mailu / infra Goto Github PK
View Code? Open in Web Editor NEWConfig files for services hosted at https://mailu.io. Docs, demo and setup.
Config files for services hosted at https://mailu.io. Docs, demo and setup.
I tried to spin up the setup docker-compose up -d
but and the only container that did not start was stable 1.7
so i run it docker-compose up stable
and get some python error
File "/usr/local/lib/python3.9/site-packages/flask/blueprints.py", line 195, in init
stable_1 | raise ValueError("'name' may not contain a dot '.' character.")
stable_1 | ValueError: 'name' may not contain a dot '.' character.
the other containers , 'development' and 'testing' are working
I played around with the .env file and putting STABLE=1_7
and fixing the docker-compose.yml to pull the correct image will at least boot. I think the issue is in the python scripts.
stable:
image: mailu/setup:1.7
Here we shall collect project managers public keys for accessing the docs and setup machine(s).
Please use a specific ssh keypair so that any any attack on the key you publish here can lead to anything else than Mailu being compromised.
Please use rsa
(>= 2048), ecds
(>=256) or ed25519
.
Hi guys. You didn't hear from me in some years now, but unfortunately I have some bad and urgent news. I've received notice that the demo server has somehow became victim of a botnet. I once donated this small VM to the community years ago and I am still renting it. Access was granted (and used) by a number of contributors in the ./ssh
directory, but I haven't actively maintained the server in terms of updates.
I'm also not sure if the host is compromised or if the mail server is used to send spam mail. The latter shouldn't be possible because I remember we were sure to break the outgoing network capabilities of the smtp container. But then again, I don't know what changed over the years.
Dear Mr Tim Mohlmann,
We have received an abuse report from [[email protected]](mailto:[email protected]).
We are automatically forwarding this complaint on to you, for your information. You do not need to respond, but we do expect you to check the report and to resolve any (potential) issues.
Information:
-----
Good morning/afternoon
Recently, Qakbot botnet infrastructure was taken down[1]. Spamhaus is
working with various law enforcement agencies to help remediate
compromised email accounts[2]. We are contacting you because we believe
that Qakbot may have compromised email accounts located on
hetzner.com's network.
What action do you need to take?
- A list of email accounts that we think are affected on
hetzner.com's network is available below.
- The only action required is to change the passwords for all the affected
accounts.
- This is urgent - please do this as quickly as possible. These breached
accounts may have been shared with other criminals for use with
different active botnets for malicious purposes.
See also:
https://www.spamhaus.org/qakbot/
How has this data been compiled?
- The law enforcement agencies have made available the compromised email
account/addresses to Spamhaus.
- Using this data, we have obtained the primary MX record for the
compromised account's domain and the network responsible for the MX's
IP. We hope this network can directly or indirectly assist in these
remediation efforts.
Thank you for your time and willingness to help!
[1] https://www.fbi.gov/news/stories/fbi-partners-dismantle-qakbot-infrastructure-in-multinational-cyber-takedown
[2] https://www.spamhaus.org/news/article/819/qakbot-the-takedown-and-the-remediation
ip, hostname, email
78.47.92.244,test.mailu.io,[[email protected]](mailto:[email protected])
-----
Please note again that this is a notification only, you do not need to respond.
Kind regards
Abuse Team
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen / Germany
Tel: +49 9831 505-0
Fax: +49 9831 505-3
[[email protected]](mailto:[email protected])
www.hetzner.com
Register Court: Registergericht Ansbach, HRB 6089
CEO: Martin Hetzner, Stephan Konvickova, Günther Müller
For the purposes of this communication, we may save some
of your personal data. For information on our data privacy
policy, please see: www.hetzner.com/datenschutzhinweis
As immediate action, I have docker-compose down
on the demo server in /opt/infra/demo
and disable all cron jobs in /etc/crontab
to prevent it from coming up again.
If there is someone around that can investigate further and post back here that would be great.
I had /abc/x.y.z/mailu
specified as path in setup, but setup refused to accept it. I had to use /mailu
and edit it afterwards manually. Would be more convenient if it supported the original path though.
Mailu master/1.9 now requires a DNSSEC capable resolver.
We must enable unbound on the infra server
Generally restart: unless-stopped
is a better default since some may want to stop container temporarily for whatever reason and having it restarting automatically is inconvenient.
Generated configuration was this:
- "/mailu/certs:/certs"
Though I think this is more appropriate since Mailu is not supposed to generate certificates in this case on its own, thus read-only access should suffice:
- "/mailu/certs:/certs:ro"
Downloading the generated files via IPv6 doesn't work. The download times out after two minutes and wget reverts to IPv4.
root@localhost:~# wget https://setup.mailu.io/1.8/file/94e9b53e-f43f-4837-bc4c-e841c53cfa31/docker-compose.yml
--2021-08-23 19:03:10-- https://setup.mailu.io/1.8/file/94e9b53e-f43f-4837-bc4c-e841c53cfa31/docker-compose.yml
Resolving setup.mailu.io (setup.mailu.io)... 2a01:4f8:c2c:f707::1, 78.47.92.244
Connecting to setup.mailu.io (setup.mailu.io)|2a01:4f8:c2c:f707::1|:443... failed: Connection timed out.
Connecting to setup.mailu.io (setup.mailu.io)|78.47.92.244|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2316 (2.3K) [application/text]
Saving to: ‘docker-compose.yml’
docker-compose.yml.2 100%[=========================>] 2.26K --.-KB/s in 0s
2021-08-23 19:05:20 (54.0 MB/s) - ‘docker-compose.yml’ saved [2316/2316]
The server responds to ping on IPv6 so the problem is probably related to the web server configuration.
root@localhost:~# ping setup.mailu.io
PING setup.mailu.io(test.mailu.io (2a01:4f8:c2c:f707::1)) 56 data bytes
64 bytes from test.mailu.io (2a01:4f8:c2c:f707::1): icmp_seq=1 ttl=56 time=4.19 ms
The above commands were run on a standard Linode Ubuntu server.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.