From a87c501a0164fdc2844e2bbc964c98cfef21eb51 Mon Sep 17 00:00:00 2001 From: Dmitriy Alekseev Date: Fri, 1 Nov 2019 01:09:29 +0200 Subject: [PATCH 01/15] Update u_e-rspamd.md --- docs/u_e-rspamd.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/docs/u_e-rspamd.md b/docs/u_e-rspamd.md index c60dd4553..7f513d346 100644 --- a/docs/u_e-rspamd.md +++ b/docs/u_e-rspamd.md @@ -71,6 +71,30 @@ Save the file and then restart the rspamd container. See [Rspamd documentation](https://rspamd.com/doc/index.html) +## Global SMTP From Blacklist + +Mailcow has integration with Rspamd at Configuration & Details > Global filter maps. + +You can blacklist emails based from whod domain they was received.`global_smtp_from_blacklist.map` use regex syntax and applied as pre-filter for reject spam immediately without putting it to quarantine. + +Such a blacklist can be very handy, but can lead to the fact that useful mail does not reach the recipients. To follow best practices by [RFC822 6.3 Reserved Address](https://tools.ietf.org/html/rfc822#section-6.3) + +1. create alias from postmaster@your.domain to your tehnical support email. + +2.1. allow postmaster to receive emails without spam filtering. + +2.2. Go to Configuration & Details > Configuration > Rspamd settings map > Add rule. + +2.3. Choose: `Insert example preset "Postmasters want spam"`, and click Add button. + +3.1. By default blacklisted domains will receive error: `ERROR_CODE :554, ERROR_CODE :5.7.1 Matched map: GLOBAL_SMTP_FROM_BL`. This error not much information so better change it. + +3.2. Open `{mailcow-dir}/data/conf/rspamd/local.d/multimap.conf` and find `GLOBAL_SMTP_FROM_BL` section. + +3.3. Add to this section `message = "Your domain is blacklisted, contact postmaster@your.domain to resolve this case.";` or something similar. + +4. Save the file and then restart the rspamd container. + ## Whitelist specific ClamAV signatures You may find that legitimate (clean) mail is being blocked by ClamAV (Rspamd will flag the mail with `VIRUS_FOUND`). For instance, interactive PDF form attachments are blocked by default because the embedded Javascript code may be used for nefarious purposes. Confirm by looking at the clamd logs, e.g.: From 78d1e4a98daeaf39b35e3794d282fa9529ded3cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Wed, 13 Nov 2019 22:01:38 +0100 Subject: [PATCH 02/15] Update u_e-webmail-site.md --- docs/u_e-webmail-site.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/u_e-webmail-site.md b/docs/u_e-webmail-site.md index af0b10d22..9ff1eb309 100644 --- a/docs/u_e-webmail-site.md +++ b/docs/u_e-webmail-site.md @@ -1,3 +1,5 @@ +**Edit**: TODO: This guide only applies to non SNI enabled configurations. The certificate path needs to be adjusted if SNI is enabled. Something like `ssl_certificate,key /etc/ssl/mail/webmail.example.org/cert.pem,key.pem;` will do. + To create a subdomain `webmail.example.org` and redirect it to SOGo, you need to create a **new** Nginx site. Take care of "CHANGE_TO_MAILCOW_HOSTNAME"! **nano data/conf/nginx/webmail.conf** From e82cfa2a6fea4b862140ecbb092474094cacdda7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Fri, 15 Nov 2019 07:57:39 +0100 Subject: [PATCH 03/15] Update u_e-rspamd.md --- docs/u_e-rspamd.md | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/docs/u_e-rspamd.md b/docs/u_e-rspamd.md index 7f513d346..825386c67 100644 --- a/docs/u_e-rspamd.md +++ b/docs/u_e-rspamd.md @@ -71,29 +71,34 @@ Save the file and then restart the rspamd container. See [Rspamd documentation](https://rspamd.com/doc/index.html) -## Global SMTP From Blacklist +## Custom reject messages -Mailcow has integration with Rspamd at Configuration & Details > Global filter maps. +The default spam reject message can be changed by adding a new file `data/conf/rspamd/override.d/worker-proxy.custom.inc` with the following content: -You can blacklist emails based from whod domain they was received.