` subcommand ([#3455](https://github.com/docker-mailserver/docker-mailserver/pull/3455))
+- **Environment Variables:**
+ - `MARK_SPAM_AS_READ`. When set to `1`, marks incoming spam as "read" to avoid unwanted "new mail" notifications for junk mail ([#3489](https://github.com/docker-mailserver/docker-mailserver/pull/3489))
+ - `DMS_VMAIL_UID` and `DMS_VMAIL_GID` allow changing the default ID values (`5000:5000`) for the Dovecot vmail user and group ([#3550](https://github.com/docker-mailserver/docker-mailserver/pull/3550))
+ - `RSPAMD_CHECK_AUTHENTICATED` allows authenticated users to avoid additional security checks by Rspamd ([#3440](https://github.com/docker-mailserver/docker-mailserver/pull/3440))
+- **Documentation:**
+ - Use-case examples / tutorials:
+ - iOS mail push support ([#3513](https://github.com/docker-mailserver/docker-mailserver/pull/3513))
+ - Guide for setting up Dovecot Authentication via Lua ([#3579](https://github.com/docker-mailserver/docker-mailserver/pull/3579))
+ - Guide for integrating with the Crowdsec service ([#3651](https://github.com/docker-mailserver/docker-mailserver/pull/3651))
+ - Debugging page:
+ - New compatibility section ([#3404](https://github.com/docker-mailserver/docker-mailserver/pull/3404))
+ - Now advises how to (re)start DMS correctly ([#3654](https://github.com/docker-mailserver/docker-mailserver/pull/3654))
+ - Better communicate distinction between DMS FQDN and DMS mail accounts ([#3372](https://github.com/docker-mailserver/docker-mailserver/pull/3372))
+ - Traefik example now includes `passthrough=true` on implicit ports ([#3568](https://github.com/docker-mailserver/docker-mailserver/pull/3568))
+ - Rspamd docs have received a variety of revisions ([#3318](https://github.com/docker-mailserver/docker-mailserver/pull/3318), [#3325](https://github.com/docker-mailserver/docker-mailserver/pull/3325), [#3329](https://github.com/docker-mailserver/docker-mailserver/pull/3329))
+ - IPv6 config examples with content tabs ([#3436](https://github.com/docker-mailserver/docker-mailserver/pull/3436))
+ - Mention [internet.nl](https://internet.nl/test-mail/) as another testing service ([#3445](https://github.com/docker-mailserver/docker-mailserver/pull/3445))
+ - `setup alias add ...` CLI help message now includes an example for aliasing to multiple recipients ([#3600](https://github.com/docker-mailserver/docker-mailserver/pull/3600))
+ - `SPAMASSASSIN_SPAM_TO_INBOX=1`, now emits a debug log to raise awareness that `SA_KILL` will be ignored ([#3360](https://github.com/docker-mailserver/docker-mailserver/pull/3360))
+ - `CLAMAV_MESSAGE_SIZE_LIMIT` now logs a warning when the value exceeds what ClamAV is capable of supporting (4GiB max scan size [#3332](https://github.com/docker-mailserver/docker-mailserver/pull/3332), 2GiB max file size [#3341](https://github.com/docker-mailserver/docker-mailserver/pull/3341))
+ - Added note to caution against changing `mydestination` in Postfix's `main.cf` ([#3316](https://github.com/docker-mailserver/docker-mailserver/pull/3316))
+- **Internal:**
+ - Added a wrapper to update Postfix configuration safely ([#3484](https://github.com/docker-mailserver/docker-mailserver/pull/3484), [#3503](https://github.com/docker-mailserver/docker-mailserver/pull/3503))
+ - Add debug group to `packages.sh` ([#3578](https://github.com/docker-mailserver/docker-mailserver/pull/3578))
+- **Tests:**
+ - Additional linting check for BASH syntax ([#3369](https://github.com/docker-mailserver/docker-mailserver/pull/3369))
+
+### Updates
+
+- **Misc:**
+ - Changed `setup config dkim` default key size to `2048` (`open-dkim`) ([#3508](https://github.com/docker-mailserver/docker-mailserver/pull/3508))
+- **Postfix:**
+ - Dropped special bits from `maildrop/` and `public/` directory permissions ([#3625](https://github.com/docker-mailserver/docker-mailserver/pull/3625))
+- **Rspamd:**
+ - Adjusted learning of ham ([#3334](https://github.com/docker-mailserver/docker-mailserver/pull/3334))
+ - Adjusted `antivirus.conf` ([#3331](https://github.com/docker-mailserver/docker-mailserver/pull/3331))
+ - `logrotate` setup + Rspamd log path + tests log helper fallback path ([#3576](https://github.com/docker-mailserver/docker-mailserver/pull/3576))
+ - Setup during container startup is now more resilient ([#3578](https://github.com/docker-mailserver/docker-mailserver/pull/3578))
+ - Changed DKIM default config location ([#3597](https://github.com/docker-mailserver/docker-mailserver/pull/3597))
+ - Removed the symlink for the `override.d/` directory in favor of using `cp`, integrated into the changedetector service, added a `--force` option for the Rspamd DKIM management, and provided a dedicated helper script for common ENV variables ([#3599](https://github.com/docker-mailserver/docker-mailserver/pull/3599))
+ - Required permissions are now verified for DKIM private key files ([#3627](https://github.com/docker-mailserver/docker-mailserver/pull/3627))
+- **Documentation:**
+ - Documentation aligned to Compose v2 conventions, `docker-compose` command changed to `docker compose`, `docker-compose.yaml` to `compose.yaml` ([#3295](https://github.com/docker-mailserver/docker-mailserver/pull/3295))
+ - Restored missing edit button ([#3338](https://github.com/docker-mailserver/docker-mailserver/pull/3338))
+ - Complete rewrite of the IPv6 page ([#3244](https://github.com/docker-mailserver/docker-mailserver/pull/3244), [#3531](https://github.com/docker-mailserver/docker-mailserver/pull/3531))
+ - Complete rewrite of the "Update and Cleanup" maintenance page ([#3539](https://github.com/docker-mailserver/docker-mailserver/pull/3539), [#3583](https://github.com/docker-mailserver/docker-mailserver/pull/3583))
+ - Improved debugging page advice on working with logs ([#3626](https://github.com/docker-mailserver/docker-mailserver/pull/3626), [#3640](https://github.com/docker-mailserver/docker-mailserver/pull/3640))
+ - Clarified the default for ENV `FETCHMAIL_PARALLEL` ([#3603](https://github.com/docker-mailserver/docker-mailserver/pull/3603))
