2019-11-05 20:58:51 +01:00
|
|
|
version: '3.7'
|
|
|
|
|
2022-12-10 18:16:50 +01:00
|
|
|
# https://hub.docker.com/r/mailserver/docker-mailserver
|
|
|
|
# https://docker-mailserver.github.io/docker-mailserver/edge/examples/tutorials/basic-installation/
|
|
|
|
# https://github.com/docker-mailserver/docker-mailserver
|
2022-12-11 00:10:46 +01:00
|
|
|
# https://github.com/docker-mailserver/docker-mailserver/blob/master/docs/content/config/advanced/mail-sieve.md
|
2023-09-13 22:33:47 +02:00
|
|
|
# https://docker-mailserver.github.io/docker-mailserver/latest/faq/#how-can-i-make-spamassassin-better-recognize-spam
|
|
|
|
# https://docker-mailserver.github.io/docker-mailserver/latest/examples/use-cases/imap-folders/#mailboxes-aka-imap-folders
|
|
|
|
# https://doc.dovecot.org/configuration_manual/namespace/#core_setting-namespace/mailbox/autoexpunge
|
|
|
|
# https://notes.sagredo.eu/en/qmail-notes-185/expunging-expired-junk-and-trash-emails-with-dovecot-124.html
|
2022-12-10 18:16:50 +01:00
|
|
|
|
|
|
|
# create account: task srv:mail-setup -- email add <user>@<domain>
|
2020-02-04 19:05:07 +01:00
|
|
|
|
2019-11-05 20:58:51 +01:00
|
|
|
networks:
|
|
|
|
mail:
|
|
|
|
name: mail
|
|
|
|
|
|
|
|
services:
|
|
|
|
mail:
|
chore(deps): update mailserver/docker-mailserver docker tag to v13 (#8)
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [mailserver/docker-mailserver](https://github.com/docker-mailserver/docker-mailserver) | major | `12` -> `13` |
---
### Release Notes
<details>
<summary>docker-mailserver/docker-mailserver (mailserver/docker-mailserver)</summary>
### [`v13`](https://github.com/docker-mailserver/docker-mailserver/blob/HEAD/CHANGELOG.md#v1300)
##### Breaking
- **LDAP:**
- ENV `LDAP_SERVER_HOST`, `DOVECOT_URIS`, and `SASLAUTHD_LDAP_SERVER` will now log an error if the LDAP URI scheme is missing. Previously there was an implicit fallback to `ldap://` ([#​3522](https://github.com/docker-mailserver/docker-mailserver/pull/3522))
- `ENABLE_LDAP=1` is no longer supported, please use `ACCOUNT_PROVISIONER=LDAP` ([#​3507](https://github.com/docker-mailserver/docker-mailserver/pull/3507))
- **Rspamd:**
- The deprecated path for the Rspamd custom commands file (`/tmp/docker-mailserver/rspamd-modules.conf`) now prevents successful startup. The correct path is `/tmp/docker-mailserver/rspamd/custom-commands.conf`.
- **Dovecot:**
- Dovecot mail storage per account in `/var/mail` previously shared the same path for the accounts home directory ([#​3335](https://github.com/docker-mailserver/docker-mailserver/pull/3335))
- The home directory now is a subdirectory `home/`. This change better supports sieve scripts.
- **NOTE:** The change has not yet been implemented for `ACCOUNT_PROVISIONER=LDAP`.
- **Postfix:**
- `/etc/postfix/master.cf` has renamed the "smtps" service to "submissions" ([#​3235](https://github.com/docker-mailserver/docker-mailserver/pull/3235))
- This is the modern `/etc/services` name for port 465, aligning with the similar "submission" port 587.
- Postfix now defaults to supporting DSNs (*[Delivery Status Notifications](https://github.com/docker-mailserver/docker-mailserver/pull/3572#issuecomment-1751880574)*) only for authenticated users (*via ports 465 + 587*). This is a security measure to reduce spammer abuse of your DMS instance as a backscatter source. ([#​3572](https://github.com/docker-mailserver/docker-mailserver/pull/3572))
- If you need to modify this change, please let us know by opening an issue / discussion.
