container-server/services/mail/docker-compose.yml

76 lines
3.1 KiB
YAML
Raw Normal View History

2019-11-05 20:58:51 +01:00
version: '3.7'
# https://hub.docker.com/r/mailserver/docker-mailserver
# https://docker-mailserver.github.io/docker-mailserver/edge/examples/tutorials/basic-installation/
# https://github.com/docker-mailserver/docker-mailserver
# https://github.com/docker-mailserver/docker-mailserver/blob/master/docs/content/config/advanced/mail-sieve.md
# https://docker-mailserver.github.io/docker-mailserver/latest/faq/#how-can-i-make-spamassassin-better-recognize-spam
# https://docker-mailserver.github.io/docker-mailserver/latest/examples/use-cases/imap-folders/#mailboxes-aka-imap-folders
# https://doc.dovecot.org/configuration_manual/namespace/#core_setting-namespace/mailbox/autoexpunge
# https://notes.sagredo.eu/en/qmail-notes-185/expunging-expired-junk-and-trash-emails-with-dovecot-124.html
# create account: task srv:mail-setup -- email add <user>@<domain>
2020-02-04 19:05:07 +01:00
2019-11-05 20:58:51 +01:00
networks:
mail:
name: mail
services:
mail:
chore(deps): update mailserver/docker-mailserver docker tag to v13 (#8) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [mailserver/docker-mailserver](https://github.com/docker-mailserver/docker-mailserver) | major | `12` -> `13` | --- ### Release Notes <details> <summary>docker-mailserver/docker-mailserver (mailserver/docker-mailserver)</summary> ### [`v13`](https://github.com/docker-mailserver/docker-mailserver/blob/HEAD/CHANGELOG.md#v1300) ##### Breaking - **LDAP:** - ENV `LDAP_SERVER_HOST`, `DOVECOT_URIS`, and `SASLAUTHD_LDAP_SERVER` will now log an error if the LDAP URI scheme is missing. Previously there was an implicit fallback to `ldap://` ([#&#8203;3522](https://github.com/docker-mailserver/docker-mailserver/pull/3522)) - `ENABLE_LDAP=1` is no longer supported, please use `ACCOUNT_PROVISIONER=LDAP` ([#&#8203;3507](https://github.com/docker-mailserver/docker-mailserver/pull/3507)) - **Rspamd:** - The deprecated path for the Rspamd custom commands file (`/tmp/docker-mailserver/rspamd-modules.conf`) now prevents successful startup. The correct path is `/tmp/docker-mailserver/rspamd/custom-commands.conf`. - **Dovecot:** - Dovecot mail storage per account in `/var/mail` previously shared the same path for the accounts home directory ([#&#8203;3335](https://github.com/docker-mailserver/docker-mailserver/pull/3335)) - The home directory now is a subdirectory `home/`. This change better supports sieve scripts. - **NOTE:** The change has not yet been implemented for `ACCOUNT_PROVISIONER=LDAP`. - **Postfix:** - `/etc/postfix/master.cf` has renamed the "smtps" service to "submissions" ([#&#8203;3235](https://github.com/docker-mailserver/docker-mailserver/pull/3235)) - This is the modern `/etc/services` name for port 465, aligning with the similar "submission" port 587. - Postfix now defaults to supporting DSNs (*[Delivery Status Notifications](https://github.com/docker-mailserver/docker-mailserver/pull/3572#issuecomment-1751880574)*) only for authenticated users (*via ports 465 + 587*). This is a security measure to reduce spammer abuse of your DMS instance as a backscatter source. ([#&#8203;3572](https://github.com/docker-mailserver/docker-mailserver/pull/3572)) - If you need to modify this change, please let us know by opening an issue / discussion. - You can [opt out (*enable DSNs*) via the `postfix-main.cf` override support](https://docker-mailserver.github.io/docker-mailserver/v12.1/config/advanced/override-defaults/postfix/) using the contents: `smtpd_discard_ehlo_keywords =`. - Likewise for authenticated users, the submission(s) ports (465 + 587) are configured internally via `master.cf` to keep DSNs enabled (*since authentication protects from abuse*). If necessary, DSNs for