sharpetronics/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2025-10-03 00:02:53 -04:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: sharpetronics:ec745c3b0697b0681ba3a29e7343c4ebd546f1fd
Branches Tags
sharpetronics:master
sharpetronics:staging
sharpetronics:update/postscreen_access.cidr
sharpetronics:renovate/php-pecl-mail-mailparse-3.x
sharpetronics:weblate-translated
sharpetronics:renovate/tianon-gosu-1.x
sharpetronics:fix/rename-phpsessid
sharpetronics:fix/samesite-cookie
sharpetronics:fix/6740
sharpetronics:fix/6739
sharpetronics:fix/6720
sharpetronics:feat/sogo-url-encryption
sharpetronics:renovate/ghcr.io-mailcow-sogo-1.x
sharpetronics:feat/passwordless-autodiscover
sharpetronics:renovate/composer-composer-2.x
sharpetronics:nightly
sharpetronics:fix/6423
sharpetronics:fix/6135
sharpetronics:6644_clamd-tmp-folder-naming-change
sharpetronics:renovate/krakjoe-apcu-5.x
sharpetronics:feat/dovecot-2.4
sharpetronics:feat/mailcow-adm
sharpetronics:feat/remove-ip6nat
sharpetronics:legacy
sharpetronics:feat/python-bootstrapper
sharpetronics:renovate/alpine-3.x
sharpetronics:dragoangel-patch-1
sharpetronics:feat/valkey
sharpetronics:fix/clean-sasl-log
sharpetronics:feat/forced-pw-update-modal
sharpetronics:feat/mTLS-auth
sharpetronics:feat/ui-improvements
sharpetronics:2025-09b
sharpetronics:2025-09a
sharpetronics:2025-09
sharpetronics:2025-07
sharpetronics:2025-05
sharpetronics:2025-03b
sharpetronics:2025-03a
sharpetronics:2025-03
sharpetronics:2025-02
sharpetronics:2025-01a
sharpetronics:2025-01
sharpetronics:2024-11b
sharpetronics:2024-11a
sharpetronics:2024-11
sharpetronics:2024-08a
sharpetronics:2024-08
sharpetronics:2024-07
sharpetronics:2024-06c
sharpetronics:2024-06b
sharpetronics:2024-06a
sharpetronics:2024-06
sharpetronics:2024-04
sharpetronics:2024-02
sharpetronics:2024-01e
sharpetronics:2024-01d
sharpetronics:2024-01c
sharpetronics:2024-01b
sharpetronics:2024-01a
sharpetronics:2024-01
sharpetronics:2023-12a
sharpetronics:2023-12
sharpetronics:2023-11a
sharpetronics:2023-11
sharpetronics:2023-10a
sharpetronics:2023-10
sharpetronics:2023-09
sharpetronics:2023-08
sharpetronics:2023-07a
sharpetronics:2023-07
sharpetronics:2023-05a
sharpetronics:2023-05
sharpetronics:2023-04b
sharpetronics:2023-04a
sharpetronics:2023-04
sharpetronics:2023-03
sharpetronics:2023-02a
sharpetronics:2023-02
sharpetronics:2023-01a
sharpetronics:2023-01
sharpetronics:2022-12b
sharpetronics:2022-12a
sharpetronics:2022-12
sharpetronics:2022-11b
sharpetronics:2022-11a
sharpetronics:2022-11
sharpetronics:2022-10a
sharpetronics:2022-10
sharpetronics:2022-09a
sharpetronics:2022-09
sharpetronics:2022-08b
sharpetronics:2022-08a
sharpetronics:2022-08
sharpetronics:2022-07a
sharpetronics:2022-07
sharpetronics:2022-06b
sharpetronics:2022-06a
sharpetronics:2022-06
sharpetronics:2022-05d
sharpetronics:2022-05c
sharpetronics:2022-05b
sharpetronics:2022-05a
sharpetronics:2022-05
sharpetronics:2022-04
sharpetronics:2022-03a
sharpetronics:2022-03
sharpetronics:2022-01a
sharpetronics:2022-01
...
