Commit graph

2571 commits

Author SHA1 Message Date
Casper 43a122fe18
scripts: add wrapper to update Postfix configuration safely (follow up) (#3503) 2023-08-28 09:40:24 +12:00
Brennan Kinney f89cbac21c
tests: TLS cipher suites - Update testssl.sh tag to 3.2 (#3504) 2023-08-27 23:44:53 +12:00
Brennan Kinney c8a0bfd361
ci: Fix question.yml template - value should be an attribute (#3502)
The recent change to this template was invalid, as `value` should have been nested under the `attributes` object.
2023-08-24 14:29:08 +02:00
Brennan Kinney af09db6648
ci: question.yml - Clarify that the issue tracker is not for personal support (#3498)
* ci: Revise `question.yml` to better clarify the issue tracker is not for support queries

Users have been making low effort reports (_bypassing the dedicated form_) through this alternative that is intended for addressing other concerns related to the project - not troubleshooting user problems.

When a user does not want to put the effort in of a full bug report (_and following our debug docs tips that it refers them to_), they should be using the Github Discussions page which provides the same free-form input, but should not require attention of project devs (contributors / maintainers).

---

The markdown rendered field above the "Description" input field didn't seem too relevant for this template. I've opted for a markdown comment (so it won't render if kept) into the input field with hopes that'll be more visible to the readers attention.

* chore: Fix typo
2023-08-23 16:56:24 +02:00
Brennan Kinney 39ae101266
tests: Change OpenLDAP image to bitnami/openldap (#3494)
**TL;DR:**
- New image is actively maintained vs existing one that is over 5 years old. 
- Slight improvement to LDAP tree config via `.ldif` files.
- No more `Dockerfile` required to build, we can just rely on `docker run`.

`osixia/openldap` has not seen any activity since Feb 2021, while our `Dockerfile` was fixed to v1.1.6` (Feb 2018).

Startup time for this new image is around 5 seconds? (_The LDAP test uses a standard 20 second timeout check to wait until the server is ready before continuing with starting the DMS image_).

This commit migrates to `bitnami/openldap` which required modifying the `01_mail-tree.ldif` to also include adding the root object to start successfully. This image is actively maintained and one of the most popular OpenLDAP images on DockerHub.

The user account `.ldif` files have minimal changes:
- Lines moved around for better organization
- Additional comments for context
- Removal of inherited `objectClass` attributes (`person`, `top`) from the `orgnizationalPerson` class. Attribute `sn` changed to long form `surname` and values corrected with `givenName`. `changetype: add` was also not necessary.

Additionally the image does not support the `.schema` format, they must be converted to `.ldif` which has been done for `postfix-book.schema`.

See PR for more details.
2023-08-22 21:38:25 +12:00
Georg Lauterbach cf9eb8278a
scripts: add wrapper to update Postfix configuration safely (#3484)
The new function can

1. update/append
2. update/prepend
3. initialize if non-existent

options in `/etc/postfix/main.cf` in a safe and secure manner. When the
container is improperly restarted, the option is not applied twice.

---

Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-08-22 08:03:41 +00:00
HeySora 758fd9c913
Docs: Drop mention of port 25 support for authenticated submission (#3496)
* FAQ: Remove outdated port 25 for mail client use
2023-08-22 17:49:15 +12:00
dependabot[bot] 0dc862156f
chore(deps): Bump nwtgck/actions-netlify from 2.0 to 2.1 (#3495)
Bumps [nwtgck/actions-netlify](https://github.com/nwtgck/actions-netlify) from 2.0 to 2.1.
- [Release notes](https://github.com/nwtgck/actions-netlify/releases)
- [Changelog](https://github.com/nwtgck/actions-netlify/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/nwtgck/actions-netlify/compare/v2.0...v2.1)

---
updated-dependencies:
- dependency-name: nwtgck/actions-netlify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-22 10:30:10 +12:00
H4R0 bb2038e8c6
feat: Allow marking spam as read via a sieve filter (ENV MARK_SPAM_AS_READ=1) (#3489)
* add MARK_SPAM_AS_READ environment variable