- You can [opt out (*enable DSNs*) via the `postfix-main.cf` override support](https://docker-mailserver.github.io/docker-mailserver/v12.1/config/advanced/override-defaults/postfix/) using the contents: `smtpd_discard_ehlo_keywords =`.
- Likewise for authenticated users, the submission(s) ports (465 + 587) are configured internally via `master.cf` to keep DSNs enabled (*since authentication protects from abuse*).
If necessary, DSNs for authenticated users can be disabled via the `postfix-master.cf` override with the following contents:
```cf
submission/inet/smtpd_discard_ehlo_keywords=silent-discard,dsn
submissions/inet/smtpd_discard_ehlo_keywords=silent-discard,dsn
```
##### Added
- **Features:**
- `getmail` as an alternative to `fetchmail` ([#​2803](https://github.com/docker-mailserver/docker-mailserver/pull/2803))
- `setup` CLI - `setup fail2ban` gained a new `status <JAIL>` subcommand ([#​3455](https://github.com/docker-mailserver/docker-mailserver/pull/3455))
- **Environment Variables:**
- `MARK_SPAM_AS_READ`. When set to `1`, marks incoming spam as "read" to avoid unwanted "new mail" notifications for junk mail ([#​3489](https://github.com/docker-mailserver/docker-mailserver/pull/3489))
- `DMS_VMAIL_UID` and `DMS_VMAIL_GID` allow changing the default ID values (`5000:5000`) for the Dovecot vmail user and group ([#​3550](https://github.com/docker-mailserver/docker-mailserver/pull/3550))
- `RSPAMD_CHECK_AUTHENTICATED` allows authenticated users to avoid additional security checks by Rspamd ([#​3440](https://github.com/docker-mailserver/docker-mailserver/pull/3440))
- **Documentation:**
- Use-case examples / tutorials:
- iOS mail push support ([#​3513](https://github.com/docker-mailserver/docker-mailserver/pull/3513))
- Guide for setting up Dovecot Authentication via Lua ([#​3579](https://github.com/docker-mailserver/docker-mailserver/pull/3579))
- Guide for integrating with the Crowdsec service ([#​3651](https://github.com/docker-mailserver/docker-mailserver/pull/3651))
- Debugging page:
- New compatibility section ([#​3404](https://github.com/docker-mailserver/docker-mailserver/pull/3404))
- Now advises how to (re)start DMS correctly ([#​3654](https://github.com/docker-mailserver/docker-mailserver/pull/3654))
- Better communicate distinction between DMS FQDN and DMS mail accounts ([#​3372](https://github.com/docker-mailserver/docker-mailserver/pull/3372))
- Traefik example now includes `passthrough=true` on implicit ports ([#​3568](https://github.com/docker-mailserver/docker-mailserver/pull/3568))
- Rspamd docs have received a variety of revisions ([#​3318](https://github.com/docker-mailserver/docker-mailserver/pull/3318), [#​3325](https://github.com/docker-mailserver/docker-mailserver/pull/3325), [#​3329](https://github.com/docker-mailserver/docker-mailserver/pull/3329))
- IPv6 config examples with content tabs ([#​3436](https://github.com/docker-mailserver/docker-mailserver/pull/3436))
- Mention [internet.nl](https://internet.nl/test-mail/) as another testing service ([#​3445](https://github.com/docker-mailserver/docker-mailserver/pull/3445))
- `setup alias add ...` CLI help message now includes an example for aliasing to multiple recipients ([#​3600](https://github.com/docker-mailserver/docker-mailserver/pull/3600))
