mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
docs: misc improvements (#3773)
* correct misc typos We also seem to be favoring `behavior` over `behaviour`. * bump MkDocs version * resolve errors shown when buildg docs * improve the Rspamd page * behaviour -> behavior Streamline the usage of this word. The majority used behavior, so I opted to go with this way of spelling it. * Apply suggestions from code review --------- Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
This commit is contained in:
parent
2bf5234250
commit
068ceb1d1a
2
.github/workflows/scripts/docs/build-docs.sh
vendored
2
.github/workflows/scripts/docs/build-docs.sh
vendored
|
@ -10,7 +10,7 @@ docker run \
|
||||||
--user "$(id -u):$(id -g)" \
|
--user "$(id -u):$(id -g)" \
|
||||||
--volume "${PWD}:/docs" \
|
--volume "${PWD}:/docs" \
|
||||||
--name "build-docs" \
|
--name "build-docs" \
|
||||||
squidfunk/mkdocs-material:9.2 build --strict
|
squidfunk/mkdocs-material:9.5 build --strict
|
||||||
|
|
||||||
# Remove unnecessary build artifacts: https://github.com/squidfunk/mkdocs-material/issues/2519
|
# Remove unnecessary build artifacts: https://github.com/squidfunk/mkdocs-material/issues/2519
|
||||||
# site/ is the build output folder.
|
# site/ is the build output folder.
|
||||||
|
|
|
@ -33,6 +33,7 @@ All notable changes to this project will be documented in this file. The format
|
||||||
- symbol scores for SPF, DKIM & DMARC were updated to more closely align with [RFC7489](https://www.rfc-editor.org/rfc/rfc7489#page-24); please note though that complete alignment is undesirable, because other symbols might be added as well, which changes the overall score calculation again, see [this issue](https://github.com/docker-mailserver/docker-mailserver/issues/3690#issuecomment-1866871996)
|
- symbol scores for SPF, DKIM & DMARC were updated to more closely align with [RFC7489](https://www.rfc-editor.org/rfc/rfc7489#page-24); please note though that complete alignment is undesirable, because other symbols might be added as well, which changes the overall score calculation again, see [this issue](https://github.com/docker-mailserver/docker-mailserver/issues/3690#issuecomment-1866871996)
|
||||||
- **Docs:**
|
- **Docs:**
|
||||||
- Revised the SpamAssassin ENV docs to better communicate configuration and their relation to other ENV settings. ([#3756](https://github.com/docker-mailserver/docker-mailserver/pull/3756))
|
- Revised the SpamAssassin ENV docs to better communicate configuration and their relation to other ENV settings. ([#3756](https://github.com/docker-mailserver/docker-mailserver/pull/3756))
|
||||||
|
- Detailed how mail received is assigned a spam score by Rspamd and processed accordingly ([#3773](https://github.com/docker-mailserver/docker-mailserver/pull/3773))
|
||||||
|
|
||||||
### Fixes
|
### Fixes
|
||||||
|
|
||||||
|
|
|
@ -56,7 +56,7 @@ These variables specify the LDAP filters that dovecot uses to determine if a use
|
||||||
This is split into the following two lookups, both using `%u` as the placeholder for the full login name ([see dovecot documentation for a full list of placeholders](https://doc.dovecot.org/configuration_manual/config_file/config_variables/)). Usually you only need to set `DOVECOT_USER_FILTER`, in which case it will be used for both filters.
|
This is split into the following two lookups, both using `%u` as the placeholder for the full login name ([see dovecot documentation for a full list of placeholders](https://doc.dovecot.org/configuration_manual/config_file/config_variables/)). Usually you only need to set `DOVECOT_USER_FILTER`, in which case it will be used for both filters.
|
||||||
|
|
||||||
- `DOVECOT_USER_FILTER` is used to get the account details (uid, gid, home directory, quota, ...) of a user.
|
- `DOVECOT_USER_FILTER` is used to get the account details (uid, gid, home directory, quota, ...) of a user.
|
||||||
- `DOVECOT_PASS_FILTER` is used to get the password information of the user, and is in pretty much all cases identical to `DOVECOT_USER_FILTER` (which is the default behaviour if left away).
|
- `DOVECOT_PASS_FILTER` is used to get the password information of the user, and is in pretty much all cases identical to `DOVECOT_USER_FILTER` (which is the default behavior if left away).
