Commit graph

10 commits

Author SHA1 Message Date
529e754d91 services(mail): Update env variable name 2024-06-13 15:24:16 +02:00
c7af8f6975 chore(deps): update mailserver/docker-mailserver docker tag to v14 (#47)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [mailserver/docker-mailserver](https://github.com/docker-mailserver) ([source](https://github.com/docker-mailserver/docker-mailserver)) | major | `13` -> `14` |

---

### Release Notes

<details>
<summary>docker-mailserver/docker-mailserver (mailserver/docker-mailserver)</summary>

### [`v14`](https://github.com/docker-mailserver/docker-mailserver/blob/HEAD/CHANGELOG.md#v1400)

The most noteworthy change of this release is the update of the container's base image from Debian 11 ("Bullseye") to Debian 12 ("Bookworm"). This update alone involves breaking changes and requires a careful update!

##### Breaking

-   **Updated base image to Debian 12** ([#&#8203;3403](https://github.com/docker-mailserver/docker-mailserver/pull/3403))
    -   Changed the default of `DOVECOT_COMMUNITY_REPO` to `0` (disabled) - the Dovecot community repo will (for now) not be the default when building the DMS.
        -   While Debian 12 (Bookworm) was released in June 2023 and the latest Dovecot `2.3.21` in Sep 2023, as of Jan 2024 there is no [Dovecot community repo available for Debian 12](https://repo.dovecot.org).
        -   This results in the Dovecot version being downgraded from `2.3.21` (DMS v13.3) to `2.3.19`, which [may affect functionality when you've explicitly configured for these features](30cde20f63/NEWS (L1-L158)):
            -   OAuth2 (*mostly regarding JWT usage, or POST requests (`introspection_mode = post`) with `client_id` + `client_secret`*).
            -   Lua HTTP client (*DNS related*).
    -   Updated packages. For an overview, [we have a review comment on the PR that introduces Debian 12](https://github.com/docker-mailserver/docker-mailserver/pull/3403#issuecomment-1694563615)
        -   Notable major version bump: `openssl 3`, `clamav 1`, `spamassassin 4`, `redis-server 7`.
        -   Notable minor version bump: `postfix 3.5.23 => 3.7.9`
        -   Notable minor version bump + downgrade: `dovecot 2.3.13 => 2.3.19` (*Previous release provided `2.3.21` via community repo, `2.3.19` is now the default*)
    -   Updates to `packages.sh`:
        -   Removed custom installations of Fail2Ban, getmail6 and Rspamd
        -   Updated packages lists and added comments for maintainability
-   OpenDMARC upgrade: `v1.4.0` => `v1.4.2` ([#&#8203;3841](https://github.com/docker-mailserver/docker-mailserver/pull/3841))
    -   Previous versions of OpenDMARC would place incoming mail from domains announcing `p=quarantaine` (*that fail the DMARC check*) into the [Postfix "hold" queue](https://www.postfix.org/QSHAPE_README.html#hold_queue) until administrative intervention.
    -   [OpenDMARC v1.4.2 has disabled that feature by default](https://github.com/trusteddomainproject/OpenDMARC/issues/105), but it can be enabled again by adding the setting `HoldQuarantinedMessages true` to [`/etc/opendmarc.conf`](https://github.com/docker-mailserver/docker-mailserver/blob/v13.3.1/target/opendmarc/opendmarc.conf) (*provided from DMS*).
        -   [Our `user-patches.sh` feature](https://docker-mailserver.github.io/docker-mailserver/latest/config/advanced/override-defaults/user-patches/) provides a convenient approach to updating that config file.
        -   Please let us know if you disagree with the upstream default being carried with DMS, or the value of providing alternative configuration support within DMS.
-   **Postfix:**
    -   Postfix upgrade from 3.5 to 3.7 ([#&#8203;3403](https://github.com/docker-mailserver/docker-mailserver/pull/3403))
        -   `compatibility_level` was raised from `2` to `3.6`
        -   Postfix has deprecated the usage of `whitelist` / `blacklist` in config parameters and logging in favor of `allowlist` / `denylist` and similar variations. ([#&#8203;3403](https://github.com/docker-mailserver/docker-mailserver/pull/3403/files#r1306356328))
            -   This [may affect monitoring / analysis of logs output from Postfix](https://www.postfix.org/COMPATIBILITY_README.html#respectful_logging) that expects to match patterns on the prior terminology used.
            -   DMS `main.cf` has renamed `postscreen_dnsbl_whitelist_threshold` to `postscreen_dnsbl_allowlist_threshold` as part of this change.
        -   `smtpd_relay_restrictions` (relay policy) is now evaluated after `smtpd_recipient_restrictions` (spam policy). Previously it was evaluated before `smtpd_recipient_restrictions`. Mail to be relayed via DMS must now pass through the spam policy first.
        -   The TLS fingerprint policy has changed the default from MD5 to SHA256 (*DMS does not modify this Postfix parameter, but may affect any user customizations that do*).
-   **Dovecot**
    -   The "Junk" mailbox (folder) is now referenced by it's [special-use flag `\Junk`](https://docker-mailserver.github.io/docker-mailserver/v13.3/examples/use-cases/imap-folders/) instead of an explicit mailbox. ([#&#8203;3925](https://github.com/docker-mailserver/docker-mailserver/pull/3925))
        -   This provides compatibility for the Junk mailbox when it's folder name differs (*eg: Renamed to "Spam"*).
