 128.245.0.0/20 permit 128.245.64.0/20 permit +128.245.176.0/20 permit +128.245.242.0/24 permit +128.245.242.16 permit +128.245.242.17 permit +128.245.242.18 permit +128.245.243.0/24 permit +128.245.244.0/24 permit +128.245.245.0/24 permit +128.245.246.0/24 permit +128.245.247.0/24 permit 129.41.77.70 permit 129.41.169.249 permit +129.80.5.164 permit +129.80.67.121 permit +129.146.88.28 permit +129.146.147.105 permit 129.146.236.58 permit +129.151.67.221 permit +129.153.62.216 permit +129.153.104.71 permit +129.153.168.146 permit +129.153.190.200 permit 129.153.194.228 permit 129.159.87.137 permit +129.213.195.191 permit 130.61.9.72 permit 130.211.0.0/22 permit -130.248.172.0/24 permit -130.248.173.0/24 permit -131.107.0.0/16 permit 131.253.30.0/24 permit 131.253.121.0/26 permit -131.253.121.20 permit -131.253.121.52 permit 132.145.13.209 permit 132.226.26.225 permit 132.226.49.32 permit @@ -1358,9 +1420,13 @@ 134.170.141.64/26 permit 134.170.143.0/24 permit 134.170.174.0/24 permit -135.84.80.192/26 permit +135.84.80.0/24 permit +135.84.81.0/24 permit 135.84.82.0/24 permit +135.84.83.0/24 permit 135.84.216.0/22 permit +136.143.160.0/24 permit +136.143.161.0/24 permit 136.143.182.0/23 permit 136.143.184.0/24 permit 136.143.188.0/24 permit @@ -1369,34 +1435,53 @@ 136.147.176.0/20 permit 136.147.176.0/24 permit 136.147.182.0/24 permit +136.179.50.206 permit 138.91.172.26 permit 139.60.152.0/22 permit -139.178.64.159 permit -139.178.64.195 permit +139.138.35.44 permit +139.138.46.121 permit +139.138.46.176 permit +139.138.46.219 permit +139.138.57.55 permit +139.138.58.119 permit +139.180.17.0/24 permit +141.148.159.229 permit 141.193.32.0/23 permit 143.55.224.0/21 permit 143.55.232.0/22 permit 143.55.236.0/22 permit +143.244.80.0/20 permit +144.24.6.140 permit +144.34.8.247 permit +144.34.9.247 permit +144.34.32.247 permit +144.34.33.247 permit 144.178.36.0/24 permit 144.178.38.0/24 permit +145.253.228.160/29 permit +145.253.239.128/29 permit 146.20.112.0/26 permit 146.20.113.0/24 permit 146.20.191.0/24 permit 146.20.215.0/24 permit +146.20.215.182 permit +146.88.28.0/24 permit 146.101.78.0/24 permit -147.75.65.173 permit -147.75.65.174 permit -147.75.98.190 permit +147.28.36.0/24 permit 147.160.158.0/24 permit 147.243.1.47 permit 147.243.1.48 permit 147.243.1.153 permit 147.243.128.24 permit 147.243.128.26 permit -148.105.0.14 permit +148.105.0.0/16 permit 148.105.8.0/21 permit 149.72.0.0/16 permit +149.97.173.180 permit +150.230.98.160 permit 152.67.105.195 permit +152.69.200.236 permit +155.248.208.51 permit 157.55.0.192/26 permit 157.55.1.128/26 permit 157.55.2.0/25 permit @@ -1412,32 +1497,43 @@ 157.56.232.0/21 permit 157.56.240.0/20 permit 157.56.248.0/21 permit +157.58.30.128/25 permit 157.58.196.96/29 permit 157.58.249.3 permit 157.151.208.65 permit 157.255.1.64/29 permit +158.101.211.207 permit +158.120.80.0/21 permit +158.247.16.0/20 permit 159.92.157.0/24 permit +159.92.157.16 permit +159.92.157.17 permit +159.92.157.18 permit 159.92.158.0/24 permit 159.92.159.0/24 permit 159.92.160.0/24 permit 159.92.161.0/24 permit 159.92.162.0/24 permit +159.112.240.0/20 permit +159.112.242.162 permit 159.135.132.128/25 permit 159.135.140.80/29 permit 159.135.224.0/20 permit +159.135.228.10 permit 159.183.0.0/16 permit +160.1.62.192 permit 161.38.192.0/20 permit 161.38.204.0/22 permit 161.71.32.0/19 permit 161.71.64.0/20 permit -162.208.119.181 permit 162.247.216.0/22 permit +163.47.180.0/22 permit 163.47.180.0/23 permit 163.114.130.16 permit 163.114.132.120 permit +165.173.128.0/24 permit 166.78.68.0/22 permit 166.78.68.221 permit -166.78.69.146 permit 166.78.69.169 permit 166.78.69.170 permit 166.78.71.131 permit @@ -1457,10 +1553,13 @@ 167.216.129.210 permit 167.216.131.180 permit 167.220.67.232/29 permit -167.220.67.238 permit 