authenticated users can be disabled via the `postfix-master.cf` override with the following contents: ```cf submission/inet/smtpd_discard_ehlo_keywords=silent-discard,dsn submissions/inet/smtpd_discard_ehlo_keywords=silent-discard,dsn ``` ##### Added - **Features:** - `getmail` as an alternative to `fetchmail` ([#&#8203;2803](https://github.com/docker-mailserver/docker-mailserver/pull/2803)) - `setup` CLI - `setup fail2ban` gained a new `status <JAIL>` subcommand ([#&#8203;3455](https://github.com/docker-mailserver/docker-mailserver/pull/3455)) - **Environment Variables:** - `MARK_SPAM_AS_READ`. When set to `1`, marks incoming spam as "read" to avoid unwanted "new mail" notifications for junk mail ([#&#8203;3489](https://github.com/docker-mailserver/docker-mailserver/pull/3489)) - `DMS_VMAIL_UID` and `DMS_VMAIL_GID` allow changing the default ID values (`5000:5000`) for the Dovecot vmail user and group ([#&#8203;3550](https://github.com/docker-mailserver/docker-mailserver/pull/3550)) - `RSPAMD_CHECK_AUTHENTICATED` allows authenticated users to avoid additional security checks by Rspamd ([#&#8203;3440](https://github.com/docker-mailserver/docker-mailserver/pull/3440)) - **Documentation:** - Use-case examples / tutorials: - iOS mail push support ([#&#8203;3513](https://github.com/docker-mailserver/docker-mailserver/pull/3513)) - Guide for setting up Dovecot Authentication via Lua ([#&#8203;3579](https://github.com/docker-mailserver/docker-mailserver/pull/3579)) - Guide for integrating with the Crowdsec service ([#&#8203;3651](https://github.com/docker-mailserver/docker-mailserver/pull/3651)) - Debugging page: - New compatibility section ([#&#8203;3404](https://github.com/docker-mailserver/docker-mailserver/pull/3404)) - Now advises how to (re)start DMS correctly ([#&#8203;3654](https://github.com/docker-mailserver/docker-mailserver/pull/3654)) - Better communicate distinction between DMS FQDN and DMS mail accounts ([#&#8203;3372](https://github.com/docker-mailserver/docker-mailserver/pull/3372)) - Traefik example now includes `passthrough=true` on implicit ports ([#&#8203;3568](https://github.com/docker-mailserver/docker-mailserver/pull/3568)) - Rspamd docs have received a variety of revisions ([#&#8203;3318](https://github.com/docker-mailserver/docker-mailserver/pull/3318), [#&#8203;3325](https://github.com/docker-mailserver/docker-mailserver/pull/3325), [#&#8203;3329](https://github.com/docker-mailserver/docker-mailserver/pull/3329)) - IPv6 config examples with content tabs ([#&#8203;3436](https://github.com/docker-mailserver/docker-mailserver/pull/3436)) - Mention [internet.nl](https://internet.nl/test-mail/) as another testing service ([#&#8203;3445](https://github.com/docker-mailserver/docker-mailserver/pull/3445)) - `setup alias add ...` CLI help message now includes an example for aliasing to multiple recipients ([#&#8203;3600](https://github.com/docker-mailserver/docker-mailserver/pull/3600)) - `SPAMASSASSIN_SPAM_TO_INBOX=1`, now emits a debug log to raise awareness that `SA_KILL` will be ignored ([#&#8203;3360](https://github.com/docker-mailserver/docker-mailserver/pull/3360)) - `CLAMAV_MESSAGE_SIZE_LIMIT` now logs a warning when the value exceeds what ClamAV is capable of supporting (4GiB max scan size [#&#8203;3332](https://github.com/docker-mailserver/docker-mailserver/pull/3332), 2GiB max file size [#&#8203;3341](https://github.com/docker-mailserver/docker-mailserver/pull/3341)) - Added note to caution against changing `mydestination` in Postfix's `main.cf` ([#&#8203;3316](https://github.com/docker-mailserver/docker-mailserver/pull/3316)) - **Internal:** - Added a wrapper to update Postfix configuration safely ([#&#8203;3484](https://github.com/docker-mailserver/docker-mailserver/pull/3484), [#&#8203;3503](https://github.com/docker-mailserver/docker-mailserver/pull/3503)) - Add