compare: sharpetronics:8cd32cb37a2c3373c416126cb2966c0c7f818b7e
Branches Tags
sharpetronics:staging
sharpetronics:update/postscreen_access.cidr
sharpetronics:renovate/php-pecl-mail-mailparse-3.x
sharpetronics:weblate-translated
sharpetronics:renovate/tianon-gosu-1.x
sharpetronics:fix/rename-phpsessid
sharpetronics:fix/samesite-cookie
sharpetronics:fix/6740
sharpetronics:fix/6739
sharpetronics:fix/6720
sharpetronics:feat/sogo-url-encryption
sharpetronics:renovate/ghcr.io-mailcow-sogo-1.x
sharpetronics:feat/passwordless-autodiscover
sharpetronics:renovate/composer-composer-2.x
sharpetronics:nightly
sharpetronics:master
sharpetronics:fix/6423
sharpetronics:fix/6135
sharpetronics:6644_clamd-tmp-folder-naming-change
sharpetronics:renovate/krakjoe-apcu-5.x
sharpetronics:feat/dovecot-2.4
sharpetronics:feat/mailcow-adm
sharpetronics:feat/remove-ip6nat
sharpetronics:legacy
sharpetronics:feat/python-bootstrapper
sharpetronics:renovate/alpine-3.x
sharpetronics:dragoangel-patch-1
sharpetronics:feat/valkey
sharpetronics:fix/clean-sasl-log
sharpetronics:feat/forced-pw-update-modal
sharpetronics:feat/mTLS-auth
sharpetronics:feat/ui-improvements
sharpetronics:2025-09b
sharpetronics:2025-09a
sharpetronics:2025-09
sharpetronics:2025-07
sharpetronics:2025-05
sharpetronics:2025-03b
sharpetronics:2025-03a
sharpetronics:2025-03
sharpetronics:2025-02
sharpetronics:2025-01a
sharpetronics:2025-01
sharpetronics:2024-11b
sharpetronics:2024-11a
sharpetronics:2024-11
sharpetronics:2024-08a
sharpetronics:2024-08
sharpetronics:2024-07
sharpetronics:2024-06c
sharpetronics:2024-06b
sharpetronics:2024-06a
sharpetronics:2024-06
sharpetronics:2024-04
sharpetronics:2024-02
sharpetronics:2024-01e
sharpetronics:2024-01d
sharpetronics:2024-01c
sharpetronics:2024-01b
sharpetronics:2024-01a
sharpetronics:2024-01
sharpetronics:2023-12a
sharpetronics:2023-12
sharpetronics:2023-11a
sharpetronics:2023-11
sharpetronics:2023-10a
sharpetronics:2023-10
sharpetronics:2023-09
sharpetronics:2023-08
sharpetronics:2023-07a
sharpetronics:2023-07
sharpetronics:2023-05a
sharpetronics:2023-05
sharpetronics:2023-04b
sharpetronics:2023-04a
sharpetronics:2023-04
sharpetronics:2023-03
sharpetronics:2023-02a
sharpetronics:2023-02
sharpetronics:2023-01a
sharpetronics:2023-01
sharpetronics:2022-12b
sharpetronics:2022-12a
sharpetronics:2022-12
sharpetronics:2022-11b
sharpetronics:2022-11a
sharpetronics:2022-11
sharpetronics:2022-10a
sharpetronics:2022-10
sharpetronics:2022-09a
sharpetronics:2022-09
sharpetronics:2022-08b
sharpetronics:2022-08a
sharpetronics:2022-08
sharpetronics:2022-07a
sharpetronics:2022-07
sharpetronics:2022-06b
sharpetronics:2022-06a
sharpetronics:2022-06
sharpetronics:2022-05d
sharpetronics:2022-05c
sharpetronics:2022-05b
sharpetronics:2022-05a
sharpetronics:2022-05
sharpetronics:2022-04
sharpetronics:2022-03a
sharpetronics:2022-03
sharpetronics:2022-01a
sharpetronics:2022-01

3 Commits
ec745c3b06 ... 8cd32cb37a

Author SHA1 Message Date
Niklas Fuchs
8cd32cb37a
Merge 4e7c69d916b0b05f621aa3d77b0ef8121be3e9f9 into 796e131c3af59fb36714818b2e03cbf5f60d9e0c 2025-10-01 11:59:24 +02:00
milkmaker
796e131c3a
update postscreen_access.cidr (#6801) 2025-10-01 11:14:57 +02:00
Niklas Fuchs
4e7c69d916