168.138.5.36 permit +168.138.73.51 permit 168.245.0.0/17 permit +169.148.129.0/24 permit +169.148.131.0/24 permit 170.10.68.0/22 permit +170.10.128.0/24 permit 170.10.129.0/24 permit 170.10.133.0/24 permit 172.217.0.0/19 permit @@ -1475,10 +1574,8 @@ 173.194.0.0/16 permit 173.203.79.182 permit 173.203.81.39 permit -173.224.160.128/25 permit -173.224.160.188 permit 173.224.161.128/25 permit -173.228.155.0/24 permit +173.224.165.0/26 permit 174.36.84.8/29 permit 174.36.84.16/29 permit 174.36.84.32/29 permit @@ -1491,6 +1588,7 @@ 174.36.114.152/29 permit 174.37.67.28/30 permit 174.129.203.189 permit +175.41.215.51 permit 176.32.105.0/24 permit 176.32.127.0/24 permit 178.236.10.128/26 permit @@ -1498,8 +1596,9 @@ 182.50.76.0/22 permit 182.50.78.64/28 permit 183.240.219.64/29 permit +185.4.120.0/23 permit +185.4.122.0/24 permit 185.12.80.0/22 permit -185.28.196.0/22 permit 185.58.84.93 permit 185.58.85.0/24 permit 185.58.86.0/24 permit @@ -1509,9 +1608,13 @@ 185.80.93.204 permit 185.80.93.227 permit 185.80.95.31 permit +185.90.20.0/22 permit 185.189.236.0/22 permit 185.211.120.0/22 permit 185.250.236.0/22 permit +185.250.239.148 permit +185.250.239.168 permit +185.250.239.190 permit 188.125.68.132 permit 188.125.68.152/31 permit 188.125.68.156 permit @@ -1563,7 +1666,7 @@ 188.125.85.238 permit 188.172.128.0/20 permit 192.0.64.0/18 permit -192.28.128.0/18 permit +192.18.139.154 permit 192.30.252.0/22 permit 192.64.236.0/24 permit 192.64.237.0/24 permit @@ -1579,16 +1682,21 @@ 192.254.113.10 permit 192.254.113.101 permit 192.254.114.176 permit -192.254.118.63 permit 193.7.206.0/25 permit 193.7.207.0/25 permit 193.109.254.0/23 permit 193.122.128.100 permit +194.64.234.128/27 permit 194.64.234.129 permit 194.104.109.0/24 permit +194.104.110.21 permit +194.104.110.240/28 permit 194.104.111.0/24 permit 194.106.220.0/23 permit +194.113.24.0/22 permit 194.154.193.192/27 permit +195.4.92.0/23 permit +195.54.172.0/23 permit 195.130.217.0/24 permit 195.234.109.226 permit 195.245.230.0/23 permit @@ -1605,19 +1713,23 @@ 198.37.144.0/20 permit 198.37.152.186 permit 198.61.254.0/23 permit +198.61.254.21 permit 198.61.254.231 permit -198.74.56.28 permit 198.178.234.57 permit +198.244.48.0/20 permit +198.244.60.0/22 permit 198.245.80.0/20 permit 198.245.81.0/24 permit 199.15.176.173 permit -199.15.212.0/22 permit 199.15.213.187 permit 199.15.226.37 permit 199.16.156.0/22 permit 199.33.145.1 permit 199.33.145.32 permit 199.59.148.0/22 permit +199.67.84.0/24 permit +199.67.86.0/24 permit +199.67.88.0/24 permit 199.101.161.130 permit 199.101.162.0/25 permit 199.122.120.0/21 permit @@ -1630,8 +1742,10 @@ 202.177.148.110 permit 203.31.36.0/22 permit 203.32.4.25 permit +203.55.21.0/24 permit 203.81.17.0/24 permit 203.122.32.250 permit +203.145.57.160/27 permit 203.188.194.32 permit 203.188.194.151 permit 203.188.194.203 permit @@ -1666,28 +1780,31 @@ 203.209.230.76/31 permit 204.11.168.0/21 permit 204.13.11.48/29 permit +204.13.11.48/30 permit 204.14.232.0/21 permit 204.14.232.64/28 permit 204.14.234.64/28 permit 204.29.186.0/23 permit +204.75.142.0/24 permit 204.79.197.212 permit 204.92.114.187 permit 204.92.114.203 permit 204.92.114.204/31 permit 204.141.32.0/23 permit 204.141.42.0/23 permit -204.153.121.0/24 permit 204.232.168.0/24 permit 205.139.110.0/24 permit 205.201.128.0/20 permit 205.201.131.128/25 permit 205.201.134.128/25 permit 205.201.136.0/23 permit +205.201.137.229 permit 205.201.139.0/24 permit 205.207.104.0/22 permit -205.207.104.108 permit 205.220.167.17 permit +205.220.167.98 permit 205.220.179.17 permit +205.220.179.98 permit 205.251.233.32 permit 205.251.233.36 permit 206.25.247.143 permit @@ -1723,6 +1840,7 @@ 207.211.31.0/25 permit 207.211.41.113 permit 207.218.90.0/24 permit +207.218.90.122 permit 207.250.68.0/24 permit 208.40.232.70 permit 