debug group to `packages.sh` ([#&#8203;3578](https://github.com/docker-mailserver/docker-mailserver/pull/3578)) - **Tests:** - Additional linting check for BASH syntax ([#&#8203;3369](https://github.com/docker-mailserver/docker-mailserver/pull/3369)) ##### Updates - **Misc:** - Changed `setup config dkim` default key size to `2048` (`open-dkim`) ([#&#8203;3508](https://github.com/docker-mailserver/docker-mailserver/pull/3508)) - **Postfix:** - Dropped special bits from `maildrop/` and `public/` directory permissions ([#&#8203;3625](https://github.com/docker-mailserver/docker-mailserver/pull/3625)) - **Rspamd:** - Adjusted learning of ham ([#&#8203;3334](https://github.com/docker-mailserver/docker-mailserver/pull/3334)) - Adjusted `antivirus.conf` ([#&#8203;3331](https://github.com/docker-mailserver/docker-mailserver/pull/3331)) - `logrotate` setup + Rspamd log path + tests log helper fallback path ([#&#8203;3576](https://github.com/docker-mailserver/docker-mailserver/pull/3576)) - Setup during container startup is now more resilient ([#&#8203;3578](https://github.com/docker-mailserver/docker-mailserver/pull/3578)) - Changed DKIM default config location ([#&#8203;3597](https://github.com/docker-mailserver/docker-mailserver/pull/3597)) - Removed the symlink for the `override.d/` directory in favor of using `cp`, integrated into the changedetector service, , added a `--force` option for the Rspamd DKIM management, and provided a dedicated helper script for common ENV variables ([#&#8203;3599](https://github.com/docker-mailserver/docker-mailserver/pull/3599)) - Required permissions are now verified for DKIM private key files ([#&#8203;3627](https://github.com/docker-mailserver/docker-mailserver/pull/3627)) - **Documentation:** - Documentation aligned to Compose v2 conventions, `docker-compose` command changed to `docker compose`, `docker-compose.yaml` to `compose.yaml` ([#&#8203;3295](https://github.com/docker-mailserver/docker-mailserver/pull/3295)) - Restored missing edit button ([#&#8203;3338](https://github.com/docker-mailserver/docker-mailserver/pull/3338)) - Complete rewrite of the IPv6 page ([#&#8203;3244](https://github.com/docker-mailserver/docker-mailserver/pull/3244), [#&#8203;3531](https://github.com/docker-mailserver/docker-mailserver/pull/3531)) - Complete rewrite of the "Update and Cleanup" maintenance page ([#&#8203;3539](https://github.com/docker-mailserver/docker-mailserver/pull/3539), [#&#8203;3583](https://github.com/docker-mailserver/docker-mailserver/pull/3583)) - Improved debugging page advice on working with logs ([#&#8203;3626](https://github.com/docker-mailserver/docker-mailserver/pull/3626), [#&#8203;3640](https://github.com/docker-mailserver/docker-mailserver/pull/3640)) - Clarified the default for ENV `FETCHMAIL_PARALLEL` ([#&#8203;3603](https://github.com/docker-mailserver/docker-mailserver/pull/3603)) - Removed port 25 from FAQ entry for mail client ports supporting authenticated submission ([#&#8203;3496](https://github.com/docker-mailserver/docker-mailserver/pull/3496)) - Updated home path in docs for Dovecot Sieve ([#&#8203;3370](https://github.com/docker-mailserver/docker-mailserver/pull/3370), [#&#8203;3650](https://github.com/docker-mailserver/docker-mailserver/pull/3650)) - Fixed path to `rspamd.log` ([#&#8203;3585](https://github.com/docker-mailserver/docker-mailserver/pull/3585)) - "Optional Config" page now uses consistent lowercase convention for directory names ([#&#8203;3629](https://github.com/docker-mailserver/docker-mailserver/pull/3629)) - `CONTRIBUTORS.md`: Removed redundant "All Contributors" section ([#&#8203;3638](https://github.com/docker-mailserver/docker-mailserver/pull/3638)) - **Internal:** - LDAP config improvements (Removed implicit `ldap://` LDAP URI scheme