Renovate Bot
9c1291823e
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [mailserver/docker-mailserver](https://github.com/docker-mailserver/docker-mailserver) | major | `12` -> `13` | --- ### Release Notes <details> <summary>docker-mailserver/docker-mailserver (mailserver/docker-mailserver)</summary> ### [`v13`](https://github.com/docker-mailserver/docker-mailserver/blob/HEAD/CHANGELOG.md#v1300) ##### Breaking - **LDAP:** - ENV `LDAP_SERVER_HOST`, `DOVECOT_URIS`, and `SASLAUTHD_LDAP_SERVER` will now log an error if the LDAP URI scheme is missing. Previously there was an implicit fallback to `ldap://` ([#​3522](https://github.com/docker-mailserver/docker-mailserver/pull/3522)) - `ENABLE_LDAP=1` is no longer supported, please use `ACCOUNT_PROVISIONER=LDAP` ([#​3507](https://github.com/docker-mailserver/docker-mailserver/pull/3507)) - **Rspamd:** - The deprecated path for the Rspamd custom commands file (`/tmp/docker-mailserver/rspamd-modules.conf`) now prevents successful startup. The correct path is `/tmp/docker-mailserver/rspamd/custom-commands.conf`. - **Dovecot:** - Dovecot mail storage per account in `/var/mail` previously shared the same path for the accounts home directory ([#​3335](https://github.com/docker-mailserver/docker-mailserver/pull/3335)) - The home directory now is a subdirectory `home/`. This change better supports sieve scripts. - **NOTE:** The change has not yet been implemented for `ACCOUNT_PROVISIONER=LDAP`. - **Postfix:** - `/etc/postfix/master.cf` has renamed the "smtps" service to "submissions" ([#​3235](https://github.com/docker-mailserver/docker-mailserver/pull/3235)) - This is the modern `/etc/services` name for port 465, aligning with the similar "submission" port 587. - Postfix now defaults to supporting DSNs (*[Delivery Status Notifications](https://github.com/docker-mailserver/docker-mailserver/pull/3572#issuecomment-1751880574)*) only for authenticated users (*via ports 465 + 587*). This is a security measure to reduce spammer abuse of your DMS instance as a backscatter source. ([#​3572](https://github.com/docker-mailserver/docker-mailserver/pull/3572)) - If you need to modify this change, please let us know by opening an issue / discussion. - You can [opt out (*enable DSNs*) via the `postfix-main.cf` override support](https://docker-mailserver.github.io/docker-mailserver/v12.1/config/advanced/override-defaults/postfix/) using the contents: `smtpd_discard_ehlo_keywords =`. - Likewise for authenticated users, the submission(s) ports (465 + 587) are configured internally via `master.cf` to keep DSNs enabled (*since authentication protects from abuse*). If necessary, DSNs for authenticated users can be disabled via the `postfix-master.cf` override with the following contents: ```cf submission/inet/smtpd_discard_ehlo_keywords=silent-discard,dsn submissions/inet/smtpd_discard_ehlo_keywords=silent-discard,dsn ``` ##### Added - **Features:** - `getmail` as an alternative to `fetchmail` ([#​2803](https://github.com/docker-mailserver/docker-mailserver/pull/2803)) - `setup` CLI - `setup fail2ban` gained a new `status <JAIL>` subcommand ([#​3455](https://github.com/docker-mailserver/docker-mailserver/pull/3455)) - **Environment Variables:** - `MARK_SPAM_AS_READ`. When set to `1`, marks incoming spam as "read" to avoid unwanted "new mail" notifications for junk mail ([#​3489](https://github.com/docker-mailserver/docker-mailserver/pull/3489)) - `DMS_VMAIL_UID` and `DMS_VMAIL_GID` allow changing the default ID values (`5000:5000`) for the Dovecot vmail user and group ([#​3550](https://github.com/docker-mailserver/docker-mailserver/pull/3550)) - `RSPAMD_CHECK_AUTHENTICATED` allows