`global_smtp_from_blacklist.map` use regex syntax and applied as pre-filter for reject spam immediately without putting it to quarantine. +``` +reject_message = "My custom reject message"; +``` -Such a blacklist can be very handy, but can lead to the fact that useful mail does not reach the recipients. To follow best practices by [RFC822 6.3 Reserved Address](https://tools.ietf.org/html/rfc822#section-6.3) +Save the file and restart Rspamd: `docker-compose restart rspamd-mailcow`. -1. create alias from postmaster@your.domain to your tehnical support email. +While the above works for rejected mails with a high spam score, global maps (as found in "Global filter maps" in /admin) will ignore this setting. For these maps, the multimap module in Rspamd needs to be adjusted: -2.1. allow postmaster to receive emails without spam filtering. +1. Open `{mailcow-dir}/data/conf/rspamd/local.d/multimap.conf` and find the desired map symbol (e.g. `GLOBAL_SMTP_FROM_BL`). -2.2. Go to Configuration & Details > Configuration > Rspamd settings map > Add rule. +2. Add your custom message as new line: -2.3. Choose: `Insert example preset "Postmasters want spam"`, and click Add button. +``` +GLOBAL_SMTP_FROM_BL { + type = "from"; + message = "Your domain is blacklisted, contact postmaster@your.domain to resolve this case.";` + map = "$LOCAL_CONFDIR/custom/global_smtp_from_blacklist.map"; + regexp = true; + prefilter = true; + action = "reject"; +} +``` -3.1. By default blacklisted domains will receive error: `ERROR_CODE :554, ERROR_CODE :5.7.1 Matched map: GLOBAL_SMTP_FROM_BL`. This error not much information so better change it. - -3.2. Open `{mailcow-dir}/data/conf/rspamd/local.d/multimap.conf` and find `GLOBAL_SMTP_FROM_BL` section. - -3.3. Add to this section `message = "Your domain is blacklisted, contact postmaster@your.domain to resolve this case.";` or something similar. - -4. Save the file and then restart the rspamd container. +3. Save the file and restart Rspamd: `docker-compose restart rspamd-mailcow`. ## Whitelist specific ClamAV signatures From 4f7bc3682453a0b6d5f88d610daf452cb642fdb4 Mon Sep 17 00:00:00 2001 From: Sascha Henke Date: Thu, 21 Nov 2019 14:11:28 +0100 Subject: [PATCH 04/15] Update third_party-roundcube.md changed the path of Roundcube config file --- docs/third_party-roundcube.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/third_party-roundcube.md b/docs/third_party-roundcube.md index b2841d666..a0de07fed 100644 --- a/docs/third_party-roundcube.md +++ b/docs/third_party-roundcube.md @@ -123,7 +123,7 @@ $prefs['SOGo'] = array( ``` Please note, that this preset only integrates the default addressbook (the one that's named "Personal Address Book" and can't be deleted). Additional addressbooks are currently not automatically detected but can be manually added within the roundecube settings. -Enable the plugin by adding `carddav` to `$config['plugins']` in `roundcube/config/config.inc.php`. +Enable the plugin by adding `carddav` to `$config['plugins']` in `rc/config/config.inc.php`. If you want to remove the default addressbooks (stored in the Roundcube database), so that only the CardDAV addressbooks are accessable, append `$config['address_book_type'] = '';` to the config file `data/web/rc/config/config.inc.php`. From dc2a6bf7b43d3177ef0eb5c13b541197aa61066b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Sat, 23 Nov 2019 16:29:07 +0100 Subject: [PATCH 05/15] Update firststeps-ssl.md --- docs/firststeps-ssl.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/firststeps-ssl.md b/docs/firststeps-ssl.md index 3514863d6..d97d02dd3 100644 --- a/docs/firststeps-ssl.md +++ b/docs/firststeps-ssl.md @@ -86,7 +86,7 @@ Make sure you disable mailcows internal LE client (see above). To use your own certificates, just save the combined certificate (containing the certificate and intermediate CA/CA if any) to `data/assets/ssl/cert.pem` and the corresponding key to `data/assets/ssl/key.pem`. -Reload affected service: +Reload affected services afterwards: ``` docker exec $(docker ps -qaf name=postfix-mailcow) postfix reload @@ -94,6 +94,8 @@ docker exec $(docker ps -qaf name=nginx-mailcow) nginx -s reload docker exec $(docker ps -qaf name=dovecot-mailcow) dovecot reload ``` +See https://mailcow.github.io/mailcow-dockerized-docs/firststeps-rp/#optional-post-hook-script-for-non-mailcow-acme-clients for a full example script. + ### Check your configuration Run `docker-compose logs acme-mailcow` to find out why a validation fails. From 84d99672e428dbc5a2832371e519c8ee03b96603 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Sun, 24 Nov 2019 08:28:44 +0100 Subject: [PATCH 06/15] Update u_e-mailcow_ui-bl_wl.md --- docs/u_e-mailcow_ui-bl_wl.