        -   Potential breakage if your deployment modifies our `spam_to_junk.sieve` sieve script (*which is created during container startup when ENV `MOVE_SPAM_TO_JUNK=1`*) that handles storing spam mail into a users "Junk" mailbox folder.
    -   **Removed support for Solr integration:** ([#&#8203;4025](https://github.com/docker-mailserver/docker-mailserver/pull/4025))
        -   This was a community contributed feature for FTS (Full Text Search), the docs advise using an image that has not been maintained for over 2 years and lacks ARM64 support. Based on user engagement over the years this feature has very niche value to continue to support, thus is being removed.
        -   If you use Solr, support can be restored if you're willing to contribute docs for the feature that resolves the concerns raised
-   **Log**:
    -   The format of DMS specific logs (*from our scripts, not running services*) has been changed. The new format is `<RFC 3339 TIMESTAMP> <LOG LEVEL> <LOG EVENT SRC>: <MESSAGE>` ([#&#8203;4035](https://github.com/docker-mailserver/docker-mailserver/pull/4035))
-   **rsyslog:**
    -   Debian 12 adjusted the `rsyslog` configuration for the default file template from `RSYSLOG_TraditionalFileFormat` to `RSYSLOG_FileFormat` (*upstream default since 2012*). This change may affect you if you have any monitoring / analysis of log output (*eg: `mail.log` / `docker logs`*).
        -   The two formats are roughly equivalent to [RFC 3164](https://www.rfc-editor.org/rfc/rfc3164)) and [RFC 5424](https://datatracker.ietf.org/doc/html/rfc5424#section-1) respectively.
        -   A notable difference is the change to [RFC 3339](https://www.rfc-editor.org/rfc/rfc3339.html#appendix-A) timestamps (*a strict subset of ISO 8601*). The [previous non-standardized timestamp format was defined in RFC 3164](https://www.rfc-editor.org/rfc/rfc3164.html#section-4.1.2) as `Mmm dd hh:mm:ss`.
        -   To revert this change you can add `sedfile -i '1i module(load="builtin:omfile" template="RSYSLOG_TraditionalFileFormat")' /etc/rsyslog.conf` via [our `user-patches.sh` feature](https://docker-mailserver.github.io/docker-mailserver/v14.0/config/advanced/override-defaults/user-patches/).
    -   Rsyslog now creates fewer log files:
        -   The files `/var/log/mail/mail.{info,warn,err}` are no longer created. These files represented `/var/log/mail.log` filtered into separate priority levels. As `/var/log/mail.log` contains all mail related messages, these files (*and their rotated counterparts*) can be deleted safely.
        -   `/var/log/messages`, `/var/log/debug` and several other log files not relevant to DMS were configured by default by Debian previously. These are not part of the `/var/log/mail/` volume mount, so should not impact anyone.
-   **Features:**
    -   The relay host feature was refactored ([#&#8203;3845](https://github.com/docker-mailserver/docker-mailserver/pull/3845))
        -   The only breaking change this should introduce is with the Change Detection service (`check-for-changes.sh`).
        -   When credentials are configured for relays, change events that trigger the relayhost logic now reapply the relevant Postfix settings:
            -   `smtp_sasl_auth_enable = yes` (*SASL auth to outbound MTA connections is enabled*)
            -   `smtp_sasl_security_options = noanonymous` (*credentials are mandatory for outbound mail delivery*)
            -   `smtp_tls_security_level = encrypt` (*the outbound MTA connection must always be secure due to credentials sent*)
-   **Environment Variables**:
    -   `SA_SPAM_SUBJECT` has been renamed into `SPAM_SUBJECT` to become anti-spam service agnostic. ([#&#8203;3820](https://github.com/docker-mailserver/docker-mailserver/pull/3820))
        -   As this functionality is now handled in Dovecot via a Sieve script instead of the respective anti-spam service during Postfix processing, this feature will only apply to mail stored in Dovecot. If you have relied on this feature in a different context, it will no longer be available.
        -   Rspamd previously handled this functionality via the `rewrite_subject` action which as now been disabled by default in favor of the new approach with `SPAM_SUBJECT`.
        -   `SA_SPAM_SUBJECT` is now deprecated and will log a warning if used. The value is copied as a fallback to `SPAM_SUBJECT`.
        -   The default has changed to not prepend any prefix to the subject unless configured to do so. If you relied on the implicit prefix, you will now need to provide one explicitly.
        -   `undef` was previously supported as an opt-out with `SA_SPAM_SUBJECT`. This is no longer valid, the equivalent opt-out value is now an empty value (*or rather the omission of this ENV being configured*).
        -   The feature to include [`_SCORE_` tag](https://spamassassin.apache.org/full/4.0.x/doc/Mail_SpamAssassin_Conf.html#rewrite_header-subject-from-to-STRING) in your value to be replaced by the associated spam score is no longer available.
-   **Supervisord**:
    -   `supervisor-app.conf` renamed to `dms-services.conf`
-   **Rspamd**:
    -   the Redis history key has been changed in order to not incorporate the hostname of the container (which is desirable in Kubernetes environments) ([#&#8203;3927](https://github.com/docker-mailserver/docker-mailserver/pull/3927))
-   **Account Management**
    -   addresses (accounts) are now normalized to lowercase automatically and a warning is logged in case uppercase letters are supplied

