Archive-Team
/
docker-mailserver
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into release/v15.0.0

This commit is contained in:
Georg Lauterbach 2025-03-01 13:13:50 +01:00 committed by GitHub
parent f57336bd01 41dd0727e4
commit b33fc0b8c4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 35 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -62,7 +62,7 @@ All notable changes to this project will be documented in this file. The format
- The main `mail.log` (_which is piped to stdout via `tail`_) now correctly begins from the first log line of the active container run. Previously some daemon logs and potential warnings/errors were omitted ([#4146](https://github.com/docker-mailserver/docker-mailserver/pull/4146)) - The main `mail.log` (_which is piped to stdout via `tail`_) now correctly begins from the first log line of the active container run. Previously some daemon logs and potential warnings/errors were omitted ([#4146](https://github.com/docker-mailserver/docker-mailserver/pull/4146))
- `start-mailserver.sh` removed unused `shopt -s inherit_errexit` ([#4161](https://github.com/docker-mailserver/docker-mailserver/pull/4161)) - `start-mailserver.sh` removed unused `shopt -s inherit_errexit` ([#4161](https://github.com/docker-mailserver/docker-mailserver/pull/4161))
- Fixed a regression introduced in DMS v14 where `postfix-main.cf` appended `stderr` output into `/etc/postfix/main.cf`, causing Postfix startup to fail ([#4147](https://github.com/docker-mailserver/docker-mailserver/pull/4147)) - Fixed a regression introduced in DMS v14 where `postfix-main.cf` appended `stderr` output into `/etc/postfix/main.cf`, causing Postfix startup to fail ([#4147](https://github.com/docker-mailserver/docker-mailserver/pull/4147))
- Fixed a regression introduced in DMS v14 to better support running `start-mailserver.sh` with container restarts, which now only skip calling `_setup()` ([#4323](https://github.com/docker-mailserver/docker-mailserver/pull/4323#issuecomment-2629559254)) - Fixed a regression introduced in DMS v14 to better support running `start-mailserver.sh` with container restarts, which now only skip calling `_setup()` ([#4323](https://github.com/docker-mailserver/docker-mailserver/pull/4323#issuecomment-2629559254), [#4374](https://github.com/docker-mailserver/docker-mailserver/pull/4374))
- The command `swaks --help` is now functional ([#4282](https://github.com/docker-mailserver/docker-mailserver/pull/4282)) - The command `swaks --help` is now functional ([#4282](https://github.com/docker-mailserver/docker-mailserver/pull/4282))
- **Rspamd:** - **Rspamd:**
- DKIM private key path checking is now performed only on paths that do not contain `$` ([#4201](https://github.com/docker-mailserver/docker-mailserver/pull/4201)) - DKIM private key path checking is now performed only on paths that do not contain `$` ([#4201](https://github.com/docker-mailserver/docker-mailserver/pull/4201))

2
docs/content/config/security/rspamd.md
View File

@ -139,7 +139,7 @@ To use the web interface you will need to configure a password, [otherwise you w
--- ---
**Related:** A minimal Rspamd `compose.yaml` [example with a reverse-proxy for web access][gh-dms:guide::rspamd-web]. **Related:** A minimal Rspamd `compose.yaml` [example with a reverse-proxy for web access][gh-dms::guide::rspamd-web].
### DNS ### DNS

1
target/scripts/start-mailserver.sh
View File

@ -43,7 +43,6 @@ function _register_functions() {
# ? >> Setup # ? >> Setup
_register_setup_function '_setup_vmail_id' _register_setup_function '_setup_vmail_id'
_register_setup_function '_setup_logs_general'
_register_setup_function '_setup_timezone' _register_setup_function '_setup_timezone'
if [[ ${SMTP_ONLY} -ne 1 ]]; then if [[ ${SMTP_ONLY} -ne 1 ]]; then