+ - Removed port 25 from FAQ entry for mail client ports supporting authenticated submission ([#3496](https://github.com/docker-mailserver/docker-mailserver/pull/3496))
+ - Updated home path in docs for Dovecot Sieve ([#3370](https://github.com/docker-mailserver/docker-mailserver/pull/3370), [#3650](https://github.com/docker-mailserver/docker-mailserver/pull/3650))
+ - Fixed path to `rspamd.log` ([#3585](https://github.com/docker-mailserver/docker-mailserver/pull/3585))
+ - "Optional Config" page now uses consistent lowercase convention for directory names ([#3629](https://github.com/docker-mailserver/docker-mailserver/pull/3629))
+ - `CONTRIBUTORS.md`: Removed redundant "All Contributors" section ([#3638](https://github.com/docker-mailserver/docker-mailserver/pull/3638))
+- **Internal:**
+ - LDAP config improvements (Removed implicit `ldap://` LDAP URI scheme fallback) ([#3522](https://github.com/docker-mailserver/docker-mailserver/pull/3522))
+ - Changed style conventions for internal scripts ([#3361](https://github.com/docker-mailserver/docker-mailserver/pull/3361), [#3364](https://github.com/docker-mailserver/docker-mailserver/pull/3364), [#3365](https://github.com/docker-mailserver/docker-mailserver/pull/3365), [#3366](https://github.com/docker-mailserver/docker-mailserver/pull/3366), [#3368](https://github.com/docker-mailserver/docker-mailserver/pull/3368), [#3464](https://github.com/docker-mailserver/docker-mailserver/pull/3464))
+- **CI / Automation:**
+ - `.gitattributes` now ensures files are committed with `eol=lf` ([#3527](https://github.com/docker-mailserver/docker-mailserver/pull/3527))
+ - Revised the GitHub issue bug report template ([#3317](https://github.com/docker-mailserver/docker-mailserver/pull/3317), [#3381](https://github.com/docker-mailserver/docker-mailserver/pull/3381), [#3435](https://github.com/docker-mailserver/docker-mailserver/pull/3435))
+ - Clarified that the issue tracker is not for personal support ([#3498](https://github.com/docker-mailserver/docker-mailserver/pull/3498), [#3502](https://github.com/docker-mailserver/docker-mailserver/pull/3502))
+ - Bumped versions of miscellaneous software (also shoutout to @dependabot) ([#3371](https://github.com/docker-mailserver/docker-mailserver/pull/3371), [#3584](https://github.com/docker-mailserver/docker-mailserver/pull/3584), [#3504](https://github.com/docker-mailserver/docker-mailserver/pull/3504), [#3516](https://github.com/docker-mailserver/docker-mailserver/pull/3516))
+- **Tests:**
+ - Refactored LDAP tests to current conventions ([#3483](https://github.com/docker-mailserver/docker-mailserver/pull/3483))
+ - Changed OpenLDAP image to `bitnami/openldap` ([#3494](https://github.com/docker-mailserver/docker-mailserver/pull/3494))
+ - Revised LDAP config + setup ([#3514](https://github.com/docker-mailserver/docker-mailserver/pull/3514))
+ - Added tests for the helper function `_add_to_or_update_postfix_main()` ([#3505](https://github.com/docker-mailserver/docker-mailserver/pull/3505))
+ - EditorConfig Checker lint now uses a mount path to `/check` instead of `/ci` ([#3655](https://github.com/docker-mailserver/docker-mailserver/pull/3655))
+
+### Fixed
+
+- **Security:**
+ - Fixed issue with concatenating `$dmarc_milter` and `$dkim_milter` in `main.cf` ([#3380](https://github.com/docker-mailserver/docker-mailserver/pull/3380))
+ - Fixed Rspamd DKIM signing for inbound emails ([#3439](https://github.com/docker-mailserver/docker-mailserver/pull/3439), [#3453](https://github.com/docker-mailserver/docker-mailserver/pull/3453))
+ - OpenDKIM key generation is no longer broken when Rspamd is also enabled ([#3535](https://github.com/docker-mailserver/docker-mailserver/pull/3535))
+- **Internal:**
+ - The "database" files (_for managing users and aliases_) now correctly filters within lookup query ([#3359](https://github.com/docker-mailserver/docker-mailserver/pull/3359))
+ - `_setup_spam_to_junk()` no longer registered when `SMTP_ONLY=1` ([#3385](https://github.com/docker-mailserver/docker-mailserver/pull/3385))
+ - Dovecot `fts_xapian` is now compiled from source to match the Dovecot package ABI ([#3373](https://github.com/docker-mailserver/docker-mailserver/pull/3373))
+- **CI:**
+ - Scheduled build now have the correct permissions to run successfully ([#3345](https://github.com/docker-mailserver/docker-mailserver/pull/3345))
+- **Documentation:**
+ - Miscellaneous spelling and wording improvements ([#3324](https://github.com/docker-mailserver/docker-mailserver/pull/3324), [#3330](https://github.com/docker-mailserver/docker-mailserver/pull/3330), [#3337](https://github.com/docker-mailserver/docker-mailserver/pull/3337), [#3339](https://github.com/docker-mailserver/docker-mailserver/pull/3339), [#3344](https://github.com/docker-mailserver/docker-mailserver/pull/3344), [#3367](https://github.com/docker-mailserver/docker-mailserver/pull/3367), [#3411](https://github.com/docker-mailserver/docker-mailserver/pull/3411), [#3443](https://github.com/docker-mailserver/docker-mailserver/pull/3443))
+- **Tests:**
+ - Run `pgrep` within the actual container ([#3553](https://github.com/docker-mailserver/docker-mailserver/pull/3553))
+ - `lmtp_ip.bats` improved partial failure output ([#3552](https://github.com/docker-mailserver/docker-mailserver/pull/3552))
+ - Improvements to LDIF test data ([#3506](https://github.com/docker-mailserver/docker-mailserver/pull/3506))
+ - Normalized for `.gitattributes` + improved `eclint` coverage ([#3566](https://github.com/docker-mailserver/docker-mailserver/pull/3566))
+ - Fixed ShellCheck linting for BATS tests ([#3347](https://github.com/docker-mailserver/docker-mailserver/pull/3347))
## [v12.1.0](https://github.com/docker-mailserver/docker-mailserver/releases/tag/v12.1.0)
@@ -38,7 +208,7 @@ All notable changes to this project will be documented in this file. The format
- add option to re-enable `reject_unknown_client_hostname` after #3248 ([#3255](https://github.com/docker-mailserver/docker-mailserver/pull/3255))