* review changes

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>

* update unit test

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-08-21 10:32:26 +12:00
Brennan Kinney 5bada0a83b
tests: Refactor LDAP tests to current conventions (#3483)
* tests: Switch to setup helper and conventions

* tests: Adapt run command to new conventions

- We have two helper methods with implicit `CONTAINER_NAME` reference, which is a bit more DRY and improves readability.
- `wc -l` + `assert_output 1` converted to use helper `_should_output_number_of_lines 1`
- `DOMAIN` var changed from `my-domain.com` to local testing domain `example.test`.

* tests: Refactor `setup_file()`

- Test wide ENV defined at the top
- OpenLDAP build and run logic grouped together. Added notes, network alias and tty not required.
- Extracted out special LDAP Postfix/Dovecot ENV into separate array. LDAP specific provisioning / auth ENV also included, with comments + linebreak to better group related ENV.
- Likewise additional ENV to support test cases has been extracted to a separate array with additional comments for context.
- Those two arrays are expanded back into the main `CUSTOM_SETUP_ARGUMENTS` that configure hostname and network for the DMS container.

* tests: Refactor the LDAP account table query testcase

- Covers 3 accounts to test from LDAP.
  - 2 are the same query against users/aliases/groups tables in Postfix, only differing by account queried (and expected as returned result).
  - 1 separate test to ensure a difference in config is supported correctly.
- Extracted repeated test logic into a helper method.
- Added additional context in comments about the creation source of these LDAP accounts and their related Postfix config / interaction. Direct reference to special case PR (since `git blame` will be less useful).

* tests: Use iteration for `grep` setting checks

More DRY approach. With a bit more helpful failure context via `assert_output` (_and only grepping the key_). Simpler to grok what's being covered.

* tests: DRY test email delivery

A bit more verbose with the new helper method. `test-email.txt` template is only used by the LDAP test, as is the `sendmail` command.

Helper will take two args to support the testcases, but at a later date should be refactored to be consistent with the `_send_email()` helper (_which presently uses `nc` that is required for plain-text mail/auth, otherwise we'd have used `openssl`, bigger refactor required_).

* tests: Slight revisions and relocating testcases

- Dovecot quota plugin testcase revised to check files exist instead of rely on `ls` failure.
- Moved Postfix quota plugin testcase into prior dovecot testcase for quota plugin check. Better error output by only querying the `smtpd_recipient_restrictions` setting (_which should be the only one configured for the service_).
- Moved the saslauthd and pflogsumm testcases (_no changes beyond revised comments_) above the `ATTENTION` comment, and one testcase below the comment that belonged to that group.

* tests: Simplify openldap `docker build` command

- `--no-cache` was creating a new image on the Docker host each time the test is run. Shouldn't be any need to build without cache.
- No need to use `pushd` + `popd`, can just provide the path context directly, and the `./Dockerfile` is an implicit default thus `-f` not required either.

Additionally removed the old `checking` prefix from testcase names.

* tests: Move LDAP specific config into `test/config/ldap/`

- No changes to any of these config files, just better isolation as not relevant to any other tests.
- Section heading in `setup_file()` added to distinguish the remainder of the function is dedicated to the DMS container setup.
- Comment providing some context about the `mv` to maintainers, this should be done after defaults are initialized but before starting up the container.

* chore: Appease the lint gods

* Apply suggestions from code review
2023-08-17 14:33:34 +12:00
Casper 8f97171336
compose.yaml: Add comment about disabled authentication on port 25 (#3464)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2023-08-14 01:58:54 +02:00
Georg Lauterbach f28fce9cc4
rspamd: disable checks for authenticated users (#3440)
Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: William Desportes <williamdes@wdes.fr>
2023-08-08 10:43:21 +02:00
Georg Lauterbach b001f5a140
Rspamd: local network addition and user name mismatch (#3453) 2023-08-04 13:45:35 +02:00
Nils Höll 85603193a2
feat(setup): Add fail2ban sub-command status <JAIL> (#3455)
* Added status command to fail2ban setup script