##### Added

-   **Docs:**
    -   A guide for configuring a public server to relay inbound and outbound mail from DMS on a private server ([#&#8203;3973](https://github.com/docker-mailserver/docker-mailserver/pull/3973))

-   **Environment Variables:**
    -   `LOGROTATE_COUNT` defines the number of files kept by logrotate ([#&#8203;3907](https://github.com/docker-mailserver/docker-mailserver/pull/3907))
        -   The fail2ban log file is now also taken into account by `LOGROTATE_COUNT` and `LOGROTATE_INTERVAL` ([#&#8203;3915](https://github.com/docker-mailserver/docker-mailserver/pull/3915), [#&#8203;3919](https://github.com/docker-mailserver/docker-mailserver/pull/3919))

-   **Internal:**
    -   Regular container restarts are now better supported. Setup scripts that ran previously will now be skipped ([#&#8203;3929](https://github.com/docker-mailserver/docker-mailserver/pull/3929))

##### Updates

-   **Environment Variables:**
    -   `ONE_DIR` has been removed (legacy ENV) ([#&#8203;3840](https://github.com/docker-mailserver/docker-mailserver/pull/3840))
        -   It's only functionality remaining was to opt-out of run-time state consolidation with `ONE_DIR=0` (*when a volume was already mounted to `/var/mail-state`*).
-   **Internal:**
    -   Changed the Postgrey whitelist retrieved during build to  [source directly from Github](https://github.com/schweikert/postgrey/blob/master/postgrey_whitelist_clients) as the list is updated more frequently than the [author publishes at their website](https://postgrey.schweikert.ch) ([#&#8203;3879](https://github.com/docker-mailserver/docker-mailserver/pull/3879))
    -   Enable spamassassin only, when amavis is enabled too. ([#&#8203;3943](https://github.com/docker-mailserver/docker-mailserver/pull/3943))
-   **Tests:**
    -   Refactored helper methods for sending e-mails with specific `Message-ID` headers and the helpers for retrieving + filtering logs, which together help isolate logs relevant to specific mail when multiple mails have been processed within a single test. ([#&#8203;3786](https://github.com/docker-mailserver/docker-mailserver/pull/3786))
-   **Rspamd**:
    -   The `rewrite_subject` action, is now disabled by default. It has been replaced with the new `SPAM_SUBJECT` environment variable, which implements the functionality via a Sieve script instead which is anti-spam service agnostic ([#&#8203;3820](https://github.com/docker-mailserver/docker-mailserver/pull/3820))
    -   `RSPAMD_NEURAL` was added and is disabled by default. If switched on it will enable the experimental Rspamd "Neural network" module to add a layer of analysis to spam detection ([#&#8203;3833](https://github.com/docker-mailserver/docker-mailserver/pull/3833))
    -   The symbol weights of SPF, DKIM and DMARC have been adjusted again. Fixes a bug and includes more appropriate combinations of symbols ([#&#8203;3913](https://github.com/docker-mailserver/docker-mailserver/pull/3913), [#&#8203;3923](https://github.com/docker-mailserver/docker-mailserver/pull/3923))
-   **Dovecot:**
    -   `logwatch` now filters out non-error logs related to the status of the `index-worker` process for FTS indexing. ([#&#8203;4012](https://github.com/docker-mailserver/docker-mailserver/pull/4012))
    -   updated FTS Xapian from version 1.5.5 to 1.7.12