- `SPAMASSASSIN_SPAM_TO_INBOX=1`, now emits a debug log to raise awareness that `SA_KILL` will be ignored ([#​3360](https://github.com/docker-mailserver/docker-mailserver/pull/3360))
- `CLAMAV_MESSAGE_SIZE_LIMIT` now logs a warning when the value exceeds what ClamAV is capable of supporting (4GiB max scan size [#​3332](https://github.com/docker-mailserver/docker-mailserver/pull/3332), 2GiB max file size [#​3341](https://github.com/docker-mailserver/docker-mailserver/pull/3341))
- Added note to caution against changing `mydestination` in Postfix's `main.cf` ([#​3316](https://github.com/docker-mailserver/docker-mailserver/pull/3316))
- **Internal:**
- Added a wrapper to update Postfix configuration safely ([#​3484](https://github.com/docker-mailserver/docker-mailserver/pull/3484), [#​3503](https://github.com/docker-mailserver/docker-mailserver/pull/3503))
- Add debug group to `packages.sh` ([#​3578](https://github.com/docker-mailserver/docker-mailserver/pull/3578))
- **Tests:**
- Additional linting check for BASH syntax ([#​3369](https://github.com/docker-mailserver/docker-mailserver/pull/3369))
##### Updates
- **Misc:**
- Changed `setup config dkim` default key size to `2048` (`open-dkim`) ([#​3508](https://github.com/docker-mailserver/docker-mailserver/pull/3508))
- **Postfix:**
- Dropped special bits from `maildrop/` and `public/` directory permissions ([#​3625](https://github.com/docker-mailserver/docker-mailserver/pull/3625))
- **Rspamd:**
- Adjusted learning of ham ([#​3334](https://github.com/docker-mailserver/docker-mailserver/pull/3334))
- Adjusted `antivirus.conf` ([#​3331](https://github.com/docker-mailserver/docker-mailserver/pull/3331))
- `logrotate` setup + Rspamd log path + tests log helper fallback path ([#​3576](https://github.com/docker-mailserver/docker-mailserver/pull/3576))
- Setup during container startup is now more resilient ([#​3578](https://github.com/docker-mailserver/docker-mailserver/pull/3578))
- Changed DKIM default config location ([#​3597](https://github.com/docker-mailserver/docker-mailserver/pull/3597))
- Removed the symlink for the `override.d/` directory in favor of using `cp`, integrated into the changedetector service, , added a `--force` option for the Rspamd DKIM management, and provided a dedicated helper script for common ENV variables ([#​3599](https://github.com/docker-mailserver/docker-mailserver/pull/3599))
- Required permissions are now verified for DKIM private key files ([#​3627](https://github.com/docker-mailserver/docker-mailserver/pull/3627))
- **Documentation:**
- Documentation aligned to Compose v2 conventions, `docker-compose` command changed to `docker compose`, `docker-compose.yaml` to `compose.yaml` ([#​3295](https://github.com/docker-mailserver/docker-mailserver/pull/3295))
- Restored missing edit button ([#​3338](https://github.com/docker-mailserver/docker-mailserver/pull/3338))
- Complete rewrite of the IPv6 page ([#​3244](https://github.com/docker-mailserver/docker-mailserver/pull/3244), [#​3531](https://github.com/docker-mailserver/docker-mailserver/pull/3531))
