Commit graph

8 commits

Author SHA1 Message Date
9c1291823e chore(deps): update mailserver/docker-mailserver docker tag to v13 (#8)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [mailserver/docker-mailserver](https://github.com/docker-mailserver/docker-mailserver) | major | `12` -> `13` |

---

### Release Notes

<details>
<summary>docker-mailserver/docker-mailserver (mailserver/docker-mailserver)</summary>

### [`v13`](https://github.com/docker-mailserver/docker-mailserver/blob/HEAD/CHANGELOG.md#v1300)

##### Breaking

-   **LDAP:**
    -   ENV `LDAP_SERVER_HOST`, `DOVECOT_URIS`, and `SASLAUTHD_LDAP_SERVER` will now log an error if the LDAP URI scheme is missing. Previously there was an implicit fallback to `ldap://` ([#&#8203;3522](https://github.com/docker-mailserver/docker-mailserver/pull/3522))
    -   `ENABLE_LDAP=1` is no longer supported, please use `ACCOUNT_PROVISIONER=LDAP` ([#&#8203;3507](https://github.com/docker-mailserver/docker-mailserver/pull/3507))
-   **Rspamd:**
    -   The deprecated path for the Rspamd custom commands file (`/tmp/docker-mailserver/rspamd-modules.conf`) now prevents successful startup. The correct path is `/tmp/docker-mailserver/rspamd/custom-commands.conf`.
-   **Dovecot:**
    -   Dovecot mail storage per account in `/var/mail` previously shared the same path for the accounts home directory ([#&#8203;3335](https://github.com/docker-mailserver/docker-mailserver/pull/3335))
        -   The home directory now is a subdirectory `home/`. This change better supports sieve scripts.
        -   **NOTE:** The change has not yet been implemented for `ACCOUNT_PROVISIONER=LDAP`.
-   **Postfix:**
    -   `/etc/postfix/master.cf` has renamed the "smtps" service to "submissions" ([#&#8203;3235](https://github.com/docker-mailserver/docker-mailserver/pull/3235))
        -   This is the modern `/etc/services` name for port 465, aligning with the similar "submission" port 587.
    -   Postfix now defaults to supporting DSNs (*[Delivery Status Notifications](https://github.com/docker-mailserver/docker-mailserver/pull/3572#issuecomment-1751880574)*) only for authenticated users (*via ports 465 + 587*). This is a security measure to reduce spammer abuse of your DMS instance as a backscatter source. ([#&#8203;3572](https://github.com/docker-mailserver/docker-mailserver/pull/3572))
        -   If you need to modify this change, please let us know by opening an issue / discussion.
        -   You can [opt out (*enable DSNs*) via the `postfix-main.cf` override support](https://docker-mailserver.github.io/docker-mailserver/v12.1/config/advanced/override-defaults/postfix/) using the contents: `smtpd_discard_ehlo_keywords =`.
        -   Likewise for authenticated users, the submission(s) ports (465 + 587) are configured internally via `master.cf` to keep DSNs enabled (*since authentication protects from abuse*).

            If necessary, DSNs for authenticated users can be disabled via the `postfix-master.cf` override with the following contents:

            ```cf
            submission/inet/smtpd_discard_ehlo_keywords=silent-discard,dsn
            submissions/inet/smtpd_discard_ehlo_keywords=silent-discard,dsn
            ```