Add security_opt to prevent new privileges 2025-09-26 08:36:30 +02:00
2 changed files with 55 additions and 23 deletions
Show Stats Expand all files Collapse all files

42
data/conf/postfix/postscreen_access.cidr
View File

@ -1,12 +1,13 @@
# Whitelist generated by Postwhite v3.4 on Mon Sep 1 00:23:07 UTC 2025 # Whitelist generated by Postwhite v3.4 on Wed Oct 1 00:21:33 UTC 2025
# https://github.com/stevejenkins/postwhite/ # https://github.com/stevejenkins/postwhite/
# 2165 total rules # 2216 total rules
2a00:1450:4000::/36 permit 2a00:1450:4000::/36 permit
2a01:111:f400::/48 permit 2a01:111:f400::/48 permit
2a01:111:f403::/49 permit 2a01:111:f403:2800::/53 permit
2a01:111:f403:8000::/50 permit
2a01:111:f403:8000::/51 permit 2a01:111:f403:8000::/51 permit
2a01:111:f403::/49 permit
2a01:111:f403:c000::/51 permit 2a01:111:f403:c000::/51 permit
2a01:111:f403:d000::/53 permit
2a01:111:f403:f000::/52 permit 2a01:111:f403:f000::/52 permit
2a01:238:20a:202:5370::1 permit 2a01:238:20a:202:5370::1 permit
2a01:238:20a:202:5372::1 permit 2a01:238:20a:202:5372::1 permit
@ -55,7 +56,8 @@
8.40.222.0/23 permit 8.40.222.0/23 permit
8.40.222.250/31 permit 8.40.222.250/31 permit
12.130.86.238 permit 12.130.86.238 permit
13.107.246.40 permit 13.107.213.41 permit
13.107.246.41 permit
13.110.208.0/21 permit 13.110.208.0/21 permit
13.110.209.0/24 permit 13.110.209.0/24 permit
13.110.216.0/22 permit 13.110.216.0/22 permit
@ -174,6 +176,7 @@
35.161.32.253 permit 35.161.32.253 permit
35.162.73.231 permit 35.162.73.231 permit
35.167.93.243 permit 35.167.93.243 permit
35.174.145.124 permit
35.176.132.251 permit 35.176.132.251 permit
35.205.92.9 permit 35.205.92.9 permit
35.228.216.85 permit 35.228.216.85 permit
@ -183,7 +186,6 @@
37.218.249.47 permit 37.218.249.47 permit
37.218.251.62 permit 37.218.251.62 permit
39.156.163.64/29 permit 39.156.163.64/29 permit
40.90.65.81 permit
40.92.0.0/15 permit 40.92.0.0/15 permit
40.92.0.0/16 permit 40.92.0.0/16 permit
40.107.0.0/16 permit 40.107.0.0/16 permit
@ -271,9 +273,6 @@
50.56.130.221 permit 50.56.130.221 permit
50.56.130.222 permit 50.56.130.222 permit
50.112.246.219 permit 50.112.246.219 permit
51.77.79.158 permit
51.83.17.38 permit
51.89.119.103 permit
52.1.14.157 permit 52.1.14.157 permit
52.5.230.59 permit 52.5.230.59 permit
52.6.74.205 permit 52.6.74.205 permit
@ -324,8 +323,6 @@
52.234.172.96/28 permit 52.234.172.96/28 permit
52.235.253.128 permit 52.235.253.128 permit
52.236.28.240/28 permit 52.236.28.240/28 permit
54.36.149.183 permit
54.38.221.122 permit
54.90.148.255 permit 54.90.148.255 permit
54.165.19.38 permit 54.165.19.38 permit
54.174.52.0/24 permit 54.174.52.0/24 permit
@ -686,6 +683,8 @@
82.165.159.45 permit 82.165.159.45 permit
82.165.159.130 permit 82.165.159.130 permit
82.165.159.131 permit 82.165.159.131 permit
85.9.206.169 permit
85.9.210.45 permit
85.158.136.0/21 permit 85.158.136.0/21 permit
85.215.255.39 permit 85.215.255.39 permit
85.215.255.40 permit 85.215.255.40 permit
@ -1234,16 +1233,14 @@
99.83.190.102 permit 99.83.190.102 permit
103.9.96.0/22 permit 103.9.96.0/22 permit
103.28.42.0/24 permit 103.28.42.0/24 permit
103.122.78.238 permit 103.84.217.238 permit
103.89.75.238 permit
103.151.192.0/23 permit 103.151.192.0/23 permit