- Complete rewrite of the "Update and Cleanup" maintenance page ([#​3539](https://github.com/docker-mailserver/docker-mailserver/pull/3539), [#​3583](https://github.com/docker-mailserver/docker-mailserver/pull/3583))
- Improved debugging page advice on working with logs ([#​3626](https://github.com/docker-mailserver/docker-mailserver/pull/3626), [#​3640](https://github.com/docker-mailserver/docker-mailserver/pull/3640))
- Clarified the default for ENV `FETCHMAIL_PARALLEL` ([#​3603](https://github.com/docker-mailserver/docker-mailserver/pull/3603))
- Removed port 25 from FAQ entry for mail client ports supporting authenticated submission ([#​3496](https://github.com/docker-mailserver/docker-mailserver/pull/3496))
- Updated home path in docs for Dovecot Sieve ([#​3370](https://github.com/docker-mailserver/docker-mailserver/pull/3370), [#​3650](https://github.com/docker-mailserver/docker-mailserver/pull/3650))
- Fixed path to `rspamd.log` ([#​3585](https://github.com/docker-mailserver/docker-mailserver/pull/3585))
- "Optional Config" page now uses consistent lowercase convention for directory names ([#​3629](https://github.com/docker-mailserver/docker-mailserver/pull/3629))
- `CONTRIBUTORS.md`: Removed redundant "All Contributors" section ([#​3638](https://github.com/docker-mailserver/docker-mailserver/pull/3638))
- **Internal:**
- LDAP config improvements (Removed implicit `ldap://` LDAP URI scheme fallback) ([#​3522](https://github.com/docker-mailserver/docker-mailserver/pull/3522))
- Changed style conventions for internal scripts ([#​3361](https://github.com/docker-mailserver/docker-mailserver/pull/3361), [#​3364](https://github.com/docker-mailserver/docker-mailserver/pull/3364), [#​3365](https://github.com/docker-mailserver/docker-mailserver/pull/3365), [#​3366](https://github.com/docker-mailserver/docker-mailserver/pull/3366), [#​3368](https://github.com/docker-mailserver/docker-mailserver/pull/3368), [#​3464](https://github.com/docker-mailserver/docker-mailserver/pull/3464))
- **CI / Automation:**
- `.gitattributes` now ensures files are committed with `eol=lf` ([#​3527](https://github.com/docker-mailserver/docker-mailserver/pull/3527))
- Revised the GitHub issue bug report template ([#​3317](https://github.com/docker-mailserver/docker-mailserver/pull/3317), [#​3381](https://github.com/docker-mailserver/docker-mailserver/pull/3381), [#​3435](https://github.com/docker-mailserver/docker-mailserver/pull/3435))
- Clarified that the issue tracker is not for personal support ([#​3498](https://github.com/docker-mailserver/docker-mailserver/pull/3498), [#​3502](https://github.com/docker-mailserver/docker-mailserver/pull/3502))
- Bumped versions of miscellaneous software (also shoutout to [@​dependabot](https://github.com/dependabot)) ([#​3371](https://github.com/docker-mailserver/docker-mailserver/pull/3371), [#​3584](https://github.com/docker-mailserver/docker-mailserver/pull/3584), [#​3504](https://github.com/docker-mailserver/docker-mailserver/pull/3504), [#​3516](https://github.com/docker-mailserver/docker-mailserver/pull/3516))
- **Tests:**
- Refactored LDAP tests to current conventions ([#​3483](https://github.com/docker-mailserver/docker-mailserver/pull/3483))
- Changed OpenLDAP image to `bitnami/openldap` ([#​3494](https://github.com/docker-mailserver/docker-mailserver/pull/3494))