|
||||||
|
|
||||||
If your directory doesn't have the [postfix-book schema](https://github.com/variablenix/ldap-mail-schema/blob/master/postfix-book.schema) installed, then you must change the internal attribute handling for dovecot. For this you have to change the `pass_attr` and the `user_attr` mapping, as shown in the example below:
|
If your directory doesn't have the [postfix-book schema](https://github.com/variablenix/ldap-mail-schema/blob/master/postfix-book.schema) installed, then you must change the internal attribute handling for dovecot. For this you have to change the `pass_attr` and the `user_attr` mapping, as shown in the example below:
|
||||||
|
|
||||||
|
|
|
@ -60,7 +60,7 @@ Enable `ip6tables` support so that Docker will manage IPv6 networking rules as w
|
||||||
```
|
```
|
||||||
|
|
||||||
- `experimental: true` is currently required for `ip6tables: true` to work.
|
- `experimental: true` is currently required for `ip6tables: true` to work.
|
||||||
- `userland-proxy` setting [can potentially affect connection behaviour][gh-pull-3244-proxy] for local connections.
|
- `userland-proxy` setting [can potentially affect connection behavior][gh-pull-3244-proxy] for local connections.
|
||||||
|
|
||||||
Now restart the daemon if it's running: `systemctl restart docker`.
|
Now restart the daemon if it's running: `systemctl restart docker`.
|
||||||
|
|
||||||
|
@ -99,7 +99,7 @@ Next, configure a network with an IPv6 subnet for your container with any of the
|
||||||
|
|
||||||
??? tip "Override the implicit `default` network"
|
??? tip "Override the implicit `default` network"
|
||||||
|
|
||||||
You can optionally avoid the service assignment by [overriding the `default` user-defined network that Docker Compose generates](docker-docs-network-compose-default). Just replace `dms-ipv6` with `default`.
|
You can optionally avoid the service assignment by [overriding the `default` user-defined network that Docker Compose generates][docker-docs-network-compose-default]. Just replace `dms-ipv6` with `default`.
|
||||||
|
|
||||||
The Docker Compose `default` bridge is not affected by settings for the default `bridge` (aka `docker0`) in `/etc/docker/daemon.json`.
|
The Docker Compose `default` bridge is not affected by settings for the default `bridge` (aka `docker0`) in `/etc/docker/daemon.json`.
|
||||||
|
|
||||||
|
|
|
@ -35,7 +35,7 @@ This is a list of all configuration files and directories which are optional or
|
||||||
- **whitelist_clients.local:** Whitelisted domains, not considered by postgrey. Enter one host or domain per line.
|
- **whitelist_clients.local:** Whitelisted domains, not considered by postgrey. Enter one host or domain per line.
|
||||||
- **spamassassin-rules.cf:** Anti-spam rules for Spamassassin. (Docs: [FAQ - SpamAssassin Rules][docs-faq-spamrules])
|
- **spamassassin-rules.cf:** Anti-spam rules for Spamassassin. (Docs: [FAQ - SpamAssassin Rules][docs-faq-spamrules])
|
||||||
- **fail2ban-fail2ban.cf:** Additional config options for `fail2ban.cf`. (Docs: [Fail2Ban][docs-fail2ban])
|
- **fail2ban-fail2ban.cf:** Additional config options for `fail2ban.cf`. (Docs: [Fail2Ban][docs-fail2ban])
|
||||||
- **fail2ban-jail.cf:** Additional config options for fail2ban's jail behaviour. (Docs: [Fail2Ban][docs-fail2ban])
|
- **fail2ban-jail.cf:** Additional config options for fail2ban's jail behavior. (Docs: [Fail2Ban][docs-fail2ban])
|
||||||
- **amavis.cf:** replaces the `/etc/amavis/conf.d/50-user` file
|
- **amavis.cf:** replaces the `/etc/amavis/conf.d/50-user` file
|
||||||
- **dovecot.cf:** replaces `/etc/dovecot/local.conf`. (Docs: [Override Dovecot Defaults][docs-override-dovecot])
|
- **dovecot.cf:** replaces `/etc/dovecot/local.conf`. (Docs: [Override Dovecot Defaults][docs-override-dovecot])
|
||||||
- **dovecot-quotas.cf:** list of custom quotas per mailbox. (Docs: [Accounts][docs-accounts-quota])
|
- **dovecot-quotas.cf:** list of custom quotas per mailbox. (Docs: [Accounts][docs-accounts-quota])
|
||||||
|
|
|
@ -107,7 +107,7 @@ The `PERMIT_DOCKER` variable in the `mailserver.env` file allows to specify trus
|
||||||
#### Use the slip4netns network driver
|
#### Use the slip4netns network driver
|
||||||
|
|
||||||
The second workaround is slightly more complicated because the `compose.yaml` has to be modified.