##### Fixes

-   DMS config:
    -   Files that are parsed line by line are now more robust to parse by detecting and fixing line-endings ([#&#8203;3819](https://github.com/docker-mailserver/docker-mailserver/pull/3819))
    -   The override config `postfix-main.cf` now retains custom parameters intended for use with `postfix-master.cf` ([#&#8203;3880](https://github.com/docker-mailserver/docker-mailserver/pull/3880))
-   Variables related to Rspamd are declared as `readonly`, which would cause warnings in the log when being re-declared; we now guard against this issue ([#&#8203;3837](https://github.com/docker-mailserver/docker-mailserver/pull/3837))
-   Relay host feature refactored ([#&#8203;3845](https://github.com/docker-mailserver/docker-mailserver/pull/3845))
    -   `DEFAULT_RELAY_HOST` ENV can now also use the `RELAY_USER` + `RELAY_PASSWORD` ENV for supplying credentials.
    -   `RELAY_HOST` ENV no longer enforces configuring outbound SMTP to require credentials. Like `DEFAULT_RELAY_HOST` it can now configure a relay where credentials are optional.
    -   Restarting DMS should not be required when configuring relay hosts without these ENV, but solely via `setup relay ...`, as change detection events now apply relevant Postfix setting changes for supporting credentials too.
-   Rspamd configuration: Add a missing comma in `local_networks` so that all internal IP addresses are actually considered as internal ([#&#8203;3862](https://github.com/docker-mailserver/docker-mailserver/pull/3862))
-   Ensure correct SELinux security context labels for files and directories moved to the mail-state volume during setup ([#&#8203;3890](https://github.com/docker-mailserver/docker-mailserver/pull/3890))
-   Use correct environment variable for fetchmail ([#&#8203;3901](https://github.com/docker-mailserver/docker-mailserver/pull/3901))
-   When using `ENABLE_GETMAIL=1` the undocumented internal location `/var/lib/getmail/` usage has been removed. Only the config volume `/tmp/docker-mailserver/getmail/` location is supported when Getmail has not been configured to deliver mail to Dovecot as advised in the DMS docs ([#&#8203;4018](https://github.com/docker-mailserver/docker-mailserver/pull/4018))
-   Dovecot dummy accounts (*virtual alias workaround for dovecot feature `ENABLE_QUOTAS=1`*) now correctly matches the home location of the user for that alias ([#&#8203;3997](https://github.com/docker-mailserver/docker-mailserver/pull/3997))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zODUuMCIsInVwZGF0ZWRJblZlciI6IjM3LjM4NS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Reviewed-on: carsten/container-server#47
Co-authored-by: Renovate Bot <renovate@git.csprung.de>
Co-committed-by: Renovate Bot <renovate@git.csprung.de>
2024-06-13 14:51:07 +02:00
9c1291823e chore(deps): update mailserver/docker-mailserver docker tag to v13 (#8)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [mailserver/docker-mailserver](https://github.com/docker-mailserver/docker-mailserver) | major | `12` -> `13` |

---

### Release Notes

<details>
<summary>docker-mailserver/docker-mailserver (mailserver/docker-mailserver)</summary>