##### Added

-   **Features:**
    -   `getmail` as an alternative to `fetchmail` ([#&#8203;2803](https://github.com/docker-mailserver/docker-mailserver/pull/2803))
    -   `setup` CLI - `setup fail2ban` gained a new `status <JAIL>` subcommand ([#&#8203;3455](https://github.com/docker-mailserver/docker-mailserver/pull/3455))
-   **Environment Variables:**
    -   `MARK_SPAM_AS_READ`. When set to `1`, marks incoming spam as "read" to avoid unwanted "new mail" notifications for junk mail ([#&#8203;3489](https://github.com/docker-mailserver/docker-mailserver/pull/3489))
    -   `DMS_VMAIL_UID` and `DMS_VMAIL_GID` allow changing the default ID values (`5000:5000`) for the Dovecot vmail user and group ([#&#8203;3550](https://github.com/docker-mailserver/docker-mailserver/pull/3550))
    -   `RSPAMD_CHECK_AUTHENTICATED` allows authenticated users to avoid additional security checks by Rspamd ([#&#8203;3440](https://github.com/docker-mailserver/docker-mailserver/pull/3440))
-   **Documentation:**
    -   Use-case examples / tutorials:
        -   iOS mail push support ([#&#8203;3513](https://github.com/docker-mailserver/docker-mailserver/pull/3513))
        -   Guide for setting up Dovecot Authentication via Lua ([#&#8203;3579](https://github.com/docker-mailserver/docker-mailserver/pull/3579))
        -   Guide for integrating with the Crowdsec service ([#&#8203;3651](https://github.com/docker-mailserver/docker-mailserver/pull/3651))
    -   Debugging page:
        -   New compatibility section ([#&#8203;3404](https://github.com/docker-mailserver/docker-mailserver/pull/3404))
        -   Now advises how to (re)start DMS correctly ([#&#8203;3654](https://github.com/docker-mailserver/docker-mailserver/pull/3654))
    -   Better communicate distinction between DMS FQDN and DMS mail accounts ([#&#8203;3372](https://github.com/docker-mailserver/docker-mailserver/pull/3372))
    -   Traefik example now includes `passthrough=true` on implicit ports ([#&#8203;3568](https://github.com/docker-mailserver/docker-mailserver/pull/3568))
    -   Rspamd docs have received a variety of revisions ([#&#8203;3318](https://github.com/docker-mailserver/docker-mailserver/pull/3318), [#&#8203;3325](https://github.com/docker-mailserver/docker-mailserver/pull/3325), [#&#8203;3329](https://github.com/docker-mailserver/docker-mailserver/pull/3329))
    -   IPv6 config examples with content tabs ([#&#8203;3436](https://github.com/docker-mailserver/docker-mailserver/pull/3436))
    -   Mention [internet.nl](https://internet.nl/test-mail/) as another testing service ([#&#8203;3445](https://github.com/docker-mailserver/docker-mailserver/pull/3445))
    -   `setup alias add ...` CLI help message now includes an example for aliasing to multiple recipients ([#&#8203;3600](https://github.com/docker-mailserver/docker-mailserver/pull/3600))
    -   `SPAMASSASSIN_SPAM_TO_INBOX=1`, now emits a debug log to raise awareness that `SA_KILL` will be ignored ([#&#8203;3360](https://github.com/docker-mailserver/docker-mailserver/pull/3360))
    -   `CLAMAV_MESSAGE_SIZE_LIMIT` now logs a warning when the value exceeds what ClamAV is capable of supporting (4GiB max scan size [#&#8203;3332](https://github.com/docker-mailserver/docker-mailserver/pull/3332), 2GiB max file size [#&#8203;3341](https://github.com/docker-mailserver/docker-mailserver/pull/3341))
    -   Added note to caution against changing `mydestination` in Postfix's `main.cf` ([#&#8203;3316](https://github.com/docker-mailserver/docker-mailserver/pull/3316))
-   **Internal:**
    -   Added a wrapper to update Postfix configuration safely ([#&#8203;3484](https://github.com/docker-mailserver/docker-mailserver/pull/3484), [#&#8203;3503](https://github.com/docker-mailserver/docker-mailserver/pull/3503))
    -   Add debug group to `packages.sh` ([#&#8203;3578](https://github.com/docker-mailserver/docker-mailserver/pull/3578))
-   **Tests:**
    -   Additional linting check for BASH syntax ([#&#8203;3369](https://github.com/docker-mailserver/docker-mailserver/pull/3369))

