v10.0.0 release (#1978)

* chore: prepare v10 release

* chore: bump version to v10.0.0

* chore: bump version to v10.0.0

* chore: add changelog for v10.0.0

* Fail2ban compatibility/downgrade info added

* chore: add PR and PR links

* fix a dot in the README

* chore: add pr 1996

* chore: add pr 1921 and 1989

* Revert "chore: add pr 1996"

This reverts commit 58a8ba4b44.

* chore: add grace_period pr reference

* remove :stable and other deprecated stuff

* corrected linting and removed generate ssl bin

* updated CHANGELOG

* fix: list of prs

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>

* fix: list of prs

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>

* Update CHANGELOG.md

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>

* Update CHANGELOG.md

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>

* Update CHANGELOG.md

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>

* Update CHANGELOG.md

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>

* partial revert of dc8f49de54

* chore: add pr 2021

Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: Georg Lauterbach <44545919+aendeavor@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
This commit is contained in:
Frederic Werner 2021-06-01 12:17:14 +02:00 committed by GitHub
parent 2a08385578
commit a0f4a37512
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 66 additions and 69 deletions

View file

@ -1,5 +1,38 @@
# Changelog # Changelog
## `v10.0.0`
This release improves on `9.1.0` in many aspect, including general fixes, Fail2Ban, LDAP and documentation. This release contains breaking changes.
- **[general]** Fixed many prose errors (spelling, grammar, indentation).
- **[general]** Documentation is better integrated into the development process and it's visibility within the project increased ([#1878](https://github.com/docker-mailserver/docker-mailserver/pull/1878)).
- **[general]** Added `stop_grace_period:` to example Compose file and supervisord ([#1896](https://github.com/docker-mailserver/docker-mailserver/pull/1896) [#1945](https://github.com/docker-mailserver/docker-mailserver/pull/1945))
- **[general]** `./setup.sh email list` was enhanced, now showing information neatly ([#1898](https://github.com/docker-mailserver/docker-mailserver/pull/1898))
- **[general]** Added update check and notification ([#1976](https://github.com/docker-mailserver/docker-mailserver/pull/1976), [#1951](https://github.com/docker-mailserver/docker-mailserver/pull/1951))
- **[general]** Moved environment variables to the documentation and improvements ([#1948](https://github.com/docker-mailserver/docker-mailserver/pull/1948), [#1947](https://github.com/docker-mailserver/docker-mailserver/pull/1947), [#1931](https://github.com/docker-mailserver/docker-mailserver/pull/1931))
- **[security]** Major Fail2Ban improvements (cleanup, update and breaking changes, see below)
- **[fix]** `./setup.sh email del ...` now works properly
- **[code]** Added color variables to `setup.sh` and improved the script as a whole ([#1879](https://github.com/docker-mailserver/docker-mailserver/pull/1879), [#1886](https://github.com/docker-mailserver/docker-mailserver/pull/1886))
- **[ldap]** Added `LDAP_QUERY_FILTER_SENDERS` ([#1902](https://github.com/docker-mailserver/docker-mailserver/pull/1902))
- **[ldap]** Use dovecots LDAP `uris` connect option instead of `hosts` ([#1901](https://github.com/docker-mailserver/docker-mailserver/pull/1901))
- **[ldap]** Complete rework of LDAP documentation ([#1921](https://github.com/docker-mailserver/docker-mailserver/pull/1921))
- **[docs]** PRs that contain changes to docs will now be commented with a preview link ([#1988](https://github.com/docker-mailserver/docker-mailserver/pull/1988))
### Breaking Changes
- **[security]** Fail2Ban adjustments:
- Fail2ban v0.11.2 is now used ([#1965](https://github.com/docker-mailserver/docker-mailserver/pull/1965)).
- The previous F2B config (from an old Debian release) has been replaced with the latest default config for F2B shipped by Debian 10.
- The new default blocktype is now `DROP`, not `REJECT` ([#1914](https://github.com/docker-mailserver/docker-mailserver/pull/1914)).
- A ban now applies to all ports (`iptables-allports`), not just the ones that were "attacked" ([#1914](https://github.com/docker-mailserver/docker-mailserver/pull/1914)).
- Fail2ban 0.11 is totally compatible to 0.10, but the database got some new tables and fields (auto-converted during the first start), so once updated to DMS 10.0.0, you have to remove the database `mailstate:/lib-fail2ban/fail2ban.sqlite3` if you would need to downgrade to DMS 9.1.0 for some reason.
- **[ldap]** Removed `SASLAUTHD_LDAP_SSL`. Instead provide a protocol in `SASLAUTHD_LDAP_SERVER` and adjust `SASLAUTHD_LDAP_` default values ([#1989](https://github.com/docker-mailserver/docker-mailserver/pull/1989)).
- **[general]** Removed `stable` release tag ([#1975](https://github.com/docker-mailserver/docker-mailserver/pull/1975)):
- Scheduled builds are now based off `edge`.
- Instead of `stable`, please use the latest version tag available (_or the `latest` tag_).
- The `stable` image tag will be removed from DockerHub in the near future.
- **[setup]** Removed `./setup config ssl` command (_deprecated since v9_). `SSL_TYPE=self-signed` remains supported however. ([`dc8f49de`](https://github.com/docker-mailserver/docker-mailserver/commit/dc8f49de548e2c2e2aa321841585153a99cd3858), [#2021](https://github.com/docker-mailserver/docker-mailserver/pull/2021))
## `v9.1.0` ## `v9.1.0`
This release marks the breakpoint where the wiki was transferred to a [reworked documentation](https://docker-mailserver.github.io/docker-mailserver/edge/) This release marks the breakpoint where the wiki was transferred to a [reworked documentation](https://docker-mailserver.github.io/docker-mailserver/edge/)

