v10.0.0 release (#1978)

* chore: prepare v10 release * chore: bump version to v10.0.0 * chore: bump version to v10.0.0 * chore: add changelog for v10.0.0 * Fail2ban compatibility/downgrade info added * chore: add PR and PR links * fix a dot in the README * chore: add pr 1996 * chore: add pr 1921 and 1989 * Revert "chore: add pr 1996" This reverts commit 58a8ba4b44. * chore: add grace_period pr reference * remove :stable and other deprecated stuff * corrected linting and removed generate ssl bin * updated CHANGELOG * fix: list of prs Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com> * fix: list of prs Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com> * Update CHANGELOG.md Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com> * Update CHANGELOG.md Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com> * Update CHANGELOG.md Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com> * Update CHANGELOG.md Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com> * partial revert of dc8f49de54 * chore: add pr 2021 Co-authored-by: Casper <casperklein@users.noreply.github.com> Co-authored-by: Georg Lauterbach <44545919+aendeavor@users.noreply.github.com> Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-19 02:48:50 +00:00 · 2021-06-01 12:17:14 +02:00 · 2021-06-01 12:17:14 +02:00 · a0f4a37512
parent 2a08385578
commit a0f4a37512
7 changed files with 66 additions and 69 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,38 @@
 # Changelog

+## `v10.0.0`
+
+This release improves on `9.1.0` in many aspect, including general fixes, Fail2Ban, LDAP and documentation. This release contains breaking changes.
+
+- **[general]** Fixed many prose errors (spelling, grammar, indentation).
+- **[general]** Documentation is better integrated into the development process and it's visibility within the project increased ([#1878](https://github.com/docker-mailserver/docker-mailserver/pull/1878)).
+- **[general]** Added `stop_grace_period:` to example Compose file and supervisord ([#1896](https://github.com/docker-mailserver/docker-mailserver/pull/1896) [#1945](https://github.com/docker-mailserver/docker-mailserver/pull/1945))
+- **[general]** `./setup.sh email list` was enhanced, now showing information neatly ([#1898](https://github.com/docker-mailserver/docker-mailserver/pull/1898))
+- **[general]** Added update check and notification ([#1976](https://github.com/docker-mailserver/docker-mailserver/pull/1976), [#1951](https://github.com/docker-mailserver/docker-mailserver/pull/1951))
+- **[general]** Moved environment variables to the documentation and improvements ([#1948](https://github.com/docker-mailserver/docker-mailserver/pull/1948), [#1947](https://github.com/docker-mailserver/docker-mailserver/pull/1947), [#1931](https://github.com/docker-mailserver/docker-mailserver/pull/1931))
+- **[security]** Major Fail2Ban improvements (cleanup, update and breaking changes, see below)
+- **[fix]** `./setup.sh email del ...` now works properly 
+- **[code]** Added color variables to `setup.sh` and improved the script as a whole ([#1879](https://github.com/docker-mailserver/docker-mailserver/pull/1879), [#1886](https://github.com/docker-mailserver/docker-mailserver/pull/1886))
+- **[ldap]** Added `LDAP_QUERY_FILTER_SENDERS` ([#1902](https://github.com/docker-mailserver/docker-mailserver/pull/1902))
+- **[ldap]** Use dovecots LDAP `uris` connect option instead of `hosts` ([#1901](https://github.com/docker-mailserver/docker-mailserver/pull/1901))
+- **[ldap]** Complete rework of LDAP documentation ([#1921](https://github.com/docker-mailserver/docker-mailserver/pull/1921))
+- **[docs]** PRs that contain changes to docs will now be commented with a preview link ([#1988](https://github.com/docker-mailserver/docker-mailserver/pull/1988))
+
+### Breaking Changes
+
+- **[security]** Fail2Ban adjustments:
+  - Fail2ban v0.11.2 is now used ([#1965](https://github.com/docker-mailserver/docker-mailserver/pull/1965)).
+  - The previous F2B config (from an old Debian release) has been replaced with the latest default config for F2B shipped by Debian 10.
+  - The new default blocktype is now `DROP`, not `REJECT` ([#1914](https://github.com/docker-mailserver/docker-mailserver/pull/1914)).
+  - A ban now applies to all ports (`iptables-allports`), not just the ones that were "attacked" ([#1914](https://github.com/docker-mailserver/docker-mailserver/pull/1914)).
+  - Fail2ban 0.11 is totally compatible to 0.10, but the database got some new tables and fields (auto-converted during the first start), so once updated to DMS 10.0.0, you have to remove the database `mailstate:/lib-fail2ban/fail2ban.sqlite3` if you would need to downgrade to DMS 9.1.0 for some reason.
+- **[ldap]** Removed `SASLAUTHD_LDAP_SSL`. Instead provide a protocol in `SASLAUTHD_LDAP_SERVER` and adjust `SASLAUTHD_LDAP_` default values ([#1989](https://github.com/docker-mailserver/docker-mailserver/pull/1989)).
+- **[general]** Removed `stable` release tag ([#1975](https://github.com/docker-mailserver/docker-mailserver/pull/1975)):
+  - Scheduled builds are now based off `edge`.
+  - Instead of `stable`, please use the latest version tag available (_or the `latest` tag_).
+  - The `stable` image tag will be removed from DockerHub in the near future.
+- **[setup]** Removed `./setup config ssl` command (_deprecated since v9_). `SSL_TYPE=self-signed` remains supported however. ([`dc8f49de`](https://github.com/docker-mailserver/docker-mailserver/commit/dc8f49de548e2c2e2aa321841585153a99cd3858), [#2021](https://github.com/docker-mailserver/docker-mailserver/pull/2021))
+
 ## `v9.1.0`

