github-personal/Mailu
1
0
Fork 0
mirror of https://github.com/outbackdingo/Mailu.git synced 2026-01-27 10:19:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix snappymail

Browse Source
This commit is contained in:
Florent Daigniere
2025-08-15 20:46:11 +02:00
parent 91d571aec8
commit 8ea66c219a
4 changed files with 101 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
towncrier/newsfragments/3896.misc Normal file
View File

@@ -0,0 +1 @@
Fix Snappymail

60
webmails/nginx-webmail.conf
View File

@@ -36,35 +36,55 @@ server {
try_files $uri $uri/ /index.php$args;
}
location ~ \.php$ {
location ~ ^(.+\.php)(.*)$ {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
include /etc/nginx/fastcgi_params;
include /etc/nginx/fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_keep_conn on;
fastcgi_keep_conn on;
fastcgi_pass unix:/var/run/php8-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
{% if WEB_WEBMAIL == '/' %}
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
{% else %}
fastcgi_param SCRIPT_NAME {{WEB_WEBMAIL}}/$fastcgi_script_name;
{% endif %}
fastcgi_pass unix:/var/run/php8-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
{% if WEB_WEBMAIL == '/' %}
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
{% else %}
fastcgi_param SCRIPT_NAME {{WEB_WEBMAIL}}/$fastcgi_script_name;
{% endif %}
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param PATH_INFO $fastcgi_path_info;
# fastcgi buffers for php-fpm #
fastcgi_buffers 16 32k;
fastcgi_buffer_size 64k;
fastcgi_busy_buffers_size 64k;
fastcgi_request_buffering off;
# nginx buffers #
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
# nginx buffers #
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
# Assets cache control
# --------------------------------------
location ~* \.(?:html|xml|json)$ {
expires -1;
}
location ~* \.(?:css|js)$ {
expires 7d;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~* \.(?:gif|jpe?g|png|ico|otf|eot|svg|ttf|woff|woff2)$ {
expires 30d;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~ (^|/)\. {

65
webmails/snappymail/defaults/default.json
View File

@@ -1,10 +1,20 @@
{
"name": "*",
"IMAP": {
"host": "{{ FRONT_ADDRESS }}",
"port": 10143,
"secure": 3,
"type": 2,
"timeout": 300,
"shortLogin": false,
"lowerLogin": true,
"stripLogin": "",
"sasl": [
"SCRAM-SHA3-512",
"SCRAM-SHA-512",
"SCRAM-SHA-256",
"SCRAM-SHA-1",
"PLAIN",
"LOGIN"
],
"ssl": {
"verify_peer": false,
"verify_peer_name": false,
@@ -13,15 +23,37 @@
"disable_compression": true,
"security_level": 1
},
{% if (FULL_TEXT_SEARCH or '').lower() not in ['off', 'false', '0'] %}
"fast_simple_search": "false"
{% endif %}
"use_expunge_all_on_delete": false,
"fast_simple_search": {% if (FULL_TEXT_SEARCH or '').lower() not in ['off', 'false', '0'] %}true{% else %}false{% endif %},
"force_select": false,
"message_all_headers": false,
"message_list_limit": 10000,
"search_filter": "",
"spam_headers": "",
"virus_headers": "",
"disabled_capabilities": [
"METADATA",
"OBJECTID",
"PREVIEW",
"STATUS=SIZE"
]
},
"SMTP": {
"host": "{{ FRONT_ADDRESS }}",
"port": 10025,
"secure": 3,
"type": 2,
"timeout": 60,
"shortLogin": false,
"lowerLogin": true,
"stripLogin": "",
"sasl": [
"SCRAM-SHA3-512",
"SCRAM-SHA-512",
"SCRAM-SHA-256",
"SCRAM-SHA-1",
"PLAIN",
"LOGIN"
],
"ssl": {
"verify_peer": false,
"verify_peer_name": false,
@@ -32,22 +64,35 @@
},
"useAuth": true,
"setSender": false,
"usePhpMail": false
"usePhpMail": false,
"authPlainLine": false
},
"Sieve": {
"host": "{{ FRONT_ADDRESS }}",
"port": 14190,
"type": 3,
"type": 2,
"timeout": 10,
"shortLogin": false,
"lowerLogin": true,
"stripLogin": "",
"sasl": [
"SCRAM-SHA3-512",
"SCRAM-SHA-512",
"SCRAM-SHA-256",
"SCRAM-SHA-1",
"PLAIN",
"LOGIN"
],
"ssl": {
"verify_peer": false,
"verify_peer_name": false,
"allow_self_signed": true,
"allow_self_signed": false,
"SNI_enabled": true,
"disable_compression": true,
"security_level": 1
},
"enabled": true
"enabled": true,
"authLiteral": true
},
"whiteList": ""
}

10
webmails/snuffleupagus.rules
View File

@@ -141,11 +141,11 @@ sp.disable_function.function("ini_set").param("option").value_r("display_errors"
sp.disable_function.function("ini_set").param("option").value_r("display_errors").drop();
# Classic webshells patterns
sp.disable_function.function("system>base64_decode").drop();
sp.disable_function.function("shell_exec>base64_decode").drop();
sp.disable_function.function("exec>base64_decode").drop();
sp.disable_function.function("passthru>base64_decode").drop();
sp.disable_function.function("proc_open>base64_decode").drop();
#sp.disable_function.function("system>base64_decode").drop();
#sp.disable_function.function("shell_exec>base64_decode").drop();
#sp.disable_function.function("exec>base64_decode").drop();
#sp.disable_function.function("passthru>base64_decode").drop();
#sp.disable_function.function("proc_open>base64_decode").drop();
# TODO: enable this for real
sp.eval_blacklist.list("system,exec,shell_exec,passthru,proc_open").simulation();