208.43.21.28/30 permit @@ -1758,8 +1876,10 @@ 208.71.42.212/31 permit 208.71.42.214 permit 208.72.249.240/29 permit +208.74.204.0/22 permit 208.74.204.9 permit 208.75.120.0/22 permit +208.75.121.246 permit 208.75.122.246 permit 208.82.237.96/29 permit 208.82.237.104/31 permit @@ -1773,14 +1893,13 @@ 209.46.117.168 permit 209.46.117.179 permit 209.61.151.0/24 permit +209.61.151.236 permit +209.61.151.249 permit +209.61.151.251 permit 209.67.98.46 permit 209.67.98.59 permit 209.85.128.0/17 permit 212.4.136.0/26 permit -212.25.240.80 permit -212.25.240.83 permit -212.25.240.84/31 permit -212.25.240.88 permit 212.82.96.0/24 permit 212.82.96.32/27 permit 212.82.96.64/29 permit @@ -1821,6 +1940,12 @@ 212.82.111.228/31 permit 212.82.111.230 permit 212.123.28.40 permit +212.227.15.0/24 permit +212.227.15.0/25 permit +212.227.17.0/27 permit +212.227.126.128/25 permit +213.46.255.0/24 permit +213.165.64.0/23 permit 213.167.75.0/25 permit 213.167.81.0/25 permit 213.199.128.139 permit @@ -1861,6 +1986,10 @@ 216.46.168.0/24 permit 216.58.192.0/19 permit 216.66.217.240/29 permit +216.71.138.33 permit +216.71.152.207 permit +216.71.154.29 permit +216.71.155.89 permit 216.74.162.13 permit 216.74.162.14 permit 216.82.240.0/20 permit @@ -1870,33 +1999,49 @@ 216.109.114.0/24 permit 216.109.114.32/27 permit 216.109.114.64/29 permit +216.113.160.0/24 permit +216.113.172.0/25 permit +216.113.175.0/24 permit 216.128.126.97 permit 216.136.162.65 permit 216.136.162.120/29 permit 216.136.168.80/28 permit +216.145.217.0/24 permit +216.145.221.0/24 permit 216.198.0.0/18 permit 216.203.30.55 permit 216.203.33.178/31 permit 216.205.24.0/24 permit 216.239.32.0/19 permit +217.72.192.64/26 permit +217.72.192.248/29 permit +217.72.207.0/27 permit 217.77.141.52 permit 217.77.141.59 permit +217.175.194.0/24 permit 222.73.195.64/29 permit 223.165.113.0/24 permit 223.165.115.0/24 permit 223.165.118.0/23 permit 223.165.120.0/23 permit +2001:0868:0100:0600::/64 permit 2001:4860:4000::/36 permit +2001:748:100:40::2:0/112 permit 2404:6800:4000::/36 permit +2603:1010:3:3::5b permit +2603:1020:201:10::10f permit +2603:1030:20e:3::23c permit +2603:1030:b:3::152 permit +2603:1030:c02:8::14 permit 2607:f8b0:4000::/36 permit -2620:109:c003:104::215 permit 2620:109:c003:104::/64 permit -2620:109:c006:104::215 permit +2620:109:c003:104::215 permit 2620:109:c006:104::/64 permit +2620:109:c006:104::215 permit 2620:109:c00d:104::/64 permit 2620:10d:c090:450::120 permit -2620:10d:c091:450::16 permit -2620:119:50c0:207::215 permit +2620:10d:c091:400::8:1 permit 2620:119:50c0:207::/64 permit +2620:119:50c0:207::215 permit 2800:3f0:4000::/36 permit 194.25.134.0/24 permit # t-online.de From 3000da6b880da04d4621bc9b1a93d86f1b6112e4 Mon Sep 17 00:00:00 2001 From: "Hailer, Christian" Date: Mon, 31 Jul 2023 13:50:36 +0200 Subject: [PATCH 8/8] Fix spamhaus query domains (.net only) --- data/Dockerfiles/postfix/postfix.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh index 8450bbe61d..fb408ce9a0 100755 --- a/data/Dockerfiles/postfix/postfix.sh +++ b/data/Dockerfiles/postfix/postfix.sh @@ -400,9 +400,9 @@ if [ -n "$SPAMHAUS_DQS_KEY" ]; then cat < /tmp/spamhaus.cf # Autogenerated by mailcow, using Spamhaus DQS lists ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.[4..7]*6 - ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.[10;11]*8 - ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.3*4 - ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.2*3 + ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.[10;11]*8 + ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.3*4 + ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.2*3 ${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net=127.0.0.3*4 ${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net=127.0.0.2*3 EOF