Commit graph

70 commits

Author SHA1 Message Date
Georg Lauterbach 04f4ae4569
Rspamd: add custom symbol scores for SPF, DKIM & DMARC (#3726) 2024-01-05 09:07:31 +01:00
Georg Lauterbach 8f391e4d5a
release: v13.2.0 (#3746)
* bump `VERSION` & adjust `CHANGELOG.md`

* chore: Bump the unreleased base compare tag in `CHANGELOG.md`

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-04 22:14:51 +01:00
Georg Lauterbach bf69ef248e
Postfix: add smtpd_data_restrictions = reject_unauth_pipelining (#3744)
* add `smtpd_data_restrictions = reject_unauth_pipelining`

* fix: Skip restriction if trusted

* add changelog entry

* revert change to `postfix-amavis.cf`

* Update CHANGELOG.md

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-04 22:13:13 +01:00
Georg Lauterbach 25c7024cc4
security(Postfix): Protect against "SMTP Smuggling" attack (#3727)
View `CHANGELOG.md` entry and PR for details.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-03 14:02:59 +13:00
Georg Lauterbach 9e81517fe3
tests: Use swaks instead of nc for sending mail (#3732)
See associated `CHANGELOG.md` entry for details.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-03 13:17:54 +13:00
Brennan Kinney 0889b0ff06
fix: supervisor-app.conf - Correct the log location for postgrey (#3724)
* fix: `supervisor-app.conf` - Correct `postgrey` log location

Looks like this should have been like every other service and reference a log file(s) based on program name in the supervisor log directory.

* tests: Adjust log location for `postgrey_enabled.bats`
2023-12-30 09:59:09 +13:00
Georg Lauterbach 8392e3c1a8
release: v13.1.0 (#3720)
Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-12-29 13:58:54 +01:00
Brennan Kinney 72517d3f82
docs: Debugging - Delivery failure from service downtime (#3718)
* docs: Debugging - Delivery failure from service downtime

Services may be temporarily down, such as when restarted when certificates are updated due to the `check-for-changes.sh` service. This is another known source of intermittent delivery failures.
2023-12-26 09:53:32 +13:00
Casper 3adb53eb12
Remove sed statement (#3715) 2023-12-20 13:43:32 +13:00
Brennan Kinney 226ec847a4
ci: Remove VERSION from Dockerfile (#3711)
* ci: Remove `VERSION` from `Dockerfile`

This line was meant to be dropped with the switch to using the `DMS_RELEASE` ENV.
2023-12-19 08:35:16 +00:00
Brennan Kinney 03052a65b8
ci: Allow lint workflow to be manually triggered (#3714)
* ci: Allow lint workflow to be manually triggered

Without this a different event must occur to trigger the workflow, which is inconvenient for automated PRs.
2023-12-19 18:59:59 +13:00
Casper 98a4c13ca9
Add ENV ENABLE_IMAP (#3703) 2023-12-18 12:26:28 +01:00
Casper d3b4e94d06
update-check: fix 'read' exit status (#3688)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2023-12-08 01:20:17 +01:00
Peter Adam 77917f5cc6
scripts: Install arm64 rspamd from official repository (#3686)
* scripts: Install rspamd from official repository instead of debian backports on arm64 architecture

* Remove unnecessary deb-src repository for rspamd

* Remove note about ARM64 rspamd version, update CHANGELOG.md

---------

Co-authored-by: Peter Adam <p.adam@cygnusnetworks.de>
2023-12-07 23:45:02 +01:00
Casper 908d38047c
scripts: add warning when update-check is enabled, but no stable release image is used (#3684) 2023-12-05 20:42:30 +00:00
Brennan Kinney c75975d59e
chore: Postfix should integrate Dovecot at runtime (#3681)
* chore: Better establish startup scope

* chore: Configure `main.cf` for Dovecot at runtime
2023-12-05 17:16:39 +13:00
Brennan Kinney 01689ab788
docs: Troubleshooting - Bare domain misconfiguration (#3680) 2023-12-03 23:22:43 +01:00
Georg Lauterbach 472174b744
ci: add run-local-instance target to Makefile (#3663) 2023-12-04 10:28:40 +13:00
Brennan Kinney 68f9671a22
fix: Logging - Welcome should use DMS_RELEASE ENV (#3676) 2023-11-30 14:47:31 +13:00
Brennan Kinney 19e96b5131
fix: update-check.sh should query GH Releases (#3666)
* fix: Source `VERSION` from image ENV

Now CI builds triggered from tagged releases will always have the correct version. No need for manually updating a separate file.