 This release marks the breakpoint where the wiki was transferred to a [reworked documentation](https://docker-mailserver.github.io/docker-mailserver/edge/)
--- a/README.md
+++ b/README.md
@ -9,7 +9,7 @@
 [documentation::badge]: https://img.shields.io/badge/DOCUMENTATION-GH%20PAGES-0078D4?style=for-the-badge&logo=git&logoColor=white
 [documentation::web]: https://docker-mailserver.github.io/docker-mailserver/edge/

-A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.). Only configuration files, no SQL database. Keep it simple and versioned. Easy to deploy and upgrade. [Documentation][documentation::web] via MkDocs. [Why this image was created.](https://tvi.al/simple-mail-server-with-docker/).
+A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.). Only configuration files, no SQL database. Keep it simple and versioned. Easy to deploy and upgrade. [Documentation][documentation::web] via MkDocs. [Why this image was created](https://tvi.al/simple-mail-server-with-docker/).

 If you have issues, read the full `README` **and** the [documentation][documentation::web] **for your version** (default is `edge`) first **before opening an issue**. The issue tracker is for issues, not for personal support.

@ -60,20 +60,19 @@ If you have issues, read the full `README` **and** the [documentation][documenta

 ## Usage

-### Available image sources / tags
+### Available Images / Tags - Tagging Convention

 [CI/CD](https://github.com/docker-mailserver/docker-mailserver/actions) will automatically build, test and push new images to container registries. Currently, the following registries are supported:

 - [DockerHub](https://hub.docker.com/repository/docker/mailserver/docker-mailserver)
 - [GitHub Container Registry](https://github.com/orgs/docker-mailserver/packages?repo_name=docker-mailserver)

-All workflows are using the **tagging convention** listed below. It is subsequently applied to all images pushed to supported container registries:
+All workflows are using the tagging convention listed below. It is subsequently applied to all images.

-| Event        | Ref                   | Commit SHA | Image Tags                    |
-|--------------|-----------------------|------------|-------------------------------|
-| `push`       | `refs/heads/master`   | `cf20257`  | `edge`                        |
-| `push`       | `refs/heads/stable`   | `cf20257`  | `stable`                      |
-| `push tag`   | `refs/tags/[v]1.2.3`     | `ad132f5`  | `1.2.3`, `1.2`, `1`, `latest` |
+| Event        | Ref                   | Image Tags                    |
+|--------------|-----------------------|-------------------------------|
+| `push`       | `refs/heads/master`   | `edge`                        |
+| `push tag`   | `refs/tags/[v]1.2.3`  | `1.2.3`, `1.2`, `1`, `latest` |

 ### Get the tools

@ -89,8 +88,8 @@ and the `setup.sh` **in the correct version**
 ``` BASH
 # if you're using :edge as the image tag
 wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/master/setup.sh
-# if you're using :latest (= :9.1.0) as the image tag
-wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/v9.1.0/setup.sh
+# if you're using :latest (= :10.0.0) as the image tag
+wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/v10.0.0/setup.sh

 chmod a+x ./setup.sh

@ -108,7 +107,7 @@ chmod a+x ./setup.sh
   - if you want to use SELinux for the `./config/:/tmp/docker-mailserver/` mount, append `-z` or `-Z`
 3. Configure the mailserver container to your liking by editing `mailserver.env` ([**Documentation**](https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/))
   - this file supports [_only_ simple `VAR=VAL`](https://docs.docker.com/compose/env-file/) (**don't** quote your values)
-   - variable substitution is **not** supported (e.g. :no_entry_sign:`OVERRIDE_HOSTNAME=$HOSTNAME.$DOMAINNAME` :no_entry_sign:)
+   - variable substitution is **not** supported (e.g. :no_entry_sign: `OVERRIDE_HOSTNAME=$HOSTNAME.$DOMAINNAME` :no_entry_sign:)

 ### Get up and running

@ -121,7 +120,7 @@ docker-compose up -d mailserver
 ./setup.sh [-Z] config dkim
 ```