authenticated users to avoid additional security checks by Rspamd ([#​3440](https://github.com/docker-mailserver/docker-mailserver/pull/3440)) - **Documentation:** - Use-case examples / tutorials: - iOS mail push support ([#​3513](https://github.com/docker-mailserver/docker-mailserver/pull/3513)) - Guide for setting up Dovecot Authentication via Lua ([#​3579](https://github.com/docker-mailserver/docker-mailserver/pull/3579)) - Guide for integrating with the Crowdsec service ([#​3651](https://github.com/docker-mailserver/docker-mailserver/pull/3651)) - Debugging page: - New compatibility section ([#​3404](https://github.com/docker-mailserver/docker-mailserver/pull/3404)) - Now advises how to (re)start DMS correctly ([#​3654](https://github.com/docker-mailserver/docker-mailserver/pull/3654)) - Better communicate distinction between DMS FQDN and DMS mail accounts ([#​3372](https://github.com/docker-mailserver/docker-mailserver/pull/3372)) - Traefik example now includes `passthrough=true` on implicit ports ([#​3568](https://github.com/docker-mailserver/docker-mailserver/pull/3568)) - Rspamd docs have received a variety of revisions ([#​3318](https://github.com/docker-mailserver/docker-mailserver/pull/3318), [#​3325](https://github.com/docker-mailserver/docker-mailserver/pull/3325), [#​3329](https://github.com/docker-mailserver/docker-mailserver/pull/3329)) - IPv6 config examples with content tabs ([#​3436](https://github.com/docker-mailserver/docker-mailserver/pull/3436)) - Mention [internet.nl](https://internet.nl/test-mail/) as another testing service ([#​3445](https://github.com/docker-mailserver/docker-mailserver/pull/3445)) - `setup alias add ...` CLI help message now includes an example for aliasing to multiple recipients ([#​3600](https://github.com/docker-mailserver/docker-mailserver/pull/3600)) - `SPAMASSASSIN_SPAM_TO_INBOX=1`, now emits a debug log to raise awareness that `SA_KILL` will be ignored ([#​3360](https://github.com/docker-mailserver/docker-mailserver/pull/3360)) - `CLAMAV_MESSAGE_SIZE_LIMIT` now logs a warning when the value exceeds what ClamAV is capable of supporting (4GiB max scan size [#​3332](https://github.com/docker-mailserver/docker-mailserver/pull/3332), 2GiB max file size [#​3341](https://github.com/docker-mailserver/docker-mailserver/pull/3341)) - Added note to caution against changing `mydestination` in Postfix's `main.cf` ([#​3316](https://github.com/docker-mailserver/docker-mailserver/pull/3316)) - **Internal:** - Added a wrapper to update Postfix configuration safely ([#​3484](https://github.com/docker-mailserver/docker-mailserver/pull/3484), [#​3503](https://github.com/docker-mailserver/docker-mailserver/pull/3503)) - Add debug group to `packages.sh` ([#​3578](https://github.com/docker-mailserver/docker-mailserver/pull/3578)) - **Tests:** - Additional linting check for BASH syntax ([#​3369](https://github.com/docker-mailserver/docker-mailserver/pull/3369)) ##### Updates - **Misc:** - Changed `setup config dkim` default key size to `2048` (`open-dkim`) ([#​3508](https://github.com/docker-mailserver/docker-mailserver/pull/3508)) - **Postfix:** - Dropped special bits from `maildrop/` and `public/` directory permissions ([#​3625](https://github.com/docker-mailserver/docker-mailserver/pull/3625)) - **Rspamd:** - Adjusted learning of ham ([#​3334](https://github.com/docker-mailserver/docker-mailserver/pull/3334)) - Adjusted `antivirus.conf` ([#​3331](https://github.com/docker-mailserver/docker-mailserver/pull/3331)) - `logrotate` setup + Rspamd log path + tests log helper fallback path ([#​3576](https://github.com/docker-mailserver/docker-mailserver/pull/3576)) - Setup