fallback) ([#&#8203;3522](https://github.com/docker-mailserver/docker-mailserver/pull/3522)) - Changed style conventions for internal scripts ([#&#8203;3361](https://github.com/docker-mailserver/docker-mailserver/pull/3361), [#&#8203;3364](https://github.com/docker-mailserver/docker-mailserver/pull/3364), [#&#8203;3365](https://github.com/docker-mailserver/docker-mailserver/pull/3365), [#&#8203;3366](https://github.com/docker-mailserver/docker-mailserver/pull/3366), [#&#8203;3368](https://github.com/docker-mailserver/docker-mailserver/pull/3368), [#&#8203;3464](https://github.com/docker-mailserver/docker-mailserver/pull/3464)) - **CI / Automation:** - `.gitattributes` now ensures files are committed with `eol=lf` ([#&#8203;3527](https://github.com/docker-mailserver/docker-mailserver/pull/3527)) - Revised the GitHub issue bug report template ([#&#8203;3317](https://github.com/docker-mailserver/docker-mailserver/pull/3317), [#&#8203;3381](https://github.com/docker-mailserver/docker-mailserver/pull/3381), [#&#8203;3435](https://github.com/docker-mailserver/docker-mailserver/pull/3435)) - Clarified that the issue tracker is not for personal support ([#&#8203;3498](https://github.com/docker-mailserver/docker-mailserver/pull/3498), [#&#8203;3502](https://github.com/docker-mailserver/docker-mailserver/pull/3502)) - Bumped versions of miscellaneous software (also shoutout to [@&#8203;dependabot](https://github.com/dependabot)) ([#&#8203;3371](https://github.com/docker-mailserver/docker-mailserver/pull/3371), [#&#8203;3584](https://github.com/docker-mailserver/docker-mailserver/pull/3584), [#&#8203;3504](https://github.com/docker-mailserver/docker-mailserver/pull/3504), [#&#8203;3516](https://github.com/docker-mailserver/docker-mailserver/pull/3516)) - **Tests:** - Refactored LDAP tests to current conventions ([#&#8203;3483](https://github.com/docker-mailserver/docker-mailserver/pull/3483)) - Changed OpenLDAP image to `bitnami/openldap` ([#&#8203;3494](https://github.com/docker-mailserver/docker-mailserver/pull/3494)) - Revised LDAP config + setup ([#&#8203;3514](https://github.com/docker-mailserver/docker-mailserver/pull/3514)) - Added tests for the helper function `_add_to_or_update_postfix_main()` ([#&#8203;3505](https://github.com/docker-mailserver/docker-mailserver/pull/3505)) - EditorConfig Checker lint now uses a mount path to `/check` instead of `/ci` ([#&#8203;3655](https://github.com/docker-mailserver/docker-mailserver/pull/3655)) ##### Fixed - **Security:** - Fixed issue with concatenating `$dmarc_milter` and `$dkim_milter` in `main.cf` ([#&#8203;3380](https://github.com/docker-mailserver/docker-mailserver/pull/3380)) - Fixed Rspamd DKIM signing for inbound emails ([#&#8203;3439](https://github.com/docker-mailserver/docker-mailserver/pull/3439), [#&#8203;3453](https://github.com/docker-mailserver/docker-mailserver/pull/3453)) - OpenDKIM key generation is no longer broken when Rspamd is also enabled ([#&#8203;3535](https://github.com/docker-mailserver/docker-mailserver/pull/3535)) - **Internal:** - The "database" files (*for managing users and aliases*) now correctly filters within lookup query ([#&#8203;3359](https://github.com/docker-mailserver/docker-mailserver/pull/3359)) - `_setup_spam_to_junk()` no longer registered when `SMTP_ONLY=1` ([#&#8203;3385](https://github.com/docker-mailserver/docker-mailserver/pull/3385)) - Dovecot `fts_xapian` is now compiled from source to match the Dovecot package ABI ([#&#8203;3373](https://github.com/docker-mailserver/docker-mailserver/pull/3373)) - **CI:** - Scheduled build now have the correct permissions to run successfully ([#&#8203;3345](https://github.com/docker-mailserver/docker-mailserver/pull/3345)) - **Documentation:** - Miscellaneous spelling and wording improvements ([#&#8203;3324](https://github.com/docker-mailserver/docker-mailserver/pull/3324), [#&#8203;3330](https://github.com/docker-mailserver/docker-mailserver/pull/3330), [#&#8203;3337](https://github.com/docker-mailserver/docker-mailserver/pull/3337), [#&#8203;3339](https://github.com/docker-mailserver/docker-mailserver/pull/3339), [#&#8203;3344](https://github.com/docker-mailserver/docker-mailserver/pull/3344), [#&#8203;3367](https://github.com/docker-mailserver/docker-mailserver/pull/3367), [#&#8203;3411](https://github.com/docker-mailserver/docker-mailserver/pull/3411), [#&#8203;3443](https://github.com/docker-mailserver/docker-mailserver/pull/3443)) - **Tests:** - Run `pgrep` within the actual container ([#&#8203;3553](https://github.com/docker-mailserver/docker-mailserver/pull/3553)) - `lmtp_ip.bats` improved partial failure output ([#&#8203;3552](https://github.com/docker-mailserver/docker-mailserver/pull/3552)) - Improvements to LDIF test data ([#&#8203;3506](https://github.com/docker-mailserver/docker-mailserver/pull/3506)) - Normalized for `.gitattributes` + improved `eclint` coverage ([#&#8203;3566](https://github.com/docker-mailserver/docker-mailserver/pull/3566)) - Fixed ShellCheck linting for BATS tests ([#&#8203;3347](https://github.com/docker-mailserver/docker-mailserver/pull/3347)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4wLjEiLCJ1cGRhdGVkSW5WZXIiOiIzNy4wLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=--> Reviewed-on: https://git.csprung.de/carsten/container-server/pulls/8 Co-authored-by: Renovate Bot <renovate@git.csprung.de> Co-committed-by: Renovate Bot <renovate@git.csprung.de>
2023-11-27 17:18:07 +01:00
image: mailserver/docker-mailserver:13
2019-12-05 23:02:28 +01:00
container_name: mail
2019-12-04 22:00:35 +01:00
restart: "${RESTART:-no}"
hostname: post
2019-12-05 23:02:28 +01:00
domainname: ${BASE_DOMAIN}
cap_add:
- NET_ADMIN # For Fail2Ban to work
environment:
- SSL_TYPE=letsencrypt
2022-12-22 18:11:48 +01:00
# You may want to enable this: https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/#spoof_protection
# See step 8 below, which demonstrates setup with enabled/disabled SPOOF_PROTECTION:
- SPOOF_PROTECTION=0
# Allow sending emails from other docker containers
# Beware creating an Open Relay: https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/#permit_docker
2022-12-17 19:20:46 +01:00
- PERMIT_DOCKER=connected-networks
- ONE_DIR=1
- ENABLE_AMAVIS=1
- ENABLE_POSTGREY=0
- ENABLE_CLAMAV=0
- ENABLE_SPAMASSASSIN=1
- ENABLE_MANAGESIEVE=1
- ENABLE_FAIL2BAN=0
- TZ=${TIMEZONE}
2022-12-22 18:11:48 +01:00
- POSTMASTER_ADDRESS=postmaster@${BASE_DOMAIN}
- SPAMASSASSIN_SPAM_TO_INBOX=1
- MOVE_SPAM_TO_JUNK=1
- SA_TAG=-10000.0 # set headers on all mails
- SA_TAG2=3.75 # above is considered spam
- SA_KILL=10000.0 # don't bounce/quarantine anything
- "SA_SPAM_SUBJECT=[SPAM] "
2019-11-05 20:58:51 +01:00
ports:
- "25:25" # SMTP (explicit TLS => STARTTLS)
- "143:143" # IMAP4 (explicit TLS => STARTTLS)
- "465:465" # ESMTP (implicit TLS)
- "587:587" # ESMTP (explicit TLS => STARTTLS)
- "993:993" # IMAP4 (implicit TLS)
- "4190:4190" # managesieve
2019-11-05 20:58:51 +01:00
volumes:
# config
- ${BASE_DIR:-/srv}/mail/config:/tmp/docker-mailserver/
- ./mail/spamassassin-learn:/etc/cron.d/spamassassin-learn:ro
- ./mail/15-mailboxes.conf:/etc/dovecot/conf.d/15-mailboxes.conf:ro
# Mail data
- ${BASE_DIR:-/srv}/mail/mail-data:/var/mail/
- ${BASE_DIR:-/srv}/mail/mail-state:/var/mail-state/
- ${BASE_DIR:-/srv}/mail/mail-logs:/var/log/mail/
# certificates
- ${CERTS_DIR}/post.${BASE_DOMAIN}/post.${BASE_DOMAIN}.crt:/etc/letsencrypt/live/post.${BASE_DOMAIN}/fullchain.pem:ro
- ${CERTS_DIR}/post.${BASE_DOMAIN}/post.${BASE_DOMAIN}.key:/etc/letsencrypt/live/post.${BASE_DOMAIN}/privkey.pem:ro
2019-11-05 20:58:51 +01:00
networks:
mail:
aliases:
- post.${BASE_DOMAIN}