33
target/scripts/startup/setup-stack.sh
View File

@ -82,6 +82,8 @@ function _setup_timezone() {
fi fi
} }
# Misc checks and fixes migrated here until next refactor:
# NOTE: `start-mailserver.sh` runs this along with `mail-state.sh` during container restarts
function _setup_directory_and_file_permissions() { function _setup_directory_and_file_permissions() {
_log 'trace' 'Removing leftover PID files from a stop/start' _log 'trace' 'Removing leftover PID files from a stop/start'
find /var/run/ -not -name 'supervisord.pid' -name '*.pid' -delete find /var/run/ -not -name 'supervisord.pid' -name '*.pid' -delete
@ -101,6 +103,8 @@ function _setup_directory_and_file_permissions() {
_log 'debug' "Ensuring '${RSPAMD_DMS_DKIM_D}' is owned by '_rspamd:_rspamd'" _log 'debug' "Ensuring '${RSPAMD_DMS_DKIM_D}' is owned by '_rspamd:_rspamd'"
chown -R _rspamd:_rspamd "${RSPAMD_DMS_DKIM_D}" chown -R _rspamd:_rspamd "${RSPAMD_DMS_DKIM_D}"
fi fi
__log_fixes
} }
function _setup_run_user_patches() { function _setup_run_user_patches() {
@ -113,3 +117,32 @@ function _setup_run_user_patches() {
_log 'trace' "No optional '${USER_PATCHES}' provided" _log 'trace' "No optional '${USER_PATCHES}' provided"
fi fi
} }
function __log_fixes() {
_log 'debug' 'Ensuring /var/log/mail owneership + permissions are correct'
# File/folder permissions are fine when using docker volumes, but may be wrong
# when file system folders are mounted into the container.
# Set the expected values and create missing folders/files just in case.
mkdir -p /var/log/{mail,supervisor}
# TODO: Remove these lines in a future release once concerns are resolved:
# https://github.com/docker-mailserver/docker-mailserver/pull/4370#issuecomment-2661762043
chown syslog:root /var/log/mail
if [[ ${ENABLE_CLAMAV} -eq 1 ]]; then
# TODO: Consider assigning /var/log/mail a writable non-root group for other processes like ClamAV?
# - Check if ClamAV is capable of creating files itself when they're missing?
# - Alternatively a symlink to /var/log/mail from the original intended location would allow write access
# as a user to the symlink location, while keeping ownership as root at /var/log/mail
# - `LogSyslog false` for clamd.conf + freshclam.conf could possibly be enabled instead of log files?
# However without better filtering in place (once Vector is adopted), this should be avoided.
touch /var/log/mail/{clamav,freshclam}.log
chown clamav:adm /var/log/mail/{clamav,freshclam}.log
fi
# Volume permissions should be corrected:
# https://github.com/docker-mailserver/docker-mailserver-helm/issues/137
chmod 755 /var/log/mail/
chmod 640 /var/log/mail/*
}

10
target/scripts/startup/setup.d/log.sh
View File

@ -1,15 +1,5 @@
#!/bin/bash #!/bin/bash
function _setup_logs_general() {
_log 'debug' 'Setting up general log files'
# File/folder permissions are fine when using docker volumes, but may be wrong
# when file system folders are mounted into the container.
# Set the expected values and create missing folders/files just in case.
mkdir -p /var/log/{mail,supervisor}
chown syslog:root /var/log/mail
}
function _setup_logrotate() { function _setup_logrotate() {
_log 'debug' 'Setting up logrotate' _log 'debug' 'Setting up logrotate'

7
target/scripts/startup/setup.d/security/misc.sh
View File

@ -155,13 +155,6 @@ function __setup__security__clamav() {
if [[ ${ENABLE_CLAMAV} -eq 1 ]]; then if [[ ${ENABLE_CLAMAV} -eq 1 ]]; then
_log 'debug' 'Enabling and configuring ClamAV' _log 'debug' 'Enabling and configuring ClamAV'
local FILE
for FILE in /var/log/mail/{clamav,freshclam}.log; do
touch "${FILE}"
chown clamav:adm "${FILE}"
chmod 640 "${FILE}"
done
if [[ ${CLAMAV_MESSAGE_SIZE_LIMIT} != '25M' ]]; then if [[ ${CLAMAV_MESSAGE_SIZE_LIMIT} != '25M' ]]; then
_log 'trace' "Setting ClamAV message scan size limit to '${CLAMAV_MESSAGE_SIZE_LIMIT}'" _log 'trace' "Setting ClamAV message scan size limit to '${CLAMAV_MESSAGE_SIZE_LIMIT}'"