Commit graph

2557 commits

Author SHA1 Message Date
Brennan Kinney 0889b0ff06
fix: supervisor-app.conf - Correct the log location for postgrey (#3724)
* fix: `supervisor-app.conf` - Correct `postgrey` log location

Looks like this should have been like every other service and reference a log file(s) based on program name in the supervisor log directory.

* tests: Adjust log location for `postgrey_enabled.bats`
2023-12-30 09:59:09 +13:00
Georg Lauterbach 8392e3c1a8
release: v13.1.0 (#3720)
Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-12-29 13:58:54 +01:00
Brennan Kinney 72517d3f82
docs: Debugging - Delivery failure from service downtime (#3718)
* docs: Debugging - Delivery failure from service downtime

Services may be temporarily down, such as when restarted when certificates are updated due to the `check-for-changes.sh` service. This is another known source of intermittent delivery failures.
2023-12-26 09:53:32 +13:00
Casper 3adb53eb12
Remove sed statement (#3715) 2023-12-20 13:43:32 +13:00
Brennan Kinney 226ec847a4
ci: Remove VERSION from Dockerfile (#3711)
* ci: Remove `VERSION` from `Dockerfile`

This line was meant to be dropped with the switch to using the `DMS_RELEASE` ENV.
2023-12-19 08:35:16 +00:00
github-actions[bot] 6a56c7e749
docs: update CONTRIBUTORS.md (#3704)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-12-19 06:01:25 +00:00
Brennan Kinney 03052a65b8
ci: Allow lint workflow to be manually triggered (#3714)
* ci: Allow lint workflow to be manually triggered

Without this a different event must occur to trigger the workflow, which is inconvenient for automated PRs.
2023-12-19 18:59:59 +13:00
Brennan Kinney ca2c53dde7
ci: Avoiding linting CONTRIBUTORS.yml (#3705)
The file is managed by the `contributors.yml` workflow, no need for linting to be triggered on PRs for that change.

This should ideally skip the required check status for the lint workflow which cannot trigger implicitly for automated PRs. If this doesn't work the change should be reverted.
2023-12-19 14:41:07 +13:00
Brennan Kinney 5908d9f060
tests(refactor): Dovecot quotas (#3068)
* chore: Extract out Dovecot Quota test cases into new test file

Test cases are just cut + paste, no logic changed there yet.

* chore: Rename test case descriptions

* chore: Use `setup ...` methods instead of direct calls

* chore: Adjust `_run_in_container_bash` to `_run_in_container`

Plus some additional bug fixes in the disabled test case

* tests(refactor): Revise ENV test cases for max mailbox and message sizes

* tests(refactor): Revise ENV test cases for mailbox and message limits v2

Removes the extra variables and filtering in favour of explicit values instead of matching for comparison.

- Easier at a glance to know what is actually expected.
- Additionally reworks the quota limit checks in other test cases. Using a different formatter for `doveadm` is easier to match the desired value (`Limit`).

* chore: Sync improvement from `tests.bats` master

---

NOTE: This PR has been merged to avoid additional maintenance burden without losing the improvements. It was not considered complete, but remaining tasks were not documented in the PR.
2023-12-19 14:33:38 +13:00
dependabot[bot] ee87291225
chore(deps): Bump dawidd6/action-download-artifact from 2 to 3 (#3707) 2023-12-19 01:29:15 +01:00
dependabot[bot] 5015dc80b1
chore(deps): Bump actions/upload-artifact from 3 to 4 (#3708) 2023-12-19 00:16:38 +01:00
dependabot[bot] b9f7ff86de
chore(deps): Bump docker/metadata-action from 5.3.0 to 5.4.0 (#3710)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.3.0 to 5.4.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v5.3.0...v5.4.0)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-18 15:50:56 +01:00
dependabot[bot] 083e464084
chore(deps): Bump github/codeql-action from 2 to 3 (#3709) 2023-12-18 14:05:37 +01:00
Casper 98a4c13ca9
Add ENV ENABLE_IMAP (#3703) 2023-12-18 12:26:28 +01:00
dependabot[bot] bbed3f6608
chore(deps): Bump actions/stale from 8 to 9 (#3696) 2023-12-11 21:36:30 +01:00
René Plötz 2f5dfed726
fix: Only set virtual_mailbox_maps to texthash when using the FILE account provisioner (#3693)
Signed-off-by: René Plötz <reneploetz@users.noreply.github.com>
2023-12-11 10:22:31 +13:00
github-actions[bot] bc9172fa74
docs: updated CONTRIBUTORS.md (#3691) 2023-12-10 21:08:19 +01:00
Casper d3b4e94d06
update-check: fix 'read' exit status (#3688)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2023-12-08 01:20:17 +01:00
Peter Adam 77917f5cc6
scripts: Install arm64 rspamd from official repository (#3686)
* scripts: Install rspamd from official repository instead of debian backports on arm64 architecture