103.168.172.128/27 permit 103.168.172.128/27 permit
103.237.104.0/22 permit 103.237.104.0/22 permit
104.43.243.237 permit 104.43.243.237 permit
104.44.112.128/25 permit 104.44.112.128/25 permit
104.47.0.0/17 permit 104.47.0.0/17 permit
104.47.20.0/23 permit
104.47.75.0/24 permit
104.47.108.0/23 permit
104.130.96.0/28 permit 104.130.96.0/28 permit
104.130.122.0/23 permit 104.130.122.0/23 permit
106.10.144.64/27 permit 106.10.144.64/27 permit
@ -1378,7 +1375,6 @@
108.174.6.215 permit 108.174.6.215 permit
108.175.18.45 permit 108.175.18.45 permit
108.175.30.45 permit 108.175.30.45 permit
108.177.96.0/20 permit
108.179.144.0/20 permit 108.179.144.0/20 permit
109.224.244.0/24 permit 109.224.244.0/24 permit
109.237.142.0/24 permit 109.237.142.0/24 permit
@ -1544,6 +1540,7 @@
148.105.0.0/16 permit 148.105.0.0/16 permit
148.105.8.0/21 permit 148.105.8.0/21 permit
149.72.0.0/16 permit 149.72.0.0/16 permit
149.72.234.184 permit
149.72.248.236 permit 149.72.248.236 permit
149.97.173.180 permit 149.97.173.180 permit
150.230.98.160 permit 150.230.98.160 permit
@ -1599,6 +1596,7 @@
159.183.0.0/16 permit 159.183.0.0/16 permit
159.183.68.71 permit 159.183.68.71 permit
159.183.79.38 permit 159.183.79.38 permit
159.183.129.172 permit
160.1.62.192 permit 160.1.62.192 permit
161.38.192.0/20 permit 161.38.192.0/20 permit
161.38.204.0/22 permit 161.38.204.0/22 permit
@ -1616,6 +1614,7 @@
163.114.134.16 permit 163.114.134.16 permit
163.114.135.16 permit 163.114.135.16 permit
163.116.128.0/17 permit 163.116.128.0/17 permit
163.192.116.87 permit
164.152.23.32 permit 164.152.23.32 permit
164.152.25.241 permit 164.152.25.241 permit
164.177.132.168/30 permit 164.177.132.168/30 permit
@ -1655,6 +1654,7 @@
169.148.131.0/24 permit 169.148.131.0/24 permit
169.148.138.0/24 permit 169.148.138.0/24 permit
169.148.142.10 permit 169.148.142.10 permit
169.148.142.33 permit
169.148.144.0/25 permit 169.148.144.0/25 permit
169.148.144.10 permit 169.148.144.10 permit
169.148.146.0/23 permit 169.148.146.0/23 permit
@ -1666,11 +1666,7 @@
170.10.132.56/29 permit 170.10.132.56/29 permit
170.10.132.64/29 permit 170.10.132.64/29 permit
170.10.133.0/24 permit 170.10.133.0/24 permit
172.217.0.0/20 permit
172.217.32.0/20 permit 172.217.32.0/20 permit
172.217.128.0/19 permit
172.217.160.0/20 permit
172.217.192.0/19 permit
172.253.56.0/21 permit 172.253.56.0/21 permit
172.253.112.0/20 permit 172.253.112.0/20 permit
173.0.84.0/29 permit 173.0.84.0/29 permit
@ -2209,17 +2205,17 @@
2607:13c0:0002:0000:0000:0000:0000:1000/116 permit 2607:13c0:0002:0000:0000:0000:0000:1000/116 permit
2607:13c0:0004:0000:0000:0000:0000:0000/116 permit 2607:13c0:0004:0000:0000:0000:0000:0000/116 permit
2607:f8b0:4000::/36 permit 2607:f8b0:4000::/36 permit
2620:109:c003:104::215 permit
2620:109:c003:104::/64 permit 2620:109:c003:104::/64 permit
2620:109:c006:104::215 permit 2620:109:c003:104::215 permit
2620:109:c006:104::/64 permit 2620:109:c006:104::/64 permit
2620:109:c006:104::215 permit
2620:109:c00d:104::/64 permit 2620:109:c00d:104::/64 permit
2620:10d:c090:400::8:1 permit 2620:10d:c090:400::8:1 permit
2620:10d:c091:400::8:1 permit 2620:10d:c091:400::8:1 permit
2620:10d:c09b:400::8:1 permit 2620:10d:c09b:400::8:1 permit