|
The second workaround is slightly more complicated because the `compose.yaml` has to be modified.
|
||||||
As shown in the [fail2ban section](../../security/fail2ban/#podman-with-slirp4netns-port-driver) the `slirp4netns` network driver has to be enabled.
|
As shown in the [fail2ban section](../security/fail2ban.md#podman-with-slirp4netns-port-driver) the `slirp4netns` network driver has to be enabled.
|
||||||
This network driver enables podman to correctly resolve IP addresses but it is not compatible with
|
This network driver enables podman to correctly resolve IP addresses but it is not compatible with
|
||||||
user defined networks which might be a problem depending on your setup.
|
user defined networks which might be a problem depending on your setup.
|
||||||
|
|
||||||
|
|
|
@ -107,9 +107,9 @@ This could be from outdated software, or running a system that isn't able to pro
|
||||||
|
|
||||||
- **macOS:** DMS has limited support for macOS. Often an issue encountered is due to permissions related to the `volumes` config in `compose.yaml`. You may have luck [trying `gRPC FUSE`][gh-macos-support] as the file sharing implementation; [`VirtioFS` is the successor][docker-macos-virtiofs] but presently appears incompatible with DMS.
|
- **macOS:** DMS has limited support for macOS. Often an issue encountered is due to permissions related to the `volumes` config in `compose.yaml`. You may have luck [trying `gRPC FUSE`][gh-macos-support] as the file sharing implementation; [`VirtioFS` is the successor][docker-macos-virtiofs] but presently appears incompatible with DMS.
|
||||||
- **Kernel:** Some systems provide [kernels with modifications (_replacing defaults and backporting patches_)][network::kernels-modified] to support running legacy software or kernels, complicating compatibility. This can be commonly experienced with products like NAS.
|
- **Kernel:** Some systems provide [kernels with modifications (_replacing defaults and backporting patches_)][network::kernels-modified] to support running legacy software or kernels, complicating compatibility. This can be commonly experienced with products like NAS.
|
||||||
- **CGroups v2:** Hosts running older kernels (prior to 5.2) and systemd (prior to v244) are not likely to leverage cgroup v2, or have not defaulted to the cgroup v2 `unified` hierarchy. Not meeting this baseline may influence the behaviour of your DMS container, even with the latest Docker Engine installed.
|
- **CGroups v2:** Hosts running older kernels (prior to 5.2) and systemd (prior to v244) are not likely to leverage cgroup v2, or have not defaulted to the cgroup v2 `unified` hierarchy. Not meeting this baseline may influence the behavior of your DMS container, even with the latest Docker Engine installed.
|
||||||
- **Container runtime:** Docker and Podman for example have subtle differences. DMS docs are primarily focused on Docker, but we try to document known issues where relevant.
|
- **Container runtime:** Docker and Podman for example have subtle differences. DMS docs are primarily focused on Docker, but we try to document known issues where relevant.
|
||||||
- **Rootless containers:** Introduces additional differences in behaviour or requirements:
|
- **Rootless containers:** Introduces additional differences in behavior or requirements:
|
||||||
- cgroup v2 is required for supporting rootless containers.
|
- cgroup v2 is required for supporting rootless containers.
|
||||||
- Differences such as for container networking which may further affect support for IPv6 and preserving the client IP (Remote address). Example with Docker rootless are [binding a port to a specific interface][docker-rootless-interface] and the choice of [port forwarding driver][docs-rootless-portdriver].
|
- Differences such as for container networking which may further affect support for IPv6 and preserving the client IP (Remote address). Example with Docker rootless are [binding a port to a specific interface][docker-rootless-interface] and the choice of [port forwarding driver][docs-rootless-portdriver].
|
||||||
|
|
||||||
|
|
|
@ -560,7 +560,7 @@ Changes the interval in which log files are rotated.
|
||||||
|
|
||||||
The Amavis action configured by this setting:
|
The Amavis action configured by this setting:
|
||||||
|
|
||||||
- Influences the behaviour of the [`SA_KILL`](#sa_kill) setting.
|
- Influences the behavior of the [`SA_KILL`](#sa_kill) setting.
|
||||||
- Applies to the Amavis config parameters `$final_spam_destiny` and `$final_bad_header_destiny`.
|
- Applies to the Amavis config parameters `$final_spam_destiny` and `$final_bad_header_destiny`.