during container startup is now more resilient ([#​3578](https://github.com/docker-mailserver/docker-mailserver/pull/3578)) - Changed DKIM default config location ([#​3597](https://github.com/docker-mailserver/docker-mailserver/pull/3597)) - Removed the symlink for the `override.d/` directory in favor of using `cp`, integrated into the changedetector service, , added a `--force` option for the Rspamd DKIM management, and provided a dedicated helper script for common ENV variables ([#​3599](https://github.com/docker-mailserver/docker-mailserver/pull/3599)) - Required permissions are now verified for DKIM private key files ([#​3627](https://github.com/docker-mailserver/docker-mailserver/pull/3627)) - **Documentation:** - Documentation aligned to Compose v2 conventions, `docker-compose` command changed to `docker compose`, `docker-compose.yaml` to `compose.yaml` ([#​3295](https://github.com/docker-mailserver/docker-mailserver/pull/3295)) - Restored missing edit button ([#​3338](https://github.com/docker-mailserver/docker-mailserver/pull/3338)) - Complete rewrite of the IPv6 page ([#​3244](https://github.com/docker-mailserver/docker-mailserver/pull/3244), [#​3531](https://github.com/docker-mailserver/docker-mailserver/pull/3531)) - Complete rewrite of the "Update and Cleanup" maintenance page ([#​3539](https://github.com/docker-mailserver/docker-mailserver/pull/3539), [#​3583](https://github.com/docker-mailserver/docker-mailserver/pull/3583)) - Improved debugging page advice on working with logs ([#​3626](https://github.com/docker-mailserver/docker-mailserver/pull/3626), [#​3640](https://github.com/docker-mailserver/docker-mailserver/pull/3640)) - Clarified the default for ENV `FETCHMAIL_PARALLEL` ([#​3603](https://github.com/docker-mailserver/docker-mailserver/pull/3603)) - Removed port 25 from FAQ entry for mail client ports supporting authenticated submission ([#​3496](https://github.com/docker-mailserver/docker-mailserver/pull/3496)) - Updated home path in docs for Dovecot Sieve ([#​3370](https://github.com/docker-mailserver/docker-mailserver/pull/3370), [#​3650](https://github.com/docker-mailserver/docker-mailserver/pull/3650)) - Fixed path to `rspamd.log` ([#​3585](https://github.com/docker-mailserver/docker-mailserver/pull/3585)) - "Optional Config" page now uses consistent lowercase convention for directory names ([#​3629](https://github.com/docker-mailserver/docker-mailserver/pull/3629)) - `CONTRIBUTORS.md`: Removed redundant "All Contributors" section ([#​3638](https://github.com/docker-mailserver/docker-mailserver/pull/3638)) - **Internal:** - LDAP config improvements (Removed implicit `ldap://` LDAP URI scheme fallback) ([#​3522](https://github.com/docker-mailserver/docker-mailserver/pull/3522)) - Changed style conventions for internal scripts ([#​3361](https://github.com/docker-mailserver/docker-mailserver/pull/3361), [#​3364](https://github.com/docker-mailserver/docker-mailserver/pull/3364), [#​3365](https://github.com/docker-mailserver/docker-mailserver/pull/3365), [#​3366](https://github.com/docker-mailserver/docker-mailserver/pull/3366), [#​3368](https://github.com/docker-mailserver/docker-mailserver/pull/3368), [#​3464](https://github.com/docker-mailserver/docker-mailserver/pull/3464)) - **CI / Automation:** - `.gitattributes` now ensures files are committed with `eol=lf` ([#​3527](https://github.com/docker-mailserver/docker-mailserver/pull/3527)) - Revised the GitHub issue bug report template ([#​3317](https://github.com/docker-mailserver/docker-mailserver/pull/3317), [#​3381](https://github.com/docker-mailserver/docker-mailserver/pull/3381), [#​3435](https://github.com/docker-mailserver/docker-mailserver/pull/3435)) - Clarified