View file

@ -9,7 +9,7 @@
[documentation::badge]: https://img.shields.io/badge/DOCUMENTATION-GH%20PAGES-0078D4?style=for-the-badge&logo=git&logoColor=white [documentation::badge]: https://img.shields.io/badge/DOCUMENTATION-GH%20PAGES-0078D4?style=for-the-badge&logo=git&logoColor=white
[documentation::web]: https://docker-mailserver.github.io/docker-mailserver/edge/ [documentation::web]: https://docker-mailserver.github.io/docker-mailserver/edge/
A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.). Only configuration files, no SQL database. Keep it simple and versioned. Easy to deploy and upgrade. [Documentation][documentation::web] via MkDocs. [Why this image was created.](https://tvi.al/simple-mail-server-with-docker/). A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.). Only configuration files, no SQL database. Keep it simple and versioned. Easy to deploy and upgrade. [Documentation][documentation::web] via MkDocs. [Why this image was created](https://tvi.al/simple-mail-server-with-docker/).
If you have issues, read the full `README` **and** the [documentation][documentation::web] **for your version** (default is `edge`) first **before opening an issue**. The issue tracker is for issues, not for personal support. If you have issues, read the full `README` **and** the [documentation][documentation::web] **for your version** (default is `edge`) first **before opening an issue**. The issue tracker is for issues, not for personal support.
@ -60,20 +60,19 @@ If you have issues, read the full `README` **and** the [documentation][documenta
## Usage ## Usage
### Available image sources / tags ### Available Images / Tags - Tagging Convention
[CI/CD](https://github.com/docker-mailserver/docker-mailserver/actions) will automatically build, test and push new images to container registries. Currently, the following registries are supported: [CI/CD](https://github.com/docker-mailserver/docker-mailserver/actions) will automatically build, test and push new images to container registries. Currently, the following registries are supported:
- [DockerHub](https://hub.docker.com/repository/docker/mailserver/docker-mailserver) - [DockerHub](https://hub.docker.com/repository/docker/mailserver/docker-mailserver)
- [GitHub Container Registry](https://github.com/orgs/docker-mailserver/packages?repo_name=docker-mailserver) - [GitHub Container Registry](https://github.com/orgs/docker-mailserver/packages?repo_name=docker-mailserver)
All workflows are using the **tagging convention** listed below. It is subsequently applied to all images pushed to supported container registries: All workflows are using the tagging convention listed below. It is subsequently applied to all images.
| Event | Ref | Commit SHA | Image Tags | | Event | Ref | Image Tags |
|--------------|-----------------------|------------|-------------------------------| |--------------|-----------------------|-------------------------------|
| `push` | `refs/heads/master` | `cf20257` | `edge` | | `push` | `refs/heads/master` | `edge` |
| `push` | `refs/heads/stable` | `cf20257` | `stable` | | `push tag` | `refs/tags/[v]1.2.3` | `1.2.3`, `1.2`, `1`, `latest` |
| `push tag` | `refs/tags/[v]1.2.3` | `ad132f5` | `1.2.3`, `1.2`, `1`, `latest` |
### Get the tools ### Get the tools
@ -89,8 +88,8 @@ and the `setup.sh` **in the correct version**
``` BASH ``` BASH
# if you're using :edge as the image tag # if you're using :edge as the image tag
wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/master/setup.sh wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/master/setup.sh