2620:10d:c09c:400::8:1 permit 2620:10d:c09c:400::8:1 permit
2620:119:50c0:207::215 permit
2620:119:50c0:207::/64 permit 2620:119:50c0:207::/64 permit
2620:119:50c0:207::215 permit
2800:3f0:4000::/36 permit 2800:3f0:4000::/36 permit
49.12.4.251 permit # checks.mailcow.email 49.12.4.251 permit # checks.mailcow.email
2a01:4f8:c17:7906::10 permit # checks.mailcow.email 2a01:4f8:c17:7906::10 permit # checks.mailcow.email

36
docker-compose.yml
View File

@ -10,6 +10,8 @@ services:
- ./data/conf/unbound/unbound.conf:/etc/unbound/unbound.conf:ro,Z - ./data/conf/unbound/unbound.conf:/etc/unbound/unbound.conf:ro,Z
restart: always restart: always
tty: true tty: true
security_opt:
- no-new-privileges:true
networks: networks:
mailcow-network: mailcow-network:
ipv4_address: ${IPV4_NETWORK:-172.22.1}.254 ipv4_address: ${IPV4_NETWORK:-172.22.1}.254
@ -36,6 +38,8 @@ services:
restart: always restart: always
ports: ports:
- "${SQL_PORT:-127.0.0.1:13306}:3306" - "${SQL_PORT:-127.0.0.1:13306}:3306"
security_opt:
- no-new-privileges:true
networks: networks:
mailcow-network: mailcow-network:
aliases: aliases:
@ -58,6 +62,8 @@ services:
- REDISMASTERPASS=${REDISMASTERPASS:-} - REDISMASTERPASS=${REDISMASTERPASS:-}
sysctls: sysctls:
- net.core.somaxconn=4096 - net.core.somaxconn=4096
security_opt:
- no-new-privileges:true
networks: networks:
mailcow-network: mailcow-network:
ipv4_address: ${IPV4_NETWORK:-172.22.1}.249 ipv4_address: ${IPV4_NETWORK:-172.22.1}.249
@ -78,6 +84,8 @@ services:
volumes: volumes:
- ./data/conf/clamav/:/etc/clamav/:Z - ./data/conf/clamav/:/etc/clamav/:Z
- clamd-db-vol-1:/var/lib/clamav - clamd-db-vol-1:/var/lib/clamav
security_opt:
- no-new-privileges:true
networks: networks:
mailcow-network: mailcow-network:
aliases: aliases:
@ -111,6 +119,8 @@ services:
hostname: rspamd hostname: rspamd
dns: dns:
- ${IPV4_NETWORK:-172.22.1}.254 - ${IPV4_NETWORK:-172.22.1}.254
security_opt:
- no-new-privileges:true
networks: networks:
mailcow-network: mailcow-network:
aliases: aliases:
@ -194,6 +204,8 @@ services:
ofelia.job-exec.phpfpm_ldap_sync.schedule: "@every 1m" ofelia.job-exec.phpfpm_ldap_sync.schedule: "@every 1m"
ofelia.job-exec.phpfpm_ldap_sync.no-overlap: "true" ofelia.job-exec.phpfpm_ldap_sync.no-overlap: "true"
ofelia.job-exec.phpfpm_ldap_sync.command: "/bin/bash -c \"php /crons/ldap-sync.php || exit 0\"" ofelia.job-exec.phpfpm_ldap_sync.command: "/bin/bash -c \"php /crons/ldap-sync.php || exit 0\""
security_opt:
- no-new-privileges:true
networks: networks:
mailcow-network: mailcow-network:
aliases: aliases:
@ -245,6 +257,8 @@ services:
ofelia.job-exec.sogo_backup.schedule: "@every 24h" ofelia.job-exec.sogo_backup.schedule: "@every 24h"
ofelia.job-exec.sogo_backup.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool backup /sogo_backup ALL || exit 0\"" ofelia.job-exec.sogo_backup.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool backup /sogo_backup ALL || exit 0\""
restart: always restart: always
security_opt:
- no-new-privileges:true
networks: networks:
mailcow-network: mailcow-network:
ipv4_address: ${IPV4_NETWORK:-172.22.1}.248 ipv4_address: ${IPV4_NETWORK:-172.22.1}.248
@ -332,6 +346,8 @@ services:
nofile: nofile:
soft: 20000 soft: 20000