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/u_e-mailcow_ui-bl_wl.md b/docs/u_e-mailcow_ui-bl_wl.md index 2c39b1112..a46fff96e 100644 --- a/docs/u_e-mailcow_ui-bl_wl.md +++ b/docs/u_e-mailcow_ui-bl_wl.md @@ -5,3 +5,5 @@ To add or edit an entry to your **domain wide** filter table, login to your *mai !!! info Be aware that a user [may override](u_e-mailcow_ui-spamfilter.md) this setting by setting his own black- and whitelist! + +There is also a global filter table in /admin to configure a server-wide filter for multiple Regex maps (Todo: Screenshots). From fb9ed4c0db67ebbc1c7c0311bb51db8a1ea24a17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Sun, 24 Nov 2019 14:25:54 +0100 Subject: [PATCH 07/15] Update u_e-docker-cust_dockerfiles.md --- docs/u_e-docker-cust_dockerfiles.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/u_e-docker-cust_dockerfiles.md b/docs/u_e-docker-cust_dockerfiles.md index cf06aee6b..366848390 100644 --- a/docs/u_e-docker-cust_dockerfiles.md +++ b/docs/u_e-docker-cust_dockerfiles.md @@ -1,3 +1,9 @@ +You need to copy the override file with corresponding build tags to the mailcow: dockerized root folder (i.e. `/opt/mailcow-dockerized`): + +``` +cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml +``` + Make your changes in `data/Dockerfiles/$service` and build the image locally: ``` From 705cf699df2a04417f9e71b157ee5d2bf872325e Mon Sep 17 00:00:00 2001 From: Amir Zarrinkafsh Date: Mon, 2 Dec 2019 22:17:00 +1100 Subject: [PATCH 08/15] Update IPv6 related docs --- docs/firststeps-disable_ipv6.md | 2 +- docs/i_u_m_install.md | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/firststeps-disable_ipv6.md b/docs/firststeps-disable_ipv6.md index 0017ed95a..494dc863d 100644 --- a/docs/firststeps-disable_ipv6.md +++ b/docs/firststeps-disable_ipv6.md @@ -1,4 +1,4 @@ -This is **NOT** recommended! +This is **ONLY** recommended if you do not have an IPv6 enabled network! If IPv6 MUST be disabled to fit a network, open `docker-compose.yml`, search for `enable_ipv6`... diff --git a/docs/i_u_m_install.md b/docs/i_u_m_install.md index b084c3d9d..a874fc740 100644 --- a/docs/i_u_m_install.md +++ b/docs/i_u_m_install.md @@ -48,7 +48,11 @@ You may need to stop an existing pre-installed MTA which blocks port 25/tcp. See Some updates modify mailcow.conf and add new parameters. It is hard to keep track of them in the documentation. Please check their description and, if unsure, ask at the known channels for advise. -**4\.1\.** Users with a MTU not equal to 1500 (e.g. OpenStack): +**4\.1\.** Users without a IPv6 enabled network: + +**If you do not have an IPv6 enabled network it is recommended to [disable IPv6](https://mailcow.github.io/mailcow-dockerized-docs/firststeps-disable_ipv6/) for the mailcow stack to prevent unforeseen issues.** + +**4\.2\.** Users with a MTU not equal to 1500 (e.g. OpenStack): **Whenever you run into trouble and strange phenomena, please check your MTU.** From ffbdc4b52d870f75d49f178ec9dc00b337e38272 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Mon, 2 Dec 2019 12:26:10 +0100 Subject: [PATCH 09/15] Update firststeps-disable_ipv6.md --- docs/firststeps-disable_ipv6.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/firststeps-disable_ipv6.md b/docs/firststeps-disable_ipv6.md index 494dc863d..3a1f6450c 100644 --- a/docs/firststeps-disable_ipv6.md +++ b/docs/firststeps-disable_ipv6.md @@ -1,4 +1,4 @@ -This is **ONLY** recommended if you do not have an IPv6 enabled network! +This is **ONLY** recommended if you do not have an IPv6 enabled network on your host! If IPv6 MUST be disabled to fit a network, open `docker-compose.yml`, search for `enable_ipv6`... From 02b17af6922e58c636fd0e894da2c68d3521fc1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Mon, 2 Dec 2019 12:30:24 +0100 Subject: [PATCH 10/15] Update i_u_m_install.md --- docs/i_u_m_install.