Archive-Team
/
docker-mailserver
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into docs/dkim-key-rotation-expiry

This commit is contained in:
Brennan Kinney 2024-06-19 20:37:57 +12:00 committed by GitHub
parent af85a3f334 d7dab2d20d
commit d00ea4d2be
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
13 changed files with 173 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/generic_build.yml vendored
View File

@ -83,7 +83,7 @@ jobs:
# NOTE: AMD64 can build within 2 minutes
- name: 'Build images'
uses: docker/build-push-action@v5.4.0
uses: docker/build-push-action@v6.0.0
with:
context: .
# Build at least the AMD64 image (which runs against the test suite).

2
.github/workflows/generic_publish.yml vendored
View File

@ -67,7 +67,7 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}
- name: 'Build and publish images'
uses: docker/build-push-action@v5.4.0
uses: docker/build-push-action@v6.0.0
with:
context: .
build-args: |

2
.github/workflows/generic_test.yml vendored
View File

@ -43,7 +43,7 @@ jobs:
# Importing from the cache should create the image within approx 30 seconds:
# NOTE: `qemu` step is not needed as we only test for AMD64.
- name: 'Build AMD64 image from cache'
uses: docker/build-push-action@v5.4.0
uses: docker/build-push-action@v6.0.0
with:
context: .
tags: mailserver-testing:ci

2
.github/workflows/generic_vulnerability-scan.yml vendored
View File

@ -42,7 +42,7 @@ jobs:
# Importing from the cache should create the image within approx 30 seconds:
# NOTE: `qemu` step is not needed as we only test for AMD64.
- name: 'Build AMD64 image from cache'
uses: docker/build-push-action@v5.4.0
uses: docker/build-push-action@v6.0.0
with:
context: .
tags: mailserver-testing:ci

5
CHANGELOG.md
View File

@ -6,6 +6,11 @@ All notable changes to this project will be documented in this file. The format
> **Note**: Changes and additions listed here are contained in the `:edge` image tag. These changes may not be as stable as released changes.
### Added
- **Internal:**
- Add password confirmation to several `setup.sh` commands ([#4072](https://github.com/docker-mailserver/docker-mailserver/pull/4072))
### Updates
- **Fail2ban**:

153
docs/content/examples/tutorials/dovecot-solr.md Normal file
View File

@ -0,0 +1,153 @@
# Dovecot Full Text Search (FTS) using the Solr Backend
Dovecot supports several FTS backends for providing fast and efficient full text searching of e-mails directly from the IMAP server.
As the size of your mail storage grows, the benefits of FTS are especially notable:
- Without FTS, Dovecot would perform a search query by checking each individual email stored for a match, and then repeat this process again from scratch for the exact same query in future.
- Some mail clients (_like Thunderbird_) may provide their own indexing and search features when all mail to search is stored locally, otherwise Dovecot needs to handle the search query (_for example webmail and mobile clients, like Gmail_).
- FTS indexes each mail into a database for querying instead, where it can skip the cost of inspecting irrelevant emails for a query.
!!! warning "This is a community contributed guide"
It extends [our official docs for Dovecot FTS][docs::dovecot::full-text-search] with a focus on Apache Solr. DMS does not officially support this integration.
## Setup Solr for DMS
An FTS backend supported by Dovecot is [Apache Solr][github-solr], a fast and efficient multi-purpose search indexer.
### Add the required `dovecot-solr` package
As the official DMS image does not provide `dovecot-solr`, you'll need to include the package in your own image (_extending a DMS release as a base image_), or via our [`user-patches.sh` feature][docs::user-patches]:
<!-- This empty quote block is purely for a visual border -->
!!! quote ""
=== "`user-patches.sh`"
If you'd prefer to avoid a custom image build. This approach is simpler but with the caveat that any time the container is restarted, you'll have a delay as the package is installed each time.
```bash
#!/bin/bash
apt-get update && apt-get install dovecot-solr
```
=== "`compose.yaml`"
A custom DMS image does not add much friction. You do not need a separate `Dockerfile` as Docker Compose supports building from an inline `Dockerfile` in your `compose.yaml`.
The `image` key of the service is swapped for the `build` key instead, as shown below:
```yaml
services:
mailserver:
hostname: mail.example.com
# Do not use `image` anymore, unless referring to the tagged image build below
# Add this `build` section to your real `compose.yaml` for your DMS service:
build:
tags:
- local/dms:14.0
dockerfile_inline: |
FROM docker.io/mailserver/docker-mailserver:14.0
RUN apt-get update && apt-get install dovecot-solr
```
- Just run `docker compose up` and it will pull DMS and build your custom image to run a container.
- Updating to a new DMS release is straight-forward, just adjust the version tag as you normally would. If you make future changes that don't apply, you may need to force a rebuild.
- This approach only needs to install the package once with the image build itself. This minimizes delay of container startup.
!!! note "Why doesn't DMS include `dovecot-solr`?"
This integration is not officially supported in DMS as no maintainer is able to provide troubleshooting support.
Prior to v14, the package was included but the community contributed guide had been outdated for several years that it was non-functional. It was decided that it was better to drop support and docs, however some DMS users voiced active use of Solr and it's benefits over Xapian for FTS which led to these revised docs.
**ARM64 builds do not have support for `dovecot-solr`**. Additionally the [user demand for including `dovecot-solr` is presently too low][gh-dms::feature-request::dovecot-solr-package] to justify vs the minimal effort to add additional packages as shown above.
### `compose.yaml` config
Firstly you need a working Solr container, for this the [official docker image][dockerhub-solr] will do:
```yaml
services:
solr:
image: solr:latest
container_name: dms-solr
environment:
# As Solr can be quite resource hungry, raise the memory limit to 2GB.
# The default is 512MB, which may be exhausted quickly.
SOLR_JAVA_MEM: "-Xms2g -Xmx2g"
volumes:
- ./docker-data/solr:/var/solr
restart: always
```
DMS will connect internally to the `solr` service above. Either have both services in the same `compose.yaml` file, or ensure that the containers are connected to the same docker network.
### Configure Solr for Dovecot
1. Once the Solr container is started, you need to configure a "Solr core" for Dovecot:
```bash
docker exec -it dms-solr /bin/sh
solr create -c dovecot
cp -R /opt/solr/contrib/analysis-extras/lib /var/solr/data/dovecot
```
Stop the `dms-solr` container and you should now have a `./data/dovecot` folder in the local bind mount volume.
2. Solr needs a schema that is specifically tailored for Dovecot FTS.
As of writing of this guide, Solr 9 is the current release. [Dovecot provides the required schema configs][github-dovecot::core-docs] for Solr, copy the following two v9 config files to `./data/dovecot` and rename them accordingly:
- `solr-config-9.xml` (_rename to `solrconfig.xml`_)
- `solr-schema-9.xml` (_rename to `schema.xml`_)
Additionally, remove the `managed-schema.xml` file from `./data/dovecot` and ensure the two files you copied have a [UID and GID of `8983`][dockerfile-solr-uidgid] assigned.
Start the Solr container once again, you should now have a working Solr core specifically for Dovecot FTS.
3. Configure Dovecot in DMS to connect to this Solr core:
Create a `10-plugin.conf` file in your `./config/dovecot` folder with this contents:
```config
mail_plugins = $mail_plugins fts fts_solr
plugin {
fts = solr
fts_autoindex = yes
fts_solr = url=http://dms-solr:8983/solr/dovecot/
}
```
Add a volume mount for that config to your DMS service in `compose.yaml`:
```yaml
services:
mailserver:
volumes:
- ./docker-data/config/dovecot/10-plugin.conf:/etc/dovecot/conf.d/10-plugin.conf:ro
```
### Trigger Dovecot FTS indexing
After following the previous steps, restart DMS and run this command to have Dovecot re-index all mail:
```bash
docker compose exec mailserver doveadm fts rescan -A
```
!!! info "Indexing will take a while depending on how large your mail folders"
Usually within 15 minutes or so, you should be able to search your mail using the Dovecot FTS feature! :tada:
[docs::user-patches]: ../../config/advanced/override-defaults/user-patches.md
[docs::dovecot::full-text-search]: ../../config/advanced/full-text-search.md
[gh-dms::feature-request::dovecot-solr-package]: https://github.com/docker-mailserver/docker-mailserver/issues/4052
[dockerhub-solr]: https://hub.docker.com/_/solr
[dockerfile-solr-uidgid]: https://github.com/apache/solr-docker/blob/9cd850b72309de05169544395c83a85b329d6b86/9.6/Dockerfile#L89-L92
[github-solr]: https://github.com/apache/solr
[github-dovecot::core-docs]: https://github.com/dovecot/core/tree/main/doc