- add DKIM helper script ([#3286](https://github.com/docker-mailserver/docker-mailserver/pull/3286))
- make `policyd-spf` configurable ([#3246](https://github.com/docker-mailserver/docker-mailserver/pull/3246))
-- add 'log' command to setup for Fail2Ban ([#3299](https://github.com/docker-mailserver/docker-mailserver/pull/3299))
+- add 'log' command to set up for Fail2Ban ([#3299](https://github.com/docker-mailserver/docker-mailserver/pull/3299))
- `setup` command now expects accounts and aliases to be mutually exclusive ([#3270](https://github.com/docker-mailserver/docker-mailserver/pull/3270))
### Updated
diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
index 3fcdd463..4103ad5f 100644
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@@ -9,42 +9,42 @@ Thanks goes to these wonderful people ✨
- Casper
+ casperklein
- Felix Bartels
+ fbartels
|
- Nathan Pierce
+ NorseGaud
|
- William Desportes
+ williamdes
|
- Frederic Werner
+ wernerfred
|
- Georg Lauterbach
+ georglauterbach
|
@@ -52,42 +52,42 @@ Thanks goes to these wonderful people ✨
- Thomas VIAL
+ tomav
- Erik Wramner
+ erik-wramner
|
- Brennan Kinney
+ polarathene
|
- Jean-Denis Vauguet
+ chikamichi
|
- Martin Schulze
+ martin-schulze-vireso
|
- Josef Friedrich
+ Josef-Friedrich
|
@@ -95,42 +95,42 @@ Thanks goes to these wonderful people ✨
- Johan Smits
+ johansmitsnl
- Null
+ youtous
|
- Null
+ 17Halbe
|
- Thorsten Von Eicken
+ tve
|
- Germain Masse
+ gmasse
|
- Null
+ 00angus
|
@@ -138,42 +138,42 @@ Thanks goes to these wonderful people ✨
- Paul Steinlechner
+ alinmear
- Andreas Perhab
+ ap-wtioit
|
- Dominik Winter
+ dominikwinter
|
- Paul Adams
+ crazystick
|
- Sebastian Wiesendahl
+ swiesend
|
- Steve Johnson
+ svenyonson
|
@@ -181,42 +181,42 @@ Thanks goes to these wonderful people ✨
- André Stein
+ stonemaster
- Null
+ omarc1492
|
- Christian Glahn
+ phish108
|
- Marek Walczak
+ mwlczk
|
- Kai Ren
+ tyranron
|
- Kyle Ondy
+ KyleOndy
|
@@ -224,42 +224,42 @@ Thanks goes to these wonderful people ✨
- Michael
+ MichaelSp
- Lukas
+ mindrunner
|
- Sascha Scandella
+ m-a-v
|
- Lukáš Vasek
+ bilak
|
- Null
+ vortex852456
|
- Christian Grasso
+ chris54721
|
@@ -267,42 +267,42 @@ Thanks goes to these wonderful people ✨
- Hans-Cees Speel
+ hanscees
- Jack Pearson
+ jrpear
|
- Dashamir Hoxha
+ dashohoxha
|
- GAVARD Ewann
+ egavard
|
- Jack Twilley
+ mathuin
|
- James
+ jamebus
|
@@ -310,42 +310,42 @@ Thanks goes to these wonderful people ✨
- Luke Cyca
+ lukecyca
- Oleg Kainov
+ okainov
|
- Robert Dolca
+ robertdolca
|
- Thomas Kilian
+ kiliant
|
- Tobias Rittig
+ diiigle
|
- Akmet
+ akmet
|
@@ -353,42 +353,42 @@ Thanks goes to these wonderful people ✨
- Arne Kepp
+ arneke
- Dennis Stumm
+ dennis95stumm
|
- Moritz Marquardt
+ moqmar
|
- Null
+ pyy
|
- Anne
+ voordev
|
- Null
+ Birkenstab
|
@@ -396,42 +396,42 @@ Thanks goes to these wonderful people ✨
- Brandon Schmitt
+ BrandonSchmitt
- Cédric Laubacher
+ Starbix
|
- GrupoCITEC
+ citec
|
- Jairo Llopis
+ yajo
|
- Jarrod Smith
+ MakerMatrix
|
- Joerg Sonnenberger
+ jsonn
|
@@ -439,28 +439,35 @@ Thanks goes to these wonderful people ✨
- Patrizio Bekerle
+ pbek
+
+
+
+
+ 
+
+ reneploetz
|
- Null
+ Rubytastic2
|
- Semir Patel
+ analogue
|
- Wolfgang Ocker
+ weo
|
@@ -469,270 +476,263 @@ Thanks goes to these wonderful people ✨
Zehir
- |
+
+
- Null
+ guardiande
- |
-
+
- Null
+ kamuri
|
- Null
+ davidszp
|
- Andreas Gerstmayr
+ andreasgerstmayr
|
- Marko J
+ mjung
|
- Michael Schmoock
-
- |
-
-
- 
-
- Null
+ m-schmoock
|
+
+
+
+
+ VanVan
+
+ |
- Alexander Elbracht
+ elbracht
|
- Amin Vakil
+ aminvakil
|
- Andrew Low
+ andrewlow
|
- Ask Bjørn Hansen
+ abh
|
- Ben
-
- |
-
-
- 
-
- Christian Raue
+ ubenmackin
|
+
+
+
+
+ craue
+
+ |
- Daniel Panteleit
+ danielpanteleit
|
- Darren McGrandle
+ dmcgrandle
|
- Dominik Bruhn
+ theomega
|
- Null
+ DuncanvR
|
- Emanuele Mazzotta
-
- |
-
-
- 
-
- FL42
+ emazzotta
|
+
+
+
+
+ fl42
+
+ |
- Guillaume Simon
+ ipernet
|
- Null
+ H4R0
|
- Ikko Eltociear Ashimine
+ eltociear
|
- James Fryer
+ jamesfryer
|
- Millaguie
-
- |
-
-
- 
-
- Jeremy Shipman
+ millaguie
|
+
+
+
+
+ jedateach
+
+ |
- Jonas Kalderstam
+ spacecowboy
|
- Louis
+ artonge
|
- Null
+ martinwepner
|
- Michael Als
+ nueaf
|
- Morgan Kesler
-
- |
-
-
- 
-
- Pablo Castorino
+ keslerm
|
+
+
+
+
+ castorinop
+
+ |
- Philipp Fruck
+ p-fruck
|
- Rainer Rillke
-
- |
-
-
-
-
- René Plötz
+ Rillke
|
- Bob Gregor
+ bobbravo2
|
- Robert Pufky
+ r-pufky
|
- Vincent Ducamps
+ vincentDcmps
|
@@ -740,42 +740,42 @@ Thanks goes to these wonderful people ✨
- Andymel
+ andymel123
- Bigpigeon
+ bigpigeon
|
- Null
+ engelant
|
- Null
+ j-marz
|
- Null
+ lokipo
|
- Null
+ msheakoski
|
@@ -783,35 +783,35 @@ Thanks goes to these wonderful people ✨
- Felix
+ GoliathLabs
- Leon Busch-George
+ yogo1212
|
- Marius Panneck
+ mpanneck
|
- Thomas Willems
+ willtho89
|
- Thomas Butter
+ tbutter
|
@@ -826,42 +826,42 @@ Thanks goes to these wonderful people ✨
- Johan Fokeev
+ ifokeev
|
- Null
+ 20th
|
- Null
+ 2b
|
- Max:
+ askz
|
- Achim Christ
+ acch
|
- Adrian Pistol
+ vifino
|
@@ -869,42 +869,42 @@ Thanks goes to these wonderful people ✨
- Alexander Kachkaev
+ kachkaev
- Alexander Neu
+ alexanderneu
|
- Bedniakov Aleksei
+ ch3sh1r
|
- Andreas Egli
+ eglia
|
- Andrew Cornford
+ groupmsl
|
- Andrey Likhodievskiy
+ green-anger
|
@@ -912,42 +912,42 @@ Thanks goes to these wonderful people ✨
- Arash Fatahzade
+ iRhonin
- Arthur Outhenin-Chalandre
+ MrFreezeex
|
- Arun
+ arunvc
|
- Astro
+ astrocket
|
- Benedict Endemann
+ baxerus
|
- Bogdan
+ spock
|
@@ -955,42 +955,42 @@ Thanks goes to these wonderful people ✨
- Charles Harris
+ erdos4d
- Christian Musa
+ crash7
|
- Christoph
+ auchri
|
- Claude Brisson
+ arkanovicz
|
- Claus Beerta
+ CBeerta
|
- Damian Moore
+ damianmoore
|
@@ -998,42 +998,42 @@ Thanks goes to these wonderful people ✨
- Null
+ espitall
- Daniel Karski
+ dkarski
|
- Daniele Bellavista
+ dbellavista
|
- Daniël Van Den Berg
+ danielvandenberg95
|
- Dingoz
+ mlatorre31
|
- Dmitry R.