that the issue tracker is not for personal support ([#​3498](https://github.com/docker-mailserver/docker-mailserver/pull/3498), [#​3502](https://github.com/docker-mailserver/docker-mailserver/pull/3502)) - Bumped versions of miscellaneous software (also shoutout to [@​dependabot](https://github.com/dependabot)) ([#​3371](https://github.com/docker-mailserver/docker-mailserver/pull/3371), [#​3584](https://github.com/docker-mailserver/docker-mailserver/pull/3584), [#​3504](https://github.com/docker-mailserver/docker-mailserver/pull/3504), [#​3516](https://github.com/docker-mailserver/docker-mailserver/pull/3516)) - **Tests:** - Refactored LDAP tests to current conventions ([#​3483](https://github.com/docker-mailserver/docker-mailserver/pull/3483)) - Changed OpenLDAP image to `bitnami/openldap` ([#​3494](https://github.com/docker-mailserver/docker-mailserver/pull/3494)) - Revised LDAP config + setup ([#​3514](https://github.com/docker-mailserver/docker-mailserver/pull/3514)) - Added tests for the helper function `_add_to_or_update_postfix_main()` ([#​3505](https://github.com/docker-mailserver/docker-mailserver/pull/3505)) - EditorConfig Checker lint now uses a mount path to `/check` instead of `/ci` ([#​3655](https://github.com/docker-mailserver/docker-mailserver/pull/3655)) ##### Fixed - **Security:** - Fixed issue with concatenating `$dmarc_milter` and `$dkim_milter` in `main.cf` ([#​3380](https://github.com/docker-mailserver/docker-mailserver/pull/3380)) - Fixed Rspamd DKIM signing for inbound emails ([#​3439](https://github.com/docker-mailserver/docker-mailserver/pull/3439), [#​3453](https://github.com/docker-mailserver/docker-mailserver/pull/3453)) - OpenDKIM key generation is no longer broken when Rspamd is also enabled ([#​3535](https://github.com/docker-mailserver/docker-mailserver/pull/3535)) - **Internal:** - The "database" files (*for managing users and aliases*) now correctly filters within lookup query ([#​3359](https://github.com/docker-mailserver/docker-mailserver/pull/3359)) - `_setup_spam_to_junk()` no longer registered when `SMTP_ONLY=1` ([#​3385](https://github.com/docker-mailserver/docker-mailserver/pull/3385)) - Dovecot `fts_xapian` is now compiled from source to match the Dovecot package ABI ([#​3373](https://github.com/docker-mailserver/docker-mailserver/pull/3373)) - **CI:** - Scheduled build now have the correct permissions to run successfully ([#​3345](https://github.com/docker-mailserver/docker-mailserver/pull/3345)) - **Documentation:** - Miscellaneous spelling and wording improvements ([#​3324](https://github.com/docker-mailserver/docker-mailserver/pull/3324), [#​3330](https://github.com/docker-mailserver/docker-mailserver/pull/3330), [#​3337](https://github.com/docker-mailserver/docker-mailserver/pull/3337), [#​3339](https://github.com/docker-mailserver/docker-mailserver/pull/3339), [#​3344](https://github.com/docker-mailserver/docker-mailserver/pull/3344), [#​3367](https://github.com/docker-mailserver/docker-mailserver/pull/3367), [#​3411](https://github.com/docker-mailserver/docker-mailserver/pull/3411), [#​3443](https://github.com/docker-mailserver/docker-mailserver/pull/3443)) - **Tests:** - Run `pgrep` within the actual container ([#​3553](https://github.com/docker-mailserver/docker-mailserver/pull/3553)) - `lmtp_ip.bats` improved partial failure output ([#​3552](https://github.com/docker-mailserver/docker-mailserver/pull/3552)) - Improvements to LDIF test data ([#​3506](https://github.com/docker-mailserver/docker-mailserver/pull/3506)) - Normalized for `.gitattributes` + improved `eclint` coverage ([#​3566](https://github.com/docker-mailserver/docker-mailserver/pull/3566)) - Fixed ShellCheck linting for BATS tests ([#​3347](https://github.com/docker-mailserver/docker-mailserver/pull/3347)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4wLjEiLCJ1cGRhdGVkSW5WZXIiOiIzNy4wLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=--> Reviewed-on: carsten/container-server#8 Co-authored-by: Renovate Bot <renovate@git.csprung.de> Co-committed-by: Renovate Bot <renovate@git.csprung.de>