* Remove unnecessary deb-src repository for rspamd

* Remove note about ARM64 rspamd version, update CHANGELOG.md

---------

Co-authored-by: Peter Adam <p.adam@cygnusnetworks.de>
2023-12-07 23:45:02 +01:00
Casper 908d38047c
scripts: add warning when update-check is enabled, but no stable release image is used (#3684) 2023-12-05 20:42:30 +00:00
Brennan Kinney c75975d59e
chore: Postfix should integrate Dovecot at runtime (#3681)
* chore: Better establish startup scope

* chore: Configure `main.cf` for Dovecot at runtime
2023-12-05 17:16:39 +13:00
dependabot[bot] 1ff8d57ea1
chore(deps): Bump anchore/scan-action from 3.3.7 to 3.3.8 (#3682)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-04 20:34:20 +00:00
dependabot[bot] 7ce745a82d
chore(deps): Bump docker/metadata-action from 5.0.0 to 5.3.0 (#3683)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-04 21:32:49 +01:00
Brennan Kinney 01689ab788
docs: Troubleshooting - Bare domain misconfiguration (#3680) 2023-12-03 23:22:43 +01:00
Georg Lauterbach 472174b744
ci: add run-local-instance target to Makefile (#3663) 2023-12-04 10:28:40 +13:00
Brennan Kinney 68f9671a22
fix: Logging - Welcome should use DMS_RELEASE ENV (#3676) 2023-11-30 14:47:31 +13:00
Brennan Kinney 19e96b5131
fix: update-check.sh should query GH Releases (#3666)
* fix: Source `VERSION` from image ENV

Now CI builds triggered from tagged releases will always have the correct version. No need for manually updating a separate file.

* fix: Query latest GH release tag

Compare to the remote GH release tag published, rather than contents of a `VERSION` file.

`VERSION` file remains in source for now as prior releases still rely on it for an update notification.

* chore: Switch from `yq` to `jaq`

- Can more easily express a string subslice.
- Lighter weight: 9.3M vs 1.7M.
- Drawback, no YAML input/output support.

If `yq` is preferred, the `v` prefix could be removed via BASH easily enough.

* chore: Add entry to `CHANGELOG.md`

* ci: `VERSION` has no relevance to `:edge`

* docs: Update build guide + simplify `make build`

---------

Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2023-11-30 10:21:26 +13:00
Georg Lauterbach a11951e398
hotfix: solve #3665 (#3669)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-11-28 10:33:29 +01:00
dependabot[bot] b037288e5a
chore(deps): Bump anchore/scan-action from 3.3.6 to 3.3.7 (#3667)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-27 14:22:17 +01:00
Georg Lauterbach 68a43eb497
ci: push :edge when VERSION is updated (#3662)
Previously, we did not run the workflow on push on `master` when a
release happened because the push on master is guarded by a check on
which files were changed.

With this change, I added `VERSION` to the list of files to consider
when updating `:edge`.
2023-11-26 21:44:47 +01:00
github-actions[bot] 2c60229913
docs: updated CONTRIBUTORS.md (#3656)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-11-26 20:15:14 +01:00
Georg Lauterbach b663e10841
release: v13.0.0 (#3641)
* adjust PR template

I am tired of writing `CHANGELOG.md` myself

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2023-11-26 14:00:56 +13:00
Brennan Kinney ba814f4213
ci: Linter EC should use /check as the mount path (#3655) 2023-11-25 12:34:00 +00:00
Jean-Kevin KPADEY cedd360ebd
docs: add a new example explaining how to integrate crowdsec with (#3651) 2023-11-25 11:02:42 +01:00
Brennan Kinney 7d1fcb75d7
docs: Debugging - Correctly starting DMS (#3654) 2023-11-25 10:57:34 +01:00
Brennan Kinney 2a716cf4a4
docs: Dovecot Sieve - Adjust to new path for user home folder (#3650) 2023-11-23 10:47:11 +01:00
Brennan Kinney 020542a66c
docs: Debugging - Add macOS suggestion to use gRPC FUSE file sharing implementation (#3652) 2023-11-23 14:05:51 +13:00
dependabot[bot] 042bd872bf
chore(deps): Bump docker/build-push-action from 5.0.0 to 5.1.0 (#3645)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-20 14:03:32 +01:00
Georg Lauterbach d8ebf591f9
docs: correct path for logs (#3640) 2023-11-15 10:34:56 +13:00
github-actions[bot] 218b56b123
docs: updated CONTRIBUTORS.md (#3639)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-11-14 16:16:52 +01:00
Georg Lauterbach f5a7e9d119
contributors: fix spelling & remove dedicated AllContributors section (#3638)
With the latest `contributors.yml` workflow, everyone is included in the
list of contributors. Hence, we do not need the extra section anymore.
2023-11-14 16:15:39 +01:00
github-actions[bot] d2efedf91c
docs: updated CONTRIBUTORS.md (#3637)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-11-13 13:23:21 +00:00
Georg Lauterbach 5f2fb72c9c
Rspamd: add check for DKIM private key files' permissions (#3627)
* added check for Rspamd DKIM on startup