+ mazzz1y
|
@@ -1041,42 +1041,42 @@ Thanks goes to these wonderful people ✨
- Dorian Ayllón
+ aydodo
- Edmond Varga
+ vedtam
|
- Eduard Knyshov
+ edvorg
|
- Elisei Roca
+ eliroca
|
- Erick Calder
+ ekkis
|
- Erik Brakkee
+ ErikEngerd
|
@@ -1084,42 +1084,42 @@ Thanks goes to these wonderful people ✨
- Huncode
+ huncode
- Felix N
+ felixn
|
- Florian
+ flole
|
- Florian Roks
+ froks
|
- Franz Keferböck
+ fkefer
|
- Frugan
+ frugan-dev
|
@@ -1127,14 +1127,14 @@ Thanks goes to these wonderful people ✨
- Gabriel Euzet
+ Marsu31
- Gabriel Landais
+ glandais
|
@@ -1148,7 +1148,7 @@ Thanks goes to these wonderful people ✨
- Harry Youd
+ harryyoud
|
@@ -1162,7 +1162,7 @@ Thanks goes to these wonderful people ✨
- Ian Andrews
+ sirgantrithon
|
@@ -1177,14 +1177,21 @@ Thanks goes to these wonderful people ✨
- Null
+ jcalfee
+
+
+
+
+ 
+
+ mivek
|
- JS Légaré
+ init-js
|
@@ -1198,103 +1205,103 @@ Thanks goes to these wonderful people ✨
- Null
-
- |
-
-
- 
-
- Jiří Kozlovský
+ JiLleON
|
+
+
+
+
+ jirislav
+
+ |
- Null
+ jmccl
|
- Jurek Barth
+ jurekbarth
|
- JOnathan DuMonT
+ JOduMonT
|
- Kaan
+ Kaan88
|
- Karthik K
-
- |
-
-
- 
-
- Null
+ akkumar
|
+
+
+
+
+ KCrawley
+
+ |
- Khue Doan
+ khuedoan
|
- Lars Pötter
+ JustAnother1
|
- Leo Winter
+ LeoWinterDE
|
- Lin Han
+ linhandev
|
- Lucas Bartholemy
+ luke-
- |
+
+
- Null
+ LucidityCrash
- |
-
+
@@ -1306,677 +1313,660 @@ Thanks goes to these wonderful people ✨
- Mathieu Brunot
+ madmath03
|
- Maximilian Hippler
+ maxemann96
|
- Michael G.
+ dragetd
|
- Michael Jensen
-
- |
-
-
- 
-
- Michel Albert
+ michaeljensen
|
+
+
+
+
+ exhuma
+
+ |
- Milas Bowman
+ milas
|
- Mohammed Chotia
+ mcchots
|
- Mohammed Noureldin
+ MohammedNoureldin
|
- Moritz Poldrack
+ mpldr
|
- Naveen
-
- |
-
-
- 
-
- Nicholas Pepper
+ naveensrinivasan
|
+
+
+
+
+ neuralp
+
+ |
- Nick Pappas
+ radicand
|
- Nils Höll
+ nilshoell
|
- Nils Knappmeier
+ nknapp
|
- Olivier Picquenot
+ pcqnt
|
- Orville Q. Song
-
- |
-
-
- 
-
- Ovidiu Predescu
+ OrvilleQ
|
+
+
+
+
+ ovidiucp
+
+ |
- Petar Šegina
+ mrPjer
+
+ |
+
+
+ 
+
+ p3dda
|
- Peter Hartmann
+ peter-hartmann
|
- Pierre-Yves Rofes
+ piwai
|
- Remo E
+ remoe
- |
+
+
- Roman Seyffarth
+ romansey
|
- Sam Collins
+ MightySCollins
- |
-
+
- Scott Weldon
+ 501st-alpha1
|
- Sebastian Straub
+ klamann
|
- Serge Van Den Boom
+ svdb0
|
- Sergey Nazaryev
+ 3ap
- |
+
+
- Shyim
+ shyim
|
- Simon J Mudd
+ sjmudd
- |
-
+
- Simon Schröter
+ simonsystem
|
- Stephan
+ stephan-devop
|
- Stig Otnes Kolstad
+ stigok
|
- Sven Kauber
+ 5ven
- |
+
+
- Sylvain Benner
+ syl20bnr
|
- Sylvain Dumont
+ sylvaindumont
- |
-
+
- Null
+ TechnicLab
|
- Thomas Schmit
+ thomasschmit
|
- Tin
+ Thiritin
|
- Torben Weibert
+ tweibert
- |
+
+
- Toru Hisai
+ torus
|
- Trangar
+ VictorKoenders
- |
-
+
- Null
+ Twist235
|
- Vasiliy Gokoyev
+ k3it
|
- Victoria Brekenfeld
+ Drakulix
|
- Vilius
+ vilisas
- |
+
+
- Wim
+ 42wim
|
- Y.C.Huang
+ ShiriNmi1520
- |
-
+
- Null
+ Zepmann
|
- Allddd
+ allddd
|
- Null
+ arcaine2
|
- Awb99
+ awb99
- |
+
+
- Null
+ brainkiller
|
- Null
+ cternes
- |
-
+
- Null
+ dborowy
|
- Null
+ dimalo
|
- Eleith
+ eleith
|
- Null
+ ghnp5
- |
+
+
- Null
+ helmutundarnold
|
- Null
+ hnws
- |
-
+
- Null
+ i-C-o-d-e-r
|
- Null
+ idaadi
|
- Null
+ ixeft
|
- Null
+ jjtt
- |
+
+
- Jose Nazario
+ paralax
|
- Null
+ jpduyx
- |
-
+
- Null
+ landergate
|
- Magnus Anderssen
+ callmemagnus
|
- Null
+ marios88
|
- Null
+ matrixes
- |
+
+
- Mchamplain
+ mchamplain
|
- Jason Miller
+ millerjason
- |
-
+
- Null
+ mplx
|
- Null
+ odinis
|
- Okami
+ okamidash
|
- Null
+ olaf-mandel
- |
+
+
- Null
+ ontheair81
|
- Null
+ pravynandas
- |
-
+
- Null
+ presocratics
|
- Null
+ rhyst
|
- Null
+ rmlhuk
|
- Null
+ rriski
- |
+
+
- Null
+ schnippl0r
|
- Null
+ smargold476
- |
-
+
- Null
+ sportshead
|
- Null
+ squash
|
- Null
+ strarsis
|
- Null
+ tamueller
- |
+
+
- Null
+ vivacarvajalito
|
- Null
+ wligtenberg
- |
-
+
- Null
+ wolkenschieber
|
- Null
+ worldworm
|
-
-## Further Contributors
-
-Also thanks goes to these wonderful people, that have contributed in various other ways than code lines ✨
-
-[Emoji Key ✨ (and Contribution Types)](https://allcontributors.org/docs/en/emoji-key)
-
-
-
-
-
-
-
-
-
-
-
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of any kind welcome!