-If you're seeing error messages about unchecked error, please **verify that you're using the right version of `setup.sh`**. Refer to the [Get the tools](#get-the-tools) section and / or execute `./setup.sh help` and read the `VERSION` section.
+If you're seeing error messages about unchecked errors, please **verify that you're using the right version of `setup.sh`**. Refer to the [Get the tools](#get-the-tools) section and / or execute `./setup.sh help` and read the `VERSION` section.

 In case you're using LDAP, the setup looks a bit different as you do not add user accounts directly. Postfix doesn't know your domain(s) and you need to provide it when configuring DKIM:

@ -137,7 +136,7 @@ If you want to see detailed usage information, run `./setup.sh config dkim help`

 When keys are generated, you can configure your DNS server by just pasting the content of `config/opendkim/keys/domain.tld/mail.txt` to [set up DKIM](https://mxtoolbox.com/dmarc/dkim/setup/how-to-setup-dkim). See the [documentation](https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/dkim/) for more details.

-#### Custom user changes & patches
+#### Custom User Changes & Patches

 If you'd like to change, patch or alter files or behavior of `docker-mailserver`, you can use a script. See the [documentation](https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/override-defaults/user-patches/) for a detailed explanation.

--- a/2
+++ b/2
@ -1 +1 @@
-9.1.0
+10.0.0
--- a/docs/content/config/advanced/optional-config.md
+++ b/docs/content/config/advanced/optional-config.md
@ -11,7 +11,7 @@ This is a list of all configuration files and directories which are optional or
 - **sieve-filter:** directory for sieve filter scripts. (Docs: [Sieve][docs-sieve])
 - **sieve-pipe:** directory for sieve pipe scripts. (Docs: [Sieve][docs-sieve])
 - **opendkim:** DKIM directory. Auto-configurable via [`setup.sh config dkim`][docs-setupsh]. (Docs: [DKIM][docs-dkim])
- **ssl:** SSL Certificate directory. Auto-configurable via [`setup.sh config ssl`][docs-setupsh]. (Docs: [SSL][docs-ssl])
+- **ssl:** SSL Certificate directory. (Docs: [SSL][docs-ssl])

 ## Files

--- a/docs/content/config/setup.sh.md
+++ b/docs/content/config/setup.sh.md
@ -96,7 +96,6 @@ OPTIONS

    COMMAND config :=
        ./setup.sh config dkim [ ARGUMENTS... ]
-        ./setup.sh config ssl <FQDN> (ATTENTION: This is deprecated and will be removed soon.)

    COMMAND relay :=
        ./setup.sh relay add-domain <DOMAIN> <HOST> [<PORT>]
--- a/setup.sh
+++ b/setup.sh
@ -163,36 +163,35 @@ ${ORANGE}OPTIONS${RESET}

 ${RED}[${ORANGE}SUB${RED}]${ORANGE}COMMANDS${RESET}
    ${LBLUE}COMMAND${RESET} email ${RED}:=${RESET}
-        ${0} email add <EMAIL ADDRESS> [<PASSWORD>]
-        ${0} email update <EMAIL ADDRESS> [<PASSWORD>]
-        ${0} email del [ OPTIONS${RED}...${RESET} ] <EMAIL ADDRESS> [ <EMAIL ADDRESS>${RED}...${RESET} ]
-        ${0} email restrict <add${RED}|${RESET}del${RED}|${RESET}list> <send${RED}|${RESET}receive> [<EMAIL ADDRESS>]
-        ${0} email list
+        ${0} email ${CYAN}add${RESET} <EMAIL ADDRESS> [<PASSWORD>]
+        ${0} email ${CYAN}update${RESET} <EMAIL ADDRESS> [<PASSWORD>]
+        ${0} email ${CYAN}del${RESET} [ OPTIONS${RED}...${RESET} ] <EMAIL ADDRESS> [ <EMAIL ADDRESS>${RED}...${RESET} ]
+        ${0} email ${CYAN}restrict${RESET} <add${RED}|${RESET}del${RED}|${RESET}list> <send${RED}|${RESET}receive> [<EMAIL ADDRESS>]
+        ${0} email ${CYAN}list${RESET}