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/docs/i_u_m_install.md b/docs/i_u_m_install.md index a874fc740..a7136257e 100644 --- a/docs/i_u_m_install.md +++ b/docs/i_u_m_install.md @@ -48,11 +48,7 @@ You may need to stop an existing pre-installed MTA which blocks port 25/tcp. See Some updates modify mailcow.conf and add new parameters. It is hard to keep track of them in the documentation. Please check their description and, if unsure, ask at the known channels for advise. -**4\.1\.** Users without a IPv6 enabled network: - -**If you do not have an IPv6 enabled network it is recommended to [disable IPv6](https://mailcow.github.io/mailcow-dockerized-docs/firststeps-disable_ipv6/) for the mailcow stack to prevent unforeseen issues.** - -**4\.2\.** Users with a MTU not equal to 1500 (e.g. OpenStack): +**4\.1\.** Users with a MTU not equal to 1500 (e.g. OpenStack): **Whenever you run into trouble and strange phenomena, please check your MTU.** @@ -67,6 +63,13 @@ networks: ... ``` +**4\.2\.** Users without an IPv6 enabled network on their host system: + +**Enable IPv6. Finally.** + +If you do not have an IPv6 enabled network on your host and you don't care for a better internet (thehe), it is recommended to [disable IPv6](https://mailcow.github.io/mailcow-dockerized-docs/firststeps-disable_ipv6/) for the mailcow network to prevent unforeseen issues. + + **5\.** Pull the images and run the composer file. The parameter `-d` will start mailcow: dockerized detached: ``` docker-compose pull From aead4ed81b08e1d70a834e869087e0d76acfc16a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Sat, 14 Dec 2019 14:01:25 +0100 Subject: [PATCH 11/15] Update firststeps-logging.md --- docs/firststeps-logging.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/firststeps-logging.md b/docs/firststeps-logging.md index 08a130f1d..892b6b469 100644 --- a/docs/firststeps-logging.md +++ b/docs/firststeps-logging.md @@ -28,19 +28,19 @@ Redis keys will only hold logs from applications and filter out system messages Here is the good news: Since Docker has some great logging drivers, you can integrate mailcow: dockerized into your existing logging environment with ease. -Docker logging drivers can now be implemented as plugins, next to Dockers integrated drivers. -Logging driver plugins are available in Docker 17.05 and higher. - -Edit `docker-compose.yml` and append, for example, this block to use the "gelf" logging plugin: +Create a `docker-compose.override.yml` and add, for example, this block to use the "gelf" logging plugin for `postfix-mailcow`: ``` -logging: - driver: "gelf" - options: - gelf-address: "udp://graylog:12201" +version: '2.1' +services: + postfix-mailcow: # or any other + logging: + driver: "gelf" + options: + gelf-address: "udp://graylog:12201" ``` -Linux users can also add or edit the Docker daemons configuration file `/etc/docker/daemon.json` to affect the global logging behavior. Windows users please have a look at the [docker documentation](https://docs.docker.com/engine/reference/commandline/dockerd//#windows-configuration-file): +If you want to change the logging driver globally, edit Dockers daemon configuration file `/etc/docker/daemon.json` and restart the Docker service: ``` { From d65045ce56ec12382e787b2947eb477c7183396a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Sat, 14 Dec 2019 14:19:36 +0100 Subject: [PATCH 12/15] Update u_e-rspamd.md --- docs/u_e-rspamd.md | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/docs/u_e-rspamd.md b/docs/u_e-rspamd.md index c8ead8dd4..c93e041ae 100644 --- a/docs/u_e-rspamd.md +++ b/docs/u_e-rspamd.md @@ -28,9 +28,9 @@ Consider attaching a local folder as new volume to `rspamd-mailcow` in `docker-c for file in /data/old_mail/.Junk/cur/*; do rspamc learn_spam < zcat $file; done ``` -### Reset learned data +### Reset learned data (Bayes, Neural) -You need to delete keys in Redis to reset learned mail, so create a copy of your Redis database now: +You need to delete keys in Redis to reset learned data, so