General deployment #1

Merged
carsten merged 18 commits from deploy into main 2023-09-13 22:33:47 +02:00
4 changed files with 132 additions and 4 deletions
Showing only changes of commit ecd6405e5f - Show all commits

View file

@ -0,0 +1,98 @@
##
## Mailbox definitions
##
# Each mailbox is specified in a separate mailbox section. The section name
# specifies the mailbox name. If it has spaces, you can put the name
# "in quotes". These sections can contain the following mailbox settings:
#
# auto:
# Indicates whether the mailbox with this name is automatically created
# implicitly when it is first accessed. The user can also be automatically
# subscribed to the mailbox after creation. The following values are
# defined for this setting:
#
# no - Never created automatically.
# create - Automatically created, but no automatic subscription.
# subscribe - Automatically created and subscribed.
#
# special_use:
# A space-separated list of SPECIAL-USE flags (RFC 6154) to use for the
# mailbox. There are no validity checks, so you could specify anything
# you want in here, but it's not a good idea to use flags other than the
# standard ones specified in the RFC:
#
# \All - This (virtual) mailbox presents all messages in the
# user's message store.
# \Archive - This mailbox is used to archive messages.
# \Drafts - This mailbox is used to hold draft messages.
# \Flagged - This (virtual) mailbox presents all messages in the
# user's message store marked with the IMAP \Flagged flag.
# \Important - This (virtual) mailbox presents all messages in the
# user's message store deemed important to user.
# \Junk - This mailbox is where messages deemed to be junk mail
# are held.
# \Sent - This mailbox is used to hold copies of messages that
# have been sent.
# \Trash - This mailbox is used to hold messages that have been
# deleted.
#
# comment:
# Defines a default comment or note associated with the mailbox. This
# value is accessible through the IMAP METADATA mailbox entries
# "/shared/comment" and "/private/comment". Users with sufficient
# privileges can override the default value for entries with a custom
# value.
# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.
namespace inbox {
# These mailboxes are widely used and could perhaps be created automatically:
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
autoexpunge = 30d
}
mailbox Trash {
auto = subscribe
special_use = \Trash
autoexpunge = 60d
}
# For \Sent mailboxes there are two widely used names. We'll mark both of
# them as \Sent. User typically deletes one of them if duplicates are created.
mailbox Sent {
auto = subscribe
special_use = \Sent
}
#mailbox "Sent Messages" {
# special_use = \Sent
#}
#mailbox Archive {
# auto = subscribe
# special_use = \Archive
#}
# If you have a virtual "All messages" mailbox:
#mailbox virtual/All {
# special_use = \All
# comment = All my messages
#}
# If you have a virtual "Flagged" mailbox:
#mailbox virtual/Flagged {
# special_use = \Flagged
# comment = All my flagged messages
#}
# If you have a virtual "Important" mailbox:
#mailbox virtual/Important {
# special_use = \Important
# comment = All my important messages
#}
}

View file

@ -4,6 +4,10 @@ version: '3.7'
# https://docker-mailserver.github.io/docker-mailserver/edge/examples/tutorials/basic-installation/
# https://github.com/docker-mailserver/docker-mailserver
# https://github.com/docker-mailserver/docker-mailserver/blob/master/docs/content/config/advanced/mail-sieve.md
# https://docker-mailserver.github.io/docker-mailserver/latest/faq/#how-can-i-make-spamassassin-better-recognize-spam
# https://docker-mailserver.github.io/docker-mailserver/latest/examples/use-cases/imap-folders/#mailboxes-aka-imap-folders
# https://doc.dovecot.org/configuration_manual/namespace/#core_setting-namespace/mailbox/autoexpunge
# https://notes.sagredo.eu/en/qmail-notes-185/expunging-expired-junk-and-trash-emails-with-dovecot-124.html
# create account: task srv:mail-setup -- email add <user>@<domain>
@ -29,14 +33,23 @@ services:
# Beware creating an Open Relay: https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/#permit_docker
- PERMIT_DOCKER=connected-networks
- ONE_DIR=1
- ENABLE_AMAVIS=1
- ENABLE_POSTGREY=0
- ENABLE_CLAMAV=0
- ENABLE_SPAMASSASSIN=1
- ENABLE_MANAGESIEVE=1
- ENABLE_FAIL2BAN=1
- TZ=${TIMEZONE}
- POSTMASTER_ADDRESS=postmaster@${BASE_DOMAIN}
- SPAMASSASSIN_SPAM_TO_INBOX=1
- MOVE_SPAM_TO_JUNK=1
- SA_TAG=-10000.0 # set headers on all mails
- SA_TAG2=3.75 # above is considered spam
- SA_KILL=10000.0 # don't bounce/quarantine anything
- "SA_SPAM_SUBJECT=[SPAM] "
ports:
- "25:25" # SMTP (explicit TLS => STARTTLS)
- "143:143" # IMAP4 (explicit TLS => STARTTLS)
@ -47,7 +60,9 @@ services:
volumes:
# config
- ${BASE_DIR:-/srv}/mail/config:/tmp/docker-mailserver/
- ./mail/config/fail2ban-jail.cf:/tmp/docker-mailserver/fail2ban-jail.cf:ro
- ./mail/fail2ban-jail.cf:/tmp/docker-mailserver/fail2ban-jail.cf:ro
- ./mail/spamassassin-learn:/etc/cron.d/spamassassin-learn:ro
- ./mail/15-mailboxes.conf:/etc/dovecot/conf.d/15-mailboxes.conf:ro
# Mail data
- ${BASE_DIR:-/srv}/mail/mail-data:/var/mail/
- ${BASE_DIR:-/srv}/mail/mail-state:/var/mail-state/

View file

@ -1,11 +1,11 @@
[DEFAULT]
# "bantime" is the number of seconds that a host is banned.
bantime = 3d
bantime = 1w
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 15m
findtime = 30m
# "maxretry" is the number of failures before a host get banned.
maxretry = 5
@ -36,5 +36,5 @@ enabled = true
# To ban an IP address use: setup.sh fail2ban ban <IP>
[custom]
enabled = true
bantime = 30d
bantime = 90d
port = smtp,pop3,pop3s,imap,imaps,submission,submissions,sieve

View file

@ -0,0 +1,15 @@
# This assumes you're having `environment: ONE_DIR=1` in the env-mailserver,
# with a consolidated config in `/var/mail-state`
#
# '> /dev/null' to send error notifications from 'stderr' to 'postmaster@example.com'
#
# m h dom mon dow user command
# Everyday 3:00AM, learn spam from all users
# spam: junk directory
0 3 * * * root sa-learn --spam /var/mail/*/*/.Junk --dbpath /var/mail-state/lib-amavis/.spamassassin > /dev/null
# ham: archive directories
15 3 * * * root sa-learn --ham /var/mail/*/*/.Archive* --dbpath /var/mail-state/lib-amavis/.spamassassin > /dev/null
# ham: inbox subdirectories
30 3 * * * root sa-learn --ham /var/mail/*/*/cur* --dbpath /var/mail-state/lib-amavis/.spamassassin > /dev/null