|
||||||
|
|
||||||
!!! note "This ENV setting is related to"
|
!!! note "This ENV setting is related to"
|
||||||
|
|
|
@ -22,15 +22,59 @@ The following environment variables are related to Rspamd:
|
||||||
5. [`RSPAMD_HFILTER`](../environment.md#rspamd_hfilter)
|
5. [`RSPAMD_HFILTER`](../environment.md#rspamd_hfilter)
|
||||||
6. [`RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE`](../environment.md#rspamd_hfilter_hostname_unknown_score)
|
6. [`RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE`](../environment.md#rspamd_hfilter_hostname_unknown_score)
|
||||||
7. [`RSPAMD_LEARN`](../environment.md#rspamd_learn)
|
7. [`RSPAMD_LEARN`](../environment.md#rspamd_learn)
|
||||||
8. [`MOVE_SPAM_TO_JUNK`](../environment.md#move_spam_to_junk)
|
8. [`MOVE_SPAM_TO_JUNK`][docs-spam-to-junk]
|
||||||
9. [`MARK_SPAM_AS_READ`](../environment.md#mark_spam_as_read)
|
9. [`MARK_SPAM_AS_READ`](../environment.md#mark_spam_as_read)
|
||||||
|
|
||||||
With these variables, you can enable Rspamd itself and you can enable / disable certain features related to Rspamd.
|
With these variables, you can enable Rspamd itself, and you can enable / disable certain features related to Rspamd.
|
||||||
|
|
||||||
|
[docs-spam-to-junk]: ../environment.md#move_spam_to_junk
|
||||||
|
|
||||||
## The Default Configuration
|
## The Default Configuration
|
||||||
|
|
||||||
### Mode of Operation
|
### Mode of Operation
|
||||||
|
|
||||||
|
!!! tip "Attention"
|
||||||
|
|
||||||
|
Read this section carefully if you want to understand how Rspamd is integrated into DMS and how it works (on a surface level).
|
||||||
|
|
||||||
|
Rspamd is integrated as a milter into DMS. When enabled, Postfix's `main.cf` configuration file includes the parameter `rspamd_milter = inet:localhost:11332`, which is added to `smtpd_milters`. As a milter, Rspamd can inspect incoming and outgoing e-mails.
|
||||||
|
|
||||||
|
Each mail is assigned what Rspamd calls symbols: when an e-mail matches a specific criterion, the mail receives a symbol. Afterwards, Rspamd applies a _spam score_ (as usual with anti-spam software) to the e-mail.
|
||||||
|
|
||||||
|
- The score itself is calculated by adding the values of the individual symbols applied earlier. The higher the spam score is, the more likely the e-mail is spam.
|
||||||
|
- Symbol values can be negative (i.e., these symbols indicate the mail is legitimate, maybe because [SPF and DKIM][docs-dkim-dmarc-spf] are verified successfully) or the symbol can be positive (i.e., these symbols indicate the e-mail is spam, maybe because the e-mail contains a lot of links).
|
||||||
|
|
||||||
|
Rspamd then adds (a few) headers to the e-mail based on the spam score. Most important are `X-Spamd-Result`, which contains an overview of which symbols were applied. It could look like this:
|
||||||
|
|
||||||
|
```txt
|
||||||
|
X-Spamd-Result default: False [-2.80 / 11.00]; R_SPF_NA(1.50)[no SPF record]; R_DKIM_ALLOW(-1.00)[example.com:s=dtag1]; DWL_DNSWL_LOW(-1.00)[example.com:dkim]; RWL_AMI_LASTHOP(-1.00)[192.0.2.42:from]; DMARC_POLICY_ALLOW(-1.00)[example.com,none]; RWL_MAILSPIKE_EXCELLENT(-0.40)[192.0.2.42:from]; FORGED_SENDER(0.30)[noreply@example.com,some-reply-address@bounce.example.com]; RCVD_IN_DNSWL_LOW(-0.10)[192.0.2.42:from]; MIME_GOOD(-0.10)[multipart/mixed,multipart/related,multipart/alternative,text/plain]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:+,4:~,5:~,6:~]; RCVD_COUNT_THREE(0.00)[3]; RCPT_COUNT_ONE(0.00)[1]; REPLYTO_DN_EQ_FROM_DN(0.00)[]; ARC_NA(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_LAST(0.00)[]; DKIM_TRACE(0.00)[example.com:+]; HAS_ATTACHMENT(0.00)[]; TO_DN_NONE(0.00)[]; FROM_NEQ_ENVFROM(0.00)[noreply@example.com,some-reply-address@bounce.example.com]; FROM_HAS_DN(0.00)[]; REPLYTO_DOM_NEQ_FROM_DOM(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[receiver@anotherexample.com]; ASN(0.00)[asn:3320, ipnet:192.0.2.0/24, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; MISSING_XM_UA(0.00)[]; HAS_REPLYTO(0.00)[some-reply-address@dms-reply.example.com]
|
||||||
|
```
|
||||||
|
|
||||||
|
And then there is a corresponding `X-Rspamd-Action` header, which shows the overall result and the action that is taken. In our example, it would be:
|
||||||
|
|
||||||
|
```txt
|
||||||
|
X-Rspamd-Action no action
|
||||||
|
```
|
||||||
|
|
||||||
|
Since the score is `-2.80`, nothing will happen and the e-mail is not classified as spam. Our custom [`actions.conf`][rspamd-actions-config] defines what to do at certain scores:
|
||||||
|
|
||||||
|
1. At a score of 4, the e-mail is to be _greylisted_;
|
||||||
|
2. At a score of 6, the e-mail is _marked with a header_ (`X-Spam: Yes`);
|
||||||
|
3. At a score of 7, the e-mail will additionally have their _subject re-written_ (appending a prefix like `[SPAM]`);
|
||||||
|
4. At a score of 11, the e-mail is outright _rejected_.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
There is more to spam analysis than meets the eye: we have not covered the [Bayes training and filters][rspamc-docs-bayes] here, nor have we talked about [Sieve rules for e-mails that are marked as spam][docs-spam-to-junk].
|
||||||
|
|
||||||
|
Even the calculation of the score with the individual symbols has been presented to you in a simplified manner. But with the knowledge from above, you're equipped to read on and use Rspamd confidently. Keep on reading to understand the integration even better - you will want to know about your anti-spam software, not only to keep the bad e-mail out, but also to make sure the good e-mail arrive properly!
|
||||||
|
|
||||||
|
[docs-dkim-dmarc-spf]: ../best-practices/dkim_dmarc_spf.md
|
||||||
|
[rspamd-actions-config]: https://github.com/docker-mailserver/docker-mailserver/blob/master/target/rspamd/local.d/actions.conf
|
||||||
|
[rspamc-docs-bayes]: https://rspamd.com/doc/configuration/statistic.html
|
||||||
|
|
||||||
|
### Workers
|
||||||
|
|
||||||
The proxy worker operates in [self-scan mode][rspamd-docs-proxy-self-scan-mode]. This simplifies the setup as we do not require a normal worker. You can easily change this though by [overriding the configuration by DMS](#providing-custom-settings-overriding-settings).
|
The proxy worker operates in [self-scan mode][rspamd-docs-proxy-self-scan-mode]. This simplifies the setup as we do not require a normal worker. You can easily change this though by [overriding the configuration by DMS](#providing-custom-settings-overriding-settings).
|
||||||
|
|
||||||
DMS does not set a default password for the controller worker. You may want to do that yourself. In setups where you already have an authentication provider in front of the Rspamd webpage, you may want to [set the `secure_ip ` option to `"0.0.0.0/0"` for the controller worker](#with-the-help-of-a-custom-file) to disable password authentication inside Rspamd completely.
|
DMS does not set a default password for the controller worker. You may want to do that yourself. In setups where you already have an authentication provider in front of the Rspamd webpage, you may want to [set the `secure_ip ` option to `"0.0.0.0/0"` for the controller worker](#with-the-help-of-a-custom-file) to disable password authentication inside Rspamd completely.
|
||||||
|
@ -39,9 +83,9 @@ DMS does not set a default password for the controller worker. You may want to d
|
||||||
|
|
||||||
### Persistence with Redis
|
### Persistence with Redis
|
||||||
|
|
||||||
When Rspamd is enabled, we implicitly also start an instance of Redis in the container. Redis is configured to persist it's data via RDB snapshots to disk in the directory `/var/lib/redis` (_which is a symbolic link to `/var/mail-state/lib-redis/` when [`ONE_DIR=1`](../environment.md#one_dir) and a volume is mounted to `/var/mail-state/`_). With the volume mount the snapshot will restore the Redis data across container restarts, and provide a way to keep backup.
|
When Rspamd is enabled, we implicitly also start an instance of Redis in the container. Redis is configured to persist its data via RDB snapshots to disk in the directory `/var/lib/redis` (_which is a symbolic link to `/var/mail-state/lib-redis/` when [`ONE_DIR=1`](../environment.md#one_dir) and a volume is mounted to `/var/mail-state/`_). With the volume mount the snapshot will restore the Redis data across container restarts, and provide a way to keep backup.