### [`v13`](https://github.com/docker-mailserver/docker-mailserver/blob/HEAD/CHANGELOG.md#v1300)

##### Breaking

-   **LDAP:**
    -   ENV `LDAP_SERVER_HOST`, `DOVECOT_URIS`, and `SASLAUTHD_LDAP_SERVER` will now log an error if the LDAP URI scheme is missing. Previously there was an implicit fallback to `ldap://` ([#&#8203;3522](https://github.com/docker-mailserver/docker-mailserver/pull/3522))
    -   `ENABLE_LDAP=1` is no longer supported, please use `ACCOUNT_PROVISIONER=LDAP` ([#&#8203;3507](https://github.com/docker-mailserver/docker-mailserver/pull/3507))
-   **Rspamd:**
    -   The deprecated path for the Rspamd custom commands file (`/tmp/docker-mailserver/rspamd-modules.conf`) now prevents successful startup. The correct path is `/tmp/docker-mailserver/rspamd/custom-commands.conf`.
-   **Dovecot:**
    -   Dovecot mail storage per account in `/var/mail` previously shared the same path for the accounts home directory ([#&#8203;3335](https://github.com/docker-mailserver/docker-mailserver/pull/3335))
        -   The home directory now is a subdirectory `home/`. This change better supports sieve scripts.
        -   **NOTE:** The change has not yet been implemented for `ACCOUNT_PROVISIONER=LDAP`.
-   **Postfix:**
    -   `/etc/postfix/master.cf` has renamed the "smtps" service to "submissions" ([#&#8203;3235](https://github.com/docker-mailserver/docker-mailserver/pull/3235))
        -   This is the modern `/etc/services` name for port 465, aligning with the similar "submission" port 587.
    -   Postfix now defaults to supporting DSNs (*[Delivery Status Notifications](https://github.com/docker-mailserver/docker-mailserver/pull/3572#issuecomment-1751880574)*) only for authenticated users (*via ports 465 + 587*). This is a security measure to reduce spammer abuse of your DMS instance as a backscatter source. ([#&#8203;3572](https://github.com/docker-mailserver/docker-mailserver/pull/3572))
        -   If you need to modify this change, please let us know by opening an issue / discussion.
        -   You can [opt out (*enable DSNs*) via the `postfix-main.cf` override support](https://docker-mailserver.github.io/docker-mailserver/v12.1/config/advanced/override-defaults/postfix/) using the contents: `smtpd_discard_ehlo_keywords =`.
        -   Likewise for authenticated users, the submission(s) ports (465 + 587) are configured internally via `master.cf` to keep DSNs enabled (*since authentication protects from abuse*).

            If necessary, DSNs for authenticated users can be disabled via the `postfix-master.cf` override with the following contents:

            ```cf
            submission/inet/smtpd_discard_ehlo_keywords=silent-discard,dsn
            submissions/inet/smtpd_discard_ehlo_keywords=silent-discard,dsn
            ```