    ${LBLUE}COMMAND${RESET} alias ${RED}:=${RESET}
-        ${0} alias add <EMAIL ADDRESS> <RECIPIENT>
-        ${0} alias del <EMAIL ADDRESS> <RECIPIENT>
-        ${0} alias list
+        ${0} alias ${CYAN}add${RESET} <EMAIL ADDRESS> <RECIPIENT>
+        ${0} alias ${CYAN}del${RESET} <EMAIL ADDRESS> <RECIPIENT>
+        ${0} alias ${CYAN}list${RESET}

    ${LBLUE}COMMAND${RESET} quota ${RED}:=${RESET}
-        ${0} quota set <EMAIL ADDRESS> [<QUOTA>]
-        ${0} quota del <EMAIL ADDRESS>
+        ${0} quota ${CYAN}set${RESET} <EMAIL ADDRESS> [<QUOTA>]
+        ${0} quota ${CYAN}del${RESET} <EMAIL ADDRESS>

    ${LBLUE}COMMAND${RESET} config ${RED}:=${RESET}
-        ${0} config dkim [ ARGUMENTS${RED}...${RESET} ]
-        ${0} config ssl <FQDN> (${CYAN}ATTENTION${RESET}: This is deprecated and will be removed soon.)
+        ${0} config ${CYAN}dkim${RESET} [ ARGUMENTS${RED}...${RESET} ]

    ${LBLUE}COMMAND${RESET} relay ${RED}:=${RESET}
-        ${0} relay add-domain <DOMAIN> <HOST> [<PORT>]
-        ${0} relay add-auth <DOMAIN> <USERNAME> [<PASSWORD>]
-        ${0} relay exclude-domain <DOMAIN>
+        ${0} relay ${CYAN}add-domain${RESET} <DOMAIN> <HOST> [<PORT>]
+        ${0} relay ${CYAN}add-auth${RESET} <DOMAIN> <USERNAME> [<PASSWORD>]
+        ${0} relay ${CYAN}exclude-domain${RESET} <DOMAIN>

    ${LBLUE}COMMAND${RESET} debug ${RED}:=${RESET}
-        ${0} debug fetchmail
-        ${0} debug fail2ban [unban <IP>]
-        ${0} debug show-mail-logs
-        ${0} debug inspect
-        ${0} debug login <COMMANDS>
+        ${0} debug ${CYAN}fetchmail${RESET}
+        ${0} debug ${CYAN}fail2ban${RESET} [unban <IP>]
+        ${0} debug ${CYAN}show-mail-logs${RESET}
+        ${0} debug ${CYAN}inspect${RESET}
+        ${0} debug ${CYAN}login${RESET} <COMMANDS>

 ${ORANGE}EXAMPLES${RESET}
    ${WHITE}./setup.sh email add test@domain.tld${RESET}
@ -370,7 +369,6 @@ function _main
    config )
      case ${2:-} in
        dkim     ) shift 2 ; _docker_image open-dkim "${@}" ;;
-        ssl      ) shift 2 ; _docker_image generate-ssl-certificate "${1}" ;;
        *        ) _usage ;;
      esac
      ;;
--- a/target/bin/generate-ssl-certificate
+++ b/target/bin/generate-ssl-certificate
@ -1,32 +0,0 @@
-#! /bin/bash
-
-set -e
-
-# check if FQDN was passed as arguement in setup.sh
-if [[ -z ${1} ]]
-then
-  FQDN="$(hostname --fqdn)"
-else
-  FQDN="${1}"
-fi
-
-SSL_CFG_PATH="/tmp/docker-mailserver/ssl"
-
-if [[ ! -d ${SSL_CFG_PATH} ]]
-then
-  mkdir --parents "${SSL_CFG_PATH}"
-fi
-
-cd "${SSL_CFG_PATH}" || { echo "cd ${SSL_CFG_PATH} error" ; exit ; }
-
-# Create CA certificate
-/usr/lib/ssl/misc/CA.pl -newca
-
-# Create an unpassworded private key and create an unsigned public key certificate
-openssl req -new -nodes -keyout "${SSL_CFG_PATH}"/"${FQDN}"-key.pem -out "${SSL_CFG_PATH}"/"${FQDN}"-req.pem -days 3652
-
-# Sign the public key certificate with CA certificate
-openssl ca -out "${SSL_CFG_PATH}"/"${FQDN}"-cert.pem -infiles "${SSL_CFG_PATH}"/"${FQDN}"-req.pem
-
-# Combine certificates for courier
-cat "${SSL_CFG_PATH}"/"${FQDN}"-key.pem "${SSL_CFG_PATH}"/"${FQDN}"-cert.pem > "${SSL_CFG_PATH}"/"${FQDN}"-combined.pem
 @ -1 +1 @@
 .1.0
 .0.0