|
||||||
|
|
||||||
Redis uses `/etc/redis/redis.conf` for configuration. We adjust this file when enabling the internal Redis service. If you have an external instance of Redis to use, the internal Redis service can be opt-out via setting the ENV [`ENABLE_RSPAMD_REDIS=0`](../environment.md#enable_rspamd_redis) (_link also details required changes to the DMS rspamd config_).
|
Redis uses `/etc/redis/redis.conf` for configuration. We adjust this file when enabling the internal Redis service. If you have an external instance of Redis to use, the internal Redis service can be opt-out via setting the ENV [`ENABLE_RSPAMD_REDIS=0`](../environment.md#enable_rspamd_redis) (_link also details required changes to the DMS Rspamd config_).
|
||||||
|
|
||||||
### Web Interface
|
### Web Interface
|
||||||
|
|
||||||
|
@ -77,13 +121,13 @@ You can find a list of all Rspamd modules [on their website][rspamd-docs-modules
|
||||||
|
|
||||||
#### Disabled By Default
|
#### Disabled By Default
|
||||||
|
|
||||||
DMS disables certain modules (clickhouse, elastic, neural, reputation, spamassassin, url_redirector, metric_exporter) by default. We believe these are not required in a standard setup, and they would otherwise needlessly use system resources.
|
DMS disables certain modules (`clickhouse`, `elastic`, `neural`, `reputation`, `spamassassin`, `url_redirector`, `metric_exporter`) by default. We believe these are not required in a standard setup, and they would otherwise needlessly use system resources.
|
||||||
|
|
||||||
#### Anti-Virus (ClamAV)
|
#### Anti-Virus (ClamAV)
|
||||||
|
|
||||||
You can choose to enable ClamAV, and Rspamd will then use it to check for viruses. Just set the environment variable `ENABLE_CLAMAV=1`.
|
You can choose to enable ClamAV, and Rspamd will then use it to check for viruses. Just set the environment variable `ENABLE_CLAMAV=1`.
|
||||||
|
|
||||||
#### RBLs (Realtime Blacklists) / DNSBLs (DNS-based Blacklists)
|
#### RBLs (Real-time Blacklists) / DNSBLs (DNS-based Blacklists)
|
||||||
|
|
||||||
The [RBL module](https://rspamd.com/doc/modules/rbl.html) is enabled by default. As a consequence, Rspamd will perform DNS lookups to a variety of blacklists. Whether an RBL or a DNSBL is queried depends on where the domain name was obtained: RBL servers are queried with IP addresses extracted from message headers, DNSBL server are queried with domains and IP addresses extracted from the message body \[[source][rbl-vs-dnsbl]\].
|
The [RBL module](https://rspamd.com/doc/modules/rbl.html) is enabled by default. As a consequence, Rspamd will perform DNS lookups to a variety of blacklists. Whether an RBL or a DNSBL is queried depends on where the domain name was obtained: RBL servers are queried with IP addresses extracted from message headers, DNSBL server are queried with domains and IP addresses extracted from the message body \[[source][rbl-vs-dnsbl]\].
|
||||||
|
|
||||||
|
@ -105,12 +149,15 @@ DMS brings sane default settings for Rspamd. They are located at `/etc/rspamd/lo
|
||||||
|
|
||||||
If you want to overwrite the default settings and / or provide your own settings, you can place files at `docker-data/dms/config/rspamd/override.d/`. Files from this directory are copied to `/etc/rspamd/override.d/` during startup. These files [forcibly override][rspamd-docs-override-dir] Rspamd and DMS default settings.
|
If you want to overwrite the default settings and / or provide your own settings, you can place files at `docker-data/dms/config/rspamd/override.d/`. Files from this directory are copied to `/etc/rspamd/override.d/` during startup. These files [forcibly override][rspamd-docs-override-dir] Rspamd and DMS default settings.
|
||||||
|
|
||||||
|
!!! question "What is the [`local.d` directory and how does it compare to `override.d`][rspamd-docs-config-directories]?"
|
||||||
|
|
||||||
!!! warning "Clashing Overrides"
|
!!! warning "Clashing Overrides"
|
||||||
|
|
||||||
Note that when also [using the `custom-commands.conf` file](#with-the-help-of-a-custom-file), files in `override.d` may be overwritten in case you adjust them manually and with the help of the file.
|
Note that when also [using the `custom-commands.conf` file](#with-the-help-of-a-custom-file), files in `override.d` may be overwritten in case you adjust them manually and with the help of the file.