1
docs/mkdocs.yml
View File

@ -174,6 +174,7 @@ nav:
- 'Crowdsec': examples/tutorials/crowdsec.md
- 'Building your own Docker image': examples/tutorials/docker-build.md
- 'Blog Posts': examples/tutorials/blog-posts.md
- 'Dovecot FTS with Apache Solr': examples/tutorials/dovecot-solr.md
- 'Use Cases':
- 'Forward-Only Mail-Server with LDAP': examples/use-cases/forward-only-mailserver-with-ldap-authentication.md
- 'Customize IMAP Folders': examples/use-cases/imap-folders.md

3
target/bin/adddovecotmasteruser
View File

@ -7,8 +7,7 @@ function _main() {
_require_n_parameters_or_print_usage 1 "${@}"
local MAIL_ACCOUNT="${1}"
shift
local PASSWD="${*}"
local PASSWD="${2}"
_manage_accounts_dovecotmaster_create "${MAIL_ACCOUNT}" "${PASSWD}"
}

3
target/bin/addmailuser
View File

@ -7,8 +7,7 @@ function _main() {
_require_n_parameters_or_print_usage 1 "${@}"
local MAIL_ACCOUNT="${1}"
shift
local PASSWD="${*}"
local PASSWD="${2}"
_manage_accounts_create "${MAIL_ACCOUNT}" "${PASSWD}"

3
target/bin/addsaslpassword
View File

@ -8,8 +8,7 @@ function _main() {
local DOMAIN="${1}"
local RELAY_ACCOUNT="${2}"
shift 2
local PASSWD="${*}"
local PASSWD="${3}"
_validate_parameters
_add_relayhost_credentials

3
target/bin/updatedovecotmasteruser
View File

@ -7,8 +7,7 @@ function _main() {
_require_n_parameters_or_print_usage 1 "${@}"
local MAIL_ACCOUNT="${1}"
shift
local PASSWD="${*}"
local PASSWD="${2}"
_manage_accounts_dovecotmaster_update "${MAIL_ACCOUNT}" "${PASSWD}"
}

3
target/bin/updatemailuser
View File

@ -7,8 +7,7 @@ function _main() {
_require_n_parameters_or_print_usage 1 "${@}"
local MAIL_ACCOUNT="${1}"
shift
local PASSWD="${*}"
local PASSWD="${2}"
_manage_accounts_update "${MAIL_ACCOUNT}" "${PASSWD}"
}

5
target/scripts/helpers/database/manage/postfix-accounts.sh
View File

@ -98,9 +98,14 @@ function __account_already_exists() {
# Also used by addsaslpassword
function _password_request_if_missing() {
local PASSWD_CONFIRM
if [[ -z ${PASSWD} ]]; then
read -r -s -p 'Enter Password: ' PASSWD
echo
[[ -z ${PASSWD} ]] && _exit_with_error 'Password must not be empty'
read -r -s -p 'Confirm Password: ' PASSWD_CONFIRM
echo
[[ ${PASSWD} != "${PASSWD_CONFIRM}" ]] && _exit_with_error 'Passwords do not match!'
fi
}