* Switched to `printf` for command output

Co-authored-by: Casper <casperklein@users.noreply.github.com>

* Update docs/content/config/security/fail2ban.md

Co-authored-by: Casper <casperklein@users.noreply.github.com>

---------

Co-authored-by: Casper <casperklein@users.noreply.github.com>
2023-08-02 12:09:01 +12:00
Georg Lauterbach da984e5696
see https://github.com/docker-mailserver/docker-mailserver/issues/3433#issuecomment-1646532264 (#3439) 2023-07-28 13:39:23 +02:00
rmlhuk f53a40d2ae
docs(page:usage): Add internet.nl to the testing tools section (#3445)
Adding `internet.nl` mail tester, this testing services gives users in-depth analysis of their mail server, connectivity, DKIM/SPF/DMARC records and DNS.
2023-07-28 11:07:26 +12:00
rriski 59f483f157
docs: Fix typos (#3443)
Various typos fixed in docs, in addition to a config and ENV template.
2023-07-27 12:24:36 +12:00
Brennan Kinney a0fde8b83f
docs: IPv6 config examples with content tabs (#3436)
For added clarity, a user requested we document the example config snippets instead of only linking external references to them. Revised section and adjusted to presenting via the content tabs feature.
2023-07-20 23:05:19 +02:00
Brennan Kinney 5ef048bfae
chore: Discourage latest in bug report version field (#3435) 2023-07-20 22:45:33 +02:00
dependabot[bot] 7d5c2736ce
chore(deps): Bump docker/setup-buildx-action from 2.9.0 to 2.9.1 (#3430)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-17 21:48:19 +02:00
dependabot[bot] 18f8d2573b
chore(deps): Bump docker/setup-buildx-action from 2.8.0 to 2.9.0 (#3421)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-10 19:25:14 +02:00
dependabot[bot] ee7c4b1ede
chore(deps): Bump docker/setup-buildx-action from 2.7.0 to 2.8.0 (#3414)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v2.7.0...v2.8.0)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-03 14:54:14 +02:00
Georg Lauterbach 9f5d662da7
docs: Rewrite of IPv6 page (#3244)
Much better docs for IPv6 support. Third-party container no longer required, Docker has `ip6tables` feature now.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-07-03 11:33:14 +12:00
Felix N a2247bf655
fix spelling issues in rspamd-dkim (#3411)
Co-authored-by: Felix Nieuwenhuizen <felix@tdlrali.com>
2023-06-28 20:42:57 +00:00
dependabot[bot] 32c3ecd00e
chore(deps): Bump anchore/scan-action from 3.3.5 to 3.3.6 (#3406)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-26 20:01:26 +02:00
Brennan Kinney a276589e40
docs: Add compatibility section to debugging page (#3404)
docs: Add compatibility section to debugging page

ci: Adjust bug report template
Reduce some text + compress the preliminary checks down to single check item.
2023-06-22 09:17:41 +02:00
wligtenberg 68c6f247a6
Fix issue with concatenating $dmarc_milter and $dkim_milter in main.cf (#3380)
* Fix issue with concatenating $dmarc_milter and $dkim_milter in main.cf 

Upon each start the  `smtpd_milters` and `non_smtpd_milters` would be extended with the following:
```
smtpd_milters =   $dmarc_milter $dkim_milter
non_smtpd_milters = $dkim_milter
```
In my case they became long enough that mail delivery stopped. I think this was because of the extra headers that are added by these steps. (which in turn would cause the mail to be dropped)

* fix sed to work when the variables are there and when they are not.