|
||||||
|
|
||||||
[rspamd-docs-override-dir]: https://www.rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
|
[rspamd-docs-override-dir]: https://www.rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
|
||||||
[docs-dms-config-volume]: ../../faq.md#what-about-the-docker-datadmsconfig-directory
|
[docs-dms-config-volume]: ../../faq.md#what-about-the-docker-datadmsconfig-directory
|
||||||
|
[rspamd-docs-config-directories]: https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
|
||||||
|
|
||||||
### With the Help of a Custom File
|
### With the Help of a Custom File
|
||||||
|
|
||||||
|
@ -127,7 +174,7 @@ where `COMMAND` can be:
|
||||||
3. `set-option-for-module`: sets the value for option `ARGUMENT2` to `ARGUMENT3` inside module `ARGUMENT1`
|
3. `set-option-for-module`: sets the value for option `ARGUMENT2` to `ARGUMENT3` inside module `ARGUMENT1`
|
||||||
4. `set-option-for-controller`: set the value of option `ARGUMENT1` to `ARGUMENT2` for the controller worker
|
4. `set-option-for-controller`: set the value of option `ARGUMENT1` to `ARGUMENT2` for the controller worker
|
||||||
5. `set-option-for-proxy`: set the value of option `ARGUMENT1` to `ARGUMENT2` for the proxy worker
|
5. `set-option-for-proxy`: set the value of option `ARGUMENT1` to `ARGUMENT2` for the proxy worker
|
||||||
6. `set-common-option`: set the option `ARGUMENT1` that [defines basic Rspamd behaviour][rspamd-docs-basic-options] to value `ARGUMENT2`
|
6. `set-common-option`: set the option `ARGUMENT1` that [defines basic Rspamd behavior][rspamd-docs-basic-options] to value `ARGUMENT2`
|
||||||
7. `add-line`: this will add the complete line after `ARGUMENT1` (with all characters) to the file `/etc/rspamd/override.d/<ARGUMENT1>`
|
7. `add-line`: this will add the complete line after `ARGUMENT1` (with all characters) to the file `/etc/rspamd/override.d/<ARGUMENT1>`
|
||||||
|
|
||||||
!!! example "An Example Is [Shown Down Below](#adjusting-and-extending-the-very-basic-configuration)"
|
!!! example "An Example Is [Shown Down Below](#adjusting-and-extending-the-very-basic-configuration)"
|
||||||
|
|
|
@ -61,7 +61,7 @@ Take care to test localized names work well as well.
|
||||||
|
|
||||||
This information is provided by the community.
|
This information is provided by the community.
|
||||||
|
|
||||||
It presently lacks references to confirm the behaviour. If any information is incorrect please let us know! :smile:
|
It presently lacks references to confirm the behavior. If any information is incorrect please let us know! :smile:
|
||||||
|
|
||||||
|
|
||||||
[docs-config-overrides-dovecot]: ../../config/advanced/override-defaults/dovecot.md#override-configuration
|
[docs-config-overrides-dovecot]: ../../config/advanced/override-defaults/dovecot.md#override-configuration
|
||||||
|
|
|
@ -12,7 +12,7 @@ Mails are stored in `/var/mail/${domain}/${username}`. Since `v9.0.0` it is poss
|
||||||
|
|
||||||
### How are IMAP mailboxes (_aka IMAP Folders_) set up?
|
### How are IMAP mailboxes (_aka IMAP Folders_) set up?
|
||||||
|
|
||||||
`INBOX` is setup by default with the special IMAP folders `Drafts`, `Sent`, `Junk` and `Trash`. You can learn how to modify or add your own folders (_including additional special folders like `Archive`_) by visiting our docs page [_Customizing IMAP Folders_](../examples/use-cases/imap-folders) for more information.
|
`INBOX` is setup by default with the special IMAP folders `Drafts`, `Sent`, `Junk` and `Trash`. You can learn how to modify or add your own folders (_including additional special folders like `Archive`_) by visiting our docs page [_Customizing IMAP Folders_](./examples/use-cases/imap-folders.md) for more information.
|
||||||
|
|
||||||
### How do I update DMS?
|
### How do I update DMS?
|
||||||
|
|
||||||
|
@ -128,7 +128,7 @@ find "${PWD}/docker-data/dms-backups/" -type f -mtime +30 -delete
|
||||||
|
|
||||||
### I Want to Know More About the Ports
|
### I Want to Know More About the Ports
|
||||||
|
|
||||||
See [this part of the documentation](../config/security/understanding-the-ports/) for further details and best practice advice, **especially regarding security concerns**.