# if you're using :latest (= :9.1.0) as the image tag # if you're using :latest (= :10.0.0) as the image tag
wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/v9.1.0/setup.sh wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/v10.0.0/setup.sh
chmod a+x ./setup.sh chmod a+x ./setup.sh
@ -108,7 +107,7 @@ chmod a+x ./setup.sh
- if you want to use SELinux for the `./config/:/tmp/docker-mailserver/` mount, append `-z` or `-Z` - if you want to use SELinux for the `./config/:/tmp/docker-mailserver/` mount, append `-z` or `-Z`
3. Configure the mailserver container to your liking by editing `mailserver.env` ([**Documentation**](https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/)) 3. Configure the mailserver container to your liking by editing `mailserver.env` ([**Documentation**](https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/))
- this file supports [_only_ simple `VAR=VAL`](https://docs.docker.com/compose/env-file/) (**don't** quote your values) - this file supports [_only_ simple `VAR=VAL`](https://docs.docker.com/compose/env-file/) (**don't** quote your values)
- variable substitution is **not** supported (e.g. :no_entry_sign:`OVERRIDE_HOSTNAME=$HOSTNAME.$DOMAINNAME` :no_entry_sign:) - variable substitution is **not** supported (e.g. :no_entry_sign: `OVERRIDE_HOSTNAME=$HOSTNAME.$DOMAINNAME` :no_entry_sign:)
### Get up and running ### Get up and running
@ -121,7 +120,7 @@ docker-compose up -d mailserver
./setup.sh [-Z] config dkim ./setup.sh [-Z] config dkim
``` ```
If you're seeing error messages about unchecked error, please **verify that you're using the right version of `setup.sh`**. Refer to the [Get the tools](#get-the-tools) section and / or execute `./setup.sh help` and read the `VERSION` section. If you're seeing error messages about unchecked errors, please **verify that you're using the right version of `setup.sh`**. Refer to the [Get the tools](#get-the-tools) section and / or execute `./setup.sh help` and read the `VERSION` section.
In case you're using LDAP, the setup looks a bit different as you do not add user accounts directly. Postfix doesn't know your domain(s) and you need to provide it when configuring DKIM: In case you're using LDAP, the setup looks a bit different as you do not add user accounts directly. Postfix doesn't know your domain(s) and you need to provide it when configuring DKIM:
@ -137,7 +136,7 @@ If you want to see detailed usage information, run `./setup.sh config dkim help`
When keys are generated, you can configure your DNS server by just pasting the content of `config/opendkim/keys/domain.tld/mail.txt` to [set up DKIM](https://mxtoolbox.com/dmarc/dkim/setup/how-to-setup-dkim). See the [documentation](https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/dkim/) for more details. When keys are generated, you can configure your DNS server by just pasting the content of `config/opendkim/keys/domain.tld/mail.txt` to [set up DKIM](https://mxtoolbox.com/dmarc/dkim/setup/how-to-setup-dkim). See the [documentation](https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/dkim/) for more details.
#### Custom user changes & patches #### Custom User Changes & Patches
If you'd like to change, patch or alter files or behavior of `docker-mailserver`, you can use a script. See the [documentation](https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/override-defaults/user-patches/) for a detailed explanation. If you'd like to change, patch or alter files or behavior of `docker-mailserver`, you can use a script. See the [documentation](https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/override-defaults/user-patches/) for a detailed explanation.