---------

Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2023-06-20 19:44:54 +00:00
Claude Brisson 2b400a9269
Fix sieve setup (#3397) 2023-06-20 13:37:31 +02:00
dependabot[bot] 4dae83b256
chore(deps): Bump peter-evans/create-pull-request from 5.0.1 to 5.0.2 (#3399)
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v5.0.1...v5.0.2)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-20 09:43:57 +02:00
dependabot[bot] e380cc3065
chore(deps): Bump docker/setup-buildx-action from 2.6.0 to 2.7.0 (#3398) 2023-06-19 23:21:13 +02:00
dependabot[bot] 59bcab6127
chore(deps): Bump docker/build-push-action from 4.1.0 to 4.1.1 (#3400) 2023-06-19 23:14:09 +02:00
dependabot[bot] 7a5dfb71c2
chore(deps): Bump docker/metadata-action from 4.5.0 to 4.6.0 (#3401) 2023-06-19 23:03:45 +02:00
dependabot[bot] 8fbc58cf5d
chore(deps): Bump docker/setup-qemu-action from 2.1.0 to 2.2.0 (#3389) 2023-06-12 19:19:35 +02:00
dependabot[bot] 7b1a712c91
chore(deps): Bump docker/metadata-action from 4.4.0 to 4.5.0 (#3387)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-12 17:13:51 +00:00
dependabot[bot] 8e87a4d845
chore(deps): Bump docker/setup-buildx-action from 2.5.0 to 2.6.0 (#3388)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-12 17:12:00 +00:00
dependabot[bot] 7bf772e2d6
chore(deps): Bump docker/build-push-action from 4.0.0 to 4.1.0 (#3390)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-12 19:10:10 +02:00
Casper e0c7cd475b
Don't register _setup_spam_to_junk() when SMTP_ONLY=1 (#3385) 2023-06-11 22:59:26 +02:00
Thomas Butter efed9d8012
Dovecot: compile fts_xapian from source to match Dovecot ABI (#3373)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2023-06-01 10:50:31 +02:00
Brennan Kinney e68062282a
ci: Simplify GH bug report template (#3381)
Simplify the bug report form further by dropping / merging form sections.

Change Overview:
- Minor revisions and formatting changes (_multi-line pipe operator, emoji, fix typos, etc_).
- Collapsed OS + Arch into single input field (_not much benefit from the two additional dropdown items_).
- Description/reproduction and expectation sections revised (_expectation intent is typically inferred by the issue description, while detailed reproduction steps can belong a separate optional section_).
- Removed platform dropdown (_Windows and macOS are mentioned in description as unsupported_).
- Removed experience checkboxes (_context doesn't really change responses_).
- Removed the orchestrator dropdown (_we don't seem to use this information, it's just noise_)
- Relocate the DMS version + OS/Arch sections to come after the Reproduction steps.
2023-06-01 12:57:05 +12:00
Brennan Kinney 86e18d04dd
chore: Revise Dockerfile comment on COPY bug (#3378) 2023-05-31 01:22:42 +12:00
Georg Lauterbach 6a4fac61f8
misc: remaining v13 todos (#3370) 2023-05-29 19:07:45 +02:00
Georg Lauterbach 68265b744d
add note about DMS FQDN (#3372) 2023-05-29 18:34:58 +02:00
dependabot[bot] d1fb8f5958
chore(deps): Bump myrotvorets/set-commit-status-action from 1.1.6 to 1.1.7 (#3377)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-29 16:52:34 +02:00
Casper 5c504a5741
Bump hadolint/eclint version (#3371) 2023-05-28 22:48:11 +02:00
Casper 3d6260adf8
Add BASH syntax check to linter (#3369) 2023-05-27 22:12:24 +02:00
Arun 69ae4ff319
Update dkim_dmarc_spf.md (#3367) 2023-05-26 14:24:07 +02:00
Casper 8bfe8424fc
Change 'for' style (#3368) 2023-05-26 14:00:40 +02:00
Casper 8512dba8ad
Change 'until' style (#3366) 2023-05-26 07:42:03 +02:00
Casper c2d0b748b2
Change 'while' style (#3365) 2023-05-26 01:39:39 +02:00
Casper 37ca0f9ba9
Change 'function' style (#3364) 2023-05-26 01:01:41 +02:00