The newly added function `__rspamd__check_dkim_permissions` performs a
check on DKIM private key files. This is useful to prevent issues
like #3621 in the future. The function is deliberately kept simple and
may not catch every single misconfiguration in terms of permissions and
ownership, but it should be quite accurate.

Please note that the Rspamd setup does NOT change at all, and the checks
will not abort the setup in case they fail. A simple warning is emmited.

* add more documentation to Rspamd functions

* Apply suggestions from code review

* improve `__do_as_rspamd_user`

* rework check similar to review suggestion

see https://github.com/docker-mailserver/docker-mailserver/pull/3627#discussion_r1388697547

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-11-13 12:34:46 +01:00
Georg Lauterbach 26214491ef
fix: Drop special bits from Postfix maildrop/ and public/ directory permissions (#3625)
* update K8s deployment

Because `allowPrivilegeEscalation` controls SUID/SGID, we require it
when postdrop is invoked.

* correct permissions for maildrop/public

The reason our permissions previously worked out as that in setups where
SUID/SGID worked, the binaries used to place files in these directories
already have SGID set; the current set of permissions makes less sense
(as explained in this comment:
https://github.com/docker-mailserver/docker-mailserver/issues/3619#issuecomment-1793816412)

Since the binaries used to place files inside these directories alredy
have SUID/SGID set, we do not require these bits (or the sticky bit) to
be set on the directories.

* Apply suggestions from code review

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-11-10 19:57:17 +01:00
Joerg Sonnenberger 0703e01492
docs: Clarify default for ENV FETCHMAIL_PARALLEL (#3603)
- Make this easier to find when browsing the example environment file.
- Adjust ENV documentation to properly mark the actual default value.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-11-10 13:03:21 +13:00
Zepmann 290355cf5a
docs: Add Dovecot Lua auth guide + required package (#3579)
* Dovecot: add deb package dovecot-lua to support Lua scripting
* Adding documentation for Lua authentication
* Updated documentation and made a better distinction between Dovecot packages for officially supported features and for community supported features.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-11-09 10:18:17 +13:00
Joerg Sonnenberger 460f2d5be5
docs: correct Rspamd directory name (#3629) 2023-11-08 17:57:16 +01:00
Georg Lauterbach 8c0777b669
docs: improve docs about how to work with logs (#3626)
* improvide docs about how to work with logs

Most importantly,

1. I added information on the recently adopted `less` / `nano`
2. I added information about `/var/log/mail/`

* fix typos

* Apply suggestions from code review

* Update docs/content/config/debugging.md

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-11-08 10:49:36 +01:00
Georg Lauterbach f674232f71
misc: final Rspamd adjustments for v13 (#3599)
* outsource Rspamd ENVs into explicit helper

This will allow us to uniformly source the helper and get the values
from everywhere consistently. This is more than desirable since we will
be using these values not only for the Rspamd setup, but also for DKIM
management and during change-detection.

* integrate Rspamd into changedetection

We outsource one more function to reside in the helper script for Rspamd
so that we can call this function from the Rspamd setup and from the
changedetection functionality too.

* realize deprecation of old commands file for Rspamd

THIS IS A BREAKING CHANGE!

This change realizes the log message: "Using old file location now
(deprecated) - this will prevent startup in v13.0.0" Startup will now
fail.

* added '--force' option to Rspamd DKIM script

* use new helper to get ENVs for Rspamd in DKIM script

* remove the need for linking directories

This was unnecessary, as explained in
https://github.com/docker-mailserver/docker-mailserver/pull/3597#discussion_r1369413599

* Apply suggestions from code review

review by @polarathene

* apply more review feedback from @polarathene

- <https://github.com/docker-mailserver/docker-mailserver/pull/3599#discussion_r1370885519>
- <https://github.com/docker-mailserver/docker-mailserver/pull/3599#discussion_r1370904201>

* update documentation

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-10-30 10:20:37 +01:00
github-actions[bot] 5efd249786
docs: updated CONTRIBUTORS.md (#3606)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-10-29 17:04:07 +01:00