* fix: Query latest GH release tag

Compare to the remote GH release tag published, rather than contents of a `VERSION` file.

`VERSION` file remains in source for now as prior releases still rely on it for an update notification.

* chore: Switch from `yq` to `jaq`

- Can more easily express a string subslice.
- Lighter weight: 9.3M vs 1.7M.
- Drawback, no YAML input/output support.

If `yq` is preferred, the `v` prefix could be removed via BASH easily enough.

* chore: Add entry to `CHANGELOG.md`

* ci: `VERSION` has no relevance to `:edge`

* docs: Update build guide + simplify `make build`

---------

Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2023-11-30 10:21:26 +13:00
Georg Lauterbach a11951e398
hotfix: solve #3665 (#3669)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-11-28 10:33:29 +01:00
Georg Lauterbach b663e10841
release: v13.0.0 (#3641)
* adjust PR template

I am tired of writing `CHANGELOG.md` myself

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2023-11-26 14:00:56 +13:00
Georg Lauterbach f674232f71
misc: final Rspamd adjustments for v13 (#3599)
* outsource Rspamd ENVs into explicit helper

This will allow us to uniformly source the helper and get the values
from everywhere consistently. This is more than desirable since we will
be using these values not only for the Rspamd setup, but also for DKIM
management and during change-detection.

* integrate Rspamd into changedetection

We outsource one more function to reside in the helper script for Rspamd
so that we can call this function from the Rspamd setup and from the
changedetection functionality too.

* realize deprecation of old commands file for Rspamd

THIS IS A BREAKING CHANGE!

This change realizes the log message: "Using old file location now
(deprecated) - this will prevent startup in v13.0.0" Startup will now
fail.

* added '--force' option to Rspamd DKIM script

* use new helper to get ENVs for Rspamd in DKIM script

* remove the need for linking directories

This was unnecessary, as explained in
https://github.com/docker-mailserver/docker-mailserver/pull/3597#discussion_r1369413599

* Apply suggestions from code review

review by @polarathene

* apply more review feedback from @polarathene

- <https://github.com/docker-mailserver/docker-mailserver/pull/3599#discussion_r1370885519>
- <https://github.com/docker-mailserver/docker-mailserver/pull/3599#discussion_r1370904201>

* update documentation

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-10-30 10:20:37 +01:00
allddd eacc379cf1
feat: Postfix permit DSN (Delivery Status Notification) only on authenticated ports (465 + 587) (#3572)
* add POSTFIX_DSN

* add tests for POSTFIX_DSN

* Revert "add POSTFIX_DSN"

This reverts commit d5bd0e9117.

* discard DSN requests on unauthenticated ports

* make tests work with overrides instead of ENV

* Apply suggestions from code review

* fix test inconsistencies

---------

Co-authored-by: allddd <allddd@proton.me>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-10-22 15:16:41 +02:00
Brennan Kinney aae42fae9b
ci(fix): Normalize for .gitattributes + improve eclint coverage (#3566) 2023-10-04 12:53:32 +02:00
Brennan Kinney 9446fa9b9a
chore: Adapt ENABLE_LDAP=1 to ACCOUNT_PROVISIONER=LDAP (#3507)
- Deprecation startup script check is kept for `ENABLE_LDAP=1` but adjusted to emit an error instead. It can be dropped in a future release. Just a precaution for those who mistakenly update (_possibly via automation_) without checking the release notes, an error log is somewhat helpful, although it could alternatively panic?
- Docs updated to remove the `ENABLE_LDAP=1` usage
- ENV docs updated to reference a maintained LDAP image.
- Changelog includes the breaking change, and slight revision to prior release mention of deprecation.
2023-08-29 10:19:03 +12:00
H4R0 bb2038e8c6
feat: Allow marking spam as read via a sieve filter (ENV MARK_SPAM_AS_READ=1) (#3489)
* add MARK_SPAM_AS_READ environment variable