-
-Note: We started using [all-contributors](https://github.com/all-contributors/all-contributors) in July 2021. We will add contributors with their future PRs or Issues. Code contributions are added automatically. If you are [one of the 200+](https://github.com/docker-mailserver/docker-mailserver/graphs/contributors) that contributed to the project in the past and would like to see your name here too, please reach out!
diff --git a/Dockerfile b/Dockerfile
index d13a7bf0..a4a8244b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -286,8 +286,6 @@ RUN <.dovecot.sieve`, so for example for `user1@example.com` you should provide a Sieve file named `docker-data/dms/config/user1@example.com.dovecot.sieve`.
diff --git a/docs/content/config/debugging.md b/docs/content/config/debugging.md
index 24e41566..d58430e1 100644
--- a/docs/content/config/debugging.md
+++ b/docs/content/config/debugging.md
@@ -14,6 +14,27 @@ This page contains valuable information when it comes to resolving issues you en
- Check that all published DMS ports are actually open and not blocked by your ISP / hosting provider.
- SSL errors are likely the result of a wrong setup on the user side and not caused by DMS itself.
+- Ensure that you have correctly started DMS. Many problems related to configuration are due to this.
+
+!!! danger "Correctly starting DMS"
+
+ Use the [`--force-recreate`][docker-docs::force-recreate] option to avoid configuration mishaps: `docker compose up --force-recreate`
+
+ Alternatively, always use `docker compose down` to stop DMS. **Do not** rely on `CTRL + C`, `docker compose stop`, or `docker compose restart`.
+
+ ---
+
+ DMS setup scripts are run when a container starts, but may fail to work properly if you do the following:
+
+ - Stopping a container with commands like: `docker stop` or `docker compose up` stopped via `CTRL + C` instead of `docker compose down`.
+ - Restarting a container.
+
+ Volumes persist data across container instances, however the same container instance will keep internal changes not stored in a volume until the container is removed.
+
+ Due to this, DMS setup scripts may modify configuration it has already modified in the past.
+
+ - This is brittle as some changes are naive by assuming they are applied to the original configs from the image.
+ - Volumes in `compose.yaml` are expected to persist any important data. Thus it should be safe to throwaway the container created each time, avoiding this config problem.
### Mail sent from DMS does not arrive at destination
@@ -25,6 +46,17 @@ Some service providers block outbound traffic on port 25. Common hosting provide
These links may advise how the provider can unblock the port through additional services offered, or via a support ticket request.
+### Mail sent to DMS does not get delivered to user
+
+Common logs related to this are:
+
+- `warning: do not list domain domain.fr in BOTH mydestination and virtual_mailbox_domains`
+- `Recipient address rejected: User unknown in local recipient table`
+
+If your logs look like this, you likely have [assigned the same FQDN to the DMS `hostname` and your mail accounts][gh-issues::dms-fqdn-misconfigured] which is not supported by default. You can either adjust your DMS `hostname` or follow [this FAQ advice][docs::faq-bare-domain]
+
+It is also possible that [DMS services are temporarily unavailable][gh-issues::dms-services-unavailable] when configuration changes are detected, producing the 2nd error. Certificate updates may be a less obvious trigger.
+
## Steps for Debugging DMS
1. **Increase log verbosity**: Very helpful for troubleshooting problems during container startup. Set the environment variable [`LOG_LEVEL`][docs-environment-log-level] to `debug` or `trace`.
@@ -47,8 +79,7 @@ To get a shell inside the container run: `docker exec -it bash`
If you need more flexibility than what the `docker logs` command offers, then the most useful locations to get relevant DMS logs within the container are:
-- `/var/log/mail/mail.log`
-- `/var/log/mail/mail/.log`
+- `/var/log/mail/.log`
- `/var/log/supervisor/.log`
You may use `nano` (a text editor) to edit files, while `less` (a file viewer) and `tail`/`cat` are useful tools to inspect the contents of logs.
@@ -74,6 +105,7 @@ This could be from outdated software, or running a system that isn't able to pro
### System
+- **macOS:** DMS has limited support for macOS. Often an issue encountered is due to permissions related to the `volumes` config in `compose.yaml`. You may have luck [trying `gRPC FUSE`][gh-macos-support] as the file sharing implementation; [`VirtioFS` is the successor][docker-macos-virtiofs] but presently appears incompatible with DMS.
- **Kernel:** Some systems provide [kernels with modifications (_replacing defaults and backporting patches_)][network::kernels-modified] to support running legacy software or kernels, complicating compatibility. This can be commonly experienced with products like NAS.
- **CGroups v2:** Hosts running older kernels (prior to 5.2) and systemd (prior to v244) are not likely to leverage cgroup v2, or have not defaulted to the cgroup v2 `unified` hierarchy. Not meeting this baseline may influence the behaviour of your DMS container, even with the latest Docker Engine installed.
- **Container runtime:** Docker and Podman for example have subtle differences. DMS docs are primarily focused on Docker, but we try to document known issues where relevant.
@@ -86,13 +118,20 @@ This could be from outdated software, or running a system that isn't able to pro
[network::kernels-modified]: https://github.com/docker-mailserver/docker-mailserver/pull/2662#issuecomment-1168435970
[network::kernel-nftables]: https://unix.stackexchange.com/questions/596493/can-nftables-and-iptables-ip6tables-rules-be-applied-at-the-same-time-if-so-wh/596497#596497
-[docs-faq]: ../faq.md
[docs-environment-log-level]: ./environment.md#log_level
+[docs-faq]: ../faq.md
+[docs::faq-bare-domain]: ../faq.md#can-i-use-a-nakedbare-domain-ie-no-hostname
[docs-ipv6]: ./advanced/ipv6.md
[docs-introduction]: ../introduction.md
+[docs-rootless-portdriver]: ./security/fail2ban.md#running-inside-a-rootless-container
[docs-usage]: ../usage.md
+
[gh-issues]: https://github.com/docker-mailserver/docker-mailserver/issues
+[gh-issues::dms-fqdn-misconfigured]: https://github.com/docker-mailserver/docker-mailserver/issues/3679#issuecomment-1837609043
+[gh-issues::dms-services-unavailable]: https://github.com/docker-mailserver/docker-mailserver/issues/3679#issuecomment-1848083358
+[gh-macos-support]: https://github.com/docker-mailserver/docker-mailserver/issues/3648#issuecomment-1822774080
[gh-discuss-roundcube-fail2ban]: https://github.com/orgs/docker-mailserver/discussions/3273#discussioncomment-5654603
[docker-rootless-interface]: https://github.com/moby/moby/issues/45742
-[docs-rootless-portdriver]: ./security/fail2ban.md#running-inside-a-rootless-container
+[docker-macos-virtiofs]: https://www.docker.com/blog/speed-boost-achievement-unlocked-on-docker-desktop-4-6-for-mac/
+[docker-docs::force-recreate]: https://docs.docker.com/compose/reference/up/
diff --git a/docs/content/config/environment.md b/docs/content/config/environment.md
index 0734d31a..8544853e 100644
--- a/docs/content/config/environment.md
+++ b/docs/content/config/environment.md
@@ -140,9 +140,14 @@ Enabled `policyd-spf` in Postfix's configuration. You will likely want to set th
##### ENABLE_POP3
-- **empty** => POP3 service disabled
+- **0** => POP3 service disabled
- 1 => Enables POP3 service
+##### ENABLE_IMAP
+
+- 0 => Disabled
+- **1** => Enabled
+
##### ENABLE_CLAMAV
- **0** => ClamAV is disabled
@@ -232,9 +237,9 @@ Provide any valid URI. Examples:
- `lmtps:inet::` (secure lmtp with starttls)
- `lmtp::2003` (use kopano as mailstore)
-##### POSTFIX\_MAILBOX\_SIZE\_LIMIT
+##### POSTFIX_MAILBOX_SIZE_LIMIT
-Set the mailbox size limit for all users. If set to zero, the size will be unlimited (default).