create a copy of your Redis database now: **Backup database** @@ -46,13 +46,30 @@ docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xa docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del' ``` -If it complains about... +**Reset Neural data** + +```bash +docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del' +``` + +**Reset Fuzzy data** + +```bash +# We need to enter the redis-cli first: +docker-compose exec redis-mailcow redis-cli +# In redis-cli: +127.0.0.1:6379> EVAL "for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end" 0 fuzzy_* +``` + +**Info** + +If redis-cli complains about... ```text (error) ERR wrong number of arguments for 'del' command ``` -...the key pattern was not found and thus no data is available to delete. +...the key pattern was not found and thus no data is available to delete - it is fine. ## CLI tools From e8a7206a12dab5ed55ac0d57a2081de6f3667f3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Fri, 20 Dec 2019 14:56:04 +0100 Subject: [PATCH 13/15] Update u_e-rspamd.md --- docs/u_e-rspamd.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/u_e-rspamd.md b/docs/u_e-rspamd.md index c93e041ae..424299979 100644 --- a/docs/u_e-rspamd.md +++ b/docs/u_e-rspamd.md @@ -58,7 +58,7 @@ docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs # We need to enter the redis-cli first: docker-compose exec redis-mailcow redis-cli # In redis-cli: -127.0.0.1:6379> EVAL "for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end" 0 fuzzy_* +127.0.0.1:6379> EVAL "for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end" 0 fuzzy* ``` **Info** From abb2b71e9d79218d7200a9f82f9b1e93de91e97d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Sat, 21 Dec 2019 15:56:33 +0100 Subject: [PATCH 14/15] Update b_n_r_backup.md --- docs/b_n_r_backup.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/docs/b_n_r_backup.md b/docs/b_n_r_backup.md index 9ce771c4b..afc932563 100644 --- a/docs/b_n_r_backup.md +++ b/docs/b_n_r_backup.md @@ -5,17 +5,20 @@ You can use the provided script `helper-scripts/backup_and_restore.sh` to backup Please do not copy this script to another location. To run a backup, write "backup" as first parameter and either one or more components to backup as following parameters. -You can also use "all" as second parameter to backup all components. +You can also use "all" as second parameter to backup all components. Append `--delete-days n` to delete backups older than n days. ``` # Syntax: -# ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all) +# ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days) -# Backup all -./helper-scripts/backup_and_restore.sh backup all +# Backup all, delete backups older than 3 days +./helper-scripts/backup_and_restore.sh backup all --delete-days 3 -# Backup vmail, crypt and mysql data -./helper-scripts/backup_and_restore.sh backup vmail crypt mysql +# Backup vmail, crypt and mysql data, delete backups older than 30 days +./helper-scripts/backup_and_restore.sh backup vmail crypt mysql --delete-days 30 + +# Backup vmail +./helper-scripts/backup_and_restore.sh backup vmail ``` From 8c0627a6fc13848e7d76f641f6e8c295219e7e6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Sun, 22 Dec 2019 16:52:45 +0100 Subject: [PATCH 15/15] Update u_e-dovecot-mail-crypt.md --- docs/u_e-dovecot-mail-crypt.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/u_e-dovecot-mail-crypt.md b/docs/u_e-dovecot-mail-crypt.md index 6850ed7d7..d211df44b 100644 --- a/docs/u_e-dovecot-mail-crypt.md +++ b/docs/u_e-dovecot-mail-crypt.md @@ -10,9 +10,13 @@ find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r fi if [[ $(head -c7 "$file") == "CRYPTED" ]]; then doveadm fs get crypt private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \ "$file" > "/tmp/$(basename "$file")" - chmod 600 "/tmp/$(basename "$file")" - chown 5000:5000 "/tmp/$(basename "$file")" - mv "/tmp/$(basename "$file")" "$file" + if [[ -s "/tmp/$(basename "$file")" ]]; then + chmod 600 "/tmp/$(basename "$file")" + chown 5000:5000 "/tmp/$(basename "$file")" + mv "/tmp/$(basename "$file")" "$file" + else + rm "/tmp/$(basename "$file")" + fi fi done