hard: 40000 hard: 40000
security_opt:
- no-new-privileges:true
networks: networks:
mailcow-network: mailcow-network:
ipv4_address: ${IPV4_NETWORK:-172.22.1}.250 ipv4_address: ${IPV4_NETWORK:-172.22.1}.250
@ -375,6 +391,8 @@ services:
restart: always restart: always
dns: dns:
- ${IPV4_NETWORK:-172.22.1}.254 - ${IPV4_NETWORK:-172.22.1}.254
security_opt:
- no-new-privileges:true
networks: networks:
mailcow-network: mailcow-network:
ipv4_address: ${IPV4_NETWORK:-172.22.1}.253 ipv4_address: ${IPV4_NETWORK:-172.22.1}.253
@ -398,6 +416,8 @@ services:
restart: always restart: always
dns: dns:
- ${IPV4_NETWORK:-172.22.1}.254 - ${IPV4_NETWORK:-172.22.1}.254
security_opt:
- no-new-privileges:true
networks: networks:
mailcow-network: mailcow-network:
aliases: aliases:
@ -408,6 +428,8 @@ services:
restart: always restart: always
environment: environment:
- TZ=${TZ} - TZ=${TZ}
security_opt:
- no-new-privileges:true
networks: networks:
mailcow-network: mailcow-network:
aliases: aliases:
@ -454,6 +476,8 @@ services:
- "${HTTPS_BIND:-}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}" - "${HTTPS_BIND:-}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
- "${HTTP_BIND:-}:${HTTP_PORT:-80}:${HTTP_PORT:-80}" - "${HTTP_BIND:-}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
restart: always restart: always
security_opt:
- no-new-privileges:true
networks: networks:
mailcow-network: mailcow-network:
aliases: aliases:
@ -496,6 +520,8 @@ services:
- ./data/assets/ssl-example:/var/lib/ssl-example/:ro,Z - ./data/assets/ssl-example:/var/lib/ssl-example/:ro,Z
- mysql-socket-vol-1:/var/run/mysqld/:z - mysql-socket-vol-1:/var/run/mysqld/:z
restart: always restart: always
security_opt:
- no-new-privileges:true
networks: networks:
mailcow-network: mailcow-network:
aliases: aliases:
@ -520,6 +546,8 @@ services:
network_mode: "host" network_mode: "host"
volumes: volumes:
- /lib/modules:/lib/modules:ro - /lib/modules:/lib/modules:ro
security_opt:
- no-new-privileges:true
watchdog-mailcow: watchdog-mailcow:
image: ghcr.io/mailcow/watchdog:2.09 image: ghcr.io/mailcow/watchdog:2.09
@ -591,6 +619,8 @@ services:
- MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20} - MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
- MAILQ_CRIT=${MAILQ_CRIT:-30} - MAILQ_CRIT=${MAILQ_CRIT:-30}
- DEV_MODE=${DEV_MODE:-n} - DEV_MODE=${DEV_MODE:-n}
security_opt:
- no-new-privileges:true
networks: networks:
mailcow-network: mailcow-network:
aliases: aliases:
@ -611,6 +641,8 @@ services:
- REDISPASS=${REDISPASS} - REDISPASS=${REDISPASS}
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
security_opt:
- no-new-privileges:true
networks: networks:
mailcow-network: mailcow-network:
aliases: aliases:
@ -630,6 +662,8 @@ services:
- OLEFY_MINLENGTH=500 - OLEFY_MINLENGTH=500
- OLEFY_DEL_TMP=1 - OLEFY_DEL_TMP=1
- SKIP_OLEFY=${SKIP_OLEFY:-n} - SKIP_OLEFY=${SKIP_OLEFY:-n}
security_opt:
- no-new-privileges:true
networks: networks:
mailcow-network: mailcow-network:
aliases: aliases:
@ -651,6 +685,8 @@ services:
- label=disable - label=disable
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
security_opt:
- no-new-privileges:true
networks: networks:
mailcow-network: mailcow-network:
aliases: aliases: