Commit graph

2507 commits

Author SHA1 Message Date
Joerg Sonnenberger 097dc6c9a4
docs(bin/setup): Add an example for an alias with multiple recipients (#3600)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-10-26 13:22:36 +13:00
Georg Lauterbach cb62ce20e6
bugfix: change Rspamd DKIM default config location (#3597)
Instead of using `etc/rspamd/override.d/dkim_signing.conf`, we will now
be using `/tmp/docker-mailserver/rspamd/override.d/dkim_signing.conf`.
The new location is persisted (and linked again during startup) and
hence better suited.
2023-10-24 10:31:22 +02:00
github-actions[bot] d988d8a8d1
docs: updated CONTRIBUTORS.md (#3596)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-10-22 18:11:16 +02:00
georglauterbach eb7b1882e1
update contributors.yml action 2023-10-22 17:42:01 +02:00
allddd eacc379cf1
feat: Postfix permit DSN (Delivery Status Notification) only on authenticated ports (465 + 587) (#3572)
* add POSTFIX_DSN

* add tests for POSTFIX_DSN

* Revert "add POSTFIX_DSN"

This reverts commit d5bd0e9117.

* discard DSN requests on unauthenticated ports

* make tests work with overrides instead of ENV

* Apply suggestions from code review

* fix test inconsistencies

---------

Co-authored-by: allddd <allddd@proton.me>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-10-22 15:16:41 +02:00
Brennan Kinney 811a769845
ci: Update eclint to 2.7.2 (#3584)
This release contains a bugfix for charset detection, resolving a linting bug affecting the test-files directory.
2023-10-18 10:47:43 +13:00
Andreas Perhab f6e556e33f
docs: fix path to rspamd.log (#3585) 2023-10-17 10:24:01 +02:00
Brennan Kinney 4a58e2eb83
docs: Revise watchtower page (#3583)
- Better clarify images are only updated to newer image updates to the same tag of the running container(s).
- Slight revisions to existing content.
2023-10-16 15:20:50 +02:00
Georg Lauterbach 128e6b4d1f
chore: Add debug group (packages.sh) + more resilient rspamd setup (#3578) 2023-10-16 09:51:48 +02:00
Georg Lauterbach 894978ddd7
refactor: logrotate setup + rspamd log path + tests log helper fallback path (#3576)
* simplify `_setup_logrotate`

* adjust Rspamd's log file and improve it's management

* add information to docs about Rspamd log

* update log query helper to allow another file location

* bail in case `LOGROTATE_INTERVAL` is invalid

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-10-14 17:14:10 +02:00
Vincent Ducamps 82c38f2426
docs: TLS - Include passthrough=true on implicit ports for Traefik example (#3568) 2023-10-08 11:25:57 +13:00
Brennan Kinney aae42fae9b
ci(fix): Normalize for .gitattributes + improve eclint coverage (#3566) 2023-10-04 12:53:32 +02:00
Vincent Ducamps bd96c1161e
feat: Allow changing the Dovecot vmail UID/GID via ENV (#3550)
Some deployment scenarios are not compatible with `5000:5000` static vmail user with `/var/mail`. This feature allows adjusting the defaults to a UID / GID that is compatible.

Signed-off-by: vincent <vincent@ducamps.win>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-10-01 00:20:03 +13:00
Brennan Kinney 89cb6d85b9
tests(fix): lmtp_ip.bats improve partial failure output (#3552)
Instead of exit status of `124` (_signifies timeout_), it should fail with `1` (failure) like the others. Handled via using `_run_in_container_bash()` (_`timeout` failure `124` does not propagate and is treated as `1` instead_).

In this case we are waiting on the status of the mail being sent, the pattern provided to `grep` is too specific and results in a timeout. Instead since we only expect the one log entry, match any status and assert the expected pattern afterwards.

This provides a more helpful failure output that informs us that mail was at least processed by Postfix, but the sent status is not what we expected.

### Before

```
 ✗ [ENV] (POSTFIX_DAGENT) delivers mail to existing account [60327]
   (from function `assert_success' in file test/test_helper/bats-assert/src/assert_success.bash, line 42,
    in test file test/tests/parallel/set3/mta/lmtp_ip.bats, line 47)
     `assert_success' failed

   -- command failed --
   status : 124
   output :
   --
```

### After

```
 ✗ [ENV] (POSTFIX_DAGENT) delivers mail to existing account [1425]
   (from function `assert_output' in file test/test_helper/bats-assert/src/assert_output.bash, line 178,
    in test file test/tests/parallel/set3/mta/lmtp_ip.bats, line 48)
     `assert_output --regexp "${MATCH_LOG_LINE}=sent .* Saved)"' failed

   -- regular expression does not match output --
   regexp : postfix/lmtp.* status=sent .* Saved)
   output : Sep 28 04:12:52 mail postfix/lmtp[721]: 23701B575: to=<user1@localhost.localdomain>, relay=127.0.0.1[127.0.0.1]:24, delay=0.08, delays=0.07/0/0.01/0, dsn=4.2.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.2.0 <user1@localhost.localdomain> Internal error occurred. Refer to server log for more information. [2023-09-28 04:12:52] (in reply to end of DATA command))
   --
```

The expected pattern is logged as `assert_success` confirms a valid match for the log line of interest was found, and we have the mismatched value to debug the failure against.
2023-09-29 10:17:57 +13:00
Brennan Kinney a9d6e329cd
tests(fix): process_check_restart.bats - Run pgrep within the actual container (#3553)
This was missed during original review.

On a linux host, processes running within a container have been visible via commands like `pgrep`. This is does not appear to be the case with WSL2 + Docker Desktop (Windows), resulting in test failure.

The command should have been run from within the container regardless.
2023-09-28 14:37:15 +02:00
jpduyx 8c0cfa0836
docs: Revise update-and-cleanup.md (#3539)
* Update update-and-cleanup.md

spotify dockergc is UNMAINTAINED, they advice to consider using the `docker system prune` command instead.

"This repository has been archived by the owner on Feb 2, 2021. It is now read-only."

https://github.com/spotify/docker-gc

* Revise `update-and-cleanup.md`

Merges the image update + cleanup sections.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-09-19 16:21:33 +12:00
dependabot[bot] 539a7bc3bb
chore(deps): Bump docker/login-action from 2 to 3 (#3543)
Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-19 03:01:59 +00:00
dependabot[bot] 285266a6aa
chore(deps): Bump docker/metadata-action from 4.6.0 to 5.0.0 (#3544)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 4.6.0 to 5.0.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](https://github.com/docker/metadata-action/compare/v4.6.0...v5.0.0)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-19 02:59:39 +00:00
dependabot[bot] af65189a82
chore(deps): Bump docker/setup-qemu-action from 2.2.0 to 3.0.0 (#3542)
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2.2.0 to 3.0.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v2.2.0...v3.0.0)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-19 02:57:36 +00:00
dependabot[bot] c425cdddc5
chore(deps): Bump docker/build-push-action from 4.2.1 to 5.0.0 (#3541)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4.2.1 to 5.0.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v4.2.1...v5.0.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-09-19 02:55:20 +00:00
dependabot[bot] 62f4544dd2
chore(deps): Bump docker/setup-buildx-action from 2.10.0 to 3.0.0 (#3540)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.10.0 to 3.0.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v2.10.0...v3.0.0)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-19 14:53:39 +12:00
Lucas Bartholemy 86edaf9a8a
fix: DKIM key generation broken when Rspamd & OpenDKIM are enabled (#3535)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2023-09-13 10:42:52 +02:00
dependabot[bot] 8329fa19cc
chore(deps): Bump myrotvorets/set-commit-status-action (#3534)
Bumps [myrotvorets/set-commit-status-action](https://github.com/myrotvorets/set-commit-status-action) from 1.1.7 to 2.0.0.
- [Release notes](https://github.com/myrotvorets/set-commit-status-action/releases)
- [Commits](https://github.com/myrotvorets/set-commit-status-action/compare/v1.1.7...v2.0.0)

---
updated-dependencies:
- dependency-name: myrotvorets/set-commit-status-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-12 10:50:55 +12:00
dependabot[bot] fc3229f8d2
chore(deps): Bump docker/build-push-action from 4.1.1 to 4.2.1 (#3533)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-11 18:58:36 +02:00
Brennan Kinney ad8b618b46
fix: Ensure files are committed with eol=lf via .gitattributes (#3527)
* chore: Use `.yml` extension

Both of these files support the `.yml` extension. Normalize on that.

* fix: Add `.gitattributes` to ensure `LF` line-endings are committed

Avoids accidentally committing files with `CRLF` when they're created on Windows. Or worse, if some editors don't detect `LF` and would introduce mixed line-endings with `CRLF`.

Shouldn't be a problem in practice as we already have a linting check to catch this via CI during PRs. This file is complimentary, in that it should automate that concern away.
2023-09-09 09:35:57 +12:00
Milas Bowman 20241691b8
docs: Fix IPv6 example for Compose (#3531)
The subnet must be specified as part of `ipam.configs`.

This was unfortunately slightly incorrect due to a mistake in the official Docker docs being propagated, which has since been fixed upstream.

Refer to the official Compose Spec for more details:
 * https://docs.docker.com/compose/compose-file/06-networks/#ipam
2023-09-08 10:35:08 +12:00
dependabot[bot] c5420530b7
chore(deps): Bump actions/checkout from 3 to 4 (#3525)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-04 17:07:38 +02:00
Brennan Kinney ed84dca147
chore: LDAP config improvements (#3522)
* chore: Drop management of `SASLAUTHD_*` ENV

- `variables-stack.sh` does not need to manage all these extra ENV or store them. They're not used anywhere else.
- `saslauthd.sh` is the only consumer of these ENV which are effectively direct key/value mappings, with some defaults provided / inherited.

Instead of trying to conditionally support key/value pairs when ENV is set, we could instead use `sed` to delete lines with empty values.

* chore: Drop fallbacks + update configs to match docs

- Drop deprecated support:
  - `DOVECOT_HOSTS` is an ENV deprecated since v10.
  - Fallback for missing URI scheme introduced for Dovecot and SASLAuthd in v10.
  - Adding error log message when no LDAP URI scheme is detected for the supported ENV (when set).
- Docs updated for ENV to reflect the mandatory requirement. `mailserver.env` partially synced equivalent sections.
- Provided base LDAP configs (for overriding) likewise updated from `domain.com` to `example.com`.
- LDAP test updated for required `ldap://` URI scheme. Common ENV shared across LDAP configs hoisted out of the Postfix group.

* chore: Remove unset lines in generated `saslauthd.conf`
2023-09-02 22:07:02 +12:00
Casper 9578aa874f
tests: add tests for helper function _add_to_or_update_postfix_main() (#3505) 2023-09-01 23:54:38 +12:00
René Plötz 3d5f6aeec4
docs: Add documentation for iOS mail push support (#3513)
* Add documentation for iOS mail push support

---------

Signed-off-by: René Plötz <reneploetz@users.noreply.github.com>
2023-08-30 09:40:54 +12:00
Brennan Kinney e025e4c696
tests: Revise LDAP config + setup (#3514)
* chore: Use  white-space in query filters to improve readability

* tests: LDAP ENV query filters documented

- These filters remain roughly the same as they were before. The conditions are the same, but restructured to make the complimentary constraints more separated from the actual target attribtues.
- The DOMAIN query additionally includes the `mailAlias` from `PostfixBookMailAccount` class as well.
- Heavy inline documentation breaking down how the filters work for any maintainer to reference. This will likely be migrated after revision into our user docs for LDAP. Some quirks have also been noted with advice for future changes.

* tests: LDAP - Support test-case specific containers

A bit more complicated than other test files due to the larger ENV config array that most containers may need to share.

Example introduced with the test-case checking custom config file support.

* tests: Adjust LDAP test configs

- Paths for `.ldif` files used with volumes shortened
- Postfix LDAP `.cf` files adjusted to conventions used in LDAP tests.
2023-08-29 23:52:06 +12:00
Brennan Kinney 19b72aead3
docs: Update docs builder image (#3516)
- Bump to release `9.2.x`
- Image now has `MAJOR.MINOR` tag support to pull latest `PATCH` versions.
2023-08-29 23:33:39 +12:00
Brennan Kinney 9446fa9b9a
chore: Adapt ENABLE_LDAP=1 to ACCOUNT_PROVISIONER=LDAP (#3507)
- Deprecation startup script check is kept for `ENABLE_LDAP=1` but adjusted to emit an error instead. It can be dropped in a future release. Just a precaution for those who mistakenly update (_possibly via automation_) without checking the release notes, an error log is somewhat helpful, although it could alternatively panic?
- Docs updated to remove the `ENABLE_LDAP=1` usage
- ENV docs updated to reference a maintained LDAP image.
- Changelog includes the breaking change, and slight revision to prior release mention of deprecation.
2023-08-29 10:19:03 +12:00
Brennan Kinney 351ef2afa1
tests: LDAP - Improvements to LDIF (#3506)
- The `uniqueIdentifier` attribute is not appropriate and was relying on `objectClass: extensibleObject` as a workaround to allow it. A more appropriate attribute to use instead is `userID` (_short name: `uid`_).
- Removing `extensibleObject` now requires switching the user accounts to use `inetOrgPerson` class (_which inherits from `organizationalPerson`_). which allows the attributes `givenName`, `userID` and `mail` (_also provided via the `PostfixBookMailAccount` class_).
- The LDAP root object now uses `dc` attributes for `example.test` instead of `localhost.localdomain`. This has nothing to do with DMS or LDAP containers networking config, nor the users mail addresses.
- Users are now grouped under the organizational unit of `users` instead of `people`. Purely a naming change out of preference, no functional difference.

The LDAP test ENV has been updated to accommodate the above changes. An additional ENV override was required for SASLAuthd to switch an attribute set for `ldap_filter` in `/etc/saslauthd.conf` from the implicit default of `uniqueIdentifier` (_that we set during startup as an ENV default for fallback_) to the `userID` attribute.
2023-08-29 10:16:08 +12:00
Brennan Kinney e9f04cf8a7
chore: Change setup config dkim default key size to 2048 (open-dkim) (#3508)
* chore: Adjust default DKIM size (`open-dkim`) from 4096-bit to 2048-bit

4096-bit is excessive in size for DKIM key. 2048-bit is plenty.

* chore: Additional revisions to `open-dkim` command help output

- The examples use `keysize 2048`, but as that's the new default it makes sense to change that.
- Other help text was also revised.
- Last example for domains did not need to demonstrate the other options. Changed example domains to more appropriate values.

* docs: Revise DKIM docs

Primarily for the change in default key size, but does revise some text to better communicate to the user.
- While the referenced RFC advises 512-bit to 2048-bit key size, we now explicitly discourage `512-bit` as it's not secure. `1024-bit` is still likely safe for most, but `2048-bit` is a good default for those not rotating their keys.
- Adjusted the domains example to match the new `setup config dkim domain` domains example.
- Tip for changing default key size changed to "info" with added clarity of lowering security or increasing it (excessively).
- Rspamd section is minor formatting changes, with the exception of clarifying the "main domain" for the mail accounts is assumed as the DMS FQDN with any subdomain (like `mail.`) stripped away. This is not great, but a legacy issue that needs to be addressed in future.
- `docs-rspamd-override-d` ref removed, and usage replaced with equivalent ref `docs-rspamd-config-dropin`, while `docs-rspamd-config-declarative` ref was not in use and also removed.
- Revised the `<selector>.txt` DNS formatting info section to better communicate with the reader. Additionally it had mixed usage of default `mail` and custom `dkim-rsa` selectors (_file content and output_).

* docs: Sync DKIM commands help messages and update DKIM docs for LDAP

- Adopt the help options format style from the `rspamd-dkim` into `open-dkim` command. And convert `./setup.sh` to `setup`. `selector` option has been implemented. for a while now.
- Update `rspamd-dkim` examples help output to align with `open-dkim` command examples.
- Give both DKIM command tools a consistent description. The two tools differ in support for the `domain` option (_implicit domain sourcing for default account provisioner, and support for multiple domains as input_).
- DKIM docs for LDAP domain support revised to better communicate when explicit domain config is necessary.

* tests: Adjust test-cases for `setup config dkim` change

`rspamd_dkim.bats`:
- Update assert for command help output.
- Don't bother creating a DKIM key at 512-bit size.

`setup_cli.bats`:
- Update assert for command help output of the `setup config dkim` (OpenDKIM) command.

* docs: Update DKIM section for large keys to newer RFC

The linked discussion from 2021 does mention this updated RFC over the original. That removes outdated advice about `512-bit` key length support.

The discussion link is still kept to reference a comment for the reader to better understand the security strength of 2048-bit RSA keys and why larger keys are not worthwhile, especially for DKIM.

* docs: Extract out common DKIM generation command from content tabs

Should be fine to be DRY here, not specific to `open-dkim` or `rspamd` generation/support. Previously rspamd lacked support of an equivalent command in DMS.

* docs: DKIM refactoring

- Shifted out the info admonition on key size advice out of the content tabs as it's now generic information.
- Indented the 4096-bit warning into this, which is less of a concern as the default for our DKIM generation tools is consistently 2048-bit now.
- Reworked the LDAP and Rspamd multi-domain advice. To avoid causing a bad diff, these sections haven't been moved/merged yet.

* docs: Revise DKIM docs

Advice for managing domains individually with LDAP and Rspamd extracted out of the content tabs. Default domain behaviour explained with extra info about OpenDKIM + FILE provisioner sourcing extra domains implicitly.
2023-08-29 09:40:02 +12:00
dependabot[bot] 855d9acb53
chore(deps): Bump docker/setup-buildx-action from 2.9.1 to 2.10.0 (#3511)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-28 19:33:05 +02:00
Casper 43a122fe18
scripts: add wrapper to update Postfix configuration safely (follow up) (#3503) 2023-08-28 09:40:24 +12:00
Brennan Kinney f89cbac21c
tests: TLS cipher suites - Update testssl.sh tag to 3.2 (#3504) 2023-08-27 23:44:53 +12:00
Brennan Kinney c8a0bfd361
ci: Fix question.yml template - value should be an attribute (#3502)
The recent change to this template was invalid, as `value` should have been nested under the `attributes` object.
2023-08-24 14:29:08 +02:00
Brennan Kinney af09db6648
ci: question.yml - Clarify that the issue tracker is not for personal support (#3498)
* ci: Revise `question.yml` to better clarify the issue tracker is not for support queries

Users have been making low effort reports (_bypassing the dedicated form_) through this alternative that is intended for addressing other concerns related to the project - not troubleshooting user problems.

When a user does not want to put the effort in of a full bug report (_and following our debug docs tips that it refers them to_), they should be using the Github Discussions page which provides the same free-form input, but should not require attention of project devs (contributors / maintainers).

---

The markdown rendered field above the "Description" input field didn't seem too relevant for this template. I've opted for a markdown comment (so it won't render if kept) into the input field with hopes that'll be more visible to the readers attention.

* chore: Fix typo
2023-08-23 16:56:24 +02:00
Brennan Kinney 39ae101266
tests: Change OpenLDAP image to bitnami/openldap (#3494)
**TL;DR:**
- New image is actively maintained vs existing one that is over 5 years old. 
- Slight improvement to LDAP tree config via `.ldif` files.
- No more `Dockerfile` required to build, we can just rely on `docker run`.

`osixia/openldap` has not seen any activity since Feb 2021, while our `Dockerfile` was fixed to v1.1.6` (Feb 2018).

Startup time for this new image is around 5 seconds? (_The LDAP test uses a standard 20 second timeout check to wait until the server is ready before continuing with starting the DMS image_).

This commit migrates to `bitnami/openldap` which required modifying the `01_mail-tree.ldif` to also include adding the root object to start successfully. This image is actively maintained and one of the most popular OpenLDAP images on DockerHub.

The user account `.ldif` files have minimal changes:
- Lines moved around for better organization
- Additional comments for context
- Removal of inherited `objectClass` attributes (`person`, `top`) from the `orgnizationalPerson` class. Attribute `sn` changed to long form `surname` and values corrected with `givenName`. `changetype: add` was also not necessary.

Additionally the image does not support the `.schema` format, they must be converted to `.ldif` which has been done for `postfix-book.schema`.

See PR for more details.
2023-08-22 21:38:25 +12:00
Georg Lauterbach cf9eb8278a
scripts: add wrapper to update Postfix configuration safely (#3484)
The new function can

1. update/append
2. update/prepend
3. initialize if non-existent

options in `/etc/postfix/main.cf` in a safe and secure manner. When the
container is improperly restarted, the option is not applied twice.

---

Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-08-22 08:03:41 +00:00
HeySora 758fd9c913
Docs: Drop mention of port 25 support for authenticated submission (#3496)
* FAQ: Remove outdated port 25 for mail client use
2023-08-22 17:49:15 +12:00
dependabot[bot] 0dc862156f
chore(deps): Bump nwtgck/actions-netlify from 2.0 to 2.1 (#3495)
Bumps [nwtgck/actions-netlify](https://github.com/nwtgck/actions-netlify) from 2.0 to 2.1.
- [Release notes](https://github.com/nwtgck/actions-netlify/releases)
- [Changelog](https://github.com/nwtgck/actions-netlify/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/nwtgck/actions-netlify/compare/v2.0...v2.1)

---
updated-dependencies:
- dependency-name: nwtgck/actions-netlify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-22 10:30:10 +12:00
H4R0 bb2038e8c6
feat: Allow marking spam as read via a sieve filter (ENV MARK_SPAM_AS_READ=1) (#3489)
* add MARK_SPAM_AS_READ environment variable

* review changes

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>

* update unit test

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-08-21 10:32:26 +12:00
Brennan Kinney 5bada0a83b
tests: Refactor LDAP tests to current conventions (#3483)
* tests: Switch to setup helper and conventions

* tests: Adapt run command to new conventions

- We have two helper methods with implicit `CONTAINER_NAME` reference, which is a bit more DRY and improves readability.
- `wc -l` + `assert_output 1` converted to use helper `_should_output_number_of_lines 1`
- `DOMAIN` var changed from `my-domain.com` to local testing domain `example.test`.

* tests: Refactor `setup_file()`

- Test wide ENV defined at the top
- OpenLDAP build and run logic grouped together. Added notes, network alias and tty not required.
- Extracted out special LDAP Postfix/Dovecot ENV into separate array. LDAP specific provisioning / auth ENV also included, with comments + linebreak to better group related ENV.
- Likewise additional ENV to support test cases has been extracted to a separate array with additional comments for context.
- Those two arrays are expanded back into the main `CUSTOM_SETUP_ARGUMENTS` that configure hostname and network for the DMS container.

* tests: Refactor the LDAP account table query testcase

- Covers 3 accounts to test from LDAP.
  - 2 are the same query against users/aliases/groups tables in Postfix, only differing by account queried (and expected as returned result).
  - 1 separate test to ensure a difference in config is supported correctly.
- Extracted repeated test logic into a helper method.
- Added additional context in comments about the creation source of these LDAP accounts and their related Postfix config / interaction. Direct reference to special case PR (since `git blame` will be less useful).

* tests: Use iteration for `grep` setting checks

More DRY approach. With a bit more helpful failure context via `assert_output` (_and only grepping the key_). Simpler to grok what's being covered.

* tests: DRY test email delivery

A bit more verbose with the new helper method. `test-email.txt` template is only used by the LDAP test, as is the `sendmail` command.

Helper will take two args to support the testcases, but at a later date should be refactored to be consistent with the `_send_email()` helper (_which presently uses `nc` that is required for plain-text mail/auth, otherwise we'd have used `openssl`, bigger refactor required_).

* tests: Slight revisions and relocating testcases

- Dovecot quota plugin testcase revised to check files exist instead of rely on `ls` failure.
- Moved Postfix quota plugin testcase into prior dovecot testcase for quota plugin check. Better error output by only querying the `smtpd_recipient_restrictions` setting (_which should be the only one configured for the service_).
- Moved the saslauthd and pflogsumm testcases (_no changes beyond revised comments_) above the `ATTENTION` comment, and one testcase below the comment that belonged to that group.

* tests: Simplify openldap `docker build` command

- `--no-cache` was creating a new image on the Docker host each time the test is run. Shouldn't be any need to build without cache.
- No need to use `pushd` + `popd`, can just provide the path context directly, and the `./Dockerfile` is an implicit default thus `-f` not required either.

Additionally removed the old `checking` prefix from testcase names.

* tests: Move LDAP specific config into `test/config/ldap/`

- No changes to any of these config files, just better isolation as not relevant to any other tests.
- Section heading in `setup_file()` added to distinguish the remainder of the function is dedicated to the DMS container setup.
- Comment providing some context about the `mv` to maintainers, this should be done after defaults are initialized but before starting up the container.

* chore: Appease the lint gods

* Apply suggestions from code review
2023-08-17 14:33:34 +12:00
Casper 8f97171336
compose.yaml: Add comment about disabled authentication on port 25 (#3464)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2023-08-14 01:58:54 +02:00
Georg Lauterbach f28fce9cc4
rspamd: disable checks for authenticated users (#3440)
Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: William Desportes <williamdes@wdes.fr>
2023-08-08 10:43:21 +02:00
Georg Lauterbach b001f5a140
Rspamd: local network addition and user name mismatch (#3453) 2023-08-04 13:45:35 +02:00
Nils Höll 85603193a2
feat(setup): Add fail2ban sub-command status <JAIL> (#3455)
* Added status command to fail2ban setup script

* Switched to `printf` for command output

Co-authored-by: Casper <casperklein@users.noreply.github.com>

* Update docs/content/config/security/fail2ban.md

Co-authored-by: Casper <casperklein@users.noreply.github.com>

---------

Co-authored-by: Casper <casperklein@users.noreply.github.com>
2023-08-02 12:09:01 +12:00