##### Added

-   **Features:**
    -   `getmail` as an alternative to `fetchmail` ([#&#8203;2803](https://github.com/docker-mailserver/docker-mailserver/pull/2803))
    -   `setup` CLI - `setup fail2ban` gained a new `status <JAIL>` subcommand ([#&#8203;3455](https://github.com/docker-mailserver/docker-mailserver/pull/3455))
-   **Environment Variables:**
    -   `MARK_SPAM_AS_READ`. When set to `1`, marks incoming spam as "read" to avoid unwanted "new mail" notifications for junk mail ([#&#8203;3489](https://github.com/docker-mailserver/docker-mailserver/pull/3489))
    -   `DMS_VMAIL_UID` and `DMS_VMAIL_GID` allow changing the default ID values (`5000:5000`) for the Dovecot vmail user and group ([#&#8203;3550](https://github.com/docker-mailserver/docker-mailserver/pull/3550))
    -   `RSPAMD_CHECK_AUTHENTICATED` allows authenticated users to avoid additional security checks by Rspamd ([#&#8203;3440](https://github.com/docker-mailserver/docker-mailserver/pull/3440))
-   **Documentation:**
    -   Use-case examples / tutorials:
        -   iOS mail push support ([#&#8203;3513](https://github.com/docker-mailserver/docker-mailserver/pull/3513))
        -   Guide for setting up Dovecot Authentication via Lua ([#&#8203;3579](https://github.com/docker-mailserver/docker-mailserver/pull/3579))
        -   Guide for integrating with the Crowdsec service ([#&#8203;3651](https://github.com/docker-mailserver/docker-mailserver/pull/3651))
    -   Debugging page:
        -   New compatibility section ([#&#8203;3404](https://github.com/docker-mailserver/docker-mailserver/pull/3404))
        -   Now advises how to (re)start DMS correctly ([#&#8203;3654](https://github.com/docker-mailserver/docker-mailserver/pull/3654))
    -   Better communicate distinction between DMS FQDN and DMS mail accounts ([#&#8203;3372](https://github.com/docker-mailserver/docker-mailserver/pull/3372))
    -   Traefik example now includes `passthrough=true` on implicit ports ([#&#8203;3568](https://github.com/docker-mailserver/docker-mailserver/pull/3568))
    -   Rspamd docs have received a variety of revisions ([#&#8203;3318](https://github.com/docker-mailserver/docker-mailserver/pull/3318), [#&#8203;3325](https://github.com/docker-mailserver/docker-mailserver/pull/3325), [#&#8203;3329](https://github.com/docker-mailserver/docker-mailserver/pull/3329))
    -   IPv6 config examples with content tabs ([#&#8203;3436](https://github.com/docker-mailserver/docker-mailserver/pull/3436))
    -   Mention [internet.nl](https://internet.nl/test-mail/) as another testing service ([#&#8203;3445](https://github.com/docker-mailserver/docker-mailserver/pull/3445))
    -   `setup alias add ...` CLI help message now includes an example for aliasing to multiple recipients ([#&#8203;3600](https://github.com/docker-mailserver/docker-mailserver/pull/3600))
    -   `SPAMASSASSIN_SPAM_TO_INBOX=1`, now emits a debug log to raise awareness that `SA_KILL` will be ignored ([#&#8203;3360](https://github.com/docker-mailserver/docker-mailserver/pull/3360))
    -   `CLAMAV_MESSAGE_SIZE_LIMIT` now logs a warning when the value exceeds what ClamAV is capable of supporting (4GiB max scan size [#&#8203;3332](https://github.com/docker-mailserver/docker-mailserver/pull/3332), 2GiB max file size [#&#8203;3341](https://github.com/docker-mailserver/docker-mailserver/pull/3341))
    -   Added note to caution against changing `mydestination` in Postfix's `main.cf` ([#&#8203;3316](https://github.com/docker-mailserver/docker-mailserver/pull/3316))
-   **Internal:**
    -   Added a wrapper to update Postfix configuration safely ([#&#8203;3484](https://github.com/docker-mailserver/docker-mailserver/pull/3484), [#&#8203;3503](https://github.com/docker-mailserver/docker-mailserver/pull/3503))
    -   Add debug group to `packages.sh` ([#&#8203;3578](https://github.com/docker-mailserver/docker-mailserver/pull/3578))
-   **Tests:**
    -   Additional linting check for BASH syntax ([#&#8203;3369](https://github.com/docker-mailserver/docker-mailserver/pull/3369))