|
See [this part of the documentation](./config/security/understanding-the-ports.md) for further details and best practice advice, **especially regarding security concerns**.
|
||||||
|
|
||||||
### How can I configure my email client?
|
### How can I configure my email client?
|
||||||
|
|
||||||
|
@ -210,7 +210,7 @@ baduser@example.com devnull
|
||||||
|
|
||||||
### What kind of SSL certificates can I use?
|
### What kind of SSL certificates can I use?
|
||||||
|
|
||||||
Both RSA and ECDSA certs are supported. You can provide your own cert files manually, or mount a `letsencrypt` generated directory (_with alternative support for Traefik's `acme.json`_). Check out the [`SSL_TYPE` documentation](../config/environment/#ssl_type) for more details.
|
Both RSA and ECDSA certs are supported. You can provide your own cert files manually, or mount a `letsencrypt` generated directory (_with alternative support for Traefik's `acme.json`_). Check out the [`SSL_TYPE` documentation](./config/environment.md#ssl_type) for more details.
|
||||||
|
|
||||||
### I just moved from my old mail server to DMS, but "it doesn't work"?
|
### I just moved from my old mail server to DMS, but "it doesn't work"?
|
||||||
|
|
||||||
|
|
|
@ -24,9 +24,9 @@ If you're completely new to mail servers or you want to read up on them, check o
|
||||||
|
|
||||||
There is also a script - [`setup.sh`][github-file-setupsh] - supplied with this project. It supports you in configuring and administrating your server. Information on how to get it and how to use it is available [on a dedicated page][docs-setupsh].
|
There is also a script - [`setup.sh`][github-file-setupsh] - supplied with this project. It supports you in configuring and administrating your server. Information on how to get it and how to use it is available [on a dedicated page][docs-setupsh].
|
||||||
|
|
||||||
[docs-introduction]: ./introduction/
|
[docs-introduction]: ./introduction.md
|
||||||
[docs-usage]: ./usage/
|
[docs-usage]: ./usage.md
|
||||||
[docs-examples]: ./examples/tutorials/basic-installation/
|
[docs-examples]: ./examples/tutorials/basic-installation.md
|
||||||
[github-file-setupsh]: https://github.com/docker-mailserver/docker-mailserver/blob/master/setup.sh
|
[github-file-setupsh]: https://github.com/docker-mailserver/docker-mailserver/blob/master/setup.sh
|
||||||
[docs-setupsh]: ./config/setup.sh/
|
[docs-setupsh]: ./config/setup.sh/
|
||||||
|
|
||||||
|
@ -59,10 +59,10 @@ You might also want to check out:
|
||||||
|
|
||||||
DMS employs a variety of tests. If you want to know more about our test suite, view our [testing docs][docs-tests].
|
DMS employs a variety of tests. If you want to know more about our test suite, view our [testing docs][docs-tests].
|
||||||
|
|
||||||
[docs-tests]: ./contributing/tests/
|
[docs-tests]: ./contributing/tests.md
|
||||||
|
|
||||||
### Contributing
|
### Contributing
|
||||||
|
|
||||||
We are always happy to welcome new contributors. For guidelines and entrypoints please have a look at the [Contributing section][docs-contributing].
|
We are always happy to welcome new contributors. For guidelines and entrypoints please have a look at the [Contributing section][docs-contributing].
|
||||||
|
|
||||||
[docs-contributing]: ./contributing/issues-and-pull-requests/
|
[docs-contributing]: ./contributing/issues-and-pull-requests.md
|
||||||
|
|
|
@ -86,8 +86,8 @@ markdown_extensions:
|
||||||
- pymdownx.inlinehilite
|
- pymdownx.inlinehilite
|
||||||
- pymdownx.tilde
|
- pymdownx.tilde
|
||||||
- pymdownx.emoji:
|
- pymdownx.emoji:
|
||||||
emoji_index: !!python/name:materialx.emoji.twemoji
|
emoji_index: !!python/name:material.extensions.emoji.twemoji
|
||||||
emoji_generator: !!python/name:materialx.emoji.to_svg
|
emoji_generator: !!python/name:material.extensions.emoji.to_svg
|
||||||
- pymdownx.highlight:
|
- pymdownx.highlight:
|
||||||
extend_pygments_lang:
|
extend_pygments_lang:
|
||||||
- name: yml
|
- name: yml
|
||||||
|
|
Loading…
Reference in a new issue