- Revised LDAP config + setup ([#​3514](https://github.com/docker-mailserver/docker-mailserver/pull/3514))
- Added tests for the helper function `_add_to_or_update_postfix_main()` ([#​3505](https://github.com/docker-mailserver/docker-mailserver/pull/3505))
- EditorConfig Checker lint now uses a mount path to `/check` instead of `/ci` ([#​3655](https://github.com/docker-mailserver/docker-mailserver/pull/3655))
##### Fixed
- **Security:**
- Fixed issue with concatenating `$dmarc_milter` and `$dkim_milter` in `main.cf` ([#​3380](https://github.com/docker-mailserver/docker-mailserver/pull/3380))
- Fixed Rspamd DKIM signing for inbound emails ([#​3439](https://github.com/docker-mailserver/docker-mailserver/pull/3439), [#​3453](https://github.com/docker-mailserver/docker-mailserver/pull/3453))
- OpenDKIM key generation is no longer broken when Rspamd is also enabled ([#​3535](https://github.com/docker-mailserver/docker-mailserver/pull/3535))
- **Internal:**
- The "database" files (*for managing users and aliases*) now correctly filters within lookup query ([#​3359](https://github.com/docker-mailserver/docker-mailserver/pull/3359))
- `_setup_spam_to_junk()` no longer registered when `SMTP_ONLY=1` ([#​3385](https://github.com/docker-mailserver/docker-mailserver/pull/3385))
- Dovecot `fts_xapian` is now compiled from source to match the Dovecot package ABI ([#​3373](https://github.com/docker-mailserver/docker-mailserver/pull/3373))
- **CI:**
- Scheduled build now have the correct permissions to run successfully ([#​3345](https://github.com/docker-mailserver/docker-mailserver/pull/3345))
- **Documentation:**
- Miscellaneous spelling and wording improvements ([#​3324](https://github.com/docker-mailserver/docker-mailserver/pull/3324), [#​3330](https://github.com/docker-mailserver/docker-mailserver/pull/3330), [#​3337](https://github.com/docker-mailserver/docker-mailserver/pull/3337), [#​3339](https://github.com/docker-mailserver/docker-mailserver/pull/3339), [#​3344](https://github.com/docker-mailserver/docker-mailserver/pull/3344), [#​3367](https://github.com/docker-mailserver/docker-mailserver/pull/3367), [#​3411](https://github.com/docker-mailserver/docker-mailserver/pull/3411), [#​3443](https://github.com/docker-mailserver/docker-mailserver/pull/3443))
- **Tests:**
- Run `pgrep` within the actual container ([#​3553](https://github.com/docker-mailserver/docker-mailserver/pull/3553))
- `lmtp_ip.bats` improved partial failure output ([#​3552](https://github.com/docker-mailserver/docker-mailserver/pull/3552))
- Improvements to LDIF test data ([#​3506](https://github.com/docker-mailserver/docker-mailserver/pull/3506))
- Normalized for `.gitattributes` + improved `eclint` coverage ([#​3566](https://github.com/docker-mailserver/docker-mailserver/pull/3566))
- Fixed ShellCheck linting for BATS tests ([#​3347](https://github.com/docker-mailserver/docker-mailserver/pull/3347))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4wLjEiLCJ1cGRhdGVkSW5WZXIiOiIzNy4wLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=-->
Reviewed-on: https://git.csprung.de/carsten/container-server/pulls/8
Co-authored-by: Renovate Bot <renovate@git.csprung.de>