##### Updates

-   **Misc:**
    -   Changed `setup config dkim` default key size to `2048` (`open-dkim`) ([#&#8203;3508](https://github.com/docker-mailserver/docker-mailserver/pull/3508))
-   **Postfix:**
    -   Dropped special bits from `maildrop/` and `public/` directory permissions ([#&#8203;3625](https://github.com/docker-mailserver/docker-mailserver/pull/3625))
-   **Rspamd:**
    -   Adjusted learning of ham ([#&#8203;3334](https://github.com/docker-mailserver/docker-mailserver/pull/3334))
    -   Adjusted `antivirus.conf` ([#&#8203;3331](https://github.com/docker-mailserver/docker-mailserver/pull/3331))
    -   `logrotate` setup + Rspamd log path + tests log helper fallback path ([#&#8203;3576](https://github.com/docker-mailserver/docker-mailserver/pull/3576))
    -   Setup during container startup is now more resilient ([#&#8203;3578](https://github.com/docker-mailserver/docker-mailserver/pull/3578))
    -   Changed DKIM default config location ([#&#8203;3597](https://github.com/docker-mailserver/docker-mailserver/pull/3597))
    -   Removed the symlink for the `override.d/` directory in favor of using `cp`, integrated into the changedetector service, , added a `--force` option for the Rspamd DKIM management, and provided a dedicated helper script for common ENV variables ([#&#8203;3599](https://github.com/docker-mailserver/docker-mailserver/pull/3599))
    -   Required permissions are now verified for DKIM private key files ([#&#8203;3627](https://github.com/docker-mailserver/docker-mailserver/pull/3627))
-   **Documentation:**
    -   Documentation aligned to Compose v2 conventions, `docker-compose` command changed to `docker compose`, `docker-compose.yaml` to `compose.yaml` ([#&#8203;3295](https://github.com/docker-mailserver/docker-mailserver/pull/3295))
    -   Restored missing edit button ([#&#8203;3338](https://github.com/docker-mailserver/docker-mailserver/pull/3338))
    -   Complete rewrite of the IPv6 page ([#&#8203;3244](https://github.com/docker-mailserver/docker-mailserver/pull/3244), [#&#8203;3531](https://github.com/docker-mailserver/docker-mailserver/pull/3531))
    -   Complete rewrite of the "Update and Cleanup" maintenance page ([#&#8203;3539](https://github.com/docker-mailserver/docker-mailserver/pull/3539), [#&#8203;3583](https://github.com/docker-mailserver/docker-mailserver/pull/3583))
    -   Improved debugging page advice on working with logs ([#&#8203;3626](https://github.com/docker-mailserver/docker-mailserver/pull/3626), [#&#8203;3640](https://github.com/docker-mailserver/docker-mailserver/pull/3640))
    -   Clarified the default for ENV `FETCHMAIL_PARALLEL` ([#&#8203;3603](https://github.com/docker-mailserver/docker-mailserver/pull/3603))
    -   Removed port 25 from FAQ entry for mail client ports supporting authenticated submission ([#&#8203;3496](https://github.com/docker-mailserver/docker-mailserver/pull/3496))
    -   Updated home path in docs for Dovecot Sieve ([#&#8203;3370](https://github.com/docker-mailserver/docker-mailserver/pull/3370), [#&#8203;3650](https://github.com/docker-mailserver/docker-mailserver/pull/3650))
    -   Fixed path to `rspamd.log` ([#&#8203;3585](https://github.com/docker-mailserver/docker-mailserver/pull/3585))
    -   "Optional Config" page now uses consistent lowercase convention for directory names ([#&#8203;3629](https://github.com/docker-mailserver/docker-mailserver/pull/3629))
    -   `CONTRIBUTORS.md`: Removed redundant "All Contributors" section ([#&#8203;3638](https://github.com/docker-mailserver/docker-mailserver/pull/3638))
-   **Internal:**
    -   LDAP config improvements (Removed implicit `ldap://` LDAP URI scheme fallback) ([#&#8203;3522](https://github.com/docker-mailserver/docker-mailserver/pull/3522))
    -   Changed style conventions for internal scripts ([#&#8203;3361](https://github.com/docker-mailserver/docker-mailserver/pull/3361), [#&#8203;3364](https://github.com/docker-mailserver/docker-mailserver/pull/3364), [#&#8203;3365](https://github.com/docker-mailserver/docker-mailserver/pull/3365), [#&#8203;3366](https://github.com/docker-mailserver/docker-mailserver/pull/3366), [#&#8203;3368](https://github.com/docker-mailserver/docker-mailserver/pull/3368), [#&#8203;3464](https://github.com/docker-mailserver/docker-mailserver/pull/3464))
-   **CI / Automation:**
    -   `.gitattributes` now ensures files are committed with `eol=lf` ([#&#8203;3527](https://github.com/docker-mailserver/docker-mailserver/pull/3527))
    -   Revised the GitHub issue bug report template ([#&#8203;3317](https://github.com/docker-mailserver/docker-mailserver/pull/3317), [#&#8203;3381](https://github.com/docker-mailserver/docker-mailserver/pull/3381), [#&#8203;3435](https://github.com/docker-mailserver/docker-mailserver/pull/3435))
    -   Clarified that the issue tracker is not for personal support ([#&#8203;3498](https://github.com/docker-mailserver/docker-mailserver/pull/3498), [#&#8203;3502](https://github.com/docker-mailserver/docker-mailserver/pull/3502))
    -   Bumped versions of miscellaneous software (also shoutout to [@&#8203;dependabot](https://github.com/dependabot)) ([#&#8203;3371](https://github.com/docker-mailserver/docker-mailserver/pull/3371), [#&#8203;3584](https://github.com/docker-mailserver/docker-mailserver/pull/3584), [#&#8203;3504](https://github.com/docker-mailserver/docker-mailserver/pull/3504), [#&#8203;3516](https://github.com/docker-mailserver/docker-mailserver/pull/3516))
-   **Tests:**
    -   Refactored LDAP tests to current conventions ([#&#8203;3483](https://github.com/docker-mailserver/docker-mailserver/pull/3483))
    -   Changed OpenLDAP image to `bitnami/openldap` ([#&#8203;3494](https://github.com/docker-mailserver/docker-mailserver/pull/3494))
    -   Revised LDAP config + setup ([#&#8203;3514](https://github.com/docker-mailserver/docker-mailserver/pull/3514))
    -   Added tests for the helper function `_add_to_or_update_postfix_main()` ([#&#8203;3505](https://github.com/docker-mailserver/docker-mailserver/pull/3505))
    -   EditorConfig Checker lint now uses a mount path to `/check` instead of `/ci` ([#&#8203;3655](https://github.com/docker-mailserver/docker-mailserver/pull/3655))