* review changes

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>

* update unit test

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-08-21 10:32:26 +12:00
Georg Lauterbach 652bbd831f
release: v12.1.0 (#3305)
Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-05-10 10:20:46 +02:00
Georg Lauterbach dc8a08031f
release: v12.0.0 (#3146)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Co-authored-by: casperklein <casperklein@users.noreply.github.com>
2023-04-10 10:32:33 +02:00
Jack Pearson e12b032f77
docs: Change edge version links to latest + fix links intended as relative not absolute (#3190)
* docs: change some absolute links to relative links

* docs: change most hard-coded links to `edge` to point to `latest`

* Apply suggestions from code review

* docs: revert 404 page to edge and change canonical link to `latest

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2023-03-22 23:43:10 +13:00
Casper 6ac59ef871
Fix several typos (#2990) 2023-01-10 14:13:50 +01:00
Casper bbe3640864
chore: Update changelog and version (#2944) 2022-12-22 23:27:40 +01:00
Casper 50257b46a7
release: v11.3.0 (#2882) 2022-12-19 07:39:16 +01:00
Casper 897d84f0f9
scripts: Improve error handling, when parameters are missing (#2854) 2022-10-29 11:04:35 +02:00
Casper caf2338201
Run fetchmail not in verbose mode (#2859) 2022-10-25 10:41:01 +02:00
Casper c4df9c116b
Follow up for #2849 (#2853) 2022-10-23 12:57:07 +02:00
Casper 474eb503ae
Fix: Make fetchmail data persistant (#2851) 2022-10-23 03:12:27 +02:00
Casper edb3fb1880
setup: fix unbound variable error (#2849) 2022-10-22 14:43:17 +13:00
Georg Lauterbach 284c44faa9
build: cleaned up Makefile (#2833) 2022-10-17 08:08:04 +13:00
Casper ac795a5976
fix: run Amavis cron job only when Amavis is enabled (#2831) 2022-10-16 11:52:53 +02:00
Casper 032ed00a17
fail2ban: enable network bans (#2818) 2022-10-15 12:01:59 +02:00
Casper 6d016ba592
Run user-patches.sh right before starting daemons (#2817) 2022-10-14 23:11:29 +00:00
Georg Lauterbach 4bae8eb1d9
release: v11.2.0 (#2790) 2022-10-13 10:58:27 +02:00
Brennan Kinney 4cf3100e89
chore(CHANGELOG): Include a feature that belongs to an existing release (#2658) 2022-06-25 10:10:24 +12:00
Brennan Kinney d2a0a5de2e
release: v11.1.0 (#2638)
* release: `v11.1.0`

* chore: Add deprecation notice for ARMv7

Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2022-06-23 10:50:42 +12:00
Georg Lauterbach 49a337ccfa
release: v11.0.0 (#2537)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2022-04-27 17:39:18 +02:00
Georg Lauterbach 4203afec3f
release: version v10.5.0 (#2431) 2022-03-02 10:08:46 +01:00
Brennan Kinney 061bae6cbf
release: version v10.4.0 (#2328) 2021-12-24 11:01:38 +13:00
Brennan Kinney 6d06149581
fix: Restore detection of letsencrypt certificate file changes (#2326)
The `DYNAMIC_FILES` var was quote wrapped, treating all filepaths to create checksums for as a single string that would be ignored instead of processed individually.

Removed the quotes, and changed the for loop to an array which accomplishes the same goal.


* fix: Prevent unnecessary change detection event

`acme.json` change would extract new cert files, which would then be hashed after restarting services and considered a change event, running through the logic again and restarting services once more when that was not required.

The checksum entries for those cert files are now replaced with new entries containing updated checksum hashes, after `acme.json` extraction.
2021-12-19 11:25:15 +13:00
Brennan Kinney 9cb890292f
release: version v10.3.0 (#2299) 2021-11-29 11:11:22 +13:00