Co-committed-by: Renovate Bot <renovate@git.csprung.de>
2023-11-27 17:18:07 +01:00
|
|
|
image: mailserver/docker-mailserver:13
|
2019-12-05 23:02:28 +01:00
|
|
|
container_name: mail
|
2019-12-04 22:00:35 +01:00
|
|
|
restart: "${RESTART:-no}"
|
2023-09-13 22:33:47 +02:00
|
|
|
hostname: post
|
2019-12-05 23:02:28 +01:00
|
|
|
domainname: ${BASE_DOMAIN}
|
2023-09-13 22:33:47 +02:00
|
|
|
cap_add:
|
|
|
|
- NET_ADMIN # For Fail2Ban to work
|
2022-12-10 18:16:50 +01:00
|
|
|
environment:
|
|
|
|
- SSL_TYPE=letsencrypt
|
2022-12-22 18:11:48 +01:00
|
|
|
# You may want to enable this: https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/#spoof_protection
|
|
|
|
# See step 8 below, which demonstrates setup with enabled/disabled SPOOF_PROTECTION:
|
|
|
|
- SPOOF_PROTECTION=0
|
2022-12-10 18:16:50 +01:00
|
|
|
# Allow sending emails from other docker containers
|
|
|
|
# Beware creating an Open Relay: https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/#permit_docker
|
2022-12-17 19:20:46 +01:00
|
|
|
- PERMIT_DOCKER=connected-networks
|
2022-12-10 18:16:50 +01:00
|
|
|
- ONE_DIR=1
|
2023-09-13 22:33:47 +02:00
|
|
|
|
|
|
|
- ENABLE_AMAVIS=1
|
2022-12-10 18:16:50 +01:00
|
|
|
- ENABLE_POSTGREY=0
|
|
|
|
- ENABLE_CLAMAV=0
|
2023-09-13 22:33:47 +02:00
|
|
|
- ENABLE_SPAMASSASSIN=1
|
2022-12-11 00:10:46 +01:00
|
|
|
- ENABLE_MANAGESIEVE=1
|
2023-09-20 20:56:20 +02:00
|
|
|
- ENABLE_FAIL2BAN=0
|
2023-09-13 22:33:47 +02:00
|
|
|
|
2022-12-10 18:16:50 +01:00
|
|
|
- TZ=${TIMEZONE}
|
2022-12-22 18:11:48 +01:00
|
|
|
- POSTMASTER_ADDRESS=postmaster@${BASE_DOMAIN}
|
2023-09-13 22:33:47 +02:00
|
|
|
|
|
|
|
- SPAMASSASSIN_SPAM_TO_INBOX=1
|
|
|
|
- MOVE_SPAM_TO_JUNK=1
|
|
|
|
- SA_TAG=-10000.0 # set headers on all mails
|
|
|
|
- SA_TAG2=3.75 # above is considered spam
|
|
|
|
- SA_KILL=10000.0 # don't bounce/quarantine anything
|
|
|
|
- "SA_SPAM_SUBJECT=[SPAM] "
|
2019-11-05 20:58:51 +01:00
|
|
|
ports:
|
2023-09-13 22:33:47 +02:00
|
|
|
- "25:25" # SMTP (explicit TLS => STARTTLS)
|
|
|
|
- "143:143" # IMAP4 (explicit TLS => STARTTLS)
|
|
|
|
- "465:465" # ESMTP (implicit TLS)
|
|
|
|
- "587:587" # ESMTP (explicit TLS => STARTTLS)
|
|
|
|
- "993:993" # IMAP4 (implicit TLS)
|
2022-12-11 00:10:46 +01:00
|
|
|
- "4190:4190" # managesieve
|
2019-11-05 20:58:51 +01:00
|
|
|
volumes:
|
2022-12-10 18:16:50 +01:00
|
|
|
# config
|
|
|
|
- ${BASE_DIR:-/srv}/mail/config:/tmp/docker-mailserver/
|
2023-09-13 22:33:47 +02:00
|
|
|
- ./mail/spamassassin-learn:/etc/cron.d/spamassassin-learn:ro
|
|
|
|
- ./mail/15-mailboxes.conf:/etc/dovecot/conf.d/15-mailboxes.conf:ro
|
2022-12-10 18:16:50 +01:00
|
|
|
# Mail data
|
|
|
|
- ${BASE_DIR:-/srv}/mail/mail-data:/var/mail/
|
|
|
|
- ${BASE_DIR:-/srv}/mail/mail-state:/var/mail-state/
|
|
|
|
- ${BASE_DIR:-/srv}/mail/mail-logs:/var/log/mail/
|
|
|
|
# certificates
|
2023-09-13 22:33:47 +02:00
|
|
|
- ${CERTS_DIR}/post.${BASE_DOMAIN}/post.${BASE_DOMAIN}.crt:/etc/letsencrypt/live/post.${BASE_DOMAIN}/fullchain.pem:ro
|
|
|
|
- ${CERTS_DIR}/post.${BASE_DOMAIN}/post.${BASE_DOMAIN}.key:/etc/letsencrypt/live/post.${BASE_DOMAIN}/privkey.pem:ro
|
2019-11-05 20:58:51 +01:00
|
|
|
networks:
|
2023-09-13 22:33:47 +02:00
|
|
|
mail:
|
|
|
|
aliases:
|
|
|
|
- post.${BASE_DOMAIN}
|