+Set the mailbox size limit for all users. If set to zero, the size will be unlimited (default). Size is in bytes.
- **empty** => 0 (no limit)
@@ -245,9 +250,9 @@ Set the mailbox size limit for all users. If set to zero, the size will be unlim
See [mailbox quota][docs-accounts-quota].
-##### POSTFIX\_MESSAGE\_SIZE\_LIMIT
+##### POSTFIX_MESSAGE_SIZE_LIMIT
-Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!)
+Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!). Size is in bytes.
- **empty** => 10240000 (~10 MB)
@@ -375,6 +380,10 @@ The purpose of this setting is to opt-out of starting an internal Redis instance
This settings controls whether checks should be performed on emails coming from authenticated users (i.e. most likely outgoing emails). The default value is `0` in order to align better with SpamAssassin. **We recommend** reading through [the Rspamd documentation on scanning outbound emails][rspamd-scanning-outbound] though to decide for yourself whether you need and want this feature.
+!!! note "Not all checks and actions are disabled"
+
+ DKIM signing of e-mails will still happen.
+
- **0** => No checks will be performed for authenticated users
- 1 => All default checks will be performed for authenticated users
diff --git a/docs/content/config/security/rspamd.md b/docs/content/config/security/rspamd.md
index 442e5e78..fe9bd5ea 100644
--- a/docs/content/config/security/rspamd.md
+++ b/docs/content/config/security/rspamd.md
@@ -8,10 +8,6 @@ Rspamd is a ["fast, free and open-source spam filtering system"][rspamd-homepage
If you want to have a look at the default configuration files for Rspamd that DMS packs, navigate to [`target/rspamd/` inside the repository][dms-default-configuration]. Please consult the [section "The Default Configuration"](#the-default-configuration) section down below for a written overview.
-!!! note "AMD64 vs ARM64"
-
- We are currently doing a best-effort installation of Rspamd for ARM64 (from the Debian backports repository for Debian 11). The current version difference as of 23rd Apr 2023: AMD64 is at version 3.5 | ARM64 is at version 3.4.
-
[rspamd-homepage]: https://rspamd.com/
[dms-default-configuration]: https://github.com/docker-mailserver/docker-mailserver/tree/master/target/rspamd
diff --git a/docs/content/contributing/tests.md b/docs/content/contributing/tests.md
index 6f649529..8816a228 100644
--- a/docs/content/contributing/tests.md
+++ b/docs/content/contributing/tests.md
@@ -78,6 +78,10 @@ We use `make` to run commands.
When writing tests, ensure that parallel set tests still pass when run in parallel. You need to account for other tests running in parallel that may interfere with your own tests logic.
+!!! tip
+
+ You may use `make run-local-instance` to run a version of the image built locally to test and edit your changes in a running DMS instance.
+
### An Example
In this example, you've made a change to the Rspamd feature support (_or adjusted it's tests_). First verify no regressions have been introduced by running it's specific test file:
diff --git a/docs/content/examples/tutorials/crowdsec.md b/docs/content/examples/tutorials/crowdsec.md
new file mode 100644
index 00000000..2e8efe06
--- /dev/null
+++ b/docs/content/examples/tutorials/crowdsec.md
@@ -0,0 +1,74 @@
+---
+title: 'Tutorials | Crowdsec'
+---
+
+!!! quote "What is Crowdsec?"
+
+ Crowdsec is an open source software that detects and blocks attackers using log analysis.
+ It has access to a global community-wide IP reputation database.
+
+ [Source](https://www.crowdsec.net)
+
+## Installation
+
+Crowdsec supports multiple [installation methods][crowdsec-installation-docs], however this page will use the docker installation.
+
+
+### Docker mailserver
+
+In your `compose.yaml` for the DMS service, add a bind mount volume for `/var/log/mail`. This is to share the DMS logs to a separate crowdsec container.
+
+!!! example
+ ```yaml
+ services:
+ mailserver:
+ - /docker-data/dms/mail-logs/:/var/log/mail/
+ ```
+
+### Crowdsec
+
+The crowdsec container should also bind mount the same host path for the DMS logs that was added in the DMS example above.
+
+```yaml
+services:
+ image: crowdsecurity/crowdsec
+ restart: unless-stopped
+ ports:
+ - "8080:8080"
+ - "6060:6060"
+ volumes:
+ - /docker-data/dms/mail-logs/:/var/log/dms:ro
+ - ./acquis.d:/etc/crowdsec/acquis.d
+ - crowdsec-db:/var/lib/crowdsec/data/
+ environment:
+ # These collection contains parsers and scenarios for postfix and dovecot
+ COLLECTIONS: crowdsecurity/postfix crowdsecurity/dovecot
+ TZ: Europe/Paris
+volumes:
+ crowdsec-db:
+```
+
+## Configuration
+
+Configure crowdsec to read and parse DMS logs file.
+
+!!! example
+
+ Create the file `dms.yml` in `./acquis.d/`
+
+ ```yaml
+ ---
+ source: file
+ filenames:
+ - /var/log/dms/mail.log
+ labels:
+ type: syslog
+ ```
+
+!!! warning Bouncers
+
+ Crowdsec on its own is just a detection software, the remediation is done by components called bouncers.
+ This page does not explain how to install or configure a bouncer. It can be found in [crowdsec documentation][crowdsec-bouncer-docs].
+
+[crowdsec-installation-docs]: https://doc.crowdsec.net/docs/getting_started/install_crowdsec
+[crowdsec-bouncer-docs]: https://doc.crowdsec.net/docs/bouncers/intro
diff --git a/docs/content/examples/tutorials/docker-build.md b/docs/content/examples/tutorials/docker-build.md
index fc6d5c37..538da822 100644
--- a/docs/content/examples/tutorials/docker-build.md
+++ b/docs/content/examples/tutorials/docker-build.md
@@ -10,7 +10,7 @@ You'll need to retrieve the git submodules prior to building your own Docker ima
```sh
git submodule update --init --recursive
-docker build -t .
+docker build --tag .