##### Updates

-   **Misc:**
    -   Changed `setup config dkim` default key size to `2048` (`open-dkim`) ([#&#8203;3508](https://github.com/docker-mailserver/docker-mailserver/pull/3508))
-   **Postfix:**
    -   Dropped special bits from `maildrop/` and `public/` directory permissions ([#&#8203;3625](https://github.com/docker-mailserver/docker-mailserver/pull/3625))
-   **Rspamd:**
    -   Adjusted learning of ham ([#&#8203;3334](https://github.com/docker-mailserver/docker-mailserver/pull/3334))
    -   Adjusted `antivirus.conf` ([#&#8203;3331](https://github.com/docker-mailserver/docker-mailserver/pull/3331))
    -   `logrotate` setup + Rspamd log path + tests log helper fallback path ([#&#8203;3576](https://github.com/docker-mailserver/docker-mailserver/pull/3576))
    -   Setup during container startup is now more resilient ([#&#8203;3578](https://github.com/docker-mailserver/docker-mailserver/pull/3578))
    -   Changed DKIM default config location ([#&#8203;3597](https://github.com/docker-mailserver/docker-mailserver/pull/3597))
    -   Removed the symlink for the `override.d/` directory in favor of using `cp`, integrated into the changedetector service, , added a `--force` option for the Rspamd DKIM management, and provided a dedicated helper script for common ENV variables ([#&#8203;3599](https://github.com/docker-mailserver/docker-mailserver/pull/3599))
    -   Required permissions are now verified for DKIM private key files ([#&#8203;3627](https://github.com/docker-mailserver/docker-mailserver/pull/3627))
-   **Documentation:**
    -   Documentation aligned to Compose v2 conventions, `docker-compose` command changed to `docker compose`, `docker-compose.yaml` to `compose.yaml` ([#&#8203;3295](https://github.com/docker-mailserver/docker-mailserver/pull/3295))
    -   Restored missing edit button ([#&#8203;3338](https://github.com/docker-mailserver/docker-mailserver/pull/3338))
    -   Complete rewrite of the IPv6 page ([#&#8203;3244](https://github.com/docker-mailserver/docker-mailserver/pull/3244), [#&#8203;3531](https://github.com/docker-mailserver/docker-mailserver/pull/3531))
    -   Complete rewrite of the "Update and Cleanup" maintenance page ([#&#8203;3539](https://github.com/docker-mailserver/docker-mailserver/pull/3539), [#&#8203;3583](https://github.com/docker-mailserver/docker-mailserver/pull/3583))
    -   Improved debugging page advice on working with logs ([#&#8203;3626](https://github.com/docker-mailserver/docker-mailserver/pull/3626), [#&#8203;3640](https://github.com/docker-mailserver/docker-mailserver/pull/3640))
    -   Clarified the default for ENV `FETCHMAIL_PARALLEL` ([#&#8203;3603](https://github.com/docker-mailserver/docker-mailserver/pull/3603))
    -   Removed port 25 from FAQ entry for mail client ports supporting authenticated submission ([#&#8203;3496](https://github.com/docker-mailserver/docker-mailserver/pull/3496))
    -   Updated home path in docs for Dovecot Sieve ([#&#8203;3370](https://github.com/docker-mailserver/docker-mailserver/pull/3370), [#&#8203;3650](https://github.com/docker-mailserver/docker-mailserver/pull/3650))
    -   Fixed path to `rspamd.log` ([#&#8203;3585](https://github.com/docker-mailserver/docker-mailserver/pull/3585))
    -   "Optional Config" page now uses consistent lowercase convention for directory names ([#&#8203;3629](https://github.com/docker-mailserver/docker-mailserver/pull/3629))
    -   `CONTRIBUTORS.md`: Removed redundant "All Contributors" section ([#&#8203;3638](https://github.com/docker-mailserver/docker-mailserver/pull/3638))
-   **Internal:**
    -   LDAP config improvements (Removed implicit `ldap://` LDAP URI scheme fallback) ([#&#8203;3522](https://github.com/docker-mailserver/docker-mailserver/pull/3522))
    -   Changed style conventions for internal scripts ([#&#8203;3361](https://github.com/docker-mailserver/docker-mailserver/pull/3361), [#&#8203;3364](https://github.com/docker-mailserver/docker-mailserver/pull/3364), [#&#8203;3365](https://github.com/docker-mailserver/docker-mailserver/pull/3365), [#&#8203;3366](https://github.com/docker-mailserver/docker-mailserver/pull/3366), [#&#8203;3368](https://github.com/docker-mailserver/docker-mailserver/pull/3368), [#&#8203;3464](https://github.com/docker-mailserver/docker-mailserver/pull/3464))
-   **CI / Automation:**
    -   `.gitattributes` now ensures files are committed with `eol=lf` ([#&#8203;3527](https://github.com/docker-mailserver/docker-mailserver/pull/3527))
    -   Revised the GitHub issue bug report template ([#&#8203;3317](https://github.com/docker-mailserver/docker-mailserver/pull/3317), [#&#8203;3381](https://github.com/docker-mailserver/docker-mailserver/pull/3381), [#&#8203;3435](https://github.com/docker-mailserver/docker-mailserver/pull/3435))
    -   Clarified that the issue tracker is not for personal support ([#&#8203;3498](https://github.com/docker-mailserver/docker-mailserver/pull/3498), [#&#8203;3502](https://github.com/docker-mailserver/docker-mailserver/pull/3502))
    -   Bumped versions of miscellaneous software (also shoutout to [@&#8203;dependabot](https://github.com/dependabot)) ([#&#8203;3371](https://github.com/docker-mailserver/docker-mailserver/pull/3371), [#&#8203;3584](https://github.com/docker-mailserver/docker-mailserver/pull/3584), [#&#8203;3504](https://github.com/docker-mailserver/docker-mailserver/pull/3504), [#&#8203;3516](https://github.com/docker-mailserver/docker-mailserver/pull/3516))
-   **Tests:**
    -   Refactored LDAP tests to current conventions ([#&#8203;3483](https://github.com/docker-mailserver/docker-mailserver/pull/3483))
    -   Changed OpenLDAP image to `bitnami/openldap` ([#&#8203;3494](https://github.com/docker-mailserver/docker-mailserver/pull/3494))
    -   Revised LDAP config + setup ([#&#8203;3514](https://github.com/docker-mailserver/docker-mailserver/pull/3514))
    -   Added tests for the helper function `_add_to_or_update_postfix_main()` ([#&#8203;3505](https://github.com/docker-mailserver/docker-mailserver/pull/3505))
    -   EditorConfig Checker lint now uses a mount path to `/check` instead of `/ci` ([#&#8203;3655](https://github.com/docker-mailserver/docker-mailserver/pull/3655))