View file

@ -1 +1 @@
9.1.0 10.0.0

View file

@ -11,7 +11,7 @@ This is a list of all configuration files and directories which are optional or
- **sieve-filter:** directory for sieve filter scripts. (Docs: [Sieve][docs-sieve]) - **sieve-filter:** directory for sieve filter scripts. (Docs: [Sieve][docs-sieve])
- **sieve-pipe:** directory for sieve pipe scripts. (Docs: [Sieve][docs-sieve]) - **sieve-pipe:** directory for sieve pipe scripts. (Docs: [Sieve][docs-sieve])
- **opendkim:** DKIM directory. Auto-configurable via [`setup.sh config dkim`][docs-setupsh]. (Docs: [DKIM][docs-dkim]) - **opendkim:** DKIM directory. Auto-configurable via [`setup.sh config dkim`][docs-setupsh]. (Docs: [DKIM][docs-dkim])
- **ssl:** SSL Certificate directory. Auto-configurable via [`setup.sh config ssl`][docs-setupsh]. (Docs: [SSL][docs-ssl]) - **ssl:** SSL Certificate directory. (Docs: [SSL][docs-ssl])
## Files ## Files

View file

@ -96,7 +96,6 @@ OPTIONS
COMMAND config := COMMAND config :=
./setup.sh config dkim [ ARGUMENTS... ] ./setup.sh config dkim [ ARGUMENTS... ]
./setup.sh config ssl <FQDN> (ATTENTION: This is deprecated and will be removed soon.)
COMMAND relay := COMMAND relay :=
./setup.sh relay add-domain <DOMAIN> <HOST> [<PORT>] ./setup.sh relay add-domain <DOMAIN> <HOST> [<PORT>]