```
Or, you can clone and retrieve the submodules in one command:
@@ -21,19 +21,26 @@ git clone --recurse-submodules https://github.com/docker-mailserver/docker-mails
### About Docker
-#### Version
+#### Minimum supported version
-We make use of build-features that require a recent version of Docker. Depending on your distribution, please have a look at [the official installation documentation for Docker](https://docs.docker.com/engine/install/) to get the latest version. Otherwise, you may encounter issues, for example with the `--link` flag for a [`#!dockerfile COPY`](https://docs.docker.com/engine/reference/builder/#copy) command.
+We make use of build features that require a recent version of Docker. v23.0 or newer is advised, but earlier releases may work.
-#### Environment
+- To get the latest version for your distribution, please have a look at [the official installation documentation for Docker](https://docs.docker.com/engine/install/).
+- If you are using a version of Docker prior to v23.0, you will need to enable BuildKit via the ENV [`DOCKER_BUILDKIT=1`](https://docs.docker.com/build/buildkit/#getting-started).
-If you are not using `make` to build the image, note that you will need to provide `DOCKER_BUILDKIT=1` to the `docker build` command for the build to succeed.
+#### Build Arguments (Optional)
-#### Build Arguments
+The `Dockerfile` includes several build [`ARG`][docker-docs::builder-arg] instructions that can be configured:
-The `Dockerfile` takes additional, so-called build arguments. These are
+- `DOVECOT_COMMUNITY_REPO`: Install Dovecot from the community repo instead of from Debian (default = 1)
+- `DMS_RELEASE`: The image version (default = edge)
+- `VCS_REVISION`: The git commit hash used for the build (default = unknown)
-1. `VCS_VERSION`: the image version (default = edge)
-2. `VCS_REVISION`: the image revision (default = unknown)
+!!! note
-When using `make` to build the image, these are filled with proper values. You can build the image without supplying these arguments just fine though.
+ - `DMS_RELEASE` (_when not `edge`_) will be used to check for updates from our GH releases page at runtime due to the default feature [`ENABLE_UPDATE_CHECK=1`][docs::env-update-check].
+ - Both `DMS_RELEASE` and `VCS_REVISION` are also used with `opencontainers` metadata [`LABEL`][docker-docs::builder-label] instructions.
+
+[docs::env-update-check]: https://docker-mailserver.github.io/docker-mailserver/latest/config/environment/#enable_update_check
+[docker-docs::builder-arg]: https://docs.docker.com/engine/reference/builder/#using-arg-variables
+[docker-docs::builder-label]: https://docs.docker.com/engine/reference/builder/#label
diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml
index 56a922d2..0f1fd971 100644
--- a/docs/mkdocs.yml
+++ b/docs/mkdocs.yml
@@ -158,6 +158,7 @@ nav:
- 'Tutorials':
- 'Basic Installation': examples/tutorials/basic-installation.md
- 'Mailserver behind Proxy': examples/tutorials/mailserver-behind-proxy.md
+ - 'Crowdsec': examples/tutorials/crowdsec.md
- 'Building your own Docker image': examples/tutorials/docker-build.md
- 'Blog Posts': examples/tutorials/blog-posts.md
- 'Use Cases':
diff --git a/mailserver.env b/mailserver.env
index ffbbe94c..0462652d 100644
--- a/mailserver.env
+++ b/mailserver.env
@@ -119,10 +119,16 @@ ENABLE_OPENDMARC=1
# - **1** => Enabled
ENABLE_POLICYD_SPF=1
-# 1 => Enables POP3 service
-# empty => disables POP3
+# Enables POP3 service
+# - **0** => Disabled
+# - 1 => Enabled
ENABLE_POP3=
+# Enables IMAP service
+# - 0 => Disabled
+# - **1** => Enabled
+ENABLE_IMAP=1
+
# Enables ClamAV, and anti-virus scanner.
# 1 => Enabled
# **0** => Disabled
@@ -153,6 +159,8 @@ RSPAMD_LEARN=0
# is `0` in order to align better with SpamAssassin. We recommend reading
# through https://rspamd.com/doc/tutorials/scanning_outbound.html though to
# decide for yourself whether you need and want this feature.
+#
+# Note that DKIM signing of e-mails will still happen.
RSPAMD_CHECK_AUTHENTICATED=0
# Controls whether the Rspamd Greylisting module is enabled.
@@ -246,7 +254,7 @@ VIRUSMAILS_DELETE_DELAY=
# `lmtp::2003` (use kopano as mailstore)
POSTFIX_DAGENT=
-# Set the mailbox size limit for all users. If set to zero, the size will be unlimited (default).
+# Set the mailbox size limit for all users. If set to zero, the size will be unlimited (default). Size is in bytes.
#
# empty => 0
POSTFIX_MAILBOX_SIZE_LIMIT=
@@ -256,7 +264,7 @@ POSTFIX_MAILBOX_SIZE_LIMIT=
# 1 => Dovecot quota is enabled
ENABLE_QUOTAS=1
-# Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!)
+# Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!). Size is in bytes.
#
# empty => 10240000 (~10 MB)
POSTFIX_MESSAGE_SIZE_LIMIT=
diff --git a/target/bin/setquota b/target/bin/setquota
index 5b2bba41..039421b2 100755
--- a/target/bin/setquota
+++ b/target/bin/setquota
@@ -59,10 +59,14 @@ function _quota_request_if_missing() {
fi
}
+
+# Dovecot docs incorrectly refer to these units with names for SI types (base 10),
+# But then mentions they're actually treated as IEC type (base 2):
+# https://doc.dovecot.org/settings/types/#size
function _quota_unit_is_valid() {
if ! grep -qE "^([0-9]+(B|k|M|G|T)|0)\$" <<< "${QUOTA}"; then
__usage
- _exit_with_error 'Invalid quota format. e.g. 302M (B (byte), k (kilobyte), M (megabyte), G (gigabyte) or T (terabyte))'
+ _exit_with_error 'Invalid quota format. e.g. 302M (B (byte), k (kibibyte), M (mebibyte), G (gibibyte) or T (tebibyte))'
fi
}
diff --git a/target/postfix/main.cf b/target/postfix/main.cf
index 405dc0fb..a9230347 100644
--- a/target/postfix/main.cf
+++ b/target/postfix/main.cf
@@ -57,6 +57,12 @@ smtpd_sender_restrictions = $dms_smtpd_sender_restrictions
smtpd_discard_ehlo_keywords = silent-discard, dsn
disable_vrfy_command = yes
+# Security - Prevent SMTP Smuggling attack
+# https://www.postfix.org/smtp-smuggling.html#long
+smtpd_forbid_bare_newline = yes
+# It is possible to exclude clients on trusted networks from this restriction (the upstream default is `$mynetwork`):
+# smtpd_forbid_bare_newline_exclusions = $mynetworks
+
# Custom defined parameters for DMS:
dms_smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain
# Submission ports 587 and 465 support for SPOOF_PROTECTION=1
@@ -88,10 +94,10 @@ smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes
-# Mail directory
-virtual_transport = lmtp:unix:/var/run/dovecot/lmtp
+# Postfix lookup tables for verifying valid users and managed mail domains:
+# Populated during startup in: scripts/helpers/postfix.sh
virtual_mailbox_domains = /etc/postfix/vhost
-virtual_mailbox_maps = texthash:/etc/postfix/vmailbox
+# Populated during startup in: scripts/helpers/aliases.sh
virtual_alias_maps = texthash:/etc/postfix/virtual
# Milters used by DKIM
diff --git a/target/rspamd/local.d/settings.conf b/target/rspamd/local.d/settings.conf
index 4f635e74..10c4de88 100644
--- a/target/rspamd/local.d/settings.conf
+++ b/target/rspamd/local.d/settings.conf
@@ -6,7 +6,7 @@ authenticated {
priority = high;
authenticated = yes;
apply {
- groups_enabled = [];
+ groups_enabled = [dkim];
}
}
# DMS::SED_TAG::1::END
diff --git a/target/scripts/build/packages.sh b/target/scripts/build/packages.sh
index 7b980dde..3e46cda7 100644
--- a/target/scripts/build/packages.sh
+++ b/target/scripts/build/packages.sh
@@ -80,7 +80,7 @@ function _install_packages() {
# `bind9-dnsutils` provides the `dig` command
# `iputils-ping` provides the `ping` command
DEBUG_PACKAGES=(
- bind9-dnsutils iputils-ping less nano
+ bind9-dnsutils iputils-ping less nano swaks
)
apt-get "${QUIET}" --no-install-recommends install \
@@ -130,29 +130,14 @@ function _install_dovecot() {
function _install_rspamd() {
_log 'trace' 'Adding Rspamd package signatures'
local DEB_FILE='/etc/apt/sources.list.d/rspamd.list'
- local RSPAMD_PACKAGE_NAME
- # We try getting the most recent version of Rspamd for aarch64 (from an official source, which
- # is the backports repository). The version for aarch64 is 3.2; the most recent version for amd64
- # that we get with the official PPA is 3.4.