75 lines
3.1 KiB
YAML
75 lines
3.1 KiB
YAML
version: '3.7'
|
|
|
|
# https://hub.docker.com/r/mailserver/docker-mailserver
|
|
# https://docker-mailserver.github.io/docker-mailserver/edge/examples/tutorials/basic-installation/
|
|
# https://github.com/docker-mailserver/docker-mailserver
|
|
# https://github.com/docker-mailserver/docker-mailserver/blob/master/docs/content/config/advanced/mail-sieve.md
|
|
# https://docker-mailserver.github.io/docker-mailserver/latest/faq/#how-can-i-make-spamassassin-better-recognize-spam
|
|
# https://docker-mailserver.github.io/docker-mailserver/latest/examples/use-cases/imap-folders/#mailboxes-aka-imap-folders
|
|
# https://doc.dovecot.org/configuration_manual/namespace/#core_setting-namespace/mailbox/autoexpunge
|
|
# https://notes.sagredo.eu/en/qmail-notes-185/expunging-expired-junk-and-trash-emails-with-dovecot-124.html
|
|
|
|
# create account: task srv:mail-setup -- email add <user>@<domain>
|
|
|
|
networks:
|
|
mail:
|
|
name: mail
|
|
|
|
services:
|
|
mail:
|
|
image: mailserver/docker-mailserver:13
|
|
container_name: mail
|
|
restart: "${RESTART:-no}"
|
|
hostname: post
|
|
domainname: ${BASE_DOMAIN}
|
|
cap_add:
|
|
- NET_ADMIN # For Fail2Ban to work
|
|
environment:
|
|
- SSL_TYPE=letsencrypt
|
|
# You may want to enable this: https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/#spoof_protection
|
|
# See step 8 below, which demonstrates setup with enabled/disabled SPOOF_PROTECTION:
|
|
- SPOOF_PROTECTION=0
|
|
# Allow sending emails from other docker containers
|
|
# Beware creating an Open Relay: https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/#permit_docker
|
|
- PERMIT_DOCKER=connected-networks
|
|
- ONE_DIR=1
|
|
|
|
- ENABLE_AMAVIS=1
|
|
- ENABLE_POSTGREY=0
|
|
- ENABLE_CLAMAV=0
|
|
- ENABLE_SPAMASSASSIN=1
|
|
- ENABLE_MANAGESIEVE=1
|
|
- ENABLE_FAIL2BAN=0
|
|
|
|
- TZ=${TIMEZONE}
|
|
- POSTMASTER_ADDRESS=postmaster@${BASE_DOMAIN}
|
|
|
|
- SPAMASSASSIN_SPAM_TO_INBOX=1
|
|
- MOVE_SPAM_TO_JUNK=1
|
|
- SA_TAG=-10000.0 # set headers on all mails
|
|
- SA_TAG2=3.75 # above is considered spam
|
|
- SA_KILL=10000.0 # don't bounce/quarantine anything
|
|
- "SA_SPAM_SUBJECT=[SPAM] "
|
|
ports:
|
|
- "25:25" # SMTP (explicit TLS => STARTTLS)
|
|
- "143:143" # IMAP4 (explicit TLS => STARTTLS)
|
|
- "465:465" # ESMTP (implicit TLS)
|
|
- "587:587" # ESMTP (explicit TLS => STARTTLS)
|
|
- "993:993" # IMAP4 (implicit TLS)
|
|
- "4190:4190" # managesieve
|
|
volumes:
|
|
# config
|
|
- ${BASE_DIR:-/srv}/mail/config:/tmp/docker-mailserver/
|
|
- ./mail/spamassassin-learn:/etc/cron.d/spamassassin-learn:ro
|
|
- ./mail/15-mailboxes.conf:/etc/dovecot/conf.d/15-mailboxes.conf:ro
|
|
# Mail data
|
|
- ${BASE_DIR:-/srv}/mail/mail-data:/var/mail/
|
|
- ${BASE_DIR:-/srv}/mail/mail-state:/var/mail-state/
|
|
- ${BASE_DIR:-/srv}/mail/mail-logs:/var/log/mail/
|
|
# certificates
|
|
- ${CERTS_DIR}/post.${BASE_DOMAIN}/post.${BASE_DOMAIN}.crt:/etc/letsencrypt/live/post.${BASE_DOMAIN}/fullchain.pem:ro
|
|
- ${CERTS_DIR}/post.${BASE_DOMAIN}/post.${BASE_DOMAIN}.key:/etc/letsencrypt/live/post.${BASE_DOMAIN}/privkey.pem:ro
|
|
networks:
|
|
mail:
|
|
aliases:
|
|
- post.${BASE_DOMAIN}
|