View file

@ -163,36 +163,35 @@ ${ORANGE}OPTIONS${RESET}
${RED}[${ORANGE}SUB${RED}]${ORANGE}COMMANDS${RESET} ${RED}[${ORANGE}SUB${RED}]${ORANGE}COMMANDS${RESET}
${LBLUE}COMMAND${RESET} email ${RED}:=${RESET} ${LBLUE}COMMAND${RESET} email ${RED}:=${RESET}
${0} email add <EMAIL ADDRESS> [<PASSWORD>] ${0} email ${CYAN}add${RESET} <EMAIL ADDRESS> [<PASSWORD>]
${0} email update <EMAIL ADDRESS> [<PASSWORD>] ${0} email ${CYAN}update${RESET} <EMAIL ADDRESS> [<PASSWORD>]
${0} email del [ OPTIONS${RED}...${RESET} ] <EMAIL ADDRESS> [ <EMAIL ADDRESS>${RED}...${RESET} ] ${0} email ${CYAN}del${RESET} [ OPTIONS${RED}...${RESET} ] <EMAIL ADDRESS> [ <EMAIL ADDRESS>${RED}...${RESET} ]
${0} email restrict <add${RED}|${RESET}del${RED}|${RESET}list> <send${RED}|${RESET}receive> [<EMAIL ADDRESS>] ${0} email ${CYAN}restrict${RESET} <add${RED}|${RESET}del${RED}|${RESET}list> <send${RED}|${RESET}receive> [<EMAIL ADDRESS>]
${0} email list ${0} email ${CYAN}list${RESET}
${LBLUE}COMMAND${RESET} alias ${RED}:=${RESET} ${LBLUE}COMMAND${RESET} alias ${RED}:=${RESET}
${0} alias add <EMAIL ADDRESS> <RECIPIENT> ${0} alias ${CYAN}add${RESET} <EMAIL ADDRESS> <RECIPIENT>
${0} alias del <EMAIL ADDRESS> <RECIPIENT> ${0} alias ${CYAN}del${RESET} <EMAIL ADDRESS> <RECIPIENT>
${0} alias list ${0} alias ${CYAN}list${RESET}
${LBLUE}COMMAND${RESET} quota ${RED}:=${RESET} ${LBLUE}COMMAND${RESET} quota ${RED}:=${RESET}
${0} quota set <EMAIL ADDRESS> [<QUOTA>] ${0} quota ${CYAN}set${RESET} <EMAIL ADDRESS> [<QUOTA>]
${0} quota del <EMAIL ADDRESS> ${0} quota ${CYAN}del${RESET} <EMAIL ADDRESS>
${LBLUE}COMMAND${RESET} config ${RED}:=${RESET} ${LBLUE}COMMAND${RESET} config ${RED}:=${RESET}
${0} config dkim [ ARGUMENTS${RED}...${RESET} ] ${0} config ${CYAN}dkim${RESET} [ ARGUMENTS${RED}...${RESET} ]
${0} config ssl <FQDN> (${CYAN}ATTENTION${RESET}: This is deprecated and will be removed soon.)
${LBLUE}COMMAND${RESET} relay ${RED}:=${RESET} ${LBLUE}COMMAND${RESET} relay ${RED}:=${RESET}
${0} relay add-domain <DOMAIN> <HOST> [<PORT>] ${0} relay ${CYAN}add-domain${RESET} <DOMAIN> <HOST> [<PORT>]
${0} relay add-auth <DOMAIN> <USERNAME> [<PASSWORD>] ${0} relay ${CYAN}add-auth${RESET} <DOMAIN> <USERNAME> [<PASSWORD>]
${0} relay exclude-domain <DOMAIN> ${0} relay ${CYAN}exclude-domain${RESET} <DOMAIN>
${LBLUE}COMMAND${RESET} debug ${RED}:=${RESET} ${LBLUE}COMMAND${RESET} debug ${RED}:=${RESET}
${0} debug fetchmail ${0} debug ${CYAN}fetchmail${RESET}
${0} debug fail2ban [unban <IP>] ${0} debug ${CYAN}fail2ban${RESET} [unban <IP>]
${0} debug show-mail-logs ${0} debug ${CYAN}show-mail-logs${RESET}
${0} debug inspect ${0} debug ${CYAN}inspect${RESET}
${0} debug login <COMMANDS> ${0} debug ${CYAN}login${RESET} <COMMANDS>
${ORANGE}EXAMPLES${RESET} ${ORANGE}EXAMPLES${RESET}
${WHITE}./setup.sh email add test@domain.tld${RESET} ${WHITE}./setup.sh email add test@domain.tld${RESET}
@ -370,7 +369,6 @@ function _main
config ) config )
case ${2:-} in case ${2:-} in
dkim ) shift 2 ; _docker_image open-dkim "${@}" ;; dkim ) shift 2 ; _docker_image open-dkim "${@}" ;;
ssl ) shift 2 ; _docker_image generate-ssl-certificate "${1}" ;;
* ) _usage ;; * ) _usage ;;
esac esac
;; ;;

View file

@ -1,32 +0,0 @@
#! /bin/bash
set -e
# check if FQDN was passed as arguement in setup.sh
if [[ -z ${1} ]]
then
FQDN="$(hostname --fqdn)"
else
FQDN="${1}"
fi
SSL_CFG_PATH="/tmp/docker-mailserver/ssl"
if [[ ! -d ${SSL_CFG_PATH} ]]
then
mkdir --parents "${SSL_CFG_PATH}"
fi
cd "${SSL_CFG_PATH}" || { echo "cd ${SSL_CFG_PATH} error" ; exit ; }
# Create CA certificate
/usr/lib/ssl/misc/CA.pl -newca
# Create an unpassworded private key and create an unsigned public key certificate
openssl req -new -nodes -keyout "${SSL_CFG_PATH}"/"${FQDN}"-key.pem -out "${SSL_CFG_PATH}"/"${FQDN}"-req.pem -days 3652
# Sign the public key certificate with CA certificate
openssl ca -out "${SSL_CFG_PATH}"/"${FQDN}"-cert.pem -infiles "${SSL_CFG_PATH}"/"${FQDN}"-req.pem
# Combine certificates for courier
cat "${SSL_CFG_PATH}"/"${FQDN}"-key.pem "${SSL_CFG_PATH}"/"${FQDN}"-cert.pem > "${SSL_CFG_PATH}"/"${FQDN}"-combined.pem