- #
- # Not removing it later is fine as you have to explicitly opt into installing a backports package
- # which is not something you could be doing by accident.
- if [[ $(uname --machine) == 'aarch64' ]]; then
- echo '# Official Rspamd PPA does not support aarch64, so we use the Bullseye backports' >"${DEB_FILE}"
- echo 'deb [arch=arm64] http://deb.debian.org/debian bullseye-backports main' >>"${DEB_FILE}"
- RSPAMD_PACKAGE_NAME='rspamd/bullseye-backports'
- else
- curl -sSfL https://rspamd.com/apt-stable/gpg.key | gpg --dearmor >/etc/apt/trusted.gpg.d/rspamd.gpg
- local URL='[arch=amd64 signed-by=/etc/apt/trusted.gpg.d/rspamd.gpg] http://rspamd.com/apt-stable/ bullseye main'
- echo "deb ${URL}" >"${DEB_FILE}"
- echo "deb-src ${URL}" >>"${DEB_FILE}"
- RSPAMD_PACKAGE_NAME='rspamd'
- fi
+ curl -sSfL https://rspamd.com/apt-stable/gpg.key | gpg --dearmor >/etc/apt/trusted.gpg.d/rspamd.gpg
+ local URL='[signed-by=/etc/apt/trusted.gpg.d/rspamd.gpg] http://rspamd.com/apt-stable/ bullseye main'
+ echo "deb ${URL}" >"${DEB_FILE}"
_log 'debug' 'Installing Rspamd'
apt-get "${QUIET}" update
- apt-get "${QUIET}" --no-install-recommends install "${RSPAMD_PACKAGE_NAME}" 'redis-server'
+ apt-get "${QUIET}" --no-install-recommends install 'rspamd' 'redis-server'
}
function _install_fail2ban() {
@@ -205,6 +190,11 @@ function _install_getmail() {
apt-get "${QUIET}" autoremove
}
+function _install_utils() {
+ _log 'debug' 'Installing utils sourced from Github'
+ curl -sL https://github.com/01mf02/jaq/releases/latest/download/jaq-v1.2.0-x86_64-unknown-linux-musl -o /usr/bin/jaq && chmod +x /usr/bin/jaq
+}
+
function _remove_data_after_package_installations() {
_log 'debug' 'Deleting sensitive files (secrets)'
rm /etc/postsrsd.secret
@@ -228,5 +218,6 @@ _install_dovecot
_install_rspamd
_install_fail2ban
_install_getmail
+_install_utils
_remove_data_after_package_installations
_post_installation_steps
diff --git a/target/scripts/helpers/aliases.sh b/target/scripts/helpers/aliases.sh
index 0890d994..04a56da3 100644
--- a/target/scripts/helpers/aliases.sh
+++ b/target/scripts/helpers/aliases.sh
@@ -23,6 +23,7 @@ function _handle_postfix_virtual_config() {
fi
}
+# TODO: Investigate why this file is always created, nothing seems to append only the cp below?
function _handle_postfix_regexp_config() {
: >/etc/postfix/regexp
diff --git a/target/scripts/start-mailserver.sh b/target/scripts/start-mailserver.sh
index 0f43ff84..49b13087 100755
--- a/target/scripts/start-mailserver.sh
+++ b/target/scripts/start-mailserver.sh
@@ -91,20 +91,22 @@ function _register_functions() {
_register_setup_function '_setup_dovecot_hostname'
_register_setup_function '_setup_postfix_early'
- _register_setup_function '_setup_fetchmail'
- _register_setup_function '_setup_fetchmail_parallel'
- # needs to come after _setup_postfix_early
+ # Dependent upon _setup_postfix_early first calling _create_aliases
+ # Due to conditional check for /etc/postfix/regexp
_register_setup_function '_setup_spoof_protection'
- _register_setup_function '_setup_getmail'
+ _register_setup_function '_setup_postfix_late'
if [[ ${ENABLE_SRS} -eq 1 ]]; then
_register_setup_function '_setup_SRS'
_register_start_daemon '_start_daemon_postsrsd'
fi
- _register_setup_function '_setup_postfix_late'
+ _register_setup_function '_setup_fetchmail'
+ _register_setup_function '_setup_fetchmail_parallel'
+ _register_setup_function '_setup_getmail'
+
_register_setup_function '_setup_logrotate'
_register_setup_function '_setup_mail_summary'
_register_setup_function '_setup_logwatch'
@@ -125,7 +127,13 @@ function _register_functions() {
[[ ${SMTP_ONLY} -ne 1 ]] && _register_start_daemon '_start_daemon_dovecot'
- [[ ${ENABLE_UPDATE_CHECK} -eq 1 ]] && _register_start_daemon '_start_daemon_update_check'
+ if [[ ${ENABLE_UPDATE_CHECK} -eq 1 ]]; then
+ if [[ ${DMS_RELEASE} != 'edge' ]]; then
+ _register_start_daemon '_start_daemon_update_check'
+ else
+ _log 'warn' "ENABLE_UPDATE_CHECK=1 is configured, but image is not a stable release. Update-Check is disabled."
+ fi
+ fi
# The order here matters: Since Rspamd is using Redis, Redis should be started before Rspamd.
[[ ${ENABLE_RSPAMD_REDIS} -eq 1 ]] && _register_start_daemon '_start_daemon_rspamd_redis'
@@ -158,7 +166,7 @@ function _register_functions() {
_early_supervisor_setup
_early_variables_setup
-_log 'info' "Welcome to docker-mailserver $(