##### Fixed

-   **Security:**
    -   Fixed issue with concatenating `$dmarc_milter` and `$dkim_milter` in `main.cf` ([#&#8203;3380](https://github.com/docker-mailserver/docker-mailserver/pull/3380))
    -   Fixed Rspamd DKIM signing for inbound emails ([#&#8203;3439](https://github.com/docker-mailserver/docker-mailserver/pull/3439), [#&#8203;3453](https://github.com/docker-mailserver/docker-mailserver/pull/3453))
    -   OpenDKIM key generation is no longer broken when Rspamd is also enabled ([#&#8203;3535](https://github.com/docker-mailserver/docker-mailserver/pull/3535))
-   **Internal:**
    -   The "database" files (*for managing users and aliases*) now correctly filters within lookup query ([#&#8203;3359](https://github.com/docker-mailserver/docker-mailserver/pull/3359))
    -   `_setup_spam_to_junk()` no longer registered when `SMTP_ONLY=1` ([#&#8203;3385](https://github.com/docker-mailserver/docker-mailserver/pull/3385))
    -   Dovecot `fts_xapian` is now compiled from source to match the Dovecot package ABI ([#&#8203;3373](https://github.com/docker-mailserver/docker-mailserver/pull/3373))
-   **CI:**
    -   Scheduled build now have the correct permissions to run successfully ([#&#8203;3345](https://github.com/docker-mailserver/docker-mailserver/pull/3345))
-   **Documentation:**
    -   Miscellaneous spelling and wording improvements ([#&#8203;3324](https://github.com/docker-mailserver/docker-mailserver/pull/3324), [#&#8203;3330](https://github.com/docker-mailserver/docker-mailserver/pull/3330), [#&#8203;3337](https://github.com/docker-mailserver/docker-mailserver/pull/3337), [#&#8203;3339](https://github.com/docker-mailserver/docker-mailserver/pull/3339), [#&#8203;3344](https://github.com/docker-mailserver/docker-mailserver/pull/3344), [#&#8203;3367](https://github.com/docker-mailserver/docker-mailserver/pull/3367), [#&#8203;3411](https://github.com/docker-mailserver/docker-mailserver/pull/3411), [#&#8203;3443](https://github.com/docker-mailserver/docker-mailserver/pull/3443))
-   **Tests:**
    -   Run `pgrep` within the actual container ([#&#8203;3553](https://github.com/docker-mailserver/docker-mailserver/pull/3553))
    -   `lmtp_ip.bats` improved partial failure output ([#&#8203;3552](https://github.com/docker-mailserver/docker-mailserver/pull/3552))
    -   Improvements to LDIF test data ([#&#8203;3506](https://github.com/docker-mailserver/docker-mailserver/pull/3506))
    -   Normalized for `.gitattributes` + improved `eclint` coverage ([#&#8203;3566](https://github.com/docker-mailserver/docker-mailserver/pull/3566))
    -   Fixed ShellCheck linting for BATS tests ([#&#8203;3347](https://github.com/docker-mailserver/docker-mailserver/pull/3347))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4wLjEiLCJ1cGRhdGVkSW5WZXIiOiIzNy4wLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=-->

Reviewed-on: carsten/container-server#8
Co-authored-by: Renovate Bot <renovate@git.csprung.de>
Co-committed-by: Renovate Bot <renovate@git.csprung.de>
2023-11-27 17:18:07 +01:00
900b1c61e9 services: single common config for fail2ban 2023-09-20 20:56:20 +02:00
d96dab07b8 General deployment (#1)
General deployment done

Reviewed-on: carsten/container-server#1
2023-09-13 22:33:47 +02:00
ab91831dd3 skip ldap 2022-12-22 18:11:48 +01:00
f73d26c675 authentik with ldap mail connection 2022-12-17 19:20:46 +01:00
99b7c5e15a roundcube: working config with carddav + managesieve 2022-12-11 00:10:46 +01:00
43955ad352 mail-server (#2)
mailserver added
proxy log transformer added
manage enabled services via text file instead of renaming docker-compose files
2022-12-10 17:16:50 +00:00
ecfbce28d3 setup-docs (#1)
- Add documentation about host setup
- Refactor task files
- Improve documentation

Reviewed-on: carsten/docker-server#1
2022-11-13 00:10:26 +00:00