##### Fixed

-   **Security:**
    -   Fixed issue with concatenating `$dmarc_milter` and `$dkim_milter` in `main.cf` ([#&#8203;3380](https://github.com/docker-mailserver/docker-mailserver/pull/3380))
    -   Fixed Rspamd DKIM signing for inbound emails ([#&#8203;3439](https://github.com/docker-mailserver/docker-mailserver/pull/3439), [#&#8203;3453](https://github.com/docker-mailserver/docker-mailserver/pull/3453))
    -   OpenDKIM key generation is no longer broken when Rspamd is also enabled ([#&#8203;3535](https://github.com/docker-mailserver/docker-mailserver/pull/3535))
-   **Internal:**
    -   The "database" files (*for managing users and aliases*) now correctly filters within lookup query ([#&#8203;3359](https://github.com/docker-mailserver/docker-mailserver/pull/3359))
    -   `_setup_spam_to_junk()` no longer registered when `SMTP_ONLY=1` ([#&#8203;3385](https://github.com/docker-mailserver/docker-mailserver/pull/3385))
    -   Dovecot `fts_xapian` is now compiled from source to match the Dovecot package ABI ([#&#8203;3373](https://github.com/docker-mailserver/docker-mailserver/pull/3373))
-   **CI:**
    -   Scheduled build now have the correct permissions to run successfully ([#&#8203;3345](https://github.com/docker-mailserver/docker-mailserver/pull/3345))
-   **Documentation:**
    -   Miscellaneous spelling and wording improvements ([#&#8203;3324](https://github.com/docker-mailserver/docker-mailserver/pull/3324), [#&#8203;3330](https://github.com/docker-mailserver/docker-mailserver/pull/3330), [#&#8203;3337](https://github.com/docker-mailserver/docker-mailserver/pull/3337), [#&#8203;3339](https://github.com/docker-mailserver/docker-mailserver/pull/3339), [#&#8203;3344](https://github.com/docker-mailserver/docker-mailserver/pull/3344), [#&#8203;3367](https://github.com/docker-mailserver/docker-mailserver/pull/3367), [#&#8203;3411](https://github.com/docker-mailserver/docker-mailserver/pull/3411), [#&#8203;3443](https://github.com/docker-mailserver/docker-mailserver/pull/3443))
-   **Tests:**
    -   Run `pgrep` within the actual container ([#&#8203;3553](https://github.com/docker-mailserver/docker-mailserver/pull/3553))
    -   `lmtp_ip.bats` improved partial failure output ([#&#8203;3552](https://github.com/docker-mailserver/docker-mailserver/pull/3552))
    -   Improvements to LDIF test data ([#&#8203;3506](https://github.com/docker-mailserver/docker-mailserver/pull/3506))
    -   Normalized for `.gitattributes` + improved `eclint` coverage ([#&#8203;3566](https://github.com/docker-mailserver/docker-mailserver/pull/3566))
    -   Fixed ShellCheck linting for BATS tests ([#&#8203;3347](https://github.com/docker-mailserver/docker-mailserver/pull/3347))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4wLjEiLCJ1cGRhdGVkSW5WZXIiOiIzNy4wLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=-->

Reviewed-on: carsten/container-server#8
Co-authored-by: Renovate Bot <renovate@git.csprung.de>
Co-committed-by: Renovate Bot <renovate@git.csprung.de>
2023-11-27 17:18:07 +01:00
900b1c61e9 services: single common config for fail2ban 2023-09-20 20:56:20 +02:00
d96dab07b8 General deployment (#1)
General deployment done

Reviewed-on: carsten/container-server#1
2023-09-13 22:33:47 +02:00
ab91831dd3 skip ldap 2022-12-22 18:11:48 +01:00
f73d26c675 authentik with ldap mail connection 2022-12-17 19:20:46 +01:00
99b7c5e15a roundcube: working config with carddav + managesieve 2022-12-11 00:10:46 +01:00
43955ad352 mail-server (#2)
mailserver added
proxy log transformer added
manage enabled services via text file instead of renaming docker-compose files
2022-12-10 17:16:50 +00:00
ecfbce28d3 setup-docs (#1)
- Add documentation about host setup
- Refactor task files
- Improve documentation

Reviewed-on: carsten/docker-server#1
2022-11-13 00:10:26 +00:00